1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_REVISION($Revision: 1.583 $) 18AC_CONFIG_SRCDIR([ssh.c]) 19AC_LANG([C]) 20 21AC_CONFIG_HEADER([config.h]) 22AC_PROG_CC 23AC_CANONICAL_HOST 24AC_C_BIGENDIAN 25 26# Checks for programs. 27AC_PROG_AWK 28AC_PROG_CPP 29AC_PROG_RANLIB 30AC_PROG_INSTALL 31AC_PROG_EGREP 32AC_PROG_MKDIR_P 33AC_CHECK_TOOLS([AR], [ar]) 34AC_PATH_PROG([CAT], [cat]) 35AC_PATH_PROG([KILL], [kill]) 36AC_PATH_PROG([SED], [sed]) 37AC_PATH_PROG([ENT], [ent]) 38AC_SUBST([ENT]) 39AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 40AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 41AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 42AC_PATH_PROG([SH], [sh]) 43AC_PATH_PROG([GROFF], [groff]) 44AC_PATH_PROG([NROFF], [nroff]) 45AC_PATH_PROG([MANDOC], [mandoc]) 46AC_SUBST([TEST_SHELL], [sh]) 47 48dnl select manpage formatter 49if test "x$MANDOC" != "x" ; then 50 MANFMT="$MANDOC" 51elif test "x$NROFF" != "x" ; then 52 MANFMT="$NROFF -mandoc" 53elif test "x$GROFF" != "x" ; then 54 MANFMT="$GROFF -mandoc -Tascii" 55else 56 AC_MSG_WARN([no manpage formatted found]) 57 MANFMT="false" 58fi 59AC_SUBST([MANFMT]) 60 61dnl for buildpkg.sh 62AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 63 [/usr/sbin${PATH_SEPARATOR}/etc]) 64AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 65 [/usr/sbin${PATH_SEPARATOR}/etc]) 66AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 67if test -x /sbin/sh; then 68 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 69else 70 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 71fi 72 73# System features 74AC_SYS_LARGEFILE 75 76if test -z "$AR" ; then 77 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 78fi 79 80AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 81if test ! -z "$PATH_PASSWD_PROG" ; then 82 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 83 [Full path of your "passwd" program]) 84fi 85 86if test -z "$LD" ; then 87 LD=$CC 88fi 89AC_SUBST([LD]) 90 91AC_C_INLINE 92 93AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 94AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 95 #include <sys/types.h> 96 #include <sys/param.h> 97 #include <dev/systrace.h> 98]) 99AC_CHECK_DECL([RLIMIT_NPROC], 100 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 101 #include <sys/types.h> 102 #include <sys/resource.h> 103]) 104AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 105 #include <sys/types.h> 106 #include <linux/prctl.h> 107]) 108 109openssl=yes 110AC_ARG_WITH([openssl], 111 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 112 [ if test "x$withval" = "xno" ; then 113 openssl=no 114 fi 115 ] 116) 117AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 118if test "x$openssl" = "xyes" ; then 119 AC_MSG_RESULT([yes]) 120 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 121else 122 AC_MSG_RESULT([no]) 123fi 124 125use_stack_protector=1 126use_toolchain_hardening=1 127AC_ARG_WITH([stackprotect], 128 [ --without-stackprotect Don't use compiler's stack protection], [ 129 if test "x$withval" = "xno"; then 130 use_stack_protector=0 131 fi ]) 132AC_ARG_WITH([hardening], 133 [ --without-hardening Don't use toolchain hardening flags], [ 134 if test "x$withval" = "xno"; then 135 use_toolchain_hardening=0 136 fi ]) 137 138# We use -Werror for the tests only so that we catch warnings like "this is 139# on by default" for things like -fPIE. 140AC_MSG_CHECKING([if $CC supports -Werror]) 141saved_CFLAGS="$CFLAGS" 142CFLAGS="$CFLAGS -Werror" 143AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 144 [ AC_MSG_RESULT([yes]) 145 WERROR="-Werror"], 146 [ AC_MSG_RESULT([no]) 147 WERROR="" ] 148) 149CFLAGS="$saved_CFLAGS" 150 151if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 152 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 153 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 154 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 155 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 156 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 157 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 158 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 159 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 160 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 161 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 162 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 163 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 164 if test "x$use_toolchain_hardening" = "x1"; then 165 OSSH_CHECK_CFLAG_COMPILE([-mfunction-return=thunk]) # gcc 166 OSSH_CHECK_CFLAG_COMPILE([-mindirect-branch=thunk]) # gcc 167 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 168 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 169 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 170 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 171 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 172 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 173 # NB. -ftrapv expects certain support functions to be present in 174 # the compiler library (libgcc or similar) to detect integer operations 175 # that can overflow. We must check that the result of enabling it 176 # actually links. The test program compiled/linked includes a number 177 # of integer operations that should exercise this. 178 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 179 fi 180 AC_MSG_CHECKING([gcc version]) 181 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 182 case $GCC_VER in 183 1.*) no_attrib_nonnull=1 ;; 184 2.8* | 2.9*) 185 no_attrib_nonnull=1 186 ;; 187 2.*) no_attrib_nonnull=1 ;; 188 *) ;; 189 esac 190 AC_MSG_RESULT([$GCC_VER]) 191 192 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 193 saved_CFLAGS="$CFLAGS" 194 CFLAGS="$CFLAGS -fno-builtin-memset" 195 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 196 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 197 [ AC_MSG_RESULT([yes]) ], 198 [ AC_MSG_RESULT([no]) 199 CFLAGS="$saved_CFLAGS" ] 200 ) 201 202 # -fstack-protector-all doesn't always work for some GCC versions 203 # and/or platforms, so we test if we can. If it's not supported 204 # on a given platform gcc will emit a warning so we use -Werror. 205 if test "x$use_stack_protector" = "x1"; then 206 for t in -fstack-protector-strong -fstack-protector-all \ 207 -fstack-protector; do 208 AC_MSG_CHECKING([if $CC supports $t]) 209 saved_CFLAGS="$CFLAGS" 210 saved_LDFLAGS="$LDFLAGS" 211 CFLAGS="$CFLAGS $t -Werror" 212 LDFLAGS="$LDFLAGS $t -Werror" 213 AC_LINK_IFELSE( 214 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 215 [[ 216 char x[256]; 217 snprintf(x, sizeof(x), "XXX"); 218 ]])], 219 [ AC_MSG_RESULT([yes]) 220 CFLAGS="$saved_CFLAGS $t" 221 LDFLAGS="$saved_LDFLAGS $t" 222 AC_MSG_CHECKING([if $t works]) 223 AC_RUN_IFELSE( 224 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 225 [[ 226 char x[256]; 227 snprintf(x, sizeof(x), "XXX"); 228 ]])], 229 [ AC_MSG_RESULT([yes]) 230 break ], 231 [ AC_MSG_RESULT([no]) ], 232 [ AC_MSG_WARN([cross compiling: cannot test]) 233 break ] 234 ) 235 ], 236 [ AC_MSG_RESULT([no]) ] 237 ) 238 CFLAGS="$saved_CFLAGS" 239 LDFLAGS="$saved_LDFLAGS" 240 done 241 fi 242 243 if test -z "$have_llong_max"; then 244 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 245 unset ac_cv_have_decl_LLONG_MAX 246 saved_CFLAGS="$CFLAGS" 247 CFLAGS="$CFLAGS -std=gnu99" 248 AC_CHECK_DECL([LLONG_MAX], 249 [have_llong_max=1], 250 [CFLAGS="$saved_CFLAGS"], 251 [#include <limits.h>] 252 ) 253 fi 254fi 255 256AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 257AC_COMPILE_IFELSE( 258 [AC_LANG_PROGRAM([[ 259#include <stdlib.h> 260__attribute__((__unused__)) static void foo(void){return;}]], 261 [[ exit(0); ]])], 262 [ AC_MSG_RESULT([yes]) ], 263 [ AC_MSG_RESULT([no]) 264 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 265 [compiler does not accept __attribute__ on return types]) ] 266) 267 268AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 269AC_COMPILE_IFELSE( 270 [AC_LANG_PROGRAM([[ 271#include <stdlib.h> 272typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 273 [[ exit(0); ]])], 274 [ AC_MSG_RESULT([yes]) ], 275 [ AC_MSG_RESULT([no]) 276 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 277 [compiler does not accept __attribute__ on protoype args]) ] 278) 279 280if test "x$no_attrib_nonnull" != "x1" ; then 281 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 282fi 283 284AC_ARG_WITH([rpath], 285 [ --without-rpath Disable auto-added -R linker paths], 286 [ 287 if test "x$withval" = "xno" ; then 288 need_dash_r="" 289 fi 290 if test "x$withval" = "xyes" ; then 291 need_dash_r=1 292 fi 293 ] 294) 295 296# Allow user to specify flags 297AC_ARG_WITH([cflags], 298 [ --with-cflags Specify additional flags to pass to compiler], 299 [ 300 if test -n "$withval" && test "x$withval" != "xno" && \ 301 test "x${withval}" != "xyes"; then 302 CFLAGS="$CFLAGS $withval" 303 fi 304 ] 305) 306 307AC_ARG_WITH([cflags-after], 308 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 309 [ 310 if test -n "$withval" && test "x$withval" != "xno" && \ 311 test "x${withval}" != "xyes"; then 312 CFLAGS_AFTER="$withval" 313 fi 314 ] 315) 316AC_ARG_WITH([cppflags], 317 [ --with-cppflags Specify additional flags to pass to preprocessor] , 318 [ 319 if test -n "$withval" && test "x$withval" != "xno" && \ 320 test "x${withval}" != "xyes"; then 321 CPPFLAGS="$CPPFLAGS $withval" 322 fi 323 ] 324) 325AC_ARG_WITH([ldflags], 326 [ --with-ldflags Specify additional flags to pass to linker], 327 [ 328 if test -n "$withval" && test "x$withval" != "xno" && \ 329 test "x${withval}" != "xyes"; then 330 LDFLAGS="$LDFLAGS $withval" 331 fi 332 ] 333) 334AC_ARG_WITH([ldflags-after], 335 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 336 [ 337 if test -n "$withval" && test "x$withval" != "xno" && \ 338 test "x${withval}" != "xyes"; then 339 LDFLAGS_AFTER="$withval" 340 fi 341 ] 342) 343AC_ARG_WITH([libs], 344 [ --with-libs Specify additional libraries to link with], 345 [ 346 if test -n "$withval" && test "x$withval" != "xno" && \ 347 test "x${withval}" != "xyes"; then 348 LIBS="$LIBS $withval" 349 fi 350 ] 351) 352AC_ARG_WITH([Werror], 353 [ --with-Werror Build main code with -Werror], 354 [ 355 if test -n "$withval" && test "x$withval" != "xno"; then 356 werror_flags="-Werror" 357 if test "x${withval}" != "xyes"; then 358 werror_flags="$withval" 359 fi 360 fi 361 ] 362) 363 364AC_CHECK_HEADERS([ \ 365 blf.h \ 366 bstring.h \ 367 crypt.h \ 368 crypto/sha2.h \ 369 dirent.h \ 370 endian.h \ 371 elf.h \ 372 err.h \ 373 features.h \ 374 fcntl.h \ 375 floatingpoint.h \ 376 getopt.h \ 377 glob.h \ 378 ia.h \ 379 iaf.h \ 380 ifaddrs.h \ 381 inttypes.h \ 382 langinfo.h \ 383 limits.h \ 384 locale.h \ 385 login.h \ 386 maillock.h \ 387 ndir.h \ 388 net/if_tun.h \ 389 netdb.h \ 390 netgroup.h \ 391 pam/pam_appl.h \ 392 paths.h \ 393 poll.h \ 394 pty.h \ 395 readpassphrase.h \ 396 rpc/types.h \ 397 security/pam_appl.h \ 398 sha2.h \ 399 shadow.h \ 400 stddef.h \ 401 stdint.h \ 402 string.h \ 403 strings.h \ 404 sys/bitypes.h \ 405 sys/bsdtty.h \ 406 sys/cdefs.h \ 407 sys/dir.h \ 408 sys/file.h \ 409 sys/mman.h \ 410 sys/label.h \ 411 sys/ndir.h \ 412 sys/poll.h \ 413 sys/prctl.h \ 414 sys/pstat.h \ 415 sys/ptrace.h \ 416 sys/select.h \ 417 sys/stat.h \ 418 sys/stream.h \ 419 sys/stropts.h \ 420 sys/strtio.h \ 421 sys/statvfs.h \ 422 sys/sysmacros.h \ 423 sys/time.h \ 424 sys/timers.h \ 425 sys/vfs.h \ 426 time.h \ 427 tmpdir.h \ 428 ttyent.h \ 429 ucred.h \ 430 unistd.h \ 431 usersec.h \ 432 util.h \ 433 utime.h \ 434 utmp.h \ 435 utmpx.h \ 436 vis.h \ 437 wchar.h \ 438]) 439 440# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 441# to be included first. 442AC_CHECK_HEADERS([sys/audit.h], [], [], [ 443#ifdef HAVE_SYS_TIME_H 444# include <sys/time.h> 445#endif 446#ifdef HAVE_SYS_TYPES_H 447# include <sys/types.h> 448#endif 449#ifdef HAVE_SYS_LABEL_H 450# include <sys/label.h> 451#endif 452]) 453 454# sys/capsicum.h requires sys/types.h 455AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ 456#ifdef HAVE_SYS_TYPES_H 457# include <sys/types.h> 458#endif 459]) 460 461# net/route.h requires sys/socket.h and sys/types.h. 462# sys/sysctl.h also requires sys/param.h 463AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 464#ifdef HAVE_SYS_TYPES_H 465# include <sys/types.h> 466#endif 467#include <sys/param.h> 468#include <sys/socket.h> 469]) 470 471# lastlog.h requires sys/time.h to be included first on Solaris 472AC_CHECK_HEADERS([lastlog.h], [], [], [ 473#ifdef HAVE_SYS_TIME_H 474# include <sys/time.h> 475#endif 476]) 477 478# sys/ptms.h requires sys/stream.h to be included first on Solaris 479AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 480#ifdef HAVE_SYS_STREAM_H 481# include <sys/stream.h> 482#endif 483]) 484 485# login_cap.h requires sys/types.h on NetBSD 486AC_CHECK_HEADERS([login_cap.h], [], [], [ 487#include <sys/types.h> 488]) 489 490# older BSDs need sys/param.h before sys/mount.h 491AC_CHECK_HEADERS([sys/mount.h], [], [], [ 492#include <sys/param.h> 493]) 494 495# Android requires sys/socket.h to be included before sys/un.h 496AC_CHECK_HEADERS([sys/un.h], [], [], [ 497#include <sys/types.h> 498#include <sys/socket.h> 499]) 500 501# Messages for features tested for in target-specific section 502SIA_MSG="no" 503SPC_MSG="no" 504SP_MSG="no" 505SPP_MSG="no" 506 507# Support for Solaris/Illumos privileges (this test is used by both 508# the --with-solaris-privs option and --with-sandbox=solaris). 509SOLARIS_PRIVS="no" 510 511# Check for some target-specific stuff 512case "$host" in 513*-*-aix*) 514 # Some versions of VAC won't allow macro redefinitions at 515 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 516 # particularly with older versions of vac or xlc. 517 # It also throws errors about null macro argments, but these are 518 # not fatal. 519 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 520 AC_COMPILE_IFELSE( 521 [AC_LANG_PROGRAM([[ 522#define testmacro foo 523#define testmacro bar]], 524 [[ exit(0); ]])], 525 [ AC_MSG_RESULT([yes]) ], 526 [ AC_MSG_RESULT([no]) 527 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 528 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`" 529 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 530 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 531 ] 532 ) 533 534 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 535 if (test -z "$blibpath"); then 536 blibpath="/usr/lib:/lib" 537 fi 538 saved_LDFLAGS="$LDFLAGS" 539 if test "$GCC" = "yes"; then 540 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 541 else 542 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 543 fi 544 for tryflags in $flags ;do 545 if (test -z "$blibflags"); then 546 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 547 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 548 [blibflags=$tryflags], []) 549 fi 550 done 551 if (test -z "$blibflags"); then 552 AC_MSG_RESULT([not found]) 553 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 554 else 555 AC_MSG_RESULT([$blibflags]) 556 fi 557 LDFLAGS="$saved_LDFLAGS" 558 dnl Check for authenticate. Might be in libs.a on older AIXes 559 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 560 [Define if you want to enable AIX4's authenticate function])], 561 [AC_CHECK_LIB([s], [authenticate], 562 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 563 LIBS="$LIBS -ls" 564 ]) 565 ]) 566 dnl Check for various auth function declarations in headers. 567 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 568 passwdexpired, setauthdb], , , [#include <usersec.h>]) 569 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 570 AC_CHECK_DECLS([loginfailed], 571 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 572 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 573 [[ (void)loginfailed("user","host","tty",0); ]])], 574 [AC_MSG_RESULT([yes]) 575 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 576 [Define if your AIX loginfailed() function 577 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 578 ])], 579 [], 580 [#include <usersec.h>] 581 ) 582 AC_CHECK_FUNCS([getgrset setauthdb]) 583 AC_CHECK_DECL([F_CLOSEM], 584 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 585 [], 586 [ #include <limits.h> 587 #include <fcntl.h> ] 588 ) 589 check_for_aix_broken_getaddrinfo=1 590 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.]) 591 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 592 [Define if your platform breaks doing a seteuid before a setuid]) 593 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 594 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 595 dnl AIX handles lastlog as part of its login message 596 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 597 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 598 [Some systems need a utmpx entry for /bin/login to work]) 599 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 600 [Define to a Set Process Title type if your system is 601 supported by bsd-setproctitle.c]) 602 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 603 [AIX 5.2 and 5.3 (and presumably newer) require this]) 604 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 605 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 606 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 607 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 608 ;; 609*-*-android*) 610 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 611 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 612 ;; 613*-*-cygwin*) 614 check_for_libcrypt_later=1 615 LIBS="$LIBS /usr/lib/textreadmode.o" 616 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 617 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 618 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 619 [Define to disable UID restoration test]) 620 AC_DEFINE([DISABLE_SHADOW], [1], 621 [Define if you want to disable shadow passwords]) 622 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 623 [Define if X11 doesn't support AF_UNIX sockets on that system]) 624 AC_DEFINE([DISABLE_FD_PASSING], [1], 625 [Define if your platform needs to skip post auth 626 file descriptor passing]) 627 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 628 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 629 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 630 # reasons which cause compile warnings, so we disable those warnings. 