1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_CONFIG_MACRO_DIR([m4]) 18AC_CONFIG_SRCDIR([ssh.c]) 19AC_LANG([C]) 20 21AC_CONFIG_HEADERS([config.h]) 22AC_PROG_CC([cc gcc]) 23 24# XXX relax this after reimplementing logit() etc. 25AC_MSG_CHECKING([if $CC supports C99-style variadic macros]) 26AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 27int f(int a, int b, int c) { return a + b + c; } 28#define F(a, ...) f(a, __VA_ARGS__) 29]], [[return F(1, 2, -3);]])], 30 [ AC_MSG_RESULT([yes]) ], 31 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ] 32) 33 34AC_CANONICAL_HOST 35AC_C_BIGENDIAN 36 37# Checks for programs. 38AC_PROG_AWK 39AC_PROG_CPP 40AC_PROG_RANLIB 41AC_PROG_INSTALL 42AC_PROG_EGREP 43AC_PROG_MKDIR_P 44AC_CHECK_TOOLS([AR], [ar]) 45AC_PATH_PROG([CAT], [cat]) 46AC_PATH_PROG([KILL], [kill]) 47AC_PATH_PROG([SED], [sed]) 48AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 49AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 50AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 51AC_PATH_PROG([SH], [sh]) 52AC_PATH_PROG([GROFF], [groff]) 53AC_PATH_PROG([NROFF], [nroff awf]) 54AC_PATH_PROG([MANDOC], [mandoc]) 55AC_SUBST([TEST_SHELL], [sh]) 56 57dnl select manpage formatter to be used to build "cat" format pages. 58if test "x$MANDOC" != "x" ; then 59 MANFMT="$MANDOC" 60elif test "x$NROFF" != "x" ; then 61 MANFMT="$NROFF -mandoc" 62elif test "x$GROFF" != "x" ; then 63 MANFMT="$GROFF -mandoc -Tascii" 64else 65 AC_MSG_WARN([no manpage formatter found]) 66 MANFMT="false" 67fi 68AC_SUBST([MANFMT]) 69 70dnl for buildpkg.sh 71AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 72 [/usr/sbin${PATH_SEPARATOR}/etc]) 73AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 74 [/usr/sbin${PATH_SEPARATOR}/etc]) 75AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 76if test -x /sbin/sh; then 77 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 78else 79 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 80fi 81 82# System features 83AC_SYS_LARGEFILE 84 85if test -z "$AR" ; then 86 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 87fi 88 89AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 90if test ! -z "$PATH_PASSWD_PROG" ; then 91 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 92 [Full path of your "passwd" program]) 93fi 94 95dnl Since autoconf doesn't support it very well, we no longer allow users to 96dnl override LD, however keeping the hook here for now in case there's a use 97dnl use case we overlooked and someone needs to re-enable it. Unless a good 98dnl reason is found we'll be removing this in future. 99LD="$CC" 100AC_SUBST([LD]) 101 102AC_C_INLINE 103 104AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 105AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 106AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 107 #include <sys/types.h> 108 #include <sys/param.h> 109 #include <dev/systrace.h> 110]) 111AC_CHECK_DECL([RLIMIT_NPROC], 112 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 113 #include <sys/types.h> 114 #include <sys/resource.h> 115]) 116AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 117 #include <sys/types.h> 118 #include <linux/prctl.h> 119]) 120 121openssl=yes 122AC_ARG_WITH([openssl], 123 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 124 [ if test "x$withval" = "xno" ; then 125 openssl=no 126 fi 127 ] 128) 129AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 130if test "x$openssl" = "xyes" ; then 131 AC_MSG_RESULT([yes]) 132 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 133else 134 AC_MSG_RESULT([no]) 135fi 136 137use_stack_protector=1 138use_toolchain_hardening=1 139AC_ARG_WITH([stackprotect], 140 [ --without-stackprotect Don't use compiler's stack protection], [ 141 if test "x$withval" = "xno"; then 142 use_stack_protector=0 143 fi ]) 144AC_ARG_WITH([hardening], 145 [ --without-hardening Don't use toolchain hardening flags], [ 146 if test "x$withval" = "xno"; then 147 use_toolchain_hardening=0 148 fi ]) 149 150# We use -Werror for the tests only so that we catch warnings like "this is 151# on by default" for things like -fPIE. 152AC_MSG_CHECKING([if $CC supports -Werror]) 153saved_CFLAGS="$CFLAGS" 154CFLAGS="$CFLAGS -Werror" 155AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 156 [ AC_MSG_RESULT([yes]) 157 WERROR="-Werror"], 158 [ AC_MSG_RESULT([no]) 159 WERROR="" ] 160) 161CFLAGS="$saved_CFLAGS" 162 163if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 164 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 165 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 166 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 167 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 168 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 169 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 170 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 171 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 172 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 173 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 174 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 175 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 176 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 177 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 178 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 179 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 180 if test "x$use_toolchain_hardening" = "x1"; then 181 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 182 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 183 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 184 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 185 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 186 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 187 # NB. -ftrapv expects certain support functions to be present in 188 # the compiler library (libgcc or similar) to detect integer operations 189 # that can overflow. We must check that the result of enabling it 190 # actually links. The test program compiled/linked includes a number 191 # of integer operations that should exercise this. 192 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 193 fi 194 AC_MSG_CHECKING([gcc version]) 195 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 196 case $GCC_VER in 197 1.*) no_attrib_nonnull=1 ;; 198 2.8* | 2.9*) 199 no_attrib_nonnull=1 200 ;; 201 2.*) no_attrib_nonnull=1 ;; 202 *) ;; 203 esac 204 AC_MSG_RESULT([$GCC_VER]) 205 206 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 207 saved_CFLAGS="$CFLAGS" 208 CFLAGS="$CFLAGS -fno-builtin-memset" 209 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 210 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 211 [ AC_MSG_RESULT([yes]) ], 212 [ AC_MSG_RESULT([no]) 213 CFLAGS="$saved_CFLAGS" ] 214 ) 215 216 # -fstack-protector-all doesn't always work for some GCC versions 217 # and/or platforms, so we test if we can. If it's not supported 218 # on a given platform gcc will emit a warning so we use -Werror. 219 if test "x$use_stack_protector" = "x1"; then 220 for t in -fstack-protector-strong -fstack-protector-all \ 221 -fstack-protector; do 222 AC_MSG_CHECKING([if $CC supports $t]) 223 saved_CFLAGS="$CFLAGS" 224 saved_LDFLAGS="$LDFLAGS" 225 CFLAGS="$CFLAGS $t -Werror" 226 LDFLAGS="$LDFLAGS $t -Werror" 227 AC_LINK_IFELSE( 228 [AC_LANG_PROGRAM([[ 229 #include <stdio.h> 230 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 231 ]], 232 [[ 233 char x[256]; 234 snprintf(x, sizeof(x), "XXX%d", func(1)); 235 ]])], 236 [ AC_MSG_RESULT([yes]) 237 CFLAGS="$saved_CFLAGS $t" 238 LDFLAGS="$saved_LDFLAGS $t" 239 AC_MSG_CHECKING([if $t works]) 240 AC_RUN_IFELSE( 241 [AC_LANG_PROGRAM([[ 242 #include <stdio.h> 243 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 244 ]], 245 [[ 246 char x[256]; 247 snprintf(x, sizeof(x), "XXX%d", func(1)); 248 ]])], 249 [ AC_MSG_RESULT([yes]) 250 break ], 251 [ AC_MSG_RESULT([no]) ], 252 [ AC_MSG_WARN([cross compiling: cannot test]) 253 break ] 254 ) 255 ], 256 [ AC_MSG_RESULT([no]) ] 257 ) 258 CFLAGS="$saved_CFLAGS" 259 LDFLAGS="$saved_LDFLAGS" 260 done 261 fi 262 263 if test -z "$have_llong_max"; then 264 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 265 unset ac_cv_have_decl_LLONG_MAX 266 saved_CFLAGS="$CFLAGS" 267 CFLAGS="$CFLAGS -std=gnu99" 268 AC_CHECK_DECL([LLONG_MAX], 269 [have_llong_max=1], 270 [CFLAGS="$saved_CFLAGS"], 271 [#include <limits.h>] 272 ) 273 fi 274fi 275 276AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 277AC_COMPILE_IFELSE( 278 [AC_LANG_PROGRAM([[ 279#include <stdlib.h> 280__attribute__((__unused__)) static void foo(void){return;}]], 281 [[ exit(0); ]])], 282 [ AC_MSG_RESULT([yes]) ], 283 [ AC_MSG_RESULT([no]) 284 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 285 [compiler does not accept __attribute__ on return types]) ] 286) 287 288AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 289AC_COMPILE_IFELSE( 290 [AC_LANG_PROGRAM([[ 291#include <stdlib.h> 292typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 293 [[ exit(0); ]])], 294 [ AC_MSG_RESULT([yes]) ], 295 [ AC_MSG_RESULT([no]) 296 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 297 [compiler does not accept __attribute__ on prototype args]) ] 298) 299 300if test "x$no_attrib_nonnull" != "x1" ; then 301 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 302fi 303 304AC_ARG_WITH([rpath], 305 [ --without-rpath Disable auto-added -R linker paths], 306 [ 307 if test "x$withval" = "xno" ; then 308 rpath_opt="" 309 elif test "x$withval" = "xyes" ; then 310 rpath_opt="-R" 311 else 312 rpath_opt="$withval" 313 fi 314 ] 315) 316 317# Allow user to specify flags 318AC_ARG_WITH([cflags], 319 [ --with-cflags Specify additional flags to pass to compiler], 320 [ 321 if test -n "$withval" && test "x$withval" != "xno" && \ 322 test "x${withval}" != "xyes"; then 323 CFLAGS="$CFLAGS $withval" 324 fi 325 ] 326) 327 328AC_ARG_WITH([cflags-after], 329 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 330 [ 331 if test -n "$withval" && test "x$withval" != "xno" && \ 332 test "x${withval}" != "xyes"; then 333 CFLAGS_AFTER="$withval" 334 fi 335 ] 336) 337AC_ARG_WITH([cppflags], 338 [ --with-cppflags Specify additional flags to pass to preprocessor] , 339 [ 340 if test -n "$withval" && test "x$withval" != "xno" && \ 341 test "x${withval}" != "xyes"; then 342 CPPFLAGS="$CPPFLAGS $withval" 343 fi 344 ] 345) 346AC_ARG_WITH([ldflags], 347 [ --with-ldflags Specify additional flags to pass to linker], 348 [ 349 if test -n "$withval" && test "x$withval" != "xno" && \ 350 test "x${withval}" != "xyes"; then 351 LDFLAGS="$LDFLAGS $withval" 352 fi 353 ] 354) 355AC_ARG_WITH([ldflags-after], 356 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 357 [ 358 if test -n "$withval" && test "x$withval" != "xno" && \ 359 test "x${withval}" != "xyes"; then 360 LDFLAGS_AFTER="$withval" 361 fi 362 ] 363) 364AC_ARG_WITH([libs], 365 [ --with-libs Specify additional libraries to link with], 366 [ 367 if test -n "$withval" && test "x$withval" != "xno" && \ 368 test "x${withval}" != "xyes"; then 369 LIBS="$LIBS $withval" 370 fi 371 ] 372) 373AC_ARG_WITH([Werror], 374 [ --with-Werror Build main code with -Werror], 375 [ 376 if test -n "$withval" && test "x$withval" != "xno"; then 377 werror_flags="-Werror" 378 if test "x${withval}" != "xyes"; then 379 werror_flags="$withval" 380 fi 381 fi 382 ] 383) 384 385AC_CHECK_HEADERS([ \ 386 blf.h \ 387 bstring.h \ 388 crypt.h \ 389 crypto/sha2.h \ 390 dirent.h \ 391 endian.h \ 392 elf.h \ 393 err.h \ 394 features.h \ 395 fcntl.h \ 396 floatingpoint.h \ 397 fnmatch.h \ 398 getopt.h \ 399 glob.h \ 400 ia.h \ 401 iaf.h \ 402 ifaddrs.h \ 403 inttypes.h \ 404 langinfo.h \ 405 limits.h \ 406 locale.h \ 407 login.h \ 408 maillock.h \ 409 ndir.h \ 410 net/if_tun.h \ 411 netdb.h \ 412 netgroup.h \ 413 pam/pam_appl.h \ 414 paths.h \ 415 poll.h \ 416 pty.h \ 417 readpassphrase.h \ 418 rpc/types.h \ 419 security/pam_appl.h \ 420 sha2.h \ 421 shadow.h \ 422 stddef.h \ 423 stdint.h \ 424 string.h \ 425 strings.h \ 426 sys/bitypes.h \ 427 sys/byteorder.h \ 428 sys/bsdtty.h \ 429 sys/cdefs.h \ 430 sys/dir.h \ 431 sys/file.h \ 432 sys/mman.h \ 433 sys/label.h \ 434 sys/ndir.h \ 435 sys/poll.h \ 436 sys/prctl.h \ 437 sys/pstat.h \ 438 sys/ptrace.h \ 439 sys/random.h \ 440 sys/select.h \ 441 sys/stat.h \ 442 sys/stream.h \ 443 sys/stropts.h \ 444 sys/strtio.h \ 445 sys/statvfs.h \ 446 sys/sysmacros.h \ 447 sys/time.h \ 448 sys/timers.h \ 449 sys/vfs.h \ 450 time.h \ 451 tmpdir.h \ 452 ttyent.h \ 453 ucred.h \ 454 unistd.h \ 455 usersec.h \ 456 util.h \ 457 utime.h \ 458 utmp.h \ 459 utmpx.h \ 460 vis.h \ 461 wchar.h \ 462]) 463 464# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 465# to be included first. 