1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_REVISION($Revision: 1.583 $) 18AC_CONFIG_SRCDIR([ssh.c]) 19AC_LANG([C]) 20 21AC_CONFIG_HEADER([config.h]) 22AC_PROG_CC 23AC_CANONICAL_HOST 24AC_C_BIGENDIAN 25 26# Checks for programs. 27AC_PROG_AWK 28AC_PROG_CPP 29AC_PROG_RANLIB 30AC_PROG_INSTALL 31AC_PROG_EGREP 32AC_PROG_MKDIR_P 33AC_CHECK_TOOLS([AR], [ar]) 34AC_PATH_PROG([CAT], [cat]) 35AC_PATH_PROG([KILL], [kill]) 36AC_PATH_PROG([SED], [sed]) 37AC_PATH_PROG([ENT], [ent]) 38AC_SUBST([ENT]) 39AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 40AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 41AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 42AC_PATH_PROG([SH], [sh]) 43AC_PATH_PROG([GROFF], [groff]) 44AC_PATH_PROG([NROFF], [nroff]) 45AC_PATH_PROG([MANDOC], [mandoc]) 46AC_SUBST([TEST_SHELL], [sh]) 47 48dnl select manpage formatter 49if test "x$MANDOC" != "x" ; then 50 MANFMT="$MANDOC" 51elif test "x$NROFF" != "x" ; then 52 MANFMT="$NROFF -mandoc" 53elif test "x$GROFF" != "x" ; then 54 MANFMT="$GROFF -mandoc -Tascii" 55else 56 AC_MSG_WARN([no manpage formatted found]) 57 MANFMT="false" 58fi 59AC_SUBST([MANFMT]) 60 61dnl for buildpkg.sh 62AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 63 [/usr/sbin${PATH_SEPARATOR}/etc]) 64AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 65 [/usr/sbin${PATH_SEPARATOR}/etc]) 66AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 67if test -x /sbin/sh; then 68 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 69else 70 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 71fi 72 73# System features 74AC_SYS_LARGEFILE 75 76if test -z "$AR" ; then 77 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 78fi 79 80AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 81if test ! -z "$PATH_PASSWD_PROG" ; then 82 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 83 [Full path of your "passwd" program]) 84fi 85 86dnl Since autoconf doesn't support it very well, we no longer allow users to 87dnl override LD, however keeping the hook here for now in case there's a use 88dnl use case we overlooked and someone needs to re-enable it. Unless a good 89dnl reason is found we'll be removing this in future. 90LD="$CC" 91AC_SUBST([LD]) 92 93AC_C_INLINE 94 95AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 96AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 97 #include <sys/types.h> 98 #include <sys/param.h> 99 #include <dev/systrace.h> 100]) 101AC_CHECK_DECL([RLIMIT_NPROC], 102 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 103 #include <sys/types.h> 104 #include <sys/resource.h> 105]) 106AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 107 #include <sys/types.h> 108 #include <linux/prctl.h> 109]) 110 111openssl=yes 112AC_ARG_WITH([openssl], 113 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 114 [ if test "x$withval" = "xno" ; then 115 openssl=no 116 fi 117 ] 118) 119AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 120if test "x$openssl" = "xyes" ; then 121 AC_MSG_RESULT([yes]) 122 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 123else 124 AC_MSG_RESULT([no]) 125fi 126 127use_stack_protector=1 128use_toolchain_hardening=1 129AC_ARG_WITH([stackprotect], 130 [ --without-stackprotect Don't use compiler's stack protection], [ 131 if test "x$withval" = "xno"; then 132 use_stack_protector=0 133 fi ]) 134AC_ARG_WITH([hardening], 135 [ --without-hardening Don't use toolchain hardening flags], [ 136 if test "x$withval" = "xno"; then 137 use_toolchain_hardening=0 138 fi ]) 139 140# We use -Werror for the tests only so that we catch warnings like "this is 141# on by default" for things like -fPIE. 142AC_MSG_CHECKING([if $CC supports -Werror]) 143saved_CFLAGS="$CFLAGS" 144CFLAGS="$CFLAGS -Werror" 145AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 146 [ AC_MSG_RESULT([yes]) 147 WERROR="-Werror"], 148 [ AC_MSG_RESULT([no]) 149 WERROR="" ] 150) 151CFLAGS="$saved_CFLAGS" 152 153if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 154 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 155 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 156 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 157 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 158 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 159 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 160 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 161 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 162 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 163 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 164 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 165 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 166 if test "x$use_toolchain_hardening" = "x1"; then 167 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 168 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 169 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 170 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 171 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 172 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 173 # NB. -ftrapv expects certain support functions to be present in 174 # the compiler library (libgcc or similar) to detect integer operations 175 # that can overflow. We must check that the result of enabling it 176 # actually links. The test program compiled/linked includes a number 177 # of integer operations that should exercise this. 178 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 179 fi 180 AC_MSG_CHECKING([gcc version]) 181 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 182 case $GCC_VER in 183 1.*) no_attrib_nonnull=1 ;; 184 2.8* | 2.9*) 185 no_attrib_nonnull=1 186 ;; 187 2.*) no_attrib_nonnull=1 ;; 188 *) ;; 189 esac 190 AC_MSG_RESULT([$GCC_VER]) 191 192 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 193 saved_CFLAGS="$CFLAGS" 194 CFLAGS="$CFLAGS -fno-builtin-memset" 195 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 196 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 197 [ AC_MSG_RESULT([yes]) ], 198 [ AC_MSG_RESULT([no]) 199 CFLAGS="$saved_CFLAGS" ] 200 ) 201 202 # -fstack-protector-all doesn't always work for some GCC versions 203 # and/or platforms, so we test if we can. If it's not supported 204 # on a given platform gcc will emit a warning so we use -Werror. 205 if test "x$use_stack_protector" = "x1"; then 206 for t in -fstack-protector-strong -fstack-protector-all \ 207 -fstack-protector; do 208 AC_MSG_CHECKING([if $CC supports $t]) 209 saved_CFLAGS="$CFLAGS" 210 saved_LDFLAGS="$LDFLAGS" 211 CFLAGS="$CFLAGS $t -Werror" 212 LDFLAGS="$LDFLAGS $t -Werror" 213 AC_LINK_IFELSE( 214 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 215 [[ 216 char x[256]; 217 snprintf(x, sizeof(x), "XXX"); 218 ]])], 219 [ AC_MSG_RESULT([yes]) 220 CFLAGS="$saved_CFLAGS $t" 221 LDFLAGS="$saved_LDFLAGS $t" 222 AC_MSG_CHECKING([if $t works]) 223 AC_RUN_IFELSE( 224 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 225 [[ 226 char x[256]; 227 snprintf(x, sizeof(x), "XXX"); 228 ]])], 229 [ AC_MSG_RESULT([yes]) 230 break ], 231 [ AC_MSG_RESULT([no]) ], 232 [ AC_MSG_WARN([cross compiling: cannot test]) 233 break ] 234 ) 235 ], 236 [ AC_MSG_RESULT([no]) ] 237 ) 238 CFLAGS="$saved_CFLAGS" 239 LDFLAGS="$saved_LDFLAGS" 240 done 241 fi 242 243 if test -z "$have_llong_max"; then 244 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 245 unset ac_cv_have_decl_LLONG_MAX 246 saved_CFLAGS="$CFLAGS" 247 CFLAGS="$CFLAGS -std=gnu99" 248 AC_CHECK_DECL([LLONG_MAX], 249 [have_llong_max=1], 250 [CFLAGS="$saved_CFLAGS"], 251 [#include <limits.h>] 252 ) 253 fi 254fi 255 256AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 257AC_COMPILE_IFELSE( 258 [AC_LANG_PROGRAM([[ 259#include <stdlib.h> 260__attribute__((__unused__)) static void foo(void){return;}]], 261 [[ exit(0); ]])], 262 [ AC_MSG_RESULT([yes]) ], 263 [ AC_MSG_RESULT([no]) 264 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 265 [compiler does not accept __attribute__ on return types]) ] 266) 267 268AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 269AC_COMPILE_IFELSE( 270 [AC_LANG_PROGRAM([[ 271#include <stdlib.h> 272typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 273 [[ exit(0); ]])], 274 [ AC_MSG_RESULT([yes]) ], 275 [ AC_MSG_RESULT([no]) 276 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 277 [compiler does not accept __attribute__ on prototype args]) ] 278) 279 280if test "x$no_attrib_nonnull" != "x1" ; then 281 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 282fi 283 284AC_ARG_WITH([rpath], 285 [ --without-rpath Disable auto-added -R linker paths], 286 [ 287 if test "x$withval" = "xno" ; then 288 need_dash_r="" 289 fi 290 if test "x$withval" = "xyes" ; then 291 need_dash_r=1 292 fi 293 ] 294) 295 296# Allow user to specify flags 297AC_ARG_WITH([cflags], 298 [ --with-cflags Specify additional flags to pass to compiler], 299 [ 300 if test -n "$withval" && test "x$withval" != "xno" && \ 301 test "x${withval}" != "xyes"; then 302 CFLAGS="$CFLAGS $withval" 303 fi 304 ] 305) 306 307AC_ARG_WITH([cflags-after], 308 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 309 [ 310 if test -n "$withval" && test "x$withval" != "xno" && \ 311 test "x${withval}" != "xyes"; then 312 CFLAGS_AFTER="$withval" 313 fi 314 ] 315) 316AC_ARG_WITH([cppflags], 317 [ --with-cppflags Specify additional flags to pass to preprocessor] , 318 [ 319 if test -n "$withval" && test "x$withval" != "xno" && \ 320 test "x${withval}" != "xyes"; then 321 CPPFLAGS="$CPPFLAGS $withval" 322 fi 323 ] 324) 325AC_ARG_WITH([ldflags], 326 [ --with-ldflags Specify additional flags to pass to linker], 327 [ 328 if test -n "$withval" && test "x$withval" != "xno" && \ 329 test "x${withval}" != "xyes"; then 330 LDFLAGS="$LDFLAGS $withval" 331 fi 332 ] 333) 334AC_ARG_WITH([ldflags-after], 335 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 336 [ 337 if test -n "$withval" && test "x$withval" != "xno" && \ 338 test "x${withval}" != "xyes"; then 339 LDFLAGS_AFTER="$withval" 340 fi 341 ] 342) 343AC_ARG_WITH([libs], 344 [ --with-libs Specify additional libraries to link with], 345 [ 346 if test -n "$withval" && test "x$withval" != "xno" && \ 347 test "x${withval}" != "xyes"; then 348 LIBS="$LIBS $withval" 349 fi 350 ] 351) 352AC_ARG_WITH([Werror], 353 [ --with-Werror Build main code with -Werror], 354 [ 355 if test -n "$withval" && test "x$withval" != "xno"; then 356 werror_flags="-Werror" 357 if test "x${withval}" != "xyes"; then 358 werror_flags="$withval" 359 fi 360 fi 361 ] 362) 363 364AC_CHECK_HEADERS([ \ 365 blf.h \ 366 bstring.h \ 367 crypt.h \ 368 crypto/sha2.h \ 369 dirent.h \ 370 endian.h \ 371 elf.h \ 372 err.h \ 373 features.h \ 374 fcntl.h \ 375 floatingpoint.h \ 376 getopt.h \ 377 glob.h \ 378 ia.h \ 379 iaf.h \ 380 ifaddrs.h \ 381 inttypes.h \ 382 langinfo.h \ 383 limits.h \ 384 locale.h \ 385 login.h \ 386 maillock.h \ 387 ndir.h \ 388 net/if_tun.h \ 389 netdb.h \ 390 netgroup.h \ 391 pam/pam_appl.h \ 392 paths.h \ 393 poll.h \ 394 pty.h \ 395 readpassphrase.h \ 396 rpc/types.h \ 397 security/pam_appl.h \ 398 sha2.h \ 399 shadow.h \ 400 stddef.h \ 401 stdint.h \ 402 string.h \ 403 strings.h \ 404 sys/bitypes.h \ 405 sys/bsdtty.h \ 406 sys/cdefs.h \ 407 sys/dir.h \ 408 sys/file.h \ 409 sys/mman.h \ 410 sys/label.h \ 411 sys/ndir.h \ 412 sys/poll.h \ 413 sys/prctl.h \ 414 sys/pstat.h \ 415 sys/ptrace.h \ 416 sys/random.h \ 417 sys/select.h \ 418 sys/stat.h \ 419 sys/stream.h \ 420 sys/stropts.h \ 421 sys/strtio.h \ 422 sys/statvfs.h \ 423 sys/sysmacros.h \ 424 sys/time.h \ 425 sys/timers.h \ 426 sys/vfs.h \ 427 time.h \ 428 tmpdir.h \ 429 ttyent.h \ 430 ucred.h \ 431 unistd.h \ 432 usersec.h \ 433 util.h \ 434 utime.h \ 435 utmp.h \ 436 utmpx.h \ 437 vis.h \ 438 wchar.h \ 439]) 440 441# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 442# to be included first. 443AC_CHECK_HEADERS([sys/audit.h], [], [], [ 444#ifdef HAVE_SYS_TIME_H 445# include <sys/time.h> 446#endif 447#ifdef HAVE_SYS_TYPES_H 448# include <sys/types.h> 449#endif 450#ifdef HAVE_SYS_LABEL_H 451# include <sys/label.h> 452#endif 453]) 454 455# sys/capsicum.h requires sys/types.h 456AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ 457#ifdef HAVE_SYS_TYPES_H 458# include <sys/types.h> 459#endif 460]) 461 462# net/route.h requires sys/socket.h and sys/types.h. 463# sys/sysctl.h also requires sys/param.h 464AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 465#ifdef HAVE_SYS_TYPES_H 466# include <sys/types.h> 467#endif 468#include <sys/param.h> 469#include <sys/socket.h> 470]) 471 472# lastlog.h requires sys/time.h to be included first on Solaris 473AC_CHECK_HEADERS([lastlog.h], [], [], [ 474#ifdef HAVE_SYS_TIME_H 475# include <sys/time.h> 476#endif 477]) 478 479# sys/ptms.h requires sys/stream.h to be included first on Solaris 480AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 481#ifdef HAVE_SYS_STREAM_H 482# include <sys/stream.h> 483#endif 484]) 485 486# login_cap.h requires sys/types.h on NetBSD 487AC_CHECK_HEADERS([login_cap.h], [], [], [ 488#include <sys/types.h> 489]) 490 491# older BSDs need sys/param.h before sys/mount.h 492AC_CHECK_HEADERS([sys/mount.h], [], [], [ 493#include <sys/param.h> 494]) 495 496# Android requires sys/socket.h to be included before sys/un.h 497AC_CHECK_HEADERS([sys/un.h], [], [], [ 498#include <sys/types.h> 499#include <sys/socket.h> 500]) 501 502# Messages for features tested for in target-specific section 503SIA_MSG="no" 504SPC_MSG="no" 505SP_MSG="no" 506SPP_MSG="no" 507 508# Support for Solaris/Illumos privileges (this test is used by both 509# the --with-solaris-privs option and --with-sandbox=solaris). 510SOLARIS_PRIVS="no" 511 512# Check for some target-specific stuff 513case "$host" in 514*-*-aix*) 515 # Some versions of VAC won't allow macro redefinitions at 516 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 517 # particularly with older versions of vac or xlc. 518 # It also throws errors about null macro arguments, but these are 519 # not fatal. 520 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 521 AC_COMPILE_IFELSE( 522 [AC_LANG_PROGRAM([[ 523#define testmacro foo 524#define testmacro bar]], 525 [[ exit(0); ]])], 526 [ AC_MSG_RESULT([yes]) ], 527 [ AC_MSG_RESULT([no]) 528 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 529 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 530 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 531 ] 532 ) 533 534 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 535 if (test -z "$blibpath"); then 536 blibpath="/usr/lib:/lib" 537 fi 538 saved_LDFLAGS="$LDFLAGS" 539 if test "$GCC" = "yes"; then 540 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 541 else 542 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 543 fi 544 for tryflags in $flags ;do 545 if (test -z "$blibflags"); then 546 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 547 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 548 [blibflags=$tryflags], []) 549 fi 550 done 551 if (test -z "$blibflags"); then 552 AC_MSG_RESULT([not found]) 553 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 554 else 555 AC_MSG_RESULT([$blibflags]) 556 fi 557 LDFLAGS="$saved_LDFLAGS" 558 dnl Check for authenticate. Might be in libs.a on older AIXes 559 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 560 [Define if you want to enable AIX4's authenticate function])], 561 [AC_CHECK_LIB([s], [authenticate], 562 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 563 LIBS="$LIBS -ls" 564 ]) 565 ]) 566 dnl Check for various auth function declarations in headers. 567 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 568 passwdexpired, setauthdb], , , [#include <usersec.h>]) 569 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 570 AC_CHECK_DECLS([loginfailed], 571 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 572 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 573 [[ (void)loginfailed("user","host","tty",0); ]])], 574 [AC_MSG_RESULT([yes]) 575 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 576 [Define if your AIX loginfailed() function 577 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 578 ])], 579 [], 580 [#include <usersec.h>] 581 ) 582 AC_CHECK_FUNCS([getgrset setauthdb]) 583 AC_CHECK_DECL([F_CLOSEM], 584 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 585 [], 586 [ #include <limits.h> 587 #include <fcntl.h> ] 588 ) 589 check_for_aix_broken_getaddrinfo=1 590 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.]) 591 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 592 [Define if your platform breaks doing a seteuid before a setuid]) 593 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 594 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 595 dnl AIX handles lastlog as part of its login message 596 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 597 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 598 [Some systems need a utmpx entry for /bin/login to work]) 599 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 600 [Define to a Set Process Title type if your system is 601 supported by bsd-setproctitle.c]) 602 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 603 [AIX 5.2 and 5.3 (and presumably newer) require this]) 604 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 605 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 606 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 607 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 608 ;; 609*-*-android*) 610 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 611 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 612 ;; 613*-*-cygwin*) 614 check_for_libcrypt_later=1 615 LIBS="$LIBS /usr/lib/textreadmode.o" 616 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 617 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 618 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 619 [Define to disable UID restoration test]) 620 AC_DEFINE([DISABLE_SHADOW], [1], 621 [Define if you want to disable shadow passwords]) 622 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 623 [Define if X11 doesn't support AF_UNIX sockets on that system]) 624 AC_DEFINE([DISABLE_FD_PASSING], [1], 625 [Define if your platform needs to skip post auth 626 file descriptor passing]) 627 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 628 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 629 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 630 # reasons which cause compile warnings, so we disable those warnings. 