configure.ac revision 294693
1# $Id: configure.ac,v 1.571 2014/02/21 17:09:34 tim Exp $ 2# $FreeBSD: stable/10/crypto/openssh/configure.ac 294693 2016-01-24 22:28:18Z des $ 3# 4# Copyright (c) 1999-2004 Damien Miller 5# 6# Permission to use, copy, modify, and distribute this software for any 7# purpose with or without fee is hereby granted, provided that the above 8# copyright notice and this permission notice appear in all copies. 9# 10# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 19AC_REVISION($Revision: 1.571 $) 20AC_CONFIG_SRCDIR([ssh.c]) 21AC_LANG([C]) 22 23AC_CONFIG_HEADER([config.h]) 24AC_PROG_CC 25AC_CANONICAL_HOST 26AC_C_BIGENDIAN 27 28# Checks for programs. 29AC_PROG_AWK 30AC_PROG_CPP 31AC_PROG_RANLIB 32AC_PROG_INSTALL 33AC_PROG_EGREP 34AC_PATH_PROG([AR], [ar]) 35AC_PATH_PROG([CAT], [cat]) 36AC_PATH_PROG([KILL], [kill]) 37AC_PATH_PROGS([PERL], [perl5 perl]) 38AC_PATH_PROG([SED], [sed]) 39AC_SUBST([PERL]) 40AC_PATH_PROG([ENT], [ent]) 41AC_SUBST([ENT]) 42AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 43AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 44AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 45AC_PATH_PROG([SH], [sh]) 46AC_PATH_PROG([GROFF], [groff]) 47AC_PATH_PROG([NROFF], [nroff]) 48AC_PATH_PROG([MANDOC], [mandoc]) 49AC_SUBST([TEST_SHELL], [sh]) 50 51dnl select manpage formatter 52if test "x$MANDOC" != "x" ; then 53 MANFMT="$MANDOC" 54elif test "x$NROFF" != "x" ; then 55 MANFMT="$NROFF -mandoc" 56elif test "x$GROFF" != "x" ; then 57 MANFMT="$GROFF -mandoc -Tascii" 58else 59 AC_MSG_WARN([no manpage formatted found]) 60 MANFMT="false" 61fi 62AC_SUBST([MANFMT]) 63 64dnl for buildpkg.sh 65AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 66 [/usr/sbin${PATH_SEPARATOR}/etc]) 67AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 68 [/usr/sbin${PATH_SEPARATOR}/etc]) 69AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 70if test -x /sbin/sh; then 71 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 72else 73 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 74fi 75 76# System features 77AC_SYS_LARGEFILE 78 79if test -z "$AR" ; then 80 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 81fi 82 83# Use LOGIN_PROGRAM from environment if possible 84if test ! -z "$LOGIN_PROGRAM" ; then 85 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"], 86 [If your header files don't define LOGIN_PROGRAM, 87 then use this (detected) from environment and PATH]) 88else 89 # Search for login 90 AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login]) 91 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then 92 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"]) 93 fi 94fi 95 96AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 97if test ! -z "$PATH_PASSWD_PROG" ; then 98 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 99 [Full path of your "passwd" program]) 100fi 101 102if test -z "$LD" ; then 103 LD=$CC 104fi 105AC_SUBST([LD]) 106 107AC_C_INLINE 108 109AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 110AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 111 #include <sys/types.h> 112 #include <sys/param.h> 113 #include <dev/systrace.h> 114]) 115AC_CHECK_DECL([RLIMIT_NPROC], 116 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 117 #include <sys/types.h> 118 #include <sys/resource.h> 119]) 120AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 121 #include <sys/types.h> 122 #include <linux/prctl.h> 123]) 124 125use_stack_protector=1 126use_toolchain_hardening=1 127AC_ARG_WITH([stackprotect], 128 [ --without-stackprotect Don't use compiler's stack protection], [ 129 if test "x$withval" = "xno"; then 130 use_stack_protector=0 131 fi ]) 132AC_ARG_WITH([hardening], 133 [ --without-hardening Don't use toolchain hardening flags], [ 134 if test "x$withval" = "xno"; then 135 use_toolchain_hardening=0 136 fi ]) 137 138# We use -Werror for the tests only so that we catch warnings like "this is 139# on by default" for things like -fPIE. 140AC_MSG_CHECKING([if $CC supports -Werror]) 141saved_CFLAGS="$CFLAGS" 142CFLAGS="$CFLAGS -Werror" 143AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 144 [ AC_MSG_RESULT([yes]) 145 WERROR="-Werror"], 146 [ AC_MSG_RESULT([no]) 147 WERROR="" ] 148) 149CFLAGS="$saved_CFLAGS" 150 151if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 152 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 153 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 154 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 155 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 156 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 157 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 158 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 159 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 160 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 161 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 162 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 163 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 164 if test "x$use_toolchain_hardening" = "x1"; then 165 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 166 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 167 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 168 # NB. -ftrapv expects certain support functions to be present in 169 # the compiler library (libgcc or similar) to detect integer operations 170 # that can overflow. We must check that the result of enabling it 171 # actually links. The test program compiled/linked includes a number 172 # of integer operations that should exercise this. 173 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 174 fi 175 AC_MSG_CHECKING([gcc version]) 176 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 177 case $GCC_VER in 178 1.*) no_attrib_nonnull=1 ;; 179 2.8* | 2.9*) 180 no_attrib_nonnull=1 181 ;; 182 2.*) no_attrib_nonnull=1 ;; 183 *) ;; 184 esac 185 AC_MSG_RESULT([$GCC_VER]) 186 187 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 188 saved_CFLAGS="$CFLAGS" 189 CFLAGS="$CFLAGS -fno-builtin-memset" 190 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 191 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 192 [ AC_MSG_RESULT([yes]) ], 193 [ AC_MSG_RESULT([no]) 194 CFLAGS="$saved_CFLAGS" ] 195 ) 196 197 # -fstack-protector-all doesn't always work for some GCC versions 198 # and/or platforms, so we test if we can. If it's not supported 199 # on a given platform gcc will emit a warning so we use -Werror. 200 if test "x$use_stack_protector" = "x1"; then 201 for t in -fstack-protector-strong -fstack-protector-all \ 202 -fstack-protector; do 203 AC_MSG_CHECKING([if $CC supports $t]) 204 saved_CFLAGS="$CFLAGS" 205 saved_LDFLAGS="$LDFLAGS" 206 CFLAGS="$CFLAGS $t -Werror" 207 LDFLAGS="$LDFLAGS $t -Werror" 208 AC_LINK_IFELSE( 209 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 210 [[ 211 char x[256]; 212 snprintf(x, sizeof(x), "XXX"); 213 ]])], 214 [ AC_MSG_RESULT([yes]) 215 CFLAGS="$saved_CFLAGS $t" 216 LDFLAGS="$saved_LDFLAGS $t" 217 AC_MSG_CHECKING([if $t works]) 218 AC_RUN_IFELSE( 219 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 220 [[ 221 char x[256]; 222 snprintf(x, sizeof(x), "XXX"); 223 ]])], 224 [ AC_MSG_RESULT([yes]) 225 break ], 226 [ AC_MSG_RESULT([no]) ], 227 [ AC_MSG_WARN([cross compiling: cannot test]) 228 break ] 229 ) 230 ], 231 [ AC_MSG_RESULT([no]) ] 232 ) 233 CFLAGS="$saved_CFLAGS" 234 LDFLAGS="$saved_LDFLAGS" 235 done 236 fi 237 238 if test -z "$have_llong_max"; then 239 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 240 unset ac_cv_have_decl_LLONG_MAX 241 saved_CFLAGS="$CFLAGS" 242 CFLAGS="$CFLAGS -std=gnu99" 243 AC_CHECK_DECL([LLONG_MAX], 244 [have_llong_max=1], 245 [CFLAGS="$saved_CFLAGS"], 246 [#include <limits.h>] 247 ) 248 fi 249fi 250 251AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 252AC_COMPILE_IFELSE( 253 [AC_LANG_PROGRAM([[ 254#include <stdlib.h> 255__attribute__((__unused__)) static void foo(void){return;}]], 256 [[ exit(0); ]])], 257 [ AC_MSG_RESULT([yes]) ], 258 [ AC_MSG_RESULT([no]) 259 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 260 [compiler does not accept __attribute__ on return types]) ] 261) 262 263if test "x$no_attrib_nonnull" != "x1" ; then 264 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 265fi 266 267AC_ARG_WITH([rpath], 268 [ --without-rpath Disable auto-added -R linker paths], 269 [ 270 if test "x$withval" = "xno" ; then 271 need_dash_r="" 272 fi 273 if test "x$withval" = "xyes" ; then 274 need_dash_r=1 275 fi 276 ] 277) 278 279# Allow user to specify flags 280AC_ARG_WITH([cflags], 281 [ --with-cflags Specify additional flags to pass to compiler], 282 [ 283 if test -n "$withval" && test "x$withval" != "xno" && \ 284 test "x${withval}" != "xyes"; then 285 CFLAGS="$CFLAGS $withval" 286 fi 287 ] 288) 289AC_ARG_WITH([cppflags], 290 [ --with-cppflags Specify additional flags to pass to preprocessor] , 291 [ 292 if test -n "$withval" && test "x$withval" != "xno" && \ 293 test "x${withval}" != "xyes"; then 294 CPPFLAGS="$CPPFLAGS $withval" 295 fi 296 ] 297) 298AC_ARG_WITH([ldflags], 299 [ --with-ldflags Specify additional flags to pass to linker], 300 [ 301 if test -n "$withval" && test "x$withval" != "xno" && \ 302 test "x${withval}" != "xyes"; then 303 LDFLAGS="$LDFLAGS $withval" 304 fi 305 ] 306) 307AC_ARG_WITH([libs], 308 [ --with-libs Specify additional libraries to link with], 309 [ 310 if test -n "$withval" && test "x$withval" != "xno" && \ 311 test "x${withval}" != "xyes"; then 312 LIBS="$LIBS $withval" 313 fi 314 ] 315) 316AC_ARG_WITH([Werror], 317 [ --with-Werror Build main code with -Werror], 318 [ 319 if test -n "$withval" && test "x$withval" != "xno"; then 320 werror_flags="-Werror" 321 if test "x${withval}" != "xyes"; then 322 werror_flags="$withval" 323 fi 324 fi 325 ] 326) 327 328AC_CHECK_HEADERS([ \ 329 blf.h \ 330 bstring.h \ 331 crypt.h \ 332 crypto/sha2.h \ 333 dirent.h \ 334 endian.h \ 335 elf.h \ 336 features.h \ 337 fcntl.h \ 338 floatingpoint.h \ 339 getopt.h \ 340 glob.h \ 341 ia.h \ 342 iaf.h \ 343 inttypes.h \ 344 limits.h \ 345 locale.h \ 346 login.h \ 347 maillock.h \ 348 ndir.h \ 349 net/if_tun.h \ 350 netdb.h \ 351 netgroup.h \ 352 pam/pam_appl.h \ 353 paths.h \ 354 poll.h \ 355 pty.h \ 356 readpassphrase.h \ 357 rpc/types.h \ 358 security/pam_appl.h \ 359 sha2.h \ 360 shadow.h \ 361 stddef.h \ 362 stdint.h \ 363 string.h \ 364 strings.h \ 365 sys/audit.h \ 366 sys/bitypes.h \ 367 sys/bsdtty.h \ 368 sys/capability.h \ 369 sys/cdefs.h \ 370 sys/dir.h \ 371 sys/mman.h \ 372 sys/ndir.h \ 373 sys/poll.h \ 374 sys/prctl.h \ 375 sys/pstat.h \ 376 sys/select.h \ 377 sys/stat.h \ 378 sys/stream.h \ 379 sys/stropts.h \ 380 sys/strtio.h \ 381 sys/statvfs.h \ 382 sys/sysmacros.h \ 383 sys/time.h \ 384 sys/timers.h \ 385 time.h \ 386 tmpdir.h \ 387 ttyent.h \ 388 ucred.h \ 389 unistd.h \ 390 usersec.h \ 391 util.h \ 392 utime.h \ 393 utmp.h \ 394 utmpx.h \ 395 vis.h \ 396]) 397 398# lastlog.h requires sys/time.h to be included first on Solaris 399AC_CHECK_HEADERS([lastlog.h], [], [], [ 400#ifdef HAVE_SYS_TIME_H 401# include <sys/time.h> 402#endif 403]) 404 405# sys/ptms.h requires sys/stream.h to be included first on Solaris 406AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 407#ifdef HAVE_SYS_STREAM_H 408# include <sys/stream.h> 409#endif 410]) 411 412# login_cap.h requires sys/types.h on NetBSD 413AC_CHECK_HEADERS([login_cap.h], [], [], [ 414#include <sys/types.h> 415]) 416 417# older BSDs need sys/param.h before sys/mount.h 418AC_CHECK_HEADERS([sys/mount.h], [], [], [ 419#include <sys/param.h> 420]) 421 422# Android requires sys/socket.h to be included before sys/un.h 423AC_CHECK_HEADERS([sys/un.h], [], [], [ 424#include <sys/types.h> 425#include <sys/socket.h> 426]) 427 428# Messages for features tested for in target-specific section 429SIA_MSG="no" 430SPC_MSG="no" 431SP_MSG="no" 432 433# Check for some target-specific stuff 434case "$host" in 435*-*-aix*) 436 # Some versions of VAC won't allow macro redefinitions at 437 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 438 # particularly with older versions of vac or xlc. 439 # It also throws errors about null macro argments, but these are 440 # not fatal. 441 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 442 AC_COMPILE_IFELSE( 443 [AC_LANG_PROGRAM([[ 444#define testmacro foo 445#define testmacro bar]], 446 [[ exit(0); ]])], 447 [ AC_MSG_RESULT([yes]) ], 448 [ AC_MSG_RESULT([no]) 449 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 450 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`" 451 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 452 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 453 ] 454 ) 455 456 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 457 if (test -z "$blibpath"); then 458 blibpath="/usr/lib:/lib" 459 fi 460 saved_LDFLAGS="$LDFLAGS" 461 if test "$GCC" = "yes"; then 462 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 463 else 464 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 465 fi 466 for tryflags in $flags ;do 467 if (test -z "$blibflags"); then 468 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 469 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 470 [blibflags=$tryflags], []) 471 fi 472 done 473 if (test -z "$blibflags"); then 474 AC_MSG_RESULT([not found]) 475 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 476 else 477 AC_MSG_RESULT([$blibflags]) 478 fi 479 LDFLAGS="$saved_LDFLAGS" 480 dnl Check for authenticate. Might be in libs.a on older AIXes 481 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 482 [Define if you want to enable AIX4's authenticate function])], 483 [AC_CHECK_LIB([s], [authenticate], 484 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 485 LIBS="$LIBS -ls" 486 ]) 487 ]) 488 dnl Check for various auth function declarations in headers. 489 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 490 passwdexpired, setauthdb], , , [#include <usersec.h>]) 491 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 492 AC_CHECK_DECLS([loginfailed], 493 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 494 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 495 [[ (void)loginfailed("user","host","tty",0); ]])], 496 [AC_MSG_RESULT([yes]) 497 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 498 [Define if your AIX loginfailed() function 499 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 500 ])], 501 [], 502 [#include <usersec.h>] 503 ) 504 AC_CHECK_FUNCS([getgrset setauthdb]) 505 AC_CHECK_DECL([F_CLOSEM], 506 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 507 [], 508 [ #include <limits.h> 509 #include <fcntl.h> ] 510 ) 511 check_for_aix_broken_getaddrinfo=1 512 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.]) 513 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 514 [Define if your platform breaks doing a seteuid before a setuid]) 515 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 516 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 517 dnl AIX handles lastlog as part of its login message 518 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 519 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 520 [Some systems need a utmpx entry for /bin/login to work]) 521 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 522 [Define to a Set Process Title type if your system is 523 supported by bsd-setproctitle.c]) 524 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 525 [AIX 5.2 and 5.3 (and presumably newer) require this]) 526 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 527 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 528 ;; 529*-*-android*) 530 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 531 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 532 ;; 533*-*-cygwin*) 534 check_for_libcrypt_later=1 535 LIBS="$LIBS /usr/lib/textreadmode.o" 536 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 537 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 538 AC_DEFINE([DISABLE_SHADOW], [1], 539 [Define if you want to disable shadow passwords]) 540 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 541 [Define if X11 doesn't support AF_UNIX sockets on that system]) 542 AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1], 543 [Define if the concept of ports only accessible to 544 superusers isn't known]) 545 AC_DEFINE([DISABLE_FD_PASSING], [1], 546 [Define if your platform needs to skip post auth 547 file descriptor passing]) 548 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 549 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 550 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 551 # reasons which cause compile warnings, so we disable those warnings. 