631 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 632 ;; 633*-*-dgux*) 634 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 635 [Define if your system choked on IP TOS setting]) 636 AC_DEFINE([SETEUID_BREAKS_SETUID]) 637 AC_DEFINE([BROKEN_SETREUID]) 638 AC_DEFINE([BROKEN_SETREGID]) 639 ;; 640*-*-darwin*) 641 use_pie=auto 642 AC_MSG_CHECKING([if we have working getaddrinfo]) 643 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h> 644main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 645 exit(0); 646 else 647 exit(1); 648} 649 ]])], 650 [AC_MSG_RESULT([working])], 651 [AC_MSG_RESULT([buggy]) 652 AC_DEFINE([BROKEN_GETADDRINFO], [1], 653 [getaddrinfo is broken (if present)]) 654 ], 655 [AC_MSG_RESULT([assume it is working])]) 656 AC_DEFINE([SETEUID_BREAKS_SETUID]) 657 AC_DEFINE([BROKEN_SETREUID]) 658 AC_DEFINE([BROKEN_SETREGID]) 659 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 660 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 661 [Define if your resolver libs need this for getrrsetbyname]) 662 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 663 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 664 [Use tunnel device compatibility to OpenBSD]) 665 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 666 [Prepend the address family to IP tunnel traffic]) 667 m4_pattern_allow([AU_IPv]) 668 AC_CHECK_DECL([AU_IPv4], [], 669 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 670 [#include <bsm/audit.h>] 671 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 672 [Define if pututxline updates lastlog too]) 673 ) 674 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 675 [Define to a Set Process Title type if your system is 676 supported by bsd-setproctitle.c]) 677 AC_CHECK_FUNCS([sandbox_init]) 678 AC_CHECK_HEADERS([sandbox.h]) 679 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 680 SSHDLIBS="$SSHDLIBS -lsandbox" 681 ]) 682 ;; 683*-*-dragonfly*) 684 SSHDLIBS="$SSHDLIBS -lcrypt" 685 TEST_MALLOC_OPTIONS="AFGJPRX" 686 ;; 687*-*-haiku*) 688 LIBS="$LIBS -lbsd " 689 AC_CHECK_LIB([network], [socket]) 690 AC_DEFINE([HAVE_U_INT64_T]) 691 MANTYPE=man 692 ;; 693*-*-hpux*) 694 # first we define all of the options common to all HP-UX releases 695 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 696 IPADDR_IN_DISPLAY=yes 697 AC_DEFINE([USE_PIPES]) 698 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 699 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 700 [String used in /etc/passwd to denote locked account]) 701 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 702 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 703 maildir="/var/mail" 704 LIBS="$LIBS -lsec" 705 AC_CHECK_LIB([xnet], [t_error], , 706 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 707 708 # next, we define all of the options specific to major releases 709 case "$host" in 710 *-*-hpux10*) 711 if test -z "$GCC"; then 712 CFLAGS="$CFLAGS -Ae" 713 fi 714 ;; 715 *-*-hpux11*) 716 AC_DEFINE([PAM_SUN_CODEBASE], [1], 717 [Define if you are using Solaris-derived PAM which 718 passes pam_messages to the conversation function 719 with an extra level of indirection]) 720 AC_DEFINE([DISABLE_UTMP], [1], 721 [Define if you don't want to use utmp]) 722 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 723 check_for_hpux_broken_getaddrinfo=1 724 check_for_conflicting_getspnam=1 725 ;; 726 esac 727 728 # lastly, we define options specific to minor releases 729 case "$host" in 730 *-*-hpux10.26) 731 AC_DEFINE([HAVE_SECUREWARE], [1], 732 [Define if you have SecureWare-based 733 protected password database]) 734 disable_ptmx_check=yes 735 LIBS="$LIBS -lsecpw" 736 ;; 737 esac 738 ;; 739*-*-irix5*) 740 PATH="$PATH:/usr/etc" 741 AC_DEFINE([BROKEN_INET_NTOA], [1], 742 [Define if you system's inet_ntoa is busted 743 (e.g. Irix gcc issue)]) 744 AC_DEFINE([SETEUID_BREAKS_SETUID]) 745 AC_DEFINE([BROKEN_SETREUID]) 746 AC_DEFINE([BROKEN_SETREGID]) 747 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 748 [Define if you shouldn't strip 'tty' from your 749 ttyname in [uw]tmp]) 750 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 751 ;; 752*-*-irix6*) 753 PATH="$PATH:/usr/etc" 754 AC_DEFINE([WITH_IRIX_ARRAY], [1], 755 [Define if you have/want arrays 756 (cluster-wide session managment, not C arrays)]) 757 AC_DEFINE([WITH_IRIX_PROJECT], [1], 758 [Define if you want IRIX project management]) 759 AC_DEFINE([WITH_IRIX_AUDIT], [1], 760 [Define if you want IRIX audit trails]) 761 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 762 [Define if you want IRIX kernel jobs])]) 763 AC_DEFINE([BROKEN_INET_NTOA]) 764 AC_DEFINE([SETEUID_BREAKS_SETUID]) 765 AC_DEFINE([BROKEN_SETREUID]) 766 AC_DEFINE([BROKEN_SETREGID]) 767 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 768 AC_DEFINE([WITH_ABBREV_NO_TTY]) 769 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 770 ;; 771*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 772 check_for_libcrypt_later=1 773 AC_DEFINE([PAM_TTY_KLUDGE]) 774 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 775 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 776 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 777 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 778 ;; 779*-*-linux*) 780 no_dev_ptmx=1 781 use_pie=auto 782 check_for_libcrypt_later=1 783 check_for_openpty_ctty_bug=1 784 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 785 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 786 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" 787 AC_DEFINE([PAM_TTY_KLUDGE], [1], 788 [Work around problematic Linux PAM modules handling of PAM_TTY]) 789 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 790 [String used in /etc/passwd to denote locked account]) 791 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 792 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 793 [Define to whatever link() returns for "not supported" 794 if it doesn't return EOPNOTSUPP.]) 795 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 796 AC_DEFINE([USE_BTMP]) 797 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 798 inet6_default_4in6=yes 799 case `uname -r` in 800 1.*|2.0.*) 801 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 802 [Define if cmsg_type is not passed correctly]) 803 ;; 804 esac 805 # tun(4) forwarding compat code 806 AC_CHECK_HEADERS([linux/if_tun.h]) 807 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 808 AC_DEFINE([SSH_TUN_LINUX], [1], 809 [Open tunnel devices the Linux tun/tap way]) 810 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 811 [Use tunnel device compatibility to OpenBSD]) 812 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 813 [Prepend the address family to IP tunnel traffic]) 814 fi 815 AC_CHECK_HEADER([linux/if.h], 816 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 817 [Support routing domains using Linux VRF]), [], [ 818#ifdef HAVE_SYS_TYPES_H 819# include <sys/types.H> 820#endif 821 ]) 822 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 823 [], [#include <linux/types.h>]) 824 # Obtain MIPS ABI 825 case "$host" in 826 mips*) 827 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 828#if _MIPS_SIM != _ABIO32 829#error 830#endif 831 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 832#if _MIPS_SIM != _ABIN32 833#error 834#endif 835 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 836#if _MIPS_SIM != _ABI64 837#error 838#endif 839 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 840 ]) 841 ]) 842 ]) 843 ;; 844 esac 845 AC_MSG_CHECKING([for seccomp architecture]) 846 seccomp_audit_arch= 847 case "$host" in 848 x86_64-*) 849 seccomp_audit_arch=AUDIT_ARCH_X86_64 850 ;; 851 i*86-*) 852 seccomp_audit_arch=AUDIT_ARCH_I386 853 ;; 854 arm*-*) 855 seccomp_audit_arch=AUDIT_ARCH_ARM 856 ;; 857 aarch64*-*) 858 seccomp_audit_arch=AUDIT_ARCH_AARCH64 859 ;; 860 s390x-*) 861 seccomp_audit_arch=AUDIT_ARCH_S390X 862 ;; 863 s390-*) 864 seccomp_audit_arch=AUDIT_ARCH_S390 865 ;; 866 powerpc64-*) 867 seccomp_audit_arch=AUDIT_ARCH_PPC64 868 ;; 869 powerpc64le-*) 870 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 871 ;; 872 mips-*) 873 seccomp_audit_arch=AUDIT_ARCH_MIPS 874 ;; 875 mipsel-*) 876 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 877 ;; 878 mips64-*) 879 case "$mips_abi" in 880 "n32") 881 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 882 ;; 883 "n64") 884 seccomp_audit_arch=AUDIT_ARCH_MIPS64 885 ;; 886 esac 887 ;; 888 mips64el-*) 889 case "$mips_abi" in 890 "n32") 891 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 892 ;; 893 "n64") 894 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 895 ;; 896 esac 897 ;; 898 esac 899 if test "x$seccomp_audit_arch" != "x" ; then 900 AC_MSG_RESULT(["$seccomp_audit_arch"]) 901 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 902 [Specify the system call convention in use]) 903 else 904 AC_MSG_RESULT([architecture not supported]) 905 fi 906 ;; 907mips-sony-bsd|mips-sony-newsos4) 908 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 909 SONY=1 910 ;; 911*-*-netbsd*) 912 check_for_libcrypt_before=1 913 if test "x$withval" != "xno" ; then 914 need_dash_r=1 915 fi 916 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 917 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 918 AC_CHECK_HEADER([net/if_tap.h], , 919 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 920 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 921 [Prepend the address family to IP tunnel traffic]) 922 TEST_MALLOC_OPTIONS="AJRX" 923 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 924 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 925 ;; 926*-*-freebsd*) 927 check_for_libcrypt_later=1 928 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 929 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 930 AC_CHECK_HEADER([net/if_tap.h], , 931 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 932 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 933 TEST_MALLOC_OPTIONS="AJRX" 934 # Preauth crypto occasionally uses file descriptors for crypto offload 935 # and will crash if they cannot be opened. 936 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 937 [define if setrlimit RLIMIT_NOFILE breaks things]) 938 ;; 939*-*-bsdi*) 940 AC_DEFINE([SETEUID_BREAKS_SETUID]) 941 AC_DEFINE([BROKEN_SETREUID]) 942 AC_DEFINE([BROKEN_SETREGID]) 943 ;; 944*-next-*) 945 conf_lastlog_location="/usr/adm/lastlog" 946 conf_utmp_location=/etc/utmp 947 conf_wtmp_location=/usr/adm/wtmp 948 maildir=/usr/spool/mail 949 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 950 AC_DEFINE([BROKEN_REALPATH]) 951 AC_DEFINE([USE_PIPES]) 952 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 953 ;; 954*-*-openbsd*) 955 use_pie=auto 956 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 957 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 958 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 959 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 960 [syslog_r function is safe to use in in a signal handler]) 961 TEST_MALLOC_OPTIONS="AFGJPRX" 962 ;; 963*-*-solaris*) 964 if test "x$withval" != "xno" ; then 965 need_dash_r=1 966 fi 967 AC_DEFINE([PAM_SUN_CODEBASE]) 968 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 969 AC_DEFINE([PAM_TTY_KLUDGE]) 970 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 971 [Define if pam_chauthtok wants real uid set 972 to the unpriv'ed user]) 973 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 974 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 975 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 976 [Define if sshd somehow reacquires a controlling TTY 977 after setsid()]) 978 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 979 in case the name is longer than 8 chars]) 980 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 981 external_path_file=/etc/default/login 982 # hardwire lastlog location (can't detect it on some versions) 983 conf_lastlog_location="/var/adm/lastlog" 984 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 985 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 986 if test "$sol2ver" -ge 8; then 987 AC_MSG_RESULT([yes]) 988 AC_DEFINE([DISABLE_UTMP]) 989 AC_DEFINE([DISABLE_WTMP], [1], 990 [Define if you don't want to use wtmp]) 991 else 992 AC_MSG_RESULT([no]) 993 fi 994 AC_CHECK_FUNCS([setpflags]) 995 AC_CHECK_FUNCS([setppriv]) 996 AC_CHECK_FUNCS([priv_basicset]) 997 AC_CHECK_HEADERS([priv.h]) 998 AC_ARG_WITH([solaris-contracts], 999 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1000 [ 1001 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1002 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1003 [Define if you have Solaris process contracts]) 1004 LIBS="$LIBS -lcontract" 1005 SPC_MSG="yes" ], ) 1006 ], 1007 ) 1008 AC_ARG_WITH([solaris-projects], 1009 [ --with-solaris-projects Enable Solaris projects (experimental)], 1010 [ 1011 AC_CHECK_LIB([project], [setproject], 1012 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1013 [Define if you have Solaris projects]) 1014 LIBS="$LIBS -lproject" 1015 SP_MSG="yes" ], ) 1016 ], 1017 ) 1018 AC_ARG_WITH([solaris-privs], 1019 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1020 [ 1021 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1022 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1023 "x$ac_cv_header_priv_h" = "xyes" ; then 1024 SOLARIS_PRIVS=yes 1025 AC_MSG_RESULT([found]) 1026 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1027 [Define to disable UID restoration test]) 1028 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1029 [Define if you have Solaris privileges]) 1030 SPP_MSG="yes" 1031 else 1032 AC_MSG_RESULT([not found]) 1033 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1034 fi 1035 ], 1036 ) 1037 TEST_SHELL=$SHELL # let configure find us a capable shell 1038 ;; 1039*-*-sunos4*) 1040 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1041 AC_CHECK_FUNCS([getpwanam]) 1042 AC_DEFINE([PAM_SUN_CODEBASE]) 1043 conf_utmp_location=/etc/utmp 1044 conf_wtmp_location=/var/adm/wtmp 1045 conf_lastlog_location=/var/adm/lastlog 1046 AC_DEFINE([USE_PIPES]) 1047 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1048 ;; 1049*-ncr-sysv*) 1050 LIBS="$LIBS -lc89" 1051 AC_DEFINE([USE_PIPES]) 1052 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1053 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1054 AC_DEFINE([BROKEN_SETREUID]) 1055 AC_DEFINE([BROKEN_SETREGID]) 1056 ;; 1057*-sni-sysv*) 1058 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1059 AC_CHECK_LIB([dl], [dlsym], ,) 1060 # -lresolv needs to be at the end of LIBS or DNS lookups break 1061 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1062 IPADDR_IN_DISPLAY=yes 1063 AC_DEFINE([USE_PIPES]) 1064 AC_DEFINE([IP_TOS_IS_BROKEN]) 1065 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1066 AC_DEFINE([BROKEN_SETREUID]) 1067 AC_DEFINE([BROKEN_SETREGID]) 1068 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1069 external_path_file=/etc/default/login 1070 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1071 # Attention: always take care to bind libsocket and libnsl before libc, 1072 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1073 ;; 1074# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1075*-*-sysv4.2*) 1076 AC_DEFINE([USE_PIPES]) 1077 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1078 AC_DEFINE([BROKEN_SETREUID]) 1079 AC_DEFINE([BROKEN_SETREGID]) 1080 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1081 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1082 TEST_SHELL=$SHELL # let configure find us a capable shell 1083 ;; 1084# UnixWare 7.x, OpenUNIX 8 1085*-*-sysv5*) 1086 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1087 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1088 AC_DEFINE([USE_PIPES]) 1089 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1090 AC_DEFINE([BROKEN_GETADDRINFO]) 1091 AC_DEFINE([BROKEN_SETREUID]) 1092 AC_DEFINE([BROKEN_SETREGID]) 1093 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1094 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1095 TEST_SHELL=$SHELL # let configure find us a capable shell 1096 check_for_libcrypt_later=1 1097 case "$host" in 1098 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1099 maildir=/var/spool/mail 1100 AC_DEFINE([BROKEN_UPDWTMPX]) 1101 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1102 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1103 ], , ) 1104 ;; 1105 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1106 ;; 1107 esac 1108 ;; 1109*-*-sysv*) 1110 ;; 1111# SCO UNIX and OEM versions of SCO UNIX 1112*-*-sco3.2v4*) 1113 AC_MSG_ERROR("This Platform is no longer supported.") 1114 ;; 1115# SCO OpenServer 5.x 1116*-*-sco3.2v5*) 1117 if test -z "$GCC"; then 1118 CFLAGS="$CFLAGS -belf" 1119 fi 1120 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1121 no_dev_ptmx=1 1122 AC_DEFINE([USE_PIPES]) 1123 AC_DEFINE([HAVE_SECUREWARE]) 1124 AC_DEFINE([DISABLE_SHADOW]) 1125 AC_DEFINE([DISABLE_FD_PASSING]) 1126 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1127 AC_DEFINE([BROKEN_GETADDRINFO]) 1128 AC_DEFINE([BROKEN_SETREUID]) 1129 AC_DEFINE([BROKEN_SETREGID]) 1130 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1131 AC_DEFINE([BROKEN_UPDWTMPX]) 1132 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1133 AC_CHECK_FUNCS([getluid setluid]) 1134 MANTYPE=man 1135 TEST_SHELL=$SHELL # let configure find us a capable shell 1136 SKIP_DISABLE_LASTLOG_DEFINE=yes 1137 ;; 1138*-dec-osf*) 1139 AC_MSG_CHECKING([for Digital Unix SIA]) 1140 no_osfsia="" 1141 AC_ARG_WITH([osfsia], 1142 [ --with-osfsia Enable Digital Unix SIA], 1143 [ 1144 if test "x$withval" = "xno" ; then 1145 AC_MSG_RESULT([disabled]) 1146 no_osfsia=1 1147 fi 1148 ], 1149 ) 1150 if test -z "$no_osfsia" ; then 1151 if test -f /etc/sia/matrix.conf; then 1152 AC_MSG_RESULT([yes]) 1153 AC_DEFINE([HAVE_OSF_SIA], [1], 1154 [Define if you have Digital Unix Security 1155 Integration Architecture]) 1156 AC_DEFINE([DISABLE_LOGIN], [1], 1157 [Define if you don't want to use your 1158 system's login() call]) 1159 AC_DEFINE([DISABLE_FD_PASSING]) 1160 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1161 SIA_MSG="yes" 1162 else 1163 AC_MSG_RESULT([no]) 1164 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1165 [String used in /etc/passwd to denote locked account]) 1166 fi 1167 fi 1168 AC_DEFINE([BROKEN_GETADDRINFO]) 1169 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1170 AC_DEFINE([BROKEN_SETREUID]) 1171 AC_DEFINE([BROKEN_SETREGID]) 1172 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1173 ;; 1174 1175*-*-nto-qnx*) 1176 AC_DEFINE([USE_PIPES]) 1177 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1178 AC_DEFINE([DISABLE_LASTLOG]) 1179 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1180 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1181 enable_etc_default_login=no # has incompatible /etc/default/login 1182 case "$host" in 1183 *-*-nto-qnx6*) 1184 AC_DEFINE([DISABLE_FD_PASSING]) 1185 ;; 1186 esac 1187 ;; 1188 1189*-*-ultrix*) 1190 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1191 AC_DEFINE([NEED_SETPGRP]) 1192 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1193 ;; 1194 1195*-*-lynxos) 1196 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1197 AC_DEFINE([BROKEN_SETVBUF], [1], 1198 [LynxOS has broken setvbuf() implementation]) 1199 ;; 1200esac 1201 1202AC_MSG_CHECKING([compiler and flags for sanity]) 1203AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], 1204 [ AC_MSG_RESULT([yes]) ], 1205 [ 1206 AC_MSG_RESULT([no]) 1207 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1208 ], 1209 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1210) 1211 1212dnl Checks for header files. 1213# Checks for libraries. 1214AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1215 1216dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1217AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1218 AC_CHECK_LIB([gen], [dirname], [ 1219 AC_CACHE_CHECK([for broken dirname], 1220 ac_cv_have_broken_dirname, [ 1221 save_LIBS="$LIBS" 1222 LIBS="$LIBS -lgen" 1223 AC_RUN_IFELSE( 1224 [AC_LANG_SOURCE([[ 1225#include <libgen.h> 1226#include <string.h> 1227 1228int main(int argc, char **argv) { 1229 char *s, buf[32]; 1230 1231 strncpy(buf,"/etc", 32); 1232 s = dirname(buf); 1233 if (!s || strncmp(s, "/", 32) != 0) { 1234 exit(1); 1235 } else { 1236 exit(0); 1237 } 1238} 1239 ]])], 1240 [ ac_cv_have_broken_dirname="no" ], 1241 [ ac_cv_have_broken_dirname="yes" ], 1242 [ ac_cv_have_broken_dirname="no" ], 1243 ) 1244 LIBS="$save_LIBS" 1245 ]) 1246 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1247 LIBS="$LIBS -lgen" 1248 AC_DEFINE([HAVE_DIRNAME]) 1249 AC_CHECK_HEADERS([libgen.h]) 1250 fi 1251 ]) 1252]) 1253 1254AC_CHECK_FUNC([getspnam], , 1255 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1256AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1257 [Define if you have the basename function.])]) 