1 # $Id: configure.ac,v 1.583 2014/08/26 20:32:01 djm Exp $ 2 # 3 # Copyright (c) 1999-2004 Damien Miller 4 # 5 # Permission to use, copy, modify, and distribute this software for any 6 # purpose with or without fee is hereby granted, provided that the above 7 # copyright notice and this permission notice appear in all copies. 8 # 9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 17 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev (a] mindrot.org]) 18 AC_REVISION($Revision: 1.583 $) 19 AC_CONFIG_SRCDIR([ssh.c]) 20 AC_LANG([C]) 21 22 AC_CONFIG_HEADER([config.h]) 23 AC_PROG_CC 24 AC_CANONICAL_HOST 25 AC_C_BIGENDIAN 26 27 # Checks for programs. 28 AC_PROG_AWK 29 AC_PROG_CPP 30 AC_PROG_RANLIB 31 AC_PROG_INSTALL 32 AC_PROG_EGREP 33 AC_CHECK_TOOLS([AR], [ar]) 34 AC_PATH_PROG([CAT], [cat]) 35 AC_PATH_PROG([KILL], [kill]) 36 AC_PATH_PROGS([PERL], [perl5 perl]) 37 AC_PATH_PROG([SED], [sed]) 38 AC_SUBST([PERL]) 39 AC_PATH_PROG([ENT], [ent]) 40 AC_SUBST([ENT]) 41 AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 42 AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 43 AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 44 AC_PATH_PROG([SH], [sh]) 45 AC_PATH_PROG([GROFF], [groff]) 46 AC_PATH_PROG([NROFF], [nroff]) 47 AC_PATH_PROG([MANDOC], [mandoc]) 48 AC_SUBST([TEST_SHELL], [sh]) 49 50 dnl select manpage formatter 51 if test "x$MANDOC" != "x" ; then 52 MANFMT="$MANDOC" 53 elif test "x$NROFF" != "x" ; then 54 MANFMT="$NROFF -mandoc" 55 elif test "x$GROFF" != "x" ; then 56 MANFMT="$GROFF -mandoc -Tascii" 57 else 58 AC_MSG_WARN([no manpage formatted found]) 59 MANFMT="false" 60 fi 61 AC_SUBST([MANFMT]) 62 63 dnl for buildpkg.sh 64 AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 65 [/usr/sbin${PATH_SEPARATOR}/etc]) 66 AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 67 [/usr/sbin${PATH_SEPARATOR}/etc]) 68 AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 69 if test -x /sbin/sh; then 70 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 71 else 72 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 73 fi 74 75 # System features 76 AC_SYS_LARGEFILE 77 78 if test -z "$AR" ; then 79 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 80 fi 81 82 AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 83 if test ! -z "$PATH_PASSWD_PROG" ; then 84 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 85 [Full path of your "passwd" program]) 86 fi 87 88 if test -z "$LD" ; then 89 LD=$CC 90 fi 91 AC_SUBST([LD]) 92 93 AC_C_INLINE 94 95 AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 96 AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 97 #include <sys/types.h> 98 #include <sys/param.h> 99 #include <dev/systrace.h> 100 ]) 101 AC_CHECK_DECL([RLIMIT_NPROC], 102 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 103 #include <sys/types.h> 104 #include <sys/resource.h> 105 ]) 106 AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 107 #include <sys/types.h> 108 #include <linux/prctl.h> 109 ]) 110 111 openssl=yes 112 ssh1=no 113 COMMENT_OUT_RSA1="#no ssh1#" 114 AC_ARG_WITH([openssl], 115 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 116 [ if test "x$withval" = "xno" ; then 117 openssl=no 118 ssh1=no 119 fi 120 ] 121 ) 122 AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 123 if test "x$openssl" = "xyes" ; then 124 AC_MSG_RESULT([yes]) 125 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 126 else 127 AC_MSG_RESULT([no]) 128 fi 129 130 AC_ARG_WITH([ssh1], 131 [ --with-ssh1 Enable support for SSH protocol 1], 132 [ 133 if test "x$withval" = "xyes" ; then 134 if test "x$openssl" = "xno" ; then 135 AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled]) 136 fi 137 ssh1=yes 138 COMMENT_OUT_RSA1="" 139 elif test "x$withval" = "xno" ; then 140 ssh1=no 141 else 142 AC_MSG_ERROR([unknown --with-ssh1 argument]) 143 fi 144 ] 145 ) 146 AC_MSG_CHECKING([whether SSH protocol 1 support is enabled]) 147 if test "x$ssh1" = "xyes" ; then 148 AC_MSG_RESULT([yes]) 149 AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support]) 150 AC_SUBST([COMMENT_OUT_RSA1]) 151 else 152 AC_MSG_RESULT([no]) 153 fi 154 155 use_stack_protector=1 156 use_toolchain_hardening=1 157 AC_ARG_WITH([stackprotect], 158 [ --without-stackprotect Don't use compiler's stack protection], [ 159 if test "x$withval" = "xno"; then 160 use_stack_protector=0 161 fi ]) 162 AC_ARG_WITH([hardening], 163 [ --without-hardening Don't use toolchain hardening flags], [ 164 if test "x$withval" = "xno"; then 165 use_toolchain_hardening=0 166 fi ]) 167 168 # We use -Werror for the tests only so that we catch warnings like "this is 169 # on by default" for things like -fPIE. 170 AC_MSG_CHECKING([if $CC supports -Werror]) 171 saved_CFLAGS="$CFLAGS" 172 CFLAGS="$CFLAGS -Werror" 173 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 174 [ AC_MSG_RESULT([yes]) 175 WERROR="-Werror"], 176 [ AC_MSG_RESULT([no]) 177 WERROR="" ] 178 ) 179 CFLAGS="$saved_CFLAGS" 180 181 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 182 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 183 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 184 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 185 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 186 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 187 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 188 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 189 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 190 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 191 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 192 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 193 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 194 if test "x$use_toolchain_hardening" = "x1"; then 195 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 196 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 197 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 198 # NB. -ftrapv expects certain support functions to be present in 199 # the compiler library (libgcc or similar) to detect integer operations 200 # that can overflow. We must check that the result of enabling it 201 # actually links. The test program compiled/linked includes a number 202 # of integer operations that should exercise this. 203 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 204 fi 205 AC_MSG_CHECKING([gcc version]) 206 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 207 case $GCC_VER in 208 1.*) no_attrib_nonnull=1 ;; 209 2.8* | 2.9*) 210 no_attrib_nonnull=1 211 ;; 212 2.*) no_attrib_nonnull=1 ;; 213 *) ;; 214 esac 215 AC_MSG_RESULT([$GCC_VER]) 216 217 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 218 saved_CFLAGS="$CFLAGS" 219 CFLAGS="$CFLAGS -fno-builtin-memset" 220 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 221 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 222 [ AC_MSG_RESULT([yes]) ], 223 [ AC_MSG_RESULT([no]) 224 CFLAGS="$saved_CFLAGS" ] 225 ) 226 227 # -fstack-protector-all doesn't always work for some GCC versions 228 # and/or platforms, so we test if we can. If it's not supported 229 # on a given platform gcc will emit a warning so we use -Werror. 230 if test "x$use_stack_protector" = "x1"; then 231 for t in -fstack-protector-strong -fstack-protector-all \ 232 -fstack-protector; do 233 AC_MSG_CHECKING([if $CC supports $t]) 234 saved_CFLAGS="$CFLAGS" 235 saved_LDFLAGS="$LDFLAGS" 236 CFLAGS="$CFLAGS $t -Werror" 237 LDFLAGS="$LDFLAGS $t -Werror" 238 AC_LINK_IFELSE( 239 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 240 [[ 241 char x[256]; 242 snprintf(x, sizeof(x), "XXX"); 243 ]])], 244 [ AC_MSG_RESULT([yes]) 245 CFLAGS="$saved_CFLAGS $t" 246 LDFLAGS="$saved_LDFLAGS $t" 247 AC_MSG_CHECKING([if $t works]) 248 AC_RUN_IFELSE( 249 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 250 [[ 251 char x[256]; 252 snprintf(x, sizeof(x), "XXX"); 253 ]])], 254 [ AC_MSG_RESULT([yes]) 255 break ], 256 [ AC_MSG_RESULT([no]) ], 257 [ AC_MSG_WARN([cross compiling: cannot test]) 258 break ] 259 ) 260 ], 261 [ AC_MSG_RESULT([no]) ] 262 ) 263 CFLAGS="$saved_CFLAGS" 264 LDFLAGS="$saved_LDFLAGS" 265 done 266 fi 267 268 if test -z "$have_llong_max"; then 269 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 270 unset ac_cv_have_decl_LLONG_MAX 271 saved_CFLAGS="$CFLAGS" 272 CFLAGS="$CFLAGS -std=gnu99" 273 AC_CHECK_DECL([LLONG_MAX], 274 [have_llong_max=1], 275 [CFLAGS="$saved_CFLAGS"], 276 [#include <limits.h>] 277 ) 278 fi 279 fi 280 281 AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 282 AC_COMPILE_IFELSE( 283 [AC_LANG_PROGRAM([[ 284 #include <stdlib.h> 285 __attribute__((__unused__)) static void foo(void){return;}]], 286 [[ exit(0); ]])], 287 [ AC_MSG_RESULT([yes]) ], 288 [ AC_MSG_RESULT([no]) 289 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 290 [compiler does not accept __attribute__ on return types]) ] 291 ) 292 293 if test "x$no_attrib_nonnull" != "x1" ; then 294 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 295 fi 296 297 AC_ARG_WITH([rpath], 298 [ --without-rpath Disable auto-added -R linker paths], 299 [ 300 if test "x$withval" = "xno" ; then 301 need_dash_r="" 302 fi 303 if test "x$withval" = "xyes" ; then 304 need_dash_r=1 305 fi 306 ] 307 ) 308 309 # Allow user to specify flags 310 AC_ARG_WITH([cflags], 311 [ --with-cflags Specify additional flags to pass to compiler], 312 [ 313 if test -n "$withval" && test "x$withval" != "xno" && \ 314 test "x${withval}" != "xyes"; then 315 CFLAGS="$CFLAGS $withval" 316 fi 317 ] 318 ) 319 AC_ARG_WITH([cppflags], 320 [ --with-cppflags Specify additional flags to pass to preprocessor] , 321 [ 322 if test -n "$withval" && test "x$withval" != "xno" && \ 323 test "x${withval}" != "xyes"; then 324 CPPFLAGS="$CPPFLAGS $withval" 325 fi 326 ] 327 ) 328 AC_ARG_WITH([ldflags], 329 [ --with-ldflags Specify additional flags to pass to linker], 330 [ 331 if test -n "$withval" && test "x$withval" != "xno" && \ 332 test "x${withval}" != "xyes"; then 333 LDFLAGS="$LDFLAGS $withval" 334 fi 335 ] 336 ) 337 AC_ARG_WITH([libs], 338 [ --with-libs Specify additional libraries to link with], 339 [ 340 if test -n "$withval" && test "x$withval" != "xno" && \ 341 test "x${withval}" != "xyes"; then 342 LIBS="$LIBS $withval" 343 fi 344 ] 345 ) 346 AC_ARG_WITH([Werror], 347 [ --with-Werror Build main code with -Werror], 348 [ 349 if test -n "$withval" && test "x$withval" != "xno"; then 350 werror_flags="-Werror" 351 if test "x${withval}" != "xyes"; then 352 werror_flags="$withval" 353 fi 354 fi 355 ] 356 ) 357 358 AC_CHECK_HEADERS([ \ 359 blf.h \ 360 bstring.h \ 361 crypt.h \ 362 crypto/sha2.h \ 363 dirent.h \ 364 endian.h \ 365 elf.h \ 366 err.h \ 367 features.h \ 368 fcntl.h \ 369 floatingpoint.h \ 370 getopt.h \ 371 glob.h \ 372 ia.h \ 373 iaf.h \ 374 inttypes.h \ 375 langinfo.h \ 376 limits.h \ 377 locale.h \ 378 login.h \ 379 maillock.h \ 380 ndir.h \ 381 net/if_tun.h \ 382 netdb.h \ 383 netgroup.h \ 384 pam/pam_appl.h \ 385 paths.h \ 386 poll.h \ 387 pty.h \ 388 readpassphrase.h \ 389 rpc/types.h \ 390 security/pam_appl.h \ 391 sha2.h \ 392 shadow.h \ 393 stddef.h \ 394 stdint.h \ 395 string.h \ 396 strings.h \ 397 sys/audit.h \ 398 sys/bitypes.h \ 399 sys/bsdtty.h \ 400 sys/capability.h \ 401 sys/cdefs.h \ 402 sys/dir.h \ 403 sys/mman.h \ 404 sys/ndir.h \ 405 sys/poll.h \ 406 sys/prctl.h \ 407 sys/pstat.h \ 408 sys/ptrace.h \ 409 sys/select.h \ 410 sys/stat.h \ 411 sys/stream.h \ 412 sys/stropts.h \ 413 sys/strtio.h \ 414 sys/statvfs.h \ 415 sys/sysmacros.h \ 416 sys/time.h \ 417 sys/timers.h \ 418 time.h \ 419 tmpdir.h \ 420 ttyent.h \ 421 ucred.h \ 422 unistd.h \ 423 usersec.h \ 424 util.h \ 425 utime.h \ 426 utmp.h \ 427 utmpx.h \ 428 vis.h \ 429 wchar.h \ 430 ]) 431 432 # lastlog.h requires sys/time.h to be included first on Solaris 433 AC_CHECK_HEADERS([lastlog.h], [], [], [ 434 #ifdef HAVE_SYS_TIME_H 435 # include <sys/time.h> 436 #endif 437 ]) 438 439 # sys/ptms.h requires sys/stream.h to be included first on Solaris 440 AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 441 #ifdef HAVE_SYS_STREAM_H 442 # include <sys/stream.h> 443 #endif 444 ]) 445 446 # login_cap.h requires sys/types.h on NetBSD 447 AC_CHECK_HEADERS([login_cap.h], [], [], [ 448 #include <sys/types.h> 449 ]) 450 451 # older BSDs need sys/param.h before sys/mount.h 452 AC_CHECK_HEADERS([sys/mount.h], [], [], [ 453 #include <sys/param.h> 454 ]) 455 456 # Android requires sys/socket.h to be included before sys/un.h 457 AC_CHECK_HEADERS([sys/un.h], [], [], [ 458 #include <sys/types.h> 459 #include <sys/socket.h> 460 ]) 461 462 # Messages for features tested for in target-specific section 463 SIA_MSG="no" 464 SPC_MSG="no" 465 SP_MSG="no" 466 SPP_MSG="no" 467 468 # Support for Solaris/Illumos privileges (this test is used by both 469 # the --with-solaris-privs option and --with-sandbox=solaris). 470 SOLARIS_PRIVS="no" 471 472 # Check for some target-specific stuff 473 case "$host" in 474 *-*-aix*) 475 # Some versions of VAC won't allow macro redefinitions at 476 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 477 # particularly with older versions of vac or xlc. 478 # It also throws errors about null macro argments, but these are 479 # not fatal. 480 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 481 AC_COMPILE_IFELSE( 482 [AC_LANG_PROGRAM([[ 483 #define testmacro foo 484 #define testmacro bar]], 485 [[ exit(0); ]])], 486 [ AC_MSG_RESULT([yes]) ], 487 [ AC_MSG_RESULT([no]) 488 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 489 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`" 490 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 491 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 492 ] 493 ) 494 495 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 496 if (test -z "$blibpath"); then 497 blibpath="/usr/lib:/lib" 498 fi 499 saved_LDFLAGS="$LDFLAGS" 500 if test "$GCC" = "yes"; then 501 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 502 else 503 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 504 fi 505 for tryflags in $flags ;do 506 if (test -z "$blibflags"); then 507 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 508 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 509 [blibflags=$tryflags], []) 510 fi 511 done 512 if (test -z "$blibflags"); then 513 AC_MSG_RESULT([not found]) 514 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 515 else 516 AC_MSG_RESULT([$blibflags]) 517 fi 518 LDFLAGS="$saved_LDFLAGS" 519 dnl Check for authenticate. Might be in libs.a on older AIXes 520 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 521 [Define if you want to enable AIX4's authenticate function])], 522 [AC_CHECK_LIB([s], [authenticate], 523 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 524 LIBS="$LIBS -ls" 525 ]) 526 ]) 527 dnl Check for various auth function declarations in headers. 528 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 529 passwdexpired, setauthdb], , , [#include <usersec.h>]) 530 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 531 AC_CHECK_DECLS([loginfailed], 532 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 533 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 534 [[ (void)loginfailed("user","host","tty",0); ]])], 535 [AC_MSG_RESULT([yes]) 536 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 537 [Define if your AIX loginfailed() function 538 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 539 ])], 540 [], 541 [#include <usersec.h>] 542 ) 543 AC_CHECK_FUNCS([getgrset setauthdb]) 544 AC_CHECK_DECL([F_CLOSEM], 545 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 546 [], 547 [ #include <limits.h> 548 #include <fcntl.h> ] 549 ) 550 check_for_aix_broken_getaddrinfo=1 551 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.]) 552 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 553 [Define if your platform breaks doing a seteuid before a setuid]) 554 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 555 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 556 dnl AIX handles lastlog as part of its login message 557 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 558 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 559 [Some systems need a utmpx entry for /bin/login to work]) 560 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 561 [Define to a Set Process Title type if your system is 562 supported by bsd-setproctitle.c]) 563 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 564 [AIX 5.2 and 5.3 (and presumably newer) require this]) 565 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 566 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 567 ;; 568 *-*-android*) 569 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 570 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 571 ;; 572 *-*-cygwin*) 573 check_for_libcrypt_later=1 574 LIBS="$LIBS /usr/lib/textreadmode.o" 575 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 576 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 577 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 578 [Define to disable UID restoration test]) 579 AC_DEFINE([DISABLE_SHADOW], [1], 580 [Define if you want to disable shadow passwords]) 581 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 582 [Define if X11 doesn't support AF_UNIX sockets on that system]) 583 AC_DEFINE([DISABLE_FD_PASSING], [1], 584 [Define if your platform needs to skip post auth 585 file descriptor passing]) 586 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 587 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 588 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 589 # reasons which cause compile warnings, so we disable those warnings. 