1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_CONFIG_MACRO_DIR([m4]) 18AC_CONFIG_SRCDIR([ssh.c]) 19 20# Check for stale configure as early as possible. 21for i in $srcdir/configure.ac $srcdir/m4/*.m4; do 22 if test "$i" -nt "$srcdir/configure"; then 23 AC_MSG_ERROR([$i newer than configure, run autoreconf]) 24 fi 25done 26 27AC_LANG([C]) 28 29AC_CONFIG_HEADERS([config.h]) 30AC_PROG_CC([cc gcc clang]) 31 32# XXX relax this after reimplementing logit() etc. 33AC_MSG_CHECKING([if $CC supports C99-style variadic macros]) 34AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 35int f(int a, int b, int c) { return a + b + c; } 36#define F(a, ...) f(a, __VA_ARGS__) 37]], [[return F(1, 2, -3);]])], 38 [ AC_MSG_RESULT([yes]) ], 39 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ] 40) 41 42AC_CANONICAL_HOST 43AC_C_BIGENDIAN 44 45# Checks for programs. 46AC_PROG_AWK 47AC_PROG_CPP 48AC_PROG_RANLIB 49AC_PROG_INSTALL 50AC_PROG_EGREP 51AC_PROG_MKDIR_P 52AC_CHECK_TOOLS([AR], [ar]) 53AC_PATH_PROG([CAT], [cat]) 54AC_PATH_PROG([KILL], [kill]) 55AC_PATH_PROG([SED], [sed]) 56AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 57AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 58AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 59AC_PATH_PROG([SH], [bash]) 60AC_PATH_PROG([SH], [ksh]) 61AC_PATH_PROG([SH], [sh]) 62AC_PATH_PROG([GROFF], [groff]) 63AC_PATH_PROG([NROFF], [nroff awf]) 64AC_PATH_PROG([MANDOC], [mandoc]) 65AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 66AC_SUBST([TEST_SHELL], [sh]) 67 68dnl select manpage formatter to be used to build "cat" format pages. 69if test "x$MANDOC" != "x" ; then 70 MANFMT="$MANDOC" 71elif test "x$NROFF" != "x" ; then 72 MANFMT="$NROFF -mandoc" 73elif test "x$GROFF" != "x" ; then 74 MANFMT="$GROFF -mandoc -Tascii" 75else 76 AC_MSG_WARN([no manpage formatter found]) 77 MANFMT="false" 78fi 79AC_SUBST([MANFMT]) 80 81dnl for buildpkg.sh 82AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 83 [/usr/sbin${PATH_SEPARATOR}/etc]) 84AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 85 [/usr/sbin${PATH_SEPARATOR}/etc]) 86AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 87if test -x /sbin/sh; then 88 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 89else 90 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 91fi 92 93# System features 94AC_SYS_LARGEFILE 95 96if test -z "$AR" ; then 97 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 98fi 99 100AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 101if test ! -z "$PATH_PASSWD_PROG" ; then 102 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 103 [Full path of your "passwd" program]) 104fi 105 106dnl Since autoconf doesn't support it very well, we no longer allow users to 107dnl override LD, however keeping the hook here for now in case there's a use 108dnl use case we overlooked and someone needs to re-enable it. Unless a good 109dnl reason is found we'll be removing this in future. 110LD="$CC" 111AC_SUBST([LD]) 112 113AC_C_INLINE 114 115AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 116AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 117AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 118 #include <sys/types.h> 119 #include <sys/param.h> 120 #include <dev/systrace.h> 121]) 122AC_CHECK_DECL([RLIMIT_NPROC], 123 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 124 #include <sys/types.h> 125 #include <sys/resource.h> 126]) 127AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 128 #include <sys/types.h> 129 #include <linux/prctl.h> 130]) 131 132openssl=yes 133openssl_bin=openssl 134AC_ARG_WITH([openssl], 135 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 136 [ if test "x$withval" = "xno" ; then 137 openssl=no 138 openssl_bin="" 139 fi 140 ] 141) 142AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 143if test "x$openssl" = "xyes" ; then 144 AC_MSG_RESULT([yes]) 145 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 146else 147 AC_MSG_RESULT([no]) 148fi 149 150use_stack_protector=1 151use_toolchain_hardening=1 152AC_ARG_WITH([stackprotect], 153 [ --without-stackprotect Don't use compiler's stack protection], [ 154 if test "x$withval" = "xno"; then 155 use_stack_protector=0 156 fi ]) 157AC_ARG_WITH([hardening], 158 [ --without-hardening Don't use toolchain hardening flags], [ 159 if test "x$withval" = "xno"; then 160 use_toolchain_hardening=0 161 fi ]) 162 163# We use -Werror for the tests only so that we catch warnings like "this is 164# on by default" for things like -fPIE. 165AC_MSG_CHECKING([if $CC supports -Werror]) 166saved_CFLAGS="$CFLAGS" 167CFLAGS="$CFLAGS -Werror" 168AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 169 [ AC_MSG_RESULT([yes]) 170 WERROR="-Werror"], 171 [ AC_MSG_RESULT([no]) 172 WERROR="" ] 173) 174CFLAGS="$saved_CFLAGS" 175 176if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 177 AC_MSG_CHECKING([gcc version]) 178 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 179 case "$GCC_VER" in 180 1.*) no_attrib_nonnull=1 ;; 181 2.8* | 2.9*) 182 no_attrib_nonnull=1 183 ;; 184 2.*) no_attrib_nonnull=1 ;; 185 *) ;; 186 esac 187 AC_MSG_RESULT([$GCC_VER]) 188 189 AC_MSG_CHECKING([clang version]) 190 CLANG_VER=`$CC -v 2>&1 | $AWK '/clang version /{print $3}'` 191 AC_MSG_RESULT([$CLANG_VER]) 192 193 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 194 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 195 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 196 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 197 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 198 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 199 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 200 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 201 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 202 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 203 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 204 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 205 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 206 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 207 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 208 OSSH_CHECK_CFLAG_COMPILE([-Wmisleading-indentation]) 209 OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical]) 210 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 211 if test "x$use_toolchain_hardening" = "x1"; then 212 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 213 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 214 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 215 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 216 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 217 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 218 # NB. -ftrapv expects certain support functions to be present in 219 # the compiler library (libgcc or similar) to detect integer operations 220 # that can overflow. We must check that the result of enabling it 221 # actually links. The test program compiled/linked includes a number 222 # of integer operations that should exercise this. 223 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 224 # clang 15 seems to have a bug in -fzero-call-used-regs=all. See 225 # https://bugzilla.mindrot.org/show_bug.cgi?id=3475 and 226 # https://github.com/llvm/llvm-project/issues/59242 227 case "$CLANG_VER" in 228 15.*) OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=used]) ;; 229 *) OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=all]) ;; 230 esac 231 OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero]) 232 fi 233 234 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 235 saved_CFLAGS="$CFLAGS" 236 CFLAGS="$CFLAGS -fno-builtin-memset" 237 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 238 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 239 [ AC_MSG_RESULT([yes]) ], 240 [ AC_MSG_RESULT([no]) 241 CFLAGS="$saved_CFLAGS" ] 242 ) 243 244 # -fstack-protector-all doesn't always work for some GCC versions 245 # and/or platforms, so we test if we can. If it's not supported 246 # on a given platform gcc will emit a warning so we use -Werror. 247 if test "x$use_stack_protector" = "x1"; then 248 for t in -fstack-protector-strong -fstack-protector-all \ 249 -fstack-protector; do 250 AC_MSG_CHECKING([if $CC supports $t]) 251 saved_CFLAGS="$CFLAGS" 252 saved_LDFLAGS="$LDFLAGS" 253 CFLAGS="$CFLAGS $t -Werror" 254 LDFLAGS="$LDFLAGS $t -Werror" 255 AC_LINK_IFELSE( 256 [AC_LANG_PROGRAM([[ 257 #include <stdio.h> 258 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 259 ]], 260 [[ 261 char x[256]; 262 snprintf(x, sizeof(x), "XXX%d", func(1)); 263 ]])], 264 [ AC_MSG_RESULT([yes]) 265 CFLAGS="$saved_CFLAGS $t" 266 LDFLAGS="$saved_LDFLAGS $t" 267 AC_MSG_CHECKING([if $t works]) 268 AC_RUN_IFELSE( 269 [AC_LANG_PROGRAM([[ 270 #include <stdio.h> 271 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 272 ]], 273 [[ 274 char x[256]; 275 snprintf(x, sizeof(x), "XXX%d", func(1)); 276 ]])], 277 [ AC_MSG_RESULT([yes]) 278 break ], 279 [ AC_MSG_RESULT([no]) ], 280 [ AC_MSG_WARN([cross compiling: cannot test]) 281 break ] 282 ) 283 ], 284 [ AC_MSG_RESULT([no]) ] 285 ) 286 CFLAGS="$saved_CFLAGS" 287 LDFLAGS="$saved_LDFLAGS" 288 done 289 fi 290 291 if test -z "$have_llong_max"; then 292 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 293 unset ac_cv_have_decl_LLONG_MAX 294 saved_CFLAGS="$CFLAGS" 295 CFLAGS="$CFLAGS -std=gnu99" 296 AC_CHECK_DECL([LLONG_MAX], 297 [have_llong_max=1], 298 [CFLAGS="$saved_CFLAGS"], 299 [#include <limits.h>] 300 ) 301 fi 302fi 303 304AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 305AC_COMPILE_IFELSE( 306 [AC_LANG_PROGRAM([[ 307#include <stdlib.h> 308__attribute__((__unused__)) static void foo(void){return;}]], 309 [[ exit(0); ]])], 310 [ AC_MSG_RESULT([yes]) ], 311 [ AC_MSG_RESULT([no]) 312 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 313 [compiler does not accept __attribute__ on return types]) ] 314) 315 316AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 317AC_COMPILE_IFELSE( 318 [AC_LANG_PROGRAM([[ 319#include <stdlib.h> 320typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 321 [[ exit(0); ]])], 322 [ AC_MSG_RESULT([yes]) ], 323 [ AC_MSG_RESULT([no]) 324 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 325 [compiler does not accept __attribute__ on prototype args]) ] 326) 327 328AC_MSG_CHECKING([if compiler supports variable length arrays]) 329AC_COMPILE_IFELSE( 330 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 331 [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])], 332 [ AC_MSG_RESULT([yes]) 333 AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1], 334 [compiler supports variable length arrays]) ], 335 [ AC_MSG_RESULT([no]) ] 336) 337 338AC_MSG_CHECKING([if compiler accepts variable declarations after code]) 339AC_COMPILE_IFELSE( 340 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 341 [[ int a; a = 1; int b = 1; exit(a-b); ]])], 342 [ AC_MSG_RESULT([yes]) 343 AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1], 344 [compiler variable declarations after code]) ], 345 [ AC_MSG_RESULT([no]) ] 346) 347 348if test "x$no_attrib_nonnull" != "x1" ; then 349 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 350fi 351 352AC_ARG_WITH([rpath], 353 [ --without-rpath Disable auto-added -R linker paths], 354 [ 355 if test "x$withval" = "xno" ; then 356 rpath_opt="" 357 elif test "x$withval" = "xyes" ; then 358 rpath_opt="-R" 359 else 360 rpath_opt="$withval" 361 fi 362 ] 363) 364 365# Allow user to specify flags 366AC_ARG_WITH([cflags], 367 [ --with-cflags Specify additional flags to pass to compiler], 368 [ 369 if test -n "$withval" && test "x$withval" != "xno" && \ 370 test "x${withval}" != "xyes"; then 371 CFLAGS="$CFLAGS $withval" 372 fi 373 ] 374) 375 376AC_ARG_WITH([cflags-after], 377 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 378 [ 379 if test -n "$withval" && test "x$withval" != "xno" && \ 380 test "x${withval}" != "xyes"; then 381 CFLAGS_AFTER="$withval" 382 fi 383 ] 384) 385AC_ARG_WITH([cppflags], 386 [ --with-cppflags Specify additional flags to pass to preprocessor] , 387 [ 388 if test -n "$withval" && test "x$withval" != "xno" && \ 389 test "x${withval}" != "xyes"; then 390 CPPFLAGS="$CPPFLAGS $withval" 391 fi 392 ] 393) 394AC_ARG_WITH([ldflags], 395 [ --with-ldflags Specify additional flags to pass to linker], 396 [ 397 if test -n "$withval" && test "x$withval" != "xno" && \ 398 test "x${withval}" != "xyes"; then 399 LDFLAGS="$LDFLAGS $withval" 400 fi 401 ] 402) 403AC_ARG_WITH([ldflags-after], 404 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 405 [ 406 if test -n "$withval" && test "x$withval" != "xno" && \ 407 test "x${withval}" != "xyes"; then 408 LDFLAGS_AFTER="$withval" 409 fi 410 ] 411) 412AC_ARG_WITH([libs], 413 [ --with-libs Specify additional libraries to link with], 414 [ 415 if test -n "$withval" && test "x$withval" != "xno" && \ 416 test "x${withval}" != "xyes"; then 417 LIBS="$LIBS $withval" 418 fi 419 ] 420) 421AC_ARG_WITH([Werror], 422 [ --with-Werror Build main code with -Werror], 423 [ 424 if test -n "$withval" && test "x$withval" != "xno"; then 425 werror_flags="-Werror" 426 if test "x${withval}" != "xyes"; then 427 werror_flags="$withval" 428 fi 429 fi 430 ] 431) 432 433dnl On some old platforms, sys/stat.h requires sys/types.h, but autoconf-2.71's 434dnl AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order. If we 435dnl haven't detected it, recheck. 436if test "x$ac_cv_header_sys_stat_h" != "xyes"; then 437 unset ac_cv_header_sys_stat_h 438 AC_CHECK_HEADERS([sys/stat.h]) 439fi 440 441AC_CHECK_HEADERS([ \ 442 blf.h \ 443 bstring.h \ 444 crypt.h \ 445 crypto/sha2.h \ 446 dirent.h \ 447 endian.h \ 448 elf.h \ 449 err.h \ 450 features.h \ 451 fcntl.h \ 452 floatingpoint.h \ 453 fnmatch.h \ 454 getopt.h \ 455 glob.h \ 456 ia.h \ 457 iaf.h \ 458 ifaddrs.h \ 459 inttypes.h \ 460 langinfo.h \ 461 limits.h \ 462 locale.h \ 463 login.h \ 464 maillock.h \ 465 ndir.h \ 466 net/if_tun.h \ 467 netdb.h \ 468 netgroup.h \ 469 pam/pam_appl.h \ 470 paths.h \ 471 poll.h \ 472 pty.h \ 473 readpassphrase.h \ 474 rpc/types.h \ 475 security/pam_appl.h \ 476 sha2.h \ 477 shadow.h \ 478 stddef.h \ 479 stdint.h \ 480 string.h \ 481 strings.h \ 482 sys/bitypes.h \ 483 sys/byteorder.h \ 484 sys/bsdtty.h \ 485 sys/cdefs.h \ 486 sys/dir.h \ 487 sys/file.h \ 488 sys/mman.h \ 489 sys/label.h \ 490 sys/ndir.h \ 491 sys/param.h \ 492 sys/poll.h \ 493 sys/prctl.h \ 494 sys/procctl.h \ 495 sys/pstat.h \ 496 sys/ptrace.h \ 497 sys/random.h \ 498 sys/select.h \ 499 sys/stream.h \ 500 sys/stropts.h \ 501 sys/strtio.h \ 502 sys/statvfs.h \ 503 sys/sysmacros.h \ 504 sys/time.h \ 505 sys/timers.h \ 506 sys/vfs.h \ 507 time.h \ 508 tmpdir.h \ 509 ttyent.h \ 510 ucred.h \ 511 unistd.h \ 512 usersec.h \ 513 util.h \ 514 utime.h \ 515 utmp.h \ 516 utmpx.h \ 517 vis.h \ 518 wchar.h \ 519]) 520 521# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 522# to be included first. 523AC_CHECK_HEADERS([sys/audit.h], [], [], [ 524#ifdef HAVE_SYS_TIME_H 525# include <sys/time.h> 526#endif 527#ifdef HAVE_SYS_TYPES_H 528# include <sys/types.h> 529#endif 530#ifdef HAVE_SYS_LABEL_H 531# include <sys/label.h> 532#endif 533]) 534 535# sys/capsicum.h requires sys/types.h 536AC_CHECK_HEADERS([sys/capsicum.h capsicum_helpers.h], [], [], [ 537#ifdef HAVE_SYS_TYPES_H 538# include <sys/types.h> 539#endif 540]) 541 542AC_MSG_CHECKING([for caph_cache_tzdata]) 543AC_LINK_IFELSE( 544 [AC_LANG_PROGRAM([[ #include <capsicum_helpers.h> ]], 545 [[caph_cache_tzdata();]])], 546 [ 547 AC_MSG_RESULT([yes]) 548 AC_DEFINE([HAVE_CAPH_CACHE_TZDATA], [1], 549 [Define if you have caph_cache_tzdata]) 550 ], 551 [ AC_MSG_RESULT([no]) ] 552) 553 554# net/route.h requires sys/socket.h and sys/types.h. 555# sys/sysctl.h also requires sys/param.h 556AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 557#ifdef HAVE_SYS_TYPES_H 558# include <sys/types.h> 559#endif 560#include <sys/param.h> 561#include <sys/socket.h> 562]) 563 564# lastlog.h requires sys/time.h to be included first on Solaris 565AC_CHECK_HEADERS([lastlog.h], [], [], [ 566#ifdef HAVE_SYS_TIME_H 567# include <sys/time.h> 568#endif 569]) 570 571# sys/ptms.h requires sys/stream.h to be included first on Solaris 572AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 573#ifdef HAVE_SYS_STREAM_H 574# include <sys/stream.h> 575#endif 576]) 577 578# login_cap.h requires sys/types.h on NetBSD 579AC_CHECK_HEADERS([login_cap.h], [], [], [ 580#include <sys/types.h> 581]) 582 583# older BSDs need sys/param.h before sys/mount.h 584AC_CHECK_HEADERS([sys/mount.h], [], [], [ 585#include <sys/param.h> 586]) 587 588# Android requires sys/socket.h to be included before sys/un.h 589AC_CHECK_HEADERS([sys/un.h], [], [], [ 590#include <sys/types.h> 591#include <sys/socket.h> 592]) 593 594# Messages for features tested for in target-specific section 595SIA_MSG="no" 596SPC_MSG="no" 597SP_MSG="no" 598SPP_MSG="no" 599 600# Support for Solaris/Illumos privileges (this test is used by both 601# the --with-solaris-privs option and --with-sandbox=solaris). 602SOLARIS_PRIVS="no" 603 604# Check for some target-specific stuff 605case "$host" in 606*-*-aix*) 607 # Some versions of VAC won't allow macro redefinitions at 608 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 609 # particularly with older versions of vac or xlc. 610 # It also throws errors about null macro arguments, but these are 611 # not fatal. 612 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 613 AC_COMPILE_IFELSE( 614 [AC_LANG_PROGRAM([[ 615#define testmacro foo 616#define testmacro bar]], 617 [[ exit(0); ]])], 618 [ AC_MSG_RESULT([yes]) ], 619 [ AC_MSG_RESULT([no]) 620 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 621 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 622 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 623 ] 624 ) 625 626 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 627 if (test -z "$blibpath"); then 628 blibpath="/usr/lib:/lib" 629 fi 630 saved_LDFLAGS="$LDFLAGS" 631 if test "$GCC" = "yes"; then 632 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 633 else 634 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 635 fi 636 for tryflags in $flags ;do 637 if (test -z "$blibflags"); then 638 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 639 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 640 [blibflags=$tryflags], []) 641 fi 642 done 643 if (test -z "$blibflags"); then 644 AC_MSG_RESULT([not found]) 645 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 646 else 647 AC_MSG_RESULT([$blibflags]) 648 fi 649 LDFLAGS="$saved_LDFLAGS" 650 dnl Check for authenticate. Might be in libs.a on older AIXes 651 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 652 [Define if you want to enable AIX4's authenticate function])], 653 [AC_CHECK_LIB([s], [authenticate], 654 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 655 LIBS="$LIBS -ls" 656 ]) 657 ]) 658 dnl Check for various auth function declarations in headers. 659 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 660 passwdexpired, setauthdb], , , [#include <usersec.h>]) 661 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 662 AC_CHECK_DECLS([loginfailed], 663 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 664 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 665 [[ (void)loginfailed("user","host","tty",0); ]])], 666 [AC_MSG_RESULT([yes]) 667 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 668 [Define if your AIX loginfailed() function 669 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 670 ])], 671 [], 672 [#include <usersec.h>] 673 ) 674 AC_CHECK_FUNCS([getgrset setauthdb]) 675 AC_CHECK_DECL([F_CLOSEM], 676 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 677 [], 678 [ #include <limits.h> 679 #include <fcntl.h> ] 680 ) 681 check_for_aix_broken_getaddrinfo=1 682 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 683 [Define if your platform breaks doing a seteuid before a setuid]) 684 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 685 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 686 dnl AIX handles lastlog as part of its login message 687 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 688 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 689 [Some systems need a utmpx entry for /bin/login to work]) 690 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 691 [Define to a Set Process Title type if your system is 692 supported by bsd-setproctitle.c]) 693 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 694 [AIX 5.2 and 5.3 (and presumably newer) require this]) 695 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 696 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 697 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 698 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 699 ;; 700*-*-android*) 701 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 702 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 703 ;; 704*-*-cygwin*) 705 LIBS="$LIBS /usr/lib/textreadmode.o" 706 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 707 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 708 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 709 [Define to disable UID restoration test]) 710 AC_DEFINE([DISABLE_SHADOW], [1], 711 [Define if you want to disable shadow passwords]) 712 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 713 [Define if X11 doesn't support AF_UNIX sockets on that system]) 714 AC_DEFINE([DISABLE_FD_PASSING], [1], 715 [Define if your platform needs to skip post auth 716 file descriptor passing]) 717 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 718 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 719 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 720 # reasons which cause compile warnings, so we disable those warnings. 