1258 1259dnl zlib is required 1260AC_ARG_WITH([zlib], 1261 [ --with-zlib=PATH Use zlib in PATH], 1262 [ if test "x$withval" = "xno" ; then 1263 AC_MSG_ERROR([*** zlib is required ***]) 1264 elif test "x$withval" != "xyes"; then 1265 if test -d "$withval/lib"; then 1266 if test -n "${need_dash_r}"; then 1267 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1268 else 1269 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1270 fi 1271 else 1272 if test -n "${need_dash_r}"; then 1273 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1274 else 1275 LDFLAGS="-L${withval} ${LDFLAGS}" 1276 fi 1277 fi 1278 if test -d "$withval/include"; then 1279 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1280 else 1281 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1282 fi 1283 fi ] 1284) 1285 1286AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1287AC_CHECK_LIB([z], [deflate], , 1288 [ 1289 saved_CPPFLAGS="$CPPFLAGS" 1290 saved_LDFLAGS="$LDFLAGS" 1291 save_LIBS="$LIBS" 1292 dnl Check default zlib install dir 1293 if test -n "${need_dash_r}"; then 1294 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}" 1295 else 1296 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1297 fi 1298 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1299 LIBS="$LIBS -lz" 1300 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1301 [ 1302 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1303 ] 1304 ) 1305 ] 1306) 1307 1308AC_ARG_WITH([zlib-version-check], 1309 [ --without-zlib-version-check Disable zlib version check], 1310 [ if test "x$withval" = "xno" ; then 1311 zlib_check_nonfatal=1 1312 fi 1313 ] 1314) 1315 1316AC_MSG_CHECKING([for possibly buggy zlib]) 1317AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1318#include <stdio.h> 1319#include <stdlib.h> 1320#include <zlib.h> 1321 ]], 1322 [[ 1323 int a=0, b=0, c=0, d=0, n, v; 1324 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1325 if (n != 3 && n != 4) 1326 exit(1); 1327 v = a*1000000 + b*10000 + c*100 + d; 1328 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1329 1330 /* 1.1.4 is OK */ 1331 if (a == 1 && b == 1 && c >= 4) 1332 exit(0); 1333 1334 /* 1.2.3 and up are OK */ 1335 if (v >= 1020300) 1336 exit(0); 1337 1338 exit(2); 1339 ]])], 1340 AC_MSG_RESULT([no]), 1341 [ AC_MSG_RESULT([yes]) 1342 if test -z "$zlib_check_nonfatal" ; then 1343 AC_MSG_ERROR([*** zlib too old - check config.log *** 1344Your reported zlib version has known security problems. It's possible your 1345vendor has fixed these problems without changing the version number. If you 1346are sure this is the case, you can disable the check by running 1347"./configure --without-zlib-version-check". 1348If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1349See http://www.gzip.org/zlib/ for details.]) 1350 else 1351 AC_MSG_WARN([zlib version may have security problems]) 1352 fi 1353 ], 1354 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1355) 1356 1357dnl UnixWare 2.x 1358AC_CHECK_FUNC([strcasecmp], 1359 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1360) 1361AC_CHECK_FUNCS([utimes], 1362 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1363 LIBS="$LIBS -lc89"]) ] 1364) 1365 1366dnl Checks for libutil functions 1367AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1368AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1369AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1370AC_SEARCH_LIBS([login], [util bsd]) 1371AC_SEARCH_LIBS([logout], [util bsd]) 1372AC_SEARCH_LIBS([logwtmp], [util bsd]) 1373AC_SEARCH_LIBS([openpty], [util bsd]) 1374AC_SEARCH_LIBS([updwtmp], [util bsd]) 1375AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1376 1377# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1378# or libnsl. 1379AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1380AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1381 1382# "Particular Function Checks" 1383# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1384AC_FUNC_STRFTIME 1385AC_FUNC_MALLOC 1386AC_FUNC_REALLOC 1387# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1388AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1389AC_RUN_IFELSE( 1390 [AC_LANG_PROGRAM( 1391 [[ #include <stdlib.h> ]], 1392 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1393 )], 1394 [ func_calloc_0_nonnull=yes ], 1395 [ func_calloc_0_nonnull=no ], 1396 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1397 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1398) 1399AC_MSG_RESULT([$func_calloc_0_nonnull]) 1400 1401if test "x$func_calloc_0_nonnull" == "xyes"; then 1402 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1403else 1404 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1405 AC_DEFINE(calloc, rpl_calloc, 1406 [Define to rpl_calloc if the replacement function should be used.]) 1407fi 1408 1409# Check for ALTDIRFUNC glob() extension 1410AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1411AC_EGREP_CPP([FOUNDIT], 1412 [ 1413 #include <glob.h> 1414 #ifdef GLOB_ALTDIRFUNC 1415 FOUNDIT 1416 #endif 1417 ], 1418 [ 1419 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1420 [Define if your system glob() function has 1421 the GLOB_ALTDIRFUNC extension]) 1422 AC_MSG_RESULT([yes]) 1423 ], 1424 [ 1425 AC_MSG_RESULT([no]) 1426 ] 1427) 1428 1429# Check for g.gl_matchc glob() extension 1430AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1431AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1432 [[ glob_t g; g.gl_matchc = 1; ]])], 1433 [ 1434 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1435 [Define if your system glob() function has 1436 gl_matchc options in glob_t]) 1437 AC_MSG_RESULT([yes]) 1438 ], [ 1439 AC_MSG_RESULT([no]) 1440]) 1441 1442# Check for g.gl_statv glob() extension 1443AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1444AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1445#ifndef GLOB_KEEPSTAT 1446#error "glob does not support GLOB_KEEPSTAT extension" 1447#endif 1448glob_t g; 1449g.gl_statv = NULL; 1450]])], 1451 [ 1452 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1453 [Define if your system glob() function has 1454 gl_statv options in glob_t]) 1455 AC_MSG_RESULT([yes]) 1456 ], [ 1457 AC_MSG_RESULT([no]) 1458 1459]) 1460 1461AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1462 1463AC_CHECK_DECL([VIS_ALL], , 1464 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1465 1466AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1467AC_RUN_IFELSE( 1468 [AC_LANG_PROGRAM([[ 1469#include <sys/types.h> 1470#include <dirent.h>]], 1471 [[ 1472 struct dirent d; 1473 exit(sizeof(d.d_name)<=sizeof(char)); 1474 ]])], 1475 [AC_MSG_RESULT([yes])], 1476 [ 1477 AC_MSG_RESULT([no]) 1478 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1479 [Define if your struct dirent expects you to 1480 allocate extra space for d_name]) 1481 ], 1482 [ 1483 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1484 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1485 ] 1486) 1487 1488AC_MSG_CHECKING([for /proc/pid/fd directory]) 1489if test -d "/proc/$$/fd" ; then 1490 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1491 AC_MSG_RESULT([yes]) 1492else 1493 AC_MSG_RESULT([no]) 1494fi 1495 1496# Check whether user wants S/Key support 1497SKEY_MSG="no" 1498AC_ARG_WITH([skey], 1499 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)], 1500 [ 1501 if test "x$withval" != "xno" ; then 1502 1503 if test "x$withval" != "xyes" ; then 1504 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1505 LDFLAGS="$LDFLAGS -L${withval}/lib" 1506 fi 1507 1508 AC_DEFINE([SKEY], [1], [Define if you want S/Key support]) 1509 LIBS="-lskey $LIBS" 1510 SKEY_MSG="yes" 1511 1512 AC_MSG_CHECKING([for s/key support]) 1513 AC_LINK_IFELSE( 1514 [AC_LANG_PROGRAM([[ 1515#include <stdio.h> 1516#include <skey.h> 1517 ]], [[ 1518 char *ff = skey_keyinfo(""); ff=""; 1519 exit(0); 1520 ]])], 1521 [AC_MSG_RESULT([yes])], 1522 [ 1523 AC_MSG_RESULT([no]) 1524 AC_MSG_ERROR([** Incomplete or missing s/key libraries.]) 1525 ]) 1526 AC_MSG_CHECKING([if skeychallenge takes 4 arguments]) 1527 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1528#include <stdio.h> 1529#include <skey.h> 1530 ]], [[ 1531 (void)skeychallenge(NULL,"name","",0); 1532 ]])], 1533 [ 1534 AC_MSG_RESULT([yes]) 1535 AC_DEFINE([SKEYCHALLENGE_4ARG], [1], 1536 [Define if your skeychallenge() 1537 function takes 4 arguments (NetBSD)])], 1538 [ 1539 AC_MSG_RESULT([no]) 1540 ]) 1541 fi 1542 ] 1543) 1544 1545# Check whether user wants TCP wrappers support 1546TCPW_MSG="no" 1547AC_ARG_WITH([tcp-wrappers], 1548 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1549 [ 1550 if test "x$withval" != "xno" ; then 1551 saved_LIBS="$LIBS" 1552 saved_LDFLAGS="$LDFLAGS" 1553 saved_CPPFLAGS="$CPPFLAGS" 1554 if test -n "${withval}" && \ 1555 test "x${withval}" != "xyes"; then 1556 if test -d "${withval}/lib"; then 1557 if test -n "${need_dash_r}"; then 1558 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1559 else 1560 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1561 fi 1562 else 1563 if test -n "${need_dash_r}"; then 1564 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1565 else 1566 LDFLAGS="-L${withval} ${LDFLAGS}" 1567 fi 1568 fi 1569 if test -d "${withval}/include"; then 1570 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1571 else 1572 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1573 fi 1574 fi 1575 LIBS="-lwrap $LIBS" 1576 AC_MSG_CHECKING([for libwrap]) 1577 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1578#include <sys/types.h> 1579#include <sys/socket.h> 1580#include <netinet/in.h> 1581#include <tcpd.h> 1582int deny_severity = 0, allow_severity = 0; 1583 ]], [[ 1584 hosts_access(0); 1585 ]])], [ 1586 AC_MSG_RESULT([yes]) 1587 AC_DEFINE([LIBWRAP], [1], 1588 [Define if you want 1589 TCP Wrappers support]) 1590 SSHDLIBS="$SSHDLIBS -lwrap" 1591 TCPW_MSG="yes" 1592 ], [ 1593 AC_MSG_ERROR([*** libwrap missing]) 1594 ]) 1595 LIBS="$saved_LIBS" 1596 fi 1597 ] 1598) 1599 1600# Check whether user wants to use ldns 1601LDNS_MSG="no" 1602AC_ARG_WITH(ldns, 1603 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1604 [ 1605 ldns="" 1606 if test "x$withval" = "xyes" ; then 1607 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1608 if test "x$LDNSCONFIG" = "xno"; then 1609 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1610 LDFLAGS="$LDFLAGS -L${withval}/lib" 1611 LIBS="-lldns $LIBS" 1612 ldns=yes 1613 else 1614 LIBS="$LIBS `$LDNSCONFIG --libs`" 1615 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1616 ldns=yes 1617 fi 1618 elif test "x$withval" != "xno" ; then 1619 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1620 LDFLAGS="$LDFLAGS -L${withval}/lib" 1621 LIBS="-lldns $LIBS" 1622 ldns=yes 1623 fi 1624 1625 # Verify that it works. 1626 if test "x$ldns" = "xyes" ; then 1627 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1628 LDNS_MSG="yes" 1629 AC_MSG_CHECKING([for ldns support]) 1630 AC_LINK_IFELSE( 1631 [AC_LANG_SOURCE([[ 1632#include <stdio.h> 1633#include <stdlib.h> 1634#include <stdint.h> 1635#include <ldns/ldns.h> 1636int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1637 ]]) 1638 ], 1639 [AC_MSG_RESULT(yes)], 1640 [ 1641 AC_MSG_RESULT(no) 1642 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1643 ]) 1644 fi 1645]) 1646 1647# Check whether user wants libedit support 1648LIBEDIT_MSG="no" 1649AC_ARG_WITH([libedit], 1650 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1651 [ if test "x$withval" != "xno" ; then 1652 if test "x$withval" = "xyes" ; then 1653 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1654 if test "x$PKGCONFIG" != "xno"; then 1655 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1656 if "$PKGCONFIG" libedit; then 1657 AC_MSG_RESULT([yes]) 1658 use_pkgconfig_for_libedit=yes 1659 else 1660 AC_MSG_RESULT([no]) 1661 fi 1662 fi 1663 else 1664 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1665 if test -n "${need_dash_r}"; then 1666 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1667 else 1668 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1669 fi 1670 fi 1671 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1672 LIBEDIT=`$PKGCONFIG --libs libedit` 1673 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1674 else 1675 LIBEDIT="-ledit -lcurses" 1676 fi 1677 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1678 AC_CHECK_LIB([edit], [el_init], 1679 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1680 LIBEDIT_MSG="yes" 1681 AC_SUBST([LIBEDIT]) 1682 ], 1683 [ AC_MSG_ERROR([libedit not found]) ], 1684 [ $OTHERLIBS ] 1685 ) 1686 AC_MSG_CHECKING([if libedit version is compatible]) 1687 AC_COMPILE_IFELSE( 1688 [AC_LANG_PROGRAM([[ #include <histedit.h> ]], 1689 [[ 1690 int i = H_SETSIZE; 1691 el_init("", NULL, NULL, NULL); 1692 exit(0); 1693 ]])], 1694 [ AC_MSG_RESULT([yes]) ], 1695 [ AC_MSG_RESULT([no]) 1696 AC_MSG_ERROR([libedit version is not compatible]) ] 1697 ) 1698 fi ] 1699) 1700 1701AUDIT_MODULE=none 1702AC_ARG_WITH([audit], 1703 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1704 [ 1705 AC_MSG_CHECKING([for supported audit module]) 1706 case "$withval" in 1707 bsm) 1708 AC_MSG_RESULT([bsm]) 1709 AUDIT_MODULE=bsm 1710 dnl Checks for headers, libs and functions 1711 AC_CHECK_HEADERS([bsm/audit.h], [], 1712 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1713 [ 1714#ifdef HAVE_TIME_H 1715# include <time.h> 1716#endif 1717 ] 1718) 1719 AC_CHECK_LIB([bsm], [getaudit], [], 1720 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1721 AC_CHECK_FUNCS([getaudit], [], 1722 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1723 # These are optional 1724 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1725 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1726 if test "$sol2ver" -ge 11; then 1727 SSHDLIBS="$SSHDLIBS -lscf" 1728 AC_DEFINE([BROKEN_BSM_API], [1], 1729 [The system has incomplete BSM API]) 1730 fi 1731 ;; 1732 linux) 1733 AC_MSG_RESULT([linux]) 1734 AUDIT_MODULE=linux 1735 dnl Checks for headers, libs and functions 1736 AC_CHECK_HEADERS([libaudit.h]) 1737 SSHDLIBS="$SSHDLIBS -laudit" 1738 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1739 ;; 1740 debug) 1741 AUDIT_MODULE=debug 1742 AC_MSG_RESULT([debug]) 1743 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1744 ;; 1745 no) 1746 AC_MSG_RESULT([no]) 1747 ;; 1748 *) 1749 AC_MSG_ERROR([Unknown audit module $withval]) 1750 ;; 1751 esac ] 1752) 1753 1754AC_ARG_WITH([pie], 1755 [ --with-pie Build Position Independent Executables if possible], [ 1756 if test "x$withval" = "xno"; then 1757 use_pie=no 1758 fi 1759 if test "x$withval" = "xyes"; then 1760 use_pie=yes 1761 fi 1762 ] 1763) 1764if test "x$use_pie" = "x"; then 1765 use_pie=no 1766fi 1767if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1768 # Turn off automatic PIE when toolchain hardening is off. 1769 use_pie=no 1770fi 1771if test "x$use_pie" = "xauto"; then 1772 # Automatic PIE requires gcc >= 4.x 1773 AC_MSG_CHECKING([for gcc >= 4.x]) 1774 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1775#if !defined(__GNUC__) || __GNUC__ < 4 1776#error gcc is too old 1777#endif 1778]])], 1779 [ AC_MSG_RESULT([yes]) ], 1780 [ AC_MSG_RESULT([no]) 1781 use_pie=no ] 1782) 1783fi 1784if test "x$use_pie" != "xno"; then 1785 SAVED_CFLAGS="$CFLAGS" 1786 SAVED_LDFLAGS="$LDFLAGS" 1787 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1788 OSSH_CHECK_LDFLAG_LINK([-pie]) 1789 # We use both -fPIE and -pie or neither. 1790 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1791 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1792 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1793 AC_MSG_RESULT([yes]) 1794 else 1795 AC_MSG_RESULT([no]) 1796 CFLAGS="$SAVED_CFLAGS" 1797 LDFLAGS="$SAVED_LDFLAGS" 1798 fi 1799fi 1800 1801dnl Checks for library functions. Please keep in alphabetical order 1802AC_CHECK_FUNCS([ \ 1803 Blowfish_initstate \ 1804 Blowfish_expandstate \ 1805 Blowfish_expand0state \ 1806 Blowfish_stream2word \ 1807 asprintf \ 1808 b64_ntop \ 1809 __b64_ntop \ 1810 b64_pton \ 1811 __b64_pton \ 1812 bcopy \ 1813 bcrypt_pbkdf \ 1814 bindresvport_sa \ 1815 blf_enc \ 1816 bzero \ 1817 cap_rights_limit \ 1818 clock \ 1819 closefrom \ 1820 dirfd \ 1821 endgrent \ 1822 err \ 1823 errx \ 1824 explicit_bzero \ 1825 fchmod \ 1826 fchown \ 1827 flock \ 1828 freeaddrinfo \ 1829 freezero \ 1830 fstatfs \ 1831 fstatvfs \ 1832 futimes \ 1833 getaddrinfo \ 1834 getcwd \ 1835 getgrouplist \ 1836 getnameinfo \ 1837 getopt \ 1838 getpagesize \ 1839 getpeereid \ 1840 getpeerucred \ 1841 getpgid \ 1842 _getpty \ 1843 getrlimit \ 1844 getsid \ 1845 getttyent \ 1846 glob \ 1847 group_from_gid \ 1848 inet_aton \ 1849 inet_ntoa \ 1850 inet_ntop \ 1851 innetgr \ 1852 llabs \ 1853 login_getcapbool \ 1854 md5_crypt \ 1855 memmove \ 1856 memset_s \ 1857 mkdtemp \ 1858 ngetaddrinfo \ 1859 nsleep \ 1860 ogetaddrinfo \ 1861 openlog_r \ 1862 pledge \ 1863 poll \ 1864 prctl \ 1865 pstat \ 1866 raise \ 1867 readpassphrase \ 1868 reallocarray \ 1869 recvmsg \ 1870 recallocarray \ 1871 rresvport_af \ 1872 sendmsg \ 1873 setdtablesize \ 1874 setegid \ 1875 setenv \ 1876 seteuid \ 1877 setgroupent \ 1878 setgroups \ 1879 setlinebuf \ 1880 setlogin \ 1881 setpassent\ 1882 setpcred \ 1883 setproctitle \ 1884 setregid \ 1885 setreuid \ 1886 setrlimit \ 1887 setsid \ 1888 setvbuf \ 1889 sigaction \ 1890 sigvec \ 1891 snprintf \ 1892 socketpair \ 1893 statfs \ 1894 statvfs \ 1895 strcasestr \ 1896 strdup \ 1897 strerror \ 1898 strlcat \ 1899 strlcpy \ 1900 strmode \ 1901 strndup \ 1902 strnlen \ 1903 strnvis \ 1904 strptime \ 1905 strsignal \ 1906 strtonum \ 1907 strtoll \ 1908 strtoul \ 1909 strtoull \ 1910 swap32 \ 1911 sysconf \ 1912 tcgetpgrp \ 1913 timingsafe_bcmp \ 1914 truncate \ 1915 unsetenv \ 1916 updwtmpx \ 1917 user_from_uid \ 1918 usleep \ 1919 vasprintf \ 1920 vsnprintf \ 1921 waitpid \ 1922 warn \ 1923]) 1924 1925AC_CHECK_DECLS([bzero]) 1926 1927dnl Wide character support. 1928AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1929 1930TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 1931AC_MSG_CHECKING([for utf8 locale support]) 1932AC_RUN_IFELSE( 1933 [AC_LANG_PROGRAM([[ 1934#include <locale.h> 1935#include <stdlib.h> 1936 ]], [[ 1937 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 1938 if (loc != NULL) 1939 exit(0); 1940 exit(1); 1941 ]])], 1942 AC_MSG_RESULT(yes), 1943 [AC_MSG_RESULT(no) 1944 TEST_SSH_UTF8=no], 1945 AC_MSG_WARN([cross compiling: assuming yes]) 1946) 1947 1948AC_LINK_IFELSE( 1949 [AC_LANG_PROGRAM( 1950 [[ #include <ctype.h> ]], 1951 [[ return (isblank('a')); ]])], 1952 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1953]) 1954 1955disable_pkcs11= 1956AC_ARG_ENABLE([pkcs11], 1957 [ --disable-pkcs11 disable PKCS#11 support code [no]], 1958 [ 1959 if test "x$enableval" = "xno" ; then 1960 disable_pkcs11=1 1961 fi 1962 ] 1963) 1964 1965# PKCS11 depends on OpenSSL. 