1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_CONFIG_MACRO_DIR([m4]) 18AC_CONFIG_SRCDIR([ssh.c]) 19 20# Check for stale configure as early as possible. 21for i in $srcdir/configure.ac $srcdir/m4/*.m4; do 22 if test "$i" -nt "$srcdir/configure"; then 23 AC_MSG_ERROR([$i newer than configure, run autoreconf]) 24 fi 25done 26 27AC_LANG([C]) 28 29AC_CONFIG_HEADERS([config.h]) 30AC_PROG_CC([cc gcc clang]) 31 32# XXX relax this after reimplementing logit() etc. 33AC_MSG_CHECKING([if $CC supports C99-style variadic macros]) 34AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 35int f(int a, int b, int c) { return a + b + c; } 36#define F(a, ...) f(a, __VA_ARGS__) 37]], [[return F(1, 2, -3);]])], 38 [ AC_MSG_RESULT([yes]) ], 39 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ] 40) 41 42AC_CANONICAL_HOST 43AC_C_BIGENDIAN 44 45# Checks for programs. 46AC_PROG_AWK 47AC_PROG_CPP 48AC_PROG_RANLIB 49AC_PROG_INSTALL 50AC_PROG_EGREP 51AC_PROG_MKDIR_P 52AC_CHECK_TOOLS([AR], [ar]) 53AC_PATH_PROG([CAT], [cat]) 54AC_PATH_PROG([KILL], [kill]) 55AC_PATH_PROG([SED], [sed]) 56AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 57AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 58AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 59AC_PATH_PROG([SH], [bash]) 60AC_PATH_PROG([SH], [ksh]) 61AC_PATH_PROG([SH], [sh]) 62AC_PATH_PROG([GROFF], [groff]) 63AC_PATH_PROG([NROFF], [nroff awf]) 64AC_PATH_PROG([MANDOC], [mandoc]) 65AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 66AC_SUBST([TEST_SHELL], [sh]) 67 68dnl select manpage formatter to be used to build "cat" format pages. 69if test "x$MANDOC" != "x" ; then 70 MANFMT="$MANDOC" 71elif test "x$NROFF" != "x" ; then 72 MANFMT="$NROFF -mandoc" 73elif test "x$GROFF" != "x" ; then 74 MANFMT="$GROFF -mandoc -Tascii" 75else 76 AC_MSG_WARN([no manpage formatter found]) 77 MANFMT="false" 78fi 79AC_SUBST([MANFMT]) 80 81dnl for buildpkg.sh 82AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 83 [/usr/sbin${PATH_SEPARATOR}/etc]) 84AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 85 [/usr/sbin${PATH_SEPARATOR}/etc]) 86AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 87if test -x /sbin/sh; then 88 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 89else 90 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 91fi 92 93# System features 94AC_SYS_LARGEFILE 95 96if test -z "$AR" ; then 97 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 98fi 99 100AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 101if test ! -z "$PATH_PASSWD_PROG" ; then 102 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 103 [Full path of your "passwd" program]) 104fi 105 106dnl Since autoconf doesn't support it very well, we no longer allow users to 107dnl override LD, however keeping the hook here for now in case there's a use 108dnl use case we overlooked and someone needs to re-enable it. Unless a good 109dnl reason is found we'll be removing this in future. 110LD="$CC" 111AC_SUBST([LD]) 112 113AC_C_INLINE 114 115AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 116AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 117AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 118 #include <sys/types.h> 119 #include <sys/param.h> 120 #include <dev/systrace.h> 121]) 122AC_CHECK_DECL([RLIMIT_NPROC], 123 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 124 #include <sys/types.h> 125 #include <sys/resource.h> 126]) 127AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 128 #include <sys/types.h> 129 #include <linux/prctl.h> 130]) 131 132openssl=yes 133openssl_bin=openssl 134AC_ARG_WITH([openssl], 135 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 136 [ if test "x$withval" = "xno" ; then 137 openssl=no 138 openssl_bin="" 139 fi 140 ] 141) 142AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 143if test "x$openssl" = "xyes" ; then 144 AC_MSG_RESULT([yes]) 145 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 146else 147 AC_MSG_RESULT([no]) 148fi 149 150use_stack_protector=1 151use_toolchain_hardening=1 152AC_ARG_WITH([stackprotect], 153 [ --without-stackprotect Don't use compiler's stack protection], [ 154 if test "x$withval" = "xno"; then 155 use_stack_protector=0 156 fi ]) 157AC_ARG_WITH([hardening], 158 [ --without-hardening Don't use toolchain hardening flags], [ 159 if test "x$withval" = "xno"; then 160 use_toolchain_hardening=0 161 fi ]) 162 163# We use -Werror for the tests only so that we catch warnings like "this is 164# on by default" for things like -fPIE. 165AC_MSG_CHECKING([if $CC supports -Werror]) 166saved_CFLAGS="$CFLAGS" 167CFLAGS="$CFLAGS -Werror" 168AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 169 [ AC_MSG_RESULT([yes]) 170 WERROR="-Werror"], 171 [ AC_MSG_RESULT([no]) 172 WERROR="" ] 173) 174CFLAGS="$saved_CFLAGS" 175 176if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 177 AC_MSG_CHECKING([gcc version]) 178 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 179 case "$GCC_VER" in 180 1.*) no_attrib_nonnull=1 ;; 181 2.8* | 2.9*) 182 no_attrib_nonnull=1 183 ;; 184 2.*) no_attrib_nonnull=1 ;; 185 *) ;; 186 esac 187 AC_MSG_RESULT([$GCC_VER]) 188 189 AC_MSG_CHECKING([clang version]) 190 ver="`$CC -v 2>&1`" 191 if echo "$ver" | grep "Apple" >/dev/null; then 192 CLANG_VER="apple-`echo "$ver" | \ 193 awk '/Apple LLVM/ {print $4"-"$5}'`" 194 else 195 CLANG_VER=`echo "$ver" | $AWK '/clang version /{print $3}'` 196 fi 197 AC_MSG_RESULT([$CLANG_VER]) 198 199 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 200 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 201 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 202 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 203 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 204 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 205 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 206 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 207 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 208 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 209 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 210 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 211 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 212 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 213 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 214 OSSH_CHECK_CFLAG_COMPILE([-Wmisleading-indentation]) 215 OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical]) 216 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 217 if test "x$use_toolchain_hardening" = "x1"; then 218 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 219 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 220 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 221 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 222 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 223 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 224 # NB. -ftrapv expects certain support functions to be present in 225 # the compiler library (libgcc or similar) to detect integer operations 226 # that can overflow. We must check that the result of enabling it 227 # actually links. The test program compiled/linked includes a number 228 # of integer operations that should exercise this. 229 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 230 # clang 15 seems to have a bug in -fzero-call-used-regs=all. See 231 # https://bugzilla.mindrot.org/show_bug.cgi?id=3475 and 232 # https://github.com/llvm/llvm-project/issues/59242 233 case "$CLANG_VER" in 234 15.*|apple*) OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=used]) ;; 235 *) OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=all]) ;; 236 esac 237 OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero]) 238 fi 239 240 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 241 saved_CFLAGS="$CFLAGS" 242 CFLAGS="$CFLAGS -fno-builtin-memset" 243 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 244 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 245 [ AC_MSG_RESULT([yes]) ], 246 [ AC_MSG_RESULT([no]) 247 CFLAGS="$saved_CFLAGS" ] 248 ) 249 250 # -fstack-protector-all doesn't always work for some GCC versions 251 # and/or platforms, so we test if we can. If it's not supported 252 # on a given platform gcc will emit a warning so we use -Werror. 253 if test "x$use_stack_protector" = "x1"; then 254 for t in -fstack-protector-strong -fstack-protector-all \ 255 -fstack-protector; do 256 AC_MSG_CHECKING([if $CC supports $t]) 257 saved_CFLAGS="$CFLAGS" 258 saved_LDFLAGS="$LDFLAGS" 259 CFLAGS="$CFLAGS $t -Werror" 260 LDFLAGS="$LDFLAGS $t -Werror" 261 AC_LINK_IFELSE( 262 [AC_LANG_PROGRAM([[ 263 #include <stdio.h> 264 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 265 ]], 266 [[ 267 char x[256]; 268 snprintf(x, sizeof(x), "XXX%d", func(1)); 269 ]])], 270 [ AC_MSG_RESULT([yes]) 271 CFLAGS="$saved_CFLAGS $t" 272 LDFLAGS="$saved_LDFLAGS $t" 273 AC_MSG_CHECKING([if $t works]) 274 AC_RUN_IFELSE( 275 [AC_LANG_PROGRAM([[ 276 #include <stdio.h> 277 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 278 ]], 279 [[ 280 char x[256]; 281 snprintf(x, sizeof(x), "XXX%d", func(1)); 282 ]])], 283 [ AC_MSG_RESULT([yes]) 284 break ], 285 [ AC_MSG_RESULT([no]) ], 286 [ AC_MSG_WARN([cross compiling: cannot test]) 287 break ] 288 ) 289 ], 290 [ AC_MSG_RESULT([no]) ] 291 ) 292 CFLAGS="$saved_CFLAGS" 293 LDFLAGS="$saved_LDFLAGS" 294 done 295 fi 296 297 if test -z "$have_llong_max"; then 298 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 299 unset ac_cv_have_decl_LLONG_MAX 300 saved_CFLAGS="$CFLAGS" 301 CFLAGS="$CFLAGS -std=gnu99" 302 AC_CHECK_DECL([LLONG_MAX], 303 [have_llong_max=1], 304 [CFLAGS="$saved_CFLAGS"], 305 [#include <limits.h>] 306 ) 307 fi 308fi 309 310AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 311AC_COMPILE_IFELSE( 312 [AC_LANG_PROGRAM([[ 313#include <stdlib.h> 314__attribute__((__unused__)) static void foo(void){return;}]], 315 [[ exit(0); ]])], 316 [ AC_MSG_RESULT([yes]) ], 317 [ AC_MSG_RESULT([no]) 318 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 319 [compiler does not accept __attribute__ on return types]) ] 320) 321 322AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 323AC_COMPILE_IFELSE( 324 [AC_LANG_PROGRAM([[ 325#include <stdlib.h> 326typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 327 [[ exit(0); ]])], 328 [ AC_MSG_RESULT([yes]) ], 329 [ AC_MSG_RESULT([no]) 330 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 331 [compiler does not accept __attribute__ on prototype args]) ] 332) 333 334AC_MSG_CHECKING([if compiler supports variable length arrays]) 335AC_COMPILE_IFELSE( 336 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 337 [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])], 338 [ AC_MSG_RESULT([yes]) 339 AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1], 340 [compiler supports variable length arrays]) ], 341 [ AC_MSG_RESULT([no]) ] 342) 343 344AC_MSG_CHECKING([if compiler accepts variable declarations after code]) 345AC_COMPILE_IFELSE( 346 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 347 [[ int a; a = 1; int b = 1; exit(a-b); ]])], 348 [ AC_MSG_RESULT([yes]) 349 AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1], 350 [compiler variable declarations after code]) ], 351 [ AC_MSG_RESULT([no]) ] 352) 353 354if test "x$no_attrib_nonnull" != "x1" ; then 355 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 356fi 357 358AC_ARG_WITH([rpath], 359 [ --without-rpath Disable auto-added -R linker paths], 360 [ 361 if test "x$withval" = "xno" ; then 362 rpath_opt="" 363 elif test "x$withval" = "xyes" ; then 364 rpath_opt="-R" 365 else 366 rpath_opt="$withval" 367 fi 368 ] 369) 370 371# Allow user to specify flags 372AC_ARG_WITH([cflags], 373 [ --with-cflags Specify additional flags to pass to compiler], 374 [ 375 if test -n "$withval" && test "x$withval" != "xno" && \ 376 test "x${withval}" != "xyes"; then 377 CFLAGS="$CFLAGS $withval" 378 fi 379 ] 380) 381 382AC_ARG_WITH([cflags-after], 383 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 384 [ 385 if test -n "$withval" && test "x$withval" != "xno" && \ 386 test "x${withval}" != "xyes"; then 387 CFLAGS_AFTER="$withval" 388 fi 389 ] 390) 391AC_ARG_WITH([cppflags], 392 [ --with-cppflags Specify additional flags to pass to preprocessor] , 393 [ 394 if test -n "$withval" && test "x$withval" != "xno" && \ 395 test "x${withval}" != "xyes"; then 396 CPPFLAGS="$CPPFLAGS $withval" 397 fi 398 ] 399) 400AC_ARG_WITH([ldflags], 401 [ --with-ldflags Specify additional flags to pass to linker], 402 [ 403 if test -n "$withval" && test "x$withval" != "xno" && \ 404 test "x${withval}" != "xyes"; then 405 LDFLAGS="$LDFLAGS $withval" 406 fi 407 ] 408) 409AC_ARG_WITH([ldflags-after], 410 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 411 [ 412 if test -n "$withval" && test "x$withval" != "xno" && \ 413 test "x${withval}" != "xyes"; then 414 LDFLAGS_AFTER="$withval" 415 fi 416 ] 417) 418AC_ARG_WITH([libs], 419 [ --with-libs Specify additional libraries to link with], 420 [ 421 if test -n "$withval" && test "x$withval" != "xno" && \ 422 test "x${withval}" != "xyes"; then 423 LIBS="$LIBS $withval" 424 fi 425 ] 426) 427AC_ARG_WITH([Werror], 428 [ --with-Werror Build main code with -Werror], 429 [ 430 if test -n "$withval" && test "x$withval" != "xno"; then 431 werror_flags="-Werror" 432 if test "x${withval}" != "xyes"; then 433 werror_flags="$withval" 434 fi 435 fi 436 ] 437) 438 439dnl On some old platforms, sys/stat.h requires sys/types.h, but autoconf-2.71's 440dnl AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order. If we 441dnl haven't detected it, recheck. 442if test "x$ac_cv_header_sys_stat_h" != "xyes"; then 443 unset ac_cv_header_sys_stat_h 444 AC_CHECK_HEADERS([sys/stat.h]) 445fi 446 447AC_CHECK_HEADERS([ \ 448 blf.h \ 449 bstring.h \ 450 crypt.h \ 451 crypto/sha2.h \ 452 dirent.h \ 453 endian.h \ 454 elf.h \ 455 err.h \ 456 features.h \ 457 fcntl.h \ 458 floatingpoint.h \ 459 fnmatch.h \ 460 getopt.h \ 461 glob.h \ 462 ia.h \ 463 iaf.h \ 464 ifaddrs.h \ 465 inttypes.h \ 466 langinfo.h \ 467 limits.h \ 468 locale.h \ 469 login.h \ 470 maillock.h \ 471 ndir.h \ 472 net/if_tun.h \ 473 netdb.h \ 474 netgroup.h \ 475 pam/pam_appl.h \ 476 paths.h \ 477 poll.h \ 478 pty.h \ 479 readpassphrase.h \ 480 rpc/types.h \ 481 security/pam_appl.h \ 482 sha2.h \ 483 shadow.h \ 484 stddef.h \ 485 stdint.h \ 486 string.h \ 487 strings.h \ 488 sys/bitypes.h \ 489 sys/byteorder.h \ 490 sys/bsdtty.h \ 491 sys/cdefs.h \ 492 sys/dir.h \ 493 sys/file.h \ 494 sys/mman.h \ 495 sys/label.h \ 496 sys/ndir.h \ 497 sys/param.h \ 498 sys/poll.h \ 499 sys/prctl.h \ 500 sys/procctl.h \ 501 sys/pstat.h \ 502 sys/ptrace.h \ 503 sys/random.h \ 504 sys/select.h \ 505 sys/stream.h \ 506 sys/stropts.h \ 507 sys/strtio.h \ 508 sys/statvfs.h \ 509 sys/sysmacros.h \ 510 sys/time.h \ 511 sys/timers.h \ 512 sys/vfs.h \ 513 time.h \ 514 tmpdir.h \ 515 ttyent.h \ 516 ucred.h \ 517 unistd.h \ 518 usersec.h \ 519 util.h \ 520 utime.h \ 521 utmp.h \ 522 utmpx.h \ 523 vis.h \ 524 wchar.h \ 525]) 526 527# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 528# to be included first. 529AC_CHECK_HEADERS([sys/audit.h], [], [], [ 530#ifdef HAVE_SYS_TIME_H 531# include <sys/time.h> 532#endif 533#ifdef HAVE_SYS_TYPES_H 534# include <sys/types.h> 535#endif 536#ifdef HAVE_SYS_LABEL_H 537# include <sys/label.h> 538#endif 539]) 540 541# sys/capsicum.h requires sys/types.h 542AC_CHECK_HEADERS([sys/capsicum.h capsicum_helpers.h], [], [], [ 543#ifdef HAVE_SYS_TYPES_H 544# include <sys/types.h> 545#endif 546]) 547 548AC_MSG_CHECKING([for caph_cache_tzdata]) 549AC_LINK_IFELSE( 550 [AC_LANG_PROGRAM([[ #include <capsicum_helpers.h> ]], 551 [[caph_cache_tzdata();]])], 552 [ 553 AC_MSG_RESULT([yes]) 554 AC_DEFINE([HAVE_CAPH_CACHE_TZDATA], [1], 555 [Define if you have caph_cache_tzdata]) 556 ], 557 [ AC_MSG_RESULT([no]) ] 558) 559 560# net/route.h requires sys/socket.h and sys/types.h. 561# sys/sysctl.h also requires sys/param.h 562AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 563#ifdef HAVE_SYS_TYPES_H 564# include <sys/types.h> 565#endif 566#include <sys/param.h> 567#include <sys/socket.h> 568]) 569 570# lastlog.h requires sys/time.h to be included first on Solaris 571AC_CHECK_HEADERS([lastlog.h], [], [], [ 572#ifdef HAVE_SYS_TIME_H 573# include <sys/time.h> 574#endif 575]) 576 577# sys/ptms.h requires sys/stream.h to be included first on Solaris 578AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 579#ifdef HAVE_SYS_STREAM_H 580# include <sys/stream.h> 581#endif 582]) 583 584# login_cap.h requires sys/types.h on NetBSD 585AC_CHECK_HEADERS([login_cap.h], [], [], [ 586#include <sys/types.h> 587]) 588 589# older BSDs need sys/param.h before sys/mount.h 590AC_CHECK_HEADERS([sys/mount.h], [], [], [ 591#include <sys/param.h> 592]) 593 594# Android requires sys/socket.h to be included before sys/un.h 595AC_CHECK_HEADERS([sys/un.h], [], [], [ 596#include <sys/types.h> 597#include <sys/socket.h> 598]) 599 600# Messages for features tested for in target-specific section 601SIA_MSG="no" 602SPC_MSG="no" 603SP_MSG="no" 604SPP_MSG="no" 605 606# Support for Solaris/Illumos privileges (this test is used by both 607# the --with-solaris-privs option and --with-sandbox=solaris). 608SOLARIS_PRIVS="no" 609 610# Check for some target-specific stuff 611case "$host" in 612*-*-aix*) 613 # Some versions of VAC won't allow macro redefinitions at 614 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 615 # particularly with older versions of vac or xlc. 616 # It also throws errors about null macro arguments, but these are 617 # not fatal. 618 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 619 AC_COMPILE_IFELSE( 620 [AC_LANG_PROGRAM([[ 621#define testmacro foo 622#define testmacro bar]], 623 [[ exit(0); ]])], 624 [ AC_MSG_RESULT([yes]) ], 625 [ AC_MSG_RESULT([no]) 626 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 627 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 628 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 629 ] 630 ) 631 632 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 633 if (test -z "$blibpath"); then 634 blibpath="/usr/lib:/lib" 635 fi 636 saved_LDFLAGS="$LDFLAGS" 637 if test "$GCC" = "yes"; then 638 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 639 else 640 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 641 fi 642 for tryflags in $flags ;do 643 if (test -z "$blibflags"); then 644 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 645 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 646 [blibflags=$tryflags], []) 647 fi 648 done 649 if (test -z "$blibflags"); then 650 AC_MSG_RESULT([not found]) 651 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 652 else 653 AC_MSG_RESULT([$blibflags]) 654 fi 655 LDFLAGS="$saved_LDFLAGS" 656 dnl Check for authenticate. Might be in libs.a on older AIXes 657 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 658 [Define if you want to enable AIX4's authenticate function])], 659 [AC_CHECK_LIB([s], [authenticate], 660 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 661 LIBS="$LIBS -ls" 662 ]) 663 ]) 664 dnl Check for various auth function declarations in headers. 665 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 666 passwdexpired, setauthdb], , , [#include <usersec.h>]) 667 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 668 AC_CHECK_DECLS([loginfailed], 669 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 670 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 671 [[ (void)loginfailed("user","host","tty",0); ]])], 672 [AC_MSG_RESULT([yes]) 673 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 674 [Define if your AIX loginfailed() function 675 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 676 ])], 677 [], 678 [#include <usersec.h>] 679 ) 680 AC_CHECK_FUNCS([getgrset setauthdb]) 681 AC_CHECK_DECL([F_CLOSEM], 682 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 683 [], 684 [ #include <limits.h> 685 #include <fcntl.h> ] 686 ) 687 check_for_aix_broken_getaddrinfo=1 688 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 689 [Define if your platform breaks doing a seteuid before a setuid]) 690 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 691 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 692 dnl AIX handles lastlog as part of its login message 693 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 694 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 695 [Some systems need a utmpx entry for /bin/login to work]) 696 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 697 [Define to a Set Process Title type if your system is 698 supported by bsd-setproctitle.c]) 699 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 700 [AIX 5.2 and 5.3 (and presumably newer) require this]) 701 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 702 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 703 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 704 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 705 ;; 706*-*-android*) 707 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 708 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 709 ;; 710*-*-cygwin*) 711 LIBS="$LIBS /usr/lib/textreadmode.o" 712 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 713 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 714 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 715 [Define to disable UID restoration test]) 716 AC_DEFINE([DISABLE_SHADOW], [1], 717 [Define if you want to disable shadow passwords]) 718 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 719 [Define if X11 doesn't support AF_UNIX sockets on that system]) 720 AC_DEFINE([DISABLE_FD_PASSING], [1], 721 [Define if your platform needs to skip post auth 722 file descriptor passing]) 723 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 724 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 725 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 726 # reasons which cause compile warnings, so we disable those warnings. 