466AC_CHECK_HEADERS([sys/audit.h], [], [], [ 467#ifdef HAVE_SYS_TIME_H 468# include <sys/time.h> 469#endif 470#ifdef HAVE_SYS_TYPES_H 471# include <sys/types.h> 472#endif 473#ifdef HAVE_SYS_LABEL_H 474# include <sys/label.h> 475#endif 476]) 477 478# sys/capsicum.h requires sys/types.h 479AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ 480#ifdef HAVE_SYS_TYPES_H 481# include <sys/types.h> 482#endif 483]) 484 485# net/route.h requires sys/socket.h and sys/types.h. 486# sys/sysctl.h also requires sys/param.h 487AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 488#ifdef HAVE_SYS_TYPES_H 489# include <sys/types.h> 490#endif 491#include <sys/param.h> 492#include <sys/socket.h> 493]) 494 495# lastlog.h requires sys/time.h to be included first on Solaris 496AC_CHECK_HEADERS([lastlog.h], [], [], [ 497#ifdef HAVE_SYS_TIME_H 498# include <sys/time.h> 499#endif 500]) 501 502# sys/ptms.h requires sys/stream.h to be included first on Solaris 503AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 504#ifdef HAVE_SYS_STREAM_H 505# include <sys/stream.h> 506#endif 507]) 508 509# login_cap.h requires sys/types.h on NetBSD 510AC_CHECK_HEADERS([login_cap.h], [], [], [ 511#include <sys/types.h> 512]) 513 514# older BSDs need sys/param.h before sys/mount.h 515AC_CHECK_HEADERS([sys/mount.h], [], [], [ 516#include <sys/param.h> 517]) 518 519# Android requires sys/socket.h to be included before sys/un.h 520AC_CHECK_HEADERS([sys/un.h], [], [], [ 521#include <sys/types.h> 522#include <sys/socket.h> 523]) 524 525# Messages for features tested for in target-specific section 526SIA_MSG="no" 527SPC_MSG="no" 528SP_MSG="no" 529SPP_MSG="no" 530 531# Support for Solaris/Illumos privileges (this test is used by both 532# the --with-solaris-privs option and --with-sandbox=solaris). 533SOLARIS_PRIVS="no" 534 535# Check for some target-specific stuff 536case "$host" in 537*-*-aix*) 538 # Some versions of VAC won't allow macro redefinitions at 539 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 540 # particularly with older versions of vac or xlc. 541 # It also throws errors about null macro arguments, but these are 542 # not fatal. 543 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 544 AC_COMPILE_IFELSE( 545 [AC_LANG_PROGRAM([[ 546#define testmacro foo 547#define testmacro bar]], 548 [[ exit(0); ]])], 549 [ AC_MSG_RESULT([yes]) ], 550 [ AC_MSG_RESULT([no]) 551 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 552 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 553 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 554 ] 555 ) 556 557 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 558 if (test -z "$blibpath"); then 559 blibpath="/usr/lib:/lib" 560 fi 561 saved_LDFLAGS="$LDFLAGS" 562 if test "$GCC" = "yes"; then 563 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 564 else 565 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 566 fi 567 for tryflags in $flags ;do 568 if (test -z "$blibflags"); then 569 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 570 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 571 [blibflags=$tryflags], []) 572 fi 573 done 574 if (test -z "$blibflags"); then 575 AC_MSG_RESULT([not found]) 576 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 577 else 578 AC_MSG_RESULT([$blibflags]) 579 fi 580 LDFLAGS="$saved_LDFLAGS" 581 dnl Check for authenticate. Might be in libs.a on older AIXes 582 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 583 [Define if you want to enable AIX4's authenticate function])], 584 [AC_CHECK_LIB([s], [authenticate], 585 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 586 LIBS="$LIBS -ls" 587 ]) 588 ]) 589 dnl Check for various auth function declarations in headers. 590 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 591 passwdexpired, setauthdb], , , [#include <usersec.h>]) 592 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 593 AC_CHECK_DECLS([loginfailed], 594 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 595 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 596 [[ (void)loginfailed("user","host","tty",0); ]])], 597 [AC_MSG_RESULT([yes]) 598 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 599 [Define if your AIX loginfailed() function 600 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 601 ])], 602 [], 603 [#include <usersec.h>] 604 ) 605 AC_CHECK_FUNCS([getgrset setauthdb]) 606 AC_CHECK_DECL([F_CLOSEM], 607 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 608 [], 609 [ #include <limits.h> 610 #include <fcntl.h> ] 611 ) 612 check_for_aix_broken_getaddrinfo=1 613 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 614 [Define if your platform breaks doing a seteuid before a setuid]) 615 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 616 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 617 dnl AIX handles lastlog as part of its login message 618 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 619 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 620 [Some systems need a utmpx entry for /bin/login to work]) 621 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 622 [Define to a Set Process Title type if your system is 623 supported by bsd-setproctitle.c]) 624 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 625 [AIX 5.2 and 5.3 (and presumably newer) require this]) 626 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 627 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 628 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 629 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 630 ;; 631*-*-android*) 632 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 633 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 634 ;; 635*-*-cygwin*) 636 check_for_libcrypt_later=1 637 LIBS="$LIBS /usr/lib/textreadmode.o" 638 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 639 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 640 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 641 [Define to disable UID restoration test]) 642 AC_DEFINE([DISABLE_SHADOW], [1], 643 [Define if you want to disable shadow passwords]) 644 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 645 [Define if X11 doesn't support AF_UNIX sockets on that system]) 646 AC_DEFINE([DISABLE_FD_PASSING], [1], 647 [Define if your platform needs to skip post auth 648 file descriptor passing]) 649 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 650 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 651 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 652 # reasons which cause compile warnings, so we disable those warnings. 653 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 654 ;; 655*-*-dgux*) 656 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 657 [Define if your system choked on IP TOS setting]) 658 AC_DEFINE([SETEUID_BREAKS_SETUID]) 659 AC_DEFINE([BROKEN_SETREUID]) 660 AC_DEFINE([BROKEN_SETREGID]) 661 ;; 662*-*-darwin*) 663 use_pie=auto 664 AC_MSG_CHECKING([if we have working getaddrinfo]) 665 AC_RUN_IFELSE([AC_LANG_SOURCE([[ 666#include <mach-o/dyld.h> 667#include <stdlib.h> 668main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 669 exit(0); 670 else 671 exit(1); 672} 673 ]])], 674 [AC_MSG_RESULT([working])], 675 [AC_MSG_RESULT([buggy]) 676 AC_DEFINE([BROKEN_GETADDRINFO], [1], 677 [getaddrinfo is broken (if present)]) 678 ], 679 [AC_MSG_RESULT([assume it is working])]) 680 AC_DEFINE([SETEUID_BREAKS_SETUID]) 681 AC_DEFINE([BROKEN_SETREUID]) 682 AC_DEFINE([BROKEN_SETREGID]) 683 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 684 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 685 [Define if your resolver libs need this for getrrsetbyname]) 686 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 687 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 688 [Use tunnel device compatibility to OpenBSD]) 689 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 690 [Prepend the address family to IP tunnel traffic]) 691 m4_pattern_allow([AU_IPv]) 692 AC_CHECK_DECL([AU_IPv4], [], 693 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 694 [#include <bsm/audit.h>] 695 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 696 [Define if pututxline updates lastlog too]) 697 ) 698 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 699 [Define to a Set Process Title type if your system is 700 supported by bsd-setproctitle.c]) 701 AC_CHECK_FUNCS([sandbox_init]) 702 AC_CHECK_HEADERS([sandbox.h]) 703 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 704 SSHDLIBS="$SSHDLIBS -lsandbox" 705 ]) 706 # proc_pidinfo()-based closefrom() replacement. 707 AC_CHECK_HEADERS([libproc.h]) 708 AC_CHECK_FUNCS([proc_pidinfo]) 709 ;; 710*-*-dragonfly*) 711 SSHDLIBS="$SSHDLIBS -lcrypt" 712 TEST_MALLOC_OPTIONS="AFGJPRX" 713 ;; 714*-*-haiku*) 715 LIBS="$LIBS -lbsd " 716 CFLAGS="$CFLAGS -D_BSD_SOURCE" 717 AC_CHECK_LIB([network], [socket]) 718 AC_DEFINE([HAVE_U_INT64_T]) 719 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 720 MANTYPE=man 721 ;; 722*-*-hpux*) 723 # first we define all of the options common to all HP-UX releases 724 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 725 IPADDR_IN_DISPLAY=yes 726 AC_DEFINE([USE_PIPES]) 727 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 728 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 729 [String used in /etc/passwd to denote locked account]) 730 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 731 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 732 maildir="/var/mail" 733 LIBS="$LIBS -lsec" 734 AC_CHECK_LIB([xnet], [t_error], , 735 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 736 737 # next, we define all of the options specific to major releases 738 case "$host" in 739 *-*-hpux10*) 740 if test -z "$GCC"; then 741 CFLAGS="$CFLAGS -Ae" 742 fi 743 ;; 744 *-*-hpux11*) 745 AC_DEFINE([PAM_SUN_CODEBASE], [1], 746 [Define if you are using Solaris-derived PAM which 747 passes pam_messages to the conversation function 748 with an extra level of indirection]) 749 AC_DEFINE([DISABLE_UTMP], [1], 750 [Define if you don't want to use utmp]) 751 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 752 check_for_hpux_broken_getaddrinfo=1 753 check_for_conflicting_getspnam=1 754 ;; 755 esac 756 757 # lastly, we define options specific to minor releases 758 case "$host" in 759 *-*-hpux10.26) 760 AC_DEFINE([HAVE_SECUREWARE], [1], 761 [Define if you have SecureWare-based 762 protected password database]) 763 disable_ptmx_check=yes 764 LIBS="$LIBS -lsecpw" 765 ;; 766 esac 767 ;; 768*-*-irix5*) 769 PATH="$PATH:/usr/etc" 770 AC_DEFINE([BROKEN_INET_NTOA], [1], 771 [Define if you system's inet_ntoa is busted 772 (e.g. Irix gcc issue)]) 773 AC_DEFINE([SETEUID_BREAKS_SETUID]) 774 AC_DEFINE([BROKEN_SETREUID]) 775 AC_DEFINE([BROKEN_SETREGID]) 776 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 777 [Define if you shouldn't strip 'tty' from your 778 ttyname in [uw]tmp]) 779 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 780 ;; 781*-*-irix6*) 782 PATH="$PATH:/usr/etc" 783 AC_DEFINE([WITH_IRIX_ARRAY], [1], 784 [Define if you have/want arrays 785 (cluster-wide session management, not C arrays)]) 786 AC_DEFINE([WITH_IRIX_PROJECT], [1], 787 [Define if you want IRIX project management]) 788 AC_DEFINE([WITH_IRIX_AUDIT], [1], 789 [Define if you want IRIX audit trails]) 790 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 791 [Define if you want IRIX kernel jobs])]) 792 AC_DEFINE([BROKEN_INET_NTOA]) 793 AC_DEFINE([SETEUID_BREAKS_SETUID]) 794 AC_DEFINE([BROKEN_SETREUID]) 795 AC_DEFINE([BROKEN_SETREGID]) 796 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 797 AC_DEFINE([WITH_ABBREV_NO_TTY]) 798 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 799 ;; 800*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 801 check_for_libcrypt_later=1 802 AC_DEFINE([PAM_TTY_KLUDGE]) 803 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 804 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 805 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 806 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 807 ;; 808*-*-linux*) 809 no_dev_ptmx=1 810 use_pie=auto 811 check_for_libcrypt_later=1 812 check_for_openpty_ctty_bug=1 813 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 814 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 815 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" 816 AC_DEFINE([PAM_TTY_KLUDGE], [1], 817 [Work around problematic Linux PAM modules handling of PAM_TTY]) 818 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 819 [String used in /etc/passwd to denote locked account]) 820 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 821 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 822 [Define to whatever link() returns for "not supported" 823 if it doesn't return EOPNOTSUPP.]) 824 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 825 AC_DEFINE([USE_BTMP]) 826 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 827 inet6_default_4in6=yes 828 case `uname -r` in 829 1.*|2.0.