1966if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then 1967 # PKCS#11 support requires dlopen() and co 1968 AC_SEARCH_LIBS([dlopen], [dl], 1969 AC_CHECK_DECL([RTLD_NOW], 1970 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]), 1971 [], [#include <dlfcn.h>] 1972 ) 1973 ) 1974fi 1975 1976# IRIX has a const char return value for gai_strerror() 1977AC_CHECK_FUNCS([gai_strerror], [ 1978 AC_DEFINE([HAVE_GAI_STRERROR]) 1979 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1980#include <sys/types.h> 1981#include <sys/socket.h> 1982#include <netdb.h> 1983 1984const char *gai_strerror(int); 1985 ]], [[ 1986 char *str; 1987 str = gai_strerror(0); 1988 ]])], [ 1989 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1990 [Define if gai_strerror() returns const char *])], [])]) 1991 1992AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1993 [Some systems put nanosleep outside of libc])]) 1994 1995AC_SEARCH_LIBS([clock_gettime], [rt], 1996 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1997 1998dnl Make sure prototypes are defined for these before using them. 1999AC_CHECK_DECL([strsep], 2000 [AC_CHECK_FUNCS([strsep])], 2001 [], 2002 [ 2003#ifdef HAVE_STRING_H 2004# include <string.h> 2005#endif 2006 ]) 2007 2008dnl tcsendbreak might be a macro 2009AC_CHECK_DECL([tcsendbreak], 2010 [AC_DEFINE([HAVE_TCSENDBREAK])], 2011 [AC_CHECK_FUNCS([tcsendbreak])], 2012 [#include <termios.h>] 2013) 2014 2015AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2016 2017AC_CHECK_DECLS([SHUT_RD], , , 2018 [ 2019#include <sys/types.h> 2020#include <sys/socket.h> 2021 ]) 2022 2023AC_CHECK_DECLS([O_NONBLOCK], , , 2024 [ 2025#include <sys/types.h> 2026#ifdef HAVE_SYS_STAT_H 2027# include <sys/stat.h> 2028#endif 2029#ifdef HAVE_FCNTL_H 2030# include <fcntl.h> 2031#endif 2032 ]) 2033 2034AC_CHECK_DECLS([readv, writev], , , [ 2035#include <sys/types.h> 2036#include <sys/uio.h> 2037#include <unistd.h> 2038 ]) 2039 2040AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2041#include <sys/param.h> 2042 ]) 2043 2044AC_CHECK_DECLS([offsetof], , , [ 2045#include <stddef.h> 2046 ]) 2047 2048# extra bits for select(2) 2049AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2050#include <sys/param.h> 2051#include <sys/types.h> 2052#ifdef HAVE_SYS_SYSMACROS_H 2053#include <sys/sysmacros.h> 2054#endif 2055#ifdef HAVE_SYS_SELECT_H 2056#include <sys/select.h> 2057#endif 2058#ifdef HAVE_SYS_TIME_H 2059#include <sys/time.h> 2060#endif 2061#ifdef HAVE_UNISTD_H 2062#include <unistd.h> 2063#endif 2064 ]]) 2065AC_CHECK_TYPES([fd_mask], [], [], [[ 2066#include <sys/param.h> 2067#include <sys/types.h> 2068#ifdef HAVE_SYS_SELECT_H 2069#include <sys/select.h> 2070#endif 2071#ifdef HAVE_SYS_TIME_H 2072#include <sys/time.h> 2073#endif 2074#ifdef HAVE_UNISTD_H 2075#include <unistd.h> 2076#endif 2077 ]]) 2078 2079AC_CHECK_FUNCS([setresuid], [ 2080 dnl Some platorms have setresuid that isn't implemented, test for this 2081 AC_MSG_CHECKING([if setresuid seems to work]) 2082 AC_RUN_IFELSE( 2083 [AC_LANG_PROGRAM([[ 2084#include <stdlib.h> 2085#include <errno.h> 2086 ]], [[ 2087 errno=0; 2088 setresuid(0,0,0); 2089 if (errno==ENOSYS) 2090 exit(1); 2091 else 2092 exit(0); 2093 ]])], 2094 [AC_MSG_RESULT([yes])], 2095 [AC_DEFINE([BROKEN_SETRESUID], [1], 2096 [Define if your setresuid() is broken]) 2097 AC_MSG_RESULT([not implemented])], 2098 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2099 ) 2100]) 2101 2102AC_CHECK_FUNCS([setresgid], [ 2103 dnl Some platorms have setresgid that isn't implemented, test for this 2104 AC_MSG_CHECKING([if setresgid seems to work]) 2105 AC_RUN_IFELSE( 2106 [AC_LANG_PROGRAM([[ 2107#include <stdlib.h> 2108#include <errno.h> 2109 ]], [[ 2110 errno=0; 2111 setresgid(0,0,0); 2112 if (errno==ENOSYS) 2113 exit(1); 2114 else 2115 exit(0); 2116 ]])], 2117 [AC_MSG_RESULT([yes])], 2118 [AC_DEFINE([BROKEN_SETRESGID], [1], 2119 [Define if your setresgid() is broken]) 2120 AC_MSG_RESULT([not implemented])], 2121 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2122 ) 2123]) 2124 2125AC_CHECK_FUNCS([realpath], [ 2126 dnl the sftp v3 spec says SSH_FXP_REALPATH will "canonicalize any given 2127 dnl path name", however some implementations of realpath (and some 2128 dnl versions of the POSIX spec) do not work on non-existent files, 2129 dnl so we use the OpenBSD implementation on those platforms. 2130 AC_MSG_CHECKING([if realpath works with non-existent files]) 2131 AC_RUN_IFELSE( 2132 [AC_LANG_PROGRAM([[ 2133#include <limits.h> 2134#include <stdlib.h> 2135#include <errno.h> 2136 ]], [[ 2137 char buf[PATH_MAX]; 2138 if (realpath("/opensshnonexistentfilename1234", buf) == NULL) 2139 if (errno == ENOENT) 2140 exit(1); 2141 exit(0); 2142 ]])], 2143 [AC_MSG_RESULT([yes])], 2144 [AC_DEFINE([BROKEN_REALPATH], [1], 2145 [realpath does not work with nonexistent files]) 2146 AC_MSG_RESULT([no])], 2147 [AC_MSG_WARN([cross compiling: assuming working])] 2148 ) 2149]) 2150 2151AC_MSG_CHECKING([for working fflush(NULL)]) 2152AC_RUN_IFELSE( 2153 [AC_LANG_PROGRAM([[#include <stdio.h>]], [[fflush(NULL); exit(0);]])], 2154 AC_MSG_RESULT([yes]), 2155 [AC_MSG_RESULT([no]) 2156 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2157 [define if fflush(NULL) does not work])], 2158 AC_MSG_WARN([cross compiling: assuming working]) 2159) 2160 2161dnl Checks for time functions 2162AC_CHECK_FUNCS([gettimeofday time]) 2163dnl Checks for utmp functions 2164AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2165AC_CHECK_FUNCS([utmpname]) 2166dnl Checks for utmpx functions 2167AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2168AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2169dnl Checks for lastlog functions 2170AC_CHECK_FUNCS([getlastlogxbyname]) 2171 2172AC_CHECK_FUNC([daemon], 2173 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2174 [AC_CHECK_LIB([bsd], [daemon], 2175 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2176) 2177 2178AC_CHECK_FUNC([getpagesize], 2179 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2180 [Define if your libraries define getpagesize()])], 2181 [AC_CHECK_LIB([ucb], [getpagesize], 2182 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2183) 2184 2185# Check for broken snprintf 2186if test "x$ac_cv_func_snprintf" = "xyes" ; then 2187 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2188 AC_RUN_IFELSE( 2189 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 2190 [[ 2191 char b[5]; 2192 snprintf(b,5,"123456789"); 2193 exit(b[4]!='\0'); 2194 ]])], 2195 [AC_MSG_RESULT([yes])], 2196 [ 2197 AC_MSG_RESULT([no]) 2198 AC_DEFINE([BROKEN_SNPRINTF], [1], 2199 [Define if your snprintf is busted]) 2200 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2201 ], 2202 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2203 ) 2204fi 2205 2206# We depend on vsnprintf returning the right thing on overflow: the 2207# number of characters it tried to create (as per SUSv3) 2208if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2209 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2210 AC_RUN_IFELSE( 2211 [AC_LANG_PROGRAM([[ 2212#include <sys/types.h> 2213#include <stdio.h> 2214#include <stdarg.h> 2215 2216int x_snprintf(char *str, size_t count, const char *fmt, ...) 2217{ 2218 size_t ret; 2219 va_list ap; 2220 2221 va_start(ap, fmt); 2222 ret = vsnprintf(str, count, fmt, ap); 2223 va_end(ap); 2224 return ret; 2225} 2226 ]], [[ 2227char x[1]; 2228if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2229 return 1; 2230if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2231 return 1; 2232return 0; 2233 ]])], 2234 [AC_MSG_RESULT([yes])], 2235 [ 2236 AC_MSG_RESULT([no]) 2237 AC_DEFINE([BROKEN_SNPRINTF], [1], 2238 [Define if your snprintf is busted]) 2239 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2240 ], 2241 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2242 ) 2243fi 2244 2245# On systems where [v]snprintf is broken, but is declared in stdio, 2246# check that the fmt argument is const char * or just char *. 2247# This is only useful for when BROKEN_SNPRINTF 2248AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2249AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2250#include <stdio.h> 2251int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2252 ]], [[ 2253 snprintf(0, 0, 0); 2254 ]])], 2255 [AC_MSG_RESULT([yes]) 2256 AC_DEFINE([SNPRINTF_CONST], [const], 2257 [Define as const if snprintf() can declare const char *fmt])], 2258 [AC_MSG_RESULT([no]) 2259 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2260 2261# Check for missing getpeereid (or equiv) support 2262NO_PEERCHECK="" 2263if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2264 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2265 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2266#include <sys/types.h> 2267#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2268 [ AC_MSG_RESULT([yes]) 2269 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2270 ], [AC_MSG_RESULT([no]) 2271 NO_PEERCHECK=1 2272 ]) 2273fi 2274 2275dnl see whether mkstemp() requires XXXXXX 2276if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 2277AC_MSG_CHECKING([for (overly) strict mkstemp]) 2278AC_RUN_IFELSE( 2279 [AC_LANG_PROGRAM([[ 2280#include <stdlib.h> 2281 ]], [[ 2282 char template[]="conftest.mkstemp-test"; 2283 if (mkstemp(template) == -1) 2284 exit(1); 2285 unlink(template); 2286 exit(0); 2287 ]])], 2288 [ 2289 AC_MSG_RESULT([no]) 2290 ], 2291 [ 2292 AC_MSG_RESULT([yes]) 2293 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) 2294 ], 2295 [ 2296 AC_MSG_RESULT([yes]) 2297 AC_DEFINE([HAVE_STRICT_MKSTEMP]) 2298 ] 2299) 2300fi 2301 2302dnl make sure that openpty does not reacquire controlling terminal 2303if test ! -z "$check_for_openpty_ctty_bug"; then 2304 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2305 AC_RUN_IFELSE( 2306 [AC_LANG_PROGRAM([[ 2307#include <stdio.h> 2308#include <sys/fcntl.h> 2309#include <sys/types.h> 2310#include <sys/wait.h> 2311 ]], [[ 2312 pid_t pid; 2313 int fd, ptyfd, ttyfd, status; 2314 2315 pid = fork(); 2316 if (pid < 0) { /* failed */ 2317 exit(1); 2318 } else if (pid > 0) { /* parent */ 2319 waitpid(pid, &status, 0); 2320 if (WIFEXITED(status)) 2321 exit(WEXITSTATUS(status)); 2322 else 2323 exit(2); 2324 } else { /* child */ 2325 close(0); close(1); close(2); 2326 setsid(); 2327 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2328 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2329 if (fd >= 0) 2330 exit(3); /* Acquired ctty: broken */ 2331 else 2332 exit(0); /* Did not acquire ctty: OK */ 2333 } 2334 ]])], 2335 [ 2336 AC_MSG_RESULT([yes]) 2337 ], 2338 [ 2339 AC_MSG_RESULT([no]) 2340 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2341 ], 2342 [ 2343 AC_MSG_RESULT([cross-compiling, assuming yes]) 2344 ] 2345 ) 2346fi 2347 2348if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2349 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2350 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2351 AC_RUN_IFELSE( 2352 [AC_LANG_PROGRAM([[ 2353#include <stdio.h> 2354#include <sys/socket.h> 2355#include <netdb.h> 2356#include <errno.h> 2357#include <netinet/in.h> 2358 2359#define TEST_PORT "2222" 2360 ]], [[ 2361 int err, sock; 2362 struct addrinfo *gai_ai, *ai, hints; 2363 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2364 2365 memset(&hints, 0, sizeof(hints)); 2366 hints.ai_family = PF_UNSPEC; 2367 hints.ai_socktype = SOCK_STREAM; 2368 hints.ai_flags = AI_PASSIVE; 2369 2370 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2371 if (err != 0) { 2372 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2373 exit(1); 2374 } 2375 2376 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2377 if (ai->ai_family != AF_INET6) 2378 continue; 2379 2380 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2381 sizeof(ntop), strport, sizeof(strport), 2382 NI_NUMERICHOST|NI_NUMERICSERV); 2383 2384 if (err != 0) { 2385 if (err == EAI_SYSTEM) 2386 perror("getnameinfo EAI_SYSTEM"); 2387 else 2388 fprintf(stderr, "getnameinfo failed: %s\n", 2389 gai_strerror(err)); 2390 exit(2); 2391 } 2392 2393 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2394 if (sock < 0) 2395 perror("socket"); 2396 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2397 if (errno == EBADF) 2398 exit(3); 2399 } 2400 } 2401 exit(0); 2402 ]])], 2403 [ 2404 AC_MSG_RESULT([yes]) 2405 ], 2406 [ 2407 AC_MSG_RESULT([no]) 2408 AC_DEFINE([BROKEN_GETADDRINFO]) 2409 ], 2410 [ 2411 AC_MSG_RESULT([cross-compiling, assuming yes]) 2412 ] 2413 ) 2414fi 2415 2416if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2417 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2418 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2419 AC_RUN_IFELSE( 2420 [AC_LANG_PROGRAM([[ 2421#include <stdio.h> 2422#include <sys/socket.h> 2423#include <netdb.h> 2424#include <errno.h> 2425#include <netinet/in.h> 2426 2427#define TEST_PORT "2222" 2428 ]], [[ 2429 int err, sock; 2430 struct addrinfo *gai_ai, *ai, hints; 2431 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2432 2433 memset(&hints, 0, sizeof(hints)); 2434 hints.ai_family = PF_UNSPEC; 2435 hints.ai_socktype = SOCK_STREAM; 2436 hints.ai_flags = AI_PASSIVE; 2437 2438 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2439 if (err != 0) { 2440 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2441 exit(1); 2442 } 2443 2444 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2445 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2446 continue; 2447 2448 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2449 sizeof(ntop), strport, sizeof(strport), 2450 NI_NUMERICHOST|NI_NUMERICSERV); 2451 2452 if (ai->ai_family == AF_INET && err != 0) { 2453 perror("getnameinfo"); 2454 exit(2); 2455 } 2456 } 2457 exit(0); 2458 ]])], 2459 [ 2460 AC_MSG_RESULT([yes]) 2461 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2462 [Define if you have a getaddrinfo that fails 2463 for the all-zeros IPv6 address]) 2464 ], 2465 [ 2466 AC_MSG_RESULT([no]) 2467 AC_DEFINE([BROKEN_GETADDRINFO]) 2468 ], 2469 [ 2470 AC_MSG_RESULT([cross-compiling, assuming no]) 2471 ] 2472 ) 2473fi 2474 2475if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2476 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2477 [#include <sys/types.h> 2478 #include <sys/socket.h> 2479 #include <netdb.h>]) 2480fi 2481 2482if test "x$check_for_conflicting_getspnam" = "x1"; then 2483 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2484 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]], 2485 [[ exit(0); ]])], 2486 [ 2487 AC_MSG_RESULT([no]) 2488 ], 2489 [ 2490 AC_MSG_RESULT([yes]) 2491 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2492 [Conflicting defs for getspnam]) 2493 ] 2494 ) 2495fi 2496 2497dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2498dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2499dnl for over ten years). Despite this incompatibility being reported during 2500dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2501dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2502dnl implementation. Try to detect this mess, and assume the only safe option 2503dnl if we're cross compiling. 2504dnl 2505dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2506dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2507if test "x$ac_cv_func_strnvis" = "xyes"; then 2508 AC_MSG_CHECKING([for working strnvis]) 2509 AC_RUN_IFELSE( 2510 [AC_LANG_PROGRAM([[ 2511#include <signal.h> 2512#include <stdlib.h> 2513#include <string.h> 2514#include <vis.h> 2515static void sighandler(int sig) { _exit(1); } 2516 ]], [[ 2517 char dst[16]; 2518 2519 signal(SIGSEGV, sighandler); 2520 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2521 exit(0); 2522 exit(1) 2523 ]])], 2524 [AC_MSG_RESULT([yes])], 2525 [AC_MSG_RESULT([no]) 2526 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2527 [AC_MSG_WARN([cross compiling: assuming broken]) 2528 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2529 ) 2530fi 2531 2532AC_CHECK_FUNCS([getpgrp],[ 2533 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2534 AC_COMPILE_IFELSE( 2535 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2536 [ AC_MSG_RESULT([yes]) 2537 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2538 [ AC_MSG_RESULT([no]) 2539 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2540 ) 2541]) 2542 2543# Search for OpenSSL 2544saved_CPPFLAGS="$CPPFLAGS" 2545saved_LDFLAGS="$LDFLAGS" 2546AC_ARG_WITH([ssl-dir], 2547 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2548 [ 2549 if test "x$openssl" = "xno" ; then 2550 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2551 fi 2552 if test "x$withval" != "xno" ; then 2553 case "$withval" in 2554 # Relative paths 2555 ./*|../*) withval="`pwd`/$withval" 2556 esac 2557 if test -d "$withval/lib"; then 2558 if test -n "${need_dash_r}"; then 2559 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 2560 else 2561 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2562 fi 2563 elif test -d "$withval/lib64"; then 2564 if test -n "${need_dash_r}"; then 2565 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}" 2566 else 2567 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2568 fi 2569 else 2570 if test -n "${need_dash_r}"; then 2571 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 2572 else 2573 LDFLAGS="-L${withval} ${LDFLAGS}" 2574 fi 2575 fi 2576 if test -d "$withval/include"; then 2577 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2578 else 2579 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2580 fi 2581 fi 2582 ] 2583) 2584 2585AC_ARG_WITH([openssl-header-check], 2586 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2587 [ 2588 if test "x$withval" = "xno" ; then 2589 openssl_check_nonfatal=1 2590 fi 2591 ] 2592) 2593 2594openssl_engine=no 2595AC_ARG_WITH([ssl-engine], 2596 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2597 [ 2598 if test "x$withval" != "xno" ; then 2599 if test "x$openssl" = "xno" ; then 2600 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2601 fi 2602 openssl_engine=yes 2603 fi 2604 ] 2605) 2606 2607if test "x$openssl" = "xyes" ; then 2608 LIBS="-lcrypto $LIBS" 2609 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1], 2610 [Define if your ssl headers are included 2611 with #include <openssl/header.h>])], 2612 [ 2613 dnl Check default openssl install dir 2614 if test -n "${need_dash_r}"; then 2615 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" 2616 else 2617 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" 2618 fi 2619 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" 2620 AC_CHECK_HEADER([openssl/opensslv.h], , 2621 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2622 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])], 2623 [ 2624 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***]) 2625 ] 2626 ) 2627 ] 2628 ) 2629 2630 # Determine OpenSSL header version 2631 AC_MSG_CHECKING([OpenSSL header version]) 2632 AC_RUN_IFELSE( 2633 [AC_LANG_PROGRAM([[ 2634 #include <stdlib.h> 2635 #include <stdio.h> 2636 #include <string.h> 2637 #include <openssl/opensslv.h> 2638 #define DATA "conftest.sslincver" 2639 ]], [[ 2640 FILE *fd; 2641 int rc; 2642 2643 fd = fopen(DATA,"w"); 2644 if(fd == NULL) 2645 exit(1); 2646 2647 if ((rc = fprintf(fd, "%08lx (%s)\n", 2648 (unsigned long)OPENSSL_VERSION_NUMBER, 2649 OPENSSL_VERSION_TEXT)) < 0) 2650 exit(1); 2651 2652 exit(0); 2653 ]])], 2654 [ 2655 ssl_header_ver=`cat conftest.sslincver` 2656 AC_MSG_RESULT([$ssl_header_ver]) 2657 ], 2658 [ 2659 AC_MSG_RESULT([not found]) 2660 AC_MSG_ERROR([OpenSSL version header not found.]) 2661 ], 2662 [ 2663 AC_MSG_WARN([cross compiling: not checking]) 2664 ] 2665 ) 2666 2667 # Determine OpenSSL library version 2668 AC_MSG_CHECKING([OpenSSL library version]) 2669 AC_RUN_IFELSE( 2670 [AC_LANG_PROGRAM([[ 2671 #include <stdio.h> 2672 #include <string.h> 2673 #include <openssl/opensslv.h> 2674 #include <openssl/crypto.h> 2675 #define DATA "conftest.ssllibver" 2676 ]], [[ 2677 FILE *fd; 2678 int rc; 2679 2680 fd = fopen(DATA,"w"); 2681 if(fd == NULL) 2682 exit(1); 2683 2684 if ((rc = fprintf(fd, "%08lx (%s)\n", (unsigned long)SSLeay(), 2685 SSLeay_version(SSLEAY_VERSION))) < 0) 2686 exit(1); 2687 2688 exit(0); 2689 ]])], 2690 [ 2691 ssl_library_ver=`cat conftest.ssllibver` 2692 # Check version is supported. 2693 case "$ssl_library_ver" in 2694 10000*|0*) 2695 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2696 ;; 2697 100*) ;; # 1.0.x 2698 200*) ;; # LibreSSL 2699 *) 2700 AC_MSG_ERROR([OpenSSL >= 1.1.0 is not yet supported (have "$ssl_library_ver")]) 2701 ;; 2702 esac 2703 AC_MSG_RESULT([$ssl_library_ver]) 2704 ], 2705 [ 2706 AC_MSG_RESULT([not found]) 2707 AC_MSG_ERROR([OpenSSL library not found.]) 2708 ], 2709 [ 2710 AC_MSG_WARN([cross compiling: not checking]) 2711 ] 2712 ) 2713 2714 # Sanity check OpenSSL headers 2715 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2716 AC_RUN_IFELSE( 2717 [AC_LANG_PROGRAM([[ 2718 #include <string.h> 2719 #include <openssl/opensslv.h> 2720 #include <openssl/crypto.h> 2721 ]], [[ 2722 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2723 ]])], 2724 [ 2725 AC_MSG_RESULT([yes]) 2726 ], 2727 [ 2728 AC_MSG_RESULT([no]) 2729 if test "x$openssl_check_nonfatal" = "x"; then 2730 AC_MSG_ERROR([Your OpenSSL headers do not match your 2731 library. Check config.log for details. 