727 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 728 ;; 729*-*-dgux*) 730 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 731 [Define if your system choked on IP TOS setting]) 732 AC_DEFINE([SETEUID_BREAKS_SETUID]) 733 AC_DEFINE([BROKEN_SETREUID]) 734 AC_DEFINE([BROKEN_SETREGID]) 735 ;; 736*-*-darwin*) 737 use_pie=auto 738 AC_MSG_CHECKING([if we have working getaddrinfo]) 739 AC_RUN_IFELSE([AC_LANG_SOURCE([[ 740#include <mach-o/dyld.h> 741#include <stdlib.h> 742int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 743 exit(0); 744 else 745 exit(1); 746} 747 ]])], 748 [AC_MSG_RESULT([working])], 749 [AC_MSG_RESULT([buggy]) 750 AC_DEFINE([BROKEN_GETADDRINFO], [1], 751 [getaddrinfo is broken (if present)]) 752 ], 753 [AC_MSG_RESULT([assume it is working])]) 754 AC_DEFINE([SETEUID_BREAKS_SETUID]) 755 AC_DEFINE([BROKEN_SETREUID]) 756 AC_DEFINE([BROKEN_SETREGID]) 757 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 758 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 759 [Define if your resolver libs need this for getrrsetbyname]) 760 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 761 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 762 [Use tunnel device compatibility to OpenBSD]) 763 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 764 [Prepend the address family to IP tunnel traffic]) 765 m4_pattern_allow([AU_IPv]) 766 AC_CHECK_DECL([AU_IPv4], [], 767 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 768 [#include <bsm/audit.h>] 769 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 770 [Define if pututxline updates lastlog too]) 771 ) 772 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 773 [Define to a Set Process Title type if your system is 774 supported by bsd-setproctitle.c]) 775 AC_CHECK_FUNCS([sandbox_init]) 776 AC_CHECK_HEADERS([sandbox.h]) 777 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 778 SSHDLIBS="$SSHDLIBS -lsandbox" 779 ]) 780 # proc_pidinfo()-based closefrom() replacement. 781 AC_CHECK_HEADERS([libproc.h]) 782 AC_CHECK_FUNCS([proc_pidinfo]) 783 # poll(2) is broken for character-special devices (at least). 784 # cf. Apple bug 3710161 (not public, but searchable) 785 AC_DEFINE([BROKEN_POLL], [1], 786 [System poll(2) implementation is broken]) 787 ;; 788*-*-dragonfly*) 789 SSHDLIBS="$SSHDLIBS" 790 TEST_MALLOC_OPTIONS="AFGJPRX" 791 ;; 792*-*-haiku*) 793 LIBS="$LIBS -lbsd " 794 CFLAGS="$CFLAGS -D_BSD_SOURCE" 795 AC_CHECK_LIB([network], [socket]) 796 AC_DEFINE([HAVE_U_INT64_T]) 797 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 798 MANTYPE=man 799 ;; 800*-*-hpux*) 801 # first we define all of the options common to all HP-UX releases 802 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 803 IPADDR_IN_DISPLAY=yes 804 AC_DEFINE([USE_PIPES]) 805 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 806 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 807 [String used in /etc/passwd to denote locked account]) 808 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 809 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 810 maildir="/var/mail" 811 LIBS="$LIBS -lsec" 812 AC_CHECK_LIB([xnet], [t_error], , 813 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 814 815 # next, we define all of the options specific to major releases 816 case "$host" in 817 *-*-hpux10*) 818 if test -z "$GCC"; then 819 CFLAGS="$CFLAGS -Ae" 820 fi 821 AC_DEFINE([BROKEN_GETLINE], [1], [getline is not what we expect]) 822 ;; 823 *-*-hpux11*) 824 AC_DEFINE([PAM_SUN_CODEBASE], [1], 825 [Define if you are using Solaris-derived PAM which 826 passes pam_messages to the conversation function 827 with an extra level of indirection]) 828 AC_DEFINE([DISABLE_UTMP], [1], 829 [Define if you don't want to use utmp]) 830 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 831 check_for_hpux_broken_getaddrinfo=1 832 check_for_conflicting_getspnam=1 833 ;; 834 esac 835 836 # lastly, we define options specific to minor releases 837 case "$host" in 838 *-*-hpux10.26) 839 AC_DEFINE([HAVE_SECUREWARE], [1], 840 [Define if you have SecureWare-based 841 protected password database]) 842 disable_ptmx_check=yes 843 LIBS="$LIBS -lsecpw" 844 ;; 845 esac 846 ;; 847*-*-irix5*) 848 PATH="$PATH:/usr/etc" 849 AC_DEFINE([BROKEN_INET_NTOA], [1], 850 [Define if you system's inet_ntoa is busted 851 (e.g. Irix gcc issue)]) 852 AC_DEFINE([SETEUID_BREAKS_SETUID]) 853 AC_DEFINE([BROKEN_SETREUID]) 854 AC_DEFINE([BROKEN_SETREGID]) 855 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 856 [Define if you shouldn't strip 'tty' from your 857 ttyname in [uw]tmp]) 858 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 859 ;; 860*-*-irix6*) 861 PATH="$PATH:/usr/etc" 862 AC_DEFINE([WITH_IRIX_ARRAY], [1], 863 [Define if you have/want arrays 864 (cluster-wide session management, not C arrays)]) 865 AC_DEFINE([WITH_IRIX_PROJECT], [1], 866 [Define if you want IRIX project management]) 867 AC_DEFINE([WITH_IRIX_AUDIT], [1], 868 [Define if you want IRIX audit trails]) 869 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 870 [Define if you want IRIX kernel jobs])]) 871 AC_DEFINE([BROKEN_INET_NTOA]) 872 AC_DEFINE([SETEUID_BREAKS_SETUID]) 873 AC_DEFINE([BROKEN_SETREUID]) 874 AC_DEFINE([BROKEN_SETREGID]) 875 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 876 AC_DEFINE([WITH_ABBREV_NO_TTY]) 877 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 878 ;; 879*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 880 AC_DEFINE([PAM_TTY_KLUDGE]) 881 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 882 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 883 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 884 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 885 ;; 886*-*-linux*) 887 no_dev_ptmx=1 888 use_pie=auto 889 check_for_openpty_ctty_bug=1 890 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 891 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 892 dnl _GNU_SOURCE is needed for setres*id prototypes. 893 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE" 894 AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels]) 895 AC_DEFINE([PAM_TTY_KLUDGE], [1], 896 [Work around problematic Linux PAM modules handling of PAM_TTY]) 897 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 898 [String used in /etc/passwd to denote locked account]) 899 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 900 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 901 [Define to whatever link() returns for "not supported" 902 if it doesn't return EOPNOTSUPP.]) 903 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 904 AC_DEFINE([USE_BTMP]) 905 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 906 inet6_default_4in6=yes 907 case `uname -r` in 908 1.*|2.0.*) 909 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 910 [Define if cmsg_type is not passed correctly]) 911 ;; 912 esac 913 # tun(4) forwarding compat code 914 AC_CHECK_HEADERS([linux/if_tun.h]) 915 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 916 AC_DEFINE([SSH_TUN_LINUX], [1], 917 [Open tunnel devices the Linux tun/tap way]) 918 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 919 [Use tunnel device compatibility to OpenBSD]) 920 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 921 [Prepend the address family to IP tunnel traffic]) 922 fi 923 AC_CHECK_HEADER([linux/if.h], 924 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 925 [Support routing domains using Linux VRF]), [], [ 926#ifdef HAVE_SYS_TYPES_H 927# include <sys/types.h> 928#endif 929 ]) 930 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 931 [], [#include <linux/types.h>]) 932 # Obtain MIPS ABI 933 case "$host" in 934 mips*) 935 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 936#if _MIPS_SIM != _ABIO32 937#error 938#endif 939 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 940#if _MIPS_SIM != _ABIN32 941#error 942#endif 943 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 944#if _MIPS_SIM != _ABI64 945#error 946#endif 947 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 948 ]) 949 ]) 950 ]) 951 ;; 952 esac 953 AC_MSG_CHECKING([for seccomp architecture]) 954 seccomp_audit_arch= 955 case "$host" in 956 x86_64-*) 957 seccomp_audit_arch=AUDIT_ARCH_X86_64 958 ;; 959 i*86-*) 960 seccomp_audit_arch=AUDIT_ARCH_I386 961 ;; 962 arm*-*) 963 seccomp_audit_arch=AUDIT_ARCH_ARM 964 ;; 965 aarch64*-*) 966 seccomp_audit_arch=AUDIT_ARCH_AARCH64 967 ;; 968 s390x-*) 969 seccomp_audit_arch=AUDIT_ARCH_S390X 970 ;; 971 s390-*) 972 seccomp_audit_arch=AUDIT_ARCH_S390 973 ;; 974 powerpc-*) 975 seccomp_audit_arch=AUDIT_ARCH_PPC 976 ;; 977 powerpc64-*) 978 seccomp_audit_arch=AUDIT_ARCH_PPC64 979 ;; 980 powerpc64le-*) 981 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 982 ;; 983 mips-*) 984 seccomp_audit_arch=AUDIT_ARCH_MIPS 985 ;; 986 mipsel-*) 987 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 988 ;; 989 mips64-*) 990 case "$mips_abi" in 991 "n32") 992 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 993 ;; 994 "n64") 995 seccomp_audit_arch=AUDIT_ARCH_MIPS64 996 ;; 997 esac 998 ;; 999 mips64el-*) 1000 case "$mips_abi" in 1001 "n32") 1002 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 1003 ;; 1004 "n64") 1005 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 1006 ;; 1007 esac 1008 ;; 1009 riscv64-*) 1010 seccomp_audit_arch=AUDIT_ARCH_RISCV64 1011 ;; 1012 esac 1013 if test "x$seccomp_audit_arch" != "x" ; then 1014 AC_MSG_RESULT(["$seccomp_audit_arch"]) 1015 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 1016 [Specify the system call convention in use]) 1017 else 1018 AC_MSG_RESULT([architecture not supported]) 1019 fi 1020 ;; 1021*-*-minix) 1022 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1023 # poll(2) seems to choke on /dev/null; "Bad file descriptor" 1024 AC_DEFINE([BROKEN_POLL], [1], 1025 [System poll(2) implementation is broken]) 1026 ;; 1027mips-sony-bsd|mips-sony-newsos4) 1028 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 1029 SONY=1 1030 ;; 1031*-*-netbsd*) 1032 if test "x$withval" != "xno" ; then 1033 rpath_opt="-R" 1034 fi 1035 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 1036 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 1037 AC_CHECK_HEADER([net/if_tap.h], , 1038 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 1039 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 1040 [Prepend the address family to IP tunnel traffic]) 1041 TEST_MALLOC_OPTIONS="AJRX" 1042 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 1043 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 1044 ;; 1045*-*-freebsd*) 1046 SKIP_DISABLE_LASTLOG_DEFINE=yes 1047 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 1048 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 1049 AC_CHECK_HEADER([net/if_tap.h], , 1050 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 1051 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 1052 TEST_MALLOC_OPTIONS="AJRX" 1053 # Preauth crypto occasionally uses file descriptors for crypto offload 1054 # and will crash if they cannot be opened. 1055 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 1056 [define if setrlimit RLIMIT_NOFILE breaks things]) 1057 case "$host" in 1058 *-*-freebsd9.*|*-*-freebsd10.*) 1059 # Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable. 1060 disable_capsicum=yes 1061 esac 1062 ;; 1063*-*-bsdi*) 1064 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1065 AC_DEFINE([BROKEN_SETREUID]) 1066 AC_DEFINE([BROKEN_SETREGID]) 1067 ;; 1068*-next-*) 1069 conf_lastlog_location="/usr/adm/lastlog" 1070 conf_utmp_location=/etc/utmp 1071 conf_wtmp_location=/usr/adm/wtmp 1072 maildir=/usr/spool/mail 1073 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 1074 AC_DEFINE([USE_PIPES]) 1075 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 1076 ;; 1077*-*-openbsd*) 1078 use_pie=auto 1079 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 1080 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 1081 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 1082 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 1083 [syslog_r function is safe to use in in a signal handler]) 1084 TEST_MALLOC_OPTIONS="AFGJPRX" 1085 ;; 1086*-*-solaris*) 1087 if test "x$withval" != "xno" ; then 1088 rpath_opt="-R" 1089 fi 1090 AC_DEFINE([PAM_SUN_CODEBASE]) 1091 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 1092 AC_DEFINE([PAM_TTY_KLUDGE]) 1093 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 1094 [Define if pam_chauthtok wants real uid set 1095 to the unpriv'ed user]) 1096 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1097 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 1098 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 1099 [Define if sshd somehow reacquires a controlling TTY 1100 after setsid()]) 1101 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1102 in case the name is longer than 8 chars]) 1103 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1104 external_path_file=/etc/default/login 1105 # hardwire lastlog location (can't detect it on some versions) 1106 conf_lastlog_location="/var/adm/lastlog" 1107 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1108 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1109 if test "$sol2ver" -ge 8; then 1110 AC_MSG_RESULT([yes]) 1111 AC_DEFINE([DISABLE_UTMP]) 1112 AC_DEFINE([DISABLE_WTMP], [1], 1113 [Define if you don't want to use wtmp]) 1114 else 1115 AC_MSG_RESULT([no]) 1116 fi 1117 AC_CHECK_FUNCS([setpflags]) 1118 AC_CHECK_FUNCS([setppriv]) 1119 AC_CHECK_FUNCS([priv_basicset]) 1120 AC_CHECK_HEADERS([priv.h]) 1121 AC_ARG_WITH([solaris-contracts], 1122 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1123 [ 1124 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1125 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1126 [Define if you have Solaris process contracts]) 1127 LIBS="$LIBS -lcontract" 1128 SPC_MSG="yes" ], ) 1129 ], 1130 ) 1131 AC_ARG_WITH([solaris-projects], 1132 [ --with-solaris-projects Enable Solaris projects (experimental)], 1133 [ 1134 AC_CHECK_LIB([project], [setproject], 1135 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1136 [Define if you have Solaris projects]) 1137 LIBS="$LIBS -lproject" 1138 SP_MSG="yes" ], ) 1139 ], 1140 ) 1141 AC_ARG_WITH([solaris-privs], 1142 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1143 [ 1144 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1145 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1146 "x$ac_cv_header_priv_h" = "xyes" ; then 1147 SOLARIS_PRIVS=yes 1148 AC_MSG_RESULT([found]) 1149 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1150 [Define to disable UID restoration test]) 1151 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1152 [Define if you have Solaris privileges]) 1153 SPP_MSG="yes" 1154 else 1155 AC_MSG_RESULT([not found]) 1156 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1157 fi 1158 ], 1159 ) 1160 TEST_SHELL=$SHELL # let configure find us a capable shell 1161 ;; 1162*-*-sunos4*) 1163 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1164 AC_CHECK_FUNCS([getpwanam]) 1165 AC_DEFINE([PAM_SUN_CODEBASE]) 1166 conf_utmp_location=/etc/utmp 1167 conf_wtmp_location=/var/adm/wtmp 1168 conf_lastlog_location=/var/adm/lastlog 1169 AC_DEFINE([USE_PIPES]) 1170 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1171 ;; 1172*-ncr-sysv*) 1173 LIBS="$LIBS -lc89" 1174 AC_DEFINE([USE_PIPES]) 1175 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1176 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1177 AC_DEFINE([BROKEN_SETREUID]) 1178 AC_DEFINE([BROKEN_SETREGID]) 1179 ;; 1180*-sni-sysv*) 1181 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1182 AC_CHECK_LIB([dl], [dlsym], ,) 1183 # -lresolv needs to be at the end of LIBS or DNS lookups break 1184 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1185 IPADDR_IN_DISPLAY=yes 1186 AC_DEFINE([USE_PIPES]) 1187 AC_DEFINE([IP_TOS_IS_BROKEN]) 1188 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1189 AC_DEFINE([BROKEN_SETREUID]) 1190 AC_DEFINE([BROKEN_SETREGID]) 1191 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1192 external_path_file=/etc/default/login 1193 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1194 # Attention: always take care to bind libsocket and libnsl before libc, 1195 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1196 ;; 1197# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1198*-*-sysv4.2*) 1199 AC_DEFINE([USE_PIPES]) 1200 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1201 AC_DEFINE([BROKEN_SETREUID]) 1202 AC_DEFINE([BROKEN_SETREGID]) 1203 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1204 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1205 TEST_SHELL=$SHELL # let configure find us a capable shell 1206 ;; 1207# UnixWare 7.x, OpenUNIX 8 1208*-*-sysv5*) 1209 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1210 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1211 AC_DEFINE([USE_PIPES]) 1212 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1213 AC_DEFINE([BROKEN_GETADDRINFO]) 1214 AC_DEFINE([BROKEN_SETREUID]) 1215 AC_DEFINE([BROKEN_SETREGID]) 1216 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1217 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1218 TEST_SHELL=$SHELL # let configure find us a capable shell 1219 case "$host" in 1220 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1221 maildir=/var/spool/mail 1222 AC_DEFINE([BROKEN_UPDWTMPX]) 1223 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1224 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1225 ], , ) 1226 ;; 1227 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1228 ;; 1229 esac 1230 ;; 1231*-*-sysv*) 1232 ;; 1233# SCO UNIX and OEM versions of SCO UNIX 1234*-*-sco3.2v4*) 1235 AC_MSG_ERROR("This Platform is no longer supported.") 1236 ;; 1237# SCO OpenServer 5.x 1238*-*-sco3.2v5*) 1239 if test -z "$GCC"; then 1240 CFLAGS="$CFLAGS -belf" 1241 fi 1242 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1243 no_dev_ptmx=1 1244 AC_DEFINE([USE_PIPES]) 1245 AC_DEFINE([HAVE_SECUREWARE]) 1246 AC_DEFINE([DISABLE_SHADOW]) 1247 AC_DEFINE([DISABLE_FD_PASSING]) 1248 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1249 AC_DEFINE([BROKEN_GETADDRINFO]) 1250 AC_DEFINE([BROKEN_SETREUID]) 1251 AC_DEFINE([BROKEN_SETREGID]) 1252 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1253 AC_DEFINE([BROKEN_UPDWTMPX]) 1254 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1255 AC_CHECK_FUNCS([getluid setluid]) 1256 MANTYPE=man 1257 TEST_SHELL=$SHELL # let configure find us a capable shell 1258 SKIP_DISABLE_LASTLOG_DEFINE=yes 1259 ;; 1260*-dec-osf*) 1261 AC_MSG_CHECKING([for Digital Unix SIA]) 1262 no_osfsia="" 1263 AC_ARG_WITH([osfsia], 1264 [ --with-osfsia Enable Digital Unix SIA], 1265 [ 1266 if test "x$withval" = "xno" ; then 1267 AC_MSG_RESULT([disabled]) 1268 no_osfsia=1 1269 fi 1270 ], 1271 ) 1272 if test -z "$no_osfsia" ; then 1273 if test -f /etc/sia/matrix.conf; then 1274 AC_MSG_RESULT([yes]) 1275 AC_DEFINE([HAVE_OSF_SIA], [1], 1276 [Define if you have Digital Unix Security 1277 Integration Architecture]) 1278 AC_DEFINE([DISABLE_LOGIN], [1], 1279 [Define if you don't want to use your 1280 system's login() call]) 1281 AC_DEFINE([DISABLE_FD_PASSING]) 1282 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1283 SIA_MSG="yes" 1284 else 1285 AC_MSG_RESULT([no]) 1286 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1287 [String used in /etc/passwd to denote locked account]) 1288 fi 1289 fi 1290 AC_DEFINE([BROKEN_GETADDRINFO]) 1291 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1292 AC_DEFINE([BROKEN_SETREUID]) 1293 AC_DEFINE([BROKEN_SETREGID]) 1294 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1295 ;; 1296 1297*-*-nto-qnx*) 1298 AC_DEFINE([USE_PIPES]) 1299 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1300 AC_DEFINE([DISABLE_LASTLOG]) 1301 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1302 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1303 enable_etc_default_login=no # has incompatible /etc/default/login 1304 case "$host" in 1305 *-*-nto-qnx6*) 1306 AC_DEFINE([DISABLE_FD_PASSING]) 1307 ;; 1308 esac 1309 ;; 1310 1311*-*-ultrix*) 1312 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1313 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1314 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1315 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1316 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1317 # don't get a controlling tty. 1318 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1319 # On Ultrix some headers are not protected against multiple includes, 1320 # so we create wrappers and put it where the compiler will find it. 1321 AC_MSG_WARN([creating compat wrappers for headers]) 1322 mkdir -p netinet 1323 for header in netinet/ip.h netdb.h resolv.h; do 1324 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1325 cat >$header <<EOD 1326#ifndef _SSH_COMPAT_${name} 1327#define _SSH_COMPAT_${name} 1328#include "/usr/include/${header}" 1329#endif 1330EOD 1331 done 1332 ;; 1333 1334*-*-lynxos) 1335 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1336 AC_DEFINE([BROKEN_SETVBUF], [1], 1337 [LynxOS has broken setvbuf() implementation]) 1338 ;; 1339esac 1340 1341AC_MSG_CHECKING([compiler and flags for sanity]) 1342AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])], 1343 [ AC_MSG_RESULT([yes]) ], 1344 [ 1345 AC_MSG_RESULT([no]) 1346 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1347 ], 1348 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1349) 1350 1351dnl Checks for header files. 