1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_CONFIG_MACRO_DIR([m4]) 18AC_CONFIG_SRCDIR([ssh.c]) 19 20# Check for stale configure as early as possible. 21for i in $srcdir/configure.ac $srcdir/m4/*.m4; do 22 if test "$i" -nt "$srcdir/configure"; then 23 AC_MSG_ERROR([$i newer than configure, run autoreconf]) 24 fi 25done 26 27AC_LANG([C]) 28 29AC_CONFIG_HEADERS([config.h]) 30AC_PROG_CC([cc gcc clang]) 31 32# XXX relax this after reimplementing logit() etc. 33AC_MSG_CHECKING([if $CC supports C99-style variadic macros]) 34AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 35int f(int a, int b, int c) { return a + b + c; } 36#define F(a, ...) f(a, __VA_ARGS__) 37]], [[return F(1, 2, -3);]])], 38 [ AC_MSG_RESULT([yes]) ], 39 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ] 40) 41 42AC_CANONICAL_HOST 43AC_C_BIGENDIAN 44 45# Checks for programs. 46AC_PROG_AWK 47AC_PROG_CPP 48AC_PROG_RANLIB 49AC_PROG_INSTALL 50AC_PROG_EGREP 51AC_PROG_MKDIR_P 52AC_CHECK_TOOLS([AR], [ar]) 53AC_PATH_PROG([CAT], [cat]) 54AC_PATH_PROG([KILL], [kill]) 55AC_PATH_PROG([SED], [sed]) 56AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 57AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 58AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 59AC_PATH_PROG([SH], [bash]) 60AC_PATH_PROG([SH], [ksh]) 61AC_PATH_PROG([SH], [sh]) 62AC_PATH_PROG([GROFF], [groff]) 63AC_PATH_PROG([NROFF], [nroff awf]) 64AC_PATH_PROG([MANDOC], [mandoc]) 65AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 66AC_SUBST([TEST_SHELL], [sh]) 67 68dnl select manpage formatter to be used to build "cat" format pages. 69if test "x$MANDOC" != "x" ; then 70 MANFMT="$MANDOC" 71elif test "x$NROFF" != "x" ; then 72 MANFMT="$NROFF -mandoc" 73elif test "x$GROFF" != "x" ; then 74 MANFMT="$GROFF -mandoc -Tascii" 75else 76 AC_MSG_WARN([no manpage formatter found]) 77 MANFMT="false" 78fi 79AC_SUBST([MANFMT]) 80 81dnl for buildpkg.sh 82AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 83 [/usr/sbin${PATH_SEPARATOR}/etc]) 84AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 85 [/usr/sbin${PATH_SEPARATOR}/etc]) 86AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 87if test -x /sbin/sh; then 88 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 89else 90 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 91fi 92 93# System features 94AC_SYS_LARGEFILE 95 96if test -z "$AR" ; then 97 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 98fi 99 100AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 101if test ! -z "$PATH_PASSWD_PROG" ; then 102 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 103 [Full path of your "passwd" program]) 104fi 105 106dnl Since autoconf doesn't support it very well, we no longer allow users to 107dnl override LD, however keeping the hook here for now in case there's a use 108dnl use case we overlooked and someone needs to re-enable it. Unless a good 109dnl reason is found we'll be removing this in future. 110LD="$CC" 111AC_SUBST([LD]) 112 113AC_C_INLINE 114 115AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 116AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 117AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 118 #include <sys/types.h> 119 #include <sys/param.h> 120 #include <dev/systrace.h> 121]) 122AC_CHECK_DECL([RLIMIT_NPROC], 123 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 124 #include <sys/types.h> 125 #include <sys/resource.h> 126]) 127AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 128 #include <sys/types.h> 129 #include <linux/prctl.h> 130]) 131 132openssl=yes 133openssl_bin=openssl 134AC_ARG_WITH([openssl], 135 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 136 [ if test "x$withval" = "xno" ; then 137 openssl=no 138 openssl_bin="" 139 fi 140 ] 141) 142AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 143if test "x$openssl" = "xyes" ; then 144 AC_MSG_RESULT([yes]) 145 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 146else 147 AC_MSG_RESULT([no]) 148fi 149 150use_stack_protector=1 151use_toolchain_hardening=1 152use_retpoline=1 153AC_ARG_WITH([stackprotect], 154 [ --without-stackprotect Don't use compiler's stack protection], [ 155 if test "x$withval" = "xno"; then 156 use_stack_protector=0 157 fi ]) 158AC_ARG_WITH([hardening], 159 [ --without-hardening Don't use toolchain hardening flags], [ 160 if test "x$withval" = "xno"; then 161 use_toolchain_hardening=0 162 fi ]) 163AC_ARG_WITH([retpoline], 164 [ --without-retpoline Enable retpoline spectre mitigation], [ 165 if test "x$withval" = "xno"; then 166 use_retpoline=0 167 fi ]) 168 169# We use -Werror for the tests only so that we catch warnings like "this is 170# on by default" for things like -fPIE. 171AC_MSG_CHECKING([if $CC supports -Werror]) 172saved_CFLAGS="$CFLAGS" 173CFLAGS="$CFLAGS -Werror" 174AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 175 [ AC_MSG_RESULT([yes]) 176 WERROR="-Werror"], 177 [ AC_MSG_RESULT([no]) 178 WERROR="" ] 179) 180CFLAGS="$saved_CFLAGS" 181 182if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 183 AC_MSG_CHECKING([gcc version]) 184 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 185 case "$GCC_VER" in 186 1.*) no_attrib_nonnull=1 ;; 187 2.8* | 2.9*) 188 no_attrib_nonnull=1 189 ;; 190 2.*) no_attrib_nonnull=1 ;; 191 *) ;; 192 esac 193 AC_MSG_RESULT([$GCC_VER]) 194 195 AC_MSG_CHECKING([clang version]) 196 ver="`$CC -v 2>&1`" 197 if echo "$ver" | grep "Apple" >/dev/null; then 198 CLANG_VER=apple-`echo "$ver" | grep 'clang version' | \ 199 $SED 's/.*clang version //g' | $AWK '{print $1}'` 200 else 201 CLANG_VER=`echo "$ver" | grep 'clang version' | \ 202 $SED 's/.*clang version //g' | $AWK '{print $1}'` 203 fi 204 AC_MSG_RESULT([$CLANG_VER]) 205 206 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 207 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 208 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 209 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 210 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 211 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 212 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 213 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 214 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 215 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 216 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 217 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 218 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 219 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 220 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 221 OSSH_CHECK_CFLAG_COMPILE([-Wmisleading-indentation]) 222 OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical]) 223 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 224 if test "x$use_toolchain_hardening" = "x1"; then 225 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 226 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 227 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 228 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 229 # NB. -ftrapv expects certain support functions to be present in 230 # the compiler library (libgcc or similar) to detect integer operations 231 # that can overflow. We must check that the result of enabling it 232 # actually links. The test program compiled/linked includes a number 233 # of integer operations that should exercise this. 234 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 235 # clang 15 seems to have a bug in -fzero-call-used-regs=all. See 236 # https://bugzilla.mindrot.org/show_bug.cgi?id=3475 and 237 # https://github.com/llvm/llvm-project/issues/59242 238 # clang 17 has a different bug that causes an ICE when using this 239 # flag at all (https://bugzilla.mindrot.org/show_bug.cgi?id=3629) 240 case "$CLANG_VER" in 241 apple-15*) OSSH_CHECK_CFLAG_LINK([-fzero-call-used-regs=used]) ;; 242 17*) ;; 243 *) OSSH_CHECK_CFLAG_LINK([-fzero-call-used-regs=used]) ;; 244 esac 245 OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero]) 246 fi 247 if test "x$use_retpoline" = "x1"; then 248 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 249 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 250 fi 251 252 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 253 saved_CFLAGS="$CFLAGS" 254 CFLAGS="$CFLAGS -fno-builtin-memset" 255 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 256 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 257 [ AC_MSG_RESULT([yes]) ], 258 [ AC_MSG_RESULT([no]) 259 CFLAGS="$saved_CFLAGS" ] 260 ) 261 262 # -fstack-protector-all doesn't always work for some GCC versions 263 # and/or platforms, so we test if we can. If it's not supported 264 # on a given platform gcc will emit a warning so we use -Werror. 265 if test "x$use_stack_protector" = "x1"; then 266 for t in -fstack-protector-strong -fstack-protector-all \ 267 -fstack-protector; do 268 AC_MSG_CHECKING([if $CC supports $t]) 269 saved_CFLAGS="$CFLAGS" 270 saved_LDFLAGS="$LDFLAGS" 271 CFLAGS="$CFLAGS $t -Werror" 272 LDFLAGS="$LDFLAGS $t -Werror" 273 AC_LINK_IFELSE( 274 [AC_LANG_PROGRAM([[ 275 #include <stdio.h> 276 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 277 ]], 278 [[ 279 char x[256]; 280 snprintf(x, sizeof(x), "XXX%d", func(1)); 281 ]])], 282 [ AC_MSG_RESULT([yes]) 283 CFLAGS="$saved_CFLAGS $t" 284 LDFLAGS="$saved_LDFLAGS $t" 285 AC_MSG_CHECKING([if $t works]) 286 AC_RUN_IFELSE( 287 [AC_LANG_PROGRAM([[ 288 #include <stdio.h> 289 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 290 ]], 291 [[ 292 char x[256]; 293 snprintf(x, sizeof(x), "XXX%d", func(1)); 294 ]])], 295 [ AC_MSG_RESULT([yes]) 296 break ], 297 [ AC_MSG_RESULT([no]) ], 298 [ AC_MSG_WARN([cross compiling: cannot test]) 299 break ] 300 ) 301 ], 302 [ AC_MSG_RESULT([no]) ] 303 ) 304 CFLAGS="$saved_CFLAGS" 305 LDFLAGS="$saved_LDFLAGS" 306 done 307 fi 308 309 if test -z "$have_llong_max"; then 310 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 311 unset ac_cv_have_decl_LLONG_MAX 312 saved_CFLAGS="$CFLAGS" 313 CFLAGS="$CFLAGS -std=gnu99" 314 AC_CHECK_DECL([LLONG_MAX], 315 [have_llong_max=1], 316 [CFLAGS="$saved_CFLAGS"], 317 [#include <limits.h>] 318 ) 319 fi 320fi 321 322AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 323AC_COMPILE_IFELSE( 324 [AC_LANG_PROGRAM([[ 325#include <stdlib.h> 326__attribute__((__unused__)) static void foo(void){return;}]], 327 [[ exit(0); ]])], 328 [ AC_MSG_RESULT([yes]) ], 329 [ AC_MSG_RESULT([no]) 330 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 331 [compiler does not accept __attribute__ on return types]) ] 332) 333 334AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 335AC_COMPILE_IFELSE( 336 [AC_LANG_PROGRAM([[ 337#include <stdlib.h> 338typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 339 [[ exit(0); ]])], 340 [ AC_MSG_RESULT([yes]) ], 341 [ AC_MSG_RESULT([no]) 342 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 343 [compiler does not accept __attribute__ on prototype args]) ] 344) 345 346AC_MSG_CHECKING([if compiler supports variable length arrays]) 347AC_COMPILE_IFELSE( 348 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 349 [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])], 350 [ AC_MSG_RESULT([yes]) 351 AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1], 352 [compiler supports variable length arrays]) ], 353 [ AC_MSG_RESULT([no]) ] 354) 355 356AC_MSG_CHECKING([if compiler accepts variable declarations after code]) 357AC_COMPILE_IFELSE( 358 [AC_LANG_PROGRAM([[#include <stdlib.h>]], 359 [[ int a; a = 1; int b = 1; exit(a-b); ]])], 360 [ AC_MSG_RESULT([yes]) 361 AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1], 362 [compiler variable declarations after code]) ], 363 [ AC_MSG_RESULT([no]) ] 364) 365 366if test "x$no_attrib_nonnull" != "x1" ; then 367 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 368fi 369 370AC_ARG_WITH([rpath], 371 [ --without-rpath Disable auto-added -R linker paths], 372 [ 373 if test "x$withval" = "xno" ; then 374 rpath_opt="" 375 elif test "x$withval" = "xyes" ; then 376 rpath_opt="-R" 377 else 378 rpath_opt="$withval" 379 fi 380 ] 381) 382 383# Allow user to specify flags 384AC_ARG_WITH([cflags], 385 [ --with-cflags Specify additional flags to pass to compiler], 386 [ 387 if test -n "$withval" && test "x$withval" != "xno" && \ 388 test "x${withval}" != "xyes"; then 389 CFLAGS="$CFLAGS $withval" 390 fi 391 ] 392) 393 394AC_ARG_WITH([cflags-after], 395 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 396 [ 397 if test -n "$withval" && test "x$withval" != "xno" && \ 398 test "x${withval}" != "xyes"; then 399 CFLAGS_AFTER="$withval" 400 fi 401 ] 402) 403AC_ARG_WITH([cppflags], 404 [ --with-cppflags Specify additional flags to pass to preprocessor] , 405 [ 406 if test -n "$withval" && test "x$withval" != "xno" && \ 407 test "x${withval}" != "xyes"; then 408 CPPFLAGS="$CPPFLAGS $withval" 409 fi 410 ] 411) 412AC_ARG_WITH([ldflags], 413 [ --with-ldflags Specify additional flags to pass to linker], 414 [ 415 if test -n "$withval" && test "x$withval" != "xno" && \ 416 test "x${withval}" != "xyes"; then 417 LDFLAGS="$LDFLAGS $withval" 418 fi 419 ] 420) 421AC_ARG_WITH([ldflags-after], 422 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 423 [ 424 if test -n "$withval" && test "x$withval" != "xno" && \ 425 test "x${withval}" != "xyes"; then 426 LDFLAGS_AFTER="$withval" 427 fi 428 ] 429) 430AC_ARG_WITH([libs], 431 [ --with-libs Specify additional libraries to link with], 432 [ 433 if test -n "$withval" && test "x$withval" != "xno" && \ 434 test "x${withval}" != "xyes"; then 435 LIBS="$LIBS $withval" 436 fi 437 ] 438) 439AC_ARG_WITH([Werror], 440 [ --with-Werror Build main code with -Werror], 441 [ 442 if test -n "$withval" && test "x$withval" != "xno"; then 443 werror_flags="-Werror" 444 if test "x${withval}" != "xyes"; then 445 werror_flags="$withval" 446 fi 447 fi 448 ] 449) 450 451dnl On some old platforms, sys/stat.h requires sys/types.h, but autoconf-2.71's 452dnl AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order. If we 453dnl haven't detected it, recheck. 454if test "x$ac_cv_header_sys_stat_h" != "xyes"; then 455 unset ac_cv_header_sys_stat_h 456 AC_CHECK_HEADERS([sys/stat.h]) 457fi 458 459AC_CHECK_HEADERS([ \ 460 blf.h \ 461 bstring.h \ 462 crypt.h \ 463 crypto/sha2.h \ 464 dirent.h \ 465 endian.h \ 466 elf.h \ 467 err.h \ 468 features.h \ 469 fcntl.h \ 470 floatingpoint.h \ 471 fnmatch.h \ 472 getopt.h \ 473 glob.h \ 474 ia.h \ 475 iaf.h \ 476 ifaddrs.h \ 477 inttypes.h \ 478 langinfo.h \ 479 limits.h \ 480 locale.h \ 481 login.h \ 482 maillock.h \ 483 ndir.h \ 484 net/if_tun.h \ 485 netdb.h \ 486 netgroup.h \ 487 pam/pam_appl.h \ 488 paths.h \ 489 poll.h \ 490 pty.h \ 491 readpassphrase.h \ 492 rpc/types.h \ 493 security/pam_appl.h \ 494 sha2.h \ 495 shadow.h \ 496 stddef.h \ 497 stdint.h \ 498 string.h \ 499 strings.h \ 500 sys/bitypes.h \ 501 sys/byteorder.h \ 502 sys/bsdtty.h \ 503 sys/cdefs.h \ 504 sys/dir.h \ 505 sys/file.h \ 506 sys/mman.h \ 507 sys/label.h \ 508 sys/ndir.h \ 509 sys/param.h \ 510 sys/poll.h \ 511 sys/prctl.h \ 512 sys/procctl.h \ 513 sys/pstat.h \ 514 sys/ptrace.h \ 515 sys/random.h \ 516 sys/select.h \ 517 sys/stream.h \ 518 sys/stropts.h \ 519 sys/strtio.h \ 520 sys/statvfs.h \ 521 sys/sysmacros.h \ 522 sys/time.h \ 523 sys/timers.h \ 524 sys/vfs.h \ 525 time.h \ 526 tmpdir.h \ 527 ttyent.h \ 528 ucred.h \ 529 unistd.h \ 530 usersec.h \ 531 util.h \ 532 utime.h \ 533 utmp.h \ 534 utmpx.h \ 535 vis.h \ 536 wchar.h \ 537]) 538 539# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 540# to be included first. 541AC_CHECK_HEADERS([sys/audit.h], [], [], [ 542#ifdef HAVE_SYS_TIME_H 543# include <sys/time.h> 544#endif 545#ifdef HAVE_SYS_TYPES_H 546# include <sys/types.h> 547#endif 548#ifdef HAVE_SYS_LABEL_H 549# include <sys/label.h> 550#endif 551]) 552 553# sys/capsicum.h requires sys/types.h 554AC_CHECK_HEADERS([sys/capsicum.h capsicum_helpers.h], [], [], [ 555#ifdef HAVE_SYS_TYPES_H 556# include <sys/types.h> 557#endif 558]) 559 560AC_MSG_CHECKING([for caph_cache_tzdata]) 561AC_LINK_IFELSE( 562 [AC_LANG_PROGRAM([[ #include <capsicum_helpers.h> ]], 563 [[caph_cache_tzdata();]])], 564 [ 565 AC_MSG_RESULT([yes]) 566 AC_DEFINE([HAVE_CAPH_CACHE_TZDATA], [1], 567 [Define if you have caph_cache_tzdata]) 568 ], 569 [ AC_MSG_RESULT([no]) ] 570) 571 572# net/route.h requires sys/socket.h and sys/types.h. 573# sys/sysctl.h also requires sys/param.h 574AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 575#ifdef HAVE_SYS_TYPES_H 576# include <sys/types.h> 577#endif 578#include <sys/param.h> 579#include <sys/socket.h> 580]) 581 582# lastlog.h requires sys/time.h to be included first on Solaris 583AC_CHECK_HEADERS([lastlog.h], [], [], [ 584#ifdef HAVE_SYS_TIME_H 585# include <sys/time.h> 586#endif 587]) 588 589# sys/ptms.h requires sys/stream.h to be included first on Solaris 590AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 591#ifdef HAVE_SYS_STREAM_H 592# include <sys/stream.h> 593#endif 594]) 595 596# login_cap.h requires sys/types.h on NetBSD 597AC_CHECK_HEADERS([login_cap.h], [], [], [ 598#include <sys/types.h> 599]) 600 601# older BSDs need sys/param.h before sys/mount.h 602AC_CHECK_HEADERS([sys/mount.h], [], [], [ 603#include <sys/param.h> 604]) 605 606# Android requires sys/socket.h to be included before sys/un.h 607AC_CHECK_HEADERS([sys/un.h], [], [], [ 608#include <sys/types.h> 609#include <sys/socket.h> 610]) 611 612# Messages for features tested for in target-specific section 613SIA_MSG="no" 614SPC_MSG="no" 615SP_MSG="no" 616SPP_MSG="no" 617 618# Support for Solaris/Illumos privileges (this test is used by both 619# the --with-solaris-privs option and --with-sandbox=solaris). 620SOLARIS_PRIVS="no" 621 622# Check for some target-specific stuff 623case "$host" in 624*-*-aix*) 625 # Some versions of VAC won't allow macro redefinitions at 626 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 627 # particularly with older versions of vac or xlc. 628 # It also throws errors about null macro arguments, but these are 629 # not fatal. 630 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 631 AC_COMPILE_IFELSE( 632 [AC_LANG_PROGRAM([[ 633#define testmacro foo 634#define testmacro bar]], 635 [[ exit(0); ]])], 636 [ AC_MSG_RESULT([yes]) ], 637 [ AC_MSG_RESULT([no]) 638 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 639 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 640 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 641 ] 642 ) 643 644 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 645 if (test -z "$blibpath"); then 646 blibpath="/usr/lib:/lib" 647 fi 648 saved_LDFLAGS="$LDFLAGS" 649 if test "$GCC" = "yes"; then 650 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 651 else 652 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 653 fi 654 for tryflags in $flags ;do 655 if (test -z "$blibflags"); then 656 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 657 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 658 [blibflags=$tryflags], []) 659 fi 660 done 661 if (test -z "$blibflags"); then 662 AC_MSG_RESULT([not found]) 663 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 664 else 665 AC_MSG_RESULT([$blibflags]) 666 fi 667 LDFLAGS="$saved_LDFLAGS" 668 dnl Check for authenticate. Might be in libs.a on older AIXes 669 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 670 [Define if you want to enable AIX4's authenticate function])], 671 [AC_CHECK_LIB([s], [authenticate], 672 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 673 LIBS="$LIBS -ls" 674 ]) 675 ]) 676 dnl Check for various auth function declarations in headers. 677 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 678 passwdexpired, setauthdb], , , [#include <usersec.h>]) 679 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 680 AC_CHECK_DECLS([loginfailed], 681 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 682 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 683 [[ (void)loginfailed("user","host","tty",0); ]])], 684 [AC_MSG_RESULT([yes]) 685 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 686 [Define if your AIX loginfailed() function 687 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 688 ])], 689 [], 690 [#include <usersec.h>] 691 ) 692 AC_CHECK_FUNCS([getgrset setauthdb]) 693 AC_CHECK_DECL([F_CLOSEM], 694 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 695 [], 696 [ #include <limits.h> 697 #include <fcntl.h> ] 698 ) 699 check_for_aix_broken_getaddrinfo=1 700 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 701 [Define if your platform breaks doing a seteuid before a setuid]) 702 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 703 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 704 dnl AIX handles lastlog as part of its login message 705 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 706 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 707 [Some systems need a utmpx entry for /bin/login to work]) 708 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 709 [Define to a Set Process Title type if your system is 710 supported by bsd-setproctitle.c]) 711 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 712 [AIX 5.2 and 5.3 (and presumably newer) require this]) 713 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 714 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 715 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 716 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 717 ;; 718*-*-android*) 719 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 720 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 721 ;; 722*-*-cygwin*) 723 LIBS="$LIBS /usr/lib/textreadmode.o" 724 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 725 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 726 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 727 [Define to disable UID restoration test]) 728 AC_DEFINE([DISABLE_SHADOW], [1], 729 [Define if you want to disable shadow passwords]) 730 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 731 [Define if X11 doesn't support AF_UNIX sockets on that system]) 732 AC_DEFINE([DISABLE_FD_PASSING], [1], 733 [Define if your platform needs to skip post auth 734 file descriptor passing]) 735 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 736 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 737 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 738 # reasons which cause compile warnings, so we disable those warnings. 