1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_CONFIG_MACRO_DIR([m4]) 18AC_CONFIG_SRCDIR([ssh.c]) 19AC_LANG([C]) 20 21AC_CONFIG_HEADERS([config.h]) 22AC_PROG_CC([cc gcc]) 23 24# XXX relax this after reimplementing logit() etc. 25AC_MSG_CHECKING([if $CC supports C99-style variadic macros]) 26AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 27int f(int a, int b, int c) { return a + b + c; } 28#define F(a, ...) f(a, __VA_ARGS__) 29]], [[return F(1, 2, -3);]])], 30 [ AC_MSG_RESULT([yes]) ], 31 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ] 32) 33 34AC_CANONICAL_HOST 35AC_C_BIGENDIAN 36 37# Checks for programs. 38AC_PROG_AWK 39AC_PROG_CPP 40AC_PROG_RANLIB 41AC_PROG_INSTALL 42AC_PROG_EGREP 43AC_PROG_MKDIR_P 44AC_CHECK_TOOLS([AR], [ar]) 45AC_PATH_PROG([CAT], [cat]) 46AC_PATH_PROG([KILL], [kill]) 47AC_PATH_PROG([SED], [sed]) 48AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 49AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 50AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 51AC_PATH_PROG([SH], [sh]) 52AC_PATH_PROG([GROFF], [groff]) 53AC_PATH_PROG([NROFF], [nroff awf]) 54AC_PATH_PROG([MANDOC], [mandoc]) 55AC_SUBST([TEST_SHELL], [sh]) 56 57dnl select manpage formatter to be used to build "cat" format pages. 58if test "x$MANDOC" != "x" ; then 59 MANFMT="$MANDOC" 60elif test "x$NROFF" != "x" ; then 61 MANFMT="$NROFF -mandoc" 62elif test "x$GROFF" != "x" ; then 63 MANFMT="$GROFF -mandoc -Tascii" 64else 65 AC_MSG_WARN([no manpage formatter found]) 66 MANFMT="false" 67fi 68AC_SUBST([MANFMT]) 69 70dnl for buildpkg.sh 71AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 72 [/usr/sbin${PATH_SEPARATOR}/etc]) 73AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 74 [/usr/sbin${PATH_SEPARATOR}/etc]) 75AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 76if test -x /sbin/sh; then 77 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 78else 79 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 80fi 81 82# System features 83AC_SYS_LARGEFILE 84 85if test -z "$AR" ; then 86 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 87fi 88 89AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 90if test ! -z "$PATH_PASSWD_PROG" ; then 91 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 92 [Full path of your "passwd" program]) 93fi 94 95dnl Since autoconf doesn't support it very well, we no longer allow users to 96dnl override LD, however keeping the hook here for now in case there's a use 97dnl use case we overlooked and someone needs to re-enable it. Unless a good 98dnl reason is found we'll be removing this in future. 99LD="$CC" 100AC_SUBST([LD]) 101 102AC_C_INLINE 103 104AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 105AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 106AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 107 #include <sys/types.h> 108 #include <sys/param.h> 109 #include <dev/systrace.h> 110]) 111AC_CHECK_DECL([RLIMIT_NPROC], 112 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 113 #include <sys/types.h> 114 #include <sys/resource.h> 115]) 116AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 117 #include <sys/types.h> 118 #include <linux/prctl.h> 119]) 120 121openssl=yes 122AC_ARG_WITH([openssl], 123 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 124 [ if test "x$withval" = "xno" ; then 125 openssl=no 126 fi 127 ] 128) 129AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 130if test "x$openssl" = "xyes" ; then 131 AC_MSG_RESULT([yes]) 132 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 133else 134 AC_MSG_RESULT([no]) 135fi 136 137use_stack_protector=1 138use_toolchain_hardening=1 139AC_ARG_WITH([stackprotect], 140 [ --without-stackprotect Don't use compiler's stack protection], [ 141 if test "x$withval" = "xno"; then 142 use_stack_protector=0 143 fi ]) 144AC_ARG_WITH([hardening], 145 [ --without-hardening Don't use toolchain hardening flags], [ 146 if test "x$withval" = "xno"; then 147 use_toolchain_hardening=0 148 fi ]) 149 150# We use -Werror for the tests only so that we catch warnings like "this is 151# on by default" for things like -fPIE. 152AC_MSG_CHECKING([if $CC supports -Werror]) 153saved_CFLAGS="$CFLAGS" 154CFLAGS="$CFLAGS -Werror" 155AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 156 [ AC_MSG_RESULT([yes]) 157 WERROR="-Werror"], 158 [ AC_MSG_RESULT([no]) 159 WERROR="" ] 160) 161CFLAGS="$saved_CFLAGS" 162 163if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 164 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 165 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 166 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 167 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 168 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 169 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 170 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 171 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 172 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 173 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 174 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 175 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 176 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 177 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 178 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 179 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 180 if test "x$use_toolchain_hardening" = "x1"; then 181 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 182 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 183 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 184 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 185 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 186 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 187 # NB. -ftrapv expects certain support functions to be present in 188 # the compiler library (libgcc or similar) to detect integer operations 189 # that can overflow. We must check that the result of enabling it 190 # actually links. The test program compiled/linked includes a number 191 # of integer operations that should exercise this. 192 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 193 fi 194 AC_MSG_CHECKING([gcc version]) 195 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 196 case $GCC_VER in 197 1.*) no_attrib_nonnull=1 ;; 198 2.8* | 2.9*) 199 no_attrib_nonnull=1 200 ;; 201 2.*) no_attrib_nonnull=1 ;; 202 *) ;; 203 esac 204 AC_MSG_RESULT([$GCC_VER]) 205 206 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 207 saved_CFLAGS="$CFLAGS" 208 CFLAGS="$CFLAGS -fno-builtin-memset" 209 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 210 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 211 [ AC_MSG_RESULT([yes]) ], 212 [ AC_MSG_RESULT([no]) 213 CFLAGS="$saved_CFLAGS" ] 214 ) 215 216 # -fstack-protector-all doesn't always work for some GCC versions 217 # and/or platforms, so we test if we can. If it's not supported 218 # on a given platform gcc will emit a warning so we use -Werror. 219 if test "x$use_stack_protector" = "x1"; then 220 for t in -fstack-protector-strong -fstack-protector-all \ 221 -fstack-protector; do 222 AC_MSG_CHECKING([if $CC supports $t]) 223 saved_CFLAGS="$CFLAGS" 224 saved_LDFLAGS="$LDFLAGS" 225 CFLAGS="$CFLAGS $t -Werror" 226 LDFLAGS="$LDFLAGS $t -Werror" 227 AC_LINK_IFELSE( 228 [AC_LANG_PROGRAM([[ 229 #include <stdio.h> 230 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 231 ]], 232 [[ 233 char x[256]; 234 snprintf(x, sizeof(x), "XXX%d", func(1)); 235 ]])], 236 [ AC_MSG_RESULT([yes]) 237 CFLAGS="$saved_CFLAGS $t" 238 LDFLAGS="$saved_LDFLAGS $t" 239 AC_MSG_CHECKING([if $t works]) 240 AC_RUN_IFELSE( 241 [AC_LANG_PROGRAM([[ 242 #include <stdio.h> 243 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 244 ]], 245 [[ 246 char x[256]; 247 snprintf(x, sizeof(x), "XXX%d", func(1)); 248 ]])], 249 [ AC_MSG_RESULT([yes]) 250 break ], 251 [ AC_MSG_RESULT([no]) ], 252 [ AC_MSG_WARN([cross compiling: cannot test]) 253 break ] 254 ) 255 ], 256 [ AC_MSG_RESULT([no]) ] 257 ) 258 CFLAGS="$saved_CFLAGS" 259 LDFLAGS="$saved_LDFLAGS" 260 done 261 fi 262 263 if test -z "$have_llong_max"; then 264 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 265 unset ac_cv_have_decl_LLONG_MAX 266 saved_CFLAGS="$CFLAGS" 267 CFLAGS="$CFLAGS -std=gnu99" 268 AC_CHECK_DECL([LLONG_MAX], 269 [have_llong_max=1], 270 [CFLAGS="$saved_CFLAGS"], 271 [#include <limits.h>] 272 ) 273 fi 274fi 275 276AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 277AC_COMPILE_IFELSE( 278 [AC_LANG_PROGRAM([[ 279#include <stdlib.h> 280__attribute__((__unused__)) static void foo(void){return;}]], 281 [[ exit(0); ]])], 282 [ AC_MSG_RESULT([yes]) ], 283 [ AC_MSG_RESULT([no]) 284 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 285 [compiler does not accept __attribute__ on return types]) ] 286) 287 288AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 289AC_COMPILE_IFELSE( 290 [AC_LANG_PROGRAM([[ 291#include <stdlib.h> 292typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 293 [[ exit(0); ]])], 294 [ AC_MSG_RESULT([yes]) ], 295 [ AC_MSG_RESULT([no]) 296 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 297 [compiler does not accept __attribute__ on prototype args]) ] 298) 299 300AC_MSG_CHECKING([if compiler supports variable length arrays]) 301AC_COMPILE_IFELSE( 302 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 303 [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])], 304 [ AC_MSG_RESULT([yes]) 305 AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1], 306 [compiler supports variable length arrays]) ], 307 [ AC_MSG_RESULT([no]) ] 308) 309 310AC_MSG_CHECKING([if compiler accepts variable declarations after code]) 311AC_COMPILE_IFELSE( 312 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 313 [[ int a; a = 1; int b = 1; exit(a-b); ]])], 314 [ AC_MSG_RESULT([yes]) 315 AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1], 316 [compiler variable declarations after code]) ], 317 [ AC_MSG_RESULT([no]) ] 318) 319 320if test "x$no_attrib_nonnull" != "x1" ; then 321 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 322fi 323 324AC_ARG_WITH([rpath], 325 [ --without-rpath Disable auto-added -R linker paths], 326 [ 327 if test "x$withval" = "xno" ; then 328 rpath_opt="" 329 elif test "x$withval" = "xyes" ; then 330 rpath_opt="-R" 331 else 332 rpath_opt="$withval" 333 fi 334 ] 335) 336 337# Allow user to specify flags 338AC_ARG_WITH([cflags], 339 [ --with-cflags Specify additional flags to pass to compiler], 340 [ 341 if test -n "$withval" && test "x$withval" != "xno" && \ 342 test "x${withval}" != "xyes"; then 343 CFLAGS="$CFLAGS $withval" 344 fi 345 ] 346) 347 348AC_ARG_WITH([cflags-after], 349 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 350 [ 351 if test -n "$withval" && test "x$withval" != "xno" && \ 352 test "x${withval}" != "xyes"; then 353 CFLAGS_AFTER="$withval" 354 fi 355 ] 356) 357AC_ARG_WITH([cppflags], 358 [ --with-cppflags Specify additional flags to pass to preprocessor] , 359 [ 360 if test -n "$withval" && test "x$withval" != "xno" && \ 361 test "x${withval}" != "xyes"; then 362 CPPFLAGS="$CPPFLAGS $withval" 363 fi 364 ] 365) 366AC_ARG_WITH([ldflags], 367 [ --with-ldflags Specify additional flags to pass to linker], 368 [ 369 if test -n "$withval" && test "x$withval" != "xno" && \ 370 test "x${withval}" != "xyes"; then 371 LDFLAGS="$LDFLAGS $withval" 372 fi 373 ] 374) 375AC_ARG_WITH([ldflags-after], 376 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 377 [ 378 if test -n "$withval" && test "x$withval" != "xno" && \ 379 test "x${withval}" != "xyes"; then 380 LDFLAGS_AFTER="$withval" 381 fi 382 ] 383) 384AC_ARG_WITH([libs], 385 [ --with-libs Specify additional libraries to link with], 386 [ 387 if test -n "$withval" && test "x$withval" != "xno" && \ 388 test "x${withval}" != "xyes"; then 389 LIBS="$LIBS $withval" 390 fi 391 ] 392) 393AC_ARG_WITH([Werror], 394 [ --with-Werror Build main code with -Werror], 395 [ 396 if test -n "$withval" && test "x$withval" != "xno"; then 397 werror_flags="-Werror" 398 if test "x${withval}" != "xyes"; then 399 werror_flags="$withval" 400 fi 401 fi 402 ] 403) 404 405AC_CHECK_HEADERS([ \ 406 blf.h \ 407 bstring.h \ 408 crypt.h \ 409 crypto/sha2.h \ 410 dirent.h \ 411 endian.h \ 412 elf.h \ 413 err.h \ 414 features.h \ 415 fcntl.h \ 416 floatingpoint.h \ 417 fnmatch.h \ 418 getopt.h \ 419 glob.h \ 420 ia.h \ 421 iaf.h \ 422 ifaddrs.h \ 423 inttypes.h \ 424 langinfo.h \ 425 limits.h \ 426 locale.h \ 427 login.h \ 428 maillock.h \ 429 ndir.h \ 430 net/if_tun.h \ 431 netdb.h \ 432 netgroup.h \ 433 pam/pam_appl.h \ 434 paths.h \ 435 poll.h \ 436 pty.h \ 437 readpassphrase.h \ 438 rpc/types.h \ 439 security/pam_appl.h \ 440 sha2.h \ 441 shadow.h \ 442 stddef.h \ 443 stdint.h \ 444 string.h \ 445 strings.h \ 446 sys/bitypes.h \ 447 sys/byteorder.h \ 448 sys/bsdtty.h \ 449 sys/cdefs.h \ 450 sys/dir.h \ 451 sys/file.h \ 452 sys/mman.h \ 453 sys/label.h \ 454 sys/ndir.h \ 455 sys/poll.h \ 456 sys/prctl.h \ 457 sys/procctl.h \ 458 sys/pstat.h \ 459 sys/ptrace.h \ 460 sys/random.h \ 461 sys/select.h \ 462 sys/stat.h \ 463 sys/stream.h \ 464 sys/stropts.h \ 465 sys/strtio.h \ 466 sys/statvfs.h \ 467 sys/sysmacros.h \ 468 sys/time.h \ 469 sys/timers.h \ 470 sys/vfs.h \ 471 time.h \ 472 tmpdir.h \ 473 ttyent.h \ 474 ucred.h \ 475 unistd.h \ 476 usersec.h \ 477 util.h \ 478 utime.h \ 479 utmp.h \ 480 utmpx.h \ 481 vis.h \ 482 wchar.h \ 483]) 484 485# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 486# to be included first. 487AC_CHECK_HEADERS([sys/audit.h], [], [], [ 488#ifdef HAVE_SYS_TIME_H 489# include <sys/time.h> 490#endif 491#ifdef HAVE_SYS_TYPES_H 492# include <sys/types.h> 493#endif 494#ifdef HAVE_SYS_LABEL_H 495# include <sys/label.h> 496#endif 497]) 498 499# sys/capsicum.h requires sys/types.h 500AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ 501#ifdef HAVE_SYS_TYPES_H 502# include <sys/types.h> 503#endif 504]) 505 506# net/route.h requires sys/socket.h and sys/types.h. 507# sys/sysctl.h also requires sys/param.h 508AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 509#ifdef HAVE_SYS_TYPES_H 510# include <sys/types.h> 511#endif 512#include <sys/param.h> 513#include <sys/socket.h> 514]) 515 516# lastlog.h requires sys/time.h to be included first on Solaris 517AC_CHECK_HEADERS([lastlog.h], [], [], [ 518#ifdef HAVE_SYS_TIME_H 519# include <sys/time.h> 520#endif 521]) 522 523# sys/ptms.h requires sys/stream.h to be included first on Solaris 524AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 525#ifdef HAVE_SYS_STREAM_H 526# include <sys/stream.h> 527#endif 528]) 529 530# login_cap.h requires sys/types.h on NetBSD 531AC_CHECK_HEADERS([login_cap.h], [], [], [ 532#include <sys/types.h> 533]) 534 535# older BSDs need sys/param.h before sys/mount.h 536AC_CHECK_HEADERS([sys/mount.h], [], [], [ 537#include <sys/param.h> 538]) 539 540# Android requires sys/socket.h to be included before sys/un.h 541AC_CHECK_HEADERS([sys/un.h], [], [], [ 542#include <sys/types.h> 543#include <sys/socket.h> 544]) 545 546# Messages for features tested for in target-specific section 547SIA_MSG="no" 548SPC_MSG="no" 549SP_MSG="no" 550SPP_MSG="no" 551 552# Support for Solaris/Illumos privileges (this test is used by both 553# the --with-solaris-privs option and --with-sandbox=solaris). 554SOLARIS_PRIVS="no" 555 556# Check for some target-specific stuff 557case "$host" in 558*-*-aix*) 559 # Some versions of VAC won't allow macro redefinitions at 560 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 561 # particularly with older versions of vac or xlc. 562 # It also throws errors about null macro arguments, but these are 563 # not fatal. 564 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 565 AC_COMPILE_IFELSE( 566 [AC_LANG_PROGRAM([[ 567#define testmacro foo 568#define testmacro bar]], 569 [[ exit(0); ]])], 570 [ AC_MSG_RESULT([yes]) ], 571 [ AC_MSG_RESULT([no]) 572 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 573 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 574 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 575 ] 576 ) 577 578 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 579 if (test -z "$blibpath"); then 580 blibpath="/usr/lib:/lib" 581 fi 582 saved_LDFLAGS="$LDFLAGS" 583 if test "$GCC" = "yes"; then 584 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 585 else 586 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 587 fi 588 for tryflags in $flags ;do 589 if (test -z "$blibflags"); then 590 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 591 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 592 [blibflags=$tryflags], []) 593 fi 594 done 595 if (test -z "$blibflags"); then 596 AC_MSG_RESULT([not found]) 597 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 598 else 599 AC_MSG_RESULT([$blibflags]) 600 fi 601 LDFLAGS="$saved_LDFLAGS" 602 dnl Check for authenticate. Might be in libs.a on older AIXes 603 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 604 [Define if you want to enable AIX4's authenticate function])], 605 [AC_CHECK_LIB([s], [authenticate], 606 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 607 LIBS="$LIBS -ls" 608 ]) 609 ]) 610 dnl Check for various auth function declarations in headers. 611 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 612 passwdexpired, setauthdb], , , [#include <usersec.h>]) 613 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 614 AC_CHECK_DECLS([loginfailed], 615 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 616 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 617 [[ (void)loginfailed("user","host","tty",0); ]])], 618 [AC_MSG_RESULT([yes]) 619 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 620 [Define if your AIX loginfailed() function 621 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 622 ])], 623 [], 624 [#include <usersec.h>] 625 ) 626 AC_CHECK_FUNCS([getgrset setauthdb]) 627 AC_CHECK_DECL([F_CLOSEM], 628 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 629 [], 630 [ #include <limits.h> 631 #include <fcntl.h> ] 632 ) 633 check_for_aix_broken_getaddrinfo=1 634 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 635 [Define if your platform breaks doing a seteuid before a setuid]) 636 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 637 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 638 dnl AIX handles lastlog as part of its login message 639 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 640 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 641 [Some systems need a utmpx entry for /bin/login to work]) 642 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 643 [Define to a Set Process Title type if your system is 644 supported by bsd-setproctitle.c]) 645 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 646 [AIX 5.2 and 5.3 (and presumably newer) require this]) 647 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 648 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 649 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 650 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 651 ;; 652*-*-android*) 653 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 654 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 655 ;; 656*-*-cygwin*) 657 check_for_libcrypt_later=1 658 LIBS="$LIBS /usr/lib/textreadmode.o" 659 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 660 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 661 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 662 [Define to disable UID restoration test]) 663 AC_DEFINE([DISABLE_SHADOW], [1], 664 [Define if you want to disable shadow passwords]) 665 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 666 [Define if X11 doesn't support AF_UNIX sockets on that system]) 667 AC_DEFINE([DISABLE_FD_PASSING], [1], 668 [Define if your platform needs to skip post auth 669 file descriptor passing]) 670 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 671 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 672 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 673 # reasons which cause compile warnings, so we disable those warnings. 674 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 675 ;; 676*-*-dgux*) 677 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 678 [Define if your system choked on IP TOS setting]) 679 AC_DEFINE([SETEUID_BREAKS_SETUID]) 680 AC_DEFINE([BROKEN_SETREUID]) 681 AC_DEFINE([BROKEN_SETREGID]) 682 ;; 683*-*-darwin*) 684 use_pie=auto 685 AC_MSG_CHECKING([if we have working getaddrinfo]) 686 AC_RUN_IFELSE([AC_LANG_SOURCE([[ 687#include <mach-o/dyld.h> 688#include <stdlib.h> 689main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 690 exit(0); 691 else 692 exit(1); 693} 694 ]])], 695 [AC_MSG_RESULT([working])], 696 [AC_MSG_RESULT([buggy]) 697 AC_DEFINE([BROKEN_GETADDRINFO], [1], 698 [getaddrinfo is broken (if present)]) 699 ], 700 [AC_MSG_RESULT([assume it is working])]) 701 AC_DEFINE([SETEUID_BREAKS_SETUID]) 702 AC_DEFINE([BROKEN_SETREUID]) 703 AC_DEFINE([BROKEN_SETREGID]) 704 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 705 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 706 [Define if your resolver libs need this for getrrsetbyname]) 707 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 708 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 709 [Use tunnel device compatibility to OpenBSD]) 710 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 711 [Prepend the address family to IP tunnel traffic]) 712 m4_pattern_allow([AU_IPv]) 713 AC_CHECK_DECL([AU_IPv4], [], 714 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 715 [#include <bsm/audit.h>] 716 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 717 [Define if pututxline updates lastlog too]) 718 ) 719 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 720 [Define to a Set Process Title type if your system is 721 supported by bsd-setproctitle.c]) 722 AC_CHECK_FUNCS([sandbox_init]) 723 AC_CHECK_HEADERS([sandbox.h]) 724 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 725 SSHDLIBS="$SSHDLIBS -lsandbox" 726 ]) 727 # proc_pidinfo()-based closefrom() replacement. 