721 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 722 ;; 723*-*-dgux*) 724 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 725 [Define if your system choked on IP TOS setting]) 726 AC_DEFINE([SETEUID_BREAKS_SETUID]) 727 AC_DEFINE([BROKEN_SETREUID]) 728 AC_DEFINE([BROKEN_SETREGID]) 729 ;; 730*-*-darwin*) 731 use_pie=auto 732 AC_MSG_CHECKING([if we have working getaddrinfo]) 733 AC_RUN_IFELSE([AC_LANG_SOURCE([[ 734#include <mach-o/dyld.h> 735#include <stdlib.h> 736int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 737 exit(0); 738 else 739 exit(1); 740} 741 ]])], 742 [AC_MSG_RESULT([working])], 743 [AC_MSG_RESULT([buggy]) 744 AC_DEFINE([BROKEN_GETADDRINFO], [1], 745 [getaddrinfo is broken (if present)]) 746 ], 747 [AC_MSG_RESULT([assume it is working])]) 748 AC_DEFINE([SETEUID_BREAKS_SETUID]) 749 AC_DEFINE([BROKEN_SETREUID]) 750 AC_DEFINE([BROKEN_SETREGID]) 751 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 752 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 753 [Define if your resolver libs need this for getrrsetbyname]) 754 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 755 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 756 [Use tunnel device compatibility to OpenBSD]) 757 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 758 [Prepend the address family to IP tunnel traffic]) 759 m4_pattern_allow([AU_IPv]) 760 AC_CHECK_DECL([AU_IPv4], [], 761 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 762 [#include <bsm/audit.h>] 763 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 764 [Define if pututxline updates lastlog too]) 765 ) 766 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 767 [Define to a Set Process Title type if your system is 768 supported by bsd-setproctitle.c]) 769 AC_CHECK_FUNCS([sandbox_init]) 770 AC_CHECK_HEADERS([sandbox.h]) 771 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 772 SSHDLIBS="$SSHDLIBS -lsandbox" 773 ]) 774 # proc_pidinfo()-based closefrom() replacement. 775 AC_CHECK_HEADERS([libproc.h]) 776 AC_CHECK_FUNCS([proc_pidinfo]) 777 # poll(2) is broken for character-special devices (at least). 778 # cf. Apple bug 3710161 (not public, but searchable) 779 AC_DEFINE([BROKEN_POLL], [1], 780 [System poll(2) implementation is broken]) 781 ;; 782*-*-dragonfly*) 783 SSHDLIBS="$SSHDLIBS" 784 TEST_MALLOC_OPTIONS="AFGJPRX" 785 ;; 786*-*-haiku*) 787 LIBS="$LIBS -lbsd " 788 CFLAGS="$CFLAGS -D_BSD_SOURCE" 789 AC_CHECK_LIB([network], [socket]) 790 AC_DEFINE([HAVE_U_INT64_T]) 791 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 792 MANTYPE=man 793 ;; 794*-*-hpux*) 795 # first we define all of the options common to all HP-UX releases 796 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 797 IPADDR_IN_DISPLAY=yes 798 AC_DEFINE([USE_PIPES]) 799 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 800 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 801 [String used in /etc/passwd to denote locked account]) 802 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 803 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 804 maildir="/var/mail" 805 LIBS="$LIBS -lsec" 806 AC_CHECK_LIB([xnet], [t_error], , 807 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 808 809 # next, we define all of the options specific to major releases 810 case "$host" in 811 *-*-hpux10*) 812 if test -z "$GCC"; then 813 CFLAGS="$CFLAGS -Ae" 814 fi 815 AC_DEFINE([BROKEN_GETLINE], [1], [getline is not what we expect]) 816 ;; 817 *-*-hpux11*) 818 AC_DEFINE([PAM_SUN_CODEBASE], [1], 819 [Define if you are using Solaris-derived PAM which 820 passes pam_messages to the conversation function 821 with an extra level of indirection]) 822 AC_DEFINE([DISABLE_UTMP], [1], 823 [Define if you don't want to use utmp]) 824 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 825 check_for_hpux_broken_getaddrinfo=1 826 check_for_conflicting_getspnam=1 827 ;; 828 esac 829 830 # lastly, we define options specific to minor releases 831 case "$host" in 832 *-*-hpux10.26) 833 AC_DEFINE([HAVE_SECUREWARE], [1], 834 [Define if you have SecureWare-based 835 protected password database]) 836 disable_ptmx_check=yes 837 LIBS="$LIBS -lsecpw" 838 ;; 839 esac 840 ;; 841*-*-irix5*) 842 PATH="$PATH:/usr/etc" 843 AC_DEFINE([BROKEN_INET_NTOA], [1], 844 [Define if you system's inet_ntoa is busted 845 (e.g. Irix gcc issue)]) 846 AC_DEFINE([SETEUID_BREAKS_SETUID]) 847 AC_DEFINE([BROKEN_SETREUID]) 848 AC_DEFINE([BROKEN_SETREGID]) 849 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 850 [Define if you shouldn't strip 'tty' from your 851 ttyname in [uw]tmp]) 852 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 853 ;; 854*-*-irix6*) 855 PATH="$PATH:/usr/etc" 856 AC_DEFINE([WITH_IRIX_ARRAY], [1], 857 [Define if you have/want arrays 858 (cluster-wide session management, not C arrays)]) 859 AC_DEFINE([WITH_IRIX_PROJECT], [1], 860 [Define if you want IRIX project management]) 861 AC_DEFINE([WITH_IRIX_AUDIT], [1], 862 [Define if you want IRIX audit trails]) 863 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 864 [Define if you want IRIX kernel jobs])]) 865 AC_DEFINE([BROKEN_INET_NTOA]) 866 AC_DEFINE([SETEUID_BREAKS_SETUID]) 867 AC_DEFINE([BROKEN_SETREUID]) 868 AC_DEFINE([BROKEN_SETREGID]) 869 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 870 AC_DEFINE([WITH_ABBREV_NO_TTY]) 871 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 872 ;; 873*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 874 AC_DEFINE([PAM_TTY_KLUDGE]) 875 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 876 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 877 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 878 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 879 ;; 880*-*-linux*) 881 no_dev_ptmx=1 882 use_pie=auto 883 check_for_openpty_ctty_bug=1 884 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 885 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 886 dnl _GNU_SOURCE is needed for setres*id prototypes. 887 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE" 888 AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels]) 889 AC_DEFINE([PAM_TTY_KLUDGE], [1], 890 [Work around problematic Linux PAM modules handling of PAM_TTY]) 891 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 892 [String used in /etc/passwd to denote locked account]) 893 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 894 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 895 [Define to whatever link() returns for "not supported" 896 if it doesn't return EOPNOTSUPP.]) 897 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 898 AC_DEFINE([USE_BTMP]) 899 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 900 inet6_default_4in6=yes 901 case `uname -r` in 902 1.*|2.0.*) 903 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 904 [Define if cmsg_type is not passed correctly]) 905 ;; 906 esac 907 # tun(4) forwarding compat code 908 AC_CHECK_HEADERS([linux/if_tun.h]) 909 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 910 AC_DEFINE([SSH_TUN_LINUX], [1], 911 [Open tunnel devices the Linux tun/tap way]) 912 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 913 [Use tunnel device compatibility to OpenBSD]) 914 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 915 [Prepend the address family to IP tunnel traffic]) 916 fi 917 AC_CHECK_HEADER([linux/if.h], 918 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 919 [Support routing domains using Linux VRF]), [], [ 920#ifdef HAVE_SYS_TYPES_H 921# include <sys/types.h> 922#endif 923 ]) 924 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 925 [], [#include <linux/types.h>]) 926 # Obtain MIPS ABI 927 case "$host" in 928 mips*) 929 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 930#if _MIPS_SIM != _ABIO32 931#error 932#endif 933 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 934#if _MIPS_SIM != _ABIN32 935#error 936#endif 937 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 938#if _MIPS_SIM != _ABI64 939#error 940#endif 941 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 942 ]) 943 ]) 944 ]) 945 ;; 946 esac 947 AC_MSG_CHECKING([for seccomp architecture]) 948 seccomp_audit_arch= 949 case "$host" in 950 x86_64-*) 951 seccomp_audit_arch=AUDIT_ARCH_X86_64 952 ;; 953 i*86-*) 954 seccomp_audit_arch=AUDIT_ARCH_I386 955 ;; 956 arm*-*) 957 seccomp_audit_arch=AUDIT_ARCH_ARM 958 ;; 959 aarch64*-*) 960 seccomp_audit_arch=AUDIT_ARCH_AARCH64 961 ;; 962 s390x-*) 963 seccomp_audit_arch=AUDIT_ARCH_S390X 964 ;; 965 s390-*) 966 seccomp_audit_arch=AUDIT_ARCH_S390 967 ;; 968 powerpc-*) 969 seccomp_audit_arch=AUDIT_ARCH_PPC 970 ;; 971 powerpc64-*) 972 seccomp_audit_arch=AUDIT_ARCH_PPC64 973 ;; 974 powerpc64le-*) 975 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 976 ;; 977 mips-*) 978 seccomp_audit_arch=AUDIT_ARCH_MIPS 979 ;; 980 mipsel-*) 981 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 982 ;; 983 mips64-*) 984 case "$mips_abi" in 985 "n32") 986 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 987 ;; 988 "n64") 989 seccomp_audit_arch=AUDIT_ARCH_MIPS64 990 ;; 991 esac 992 ;; 993 mips64el-*) 994 case "$mips_abi" in 995 "n32") 996 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 997 ;; 998 "n64") 999 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 1000 ;; 1001 esac 1002 ;; 1003 riscv64-*) 1004 seccomp_audit_arch=AUDIT_ARCH_RISCV64 1005 ;; 1006 esac 1007 if test "x$seccomp_audit_arch" != "x" ; then 1008 AC_MSG_RESULT(["$seccomp_audit_arch"]) 1009 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 1010 [Specify the system call convention in use]) 1011 else 1012 AC_MSG_RESULT([architecture not supported]) 1013 fi 1014 ;; 1015*-*-minix) 1016 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1017 # poll(2) seems to choke on /dev/null; "Bad file descriptor" 1018 AC_DEFINE([BROKEN_POLL], [1], 1019 [System poll(2) implementation is broken]) 1020 ;; 1021mips-sony-bsd|mips-sony-newsos4) 1022 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 1023 SONY=1 1024 ;; 1025*-*-netbsd*) 1026 if test "x$withval" != "xno" ; then 1027 rpath_opt="-R" 1028 fi 1029 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 1030 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 1031 AC_CHECK_HEADER([net/if_tap.h], , 1032 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 1033 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 1034 [Prepend the address family to IP tunnel traffic]) 1035 TEST_MALLOC_OPTIONS="AJRX" 1036 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 1037 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 1038 ;; 1039*-*-freebsd*) 1040 SKIP_DISABLE_LASTLOG_DEFINE=yes 1041 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 1042 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 1043 AC_CHECK_HEADER([net/if_tap.h], , 1044 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 1045 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 1046 TEST_MALLOC_OPTIONS="AJRX" 1047 # Preauth crypto occasionally uses file descriptors for crypto offload 1048 # and will crash if they cannot be opened. 1049 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 1050 [define if setrlimit RLIMIT_NOFILE breaks things]) 1051 case "$host" in 1052 *-*-freebsd9.*|*-*-freebsd10.*) 1053 # Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable. 1054 disable_capsicum=yes 1055 esac 1056 ;; 1057*-*-bsdi*) 1058 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1059 AC_DEFINE([BROKEN_SETREUID]) 1060 AC_DEFINE([BROKEN_SETREGID]) 1061 ;; 1062*-next-*) 1063 conf_lastlog_location="/usr/adm/lastlog" 1064 conf_utmp_location=/etc/utmp 1065 conf_wtmp_location=/usr/adm/wtmp 1066 maildir=/usr/spool/mail 1067 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 1068 AC_DEFINE([USE_PIPES]) 1069 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 1070 ;; 1071*-*-openbsd*) 1072 use_pie=auto 1073 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 1074 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 1075 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 1076 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 1077 [syslog_r function is safe to use in in a signal handler]) 1078 TEST_MALLOC_OPTIONS="AFGJPRX" 1079 ;; 1080*-*-solaris*) 1081 if test "x$withval" != "xno" ; then 1082 rpath_opt="-R" 1083 fi 1084 AC_DEFINE([PAM_SUN_CODEBASE]) 1085 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 1086 AC_DEFINE([PAM_TTY_KLUDGE]) 1087 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 1088 [Define if pam_chauthtok wants real uid set 1089 to the unpriv'ed user]) 1090 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1091 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 1092 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 1093 [Define if sshd somehow reacquires a controlling TTY 1094 after setsid()]) 1095 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1096 in case the name is longer than 8 chars]) 1097 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1098 external_path_file=/etc/default/login 1099 # hardwire lastlog location (can't detect it on some versions) 1100 conf_lastlog_location="/var/adm/lastlog" 1101 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1102 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1103 if test "$sol2ver" -ge 8; then 1104 AC_MSG_RESULT([yes]) 1105 AC_DEFINE([DISABLE_UTMP]) 1106 AC_DEFINE([DISABLE_WTMP], [1], 1107 [Define if you don't want to use wtmp]) 1108 else 1109 AC_MSG_RESULT([no]) 1110 fi 1111 AC_CHECK_FUNCS([setpflags]) 1112 AC_CHECK_FUNCS([setppriv]) 1113 AC_CHECK_FUNCS([priv_basicset]) 1114 AC_CHECK_HEADERS([priv.h]) 1115 AC_ARG_WITH([solaris-contracts], 1116 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1117 [ 1118 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1119 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1120 [Define if you have Solaris process contracts]) 1121 LIBS="$LIBS -lcontract" 1122 SPC_MSG="yes" ], ) 1123 ], 1124 ) 1125 AC_ARG_WITH([solaris-projects], 1126 [ --with-solaris-projects Enable Solaris projects (experimental)], 1127 [ 1128 AC_CHECK_LIB([project], [setproject], 1129 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1130 [Define if you have Solaris projects]) 1131 LIBS="$LIBS -lproject" 1132 SP_MSG="yes" ], ) 1133 ], 1134 ) 1135 AC_ARG_WITH([solaris-privs], 1136 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1137 [ 1138 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1139 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1140 "x$ac_cv_header_priv_h" = "xyes" ; then 1141 SOLARIS_PRIVS=yes 1142 AC_MSG_RESULT([found]) 1143 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1144 [Define to disable UID restoration test]) 1145 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1146 [Define if you have Solaris privileges]) 1147 SPP_MSG="yes" 1148 else 1149 AC_MSG_RESULT([not found]) 1150 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1151 fi 1152 ], 1153 ) 1154 TEST_SHELL=$SHELL # let configure find us a capable shell 1155 ;; 1156*-*-sunos4*) 1157 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1158 AC_CHECK_FUNCS([getpwanam]) 1159 AC_DEFINE([PAM_SUN_CODEBASE]) 1160 conf_utmp_location=/etc/utmp 1161 conf_wtmp_location=/var/adm/wtmp 1162 conf_lastlog_location=/var/adm/lastlog 1163 AC_DEFINE([USE_PIPES]) 1164 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1165 ;; 1166*-ncr-sysv*) 1167 LIBS="$LIBS -lc89" 1168 AC_DEFINE([USE_PIPES]) 1169 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1170 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1171 AC_DEFINE([BROKEN_SETREUID]) 1172 AC_DEFINE([BROKEN_SETREGID]) 1173 ;; 1174*-sni-sysv*) 1175 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1176 AC_CHECK_LIB([dl], [dlsym], ,) 1177 # -lresolv needs to be at the end of LIBS or DNS lookups break 1178 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1179 IPADDR_IN_DISPLAY=yes 1180 AC_DEFINE([USE_PIPES]) 1181 AC_DEFINE([IP_TOS_IS_BROKEN]) 1182 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1183 AC_DEFINE([BROKEN_SETREUID]) 1184 AC_DEFINE([BROKEN_SETREGID]) 1185 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1186 external_path_file=/etc/default/login 1187 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1188 # Attention: always take care to bind libsocket and libnsl before libc, 1189 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1190 ;; 1191# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1192*-*-sysv4.2*) 1193 AC_DEFINE([USE_PIPES]) 1194 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1195 AC_DEFINE([BROKEN_SETREUID]) 1196 AC_DEFINE([BROKEN_SETREGID]) 1197 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1198 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1199 TEST_SHELL=$SHELL # let configure find us a capable shell 1200 ;; 1201# UnixWare 7.x, OpenUNIX 8 1202*-*-sysv5*) 1203 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1204 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1205 AC_DEFINE([USE_PIPES]) 1206 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1207 AC_DEFINE([BROKEN_GETADDRINFO]) 1208 AC_DEFINE([BROKEN_SETREUID]) 1209 AC_DEFINE([BROKEN_SETREGID]) 1210 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1211 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1212 TEST_SHELL=$SHELL # let configure find us a capable shell 1213 case "$host" in 1214 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1215 maildir=/var/spool/mail 1216 AC_DEFINE([BROKEN_UPDWTMPX]) 1217 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1218 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1219 ], , ) 1220 ;; 1221 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1222 ;; 1223 esac 1224 ;; 1225*-*-sysv*) 1226 ;; 1227# SCO UNIX and OEM versions of SCO UNIX 1228*-*-sco3.2v4*) 1229 AC_MSG_ERROR("This Platform is no longer supported.") 1230 ;; 1231# SCO OpenServer 5.x 1232*-*-sco3.2v5*) 1233 if test -z "$GCC"; then 1234 CFLAGS="$CFLAGS -belf" 1235 fi 1236 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1237 no_dev_ptmx=1 1238 AC_DEFINE([USE_PIPES]) 1239 AC_DEFINE([HAVE_SECUREWARE]) 1240 AC_DEFINE([DISABLE_SHADOW]) 1241 AC_DEFINE([DISABLE_FD_PASSING]) 1242 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1243 AC_DEFINE([BROKEN_GETADDRINFO]) 1244 AC_DEFINE([BROKEN_SETREUID]) 1245 AC_DEFINE([BROKEN_SETREGID]) 1246 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1247 AC_DEFINE([BROKEN_UPDWTMPX]) 1248 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1249 AC_CHECK_FUNCS([getluid setluid]) 1250 MANTYPE=man 1251 TEST_SHELL=$SHELL # let configure find us a capable shell 1252 SKIP_DISABLE_LASTLOG_DEFINE=yes 1253 ;; 1254*-dec-osf*) 1255 AC_MSG_CHECKING([for Digital Unix SIA]) 1256 no_osfsia="" 1257 AC_ARG_WITH([osfsia], 1258 [ --with-osfsia Enable Digital Unix SIA], 1259 [ 1260 if test "x$withval" = "xno" ; then 1261 AC_MSG_RESULT([disabled]) 1262 no_osfsia=1 1263 fi 1264 ], 1265 ) 1266 if test -z "$no_osfsia" ; then 1267 if test -f /etc/sia/matrix.conf; then 1268 AC_MSG_RESULT([yes]) 1269 AC_DEFINE([HAVE_OSF_SIA], [1], 1270 [Define if you have Digital Unix Security 1271 Integration Architecture]) 1272 AC_DEFINE([DISABLE_LOGIN], [1], 1273 [Define if you don't want to use your 1274 system's login() call]) 1275 AC_DEFINE([DISABLE_FD_PASSING]) 1276 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1277 SIA_MSG="yes" 1278 else 1279 AC_MSG_RESULT([no]) 1280 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1281 [String used in /etc/passwd to denote locked account]) 1282 fi 1283 fi 1284 AC_DEFINE([BROKEN_GETADDRINFO]) 1285 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1286 AC_DEFINE([BROKEN_SETREUID]) 1287 AC_DEFINE([BROKEN_SETREGID]) 1288 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1289 ;; 1290 1291*-*-nto-qnx*) 1292 AC_DEFINE([USE_PIPES]) 1293 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1294 AC_DEFINE([DISABLE_LASTLOG]) 1295 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1296 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1297 enable_etc_default_login=no # has incompatible /etc/default/login 1298 case "$host" in 1299 *-*-nto-qnx6*) 1300 AC_DEFINE([DISABLE_FD_PASSING]) 1301 ;; 1302 esac 1303 ;; 1304 1305*-*-ultrix*) 1306 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1307 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1308 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1309 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1310 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1311 # don't get a controlling tty. 1312 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1313 # On Ultrix some headers are not protected against multiple includes, 1314 # so we create wrappers and put it where the compiler will find it. 1315 AC_MSG_WARN([creating compat wrappers for headers]) 1316 mkdir -p netinet 1317 for header in netinet/ip.h netdb.h resolv.h; do 1318 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1319 cat >$header <<EOD 1320#ifndef _SSH_COMPAT_${name} 1321#define _SSH_COMPAT_${name} 1322#include "/usr/include/${header}" 1323#endif 1324EOD 1325 done 1326 ;; 1327 1328*-*-lynxos) 1329 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1330 AC_DEFINE([BROKEN_SETVBUF], [1], 1331 [LynxOS has broken setvbuf() implementation]) 1332 ;; 1333esac 1334 1335AC_MSG_CHECKING([compiler and flags for sanity]) 1336AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])], 1337 [ AC_MSG_RESULT([yes]) ], 1338 [ 1339 AC_MSG_RESULT([no]) 1340 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1341 ], 1342 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1343) 1344 1345dnl Checks for header files. 