*) 830 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 831 [Define if cmsg_type is not passed correctly]) 832 ;; 833 esac 834 # tun(4) forwarding compat code 835 AC_CHECK_HEADERS([linux/if_tun.h]) 836 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 837 AC_DEFINE([SSH_TUN_LINUX], [1], 838 [Open tunnel devices the Linux tun/tap way]) 839 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 840 [Use tunnel device compatibility to OpenBSD]) 841 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 842 [Prepend the address family to IP tunnel traffic]) 843 fi 844 AC_CHECK_HEADER([linux/if.h], 845 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 846 [Support routing domains using Linux VRF]), [], [ 847#ifdef HAVE_SYS_TYPES_H 848# include <sys/types.h> 849#endif 850 ]) 851 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 852 [], [#include <linux/types.h>]) 853 # Obtain MIPS ABI 854 case "$host" in 855 mips*) 856 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 857#if _MIPS_SIM != _ABIO32 858#error 859#endif 860 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 861#if _MIPS_SIM != _ABIN32 862#error 863#endif 864 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 865#if _MIPS_SIM != _ABI64 866#error 867#endif 868 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 869 ]) 870 ]) 871 ]) 872 ;; 873 esac 874 AC_MSG_CHECKING([for seccomp architecture]) 875 seccomp_audit_arch= 876 case "$host" in 877 x86_64-*) 878 seccomp_audit_arch=AUDIT_ARCH_X86_64 879 ;; 880 i*86-*) 881 seccomp_audit_arch=AUDIT_ARCH_I386 882 ;; 883 arm*-*) 884 seccomp_audit_arch=AUDIT_ARCH_ARM 885 ;; 886 aarch64*-*) 887 seccomp_audit_arch=AUDIT_ARCH_AARCH64 888 ;; 889 s390x-*) 890 seccomp_audit_arch=AUDIT_ARCH_S390X 891 ;; 892 s390-*) 893 seccomp_audit_arch=AUDIT_ARCH_S390 894 ;; 895 powerpc64-*) 896 seccomp_audit_arch=AUDIT_ARCH_PPC64 897 ;; 898 powerpc64le-*) 899 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 900 ;; 901 mips-*) 902 seccomp_audit_arch=AUDIT_ARCH_MIPS 903 ;; 904 mipsel-*) 905 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 906 ;; 907 mips64-*) 908 case "$mips_abi" in 909 "n32") 910 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 911 ;; 912 "n64") 913 seccomp_audit_arch=AUDIT_ARCH_MIPS64 914 ;; 915 esac 916 ;; 917 mips64el-*) 918 case "$mips_abi" in 919 "n32") 920 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 921 ;; 922 "n64") 923 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 924 ;; 925 esac 926 ;; 927 riscv64-*) 928 seccomp_audit_arch=AUDIT_ARCH_RISCV64 929 ;; 930 esac 931 if test "x$seccomp_audit_arch" != "x" ; then 932 AC_MSG_RESULT(["$seccomp_audit_arch"]) 933 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 934 [Specify the system call convention in use]) 935 else 936 AC_MSG_RESULT([architecture not supported]) 937 fi 938 ;; 939mips-sony-bsd|mips-sony-newsos4) 940 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 941 SONY=1 942 ;; 943*-*-netbsd*) 944 check_for_libcrypt_before=1 945 if test "x$withval" != "xno" ; then 946 rpath_opt="-R" 947 fi 948 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 949 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 950 AC_CHECK_HEADER([net/if_tap.h], , 951 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 952 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 953 [Prepend the address family to IP tunnel traffic]) 954 TEST_MALLOC_OPTIONS="AJRX" 955 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 956 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 957 ;; 958*-*-freebsd*) 959 check_for_libcrypt_later=1 960 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 961 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 962 AC_CHECK_HEADER([net/if_tap.h], , 963 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 964 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 965 TEST_MALLOC_OPTIONS="AJRX" 966 # Preauth crypto occasionally uses file descriptors for crypto offload 967 # and will crash if they cannot be opened. 968 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 969 [define if setrlimit RLIMIT_NOFILE breaks things]) 970 ;; 971*-*-bsdi*) 972 AC_DEFINE([SETEUID_BREAKS_SETUID]) 973 AC_DEFINE([BROKEN_SETREUID]) 974 AC_DEFINE([BROKEN_SETREGID]) 975 ;; 976*-next-*) 977 conf_lastlog_location="/usr/adm/lastlog" 978 conf_utmp_location=/etc/utmp 979 conf_wtmp_location=/usr/adm/wtmp 980 maildir=/usr/spool/mail 981 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 982 AC_DEFINE([USE_PIPES]) 983 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 984 ;; 985*-*-openbsd*) 986 use_pie=auto 987 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 988 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 989 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 990 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 991 [syslog_r function is safe to use in in a signal handler]) 992 TEST_MALLOC_OPTIONS="AFGJPRX" 993 ;; 994*-*-solaris*) 995 if test "x$withval" != "xno" ; then 996 rpath_opt="-R" 997 fi 998 AC_DEFINE([PAM_SUN_CODEBASE]) 999 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 1000 AC_DEFINE([PAM_TTY_KLUDGE]) 1001 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 1002 [Define if pam_chauthtok wants real uid set 1003 to the unpriv'ed user]) 1004 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1005 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 1006 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 1007 [Define if sshd somehow reacquires a controlling TTY 1008 after setsid()]) 1009 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1010 in case the name is longer than 8 chars]) 1011 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1012 external_path_file=/etc/default/login 1013 # hardwire lastlog location (can't detect it on some versions) 1014 conf_lastlog_location="/var/adm/lastlog" 1015 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1016 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1017 if test "$sol2ver" -ge 8; then 1018 AC_MSG_RESULT([yes]) 1019 AC_DEFINE([DISABLE_UTMP]) 1020 AC_DEFINE([DISABLE_WTMP], [1], 1021 [Define if you don't want to use wtmp]) 1022 else 1023 AC_MSG_RESULT([no]) 1024 fi 1025 AC_CHECK_FUNCS([setpflags]) 1026 AC_CHECK_FUNCS([setppriv]) 1027 AC_CHECK_FUNCS([priv_basicset]) 1028 AC_CHECK_HEADERS([priv.h]) 1029 AC_ARG_WITH([solaris-contracts], 1030 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1031 [ 1032 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1033 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1034 [Define if you have Solaris process contracts]) 1035 LIBS="$LIBS -lcontract" 1036 SPC_MSG="yes" ], ) 1037 ], 1038 ) 1039 AC_ARG_WITH([solaris-projects], 1040 [ --with-solaris-projects Enable Solaris projects (experimental)], 1041 [ 1042 AC_CHECK_LIB([project], [setproject], 1043 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1044 [Define if you have Solaris projects]) 1045 LIBS="$LIBS -lproject" 1046 SP_MSG="yes" ], ) 1047 ], 1048 ) 1049 AC_ARG_WITH([solaris-privs], 1050 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1051 [ 1052 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1053 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1054 "x$ac_cv_header_priv_h" = "xyes" ; then 1055 SOLARIS_PRIVS=yes 1056 AC_MSG_RESULT([found]) 1057 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1058 [Define to disable UID restoration test]) 1059 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1060 [Define if you have Solaris privileges]) 1061 SPP_MSG="yes" 1062 else 1063 AC_MSG_RESULT([not found]) 1064 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1065 fi 1066 ], 1067 ) 1068 TEST_SHELL=$SHELL # let configure find us a capable shell 1069 ;; 1070*-*-sunos4*) 1071 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1072 AC_CHECK_FUNCS([getpwanam]) 1073 AC_DEFINE([PAM_SUN_CODEBASE]) 1074 conf_utmp_location=/etc/utmp 1075 conf_wtmp_location=/var/adm/wtmp 1076 conf_lastlog_location=/var/adm/lastlog 1077 AC_DEFINE([USE_PIPES]) 1078 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1079 ;; 1080*-ncr-sysv*) 1081 LIBS="$LIBS -lc89" 1082 AC_DEFINE([USE_PIPES]) 1083 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1084 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1085 AC_DEFINE([BROKEN_SETREUID]) 1086 AC_DEFINE([BROKEN_SETREGID]) 1087 ;; 1088*-sni-sysv*) 1089 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1090 AC_CHECK_LIB([dl], [dlsym], ,) 1091 # -lresolv needs to be at the end of LIBS or DNS lookups break 1092 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1093 IPADDR_IN_DISPLAY=yes 1094 AC_DEFINE([USE_PIPES]) 1095 AC_DEFINE([IP_TOS_IS_BROKEN]) 1096 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1097 AC_DEFINE([BROKEN_SETREUID]) 1098 AC_DEFINE([BROKEN_SETREGID]) 1099 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1100 external_path_file=/etc/default/login 1101 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1102 # Attention: always take care to bind libsocket and libnsl before libc, 1103 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1104 ;; 1105# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1106*-*-sysv4.2*) 1107 AC_DEFINE([USE_PIPES]) 1108 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1109 AC_DEFINE([BROKEN_SETREUID]) 1110 AC_DEFINE([BROKEN_SETREGID]) 1111 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1112 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1113 TEST_SHELL=$SHELL # let configure find us a capable shell 1114 ;; 1115# UnixWare 7.x, OpenUNIX 8 1116*-*-sysv5*) 1117 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1118 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1119 AC_DEFINE([USE_PIPES]) 1120 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1121 AC_DEFINE([BROKEN_GETADDRINFO]) 1122 AC_DEFINE([BROKEN_SETREUID]) 1123 AC_DEFINE([BROKEN_SETREGID]) 1124 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1125 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1126 TEST_SHELL=$SHELL # let configure find us a capable shell 1127 check_for_libcrypt_later=1 1128 case "$host" in 1129 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1130 maildir=/var/spool/mail 1131 AC_DEFINE([BROKEN_UPDWTMPX]) 1132 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1133 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1134 ], , ) 1135 ;; 1136 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1137 ;; 1138 esac 1139 ;; 1140*-*-sysv*) 1141 ;; 1142# SCO UNIX and OEM versions of SCO UNIX 1143*-*-sco3.2v4*) 1144 AC_MSG_ERROR("This Platform is no longer supported.") 1145 ;; 1146# SCO OpenServer 5.x 1147*-*-sco3.2v5*) 1148 if test -z "$GCC"; then 1149 CFLAGS="$CFLAGS -belf" 1150 fi 1151 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1152 no_dev_ptmx=1 1153 AC_DEFINE([USE_PIPES]) 1154 AC_DEFINE([HAVE_SECUREWARE]) 1155 AC_DEFINE([DISABLE_SHADOW]) 1156 AC_DEFINE([DISABLE_FD_PASSING]) 1157 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1158 AC_DEFINE([BROKEN_GETADDRINFO]) 1159 AC_DEFINE([BROKEN_SETREUID]) 1160 AC_DEFINE([BROKEN_SETREGID]) 1161 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1162 AC_DEFINE([BROKEN_UPDWTMPX]) 1163 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1164 AC_CHECK_FUNCS([getluid setluid]) 1165 MANTYPE=man 1166 TEST_SHELL=$SHELL # let configure find us a capable shell 1167 SKIP_DISABLE_LASTLOG_DEFINE=yes 1168 ;; 1169*-dec-osf*) 1170 AC_MSG_CHECKING([for Digital Unix SIA]) 1171 no_osfsia="" 1172 AC_ARG_WITH([osfsia], 1173 [ --with-osfsia Enable Digital Unix SIA], 1174 [ 1175 if test "x$withval" = "xno" ; then 1176 AC_MSG_RESULT([disabled]) 1177 no_osfsia=1 1178 fi 1179 ], 1180 ) 1181 if test -z "$no_osfsia" ; then 1182 if test -f /etc/sia/matrix.conf; then 1183 AC_MSG_RESULT([yes]) 1184 AC_DEFINE([HAVE_OSF_SIA], [1], 1185 [Define if you have Digital Unix Security 1186 Integration Architecture]) 1187 AC_DEFINE([DISABLE_LOGIN], [1], 1188 [Define if you don't want to use your 1189 system's login() call]) 1190 AC_DEFINE([DISABLE_FD_PASSING]) 1191 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1192 SIA_MSG="yes" 1193 else 1194 AC_MSG_RESULT([no]) 1195 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1196 [String used in /etc/passwd to denote locked account]) 1197 fi 1198 fi 1199 AC_DEFINE([BROKEN_GETADDRINFO]) 1200 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1201 AC_DEFINE([BROKEN_SETREUID]) 1202 AC_DEFINE([BROKEN_SETREGID]) 1203 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1204 ;; 1205 1206*-*-nto-qnx*) 1207 AC_DEFINE([USE_PIPES]) 1208 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1209 AC_DEFINE([DISABLE_LASTLOG]) 1210 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1211 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1212 enable_etc_default_login=no # has incompatible /etc/default/login 1213 case "$host" in 1214 *-*-nto-qnx6*) 1215 AC_DEFINE([DISABLE_FD_PASSING]) 1216 ;; 1217 esac 1218 ;; 1219 1220*-*-ultrix*) 1221 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1222 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1223 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1224 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1225 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1226 # don't get a controlling tty. 1227 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1228 # On Ultrix some headers are not protected against multiple includes, 1229 # so we create wrappers and put it where the compiler will find it. 1230 AC_MSG_WARN([creating compat wrappers for headers]) 1231 mkdir -p netinet 1232 for header in netinet/ip.h netdb.h resolv.h; do 1233 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1234 cat >$header <<EOD 1235#ifndef _SSH_COMPAT_${name} 1236#define _SSH_COMPAT_${name} 1237#include "/usr/include/${header}" 1238#endif 1239EOD 1240 done 1241 ;; 1242 1243*-*-lynxos) 1244 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1245 AC_DEFINE([BROKEN_SETVBUF], [1], 1246 [LynxOS has broken setvbuf() implementation]) 1247 ;; 1248esac 1249 1250AC_MSG_CHECKING([compiler and flags for sanity]) 1251AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])], 1252 [ AC_MSG_RESULT([yes]) ], 1253 [ 1254 AC_MSG_RESULT([no]) 1255 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1256 ], 1257 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1258) 1259 1260dnl Checks for header files. 