728 AC_CHECK_HEADERS([libproc.h]) 729 AC_CHECK_FUNCS([proc_pidinfo]) 730 ;; 731*-*-dragonfly*) 732 SSHDLIBS="$SSHDLIBS -lcrypt" 733 TEST_MALLOC_OPTIONS="AFGJPRX" 734 ;; 735*-*-haiku*) 736 LIBS="$LIBS -lbsd " 737 CFLAGS="$CFLAGS -D_BSD_SOURCE" 738 AC_CHECK_LIB([network], [socket]) 739 AC_DEFINE([HAVE_U_INT64_T]) 740 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 741 MANTYPE=man 742 ;; 743*-*-hpux*) 744 # first we define all of the options common to all HP-UX releases 745 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 746 IPADDR_IN_DISPLAY=yes 747 AC_DEFINE([USE_PIPES]) 748 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 749 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 750 [String used in /etc/passwd to denote locked account]) 751 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 752 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 753 maildir="/var/mail" 754 LIBS="$LIBS -lsec" 755 AC_CHECK_LIB([xnet], [t_error], , 756 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 757 758 # next, we define all of the options specific to major releases 759 case "$host" in 760 *-*-hpux10*) 761 if test -z "$GCC"; then 762 CFLAGS="$CFLAGS -Ae" 763 fi 764 ;; 765 *-*-hpux11*) 766 AC_DEFINE([PAM_SUN_CODEBASE], [1], 767 [Define if you are using Solaris-derived PAM which 768 passes pam_messages to the conversation function 769 with an extra level of indirection]) 770 AC_DEFINE([DISABLE_UTMP], [1], 771 [Define if you don't want to use utmp]) 772 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 773 check_for_hpux_broken_getaddrinfo=1 774 check_for_conflicting_getspnam=1 775 ;; 776 esac 777 778 # lastly, we define options specific to minor releases 779 case "$host" in 780 *-*-hpux10.26) 781 AC_DEFINE([HAVE_SECUREWARE], [1], 782 [Define if you have SecureWare-based 783 protected password database]) 784 disable_ptmx_check=yes 785 LIBS="$LIBS -lsecpw" 786 ;; 787 esac 788 ;; 789*-*-irix5*) 790 PATH="$PATH:/usr/etc" 791 AC_DEFINE([BROKEN_INET_NTOA], [1], 792 [Define if you system's inet_ntoa is busted 793 (e.g. Irix gcc issue)]) 794 AC_DEFINE([SETEUID_BREAKS_SETUID]) 795 AC_DEFINE([BROKEN_SETREUID]) 796 AC_DEFINE([BROKEN_SETREGID]) 797 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 798 [Define if you shouldn't strip 'tty' from your 799 ttyname in [uw]tmp]) 800 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 801 ;; 802*-*-irix6*) 803 PATH="$PATH:/usr/etc" 804 AC_DEFINE([WITH_IRIX_ARRAY], [1], 805 [Define if you have/want arrays 806 (cluster-wide session management, not C arrays)]) 807 AC_DEFINE([WITH_IRIX_PROJECT], [1], 808 [Define if you want IRIX project management]) 809 AC_DEFINE([WITH_IRIX_AUDIT], [1], 810 [Define if you want IRIX audit trails]) 811 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 812 [Define if you want IRIX kernel jobs])]) 813 AC_DEFINE([BROKEN_INET_NTOA]) 814 AC_DEFINE([SETEUID_BREAKS_SETUID]) 815 AC_DEFINE([BROKEN_SETREUID]) 816 AC_DEFINE([BROKEN_SETREGID]) 817 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 818 AC_DEFINE([WITH_ABBREV_NO_TTY]) 819 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 820 ;; 821*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 822 check_for_libcrypt_later=1 823 AC_DEFINE([PAM_TTY_KLUDGE]) 824 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 825 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 826 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 827 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 828 ;; 829*-*-linux*) 830 no_dev_ptmx=1 831 use_pie=auto 832 check_for_libcrypt_later=1 833 check_for_openpty_ctty_bug=1 834 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 835 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 836 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" 837 AC_DEFINE([PAM_TTY_KLUDGE], [1], 838 [Work around problematic Linux PAM modules handling of PAM_TTY]) 839 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 840 [String used in /etc/passwd to denote locked account]) 841 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 842 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 843 [Define to whatever link() returns for "not supported" 844 if it doesn't return EOPNOTSUPP.]) 845 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 846 AC_DEFINE([USE_BTMP]) 847 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 848 inet6_default_4in6=yes 849 case `uname -r` in 850 1.*|2.0.*) 851 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 852 [Define if cmsg_type is not passed correctly]) 853 ;; 854 esac 855 # tun(4) forwarding compat code 856 AC_CHECK_HEADERS([linux/if_tun.h]) 857 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 858 AC_DEFINE([SSH_TUN_LINUX], [1], 859 [Open tunnel devices the Linux tun/tap way]) 860 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 861 [Use tunnel device compatibility to OpenBSD]) 862 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 863 [Prepend the address family to IP tunnel traffic]) 864 fi 865 AC_CHECK_HEADER([linux/if.h], 866 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 867 [Support routing domains using Linux VRF]), [], [ 868#ifdef HAVE_SYS_TYPES_H 869# include <sys/types.h> 870#endif 871 ]) 872 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 873 [], [#include <linux/types.h>]) 874 # Obtain MIPS ABI 875 case "$host" in 876 mips*) 877 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 878#if _MIPS_SIM != _ABIO32 879#error 880#endif 881 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 882#if _MIPS_SIM != _ABIN32 883#error 884#endif 885 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 886#if _MIPS_SIM != _ABI64 887#error 888#endif 889 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 890 ]) 891 ]) 892 ]) 893 ;; 894 esac 895 AC_MSG_CHECKING([for seccomp architecture]) 896 seccomp_audit_arch= 897 case "$host" in 898 x86_64-*) 899 seccomp_audit_arch=AUDIT_ARCH_X86_64 900 ;; 901 i*86-*) 902 seccomp_audit_arch=AUDIT_ARCH_I386 903 ;; 904 arm*-*) 905 seccomp_audit_arch=AUDIT_ARCH_ARM 906 ;; 907 aarch64*-*) 908 seccomp_audit_arch=AUDIT_ARCH_AARCH64 909 ;; 910 s390x-*) 911 seccomp_audit_arch=AUDIT_ARCH_S390X 912 ;; 913 s390-*) 914 seccomp_audit_arch=AUDIT_ARCH_S390 915 ;; 916 powerpc64-*) 917 seccomp_audit_arch=AUDIT_ARCH_PPC64 918 ;; 919 powerpc64le-*) 920 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 921 ;; 922 mips-*) 923 seccomp_audit_arch=AUDIT_ARCH_MIPS 924 ;; 925 mipsel-*) 926 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 927 ;; 928 mips64-*) 929 case "$mips_abi" in 930 "n32") 931 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 932 ;; 933 "n64") 934 seccomp_audit_arch=AUDIT_ARCH_MIPS64 935 ;; 936 esac 937 ;; 938 mips64el-*) 939 case "$mips_abi" in 940 "n32") 941 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 942 ;; 943 "n64") 944 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 945 ;; 946 esac 947 ;; 948 riscv64-*) 949 seccomp_audit_arch=AUDIT_ARCH_RISCV64 950 ;; 951 esac 952 if test "x$seccomp_audit_arch" != "x" ; then 953 AC_MSG_RESULT(["$seccomp_audit_arch"]) 954 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 955 [Specify the system call convention in use]) 956 else 957 AC_MSG_RESULT([architecture not supported]) 958 fi 959 ;; 960mips-sony-bsd|mips-sony-newsos4) 961 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 962 SONY=1 963 ;; 964*-*-netbsd*) 965 check_for_libcrypt_before=1 966 if test "x$withval" != "xno" ; then 967 rpath_opt="-R" 968 fi 969 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 970 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 971 AC_CHECK_HEADER([net/if_tap.h], , 972 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 973 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 974 [Prepend the address family to IP tunnel traffic]) 975 TEST_MALLOC_OPTIONS="AJRX" 976 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 977 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 978 ;; 979*-*-freebsd*) 980 check_for_libcrypt_later=1 981 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 982 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 983 AC_CHECK_HEADER([net/if_tap.h], , 984 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 985 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 986 TEST_MALLOC_OPTIONS="AJRX" 987 # Preauth crypto occasionally uses file descriptors for crypto offload 988 # and will crash if they cannot be opened. 989 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 990 [define if setrlimit RLIMIT_NOFILE breaks things]) 991 ;; 992*-*-bsdi*) 993 AC_DEFINE([SETEUID_BREAKS_SETUID]) 994 AC_DEFINE([BROKEN_SETREUID]) 995 AC_DEFINE([BROKEN_SETREGID]) 996 ;; 997*-next-*) 998 conf_lastlog_location="/usr/adm/lastlog" 999 conf_utmp_location=/etc/utmp 1000 conf_wtmp_location=/usr/adm/wtmp 1001 maildir=/usr/spool/mail 1002 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 1003 AC_DEFINE([USE_PIPES]) 1004 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 1005 ;; 1006*-*-openbsd*) 1007 use_pie=auto 1008 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 1009 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 1010 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 1011 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 1012 [syslog_r function is safe to use in in a signal handler]) 1013 TEST_MALLOC_OPTIONS="AFGJPRX" 1014 ;; 1015*-*-solaris*) 1016 if test "x$withval" != "xno" ; then 1017 rpath_opt="-R" 1018 fi 1019 AC_DEFINE([PAM_SUN_CODEBASE]) 1020 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 1021 AC_DEFINE([PAM_TTY_KLUDGE]) 1022 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 1023 [Define if pam_chauthtok wants real uid set 1024 to the unpriv'ed user]) 1025 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1026 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 1027 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 1028 [Define if sshd somehow reacquires a controlling TTY 1029 after setsid()]) 1030 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1031 in case the name is longer than 8 chars]) 1032 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1033 external_path_file=/etc/default/login 1034 # hardwire lastlog location (can't detect it on some versions) 1035 conf_lastlog_location="/var/adm/lastlog" 1036 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1037 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1038 if test "$sol2ver" -ge 8; then 1039 AC_MSG_RESULT([yes]) 1040 AC_DEFINE([DISABLE_UTMP]) 1041 AC_DEFINE([DISABLE_WTMP], [1], 1042 [Define if you don't want to use wtmp]) 1043 else 1044 AC_MSG_RESULT([no]) 1045 fi 1046 AC_CHECK_FUNCS([setpflags]) 1047 AC_CHECK_FUNCS([setppriv]) 1048 AC_CHECK_FUNCS([priv_basicset]) 1049 AC_CHECK_HEADERS([priv.h]) 1050 AC_ARG_WITH([solaris-contracts], 1051 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1052 [ 1053 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1054 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1055 [Define if you have Solaris process contracts]) 1056 LIBS="$LIBS -lcontract" 1057 SPC_MSG="yes" ], ) 1058 ], 1059 ) 1060 AC_ARG_WITH([solaris-projects], 1061 [ --with-solaris-projects Enable Solaris projects (experimental)], 1062 [ 1063 AC_CHECK_LIB([project], [setproject], 1064 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1065 [Define if you have Solaris projects]) 1066 LIBS="$LIBS -lproject" 1067 SP_MSG="yes" ], ) 1068 ], 1069 ) 1070 AC_ARG_WITH([solaris-privs], 1071 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1072 [ 1073 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1074 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1075 "x$ac_cv_header_priv_h" = "xyes" ; then 1076 SOLARIS_PRIVS=yes 1077 AC_MSG_RESULT([found]) 1078 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1079 [Define to disable UID restoration test]) 1080 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1081 [Define if you have Solaris privileges]) 1082 SPP_MSG="yes" 1083 else 1084 AC_MSG_RESULT([not found]) 1085 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1086 fi 1087 ], 1088 ) 1089 TEST_SHELL=$SHELL # let configure find us a capable shell 1090 ;; 1091*-*-sunos4*) 1092 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1093 AC_CHECK_FUNCS([getpwanam]) 1094 AC_DEFINE([PAM_SUN_CODEBASE]) 1095 conf_utmp_location=/etc/utmp 1096 conf_wtmp_location=/var/adm/wtmp 1097 conf_lastlog_location=/var/adm/lastlog 1098 AC_DEFINE([USE_PIPES]) 1099 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1100 ;; 1101*-ncr-sysv*) 1102 LIBS="$LIBS -lc89" 1103 AC_DEFINE([USE_PIPES]) 1104 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1105 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1106 AC_DEFINE([BROKEN_SETREUID]) 1107 AC_DEFINE([BROKEN_SETREGID]) 1108 ;; 1109*-sni-sysv*) 1110 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1111 AC_CHECK_LIB([dl], [dlsym], ,) 1112 # -lresolv needs to be at the end of LIBS or DNS lookups break 1113 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1114 IPADDR_IN_DISPLAY=yes 1115 AC_DEFINE([USE_PIPES]) 1116 AC_DEFINE([IP_TOS_IS_BROKEN]) 1117 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1118 AC_DEFINE([BROKEN_SETREUID]) 1119 AC_DEFINE([BROKEN_SETREGID]) 1120 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1121 external_path_file=/etc/default/login 1122 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1123 # Attention: always take care to bind libsocket and libnsl before libc, 1124 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1125 ;; 1126# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1127*-*-sysv4.2*) 1128 AC_DEFINE([USE_PIPES]) 1129 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1130 AC_DEFINE([BROKEN_SETREUID]) 1131 AC_DEFINE([BROKEN_SETREGID]) 1132 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1133 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1134 TEST_SHELL=$SHELL # let configure find us a capable shell 1135 ;; 1136# UnixWare 7.x, OpenUNIX 8 1137*-*-sysv5*) 1138 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1139 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1140 AC_DEFINE([USE_PIPES]) 1141 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1142 AC_DEFINE([BROKEN_GETADDRINFO]) 1143 AC_DEFINE([BROKEN_SETREUID]) 1144 AC_DEFINE([BROKEN_SETREGID]) 1145 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1146 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1147 TEST_SHELL=$SHELL # let configure find us a capable shell 1148 check_for_libcrypt_later=1 1149 case "$host" in 1150 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1151 maildir=/var/spool/mail 1152 AC_DEFINE([BROKEN_UPDWTMPX]) 1153 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1154 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1155 ], , ) 1156 ;; 1157 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1158 ;; 1159 esac 1160 ;; 1161*-*-sysv*) 1162 ;; 1163# SCO UNIX and OEM versions of SCO UNIX 1164*-*-sco3.2v4*) 1165 AC_MSG_ERROR("This Platform is no longer supported.") 1166 ;; 1167# SCO OpenServer 5.x 1168*-*-sco3.2v5*) 1169 if test -z "$GCC"; then 1170 CFLAGS="$CFLAGS -belf" 1171 fi 1172 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1173 no_dev_ptmx=1 1174 AC_DEFINE([USE_PIPES]) 1175 AC_DEFINE([HAVE_SECUREWARE]) 1176 AC_DEFINE([DISABLE_SHADOW]) 1177 AC_DEFINE([DISABLE_FD_PASSING]) 1178 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1179 AC_DEFINE([BROKEN_GETADDRINFO]) 1180 AC_DEFINE([BROKEN_SETREUID]) 1181 AC_DEFINE([BROKEN_SETREGID]) 1182 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1183 AC_DEFINE([BROKEN_UPDWTMPX]) 1184 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1185 AC_CHECK_FUNCS([getluid setluid]) 1186 MANTYPE=man 1187 TEST_SHELL=$SHELL # let configure find us a capable shell 1188 SKIP_DISABLE_LASTLOG_DEFINE=yes 1189 ;; 1190*-dec-osf*) 1191 AC_MSG_CHECKING([for Digital Unix SIA]) 1192 no_osfsia="" 1193 AC_ARG_WITH([osfsia], 1194 [ --with-osfsia Enable Digital Unix SIA], 1195 [ 1196 if test "x$withval" = "xno" ; then 1197 AC_MSG_RESULT([disabled]) 1198 no_osfsia=1 1199 fi 1200 ], 1201 ) 1202 if test -z "$no_osfsia" ; then 1203 if test -f /etc/sia/matrix.conf; then 1204 AC_MSG_RESULT([yes]) 1205 AC_DEFINE([HAVE_OSF_SIA], [1], 1206 [Define if you have Digital Unix Security 1207 Integration Architecture]) 1208 AC_DEFINE([DISABLE_LOGIN], [1], 1209 [Define if you don't want to use your 1210 system's login() call]) 1211 AC_DEFINE([DISABLE_FD_PASSING]) 1212 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1213 SIA_MSG="yes" 1214 else 1215 AC_MSG_RESULT([no]) 1216 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1217 [String used in /etc/passwd to denote locked account]) 1218 fi 1219 fi 1220 AC_DEFINE([BROKEN_GETADDRINFO]) 1221 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1222 AC_DEFINE([BROKEN_SETREUID]) 1223 AC_DEFINE([BROKEN_SETREGID]) 1224 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1225 ;; 1226 1227*-*-nto-qnx*) 1228 AC_DEFINE([USE_PIPES]) 1229 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1230 AC_DEFINE([DISABLE_LASTLOG]) 1231 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1232 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1233 enable_etc_default_login=no # has incompatible /etc/default/login 1234 case "$host" in 1235 *-*-nto-qnx6*) 1236 AC_DEFINE([DISABLE_FD_PASSING]) 1237 ;; 1238 esac 1239 ;; 1240 1241*-*-ultrix*) 1242 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1243 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1244 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1245 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1246 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1247 # don't get a controlling tty. 1248 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1249 # On Ultrix some headers are not protected against multiple includes, 1250 # so we create wrappers and put it where the compiler will find it. 1251 AC_MSG_WARN([creating compat wrappers for headers]) 1252 mkdir -p netinet 1253 for header in netinet/ip.h netdb.h resolv.h; do 1254 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1255 cat >$header <<EOD 1256#ifndef _SSH_COMPAT_${name} 1257#define _SSH_COMPAT_${name} 1258#include "/usr/include/${header}" 1259#endif 1260EOD 1261 done 1262 ;; 1263 1264*-*-lynxos) 1265 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1266 AC_DEFINE([BROKEN_SETVBUF], [1], 1267 [LynxOS has broken setvbuf() implementation]) 1268 ;; 1269esac 1270 1271AC_MSG_CHECKING([compiler and flags for sanity]) 1272AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])], 1273 [ AC_MSG_RESULT([yes]) ], 1274 [ 1275 AC_MSG_RESULT([no]) 1276 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1277 ], 1278 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1279) 1280 1281dnl Checks for header files. 1282# Checks for libraries. 1283AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1284 1285dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1286AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1287 AC_CHECK_LIB([gen], [dirname], [ 1288 AC_CACHE_CHECK([for broken dirname], 1289 ac_cv_have_broken_dirname, [ 1290 save_LIBS="$LIBS" 1291 LIBS="$LIBS -lgen" 1292 AC_RUN_IFELSE( 1293 [AC_LANG_SOURCE([[ 1294#include <libgen.h> 1295#include <string.h> 1296#include <stdlib.h> 1297 1298int main(int argc, char **argv) { 1299 char *s, buf[32]; 1300 1301 strncpy(buf,"/etc", 32); 1302 s = dirname(buf); 1303 if (!s || strncmp(s, "/", 32) != 0) { 1304 exit(1); 1305 } else { 1306 exit(0); 1307 } 1308} 1309 ]])], 1310 [ ac_cv_have_broken_dirname="no" ], 1311 [ ac_cv_have_broken_dirname="yes" ], 1312 [ ac_cv_have_broken_dirname="no" ], 1313 ) 1314 LIBS="$save_LIBS" 1315 ]) 1316 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1317 LIBS="$LIBS -lgen" 1318 AC_DEFINE([HAVE_DIRNAME]) 1319 AC_CHECK_HEADERS([libgen.h]) 1320 fi 1321 ]) 1322]) 1323 1324AC_CHECK_FUNC([getspnam], , 1325 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1326AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1327 [Define if you have the basename function.])]) 