1346# Checks for libraries. 1347AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1348 1349dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1350AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1351 AC_CHECK_LIB([gen], [dirname], [ 1352 AC_CACHE_CHECK([for broken dirname], 1353 ac_cv_have_broken_dirname, [ 1354 save_LIBS="$LIBS" 1355 LIBS="$LIBS -lgen" 1356 AC_RUN_IFELSE( 1357 [AC_LANG_SOURCE([[ 1358#include <libgen.h> 1359#include <string.h> 1360#include <stdlib.h> 1361 1362int main(int argc, char **argv) { 1363 char *s, buf[32]; 1364 1365 strncpy(buf,"/etc", 32); 1366 s = dirname(buf); 1367 if (!s || strncmp(s, "/", 32) != 0) { 1368 exit(1); 1369 } else { 1370 exit(0); 1371 } 1372} 1373 ]])], 1374 [ ac_cv_have_broken_dirname="no" ], 1375 [ ac_cv_have_broken_dirname="yes" ], 1376 [ ac_cv_have_broken_dirname="no" ], 1377 ) 1378 LIBS="$save_LIBS" 1379 ]) 1380 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1381 LIBS="$LIBS -lgen" 1382 AC_DEFINE([HAVE_DIRNAME]) 1383 AC_CHECK_HEADERS([libgen.h]) 1384 fi 1385 ]) 1386]) 1387 1388AC_CHECK_FUNC([getspnam], , 1389 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1390AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1391 [Define if you have the basename function.])]) 1392 1393dnl zlib defaults to enabled 1394zlib=yes 1395AC_ARG_WITH([zlib], 1396 [ --with-zlib=PATH Use zlib in PATH], 1397 [ if test "x$withval" = "xno" ; then 1398 zlib=no 1399 elif test "x$withval" != "xyes"; then 1400 if test -d "$withval/lib"; then 1401 if test -n "${rpath_opt}"; then 1402 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1403 else 1404 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1405 fi 1406 else 1407 if test -n "${rpath_opt}"; then 1408 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1409 else 1410 LDFLAGS="-L${withval} ${LDFLAGS}" 1411 fi 1412 fi 1413 if test -d "$withval/include"; then 1414 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1415 else 1416 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1417 fi 1418 fi ] 1419) 1420 1421# These libraries are needed for anything that links in the channel code. 1422CHANNELLIBS="" 1423AC_MSG_CHECKING([for zlib]) 1424if test "x${zlib}" = "xno"; then 1425 AC_MSG_RESULT([no]) 1426else 1427 saved_LIBS="$LIBS" 1428 CHANNELLIBS="$CHANNELLIBS -lz" 1429 AC_MSG_RESULT([yes]) 1430 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1431 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1432 AC_CHECK_LIB([z], [deflate], [], 1433 [ 1434 saved_CPPFLAGS="$CPPFLAGS" 1435 saved_LDFLAGS="$LDFLAGS" 1436 dnl Check default zlib install dir 1437 if test -n "${rpath_opt}"; then 1438 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1439 else 1440 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1441 fi 1442 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1443 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1444 [ 1445 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1446 ] 1447 ) 1448 ] 1449 ) 1450 1451 AC_ARG_WITH([zlib-version-check], 1452 [ --without-zlib-version-check Disable zlib version check], 1453 [ if test "x$withval" = "xno" ; then 1454 zlib_check_nonfatal=1 1455 fi 1456 ] 1457 ) 1458 1459 AC_MSG_CHECKING([for possibly buggy zlib]) 1460 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1461#include <stdio.h> 1462#include <stdlib.h> 1463#include <zlib.h> 1464 ]], 1465 [[ 1466 int a=0, b=0, c=0, d=0, n, v; 1467 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1468 if (n != 3 && n != 4) 1469 exit(1); 1470 v = a*1000000 + b*10000 + c*100 + d; 1471 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1472 1473 /* 1.1.4 is OK */ 1474 if (a == 1 && b == 1 && c >= 4) 1475 exit(0); 1476 1477 /* 1.2.3 and up are OK */ 1478 if (v >= 1020300) 1479 exit(0); 1480 1481 exit(2); 1482 ]])], 1483 AC_MSG_RESULT([no]), 1484 [ AC_MSG_RESULT([yes]) 1485 if test -z "$zlib_check_nonfatal" ; then 1486 AC_MSG_ERROR([*** zlib too old - check config.log *** 1487Your reported zlib version has known security problems. It's possible your 1488vendor has fixed these problems without changing the version number. If you 1489are sure this is the case, you can disable the check by running 1490"./configure --without-zlib-version-check". 1491If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1492See http://www.gzip.org/zlib/ for details.]) 1493 else 1494 AC_MSG_WARN([zlib version may have security problems]) 1495 fi 1496 ], 1497 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1498 ) 1499 LIBS="$saved_LIBS" 1500fi 1501 1502dnl UnixWare 2.x 1503AC_CHECK_FUNC([strcasecmp], 1504 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1505) 1506AC_CHECK_FUNCS([utimes], 1507 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1508 LIBS="$LIBS -lc89"]) ] 1509) 1510 1511dnl Checks for libutil functions 1512AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1513AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1514AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1515AC_SEARCH_LIBS([login], [util bsd]) 1516AC_SEARCH_LIBS([logout], [util bsd]) 1517AC_SEARCH_LIBS([logwtmp], [util bsd]) 1518AC_SEARCH_LIBS([openpty], [util bsd]) 1519AC_SEARCH_LIBS([updwtmp], [util bsd]) 1520AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1521 1522# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1523# or libnsl. 1524AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1525AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1526 1527# Some Linux distribtions ship the BSD libc hashing functions in 1528# separate libraries. 1529AC_SEARCH_LIBS([SHA256Update], [md bsd]) 1530 1531# "Particular Function Checks" 1532# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1533AC_FUNC_STRFTIME 1534AC_FUNC_MALLOC 1535AC_FUNC_REALLOC 1536# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1537AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1538AC_RUN_IFELSE( 1539 [AC_LANG_PROGRAM( 1540 [[ #include <stdlib.h> ]], 1541 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1542 )], 1543 [ func_calloc_0_nonnull=yes ], 1544 [ func_calloc_0_nonnull=no ], 1545 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1546 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1547) 1548AC_MSG_RESULT([$func_calloc_0_nonnull]) 1549 1550if test "x$func_calloc_0_nonnull" = "xyes"; then 1551 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1552else 1553 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1554 AC_DEFINE(calloc, rpl_calloc, 1555 [Define to rpl_calloc if the replacement function should be used.]) 1556fi 1557 1558# Check for ALTDIRFUNC glob() extension 1559AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1560AC_EGREP_CPP([FOUNDIT], 1561 [ 1562 #include <glob.h> 1563 #ifdef GLOB_ALTDIRFUNC 1564 FOUNDIT 1565 #endif 1566 ], 1567 [ 1568 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1569 [Define if your system glob() function has 1570 the GLOB_ALTDIRFUNC extension]) 1571 AC_MSG_RESULT([yes]) 1572 ], 1573 [ 1574 AC_MSG_RESULT([no]) 1575 ] 1576) 1577 1578# Check for g.gl_matchc glob() extension 1579AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1580AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1581 [[ glob_t g; g.gl_matchc = 1; ]])], 1582 [ 1583 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1584 [Define if your system glob() function has 1585 gl_matchc options in glob_t]) 1586 AC_MSG_RESULT([yes]) 1587 ], [ 1588 AC_MSG_RESULT([no]) 1589]) 1590 1591# Check for g.gl_statv glob() extension 1592AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1593AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1594#ifndef GLOB_KEEPSTAT 1595#error "glob does not support GLOB_KEEPSTAT extension" 1596#endif 1597glob_t g; 1598g.gl_statv = NULL; 1599]])], 1600 [ 1601 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1602 [Define if your system glob() function has 1603 gl_statv options in glob_t]) 1604 AC_MSG_RESULT([yes]) 1605 ], [ 1606 AC_MSG_RESULT([no]) 1607 1608]) 1609 1610AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1611 1612AC_CHECK_DECL([VIS_ALL], , 1613 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1614 1615AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1616AC_RUN_IFELSE( 1617 [AC_LANG_PROGRAM([[ 1618#include <sys/types.h> 1619#include <dirent.h> 1620#include <stdlib.h> 1621 ]], 1622 [[ 1623 struct dirent d; 1624 exit(sizeof(d.d_name)<=sizeof(char)); 1625 ]])], 1626 [AC_MSG_RESULT([yes])], 1627 [ 1628 AC_MSG_RESULT([no]) 1629 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1630 [Define if your struct dirent expects you to 1631 allocate extra space for d_name]) 1632 ], 1633 [ 1634 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1635 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1636 ] 1637) 1638 1639AC_MSG_CHECKING([for /proc/pid/fd directory]) 1640if test -d "/proc/$$/fd" ; then 1641 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1642 AC_MSG_RESULT([yes]) 1643else 1644 AC_MSG_RESULT([no]) 1645fi 1646 1647# Check whether user wants TCP wrappers support 1648TCPW_MSG="no" 1649AC_ARG_WITH([tcp-wrappers], 1650 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1651 [ 1652 if test "x$withval" != "xno" ; then 1653 saved_LIBS="$LIBS" 1654 saved_LDFLAGS="$LDFLAGS" 1655 saved_CPPFLAGS="$CPPFLAGS" 1656 if test -n "${withval}" && \ 1657 test "x${withval}" != "xyes"; then 1658 if test -d "${withval}/lib"; then 1659 if test -n "${need_dash_r}"; then 1660 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1661 else 1662 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1663 fi 1664 else 1665 if test -n "${need_dash_r}"; then 1666 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1667 else 1668 LDFLAGS="-L${withval} ${LDFLAGS}" 1669 fi 1670 fi 1671 if test -d "${withval}/include"; then 1672 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1673 else 1674 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1675 fi 1676 fi 1677 LIBS="-lwrap $LIBS" 1678 AC_MSG_CHECKING([for libwrap]) 1679 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1680#include <sys/types.h> 1681#include <sys/socket.h> 1682#include <netinet/in.h> 1683#include <tcpd.h> 1684int deny_severity = 0, allow_severity = 0; 1685 ]], [[ 1686 hosts_access(0); 1687 ]])], [ 1688 AC_MSG_RESULT([yes]) 1689 AC_DEFINE([LIBWRAP], [1], 1690 [Define if you want 1691 TCP Wrappers support]) 1692 SSHDLIBS="$SSHDLIBS -lwrap" 1693 TCPW_MSG="yes" 1694 ], [ 1695 AC_MSG_ERROR([*** libwrap missing]) 1696 ]) 1697 LIBS="$saved_LIBS" 1698 fi 1699 ] 1700) 1701 1702# Check whether user wants to use ldns 1703LDNS_MSG="no" 1704AC_ARG_WITH(ldns, 1705 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1706 [ 1707 ldns="" 1708 if test "x$withval" = "xyes" ; then 1709 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1710 if test "x$LDNSCONFIG" = "xno"; then 1711 LIBS="-lldns $LIBS" 1712 ldns=yes 1713 else 1714 LIBS="$LIBS `$LDNSCONFIG --libs`" 1715 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1716 ldns=yes 1717 fi 1718 elif test "x$withval" != "xno" ; then 1719 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1720 LDFLAGS="$LDFLAGS -L${withval}/lib" 1721 LIBS="-lldns $LIBS" 1722 ldns=yes 1723 fi 1724 1725 # Verify that it works. 1726 if test "x$ldns" = "xyes" ; then 1727 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1728 LDNS_MSG="yes" 1729 AC_MSG_CHECKING([for ldns support]) 1730 AC_LINK_IFELSE( 1731 [AC_LANG_SOURCE([[ 1732#include <stdio.h> 1733#include <stdlib.h> 1734#ifdef HAVE_STDINT_H 1735# include <stdint.h> 1736#endif 1737#include <ldns/ldns.h> 1738int main(void) { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1739 ]]) 1740 ], 1741 [AC_MSG_RESULT(yes)], 1742 [ 1743 AC_MSG_RESULT(no) 1744 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1745 ]) 1746 fi 1747]) 1748 1749# Check whether user wants libedit support 1750LIBEDIT_MSG="no" 1751AC_ARG_WITH([libedit], 1752 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1753 [ if test "x$withval" != "xno" ; then 1754 if test "x$withval" = "xyes" ; then 1755 if test "x$PKGCONFIG" != "xno"; then 1756 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1757 if "$PKGCONFIG" libedit; then 1758 AC_MSG_RESULT([yes]) 1759 use_pkgconfig_for_libedit=yes 1760 else 1761 AC_MSG_RESULT([no]) 1762 fi 1763 fi 1764 else 1765 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1766 if test -n "${rpath_opt}"; then 1767 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1768 else 1769 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1770 fi 1771 fi 1772 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1773 LIBEDIT=`$PKGCONFIG --libs libedit` 1774 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1775 else 1776 LIBEDIT="-ledit -lcurses" 1777 fi 1778 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1779 AC_CHECK_LIB([edit], [el_init], 1780 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1781 LIBEDIT_MSG="yes" 1782 AC_SUBST([LIBEDIT]) 1783 ], 1784 [ AC_MSG_ERROR([libedit not found]) ], 1785 [ $OTHERLIBS ] 1786 ) 1787 AC_MSG_CHECKING([if libedit version is compatible]) 1788 AC_COMPILE_IFELSE( 1789 [AC_LANG_PROGRAM([[ 1790#include <histedit.h> 1791#include <stdlib.h> 1792 ]], 1793 [[ 1794 int i = H_SETSIZE; 1795 el_init("", NULL, NULL, NULL); 1796 exit(0); 1797 ]])], 1798 [ AC_MSG_RESULT([yes]) ], 1799 [ AC_MSG_RESULT([no]) 1800 AC_MSG_ERROR([libedit version is not compatible]) ] 1801 ) 1802 fi ] 1803) 1804 1805AUDIT_MODULE=none 1806AC_ARG_WITH([audit], 1807 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1808 [ 1809 AC_MSG_CHECKING([for supported audit module]) 1810 case "$withval" in 1811 bsm) 1812 AC_MSG_RESULT([bsm]) 1813 AUDIT_MODULE=bsm 1814 dnl Checks for headers, libs and functions 1815 AC_CHECK_HEADERS([bsm/audit.h], [], 1816 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1817 [ 1818#ifdef HAVE_TIME_H 1819# include <time.h> 1820#endif 1821 ] 1822) 1823 AC_CHECK_LIB([bsm], [getaudit], [], 1824 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1825 AC_CHECK_FUNCS([getaudit], [], 1826 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1827 # These are optional 1828 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1829 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1830 if test "$sol2ver" -ge 11; then 1831 SSHDLIBS="$SSHDLIBS -lscf" 1832 AC_DEFINE([BROKEN_BSM_API], [1], 1833 [The system has incomplete BSM API]) 1834 fi 1835 ;; 1836 linux) 1837 AC_MSG_RESULT([linux]) 1838 AUDIT_MODULE=linux 1839 dnl Checks for headers, libs and functions 1840 AC_CHECK_HEADERS([libaudit.h]) 1841 SSHDLIBS="$SSHDLIBS -laudit" 1842 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1843 ;; 1844 debug) 1845 AUDIT_MODULE=debug 1846 AC_MSG_RESULT([debug]) 1847 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1848 ;; 1849 no) 1850 AC_MSG_RESULT([no]) 1851 ;; 1852 *) 1853 AC_MSG_ERROR([Unknown audit module $withval]) 1854 ;; 1855 esac ] 1856) 1857 1858AC_ARG_WITH([pie], 1859 [ --with-pie Build Position Independent Executables if possible], [ 1860 if test "x$withval" = "xno"; then 1861 use_pie=no 1862 fi 1863 if test "x$withval" = "xyes"; then 1864 use_pie=yes 1865 fi 1866 ] 1867) 1868if test "x$use_pie" = "x"; then 1869 use_pie=no 1870fi 1871if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1872 # Turn off automatic PIE when toolchain hardening is off. 1873 use_pie=no 1874fi 1875if test "x$use_pie" = "xauto"; then 1876 # Automatic PIE requires gcc >= 4.x 1877 AC_MSG_CHECKING([for gcc >= 4.x]) 1878 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1879#if !defined(__GNUC__) || __GNUC__ < 4 1880#error gcc is too old 1881#endif 1882]])], 1883 [ AC_MSG_RESULT([yes]) ], 1884 [ AC_MSG_RESULT([no]) 1885 use_pie=no ] 1886) 1887fi 1888if test "x$use_pie" != "xno"; then 1889 SAVED_CFLAGS="$CFLAGS" 1890 SAVED_LDFLAGS="$LDFLAGS" 1891 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1892 OSSH_CHECK_LDFLAG_LINK([-pie]) 1893 # We use both -fPIE and -pie or neither. 1894 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1895 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1896 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1897 AC_MSG_RESULT([yes]) 1898 else 1899 AC_MSG_RESULT([no]) 1900 CFLAGS="$SAVED_CFLAGS" 1901 LDFLAGS="$SAVED_LDFLAGS" 1902 fi 1903fi 1904 1905AC_MSG_CHECKING([whether -fPIC is accepted]) 1906SAVED_CFLAGS="$CFLAGS" 1907CFLAGS="$CFLAGS -fPIC" 1908AC_COMPILE_IFELSE( 1909 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1910 [AC_MSG_RESULT([yes]) 1911 PICFLAG="-fPIC"; ], 1912 [AC_MSG_RESULT([no]) 1913 PICFLAG=""; ]) 1914CFLAGS="$SAVED_CFLAGS" 1915AC_SUBST([PICFLAG]) 1916 1917dnl Checks for library functions. Please keep in alphabetical order 1918AC_CHECK_FUNCS([ \ 1919 auth_hostok \ 1920 auth_timeok \ 1921 Blowfish_initstate \ 1922 Blowfish_expandstate \ 1923 Blowfish_expand0state \ 1924 Blowfish_stream2word \ 1925 SHA256Update \ 1926 SHA384Update \ 1927 SHA512Update \ 1928 asprintf \ 1929 b64_ntop \ 1930 __b64_ntop \ 1931 b64_pton \ 1932 __b64_pton \ 1933 bcopy \ 1934 bcrypt_pbkdf \ 1935 bindresvport_sa \ 1936 blf_enc \ 1937 bzero \ 1938 cap_rights_limit \ 1939 clock \ 1940 closefrom \ 1941 close_range \ 1942 dirfd \ 1943 endgrent \ 1944 err \ 1945 errx \ 1946 explicit_bzero \ 1947 explicit_memset \ 1948 fchmod \ 1949 fchmodat \ 1950 fchown \ 1951 fchownat \ 1952 flock \ 1953 fnmatch \ 1954 freeaddrinfo \ 1955 freezero \ 1956 fstatfs \ 1957 fstatvfs \ 1958 futimes \ 1959 getaddrinfo \ 1960 getcwd \ 1961 getentropy \ 1962 getgrouplist \ 1963 getline \ 1964 getnameinfo \ 1965 getopt \ 1966 getpagesize \ 1967 getpeereid \ 1968 getpeerucred \ 1969 getpgid \ 1970 _getpty \ 1971 getrlimit \ 1972 getrandom \ 1973 getsid \ 1974 getttyent \ 1975 glob \ 1976 group_from_gid \ 1977 inet_aton \ 1978 inet_ntoa \ 1979 inet_ntop \ 1980 innetgr \ 1981 killpg \ 1982 llabs \ 1983 localtime_r \ 1984 login_getcapbool \ 1985 login_getpwclass \ 1986 memmem \ 1987 memmove \ 1988 memset_s \ 1989 mkdtemp \ 1990 ngetaddrinfo \ 1991 nsleep \ 1992 ogetaddrinfo \ 1993 openlog_r \ 1994 pledge \ 1995 poll \ 1996 ppoll \ 1997 prctl \ 1998 procctl \ 1999 pselect \ 2000 pstat \ 2001 raise \ 2002 readpassphrase \ 2003 reallocarray \ 2004 realpath \ 2005 recvmsg \ 2006 recallocarray \ 2007 rresvport_af \ 2008 sendmsg \ 2009 setdtablesize \ 2010 setegid \ 2011 setenv \ 2012 seteuid \ 2013 setgroupent \ 2014 setgroups \ 2015 setlinebuf \ 2016 setlogin \ 2017 setpassent\ 2018 setpcred \ 2019 setproctitle \ 2020 setregid \ 2021 setreuid \ 2022 setrlimit \ 2023 setsid \ 2024 setvbuf \ 2025 sigaction \ 2026 sigvec \ 2027 snprintf \ 2028 socketpair \ 2029 statfs \ 2030 statvfs \ 2031 strcasestr \ 2032 strdup \ 2033 strerror \ 2034 strlcat \ 2035 strlcpy \ 2036 strmode \ 2037 strndup \ 2038 strnlen \ 2039 strnvis \ 2040 strptime \ 2041 strsignal \ 2042 strtonum \ 2043 strtoll \ 2044 strtoul \ 2045 strtoull \ 2046 swap32 \ 2047 sysconf \ 2048 tcgetpgrp \ 2049 timegm \ 2050 timingsafe_bcmp \ 2051 truncate \ 2052 unsetenv \ 2053 updwtmpx \ 2054 utimensat \ 2055 user_from_uid \ 2056 usleep \ 2057 vasprintf \ 2058 vsnprintf \ 2059 waitpid \ 2060 warn \ 2061]) 2062 2063AC_CHECK_DECLS([bzero, memmem]) 2064 2065dnl Wide character support. 2066AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 2067 2068TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 2069AC_MSG_CHECKING([for utf8 locale support]) 2070AC_RUN_IFELSE( 2071 [AC_LANG_PROGRAM([[ 2072#include <locale.h> 2073#include <stdlib.h> 2074 ]], [[ 2075 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 2076 if (loc != NULL) 2077 exit(0); 2078 exit(1); 2079 ]])], 2080 AC_MSG_RESULT(yes), 2081 [AC_MSG_RESULT(no) 2082 TEST_SSH_UTF8=no], 2083 AC_MSG_WARN([cross compiling: assuming yes]) 2084) 2085 2086AC_LINK_IFELSE( 2087 [AC_LANG_PROGRAM( 2088 [[ #include <ctype.h> ]], 2089 [[ return (isblank('a')); ]])], 2090 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 2091]) 2092 2093disable_pkcs11= 2094AC_ARG_ENABLE([pkcs11], 2095 [ --disable-pkcs11 disable PKCS#11 support code [no]], 2096 [ 2097 if test "x$enableval" = "xno" ; then 2098 disable_pkcs11=1 2099 fi 2100 ] 2101) 2102 2103disable_sk= 2104AC_ARG_ENABLE([security-key], 2105 [ --disable-security-key disable U2F/FIDO support code [no]], 2106 [ 2107 if test "x$enableval" = "xno" ; then 2108 disable_sk=1 2109 fi 2110 ] 2111) 2112enable_sk_internal= 2113AC_ARG_WITH([security-key-builtin], 2114 [ --with-security-key-builtin include builtin U2F/FIDO support], 2115 [ enable_sk_internal=$withval ] 2116) 2117 2118AC_SEARCH_LIBS([dlopen], [dl]) 2119AC_CHECK_FUNCS([dlopen]) 2120AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 2121 2122# IRIX has a const char return value for gai_strerror() 2123AC_CHECK_FUNCS([gai_strerror], [ 2124 AC_DEFINE([HAVE_GAI_STRERROR]) 2125 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2126#include <sys/types.h> 2127#include <sys/socket.h> 2128#include <netdb.h> 2129 2130const char *gai_strerror(int); 2131 ]], [[ 2132 char *str; 2133 str = gai_strerror(0); 2134 ]])], [ 2135 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 2136 [Define if gai_strerror() returns const char *])], [])]) 2137 2138AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 2139 [Some systems put nanosleep outside of libc])]) 2140 2141AC_SEARCH_LIBS([clock_gettime], [rt], 2142 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 2143 2144dnl check if we need -D_REENTRANT for localtime_r declaration. 