1261# Checks for libraries. 1262AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1263 1264dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1265AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1266 AC_CHECK_LIB([gen], [dirname], [ 1267 AC_CACHE_CHECK([for broken dirname], 1268 ac_cv_have_broken_dirname, [ 1269 save_LIBS="$LIBS" 1270 LIBS="$LIBS -lgen" 1271 AC_RUN_IFELSE( 1272 [AC_LANG_SOURCE([[ 1273#include <libgen.h> 1274#include <string.h> 1275#include <stdlib.h> 1276 1277int main(int argc, char **argv) { 1278 char *s, buf[32]; 1279 1280 strncpy(buf,"/etc", 32); 1281 s = dirname(buf); 1282 if (!s || strncmp(s, "/", 32) != 0) { 1283 exit(1); 1284 } else { 1285 exit(0); 1286 } 1287} 1288 ]])], 1289 [ ac_cv_have_broken_dirname="no" ], 1290 [ ac_cv_have_broken_dirname="yes" ], 1291 [ ac_cv_have_broken_dirname="no" ], 1292 ) 1293 LIBS="$save_LIBS" 1294 ]) 1295 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1296 LIBS="$LIBS -lgen" 1297 AC_DEFINE([HAVE_DIRNAME]) 1298 AC_CHECK_HEADERS([libgen.h]) 1299 fi 1300 ]) 1301]) 1302 1303AC_CHECK_FUNC([getspnam], , 1304 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1305AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1306 [Define if you have the basename function.])]) 1307 1308dnl zlib defaults to enabled 1309zlib=yes 1310AC_ARG_WITH([zlib], 1311 [ --with-zlib=PATH Use zlib in PATH], 1312 [ if test "x$withval" = "xno" ; then 1313 zlib=no 1314 elif test "x$withval" != "xyes"; then 1315 if test -d "$withval/lib"; then 1316 if test -n "${rpath_opt}"; then 1317 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1318 else 1319 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1320 fi 1321 else 1322 if test -n "${rpath_opt}"; then 1323 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1324 else 1325 LDFLAGS="-L${withval} ${LDFLAGS}" 1326 fi 1327 fi 1328 if test -d "$withval/include"; then 1329 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1330 else 1331 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1332 fi 1333 fi ] 1334) 1335 1336AC_MSG_CHECKING([for zlib]) 1337if test "x${zlib}" = "xno"; then 1338 AC_MSG_RESULT([no]) 1339else 1340 AC_MSG_RESULT([yes]) 1341 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1342 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1343 AC_CHECK_LIB([z], [deflate], , 1344 [ 1345 saved_CPPFLAGS="$CPPFLAGS" 1346 saved_LDFLAGS="$LDFLAGS" 1347 save_LIBS="$LIBS" 1348 dnl Check default zlib install dir 1349 if test -n "${rpath_opt}"; then 1350 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1351 else 1352 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1353 fi 1354 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1355 LIBS="$LIBS -lz" 1356 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1357 [ 1358 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1359 ] 1360 ) 1361 ] 1362 ) 1363 1364 AC_ARG_WITH([zlib-version-check], 1365 [ --without-zlib-version-check Disable zlib version check], 1366 [ if test "x$withval" = "xno" ; then 1367 zlib_check_nonfatal=1 1368 fi 1369 ] 1370 ) 1371 1372 AC_MSG_CHECKING([for possibly buggy zlib]) 1373 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1374#include <stdio.h> 1375#include <stdlib.h> 1376#include <zlib.h> 1377 ]], 1378 [[ 1379 int a=0, b=0, c=0, d=0, n, v; 1380 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1381 if (n != 3 && n != 4) 1382 exit(1); 1383 v = a*1000000 + b*10000 + c*100 + d; 1384 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1385 1386 /* 1.1.4 is OK */ 1387 if (a == 1 && b == 1 && c >= 4) 1388 exit(0); 1389 1390 /* 1.2.3 and up are OK */ 1391 if (v >= 1020300) 1392 exit(0); 1393 1394 exit(2); 1395 ]])], 1396 AC_MSG_RESULT([no]), 1397 [ AC_MSG_RESULT([yes]) 1398 if test -z "$zlib_check_nonfatal" ; then 1399 AC_MSG_ERROR([*** zlib too old - check config.log *** 1400Your reported zlib version has known security problems. It's possible your 1401vendor has fixed these problems without changing the version number. If you 1402are sure this is the case, you can disable the check by running 1403"./configure --without-zlib-version-check". 1404If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1405See http://www.gzip.org/zlib/ for details.]) 1406 else 1407 AC_MSG_WARN([zlib version may have security problems]) 1408 fi 1409 ], 1410 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1411 ) 1412fi 1413 1414dnl UnixWare 2.x 1415AC_CHECK_FUNC([strcasecmp], 1416 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1417) 1418AC_CHECK_FUNCS([utimes], 1419 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1420 LIBS="$LIBS -lc89"]) ] 1421) 1422 1423dnl Checks for libutil functions 1424AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1425AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1426AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1427AC_SEARCH_LIBS([login], [util bsd]) 1428AC_SEARCH_LIBS([logout], [util bsd]) 1429AC_SEARCH_LIBS([logwtmp], [util bsd]) 1430AC_SEARCH_LIBS([openpty], [util bsd]) 1431AC_SEARCH_LIBS([updwtmp], [util bsd]) 1432AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1433 1434# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1435# or libnsl. 1436AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1437AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1438 1439# "Particular Function Checks" 1440# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1441AC_FUNC_STRFTIME 1442AC_FUNC_MALLOC 1443AC_FUNC_REALLOC 1444# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1445AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1446AC_RUN_IFELSE( 1447 [AC_LANG_PROGRAM( 1448 [[ #include <stdlib.h> ]], 1449 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1450 )], 1451 [ func_calloc_0_nonnull=yes ], 1452 [ func_calloc_0_nonnull=no ], 1453 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1454 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1455) 1456AC_MSG_RESULT([$func_calloc_0_nonnull]) 1457 1458if test "x$func_calloc_0_nonnull" = "xyes"; then 1459 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1460else 1461 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1462 AC_DEFINE(calloc, rpl_calloc, 1463 [Define to rpl_calloc if the replacement function should be used.]) 1464fi 1465 1466# Check for ALTDIRFUNC glob() extension 1467AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1468AC_EGREP_CPP([FOUNDIT], 1469 [ 1470 #include <glob.h> 1471 #ifdef GLOB_ALTDIRFUNC 1472 FOUNDIT 1473 #endif 1474 ], 1475 [ 1476 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1477 [Define if your system glob() function has 1478 the GLOB_ALTDIRFUNC extension]) 1479 AC_MSG_RESULT([yes]) 1480 ], 1481 [ 1482 AC_MSG_RESULT([no]) 1483 ] 1484) 1485 1486# Check for g.gl_matchc glob() extension 1487AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1488AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1489 [[ glob_t g; g.gl_matchc = 1; ]])], 1490 [ 1491 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1492 [Define if your system glob() function has 1493 gl_matchc options in glob_t]) 1494 AC_MSG_RESULT([yes]) 1495 ], [ 1496 AC_MSG_RESULT([no]) 1497]) 1498 1499# Check for g.gl_statv glob() extension 1500AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1501AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1502#ifndef GLOB_KEEPSTAT 1503#error "glob does not support GLOB_KEEPSTAT extension" 1504#endif 1505glob_t g; 1506g.gl_statv = NULL; 1507]])], 1508 [ 1509 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1510 [Define if your system glob() function has 1511 gl_statv options in glob_t]) 1512 AC_MSG_RESULT([yes]) 1513 ], [ 1514 AC_MSG_RESULT([no]) 1515 1516]) 1517 1518AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1519 1520AC_CHECK_DECL([VIS_ALL], , 1521 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1522 1523AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1524AC_RUN_IFELSE( 1525 [AC_LANG_PROGRAM([[ 1526#include <sys/types.h> 1527#include <dirent.h> 1528#include <stdlib.h> 1529 ]], 1530 [[ 1531 struct dirent d; 1532 exit(sizeof(d.d_name)<=sizeof(char)); 1533 ]])], 1534 [AC_MSG_RESULT([yes])], 1535 [ 1536 AC_MSG_RESULT([no]) 1537 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1538 [Define if your struct dirent expects you to 1539 allocate extra space for d_name]) 1540 ], 1541 [ 1542 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1543 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1544 ] 1545) 1546 1547AC_MSG_CHECKING([for /proc/pid/fd directory]) 1548if test -d "/proc/$$/fd" ; then 1549 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1550 AC_MSG_RESULT([yes]) 1551else 1552 AC_MSG_RESULT([no]) 1553fi 1554 1555# Check whether user wants to use ldns 1556LDNS_MSG="no" 1557AC_ARG_WITH(ldns, 1558 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1559 [ 1560 ldns="" 1561 if test "x$withval" = "xyes" ; then 1562 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1563 if test "x$LDNSCONFIG" = "xno"; then 1564 LIBS="-lldns $LIBS" 1565 ldns=yes 1566 else 1567 LIBS="$LIBS `$LDNSCONFIG --libs`" 1568 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1569 ldns=yes 1570 fi 1571 elif test "x$withval" != "xno" ; then 1572 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1573 LDFLAGS="$LDFLAGS -L${withval}/lib" 1574 LIBS="-lldns $LIBS" 1575 ldns=yes 1576 fi 1577 1578 # Verify that it works. 1579 if test "x$ldns" = "xyes" ; then 1580 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1581 LDNS_MSG="yes" 1582 AC_MSG_CHECKING([for ldns support]) 1583 AC_LINK_IFELSE( 1584 [AC_LANG_SOURCE([[ 1585#include <stdio.h> 1586#include <stdlib.h> 1587#ifdef HAVE_STDINT_H 1588# include <stdint.h> 1589#endif 1590#include <ldns/ldns.h> 1591int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1592 ]]) 1593 ], 1594 [AC_MSG_RESULT(yes)], 1595 [ 1596 AC_MSG_RESULT(no) 1597 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1598 ]) 1599 fi 1600]) 1601 1602# Check whether user wants libedit support 1603LIBEDIT_MSG="no" 1604AC_ARG_WITH([libedit], 1605 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1606 [ if test "x$withval" != "xno" ; then 1607 if test "x$withval" = "xyes" ; then 1608 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1609 if test "x$PKGCONFIG" != "xno"; then 1610 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1611 if "$PKGCONFIG" libedit; then 1612 AC_MSG_RESULT([yes]) 1613 use_pkgconfig_for_libedit=yes 1614 else 1615 AC_MSG_RESULT([no]) 1616 fi 1617 fi 1618 else 1619 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1620 if test -n "${rpath_opt}"; then 1621 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1622 else 1623 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1624 fi 1625 fi 1626 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1627 LIBEDIT=`$PKGCONFIG --libs libedit` 1628 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1629 else 1630 LIBEDIT="-ledit -lcurses" 1631 fi 1632 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1633 AC_CHECK_LIB([edit], [el_init], 1634 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1635 LIBEDIT_MSG="yes" 1636 AC_SUBST([LIBEDIT]) 1637 ], 1638 [ AC_MSG_ERROR([libedit not found]) ], 1639 [ $OTHERLIBS ] 1640 ) 1641 AC_MSG_CHECKING([if libedit version is compatible]) 1642 AC_COMPILE_IFELSE( 1643 [AC_LANG_PROGRAM([[ 1644#include <histedit.h> 1645#include <stdlib.h> 1646 ]], 1647 [[ 1648 int i = H_SETSIZE; 1649 el_init("", NULL, NULL, NULL); 1650 exit(0); 1651 ]])], 1652 [ AC_MSG_RESULT([yes]) ], 1653 [ AC_MSG_RESULT([no]) 1654 AC_MSG_ERROR([libedit version is not compatible]) ] 1655 ) 1656 fi ] 1657) 1658 1659AUDIT_MODULE=none 1660AC_ARG_WITH([audit], 1661 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1662 [ 1663 AC_MSG_CHECKING([for supported audit module]) 1664 case "$withval" in 1665 bsm) 1666 AC_MSG_RESULT([bsm]) 1667 AUDIT_MODULE=bsm 1668 dnl Checks for headers, libs and functions 1669 AC_CHECK_HEADERS([bsm/audit.h], [], 1670 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1671 [ 1672#ifdef HAVE_TIME_H 1673# include <time.h> 1674#endif 1675 ] 1676) 1677 AC_CHECK_LIB([bsm], [getaudit], [], 1678 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1679 AC_CHECK_FUNCS([getaudit], [], 1680 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1681 # These are optional 1682 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1683 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1684 if test "$sol2ver" -ge 11; then 1685 SSHDLIBS="$SSHDLIBS -lscf" 1686 AC_DEFINE([BROKEN_BSM_API], [1], 1687 [The system has incomplete BSM API]) 1688 fi 1689 ;; 1690 linux) 1691 AC_MSG_RESULT([linux]) 1692 AUDIT_MODULE=linux 1693 dnl Checks for headers, libs and functions 1694 AC_CHECK_HEADERS([libaudit.h]) 1695 SSHDLIBS="$SSHDLIBS -laudit" 1696 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1697 ;; 1698 debug) 1699 AUDIT_MODULE=debug 1700 AC_MSG_RESULT([debug]) 1701 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1702 ;; 1703 no) 1704 AC_MSG_RESULT([no]) 1705 ;; 1706 *) 1707 AC_MSG_ERROR([Unknown audit module $withval]) 1708 ;; 1709 esac ] 1710) 1711 1712AC_ARG_WITH([pie], 1713 [ --with-pie Build Position Independent Executables if possible], [ 1714 if test "x$withval" = "xno"; then 1715 use_pie=no 1716 fi 1717 if test "x$withval" = "xyes"; then 1718 use_pie=yes 1719 fi 1720 ] 1721) 1722if test "x$use_pie" = "x"; then 1723 use_pie=no 1724fi 1725if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1726 # Turn off automatic PIE when toolchain hardening is off. 1727 use_pie=no 1728fi 1729if test "x$use_pie" = "xauto"; then 1730 # Automatic PIE requires gcc >= 4.x 1731 AC_MSG_CHECKING([for gcc >= 4.x]) 1732 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1733#if !defined(__GNUC__) || __GNUC__ < 4 1734#error gcc is too old 1735#endif 1736]])], 1737 [ AC_MSG_RESULT([yes]) ], 1738 [ AC_MSG_RESULT([no]) 1739 use_pie=no ] 1740) 1741fi 1742if test "x$use_pie" != "xno"; then 1743 SAVED_CFLAGS="$CFLAGS" 1744 SAVED_LDFLAGS="$LDFLAGS" 1745 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1746 OSSH_CHECK_LDFLAG_LINK([-pie]) 1747 # We use both -fPIE and -pie or neither. 