739 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 740 ;; 741*-*-dgux*) 742 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 743 [Define if your system choked on IP TOS setting]) 744 AC_DEFINE([SETEUID_BREAKS_SETUID]) 745 AC_DEFINE([BROKEN_SETREUID]) 746 AC_DEFINE([BROKEN_SETREGID]) 747 ;; 748*-*-darwin*) 749 use_pie=auto 750 AC_MSG_CHECKING([if we have working getaddrinfo]) 751 AC_RUN_IFELSE([AC_LANG_SOURCE([[ 752#include <mach-o/dyld.h> 753#include <stdlib.h> 754int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 755 exit(0); 756 else 757 exit(1); 758} 759 ]])], 760 [AC_MSG_RESULT([working])], 761 [AC_MSG_RESULT([buggy]) 762 AC_DEFINE([BROKEN_GETADDRINFO], [1], 763 [getaddrinfo is broken (if present)]) 764 ], 765 [AC_MSG_RESULT([assume it is working])]) 766 AC_DEFINE([SETEUID_BREAKS_SETUID]) 767 AC_DEFINE([BROKEN_SETREUID]) 768 AC_DEFINE([BROKEN_SETREGID]) 769 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 770 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 771 [Define if your resolver libs need this for getrrsetbyname]) 772 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 773 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 774 [Use tunnel device compatibility to OpenBSD]) 775 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 776 [Prepend the address family to IP tunnel traffic]) 777 m4_pattern_allow([AU_IPv]) 778 AC_CHECK_DECL([AU_IPv4], [], 779 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 780 [#include <bsm/audit.h>] 781 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 782 [Define if pututxline updates lastlog too]) 783 ) 784 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 785 [Define to a Set Process Title type if your system is 786 supported by bsd-setproctitle.c]) 787 AC_CHECK_FUNCS([sandbox_init]) 788 AC_CHECK_HEADERS([sandbox.h]) 789 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 790 SSHDLIBS="$SSHDLIBS -lsandbox" 791 ]) 792 # proc_pidinfo()-based closefrom() replacement. 793 AC_CHECK_HEADERS([libproc.h]) 794 AC_CHECK_FUNCS([proc_pidinfo]) 795 # poll(2) is broken for character-special devices (at least). 796 # cf. Apple bug 3710161 (not public, but searchable) 797 AC_DEFINE([BROKEN_POLL], [1], 798 [System poll(2) implementation is broken]) 799 ;; 800*-*-dragonfly*) 801 SSHDLIBS="$SSHDLIBS" 802 TEST_MALLOC_OPTIONS="AFGJPRX" 803 ;; 804*-*-haiku*) 805 LIBS="$LIBS -lbsd " 806 CFLAGS="$CFLAGS -D_BSD_SOURCE" 807 AC_CHECK_LIB([network], [socket]) 808 AC_DEFINE([HAVE_U_INT64_T]) 809 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 810 MANTYPE=man 811 ;; 812*-*-hpux*) 813 # first we define all of the options common to all HP-UX releases 814 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 815 IPADDR_IN_DISPLAY=yes 816 AC_DEFINE([USE_PIPES]) 817 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 818 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 819 [String used in /etc/passwd to denote locked account]) 820 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 821 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 822 maildir="/var/mail" 823 LIBS="$LIBS -lsec" 824 AC_CHECK_LIB([xnet], [t_error], , 825 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 826 827 # next, we define all of the options specific to major releases 828 case "$host" in 829 *-*-hpux10*) 830 if test -z "$GCC"; then 831 CFLAGS="$CFLAGS -Ae" 832 fi 833 AC_DEFINE([BROKEN_GETLINE], [1], [getline is not what we expect]) 834 ;; 835 *-*-hpux11*) 836 AC_DEFINE([PAM_SUN_CODEBASE], [1], 837 [Define if you are using Solaris-derived PAM which 838 passes pam_messages to the conversation function 839 with an extra level of indirection]) 840 AC_DEFINE([DISABLE_UTMP], [1], 841 [Define if you don't want to use utmp]) 842 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 843 check_for_hpux_broken_getaddrinfo=1 844 check_for_conflicting_getspnam=1 845 ;; 846 esac 847 848 # lastly, we define options specific to minor releases 849 case "$host" in 850 *-*-hpux10.26) 851 AC_DEFINE([HAVE_SECUREWARE], [1], 852 [Define if you have SecureWare-based 853 protected password database]) 854 disable_ptmx_check=yes 855 LIBS="$LIBS -lsecpw" 856 ;; 857 esac 858 ;; 859*-*-irix5*) 860 PATH="$PATH:/usr/etc" 861 AC_DEFINE([BROKEN_INET_NTOA], [1], 862 [Define if you system's inet_ntoa is busted 863 (e.g. Irix gcc issue)]) 864 AC_DEFINE([SETEUID_BREAKS_SETUID]) 865 AC_DEFINE([BROKEN_SETREUID]) 866 AC_DEFINE([BROKEN_SETREGID]) 867 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 868 [Define if you shouldn't strip 'tty' from your 869 ttyname in [uw]tmp]) 870 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 871 ;; 872*-*-irix6*) 873 PATH="$PATH:/usr/etc" 874 AC_DEFINE([WITH_IRIX_ARRAY], [1], 875 [Define if you have/want arrays 876 (cluster-wide session management, not C arrays)]) 877 AC_DEFINE([WITH_IRIX_PROJECT], [1], 878 [Define if you want IRIX project management]) 879 AC_DEFINE([WITH_IRIX_AUDIT], [1], 880 [Define if you want IRIX audit trails]) 881 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 882 [Define if you want IRIX kernel jobs])]) 883 AC_DEFINE([BROKEN_INET_NTOA]) 884 AC_DEFINE([SETEUID_BREAKS_SETUID]) 885 AC_DEFINE([BROKEN_SETREUID]) 886 AC_DEFINE([BROKEN_SETREGID]) 887 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 888 AC_DEFINE([WITH_ABBREV_NO_TTY]) 889 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 890 ;; 891*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 892 AC_DEFINE([PAM_TTY_KLUDGE]) 893 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 894 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 895 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 896 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 897 ;; 898*-*-linux*) 899 no_dev_ptmx=1 900 use_pie=auto 901 check_for_openpty_ctty_bug=1 902 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 903 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 904 dnl _GNU_SOURCE is needed for setres*id prototypes. 905 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE" 906 AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels]) 907 AC_DEFINE([PAM_TTY_KLUDGE], [1], 908 [Work around problematic Linux PAM modules handling of PAM_TTY]) 909 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 910 [String used in /etc/passwd to denote locked account]) 911 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 912 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 913 [Define to whatever link() returns for "not supported" 914 if it doesn't return EOPNOTSUPP.]) 915 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 916 AC_DEFINE([USE_BTMP]) 917 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 918 AC_DEFINE([SYSTEMD_NOTIFY], [1], [Have sshd notify systemd on start/reload]) 919 inet6_default_4in6=yes 920 case `uname -r` in 921 1.*|2.0.*) 922 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 923 [Define if cmsg_type is not passed correctly]) 924 ;; 925 esac 926 # tun(4) forwarding compat code 927 AC_CHECK_HEADERS([linux/if_tun.h]) 928 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 929 AC_DEFINE([SSH_TUN_LINUX], [1], 930 [Open tunnel devices the Linux tun/tap way]) 931 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 932 [Use tunnel device compatibility to OpenBSD]) 933 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 934 [Prepend the address family to IP tunnel traffic]) 935 fi 936 AC_CHECK_HEADER([linux/if.h], 937 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 938 [Support routing domains using Linux VRF]), [], [ 939#ifdef HAVE_SYS_TYPES_H 940# include <sys/types.h> 941#endif 942 ]) 943 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 944 [], [#include <linux/types.h>]) 945 # Obtain MIPS ABI 946 case "$host" in 947 mips*) 948 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 949#if _MIPS_SIM != _ABIO32 950#error 951#endif 952 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 953#if _MIPS_SIM != _ABIN32 954#error 955#endif 956 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 957#if _MIPS_SIM != _ABI64 958#error 959#endif 960 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 961 ]) 962 ]) 963 ]) 964 ;; 965 esac 966 AC_MSG_CHECKING([for seccomp architecture]) 967 seccomp_audit_arch= 968 case "$host" in 969 x86_64-*) 970 seccomp_audit_arch=AUDIT_ARCH_X86_64 971 ;; 972 i*86-*) 973 seccomp_audit_arch=AUDIT_ARCH_I386 974 ;; 975 arm*-*) 976 seccomp_audit_arch=AUDIT_ARCH_ARM 977 ;; 978 aarch64*-*) 979 seccomp_audit_arch=AUDIT_ARCH_AARCH64 980 ;; 981 s390x-*) 982 seccomp_audit_arch=AUDIT_ARCH_S390X 983 ;; 984 s390-*) 985 seccomp_audit_arch=AUDIT_ARCH_S390 986 ;; 987 powerpc-*) 988 seccomp_audit_arch=AUDIT_ARCH_PPC 989 ;; 990 powerpc64-*) 991 seccomp_audit_arch=AUDIT_ARCH_PPC64 992 ;; 993 powerpc64le-*) 994 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 995 ;; 996 mips-*) 997 seccomp_audit_arch=AUDIT_ARCH_MIPS 998 ;; 999 mipsel-*) 1000 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 1001 ;; 1002 mips64-*) 1003 case "$mips_abi" in 1004 "n32") 1005 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 1006 ;; 1007 "n64") 1008 seccomp_audit_arch=AUDIT_ARCH_MIPS64 1009 ;; 1010 esac 1011 ;; 1012 mips64el-*) 1013 case "$mips_abi" in 1014 "n32") 1015 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 1016 ;; 1017 "n64") 1018 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 1019 ;; 1020 esac 1021 ;; 1022 riscv64-*) 1023 seccomp_audit_arch=AUDIT_ARCH_RISCV64 1024 ;; 1025 esac 1026 if test "x$seccomp_audit_arch" != "x" ; then 1027 AC_MSG_RESULT(["$seccomp_audit_arch"]) 1028 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 1029 [Specify the system call convention in use]) 1030 else 1031 AC_MSG_RESULT([architecture not supported]) 1032 fi 1033 ;; 1034*-*-minix) 1035 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1036 # poll(2) seems to choke on /dev/null; "Bad file descriptor" 1037 AC_DEFINE([BROKEN_POLL], [1], 1038 [System poll(2) implementation is broken]) 1039 ;; 1040mips-sony-bsd|mips-sony-newsos4) 1041 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 1042 SONY=1 1043 ;; 1044*-*-netbsd*) 1045 if test "x$withval" != "xno" ; then 1046 rpath_opt="-R" 1047 fi 1048 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 1049 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 1050 AC_CHECK_HEADER([net/if_tap.h], , 1051 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 1052 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 1053 [Prepend the address family to IP tunnel traffic]) 1054 TEST_MALLOC_OPTIONS="AJRX" 1055 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 1056 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 1057 ;; 1058*-*-freebsd*) 1059 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 1060 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 1061 AC_CHECK_HEADER([net/if_tap.h], , 1062 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 1063 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 1064 TEST_MALLOC_OPTIONS="AJRX" 1065 # Preauth crypto occasionally uses file descriptors for crypto offload 1066 # and will crash if they cannot be opened. 1067 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 1068 [define if setrlimit RLIMIT_NOFILE breaks things]) 1069 case "$host" in 1070 *-*-freebsd9.*|*-*-freebsd10.*) 1071 # Capsicum on 9 and 10 do not allow ppoll() so don't auto-enable. 1072 disable_capsicum=yes 1073 esac 1074 ;; 1075*-*-bsdi*) 1076 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1077 AC_DEFINE([BROKEN_SETREUID]) 1078 AC_DEFINE([BROKEN_SETREGID]) 1079 ;; 1080*-next-*) 1081 conf_lastlog_location="/usr/adm/lastlog" 1082 conf_utmp_location=/etc/utmp 1083 conf_wtmp_location=/usr/adm/wtmp 1084 maildir=/usr/spool/mail 1085 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 1086 AC_DEFINE([USE_PIPES]) 1087 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 1088 ;; 1089*-*-openbsd*) 1090 use_pie=auto 1091 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 1092 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 1093 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 1094 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 1095 [syslog_r function is safe to use in in a signal handler]) 1096 TEST_MALLOC_OPTIONS="AFGJPRX" 1097 ;; 1098*-*-solaris*) 1099 if test "x$withval" != "xno" ; then 1100 rpath_opt="-R" 1101 fi 1102 AC_DEFINE([PAM_SUN_CODEBASE]) 1103 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 1104 AC_DEFINE([PAM_TTY_KLUDGE]) 1105 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 1106 [Define if pam_chauthtok wants real uid set 1107 to the unpriv'ed user]) 1108 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1109 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 1110 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 1111 [Define if sshd somehow reacquires a controlling TTY 1112 after setsid()]) 1113 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1114 in case the name is longer than 8 chars]) 1115 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1116 external_path_file=/etc/default/login 1117 # hardwire lastlog location (can't detect it on some versions) 1118 conf_lastlog_location="/var/adm/lastlog" 1119 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1120 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1121 if test "$sol2ver" -ge 8; then 1122 AC_MSG_RESULT([yes]) 1123 AC_DEFINE([DISABLE_UTMP]) 1124 AC_DEFINE([DISABLE_WTMP], [1], 1125 [Define if you don't want to use wtmp]) 1126 else 1127 AC_MSG_RESULT([no]) 1128 fi 1129 AC_CHECK_FUNCS([setpflags]) 1130 AC_CHECK_FUNCS([setppriv]) 1131 AC_CHECK_FUNCS([priv_basicset]) 1132 AC_CHECK_HEADERS([priv.h]) 1133 AC_ARG_WITH([solaris-contracts], 1134 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1135 [ 1136 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1137 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1138 [Define if you have Solaris process contracts]) 1139 LIBS="$LIBS -lcontract" 1140 SPC_MSG="yes" ], ) 1141 ], 1142 ) 1143 AC_ARG_WITH([solaris-projects], 1144 [ --with-solaris-projects Enable Solaris projects (experimental)], 1145 [ 1146 AC_CHECK_LIB([project], [setproject], 1147 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1148 [Define if you have Solaris projects]) 1149 LIBS="$LIBS -lproject" 1150 SP_MSG="yes" ], ) 1151 ], 1152 ) 1153 AC_ARG_WITH([solaris-privs], 1154 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1155 [ 1156 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1157 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1158 "x$ac_cv_header_priv_h" = "xyes" ; then 1159 SOLARIS_PRIVS=yes 1160 AC_MSG_RESULT([found]) 1161 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1162 [Define to disable UID restoration test]) 1163 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1164 [Define if you have Solaris privileges]) 1165 SPP_MSG="yes" 1166 else 1167 AC_MSG_RESULT([not found]) 1168 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1169 fi 1170 ], 1171 ) 1172 TEST_SHELL=$SHELL # let configure find us a capable shell 1173 ;; 1174*-*-sunos4*) 1175 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1176 AC_CHECK_FUNCS([getpwanam]) 1177 AC_DEFINE([PAM_SUN_CODEBASE]) 1178 conf_utmp_location=/etc/utmp 1179 conf_wtmp_location=/var/adm/wtmp 1180 conf_lastlog_location=/var/adm/lastlog 1181 AC_DEFINE([USE_PIPES]) 1182 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1183 ;; 1184*-ncr-sysv*) 1185 LIBS="$LIBS -lc89" 1186 AC_DEFINE([USE_PIPES]) 1187 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1188 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1189 AC_DEFINE([BROKEN_SETREUID]) 1190 AC_DEFINE([BROKEN_SETREGID]) 1191 ;; 1192*-sni-sysv*) 1193 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1194 AC_CHECK_LIB([dl], [dlsym], ,) 1195 # -lresolv needs to be at the end of LIBS or DNS lookups break 1196 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1197 IPADDR_IN_DISPLAY=yes 1198 AC_DEFINE([USE_PIPES]) 1199 AC_DEFINE([IP_TOS_IS_BROKEN]) 1200 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1201 AC_DEFINE([BROKEN_SETREUID]) 1202 AC_DEFINE([BROKEN_SETREGID]) 1203 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1204 external_path_file=/etc/default/login 1205 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1206 # Attention: always take care to bind libsocket and libnsl before libc, 1207 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1208 ;; 1209# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1210*-*-sysv4.2*) 1211 AC_DEFINE([USE_PIPES]) 1212 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1213 AC_DEFINE([BROKEN_SETREUID]) 1214 AC_DEFINE([BROKEN_SETREGID]) 1215 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1216 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1217 TEST_SHELL=$SHELL # let configure find us a capable shell 1218 ;; 1219# UnixWare 7.x, OpenUNIX 8 1220*-*-sysv5*) 1221 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1222 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1223 AC_DEFINE([USE_PIPES]) 1224 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1225 AC_DEFINE([BROKEN_GETADDRINFO]) 1226 AC_DEFINE([BROKEN_SETREUID]) 1227 AC_DEFINE([BROKEN_SETREGID]) 1228 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1229 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1230 TEST_SHELL=$SHELL # let configure find us a capable shell 1231 case "$host" in 1232 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1233 maildir=/var/spool/mail 1234 AC_DEFINE([BROKEN_UPDWTMPX]) 1235 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1236 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1237 ], , ) 1238 ;; 1239 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1240 ;; 1241 esac 1242 ;; 1243*-*-sysv*) 1244 ;; 1245# SCO UNIX and OEM versions of SCO UNIX 1246*-*-sco3.2v4*) 1247 AC_MSG_ERROR("This Platform is no longer supported.") 1248 ;; 1249# SCO OpenServer 5.x 1250*-*-sco3.2v5*) 1251 if test -z "$GCC"; then 1252 CFLAGS="$CFLAGS -belf" 1253 fi 1254 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1255 no_dev_ptmx=1 1256 AC_DEFINE([USE_PIPES]) 1257 AC_DEFINE([HAVE_SECUREWARE]) 1258 AC_DEFINE([DISABLE_SHADOW]) 1259 AC_DEFINE([DISABLE_FD_PASSING]) 1260 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1261 AC_DEFINE([BROKEN_GETADDRINFO]) 1262 AC_DEFINE([BROKEN_SETREUID]) 1263 AC_DEFINE([BROKEN_SETREGID]) 1264 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1265 AC_DEFINE([BROKEN_UPDWTMPX]) 1266 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1267 AC_CHECK_FUNCS([getluid setluid]) 1268 MANTYPE=man 1269 TEST_SHELL=$SHELL # let configure find us a capable shell 1270 SKIP_DISABLE_LASTLOG_DEFINE=yes 1271 ;; 1272*-dec-osf*) 1273 AC_MSG_CHECKING([for Digital Unix SIA]) 1274 no_osfsia="" 1275 AC_ARG_WITH([osfsia], 1276 [ --with-osfsia Enable Digital Unix SIA], 1277 [ 1278 if test "x$withval" = "xno" ; then 1279 AC_MSG_RESULT([disabled]) 1280 no_osfsia=1 1281 fi 1282 ], 1283 ) 1284 if test -z "$no_osfsia" ; then 1285 if test -f /etc/sia/matrix.conf; then 1286 AC_MSG_RESULT([yes]) 1287 AC_DEFINE([HAVE_OSF_SIA], [1], 1288 [Define if you have Digital Unix Security 1289 Integration Architecture]) 1290 AC_DEFINE([DISABLE_LOGIN], [1], 1291 [Define if you don't want to use your 1292 system's login() call]) 1293 AC_DEFINE([DISABLE_FD_PASSING]) 1294 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1295 SIA_MSG="yes" 1296 else 1297 AC_MSG_RESULT([no]) 1298 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1299 [String used in /etc/passwd to denote locked account]) 1300 fi 1301 fi 1302 AC_DEFINE([BROKEN_GETADDRINFO]) 1303 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1304 AC_DEFINE([BROKEN_SETREUID]) 1305 AC_DEFINE([BROKEN_SETREGID]) 1306 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1307 ;; 1308 1309*-*-nto-qnx*) 1310 AC_DEFINE([USE_PIPES]) 1311 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1312 AC_DEFINE([DISABLE_LASTLOG]) 1313 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1314 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1315 enable_etc_default_login=no # has incompatible /etc/default/login 1316 case "$host" in 1317 *-*-nto-qnx6*) 1318 AC_DEFINE([DISABLE_FD_PASSING]) 1319 ;; 1320 esac 1321 ;; 1322 1323*-*-ultrix*) 1324 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1325 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1326 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1327 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1328 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1329 # don't get a controlling tty. 1330 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1331 # On Ultrix some headers are not protected against multiple includes, 1332 # so we create wrappers and put it where the compiler will find it. 1333 AC_MSG_WARN([creating compat wrappers for headers]) 1334 mkdir -p netinet 1335 for header in netinet/ip.h netdb.h resolv.h; do 1336 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1337 cat >$header <<EOD 1338#ifndef _SSH_COMPAT_${name} 1339#define _SSH_COMPAT_${name} 1340#include "/usr/include/${header}" 1341#endif 1342EOD 1343 done 1344 ;; 1345 1346*-*-lynxos) 1347 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1348 AC_DEFINE([BROKEN_SETVBUF], [1], 1349 [LynxOS has broken setvbuf() implementation]) 1350 ;; 1351esac 1352 1353AC_MSG_CHECKING([compiler and flags for sanity]) 1354AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])], 1355 [ AC_MSG_RESULT([yes]) ], 1356 [ 1357 AC_MSG_RESULT([no]) 1358 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1359 ], 1360 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1361) 1362 1363dnl Checks for header files. 