2145AC_CHECK_DECL([localtime_r], [], 2146 [ saved_CPPFLAGS="$CPPFLAGS" 2147 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 2148 unset ac_cv_have_decl_localtime_r 2149 AC_CHECK_DECL([localtime_r], [], 2150 [ CPPFLAGS="$saved_CPPFLAGS" ], 2151 [ #include <time.h> ] 2152 ) 2153 ], 2154 [ #include <time.h> ] 2155) 2156 2157dnl Make sure prototypes are defined for these before using them. 2158AC_CHECK_DECL([strsep], 2159 [AC_CHECK_FUNCS([strsep])], 2160 [], 2161 [ 2162#ifdef HAVE_STRING_H 2163# include <string.h> 2164#endif 2165 ]) 2166 2167dnl tcsendbreak might be a macro 2168AC_CHECK_DECL([tcsendbreak], 2169 [AC_DEFINE([HAVE_TCSENDBREAK])], 2170 [AC_CHECK_FUNCS([tcsendbreak])], 2171 [#include <termios.h>] 2172) 2173 2174AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2175 2176AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2177 [ 2178#include <sys/types.h> 2179#include <sys/socket.h> 2180#include <unistd.h> 2181 ]) 2182 2183AC_CHECK_DECLS([O_NONBLOCK], , , 2184 [ 2185#include <sys/types.h> 2186#ifdef HAVE_SYS_STAT_H 2187# include <sys/stat.h> 2188#endif 2189#ifdef HAVE_FCNTL_H 2190# include <fcntl.h> 2191#endif 2192 ]) 2193 2194AC_CHECK_DECLS([ftruncate, getentropy], , , 2195 [ 2196#include <sys/types.h> 2197#include <unistd.h> 2198 ]) 2199 2200AC_CHECK_DECLS([readv, writev], , , [ 2201#include <sys/types.h> 2202#include <sys/uio.h> 2203#include <unistd.h> 2204 ]) 2205 2206AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2207#include <sys/param.h> 2208 ]) 2209 2210AC_CHECK_DECLS([offsetof], , , [ 2211#include <stddef.h> 2212 ]) 2213 2214# extra bits for select(2) 2215AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2216#include <sys/param.h> 2217#include <sys/types.h> 2218#ifdef HAVE_SYS_SYSMACROS_H 2219#include <sys/sysmacros.h> 2220#endif 2221#ifdef HAVE_SYS_SELECT_H 2222#include <sys/select.h> 2223#endif 2224#ifdef HAVE_SYS_TIME_H 2225#include <sys/time.h> 2226#endif 2227#ifdef HAVE_UNISTD_H 2228#include <unistd.h> 2229#endif 2230 ]]) 2231AC_CHECK_TYPES([fd_mask], [], [], [[ 2232#include <sys/param.h> 2233#include <sys/types.h> 2234#ifdef HAVE_SYS_SELECT_H 2235#include <sys/select.h> 2236#endif 2237#ifdef HAVE_SYS_TIME_H 2238#include <sys/time.h> 2239#endif 2240#ifdef HAVE_UNISTD_H 2241#include <unistd.h> 2242#endif 2243 ]]) 2244 2245AC_CHECK_FUNCS([setresuid], [ 2246 dnl Some platorms have setresuid that isn't implemented, test for this 2247 AC_MSG_CHECKING([if setresuid seems to work]) 2248 AC_RUN_IFELSE( 2249 [AC_LANG_PROGRAM([[ 2250#include <errno.h> 2251#include <stdlib.h> 2252#include <unistd.h> 2253 ]], [[ 2254 errno=0; 2255 setresuid(0,0,0); 2256 if (errno==ENOSYS) 2257 exit(1); 2258 else 2259 exit(0); 2260 ]])], 2261 [AC_MSG_RESULT([yes])], 2262 [AC_DEFINE([BROKEN_SETRESUID], [1], 2263 [Define if your setresuid() is broken]) 2264 AC_MSG_RESULT([not implemented])], 2265 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2266 ) 2267]) 2268 2269AC_CHECK_FUNCS([setresgid], [ 2270 dnl Some platorms have setresgid that isn't implemented, test for this 2271 AC_MSG_CHECKING([if setresgid seems to work]) 2272 AC_RUN_IFELSE( 2273 [AC_LANG_PROGRAM([[ 2274#include <errno.h> 2275#include <stdlib.h> 2276#include <unistd.h> 2277 ]], [[ 2278 errno=0; 2279 setresgid(0,0,0); 2280 if (errno==ENOSYS) 2281 exit(1); 2282 else 2283 exit(0); 2284 ]])], 2285 [AC_MSG_RESULT([yes])], 2286 [AC_DEFINE([BROKEN_SETRESGID], [1], 2287 [Define if your setresgid() is broken]) 2288 AC_MSG_RESULT([not implemented])], 2289 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2290 ) 2291]) 2292 2293AC_MSG_CHECKING([for working fflush(NULL)]) 2294AC_RUN_IFELSE( 2295 [AC_LANG_PROGRAM([[ 2296#include <stdio.h> 2297#include <stdlib.h> 2298 ]], 2299 [[fflush(NULL); exit(0);]])], 2300 AC_MSG_RESULT([yes]), 2301 [AC_MSG_RESULT([no]) 2302 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2303 [define if fflush(NULL) does not work])], 2304 AC_MSG_WARN([cross compiling: assuming working]) 2305) 2306 2307dnl Checks for time functions 2308AC_CHECK_FUNCS([gettimeofday time]) 2309dnl Checks for utmp functions 2310AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2311AC_CHECK_FUNCS([utmpname]) 2312dnl Checks for utmpx functions 2313AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2314AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2315dnl Checks for lastlog functions 2316AC_CHECK_FUNCS([getlastlogxbyname]) 2317 2318AC_CHECK_FUNC([daemon], 2319 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2320 [AC_CHECK_LIB([bsd], [daemon], 2321 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2322) 2323 2324AC_CHECK_FUNC([getpagesize], 2325 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2326 [Define if your libraries define getpagesize()])], 2327 [AC_CHECK_LIB([ucb], [getpagesize], 2328 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2329) 2330 2331# Check for broken snprintf 2332if test "x$ac_cv_func_snprintf" = "xyes" ; then 2333 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2334 AC_RUN_IFELSE( 2335 [AC_LANG_PROGRAM([[ 2336#include <stdio.h> 2337#include <stdlib.h> 2338 ]], 2339 [[ 2340 char b[5]; 2341 snprintf(b,5,"123456789"); 2342 exit(b[4]!='\0'); 2343 ]])], 2344 [AC_MSG_RESULT([yes])], 2345 [ 2346 AC_MSG_RESULT([no]) 2347 AC_DEFINE([BROKEN_SNPRINTF], [1], 2348 [Define if your snprintf is busted]) 2349 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2350 ], 2351 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2352 ) 2353fi 2354 2355if test "x$ac_cv_func_snprintf" = "xyes" ; then 2356 AC_MSG_CHECKING([whether snprintf understands %zu]) 2357 AC_RUN_IFELSE( 2358 [AC_LANG_PROGRAM([[ 2359#include <sys/types.h> 2360#include <stdio.h> 2361#include <stdlib.h> 2362#include <string.h> 2363 ]], 2364 [[ 2365 size_t a = 1, b = 2; 2366 char z[128]; 2367 snprintf(z, sizeof z, "%zu%zu", a, b); 2368 exit(strcmp(z, "12")); 2369 ]])], 2370 [AC_MSG_RESULT([yes])], 2371 [ 2372 AC_MSG_RESULT([no]) 2373 AC_DEFINE([BROKEN_SNPRINTF], [1], 2374 [snprintf does not understand %zu]) 2375 ], 2376 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2377 ) 2378fi 2379 2380# We depend on vsnprintf returning the right thing on overflow: the 2381# number of characters it tried to create (as per SUSv3) 2382if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2383 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2384 AC_RUN_IFELSE( 2385 [AC_LANG_PROGRAM([[ 2386#include <sys/types.h> 2387#include <stdio.h> 2388#include <stdarg.h> 2389 2390int x_snprintf(char *str, size_t count, const char *fmt, ...) 2391{ 2392 size_t ret; 2393 va_list ap; 2394 2395 va_start(ap, fmt); 2396 ret = vsnprintf(str, count, fmt, ap); 2397 va_end(ap); 2398 return ret; 2399} 2400 ]], [[ 2401char x[1]; 2402if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2403 return 1; 2404if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2405 return 1; 2406return 0; 2407 ]])], 2408 [AC_MSG_RESULT([yes])], 2409 [ 2410 AC_MSG_RESULT([no]) 2411 AC_DEFINE([BROKEN_SNPRINTF], [1], 2412 [Define if your snprintf is busted]) 2413 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2414 ], 2415 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2416 ) 2417fi 2418 2419# On systems where [v]snprintf is broken, but is declared in stdio, 2420# check that the fmt argument is const char * or just char *. 2421# This is only useful for when BROKEN_SNPRINTF 2422AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2423AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2424#include <stdio.h> 2425int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2426 ]], [[ 2427 snprintf(0, 0, 0); 2428 ]])], 2429 [AC_MSG_RESULT([yes]) 2430 AC_DEFINE([SNPRINTF_CONST], [const], 2431 [Define as const if snprintf() can declare const char *fmt])], 2432 [AC_MSG_RESULT([no]) 2433 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2434 2435# Check for missing getpeereid (or equiv) support 2436NO_PEERCHECK="" 2437if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2438 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2439 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2440#include <sys/types.h> 2441#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2442 [ AC_MSG_RESULT([yes]) 2443 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2444 ], [AC_MSG_RESULT([no]) 2445 NO_PEERCHECK=1 2446 ]) 2447fi 2448 2449dnl make sure that openpty does not reacquire controlling terminal 2450if test ! -z "$check_for_openpty_ctty_bug"; then 2451 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2452 AC_RUN_IFELSE( 2453 [AC_LANG_PROGRAM([[ 2454#include <stdio.h> 2455#include <stdlib.h> 2456#include <unistd.h> 2457#ifdef HAVE_PTY_H 2458# include <pty.h> 2459#endif 2460#include <sys/fcntl.h> 2461#include <sys/types.h> 2462#include <sys/wait.h> 2463 ]], [[ 2464 pid_t pid; 2465 int fd, ptyfd, ttyfd, status; 2466 2467 pid = fork(); 2468 if (pid < 0) { /* failed */ 2469 exit(1); 2470 } else if (pid > 0) { /* parent */ 2471 waitpid(pid, &status, 0); 2472 if (WIFEXITED(status)) 2473 exit(WEXITSTATUS(status)); 2474 else 2475 exit(2); 2476 } else { /* child */ 2477 close(0); close(1); close(2); 2478 setsid(); 2479 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2480 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2481 if (fd >= 0) 2482 exit(3); /* Acquired ctty: broken */ 2483 else 2484 exit(0); /* Did not acquire ctty: OK */ 2485 } 2486 ]])], 2487 [ 2488 AC_MSG_RESULT([yes]) 2489 ], 2490 [ 2491 AC_MSG_RESULT([no]) 2492 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2493 ], 2494 [ 2495 AC_MSG_RESULT([cross-compiling, assuming yes]) 2496 ] 2497 ) 2498fi 2499 2500if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2501 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2502 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2503 AC_RUN_IFELSE( 2504 [AC_LANG_PROGRAM([[ 2505#include <stdio.h> 2506#include <stdlib.h> 2507#include <sys/socket.h> 2508#include <netdb.h> 2509#include <errno.h> 2510#include <netinet/in.h> 2511 2512#define TEST_PORT "2222" 2513 ]], [[ 2514 int err, sock; 2515 struct addrinfo *gai_ai, *ai, hints; 2516 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2517 2518 memset(&hints, 0, sizeof(hints)); 2519 hints.ai_family = PF_UNSPEC; 2520 hints.ai_socktype = SOCK_STREAM; 2521 hints.ai_flags = AI_PASSIVE; 2522 2523 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2524 if (err != 0) { 2525 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2526 exit(1); 2527 } 2528 2529 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2530 if (ai->ai_family != AF_INET6) 2531 continue; 2532 2533 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2534 sizeof(ntop), strport, sizeof(strport), 2535 NI_NUMERICHOST|NI_NUMERICSERV); 2536 2537 if (err != 0) { 2538 if (err == EAI_SYSTEM) 2539 perror("getnameinfo EAI_SYSTEM"); 2540 else 2541 fprintf(stderr, "getnameinfo failed: %s\n", 2542 gai_strerror(err)); 2543 exit(2); 2544 } 2545 2546 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2547 if (sock < 0) 2548 perror("socket"); 2549 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2550 if (errno == EBADF) 2551 exit(3); 2552 } 2553 } 2554 exit(0); 2555 ]])], 2556 [ 2557 AC_MSG_RESULT([yes]) 2558 ], 2559 [ 2560 AC_MSG_RESULT([no]) 2561 AC_DEFINE([BROKEN_GETADDRINFO]) 2562 ], 2563 [ 2564 AC_MSG_RESULT([cross-compiling, assuming yes]) 2565 ] 2566 ) 2567fi 2568 2569if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2570 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2571 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2572 AC_RUN_IFELSE( 2573 [AC_LANG_PROGRAM([[ 2574#include <stdio.h> 2575#include <stdlib.h> 2576#include <sys/socket.h> 2577#include <netdb.h> 2578#include <errno.h> 2579#include <netinet/in.h> 2580 2581#define TEST_PORT "2222" 2582 ]], [[ 2583 int err, sock; 2584 struct addrinfo *gai_ai, *ai, hints; 2585 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2586 2587 memset(&hints, 0, sizeof(hints)); 2588 hints.ai_family = PF_UNSPEC; 2589 hints.ai_socktype = SOCK_STREAM; 2590 hints.ai_flags = AI_PASSIVE; 2591 2592 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2593 if (err != 0) { 2594 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2595 exit(1); 2596 } 2597 2598 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2599 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2600 continue; 2601 2602 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2603 sizeof(ntop), strport, sizeof(strport), 2604 NI_NUMERICHOST|NI_NUMERICSERV); 2605 2606 if (ai->ai_family == AF_INET && err != 0) { 2607 perror("getnameinfo"); 2608 exit(2); 2609 } 2610 } 2611 exit(0); 2612 ]])], 2613 [ 2614 AC_MSG_RESULT([yes]) 2615 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2616 [Define if you have a getaddrinfo that fails 2617 for the all-zeros IPv6 address]) 2618 ], 2619 [ 2620 AC_MSG_RESULT([no]) 2621 AC_DEFINE([BROKEN_GETADDRINFO]) 2622 ], 2623 [ 2624 AC_MSG_RESULT([cross-compiling, assuming no]) 2625 ] 2626 ) 2627fi 2628 2629if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2630 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2631 [#include <sys/types.h> 2632 #include <sys/socket.h> 2633 #include <netdb.h>]) 2634fi 2635 2636if test "x$check_for_conflicting_getspnam" = "x1"; then 2637 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2638 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2639#include <shadow.h> 2640#include <stdlib.h> 2641 ]], 2642 [[ exit(0); ]])], 2643 [ 2644 AC_MSG_RESULT([no]) 2645 ], 2646 [ 2647 AC_MSG_RESULT([yes]) 2648 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2649 [Conflicting defs for getspnam]) 2650 ] 2651 ) 2652fi 2653 2654dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2655dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2656dnl for over ten years). Despite this incompatibility being reported during 2657dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2658dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2659dnl implementation. Try to detect this mess, and assume the only safe option 2660dnl if we're cross compiling. 2661dnl 2662dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2663dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2664if test "x$ac_cv_func_strnvis" = "xyes"; then 2665 AC_MSG_CHECKING([for working strnvis]) 2666 AC_RUN_IFELSE( 2667 [AC_LANG_PROGRAM([[ 2668#include <signal.h> 2669#include <stdlib.h> 2670#include <string.h> 2671#include <unistd.h> 2672#include <vis.h> 2673static void sighandler(int sig) { _exit(1); } 2674 ]], [[ 2675 char dst[16]; 2676 2677 signal(SIGSEGV, sighandler); 2678 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2679 exit(0); 2680 exit(1) 2681 ]])], 2682 [AC_MSG_RESULT([yes])], 2683 [AC_MSG_RESULT([no]) 2684 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2685 [AC_MSG_WARN([cross compiling: assuming broken]) 2686 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2687 ) 2688fi 2689 2690AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2691AC_RUN_IFELSE( 2692 [AC_LANG_PROGRAM([[ 2693#ifdef HAVE_SYS_SELECT 2694# include <sys/select.h> 2695#endif 2696#include <sys/types.h> 2697#include <sys/time.h> 2698#include <stdlib.h> 2699#include <signal.h> 2700#include <unistd.h> 2701static void sighandler(int sig) { } 2702 ]], [[ 2703 int r; 2704 pid_t pid; 2705 struct sigaction sa; 2706 2707 sa.sa_handler = sighandler; 2708 sa.sa_flags = SA_RESTART; 2709 (void)sigaction(SIGTERM, &sa, NULL); 2710 if ((pid = fork()) == 0) { /* child */ 2711 pid = getppid(); 2712 sleep(1); 2713 kill(pid, SIGTERM); 2714 sleep(1); 2715 if (getppid() == pid) /* if parent did not exit, shoot it */ 2716 kill(pid, SIGKILL); 2717 exit(0); 2718 } else { /* parent */ 2719 r = select(0, NULL, NULL, NULL, NULL); 2720 } 2721 exit(r == -1 ? 0 : 1); 2722 ]])], 2723 [AC_MSG_RESULT([yes])], 2724 [AC_MSG_RESULT([no]) 2725 AC_DEFINE([NO_SA_RESTART], [1], 2726 [SA_RESTARTed signals do no interrupt select])], 2727 [AC_MSG_WARN([cross compiling: assuming yes])] 2728) 2729 2730AC_CHECK_FUNCS([getpgrp],[ 2731 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2732 AC_COMPILE_IFELSE( 2733 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2734 [ AC_MSG_RESULT([yes]) 2735 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2736 [ AC_MSG_RESULT([no]) 2737 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2738 ) 2739]) 2740 2741# Search for OpenSSL 2742saved_CPPFLAGS="$CPPFLAGS" 2743saved_LDFLAGS="$LDFLAGS" 2744openssl_bin_PATH="$PATH" 2745AC_ARG_WITH([ssl-dir], 2746 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2747 [ 2748 if test "x$openssl" = "xno" ; then 2749 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2750 fi 2751 if test "x$withval" != "xno" ; then 2752 case "$withval" in 2753 # Relative paths 2754 ./*|../*) withval="`pwd`/$withval" 2755 esac 2756 if test -d "$withval/lib"; then 2757 libcrypto_path="${withval}/lib" 2758 elif test -d "$withval/lib64"; then 2759 libcrypto_path="$withval/lib64" 2760 else 2761 # Built but not installed 2762 libcrypto_path="${withval}" 2763 fi 2764 if test -n "${rpath_opt}"; then 2765 LDFLAGS="-L${libcrypto_path} ${rpath_opt}${libcrypto_path} ${LDFLAGS}" 2766 else 2767 LDFLAGS="-L${libcrypto_path} ${LDFLAGS}" 2768 fi 2769 if test -d "$withval/include"; then 2770 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2771 else 2772 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2773 fi 2774 openssl_bin_PATH="${PATH}${PATH_SEPARATOR}${withval}/bin${PATH_SEPARATOR}${withval}/apps" 2775 fi 2776 ] 2777) 2778AC_PATH_PROGS([openssl_bin], openssl, [], [$openssl_bin_PATH]) 2779AC_SUBST(OPENSSL_BIN, [${openssl_bin}]) 2780 2781AC_ARG_WITH([openssl-header-check], 2782 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2783 [ 2784 if test "x$withval" = "xno" ; then 2785 openssl_check_nonfatal=1 2786 fi 2787 ] 2788) 2789 2790openssl_engine=no 2791AC_ARG_WITH([ssl-engine], 2792 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2793 [ 2794 if test "x$withval" != "xno" ; then 2795 if test "x$openssl" = "xno" ; then 2796 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2797 fi 2798 openssl_engine=yes 2799 fi 2800 ] 2801) 2802 2803nocrypto_saved_LIBS="$LIBS" 2804if test "x$openssl" = "xyes" ; then 2805 LIBS="-lcrypto $LIBS" 2806 CHANNELLIBS="-lcrypto $CHANNELLIBS" 2807 AC_TRY_LINK_FUNC([RAND_add], , 2808 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2809 AC_CHECK_HEADER([openssl/opensslv.h], , 2810 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2811 2812 # Determine OpenSSL header version 2813 AC_MSG_CHECKING([OpenSSL header version]) 2814 AC_RUN_IFELSE( 2815 [AC_LANG_PROGRAM([[ 2816 #include <stdlib.h> 2817 #include <stdio.h> 2818 #include <string.h> 2819 #include <openssl/opensslv.h> 2820 #define DATA "conftest.sslincver" 2821 ]], [[ 2822 FILE *fd; 2823 int rc; 2824 2825 fd = fopen(DATA,"w"); 2826 if(fd == NULL) 2827 exit(1); 2828 2829 if ((rc = fprintf(fd, "%08lx (%s)\n", 2830 (unsigned long)OPENSSL_VERSION_NUMBER, 2831 OPENSSL_VERSION_TEXT)) < 0) 2832 exit(1); 2833 2834 exit(0); 2835 ]])], 2836 [ 2837 ssl_header_ver=`cat conftest.sslincver` 2838 AC_MSG_RESULT([$ssl_header_ver]) 2839 ], 2840 [ 2841 AC_MSG_RESULT([not found]) 2842 AC_MSG_ERROR([OpenSSL version header not found.]) 2843 ], 2844 [ 2845 AC_MSG_WARN([cross compiling: not checking]) 2846 ] 2847 ) 2848 2849 # Determining OpenSSL library version is version dependent. 2850 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2851 2852 # Determine OpenSSL library version 2853 AC_MSG_CHECKING([OpenSSL library version]) 2854 AC_RUN_IFELSE( 2855 [AC_LANG_PROGRAM([[ 2856 #include <stdio.h> 2857 #include <stdlib.h> 2858 #include <string.h> 2859 #include <openssl/opensslv.h> 2860 #include <openssl/crypto.h> 2861 #define DATA "conftest.ssllibver" 2862 ]], [[ 2863 FILE *f; 2864 /* We need these legacy bits to warn for old libcrypto */ 2865 #ifndef OPENSSL_VERSION 2866 # define OPENSSL_VERSION SSLEAY_VERSION 2867 #endif 2868 #ifndef HAVE_OPENSSL_VERSION 2869 # define OpenSSL_version SSLeay_version 2870 #endif 2871 #ifndef HAVE_OPENSSL_VERSION_NUM 2872 # define OpenSSL_version_num SSLeay 2873 #endif 2874 if ((f = fopen(DATA, "w")) == NULL) 2875 exit(1); 2876 if (fprintf(f, "%08lx (%s)", 2877 (unsigned long)OpenSSL_version_num(), 2878 OpenSSL_version(OPENSSL_VERSION)) < 0) 2879 exit(1); 2880#ifdef LIBRESSL_VERSION_NUMBER 2881 if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0) 2882 exit(1); 2883#endif 2884 if (fputc('\n', f) == EOF || fclose(f) == EOF) 2885 exit(1); 2886 exit(0); 2887 ]])], 2888 [ 2889 sslver=`cat conftest.ssllibver` 2890 ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'` 2891 # Check version is supported. 2892 case "$sslver" in 2893 100*|10100*) # 1.0.x, 1.1.0x 2894 AC_MSG_ERROR([OpenSSL >= 1.1.1 required (have "$ssl_showver")]) 2895 ;; 2896 101*) ;; # 1.1.x 2897 200*) # LibreSSL 2898 lver=`echo "$sslver" | sed 's/.