552 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 553 ;; 554*-*-dgux*) 555 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 556 [Define if your system choked on IP TOS setting]) 557 AC_DEFINE([SETEUID_BREAKS_SETUID]) 558 AC_DEFINE([BROKEN_SETREUID]) 559 AC_DEFINE([BROKEN_SETREGID]) 560 ;; 561*-*-darwin*) 562 use_pie=auto 563 AC_MSG_CHECKING([if we have working getaddrinfo]) 564 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h> 565main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 566 exit(0); 567 else 568 exit(1); 569} 570 ]])], 571 [AC_MSG_RESULT([working])], 572 [AC_MSG_RESULT([buggy]) 573 AC_DEFINE([BROKEN_GETADDRINFO], [1], 574 [getaddrinfo is broken (if present)]) 575 ], 576 [AC_MSG_RESULT([assume it is working])]) 577 AC_DEFINE([SETEUID_BREAKS_SETUID]) 578 AC_DEFINE([BROKEN_SETREUID]) 579 AC_DEFINE([BROKEN_SETREGID]) 580 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 581 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 582 [Define if your resolver libs need this for getrrsetbyname]) 583 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 584 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 585 [Use tunnel device compatibility to OpenBSD]) 586 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 587 [Prepend the address family to IP tunnel traffic]) 588 m4_pattern_allow([AU_IPv]) 589 AC_CHECK_DECL([AU_IPv4], [], 590 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 591 [#include <bsm/audit.h>] 592 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 593 [Define if pututxline updates lastlog too]) 594 ) 595 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 596 [Define to a Set Process Title type if your system is 597 supported by bsd-setproctitle.c]) 598 AC_CHECK_FUNCS([sandbox_init]) 599 AC_CHECK_HEADERS([sandbox.h]) 600 ;; 601*-*-dragonfly*) 602 SSHDLIBS="$SSHDLIBS -lcrypt" 603 TEST_MALLOC_OPTIONS="AFGJPRX" 604 ;; 605*-*-haiku*) 606 LIBS="$LIBS -lbsd " 607 AC_CHECK_LIB([network], [socket]) 608 AC_DEFINE([HAVE_U_INT64_T]) 609 MANTYPE=man 610 ;; 611*-*-hpux*) 612 # first we define all of the options common to all HP-UX releases 613 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 614 IPADDR_IN_DISPLAY=yes 615 AC_DEFINE([USE_PIPES]) 616 AC_DEFINE([LOGIN_NO_ENDOPT], [1], 617 [Define if your login program cannot handle end of options ("--")]) 618 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 619 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 620 [String used in /etc/passwd to denote locked account]) 621 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 622 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 623 maildir="/var/mail" 624 LIBS="$LIBS -lsec" 625 AC_CHECK_LIB([xnet], [t_error], , 626 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 627 628 # next, we define all of the options specific to major releases 629 case "$host" in 630 *-*-hpux10*) 631 if test -z "$GCC"; then 632 CFLAGS="$CFLAGS -Ae" 633 fi 634 ;; 635 *-*-hpux11*) 636 AC_DEFINE([PAM_SUN_CODEBASE], [1], 637 [Define if you are using Solaris-derived PAM which 638 passes pam_messages to the conversation function 639 with an extra level of indirection]) 640 AC_DEFINE([DISABLE_UTMP], [1], 641 [Define if you don't want to use utmp]) 642 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 643 check_for_hpux_broken_getaddrinfo=1 644 check_for_conflicting_getspnam=1 645 ;; 646 esac 647 648 # lastly, we define options specific to minor releases 649 case "$host" in 650 *-*-hpux10.26) 651 AC_DEFINE([HAVE_SECUREWARE], [1], 652 [Define if you have SecureWare-based 653 protected password database]) 654 disable_ptmx_check=yes 655 LIBS="$LIBS -lsecpw" 656 ;; 657 esac 658 ;; 659*-*-irix5*) 660 PATH="$PATH:/usr/etc" 661 AC_DEFINE([BROKEN_INET_NTOA], [1], 662 [Define if you system's inet_ntoa is busted 663 (e.g. Irix gcc issue)]) 664 AC_DEFINE([SETEUID_BREAKS_SETUID]) 665 AC_DEFINE([BROKEN_SETREUID]) 666 AC_DEFINE([BROKEN_SETREGID]) 667 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 668 [Define if you shouldn't strip 'tty' from your 669 ttyname in [uw]tmp]) 670 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 671 ;; 672*-*-irix6*) 673 PATH="$PATH:/usr/etc" 674 AC_DEFINE([WITH_IRIX_ARRAY], [1], 675 [Define if you have/want arrays 676 (cluster-wide session managment, not C arrays)]) 677 AC_DEFINE([WITH_IRIX_PROJECT], [1], 678 [Define if you want IRIX project management]) 679 AC_DEFINE([WITH_IRIX_AUDIT], [1], 680 [Define if you want IRIX audit trails]) 681 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 682 [Define if you want IRIX kernel jobs])]) 683 AC_DEFINE([BROKEN_INET_NTOA]) 684 AC_DEFINE([SETEUID_BREAKS_SETUID]) 685 AC_DEFINE([BROKEN_SETREUID]) 686 AC_DEFINE([BROKEN_SETREGID]) 687 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 688 AC_DEFINE([WITH_ABBREV_NO_TTY]) 689 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 690 ;; 691*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 692 check_for_libcrypt_later=1 693 AC_DEFINE([PAM_TTY_KLUDGE]) 694 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 695 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 696 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 697 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 698 ;; 699*-*-linux*) 700 no_dev_ptmx=1 701 use_pie=auto 702 check_for_libcrypt_later=1 703 check_for_openpty_ctty_bug=1 704 AC_DEFINE([PAM_TTY_KLUDGE], [1], 705 [Work around problematic Linux PAM modules handling of PAM_TTY]) 706 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 707 [String used in /etc/passwd to denote locked account]) 708 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 709 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 710 [Define to whatever link() returns for "not supported" 711 if it doesn't return EOPNOTSUPP.]) 712 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 713 AC_DEFINE([USE_BTMP]) 714 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 715 inet6_default_4in6=yes 716 case `uname -r` in 717 1.*|2.0.*) 718 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 719 [Define if cmsg_type is not passed correctly]) 720 ;; 721 esac 722 # tun(4) forwarding compat code 723 AC_CHECK_HEADERS([linux/if_tun.h]) 724 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 725 AC_DEFINE([SSH_TUN_LINUX], [1], 726 [Open tunnel devices the Linux tun/tap way]) 727 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 728 [Use tunnel device compatibility to OpenBSD]) 729 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 730 [Prepend the address family to IP tunnel traffic]) 731 fi 732 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 733 [], [#include <linux/types.h>]) 734 AC_CHECK_FUNCS([prctl]) 735 AC_MSG_CHECKING([for seccomp architecture]) 736 seccomp_audit_arch= 737 case "$host" in 738 x86_64-*) 739 seccomp_audit_arch=AUDIT_ARCH_X86_64 740 ;; 741 i*86-*) 742 seccomp_audit_arch=AUDIT_ARCH_I386 743 ;; 744 arm*-*) 745 seccomp_audit_arch=AUDIT_ARCH_ARM 746 ;; 747 esac 748 if test "x$seccomp_audit_arch" != "x" ; then 749 AC_MSG_RESULT(["$seccomp_audit_arch"]) 750 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 751 [Specify the system call convention in use]) 752 else 753 AC_MSG_RESULT([architecture not supported]) 754 fi 755 ;; 756mips-sony-bsd|mips-sony-newsos4) 757 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 758 SONY=1 759 ;; 760*-*-netbsd*) 761 check_for_libcrypt_before=1 762 if test "x$withval" != "xno" ; then 763 need_dash_r=1 764 fi 765 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 766 AC_CHECK_HEADER([net/if_tap.h], , 767 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 768 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 769 [Prepend the address family to IP tunnel traffic]) 770 TEST_MALLOC_OPTIONS="AJRX" 771 AC_DEFINE([BROKEN_STRNVIS], [1], 772 [NetBSD strnvis argument order is swapped compared to OpenBSD]) 773 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 774 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 775 ;; 776*-*-freebsd*) 777 check_for_libcrypt_later=1 778 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 779 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 780 AC_CHECK_HEADER([net/if_tap.h], , 781 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 782 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 783 AC_DEFINE([BROKEN_STRNVIS], [1], 784 [FreeBSD strnvis argument order is swapped compared to OpenBSD]) 785 TEST_MALLOC_OPTIONS="AJRX" 786 # Preauth crypto occasionally uses file descriptors for crypto offload 787 # and will crash if they cannot be opened. 788 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 789 [define if setrlimit RLIMIT_NOFILE breaks things]) 790 ;; 791*-*-bsdi*) 792 AC_DEFINE([SETEUID_BREAKS_SETUID]) 793 AC_DEFINE([BROKEN_SETREUID]) 794 AC_DEFINE([BROKEN_SETREGID]) 795 ;; 796*-next-*) 797 conf_lastlog_location="/usr/adm/lastlog" 798 conf_utmp_location=/etc/utmp 799 conf_wtmp_location=/usr/adm/wtmp 800 maildir=/usr/spool/mail 801 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 802 AC_DEFINE([BROKEN_REALPATH]) 803 AC_DEFINE([USE_PIPES]) 804 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 805 ;; 806*-*-openbsd*) 807 use_pie=auto 808 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 809 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 810 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 811 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 812 [syslog_r function is safe to use in in a signal handler]) 813 TEST_MALLOC_OPTIONS="AFGJPRX" 814 ;; 815*-*-solaris*) 816 if test "x$withval" != "xno" ; then 817 need_dash_r=1 818 fi 819 AC_DEFINE([PAM_SUN_CODEBASE]) 820 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 821 AC_DEFINE([LOGIN_NEEDS_TERM], [1], 822 [Some versions of /bin/login need the TERM supplied 823 on the commandline]) 824 AC_DEFINE([PAM_TTY_KLUDGE]) 825 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 826 [Define if pam_chauthtok wants real uid set 827 to the unpriv'ed user]) 828 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 829 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 830 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 831 [Define if sshd somehow reacquires a controlling TTY 832 after setsid()]) 833 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 834 in case the name is longer than 8 chars]) 835 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 836 external_path_file=/etc/default/login 837 # hardwire lastlog location (can't detect it on some versions) 838 conf_lastlog_location="/var/adm/lastlog" 839 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 840 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 841 if test "$sol2ver" -ge 8; then 842 AC_MSG_RESULT([yes]) 843 AC_DEFINE([DISABLE_UTMP]) 844 AC_DEFINE([DISABLE_WTMP], [1], 845 [Define if you don't want to use wtmp]) 846 else 847 AC_MSG_RESULT([no]) 848 fi 849 AC_ARG_WITH([solaris-contracts], 850 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 851 [ 852 AC_CHECK_LIB([contract], [ct_tmpl_activate], 853 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 854 [Define if you have Solaris process contracts]) 855 SSHDLIBS="$SSHDLIBS -lcontract" 856 SPC_MSG="yes" ], ) 857 ], 858 ) 859 AC_ARG_WITH([solaris-projects], 860 [ --with-solaris-projects Enable Solaris projects (experimental)], 861 [ 862 AC_CHECK_LIB([project], [setproject], 863 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 864 [Define if you have Solaris projects]) 865 SSHDLIBS="$SSHDLIBS -lproject" 866 SP_MSG="yes" ], ) 867 ], 868 ) 869 TEST_SHELL=$SHELL # let configure find us a capable shell 870 ;; 871*-*-sunos4*) 872 CPPFLAGS="$CPPFLAGS -DSUNOS4" 873 AC_CHECK_FUNCS([getpwanam]) 874 AC_DEFINE([PAM_SUN_CODEBASE]) 875 conf_utmp_location=/etc/utmp 876 conf_wtmp_location=/var/adm/wtmp 877 conf_lastlog_location=/var/adm/lastlog 878 AC_DEFINE([USE_PIPES]) 879 ;; 880*-ncr-sysv*) 881 LIBS="$LIBS -lc89" 882 AC_DEFINE([USE_PIPES]) 883 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 884 AC_DEFINE([SETEUID_BREAKS_SETUID]) 885 AC_DEFINE([BROKEN_SETREUID]) 886 AC_DEFINE([BROKEN_SETREGID]) 887 ;; 888*-sni-sysv*) 889 # /usr/ucblib MUST NOT be searched on ReliantUNIX 890 AC_CHECK_LIB([dl], [dlsym], ,) 891 # -lresolv needs to be at the end of LIBS or DNS lookups break 892 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 893 IPADDR_IN_DISPLAY=yes 894 AC_DEFINE([USE_PIPES]) 895 AC_DEFINE([IP_TOS_IS_BROKEN]) 896 AC_DEFINE([SETEUID_BREAKS_SETUID]) 897 AC_DEFINE([BROKEN_SETREUID]) 898 AC_DEFINE([BROKEN_SETREGID]) 899 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 900 external_path_file=/etc/default/login 901 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 902 # Attention: always take care to bind libsocket and libnsl before libc, 903 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 904 ;; 905# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 906*-*-sysv4.2*) 907 AC_DEFINE([USE_PIPES]) 908 AC_DEFINE([SETEUID_BREAKS_SETUID]) 909 AC_DEFINE([BROKEN_SETREUID]) 910 AC_DEFINE([BROKEN_SETREGID]) 911 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 912 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 913 TEST_SHELL=$SHELL # let configure find us a capable shell 914 ;; 915# UnixWare 7.x, OpenUNIX 8 916*-*-sysv5*) 917 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 918 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 919 AC_DEFINE([USE_PIPES]) 920 AC_DEFINE([SETEUID_BREAKS_SETUID]) 921 AC_DEFINE([BROKEN_GETADDRINFO]) 922 AC_DEFINE([BROKEN_SETREUID]) 923 AC_DEFINE([BROKEN_SETREGID]) 924 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 925 TEST_SHELL=$SHELL # let configure find us a capable shell 926 case "$host" in 927 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 928 maildir=/var/spool/mail 929 AC_DEFINE([BROKEN_LIBIAF], [1], 930 [ia_uinfo routines not supported by OS yet]) 931 AC_DEFINE([BROKEN_UPDWTMPX]) 932 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 933 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 934 AC_DEFINE([HAVE_SECUREWARE]) 935 AC_DEFINE([DISABLE_SHADOW]) 936 ], , ) 937 ;; 938 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 939 check_for_libcrypt_later=1 940 ;; 941 esac 942 ;; 943*-*-sysv*) 944 ;; 945# SCO UNIX and OEM versions of SCO UNIX 946*-*-sco3.2v4*) 947 AC_MSG_ERROR("This Platform is no longer supported.") 948 ;; 949# SCO OpenServer 5.x 950*-*-sco3.2v5*) 951 if test -z "$GCC"; then 952 CFLAGS="$CFLAGS -belf" 953 fi 954 LIBS="$LIBS -lprot -lx -ltinfo -lm" 955 no_dev_ptmx=1 956 AC_DEFINE([USE_PIPES]) 957 AC_DEFINE([HAVE_SECUREWARE]) 958 AC_DEFINE([DISABLE_SHADOW]) 959 AC_DEFINE([DISABLE_FD_PASSING]) 960 AC_DEFINE([SETEUID_BREAKS_SETUID]) 961 AC_DEFINE([BROKEN_GETADDRINFO]) 962 AC_DEFINE([BROKEN_SETREUID]) 963 AC_DEFINE([BROKEN_SETREGID]) 964 AC_DEFINE([WITH_ABBREV_NO_TTY]) 965 AC_DEFINE([BROKEN_UPDWTMPX]) 966 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 967 AC_CHECK_FUNCS([getluid setluid]) 968 MANTYPE=man 969 TEST_SHELL=$SHELL # let configure find us a capable shell 970 SKIP_DISABLE_LASTLOG_DEFINE=yes 971 ;; 972*-*-unicosmk*) 973 AC_DEFINE([NO_SSH_LASTLOG], [1], 974 [Define if you don't want to use lastlog in session.c]) 975 AC_DEFINE([SETEUID_BREAKS_SETUID]) 976 AC_DEFINE([BROKEN_SETREUID]) 977 AC_DEFINE([BROKEN_SETREGID]) 978 AC_DEFINE([USE_PIPES]) 979 AC_DEFINE([DISABLE_FD_PASSING]) 980 LDFLAGS="$LDFLAGS" 981 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" 982 MANTYPE=cat 983 ;; 984*-*-unicosmp*) 985 AC_DEFINE([SETEUID_BREAKS_SETUID]) 986 AC_DEFINE([BROKEN_SETREUID]) 987 AC_DEFINE([BROKEN_SETREGID]) 988 AC_DEFINE([WITH_ABBREV_NO_TTY]) 989 AC_DEFINE([USE_PIPES]) 990 AC_DEFINE([DISABLE_FD_PASSING]) 991 LDFLAGS="$LDFLAGS" 992 LIBS="$LIBS -lgen -lacid -ldb" 993 MANTYPE=cat 994 ;; 995*-*-unicos*) 996 AC_DEFINE([SETEUID_BREAKS_SETUID]) 997 AC_DEFINE([BROKEN_SETREUID]) 998 AC_DEFINE([BROKEN_SETREGID]) 999 AC_DEFINE([USE_PIPES]) 1000 AC_DEFINE([DISABLE_FD_PASSING]) 1001 AC_DEFINE([NO_SSH_LASTLOG]) 1002 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" 1003 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" 1004 MANTYPE=cat 1005 ;; 1006*-dec-osf*) 1007 AC_MSG_CHECKING([for Digital Unix SIA]) 1008 no_osfsia="" 1009 AC_ARG_WITH([osfsia], 1010 [ --with-osfsia Enable Digital Unix SIA], 1011 [ 1012 if test "x$withval" = "xno" ; then 1013 AC_MSG_RESULT([disabled]) 1014 no_osfsia=1 1015 fi 1016 ], 1017 ) 1018 if test -z "$no_osfsia" ; then 1019 if test -f /etc/sia/matrix.conf; then 1020 AC_MSG_RESULT([yes]) 1021 AC_DEFINE([HAVE_OSF_SIA], [1], 1022 [Define if you have Digital Unix Security 1023 Integration Architecture]) 1024 AC_DEFINE([DISABLE_LOGIN], [1], 1025 [Define if you don't want to use your 1026 system's login() call]) 1027 AC_DEFINE([DISABLE_FD_PASSING]) 1028 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1029 SIA_MSG="yes" 1030 else 1031 AC_MSG_RESULT([no]) 1032 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1033 [String used in /etc/passwd to denote locked account]) 1034 fi 1035 fi 1036 AC_DEFINE([BROKEN_GETADDRINFO]) 1037 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1038 AC_DEFINE([BROKEN_SETREUID]) 1039 AC_DEFINE([BROKEN_SETREGID]) 1040 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1041 ;; 1042 1043*-*-nto-qnx*) 1044 AC_DEFINE([USE_PIPES]) 1045 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1046 AC_DEFINE([DISABLE_LASTLOG]) 1047 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1048 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1049 enable_etc_default_login=no # has incompatible /etc/default/login 1050 case "$host" in 1051 *-*-nto-qnx6*) 1052 AC_DEFINE([DISABLE_FD_PASSING]) 1053 ;; 1054 esac 1055 ;; 1056 1057*-*-ultrix*) 1058 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1059 AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files]) 1060 AC_DEFINE([NEED_SETPGRP]) 1061 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1062 ;; 1063 1064*-*-lynxos) 1065 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1066 AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation]) 1067 ;; 1068esac 1069 1070AC_MSG_CHECKING([compiler and flags for sanity]) 1071AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], 1072 [ AC_MSG_RESULT([yes]) ], 1073 [ 1074 AC_MSG_RESULT([no]) 1075 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1076 ], 1077 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1078) 1079 1080dnl Checks for header files. 1081# Checks for libraries. 1082AC_CHECK_FUNC([yp_match], , [AC_CHECK_LIB([nsl], [yp_match])]) 1083AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1084 1085dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1086AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1087 AC_CHECK_LIB([gen], [dirname], [ 1088 AC_CACHE_CHECK([for broken dirname], 1089 ac_cv_have_broken_dirname, [ 1090 save_LIBS="$LIBS" 1091 LIBS="$LIBS -lgen" 1092 AC_RUN_IFELSE( 1093 [AC_LANG_SOURCE([[ 1094#include <libgen.h> 1095#include <string.h> 1096 1097int main(int argc, char **argv) { 1098 char *s, buf[32]; 1099 1100 strncpy(buf,"/etc", 32); 1101 s = dirname(buf); 1102 if (!s || strncmp(s, "/", 32) != 0) { 1103 exit(1); 1104 } else { 1105 exit(0); 1106 } 1107} 1108 ]])], 1109 [ ac_cv_have_broken_dirname="no" ], 1110 [ ac_cv_have_broken_dirname="yes" ], 1111 [ ac_cv_have_broken_dirname="no" ], 1112 ) 1113 LIBS="$save_LIBS" 1114 ]) 1115 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1116 LIBS="$LIBS -lgen" 1117 AC_DEFINE([HAVE_DIRNAME]) 1118 AC_CHECK_HEADERS([libgen.h]) 1119 fi 1120 ]) 1121]) 1122 1123AC_CHECK_FUNC([getspnam], , 1124 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1125AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1126 [Define if you have the basename function.])]) 