1352# Checks for libraries. 1353AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1354 1355dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1356AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1357 AC_CHECK_LIB([gen], [dirname], [ 1358 AC_CACHE_CHECK([for broken dirname], 1359 ac_cv_have_broken_dirname, [ 1360 save_LIBS="$LIBS" 1361 LIBS="$LIBS -lgen" 1362 AC_RUN_IFELSE( 1363 [AC_LANG_SOURCE([[ 1364#include <libgen.h> 1365#include <string.h> 1366#include <stdlib.h> 1367 1368int main(int argc, char **argv) { 1369 char *s, buf[32]; 1370 1371 strncpy(buf,"/etc", 32); 1372 s = dirname(buf); 1373 if (!s || strncmp(s, "/", 32) != 0) { 1374 exit(1); 1375 } else { 1376 exit(0); 1377 } 1378} 1379 ]])], 1380 [ ac_cv_have_broken_dirname="no" ], 1381 [ ac_cv_have_broken_dirname="yes" ], 1382 [ ac_cv_have_broken_dirname="no" ], 1383 ) 1384 LIBS="$save_LIBS" 1385 ]) 1386 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1387 LIBS="$LIBS -lgen" 1388 AC_DEFINE([HAVE_DIRNAME]) 1389 AC_CHECK_HEADERS([libgen.h]) 1390 fi 1391 ]) 1392]) 1393 1394AC_CHECK_FUNC([getspnam], , 1395 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1396AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1397 [Define if you have the basename function.])]) 1398 1399dnl zlib defaults to enabled 1400zlib=yes 1401AC_ARG_WITH([zlib], 1402 [ --with-zlib=PATH Use zlib in PATH], 1403 [ if test "x$withval" = "xno" ; then 1404 zlib=no 1405 elif test "x$withval" != "xyes"; then 1406 if test -d "$withval/lib"; then 1407 if test -n "${rpath_opt}"; then 1408 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1409 else 1410 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1411 fi 1412 else 1413 if test -n "${rpath_opt}"; then 1414 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1415 else 1416 LDFLAGS="-L${withval} ${LDFLAGS}" 1417 fi 1418 fi 1419 if test -d "$withval/include"; then 1420 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1421 else 1422 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1423 fi 1424 fi ] 1425) 1426 1427# These libraries are needed for anything that links in the channel code. 1428CHANNELLIBS="" 1429AC_MSG_CHECKING([for zlib]) 1430if test "x${zlib}" = "xno"; then 1431 AC_MSG_RESULT([no]) 1432else 1433 saved_LIBS="$LIBS" 1434 CHANNELLIBS="$CHANNELLIBS -lz" 1435 AC_MSG_RESULT([yes]) 1436 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1437 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1438 AC_CHECK_LIB([z], [deflate], [], 1439 [ 1440 saved_CPPFLAGS="$CPPFLAGS" 1441 saved_LDFLAGS="$LDFLAGS" 1442 dnl Check default zlib install dir 1443 if test -n "${rpath_opt}"; then 1444 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1445 else 1446 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1447 fi 1448 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1449 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1450 [ 1451 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1452 ] 1453 ) 1454 ] 1455 ) 1456 1457 AC_ARG_WITH([zlib-version-check], 1458 [ --without-zlib-version-check Disable zlib version check], 1459 [ if test "x$withval" = "xno" ; then 1460 zlib_check_nonfatal=1 1461 fi 1462 ] 1463 ) 1464 1465 AC_MSG_CHECKING([for possibly buggy zlib]) 1466 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1467#include <stdio.h> 1468#include <stdlib.h> 1469#include <zlib.h> 1470 ]], 1471 [[ 1472 int a=0, b=0, c=0, d=0, n, v; 1473 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1474 if (n < 1) 1475 exit(1); 1476 v = a*1000000 + b*10000 + c*100 + d; 1477 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1478 1479 /* 1.1.4 is OK */ 1480 if (a == 1 && b == 1 && c >= 4) 1481 exit(0); 1482 1483 /* 1.2.3 and up are OK */ 1484 if (v >= 1020300) 1485 exit(0); 1486 1487 exit(2); 1488 ]])], 1489 AC_MSG_RESULT([no]), 1490 [ AC_MSG_RESULT([yes]) 1491 if test -z "$zlib_check_nonfatal" ; then 1492 AC_MSG_ERROR([*** zlib too old - check config.log *** 1493Your reported zlib version has known security problems. It's possible your 1494vendor has fixed these problems without changing the version number. If you 1495are sure this is the case, you can disable the check by running 1496"./configure --without-zlib-version-check". 1497If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1498See http://www.gzip.org/zlib/ for details.]) 1499 else 1500 AC_MSG_WARN([zlib version may have security problems]) 1501 fi 1502 ], 1503 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1504 ) 1505 LIBS="$saved_LIBS" 1506fi 1507 1508dnl UnixWare 2.x 1509AC_CHECK_FUNC([strcasecmp], 1510 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1511) 1512AC_CHECK_FUNCS([utimes], 1513 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1514 LIBS="$LIBS -lc89"]) ] 1515) 1516 1517dnl Checks for libutil functions 1518AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1519AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1520AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1521AC_SEARCH_LIBS([login], [util bsd]) 1522AC_SEARCH_LIBS([logout], [util bsd]) 1523AC_SEARCH_LIBS([logwtmp], [util bsd]) 1524AC_SEARCH_LIBS([openpty], [util bsd]) 1525AC_SEARCH_LIBS([updwtmp], [util bsd]) 1526AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1527 1528# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1529# or libnsl. 1530AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1531AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1532 1533# Some Linux distribtions ship the BSD libc hashing functions in 1534# separate libraries. 1535AC_SEARCH_LIBS([SHA256Update], [md bsd]) 1536 1537# "Particular Function Checks" 1538# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1539AC_FUNC_STRFTIME 1540AC_FUNC_MALLOC 1541AC_FUNC_REALLOC 1542# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1543AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1544AC_RUN_IFELSE( 1545 [AC_LANG_PROGRAM( 1546 [[ #include <stdlib.h> ]], 1547 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1548 )], 1549 [ func_calloc_0_nonnull=yes ], 1550 [ func_calloc_0_nonnull=no ], 1551 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1552 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1553) 1554AC_MSG_RESULT([$func_calloc_0_nonnull]) 1555 1556if test "x$func_calloc_0_nonnull" = "xyes"; then 1557 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1558else 1559 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1560 AC_DEFINE(calloc, rpl_calloc, 1561 [Define to rpl_calloc if the replacement function should be used.]) 1562fi 1563 1564# Check for ALTDIRFUNC glob() extension 1565AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1566AC_EGREP_CPP([FOUNDIT], 1567 [ 1568 #include <glob.h> 1569 #ifdef GLOB_ALTDIRFUNC 1570 FOUNDIT 1571 #endif 1572 ], 1573 [ 1574 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1575 [Define if your system glob() function has 1576 the GLOB_ALTDIRFUNC extension]) 1577 AC_MSG_RESULT([yes]) 1578 ], 1579 [ 1580 AC_MSG_RESULT([no]) 1581 ] 1582) 1583 1584# Check for g.gl_matchc glob() extension 1585AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1586AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1587 [[ glob_t g; g.gl_matchc = 1; ]])], 1588 [ 1589 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1590 [Define if your system glob() function has 1591 gl_matchc options in glob_t]) 1592 AC_MSG_RESULT([yes]) 1593 ], [ 1594 AC_MSG_RESULT([no]) 1595]) 1596 1597# Check for g.gl_statv glob() extension 1598AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1599AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1600#ifndef GLOB_KEEPSTAT 1601#error "glob does not support GLOB_KEEPSTAT extension" 1602#endif 1603glob_t g; 1604g.gl_statv = NULL; 1605]])], 1606 [ 1607 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1608 [Define if your system glob() function has 1609 gl_statv options in glob_t]) 1610 AC_MSG_RESULT([yes]) 1611 ], [ 1612 AC_MSG_RESULT([no]) 1613 1614]) 1615 1616AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1617 1618AC_CHECK_DECL([VIS_ALL], , 1619 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1620 1621AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1622AC_RUN_IFELSE( 1623 [AC_LANG_PROGRAM([[ 1624#include <sys/types.h> 1625#include <dirent.h> 1626#include <stdlib.h> 1627 ]], 1628 [[ 1629 struct dirent d; 1630 exit(sizeof(d.d_name)<=sizeof(char)); 1631 ]])], 1632 [AC_MSG_RESULT([yes])], 1633 [ 1634 AC_MSG_RESULT([no]) 1635 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1636 [Define if your struct dirent expects you to 1637 allocate extra space for d_name]) 1638 ], 1639 [ 1640 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1641 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1642 ] 1643) 1644 1645AC_MSG_CHECKING([for /proc/pid/fd directory]) 1646if test -d "/proc/$$/fd" ; then 1647 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1648 AC_MSG_RESULT([yes]) 1649else 1650 AC_MSG_RESULT([no]) 1651fi 1652 1653# Check whether user wants TCP wrappers support 1654TCPW_MSG="no" 1655AC_ARG_WITH([tcp-wrappers], 1656 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1657 [ 1658 if test "x$withval" != "xno" ; then 1659 saved_LIBS="$LIBS" 1660 saved_LDFLAGS="$LDFLAGS" 1661 saved_CPPFLAGS="$CPPFLAGS" 1662 if test -n "${withval}" && \ 1663 test "x${withval}" != "xyes"; then 1664 if test -d "${withval}/lib"; then 1665 if test -n "${need_dash_r}"; then 1666 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1667 else 1668 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1669 fi 1670 else 1671 if test -n "${need_dash_r}"; then 1672 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1673 else 1674 LDFLAGS="-L${withval} ${LDFLAGS}" 1675 fi 1676 fi 1677 if test -d "${withval}/include"; then 1678 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1679 else 1680 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1681 fi 1682 fi 1683 LIBS="-lwrap $LIBS" 1684 AC_MSG_CHECKING([for libwrap]) 1685 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1686#include <sys/types.h> 1687#include <sys/socket.h> 1688#include <netinet/in.h> 1689#include <tcpd.h> 1690int deny_severity = 0, allow_severity = 0; 1691 ]], [[ 1692 hosts_access(0); 1693 ]])], [ 1694 AC_MSG_RESULT([yes]) 1695 AC_DEFINE([LIBWRAP], [1], 1696 [Define if you want 1697 TCP Wrappers support]) 1698 SSHDLIBS="$SSHDLIBS -lwrap" 1699 TCPW_MSG="yes" 1700 ], [ 1701 AC_MSG_ERROR([*** libwrap missing]) 1702 ]) 1703 LIBS="$saved_LIBS" 1704 fi 1705 ] 1706) 1707 1708# Check whether user wants to use ldns 1709LDNS_MSG="no" 1710AC_ARG_WITH(ldns, 1711 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1712 [ 1713 ldns="" 1714 if test "x$withval" = "xyes" ; then 1715 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1716 if test "x$LDNSCONFIG" = "xno"; then 1717 LIBS="-lldns $LIBS" 1718 ldns=yes 1719 else 1720 LIBS="$LIBS `$LDNSCONFIG --libs`" 1721 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1722 ldns=yes 1723 fi 1724 elif test "x$withval" != "xno" ; then 1725 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1726 LDFLAGS="$LDFLAGS -L${withval}/lib" 1727 LIBS="-lldns $LIBS" 1728 ldns=yes 1729 fi 1730 1731 # Verify that it works. 1732 if test "x$ldns" = "xyes" ; then 1733 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1734 LDNS_MSG="yes" 1735 AC_MSG_CHECKING([for ldns support]) 1736 AC_LINK_IFELSE( 1737 [AC_LANG_SOURCE([[ 1738#include <stdio.h> 1739#include <stdlib.h> 1740#ifdef HAVE_STDINT_H 1741# include <stdint.h> 1742#endif 1743#include <ldns/ldns.h> 1744int main(void) { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1745 ]]) 1746 ], 1747 [AC_MSG_RESULT(yes)], 1748 [ 1749 AC_MSG_RESULT(no) 1750 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1751 ]) 1752 fi 1753]) 1754 1755# Check whether user wants libedit support 1756LIBEDIT_MSG="no" 1757AC_ARG_WITH([libedit], 1758 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1759 [ if test "x$withval" != "xno" ; then 1760 if test "x$withval" = "xyes" ; then 1761 if test "x$PKGCONFIG" != "xno"; then 1762 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1763 if "$PKGCONFIG" libedit; then 1764 AC_MSG_RESULT([yes]) 1765 use_pkgconfig_for_libedit=yes 1766 else 1767 AC_MSG_RESULT([no]) 1768 fi 1769 fi 1770 else 1771 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1772 if test -n "${rpath_opt}"; then 1773 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1774 else 1775 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1776 fi 1777 fi 1778 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1779 LIBEDIT=`$PKGCONFIG --libs libedit` 1780 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1781 else 1782 LIBEDIT="-ledit -lcurses" 1783 fi 1784 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1785 AC_CHECK_LIB([edit], [el_init], 1786 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1787 LIBEDIT_MSG="yes" 1788 AC_SUBST([LIBEDIT]) 1789 ], 1790 [ AC_MSG_ERROR([libedit not found]) ], 1791 [ $OTHERLIBS ] 1792 ) 1793 AC_MSG_CHECKING([if libedit version is compatible]) 1794 AC_COMPILE_IFELSE( 1795 [AC_LANG_PROGRAM([[ 1796#include <histedit.h> 1797#include <stdlib.h> 1798 ]], 1799 [[ 1800 int i = H_SETSIZE; 1801 el_init("", NULL, NULL, NULL); 1802 exit(0); 1803 ]])], 1804 [ AC_MSG_RESULT([yes]) ], 1805 [ AC_MSG_RESULT([no]) 1806 AC_MSG_ERROR([libedit version is not compatible]) ] 1807 ) 1808 fi ] 1809) 1810 1811AUDIT_MODULE=none 1812AC_ARG_WITH([audit], 1813 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1814 [ 1815 AC_MSG_CHECKING([for supported audit module]) 1816 case "$withval" in 1817 bsm) 1818 AC_MSG_RESULT([bsm]) 1819 AUDIT_MODULE=bsm 1820 dnl Checks for headers, libs and functions 1821 AC_CHECK_HEADERS([bsm/audit.h], [], 1822 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1823 [ 1824#ifdef HAVE_TIME_H 1825# include <time.h> 1826#endif 1827 ] 1828) 1829 AC_CHECK_LIB([bsm], [getaudit], [], 1830 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1831 AC_CHECK_FUNCS([getaudit], [], 1832 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1833 # These are optional 1834 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1835 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1836 if test "$sol2ver" -ge 11; then 1837 SSHDLIBS="$SSHDLIBS -lscf" 1838 AC_DEFINE([BROKEN_BSM_API], [1], 1839 [The system has incomplete BSM API]) 1840 fi 1841 ;; 1842 linux) 1843 AC_MSG_RESULT([linux]) 1844 AUDIT_MODULE=linux 1845 dnl Checks for headers, libs and functions 1846 AC_CHECK_HEADERS([libaudit.h]) 1847 SSHDLIBS="$SSHDLIBS -laudit" 1848 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1849 ;; 1850 debug) 1851 AUDIT_MODULE=debug 1852 AC_MSG_RESULT([debug]) 1853 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1854 ;; 1855 no) 1856 AC_MSG_RESULT([no]) 1857 ;; 1858 *) 1859 AC_MSG_ERROR([Unknown audit module $withval]) 1860 ;; 1861 esac ] 1862) 1863 1864AC_ARG_WITH([pie], 1865 [ --with-pie Build Position Independent Executables if possible], [ 1866 if test "x$withval" = "xno"; then 1867 use_pie=no 1868 fi 1869 if test "x$withval" = "xyes"; then 1870 use_pie=yes 1871 fi 1872 ] 1873) 1874if test "x$use_pie" = "x"; then 1875 use_pie=no 1876fi 1877if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1878 # Turn off automatic PIE when toolchain hardening is off. 1879 use_pie=no 1880fi 1881if test "x$use_pie" = "xauto"; then 1882 # Automatic PIE requires gcc >= 4.x 1883 AC_MSG_CHECKING([for gcc >= 4.x]) 1884 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1885#if !defined(__GNUC__) || __GNUC__ < 4 1886#error gcc is too old 1887#endif 1888]])], 1889 [ AC_MSG_RESULT([yes]) ], 1890 [ AC_MSG_RESULT([no]) 1891 use_pie=no ] 1892) 1893fi 1894if test "x$use_pie" != "xno"; then 1895 SAVED_CFLAGS="$CFLAGS" 1896 SAVED_LDFLAGS="$LDFLAGS" 1897 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1898 OSSH_CHECK_LDFLAG_LINK([-pie]) 1899 # We use both -fPIE and -pie or neither. 1900 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1901 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1902 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1903 AC_MSG_RESULT([yes]) 1904 else 1905 AC_MSG_RESULT([no]) 1906 CFLAGS="$SAVED_CFLAGS" 1907 LDFLAGS="$SAVED_LDFLAGS" 1908 fi 1909fi 1910 1911AC_MSG_CHECKING([whether -fPIC is accepted]) 1912SAVED_CFLAGS="$CFLAGS" 1913CFLAGS="$CFLAGS -fPIC" 1914AC_COMPILE_IFELSE( 1915 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1916 [AC_MSG_RESULT([yes]) 1917 PICFLAG="-fPIC"; ], 1918 [AC_MSG_RESULT([no]) 1919 PICFLAG=""; ]) 1920CFLAGS="$SAVED_CFLAGS" 1921AC_SUBST([PICFLAG]) 1922 1923dnl Checks for library functions. Please keep in alphabetical order 1924AC_CHECK_FUNCS([ \ 1925 auth_hostok \ 1926 auth_timeok \ 1927 Blowfish_initstate \ 1928 Blowfish_expandstate \ 1929 Blowfish_expand0state \ 1930 Blowfish_stream2word \ 1931 SHA256Update \ 1932 SHA384Update \ 1933 SHA512Update \ 1934 asprintf \ 1935 b64_ntop \ 1936 __b64_ntop \ 1937 b64_pton \ 1938 __b64_pton \ 1939 bcopy \ 1940 bcrypt_pbkdf \ 1941 bindresvport_sa \ 1942 blf_enc \ 1943 bzero \ 1944 cap_rights_limit \ 1945 clock \ 1946 closefrom \ 1947 close_range \ 1948 dirfd \ 1949 endgrent \ 1950 err \ 1951 errx \ 1952 explicit_bzero \ 1953 explicit_memset \ 1954 fchmod \ 1955 fchmodat \ 1956 fchown \ 1957 fchownat \ 1958 flock \ 1959 fnmatch \ 1960 freeaddrinfo \ 1961 freezero \ 1962 fstatfs \ 1963 fstatvfs \ 1964 futimes \ 1965 getaddrinfo \ 1966 getcwd \ 1967 getentropy \ 1968 getgrouplist \ 1969 getline \ 1970 getnameinfo \ 1971 getopt \ 1972 getpagesize \ 1973 getpeereid \ 1974 getpeerucred \ 1975 getpgid \ 1976 _getpty \ 1977 getrlimit \ 1978 getrandom \ 1979 getsid \ 1980 getttyent \ 1981 glob \ 1982 group_from_gid \ 1983 inet_aton \ 1984 inet_ntoa \ 1985 inet_ntop \ 1986 innetgr \ 1987 killpg \ 1988 llabs \ 1989 localtime_r \ 1990 login_getcapbool \ 1991 login_getpwclass \ 1992 memmem \ 1993 memmove \ 1994 memset_s \ 1995 mkdtemp \ 1996 ngetaddrinfo \ 1997 nsleep \ 1998 ogetaddrinfo \ 1999 openlog_r \ 2000 pledge \ 2001 poll \ 2002 ppoll \ 2003 prctl \ 2004 procctl \ 2005 pselect \ 2006 pstat \ 2007 raise \ 2008 readpassphrase \ 2009 reallocarray \ 2010 realpath \ 2011 recvmsg \ 2012 recallocarray \ 2013 rresvport_af \ 2014 sendmsg \ 2015 setdtablesize \ 2016 setegid \ 2017 setenv \ 2018 seteuid \ 2019 setgroupent \ 2020 setgroups \ 2021 setlinebuf \ 2022 setlogin \ 2023 setpassent\ 2024 setpcred \ 2025 setproctitle \ 2026 setregid \ 2027 setreuid \ 2028 setrlimit \ 2029 setsid \ 2030 setvbuf \ 2031 sigaction \ 2032 sigvec \ 2033 snprintf \ 2034 socketpair \ 2035 statfs \ 2036 statvfs \ 2037 strcasestr \ 2038 strdup \ 2039 strerror \ 2040 strlcat \ 2041 strlcpy \ 2042 strmode \ 2043 strndup \ 2044 strnlen \ 2045 strnvis \ 2046 strptime \ 2047 strsignal \ 2048 strtonum \ 2049 strtoll \ 2050 strtoul \ 2051 strtoull \ 2052 swap32 \ 2053 sysconf \ 2054 tcgetpgrp \ 2055 timegm \ 2056 timingsafe_bcmp \ 2057 truncate \ 2058 unsetenv \ 2059 updwtmpx \ 2060 utimensat \ 2061 user_from_uid \ 2062 usleep \ 2063 vasprintf \ 2064 vsnprintf \ 2065 waitpid \ 2066 warn \ 2067]) 2068 2069AC_CHECK_DECLS([bzero, memmem]) 2070 2071dnl Wide character support. 2072AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 2073 2074TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 2075AC_MSG_CHECKING([for utf8 locale support]) 2076AC_RUN_IFELSE( 2077 [AC_LANG_PROGRAM([[ 2078#include <locale.h> 2079#include <stdlib.h> 2080 ]], [[ 2081 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 2082 if (loc != NULL) 2083 exit(0); 2084 exit(1); 2085 ]])], 2086 AC_MSG_RESULT(yes), 2087 [AC_MSG_RESULT(no) 2088 TEST_SSH_UTF8=no], 2089 AC_MSG_WARN([cross compiling: assuming yes]) 2090) 2091 2092AC_LINK_IFELSE( 2093 [AC_LANG_PROGRAM( 2094 [[ #include <ctype.h> ]], 2095 [[ return (isblank('a')); ]])], 2096 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 2097]) 2098 2099disable_pkcs11= 2100AC_ARG_ENABLE([pkcs11], 2101 [ --disable-pkcs11 disable PKCS#11 support code [no]], 2102 [ 2103 if test "x$enableval" = "xno" ; then 2104 disable_pkcs11=1 2105 fi 2106 ] 2107) 2108 2109disable_sk= 2110AC_ARG_ENABLE([security-key], 2111 [ --disable-security-key disable U2F/FIDO support code [no]], 2112 [ 2113 if test "x$enableval" = "xno" ; then 2114 disable_sk=1 2115 fi 2116 ] 2117) 2118enable_sk_internal= 2119AC_ARG_WITH([security-key-builtin], 2120 [ --with-security-key-builtin include builtin U2F/FIDO support], 2121 [ enable_sk_internal=$withval ] 2122) 2123 2124AC_SEARCH_LIBS([dlopen], [dl]) 2125AC_CHECK_FUNCS([dlopen]) 2126AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 2127 2128# IRIX has a const char return value for gai_strerror() 2129AC_CHECK_FUNCS([gai_strerror], [ 2130 AC_DEFINE([HAVE_GAI_STRERROR]) 2131 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2132#include <sys/types.h> 2133#include <sys/socket.h> 2134#include <netdb.h> 2135 2136const char *gai_strerror(int); 2137 ]], [[ 2138 char *str; 2139 str = gai_strerror(0); 2140 ]])], [ 2141 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 2142 [Define if gai_strerror() returns const char *])], [])]) 2143 2144AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 2145 [Some systems put nanosleep outside of libc])]) 2146 2147AC_SEARCH_LIBS([clock_gettime], [rt], 2148 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 2149 2150dnl check if we need -D_REENTRANT for localtime_r declaration. 