*libressl-//'` 2899 case "$lver" in 2900 2*|300*) # 2.x, 3.0.0 2901 AC_MSG_ERROR([LibreSSL >= 3.1.0 required (have "$ssl_showver")]) 2902 ;; 2903 *) ;; # Assume all other versions are good. 2904 esac 2905 ;; 2906 300*) 2907 # OpenSSL 3; we use the 1.1x API 2908 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" 2909 ;; 2910 301*|302*) 2911 # OpenSSL development branch; request 1.1x API 2912 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" 2913 ;; 2914 *) 2915 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_showver")]) 2916 ;; 2917 esac 2918 AC_MSG_RESULT([$ssl_showver]) 2919 ], 2920 [ 2921 AC_MSG_RESULT([not found]) 2922 AC_MSG_ERROR([OpenSSL library not found.]) 2923 ], 2924 [ 2925 AC_MSG_WARN([cross compiling: not checking]) 2926 ] 2927 ) 2928 2929 case "$host" in 2930 x86_64-*) 2931 case "$sslver" in 2932 3000004*) 2933 AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)]) 2934 ;; 2935 esac 2936 esac 2937 2938 # Sanity check OpenSSL headers 2939 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2940 AC_RUN_IFELSE( 2941 [AC_LANG_PROGRAM([[ 2942 #include <stdlib.h> 2943 #include <string.h> 2944 #include <openssl/opensslv.h> 2945 #include <openssl/crypto.h> 2946 ]], [[ 2947 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2948 ]])], 2949 [ 2950 AC_MSG_RESULT([yes]) 2951 ], 2952 [ 2953 AC_MSG_RESULT([no]) 2954 if test "x$openssl_check_nonfatal" = "x"; then 2955 AC_MSG_ERROR([Your OpenSSL headers do not match your 2956 library. Check config.log for details. 2957 If you are sure your installation is consistent, you can disable the check 2958 by running "./configure --without-openssl-header-check". 2959 Also see contrib/findssl.sh for help identifying header/library mismatches. 2960 ]) 2961 else 2962 AC_MSG_WARN([Your OpenSSL headers do not match your 2963 library. Check config.log for details. 2964 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2965 fi 2966 ], 2967 [ 2968 AC_MSG_WARN([cross compiling: not checking]) 2969 ] 2970 ) 2971 2972 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2973 AC_LINK_IFELSE( 2974 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2975 [[ ERR_load_crypto_strings(); ]])], 2976 [ 2977 AC_MSG_RESULT([yes]) 2978 ], 2979 [ 2980 AC_MSG_RESULT([no]) 2981 LIBS="$LIBS -ldl" 2982 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2983 AC_LINK_IFELSE( 2984 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2985 [[ ERR_load_crypto_strings(); ]])], 2986 [ 2987 AC_MSG_RESULT([yes]) 2988 CHANNELLIBS="$CHANNELLIBS -ldl" 2989 ], 2990 [ 2991 AC_MSG_RESULT([no]) 2992 ] 2993 ) 2994 ] 2995 ) 2996 2997 AC_CHECK_FUNCS([ \ 2998 BN_is_prime_ex \ 2999 DES_crypt \ 3000 DSA_generate_parameters_ex \ 3001 EVP_DigestFinal_ex \ 3002 EVP_DigestInit_ex \ 3003 EVP_MD_CTX_cleanup \ 3004 EVP_MD_CTX_copy_ex \ 3005 EVP_MD_CTX_init \ 3006 HMAC_CTX_init \ 3007 RSA_generate_key_ex \ 3008 RSA_get_default_method \ 3009 ]) 3010 3011 # OpenSSL_add_all_algorithms may be a macro. 3012 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 3013 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 3014 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 3015 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 3016 [[#include <openssl/evp.h>]] 3017 ) 3018 ) 3019 3020 # LibreSSL/OpenSSL API differences 3021 AC_CHECK_FUNCS([ \ 3022 EVP_CIPHER_CTX_iv \ 3023 EVP_CIPHER_CTX_iv_noconst \ 3024 EVP_CIPHER_CTX_get_iv \ 3025 EVP_CIPHER_CTX_get_updated_iv \ 3026 EVP_CIPHER_CTX_set_iv \ 3027 ]) 3028 3029 if test "x$openssl_engine" = "xyes" ; then 3030 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 3031 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3032 #include <openssl/engine.h> 3033 ]], [[ 3034 ENGINE_load_builtin_engines(); 3035 ENGINE_register_all_complete(); 3036 ]])], 3037 [ AC_MSG_RESULT([yes]) 3038 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 3039 [Enable OpenSSL engine support]) 3040 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 3041 ]) 3042 fi 3043 3044 # Check for OpenSSL without EVP_aes_{192,256}_cbc 3045 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 3046 AC_LINK_IFELSE( 3047 [AC_LANG_PROGRAM([[ 3048 #include <stdlib.h> 3049 #include <string.h> 3050 #include <openssl/evp.h> 3051 ]], [[ 3052 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 3053 ]])], 3054 [ 3055 AC_MSG_RESULT([no]) 3056 ], 3057 [ 3058 AC_MSG_RESULT([yes]) 3059 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 3060 [libcrypto is missing AES 192 and 256 bit functions]) 3061 ] 3062 ) 3063 3064 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 3065 AC_LINK_IFELSE( 3066 [AC_LANG_PROGRAM([[ 3067 #include <stdlib.h> 3068 #include <string.h> 3069 #include <openssl/evp.h> 3070 ]], [[ 3071 if(EVP_DigestUpdate(NULL, NULL,0)) 3072 exit(0); 3073 ]])], 3074 [ 3075 AC_MSG_RESULT([yes]) 3076 ], 3077 [ 3078 AC_MSG_RESULT([no]) 3079 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 3080 [Define if EVP_DigestUpdate returns void]) 3081 ] 3082 ) 3083 3084 # Check for various EVP support in OpenSSL 3085 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_chacha20]) 3086 3087 # Check complete ECC support in OpenSSL 3088 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 3089 AC_LINK_IFELSE( 3090 [AC_LANG_PROGRAM([[ 3091 #include <openssl/ec.h> 3092 #include <openssl/ecdh.h> 3093 #include <openssl/ecdsa.h> 3094 #include <openssl/evp.h> 3095 #include <openssl/objects.h> 3096 #include <openssl/opensslv.h> 3097 ]], [[ 3098 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3099 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3100 ]])], 3101 [ AC_MSG_RESULT([yes]) 3102 enable_nistp256=1 ], 3103 [ AC_MSG_RESULT([no]) ] 3104 ) 3105 3106 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3107 AC_LINK_IFELSE( 3108 [AC_LANG_PROGRAM([[ 3109 #include <openssl/ec.h> 3110 #include <openssl/ecdh.h> 3111 #include <openssl/ecdsa.h> 3112 #include <openssl/evp.h> 3113 #include <openssl/objects.h> 3114 #include <openssl/opensslv.h> 3115 ]], [[ 3116 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3117 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3118 ]])], 3119 [ AC_MSG_RESULT([yes]) 3120 enable_nistp384=1 ], 3121 [ AC_MSG_RESULT([no]) ] 3122 ) 3123 3124 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3125 AC_LINK_IFELSE( 3126 [AC_LANG_PROGRAM([[ 3127 #include <openssl/ec.h> 3128 #include <openssl/ecdh.h> 3129 #include <openssl/ecdsa.h> 3130 #include <openssl/evp.h> 3131 #include <openssl/objects.h> 3132 #include <openssl/opensslv.h> 3133 ]], [[ 3134 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3135 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3136 ]])], 3137 [ AC_MSG_RESULT([yes]) 3138 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3139 AC_RUN_IFELSE( 3140 [AC_LANG_PROGRAM([[ 3141 #include <stdlib.h> 3142 #include <openssl/ec.h> 3143 #include <openssl/ecdh.h> 3144 #include <openssl/ecdsa.h> 3145 #include <openssl/evp.h> 3146 #include <openssl/objects.h> 3147 #include <openssl/opensslv.h> 3148 ]],[[ 3149 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3150 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3151 exit(e == NULL || m == NULL); 3152 ]])], 3153 [ AC_MSG_RESULT([yes]) 3154 enable_nistp521=1 ], 3155 [ AC_MSG_RESULT([no]) ], 3156 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3157 enable_nistp521=1 ] 3158 )], 3159 AC_MSG_RESULT([no]) 3160 ) 3161 3162 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3163 test x$enable_nistp521 = x1; then 3164 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3165 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3166 openssl_ecc=yes 3167 else 3168 openssl_ecc=no 3169 fi 3170 if test x$enable_nistp256 = x1; then 3171 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3172 [libcrypto has NID_X9_62_prime256v1]) 3173 else 3174 unsupported_algorithms="$unsupported_algorithms \ 3175 ecdsa-sha2-nistp256 \ 3176 ecdh-sha2-nistp256 \ 3177 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3178 fi 3179 if test x$enable_nistp384 = x1; then 3180 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3181 else 3182 unsupported_algorithms="$unsupported_algorithms \ 3183 ecdsa-sha2-nistp384 \ 3184 ecdh-sha2-nistp384 \ 3185 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3186 fi 3187 if test x$enable_nistp521 = x1; then 3188 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3189 else 3190 unsupported_algorithms="$unsupported_algorithms \ 3191 ecdh-sha2-nistp521 \ 3192 ecdsa-sha2-nistp521 \ 3193 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3194 fi 3195fi 3196 3197# PKCS11/U2F depend on OpenSSL and dlopen(). 3198enable_pkcs11=yes 3199enable_sk=yes 3200if test "x$openssl" != "xyes" ; then 3201 enable_pkcs11="disabled; missing libcrypto" 3202fi 3203if test "x$ac_cv_func_dlopen" != "xyes" ; then 3204 enable_pkcs11="disabled; missing dlopen(3)" 3205 enable_sk="disabled; missing dlopen(3)" 3206fi 3207if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3208 enable_pkcs11="disabled; missing RTLD_NOW" 3209 enable_sk="disabled; missing RTLD_NOW" 3210fi 3211if test ! -z "$disable_pkcs11" ; then 3212 enable_pkcs11="disabled by user" 3213fi 3214if test ! -z "$disable_sk" ; then 3215 enable_sk="disabled by user" 3216fi 3217 3218AC_MSG_CHECKING([whether to enable PKCS11]) 3219if test "x$enable_pkcs11" = "xyes" ; then 3220 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3221fi 3222AC_MSG_RESULT([$enable_pkcs11]) 3223 3224AC_MSG_CHECKING([whether to enable U2F]) 3225if test "x$enable_sk" = "xyes" ; then 3226 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3227 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3228else 3229 # Do not try to build sk-dummy library. 3230 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3231fi 3232AC_MSG_RESULT([$enable_sk]) 3233 3234# Now check for built-in security key support. 3235if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then 3236 use_pkgconfig_for_libfido2= 3237 if test "x$PKGCONFIG" != "xno"; then 3238 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3239 if "$PKGCONFIG" libfido2; then 3240 AC_MSG_RESULT([yes]) 3241 use_pkgconfig_for_libfido2=yes 3242 else 3243 AC_MSG_RESULT([no]) 3244 fi 3245 fi 3246 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3247 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3248 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3249 else 3250 LIBFIDO2="-lprivatefido2 -lprivatecbor" 3251 fi 3252 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3253 fido2_error= 3254 AC_CHECK_LIB([privatefido2], [fido_init], 3255 [ ], 3256 [ fido2_error="missing/unusable libfido2" ], 3257 [ $OTHERLIBS ] 3258 ) 3259 AC_CHECK_HEADER([fido.h], [], 3260 [ fido2_error="missing fido.h from libfido2" ]) 3261 AC_CHECK_HEADER([fido/credman.h], [], 3262 [ fido2_error="missing fido/credman.h from libfido2" ], 3263 [ #include <fido.h> ] 3264 ) 3265 AC_MSG_CHECKING([for usable libfido2 installation]) 3266 if test ! -z "$fido2_error" ; then 3267 AC_MSG_RESULT([$fido2_error]) 3268 if test "x$enable_sk_internal" = "xyes" ; then 3269 AC_MSG_ERROR([No usable libfido2 library/headers found]) 3270 fi 3271 LIBFIDO2="" 3272 else 3273 AC_MSG_RESULT([yes]) 3274 AC_SUBST([LIBFIDO2]) 3275 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3276 [Enable for built-in U2F/FIDO support]) 3277 enable_sk="built-in" 3278 saved_LIBS="$LIBS" 3279 LIBS="$LIBFIDO2 $LIBS" 3280 AC_CHECK_FUNCS([ \ 3281 fido_assert_set_clientdata \ 3282 fido_cred_prot \ 3283 fido_cred_set_prot \ 3284 fido_cred_set_clientdata \ 3285 fido_dev_get_touch_begin \ 3286 fido_dev_get_touch_status \ 3287 fido_dev_supports_cred_prot \ 3288 fido_dev_is_winhello \ 3289 ]) 3290 LIBS="$saved_LIBS" 3291 fi 3292fi 3293 3294AC_CHECK_FUNCS([ \ 3295 arc4random \ 3296 arc4random_buf \ 3297 arc4random_stir \ 3298 arc4random_uniform \ 3299]) 3300### Configure cryptographic random number support 3301 3302# Check whether OpenSSL seeds itself 3303if test "x$openssl" = "xyes" ; then 3304 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3305 AC_RUN_IFELSE( 3306 [AC_LANG_PROGRAM([[ 3307 #include <stdlib.h> 3308 #include <string.h> 3309 #include <openssl/rand.h> 3310 ]], [[ 3311 exit(RAND_status() == 1 ? 0 : 1); 3312 ]])], 3313 [ 3314 OPENSSL_SEEDS_ITSELF=yes 3315 AC_MSG_RESULT([yes]) 3316 ], 3317 [ 3318 AC_MSG_RESULT([no]) 3319 ], 3320 [ 3321 AC_MSG_WARN([cross compiling: assuming yes]) 3322 # This is safe, since we will fatal() at runtime if 3323 # OpenSSL is not seeded correctly. 3324 OPENSSL_SEEDS_ITSELF=yes 3325 ] 3326 ) 3327fi 3328 3329# PRNGD TCP socket 3330AC_ARG_WITH([prngd-port], 3331 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3332 [ 3333 case "$withval" in 3334 no) 3335 withval="" 3336 ;; 3337 [[0-9]]*) 3338 ;; 3339 *) 3340 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3341 ;; 3342 esac 3343 if test ! -z "$withval" ; then 3344 PRNGD_PORT="$withval" 3345 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3346 [Port number of PRNGD/EGD random number socket]) 3347 fi 3348 ] 3349) 3350 3351# PRNGD Unix domain socket 3352AC_ARG_WITH([prngd-socket], 3353 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3354 [ 3355 case "$withval" in 3356 yes) 3357 withval="/var/run/egd-pool" 3358 ;; 3359 no) 3360 withval="" 3361 ;; 3362 /*) 3363 ;; 3364 *) 3365 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3366 ;; 3367 esac 3368 3369 if test ! -z "$withval" ; then 3370 if test ! -z "$PRNGD_PORT" ; then 3371 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3372 fi 3373 if test ! -r "$withval" ; then 3374 AC_MSG_WARN([Entropy socket is not readable]) 3375 fi 3376 PRNGD_SOCKET="$withval" 3377 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3378 [Location of PRNGD/EGD random number socket]) 3379 fi 3380 ], 3381 [ 3382 # Check for existing socket only if we don't have a random device already 3383 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3384 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3385 # Insert other locations here 3386 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3387 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3388 PRNGD_SOCKET="$sock" 3389 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3390 break; 3391 fi 3392 done 3393 if test ! -z "$PRNGD_SOCKET" ; then 3394 AC_MSG_RESULT([$PRNGD_SOCKET]) 3395 else 3396 AC_MSG_RESULT([not found]) 3397 fi 3398 fi 3399 ] 3400) 3401 3402# Which randomness source do we use? 3403if test ! -z "$PRNGD_PORT" ; then 3404 RAND_MSG="PRNGd port $PRNGD_PORT" 3405elif test ! -z "$PRNGD_SOCKET" ; then 3406 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3407elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3408 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3409 [Define if you want the OpenSSL internally seeded PRNG only]) 3410 RAND_MSG="OpenSSL internal ONLY" 3411elif test "x$openssl" = "xno" ; then 3412 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3413else 3414 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3415fi 3416LIBS="$nocrypto_saved_LIBS" 3417 3418saved_LIBS="$LIBS" 3419AC_CHECK_LIB([iaf], [ia_openinfo], [ 3420 LIBS="$LIBS -liaf" 3421 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3422 AC_DEFINE([HAVE_LIBIAF], [1], 3423 [Define if system has libiaf that supports set_id]) 3424 ]) 3425]) 3426LIBS="$saved_LIBS" 3427 3428# Check for crypt() in libcrypt. If we have it, we only need it for sshd. 3429saved_LIBS="$LIBS" 3430AC_CHECK_LIB([crypt], [crypt], [ 3431 LIBS="-lcrypt $LIBS" 3432 SSHDLIBS="-lcrypt $SSHDLIBS" 3433]) 3434AC_CHECK_FUNCS([crypt]) 3435LIBS="$saved_LIBS" 3436 3437# Check for PAM libs 3438PAM_MSG="no" 3439AC_ARG_WITH([pam], 3440 [ --with-pam Enable PAM support ], 3441 [ 3442 if test "x$withval" != "xno" ; then 3443 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3444 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3445 AC_MSG_ERROR([PAM headers not found]) 3446 fi 3447 3448 saved_LIBS="$LIBS" 3449 AC_CHECK_LIB([dl], [dlopen], , ) 3450 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3451 AC_CHECK_FUNCS([pam_getenvlist]) 3452 AC_CHECK_FUNCS([pam_putenv]) 3453 LIBS="$saved_LIBS" 3454 3455 PAM_MSG="yes" 3456 3457 SSHDLIBS="$SSHDLIBS -lpam" 3458 AC_DEFINE([USE_PAM], [1], 3459 [Define if you want to enable PAM support]) 3460 3461 if test $ac_cv_lib_dl_dlopen = yes; then 3462 case "$LIBS" in 3463 *-ldl*) 3464 # libdl already in LIBS 3465 ;; 3466 *) 3467 SSHDLIBS="$SSHDLIBS -ldl" 3468 ;; 3469 esac 3470 fi 3471 fi 3472 ] 3473) 3474 3475AC_ARG_WITH([pam-service], 3476 [ --with-pam-service=name Specify PAM service name ], 3477 [ 3478 if test "x$withval" != "xno" && \ 3479 test "x$withval" != "xyes" ; then 3480 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3481 ["$withval"], [sshd PAM service name]) 3482 fi 3483 ] 3484) 3485 3486# Check for older PAM 3487if test "x$PAM_MSG" = "xyes" ; then 3488 # Check PAM strerror arguments (old PAM) 3489 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3490 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3491#include <stdlib.h> 3492#if defined(HAVE_SECURITY_PAM_APPL_H) 3493#include <security/pam_appl.h> 3494#elif defined (HAVE_PAM_PAM_APPL_H) 3495#include <pam/pam_appl.h> 3496#endif 3497 ]], [[ 3498(void)pam_strerror((pam_handle_t *)NULL, -1); 3499 ]])], [AC_MSG_RESULT([no])], [ 3500 AC_DEFINE([HAVE_OLD_PAM], [1], 3501 [Define if you have an old version of PAM 3502 which takes only one argument to pam_strerror]) 3503 AC_MSG_RESULT([yes]) 3504 PAM_MSG="yes (old library)" 3505 3506 ]) 3507fi 3508 3509case "$host" in 3510*-*-cygwin*) 3511 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3512 ;; 3513*) 3514 SSH_PRIVSEP_USER=sshd 3515 ;; 3516esac 3517AC_ARG_WITH([privsep-user], 3518 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3519 [ 3520 if test -n "$withval" && test "x$withval" != "xno" && \ 3521 test "x${withval}" != "xyes"; then 3522 SSH_PRIVSEP_USER=$withval 3523 fi 3524 ] 3525) 3526if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3527 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3528 [Cygwin function to fetch non-privileged user for privilege separation]) 3529else 3530 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3531 [non-privileged user for privilege separation]) 3532fi 3533AC_SUBST([SSH_PRIVSEP_USER]) 3534 3535if test "x$have_linux_no_new_privs" = "x1" ; then 3536AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3537 #include <sys/types.h> 3538 #include <linux/seccomp.h> 3539]) 3540fi 3541if test "x$have_seccomp_filter" = "x1" ; then 3542AC_MSG_CHECKING([kernel for seccomp_filter support]) 3543AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3544 #include <errno.h> 3545 #include <elf.h> 3546 #include <linux/audit.h> 3547 #include <linux/seccomp.h> 3548 #include <stdlib.h> 3549 #include <sys/prctl.h> 3550 ]], 3551 [[ int i = $seccomp_audit_arch; 3552 errno = 0; 3553 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3554 exit(errno == EFAULT ? 0 : 1); ]])], 3555 [ AC_MSG_RESULT([yes]) ], [ 3556 AC_MSG_RESULT([no]) 3557 # Disable seccomp filter as a target 3558 have_seccomp_filter=0 3559 ] 3560) 3561fi 3562 3563AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[ 3564#include <sys/types.h> 3565#ifdef HAVE_POLL_H 3566#include <poll.h> 3567#endif 3568#ifdef HAVE_SYS_POLL_H 3569#include <sys/poll.h> 3570#endif 3571]]) 3572 3573AC_CHECK_TYPES([nfds_t], , , [ 3574#include <sys/types.h> 3575#ifdef HAVE_POLL_H 3576#include <poll.h> 3577#endif 3578#ifdef HAVE_SYS_POLL_H 3579#include <sys/poll.h> 3580#endif 3581]) 3582 3583# Decide which sandbox style to use 3584sandbox_arg="" 3585AC_ARG_WITH([sandbox], 3586 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3587 [ 3588 if test "x$withval" = "xyes" ; then 3589 sandbox_arg="" 3590 else 3591 sandbox_arg="$withval" 3592 fi 3593 ] 3594) 3595 3596if test "x$sandbox_arg" != "xno"; then 3597# POSIX specifies that poll() "shall fail with EINVAL if the nfds argument 3598# is greater than OPEN_MAX". On some platforms that includes implementions 3599# of select in userspace on top of poll() so check both work with rlimit 3600# NOFILES so check that both work before enabling the rlimit sandbox. 3601 AC_MSG_CHECKING([if select and/or poll works with descriptor rlimit]) 3602 AC_RUN_IFELSE( 3603 [AC_LANG_PROGRAM([[ 3604#include <sys/types.h> 3605#ifdef HAVE_SYS_TIME_H 3606# include <sys/time.h> 3607#endif 3608#include <sys/resource.h> 3609#ifdef HAVE_SYS_SELECT_H 3610# include <sys/select.h> 3611#endif 3612#ifdef HAVE_POLL_H 3613# include <poll.h> 3614#elif HAVE_SYS_POLL_H 3615# include <sys/poll.h> 3616#endif 3617#include <errno.h> 3618#include <fcntl.h> 3619#include <stdlib.h> 3620 ]],[[ 3621 struct rlimit rl_zero; 3622 int fd, r; 3623 fd_set fds; 3624 struct timeval tv; 3625#ifdef HAVE_POLL 3626 struct pollfd pfd; 3627#endif 3628 3629 fd = open("/dev/null", O_RDONLY); 3630 FD_ZERO(&fds); 3631 FD_SET(fd, &fds); 3632 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3633 setrlimit(RLIMIT_FSIZE, &rl_zero); 3634 setrlimit(RLIMIT_NOFILE, &rl_zero); 3635 tv.tv_sec = 1; 3636 tv.tv_usec = 0; 3637 r = select(fd+1, &fds, NULL, NULL, &tv); 3638 if (r == -1) 3639 exit(1); 3640#ifdef HAVE_POLL 3641 pfd.fd = fd; 3642 pfd.events = POLLIN; 3643 r = poll(&pfd, 1, 1); 3644 if (r == -1) 3645 exit(2); 3646#endif 3647 exit(0); 3648 ]])], 3649 [AC_MSG_RESULT([yes]) 3650 select_works_with_rlimit=yes], 3651 [AC_MSG_RESULT([no]) 3652 select_works_with_rlimit=no], 3653 [AC_MSG_WARN([cross compiling: assuming no]) 3654 select_works_with_rlimit=no] 3655 ) 3656 3657 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3658 AC_RUN_IFELSE( 3659 [AC_LANG_PROGRAM([[ 3660#include <sys/types.h> 3661#ifdef HAVE_SYS_TIME_H 3662# include <sys/time.h> 3663#endif 3664#include <sys/resource.h> 3665#include <errno.h> 3666#include <stdlib.h> 3667 ]],[[ 3668 struct rlimit rl_zero; 3669 int r; 3670 3671 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3672 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3673 exit (r == -1 ? 