1127 1128dnl zlib is required 1129AC_ARG_WITH([zlib], 1130 [ --with-zlib=PATH Use zlib in PATH], 1131 [ if test "x$withval" = "xno" ; then 1132 AC_MSG_ERROR([*** zlib is required ***]) 1133 elif test "x$withval" != "xyes"; then 1134 if test -d "$withval/lib"; then 1135 if test -n "${need_dash_r}"; then 1136 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1137 else 1138 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1139 fi 1140 else 1141 if test -n "${need_dash_r}"; then 1142 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1143 else 1144 LDFLAGS="-L${withval} ${LDFLAGS}" 1145 fi 1146 fi 1147 if test -d "$withval/include"; then 1148 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1149 else 1150 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1151 fi 1152 fi ] 1153) 1154 1155AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1156AC_CHECK_LIB([z], [deflate], , 1157 [ 1158 saved_CPPFLAGS="$CPPFLAGS" 1159 saved_LDFLAGS="$LDFLAGS" 1160 save_LIBS="$LIBS" 1161 dnl Check default zlib install dir 1162 if test -n "${need_dash_r}"; then 1163 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}" 1164 else 1165 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1166 fi 1167 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1168 LIBS="$LIBS -lz" 1169 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1170 [ 1171 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1172 ] 1173 ) 1174 ] 1175) 1176 1177AC_ARG_WITH([zlib-version-check], 1178 [ --without-zlib-version-check Disable zlib version check], 1179 [ if test "x$withval" = "xno" ; then 1180 zlib_check_nonfatal=1 1181 fi 1182 ] 1183) 1184 1185AC_MSG_CHECKING([for possibly buggy zlib]) 1186AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1187#include <stdio.h> 1188#include <stdlib.h> 1189#include <zlib.h> 1190 ]], 1191 [[ 1192 int a=0, b=0, c=0, d=0, n, v; 1193 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1194 if (n != 3 && n != 4) 1195 exit(1); 1196 v = a*1000000 + b*10000 + c*100 + d; 1197 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1198 1199 /* 1.1.4 is OK */ 1200 if (a == 1 && b == 1 && c >= 4) 1201 exit(0); 1202 1203 /* 1.2.3 and up are OK */ 1204 if (v >= 1020300) 1205 exit(0); 1206 1207 exit(2); 1208 ]])], 1209 AC_MSG_RESULT([no]), 1210 [ AC_MSG_RESULT([yes]) 1211 if test -z "$zlib_check_nonfatal" ; then 1212 AC_MSG_ERROR([*** zlib too old - check config.log *** 1213Your reported zlib version has known security problems. It's possible your 1214vendor has fixed these problems without changing the version number. If you 1215are sure this is the case, you can disable the check by running 1216"./configure --without-zlib-version-check". 1217If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1218See http://www.gzip.org/zlib/ for details.]) 1219 else 1220 AC_MSG_WARN([zlib version may have security problems]) 1221 fi 1222 ], 1223 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1224) 1225 1226dnl UnixWare 2.x 1227AC_CHECK_FUNC([strcasecmp], 1228 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1229) 1230AC_CHECK_FUNCS([utimes], 1231 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1232 LIBS="$LIBS -lc89"]) ] 1233) 1234 1235dnl Checks for libutil functions 1236AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1237AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1238AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1239AC_SEARCH_LIBS([login], [util bsd]) 1240AC_SEARCH_LIBS([logout], [util bsd]) 1241AC_SEARCH_LIBS([logwtmp], [util bsd]) 1242AC_SEARCH_LIBS([openpty], [util bsd]) 1243AC_SEARCH_LIBS([updwtmp], [util bsd]) 1244AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1245 1246# On some platforms, inet_ntop may be found in libresolv or libnsl. 1247AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1248 1249AC_FUNC_STRFTIME 1250 1251# Check for ALTDIRFUNC glob() extension 1252AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1253AC_EGREP_CPP([FOUNDIT], 1254 [ 1255 #include <glob.h> 1256 #ifdef GLOB_ALTDIRFUNC 1257 FOUNDIT 1258 #endif 1259 ], 1260 [ 1261 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1262 [Define if your system glob() function has 1263 the GLOB_ALTDIRFUNC extension]) 1264 AC_MSG_RESULT([yes]) 1265 ], 1266 [ 1267 AC_MSG_RESULT([no]) 1268 ] 1269) 1270 1271# Check for g.gl_matchc glob() extension 1272AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1273AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1274 [[ glob_t g; g.gl_matchc = 1; ]])], 1275 [ 1276 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1277 [Define if your system glob() function has 1278 gl_matchc options in glob_t]) 1279 AC_MSG_RESULT([yes]) 1280 ], [ 1281 AC_MSG_RESULT([no]) 1282]) 1283 1284# Check for g.gl_statv glob() extension 1285AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1286AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1287#ifndef GLOB_KEEPSTAT 1288#error "glob does not support GLOB_KEEPSTAT extension" 1289#endif 1290glob_t g; 1291g.gl_statv = NULL; 1292]])], 1293 [ 1294 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1295 [Define if your system glob() function has 1296 gl_statv options in glob_t]) 1297 AC_MSG_RESULT([yes]) 1298 ], [ 1299 AC_MSG_RESULT([no]) 1300 1301]) 1302 1303AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1304 1305AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1306AC_RUN_IFELSE( 1307 [AC_LANG_PROGRAM([[ 1308#include <sys/types.h> 1309#include <dirent.h>]], 1310 [[ 1311 struct dirent d; 1312 exit(sizeof(d.d_name)<=sizeof(char)); 1313 ]])], 1314 [AC_MSG_RESULT([yes])], 1315 [ 1316 AC_MSG_RESULT([no]) 1317 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1318 [Define if your struct dirent expects you to 1319 allocate extra space for d_name]) 1320 ], 1321 [ 1322 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1323 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1324 ] 1325) 1326 1327AC_MSG_CHECKING([for /proc/pid/fd directory]) 1328if test -d "/proc/$$/fd" ; then 1329 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1330 AC_MSG_RESULT([yes]) 1331else 1332 AC_MSG_RESULT([no]) 1333fi 1334 1335# Check whether user wants S/Key support 1336SKEY_MSG="no" 1337AC_ARG_WITH([skey], 1338 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)], 1339 [ 1340 if test "x$withval" != "xno" ; then 1341 1342 if test "x$withval" != "xyes" ; then 1343 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1344 LDFLAGS="$LDFLAGS -L${withval}/lib" 1345 fi 1346 1347 AC_DEFINE([SKEY], [1], [Define if you want S/Key support]) 1348 LIBS="-lskey $LIBS" 1349 SKEY_MSG="yes" 1350 1351 AC_MSG_CHECKING([for s/key support]) 1352 AC_LINK_IFELSE( 1353 [AC_LANG_PROGRAM([[ 1354#include <stdio.h> 1355#include <skey.h> 1356 ]], [[ 1357 char *ff = skey_keyinfo(""); ff=""; 1358 exit(0); 1359 ]])], 1360 [AC_MSG_RESULT([yes])], 1361 [ 1362 AC_MSG_RESULT([no]) 1363 AC_MSG_ERROR([** Incomplete or missing s/key libraries.]) 1364 ]) 1365 AC_MSG_CHECKING([if skeychallenge takes 4 arguments]) 1366 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1367#include <stdio.h> 1368#include <skey.h> 1369 ]], [[ 1370 (void)skeychallenge(NULL,"name","",0); 1371 ]])], 1372 [ 1373 AC_MSG_RESULT([yes]) 1374 AC_DEFINE([SKEYCHALLENGE_4ARG], [1], 1375 [Define if your skeychallenge() 1376 function takes 4 arguments (NetBSD)])], 1377 [ 1378 AC_MSG_RESULT([no]) 1379 ]) 1380 fi 1381 ] 1382) 1383 1384# Check whether user wants TCP wrappers support 1385TCPW_MSG="no" 1386AC_ARG_WITH([tcp-wrappers], 1387 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1388 [ 1389 if test "x$withval" != "xno" ; then 1390 saved_LIBS="$LIBS" 1391 saved_LDFLAGS="$LDFLAGS" 1392 saved_CPPFLAGS="$CPPFLAGS" 1393 if test -n "${withval}" && \ 1394 test "x${withval}" != "xyes"; then 1395 if test -d "${withval}/lib"; then 1396 if test -n "${need_dash_r}"; then 1397 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1398 else 1399 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1400 fi 1401 else 1402 if test -n "${need_dash_r}"; then 1403 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1404 else 1405 LDFLAGS="-L${withval} ${LDFLAGS}" 1406 fi 1407 fi 1408 if test -d "${withval}/include"; then 1409 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1410 else 1411 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1412 fi 1413 fi 1414 LIBS="-lwrap $LIBS" 1415 AC_MSG_CHECKING([for libwrap]) 1416 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1417#include <sys/types.h> 1418#include <sys/socket.h> 1419#include <netinet/in.h> 1420#include <tcpd.h> 1421int deny_severity = 0, allow_severity = 0; 1422 ]], [[ 1423 hosts_access(0); 1424 ]])], [ 1425 AC_MSG_RESULT([yes]) 1426 AC_DEFINE([LIBWRAP], [1], 1427 [Define if you want 1428 TCP Wrappers support]) 1429 SSHDLIBS="$SSHDLIBS -lwrap" 1430 TCPW_MSG="yes" 1431 ], [ 1432 AC_MSG_ERROR([*** libwrap missing]) 1433 1434 ]) 1435 LIBS="$saved_LIBS" 1436 fi 1437 ] 1438) 1439 1440# Check whether user wants to use ldns 1441LDNS_MSG="no" 1442AC_ARG_WITH(ldns, 1443 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1444 [ 1445 if test "x$withval" != "xno" ; then 1446 1447 if test "x$withval" != "xyes" ; then 1448 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1449 LDFLAGS="$LDFLAGS -L${withval}/lib" 1450 fi 1451 1452 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1453 LIBS="-lldns $LIBS" 1454 LDNS_MSG="yes" 1455 1456 AC_MSG_CHECKING([for ldns support]) 1457 AC_LINK_IFELSE( 1458 [AC_LANG_SOURCE([[ 1459#include <stdio.h> 1460#include <stdlib.h> 1461#include <stdint.h> 1462#include <ldns/ldns.h> 1463int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1464 ]]) 1465 ], 1466 [AC_MSG_RESULT(yes)], 1467 [ 1468 AC_MSG_RESULT(no) 1469 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1470 ]) 1471 fi 1472 ] 1473) 1474 1475# Check whether user wants libedit support 1476LIBEDIT_MSG="no" 1477AC_ARG_WITH([libedit], 1478 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1479 [ if test "x$withval" != "xno" ; then 1480 if test "x$withval" = "xyes" ; then 1481 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1482 if test "x$PKGCONFIG" != "xno"; then 1483 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1484 if "$PKGCONFIG" libedit; then 1485 AC_MSG_RESULT([yes]) 1486 use_pkgconfig_for_libedit=yes 1487 else 1488 AC_MSG_RESULT([no]) 1489 fi 1490 fi 1491 else 1492 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1493 if test -n "${need_dash_r}"; then 1494 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1495 else 1496 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1497 fi 1498 fi 1499 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1500 LIBEDIT=`$PKGCONFIG --libs libedit` 1501 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1502 else 1503 LIBEDIT="-ledit -lcurses" 1504 fi 1505 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1506 AC_CHECK_LIB([edit], [el_init], 1507 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1508 LIBEDIT_MSG="yes" 1509 AC_SUBST([LIBEDIT]) 1510 ], 1511 [ AC_MSG_ERROR([libedit not found]) ], 1512 [ $OTHERLIBS ] 1513 ) 1514 AC_MSG_CHECKING([if libedit version is compatible]) 1515 AC_COMPILE_IFELSE( 1516 [AC_LANG_PROGRAM([[ #include <histedit.h> ]], 1517 [[ 1518 int i = H_SETSIZE; 1519 el_init("", NULL, NULL, NULL); 1520 exit(0); 1521 ]])], 1522 [ AC_MSG_RESULT([yes]) ], 1523 [ AC_MSG_RESULT([no]) 1524 AC_MSG_ERROR([libedit version is not compatible]) ] 1525 ) 1526 fi ] 1527) 1528 1529AUDIT_MODULE=none 1530AC_ARG_WITH([audit], 1531 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1532 [ 1533 AC_MSG_CHECKING([for supported audit module]) 1534 case "$withval" in 1535 bsm) 1536 AC_MSG_RESULT([bsm]) 1537 AUDIT_MODULE=bsm 1538 dnl Checks for headers, libs and functions 1539 AC_CHECK_HEADERS([bsm/audit.h], [], 1540 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1541 [ 1542#ifdef HAVE_TIME_H 1543# include <time.h> 1544#endif 1545 ] 1546) 1547 AC_CHECK_LIB([bsm], [getaudit], [], 1548 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1549 AC_CHECK_FUNCS([getaudit], [], 1550 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1551 # These are optional 1552 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1553 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1554 if test "$sol2ver" -ge 11; then 1555 SSHDLIBS="$SSHDLIBS -lscf" 1556 AC_DEFINE([BROKEN_BSM_API], [1], 1557 [The system has incomplete BSM API]) 1558 fi 1559 ;; 1560 linux) 1561 AC_MSG_RESULT([linux]) 1562 AUDIT_MODULE=linux 1563 dnl Checks for headers, libs and functions 1564 AC_CHECK_HEADERS([libaudit.h]) 1565 SSHDLIBS="$SSHDLIBS -laudit" 1566 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1567 ;; 1568 debug) 1569 AUDIT_MODULE=debug 1570 AC_MSG_RESULT([debug]) 1571 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1572 ;; 1573 no) 1574 AC_MSG_RESULT([no]) 1575 ;; 1576 *) 1577 AC_MSG_ERROR([Unknown audit module $withval]) 1578 ;; 1579 esac ] 1580) 1581 1582AC_ARG_WITH([pie], 1583 [ --with-pie Build Position Independent Executables if possible], [ 1584 if test "x$withval" = "xno"; then 1585 use_pie=no 1586 fi 1587 if test "x$withval" = "xyes"; then 1588 use_pie=yes 1589 fi 1590 ] 1591) 1592if test "x$use_pie" = "x"; then 1593 use_pie=no 1594fi 1595if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1596 # Turn off automatic PIE when toolchain hardening is off. 1597 use_pie=no 1598fi 1599if test "x$use_pie" = "xauto"; then 1600 # Automatic PIE requires gcc >= 4.x 1601 AC_MSG_CHECKING([for gcc >= 4.x]) 1602 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1603#if !defined(__GNUC__) || __GNUC__ < 4 1604#error gcc is too old 1605#endif 1606]])], 1607 [ AC_MSG_RESULT([yes]) ], 1608 [ AC_MSG_RESULT([no]) 1609 use_pie=no ] 1610) 1611fi 1612if test "x$use_pie" != "xno"; then 1613 SAVED_CFLAGS="$CFLAGS" 1614 SAVED_LDFLAGS="$LDFLAGS" 1615 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1616 OSSH_CHECK_LDFLAG_LINK([-pie]) 1617 # We use both -fPIE and -pie or neither. 1618 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1619 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1620 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1621 AC_MSG_RESULT([yes]) 1622 else 1623 AC_MSG_RESULT([no]) 1624 CFLAGS="$SAVED_CFLAGS" 1625 LDFLAGS="$SAVED_LDFLAGS" 1626 fi 1627fi 1628 1629dnl Checks for library functions. Please keep in alphabetical order 1630AC_CHECK_FUNCS([ \ 1631 Blowfish_initstate \ 1632 Blowfish_expandstate \ 1633 Blowfish_expand0state \ 1634 Blowfish_stream2word \ 1635 arc4random \ 1636 arc4random_buf \ 1637 arc4random_stir \ 1638 arc4random_uniform \ 1639 asprintf \ 1640 b64_ntop \ 1641 __b64_ntop \ 1642 b64_pton \ 1643 __b64_pton \ 1644 bcopy \ 1645 bcrypt_pbkdf \ 1646 bindresvport_sa \ 1647 blf_enc \ 1648 cap_rights_limit \ 1649 clock \ 1650 closefrom \ 1651 dirfd \ 1652 endgrent \ 1653 explicit_bzero \ 1654 fchmod \ 1655 fchown \ 1656 freeaddrinfo \ 1657 fstatfs \ 1658 fstatvfs \ 1659 futimes \ 1660 getaddrinfo \ 1661 getcwd \ 1662 getgrouplist \ 1663 getnameinfo \ 1664 getopt \ 1665 getpeereid \ 1666 getpeerucred \ 1667 getpgid \ 1668 getpgrp \ 1669 _getpty \ 1670 getrlimit \ 1671 getttyent \ 1672 glob \ 1673 group_from_gid \ 1674 inet_aton \ 1675 inet_ntoa \ 1676 inet_ntop \ 1677 innetgr \ 1678 login_getcapbool \ 1679 mblen \ 1680 md5_crypt \ 1681 memmove \ 1682 mkdtemp \ 1683 mmap \ 1684 ngetaddrinfo \ 1685 nsleep \ 1686 ogetaddrinfo \ 1687 openlog_r \ 1688 poll \ 1689 prctl \ 1690 pstat \ 1691 readpassphrase \ 1692 realpath \ 1693 recvmsg \ 1694 rresvport_af \ 1695 sendmsg \ 1696 setdtablesize \ 1697 setegid \ 1698 setenv \ 1699 seteuid \ 1700 setgroupent \ 1701 setgroups \ 1702 setlinebuf \ 1703 setlogin \ 1704 setpassent\ 1705 setpcred \ 1706 setproctitle \ 1707 setregid \ 1708 setreuid \ 1709 setrlimit \ 1710 setsid \ 1711 setvbuf \ 1712 sigaction \ 1713 sigvec \ 1714 snprintf \ 1715 socketpair \ 1716 statfs \ 1717 statvfs \ 1718 strdup \ 1719 strerror \ 1720 strlcat \ 1721 strlcpy \ 1722 strmode \ 1723 strnlen \ 1724 strnvis \ 1725 strptime \ 1726 strtonum \ 1727 strtoll \ 1728 strtoul \ 1729 strtoull \ 1730 swap32 \ 1731 sysconf \ 1732 tcgetpgrp \ 1733 timingsafe_bcmp \ 1734 truncate \ 1735 unsetenv \ 1736 updwtmpx \ 1737 user_from_uid \ 1738 usleep \ 1739 vasprintf \ 1740 vhangup \ 1741 vsnprintf \ 1742 waitpid \ 1743]) 1744 1745AC_LINK_IFELSE( 1746 [AC_LANG_PROGRAM( 1747 [[ #include <ctype.h> ]], 1748 [[ return (isblank('a')); ]])], 1749 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1750]) 1751 1752# PKCS#11 support requires dlopen() and co 1753AC_SEARCH_LIBS([dlopen], [dl], 1754 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])] 1755) 1756 1757# IRIX has a const char return value for gai_strerror() 1758AC_CHECK_FUNCS([gai_strerror], [ 1759 AC_DEFINE([HAVE_GAI_STRERROR]) 1760 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1761#include <sys/types.h> 1762#include <sys/socket.h> 1763#include <netdb.h> 1764 1765const char *gai_strerror(int); 1766 ]], [[ 1767 char *str; 1768 str = gai_strerror(0); 1769 ]])], [ 1770 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1771 [Define if gai_strerror() returns const char *])], [])]) 1772 1773AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1774 [Some systems put nanosleep outside of libc])]) 1775 1776AC_SEARCH_LIBS([clock_gettime], [rt], 1777 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1778 1779dnl Make sure prototypes are defined for these before using them. 1780AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])]) 1781AC_CHECK_DECL([strsep], 1782 [AC_CHECK_FUNCS([strsep])], 1783 [], 1784 [ 1785#ifdef HAVE_STRING_H 1786# include <string.h> 1787#endif 1788 ]) 1789 1790dnl tcsendbreak might be a macro 1791AC_CHECK_DECL([tcsendbreak], 1792 [AC_DEFINE([HAVE_TCSENDBREAK])], 1793 [AC_CHECK_FUNCS([tcsendbreak])], 1794 [#include <termios.h>] 1795) 1796 1797AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 1798 1799AC_CHECK_DECLS([SHUT_RD], , , 1800 [ 1801#include <sys/types.h> 1802#include <sys/socket.h> 1803 ]) 1804 1805AC_CHECK_DECLS([O_NONBLOCK], , , 1806 [ 1807#include <sys/types.h> 1808#ifdef HAVE_SYS_STAT_H 1809# include <sys/stat.h> 1810#endif 1811#ifdef HAVE_FCNTL_H 1812# include <fcntl.h> 1813#endif 1814 ]) 1815 1816AC_CHECK_DECLS([writev], , , [ 1817#include <sys/types.h> 1818#include <sys/uio.h> 1819#include <unistd.h> 1820 ]) 1821 1822AC_CHECK_DECLS([MAXSYMLINKS], , , [ 1823#include <sys/param.h> 1824 ]) 1825 1826AC_CHECK_DECLS([offsetof], , , [ 1827#include <stddef.h> 1828 ]) 1829 1830# extra bits for select(2) 1831AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 1832#include <sys/param.h> 1833#include <sys/types.h> 1834#ifdef HAVE_SYS_SYSMACROS_H 1835#include <sys/sysmacros.h> 1836#endif 1837#ifdef HAVE_SYS_SELECT_H 1838#include <sys/select.h> 1839#endif 1840#ifdef HAVE_SYS_TIME_H 1841#include <sys/time.h> 1842#endif 1843#ifdef HAVE_UNISTD_H 1844#include <unistd.h> 1845#endif 1846 ]]) 1847AC_CHECK_TYPES([fd_mask], [], [], [[ 1848#include <sys/param.h> 1849#include <sys/types.h> 1850#ifdef HAVE_SYS_SELECT_H 1851#include <sys/select.h> 1852#endif 1853#ifdef HAVE_SYS_TIME_H 1854#include <sys/time.h> 1855#endif 1856#ifdef HAVE_UNISTD_H 1857#include <unistd.h> 1858#endif 1859 ]]) 1860 1861AC_CHECK_FUNCS([setresuid], [ 1862 dnl Some platorms have setresuid that isn't implemented, test for this 1863 AC_MSG_CHECKING([if setresuid seems to work]) 1864 AC_RUN_IFELSE( 1865 [AC_LANG_PROGRAM([[ 1866#include <stdlib.h> 1867#include <errno.h> 1868 ]], [[ 1869 errno=0; 1870 setresuid(0,0,0); 1871 if (errno==ENOSYS) 1872 exit(1); 1873 else 1874 exit(0); 1875 ]])], 1876 [AC_MSG_RESULT([yes])], 1877 [AC_DEFINE([BROKEN_SETRESUID], [1], 1878 [Define if your setresuid() is broken]) 1879 AC_MSG_RESULT([not implemented])], 1880 [AC_MSG_WARN([cross compiling: not checking setresuid])] 1881 ) 1882]) 1883 1884AC_CHECK_FUNCS([setresgid], [ 1885 dnl Some platorms have setresgid that isn't implemented, test for this 1886 AC_MSG_CHECKING([if setresgid seems to work]) 1887 AC_RUN_IFELSE( 1888 [AC_LANG_PROGRAM([[ 1889#include <stdlib.h> 1890#include <errno.h> 1891 ]], [[ 1892 errno=0; 1893 setresgid(0,0,0); 1894 if (errno==ENOSYS) 1895 exit(1); 1896 else 1897 exit(0); 1898 ]])], 1899 [AC_MSG_RESULT([yes])], 1900 [AC_DEFINE([BROKEN_SETRESGID], [1], 1901 [Define if your setresgid() is broken]) 1902 AC_MSG_RESULT([not implemented])], 1903 [AC_MSG_WARN([cross compiling: not checking setresuid])] 1904 ) 1905]) 1906 1907dnl Checks for time functions 1908AC_CHECK_FUNCS([gettimeofday time]) 1909dnl Checks for utmp functions 1910AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 1911AC_CHECK_FUNCS([utmpname]) 1912dnl Checks for utmpx functions 1913AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 1914AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 1915dnl Checks for lastlog functions 1916AC_CHECK_FUNCS([getlastlogxbyname]) 1917 1918AC_CHECK_FUNC([daemon], 1919 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 1920 [AC_CHECK_LIB([bsd], [daemon], 1921 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 1922) 1923 1924AC_CHECK_FUNC([getpagesize], 1925 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 1926 [Define if your libraries define getpagesize()])], 1927 [AC_CHECK_LIB([ucb], [getpagesize], 1928 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 1929) 1930 1931# Check for broken snprintf 1932if test "x$ac_cv_func_snprintf" = "xyes" ; then 1933 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 1934 AC_RUN_IFELSE( 1935 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 1936 [[ 1937 char b[5]; 1938 snprintf(b,5,"123456789"); 1939 exit(b[4]!