1364# Checks for libraries. 1365AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1366 1367dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1368AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1369 AC_CHECK_LIB([gen], [dirname], [ 1370 AC_CACHE_CHECK([for broken dirname], 1371 ac_cv_have_broken_dirname, [ 1372 save_LIBS="$LIBS" 1373 LIBS="$LIBS -lgen" 1374 AC_RUN_IFELSE( 1375 [AC_LANG_SOURCE([[ 1376#include <libgen.h> 1377#include <string.h> 1378#include <stdlib.h> 1379 1380int main(int argc, char **argv) { 1381 char *s, buf[32]; 1382 1383 strncpy(buf,"/etc", 32); 1384 s = dirname(buf); 1385 if (!s || strncmp(s, "/", 32) != 0) { 1386 exit(1); 1387 } else { 1388 exit(0); 1389 } 1390} 1391 ]])], 1392 [ ac_cv_have_broken_dirname="no" ], 1393 [ ac_cv_have_broken_dirname="yes" ], 1394 [ ac_cv_have_broken_dirname="no" ], 1395 ) 1396 LIBS="$save_LIBS" 1397 ]) 1398 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1399 LIBS="$LIBS -lgen" 1400 AC_DEFINE([HAVE_DIRNAME]) 1401 AC_CHECK_HEADERS([libgen.h]) 1402 fi 1403 ]) 1404]) 1405 1406AC_CHECK_FUNC([getspnam], , 1407 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1408AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1409 [Define if you have the basename function.])]) 1410 1411dnl zlib defaults to enabled 1412zlib=yes 1413AC_ARG_WITH([zlib], 1414 [ --with-zlib=PATH Use zlib in PATH], 1415 [ if test "x$withval" = "xno" ; then 1416 zlib=no 1417 elif test "x$withval" != "xyes"; then 1418 if test -d "$withval/lib"; then 1419 if test -n "${rpath_opt}"; then 1420 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1421 else 1422 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1423 fi 1424 else 1425 if test -n "${rpath_opt}"; then 1426 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1427 else 1428 LDFLAGS="-L${withval} ${LDFLAGS}" 1429 fi 1430 fi 1431 if test -d "$withval/include"; then 1432 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1433 else 1434 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1435 fi 1436 fi ] 1437) 1438 1439# These libraries are needed for anything that links in the channel code. 1440CHANNELLIBS="" 1441AC_MSG_CHECKING([for zlib]) 1442if test "x${zlib}" = "xno"; then 1443 AC_MSG_RESULT([no]) 1444else 1445 saved_LIBS="$LIBS" 1446 CHANNELLIBS="$CHANNELLIBS -lz" 1447 AC_MSG_RESULT([yes]) 1448 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1449 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1450 AC_CHECK_LIB([z], [deflate], [], 1451 [ 1452 saved_CPPFLAGS="$CPPFLAGS" 1453 saved_LDFLAGS="$LDFLAGS" 1454 dnl Check default zlib install dir 1455 if test -n "${rpath_opt}"; then 1456 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1457 else 1458 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1459 fi 1460 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1461 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1462 [ 1463 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1464 ] 1465 ) 1466 ] 1467 ) 1468 1469 AC_ARG_WITH([zlib-version-check], 1470 [ --without-zlib-version-check Disable zlib version check], 1471 [ if test "x$withval" = "xno" ; then 1472 zlib_check_nonfatal=1 1473 fi 1474 ] 1475 ) 1476 1477 AC_MSG_CHECKING([for possibly buggy zlib]) 1478 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1479#include <stdio.h> 1480#include <stdlib.h> 1481#include <zlib.h> 1482 ]], 1483 [[ 1484 int a=0, b=0, c=0, d=0, n, v; 1485 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1486 if (n < 1) 1487 exit(1); 1488 v = a*1000000 + b*10000 + c*100 + d; 1489 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1490 1491 /* 1.1.4 is OK */ 1492 if (a == 1 && b == 1 && c >= 4) 1493 exit(0); 1494 1495 /* 1.2.3 and up are OK */ 1496 if (v >= 1020300) 1497 exit(0); 1498 1499 exit(2); 1500 ]])], 1501 AC_MSG_RESULT([no]), 1502 [ AC_MSG_RESULT([yes]) 1503 if test -z "$zlib_check_nonfatal" ; then 1504 AC_MSG_ERROR([*** zlib too old - check config.log *** 1505Your reported zlib version has known security problems. It's possible your 1506vendor has fixed these problems without changing the version number. If you 1507are sure this is the case, you can disable the check by running 1508"./configure --without-zlib-version-check". 1509If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1510See http://www.gzip.org/zlib/ for details.]) 1511 else 1512 AC_MSG_WARN([zlib version may have security problems]) 1513 fi 1514 ], 1515 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1516 ) 1517 LIBS="$saved_LIBS" 1518fi 1519 1520dnl UnixWare 2.x 1521AC_CHECK_FUNC([strcasecmp], 1522 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1523) 1524AC_CHECK_FUNCS([utimes], 1525 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1526 LIBS="$LIBS -lc89"]) ] 1527) 1528 1529dnl Checks for libutil functions 1530AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1531AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1532AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1533AC_SEARCH_LIBS([login], [util bsd]) 1534AC_SEARCH_LIBS([logout], [util bsd]) 1535AC_SEARCH_LIBS([logwtmp], [util bsd]) 1536AC_SEARCH_LIBS([openpty], [util bsd]) 1537AC_SEARCH_LIBS([updwtmp], [util bsd]) 1538AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1539 1540# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1541# or libnsl. 1542AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1543AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1544 1545# Some Linux distribtions ship the BSD libc hashing functions in 1546# separate libraries. 1547AC_SEARCH_LIBS([SHA256Update], [md bsd]) 1548 1549# "Particular Function Checks" 1550# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1551AC_FUNC_STRFTIME 1552AC_FUNC_MALLOC 1553AC_FUNC_REALLOC 1554# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1555AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1556AC_RUN_IFELSE( 1557 [AC_LANG_PROGRAM( 1558 [[ #include <stdlib.h> ]], 1559 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1560 )], 1561 [ func_calloc_0_nonnull=yes ], 1562 [ func_calloc_0_nonnull=no ], 1563 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1564 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1565) 1566AC_MSG_RESULT([$func_calloc_0_nonnull]) 1567 1568if test "x$func_calloc_0_nonnull" = "xyes"; then 1569 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1570else 1571 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1572 AC_DEFINE(calloc, rpl_calloc, 1573 [Define to rpl_calloc if the replacement function should be used.]) 1574fi 1575 1576# Check for ALTDIRFUNC glob() extension 1577AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1578AC_EGREP_CPP([FOUNDIT], 1579 [ 1580 #include <glob.h> 1581 #ifdef GLOB_ALTDIRFUNC 1582 FOUNDIT 1583 #endif 1584 ], 1585 [ 1586 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1587 [Define if your system glob() function has 1588 the GLOB_ALTDIRFUNC extension]) 1589 AC_MSG_RESULT([yes]) 1590 ], 1591 [ 1592 AC_MSG_RESULT([no]) 1593 ] 1594) 1595 1596# Check for g.gl_matchc glob() extension 1597AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1598AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1599 [[ glob_t g; g.gl_matchc = 1; ]])], 1600 [ 1601 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1602 [Define if your system glob() function has 1603 gl_matchc options in glob_t]) 1604 AC_MSG_RESULT([yes]) 1605 ], [ 1606 AC_MSG_RESULT([no]) 1607]) 1608 1609# Check for g.gl_statv glob() extension 1610AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1611AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1612#ifndef GLOB_KEEPSTAT 1613#error "glob does not support GLOB_KEEPSTAT extension" 1614#endif 1615glob_t g; 1616g.gl_statv = NULL; 1617]])], 1618 [ 1619 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1620 [Define if your system glob() function has 1621 gl_statv options in glob_t]) 1622 AC_MSG_RESULT([yes]) 1623 ], [ 1624 AC_MSG_RESULT([no]) 1625 1626]) 1627 1628AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1629 1630AC_CHECK_DECL([VIS_ALL], , 1631 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1632 1633AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1634AC_RUN_IFELSE( 1635 [AC_LANG_PROGRAM([[ 1636#include <sys/types.h> 1637#include <dirent.h> 1638#include <stdlib.h> 1639 ]], 1640 [[ 1641 struct dirent d; 1642 exit(sizeof(d.d_name)<=sizeof(char)); 1643 ]])], 1644 [AC_MSG_RESULT([yes])], 1645 [ 1646 AC_MSG_RESULT([no]) 1647 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1648 [Define if your struct dirent expects you to 1649 allocate extra space for d_name]) 1650 ], 1651 [ 1652 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1653 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1654 ] 1655) 1656 1657AC_MSG_CHECKING([for /proc/pid/fd directory]) 1658if test -d "/proc/$$/fd" ; then 1659 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1660 AC_MSG_RESULT([yes]) 1661else 1662 AC_MSG_RESULT([no]) 1663fi 1664 1665# Check whether user wants to use ldns 1666LDNS_MSG="no" 1667AC_ARG_WITH(ldns, 1668 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1669 [ 1670 ldns="" 1671 if test "x$withval" = "xyes" ; then 1672 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1673 if test "x$LDNSCONFIG" = "xno"; then 1674 LIBS="-lldns $LIBS" 1675 ldns=yes 1676 else 1677 LIBS="$LIBS `$LDNSCONFIG --libs`" 1678 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1679 ldns=yes 1680 fi 1681 elif test "x$withval" != "xno" ; then 1682 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1683 LDFLAGS="$LDFLAGS -L${withval}/lib" 1684 LIBS="-lldns $LIBS" 1685 ldns=yes 1686 fi 1687 1688 # Verify that it works. 1689 if test "x$ldns" = "xyes" ; then 1690 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1691 LDNS_MSG="yes" 1692 AC_MSG_CHECKING([for ldns support]) 1693 AC_LINK_IFELSE( 1694 [AC_LANG_SOURCE([[ 1695#include <stdio.h> 1696#include <stdlib.h> 1697#ifdef HAVE_STDINT_H 1698# include <stdint.h> 1699#endif 1700#include <ldns/ldns.h> 1701int main(void) { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1702 ]]) 1703 ], 1704 [AC_MSG_RESULT(yes)], 1705 [ 1706 AC_MSG_RESULT(no) 1707 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1708 ]) 1709 fi 1710]) 1711 1712# Check whether user wants libedit support 1713LIBEDIT_MSG="no" 1714AC_ARG_WITH([libedit], 1715 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1716 [ if test "x$withval" != "xno" ; then 1717 if test "x$withval" = "xyes" ; then 1718 if test "x$PKGCONFIG" != "xno"; then 1719 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1720 if "$PKGCONFIG" libedit; then 1721 AC_MSG_RESULT([yes]) 1722 use_pkgconfig_for_libedit=yes 1723 else 1724 AC_MSG_RESULT([no]) 1725 fi 1726 fi 1727 else 1728 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1729 if test -n "${rpath_opt}"; then 1730 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1731 else 1732 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1733 fi 1734 fi 1735 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1736 LIBEDIT=`$PKGCONFIG --libs libedit` 1737 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1738 else 1739 LIBEDIT="-ledit -lcurses" 1740 fi 1741 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1742 AC_CHECK_LIB([edit], [el_init], 1743 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1744 LIBEDIT_MSG="yes" 1745 AC_SUBST([LIBEDIT]) 1746 ], 1747 [ AC_MSG_ERROR([libedit not found]) ], 1748 [ $OTHERLIBS ] 1749 ) 1750 AC_MSG_CHECKING([if libedit version is compatible]) 1751 AC_COMPILE_IFELSE( 1752 [AC_LANG_PROGRAM([[ 1753#include <histedit.h> 1754#include <stdlib.h> 1755 ]], 1756 [[ 1757 int i = H_SETSIZE; 1758 el_init("", NULL, NULL, NULL); 1759 exit(0); 1760 ]])], 1761 [ AC_MSG_RESULT([yes]) ], 1762 [ AC_MSG_RESULT([no]) 1763 AC_MSG_ERROR([libedit version is not compatible]) ] 1764 ) 1765 fi ] 1766) 1767 1768AUDIT_MODULE=none 1769AC_ARG_WITH([audit], 1770 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1771 [ 1772 AC_MSG_CHECKING([for supported audit module]) 1773 case "$withval" in 1774 bsm) 1775 AC_MSG_RESULT([bsm]) 1776 AUDIT_MODULE=bsm 1777 dnl Checks for headers, libs and functions 1778 AC_CHECK_HEADERS([bsm/audit.h], [], 1779 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1780 [ 1781#ifdef HAVE_TIME_H 1782# include <time.h> 1783#endif 1784 ] 1785) 1786 AC_CHECK_LIB([bsm], [getaudit], [], 1787 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1788 AC_CHECK_FUNCS([getaudit], [], 1789 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1790 # These are optional 1791 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1792 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1793 if test "$sol2ver" -ge 11; then 1794 SSHDLIBS="$SSHDLIBS -lscf" 1795 AC_DEFINE([BROKEN_BSM_API], [1], 1796 [The system has incomplete BSM API]) 1797 fi 1798 ;; 1799 linux) 1800 AC_MSG_RESULT([linux]) 1801 AUDIT_MODULE=linux 1802 dnl Checks for headers, libs and functions 1803 AC_CHECK_HEADERS([libaudit.h]) 1804 SSHDLIBS="$SSHDLIBS -laudit" 1805 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1806 ;; 1807 debug) 1808 AUDIT_MODULE=debug 1809 AC_MSG_RESULT([debug]) 1810 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1811 ;; 1812 no) 1813 AC_MSG_RESULT([no]) 1814 ;; 1815 *) 1816 AC_MSG_ERROR([Unknown audit module $withval]) 1817 ;; 1818 esac ] 1819) 1820 1821AC_ARG_WITH([pie], 1822 [ --with-pie Build Position Independent Executables if possible], [ 1823 if test "x$withval" = "xno"; then 1824 use_pie=no 1825 fi 1826 if test "x$withval" = "xyes"; then 1827 use_pie=yes 1828 fi 1829 ] 1830) 1831if test "x$use_pie" = "x"; then 1832 use_pie=no 1833fi 1834if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1835 # Turn off automatic PIE when toolchain hardening is off. 1836 use_pie=no 1837fi 1838if test "x$use_pie" = "xauto"; then 1839 # Automatic PIE requires gcc >= 4.x 1840 AC_MSG_CHECKING([for gcc >= 4.x]) 1841 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1842#if !defined(__GNUC__) || __GNUC__ < 4 1843#error gcc is too old 1844#endif 1845]])], 1846 [ AC_MSG_RESULT([yes]) ], 1847 [ AC_MSG_RESULT([no]) 1848 use_pie=no ] 1849) 1850fi 1851if test "x$use_pie" != "xno"; then 1852 SAVED_CFLAGS="$CFLAGS" 1853 SAVED_LDFLAGS="$LDFLAGS" 1854 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1855 OSSH_CHECK_LDFLAG_LINK([-pie]) 1856 # We use both -fPIE and -pie or neither. 1857 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1858 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1859 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1860 AC_MSG_RESULT([yes]) 1861 else 1862 AC_MSG_RESULT([no]) 1863 CFLAGS="$SAVED_CFLAGS" 1864 LDFLAGS="$SAVED_LDFLAGS" 1865 fi 1866fi 1867 1868AC_MSG_CHECKING([whether -fPIC is accepted]) 1869SAVED_CFLAGS="$CFLAGS" 1870CFLAGS="$CFLAGS -fPIC" 1871AC_COMPILE_IFELSE( 1872 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1873 [AC_MSG_RESULT([yes]) 1874 PICFLAG="-fPIC"; ], 1875 [AC_MSG_RESULT([no]) 1876 PICFLAG=""; ]) 1877CFLAGS="$SAVED_CFLAGS" 1878AC_SUBST([PICFLAG]) 1879 1880dnl Checks for library functions. Please keep in alphabetical order 1881AC_CHECK_FUNCS([ \ 1882 Blowfish_initstate \ 1883 Blowfish_expandstate \ 1884 Blowfish_expand0state \ 1885 Blowfish_stream2word \ 1886 SHA256Update \ 1887 SHA384Update \ 1888 SHA512Update \ 1889 asprintf \ 1890 b64_ntop \ 1891 __b64_ntop \ 1892 b64_pton \ 1893 __b64_pton \ 1894 bcopy \ 1895 bcrypt_pbkdf \ 1896 bindresvport_sa \ 1897 blf_enc \ 1898 bzero \ 1899 cap_rights_limit \ 1900 clock \ 1901 closefrom \ 1902 close_range \ 1903 dirfd \ 1904 endgrent \ 1905 err \ 1906 errx \ 1907 explicit_bzero \ 1908 explicit_memset \ 1909 fchmod \ 1910 fchmodat \ 1911 fchown \ 1912 fchownat \ 1913 flock \ 1914 fnmatch \ 1915 freeaddrinfo \ 1916 freezero \ 1917 fstatfs \ 1918 fstatvfs \ 1919 futimes \ 1920 getaddrinfo \ 1921 getcwd \ 1922 getentropy \ 1923 getgrouplist \ 1924 getline \ 1925 getnameinfo \ 1926 getopt \ 1927 getpagesize \ 1928 getpeereid \ 1929 getpeerucred \ 1930 getpgid \ 1931 _getpty \ 1932 getrlimit \ 1933 getrandom \ 1934 getsid \ 1935 getttyent \ 1936 glob \ 1937 group_from_gid \ 1938 inet_aton \ 1939 inet_ntoa \ 1940 inet_ntop \ 1941 innetgr \ 1942 killpg \ 1943 llabs \ 1944 localtime_r \ 1945 login_getcapbool \ 1946 login_getpwclass \ 1947 memmem \ 1948 memmove \ 1949 memset_s \ 1950 mkdtemp \ 1951 ngetaddrinfo \ 1952 nsleep \ 1953 ogetaddrinfo \ 1954 openlog_r \ 1955 pledge \ 1956 poll \ 1957 ppoll \ 1958 prctl \ 1959 procctl \ 1960 pselect \ 1961 pstat \ 1962 raise \ 1963 readpassphrase \ 1964 reallocarray \ 1965 realpath \ 1966 recvmsg \ 1967 recallocarray \ 1968 rresvport_af \ 1969 sendmsg \ 1970 setdtablesize \ 1971 setegid \ 1972 setenv \ 1973 seteuid \ 1974 setgroupent \ 1975 setgroups \ 1976 setlinebuf \ 1977 setlogin \ 1978 setpassent\ 1979 setpcred \ 1980 setproctitle \ 1981 setregid \ 1982 setreuid \ 1983 setrlimit \ 1984 setsid \ 1985 setvbuf \ 1986 sigaction \ 1987 sigvec \ 1988 snprintf \ 1989 socketpair \ 1990 statfs \ 1991 statvfs \ 1992 strcasestr \ 1993 strdup \ 1994 strerror \ 1995 strlcat \ 1996 strlcpy \ 1997 strmode \ 1998 strndup \ 1999 strnlen \ 2000 strnvis \ 2001 strptime \ 2002 strsignal \ 2003 strtonum \ 2004 strtoll \ 2005 strtoul \ 2006 strtoull \ 2007 swap32 \ 2008 sysconf \ 2009 tcgetpgrp \ 2010 timegm \ 2011 timingsafe_bcmp \ 2012 truncate \ 2013 unsetenv \ 2014 updwtmpx \ 2015 utimensat \ 2016 user_from_uid \ 2017 usleep \ 2018 vasprintf \ 2019 vsnprintf \ 2020 waitpid \ 2021 warn \ 2022]) 2023 2024AC_CHECK_DECLS([bzero, memmem]) 2025 2026dnl Wide character support. 2027AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 2028 2029TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 2030AC_MSG_CHECKING([for utf8 locale support]) 2031AC_RUN_IFELSE( 2032 [AC_LANG_PROGRAM([[ 2033#include <locale.h> 2034#include <stdlib.h> 2035 ]], [[ 2036 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 2037 if (loc != NULL) 2038 exit(0); 2039 exit(1); 2040 ]])], 2041 AC_MSG_RESULT(yes), 2042 [AC_MSG_RESULT(no) 2043 TEST_SSH_UTF8=no], 2044 AC_MSG_WARN([cross compiling: assuming yes]) 2045) 2046 2047AC_LINK_IFELSE( 2048 [AC_LANG_PROGRAM( 2049 [[ #include <ctype.h> ]], 2050 [[ return (isblank('a')); ]])], 2051 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 2052]) 2053 2054disable_pkcs11= 2055AC_ARG_ENABLE([pkcs11], 2056 [ --disable-pkcs11 disable PKCS#11 support code [no]], 2057 [ 2058 if test "x$enableval" = "xno" ; then 2059 disable_pkcs11=1 2060 fi 2061 ] 2062) 2063 2064disable_sk= 2065AC_ARG_ENABLE([security-key], 2066 [ --disable-security-key disable U2F/FIDO support code [no]], 2067 [ 2068 if test "x$enableval" = "xno" ; then 2069 disable_sk=1 2070 fi 2071 ] 2072) 2073enable_sk_internal= 2074AC_ARG_WITH([security-key-builtin], 2075 [ --with-security-key-builtin include builtin U2F/FIDO support], 2076 [ enable_sk_internal=$withval ] 2077) 2078 2079enable_dsa= 2080AC_ARG_ENABLE([dsa-keys], 2081 [ --enable-dsa-keys enable DSA key support [no]], 2082 [ 2083 if test "x$enableval" != "xno" ; then 2084 enable_dsa=1 2085 fi 2086 ] 2087) 2088 2089AC_SEARCH_LIBS([dlopen], [dl]) 2090AC_CHECK_FUNCS([dlopen]) 2091AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 2092 2093# IRIX has a const char return value for gai_strerror() 2094AC_CHECK_FUNCS([gai_strerror], [ 2095 AC_DEFINE([HAVE_GAI_STRERROR]) 2096 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2097#include <sys/types.h> 2098#include <sys/socket.h> 2099#include <netdb.h> 2100 2101const char *gai_strerror(int); 2102 ]], [[ 2103 char *str; 2104 str = gai_strerror(0); 2105 ]])], [ 2106 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 2107 [Define if gai_strerror() returns const char *])], [])]) 2108 2109AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 2110 [Some systems put nanosleep outside of libc])]) 2111 2112AC_SEARCH_LIBS([clock_gettime], [rt], 2113 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 2114 2115dnl check if we need -D_REENTRANT for localtime_r declaration. 