631 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 632 ;; 633*-*-dgux*) 634 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 635 [Define if your system choked on IP TOS setting]) 636 AC_DEFINE([SETEUID_BREAKS_SETUID]) 637 AC_DEFINE([BROKEN_SETREUID]) 638 AC_DEFINE([BROKEN_SETREGID]) 639 ;; 640*-*-darwin*) 641 use_pie=auto 642 AC_MSG_CHECKING([if we have working getaddrinfo]) 643 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h> 644main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 645 exit(0); 646 else 647 exit(1); 648} 649 ]])], 650 [AC_MSG_RESULT([working])], 651 [AC_MSG_RESULT([buggy]) 652 AC_DEFINE([BROKEN_GETADDRINFO], [1], 653 [getaddrinfo is broken (if present)]) 654 ], 655 [AC_MSG_RESULT([assume it is working])]) 656 AC_DEFINE([SETEUID_BREAKS_SETUID]) 657 AC_DEFINE([BROKEN_SETREUID]) 658 AC_DEFINE([BROKEN_SETREGID]) 659 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 660 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 661 [Define if your resolver libs need this for getrrsetbyname]) 662 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 663 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 664 [Use tunnel device compatibility to OpenBSD]) 665 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 666 [Prepend the address family to IP tunnel traffic]) 667 m4_pattern_allow([AU_IPv]) 668 AC_CHECK_DECL([AU_IPv4], [], 669 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 670 [#include <bsm/audit.h>] 671 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 672 [Define if pututxline updates lastlog too]) 673 ) 674 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 675 [Define to a Set Process Title type if your system is 676 supported by bsd-setproctitle.c]) 677 AC_CHECK_FUNCS([sandbox_init]) 678 AC_CHECK_HEADERS([sandbox.h]) 679 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 680 SSHDLIBS="$SSHDLIBS -lsandbox" 681 ]) 682 ;; 683*-*-dragonfly*) 684 SSHDLIBS="$SSHDLIBS -lcrypt" 685 TEST_MALLOC_OPTIONS="AFGJPRX" 686 ;; 687*-*-haiku*) 688 LIBS="$LIBS -lbsd " 689 AC_CHECK_LIB([network], [socket]) 690 AC_DEFINE([HAVE_U_INT64_T]) 691 MANTYPE=man 692 ;; 693*-*-hpux*) 694 # first we define all of the options common to all HP-UX releases 695 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 696 IPADDR_IN_DISPLAY=yes 697 AC_DEFINE([USE_PIPES]) 698 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 699 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 700 [String used in /etc/passwd to denote locked account]) 701 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 702 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 703 maildir="/var/mail" 704 LIBS="$LIBS -lsec" 705 AC_CHECK_LIB([xnet], [t_error], , 706 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 707 708 # next, we define all of the options specific to major releases 709 case "$host" in 710 *-*-hpux10*) 711 if test -z "$GCC"; then 712 CFLAGS="$CFLAGS -Ae" 713 fi 714 ;; 715 *-*-hpux11*) 716 AC_DEFINE([PAM_SUN_CODEBASE], [1], 717 [Define if you are using Solaris-derived PAM which 718 passes pam_messages to the conversation function 719 with an extra level of indirection]) 720 AC_DEFINE([DISABLE_UTMP], [1], 721 [Define if you don't want to use utmp]) 722 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 723 check_for_hpux_broken_getaddrinfo=1 724 check_for_conflicting_getspnam=1 725 ;; 726 esac 727 728 # lastly, we define options specific to minor releases 729 case "$host" in 730 *-*-hpux10.26) 731 AC_DEFINE([HAVE_SECUREWARE], [1], 732 [Define if you have SecureWare-based 733 protected password database]) 734 disable_ptmx_check=yes 735 LIBS="$LIBS -lsecpw" 736 ;; 737 esac 738 ;; 739*-*-irix5*) 740 PATH="$PATH:/usr/etc" 741 AC_DEFINE([BROKEN_INET_NTOA], [1], 742 [Define if you system's inet_ntoa is busted 743 (e.g. Irix gcc issue)]) 744 AC_DEFINE([SETEUID_BREAKS_SETUID]) 745 AC_DEFINE([BROKEN_SETREUID]) 746 AC_DEFINE([BROKEN_SETREGID]) 747 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 748 [Define if you shouldn't strip 'tty' from your 749 ttyname in [uw]tmp]) 750 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 751 ;; 752*-*-irix6*) 753 PATH="$PATH:/usr/etc" 754 AC_DEFINE([WITH_IRIX_ARRAY], [1], 755 [Define if you have/want arrays 756 (cluster-wide session management, not C arrays)]) 757 AC_DEFINE([WITH_IRIX_PROJECT], [1], 758 [Define if you want IRIX project management]) 759 AC_DEFINE([WITH_IRIX_AUDIT], [1], 760 [Define if you want IRIX audit trails]) 761 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 762 [Define if you want IRIX kernel jobs])]) 763 AC_DEFINE([BROKEN_INET_NTOA]) 764 AC_DEFINE([SETEUID_BREAKS_SETUID]) 765 AC_DEFINE([BROKEN_SETREUID]) 766 AC_DEFINE([BROKEN_SETREGID]) 767 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 768 AC_DEFINE([WITH_ABBREV_NO_TTY]) 769 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 770 ;; 771*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 772 check_for_libcrypt_later=1 773 AC_DEFINE([PAM_TTY_KLUDGE]) 774 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 775 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 776 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 777 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 778 ;; 779*-*-linux*) 780 no_dev_ptmx=1 781 use_pie=auto 782 check_for_libcrypt_later=1 783 check_for_openpty_ctty_bug=1 784 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 785 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 786 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" 787 AC_DEFINE([PAM_TTY_KLUDGE], [1], 788 [Work around problematic Linux PAM modules handling of PAM_TTY]) 789 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 790 [String used in /etc/passwd to denote locked account]) 791 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 792 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 793 [Define to whatever link() returns for "not supported" 794 if it doesn't return EOPNOTSUPP.]) 795 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 796 AC_DEFINE([USE_BTMP]) 797 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 798 inet6_default_4in6=yes 799 case `uname -r` in 800 1.*|2.0.*) 801 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 802 [Define if cmsg_type is not passed correctly]) 803 ;; 804 esac 805 # tun(4) forwarding compat code 806 AC_CHECK_HEADERS([linux/if_tun.h]) 807 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 808 AC_DEFINE([SSH_TUN_LINUX], [1], 809 [Open tunnel devices the Linux tun/tap way]) 810 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 811 [Use tunnel device compatibility to OpenBSD]) 812 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 813 [Prepend the address family to IP tunnel traffic]) 814 fi 815 AC_CHECK_HEADER([linux/if.h], 816 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 817 [Support routing domains using Linux VRF]), [], [ 818#ifdef HAVE_SYS_TYPES_H 819# include <sys/types.H> 820#endif 821 ]) 822 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 823 [], [#include <linux/types.h>]) 824 # Obtain MIPS ABI 825 case "$host" in 826 mips*) 827 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 828#if _MIPS_SIM != _ABIO32 829#error 830#endif 831 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 832#if _MIPS_SIM != _ABIN32 833#error 834#endif 835 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 836#if _MIPS_SIM != _ABI64 837#error 838#endif 839 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 840 ]) 841 ]) 842 ]) 843 ;; 844 esac 845 AC_MSG_CHECKING([for seccomp architecture]) 846 seccomp_audit_arch= 847 case "$host" in 848 x86_64-*) 849 seccomp_audit_arch=AUDIT_ARCH_X86_64 850 ;; 851 i*86-*) 852 seccomp_audit_arch=AUDIT_ARCH_I386 853 ;; 854 arm*-*) 855 seccomp_audit_arch=AUDIT_ARCH_ARM 856 ;; 857 aarch64*-*) 858 seccomp_audit_arch=AUDIT_ARCH_AARCH64 859 ;; 860 s390x-*) 861 seccomp_audit_arch=AUDIT_ARCH_S390X 862 ;; 863 s390-*) 864 seccomp_audit_arch=AUDIT_ARCH_S390 865 ;; 866 powerpc64-*) 867 seccomp_audit_arch=AUDIT_ARCH_PPC64 868 ;; 869 powerpc64le-*) 870 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 871 ;; 872 mips-*) 873 seccomp_audit_arch=AUDIT_ARCH_MIPS 874 ;; 875 mipsel-*) 876 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 877 ;; 878 mips64-*) 879 case "$mips_abi" in 880 "n32") 881 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 882 ;; 883 "n64") 884 seccomp_audit_arch=AUDIT_ARCH_MIPS64 885 ;; 886 esac 887 ;; 888 mips64el-*) 889 case "$mips_abi" in 890 "n32") 891 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 892 ;; 893 "n64") 894 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 895 ;; 896 esac 897 ;; 898 esac 899 if test "x$seccomp_audit_arch" != "x" ; then 900 AC_MSG_RESULT(["$seccomp_audit_arch"]) 901 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 902 [Specify the system call convention in use]) 903 else 904 AC_MSG_RESULT([architecture not supported]) 905 fi 906 ;; 907mips-sony-bsd|mips-sony-newsos4) 908 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 909 SONY=1 910 ;; 911*-*-netbsd*) 912 check_for_libcrypt_before=1 913 if test "x$withval" != "xno" ; then 914 need_dash_r=1 915 fi 916 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 917 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 918 AC_CHECK_HEADER([net/if_tap.h], , 919 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 920 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 921 [Prepend the address family to IP tunnel traffic]) 922 TEST_MALLOC_OPTIONS="AJRX" 923 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 924 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 925 ;; 926*-*-freebsd*) 927 check_for_libcrypt_later=1 928 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 929 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 930 AC_CHECK_HEADER([net/if_tap.h], , 931 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 932 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 933 TEST_MALLOC_OPTIONS="AJRX" 934 # Preauth crypto occasionally uses file descriptors for crypto offload 935 # and will crash if they cannot be opened. 936 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 937 [define if setrlimit RLIMIT_NOFILE breaks things]) 938 ;; 939*-*-bsdi*) 940 AC_DEFINE([SETEUID_BREAKS_SETUID]) 941 AC_DEFINE([BROKEN_SETREUID]) 942 AC_DEFINE([BROKEN_SETREGID]) 943 ;; 944*-next-*) 945 conf_lastlog_location="/usr/adm/lastlog" 946 conf_utmp_location=/etc/utmp 947 conf_wtmp_location=/usr/adm/wtmp 948 maildir=/usr/spool/mail 949 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 950 AC_DEFINE([BROKEN_REALPATH]) 951 AC_DEFINE([USE_PIPES]) 952 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 953 ;; 954*-*-openbsd*) 955 use_pie=auto 956 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 957 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 958 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 959 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 960 [syslog_r function is safe to use in in a signal handler]) 961 TEST_MALLOC_OPTIONS="AFGJPRX" 962 ;; 963*-*-solaris*) 964 if test "x$withval" != "xno" ; then 965 need_dash_r=1 966 fi 967 AC_DEFINE([PAM_SUN_CODEBASE]) 968 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 969 AC_DEFINE([PAM_TTY_KLUDGE]) 970 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 971 [Define if pam_chauthtok wants real uid set 972 to the unpriv'ed user]) 973 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 974 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 975 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 976 [Define if sshd somehow reacquires a controlling TTY 977 after setsid()]) 978 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 979 in case the name is longer than 8 chars]) 980 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 981 external_path_file=/etc/default/login 982 # hardwire lastlog location (can't detect it on some versions) 983 conf_lastlog_location="/var/adm/lastlog" 984 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 985 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 986 if test "$sol2ver" -ge 8; then 987 AC_MSG_RESULT([yes]) 988 AC_DEFINE([DISABLE_UTMP]) 989 AC_DEFINE([DISABLE_WTMP], [1], 990 [Define if you don't want to use wtmp]) 991 else 992 AC_MSG_RESULT([no]) 993 fi 994 AC_CHECK_FUNCS([setpflags]) 995 AC_CHECK_FUNCS([setppriv]) 996 AC_CHECK_FUNCS([priv_basicset]) 997 AC_CHECK_HEADERS([priv.h]) 998 AC_ARG_WITH([solaris-contracts], 999 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1000 [ 1001 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1002 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1003 [Define if you have Solaris process contracts]) 1004 LIBS="$LIBS -lcontract" 1005 SPC_MSG="yes" ], ) 1006 ], 1007 ) 1008 AC_ARG_WITH([solaris-projects], 1009 [ --with-solaris-projects Enable Solaris projects (experimental)], 1010 [ 1011 AC_CHECK_LIB([project], [setproject], 1012 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1013 [Define if you have Solaris projects]) 1014 LIBS="$LIBS -lproject" 1015 SP_MSG="yes" ], ) 1016 ], 1017 ) 1018 AC_ARG_WITH([solaris-privs], 1019 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1020 [ 1021 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1022 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1023 "x$ac_cv_header_priv_h" = "xyes" ; then 1024 SOLARIS_PRIVS=yes 1025 AC_MSG_RESULT([found]) 1026 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1027 [Define to disable UID restoration test]) 1028 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1029 [Define if you have Solaris privileges]) 1030 SPP_MSG="yes" 1031 else 1032 AC_MSG_RESULT([not found]) 1033 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1034 fi 1035 ], 1036 ) 1037 TEST_SHELL=$SHELL # let configure find us a capable shell 1038 ;; 1039*-*-sunos4*) 1040 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1041 AC_CHECK_FUNCS([getpwanam]) 1042 AC_DEFINE([PAM_SUN_CODEBASE]) 1043 conf_utmp_location=/etc/utmp 1044 conf_wtmp_location=/var/adm/wtmp 1045 conf_lastlog_location=/var/adm/lastlog 1046 AC_DEFINE([USE_PIPES]) 1047 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1048 ;; 1049*-ncr-sysv*) 1050 LIBS="$LIBS -lc89" 1051 AC_DEFINE([USE_PIPES]) 1052 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1053 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1054 AC_DEFINE([BROKEN_SETREUID]) 1055 AC_DEFINE([BROKEN_SETREGID]) 1056 ;; 1057*-sni-sysv*) 1058 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1059 AC_CHECK_LIB([dl], [dlsym], ,) 1060 # -lresolv needs to be at the end of LIBS or DNS lookups break 1061 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1062 IPADDR_IN_DISPLAY=yes 1063 AC_DEFINE([USE_PIPES]) 1064 AC_DEFINE([IP_TOS_IS_BROKEN]) 1065 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1066 AC_DEFINE([BROKEN_SETREUID]) 1067 AC_DEFINE([BROKEN_SETREGID]) 1068 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1069 external_path_file=/etc/default/login 1070 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1071 # Attention: always take care to bind libsocket and libnsl before libc, 1072 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1073 ;; 1074# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1075*-*-sysv4.2*) 1076 AC_DEFINE([USE_PIPES]) 1077 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1078 AC_DEFINE([BROKEN_SETREUID]) 1079 AC_DEFINE([BROKEN_SETREGID]) 1080 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1081 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1082 TEST_SHELL=$SHELL # let configure find us a capable shell 1083 ;; 1084# UnixWare 7.x, OpenUNIX 8 1085*-*-sysv5*) 1086 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1087 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1088 AC_DEFINE([USE_PIPES]) 1089 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1090 AC_DEFINE([BROKEN_GETADDRINFO]) 1091 AC_DEFINE([BROKEN_SETREUID]) 1092 AC_DEFINE([BROKEN_SETREGID]) 1093 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1094 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1095 TEST_SHELL=$SHELL # let configure find us a capable shell 1096 check_for_libcrypt_later=1 1097 case "$host" in 1098 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1099 maildir=/var/spool/mail 1100 AC_DEFINE([BROKEN_UPDWTMPX]) 1101 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1102 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1103 ], , ) 1104 ;; 1105 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1106 ;; 1107 esac 1108 ;; 1109*-*-sysv*) 1110 ;; 1111# SCO UNIX and OEM versions of SCO UNIX 1112*-*-sco3.2v4*) 1113 AC_MSG_ERROR("This Platform is no longer supported.") 1114 ;; 1115# SCO OpenServer 5.x 1116*-*-sco3.2v5*) 1117 if test -z "$GCC"; then 1118 CFLAGS="$CFLAGS -belf" 1119 fi 1120 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1121 no_dev_ptmx=1 1122 AC_DEFINE([USE_PIPES]) 1123 AC_DEFINE([HAVE_SECUREWARE]) 1124 AC_DEFINE([DISABLE_SHADOW]) 1125 AC_DEFINE([DISABLE_FD_PASSING]) 1126 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1127 AC_DEFINE([BROKEN_GETADDRINFO]) 1128 AC_DEFINE([BROKEN_SETREUID]) 1129 AC_DEFINE([BROKEN_SETREGID]) 1130 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1131 AC_DEFINE([BROKEN_UPDWTMPX]) 1132 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1133 AC_CHECK_FUNCS([getluid setluid]) 1134 MANTYPE=man 1135 TEST_SHELL=$SHELL # let configure find us a capable shell 1136 SKIP_DISABLE_LASTLOG_DEFINE=yes 1137 ;; 1138*-dec-osf*) 1139 AC_MSG_CHECKING([for Digital Unix SIA]) 1140 no_osfsia="" 1141 AC_ARG_WITH([osfsia], 1142 [ --with-osfsia Enable Digital Unix SIA], 1143 [ 1144 if test "x$withval" = "xno" ; then 1145 AC_MSG_RESULT([disabled]) 1146 no_osfsia=1 1147 fi 1148 ], 1149 ) 1150 if test -z "$no_osfsia" ; then 1151 if test -f /etc/sia/matrix.conf; then 1152 AC_MSG_RESULT([yes]) 1153 AC_DEFINE([HAVE_OSF_SIA], [1], 1154 [Define if you have Digital Unix Security 1155 Integration Architecture]) 1156 AC_DEFINE([DISABLE_LOGIN], [1], 1157 [Define if you don't want to use your 1158 system's login() call]) 1159 AC_DEFINE([DISABLE_FD_PASSING]) 1160 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1161 SIA_MSG="yes" 1162 else 1163 AC_MSG_RESULT([no]) 1164 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1165 [String used in /etc/passwd to denote locked account]) 1166 fi 1167 fi 1168 AC_DEFINE([BROKEN_GETADDRINFO]) 1169 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1170 AC_DEFINE([BROKEN_SETREUID]) 1171 AC_DEFINE([BROKEN_SETREGID]) 1172 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1173 ;; 1174 1175*-*-nto-qnx*) 1176 AC_DEFINE([USE_PIPES]) 1177 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1178 AC_DEFINE([DISABLE_LASTLOG]) 1179 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1180 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1181 enable_etc_default_login=no # has incompatible /etc/default/login 1182 case "$host" in 1183 *-*-nto-qnx6*) 1184 AC_DEFINE([DISABLE_FD_PASSING]) 1185 ;; 1186 esac 1187 ;; 1188 1189*-*-ultrix*) 1190 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1191 AC_DEFINE([NEED_SETPGRP]) 1192 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1193 ;; 1194 1195*-*-lynxos) 1196 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1197 AC_DEFINE([BROKEN_SETVBUF], [1], 1198 [LynxOS has broken setvbuf() implementation]) 1199 ;; 1200esac 1201 1202AC_MSG_CHECKING([compiler and flags for sanity]) 1203AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], 1204 [ AC_MSG_RESULT([yes]) ], 1205 [ 1206 AC_MSG_RESULT([no]) 1207 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1208 ], 1209 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1210) 1211 1212dnl Checks for header files. 1213# Checks for libraries. 1214AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1215 1216dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1217AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1218 AC_CHECK_LIB([gen], [dirname], [ 1219 AC_CACHE_CHECK([for broken dirname], 1220 ac_cv_have_broken_dirname, [ 1221 save_LIBS="$LIBS" 1222 LIBS="$LIBS -lgen" 1223 AC_RUN_IFELSE( 1224 [AC_LANG_SOURCE([[ 1225#include <libgen.h> 1226#include <string.h> 1227 1228int main(int argc, char **argv) { 1229 char *s, buf[32]; 1230 1231 strncpy(buf,"/etc", 32); 1232 s = dirname(buf); 1233 if (!s || strncmp(s, "/", 32) != 0) { 1234 exit(1); 1235 } else { 1236 exit(0); 1237 } 1238} 1239 ]])], 1240 [ ac_cv_have_broken_dirname="no" ], 1241 [ ac_cv_have_broken_dirname="yes" ], 1242 [ ac_cv_have_broken_dirname="no" ], 1243 ) 1244 LIBS="$save_LIBS" 1245 ]) 1246 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1247 LIBS="$LIBS -lgen" 1248 AC_DEFINE([HAVE_DIRNAME]) 1249 AC_CHECK_HEADERS([libgen.h]) 1250 fi 1251 ]) 1252]) 1253 1254AC_CHECK_FUNC([getspnam], , 1255 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1256AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1257 [Define if you have the basename function.])]) 1258 1259dnl zlib is required 1260AC_ARG_WITH([zlib], 1261 [ --with-zlib=PATH Use zlib in PATH], 1262 [ if test "x$withval" = "xno" ; then 1263 AC_MSG_ERROR([*** zlib is required ***]) 1264 elif test "x$withval" != "xyes"; then 1265 if test -d "$withval/lib"; then 1266 if test -n "${need_dash_r}"; then 1267 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1268 else 1269 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1270 fi 1271 else 1272 if test -n "${need_dash_r}"; then 1273 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1274 else 1275 LDFLAGS="-L${withval} ${LDFLAGS}" 1276 fi 1277 fi 1278 if test -d "$withval/include"; then 1279 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1280 else 1281 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1282 fi 1283 fi ] 1284) 1285 1286AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1287AC_CHECK_LIB([z], [deflate], , 1288 [ 1289 saved_CPPFLAGS="$CPPFLAGS" 1290 saved_LDFLAGS="$LDFLAGS" 1291 save_LIBS="$LIBS" 1292 dnl Check default zlib install dir 1293 if test -n "${need_dash_r}"; then 1294 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}" 1295 else 1296 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1297 fi 1298 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1299 LIBS="$LIBS -lz" 1300 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1301 [ 1302 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1303 ] 1304 ) 1305 ] 1306) 1307 1308AC_ARG_WITH([zlib-version-check], 1309 [ --without-zlib-version-check Disable zlib version check], 1310 [ if test "x$withval" = "xno" ; then 1311 zlib_check_nonfatal=1 1312 fi 1313 ] 1314) 1315 1316AC_MSG_CHECKING([for possibly buggy zlib]) 1317AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1318#include <stdio.h> 1319#include <stdlib.h> 1320#include <zlib.h> 1321 ]], 1322 [[ 1323 int a=0, b=0, c=0, d=0, n, v; 1324 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1325 if (n != 3 && n != 4) 1326 exit(1); 1327 v = a*1000000 + b*10000 + c*100 + d; 1328 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1329 1330 /* 1.1.4 is OK */ 1331 if (a == 1 && b == 1 && c >= 4) 1332 exit(0); 1333 1334 /* 1.2.3 and up are OK */ 1335 if (v >= 1020300) 1336 exit(0); 1337 1338 exit(2); 1339 ]])], 1340 AC_MSG_RESULT([no]), 1341 [ AC_MSG_RESULT([yes]) 1342 if test -z "$zlib_check_nonfatal" ; then 1343 AC_MSG_ERROR([*** zlib too old - check config.log *** 1344Your reported zlib version has known security problems. It's possible your 1345vendor has fixed these problems without changing the version number. If you 1346are sure this is the case, you can disable the check by running 1347"./configure --without-zlib-version-check". 