='\0'); 1940 ]])], 1941 [AC_MSG_RESULT([yes])], 1942 [ 1943 AC_MSG_RESULT([no]) 1944 AC_DEFINE([BROKEN_SNPRINTF], [1], 1945 [Define if your snprintf is busted]) 1946 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 1947 ], 1948 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 1949 ) 1950fi 1951 1952# If we don't have a working asprintf, then we strongly depend on vsnprintf 1953# returning the right thing on overflow: the number of characters it tried to 1954# create (as per SUSv3) 1955if test "x$ac_cv_func_asprintf" != "xyes" && \ 1956 test "x$ac_cv_func_vsnprintf" = "xyes" ; then 1957 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 1958 AC_RUN_IFELSE( 1959 [AC_LANG_PROGRAM([[ 1960#include <sys/types.h> 1961#include <stdio.h> 1962#include <stdarg.h> 1963 1964int x_snprintf(char *str,size_t count,const char *fmt,...) 1965{ 1966 size_t ret; va_list ap; 1967 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap); 1968 return ret; 1969} 1970 ]], [[ 1971 char x[1]; 1972 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1); 1973 ]])], 1974 [AC_MSG_RESULT([yes])], 1975 [ 1976 AC_MSG_RESULT([no]) 1977 AC_DEFINE([BROKEN_SNPRINTF], [1], 1978 [Define if your snprintf is busted]) 1979 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 1980 ], 1981 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 1982 ) 1983fi 1984 1985# On systems where [v]snprintf is broken, but is declared in stdio, 1986# check that the fmt argument is const char * or just char *. 1987# This is only useful for when BROKEN_SNPRINTF 1988AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 1989AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1990#include <stdio.h> 1991int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 1992 ]], [[ 1993 snprintf(0, 0, 0); 1994 ]])], 1995 [AC_MSG_RESULT([yes]) 1996 AC_DEFINE([SNPRINTF_CONST], [const], 1997 [Define as const if snprintf() can declare const char *fmt])], 1998 [AC_MSG_RESULT([no]) 1999 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2000 2001# Check for missing getpeereid (or equiv) support 2002NO_PEERCHECK="" 2003if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2004 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2005 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2006#include <sys/types.h> 2007#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2008 [ AC_MSG_RESULT([yes]) 2009 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2010 ], [AC_MSG_RESULT([no]) 2011 NO_PEERCHECK=1 2012 ]) 2013fi 2014 2015dnl see whether mkstemp() requires XXXXXX 2016if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 2017AC_MSG_CHECKING([for (overly) strict mkstemp]) 2018AC_RUN_IFELSE( 2019 [AC_LANG_PROGRAM([[ 2020#include <stdlib.h> 2021 ]], [[ 2022 char template[]="conftest.mkstemp-test"; 2023 if (mkstemp(template) == -1) 2024 exit(1); 2025 unlink(template); 2026 exit(0); 2027 ]])], 2028 [ 2029 AC_MSG_RESULT([no]) 2030 ], 2031 [ 2032 AC_MSG_RESULT([yes]) 2033 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) 2034 ], 2035 [ 2036 AC_MSG_RESULT([yes]) 2037 AC_DEFINE([HAVE_STRICT_MKSTEMP]) 2038 ] 2039) 2040fi 2041 2042dnl make sure that openpty does not reacquire controlling terminal 2043if test ! -z "$check_for_openpty_ctty_bug"; then 2044 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2045 AC_RUN_IFELSE( 2046 [AC_LANG_PROGRAM([[ 2047#include <stdio.h> 2048#include <sys/fcntl.h> 2049#include <sys/types.h> 2050#include <sys/wait.h> 2051 ]], [[ 2052 pid_t pid; 2053 int fd, ptyfd, ttyfd, status; 2054 2055 pid = fork(); 2056 if (pid < 0) { /* failed */ 2057 exit(1); 2058 } else if (pid > 0) { /* parent */ 2059 waitpid(pid, &status, 0); 2060 if (WIFEXITED(status)) 2061 exit(WEXITSTATUS(status)); 2062 else 2063 exit(2); 2064 } else { /* child */ 2065 close(0); close(1); close(2); 2066 setsid(); 2067 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2068 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2069 if (fd >= 0) 2070 exit(3); /* Acquired ctty: broken */ 2071 else 2072 exit(0); /* Did not acquire ctty: OK */ 2073 } 2074 ]])], 2075 [ 2076 AC_MSG_RESULT([yes]) 2077 ], 2078 [ 2079 AC_MSG_RESULT([no]) 2080 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2081 ], 2082 [ 2083 AC_MSG_RESULT([cross-compiling, assuming yes]) 2084 ] 2085 ) 2086fi 2087 2088if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2089 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2090 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2091 AC_RUN_IFELSE( 2092 [AC_LANG_PROGRAM([[ 2093#include <stdio.h> 2094#include <sys/socket.h> 2095#include <netdb.h> 2096#include <errno.h> 2097#include <netinet/in.h> 2098 2099#define TEST_PORT "2222" 2100 ]], [[ 2101 int err, sock; 2102 struct addrinfo *gai_ai, *ai, hints; 2103 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2104 2105 memset(&hints, 0, sizeof(hints)); 2106 hints.ai_family = PF_UNSPEC; 2107 hints.ai_socktype = SOCK_STREAM; 2108 hints.ai_flags = AI_PASSIVE; 2109 2110 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2111 if (err != 0) { 2112 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2113 exit(1); 2114 } 2115 2116 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2117 if (ai->ai_family != AF_INET6) 2118 continue; 2119 2120 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2121 sizeof(ntop), strport, sizeof(strport), 2122 NI_NUMERICHOST|NI_NUMERICSERV); 2123 2124 if (err != 0) { 2125 if (err == EAI_SYSTEM) 2126 perror("getnameinfo EAI_SYSTEM"); 2127 else 2128 fprintf(stderr, "getnameinfo failed: %s\n", 2129 gai_strerror(err)); 2130 exit(2); 2131 } 2132 2133 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2134 if (sock < 0) 2135 perror("socket"); 2136 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2137 if (errno == EBADF) 2138 exit(3); 2139 } 2140 } 2141 exit(0); 2142 ]])], 2143 [ 2144 AC_MSG_RESULT([yes]) 2145 ], 2146 [ 2147 AC_MSG_RESULT([no]) 2148 AC_DEFINE([BROKEN_GETADDRINFO]) 2149 ], 2150 [ 2151 AC_MSG_RESULT([cross-compiling, assuming yes]) 2152 ] 2153 ) 2154fi 2155 2156if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2157 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2158 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2159 AC_RUN_IFELSE( 2160 [AC_LANG_PROGRAM([[ 2161#include <stdio.h> 2162#include <sys/socket.h> 2163#include <netdb.h> 2164#include <errno.h> 2165#include <netinet/in.h> 2166 2167#define TEST_PORT "2222" 2168 ]], [[ 2169 int err, sock; 2170 struct addrinfo *gai_ai, *ai, hints; 2171 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2172 2173 memset(&hints, 0, sizeof(hints)); 2174 hints.ai_family = PF_UNSPEC; 2175 hints.ai_socktype = SOCK_STREAM; 2176 hints.ai_flags = AI_PASSIVE; 2177 2178 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2179 if (err != 0) { 2180 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2181 exit(1); 2182 } 2183 2184 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2185 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2186 continue; 2187 2188 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2189 sizeof(ntop), strport, sizeof(strport), 2190 NI_NUMERICHOST|NI_NUMERICSERV); 2191 2192 if (ai->ai_family == AF_INET && err != 0) { 2193 perror("getnameinfo"); 2194 exit(2); 2195 } 2196 } 2197 exit(0); 2198 ]])], 2199 [ 2200 AC_MSG_RESULT([yes]) 2201 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2202 [Define if you have a getaddrinfo that fails 2203 for the all-zeros IPv6 address]) 2204 ], 2205 [ 2206 AC_MSG_RESULT([no]) 2207 AC_DEFINE([BROKEN_GETADDRINFO]) 2208 ], 2209 [ 2210 AC_MSG_RESULT([cross-compiling, assuming no]) 2211 ] 2212 ) 2213fi 2214 2215if test "x$check_for_conflicting_getspnam" = "x1"; then 2216 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2217 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]], 2218 [[ exit(0); ]])], 2219 [ 2220 AC_MSG_RESULT([no]) 2221 ], 2222 [ 2223 AC_MSG_RESULT([yes]) 2224 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2225 [Conflicting defs for getspnam]) 2226 ] 2227 ) 2228fi 2229 2230AC_FUNC_GETPGRP 2231 2232# Search for OpenSSL 2233saved_CPPFLAGS="$CPPFLAGS" 2234saved_LDFLAGS="$LDFLAGS" 2235AC_ARG_WITH([ssl-dir], 2236 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2237 [ 2238 if test "x$withval" != "xno" ; then 2239 case "$withval" in 2240 # Relative paths 2241 ./*|../*) withval="`pwd`/$withval" 2242 esac 2243 if test -d "$withval/lib"; then 2244 if test -n "${need_dash_r}"; then 2245 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 2246 else 2247 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2248 fi 2249 elif test -d "$withval/lib64"; then 2250 if test -n "${need_dash_r}"; then 2251 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}" 2252 else 2253 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2254 fi 2255 else 2256 if test -n "${need_dash_r}"; then 2257 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 2258 else 2259 LDFLAGS="-L${withval} ${LDFLAGS}" 2260 fi 2261 fi 2262 if test -d "$withval/include"; then 2263 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2264 else 2265 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2266 fi 2267 fi 2268 ] 2269) 2270LIBS="-lcrypto $LIBS" 2271AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1], 2272 [Define if your ssl headers are included 2273 with #include <openssl/header.h>])], 2274 [ 2275 dnl Check default openssl install dir 2276 if test -n "${need_dash_r}"; then 2277 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" 2278 else 2279 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" 2280 fi 2281 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" 2282 AC_CHECK_HEADER([openssl/opensslv.h], , 2283 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2284 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])], 2285 [ 2286 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***]) 2287 ] 2288 ) 2289 ] 2290) 2291 2292# Determine OpenSSL header version 2293AC_MSG_CHECKING([OpenSSL header version]) 2294AC_RUN_IFELSE( 2295 [AC_LANG_PROGRAM([[ 2296#include <stdio.h> 2297#include <string.h> 2298#include <openssl/opensslv.h> 2299#define DATA "conftest.sslincver" 2300 ]], [[ 2301 FILE *fd; 2302 int rc; 2303 2304 fd = fopen(DATA,"w"); 2305 if(fd == NULL) 2306 exit(1); 2307 2308 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) 2309 exit(1); 2310 2311 exit(0); 2312 ]])], 2313 [ 2314 ssl_header_ver=`cat conftest.sslincver` 2315 AC_MSG_RESULT([$ssl_header_ver]) 2316 ], 2317 [ 2318 AC_MSG_RESULT([not found]) 2319 AC_MSG_ERROR([OpenSSL version header not found.]) 2320 ], 2321 [ 2322 AC_MSG_WARN([cross compiling: not checking]) 2323 ] 2324) 2325 2326# Determine OpenSSL library version 2327AC_MSG_CHECKING([OpenSSL library version]) 2328AC_RUN_IFELSE( 2329 [AC_LANG_PROGRAM([[ 2330#include <stdio.h> 2331#include <string.h> 2332#include <openssl/opensslv.h> 2333#include <openssl/crypto.h> 2334#define DATA "conftest.ssllibver" 2335 ]], [[ 2336 FILE *fd; 2337 int rc; 2338 2339 fd = fopen(DATA,"w"); 2340 if(fd == NULL) 2341 exit(1); 2342 2343 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0) 2344 exit(1); 2345 2346 exit(0); 2347 ]])], 2348 [ 2349 ssl_library_ver=`cat conftest.ssllibver` 2350 AC_MSG_RESULT([$ssl_library_ver]) 2351 ], 2352 [ 2353 AC_MSG_RESULT([not found]) 2354 AC_MSG_ERROR([OpenSSL library not found.]) 2355 ], 2356 [ 2357 AC_MSG_WARN([cross compiling: not checking]) 2358 ] 2359) 2360 2361AC_ARG_WITH([openssl-header-check], 2362 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2363 [ if test "x$withval" = "xno" ; then 2364 openssl_check_nonfatal=1 2365 fi 2366 ] 2367) 2368 2369# Sanity check OpenSSL headers 2370AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2371AC_RUN_IFELSE( 2372 [AC_LANG_PROGRAM([[ 2373#include <string.h> 2374#include <openssl/opensslv.h> 2375 ]], [[ 2376 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2377 ]])], 2378 [ 2379 AC_MSG_RESULT([yes]) 2380 ], 2381 [ 2382 AC_MSG_RESULT([no]) 2383 if test "x$openssl_check_nonfatal" = "x"; then 2384 AC_MSG_ERROR([Your OpenSSL headers do not match your 2385library. Check config.log for details. 2386If you are sure your installation is consistent, you can disable the check 2387by running "./configure --without-openssl-header-check". 2388Also see contrib/findssl.sh for help identifying header/library mismatches. 2389]) 2390 else 2391 AC_MSG_WARN([Your OpenSSL headers do not match your 2392library. Check config.log for details. 2393Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2394 fi 2395 ], 2396 [ 2397 AC_MSG_WARN([cross compiling: not checking]) 2398 ] 2399) 2400 2401AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2402AC_LINK_IFELSE( 2403 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2404 [[ SSLeay_add_all_algorithms(); ]])], 2405 [ 2406 AC_MSG_RESULT([yes]) 2407 ], 2408 [ 2409 AC_MSG_RESULT([no]) 2410 saved_LIBS="$LIBS" 2411 LIBS="$LIBS -ldl" 2412 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2413 AC_LINK_IFELSE( 2414 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2415 [[ SSLeay_add_all_algorithms(); ]])], 2416 [ 2417 AC_MSG_RESULT([yes]) 2418 ], 2419 [ 2420 AC_MSG_RESULT([no]) 2421 LIBS="$saved_LIBS" 2422 ] 2423 ) 2424 ] 2425) 2426 2427AC_CHECK_FUNCS([ \ 2428 BN_is_prime_ex \ 2429 DSA_generate_parameters_ex \ 2430 EVP_DigestInit_ex \ 2431 EVP_DigestFinal_ex \ 2432 EVP_MD_CTX_init \ 2433 EVP_MD_CTX_cleanup \ 2434 EVP_MD_CTX_copy_ex \ 2435 HMAC_CTX_init \ 2436 RSA_generate_key_ex \ 2437 RSA_get_default_method \ 2438]) 2439 2440AC_ARG_WITH([ssl-engine], 2441 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2442 [ if test "x$withval" != "xno" ; then 2443 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2444 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2445#include <openssl/engine.h> 2446 ]], [[ 2447 ENGINE_load_builtin_engines(); 2448 ENGINE_register_all_complete(); 2449 ]])], 2450 [ AC_MSG_RESULT([yes]) 2451 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2452 [Enable OpenSSL engine support]) 2453 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2454 ]) 2455 fi ] 2456) 2457 2458# Check for OpenSSL without EVP_aes_{192,256}_cbc 2459AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2460AC_LINK_IFELSE( 2461 [AC_LANG_PROGRAM([[ 2462#include <string.h> 2463#include <openssl/evp.h> 2464 ]], [[ 2465 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2466 ]])], 2467 [ 2468 AC_MSG_RESULT([no]) 2469 ], 2470 [ 2471 AC_MSG_RESULT([yes]) 2472 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2473 [libcrypto is missing AES 192 and 256 bit functions]) 2474 ] 2475) 2476 2477# Check for OpenSSL with EVP_aes_*ctr 2478AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2479AC_LINK_IFELSE( 2480 [AC_LANG_PROGRAM([[ 2481#include <string.h> 2482#include <openssl/evp.h> 2483 ]], [[ 2484 exit(EVP_aes_128_ctr() == NULL || 2485 EVP_aes_192_cbc() == NULL || 2486 EVP_aes_256_cbc() == NULL); 2487 ]])], 2488 [ 2489 AC_MSG_RESULT([yes]) 2490 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2491 [libcrypto has EVP AES CTR]) 2492 ], 2493 [ 2494 AC_MSG_RESULT([no]) 2495 ] 2496) 2497 2498# Check for OpenSSL with EVP_aes_*gcm 2499AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2500AC_LINK_IFELSE( 2501 [AC_LANG_PROGRAM([[ 2502#include <string.h> 2503#include <openssl/evp.h> 2504 ]], [[ 2505 exit(EVP_aes_128_gcm() == NULL || 2506 EVP_aes_256_gcm() == NULL || 2507 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2508 EVP_CTRL_GCM_IV_GEN == 0 || 2509 EVP_CTRL_GCM_SET_TAG == 0 || 2510 EVP_CTRL_GCM_GET_TAG == 0 || 2511 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2512 ]])], 2513 [ 2514 AC_MSG_RESULT([yes]) 2515 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2516 [libcrypto has EVP AES GCM]) 2517 ], 2518 [ 2519 AC_MSG_RESULT([no]) 2520 unsupported_algorithms="$unsupported_cipers \ 2521 aes128-gcm@openssh.com aes256-gcm@openssh.com" 2522 ] 2523) 2524 2525AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto], 2526 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1], 2527 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])]) 2528 2529AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2530AC_LINK_IFELSE( 2531 [AC_LANG_PROGRAM([[ 2532#include <string.h> 2533#include <openssl/evp.h> 2534 ]], [[ 2535 if(EVP_DigestUpdate(NULL, NULL,0)) 2536 exit(0); 2537 ]])], 2538 [ 2539 AC_MSG_RESULT([yes]) 2540 ], 2541 [ 2542 AC_MSG_RESULT([no]) 2543 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2544 [Define if EVP_DigestUpdate returns void]) 2545 ] 2546) 2547 2548# Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2549# because the system crypt() is more featureful. 