1328 1329dnl zlib defaults to enabled 1330zlib=yes 1331AC_ARG_WITH([zlib], 1332 [ --with-zlib=PATH Use zlib in PATH], 1333 [ if test "x$withval" = "xno" ; then 1334 zlib=no 1335 elif test "x$withval" != "xyes"; then 1336 if test -d "$withval/lib"; then 1337 if test -n "${rpath_opt}"; then 1338 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1339 else 1340 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1341 fi 1342 else 1343 if test -n "${rpath_opt}"; then 1344 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1345 else 1346 LDFLAGS="-L${withval} ${LDFLAGS}" 1347 fi 1348 fi 1349 if test -d "$withval/include"; then 1350 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1351 else 1352 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1353 fi 1354 fi ] 1355) 1356 1357AC_MSG_CHECKING([for zlib]) 1358if test "x${zlib}" = "xno"; then 1359 AC_MSG_RESULT([no]) 1360else 1361 AC_MSG_RESULT([yes]) 1362 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1363 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1364 AC_CHECK_LIB([z], [deflate], , 1365 [ 1366 saved_CPPFLAGS="$CPPFLAGS" 1367 saved_LDFLAGS="$LDFLAGS" 1368 save_LIBS="$LIBS" 1369 dnl Check default zlib install dir 1370 if test -n "${rpath_opt}"; then 1371 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1372 else 1373 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1374 fi 1375 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1376 LIBS="$LIBS -lz" 1377 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1378 [ 1379 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1380 ] 1381 ) 1382 ] 1383 ) 1384 1385 AC_ARG_WITH([zlib-version-check], 1386 [ --without-zlib-version-check Disable zlib version check], 1387 [ if test "x$withval" = "xno" ; then 1388 zlib_check_nonfatal=1 1389 fi 1390 ] 1391 ) 1392 1393 AC_MSG_CHECKING([for possibly buggy zlib]) 1394 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1395#include <stdio.h> 1396#include <stdlib.h> 1397#include <zlib.h> 1398 ]], 1399 [[ 1400 int a=0, b=0, c=0, d=0, n, v; 1401 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1402 if (n != 3 && n != 4) 1403 exit(1); 1404 v = a*1000000 + b*10000 + c*100 + d; 1405 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1406 1407 /* 1.1.4 is OK */ 1408 if (a == 1 && b == 1 && c >= 4) 1409 exit(0); 1410 1411 /* 1.2.3 and up are OK */ 1412 if (v >= 1020300) 1413 exit(0); 1414 1415 exit(2); 1416 ]])], 1417 AC_MSG_RESULT([no]), 1418 [ AC_MSG_RESULT([yes]) 1419 if test -z "$zlib_check_nonfatal" ; then 1420 AC_MSG_ERROR([*** zlib too old - check config.log *** 1421Your reported zlib version has known security problems. It's possible your 1422vendor has fixed these problems without changing the version number. If you 1423are sure this is the case, you can disable the check by running 1424"./configure --without-zlib-version-check". 1425If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1426See http://www.gzip.org/zlib/ for details.]) 1427 else 1428 AC_MSG_WARN([zlib version may have security problems]) 1429 fi 1430 ], 1431 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1432 ) 1433fi 1434 1435dnl UnixWare 2.x 1436AC_CHECK_FUNC([strcasecmp], 1437 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1438) 1439AC_CHECK_FUNCS([utimes], 1440 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1441 LIBS="$LIBS -lc89"]) ] 1442) 1443 1444dnl Checks for libutil functions 1445AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1446AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1447AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1448AC_SEARCH_LIBS([login], [util bsd]) 1449AC_SEARCH_LIBS([logout], [util bsd]) 1450AC_SEARCH_LIBS([logwtmp], [util bsd]) 1451AC_SEARCH_LIBS([openpty], [util bsd]) 1452AC_SEARCH_LIBS([updwtmp], [util bsd]) 1453AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1454 1455# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1456# or libnsl. 1457AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1458AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1459 1460# Some Linux distribtions ship the BSD libc hashing functions in 1461# separate libraries. 1462AC_SEARCH_LIBS([SHA256Update], [md bsd]) 1463 1464# "Particular Function Checks" 1465# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1466AC_FUNC_STRFTIME 1467AC_FUNC_MALLOC 1468AC_FUNC_REALLOC 1469# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1470AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1471AC_RUN_IFELSE( 1472 [AC_LANG_PROGRAM( 1473 [[ #include <stdlib.h> ]], 1474 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1475 )], 1476 [ func_calloc_0_nonnull=yes ], 1477 [ func_calloc_0_nonnull=no ], 1478 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1479 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1480) 1481AC_MSG_RESULT([$func_calloc_0_nonnull]) 1482 1483if test "x$func_calloc_0_nonnull" = "xyes"; then 1484 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1485else 1486 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1487 AC_DEFINE(calloc, rpl_calloc, 1488 [Define to rpl_calloc if the replacement function should be used.]) 1489fi 1490 1491# Check for ALTDIRFUNC glob() extension 1492AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1493AC_EGREP_CPP([FOUNDIT], 1494 [ 1495 #include <glob.h> 1496 #ifdef GLOB_ALTDIRFUNC 1497 FOUNDIT 1498 #endif 1499 ], 1500 [ 1501 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1502 [Define if your system glob() function has 1503 the GLOB_ALTDIRFUNC extension]) 1504 AC_MSG_RESULT([yes]) 1505 ], 1506 [ 1507 AC_MSG_RESULT([no]) 1508 ] 1509) 1510 1511# Check for g.gl_matchc glob() extension 1512AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1513AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1514 [[ glob_t g; g.gl_matchc = 1; ]])], 1515 [ 1516 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1517 [Define if your system glob() function has 1518 gl_matchc options in glob_t]) 1519 AC_MSG_RESULT([yes]) 1520 ], [ 1521 AC_MSG_RESULT([no]) 1522]) 1523 1524# Check for g.gl_statv glob() extension 1525AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1526AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1527#ifndef GLOB_KEEPSTAT 1528#error "glob does not support GLOB_KEEPSTAT extension" 1529#endif 1530glob_t g; 1531g.gl_statv = NULL; 1532]])], 1533 [ 1534 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1535 [Define if your system glob() function has 1536 gl_statv options in glob_t]) 1537 AC_MSG_RESULT([yes]) 1538 ], [ 1539 AC_MSG_RESULT([no]) 1540 1541]) 1542 1543AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1544 1545AC_CHECK_DECL([VIS_ALL], , 1546 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1547 1548AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1549AC_RUN_IFELSE( 1550 [AC_LANG_PROGRAM([[ 1551#include <sys/types.h> 1552#include <dirent.h> 1553#include <stdlib.h> 1554 ]], 1555 [[ 1556 struct dirent d; 1557 exit(sizeof(d.d_name)<=sizeof(char)); 1558 ]])], 1559 [AC_MSG_RESULT([yes])], 1560 [ 1561 AC_MSG_RESULT([no]) 1562 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1563 [Define if your struct dirent expects you to 1564 allocate extra space for d_name]) 1565 ], 1566 [ 1567 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1568 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1569 ] 1570) 1571 1572AC_MSG_CHECKING([for /proc/pid/fd directory]) 1573if test -d "/proc/$$/fd" ; then 1574 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1575 AC_MSG_RESULT([yes]) 1576else 1577 AC_MSG_RESULT([no]) 1578fi 1579 1580# Check whether user wants TCP wrappers support 1581TCPW_MSG="no" 1582AC_ARG_WITH([tcp-wrappers], 1583 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1584 [ 1585 if test "x$withval" != "xno" ; then 1586 saved_LIBS="$LIBS" 1587 saved_LDFLAGS="$LDFLAGS" 1588 saved_CPPFLAGS="$CPPFLAGS" 1589 if test -n "${withval}" && \ 1590 test "x${withval}" != "xyes"; then 1591 if test -d "${withval}/lib"; then 1592 if test -n "${need_dash_r}"; then 1593 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1594 else 1595 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1596 fi 1597 else 1598 if test -n "${need_dash_r}"; then 1599 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1600 else 1601 LDFLAGS="-L${withval} ${LDFLAGS}" 1602 fi 1603 fi 1604 if test -d "${withval}/include"; then 1605 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1606 else 1607 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1608 fi 1609 fi 1610 LIBS="-lwrap $LIBS" 1611 AC_MSG_CHECKING([for libwrap]) 1612 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1613#include <sys/types.h> 1614#include <sys/socket.h> 1615#include <netinet/in.h> 1616#include <tcpd.h> 1617int deny_severity = 0, allow_severity = 0; 1618 ]], [[ 1619 hosts_access(0); 1620 ]])], [ 1621 AC_MSG_RESULT([yes]) 1622 AC_DEFINE([LIBWRAP], [1], 1623 [Define if you want 1624 TCP Wrappers support]) 1625 SSHDLIBS="$SSHDLIBS -lwrap" 1626 TCPW_MSG="yes" 1627 ], [ 1628 AC_MSG_ERROR([*** libwrap missing]) 1629 1630 ]) 1631 LIBS="$saved_LIBS" 1632 fi 1633 ] 1634) 1635 1636# Check whether user wants to use ldns 1637LDNS_MSG="no" 1638AC_ARG_WITH(ldns, 1639 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1640 [ 1641 ldns="" 1642 if test "x$withval" = "xyes" ; then 1643 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1644 if test "x$LDNSCONFIG" = "xno"; then 1645 LIBS="-lldns $LIBS" 1646 ldns=yes 1647 else 1648 LIBS="$LIBS `$LDNSCONFIG --libs`" 1649 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1650 ldns=yes 1651 fi 1652 elif test "x$withval" != "xno" ; then 1653 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1654 LDFLAGS="$LDFLAGS -L${withval}/lib" 1655 LIBS="-lldns $LIBS" 1656 ldns=yes 1657 fi 1658 1659 # Verify that it works. 1660 if test "x$ldns" = "xyes" ; then 1661 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1662 LDNS_MSG="yes" 1663 AC_MSG_CHECKING([for ldns support]) 1664 AC_LINK_IFELSE( 1665 [AC_LANG_SOURCE([[ 1666#include <stdio.h> 1667#include <stdlib.h> 1668#ifdef HAVE_STDINT_H 1669# include <stdint.h> 1670#endif 1671#include <ldns/ldns.h> 1672int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1673 ]]) 1674 ], 1675 [AC_MSG_RESULT(yes)], 1676 [ 1677 AC_MSG_RESULT(no) 1678 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1679 ]) 1680 fi 1681]) 1682 1683# Check whether user wants libedit support 1684LIBEDIT_MSG="no" 1685AC_ARG_WITH([libedit], 1686 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1687 [ if test "x$withval" != "xno" ; then 1688 if test "x$withval" = "xyes" ; then 1689 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1690 if test "x$PKGCONFIG" != "xno"; then 1691 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1692 if "$PKGCONFIG" libedit; then 1693 AC_MSG_RESULT([yes]) 1694 use_pkgconfig_for_libedit=yes 1695 else 1696 AC_MSG_RESULT([no]) 1697 fi 1698 fi 1699 else 1700 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1701 if test -n "${rpath_opt}"; then 1702 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1703 else 1704 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1705 fi 1706 fi 1707 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1708 LIBEDIT=`$PKGCONFIG --libs libedit` 1709 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1710 else 1711 LIBEDIT="-ledit -lcurses" 1712 fi 1713 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1714 AC_CHECK_LIB([edit], [el_init], 1715 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1716 LIBEDIT_MSG="yes" 1717 AC_SUBST([LIBEDIT]) 1718 ], 1719 [ AC_MSG_ERROR([libedit not found]) ], 1720 [ $OTHERLIBS ] 1721 ) 1722 AC_MSG_CHECKING([if libedit version is compatible]) 1723 AC_COMPILE_IFELSE( 1724 [AC_LANG_PROGRAM([[ 1725#include <histedit.h> 1726#include <stdlib.h> 1727 ]], 1728 [[ 1729 int i = H_SETSIZE; 1730 el_init("", NULL, NULL, NULL); 1731 exit(0); 1732 ]])], 1733 [ AC_MSG_RESULT([yes]) ], 1734 [ AC_MSG_RESULT([no]) 1735 AC_MSG_ERROR([libedit version is not compatible]) ] 1736 ) 1737 fi ] 1738) 1739 1740AUDIT_MODULE=none 1741AC_ARG_WITH([audit], 1742 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1743 [ 1744 AC_MSG_CHECKING([for supported audit module]) 1745 case "$withval" in 1746 bsm) 1747 AC_MSG_RESULT([bsm]) 1748 AUDIT_MODULE=bsm 1749 dnl Checks for headers, libs and functions 1750 AC_CHECK_HEADERS([bsm/audit.h], [], 1751 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1752 [ 1753#ifdef HAVE_TIME_H 1754# include <time.h> 1755#endif 1756 ] 1757) 1758 AC_CHECK_LIB([bsm], [getaudit], [], 1759 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1760 AC_CHECK_FUNCS([getaudit], [], 1761 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1762 # These are optional 1763 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1764 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1765 if test "$sol2ver" -ge 11; then 1766 SSHDLIBS="$SSHDLIBS -lscf" 1767 AC_DEFINE([BROKEN_BSM_API], [1], 1768 [The system has incomplete BSM API]) 1769 fi 1770 ;; 1771 linux) 1772 AC_MSG_RESULT([linux]) 1773 AUDIT_MODULE=linux 1774 dnl Checks for headers, libs and functions 1775 AC_CHECK_HEADERS([libaudit.h]) 1776 SSHDLIBS="$SSHDLIBS -laudit" 1777 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1778 ;; 1779 debug) 1780 AUDIT_MODULE=debug 1781 AC_MSG_RESULT([debug]) 1782 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1783 ;; 1784 no) 1785 AC_MSG_RESULT([no]) 1786 ;; 1787 *) 1788 AC_MSG_ERROR([Unknown audit module $withval]) 1789 ;; 1790 esac ] 1791) 1792 1793AC_ARG_WITH([pie], 1794 [ --with-pie Build Position Independent Executables if possible], [ 1795 if test "x$withval" = "xno"; then 1796 use_pie=no 1797 fi 1798 if test "x$withval" = "xyes"; then 1799 use_pie=yes 1800 fi 1801 ] 1802) 1803if test "x$use_pie" = "x"; then 1804 use_pie=no 1805fi 1806if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1807 # Turn off automatic PIE when toolchain hardening is off. 1808 use_pie=no 1809fi 1810if test "x$use_pie" = "xauto"; then 1811 # Automatic PIE requires gcc >= 4.x 1812 AC_MSG_CHECKING([for gcc >= 4.x]) 1813 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1814#if !defined(__GNUC__) || __GNUC__ < 4 1815#error gcc is too old 1816#endif 1817]])], 1818 [ AC_MSG_RESULT([yes]) ], 1819 [ AC_MSG_RESULT([no]) 1820 use_pie=no ] 1821) 1822fi 1823if test "x$use_pie" != "xno"; then 1824 SAVED_CFLAGS="$CFLAGS" 1825 SAVED_LDFLAGS="$LDFLAGS" 1826 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1827 OSSH_CHECK_LDFLAG_LINK([-pie]) 1828 # We use both -fPIE and -pie or neither. 1829 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1830 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1831 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1832 AC_MSG_RESULT([yes]) 1833 else 1834 AC_MSG_RESULT([no]) 1835 CFLAGS="$SAVED_CFLAGS" 1836 LDFLAGS="$SAVED_LDFLAGS" 1837 fi 1838fi 1839 1840AC_MSG_CHECKING([whether -fPIC is accepted]) 1841SAVED_CFLAGS="$CFLAGS" 1842CFLAGS="$CFLAGS -fPIC" 1843AC_COMPILE_IFELSE( 1844 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1845 [AC_MSG_RESULT([yes]) 1846 PICFLAG="-fPIC"; ], 1847 [AC_MSG_RESULT([no]) 1848 PICFLAG=""; ]) 1849CFLAGS="$SAVED_CFLAGS" 1850AC_SUBST([PICFLAG]) 1851 1852dnl Checks for library functions. Please keep in alphabetical order 1853AC_CHECK_FUNCS([ \ 1854 Blowfish_initstate \ 1855 Blowfish_expandstate \ 1856 Blowfish_expand0state \ 1857 Blowfish_stream2word \ 1858 SHA256Update \ 1859 SHA384Update \ 1860 SHA512Update \ 1861 asprintf \ 1862 b64_ntop \ 1863 __b64_ntop \ 1864 b64_pton \ 1865 __b64_pton \ 1866 bcopy \ 1867 bcrypt_pbkdf \ 1868 bindresvport_sa \ 1869 blf_enc \ 1870 bzero \ 1871 cap_rights_limit \ 1872 clock \ 1873 closefrom \ 1874 dirfd \ 1875 endgrent \ 1876 err \ 1877 errx \ 1878 explicit_bzero \ 1879 explicit_memset \ 1880 fchmod \ 1881 fchmodat \ 1882 fchown \ 1883 fchownat \ 1884 flock \ 1885 fnmatch \ 1886 freeaddrinfo \ 1887 freezero \ 1888 fstatfs \ 1889 fstatvfs \ 1890 futimes \ 1891 getaddrinfo \ 1892 getcwd \ 1893 getgrouplist \ 1894 getline \ 1895 getnameinfo \ 1896 getopt \ 1897 getpagesize \ 1898 getpeereid \ 1899 getpeerucred \ 1900 getpgid \ 1901 _getpty \ 1902 getrlimit \ 1903 getrandom \ 1904 getsid \ 1905 getttyent \ 1906 glob \ 1907 group_from_gid \ 1908 inet_aton \ 1909 inet_ntoa \ 1910 inet_ntop \ 1911 innetgr \ 1912 llabs \ 1913 localtime_r \ 1914 login_getcapbool \ 1915 login_getpwclass \ 1916 md5_crypt \ 1917 memmem \ 1918 memmove \ 1919 memset_s \ 1920 mkdtemp \ 1921 ngetaddrinfo \ 1922 nsleep \ 1923 ogetaddrinfo \ 1924 openlog_r \ 1925 pledge \ 1926 poll \ 1927 prctl \ 1928 procctl \ 1929 pselect \ 1930 pstat \ 1931 raise \ 1932 readpassphrase \ 1933 reallocarray \ 1934 realpath \ 1935 recvmsg \ 1936 recallocarray \ 1937 rresvport_af \ 1938 sendmsg \ 1939 setdtablesize \ 1940 setegid \ 1941 setenv \ 1942 seteuid \ 1943 setgroupent \ 1944 setgroups \ 1945 setlinebuf \ 1946 setlogin \ 1947 setpassent\ 1948 setpcred \ 1949 setproctitle \ 1950 setregid \ 1951 setreuid \ 1952 setrlimit \ 1953 setsid \ 1954 setvbuf \ 1955 sigaction \ 1956 sigvec \ 1957 snprintf \ 1958 socketpair \ 1959 statfs \ 1960 statvfs \ 1961 strcasestr \ 1962 strdup \ 1963 strerror \ 1964 strlcat \ 1965 strlcpy \ 1966 strmode \ 1967 strndup \ 1968 strnlen \ 1969 strnvis \ 1970 strptime \ 1971 strsignal \ 1972 strtonum \ 1973 strtoll \ 1974 strtoul \ 1975 strtoull \ 1976 swap32 \ 1977 sysconf \ 1978 tcgetpgrp \ 1979 timingsafe_bcmp \ 1980 truncate \ 1981 unsetenv \ 1982 updwtmpx \ 1983 utimensat \ 1984 user_from_uid \ 1985 usleep \ 1986 vasprintf \ 1987 vsnprintf \ 1988 waitpid \ 1989 warn \ 1990]) 1991 1992AC_CHECK_DECLS([bzero, memmem]) 1993 1994dnl Wide character support. 1995AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1996 1997TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 1998AC_MSG_CHECKING([for utf8 locale support]) 1999AC_RUN_IFELSE( 2000 [AC_LANG_PROGRAM([[ 2001#include <locale.h> 2002#include <stdlib.h> 2003 ]], [[ 2004 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 2005 if (loc != NULL) 2006 exit(0); 2007 exit(1); 2008 ]])], 2009 AC_MSG_RESULT(yes), 2010 [AC_MSG_RESULT(no) 2011 TEST_SSH_UTF8=no], 2012 AC_MSG_WARN([cross compiling: assuming yes]) 2013) 2014 2015AC_LINK_IFELSE( 2016 [AC_LANG_PROGRAM( 2017 [[ #include <ctype.h> ]], 2018 [[ return (isblank('a')); ]])], 2019 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 2020]) 2021 2022disable_pkcs11= 2023AC_ARG_ENABLE([pkcs11], 2024 [ --disable-pkcs11 disable PKCS#11 support code [no]], 2025 [ 2026 if test "x$enableval" = "xno" ; then 2027 disable_pkcs11=1 2028 fi 2029 ] 2030) 2031 2032disable_sk= 2033AC_ARG_ENABLE([security-key], 2034 [ --disable-security-key disable U2F/FIDO support code [no]], 2035 [ 2036 if test "x$enableval" = "xno" ; then 2037 disable_sk=1 2038 fi 2039 ] 2040) 2041enable_sk_internal= 2042AC_ARG_WITH([security-key-builtin], 2043 [ --with-security-key-builtin include builtin U2F/FIDO support], 2044 [ 2045 if test "x$withval" != "xno" ; then 2046 enable_sk_internal=yes 2047 fi 2048 ] 2049) 2050test "x$disable_sk" != "x" && enable_sk_internal="" 2051 2052AC_SEARCH_LIBS([dlopen], [dl]) 2053AC_CHECK_FUNCS([dlopen]) 2054AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 2055 2056# IRIX has a const char return value for gai_strerror() 2057AC_CHECK_FUNCS([gai_strerror], [ 2058 AC_DEFINE([HAVE_GAI_STRERROR]) 2059 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2060#include <sys/types.h> 2061#include <sys/socket.h> 2062#include <netdb.h> 2063 2064const char *gai_strerror(int); 2065 ]], [[ 2066 char *str; 2067 str = gai_strerror(0); 2068 ]])], [ 2069 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 2070 [Define if gai_strerror() returns const char *])], [])]) 2071 2072AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 2073 [Some systems put nanosleep outside of libc])]) 2074 2075AC_SEARCH_LIBS([clock_gettime], [rt], 2076 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 2077 2078dnl check if we need -D_REENTRANT for localtime_r declaration. 