1348If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1349See http://www.gzip.org/zlib/ for details.]) 1350 else 1351 AC_MSG_WARN([zlib version may have security problems]) 1352 fi 1353 ], 1354 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1355) 1356 1357dnl UnixWare 2.x 1358AC_CHECK_FUNC([strcasecmp], 1359 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1360) 1361AC_CHECK_FUNCS([utimes], 1362 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1363 LIBS="$LIBS -lc89"]) ] 1364) 1365 1366dnl Checks for libutil functions 1367AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1368AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1369AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1370AC_SEARCH_LIBS([login], [util bsd]) 1371AC_SEARCH_LIBS([logout], [util bsd]) 1372AC_SEARCH_LIBS([logwtmp], [util bsd]) 1373AC_SEARCH_LIBS([openpty], [util bsd]) 1374AC_SEARCH_LIBS([updwtmp], [util bsd]) 1375AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1376 1377# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1378# or libnsl. 1379AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1380AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1381 1382# "Particular Function Checks" 1383# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1384AC_FUNC_STRFTIME 1385AC_FUNC_MALLOC 1386AC_FUNC_REALLOC 1387# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1388AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1389AC_RUN_IFELSE( 1390 [AC_LANG_PROGRAM( 1391 [[ #include <stdlib.h> ]], 1392 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1393 )], 1394 [ func_calloc_0_nonnull=yes ], 1395 [ func_calloc_0_nonnull=no ], 1396 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1397 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1398) 1399AC_MSG_RESULT([$func_calloc_0_nonnull]) 1400 1401if test "x$func_calloc_0_nonnull" = "xyes"; then 1402 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1403else 1404 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1405 AC_DEFINE(calloc, rpl_calloc, 1406 [Define to rpl_calloc if the replacement function should be used.]) 1407fi 1408 1409# Check for ALTDIRFUNC glob() extension 1410AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1411AC_EGREP_CPP([FOUNDIT], 1412 [ 1413 #include <glob.h> 1414 #ifdef GLOB_ALTDIRFUNC 1415 FOUNDIT 1416 #endif 1417 ], 1418 [ 1419 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1420 [Define if your system glob() function has 1421 the GLOB_ALTDIRFUNC extension]) 1422 AC_MSG_RESULT([yes]) 1423 ], 1424 [ 1425 AC_MSG_RESULT([no]) 1426 ] 1427) 1428 1429# Check for g.gl_matchc glob() extension 1430AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1431AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1432 [[ glob_t g; g.gl_matchc = 1; ]])], 1433 [ 1434 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1435 [Define if your system glob() function has 1436 gl_matchc options in glob_t]) 1437 AC_MSG_RESULT([yes]) 1438 ], [ 1439 AC_MSG_RESULT([no]) 1440]) 1441 1442# Check for g.gl_statv glob() extension 1443AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1444AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1445#ifndef GLOB_KEEPSTAT 1446#error "glob does not support GLOB_KEEPSTAT extension" 1447#endif 1448glob_t g; 1449g.gl_statv = NULL; 1450]])], 1451 [ 1452 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1453 [Define if your system glob() function has 1454 gl_statv options in glob_t]) 1455 AC_MSG_RESULT([yes]) 1456 ], [ 1457 AC_MSG_RESULT([no]) 1458 1459]) 1460 1461AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1462 1463AC_CHECK_DECL([VIS_ALL], , 1464 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1465 1466AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1467AC_RUN_IFELSE( 1468 [AC_LANG_PROGRAM([[ 1469#include <sys/types.h> 1470#include <dirent.h>]], 1471 [[ 1472 struct dirent d; 1473 exit(sizeof(d.d_name)<=sizeof(char)); 1474 ]])], 1475 [AC_MSG_RESULT([yes])], 1476 [ 1477 AC_MSG_RESULT([no]) 1478 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1479 [Define if your struct dirent expects you to 1480 allocate extra space for d_name]) 1481 ], 1482 [ 1483 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1484 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1485 ] 1486) 1487 1488AC_MSG_CHECKING([for /proc/pid/fd directory]) 1489if test -d "/proc/$$/fd" ; then 1490 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1491 AC_MSG_RESULT([yes]) 1492else 1493 AC_MSG_RESULT([no]) 1494fi 1495 1496# Check whether user wants TCP wrappers support 1497TCPW_MSG="no" 1498AC_ARG_WITH([tcp-wrappers], 1499 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1500 [ 1501 if test "x$withval" != "xno" ; then 1502 saved_LIBS="$LIBS" 1503 saved_LDFLAGS="$LDFLAGS" 1504 saved_CPPFLAGS="$CPPFLAGS" 1505 if test -n "${withval}" && \ 1506 test "x${withval}" != "xyes"; then 1507 if test -d "${withval}/lib"; then 1508 if test -n "${need_dash_r}"; then 1509 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1510 else 1511 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1512 fi 1513 else 1514 if test -n "${need_dash_r}"; then 1515 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1516 else 1517 LDFLAGS="-L${withval} ${LDFLAGS}" 1518 fi 1519 fi 1520 if test -d "${withval}/include"; then 1521 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1522 else 1523 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1524 fi 1525 fi 1526 LIBS="-lwrap $LIBS" 1527 AC_MSG_CHECKING([for libwrap]) 1528 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1529#include <sys/types.h> 1530#include <sys/socket.h> 1531#include <netinet/in.h> 1532#include <tcpd.h> 1533int deny_severity = 0, allow_severity = 0; 1534 ]], [[ 1535 hosts_access(0); 1536 ]])], [ 1537 AC_MSG_RESULT([yes]) 1538 AC_DEFINE([LIBWRAP], [1], 1539 [Define if you want 1540 TCP Wrappers support]) 1541 SSHDLIBS="$SSHDLIBS -lwrap" 1542 TCPW_MSG="yes" 1543 ], [ 1544 AC_MSG_ERROR([*** libwrap missing]) 1545 ]) 1546 LIBS="$saved_LIBS" 1547 fi 1548 ] 1549) 1550 1551# Check whether user wants to use ldns 1552LDNS_MSG="no" 1553AC_ARG_WITH(ldns, 1554 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1555 [ 1556 ldns="" 1557 if test "x$withval" = "xyes" ; then 1558 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1559 if test "x$LDNSCONFIG" = "xno"; then 1560 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1561 LDFLAGS="$LDFLAGS -L${withval}/lib" 1562 LIBS="-lldns $LIBS" 1563 ldns=yes 1564 else 1565 LIBS="$LIBS `$LDNSCONFIG --libs`" 1566 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1567 ldns=yes 1568 fi 1569 elif test "x$withval" != "xno" ; then 1570 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1571 LDFLAGS="$LDFLAGS -L${withval}/lib" 1572 LIBS="-lldns $LIBS" 1573 ldns=yes 1574 fi 1575 1576 # Verify that it works. 1577 if test "x$ldns" = "xyes" ; then 1578 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1579 LDNS_MSG="yes" 1580 AC_MSG_CHECKING([for ldns support]) 1581 AC_LINK_IFELSE( 1582 [AC_LANG_SOURCE([[ 1583#include <stdio.h> 1584#include <stdlib.h> 1585#include <stdint.h> 1586#include <ldns/ldns.h> 1587int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1588 ]]) 1589 ], 1590 [AC_MSG_RESULT(yes)], 1591 [ 1592 AC_MSG_RESULT(no) 1593 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1594 ]) 1595 fi 1596]) 1597 1598# Check whether user wants libedit support 1599LIBEDIT_MSG="no" 1600AC_ARG_WITH([libedit], 1601 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1602 [ if test "x$withval" != "xno" ; then 1603 if test "x$withval" = "xyes" ; then 1604 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1605 if test "x$PKGCONFIG" != "xno"; then 1606 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1607 if "$PKGCONFIG" libedit; then 1608 AC_MSG_RESULT([yes]) 1609 use_pkgconfig_for_libedit=yes 1610 else 1611 AC_MSG_RESULT([no]) 1612 fi 1613 fi 1614 else 1615 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1616 if test -n "${need_dash_r}"; then 1617 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1618 else 1619 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1620 fi 1621 fi 1622 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1623 LIBEDIT=`$PKGCONFIG --libs libedit` 1624 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1625 else 1626 LIBEDIT="-ledit -lcurses" 1627 fi 1628 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1629 AC_CHECK_LIB([edit], [el_init], 1630 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1631 LIBEDIT_MSG="yes" 1632 AC_SUBST([LIBEDIT]) 1633 ], 1634 [ AC_MSG_ERROR([libedit not found]) ], 1635 [ $OTHERLIBS ] 1636 ) 1637 AC_MSG_CHECKING([if libedit version is compatible]) 1638 AC_COMPILE_IFELSE( 1639 [AC_LANG_PROGRAM([[ #include <histedit.h> ]], 1640 [[ 1641 int i = H_SETSIZE; 1642 el_init("", NULL, NULL, NULL); 1643 exit(0); 1644 ]])], 1645 [ AC_MSG_RESULT([yes]) ], 1646 [ AC_MSG_RESULT([no]) 1647 AC_MSG_ERROR([libedit version is not compatible]) ] 1648 ) 1649 fi ] 1650) 1651 1652AUDIT_MODULE=none 1653AC_ARG_WITH([audit], 1654 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1655 [ 1656 AC_MSG_CHECKING([for supported audit module]) 1657 case "$withval" in 1658 bsm) 1659 AC_MSG_RESULT([bsm]) 1660 AUDIT_MODULE=bsm 1661 dnl Checks for headers, libs and functions 1662 AC_CHECK_HEADERS([bsm/audit.h], [], 1663 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1664 [ 1665#ifdef HAVE_TIME_H 1666# include <time.h> 1667#endif 1668 ] 1669) 1670 AC_CHECK_LIB([bsm], [getaudit], [], 1671 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1672 AC_CHECK_FUNCS([getaudit], [], 1673 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1674 # These are optional 1675 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1676 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1677 if test "$sol2ver" -ge 11; then 1678 SSHDLIBS="$SSHDLIBS -lscf" 1679 AC_DEFINE([BROKEN_BSM_API], [1], 1680 [The system has incomplete BSM API]) 1681 fi 1682 ;; 1683 linux) 1684 AC_MSG_RESULT([linux]) 1685 AUDIT_MODULE=linux 1686 dnl Checks for headers, libs and functions 1687 AC_CHECK_HEADERS([libaudit.h]) 1688 SSHDLIBS="$SSHDLIBS -laudit" 1689 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1690 ;; 1691 debug) 1692 AUDIT_MODULE=debug 1693 AC_MSG_RESULT([debug]) 1694 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1695 ;; 1696 no) 1697 AC_MSG_RESULT([no]) 1698 ;; 1699 *) 1700 AC_MSG_ERROR([Unknown audit module $withval]) 1701 ;; 1702 esac ] 1703) 1704 1705AC_ARG_WITH([pie], 1706 [ --with-pie Build Position Independent Executables if possible], [ 1707 if test "x$withval" = "xno"; then 1708 use_pie=no 1709 fi 1710 if test "x$withval" = "xyes"; then 1711 use_pie=yes 1712 fi 1713 ] 1714) 1715if test "x$use_pie" = "x"; then 1716 use_pie=no 1717fi 1718if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1719 # Turn off automatic PIE when toolchain hardening is off. 1720 use_pie=no 1721fi 1722if test "x$use_pie" = "xauto"; then 1723 # Automatic PIE requires gcc >= 4.x 1724 AC_MSG_CHECKING([for gcc >= 4.x]) 1725 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1726#if !defined(__GNUC__) || __GNUC__ < 4 1727#error gcc is too old 1728#endif 1729]])], 1730 [ AC_MSG_RESULT([yes]) ], 1731 [ AC_MSG_RESULT([no]) 1732 use_pie=no ] 1733) 1734fi 1735if test "x$use_pie" != "xno"; then 1736 SAVED_CFLAGS="$CFLAGS" 1737 SAVED_LDFLAGS="$LDFLAGS" 1738 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1739 OSSH_CHECK_LDFLAG_LINK([-pie]) 1740 # We use both -fPIE and -pie or neither. 1741 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1742 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1743 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1744 AC_MSG_RESULT([yes]) 1745 else 1746 AC_MSG_RESULT([no]) 1747 CFLAGS="$SAVED_CFLAGS" 1748 LDFLAGS="$SAVED_LDFLAGS" 1749 fi 1750fi 1751 1752dnl Checks for library functions. Please keep in alphabetical order 1753AC_CHECK_FUNCS([ \ 1754 auth_hostok \ 1755 auth_timeok \ 1756 Blowfish_initstate \ 1757 Blowfish_expandstate \ 1758 Blowfish_expand0state \ 1759 Blowfish_stream2word \ 1760 asprintf \ 1761 b64_ntop \ 1762 __b64_ntop \ 1763 b64_pton \ 1764 __b64_pton \ 1765 bcopy \ 1766 bcrypt_pbkdf \ 1767 bindresvport_sa \ 1768 blf_enc \ 1769 bzero \ 1770 cap_rights_limit \ 1771 clock \ 1772 closefrom \ 1773 dirfd \ 1774 endgrent \ 1775 err \ 1776 errx \ 1777 explicit_bzero \ 1778 fchmod \ 1779 fchown \ 1780 flock \ 1781 freeaddrinfo \ 1782 freezero \ 1783 fstatfs \ 1784 fstatvfs \ 1785 futimes \ 1786 getaddrinfo \ 1787 getcwd \ 1788 getgrouplist \ 1789 getline \ 1790 getnameinfo \ 1791 getopt \ 1792 getpagesize \ 1793 getpeereid \ 1794 getpeerucred \ 1795 getpgid \ 1796 _getpty \ 1797 getrlimit \ 1798 getrandom \ 1799 getsid \ 1800 getttyent \ 1801 glob \ 1802 group_from_gid \ 1803 inet_aton \ 1804 inet_ntoa \ 1805 inet_ntop \ 1806 innetgr \ 1807 llabs \ 1808 login_getcapbool \ 1809 md5_crypt \ 1810 memmove \ 1811 memset_s \ 1812 mkdtemp \ 1813 ngetaddrinfo \ 1814 nsleep \ 1815 ogetaddrinfo \ 1816 openlog_r \ 1817 pledge \ 1818 poll \ 1819 prctl \ 1820 pstat \ 1821 raise \ 1822 readpassphrase \ 1823 reallocarray \ 1824 recvmsg \ 1825 recallocarray \ 1826 rresvport_af \ 1827 sendmsg \ 1828 setdtablesize \ 1829 setegid \ 1830 setenv \ 1831 seteuid \ 1832 setgroupent \ 1833 setgroups \ 1834 setlinebuf \ 1835 setlogin \ 1836 setpassent\ 1837 setpcred \ 1838 setproctitle \ 1839 setregid \ 1840 setreuid \ 1841 setrlimit \ 1842 setsid \ 1843 setvbuf \ 1844 sigaction \ 1845 sigvec \ 1846 snprintf \ 1847 socketpair \ 1848 statfs \ 1849 statvfs \ 1850 strcasestr \ 1851 strdup \ 1852 strerror \ 1853 strlcat \ 1854 strlcpy \ 1855 strmode \ 1856 strndup \ 1857 strnlen \ 1858 strnvis \ 1859 strptime \ 1860 strsignal \ 1861 strtonum \ 1862 strtoll \ 1863 strtoul \ 1864 strtoull \ 1865 swap32 \ 1866 sysconf \ 1867 tcgetpgrp \ 1868 timingsafe_bcmp \ 1869 truncate \ 1870 unsetenv \ 1871 updwtmpx \ 1872 user_from_uid \ 1873 usleep \ 1874 vasprintf \ 1875 vsnprintf \ 1876 waitpid \ 1877 warn \ 1878]) 1879 1880AC_CHECK_DECLS([bzero]) 1881 1882dnl Wide character support. 1883AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1884 1885TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 1886AC_MSG_CHECKING([for utf8 locale support]) 1887AC_RUN_IFELSE( 1888 [AC_LANG_PROGRAM([[ 1889#include <locale.h> 1890#include <stdlib.h> 1891 ]], [[ 1892 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 1893 if (loc != NULL) 1894 exit(0); 1895 exit(1); 1896 ]])], 1897 AC_MSG_RESULT(yes), 1898 [AC_MSG_RESULT(no) 1899 TEST_SSH_UTF8=no], 1900 AC_MSG_WARN([cross compiling: assuming yes]) 1901) 1902 1903AC_LINK_IFELSE( 1904 [AC_LANG_PROGRAM( 1905 [[ #include <ctype.h> ]], 1906 [[ return (isblank('a')); ]])], 1907 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1908]) 1909 1910disable_pkcs11= 1911AC_ARG_ENABLE([pkcs11], 1912 [ --disable-pkcs11 disable PKCS#11 support code [no]], 1913 [ 1914 if test "x$enableval" = "xno" ; then 1915 disable_pkcs11=1 1916 fi 1917 ] 1918) 1919 1920# PKCS11 depends on OpenSSL. 1921if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then 1922 # PKCS#11 support requires dlopen() and co 1923 AC_SEARCH_LIBS([dlopen], [dl], 1924 AC_CHECK_DECL([RTLD_NOW], 1925 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]), 1926 [], [#include <dlfcn.h>] 1927 ) 1928 ) 1929fi 1930 1931# IRIX has a const char return value for gai_strerror() 1932AC_CHECK_FUNCS([gai_strerror], [ 1933 AC_DEFINE([HAVE_GAI_STRERROR]) 1934 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1935#include <sys/types.h> 1936#include <sys/socket.h> 1937#include <netdb.h> 1938 1939const char *gai_strerror(int); 1940 ]], [[ 1941 char *str; 1942 str = gai_strerror(0); 1943 ]])], [ 1944 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1945 [Define if gai_strerror() returns const char *])], [])]) 1946 1947AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1948 [Some systems put nanosleep outside of libc])]) 1949 1950AC_SEARCH_LIBS([clock_gettime], [rt], 1951 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1952 1953dnl Make sure prototypes are defined for these before using them. 1954AC_CHECK_DECL([strsep], 1955 [AC_CHECK_FUNCS([strsep])], 1956 [], 1957 [ 1958#ifdef HAVE_STRING_H 1959# include <string.h> 1960#endif 1961 ]) 1962 1963dnl tcsendbreak might be a macro 1964AC_CHECK_DECL([tcsendbreak], 1965 [AC_DEFINE([HAVE_TCSENDBREAK])], 1966 [AC_CHECK_FUNCS([tcsendbreak])], 1967 [#include <termios.h>] 1968) 1969 1970AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 1971 1972AC_CHECK_DECLS([SHUT_RD], , , 1973 [ 1974#include <sys/types.h> 1975#include <sys/socket.h> 1976 ]) 1977 1978AC_CHECK_DECLS([O_NONBLOCK], , , 1979 [ 1980#include <sys/types.h> 1981#ifdef HAVE_SYS_STAT_H 1982# include <sys/stat.h> 1983#endif 1984#ifdef HAVE_FCNTL_H 1985# include <fcntl.h> 1986#endif 1987 ]) 1988 1989AC_CHECK_DECLS([readv, writev], , , [ 1990#include <sys/types.h> 1991#include <sys/uio.h> 1992#include <unistd.h> 1993 ]) 1994 1995AC_CHECK_DECLS([MAXSYMLINKS], , , [ 1996#include <sys/param.h> 1997 ]) 1998 1999AC_CHECK_DECLS([offsetof], , , [ 2000#include <stddef.h> 2001 ]) 2002 2003# extra bits for select(2) 2004AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2005#include <sys/param.h> 2006#include <sys/types.h> 2007#ifdef HAVE_SYS_SYSMACROS_H 2008#include <sys/sysmacros.h> 2009#endif 2010#ifdef HAVE_SYS_SELECT_H 2011#include <sys/select.h> 2012#endif 2013#ifdef HAVE_SYS_TIME_H 2014#include <sys/time.h> 2015#endif 2016#ifdef HAVE_UNISTD_H 2017#include <unistd.h> 2018#endif 2019 ]]) 2020AC_CHECK_TYPES([fd_mask], [], [], [[ 2021#include <sys/param.h> 2022#include <sys/types.h> 2023#ifdef HAVE_SYS_SELECT_H 2024#include <sys/select.h> 2025#endif 2026#ifdef HAVE_SYS_TIME_H 2027#include <sys/time.h> 2028#endif 2029#ifdef HAVE_UNISTD_H 2030#include <unistd.h> 2031#endif 2032 ]]) 2033 2034AC_CHECK_FUNCS([setresuid], [ 2035 dnl Some platorms have setresuid that isn't implemented, test for this 2036 AC_MSG_CHECKING([if setresuid seems to work]) 2037 AC_RUN_IFELSE( 2038 [AC_LANG_PROGRAM([[ 2039#include <stdlib.h> 2040#include <errno.h> 2041 ]], [[ 2042 errno=0; 2043 setresuid(0,0,0); 2044 if (errno==ENOSYS) 2045 exit(1); 2046 else 2047 exit(0); 2048 ]])], 2049 [AC_MSG_RESULT([yes])], 2050 [AC_DEFINE([BROKEN_SETRESUID], [1], 2051 [Define if your setresuid() is broken]) 2052 AC_MSG_RESULT([not implemented])], 2053 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2054 ) 2055]) 2056 2057AC_CHECK_FUNCS([setresgid], [ 2058 dnl Some platorms have setresgid that isn't implemented, test for this 2059 AC_MSG_CHECKING([if setresgid seems to work]) 2060 AC_RUN_IFELSE( 2061 [AC_LANG_PROGRAM([[ 2062#include <stdlib.h> 2063#include <errno.h> 2064 ]], [[ 2065 errno=0; 2066 setresgid(0,0,0); 2067 if (errno==ENOSYS) 2068 exit(1); 2069 else 2070 exit(0); 2071 ]])], 2072 [AC_MSG_RESULT([yes])], 2073 [AC_DEFINE([BROKEN_SETRESGID], [1], 2074 [Define if your setresgid() is broken]) 2075 AC_MSG_RESULT([not implemented])], 2076 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2077 ) 2078]) 2079 2080AC_CHECK_FUNCS([realpath], [ 2081 dnl the sftp v3 spec says SSH_FXP_REALPATH will "canonicalize any given 2082 dnl path name", however some implementations of realpath (and some 2083 dnl versions of the POSIX spec) do not work on non-existent files, 2084 dnl so we use the OpenBSD implementation on those platforms. 