2550if test "x$check_for_libcrypt_before" = "x1"; then 2551 AC_CHECK_LIB([crypt], [crypt]) 2552fi 2553 2554# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2555# version in OpenSSL. 2556if test "x$check_for_libcrypt_later" = "x1"; then 2557 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2558fi 2559AC_CHECK_FUNCS([crypt DES_crypt]) 2560 2561# Search for SHA256 support in libc and/or OpenSSL 2562AC_CHECK_FUNCS([SHA256_Update EVP_sha256], , 2563 [unsupported_algorithms="$unsupported_algorithms \ 2564 hmac-sha2-256 hmac-sha2-512 \ 2565 diffie-hellman-group-exchange-sha256 \ 2566 hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" 2567 ] 2568) 2569 2570# Check complete ECC support in OpenSSL 2571AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 2572AC_LINK_IFELSE( 2573 [AC_LANG_PROGRAM([[ 2574#include <openssl/ec.h> 2575#include <openssl/ecdh.h> 2576#include <openssl/ecdsa.h> 2577#include <openssl/evp.h> 2578#include <openssl/objects.h> 2579#include <openssl/opensslv.h> 2580#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2581# error "OpenSSL < 0.9.8g has unreliable ECC code" 2582#endif 2583 ]], [[ 2584 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 2585 const EVP_MD *m = EVP_sha256(); /* We need this too */ 2586 ]])], 2587 [ AC_MSG_RESULT([yes]) 2588 enable_nistp256=1 ], 2589 [ AC_MSG_RESULT([no]) ] 2590) 2591 2592AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 2593AC_LINK_IFELSE( 2594 [AC_LANG_PROGRAM([[ 2595#include <openssl/ec.h> 2596#include <openssl/ecdh.h> 2597#include <openssl/ecdsa.h> 2598#include <openssl/evp.h> 2599#include <openssl/objects.h> 2600#include <openssl/opensslv.h> 2601#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2602# error "OpenSSL < 0.9.8g has unreliable ECC code" 2603#endif 2604 ]], [[ 2605 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 2606 const EVP_MD *m = EVP_sha384(); /* We need this too */ 2607 ]])], 2608 [ AC_MSG_RESULT([yes]) 2609 enable_nistp384=1 ], 2610 [ AC_MSG_RESULT([no]) ] 2611) 2612 2613AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 2614AC_LINK_IFELSE( 2615 [AC_LANG_PROGRAM([[ 2616#include <openssl/ec.h> 2617#include <openssl/ecdh.h> 2618#include <openssl/ecdsa.h> 2619#include <openssl/evp.h> 2620#include <openssl/objects.h> 2621#include <openssl/opensslv.h> 2622#if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2623# error "OpenSSL < 0.9.8g has unreliable ECC code" 2624#endif 2625 ]], [[ 2626 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 2627 const EVP_MD *m = EVP_sha512(); /* We need this too */ 2628 ]])], 2629 [ AC_MSG_RESULT([yes]) 2630 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 2631 AC_RUN_IFELSE( 2632 [AC_LANG_PROGRAM([[ 2633#include <openssl/ec.h> 2634#include <openssl/ecdh.h> 2635#include <openssl/ecdsa.h> 2636#include <openssl/evp.h> 2637#include <openssl/objects.h> 2638#include <openssl/opensslv.h> 2639 ]],[[ 2640 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 2641 const EVP_MD *m = EVP_sha512(); /* We need this too */ 2642 exit(e == NULL || m == NULL); 2643 ]])], 2644 [ AC_MSG_RESULT([yes]) 2645 enable_nistp521=1 ], 2646 [ AC_MSG_RESULT([no]) ], 2647 [ AC_MSG_WARN([cross-compiling: assuming yes]) 2648 enable_nistp521=1 ] 2649 )], 2650 AC_MSG_RESULT([no]) 2651) 2652 2653COMMENT_OUT_ECC="#no ecc#" 2654TEST_SSH_ECC=no 2655 2656if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 2657 test x$enable_nistp521 = x1; then 2658 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 2659fi 2660if test x$enable_nistp256 = x1; then 2661 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 2662 [libcrypto has NID_X9_62_prime256v1]) 2663 TEST_SSH_ECC=yes 2664 COMMENT_OUT_ECC="" 2665else 2666 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp256 \ 2667 ecdh-sha2-nistp256 ecdsa-sha2-nistp256-cert-v01@openssh.com" 2668fi 2669if test x$enable_nistp384 = x1; then 2670 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 2671 TEST_SSH_ECC=yes 2672 COMMENT_OUT_ECC="" 2673else 2674 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp384 \ 2675 ecdh-sha2-nistp384 ecdsa-sha2-nistp384-cert-v01@openssh.com" 2676fi 2677if test x$enable_nistp521 = x1; then 2678 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 2679 TEST_SSH_ECC=yes 2680 COMMENT_OUT_ECC="" 2681else 2682 unsupported_algorithms="$unsupported_algorithms ecdh-sha2-nistp521 \ 2683 ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01@openssh.com" 2684fi 2685 2686AC_SUBST([TEST_SSH_ECC]) 2687AC_SUBST([COMMENT_OUT_ECC]) 2688 2689saved_LIBS="$LIBS" 2690AC_CHECK_LIB([iaf], [ia_openinfo], [ 2691 LIBS="$LIBS -liaf" 2692 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 2693 AC_DEFINE([HAVE_LIBIAF], [1], 2694 [Define if system has libiaf that supports set_id]) 2695 ]) 2696]) 2697LIBS="$saved_LIBS" 2698 2699### Configure cryptographic random number support 2700 2701# Check wheter OpenSSL seeds itself 2702AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 2703AC_RUN_IFELSE( 2704 [AC_LANG_PROGRAM([[ 2705#include <string.h> 2706#include <openssl/rand.h> 2707 ]], [[ 2708 exit(RAND_status() == 1 ? 0 : 1); 2709 ]])], 2710 [ 2711 OPENSSL_SEEDS_ITSELF=yes 2712 AC_MSG_RESULT([yes]) 2713 ], 2714 [ 2715 AC_MSG_RESULT([no]) 2716 ], 2717 [ 2718 AC_MSG_WARN([cross compiling: assuming yes]) 2719 # This is safe, since we will fatal() at runtime if 2720 # OpenSSL is not seeded correctly. 2721 OPENSSL_SEEDS_ITSELF=yes 2722 ] 2723) 2724 2725# PRNGD TCP socket 2726AC_ARG_WITH([prngd-port], 2727 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 2728 [ 2729 case "$withval" in 2730 no) 2731 withval="" 2732 ;; 2733 [[0-9]]*) 2734 ;; 2735 *) 2736 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 2737 ;; 2738 esac 2739 if test ! -z "$withval" ; then 2740 PRNGD_PORT="$withval" 2741 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 2742 [Port number of PRNGD/EGD random number socket]) 2743 fi 2744 ] 2745) 2746 2747# PRNGD Unix domain socket 2748AC_ARG_WITH([prngd-socket], 2749 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 2750 [ 2751 case "$withval" in 2752 yes) 2753 withval="/var/run/egd-pool" 2754 ;; 2755 no) 2756 withval="" 2757 ;; 2758 /*) 2759 ;; 2760 *) 2761 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 2762 ;; 2763 esac 2764 2765 if test ! -z "$withval" ; then 2766 if test ! -z "$PRNGD_PORT" ; then 2767 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 2768 fi 2769 if test ! -r "$withval" ; then 2770 AC_MSG_WARN([Entropy socket is not readable]) 2771 fi 2772 PRNGD_SOCKET="$withval" 2773 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 2774 [Location of PRNGD/EGD random number socket]) 2775 fi 2776 ], 2777 [ 2778 # Check for existing socket only if we don't have a random device already 2779 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 2780 AC_MSG_CHECKING([for PRNGD/EGD socket]) 2781 # Insert other locations here 2782 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 2783 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 2784 PRNGD_SOCKET="$sock" 2785 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 2786 break; 2787 fi 2788 done 2789 if test ! -z "$PRNGD_SOCKET" ; then 2790 AC_MSG_RESULT([$PRNGD_SOCKET]) 2791 else 2792 AC_MSG_RESULT([not found]) 2793 fi 2794 fi 2795 ] 2796) 2797 2798# Which randomness source do we use? 2799if test ! -z "$PRNGD_PORT" ; then 2800 RAND_MSG="PRNGd port $PRNGD_PORT" 2801elif test ! -z "$PRNGD_SOCKET" ; then 2802 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 2803elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 2804 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 2805 [Define if you want OpenSSL's internally seeded PRNG only]) 2806 RAND_MSG="OpenSSL internal ONLY" 2807else 2808 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 2809fi 2810 2811# Check for PAM libs 2812PAM_MSG="no" 2813AC_ARG_WITH([pam], 2814 [ --with-pam Enable PAM support ], 2815 [ 2816 if test "x$withval" != "xno" ; then 2817 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 2818 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 2819 AC_MSG_ERROR([PAM headers not found]) 2820 fi 2821 2822 saved_LIBS="$LIBS" 2823 AC_CHECK_LIB([dl], [dlopen], , ) 2824 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 2825 AC_CHECK_FUNCS([pam_getenvlist]) 2826 AC_CHECK_FUNCS([pam_putenv]) 2827 LIBS="$saved_LIBS" 2828 2829 PAM_MSG="yes" 2830 2831 SSHDLIBS="$SSHDLIBS -lpam" 2832 AC_DEFINE([USE_PAM], [1], 2833 [Define if you want to enable PAM support]) 2834 2835 if test $ac_cv_lib_dl_dlopen = yes; then 2836 case "$LIBS" in 2837 *-ldl*) 2838 # libdl already in LIBS 2839 ;; 2840 *) 2841 SSHDLIBS="$SSHDLIBS -ldl" 2842 ;; 2843 esac 2844 fi 2845 fi 2846 ] 2847) 2848 2849# Check for older PAM 2850if test "x$PAM_MSG" = "xyes" ; then 2851 # Check PAM strerror arguments (old PAM) 2852 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 2853 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2854#include <stdlib.h> 2855#if defined(HAVE_SECURITY_PAM_APPL_H) 2856#include <security/pam_appl.h> 2857#elif defined (HAVE_PAM_PAM_APPL_H) 2858#include <pam/pam_appl.h> 2859#endif 2860 ]], [[ 2861(void)pam_strerror((pam_handle_t *)NULL, -1); 2862 ]])], [AC_MSG_RESULT([no])], [ 2863 AC_DEFINE([HAVE_OLD_PAM], [1], 2864 [Define if you have an old version of PAM 2865 which takes only one argument to pam_strerror]) 2866 AC_MSG_RESULT([yes]) 2867 PAM_MSG="yes (old library)" 2868 2869 ]) 2870fi 2871 2872SSH_PRIVSEP_USER=sshd 2873AC_ARG_WITH([privsep-user], 2874 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 2875 [ 2876 if test -n "$withval" && test "x$withval" != "xno" && \ 2877 test "x${withval}" != "xyes"; then 2878 SSH_PRIVSEP_USER=$withval 2879 fi 2880 ] 2881) 2882AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 2883 [non-privileged user for privilege separation]) 2884AC_SUBST([SSH_PRIVSEP_USER]) 2885 2886if test "x$have_linux_no_new_privs" = "x1" ; then 2887AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 2888 #include <sys/types.h> 2889 #include <linux/seccomp.h> 2890]) 2891fi 2892if test "x$have_seccomp_filter" = "x1" ; then 2893AC_MSG_CHECKING([kernel for seccomp_filter support]) 2894AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 2895 #include <errno.h> 2896 #include <elf.h> 2897 #include <linux/audit.h> 2898 #include <linux/seccomp.h> 2899 #include <stdlib.h> 2900 #include <sys/prctl.h> 2901 ]], 2902 [[ int i = $seccomp_audit_arch; 2903 errno = 0; 2904 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 2905 exit(errno == EFAULT ? 0 : 1); ]])], 2906 [ AC_MSG_RESULT([yes]) ], [ 2907 AC_MSG_RESULT([no]) 2908 # Disable seccomp filter as a target 2909 have_seccomp_filter=0 2910 ] 2911) 2912fi 2913 2914# Decide which sandbox style to use 2915sandbox_arg="" 2916AC_ARG_WITH([sandbox], 2917 [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter, capsicum)], 2918 [ 2919 if test "x$withval" = "xyes" ; then 2920 sandbox_arg="" 2921 else 2922 sandbox_arg="$withval" 2923 fi 2924 ] 2925) 2926 2927# Some platforms (seems to be the ones that have a kernel poll(2)-type 2928# function with which they implement select(2)) use an extra file descriptor 2929# when calling select(2), which means we can't use the rlimit sandbox. 2930AC_MSG_CHECKING([if select works with descriptor rlimit]) 2931AC_RUN_IFELSE( 2932 [AC_LANG_PROGRAM([[ 2933#include <sys/types.h> 2934#ifdef HAVE_SYS_TIME_H 2935# include <sys/time.h> 2936#endif 2937#include <sys/resource.h> 2938#ifdef HAVE_SYS_SELECT_H 2939# include <sys/select.h> 2940#endif 2941#include <errno.h> 2942#include <fcntl.h> 2943#include <stdlib.h> 2944 ]],[[ 2945 struct rlimit rl_zero; 2946 int fd, r; 2947 fd_set fds; 2948 struct timeval tv; 2949 2950 fd = open("/dev/null", O_RDONLY); 2951 FD_ZERO(&fds); 2952 FD_SET(fd, &fds); 2953 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 2954 setrlimit(RLIMIT_FSIZE, &rl_zero); 2955 setrlimit(RLIMIT_NOFILE, &rl_zero); 2956 tv.tv_sec = 1; 2957 tv.tv_usec = 0; 2958 r = select(fd+1, &fds, NULL, NULL, &tv); 2959 exit (r == -1 ? 1 : 0); 2960 ]])], 2961 [AC_MSG_RESULT([yes]) 2962 select_works_with_rlimit=yes], 2963 [AC_MSG_RESULT([no]) 2964 select_works_with_rlimit=no], 2965 [AC_MSG_WARN([cross compiling: assuming yes])] 2966) 2967 2968AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 2969AC_RUN_IFELSE( 2970 [AC_LANG_PROGRAM([[ 2971#include <sys/types.h> 2972#ifdef HAVE_SYS_TIME_H 2973# include <sys/time.h> 2974#endif 2975#include <sys/resource.h> 2976#include <errno.h> 2977#include <stdlib.h> 2978 ]],[[ 2979 struct rlimit rl_zero; 2980 int fd, r; 2981 fd_set fds; 2982 2983 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 2984 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 2985 exit (r == -1 ? 1 : 0); 2986 ]])], 2987 [AC_MSG_RESULT([yes]) 2988 rlimit_nofile_zero_works=yes], 2989 [AC_MSG_RESULT([no]) 2990 rlimit_nofile_zero_works=no], 2991 [AC_MSG_WARN([cross compiling: assuming yes])] 2992) 2993 2994AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 2995AC_RUN_IFELSE( 2996 [AC_LANG_PROGRAM([[ 2997#include <sys/types.h> 2998#include <sys/resource.h> 2999#include <stdlib.h> 3000 ]],[[ 3001 struct rlimit rl_zero; 3002 3003 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3004 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3005 ]])], 3006 [AC_MSG_RESULT([yes])], 3007 [AC_MSG_RESULT([no]) 3008 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3009 [setrlimit RLIMIT_FSIZE works])], 3010 [AC_MSG_WARN([cross compiling: assuming yes])] 3011) 3012 3013if test "x$sandbox_arg" = "xsystrace" || \ 3014 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3015 test "x$have_systr_policy_kill" != "x1" && \ 3016 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3017 SANDBOX_STYLE="systrace" 3018 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3019elif test "x$sandbox_arg" = "xdarwin" || \ 3020 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3021 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3022 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3023 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3024 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3025 SANDBOX_STYLE="darwin" 3026 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3027elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3028 ( test -z "$sandbox_arg" && \ 3029 test "x$have_seccomp_filter" = "x1" && \ 3030 test "x$ac_cv_header_elf_h" = "xyes" && \ 3031 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3032 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3033 test "x$seccomp_audit_arch" != "x" && \ 3034 test "x$have_linux_no_new_privs" = "x1" && \ 3035 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3036 test "x$seccomp_audit_arch" = "x" && \ 3037 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3038 test "x$have_linux_no_new_privs" != "x1" && \ 3039 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3040 test "x$have_seccomp_filter" != "x1" && \ 3041 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3042 test "x$ac_cv_func_prctl" != "xyes" && \ 3043 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3044 SANDBOX_STYLE="seccomp_filter" 3045 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3046elif test "x$sandbox_arg" = "xcapsicum" || \ 3047 ( test -z "$sandbox_arg" && \ 3048 test "x$ac_cv_header_sys_capability_h" = "xyes" && \ 3049 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3050 test "x$ac_cv_header_sys_capability_h" != "xyes" && \ 3051 AC_MSG_ERROR([capsicum sandbox requires sys/capability.h header]) 3052 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3053 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3054 SANDBOX_STYLE="capsicum" 3055 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3056elif test "x$sandbox_arg" = "xrlimit" || \ 3057 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3058 test "x$select_works_with_rlimit" = "xyes" && \ 3059 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3060 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3061 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3062 test "x$select_works_with_rlimit" != "xyes" && \ 3063 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3064 SANDBOX_STYLE="rlimit" 3065 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3066elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3067 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3068 SANDBOX_STYLE="none" 3069 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3070else 3071 AC_MSG_ERROR([unsupported --with-sandbox]) 3072fi 3073 3074# Cheap hack to ensure NEWS-OS libraries are arranged right. 