1 : 0); 3674 ]])], 3675 [AC_MSG_RESULT([yes]) 3676 rlimit_nofile_zero_works=yes], 3677 [AC_MSG_RESULT([no]) 3678 rlimit_nofile_zero_works=no], 3679 [AC_MSG_WARN([cross compiling: assuming yes]) 3680 rlimit_nofile_zero_works=yes] 3681 ) 3682 3683 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3684 AC_RUN_IFELSE( 3685 [AC_LANG_PROGRAM([[ 3686#include <sys/types.h> 3687#include <sys/resource.h> 3688#include <stdlib.h> 3689 ]],[[ 3690 struct rlimit rl_zero; 3691 3692 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3693 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3694 ]])], 3695 [AC_MSG_RESULT([yes])], 3696 [AC_MSG_RESULT([no]) 3697 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3698 [setrlimit RLIMIT_FSIZE works])], 3699 [AC_MSG_WARN([cross compiling: assuming yes])] 3700 ) 3701fi 3702 3703if test "x$sandbox_arg" = "xpledge" || \ 3704 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3705 test "x$ac_cv_func_pledge" != "xyes" && \ 3706 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3707 SANDBOX_STYLE="pledge" 3708 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3709elif test "x$sandbox_arg" = "xsystrace" || \ 3710 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3711 test "x$have_systr_policy_kill" != "x1" && \ 3712 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3713 SANDBOX_STYLE="systrace" 3714 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3715elif test "x$sandbox_arg" = "xdarwin" || \ 3716 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3717 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3718 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3719 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3720 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3721 SANDBOX_STYLE="darwin" 3722 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3723elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3724 ( test -z "$sandbox_arg" && \ 3725 test "x$have_seccomp_filter" = "x1" && \ 3726 test "x$ac_cv_header_elf_h" = "xyes" && \ 3727 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3728 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3729 test "x$seccomp_audit_arch" != "x" && \ 3730 test "x$have_linux_no_new_privs" = "x1" && \ 3731 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3732 test "x$seccomp_audit_arch" = "x" && \ 3733 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3734 test "x$have_linux_no_new_privs" != "x1" && \ 3735 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3736 test "x$have_seccomp_filter" != "x1" && \ 3737 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3738 test "x$ac_cv_func_prctl" != "xyes" && \ 3739 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3740 SANDBOX_STYLE="seccomp_filter" 3741 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3742elif test "x$sandbox_arg" = "xcapsicum" || \ 3743 ( test -z "$sandbox_arg" && \ 3744 test "x$disable_capsicum" != "xyes" && \ 3745 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3746 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3747 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3748 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3749 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3750 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3751 SANDBOX_STYLE="capsicum" 3752 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3753elif test "x$sandbox_arg" = "xrlimit" || \ 3754 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3755 test "x$select_works_with_rlimit" = "xyes" && \ 3756 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3757 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3758 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3759 test "x$select_works_with_rlimit" != "xyes" && \ 3760 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3761 SANDBOX_STYLE="rlimit" 3762 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3763elif test "x$sandbox_arg" = "xsolaris" || \ 3764 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3765 SANDBOX_STYLE="solaris" 3766 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3767elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3768 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3769 SANDBOX_STYLE="none" 3770 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3771else 3772 AC_MSG_ERROR([unsupported --with-sandbox]) 3773fi 3774 3775# Cheap hack to ensure NEWS-OS libraries are arranged right. 3776if test ! -z "$SONY" ; then 3777 LIBS="$LIBS -liberty"; 3778fi 3779 3780# Check for long long datatypes 3781AC_CHECK_TYPES([long long, unsigned long long, long double]) 3782 3783# Check datatype sizes 3784AC_CHECK_SIZEOF([short int]) 3785AC_CHECK_SIZEOF([int]) 3786AC_CHECK_SIZEOF([long int]) 3787AC_CHECK_SIZEOF([long long int]) 3788AC_CHECK_SIZEOF([time_t], [], [[ 3789 #include <sys/types.h> 3790 #ifdef HAVE_SYS_TIME_H 3791 # include <sys/time.h> 3792 #endif 3793 #ifdef HAVE_TIME_H 3794 # include <time.h> 3795 #endif 3796 ]] 3797) 3798 3799# Sanity check long long for some platforms (AIX) 3800if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3801 ac_cv_sizeof_long_long_int=0 3802fi 3803 3804# compute LLONG_MIN and LLONG_MAX if we don't know them. 3805if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3806 AC_MSG_CHECKING([for max value of long long]) 3807 AC_RUN_IFELSE( 3808 [AC_LANG_PROGRAM([[ 3809#include <stdio.h> 3810#include <stdlib.h> 3811/* Why is this so damn hard? */ 3812#ifdef __GNUC__ 3813# undef __GNUC__ 3814#endif 3815#define __USE_ISOC99 3816#include <limits.h> 3817#define DATA "conftest.llminmax" 3818#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3819 3820/* 3821 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3822 * we do this the hard way. 3823 */ 3824static int 3825fprint_ll(FILE *f, long long n) 3826{ 3827 unsigned int i; 3828 int l[sizeof(long long) * 8]; 3829 3830 if (n < 0) 3831 if (fprintf(f, "-") < 0) 3832 return -1; 3833 for (i = 0; n != 0; i++) { 3834 l[i] = my_abs(n % 10); 3835 n /= 10; 3836 } 3837 do { 3838 if (fprintf(f, "%d", l[--i]) < 0) 3839 return -1; 3840 } while (i != 0); 3841 if (fprintf(f, " ") < 0) 3842 return -1; 3843 return 0; 3844} 3845 ]], [[ 3846 FILE *f; 3847 long long i, llmin, llmax = 0; 3848 3849 if((f = fopen(DATA,"w")) == NULL) 3850 exit(1); 3851 3852#if defined(LLONG_MIN) && defined(LLONG_MAX) 3853 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3854 llmin = LLONG_MIN; 3855 llmax = LLONG_MAX; 3856#else 3857 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3858 /* This will work on one's complement and two's complement */ 3859 for (i = 1; i > llmax; i <<= 1, i++) 3860 llmax = i; 3861 llmin = llmax + 1LL; /* wrap */ 3862#endif 3863 3864 /* Sanity check */ 3865 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3866 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3867 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3868 fprintf(f, "unknown unknown\n"); 3869 exit(2); 3870 } 3871 3872 if (fprint_ll(f, llmin) < 0) 3873 exit(3); 3874 if (fprint_ll(f, llmax) < 0) 3875 exit(4); 3876 if (fclose(f) < 0) 3877 exit(5); 3878 exit(0); 3879 ]])], 3880 [ 3881 llong_min=`$AWK '{print $1}' conftest.llminmax` 3882 llong_max=`$AWK '{print $2}' conftest.llminmax` 3883 3884 AC_MSG_RESULT([$llong_max]) 3885 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3886 [max value of long long calculated by configure]) 3887 AC_MSG_CHECKING([for min value of long long]) 3888 AC_MSG_RESULT([$llong_min]) 3889 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3890 [min value of long long calculated by configure]) 3891 ], 3892 [ 3893 AC_MSG_RESULT([not found]) 3894 ], 3895 [ 3896 AC_MSG_WARN([cross compiling: not checking]) 3897 ] 3898 ) 3899fi 3900 3901AC_CHECK_DECLS([UINT32_MAX], , , [[ 3902#ifdef HAVE_SYS_LIMITS_H 3903# include <sys/limits.h> 3904#endif 3905#ifdef HAVE_LIMITS_H 3906# include <limits.h> 3907#endif 3908#ifdef HAVE_STDINT_H 3909# include <stdint.h> 3910#endif 3911]]) 3912 3913# More checks for data types 3914AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3915 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3916 [[ u_int a; a = 1;]])], 3917 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3918 ]) 3919]) 3920if test "x$ac_cv_have_u_int" = "xyes" ; then 3921 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3922 have_u_int=1 3923fi 3924 3925AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3926 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3927 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3928 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3929 ]) 3930]) 3931if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3932 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3933 have_intxx_t=1 3934fi 3935 3936if (test -z "$have_intxx_t" && \ 3937 test "x$ac_cv_header_stdint_h" = "xyes") 3938then 3939 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3940 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3941 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3942 [ 3943 AC_DEFINE([HAVE_INTXX_T]) 3944 AC_MSG_RESULT([yes]) 3945 ], [ AC_MSG_RESULT([no]) 3946 ]) 3947fi 3948 3949AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3950 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3951#include <sys/types.h> 3952#ifdef HAVE_STDINT_H 3953# include <stdint.h> 3954#endif 3955#include <sys/socket.h> 3956#ifdef HAVE_SYS_BITYPES_H 3957# include <sys/bitypes.h> 3958#endif 3959 ]], [[ 3960int64_t a; a = 1; 3961 ]])], 3962 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3963 ]) 3964]) 3965if test "x$ac_cv_have_int64_t" = "xyes" ; then 3966 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3967fi 3968 3969AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3970 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3971 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3972 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3973 ]) 3974]) 3975if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3976 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3977 have_u_intxx_t=1 3978fi 3979 3980if test -z "$have_u_intxx_t" ; then 3981 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3982 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3983 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3984 [ 3985 AC_DEFINE([HAVE_U_INTXX_T]) 3986 AC_MSG_RESULT([yes]) 3987 ], [ AC_MSG_RESULT([no]) 3988 ]) 3989fi 3990 3991AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3992 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3993 [[ u_int64_t a; a = 1;]])], 3994 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3995 ]) 3996]) 3997if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3998 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3999 have_u_int64_t=1 4000fi 4001 4002if (test -z "$have_u_int64_t" && \ 4003 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4004then 4005 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 4006 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 4007 [[ u_int64_t a; a = 1]])], 4008 [ 4009 AC_DEFINE([HAVE_U_INT64_T]) 4010 AC_MSG_RESULT([yes]) 4011 ], [ AC_MSG_RESULT([no]) 4012 ]) 4013fi 4014 4015if test -z "$have_u_intxx_t" ; then 4016 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 4017 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4018#include <sys/types.h> 4019 ]], [[ 4020 uint8_t a; 4021 uint16_t b; 4022 uint32_t c; 4023 a = b = c = 1; 4024 ]])], 4025 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 4026 ]) 4027 ]) 4028 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 4029 AC_DEFINE([HAVE_UINTXX_T], [1], 4030 [define if you have uintxx_t data type]) 4031 fi 4032fi 4033 4034if (test -z "$have_uintxx_t" && \ 4035 test "x$ac_cv_header_stdint_h" = "xyes") 4036then 4037 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 4038 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 4039 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4040 [ 4041 AC_DEFINE([HAVE_UINTXX_T]) 4042 AC_MSG_RESULT([yes]) 4043 ], [ AC_MSG_RESULT([no]) 4044 ]) 4045fi 4046 4047if (test -z "$have_uintxx_t" && \ 4048 test "x$ac_cv_header_inttypes_h" = "xyes") 4049then 4050 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 4051 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 4052 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4053 [ 4054 AC_DEFINE([HAVE_UINTXX_T]) 4055 AC_MSG_RESULT([yes]) 4056 ], [ AC_MSG_RESULT([no]) 4057 ]) 4058fi 4059 4060if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 4061 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4062then 4063 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 4064 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4065#include <sys/bitypes.h> 4066 ]], [[ 4067 int8_t a; int16_t b; int32_t c; 4068 u_int8_t e; u_int16_t f; u_int32_t g; 4069 a = b = c = e = f = g = 1; 4070 ]])], 4071 [ 4072 AC_DEFINE([HAVE_U_INTXX_T]) 4073 AC_DEFINE([HAVE_INTXX_T]) 4074 AC_MSG_RESULT([yes]) 4075 ], [AC_MSG_RESULT([no]) 4076 ]) 4077fi 4078 4079 4080AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 4081 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4082 [[ u_char foo; foo = 125; ]])], 4083 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 4084 ]) 4085]) 4086if test "x$ac_cv_have_u_char" = "xyes" ; then 4087 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 4088fi 4089 4090AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 4091#include <sys/types.h> 4092#ifdef HAVE_STDINT_H 4093# include <stdint.h> 4094#endif 4095]) 4096 4097TYPE_SOCKLEN_T 4098 4099AC_CHECK_TYPES([sig_atomic_t, sighandler_t], , , [#include <signal.h>]) 4100AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 4101#include <sys/types.h> 4102#ifdef HAVE_SYS_BITYPES_H 4103#include <sys/bitypes.h> 4104#endif 4105#ifdef HAVE_SYS_STATFS_H 4106#include <sys/statfs.h> 4107#endif 4108#ifdef HAVE_SYS_STATVFS_H 4109#include <sys/statvfs.h> 4110#endif 4111]) 4112 4113AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 4114#include <sys/param.h> 4115#include <sys/types.h> 4116#ifdef HAVE_SYS_BITYPES_H 4117#include <sys/bitypes.h> 4118#endif 4119#ifdef HAVE_SYS_STATFS_H 4120#include <sys/statfs.h> 4121#endif 4122#ifdef HAVE_SYS_STATVFS_H 4123#include <sys/statvfs.h> 4124#endif 4125#ifdef HAVE_SYS_VFS_H 4126#include <sys/vfs.h> 4127#endif 4128#ifdef HAVE_SYS_MOUNT_H 4129#include <sys/mount.h> 4130#endif 4131]]) 4132 4133 4134AC_CHECK_TYPES([in_addr_t, in_port_t], , , 4135[#include <sys/types.h> 4136#include <netinet/in.h>]) 4137 4138AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 4139 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4140 [[ size_t foo; foo = 1235; ]])], 4141 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 4142 ]) 4143]) 4144if test "x$ac_cv_have_size_t" = "xyes" ; then 4145 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 4146fi 4147 4148AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 4149 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4150 [[ ssize_t foo; foo = 1235; ]])], 4151 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 4152 ]) 4153]) 4154if test "x$ac_cv_have_ssize_t" = "xyes" ; then 4155 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 4156fi 4157 4158AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 4159 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4160 [[ clock_t foo; foo = 1235; ]])], 4161 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4162 ]) 4163]) 4164if test "x$ac_cv_have_clock_t" = "xyes" ; then 4165 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4166fi 4167 4168AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4169 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4170#include <sys/types.h> 4171#include <sys/socket.h> 4172 ]], [[ sa_family_t foo; foo = 1235; ]])], 4173 [ ac_cv_have_sa_family_t="yes" ], 4174 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4175#include <sys/types.h> 4176#include <sys/socket.h> 4177#include <netinet/in.h> 4178 ]], [[ sa_family_t foo; foo = 1235; ]])], 4179 [ ac_cv_have_sa_family_t="yes" ], 4180 [ ac_cv_have_sa_family_t="no" ] 4181 ) 4182 ]) 4183]) 4184if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4185 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4186 [define if you have sa_family_t data type]) 4187fi 4188 4189AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4190 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4191 [[ pid_t foo; foo = 1235; ]])], 4192 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4193 ]) 4194]) 4195if test "x$ac_cv_have_pid_t" = "xyes" ; then 4196 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4197fi 4198 4199AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4200 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4201 [[ mode_t foo; foo = 1235; ]])], 4202 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4203 ]) 4204]) 4205if test "x$ac_cv_have_mode_t" = "xyes" ; then 4206 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4207fi 4208 4209 4210AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4211 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4212#include <sys/types.h> 4213#include <sys/socket.h> 4214 ]], [[ struct sockaddr_storage s; ]])], 4215 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4216 [ ac_cv_have_struct_sockaddr_storage="no" 4217 ]) 4218]) 4219if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4220 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4221 [define if you have struct sockaddr_storage data type]) 4222fi 4223 4224AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4225 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4226#include <sys/types.h> 4227#include <netinet/in.h> 4228 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4229 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4230 [ ac_cv_have_struct_sockaddr_in6="no" 4231 ]) 4232]) 4233if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4234 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4235 [define if you have struct sockaddr_in6 data type]) 4236fi 4237 4238AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4239 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4240#include <sys/types.h> 4241#include <netinet/in.h> 4242 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4243 [ ac_cv_have_struct_in6_addr="yes" ], 4244 [ ac_cv_have_struct_in6_addr="no" 4245 ]) 4246]) 4247if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4248 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4249 [define if you have struct in6_addr data type]) 4250 4251dnl Now check for sin6_scope_id 4252 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4253 [ 4254#ifdef HAVE_SYS_TYPES_H 4255#include <sys/types.h> 4256#endif 4257#include <netinet/in.h> 4258 ]) 4259fi 4260 4261AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4262 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4263#include <sys/types.h> 4264#include <sys/socket.h> 4265#include <netdb.h> 4266 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4267 [ ac_cv_have_struct_addrinfo="yes" ], 4268 [ ac_cv_have_struct_addrinfo="no" 4269 ]) 4270]) 4271if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4272 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4273 [define if you have struct addrinfo data type]) 4274fi 4275 4276AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4277 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4278 [[ struct timeval tv; tv.tv_sec = 1;]])], 4279 [ ac_cv_have_struct_timeval="yes" ], 4280 [ ac_cv_have_struct_timeval="no" 4281 ]) 4282]) 4283if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4284 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4285 have_struct_timeval=1 4286fi 4287 4288AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4289 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4290 #ifdef HAVE_SYS_TIME_H 4291 # include <sys/time.h> 4292 #endif 4293 #ifdef HAVE_TIME_H 4294 # include <time.h> 4295 #endif 4296 ]], 4297 [[ struct timespec ts; ts.tv_sec = 1;]])], 4298 [ ac_cv_have_struct_timespec="yes" ], 4299 [ ac_cv_have_struct_timespec="no" 4300 ]) 4301]) 4302if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4303 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4304 have_struct_timespec=1 4305fi 4306 4307# We need int64_t or else certain parts of the compile will fail. 4308if test "x$ac_cv_have_int64_t" = "xno" && \ 4309 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4310 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4311 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4312 echo "an alternative compiler (I.E., GCC) before continuing." 