2151AC_CHECK_DECL([localtime_r], [], 2152 [ saved_CPPFLAGS="$CPPFLAGS" 2153 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 2154 unset ac_cv_have_decl_localtime_r 2155 AC_CHECK_DECL([localtime_r], [], 2156 [ CPPFLAGS="$saved_CPPFLAGS" ], 2157 [ #include <time.h> ] 2158 ) 2159 ], 2160 [ #include <time.h> ] 2161) 2162 2163dnl Make sure prototypes are defined for these before using them. 2164AC_CHECK_DECL([strsep], 2165 [AC_CHECK_FUNCS([strsep])], 2166 [], 2167 [ 2168#ifdef HAVE_STRING_H 2169# include <string.h> 2170#endif 2171 ]) 2172 2173dnl tcsendbreak might be a macro 2174AC_CHECK_DECL([tcsendbreak], 2175 [AC_DEFINE([HAVE_TCSENDBREAK])], 2176 [AC_CHECK_FUNCS([tcsendbreak])], 2177 [#include <termios.h>] 2178) 2179 2180AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2181 2182AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2183 [ 2184#include <sys/types.h> 2185#include <sys/socket.h> 2186#include <unistd.h> 2187 ]) 2188 2189AC_CHECK_DECLS([O_NONBLOCK], , , 2190 [ 2191#include <sys/types.h> 2192#ifdef HAVE_SYS_STAT_H 2193# include <sys/stat.h> 2194#endif 2195#ifdef HAVE_FCNTL_H 2196# include <fcntl.h> 2197#endif 2198 ]) 2199 2200AC_CHECK_DECLS([ftruncate, getentropy], , , 2201 [ 2202#include <sys/types.h> 2203#include <unistd.h> 2204 ]) 2205 2206AC_CHECK_DECLS([readv, writev], , , [ 2207#include <sys/types.h> 2208#include <sys/uio.h> 2209#include <unistd.h> 2210 ]) 2211 2212AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2213#include <sys/param.h> 2214 ]) 2215 2216AC_CHECK_DECLS([offsetof], , , [ 2217#include <stddef.h> 2218 ]) 2219 2220# extra bits for select(2) 2221AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2222#include <sys/param.h> 2223#include <sys/types.h> 2224#ifdef HAVE_SYS_SYSMACROS_H 2225#include <sys/sysmacros.h> 2226#endif 2227#ifdef HAVE_SYS_SELECT_H 2228#include <sys/select.h> 2229#endif 2230#ifdef HAVE_SYS_TIME_H 2231#include <sys/time.h> 2232#endif 2233#ifdef HAVE_UNISTD_H 2234#include <unistd.h> 2235#endif 2236 ]]) 2237AC_CHECK_TYPES([fd_mask], [], [], [[ 2238#include <sys/param.h> 2239#include <sys/types.h> 2240#ifdef HAVE_SYS_SELECT_H 2241#include <sys/select.h> 2242#endif 2243#ifdef HAVE_SYS_TIME_H 2244#include <sys/time.h> 2245#endif 2246#ifdef HAVE_UNISTD_H 2247#include <unistd.h> 2248#endif 2249 ]]) 2250 2251AC_CHECK_FUNCS([setresuid], [ 2252 dnl Some platorms have setresuid that isn't implemented, test for this 2253 AC_MSG_CHECKING([if setresuid seems to work]) 2254 AC_RUN_IFELSE( 2255 [AC_LANG_PROGRAM([[ 2256#include <errno.h> 2257#include <stdlib.h> 2258#include <unistd.h> 2259 ]], [[ 2260 errno=0; 2261 setresuid(0,0,0); 2262 if (errno==ENOSYS) 2263 exit(1); 2264 else 2265 exit(0); 2266 ]])], 2267 [AC_MSG_RESULT([yes])], 2268 [AC_DEFINE([BROKEN_SETRESUID], [1], 2269 [Define if your setresuid() is broken]) 2270 AC_MSG_RESULT([not implemented])], 2271 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2272 ) 2273]) 2274 2275AC_CHECK_FUNCS([setresgid], [ 2276 dnl Some platorms have setresgid that isn't implemented, test for this 2277 AC_MSG_CHECKING([if setresgid seems to work]) 2278 AC_RUN_IFELSE( 2279 [AC_LANG_PROGRAM([[ 2280#include <errno.h> 2281#include <stdlib.h> 2282#include <unistd.h> 2283 ]], [[ 2284 errno=0; 2285 setresgid(0,0,0); 2286 if (errno==ENOSYS) 2287 exit(1); 2288 else 2289 exit(0); 2290 ]])], 2291 [AC_MSG_RESULT([yes])], 2292 [AC_DEFINE([BROKEN_SETRESGID], [1], 2293 [Define if your setresgid() is broken]) 2294 AC_MSG_RESULT([not implemented])], 2295 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2296 ) 2297]) 2298 2299AC_MSG_CHECKING([for working fflush(NULL)]) 2300AC_RUN_IFELSE( 2301 [AC_LANG_PROGRAM([[ 2302#include <stdio.h> 2303#include <stdlib.h> 2304 ]], 2305 [[fflush(NULL); exit(0);]])], 2306 AC_MSG_RESULT([yes]), 2307 [AC_MSG_RESULT([no]) 2308 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2309 [define if fflush(NULL) does not work])], 2310 AC_MSG_WARN([cross compiling: assuming working]) 2311) 2312 2313dnl Checks for time functions 2314AC_CHECK_FUNCS([gettimeofday time]) 2315dnl Checks for utmp functions 2316AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2317AC_CHECK_FUNCS([utmpname]) 2318dnl Checks for utmpx functions 2319AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2320AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2321dnl Checks for lastlog functions 2322AC_CHECK_FUNCS([getlastlogxbyname]) 2323 2324AC_CHECK_FUNC([daemon], 2325 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2326 [AC_CHECK_LIB([bsd], [daemon], 2327 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2328) 2329 2330AC_CHECK_FUNC([getpagesize], 2331 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2332 [Define if your libraries define getpagesize()])], 2333 [AC_CHECK_LIB([ucb], [getpagesize], 2334 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2335) 2336 2337# Check for broken snprintf 2338if test "x$ac_cv_func_snprintf" = "xyes" ; then 2339 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2340 AC_RUN_IFELSE( 2341 [AC_LANG_PROGRAM([[ 2342#include <stdio.h> 2343#include <stdlib.h> 2344 ]], 2345 [[ 2346 char b[5]; 2347 snprintf(b,5,"123456789"); 2348 exit(b[4]!='\0'); 2349 ]])], 2350 [AC_MSG_RESULT([yes])], 2351 [ 2352 AC_MSG_RESULT([no]) 2353 AC_DEFINE([BROKEN_SNPRINTF], [1], 2354 [Define if your snprintf is busted]) 2355 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2356 ], 2357 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2358 ) 2359fi 2360 2361if test "x$ac_cv_func_snprintf" = "xyes" ; then 2362 AC_MSG_CHECKING([whether snprintf understands %zu]) 2363 AC_RUN_IFELSE( 2364 [AC_LANG_PROGRAM([[ 2365#include <sys/types.h> 2366#include <stdio.h> 2367#include <stdlib.h> 2368#include <string.h> 2369 ]], 2370 [[ 2371 size_t a = 1, b = 2; 2372 char z[128]; 2373 snprintf(z, sizeof z, "%zu%zu", a, b); 2374 exit(strcmp(z, "12")); 2375 ]])], 2376 [AC_MSG_RESULT([yes])], 2377 [ 2378 AC_MSG_RESULT([no]) 2379 AC_DEFINE([BROKEN_SNPRINTF], [1], 2380 [snprintf does not understand %zu]) 2381 ], 2382 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2383 ) 2384fi 2385 2386# We depend on vsnprintf returning the right thing on overflow: the 2387# number of characters it tried to create (as per SUSv3) 2388if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2389 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2390 AC_RUN_IFELSE( 2391 [AC_LANG_PROGRAM([[ 2392#include <sys/types.h> 2393#include <stdio.h> 2394#include <stdarg.h> 2395 2396int x_snprintf(char *str, size_t count, const char *fmt, ...) 2397{ 2398 size_t ret; 2399 va_list ap; 2400 2401 va_start(ap, fmt); 2402 ret = vsnprintf(str, count, fmt, ap); 2403 va_end(ap); 2404 return ret; 2405} 2406 ]], [[ 2407char x[1]; 2408if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2409 return 1; 2410if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2411 return 1; 2412return 0; 2413 ]])], 2414 [AC_MSG_RESULT([yes])], 2415 [ 2416 AC_MSG_RESULT([no]) 2417 AC_DEFINE([BROKEN_SNPRINTF], [1], 2418 [Define if your snprintf is busted]) 2419 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2420 ], 2421 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2422 ) 2423fi 2424 2425# On systems where [v]snprintf is broken, but is declared in stdio, 2426# check that the fmt argument is const char * or just char *. 2427# This is only useful for when BROKEN_SNPRINTF 2428AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2429AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2430#include <stdio.h> 2431int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2432 ]], [[ 2433 snprintf(0, 0, 0); 2434 ]])], 2435 [AC_MSG_RESULT([yes]) 2436 AC_DEFINE([SNPRINTF_CONST], [const], 2437 [Define as const if snprintf() can declare const char *fmt])], 2438 [AC_MSG_RESULT([no]) 2439 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2440 2441# Check for missing getpeereid (or equiv) support 2442NO_PEERCHECK="" 2443if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2444 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2445 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2446#include <sys/types.h> 2447#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2448 [ AC_MSG_RESULT([yes]) 2449 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2450 ], [AC_MSG_RESULT([no]) 2451 NO_PEERCHECK=1 2452 ]) 2453fi 2454 2455dnl make sure that openpty does not reacquire controlling terminal 2456if test ! -z "$check_for_openpty_ctty_bug"; then 2457 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2458 AC_RUN_IFELSE( 2459 [AC_LANG_PROGRAM([[ 2460#include <stdio.h> 2461#include <stdlib.h> 2462#include <unistd.h> 2463#ifdef HAVE_PTY_H 2464# include <pty.h> 2465#endif 2466#include <sys/fcntl.h> 2467#include <sys/types.h> 2468#include <sys/wait.h> 2469 ]], [[ 2470 pid_t pid; 2471 int fd, ptyfd, ttyfd, status; 2472 2473 pid = fork(); 2474 if (pid < 0) { /* failed */ 2475 exit(1); 2476 } else if (pid > 0) { /* parent */ 2477 waitpid(pid, &status, 0); 2478 if (WIFEXITED(status)) 2479 exit(WEXITSTATUS(status)); 2480 else 2481 exit(2); 2482 } else { /* child */ 2483 close(0); close(1); close(2); 2484 setsid(); 2485 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2486 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2487 if (fd >= 0) 2488 exit(3); /* Acquired ctty: broken */ 2489 else 2490 exit(0); /* Did not acquire ctty: OK */ 2491 } 2492 ]])], 2493 [ 2494 AC_MSG_RESULT([yes]) 2495 ], 2496 [ 2497 AC_MSG_RESULT([no]) 2498 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2499 ], 2500 [ 2501 AC_MSG_RESULT([cross-compiling, assuming yes]) 2502 ] 2503 ) 2504fi 2505 2506if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2507 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2508 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2509 AC_RUN_IFELSE( 2510 [AC_LANG_PROGRAM([[ 2511#include <stdio.h> 2512#include <stdlib.h> 2513#include <sys/socket.h> 2514#include <netdb.h> 2515#include <errno.h> 2516#include <netinet/in.h> 2517 2518#define TEST_PORT "2222" 2519 ]], [[ 2520 int err, sock; 2521 struct addrinfo *gai_ai, *ai, hints; 2522 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2523 2524 memset(&hints, 0, sizeof(hints)); 2525 hints.ai_family = PF_UNSPEC; 2526 hints.ai_socktype = SOCK_STREAM; 2527 hints.ai_flags = AI_PASSIVE; 2528 2529 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2530 if (err != 0) { 2531 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2532 exit(1); 2533 } 2534 2535 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2536 if (ai->ai_family != AF_INET6) 2537 continue; 2538 2539 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2540 sizeof(ntop), strport, sizeof(strport), 2541 NI_NUMERICHOST|NI_NUMERICSERV); 2542 2543 if (err != 0) { 2544 if (err == EAI_SYSTEM) 2545 perror("getnameinfo EAI_SYSTEM"); 2546 else 2547 fprintf(stderr, "getnameinfo failed: %s\n", 2548 gai_strerror(err)); 2549 exit(2); 2550 } 2551 2552 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2553 if (sock < 0) 2554 perror("socket"); 2555 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2556 if (errno == EBADF) 2557 exit(3); 2558 } 2559 } 2560 exit(0); 2561 ]])], 2562 [ 2563 AC_MSG_RESULT([yes]) 2564 ], 2565 [ 2566 AC_MSG_RESULT([no]) 2567 AC_DEFINE([BROKEN_GETADDRINFO]) 2568 ], 2569 [ 2570 AC_MSG_RESULT([cross-compiling, assuming yes]) 2571 ] 2572 ) 2573fi 2574 2575if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2576 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2577 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2578 AC_RUN_IFELSE( 2579 [AC_LANG_PROGRAM([[ 2580#include <stdio.h> 2581#include <stdlib.h> 2582#include <sys/socket.h> 2583#include <netdb.h> 2584#include <errno.h> 2585#include <netinet/in.h> 2586 2587#define TEST_PORT "2222" 2588 ]], [[ 2589 int err, sock; 2590 struct addrinfo *gai_ai, *ai, hints; 2591 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2592 2593 memset(&hints, 0, sizeof(hints)); 2594 hints.ai_family = PF_UNSPEC; 2595 hints.ai_socktype = SOCK_STREAM; 2596 hints.ai_flags = AI_PASSIVE; 2597 2598 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2599 if (err != 0) { 2600 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2601 exit(1); 2602 } 2603 2604 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2605 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2606 continue; 2607 2608 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2609 sizeof(ntop), strport, sizeof(strport), 2610 NI_NUMERICHOST|NI_NUMERICSERV); 2611 2612 if (ai->ai_family == AF_INET && err != 0) { 2613 perror("getnameinfo"); 2614 exit(2); 2615 } 2616 } 2617 exit(0); 2618 ]])], 2619 [ 2620 AC_MSG_RESULT([yes]) 2621 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2622 [Define if you have a getaddrinfo that fails 2623 for the all-zeros IPv6 address]) 2624 ], 2625 [ 2626 AC_MSG_RESULT([no]) 2627 AC_DEFINE([BROKEN_GETADDRINFO]) 2628 ], 2629 [ 2630 AC_MSG_RESULT([cross-compiling, assuming no]) 2631 ] 2632 ) 2633fi 2634 2635if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2636 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2637 [#include <sys/types.h> 2638 #include <sys/socket.h> 2639 #include <netdb.h>]) 2640fi 2641 2642if test "x$check_for_conflicting_getspnam" = "x1"; then 2643 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2644 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2645#include <shadow.h> 2646#include <stdlib.h> 2647 ]], 2648 [[ exit(0); ]])], 2649 [ 2650 AC_MSG_RESULT([no]) 2651 ], 2652 [ 2653 AC_MSG_RESULT([yes]) 2654 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2655 [Conflicting defs for getspnam]) 2656 ] 2657 ) 2658fi 2659 2660dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2661dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2662dnl for over ten years). Despite this incompatibility being reported during 2663dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2664dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2665dnl implementation. Try to detect this mess, and assume the only safe option 2666dnl if we're cross compiling. 2667dnl 2668dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2669dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2670if test "x$ac_cv_func_strnvis" = "xyes"; then 2671 AC_MSG_CHECKING([for working strnvis]) 2672 AC_RUN_IFELSE( 2673 [AC_LANG_PROGRAM([[ 2674#include <signal.h> 2675#include <stdlib.h> 2676#include <string.h> 2677#include <unistd.h> 2678#include <vis.h> 2679static void sighandler(int sig) { _exit(1); } 2680 ]], [[ 2681 char dst[16]; 2682 2683 signal(SIGSEGV, sighandler); 2684 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2685 exit(0); 2686 exit(1) 2687 ]])], 2688 [AC_MSG_RESULT([yes])], 2689 [AC_MSG_RESULT([no]) 2690 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2691 [AC_MSG_WARN([cross compiling: assuming broken]) 2692 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2693 ) 2694fi 2695 2696AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2697AC_RUN_IFELSE( 2698 [AC_LANG_PROGRAM([[ 2699#ifdef HAVE_SYS_SELECT 2700# include <sys/select.h> 2701#endif 2702#include <sys/types.h> 2703#include <sys/time.h> 2704#include <stdlib.h> 2705#include <signal.h> 2706#include <unistd.h> 2707static void sighandler(int sig) { } 2708 ]], [[ 2709 int r; 2710 pid_t pid; 2711 struct sigaction sa; 2712 2713 sa.sa_handler = sighandler; 2714 sa.sa_flags = SA_RESTART; 2715 (void)sigaction(SIGTERM, &sa, NULL); 2716 if ((pid = fork()) == 0) { /* child */ 2717 pid = getppid(); 2718 sleep(1); 2719 kill(pid, SIGTERM); 2720 sleep(1); 2721 if (getppid() == pid) /* if parent did not exit, shoot it */ 2722 kill(pid, SIGKILL); 2723 exit(0); 2724 } else { /* parent */ 2725 r = select(0, NULL, NULL, NULL, NULL); 2726 } 2727 exit(r == -1 ? 0 : 1); 2728 ]])], 2729 [AC_MSG_RESULT([yes])], 2730 [AC_MSG_RESULT([no]) 2731 AC_DEFINE([NO_SA_RESTART], [1], 2732 [SA_RESTARTed signals do no interrupt select])], 2733 [AC_MSG_WARN([cross compiling: assuming yes])] 2734) 2735 2736AC_CHECK_FUNCS([getpgrp],[ 2737 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2738 AC_COMPILE_IFELSE( 2739 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2740 [ AC_MSG_RESULT([yes]) 2741 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2742 [ AC_MSG_RESULT([no]) 2743 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2744 ) 2745]) 2746 2747# Search for OpenSSL 2748saved_CPPFLAGS="$CPPFLAGS" 2749saved_LDFLAGS="$LDFLAGS" 2750openssl_bin_PATH="$PATH" 2751AC_ARG_WITH([ssl-dir], 2752 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2753 [ 2754 if test "x$openssl" = "xno" ; then 2755 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2756 fi 2757 if test "x$withval" != "xno" ; then 2758 case "$withval" in 2759 # Relative paths 2760 ./*|../*) withval="`pwd`/$withval" 2761 esac 2762 if test -d "$withval/lib"; then 2763 libcrypto_path="${withval}/lib" 2764 elif test -d "$withval/lib64"; then 2765 libcrypto_path="$withval/lib64" 2766 else 2767 # Built but not installed 2768 libcrypto_path="${withval}" 2769 fi 2770 if test -n "${rpath_opt}"; then 2771 LDFLAGS="-L${libcrypto_path} ${rpath_opt}${libcrypto_path} ${LDFLAGS}" 2772 else 2773 LDFLAGS="-L${libcrypto_path} ${LDFLAGS}" 2774 fi 2775 if test -d "$withval/include"; then 2776 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2777 else 2778 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2779 fi 2780 openssl_bin_PATH="${PATH}${PATH_SEPARATOR}${withval}/bin${PATH_SEPARATOR}${withval}/apps" 2781 fi 2782 ] 2783) 2784AC_PATH_PROGS([openssl_bin], openssl, [], [$openssl_bin_PATH]) 2785AC_SUBST(OPENSSL_BIN, [${openssl_bin}]) 2786 2787AC_ARG_WITH([openssl-header-check], 2788 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2789 [ 2790 if test "x$withval" = "xno" ; then 2791 openssl_check_nonfatal=1 2792 fi 2793 ] 2794) 2795 2796openssl_engine=no 2797AC_ARG_WITH([ssl-engine], 2798 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2799 [ 2800 if test "x$withval" != "xno" ; then 2801 if test "x$openssl" = "xno" ; then 2802 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2803 fi 2804 openssl_engine=yes 2805 fi 2806 ] 2807) 2808 2809nocrypto_saved_LIBS="$LIBS" 2810if test "x$openssl" = "xyes" ; then 2811 LIBS="-lcrypto $LIBS" 2812 CHANNELLIBS="-lcrypto $CHANNELLIBS" 2813 AC_TRY_LINK_FUNC([RAND_add], , 2814 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2815 AC_CHECK_HEADER([openssl/opensslv.h], , 2816 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2817 2818 # Determine OpenSSL header version 2819 AC_MSG_CHECKING([OpenSSL header version]) 2820 AC_RUN_IFELSE( 2821 [AC_LANG_PROGRAM([[ 2822 #include <stdlib.h> 2823 #include <stdio.h> 2824 #include <string.h> 2825 #include <openssl/opensslv.h> 2826 #define DATA "conftest.sslincver" 2827 ]], [[ 2828 FILE *fd; 2829 int rc; 2830 2831 fd = fopen(DATA,"w"); 2832 if(fd == NULL) 2833 exit(1); 2834 2835 if ((rc = fprintf(fd, "%08lx (%s)\n", 2836 (unsigned long)OPENSSL_VERSION_NUMBER, 2837 OPENSSL_VERSION_TEXT)) < 0) 2838 exit(1); 2839 2840 exit(0); 2841 ]])], 2842 [ 2843 ssl_header_ver=`cat conftest.sslincver` 2844 AC_MSG_RESULT([$ssl_header_ver]) 2845 ], 2846 [ 2847 AC_MSG_RESULT([not found]) 2848 AC_MSG_ERROR([OpenSSL version header not found.]) 2849 ], 2850 [ 2851 AC_MSG_WARN([cross compiling: not checking]) 2852 ] 2853 ) 2854 2855 # Determining OpenSSL library version is version dependent. 2856 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2857 2858 # Determine OpenSSL library version 2859 AC_MSG_CHECKING([OpenSSL library version]) 2860 AC_RUN_IFELSE( 2861 [AC_LANG_PROGRAM([[ 2862 #include <stdio.h> 2863 #include <stdlib.h> 2864 #include <string.h> 2865 #include <openssl/opensslv.h> 2866 #include <openssl/crypto.h> 2867 #define DATA "conftest.ssllibver" 2868 ]], [[ 2869 FILE *f; 2870 /* We need these legacy bits to warn for old libcrypto */ 2871 #ifndef OPENSSL_VERSION 2872 # define OPENSSL_VERSION SSLEAY_VERSION 2873 #endif 2874 #ifndef HAVE_OPENSSL_VERSION 2875 # define OpenSSL_version SSLeay_version 2876 #endif 2877 #ifndef HAVE_OPENSSL_VERSION_NUM 2878 # define OpenSSL_version_num SSLeay 2879 #endif 2880 if ((f = fopen(DATA, "w")) == NULL) 2881 exit(1); 2882 if (fprintf(f, "%08lx (%s)", 2883 (unsigned long)OpenSSL_version_num(), 2884 OpenSSL_version(OPENSSL_VERSION)) < 0) 2885 exit(1); 2886#ifdef LIBRESSL_VERSION_NUMBER 2887 if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0) 2888 exit(1); 2889#endif 2890 if (fputc('\n', f) == EOF || fclose(f) == EOF) 2891 exit(1); 2892 exit(0); 2893 ]])], 2894 [ 2895 sslver=`cat conftest.ssllibver` 2896 ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'` 2897 # Check version is supported. 2898 case "$sslver" in 2899 100*|10100*) # 1.0.x, 1.1.0x 2900 AC_MSG_ERROR([OpenSSL >= 1.1.1 required (have "$ssl_showver")]) 2901 ;; 2902 101*) ;; # 1.1.x 2903 200*) # LibreSSL 2904 lver=`echo "$sslver" | sed 's/.