3075if test ! -z "$SONY" ; then 3076 LIBS="$LIBS -liberty"; 3077fi 3078 3079# Check for long long datatypes 3080AC_CHECK_TYPES([long long, unsigned long long, long double]) 3081 3082# Check datatype sizes 3083AC_CHECK_SIZEOF([short int], [2]) 3084AC_CHECK_SIZEOF([int], [4]) 3085AC_CHECK_SIZEOF([long int], [4]) 3086AC_CHECK_SIZEOF([long long int], [8]) 3087 3088# Sanity check long long for some platforms (AIX) 3089if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3090 ac_cv_sizeof_long_long_int=0 3091fi 3092 3093# compute LLONG_MIN and LLONG_MAX if we don't know them. 3094if test -z "$have_llong_max"; then 3095 AC_MSG_CHECKING([for max value of long long]) 3096 AC_RUN_IFELSE( 3097 [AC_LANG_PROGRAM([[ 3098#include <stdio.h> 3099/* Why is this so damn hard? */ 3100#ifdef __GNUC__ 3101# undef __GNUC__ 3102#endif 3103#define __USE_ISOC99 3104#include <limits.h> 3105#define DATA "conftest.llminmax" 3106#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3107 3108/* 3109 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3110 * we do this the hard way. 3111 */ 3112static int 3113fprint_ll(FILE *f, long long n) 3114{ 3115 unsigned int i; 3116 int l[sizeof(long long) * 8]; 3117 3118 if (n < 0) 3119 if (fprintf(f, "-") < 0) 3120 return -1; 3121 for (i = 0; n != 0; i++) { 3122 l[i] = my_abs(n % 10); 3123 n /= 10; 3124 } 3125 do { 3126 if (fprintf(f, "%d", l[--i]) < 0) 3127 return -1; 3128 } while (i != 0); 3129 if (fprintf(f, " ") < 0) 3130 return -1; 3131 return 0; 3132} 3133 ]], [[ 3134 FILE *f; 3135 long long i, llmin, llmax = 0; 3136 3137 if((f = fopen(DATA,"w")) == NULL) 3138 exit(1); 3139 3140#if defined(LLONG_MIN) && defined(LLONG_MAX) 3141 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3142 llmin = LLONG_MIN; 3143 llmax = LLONG_MAX; 3144#else 3145 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3146 /* This will work on one's complement and two's complement */ 3147 for (i = 1; i > llmax; i <<= 1, i++) 3148 llmax = i; 3149 llmin = llmax + 1LL; /* wrap */ 3150#endif 3151 3152 /* Sanity check */ 3153 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3154 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3155 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3156 fprintf(f, "unknown unknown\n"); 3157 exit(2); 3158 } 3159 3160 if (fprint_ll(f, llmin) < 0) 3161 exit(3); 3162 if (fprint_ll(f, llmax) < 0) 3163 exit(4); 3164 if (fclose(f) < 0) 3165 exit(5); 3166 exit(0); 3167 ]])], 3168 [ 3169 llong_min=`$AWK '{print $1}' conftest.llminmax` 3170 llong_max=`$AWK '{print $2}' conftest.llminmax` 3171 3172 AC_MSG_RESULT([$llong_max]) 3173 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3174 [max value of long long calculated by configure]) 3175 AC_MSG_CHECKING([for min value of long long]) 3176 AC_MSG_RESULT([$llong_min]) 3177 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3178 [min value of long long calculated by configure]) 3179 ], 3180 [ 3181 AC_MSG_RESULT([not found]) 3182 ], 3183 [ 3184 AC_MSG_WARN([cross compiling: not checking]) 3185 ] 3186 ) 3187fi 3188 3189 3190# More checks for data types 3191AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3192 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3193 [[ u_int a; a = 1;]])], 3194 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3195 ]) 3196]) 3197if test "x$ac_cv_have_u_int" = "xyes" ; then 3198 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3199 have_u_int=1 3200fi 3201 3202AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3203 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3204 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3205 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3206 ]) 3207]) 3208if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3209 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3210 have_intxx_t=1 3211fi 3212 3213if (test -z "$have_intxx_t" && \ 3214 test "x$ac_cv_header_stdint_h" = "xyes") 3215then 3216 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3217 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3218 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3219 [ 3220 AC_DEFINE([HAVE_INTXX_T]) 3221 AC_MSG_RESULT([yes]) 3222 ], [ AC_MSG_RESULT([no]) 3223 ]) 3224fi 3225 3226AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3227 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3228#include <sys/types.h> 3229#ifdef HAVE_STDINT_H 3230# include <stdint.h> 3231#endif 3232#include <sys/socket.h> 3233#ifdef HAVE_SYS_BITYPES_H 3234# include <sys/bitypes.h> 3235#endif 3236 ]], [[ 3237int64_t a; a = 1; 3238 ]])], 3239 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3240 ]) 3241]) 3242if test "x$ac_cv_have_int64_t" = "xyes" ; then 3243 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3244fi 3245 3246AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3247 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3248 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3249 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3250 ]) 3251]) 3252if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3253 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3254 have_u_intxx_t=1 3255fi 3256 3257if test -z "$have_u_intxx_t" ; then 3258 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3259 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3260 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3261 [ 3262 AC_DEFINE([HAVE_U_INTXX_T]) 3263 AC_MSG_RESULT([yes]) 3264 ], [ AC_MSG_RESULT([no]) 3265 ]) 3266fi 3267 3268AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3269 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3270 [[ u_int64_t a; a = 1;]])], 3271 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3272 ]) 3273]) 3274if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3275 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3276 have_u_int64_t=1 3277fi 3278 3279if (test -z "$have_u_int64_t" && \ 3280 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3281then 3282 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3283 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3284 [[ u_int64_t a; a = 1]])], 3285 [ 3286 AC_DEFINE([HAVE_U_INT64_T]) 3287 AC_MSG_RESULT([yes]) 3288 ], [ AC_MSG_RESULT([no]) 3289 ]) 3290fi 3291 3292if test -z "$have_u_intxx_t" ; then 3293 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3294 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3295#include <sys/types.h> 3296 ]], [[ 3297 uint8_t a; 3298 uint16_t b; 3299 uint32_t c; 3300 a = b = c = 1; 3301 ]])], 3302 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3303 ]) 3304 ]) 3305 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3306 AC_DEFINE([HAVE_UINTXX_T], [1], 3307 [define if you have uintxx_t data type]) 3308 fi 3309fi 3310 3311if (test -z "$have_uintxx_t" && \ 3312 test "x$ac_cv_header_stdint_h" = "xyes") 3313then 3314 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3315 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3316 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3317 [ 3318 AC_DEFINE([HAVE_UINTXX_T]) 3319 AC_MSG_RESULT([yes]) 3320 ], [ AC_MSG_RESULT([no]) 3321 ]) 3322fi 3323 3324if (test -z "$have_uintxx_t" && \ 3325 test "x$ac_cv_header_inttypes_h" = "xyes") 3326then 3327 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3328 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3329 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3330 [ 3331 AC_DEFINE([HAVE_UINTXX_T]) 3332 AC_MSG_RESULT([yes]) 3333 ], [ AC_MSG_RESULT([no]) 3334 ]) 3335fi 3336 3337if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3338 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3339then 3340 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3341 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3342#include <sys/bitypes.h> 3343 ]], [[ 3344 int8_t a; int16_t b; int32_t c; 3345 u_int8_t e; u_int16_t f; u_int32_t g; 3346 a = b = c = e = f = g = 1; 3347 ]])], 3348 [ 3349 AC_DEFINE([HAVE_U_INTXX_T]) 3350 AC_DEFINE([HAVE_INTXX_T]) 3351 AC_MSG_RESULT([yes]) 3352 ], [AC_MSG_RESULT([no]) 3353 ]) 3354fi 3355 3356 3357AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3358 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3359 [[ u_char foo; foo = 125; ]])], 3360 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3361 ]) 3362]) 3363if test "x$ac_cv_have_u_char" = "xyes" ; then 3364 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3365fi 3366 3367AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3368#include <sys/types.h> 3369#include <stdint.h> 3370]) 3371 3372TYPE_SOCKLEN_T 3373 3374AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3375AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3376#include <sys/types.h> 3377#ifdef HAVE_SYS_BITYPES_H 3378#include <sys/bitypes.h> 3379#endif 3380#ifdef HAVE_SYS_STATFS_H 3381#include <sys/statfs.h> 3382#endif 3383#ifdef HAVE_SYS_STATVFS_H 3384#include <sys/statvfs.h> 3385#endif 3386]) 3387 3388AC_CHECK_TYPES([in_addr_t, in_port_t], , , 3389[#include <sys/types.h> 3390#include <netinet/in.h>]) 3391 3392AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3393 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3394 [[ size_t foo; foo = 1235; ]])], 3395 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 3396 ]) 3397]) 3398if test "x$ac_cv_have_size_t" = "xyes" ; then 3399 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 3400fi 3401 3402AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 3403 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3404 [[ ssize_t foo; foo = 1235; ]])], 3405 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 3406 ]) 3407]) 3408if test "x$ac_cv_have_ssize_t" = "xyes" ; then 3409 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 3410fi 3411 3412AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 3413 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 3414 [[ clock_t foo; foo = 1235; ]])], 3415 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 3416 ]) 3417]) 3418if test "x$ac_cv_have_clock_t" = "xyes" ; then 3419 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 3420fi 3421 3422AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 3423 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3424#include <sys/types.h> 3425#include <sys/socket.h> 3426 ]], [[ sa_family_t foo; foo = 1235; ]])], 3427 [ ac_cv_have_sa_family_t="yes" ], 3428 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3429#include <sys/types.h> 3430#include <sys/socket.h> 3431#include <netinet/in.h> 3432 ]], [[ sa_family_t foo; foo = 1235; ]])], 3433 [ ac_cv_have_sa_family_t="yes" ], 3434 [ ac_cv_have_sa_family_t="no" ] 3435 ) 3436 ]) 3437]) 3438if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 3439 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 3440 [define if you have sa_family_t data type]) 3441fi 3442 3443AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 3444 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3445 [[ pid_t foo; foo = 1235; ]])], 3446 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 3447 ]) 3448]) 3449if test "x$ac_cv_have_pid_t" = "xyes" ; then 3450 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 3451fi 3452 3453AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 3454 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3455 [[ mode_t foo; foo = 1235; ]])], 3456 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 3457 ]) 3458]) 3459if test "x$ac_cv_have_mode_t" = "xyes" ; then 3460 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 3461fi 3462 3463 3464AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 3465 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3466#include <sys/types.h> 3467#include <sys/socket.h> 3468 ]], [[ struct sockaddr_storage s; ]])], 3469 [ ac_cv_have_struct_sockaddr_storage="yes" ], 3470 [ ac_cv_have_struct_sockaddr_storage="no" 3471 ]) 3472]) 3473if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 3474 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 3475 [define if you have struct sockaddr_storage data type]) 3476fi 3477 3478AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 3479 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3480#include <sys/types.h> 3481#include <netinet/in.h> 3482 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 3483 [ ac_cv_have_struct_sockaddr_in6="yes" ], 3484 [ ac_cv_have_struct_sockaddr_in6="no" 3485 ]) 3486]) 3487if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 3488 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 3489 [define if you have struct sockaddr_in6 data type]) 3490fi 3491 3492AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 3493 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3494#include <sys/types.h> 3495#include <netinet/in.h> 3496 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 3497 [ ac_cv_have_struct_in6_addr="yes" ], 3498 [ ac_cv_have_struct_in6_addr="no" 3499 ]) 3500]) 3501if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 3502 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 3503 [define if you have struct in6_addr data type]) 3504 3505dnl Now check for sin6_scope_id 3506 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 3507 [ 3508#ifdef HAVE_SYS_TYPES_H 3509#include <sys/types.h> 3510#endif 3511#include <netinet/in.h> 3512 ]) 3513fi 3514 3515AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 3516 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3517#include <sys/types.h> 3518#include <sys/socket.h> 3519#include <netdb.h> 3520 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 3521 [ ac_cv_have_struct_addrinfo="yes" ], 3522 [ ac_cv_have_struct_addrinfo="no" 3523 ]) 3524]) 3525if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 3526 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 3527 [define if you have struct addrinfo data type]) 3528fi 3529 3530AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 3531 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 3532 [[ struct timeval tv; tv.tv_sec = 1;]])], 3533 [ ac_cv_have_struct_timeval="yes" ], 3534 [ ac_cv_have_struct_timeval="no" 3535 ]) 3536]) 3537if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 3538 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 3539 have_struct_timeval=1 3540fi 3541 3542AC_CHECK_TYPES([struct timespec]) 3543 3544# We need int64_t or else certian parts of the compile will fail. 3545if test "x$ac_cv_have_int64_t" = "xno" && \ 3546 test "x$ac_cv_sizeof_long_int" != "x8" && \ 3547 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 3548 echo "OpenSSH requires int64_t support. Contact your vendor or install" 3549 echo "an alternative compiler (I.E., GCC) before continuing." 3550 echo "" 3551 exit 1; 3552else 3553dnl test snprintf (broken on SCO w/gcc) 3554 AC_RUN_IFELSE( 3555 [AC_LANG_SOURCE([[ 3556#include <stdio.h> 3557#include <string.h> 3558#ifdef HAVE_SNPRINTF 3559main() 3560{ 3561 char buf[50]; 3562 char expected_out[50]; 3563 int mazsize = 50 ; 3564#if (SIZEOF_LONG_INT == 8) 3565 long int num = 0x7fffffffffffffff; 3566#else 3567 long long num = 0x7fffffffffffffffll; 3568#endif 3569 strcpy(expected_out, "9223372036854775807"); 3570 snprintf(buf, mazsize, "%lld", num); 3571 if(strcmp(buf, expected_out) != 0) 3572 exit(1); 3573 exit(0); 3574} 3575#else 3576main() { exit(0); } 3577#endif 3578 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 3579 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 3580 ) 3581fi 3582 3583dnl Checks for structure members 3584OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 3585OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 3586OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 3587OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 3588OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 3589OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 3590OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 3591OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 3592OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 3593OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 3594OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 3595OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 3596OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 3597OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 3598OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 3599OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 3600OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 3601 3602AC_CHECK_MEMBERS([struct stat.st_blksize]) 3603AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 3604struct passwd.pw_change, struct passwd.pw_expire], 3605[], [], [[ 3606#include <sys/types.h> 3607#include <pwd.h> 3608]]) 3609 3610AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 3611 [Define if we don't have struct __res_state in resolv.h])], 3612[[ 3613#include <stdio.h> 3614#if HAVE_SYS_TYPES_H 3615# include <sys/types.h> 3616#endif 3617#include <netinet/in.h> 3618#include <arpa/nameser.h> 3619#include <resolv.h> 3620]]) 3621 3622AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 3623 ac_cv_have_ss_family_in_struct_ss, [ 3624 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3625#include <sys/types.h> 3626#include <sys/socket.h> 3627 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 3628 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 3629 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 3630]) 3631if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 3632 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 3633fi 3634 3635AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 3636 ac_cv_have___ss_family_in_struct_ss, [ 3637 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3638#include <sys/types.h> 3639#include <sys/socket.h> 3640 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 3641 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 3642 [ ac_cv_have___ss_family_in_struct_ss="no" 3643 ]) 3644]) 3645if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 3646 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 3647 [Fields in struct sockaddr_storage]) 3648fi 3649 3650dnl make sure we're using the real structure members and not defines 3651AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 3652 ac_cv_have_accrights_in_msghdr, [ 3653 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3654#include <sys/types.h> 3655#include <sys/socket.h> 3656#include <sys/uio.h> 3657 ]], [[ 3658#ifdef msg_accrights 3659#error "msg_accrights is a macro" 3660exit(1); 3661#endif 3662struct msghdr m; 3663m.msg_accrights = 0; 3664exit(0); 3665 ]])], 3666 [ ac_cv_have_accrights_in_msghdr="yes" ], 3667 [ ac_cv_have_accrights_in_msghdr="no" ] 3668 ) 3669]) 3670if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 3671 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 3672 [Define if your system uses access rights style 3673 file descriptor passing]) 3674fi 3675 3676AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 3677AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3678#include <sys/param.h> 3679#include <sys/stat.h> 3680#ifdef HAVE_SYS_TIME_H 3681# include <sys/time.h> 3682#endif 3683#ifdef HAVE_SYS_MOUNT_H 3684#include <sys/mount.h> 3685#endif 3686#ifdef HAVE_SYS_STATVFS_H 3687#include <sys/statvfs.h> 3688#endif 3689 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 3690 [ AC_MSG_RESULT([yes]) ], 3691 [ AC_MSG_RESULT([no]) 3692 3693 AC_MSG_CHECKING([if fsid_t has member val]) 3694 