2085 AC_MSG_CHECKING([if realpath works with non-existent files]) 2086 AC_RUN_IFELSE( 2087 [AC_LANG_PROGRAM([[ 2088#include <limits.h> 2089#include <stdlib.h> 2090#include <errno.h> 2091 ]], [[ 2092 char buf[PATH_MAX]; 2093 if (realpath("/opensshnonexistentfilename1234", buf) == NULL) 2094 if (errno == ENOENT) 2095 exit(1); 2096 exit(0); 2097 ]])], 2098 [AC_MSG_RESULT([yes])], 2099 [AC_DEFINE([BROKEN_REALPATH], [1], 2100 [realpath does not work with nonexistent files]) 2101 AC_MSG_RESULT([no])], 2102 [AC_MSG_WARN([cross compiling: assuming working])] 2103 ) 2104]) 2105 2106AC_MSG_CHECKING([for working fflush(NULL)]) 2107AC_RUN_IFELSE( 2108 [AC_LANG_PROGRAM([[#include <stdio.h>]], [[fflush(NULL); exit(0);]])], 2109 AC_MSG_RESULT([yes]), 2110 [AC_MSG_RESULT([no]) 2111 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2112 [define if fflush(NULL) does not work])], 2113 AC_MSG_WARN([cross compiling: assuming working]) 2114) 2115 2116dnl Checks for time functions 2117AC_CHECK_FUNCS([gettimeofday time]) 2118dnl Checks for utmp functions 2119AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2120AC_CHECK_FUNCS([utmpname]) 2121dnl Checks for utmpx functions 2122AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2123AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2124dnl Checks for lastlog functions 2125AC_CHECK_FUNCS([getlastlogxbyname]) 2126 2127AC_CHECK_FUNC([daemon], 2128 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2129 [AC_CHECK_LIB([bsd], [daemon], 2130 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2131) 2132 2133AC_CHECK_FUNC([getpagesize], 2134 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2135 [Define if your libraries define getpagesize()])], 2136 [AC_CHECK_LIB([ucb], [getpagesize], 2137 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2138) 2139 2140# Check for broken snprintf 2141if test "x$ac_cv_func_snprintf" = "xyes" ; then 2142 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2143 AC_RUN_IFELSE( 2144 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 2145 [[ 2146 char b[5]; 2147 snprintf(b,5,"123456789"); 2148 exit(b[4]!='\0'); 2149 ]])], 2150 [AC_MSG_RESULT([yes])], 2151 [ 2152 AC_MSG_RESULT([no]) 2153 AC_DEFINE([BROKEN_SNPRINTF], [1], 2154 [Define if your snprintf is busted]) 2155 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2156 ], 2157 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2158 ) 2159fi 2160 2161if test "x$ac_cv_func_snprintf" = "xyes" ; then 2162 AC_MSG_CHECKING([whether snprintf understands %zu]) 2163 AC_RUN_IFELSE( 2164 [AC_LANG_PROGRAM([[ 2165#include <sys/types.h> 2166#include <stdio.h> 2167 ]], 2168 [[ 2169 size_t a = 1, b = 2; 2170 char z[128]; 2171 snprintf(z, sizeof z, "%zu%zu", a, b); 2172 exit(strcmp(z, "12")); 2173 ]])], 2174 [AC_MSG_RESULT([yes])], 2175 [ 2176 AC_MSG_RESULT([no]) 2177 AC_DEFINE([BROKEN_SNPRINTF], [1], 2178 [snprintf does not understand %zu]) 2179 ], 2180 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2181 ) 2182fi 2183 2184# We depend on vsnprintf returning the right thing on overflow: the 2185# number of characters it tried to create (as per SUSv3) 2186if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2187 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2188 AC_RUN_IFELSE( 2189 [AC_LANG_PROGRAM([[ 2190#include <sys/types.h> 2191#include <stdio.h> 2192#include <stdarg.h> 2193 2194int x_snprintf(char *str, size_t count, const char *fmt, ...) 2195{ 2196 size_t ret; 2197 va_list ap; 2198 2199 va_start(ap, fmt); 2200 ret = vsnprintf(str, count, fmt, ap); 2201 va_end(ap); 2202 return ret; 2203} 2204 ]], [[ 2205char x[1]; 2206if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2207 return 1; 2208if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2209 return 1; 2210return 0; 2211 ]])], 2212 [AC_MSG_RESULT([yes])], 2213 [ 2214 AC_MSG_RESULT([no]) 2215 AC_DEFINE([BROKEN_SNPRINTF], [1], 2216 [Define if your snprintf is busted]) 2217 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2218 ], 2219 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2220 ) 2221fi 2222 2223# On systems where [v]snprintf is broken, but is declared in stdio, 2224# check that the fmt argument is const char * or just char *. 2225# This is only useful for when BROKEN_SNPRINTF 2226AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2227AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2228#include <stdio.h> 2229int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2230 ]], [[ 2231 snprintf(0, 0, 0); 2232 ]])], 2233 [AC_MSG_RESULT([yes]) 2234 AC_DEFINE([SNPRINTF_CONST], [const], 2235 [Define as const if snprintf() can declare const char *fmt])], 2236 [AC_MSG_RESULT([no]) 2237 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2238 2239# Check for missing getpeereid (or equiv) support 2240NO_PEERCHECK="" 2241if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2242 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2243 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2244#include <sys/types.h> 2245#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2246 [ AC_MSG_RESULT([yes]) 2247 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2248 ], [AC_MSG_RESULT([no]) 2249 NO_PEERCHECK=1 2250 ]) 2251fi 2252 2253dnl see whether mkstemp() requires XXXXXX 2254if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 2255AC_MSG_CHECKING([for (overly) strict mkstemp]) 2256AC_RUN_IFELSE( 2257 [AC_LANG_PROGRAM([[ 2258#include <stdlib.h> 2259 ]], [[ 2260 char template[]="conftest.mkstemp-test"; 2261 if (mkstemp(template) == -1) 2262 exit(1); 2263 unlink(template); 2264 exit(0); 2265 ]])], 2266 [ 2267 AC_MSG_RESULT([no]) 2268 ], 2269 [ 2270 AC_MSG_RESULT([yes]) 2271 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) 2272 ], 2273 [ 2274 AC_MSG_RESULT([yes]) 2275 AC_DEFINE([HAVE_STRICT_MKSTEMP]) 2276 ] 2277) 2278fi 2279 2280dnl make sure that openpty does not reacquire controlling terminal 2281if test ! -z "$check_for_openpty_ctty_bug"; then 2282 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2283 AC_RUN_IFELSE( 2284 [AC_LANG_PROGRAM([[ 2285#include <stdio.h> 2286#include <sys/fcntl.h> 2287#include <sys/types.h> 2288#include <sys/wait.h> 2289 ]], [[ 2290 pid_t pid; 2291 int fd, ptyfd, ttyfd, status; 2292 2293 pid = fork(); 2294 if (pid < 0) { /* failed */ 2295 exit(1); 2296 } else if (pid > 0) { /* parent */ 2297 waitpid(pid, &status, 0); 2298 if (WIFEXITED(status)) 2299 exit(WEXITSTATUS(status)); 2300 else 2301 exit(2); 2302 } else { /* child */ 2303 close(0); close(1); close(2); 2304 setsid(); 2305 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2306 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2307 if (fd >= 0) 2308 exit(3); /* Acquired ctty: broken */ 2309 else 2310 exit(0); /* Did not acquire ctty: OK */ 2311 } 2312 ]])], 2313 [ 2314 AC_MSG_RESULT([yes]) 2315 ], 2316 [ 2317 AC_MSG_RESULT([no]) 2318 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2319 ], 2320 [ 2321 AC_MSG_RESULT([cross-compiling, assuming yes]) 2322 ] 2323 ) 2324fi 2325 2326if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2327 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2328 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2329 AC_RUN_IFELSE( 2330 [AC_LANG_PROGRAM([[ 2331#include <stdio.h> 2332#include <sys/socket.h> 2333#include <netdb.h> 2334#include <errno.h> 2335#include <netinet/in.h> 2336 2337#define TEST_PORT "2222" 2338 ]], [[ 2339 int err, sock; 2340 struct addrinfo *gai_ai, *ai, hints; 2341 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2342 2343 memset(&hints, 0, sizeof(hints)); 2344 hints.ai_family = PF_UNSPEC; 2345 hints.ai_socktype = SOCK_STREAM; 2346 hints.ai_flags = AI_PASSIVE; 2347 2348 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2349 if (err != 0) { 2350 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2351 exit(1); 2352 } 2353 2354 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2355 if (ai->ai_family != AF_INET6) 2356 continue; 2357 2358 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2359 sizeof(ntop), strport, sizeof(strport), 2360 NI_NUMERICHOST|NI_NUMERICSERV); 2361 2362 if (err != 0) { 2363 if (err == EAI_SYSTEM) 2364 perror("getnameinfo EAI_SYSTEM"); 2365 else 2366 fprintf(stderr, "getnameinfo failed: %s\n", 2367 gai_strerror(err)); 2368 exit(2); 2369 } 2370 2371 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2372 if (sock < 0) 2373 perror("socket"); 2374 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2375 if (errno == EBADF) 2376 exit(3); 2377 } 2378 } 2379 exit(0); 2380 ]])], 2381 [ 2382 AC_MSG_RESULT([yes]) 2383 ], 2384 [ 2385 AC_MSG_RESULT([no]) 2386 AC_DEFINE([BROKEN_GETADDRINFO]) 2387 ], 2388 [ 2389 AC_MSG_RESULT([cross-compiling, assuming yes]) 2390 ] 2391 ) 2392fi 2393 2394if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2395 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2396 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2397 AC_RUN_IFELSE( 2398 [AC_LANG_PROGRAM([[ 2399#include <stdio.h> 2400#include <sys/socket.h> 2401#include <netdb.h> 2402#include <errno.h> 2403#include <netinet/in.h> 2404 2405#define TEST_PORT "2222" 2406 ]], [[ 2407 int err, sock; 2408 struct addrinfo *gai_ai, *ai, hints; 2409 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2410 2411 memset(&hints, 0, sizeof(hints)); 2412 hints.ai_family = PF_UNSPEC; 2413 hints.ai_socktype = SOCK_STREAM; 2414 hints.ai_flags = AI_PASSIVE; 2415 2416 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2417 if (err != 0) { 2418 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2419 exit(1); 2420 } 2421 2422 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2423 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2424 continue; 2425 2426 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2427 sizeof(ntop), strport, sizeof(strport), 2428 NI_NUMERICHOST|NI_NUMERICSERV); 2429 2430 if (ai->ai_family == AF_INET && err != 0) { 2431 perror("getnameinfo"); 2432 exit(2); 2433 } 2434 } 2435 exit(0); 2436 ]])], 2437 [ 2438 AC_MSG_RESULT([yes]) 2439 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2440 [Define if you have a getaddrinfo that fails 2441 for the all-zeros IPv6 address]) 2442 ], 2443 [ 2444 AC_MSG_RESULT([no]) 2445 AC_DEFINE([BROKEN_GETADDRINFO]) 2446 ], 2447 [ 2448 AC_MSG_RESULT([cross-compiling, assuming no]) 2449 ] 2450 ) 2451fi 2452 2453if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2454 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2455 [#include <sys/types.h> 2456 #include <sys/socket.h> 2457 #include <netdb.h>]) 2458fi 2459 2460if test "x$check_for_conflicting_getspnam" = "x1"; then 2461 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2462 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]], 2463 [[ exit(0); ]])], 2464 [ 2465 AC_MSG_RESULT([no]) 2466 ], 2467 [ 2468 AC_MSG_RESULT([yes]) 2469 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2470 [Conflicting defs for getspnam]) 2471 ] 2472 ) 2473fi 2474 2475dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2476dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2477dnl for over ten years). Despite this incompatibility being reported during 2478dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2479dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2480dnl implementation. Try to detect this mess, and assume the only safe option 2481dnl if we're cross compiling. 2482dnl 2483dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2484dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2485if test "x$ac_cv_func_strnvis" = "xyes"; then 2486 AC_MSG_CHECKING([for working strnvis]) 2487 AC_RUN_IFELSE( 2488 [AC_LANG_PROGRAM([[ 2489#include <signal.h> 2490#include <stdlib.h> 2491#include <string.h> 2492#include <vis.h> 2493static void sighandler(int sig) { _exit(1); } 2494 ]], [[ 2495 char dst[16]; 2496 2497 signal(SIGSEGV, sighandler); 2498 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2499 exit(0); 2500 exit(1) 2501 ]])], 2502 [AC_MSG_RESULT([yes])], 2503 [AC_MSG_RESULT([no]) 2504 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2505 [AC_MSG_WARN([cross compiling: assuming broken]) 2506 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2507 ) 2508fi 2509 2510AC_CHECK_FUNCS([getpgrp],[ 2511 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2512 AC_COMPILE_IFELSE( 2513 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2514 [ AC_MSG_RESULT([yes]) 2515 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2516 [ AC_MSG_RESULT([no]) 2517 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2518 ) 2519]) 2520 2521# Search for OpenSSL 2522saved_CPPFLAGS="$CPPFLAGS" 2523saved_LDFLAGS="$LDFLAGS" 2524AC_ARG_WITH([ssl-dir], 2525 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2526 [ 2527 if test "x$openssl" = "xno" ; then 2528 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2529 fi 2530 if test "x$withval" != "xno" ; then 2531 case "$withval" in 2532 # Relative paths 2533 ./*|../*) withval="`pwd`/$withval" 2534 esac 2535 if test -d "$withval/lib"; then 2536 if test -n "${need_dash_r}"; then 2537 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 2538 else 2539 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2540 fi 2541 elif test -d "$withval/lib64"; then 2542 if test -n "${need_dash_r}"; then 2543 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}" 2544 else 2545 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2546 fi 2547 else 2548 if test -n "${need_dash_r}"; then 2549 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 2550 else 2551 LDFLAGS="-L${withval} ${LDFLAGS}" 2552 fi 2553 fi 2554 if test -d "$withval/include"; then 2555 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2556 else 2557 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2558 fi 2559 fi 2560 ] 2561) 2562 2563AC_ARG_WITH([openssl-header-check], 2564 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2565 [ 2566 if test "x$withval" = "xno" ; then 2567 openssl_check_nonfatal=1 2568 fi 2569 ] 2570) 2571 2572openssl_engine=no 2573AC_ARG_WITH([ssl-engine], 2574 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2575 [ 2576 if test "x$withval" != "xno" ; then 2577 if test "x$openssl" = "xno" ; then 2578 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2579 fi 2580 openssl_engine=yes 2581 fi 2582 ] 2583) 2584 2585if test "x$openssl" = "xyes" ; then 2586 LIBS="-lcrypto $LIBS" 2587 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1], 2588 [Define if your ssl headers are included 2589 with #include <openssl/header.h>])], 2590 [ 2591 dnl Check default openssl install dir 2592 if test -n "${need_dash_r}"; then 2593 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" 2594 else 2595 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" 2596 fi 2597 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" 2598 AC_CHECK_HEADER([openssl/opensslv.h], , 2599 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2600 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])], 2601 [ 2602 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***]) 2603 ] 2604 ) 2605 ] 2606 ) 2607 2608 # Determine OpenSSL header version 2609 AC_MSG_CHECKING([OpenSSL header version]) 2610 AC_RUN_IFELSE( 2611 [AC_LANG_PROGRAM([[ 2612 #include <stdlib.h> 2613 #include <stdio.h> 2614 #include <string.h> 2615 #include <openssl/opensslv.h> 2616 #define DATA "conftest.sslincver" 2617 ]], [[ 2618 FILE *fd; 2619 int rc; 2620 2621 fd = fopen(DATA,"w"); 2622 if(fd == NULL) 2623 exit(1); 2624 2625 if ((rc = fprintf(fd, "%08lx (%s)\n", 2626 (unsigned long)OPENSSL_VERSION_NUMBER, 2627 OPENSSL_VERSION_TEXT)) < 0) 2628 exit(1); 2629 2630 exit(0); 2631 ]])], 2632 [ 2633 ssl_header_ver=`cat conftest.sslincver` 2634 AC_MSG_RESULT([$ssl_header_ver]) 2635 ], 2636 [ 2637 AC_MSG_RESULT([not found]) 2638 AC_MSG_ERROR([OpenSSL version header not found.]) 2639 ], 2640 [ 2641 AC_MSG_WARN([cross compiling: not checking]) 2642 ] 2643 ) 2644 2645 # Determine OpenSSL library version 2646 AC_MSG_CHECKING([OpenSSL library version]) 2647 AC_RUN_IFELSE( 2648 [AC_LANG_PROGRAM([[ 2649 #include <stdio.h> 2650 #include <string.h> 2651 #include <openssl/opensslv.h> 2652 #include <openssl/crypto.h> 2653 #define DATA "conftest.ssllibver" 2654 ]], [[ 2655 FILE *fd; 2656 int rc; 2657 2658 fd = fopen(DATA,"w"); 2659 if(fd == NULL) 2660 exit(1); 2661 2662 if ((rc = fprintf(fd, "%08lx (%s)\n", (unsigned long)SSLeay(), 2663 SSLeay_version(SSLEAY_VERSION))) < 0) 2664 exit(1); 2665 2666 exit(0); 2667 ]])], 2668 [ 2669 ssl_library_ver=`cat conftest.ssllibver` 2670 # Check version is supported. 2671 case "$ssl_library_ver" in 2672 10000*|0*) 2673 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2674 ;; 2675 100*) ;; # 1.0.x 2676 101000[0123456]*) 2677 # https://github.com/openssl/openssl/pull/4613 2678 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) 2679 ;; 2680 101*) ;; # 1.1.x 2681 200*) ;; # LibreSSL 2682 *) 2683 AC_MSG_ERROR([OpenSSL > 1.1.x is not yet supported (have "$ssl_library_ver")]) 2684 ;; 2685 esac 2686 AC_MSG_RESULT([$ssl_library_ver]) 2687 ], 2688 [ 2689 AC_MSG_RESULT([not found]) 2690 AC_MSG_ERROR([OpenSSL library not found.]) 2691 ], 2692 [ 2693 AC_MSG_WARN([cross compiling: not checking]) 2694 ] 2695 ) 2696 2697 # Sanity check OpenSSL headers 2698 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2699 AC_RUN_IFELSE( 2700 [AC_LANG_PROGRAM([[ 2701 #include <string.h> 2702 #include <openssl/opensslv.h> 2703 #include <openssl/crypto.h> 2704 ]], [[ 2705 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2706 ]])], 2707 [ 2708 AC_MSG_RESULT([yes]) 2709 ], 2710 [ 2711 AC_MSG_RESULT([no]) 2712 if test "x$openssl_check_nonfatal" = "x"; then 2713 AC_MSG_ERROR([Your OpenSSL headers do not match your 2714 library. Check config.log for details. 2715 If you are sure your installation is consistent, you can disable the check 2716 by running "./configure --without-openssl-header-check". 2717 Also see contrib/findssl.sh for help identifying header/library mismatches. 2718 ]) 2719 else 2720 AC_MSG_WARN([Your OpenSSL headers do not match your 2721 library. Check config.log for details. 