2079AC_CHECK_DECL([localtime_r], [], 2080 [ saved_CPPFLAGS="$CPPFLAGS" 2081 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 2082 unset ac_cv_have_decl_localtime_r 2083 AC_CHECK_DECL([localtime_r], [], 2084 [ CPPFLAGS="$saved_CPPFLAGS" ], 2085 [ #include <time.h> ] 2086 ) 2087 ], 2088 [ #include <time.h> ] 2089) 2090 2091dnl Make sure prototypes are defined for these before using them. 2092AC_CHECK_DECL([strsep], 2093 [AC_CHECK_FUNCS([strsep])], 2094 [], 2095 [ 2096#ifdef HAVE_STRING_H 2097# include <string.h> 2098#endif 2099 ]) 2100 2101dnl tcsendbreak might be a macro 2102AC_CHECK_DECL([tcsendbreak], 2103 [AC_DEFINE([HAVE_TCSENDBREAK])], 2104 [AC_CHECK_FUNCS([tcsendbreak])], 2105 [#include <termios.h>] 2106) 2107 2108AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2109 2110AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2111 [ 2112#include <sys/types.h> 2113#include <sys/socket.h> 2114#include <unistd.h> 2115 ]) 2116 2117AC_CHECK_DECLS([O_NONBLOCK], , , 2118 [ 2119#include <sys/types.h> 2120#ifdef HAVE_SYS_STAT_H 2121# include <sys/stat.h> 2122#endif 2123#ifdef HAVE_FCNTL_H 2124# include <fcntl.h> 2125#endif 2126 ]) 2127 2128AC_CHECK_DECLS([readv, writev], , , [ 2129#include <sys/types.h> 2130#include <sys/uio.h> 2131#include <unistd.h> 2132 ]) 2133 2134AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2135#include <sys/param.h> 2136 ]) 2137 2138AC_CHECK_DECLS([offsetof], , , [ 2139#include <stddef.h> 2140 ]) 2141 2142# extra bits for select(2) 2143AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2144#include <sys/param.h> 2145#include <sys/types.h> 2146#ifdef HAVE_SYS_SYSMACROS_H 2147#include <sys/sysmacros.h> 2148#endif 2149#ifdef HAVE_SYS_SELECT_H 2150#include <sys/select.h> 2151#endif 2152#ifdef HAVE_SYS_TIME_H 2153#include <sys/time.h> 2154#endif 2155#ifdef HAVE_UNISTD_H 2156#include <unistd.h> 2157#endif 2158 ]]) 2159AC_CHECK_TYPES([fd_mask], [], [], [[ 2160#include <sys/param.h> 2161#include <sys/types.h> 2162#ifdef HAVE_SYS_SELECT_H 2163#include <sys/select.h> 2164#endif 2165#ifdef HAVE_SYS_TIME_H 2166#include <sys/time.h> 2167#endif 2168#ifdef HAVE_UNISTD_H 2169#include <unistd.h> 2170#endif 2171 ]]) 2172 2173AC_CHECK_FUNCS([setresuid], [ 2174 dnl Some platorms have setresuid that isn't implemented, test for this 2175 AC_MSG_CHECKING([if setresuid seems to work]) 2176 AC_RUN_IFELSE( 2177 [AC_LANG_PROGRAM([[ 2178#include <stdlib.h> 2179#include <errno.h> 2180 ]], [[ 2181 errno=0; 2182 setresuid(0,0,0); 2183 if (errno==ENOSYS) 2184 exit(1); 2185 else 2186 exit(0); 2187 ]])], 2188 [AC_MSG_RESULT([yes])], 2189 [AC_DEFINE([BROKEN_SETRESUID], [1], 2190 [Define if your setresuid() is broken]) 2191 AC_MSG_RESULT([not implemented])], 2192 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2193 ) 2194]) 2195 2196AC_CHECK_FUNCS([setresgid], [ 2197 dnl Some platorms have setresgid that isn't implemented, test for this 2198 AC_MSG_CHECKING([if setresgid seems to work]) 2199 AC_RUN_IFELSE( 2200 [AC_LANG_PROGRAM([[ 2201#include <stdlib.h> 2202#include <errno.h> 2203 ]], [[ 2204 errno=0; 2205 setresgid(0,0,0); 2206 if (errno==ENOSYS) 2207 exit(1); 2208 else 2209 exit(0); 2210 ]])], 2211 [AC_MSG_RESULT([yes])], 2212 [AC_DEFINE([BROKEN_SETRESGID], [1], 2213 [Define if your setresgid() is broken]) 2214 AC_MSG_RESULT([not implemented])], 2215 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2216 ) 2217]) 2218 2219AC_MSG_CHECKING([for working fflush(NULL)]) 2220AC_RUN_IFELSE( 2221 [AC_LANG_PROGRAM([[ 2222#include <stdio.h> 2223#include <stdlib.h> 2224 ]], 2225 [[fflush(NULL); exit(0);]])], 2226 AC_MSG_RESULT([yes]), 2227 [AC_MSG_RESULT([no]) 2228 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2229 [define if fflush(NULL) does not work])], 2230 AC_MSG_WARN([cross compiling: assuming working]) 2231) 2232 2233dnl Checks for time functions 2234AC_CHECK_FUNCS([gettimeofday time]) 2235dnl Checks for utmp functions 2236AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2237AC_CHECK_FUNCS([utmpname]) 2238dnl Checks for utmpx functions 2239AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2240AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2241dnl Checks for lastlog functions 2242AC_CHECK_FUNCS([getlastlogxbyname]) 2243 2244AC_CHECK_FUNC([daemon], 2245 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2246 [AC_CHECK_LIB([bsd], [daemon], 2247 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2248) 2249 2250AC_CHECK_FUNC([getpagesize], 2251 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2252 [Define if your libraries define getpagesize()])], 2253 [AC_CHECK_LIB([ucb], [getpagesize], 2254 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2255) 2256 2257# Check for broken snprintf 2258if test "x$ac_cv_func_snprintf" = "xyes" ; then 2259 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2260 AC_RUN_IFELSE( 2261 [AC_LANG_PROGRAM([[ 2262#include <stdio.h> 2263#include <stdlib.h> 2264 ]], 2265 [[ 2266 char b[5]; 2267 snprintf(b,5,"123456789"); 2268 exit(b[4]!='\0'); 2269 ]])], 2270 [AC_MSG_RESULT([yes])], 2271 [ 2272 AC_MSG_RESULT([no]) 2273 AC_DEFINE([BROKEN_SNPRINTF], [1], 2274 [Define if your snprintf is busted]) 2275 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2276 ], 2277 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2278 ) 2279fi 2280 2281if test "x$ac_cv_func_snprintf" = "xyes" ; then 2282 AC_MSG_CHECKING([whether snprintf understands %zu]) 2283 AC_RUN_IFELSE( 2284 [AC_LANG_PROGRAM([[ 2285#include <sys/types.h> 2286#include <stdio.h> 2287#include <stdlib.h> 2288#include <string.h> 2289 ]], 2290 [[ 2291 size_t a = 1, b = 2; 2292 char z[128]; 2293 snprintf(z, sizeof z, "%zu%zu", a, b); 2294 exit(strcmp(z, "12")); 2295 ]])], 2296 [AC_MSG_RESULT([yes])], 2297 [ 2298 AC_MSG_RESULT([no]) 2299 AC_DEFINE([BROKEN_SNPRINTF], [1], 2300 [snprintf does not understand %zu]) 2301 ], 2302 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2303 ) 2304fi 2305 2306# We depend on vsnprintf returning the right thing on overflow: the 2307# number of characters it tried to create (as per SUSv3) 2308if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2309 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2310 AC_RUN_IFELSE( 2311 [AC_LANG_PROGRAM([[ 2312#include <sys/types.h> 2313#include <stdio.h> 2314#include <stdarg.h> 2315 2316int x_snprintf(char *str, size_t count, const char *fmt, ...) 2317{ 2318 size_t ret; 2319 va_list ap; 2320 2321 va_start(ap, fmt); 2322 ret = vsnprintf(str, count, fmt, ap); 2323 va_end(ap); 2324 return ret; 2325} 2326 ]], [[ 2327char x[1]; 2328if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2329 return 1; 2330if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2331 return 1; 2332return 0; 2333 ]])], 2334 [AC_MSG_RESULT([yes])], 2335 [ 2336 AC_MSG_RESULT([no]) 2337 AC_DEFINE([BROKEN_SNPRINTF], [1], 2338 [Define if your snprintf is busted]) 2339 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2340 ], 2341 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2342 ) 2343fi 2344 2345# On systems where [v]snprintf is broken, but is declared in stdio, 2346# check that the fmt argument is const char * or just char *. 2347# This is only useful for when BROKEN_SNPRINTF 2348AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2349AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2350#include <stdio.h> 2351int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2352 ]], [[ 2353 snprintf(0, 0, 0); 2354 ]])], 2355 [AC_MSG_RESULT([yes]) 2356 AC_DEFINE([SNPRINTF_CONST], [const], 2357 [Define as const if snprintf() can declare const char *fmt])], 2358 [AC_MSG_RESULT([no]) 2359 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2360 2361# Check for missing getpeereid (or equiv) support 2362NO_PEERCHECK="" 2363if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2364 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2365 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2366#include <sys/types.h> 2367#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2368 [ AC_MSG_RESULT([yes]) 2369 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2370 ], [AC_MSG_RESULT([no]) 2371 NO_PEERCHECK=1 2372 ]) 2373fi 2374 2375dnl make sure that openpty does not reacquire controlling terminal 2376if test ! -z "$check_for_openpty_ctty_bug"; then 2377 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2378 AC_RUN_IFELSE( 2379 [AC_LANG_PROGRAM([[ 2380#include <stdio.h> 2381#include <stdlib.h> 2382#include <unistd.h> 2383#include <sys/fcntl.h> 2384#include <sys/types.h> 2385#include <sys/wait.h> 2386 ]], [[ 2387 pid_t pid; 2388 int fd, ptyfd, ttyfd, status; 2389 2390 pid = fork(); 2391 if (pid < 0) { /* failed */ 2392 exit(1); 2393 } else if (pid > 0) { /* parent */ 2394 waitpid(pid, &status, 0); 2395 if (WIFEXITED(status)) 2396 exit(WEXITSTATUS(status)); 2397 else 2398 exit(2); 2399 } else { /* child */ 2400 close(0); close(1); close(2); 2401 setsid(); 2402 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2403 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2404 if (fd >= 0) 2405 exit(3); /* Acquired ctty: broken */ 2406 else 2407 exit(0); /* Did not acquire ctty: OK */ 2408 } 2409 ]])], 2410 [ 2411 AC_MSG_RESULT([yes]) 2412 ], 2413 [ 2414 AC_MSG_RESULT([no]) 2415 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2416 ], 2417 [ 2418 AC_MSG_RESULT([cross-compiling, assuming yes]) 2419 ] 2420 ) 2421fi 2422 2423if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2424 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2425 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2426 AC_RUN_IFELSE( 2427 [AC_LANG_PROGRAM([[ 2428#include <stdio.h> 2429#include <stdlib.h> 2430#include <sys/socket.h> 2431#include <netdb.h> 2432#include <errno.h> 2433#include <netinet/in.h> 2434 2435#define TEST_PORT "2222" 2436 ]], [[ 2437 int err, sock; 2438 struct addrinfo *gai_ai, *ai, hints; 2439 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2440 2441 memset(&hints, 0, sizeof(hints)); 2442 hints.ai_family = PF_UNSPEC; 2443 hints.ai_socktype = SOCK_STREAM; 2444 hints.ai_flags = AI_PASSIVE; 2445 2446 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2447 if (err != 0) { 2448 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2449 exit(1); 2450 } 2451 2452 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2453 if (ai->ai_family != AF_INET6) 2454 continue; 2455 2456 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2457 sizeof(ntop), strport, sizeof(strport), 2458 NI_NUMERICHOST|NI_NUMERICSERV); 2459 2460 if (err != 0) { 2461 if (err == EAI_SYSTEM) 2462 perror("getnameinfo EAI_SYSTEM"); 2463 else 2464 fprintf(stderr, "getnameinfo failed: %s\n", 2465 gai_strerror(err)); 2466 exit(2); 2467 } 2468 2469 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2470 if (sock < 0) 2471 perror("socket"); 2472 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2473 if (errno == EBADF) 2474 exit(3); 2475 } 2476 } 2477 exit(0); 2478 ]])], 2479 [ 2480 AC_MSG_RESULT([yes]) 2481 ], 2482 [ 2483 AC_MSG_RESULT([no]) 2484 AC_DEFINE([BROKEN_GETADDRINFO]) 2485 ], 2486 [ 2487 AC_MSG_RESULT([cross-compiling, assuming yes]) 2488 ] 2489 ) 2490fi 2491 2492if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2493 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2494 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2495 AC_RUN_IFELSE( 2496 [AC_LANG_PROGRAM([[ 2497#include <stdio.h> 2498#include <stdlib.h> 2499#include <sys/socket.h> 2500#include <netdb.h> 2501#include <errno.h> 2502#include <netinet/in.h> 2503 2504#define TEST_PORT "2222" 2505 ]], [[ 2506 int err, sock; 2507 struct addrinfo *gai_ai, *ai, hints; 2508 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2509 2510 memset(&hints, 0, sizeof(hints)); 2511 hints.ai_family = PF_UNSPEC; 2512 hints.ai_socktype = SOCK_STREAM; 2513 hints.ai_flags = AI_PASSIVE; 2514 2515 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2516 if (err != 0) { 2517 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2518 exit(1); 2519 } 2520 2521 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2522 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2523 continue; 2524 2525 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2526 sizeof(ntop), strport, sizeof(strport), 2527 NI_NUMERICHOST|NI_NUMERICSERV); 2528 2529 if (ai->ai_family == AF_INET && err != 0) { 2530 perror("getnameinfo"); 2531 exit(2); 2532 } 2533 } 2534 exit(0); 2535 ]])], 2536 [ 2537 AC_MSG_RESULT([yes]) 2538 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2539 [Define if you have a getaddrinfo that fails 2540 for the all-zeros IPv6 address]) 2541 ], 2542 [ 2543 AC_MSG_RESULT([no]) 2544 AC_DEFINE([BROKEN_GETADDRINFO]) 2545 ], 2546 [ 2547 AC_MSG_RESULT([cross-compiling, assuming no]) 2548 ] 2549 ) 2550fi 2551 2552if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2553 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2554 [#include <sys/types.h> 2555 #include <sys/socket.h> 2556 #include <netdb.h>]) 2557fi 2558 2559if test "x$check_for_conflicting_getspnam" = "x1"; then 2560 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2561 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2562#include <shadow.h> 2563#include <stdlib.h> 2564 ]], 2565 [[ exit(0); ]])], 2566 [ 2567 AC_MSG_RESULT([no]) 2568 ], 2569 [ 2570 AC_MSG_RESULT([yes]) 2571 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2572 [Conflicting defs for getspnam]) 2573 ] 2574 ) 2575fi 2576 2577dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2578dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2579dnl for over ten years). Despite this incompatibility being reported during 2580dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2581dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2582dnl implementation. Try to detect this mess, and assume the only safe option 2583dnl if we're cross compiling. 2584dnl 2585dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2586dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2587if test "x$ac_cv_func_strnvis" = "xyes"; then 2588 AC_MSG_CHECKING([for working strnvis]) 2589 AC_RUN_IFELSE( 2590 [AC_LANG_PROGRAM([[ 2591#include <signal.h> 2592#include <stdlib.h> 2593#include <string.h> 2594#include <unistd.h> 2595#include <vis.h> 2596static void sighandler(int sig) { _exit(1); } 2597 ]], [[ 2598 char dst[16]; 2599 2600 signal(SIGSEGV, sighandler); 2601 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2602 exit(0); 2603 exit(1) 2604 ]])], 2605 [AC_MSG_RESULT([yes])], 2606 [AC_MSG_RESULT([no]) 2607 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2608 [AC_MSG_WARN([cross compiling: assuming broken]) 2609 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2610 ) 2611fi 2612 2613AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2614AC_RUN_IFELSE( 2615 [AC_LANG_PROGRAM([[ 2616#ifdef HAVE_SYS_SELECT 2617# include <sys/select.h> 2618#endif 2619#include <sys/types.h> 2620#include <sys/time.h> 2621#include <stdlib.h> 2622#include <signal.h> 2623#include <unistd.h> 2624static void sighandler(int sig) { } 2625 ]], [[ 2626 int r; 2627 pid_t pid; 2628 struct sigaction sa; 2629 2630 sa.sa_handler = sighandler; 2631 sa.sa_flags = SA_RESTART; 2632 (void)sigaction(SIGTERM, &sa, NULL); 2633 if ((pid = fork()) == 0) { /* child */ 2634 pid = getppid(); 2635 sleep(1); 2636 kill(pid, SIGTERM); 2637 sleep(1); 2638 if (getppid() == pid) /* if parent did not exit, shoot it */ 2639 kill(pid, SIGKILL); 2640 exit(0); 2641 } else { /* parent */ 2642 r = select(0, NULL, NULL, NULL, NULL); 2643 } 2644 exit(r == -1 ? 0 : 1); 2645 ]])], 2646 [AC_MSG_RESULT([yes])], 2647 [AC_MSG_RESULT([no]) 2648 AC_DEFINE([NO_SA_RESTART], [1], 2649 [SA_RESTARTed signals do no interrupt select])], 2650 [AC_MSG_WARN([cross compiling: assuming yes])] 2651) 2652 2653AC_CHECK_FUNCS([getpgrp],[ 2654 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2655 AC_COMPILE_IFELSE( 2656 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2657 [ AC_MSG_RESULT([yes]) 2658 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2659 [ AC_MSG_RESULT([no]) 2660 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2661 ) 2662]) 2663 2664# Search for OpenSSL 2665saved_CPPFLAGS="$CPPFLAGS" 2666saved_LDFLAGS="$LDFLAGS" 2667AC_ARG_WITH([ssl-dir], 2668 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2669 [ 2670 if test "x$openssl" = "xno" ; then 2671 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2672 fi 2673 if test "x$withval" != "xno" ; then 2674 case "$withval" in 2675 # Relative paths 2676 ./*|../*) withval="`pwd`/$withval" 2677 esac 2678 if test -d "$withval/lib"; then 2679 if test -n "${rpath_opt}"; then 2680 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 2681 else 2682 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2683 fi 2684 elif test -d "$withval/lib64"; then 2685 if test -n "${rpath_opt}"; then 2686 LDFLAGS="-L${withval}/lib64 ${rpath_opt}${withval}/lib64 ${LDFLAGS}" 2687 else 2688 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2689 fi 2690 else 2691 if test -n "${rpath_opt}"; then 2692 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 2693 else 2694 LDFLAGS="-L${withval} ${LDFLAGS}" 2695 fi 2696 fi 2697 if test -d "$withval/include"; then 2698 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2699 else 2700 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2701 fi 2702 fi 2703 ] 2704) 2705 2706AC_ARG_WITH([openssl-header-check], 2707 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2708 [ 2709 if test "x$withval" = "xno" ; then 2710 openssl_check_nonfatal=1 2711 fi 2712 ] 2713) 2714 2715openssl_engine=no 2716AC_ARG_WITH([ssl-engine], 2717 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2718 [ 2719 if test "x$withval" != "xno" ; then 2720 if test "x$openssl" = "xno" ; then 2721 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2722 fi 2723 openssl_engine=yes 2724 fi 2725 ] 2726) 2727 2728if test "x$openssl" = "xyes" ; then 2729 LIBS="-lcrypto $LIBS" 2730 AC_TRY_LINK_FUNC([RAND_add], , 2731 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2732 AC_CHECK_HEADER([openssl/opensslv.h], , 2733 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2734 2735 # Determine OpenSSL header version 2736 AC_MSG_CHECKING([OpenSSL header version]) 2737 AC_RUN_IFELSE( 2738 [AC_LANG_PROGRAM([[ 2739 #include <stdlib.h> 2740 #include <stdio.h> 2741 #include <string.h> 2742 #include <openssl/opensslv.h> 2743 #define DATA "conftest.sslincver" 2744 ]], [[ 2745 FILE *fd; 2746 int rc; 2747 2748 fd = fopen(DATA,"w"); 2749 if(fd == NULL) 2750 exit(1); 2751 2752 if ((rc = fprintf(fd, "%08lx (%s)\n", 2753 (unsigned long)OPENSSL_VERSION_NUMBER, 2754 OPENSSL_VERSION_TEXT)) < 0) 2755 exit(1); 2756 2757 exit(0); 2758 ]])], 2759 [ 2760 ssl_header_ver=`cat conftest.sslincver` 2761 AC_MSG_RESULT([$ssl_header_ver]) 2762 ], 2763 [ 2764 AC_MSG_RESULT([not found]) 2765 AC_MSG_ERROR([OpenSSL version header not found.]) 2766 ], 2767 [ 2768 AC_MSG_WARN([cross compiling: not checking]) 2769 ] 2770 ) 2771 2772 # Determining OpenSSL library version is version dependent. 2773 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2774 2775 # Determine OpenSSL library version 2776 AC_MSG_CHECKING([OpenSSL library version]) 2777 AC_RUN_IFELSE( 2778 [AC_LANG_PROGRAM([[ 2779 #include <stdio.h> 2780 #include <stdlib.h> 2781 #include <string.h> 2782 #include <openssl/opensslv.h> 2783 #include <openssl/crypto.h> 2784 #define DATA "conftest.ssllibver" 2785 ]], [[ 2786 FILE *fd; 2787 int rc; 2788 2789 fd = fopen(DATA,"w"); 2790 if(fd == NULL) 2791 exit(1); 2792#ifndef OPENSSL_VERSION 2793# define OPENSSL_VERSION SSLEAY_VERSION 2794#endif 2795#ifndef HAVE_OPENSSL_VERSION 2796# define OpenSSL_version SSLeay_version 2797#endif 2798#ifndef HAVE_OPENSSL_VERSION_NUM 2799# define OpenSSL_version_num SSLeay 2800#endif 2801 if ((rc = fprintf(fd, "%08lx (%s)\n", 2802 (unsigned long)OpenSSL_version_num(), 2803 OpenSSL_version(OPENSSL_VERSION))) < 0) 2804 exit(1); 2805 2806 exit(0); 2807 ]])], 2808 [ 2809 ssl_library_ver=`cat conftest.ssllibver` 2810 # Check version is supported. 2811 case "$ssl_library_ver" in 2812 10000*|0*) 2813 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2814 ;; 2815 100*) ;; # 1.0.x 2816 101000[[0123456]]*) 2817 # https://github.com/openssl/openssl/pull/4613 2818 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) 2819 ;; 2820 101*) ;; # 1.1.x 2821 200*) ;; # LibreSSL 2822 300*) ;; # OpenSSL 3 2823 301*) ;; # OpenSSL development branch. 2824 *) 2825 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) 2826 ;; 2827 esac 2828 AC_MSG_RESULT([$ssl_library_ver]) 2829 ], 2830 [ 2831 AC_MSG_RESULT([not found]) 2832 AC_MSG_ERROR([OpenSSL library not found.]) 2833 ], 2834 [ 2835 AC_MSG_WARN([cross compiling: not checking]) 2836 ] 2837 ) 2838 2839 # Sanity check OpenSSL headers 2840 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2841 AC_RUN_IFELSE( 2842 [AC_LANG_PROGRAM([[ 2843 #include <stdlib.h> 2844 #include <string.h> 2845 #include <openssl/opensslv.h> 2846 #include <openssl/crypto.h> 2847 ]], [[ 2848#ifndef HAVE_OPENSSL_VERSION_NUM 2849# define OpenSSL_version_num SSLeay 2850#endif 2851 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2852 ]])], 2853 [ 2854 AC_MSG_RESULT([yes]) 2855 ], 2856 [ 2857 AC_MSG_RESULT([no]) 2858 if test "x$openssl_check_nonfatal" = "x"; then 2859 AC_MSG_ERROR([Your OpenSSL headers do not match your 2860 library. Check config.log for details. 2861 If you are sure your installation is consistent, you can disable the check 2862 by running "./configure --without-openssl-header-check". 2863 Also see contrib/findssl.sh for help identifying header/library mismatches. 2864 ]) 2865 else 2866 AC_MSG_WARN([Your OpenSSL headers do not match your 2867 library. Check config.log for details. 2868 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2869 fi 2870 ], 2871 [ 2872 AC_MSG_WARN([cross compiling: not checking]) 2873 ] 2874 ) 2875 2876 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2877 AC_LINK_IFELSE( 2878 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2879 [[ ERR_load_crypto_strings(); ]])], 2880 [ 2881 AC_MSG_RESULT([yes]) 2882 ], 2883 [ 2884 AC_MSG_RESULT([no]) 2885 saved_LIBS="$LIBS" 2886 LIBS="$LIBS -ldl" 2887 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2888 AC_LINK_IFELSE( 2889 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2890 [[ ERR_load_crypto_strings(); ]])], 2891 [ 2892 AC_MSG_RESULT([yes]) 2893 ], 2894 [ 2895 AC_MSG_RESULT([no]) 2896 LIBS="$saved_LIBS" 2897 ] 2898 ) 2899 ] 2900 ) 2901 2902 AC_CHECK_FUNCS([ \ 2903 BN_is_prime_ex \ 2904 DSA_generate_parameters_ex \ 2905 EVP_CIPHER_CTX_ctrl \ 2906 EVP_DigestFinal_ex \ 2907 EVP_DigestInit_ex \ 2908 EVP_MD_CTX_cleanup \ 2909 EVP_MD_CTX_copy_ex \ 2910 EVP_MD_CTX_init \ 2911 HMAC_CTX_init \ 2912 RSA_generate_key_ex \ 2913 RSA_get_default_method \ 2914 ]) 2915 2916 # OpenSSL_add_all_algorithms may be a macro. 