2732 If you are sure your installation is consistent, you can disable the check 2733 by running "./configure --without-openssl-header-check". 2734 Also see contrib/findssl.sh for help identifying header/library mismatches. 2735 ]) 2736 else 2737 AC_MSG_WARN([Your OpenSSL headers do not match your 2738 library. Check config.log for details. 2739 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2740 fi 2741 ], 2742 [ 2743 AC_MSG_WARN([cross compiling: not checking]) 2744 ] 2745 ) 2746 2747 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2748 AC_LINK_IFELSE( 2749 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2750 [[ SSLeay_add_all_algorithms(); ]])], 2751 [ 2752 AC_MSG_RESULT([yes]) 2753 ], 2754 [ 2755 AC_MSG_RESULT([no]) 2756 saved_LIBS="$LIBS" 2757 LIBS="$LIBS -ldl" 2758 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2759 AC_LINK_IFELSE( 2760 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2761 [[ SSLeay_add_all_algorithms(); ]])], 2762 [ 2763 AC_MSG_RESULT([yes]) 2764 ], 2765 [ 2766 AC_MSG_RESULT([no]) 2767 LIBS="$saved_LIBS" 2768 ] 2769 ) 2770 ] 2771 ) 2772 2773 AC_CHECK_FUNCS([ \ 2774 BN_is_prime_ex \ 2775 DSA_generate_parameters_ex \ 2776 EVP_DigestInit_ex \ 2777 EVP_DigestFinal_ex \ 2778 EVP_MD_CTX_init \ 2779 EVP_MD_CTX_cleanup \ 2780 EVP_MD_CTX_copy_ex \ 2781 HMAC_CTX_init \ 2782 RSA_generate_key_ex \ 2783 RSA_get_default_method \ 2784 ]) 2785 2786 if test "x$openssl_engine" = "xyes" ; then 2787 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2788 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2789 #include <openssl/engine.h> 2790 ]], [[ 2791 ENGINE_load_builtin_engines(); 2792 ENGINE_register_all_complete(); 2793 ]])], 2794 [ AC_MSG_RESULT([yes]) 2795 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2796 [Enable OpenSSL engine support]) 2797 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2798 ]) 2799 fi 2800 2801 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2802 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2803 AC_LINK_IFELSE( 2804 [AC_LANG_PROGRAM([[ 2805 #include <string.h> 2806 #include <openssl/evp.h> 2807 ]], [[ 2808 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2809 ]])], 2810 [ 2811 AC_MSG_RESULT([no]) 2812 ], 2813 [ 2814 AC_MSG_RESULT([yes]) 2815 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2816 [libcrypto is missing AES 192 and 256 bit functions]) 2817 ] 2818 ) 2819 2820 # Check for OpenSSL with EVP_aes_*ctr 2821 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2822 AC_LINK_IFELSE( 2823 [AC_LANG_PROGRAM([[ 2824 #include <string.h> 2825 #include <openssl/evp.h> 2826 ]], [[ 2827 exit(EVP_aes_128_ctr() == NULL || 2828 EVP_aes_192_cbc() == NULL || 2829 EVP_aes_256_cbc() == NULL); 2830 ]])], 2831 [ 2832 AC_MSG_RESULT([yes]) 2833 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2834 [libcrypto has EVP AES CTR]) 2835 ], 2836 [ 2837 AC_MSG_RESULT([no]) 2838 ] 2839 ) 2840 2841 # Check for OpenSSL with EVP_aes_*gcm 2842 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2843 AC_LINK_IFELSE( 2844 [AC_LANG_PROGRAM([[ 2845 #include <string.h> 2846 #include <openssl/evp.h> 2847 ]], [[ 2848 exit(EVP_aes_128_gcm() == NULL || 2849 EVP_aes_256_gcm() == NULL || 2850 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2851 EVP_CTRL_GCM_IV_GEN == 0 || 2852 EVP_CTRL_GCM_SET_TAG == 0 || 2853 EVP_CTRL_GCM_GET_TAG == 0 || 2854 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2855 ]])], 2856 [ 2857 AC_MSG_RESULT([yes]) 2858 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2859 [libcrypto has EVP AES GCM]) 2860 ], 2861 [ 2862 AC_MSG_RESULT([no]) 2863 unsupported_algorithms="$unsupported_cipers \ 2864 aes128-gcm@openssh.com \ 2865 aes256-gcm@openssh.com" 2866 ] 2867 ) 2868 2869 AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto], 2870 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1], 2871 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])]) 2872 2873 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2874 AC_LINK_IFELSE( 2875 [AC_LANG_PROGRAM([[ 2876 #include <string.h> 2877 #include <openssl/evp.h> 2878 ]], [[ 2879 if(EVP_DigestUpdate(NULL, NULL,0)) 2880 exit(0); 2881 ]])], 2882 [ 2883 AC_MSG_RESULT([yes]) 2884 ], 2885 [ 2886 AC_MSG_RESULT([no]) 2887 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2888 [Define if EVP_DigestUpdate returns void]) 2889 ] 2890 ) 2891 2892 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2893 # because the system crypt() is more featureful. 2894 if test "x$check_for_libcrypt_before" = "x1"; then 2895 AC_CHECK_LIB([crypt], [crypt]) 2896 fi 2897 2898 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2899 # version in OpenSSL. 2900 if test "x$check_for_libcrypt_later" = "x1"; then 2901 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2902 fi 2903 AC_CHECK_FUNCS([crypt DES_crypt]) 2904 2905 # Search for SHA256 support in libc and/or OpenSSL 2906 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], , 2907 [unsupported_algorithms="$unsupported_algorithms \ 2908 hmac-sha2-256 \ 2909 hmac-sha2-512 \ 2910 diffie-hellman-group-exchange-sha256 \ 2911 hmac-sha2-256-etm@openssh.com \ 2912 hmac-sha2-512-etm@openssh.com" 2913 ] 2914 ) 2915 # Search for RIPE-MD support in OpenSSL 2916 AC_CHECK_FUNCS([EVP_ripemd160], , 2917 [unsupported_algorithms="$unsupported_algorithms \ 2918 hmac-ripemd160 \ 2919 hmac-ripemd160@openssh.com \ 2920 hmac-ripemd160-etm@openssh.com" 2921 ] 2922 ) 2923 2924 # Check complete ECC support in OpenSSL 2925 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 2926 AC_LINK_IFELSE( 2927 [AC_LANG_PROGRAM([[ 2928 #include <openssl/ec.h> 2929 #include <openssl/ecdh.h> 2930 #include <openssl/ecdsa.h> 2931 #include <openssl/evp.h> 2932 #include <openssl/objects.h> 2933 #include <openssl/opensslv.h> 2934 ]], [[ 2935 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 2936 const EVP_MD *m = EVP_sha256(); /* We need this too */ 2937 ]])], 2938 [ AC_MSG_RESULT([yes]) 2939 enable_nistp256=1 ], 2940 [ AC_MSG_RESULT([no]) ] 2941 ) 2942 2943 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 2944 AC_LINK_IFELSE( 2945 [AC_LANG_PROGRAM([[ 2946 #include <openssl/ec.h> 2947 #include <openssl/ecdh.h> 2948 #include <openssl/ecdsa.h> 2949 #include <openssl/evp.h> 2950 #include <openssl/objects.h> 2951 #include <openssl/opensslv.h> 2952 ]], [[ 2953 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 2954 const EVP_MD *m = EVP_sha384(); /* We need this too */ 2955 ]])], 2956 [ AC_MSG_RESULT([yes]) 2957 enable_nistp384=1 ], 2958 [ AC_MSG_RESULT([no]) ] 2959 ) 2960 2961 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 2962 AC_LINK_IFELSE( 2963 [AC_LANG_PROGRAM([[ 2964 #include <openssl/ec.h> 2965 #include <openssl/ecdh.h> 2966 #include <openssl/ecdsa.h> 2967 #include <openssl/evp.h> 2968 #include <openssl/objects.h> 2969 #include <openssl/opensslv.h> 2970 ]], [[ 2971 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 2972 const EVP_MD *m = EVP_sha512(); /* We need this too */ 2973 ]])], 2974 [ AC_MSG_RESULT([yes]) 2975 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 2976 AC_RUN_IFELSE( 2977 [AC_LANG_PROGRAM([[ 2978 #include <openssl/ec.h> 2979 #include <openssl/ecdh.h> 2980 #include <openssl/ecdsa.h> 2981 #include <openssl/evp.h> 2982 #include <openssl/objects.h> 2983 #include <openssl/opensslv.h> 2984 ]],[[ 2985 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 2986 const EVP_MD *m = EVP_sha512(); /* We need this too */ 2987 exit(e == NULL || m == NULL); 2988 ]])], 2989 [ AC_MSG_RESULT([yes]) 2990 enable_nistp521=1 ], 2991 [ AC_MSG_RESULT([no]) ], 2992 [ AC_MSG_WARN([cross-compiling: assuming yes]) 2993 enable_nistp521=1 ] 2994 )], 2995 AC_MSG_RESULT([no]) 2996 ) 2997 2998 COMMENT_OUT_ECC="#no ecc#" 2999 TEST_SSH_ECC=no 3000 3001 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3002 test x$enable_nistp521 = x1; then 3003 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3004 fi 3005 if test x$enable_nistp256 = x1; then 3006 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3007 [libcrypto has NID_X9_62_prime256v1]) 3008 TEST_SSH_ECC=yes 3009 COMMENT_OUT_ECC="" 3010 else 3011 unsupported_algorithms="$unsupported_algorithms \ 3012 ecdsa-sha2-nistp256 \ 3013 ecdh-sha2-nistp256 \ 3014 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3015 fi 3016 if test x$enable_nistp384 = x1; then 3017 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3018 TEST_SSH_ECC=yes 3019 COMMENT_OUT_ECC="" 3020 else 3021 unsupported_algorithms="$unsupported_algorithms \ 3022 ecdsa-sha2-nistp384 \ 3023 ecdh-sha2-nistp384 \ 3024 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3025 fi 3026 if test x$enable_nistp521 = x1; then 3027 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3028 TEST_SSH_ECC=yes 3029 COMMENT_OUT_ECC="" 3030 else 3031 unsupported_algorithms="$unsupported_algorithms \ 3032 ecdh-sha2-nistp521 \ 3033 ecdsa-sha2-nistp521 \ 3034 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3035 fi 3036 3037 AC_SUBST([TEST_SSH_ECC]) 3038 AC_SUBST([COMMENT_OUT_ECC]) 3039else 3040 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3041 AC_CHECK_FUNCS([crypt]) 3042fi 3043 3044AC_CHECK_FUNCS([ \ 3045 arc4random \ 3046 arc4random_buf \ 3047 arc4random_stir \ 3048 arc4random_uniform \ 3049]) 3050 3051saved_LIBS="$LIBS" 3052AC_CHECK_LIB([iaf], [ia_openinfo], [ 3053 LIBS="$LIBS -liaf" 3054 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3055 AC_DEFINE([HAVE_LIBIAF], [1], 3056 [Define if system has libiaf that supports set_id]) 3057 ]) 3058]) 3059LIBS="$saved_LIBS" 3060 3061### Configure cryptographic random number support 3062 3063# Check wheter OpenSSL seeds itself 3064if test "x$openssl" = "xyes" ; then 3065 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3066 AC_RUN_IFELSE( 3067 [AC_LANG_PROGRAM([[ 3068 #include <string.h> 3069 #include <openssl/rand.h> 3070 ]], [[ 3071 exit(RAND_status() == 1 ? 0 : 1); 3072 ]])], 3073 [ 3074 OPENSSL_SEEDS_ITSELF=yes 3075 AC_MSG_RESULT([yes]) 3076 ], 3077 [ 3078 AC_MSG_RESULT([no]) 3079 ], 3080 [ 3081 AC_MSG_WARN([cross compiling: assuming yes]) 3082 # This is safe, since we will fatal() at runtime if 3083 # OpenSSL is not seeded correctly. 3084 OPENSSL_SEEDS_ITSELF=yes 3085 ] 3086 ) 3087fi 3088 3089# PRNGD TCP socket 3090AC_ARG_WITH([prngd-port], 3091 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3092 [ 3093 case "$withval" in 3094 no) 3095 withval="" 3096 ;; 3097 [[0-9]]*) 3098 ;; 3099 *) 3100 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3101 ;; 3102 esac 3103 if test ! -z "$withval" ; then 3104 PRNGD_PORT="$withval" 3105 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3106 [Port number of PRNGD/EGD random number socket]) 3107 fi 3108 ] 3109) 3110 3111# PRNGD Unix domain socket 3112AC_ARG_WITH([prngd-socket], 3113 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3114 [ 3115 case "$withval" in 3116 yes) 3117 withval="/var/run/egd-pool" 3118 ;; 3119 no) 3120 withval="" 3121 ;; 3122 /*) 3123 ;; 3124 *) 3125 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3126 ;; 3127 esac 3128 3129 if test ! -z "$withval" ; then 3130 if test ! -z "$PRNGD_PORT" ; then 3131 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3132 fi 3133 if test ! -r "$withval" ; then 3134 AC_MSG_WARN([Entropy socket is not readable]) 3135 fi 3136 PRNGD_SOCKET="$withval" 3137 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3138 [Location of PRNGD/EGD random number socket]) 3139 fi 3140 ], 3141 [ 3142 # Check for existing socket only if we don't have a random device already 3143 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3144 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3145 # Insert other locations here 3146 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3147 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3148 PRNGD_SOCKET="$sock" 3149 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3150 break; 3151 fi 3152 done 3153 if test ! -z "$PRNGD_SOCKET" ; then 3154 AC_MSG_RESULT([$PRNGD_SOCKET]) 3155 else 3156 AC_MSG_RESULT([not found]) 3157 fi 3158 fi 3159 ] 3160) 3161 3162# Which randomness source do we use? 3163if test ! -z "$PRNGD_PORT" ; then 3164 RAND_MSG="PRNGd port $PRNGD_PORT" 3165elif test ! -z "$PRNGD_SOCKET" ; then 3166 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3167elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3168 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3169 [Define if you want the OpenSSL internally seeded PRNG only]) 3170 RAND_MSG="OpenSSL internal ONLY" 3171elif test "x$openssl" = "xno" ; then 3172 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3173else 3174 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3175fi 3176 3177# Check for PAM libs 3178PAM_MSG="no" 3179AC_ARG_WITH([pam], 3180 [ --with-pam Enable PAM support ], 3181 [ 3182 if test "x$withval" != "xno" ; then 3183 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3184 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3185 AC_MSG_ERROR([PAM headers not found]) 3186 fi 3187 3188 saved_LIBS="$LIBS" 3189 AC_CHECK_LIB([dl], [dlopen], , ) 3190 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3191 AC_CHECK_FUNCS([pam_getenvlist]) 3192 AC_CHECK_FUNCS([pam_putenv]) 3193 LIBS="$saved_LIBS" 3194 3195 PAM_MSG="yes" 3196 3197 SSHDLIBS="$SSHDLIBS -lpam" 3198 AC_DEFINE([USE_PAM], [1], 3199 [Define if you want to enable PAM support]) 3200 3201 if test $ac_cv_lib_dl_dlopen = yes; then 3202 case "$LIBS" in 3203 *-ldl*) 3204 # libdl already in LIBS 3205 ;; 3206 *) 3207 SSHDLIBS="$SSHDLIBS -ldl" 3208 ;; 3209 esac 3210 fi 3211 fi 3212 ] 3213) 3214 3215AC_ARG_WITH([pam-service], 3216 [ --with-pam-service=name Specify PAM service name ], 3217 [ 3218 if test "x$withval" != "xno" && \ 3219 test "x$withval" != "xyes" ; then 3220 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3221 ["$withval"], [sshd PAM service name]) 3222 fi 3223 ] 3224) 3225 3226# Check for older PAM 3227if test "x$PAM_MSG" = "xyes" ; then 3228 # Check PAM strerror arguments (old PAM) 3229 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3230 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3231#include <stdlib.h> 3232#if defined(HAVE_SECURITY_PAM_APPL_H) 3233#include <security/pam_appl.h> 3234#elif defined (HAVE_PAM_PAM_APPL_H) 3235#include <pam/pam_appl.h> 3236#endif 3237 ]], [[ 3238(void)pam_strerror((pam_handle_t *)NULL, -1); 3239 ]])], [AC_MSG_RESULT([no])], [ 3240 AC_DEFINE([HAVE_OLD_PAM], [1], 3241 [Define if you have an old version of PAM 3242 which takes only one argument to pam_strerror]) 3243 AC_MSG_RESULT([yes]) 3244 PAM_MSG="yes (old library)" 3245 3246 ]) 3247fi 3248 3249case "$host" in 3250*-*-cygwin*) 3251 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3252 ;; 3253*) 3254 SSH_PRIVSEP_USER=sshd 3255 ;; 3256esac 3257AC_ARG_WITH([privsep-user], 3258 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3259 [ 3260 if test -n "$withval" && test "x$withval" != "xno" && \ 3261 test "x${withval}" != "xyes"; then 3262 SSH_PRIVSEP_USER=$withval 3263 fi 3264 ] 3265) 3266if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3267 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3268 [Cygwin function to fetch non-privileged user for privilege separation]) 3269else 3270 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3271 [non-privileged user for privilege separation]) 3272fi 3273AC_SUBST([SSH_PRIVSEP_USER]) 3274 3275if test "x$have_linux_no_new_privs" = "x1" ; then 3276AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3277 #include <sys/types.h> 3278 #include <linux/seccomp.h> 3279]) 3280fi 3281if test "x$have_seccomp_filter" = "x1" ; then 3282AC_MSG_CHECKING([kernel for seccomp_filter support]) 3283AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3284 #include <errno.h> 3285 #include <elf.h> 3286 #include <linux/audit.h> 3287 #include <linux/seccomp.h> 3288 #include <stdlib.h> 3289 #include <sys/prctl.h> 3290 ]], 3291 [[ int i = $seccomp_audit_arch; 3292 errno = 0; 3293 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3294 exit(errno == EFAULT ? 0 : 1); ]])], 3295 [ AC_MSG_RESULT([yes]) ], [ 3296 AC_MSG_RESULT([no]) 3297 # Disable seccomp filter as a target 3298 have_seccomp_filter=0 3299 ] 3300) 3301fi 3302 3303# Decide which sandbox style to use 3304sandbox_arg="" 3305AC_ARG_WITH([sandbox], 3306 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3307 [ 3308 if test "x$withval" = "xyes" ; then 3309 sandbox_arg="" 3310 else 3311 sandbox_arg="$withval" 3312 fi 3313 ] 3314) 3315 3316# Some platforms (seems to be the ones that have a kernel poll(2)-type 3317# function with which they implement select(2)) use an extra file descriptor 3318# when calling select(2), which means we can't use the rlimit sandbox. 3319AC_MSG_CHECKING([if select works with descriptor rlimit]) 3320AC_RUN_IFELSE( 3321 [AC_LANG_PROGRAM([[ 3322#include <sys/types.h> 3323#ifdef HAVE_SYS_TIME_H 3324# include <sys/time.h> 3325#endif 3326#include <sys/resource.h> 3327#ifdef HAVE_SYS_SELECT_H 3328# include <sys/select.h> 3329#endif 3330#include <errno.h> 3331#include <fcntl.h> 3332#include <stdlib.h> 3333 ]],[[ 3334 struct rlimit rl_zero; 3335 int fd, r; 3336 fd_set fds; 3337 struct timeval tv; 3338 3339 fd = open("/dev/null", O_RDONLY); 3340 FD_ZERO(&fds); 3341 FD_SET(fd, &fds); 3342 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3343 setrlimit(RLIMIT_FSIZE, &rl_zero); 3344 setrlimit(RLIMIT_NOFILE, &rl_zero); 3345 tv.tv_sec = 1; 3346 tv.tv_usec = 0; 3347 r = select(fd+1, &fds, NULL, NULL, &tv); 3348 exit (r == -1 ? 1 : 0); 3349 ]])], 3350 [AC_MSG_RESULT([yes]) 3351 select_works_with_rlimit=yes], 3352 [AC_MSG_RESULT([no]) 3353 select_works_with_rlimit=no], 3354 [AC_MSG_WARN([cross compiling: assuming yes]) 3355 select_works_with_rlimit=yes] 3356) 3357 3358AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3359AC_RUN_IFELSE( 3360 [AC_LANG_PROGRAM([[ 3361#include <sys/types.h> 3362#ifdef HAVE_SYS_TIME_H 3363# include <sys/time.h> 3364#endif 3365#include <sys/resource.h> 3366#include <errno.h> 3367#include <stdlib.h> 3368 ]],[[ 3369 struct rlimit rl_zero; 3370 int fd, r; 3371 fd_set fds; 3372 3373 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3374 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3375 exit (r == -1 ? 