590 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 591 ;; 592 *-*-dgux*) 593 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 594 [Define if your system choked on IP TOS setting]) 595 AC_DEFINE([SETEUID_BREAKS_SETUID]) 596 AC_DEFINE([BROKEN_SETREUID]) 597 AC_DEFINE([BROKEN_SETREGID]) 598 ;; 599 *-*-darwin*) 600 use_pie=auto 601 AC_MSG_CHECKING([if we have working getaddrinfo]) 602 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h> 603 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 604 exit(0); 605 else 606 exit(1); 607 } 608 ]])], 609 [AC_MSG_RESULT([working])], 610 [AC_MSG_RESULT([buggy]) 611 AC_DEFINE([BROKEN_GETADDRINFO], [1], 612 [getaddrinfo is broken (if present)]) 613 ], 614 [AC_MSG_RESULT([assume it is working])]) 615 AC_DEFINE([SETEUID_BREAKS_SETUID]) 616 AC_DEFINE([BROKEN_SETREUID]) 617 AC_DEFINE([BROKEN_SETREGID]) 618 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 619 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 620 [Define if your resolver libs need this for getrrsetbyname]) 621 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 622 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 623 [Use tunnel device compatibility to OpenBSD]) 624 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 625 [Prepend the address family to IP tunnel traffic]) 626 m4_pattern_allow([AU_IPv]) 627 AC_CHECK_DECL([AU_IPv4], [], 628 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 629 [#include <bsm/audit.h>] 630 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 631 [Define if pututxline updates lastlog too]) 632 ) 633 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 634 [Define to a Set Process Title type if your system is 635 supported by bsd-setproctitle.c]) 636 AC_CHECK_FUNCS([sandbox_init]) 637 AC_CHECK_HEADERS([sandbox.h]) 638 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 639 SSHDLIBS="$SSHDLIBS -lsandbox" 640 ]) 641 ;; 642 *-*-dragonfly*) 643 SSHDLIBS="$SSHDLIBS -lcrypt" 644 TEST_MALLOC_OPTIONS="AFGJPRX" 645 ;; 646 *-*-haiku*) 647 LIBS="$LIBS -lbsd " 648 AC_CHECK_LIB([network], [socket]) 649 AC_DEFINE([HAVE_U_INT64_T]) 650 MANTYPE=man 651 ;; 652 *-*-hpux*) 653 # first we define all of the options common to all HP-UX releases 654 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 655 IPADDR_IN_DISPLAY=yes 656 AC_DEFINE([USE_PIPES]) 657 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 658 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 659 [String used in /etc/passwd to denote locked account]) 660 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 661 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 662 maildir="/var/mail" 663 LIBS="$LIBS -lsec" 664 AC_CHECK_LIB([xnet], [t_error], , 665 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 666 667 # next, we define all of the options specific to major releases 668 case "$host" in 669 *-*-hpux10*) 670 if test -z "$GCC"; then 671 CFLAGS="$CFLAGS -Ae" 672 fi 673 ;; 674 *-*-hpux11*) 675 AC_DEFINE([PAM_SUN_CODEBASE], [1], 676 [Define if you are using Solaris-derived PAM which 677 passes pam_messages to the conversation function 678 with an extra level of indirection]) 679 AC_DEFINE([DISABLE_UTMP], [1], 680 [Define if you don't want to use utmp]) 681 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 682 check_for_hpux_broken_getaddrinfo=1 683 check_for_conflicting_getspnam=1 684 ;; 685 esac 686 687 # lastly, we define options specific to minor releases 688 case "$host" in 689 *-*-hpux10.26) 690 AC_DEFINE([HAVE_SECUREWARE], [1], 691 [Define if you have SecureWare-based 692 protected password database]) 693 disable_ptmx_check=yes 694 LIBS="$LIBS -lsecpw" 695 ;; 696 esac 697 ;; 698 *-*-irix5*) 699 PATH="$PATH:/usr/etc" 700 AC_DEFINE([BROKEN_INET_NTOA], [1], 701 [Define if you system's inet_ntoa is busted 702 (e.g. Irix gcc issue)]) 703 AC_DEFINE([SETEUID_BREAKS_SETUID]) 704 AC_DEFINE([BROKEN_SETREUID]) 705 AC_DEFINE([BROKEN_SETREGID]) 706 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 707 [Define if you shouldn't strip 'tty' from your 708 ttyname in [uw]tmp]) 709 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 710 ;; 711 *-*-irix6*) 712 PATH="$PATH:/usr/etc" 713 AC_DEFINE([WITH_IRIX_ARRAY], [1], 714 [Define if you have/want arrays 715 (cluster-wide session managment, not C arrays)]) 716 AC_DEFINE([WITH_IRIX_PROJECT], [1], 717 [Define if you want IRIX project management]) 718 AC_DEFINE([WITH_IRIX_AUDIT], [1], 719 [Define if you want IRIX audit trails]) 720 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 721 [Define if you want IRIX kernel jobs])]) 722 AC_DEFINE([BROKEN_INET_NTOA]) 723 AC_DEFINE([SETEUID_BREAKS_SETUID]) 724 AC_DEFINE([BROKEN_SETREUID]) 725 AC_DEFINE([BROKEN_SETREGID]) 726 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 727 AC_DEFINE([WITH_ABBREV_NO_TTY]) 728 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 729 ;; 730 *-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 731 check_for_libcrypt_later=1 732 AC_DEFINE([PAM_TTY_KLUDGE]) 733 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 734 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 735 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 736 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 737 ;; 738 *-*-linux*) 739 no_dev_ptmx=1 740 use_pie=auto 741 check_for_libcrypt_later=1 742 check_for_openpty_ctty_bug=1 743 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 744 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 745 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" 746 AC_DEFINE([PAM_TTY_KLUDGE], [1], 747 [Work around problematic Linux PAM modules handling of PAM_TTY]) 748 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 749 [String used in /etc/passwd to denote locked account]) 750 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 751 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 752 [Define to whatever link() returns for "not supported" 753 if it doesn't return EOPNOTSUPP.]) 754 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 755 AC_DEFINE([USE_BTMP]) 756 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 757 inet6_default_4in6=yes 758 case `uname -r` in 759 1.*|2.0.*) 760 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 761 [Define if cmsg_type is not passed correctly]) 762 ;; 763 esac 764 # tun(4) forwarding compat code 765 AC_CHECK_HEADERS([linux/if_tun.h]) 766 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 767 AC_DEFINE([SSH_TUN_LINUX], [1], 768 [Open tunnel devices the Linux tun/tap way]) 769 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 770 [Use tunnel device compatibility to OpenBSD]) 771 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 772 [Prepend the address family to IP tunnel traffic]) 773 fi 774 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 775 [], [#include <linux/types.h>]) 776 AC_MSG_CHECKING([for seccomp architecture]) 777 seccomp_audit_arch= 778 case "$host" in 779 x86_64-*) 780 seccomp_audit_arch=AUDIT_ARCH_X86_64 781 ;; 782 i*86-*) 783 seccomp_audit_arch=AUDIT_ARCH_I386 784 ;; 785 arm*-*) 786 seccomp_audit_arch=AUDIT_ARCH_ARM 787 ;; 788 aarch64*-*) 789 seccomp_audit_arch=AUDIT_ARCH_AARCH64 790 ;; 791 s390x-*) 792 seccomp_audit_arch=AUDIT_ARCH_S390X 793 ;; 794 s390-*) 795 seccomp_audit_arch=AUDIT_ARCH_S390 796 ;; 797 powerpc64-*) 798 seccomp_audit_arch=AUDIT_ARCH_PPC64 799 ;; 800 powerpc64le-*) 801 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 802 ;; 803 mips-*) 804 seccomp_audit_arch=AUDIT_ARCH_MIPS 805 ;; 806 mipsel-*) 807 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 808 ;; 809 mips64-*) 810 seccomp_audit_arch=AUDIT_ARCH_MIPS64 811 ;; 812 mips64el-*) 813 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 814 ;; 815 esac 816 if test "x$seccomp_audit_arch" != "x" ; then 817 AC_MSG_RESULT(["$seccomp_audit_arch"]) 818 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 819 [Specify the system call convention in use]) 820 else 821 AC_MSG_RESULT([architecture not supported]) 822 fi 823 ;; 824 mips-sony-bsd|mips-sony-newsos4) 825 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 826 SONY=1 827 ;; 828 *-*-netbsd*) 829 check_for_libcrypt_before=1 830 if test "x$withval" != "xno" ; then 831 need_dash_r=1 832 fi 833 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 834 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 835 AC_CHECK_HEADER([net/if_tap.h], , 836 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 837 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 838 [Prepend the address family to IP tunnel traffic]) 839 TEST_MALLOC_OPTIONS="AJRX" 840 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 841 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 842 ;; 843 *-*-freebsd*) 844 check_for_libcrypt_later=1 845 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 846 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 847 AC_CHECK_HEADER([net/if_tap.h], , 848 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 849 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 850 TEST_MALLOC_OPTIONS="AJRX" 851 # Preauth crypto occasionally uses file descriptors for crypto offload 852 # and will crash if they cannot be opened. 853 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 854 [define if setrlimit RLIMIT_NOFILE breaks things]) 855 ;; 856 *-*-bsdi*) 857 AC_DEFINE([SETEUID_BREAKS_SETUID]) 858 AC_DEFINE([BROKEN_SETREUID]) 859 AC_DEFINE([BROKEN_SETREGID]) 860 ;; 861 *-next-*) 862 conf_lastlog_location="/usr/adm/lastlog" 863 conf_utmp_location=/etc/utmp 864 conf_wtmp_location=/usr/adm/wtmp 865 maildir=/usr/spool/mail 866 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 867 AC_DEFINE([BROKEN_REALPATH]) 868 AC_DEFINE([USE_PIPES]) 869 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 870 ;; 871 *-*-openbsd*) 872 use_pie=auto 873 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 874 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 875 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 876 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 877 [syslog_r function is safe to use in in a signal handler]) 878 TEST_MALLOC_OPTIONS="AFGJPRX" 879 ;; 880 *-*-solaris*) 881 if test "x$withval" != "xno" ; then 882 need_dash_r=1 883 fi 884 AC_DEFINE([PAM_SUN_CODEBASE]) 885 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 886 AC_DEFINE([PAM_TTY_KLUDGE]) 887 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 888 [Define if pam_chauthtok wants real uid set 889 to the unpriv'ed user]) 890 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 891 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 892 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 893 [Define if sshd somehow reacquires a controlling TTY 894 after setsid()]) 895 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 896 in case the name is longer than 8 chars]) 897 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 898 external_path_file=/etc/default/login 899 # hardwire lastlog location (can't detect it on some versions) 900 conf_lastlog_location="/var/adm/lastlog" 901 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 902 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 903 if test "$sol2ver" -ge 8; then 904 AC_MSG_RESULT([yes]) 905 AC_DEFINE([DISABLE_UTMP]) 906 AC_DEFINE([DISABLE_WTMP], [1], 907 [Define if you don't want to use wtmp]) 908 else 909 AC_MSG_RESULT([no]) 910 fi 911 AC_CHECK_FUNCS([setpflags]) 912 AC_CHECK_FUNCS([setppriv]) 913 AC_CHECK_FUNCS([priv_basicset]) 914 AC_CHECK_HEADERS([priv.h]) 915 AC_ARG_WITH([solaris-contracts], 916 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 917 [ 918 AC_CHECK_LIB([contract], [ct_tmpl_activate], 919 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 920 [Define if you have Solaris process contracts]) 921 LIBS="$LIBS -lcontract" 922 SPC_MSG="yes" ], ) 923 ], 924 ) 925 AC_ARG_WITH([solaris-projects], 926 [ --with-solaris-projects Enable Solaris projects (experimental)], 927 [ 928 AC_CHECK_LIB([project], [setproject], 929 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 930 [Define if you have Solaris projects]) 931 LIBS="$LIBS -lproject" 932 SP_MSG="yes" ], ) 933 ], 934 ) 935 AC_ARG_WITH([solaris-privs], 936 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 937 [ 938 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 939 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 940 "x$ac_cv_header_priv_h" = "xyes" ; then 941 SOLARIS_PRIVS=yes 942 AC_MSG_RESULT([found]) 943 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 944 [Define to disable UID restoration test]) 945 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 946 [Define if you have Solaris privileges]) 947 SPP_MSG="yes" 948 else 949 AC_MSG_RESULT([not found]) 950 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 951 fi 952 ], 953 ) 954 TEST_SHELL=$SHELL # let configure find us a capable shell 955 ;; 956 *-*-sunos4*) 957 CPPFLAGS="$CPPFLAGS -DSUNOS4" 958 AC_CHECK_FUNCS([getpwanam]) 959 AC_DEFINE([PAM_SUN_CODEBASE]) 960 conf_utmp_location=/etc/utmp 961 conf_wtmp_location=/var/adm/wtmp 962 conf_lastlog_location=/var/adm/lastlog 963 AC_DEFINE([USE_PIPES]) 964 ;; 965 *-ncr-sysv*) 966 LIBS="$LIBS -lc89" 967 AC_DEFINE([USE_PIPES]) 968 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 969 AC_DEFINE([SETEUID_BREAKS_SETUID]) 970 AC_DEFINE([BROKEN_SETREUID]) 971 AC_DEFINE([BROKEN_SETREGID]) 972 ;; 973 *-sni-sysv*) 974 # /usr/ucblib MUST NOT be searched on ReliantUNIX 975 AC_CHECK_LIB([dl], [dlsym], ,) 976 # -lresolv needs to be at the end of LIBS or DNS lookups break 977 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 978 IPADDR_IN_DISPLAY=yes 979 AC_DEFINE([USE_PIPES]) 980 AC_DEFINE([IP_TOS_IS_BROKEN]) 981 AC_DEFINE([SETEUID_BREAKS_SETUID]) 982 AC_DEFINE([BROKEN_SETREUID]) 983 AC_DEFINE([BROKEN_SETREGID]) 984 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 985 external_path_file=/etc/default/login 986 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 987 # Attention: always take care to bind libsocket and libnsl before libc, 988 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 989 ;; 990 # UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 991 *-*-sysv4.2*) 992 AC_DEFINE([USE_PIPES]) 993 AC_DEFINE([SETEUID_BREAKS_SETUID]) 994 AC_DEFINE([BROKEN_SETREUID]) 995 AC_DEFINE([BROKEN_SETREGID]) 996 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 997 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 998 TEST_SHELL=$SHELL # let configure find us a capable shell 999 ;; 1000 # UnixWare 7.x, OpenUNIX 8 1001 *-*-sysv5*) 1002 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1003 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1004 AC_DEFINE([USE_PIPES]) 1005 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1006 AC_DEFINE([BROKEN_GETADDRINFO]) 1007 AC_DEFINE([BROKEN_SETREUID]) 1008 AC_DEFINE([BROKEN_SETREGID]) 1009 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1010 TEST_SHELL=$SHELL # let configure find us a capable shell 1011 case "$host" in 1012 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1013 maildir=/var/spool/mail 1014 AC_DEFINE([BROKEN_LIBIAF], [1], 1015 [ia_uinfo routines not supported by OS yet]) 1016 AC_DEFINE([BROKEN_UPDWTMPX]) 1017 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1018 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1019 AC_DEFINE([HAVE_SECUREWARE]) 1020 AC_DEFINE([DISABLE_SHADOW]) 1021 ], , ) 1022 ;; 1023 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1024 check_for_libcrypt_later=1 1025 ;; 1026 esac 1027 ;; 1028 *-*-sysv*) 1029 ;; 1030 # SCO UNIX and OEM versions of SCO UNIX 1031 *-*-sco3.2v4*) 1032 AC_MSG_ERROR("This Platform is no longer supported.") 1033 ;; 1034 # SCO OpenServer 5.x 1035 *-*-sco3.2v5*) 1036 if test -z "$GCC"; then 1037 CFLAGS="$CFLAGS -belf" 1038 fi 1039 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1040 no_dev_ptmx=1 1041 AC_DEFINE([USE_PIPES]) 1042 AC_DEFINE([HAVE_SECUREWARE]) 1043 AC_DEFINE([DISABLE_SHADOW]) 1044 AC_DEFINE([DISABLE_FD_PASSING]) 1045 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1046 AC_DEFINE([BROKEN_GETADDRINFO]) 1047 AC_DEFINE([BROKEN_SETREUID]) 1048 AC_DEFINE([BROKEN_SETREGID]) 1049 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1050 AC_DEFINE([BROKEN_UPDWTMPX]) 1051 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1052 AC_CHECK_FUNCS([getluid setluid]) 1053 MANTYPE=man 1054 TEST_SHELL=$SHELL # let configure find us a capable shell 1055 SKIP_DISABLE_LASTLOG_DEFINE=yes 1056 ;; 1057 *-*-unicosmk*) 1058 AC_DEFINE([NO_SSH_LASTLOG], [1], 1059 [Define if you don't want to use lastlog in session.c]) 1060 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1061 AC_DEFINE([BROKEN_SETREUID]) 1062 AC_DEFINE([BROKEN_SETREGID]) 1063 AC_DEFINE([USE_PIPES]) 1064 AC_DEFINE([DISABLE_FD_PASSING]) 1065 LDFLAGS="$LDFLAGS" 1066 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" 1067 MANTYPE=cat 1068 ;; 1069 *-*-unicosmp*) 1070 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1071 AC_DEFINE([BROKEN_SETREUID]) 1072 AC_DEFINE([BROKEN_SETREGID]) 1073 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1074 AC_DEFINE([USE_PIPES]) 1075 AC_DEFINE([DISABLE_FD_PASSING]) 1076 LDFLAGS="$LDFLAGS" 1077 LIBS="$LIBS -lgen -lacid -ldb" 1078 MANTYPE=cat 1079 ;; 1080 *-*-unicos*) 1081 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1082 AC_DEFINE([BROKEN_SETREUID]) 1083 AC_DEFINE([BROKEN_SETREGID]) 1084 AC_DEFINE([USE_PIPES]) 1085 AC_DEFINE([DISABLE_FD_PASSING]) 1086 AC_DEFINE([NO_SSH_LASTLOG]) 1087 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" 1088 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" 1089 MANTYPE=cat 1090 ;; 1091 *-dec-osf*) 1092 AC_MSG_CHECKING([for Digital Unix SIA]) 1093 no_osfsia="" 1094 AC_ARG_WITH([osfsia], 1095 [ --with-osfsia Enable Digital Unix SIA], 1096 [ 1097 if test "x$withval" = "xno" ; then 1098 AC_MSG_RESULT([disabled]) 1099 no_osfsia=1 1100 fi 1101 ], 1102 ) 1103 if test -z "$no_osfsia" ; then 1104 if test -f /etc/sia/matrix.conf; then 1105 AC_MSG_RESULT([yes]) 1106 AC_DEFINE([HAVE_OSF_SIA], [1], 1107 [Define if you have Digital Unix Security 1108 Integration Architecture]) 1109 AC_DEFINE([DISABLE_LOGIN], [1], 1110 [Define if you don't want to use your 1111 system's login() call]) 1112 AC_DEFINE([DISABLE_FD_PASSING]) 1113 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1114 SIA_MSG="yes" 1115 else 1116 AC_MSG_RESULT([no]) 1117 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1118 [String used in /etc/passwd to denote locked account]) 1119 fi 1120 fi 1121 AC_DEFINE([BROKEN_GETADDRINFO]) 1122 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1123 AC_DEFINE([BROKEN_SETREUID]) 1124 AC_DEFINE([BROKEN_SETREGID]) 1125 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1126 ;; 1127 1128 *-*-nto-qnx*) 1129 AC_DEFINE([USE_PIPES]) 1130 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1131 AC_DEFINE([DISABLE_LASTLOG]) 1132 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1133 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1134 enable_etc_default_login=no # has incompatible /etc/default/login 1135 case "$host" in 1136 *-*-nto-qnx6*) 1137 AC_DEFINE([DISABLE_FD_PASSING]) 1138 ;; 1139 esac 1140 ;; 1141 1142 *-*-ultrix*) 1143 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1144 AC_DEFINE([NEED_SETPGRP]) 1145 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1146 ;; 1147 1148 *-*-lynxos) 1149 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1150 AC_DEFINE([BROKEN_SETVBUF], [1], 1151 [LynxOS has broken setvbuf() implementation]) 1152 ;; 1153 esac 1154 1155 AC_MSG_CHECKING([compiler and flags for sanity]) 1156 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], 1157 [ AC_MSG_RESULT([yes]) ], 1158 [ 1159 AC_MSG_RESULT([no]) 1160 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1161 ], 1162 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1163 ) 1164 1165 dnl Checks for header files. 1166 # Checks for libraries. 1167 AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1168 1169 dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1170 AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1171 AC_CHECK_LIB([gen], [dirname], [ 1172 AC_CACHE_CHECK([for broken dirname], 1173 ac_cv_have_broken_dirname, [ 1174 save_LIBS="$LIBS" 1175 LIBS="$LIBS -lgen" 1176 AC_RUN_IFELSE( 1177 [AC_LANG_SOURCE([[ 1178 #include <libgen.h> 1179 #include <string.h> 1180 1181 int main(int argc, char **argv) { 1182 char *s, buf[32]; 1183 1184 strncpy(buf,"/etc", 32); 1185 s = dirname(buf); 1186 if (!s || strncmp(s, "/", 32) != 0) { 1187 exit(1); 1188 } else { 1189 exit(0); 1190 } 1191 } 1192 ]])], 1193 [ ac_cv_have_broken_dirname="no" ], 1194 [ ac_cv_have_broken_dirname="yes" ], 1195 [ ac_cv_have_broken_dirname="no" ], 1196 ) 1197 LIBS="$save_LIBS" 1198 ]) 1199 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1200 LIBS="$LIBS -lgen" 1201 AC_DEFINE([HAVE_DIRNAME]) 1202 AC_CHECK_HEADERS([libgen.h]) 1203 fi 1204 ]) 1205 ]) 1206 1207 AC_CHECK_FUNC([getspnam], , 1208 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1209 AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1210 [Define if you have the basename function.])]) 