2116AC_CHECK_DECL([localtime_r], [], 2117 [ saved_CPPFLAGS="$CPPFLAGS" 2118 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 2119 unset ac_cv_have_decl_localtime_r 2120 AC_CHECK_DECL([localtime_r], [], 2121 [ CPPFLAGS="$saved_CPPFLAGS" ], 2122 [ #include <time.h> ] 2123 ) 2124 ], 2125 [ #include <time.h> ] 2126) 2127 2128dnl Make sure prototypes are defined for these before using them. 2129AC_CHECK_DECL([strsep], 2130 [AC_CHECK_FUNCS([strsep])], 2131 [], 2132 [ 2133#ifdef HAVE_STRING_H 2134# include <string.h> 2135#endif 2136 ]) 2137 2138dnl tcsendbreak might be a macro 2139AC_CHECK_DECL([tcsendbreak], 2140 [AC_DEFINE([HAVE_TCSENDBREAK])], 2141 [AC_CHECK_FUNCS([tcsendbreak])], 2142 [#include <termios.h>] 2143) 2144 2145AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2146 2147AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2148 [ 2149#include <sys/types.h> 2150#include <sys/socket.h> 2151#include <unistd.h> 2152 ]) 2153 2154AC_CHECK_DECLS([O_NONBLOCK], , , 2155 [ 2156#include <sys/types.h> 2157#ifdef HAVE_SYS_STAT_H 2158# include <sys/stat.h> 2159#endif 2160#ifdef HAVE_FCNTL_H 2161# include <fcntl.h> 2162#endif 2163 ]) 2164 2165AC_CHECK_DECLS([ftruncate, getentropy], , , 2166 [ 2167#include <sys/types.h> 2168#include <unistd.h> 2169 ]) 2170 2171AC_CHECK_DECLS([readv, writev], , , [ 2172#include <sys/types.h> 2173#include <sys/uio.h> 2174#include <unistd.h> 2175 ]) 2176 2177AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2178#include <sys/param.h> 2179 ]) 2180 2181AC_CHECK_DECLS([offsetof], , , [ 2182#include <stddef.h> 2183 ]) 2184 2185# extra bits for select(2) 2186AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2187#include <sys/param.h> 2188#include <sys/types.h> 2189#ifdef HAVE_SYS_SYSMACROS_H 2190#include <sys/sysmacros.h> 2191#endif 2192#ifdef HAVE_SYS_SELECT_H 2193#include <sys/select.h> 2194#endif 2195#ifdef HAVE_SYS_TIME_H 2196#include <sys/time.h> 2197#endif 2198#ifdef HAVE_UNISTD_H 2199#include <unistd.h> 2200#endif 2201 ]]) 2202AC_CHECK_TYPES([fd_mask], [], [], [[ 2203#include <sys/param.h> 2204#include <sys/types.h> 2205#ifdef HAVE_SYS_SELECT_H 2206#include <sys/select.h> 2207#endif 2208#ifdef HAVE_SYS_TIME_H 2209#include <sys/time.h> 2210#endif 2211#ifdef HAVE_UNISTD_H 2212#include <unistd.h> 2213#endif 2214 ]]) 2215 2216AC_CHECK_FUNCS([setresuid], [ 2217 dnl Some platorms have setresuid that isn't implemented, test for this 2218 AC_MSG_CHECKING([if setresuid seems to work]) 2219 AC_RUN_IFELSE( 2220 [AC_LANG_PROGRAM([[ 2221#include <errno.h> 2222#include <stdlib.h> 2223#include <unistd.h> 2224 ]], [[ 2225 errno=0; 2226 setresuid(0,0,0); 2227 if (errno==ENOSYS) 2228 exit(1); 2229 else 2230 exit(0); 2231 ]])], 2232 [AC_MSG_RESULT([yes])], 2233 [AC_DEFINE([BROKEN_SETRESUID], [1], 2234 [Define if your setresuid() is broken]) 2235 AC_MSG_RESULT([not implemented])], 2236 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2237 ) 2238]) 2239 2240AC_CHECK_FUNCS([setresgid], [ 2241 dnl Some platorms have setresgid that isn't implemented, test for this 2242 AC_MSG_CHECKING([if setresgid seems to work]) 2243 AC_RUN_IFELSE( 2244 [AC_LANG_PROGRAM([[ 2245#include <errno.h> 2246#include <stdlib.h> 2247#include <unistd.h> 2248 ]], [[ 2249 errno=0; 2250 setresgid(0,0,0); 2251 if (errno==ENOSYS) 2252 exit(1); 2253 else 2254 exit(0); 2255 ]])], 2256 [AC_MSG_RESULT([yes])], 2257 [AC_DEFINE([BROKEN_SETRESGID], [1], 2258 [Define if your setresgid() is broken]) 2259 AC_MSG_RESULT([not implemented])], 2260 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2261 ) 2262]) 2263 2264AC_MSG_CHECKING([for working fflush(NULL)]) 2265AC_RUN_IFELSE( 2266 [AC_LANG_PROGRAM([[ 2267#include <stdio.h> 2268#include <stdlib.h> 2269 ]], 2270 [[fflush(NULL); exit(0);]])], 2271 AC_MSG_RESULT([yes]), 2272 [AC_MSG_RESULT([no]) 2273 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2274 [define if fflush(NULL) does not work])], 2275 AC_MSG_WARN([cross compiling: assuming working]) 2276) 2277 2278dnl Checks for time functions 2279AC_CHECK_FUNCS([gettimeofday time]) 2280dnl Checks for utmp functions 2281AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2282AC_CHECK_FUNCS([utmpname]) 2283dnl Checks for utmpx functions 2284AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2285AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2286dnl Checks for lastlog functions 2287AC_CHECK_FUNCS([getlastlogxbyname]) 2288 2289AC_CHECK_FUNC([daemon], 2290 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2291 [AC_CHECK_LIB([bsd], [daemon], 2292 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2293) 2294 2295AC_CHECK_FUNC([getpagesize], 2296 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2297 [Define if your libraries define getpagesize()])], 2298 [AC_CHECK_LIB([ucb], [getpagesize], 2299 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2300) 2301 2302# Check for broken snprintf 2303if test "x$ac_cv_func_snprintf" = "xyes" ; then 2304 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2305 AC_RUN_IFELSE( 2306 [AC_LANG_PROGRAM([[ 2307#include <stdio.h> 2308#include <stdlib.h> 2309 ]], 2310 [[ 2311 char b[5]; 2312 snprintf(b,5,"123456789"); 2313 exit(b[4]!='\0'); 2314 ]])], 2315 [AC_MSG_RESULT([yes])], 2316 [ 2317 AC_MSG_RESULT([no]) 2318 AC_DEFINE([BROKEN_SNPRINTF], [1], 2319 [Define if your snprintf is busted]) 2320 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2321 ], 2322 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2323 ) 2324fi 2325 2326if test "x$ac_cv_func_snprintf" = "xyes" ; then 2327 AC_MSG_CHECKING([whether snprintf understands %zu]) 2328 AC_RUN_IFELSE( 2329 [AC_LANG_PROGRAM([[ 2330#include <sys/types.h> 2331#include <stdio.h> 2332#include <stdlib.h> 2333#include <string.h> 2334 ]], 2335 [[ 2336 size_t a = 1, b = 2; 2337 char z[128]; 2338 snprintf(z, sizeof z, "%zu%zu", a, b); 2339 exit(strcmp(z, "12")); 2340 ]])], 2341 [AC_MSG_RESULT([yes])], 2342 [ 2343 AC_MSG_RESULT([no]) 2344 AC_DEFINE([BROKEN_SNPRINTF], [1], 2345 [snprintf does not understand %zu]) 2346 ], 2347 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2348 ) 2349fi 2350 2351# We depend on vsnprintf returning the right thing on overflow: the 2352# number of characters it tried to create (as per SUSv3) 2353if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2354 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2355 AC_RUN_IFELSE( 2356 [AC_LANG_PROGRAM([[ 2357#include <sys/types.h> 2358#include <stdio.h> 2359#include <stdarg.h> 2360 2361int x_snprintf(char *str, size_t count, const char *fmt, ...) 2362{ 2363 size_t ret; 2364 va_list ap; 2365 2366 va_start(ap, fmt); 2367 ret = vsnprintf(str, count, fmt, ap); 2368 va_end(ap); 2369 return ret; 2370} 2371 ]], [[ 2372char x[1]; 2373if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2374 return 1; 2375if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2376 return 1; 2377return 0; 2378 ]])], 2379 [AC_MSG_RESULT([yes])], 2380 [ 2381 AC_MSG_RESULT([no]) 2382 AC_DEFINE([BROKEN_SNPRINTF], [1], 2383 [Define if your snprintf is busted]) 2384 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2385 ], 2386 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2387 ) 2388fi 2389 2390# On systems where [v]snprintf is broken, but is declared in stdio, 2391# check that the fmt argument is const char * or just char *. 2392# This is only useful for when BROKEN_SNPRINTF 2393AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2394AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2395#include <stdio.h> 2396int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2397 ]], [[ 2398 snprintf(0, 0, 0); 2399 ]])], 2400 [AC_MSG_RESULT([yes]) 2401 AC_DEFINE([SNPRINTF_CONST], [const], 2402 [Define as const if snprintf() can declare const char *fmt])], 2403 [AC_MSG_RESULT([no]) 2404 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2405 2406# Check for missing getpeereid (or equiv) support 2407NO_PEERCHECK="" 2408if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2409 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2410 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2411#include <sys/types.h> 2412#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2413 [ AC_MSG_RESULT([yes]) 2414 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2415 ], [AC_MSG_RESULT([no]) 2416 NO_PEERCHECK=1 2417 ]) 2418fi 2419 2420dnl make sure that openpty does not reacquire controlling terminal 2421if test ! -z "$check_for_openpty_ctty_bug"; then 2422 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2423 AC_RUN_IFELSE( 2424 [AC_LANG_PROGRAM([[ 2425#include <stdio.h> 2426#include <stdlib.h> 2427#include <unistd.h> 2428#ifdef HAVE_PTY_H 2429# include <pty.h> 2430#endif 2431#include <sys/fcntl.h> 2432#include <sys/types.h> 2433#include <sys/wait.h> 2434 ]], [[ 2435 pid_t pid; 2436 int fd, ptyfd, ttyfd, status; 2437 2438 pid = fork(); 2439 if (pid < 0) { /* failed */ 2440 exit(1); 2441 } else if (pid > 0) { /* parent */ 2442 waitpid(pid, &status, 0); 2443 if (WIFEXITED(status)) 2444 exit(WEXITSTATUS(status)); 2445 else 2446 exit(2); 2447 } else { /* child */ 2448 close(0); close(1); close(2); 2449 setsid(); 2450 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2451 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2452 if (fd >= 0) 2453 exit(3); /* Acquired ctty: broken */ 2454 else 2455 exit(0); /* Did not acquire ctty: OK */ 2456 } 2457 ]])], 2458 [ 2459 AC_MSG_RESULT([yes]) 2460 ], 2461 [ 2462 AC_MSG_RESULT([no]) 2463 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2464 ], 2465 [ 2466 AC_MSG_RESULT([cross-compiling, assuming yes]) 2467 ] 2468 ) 2469fi 2470 2471if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2472 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2473 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2474 AC_RUN_IFELSE( 2475 [AC_LANG_PROGRAM([[ 2476#include <stdio.h> 2477#include <stdlib.h> 2478#include <sys/socket.h> 2479#include <netdb.h> 2480#include <errno.h> 2481#include <netinet/in.h> 2482 2483#define TEST_PORT "2222" 2484 ]], [[ 2485 int err, sock; 2486 struct addrinfo *gai_ai, *ai, hints; 2487 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2488 2489 memset(&hints, 0, sizeof(hints)); 2490 hints.ai_family = PF_UNSPEC; 2491 hints.ai_socktype = SOCK_STREAM; 2492 hints.ai_flags = AI_PASSIVE; 2493 2494 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2495 if (err != 0) { 2496 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2497 exit(1); 2498 } 2499 2500 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2501 if (ai->ai_family != AF_INET6) 2502 continue; 2503 2504 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2505 sizeof(ntop), strport, sizeof(strport), 2506 NI_NUMERICHOST|NI_NUMERICSERV); 2507 2508 if (err != 0) { 2509 if (err == EAI_SYSTEM) 2510 perror("getnameinfo EAI_SYSTEM"); 2511 else 2512 fprintf(stderr, "getnameinfo failed: %s\n", 2513 gai_strerror(err)); 2514 exit(2); 2515 } 2516 2517 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2518 if (sock < 0) 2519 perror("socket"); 2520 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2521 if (errno == EBADF) 2522 exit(3); 2523 } 2524 } 2525 exit(0); 2526 ]])], 2527 [ 2528 AC_MSG_RESULT([yes]) 2529 ], 2530 [ 2531 AC_MSG_RESULT([no]) 2532 AC_DEFINE([BROKEN_GETADDRINFO]) 2533 ], 2534 [ 2535 AC_MSG_RESULT([cross-compiling, assuming yes]) 2536 ] 2537 ) 2538fi 2539 2540if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2541 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2542 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2543 AC_RUN_IFELSE( 2544 [AC_LANG_PROGRAM([[ 2545#include <stdio.h> 2546#include <stdlib.h> 2547#include <sys/socket.h> 2548#include <netdb.h> 2549#include <errno.h> 2550#include <netinet/in.h> 2551 2552#define TEST_PORT "2222" 2553 ]], [[ 2554 int err, sock; 2555 struct addrinfo *gai_ai, *ai, hints; 2556 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2557 2558 memset(&hints, 0, sizeof(hints)); 2559 hints.ai_family = PF_UNSPEC; 2560 hints.ai_socktype = SOCK_STREAM; 2561 hints.ai_flags = AI_PASSIVE; 2562 2563 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2564 if (err != 0) { 2565 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2566 exit(1); 2567 } 2568 2569 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2570 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2571 continue; 2572 2573 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2574 sizeof(ntop), strport, sizeof(strport), 2575 NI_NUMERICHOST|NI_NUMERICSERV); 2576 2577 if (ai->ai_family == AF_INET && err != 0) { 2578 perror("getnameinfo"); 2579 exit(2); 2580 } 2581 } 2582 exit(0); 2583 ]])], 2584 [ 2585 AC_MSG_RESULT([yes]) 2586 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2587 [Define if you have a getaddrinfo that fails 2588 for the all-zeros IPv6 address]) 2589 ], 2590 [ 2591 AC_MSG_RESULT([no]) 2592 AC_DEFINE([BROKEN_GETADDRINFO]) 2593 ], 2594 [ 2595 AC_MSG_RESULT([cross-compiling, assuming no]) 2596 ] 2597 ) 2598fi 2599 2600if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2601 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2602 [#include <sys/types.h> 2603 #include <sys/socket.h> 2604 #include <netdb.h>]) 2605fi 2606 2607if test "x$check_for_conflicting_getspnam" = "x1"; then 2608 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2609 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2610#include <shadow.h> 2611#include <stdlib.h> 2612 ]], 2613 [[ exit(0); ]])], 2614 [ 2615 AC_MSG_RESULT([no]) 2616 ], 2617 [ 2618 AC_MSG_RESULT([yes]) 2619 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2620 [Conflicting defs for getspnam]) 2621 ] 2622 ) 2623fi 2624 2625dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2626dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2627dnl for over ten years). Despite this incompatibility being reported during 2628dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2629dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2630dnl implementation. Try to detect this mess, and assume the only safe option 2631dnl if we're cross compiling. 2632dnl 2633dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2634dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2635if test "x$ac_cv_func_strnvis" = "xyes"; then 2636 AC_MSG_CHECKING([for working strnvis]) 2637 AC_RUN_IFELSE( 2638 [AC_LANG_PROGRAM([[ 2639#include <signal.h> 2640#include <stdlib.h> 2641#include <string.h> 2642#include <unistd.h> 2643#include <vis.h> 2644static void sighandler(int sig) { _exit(1); } 2645 ]], [[ 2646 char dst[16]; 2647 2648 signal(SIGSEGV, sighandler); 2649 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2650 exit(0); 2651 exit(1) 2652 ]])], 2653 [AC_MSG_RESULT([yes])], 2654 [AC_MSG_RESULT([no]) 2655 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2656 [AC_MSG_WARN([cross compiling: assuming broken]) 2657 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2658 ) 2659fi 2660 2661AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2662AC_RUN_IFELSE( 2663 [AC_LANG_PROGRAM([[ 2664#ifdef HAVE_SYS_SELECT 2665# include <sys/select.h> 2666#endif 2667#include <sys/types.h> 2668#include <sys/time.h> 2669#include <stdlib.h> 2670#include <signal.h> 2671#include <unistd.h> 2672static void sighandler(int sig) { } 2673 ]], [[ 2674 int r; 2675 pid_t pid; 2676 struct sigaction sa; 2677 2678 sa.sa_handler = sighandler; 2679 sa.sa_flags = SA_RESTART; 2680 (void)sigaction(SIGTERM, &sa, NULL); 2681 if ((pid = fork()) == 0) { /* child */ 2682 pid = getppid(); 2683 sleep(1); 2684 kill(pid, SIGTERM); 2685 sleep(1); 2686 if (getppid() == pid) /* if parent did not exit, shoot it */ 2687 kill(pid, SIGKILL); 2688 exit(0); 2689 } else { /* parent */ 2690 r = select(0, NULL, NULL, NULL, NULL); 2691 } 2692 exit(r == -1 ? 0 : 1); 2693 ]])], 2694 [AC_MSG_RESULT([yes])], 2695 [AC_MSG_RESULT([no]) 2696 AC_DEFINE([NO_SA_RESTART], [1], 2697 [SA_RESTARTed signals do no interrupt select])], 2698 [AC_MSG_WARN([cross compiling: assuming yes])] 2699) 2700 2701AC_CHECK_FUNCS([getpgrp],[ 2702 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2703 AC_COMPILE_IFELSE( 2704 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2705 [ AC_MSG_RESULT([yes]) 2706 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2707 [ AC_MSG_RESULT([no]) 2708 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2709 ) 2710]) 2711 2712# Search for OpenSSL 2713saved_CPPFLAGS="$CPPFLAGS" 2714saved_LDFLAGS="$LDFLAGS" 2715openssl_bin_PATH="$PATH" 2716AC_ARG_WITH([ssl-dir], 2717 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2718 [ 2719 if test "x$openssl" = "xno" ; then 2720 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2721 fi 2722 if test "x$withval" != "xno" ; then 2723 case "$withval" in 2724 # Relative paths 2725 ./*|../*) withval="`pwd`/$withval" 2726 esac 2727 if test -d "$withval/lib"; then 2728 libcrypto_path="${withval}/lib" 2729 elif test -d "$withval/lib64"; then 2730 libcrypto_path="$withval/lib64" 2731 else 2732 # Built but not installed 2733 libcrypto_path="${withval}" 2734 fi 2735 if test -n "${rpath_opt}"; then 2736 LDFLAGS="-L${libcrypto_path} ${rpath_opt}${libcrypto_path} ${LDFLAGS}" 2737 else 2738 LDFLAGS="-L${libcrypto_path} ${LDFLAGS}" 2739 fi 2740 if test -d "$withval/include"; then 2741 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2742 else 2743 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2744 fi 2745 dnl Ensure specified openssl binary works, eg it can 2746 dnl find its runtime libraries, before trying to use. 2747 if test -x "${withval}/bin/openssl" && \ 2748 "${withval}/bin/openssl" version >/dev/null 2>&1; then 2749 openssl_bin_PATH="${withval}/bin${PATH_SEPARATOR}${PATH}" 2750 elif test -x "${withval}/apps/openssl" && \ 2751 "${withval}/apps/openssl" version >/dev/null 2>&1; then 2752 openssl_bin_PATH="${withval}/apps${PATH_SEPARATOR}${PATH}" 2753 fi 2754 fi 2755 ] 2756) 2757AC_PATH_PROGS([openssl_bin], openssl, [], [$openssl_bin_PATH]) 2758AC_SUBST(OPENSSL_BIN, [${openssl_bin}]) 2759 2760AC_ARG_WITH([openssl-header-check], 2761 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2762 [ 2763 if test "x$withval" = "xno" ; then 2764 openssl_check_nonfatal=1 2765 fi 2766 ] 2767) 2768 2769openssl_engine=no 2770AC_ARG_WITH([ssl-engine], 2771 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2772 [ 2773 if test "x$withval" != "xno" ; then 2774 if test "x$openssl" = "xno" ; then 2775 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2776 fi 2777 openssl_engine=yes 2778 fi 2779 ] 2780) 2781 2782nocrypto_saved_LIBS="$LIBS" 2783if test "x$openssl" = "xyes" ; then 2784 LIBS="-lcrypto $LIBS" 2785 CHANNELLIBS="-lcrypto $CHANNELLIBS" 2786 AC_TRY_LINK_FUNC([RAND_add], , 2787 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2788 AC_CHECK_HEADER([openssl/opensslv.h], , 2789 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2790 2791 # Determine OpenSSL header version 2792 AC_MSG_CHECKING([OpenSSL header version]) 2793 AC_RUN_IFELSE( 2794 [AC_LANG_PROGRAM([[ 2795 #include <stdlib.h> 2796 #include <stdio.h> 2797 #include <string.h> 2798 #include <openssl/opensslv.h> 2799 #define DATA "conftest.sslincver" 2800 ]], [[ 2801 FILE *fd; 2802 int rc; 2803 2804 fd = fopen(DATA,"w"); 2805 if(fd == NULL) 2806 exit(1); 2807 2808 if ((rc = fprintf(fd, "%08lx (%s)\n", 2809 (unsigned long)OPENSSL_VERSION_NUMBER, 2810 OPENSSL_VERSION_TEXT)) < 0) 2811 exit(1); 2812 2813 exit(0); 2814 ]])], 2815 [ 2816 ssl_header_ver=`cat conftest.sslincver` 2817 AC_MSG_RESULT([$ssl_header_ver]) 2818 ], 2819 [ 2820 AC_MSG_RESULT([failed]) 2821 AC_MSG_ERROR([OpenSSL version test program failed.]) 2822 ], 2823 [ 2824 AC_MSG_WARN([cross compiling: not checking]) 2825 ] 2826 ) 2827 2828 # Determining OpenSSL library version is version dependent. 2829 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2830 2831 # Determine OpenSSL library version 2832 AC_MSG_CHECKING([OpenSSL library version]) 2833 AC_RUN_IFELSE( 2834 [AC_LANG_PROGRAM([[ 2835 #include <stdio.h> 2836 #include <stdlib.h> 2837 #include <string.h> 2838 #include <openssl/opensslv.h> 2839 #include <openssl/crypto.h> 2840 #define DATA "conftest.ssllibver" 2841 ]], [[ 2842 FILE *f; 2843 /* We need these legacy bits to warn for old libcrypto */ 2844 #ifndef OPENSSL_VERSION 2845 # define OPENSSL_VERSION SSLEAY_VERSION 2846 #endif 2847 #ifndef HAVE_OPENSSL_VERSION 2848 # define OpenSSL_version SSLeay_version 2849 #endif 2850 #ifndef HAVE_OPENSSL_VERSION_NUM 2851 # define OpenSSL_version_num SSLeay 2852 #endif 2853 if ((f = fopen(DATA, "w")) == NULL) 2854 exit(1); 2855 if (fprintf(f, "%08lx (%s)", 2856 (unsigned long)OpenSSL_version_num(), 2857 OpenSSL_version(OPENSSL_VERSION)) < 0) 2858 exit(1); 2859#ifdef LIBRESSL_VERSION_NUMBER 2860 if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0) 2861 exit(1); 2862#endif 2863 if (fputc('\n', f) == EOF || fclose(f) == EOF) 2864 exit(1); 2865 exit(0); 2866 ]])], 2867 [ 2868 sslver=`cat conftest.ssllibver` 2869 ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'` 2870 # Check version is supported. 2871 case "$sslver" in 2872 100*|10100*) # 1.0.x, 1.1.0x 2873 AC_MSG_ERROR([OpenSSL >= 1.1.1 required (have "$ssl_showver")]) 2874 ;; 2875 101*) ;; # 1.1.x 2876 200*) # LibreSSL 2877 lver=`echo "$sslver" | sed 's/.*libressl-//'` 2878 case "$lver" in 2879 2*|300*) # 2.x, 3.0.0 2880 AC_MSG_ERROR([LibreSSL >= 3.1.0 required (have "$ssl_showver")]) 2881 ;; 2882 *) ;; # Assume all other versions are good. 2883 esac 2884 ;; 2885 30*) 2886 # OpenSSL 3; we use the 1.1x API 2887 # https://openssl.org/policies/general/versioning-policy.html 2888 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" 2889 ;; 2890 *) 2891 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_showver")]) 2892 ;; 2893 esac 2894 AC_MSG_RESULT([$ssl_showver]) 2895 ], 2896 [ 2897 AC_MSG_RESULT([not found]) 2898 AC_MSG_ERROR([OpenSSL library not found.]) 2899 ], 2900 [ 2901 AC_MSG_WARN([cross compiling: not checking]) 2902 ] 2903 ) 2904 2905 case "$host" in 2906 x86_64-*) 2907 case "$sslver" in 2908 3000004*) 2909 AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)]) 2910 ;; 2911 esac 2912 esac 2913 2914 # Sanity check OpenSSL headers 2915 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2916 AC_RUN_IFELSE( 2917 [AC_LANG_PROGRAM([[ 2918 #include <stdlib.h> 2919 #include <string.h> 2920 #include <openssl/opensslv.h> 2921 #include <openssl/crypto.h> 2922 ]], [[ 2923 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2924 ]])], 2925 [ 2926 AC_MSG_RESULT([yes]) 2927 ], 2928 [ 2929 AC_MSG_RESULT([no]) 2930 if test "x$openssl_check_nonfatal" = "x"; then 2931 AC_MSG_ERROR([Your OpenSSL headers do not match your 2932 library. Check config.log for details. 