1748 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1749 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1750 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1751 AC_MSG_RESULT([yes]) 1752 else 1753 AC_MSG_RESULT([no]) 1754 CFLAGS="$SAVED_CFLAGS" 1755 LDFLAGS="$SAVED_LDFLAGS" 1756 fi 1757fi 1758 1759AC_MSG_CHECKING([whether -fPIC is accepted]) 1760SAVED_CFLAGS="$CFLAGS" 1761CFLAGS="$CFLAGS -fPIC" 1762AC_COMPILE_IFELSE( 1763 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1764 [AC_MSG_RESULT([yes]) 1765 PICFLAG="-fPIC"; ], 1766 [AC_MSG_RESULT([no]) 1767 PICFLAG=""; ]) 1768CFLAGS="$SAVED_CFLAGS" 1769AC_SUBST([PICFLAG]) 1770 1771dnl Checks for library functions. Please keep in alphabetical order 1772AC_CHECK_FUNCS([ \ 1773 Blowfish_initstate \ 1774 Blowfish_expandstate \ 1775 Blowfish_expand0state \ 1776 Blowfish_stream2word \ 1777 SHA256Update \ 1778 SHA384Update \ 1779 SHA512Update \ 1780 asprintf \ 1781 b64_ntop \ 1782 __b64_ntop \ 1783 b64_pton \ 1784 __b64_pton \ 1785 bcopy \ 1786 bcrypt_pbkdf \ 1787 bindresvport_sa \ 1788 blf_enc \ 1789 bzero \ 1790 cap_rights_limit \ 1791 clock \ 1792 closefrom \ 1793 dirfd \ 1794 endgrent \ 1795 err \ 1796 errx \ 1797 explicit_bzero \ 1798 fchmod \ 1799 fchmodat \ 1800 fchown \ 1801 fchownat \ 1802 flock \ 1803 fnmatch \ 1804 freeaddrinfo \ 1805 freezero \ 1806 fstatfs \ 1807 fstatvfs \ 1808 futimes \ 1809 getaddrinfo \ 1810 getcwd \ 1811 getgrouplist \ 1812 getline \ 1813 getnameinfo \ 1814 getopt \ 1815 getpagesize \ 1816 getpeereid \ 1817 getpeerucred \ 1818 getpgid \ 1819 _getpty \ 1820 getrlimit \ 1821 getrandom \ 1822 getsid \ 1823 getttyent \ 1824 glob \ 1825 group_from_gid \ 1826 inet_aton \ 1827 inet_ntoa \ 1828 inet_ntop \ 1829 innetgr \ 1830 llabs \ 1831 localtime_r \ 1832 login_getcapbool \ 1833 md5_crypt \ 1834 memmem \ 1835 memmove \ 1836 memset_s \ 1837 mkdtemp \ 1838 ngetaddrinfo \ 1839 nsleep \ 1840 ogetaddrinfo \ 1841 openlog_r \ 1842 pledge \ 1843 poll \ 1844 prctl \ 1845 pstat \ 1846 raise \ 1847 readpassphrase \ 1848 reallocarray \ 1849 realpath \ 1850 recvmsg \ 1851 recallocarray \ 1852 rresvport_af \ 1853 sendmsg \ 1854 setdtablesize \ 1855 setegid \ 1856 setenv \ 1857 seteuid \ 1858 setgroupent \ 1859 setgroups \ 1860 setlinebuf \ 1861 setlogin \ 1862 setpassent\ 1863 setpcred \ 1864 setproctitle \ 1865 setregid \ 1866 setreuid \ 1867 setrlimit \ 1868 setsid \ 1869 setvbuf \ 1870 sigaction \ 1871 sigvec \ 1872 snprintf \ 1873 socketpair \ 1874 statfs \ 1875 statvfs \ 1876 strcasestr \ 1877 strdup \ 1878 strerror \ 1879 strlcat \ 1880 strlcpy \ 1881 strmode \ 1882 strndup \ 1883 strnlen \ 1884 strnvis \ 1885 strptime \ 1886 strsignal \ 1887 strtonum \ 1888 strtoll \ 1889 strtoul \ 1890 strtoull \ 1891 swap32 \ 1892 sysconf \ 1893 tcgetpgrp \ 1894 timingsafe_bcmp \ 1895 truncate \ 1896 unsetenv \ 1897 updwtmpx \ 1898 utimensat \ 1899 user_from_uid \ 1900 usleep \ 1901 vasprintf \ 1902 vsnprintf \ 1903 waitpid \ 1904 warn \ 1905]) 1906 1907AC_CHECK_DECLS([bzero, memmem]) 1908 1909dnl Wide character support. 1910AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1911 1912TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 1913AC_MSG_CHECKING([for utf8 locale support]) 1914AC_RUN_IFELSE( 1915 [AC_LANG_PROGRAM([[ 1916#include <locale.h> 1917#include <stdlib.h> 1918 ]], [[ 1919 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 1920 if (loc != NULL) 1921 exit(0); 1922 exit(1); 1923 ]])], 1924 AC_MSG_RESULT(yes), 1925 [AC_MSG_RESULT(no) 1926 TEST_SSH_UTF8=no], 1927 AC_MSG_WARN([cross compiling: assuming yes]) 1928) 1929 1930AC_LINK_IFELSE( 1931 [AC_LANG_PROGRAM( 1932 [[ #include <ctype.h> ]], 1933 [[ return (isblank('a')); ]])], 1934 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1935]) 1936 1937disable_pkcs11= 1938AC_ARG_ENABLE([pkcs11], 1939 [ --disable-pkcs11 disable PKCS#11 support code [no]], 1940 [ 1941 if test "x$enableval" = "xno" ; then 1942 disable_pkcs11=1 1943 fi 1944 ] 1945) 1946 1947disable_sk= 1948AC_ARG_ENABLE([security-key], 1949 [ --disable-security-key disable U2F/FIDO support code [no]], 1950 [ 1951 if test "x$enableval" = "xno" ; then 1952 disable_sk=1 1953 fi 1954 ] 1955) 1956enable_sk_internal= 1957AC_ARG_WITH([security-key-builtin], 1958 [ --with-security-key-builtin include builtin U2F/FIDO support], 1959 [ 1960 if test "x$withval" != "xno" ; then 1961 enable_sk_internal=yes 1962 fi 1963 ] 1964) 1965test "x$disable_sk" != "x" && enable_sk_internal="" 1966 1967AC_SEARCH_LIBS([dlopen], [dl]) 1968AC_CHECK_FUNCS([dlopen]) 1969AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 1970 1971# IRIX has a const char return value for gai_strerror() 1972AC_CHECK_FUNCS([gai_strerror], [ 1973 AC_DEFINE([HAVE_GAI_STRERROR]) 1974 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1975#include <sys/types.h> 1976#include <sys/socket.h> 1977#include <netdb.h> 1978 1979const char *gai_strerror(int); 1980 ]], [[ 1981 char *str; 1982 str = gai_strerror(0); 1983 ]])], [ 1984 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1985 [Define if gai_strerror() returns const char *])], [])]) 1986 1987AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1988 [Some systems put nanosleep outside of libc])]) 1989 1990AC_SEARCH_LIBS([clock_gettime], [rt], 1991 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1992 1993dnl check if we need -D_REENTRANT for localtime_r declaration. 1994AC_CHECK_DECL([localtime_r], [], 1995 [ saved_CPPFLAGS="$CFLAGS" 1996 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 1997 unset ac_cv_have_decl_localtime_r 1998 AC_CHECK_DECL([localtime_r], [], 1999 [ CPPFLAGS="$saved_CPPFLAGS" ], 2000 [ #include <time.h> ] 2001 ) 2002 ], 2003 [ #include <time.h> ] 2004) 2005 2006dnl Make sure prototypes are defined for these before using them. 2007AC_CHECK_DECL([strsep], 2008 [AC_CHECK_FUNCS([strsep])], 2009 [], 2010 [ 2011#ifdef HAVE_STRING_H 2012# include <string.h> 2013#endif 2014 ]) 2015 2016dnl tcsendbreak might be a macro 2017AC_CHECK_DECL([tcsendbreak], 2018 [AC_DEFINE([HAVE_TCSENDBREAK])], 2019 [AC_CHECK_FUNCS([tcsendbreak])], 2020 [#include <termios.h>] 2021) 2022 2023AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2024 2025AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2026 [ 2027#include <sys/types.h> 2028#include <sys/socket.h> 2029#include <unistd.h> 2030 ]) 2031 2032AC_CHECK_DECLS([O_NONBLOCK], , , 2033 [ 2034#include <sys/types.h> 2035#ifdef HAVE_SYS_STAT_H 2036# include <sys/stat.h> 2037#endif 2038#ifdef HAVE_FCNTL_H 2039# include <fcntl.h> 2040#endif 2041 ]) 2042 2043AC_CHECK_DECLS([readv, writev], , , [ 2044#include <sys/types.h> 2045#include <sys/uio.h> 2046#include <unistd.h> 2047 ]) 2048 2049AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2050#include <sys/param.h> 2051 ]) 2052 2053AC_CHECK_DECLS([offsetof], , , [ 2054#include <stddef.h> 2055 ]) 2056 2057# extra bits for select(2) 2058AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2059#include <sys/param.h> 2060#include <sys/types.h> 2061#ifdef HAVE_SYS_SYSMACROS_H 2062#include <sys/sysmacros.h> 2063#endif 2064#ifdef HAVE_SYS_SELECT_H 2065#include <sys/select.h> 2066#endif 2067#ifdef HAVE_SYS_TIME_H 2068#include <sys/time.h> 2069#endif 2070#ifdef HAVE_UNISTD_H 2071#include <unistd.h> 2072#endif 2073 ]]) 2074AC_CHECK_TYPES([fd_mask], [], [], [[ 2075#include <sys/param.h> 2076#include <sys/types.h> 2077#ifdef HAVE_SYS_SELECT_H 2078#include <sys/select.h> 2079#endif 2080#ifdef HAVE_SYS_TIME_H 2081#include <sys/time.h> 2082#endif 2083#ifdef HAVE_UNISTD_H 2084#include <unistd.h> 2085#endif 2086 ]]) 2087 2088AC_CHECK_FUNCS([setresuid], [ 2089 dnl Some platorms have setresuid that isn't implemented, test for this 2090 AC_MSG_CHECKING([if setresuid seems to work]) 2091 AC_RUN_IFELSE( 2092 [AC_LANG_PROGRAM([[ 2093#include <stdlib.h> 2094#include <errno.h> 2095 ]], [[ 2096 errno=0; 2097 setresuid(0,0,0); 2098 if (errno==ENOSYS) 2099 exit(1); 2100 else 2101 exit(0); 2102 ]])], 2103 [AC_MSG_RESULT([yes])], 2104 [AC_DEFINE([BROKEN_SETRESUID], [1], 2105 [Define if your setresuid() is broken]) 2106 AC_MSG_RESULT([not implemented])], 2107 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2108 ) 2109]) 2110 2111AC_CHECK_FUNCS([setresgid], [ 2112 dnl Some platorms have setresgid that isn't implemented, test for this 2113 AC_MSG_CHECKING([if setresgid seems to work]) 2114 AC_RUN_IFELSE( 2115 [AC_LANG_PROGRAM([[ 2116#include <stdlib.h> 2117#include <errno.h> 2118 ]], [[ 2119 errno=0; 2120 setresgid(0,0,0); 2121 if (errno==ENOSYS) 2122 exit(1); 2123 else 2124 exit(0); 2125 ]])], 2126 [AC_MSG_RESULT([yes])], 2127 [AC_DEFINE([BROKEN_SETRESGID], [1], 2128 [Define if your setresgid() is broken]) 2129 AC_MSG_RESULT([not implemented])], 2130 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2131 ) 2132]) 2133 2134AC_MSG_CHECKING([for working fflush(NULL)]) 2135AC_RUN_IFELSE( 2136 [AC_LANG_PROGRAM([[ 2137#include <stdio.h> 2138#include <stdlib.h> 2139 ]], 2140 [[fflush(NULL); exit(0);]])], 2141 AC_MSG_RESULT([yes]), 2142 [AC_MSG_RESULT([no]) 2143 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2144 [define if fflush(NULL) does not work])], 2145 AC_MSG_WARN([cross compiling: assuming working]) 2146) 2147 2148dnl Checks for time functions 2149AC_CHECK_FUNCS([gettimeofday time]) 2150dnl Checks for utmp functions 2151AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2152AC_CHECK_FUNCS([utmpname]) 2153dnl Checks for utmpx functions 2154AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2155AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2156dnl Checks for lastlog functions 2157AC_CHECK_FUNCS([getlastlogxbyname]) 2158 2159AC_CHECK_FUNC([daemon], 2160 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2161 [AC_CHECK_LIB([bsd], [daemon], 2162 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2163) 2164 2165AC_CHECK_FUNC([getpagesize], 2166 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2167 [Define if your libraries define getpagesize()])], 2168 [AC_CHECK_LIB([ucb], [getpagesize], 2169 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2170) 2171 2172# Check for broken snprintf 2173if test "x$ac_cv_func_snprintf" = "xyes" ; then 2174 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2175 AC_RUN_IFELSE( 2176 [AC_LANG_PROGRAM([[ 2177#include <stdio.h> 2178#include <stdlib.h> 2179 ]], 2180 [[ 2181 char b[5]; 2182 snprintf(b,5,"123456789"); 2183 exit(b[4]!='\0'); 2184 ]])], 2185 [AC_MSG_RESULT([yes])], 2186 [ 2187 AC_MSG_RESULT([no]) 2188 AC_DEFINE([BROKEN_SNPRINTF], [1], 2189 [Define if your snprintf is busted]) 2190 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2191 ], 2192 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2193 ) 2194fi 2195 2196if test "x$ac_cv_func_snprintf" = "xyes" ; then 2197 AC_MSG_CHECKING([whether snprintf understands %zu]) 2198 AC_RUN_IFELSE( 2199 [AC_LANG_PROGRAM([[ 2200#include <sys/types.h> 2201#include <stdio.h> 2202#include <stdlib.h> 2203#include <string.h> 2204 ]], 2205 [[ 2206 size_t a = 1, b = 2; 2207 char z[128]; 2208 snprintf(z, sizeof z, "%zu%zu", a, b); 2209 exit(strcmp(z, "12")); 2210 ]])], 2211 [AC_MSG_RESULT([yes])], 2212 [ 2213 AC_MSG_RESULT([no]) 2214 AC_DEFINE([BROKEN_SNPRINTF], [1], 2215 [snprintf does not understand %zu]) 2216 ], 2217 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2218 ) 2219fi 2220 2221# We depend on vsnprintf returning the right thing on overflow: the 2222# number of characters it tried to create (as per SUSv3) 2223if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2224 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2225 AC_RUN_IFELSE( 2226 [AC_LANG_PROGRAM([[ 2227#include <sys/types.h> 2228#include <stdio.h> 2229#include <stdarg.h> 2230 2231int x_snprintf(char *str, size_t count, const char *fmt, ...) 2232{ 2233 size_t ret; 2234 va_list ap; 2235 2236 va_start(ap, fmt); 2237 ret = vsnprintf(str, count, fmt, ap); 2238 va_end(ap); 2239 return ret; 2240} 2241 ]], [[ 2242char x[1]; 2243if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2244 return 1; 2245if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2246 return 1; 2247return 0; 2248 ]])], 2249 [AC_MSG_RESULT([yes])], 2250 [ 2251 AC_MSG_RESULT([no]) 2252 AC_DEFINE([BROKEN_SNPRINTF], [1], 2253 [Define if your snprintf is busted]) 2254 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2255 ], 2256 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2257 ) 2258fi 2259 2260# On systems where [v]snprintf is broken, but is declared in stdio, 2261# check that the fmt argument is const char * or just char *. 