2917 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 2918 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 2919 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 2920 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 2921 [[#include <openssl/evp.h>]] 2922 ) 2923 ) 2924 2925 # LibreSSL/OpenSSL 1.1x API 2926 AC_CHECK_FUNCS([ \ 2927 OPENSSL_init_crypto \ 2928 DH_get0_key \ 2929 DH_get0_pqg \ 2930 DH_set0_key \ 2931 DH_set_length \ 2932 DH_set0_pqg \ 2933 DSA_get0_key \ 2934 DSA_get0_pqg \ 2935 DSA_set0_key \ 2936 DSA_set0_pqg \ 2937 DSA_SIG_get0 \ 2938 DSA_SIG_set0 \ 2939 ECDSA_SIG_get0 \ 2940 ECDSA_SIG_set0 \ 2941 EVP_CIPHER_CTX_iv \ 2942 EVP_CIPHER_CTX_iv_noconst \ 2943 EVP_CIPHER_CTX_get_iv \ 2944 EVP_CIPHER_CTX_get_updated_iv \ 2945 EVP_CIPHER_CTX_set_iv \ 2946 RSA_get0_crt_params \ 2947 RSA_get0_factors \ 2948 RSA_get0_key \ 2949 RSA_set0_crt_params \ 2950 RSA_set0_factors \ 2951 RSA_set0_key \ 2952 RSA_meth_free \ 2953 RSA_meth_dup \ 2954 RSA_meth_set1_name \ 2955 RSA_meth_get_finish \ 2956 RSA_meth_set_priv_enc \ 2957 RSA_meth_set_priv_dec \ 2958 RSA_meth_set_finish \ 2959 EVP_PKEY_get0_RSA \ 2960 EVP_MD_CTX_new \ 2961 EVP_MD_CTX_free \ 2962 EVP_chacha20 \ 2963 ]) 2964 2965 if test "x$openssl_engine" = "xyes" ; then 2966 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2967 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2968 #include <openssl/engine.h> 2969 ]], [[ 2970 ENGINE_load_builtin_engines(); 2971 ENGINE_register_all_complete(); 2972 ]])], 2973 [ AC_MSG_RESULT([yes]) 2974 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2975 [Enable OpenSSL engine support]) 2976 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2977 ]) 2978 fi 2979 2980 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2981 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2982 AC_LINK_IFELSE( 2983 [AC_LANG_PROGRAM([[ 2984 #include <stdlib.h> 2985 #include <string.h> 2986 #include <openssl/evp.h> 2987 ]], [[ 2988 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2989 ]])], 2990 [ 2991 AC_MSG_RESULT([no]) 2992 ], 2993 [ 2994 AC_MSG_RESULT([yes]) 2995 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2996 [libcrypto is missing AES 192 and 256 bit functions]) 2997 ] 2998 ) 2999 3000 # Check for OpenSSL with EVP_aes_*ctr 3001 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 3002 AC_LINK_IFELSE( 3003 [AC_LANG_PROGRAM([[ 3004 #include <stdlib.h> 3005 #include <string.h> 3006 #include <openssl/evp.h> 3007 ]], [[ 3008 exit(EVP_aes_128_ctr() == NULL || 3009 EVP_aes_192_cbc() == NULL || 3010 EVP_aes_256_cbc() == NULL); 3011 ]])], 3012 [ 3013 AC_MSG_RESULT([yes]) 3014 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 3015 [libcrypto has EVP AES CTR]) 3016 ], 3017 [ 3018 AC_MSG_RESULT([no]) 3019 ] 3020 ) 3021 3022 # Check for OpenSSL with EVP_aes_*gcm 3023 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 3024 AC_LINK_IFELSE( 3025 [AC_LANG_PROGRAM([[ 3026 #include <stdlib.h> 3027 #include <string.h> 3028 #include <openssl/evp.h> 3029 ]], [[ 3030 exit(EVP_aes_128_gcm() == NULL || 3031 EVP_aes_256_gcm() == NULL || 3032 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 3033 EVP_CTRL_GCM_IV_GEN == 0 || 3034 EVP_CTRL_GCM_SET_TAG == 0 || 3035 EVP_CTRL_GCM_GET_TAG == 0 || 3036 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 3037 ]])], 3038 [ 3039 AC_MSG_RESULT([yes]) 3040 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 3041 [libcrypto has EVP AES GCM]) 3042 ], 3043 [ 3044 AC_MSG_RESULT([no]) 3045 unsupported_algorithms="$unsupported_cipers \ 3046 aes128-gcm@openssh.com \ 3047 aes256-gcm@openssh.com" 3048 ] 3049 ) 3050 3051 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 3052 AC_LINK_IFELSE( 3053 [AC_LANG_PROGRAM([[ 3054 #include <stdlib.h> 3055 #include <string.h> 3056 #include <openssl/evp.h> 3057 ]], [[ 3058 if(EVP_DigestUpdate(NULL, NULL,0)) 3059 exit(0); 3060 ]])], 3061 [ 3062 AC_MSG_RESULT([yes]) 3063 ], 3064 [ 3065 AC_MSG_RESULT([no]) 3066 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 3067 [Define if EVP_DigestUpdate returns void]) 3068 ] 3069 ) 3070 3071 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 3072 # because the system crypt() is more featureful. 3073 if test "x$check_for_libcrypt_before" = "x1"; then 3074 AC_CHECK_LIB([crypt], [crypt]) 3075 fi 3076 3077 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 3078 # version in OpenSSL. 3079 if test "x$check_for_libcrypt_later" = "x1"; then 3080 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3081 fi 3082 AC_CHECK_FUNCS([crypt DES_crypt]) 3083 3084 # Check for SHA256, SHA384 and SHA512 support in OpenSSL 3085 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) 3086 3087 # Check complete ECC support in OpenSSL 3088 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 3089 AC_LINK_IFELSE( 3090 [AC_LANG_PROGRAM([[ 3091 #include <openssl/ec.h> 3092 #include <openssl/ecdh.h> 3093 #include <openssl/ecdsa.h> 3094 #include <openssl/evp.h> 3095 #include <openssl/objects.h> 3096 #include <openssl/opensslv.h> 3097 ]], [[ 3098 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3099 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3100 ]])], 3101 [ AC_MSG_RESULT([yes]) 3102 enable_nistp256=1 ], 3103 [ AC_MSG_RESULT([no]) ] 3104 ) 3105 3106 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3107 AC_LINK_IFELSE( 3108 [AC_LANG_PROGRAM([[ 3109 #include <openssl/ec.h> 3110 #include <openssl/ecdh.h> 3111 #include <openssl/ecdsa.h> 3112 #include <openssl/evp.h> 3113 #include <openssl/objects.h> 3114 #include <openssl/opensslv.h> 3115 ]], [[ 3116 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3117 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3118 ]])], 3119 [ AC_MSG_RESULT([yes]) 3120 enable_nistp384=1 ], 3121 [ AC_MSG_RESULT([no]) ] 3122 ) 3123 3124 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3125 AC_LINK_IFELSE( 3126 [AC_LANG_PROGRAM([[ 3127 #include <openssl/ec.h> 3128 #include <openssl/ecdh.h> 3129 #include <openssl/ecdsa.h> 3130 #include <openssl/evp.h> 3131 #include <openssl/objects.h> 3132 #include <openssl/opensslv.h> 3133 ]], [[ 3134 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3135 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3136 ]])], 3137 [ AC_MSG_RESULT([yes]) 3138 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3139 AC_RUN_IFELSE( 3140 [AC_LANG_PROGRAM([[ 3141 #include <stdlib.h> 3142 #include <openssl/ec.h> 3143 #include <openssl/ecdh.h> 3144 #include <openssl/ecdsa.h> 3145 #include <openssl/evp.h> 3146 #include <openssl/objects.h> 3147 #include <openssl/opensslv.h> 3148 ]],[[ 3149 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3150 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3151 exit(e == NULL || m == NULL); 3152 ]])], 3153 [ AC_MSG_RESULT([yes]) 3154 enable_nistp521=1 ], 3155 [ AC_MSG_RESULT([no]) ], 3156 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3157 enable_nistp521=1 ] 3158 )], 3159 AC_MSG_RESULT([no]) 3160 ) 3161 3162 TEST_SSH_ECC=no 3163 3164 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3165 test x$enable_nistp521 = x1; then 3166 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3167 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3168 openssl_ecc=yes 3169 else 3170 openssl_ecc=no 3171 fi 3172 if test x$enable_nistp256 = x1; then 3173 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3174 [libcrypto has NID_X9_62_prime256v1]) 3175 TEST_SSH_ECC=yes 3176 else 3177 unsupported_algorithms="$unsupported_algorithms \ 3178 ecdsa-sha2-nistp256 \ 3179 ecdh-sha2-nistp256 \ 3180 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3181 fi 3182 if test x$enable_nistp384 = x1; then 3183 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3184 TEST_SSH_ECC=yes 3185 else 3186 unsupported_algorithms="$unsupported_algorithms \ 3187 ecdsa-sha2-nistp384 \ 3188 ecdh-sha2-nistp384 \ 3189 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3190 fi 3191 if test x$enable_nistp521 = x1; then 3192 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3193 TEST_SSH_ECC=yes 3194 else 3195 unsupported_algorithms="$unsupported_algorithms \ 3196 ecdh-sha2-nistp521 \ 3197 ecdsa-sha2-nistp521 \ 3198 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3199 fi 3200 3201 AC_SUBST([TEST_SSH_ECC]) 3202else 3203 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3204 AC_CHECK_FUNCS([crypt]) 3205fi 3206 3207# PKCS11/U2F depend on OpenSSL and dlopen(). 3208enable_pkcs11=yes 3209enable_sk=yes 3210if test "x$openssl" != "xyes" ; then 3211 enable_pkcs11="disabled; missing libcrypto" 3212 enable_sk="disabled; missing libcrypto" 3213fi 3214if test "x$openssl_ecc" != "xyes" ; then 3215 enable_sk="disabled; OpenSSL has no ECC support" 3216fi 3217if test "x$ac_cv_func_dlopen" != "xyes" ; then 3218 enable_pkcs11="disabled; missing dlopen(3)" 3219 enable_sk="disabled; missing dlopen(3)" 3220fi 3221if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3222 enable_pkcs11="disabled; missing RTLD_NOW" 3223 enable_sk="disabled; missing RTLD_NOW" 3224fi 3225if test ! -z "$disable_pkcs11" ; then 3226 enable_pkcs11="disabled by user" 3227fi 3228if test ! -z "$disable_sk" ; then 3229 enable_sk="disabled by user" 3230fi 3231 3232AC_MSG_CHECKING([whether to enable PKCS11]) 3233if test "x$enable_pkcs11" = "xyes" ; then 3234 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3235fi 3236AC_MSG_RESULT([$enable_pkcs11]) 3237 3238AC_MSG_CHECKING([whether to enable U2F]) 3239if test "x$enable_sk" = "xyes" ; then 3240 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3241 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3242else 3243 # Do not try to build sk-dummy library. 3244 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3245fi 3246AC_MSG_RESULT([$enable_sk]) 3247 3248# Now check for built-in security key support. 3249if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then 3250 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 3251 use_pkgconfig_for_libfido2= 3252 if test "x$PKGCONFIG" != "xno"; then 3253 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3254 if "$PKGCONFIG" libfido2; then 3255 AC_MSG_RESULT([yes]) 3256 use_pkgconfig_for_libfido2=yes 3257 else 3258 AC_MSG_RESULT([no]) 3259 fi 3260 fi 3261 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3262 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3263 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3264 else 3265 LIBFIDO2="-lfido2 -lcbor" 3266 fi 3267 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3268 AC_CHECK_LIB([fido2], [fido_init], 3269 [ 3270 AC_SUBST([LIBFIDO2]) 3271 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3272 [Enable for built-in U2F/FIDO support]) 3273 enable_sk="built-in" 3274 ], [ AC_MSG_ERROR([no usable libfido2 found]) ], 3275 [ $OTHERLIBS ] 3276 ) 3277 saved_LIBS="$LIBS" 3278 LIBS="$LIBS $LIBFIDO2" 3279 AC_CHECK_FUNCS([ \ 3280 fido_cred_prot \ 3281 fido_cred_set_prot \ 3282 fido_dev_get_touch_begin \ 3283 fido_dev_get_touch_status \ 3284 fido_dev_supports_cred_prot \ 3285 ]) 3286 LIBS="$saved_LIBS" 3287 AC_CHECK_HEADER([fido.h], [], 3288 AC_MSG_ERROR([missing fido.h from libfido2])) 3289 AC_CHECK_HEADER([fido/credman.h], [], 3290 AC_MSG_ERROR([missing fido/credman.h from libfido2]), 3291 [#include <fido.h>] 3292 ) 3293fi 3294 3295AC_CHECK_FUNCS([ \ 3296 arc4random \ 3297 arc4random_buf \ 3298 arc4random_stir \ 3299 arc4random_uniform \ 3300]) 3301 3302saved_LIBS="$LIBS" 3303AC_CHECK_LIB([iaf], [ia_openinfo], [ 3304 LIBS="$LIBS -liaf" 3305 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3306 AC_DEFINE([HAVE_LIBIAF], [1], 3307 [Define if system has libiaf that supports set_id]) 3308 ]) 3309]) 3310LIBS="$saved_LIBS" 3311 3312### Configure cryptographic random number support 3313 3314# Check whether OpenSSL seeds itself 3315if test "x$openssl" = "xyes" ; then 3316 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3317 AC_RUN_IFELSE( 3318 [AC_LANG_PROGRAM([[ 3319 #include <stdlib.h> 3320 #include <string.h> 3321 #include <openssl/rand.h> 3322 ]], [[ 3323 exit(RAND_status() == 1 ? 0 : 1); 3324 ]])], 3325 [ 3326 OPENSSL_SEEDS_ITSELF=yes 3327 AC_MSG_RESULT([yes]) 3328 ], 3329 [ 3330 AC_MSG_RESULT([no]) 3331 ], 3332 [ 3333 AC_MSG_WARN([cross compiling: assuming yes]) 3334 # This is safe, since we will fatal() at runtime if 3335 # OpenSSL is not seeded correctly. 3336 OPENSSL_SEEDS_ITSELF=yes 3337 ] 3338 ) 3339fi 3340 3341# PRNGD TCP socket 3342AC_ARG_WITH([prngd-port], 3343 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3344 [ 3345 case "$withval" in 3346 no) 3347 withval="" 3348 ;; 3349 [[0-9]]*) 3350 ;; 3351 *) 3352 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3353 ;; 3354 esac 3355 if test ! -z "$withval" ; then 3356 PRNGD_PORT="$withval" 3357 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3358 [Port number of PRNGD/EGD random number socket]) 3359 fi 3360 ] 3361) 3362 3363# PRNGD Unix domain socket 3364AC_ARG_WITH([prngd-socket], 3365 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3366 [ 3367 case "$withval" in 3368 yes) 3369 withval="/var/run/egd-pool" 3370 ;; 3371 no) 3372 withval="" 3373 ;; 3374 /*) 3375 ;; 3376 *) 3377 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3378 ;; 3379 esac 3380 3381 if test ! -z "$withval" ; then 3382 if test ! -z "$PRNGD_PORT" ; then 3383 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3384 fi 3385 if test ! -r "$withval" ; then 3386 AC_MSG_WARN([Entropy socket is not readable]) 3387 fi 3388 PRNGD_SOCKET="$withval" 3389 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3390 [Location of PRNGD/EGD random number socket]) 3391 fi 3392 ], 3393 [ 3394 # Check for existing socket only if we don't have a random device already 3395 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3396 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3397 # Insert other locations here 3398 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3399 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3400 PRNGD_SOCKET="$sock" 3401 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3402 break; 3403 fi 3404 done 3405 if test ! -z "$PRNGD_SOCKET" ; then 3406 AC_MSG_RESULT([$PRNGD_SOCKET]) 3407 else 3408 AC_MSG_RESULT([not found]) 3409 fi 3410 fi 3411 ] 3412) 3413 3414# Which randomness source do we use? 3415if test ! -z "$PRNGD_PORT" ; then 3416 RAND_MSG="PRNGd port $PRNGD_PORT" 3417elif test ! -z "$PRNGD_SOCKET" ; then 3418 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3419elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3420 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3421 [Define if you want the OpenSSL internally seeded PRNG only]) 3422 RAND_MSG="OpenSSL internal ONLY" 3423elif test "x$openssl" = "xno" ; then 3424 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3425else 3426 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3427fi 3428 3429# Check for PAM libs 3430PAM_MSG="no" 3431AC_ARG_WITH([pam], 3432 [ --with-pam Enable PAM support ], 3433 [ 3434 if test "x$withval" != "xno" ; then 3435 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3436 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3437 AC_MSG_ERROR([PAM headers not found]) 3438 fi 3439 3440 saved_LIBS="$LIBS" 3441 AC_CHECK_LIB([dl], [dlopen], , ) 3442 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3443 AC_CHECK_FUNCS([pam_getenvlist]) 3444 AC_CHECK_FUNCS([pam_putenv]) 3445 LIBS="$saved_LIBS" 3446 3447 PAM_MSG="yes" 3448 3449 SSHDLIBS="$SSHDLIBS -lpam" 3450 AC_DEFINE([USE_PAM], [1], 3451 [Define if you want to enable PAM support]) 3452 3453 if test $ac_cv_lib_dl_dlopen = yes; then 3454 case "$LIBS" in 3455 *-ldl*) 3456 # libdl already in LIBS 3457 ;; 3458 *) 3459 SSHDLIBS="$SSHDLIBS -ldl" 3460 ;; 3461 esac 3462 fi 3463 fi 3464 ] 3465) 3466 3467AC_ARG_WITH([pam-service], 3468 [ --with-pam-service=name Specify PAM service name ], 3469 [ 3470 if test "x$withval" != "xno" && \ 3471 test "x$withval" != "xyes" ; then 3472 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3473 ["$withval"], [sshd PAM service name]) 3474 fi 3475 ] 3476) 3477 3478# Check for older PAM 3479if test "x$PAM_MSG" = "xyes" ; then 3480 # Check PAM strerror arguments (old PAM) 3481 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3482 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3483#include <stdlib.h> 3484#if defined(HAVE_SECURITY_PAM_APPL_H) 3485#include <security/pam_appl.h> 3486#elif defined (HAVE_PAM_PAM_APPL_H) 3487#include <pam/pam_appl.h> 3488#endif 3489 ]], [[ 3490(void)pam_strerror((pam_handle_t *)NULL, -1); 3491 ]])], [AC_MSG_RESULT([no])], [ 3492 AC_DEFINE([HAVE_OLD_PAM], [1], 3493 [Define if you have an old version of PAM 3494 which takes only one argument to pam_strerror]) 3495 AC_MSG_RESULT([yes]) 3496 PAM_MSG="yes (old library)" 3497 3498 ]) 3499fi 3500 3501case "$host" in 3502*-*-cygwin*) 3503 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3504 ;; 3505*) 3506 SSH_PRIVSEP_USER=sshd 3507 ;; 3508esac 3509AC_ARG_WITH([privsep-user], 3510 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3511 [ 3512 if test -n "$withval" && test "x$withval" != "xno" && \ 3513 test "x${withval}" != "xyes"; then 3514 SSH_PRIVSEP_USER=$withval 3515 fi 3516 ] 3517) 3518if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3519 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3520 [Cygwin function to fetch non-privileged user for privilege separation]) 3521else 3522 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3523 [non-privileged user for privilege separation]) 3524fi 3525AC_SUBST([SSH_PRIVSEP_USER]) 3526 3527if test "x$have_linux_no_new_privs" = "x1" ; then 3528AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3529 #include <sys/types.h> 3530 #include <linux/seccomp.h> 3531]) 3532fi 3533if test "x$have_seccomp_filter" = "x1" ; then 3534AC_MSG_CHECKING([kernel for seccomp_filter support]) 3535AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3536 #include <errno.h> 3537 #include <elf.h> 3538 #include <linux/audit.h> 3539 #include <linux/seccomp.h> 3540 #include <stdlib.h> 3541 #include <sys/prctl.h> 3542 ]], 3543 [[ int i = $seccomp_audit_arch; 3544 errno = 0; 3545 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3546 exit(errno == EFAULT ? 0 : 1); ]])], 3547 [ AC_MSG_RESULT([yes]) ], [ 3548 AC_MSG_RESULT([no]) 3549 # Disable seccomp filter as a target 3550 have_seccomp_filter=0 3551 ] 3552) 3553fi 3554 3555# Decide which sandbox style to use 3556sandbox_arg="" 3557AC_ARG_WITH([sandbox], 3558 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3559 [ 3560 if test "x$withval" = "xyes" ; then 3561 sandbox_arg="" 3562 else 3563 sandbox_arg="$withval" 3564 fi 3565 ] 3566) 3567 3568# Some platforms (seems to be the ones that have a kernel poll(2)-type 3569# function with which they implement select(2)) use an extra file descriptor 3570# when calling select(2), which means we can't use the rlimit sandbox. 3571AC_MSG_CHECKING([if select works with descriptor rlimit]) 3572AC_RUN_IFELSE( 3573 [AC_LANG_PROGRAM([[ 3574#include <sys/types.h> 3575#ifdef HAVE_SYS_TIME_H 3576# include <sys/time.h> 3577#endif 3578#include <sys/resource.h> 3579#ifdef HAVE_SYS_SELECT_H 3580# include <sys/select.h> 3581#endif 3582#include <errno.h> 3583#include <fcntl.h> 3584#include <stdlib.h> 3585 ]],[[ 3586 struct rlimit rl_zero; 3587 int fd, r; 3588 fd_set fds; 3589 struct timeval tv; 3590 3591 fd = open("/dev/null", O_RDONLY); 3592 FD_ZERO(&fds); 3593 FD_SET(fd, &fds); 3594 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3595 setrlimit(RLIMIT_FSIZE, &rl_zero); 3596 setrlimit(RLIMIT_NOFILE, &rl_zero); 3597 tv.tv_sec = 1; 3598 tv.tv_usec = 0; 3599 r = select(fd+1, &fds, NULL, NULL, &tv); 3600 exit (r == -1 ? 1 : 0); 3601 ]])], 3602 [AC_MSG_RESULT([yes]) 3603 select_works_with_rlimit=yes], 3604 [AC_MSG_RESULT([no]) 3605 select_works_with_rlimit=no], 3606 [AC_MSG_WARN([cross compiling: assuming yes]) 3607 select_works_with_rlimit=yes] 3608) 3609 3610AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3611AC_RUN_IFELSE( 3612 [AC_LANG_PROGRAM([[ 3613#include <sys/types.h> 3614#ifdef HAVE_SYS_TIME_H 3615# include <sys/time.h> 3616#endif 3617#include <sys/resource.h> 3618#include <errno.h> 3619#include <stdlib.h> 3620 ]],[[ 3621 struct rlimit rl_zero; 3622 int r; 3623 3624 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3625 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3626 exit (r == -1 ? 