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3695#include <sys/types.h> 3696#include <sys/statvfs.h> 3697 ]], [[ fsid_t t; t.val[0] = 0; ]])], 3698 [ AC_MSG_RESULT([yes]) 3699 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 3700 [ AC_MSG_RESULT([no]) ]) 3701 3702 AC_MSG_CHECKING([if f_fsid has member __val]) 3703 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3704#include <sys/types.h> 3705#include <sys/statvfs.h> 3706 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 3707 [ AC_MSG_RESULT([yes]) 3708 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 3709 [ AC_MSG_RESULT([no]) ]) 3710]) 3711 3712AC_CACHE_CHECK([for msg_control field in struct msghdr], 3713 ac_cv_have_control_in_msghdr, [ 3714 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3715#include <sys/types.h> 3716#include <sys/socket.h> 3717#include <sys/uio.h> 3718 ]], [[ 3719#ifdef msg_control 3720#error "msg_control is a macro" 3721exit(1); 3722#endif 3723struct msghdr m; 3724m.msg_control = 0; 3725exit(0); 3726 ]])], 3727 [ ac_cv_have_control_in_msghdr="yes" ], 3728 [ ac_cv_have_control_in_msghdr="no" ] 3729 ) 3730]) 3731if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 3732 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 3733 [Define if your system uses ancillary data style 3734 file descriptor passing]) 3735fi 3736 3737AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 3738 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 3739 [[ extern char *__progname; printf("%s", __progname); ]])], 3740 [ ac_cv_libc_defines___progname="yes" ], 3741 [ ac_cv_libc_defines___progname="no" 3742 ]) 3743]) 3744if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 3745 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 3746fi 3747 3748AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 3749 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 3750 [[ printf("%s", __FUNCTION__); ]])], 3751 [ ac_cv_cc_implements___FUNCTION__="yes" ], 3752 [ ac_cv_cc_implements___FUNCTION__="no" 3753 ]) 3754]) 3755if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 3756 AC_DEFINE([HAVE___FUNCTION__], [1], 3757 [Define if compiler implements __FUNCTION__]) 3758fi 3759 3760AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 3761 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 3762 [[ printf("%s", __func__); ]])], 3763 [ ac_cv_cc_implements___func__="yes" ], 3764 [ ac_cv_cc_implements___func__="no" 3765 ]) 3766]) 3767if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 3768 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 3769fi 3770 3771AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 3772 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3773#include <stdarg.h> 3774va_list x,y; 3775 ]], [[ va_copy(x,y); ]])], 3776 [ ac_cv_have_va_copy="yes" ], 3777 [ ac_cv_have_va_copy="no" 3778 ]) 3779]) 3780if test "x$ac_cv_have_va_copy" = "xyes" ; then 3781 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 3782fi 3783 3784AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 3785 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3786#include <stdarg.h> 3787va_list x,y; 3788 ]], [[ __va_copy(x,y); ]])], 3789 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 3790 ]) 3791]) 3792if test "x$ac_cv_have___va_copy" = "xyes" ; then 3793 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 3794fi 3795 3796AC_CACHE_CHECK([whether getopt has optreset support], 3797 ac_cv_have_getopt_optreset, [ 3798 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 3799 [[ extern int optreset; optreset = 0; ]])], 3800 [ ac_cv_have_getopt_optreset="yes" ], 3801 [ ac_cv_have_getopt_optreset="no" 3802 ]) 3803]) 3804if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 3805 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 3806 [Define if your getopt(3) defines and uses optreset]) 3807fi 3808 3809AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 3810 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 3811[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 3812 [ ac_cv_libc_defines_sys_errlist="yes" ], 3813 [ ac_cv_libc_defines_sys_errlist="no" 3814 ]) 3815]) 3816if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 3817 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 3818 [Define if your system defines sys_errlist[]]) 3819fi 3820 3821 3822AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 3823 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 3824[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 3825 [ ac_cv_libc_defines_sys_nerr="yes" ], 3826 [ ac_cv_libc_defines_sys_nerr="no" 3827 ]) 3828]) 3829if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 3830 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 3831fi 3832 3833# Check libraries needed by DNS fingerprint support 3834AC_SEARCH_LIBS([getrrsetbyname], [resolv], 3835 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 3836 [Define if getrrsetbyname() exists])], 3837 [ 3838 # Needed by our getrrsetbyname() 3839 AC_SEARCH_LIBS([res_query], [resolv]) 3840 AC_SEARCH_LIBS([dn_expand], [resolv]) 3841 AC_MSG_CHECKING([if res_query will link]) 3842 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3843#include <sys/types.h> 3844#include <netinet/in.h> 3845#include <arpa/nameser.h> 3846#include <netdb.h> 3847#include <resolv.h> 3848 ]], [[ 3849 res_query (0, 0, 0, 0, 0); 3850 ]])], 3851 AC_MSG_RESULT([yes]), 3852 [AC_MSG_RESULT([no]) 3853 saved_LIBS="$LIBS" 3854 LIBS="$LIBS -lresolv" 3855 AC_MSG_CHECKING([for res_query in -lresolv]) 3856 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3857#include <sys/types.h> 3858#include <netinet/in.h> 3859#include <arpa/nameser.h> 3860#include <netdb.h> 3861#include <resolv.h> 3862 ]], [[ 3863 res_query (0, 0, 0, 0, 0); 3864 ]])], 3865 [AC_MSG_RESULT([yes])], 3866 [LIBS="$saved_LIBS" 3867 AC_MSG_RESULT([no])]) 3868 ]) 3869 AC_CHECK_FUNCS([_getshort _getlong]) 3870 AC_CHECK_DECLS([_getshort, _getlong], , , 3871 [#include <sys/types.h> 3872 #include <arpa/nameser.h>]) 3873 AC_CHECK_MEMBER([HEADER.ad], 3874 [AC_DEFINE([HAVE_HEADER_AD], [1], 3875 [Define if HEADER.ad exists in arpa/nameser.h])], , 3876 [#include <arpa/nameser.h>]) 3877 ]) 3878 3879AC_MSG_CHECKING([if struct __res_state _res is an extern]) 3880AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3881#include <stdio.h> 3882#if HAVE_SYS_TYPES_H 3883# include <sys/types.h> 3884#endif 3885#include <netinet/in.h> 3886#include <arpa/nameser.h> 3887#include <resolv.h> 3888extern struct __res_state _res; 3889 ]], [[ ]])], 3890 [AC_MSG_RESULT([yes]) 3891 AC_DEFINE([HAVE__RES_EXTERN], [1], 3892 [Define if you have struct __res_state _res as an extern]) 3893 ], 3894 [ AC_MSG_RESULT([no]) ] 3895) 3896 3897# Check whether user wants SELinux support 3898SELINUX_MSG="no" 3899LIBSELINUX="" 3900AC_ARG_WITH([selinux], 3901 [ --with-selinux Enable SELinux support], 3902 [ if test "x$withval" != "xno" ; then 3903 save_LIBS="$LIBS" 3904 AC_DEFINE([WITH_SELINUX], [1], 3905 [Define if you want SELinux support.]) 3906 SELINUX_MSG="yes" 3907 AC_CHECK_HEADER([selinux/selinux.h], , 3908 AC_MSG_ERROR([SELinux support requires selinux.h header])) 3909 AC_CHECK_LIB([selinux], [setexeccon], 3910 [ LIBSELINUX="-lselinux" 3911 LIBS="$LIBS -lselinux" 3912 ], 3913 AC_MSG_ERROR([SELinux support requires libselinux library])) 3914 SSHLIBS="$SSHLIBS $LIBSELINUX" 3915 SSHDLIBS="$SSHDLIBS $LIBSELINUX" 3916 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 3917 LIBS="$save_LIBS" 3918 fi ] 3919) 3920AC_SUBST([SSHLIBS]) 3921AC_SUBST([SSHDLIBS]) 3922 3923# Check whether user wants Kerberos 5 support 3924KRB5_MSG="no" 3925AC_ARG_WITH([kerberos5], 3926 [ --with-kerberos5=PATH Enable Kerberos 5 support], 3927 [ if test "x$withval" != "xno" ; then 3928 if test "x$withval" = "xyes" ; then 3929 KRB5ROOT="/usr/local" 3930 else 3931 KRB5ROOT=${withval} 3932 fi 3933 3934 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 3935 KRB5_MSG="yes" 3936 3937 AC_PATH_PROG([KRB5CONF], [krb5-config], 3938 [$KRB5ROOT/bin/krb5-config], 3939 [$KRB5ROOT/bin:$PATH]) 3940 if test -x $KRB5CONF ; then 3941 K5CFLAGS="`$KRB5CONF --cflags`" 3942 K5LIBS="`$KRB5CONF --libs`" 3943 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 3944 3945 AC_MSG_CHECKING([for gssapi support]) 3946 if $KRB5CONF | grep gssapi >/dev/null ; then 3947 AC_MSG_RESULT([yes]) 3948 AC_DEFINE([GSSAPI], [1], 3949 [Define this if you want GSSAPI 3950 support in the version 2 protocol]) 3951 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 3952 GSSLIBS="`$KRB5CONF --libs gssapi`" 3953 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 3954 else 3955 AC_MSG_RESULT([no]) 3956 fi 3957 AC_MSG_CHECKING([whether we are using Heimdal]) 3958 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 3959 ]], [[ char *tmp = heimdal_version; ]])], 3960 [ AC_MSG_RESULT([yes]) 3961 AC_DEFINE([HEIMDAL], [1], 3962 [Define this if you are using the Heimdal 3963 version of Kerberos V5]) ], 3964 [AC_MSG_RESULT([no]) 3965 ]) 3966 else 3967 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 3968 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 3969 AC_MSG_CHECKING([whether we are using Heimdal]) 3970 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 3971 ]], [[ char *tmp = heimdal_version; ]])], 3972 [ AC_MSG_RESULT([yes]) 3973 AC_DEFINE([HEIMDAL]) 3974 K5LIBS="-lkrb5" 3975 K5LIBS="$K5LIBS -lcom_err -lasn1" 3976 AC_CHECK_LIB([roken], [net_write], 3977 [K5LIBS="$K5LIBS -lroken"]) 3978 AC_CHECK_LIB([des], [des_cbc_encrypt], 3979 [K5LIBS="$K5LIBS -ldes"]) 3980 ], [ AC_MSG_RESULT([no]) 3981 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 3982 3983 ]) 3984 AC_SEARCH_LIBS([dn_expand], [resolv]) 3985 3986 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 3987 [ AC_DEFINE([GSSAPI]) 3988 GSSLIBS="-lgssapi_krb5" ], 3989 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 3990 [ AC_DEFINE([GSSAPI]) 3991 GSSLIBS="-lgssapi" ], 3992 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 3993 [ AC_DEFINE([GSSAPI]) 3994 GSSLIBS="-lgss" ], 3995 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 3996 ]) 3997 ]) 3998 3999 AC_CHECK_HEADER([gssapi.h], , 4000 [ unset ac_cv_header_gssapi_h 4001 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4002 AC_CHECK_HEADERS([gssapi.h], , 4003 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4004 ) 4005 ] 4006 ) 4007 4008 oldCPP="$CPPFLAGS" 4009 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4010 AC_CHECK_HEADER([gssapi_krb5.h], , 4011 [ CPPFLAGS="$oldCPP" ]) 4012 4013 fi 4014 if test ! -z "$need_dash_r" ; then 4015 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" 4016 fi 4017 if test ! -z "$blibpath" ; then 4018 blibpath="$blibpath:${KRB5ROOT}/lib" 4019 fi 4020 4021 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4022 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4023 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4024 4025 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4026 [Define this if you want to use libkafs' AFS support])]) 4027 4028 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4029#ifdef HAVE_GSSAPI_H 4030# include <gssapi.h> 4031#elif defined(HAVE_GSSAPI_GSSAPI_H) 4032# include <gssapi/gssapi.h> 4033#endif 4034 4035#ifdef HAVE_GSSAPI_GENERIC_H 4036# include <gssapi_generic.h> 4037#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4038# include <gssapi/gssapi_generic.h> 4039#endif 4040 ]]) 4041 saved_LIBS="$LIBS" 4042 LIBS="$LIBS $K5LIBS" 4043 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4044 LIBS="$saved_LIBS" 4045 4046 fi 4047 ] 4048) 4049AC_SUBST([GSSLIBS]) 4050AC_SUBST([K5LIBS]) 4051 4052# Looking for programs, paths and files 4053 4054PRIVSEP_PATH=/var/empty 4055AC_ARG_WITH([privsep-path], 4056 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4057 [ 4058 if test -n "$withval" && test "x$withval" != "xno" && \ 4059 test "x${withval}" != "xyes"; then 4060 PRIVSEP_PATH=$withval 4061 fi 4062 ] 4063) 4064AC_SUBST([PRIVSEP_PATH]) 4065 4066AC_ARG_WITH([xauth], 4067 [ --with-xauth=PATH Specify path to xauth program ], 4068 [ 4069 if test -n "$withval" && test "x$withval" != "xno" && \ 4070 test "x${withval}" != "xyes"; then 4071 xauth_path=$withval 4072 fi 4073 ], 4074 [ 4075 TestPath="$PATH" 4076 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4077 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4078 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4079 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4080 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4081 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4082 xauth_path="/usr/openwin/bin/xauth" 4083 fi 4084 ] 4085) 4086 4087STRIP_OPT=-s 4088AC_ARG_ENABLE([strip], 4089 [ --disable-strip Disable calling strip(1) on install], 4090 [ 4091 if test "x$enableval" = "xno" ; then 4092 STRIP_OPT= 4093 fi 4094 ] 4095) 4096AC_SUBST([STRIP_OPT]) 4097 4098if test -z "$xauth_path" ; then 4099 XAUTH_PATH="undefined" 4100 AC_SUBST([XAUTH_PATH]) 4101else 4102 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4103 [Define if xauth is found in your path]) 4104 XAUTH_PATH=$xauth_path 4105 AC_SUBST([XAUTH_PATH]) 4106fi 4107 4108dnl # --with-maildir=/path/to/mail gets top priority. 4109dnl # if maildir is set in the platform case statement above we use that. 4110dnl # Otherwise we run a program to get the dir from system headers. 4111dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4112dnl # If we find _PATH_MAILDIR we do nothing because that is what 4113dnl # session.c expects anyway. Otherwise we set to the value found 4114dnl # stripping any trailing slash. If for some strage reason our program 4115dnl # does not find what it needs, we default to /var/spool/mail. 4116# Check for mail directory 4117AC_ARG_WITH([maildir], 4118 [ --with-maildir=/path/to/mail Specify your system mail directory], 4119 [ 4120 if test "X$withval" != X && test "x$withval" != xno && \ 4121 test "x${withval}" != xyes; then 4122 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4123 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4124 fi 4125 ],[ 4126 if test "X$maildir" != "X"; then 4127 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4128 else 4129 AC_MSG_CHECKING([Discovering system mail directory]) 4130 AC_RUN_IFELSE( 4131 [AC_LANG_PROGRAM([[ 4132#include <stdio.h> 4133#include <string.h> 4134#ifdef HAVE_PATHS_H 4135#include <paths.h> 4136#endif 4137#ifdef HAVE_MAILLOCK_H 4138#include <maillock.h> 4139#endif 4140#define DATA "conftest.maildir" 4141 ]], [[ 4142 FILE *fd; 4143 int rc; 4144 4145 fd = fopen(DATA,"w"); 4146 if(fd == NULL) 4147 exit(1); 4148 4149#if defined (_PATH_MAILDIR) 4150 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4151 exit(1); 4152#elif defined (MAILDIR) 4153 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4154 exit(1); 4155#elif defined (_PATH_MAIL) 4156 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4157 exit(1); 4158#else 4159 exit (2); 4160#endif 4161 4162 exit(0); 4163 ]])], 4164 [ 4165 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4166 maildir=`awk -F: '{print $2}' conftest.maildir \ 4167 | sed 's|/$||'` 4168 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4169 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4170 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4171 fi 4172 ], 4173 [ 4174 if test "X$ac_status" = "X2";then 4175# our test program didn't find it. Default to /var/spool/mail 4176 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4177 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4178 else 4179 AC_MSG_RESULT([*** not found ***]) 4180 fi 4181 ], 4182 [ 4183 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4184 ] 4185 ) 4186 fi 4187 ] 4188) # maildir 4189 4190if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4191 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4192 disable_ptmx_check=yes 4193fi 4194if test -z "$no_dev_ptmx" ; then 4195 if test "x$disable_ptmx_check" != "xyes" ; then 4196 AC_CHECK_FILE(["/dev/ptmx"], 4197 [ 4198 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4199 [Define if you have /dev/ptmx]) 4200 have_dev_ptmx=1 4201 ] 4202 ) 4203 fi 4204fi 4205 4206if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4207 AC_CHECK_FILE(["/dev/ptc"], 4208 [ 4209 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4210 [Define if you have /dev/ptc]) 4211 have_dev_ptc=1 4212 ] 4213 ) 4214else 4215 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4216fi 4217 4218# Options from here on. Some of these are preset by platform above 4219AC_ARG_WITH([mantype], 4220 [ --with-mantype=man|cat|doc Set man page type], 4221 [ 4222 case "$withval" in 4223 man|cat|doc) 4224 MANTYPE=$withval 4225 ;; 4226 *) 4227 AC_MSG_ERROR([invalid man type: $withval]) 4228 ;; 4229 esac 4230 ] 4231) 4232if test -z "$MANTYPE"; then 4233 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" 4234 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath]) 4235 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4236 MANTYPE=doc 4237 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4238 MANTYPE=man 4239 else 4240 MANTYPE=cat 4241 fi 4242fi 4243AC_SUBST([MANTYPE]) 4244if test "$MANTYPE" = "doc"; then 4245 mansubdir=man; 4246else 4247 mansubdir=$MANTYPE; 4248fi 4249AC_SUBST([mansubdir]) 4250 4251# Check whether to enable MD5 passwords 4252MD5_MSG="no" 4253AC_ARG_WITH([md5-passwords], 4254 [ --with-md5-passwords Enable use of MD5 passwords], 4255 [ 4256 if test "x$withval" != "xno" ; then 4257 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4258 [Define if you want to allow MD5 passwords]) 4259 MD5_MSG="yes" 4260 fi 4261 ] 4262) 4263 4264# Whether to disable shadow password support 4265AC_ARG_WITH([shadow], 4266 [ --without-shadow Disable shadow password support], 4267 [ 4268 if test "x$withval" = "xno" ; then 4269 AC_DEFINE([DISABLE_SHADOW]) 4270 disable_shadow=yes 4271 fi 4272 ] 4273) 4274 4275if test -z "$disable_shadow" ; then 4276 AC_MSG_CHECKING([if the systems has expire shadow information]) 4277 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4278#include <sys/types.h> 4279#include <shadow.h> 4280struct spwd sp; 4281 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4282 [ sp_expire_available=yes ], [ 4283 ]) 4284 4285 if test "x$sp_expire_available" = "xyes" ; then 4286 AC_MSG_RESULT([yes]) 4287 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4288 [Define if you want to use shadow password expire field]) 4289 else 4290 AC_MSG_RESULT([no]) 4291 fi 4292fi 4293 4294# Use ip address instead of hostname in $DISPLAY 4295if test ! -z "$IPADDR_IN_DISPLAY" ; then 4296 DISPLAY_HACK_MSG="yes" 4297 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4298 [Define if you need to use IP address 4299 instead of hostname in $DISPLAY]) 4300else 4301 DISPLAY_HACK_MSG="no" 4302 AC_ARG_WITH([ipaddr-display], 4303 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY], 4304 [ 4305 if test "x$withval" != "xno" ; then 4306 AC_DEFINE([IPADDR_IN_DISPLAY]) 4307 DISPLAY_HACK_MSG="yes" 4308 fi 4309 ] 4310 ) 4311fi 4312 4313# check for /etc/default/login and use it if present. 