2262# This is only useful for when BROKEN_SNPRINTF 2263AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2264AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2265#include <stdio.h> 2266int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2267 ]], [[ 2268 snprintf(0, 0, 0); 2269 ]])], 2270 [AC_MSG_RESULT([yes]) 2271 AC_DEFINE([SNPRINTF_CONST], [const], 2272 [Define as const if snprintf() can declare const char *fmt])], 2273 [AC_MSG_RESULT([no]) 2274 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2275 2276# Check for missing getpeereid (or equiv) support 2277NO_PEERCHECK="" 2278if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2279 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2280 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2281#include <sys/types.h> 2282#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2283 [ AC_MSG_RESULT([yes]) 2284 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2285 ], [AC_MSG_RESULT([no]) 2286 NO_PEERCHECK=1 2287 ]) 2288fi 2289 2290dnl make sure that openpty does not reacquire controlling terminal 2291if test ! -z "$check_for_openpty_ctty_bug"; then 2292 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2293 AC_RUN_IFELSE( 2294 [AC_LANG_PROGRAM([[ 2295#include <stdio.h> 2296#include <stdlib.h> 2297#include <unistd.h> 2298#include <sys/fcntl.h> 2299#include <sys/types.h> 2300#include <sys/wait.h> 2301 ]], [[ 2302 pid_t pid; 2303 int fd, ptyfd, ttyfd, status; 2304 2305 pid = fork(); 2306 if (pid < 0) { /* failed */ 2307 exit(1); 2308 } else if (pid > 0) { /* parent */ 2309 waitpid(pid, &status, 0); 2310 if (WIFEXITED(status)) 2311 exit(WEXITSTATUS(status)); 2312 else 2313 exit(2); 2314 } else { /* child */ 2315 close(0); close(1); close(2); 2316 setsid(); 2317 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2318 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2319 if (fd >= 0) 2320 exit(3); /* Acquired ctty: broken */ 2321 else 2322 exit(0); /* Did not acquire ctty: OK */ 2323 } 2324 ]])], 2325 [ 2326 AC_MSG_RESULT([yes]) 2327 ], 2328 [ 2329 AC_MSG_RESULT([no]) 2330 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2331 ], 2332 [ 2333 AC_MSG_RESULT([cross-compiling, assuming yes]) 2334 ] 2335 ) 2336fi 2337 2338if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2339 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2340 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2341 AC_RUN_IFELSE( 2342 [AC_LANG_PROGRAM([[ 2343#include <stdio.h> 2344#include <stdlib.h> 2345#include <sys/socket.h> 2346#include <netdb.h> 2347#include <errno.h> 2348#include <netinet/in.h> 2349 2350#define TEST_PORT "2222" 2351 ]], [[ 2352 int err, sock; 2353 struct addrinfo *gai_ai, *ai, hints; 2354 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2355 2356 memset(&hints, 0, sizeof(hints)); 2357 hints.ai_family = PF_UNSPEC; 2358 hints.ai_socktype = SOCK_STREAM; 2359 hints.ai_flags = AI_PASSIVE; 2360 2361 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2362 if (err != 0) { 2363 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2364 exit(1); 2365 } 2366 2367 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2368 if (ai->ai_family != AF_INET6) 2369 continue; 2370 2371 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2372 sizeof(ntop), strport, sizeof(strport), 2373 NI_NUMERICHOST|NI_NUMERICSERV); 2374 2375 if (err != 0) { 2376 if (err == EAI_SYSTEM) 2377 perror("getnameinfo EAI_SYSTEM"); 2378 else 2379 fprintf(stderr, "getnameinfo failed: %s\n", 2380 gai_strerror(err)); 2381 exit(2); 2382 } 2383 2384 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2385 if (sock < 0) 2386 perror("socket"); 2387 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2388 if (errno == EBADF) 2389 exit(3); 2390 } 2391 } 2392 exit(0); 2393 ]])], 2394 [ 2395 AC_MSG_RESULT([yes]) 2396 ], 2397 [ 2398 AC_MSG_RESULT([no]) 2399 AC_DEFINE([BROKEN_GETADDRINFO]) 2400 ], 2401 [ 2402 AC_MSG_RESULT([cross-compiling, assuming yes]) 2403 ] 2404 ) 2405fi 2406 2407if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2408 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2409 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2410 AC_RUN_IFELSE( 2411 [AC_LANG_PROGRAM([[ 2412#include <stdio.h> 2413#include <stdlib.h> 2414#include <sys/socket.h> 2415#include <netdb.h> 2416#include <errno.h> 2417#include <netinet/in.h> 2418 2419#define TEST_PORT "2222" 2420 ]], [[ 2421 int err, sock; 2422 struct addrinfo *gai_ai, *ai, hints; 2423 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2424 2425 memset(&hints, 0, sizeof(hints)); 2426 hints.ai_family = PF_UNSPEC; 2427 hints.ai_socktype = SOCK_STREAM; 2428 hints.ai_flags = AI_PASSIVE; 2429 2430 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2431 if (err != 0) { 2432 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2433 exit(1); 2434 } 2435 2436 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2437 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2438 continue; 2439 2440 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2441 sizeof(ntop), strport, sizeof(strport), 2442 NI_NUMERICHOST|NI_NUMERICSERV); 2443 2444 if (ai->ai_family == AF_INET && err != 0) { 2445 perror("getnameinfo"); 2446 exit(2); 2447 } 2448 } 2449 exit(0); 2450 ]])], 2451 [ 2452 AC_MSG_RESULT([yes]) 2453 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2454 [Define if you have a getaddrinfo that fails 2455 for the all-zeros IPv6 address]) 2456 ], 2457 [ 2458 AC_MSG_RESULT([no]) 2459 AC_DEFINE([BROKEN_GETADDRINFO]) 2460 ], 2461 [ 2462 AC_MSG_RESULT([cross-compiling, assuming no]) 2463 ] 2464 ) 2465fi 2466 2467if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2468 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2469 [#include <sys/types.h> 2470 #include <sys/socket.h> 2471 #include <netdb.h>]) 2472fi 2473 2474if test "x$check_for_conflicting_getspnam" = "x1"; then 2475 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2476 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2477#include <shadow.h> 2478#include <stdlib.h> 2479 ]], 2480 [[ exit(0); ]])], 2481 [ 2482 AC_MSG_RESULT([no]) 2483 ], 2484 [ 2485 AC_MSG_RESULT([yes]) 2486 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2487 [Conflicting defs for getspnam]) 2488 ] 2489 ) 2490fi 2491 2492dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2493dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2494dnl for over ten years). Despite this incompatibility being reported during 2495dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2496dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2497dnl implementation. Try to detect this mess, and assume the only safe option 2498dnl if we're cross compiling. 2499dnl 2500dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2501dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2502if test "x$ac_cv_func_strnvis" = "xyes"; then 2503 AC_MSG_CHECKING([for working strnvis]) 2504 AC_RUN_IFELSE( 2505 [AC_LANG_PROGRAM([[ 2506#include <signal.h> 2507#include <stdlib.h> 2508#include <string.h> 2509#include <unistd.h> 2510#include <vis.h> 2511static void sighandler(int sig) { _exit(1); } 2512 ]], [[ 2513 char dst[16]; 2514 2515 signal(SIGSEGV, sighandler); 2516 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2517 exit(0); 2518 exit(1) 2519 ]])], 2520 [AC_MSG_RESULT([yes])], 2521 [AC_MSG_RESULT([no]) 2522 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2523 [AC_MSG_WARN([cross compiling: assuming broken]) 2524 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2525 ) 2526fi 2527 2528AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2529AC_RUN_IFELSE( 2530 [AC_LANG_PROGRAM([[ 2531#ifdef HAVE_SYS_SELECT 2532# include <sys/select.h> 2533#endif 2534#include <sys/types.h> 2535#include <sys/time.h> 2536#include <stdlib.h> 2537#include <signal.h> 2538#include <unistd.h> 2539static void sighandler(int sig) { } 2540 ]], [[ 2541 int r; 2542 pid_t pid; 2543 struct sigaction sa; 2544 2545 sa.sa_handler = sighandler; 2546 sa.sa_flags = SA_RESTART; 2547 (void)sigaction(SIGTERM, &sa, NULL); 2548 if ((pid = fork()) == 0) { /* child */ 2549 pid = getppid(); 2550 sleep(1); 2551 kill(pid, SIGTERM); 2552 sleep(1); 2553 if (getppid() == pid) /* if parent did not exit, shoot it */ 2554 kill(pid, SIGKILL); 2555 exit(0); 2556 } else { /* parent */ 2557 r = select(0, NULL, NULL, NULL, NULL); 2558 } 2559 exit(r == -1 ? 0 : 1); 2560 ]])], 2561 [AC_MSG_RESULT([yes])], 2562 [AC_MSG_RESULT([no]) 2563 AC_DEFINE([NO_SA_RESTART], [1], 2564 [SA_RESTARTed signals do no interrupt select])], 2565 [AC_MSG_WARN([cross compiling: assuming yes])] 2566) 2567 2568AC_CHECK_FUNCS([getpgrp],[ 2569 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2570 AC_COMPILE_IFELSE( 2571 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2572 [ AC_MSG_RESULT([yes]) 2573 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2574 [ AC_MSG_RESULT([no]) 2575 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2576 ) 2577]) 2578 2579# Search for OpenSSL 2580saved_CPPFLAGS="$CPPFLAGS" 2581saved_LDFLAGS="$LDFLAGS" 2582AC_ARG_WITH([ssl-dir], 2583 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2584 [ 2585 if test "x$openssl" = "xno" ; then 2586 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2587 fi 2588 if test "x$withval" != "xno" ; then 2589 case "$withval" in 2590 # Relative paths 2591 ./*|../*) withval="`pwd`/$withval" 2592 esac 2593 if test -d "$withval/lib"; then 2594 if test -n "${rpath_opt}"; then 2595 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 2596 else 2597 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2598 fi 2599 elif test -d "$withval/lib64"; then 2600 if test -n "${rpath_opt}"; then 2601 LDFLAGS="-L${withval}/lib64 ${rpath_opt}${withval}/lib64 ${LDFLAGS}" 2602 else 2603 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2604 fi 2605 else 2606 if test -n "${rpath_opt}"; then 2607 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 2608 else 2609 LDFLAGS="-L${withval} ${LDFLAGS}" 2610 fi 2611 fi 2612 if test -d "$withval/include"; then 2613 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2614 else 2615 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2616 fi 2617 fi 2618 ] 2619) 2620 2621AC_ARG_WITH([openssl-header-check], 2622 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2623 [ 2624 if test "x$withval" = "xno" ; then 2625 openssl_check_nonfatal=1 2626 fi 2627 ] 2628) 2629 2630openssl_engine=no 2631AC_ARG_WITH([ssl-engine], 2632 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2633 [ 2634 if test "x$withval" != "xno" ; then 2635 if test "x$openssl" = "xno" ; then 2636 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2637 fi 2638 openssl_engine=yes 2639 fi 2640 ] 2641) 2642 2643if test "x$openssl" = "xyes" ; then 2644 LIBS="-lcrypto $LIBS" 2645 AC_TRY_LINK_FUNC([RAND_add], , 2646 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2647 AC_CHECK_HEADER([openssl/opensslv.h], , 2648 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2649 2650 # Determine OpenSSL header version 2651 AC_MSG_CHECKING([OpenSSL header version]) 2652 AC_RUN_IFELSE( 2653 [AC_LANG_PROGRAM([[ 2654 #include <stdlib.h> 2655 #include <stdio.h> 2656 #include <string.h> 2657 #include <openssl/opensslv.h> 2658 #define DATA "conftest.sslincver" 2659 ]], [[ 2660 FILE *fd; 2661 int rc; 2662 2663 fd = fopen(DATA,"w"); 2664 if(fd == NULL) 2665 exit(1); 2666 2667 if ((rc = fprintf(fd, "%08lx (%s)\n", 2668 (unsigned long)OPENSSL_VERSION_NUMBER, 2669 OPENSSL_VERSION_TEXT)) < 0) 2670 exit(1); 2671 2672 exit(0); 2673 ]])], 2674 [ 2675 ssl_header_ver=`cat conftest.sslincver` 2676 AC_MSG_RESULT([$ssl_header_ver]) 2677 ], 2678 [ 2679 AC_MSG_RESULT([not found]) 2680 AC_MSG_ERROR([OpenSSL version header not found.]) 2681 ], 2682 [ 2683 AC_MSG_WARN([cross compiling: not checking]) 2684 ] 2685 ) 2686 2687 # Determining OpenSSL library version is version dependent. 2688 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2689 2690 # Determine OpenSSL library version 2691 AC_MSG_CHECKING([OpenSSL library version]) 2692 AC_RUN_IFELSE( 2693 [AC_LANG_PROGRAM([[ 2694 #include <stdio.h> 2695 #include <stdlib.h> 2696 #include <string.h> 2697 #include <openssl/opensslv.h> 2698 #include <openssl/crypto.h> 2699 #define DATA "conftest.ssllibver" 2700 ]], [[ 2701 FILE *fd; 2702 int rc; 2703 2704 fd = fopen(DATA,"w"); 2705 if(fd == NULL) 2706 exit(1); 2707#ifndef OPENSSL_VERSION 2708# define OPENSSL_VERSION SSLEAY_VERSION 2709#endif 2710#ifndef HAVE_OPENSSL_VERSION 2711# define OpenSSL_version SSLeay_version 2712#endif 2713#ifndef HAVE_OPENSSL_VERSION_NUM 2714# define OpenSSL_version_num SSLeay 2715#endif 2716 if ((rc = fprintf(fd, "%08lx (%s)\n", 2717 (unsigned long)OpenSSL_version_num(), 2718 OpenSSL_version(OPENSSL_VERSION))) < 0) 2719 exit(1); 2720 2721 exit(0); 2722 ]])], 2723 [ 2724 ssl_library_ver=`cat conftest.ssllibver` 2725 # Check version is supported. 