1 : 0); 3627 ]])], 3628 [AC_MSG_RESULT([yes]) 3629 rlimit_nofile_zero_works=yes], 3630 [AC_MSG_RESULT([no]) 3631 rlimit_nofile_zero_works=no], 3632 [AC_MSG_WARN([cross compiling: assuming yes]) 3633 rlimit_nofile_zero_works=yes] 3634) 3635 3636AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3637AC_RUN_IFELSE( 3638 [AC_LANG_PROGRAM([[ 3639#include <sys/types.h> 3640#include <sys/resource.h> 3641#include <stdlib.h> 3642 ]],[[ 3643 struct rlimit rl_zero; 3644 3645 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3646 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3647 ]])], 3648 [AC_MSG_RESULT([yes])], 3649 [AC_MSG_RESULT([no]) 3650 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3651 [setrlimit RLIMIT_FSIZE works])], 3652 [AC_MSG_WARN([cross compiling: assuming yes])] 3653) 3654 3655if test "x$sandbox_arg" = "xpledge" || \ 3656 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3657 test "x$ac_cv_func_pledge" != "xyes" && \ 3658 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3659 SANDBOX_STYLE="pledge" 3660 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3661elif test "x$sandbox_arg" = "xsystrace" || \ 3662 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3663 test "x$have_systr_policy_kill" != "x1" && \ 3664 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3665 SANDBOX_STYLE="systrace" 3666 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3667elif test "x$sandbox_arg" = "xdarwin" || \ 3668 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3669 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3670 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3671 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3672 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3673 SANDBOX_STYLE="darwin" 3674 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3675elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3676 ( test -z "$sandbox_arg" && \ 3677 test "x$have_seccomp_filter" = "x1" && \ 3678 test "x$ac_cv_header_elf_h" = "xyes" && \ 3679 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3680 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3681 test "x$seccomp_audit_arch" != "x" && \ 3682 test "x$have_linux_no_new_privs" = "x1" && \ 3683 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3684 test "x$seccomp_audit_arch" = "x" && \ 3685 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3686 test "x$have_linux_no_new_privs" != "x1" && \ 3687 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3688 test "x$have_seccomp_filter" != "x1" && \ 3689 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3690 test "x$ac_cv_func_prctl" != "xyes" && \ 3691 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3692 SANDBOX_STYLE="seccomp_filter" 3693 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3694elif test "x$sandbox_arg" = "xcapsicum" || \ 3695 ( test -z "$sandbox_arg" && \ 3696 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3697 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3698 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3699 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3700 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3701 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3702 SANDBOX_STYLE="capsicum" 3703 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3704elif test "x$sandbox_arg" = "xrlimit" || \ 3705 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3706 test "x$select_works_with_rlimit" = "xyes" && \ 3707 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3708 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3709 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3710 test "x$select_works_with_rlimit" != "xyes" && \ 3711 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3712 SANDBOX_STYLE="rlimit" 3713 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3714elif test "x$sandbox_arg" = "xsolaris" || \ 3715 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3716 SANDBOX_STYLE="solaris" 3717 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3718elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3719 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3720 SANDBOX_STYLE="none" 3721 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3722else 3723 AC_MSG_ERROR([unsupported --with-sandbox]) 3724fi 3725 3726# Cheap hack to ensure NEWS-OS libraries are arranged right. 3727if test ! -z "$SONY" ; then 3728 LIBS="$LIBS -liberty"; 3729fi 3730 3731# Check for long long datatypes 3732AC_CHECK_TYPES([long long, unsigned long long, long double]) 3733 3734# Check datatype sizes 3735AC_CHECK_SIZEOF([short int]) 3736AC_CHECK_SIZEOF([int]) 3737AC_CHECK_SIZEOF([long int]) 3738AC_CHECK_SIZEOF([long long int]) 3739AC_CHECK_SIZEOF([time_t], [], [[ 3740 #include <sys/types.h> 3741 #ifdef HAVE_SYS_TIME_H 3742 # include <sys/time.h> 3743 #endif 3744 #ifdef HAVE_TIME_H 3745 # include <time.h> 3746 #endif 3747 ]] 3748) 3749 3750# Sanity check long long for some platforms (AIX) 3751if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3752 ac_cv_sizeof_long_long_int=0 3753fi 3754 3755# compute LLONG_MIN and LLONG_MAX if we don't know them. 3756if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3757 AC_MSG_CHECKING([for max value of long long]) 3758 AC_RUN_IFELSE( 3759 [AC_LANG_PROGRAM([[ 3760#include <stdio.h> 3761#include <stdlib.h> 3762/* Why is this so damn hard? */ 3763#ifdef __GNUC__ 3764# undef __GNUC__ 3765#endif 3766#define __USE_ISOC99 3767#include <limits.h> 3768#define DATA "conftest.llminmax" 3769#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3770 3771/* 3772 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3773 * we do this the hard way. 3774 */ 3775static int 3776fprint_ll(FILE *f, long long n) 3777{ 3778 unsigned int i; 3779 int l[sizeof(long long) * 8]; 3780 3781 if (n < 0) 3782 if (fprintf(f, "-") < 0) 3783 return -1; 3784 for (i = 0; n != 0; i++) { 3785 l[i] = my_abs(n % 10); 3786 n /= 10; 3787 } 3788 do { 3789 if (fprintf(f, "%d", l[--i]) < 0) 3790 return -1; 3791 } while (i != 0); 3792 if (fprintf(f, " ") < 0) 3793 return -1; 3794 return 0; 3795} 3796 ]], [[ 3797 FILE *f; 3798 long long i, llmin, llmax = 0; 3799 3800 if((f = fopen(DATA,"w")) == NULL) 3801 exit(1); 3802 3803#if defined(LLONG_MIN) && defined(LLONG_MAX) 3804 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3805 llmin = LLONG_MIN; 3806 llmax = LLONG_MAX; 3807#else 3808 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3809 /* This will work on one's complement and two's complement */ 3810 for (i = 1; i > llmax; i <<= 1, i++) 3811 llmax = i; 3812 llmin = llmax + 1LL; /* wrap */ 3813#endif 3814 3815 /* Sanity check */ 3816 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3817 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3818 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3819 fprintf(f, "unknown unknown\n"); 3820 exit(2); 3821 } 3822 3823 if (fprint_ll(f, llmin) < 0) 3824 exit(3); 3825 if (fprint_ll(f, llmax) < 0) 3826 exit(4); 3827 if (fclose(f) < 0) 3828 exit(5); 3829 exit(0); 3830 ]])], 3831 [ 3832 llong_min=`$AWK '{print $1}' conftest.llminmax` 3833 llong_max=`$AWK '{print $2}' conftest.llminmax` 3834 3835 AC_MSG_RESULT([$llong_max]) 3836 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3837 [max value of long long calculated by configure]) 3838 AC_MSG_CHECKING([for min value of long long]) 3839 AC_MSG_RESULT([$llong_min]) 3840 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3841 [min value of long long calculated by configure]) 3842 ], 3843 [ 3844 AC_MSG_RESULT([not found]) 3845 ], 3846 [ 3847 AC_MSG_WARN([cross compiling: not checking]) 3848 ] 3849 ) 3850fi 3851 3852AC_CHECK_DECLS([UINT32_MAX], , , [[ 3853#ifdef HAVE_SYS_LIMITS_H 3854# include <sys/limits.h> 3855#endif 3856#ifdef HAVE_LIMITS_H 3857# include <limits.h> 3858#endif 3859#ifdef HAVE_STDINT_H 3860# include <stdint.h> 3861#endif 3862]]) 3863 3864# More checks for data types 3865AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3866 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3867 [[ u_int a; a = 1;]])], 3868 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3869 ]) 3870]) 3871if test "x$ac_cv_have_u_int" = "xyes" ; then 3872 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3873 have_u_int=1 3874fi 3875 3876AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3877 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3878 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3879 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3880 ]) 3881]) 3882if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3883 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3884 have_intxx_t=1 3885fi 3886 3887if (test -z "$have_intxx_t" && \ 3888 test "x$ac_cv_header_stdint_h" = "xyes") 3889then 3890 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3891 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3892 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3893 [ 3894 AC_DEFINE([HAVE_INTXX_T]) 3895 AC_MSG_RESULT([yes]) 3896 ], [ AC_MSG_RESULT([no]) 3897 ]) 3898fi 3899 3900AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3901 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3902#include <sys/types.h> 3903#ifdef HAVE_STDINT_H 3904# include <stdint.h> 3905#endif 3906#include <sys/socket.h> 3907#ifdef HAVE_SYS_BITYPES_H 3908# include <sys/bitypes.h> 3909#endif 3910 ]], [[ 3911int64_t a; a = 1; 3912 ]])], 3913 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3914 ]) 3915]) 3916if test "x$ac_cv_have_int64_t" = "xyes" ; then 3917 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3918fi 3919 3920AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3921 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3922 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3923 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3924 ]) 3925]) 3926if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3927 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3928 have_u_intxx_t=1 3929fi 3930 3931if test -z "$have_u_intxx_t" ; then 3932 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3933 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3934 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3935 [ 3936 AC_DEFINE([HAVE_U_INTXX_T]) 3937 AC_MSG_RESULT([yes]) 3938 ], [ AC_MSG_RESULT([no]) 3939 ]) 3940fi 3941 3942AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3943 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3944 [[ u_int64_t a; a = 1;]])], 3945 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3946 ]) 3947]) 3948if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3949 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3950 have_u_int64_t=1 3951fi 3952 3953if (test -z "$have_u_int64_t" && \ 3954 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3955then 3956 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3957 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3958 [[ u_int64_t a; a = 1]])], 3959 [ 3960 AC_DEFINE([HAVE_U_INT64_T]) 3961 AC_MSG_RESULT([yes]) 3962 ], [ AC_MSG_RESULT([no]) 3963 ]) 3964fi 3965 3966if test -z "$have_u_intxx_t" ; then 3967 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3968 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3969#include <sys/types.h> 3970 ]], [[ 3971 uint8_t a; 3972 uint16_t b; 3973 uint32_t c; 3974 a = b = c = 1; 3975 ]])], 3976 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3977 ]) 3978 ]) 3979 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3980 AC_DEFINE([HAVE_UINTXX_T], [1], 3981 [define if you have uintxx_t data type]) 3982 fi 3983fi 3984 3985if (test -z "$have_uintxx_t" && \ 3986 test "x$ac_cv_header_stdint_h" = "xyes") 3987then 3988 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3989 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3990 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3991 [ 3992 AC_DEFINE([HAVE_UINTXX_T]) 3993 AC_MSG_RESULT([yes]) 3994 ], [ AC_MSG_RESULT([no]) 3995 ]) 3996fi 3997 3998if (test -z "$have_uintxx_t" && \ 3999 test "x$ac_cv_header_inttypes_h" = "xyes") 4000then 4001 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 4002 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 4003 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4004 [ 4005 AC_DEFINE([HAVE_UINTXX_T]) 4006 AC_MSG_RESULT([yes]) 4007 ], [ AC_MSG_RESULT([no]) 4008 ]) 4009fi 4010 4011if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 4012 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4013then 4014 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 4015 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4016#include <sys/bitypes.h> 4017 ]], [[ 4018 int8_t a; int16_t b; int32_t c; 4019 u_int8_t e; u_int16_t f; u_int32_t g; 4020 a = b = c = e = f = g = 1; 4021 ]])], 4022 [ 4023 AC_DEFINE([HAVE_U_INTXX_T]) 4024 AC_DEFINE([HAVE_INTXX_T]) 4025 AC_MSG_RESULT([yes]) 4026 ], [AC_MSG_RESULT([no]) 4027 ]) 4028fi 4029 4030 4031AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 4032 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4033 [[ u_char foo; foo = 125; ]])], 4034 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 4035 ]) 4036]) 4037if test "x$ac_cv_have_u_char" = "xyes" ; then 4038 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 4039fi 4040 4041AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 4042#include <sys/types.h> 4043#ifdef HAVE_STDINT_H 4044# include <stdint.h> 4045#endif 4046]) 4047 4048TYPE_SOCKLEN_T 4049 4050AC_CHECK_TYPES([sig_atomic_t, sighandler_t], , , [#include <signal.h>]) 4051AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 4052#include <sys/types.h> 4053#ifdef HAVE_SYS_BITYPES_H 4054#include <sys/bitypes.h> 4055#endif 4056#ifdef HAVE_SYS_STATFS_H 4057#include <sys/statfs.h> 4058#endif 4059#ifdef HAVE_SYS_STATVFS_H 4060#include <sys/statvfs.h> 4061#endif 4062]) 4063 4064AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 4065#include <sys/param.h> 4066#include <sys/types.h> 4067#ifdef HAVE_SYS_BITYPES_H 4068#include <sys/bitypes.h> 4069#endif 4070#ifdef HAVE_SYS_STATFS_H 4071#include <sys/statfs.h> 4072#endif 4073#ifdef HAVE_SYS_STATVFS_H 4074#include <sys/statvfs.h> 4075#endif 4076#ifdef HAVE_SYS_VFS_H 4077#include <sys/vfs.h> 4078#endif 4079#ifdef HAVE_SYS_MOUNT_H 4080#include <sys/mount.h> 4081#endif 4082]]) 4083 4084 4085AC_CHECK_TYPES([in_addr_t, in_port_t], , , 4086[#include <sys/types.h> 4087#include <netinet/in.h>]) 4088 4089AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 4090 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4091 [[ size_t foo; foo = 1235; ]])], 4092 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 4093 ]) 4094]) 4095if test "x$ac_cv_have_size_t" = "xyes" ; then 4096 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 4097fi 4098 4099AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 4100 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4101 [[ ssize_t foo; foo = 1235; ]])], 4102 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 4103 ]) 4104]) 4105if test "x$ac_cv_have_ssize_t" = "xyes" ; then 4106 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 4107fi 4108 4109AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 4110 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4111 [[ clock_t foo; foo = 1235; ]])], 4112 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4113 ]) 4114]) 4115if test "x$ac_cv_have_clock_t" = "xyes" ; then 4116 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4117fi 4118 4119AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4120 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4121#include <sys/types.h> 4122#include <sys/socket.h> 4123 ]], [[ sa_family_t foo; foo = 1235; ]])], 4124 [ ac_cv_have_sa_family_t="yes" ], 4125 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4126#include <sys/types.h> 4127#include <sys/socket.h> 4128#include <netinet/in.h> 4129 ]], [[ sa_family_t foo; foo = 1235; ]])], 4130 [ ac_cv_have_sa_family_t="yes" ], 4131 [ ac_cv_have_sa_family_t="no" ] 4132 ) 4133 ]) 4134]) 4135if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4136 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4137 [define if you have sa_family_t data type]) 4138fi 4139 4140AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4141 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4142 [[ pid_t foo; foo = 1235; ]])], 4143 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4144 ]) 4145]) 4146if test "x$ac_cv_have_pid_t" = "xyes" ; then 4147 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4148fi 4149 4150AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4151 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4152 [[ mode_t foo; foo = 1235; ]])], 4153 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4154 ]) 4155]) 4156if test "x$ac_cv_have_mode_t" = "xyes" ; then 4157 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4158fi 4159 4160 4161AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4162 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4163#include <sys/types.h> 4164#include <sys/socket.h> 4165 ]], [[ struct sockaddr_storage s; ]])], 4166 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4167 [ ac_cv_have_struct_sockaddr_storage="no" 4168 ]) 4169]) 4170if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4171 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4172 [define if you have struct sockaddr_storage data type]) 4173fi 4174 4175AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4176 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4177#include <sys/types.h> 4178#include <netinet/in.h> 4179 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4180 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4181 [ ac_cv_have_struct_sockaddr_in6="no" 4182 ]) 4183]) 4184if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4185 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4186 [define if you have struct sockaddr_in6 data type]) 4187fi 4188 4189AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4190 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4191#include <sys/types.h> 4192#include <netinet/in.h> 4193 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4194 [ ac_cv_have_struct_in6_addr="yes" ], 4195 [ ac_cv_have_struct_in6_addr="no" 4196 ]) 4197]) 4198if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4199 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4200 [define if you have struct in6_addr data type]) 4201 4202dnl Now check for sin6_scope_id 4203 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4204 [ 4205#ifdef HAVE_SYS_TYPES_H 4206#include <sys/types.h> 4207#endif 4208#include <netinet/in.h> 4209 ]) 4210fi 4211 4212AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4213 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4214#include <sys/types.h> 4215#include <sys/socket.h> 4216#include <netdb.h> 4217 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4218 [ ac_cv_have_struct_addrinfo="yes" ], 4219 [ ac_cv_have_struct_addrinfo="no" 4220 ]) 4221]) 4222if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4223 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4224 [define if you have struct addrinfo data type]) 4225fi 4226 4227AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4228 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4229 [[ struct timeval tv; tv.tv_sec = 1;]])], 4230 [ ac_cv_have_struct_timeval="yes" ], 4231 [ ac_cv_have_struct_timeval="no" 4232 ]) 4233]) 4234if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4235 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4236 have_struct_timeval=1 4237fi 4238 4239AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4240 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4241 #ifdef HAVE_SYS_TIME_H 4242 # include <sys/time.h> 4243 #endif 4244 #ifdef HAVE_TIME_H 4245 # include <time.h> 4246 #endif 4247 ]], 4248 [[ struct timespec ts; ts.tv_sec = 1;]])], 4249 [ ac_cv_have_struct_timespec="yes" ], 4250 [ ac_cv_have_struct_timespec="no" 4251 ]) 4252]) 4253if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4254 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4255 have_struct_timespec=1 4256fi 4257 4258# We need int64_t or else certain parts of the compile will fail. 4259if test "x$ac_cv_have_int64_t" = "xno" && \ 4260 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4261 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4262 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4263 echo "an alternative compiler (I.E., GCC) before continuing." 