2933 If you are sure your installation is consistent, you can disable the check 2934 by running "./configure --without-openssl-header-check". 2935 Also see contrib/findssl.sh for help identifying header/library mismatches. 2936 ]) 2937 else 2938 AC_MSG_WARN([Your OpenSSL headers do not match your 2939 library. Check config.log for details. 2940 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2941 fi 2942 ], 2943 [ 2944 AC_MSG_WARN([cross compiling: not checking]) 2945 ] 2946 ) 2947 2948 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2949 AC_LINK_IFELSE( 2950 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2951 [[ ERR_load_crypto_strings(); ]])], 2952 [ 2953 AC_MSG_RESULT([yes]) 2954 ], 2955 [ 2956 AC_MSG_RESULT([no]) 2957 LIBS="$LIBS -ldl" 2958 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2959 AC_LINK_IFELSE( 2960 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2961 [[ ERR_load_crypto_strings(); ]])], 2962 [ 2963 AC_MSG_RESULT([yes]) 2964 CHANNELLIBS="$CHANNELLIBS -ldl" 2965 ], 2966 [ 2967 AC_MSG_RESULT([no]) 2968 ] 2969 ) 2970 ] 2971 ) 2972 2973 AC_CHECK_FUNCS([ \ 2974 BN_is_prime_ex \ 2975 DES_crypt \ 2976 DSA_generate_parameters_ex \ 2977 EVP_DigestFinal_ex \ 2978 EVP_DigestInit_ex \ 2979 EVP_MD_CTX_cleanup \ 2980 EVP_MD_CTX_copy_ex \ 2981 EVP_MD_CTX_init \ 2982 HMAC_CTX_init \ 2983 RSA_generate_key_ex \ 2984 RSA_get_default_method \ 2985 ]) 2986 2987 # OpenSSL_add_all_algorithms may be a macro. 2988 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 2989 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 2990 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 2991 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 2992 [[#include <openssl/evp.h>]] 2993 ) 2994 ) 2995 2996 # LibreSSL/OpenSSL API differences 2997 AC_CHECK_FUNCS([ \ 2998 EVP_CIPHER_CTX_iv \ 2999 EVP_CIPHER_CTX_iv_noconst \ 3000 EVP_CIPHER_CTX_get_iv \ 3001 EVP_CIPHER_CTX_get_updated_iv \ 3002 EVP_CIPHER_CTX_set_iv \ 3003 ]) 3004 3005 if test "x$openssl_engine" = "xyes" ; then 3006 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 3007 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3008 #include <openssl/engine.h> 3009 ]], [[ 3010 ENGINE_load_builtin_engines(); 3011 ENGINE_register_all_complete(); 3012 ]])], 3013 [ AC_MSG_RESULT([yes]) 3014 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 3015 [Enable OpenSSL engine support]) 3016 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 3017 ]) 3018 fi 3019 3020 # Check for OpenSSL without EVP_aes_{192,256}_cbc 3021 AC_MSG_CHECKING([whether OpenSSL lacks support for AES 192/256]) 3022 AC_LINK_IFELSE( 3023 [AC_LANG_PROGRAM([[ 3024 #include <stdlib.h> 3025 #include <string.h> 3026 #include <openssl/evp.h> 3027 ]], [[ 3028 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 3029 ]])], 3030 [ 3031 AC_MSG_RESULT([no]) 3032 ], 3033 [ 3034 AC_MSG_RESULT([yes]) 3035 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 3036 [libcrypto is missing AES 192 and 256 bit functions]) 3037 ] 3038 ) 3039 3040 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 3041 AC_LINK_IFELSE( 3042 [AC_LANG_PROGRAM([[ 3043 #include <stdlib.h> 3044 #include <string.h> 3045 #include <openssl/evp.h> 3046 ]], [[ 3047 if(EVP_DigestUpdate(NULL, NULL,0)) 3048 exit(0); 3049 ]])], 3050 [ 3051 AC_MSG_RESULT([yes]) 3052 ], 3053 [ 3054 AC_MSG_RESULT([no]) 3055 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 3056 [Define if EVP_DigestUpdate returns void]) 3057 ] 3058 ) 3059 3060 # Check for various EVP support in OpenSSL 3061 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_chacha20]) 3062 3063 # Check complete ECC support in OpenSSL 3064 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 3065 AC_LINK_IFELSE( 3066 [AC_LANG_PROGRAM([[ 3067 #include <openssl/ec.h> 3068 #include <openssl/ecdh.h> 3069 #include <openssl/ecdsa.h> 3070 #include <openssl/evp.h> 3071 #include <openssl/objects.h> 3072 #include <openssl/opensslv.h> 3073 ]], [[ 3074 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3075 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3076 ]])], 3077 [ AC_MSG_RESULT([yes]) 3078 enable_nistp256=1 ], 3079 [ AC_MSG_RESULT([no]) ] 3080 ) 3081 3082 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3083 AC_LINK_IFELSE( 3084 [AC_LANG_PROGRAM([[ 3085 #include <openssl/ec.h> 3086 #include <openssl/ecdh.h> 3087 #include <openssl/ecdsa.h> 3088 #include <openssl/evp.h> 3089 #include <openssl/objects.h> 3090 #include <openssl/opensslv.h> 3091 ]], [[ 3092 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3093 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3094 ]])], 3095 [ AC_MSG_RESULT([yes]) 3096 enable_nistp384=1 ], 3097 [ AC_MSG_RESULT([no]) ] 3098 ) 3099 3100 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3101 AC_LINK_IFELSE( 3102 [AC_LANG_PROGRAM([[ 3103 #include <openssl/ec.h> 3104 #include <openssl/ecdh.h> 3105 #include <openssl/ecdsa.h> 3106 #include <openssl/evp.h> 3107 #include <openssl/objects.h> 3108 #include <openssl/opensslv.h> 3109 ]], [[ 3110 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3111 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3112 ]])], 3113 [ AC_MSG_RESULT([yes]) 3114 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3115 AC_RUN_IFELSE( 3116 [AC_LANG_PROGRAM([[ 3117 #include <stdlib.h> 3118 #include <openssl/ec.h> 3119 #include <openssl/ecdh.h> 3120 #include <openssl/ecdsa.h> 3121 #include <openssl/evp.h> 3122 #include <openssl/objects.h> 3123 #include <openssl/opensslv.h> 3124 ]],[[ 3125 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3126 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3127 exit(e == NULL || m == NULL); 3128 ]])], 3129 [ AC_MSG_RESULT([yes]) 3130 enable_nistp521=1 ], 3131 [ AC_MSG_RESULT([no]) ], 3132 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3133 enable_nistp521=1 ] 3134 )], 3135 AC_MSG_RESULT([no]) 3136 ) 3137 3138 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3139 test x$enable_nistp521 = x1; then 3140 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3141 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3142 openssl_ecc=yes 3143 else 3144 openssl_ecc=no 3145 fi 3146 if test x$enable_nistp256 = x1; then 3147 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3148 [libcrypto has NID_X9_62_prime256v1]) 3149 else 3150 unsupported_algorithms="$unsupported_algorithms \ 3151 ecdsa-sha2-nistp256 \ 3152 ecdh-sha2-nistp256 \ 3153 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3154 fi 3155 if test x$enable_nistp384 = x1; then 3156 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3157 else 3158 unsupported_algorithms="$unsupported_algorithms \ 3159 ecdsa-sha2-nistp384 \ 3160 ecdh-sha2-nistp384 \ 3161 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3162 fi 3163 if test x$enable_nistp521 = x1; then 3164 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3165 else 3166 unsupported_algorithms="$unsupported_algorithms \ 3167 ecdh-sha2-nistp521 \ 3168 ecdsa-sha2-nistp521 \ 3169 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3170 fi 3171 3172 # Check libcrypto ED25519 support 3173 AC_CHECK_FUNCS([EVP_PKEY_get_raw_public_key]) 3174 AC_CHECK_FUNCS([EVP_PKEY_get_raw_private_key]) 3175 AC_MSG_CHECKING([whether OpenSSL has ED25519 support]) 3176 AC_LINK_IFELSE( 3177 [AC_LANG_PROGRAM([[ 3178 #include <string.h> 3179 #include <openssl/evp.h> 3180 ]], [[ 3181 unsigned char buf[64]; 3182 memset(buf, 0, sizeof(buf)); 3183 exit(EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, NULL, 3184 buf, sizeof(buf)) == NULL); 3185 ]])], 3186 [ 3187 AC_MSG_RESULT([yes]) 3188 AC_DEFINE([OPENSSL_HAS_ED25519], [1], 3189 [libcrypto has ed25519 support]) 3190 ], 3191 [ 3192 AC_MSG_RESULT([no]) 3193 ] 3194 ) 3195 3196 openssl_dsa=no 3197 if test ! -z "$enable_dsa" ; then 3198 AC_CHECK_DECLS([OPENSSL_NO_DSA], [], [ 3199 AC_CHECK_DECLS([OPENSSL_IS_BORINGSSL], [], 3200 [ openssl_dsa=yes ], 3201 [ #include <openssl/opensslconf.h> ] 3202 ) 3203 ], 3204 [ #include <openssl/opensslconf.h> ] 3205 ) 3206 AC_MSG_CHECKING([whether to enable DSA key support]) 3207 if test "x$openssl_dsa" = "xno"; then 3208 AC_MSG_ERROR([DSA requested but not supported by OpenSSL]) 3209 else 3210 AC_MSG_RESULT([yes]) 3211 AC_DEFINE([WITH_DSA], [1], 3212 [DSA keys explicitly enabled]) 3213 fi 3214 fi 3215fi 3216 3217# PKCS11/U2F depend on OpenSSL and dlopen(). 3218enable_pkcs11=yes 3219enable_sk=yes 3220if test "x$openssl" != "xyes" ; then 3221 enable_pkcs11="disabled; missing libcrypto" 3222fi 3223if test "x$ac_cv_func_dlopen" != "xyes" ; then 3224 enable_pkcs11="disabled; missing dlopen(3)" 3225 enable_sk="disabled; missing dlopen(3)" 3226fi 3227if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3228 enable_pkcs11="disabled; missing RTLD_NOW" 3229 enable_sk="disabled; missing RTLD_NOW" 3230fi 3231if test ! -z "$disable_pkcs11" ; then 3232 enable_pkcs11="disabled by user" 3233fi 3234if test ! -z "$disable_sk" ; then 3235 enable_sk="disabled by user" 3236fi 3237 3238AC_MSG_CHECKING([whether to enable PKCS11]) 3239if test "x$enable_pkcs11" = "xyes" ; then 3240 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3241fi 3242AC_MSG_RESULT([$enable_pkcs11]) 3243 3244AC_MSG_CHECKING([whether to enable U2F]) 3245if test "x$enable_sk" = "xyes" ; then 3246 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3247 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3248else 3249 # Do not try to build sk-dummy library. 3250 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3251fi 3252AC_MSG_RESULT([$enable_sk]) 3253 3254# Now check for built-in security key support. 3255if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then 3256 use_pkgconfig_for_libfido2= 3257 if test "x$PKGCONFIG" != "xno"; then 3258 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3259 if "$PKGCONFIG" libfido2; then 3260 AC_MSG_RESULT([yes]) 3261 use_pkgconfig_for_libfido2=yes 3262 else 3263 AC_MSG_RESULT([no]) 3264 fi 3265 fi 3266 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3267 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3268 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3269 else 3270 LIBFIDO2="-lfido2 -lcbor" 3271 fi 3272 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3273 fido2_error= 3274 AC_CHECK_LIB([fido2], [fido_init], 3275 [ ], 3276 [ fido2_error="missing/unusable libfido2" ], 3277 [ $OTHERLIBS ] 3278 ) 3279 AC_CHECK_HEADER([fido.h], [], 3280 [ fido2_error="missing fido.h from libfido2" ]) 3281 AC_CHECK_HEADER([fido/credman.h], [], 3282 [ fido2_error="missing fido/credman.h from libfido2" ], 3283 [ #include <fido.h> ] 3284 ) 3285 AC_MSG_CHECKING([for usable libfido2 installation]) 3286 if test ! -z "$fido2_error" ; then 3287 AC_MSG_RESULT([$fido2_error]) 3288 if test "x$enable_sk_internal" = "xyes" ; then 3289 AC_MSG_ERROR([No usable libfido2 library/headers found]) 3290 fi 3291 LIBFIDO2="" 3292 else 3293 AC_MSG_RESULT([yes]) 3294 AC_SUBST([LIBFIDO2]) 3295 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3296 [Enable for built-in U2F/FIDO support]) 3297 enable_sk="built-in" 3298 saved_LIBS="$LIBS" 3299 LIBS="$LIBFIDO2 $LIBS" 3300 AC_CHECK_FUNCS([ \ 3301 fido_assert_set_clientdata \ 3302 fido_cred_prot \ 3303 fido_cred_set_prot \ 3304 fido_cred_set_clientdata \ 3305 fido_dev_get_touch_begin \ 3306 fido_dev_get_touch_status \ 3307 fido_dev_supports_cred_prot \ 3308 fido_dev_is_winhello \ 3309 ]) 3310 LIBS="$saved_LIBS" 3311 fi 3312fi 3313 3314AC_CHECK_FUNCS([ \ 3315 arc4random \ 3316 arc4random_buf \ 3317 arc4random_stir \ 3318 arc4random_uniform \ 3319]) 3320### Configure cryptographic random number support 3321 3322# Check whether OpenSSL seeds itself 3323if test "x$openssl" = "xyes" ; then 3324 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3325 AC_RUN_IFELSE( 3326 [AC_LANG_PROGRAM([[ 3327 #include <stdlib.h> 3328 #include <string.h> 3329 #include <openssl/rand.h> 3330 ]], [[ 3331 exit(RAND_status() == 1 ? 0 : 1); 3332 ]])], 3333 [ 3334 OPENSSL_SEEDS_ITSELF=yes 3335 AC_MSG_RESULT([yes]) 3336 ], 3337 [ 3338 AC_MSG_RESULT([no]) 3339 ], 3340 [ 3341 AC_MSG_WARN([cross compiling: assuming yes]) 3342 # This is safe, since we will fatal() at runtime if 3343 # OpenSSL is not seeded correctly. 3344 OPENSSL_SEEDS_ITSELF=yes 3345 ] 3346 ) 3347fi 3348 3349# PRNGD TCP socket 3350AC_ARG_WITH([prngd-port], 3351 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3352 [ 3353 case "$withval" in 3354 no) 3355 withval="" 3356 ;; 3357 [[0-9]]*) 3358 ;; 3359 *) 3360 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3361 ;; 3362 esac 3363 if test ! -z "$withval" ; then 3364 PRNGD_PORT="$withval" 3365 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3366 [Port number of PRNGD/EGD random number socket]) 3367 fi 3368 ] 3369) 3370 3371# PRNGD Unix domain socket 3372AC_ARG_WITH([prngd-socket], 3373 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3374 [ 3375 case "$withval" in 3376 yes) 3377 withval="/var/run/egd-pool" 3378 ;; 3379 no) 3380 withval="" 3381 ;; 3382 /*) 3383 ;; 3384 *) 3385 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3386 ;; 3387 esac 3388 3389 if test ! -z "$withval" ; then 3390 if test ! -z "$PRNGD_PORT" ; then 3391 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3392 fi 3393 if test ! -r "$withval" ; then 3394 AC_MSG_WARN([Entropy socket is not readable]) 3395 fi 3396 PRNGD_SOCKET="$withval" 3397 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3398 [Location of PRNGD/EGD random number socket]) 3399 fi 3400 ], 3401 [ 3402 # Check for existing socket only if we don't have a random device already 3403 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3404 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3405 # Insert other locations here 3406 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3407 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3408 PRNGD_SOCKET="$sock" 3409 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3410 break; 3411 fi 3412 done 3413 if test ! -z "$PRNGD_SOCKET" ; then 3414 AC_MSG_RESULT([$PRNGD_SOCKET]) 3415 else 3416 AC_MSG_RESULT([not found]) 3417 fi 3418 fi 3419 ] 3420) 3421 3422# Which randomness source do we use? 3423if test ! -z "$PRNGD_PORT" ; then 3424 RAND_MSG="PRNGd port $PRNGD_PORT" 3425elif test ! -z "$PRNGD_SOCKET" ; then 3426 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3427elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3428 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3429 [Define if you want the OpenSSL internally seeded PRNG only]) 3430 RAND_MSG="OpenSSL internal ONLY" 3431elif test "x$openssl" = "xno" ; then 3432 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3433else 3434 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3435fi 3436LIBS="$nocrypto_saved_LIBS" 3437 3438saved_LIBS="$LIBS" 3439AC_CHECK_LIB([iaf], [ia_openinfo], [ 3440 LIBS="$LIBS -liaf" 3441 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3442 AC_DEFINE([HAVE_LIBIAF], [1], 3443 [Define if system has libiaf that supports set_id]) 3444 ]) 3445]) 3446LIBS="$saved_LIBS" 3447 3448# Check for crypt() in libcrypt. If we have it, we only need it for sshd. 3449saved_LIBS="$LIBS" 3450AC_CHECK_LIB([crypt], [crypt], [ 3451 LIBS="-lcrypt $LIBS" 3452 SSHDLIBS="-lcrypt $SSHDLIBS" 3453]) 3454AC_CHECK_FUNCS([crypt]) 3455LIBS="$saved_LIBS" 3456 3457# Check for PAM libs 3458PAM_MSG="no" 3459AC_ARG_WITH([pam], 3460 [ --with-pam Enable PAM support ], 3461 [ 3462 if test "x$withval" != "xno" ; then 3463 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3464 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3465 AC_MSG_ERROR([PAM headers not found]) 3466 fi 3467 3468 saved_LIBS="$LIBS" 3469 AC_CHECK_LIB([dl], [dlopen], , ) 3470 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3471 AC_CHECK_FUNCS([pam_getenvlist]) 3472 AC_CHECK_FUNCS([pam_putenv]) 3473 LIBS="$saved_LIBS" 3474 3475 PAM_MSG="yes" 3476 3477 SSHDLIBS="$SSHDLIBS -lpam" 3478 AC_DEFINE([USE_PAM], [1], 3479 [Define if you want to enable PAM support]) 3480 3481 if test $ac_cv_lib_dl_dlopen = yes; then 3482 case "$LIBS" in 3483 *-ldl*) 3484 # libdl already in LIBS 3485 ;; 3486 *) 3487 SSHDLIBS="$SSHDLIBS -ldl" 3488 ;; 3489 esac 3490 fi 3491 fi 3492 ] 3493) 3494 3495AC_ARG_WITH([pam-service], 3496 [ --with-pam-service=name Specify PAM service name ], 3497 [ 3498 if test "x$withval" != "xno" && \ 3499 test "x$withval" != "xyes" ; then 3500 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3501 ["$withval"], [sshd PAM service name]) 3502 fi 3503 ] 3504) 3505 3506# Check for older PAM 3507if test "x$PAM_MSG" = "xyes" ; then 3508 # Check PAM strerror arguments (old PAM) 3509 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3510 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3511#include <stdlib.h> 3512#if defined(HAVE_SECURITY_PAM_APPL_H) 3513#include <security/pam_appl.h> 3514#elif defined (HAVE_PAM_PAM_APPL_H) 3515#include <pam/pam_appl.h> 3516#endif 3517 ]], [[ 3518(void)pam_strerror((pam_handle_t *)NULL, -1); 3519 ]])], [AC_MSG_RESULT([no])], [ 3520 AC_DEFINE([HAVE_OLD_PAM], [1], 3521 [Define if you have an old version of PAM 3522 which takes only one argument to pam_strerror]) 3523 AC_MSG_RESULT([yes]) 3524 PAM_MSG="yes (old library)" 3525 3526 ]) 3527fi 3528 3529case "$host" in 3530*-*-cygwin*) 3531 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3532 ;; 3533*) 3534 SSH_PRIVSEP_USER=sshd 3535 ;; 3536esac 3537AC_ARG_WITH([privsep-user], 3538 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3539 [ 3540 if test -n "$withval" && test "x$withval" != "xno" && \ 3541 test "x${withval}" != "xyes"; then 3542 SSH_PRIVSEP_USER=$withval 3543 fi 3544 ] 3545) 3546if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3547 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3548 [Cygwin function to fetch non-privileged user for privilege separation]) 3549else 3550 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3551 [non-privileged user for privilege separation]) 3552fi 3553AC_SUBST([SSH_PRIVSEP_USER]) 3554 3555if test "x$have_linux_no_new_privs" = "x1" ; then 3556AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3557 #include <sys/types.h> 3558 #include <linux/seccomp.h> 3559]) 3560fi 3561if test "x$have_seccomp_filter" = "x1" ; then 3562AC_MSG_CHECKING([kernel for seccomp_filter support]) 3563AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3564 #include <errno.h> 3565 #include <elf.h> 3566 #include <linux/audit.h> 3567 #include <linux/seccomp.h> 3568 #include <stdlib.h> 3569 #include <sys/prctl.h> 3570 ]], 3571 [[ int i = $seccomp_audit_arch; 3572 errno = 0; 3573 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3574 exit(errno == EFAULT ? 0 : 1); ]])], 3575 [ AC_MSG_RESULT([yes]) ], [ 3576 AC_MSG_RESULT([no]) 3577 # Disable seccomp filter as a target 3578 have_seccomp_filter=0 3579 ] 3580) 3581fi 3582 3583AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[ 3584#include <sys/types.h> 3585#ifdef HAVE_POLL_H 3586#include <poll.h> 3587#endif 3588#ifdef HAVE_SYS_POLL_H 3589#include <sys/poll.h> 3590#endif 3591]]) 3592 3593AC_CHECK_TYPES([nfds_t], , , [ 3594#include <sys/types.h> 3595#ifdef HAVE_POLL_H 3596#include <poll.h> 3597#endif 3598#ifdef HAVE_SYS_POLL_H 3599#include <sys/poll.h> 3600#endif 3601]) 3602 3603# Decide which sandbox style to use 3604sandbox_arg="" 3605AC_ARG_WITH([sandbox], 3606 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3607 [ 3608 if test "x$withval" = "xyes" ; then 3609 sandbox_arg="" 3610 else 3611 sandbox_arg="$withval" 3612 fi 3613 ] 3614) 3615 3616if test "x$sandbox_arg" != "xno"; then 3617# POSIX specifies that poll() "shall fail with EINVAL if the nfds argument 3618# is greater than OPEN_MAX". On some platforms that includes implementions 3619# of select in userspace on top of poll() so check both work with rlimit 3620# NOFILES so check that both work before enabling the rlimit sandbox. 3621 AC_MSG_CHECKING([if select and/or poll works with descriptor rlimit]) 3622 AC_RUN_IFELSE( 3623 [AC_LANG_PROGRAM([[ 3624#include <sys/types.h> 3625#ifdef HAVE_SYS_TIME_H 3626# include <sys/time.h> 3627#endif 3628#include <sys/resource.h> 3629#ifdef HAVE_SYS_SELECT_H 3630# include <sys/select.h> 3631#endif 3632#ifdef HAVE_POLL_H 3633# include <poll.h> 3634#elif HAVE_SYS_POLL_H 3635# include <sys/poll.h> 3636#endif 3637#include <errno.h> 3638#include <fcntl.h> 3639#include <stdlib.h> 3640 ]],[[ 3641 struct rlimit rl_zero; 3642 int fd, r; 3643 fd_set fds; 3644 struct timeval tv; 3645#ifdef HAVE_POLL 3646 struct pollfd pfd; 3647#endif 3648 3649 fd = open("/dev/null", O_RDONLY); 3650 FD_ZERO(&fds); 3651 FD_SET(fd, &fds); 3652 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3653 setrlimit(RLIMIT_FSIZE, &rl_zero); 3654 setrlimit(RLIMIT_NOFILE, &rl_zero); 3655 tv.tv_sec = 1; 3656 tv.tv_usec = 0; 3657 r = select(fd+1, &fds, NULL, NULL, &tv); 3658 if (r == -1) 3659 exit(1); 3660#ifdef HAVE_POLL 3661 pfd.fd = fd; 3662 pfd.events = POLLIN; 3663 r = poll(&pfd, 1, 1); 3664 if (r == -1) 3665 exit(2); 3666#endif 3667 exit(0); 3668 ]])], 3669 [AC_MSG_RESULT([yes]) 3670 select_works_with_rlimit=yes], 3671 [AC_MSG_RESULT([no]) 3672 select_works_with_rlimit=no], 3673 [AC_MSG_WARN([cross compiling: assuming no]) 3674 select_works_with_rlimit=no] 3675 ) 3676 3677 AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3678 AC_RUN_IFELSE( 3679 [AC_LANG_PROGRAM([[ 3680#include <sys/types.h> 3681#ifdef HAVE_SYS_TIME_H 3682# include <sys/time.h> 3683#endif 3684#include <sys/resource.h> 3685#include <errno.h> 3686#include <stdlib.h> 3687 ]],[[ 3688 struct rlimit rl_zero; 3689 int r; 3690 3691 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3692 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3693 exit (r == -1 ? 