4313 echo "" 4314 exit 1; 4315else 4316dnl test snprintf (broken on SCO w/gcc) 4317 AC_RUN_IFELSE( 4318 [AC_LANG_SOURCE([[ 4319#include <stdio.h> 4320#include <stdlib.h> 4321#include <string.h> 4322#ifdef HAVE_SNPRINTF 4323int main(void) 4324{ 4325 char buf[50]; 4326 char expected_out[50]; 4327 int mazsize = 50 ; 4328#if (SIZEOF_LONG_INT == 8) 4329 long int num = 0x7fffffffffffffff; 4330#else 4331 long long num = 0x7fffffffffffffffll; 4332#endif 4333 strcpy(expected_out, "9223372036854775807"); 4334 snprintf(buf, mazsize, "%lld", num); 4335 if(strcmp(buf, expected_out) != 0) 4336 exit(1); 4337 exit(0); 4338} 4339#else 4340int main(void) { exit(0); } 4341#endif 4342 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4343 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4344 ) 4345fi 4346 4347dnl Checks for structure members 4348OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4349OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4350OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4351OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4352OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4353OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4354OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4355OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4356OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4357OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4358OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4359OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4360OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4361OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4362OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4363OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4364OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4365OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX]) 4366 4367AC_CHECK_MEMBERS([struct stat.st_blksize]) 4368AC_CHECK_MEMBERS([struct stat.st_mtim]) 4369AC_CHECK_MEMBERS([struct stat.st_mtime]) 4370AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4371struct passwd.pw_change, struct passwd.pw_expire], 4372[], [], [[ 4373#include <sys/types.h> 4374#include <pwd.h> 4375]]) 4376 4377AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4378 [Define if we don't have struct __res_state in resolv.h])], 4379[[ 4380#include <stdio.h> 4381#if HAVE_SYS_TYPES_H 4382# include <sys/types.h> 4383#endif 4384#include <netinet/in.h> 4385#include <arpa/nameser.h> 4386#include <resolv.h> 4387]]) 4388 4389AC_CHECK_MEMBER([struct sockaddr_in.sin_len], 4390 [AC_DEFINE([SOCK_HAS_LEN], [1], [sockaddr_in has sin_len])], 4391 [], 4392 [AC_LANG_SOURCE([[ 4393#include <sys/types.h> 4394#include <sys/socket.h> 4395#include <netinet/in.h> 4396 ]])] 4397) 4398 4399AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4400 ac_cv_have_ss_family_in_struct_ss, [ 4401 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4402#include <sys/types.h> 4403#include <sys/socket.h> 4404 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4405 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4406 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4407]) 4408if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4409 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4410fi 4411 4412AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4413 ac_cv_have___ss_family_in_struct_ss, [ 4414 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4415#include <sys/types.h> 4416#include <sys/socket.h> 4417 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4418 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4419 [ ac_cv_have___ss_family_in_struct_ss="no" 4420 ]) 4421]) 4422if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4423 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4424 [Fields in struct sockaddr_storage]) 4425fi 4426 4427dnl make sure we're using the real structure members and not defines 4428AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4429 ac_cv_have_accrights_in_msghdr, [ 4430 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4431#include <sys/types.h> 4432#include <sys/socket.h> 4433#include <sys/uio.h> 4434#include <stdlib.h> 4435 ]], [[ 4436#ifdef msg_accrights 4437#error "msg_accrights is a macro" 4438exit(1); 4439#endif 4440struct msghdr m; 4441m.msg_accrights = 0; 4442exit(0); 4443 ]])], 4444 [ ac_cv_have_accrights_in_msghdr="yes" ], 4445 [ ac_cv_have_accrights_in_msghdr="no" ] 4446 ) 4447]) 4448if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4449 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4450 [Define if your system uses access rights style 4451 file descriptor passing]) 4452fi 4453 4454AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4455AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4456#include <sys/param.h> 4457#include <sys/stat.h> 4458#ifdef HAVE_SYS_TIME_H 4459# include <sys/time.h> 4460#endif 4461#ifdef HAVE_SYS_MOUNT_H 4462#include <sys/mount.h> 4463#endif 4464#ifdef HAVE_SYS_STATVFS_H 4465#include <sys/statvfs.h> 4466#endif 4467 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4468 [ AC_MSG_RESULT([yes]) ], 4469 [ AC_MSG_RESULT([no]) 4470 4471 AC_MSG_CHECKING([if fsid_t has member val]) 4472 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4473#include <sys/types.h> 4474#include <sys/statvfs.h> 4475 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4476 [ AC_MSG_RESULT([yes]) 4477 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4478 [ AC_MSG_RESULT([no]) ]) 4479 4480 AC_MSG_CHECKING([if f_fsid has member __val]) 4481 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4482#include <sys/types.h> 4483#include <sys/statvfs.h> 4484 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4485 [ AC_MSG_RESULT([yes]) 4486 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4487 [ AC_MSG_RESULT([no]) ]) 4488]) 4489 4490AC_CACHE_CHECK([for msg_control field in struct msghdr], 4491 ac_cv_have_control_in_msghdr, [ 4492 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4493#include <sys/types.h> 4494#include <sys/socket.h> 4495#include <sys/uio.h> 4496#include <stdlib.h> 4497 ]], [[ 4498#ifdef msg_control 4499#error "msg_control is a macro" 4500exit(1); 4501#endif 4502struct msghdr m; 4503m.msg_control = 0; 4504exit(0); 4505 ]])], 4506 [ ac_cv_have_control_in_msghdr="yes" ], 4507 [ ac_cv_have_control_in_msghdr="no" ] 4508 ) 4509]) 4510if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4511 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4512 [Define if your system uses ancillary data style 4513 file descriptor passing]) 4514fi 4515 4516AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4517 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4518 [[ extern char *__progname; printf("%s", __progname); ]])], 4519 [ ac_cv_libc_defines___progname="yes" ], 4520 [ ac_cv_libc_defines___progname="no" 4521 ]) 4522]) 4523if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4524 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4525fi 4526 4527AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4528 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4529 [[ printf("%s", __FUNCTION__); ]])], 4530 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4531 [ ac_cv_cc_implements___FUNCTION__="no" 4532 ]) 4533]) 4534if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4535 AC_DEFINE([HAVE___FUNCTION__], [1], 4536 [Define if compiler implements __FUNCTION__]) 4537fi 4538 4539AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4540 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4541 [[ printf("%s", __func__); ]])], 4542 [ ac_cv_cc_implements___func__="yes" ], 4543 [ ac_cv_cc_implements___func__="no" 4544 ]) 4545]) 4546if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4547 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4548fi 4549 4550AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4551 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4552#include <stdarg.h> 4553va_list x,y; 4554 ]], [[ va_copy(x,y); ]])], 4555 [ ac_cv_have_va_copy="yes" ], 4556 [ ac_cv_have_va_copy="no" 4557 ]) 4558]) 4559if test "x$ac_cv_have_va_copy" = "xyes" ; then 4560 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4561fi 4562 4563AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4564 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4565#include <stdarg.h> 4566va_list x,y; 4567 ]], [[ __va_copy(x,y); ]])], 4568 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4569 ]) 4570]) 4571if test "x$ac_cv_have___va_copy" = "xyes" ; then 4572 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4573fi 4574 4575AC_CACHE_CHECK([whether getopt has optreset support], 4576 ac_cv_have_getopt_optreset, [ 4577 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4578 [[ extern int optreset; optreset = 0; ]])], 4579 [ ac_cv_have_getopt_optreset="yes" ], 4580 [ ac_cv_have_getopt_optreset="no" 4581 ]) 4582]) 4583if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4584 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4585 [Define if your getopt(3) defines and uses optreset]) 4586fi 4587 4588AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4589 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4590[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4591 [ ac_cv_libc_defines_sys_errlist="yes" ], 4592 [ ac_cv_libc_defines_sys_errlist="no" 4593 ]) 4594]) 4595if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4596 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4597 [Define if your system defines sys_errlist[]]) 4598fi 4599 4600 4601AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4602 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4603[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4604 [ ac_cv_libc_defines_sys_nerr="yes" ], 4605 [ ac_cv_libc_defines_sys_nerr="no" 4606 ]) 4607]) 4608if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4609 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4610fi 4611 4612# Check libraries needed by DNS fingerprint support 4613AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4614 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4615 [Define if getrrsetbyname() exists])], 4616 [ 4617 # Needed by our getrrsetbyname() 4618 AC_SEARCH_LIBS([res_query], [resolv]) 4619 AC_SEARCH_LIBS([dn_expand], [resolv]) 4620 AC_MSG_CHECKING([if res_query will link]) 4621 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4622#include <sys/types.h> 4623#include <netinet/in.h> 4624#include <arpa/nameser.h> 4625#include <netdb.h> 4626#include <resolv.h> 4627 ]], [[ 4628 res_query (0, 0, 0, 0, 0); 4629 ]])], 4630 AC_MSG_RESULT([yes]), 4631 [AC_MSG_RESULT([no]) 4632 saved_LIBS="$LIBS" 4633 LIBS="$LIBS -lresolv" 4634 AC_MSG_CHECKING([for res_query in -lresolv]) 4635 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4636#include <sys/types.h> 4637#include <netinet/in.h> 4638#include <arpa/nameser.h> 4639#include <netdb.h> 4640#include <resolv.h> 4641 ]], [[ 4642 res_query (0, 0, 0, 0, 0); 4643 ]])], 4644 [AC_MSG_RESULT([yes])], 4645 [LIBS="$saved_LIBS" 4646 AC_MSG_RESULT([no])]) 4647 ]) 4648 AC_CHECK_FUNCS([_getshort _getlong]) 4649 AC_CHECK_DECLS([_getshort, _getlong], , , 4650 [#include <sys/types.h> 4651 #include <arpa/nameser.h>]) 4652 AC_CHECK_MEMBER([HEADER.ad], 4653 [AC_DEFINE([HAVE_HEADER_AD], [1], 4654 [Define if HEADER.ad exists in arpa/nameser.h])], , 4655 [#include <arpa/nameser.h>]) 4656 ]) 4657 4658AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4659AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4660#include <stdio.h> 4661#if HAVE_SYS_TYPES_H 4662# include <sys/types.h> 4663#endif 4664#include <netinet/in.h> 4665#include <arpa/nameser.h> 4666#include <resolv.h> 4667extern struct __res_state _res; 4668 ]], [[ 4669struct __res_state *volatile p = &_res; /* force resolution of _res */ 4670return 0; 4671 ]],)], 4672 [AC_MSG_RESULT([yes]) 4673 AC_DEFINE([HAVE__RES_EXTERN], [1], 4674 [Define if you have struct __res_state _res as an extern]) 4675 ], 4676 [ AC_MSG_RESULT([no]) ] 4677) 4678 4679# Check whether user wants SELinux support 4680SELINUX_MSG="no" 4681LIBSELINUX="" 4682AC_ARG_WITH([selinux], 4683 [ --with-selinux Enable SELinux support], 4684 [ if test "x$withval" != "xno" ; then 4685 save_LIBS="$LIBS" 4686 AC_DEFINE([WITH_SELINUX], [1], 4687 [Define if you want SELinux support.]) 4688 SELINUX_MSG="yes" 4689 AC_CHECK_HEADER([selinux/selinux.h], , 4690 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4691 AC_CHECK_LIB([selinux], [setexeccon], 4692 [ LIBSELINUX="-lselinux" 4693 LIBS="$LIBS -lselinux" 4694 ], 4695 AC_MSG_ERROR([SELinux support requires libselinux library])) 4696 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4697 LIBS="$save_LIBS $LIBSELINUX" 4698 fi ] 4699) 4700AC_SUBST([SSHDLIBS]) 4701 4702# Check whether user wants Kerberos 5 support 4703KRB5_MSG="no" 4704AC_ARG_WITH([kerberos5], 4705 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4706 [ if test "x$withval" != "xno" ; then 4707 if test "x$withval" = "xyes" ; then 4708 KRB5ROOT="/usr/local" 4709 else 4710 KRB5ROOT=${withval} 4711 fi 4712 4713 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4714 KRB5_MSG="yes" 4715 4716 use_pkgconfig_for_krb5= 4717 if test "x$PKGCONFIG" != "xno"; then 4718 AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5]) 4719 if "$PKGCONFIG" krb5; then 4720 AC_MSG_RESULT([yes]) 4721 use_pkgconfig_for_krb5=yes 4722 else 4723 AC_MSG_RESULT([no]) 4724 fi 4725 fi 4726 if test "x$use_pkgconfig_for_krb5" = "xyes"; then 4727 K5CFLAGS=`$PKGCONFIG --cflags krb5` 4728 K5LIBS=`$PKGCONFIG --libs krb5` 4729 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4730 4731 AC_MSG_CHECKING([for gssapi support]) 4732 if "$PKGCONFIG" krb5-gssapi; then 4733 AC_MSG_RESULT([yes]) 4734 AC_DEFINE([GSSAPI], [1], 4735 [Define this if you want GSSAPI 4736 support in the version 2 protocol]) 4737 GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`" 4738 GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`" 4739 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4740 else 4741 AC_MSG_RESULT([no]) 4742 fi 4743 AC_MSG_CHECKING([whether we are using Heimdal]) 4744 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4745 ]], [[ char *tmp = heimdal_version; ]])], 4746 [ AC_MSG_RESULT([yes]) 4747 AC_DEFINE([HEIMDAL], [1], 4748 [Define this if you are using the Heimdal 4749 version of Kerberos V5]) ], 4750 [AC_MSG_RESULT([no]) 4751 ]) 4752 else 4753 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4754 [$KRB5ROOT/bin/krb5-config], 4755 [$KRB5ROOT/bin:$PATH]) 4756 if test -x $KRB5CONF ; then 4757 K5CFLAGS="`$KRB5CONF --cflags`" 4758 K5LIBS="`$KRB5CONF --libs`" 4759 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4760 4761 AC_MSG_CHECKING([for gssapi support]) 4762 if $KRB5CONF | grep gssapi >/dev/null ; then 4763 AC_MSG_RESULT([yes]) 4764 AC_DEFINE([GSSAPI], [1], 4765 [Define this if you want GSSAPI 4766 support in the version 2 protocol]) 4767 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4768 GSSLIBS="`$KRB5CONF --libs gssapi`" 4769 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4770 else 4771 AC_MSG_RESULT([no]) 4772 fi 4773 AC_MSG_CHECKING([whether we are using Heimdal]) 4774 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4775 ]], [[ char *tmp = heimdal_version; ]])], 4776 [ AC_MSG_RESULT([yes]) 4777 AC_DEFINE([HEIMDAL], [1], 4778 [Define this if you are using the Heimdal 4779 version of Kerberos V5]) ], 4780 [AC_MSG_RESULT([no]) 4781 ]) 4782 else 4783 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4784 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4785 AC_MSG_CHECKING([whether we are using Heimdal]) 4786 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4787 ]], [[ char *tmp = heimdal_version; ]])], 4788 [ AC_MSG_RESULT([yes]) 4789 AC_DEFINE([HEIMDAL]) 4790 K5LIBS="-lkrb5" 4791 K5LIBS="$K5LIBS -lcom_err -lasn1" 4792 AC_CHECK_LIB([roken], [net_write], 4793 [K5LIBS="$K5LIBS -lroken"]) 4794 AC_CHECK_LIB([des], [des_cbc_encrypt], 4795 [K5LIBS="$K5LIBS -ldes"]) 4796 ], [ AC_MSG_RESULT([no]) 4797 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4798 ]) 4799 AC_SEARCH_LIBS([dn_expand], [resolv]) 4800 4801 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4802 [ AC_DEFINE([GSSAPI]) 4803 GSSLIBS="-lgssapi_krb5" ], 4804 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4805 [ AC_DEFINE([GSSAPI]) 4806 GSSLIBS="-lgssapi" ], 4807 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4808 [ AC_DEFINE([GSSAPI]) 4809 GSSLIBS="-lgss" ], 4810 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4811 ]) 4812 ]) 4813 4814 AC_CHECK_HEADER([gssapi.h], , 4815 [ unset ac_cv_header_gssapi_h 4816 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4817 AC_CHECK_HEADERS([gssapi.h], , 4818 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4819 ) 4820 ] 4821 ) 4822 4823 oldCPP="$CPPFLAGS" 4824 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4825 AC_CHECK_HEADER([gssapi_krb5.h], , 4826 [ CPPFLAGS="$oldCPP" ]) 4827 4828 fi 4829 fi 4830 if test -n "${rpath_opt}" ; then 4831 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4832 fi 4833 if test ! -z "$blibpath" ; then 4834 blibpath="$blibpath:${KRB5ROOT}/lib" 4835 fi 4836 4837 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4838 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4839 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4840 4841 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4842 [Define this if you want to use libkafs' AFS support])]) 4843 4844 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4845#ifdef HAVE_GSSAPI_H 4846# include <gssapi.h> 4847#elif defined(HAVE_GSSAPI_GSSAPI_H) 4848# include <gssapi/gssapi.h> 4849#endif 4850 4851#ifdef HAVE_GSSAPI_GENERIC_H 4852# include <gssapi_generic.h> 4853#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4854# include <gssapi/gssapi_generic.h> 4855#endif 4856 ]]) 4857 saved_LIBS="$LIBS" 4858 LIBS="$LIBS $K5LIBS" 4859 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4860 LIBS="$saved_LIBS" 4861 4862 fi 4863 ] 4864) 4865AC_SUBST([GSSLIBS]) 4866AC_SUBST([K5LIBS]) 4867AC_SUBST([CHANNELLIBS]) 4868 4869# Looking for programs, paths and files 4870 4871PRIVSEP_PATH=/var/empty 4872AC_ARG_WITH([privsep-path], 4873 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4874 [ 4875 if test -n "$withval" && test "x$withval" != "xno" && \ 4876 test "x${withval}" != "xyes"; then 4877 PRIVSEP_PATH=$withval 4878 fi 4879 ] 4880) 4881AC_SUBST([PRIVSEP_PATH]) 4882 4883AC_ARG_WITH([xauth], 4884 [ --with-xauth=PATH Specify path to xauth program ], 4885 [ 4886 if test -n "$withval" && test "x$withval" != "xno" && \ 4887 test "x${withval}" != "xyes"; then 4888 xauth_path=$withval 4889 fi 4890 ], 4891 [ 4892 TestPath="$PATH" 4893 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4894 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4895 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4896 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4897 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4898 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4899 xauth_path="/usr/openwin/bin/xauth" 4900 fi 4901 ] 4902) 4903 4904STRIP_OPT=-s 4905AC_ARG_ENABLE([strip], 4906 [ --disable-strip Disable calling strip(1) on install], 4907 [ 4908 if test "x$enableval" = "xno" ; then 4909 STRIP_OPT= 4910 fi 4911 ] 4912) 4913AC_SUBST([STRIP_OPT]) 4914 4915if test -z "$xauth_path" ; then 4916 XAUTH_PATH="undefined" 4917 AC_SUBST([XAUTH_PATH]) 4918else 4919 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4920 [Define if xauth is found in your path]) 4921 XAUTH_PATH=$xauth_path 4922 AC_SUBST([XAUTH_PATH]) 4923fi 4924 4925dnl # --with-maildir=/path/to/mail gets top priority. 4926dnl # if maildir is set in the platform case statement above we use that. 4927dnl # Otherwise we run a program to get the dir from system headers. 