4264 echo "" 4265 exit 1; 4266else 4267dnl test snprintf (broken on SCO w/gcc) 4268 AC_RUN_IFELSE( 4269 [AC_LANG_SOURCE([[ 4270#include <stdio.h> 4271#include <stdlib.h> 4272#include <string.h> 4273#ifdef HAVE_SNPRINTF 4274main() 4275{ 4276 char buf[50]; 4277 char expected_out[50]; 4278 int mazsize = 50 ; 4279#if (SIZEOF_LONG_INT == 8) 4280 long int num = 0x7fffffffffffffff; 4281#else 4282 long long num = 0x7fffffffffffffffll; 4283#endif 4284 strcpy(expected_out, "9223372036854775807"); 4285 snprintf(buf, mazsize, "%lld", num); 4286 if(strcmp(buf, expected_out) != 0) 4287 exit(1); 4288 exit(0); 4289} 4290#else 4291main() { exit(0); } 4292#endif 4293 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4294 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4295 ) 4296fi 4297 4298dnl Checks for structure members 4299OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4300OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4301OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4302OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4303OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4304OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4305OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4306OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4307OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4308OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4309OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4310OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4311OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4312OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4313OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4314OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4315OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4316OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX]) 4317 4318AC_CHECK_MEMBERS([struct stat.st_blksize]) 4319AC_CHECK_MEMBERS([struct stat.st_mtim]) 4320AC_CHECK_MEMBERS([struct stat.st_mtime]) 4321AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4322struct passwd.pw_change, struct passwd.pw_expire], 4323[], [], [[ 4324#include <sys/types.h> 4325#include <pwd.h> 4326]]) 4327 4328AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4329 [Define if we don't have struct __res_state in resolv.h])], 4330[[ 4331#include <stdio.h> 4332#if HAVE_SYS_TYPES_H 4333# include <sys/types.h> 4334#endif 4335#include <netinet/in.h> 4336#include <arpa/nameser.h> 4337#include <resolv.h> 4338]]) 4339 4340AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4341 ac_cv_have_ss_family_in_struct_ss, [ 4342 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4343#include <sys/types.h> 4344#include <sys/socket.h> 4345 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4346 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4347 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4348]) 4349if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4350 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4351fi 4352 4353AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4354 ac_cv_have___ss_family_in_struct_ss, [ 4355 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4356#include <sys/types.h> 4357#include <sys/socket.h> 4358 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4359 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4360 [ ac_cv_have___ss_family_in_struct_ss="no" 4361 ]) 4362]) 4363if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4364 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4365 [Fields in struct sockaddr_storage]) 4366fi 4367 4368dnl make sure we're using the real structure members and not defines 4369AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4370 ac_cv_have_accrights_in_msghdr, [ 4371 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4372#include <sys/types.h> 4373#include <sys/socket.h> 4374#include <sys/uio.h> 4375#include <stdlib.h> 4376 ]], [[ 4377#ifdef msg_accrights 4378#error "msg_accrights is a macro" 4379exit(1); 4380#endif 4381struct msghdr m; 4382m.msg_accrights = 0; 4383exit(0); 4384 ]])], 4385 [ ac_cv_have_accrights_in_msghdr="yes" ], 4386 [ ac_cv_have_accrights_in_msghdr="no" ] 4387 ) 4388]) 4389if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4390 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4391 [Define if your system uses access rights style 4392 file descriptor passing]) 4393fi 4394 4395AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4396AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4397#include <sys/param.h> 4398#include <sys/stat.h> 4399#ifdef HAVE_SYS_TIME_H 4400# include <sys/time.h> 4401#endif 4402#ifdef HAVE_SYS_MOUNT_H 4403#include <sys/mount.h> 4404#endif 4405#ifdef HAVE_SYS_STATVFS_H 4406#include <sys/statvfs.h> 4407#endif 4408 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4409 [ AC_MSG_RESULT([yes]) ], 4410 [ AC_MSG_RESULT([no]) 4411 4412 AC_MSG_CHECKING([if fsid_t has member val]) 4413 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4414#include <sys/types.h> 4415#include <sys/statvfs.h> 4416 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4417 [ AC_MSG_RESULT([yes]) 4418 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4419 [ AC_MSG_RESULT([no]) ]) 4420 4421 AC_MSG_CHECKING([if f_fsid has member __val]) 4422 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4423#include <sys/types.h> 4424#include <sys/statvfs.h> 4425 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4426 [ AC_MSG_RESULT([yes]) 4427 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4428 [ AC_MSG_RESULT([no]) ]) 4429]) 4430 4431AC_CACHE_CHECK([for msg_control field in struct msghdr], 4432 ac_cv_have_control_in_msghdr, [ 4433 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4434#include <sys/types.h> 4435#include <sys/socket.h> 4436#include <sys/uio.h> 4437#include <stdlib.h> 4438 ]], [[ 4439#ifdef msg_control 4440#error "msg_control is a macro" 4441exit(1); 4442#endif 4443struct msghdr m; 4444m.msg_control = 0; 4445exit(0); 4446 ]])], 4447 [ ac_cv_have_control_in_msghdr="yes" ], 4448 [ ac_cv_have_control_in_msghdr="no" ] 4449 ) 4450]) 4451if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4452 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4453 [Define if your system uses ancillary data style 4454 file descriptor passing]) 4455fi 4456 4457AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4458 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4459 [[ extern char *__progname; printf("%s", __progname); ]])], 4460 [ ac_cv_libc_defines___progname="yes" ], 4461 [ ac_cv_libc_defines___progname="no" 4462 ]) 4463]) 4464if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4465 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4466fi 4467 4468AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4469 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4470 [[ printf("%s", __FUNCTION__); ]])], 4471 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4472 [ ac_cv_cc_implements___FUNCTION__="no" 4473 ]) 4474]) 4475if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4476 AC_DEFINE([HAVE___FUNCTION__], [1], 4477 [Define if compiler implements __FUNCTION__]) 4478fi 4479 4480AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4481 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4482 [[ printf("%s", __func__); ]])], 4483 [ ac_cv_cc_implements___func__="yes" ], 4484 [ ac_cv_cc_implements___func__="no" 4485 ]) 4486]) 4487if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4488 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4489fi 4490 4491AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4492 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4493#include <stdarg.h> 4494va_list x,y; 4495 ]], [[ va_copy(x,y); ]])], 4496 [ ac_cv_have_va_copy="yes" ], 4497 [ ac_cv_have_va_copy="no" 4498 ]) 4499]) 4500if test "x$ac_cv_have_va_copy" = "xyes" ; then 4501 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4502fi 4503 4504AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4505 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4506#include <stdarg.h> 4507va_list x,y; 4508 ]], [[ __va_copy(x,y); ]])], 4509 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4510 ]) 4511]) 4512if test "x$ac_cv_have___va_copy" = "xyes" ; then 4513 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4514fi 4515 4516AC_CACHE_CHECK([whether getopt has optreset support], 4517 ac_cv_have_getopt_optreset, [ 4518 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4519 [[ extern int optreset; optreset = 0; ]])], 4520 [ ac_cv_have_getopt_optreset="yes" ], 4521 [ ac_cv_have_getopt_optreset="no" 4522 ]) 4523]) 4524if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4525 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4526 [Define if your getopt(3) defines and uses optreset]) 4527fi 4528 4529AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4530 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4531[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4532 [ ac_cv_libc_defines_sys_errlist="yes" ], 4533 [ ac_cv_libc_defines_sys_errlist="no" 4534 ]) 4535]) 4536if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4537 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4538 [Define if your system defines sys_errlist[]]) 4539fi 4540 4541 4542AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4543 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4544[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4545 [ ac_cv_libc_defines_sys_nerr="yes" ], 4546 [ ac_cv_libc_defines_sys_nerr="no" 4547 ]) 4548]) 4549if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4550 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4551fi 4552 4553# Check libraries needed by DNS fingerprint support 4554AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4555 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4556 [Define if getrrsetbyname() exists])], 4557 [ 4558 # Needed by our getrrsetbyname() 4559 AC_SEARCH_LIBS([res_query], [resolv]) 4560 AC_SEARCH_LIBS([dn_expand], [resolv]) 4561 AC_MSG_CHECKING([if res_query will link]) 4562 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4563#include <sys/types.h> 4564#include <netinet/in.h> 4565#include <arpa/nameser.h> 4566#include <netdb.h> 4567#include <resolv.h> 4568 ]], [[ 4569 res_query (0, 0, 0, 0, 0); 4570 ]])], 4571 AC_MSG_RESULT([yes]), 4572 [AC_MSG_RESULT([no]) 4573 saved_LIBS="$LIBS" 4574 LIBS="$LIBS -lresolv" 4575 AC_MSG_CHECKING([for res_query in -lresolv]) 4576 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4577#include <sys/types.h> 4578#include <netinet/in.h> 4579#include <arpa/nameser.h> 4580#include <netdb.h> 4581#include <resolv.h> 4582 ]], [[ 4583 res_query (0, 0, 0, 0, 0); 4584 ]])], 4585 [AC_MSG_RESULT([yes])], 4586 [LIBS="$saved_LIBS" 4587 AC_MSG_RESULT([no])]) 4588 ]) 4589 AC_CHECK_FUNCS([_getshort _getlong]) 4590 AC_CHECK_DECLS([_getshort, _getlong], , , 4591 [#include <sys/types.h> 4592 #include <arpa/nameser.h>]) 4593 AC_CHECK_MEMBER([HEADER.ad], 4594 [AC_DEFINE([HAVE_HEADER_AD], [1], 4595 [Define if HEADER.ad exists in arpa/nameser.h])], , 4596 [#include <arpa/nameser.h>]) 4597 ]) 4598 4599AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4600AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4601#include <stdio.h> 4602#if HAVE_SYS_TYPES_H 4603# include <sys/types.h> 4604#endif 4605#include <netinet/in.h> 4606#include <arpa/nameser.h> 4607#include <resolv.h> 4608extern struct __res_state _res; 4609 ]], [[ 4610struct __res_state *volatile p = &_res; /* force resolution of _res */ 4611return 0; 4612 ]],)], 4613 [AC_MSG_RESULT([yes]) 4614 AC_DEFINE([HAVE__RES_EXTERN], [1], 4615 [Define if you have struct __res_state _res as an extern]) 4616 ], 4617 [ AC_MSG_RESULT([no]) ] 4618) 4619 4620# Check whether user wants SELinux support 4621SELINUX_MSG="no" 4622LIBSELINUX="" 4623AC_ARG_WITH([selinux], 4624 [ --with-selinux Enable SELinux support], 4625 [ if test "x$withval" != "xno" ; then 4626 save_LIBS="$LIBS" 4627 AC_DEFINE([WITH_SELINUX], [1], 4628 [Define if you want SELinux support.]) 4629 SELINUX_MSG="yes" 4630 AC_CHECK_HEADER([selinux/selinux.h], , 4631 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4632 AC_CHECK_LIB([selinux], [setexeccon], 4633 [ LIBSELINUX="-lselinux" 4634 LIBS="$LIBS -lselinux" 4635 ], 4636 AC_MSG_ERROR([SELinux support requires libselinux library])) 4637 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4638 LIBS="$save_LIBS $LIBSELINUX" 4639 fi ] 4640) 4641AC_SUBST([SSHDLIBS]) 4642 4643# Check whether user wants Kerberos 5 support 4644KRB5_MSG="no" 4645AC_ARG_WITH([kerberos5], 4646 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4647 [ if test "x$withval" != "xno" ; then 4648 if test "x$withval" = "xyes" ; then 4649 KRB5ROOT="/usr/local" 4650 else 4651 KRB5ROOT=${withval} 4652 fi 4653 4654 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4655 KRB5_MSG="yes" 4656 4657 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 4658 use_pkgconfig_for_krb5= 4659 if test "x$PKGCONFIG" != "xno"; then 4660 AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5]) 4661 if "$PKGCONFIG" krb5; then 4662 AC_MSG_RESULT([yes]) 4663 use_pkgconfig_for_krb5=yes 4664 else 4665 AC_MSG_RESULT([no]) 4666 fi 4667 fi 4668 if test "x$use_pkgconfig_for_krb5" = "xyes"; then 4669 K5CFLAGS=`$PKGCONFIG --cflags krb5` 4670 K5LIBS=`$PKGCONFIG --libs krb5` 4671 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4672 4673 AC_MSG_CHECKING([for gssapi support]) 4674 if "$PKGCONFIG" krb5-gssapi; then 4675 AC_MSG_RESULT([yes]) 4676 AC_DEFINE([GSSAPI], [1], 4677 [Define this if you want GSSAPI 4678 support in the version 2 protocol]) 4679 GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`" 4680 GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`" 4681 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4682 else 4683 AC_MSG_RESULT([no]) 4684 fi 4685 AC_MSG_CHECKING([whether we are using Heimdal]) 4686 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4687 ]], [[ char *tmp = heimdal_version; ]])], 4688 [ AC_MSG_RESULT([yes]) 4689 AC_DEFINE([HEIMDAL], [1], 4690 [Define this if you are using the Heimdal 4691 version of Kerberos V5]) ], 4692 [AC_MSG_RESULT([no]) 4693 ]) 4694 else 4695 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4696 [$KRB5ROOT/bin/krb5-config], 4697 [$KRB5ROOT/bin:$PATH]) 4698 if test -x $KRB5CONF ; then 4699 K5CFLAGS="`$KRB5CONF --cflags`" 4700 K5LIBS="`$KRB5CONF --libs`" 4701 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4702 4703 AC_MSG_CHECKING([for gssapi support]) 4704 if $KRB5CONF | grep gssapi >/dev/null ; then 4705 AC_MSG_RESULT([yes]) 4706 AC_DEFINE([GSSAPI], [1], 4707 [Define this if you want GSSAPI 4708 support in the version 2 protocol]) 4709 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4710 GSSLIBS="`$KRB5CONF --libs gssapi`" 4711 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4712 else 4713 AC_MSG_RESULT([no]) 4714 fi 4715 AC_MSG_CHECKING([whether we are using Heimdal]) 4716 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4717 ]], [[ char *tmp = heimdal_version; ]])], 4718 [ AC_MSG_RESULT([yes]) 4719 AC_DEFINE([HEIMDAL], [1], 4720 [Define this if you are using the Heimdal 4721 version of Kerberos V5]) ], 4722 [AC_MSG_RESULT([no]) 4723 ]) 4724 else 4725 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4726 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4727 AC_MSG_CHECKING([whether we are using Heimdal]) 4728 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4729 ]], [[ char *tmp = heimdal_version; ]])], 4730 [ AC_MSG_RESULT([yes]) 4731 AC_DEFINE([HEIMDAL]) 4732 K5LIBS="-lkrb5" 4733 K5LIBS="$K5LIBS -lcom_err -lasn1" 4734 AC_CHECK_LIB([roken], [net_write], 4735 [K5LIBS="$K5LIBS -lroken"]) 4736 AC_CHECK_LIB([des], [des_cbc_encrypt], 4737 [K5LIBS="$K5LIBS -ldes"]) 4738 ], [ AC_MSG_RESULT([no]) 4739 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4740 ]) 4741 AC_SEARCH_LIBS([dn_expand], [resolv]) 4742 4743 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4744 [ AC_DEFINE([GSSAPI]) 4745 GSSLIBS="-lgssapi_krb5" ], 4746 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4747 [ AC_DEFINE([GSSAPI]) 4748 GSSLIBS="-lgssapi" ], 4749 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4750 [ AC_DEFINE([GSSAPI]) 4751 GSSLIBS="-lgss" ], 4752 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4753 ]) 4754 ]) 4755 4756 AC_CHECK_HEADER([gssapi.h], , 4757 [ unset ac_cv_header_gssapi_h 4758 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4759 AC_CHECK_HEADERS([gssapi.h], , 4760 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4761 ) 4762 ] 4763 ) 4764 4765 oldCPP="$CPPFLAGS" 4766 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4767 AC_CHECK_HEADER([gssapi_krb5.h], , 4768 [ CPPFLAGS="$oldCPP" ]) 4769 4770 fi 4771 fi 4772 if test -n "${rpath_opt}" ; then 4773 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4774 fi 4775 if test ! -z "$blibpath" ; then 4776 blibpath="$blibpath:${KRB5ROOT}/lib" 4777 fi 4778 4779 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4780 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4781 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4782 4783 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4784 [Define this if you want to use libkafs' AFS support])]) 4785 4786 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4787#ifdef HAVE_GSSAPI_H 4788# include <gssapi.h> 4789#elif defined(HAVE_GSSAPI_GSSAPI_H) 4790# include <gssapi/gssapi.h> 4791#endif 4792 4793#ifdef HAVE_GSSAPI_GENERIC_H 4794# include <gssapi_generic.h> 4795#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4796# include <gssapi/gssapi_generic.h> 4797#endif 4798 ]]) 4799 saved_LIBS="$LIBS" 4800 LIBS="$LIBS $K5LIBS" 4801 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4802 LIBS="$saved_LIBS" 4803 4804 fi 4805 ] 4806) 4807AC_SUBST([GSSLIBS]) 4808AC_SUBST([K5LIBS]) 4809 4810# Looking for programs, paths and files 4811 4812PRIVSEP_PATH=/var/empty 4813AC_ARG_WITH([privsep-path], 4814 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4815 [ 4816 if test -n "$withval" && test "x$withval" != "xno" && \ 4817 test "x${withval}" != "xyes"; then 4818 PRIVSEP_PATH=$withval 4819 fi 4820 ] 4821) 4822AC_SUBST([PRIVSEP_PATH]) 4823 4824AC_ARG_WITH([xauth], 4825 [ --with-xauth=PATH Specify path to xauth program ], 4826 [ 4827 if test -n "$withval" && test "x$withval" != "xno" && \ 4828 test "x${withval}" != "xyes"; then 4829 xauth_path=$withval 4830 fi 4831 ], 4832 [ 4833 TestPath="$PATH" 4834 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4835 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4836 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4837 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4838 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4839 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4840 xauth_path="/usr/openwin/bin/xauth" 4841 fi 4842 ] 4843) 4844 4845STRIP_OPT=-s 4846AC_ARG_ENABLE([strip], 4847 [ --disable-strip Disable calling strip(1) on install], 4848 [ 4849 if test "x$enableval" = "xno" ; then 4850 STRIP_OPT= 4851 fi 4852 ] 4853) 4854AC_SUBST([STRIP_OPT]) 4855 4856if test -z "$xauth_path" ; then 4857 XAUTH_PATH="undefined" 4858 AC_SUBST([XAUTH_PATH]) 4859else 4860 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4861 [Define if xauth is found in your path]) 4862 XAUTH_PATH=$xauth_path 4863 AC_SUBST([XAUTH_PATH]) 4864fi 4865 4866dnl # --with-maildir=/path/to/mail gets top priority. 4867dnl # if maildir is set in the platform case statement above we use that. 4868dnl # Otherwise we run a program to get the dir from system headers. 