1211 1212 dnl zlib is required 1213 AC_ARG_WITH([zlib], 1214 [ --with-zlib=PATH Use zlib in PATH], 1215 [ if test "x$withval" = "xno" ; then 1216 AC_MSG_ERROR([*** zlib is required ***]) 1217 elif test "x$withval" != "xyes"; then 1218 if test -d "$withval/lib"; then 1219 if test -n "${need_dash_r}"; then 1220 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1221 else 1222 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1223 fi 1224 else 1225 if test -n "${need_dash_r}"; then 1226 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1227 else 1228 LDFLAGS="-L${withval} ${LDFLAGS}" 1229 fi 1230 fi 1231 if test -d "$withval/include"; then 1232 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1233 else 1234 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1235 fi 1236 fi ] 1237 ) 1238 1239 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1240 AC_CHECK_LIB([z], [deflate], , 1241 [ 1242 saved_CPPFLAGS="$CPPFLAGS" 1243 saved_LDFLAGS="$LDFLAGS" 1244 save_LIBS="$LIBS" 1245 dnl Check default zlib install dir 1246 if test -n "${need_dash_r}"; then 1247 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}" 1248 else 1249 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1250 fi 1251 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1252 LIBS="$LIBS -lz" 1253 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1254 [ 1255 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1256 ] 1257 ) 1258 ] 1259 ) 1260 1261 AC_ARG_WITH([zlib-version-check], 1262 [ --without-zlib-version-check Disable zlib version check], 1263 [ if test "x$withval" = "xno" ; then 1264 zlib_check_nonfatal=1 1265 fi 1266 ] 1267 ) 1268 1269 AC_MSG_CHECKING([for possibly buggy zlib]) 1270 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1271 #include <stdio.h> 1272 #include <stdlib.h> 1273 #include <zlib.h> 1274 ]], 1275 [[ 1276 int a=0, b=0, c=0, d=0, n, v; 1277 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1278 if (n != 3 && n != 4) 1279 exit(1); 1280 v = a*1000000 + b*10000 + c*100 + d; 1281 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1282 1283 /* 1.1.4 is OK */ 1284 if (a == 1 && b == 1 && c >= 4) 1285 exit(0); 1286 1287 /* 1.2.3 and up are OK */ 1288 if (v >= 1020300) 1289 exit(0); 1290 1291 exit(2); 1292 ]])], 1293 AC_MSG_RESULT([no]), 1294 [ AC_MSG_RESULT([yes]) 1295 if test -z "$zlib_check_nonfatal" ; then 1296 AC_MSG_ERROR([*** zlib too old - check config.log *** 1297 Your reported zlib version has known security problems. It's possible your 1298 vendor has fixed these problems without changing the version number. If you 1299 are sure this is the case, you can disable the check by running 1300 "./configure --without-zlib-version-check". 1301 If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1302 See http://www.gzip.org/zlib/ for details.]) 1303 else 1304 AC_MSG_WARN([zlib version may have security problems]) 1305 fi 1306 ], 1307 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1308 ) 1309 1310 dnl UnixWare 2.x 1311 AC_CHECK_FUNC([strcasecmp], 1312 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1313 ) 1314 AC_CHECK_FUNCS([utimes], 1315 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1316 LIBS="$LIBS -lc89"]) ] 1317 ) 1318 1319 dnl Checks for libutil functions 1320 AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1321 AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1322 AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1323 AC_SEARCH_LIBS([login], [util bsd]) 1324 AC_SEARCH_LIBS([logout], [util bsd]) 1325 AC_SEARCH_LIBS([logwtmp], [util bsd]) 1326 AC_SEARCH_LIBS([openpty], [util bsd]) 1327 AC_SEARCH_LIBS([updwtmp], [util bsd]) 1328 AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1329 1330 # On some platforms, inet_ntop and gethostbyname may be found in libresolv 1331 # or libnsl. 1332 AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1333 AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1334 1335 AC_FUNC_STRFTIME 1336 1337 # Check for ALTDIRFUNC glob() extension 1338 AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1339 AC_EGREP_CPP([FOUNDIT], 1340 [ 1341 #include <glob.h> 1342 #ifdef GLOB_ALTDIRFUNC 1343 FOUNDIT 1344 #endif 1345 ], 1346 [ 1347 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1348 [Define if your system glob() function has 1349 the GLOB_ALTDIRFUNC extension]) 1350 AC_MSG_RESULT([yes]) 1351 ], 1352 [ 1353 AC_MSG_RESULT([no]) 1354 ] 1355 ) 1356 1357 # Check for g.gl_matchc glob() extension 1358 AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1359 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1360 [[ glob_t g; g.gl_matchc = 1; ]])], 1361 [ 1362 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1363 [Define if your system glob() function has 1364 gl_matchc options in glob_t]) 1365 AC_MSG_RESULT([yes]) 1366 ], [ 1367 AC_MSG_RESULT([no]) 1368 ]) 1369 1370 # Check for g.gl_statv glob() extension 1371 AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1372 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1373 #ifndef GLOB_KEEPSTAT 1374 #error "glob does not support GLOB_KEEPSTAT extension" 1375 #endif 1376 glob_t g; 1377 g.gl_statv = NULL; 1378 ]])], 1379 [ 1380 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1381 [Define if your system glob() function has 1382 gl_statv options in glob_t]) 1383 AC_MSG_RESULT([yes]) 1384 ], [ 1385 AC_MSG_RESULT([no]) 1386 1387 ]) 1388 1389 AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1390 1391 AC_CHECK_DECL([VIS_ALL], , 1392 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1393 1394 AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1395 AC_RUN_IFELSE( 1396 [AC_LANG_PROGRAM([[ 1397 #include <sys/types.h> 1398 #include <dirent.h>]], 1399 [[ 1400 struct dirent d; 1401 exit(sizeof(d.d_name)<=sizeof(char)); 1402 ]])], 1403 [AC_MSG_RESULT([yes])], 1404 [ 1405 AC_MSG_RESULT([no]) 1406 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1407 [Define if your struct dirent expects you to 1408 allocate extra space for d_name]) 1409 ], 1410 [ 1411 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1412 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1413 ] 1414 ) 1415 1416 AC_MSG_CHECKING([for /proc/pid/fd directory]) 1417 if test -d "/proc/$$/fd" ; then 1418 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1419 AC_MSG_RESULT([yes]) 1420 else 1421 AC_MSG_RESULT([no]) 1422 fi 1423 1424 # Check whether user wants S/Key support 1425 SKEY_MSG="no" 1426 AC_ARG_WITH([skey], 1427 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)], 1428 [ 1429 if test "x$withval" != "xno" ; then 1430 1431 if test "x$withval" != "xyes" ; then 1432 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1433 LDFLAGS="$LDFLAGS -L${withval}/lib" 1434 fi 1435 1436 AC_DEFINE([SKEY], [1], [Define if you want S/Key support]) 1437 LIBS="-lskey $LIBS" 1438 SKEY_MSG="yes" 1439 1440 AC_MSG_CHECKING([for s/key support]) 1441 AC_LINK_IFELSE( 1442 [AC_LANG_PROGRAM([[ 1443 #include <stdio.h> 1444 #include <skey.h> 1445 ]], [[ 1446 char *ff = skey_keyinfo(""); ff=""; 1447 exit(0); 1448 ]])], 1449 [AC_MSG_RESULT([yes])], 1450 [ 1451 AC_MSG_RESULT([no]) 1452 AC_MSG_ERROR([** Incomplete or missing s/key libraries.]) 1453 ]) 1454 AC_MSG_CHECKING([if skeychallenge takes 4 arguments]) 1455 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1456 #include <stdio.h> 1457 #include <skey.h> 1458 ]], [[ 1459 (void)skeychallenge(NULL,"name","",0); 1460 ]])], 1461 [ 1462 AC_MSG_RESULT([yes]) 1463 AC_DEFINE([SKEYCHALLENGE_4ARG], [1], 1464 [Define if your skeychallenge() 1465 function takes 4 arguments (NetBSD)])], 1466 [ 1467 AC_MSG_RESULT([no]) 1468 ]) 1469 fi 1470 ] 1471 ) 1472 1473 # Check whether user wants to use ldns 1474 LDNS_MSG="no" 1475 AC_ARG_WITH(ldns, 1476 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1477 [ 1478 ldns="" 1479 if test "x$withval" = "xyes" ; then 1480 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1481 if test "x$PKGCONFIG" = "xno"; then 1482 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1483 LDFLAGS="$LDFLAGS -L${withval}/lib" 1484 LIBS="-lldns $LIBS" 1485 ldns=yes 1486 else 1487 LIBS="$LIBS `$LDNSCONFIG --libs`" 1488 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1489 fi 1490 elif test "x$withval" != "xno" ; then 1491 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1492 LDFLAGS="$LDFLAGS -L${withval}/lib" 1493 LIBS="-lldns $LIBS" 1494 ldns=yes 1495 fi 1496 1497 # Verify that it works. 1498 if test "x$ldns" = "xyes" ; then 1499 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1500 LDNS_MSG="yes" 1501 AC_MSG_CHECKING([for ldns support]) 1502 AC_LINK_IFELSE( 1503 [AC_LANG_SOURCE([[ 1504 #include <stdio.h> 1505 #include <stdlib.h> 1506 #include <stdint.h> 1507 #include <ldns/ldns.h> 1508 int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1509 ]]) 1510 ], 1511 [AC_MSG_RESULT(yes)], 1512 [ 1513 AC_MSG_RESULT(no) 1514 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1515 ]) 1516 fi 1517 ]) 1518 1519 # Check whether user wants libedit support 1520 LIBEDIT_MSG="no" 1521 AC_ARG_WITH([libedit], 1522 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1523 [ if test "x$withval" != "xno" ; then 1524 if test "x$withval" = "xyes" ; then 1525 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1526 if test "x$PKGCONFIG" != "xno"; then 1527 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1528 if "$PKGCONFIG" libedit; then 1529 AC_MSG_RESULT([yes]) 1530 use_pkgconfig_for_libedit=yes 1531 else 1532 AC_MSG_RESULT([no]) 1533 fi 1534 fi 1535 else 1536 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1537 if test -n "${need_dash_r}"; then 1538 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1539 else 1540 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1541 fi 1542 fi 1543 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1544 LIBEDIT=`$PKGCONFIG --libs libedit` 1545 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1546 else 1547 LIBEDIT="-ledit -lcurses" 1548 fi 1549 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1550 AC_CHECK_LIB([edit], [el_init], 1551 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1552 LIBEDIT_MSG="yes" 1553 AC_SUBST([LIBEDIT]) 1554 ], 1555 [ AC_MSG_ERROR([libedit not found]) ], 1556 [ $OTHERLIBS ] 1557 ) 1558 AC_MSG_CHECKING([if libedit version is compatible]) 1559 AC_COMPILE_IFELSE( 1560 [AC_LANG_PROGRAM([[ #include <histedit.h> ]], 1561 [[ 1562 int i = H_SETSIZE; 1563 el_init("", NULL, NULL, NULL); 1564 exit(0); 1565 ]])], 1566 [ AC_MSG_RESULT([yes]) ], 1567 [ AC_MSG_RESULT([no]) 1568 AC_MSG_ERROR([libedit version is not compatible]) ] 1569 ) 1570 fi ] 1571 ) 1572 1573 AUDIT_MODULE=none 1574 AC_ARG_WITH([audit], 1575 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1576 [ 1577 AC_MSG_CHECKING([for supported audit module]) 1578 case "$withval" in 1579 bsm) 1580 AC_MSG_RESULT([bsm]) 1581 AUDIT_MODULE=bsm 1582 dnl Checks for headers, libs and functions 1583 AC_CHECK_HEADERS([bsm/audit.h], [], 1584 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1585 [ 1586 #ifdef HAVE_TIME_H 1587 # include <time.h> 1588 #endif 1589 ] 1590 ) 1591 AC_CHECK_LIB([bsm], [getaudit], [], 1592 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1593 AC_CHECK_FUNCS([getaudit], [], 1594 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1595 # These are optional 1596 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1597 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1598 if test "$sol2ver" -ge 11; then 1599 SSHDLIBS="$SSHDLIBS -lscf" 1600 AC_DEFINE([BROKEN_BSM_API], [1], 1601 [The system has incomplete BSM API]) 1602 fi 1603 ;; 1604 linux) 1605 AC_MSG_RESULT([linux]) 1606 AUDIT_MODULE=linux 1607 dnl Checks for headers, libs and functions 1608 AC_CHECK_HEADERS([libaudit.h]) 1609 SSHDLIBS="$SSHDLIBS -laudit" 1610 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1611 ;; 1612 debug) 1613 AUDIT_MODULE=debug 1614 AC_MSG_RESULT([debug]) 1615 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1616 ;; 1617 no) 1618 AC_MSG_RESULT([no]) 1619 ;; 1620 *) 1621 AC_MSG_ERROR([Unknown audit module $withval]) 1622 ;; 1623 esac ] 1624 ) 1625 1626 AC_ARG_WITH([pie], 1627 [ --with-pie Build Position Independent Executables if possible], [ 1628 if test "x$withval" = "xno"; then 1629 use_pie=no 1630 fi 1631 if test "x$withval" = "xyes"; then 1632 use_pie=yes 1633 fi 1634 ] 1635 ) 1636 if test "x$use_pie" = "x"; then 1637 use_pie=no 1638 fi 1639 if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1640 # Turn off automatic PIE when toolchain hardening is off. 1641 use_pie=no 1642 fi 1643 if test "x$use_pie" = "xauto"; then 1644 # Automatic PIE requires gcc >= 4.x 1645 AC_MSG_CHECKING([for gcc >= 4.x]) 1646 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1647 #if !defined(__GNUC__) || __GNUC__ < 4 1648 #error gcc is too old 1649 #endif 1650 ]])], 1651 [ AC_MSG_RESULT([yes]) ], 1652 [ AC_MSG_RESULT([no]) 1653 use_pie=no ] 1654 ) 1655 fi 1656 if test "x$use_pie" != "xno"; then 1657 SAVED_CFLAGS="$CFLAGS" 1658 SAVED_LDFLAGS="$LDFLAGS" 1659 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1660 OSSH_CHECK_LDFLAG_LINK([-pie]) 1661 # We use both -fPIE and -pie or neither. 1662 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1663 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1664 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1665 AC_MSG_RESULT([yes]) 1666 else 1667 AC_MSG_RESULT([no]) 1668 CFLAGS="$SAVED_CFLAGS" 1669 LDFLAGS="$SAVED_LDFLAGS" 1670 fi 1671 fi 1672 1673 dnl Checks for library functions. Please keep in alphabetical order 1674 AC_CHECK_FUNCS([ \ 1675 Blowfish_initstate \ 1676 Blowfish_expandstate \ 1677 Blowfish_expand0state \ 1678 Blowfish_stream2word \ 1679 asprintf \ 1680 b64_ntop \ 1681 __b64_ntop \ 1682 b64_pton \ 1683 __b64_pton \ 1684 bcopy \ 1685 bcrypt_pbkdf \ 1686 bindresvport_sa \ 1687 blf_enc \ 1688 cap_rights_limit \ 1689 clock \ 1690 closefrom \ 1691 dirfd \ 1692 endgrent \ 1693 err \ 1694 errx \ 1695 explicit_bzero \ 1696 fchmod \ 1697 fchown \ 1698 freeaddrinfo \ 1699 fstatfs \ 1700 fstatvfs \ 1701 futimes \ 1702 getaddrinfo \ 1703 getcwd \ 1704 getgrouplist \ 1705 getnameinfo \ 1706 getopt \ 1707 getpeereid \ 1708 getpeerucred \ 1709 getpgid \ 1710 getpgrp \ 1711 _getpty \ 1712 getrlimit \ 1713 getttyent \ 1714 glob \ 1715 group_from_gid \ 1716 inet_aton \ 1717 inet_ntoa \ 1718 inet_ntop \ 1719 innetgr \ 1720 llabs \ 1721 login_getcapbool \ 1722 md5_crypt \ 1723 memmove \ 1724 memset_s \ 1725 mkdtemp \ 1726 ngetaddrinfo \ 1727 nsleep \ 1728 ogetaddrinfo \ 1729 openlog_r \ 1730 pledge \ 1731 poll \ 1732 prctl \ 1733 pstat \ 1734 readpassphrase \ 1735 reallocarray \ 1736 recvmsg \ 1737 rresvport_af \ 1738 sendmsg \ 1739 setdtablesize \ 1740 setegid \ 1741 setenv \ 1742 seteuid \ 1743 setgroupent \ 1744 setgroups \ 1745 setlinebuf \ 1746 setlogin \ 1747 setpassent\ 1748 setpcred \ 1749 setproctitle \ 1750 setregid \ 1751 setreuid \ 1752 setrlimit \ 1753 setsid \ 1754 setvbuf \ 1755 sigaction \ 1756 sigvec \ 1757 snprintf \ 1758 socketpair \ 1759 statfs \ 1760 statvfs \ 1761 strcasestr \ 1762 strdup \ 1763 strerror \ 1764 strlcat \ 1765 strlcpy \ 1766 strmode \ 1767 strnlen \ 1768 strnvis \ 1769 strptime \ 1770 strtonum \ 1771 strtoll \ 1772 strtoul \ 1773 strtoull \ 1774 swap32 \ 1775 sysconf \ 1776 tcgetpgrp \ 1777 timingsafe_bcmp \ 1778 truncate \ 1779 unsetenv \ 1780 updwtmpx \ 1781 user_from_uid \ 1782 usleep \ 1783 vasprintf \ 1784 vsnprintf \ 1785 waitpid \ 1786 warn \ 1787 ]) 1788 1789 dnl Wide character support. 1790 AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1791 1792 TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 1793 AC_MSG_CHECKING([for utf8 locale support]) 1794 AC_RUN_IFELSE( 1795 [AC_LANG_PROGRAM([[ 1796 #include <locale.h> 1797 #include <stdlib.h> 1798 ]], [[ 1799 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 1800 if (loc != NULL) 1801 exit(0); 1802 exit(1); 1803 ]])], 1804 AC_MSG_RESULT(yes), 1805 [AC_MSG_RESULT(no) 1806 TEST_SSH_UTF8=no], 1807 AC_MSG_WARN([cross compiling: assuming yes]) 1808 ) 1809 1810 AC_LINK_IFELSE( 1811 [AC_LANG_PROGRAM( 1812 [[ #include <ctype.h> ]], 1813 [[ return (isblank('a')); ]])], 1814 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1815 ]) 1816 1817 disable_pkcs11= 1818 AC_ARG_ENABLE([pkcs11], 1819 [ --disable-pkcs11 disable PKCS#11 support code [no]], 1820 [ 1821 if test "x$enableval" = "xno" ; then 1822 disable_pkcs11=1 1823 fi 1824 ] 1825 ) 1826 1827 # PKCS11 depends on OpenSSL. 1828 if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then 1829 # PKCS#11 support requires dlopen() and co 1830 AC_SEARCH_LIBS([dlopen], [dl], 1831 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])] 1832 ) 1833 fi 1834 1835 # IRIX has a const char return value for gai_strerror() 1836 AC_CHECK_FUNCS([gai_strerror], [ 1837 AC_DEFINE([HAVE_GAI_STRERROR]) 1838 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1839 #include <sys/types.h> 1840 #include <sys/socket.h> 1841 #include <netdb.h> 1842 1843 const char *gai_strerror(int); 1844 ]], [[ 1845 char *str; 1846 str = gai_strerror(0); 1847 ]])], [ 1848 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1849 [Define if gai_strerror() returns const char *])], [])]) 1850 1851 AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1852 [Some systems put nanosleep outside of libc])]) 1853 1854 AC_SEARCH_LIBS([clock_gettime], [rt], 1855 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1856 1857 dnl Make sure prototypes are defined for these before using them. 1858 AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])]) 1859 AC_CHECK_DECL([strsep], 1860 [AC_CHECK_FUNCS([strsep])], 1861 [], 1862 [ 1863 #ifdef HAVE_STRING_H 1864 # include <string.h> 1865 #endif 1866 ]) 1867 1868 dnl tcsendbreak might be a macro 1869 AC_CHECK_DECL([tcsendbreak], 1870 [AC_DEFINE([HAVE_TCSENDBREAK])], 1871 [AC_CHECK_FUNCS([tcsendbreak])], 1872 [#include <termios.h>] 1873 ) 1874 1875 AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 1876 1877 AC_CHECK_DECLS([SHUT_RD], , , 1878 [ 1879 #include <sys/types.h> 1880 #include <sys/socket.h> 1881 ]) 1882 1883 AC_CHECK_DECLS([O_NONBLOCK], , , 1884 [ 1885 #include <sys/types.h> 1886 #ifdef HAVE_SYS_STAT_H 1887 # include <sys/stat.h> 1888 #endif 1889 #ifdef HAVE_FCNTL_H 1890 # include <fcntl.h> 1891 #endif 1892 ]) 1893 1894 AC_CHECK_DECLS([writev], , , [ 1895 #include <sys/types.h> 1896 #include <sys/uio.h> 1897 #include <unistd.h> 1898 ]) 1899 1900 AC_CHECK_DECLS([MAXSYMLINKS], , , [ 1901 #include <sys/param.h> 1902 ]) 1903 1904 AC_CHECK_DECLS([offsetof], , , [ 1905 #include <stddef.h> 1906 ]) 1907 1908 # extra bits for select(2) 1909 AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 1910 #include <sys/param.h> 1911 #include <sys/types.h> 1912 #ifdef HAVE_SYS_SYSMACROS_H 1913 #include <sys/sysmacros.h> 1914 #endif 1915 #ifdef HAVE_SYS_SELECT_H 1916 #include <sys/select.h> 1917 #endif 1918 #ifdef HAVE_SYS_TIME_H 1919 #include <sys/time.h> 1920 #endif 1921 #ifdef HAVE_UNISTD_H 1922 #include <unistd.h> 1923 #endif 1924 ]]) 1925 AC_CHECK_TYPES([fd_mask], [], [], [[ 1926 #include <sys/param.h> 1927 #include <sys/types.h> 1928 #ifdef HAVE_SYS_SELECT_H 1929 #include <sys/select.h> 1930 #endif 1931 #ifdef HAVE_SYS_TIME_H 1932 #include <sys/time.h> 1933 #endif 1934 #ifdef HAVE_UNISTD_H 1935 #include <unistd.h> 1936 #endif 1937 ]]) 1938 1939 AC_CHECK_FUNCS([setresuid], [ 1940 dnl Some platorms have setresuid that isn't implemented, test for this 1941 AC_MSG_CHECKING([if setresuid seems to work]) 1942 AC_RUN_IFELSE( 1943 [AC_LANG_PROGRAM([[ 1944 #include <stdlib.h> 1945 #include <errno.h> 1946 ]], [[ 1947 errno=0; 1948 setresuid(0,0,0); 1949 if (errno==ENOSYS) 1950 exit(1); 1951 else 1952 exit(0); 1953 ]])], 1954 [AC_MSG_RESULT([yes])], 1955 [AC_DEFINE([BROKEN_SETRESUID], [1], 1956 [Define if your setresuid() is broken]) 1957 AC_MSG_RESULT([not implemented])], 1958 [AC_MSG_WARN([cross compiling: not checking setresuid])] 1959 ) 1960 ]) 1961 1962 AC_CHECK_FUNCS([setresgid], [ 1963 dnl Some platorms have setresgid that isn't implemented, test for this 1964 AC_MSG_CHECKING([if setresgid seems to work]) 1965 AC_RUN_IFELSE( 1966 [AC_LANG_PROGRAM([[ 1967 #include <stdlib.h> 1968 #include <errno.h> 1969 ]], [[ 1970 errno=0; 1971 setresgid(0,0,0); 1972 if (errno==ENOSYS) 1973 exit(1); 1974 else 1975 exit(0); 1976 ]])], 1977 [AC_MSG_RESULT([yes])], 1978 [AC_DEFINE([BROKEN_SETRESGID], [1], 1979 [Define if your setresgid() is broken]) 1980 AC_MSG_RESULT([not implemented])], 1981 [AC_MSG_WARN([cross compiling: not checking setresuid])] 1982 ) 1983 ]) 1984 1985 AC_CHECK_FUNCS([realpath], [ 1986 dnl the sftp v3 spec says SSH_FXP_REALPATH will "canonicalize any given 1987 dnl path name", however some implementations of realpath (and some 1988 dnl versions of the POSIX spec) do not work on non-existent files, 1989 dnl so we use the OpenBSD implementation on those platforms. 