1 : 0); 3694 ]])], 3695 [AC_MSG_RESULT([yes]) 3696 rlimit_nofile_zero_works=yes], 3697 [AC_MSG_RESULT([no]) 3698 rlimit_nofile_zero_works=no], 3699 [AC_MSG_WARN([cross compiling: assuming yes]) 3700 rlimit_nofile_zero_works=yes] 3701 ) 3702 3703 AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3704 AC_RUN_IFELSE( 3705 [AC_LANG_PROGRAM([[ 3706#include <sys/types.h> 3707#include <sys/resource.h> 3708#include <stdlib.h> 3709 ]],[[ 3710 struct rlimit rl_zero; 3711 3712 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3713 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3714 ]])], 3715 [AC_MSG_RESULT([yes])], 3716 [AC_MSG_RESULT([no]) 3717 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3718 [setrlimit RLIMIT_FSIZE works])], 3719 [AC_MSG_WARN([cross compiling: assuming yes])] 3720 ) 3721fi 3722 3723if test "x$sandbox_arg" = "xpledge" || \ 3724 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3725 test "x$ac_cv_func_pledge" != "xyes" && \ 3726 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3727 SANDBOX_STYLE="pledge" 3728 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3729elif test "x$sandbox_arg" = "xsystrace" || \ 3730 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3731 test "x$have_systr_policy_kill" != "x1" && \ 3732 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3733 SANDBOX_STYLE="systrace" 3734 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3735elif test "x$sandbox_arg" = "xdarwin" || \ 3736 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3737 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3738 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3739 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3740 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3741 SANDBOX_STYLE="darwin" 3742 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3743elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3744 ( test -z "$sandbox_arg" && \ 3745 test "x$have_seccomp_filter" = "x1" && \ 3746 test "x$ac_cv_header_elf_h" = "xyes" && \ 3747 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3748 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3749 test "x$seccomp_audit_arch" != "x" && \ 3750 test "x$have_linux_no_new_privs" = "x1" && \ 3751 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3752 test "x$seccomp_audit_arch" = "x" && \ 3753 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3754 test "x$have_linux_no_new_privs" != "x1" && \ 3755 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3756 test "x$have_seccomp_filter" != "x1" && \ 3757 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3758 test "x$ac_cv_func_prctl" != "xyes" && \ 3759 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3760 SANDBOX_STYLE="seccomp_filter" 3761 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3762elif test "x$sandbox_arg" = "xcapsicum" || \ 3763 ( test -z "$sandbox_arg" && \ 3764 test "x$disable_capsicum" != "xyes" && \ 3765 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3766 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3767 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3768 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3769 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3770 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3771 SANDBOX_STYLE="capsicum" 3772 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3773elif test "x$sandbox_arg" = "xrlimit" || \ 3774 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3775 test "x$select_works_with_rlimit" = "xyes" && \ 3776 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3777 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3778 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3779 test "x$select_works_with_rlimit" != "xyes" && \ 3780 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3781 SANDBOX_STYLE="rlimit" 3782 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3783elif test "x$sandbox_arg" = "xsolaris" || \ 3784 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3785 SANDBOX_STYLE="solaris" 3786 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3787elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3788 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3789 SANDBOX_STYLE="none" 3790 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3791else 3792 AC_MSG_ERROR([unsupported --with-sandbox]) 3793fi 3794 3795# Cheap hack to ensure NEWS-OS libraries are arranged right. 3796if test ! -z "$SONY" ; then 3797 LIBS="$LIBS -liberty"; 3798fi 3799 3800# Check for long long datatypes 3801AC_CHECK_TYPES([long long, unsigned long long, long double]) 3802 3803# Check datatype sizes 3804AC_CHECK_SIZEOF([short int]) 3805AC_CHECK_SIZEOF([int]) 3806AC_CHECK_SIZEOF([long int]) 3807AC_CHECK_SIZEOF([long long int]) 3808AC_CHECK_SIZEOF([time_t], [], [[ 3809 #include <sys/types.h> 3810 #ifdef HAVE_SYS_TIME_H 3811 # include <sys/time.h> 3812 #endif 3813 #ifdef HAVE_TIME_H 3814 # include <time.h> 3815 #endif 3816 ]] 3817) 3818 3819# Sanity check long long for some platforms (AIX) 3820if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3821 ac_cv_sizeof_long_long_int=0 3822fi 3823 3824# compute LLONG_MIN and LLONG_MAX if we don't know them. 3825if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3826 AC_MSG_CHECKING([for max value of long long]) 3827 AC_RUN_IFELSE( 3828 [AC_LANG_PROGRAM([[ 3829#include <stdio.h> 3830#include <stdlib.h> 3831/* Why is this so damn hard? */ 3832#ifdef __GNUC__ 3833# undef __GNUC__ 3834#endif 3835#define __USE_ISOC99 3836#include <limits.h> 3837#define DATA "conftest.llminmax" 3838#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3839 3840/* 3841 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3842 * we do this the hard way. 3843 */ 3844static int 3845fprint_ll(FILE *f, long long n) 3846{ 3847 unsigned int i; 3848 int l[sizeof(long long) * 8]; 3849 3850 if (n < 0) 3851 if (fprintf(f, "-") < 0) 3852 return -1; 3853 for (i = 0; n != 0; i++) { 3854 l[i] = my_abs(n % 10); 3855 n /= 10; 3856 } 3857 do { 3858 if (fprintf(f, "%d", l[--i]) < 0) 3859 return -1; 3860 } while (i != 0); 3861 if (fprintf(f, " ") < 0) 3862 return -1; 3863 return 0; 3864} 3865 ]], [[ 3866 FILE *f; 3867 long long i, llmin, llmax = 0; 3868 3869 if((f = fopen(DATA,"w")) == NULL) 3870 exit(1); 3871 3872#if defined(LLONG_MIN) && defined(LLONG_MAX) 3873 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3874 llmin = LLONG_MIN; 3875 llmax = LLONG_MAX; 3876#else 3877 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3878 /* This will work on one's complement and two's complement */ 3879 for (i = 1; i > llmax; i <<= 1, i++) 3880 llmax = i; 3881 llmin = llmax + 1LL; /* wrap */ 3882#endif 3883 3884 /* Sanity check */ 3885 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3886 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3887 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3888 fprintf(f, "unknown unknown\n"); 3889 exit(2); 3890 } 3891 3892 if (fprint_ll(f, llmin) < 0) 3893 exit(3); 3894 if (fprint_ll(f, llmax) < 0) 3895 exit(4); 3896 if (fclose(f) < 0) 3897 exit(5); 3898 exit(0); 3899 ]])], 3900 [ 3901 llong_min=`$AWK '{print $1}' conftest.llminmax` 3902 llong_max=`$AWK '{print $2}' conftest.llminmax` 3903 3904 AC_MSG_RESULT([$llong_max]) 3905 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3906 [max value of long long calculated by configure]) 3907 AC_MSG_CHECKING([for min value of long long]) 3908 AC_MSG_RESULT([$llong_min]) 3909 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3910 [min value of long long calculated by configure]) 3911 ], 3912 [ 3913 AC_MSG_RESULT([not found]) 3914 ], 3915 [ 3916 AC_MSG_WARN([cross compiling: not checking]) 3917 ] 3918 ) 3919fi 3920 3921AC_CHECK_DECLS([UINT32_MAX], , , [[ 3922#ifdef HAVE_SYS_LIMITS_H 3923# include <sys/limits.h> 3924#endif 3925#ifdef HAVE_LIMITS_H 3926# include <limits.h> 3927#endif 3928#ifdef HAVE_STDINT_H 3929# include <stdint.h> 3930#endif 3931]]) 3932 3933# More checks for data types 3934AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3935 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3936 [[ u_int a; a = 1;]])], 3937 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3938 ]) 3939]) 3940if test "x$ac_cv_have_u_int" = "xyes" ; then 3941 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3942 have_u_int=1 3943fi 3944 3945AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3946 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3947 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3948 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3949 ]) 3950]) 3951if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3952 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3953 have_intxx_t=1 3954fi 3955 3956if (test -z "$have_intxx_t" && \ 3957 test "x$ac_cv_header_stdint_h" = "xyes") 3958then 3959 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3960 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3961 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3962 [ 3963 AC_DEFINE([HAVE_INTXX_T]) 3964 AC_MSG_RESULT([yes]) 3965 ], [ AC_MSG_RESULT([no]) 3966 ]) 3967fi 3968 3969AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3970 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3971#include <sys/types.h> 3972#ifdef HAVE_STDINT_H 3973# include <stdint.h> 3974#endif 3975#include <sys/socket.h> 3976#ifdef HAVE_SYS_BITYPES_H 3977# include <sys/bitypes.h> 3978#endif 3979 ]], [[ 3980int64_t a; a = 1; 3981 ]])], 3982 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3983 ]) 3984]) 3985if test "x$ac_cv_have_int64_t" = "xyes" ; then 3986 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3987fi 3988 3989AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3990 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3991 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3992 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3993 ]) 3994]) 3995if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3996 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3997 have_u_intxx_t=1 3998fi 3999 4000if test -z "$have_u_intxx_t" ; then 4001 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 4002 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 4003 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 4004 [ 4005 AC_DEFINE([HAVE_U_INTXX_T]) 4006 AC_MSG_RESULT([yes]) 4007 ], [ AC_MSG_RESULT([no]) 4008 ]) 4009fi 4010 4011AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 4012 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4013 [[ u_int64_t a; a = 1;]])], 4014 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 4015 ]) 4016]) 4017if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 4018 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 4019 have_u_int64_t=1 4020fi 4021 4022if (test -z "$have_u_int64_t" && \ 4023 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4024then 4025 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 4026 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 4027 [[ u_int64_t a; a = 1]])], 4028 [ 4029 AC_DEFINE([HAVE_U_INT64_T]) 4030 AC_MSG_RESULT([yes]) 4031 ], [ AC_MSG_RESULT([no]) 4032 ]) 4033fi 4034 4035if test -z "$have_u_intxx_t" ; then 4036 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 4037 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4038#include <sys/types.h> 4039 ]], [[ 4040 uint8_t a; 4041 uint16_t b; 4042 uint32_t c; 4043 a = b = c = 1; 4044 ]])], 4045 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 4046 ]) 4047 ]) 4048 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 4049 AC_DEFINE([HAVE_UINTXX_T], [1], 4050 [define if you have uintxx_t data type]) 4051 fi 4052fi 4053 4054if (test -z "$have_uintxx_t" && \ 4055 test "x$ac_cv_header_stdint_h" = "xyes") 4056then 4057 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 4058 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 4059 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4060 [ 4061 AC_DEFINE([HAVE_UINTXX_T]) 4062 AC_MSG_RESULT([yes]) 4063 ], [ AC_MSG_RESULT([no]) 4064 ]) 4065fi 4066 4067if (test -z "$have_uintxx_t" && \ 4068 test "x$ac_cv_header_inttypes_h" = "xyes") 4069then 4070 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 4071 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 4072 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 4073 [ 4074 AC_DEFINE([HAVE_UINTXX_T]) 4075 AC_MSG_RESULT([yes]) 4076 ], [ AC_MSG_RESULT([no]) 4077 ]) 4078fi 4079 4080if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 4081 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 4082then 4083 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 4084 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4085#include <sys/bitypes.h> 4086 ]], [[ 4087 int8_t a; int16_t b; int32_t c; 4088 u_int8_t e; u_int16_t f; u_int32_t g; 4089 a = b = c = e = f = g = 1; 4090 ]])], 4091 [ 4092 AC_DEFINE([HAVE_U_INTXX_T]) 4093 AC_DEFINE([HAVE_INTXX_T]) 4094 AC_MSG_RESULT([yes]) 4095 ], [AC_MSG_RESULT([no]) 4096 ]) 4097fi 4098 4099 4100AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 4101 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4102 [[ u_char foo; foo = 125; ]])], 4103 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 4104 ]) 4105]) 4106if test "x$ac_cv_have_u_char" = "xyes" ; then 4107 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 4108fi 4109 4110AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 4111#include <sys/types.h> 4112#ifdef HAVE_STDINT_H 4113# include <stdint.h> 4114#endif 4115]) 4116 4117TYPE_SOCKLEN_T 4118 4119AC_CHECK_TYPES([sig_atomic_t, sighandler_t], , , [#include <signal.h>]) 4120AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 4121#include <sys/types.h> 4122#ifdef HAVE_SYS_BITYPES_H 4123#include <sys/bitypes.h> 4124#endif 4125#ifdef HAVE_SYS_STATFS_H 4126#include <sys/statfs.h> 4127#endif 4128#ifdef HAVE_SYS_STATVFS_H 4129#include <sys/statvfs.h> 4130#endif 4131]) 4132 4133AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 4134#include <sys/param.h> 4135#include <sys/types.h> 4136#ifdef HAVE_SYS_BITYPES_H 4137#include <sys/bitypes.h> 4138#endif 4139#ifdef HAVE_SYS_STATFS_H 4140#include <sys/statfs.h> 4141#endif 4142#ifdef HAVE_SYS_STATVFS_H 4143#include <sys/statvfs.h> 4144#endif 4145#ifdef HAVE_SYS_VFS_H 4146#include <sys/vfs.h> 4147#endif 4148#ifdef HAVE_SYS_MOUNT_H 4149#include <sys/mount.h> 4150#endif 4151]]) 4152 4153 4154AC_CHECK_TYPES([in_addr_t, in_port_t], , , 4155[#include <sys/types.h> 4156#include <netinet/in.h>]) 4157 4158AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 4159 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4160 [[ size_t foo; foo = 1235; ]])], 4161 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 4162 ]) 4163]) 4164if test "x$ac_cv_have_size_t" = "xyes" ; then 4165 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 4166fi 4167 4168AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 4169 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4170 [[ ssize_t foo; foo = 1235; ]])], 4171 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 4172 ]) 4173]) 4174if test "x$ac_cv_have_ssize_t" = "xyes" ; then 4175 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 4176fi 4177 4178AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 4179 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4180 [[ clock_t foo; foo = 1235; ]])], 4181 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4182 ]) 4183]) 4184if test "x$ac_cv_have_clock_t" = "xyes" ; then 4185 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4186fi 4187 4188AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4189 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4190#include <sys/types.h> 4191#include <sys/socket.h> 4192 ]], [[ sa_family_t foo; foo = 1235; ]])], 4193 [ ac_cv_have_sa_family_t="yes" ], 4194 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4195#include <sys/types.h> 4196#include <sys/socket.h> 4197#include <netinet/in.h> 4198 ]], [[ sa_family_t foo; foo = 1235; ]])], 4199 [ ac_cv_have_sa_family_t="yes" ], 4200 [ ac_cv_have_sa_family_t="no" ] 4201 ) 4202 ]) 4203]) 4204if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4205 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4206 [define if you have sa_family_t data type]) 4207fi 4208 4209AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4210 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4211 [[ pid_t foo; foo = 1235; ]])], 4212 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4213 ]) 4214]) 4215if test "x$ac_cv_have_pid_t" = "xyes" ; then 4216 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4217fi 4218 4219AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4220 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4221 [[ mode_t foo; foo = 1235; ]])], 4222 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4223 ]) 4224]) 4225if test "x$ac_cv_have_mode_t" = "xyes" ; then 4226 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4227fi 4228 4229 4230AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4231 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4232#include <sys/types.h> 4233#include <sys/socket.h> 4234 ]], [[ struct sockaddr_storage s; ]])], 4235 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4236 [ ac_cv_have_struct_sockaddr_storage="no" 4237 ]) 4238]) 4239if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4240 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4241 [define if you have struct sockaddr_storage data type]) 4242fi 4243 4244AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4245 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4246#include <sys/types.h> 4247#include <netinet/in.h> 4248 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4249 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4250 [ ac_cv_have_struct_sockaddr_in6="no" 4251 ]) 4252]) 4253if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4254 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4255 [define if you have struct sockaddr_in6 data type]) 4256fi 4257 4258AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4259 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4260#include <sys/types.h> 4261#include <netinet/in.h> 4262 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4263 [ ac_cv_have_struct_in6_addr="yes" ], 4264 [ ac_cv_have_struct_in6_addr="no" 4265 ]) 4266]) 4267if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4268 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4269 [define if you have struct in6_addr data type]) 4270 4271dnl Now check for sin6_scope_id 4272 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4273 [ 4274#ifdef HAVE_SYS_TYPES_H 4275#include <sys/types.h> 4276#endif 4277#include <netinet/in.h> 4278 ]) 4279fi 4280 4281AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4282 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4283#include <sys/types.h> 4284#include <sys/socket.h> 4285#include <netdb.h> 4286 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4287 [ ac_cv_have_struct_addrinfo="yes" ], 4288 [ ac_cv_have_struct_addrinfo="no" 4289 ]) 4290]) 4291if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4292 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4293 [define if you have struct addrinfo data type]) 4294fi 4295 4296AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4297 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4298 [[ struct timeval tv; tv.tv_sec = 1;]])], 4299 [ ac_cv_have_struct_timeval="yes" ], 4300 [ ac_cv_have_struct_timeval="no" 4301 ]) 4302]) 4303if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4304 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4305 have_struct_timeval=1 4306fi 4307 4308AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4309 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4310 #ifdef HAVE_SYS_TIME_H 4311 # include <sys/time.h> 4312 #endif 4313 #ifdef HAVE_TIME_H 4314 # include <time.h> 4315 #endif 4316 ]], 4317 [[ struct timespec ts; ts.tv_sec = 1;]])], 4318 [ ac_cv_have_struct_timespec="yes" ], 4319 [ ac_cv_have_struct_timespec="no" 4320 ]) 4321]) 4322if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4323 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4324 have_struct_timespec=1 4325fi 4326 4327# We need int64_t or else certain parts of the compile will fail. 4328if test "x$ac_cv_have_int64_t" = "xno" && \ 4329 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4330 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4331 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4332 echo "an alternative compiler (I.E., GCC) before continuing." 