*libressl-//'` 2905 case "$lver" in 2906 2*|300*) # 2.x, 3.0.0 2907 AC_MSG_ERROR([LibreSSL >= 3.1.0 required (have "$ssl_showver")]) 2908 ;; 2909 *) ;; # Assume all other versions are good. 2910 esac 2911 ;; 2912 300*) 2913 # OpenSSL 3; we use the 1.1x API 2914 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" 2915 ;; 2916 301*|302*) 2917 # OpenSSL development branch; request 1.1x API 2918 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" 2919 ;; 2920 *) 2921 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_showver")]) 2922 ;; 2923 esac 2924 AC_MSG_RESULT([$ssl_showver]) 2925 ], 2926 [ 2927 AC_MSG_RESULT([not found]) 2928 AC_MSG_ERROR([OpenSSL library not found.]) 2929 ], 2930 [ 2931 AC_MSG_WARN([cross compiling: not checking]) 2932 ] 2933 ) 2934 2935 case "$host" in 2936 x86_64-*) 2937 case "$sslver" in 2938 3000004*) 2939 AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)]) 2940 ;; 2941 esac 2942 esac 2943 2944 # Sanity check OpenSSL headers 2945 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2946 AC_RUN_IFELSE( 2947 [AC_LANG_PROGRAM([[ 2948 #include <stdlib.h> 2949 #include <string.h> 2950 #include <openssl/opensslv.h> 2951 #include <openssl/crypto.h> 2952 ]], [[ 2953 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2954 ]])], 2955 [ 2956 AC_MSG_RESULT([yes]) 2957 ], 2958 [ 2959 AC_MSG_RESULT([no]) 2960 if test "x$openssl_check_nonfatal" = "x"; then 2961 AC_MSG_ERROR([Your OpenSSL headers do not match your 2962 library. Check config.log for details. 2963 If you are sure your installation is consistent, you can disable the check 2964 by running "./configure --without-openssl-header-check". 2965 Also see contrib/findssl.sh for help identifying header/library mismatches. 2966 ]) 2967 else 2968 AC_MSG_WARN([Your OpenSSL headers do not match your 2969 library. Check config.log for details. 2970 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2971 fi 2972 ], 2973 [ 2974 AC_MSG_WARN([cross compiling: not checking]) 2975 ] 2976 ) 2977 2978 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2979 AC_LINK_IFELSE( 2980 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2981 [[ ERR_load_crypto_strings(); ]])], 2982 [ 2983 AC_MSG_RESULT([yes]) 2984 ], 2985 [ 2986 AC_MSG_RESULT([no]) 2987 LIBS="$LIBS -ldl" 2988 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2989 AC_LINK_IFELSE( 2990 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2991 [[ ERR_load_crypto_strings(); ]])], 2992 [ 2993 AC_MSG_RESULT([yes]) 2994 CHANNELLIBS="$CHANNELLIBS -ldl" 2995 ], 2996 [ 2997 AC_MSG_RESULT([no]) 2998 ] 2999 ) 3000 ] 3001 ) 3002 3003 AC_CHECK_FUNCS([ \ 3004 BN_is_prime_ex \ 3005 DES_crypt \ 3006 DSA_generate_parameters_ex \ 3007 EVP_DigestFinal_ex \ 3008 EVP_DigestInit_ex \ 3009 EVP_MD_CTX_cleanup \ 3010 EVP_MD_CTX_copy_ex \ 3011 EVP_MD_CTX_init \ 3012 HMAC_CTX_init \ 3013 RSA_generate_key_ex \ 3014 RSA_get_default_method \ 3015 ]) 3016 3017 # OpenSSL_add_all_algorithms may be a macro. 3018 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 3019 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 3020 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 3021 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 3022 [[#include <openssl/evp.h>]] 3023 ) 3024 ) 3025 3026 # LibreSSL/OpenSSL API differences 3027 AC_CHECK_FUNCS([ \ 3028 EVP_CIPHER_CTX_iv \ 3029 EVP_CIPHER_CTX_iv_noconst \ 3030 EVP_CIPHER_CTX_get_iv \ 3031 EVP_CIPHER_CTX_get_updated_iv \ 3032 EVP_CIPHER_CTX_set_iv \ 3033 ]) 3034 3035 if test "x$openssl_engine" = "xyes" ; then 3036 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 3037 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3038 #include <openssl/engine.h> 3039 ]], [[ 3040 ENGINE_load_builtin_engines(); 3041 ENGINE_register_all_complete(); 3042 ]])], 3043 [ AC_MSG_RESULT([yes]) 3044 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 3045 [Enable OpenSSL engine support]) 3046 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 3047 ]) 3048 fi 3049 3050 # Check for OpenSSL without EVP_aes_{192,256}_cbc 3051 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 3052 AC_LINK_IFELSE( 3053 [AC_LANG_PROGRAM([[ 3054 #include <stdlib.h> 3055 #include <string.h> 3056 #include <openssl/evp.h> 3057 ]], [[ 3058 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 3059 ]])], 3060 [ 3061 AC_MSG_RESULT([no]) 3062 ], 3063 [ 3064 AC_MSG_RESULT([yes]) 3065 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 3066 [libcrypto is missing AES 192 and 256 bit functions]) 3067 ] 3068 ) 3069 3070 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 3071 AC_LINK_IFELSE( 3072 [AC_LANG_PROGRAM([[ 3073 #include <stdlib.h> 3074 #include <string.h> 3075 #include <openssl/evp.h> 3076 ]], [[ 3077 if(EVP_DigestUpdate(NULL, NULL,0)) 3078 exit(0); 3079 ]])], 3080 [ 3081 AC_MSG_RESULT([yes]) 3082 ], 3083 [ 3084 AC_MSG_RESULT([no]) 3085 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 3086 [Define if EVP_DigestUpdate returns void]) 3087 ] 3088 ) 3089 3090 # Check for various EVP support in OpenSSL 3091 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_chacha20]) 3092 3093 # Check complete ECC support in OpenSSL 3094 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 3095 AC_LINK_IFELSE( 3096 [AC_LANG_PROGRAM([[ 3097 #include <openssl/ec.h> 3098 #include <openssl/ecdh.h> 3099 #include <openssl/ecdsa.h> 3100 #include <openssl/evp.h> 3101 #include <openssl/objects.h> 3102 #include <openssl/opensslv.h> 3103 ]], [[ 3104 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3105 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3106 ]])], 3107 [ AC_MSG_RESULT([yes]) 3108 enable_nistp256=1 ], 3109 [ AC_MSG_RESULT([no]) ] 3110 ) 3111 3112 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3113 AC_LINK_IFELSE( 3114 [AC_LANG_PROGRAM([[ 3115 #include <openssl/ec.h> 3116 #include <openssl/ecdh.h> 3117 #include <openssl/ecdsa.h> 3118 #include <openssl/evp.h> 3119 #include <openssl/objects.h> 3120 #include <openssl/opensslv.h> 3121 ]], [[ 3122 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3123 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3124 ]])], 3125 [ AC_MSG_RESULT([yes]) 3126 enable_nistp384=1 ], 3127 [ AC_MSG_RESULT([no]) ] 3128 ) 3129 3130 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3131 AC_LINK_IFELSE( 3132 [AC_LANG_PROGRAM([[ 3133 #include <openssl/ec.h> 3134 #include <openssl/ecdh.h> 3135 #include <openssl/ecdsa.h> 3136 #include <openssl/evp.h> 3137 #include <openssl/objects.h> 3138 #include <openssl/opensslv.h> 3139 ]], [[ 3140 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3141 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3142 ]])], 3143 [ AC_MSG_RESULT([yes]) 3144 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3145 AC_RUN_IFELSE( 3146 [AC_LANG_PROGRAM([[ 3147 #include <stdlib.h> 3148 #include <openssl/ec.h> 3149 #include <openssl/ecdh.h> 3150 #include <openssl/ecdsa.h> 3151 #include <openssl/evp.h> 3152 #include <openssl/objects.h> 3153 #include <openssl/opensslv.h> 3154 ]],[[ 3155 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3156 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3157 exit(e == NULL || m == NULL); 3158 ]])], 3159 [ AC_MSG_RESULT([yes]) 3160 enable_nistp521=1 ], 3161 [ AC_MSG_RESULT([no]) ], 3162 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3163 enable_nistp521=1 ] 3164 )], 3165 AC_MSG_RESULT([no]) 3166 ) 3167 3168 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3169 test x$enable_nistp521 = x1; then 3170 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3171 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3172 openssl_ecc=yes 3173 else 3174 openssl_ecc=no 3175 fi 3176 if test x$enable_nistp256 = x1; then 3177 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3178 [libcrypto has NID_X9_62_prime256v1]) 3179 else 3180 unsupported_algorithms="$unsupported_algorithms \ 3181 ecdsa-sha2-nistp256 \ 3182 ecdh-sha2-nistp256 \ 3183 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3184 fi 3185 if test x$enable_nistp384 = x1; then 3186 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3187 else 3188 unsupported_algorithms="$unsupported_algorithms \ 3189 ecdsa-sha2-nistp384 \ 3190 ecdh-sha2-nistp384 \ 3191 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3192 fi 3193 if test x$enable_nistp521 = x1; then 3194 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3195 else 3196 unsupported_algorithms="$unsupported_algorithms \ 3197 ecdh-sha2-nistp521 \ 3198 ecdsa-sha2-nistp521 \ 3199 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3200 fi 3201fi 3202 3203# PKCS11/U2F depend on OpenSSL and dlopen(). 3204enable_pkcs11=yes 3205enable_sk=yes 3206if test "x$openssl" != "xyes" ; then 3207 enable_pkcs11="disabled; missing libcrypto" 3208fi 3209if test "x$ac_cv_func_dlopen" != "xyes" ; then 3210 enable_pkcs11="disabled; missing dlopen(3)" 3211 enable_sk="disabled; missing dlopen(3)" 3212fi 3213if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3214 enable_pkcs11="disabled; missing RTLD_NOW" 3215 enable_sk="disabled; missing RTLD_NOW" 3216fi 3217if test ! -z "$disable_pkcs11" ; then 3218 enable_pkcs11="disabled by user" 3219fi 3220if test ! -z "$disable_sk" ; then 3221 enable_sk="disabled by user" 3222fi 3223 3224AC_MSG_CHECKING([whether to enable PKCS11]) 3225if test "x$enable_pkcs11" = "xyes" ; then 3226 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3227fi 3228AC_MSG_RESULT([$enable_pkcs11]) 3229 3230AC_MSG_CHECKING([whether to enable U2F]) 3231if test "x$enable_sk" = "xyes" ; then 3232 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3233 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3234else 3235 # Do not try to build sk-dummy library. 3236 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3237fi 3238AC_MSG_RESULT([$enable_sk]) 3239 3240# Now check for built-in security key support. 3241if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then 3242 use_pkgconfig_for_libfido2= 3243 if test "x$PKGCONFIG" != "xno"; then 3244 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3245 if "$PKGCONFIG" libfido2; then 3246 AC_MSG_RESULT([yes]) 3247 use_pkgconfig_for_libfido2=yes 3248 else 3249 AC_MSG_RESULT([no]) 3250 fi 3251 fi 3252 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3253 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3254 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3255 else 3256 LIBFIDO2="-lprivatefido2 -lprivatecbor" 3257 fi 3258 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3259 fido2_error= 3260 AC_CHECK_LIB([privatefido2], [fido_init], 3261 [ ], 3262 [ fido2_error="missing/unusable libfido2" ], 3263 [ $OTHERLIBS ] 3264 ) 3265 AC_CHECK_HEADER([fido.h], [], 3266 [ fido2_error="missing fido.h from libfido2" ]) 3267 AC_CHECK_HEADER([fido/credman.h], [], 3268 [ fido2_error="missing fido/credman.h from libfido2" ], 3269 [ #include <fido.h> ] 3270 ) 3271 AC_MSG_CHECKING([for usable libfido2 installation]) 3272 if test ! -z "$fido2_error" ; then 3273 AC_MSG_RESULT([$fido2_error]) 3274 if test "x$enable_sk_internal" = "xyes" ; then 3275 AC_MSG_ERROR([No usable libfido2 library/headers found]) 3276 fi 3277 LIBFIDO2="" 3278 else 3279 AC_MSG_RESULT([yes]) 3280 AC_SUBST([LIBFIDO2]) 3281 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3282 [Enable for built-in U2F/FIDO support]) 3283 enable_sk="built-in" 3284 saved_LIBS="$LIBS" 3285 LIBS="$LIBFIDO2 $LIBS" 3286 AC_CHECK_FUNCS([ \ 3287 fido_assert_set_clientdata \ 3288 fido_cred_prot \ 3289 fido_cred_set_prot \ 3290 fido_cred_set_clientdata \ 3291 fido_dev_get_touch_begin \ 3292 fido_dev_get_touch_status \ 3293 fido_dev_supports_cred_prot \ 3294 fido_dev_is_winhello \ 3295 ]) 3296 LIBS="$saved_LIBS" 3297 fi 3298fi 3299 3300AC_CHECK_FUNCS([ \ 3301 arc4random \ 3302 arc4random_buf \ 3303 arc4random_stir \ 3304 arc4random_uniform \ 3305]) 3306### Configure cryptographic random number support 3307 3308# Check whether OpenSSL seeds itself 3309if test "x$openssl" = "xyes" ; then 3310 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3311 AC_RUN_IFELSE( 3312 [AC_LANG_PROGRAM([[ 3313 #include <stdlib.h> 3314 #include <string.h> 3315 #include <openssl/rand.h> 3316 ]], [[ 3317 exit(RAND_status() == 1 ? 0 : 1); 3318 ]])], 3319 [ 3320 OPENSSL_SEEDS_ITSELF=yes 3321 AC_MSG_RESULT([yes]) 3322 ], 3323 [ 3324 AC_MSG_RESULT([no]) 3325 ], 3326 [ 3327 AC_MSG_WARN([cross compiling: assuming yes]) 3328 # This is safe, since we will fatal() at runtime if 3329 # OpenSSL is not seeded correctly. 3330 OPENSSL_SEEDS_ITSELF=yes 3331 ] 3332 ) 3333fi 3334 3335# PRNGD TCP socket 3336AC_ARG_WITH([prngd-port], 3337 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3338 [ 3339 case "$withval" in 3340 no) 3341 withval="" 3342 ;; 3343 [[0-9]]*) 3344 ;; 3345 *) 3346 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3347 ;; 3348 esac 3349 if test ! -z "$withval" ; then 3350 PRNGD_PORT="$withval" 3351 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3352 [Port number of PRNGD/EGD random number socket]) 3353 fi 3354 ] 3355) 3356 3357# PRNGD Unix domain socket 3358AC_ARG_WITH([prngd-socket], 3359 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3360 [ 3361 case "$withval" in 3362 yes) 3363 withval="/var/run/egd-pool" 3364 ;; 3365 no) 3366 withval="" 3367 ;; 3368 /*) 3369 ;; 3370 *) 3371 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3372 ;; 3373 esac 3374 3375 if test ! -z "$withval" ; then 3376 if test ! -z "$PRNGD_PORT" ; then 3377 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3378 fi 3379 if test ! -r "$withval" ; then 3380 AC_MSG_WARN([Entropy socket is not readable]) 3381 fi 3382 PRNGD_SOCKET="$withval" 3383 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3384 [Location of PRNGD/EGD random number socket]) 3385 fi 3386 ], 3387 [ 3388 # Check for existing socket only if we don't have a random device already 3389 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3390 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3391 # Insert other locations here 3392 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3393 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3394 PRNGD_SOCKET="$sock" 3395 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3396 break; 3397 fi 3398 done 3399 if test ! -z "$PRNGD_SOCKET" ; then 3400 AC_MSG_RESULT([$PRNGD_SOCKET]) 3401 else 3402 AC_MSG_RESULT([not found]) 3403 fi 3404 fi 3405 ] 3406) 3407 3408# Which randomness source do we use? 3409if test ! -z "$PRNGD_PORT" ; then 3410 RAND_MSG="PRNGd port $PRNGD_PORT" 3411elif test ! -z "$PRNGD_SOCKET" ; then 3412 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3413elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3414 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3415 [Define if you want the OpenSSL internally seeded PRNG only]) 3416 RAND_MSG="OpenSSL internal ONLY" 3417elif test "x$openssl" = "xno" ; then 3418 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3419else 3420 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3421fi 3422LIBS="$nocrypto_saved_LIBS" 3423 3424saved_LIBS="$LIBS" 3425AC_CHECK_LIB([iaf], [ia_openinfo], [ 3426 LIBS="$LIBS -liaf" 3427 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3428 AC_DEFINE([HAVE_LIBIAF], [1], 3429 [Define if system has libiaf that supports set_id]) 3430 ]) 3431]) 3432LIBS="$saved_LIBS" 3433 3434# Check for crypt() in libcrypt. If we have it, we only need it for sshd. 3435saved_LIBS="$LIBS" 3436AC_CHECK_LIB([crypt], [crypt], [ 3437 LIBS="-lcrypt $LIBS" 3438 SSHDLIBS="-lcrypt $SSHDLIBS" 3439]) 3440AC_CHECK_FUNCS([crypt]) 3441LIBS="$saved_LIBS" 3442 3443# Check for PAM libs 3444PAM_MSG="no" 3445AC_ARG_WITH([pam], 3446 [ --with-pam Enable PAM support ], 3447 [ 3448 if test "x$withval" != "xno" ; then 3449 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3450 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3451 AC_MSG_ERROR([PAM headers not found]) 3452 fi 3453 3454 saved_LIBS="$LIBS" 3455 AC_CHECK_LIB([dl], [dlopen], , ) 3456 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3457 AC_CHECK_FUNCS([pam_getenvlist]) 3458 AC_CHECK_FUNCS([pam_putenv]) 3459 LIBS="$saved_LIBS" 3460 3461 PAM_MSG="yes" 3462 3463 SSHDLIBS="$SSHDLIBS -lpam" 3464 AC_DEFINE([USE_PAM], [1], 3465 [Define if you want to enable PAM support]) 3466 3467 if test $ac_cv_lib_dl_dlopen = yes; then 3468 case "$LIBS" in 3469 *-ldl*) 3470 # libdl already in LIBS 3471 ;; 3472 *) 3473 SSHDLIBS="$SSHDLIBS -ldl" 3474 ;; 3475 esac 3476 fi 3477 fi 3478 ] 3479) 3480 3481AC_ARG_WITH([pam-service], 3482 [ --with-pam-service=name Specify PAM service name ], 3483 [ 3484 if test "x$withval" != "xno" && \ 3485 test "x$withval" != "xyes" ; then 3486 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3487 ["$withval"], [sshd PAM service name]) 3488 fi 3489 ] 3490) 3491 3492# Check for older PAM 3493if test "x$PAM_MSG" = "xyes" ; then 3494 # Check PAM strerror arguments (old PAM) 3495 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3496 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3497#include <stdlib.h> 3498#if defined(HAVE_SECURITY_PAM_APPL_H) 3499#include <security/pam_appl.h> 3500#elif defined (HAVE_PAM_PAM_APPL_H) 3501#include <pam/pam_appl.h> 3502#endif 3503 ]], [[ 3504(void)pam_strerror((pam_handle_t *)NULL, -1); 3505 ]])], [AC_MSG_RESULT([no])], [ 3506 AC_DEFINE([HAVE_OLD_PAM], [1], 3507 [Define if you have an old version of PAM 3508 which takes only one argument to pam_strerror]) 3509 AC_MSG_RESULT([yes]) 3510 PAM_MSG="yes (old library)" 3511 3512 ]) 3513fi 3514 3515case "$host" in 3516*-*-cygwin*) 3517 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3518 ;; 3519*) 3520 SSH_PRIVSEP_USER=sshd 3521 ;; 3522esac 3523AC_ARG_WITH([privsep-user], 3524 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3525 [ 3526 if test -n "$withval" && test "x$withval" != "xno" && \ 3527 test "x${withval}" != "xyes"; then 3528 SSH_PRIVSEP_USER=$withval 3529 fi 3530 ] 3531) 3532if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3533 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3534 [Cygwin function to fetch non-privileged user for privilege separation]) 3535else 3536 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3537 [non-privileged user for privilege separation]) 3538fi 3539AC_SUBST([SSH_PRIVSEP_USER]) 3540 3541if test "x$have_linux_no_new_privs" = "x1" ; then 3542AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3543 #include <sys/types.h> 3544 #include <linux/seccomp.h> 3545]) 3546fi 3547if test "x$have_seccomp_filter" = "x1" ; then 3548AC_MSG_CHECKING([kernel for seccomp_filter support]) 3549AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3550 #include <errno.h> 3551 #include <elf.h> 3552 #include <linux/audit.h> 3553 #include <linux/seccomp.h> 3554 #include <stdlib.h> 3555 #include <sys/prctl.h> 3556 ]], 3557 [[ int i = $seccomp_audit_arch; 3558 errno = 0; 3559 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3560 exit(errno == EFAULT ? 0 : 1); ]])], 3561 [ AC_MSG_RESULT([yes]) ], [ 3562 AC_MSG_RESULT([no]) 3563 # Disable seccomp filter as a target 3564 have_seccomp_filter=0 3565 ] 3566) 3567fi 3568 3569AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[ 3570#include <sys/types.h> 3571#ifdef HAVE_POLL_H 3572#include <poll.h> 3573#endif 3574#ifdef HAVE_SYS_POLL_H 3575#include <sys/poll.h> 3576#endif 3577]]) 3578 3579AC_CHECK_TYPES([nfds_t], , , [ 3580#include <sys/types.h> 3581#ifdef HAVE_POLL_H 3582#include <poll.h> 3583#endif 3584#ifdef HAVE_SYS_POLL_H 3585#include <sys/poll.h> 3586#endif 3587]) 3588 3589# Decide which sandbox style to use 3590sandbox_arg="" 3591AC_ARG_WITH([sandbox], 3592 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3593 [ 3594 if test "x$withval" = "xyes" ; then 3595 sandbox_arg="" 3596 else 3597 sandbox_arg="$withval" 3598 fi 3599 ] 3600) 3601 3602if test "x$sandbox_arg" != "xno"; then 3603# POSIX specifies that poll() "shall fail with EINVAL if the nfds argument 3604# is greater than OPEN_MAX". On some platforms that includes implementions 3605# of select in userspace on top of poll() so check both work with rlimit 3606# NOFILES so check that both work before enabling the rlimit sandbox. 3607 AC_MSG_CHECKING([if select and/or poll works with descriptor rlimit]) 3608 AC_RUN_IFELSE( 3609 [AC_LANG_PROGRAM([[ 3610#include <sys/types.h> 3611#ifdef HAVE_SYS_TIME_H 3612# include <sys/time.h> 3613#endif 3614#include <sys/resource.h> 3615#ifdef HAVE_SYS_SELECT_H 3616# include <sys/select.h> 3617#endif 3618#ifdef HAVE_POLL_H 3619# include <poll.h> 3620#elif HAVE_SYS_POLL_H 3621# include <sys/poll.h> 3622#endif 3623#include <errno.h> 3624#include <fcntl.h> 3625#include <stdlib.h> 3626 ]],[[ 3627 struct rlimit rl_zero; 3628 int fd, r; 3629 fd_set fds; 3630 struct timeval tv; 3631#ifdef HAVE_POLL 3632 struct pollfd pfd; 3633#endif 3634 3635 fd = open("/dev/null", O_RDONLY); 3636 FD_ZERO(&fds); 3637 FD_SET(fd, &fds); 3638 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3639 setrlimit(RLIMIT_FSIZE, &rl_zero); 3640 setrlimit(RLIMIT_NOFILE, &rl_zero); 3641 tv.tv_sec = 1; 3642 tv.tv_usec = 0; 3643 r = select(fd+1, &fds, NULL, NULL, &tv); 3644 if (r == -1) 3645 exit(1); 3646#ifdef HAVE_POLL 3647 pfd.fd = fd; 3648 pfd.events = POLLIN; 3649 r = poll(&pfd, 1, 1); 3650 if (r == -1) 3651 exit(2); 3652#endif 3653 exit(0); 3654 ]])], 3655 [AC_MSG_RESULT([yes]) 3656 select_works_with_rlimit=yes], 3657 [AC_MSG_RESULT([no]) 3658 select_works_with_rlimit=no], 3659 [AC_MSG_WARN([cross compiling: assuming no]) 3660 select_works_with_rlimit=no] 3661 ) 3662 3663 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3664 AC_RUN_IFELSE( 3665 [AC_LANG_PROGRAM([[ 3666#include <sys/types.h> 3667#ifdef HAVE_SYS_TIME_H 3668# include <sys/time.h> 3669#endif 3670#include <sys/resource.h> 3671#include <errno.h> 3672#include <stdlib.h> 3673 ]],[[ 3674 struct rlimit rl_zero; 3675 int r; 3676 3677 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3678 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3679 exit (r == -1 ? 