1990 AC_MSG_CHECKING([if realpath works with non-existent files]) 1991 AC_RUN_IFELSE( 1992 [AC_LANG_PROGRAM([[ 1993 #include <limits.h> 1994 #include <stdlib.h> 1995 #include <errno.h> 1996 ]], [[ 1997 char buf[PATH_MAX]; 1998 if (realpath("/opensshnonexistentfilename1234", buf) == NULL) 1999 if (errno == ENOENT) 2000 exit(1); 2001 exit(0); 2002 ]])], 2003 [AC_MSG_RESULT([yes])], 2004 [AC_DEFINE([BROKEN_REALPATH], [1], 2005 [realpath does not work with nonexistent files]) 2006 AC_MSG_RESULT([no])], 2007 [AC_MSG_WARN([cross compiling: assuming working])] 2008 ) 2009 ]) 2010 2011 dnl Checks for time functions 2012 AC_CHECK_FUNCS([gettimeofday time]) 2013 dnl Checks for utmp functions 2014 AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2015 AC_CHECK_FUNCS([utmpname]) 2016 dnl Checks for utmpx functions 2017 AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2018 AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2019 dnl Checks for lastlog functions 2020 AC_CHECK_FUNCS([getlastlogxbyname]) 2021 2022 AC_CHECK_FUNC([daemon], 2023 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2024 [AC_CHECK_LIB([bsd], [daemon], 2025 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2026 ) 2027 2028 AC_CHECK_FUNC([getpagesize], 2029 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2030 [Define if your libraries define getpagesize()])], 2031 [AC_CHECK_LIB([ucb], [getpagesize], 2032 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2033 ) 2034 2035 # Check for broken snprintf 2036 if test "x$ac_cv_func_snprintf" = "xyes" ; then 2037 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2038 AC_RUN_IFELSE( 2039 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 2040 [[ 2041 char b[5]; 2042 snprintf(b,5,"123456789"); 2043 exit(b[4]!='\0'); 2044 ]])], 2045 [AC_MSG_RESULT([yes])], 2046 [ 2047 AC_MSG_RESULT([no]) 2048 AC_DEFINE([BROKEN_SNPRINTF], [1], 2049 [Define if your snprintf is busted]) 2050 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2051 ], 2052 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2053 ) 2054 fi 2055 2056 # We depend on vsnprintf returning the right thing on overflow: the 2057 # number of characters it tried to create (as per SUSv3) 2058 if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2059 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2060 AC_RUN_IFELSE( 2061 [AC_LANG_PROGRAM([[ 2062 #include <sys/types.h> 2063 #include <stdio.h> 2064 #include <stdarg.h> 2065 2066 int x_snprintf(char *str, size_t count, const char *fmt, ...) 2067 { 2068 size_t ret; 2069 va_list ap; 2070 2071 va_start(ap, fmt); 2072 ret = vsnprintf(str, count, fmt, ap); 2073 va_end(ap); 2074 return ret; 2075 } 2076 ]], [[ 2077 char x[1]; 2078 if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2079 return 1; 2080 if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2081 return 1; 2082 return 0; 2083 ]])], 2084 [AC_MSG_RESULT([yes])], 2085 [ 2086 AC_MSG_RESULT([no]) 2087 AC_DEFINE([BROKEN_SNPRINTF], [1], 2088 [Define if your snprintf is busted]) 2089 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2090 ], 2091 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2092 ) 2093 fi 2094 2095 # On systems where [v]snprintf is broken, but is declared in stdio, 2096 # check that the fmt argument is const char * or just char *. 2097 # This is only useful for when BROKEN_SNPRINTF 2098 AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2099 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2100 #include <stdio.h> 2101 int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2102 ]], [[ 2103 snprintf(0, 0, 0); 2104 ]])], 2105 [AC_MSG_RESULT([yes]) 2106 AC_DEFINE([SNPRINTF_CONST], [const], 2107 [Define as const if snprintf() can declare const char *fmt])], 2108 [AC_MSG_RESULT([no]) 2109 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2110 2111 # Check for missing getpeereid (or equiv) support 2112 NO_PEERCHECK="" 2113 if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2114 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2115 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2116 #include <sys/types.h> 2117 #include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2118 [ AC_MSG_RESULT([yes]) 2119 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2120 ], [AC_MSG_RESULT([no]) 2121 NO_PEERCHECK=1 2122 ]) 2123 fi 2124 2125 dnl see whether mkstemp() requires XXXXXX 2126 if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 2127 AC_MSG_CHECKING([for (overly) strict mkstemp]) 2128 AC_RUN_IFELSE( 2129 [AC_LANG_PROGRAM([[ 2130 #include <stdlib.h> 2131 ]], [[ 2132 char template[]="conftest.mkstemp-test"; 2133 if (mkstemp(template) == -1) 2134 exit(1); 2135 unlink(template); 2136 exit(0); 2137 ]])], 2138 [ 2139 AC_MSG_RESULT([no]) 2140 ], 2141 [ 2142 AC_MSG_RESULT([yes]) 2143 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) 2144 ], 2145 [ 2146 AC_MSG_RESULT([yes]) 2147 AC_DEFINE([HAVE_STRICT_MKSTEMP]) 2148 ] 2149 ) 2150 fi 2151 2152 dnl make sure that openpty does not reacquire controlling terminal 2153 if test ! -z "$check_for_openpty_ctty_bug"; then 2154 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2155 AC_RUN_IFELSE( 2156 [AC_LANG_PROGRAM([[ 2157 #include <stdio.h> 2158 #include <sys/fcntl.h> 2159 #include <sys/types.h> 2160 #include <sys/wait.h> 2161 ]], [[ 2162 pid_t pid; 2163 int fd, ptyfd, ttyfd, status; 2164 2165 pid = fork(); 2166 if (pid < 0) { /* failed */ 2167 exit(1); 2168 } else if (pid > 0) { /* parent */ 2169 waitpid(pid, &status, 0); 2170 if (WIFEXITED(status)) 2171 exit(WEXITSTATUS(status)); 2172 else 2173 exit(2); 2174 } else { /* child */ 2175 close(0); close(1); close(2); 2176 setsid(); 2177 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2178 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2179 if (fd >= 0) 2180 exit(3); /* Acquired ctty: broken */ 2181 else 2182 exit(0); /* Did not acquire ctty: OK */ 2183 } 2184 ]])], 2185 [ 2186 AC_MSG_RESULT([yes]) 2187 ], 2188 [ 2189 AC_MSG_RESULT([no]) 2190 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2191 ], 2192 [ 2193 AC_MSG_RESULT([cross-compiling, assuming yes]) 2194 ] 2195 ) 2196 fi 2197 2198 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2199 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2200 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2201 AC_RUN_IFELSE( 2202 [AC_LANG_PROGRAM([[ 2203 #include <stdio.h> 2204 #include <sys/socket.h> 2205 #include <netdb.h> 2206 #include <errno.h> 2207 #include <netinet/in.h> 2208 2209 #define TEST_PORT "2222" 2210 ]], [[ 2211 int err, sock; 2212 struct addrinfo *gai_ai, *ai, hints; 2213 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2214 2215 memset(&hints, 0, sizeof(hints)); 2216 hints.ai_family = PF_UNSPEC; 2217 hints.ai_socktype = SOCK_STREAM; 2218 hints.ai_flags = AI_PASSIVE; 2219 2220 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2221 if (err != 0) { 2222 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2223 exit(1); 2224 } 2225 2226 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2227 if (ai->ai_family != AF_INET6) 2228 continue; 2229 2230 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2231 sizeof(ntop), strport, sizeof(strport), 2232 NI_NUMERICHOST|NI_NUMERICSERV); 2233 2234 if (err != 0) { 2235 if (err == EAI_SYSTEM) 2236 perror("getnameinfo EAI_SYSTEM"); 2237 else 2238 fprintf(stderr, "getnameinfo failed: %s\n", 2239 gai_strerror(err)); 2240 exit(2); 2241 } 2242 2243 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2244 if (sock < 0) 2245 perror("socket"); 2246 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2247 if (errno == EBADF) 2248 exit(3); 2249 } 2250 } 2251 exit(0); 2252 ]])], 2253 [ 2254 AC_MSG_RESULT([yes]) 2255 ], 2256 [ 2257 AC_MSG_RESULT([no]) 2258 AC_DEFINE([BROKEN_GETADDRINFO]) 2259 ], 2260 [ 2261 AC_MSG_RESULT([cross-compiling, assuming yes]) 2262 ] 2263 ) 2264 fi 2265 2266 if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2267 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2268 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2269 AC_RUN_IFELSE( 2270 [AC_LANG_PROGRAM([[ 2271 #include <stdio.h> 2272 #include <sys/socket.h> 2273 #include <netdb.h> 2274 #include <errno.h> 2275 #include <netinet/in.h> 2276 2277 #define TEST_PORT "2222" 2278 ]], [[ 2279 int err, sock; 2280 struct addrinfo *gai_ai, *ai, hints; 2281 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2282 2283 memset(&hints, 0, sizeof(hints)); 2284 hints.ai_family = PF_UNSPEC; 2285 hints.ai_socktype = SOCK_STREAM; 2286 hints.ai_flags = AI_PASSIVE; 2287 2288 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2289 if (err != 0) { 2290 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2291 exit(1); 2292 } 2293 2294 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2295 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2296 continue; 2297 2298 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2299 sizeof(ntop), strport, sizeof(strport), 2300 NI_NUMERICHOST|NI_NUMERICSERV); 2301 2302 if (ai->ai_family == AF_INET && err != 0) { 2303 perror("getnameinfo"); 2304 exit(2); 2305 } 2306 } 2307 exit(0); 2308 ]])], 2309 [ 2310 AC_MSG_RESULT([yes]) 2311 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2312 [Define if you have a getaddrinfo that fails 2313 for the all-zeros IPv6 address]) 2314 ], 2315 [ 2316 AC_MSG_RESULT([no]) 2317 AC_DEFINE([BROKEN_GETADDRINFO]) 2318 ], 2319 [ 2320 AC_MSG_RESULT([cross-compiling, assuming no]) 2321 ] 2322 ) 2323 fi 2324 2325 if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2326 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2327 [#include <sys/types.h> 2328 #include <sys/socket.h> 2329 #include <netdb.h>]) 2330 fi 2331 2332 if test "x$check_for_conflicting_getspnam" = "x1"; then 2333 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2334 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]], 2335 [[ exit(0); ]])], 2336 [ 2337 AC_MSG_RESULT([no]) 2338 ], 2339 [ 2340 AC_MSG_RESULT([yes]) 2341 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2342 [Conflicting defs for getspnam]) 2343 ] 2344 ) 2345 fi 2346 2347 dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2348 dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2349 dnl for over ten years). Despite this incompatibility being reported during 2350 dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2351 dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2352 dnl implementation. Try to detect this mess, and assume the only safe option 2353 dnl if we're cross compiling. 2354 dnl 2355 dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2356 dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2357 if test "x$ac_cv_func_strnvis" = "xyes"; then 2358 AC_MSG_CHECKING([for working strnvis]) 2359 AC_RUN_IFELSE( 2360 [AC_LANG_PROGRAM([[ 2361 #include <signal.h> 2362 #include <stdlib.h> 2363 #include <string.h> 2364 #include <vis.h> 2365 static void sighandler(int sig) { _exit(1); } 2366 ]], [[ 2367 char dst[16]; 2368 2369 signal(SIGSEGV, sighandler); 2370 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2371 exit(0); 2372 exit(1) 2373 ]])], 2374 [AC_MSG_RESULT([yes])], 2375 [AC_MSG_RESULT([no]) 2376 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2377 [AC_MSG_WARN([cross compiling: assuming broken]) 2378 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2379 ) 2380 fi 2381 2382 AC_FUNC_GETPGRP 2383 2384 # Search for OpenSSL 2385 saved_CPPFLAGS="$CPPFLAGS" 2386 saved_LDFLAGS="$LDFLAGS" 2387 AC_ARG_WITH([ssl-dir], 2388 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2389 [ 2390 if test "x$openssl" = "xno" ; then 2391 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2392 fi 2393 if test "x$withval" != "xno" ; then 2394 case "$withval" in 2395 # Relative paths 2396 ./*|../*) withval="`pwd`/$withval" 2397 esac 2398 if test -d "$withval/lib"; then 2399 if test -n "${need_dash_r}"; then 2400 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 2401 else 2402 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2403 fi 2404 elif test -d "$withval/lib64"; then 2405 if test -n "${need_dash_r}"; then 2406 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}" 2407 else 2408 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2409 fi 2410 else 2411 if test -n "${need_dash_r}"; then 2412 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 2413 else 2414 LDFLAGS="-L${withval} ${LDFLAGS}" 2415 fi 2416 fi 2417 if test -d "$withval/include"; then 2418 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2419 else 2420 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2421 fi 2422 fi 2423 ] 2424 ) 2425 2426 AC_ARG_WITH([openssl-header-check], 2427 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2428 [ 2429 if test "x$withval" = "xno" ; then 2430 openssl_check_nonfatal=1 2431 fi 2432 ] 2433 ) 2434 2435 openssl_engine=no 2436 AC_ARG_WITH([ssl-engine], 2437 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2438 [ 2439 if test "x$withval" != "xno" ; then 2440 if test "x$openssl" = "xno" ; then 2441 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2442 fi 2443 openssl_engine=yes 2444 fi 2445 ] 2446 ) 2447 2448 if test "x$openssl" = "xyes" ; then 2449 LIBS="-lcrypto $LIBS" 2450 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1], 2451 [Define if your ssl headers are included 2452 with #include <openssl/header.h>])], 2453 [ 2454 dnl Check default openssl install dir 2455 if test -n "${need_dash_r}"; then 2456 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" 2457 else 2458 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" 2459 fi 2460 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" 2461 AC_CHECK_HEADER([openssl/opensslv.h], , 2462 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2463 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])], 2464 [ 2465 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***]) 2466 ] 2467 ) 2468 ] 2469 ) 2470 2471 # Determine OpenSSL header version 2472 AC_MSG_CHECKING([OpenSSL header version]) 2473 AC_RUN_IFELSE( 2474 [AC_LANG_PROGRAM([[ 2475 #include <stdlib.h> 2476 #include <stdio.h> 2477 #include <string.h> 2478 #include <openssl/opensslv.h> 2479 #define DATA "conftest.sslincver" 2480 ]], [[ 2481 FILE *fd; 2482 int rc; 2483 2484 fd = fopen(DATA,"w"); 2485 if(fd == NULL) 2486 exit(1); 2487 2488 if ((rc = fprintf(fd, "%08lx (%s)\n", 2489 (unsigned long)OPENSSL_VERSION_NUMBER, 2490 OPENSSL_VERSION_TEXT)) < 0) 2491 exit(1); 2492 2493 exit(0); 2494 ]])], 2495 [ 2496 ssl_header_ver=`cat conftest.sslincver` 2497 AC_MSG_RESULT([$ssl_header_ver]) 2498 ], 2499 [ 2500 AC_MSG_RESULT([not found]) 2501 AC_MSG_ERROR([OpenSSL version header not found.]) 2502 ], 2503 [ 2504 AC_MSG_WARN([cross compiling: not checking]) 2505 ] 2506 ) 2507 2508 # Determine OpenSSL library version 2509 AC_MSG_CHECKING([OpenSSL library version]) 2510 AC_RUN_IFELSE( 2511 [AC_LANG_PROGRAM([[ 2512 #include <stdio.h> 2513 #include <string.h> 2514 #include <openssl/opensslv.h> 2515 #include <openssl/crypto.h> 2516 #define DATA "conftest.ssllibver" 2517 ]], [[ 2518 FILE *fd; 2519 int rc; 2520 2521 fd = fopen(DATA,"w"); 2522 if(fd == NULL) 2523 exit(1); 2524 2525 if ((rc = fprintf(fd, "%08lx (%s)\n", (unsigned long)SSLeay(), 2526 SSLeay_version(SSLEAY_VERSION))) < 0) 2527 exit(1); 2528 2529 exit(0); 2530 ]])], 2531 [ 2532 ssl_library_ver=`cat conftest.ssllibver` 2533 # Check version is supported. 2534 case "$ssl_library_ver" in 2535 10000*|0*) 2536 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2537 ;; 2538 *) ;; 2539 esac 2540 AC_MSG_RESULT([$ssl_library_ver]) 2541 ], 2542 [ 2543 AC_MSG_RESULT([not found]) 2544 AC_MSG_ERROR([OpenSSL library not found.]) 2545 ], 2546 [ 2547 AC_MSG_WARN([cross compiling: not checking]) 2548 ] 2549 ) 2550 2551 # Sanity check OpenSSL headers 2552 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2553 AC_RUN_IFELSE( 2554 [AC_LANG_PROGRAM([[ 2555 #include <string.h> 2556 #include <openssl/opensslv.h> 2557 #include <openssl/crypto.h> 2558 ]], [[ 2559 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2560 ]])], 2561 [ 2562 AC_MSG_RESULT([yes]) 2563 ], 2564 [ 2565 AC_MSG_RESULT([no]) 2566 if test "x$openssl_check_nonfatal" = "x"; then 2567 AC_MSG_ERROR([Your OpenSSL headers do not match your 2568 library. Check config.log for details. 2569 If you are sure your installation is consistent, you can disable the check 2570 by running "./configure --without-openssl-header-check". 2571 Also see contrib/findssl.sh for help identifying header/library mismatches. 2572 ]) 2573 else 2574 AC_MSG_WARN([Your OpenSSL headers do not match your 2575 library. Check config.log for details. 