2722 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2723 fi 2724 ], 2725 [ 2726 AC_MSG_WARN([cross compiling: not checking]) 2727 ] 2728 ) 2729 2730 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2731 AC_LINK_IFELSE( 2732 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2733 [[ SSLeay_add_all_algorithms(); ]])], 2734 [ 2735 AC_MSG_RESULT([yes]) 2736 ], 2737 [ 2738 AC_MSG_RESULT([no]) 2739 saved_LIBS="$LIBS" 2740 LIBS="$LIBS -ldl" 2741 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2742 AC_LINK_IFELSE( 2743 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2744 [[ SSLeay_add_all_algorithms(); ]])], 2745 [ 2746 AC_MSG_RESULT([yes]) 2747 ], 2748 [ 2749 AC_MSG_RESULT([no]) 2750 LIBS="$saved_LIBS" 2751 ] 2752 ) 2753 ] 2754 ) 2755 2756 AC_CHECK_FUNCS([ \ 2757 BN_is_prime_ex \ 2758 DSA_generate_parameters_ex \ 2759 EVP_DigestInit_ex \ 2760 EVP_DigestFinal_ex \ 2761 EVP_MD_CTX_init \ 2762 EVP_MD_CTX_cleanup \ 2763 EVP_MD_CTX_copy_ex \ 2764 HMAC_CTX_init \ 2765 RSA_generate_key_ex \ 2766 RSA_get_default_method \ 2767 ]) 2768 2769 if test "x$openssl_engine" = "xyes" ; then 2770 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2771 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2772 #include <openssl/engine.h> 2773 ]], [[ 2774 ENGINE_load_builtin_engines(); 2775 ENGINE_register_all_complete(); 2776 ]])], 2777 [ AC_MSG_RESULT([yes]) 2778 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2779 [Enable OpenSSL engine support]) 2780 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2781 ]) 2782 fi 2783 2784 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2785 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2786 AC_LINK_IFELSE( 2787 [AC_LANG_PROGRAM([[ 2788 #include <string.h> 2789 #include <openssl/evp.h> 2790 ]], [[ 2791 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2792 ]])], 2793 [ 2794 AC_MSG_RESULT([no]) 2795 ], 2796 [ 2797 AC_MSG_RESULT([yes]) 2798 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2799 [libcrypto is missing AES 192 and 256 bit functions]) 2800 ] 2801 ) 2802 2803 # Check for OpenSSL with EVP_aes_*ctr 2804 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2805 AC_LINK_IFELSE( 2806 [AC_LANG_PROGRAM([[ 2807 #include <string.h> 2808 #include <openssl/evp.h> 2809 ]], [[ 2810 exit(EVP_aes_128_ctr() == NULL || 2811 EVP_aes_192_cbc() == NULL || 2812 EVP_aes_256_cbc() == NULL); 2813 ]])], 2814 [ 2815 AC_MSG_RESULT([yes]) 2816 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2817 [libcrypto has EVP AES CTR]) 2818 ], 2819 [ 2820 AC_MSG_RESULT([no]) 2821 ] 2822 ) 2823 2824 # Check for OpenSSL with EVP_aes_*gcm 2825 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2826 AC_LINK_IFELSE( 2827 [AC_LANG_PROGRAM([[ 2828 #include <string.h> 2829 #include <openssl/evp.h> 2830 ]], [[ 2831 exit(EVP_aes_128_gcm() == NULL || 2832 EVP_aes_256_gcm() == NULL || 2833 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2834 EVP_CTRL_GCM_IV_GEN == 0 || 2835 EVP_CTRL_GCM_SET_TAG == 0 || 2836 EVP_CTRL_GCM_GET_TAG == 0 || 2837 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2838 ]])], 2839 [ 2840 AC_MSG_RESULT([yes]) 2841 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2842 [libcrypto has EVP AES GCM]) 2843 ], 2844 [ 2845 AC_MSG_RESULT([no]) 2846 unsupported_algorithms="$unsupported_cipers \ 2847 aes128-gcm@openssh.com \ 2848 aes256-gcm@openssh.com" 2849 ] 2850 ) 2851 2852 AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto], 2853 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1], 2854 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])]) 2855 2856 # LibreSSL/OpenSSL 1.1x API 2857 AC_SEARCH_LIBS([DH_get0_key], [crypto], 2858 [AC_DEFINE([HAVE_DH_GET0_KEY], [1], 2859 [Define if libcrypto has DH_get0_key])]) 2860 AC_SEARCH_LIBS([DH_get0_pqg], [crypto], 2861 [AC_DEFINE([HAVE_DH_GET0_PQG], [1], 2862 [Define if libcrypto has DH_get0_pqg])]) 2863 AC_SEARCH_LIBS([DH_set0_key], [crypto], 2864 [AC_DEFINE([HAVE_DH_SET0_KEY], [1], 2865 [Define if libcrypto has DH_set0_key])]) 2866 AC_SEARCH_LIBS([DH_set_length], [crypto], 2867 [AC_DEFINE([HAVE_DH_SET_LENGTH], [1], 2868 [Define if libcrypto has DH_set_length])]) 2869 AC_SEARCH_LIBS([DH_set0_pqg], [crypto], 2870 [AC_DEFINE([HAVE_DH_SET0_PQG], [1], 2871 [Define if libcrypto has DH_set0_pqg])]) 2872 2873 AC_SEARCH_LIBS([DSA_get0_key], [crypto], 2874 [AC_DEFINE([HAVE_DSA_GET0_KEY], [1], 2875 [Define if libcrypto has DSA_get0_key])]) 2876 AC_SEARCH_LIBS([DSA_get0_pqg], [crypto], 2877 [AC_DEFINE([HAVE_DSA_GET0_PQG], [1], 2878 [Define if libcrypto has DSA_get0_pqg])]) 2879 AC_SEARCH_LIBS([DSA_set0_key], [crypto], 2880 [AC_DEFINE([HAVE_DSA_SET0_KEY], [1], 2881 [Define if libcrypto has DSA_set0_key])]) 2882 AC_SEARCH_LIBS([DSA_set0_pqg], [crypto], 2883 [AC_DEFINE([HAVE_DSA_SET0_PQG], [1], 2884 [Define if libcrypto has DSA_set0_pqg])]) 2885 2886 AC_SEARCH_LIBS([DSA_SIG_get0], [crypto], 2887 [AC_DEFINE([HAVE_DSA_SIG_GET0], [1], 2888 [Define if libcrypto has DSA_SIG_get0])]) 2889 AC_SEARCH_LIBS([DSA_SIG_set0], [crypto], 2890 [AC_DEFINE([HAVE_DSA_SIG_SET0], [1], 2891 [Define if libcrypto has DSA_SIG_set0])]) 2892 2893 AC_SEARCH_LIBS([ECDSA_SIG_get0], [crypto], 2894 [AC_DEFINE([HAVE_ECDSA_SIG_GET0], [1], 2895 [Define if libcrypto has ECDSA_SIG_get0])]) 2896 AC_SEARCH_LIBS([ECDSA_SIG_set0], [crypto], 2897 [AC_DEFINE([HAVE_ECDSA_SIG_SET0], [1], 2898 [Define if libcrypto has ECDSA_SIG_set0])]) 2899 2900 AC_SEARCH_LIBS([EVP_CIPHER_CTX_iv], [crypto], 2901 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_IV], [1], 2902 [Define if libcrypto has EVP_CIPHER_CTX_iv])]) 2903 AC_SEARCH_LIBS([EVP_CIPHER_CTX_iv_noconst], [crypto], 2904 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_IV_NOCONST], [1], 2905 [Define if libcrypto has EVP_CIPHER_CTX_iv_noconst])]) 2906 AC_SEARCH_LIBS([EVP_CIPHER_CTX_get_iv], [crypto], 2907 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_GET_IV], [1], 2908 [Define if libcrypto has EVP_CIPHER_CTX_get_iv])]) 2909 AC_SEARCH_LIBS([EVP_CIPHER_CTX_set_iv], [crypto], 2910 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_GET_IV], [1], 2911 [Define if libcrypto has EVP_CIPHER_CTX_set_iv])]) 2912 2913 AC_SEARCH_LIBS([RSA_get0_crt_params], [crypto], 2914 [AC_DEFINE([HAVE_RSA_GET0_CRT_PARAMS], [1], 2915 [Define if libcrypto has RSA_get0_crt_params])]) 2916 AC_SEARCH_LIBS([RSA_get0_factors], [crypto], 2917 [AC_DEFINE([HAVE_RSA_GET0_FACTORS], [1], 2918 [Define if libcrypto has RSA_get0_factors])]) 2919 AC_SEARCH_LIBS([RSA_get0_key], [crypto], 2920 [AC_DEFINE([HAVE_RSA_GET0_KEY], [1], 2921 [Define if libcrypto has RSA_get0_key])]) 2922 AC_SEARCH_LIBS([RSA_set0_crt_params], [crypto], 2923 [AC_DEFINE([HAVE_RSA_SET0_CRT_PARAMS], [1], 2924 [Define if libcrypto has RSA_get0_srt_params])]) 2925 AC_SEARCH_LIBS([RSA_set0_factors], [crypto], 2926 [AC_DEFINE([HAVE_RSA_SET0_FACTORS], [1], 2927 [Define if libcrypto has RSA_set0_factors])]) 2928 AC_SEARCH_LIBS([RSA_set0_key], [crypto], 2929 [AC_DEFINE([HAVE_RSA_SET0_KEY], [1], 2930 [Define if libcrypto has RSA_set0_key])]) 2931 2932 AC_SEARCH_LIBS([RSA_meth_free], [crypto], 2933 [AC_DEFINE([HAVE_RSA_METH_FREE], [1], 2934 [Define if libcrypto has RSA_meth_free])]) 2935 AC_SEARCH_LIBS([RSA_meth_dup], [crypto], 2936 [AC_DEFINE([HAVE_RSA_METH_DUP], [1], 2937 [Define if libcrypto has RSA_meth_dup])]) 2938 AC_SEARCH_LIBS([RSA_meth_set1_name], [crypto], 2939 [AC_DEFINE([HAVE_RSA_METH_SET1_NAME], [1], 2940 [Define if libcrypto has RSA_meth_set1_name])]) 2941 AC_SEARCH_LIBS([RSA_meth_get_finish], [crypto], 2942 [AC_DEFINE([HAVE_RSA_METH_GET_FINISH], [1], 2943 [Define if libcrypto has RSA_meth_get_finish])]) 2944 AC_SEARCH_LIBS([RSA_meth_set_priv_enc], [crypto], 2945 [AC_DEFINE([HAVE_RSA_METH_SET_PRIV_ENC], [1], 2946 [Define if libcrypto has RSA_meth_set_priv_enc])]) 2947 AC_SEARCH_LIBS([RSA_meth_set_priv_dec], [crypto], 2948 [AC_DEFINE([HAVE_RSA_METH_SET_PRIV_DEC], [1], 2949 [Define if libcrypto has RSA_meth_set_priv_dec])]) 2950 AC_SEARCH_LIBS([RSA_meth_set_finish], [crypto], 2951 [AC_DEFINE([HAVE_RSA_METH_SET_FINISH], [1], 2952 [Define if libcrypto has RSA_meth_set_finish])]) 2953 2954 AC_SEARCH_LIBS([EVP_PKEY_get0_RSA], [crypto], 2955 [AC_DEFINE([HAVE_EVP_PKEY_GET0_RSA], [1], 2956 [Define if libcrypto has EVP_PKEY_get0_RSA])]) 2957 2958 AC_SEARCH_LIBS([EVP_MD_CTX_new], [crypto], 2959 [AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [1], 2960 [Define if libcrypto has EVP_MD_CTX_new])]) 2961 AC_SEARCH_LIBS([EVP_MD_CTX_free], [crypto], 2962 [AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [1], 2963 [Define if libcrypto has EVP_MD_CTX_free])]) 2964 2965 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2966 AC_LINK_IFELSE( 2967 [AC_LANG_PROGRAM([[ 2968 #include <string.h> 2969 #include <openssl/evp.h> 2970 ]], [[ 2971 if(EVP_DigestUpdate(NULL, NULL,0)) 2972 exit(0); 2973 ]])], 2974 [ 2975 AC_MSG_RESULT([yes]) 2976 ], 2977 [ 2978 AC_MSG_RESULT([no]) 2979 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2980 [Define if EVP_DigestUpdate returns void]) 2981 ] 2982 ) 2983 2984 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2985 # because the system crypt() is more featureful. 2986 if test "x$check_for_libcrypt_before" = "x1"; then 2987 AC_CHECK_LIB([crypt], [crypt]) 2988 fi 2989 2990 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2991 # version in OpenSSL. 2992 if test "x$check_for_libcrypt_later" = "x1"; then 2993 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2994 fi 2995 AC_CHECK_FUNCS([crypt DES_crypt]) 2996 2997 # Search for SHA256 support in libc and/or OpenSSL 2998 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], , 2999 [unsupported_algorithms="$unsupported_algorithms \ 3000 hmac-sha2-256 \ 3001 hmac-sha2-512 \ 3002 diffie-hellman-group-exchange-sha256 \ 3003 hmac-sha2-256-etm@openssh.com \ 3004 hmac-sha2-512-etm@openssh.com" 3005 ] 3006 ) 3007 # Search for RIPE-MD support in OpenSSL 3008 AC_CHECK_FUNCS([EVP_ripemd160], , 3009 [unsupported_algorithms="$unsupported_algorithms \ 3010 hmac-ripemd160 \ 3011 hmac-ripemd160@openssh.com \ 3012 hmac-ripemd160-etm@openssh.com" 3013 ] 3014 ) 3015 3016 # Check complete ECC support in OpenSSL 3017 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 3018 AC_LINK_IFELSE( 3019 [AC_LANG_PROGRAM([[ 3020 #include <openssl/ec.h> 3021 #include <openssl/ecdh.h> 3022 #include <openssl/ecdsa.h> 3023 #include <openssl/evp.h> 3024 #include <openssl/objects.h> 3025 #include <openssl/opensslv.h> 3026 ]], [[ 3027 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3028 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3029 ]])], 3030 [ AC_MSG_RESULT([yes]) 3031 enable_nistp256=1 ], 3032 [ AC_MSG_RESULT([no]) ] 3033 ) 3034 3035 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3036 AC_LINK_IFELSE( 3037 [AC_LANG_PROGRAM([[ 3038 #include <openssl/ec.h> 3039 #include <openssl/ecdh.h> 3040 #include <openssl/ecdsa.h> 3041 #include <openssl/evp.h> 3042 #include <openssl/objects.h> 3043 #include <openssl/opensslv.h> 3044 ]], [[ 3045 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3046 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3047 ]])], 3048 [ AC_MSG_RESULT([yes]) 3049 enable_nistp384=1 ], 3050 [ AC_MSG_RESULT([no]) ] 3051 ) 3052 3053 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3054 AC_LINK_IFELSE( 3055 [AC_LANG_PROGRAM([[ 3056 #include <openssl/ec.h> 3057 #include <openssl/ecdh.h> 3058 #include <openssl/ecdsa.h> 3059 #include <openssl/evp.h> 3060 #include <openssl/objects.h> 3061 #include <openssl/opensslv.h> 3062 ]], [[ 3063 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3064 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3065 ]])], 3066 [ AC_MSG_RESULT([yes]) 3067 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3068 AC_RUN_IFELSE( 3069 [AC_LANG_PROGRAM([[ 3070 #include <openssl/ec.h> 3071 #include <openssl/ecdh.h> 3072 #include <openssl/ecdsa.h> 3073 #include <openssl/evp.h> 3074 #include <openssl/objects.h> 3075 #include <openssl/opensslv.h> 3076 ]],[[ 3077 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3078 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3079 exit(e == NULL || m == NULL); 3080 ]])], 3081 [ AC_MSG_RESULT([yes]) 3082 enable_nistp521=1 ], 3083 [ AC_MSG_RESULT([no]) ], 3084 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3085 enable_nistp521=1 ] 3086 )], 3087 AC_MSG_RESULT([no]) 3088 ) 3089 3090 COMMENT_OUT_ECC="#no ecc#" 3091 TEST_SSH_ECC=no 3092 3093 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3094 test x$enable_nistp521 = x1; then 3095 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3096 fi 3097 if test x$enable_nistp256 = x1; then 3098 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3099 [libcrypto has NID_X9_62_prime256v1]) 3100 TEST_SSH_ECC=yes 3101 COMMENT_OUT_ECC="" 3102 else 3103 unsupported_algorithms="$unsupported_algorithms \ 3104 ecdsa-sha2-nistp256 \ 3105 ecdh-sha2-nistp256 \ 3106 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3107 fi 3108 if test x$enable_nistp384 = x1; then 3109 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3110 TEST_SSH_ECC=yes 3111 COMMENT_OUT_ECC="" 3112 else 3113 unsupported_algorithms="$unsupported_algorithms \ 3114 ecdsa-sha2-nistp384 \ 3115 ecdh-sha2-nistp384 \ 3116 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3117 fi 3118 if test x$enable_nistp521 = x1; then 3119 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3120 TEST_SSH_ECC=yes 3121 COMMENT_OUT_ECC="" 3122 else 3123 unsupported_algorithms="$unsupported_algorithms \ 3124 ecdh-sha2-nistp521 \ 3125 ecdsa-sha2-nistp521 \ 3126 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3127 fi 3128 3129 AC_SUBST([TEST_SSH_ECC]) 3130 AC_SUBST([COMMENT_OUT_ECC]) 3131else 3132 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3133 AC_CHECK_FUNCS([crypt]) 3134fi 3135 3136AC_CHECK_FUNCS([ \ 3137 arc4random \ 3138 arc4random_buf \ 3139 arc4random_stir \ 3140 arc4random_uniform \ 3141]) 3142 3143saved_LIBS="$LIBS" 3144AC_CHECK_LIB([iaf], [ia_openinfo], [ 3145 LIBS="$LIBS -liaf" 3146 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3147 AC_DEFINE([HAVE_LIBIAF], [1], 3148 [Define if system has libiaf that supports set_id]) 3149 ]) 3150]) 3151LIBS="$saved_LIBS" 3152 3153### Configure cryptographic random number support 3154 3155# Check whether OpenSSL seeds itself 3156if test "x$openssl" = "xyes" ; then 3157 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3158 AC_RUN_IFELSE( 3159 [AC_LANG_PROGRAM([[ 3160 #include <string.h> 3161 #include <openssl/rand.h> 3162 ]], [[ 3163 exit(RAND_status() == 1 ? 0 : 1); 3164 ]])], 3165 [ 3166 OPENSSL_SEEDS_ITSELF=yes 3167 AC_MSG_RESULT([yes]) 3168 ], 3169 [ 3170 AC_MSG_RESULT([no]) 3171 ], 3172 [ 3173 AC_MSG_WARN([cross compiling: assuming yes]) 3174 # This is safe, since we will fatal() at runtime if 3175 # OpenSSL is not seeded correctly. 3176 OPENSSL_SEEDS_ITSELF=yes 3177 ] 3178 ) 3179fi 3180 3181# PRNGD TCP socket 3182AC_ARG_WITH([prngd-port], 3183 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3184 [ 3185 case "$withval" in 3186 no) 3187 withval="" 3188 ;; 3189 [[0-9]]*) 3190 ;; 3191 *) 3192 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3193 ;; 3194 esac 3195 if test ! -z "$withval" ; then 3196 PRNGD_PORT="$withval" 3197 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3198 [Port number of PRNGD/EGD random number socket]) 3199 fi 3200 ] 3201) 3202 3203# PRNGD Unix domain socket 3204AC_ARG_WITH([prngd-socket], 3205 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3206 [ 3207 case "$withval" in 3208 yes) 3209 withval="/var/run/egd-pool" 3210 ;; 3211 no) 3212 withval="" 3213 ;; 3214 /*) 3215 ;; 3216 *) 3217 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3218 ;; 3219 esac 3220 3221 if test ! -z "$withval" ; then 3222 if test ! -z "$PRNGD_PORT" ; then 3223 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3224 fi 3225 if test ! -r "$withval" ; then 3226 AC_MSG_WARN([Entropy socket is not readable]) 3227 fi 3228 PRNGD_SOCKET="$withval" 3229 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3230 [Location of PRNGD/EGD random number socket]) 3231 fi 3232 ], 3233 [ 3234 # Check for existing socket only if we don't have a random device already 3235 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3236 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3237 # Insert other locations here 3238 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3239 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3240 PRNGD_SOCKET="$sock" 3241 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3242 break; 3243 fi 3244 done 3245 if test ! -z "$PRNGD_SOCKET" ; then 3246 AC_MSG_RESULT([$PRNGD_SOCKET]) 3247 else 3248 AC_MSG_RESULT([not found]) 3249 fi 3250 fi 3251 ] 3252) 3253 3254# Which randomness source do we use? 3255if test ! -z "$PRNGD_PORT" ; then 3256 RAND_MSG="PRNGd port $PRNGD_PORT" 3257elif test ! -z "$PRNGD_SOCKET" ; then 3258 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3259elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3260 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3261 [Define if you want the OpenSSL internally seeded PRNG only]) 3262 RAND_MSG="OpenSSL internal ONLY" 3263elif test "x$openssl" = "xno" ; then 3264 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3265else 3266 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3267fi 3268 3269# Check for PAM libs 3270PAM_MSG="no" 3271AC_ARG_WITH([pam], 3272 [ --with-pam Enable PAM support ], 3273 [ 3274 if test "x$withval" != "xno" ; then 3275 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3276 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3277 AC_MSG_ERROR([PAM headers not found]) 3278 fi 3279 3280 saved_LIBS="$LIBS" 3281 AC_CHECK_LIB([dl], [dlopen], , ) 3282 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3283 AC_CHECK_FUNCS([pam_getenvlist]) 3284 AC_CHECK_FUNCS([pam_putenv]) 3285 LIBS="$saved_LIBS" 3286 3287 PAM_MSG="yes" 3288 3289 SSHDLIBS="$SSHDLIBS -lpam" 3290 AC_DEFINE([USE_PAM], [1], 3291 [Define if you want to enable PAM support]) 3292 3293 if test $ac_cv_lib_dl_dlopen = yes; then 3294 case "$LIBS" in 3295 *-ldl*) 3296 # libdl already in LIBS 3297 ;; 3298 *) 3299 SSHDLIBS="$SSHDLIBS -ldl" 3300 ;; 3301 esac 3302 fi 3303 fi 3304 ] 3305) 3306 3307AC_ARG_WITH([pam-service], 3308 [ --with-pam-service=name Specify PAM service name ], 3309 [ 3310 if test "x$withval" != "xno" && \ 3311 test "x$withval" != "xyes" ; then 3312 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3313 ["$withval"], [sshd PAM service name]) 3314 fi 3315 ] 3316) 3317 3318# Check for older PAM 3319if test "x$PAM_MSG" = "xyes" ; then 3320 # Check PAM strerror arguments (old PAM) 3321 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3322 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3323#include <stdlib.h> 3324#if defined(HAVE_SECURITY_PAM_APPL_H) 3325#include <security/pam_appl.h> 3326#elif defined (HAVE_PAM_PAM_APPL_H) 3327#include <pam/pam_appl.h> 3328#endif 3329 ]], [[ 3330(void)pam_strerror((pam_handle_t *)NULL, -1); 3331 ]])], [AC_MSG_RESULT([no])], [ 3332 AC_DEFINE([HAVE_OLD_PAM], [1], 3333 [Define if you have an old version of PAM 3334 which takes only one argument to pam_strerror]) 3335 AC_MSG_RESULT([yes]) 3336 PAM_MSG="yes (old library)" 3337 3338 ]) 3339fi 3340 3341case "$host" in 3342*-*-cygwin*) 3343 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3344 ;; 3345*) 3346 SSH_PRIVSEP_USER=sshd 3347 ;; 3348esac 3349AC_ARG_WITH([privsep-user], 3350 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3351 [ 3352 if test -n "$withval" && test "x$withval" != "xno" && \ 3353 test "x${withval}" != "xyes"; then 3354 SSH_PRIVSEP_USER=$withval 3355 fi 3356 ] 3357) 3358if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3359 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3360 [Cygwin function to fetch non-privileged user for privilege separation]) 3361else 3362 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3363 [non-privileged user for privilege separation]) 3364fi 3365AC_SUBST([SSH_PRIVSEP_USER]) 3366 3367if test "x$have_linux_no_new_privs" = "x1" ; then 3368AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3369 #include <sys/types.h> 3370 #include <linux/seccomp.h> 3371]) 3372fi 3373if test "x$have_seccomp_filter" = "x1" ; then 3374AC_MSG_CHECKING([kernel for seccomp_filter support]) 3375AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3376 #include <errno.h> 3377 #include <elf.h> 3378 #include <linux/audit.h> 3379 #include <linux/seccomp.h> 3380 #include <stdlib.h> 3381 #include <sys/prctl.h> 3382 ]], 3383 [[ int i = $seccomp_audit_arch; 3384 errno = 0; 3385 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3386 exit(errno == EFAULT ? 0 : 1); ]])], 3387 [ AC_MSG_RESULT([yes]) ], [ 3388 AC_MSG_RESULT([no]) 3389 # Disable seccomp filter as a target 3390 have_seccomp_filter=0 3391 ] 3392) 3393fi 3394 3395# Decide which sandbox style to use 3396sandbox_arg="" 3397AC_ARG_WITH([sandbox], 3398 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3399 [ 3400 if test "x$withval" = "xyes" ; then 3401 sandbox_arg="" 3402 else 3403 sandbox_arg="$withval" 3404 fi 3405 ] 3406) 3407 3408# Some platforms (seems to be the ones that have a kernel poll(2)-type 3409# function with which they implement select(2)) use an extra file descriptor 3410# when calling select(2), which means we can't use the rlimit sandbox. 3411AC_MSG_CHECKING([if select works with descriptor rlimit]) 3412AC_RUN_IFELSE( 3413 [AC_LANG_PROGRAM([[ 3414#include <sys/types.h> 3415#ifdef HAVE_SYS_TIME_H 3416# include <sys/time.h> 3417#endif 3418#include <sys/resource.h> 3419#ifdef HAVE_SYS_SELECT_H 3420# include <sys/select.h> 3421#endif 3422#include <errno.h> 3423#include <fcntl.h> 3424#include <stdlib.h> 3425 ]],[[ 3426 struct rlimit rl_zero; 3427 int fd, r; 3428 fd_set fds; 3429 struct timeval tv; 3430 3431 fd = open("/dev/null", O_RDONLY); 3432 FD_ZERO(&fds); 3433 FD_SET(fd, &fds); 3434 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3435 setrlimit(RLIMIT_FSIZE, &rl_zero); 3436 setrlimit(RLIMIT_NOFILE, &rl_zero); 3437 tv.tv_sec = 1; 3438 tv.tv_usec = 0; 3439 r = select(fd+1, &fds, NULL, NULL, &tv); 3440 exit (r == -1 ? 1 : 0); 3441 ]])], 3442 [AC_MSG_RESULT([yes]) 3443 select_works_with_rlimit=yes], 3444 [AC_MSG_RESULT([no]) 3445 select_works_with_rlimit=no], 3446 [AC_MSG_WARN([cross compiling: assuming yes]) 3447 select_works_with_rlimit=yes] 3448) 3449 3450AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3451AC_RUN_IFELSE( 3452 [AC_LANG_PROGRAM([[ 3453#include <sys/types.h> 3454#ifdef HAVE_SYS_TIME_H 3455# include <sys/time.h> 3456#endif 3457#include <sys/resource.h> 3458#include <errno.h> 3459#include <stdlib.h> 3460 ]],[[ 3461 struct rlimit rl_zero; 3462 int fd, r; 3463 fd_set fds; 3464 3465 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3466 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3467 exit (r == -1 ? 