4869dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4870dnl # If we find _PATH_MAILDIR we do nothing because that is what 4871dnl # session.c expects anyway. Otherwise we set to the value found 4872dnl # stripping any trailing slash. If for some strage reason our program 4873dnl # does not find what it needs, we default to /var/spool/mail. 4874# Check for mail directory 4875AC_ARG_WITH([maildir], 4876 [ --with-maildir=/path/to/mail Specify your system mail directory], 4877 [ 4878 if test "X$withval" != X && test "x$withval" != xno && \ 4879 test "x${withval}" != xyes; then 4880 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4881 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4882 fi 4883 ],[ 4884 if test "X$maildir" != "X"; then 4885 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4886 else 4887 AC_MSG_CHECKING([Discovering system mail directory]) 4888 AC_RUN_IFELSE( 4889 [AC_LANG_PROGRAM([[ 4890#include <stdio.h> 4891#include <stdlib.h> 4892#include <string.h> 4893#ifdef HAVE_PATHS_H 4894#include <paths.h> 4895#endif 4896#ifdef HAVE_MAILLOCK_H 4897#include <maillock.h> 4898#endif 4899#define DATA "conftest.maildir" 4900 ]], [[ 4901 FILE *fd; 4902 int rc; 4903 4904 fd = fopen(DATA,"w"); 4905 if(fd == NULL) 4906 exit(1); 4907 4908#if defined (_PATH_MAILDIR) 4909 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4910 exit(1); 4911#elif defined (MAILDIR) 4912 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4913 exit(1); 4914#elif defined (_PATH_MAIL) 4915 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4916 exit(1); 4917#else 4918 exit (2); 4919#endif 4920 4921 exit(0); 4922 ]])], 4923 [ 4924 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4925 maildir=`awk -F: '{print $2}' conftest.maildir \ 4926 | sed 's|/$||'` 4927 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4928 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4929 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4930 fi 4931 ], 4932 [ 4933 if test "X$ac_status" = "X2";then 4934# our test program didn't find it. Default to /var/spool/mail 4935 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4936 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4937 else 4938 AC_MSG_RESULT([*** not found ***]) 4939 fi 4940 ], 4941 [ 4942 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4943 ] 4944 ) 4945 fi 4946 ] 4947) # maildir 4948 4949if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4950 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4951 disable_ptmx_check=yes 4952fi 4953if test -z "$no_dev_ptmx" ; then 4954 if test "x$disable_ptmx_check" != "xyes" ; then 4955 AC_CHECK_FILE(["/dev/ptmx"], 4956 [ 4957 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4958 [Define if you have /dev/ptmx]) 4959 have_dev_ptmx=1 4960 ] 4961 ) 4962 fi 4963fi 4964 4965if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4966 AC_CHECK_FILE(["/dev/ptc"], 4967 [ 4968 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4969 [Define if you have /dev/ptc]) 4970 have_dev_ptc=1 4971 ] 4972 ) 4973else 4974 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4975fi 4976 4977# Options from here on. Some of these are preset by platform above 4978AC_ARG_WITH([mantype], 4979 [ --with-mantype=man|cat|doc Set man page type], 4980 [ 4981 case "$withval" in 4982 man|cat|doc) 4983 MANTYPE=$withval 4984 ;; 4985 *) 4986 AC_MSG_ERROR([invalid man type: $withval]) 4987 ;; 4988 esac 4989 ] 4990) 4991if test -z "$MANTYPE"; then 4992 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 4993 MANTYPE=doc 4994 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4995 MANTYPE=doc 4996 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4997 MANTYPE=man 4998 else 4999 MANTYPE=cat 5000 fi 5001fi 5002AC_SUBST([MANTYPE]) 5003if test "$MANTYPE" = "doc"; then 5004 mansubdir=man; 5005else 5006 mansubdir=$MANTYPE; 5007fi 5008AC_SUBST([mansubdir]) 5009 5010# Check whether to enable MD5 passwords 5011MD5_MSG="no" 5012AC_ARG_WITH([md5-passwords], 5013 [ --with-md5-passwords Enable use of MD5 passwords], 5014 [ 5015 if test "x$withval" != "xno" ; then 5016 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 5017 [Define if you want to allow MD5 passwords]) 5018 MD5_MSG="yes" 5019 fi 5020 ] 5021) 5022 5023# Whether to disable shadow password support 5024AC_ARG_WITH([shadow], 5025 [ --without-shadow Disable shadow password support], 5026 [ 5027 if test "x$withval" = "xno" ; then 5028 AC_DEFINE([DISABLE_SHADOW]) 5029 disable_shadow=yes 5030 fi 5031 ] 5032) 5033 5034if test -z "$disable_shadow" ; then 5035 AC_MSG_CHECKING([if the systems has expire shadow information]) 5036 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5037#include <sys/types.h> 5038#include <shadow.h> 5039struct spwd sp; 5040 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 5041 [ sp_expire_available=yes ], [ 5042 ]) 5043 5044 if test "x$sp_expire_available" = "xyes" ; then 5045 AC_MSG_RESULT([yes]) 5046 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 5047 [Define if you want to use shadow password expire field]) 5048 else 5049 AC_MSG_RESULT([no]) 5050 fi 5051fi 5052 5053# Use ip address instead of hostname in $DISPLAY 5054if test ! -z "$IPADDR_IN_DISPLAY" ; then 5055 DISPLAY_HACK_MSG="yes" 5056 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 5057 [Define if you need to use IP address 5058 instead of hostname in $DISPLAY]) 5059else 5060 DISPLAY_HACK_MSG="no" 5061 AC_ARG_WITH([ipaddr-display], 5062 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 5063 [ 5064 if test "x$withval" != "xno" ; then 5065 AC_DEFINE([IPADDR_IN_DISPLAY]) 5066 DISPLAY_HACK_MSG="yes" 5067 fi 5068 ] 5069 ) 5070fi 5071 5072# check for /etc/default/login and use it if present. 5073AC_ARG_ENABLE([etc-default-login], 5074 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 5075 [ if test "x$enableval" = "xno"; then 5076 AC_MSG_NOTICE([/etc/default/login handling disabled]) 5077 etc_default_login=no 5078 else 5079 etc_default_login=yes 5080 fi ], 5081 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 5082 then 5083 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 5084 etc_default_login=no 5085 else 5086 etc_default_login=yes 5087 fi ] 5088) 5089 5090if test "x$etc_default_login" != "xno"; then 5091 AC_CHECK_FILE(["/etc/default/login"], 5092 [ external_path_file=/etc/default/login ]) 5093 if test "x$external_path_file" = "x/etc/default/login"; then 5094 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 5095 [Define if your system has /etc/default/login]) 5096 fi 5097fi 5098 5099dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 5100if test $ac_cv_func_login_getcapbool = "yes" && \ 5101 test $ac_cv_header_login_cap_h = "yes" ; then 5102 external_path_file=/etc/login.conf 5103fi 5104 5105# Whether to mess with the default path 5106SERVER_PATH_MSG="(default)" 5107AC_ARG_WITH([default-path], 5108 [ --with-default-path= Specify default $PATH environment for server], 5109 [ 5110 if test "x$external_path_file" = "x/etc/login.conf" ; then 5111 AC_MSG_WARN([ 5112--with-default-path=PATH has no effect on this system. 5113Edit /etc/login.conf instead.]) 5114 elif test "x$withval" != "xno" ; then 5115 if test ! -z "$external_path_file" ; then 5116 AC_MSG_WARN([ 5117--with-default-path=PATH will only be used if PATH is not defined in 5118$external_path_file .]) 5119 fi 5120 user_path="$withval" 5121 SERVER_PATH_MSG="$withval" 5122 fi 5123 ], 5124 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 5125 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 5126 else 5127 if test ! -z "$external_path_file" ; then 5128 AC_MSG_WARN([ 5129If PATH is defined in $external_path_file, ensure the path to scp is included, 5130otherwise scp will not work.]) 5131 fi 5132 AC_RUN_IFELSE( 5133 [AC_LANG_PROGRAM([[ 5134/* find out what STDPATH is */ 5135#include <stdio.h> 5136#include <stdlib.h> 5137#ifdef HAVE_PATHS_H 5138# include <paths.h> 5139#endif 5140#ifndef _PATH_STDPATH 5141# ifdef _PATH_USERPATH /* Irix */ 5142# define _PATH_STDPATH _PATH_USERPATH 5143# else 5144# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 5145# endif 5146#endif 5147#include <sys/types.h> 5148#include <sys/stat.h> 5149#include <fcntl.h> 5150#define DATA "conftest.stdpath" 5151 ]], [[ 5152 FILE *fd; 5153 int rc; 5154 5155 fd = fopen(DATA,"w"); 5156 if(fd == NULL) 5157 exit(1); 5158 5159 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5160 exit(1); 5161 5162 exit(0); 5163 ]])], 5164 [ user_path=`cat conftest.stdpath` ], 5165 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5166 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5167 ) 5168# make sure $bindir is in USER_PATH so scp will work 5169 t_bindir="${bindir}" 5170 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5171 t_bindir=`eval echo ${t_bindir}` 5172 case $t_bindir in 5173 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5174 esac 5175 case $t_bindir in 5176 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5177 esac 5178 done 5179 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5180 if test $? -ne 0 ; then 5181 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5182 if test $? -ne 0 ; then 5183 user_path=$user_path:$t_bindir 5184 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5185 fi 5186 fi 5187 fi ] 5188) 5189if test "x$external_path_file" != "x/etc/login.conf" ; then 5190 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5191 AC_SUBST([user_path]) 5192fi 5193 5194# Set superuser path separately to user path 5195AC_ARG_WITH([superuser-path], 5196 [ --with-superuser-path= Specify different path for super-user], 5197 [ 5198 if test -n "$withval" && test "x$withval" != "xno" && \ 5199 test "x${withval}" != "xyes"; then 5200 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5201 [Define if you want a different $PATH 5202 for the superuser]) 5203 superuser_path=$withval 5204 fi 5205 ] 5206) 5207 5208 5209AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5210IPV4_IN6_HACK_MSG="no" 5211AC_ARG_WITH(4in6, 5212 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5213 [ 5214 if test "x$withval" != "xno" ; then 5215 AC_MSG_RESULT([yes]) 5216 AC_DEFINE([IPV4_IN_IPV6], [1], 5217 [Detect IPv4 in IPv6 mapped addresses 5218 and treat as IPv4]) 5219 IPV4_IN6_HACK_MSG="yes" 5220 else 5221 AC_MSG_RESULT([no]) 5222 fi 5223 ], [ 5224 if test "x$inet6_default_4in6" = "xyes"; then 5225 AC_MSG_RESULT([yes (default)]) 5226 AC_DEFINE([IPV4_IN_IPV6]) 5227 IPV4_IN6_HACK_MSG="yes" 5228 else 5229 AC_MSG_RESULT([no (default)]) 5230 fi 5231 ] 5232) 5233 5234# Whether to enable BSD auth support 5235BSD_AUTH_MSG=no 5236AC_ARG_WITH([bsd-auth], 5237 [ --with-bsd-auth Enable BSD auth support], 5238 [ 5239 if test "x$withval" != "xno" ; then 5240 AC_DEFINE([BSD_AUTH], [1], 5241 [Define if you have BSD auth support]) 5242 BSD_AUTH_MSG=yes 5243 fi 5244 ] 5245) 5246 5247# Where to place sshd.pid 5248piddir=/var/run 5249# make sure the directory exists 5250if test ! -d $piddir ; then 5251 piddir=`eval echo ${sysconfdir}` 5252 case $piddir in 5253 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5254 esac 5255fi 5256 5257AC_ARG_WITH([pid-dir], 5258 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5259 [ 5260 if test -n "$withval" && test "x$withval" != "xno" && \ 5261 test "x${withval}" != "xyes"; then 5262 piddir=$withval 5263 if test ! -d $piddir ; then 5264 AC_MSG_WARN([** no $piddir directory on this system **]) 5265 fi 5266 fi 5267 ] 5268) 5269 5270AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5271 [Specify location of ssh.pid]) 5272AC_SUBST([piddir]) 5273 5274dnl allow user to disable some login recording features 5275AC_ARG_ENABLE([lastlog], 5276 [ --disable-lastlog disable use of lastlog even if detected [no]], 5277 [ 5278 if test "x$enableval" = "xno" ; then 5279 AC_DEFINE([DISABLE_LASTLOG]) 5280 fi 5281 ] 5282) 5283AC_ARG_ENABLE([utmp], 5284 [ --disable-utmp disable use of utmp even if detected [no]], 5285 [ 5286 if test "x$enableval" = "xno" ; then 5287 AC_DEFINE([DISABLE_UTMP]) 5288 fi 5289 ] 5290) 5291AC_ARG_ENABLE([utmpx], 5292 [ --disable-utmpx disable use of utmpx even if detected [no]], 5293 [ 5294 if test "x$enableval" = "xno" ; then 5295 AC_DEFINE([DISABLE_UTMPX], [1], 5296 [Define if you don't want to use utmpx]) 5297 fi 5298 ] 5299) 5300AC_ARG_ENABLE([wtmp], 5301 [ --disable-wtmp disable use of wtmp even if detected [no]], 5302 [ 5303 if test "x$enableval" = "xno" ; then 5304 AC_DEFINE([DISABLE_WTMP]) 5305 fi 5306 ] 5307) 5308AC_ARG_ENABLE([wtmpx], 5309 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5310 [ 5311 if test "x$enableval" = "xno" ; then 5312 AC_DEFINE([DISABLE_WTMPX], [1], 5313 [Define if you don't want to use wtmpx]) 5314 fi 5315 ] 5316) 5317AC_ARG_ENABLE([libutil], 5318 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5319 [ 5320 if test "x$enableval" = "xno" ; then 5321 AC_DEFINE([DISABLE_LOGIN]) 5322 fi 5323 ] 5324) 5325AC_ARG_ENABLE([pututline], 5326 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5327 [ 5328 if test "x$enableval" = "xno" ; then 5329 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5330 [Define if you don't want to use pututline() 5331 etc. to write [uw]tmp]) 5332 fi 5333 ] 5334) 5335AC_ARG_ENABLE([pututxline], 5336 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5337 [ 5338 if test "x$enableval" = "xno" ; then 5339 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5340 [Define if you don't want to use pututxline() 5341 etc. to write [uw]tmpx]) 5342 fi 5343 ] 5344) 5345AC_ARG_WITH([lastlog], 5346 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5347 [ 5348 if test "x$withval" = "xno" ; then 5349 AC_DEFINE([DISABLE_LASTLOG]) 5350 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5351 conf_lastlog_location=$withval 5352 fi 5353 ] 5354) 5355 5356dnl lastlog, [uw]tmpx? detection 5357dnl NOTE: set the paths in the platform section to avoid the 5358dnl need for command-line parameters 5359dnl lastlog and [uw]tmp are subject to a file search if all else fails 5360 5361dnl lastlog detection 5362dnl NOTE: the code itself will detect if lastlog is a directory 5363AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5364AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5365#include <sys/types.h> 5366#include <utmp.h> 5367#ifdef HAVE_LASTLOG_H 5368# include <lastlog.h> 5369#endif 5370#ifdef HAVE_PATHS_H 5371# include <paths.h> 5372#endif 5373#ifdef HAVE_LOGIN_H 5374# include <login.h> 5375#endif 5376 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5377 [ AC_MSG_RESULT([yes]) ], 5378 [ 5379 AC_MSG_RESULT([no]) 5380 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5381 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5382#include <sys/types.h> 5383#include <utmp.h> 5384#ifdef HAVE_LASTLOG_H 5385# include <lastlog.h> 5386#endif 5387#ifdef HAVE_PATHS_H 5388# include <paths.h> 5389#endif 5390 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5391 [ AC_MSG_RESULT([yes]) ], 5392 [ 5393 AC_MSG_RESULT([no]) 5394 system_lastlog_path=no 5395 ]) 5396]) 5397 5398if test -z "$conf_lastlog_location"; then 5399 if test x"$system_lastlog_path" = x"no" ; then 5400 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5401 if (test -d "$f" || test -f "$f") ; then 5402 conf_lastlog_location=$f 5403 fi 5404 done 5405 if test -z "$conf_lastlog_location"; then 5406 AC_MSG_WARN([** Cannot find lastlog **]) 5407 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5408 fi 5409 fi 5410fi 5411 5412if test -n "$conf_lastlog_location"; then 5413 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5414 [Define if you want to specify the path to your lastlog file]) 5415fi 5416 5417dnl utmp detection 5418AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5419AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5420#include <sys/types.h> 5421#include <utmp.h> 5422#ifdef HAVE_PATHS_H 5423# include <paths.h> 5424#endif 5425 ]], [[ char *utmp = UTMP_FILE; ]])], 5426 [ AC_MSG_RESULT([yes]) ], 5427 [ AC_MSG_RESULT([no]) 5428 system_utmp_path=no 5429]) 5430if test -z "$conf_utmp_location"; then 5431 if test x"$system_utmp_path" = x"no" ; then 5432 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5433 if test -f $f ; then 5434 conf_utmp_location=$f 5435 fi 5436 done 5437 if test -z "$conf_utmp_location"; then 5438 AC_DEFINE([DISABLE_UTMP]) 5439 fi 5440 fi 5441fi 5442if test -n "$conf_utmp_location"; then 5443 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5444 [Define if you want to specify the path to your utmp file]) 5445fi 5446 5447dnl wtmp detection 5448AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5449AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5450#include <sys/types.h> 5451#include <utmp.h> 5452#ifdef HAVE_PATHS_H 5453# include <paths.h> 5454#endif 5455 ]], [[ char *wtmp = WTMP_FILE; ]])], 5456 [ AC_MSG_RESULT([yes]) ], 5457 [ AC_MSG_RESULT([no]) 5458 system_wtmp_path=no 5459]) 5460if test -z "$conf_wtmp_location"; then 5461 if test x"$system_wtmp_path" = x"no" ; then 5462 for f in /usr/adm/wtmp /var/log/wtmp; do 5463 if test -f $f ; then 5464 conf_wtmp_location=$f 5465 fi 5466 done 5467 if test -z "$conf_wtmp_location"; then 5468 AC_DEFINE([DISABLE_WTMP]) 5469 fi 5470 fi 5471fi 5472if test -n "$conf_wtmp_location"; then 5473 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5474 [Define if you want to specify the path to your wtmp file]) 5475fi 5476 5477dnl wtmpx detection 5478AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5479AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5480#include <sys/types.h> 5481#include <utmp.h> 5482#ifdef HAVE_UTMPX_H 5483#include <utmpx.h> 5484#endif 5485#ifdef HAVE_PATHS_H 5486# include <paths.h> 5487#endif 5488 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5489 [ AC_MSG_RESULT([yes]) ], 5490 [ AC_MSG_RESULT([no]) 5491 system_wtmpx_path=no 5492]) 5493if test -z "$conf_wtmpx_location"; then 5494 if test x"$system_wtmpx_path" = x"no" ; then 5495 AC_DEFINE([DISABLE_WTMPX]) 5496 fi 5497else 5498 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5499 [Define if you want to specify the path to your wtmpx file]) 5500fi 5501 5502 5503if test ! -z "$blibpath" ; then 5504 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5505 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5506fi 5507 5508AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5509 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5510 AC_DEFINE([DISABLE_LASTLOG]) 5511 fi 5512 ], [ 5513#ifdef HAVE_SYS_TYPES_H 5514#include <sys/types.h> 5515#endif 5516#ifdef HAVE_UTMP_H 5517#include <utmp.h> 5518#endif 5519#ifdef HAVE_UTMPX_H 5520#include <utmpx.h> 5521#endif 5522#ifdef HAVE_LASTLOG_H 5523#include <lastlog.h> 5524#endif 5525 ]) 5526 5527AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5528 AC_DEFINE([DISABLE_UTMP]) 5529 AC_DEFINE([DISABLE_WTMP]) 5530 ], [ 5531#ifdef HAVE_SYS_TYPES_H 5532#include <sys/types.h> 5533#endif 5534#ifdef HAVE_UTMP_H 5535#include <utmp.h> 5536#endif 5537#ifdef HAVE_UTMPX_H 5538#include <utmpx.h> 5539#endif 5540#ifdef HAVE_LASTLOG_H 5541#include <lastlog.h> 5542#endif 5543 ]) 5544 5545dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5546dnl Add now. 5547CFLAGS="$CFLAGS $werror_flags" 5548 5549if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5550 TEST_SSH_IPV6=no 5551else 5552 TEST_SSH_IPV6=yes 5553fi 5554AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5555AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5556AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5557AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5558AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5559AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5560 5561CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5562LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5563 5564# Make a copy of CFLAGS/LDFLAGS without PIE options. 5565LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5566CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5567AC_SUBST([LDFLAGS_NOPIE]) 5568AC_SUBST([CFLAGS_NOPIE]) 5569 5570AC_EXEEXT 5571AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5572 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5573 survey.sh]) 5574AC_OUTPUT 5575 5576# Print summary of options 5577 5578# Someone please show me a better way :) 5579A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5580B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5581C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5582D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5583E=`eval echo /usr/local/bin/ssh-askpass` ; E=`eval echo ${E}` 5584F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5585G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5586H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5587I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5588J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5589 5590echo "" 5591echo "OpenSSH has been configured with the following options:" 5592echo " User binaries: $B" 5593echo " System binaries: $C" 5594echo " Configuration files: $D" 5595echo " Askpass program: $E" 5596echo " Manual pages: $F" 5597echo " PID file: $G" 5598echo " Privilege separation chroot path: $H" 5599if test "x$external_path_file" = "x/etc/login.conf" ; then 5600echo " At runtime, sshd will use the path defined in $external_path_file" 5601echo " Make sure the path to scp is present, otherwise scp will not work" 5602else 5603echo " sshd default user PATH: $I" 5604 if test ! -z "$external_path_file"; then 5605echo " (If PATH is set in $external_path_file it will be used instead. If" 5606echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5607 fi 5608fi 5609if test ! -z "$superuser_path" ; then 5610echo " sshd superuser user PATH: $J" 5611fi 5612echo " Manpage format: $MANTYPE" 5613echo " PAM support: $PAM_MSG" 5614echo " OSF SIA support: $SIA_MSG" 5615echo " KerberosV support: $KRB5_MSG" 5616echo " SELinux support: $SELINUX_MSG" 5617echo " TCP Wrappers support: $TCPW_MSG" 5618echo " MD5 password support: $MD5_MSG" 5619echo " libedit support: $LIBEDIT_MSG" 5620echo " libldns support: $LDNS_MSG" 5621echo " Solaris process contract support: $SPC_MSG" 5622echo " Solaris project support: $SP_MSG" 5623echo " Solaris privilege support: $SPP_MSG" 5624echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5625echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5626echo " BSD Auth support: $BSD_AUTH_MSG" 5627echo " Random number source: $RAND_MSG" 5628echo " Privsep sandbox style: $SANDBOX_STYLE" 5629echo " PKCS#11 support: $enable_pkcs11" 5630echo " U2F/FIDO support: $enable_sk" 5631 5632echo "" 5633 5634echo " Host: ${host}" 5635echo " Compiler: ${CC}" 5636echo " Compiler flags: ${CFLAGS}" 5637echo "Preprocessor flags: ${CPPFLAGS}" 5638echo " Linker flags: ${LDFLAGS}" 5639echo " Libraries: ${LIBS}" 5640if test ! -z "${SSHDLIBS}"; then 5641echo " +for sshd: ${SSHDLIBS}" 5642fi 5643 5644echo "" 5645 5646if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5647 echo "SVR4 style packages are supported with \"make package\"" 5648 echo "" 5649fi 5650 5651if test "x$PAM_MSG" = "xyes" ; then 5652 echo "PAM is enabled. You may need to install a PAM control file " 5653 echo "for sshd, otherwise password authentication may fail. " 5654 echo "Example PAM control files can be found in the contrib/ " 5655 echo "subdirectory" 5656 echo "" 5657fi 5658 5659if test ! -z "$NO_PEERCHECK" ; then 5660 echo "WARNING: the operating system that you are using does not" 5661 echo "appear to support getpeereid(), getpeerucred() or the" 5662 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5663 echo "enforce security checks to prevent unauthorised connections to" 5664 echo "ssh-agent. Their absence increases the risk that a malicious" 5665 echo "user can connect to your agent." 5666 echo "" 5667fi 5668 5669if test "$AUDIT_MODULE" = "bsm" ; then 5670 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5671 echo "See the Solaris section in README.platform for details." 5672fi 5673