2576 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2577 fi 2578 ], 2579 [ 2580 AC_MSG_WARN([cross compiling: not checking]) 2581 ] 2582 ) 2583 2584 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2585 AC_LINK_IFELSE( 2586 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2587 [[ SSLeay_add_all_algorithms(); ]])], 2588 [ 2589 AC_MSG_RESULT([yes]) 2590 ], 2591 [ 2592 AC_MSG_RESULT([no]) 2593 saved_LIBS="$LIBS" 2594 LIBS="$LIBS -ldl" 2595 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2596 AC_LINK_IFELSE( 2597 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2598 [[ SSLeay_add_all_algorithms(); ]])], 2599 [ 2600 AC_MSG_RESULT([yes]) 2601 ], 2602 [ 2603 AC_MSG_RESULT([no]) 2604 LIBS="$saved_LIBS" 2605 ] 2606 ) 2607 ] 2608 ) 2609 2610 AC_CHECK_FUNCS([ \ 2611 BN_is_prime_ex \ 2612 DSA_generate_parameters_ex \ 2613 EVP_DigestInit_ex \ 2614 EVP_DigestFinal_ex \ 2615 EVP_MD_CTX_init \ 2616 EVP_MD_CTX_cleanup \ 2617 EVP_MD_CTX_copy_ex \ 2618 HMAC_CTX_init \ 2619 RSA_generate_key_ex \ 2620 RSA_get_default_method \ 2621 ]) 2622 2623 if test "x$openssl_engine" = "xyes" ; then 2624 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2625 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2626 #include <openssl/engine.h> 2627 ]], [[ 2628 ENGINE_load_builtin_engines(); 2629 ENGINE_register_all_complete(); 2630 ]])], 2631 [ AC_MSG_RESULT([yes]) 2632 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2633 [Enable OpenSSL engine support]) 2634 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2635 ]) 2636 fi 2637 2638 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2639 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2640 AC_LINK_IFELSE( 2641 [AC_LANG_PROGRAM([[ 2642 #include <string.h> 2643 #include <openssl/evp.h> 2644 ]], [[ 2645 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2646 ]])], 2647 [ 2648 AC_MSG_RESULT([no]) 2649 ], 2650 [ 2651 AC_MSG_RESULT([yes]) 2652 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2653 [libcrypto is missing AES 192 and 256 bit functions]) 2654 ] 2655 ) 2656 2657 # Check for OpenSSL with EVP_aes_*ctr 2658 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2659 AC_LINK_IFELSE( 2660 [AC_LANG_PROGRAM([[ 2661 #include <string.h> 2662 #include <openssl/evp.h> 2663 ]], [[ 2664 exit(EVP_aes_128_ctr() == NULL || 2665 EVP_aes_192_cbc() == NULL || 2666 EVP_aes_256_cbc() == NULL); 2667 ]])], 2668 [ 2669 AC_MSG_RESULT([yes]) 2670 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2671 [libcrypto has EVP AES CTR]) 2672 ], 2673 [ 2674 AC_MSG_RESULT([no]) 2675 ] 2676 ) 2677 2678 # Check for OpenSSL with EVP_aes_*gcm 2679 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2680 AC_LINK_IFELSE( 2681 [AC_LANG_PROGRAM([[ 2682 #include <string.h> 2683 #include <openssl/evp.h> 2684 ]], [[ 2685 exit(EVP_aes_128_gcm() == NULL || 2686 EVP_aes_256_gcm() == NULL || 2687 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2688 EVP_CTRL_GCM_IV_GEN == 0 || 2689 EVP_CTRL_GCM_SET_TAG == 0 || 2690 EVP_CTRL_GCM_GET_TAG == 0 || 2691 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2692 ]])], 2693 [ 2694 AC_MSG_RESULT([yes]) 2695 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2696 [libcrypto has EVP AES GCM]) 2697 ], 2698 [ 2699 AC_MSG_RESULT([no]) 2700 unsupported_algorithms="$unsupported_cipers \ 2701 aes128-gcm (a] openssh.com \ 2702 aes256-gcm (a] openssh.com" 2703 ] 2704 ) 2705 2706 AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto], 2707 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1], 2708 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])]) 2709 2710 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2711 AC_LINK_IFELSE( 2712 [AC_LANG_PROGRAM([[ 2713 #include <string.h> 2714 #include <openssl/evp.h> 2715 ]], [[ 2716 if(EVP_DigestUpdate(NULL, NULL,0)) 2717 exit(0); 2718 ]])], 2719 [ 2720 AC_MSG_RESULT([yes]) 2721 ], 2722 [ 2723 AC_MSG_RESULT([no]) 2724 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2725 [Define if EVP_DigestUpdate returns void]) 2726 ] 2727 ) 2728 2729 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2730 # because the system crypt() is more featureful. 2731 if test "x$check_for_libcrypt_before" = "x1"; then 2732 AC_CHECK_LIB([crypt], [crypt]) 2733 fi 2734 2735 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2736 # version in OpenSSL. 2737 if test "x$check_for_libcrypt_later" = "x1"; then 2738 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2739 fi 2740 AC_CHECK_FUNCS([crypt DES_crypt]) 2741 2742 # Search for SHA256 support in libc and/or OpenSSL 2743 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], , 2744 [unsupported_algorithms="$unsupported_algorithms \ 2745 hmac-sha2-256 \ 2746 hmac-sha2-512 \ 2747 diffie-hellman-group-exchange-sha256 \ 2748 hmac-sha2-256-etm (a] openssh.com \ 2749 hmac-sha2-512-etm (a] openssh.com" 2750 ] 2751 ) 2752 # Search for RIPE-MD support in OpenSSL 2753 AC_CHECK_FUNCS([EVP_ripemd160], , 2754 [unsupported_algorithms="$unsupported_algorithms \ 2755 hmac-ripemd160 \ 2756 hmac-ripemd160 (a] openssh.com \ 2757 hmac-ripemd160-etm (a] openssh.com" 2758 ] 2759 ) 2760 2761 # Check complete ECC support in OpenSSL 2762 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 2763 AC_LINK_IFELSE( 2764 [AC_LANG_PROGRAM([[ 2765 #include <openssl/ec.h> 2766 #include <openssl/ecdh.h> 2767 #include <openssl/ecdsa.h> 2768 #include <openssl/evp.h> 2769 #include <openssl/objects.h> 2770 #include <openssl/opensslv.h> 2771 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2772 # error "OpenSSL < 0.9.8g has unreliable ECC code" 2773 #endif 2774 ]], [[ 2775 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 2776 const EVP_MD *m = EVP_sha256(); /* We need this too */ 2777 ]])], 2778 [ AC_MSG_RESULT([yes]) 2779 enable_nistp256=1 ], 2780 [ AC_MSG_RESULT([no]) ] 2781 ) 2782 2783 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 2784 AC_LINK_IFELSE( 2785 [AC_LANG_PROGRAM([[ 2786 #include <openssl/ec.h> 2787 #include <openssl/ecdh.h> 2788 #include <openssl/ecdsa.h> 2789 #include <openssl/evp.h> 2790 #include <openssl/objects.h> 2791 #include <openssl/opensslv.h> 2792 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2793 # error "OpenSSL < 0.9.8g has unreliable ECC code" 2794 #endif 2795 ]], [[ 2796 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 2797 const EVP_MD *m = EVP_sha384(); /* We need this too */ 2798 ]])], 2799 [ AC_MSG_RESULT([yes]) 2800 enable_nistp384=1 ], 2801 [ AC_MSG_RESULT([no]) ] 2802 ) 2803 2804 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 2805 AC_LINK_IFELSE( 2806 [AC_LANG_PROGRAM([[ 2807 #include <openssl/ec.h> 2808 #include <openssl/ecdh.h> 2809 #include <openssl/ecdsa.h> 2810 #include <openssl/evp.h> 2811 #include <openssl/objects.h> 2812 #include <openssl/opensslv.h> 2813 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2814 # error "OpenSSL < 0.9.8g has unreliable ECC code" 2815 #endif 2816 ]], [[ 2817 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 2818 const EVP_MD *m = EVP_sha512(); /* We need this too */ 2819 ]])], 2820 [ AC_MSG_RESULT([yes]) 2821 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 2822 AC_RUN_IFELSE( 2823 [AC_LANG_PROGRAM([[ 2824 #include <openssl/ec.h> 2825 #include <openssl/ecdh.h> 2826 #include <openssl/ecdsa.h> 2827 #include <openssl/evp.h> 2828 #include <openssl/objects.h> 2829 #include <openssl/opensslv.h> 2830 ]],[[ 2831 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 2832 const EVP_MD *m = EVP_sha512(); /* We need this too */ 2833 exit(e == NULL || m == NULL); 2834 ]])], 2835 [ AC_MSG_RESULT([yes]) 2836 enable_nistp521=1 ], 2837 [ AC_MSG_RESULT([no]) ], 2838 [ AC_MSG_WARN([cross-compiling: assuming yes]) 2839 enable_nistp521=1 ] 2840 )], 2841 AC_MSG_RESULT([no]) 2842 ) 2843 2844 COMMENT_OUT_ECC="#no ecc#" 2845 TEST_SSH_ECC=no 2846 2847 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 2848 test x$enable_nistp521 = x1; then 2849 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 2850 fi 2851 if test x$enable_nistp256 = x1; then 2852 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 2853 [libcrypto has NID_X9_62_prime256v1]) 2854 TEST_SSH_ECC=yes 2855 COMMENT_OUT_ECC="" 2856 else 2857 unsupported_algorithms="$unsupported_algorithms \ 2858 ecdsa-sha2-nistp256 \ 2859 ecdh-sha2-nistp256 \ 2860 ecdsa-sha2-nistp256-cert-v01 (a] openssh.com" 2861 fi 2862 if test x$enable_nistp384 = x1; then 2863 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 2864 TEST_SSH_ECC=yes 2865 COMMENT_OUT_ECC="" 2866 else 2867 unsupported_algorithms="$unsupported_algorithms \ 2868 ecdsa-sha2-nistp384 \ 2869 ecdh-sha2-nistp384 \ 2870 ecdsa-sha2-nistp384-cert-v01 (a] openssh.com" 2871 fi 2872 if test x$enable_nistp521 = x1; then 2873 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 2874 TEST_SSH_ECC=yes 2875 COMMENT_OUT_ECC="" 2876 else 2877 unsupported_algorithms="$unsupported_algorithms \ 2878 ecdh-sha2-nistp521 \ 2879 ecdsa-sha2-nistp521 \ 2880 ecdsa-sha2-nistp521-cert-v01 (a] openssh.com" 2881 fi 2882 2883 AC_SUBST([TEST_SSH_ECC]) 2884 AC_SUBST([COMMENT_OUT_ECC]) 2885 else 2886 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2887 AC_CHECK_FUNCS([crypt]) 2888 fi 2889 2890 AC_CHECK_FUNCS([ \ 2891 arc4random \ 2892 arc4random_buf \ 2893 arc4random_stir \ 2894 arc4random_uniform \ 2895 ]) 2896 2897 saved_LIBS="$LIBS" 2898 AC_CHECK_LIB([iaf], [ia_openinfo], [ 2899 LIBS="$LIBS -liaf" 2900 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 2901 AC_DEFINE([HAVE_LIBIAF], [1], 2902 [Define if system has libiaf that supports set_id]) 2903 ]) 2904 ]) 2905 LIBS="$saved_LIBS" 2906 2907 ### Configure cryptographic random number support 2908 2909 # Check wheter OpenSSL seeds itself 2910 if test "x$openssl" = "xyes" ; then 2911 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 2912 AC_RUN_IFELSE( 2913 [AC_LANG_PROGRAM([[ 2914 #include <string.h> 2915 #include <openssl/rand.h> 2916 ]], [[ 2917 exit(RAND_status() == 1 ? 0 : 1); 2918 ]])], 2919 [ 2920 OPENSSL_SEEDS_ITSELF=yes 2921 AC_MSG_RESULT([yes]) 2922 ], 2923 [ 2924 AC_MSG_RESULT([no]) 2925 ], 2926 [ 2927 AC_MSG_WARN([cross compiling: assuming yes]) 2928 # This is safe, since we will fatal() at runtime if 2929 # OpenSSL is not seeded correctly. 2930 OPENSSL_SEEDS_ITSELF=yes 2931 ] 2932 ) 2933 fi 2934 2935 # PRNGD TCP socket 2936 AC_ARG_WITH([prngd-port], 2937 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 2938 [ 2939 case "$withval" in 2940 no) 2941 withval="" 2942 ;; 2943 [[0-9]]*) 2944 ;; 2945 *) 2946 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 2947 ;; 2948 esac 2949 if test ! -z "$withval" ; then 2950 PRNGD_PORT="$withval" 2951 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 2952 [Port number of PRNGD/EGD random number socket]) 2953 fi 2954 ] 2955 ) 2956 2957 # PRNGD Unix domain socket 2958 AC_ARG_WITH([prngd-socket], 2959 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 2960 [ 2961 case "$withval" in 2962 yes) 2963 withval="/var/run/egd-pool" 2964 ;; 2965 no) 2966 withval="" 2967 ;; 2968 /*) 2969 ;; 2970 *) 2971 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 2972 ;; 2973 esac 2974 2975 if test ! -z "$withval" ; then 2976 if test ! -z "$PRNGD_PORT" ; then 2977 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 2978 fi 2979 if test ! -r "$withval" ; then 2980 AC_MSG_WARN([Entropy socket is not readable]) 2981 fi 2982 PRNGD_SOCKET="$withval" 2983 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 2984 [Location of PRNGD/EGD random number socket]) 2985 fi 2986 ], 2987 [ 2988 # Check for existing socket only if we don't have a random device already 2989 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 2990 AC_MSG_CHECKING([for PRNGD/EGD socket]) 2991 # Insert other locations here 2992 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 2993 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 2994 PRNGD_SOCKET="$sock" 2995 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 2996 break; 2997 fi 2998 done 2999 if test ! -z "$PRNGD_SOCKET" ; then 3000 AC_MSG_RESULT([$PRNGD_SOCKET]) 3001 else 3002 AC_MSG_RESULT([not found]) 3003 fi 3004 fi 3005 ] 3006 ) 3007 3008 # Which randomness source do we use? 3009 if test ! -z "$PRNGD_PORT" ; then 3010 RAND_MSG="PRNGd port $PRNGD_PORT" 3011 elif test ! -z "$PRNGD_SOCKET" ; then 3012 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3013 elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3014 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3015 [Define if you want the OpenSSL internally seeded PRNG only]) 3016 RAND_MSG="OpenSSL internal ONLY" 3017 elif test "x$openssl" = "xno" ; then 3018 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3019 else 3020 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3021 fi 3022 3023 # Check for PAM libs 3024 PAM_MSG="no" 3025 AC_ARG_WITH([pam], 3026 [ --with-pam Enable PAM support ], 3027 [ 3028 if test "x$withval" != "xno" ; then 3029 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3030 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3031 AC_MSG_ERROR([PAM headers not found]) 3032 fi 3033 3034 saved_LIBS="$LIBS" 3035 AC_CHECK_LIB([dl], [dlopen], , ) 3036 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3037 AC_CHECK_FUNCS([pam_getenvlist]) 3038 AC_CHECK_FUNCS([pam_putenv]) 3039 LIBS="$saved_LIBS" 3040 3041 PAM_MSG="yes" 3042 3043 SSHDLIBS="$SSHDLIBS -lpam" 3044 AC_DEFINE([USE_PAM], [1], 3045 [Define if you want to enable PAM support]) 3046 3047 if test $ac_cv_lib_dl_dlopen = yes; then 3048 case "$LIBS" in 3049 *-ldl*) 3050 # libdl already in LIBS 3051 ;; 3052 *) 3053 SSHDLIBS="$SSHDLIBS -ldl" 3054 ;; 3055 esac 3056 fi 3057 fi 3058 ] 3059 ) 3060 3061 AC_ARG_WITH([pam-service], 3062 [ --with-pam-service=name Specify PAM service name ], 3063 [ 3064 if test "x$withval" != "xno" && \ 3065 test "x$withval" != "xyes" ; then 3066 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3067 ["$withval"], [sshd PAM service name]) 3068 fi 3069 ] 3070 ) 3071 3072 # Check for older PAM 3073 if test "x$PAM_MSG" = "xyes" ; then 3074 # Check PAM strerror arguments (old PAM) 3075 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3076 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3077 #include <stdlib.h> 3078 #if defined(HAVE_SECURITY_PAM_APPL_H) 3079 #include <security/pam_appl.h> 3080 #elif defined (HAVE_PAM_PAM_APPL_H) 3081 #include <pam/pam_appl.h> 3082 #endif 3083 ]], [[ 3084 (void)pam_strerror((pam_handle_t *)NULL, -1); 3085 ]])], [AC_MSG_RESULT([no])], [ 3086 AC_DEFINE([HAVE_OLD_PAM], [1], 3087 [Define if you have an old version of PAM 3088 which takes only one argument to pam_strerror]) 3089 AC_MSG_RESULT([yes]) 3090 PAM_MSG="yes (old library)" 3091 3092 ]) 3093 fi 3094 3095 case "$host" in 3096 *-*-cygwin*) 3097 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3098 ;; 3099 *) 3100 SSH_PRIVSEP_USER=sshd 3101 ;; 3102 esac 3103 AC_ARG_WITH([privsep-user], 3104 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3105 [ 3106 if test -n "$withval" && test "x$withval" != "xno" && \ 3107 test "x${withval}" != "xyes"; then 3108 SSH_PRIVSEP_USER=$withval 3109 fi 3110 ] 3111 ) 3112 if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3113 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3114 [Cygwin function to fetch non-privileged user for privilege separation]) 3115 else 3116 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3117 [non-privileged user for privilege separation]) 3118 fi 3119 AC_SUBST([SSH_PRIVSEP_USER]) 3120 3121 if test "x$have_linux_no_new_privs" = "x1" ; then 3122 AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3123 #include <sys/types.h> 3124 #include <linux/seccomp.h> 3125 ]) 3126 fi 3127 if test "x$have_seccomp_filter" = "x1" ; then 3128 AC_MSG_CHECKING([kernel for seccomp_filter support]) 3129 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3130 #include <errno.h> 3131 #include <elf.h> 3132 #include <linux/audit.h> 3133 #include <linux/seccomp.h> 3134 #include <stdlib.h> 3135 #include <sys/prctl.h> 3136 ]], 3137 [[ int i = $seccomp_audit_arch; 3138 errno = 0; 3139 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3140 exit(errno == EFAULT ? 0 : 1); ]])], 3141 [ AC_MSG_RESULT([yes]) ], [ 3142 AC_MSG_RESULT([no]) 3143 # Disable seccomp filter as a target 3144 have_seccomp_filter=0 3145 ] 3146 ) 3147 fi 3148 3149 # Decide which sandbox style to use 3150 sandbox_arg="" 3151 AC_ARG_WITH([sandbox], 3152 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3153 [ 3154 if test "x$withval" = "xyes" ; then 3155 sandbox_arg="" 3156 else 3157 sandbox_arg="$withval" 3158 fi 3159 ] 3160 ) 3161 3162 # Some platforms (seems to be the ones that have a kernel poll(2)-type 3163 # function with which they implement select(2)) use an extra file descriptor 3164 # when calling select(2), which means we can't use the rlimit sandbox. 3165 AC_MSG_CHECKING([if select works with descriptor rlimit]) 3166 AC_RUN_IFELSE( 3167 [AC_LANG_PROGRAM([[ 3168 #include <sys/types.h> 3169 #ifdef HAVE_SYS_TIME_H 3170 # include <sys/time.h> 3171 #endif 3172 #include <sys/resource.h> 3173 #ifdef HAVE_SYS_SELECT_H 3174 # include <sys/select.h> 3175 #endif 3176 #include <errno.h> 3177 #include <fcntl.h> 3178 #include <stdlib.h> 3179 ]],[[ 3180 struct rlimit rl_zero; 3181 int fd, r; 3182 fd_set fds; 3183 struct timeval tv; 3184 3185 fd = open("/dev/null", O_RDONLY); 3186 FD_ZERO(&fds); 3187 FD_SET(fd, &fds); 3188 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3189 setrlimit(RLIMIT_FSIZE, &rl_zero); 3190 setrlimit(RLIMIT_NOFILE, &rl_zero); 3191 tv.tv_sec = 1; 3192 tv.tv_usec = 0; 3193 r = select(fd+1, &fds, NULL, NULL, &tv); 3194 exit (r == -1 ? 1 : 0); 3195 ]])], 3196 [AC_MSG_RESULT([yes]) 3197 select_works_with_rlimit=yes], 3198 [AC_MSG_RESULT([no]) 3199 select_works_with_rlimit=no], 3200 [AC_MSG_WARN([cross compiling: assuming yes])] 3201 ) 3202 3203 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3204 AC_RUN_IFELSE( 3205 [AC_LANG_PROGRAM([[ 3206 #include <sys/types.h> 3207 #ifdef HAVE_SYS_TIME_H 3208 # include <sys/time.h> 3209 #endif 3210 #include <sys/resource.h> 3211 #include <errno.h> 3212 #include <stdlib.h> 3213 ]],[[ 3214 struct rlimit rl_zero; 3215 int fd, r; 3216 fd_set fds; 3217 3218 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3219 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3220 exit (r == -1 ? 1 : 0); 3221 ]])], 3222 [AC_MSG_RESULT([yes]) 3223 rlimit_nofile_zero_works=yes], 3224 [AC_MSG_RESULT([no]) 3225 rlimit_nofile_zero_works=no], 3226 [AC_MSG_WARN([cross compiling: assuming yes])] 3227 ) 3228 3229 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3230 AC_RUN_IFELSE( 3231 [AC_LANG_PROGRAM([[ 3232 #include <sys/types.h> 3233 #include <sys/resource.h> 3234 #include <stdlib.h> 3235 ]],[[ 3236 struct rlimit rl_zero; 3237 3238 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3239 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3240 ]])], 3241 [AC_MSG_RESULT([yes])], 3242 [AC_MSG_RESULT([no]) 3243 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3244 [setrlimit RLIMIT_FSIZE works])], 3245 [AC_MSG_WARN([cross compiling: assuming yes])] 3246 ) 3247 3248 if test "x$sandbox_arg" = "xpledge" || \ 3249 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3250 test "x$ac_cv_func_pledge" != "xyes" && \ 3251 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3252 SANDBOX_STYLE="pledge" 3253 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3254 elif test "x$sandbox_arg" = "xsystrace" || \ 3255 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3256 test "x$have_systr_policy_kill" != "x1" && \ 3257 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3258 SANDBOX_STYLE="systrace" 3259 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3260 elif test "x$sandbox_arg" = "xdarwin" || \ 3261 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3262 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3263 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3264 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3265 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3266 SANDBOX_STYLE="darwin" 3267 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3268 elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3269 ( test -z "$sandbox_arg" && \ 3270 test "x$have_seccomp_filter" = "x1" && \ 3271 test "x$ac_cv_header_elf_h" = "xyes" && \ 3272 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3273 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3274 test "x$seccomp_audit_arch" != "x" && \ 3275 test "x$have_linux_no_new_privs" = "x1" && \ 3276 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3277 test "x$seccomp_audit_arch" = "x" && \ 3278 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3279 test "x$have_linux_no_new_privs" != "x1" && \ 3280 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3281 test "x$have_seccomp_filter" != "x1" && \ 3282 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3283 test "x$ac_cv_func_prctl" != "xyes" && \ 3284 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3285 SANDBOX_STYLE="seccomp_filter" 3286 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3287 elif test "x$sandbox_arg" = "xcapsicum" || \ 3288 ( test -z "$sandbox_arg" && \ 3289 test "x$ac_cv_header_sys_capability_h" = "xyes" && \ 3290 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3291 test "x$ac_cv_header_sys_capability_h" != "xyes" && \ 3292 AC_MSG_ERROR([capsicum sandbox requires sys/capability.h header]) 3293 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3294 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3295 SANDBOX_STYLE="capsicum" 3296 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3297 elif test "x$sandbox_arg" = "xrlimit" || \ 3298 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3299 test "x$select_works_with_rlimit" = "xyes" && \ 3300 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3301 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3302 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3303 test "x$select_works_with_rlimit" != "xyes" && \ 3304 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3305 SANDBOX_STYLE="rlimit" 3306 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3307 elif test "x$sandbox_arg" = "xsolaris" || \ 3308 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3309 SANDBOX_STYLE="solaris" 3310 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3311 elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3312 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3313 SANDBOX_STYLE="none" 3314 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3315 else 3316 AC_MSG_ERROR([unsupported --with-sandbox]) 3317 fi 3318 3319 # Cheap hack to ensure NEWS-OS libraries are arranged right. 