4333 echo "" 4334 exit 1; 4335else 4336dnl test snprintf (broken on SCO w/gcc) 4337 AC_RUN_IFELSE( 4338 [AC_LANG_SOURCE([[ 4339#include <stdio.h> 4340#include <stdlib.h> 4341#include <string.h> 4342#ifdef HAVE_SNPRINTF 4343int main(void) 4344{ 4345 char buf[50]; 4346 char expected_out[50]; 4347 int mazsize = 50 ; 4348#if (SIZEOF_LONG_INT == 8) 4349 long int num = 0x7fffffffffffffff; 4350#else 4351 long long num = 0x7fffffffffffffffll; 4352#endif 4353 strcpy(expected_out, "9223372036854775807"); 4354 snprintf(buf, mazsize, "%lld", num); 4355 if(strcmp(buf, expected_out) != 0) 4356 exit(1); 4357 exit(0); 4358} 4359#else 4360int main(void) { exit(0); } 4361#endif 4362 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4363 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4364 ) 4365fi 4366 4367dnl Checks for structure members 4368OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4369OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4370OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4371OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4372OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4373OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4374OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4375OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4376OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4377OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4378OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4379OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4380OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4381OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4382OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4383OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4384OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4385OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX]) 4386 4387AC_CHECK_MEMBERS([struct stat.st_blksize]) 4388AC_CHECK_MEMBERS([struct stat.st_mtim]) 4389AC_CHECK_MEMBERS([struct stat.st_mtime]) 4390AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4391struct passwd.pw_change, struct passwd.pw_expire], 4392[], [], [[ 4393#include <sys/types.h> 4394#include <pwd.h> 4395]]) 4396 4397AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4398 [Define if we don't have struct __res_state in resolv.h])], 4399[[ 4400#include <stdio.h> 4401#if HAVE_SYS_TYPES_H 4402# include <sys/types.h> 4403#endif 4404#include <netinet/in.h> 4405#include <arpa/nameser.h> 4406#include <resolv.h> 4407]]) 4408 4409AC_CHECK_MEMBER([struct sockaddr_in.sin_len], 4410 [AC_DEFINE([SOCK_HAS_LEN], [1], [sockaddr_in has sin_len])], 4411 [], 4412 [AC_LANG_SOURCE([[ 4413#include <sys/types.h> 4414#include <sys/socket.h> 4415#include <netinet/in.h> 4416 ]])] 4417) 4418 4419AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4420 ac_cv_have_ss_family_in_struct_ss, [ 4421 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4422#include <sys/types.h> 4423#include <sys/socket.h> 4424 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4425 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4426 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4427]) 4428if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4429 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4430fi 4431 4432AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4433 ac_cv_have___ss_family_in_struct_ss, [ 4434 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4435#include <sys/types.h> 4436#include <sys/socket.h> 4437 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4438 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4439 [ ac_cv_have___ss_family_in_struct_ss="no" 4440 ]) 4441]) 4442if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4443 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4444 [Fields in struct sockaddr_storage]) 4445fi 4446 4447dnl make sure we're using the real structure members and not defines 4448AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4449 ac_cv_have_accrights_in_msghdr, [ 4450 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4451#include <sys/types.h> 4452#include <sys/socket.h> 4453#include <sys/uio.h> 4454#include <stdlib.h> 4455 ]], [[ 4456#ifdef msg_accrights 4457#error "msg_accrights is a macro" 4458exit(1); 4459#endif 4460struct msghdr m; 4461m.msg_accrights = 0; 4462exit(0); 4463 ]])], 4464 [ ac_cv_have_accrights_in_msghdr="yes" ], 4465 [ ac_cv_have_accrights_in_msghdr="no" ] 4466 ) 4467]) 4468if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4469 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4470 [Define if your system uses access rights style 4471 file descriptor passing]) 4472fi 4473 4474AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4475AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4476#include <sys/param.h> 4477#include <sys/stat.h> 4478#ifdef HAVE_SYS_TIME_H 4479# include <sys/time.h> 4480#endif 4481#ifdef HAVE_SYS_MOUNT_H 4482#include <sys/mount.h> 4483#endif 4484#ifdef HAVE_SYS_STATVFS_H 4485#include <sys/statvfs.h> 4486#endif 4487 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4488 [ AC_MSG_RESULT([yes]) ], 4489 [ AC_MSG_RESULT([no]) 4490 4491 AC_MSG_CHECKING([if fsid_t has member val]) 4492 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4493#include <sys/types.h> 4494#include <sys/statvfs.h> 4495 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4496 [ AC_MSG_RESULT([yes]) 4497 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4498 [ AC_MSG_RESULT([no]) ]) 4499 4500 AC_MSG_CHECKING([if f_fsid has member __val]) 4501 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4502#include <sys/types.h> 4503#include <sys/statvfs.h> 4504 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4505 [ AC_MSG_RESULT([yes]) 4506 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4507 [ AC_MSG_RESULT([no]) ]) 4508]) 4509 4510AC_CACHE_CHECK([for msg_control field in struct msghdr], 4511 ac_cv_have_control_in_msghdr, [ 4512 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4513#include <sys/types.h> 4514#include <sys/socket.h> 4515#include <sys/uio.h> 4516#include <stdlib.h> 4517 ]], [[ 4518#ifdef msg_control 4519#error "msg_control is a macro" 4520exit(1); 4521#endif 4522struct msghdr m; 4523m.msg_control = 0; 4524exit(0); 4525 ]])], 4526 [ ac_cv_have_control_in_msghdr="yes" ], 4527 [ ac_cv_have_control_in_msghdr="no" ] 4528 ) 4529]) 4530if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4531 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4532 [Define if your system uses ancillary data style 4533 file descriptor passing]) 4534fi 4535 4536AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4537 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4538 [[ extern char *__progname; printf("%s", __progname); ]])], 4539 [ ac_cv_libc_defines___progname="yes" ], 4540 [ ac_cv_libc_defines___progname="no" 4541 ]) 4542]) 4543if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4544 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4545fi 4546 4547AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4548 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4549 [[ printf("%s", __FUNCTION__); ]])], 4550 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4551 [ ac_cv_cc_implements___FUNCTION__="no" 4552 ]) 4553]) 4554if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4555 AC_DEFINE([HAVE___FUNCTION__], [1], 4556 [Define if compiler implements __FUNCTION__]) 4557fi 4558 4559AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4560 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4561 [[ printf("%s", __func__); ]])], 4562 [ ac_cv_cc_implements___func__="yes" ], 4563 [ ac_cv_cc_implements___func__="no" 4564 ]) 4565]) 4566if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4567 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4568fi 4569 4570AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4571 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4572#include <stdarg.h> 4573va_list x,y; 4574 ]], [[ va_copy(x,y); ]])], 4575 [ ac_cv_have_va_copy="yes" ], 4576 [ ac_cv_have_va_copy="no" 4577 ]) 4578]) 4579if test "x$ac_cv_have_va_copy" = "xyes" ; then 4580 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4581fi 4582 4583AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4584 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4585#include <stdarg.h> 4586va_list x,y; 4587 ]], [[ __va_copy(x,y); ]])], 4588 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4589 ]) 4590]) 4591if test "x$ac_cv_have___va_copy" = "xyes" ; then 4592 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4593fi 4594 4595AC_CACHE_CHECK([whether getopt has optreset support], 4596 ac_cv_have_getopt_optreset, [ 4597 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4598 [[ extern int optreset; optreset = 0; ]])], 4599 [ ac_cv_have_getopt_optreset="yes" ], 4600 [ ac_cv_have_getopt_optreset="no" 4601 ]) 4602]) 4603if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4604 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4605 [Define if your getopt(3) defines and uses optreset]) 4606fi 4607 4608AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4609 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4610[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4611 [ ac_cv_libc_defines_sys_errlist="yes" ], 4612 [ ac_cv_libc_defines_sys_errlist="no" 4613 ]) 4614]) 4615if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4616 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4617 [Define if your system defines sys_errlist[]]) 4618fi 4619 4620 4621AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4622 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4623[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4624 [ ac_cv_libc_defines_sys_nerr="yes" ], 4625 [ ac_cv_libc_defines_sys_nerr="no" 4626 ]) 4627]) 4628if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4629 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4630fi 4631 4632# Check libraries needed by DNS fingerprint support 4633AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4634 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4635 [Define if getrrsetbyname() exists])], 4636 [ 4637 # Needed by our getrrsetbyname() 4638 AC_SEARCH_LIBS([res_query], [resolv]) 4639 AC_SEARCH_LIBS([dn_expand], [resolv]) 4640 AC_MSG_CHECKING([if res_query will link]) 4641 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4642#include <sys/types.h> 4643#include <netinet/in.h> 4644#include <arpa/nameser.h> 4645#include <netdb.h> 4646#include <resolv.h> 4647 ]], [[ 4648 res_query (0, 0, 0, 0, 0); 4649 ]])], 4650 AC_MSG_RESULT([yes]), 4651 [AC_MSG_RESULT([no]) 4652 saved_LIBS="$LIBS" 4653 LIBS="$LIBS -lresolv" 4654 AC_MSG_CHECKING([for res_query in -lresolv]) 4655 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4656#include <sys/types.h> 4657#include <netinet/in.h> 4658#include <arpa/nameser.h> 4659#include <netdb.h> 4660#include <resolv.h> 4661 ]], [[ 4662 res_query (0, 0, 0, 0, 0); 4663 ]])], 4664 [AC_MSG_RESULT([yes])], 4665 [LIBS="$saved_LIBS" 4666 AC_MSG_RESULT([no])]) 4667 ]) 4668 AC_CHECK_FUNCS([_getshort _getlong]) 4669 AC_CHECK_DECLS([_getshort, _getlong], , , 4670 [#include <sys/types.h> 4671 #include <arpa/nameser.h>]) 4672 AC_CHECK_MEMBER([HEADER.ad], 4673 [AC_DEFINE([HAVE_HEADER_AD], [1], 4674 [Define if HEADER.ad exists in arpa/nameser.h])], , 4675 [#include <arpa/nameser.h>]) 4676 ]) 4677 4678AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4679AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4680#include <stdio.h> 4681#if HAVE_SYS_TYPES_H 4682# include <sys/types.h> 4683#endif 4684#include <netinet/in.h> 4685#include <arpa/nameser.h> 4686#include <resolv.h> 4687extern struct __res_state _res; 4688 ]], [[ 4689struct __res_state *volatile p = &_res; /* force resolution of _res */ 4690return 0; 4691 ]],)], 4692 [AC_MSG_RESULT([yes]) 4693 AC_DEFINE([HAVE__RES_EXTERN], [1], 4694 [Define if you have struct __res_state _res as an extern]) 4695 ], 4696 [ AC_MSG_RESULT([no]) ] 4697) 4698 4699# Check whether user wants SELinux support 4700SELINUX_MSG="no" 4701LIBSELINUX="" 4702AC_ARG_WITH([selinux], 4703 [ --with-selinux Enable SELinux support], 4704 [ if test "x$withval" != "xno" ; then 4705 save_LIBS="$LIBS" 4706 AC_DEFINE([WITH_SELINUX], [1], 4707 [Define if you want SELinux support.]) 4708 SELINUX_MSG="yes" 4709 AC_CHECK_HEADER([selinux/selinux.h], , 4710 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4711 AC_CHECK_LIB([selinux], [setexeccon], 4712 [ LIBSELINUX="-lselinux" 4713 LIBS="$LIBS -lselinux" 4714 ], 4715 AC_MSG_ERROR([SELinux support requires libselinux library])) 4716 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4717 LIBS="$save_LIBS $LIBSELINUX" 4718 fi ] 4719) 4720AC_SUBST([SSHDLIBS]) 4721 4722# Check whether user wants Kerberos 5 support 4723KRB5_MSG="no" 4724AC_ARG_WITH([kerberos5], 4725 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4726 [ if test "x$withval" != "xno" ; then 4727 if test "x$withval" = "xyes" ; then 4728 KRB5ROOT="/usr/local" 4729 else 4730 KRB5ROOT=${withval} 4731 fi 4732 4733 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4734 KRB5_MSG="yes" 4735 4736 use_pkgconfig_for_krb5= 4737 if test "x$PKGCONFIG" != "xno"; then 4738 AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5]) 4739 if "$PKGCONFIG" krb5; then 4740 AC_MSG_RESULT([yes]) 4741 use_pkgconfig_for_krb5=yes 4742 else 4743 AC_MSG_RESULT([no]) 4744 fi 4745 fi 4746 if test "x$use_pkgconfig_for_krb5" = "xyes"; then 4747 K5CFLAGS=`$PKGCONFIG --cflags krb5` 4748 K5LIBS=`$PKGCONFIG --libs krb5` 4749 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4750 4751 AC_MSG_CHECKING([for gssapi support]) 4752 if "$PKGCONFIG" krb5-gssapi; then 4753 AC_MSG_RESULT([yes]) 4754 AC_DEFINE([GSSAPI], [1], 4755 [Define this if you want GSSAPI 4756 support in the version 2 protocol]) 4757 GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`" 4758 GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`" 4759 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4760 else 4761 AC_MSG_RESULT([no]) 4762 fi 4763 AC_MSG_CHECKING([whether we are using Heimdal]) 4764 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4765 ]], [[ char *tmp = heimdal_version; ]])], 4766 [ AC_MSG_RESULT([yes]) 4767 AC_DEFINE([HEIMDAL], [1], 4768 [Define this if you are using the Heimdal 4769 version of Kerberos V5]) ], 4770 [AC_MSG_RESULT([no]) 4771 ]) 4772 else 4773 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4774 [$KRB5ROOT/bin/krb5-config], 4775 [$KRB5ROOT/bin:$PATH]) 4776 if test -x $KRB5CONF ; then 4777 K5CFLAGS="`$KRB5CONF --cflags`" 4778 K5LIBS="`$KRB5CONF --libs`" 4779 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4780 4781 AC_MSG_CHECKING([for gssapi support]) 4782 if $KRB5CONF | grep gssapi >/dev/null ; then 4783 AC_MSG_RESULT([yes]) 4784 AC_DEFINE([GSSAPI], [1], 4785 [Define this if you want GSSAPI 4786 support in the version 2 protocol]) 4787 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4788 GSSLIBS="`$KRB5CONF --libs gssapi`" 4789 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4790 else 4791 AC_MSG_RESULT([no]) 4792 fi 4793 AC_MSG_CHECKING([whether we are using Heimdal]) 4794 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4795 ]], [[ char *tmp = heimdal_version; ]])], 4796 [ AC_MSG_RESULT([yes]) 4797 AC_DEFINE([HEIMDAL], [1], 4798 [Define this if you are using the Heimdal 4799 version of Kerberos V5]) ], 4800 [AC_MSG_RESULT([no]) 4801 ]) 4802 else 4803 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4804 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4805 AC_MSG_CHECKING([whether we are using Heimdal]) 4806 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4807 ]], [[ char *tmp = heimdal_version; ]])], 4808 [ AC_MSG_RESULT([yes]) 4809 AC_DEFINE([HEIMDAL]) 4810 K5LIBS="-lkrb5" 4811 K5LIBS="$K5LIBS -lcom_err -lasn1" 4812 AC_CHECK_LIB([roken], [net_write], 4813 [K5LIBS="$K5LIBS -lroken"]) 4814 AC_CHECK_LIB([des], [des_cbc_encrypt], 4815 [K5LIBS="$K5LIBS -ldes"]) 4816 ], [ AC_MSG_RESULT([no]) 4817 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4818 ]) 4819 AC_SEARCH_LIBS([dn_expand], [resolv]) 4820 4821 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4822 [ AC_DEFINE([GSSAPI]) 4823 GSSLIBS="-lgssapi_krb5" ], 4824 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4825 [ AC_DEFINE([GSSAPI]) 4826 GSSLIBS="-lgssapi" ], 4827 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4828 [ AC_DEFINE([GSSAPI]) 4829 GSSLIBS="-lgss" ], 4830 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4831 ]) 4832 ]) 4833 4834 AC_CHECK_HEADER([gssapi.h], , 4835 [ unset ac_cv_header_gssapi_h 4836 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4837 AC_CHECK_HEADERS([gssapi.h], , 4838 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4839 ) 4840 ] 4841 ) 4842 4843 oldCPP="$CPPFLAGS" 4844 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4845 AC_CHECK_HEADER([gssapi_krb5.h], , 4846 [ CPPFLAGS="$oldCPP" ]) 4847 4848 fi 4849 fi 4850 if test -n "${rpath_opt}" ; then 4851 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4852 fi 4853 if test ! -z "$blibpath" ; then 4854 blibpath="$blibpath:${KRB5ROOT}/lib" 4855 fi 4856 4857 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4858 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4859 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4860 4861 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4862 [Define this if you want to use libkafs' AFS support])]) 4863 4864 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4865#ifdef HAVE_GSSAPI_H 4866# include <gssapi.h> 4867#elif defined(HAVE_GSSAPI_GSSAPI_H) 4868# include <gssapi/gssapi.h> 4869#endif 4870 4871#ifdef HAVE_GSSAPI_GENERIC_H 4872# include <gssapi_generic.h> 4873#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4874# include <gssapi/gssapi_generic.h> 4875#endif 4876 ]]) 4877 saved_LIBS="$LIBS" 4878 LIBS="$LIBS $K5LIBS" 4879 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4880 LIBS="$saved_LIBS" 4881 4882 fi 4883 ] 4884) 4885AC_SUBST([GSSLIBS]) 4886AC_SUBST([K5LIBS]) 4887AC_SUBST([CHANNELLIBS]) 4888 4889# Looking for programs, paths and files 4890 4891PRIVSEP_PATH=/var/empty 4892AC_ARG_WITH([privsep-path], 4893 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4894 [ 4895 if test -n "$withval" && test "x$withval" != "xno" && \ 4896 test "x${withval}" != "xyes"; then 4897 PRIVSEP_PATH=$withval 4898 fi 4899 ] 4900) 4901AC_SUBST([PRIVSEP_PATH]) 4902 4903AC_ARG_WITH([xauth], 4904 [ --with-xauth=PATH Specify path to xauth program ], 4905 [ 4906 if test -n "$withval" && test "x$withval" != "xno" && \ 4907 test "x${withval}" != "xyes"; then 4908 xauth_path=$withval 4909 fi 4910 ], 4911 [ 4912 TestPath="$PATH" 4913 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4914 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4915 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4916 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4917 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4918 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4919 xauth_path="/usr/openwin/bin/xauth" 4920 fi 4921 ] 4922) 4923 4924STRIP_OPT=-s 4925AC_ARG_ENABLE([strip], 4926 [ --disable-strip Disable calling strip(1) on install], 4927 [ 4928 if test "x$enableval" = "xno" ; then 4929 STRIP_OPT= 4930 fi 4931 ] 4932) 4933AC_SUBST([STRIP_OPT]) 4934 4935if test -z "$xauth_path" ; then 4936 XAUTH_PATH="undefined" 4937 AC_SUBST([XAUTH_PATH]) 4938else 4939 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4940 [Define if xauth is found in your path]) 4941 XAUTH_PATH=$xauth_path 4942 AC_SUBST([XAUTH_PATH]) 4943fi 4944 4945dnl # --with-maildir=/path/to/mail gets top priority. 4946dnl # if maildir is set in the platform case statement above we use that. 4947dnl # Otherwise we run a program to get the dir from system headers. 