2726 case "$ssl_library_ver" in 2727 10000*|0*) 2728 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2729 ;; 2730 100*) ;; # 1.0.x 2731 101000[[0123456]]*) 2732 # https://github.com/openssl/openssl/pull/4613 2733 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) 2734 ;; 2735 101*) ;; # 1.1.x 2736 200*) ;; # LibreSSL 2737 300*) ;; # OpenSSL development branch. 2738 *) 2739 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) 2740 ;; 2741 esac 2742 AC_MSG_RESULT([$ssl_library_ver]) 2743 ], 2744 [ 2745 AC_MSG_RESULT([not found]) 2746 AC_MSG_ERROR([OpenSSL library not found.]) 2747 ], 2748 [ 2749 AC_MSG_WARN([cross compiling: not checking]) 2750 ] 2751 ) 2752 2753 # Sanity check OpenSSL headers 2754 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2755 AC_RUN_IFELSE( 2756 [AC_LANG_PROGRAM([[ 2757 #include <stdlib.h> 2758 #include <string.h> 2759 #include <openssl/opensslv.h> 2760 #include <openssl/crypto.h> 2761 ]], [[ 2762#ifndef HAVE_OPENSSL_VERSION_NUM 2763# define OpenSSL_version_num SSLeay 2764#endif 2765 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2766 ]])], 2767 [ 2768 AC_MSG_RESULT([yes]) 2769 ], 2770 [ 2771 AC_MSG_RESULT([no]) 2772 if test "x$openssl_check_nonfatal" = "x"; then 2773 AC_MSG_ERROR([Your OpenSSL headers do not match your 2774 library. Check config.log for details. 2775 If you are sure your installation is consistent, you can disable the check 2776 by running "./configure --without-openssl-header-check". 2777 Also see contrib/findssl.sh for help identifying header/library mismatches. 2778 ]) 2779 else 2780 AC_MSG_WARN([Your OpenSSL headers do not match your 2781 library. Check config.log for details. 2782 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2783 fi 2784 ], 2785 [ 2786 AC_MSG_WARN([cross compiling: not checking]) 2787 ] 2788 ) 2789 2790 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2791 AC_LINK_IFELSE( 2792 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2793 [[ ERR_load_crypto_strings(); ]])], 2794 [ 2795 AC_MSG_RESULT([yes]) 2796 ], 2797 [ 2798 AC_MSG_RESULT([no]) 2799 saved_LIBS="$LIBS" 2800 LIBS="$LIBS -ldl" 2801 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2802 AC_LINK_IFELSE( 2803 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2804 [[ ERR_load_crypto_strings(); ]])], 2805 [ 2806 AC_MSG_RESULT([yes]) 2807 ], 2808 [ 2809 AC_MSG_RESULT([no]) 2810 LIBS="$saved_LIBS" 2811 ] 2812 ) 2813 ] 2814 ) 2815 2816 AC_CHECK_FUNCS([ \ 2817 BN_is_prime_ex \ 2818 DSA_generate_parameters_ex \ 2819 EVP_CIPHER_CTX_ctrl \ 2820 EVP_DigestFinal_ex \ 2821 EVP_DigestInit_ex \ 2822 EVP_MD_CTX_cleanup \ 2823 EVP_MD_CTX_copy_ex \ 2824 EVP_MD_CTX_init \ 2825 HMAC_CTX_init \ 2826 RSA_generate_key_ex \ 2827 RSA_get_default_method \ 2828 ]) 2829 2830 # OpenSSL_add_all_algorithms may be a macro. 2831 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 2832 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 2833 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 2834 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 2835 [[#include <openssl/evp.h>]] 2836 ) 2837 ) 2838 2839 # LibreSSL/OpenSSL 1.1x API 2840 AC_CHECK_FUNCS([ \ 2841 OPENSSL_init_crypto \ 2842 DH_get0_key \ 2843 DH_get0_pqg \ 2844 DH_set0_key \ 2845 DH_set_length \ 2846 DH_set0_pqg \ 2847 DSA_get0_key \ 2848 DSA_get0_pqg \ 2849 DSA_set0_key \ 2850 DSA_set0_pqg \ 2851 DSA_SIG_get0 \ 2852 DSA_SIG_set0 \ 2853 ECDSA_SIG_get0 \ 2854 ECDSA_SIG_set0 \ 2855 EVP_CIPHER_CTX_iv \ 2856 EVP_CIPHER_CTX_iv_noconst \ 2857 EVP_CIPHER_CTX_get_iv \ 2858 EVP_CIPHER_CTX_set_iv \ 2859 RSA_get0_crt_params \ 2860 RSA_get0_factors \ 2861 RSA_get0_key \ 2862 RSA_set0_crt_params \ 2863 RSA_set0_factors \ 2864 RSA_set0_key \ 2865 RSA_meth_free \ 2866 RSA_meth_dup \ 2867 RSA_meth_set1_name \ 2868 RSA_meth_get_finish \ 2869 RSA_meth_set_priv_enc \ 2870 RSA_meth_set_priv_dec \ 2871 RSA_meth_set_finish \ 2872 EVP_PKEY_get0_RSA \ 2873 EVP_MD_CTX_new \ 2874 EVP_MD_CTX_free \ 2875 EVP_chacha20 \ 2876 ]) 2877 2878 if test "x$openssl_engine" = "xyes" ; then 2879 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2880 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2881 #include <openssl/engine.h> 2882 ]], [[ 2883 ENGINE_load_builtin_engines(); 2884 ENGINE_register_all_complete(); 2885 ]])], 2886 [ AC_MSG_RESULT([yes]) 2887 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2888 [Enable OpenSSL engine support]) 2889 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2890 ]) 2891 fi 2892 2893 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2894 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2895 AC_LINK_IFELSE( 2896 [AC_LANG_PROGRAM([[ 2897 #include <stdlib.h> 2898 #include <string.h> 2899 #include <openssl/evp.h> 2900 ]], [[ 2901 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2902 ]])], 2903 [ 2904 AC_MSG_RESULT([no]) 2905 ], 2906 [ 2907 AC_MSG_RESULT([yes]) 2908 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2909 [libcrypto is missing AES 192 and 256 bit functions]) 2910 ] 2911 ) 2912 2913 # Check for OpenSSL with EVP_aes_*ctr 2914 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2915 AC_LINK_IFELSE( 2916 [AC_LANG_PROGRAM([[ 2917 #include <stdlib.h> 2918 #include <string.h> 2919 #include <openssl/evp.h> 2920 ]], [[ 2921 exit(EVP_aes_128_ctr() == NULL || 2922 EVP_aes_192_cbc() == NULL || 2923 EVP_aes_256_cbc() == NULL); 2924 ]])], 2925 [ 2926 AC_MSG_RESULT([yes]) 2927 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2928 [libcrypto has EVP AES CTR]) 2929 ], 2930 [ 2931 AC_MSG_RESULT([no]) 2932 ] 2933 ) 2934 2935 # Check for OpenSSL with EVP_aes_*gcm 2936 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2937 AC_LINK_IFELSE( 2938 [AC_LANG_PROGRAM([[ 2939 #include <stdlib.h> 2940 #include <string.h> 2941 #include <openssl/evp.h> 2942 ]], [[ 2943 exit(EVP_aes_128_gcm() == NULL || 2944 EVP_aes_256_gcm() == NULL || 2945 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2946 EVP_CTRL_GCM_IV_GEN == 0 || 2947 EVP_CTRL_GCM_SET_TAG == 0 || 2948 EVP_CTRL_GCM_GET_TAG == 0 || 2949 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2950 ]])], 2951 [ 2952 AC_MSG_RESULT([yes]) 2953 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2954 [libcrypto has EVP AES GCM]) 2955 ], 2956 [ 2957 AC_MSG_RESULT([no]) 2958 unsupported_algorithms="$unsupported_cipers \ 2959 aes128-gcm@openssh.com \ 2960 aes256-gcm@openssh.com" 2961 ] 2962 ) 2963 2964 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2965 AC_LINK_IFELSE( 2966 [AC_LANG_PROGRAM([[ 2967 #include <stdlib.h> 2968 #include <string.h> 2969 #include <openssl/evp.h> 2970 ]], [[ 2971 if(EVP_DigestUpdate(NULL, NULL,0)) 2972 exit(0); 2973 ]])], 2974 [ 2975 AC_MSG_RESULT([yes]) 2976 ], 2977 [ 2978 AC_MSG_RESULT([no]) 2979 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2980 [Define if EVP_DigestUpdate returns void]) 2981 ] 2982 ) 2983 2984 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2985 # because the system crypt() is more featureful. 2986 if test "x$check_for_libcrypt_before" = "x1"; then 2987 AC_CHECK_LIB([crypt], [crypt]) 2988 fi 2989 2990 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2991 # version in OpenSSL. 2992 if test "x$check_for_libcrypt_later" = "x1"; then 2993 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2994 fi 2995 AC_CHECK_FUNCS([crypt DES_crypt]) 2996 2997 # Check for SHA256, SHA384 and SHA512 support in OpenSSL 2998 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) 2999 3000 # Check complete ECC support in OpenSSL 3001 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 3002 AC_LINK_IFELSE( 3003 [AC_LANG_PROGRAM([[ 3004 #include <openssl/ec.h> 3005 #include <openssl/ecdh.h> 3006 #include <openssl/ecdsa.h> 3007 #include <openssl/evp.h> 3008 #include <openssl/objects.h> 3009 #include <openssl/opensslv.h> 3010 ]], [[ 3011 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3012 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3013 ]])], 3014 [ AC_MSG_RESULT([yes]) 3015 enable_nistp256=1 ], 3016 [ AC_MSG_RESULT([no]) ] 3017 ) 3018 3019 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3020 AC_LINK_IFELSE( 3021 [AC_LANG_PROGRAM([[ 3022 #include <openssl/ec.h> 3023 #include <openssl/ecdh.h> 3024 #include <openssl/ecdsa.h> 3025 #include <openssl/evp.h> 3026 #include <openssl/objects.h> 3027 #include <openssl/opensslv.h> 3028 ]], [[ 3029 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3030 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3031 ]])], 3032 [ AC_MSG_RESULT([yes]) 3033 enable_nistp384=1 ], 3034 [ AC_MSG_RESULT([no]) ] 3035 ) 3036 3037 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3038 AC_LINK_IFELSE( 3039 [AC_LANG_PROGRAM([[ 3040 #include <openssl/ec.h> 3041 #include <openssl/ecdh.h> 3042 #include <openssl/ecdsa.h> 3043 #include <openssl/evp.h> 3044 #include <openssl/objects.h> 3045 #include <openssl/opensslv.h> 3046 ]], [[ 3047 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3048 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3049 ]])], 3050 [ AC_MSG_RESULT([yes]) 3051 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3052 AC_RUN_IFELSE( 3053 [AC_LANG_PROGRAM([[ 3054 #include <stdlib.h> 3055 #include <openssl/ec.h> 3056 #include <openssl/ecdh.h> 3057 #include <openssl/ecdsa.h> 3058 #include <openssl/evp.h> 3059 #include <openssl/objects.h> 3060 #include <openssl/opensslv.h> 3061 ]],[[ 3062 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3063 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3064 exit(e == NULL || m == NULL); 3065 ]])], 3066 [ AC_MSG_RESULT([yes]) 3067 enable_nistp521=1 ], 3068 [ AC_MSG_RESULT([no]) ], 3069 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3070 enable_nistp521=1 ] 3071 )], 3072 AC_MSG_RESULT([no]) 3073 ) 3074 3075 COMMENT_OUT_ECC="#no ecc#" 3076 TEST_SSH_ECC=no 3077 3078 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3079 test x$enable_nistp521 = x1; then 3080 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3081 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3082 openssl_ecc=yes 3083 else 3084 openssl_ecc=no 3085 fi 3086 if test x$enable_nistp256 = x1; then 3087 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3088 [libcrypto has NID_X9_62_prime256v1]) 3089 TEST_SSH_ECC=yes 3090 COMMENT_OUT_ECC="" 3091 else 3092 unsupported_algorithms="$unsupported_algorithms \ 3093 ecdsa-sha2-nistp256 \ 3094 ecdh-sha2-nistp256 \ 3095 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3096 fi 3097 if test x$enable_nistp384 = x1; then 3098 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3099 TEST_SSH_ECC=yes 3100 COMMENT_OUT_ECC="" 3101 else 3102 unsupported_algorithms="$unsupported_algorithms \ 3103 ecdsa-sha2-nistp384 \ 3104 ecdh-sha2-nistp384 \ 3105 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3106 fi 3107 if test x$enable_nistp521 = x1; then 3108 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3109 TEST_SSH_ECC=yes 3110 COMMENT_OUT_ECC="" 3111 else 3112 unsupported_algorithms="$unsupported_algorithms \ 3113 ecdh-sha2-nistp521 \ 3114 ecdsa-sha2-nistp521 \ 3115 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3116 fi 3117 3118 AC_SUBST([TEST_SSH_ECC]) 3119 AC_SUBST([COMMENT_OUT_ECC]) 3120else 3121 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3122 AC_CHECK_FUNCS([crypt]) 3123fi 3124 3125# PKCS11/U2F depend on OpenSSL and dlopen(). 3126enable_pkcs11=yes 3127enable_sk=yes 3128if test "x$openssl" != "xyes" ; then 3129 enable_pkcs11="disabled; missing libcrypto" 3130 enable_sk="disabled; missing libcrypto" 3131fi 3132if test "x$openssl_ecc" != "xyes" ; then 3133 enable_sk="disabled; OpenSSL has no ECC support" 3134fi 3135if test "x$ac_cv_func_dlopen" != "xyes" ; then 3136 enable_pkcs11="disabled; missing dlopen(3)" 3137 enable_sk="disabled; missing dlopen(3)" 3138fi 3139if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3140 enable_pkcs11="disabled; missing RTLD_NOW" 3141 enable_sk="disabled; missing RTLD_NOW" 3142fi 3143if test ! -z "$disable_pkcs11" ; then 3144 enable_pkcs11="disabled by user" 3145fi 3146if test ! -z "$disable_sk" ; then 3147 enable_sk="disabled by user" 3148fi 3149 3150AC_MSG_CHECKING([whether to enable PKCS11]) 3151if test "x$enable_pkcs11" = "xyes" ; then 3152 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3153fi 3154AC_MSG_RESULT([$enable_pkcs11]) 3155 3156AC_MSG_CHECKING([whether to enable U2F]) 3157if test "x$enable_sk" = "xyes" ; then 3158 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3159 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3160else 3161 # Do not try to build sk-dummy library. 3162 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3163fi 3164AC_MSG_RESULT([$enable_sk]) 3165 3166# Now check for built-in security key support. 