3320 if test ! -z "$SONY" ; then 3321 LIBS="$LIBS -liberty"; 3322 fi 3323 3324 # Check for long long datatypes 3325 AC_CHECK_TYPES([long long, unsigned long long, long double]) 3326 3327 # Check datatype sizes 3328 AC_CHECK_SIZEOF([short int], [2]) 3329 AC_CHECK_SIZEOF([int], [4]) 3330 AC_CHECK_SIZEOF([long int], [4]) 3331 AC_CHECK_SIZEOF([long long int], [8]) 3332 3333 # Sanity check long long for some platforms (AIX) 3334 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3335 ac_cv_sizeof_long_long_int=0 3336 fi 3337 3338 # compute LLONG_MIN and LLONG_MAX if we don't know them. 3339 if test -z "$have_llong_max"; then 3340 AC_MSG_CHECKING([for max value of long long]) 3341 AC_RUN_IFELSE( 3342 [AC_LANG_PROGRAM([[ 3343 #include <stdio.h> 3344 /* Why is this so damn hard? */ 3345 #ifdef __GNUC__ 3346 # undef __GNUC__ 3347 #endif 3348 #define __USE_ISOC99 3349 #include <limits.h> 3350 #define DATA "conftest.llminmax" 3351 #define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3352 3353 /* 3354 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3355 * we do this the hard way. 3356 */ 3357 static int 3358 fprint_ll(FILE *f, long long n) 3359 { 3360 unsigned int i; 3361 int l[sizeof(long long) * 8]; 3362 3363 if (n < 0) 3364 if (fprintf(f, "-") < 0) 3365 return -1; 3366 for (i = 0; n != 0; i++) { 3367 l[i] = my_abs(n % 10); 3368 n /= 10; 3369 } 3370 do { 3371 if (fprintf(f, "%d", l[--i]) < 0) 3372 return -1; 3373 } while (i != 0); 3374 if (fprintf(f, " ") < 0) 3375 return -1; 3376 return 0; 3377 } 3378 ]], [[ 3379 FILE *f; 3380 long long i, llmin, llmax = 0; 3381 3382 if((f = fopen(DATA,"w")) == NULL) 3383 exit(1); 3384 3385 #if defined(LLONG_MIN) && defined(LLONG_MAX) 3386 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3387 llmin = LLONG_MIN; 3388 llmax = LLONG_MAX; 3389 #else 3390 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3391 /* This will work on one's complement and two's complement */ 3392 for (i = 1; i > llmax; i <<= 1, i++) 3393 llmax = i; 3394 llmin = llmax + 1LL; /* wrap */ 3395 #endif 3396 3397 /* Sanity check */ 3398 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3399 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3400 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3401 fprintf(f, "unknown unknown\n"); 3402 exit(2); 3403 } 3404 3405 if (fprint_ll(f, llmin) < 0) 3406 exit(3); 3407 if (fprint_ll(f, llmax) < 0) 3408 exit(4); 3409 if (fclose(f) < 0) 3410 exit(5); 3411 exit(0); 3412 ]])], 3413 [ 3414 llong_min=`$AWK '{print $1}' conftest.llminmax` 3415 llong_max=`$AWK '{print $2}' conftest.llminmax` 3416 3417 AC_MSG_RESULT([$llong_max]) 3418 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3419 [max value of long long calculated by configure]) 3420 AC_MSG_CHECKING([for min value of long long]) 3421 AC_MSG_RESULT([$llong_min]) 3422 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3423 [min value of long long calculated by configure]) 3424 ], 3425 [ 3426 AC_MSG_RESULT([not found]) 3427 ], 3428 [ 3429 AC_MSG_WARN([cross compiling: not checking]) 3430 ] 3431 ) 3432 fi 3433 3434 3435 # More checks for data types 3436 AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3437 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3438 [[ u_int a; a = 1;]])], 3439 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3440 ]) 3441 ]) 3442 if test "x$ac_cv_have_u_int" = "xyes" ; then 3443 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3444 have_u_int=1 3445 fi 3446 3447 AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3448 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3449 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3450 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3451 ]) 3452 ]) 3453 if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3454 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3455 have_intxx_t=1 3456 fi 3457 3458 if (test -z "$have_intxx_t" && \ 3459 test "x$ac_cv_header_stdint_h" = "xyes") 3460 then 3461 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3462 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3463 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3464 [ 3465 AC_DEFINE([HAVE_INTXX_T]) 3466 AC_MSG_RESULT([yes]) 3467 ], [ AC_MSG_RESULT([no]) 3468 ]) 3469 fi 3470 3471 AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3472 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3473 #include <sys/types.h> 3474 #ifdef HAVE_STDINT_H 3475 # include <stdint.h> 3476 #endif 3477 #include <sys/socket.h> 3478 #ifdef HAVE_SYS_BITYPES_H 3479 # include <sys/bitypes.h> 3480 #endif 3481 ]], [[ 3482 int64_t a; a = 1; 3483 ]])], 3484 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3485 ]) 3486 ]) 3487 if test "x$ac_cv_have_int64_t" = "xyes" ; then 3488 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3489 fi 3490 3491 AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3492 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3493 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3494 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3495 ]) 3496 ]) 3497 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3498 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3499 have_u_intxx_t=1 3500 fi 3501 3502 if test -z "$have_u_intxx_t" ; then 3503 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3504 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3505 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3506 [ 3507 AC_DEFINE([HAVE_U_INTXX_T]) 3508 AC_MSG_RESULT([yes]) 3509 ], [ AC_MSG_RESULT([no]) 3510 ]) 3511 fi 3512 3513 AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3514 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3515 [[ u_int64_t a; a = 1;]])], 3516 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3517 ]) 3518 ]) 3519 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3520 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3521 have_u_int64_t=1 3522 fi 3523 3524 if (test -z "$have_u_int64_t" && \ 3525 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3526 then 3527 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3528 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3529 [[ u_int64_t a; a = 1]])], 3530 [ 3531 AC_DEFINE([HAVE_U_INT64_T]) 3532 AC_MSG_RESULT([yes]) 3533 ], [ AC_MSG_RESULT([no]) 3534 ]) 3535 fi 3536 3537 if test -z "$have_u_intxx_t" ; then 3538 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3539 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3540 #include <sys/types.h> 3541 ]], [[ 3542 uint8_t a; 3543 uint16_t b; 3544 uint32_t c; 3545 a = b = c = 1; 3546 ]])], 3547 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3548 ]) 3549 ]) 3550 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3551 AC_DEFINE([HAVE_UINTXX_T], [1], 3552 [define if you have uintxx_t data type]) 3553 fi 3554 fi 3555 3556 if (test -z "$have_uintxx_t" && \ 3557 test "x$ac_cv_header_stdint_h" = "xyes") 3558 then 3559 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3560 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3561 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3562 [ 3563 AC_DEFINE([HAVE_UINTXX_T]) 3564 AC_MSG_RESULT([yes]) 3565 ], [ AC_MSG_RESULT([no]) 3566 ]) 3567 fi 3568 3569 if (test -z "$have_uintxx_t" && \ 3570 test "x$ac_cv_header_inttypes_h" = "xyes") 3571 then 3572 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3573 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3574 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3575 [ 3576 AC_DEFINE([HAVE_UINTXX_T]) 3577 AC_MSG_RESULT([yes]) 3578 ], [ AC_MSG_RESULT([no]) 3579 ]) 3580 fi 3581 3582 if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3583 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3584 then 3585 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3586 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3587 #include <sys/bitypes.h> 3588 ]], [[ 3589 int8_t a; int16_t b; int32_t c; 3590 u_int8_t e; u_int16_t f; u_int32_t g; 3591 a = b = c = e = f = g = 1; 3592 ]])], 3593 [ 3594 AC_DEFINE([HAVE_U_INTXX_T]) 3595 AC_DEFINE([HAVE_INTXX_T]) 3596 AC_MSG_RESULT([yes]) 3597 ], [AC_MSG_RESULT([no]) 3598 ]) 3599 fi 3600 3601 3602 AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3603 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3604 [[ u_char foo; foo = 125; ]])], 3605 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3606 ]) 3607 ]) 3608 if test "x$ac_cv_have_u_char" = "xyes" ; then 3609 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3610 fi 3611 3612 AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3613 #include <sys/types.h> 3614 #include <stdint.h> 3615 ]) 3616 3617 TYPE_SOCKLEN_T 3618 3619 AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3620 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3621 #include <sys/types.h> 3622 #ifdef HAVE_SYS_BITYPES_H 3623 #include <sys/bitypes.h> 3624 #endif 3625 #ifdef HAVE_SYS_STATFS_H 3626 #include <sys/statfs.h> 3627 #endif 3628 #ifdef HAVE_SYS_STATVFS_H 3629 #include <sys/statvfs.h> 3630 #endif 3631 ]) 3632 3633 AC_CHECK_TYPES([in_addr_t, in_port_t], , , 3634 [#include <sys/types.h> 3635 #include <netinet/in.h>]) 3636 3637 AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3638 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3639 [[ size_t foo; foo = 1235; ]])], 3640 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 3641 ]) 3642 ]) 3643 if test "x$ac_cv_have_size_t" = "xyes" ; then 3644 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 3645 fi 3646 3647 AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 3648 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3649 [[ ssize_t foo; foo = 1235; ]])], 3650 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 3651 ]) 3652 ]) 3653 if test "x$ac_cv_have_ssize_t" = "xyes" ; then 3654 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 3655 fi 3656 3657 AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 3658 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 3659 [[ clock_t foo; foo = 1235; ]])], 3660 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 3661 ]) 3662 ]) 3663 if test "x$ac_cv_have_clock_t" = "xyes" ; then 3664 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 3665 fi 3666 3667 AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 3668 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3669 #include <sys/types.h> 3670 #include <sys/socket.h> 3671 ]], [[ sa_family_t foo; foo = 1235; ]])], 3672 [ ac_cv_have_sa_family_t="yes" ], 3673 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3674 #include <sys/types.h> 3675 #include <sys/socket.h> 3676 #include <netinet/in.h> 3677 ]], [[ sa_family_t foo; foo = 1235; ]])], 3678 [ ac_cv_have_sa_family_t="yes" ], 3679 [ ac_cv_have_sa_family_t="no" ] 3680 ) 3681 ]) 3682 ]) 3683 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 3684 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 3685 [define if you have sa_family_t data type]) 3686 fi 3687 3688 AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 3689 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3690 [[ pid_t foo; foo = 1235; ]])], 3691 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 3692 ]) 3693 ]) 3694 if test "x$ac_cv_have_pid_t" = "xyes" ; then 3695 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 3696 fi 3697 3698 AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 3699 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3700 [[ mode_t foo; foo = 1235; ]])], 3701 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 3702 ]) 3703 ]) 3704 if test "x$ac_cv_have_mode_t" = "xyes" ; then 3705 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 3706 fi 3707 3708 3709 AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 3710 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3711 #include <sys/types.h> 3712 #include <sys/socket.h> 3713 ]], [[ struct sockaddr_storage s; ]])], 3714 [ ac_cv_have_struct_sockaddr_storage="yes" ], 3715 [ ac_cv_have_struct_sockaddr_storage="no" 3716 ]) 3717 ]) 3718 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 3719 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 3720 [define if you have struct sockaddr_storage data type]) 3721 fi 3722 3723 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 3724 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3725 #include <sys/types.h> 3726 #include <netinet/in.h> 3727 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 3728 [ ac_cv_have_struct_sockaddr_in6="yes" ], 3729 [ ac_cv_have_struct_sockaddr_in6="no" 3730 ]) 3731 ]) 3732 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 3733 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 3734 [define if you have struct sockaddr_in6 data type]) 3735 fi 3736 3737 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 3738 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3739 #include <sys/types.h> 3740 #include <netinet/in.h> 3741 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 3742 [ ac_cv_have_struct_in6_addr="yes" ], 3743 [ ac_cv_have_struct_in6_addr="no" 3744 ]) 3745 ]) 3746 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 3747 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 3748 [define if you have struct in6_addr data type]) 3749 3750 dnl Now check for sin6_scope_id 3751 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 3752 [ 3753 #ifdef HAVE_SYS_TYPES_H 3754 #include <sys/types.h> 3755 #endif 3756 #include <netinet/in.h> 3757 ]) 3758 fi 3759 3760 AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 3761 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3762 #include <sys/types.h> 3763 #include <sys/socket.h> 3764 #include <netdb.h> 3765 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 3766 [ ac_cv_have_struct_addrinfo="yes" ], 3767 [ ac_cv_have_struct_addrinfo="no" 3768 ]) 3769 ]) 3770 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 3771 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 3772 [define if you have struct addrinfo data type]) 3773 fi 3774 3775 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 3776 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 3777 [[ struct timeval tv; tv.tv_sec = 1;]])], 3778 [ ac_cv_have_struct_timeval="yes" ], 3779 [ ac_cv_have_struct_timeval="no" 3780 ]) 3781 ]) 3782 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 3783 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 3784 have_struct_timeval=1 3785 fi 3786 3787 AC_CHECK_TYPES([struct timespec]) 3788 3789 # We need int64_t or else certian parts of the compile will fail. 3790 if test "x$ac_cv_have_int64_t" = "xno" && \ 3791 test "x$ac_cv_sizeof_long_int" != "x8" && \ 3792 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 3793 echo "OpenSSH requires int64_t support. Contact your vendor or install" 3794 echo "an alternative compiler (I.E., GCC) before continuing." 3795 echo "" 3796 exit 1; 3797 else 3798 dnl test snprintf (broken on SCO w/gcc) 3799 AC_RUN_IFELSE( 3800 [AC_LANG_SOURCE([[ 3801 #include <stdio.h> 3802 #include <string.h> 3803 #ifdef HAVE_SNPRINTF 3804 main() 3805 { 3806 char buf[50]; 3807 char expected_out[50]; 3808 int mazsize = 50 ; 3809 #if (SIZEOF_LONG_INT == 8) 3810 long int num = 0x7fffffffffffffff; 3811 #else 3812 long long num = 0x7fffffffffffffffll; 3813 #endif 3814 strcpy(expected_out, "9223372036854775807"); 3815 snprintf(buf, mazsize, "%lld", num); 3816 if(strcmp(buf, expected_out) != 0) 3817 exit(1); 3818 exit(0); 3819 } 3820 #else 3821 main() { exit(0); } 3822 #endif 3823 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 3824 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 3825 ) 3826 fi 3827 3828 dnl Checks for structure members 3829 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 3830 OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 3831 OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 3832 OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 3833 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 3834 OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 3835 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 3836 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 3837 OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 3838 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 3839 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 3840 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 3841 OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 3842 OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 3843 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 3844 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 3845 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 3846 3847 AC_CHECK_MEMBERS([struct stat.st_blksize]) 3848 AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 3849 struct passwd.pw_change, struct passwd.pw_expire], 3850 [], [], [[ 3851 #include <sys/types.h> 3852 #include <pwd.h> 3853 ]]) 3854 3855 AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 3856 [Define if we don't have struct __res_state in resolv.h])], 3857 [[ 3858 #include <stdio.h> 3859 #if HAVE_SYS_TYPES_H 3860 # include <sys/types.h> 3861 #endif 3862 #include <netinet/in.h> 3863 #include <arpa/nameser.h> 3864 #include <resolv.h> 3865 ]]) 3866 3867 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 3868 ac_cv_have_ss_family_in_struct_ss, [ 3869 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3870 #include <sys/types.h> 3871 #include <sys/socket.h> 3872 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 3873 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 3874 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 3875 ]) 3876 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 3877 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 3878 fi 3879 3880 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 3881 ac_cv_have___ss_family_in_struct_ss, [ 3882 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3883 #include <sys/types.h> 3884 #include <sys/socket.h> 3885 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 3886 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 3887 [ ac_cv_have___ss_family_in_struct_ss="no" 