1 : 0); 3468 ]])], 3469 [AC_MSG_RESULT([yes]) 3470 rlimit_nofile_zero_works=yes], 3471 [AC_MSG_RESULT([no]) 3472 rlimit_nofile_zero_works=no], 3473 [AC_MSG_WARN([cross compiling: assuming yes]) 3474 rlimit_nofile_zero_works=yes] 3475) 3476 3477AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3478AC_RUN_IFELSE( 3479 [AC_LANG_PROGRAM([[ 3480#include <sys/types.h> 3481#include <sys/resource.h> 3482#include <stdlib.h> 3483 ]],[[ 3484 struct rlimit rl_zero; 3485 3486 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3487 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3488 ]])], 3489 [AC_MSG_RESULT([yes])], 3490 [AC_MSG_RESULT([no]) 3491 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3492 [setrlimit RLIMIT_FSIZE works])], 3493 [AC_MSG_WARN([cross compiling: assuming yes])] 3494) 3495 3496if test "x$sandbox_arg" = "xpledge" || \ 3497 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3498 test "x$ac_cv_func_pledge" != "xyes" && \ 3499 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3500 SANDBOX_STYLE="pledge" 3501 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3502elif test "x$sandbox_arg" = "xsystrace" || \ 3503 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3504 test "x$have_systr_policy_kill" != "x1" && \ 3505 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3506 SANDBOX_STYLE="systrace" 3507 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3508elif test "x$sandbox_arg" = "xdarwin" || \ 3509 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3510 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3511 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3512 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3513 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3514 SANDBOX_STYLE="darwin" 3515 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3516elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3517 ( test -z "$sandbox_arg" && \ 3518 test "x$have_seccomp_filter" = "x1" && \ 3519 test "x$ac_cv_header_elf_h" = "xyes" && \ 3520 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3521 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3522 test "x$seccomp_audit_arch" != "x" && \ 3523 test "x$have_linux_no_new_privs" = "x1" && \ 3524 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3525 test "x$seccomp_audit_arch" = "x" && \ 3526 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3527 test "x$have_linux_no_new_privs" != "x1" && \ 3528 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3529 test "x$have_seccomp_filter" != "x1" && \ 3530 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3531 test "x$ac_cv_func_prctl" != "xyes" && \ 3532 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3533 SANDBOX_STYLE="seccomp_filter" 3534 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3535elif test "x$sandbox_arg" = "xcapsicum" || \ 3536 ( test -z "$sandbox_arg" && \ 3537 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3538 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3539 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3540 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3541 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3542 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3543 SANDBOX_STYLE="capsicum" 3544 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3545elif test "x$sandbox_arg" = "xrlimit" || \ 3546 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3547 test "x$select_works_with_rlimit" = "xyes" && \ 3548 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3549 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3550 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3551 test "x$select_works_with_rlimit" != "xyes" && \ 3552 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3553 SANDBOX_STYLE="rlimit" 3554 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3555elif test "x$sandbox_arg" = "xsolaris" || \ 3556 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3557 SANDBOX_STYLE="solaris" 3558 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3559elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3560 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3561 SANDBOX_STYLE="none" 3562 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3563else 3564 AC_MSG_ERROR([unsupported --with-sandbox]) 3565fi 3566 3567# Cheap hack to ensure NEWS-OS libraries are arranged right. 3568if test ! -z "$SONY" ; then 3569 LIBS="$LIBS -liberty"; 3570fi 3571 3572# Check for long long datatypes 3573AC_CHECK_TYPES([long long, unsigned long long, long double]) 3574 3575# Check datatype sizes 3576AC_CHECK_SIZEOF([short int], [2]) 3577AC_CHECK_SIZEOF([int], [4]) 3578AC_CHECK_SIZEOF([long int], [4]) 3579AC_CHECK_SIZEOF([long long int], [8]) 3580 3581# Sanity check long long for some platforms (AIX) 3582if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3583 ac_cv_sizeof_long_long_int=0 3584fi 3585 3586# compute LLONG_MIN and LLONG_MAX if we don't know them. 3587if test -z "$have_llong_max"; then 3588 AC_MSG_CHECKING([for max value of long long]) 3589 AC_RUN_IFELSE( 3590 [AC_LANG_PROGRAM([[ 3591#include <stdio.h> 3592/* Why is this so damn hard? */ 3593#ifdef __GNUC__ 3594# undef __GNUC__ 3595#endif 3596#define __USE_ISOC99 3597#include <limits.h> 3598#define DATA "conftest.llminmax" 3599#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3600 3601/* 3602 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3603 * we do this the hard way. 3604 */ 3605static int 3606fprint_ll(FILE *f, long long n) 3607{ 3608 unsigned int i; 3609 int l[sizeof(long long) * 8]; 3610 3611 if (n < 0) 3612 if (fprintf(f, "-") < 0) 3613 return -1; 3614 for (i = 0; n != 0; i++) { 3615 l[i] = my_abs(n % 10); 3616 n /= 10; 3617 } 3618 do { 3619 if (fprintf(f, "%d", l[--i]) < 0) 3620 return -1; 3621 } while (i != 0); 3622 if (fprintf(f, " ") < 0) 3623 return -1; 3624 return 0; 3625} 3626 ]], [[ 3627 FILE *f; 3628 long long i, llmin, llmax = 0; 3629 3630 if((f = fopen(DATA,"w")) == NULL) 3631 exit(1); 3632 3633#if defined(LLONG_MIN) && defined(LLONG_MAX) 3634 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3635 llmin = LLONG_MIN; 3636 llmax = LLONG_MAX; 3637#else 3638 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3639 /* This will work on one's complement and two's complement */ 3640 for (i = 1; i > llmax; i <<= 1, i++) 3641 llmax = i; 3642 llmin = llmax + 1LL; /* wrap */ 3643#endif 3644 3645 /* Sanity check */ 3646 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3647 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3648 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3649 fprintf(f, "unknown unknown\n"); 3650 exit(2); 3651 } 3652 3653 if (fprint_ll(f, llmin) < 0) 3654 exit(3); 3655 if (fprint_ll(f, llmax) < 0) 3656 exit(4); 3657 if (fclose(f) < 0) 3658 exit(5); 3659 exit(0); 3660 ]])], 3661 [ 3662 llong_min=`$AWK '{print $1}' conftest.llminmax` 3663 llong_max=`$AWK '{print $2}' conftest.llminmax` 3664 3665 AC_MSG_RESULT([$llong_max]) 3666 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3667 [max value of long long calculated by configure]) 3668 AC_MSG_CHECKING([for min value of long long]) 3669 AC_MSG_RESULT([$llong_min]) 3670 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3671 [min value of long long calculated by configure]) 3672 ], 3673 [ 3674 AC_MSG_RESULT([not found]) 3675 ], 3676 [ 3677 AC_MSG_WARN([cross compiling: not checking]) 3678 ] 3679 ) 3680fi 3681 3682 3683# More checks for data types 3684AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3685 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3686 [[ u_int a; a = 1;]])], 3687 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3688 ]) 3689]) 3690if test "x$ac_cv_have_u_int" = "xyes" ; then 3691 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3692 have_u_int=1 3693fi 3694 3695AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3696 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3697 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3698 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3699 ]) 3700]) 3701if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3702 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3703 have_intxx_t=1 3704fi 3705 3706if (test -z "$have_intxx_t" && \ 3707 test "x$ac_cv_header_stdint_h" = "xyes") 3708then 3709 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3710 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3711 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3712 [ 3713 AC_DEFINE([HAVE_INTXX_T]) 3714 AC_MSG_RESULT([yes]) 3715 ], [ AC_MSG_RESULT([no]) 3716 ]) 3717fi 3718 3719AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3720 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3721#include <sys/types.h> 3722#ifdef HAVE_STDINT_H 3723# include <stdint.h> 3724#endif 3725#include <sys/socket.h> 3726#ifdef HAVE_SYS_BITYPES_H 3727# include <sys/bitypes.h> 3728#endif 3729 ]], [[ 3730int64_t a; a = 1; 3731 ]])], 3732 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3733 ]) 3734]) 3735if test "x$ac_cv_have_int64_t" = "xyes" ; then 3736 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3737fi 3738 3739AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3740 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3741 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3742 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3743 ]) 3744]) 3745if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3746 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3747 have_u_intxx_t=1 3748fi 3749 3750if test -z "$have_u_intxx_t" ; then 3751 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3752 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3753 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3754 [ 3755 AC_DEFINE([HAVE_U_INTXX_T]) 3756 AC_MSG_RESULT([yes]) 3757 ], [ AC_MSG_RESULT([no]) 3758 ]) 3759fi 3760 3761AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3762 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3763 [[ u_int64_t a; a = 1;]])], 3764 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3765 ]) 3766]) 3767if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3768 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3769 have_u_int64_t=1 3770fi 3771 3772if (test -z "$have_u_int64_t" && \ 3773 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3774then 3775 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3776 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3777 [[ u_int64_t a; a = 1]])], 3778 [ 3779 AC_DEFINE([HAVE_U_INT64_T]) 3780 AC_MSG_RESULT([yes]) 3781 ], [ AC_MSG_RESULT([no]) 3782 ]) 3783fi 3784 3785if test -z "$have_u_intxx_t" ; then 3786 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3787 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3788#include <sys/types.h> 3789 ]], [[ 3790 uint8_t a; 3791 uint16_t b; 3792 uint32_t c; 3793 a = b = c = 1; 3794 ]])], 3795 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3796 ]) 3797 ]) 3798 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3799 AC_DEFINE([HAVE_UINTXX_T], [1], 3800 [define if you have uintxx_t data type]) 3801 fi 3802fi 3803 3804if (test -z "$have_uintxx_t" && \ 3805 test "x$ac_cv_header_stdint_h" = "xyes") 3806then 3807 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3808 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3809 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3810 [ 3811 AC_DEFINE([HAVE_UINTXX_T]) 3812 AC_MSG_RESULT([yes]) 3813 ], [ AC_MSG_RESULT([no]) 3814 ]) 3815fi 3816 3817if (test -z "$have_uintxx_t" && \ 3818 test "x$ac_cv_header_inttypes_h" = "xyes") 3819then 3820 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3821 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3822 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3823 [ 3824 AC_DEFINE([HAVE_UINTXX_T]) 3825 AC_MSG_RESULT([yes]) 3826 ], [ AC_MSG_RESULT([no]) 3827 ]) 3828fi 3829 3830if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3831 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3832then 3833 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3834 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3835#include <sys/bitypes.h> 3836 ]], [[ 3837 int8_t a; int16_t b; int32_t c; 3838 u_int8_t e; u_int16_t f; u_int32_t g; 3839 a = b = c = e = f = g = 1; 3840 ]])], 3841 [ 3842 AC_DEFINE([HAVE_U_INTXX_T]) 3843 AC_DEFINE([HAVE_INTXX_T]) 3844 AC_MSG_RESULT([yes]) 3845 ], [AC_MSG_RESULT([no]) 3846 ]) 3847fi 3848 3849 3850AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3851 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3852 [[ u_char foo; foo = 125; ]])], 3853 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3854 ]) 3855]) 3856if test "x$ac_cv_have_u_char" = "xyes" ; then 3857 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3858fi 3859 3860AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3861#include <sys/types.h> 3862#include <stdint.h> 3863]) 3864 3865TYPE_SOCKLEN_T 3866 3867AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3868AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3869#include <sys/types.h> 3870#ifdef HAVE_SYS_BITYPES_H 3871#include <sys/bitypes.h> 3872#endif 3873#ifdef HAVE_SYS_STATFS_H 3874#include <sys/statfs.h> 3875#endif 3876#ifdef HAVE_SYS_STATVFS_H 3877#include <sys/statvfs.h> 3878#endif 3879]) 3880 3881AC_CHECK_MEMBERS([struct statfs.f_flags], [], [], [[ 3882#include <sys/types.h> 3883#ifdef HAVE_SYS_BITYPES_H 3884#include <sys/bitypes.h> 3885#endif 3886#ifdef HAVE_SYS_STATFS_H 3887#include <sys/statfs.h> 3888#endif 3889#ifdef HAVE_SYS_STATVFS_H 3890#include <sys/statvfs.h> 3891#endif 3892#ifdef HAVE_SYS_VFS_H 3893#include <sys/vfs.h> 3894#endif 3895]]) 3896 3897 3898AC_CHECK_TYPES([in_addr_t, in_port_t], , , 3899[#include <sys/types.h> 3900#include <netinet/in.h>]) 3901 3902AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3903 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3904 [[ size_t foo; foo = 1235; ]])], 3905 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 3906 ]) 3907]) 3908if test "x$ac_cv_have_size_t" = "xyes" ; then 3909 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 3910fi 3911 3912AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 3913 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3914 [[ ssize_t foo; foo = 1235; ]])], 3915 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 3916 ]) 3917]) 3918if test "x$ac_cv_have_ssize_t" = "xyes" ; then 3919 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 3920fi 3921 3922AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 3923 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 3924 [[ clock_t foo; foo = 1235; ]])], 3925 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 3926 ]) 3927]) 3928if test "x$ac_cv_have_clock_t" = "xyes" ; then 3929 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 3930fi 3931 3932AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 3933 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3934#include <sys/types.h> 3935#include <sys/socket.h> 3936 ]], [[ sa_family_t foo; foo = 1235; ]])], 3937 [ ac_cv_have_sa_family_t="yes" ], 3938 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3939#include <sys/types.h> 3940#include <sys/socket.h> 3941#include <netinet/in.h> 3942 ]], [[ sa_family_t foo; foo = 1235; ]])], 3943 [ ac_cv_have_sa_family_t="yes" ], 3944 [ ac_cv_have_sa_family_t="no" ] 3945 ) 3946 ]) 3947]) 3948if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 3949 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 3950 [define if you have sa_family_t data type]) 3951fi 3952 3953AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 3954 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3955 [[ pid_t foo; foo = 1235; ]])], 3956 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 3957 ]) 3958]) 3959if test "x$ac_cv_have_pid_t" = "xyes" ; then 3960 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 3961fi 3962 3963AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 3964 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3965 [[ mode_t foo; foo = 1235; ]])], 3966 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 3967 ]) 3968]) 3969if test "x$ac_cv_have_mode_t" = "xyes" ; then 3970 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 3971fi 3972 3973 3974AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 3975 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3976#include <sys/types.h> 3977#include <sys/socket.h> 3978 ]], [[ struct sockaddr_storage s; ]])], 3979 [ ac_cv_have_struct_sockaddr_storage="yes" ], 3980 [ ac_cv_have_struct_sockaddr_storage="no" 3981 ]) 3982]) 3983if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 3984 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 3985 [define if you have struct sockaddr_storage data type]) 3986fi 3987 3988AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 3989 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3990#include <sys/types.h> 3991#include <netinet/in.h> 3992 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 3993 [ ac_cv_have_struct_sockaddr_in6="yes" ], 3994 [ ac_cv_have_struct_sockaddr_in6="no" 3995 ]) 3996]) 3997if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 3998 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 3999 [define if you have struct sockaddr_in6 data type]) 4000fi 4001 4002AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4003 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4004#include <sys/types.h> 4005#include <netinet/in.h> 4006 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4007 [ ac_cv_have_struct_in6_addr="yes" ], 4008 [ ac_cv_have_struct_in6_addr="no" 4009 ]) 4010]) 4011if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4012 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4013 [define if you have struct in6_addr data type]) 4014 4015dnl Now check for sin6_scope_id 4016 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4017 [ 4018#ifdef HAVE_SYS_TYPES_H 4019#include <sys/types.h> 4020#endif 4021#include <netinet/in.h> 4022 ]) 4023fi 4024 4025AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4026 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4027#include <sys/types.h> 4028#include <sys/socket.h> 4029#include <netdb.h> 4030 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4031 [ ac_cv_have_struct_addrinfo="yes" ], 4032 [ ac_cv_have_struct_addrinfo="no" 4033 ]) 4034]) 4035if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4036 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4037 [define if you have struct addrinfo data type]) 4038fi 4039 4040AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4041 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4042 [[ struct timeval tv; tv.tv_sec = 1;]])], 4043 [ ac_cv_have_struct_timeval="yes" ], 4044 [ ac_cv_have_struct_timeval="no" 4045 ]) 4046]) 4047if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4048 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4049 have_struct_timeval=1 4050fi 4051 4052AC_CHECK_TYPES([struct timespec]) 4053 4054# We need int64_t or else certain parts of the compile will fail. 4055if test "x$ac_cv_have_int64_t" = "xno" && \ 4056 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4057 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4058 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4059 echo "an alternative compiler (I.E., GCC) before continuing." 