4928dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4929dnl # If we find _PATH_MAILDIR we do nothing because that is what 4930dnl # session.c expects anyway. Otherwise we set to the value found 4931dnl # stripping any trailing slash. If for some strage reason our program 4932dnl # does not find what it needs, we default to /var/spool/mail. 4933# Check for mail directory 4934AC_ARG_WITH([maildir], 4935 [ --with-maildir=/path/to/mail Specify your system mail directory], 4936 [ 4937 if test "X$withval" != X && test "x$withval" != xno && \ 4938 test "x${withval}" != xyes; then 4939 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4940 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4941 fi 4942 ],[ 4943 if test "X$maildir" != "X"; then 4944 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4945 else 4946 AC_MSG_CHECKING([Discovering system mail directory]) 4947 AC_RUN_IFELSE( 4948 [AC_LANG_PROGRAM([[ 4949#include <stdio.h> 4950#include <stdlib.h> 4951#include <string.h> 4952#ifdef HAVE_PATHS_H 4953#include <paths.h> 4954#endif 4955#ifdef HAVE_MAILLOCK_H 4956#include <maillock.h> 4957#endif 4958#define DATA "conftest.maildir" 4959 ]], [[ 4960 FILE *fd; 4961 int rc; 4962 4963 fd = fopen(DATA,"w"); 4964 if(fd == NULL) 4965 exit(1); 4966 4967#if defined (_PATH_MAILDIR) 4968 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4969 exit(1); 4970#elif defined (MAILDIR) 4971 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4972 exit(1); 4973#elif defined (_PATH_MAIL) 4974 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4975 exit(1); 4976#else 4977 exit (2); 4978#endif 4979 4980 exit(0); 4981 ]])], 4982 [ 4983 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4984 maildir=`awk -F: '{print $2}' conftest.maildir \ 4985 | sed 's|/$||'` 4986 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4987 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4988 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4989 fi 4990 ], 4991 [ 4992 if test "X$ac_status" = "X2";then 4993# our test program didn't find it. Default to /var/spool/mail 4994 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4995 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4996 else 4997 AC_MSG_RESULT([*** not found ***]) 4998 fi 4999 ], 5000 [ 5001 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 5002 ] 5003 ) 5004 fi 5005 ] 5006) # maildir 5007 5008if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 5009 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 5010 disable_ptmx_check=yes 5011fi 5012if test -z "$no_dev_ptmx" ; then 5013 if test "x$disable_ptmx_check" != "xyes" ; then 5014 AC_CHECK_FILE(["/dev/ptmx"], 5015 [ 5016 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 5017 [Define if you have /dev/ptmx]) 5018 have_dev_ptmx=1 5019 ] 5020 ) 5021 fi 5022fi 5023 5024if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 5025 AC_CHECK_FILE(["/dev/ptc"], 5026 [ 5027 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 5028 [Define if you have /dev/ptc]) 5029 have_dev_ptc=1 5030 ] 5031 ) 5032else 5033 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 5034fi 5035 5036# Options from here on. Some of these are preset by platform above 5037AC_ARG_WITH([mantype], 5038 [ --with-mantype=man|cat|doc Set man page type], 5039 [ 5040 case "$withval" in 5041 man|cat|doc) 5042 MANTYPE=$withval 5043 ;; 5044 *) 5045 AC_MSG_ERROR([invalid man type: $withval]) 5046 ;; 5047 esac 5048 ] 5049) 5050if test -z "$MANTYPE"; then 5051 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 5052 MANTYPE=doc 5053 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 5054 MANTYPE=doc 5055 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 5056 MANTYPE=man 5057 else 5058 MANTYPE=cat 5059 fi 5060fi 5061AC_SUBST([MANTYPE]) 5062if test "$MANTYPE" = "doc"; then 5063 mansubdir=man; 5064else 5065 mansubdir=$MANTYPE; 5066fi 5067AC_SUBST([mansubdir]) 5068 5069# Whether to disable shadow password support 5070AC_ARG_WITH([shadow], 5071 [ --without-shadow Disable shadow password support], 5072 [ 5073 if test "x$withval" = "xno" ; then 5074 AC_DEFINE([DISABLE_SHADOW]) 5075 disable_shadow=yes 5076 fi 5077 ] 5078) 5079 5080if test -z "$disable_shadow" ; then 5081 AC_MSG_CHECKING([if the systems has expire shadow information]) 5082 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5083#include <sys/types.h> 5084#include <shadow.h> 5085struct spwd sp; 5086 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 5087 [ sp_expire_available=yes ], [ 5088 ]) 5089 5090 if test "x$sp_expire_available" = "xyes" ; then 5091 AC_MSG_RESULT([yes]) 5092 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 5093 [Define if you want to use shadow password expire field]) 5094 else 5095 AC_MSG_RESULT([no]) 5096 fi 5097fi 5098 5099# Use ip address instead of hostname in $DISPLAY 5100if test ! -z "$IPADDR_IN_DISPLAY" ; then 5101 DISPLAY_HACK_MSG="yes" 5102 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 5103 [Define if you need to use IP address 5104 instead of hostname in $DISPLAY]) 5105else 5106 DISPLAY_HACK_MSG="no" 5107 AC_ARG_WITH([ipaddr-display], 5108 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 5109 [ 5110 if test "x$withval" != "xno" ; then 5111 AC_DEFINE([IPADDR_IN_DISPLAY]) 5112 DISPLAY_HACK_MSG="yes" 5113 fi 5114 ] 5115 ) 5116fi 5117 5118# check for /etc/default/login and use it if present. 5119AC_ARG_ENABLE([etc-default-login], 5120 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 5121 [ if test "x$enableval" = "xno"; then 5122 AC_MSG_NOTICE([/etc/default/login handling disabled]) 5123 etc_default_login=no 5124 else 5125 etc_default_login=yes 5126 fi ], 5127 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 5128 then 5129 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 5130 etc_default_login=no 5131 else 5132 etc_default_login=yes 5133 fi ] 5134) 5135 5136if test "x$etc_default_login" != "xno"; then 5137 AC_CHECK_FILE(["/etc/default/login"], 5138 [ external_path_file=/etc/default/login ]) 5139 if test "x$external_path_file" = "x/etc/default/login"; then 5140 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 5141 [Define if your system has /etc/default/login]) 5142 fi 5143fi 5144 5145dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 5146if test $ac_cv_func_login_getcapbool = "yes" && \ 5147 test $ac_cv_header_login_cap_h = "yes" ; then 5148 external_path_file=/etc/login.conf 5149fi 5150 5151# Whether to mess with the default path 5152SERVER_PATH_MSG="(default)" 5153AC_ARG_WITH([default-path], 5154 [ --with-default-path= Specify default $PATH environment for server], 5155 [ 5156 if test "x$external_path_file" = "x/etc/login.conf" ; then 5157 AC_MSG_WARN([ 5158--with-default-path=PATH has no effect on this system. 5159Edit /etc/login.conf instead.]) 5160 elif test "x$withval" != "xno" ; then 5161 if test ! -z "$external_path_file" ; then 5162 AC_MSG_WARN([ 5163--with-default-path=PATH will only be used if PATH is not defined in 5164$external_path_file .]) 5165 fi 5166 user_path="$withval" 5167 SERVER_PATH_MSG="$withval" 5168 fi 5169 ], 5170 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 5171 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 5172 else 5173 if test ! -z "$external_path_file" ; then 5174 AC_MSG_WARN([ 5175If PATH is defined in $external_path_file, ensure the path to scp is included, 5176otherwise scp will not work.]) 5177 fi 5178 AC_RUN_IFELSE( 5179 [AC_LANG_PROGRAM([[ 5180/* find out what STDPATH is */ 5181#include <stdio.h> 5182#include <stdlib.h> 5183#ifdef HAVE_PATHS_H 5184# include <paths.h> 5185#endif 5186#ifndef _PATH_STDPATH 5187# ifdef _PATH_USERPATH /* Irix */ 5188# define _PATH_STDPATH _PATH_USERPATH 5189# else 5190# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 5191# endif 5192#endif 5193#include <sys/types.h> 5194#include <sys/stat.h> 5195#include <fcntl.h> 5196#define DATA "conftest.stdpath" 5197 ]], [[ 5198 FILE *fd; 5199 int rc; 5200 5201 fd = fopen(DATA,"w"); 5202 if(fd == NULL) 5203 exit(1); 5204 5205 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5206 exit(1); 5207 5208 exit(0); 5209 ]])], 5210 [ user_path=`cat conftest.stdpath` ], 5211 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5212 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5213 ) 5214# make sure $bindir is in USER_PATH so scp will work 5215 t_bindir="${bindir}" 5216 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5217 t_bindir=`eval echo ${t_bindir}` 5218 case $t_bindir in 5219 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5220 esac 5221 case $t_bindir in 5222 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5223 esac 5224 done 5225 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5226 if test $? -ne 0 ; then 5227 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5228 if test $? -ne 0 ; then 5229 user_path=$user_path:$t_bindir 5230 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5231 fi 5232 fi 5233 fi ] 5234) 5235if test "x$external_path_file" != "x/etc/login.conf" ; then 5236 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5237 AC_SUBST([user_path]) 5238fi 5239 5240# Set superuser path separately to user path 5241AC_ARG_WITH([superuser-path], 5242 [ --with-superuser-path= Specify different path for super-user], 5243 [ 5244 if test -n "$withval" && test "x$withval" != "xno" && \ 5245 test "x${withval}" != "xyes"; then 5246 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5247 [Define if you want a different $PATH 5248 for the superuser]) 5249 superuser_path=$withval 5250 fi 5251 ] 5252) 5253 5254 5255AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5256IPV4_IN6_HACK_MSG="no" 5257AC_ARG_WITH(4in6, 5258 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5259 [ 5260 if test "x$withval" != "xno" ; then 5261 AC_MSG_RESULT([yes]) 5262 AC_DEFINE([IPV4_IN_IPV6], [1], 5263 [Detect IPv4 in IPv6 mapped addresses 5264 and treat as IPv4]) 5265 IPV4_IN6_HACK_MSG="yes" 5266 else 5267 AC_MSG_RESULT([no]) 5268 fi 5269 ], [ 5270 if test "x$inet6_default_4in6" = "xyes"; then 5271 AC_MSG_RESULT([yes (default)]) 5272 AC_DEFINE([IPV4_IN_IPV6]) 5273 IPV4_IN6_HACK_MSG="yes" 5274 else 5275 AC_MSG_RESULT([no (default)]) 5276 fi 5277 ] 5278) 5279 5280# Whether to enable BSD auth support 5281BSD_AUTH_MSG=no 5282AC_ARG_WITH([bsd-auth], 5283 [ --with-bsd-auth Enable BSD auth support], 5284 [ 5285 if test "x$withval" != "xno" ; then 5286 AC_DEFINE([BSD_AUTH], [1], 5287 [Define if you have BSD auth support]) 5288 BSD_AUTH_MSG=yes 5289 fi 5290 ] 5291) 5292 5293# Where to place sshd.pid 5294piddir=/var/run 5295# make sure the directory exists 5296if test ! -d $piddir ; then 5297 piddir=`eval echo ${sysconfdir}` 5298 case $piddir in 5299 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5300 esac 5301fi 5302 5303AC_ARG_WITH([pid-dir], 5304 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5305 [ 5306 if test -n "$withval" && test "x$withval" != "xno" && \ 5307 test "x${withval}" != "xyes"; then 5308 piddir=$withval 5309 if test ! -d $piddir ; then 5310 AC_MSG_WARN([** no $piddir directory on this system **]) 5311 fi 5312 fi 5313 ] 5314) 5315 5316AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5317 [Specify location of ssh.pid]) 5318AC_SUBST([piddir]) 5319 5320dnl allow user to disable some login recording features 5321AC_ARG_ENABLE([lastlog], 5322 [ --disable-lastlog disable use of lastlog even if detected [no]], 5323 [ 5324 if test "x$enableval" = "xno" ; then 5325 AC_DEFINE([DISABLE_LASTLOG]) 5326 fi 5327 ] 5328) 5329AC_ARG_ENABLE([utmp], 5330 [ --disable-utmp disable use of utmp even if detected [no]], 5331 [ 5332 if test "x$enableval" = "xno" ; then 5333 AC_DEFINE([DISABLE_UTMP]) 5334 fi 5335 ] 5336) 5337AC_ARG_ENABLE([utmpx], 5338 [ --disable-utmpx disable use of utmpx even if detected [no]], 5339 [ 5340 if test "x$enableval" = "xno" ; then 5341 AC_DEFINE([DISABLE_UTMPX], [1], 5342 [Define if you don't want to use utmpx]) 5343 fi 5344 ] 5345) 5346AC_ARG_ENABLE([wtmp], 5347 [ --disable-wtmp disable use of wtmp even if detected [no]], 5348 [ 5349 if test "x$enableval" = "xno" ; then 5350 AC_DEFINE([DISABLE_WTMP]) 5351 fi 5352 ] 5353) 5354AC_ARG_ENABLE([wtmpx], 5355 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5356 [ 5357 if test "x$enableval" = "xno" ; then 5358 AC_DEFINE([DISABLE_WTMPX], [1], 5359 [Define if you don't want to use wtmpx]) 5360 fi 5361 ] 5362) 5363AC_ARG_ENABLE([libutil], 5364 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5365 [ 5366 if test "x$enableval" = "xno" ; then 5367 AC_DEFINE([DISABLE_LOGIN]) 5368 fi 5369 ] 5370) 5371AC_ARG_ENABLE([pututline], 5372 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5373 [ 5374 if test "x$enableval" = "xno" ; then 5375 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5376 [Define if you don't want to use pututline() 5377 etc. to write [uw]tmp]) 5378 fi 5379 ] 5380) 5381AC_ARG_ENABLE([pututxline], 5382 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5383 [ 5384 if test "x$enableval" = "xno" ; then 5385 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5386 [Define if you don't want to use pututxline() 5387 etc. to write [uw]tmpx]) 5388 fi 5389 ] 5390) 5391AC_ARG_WITH([lastlog], 5392 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5393 [ 5394 if test "x$withval" = "xno" ; then 5395 AC_DEFINE([DISABLE_LASTLOG]) 5396 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5397 conf_lastlog_location=$withval 5398 fi 5399 ] 5400) 5401 5402dnl lastlog, [uw]tmpx? detection 5403dnl NOTE: set the paths in the platform section to avoid the 5404dnl need for command-line parameters 5405dnl lastlog and [uw]tmp are subject to a file search if all else fails 5406 5407dnl lastlog detection 5408dnl NOTE: the code itself will detect if lastlog is a directory 5409AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5410AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5411#include <sys/types.h> 5412#include <utmp.h> 5413#ifdef HAVE_LASTLOG_H 5414# include <lastlog.h> 5415#endif 5416#ifdef HAVE_PATHS_H 5417# include <paths.h> 5418#endif 5419#ifdef HAVE_LOGIN_H 5420# include <login.h> 5421#endif 5422 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5423 [ AC_MSG_RESULT([yes]) ], 5424 [ 5425 AC_MSG_RESULT([no]) 5426 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5427 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5428#include <sys/types.h> 5429#include <utmp.h> 5430#ifdef HAVE_LASTLOG_H 5431# include <lastlog.h> 5432#endif 5433#ifdef HAVE_PATHS_H 5434# include <paths.h> 5435#endif 5436 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5437 [ AC_MSG_RESULT([yes]) ], 5438 [ 5439 AC_MSG_RESULT([no]) 5440 system_lastlog_path=no 5441 ]) 5442]) 5443 5444if test -z "$conf_lastlog_location"; then 5445 if test x"$system_lastlog_path" = x"no" ; then 5446 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5447 if (test -d "$f" || test -f "$f") ; then 5448 conf_lastlog_location=$f 5449 fi 5450 done 5451 if test -z "$conf_lastlog_location"; then 5452 AC_MSG_WARN([** Cannot find lastlog **]) 5453 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5454 fi 5455 fi 5456fi 5457 5458if test -n "$conf_lastlog_location"; then 5459 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5460 [Define if you want to specify the path to your lastlog file]) 5461fi 5462 5463dnl utmp detection 5464AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5465AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5466#include <sys/types.h> 5467#include <utmp.h> 5468#ifdef HAVE_PATHS_H 5469# include <paths.h> 5470#endif 5471 ]], [[ char *utmp = UTMP_FILE; ]])], 5472 [ AC_MSG_RESULT([yes]) ], 5473 [ AC_MSG_RESULT([no]) 5474 system_utmp_path=no 5475]) 5476if test -z "$conf_utmp_location"; then 5477 if test x"$system_utmp_path" = x"no" ; then 5478 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5479 if test -f $f ; then 5480 conf_utmp_location=$f 5481 fi 5482 done 5483 if test -z "$conf_utmp_location"; then 5484 AC_DEFINE([DISABLE_UTMP]) 5485 fi 5486 fi 5487fi 5488if test -n "$conf_utmp_location"; then 5489 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5490 [Define if you want to specify the path to your utmp file]) 5491fi 5492 5493dnl wtmp detection 5494AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5495AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5496#include <sys/types.h> 5497#include <utmp.h> 5498#ifdef HAVE_PATHS_H 5499# include <paths.h> 5500#endif 5501 ]], [[ char *wtmp = WTMP_FILE; ]])], 5502 [ AC_MSG_RESULT([yes]) ], 5503 [ AC_MSG_RESULT([no]) 5504 system_wtmp_path=no 5505]) 5506if test -z "$conf_wtmp_location"; then 5507 if test x"$system_wtmp_path" = x"no" ; then 5508 for f in /usr/adm/wtmp /var/log/wtmp; do 5509 if test -f $f ; then 5510 conf_wtmp_location=$f 5511 fi 5512 done 5513 if test -z "$conf_wtmp_location"; then 5514 AC_DEFINE([DISABLE_WTMP]) 5515 fi 5516 fi 5517fi 5518if test -n "$conf_wtmp_location"; then 5519 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5520 [Define if you want to specify the path to your wtmp file]) 5521fi 5522 5523dnl wtmpx detection 5524AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5525AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5526#include <sys/types.h> 5527#include <utmp.h> 5528#ifdef HAVE_UTMPX_H 5529#include <utmpx.h> 5530#endif 5531#ifdef HAVE_PATHS_H 5532# include <paths.h> 5533#endif 5534 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5535 [ AC_MSG_RESULT([yes]) ], 5536 [ AC_MSG_RESULT([no]) 5537 system_wtmpx_path=no 5538]) 5539if test -z "$conf_wtmpx_location"; then 5540 if test x"$system_wtmpx_path" = x"no" ; then 5541 AC_DEFINE([DISABLE_WTMPX]) 5542 fi 5543else 5544 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5545 [Define if you want to specify the path to your wtmpx file]) 5546fi 5547 5548 5549if test ! -z "$blibpath" ; then 5550 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5551 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5552fi 5553 5554AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5555 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5556 AC_DEFINE([DISABLE_LASTLOG]) 5557 fi 5558 ], [ 5559#ifdef HAVE_SYS_TYPES_H 5560#include <sys/types.h> 5561#endif 5562#ifdef HAVE_UTMP_H 5563#include <utmp.h> 5564#endif 5565#ifdef HAVE_UTMPX_H 5566#include <utmpx.h> 5567#endif 5568#ifdef HAVE_LASTLOG_H 5569#include <lastlog.h> 5570#endif 5571 ]) 5572 5573AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5574 AC_DEFINE([DISABLE_UTMP]) 5575 AC_DEFINE([DISABLE_WTMP]) 5576 ], [ 5577#ifdef HAVE_SYS_TYPES_H 5578#include <sys/types.h> 5579#endif 5580#ifdef HAVE_UTMP_H 5581#include <utmp.h> 5582#endif 5583#ifdef HAVE_UTMPX_H 5584#include <utmpx.h> 5585#endif 5586#ifdef HAVE_LASTLOG_H 5587#include <lastlog.h> 5588#endif 5589 ]) 5590 5591dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5592dnl Add now. 5593CFLAGS="$CFLAGS $werror_flags" 5594 5595if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5596 TEST_SSH_IPV6=no 5597else 5598 TEST_SSH_IPV6=yes 5599fi 5600AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5601AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5602AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5603AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5604AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5605AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5606 5607CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5608LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5609 5610# Make a copy of CFLAGS/LDFLAGS without PIE options. 5611LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5612CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5613AC_SUBST([LDFLAGS_NOPIE]) 5614AC_SUBST([CFLAGS_NOPIE]) 5615 5616AC_EXEEXT 5617AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5618 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5619 survey.sh]) 5620AC_OUTPUT 5621 5622# Print summary of options 5623 5624# Someone please show me a better way :) 5625A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5626B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5627C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5628D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5629E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5630F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5631G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5632H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5633I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5634J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5635 5636echo "" 5637echo "OpenSSH has been configured with the following options:" 5638echo " User binaries: $B" 5639echo " System binaries: $C" 5640echo " Configuration files: $D" 5641echo " Askpass program: $E" 5642echo " Manual pages: $F" 5643echo " PID file: $G" 5644echo " Privilege separation chroot path: $H" 5645if test "x$external_path_file" = "x/etc/login.conf" ; then 5646echo " At runtime, sshd will use the path defined in $external_path_file" 5647echo " Make sure the path to scp is present, otherwise scp will not work" 5648else 5649echo " sshd default user PATH: $I" 5650 if test ! -z "$external_path_file"; then 5651echo " (If PATH is set in $external_path_file it will be used instead. If" 5652echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5653 fi 5654fi 5655if test ! -z "$superuser_path" ; then 5656echo " sshd superuser user PATH: $J" 5657fi 5658echo " Manpage format: $MANTYPE" 5659echo " PAM support: $PAM_MSG" 5660echo " OSF SIA support: $SIA_MSG" 5661echo " KerberosV support: $KRB5_MSG" 5662echo " SELinux support: $SELINUX_MSG" 5663echo " TCP Wrappers support: $TCPW_MSG" 5664echo " libedit support: $LIBEDIT_MSG" 5665echo " libldns support: $LDNS_MSG" 5666echo " Solaris process contract support: $SPC_MSG" 5667echo " Solaris project support: $SP_MSG" 5668echo " Solaris privilege support: $SPP_MSG" 5669echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5670echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5671echo " BSD Auth support: $BSD_AUTH_MSG" 5672echo " Random number source: $RAND_MSG" 5673echo " Privsep sandbox style: $SANDBOX_STYLE" 5674echo " PKCS#11 support: $enable_pkcs11" 5675echo " U2F/FIDO support: $enable_sk" 5676 5677echo "" 5678 5679echo " Host: ${host}" 5680echo " Compiler: ${CC}" 5681echo " Compiler flags: ${CFLAGS}" 5682echo "Preprocessor flags: ${CPPFLAGS}" 5683echo " Linker flags: ${LDFLAGS}" 5684echo " Libraries: ${LIBS}" 5685if test ! -z "${CHANNELLIBS}"; then 5686echo " +for channels: ${CHANNELLIBS}" 5687fi 5688if test ! -z "${LIBFIDO2}"; then 5689echo " +for FIDO2: ${LIBFIDO2}" 5690fi 5691if test ! -z "${SSHDLIBS}"; then 5692echo " +for sshd: ${SSHDLIBS}" 5693fi 5694 5695echo "" 5696 5697if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5698 echo "SVR4 style packages are supported with \"make package\"" 5699 echo "" 5700fi 5701 5702if test "x$PAM_MSG" = "xyes" ; then 5703 echo "PAM is enabled. You may need to install a PAM control file " 5704 echo "for sshd, otherwise password authentication may fail. " 5705 echo "Example PAM control files can be found in the contrib/ " 5706 echo "subdirectory" 5707 echo "" 5708fi 5709 5710if test ! -z "$NO_PEERCHECK" ; then 5711 echo "WARNING: the operating system that you are using does not" 5712 echo "appear to support getpeereid(), getpeerucred() or the" 5713 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5714 echo "enforce security checks to prevent unauthorised connections to" 5715 echo "ssh-agent. Their absence increases the risk that a malicious" 5716 echo "user can connect to your agent." 5717 echo "" 5718fi 5719 5720if test "$AUDIT_MODULE" = "bsm" ; then 5721 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5722 echo "See the Solaris section in README.platform for details." 5723fi 5724