3888 ]) 3889 ]) 3890 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 3891 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 3892 [Fields in struct sockaddr_storage]) 3893 fi 3894 3895 dnl make sure we're using the real structure members and not defines 3896 AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 3897 ac_cv_have_accrights_in_msghdr, [ 3898 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3899 #include <sys/types.h> 3900 #include <sys/socket.h> 3901 #include <sys/uio.h> 3902 ]], [[ 3903 #ifdef msg_accrights 3904 #error "msg_accrights is a macro" 3905 exit(1); 3906 #endif 3907 struct msghdr m; 3908 m.msg_accrights = 0; 3909 exit(0); 3910 ]])], 3911 [ ac_cv_have_accrights_in_msghdr="yes" ], 3912 [ ac_cv_have_accrights_in_msghdr="no" ] 3913 ) 3914 ]) 3915 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 3916 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 3917 [Define if your system uses access rights style 3918 file descriptor passing]) 3919 fi 3920 3921 AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 3922 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3923 #include <sys/param.h> 3924 #include <sys/stat.h> 3925 #ifdef HAVE_SYS_TIME_H 3926 # include <sys/time.h> 3927 #endif 3928 #ifdef HAVE_SYS_MOUNT_H 3929 #include <sys/mount.h> 3930 #endif 3931 #ifdef HAVE_SYS_STATVFS_H 3932 #include <sys/statvfs.h> 3933 #endif 3934 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 3935 [ AC_MSG_RESULT([yes]) ], 3936 [ AC_MSG_RESULT([no]) 3937 3938 AC_MSG_CHECKING([if fsid_t has member val]) 3939 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3940 #include <sys/types.h> 3941 #include <sys/statvfs.h> 3942 ]], [[ fsid_t t; t.val[0] = 0; ]])], 3943 [ AC_MSG_RESULT([yes]) 3944 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 3945 [ AC_MSG_RESULT([no]) ]) 3946 3947 AC_MSG_CHECKING([if f_fsid has member __val]) 3948 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3949 #include <sys/types.h> 3950 #include <sys/statvfs.h> 3951 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 3952 [ AC_MSG_RESULT([yes]) 3953 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 3954 [ AC_MSG_RESULT([no]) ]) 3955 ]) 3956 3957 AC_CACHE_CHECK([for msg_control field in struct msghdr], 3958 ac_cv_have_control_in_msghdr, [ 3959 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3960 #include <sys/types.h> 3961 #include <sys/socket.h> 3962 #include <sys/uio.h> 3963 ]], [[ 3964 #ifdef msg_control 3965 #error "msg_control is a macro" 3966 exit(1); 3967 #endif 3968 struct msghdr m; 3969 m.msg_control = 0; 3970 exit(0); 3971 ]])], 3972 [ ac_cv_have_control_in_msghdr="yes" ], 3973 [ ac_cv_have_control_in_msghdr="no" ] 3974 ) 3975 ]) 3976 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 3977 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 3978 [Define if your system uses ancillary data style 3979 file descriptor passing]) 3980 fi 3981 3982 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 3983 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 3984 [[ extern char *__progname; printf("%s", __progname); ]])], 3985 [ ac_cv_libc_defines___progname="yes" ], 3986 [ ac_cv_libc_defines___progname="no" 3987 ]) 3988 ]) 3989 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 3990 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 3991 fi 3992 3993 AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 3994 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 3995 [[ printf("%s", __FUNCTION__); ]])], 3996 [ ac_cv_cc_implements___FUNCTION__="yes" ], 3997 [ ac_cv_cc_implements___FUNCTION__="no" 3998 ]) 3999 ]) 4000 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4001 AC_DEFINE([HAVE___FUNCTION__], [1], 4002 [Define if compiler implements __FUNCTION__]) 4003 fi 4004 4005 AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4006 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4007 [[ printf("%s", __func__); ]])], 4008 [ ac_cv_cc_implements___func__="yes" ], 4009 [ ac_cv_cc_implements___func__="no" 4010 ]) 4011 ]) 4012 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4013 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4014 fi 4015 4016 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4017 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4018 #include <stdarg.h> 4019 va_list x,y; 4020 ]], [[ va_copy(x,y); ]])], 4021 [ ac_cv_have_va_copy="yes" ], 4022 [ ac_cv_have_va_copy="no" 4023 ]) 4024 ]) 4025 if test "x$ac_cv_have_va_copy" = "xyes" ; then 4026 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4027 fi 4028 4029 AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4030 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4031 #include <stdarg.h> 4032 va_list x,y; 4033 ]], [[ __va_copy(x,y); ]])], 4034 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4035 ]) 4036 ]) 4037 if test "x$ac_cv_have___va_copy" = "xyes" ; then 4038 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4039 fi 4040 4041 AC_CACHE_CHECK([whether getopt has optreset support], 4042 ac_cv_have_getopt_optreset, [ 4043 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4044 [[ extern int optreset; optreset = 0; ]])], 4045 [ ac_cv_have_getopt_optreset="yes" ], 4046 [ ac_cv_have_getopt_optreset="no" 4047 ]) 4048 ]) 4049 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4050 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4051 [Define if your getopt(3) defines and uses optreset]) 4052 fi 4053 4054 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4055 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4056 [[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4057 [ ac_cv_libc_defines_sys_errlist="yes" ], 4058 [ ac_cv_libc_defines_sys_errlist="no" 4059 ]) 4060 ]) 4061 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4062 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4063 [Define if your system defines sys_errlist[]]) 4064 fi 4065 4066 4067 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4068 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4069 [[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4070 [ ac_cv_libc_defines_sys_nerr="yes" ], 4071 [ ac_cv_libc_defines_sys_nerr="no" 4072 ]) 4073 ]) 4074 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4075 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4076 fi 4077 4078 # Check libraries needed by DNS fingerprint support 4079 AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4080 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4081 [Define if getrrsetbyname() exists])], 4082 [ 4083 # Needed by our getrrsetbyname() 4084 AC_SEARCH_LIBS([res_query], [resolv]) 4085 AC_SEARCH_LIBS([dn_expand], [resolv]) 4086 AC_MSG_CHECKING([if res_query will link]) 4087 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4088 #include <sys/types.h> 4089 #include <netinet/in.h> 4090 #include <arpa/nameser.h> 4091 #include <netdb.h> 4092 #include <resolv.h> 4093 ]], [[ 4094 res_query (0, 0, 0, 0, 0); 4095 ]])], 4096 AC_MSG_RESULT([yes]), 4097 [AC_MSG_RESULT([no]) 4098 saved_LIBS="$LIBS" 4099 LIBS="$LIBS -lresolv" 4100 AC_MSG_CHECKING([for res_query in -lresolv]) 4101 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4102 #include <sys/types.h> 4103 #include <netinet/in.h> 4104 #include <arpa/nameser.h> 4105 #include <netdb.h> 4106 #include <resolv.h> 4107 ]], [[ 4108 res_query (0, 0, 0, 0, 0); 4109 ]])], 4110 [AC_MSG_RESULT([yes])], 4111 [LIBS="$saved_LIBS" 4112 AC_MSG_RESULT([no])]) 4113 ]) 4114 AC_CHECK_FUNCS([_getshort _getlong]) 4115 AC_CHECK_DECLS([_getshort, _getlong], , , 4116 [#include <sys/types.h> 4117 #include <arpa/nameser.h>]) 4118 AC_CHECK_MEMBER([HEADER.ad], 4119 [AC_DEFINE([HAVE_HEADER_AD], [1], 4120 [Define if HEADER.ad exists in arpa/nameser.h])], , 4121 [#include <arpa/nameser.h>]) 4122 ]) 4123 4124 AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4125 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4126 #include <stdio.h> 4127 #if HAVE_SYS_TYPES_H 4128 # include <sys/types.h> 4129 #endif 4130 #include <netinet/in.h> 4131 #include <arpa/nameser.h> 4132 #include <resolv.h> 4133 extern struct __res_state _res; 4134 ]], [[ 4135 struct __res_state *volatile p = &_res; /* force resolution of _res */ 4136 return 0; 4137 ]],)], 4138 [AC_MSG_RESULT([yes]) 4139 AC_DEFINE([HAVE__RES_EXTERN], [1], 4140 [Define if you have struct __res_state _res as an extern]) 4141 ], 4142 [ AC_MSG_RESULT([no]) ] 4143 ) 4144 4145 # Check whether user wants SELinux support 4146 SELINUX_MSG="no" 4147 LIBSELINUX="" 4148 AC_ARG_WITH([selinux], 4149 [ --with-selinux Enable SELinux support], 4150 [ if test "x$withval" != "xno" ; then 4151 save_LIBS="$LIBS" 4152 AC_DEFINE([WITH_SELINUX], [1], 4153 [Define if you want SELinux support.]) 4154 SELINUX_MSG="yes" 4155 AC_CHECK_HEADER([selinux/selinux.h], , 4156 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4157 AC_CHECK_LIB([selinux], [setexeccon], 4158 [ LIBSELINUX="-lselinux" 4159 LIBS="$LIBS -lselinux" 4160 ], 4161 AC_MSG_ERROR([SELinux support requires libselinux library])) 4162 SSHLIBS="$SSHLIBS $LIBSELINUX" 4163 SSHDLIBS="$SSHDLIBS $LIBSELINUX" 4164 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4165 LIBS="$save_LIBS" 4166 fi ] 4167 ) 4168 AC_SUBST([SSHLIBS]) 4169 AC_SUBST([SSHDLIBS]) 4170 4171 # Check whether user wants Kerberos 5 support 4172 KRB5_MSG="no" 4173 AC_ARG_WITH([kerberos5], 4174 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4175 [ if test "x$withval" != "xno" ; then 4176 if test "x$withval" = "xyes" ; then 4177 KRB5ROOT="/usr/local" 4178 else 4179 KRB5ROOT=${withval} 4180 fi 4181 4182 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4183 KRB5_MSG="yes" 4184 4185 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4186 [$KRB5ROOT/bin/krb5-config], 4187 [$KRB5ROOT/bin:$PATH]) 4188 if test -x $KRB5CONF ; then 4189 K5CFLAGS="`$KRB5CONF --cflags`" 4190 K5LIBS="`$KRB5CONF --libs`" 4191 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4192 4193 AC_MSG_CHECKING([for gssapi support]) 4194 if $KRB5CONF | grep gssapi >/dev/null ; then 4195 AC_MSG_RESULT([yes]) 4196 AC_DEFINE([GSSAPI], [1], 4197 [Define this if you want GSSAPI 4198 support in the version 2 protocol]) 4199 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4200 GSSLIBS="`$KRB5CONF --libs gssapi`" 4201 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4202 else 4203 AC_MSG_RESULT([no]) 4204 fi 4205 AC_MSG_CHECKING([whether we are using Heimdal]) 4206 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4207 ]], [[ char *tmp = heimdal_version; ]])], 4208 [ AC_MSG_RESULT([yes]) 4209 AC_DEFINE([HEIMDAL], [1], 4210 [Define this if you are using the Heimdal 4211 version of Kerberos V5]) ], 4212 [AC_MSG_RESULT([no]) 4213 ]) 4214 else 4215 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4216 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4217 AC_MSG_CHECKING([whether we are using Heimdal]) 4218 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4219 ]], [[ char *tmp = heimdal_version; ]])], 4220 [ AC_MSG_RESULT([yes]) 4221 AC_DEFINE([HEIMDAL]) 4222 K5LIBS="-lkrb5" 4223 K5LIBS="$K5LIBS -lcom_err -lasn1" 4224 AC_CHECK_LIB([roken], [net_write], 4225 [K5LIBS="$K5LIBS -lroken"]) 4226 AC_CHECK_LIB([des], [des_cbc_encrypt], 4227 [K5LIBS="$K5LIBS -ldes"]) 4228 ], [ AC_MSG_RESULT([no]) 4229 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4230 ]) 4231 AC_SEARCH_LIBS([dn_expand], [resolv]) 4232 4233 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4234 [ AC_DEFINE([GSSAPI]) 4235 GSSLIBS="-lgssapi_krb5" ], 4236 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4237 [ AC_DEFINE([GSSAPI]) 4238 GSSLIBS="-lgssapi" ], 4239 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4240 [ AC_DEFINE([GSSAPI]) 4241 GSSLIBS="-lgss" ], 4242 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4243 ]) 4244 ]) 4245 4246 AC_CHECK_HEADER([gssapi.h], , 4247 [ unset ac_cv_header_gssapi_h 4248 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4249 AC_CHECK_HEADERS([gssapi.h], , 4250 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4251 ) 4252 ] 4253 ) 4254 4255 oldCPP="$CPPFLAGS" 4256 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4257 AC_CHECK_HEADER([gssapi_krb5.h], , 4258 [ CPPFLAGS="$oldCPP" ]) 4259 4260 fi 4261 if test ! -z "$need_dash_r" ; then 4262 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" 4263 fi 4264 if test ! -z "$blibpath" ; then 4265 blibpath="$blibpath:${KRB5ROOT}/lib" 4266 fi 4267 4268 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4269 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4270 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4271 4272 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4273 [Define this if you want to use libkafs' AFS support])]) 4274 4275 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4276 #ifdef HAVE_GSSAPI_H 4277 # include <gssapi.h> 4278 #elif defined(HAVE_GSSAPI_GSSAPI_H) 4279 # include <gssapi/gssapi.h> 4280 #endif 4281 4282 #ifdef HAVE_GSSAPI_GENERIC_H 4283 # include <gssapi_generic.h> 4284 #elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4285 # include <gssapi/gssapi_generic.h> 4286 #endif 4287 ]]) 4288 saved_LIBS="$LIBS" 4289 LIBS="$LIBS $K5LIBS" 4290 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4291 LIBS="$saved_LIBS" 4292 4293 fi 4294 ] 4295 ) 4296 AC_SUBST([GSSLIBS]) 4297 AC_SUBST([K5LIBS]) 4298 4299 # Looking for programs, paths and files 4300 4301 PRIVSEP_PATH=/var/empty 4302 AC_ARG_WITH([privsep-path], 4303 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4304 [ 4305 if test -n "$withval" && test "x$withval" != "xno" && \ 4306 test "x${withval}" != "xyes"; then 4307 PRIVSEP_PATH=$withval 4308 fi 4309 ] 4310 ) 4311 AC_SUBST([PRIVSEP_PATH]) 4312 4313 AC_ARG_WITH([xauth], 4314 [ --with-xauth=PATH Specify path to xauth program ], 4315 [ 4316 if test -n "$withval" && test "x$withval" != "xno" && \ 4317 test "x${withval}" != "xyes"; then 4318 xauth_path=$withval 4319 fi 4320 ], 4321 [ 4322 TestPath="$PATH" 4323 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4324 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4325 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4326 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4327 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4328 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4329 xauth_path="/usr/openwin/bin/xauth" 4330 fi 4331 ] 4332 ) 4333 4334 STRIP_OPT=-s 4335 AC_ARG_ENABLE([strip], 4336 [ --disable-strip Disable calling strip(1) on install], 4337 [ 4338 if test "x$enableval" = "xno" ; then 4339 STRIP_OPT= 4340 fi 4341 ] 4342 ) 4343 AC_SUBST([STRIP_OPT]) 4344 4345 if test -z "$xauth_path" ; then 4346 XAUTH_PATH="undefined" 4347 AC_SUBST([XAUTH_PATH]) 4348 else 4349 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4350 [Define if xauth is found in your path]) 4351 XAUTH_PATH=$xauth_path 4352 AC_SUBST([XAUTH_PATH]) 4353 fi 4354 4355 dnl # --with-maildir=/path/to/mail gets top priority. 4356 dnl # if maildir is set in the platform case statement above we use that. 4357 dnl # Otherwise we run a program to get the dir from system headers. 4358 dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4359 dnl # If we find _PATH_MAILDIR we do nothing because that is what 4360 dnl # session.c expects anyway. Otherwise we set to the value found 4361 dnl # stripping any trailing slash. If for some strage reason our program 4362 dnl # does not find what it needs, we default to /var/spool/mail. 4363 # Check for mail directory 4364 AC_ARG_WITH([maildir], 4365 [ --with-maildir=/path/to/mail Specify your system mail directory], 4366 [ 4367 if test "X$withval" != X && test "x$withval" != xno && \ 4368 test "x${withval}" != xyes; then 4369 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4370 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4371 fi 4372 ],[ 4373 if test "X$maildir" != "X"; then 4374 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4375 else 4376 AC_MSG_CHECKING([Discovering system mail directory]) 4377 AC_RUN_IFELSE( 4378 [AC_LANG_PROGRAM([[ 4379 #include <stdio.h> 4380 #include <string.h> 4381 #ifdef HAVE_PATHS_H 4382 #include <paths.h> 4383 #endif 4384 #ifdef HAVE_MAILLOCK_H 4385 #include <maillock.h> 4386 #endif 4387 #define DATA "conftest.maildir" 4388 ]], [[ 4389 FILE *fd; 4390 int rc; 4391 4392 fd = fopen(DATA,"w"); 4393 if(fd == NULL) 4394 exit(1); 4395 4396 #if defined (_PATH_MAILDIR) 4397 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4398 exit(1); 4399 #elif defined (MAILDIR) 4400 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4401 exit(1); 4402 #elif defined (_PATH_MAIL) 4403 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4404 exit(1); 4405 #else 4406 exit (2); 4407 #endif 4408 4409 exit(0); 4410 ]])], 4411 [ 4412 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4413 maildir=`awk -F: '{print $2}' conftest.maildir \ 4414 | sed 's|/$||'` 4415 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4416 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4417 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4418 fi 4419 ], 4420 [ 4421 if test "X$ac_status" = "X2";then 4422 # our test program didn't find it. Default to /var/spool/mail 4423 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4424 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4425 else 4426 AC_MSG_RESULT([*** not found ***]) 4427 fi 4428 ], 4429 [ 4430 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4431 ] 4432 ) 4433 fi 4434 ] 4435 ) # maildir 4436 4437 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4438 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4439 disable_ptmx_check=yes 4440 fi 4441 if test -z "$no_dev_ptmx" ; then 4442 if test "x$disable_ptmx_check" != "xyes" ; then 4443 AC_CHECK_FILE(["/dev/ptmx"], 4444 [ 4445 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4446 [Define if you have /dev/ptmx]) 4447 have_dev_ptmx=1 4448 ] 4449 ) 4450 fi 4451 fi 4452 4453 if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4454 AC_CHECK_FILE(["/dev/ptc"], 4455 [ 4456 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4457 [Define if you have /dev/ptc]) 4458 have_dev_ptc=1 4459 ] 4460 ) 4461 else 4462 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4463 fi 4464 4465 # Options from here on. Some of these are preset by platform above 4466 AC_ARG_WITH([mantype], 4467 [ --with-mantype=man|cat|doc Set man page type], 4468 [ 4469 case "$withval" in 4470 man|cat|doc) 4471 MANTYPE=$withval 4472 ;; 4473 *) 4474 AC_MSG_ERROR([invalid man type: $withval]) 4475 ;; 4476 esac 4477 ] 4478 ) 4479 if test -z "$MANTYPE"; then 4480 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" 4481 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath]) 4482 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4483 MANTYPE=doc 4484 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4485 MANTYPE=man 4486 else 4487 MANTYPE=cat 4488 fi 4489 fi 4490 AC_SUBST([MANTYPE]) 4491 if test "$MANTYPE" = "doc"; then 4492 mansubdir=man; 4493 else 4494 mansubdir=$MANTYPE; 4495 fi 4496 AC_SUBST([mansubdir]) 4497 4498 # Check whether to enable MD5 passwords 4499 MD5_MSG="no" 4500 AC_ARG_WITH([md5-passwords], 4501 [ --with-md5-passwords Enable use of MD5 passwords], 4502 [ 4503 if test "x$withval" != "xno" ; then 4504 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4505 [Define if you want to allow MD5 passwords]) 4506 MD5_MSG="yes" 4507 fi 4508 ] 4509 ) 4510 4511 # Whether to disable shadow password support 4512 AC_ARG_WITH([shadow], 4513 [ --without-shadow Disable shadow password support], 4514 [ 4515 if test "x$withval" = "xno" ; then 4516 AC_DEFINE([DISABLE_SHADOW]) 4517 disable_shadow=yes 4518 fi 4519 ] 4520 ) 4521 4522 if test -z "$disable_shadow" ; then 4523 AC_MSG_CHECKING([if the systems has expire shadow information]) 4524 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4525 #include <sys/types.h> 4526 #include <shadow.h> 4527 struct spwd sp; 4528 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4529 [ sp_expire_available=yes ], [ 4530 ]) 4531 4532 if test "x$sp_expire_available" = "xyes" ; then 4533 AC_MSG_RESULT([yes]) 4534 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4535 [Define if you want to use shadow password expire field]) 4536 else 4537 AC_MSG_RESULT([no]) 4538 fi 4539 fi 4540 4541 # Use ip address instead of hostname in $DISPLAY 4542 if test ! -z "$IPADDR_IN_DISPLAY" ; then 4543 DISPLAY_HACK_MSG="yes" 4544 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4545 [Define if you need to use IP address 4546 instead of hostname in $DISPLAY]) 4547 else 4548 DISPLAY_HACK_MSG="no" 4549 AC_ARG_WITH([ipaddr-display], 4550 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 4551 [ 4552 if test "x$withval" != "xno" ; then 4553 AC_DEFINE([IPADDR_IN_DISPLAY]) 4554 DISPLAY_HACK_MSG="yes" 4555 fi 4556 ] 4557 ) 4558 fi 4559 4560 # check for /etc/default/login and use it if present. 