1 : 0); 3680 ]])], 3681 [AC_MSG_RESULT([yes]) 3682 rlimit_nofile_zero_works=yes], 3683 [AC_MSG_RESULT([no]) 3684 rlimit_nofile_zero_works=no], 3685 [AC_MSG_WARN([cross compiling: assuming yes]) 3686 rlimit_nofile_zero_works=yes] 3687 ) 3688 3689 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3690 AC_RUN_IFELSE( 3691 [AC_LANG_PROGRAM([[ 3692#include <sys/types.h> 3693#include <sys/resource.h> 3694#include <stdlib.h> 3695 ]],[[ 3696 struct rlimit rl_zero; 3697 3698 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3699 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3700 ]])], 3701 [AC_MSG_RESULT([yes])], 3702 [AC_MSG_RESULT([no]) 3703 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3704 [setrlimit RLIMIT_FSIZE works])], 3705 [AC_MSG_WARN([cross compiling: assuming yes])] 3706 ) 3707fi 3708 3709if test "x$sandbox_arg" = "xpledge" || \ 3710 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3711 test "x$ac_cv_func_pledge" != "xyes" && \ 3712 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3713 SANDBOX_STYLE="pledge" 3714 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3715elif test "x$sandbox_arg" = "xsystrace" || \ 3716 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3717 test "x$have_systr_policy_kill" != "x1" && \ 3718 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3719 SANDBOX_STYLE="systrace" 3720 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3721elif test "x$sandbox_arg" = "xdarwin" || \ 3722 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3723 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3724 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3725 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3726 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3727 SANDBOX_STYLE="darwin" 3728 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3729elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3730 ( test -z "$sandbox_arg" && \ 3731 test "x$have_seccomp_filter" = "x1" && \ 3732 test "x$ac_cv_header_elf_h" = "xyes" && \ 3733 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3734 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3735 test "x$seccomp_audit_arch" != "x" && \ 3736 test "x$have_linux_no_new_privs" = "x1" && \ 3737 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3738 test "x$seccomp_audit_arch" = "x" && \ 3739 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3740 test "x$have_linux_no_new_privs" != "x1" && \ 3741 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3742 test "x$have_seccomp_filter" != "x1" && \ 3743 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3744 test "x$ac_cv_func_prctl" != "xyes" && \ 3745 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3746 SANDBOX_STYLE="seccomp_filter" 3747 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3748elif test "x$sandbox_arg" = "xcapsicum" || \ 3749 ( test -z "$sandbox_arg" && \ 3750 test "x$disable_capsicum" != "xyes" && \ 3751 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3752 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3753 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3754 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3755 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3756 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3757 SANDBOX_STYLE="capsicum" 3758 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3759elif test "x$sandbox_arg" = "xrlimit" || \ 3760 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3761 test "x$select_works_with_rlimit" = "xyes" && \ 3762 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3763 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3764 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3765 test "x$select_works_with_rlimit" != "xyes" && \ 3766 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3767 SANDBOX_STYLE="rlimit" 3768 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3769elif test "x$sandbox_arg" = "xsolaris" || \ 3770 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3771 SANDBOX_STYLE="solaris" 3772 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3773elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3774 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3775 SANDBOX_STYLE="none" 3776 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3777else 3778 AC_MSG_ERROR([unsupported --with-sandbox]) 3779fi 3780 3781# Cheap hack to ensure NEWS-OS libraries are arranged right. 3782if test ! -z "$SONY" ; then 3783 LIBS="$LIBS -liberty"; 3784fi 3785 3786# Check for long long datatypes 3787AC_CHECK_TYPES([long long, unsigned long long, long double]) 3788 3789# Check datatype sizes 3790AC_CHECK_SIZEOF([short int]) 3791AC_CHECK_SIZEOF([int]) 3792AC_CHECK_SIZEOF([long int]) 3793AC_CHECK_SIZEOF([long long int]) 3794AC_CHECK_SIZEOF([time_t], [], [[ 3795 #include <sys/types.h> 3796 #ifdef HAVE_SYS_TIME_H 3797 # include <sys/time.h> 3798 #endif 3799 #ifdef HAVE_TIME_H 3800 # include <time.h> 3801 #endif 3802 ]] 3803) 3804 3805# Sanity check long long for some platforms (AIX) 3806if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3807 ac_cv_sizeof_long_long_int=0 3808fi 3809 3810# compute LLONG_MIN and LLONG_MAX if we don't know them. 3811if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3812 AC_MSG_CHECKING([for max value of long long]) 3813 AC_RUN_IFELSE( 3814 [AC_LANG_PROGRAM([[ 3815#include <stdio.h> 3816#include <stdlib.h> 3817/* Why is this so damn hard? */ 3818#ifdef __GNUC__ 3819# undef __GNUC__ 3820#endif 3821#define __USE_ISOC99 3822#include <limits.h> 3823#define DATA "conftest.llminmax" 3824#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3825 3826/* 3827 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3828 * we do this the hard way. 3829 */ 3830static int 3831fprint_ll(FILE *f, long long n) 3832{ 3833 unsigned int i; 3834 int l[sizeof(long long) * 8]; 3835 3836 if (n < 0) 3837 if (fprintf(f, "-") < 0) 3838 return -1; 3839 for (i = 0; n != 0; i++) { 3840 l[i] = my_abs(n % 10); 3841 n /= 10; 3842 } 3843 do { 3844 if (fprintf(f, "%d", l[--i]) < 0) 3845 return -1; 3846 } while (i != 0); 3847 if (fprintf(f, " ") < 0) 3848 return -1; 3849 return 0; 3850} 3851 ]], [[ 3852 FILE *f; 3853 long long i, llmin, llmax = 0; 3854 3855 if((f = fopen(DATA,"w")) == NULL) 3856 exit(1); 3857 3858#if defined(LLONG_MIN) && defined(LLONG_MAX) 3859 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3860 llmin = LLONG_MIN; 3861 llmax = LLONG_MAX; 3862#else 3863 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3864 /* This will work on one's complement and two's complement */ 3865 for (i = 1; i > llmax; i <<= 1, i++) 3866 llmax = i; 3867 llmin = llmax + 1LL; /* wrap */ 3868#endif 3869 3870 /* Sanity check */ 3871 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3872 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3873 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3874 fprintf(f, "unknown unknown\n"); 3875 exit(2); 3876 } 3877 3878 if (fprint_ll(f, llmin) < 0) 3879 exit(3); 3880 if (fprint_ll(f, llmax) < 0) 3881 exit(4); 3882 if (fclose(f) < 0) 3883 exit(5); 3884 exit(0); 3885 ]])], 3886 [ 3887 llong_min=`$AWK '{print $1}' conftest.llminmax` 3888 llong_max=`$AWK '{print $2}' conftest.llminmax` 3889 3890 AC_MSG_RESULT([$llong_max]) 3891 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3892 [max value of long long calculated by configure]) 3893 AC_MSG_CHECKING([for min value of long long]) 3894 AC_MSG_RESULT([$llong_min]) 3895 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3896 [min value of long long calculated by configure]) 3897 ], 3898 [ 3899 AC_MSG_RESULT([not found]) 3900 ], 3901 [ 3902 AC_MSG_WARN([cross compiling: not checking]) 3903 ] 3904 ) 3905fi 3906 3907AC_CHECK_DECLS([UINT32_MAX], , , [[ 3908#ifdef HAVE_SYS_LIMITS_H 3909# include <sys/limits.h> 3910#endif 3911#ifdef HAVE_LIMITS_H 3912# include <limits.h> 3913#endif 3914#ifdef HAVE_STDINT_H 3915# include <stdint.h> 3916#endif 3917]]) 3918 3919# More checks for data types 3920AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3921 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3922 [[ u_int a; a = 1;]])], 3923 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3924 ]) 3925]) 3926if test "x$ac_cv_have_u_int" = "xyes" ; then 3927 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3928 have_u_int=1 3929fi 3930 3931AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3932 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3933 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3934 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3935 ]) 3936]) 3937if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3938 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3939 have_intxx_t=1 3940fi 3941 3942if (test -z "$have_intxx_t" && \ 3943 test "x$ac_cv_header_stdint_h" = "xyes") 3944then 3945 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3946 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3947 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3948 [ 3949 AC_DEFINE([HAVE_INTXX_T]) 3950 AC_MSG_RESULT([yes]) 3951 ], [ AC_MSG_RESULT([no]) 3952 ]) 3953fi 3954 3955AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3956 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3957#include <sys/types.h> 3958#ifdef HAVE_STDINT_H 3959# include <stdint.h> 3960#endif 3961#include <sys/socket.h> 3962#ifdef HAVE_SYS_BITYPES_H 3963# include <sys/bitypes.h> 3964#endif 3965 ]], [[ 3966int64_t a; a = 1; 3967 ]])], 3968 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3969 ]) 3970]) 3971if test "x$ac_cv_have_int64_t" = "xyes" ; then 3972 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3973fi 3974 3975AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3976 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3977 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3978 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3979 ]) 3980]) 3981if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3982 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3983 have_u_intxx_t=1 3984fi 3985 3986if test -z "$have_u_intxx_t" ; then 3987 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3988 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3989 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3990 [ 3991 AC_DEFINE([HAVE_U_INTXX_T]) 3992 AC_MSG_RESULT([yes]) 3993 ], [ AC_MSG_RESULT([no]) 3994 ]) 3995fi 3996 3997AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3998 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3999 [[ u_int64_t a; a = 1;]])], 4000 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 4001 ]) 4002]) 4003if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 4004 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 4005 have_u_int64_t=1 4006fi 4007 4008if (test -z "$have_u_int64_t" && \ 4009 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4010then 4011 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 4012 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 4013 [[ u_int64_t a; a = 1]])], 4014 [ 4015 AC_DEFINE([HAVE_U_INT64_T]) 4016 AC_MSG_RESULT([yes]) 4017 ], [ AC_MSG_RESULT([no]) 4018 ]) 4019fi 4020 4021if test -z "$have_u_intxx_t" ; then 4022 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 4023 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4024#include <sys/types.h> 4025 ]], [[ 4026 uint8_t a; 4027 uint16_t b; 4028 uint32_t c; 4029 a = b = c = 1; 4030 ]])], 4031 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 4032 ]) 4033 ]) 4034 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 4035 AC_DEFINE([HAVE_UINTXX_T], [1], 4036 [define if you have uintxx_t data type]) 4037 fi 4038fi 4039 4040if (test -z "$have_uintxx_t" && \ 4041 test "x$ac_cv_header_stdint_h" = "xyes") 4042then 4043 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 4044 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 4045 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4046 [ 4047 AC_DEFINE([HAVE_UINTXX_T]) 4048 AC_MSG_RESULT([yes]) 4049 ], [ AC_MSG_RESULT([no]) 4050 ]) 4051fi 4052 4053if (test -z "$have_uintxx_t" && \ 4054 test "x$ac_cv_header_inttypes_h" = "xyes") 4055then 4056 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 4057 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 4058 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4059 [ 4060 AC_DEFINE([HAVE_UINTXX_T]) 4061 AC_MSG_RESULT([yes]) 4062 ], [ AC_MSG_RESULT([no]) 4063 ]) 4064fi 4065 4066if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 4067 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4068then 4069 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 4070 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4071#include <sys/bitypes.h> 4072 ]], [[ 4073 int8_t a; int16_t b; int32_t c; 4074 u_int8_t e; u_int16_t f; u_int32_t g; 4075 a = b = c = e = f = g = 1; 4076 ]])], 4077 [ 4078 AC_DEFINE([HAVE_U_INTXX_T]) 4079 AC_DEFINE([HAVE_INTXX_T]) 4080 AC_MSG_RESULT([yes]) 4081 ], [AC_MSG_RESULT([no]) 4082 ]) 4083fi 4084 4085 4086AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 4087 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4088 [[ u_char foo; foo = 125; ]])], 4089 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 4090 ]) 4091]) 4092if test "x$ac_cv_have_u_char" = "xyes" ; then 4093 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 4094fi 4095 4096AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 4097#include <sys/types.h> 4098#ifdef HAVE_STDINT_H 4099# include <stdint.h> 4100#endif 4101]) 4102 4103TYPE_SOCKLEN_T 4104 4105AC_CHECK_TYPES([sig_atomic_t, sighandler_t], , , [#include <signal.h>]) 4106AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 4107#include <sys/types.h> 4108#ifdef HAVE_SYS_BITYPES_H 4109#include <sys/bitypes.h> 4110#endif 4111#ifdef HAVE_SYS_STATFS_H 4112#include <sys/statfs.h> 4113#endif 4114#ifdef HAVE_SYS_STATVFS_H 4115#include <sys/statvfs.h> 4116#endif 4117]) 4118 4119AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 4120#include <sys/param.h> 4121#include <sys/types.h> 4122#ifdef HAVE_SYS_BITYPES_H 4123#include <sys/bitypes.h> 4124#endif 4125#ifdef HAVE_SYS_STATFS_H 4126#include <sys/statfs.h> 4127#endif 4128#ifdef HAVE_SYS_STATVFS_H 4129#include <sys/statvfs.h> 4130#endif 4131#ifdef HAVE_SYS_VFS_H 4132#include <sys/vfs.h> 4133#endif 4134#ifdef HAVE_SYS_MOUNT_H 4135#include <sys/mount.h> 4136#endif 4137]]) 4138 4139 4140AC_CHECK_TYPES([in_addr_t, in_port_t], , , 4141[#include <sys/types.h> 4142#include <netinet/in.h>]) 4143 4144AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 4145 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4146 [[ size_t foo; foo = 1235; ]])], 4147 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 4148 ]) 4149]) 4150if test "x$ac_cv_have_size_t" = "xyes" ; then 4151 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 4152fi 4153 4154AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 4155 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4156 [[ ssize_t foo; foo = 1235; ]])], 4157 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 4158 ]) 4159]) 4160if test "x$ac_cv_have_ssize_t" = "xyes" ; then 4161 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 4162fi 4163 4164AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 4165 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4166 [[ clock_t foo; foo = 1235; ]])], 4167 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4168 ]) 4169]) 4170if test "x$ac_cv_have_clock_t" = "xyes" ; then 4171 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4172fi 4173 4174AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4175 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4176#include <sys/types.h> 4177#include <sys/socket.h> 4178 ]], [[ sa_family_t foo; foo = 1235; ]])], 4179 [ ac_cv_have_sa_family_t="yes" ], 4180 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4181#include <sys/types.h> 4182#include <sys/socket.h> 4183#include <netinet/in.h> 4184 ]], [[ sa_family_t foo; foo = 1235; ]])], 4185 [ ac_cv_have_sa_family_t="yes" ], 4186 [ ac_cv_have_sa_family_t="no" ] 4187 ) 4188 ]) 4189]) 4190if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4191 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4192 [define if you have sa_family_t data type]) 4193fi 4194 4195AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4196 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4197 [[ pid_t foo; foo = 1235; ]])], 4198 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4199 ]) 4200]) 4201if test "x$ac_cv_have_pid_t" = "xyes" ; then 4202 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4203fi 4204 4205AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4206 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4207 [[ mode_t foo; foo = 1235; ]])], 4208 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4209 ]) 4210]) 4211if test "x$ac_cv_have_mode_t" = "xyes" ; then 4212 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4213fi 4214 4215 4216AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4217 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4218#include <sys/types.h> 4219#include <sys/socket.h> 4220 ]], [[ struct sockaddr_storage s; ]])], 4221 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4222 [ ac_cv_have_struct_sockaddr_storage="no" 4223 ]) 4224]) 4225if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4226 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4227 [define if you have struct sockaddr_storage data type]) 4228fi 4229 4230AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4231 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4232#include <sys/types.h> 4233#include <netinet/in.h> 4234 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4235 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4236 [ ac_cv_have_struct_sockaddr_in6="no" 4237 ]) 4238]) 4239if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4240 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4241 [define if you have struct sockaddr_in6 data type]) 4242fi 4243 4244AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4245 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4246#include <sys/types.h> 4247#include <netinet/in.h> 4248 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4249 [ ac_cv_have_struct_in6_addr="yes" ], 4250 [ ac_cv_have_struct_in6_addr="no" 4251 ]) 4252]) 4253if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4254 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4255 [define if you have struct in6_addr data type]) 4256 4257dnl Now check for sin6_scope_id 4258 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4259 [ 4260#ifdef HAVE_SYS_TYPES_H 4261#include <sys/types.h> 4262#endif 4263#include <netinet/in.h> 4264 ]) 4265fi 4266 4267AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4268 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4269#include <sys/types.h> 4270#include <sys/socket.h> 4271#include <netdb.h> 4272 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4273 [ ac_cv_have_struct_addrinfo="yes" ], 4274 [ ac_cv_have_struct_addrinfo="no" 4275 ]) 4276]) 4277if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4278 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4279 [define if you have struct addrinfo data type]) 4280fi 4281 4282AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4283 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4284 [[ struct timeval tv; tv.tv_sec = 1;]])], 4285 [ ac_cv_have_struct_timeval="yes" ], 4286 [ ac_cv_have_struct_timeval="no" 4287 ]) 4288]) 4289if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4290 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4291 have_struct_timeval=1 4292fi 4293 4294AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4295 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4296 #ifdef HAVE_SYS_TIME_H 4297 # include <sys/time.h> 4298 #endif 4299 #ifdef HAVE_TIME_H 4300 # include <time.h> 4301 #endif 4302 ]], 4303 [[ struct timespec ts; ts.tv_sec = 1;]])], 4304 [ ac_cv_have_struct_timespec="yes" ], 4305 [ ac_cv_have_struct_timespec="no" 4306 ]) 4307]) 4308if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4309 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4310 have_struct_timespec=1 4311fi 4312 4313# We need int64_t or else certain parts of the compile will fail. 4314if test "x$ac_cv_have_int64_t" = "xno" && \ 4315 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4316 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4317 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4318 echo "an alternative compiler (I.E., GCC) before continuing." 