4314AC_ARG_ENABLE([etc-default-login], 4315 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4316 [ if test "x$enableval" = "xno"; then 4317 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4318 etc_default_login=no 4319 else 4320 etc_default_login=yes 4321 fi ], 4322 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4323 then 4324 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4325 etc_default_login=no 4326 else 4327 etc_default_login=yes 4328 fi ] 4329) 4330 4331if test "x$etc_default_login" != "xno"; then 4332 AC_CHECK_FILE(["/etc/default/login"], 4333 [ external_path_file=/etc/default/login ]) 4334 if test "x$external_path_file" = "x/etc/default/login"; then 4335 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4336 [Define if your system has /etc/default/login]) 4337 fi 4338fi 4339 4340dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4341if test $ac_cv_func_login_getcapbool = "yes" && \ 4342 test $ac_cv_header_login_cap_h = "yes" ; then 4343 external_path_file=/etc/login.conf 4344fi 4345 4346# Whether to mess with the default path 4347SERVER_PATH_MSG="(default)" 4348AC_ARG_WITH([default-path], 4349 [ --with-default-path= Specify default \$PATH environment for server], 4350 [ 4351 if test "x$external_path_file" = "x/etc/login.conf" ; then 4352 AC_MSG_WARN([ 4353--with-default-path=PATH has no effect on this system. 4354Edit /etc/login.conf instead.]) 4355 elif test "x$withval" != "xno" ; then 4356 if test ! -z "$external_path_file" ; then 4357 AC_MSG_WARN([ 4358--with-default-path=PATH will only be used if PATH is not defined in 4359$external_path_file .]) 4360 fi 4361 user_path="$withval" 4362 SERVER_PATH_MSG="$withval" 4363 fi 4364 ], 4365 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 4366 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 4367 else 4368 if test ! -z "$external_path_file" ; then 4369 AC_MSG_WARN([ 4370If PATH is defined in $external_path_file, ensure the path to scp is included, 4371otherwise scp will not work.]) 4372 fi 4373 AC_RUN_IFELSE( 4374 [AC_LANG_PROGRAM([[ 4375/* find out what STDPATH is */ 4376#include <stdio.h> 4377#ifdef HAVE_PATHS_H 4378# include <paths.h> 4379#endif 4380#ifndef _PATH_STDPATH 4381# ifdef _PATH_USERPATH /* Irix */ 4382# define _PATH_STDPATH _PATH_USERPATH 4383# else 4384# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 4385# endif 4386#endif 4387#include <sys/types.h> 4388#include <sys/stat.h> 4389#include <fcntl.h> 4390#define DATA "conftest.stdpath" 4391 ]], [[ 4392 FILE *fd; 4393 int rc; 4394 4395 fd = fopen(DATA,"w"); 4396 if(fd == NULL) 4397 exit(1); 4398 4399 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 4400 exit(1); 4401 4402 exit(0); 4403 ]])], 4404 [ user_path=`cat conftest.stdpath` ], 4405 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 4406 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 4407 ) 4408# make sure $bindir is in USER_PATH so scp will work 4409 t_bindir="${bindir}" 4410 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 4411 t_bindir=`eval echo ${t_bindir}` 4412 case $t_bindir in 4413 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 4414 esac 4415 case $t_bindir in 4416 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 4417 esac 4418 done 4419 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 4420 if test $? -ne 0 ; then 4421 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 4422 if test $? -ne 0 ; then 4423 user_path=$user_path:$t_bindir 4424 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 4425 fi 4426 fi 4427 fi ] 4428) 4429if test "x$external_path_file" != "x/etc/login.conf" ; then 4430 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 4431 AC_SUBST([user_path]) 4432fi 4433 4434# Set superuser path separately to user path 4435AC_ARG_WITH([superuser-path], 4436 [ --with-superuser-path= Specify different path for super-user], 4437 [ 4438 if test -n "$withval" && test "x$withval" != "xno" && \ 4439 test "x${withval}" != "xyes"; then 4440 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 4441 [Define if you want a different $PATH 4442 for the superuser]) 4443 superuser_path=$withval 4444 fi 4445 ] 4446) 4447 4448 4449AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 4450IPV4_IN6_HACK_MSG="no" 4451AC_ARG_WITH(4in6, 4452 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 4453 [ 4454 if test "x$withval" != "xno" ; then 4455 AC_MSG_RESULT([yes]) 4456 AC_DEFINE([IPV4_IN_IPV6], [1], 4457 [Detect IPv4 in IPv6 mapped addresses 4458 and treat as IPv4]) 4459 IPV4_IN6_HACK_MSG="yes" 4460 else 4461 AC_MSG_RESULT([no]) 4462 fi 4463 ], [ 4464 if test "x$inet6_default_4in6" = "xyes"; then 4465 AC_MSG_RESULT([yes (default)]) 4466 AC_DEFINE([IPV4_IN_IPV6]) 4467 IPV4_IN6_HACK_MSG="yes" 4468 else 4469 AC_MSG_RESULT([no (default)]) 4470 fi 4471 ] 4472) 4473 4474# Whether to enable BSD auth support 4475BSD_AUTH_MSG=no 4476AC_ARG_WITH([bsd-auth], 4477 [ --with-bsd-auth Enable BSD auth support], 4478 [ 4479 if test "x$withval" != "xno" ; then 4480 AC_DEFINE([BSD_AUTH], [1], 4481 [Define if you have BSD auth support]) 4482 BSD_AUTH_MSG=yes 4483 fi 4484 ] 4485) 4486 4487# Where to place sshd.pid 4488piddir=/var/run 4489# make sure the directory exists 4490if test ! -d $piddir ; then 4491 piddir=`eval echo ${sysconfdir}` 4492 case $piddir in 4493 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 4494 esac 4495fi 4496 4497AC_ARG_WITH([pid-dir], 4498 [ --with-pid-dir=PATH Specify location of ssh.pid file], 4499 [ 4500 if test -n "$withval" && test "x$withval" != "xno" && \ 4501 test "x${withval}" != "xyes"; then 4502 piddir=$withval 4503 if test ! -d $piddir ; then 4504 AC_MSG_WARN([** no $piddir directory on this system **]) 4505 fi 4506 fi 4507 ] 4508) 4509 4510AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 4511 [Specify location of ssh.pid]) 4512AC_SUBST([piddir]) 4513 4514dnl allow user to disable some login recording features 4515AC_ARG_ENABLE([lastlog], 4516 [ --disable-lastlog disable use of lastlog even if detected [no]], 4517 [ 4518 if test "x$enableval" = "xno" ; then 4519 AC_DEFINE([DISABLE_LASTLOG]) 4520 fi 4521 ] 4522) 4523AC_ARG_ENABLE([utmp], 4524 [ --disable-utmp disable use of utmp even if detected [no]], 4525 [ 4526 if test "x$enableval" = "xno" ; then 4527 AC_DEFINE([DISABLE_UTMP]) 4528 fi 4529 ] 4530) 4531AC_ARG_ENABLE([utmpx], 4532 [ --disable-utmpx disable use of utmpx even if detected [no]], 4533 [ 4534 if test "x$enableval" = "xno" ; then 4535 AC_DEFINE([DISABLE_UTMPX], [1], 4536 [Define if you don't want to use utmpx]) 4537 fi 4538 ] 4539) 4540AC_ARG_ENABLE([wtmp], 4541 [ --disable-wtmp disable use of wtmp even if detected [no]], 4542 [ 4543 if test "x$enableval" = "xno" ; then 4544 AC_DEFINE([DISABLE_WTMP]) 4545 fi 4546 ] 4547) 4548AC_ARG_ENABLE([wtmpx], 4549 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 4550 [ 4551 if test "x$enableval" = "xno" ; then 4552 AC_DEFINE([DISABLE_WTMPX], [1], 4553 [Define if you don't want to use wtmpx]) 4554 fi 4555 ] 4556) 4557AC_ARG_ENABLE([libutil], 4558 [ --disable-libutil disable use of libutil (login() etc.) [no]], 4559 [ 4560 if test "x$enableval" = "xno" ; then 4561 AC_DEFINE([DISABLE_LOGIN]) 4562 fi 4563 ] 4564) 4565AC_ARG_ENABLE([pututline], 4566 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 4567 [ 4568 if test "x$enableval" = "xno" ; then 4569 AC_DEFINE([DISABLE_PUTUTLINE], [1], 4570 [Define if you don't want to use pututline() 4571 etc. to write [uw]tmp]) 4572 fi 4573 ] 4574) 4575AC_ARG_ENABLE([pututxline], 4576 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 4577 [ 4578 if test "x$enableval" = "xno" ; then 4579 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 4580 [Define if you don't want to use pututxline() 4581 etc. to write [uw]tmpx]) 4582 fi 4583 ] 4584) 4585AC_ARG_WITH([lastlog], 4586 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 4587 [ 4588 if test "x$withval" = "xno" ; then 4589 AC_DEFINE([DISABLE_LASTLOG]) 4590 elif test -n "$withval" && test "x${withval}" != "xyes"; then 4591 conf_lastlog_location=$withval 4592 fi 4593 ] 4594) 4595 4596dnl lastlog, [uw]tmpx? detection 4597dnl NOTE: set the paths in the platform section to avoid the 4598dnl need for command-line parameters 4599dnl lastlog and [uw]tmp are subject to a file search if all else fails 4600 4601dnl lastlog detection 4602dnl NOTE: the code itself will detect if lastlog is a directory 4603AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 4604AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4605#include <sys/types.h> 4606#include <utmp.h> 4607#ifdef HAVE_LASTLOG_H 4608# include <lastlog.h> 4609#endif 4610#ifdef HAVE_PATHS_H 4611# include <paths.h> 4612#endif 4613#ifdef HAVE_LOGIN_H 4614# include <login.h> 4615#endif 4616 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 4617 [ AC_MSG_RESULT([yes]) ], 4618 [ 4619 AC_MSG_RESULT([no]) 4620 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 4621 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4622#include <sys/types.h> 4623#include <utmp.h> 4624#ifdef HAVE_LASTLOG_H 4625# include <lastlog.h> 4626#endif 4627#ifdef HAVE_PATHS_H 4628# include <paths.h> 4629#endif 4630 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 4631 [ AC_MSG_RESULT([yes]) ], 4632 [ 4633 AC_MSG_RESULT([no]) 4634 system_lastlog_path=no 4635 ]) 4636]) 4637 4638if test -z "$conf_lastlog_location"; then 4639 if test x"$system_lastlog_path" = x"no" ; then 4640 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 4641 if (test -d "$f" || test -f "$f") ; then 4642 conf_lastlog_location=$f 4643 fi 4644 done 4645 if test -z "$conf_lastlog_location"; then 4646 AC_MSG_WARN([** Cannot find lastlog **]) 4647 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 4648 fi 4649 fi 4650fi 4651 4652if test -n "$conf_lastlog_location"; then 4653 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 4654 [Define if you want to specify the path to your lastlog file]) 4655fi 4656 4657dnl utmp detection 4658AC_MSG_CHECKING([if your system defines UTMP_FILE]) 4659AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4660#include <sys/types.h> 4661#include <utmp.h> 4662#ifdef HAVE_PATHS_H 4663# include <paths.h> 4664#endif 4665 ]], [[ char *utmp = UTMP_FILE; ]])], 4666 [ AC_MSG_RESULT([yes]) ], 4667 [ AC_MSG_RESULT([no]) 4668 system_utmp_path=no 4669]) 4670if test -z "$conf_utmp_location"; then 4671 if test x"$system_utmp_path" = x"no" ; then 4672 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 4673 if test -f $f ; then 4674 conf_utmp_location=$f 4675 fi 4676 done 4677 if test -z "$conf_utmp_location"; then 4678 AC_DEFINE([DISABLE_UTMP]) 4679 fi 4680 fi 4681fi 4682if test -n "$conf_utmp_location"; then 4683 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 4684 [Define if you want to specify the path to your utmp file]) 4685fi 4686 4687dnl wtmp detection 4688AC_MSG_CHECKING([if your system defines WTMP_FILE]) 4689AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4690#include <sys/types.h> 4691#include <utmp.h> 4692#ifdef HAVE_PATHS_H 4693# include <paths.h> 4694#endif 4695 ]], [[ char *wtmp = WTMP_FILE; ]])], 4696 [ AC_MSG_RESULT([yes]) ], 4697 [ AC_MSG_RESULT([no]) 4698 system_wtmp_path=no 4699]) 4700if test -z "$conf_wtmp_location"; then 4701 if test x"$system_wtmp_path" = x"no" ; then 4702 for f in /usr/adm/wtmp /var/log/wtmp; do 4703 if test -f $f ; then 4704 conf_wtmp_location=$f 4705 fi 4706 done 4707 if test -z "$conf_wtmp_location"; then 4708 AC_DEFINE([DISABLE_WTMP]) 4709 fi 4710 fi 4711fi 4712if test -n "$conf_wtmp_location"; then 4713 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 4714 [Define if you want to specify the path to your wtmp file]) 4715fi 4716 4717dnl wtmpx detection 4718AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 4719AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4720#include <sys/types.h> 4721#include <utmp.h> 4722#ifdef HAVE_UTMPX_H 4723#include <utmpx.h> 4724#endif 4725#ifdef HAVE_PATHS_H 4726# include <paths.h> 4727#endif 4728 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 4729 [ AC_MSG_RESULT([yes]) ], 4730 [ AC_MSG_RESULT([no]) 4731 system_wtmpx_path=no 4732]) 4733if test -z "$conf_wtmpx_location"; then 4734 if test x"$system_wtmpx_path" = x"no" ; then 4735 AC_DEFINE([DISABLE_WTMPX]) 4736 fi 4737else 4738 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 4739 [Define if you want to specify the path to your wtmpx file]) 4740fi 4741 4742 4743if test ! -z "$blibpath" ; then 4744 LDFLAGS="$LDFLAGS $blibflags$blibpath" 4745 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 4746fi 4747 4748AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 4749 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 4750 AC_DEFINE([DISABLE_LASTLOG]) 4751 fi 4752 ], [ 4753#ifdef HAVE_SYS_TYPES_H 4754#include <sys/types.h> 4755#endif 4756#ifdef HAVE_UTMP_H 4757#include <utmp.h> 4758#endif 4759#ifdef HAVE_UTMPX_H 4760#include <utmpx.h> 4761#endif 4762#ifdef HAVE_LASTLOG_H 4763#include <lastlog.h> 4764#endif 4765 ]) 4766 4767AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 4768 AC_DEFINE([DISABLE_UTMP]) 4769 AC_DEFINE([DISABLE_WTMP]) 4770 ], [ 4771#ifdef HAVE_SYS_TYPES_H 4772#include <sys/types.h> 4773#endif 4774#ifdef HAVE_UTMP_H 4775#include <utmp.h> 4776#endif 4777#ifdef HAVE_UTMPX_H 4778#include <utmpx.h> 4779#endif 4780#ifdef HAVE_LASTLOG_H 4781#include <lastlog.h> 4782#endif 4783 ]) 4784 4785dnl Adding -Werror to CFLAGS early prevents configure tests from running. 4786dnl Add now. 4787CFLAGS="$CFLAGS $werror_flags" 4788 4789if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 4790 TEST_SSH_IPV6=no 4791else 4792 TEST_SSH_IPV6=yes 4793fi 4794AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 4795AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 4796AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 4797AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 4798 4799AC_EXEEXT 4800AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 4801 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 4802 survey.sh]) 4803AC_OUTPUT 4804 4805# Print summary of options 4806 4807# Someone please show me a better way :) 4808A=`eval echo ${prefix}` ; A=`eval echo ${A}` 4809B=`eval echo ${bindir}` ; B=`eval echo ${B}` 4810C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 4811D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 4812E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 4813F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 4814G=`eval echo ${piddir}` ; G=`eval echo ${G}` 4815H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 4816I=`eval echo ${user_path}` ; I=`eval echo ${I}` 4817J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 4818 4819echo "" 4820echo "OpenSSH has been configured with the following options:" 4821echo " User binaries: $B" 4822echo " System binaries: $C" 4823echo " Configuration files: $D" 4824echo " Askpass program: $E" 4825echo " Manual pages: $F" 4826echo " PID file: $G" 4827echo " Privilege separation chroot path: $H" 4828if test "x$external_path_file" = "x/etc/login.conf" ; then 4829echo " At runtime, sshd will use the path defined in $external_path_file" 4830echo " Make sure the path to scp is present, otherwise scp will not work" 4831else 4832echo " sshd default user PATH: $I" 4833 if test ! -z "$external_path_file"; then 4834echo " (If PATH is set in $external_path_file it will be used instead. If" 4835echo " used, ensure the path to scp is present, otherwise scp will not work.)" 4836 fi 4837fi 4838if test ! -z "$superuser_path" ; then 4839echo " sshd superuser user PATH: $J" 4840fi 4841echo " Manpage format: $MANTYPE" 4842echo " PAM support: $PAM_MSG" 4843echo " OSF SIA support: $SIA_MSG" 4844echo " KerberosV support: $KRB5_MSG" 4845echo " SELinux support: $SELINUX_MSG" 4846echo " Smartcard support: $SCARD_MSG" 4847echo " S/KEY support: $SKEY_MSG" 4848echo " TCP Wrappers support: $TCPW_MSG" 4849echo " MD5 password support: $MD5_MSG" 4850echo " libedit support: $LIBEDIT_MSG" 4851echo " Solaris process contract support: $SPC_MSG" 4852echo " Solaris project support: $SP_MSG" 4853echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 4854echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 4855echo " BSD Auth support: $BSD_AUTH_MSG" 4856echo " Random number source: $RAND_MSG" 4857echo " Privsep sandbox style: $SANDBOX_STYLE" 4858 4859echo "" 4860 4861echo " Host: ${host}" 4862echo " Compiler: ${CC}" 4863echo " Compiler flags: ${CFLAGS}" 4864echo "Preprocessor flags: ${CPPFLAGS}" 4865echo " Linker flags: ${LDFLAGS}" 4866echo " Libraries: ${LIBS}" 4867if test ! -z "${SSHDLIBS}"; then 4868echo " +for sshd: ${SSHDLIBS}" 4869fi 4870if test ! -z "${SSHLIBS}"; then 4871echo " +for ssh: ${SSHLIBS}" 4872fi 4873 4874echo "" 4875 4876if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 4877 echo "SVR4 style packages are supported with \"make package\"" 4878 echo "" 4879fi 4880 4881if test "x$PAM_MSG" = "xyes" ; then 4882 echo "PAM is enabled. You may need to install a PAM control file " 4883 echo "for sshd, otherwise password authentication may fail. " 4884 echo "Example PAM control files can be found in the contrib/ " 4885 echo "subdirectory" 4886 echo "" 4887fi 4888 4889if test ! -z "$NO_PEERCHECK" ; then 4890 echo "WARNING: the operating system that you are using does not" 4891 echo "appear to support getpeereid(), getpeerucred() or the" 4892 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 4893 echo "enforce security checks to prevent unauthorised connections to" 4894 echo "ssh-agent. Their absence increases the risk that a malicious" 4895 echo "user can connect to your agent." 4896 echo "" 4897fi 4898 4899if test "$AUDIT_MODULE" = "bsm" ; then 4900 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 4901 echo "See the Solaris section in README.platform for details." 4902fi 4903