4561 AC_ARG_ENABLE([etc-default-login], 4562 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4563 [ if test "x$enableval" = "xno"; then 4564 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4565 etc_default_login=no 4566 else 4567 etc_default_login=yes 4568 fi ], 4569 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4570 then 4571 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4572 etc_default_login=no 4573 else 4574 etc_default_login=yes 4575 fi ] 4576 ) 4577 4578 if test "x$etc_default_login" != "xno"; then 4579 AC_CHECK_FILE(["/etc/default/login"], 4580 [ external_path_file=/etc/default/login ]) 4581 if test "x$external_path_file" = "x/etc/default/login"; then 4582 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4583 [Define if your system has /etc/default/login]) 4584 fi 4585 fi 4586 4587 dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4588 if test $ac_cv_func_login_getcapbool = "yes" && \ 4589 test $ac_cv_header_login_cap_h = "yes" ; then 4590 external_path_file=/etc/login.conf 4591 fi 4592 4593 # Whether to mess with the default path 4594 SERVER_PATH_MSG="(default)" 4595 AC_ARG_WITH([default-path], 4596 [ --with-default-path= Specify default $PATH environment for server], 4597 [ 4598 if test "x$external_path_file" = "x/etc/login.conf" ; then 4599 AC_MSG_WARN([ 4600 --with-default-path=PATH has no effect on this system. 4601 Edit /etc/login.conf instead.]) 4602 elif test "x$withval" != "xno" ; then 4603 if test ! -z "$external_path_file" ; then 4604 AC_MSG_WARN([ 4605 --with-default-path=PATH will only be used if PATH is not defined in 4606 $external_path_file .]) 4607 fi 4608 user_path="$withval" 4609 SERVER_PATH_MSG="$withval" 4610 fi 4611 ], 4612 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 4613 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 4614 else 4615 if test ! -z "$external_path_file" ; then 4616 AC_MSG_WARN([ 4617 If PATH is defined in $external_path_file, ensure the path to scp is included, 4618 otherwise scp will not work.]) 4619 fi 4620 AC_RUN_IFELSE( 4621 [AC_LANG_PROGRAM([[ 4622 /* find out what STDPATH is */ 4623 #include <stdio.h> 4624 #ifdef HAVE_PATHS_H 4625 # include <paths.h> 4626 #endif 4627 #ifndef _PATH_STDPATH 4628 # ifdef _PATH_USERPATH /* Irix */ 4629 # define _PATH_STDPATH _PATH_USERPATH 4630 # else 4631 # define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 4632 # endif 4633 #endif 4634 #include <sys/types.h> 4635 #include <sys/stat.h> 4636 #include <fcntl.h> 4637 #define DATA "conftest.stdpath" 4638 ]], [[ 4639 FILE *fd; 4640 int rc; 4641 4642 fd = fopen(DATA,"w"); 4643 if(fd == NULL) 4644 exit(1); 4645 4646 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 4647 exit(1); 4648 4649 exit(0); 4650 ]])], 4651 [ user_path=`cat conftest.stdpath` ], 4652 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 4653 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 4654 ) 4655 # make sure $bindir is in USER_PATH so scp will work 4656 t_bindir="${bindir}" 4657 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 4658 t_bindir=`eval echo ${t_bindir}` 4659 case $t_bindir in 4660 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 4661 esac 4662 case $t_bindir in 4663 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 4664 esac 4665 done 4666 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 4667 if test $? -ne 0 ; then 4668 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 4669 if test $? -ne 0 ; then 4670 user_path=$user_path:$t_bindir 4671 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 4672 fi 4673 fi 4674 fi ] 4675 ) 4676 if test "x$external_path_file" != "x/etc/login.conf" ; then 4677 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 4678 AC_SUBST([user_path]) 4679 fi 4680 4681 # Set superuser path separately to user path 4682 AC_ARG_WITH([superuser-path], 4683 [ --with-superuser-path= Specify different path for super-user], 4684 [ 4685 if test -n "$withval" && test "x$withval" != "xno" && \ 4686 test "x${withval}" != "xyes"; then 4687 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 4688 [Define if you want a different $PATH 4689 for the superuser]) 4690 superuser_path=$withval 4691 fi 4692 ] 4693 ) 4694 4695 4696 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 4697 IPV4_IN6_HACK_MSG="no" 4698 AC_ARG_WITH(4in6, 4699 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 4700 [ 4701 if test "x$withval" != "xno" ; then 4702 AC_MSG_RESULT([yes]) 4703 AC_DEFINE([IPV4_IN_IPV6], [1], 4704 [Detect IPv4 in IPv6 mapped addresses 4705 and treat as IPv4]) 4706 IPV4_IN6_HACK_MSG="yes" 4707 else 4708 AC_MSG_RESULT([no]) 4709 fi 4710 ], [ 4711 if test "x$inet6_default_4in6" = "xyes"; then 4712 AC_MSG_RESULT([yes (default)]) 4713 AC_DEFINE([IPV4_IN_IPV6]) 4714 IPV4_IN6_HACK_MSG="yes" 4715 else 4716 AC_MSG_RESULT([no (default)]) 4717 fi 4718 ] 4719 ) 4720 4721 # Whether to enable BSD auth support 4722 BSD_AUTH_MSG=no 4723 AC_ARG_WITH([bsd-auth], 4724 [ --with-bsd-auth Enable BSD auth support], 4725 [ 4726 if test "x$withval" != "xno" ; then 4727 AC_DEFINE([BSD_AUTH], [1], 4728 [Define if you have BSD auth support]) 4729 BSD_AUTH_MSG=yes 4730 fi 4731 ] 4732 ) 4733 4734 # Where to place sshd.pid 4735 piddir=/var/run 4736 # make sure the directory exists 4737 if test ! -d $piddir ; then 4738 piddir=`eval echo ${sysconfdir}` 4739 case $piddir in 4740 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 4741 esac 4742 fi 4743 4744 AC_ARG_WITH([pid-dir], 4745 [ --with-pid-dir=PATH Specify location of ssh.pid file], 4746 [ 4747 if test -n "$withval" && test "x$withval" != "xno" && \ 4748 test "x${withval}" != "xyes"; then 4749 piddir=$withval 4750 if test ! -d $piddir ; then 4751 AC_MSG_WARN([** no $piddir directory on this system **]) 4752 fi 4753 fi 4754 ] 4755 ) 4756 4757 AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 4758 [Specify location of ssh.pid]) 4759 AC_SUBST([piddir]) 4760 4761 dnl allow user to disable some login recording features 4762 AC_ARG_ENABLE([lastlog], 4763 [ --disable-lastlog disable use of lastlog even if detected [no]], 4764 [ 4765 if test "x$enableval" = "xno" ; then 4766 AC_DEFINE([DISABLE_LASTLOG]) 4767 fi 4768 ] 4769 ) 4770 AC_ARG_ENABLE([utmp], 4771 [ --disable-utmp disable use of utmp even if detected [no]], 4772 [ 4773 if test "x$enableval" = "xno" ; then 4774 AC_DEFINE([DISABLE_UTMP]) 4775 fi 4776 ] 4777 ) 4778 AC_ARG_ENABLE([utmpx], 4779 [ --disable-utmpx disable use of utmpx even if detected [no]], 4780 [ 4781 if test "x$enableval" = "xno" ; then 4782 AC_DEFINE([DISABLE_UTMPX], [1], 4783 [Define if you don't want to use utmpx]) 4784 fi 4785 ] 4786 ) 4787 AC_ARG_ENABLE([wtmp], 4788 [ --disable-wtmp disable use of wtmp even if detected [no]], 4789 [ 4790 if test "x$enableval" = "xno" ; then 4791 AC_DEFINE([DISABLE_WTMP]) 4792 fi 4793 ] 4794 ) 4795 AC_ARG_ENABLE([wtmpx], 4796 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 4797 [ 4798 if test "x$enableval" = "xno" ; then 4799 AC_DEFINE([DISABLE_WTMPX], [1], 4800 [Define if you don't want to use wtmpx]) 4801 fi 4802 ] 4803 ) 4804 AC_ARG_ENABLE([libutil], 4805 [ --disable-libutil disable use of libutil (login() etc.) [no]], 4806 [ 4807 if test "x$enableval" = "xno" ; then 4808 AC_DEFINE([DISABLE_LOGIN]) 4809 fi 4810 ] 4811 ) 4812 AC_ARG_ENABLE([pututline], 4813 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 4814 [ 4815 if test "x$enableval" = "xno" ; then 4816 AC_DEFINE([DISABLE_PUTUTLINE], [1], 4817 [Define if you don't want to use pututline() 4818 etc. to write [uw]tmp]) 4819 fi 4820 ] 4821 ) 4822 AC_ARG_ENABLE([pututxline], 4823 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 4824 [ 4825 if test "x$enableval" = "xno" ; then 4826 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 4827 [Define if you don't want to use pututxline() 4828 etc. to write [uw]tmpx]) 4829 fi 4830 ] 4831 ) 4832 AC_ARG_WITH([lastlog], 4833 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 4834 [ 4835 if test "x$withval" = "xno" ; then 4836 AC_DEFINE([DISABLE_LASTLOG]) 4837 elif test -n "$withval" && test "x${withval}" != "xyes"; then 4838 conf_lastlog_location=$withval 4839 fi 4840 ] 4841 ) 4842 4843 dnl lastlog, [uw]tmpx? detection 4844 dnl NOTE: set the paths in the platform section to avoid the 4845 dnl need for command-line parameters 4846 dnl lastlog and [uw]tmp are subject to a file search if all else fails 4847 4848 dnl lastlog detection 4849 dnl NOTE: the code itself will detect if lastlog is a directory 4850 AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 4851 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4852 #include <sys/types.h> 4853 #include <utmp.h> 4854 #ifdef HAVE_LASTLOG_H 4855 # include <lastlog.h> 4856 #endif 4857 #ifdef HAVE_PATHS_H 4858 # include <paths.h> 4859 #endif 4860 #ifdef HAVE_LOGIN_H 4861 # include <login.h> 4862 #endif 4863 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 4864 [ AC_MSG_RESULT([yes]) ], 4865 [ 4866 AC_MSG_RESULT([no]) 4867 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 4868 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4869 #include <sys/types.h> 4870 #include <utmp.h> 4871 #ifdef HAVE_LASTLOG_H 4872 # include <lastlog.h> 4873 #endif 4874 #ifdef HAVE_PATHS_H 4875 # include <paths.h> 4876 #endif 4877 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 4878 [ AC_MSG_RESULT([yes]) ], 4879 [ 4880 AC_MSG_RESULT([no]) 4881 system_lastlog_path=no 4882 ]) 4883 ]) 4884 4885 if test -z "$conf_lastlog_location"; then 4886 if test x"$system_lastlog_path" = x"no" ; then 4887 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 4888 if (test -d "$f" || test -f "$f") ; then 4889 conf_lastlog_location=$f 4890 fi 4891 done 4892 if test -z "$conf_lastlog_location"; then 4893 AC_MSG_WARN([** Cannot find lastlog **]) 4894 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 4895 fi 4896 fi 4897 fi 4898 4899 if test -n "$conf_lastlog_location"; then 4900 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 4901 [Define if you want to specify the path to your lastlog file]) 4902 fi 4903 4904 dnl utmp detection 4905 AC_MSG_CHECKING([if your system defines UTMP_FILE]) 4906 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4907 #include <sys/types.h> 4908 #include <utmp.h> 4909 #ifdef HAVE_PATHS_H 4910 # include <paths.h> 4911 #endif 4912 ]], [[ char *utmp = UTMP_FILE; ]])], 4913 [ AC_MSG_RESULT([yes]) ], 4914 [ AC_MSG_RESULT([no]) 4915 system_utmp_path=no 4916 ]) 4917 if test -z "$conf_utmp_location"; then 4918 if test x"$system_utmp_path" = x"no" ; then 4919 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 4920 if test -f $f ; then 4921 conf_utmp_location=$f 4922 fi 4923 done 4924 if test -z "$conf_utmp_location"; then 4925 AC_DEFINE([DISABLE_UTMP]) 4926 fi 4927 fi 4928 fi 4929 if test -n "$conf_utmp_location"; then 4930 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 4931 [Define if you want to specify the path to your utmp file]) 4932 fi 4933 4934 dnl wtmp detection 4935 AC_MSG_CHECKING([if your system defines WTMP_FILE]) 4936 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4937 #include <sys/types.h> 4938 #include <utmp.h> 4939 #ifdef HAVE_PATHS_H 4940 # include <paths.h> 4941 #endif 4942 ]], [[ char *wtmp = WTMP_FILE; ]])], 4943 [ AC_MSG_RESULT([yes]) ], 4944 [ AC_MSG_RESULT([no]) 4945 system_wtmp_path=no 4946 ]) 4947 if test -z "$conf_wtmp_location"; then 4948 if test x"$system_wtmp_path" = x"no" ; then 4949 for f in /usr/adm/wtmp /var/log/wtmp; do 4950 if test -f $f ; then 4951 conf_wtmp_location=$f 4952 fi 4953 done 4954 if test -z "$conf_wtmp_location"; then 4955 AC_DEFINE([DISABLE_WTMP]) 4956 fi 4957 fi 4958 fi 4959 if test -n "$conf_wtmp_location"; then 4960 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 4961 [Define if you want to specify the path to your wtmp file]) 4962 fi 4963 4964 dnl wtmpx detection 4965 AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 4966 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4967 #include <sys/types.h> 4968 #include <utmp.h> 4969 #ifdef HAVE_UTMPX_H 4970 #include <utmpx.h> 4971 #endif 4972 #ifdef HAVE_PATHS_H 4973 # include <paths.h> 4974 #endif 4975 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 4976 [ AC_MSG_RESULT([yes]) ], 4977 [ AC_MSG_RESULT([no]) 4978 system_wtmpx_path=no 4979 ]) 4980 if test -z "$conf_wtmpx_location"; then 4981 if test x"$system_wtmpx_path" = x"no" ; then 4982 AC_DEFINE([DISABLE_WTMPX]) 4983 fi 4984 else 4985 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 4986 [Define if you want to specify the path to your wtmpx file]) 4987 fi 4988 4989 4990 if test ! -z "$blibpath" ; then 4991 LDFLAGS="$LDFLAGS $blibflags$blibpath" 4992 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 4993 fi 4994 4995 AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 4996 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 4997 AC_DEFINE([DISABLE_LASTLOG]) 4998 fi 4999 ], [ 5000 #ifdef HAVE_SYS_TYPES_H 5001 #include <sys/types.h> 5002 #endif 5003 #ifdef HAVE_UTMP_H 5004 #include <utmp.h> 5005 #endif 5006 #ifdef HAVE_UTMPX_H 5007 #include <utmpx.h> 5008 #endif 5009 #ifdef HAVE_LASTLOG_H 5010 #include <lastlog.h> 5011 #endif 5012 ]) 5013 5014 AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5015 AC_DEFINE([DISABLE_UTMP]) 5016 AC_DEFINE([DISABLE_WTMP]) 5017 ], [ 5018 #ifdef HAVE_SYS_TYPES_H 5019 #include <sys/types.h> 5020 #endif 5021 #ifdef HAVE_UTMP_H 5022 #include <utmp.h> 5023 #endif 5024 #ifdef HAVE_UTMPX_H 5025 #include <utmpx.h> 5026 #endif 5027 #ifdef HAVE_LASTLOG_H 5028 #include <lastlog.h> 5029 #endif 5030 ]) 5031 5032 dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5033 dnl Add now. 5034 CFLAGS="$CFLAGS $werror_flags" 5035 5036 if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5037 TEST_SSH_IPV6=no 5038 else 5039 TEST_SSH_IPV6=yes 5040 fi 5041 AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5042 AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5043 AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5044 AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5045 AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5046 5047 AC_EXEEXT 5048 AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5049 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5050 survey.sh]) 5051 AC_OUTPUT 5052 5053 # Print summary of options 5054 5055 # Someone please show me a better way :) 5056 A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5057 B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5058 C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5059 D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5060 E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5061 F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5062 G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5063 H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5064 I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5065 J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5066 5067 echo "" 5068 echo "OpenSSH has been configured with the following options:" 5069 echo " User binaries: $B" 5070 echo " System binaries: $C" 5071 echo " Configuration files: $D" 5072 echo " Askpass program: $E" 5073 echo " Manual pages: $F" 5074 echo " PID file: $G" 5075 echo " Privilege separation chroot path: $H" 5076 if test "x$external_path_file" = "x/etc/login.conf" ; then 5077 echo " At runtime, sshd will use the path defined in $external_path_file" 5078 echo " Make sure the path to scp is present, otherwise scp will not work" 5079 else 5080 echo " sshd default user PATH: $I" 5081 if test ! -z "$external_path_file"; then 5082 echo " (If PATH is set in $external_path_file it will be used instead. If" 5083 echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5084 fi 5085 fi 5086 if test ! -z "$superuser_path" ; then 5087 echo " sshd superuser user PATH: $J" 5088 fi 5089 echo " Manpage format: $MANTYPE" 5090 echo " PAM support: $PAM_MSG" 5091 echo " OSF SIA support: $SIA_MSG" 5092 echo " KerberosV support: $KRB5_MSG" 5093 echo " SELinux support: $SELINUX_MSG" 5094 echo " Smartcard support: $SCARD_MSG" 5095 echo " S/KEY support: $SKEY_MSG" 5096 echo " MD5 password support: $MD5_MSG" 5097 echo " libedit support: $LIBEDIT_MSG" 5098 echo " libldns support: $LDNS_MSG" 5099 echo " Solaris process contract support: $SPC_MSG" 5100 echo " Solaris project support: $SP_MSG" 5101 echo " Solaris privilege support: $SPP_MSG" 5102 echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5103 echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5104 echo " BSD Auth support: $BSD_AUTH_MSG" 5105 echo " Random number source: $RAND_MSG" 5106 echo " Privsep sandbox style: $SANDBOX_STYLE" 5107 5108 echo "" 5109 5110 echo " Host: ${host}" 5111 echo " Compiler: ${CC}" 5112 echo " Compiler flags: ${CFLAGS}" 5113 echo "Preprocessor flags: ${CPPFLAGS}" 5114 echo " Linker flags: ${LDFLAGS}" 5115 echo " Libraries: ${LIBS}" 5116 if test ! -z "${SSHDLIBS}"; then 5117 echo " +for sshd: ${SSHDLIBS}" 5118 fi 5119 if test ! -z "${SSHLIBS}"; then 5120 echo " +for ssh: ${SSHLIBS}" 5121 fi 5122 5123 echo "" 5124 5125 if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5126 echo "SVR4 style packages are supported with \"make package\"" 5127 echo "" 5128 fi 5129 5130 if test "x$PAM_MSG" = "xyes" ; then 5131 echo "PAM is enabled. You may need to install a PAM control file " 5132 echo "for sshd, otherwise password authentication may fail. " 5133 echo "Example PAM control files can be found in the contrib/ " 5134 echo "subdirectory" 5135 echo "" 5136 fi 5137 5138 if test ! -z "$NO_PEERCHECK" ; then 5139 echo "WARNING: the operating system that you are using does not" 5140 echo "appear to support getpeereid(), getpeerucred() or the" 5141 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5142 echo "enforce security checks to prevent unauthorised connections to" 5143 echo "ssh-agent. Their absence increases the risk that a malicious" 5144 echo "user can connect to your agent." 5145 echo "" 5146 fi 5147 5148 if test "$AUDIT_MODULE" = "bsm" ; then 5149 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5150 echo "See the Solaris section in README.platform for details." 5151 fi 5152