4948dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4949dnl # If we find _PATH_MAILDIR we do nothing because that is what 4950dnl # session.c expects anyway. Otherwise we set to the value found 4951dnl # stripping any trailing slash. If for some strage reason our program 4952dnl # does not find what it needs, we default to /var/spool/mail. 4953# Check for mail directory 4954AC_ARG_WITH([maildir], 4955 [ --with-maildir=/path/to/mail Specify your system mail directory], 4956 [ 4957 if test "X$withval" != X && test "x$withval" != xno && \ 4958 test "x${withval}" != xyes; then 4959 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4960 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4961 fi 4962 ],[ 4963 if test "X$maildir" != "X"; then 4964 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4965 else 4966 AC_MSG_CHECKING([Discovering system mail directory]) 4967 AC_RUN_IFELSE( 4968 [AC_LANG_PROGRAM([[ 4969#include <stdio.h> 4970#include <stdlib.h> 4971#include <string.h> 4972#ifdef HAVE_PATHS_H 4973#include <paths.h> 4974#endif 4975#ifdef HAVE_MAILLOCK_H 4976#include <maillock.h> 4977#endif 4978#define DATA "conftest.maildir" 4979 ]], [[ 4980 FILE *fd; 4981 int rc; 4982 4983 fd = fopen(DATA,"w"); 4984 if(fd == NULL) 4985 exit(1); 4986 4987#if defined (_PATH_MAILDIR) 4988 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4989 exit(1); 4990#elif defined (MAILDIR) 4991 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4992 exit(1); 4993#elif defined (_PATH_MAIL) 4994 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4995 exit(1); 4996#else 4997 exit (2); 4998#endif 4999 5000 exit(0); 5001 ]])], 5002 [ 5003 maildir_what=`awk -F: '{print $1}' conftest.maildir` 5004 maildir=`awk -F: '{print $2}' conftest.maildir \ 5005 | sed 's|/$||'` 5006 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 5007 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 5008 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 5009 fi 5010 ], 5011 [ 5012 if test "X$ac_status" = "X2";then 5013# our test program didn't find it. Default to /var/spool/mail 5014 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 5015 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 5016 else 5017 AC_MSG_RESULT([*** not found ***]) 5018 fi 5019 ], 5020 [ 5021 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 5022 ] 5023 ) 5024 fi 5025 ] 5026) # maildir 5027 5028if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 5029 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 5030 disable_ptmx_check=yes 5031fi 5032if test -z "$no_dev_ptmx" ; then 5033 if test "x$disable_ptmx_check" != "xyes" ; then 5034 AC_CHECK_FILE(["/dev/ptmx"], 5035 [ 5036 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 5037 [Define if you have /dev/ptmx]) 5038 have_dev_ptmx=1 5039 ] 5040 ) 5041 fi 5042fi 5043 5044if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 5045 AC_CHECK_FILE(["/dev/ptc"], 5046 [ 5047 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 5048 [Define if you have /dev/ptc]) 5049 have_dev_ptc=1 5050 ] 5051 ) 5052else 5053 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 5054fi 5055 5056# Options from here on. Some of these are preset by platform above 5057AC_ARG_WITH([mantype], 5058 [ --with-mantype=man|cat|doc Set man page type], 5059 [ 5060 case "$withval" in 5061 man|cat|doc) 5062 MANTYPE=$withval 5063 ;; 5064 *) 5065 AC_MSG_ERROR([invalid man type: $withval]) 5066 ;; 5067 esac 5068 ] 5069) 5070if test -z "$MANTYPE"; then 5071 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 5072 MANTYPE=doc 5073 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 5074 MANTYPE=doc 5075 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 5076 MANTYPE=man 5077 else 5078 MANTYPE=cat 5079 fi 5080fi 5081AC_SUBST([MANTYPE]) 5082if test "$MANTYPE" = "doc"; then 5083 mansubdir=man; 5084else 5085 mansubdir=$MANTYPE; 5086fi 5087AC_SUBST([mansubdir]) 5088 5089# Whether to disable shadow password support 5090AC_ARG_WITH([shadow], 5091 [ --without-shadow Disable shadow password support], 5092 [ 5093 if test "x$withval" = "xno" ; then 5094 AC_DEFINE([DISABLE_SHADOW]) 5095 disable_shadow=yes 5096 fi 5097 ] 5098) 5099 5100if test -z "$disable_shadow" ; then 5101 AC_MSG_CHECKING([if the systems has expire shadow information]) 5102 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5103#include <sys/types.h> 5104#include <shadow.h> 5105struct spwd sp; 5106 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 5107 [ sp_expire_available=yes ], [ 5108 ]) 5109 5110 if test "x$sp_expire_available" = "xyes" ; then 5111 AC_MSG_RESULT([yes]) 5112 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 5113 [Define if you want to use shadow password expire field]) 5114 else 5115 AC_MSG_RESULT([no]) 5116 fi 5117fi 5118 5119# Use ip address instead of hostname in $DISPLAY 5120if test ! -z "$IPADDR_IN_DISPLAY" ; then 5121 DISPLAY_HACK_MSG="yes" 5122 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 5123 [Define if you need to use IP address 5124 instead of hostname in $DISPLAY]) 5125else 5126 DISPLAY_HACK_MSG="no" 5127 AC_ARG_WITH([ipaddr-display], 5128 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 5129 [ 5130 if test "x$withval" != "xno" ; then 5131 AC_DEFINE([IPADDR_IN_DISPLAY]) 5132 DISPLAY_HACK_MSG="yes" 5133 fi 5134 ] 5135 ) 5136fi 5137 5138# check for /etc/default/login and use it if present. 5139AC_ARG_ENABLE([etc-default-login], 5140 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 5141 [ if test "x$enableval" = "xno"; then 5142 AC_MSG_NOTICE([/etc/default/login handling disabled]) 5143 etc_default_login=no 5144 else 5145 etc_default_login=yes 5146 fi ], 5147 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 5148 then 5149 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 5150 etc_default_login=no 5151 else 5152 etc_default_login=yes 5153 fi ] 5154) 5155 5156if test "x$etc_default_login" != "xno"; then 5157 AC_CHECK_FILE(["/etc/default/login"], 5158 [ external_path_file=/etc/default/login ]) 5159 if test "x$external_path_file" = "x/etc/default/login"; then 5160 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 5161 [Define if your system has /etc/default/login]) 5162 fi 5163fi 5164 5165dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 5166if test $ac_cv_func_login_getcapbool = "yes" && \ 5167 test $ac_cv_header_login_cap_h = "yes" ; then 5168 external_path_file=/etc/login.conf 5169fi 5170 5171# Whether to mess with the default path 5172SERVER_PATH_MSG="(default)" 5173AC_ARG_WITH([default-path], 5174 [ --with-default-path= Specify default $PATH environment for server], 5175 [ 5176 if test "x$external_path_file" = "x/etc/login.conf" ; then 5177 AC_MSG_WARN([ 5178--with-default-path=PATH has no effect on this system. 5179Edit /etc/login.conf instead.]) 5180 elif test "x$withval" != "xno" ; then 5181 if test ! -z "$external_path_file" ; then 5182 AC_MSG_WARN([ 5183--with-default-path=PATH will only be used if PATH is not defined in 5184$external_path_file .]) 5185 fi 5186 user_path="$withval" 5187 SERVER_PATH_MSG="$withval" 5188 fi 5189 ], 5190 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 5191 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 5192 else 5193 if test ! -z "$external_path_file" ; then 5194 AC_MSG_WARN([ 5195If PATH is defined in $external_path_file, ensure the path to scp is included, 5196otherwise scp will not work.]) 5197 fi 5198 AC_RUN_IFELSE( 5199 [AC_LANG_PROGRAM([[ 5200/* find out what STDPATH is */ 5201#include <stdio.h> 5202#include <stdlib.h> 5203#ifdef HAVE_PATHS_H 5204# include <paths.h> 5205#endif 5206#ifndef _PATH_STDPATH 5207# ifdef _PATH_USERPATH /* Irix */ 5208# define _PATH_STDPATH _PATH_USERPATH 5209# else 5210# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 5211# endif 5212#endif 5213#include <sys/types.h> 5214#include <sys/stat.h> 5215#include <fcntl.h> 5216#define DATA "conftest.stdpath" 5217 ]], [[ 5218 FILE *fd; 5219 int rc; 5220 5221 fd = fopen(DATA,"w"); 5222 if(fd == NULL) 5223 exit(1); 5224 5225 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5226 exit(1); 5227 5228 exit(0); 5229 ]])], 5230 [ user_path=`cat conftest.stdpath` ], 5231 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5232 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5233 ) 5234# make sure $bindir is in USER_PATH so scp will work 5235 t_bindir="${bindir}" 5236 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5237 t_bindir=`eval echo ${t_bindir}` 5238 case $t_bindir in 5239 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5240 esac 5241 case $t_bindir in 5242 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5243 esac 5244 done 5245 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5246 if test $? -ne 0 ; then 5247 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5248 if test $? -ne 0 ; then 5249 user_path=$user_path:$t_bindir 5250 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5251 fi 5252 fi 5253 fi ] 5254) 5255if test "x$external_path_file" != "x/etc/login.conf" ; then 5256 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5257 AC_SUBST([user_path]) 5258fi 5259 5260# Set superuser path separately to user path 5261AC_ARG_WITH([superuser-path], 5262 [ --with-superuser-path= Specify different path for super-user], 5263 [ 5264 if test -n "$withval" && test "x$withval" != "xno" && \ 5265 test "x${withval}" != "xyes"; then 5266 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5267 [Define if you want a different $PATH 5268 for the superuser]) 5269 superuser_path=$withval 5270 fi 5271 ] 5272) 5273 5274 5275AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5276IPV4_IN6_HACK_MSG="no" 5277AC_ARG_WITH(4in6, 5278 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5279 [ 5280 if test "x$withval" != "xno" ; then 5281 AC_MSG_RESULT([yes]) 5282 AC_DEFINE([IPV4_IN_IPV6], [1], 5283 [Detect IPv4 in IPv6 mapped addresses 5284 and treat as IPv4]) 5285 IPV4_IN6_HACK_MSG="yes" 5286 else 5287 AC_MSG_RESULT([no]) 5288 fi 5289 ], [ 5290 if test "x$inet6_default_4in6" = "xyes"; then 5291 AC_MSG_RESULT([yes (default)]) 5292 AC_DEFINE([IPV4_IN_IPV6]) 5293 IPV4_IN6_HACK_MSG="yes" 5294 else 5295 AC_MSG_RESULT([no (default)]) 5296 fi 5297 ] 5298) 5299 5300# Whether to enable BSD auth support 5301BSD_AUTH_MSG=no 5302AC_ARG_WITH([bsd-auth], 5303 [ --with-bsd-auth Enable BSD auth support], 5304 [ 5305 if test "x$withval" != "xno" ; then 5306 AC_DEFINE([BSD_AUTH], [1], 5307 [Define if you have BSD auth support]) 5308 BSD_AUTH_MSG=yes 5309 fi 5310 ] 5311) 5312 5313# Where to place sshd.pid 5314piddir=/var/run 5315# make sure the directory exists 5316if test ! -d $piddir ; then 5317 piddir=`eval echo ${sysconfdir}` 5318 case $piddir in 5319 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5320 esac 5321fi 5322 5323AC_ARG_WITH([pid-dir], 5324 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5325 [ 5326 if test -n "$withval" && test "x$withval" != "xno" && \ 5327 test "x${withval}" != "xyes"; then 5328 piddir=$withval 5329 if test ! -d $piddir ; then 5330 AC_MSG_WARN([** no $piddir directory on this system **]) 5331 fi 5332 fi 5333 ] 5334) 5335 5336AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5337 [Specify location of ssh.pid]) 5338AC_SUBST([piddir]) 5339 5340 5341AC_ARG_ENABLE([fd-passing], 5342 [ --disable-fd-passing disable file descriptor passsing [no]], 5343 [ 5344 if test "x$enableval" = "xno" ; then 5345 AC_DEFINE([DISABLE_FD_PASSING]) 5346 fi 5347 ] 5348) 5349 5350dnl allow user to disable some login recording features 5351AC_ARG_ENABLE([lastlog], 5352 [ --disable-lastlog disable use of lastlog even if detected [no]], 5353 [ 5354 if test "x$enableval" = "xno" ; then 5355 AC_DEFINE([DISABLE_LASTLOG]) 5356 fi 5357 ] 5358) 5359AC_ARG_ENABLE([utmp], 5360 [ --disable-utmp disable use of utmp even if detected [no]], 5361 [ 5362 if test "x$enableval" = "xno" ; then 5363 AC_DEFINE([DISABLE_UTMP]) 5364 fi 5365 ] 5366) 5367AC_ARG_ENABLE([utmpx], 5368 [ --disable-utmpx disable use of utmpx even if detected [no]], 5369 [ 5370 if test "x$enableval" = "xno" ; then 5371 AC_DEFINE([DISABLE_UTMPX], [1], 5372 [Define if you don't want to use utmpx]) 5373 fi 5374 ] 5375) 5376AC_ARG_ENABLE([wtmp], 5377 [ --disable-wtmp disable use of wtmp even if detected [no]], 5378 [ 5379 if test "x$enableval" = "xno" ; then 5380 AC_DEFINE([DISABLE_WTMP]) 5381 fi 5382 ] 5383) 5384AC_ARG_ENABLE([wtmpx], 5385 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5386 [ 5387 if test "x$enableval" = "xno" ; then 5388 AC_DEFINE([DISABLE_WTMPX], [1], 5389 [Define if you don't want to use wtmpx]) 5390 fi 5391 ] 5392) 5393AC_ARG_ENABLE([libutil], 5394 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5395 [ 5396 if test "x$enableval" = "xno" ; then 5397 AC_DEFINE([DISABLE_LOGIN]) 5398 fi 5399 ] 5400) 5401AC_ARG_ENABLE([pututline], 5402 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5403 [ 5404 if test "x$enableval" = "xno" ; then 5405 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5406 [Define if you don't want to use pututline() 5407 etc. to write [uw]tmp]) 5408 fi 5409 ] 5410) 5411AC_ARG_ENABLE([pututxline], 5412 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5413 [ 5414 if test "x$enableval" = "xno" ; then 5415 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5416 [Define if you don't want to use pututxline() 5417 etc. to write [uw]tmpx]) 5418 fi 5419 ] 5420) 5421AC_ARG_WITH([lastlog], 5422 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5423 [ 5424 if test "x$withval" = "xno" ; then 5425 AC_DEFINE([DISABLE_LASTLOG]) 5426 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5427 conf_lastlog_location=$withval 5428 fi 5429 ] 5430) 5431 5432dnl lastlog, [uw]tmpx? detection 5433dnl NOTE: set the paths in the platform section to avoid the 5434dnl need for command-line parameters 5435dnl lastlog and [uw]tmp are subject to a file search if all else fails 5436 5437dnl lastlog detection 5438dnl NOTE: the code itself will detect if lastlog is a directory 5439AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5440AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5441#include <sys/types.h> 5442#include <utmp.h> 5443#ifdef HAVE_LASTLOG_H 5444# include <lastlog.h> 5445#endif 5446#ifdef HAVE_PATHS_H 5447# include <paths.h> 5448#endif 5449#ifdef HAVE_LOGIN_H 5450# include <login.h> 5451#endif 5452 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5453 [ AC_MSG_RESULT([yes]) ], 5454 [ 5455 AC_MSG_RESULT([no]) 5456 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5457 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5458#include <sys/types.h> 5459#include <utmp.h> 5460#ifdef HAVE_LASTLOG_H 5461# include <lastlog.h> 5462#endif 5463#ifdef HAVE_PATHS_H 5464# include <paths.h> 5465#endif 5466 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5467 [ AC_MSG_RESULT([yes]) ], 5468 [ 5469 AC_MSG_RESULT([no]) 5470 system_lastlog_path=no 5471 ]) 5472]) 5473 5474if test -z "$conf_lastlog_location"; then 5475 if test x"$system_lastlog_path" = x"no" ; then 5476 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5477 if (test -d "$f" || test -f "$f") ; then 5478 conf_lastlog_location=$f 5479 fi 5480 done 5481 if test -z "$conf_lastlog_location"; then 5482 AC_MSG_WARN([** Cannot find lastlog **]) 5483 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5484 fi 5485 fi 5486fi 5487 5488if test -n "$conf_lastlog_location"; then 5489 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5490 [Define if you want to specify the path to your lastlog file]) 5491fi 5492 5493dnl utmp detection 5494AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5495AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5496#include <sys/types.h> 5497#include <utmp.h> 5498#ifdef HAVE_PATHS_H 5499# include <paths.h> 5500#endif 5501 ]], [[ char *utmp = UTMP_FILE; ]])], 5502 [ AC_MSG_RESULT([yes]) ], 5503 [ AC_MSG_RESULT([no]) 5504 system_utmp_path=no 5505]) 5506if test -z "$conf_utmp_location"; then 5507 if test x"$system_utmp_path" = x"no" ; then 5508 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5509 if test -f $f ; then 5510 conf_utmp_location=$f 5511 fi 5512 done 5513 if test -z "$conf_utmp_location"; then 5514 AC_DEFINE([DISABLE_UTMP]) 5515 fi 5516 fi 5517fi 5518if test -n "$conf_utmp_location"; then 5519 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5520 [Define if you want to specify the path to your utmp file]) 5521fi 5522 5523dnl wtmp detection 5524AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5525AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5526#include <sys/types.h> 5527#include <utmp.h> 5528#ifdef HAVE_PATHS_H 5529# include <paths.h> 5530#endif 5531 ]], [[ char *wtmp = WTMP_FILE; ]])], 5532 [ AC_MSG_RESULT([yes]) ], 5533 [ AC_MSG_RESULT([no]) 5534 system_wtmp_path=no 5535]) 5536if test -z "$conf_wtmp_location"; then 5537 if test x"$system_wtmp_path" = x"no" ; then 5538 for f in /usr/adm/wtmp /var/log/wtmp; do 5539 if test -f $f ; then 5540 conf_wtmp_location=$f 5541 fi 5542 done 5543 if test -z "$conf_wtmp_location"; then 5544 AC_DEFINE([DISABLE_WTMP]) 5545 fi 5546 fi 5547fi 5548if test -n "$conf_wtmp_location"; then 5549 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5550 [Define if you want to specify the path to your wtmp file]) 5551fi 5552 5553dnl wtmpx detection 5554AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5555AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5556#include <sys/types.h> 5557#include <utmp.h> 5558#ifdef HAVE_UTMPX_H 5559#include <utmpx.h> 5560#endif 5561#ifdef HAVE_PATHS_H 5562# include <paths.h> 5563#endif 5564 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5565 [ AC_MSG_RESULT([yes]) ], 5566 [ AC_MSG_RESULT([no]) 5567 system_wtmpx_path=no 5568]) 5569if test -z "$conf_wtmpx_location"; then 5570 if test x"$system_wtmpx_path" = x"no" ; then 5571 AC_DEFINE([DISABLE_WTMPX]) 5572 fi 5573else 5574 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5575 [Define if you want to specify the path to your wtmpx file]) 5576fi 5577 5578 5579if test ! -z "$blibpath" ; then 5580 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5581 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5582fi 5583 5584AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5585 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5586 AC_DEFINE([DISABLE_LASTLOG]) 5587 fi 5588 ], [ 5589#ifdef HAVE_SYS_TYPES_H 5590#include <sys/types.h> 5591#endif 5592#ifdef HAVE_UTMP_H 5593#include <utmp.h> 5594#endif 5595#ifdef HAVE_UTMPX_H 5596#include <utmpx.h> 5597#endif 5598#ifdef HAVE_LASTLOG_H 5599#include <lastlog.h> 5600#endif 5601 ]) 5602 5603AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5604 AC_DEFINE([DISABLE_UTMP]) 5605 AC_DEFINE([DISABLE_WTMP]) 5606 ], [ 5607#ifdef HAVE_SYS_TYPES_H 5608#include <sys/types.h> 5609#endif 5610#ifdef HAVE_UTMP_H 5611#include <utmp.h> 5612#endif 5613#ifdef HAVE_UTMPX_H 5614#include <utmpx.h> 5615#endif 5616#ifdef HAVE_LASTLOG_H 5617#include <lastlog.h> 5618#endif 5619 ]) 5620 5621dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5622dnl Add now. 5623CFLAGS="$CFLAGS $werror_flags" 5624 5625if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5626 TEST_SSH_IPV6=no 5627else 5628 TEST_SSH_IPV6=yes 5629fi 5630AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5631AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5632AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5633AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5634AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5635AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5636 5637# Binaries for interop tests. 5638AC_PATH_PROG([PLINK], [plink]) 5639AC_PATH_PROG([PUTTYGEN], [puttygen]) 5640AC_PATH_PROG([CONCH], [conch]) 5641AC_PATH_PROG([DROPBEAR], [dropbear]) 5642AC_PATH_PROG([DBCLIENT], [dbclient]) 5643AC_PATH_PROG([DROPBEARKEY], [dropbearkey]) 5644AC_PATH_PROG([DROPBEARCONVERT], [dropbearconvert]) 5645 5646CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5647LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5648 5649# Make a copy of CFLAGS/LDFLAGS without PIE options. 5650LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5651CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5652AC_SUBST([LDFLAGS_NOPIE]) 5653AC_SUBST([CFLAGS_NOPIE]) 5654 5655AC_EXEEXT 5656AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5657 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5658 survey.sh]) 5659AC_OUTPUT 5660 5661# Print summary of options 5662 5663# Someone please show me a better way :) 5664A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5665B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5666C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5667D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5668E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5669F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5670G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5671H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5672I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5673J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5674 5675echo "" 5676echo "OpenSSH has been configured with the following options:" 5677echo " User binaries: $B" 5678echo " System binaries: $C" 5679echo " Configuration files: $D" 5680echo " Askpass program: $E" 5681echo " Manual pages: $F" 5682echo " PID file: $G" 5683echo " Privilege separation chroot path: $H" 5684if test "x$external_path_file" = "x/etc/login.conf" ; then 5685echo " At runtime, sshd will use the path defined in $external_path_file" 5686echo " Make sure the path to scp is present, otherwise scp will not work" 5687else 5688echo " sshd default user PATH: $I" 5689 if test ! -z "$external_path_file"; then 5690echo " (If PATH is set in $external_path_file it will be used instead. If" 5691echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5692 fi 5693fi 5694if test ! -z "$superuser_path" ; then 5695echo " sshd superuser user PATH: $J" 5696fi 5697echo " Manpage format: $MANTYPE" 5698echo " PAM support: $PAM_MSG" 5699echo " OSF SIA support: $SIA_MSG" 5700echo " KerberosV support: $KRB5_MSG" 5701echo " SELinux support: $SELINUX_MSG" 5702echo " libedit support: $LIBEDIT_MSG" 5703echo " libldns support: $LDNS_MSG" 5704echo " Solaris process contract support: $SPC_MSG" 5705echo " Solaris project support: $SP_MSG" 5706echo " Solaris privilege support: $SPP_MSG" 5707echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5708echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5709echo " BSD Auth support: $BSD_AUTH_MSG" 5710echo " Random number source: $RAND_MSG" 5711echo " Privsep sandbox style: $SANDBOX_STYLE" 5712echo " PKCS#11 support: $enable_pkcs11" 5713echo " U2F/FIDO support: $enable_sk" 5714 5715echo "" 5716 5717echo " Host: ${host}" 5718echo " Compiler: ${CC}" 5719echo " Compiler flags: ${CFLAGS}" 5720echo "Preprocessor flags: ${CPPFLAGS}" 5721echo " Linker flags: ${LDFLAGS}" 5722echo " Libraries: ${LIBS}" 5723if test ! -z "${CHANNELLIBS}"; then 5724echo " +for channels: ${CHANNELLIBS}" 5725fi 5726if test ! -z "${LIBFIDO2}"; then 5727echo " +for FIDO2: ${LIBFIDO2}" 5728fi 5729if test ! -z "${SSHDLIBS}"; then 5730echo " +for sshd: ${SSHDLIBS}" 5731fi 5732 5733echo "" 5734 5735if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5736 echo "SVR4 style packages are supported with \"make package\"" 5737 echo "" 5738fi 5739 5740if test "x$PAM_MSG" = "xyes" ; then 5741 echo "PAM is enabled. You may need to install a PAM control file " 5742 echo "for sshd, otherwise password authentication may fail. " 5743 echo "Example PAM control files can be found in the contrib/ " 5744 echo "subdirectory" 5745 echo "" 5746fi 5747 5748if test ! -z "$NO_PEERCHECK" ; then 5749 echo "WARNING: the operating system that you are using does not" 5750 echo "appear to support getpeereid(), getpeerucred() or the" 5751 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5752 echo "enforce security checks to prevent unauthorised connections to" 5753 echo "ssh-agent. Their absence increases the risk that a malicious" 5754 echo "user can connect to your agent." 5755 echo "" 5756fi 5757 5758if test "$AUDIT_MODULE" = "bsm" ; then 5759 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5760 echo "See the Solaris section in README.platform for details." 5761fi 5762