4060 echo "" 4061 exit 1; 4062else 4063dnl test snprintf (broken on SCO w/gcc) 4064 AC_RUN_IFELSE( 4065 [AC_LANG_SOURCE([[ 4066#include <stdio.h> 4067#include <string.h> 4068#ifdef HAVE_SNPRINTF 4069main() 4070{ 4071 char buf[50]; 4072 char expected_out[50]; 4073 int mazsize = 50 ; 4074#if (SIZEOF_LONG_INT == 8) 4075 long int num = 0x7fffffffffffffff; 4076#else 4077 long long num = 0x7fffffffffffffffll; 4078#endif 4079 strcpy(expected_out, "9223372036854775807"); 4080 snprintf(buf, mazsize, "%lld", num); 4081 if(strcmp(buf, expected_out) != 0) 4082 exit(1); 4083 exit(0); 4084} 4085#else 4086main() { exit(0); } 4087#endif 4088 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4089 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4090 ) 4091fi 4092 4093dnl Checks for structure members 4094OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4095OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4096OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4097OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4098OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4099OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4100OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4101OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4102OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4103OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4104OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4105OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4106OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4107OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4108OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4109OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4110OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4111 4112AC_CHECK_MEMBERS([struct stat.st_blksize]) 4113AC_CHECK_MEMBERS([struct stat.st_mtim]) 4114AC_CHECK_MEMBERS([struct stat.st_mtime]) 4115AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4116struct passwd.pw_change, struct passwd.pw_expire], 4117[], [], [[ 4118#include <sys/types.h> 4119#include <pwd.h> 4120]]) 4121 4122AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4123 [Define if we don't have struct __res_state in resolv.h])], 4124[[ 4125#include <stdio.h> 4126#if HAVE_SYS_TYPES_H 4127# include <sys/types.h> 4128#endif 4129#include <netinet/in.h> 4130#include <arpa/nameser.h> 4131#include <resolv.h> 4132]]) 4133 4134AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4135 ac_cv_have_ss_family_in_struct_ss, [ 4136 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4137#include <sys/types.h> 4138#include <sys/socket.h> 4139 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4140 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4141 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4142]) 4143if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4144 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4145fi 4146 4147AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4148 ac_cv_have___ss_family_in_struct_ss, [ 4149 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4150#include <sys/types.h> 4151#include <sys/socket.h> 4152 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4153 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4154 [ ac_cv_have___ss_family_in_struct_ss="no" 4155 ]) 4156]) 4157if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4158 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4159 [Fields in struct sockaddr_storage]) 4160fi 4161 4162dnl make sure we're using the real structure members and not defines 4163AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4164 ac_cv_have_accrights_in_msghdr, [ 4165 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4166#include <sys/types.h> 4167#include <sys/socket.h> 4168#include <sys/uio.h> 4169 ]], [[ 4170#ifdef msg_accrights 4171#error "msg_accrights is a macro" 4172exit(1); 4173#endif 4174struct msghdr m; 4175m.msg_accrights = 0; 4176exit(0); 4177 ]])], 4178 [ ac_cv_have_accrights_in_msghdr="yes" ], 4179 [ ac_cv_have_accrights_in_msghdr="no" ] 4180 ) 4181]) 4182if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4183 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4184 [Define if your system uses access rights style 4185 file descriptor passing]) 4186fi 4187 4188AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4189AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4190#include <sys/param.h> 4191#include <sys/stat.h> 4192#ifdef HAVE_SYS_TIME_H 4193# include <sys/time.h> 4194#endif 4195#ifdef HAVE_SYS_MOUNT_H 4196#include <sys/mount.h> 4197#endif 4198#ifdef HAVE_SYS_STATVFS_H 4199#include <sys/statvfs.h> 4200#endif 4201 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4202 [ AC_MSG_RESULT([yes]) ], 4203 [ AC_MSG_RESULT([no]) 4204 4205 AC_MSG_CHECKING([if fsid_t has member val]) 4206 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4207#include <sys/types.h> 4208#include <sys/statvfs.h> 4209 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4210 [ AC_MSG_RESULT([yes]) 4211 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4212 [ AC_MSG_RESULT([no]) ]) 4213 4214 AC_MSG_CHECKING([if f_fsid has member __val]) 4215 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4216#include <sys/types.h> 4217#include <sys/statvfs.h> 4218 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4219 [ AC_MSG_RESULT([yes]) 4220 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4221 [ AC_MSG_RESULT([no]) ]) 4222]) 4223 4224AC_CACHE_CHECK([for msg_control field in struct msghdr], 4225 ac_cv_have_control_in_msghdr, [ 4226 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4227#include <sys/types.h> 4228#include <sys/socket.h> 4229#include <sys/uio.h> 4230 ]], [[ 4231#ifdef msg_control 4232#error "msg_control is a macro" 4233exit(1); 4234#endif 4235struct msghdr m; 4236m.msg_control = 0; 4237exit(0); 4238 ]])], 4239 [ ac_cv_have_control_in_msghdr="yes" ], 4240 [ ac_cv_have_control_in_msghdr="no" ] 4241 ) 4242]) 4243if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4244 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4245 [Define if your system uses ancillary data style 4246 file descriptor passing]) 4247fi 4248 4249AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4250 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4251 [[ extern char *__progname; printf("%s", __progname); ]])], 4252 [ ac_cv_libc_defines___progname="yes" ], 4253 [ ac_cv_libc_defines___progname="no" 4254 ]) 4255]) 4256if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4257 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4258fi 4259 4260AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4261 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4262 [[ printf("%s", __FUNCTION__); ]])], 4263 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4264 [ ac_cv_cc_implements___FUNCTION__="no" 4265 ]) 4266]) 4267if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4268 AC_DEFINE([HAVE___FUNCTION__], [1], 4269 [Define if compiler implements __FUNCTION__]) 4270fi 4271 4272AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4273 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4274 [[ printf("%s", __func__); ]])], 4275 [ ac_cv_cc_implements___func__="yes" ], 4276 [ ac_cv_cc_implements___func__="no" 4277 ]) 4278]) 4279if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4280 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4281fi 4282 4283AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4284 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4285#include <stdarg.h> 4286va_list x,y; 4287 ]], [[ va_copy(x,y); ]])], 4288 [ ac_cv_have_va_copy="yes" ], 4289 [ ac_cv_have_va_copy="no" 4290 ]) 4291]) 4292if test "x$ac_cv_have_va_copy" = "xyes" ; then 4293 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4294fi 4295 4296AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4297 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4298#include <stdarg.h> 4299va_list x,y; 4300 ]], [[ __va_copy(x,y); ]])], 4301 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4302 ]) 4303]) 4304if test "x$ac_cv_have___va_copy" = "xyes" ; then 4305 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4306fi 4307 4308AC_CACHE_CHECK([whether getopt has optreset support], 4309 ac_cv_have_getopt_optreset, [ 4310 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4311 [[ extern int optreset; optreset = 0; ]])], 4312 [ ac_cv_have_getopt_optreset="yes" ], 4313 [ ac_cv_have_getopt_optreset="no" 4314 ]) 4315]) 4316if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4317 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4318 [Define if your getopt(3) defines and uses optreset]) 4319fi 4320 4321AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4322 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4323[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4324 [ ac_cv_libc_defines_sys_errlist="yes" ], 4325 [ ac_cv_libc_defines_sys_errlist="no" 4326 ]) 4327]) 4328if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4329 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4330 [Define if your system defines sys_errlist[]]) 4331fi 4332 4333 4334AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4335 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4336[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4337 [ ac_cv_libc_defines_sys_nerr="yes" ], 4338 [ ac_cv_libc_defines_sys_nerr="no" 4339 ]) 4340]) 4341if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4342 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4343fi 4344 4345# Check libraries needed by DNS fingerprint support 4346AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4347 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4348 [Define if getrrsetbyname() exists])], 4349 [ 4350 # Needed by our getrrsetbyname() 4351 AC_SEARCH_LIBS([res_query], [resolv]) 4352 AC_SEARCH_LIBS([dn_expand], [resolv]) 4353 AC_MSG_CHECKING([if res_query will link]) 4354 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4355#include <sys/types.h> 4356#include <netinet/in.h> 4357#include <arpa/nameser.h> 4358#include <netdb.h> 4359#include <resolv.h> 4360 ]], [[ 4361 res_query (0, 0, 0, 0, 0); 4362 ]])], 4363 AC_MSG_RESULT([yes]), 4364 [AC_MSG_RESULT([no]) 4365 saved_LIBS="$LIBS" 4366 LIBS="$LIBS -lresolv" 4367 AC_MSG_CHECKING([for res_query in -lresolv]) 4368 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4369#include <sys/types.h> 4370#include <netinet/in.h> 4371#include <arpa/nameser.h> 4372#include <netdb.h> 4373#include <resolv.h> 4374 ]], [[ 4375 res_query (0, 0, 0, 0, 0); 4376 ]])], 4377 [AC_MSG_RESULT([yes])], 4378 [LIBS="$saved_LIBS" 4379 AC_MSG_RESULT([no])]) 4380 ]) 4381 AC_CHECK_FUNCS([_getshort _getlong]) 4382 AC_CHECK_DECLS([_getshort, _getlong], , , 4383 [#include <sys/types.h> 4384 #include <arpa/nameser.h>]) 4385 AC_CHECK_MEMBER([HEADER.ad], 4386 [AC_DEFINE([HAVE_HEADER_AD], [1], 4387 [Define if HEADER.ad exists in arpa/nameser.h])], , 4388 [#include <arpa/nameser.h>]) 4389 ]) 4390 4391AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4392AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4393#include <stdio.h> 4394#if HAVE_SYS_TYPES_H 4395# include <sys/types.h> 4396#endif 4397#include <netinet/in.h> 4398#include <arpa/nameser.h> 4399#include <resolv.h> 4400extern struct __res_state _res; 4401 ]], [[ 4402struct __res_state *volatile p = &_res; /* force resolution of _res */ 4403return 0; 4404 ]],)], 4405 [AC_MSG_RESULT([yes]) 4406 AC_DEFINE([HAVE__RES_EXTERN], [1], 4407 [Define if you have struct __res_state _res as an extern]) 4408 ], 4409 [ AC_MSG_RESULT([no]) ] 4410) 4411 4412# Check whether user wants SELinux support 4413SELINUX_MSG="no" 4414LIBSELINUX="" 4415AC_ARG_WITH([selinux], 4416 [ --with-selinux Enable SELinux support], 4417 [ if test "x$withval" != "xno" ; then 4418 save_LIBS="$LIBS" 4419 AC_DEFINE([WITH_SELINUX], [1], 4420 [Define if you want SELinux support.]) 4421 SELINUX_MSG="yes" 4422 AC_CHECK_HEADER([selinux/selinux.h], , 4423 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4424 AC_CHECK_LIB([selinux], [setexeccon], 4425 [ LIBSELINUX="-lselinux" 4426 LIBS="$LIBS -lselinux" 4427 ], 4428 AC_MSG_ERROR([SELinux support requires libselinux library])) 4429 SSHLIBS="$SSHLIBS $LIBSELINUX" 4430 SSHDLIBS="$SSHDLIBS $LIBSELINUX" 4431 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4432 LIBS="$save_LIBS" 4433 fi ] 4434) 4435AC_SUBST([SSHLIBS]) 4436AC_SUBST([SSHDLIBS]) 4437 4438# Check whether user wants Kerberos 5 support 4439KRB5_MSG="no" 4440AC_ARG_WITH([kerberos5], 4441 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4442 [ if test "x$withval" != "xno" ; then 4443 if test "x$withval" = "xyes" ; then 4444 KRB5ROOT="/usr/local" 4445 else 4446 KRB5ROOT=${withval} 4447 fi 4448 4449 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4450 KRB5_MSG="yes" 4451 4452 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4453 [$KRB5ROOT/bin/krb5-config], 4454 [$KRB5ROOT/bin:$PATH]) 4455 if test -x $KRB5CONF ; then 4456 K5CFLAGS="`$KRB5CONF --cflags`" 4457 K5LIBS="`$KRB5CONF --libs`" 4458 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4459 4460 AC_MSG_CHECKING([for gssapi support]) 4461 if $KRB5CONF | grep gssapi >/dev/null ; then 4462 AC_MSG_RESULT([yes]) 4463 AC_DEFINE([GSSAPI], [1], 4464 [Define this if you want GSSAPI 4465 support in the version 2 protocol]) 4466 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4467 GSSLIBS="`$KRB5CONF --libs gssapi`" 4468 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4469 else 4470 AC_MSG_RESULT([no]) 4471 fi 4472 AC_MSG_CHECKING([whether we are using Heimdal]) 4473 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4474 ]], [[ char *tmp = heimdal_version; ]])], 4475 [ AC_MSG_RESULT([yes]) 4476 AC_DEFINE([HEIMDAL], [1], 4477 [Define this if you are using the Heimdal 4478 version of Kerberos V5]) ], 4479 [AC_MSG_RESULT([no]) 4480 ]) 4481 else 4482 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4483 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4484 AC_MSG_CHECKING([whether we are using Heimdal]) 4485 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4486 ]], [[ char *tmp = heimdal_version; ]])], 4487 [ AC_MSG_RESULT([yes]) 4488 AC_DEFINE([HEIMDAL]) 4489 K5LIBS="-lkrb5" 4490 K5LIBS="$K5LIBS -lcom_err -lasn1" 4491 AC_CHECK_LIB([roken], [net_write], 4492 [K5LIBS="$K5LIBS -lroken"]) 4493 AC_CHECK_LIB([des], [des_cbc_encrypt], 4494 [K5LIBS="$K5LIBS -ldes"]) 4495 ], [ AC_MSG_RESULT([no]) 4496 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4497 ]) 4498 AC_SEARCH_LIBS([dn_expand], [resolv]) 4499 4500 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4501 [ AC_DEFINE([GSSAPI]) 4502 GSSLIBS="-lgssapi_krb5" ], 4503 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4504 [ AC_DEFINE([GSSAPI]) 4505 GSSLIBS="-lgssapi" ], 4506 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4507 [ AC_DEFINE([GSSAPI]) 4508 GSSLIBS="-lgss" ], 4509 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4510 ]) 4511 ]) 4512 4513 AC_CHECK_HEADER([gssapi.h], , 4514 [ unset ac_cv_header_gssapi_h 4515 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4516 AC_CHECK_HEADERS([gssapi.h], , 4517 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4518 ) 4519 ] 4520 ) 4521 4522 oldCPP="$CPPFLAGS" 4523 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4524 AC_CHECK_HEADER([gssapi_krb5.h], , 4525 [ CPPFLAGS="$oldCPP" ]) 4526 4527 fi 4528 if test ! -z "$need_dash_r" ; then 4529 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" 4530 fi 4531 if test ! -z "$blibpath" ; then 4532 blibpath="$blibpath:${KRB5ROOT}/lib" 4533 fi 4534 4535 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4536 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4537 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4538 4539 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4540 [Define this if you want to use libkafs' AFS support])]) 4541 4542 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4543#ifdef HAVE_GSSAPI_H 4544# include <gssapi.h> 4545#elif defined(HAVE_GSSAPI_GSSAPI_H) 4546# include <gssapi/gssapi.h> 4547#endif 4548 4549#ifdef HAVE_GSSAPI_GENERIC_H 4550# include <gssapi_generic.h> 4551#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4552# include <gssapi/gssapi_generic.h> 4553#endif 4554 ]]) 4555 saved_LIBS="$LIBS" 4556 LIBS="$LIBS $K5LIBS" 4557 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4558 LIBS="$saved_LIBS" 4559 4560 fi 4561 ] 4562) 4563AC_SUBST([GSSLIBS]) 4564AC_SUBST([K5LIBS]) 4565 4566# Looking for programs, paths and files 4567 4568PRIVSEP_PATH=/var/empty 4569AC_ARG_WITH([privsep-path], 4570 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4571 [ 4572 if test -n "$withval" && test "x$withval" != "xno" && \ 4573 test "x${withval}" != "xyes"; then 4574 PRIVSEP_PATH=$withval 4575 fi 4576 ] 4577) 4578AC_SUBST([PRIVSEP_PATH]) 4579 4580AC_ARG_WITH([xauth], 4581 [ --with-xauth=PATH Specify path to xauth program ], 4582 [ 4583 if test -n "$withval" && test "x$withval" != "xno" && \ 4584 test "x${withval}" != "xyes"; then 4585 xauth_path=$withval 4586 fi 4587 ], 4588 [ 4589 TestPath="$PATH" 4590 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4591 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4592 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4593 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4594 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4595 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4596 xauth_path="/usr/openwin/bin/xauth" 4597 fi 4598 ] 4599) 4600 4601STRIP_OPT=-s 4602AC_ARG_ENABLE([strip], 4603 [ --disable-strip Disable calling strip(1) on install], 4604 [ 4605 if test "x$enableval" = "xno" ; then 4606 STRIP_OPT= 4607 fi 4608 ] 4609) 4610AC_SUBST([STRIP_OPT]) 4611 4612if test -z "$xauth_path" ; then 4613 XAUTH_PATH="undefined" 4614 AC_SUBST([XAUTH_PATH]) 4615else 4616 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4617 [Define if xauth is found in your path]) 4618 XAUTH_PATH=$xauth_path 4619 AC_SUBST([XAUTH_PATH]) 4620fi 4621 4622dnl # --with-maildir=/path/to/mail gets top priority. 4623dnl # if maildir is set in the platform case statement above we use that. 4624dnl # Otherwise we run a program to get the dir from system headers. 4625dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4626dnl # If we find _PATH_MAILDIR we do nothing because that is what 4627dnl # session.c expects anyway. Otherwise we set to the value found 4628dnl # stripping any trailing slash. If for some strage reason our program 4629dnl # does not find what it needs, we default to /var/spool/mail. 4630# Check for mail directory 4631AC_ARG_WITH([maildir], 4632 [ --with-maildir=/path/to/mail Specify your system mail directory], 4633 [ 4634 if test "X$withval" != X && test "x$withval" != xno && \ 4635 test "x${withval}" != xyes; then 4636 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4637 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4638 fi 4639 ],[ 4640 if test "X$maildir" != "X"; then 4641 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4642 else 4643 AC_MSG_CHECKING([Discovering system mail directory]) 4644 AC_RUN_IFELSE( 4645 [AC_LANG_PROGRAM([[ 4646#include <stdio.h> 4647#include <string.h> 4648#ifdef HAVE_PATHS_H 4649#include <paths.h> 4650#endif 4651#ifdef HAVE_MAILLOCK_H 4652#include <maillock.h> 4653#endif 4654#define DATA "conftest.maildir" 4655 ]], [[ 4656 FILE *fd; 4657 int rc; 4658 4659 fd = fopen(DATA,"w"); 4660 if(fd == NULL) 4661 exit(1); 4662 4663#if defined (_PATH_MAILDIR) 4664 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4665 exit(1); 4666#elif defined (MAILDIR) 4667 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4668 exit(1); 4669#elif defined (_PATH_MAIL) 4670 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4671 exit(1); 4672#else 4673 exit (2); 4674#endif 4675 4676 exit(0); 4677 ]])], 4678 [ 4679 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4680 maildir=`awk -F: '{print $2}' conftest.maildir \ 4681 | sed 's|/$||'` 4682 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4683 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4684 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4685 fi 4686 ], 4687 [ 4688 if test "X$ac_status" = "X2";then 4689# our test program didn't find it. Default to /var/spool/mail 4690 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4691 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4692 else 4693 AC_MSG_RESULT([*** not found ***]) 4694 fi 4695 ], 4696 [ 4697 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4698 ] 4699 ) 4700 fi 4701 ] 4702) # maildir 4703 4704if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4705 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4706 disable_ptmx_check=yes 4707fi 4708if test -z "$no_dev_ptmx" ; then 4709 if test "x$disable_ptmx_check" != "xyes" ; then 4710 AC_CHECK_FILE(["/dev/ptmx"], 4711 [ 4712 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4713 [Define if you have /dev/ptmx]) 4714 have_dev_ptmx=1 4715 ] 4716 ) 4717 fi 4718fi 4719 4720if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4721 AC_CHECK_FILE(["/dev/ptc"], 4722 [ 4723 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4724 [Define if you have /dev/ptc]) 4725 have_dev_ptc=1 4726 ] 4727 ) 4728else 4729 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4730fi 4731 4732# Options from here on. Some of these are preset by platform above 4733AC_ARG_WITH([mantype], 4734 [ --with-mantype=man|cat|doc Set man page type], 4735 [ 4736 case "$withval" in 4737 man|cat|doc) 4738 MANTYPE=$withval 4739 ;; 4740 *) 4741 AC_MSG_ERROR([invalid man type: $withval]) 4742 ;; 4743 esac 4744 ] 4745) 4746if test -z "$MANTYPE"; then 4747 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" 4748 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath]) 4749 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4750 MANTYPE=doc 4751 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4752 MANTYPE=man 4753 else 4754 MANTYPE=cat 4755 fi 4756fi 4757AC_SUBST([MANTYPE]) 4758if test "$MANTYPE" = "doc"; then 4759 mansubdir=man; 4760else 4761 mansubdir=$MANTYPE; 4762fi 4763AC_SUBST([mansubdir]) 4764 4765# Check whether to enable MD5 passwords 4766MD5_MSG="no" 4767AC_ARG_WITH([md5-passwords], 4768 [ --with-md5-passwords Enable use of MD5 passwords], 4769 [ 4770 if test "x$withval" != "xno" ; then 4771 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4772 [Define if you want to allow MD5 passwords]) 4773 MD5_MSG="yes" 4774 fi 4775 ] 4776) 4777 4778# Whether to disable shadow password support 4779AC_ARG_WITH([shadow], 4780 [ --without-shadow Disable shadow password support], 4781 [ 4782 if test "x$withval" = "xno" ; then 4783 AC_DEFINE([DISABLE_SHADOW]) 4784 disable_shadow=yes 4785 fi 4786 ] 4787) 4788 4789if test -z "$disable_shadow" ; then 4790 AC_MSG_CHECKING([if the systems has expire shadow information]) 4791 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4792#include <sys/types.h> 4793#include <shadow.h> 4794struct spwd sp; 4795 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4796 [ sp_expire_available=yes ], [ 4797 ]) 4798 4799 if test "x$sp_expire_available" = "xyes" ; then 4800 AC_MSG_RESULT([yes]) 4801 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4802 [Define if you want to use shadow password expire field]) 4803 else 4804 AC_MSG_RESULT([no]) 4805 fi 4806fi 4807 4808# Use ip address instead of hostname in $DISPLAY 4809if test ! -z "$IPADDR_IN_DISPLAY" ; then 4810 DISPLAY_HACK_MSG="yes" 4811 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4812 [Define if you need to use IP address 4813 instead of hostname in $DISPLAY]) 4814else 4815 DISPLAY_HACK_MSG="no" 4816 AC_ARG_WITH([ipaddr-display], 4817 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 4818 [ 4819 if test "x$withval" != "xno" ; then 4820 AC_DEFINE([IPADDR_IN_DISPLAY]) 4821 DISPLAY_HACK_MSG="yes" 4822 fi 4823 ] 4824 ) 4825fi 4826 4827# check for /etc/default/login and use it if present. 