1 : 0); 3376 ]])], 3377 [AC_MSG_RESULT([yes]) 3378 rlimit_nofile_zero_works=yes], 3379 [AC_MSG_RESULT([no]) 3380 rlimit_nofile_zero_works=no], 3381 [AC_MSG_WARN([cross compiling: assuming yes]) 3382 rlimit_nofile_zero_works=yes] 3383) 3384 3385AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3386AC_RUN_IFELSE( 3387 [AC_LANG_PROGRAM([[ 3388#include <sys/types.h> 3389#include <sys/resource.h> 3390#include <stdlib.h> 3391 ]],[[ 3392 struct rlimit rl_zero; 3393 3394 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3395 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3396 ]])], 3397 [AC_MSG_RESULT([yes])], 3398 [AC_MSG_RESULT([no]) 3399 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3400 [setrlimit RLIMIT_FSIZE works])], 3401 [AC_MSG_WARN([cross compiling: assuming yes])] 3402) 3403 3404if test "x$sandbox_arg" = "xpledge" || \ 3405 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3406 test "x$ac_cv_func_pledge" != "xyes" && \ 3407 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3408 SANDBOX_STYLE="pledge" 3409 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3410elif test "x$sandbox_arg" = "xsystrace" || \ 3411 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3412 test "x$have_systr_policy_kill" != "x1" && \ 3413 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3414 SANDBOX_STYLE="systrace" 3415 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3416elif test "x$sandbox_arg" = "xdarwin" || \ 3417 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3418 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3419 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3420 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3421 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3422 SANDBOX_STYLE="darwin" 3423 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3424elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3425 ( test -z "$sandbox_arg" && \ 3426 test "x$have_seccomp_filter" = "x1" && \ 3427 test "x$ac_cv_header_elf_h" = "xyes" && \ 3428 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3429 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3430 test "x$seccomp_audit_arch" != "x" && \ 3431 test "x$have_linux_no_new_privs" = "x1" && \ 3432 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3433 test "x$seccomp_audit_arch" = "x" && \ 3434 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3435 test "x$have_linux_no_new_privs" != "x1" && \ 3436 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3437 test "x$have_seccomp_filter" != "x1" && \ 3438 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3439 test "x$ac_cv_func_prctl" != "xyes" && \ 3440 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3441 SANDBOX_STYLE="seccomp_filter" 3442 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3443elif test "x$sandbox_arg" = "xcapsicum" || \ 3444 ( test -z "$sandbox_arg" && \ 3445 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3446 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3447 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3448 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3449 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3450 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3451 SANDBOX_STYLE="capsicum" 3452 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3453elif test "x$sandbox_arg" = "xrlimit" || \ 3454 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3455 test "x$select_works_with_rlimit" = "xyes" && \ 3456 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3457 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3458 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3459 test "x$select_works_with_rlimit" != "xyes" && \ 3460 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3461 SANDBOX_STYLE="rlimit" 3462 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3463elif test "x$sandbox_arg" = "xsolaris" || \ 3464 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3465 SANDBOX_STYLE="solaris" 3466 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3467elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3468 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3469 SANDBOX_STYLE="none" 3470 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3471else 3472 AC_MSG_ERROR([unsupported --with-sandbox]) 3473fi 3474 3475# Cheap hack to ensure NEWS-OS libraries are arranged right. 3476if test ! -z "$SONY" ; then 3477 LIBS="$LIBS -liberty"; 3478fi 3479 3480# Check for long long datatypes 3481AC_CHECK_TYPES([long long, unsigned long long, long double]) 3482 3483# Check datatype sizes 3484AC_CHECK_SIZEOF([short int], [2]) 3485AC_CHECK_SIZEOF([int], [4]) 3486AC_CHECK_SIZEOF([long int], [4]) 3487AC_CHECK_SIZEOF([long long int], [8]) 3488 3489# Sanity check long long for some platforms (AIX) 3490if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3491 ac_cv_sizeof_long_long_int=0 3492fi 3493 3494# compute LLONG_MIN and LLONG_MAX if we don't know them. 3495if test -z "$have_llong_max"; then 3496 AC_MSG_CHECKING([for max value of long long]) 3497 AC_RUN_IFELSE( 3498 [AC_LANG_PROGRAM([[ 3499#include <stdio.h> 3500/* Why is this so damn hard? */ 3501#ifdef __GNUC__ 3502# undef __GNUC__ 3503#endif 3504#define __USE_ISOC99 3505#include <limits.h> 3506#define DATA "conftest.llminmax" 3507#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3508 3509/* 3510 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3511 * we do this the hard way. 3512 */ 3513static int 3514fprint_ll(FILE *f, long long n) 3515{ 3516 unsigned int i; 3517 int l[sizeof(long long) * 8]; 3518 3519 if (n < 0) 3520 if (fprintf(f, "-") < 0) 3521 return -1; 3522 for (i = 0; n != 0; i++) { 3523 l[i] = my_abs(n % 10); 3524 n /= 10; 3525 } 3526 do { 3527 if (fprintf(f, "%d", l[--i]) < 0) 3528 return -1; 3529 } while (i != 0); 3530 if (fprintf(f, " ") < 0) 3531 return -1; 3532 return 0; 3533} 3534 ]], [[ 3535 FILE *f; 3536 long long i, llmin, llmax = 0; 3537 3538 if((f = fopen(DATA,"w")) == NULL) 3539 exit(1); 3540 3541#if defined(LLONG_MIN) && defined(LLONG_MAX) 3542 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3543 llmin = LLONG_MIN; 3544 llmax = LLONG_MAX; 3545#else 3546 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3547 /* This will work on one's complement and two's complement */ 3548 for (i = 1; i > llmax; i <<= 1, i++) 3549 llmax = i; 3550 llmin = llmax + 1LL; /* wrap */ 3551#endif 3552 3553 /* Sanity check */ 3554 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3555 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3556 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3557 fprintf(f, "unknown unknown\n"); 3558 exit(2); 3559 } 3560 3561 if (fprint_ll(f, llmin) < 0) 3562 exit(3); 3563 if (fprint_ll(f, llmax) < 0) 3564 exit(4); 3565 if (fclose(f) < 0) 3566 exit(5); 3567 exit(0); 3568 ]])], 3569 [ 3570 llong_min=`$AWK '{print $1}' conftest.llminmax` 3571 llong_max=`$AWK '{print $2}' conftest.llminmax` 3572 3573 AC_MSG_RESULT([$llong_max]) 3574 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3575 [max value of long long calculated by configure]) 3576 AC_MSG_CHECKING([for min value of long long]) 3577 AC_MSG_RESULT([$llong_min]) 3578 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3579 [min value of long long calculated by configure]) 3580 ], 3581 [ 3582 AC_MSG_RESULT([not found]) 3583 ], 3584 [ 3585 AC_MSG_WARN([cross compiling: not checking]) 3586 ] 3587 ) 3588fi 3589 3590 3591# More checks for data types 3592AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3593 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3594 [[ u_int a; a = 1;]])], 3595 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3596 ]) 3597]) 3598if test "x$ac_cv_have_u_int" = "xyes" ; then 3599 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3600 have_u_int=1 3601fi 3602 3603AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3604 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3605 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3606 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3607 ]) 3608]) 3609if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3610 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3611 have_intxx_t=1 3612fi 3613 3614if (test -z "$have_intxx_t" && \ 3615 test "x$ac_cv_header_stdint_h" = "xyes") 3616then 3617 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3618 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3619 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3620 [ 3621 AC_DEFINE([HAVE_INTXX_T]) 3622 AC_MSG_RESULT([yes]) 3623 ], [ AC_MSG_RESULT([no]) 3624 ]) 3625fi 3626 3627AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3628 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3629#include <sys/types.h> 3630#ifdef HAVE_STDINT_H 3631# include <stdint.h> 3632#endif 3633#include <sys/socket.h> 3634#ifdef HAVE_SYS_BITYPES_H 3635# include <sys/bitypes.h> 3636#endif 3637 ]], [[ 3638int64_t a; a = 1; 3639 ]])], 3640 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3641 ]) 3642]) 3643if test "x$ac_cv_have_int64_t" = "xyes" ; then 3644 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3645fi 3646 3647AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3648 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3649 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3650 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3651 ]) 3652]) 3653if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3654 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3655 have_u_intxx_t=1 3656fi 3657 3658if test -z "$have_u_intxx_t" ; then 3659 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3660 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3661 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3662 [ 3663 AC_DEFINE([HAVE_U_INTXX_T]) 3664 AC_MSG_RESULT([yes]) 3665 ], [ AC_MSG_RESULT([no]) 3666 ]) 3667fi 3668 3669AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3670 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3671 [[ u_int64_t a; a = 1;]])], 3672 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3673 ]) 3674]) 3675if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3676 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3677 have_u_int64_t=1 3678fi 3679 3680if (test -z "$have_u_int64_t" && \ 3681 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3682then 3683 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3684 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3685 [[ u_int64_t a; a = 1]])], 3686 [ 3687 AC_DEFINE([HAVE_U_INT64_T]) 3688 AC_MSG_RESULT([yes]) 3689 ], [ AC_MSG_RESULT([no]) 3690 ]) 3691fi 3692 3693if test -z "$have_u_intxx_t" ; then 3694 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3695 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3696#include <sys/types.h> 3697 ]], [[ 3698 uint8_t a; 3699 uint16_t b; 3700 uint32_t c; 3701 a = b = c = 1; 3702 ]])], 3703 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3704 ]) 3705 ]) 3706 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3707 AC_DEFINE([HAVE_UINTXX_T], [1], 3708 [define if you have uintxx_t data type]) 3709 fi 3710fi 3711 3712if (test -z "$have_uintxx_t" && \ 3713 test "x$ac_cv_header_stdint_h" = "xyes") 3714then 3715 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3716 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3717 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3718 [ 3719 AC_DEFINE([HAVE_UINTXX_T]) 3720 AC_MSG_RESULT([yes]) 3721 ], [ AC_MSG_RESULT([no]) 3722 ]) 3723fi 3724 3725if (test -z "$have_uintxx_t" && \ 3726 test "x$ac_cv_header_inttypes_h" = "xyes") 3727then 3728 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3729 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3730 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3731 [ 3732 AC_DEFINE([HAVE_UINTXX_T]) 3733 AC_MSG_RESULT([yes]) 3734 ], [ AC_MSG_RESULT([no]) 3735 ]) 3736fi 3737 3738if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3739 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3740then 3741 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3742 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3743#include <sys/bitypes.h> 3744 ]], [[ 3745 int8_t a; int16_t b; int32_t c; 3746 u_int8_t e; u_int16_t f; u_int32_t g; 3747 a = b = c = e = f = g = 1; 3748 ]])], 3749 [ 3750 AC_DEFINE([HAVE_U_INTXX_T]) 3751 AC_DEFINE([HAVE_INTXX_T]) 3752 AC_MSG_RESULT([yes]) 3753 ], [AC_MSG_RESULT([no]) 3754 ]) 3755fi 3756 3757 3758AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3759 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3760 [[ u_char foo; foo = 125; ]])], 3761 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3762 ]) 3763]) 3764if test "x$ac_cv_have_u_char" = "xyes" ; then 3765 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3766fi 3767 3768AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3769#include <sys/types.h> 3770#include <stdint.h> 3771]) 3772 3773TYPE_SOCKLEN_T 3774 3775AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3776AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3777#include <sys/types.h> 3778#ifdef HAVE_SYS_BITYPES_H 3779#include <sys/bitypes.h> 3780#endif 3781#ifdef HAVE_SYS_STATFS_H 3782#include <sys/statfs.h> 3783#endif 3784#ifdef HAVE_SYS_STATVFS_H 3785#include <sys/statvfs.h> 3786#endif 3787]) 3788 3789AC_CHECK_MEMBERS([struct statfs.f_flags], [], [], [[ 3790#include <sys/types.h> 3791#ifdef HAVE_SYS_BITYPES_H 3792#include <sys/bitypes.h> 3793#endif 3794#ifdef HAVE_SYS_STATFS_H 3795#include <sys/statfs.h> 3796#endif 3797#ifdef HAVE_SYS_STATVFS_H 3798#include <sys/statvfs.h> 3799#endif 3800#ifdef HAVE_SYS_VFS_H 3801#include <sys/vfs.h> 3802#endif 3803]]) 3804 3805 3806AC_CHECK_TYPES([in_addr_t, in_port_t], , , 3807[#include <sys/types.h> 3808#include <netinet/in.h>]) 3809 3810AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3811 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3812 [[ size_t foo; foo = 1235; ]])], 3813 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 3814 ]) 3815]) 3816if test "x$ac_cv_have_size_t" = "xyes" ; then 3817 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 3818fi 3819 3820AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 3821 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3822 [[ ssize_t foo; foo = 1235; ]])], 3823 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 3824 ]) 3825]) 3826if test "x$ac_cv_have_ssize_t" = "xyes" ; then 3827 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 3828fi 3829 3830AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 3831 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 3832 [[ clock_t foo; foo = 1235; ]])], 3833 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 3834 ]) 3835]) 3836if test "x$ac_cv_have_clock_t" = "xyes" ; then 3837 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 3838fi 3839 3840AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 3841 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3842#include <sys/types.h> 3843#include <sys/socket.h> 3844 ]], [[ sa_family_t foo; foo = 1235; ]])], 3845 [ ac_cv_have_sa_family_t="yes" ], 3846 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3847#include <sys/types.h> 3848#include <sys/socket.h> 3849#include <netinet/in.h> 3850 ]], [[ sa_family_t foo; foo = 1235; ]])], 3851 [ ac_cv_have_sa_family_t="yes" ], 3852 [ ac_cv_have_sa_family_t="no" ] 3853 ) 3854 ]) 3855]) 3856if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 3857 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 3858 [define if you have sa_family_t data type]) 3859fi 3860 3861AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 3862 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3863 [[ pid_t foo; foo = 1235; ]])], 3864 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 3865 ]) 3866]) 3867if test "x$ac_cv_have_pid_t" = "xyes" ; then 3868 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 3869fi 3870 3871AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 3872 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3873 [[ mode_t foo; foo = 1235; ]])], 3874 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 3875 ]) 3876]) 3877if test "x$ac_cv_have_mode_t" = "xyes" ; then 3878 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 3879fi 3880 3881 3882AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 3883 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3884#include <sys/types.h> 3885#include <sys/socket.h> 3886 ]], [[ struct sockaddr_storage s; ]])], 3887 [ ac_cv_have_struct_sockaddr_storage="yes" ], 3888 [ ac_cv_have_struct_sockaddr_storage="no" 3889 ]) 3890]) 3891if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 3892 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 3893 [define if you have struct sockaddr_storage data type]) 3894fi 3895 3896AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 3897 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3898#include <sys/types.h> 3899#include <netinet/in.h> 3900 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 3901 [ ac_cv_have_struct_sockaddr_in6="yes" ], 3902 [ ac_cv_have_struct_sockaddr_in6="no" 3903 ]) 3904]) 3905if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 3906 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 3907 [define if you have struct sockaddr_in6 data type]) 3908fi 3909 3910AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 3911 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3912#include <sys/types.h> 3913#include <netinet/in.h> 3914 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 3915 [ ac_cv_have_struct_in6_addr="yes" ], 3916 [ ac_cv_have_struct_in6_addr="no" 3917 ]) 3918]) 3919if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 3920 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 3921 [define if you have struct in6_addr data type]) 3922 3923dnl Now check for sin6_scope_id 3924 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 3925 [ 3926#ifdef HAVE_SYS_TYPES_H 3927#include <sys/types.h> 3928#endif 3929#include <netinet/in.h> 3930 ]) 3931fi 3932 3933AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 3934 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3935#include <sys/types.h> 3936#include <sys/socket.h> 3937#include <netdb.h> 3938 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 3939 [ ac_cv_have_struct_addrinfo="yes" ], 3940 [ ac_cv_have_struct_addrinfo="no" 3941 ]) 3942]) 3943if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 3944 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 3945 [define if you have struct addrinfo data type]) 3946fi 3947 3948AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 3949 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 3950 [[ struct timeval tv; tv.tv_sec = 1;]])], 3951 [ ac_cv_have_struct_timeval="yes" ], 3952 [ ac_cv_have_struct_timeval="no" 3953 ]) 3954]) 3955if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 3956 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 3957 have_struct_timeval=1 3958fi 3959 3960AC_CHECK_TYPES([struct timespec]) 3961 3962# We need int64_t or else certian parts of the compile will fail. 3963if test "x$ac_cv_have_int64_t" = "xno" && \ 3964 test "x$ac_cv_sizeof_long_int" != "x8" && \ 3965 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 3966 echo "OpenSSH requires int64_t support. Contact your vendor or install" 3967 echo "an alternative compiler (I.E., GCC) before continuing." 