4319 echo "" 4320 exit 1; 4321else 4322dnl test snprintf (broken on SCO w/gcc) 4323 AC_RUN_IFELSE( 4324 [AC_LANG_SOURCE([[ 4325#include <stdio.h> 4326#include <stdlib.h> 4327#include <string.h> 4328#ifdef HAVE_SNPRINTF 4329int main(void) 4330{ 4331 char buf[50]; 4332 char expected_out[50]; 4333 int mazsize = 50 ; 4334#if (SIZEOF_LONG_INT == 8) 4335 long int num = 0x7fffffffffffffff; 4336#else 4337 long long num = 0x7fffffffffffffffll; 4338#endif 4339 strcpy(expected_out, "9223372036854775807"); 4340 snprintf(buf, mazsize, "%lld", num); 4341 if(strcmp(buf, expected_out) != 0) 4342 exit(1); 4343 exit(0); 4344} 4345#else 4346int main(void) { exit(0); } 4347#endif 4348 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4349 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4350 ) 4351fi 4352 4353dnl Checks for structure members 4354OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4355OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4356OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4357OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4358OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4359OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4360OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4361OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4362OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4363OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4364OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4365OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4366OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4367OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4368OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4369OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4370OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4371OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX]) 4372 4373AC_CHECK_MEMBERS([struct stat.st_blksize]) 4374AC_CHECK_MEMBERS([struct stat.st_mtim]) 4375AC_CHECK_MEMBERS([struct stat.st_mtime]) 4376AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4377struct passwd.pw_change, struct passwd.pw_expire], 4378[], [], [[ 4379#include <sys/types.h> 4380#include <pwd.h> 4381]]) 4382 4383AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4384 [Define if we don't have struct __res_state in resolv.h])], 4385[[ 4386#include <stdio.h> 4387#if HAVE_SYS_TYPES_H 4388# include <sys/types.h> 4389#endif 4390#include <netinet/in.h> 4391#include <arpa/nameser.h> 4392#include <resolv.h> 4393]]) 4394 4395AC_CHECK_MEMBER([struct sockaddr_in.sin_len], 4396 [AC_DEFINE([SOCK_HAS_LEN], [1], [sockaddr_in has sin_len])], 4397 [], 4398 [AC_LANG_SOURCE([[ 4399#include <sys/types.h> 4400#include <sys/socket.h> 4401#include <netinet/in.h> 4402 ]])] 4403) 4404 4405AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4406 ac_cv_have_ss_family_in_struct_ss, [ 4407 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4408#include <sys/types.h> 4409#include <sys/socket.h> 4410 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4411 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4412 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4413]) 4414if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4415 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4416fi 4417 4418AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4419 ac_cv_have___ss_family_in_struct_ss, [ 4420 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4421#include <sys/types.h> 4422#include <sys/socket.h> 4423 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4424 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4425 [ ac_cv_have___ss_family_in_struct_ss="no" 4426 ]) 4427]) 4428if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4429 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4430 [Fields in struct sockaddr_storage]) 4431fi 4432 4433dnl make sure we're using the real structure members and not defines 4434AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4435 ac_cv_have_accrights_in_msghdr, [ 4436 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4437#include <sys/types.h> 4438#include <sys/socket.h> 4439#include <sys/uio.h> 4440#include <stdlib.h> 4441 ]], [[ 4442#ifdef msg_accrights 4443#error "msg_accrights is a macro" 4444exit(1); 4445#endif 4446struct msghdr m; 4447m.msg_accrights = 0; 4448exit(0); 4449 ]])], 4450 [ ac_cv_have_accrights_in_msghdr="yes" ], 4451 [ ac_cv_have_accrights_in_msghdr="no" ] 4452 ) 4453]) 4454if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4455 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4456 [Define if your system uses access rights style 4457 file descriptor passing]) 4458fi 4459 4460AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4461AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4462#include <sys/param.h> 4463#include <sys/stat.h> 4464#ifdef HAVE_SYS_TIME_H 4465# include <sys/time.h> 4466#endif 4467#ifdef HAVE_SYS_MOUNT_H 4468#include <sys/mount.h> 4469#endif 4470#ifdef HAVE_SYS_STATVFS_H 4471#include <sys/statvfs.h> 4472#endif 4473 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4474 [ AC_MSG_RESULT([yes]) ], 4475 [ AC_MSG_RESULT([no]) 4476 4477 AC_MSG_CHECKING([if fsid_t has member val]) 4478 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4479#include <sys/types.h> 4480#include <sys/statvfs.h> 4481 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4482 [ AC_MSG_RESULT([yes]) 4483 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4484 [ AC_MSG_RESULT([no]) ]) 4485 4486 AC_MSG_CHECKING([if f_fsid has member __val]) 4487 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4488#include <sys/types.h> 4489#include <sys/statvfs.h> 4490 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4491 [ AC_MSG_RESULT([yes]) 4492 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4493 [ AC_MSG_RESULT([no]) ]) 4494]) 4495 4496AC_CACHE_CHECK([for msg_control field in struct msghdr], 4497 ac_cv_have_control_in_msghdr, [ 4498 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4499#include <sys/types.h> 4500#include <sys/socket.h> 4501#include <sys/uio.h> 4502#include <stdlib.h> 4503 ]], [[ 4504#ifdef msg_control 4505#error "msg_control is a macro" 4506exit(1); 4507#endif 4508struct msghdr m; 4509m.msg_control = 0; 4510exit(0); 4511 ]])], 4512 [ ac_cv_have_control_in_msghdr="yes" ], 4513 [ ac_cv_have_control_in_msghdr="no" ] 4514 ) 4515]) 4516if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4517 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4518 [Define if your system uses ancillary data style 4519 file descriptor passing]) 4520fi 4521 4522AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4523 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4524 [[ extern char *__progname; printf("%s", __progname); ]])], 4525 [ ac_cv_libc_defines___progname="yes" ], 4526 [ ac_cv_libc_defines___progname="no" 4527 ]) 4528]) 4529if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4530 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4531fi 4532 4533AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4534 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4535 [[ printf("%s", __FUNCTION__); ]])], 4536 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4537 [ ac_cv_cc_implements___FUNCTION__="no" 4538 ]) 4539]) 4540if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4541 AC_DEFINE([HAVE___FUNCTION__], [1], 4542 [Define if compiler implements __FUNCTION__]) 4543fi 4544 4545AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4546 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4547 [[ printf("%s", __func__); ]])], 4548 [ ac_cv_cc_implements___func__="yes" ], 4549 [ ac_cv_cc_implements___func__="no" 4550 ]) 4551]) 4552if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4553 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4554fi 4555 4556AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4557 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4558#include <stdarg.h> 4559va_list x,y; 4560 ]], [[ va_copy(x,y); ]])], 4561 [ ac_cv_have_va_copy="yes" ], 4562 [ ac_cv_have_va_copy="no" 4563 ]) 4564]) 4565if test "x$ac_cv_have_va_copy" = "xyes" ; then 4566 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4567fi 4568 4569AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4570 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4571#include <stdarg.h> 4572va_list x,y; 4573 ]], [[ __va_copy(x,y); ]])], 4574 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4575 ]) 4576]) 4577if test "x$ac_cv_have___va_copy" = "xyes" ; then 4578 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4579fi 4580 4581AC_CACHE_CHECK([whether getopt has optreset support], 4582 ac_cv_have_getopt_optreset, [ 4583 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4584 [[ extern int optreset; optreset = 0; ]])], 4585 [ ac_cv_have_getopt_optreset="yes" ], 4586 [ ac_cv_have_getopt_optreset="no" 4587 ]) 4588]) 4589if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4590 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4591 [Define if your getopt(3) defines and uses optreset]) 4592fi 4593 4594AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4595 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4596[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4597 [ ac_cv_libc_defines_sys_errlist="yes" ], 4598 [ ac_cv_libc_defines_sys_errlist="no" 4599 ]) 4600]) 4601if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4602 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4603 [Define if your system defines sys_errlist[]]) 4604fi 4605 4606 4607AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4608 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4609[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4610 [ ac_cv_libc_defines_sys_nerr="yes" ], 4611 [ ac_cv_libc_defines_sys_nerr="no" 4612 ]) 4613]) 4614if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4615 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4616fi 4617 4618# Check libraries needed by DNS fingerprint support 4619AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4620 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4621 [Define if getrrsetbyname() exists])], 4622 [ 4623 # Needed by our getrrsetbyname() 4624 AC_SEARCH_LIBS([res_query], [resolv]) 4625 AC_SEARCH_LIBS([dn_expand], [resolv]) 4626 AC_MSG_CHECKING([if res_query will link]) 4627 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4628#include <sys/types.h> 4629#include <netinet/in.h> 4630#include <arpa/nameser.h> 4631#include <netdb.h> 4632#include <resolv.h> 4633 ]], [[ 4634 res_query (0, 0, 0, 0, 0); 4635 ]])], 4636 AC_MSG_RESULT([yes]), 4637 [AC_MSG_RESULT([no]) 4638 saved_LIBS="$LIBS" 4639 LIBS="$LIBS -lresolv" 4640 AC_MSG_CHECKING([for res_query in -lresolv]) 4641 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4642#include <sys/types.h> 4643#include <netinet/in.h> 4644#include <arpa/nameser.h> 4645#include <netdb.h> 4646#include <resolv.h> 4647 ]], [[ 4648 res_query (0, 0, 0, 0, 0); 4649 ]])], 4650 [AC_MSG_RESULT([yes])], 4651 [LIBS="$saved_LIBS" 4652 AC_MSG_RESULT([no])]) 4653 ]) 4654 AC_CHECK_FUNCS([_getshort _getlong]) 4655 AC_CHECK_DECLS([_getshort, _getlong], , , 4656 [#include <sys/types.h> 4657 #include <arpa/nameser.h>]) 4658 AC_CHECK_MEMBER([HEADER.ad], 4659 [AC_DEFINE([HAVE_HEADER_AD], [1], 4660 [Define if HEADER.ad exists in arpa/nameser.h])], , 4661 [#include <arpa/nameser.h>]) 4662 ]) 4663 4664AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4665AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4666#include <stdio.h> 4667#if HAVE_SYS_TYPES_H 4668# include <sys/types.h> 4669#endif 4670#include <netinet/in.h> 4671#include <arpa/nameser.h> 4672#include <resolv.h> 4673extern struct __res_state _res; 4674 ]], [[ 4675struct __res_state *volatile p = &_res; /* force resolution of _res */ 4676return 0; 4677 ]],)], 4678 [AC_MSG_RESULT([yes]) 4679 AC_DEFINE([HAVE__RES_EXTERN], [1], 4680 [Define if you have struct __res_state _res as an extern]) 4681 ], 4682 [ AC_MSG_RESULT([no]) ] 4683) 4684 4685# Check whether user wants SELinux support 4686SELINUX_MSG="no" 4687LIBSELINUX="" 4688AC_ARG_WITH([selinux], 4689 [ --with-selinux Enable SELinux support], 4690 [ if test "x$withval" != "xno" ; then 4691 save_LIBS="$LIBS" 4692 AC_DEFINE([WITH_SELINUX], [1], 4693 [Define if you want SELinux support.]) 4694 SELINUX_MSG="yes" 4695 AC_CHECK_HEADER([selinux/selinux.h], , 4696 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4697 AC_CHECK_LIB([selinux], [setexeccon], 4698 [ LIBSELINUX="-lselinux" 4699 LIBS="$LIBS -lselinux" 4700 ], 4701 AC_MSG_ERROR([SELinux support requires libselinux library])) 4702 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4703 LIBS="$save_LIBS $LIBSELINUX" 4704 fi ] 4705) 4706AC_SUBST([SSHDLIBS]) 4707 4708# Check whether user wants Kerberos 5 support 4709KRB5_MSG="no" 4710AC_ARG_WITH([kerberos5], 4711 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4712 [ if test "x$withval" != "xno" ; then 4713 if test "x$withval" = "xyes" ; then 4714 KRB5ROOT="/usr/local" 4715 else 4716 KRB5ROOT=${withval} 4717 fi 4718 4719 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4720 KRB5_MSG="yes" 4721 4722 use_pkgconfig_for_krb5= 4723 if test "x$PKGCONFIG" != "xno"; then 4724 AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5]) 4725 if "$PKGCONFIG" krb5; then 4726 AC_MSG_RESULT([yes]) 4727 use_pkgconfig_for_krb5=yes 4728 else 4729 AC_MSG_RESULT([no]) 4730 fi 4731 fi 4732 if test "x$use_pkgconfig_for_krb5" = "xyes"; then 4733 K5CFLAGS=`$PKGCONFIG --cflags krb5` 4734 K5LIBS=`$PKGCONFIG --libs krb5` 4735 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4736 4737 AC_MSG_CHECKING([for gssapi support]) 4738 if "$PKGCONFIG" krb5-gssapi; then 4739 AC_MSG_RESULT([yes]) 4740 AC_DEFINE([GSSAPI], [1], 4741 [Define this if you want GSSAPI 4742 support in the version 2 protocol]) 4743 GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`" 4744 GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`" 4745 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4746 else 4747 AC_MSG_RESULT([no]) 4748 fi 4749 AC_MSG_CHECKING([whether we are using Heimdal]) 4750 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4751 ]], [[ char *tmp = heimdal_version; ]])], 4752 [ AC_MSG_RESULT([yes]) 4753 AC_DEFINE([HEIMDAL], [1], 4754 [Define this if you are using the Heimdal 4755 version of Kerberos V5]) ], 4756 [AC_MSG_RESULT([no]) 4757 ]) 4758 else 4759 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4760 [$KRB5ROOT/bin/krb5-config], 4761 [$KRB5ROOT/bin:$PATH]) 4762 if test -x $KRB5CONF ; then 4763 K5CFLAGS="`$KRB5CONF --cflags`" 4764 K5LIBS="`$KRB5CONF --libs`" 4765 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4766 4767 AC_MSG_CHECKING([for gssapi support]) 4768 if $KRB5CONF | grep gssapi >/dev/null ; then 4769 AC_MSG_RESULT([yes]) 4770 AC_DEFINE([GSSAPI], [1], 4771 [Define this if you want GSSAPI 4772 support in the version 2 protocol]) 4773 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4774 GSSLIBS="`$KRB5CONF --libs gssapi`" 4775 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4776 else 4777 AC_MSG_RESULT([no]) 4778 fi 4779 AC_MSG_CHECKING([whether we are using Heimdal]) 4780 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4781 ]], [[ char *tmp = heimdal_version; ]])], 4782 [ AC_MSG_RESULT([yes]) 4783 AC_DEFINE([HEIMDAL], [1], 4784 [Define this if you are using the Heimdal 4785 version of Kerberos V5]) ], 4786 [AC_MSG_RESULT([no]) 4787 ]) 4788 else 4789 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4790 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4791 AC_MSG_CHECKING([whether we are using Heimdal]) 4792 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4793 ]], [[ char *tmp = heimdal_version; ]])], 4794 [ AC_MSG_RESULT([yes]) 4795 AC_DEFINE([HEIMDAL]) 4796 K5LIBS="-lkrb5" 4797 K5LIBS="$K5LIBS -lcom_err -lasn1" 4798 AC_CHECK_LIB([roken], [net_write], 4799 [K5LIBS="$K5LIBS -lroken"]) 4800 AC_CHECK_LIB([des], [des_cbc_encrypt], 4801 [K5LIBS="$K5LIBS -ldes"]) 4802 ], [ AC_MSG_RESULT([no]) 4803 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4804 ]) 4805 AC_SEARCH_LIBS([dn_expand], [resolv]) 4806 4807 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4808 [ AC_DEFINE([GSSAPI]) 4809 GSSLIBS="-lgssapi_krb5" ], 4810 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4811 [ AC_DEFINE([GSSAPI]) 4812 GSSLIBS="-lgssapi" ], 4813 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4814 [ AC_DEFINE([GSSAPI]) 4815 GSSLIBS="-lgss" ], 4816 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4817 ]) 4818 ]) 4819 4820 AC_CHECK_HEADER([gssapi.h], , 4821 [ unset ac_cv_header_gssapi_h 4822 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4823 AC_CHECK_HEADERS([gssapi.h], , 4824 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4825 ) 4826 ] 4827 ) 4828 4829 oldCPP="$CPPFLAGS" 4830 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4831 AC_CHECK_HEADER([gssapi_krb5.h], , 4832 [ CPPFLAGS="$oldCPP" ]) 4833 4834 fi 4835 fi 4836 if test -n "${rpath_opt}" ; then 4837 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4838 fi 4839 if test ! -z "$blibpath" ; then 4840 blibpath="$blibpath:${KRB5ROOT}/lib" 4841 fi 4842 4843 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4844 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4845 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4846 4847 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4848 [Define this if you want to use libkafs' AFS support])]) 4849 4850 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4851#ifdef HAVE_GSSAPI_H 4852# include <gssapi.h> 4853#elif defined(HAVE_GSSAPI_GSSAPI_H) 4854# include <gssapi/gssapi.h> 4855#endif 4856 4857#ifdef HAVE_GSSAPI_GENERIC_H 4858# include <gssapi_generic.h> 4859#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4860# include <gssapi/gssapi_generic.h> 4861#endif 4862 ]]) 4863 saved_LIBS="$LIBS" 4864 LIBS="$LIBS $K5LIBS" 4865 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4866 LIBS="$saved_LIBS" 4867 4868 fi 4869 ] 4870) 4871AC_SUBST([GSSLIBS]) 4872AC_SUBST([K5LIBS]) 4873AC_SUBST([CHANNELLIBS]) 4874 4875# Looking for programs, paths and files 4876 4877PRIVSEP_PATH=/var/empty 4878AC_ARG_WITH([privsep-path], 4879 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4880 [ 4881 if test -n "$withval" && test "x$withval" != "xno" && \ 4882 test "x${withval}" != "xyes"; then 4883 PRIVSEP_PATH=$withval 4884 fi 4885 ] 4886) 4887AC_SUBST([PRIVSEP_PATH]) 4888 4889AC_ARG_WITH([xauth], 4890 [ --with-xauth=PATH Specify path to xauth program ], 4891 [ 4892 if test -n "$withval" && test "x$withval" != "xno" && \ 4893 test "x${withval}" != "xyes"; then 4894 xauth_path=$withval 4895 fi 4896 ], 4897 [ 4898 TestPath="$PATH" 4899 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4900 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4901 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4902 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4903 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4904 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4905 xauth_path="/usr/openwin/bin/xauth" 4906 fi 4907 ] 4908) 4909 4910STRIP_OPT=-s 4911AC_ARG_ENABLE([strip], 4912 [ --disable-strip Disable calling strip(1) on install], 4913 [ 4914 if test "x$enableval" = "xno" ; then 4915 STRIP_OPT= 4916 fi 4917 ] 4918) 4919AC_SUBST([STRIP_OPT]) 4920 4921if test -z "$xauth_path" ; then 4922 XAUTH_PATH="undefined" 4923 AC_SUBST([XAUTH_PATH]) 4924else 4925 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4926 [Define if xauth is found in your path]) 4927 XAUTH_PATH=$xauth_path 4928 AC_SUBST([XAUTH_PATH]) 4929fi 4930 4931dnl # --with-maildir=/path/to/mail gets top priority. 4932dnl # if maildir is set in the platform case statement above we use that. 4933dnl # Otherwise we run a program to get the dir from system headers. 