4828AC_ARG_ENABLE([etc-default-login], 4829 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4830 [ if test "x$enableval" = "xno"; then 4831 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4832 etc_default_login=no 4833 else 4834 etc_default_login=yes 4835 fi ], 4836 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4837 then 4838 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4839 etc_default_login=no 4840 else 4841 etc_default_login=yes 4842 fi ] 4843) 4844 4845if test "x$etc_default_login" != "xno"; then 4846 AC_CHECK_FILE(["/etc/default/login"], 4847 [ external_path_file=/etc/default/login ]) 4848 if test "x$external_path_file" = "x/etc/default/login"; then 4849 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4850 [Define if your system has /etc/default/login]) 4851 fi 4852fi 4853 4854dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4855if test $ac_cv_func_login_getcapbool = "yes" && \ 4856 test $ac_cv_header_login_cap_h = "yes" ; then 4857 external_path_file=/etc/login.conf 4858fi 4859 4860# Whether to mess with the default path 4861SERVER_PATH_MSG="(default)" 4862AC_ARG_WITH([default-path], 4863 [ --with-default-path= Specify default $PATH environment for server], 4864 [ 4865 if test "x$external_path_file" = "x/etc/login.conf" ; then 4866 AC_MSG_WARN([ 4867--with-default-path=PATH has no effect on this system. 4868Edit /etc/login.conf instead.]) 4869 elif test "x$withval" != "xno" ; then 4870 if test ! -z "$external_path_file" ; then 4871 AC_MSG_WARN([ 4872--with-default-path=PATH will only be used if PATH is not defined in 4873$external_path_file .]) 4874 fi 4875 user_path="$withval" 4876 SERVER_PATH_MSG="$withval" 4877 fi 4878 ], 4879 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 4880 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 4881 else 4882 if test ! -z "$external_path_file" ; then 4883 AC_MSG_WARN([ 4884If PATH is defined in $external_path_file, ensure the path to scp is included, 4885otherwise scp will not work.]) 4886 fi 4887 AC_RUN_IFELSE( 4888 [AC_LANG_PROGRAM([[ 4889/* find out what STDPATH is */ 4890#include <stdio.h> 4891#ifdef HAVE_PATHS_H 4892# include <paths.h> 4893#endif 4894#ifndef _PATH_STDPATH 4895# ifdef _PATH_USERPATH /* Irix */ 4896# define _PATH_STDPATH _PATH_USERPATH 4897# else 4898# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 4899# endif 4900#endif 4901#include <sys/types.h> 4902#include <sys/stat.h> 4903#include <fcntl.h> 4904#define DATA "conftest.stdpath" 4905 ]], [[ 4906 FILE *fd; 4907 int rc; 4908 4909 fd = fopen(DATA,"w"); 4910 if(fd == NULL) 4911 exit(1); 4912 4913 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 4914 exit(1); 4915 4916 exit(0); 4917 ]])], 4918 [ user_path=`cat conftest.stdpath` ], 4919 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 4920 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 4921 ) 4922# make sure $bindir is in USER_PATH so scp will work 4923 t_bindir="${bindir}" 4924 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 4925 t_bindir=`eval echo ${t_bindir}` 4926 case $t_bindir in 4927 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 4928 esac 4929 case $t_bindir in 4930 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 4931 esac 4932 done 4933 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 4934 if test $? -ne 0 ; then 4935 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 4936 if test $? -ne 0 ; then 4937 user_path=$user_path:$t_bindir 4938 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 4939 fi 4940 fi 4941 fi ] 4942) 4943if test "x$external_path_file" != "x/etc/login.conf" ; then 4944 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 4945 AC_SUBST([user_path]) 4946fi 4947 4948# Set superuser path separately to user path 4949AC_ARG_WITH([superuser-path], 4950 [ --with-superuser-path= Specify different path for super-user], 4951 [ 4952 if test -n "$withval" && test "x$withval" != "xno" && \ 4953 test "x${withval}" != "xyes"; then 4954 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 4955 [Define if you want a different $PATH 4956 for the superuser]) 4957 superuser_path=$withval 4958 fi 4959 ] 4960) 4961 4962 4963AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 4964IPV4_IN6_HACK_MSG="no" 4965AC_ARG_WITH(4in6, 4966 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 4967 [ 4968 if test "x$withval" != "xno" ; then 4969 AC_MSG_RESULT([yes]) 4970 AC_DEFINE([IPV4_IN_IPV6], [1], 4971 [Detect IPv4 in IPv6 mapped addresses 4972 and treat as IPv4]) 4973 IPV4_IN6_HACK_MSG="yes" 4974 else 4975 AC_MSG_RESULT([no]) 4976 fi 4977 ], [ 4978 if test "x$inet6_default_4in6" = "xyes"; then 4979 AC_MSG_RESULT([yes (default)]) 4980 AC_DEFINE([IPV4_IN_IPV6]) 4981 IPV4_IN6_HACK_MSG="yes" 4982 else 4983 AC_MSG_RESULT([no (default)]) 4984 fi 4985 ] 4986) 4987 4988# Whether to enable BSD auth support 4989BSD_AUTH_MSG=no 4990AC_ARG_WITH([bsd-auth], 4991 [ --with-bsd-auth Enable BSD auth support], 4992 [ 4993 if test "x$withval" != "xno" ; then 4994 AC_DEFINE([BSD_AUTH], [1], 4995 [Define if you have BSD auth support]) 4996 BSD_AUTH_MSG=yes 4997 fi 4998 ] 4999) 5000 5001# Where to place sshd.pid 5002piddir=/var/run 5003# make sure the directory exists 5004if test ! -d $piddir ; then 5005 piddir=`eval echo ${sysconfdir}` 5006 case $piddir in 5007 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5008 esac 5009fi 5010 5011AC_ARG_WITH([pid-dir], 5012 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5013 [ 5014 if test -n "$withval" && test "x$withval" != "xno" && \ 5015 test "x${withval}" != "xyes"; then 5016 piddir=$withval 5017 if test ! -d $piddir ; then 5018 AC_MSG_WARN([** no $piddir directory on this system **]) 5019 fi 5020 fi 5021 ] 5022) 5023 5024AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5025 [Specify location of ssh.pid]) 5026AC_SUBST([piddir]) 5027 5028dnl allow user to disable some login recording features 5029AC_ARG_ENABLE([lastlog], 5030 [ --disable-lastlog disable use of lastlog even if detected [no]], 5031 [ 5032 if test "x$enableval" = "xno" ; then 5033 AC_DEFINE([DISABLE_LASTLOG]) 5034 fi 5035 ] 5036) 5037AC_ARG_ENABLE([utmp], 5038 [ --disable-utmp disable use of utmp even if detected [no]], 5039 [ 5040 if test "x$enableval" = "xno" ; then 5041 AC_DEFINE([DISABLE_UTMP]) 5042 fi 5043 ] 5044) 5045AC_ARG_ENABLE([utmpx], 5046 [ --disable-utmpx disable use of utmpx even if detected [no]], 5047 [ 5048 if test "x$enableval" = "xno" ; then 5049 AC_DEFINE([DISABLE_UTMPX], [1], 5050 [Define if you don't want to use utmpx]) 5051 fi 5052 ] 5053) 5054AC_ARG_ENABLE([wtmp], 5055 [ --disable-wtmp disable use of wtmp even if detected [no]], 5056 [ 5057 if test "x$enableval" = "xno" ; then 5058 AC_DEFINE([DISABLE_WTMP]) 5059 fi 5060 ] 5061) 5062AC_ARG_ENABLE([wtmpx], 5063 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5064 [ 5065 if test "x$enableval" = "xno" ; then 5066 AC_DEFINE([DISABLE_WTMPX], [1], 5067 [Define if you don't want to use wtmpx]) 5068 fi 5069 ] 5070) 5071AC_ARG_ENABLE([libutil], 5072 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5073 [ 5074 if test "x$enableval" = "xno" ; then 5075 AC_DEFINE([DISABLE_LOGIN]) 5076 fi 5077 ] 5078) 5079AC_ARG_ENABLE([pututline], 5080 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5081 [ 5082 if test "x$enableval" = "xno" ; then 5083 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5084 [Define if you don't want to use pututline() 5085 etc. to write [uw]tmp]) 5086 fi 5087 ] 5088) 5089AC_ARG_ENABLE([pututxline], 5090 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5091 [ 5092 if test "x$enableval" = "xno" ; then 5093 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5094 [Define if you don't want to use pututxline() 5095 etc. to write [uw]tmpx]) 5096 fi 5097 ] 5098) 5099AC_ARG_WITH([lastlog], 5100 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5101 [ 5102 if test "x$withval" = "xno" ; then 5103 AC_DEFINE([DISABLE_LASTLOG]) 5104 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5105 conf_lastlog_location=$withval 5106 fi 5107 ] 5108) 5109 5110dnl lastlog, [uw]tmpx? detection 5111dnl NOTE: set the paths in the platform section to avoid the 5112dnl need for command-line parameters 5113dnl lastlog and [uw]tmp are subject to a file search if all else fails 5114 5115dnl lastlog detection 5116dnl NOTE: the code itself will detect if lastlog is a directory 5117AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5118AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5119#include <sys/types.h> 5120#include <utmp.h> 5121#ifdef HAVE_LASTLOG_H 5122# include <lastlog.h> 5123#endif 5124#ifdef HAVE_PATHS_H 5125# include <paths.h> 5126#endif 5127#ifdef HAVE_LOGIN_H 5128# include <login.h> 5129#endif 5130 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5131 [ AC_MSG_RESULT([yes]) ], 5132 [ 5133 AC_MSG_RESULT([no]) 5134 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5135 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5136#include <sys/types.h> 5137#include <utmp.h> 5138#ifdef HAVE_LASTLOG_H 5139# include <lastlog.h> 5140#endif 5141#ifdef HAVE_PATHS_H 5142# include <paths.h> 5143#endif 5144 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5145 [ AC_MSG_RESULT([yes]) ], 5146 [ 5147 AC_MSG_RESULT([no]) 5148 system_lastlog_path=no 5149 ]) 5150]) 5151 5152if test -z "$conf_lastlog_location"; then 5153 if test x"$system_lastlog_path" = x"no" ; then 5154 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5155 if (test -d "$f" || test -f "$f") ; then 5156 conf_lastlog_location=$f 5157 fi 5158 done 5159 if test -z "$conf_lastlog_location"; then 5160 AC_MSG_WARN([** Cannot find lastlog **]) 5161 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5162 fi 5163 fi 5164fi 5165 5166if test -n "$conf_lastlog_location"; then 5167 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5168 [Define if you want to specify the path to your lastlog file]) 5169fi 5170 5171dnl utmp detection 5172AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5173AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5174#include <sys/types.h> 5175#include <utmp.h> 5176#ifdef HAVE_PATHS_H 5177# include <paths.h> 5178#endif 5179 ]], [[ char *utmp = UTMP_FILE; ]])], 5180 [ AC_MSG_RESULT([yes]) ], 5181 [ AC_MSG_RESULT([no]) 5182 system_utmp_path=no 5183]) 5184if test -z "$conf_utmp_location"; then 5185 if test x"$system_utmp_path" = x"no" ; then 5186 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5187 if test -f $f ; then 5188 conf_utmp_location=$f 5189 fi 5190 done 5191 if test -z "$conf_utmp_location"; then 5192 AC_DEFINE([DISABLE_UTMP]) 5193 fi 5194 fi 5195fi 5196if test -n "$conf_utmp_location"; then 5197 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5198 [Define if you want to specify the path to your utmp file]) 5199fi 5200 5201dnl wtmp detection 5202AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5203AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5204#include <sys/types.h> 5205#include <utmp.h> 5206#ifdef HAVE_PATHS_H 5207# include <paths.h> 5208#endif 5209 ]], [[ char *wtmp = WTMP_FILE; ]])], 5210 [ AC_MSG_RESULT([yes]) ], 5211 [ AC_MSG_RESULT([no]) 5212 system_wtmp_path=no 5213]) 5214if test -z "$conf_wtmp_location"; then 5215 if test x"$system_wtmp_path" = x"no" ; then 5216 for f in /usr/adm/wtmp /var/log/wtmp; do 5217 if test -f $f ; then 5218 conf_wtmp_location=$f 5219 fi 5220 done 5221 if test -z "$conf_wtmp_location"; then 5222 AC_DEFINE([DISABLE_WTMP]) 5223 fi 5224 fi 5225fi 5226if test -n "$conf_wtmp_location"; then 5227 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5228 [Define if you want to specify the path to your wtmp file]) 5229fi 5230 5231dnl wtmpx detection 5232AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5233AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5234#include <sys/types.h> 5235#include <utmp.h> 5236#ifdef HAVE_UTMPX_H 5237#include <utmpx.h> 5238#endif 5239#ifdef HAVE_PATHS_H 5240# include <paths.h> 5241#endif 5242 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5243 [ AC_MSG_RESULT([yes]) ], 5244 [ AC_MSG_RESULT([no]) 5245 system_wtmpx_path=no 5246]) 5247if test -z "$conf_wtmpx_location"; then 5248 if test x"$system_wtmpx_path" = x"no" ; then 5249 AC_DEFINE([DISABLE_WTMPX]) 5250 fi 5251else 5252 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5253 [Define if you want to specify the path to your wtmpx file]) 5254fi 5255 5256 5257if test ! -z "$blibpath" ; then 5258 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5259 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5260fi 5261 5262AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5263 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5264 AC_DEFINE([DISABLE_LASTLOG]) 5265 fi 5266 ], [ 5267#ifdef HAVE_SYS_TYPES_H 5268#include <sys/types.h> 5269#endif 5270#ifdef HAVE_UTMP_H 5271#include <utmp.h> 5272#endif 5273#ifdef HAVE_UTMPX_H 5274#include <utmpx.h> 5275#endif 5276#ifdef HAVE_LASTLOG_H 5277#include <lastlog.h> 5278#endif 5279 ]) 5280 5281AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5282 AC_DEFINE([DISABLE_UTMP]) 5283 AC_DEFINE([DISABLE_WTMP]) 5284 ], [ 5285#ifdef HAVE_SYS_TYPES_H 5286#include <sys/types.h> 5287#endif 5288#ifdef HAVE_UTMP_H 5289#include <utmp.h> 5290#endif 5291#ifdef HAVE_UTMPX_H 5292#include <utmpx.h> 5293#endif 5294#ifdef HAVE_LASTLOG_H 5295#include <lastlog.h> 5296#endif 5297 ]) 5298 5299dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5300dnl Add now. 5301CFLAGS="$CFLAGS $werror_flags" 5302 5303if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5304 TEST_SSH_IPV6=no 5305else 5306 TEST_SSH_IPV6=yes 5307fi 5308AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5309AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5310AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5311AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5312AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5313AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5314 5315CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5316LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5317 5318AC_EXEEXT 5319AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5320 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5321 survey.sh]) 5322AC_OUTPUT 5323 5324# Print summary of options 5325 5326# Someone please show me a better way :) 5327A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5328B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5329C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5330D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5331E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5332F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5333G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5334H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5335I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5336J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5337 5338echo "" 5339echo "OpenSSH has been configured with the following options:" 5340echo " User binaries: $B" 5341echo " System binaries: $C" 5342echo " Configuration files: $D" 5343echo " Askpass program: $E" 5344echo " Manual pages: $F" 5345echo " PID file: $G" 5346echo " Privilege separation chroot path: $H" 5347if test "x$external_path_file" = "x/etc/login.conf" ; then 5348echo " At runtime, sshd will use the path defined in $external_path_file" 5349echo " Make sure the path to scp is present, otherwise scp will not work" 5350else 5351echo " sshd default user PATH: $I" 5352 if test ! -z "$external_path_file"; then 5353echo " (If PATH is set in $external_path_file it will be used instead. If" 5354echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5355 fi 5356fi 5357if test ! -z "$superuser_path" ; then 5358echo " sshd superuser user PATH: $J" 5359fi 5360echo " Manpage format: $MANTYPE" 5361echo " PAM support: $PAM_MSG" 5362echo " OSF SIA support: $SIA_MSG" 5363echo " KerberosV support: $KRB5_MSG" 5364echo " SELinux support: $SELINUX_MSG" 5365echo " TCP Wrappers support: $TCPW_MSG" 5366echo " MD5 password support: $MD5_MSG" 5367echo " libedit support: $LIBEDIT_MSG" 5368echo " libldns support: $LDNS_MSG" 5369echo " Solaris process contract support: $SPC_MSG" 5370echo " Solaris project support: $SP_MSG" 5371echo " Solaris privilege support: $SPP_MSG" 5372echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5373echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5374echo " BSD Auth support: $BSD_AUTH_MSG" 5375echo " Random number source: $RAND_MSG" 5376echo " Privsep sandbox style: $SANDBOX_STYLE" 5377 5378echo "" 5379 5380echo " Host: ${host}" 5381echo " Compiler: ${CC}" 5382echo " Compiler flags: ${CFLAGS}" 5383echo "Preprocessor flags: ${CPPFLAGS}" 5384echo " Linker flags: ${LDFLAGS}" 5385echo " Libraries: ${LIBS}" 5386if test ! -z "${SSHDLIBS}"; then 5387echo " +for sshd: ${SSHDLIBS}" 5388fi 5389if test ! -z "${SSHLIBS}"; then 5390echo " +for ssh: ${SSHLIBS}" 5391fi 5392 5393echo "" 5394 5395if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5396 echo "SVR4 style packages are supported with \"make package\"" 5397 echo "" 5398fi 5399 5400if test "x$PAM_MSG" = "xyes" ; then 5401 echo "PAM is enabled. You may need to install a PAM control file " 5402 echo "for sshd, otherwise password authentication may fail. " 5403 echo "Example PAM control files can be found in the contrib/ " 5404 echo "subdirectory" 5405 echo "" 5406fi 5407 5408if test ! -z "$NO_PEERCHECK" ; then 5409 echo "WARNING: the operating system that you are using does not" 5410 echo "appear to support getpeereid(), getpeerucred() or the" 5411 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5412 echo "enforce security checks to prevent unauthorised connections to" 5413 echo "ssh-agent. Their absence increases the risk that a malicious" 5414 echo "user can connect to your agent." 5415 echo "" 5416fi 5417 5418if test "$AUDIT_MODULE" = "bsm" ; then 5419 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5420 echo "See the Solaris section in README.platform for details." 5421fi 5422