3968 echo "" 3969 exit 1; 3970else 3971dnl test snprintf (broken on SCO w/gcc) 3972 AC_RUN_IFELSE( 3973 [AC_LANG_SOURCE([[ 3974#include <stdio.h> 3975#include <string.h> 3976#ifdef HAVE_SNPRINTF 3977main() 3978{ 3979 char buf[50]; 3980 char expected_out[50]; 3981 int mazsize = 50 ; 3982#if (SIZEOF_LONG_INT == 8) 3983 long int num = 0x7fffffffffffffff; 3984#else 3985 long long num = 0x7fffffffffffffffll; 3986#endif 3987 strcpy(expected_out, "9223372036854775807"); 3988 snprintf(buf, mazsize, "%lld", num); 3989 if(strcmp(buf, expected_out) != 0) 3990 exit(1); 3991 exit(0); 3992} 3993#else 3994main() { exit(0); } 3995#endif 3996 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 3997 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 3998 ) 3999fi 4000 4001dnl Checks for structure members 4002OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4003OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4004OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4005OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4006OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4007OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4008OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4009OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4010OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4011OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4012OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4013OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4014OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4015OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4016OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4017OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4018OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4019 4020AC_CHECK_MEMBERS([struct stat.st_blksize]) 4021AC_CHECK_MEMBERS([struct stat.st_mtim]) 4022AC_CHECK_MEMBERS([struct stat.st_mtime]) 4023AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4024struct passwd.pw_change, struct passwd.pw_expire], 4025[], [], [[ 4026#include <sys/types.h> 4027#include <pwd.h> 4028]]) 4029 4030AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4031 [Define if we don't have struct __res_state in resolv.h])], 4032[[ 4033#include <stdio.h> 4034#if HAVE_SYS_TYPES_H 4035# include <sys/types.h> 4036#endif 4037#include <netinet/in.h> 4038#include <arpa/nameser.h> 4039#include <resolv.h> 4040]]) 4041 4042AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4043 ac_cv_have_ss_family_in_struct_ss, [ 4044 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4045#include <sys/types.h> 4046#include <sys/socket.h> 4047 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4048 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4049 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4050]) 4051if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4052 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4053fi 4054 4055AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4056 ac_cv_have___ss_family_in_struct_ss, [ 4057 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4058#include <sys/types.h> 4059#include <sys/socket.h> 4060 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4061 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4062 [ ac_cv_have___ss_family_in_struct_ss="no" 4063 ]) 4064]) 4065if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4066 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4067 [Fields in struct sockaddr_storage]) 4068fi 4069 4070dnl make sure we're using the real structure members and not defines 4071AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4072 ac_cv_have_accrights_in_msghdr, [ 4073 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4074#include <sys/types.h> 4075#include <sys/socket.h> 4076#include <sys/uio.h> 4077 ]], [[ 4078#ifdef msg_accrights 4079#error "msg_accrights is a macro" 4080exit(1); 4081#endif 4082struct msghdr m; 4083m.msg_accrights = 0; 4084exit(0); 4085 ]])], 4086 [ ac_cv_have_accrights_in_msghdr="yes" ], 4087 [ ac_cv_have_accrights_in_msghdr="no" ] 4088 ) 4089]) 4090if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4091 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4092 [Define if your system uses access rights style 4093 file descriptor passing]) 4094fi 4095 4096AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4097AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4098#include <sys/param.h> 4099#include <sys/stat.h> 4100#ifdef HAVE_SYS_TIME_H 4101# include <sys/time.h> 4102#endif 4103#ifdef HAVE_SYS_MOUNT_H 4104#include <sys/mount.h> 4105#endif 4106#ifdef HAVE_SYS_STATVFS_H 4107#include <sys/statvfs.h> 4108#endif 4109 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4110 [ AC_MSG_RESULT([yes]) ], 4111 [ AC_MSG_RESULT([no]) 4112 4113 AC_MSG_CHECKING([if fsid_t has member val]) 4114 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4115#include <sys/types.h> 4116#include <sys/statvfs.h> 4117 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4118 [ AC_MSG_RESULT([yes]) 4119 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4120 [ AC_MSG_RESULT([no]) ]) 4121 4122 AC_MSG_CHECKING([if f_fsid has member __val]) 4123 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4124#include <sys/types.h> 4125#include <sys/statvfs.h> 4126 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4127 [ AC_MSG_RESULT([yes]) 4128 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4129 [ AC_MSG_RESULT([no]) ]) 4130]) 4131 4132AC_CACHE_CHECK([for msg_control field in struct msghdr], 4133 ac_cv_have_control_in_msghdr, [ 4134 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4135#include <sys/types.h> 4136#include <sys/socket.h> 4137#include <sys/uio.h> 4138 ]], [[ 4139#ifdef msg_control 4140#error "msg_control is a macro" 4141exit(1); 4142#endif 4143struct msghdr m; 4144m.msg_control = 0; 4145exit(0); 4146 ]])], 4147 [ ac_cv_have_control_in_msghdr="yes" ], 4148 [ ac_cv_have_control_in_msghdr="no" ] 4149 ) 4150]) 4151if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4152 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4153 [Define if your system uses ancillary data style 4154 file descriptor passing]) 4155fi 4156 4157AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4158 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4159 [[ extern char *__progname; printf("%s", __progname); ]])], 4160 [ ac_cv_libc_defines___progname="yes" ], 4161 [ ac_cv_libc_defines___progname="no" 4162 ]) 4163]) 4164if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4165 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4166fi 4167 4168AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4169 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4170 [[ printf("%s", __FUNCTION__); ]])], 4171 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4172 [ ac_cv_cc_implements___FUNCTION__="no" 4173 ]) 4174]) 4175if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4176 AC_DEFINE([HAVE___FUNCTION__], [1], 4177 [Define if compiler implements __FUNCTION__]) 4178fi 4179 4180AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4181 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4182 [[ printf("%s", __func__); ]])], 4183 [ ac_cv_cc_implements___func__="yes" ], 4184 [ ac_cv_cc_implements___func__="no" 4185 ]) 4186]) 4187if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4188 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4189fi 4190 4191AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4192 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4193#include <stdarg.h> 4194va_list x,y; 4195 ]], [[ va_copy(x,y); ]])], 4196 [ ac_cv_have_va_copy="yes" ], 4197 [ ac_cv_have_va_copy="no" 4198 ]) 4199]) 4200if test "x$ac_cv_have_va_copy" = "xyes" ; then 4201 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4202fi 4203 4204AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4205 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4206#include <stdarg.h> 4207va_list x,y; 4208 ]], [[ __va_copy(x,y); ]])], 4209 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4210 ]) 4211]) 4212if test "x$ac_cv_have___va_copy" = "xyes" ; then 4213 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4214fi 4215 4216AC_CACHE_CHECK([whether getopt has optreset support], 4217 ac_cv_have_getopt_optreset, [ 4218 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4219 [[ extern int optreset; optreset = 0; ]])], 4220 [ ac_cv_have_getopt_optreset="yes" ], 4221 [ ac_cv_have_getopt_optreset="no" 4222 ]) 4223]) 4224if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4225 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4226 [Define if your getopt(3) defines and uses optreset]) 4227fi 4228 4229AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4230 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4231[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4232 [ ac_cv_libc_defines_sys_errlist="yes" ], 4233 [ ac_cv_libc_defines_sys_errlist="no" 4234 ]) 4235]) 4236if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4237 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4238 [Define if your system defines sys_errlist[]]) 4239fi 4240 4241 4242AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4243 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4244[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4245 [ ac_cv_libc_defines_sys_nerr="yes" ], 4246 [ ac_cv_libc_defines_sys_nerr="no" 4247 ]) 4248]) 4249if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4250 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4251fi 4252 4253# Check libraries needed by DNS fingerprint support 4254AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4255 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4256 [Define if getrrsetbyname() exists])], 4257 [ 4258 # Needed by our getrrsetbyname() 4259 AC_SEARCH_LIBS([res_query], [resolv]) 4260 AC_SEARCH_LIBS([dn_expand], [resolv]) 4261 AC_MSG_CHECKING([if res_query will link]) 4262 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4263#include <sys/types.h> 4264#include <netinet/in.h> 4265#include <arpa/nameser.h> 4266#include <netdb.h> 4267#include <resolv.h> 4268 ]], [[ 4269 res_query (0, 0, 0, 0, 0); 4270 ]])], 4271 AC_MSG_RESULT([yes]), 4272 [AC_MSG_RESULT([no]) 4273 saved_LIBS="$LIBS" 4274 LIBS="$LIBS -lresolv" 4275 AC_MSG_CHECKING([for res_query in -lresolv]) 4276 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4277#include <sys/types.h> 4278#include <netinet/in.h> 4279#include <arpa/nameser.h> 4280#include <netdb.h> 4281#include <resolv.h> 4282 ]], [[ 4283 res_query (0, 0, 0, 0, 0); 4284 ]])], 4285 [AC_MSG_RESULT([yes])], 4286 [LIBS="$saved_LIBS" 4287 AC_MSG_RESULT([no])]) 4288 ]) 4289 AC_CHECK_FUNCS([_getshort _getlong]) 4290 AC_CHECK_DECLS([_getshort, _getlong], , , 4291 [#include <sys/types.h> 4292 #include <arpa/nameser.h>]) 4293 AC_CHECK_MEMBER([HEADER.ad], 4294 [AC_DEFINE([HAVE_HEADER_AD], [1], 4295 [Define if HEADER.ad exists in arpa/nameser.h])], , 4296 [#include <arpa/nameser.h>]) 4297 ]) 4298 4299AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4300AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4301#include <stdio.h> 4302#if HAVE_SYS_TYPES_H 4303# include <sys/types.h> 4304#endif 4305#include <netinet/in.h> 4306#include <arpa/nameser.h> 4307#include <resolv.h> 4308extern struct __res_state _res; 4309 ]], [[ 4310struct __res_state *volatile p = &_res; /* force resolution of _res */ 4311return 0; 4312 ]],)], 4313 [AC_MSG_RESULT([yes]) 4314 AC_DEFINE([HAVE__RES_EXTERN], [1], 4315 [Define if you have struct __res_state _res as an extern]) 4316 ], 4317 [ AC_MSG_RESULT([no]) ] 4318) 4319 4320# Check whether user wants SELinux support 4321SELINUX_MSG="no" 4322LIBSELINUX="" 4323AC_ARG_WITH([selinux], 4324 [ --with-selinux Enable SELinux support], 4325 [ if test "x$withval" != "xno" ; then 4326 save_LIBS="$LIBS" 4327 AC_DEFINE([WITH_SELINUX], [1], 4328 [Define if you want SELinux support.]) 4329 SELINUX_MSG="yes" 4330 AC_CHECK_HEADER([selinux/selinux.h], , 4331 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4332 AC_CHECK_LIB([selinux], [setexeccon], 4333 [ LIBSELINUX="-lselinux" 4334 LIBS="$LIBS -lselinux" 4335 ], 4336 AC_MSG_ERROR([SELinux support requires libselinux library])) 4337 SSHLIBS="$SSHLIBS $LIBSELINUX" 4338 SSHDLIBS="$SSHDLIBS $LIBSELINUX" 4339 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4340 LIBS="$save_LIBS" 4341 fi ] 4342) 4343AC_SUBST([SSHLIBS]) 4344AC_SUBST([SSHDLIBS]) 4345 4346# Check whether user wants Kerberos 5 support 4347KRB5_MSG="no" 4348AC_ARG_WITH([kerberos5], 4349 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4350 [ if test "x$withval" != "xno" ; then 4351 if test "x$withval" = "xyes" ; then 4352 KRB5ROOT="/usr/local" 4353 else 4354 KRB5ROOT=${withval} 4355 fi 4356 4357 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4358 KRB5_MSG="yes" 4359 4360 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4361 [$KRB5ROOT/bin/krb5-config], 4362 [$KRB5ROOT/bin:$PATH]) 4363 if test -x $KRB5CONF ; then 4364 K5CFLAGS="`$KRB5CONF --cflags`" 4365 K5LIBS="`$KRB5CONF --libs`" 4366 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4367 4368 AC_MSG_CHECKING([for gssapi support]) 4369 if $KRB5CONF | grep gssapi >/dev/null ; then 4370 AC_MSG_RESULT([yes]) 4371 AC_DEFINE([GSSAPI], [1], 4372 [Define this if you want GSSAPI 4373 support in the version 2 protocol]) 4374 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4375 GSSLIBS="`$KRB5CONF --libs gssapi`" 4376 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4377 else 4378 AC_MSG_RESULT([no]) 4379 fi 4380 AC_MSG_CHECKING([whether we are using Heimdal]) 4381 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4382 ]], [[ char *tmp = heimdal_version; ]])], 4383 [ AC_MSG_RESULT([yes]) 4384 AC_DEFINE([HEIMDAL], [1], 4385 [Define this if you are using the Heimdal 4386 version of Kerberos V5]) ], 4387 [AC_MSG_RESULT([no]) 4388 ]) 4389 else 4390 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4391 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4392 AC_MSG_CHECKING([whether we are using Heimdal]) 4393 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4394 ]], [[ char *tmp = heimdal_version; ]])], 4395 [ AC_MSG_RESULT([yes]) 4396 AC_DEFINE([HEIMDAL]) 4397 K5LIBS="-lkrb5" 4398 K5LIBS="$K5LIBS -lcom_err -lasn1" 4399 AC_CHECK_LIB([roken], [net_write], 4400 [K5LIBS="$K5LIBS -lroken"]) 4401 AC_CHECK_LIB([des], [des_cbc_encrypt], 4402 [K5LIBS="$K5LIBS -ldes"]) 4403 ], [ AC_MSG_RESULT([no]) 4404 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4405 ]) 4406 AC_SEARCH_LIBS([dn_expand], [resolv]) 4407 4408 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4409 [ AC_DEFINE([GSSAPI]) 4410 GSSLIBS="-lgssapi_krb5" ], 4411 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4412 [ AC_DEFINE([GSSAPI]) 4413 GSSLIBS="-lgssapi" ], 4414 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4415 [ AC_DEFINE([GSSAPI]) 4416 GSSLIBS="-lgss" ], 4417 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4418 ]) 4419 ]) 4420 4421 AC_CHECK_HEADER([gssapi.h], , 4422 [ unset ac_cv_header_gssapi_h 4423 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4424 AC_CHECK_HEADERS([gssapi.h], , 4425 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4426 ) 4427 ] 4428 ) 4429 4430 oldCPP="$CPPFLAGS" 4431 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4432 AC_CHECK_HEADER([gssapi_krb5.h], , 4433 [ CPPFLAGS="$oldCPP" ]) 4434 4435 fi 4436 if test ! -z "$need_dash_r" ; then 4437 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" 4438 fi 4439 if test ! -z "$blibpath" ; then 4440 blibpath="$blibpath:${KRB5ROOT}/lib" 4441 fi 4442 4443 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4444 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4445 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4446 4447 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4448 [Define this if you want to use libkafs' AFS support])]) 4449 4450 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4451#ifdef HAVE_GSSAPI_H 4452# include <gssapi.h> 4453#elif defined(HAVE_GSSAPI_GSSAPI_H) 4454# include <gssapi/gssapi.h> 4455#endif 4456 4457#ifdef HAVE_GSSAPI_GENERIC_H 4458# include <gssapi_generic.h> 4459#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4460# include <gssapi/gssapi_generic.h> 4461#endif 4462 ]]) 4463 saved_LIBS="$LIBS" 4464 LIBS="$LIBS $K5LIBS" 4465 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4466 LIBS="$saved_LIBS" 4467 4468 fi 4469 ] 4470) 4471AC_SUBST([GSSLIBS]) 4472AC_SUBST([K5LIBS]) 4473 4474# Looking for programs, paths and files 4475 4476PRIVSEP_PATH=/var/empty 4477AC_ARG_WITH([privsep-path], 4478 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4479 [ 4480 if test -n "$withval" && test "x$withval" != "xno" && \ 4481 test "x${withval}" != "xyes"; then 4482 PRIVSEP_PATH=$withval 4483 fi 4484 ] 4485) 4486AC_SUBST([PRIVSEP_PATH]) 4487 4488AC_ARG_WITH([xauth], 4489 [ --with-xauth=PATH Specify path to xauth program ], 4490 [ 4491 if test -n "$withval" && test "x$withval" != "xno" && \ 4492 test "x${withval}" != "xyes"; then 4493 xauth_path=$withval 4494 fi 4495 ], 4496 [ 4497 TestPath="$PATH" 4498 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4499 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4500 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4501 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4502 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4503 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4504 xauth_path="/usr/openwin/bin/xauth" 4505 fi 4506 ] 4507) 4508 4509STRIP_OPT=-s 4510AC_ARG_ENABLE([strip], 4511 [ --disable-strip Disable calling strip(1) on install], 4512 [ 4513 if test "x$enableval" = "xno" ; then 4514 STRIP_OPT= 4515 fi 4516 ] 4517) 4518AC_SUBST([STRIP_OPT]) 4519 4520if test -z "$xauth_path" ; then 4521 XAUTH_PATH="undefined" 4522 AC_SUBST([XAUTH_PATH]) 4523else 4524 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4525 [Define if xauth is found in your path]) 4526 XAUTH_PATH=$xauth_path 4527 AC_SUBST([XAUTH_PATH]) 4528fi 4529 4530dnl # --with-maildir=/path/to/mail gets top priority. 4531dnl # if maildir is set in the platform case statement above we use that. 4532dnl # Otherwise we run a program to get the dir from system headers. 4533dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4534dnl # If we find _PATH_MAILDIR we do nothing because that is what 4535dnl # session.c expects anyway. Otherwise we set to the value found 4536dnl # stripping any trailing slash. If for some strage reason our program 4537dnl # does not find what it needs, we default to /var/spool/mail. 4538# Check for mail directory 4539AC_ARG_WITH([maildir], 4540 [ --with-maildir=/path/to/mail Specify your system mail directory], 4541 [ 4542 if test "X$withval" != X && test "x$withval" != xno && \ 4543 test "x${withval}" != xyes; then 4544 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4545 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4546 fi 4547 ],[ 4548 if test "X$maildir" != "X"; then 4549 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4550 else 4551 AC_MSG_CHECKING([Discovering system mail directory]) 4552 AC_RUN_IFELSE( 4553 [AC_LANG_PROGRAM([[ 4554#include <stdio.h> 4555#include <string.h> 4556#ifdef HAVE_PATHS_H 4557#include <paths.h> 4558#endif 4559#ifdef HAVE_MAILLOCK_H 4560#include <maillock.h> 4561#endif 4562#define DATA "conftest.maildir" 4563 ]], [[ 4564 FILE *fd; 4565 int rc; 4566 4567 fd = fopen(DATA,"w"); 4568 if(fd == NULL) 4569 exit(1); 4570 4571#if defined (_PATH_MAILDIR) 4572 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4573 exit(1); 4574#elif defined (MAILDIR) 4575 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4576 exit(1); 4577#elif defined (_PATH_MAIL) 4578 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4579 exit(1); 4580#else 4581 exit (2); 4582#endif 4583 4584 exit(0); 4585 ]])], 4586 [ 4587 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4588 maildir=`awk -F: '{print $2}' conftest.maildir \ 4589 | sed 's|/$||'` 4590 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4591 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4592 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4593 fi 4594 ], 4595 [ 4596 if test "X$ac_status" = "X2";then 4597# our test program didn't find it. Default to /var/spool/mail 4598 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4599 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4600 else 4601 AC_MSG_RESULT([*** not found ***]) 4602 fi 4603 ], 4604 [ 4605 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4606 ] 4607 ) 4608 fi 4609 ] 4610) # maildir 4611 4612if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4613 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4614 disable_ptmx_check=yes 4615fi 4616if test -z "$no_dev_ptmx" ; then 4617 if test "x$disable_ptmx_check" != "xyes" ; then 4618 AC_CHECK_FILE(["/dev/ptmx"], 4619 [ 4620 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4621 [Define if you have /dev/ptmx]) 4622 have_dev_ptmx=1 4623 ] 4624 ) 4625 fi 4626fi 4627 4628if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4629 AC_CHECK_FILE(["/dev/ptc"], 4630 [ 4631 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4632 [Define if you have /dev/ptc]) 4633 have_dev_ptc=1 4634 ] 4635 ) 4636else 4637 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4638fi 4639 4640# Options from here on. Some of these are preset by platform above 4641AC_ARG_WITH([mantype], 4642 [ --with-mantype=man|cat|doc Set man page type], 4643 [ 4644 case "$withval" in 4645 man|cat|doc) 4646 MANTYPE=$withval 4647 ;; 4648 *) 4649 AC_MSG_ERROR([invalid man type: $withval]) 4650 ;; 4651 esac 4652 ] 4653) 4654if test -z "$MANTYPE"; then 4655 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" 4656 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath]) 4657 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4658 MANTYPE=doc 4659 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4660 MANTYPE=man 4661 else 4662 MANTYPE=cat 4663 fi 4664fi 4665AC_SUBST([MANTYPE]) 4666if test "$MANTYPE" = "doc"; then 4667 mansubdir=man; 4668else 4669 mansubdir=$MANTYPE; 4670fi 4671AC_SUBST([mansubdir]) 4672 4673# Check whether to enable MD5 passwords 4674MD5_MSG="no" 4675AC_ARG_WITH([md5-passwords], 4676 [ --with-md5-passwords Enable use of MD5 passwords], 4677 [ 4678 if test "x$withval" != "xno" ; then 4679 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4680 [Define if you want to allow MD5 passwords]) 4681 MD5_MSG="yes" 4682 fi 4683 ] 4684) 4685 4686# Whether to disable shadow password support 4687AC_ARG_WITH([shadow], 4688 [ --without-shadow Disable shadow password support], 4689 [ 4690 if test "x$withval" = "xno" ; then 4691 AC_DEFINE([DISABLE_SHADOW]) 4692 disable_shadow=yes 4693 fi 4694 ] 4695) 4696 4697if test -z "$disable_shadow" ; then 4698 AC_MSG_CHECKING([if the systems has expire shadow information]) 4699 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4700#include <sys/types.h> 4701#include <shadow.h> 4702struct spwd sp; 4703 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4704 [ sp_expire_available=yes ], [ 4705 ]) 4706 4707 if test "x$sp_expire_available" = "xyes" ; then 4708 AC_MSG_RESULT([yes]) 4709 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4710 [Define if you want to use shadow password expire field]) 4711 else 4712 AC_MSG_RESULT([no]) 4713 fi 4714fi 4715 4716# Use ip address instead of hostname in $DISPLAY 4717if test ! -z "$IPADDR_IN_DISPLAY" ; then 4718 DISPLAY_HACK_MSG="yes" 4719 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4720 [Define if you need to use IP address 4721 instead of hostname in $DISPLAY]) 4722else 4723 DISPLAY_HACK_MSG="no" 4724 AC_ARG_WITH([ipaddr-display], 4725 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 4726 [ 4727 if test "x$withval" != "xno" ; then 4728 AC_DEFINE([IPADDR_IN_DISPLAY]) 4729 DISPLAY_HACK_MSG="yes" 4730 fi 4731 ] 4732 ) 4733fi 4734 4735# check for /etc/default/login and use it if present. 