4934dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4935dnl # If we find _PATH_MAILDIR we do nothing because that is what 4936dnl # session.c expects anyway. Otherwise we set to the value found 4937dnl # stripping any trailing slash. If for some strage reason our program 4938dnl # does not find what it needs, we default to /var/spool/mail. 4939# Check for mail directory 4940AC_ARG_WITH([maildir], 4941 [ --with-maildir=/path/to/mail Specify your system mail directory], 4942 [ 4943 if test "X$withval" != X && test "x$withval" != xno && \ 4944 test "x${withval}" != xyes; then 4945 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4946 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4947 fi 4948 ],[ 4949 if test "X$maildir" != "X"; then 4950 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4951 else 4952 AC_MSG_CHECKING([Discovering system mail directory]) 4953 AC_RUN_IFELSE( 4954 [AC_LANG_PROGRAM([[ 4955#include <stdio.h> 4956#include <stdlib.h> 4957#include <string.h> 4958#ifdef HAVE_PATHS_H 4959#include <paths.h> 4960#endif 4961#ifdef HAVE_MAILLOCK_H 4962#include <maillock.h> 4963#endif 4964#define DATA "conftest.maildir" 4965 ]], [[ 4966 FILE *fd; 4967 int rc; 4968 4969 fd = fopen(DATA,"w"); 4970 if(fd == NULL) 4971 exit(1); 4972 4973#if defined (_PATH_MAILDIR) 4974 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4975 exit(1); 4976#elif defined (MAILDIR) 4977 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4978 exit(1); 4979#elif defined (_PATH_MAIL) 4980 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4981 exit(1); 4982#else 4983 exit (2); 4984#endif 4985 4986 exit(0); 4987 ]])], 4988 [ 4989 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4990 maildir=`awk -F: '{print $2}' conftest.maildir \ 4991 | sed 's|/$||'` 4992 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4993 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4994 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4995 fi 4996 ], 4997 [ 4998 if test "X$ac_status" = "X2";then 4999# our test program didn't find it. Default to /var/spool/mail 5000 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 5001 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 5002 else 5003 AC_MSG_RESULT([*** not found ***]) 5004 fi 5005 ], 5006 [ 5007 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 5008 ] 5009 ) 5010 fi 5011 ] 5012) # maildir 5013 5014if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 5015 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 5016 disable_ptmx_check=yes 5017fi 5018if test -z "$no_dev_ptmx" ; then 5019 if test "x$disable_ptmx_check" != "xyes" ; then 5020 AC_CHECK_FILE(["/dev/ptmx"], 5021 [ 5022 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 5023 [Define if you have /dev/ptmx]) 5024 have_dev_ptmx=1 5025 ] 5026 ) 5027 fi 5028fi 5029 5030if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 5031 AC_CHECK_FILE(["/dev/ptc"], 5032 [ 5033 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 5034 [Define if you have /dev/ptc]) 5035 have_dev_ptc=1 5036 ] 5037 ) 5038else 5039 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 5040fi 5041 5042# Options from here on. Some of these are preset by platform above 5043AC_ARG_WITH([mantype], 5044 [ --with-mantype=man|cat|doc Set man page type], 5045 [ 5046 case "$withval" in 5047 man|cat|doc) 5048 MANTYPE=$withval 5049 ;; 5050 *) 5051 AC_MSG_ERROR([invalid man type: $withval]) 5052 ;; 5053 esac 5054 ] 5055) 5056if test -z "$MANTYPE"; then 5057 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 5058 MANTYPE=doc 5059 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 5060 MANTYPE=doc 5061 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 5062 MANTYPE=man 5063 else 5064 MANTYPE=cat 5065 fi 5066fi 5067AC_SUBST([MANTYPE]) 5068if test "$MANTYPE" = "doc"; then 5069 mansubdir=man; 5070else 5071 mansubdir=$MANTYPE; 5072fi 5073AC_SUBST([mansubdir]) 5074 5075# Whether to disable shadow password support 5076AC_ARG_WITH([shadow], 5077 [ --without-shadow Disable shadow password support], 5078 [ 5079 if test "x$withval" = "xno" ; then 5080 AC_DEFINE([DISABLE_SHADOW]) 5081 disable_shadow=yes 5082 fi 5083 ] 5084) 5085 5086if test -z "$disable_shadow" ; then 5087 AC_MSG_CHECKING([if the systems has expire shadow information]) 5088 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5089#include <sys/types.h> 5090#include <shadow.h> 5091struct spwd sp; 5092 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 5093 [ sp_expire_available=yes ], [ 5094 ]) 5095 5096 if test "x$sp_expire_available" = "xyes" ; then 5097 AC_MSG_RESULT([yes]) 5098 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 5099 [Define if you want to use shadow password expire field]) 5100 else 5101 AC_MSG_RESULT([no]) 5102 fi 5103fi 5104 5105# Use ip address instead of hostname in $DISPLAY 5106if test ! -z "$IPADDR_IN_DISPLAY" ; then 5107 DISPLAY_HACK_MSG="yes" 5108 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 5109 [Define if you need to use IP address 5110 instead of hostname in $DISPLAY]) 5111else 5112 DISPLAY_HACK_MSG="no" 5113 AC_ARG_WITH([ipaddr-display], 5114 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 5115 [ 5116 if test "x$withval" != "xno" ; then 5117 AC_DEFINE([IPADDR_IN_DISPLAY]) 5118 DISPLAY_HACK_MSG="yes" 5119 fi 5120 ] 5121 ) 5122fi 5123 5124# check for /etc/default/login and use it if present. 5125AC_ARG_ENABLE([etc-default-login], 5126 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 5127 [ if test "x$enableval" = "xno"; then 5128 AC_MSG_NOTICE([/etc/default/login handling disabled]) 5129 etc_default_login=no 5130 else 5131 etc_default_login=yes 5132 fi ], 5133 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 5134 then 5135 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 5136 etc_default_login=no 5137 else 5138 etc_default_login=yes 5139 fi ] 5140) 5141 5142if test "x$etc_default_login" != "xno"; then 5143 AC_CHECK_FILE(["/etc/default/login"], 5144 [ external_path_file=/etc/default/login ]) 5145 if test "x$external_path_file" = "x/etc/default/login"; then 5146 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 5147 [Define if your system has /etc/default/login]) 5148 fi 5149fi 5150 5151dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 5152if test $ac_cv_func_login_getcapbool = "yes" && \ 5153 test $ac_cv_header_login_cap_h = "yes" ; then 5154 external_path_file=/etc/login.conf 5155fi 5156 5157# Whether to mess with the default path 5158SERVER_PATH_MSG="(default)" 5159AC_ARG_WITH([default-path], 5160 [ --with-default-path= Specify default $PATH environment for server], 5161 [ 5162 if test "x$external_path_file" = "x/etc/login.conf" ; then 5163 AC_MSG_WARN([ 5164--with-default-path=PATH has no effect on this system. 5165Edit /etc/login.conf instead.]) 5166 elif test "x$withval" != "xno" ; then 5167 if test ! -z "$external_path_file" ; then 5168 AC_MSG_WARN([ 5169--with-default-path=PATH will only be used if PATH is not defined in 5170$external_path_file .]) 5171 fi 5172 user_path="$withval" 5173 SERVER_PATH_MSG="$withval" 5174 fi 5175 ], 5176 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 5177 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 5178 else 5179 if test ! -z "$external_path_file" ; then 5180 AC_MSG_WARN([ 5181If PATH is defined in $external_path_file, ensure the path to scp is included, 5182otherwise scp will not work.]) 5183 fi 5184 AC_RUN_IFELSE( 5185 [AC_LANG_PROGRAM([[ 5186/* find out what STDPATH is */ 5187#include <stdio.h> 5188#include <stdlib.h> 5189#ifdef HAVE_PATHS_H 5190# include <paths.h> 5191#endif 5192#ifndef _PATH_STDPATH 5193# ifdef _PATH_USERPATH /* Irix */ 5194# define _PATH_STDPATH _PATH_USERPATH 5195# else 5196# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 5197# endif 5198#endif 5199#include <sys/types.h> 5200#include <sys/stat.h> 5201#include <fcntl.h> 5202#define DATA "conftest.stdpath" 5203 ]], [[ 5204 FILE *fd; 5205 int rc; 5206 5207 fd = fopen(DATA,"w"); 5208 if(fd == NULL) 5209 exit(1); 5210 5211 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5212 exit(1); 5213 5214 exit(0); 5215 ]])], 5216 [ user_path=`cat conftest.stdpath` ], 5217 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5218 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5219 ) 5220# make sure $bindir is in USER_PATH so scp will work 5221 t_bindir="${bindir}" 5222 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5223 t_bindir=`eval echo ${t_bindir}` 5224 case $t_bindir in 5225 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5226 esac 5227 case $t_bindir in 5228 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5229 esac 5230 done 5231 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5232 if test $? -ne 0 ; then 5233 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5234 if test $? -ne 0 ; then 5235 user_path=$user_path:$t_bindir 5236 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5237 fi 5238 fi 5239 fi ] 5240) 5241if test "x$external_path_file" != "x/etc/login.conf" ; then 5242 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5243 AC_SUBST([user_path]) 5244fi 5245 5246# Set superuser path separately to user path 5247AC_ARG_WITH([superuser-path], 5248 [ --with-superuser-path= Specify different path for super-user], 5249 [ 5250 if test -n "$withval" && test "x$withval" != "xno" && \ 5251 test "x${withval}" != "xyes"; then 5252 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5253 [Define if you want a different $PATH 5254 for the superuser]) 5255 superuser_path=$withval 5256 fi 5257 ] 5258) 5259 5260 5261AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5262IPV4_IN6_HACK_MSG="no" 5263AC_ARG_WITH(4in6, 5264 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5265 [ 5266 if test "x$withval" != "xno" ; then 5267 AC_MSG_RESULT([yes]) 5268 AC_DEFINE([IPV4_IN_IPV6], [1], 5269 [Detect IPv4 in IPv6 mapped addresses 5270 and treat as IPv4]) 5271 IPV4_IN6_HACK_MSG="yes" 5272 else 5273 AC_MSG_RESULT([no]) 5274 fi 5275 ], [ 5276 if test "x$inet6_default_4in6" = "xyes"; then 5277 AC_MSG_RESULT([yes (default)]) 5278 AC_DEFINE([IPV4_IN_IPV6]) 5279 IPV4_IN6_HACK_MSG="yes" 5280 else 5281 AC_MSG_RESULT([no (default)]) 5282 fi 5283 ] 5284) 5285 5286# Whether to enable BSD auth support 5287BSD_AUTH_MSG=no 5288AC_ARG_WITH([bsd-auth], 5289 [ --with-bsd-auth Enable BSD auth support], 5290 [ 5291 if test "x$withval" != "xno" ; then 5292 AC_DEFINE([BSD_AUTH], [1], 5293 [Define if you have BSD auth support]) 5294 BSD_AUTH_MSG=yes 5295 fi 5296 ] 5297) 5298 5299# Where to place sshd.pid 5300piddir=/var/run 5301# make sure the directory exists 5302if test ! -d $piddir ; then 5303 piddir=`eval echo ${sysconfdir}` 5304 case $piddir in 5305 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5306 esac 5307fi 5308 5309AC_ARG_WITH([pid-dir], 5310 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5311 [ 5312 if test -n "$withval" && test "x$withval" != "xno" && \ 5313 test "x${withval}" != "xyes"; then 5314 piddir=$withval 5315 if test ! -d $piddir ; then 5316 AC_MSG_WARN([** no $piddir directory on this system **]) 5317 fi 5318 fi 5319 ] 5320) 5321 5322AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5323 [Specify location of ssh.pid]) 5324AC_SUBST([piddir]) 5325 5326dnl allow user to disable some login recording features 5327AC_ARG_ENABLE([lastlog], 5328 [ --disable-lastlog disable use of lastlog even if detected [no]], 5329 [ 5330 if test "x$enableval" = "xno" ; then 5331 AC_DEFINE([DISABLE_LASTLOG]) 5332 fi 5333 ] 5334) 5335AC_ARG_ENABLE([utmp], 5336 [ --disable-utmp disable use of utmp even if detected [no]], 5337 [ 5338 if test "x$enableval" = "xno" ; then 5339 AC_DEFINE([DISABLE_UTMP]) 5340 fi 5341 ] 5342) 5343AC_ARG_ENABLE([utmpx], 5344 [ --disable-utmpx disable use of utmpx even if detected [no]], 5345 [ 5346 if test "x$enableval" = "xno" ; then 5347 AC_DEFINE([DISABLE_UTMPX], [1], 5348 [Define if you don't want to use utmpx]) 5349 fi 5350 ] 5351) 5352AC_ARG_ENABLE([wtmp], 5353 [ --disable-wtmp disable use of wtmp even if detected [no]], 5354 [ 5355 if test "x$enableval" = "xno" ; then 5356 AC_DEFINE([DISABLE_WTMP]) 5357 fi 5358 ] 5359) 5360AC_ARG_ENABLE([wtmpx], 5361 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5362 [ 5363 if test "x$enableval" = "xno" ; then 5364 AC_DEFINE([DISABLE_WTMPX], [1], 5365 [Define if you don't want to use wtmpx]) 5366 fi 5367 ] 5368) 5369AC_ARG_ENABLE([libutil], 5370 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5371 [ 5372 if test "x$enableval" = "xno" ; then 5373 AC_DEFINE([DISABLE_LOGIN]) 5374 fi 5375 ] 5376) 5377AC_ARG_ENABLE([pututline], 5378 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5379 [ 5380 if test "x$enableval" = "xno" ; then 5381 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5382 [Define if you don't want to use pututline() 5383 etc. to write [uw]tmp]) 5384 fi 5385 ] 5386) 5387AC_ARG_ENABLE([pututxline], 5388 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5389 [ 5390 if test "x$enableval" = "xno" ; then 5391 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5392 [Define if you don't want to use pututxline() 5393 etc. to write [uw]tmpx]) 5394 fi 5395 ] 5396) 5397AC_ARG_WITH([lastlog], 5398 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5399 [ 5400 if test "x$withval" = "xno" ; then 5401 AC_DEFINE([DISABLE_LASTLOG]) 5402 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5403 conf_lastlog_location=$withval 5404 fi 5405 ] 5406) 5407 5408dnl lastlog, [uw]tmpx? detection 5409dnl NOTE: set the paths in the platform section to avoid the 5410dnl need for command-line parameters 5411dnl lastlog and [uw]tmp are subject to a file search if all else fails 5412 5413dnl lastlog detection 5414dnl NOTE: the code itself will detect if lastlog is a directory 5415AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5416AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5417#include <sys/types.h> 5418#include <utmp.h> 5419#ifdef HAVE_LASTLOG_H 5420# include <lastlog.h> 5421#endif 5422#ifdef HAVE_PATHS_H 5423# include <paths.h> 5424#endif 5425#ifdef HAVE_LOGIN_H 5426# include <login.h> 5427#endif 5428 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5429 [ AC_MSG_RESULT([yes]) ], 5430 [ 5431 AC_MSG_RESULT([no]) 5432 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5433 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5434#include <sys/types.h> 5435#include <utmp.h> 5436#ifdef HAVE_LASTLOG_H 5437# include <lastlog.h> 5438#endif 5439#ifdef HAVE_PATHS_H 5440# include <paths.h> 5441#endif 5442 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5443 [ AC_MSG_RESULT([yes]) ], 5444 [ 5445 AC_MSG_RESULT([no]) 5446 system_lastlog_path=no 5447 ]) 5448]) 5449 5450if test -z "$conf_lastlog_location"; then 5451 if test x"$system_lastlog_path" = x"no" ; then 5452 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5453 if (test -d "$f" || test -f "$f") ; then 5454 conf_lastlog_location=$f 5455 fi 5456 done 5457 if test -z "$conf_lastlog_location"; then 5458 AC_MSG_WARN([** Cannot find lastlog **]) 5459 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5460 fi 5461 fi 5462fi 5463 5464if test -n "$conf_lastlog_location"; then 5465 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5466 [Define if you want to specify the path to your lastlog file]) 5467fi 5468 5469dnl utmp detection 5470AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5471AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5472#include <sys/types.h> 5473#include <utmp.h> 5474#ifdef HAVE_PATHS_H 5475# include <paths.h> 5476#endif 5477 ]], [[ char *utmp = UTMP_FILE; ]])], 5478 [ AC_MSG_RESULT([yes]) ], 5479 [ AC_MSG_RESULT([no]) 5480 system_utmp_path=no 5481]) 5482if test -z "$conf_utmp_location"; then 5483 if test x"$system_utmp_path" = x"no" ; then 5484 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5485 if test -f $f ; then 5486 conf_utmp_location=$f 5487 fi 5488 done 5489 if test -z "$conf_utmp_location"; then 5490 AC_DEFINE([DISABLE_UTMP]) 5491 fi 5492 fi 5493fi 5494if test -n "$conf_utmp_location"; then 5495 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5496 [Define if you want to specify the path to your utmp file]) 5497fi 5498 5499dnl wtmp detection 5500AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5501AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5502#include <sys/types.h> 5503#include <utmp.h> 5504#ifdef HAVE_PATHS_H 5505# include <paths.h> 5506#endif 5507 ]], [[ char *wtmp = WTMP_FILE; ]])], 5508 [ AC_MSG_RESULT([yes]) ], 5509 [ AC_MSG_RESULT([no]) 5510 system_wtmp_path=no 5511]) 5512if test -z "$conf_wtmp_location"; then 5513 if test x"$system_wtmp_path" = x"no" ; then 5514 for f in /usr/adm/wtmp /var/log/wtmp; do 5515 if test -f $f ; then 5516 conf_wtmp_location=$f 5517 fi 5518 done 5519 if test -z "$conf_wtmp_location"; then 5520 AC_DEFINE([DISABLE_WTMP]) 5521 fi 5522 fi 5523fi 5524if test -n "$conf_wtmp_location"; then 5525 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5526 [Define if you want to specify the path to your wtmp file]) 5527fi 5528 5529dnl wtmpx detection 5530AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5531AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5532#include <sys/types.h> 5533#include <utmp.h> 5534#ifdef HAVE_UTMPX_H 5535#include <utmpx.h> 5536#endif 5537#ifdef HAVE_PATHS_H 5538# include <paths.h> 5539#endif 5540 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5541 [ AC_MSG_RESULT([yes]) ], 5542 [ AC_MSG_RESULT([no]) 5543 system_wtmpx_path=no 5544]) 5545if test -z "$conf_wtmpx_location"; then 5546 if test x"$system_wtmpx_path" = x"no" ; then 5547 AC_DEFINE([DISABLE_WTMPX]) 5548 fi 5549else 5550 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5551 [Define if you want to specify the path to your wtmpx file]) 5552fi 5553 5554 5555if test ! -z "$blibpath" ; then 5556 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5557 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5558fi 5559 5560AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5561 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5562 AC_DEFINE([DISABLE_LASTLOG]) 5563 fi 5564 ], [ 5565#ifdef HAVE_SYS_TYPES_H 5566#include <sys/types.h> 5567#endif 5568#ifdef HAVE_UTMP_H 5569#include <utmp.h> 5570#endif 5571#ifdef HAVE_UTMPX_H 5572#include <utmpx.h> 5573#endif 5574#ifdef HAVE_LASTLOG_H 5575#include <lastlog.h> 5576#endif 5577 ]) 5578 5579AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5580 AC_DEFINE([DISABLE_UTMP]) 5581 AC_DEFINE([DISABLE_WTMP]) 5582 ], [ 5583#ifdef HAVE_SYS_TYPES_H 5584#include <sys/types.h> 5585#endif 5586#ifdef HAVE_UTMP_H 5587#include <utmp.h> 5588#endif 5589#ifdef HAVE_UTMPX_H 5590#include <utmpx.h> 5591#endif 5592#ifdef HAVE_LASTLOG_H 5593#include <lastlog.h> 5594#endif 5595 ]) 5596 5597dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5598dnl Add now. 5599CFLAGS="$CFLAGS $werror_flags" 5600 5601if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5602 TEST_SSH_IPV6=no 5603else 5604 TEST_SSH_IPV6=yes 5605fi 5606AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5607AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5608AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5609AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5610AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5611AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5612 5613CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5614LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5615 5616# Make a copy of CFLAGS/LDFLAGS without PIE options. 5617LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5618CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5619AC_SUBST([LDFLAGS_NOPIE]) 5620AC_SUBST([CFLAGS_NOPIE]) 5621 5622AC_EXEEXT 5623AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5624 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5625 survey.sh]) 5626AC_OUTPUT 5627 5628# Print summary of options 5629 5630# Someone please show me a better way :) 5631A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5632B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5633C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5634D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5635E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5636F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5637G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5638H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5639I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5640J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5641 5642echo "" 5643echo "OpenSSH has been configured with the following options:" 5644echo " User binaries: $B" 5645echo " System binaries: $C" 5646echo " Configuration files: $D" 5647echo " Askpass program: $E" 5648echo " Manual pages: $F" 5649echo " PID file: $G" 5650echo " Privilege separation chroot path: $H" 5651if test "x$external_path_file" = "x/etc/login.conf" ; then 5652echo " At runtime, sshd will use the path defined in $external_path_file" 5653echo " Make sure the path to scp is present, otherwise scp will not work" 5654else 5655echo " sshd default user PATH: $I" 5656 if test ! -z "$external_path_file"; then 5657echo " (If PATH is set in $external_path_file it will be used instead. If" 5658echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5659 fi 5660fi 5661if test ! -z "$superuser_path" ; then 5662echo " sshd superuser user PATH: $J" 5663fi 5664echo " Manpage format: $MANTYPE" 5665echo " PAM support: $PAM_MSG" 5666echo " OSF SIA support: $SIA_MSG" 5667echo " KerberosV support: $KRB5_MSG" 5668echo " SELinux support: $SELINUX_MSG" 5669echo " TCP Wrappers support: $TCPW_MSG" 5670echo " libedit support: $LIBEDIT_MSG" 5671echo " libldns support: $LDNS_MSG" 5672echo " Solaris process contract support: $SPC_MSG" 5673echo " Solaris project support: $SP_MSG" 5674echo " Solaris privilege support: $SPP_MSG" 5675echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5676echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5677echo " BSD Auth support: $BSD_AUTH_MSG" 5678echo " Random number source: $RAND_MSG" 5679echo " Privsep sandbox style: $SANDBOX_STYLE" 5680echo " PKCS#11 support: $enable_pkcs11" 5681echo " U2F/FIDO support: $enable_sk" 5682 5683echo "" 5684 5685echo " Host: ${host}" 5686echo " Compiler: ${CC}" 5687echo " Compiler flags: ${CFLAGS}" 5688echo "Preprocessor flags: ${CPPFLAGS}" 5689echo " Linker flags: ${LDFLAGS}" 5690echo " Libraries: ${LIBS}" 5691if test ! -z "${CHANNELLIBS}"; then 5692echo " +for channels: ${CHANNELLIBS}" 5693fi 5694if test ! -z "${LIBFIDO2}"; then 5695echo " +for FIDO2: ${LIBFIDO2}" 5696fi 5697if test ! -z "${SSHDLIBS}"; then 5698echo " +for sshd: ${SSHDLIBS}" 5699fi 5700 5701echo "" 5702 5703if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5704 echo "SVR4 style packages are supported with \"make package\"" 5705 echo "" 5706fi 5707 5708if test "x$PAM_MSG" = "xyes" ; then 5709 echo "PAM is enabled. You may need to install a PAM control file " 5710 echo "for sshd, otherwise password authentication may fail. " 5711 echo "Example PAM control files can be found in the contrib/ " 5712 echo "subdirectory" 5713 echo "" 5714fi 5715 5716if test ! -z "$NO_PEERCHECK" ; then 5717 echo "WARNING: the operating system that you are using does not" 5718 echo "appear to support getpeereid(), getpeerucred() or the" 5719 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5720 echo "enforce security checks to prevent unauthorised connections to" 5721 echo "ssh-agent. Their absence increases the risk that a malicious" 5722 echo "user can connect to your agent." 5723 echo "" 5724fi 5725 5726if test "$AUDIT_MODULE" = "bsm" ; then 5727 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5728 echo "See the Solaris section in README.platform for details." 5729fi 5730