4736AC_ARG_ENABLE([etc-default-login], 4737 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4738 [ if test "x$enableval" = "xno"; then 4739 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4740 etc_default_login=no 4741 else 4742 etc_default_login=yes 4743 fi ], 4744 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4745 then 4746 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4747 etc_default_login=no 4748 else 4749 etc_default_login=yes 4750 fi ] 4751) 4752 4753if test "x$etc_default_login" != "xno"; then 4754 AC_CHECK_FILE(["/etc/default/login"], 4755 [ external_path_file=/etc/default/login ]) 4756 if test "x$external_path_file" = "x/etc/default/login"; then 4757 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4758 [Define if your system has /etc/default/login]) 4759 fi 4760fi 4761 4762dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4763if test $ac_cv_func_login_getcapbool = "yes" && \ 4764 test $ac_cv_header_login_cap_h = "yes" ; then 4765 external_path_file=/etc/login.conf 4766fi 4767 4768# Whether to mess with the default path 4769SERVER_PATH_MSG="(default)" 4770AC_ARG_WITH([default-path], 4771 [ --with-default-path= Specify default $PATH environment for server], 4772 [ 4773 if test "x$external_path_file" = "x/etc/login.conf" ; then 4774 AC_MSG_WARN([ 4775--with-default-path=PATH has no effect on this system. 4776Edit /etc/login.conf instead.]) 4777 elif test "x$withval" != "xno" ; then 4778 if test ! -z "$external_path_file" ; then 4779 AC_MSG_WARN([ 4780--with-default-path=PATH will only be used if PATH is not defined in 4781$external_path_file .]) 4782 fi 4783 user_path="$withval" 4784 SERVER_PATH_MSG="$withval" 4785 fi 4786 ], 4787 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 4788 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 4789 else 4790 if test ! -z "$external_path_file" ; then 4791 AC_MSG_WARN([ 4792If PATH is defined in $external_path_file, ensure the path to scp is included, 4793otherwise scp will not work.]) 4794 fi 4795 AC_RUN_IFELSE( 4796 [AC_LANG_PROGRAM([[ 4797/* find out what STDPATH is */ 4798#include <stdio.h> 4799#ifdef HAVE_PATHS_H 4800# include <paths.h> 4801#endif 4802#ifndef _PATH_STDPATH 4803# ifdef _PATH_USERPATH /* Irix */ 4804# define _PATH_STDPATH _PATH_USERPATH 4805# else 4806# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 4807# endif 4808#endif 4809#include <sys/types.h> 4810#include <sys/stat.h> 4811#include <fcntl.h> 4812#define DATA "conftest.stdpath" 4813 ]], [[ 4814 FILE *fd; 4815 int rc; 4816 4817 fd = fopen(DATA,"w"); 4818 if(fd == NULL) 4819 exit(1); 4820 4821 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 4822 exit(1); 4823 4824 exit(0); 4825 ]])], 4826 [ user_path=`cat conftest.stdpath` ], 4827 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 4828 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 4829 ) 4830# make sure $bindir is in USER_PATH so scp will work 4831 t_bindir="${bindir}" 4832 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 4833 t_bindir=`eval echo ${t_bindir}` 4834 case $t_bindir in 4835 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 4836 esac 4837 case $t_bindir in 4838 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 4839 esac 4840 done 4841 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 4842 if test $? -ne 0 ; then 4843 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 4844 if test $? -ne 0 ; then 4845 user_path=$user_path:$t_bindir 4846 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 4847 fi 4848 fi 4849 fi ] 4850) 4851if test "x$external_path_file" != "x/etc/login.conf" ; then 4852 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 4853 AC_SUBST([user_path]) 4854fi 4855 4856# Set superuser path separately to user path 4857AC_ARG_WITH([superuser-path], 4858 [ --with-superuser-path= Specify different path for super-user], 4859 [ 4860 if test -n "$withval" && test "x$withval" != "xno" && \ 4861 test "x${withval}" != "xyes"; then 4862 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 4863 [Define if you want a different $PATH 4864 for the superuser]) 4865 superuser_path=$withval 4866 fi 4867 ] 4868) 4869 4870 4871AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 4872IPV4_IN6_HACK_MSG="no" 4873AC_ARG_WITH(4in6, 4874 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 4875 [ 4876 if test "x$withval" != "xno" ; then 4877 AC_MSG_RESULT([yes]) 4878 AC_DEFINE([IPV4_IN_IPV6], [1], 4879 [Detect IPv4 in IPv6 mapped addresses 4880 and treat as IPv4]) 4881 IPV4_IN6_HACK_MSG="yes" 4882 else 4883 AC_MSG_RESULT([no]) 4884 fi 4885 ], [ 4886 if test "x$inet6_default_4in6" = "xyes"; then 4887 AC_MSG_RESULT([yes (default)]) 4888 AC_DEFINE([IPV4_IN_IPV6]) 4889 IPV4_IN6_HACK_MSG="yes" 4890 else 4891 AC_MSG_RESULT([no (default)]) 4892 fi 4893 ] 4894) 4895 4896# Whether to enable BSD auth support 4897BSD_AUTH_MSG=no 4898AC_ARG_WITH([bsd-auth], 4899 [ --with-bsd-auth Enable BSD auth support], 4900 [ 4901 if test "x$withval" != "xno" ; then 4902 AC_DEFINE([BSD_AUTH], [1], 4903 [Define if you have BSD auth support]) 4904 BSD_AUTH_MSG=yes 4905 fi 4906 ] 4907) 4908 4909# Where to place sshd.pid 4910piddir=/var/run 4911# make sure the directory exists 4912if test ! -d $piddir ; then 4913 piddir=`eval echo ${sysconfdir}` 4914 case $piddir in 4915 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 4916 esac 4917fi 4918 4919AC_ARG_WITH([pid-dir], 4920 [ --with-pid-dir=PATH Specify location of sshd.pid file], 4921 [ 4922 if test -n "$withval" && test "x$withval" != "xno" && \ 4923 test "x${withval}" != "xyes"; then 4924 piddir=$withval 4925 if test ! -d $piddir ; then 4926 AC_MSG_WARN([** no $piddir directory on this system **]) 4927 fi 4928 fi 4929 ] 4930) 4931 4932AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 4933 [Specify location of ssh.pid]) 4934AC_SUBST([piddir]) 4935 4936dnl allow user to disable some login recording features 4937AC_ARG_ENABLE([lastlog], 4938 [ --disable-lastlog disable use of lastlog even if detected [no]], 4939 [ 4940 if test "x$enableval" = "xno" ; then 4941 AC_DEFINE([DISABLE_LASTLOG]) 4942 fi 4943 ] 4944) 4945AC_ARG_ENABLE([utmp], 4946 [ --disable-utmp disable use of utmp even if detected [no]], 4947 [ 4948 if test "x$enableval" = "xno" ; then 4949 AC_DEFINE([DISABLE_UTMP]) 4950 fi 4951 ] 4952) 4953AC_ARG_ENABLE([utmpx], 4954 [ --disable-utmpx disable use of utmpx even if detected [no]], 4955 [ 4956 if test "x$enableval" = "xno" ; then 4957 AC_DEFINE([DISABLE_UTMPX], [1], 4958 [Define if you don't want to use utmpx]) 4959 fi 4960 ] 4961) 4962AC_ARG_ENABLE([wtmp], 4963 [ --disable-wtmp disable use of wtmp even if detected [no]], 4964 [ 4965 if test "x$enableval" = "xno" ; then 4966 AC_DEFINE([DISABLE_WTMP]) 4967 fi 4968 ] 4969) 4970AC_ARG_ENABLE([wtmpx], 4971 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 4972 [ 4973 if test "x$enableval" = "xno" ; then 4974 AC_DEFINE([DISABLE_WTMPX], [1], 4975 [Define if you don't want to use wtmpx]) 4976 fi 4977 ] 4978) 4979AC_ARG_ENABLE([libutil], 4980 [ --disable-libutil disable use of libutil (login() etc.) [no]], 4981 [ 4982 if test "x$enableval" = "xno" ; then 4983 AC_DEFINE([DISABLE_LOGIN]) 4984 fi 4985 ] 4986) 4987AC_ARG_ENABLE([pututline], 4988 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 4989 [ 4990 if test "x$enableval" = "xno" ; then 4991 AC_DEFINE([DISABLE_PUTUTLINE], [1], 4992 [Define if you don't want to use pututline() 4993 etc. to write [uw]tmp]) 4994 fi 4995 ] 4996) 4997AC_ARG_ENABLE([pututxline], 4998 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 4999 [ 5000 if test "x$enableval" = "xno" ; then 5001 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5002 [Define if you don't want to use pututxline() 5003 etc. to write [uw]tmpx]) 5004 fi 5005 ] 5006) 5007AC_ARG_WITH([lastlog], 5008 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5009 [ 5010 if test "x$withval" = "xno" ; then 5011 AC_DEFINE([DISABLE_LASTLOG]) 5012 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5013 conf_lastlog_location=$withval 5014 fi 5015 ] 5016) 5017 5018dnl lastlog, [uw]tmpx? detection 5019dnl NOTE: set the paths in the platform section to avoid the 5020dnl need for command-line parameters 5021dnl lastlog and [uw]tmp are subject to a file search if all else fails 5022 5023dnl lastlog detection 5024dnl NOTE: the code itself will detect if lastlog is a directory 5025AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5026AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5027#include <sys/types.h> 5028#include <utmp.h> 5029#ifdef HAVE_LASTLOG_H 5030# include <lastlog.h> 5031#endif 5032#ifdef HAVE_PATHS_H 5033# include <paths.h> 5034#endif 5035#ifdef HAVE_LOGIN_H 5036# include <login.h> 5037#endif 5038 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5039 [ AC_MSG_RESULT([yes]) ], 5040 [ 5041 AC_MSG_RESULT([no]) 5042 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5043 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5044#include <sys/types.h> 5045#include <utmp.h> 5046#ifdef HAVE_LASTLOG_H 5047# include <lastlog.h> 5048#endif 5049#ifdef HAVE_PATHS_H 5050# include <paths.h> 5051#endif 5052 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5053 [ AC_MSG_RESULT([yes]) ], 5054 [ 5055 AC_MSG_RESULT([no]) 5056 system_lastlog_path=no 5057 ]) 5058]) 5059 5060if test -z "$conf_lastlog_location"; then 5061 if test x"$system_lastlog_path" = x"no" ; then 5062 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5063 if (test -d "$f" || test -f "$f") ; then 5064 conf_lastlog_location=$f 5065 fi 5066 done 5067 if test -z "$conf_lastlog_location"; then 5068 AC_MSG_WARN([** Cannot find lastlog **]) 5069 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5070 fi 5071 fi 5072fi 5073 5074if test -n "$conf_lastlog_location"; then 5075 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5076 [Define if you want to specify the path to your lastlog file]) 5077fi 5078 5079dnl utmp detection 5080AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5081AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5082#include <sys/types.h> 5083#include <utmp.h> 5084#ifdef HAVE_PATHS_H 5085# include <paths.h> 5086#endif 5087 ]], [[ char *utmp = UTMP_FILE; ]])], 5088 [ AC_MSG_RESULT([yes]) ], 5089 [ AC_MSG_RESULT([no]) 5090 system_utmp_path=no 5091]) 5092if test -z "$conf_utmp_location"; then 5093 if test x"$system_utmp_path" = x"no" ; then 5094 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5095 if test -f $f ; then 5096 conf_utmp_location=$f 5097 fi 5098 done 5099 if test -z "$conf_utmp_location"; then 5100 AC_DEFINE([DISABLE_UTMP]) 5101 fi 5102 fi 5103fi 5104if test -n "$conf_utmp_location"; then 5105 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5106 [Define if you want to specify the path to your utmp file]) 5107fi 5108 5109dnl wtmp detection 5110AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5111AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5112#include <sys/types.h> 5113#include <utmp.h> 5114#ifdef HAVE_PATHS_H 5115# include <paths.h> 5116#endif 5117 ]], [[ char *wtmp = WTMP_FILE; ]])], 5118 [ AC_MSG_RESULT([yes]) ], 5119 [ AC_MSG_RESULT([no]) 5120 system_wtmp_path=no 5121]) 5122if test -z "$conf_wtmp_location"; then 5123 if test x"$system_wtmp_path" = x"no" ; then 5124 for f in /usr/adm/wtmp /var/log/wtmp; do 5125 if test -f $f ; then 5126 conf_wtmp_location=$f 5127 fi 5128 done 5129 if test -z "$conf_wtmp_location"; then 5130 AC_DEFINE([DISABLE_WTMP]) 5131 fi 5132 fi 5133fi 5134if test -n "$conf_wtmp_location"; then 5135 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5136 [Define if you want to specify the path to your wtmp file]) 5137fi 5138 5139dnl wtmpx detection 5140AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5141AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5142#include <sys/types.h> 5143#include <utmp.h> 5144#ifdef HAVE_UTMPX_H 5145#include <utmpx.h> 5146#endif 5147#ifdef HAVE_PATHS_H 5148# include <paths.h> 5149#endif 5150 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5151 [ AC_MSG_RESULT([yes]) ], 5152 [ AC_MSG_RESULT([no]) 5153 system_wtmpx_path=no 5154]) 5155if test -z "$conf_wtmpx_location"; then 5156 if test x"$system_wtmpx_path" = x"no" ; then 5157 AC_DEFINE([DISABLE_WTMPX]) 5158 fi 5159else 5160 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5161 [Define if you want to specify the path to your wtmpx file]) 5162fi 5163 5164 5165if test ! -z "$blibpath" ; then 5166 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5167 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5168fi 5169 5170AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5171 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5172 AC_DEFINE([DISABLE_LASTLOG]) 5173 fi 5174 ], [ 5175#ifdef HAVE_SYS_TYPES_H 5176#include <sys/types.h> 5177#endif 5178#ifdef HAVE_UTMP_H 5179#include <utmp.h> 5180#endif 5181#ifdef HAVE_UTMPX_H 5182#include <utmpx.h> 5183#endif 5184#ifdef HAVE_LASTLOG_H 5185#include <lastlog.h> 5186#endif 5187 ]) 5188 5189AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5190 AC_DEFINE([DISABLE_UTMP]) 5191 AC_DEFINE([DISABLE_WTMP]) 5192 ], [ 5193#ifdef HAVE_SYS_TYPES_H 5194#include <sys/types.h> 5195#endif 5196#ifdef HAVE_UTMP_H 5197#include <utmp.h> 5198#endif 5199#ifdef HAVE_UTMPX_H 5200#include <utmpx.h> 5201#endif 5202#ifdef HAVE_LASTLOG_H 5203#include <lastlog.h> 5204#endif 5205 ]) 5206 5207dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5208dnl Add now. 5209CFLAGS="$CFLAGS $werror_flags" 5210 5211if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5212 TEST_SSH_IPV6=no 5213else 5214 TEST_SSH_IPV6=yes 5215fi 5216AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5217AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5218AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5219AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5220AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5221AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5222 5223CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5224LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5225 5226AC_EXEEXT 5227AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5228 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5229 survey.sh]) 5230AC_OUTPUT 5231 5232# Print summary of options 5233 5234# Someone please show me a better way :) 5235A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5236B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5237C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5238D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5239E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5240F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5241G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5242H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5243I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5244J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5245 5246echo "" 5247echo "OpenSSH has been configured with the following options:" 5248echo " User binaries: $B" 5249echo " System binaries: $C" 5250echo " Configuration files: $D" 5251echo " Askpass program: $E" 5252echo " Manual pages: $F" 5253echo " PID file: $G" 5254echo " Privilege separation chroot path: $H" 5255if test "x$external_path_file" = "x/etc/login.conf" ; then 5256echo " At runtime, sshd will use the path defined in $external_path_file" 5257echo " Make sure the path to scp is present, otherwise scp will not work" 5258else 5259echo " sshd default user PATH: $I" 5260 if test ! -z "$external_path_file"; then 5261echo " (If PATH is set in $external_path_file it will be used instead. If" 5262echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5263 fi 5264fi 5265if test ! -z "$superuser_path" ; then 5266echo " sshd superuser user PATH: $J" 5267fi 5268echo " Manpage format: $MANTYPE" 5269echo " PAM support: $PAM_MSG" 5270echo " OSF SIA support: $SIA_MSG" 5271echo " KerberosV support: $KRB5_MSG" 5272echo " SELinux support: $SELINUX_MSG" 5273echo " S/KEY support: $SKEY_MSG" 5274echo " TCP Wrappers support: $TCPW_MSG" 5275echo " MD5 password support: $MD5_MSG" 5276echo " libedit support: $LIBEDIT_MSG" 5277echo " libldns support: $LDNS_MSG" 5278echo " Solaris process contract support: $SPC_MSG" 5279echo " Solaris project support: $SP_MSG" 5280echo " Solaris privilege support: $SPP_MSG" 5281echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5282echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5283echo " BSD Auth support: $BSD_AUTH_MSG" 5284echo " Random number source: $RAND_MSG" 5285echo " Privsep sandbox style: $SANDBOX_STYLE" 5286 5287echo "" 5288 5289echo " Host: ${host}" 5290echo " Compiler: ${CC}" 5291echo " Compiler flags: ${CFLAGS}" 5292echo "Preprocessor flags: ${CPPFLAGS}" 5293echo " Linker flags: ${LDFLAGS}" 5294echo " Libraries: ${LIBS}" 5295if test ! -z "${SSHDLIBS}"; then 5296echo " +for sshd: ${SSHDLIBS}" 5297fi 5298if test ! -z "${SSHLIBS}"; then 5299echo " +for ssh: ${SSHLIBS}" 5300fi 5301 5302echo "" 5303 5304if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5305 echo "SVR4 style packages are supported with \"make package\"" 5306 echo "" 5307fi 5308 5309if test "x$PAM_MSG" = "xyes" ; then 5310 echo "PAM is enabled. You may need to install a PAM control file " 5311 echo "for sshd, otherwise password authentication may fail. " 5312 echo "Example PAM control files can be found in the contrib/ " 5313 echo "subdirectory" 5314 echo "" 5315fi 5316 5317if test ! -z "$NO_PEERCHECK" ; then 5318 echo "WARNING: the operating system that you are using does not" 5319 echo "appear to support getpeereid(), getpeerucred() or the" 5320 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5321 echo "enforce security checks to prevent unauthorised connections to" 5322 echo "ssh-agent. Their absence increases the risk that a malicious" 5323 echo "user can connect to your agent." 5324 echo "" 5325fi 5326 5327if test "$AUDIT_MODULE" = "bsm" ; then 5328 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5329 echo "See the Solaris section in README.platform for details." 5330fi 5331