3167if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then 3168 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 3169 use_pkgconfig_for_libfido2= 3170 if test "x$PKGCONFIG" != "xno"; then 3171 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3172 if "$PKGCONFIG" libfido2; then 3173 AC_MSG_RESULT([yes]) 3174 use_pkgconfig_for_libfido2=yes 3175 else 3176 AC_MSG_RESULT([no]) 3177 fi 3178 fi 3179 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3180 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3181 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3182 else 3183 LIBFIDO2="-lfido2 -lcbor" 3184 fi 3185 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3186 AC_CHECK_LIB([fido2], [fido_init], 3187 [ 3188 AC_SUBST([LIBFIDO2]) 3189 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3190 [Enable for built-in U2F/FIDO support]) 3191 enable_sk="built-in" 3192 ], [ AC_MSG_ERROR([no usable libfido2 found]) ], 3193 [ $OTHERLIBS ] 3194 ) 3195 saved_LIBS="$LIBS" 3196 LIBS="$LIBS $LIBFIDO2" 3197 AC_CHECK_FUNCS([ \ 3198 fido_cred_prot \ 3199 fido_cred_set_prot \ 3200 fido_dev_get_touch_begin \ 3201 fido_dev_get_touch_status \ 3202 fido_dev_supports_cred_prot \ 3203 ]) 3204 LIBS="$saved_LIBS" 3205 AC_CHECK_HEADER([fido.h], [], 3206 AC_MSG_ERROR([missing fido.h from libfido2])) 3207 AC_CHECK_HEADER([fido/credman.h], [], 3208 AC_MSG_ERROR([missing fido/credman.h from libfido2]), 3209 [#include <fido.h>] 3210 ) 3211fi 3212 3213AC_CHECK_FUNCS([ \ 3214 arc4random \ 3215 arc4random_buf \ 3216 arc4random_stir \ 3217 arc4random_uniform \ 3218]) 3219 3220saved_LIBS="$LIBS" 3221AC_CHECK_LIB([iaf], [ia_openinfo], [ 3222 LIBS="$LIBS -liaf" 3223 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3224 AC_DEFINE([HAVE_LIBIAF], [1], 3225 [Define if system has libiaf that supports set_id]) 3226 ]) 3227]) 3228LIBS="$saved_LIBS" 3229 3230### Configure cryptographic random number support 3231 3232# Check whether OpenSSL seeds itself 3233if test "x$openssl" = "xyes" ; then 3234 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3235 AC_RUN_IFELSE( 3236 [AC_LANG_PROGRAM([[ 3237 #include <stdlib.h> 3238 #include <string.h> 3239 #include <openssl/rand.h> 3240 ]], [[ 3241 exit(RAND_status() == 1 ? 0 : 1); 3242 ]])], 3243 [ 3244 OPENSSL_SEEDS_ITSELF=yes 3245 AC_MSG_RESULT([yes]) 3246 ], 3247 [ 3248 AC_MSG_RESULT([no]) 3249 ], 3250 [ 3251 AC_MSG_WARN([cross compiling: assuming yes]) 3252 # This is safe, since we will fatal() at runtime if 3253 # OpenSSL is not seeded correctly. 3254 OPENSSL_SEEDS_ITSELF=yes 3255 ] 3256 ) 3257fi 3258 3259# PRNGD TCP socket 3260AC_ARG_WITH([prngd-port], 3261 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3262 [ 3263 case "$withval" in 3264 no) 3265 withval="" 3266 ;; 3267 [[0-9]]*) 3268 ;; 3269 *) 3270 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3271 ;; 3272 esac 3273 if test ! -z "$withval" ; then 3274 PRNGD_PORT="$withval" 3275 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3276 [Port number of PRNGD/EGD random number socket]) 3277 fi 3278 ] 3279) 3280 3281# PRNGD Unix domain socket 3282AC_ARG_WITH([prngd-socket], 3283 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3284 [ 3285 case "$withval" in 3286 yes) 3287 withval="/var/run/egd-pool" 3288 ;; 3289 no) 3290 withval="" 3291 ;; 3292 /*) 3293 ;; 3294 *) 3295 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3296 ;; 3297 esac 3298 3299 if test ! -z "$withval" ; then 3300 if test ! -z "$PRNGD_PORT" ; then 3301 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3302 fi 3303 if test ! -r "$withval" ; then 3304 AC_MSG_WARN([Entropy socket is not readable]) 3305 fi 3306 PRNGD_SOCKET="$withval" 3307 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3308 [Location of PRNGD/EGD random number socket]) 3309 fi 3310 ], 3311 [ 3312 # Check for existing socket only if we don't have a random device already 3313 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3314 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3315 # Insert other locations here 3316 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3317 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3318 PRNGD_SOCKET="$sock" 3319 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3320 break; 3321 fi 3322 done 3323 if test ! -z "$PRNGD_SOCKET" ; then 3324 AC_MSG_RESULT([$PRNGD_SOCKET]) 3325 else 3326 AC_MSG_RESULT([not found]) 3327 fi 3328 fi 3329 ] 3330) 3331 3332# Which randomness source do we use? 3333if test ! -z "$PRNGD_PORT" ; then 3334 RAND_MSG="PRNGd port $PRNGD_PORT" 3335elif test ! -z "$PRNGD_SOCKET" ; then 3336 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3337elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3338 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3339 [Define if you want the OpenSSL internally seeded PRNG only]) 3340 RAND_MSG="OpenSSL internal ONLY" 3341elif test "x$openssl" = "xno" ; then 3342 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3343else 3344 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3345fi 3346 3347# Check for PAM libs 3348PAM_MSG="no" 3349AC_ARG_WITH([pam], 3350 [ --with-pam Enable PAM support ], 3351 [ 3352 if test "x$withval" != "xno" ; then 3353 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3354 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3355 AC_MSG_ERROR([PAM headers not found]) 3356 fi 3357 3358 saved_LIBS="$LIBS" 3359 AC_CHECK_LIB([dl], [dlopen], , ) 3360 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3361 AC_CHECK_FUNCS([pam_getenvlist]) 3362 AC_CHECK_FUNCS([pam_putenv]) 3363 LIBS="$saved_LIBS" 3364 3365 PAM_MSG="yes" 3366 3367 SSHDLIBS="$SSHDLIBS -lpam" 3368 AC_DEFINE([USE_PAM], [1], 3369 [Define if you want to enable PAM support]) 3370 3371 if test $ac_cv_lib_dl_dlopen = yes; then 3372 case "$LIBS" in 3373 *-ldl*) 3374 # libdl already in LIBS 3375 ;; 3376 *) 3377 SSHDLIBS="$SSHDLIBS -ldl" 3378 ;; 3379 esac 3380 fi 3381 fi 3382 ] 3383) 3384 3385AC_ARG_WITH([pam-service], 3386 [ --with-pam-service=name Specify PAM service name ], 3387 [ 3388 if test "x$withval" != "xno" && \ 3389 test "x$withval" != "xyes" ; then 3390 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3391 ["$withval"], [sshd PAM service name]) 3392 fi 3393 ] 3394) 3395 3396# Check for older PAM 3397if test "x$PAM_MSG" = "xyes" ; then 3398 # Check PAM strerror arguments (old PAM) 3399 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3400 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3401#include <stdlib.h> 3402#if defined(HAVE_SECURITY_PAM_APPL_H) 3403#include <security/pam_appl.h> 3404#elif defined (HAVE_PAM_PAM_APPL_H) 3405#include <pam/pam_appl.h> 3406#endif 3407 ]], [[ 3408(void)pam_strerror((pam_handle_t *)NULL, -1); 3409 ]])], [AC_MSG_RESULT([no])], [ 3410 AC_DEFINE([HAVE_OLD_PAM], [1], 3411 [Define if you have an old version of PAM 3412 which takes only one argument to pam_strerror]) 3413 AC_MSG_RESULT([yes]) 3414 PAM_MSG="yes (old library)" 3415 3416 ]) 3417fi 3418 3419case "$host" in 3420*-*-cygwin*) 3421 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3422 ;; 3423*) 3424 SSH_PRIVSEP_USER=sshd 3425 ;; 3426esac 3427AC_ARG_WITH([privsep-user], 3428 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3429 [ 3430 if test -n "$withval" && test "x$withval" != "xno" && \ 3431 test "x${withval}" != "xyes"; then 3432 SSH_PRIVSEP_USER=$withval 3433 fi 3434 ] 3435) 3436if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3437 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3438 [Cygwin function to fetch non-privileged user for privilege separation]) 3439else 3440 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3441 [non-privileged user for privilege separation]) 3442fi 3443AC_SUBST([SSH_PRIVSEP_USER]) 3444 3445if test "x$have_linux_no_new_privs" = "x1" ; then 3446AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3447 #include <sys/types.h> 3448 #include <linux/seccomp.h> 3449]) 3450fi 3451if test "x$have_seccomp_filter" = "x1" ; then 3452AC_MSG_CHECKING([kernel for seccomp_filter support]) 3453AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3454 #include <errno.h> 3455 #include <elf.h> 3456 #include <linux/audit.h> 3457 #include <linux/seccomp.h> 3458 #include <stdlib.h> 3459 #include <sys/prctl.h> 3460 ]], 3461 [[ int i = $seccomp_audit_arch; 3462 errno = 0; 3463 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3464 exit(errno == EFAULT ? 0 : 1); ]])], 3465 [ AC_MSG_RESULT([yes]) ], [ 3466 AC_MSG_RESULT([no]) 3467 # Disable seccomp filter as a target 3468 have_seccomp_filter=0 3469 ] 3470) 3471fi 3472 3473# Decide which sandbox style to use 3474sandbox_arg="" 3475AC_ARG_WITH([sandbox], 3476 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3477 [ 3478 if test "x$withval" = "xyes" ; then 3479 sandbox_arg="" 3480 else 3481 sandbox_arg="$withval" 3482 fi 3483 ] 3484) 3485 3486# Some platforms (seems to be the ones that have a kernel poll(2)-type 3487# function with which they implement select(2)) use an extra file descriptor 3488# when calling select(2), which means we can't use the rlimit sandbox. 3489AC_MSG_CHECKING([if select works with descriptor rlimit]) 3490AC_RUN_IFELSE( 3491 [AC_LANG_PROGRAM([[ 3492#include <sys/types.h> 3493#ifdef HAVE_SYS_TIME_H 3494# include <sys/time.h> 3495#endif 3496#include <sys/resource.h> 3497#ifdef HAVE_SYS_SELECT_H 3498# include <sys/select.h> 3499#endif 3500#include <errno.h> 3501#include <fcntl.h> 3502#include <stdlib.h> 3503 ]],[[ 3504 struct rlimit rl_zero; 3505 int fd, r; 3506 fd_set fds; 3507 struct timeval tv; 3508 3509 fd = open("/dev/null", O_RDONLY); 3510 FD_ZERO(&fds); 3511 FD_SET(fd, &fds); 3512 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3513 setrlimit(RLIMIT_FSIZE, &rl_zero); 3514 setrlimit(RLIMIT_NOFILE, &rl_zero); 3515 tv.tv_sec = 1; 3516 tv.tv_usec = 0; 3517 r = select(fd+1, &fds, NULL, NULL, &tv); 3518 exit (r == -1 ? 1 : 0); 3519 ]])], 3520 [AC_MSG_RESULT([yes]) 3521 select_works_with_rlimit=yes], 3522 [AC_MSG_RESULT([no]) 3523 select_works_with_rlimit=no], 3524 [AC_MSG_WARN([cross compiling: assuming yes]) 3525 select_works_with_rlimit=yes] 3526) 3527 3528AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3529AC_RUN_IFELSE( 3530 [AC_LANG_PROGRAM([[ 3531#include <sys/types.h> 3532#ifdef HAVE_SYS_TIME_H 3533# include <sys/time.h> 3534#endif 3535#include <sys/resource.h> 3536#include <errno.h> 3537#include <stdlib.h> 3538 ]],[[ 3539 struct rlimit rl_zero; 3540 int r; 3541 3542 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3543 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3544 exit (r == -1 ? 1 : 0); 3545 ]])], 3546 [AC_MSG_RESULT([yes]) 3547 rlimit_nofile_zero_works=yes], 3548 [AC_MSG_RESULT([no]) 3549 rlimit_nofile_zero_works=no], 3550 [AC_MSG_WARN([cross compiling: assuming yes]) 3551 rlimit_nofile_zero_works=yes] 3552) 3553 3554AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3555AC_RUN_IFELSE( 3556 [AC_LANG_PROGRAM([[ 3557#include <sys/types.h> 3558#include <sys/resource.h> 3559#include <stdlib.h> 3560 ]],[[ 3561 struct rlimit rl_zero; 3562 3563 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3564 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3565 ]])], 3566 [AC_MSG_RESULT([yes])], 3567 [AC_MSG_RESULT([no]) 3568 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3569 [setrlimit RLIMIT_FSIZE works])], 3570 [AC_MSG_WARN([cross compiling: assuming yes])] 3571) 3572 3573if test "x$sandbox_arg" = "xpledge" || \ 3574 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3575 test "x$ac_cv_func_pledge" != "xyes" && \ 3576 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3577 SANDBOX_STYLE="pledge" 3578 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3579elif test "x$sandbox_arg" = "xsystrace" || \ 3580 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3581 test "x$have_systr_policy_kill" != "x1" && \ 3582 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3583 SANDBOX_STYLE="systrace" 3584 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3585elif test "x$sandbox_arg" = "xdarwin" || \ 3586 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3587 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3588 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3589 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3590 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3591 SANDBOX_STYLE="darwin" 3592 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3593elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3594 ( test -z "$sandbox_arg" && \ 3595 test "x$have_seccomp_filter" = "x1" && \ 3596 test "x$ac_cv_header_elf_h" = "xyes" && \ 3597 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3598 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3599 test "x$seccomp_audit_arch" != "x" && \ 3600 test "x$have_linux_no_new_privs" = "x1" && \ 3601 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3602 test "x$seccomp_audit_arch" = "x" && \ 3603 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3604 test "x$have_linux_no_new_privs" != "x1" && \ 3605 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3606 test "x$have_seccomp_filter" != "x1" && \ 3607 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3608 test "x$ac_cv_func_prctl" != "xyes" && \ 3609 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3610 SANDBOX_STYLE="seccomp_filter" 3611 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3612elif test "x$sandbox_arg" = "xcapsicum" || \ 3613 ( test -z "$sandbox_arg" && \ 3614 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3615 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3616 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3617 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3618 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3619 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3620 SANDBOX_STYLE="capsicum" 3621 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3622elif test "x$sandbox_arg" = "xrlimit" || \ 3623 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3624 test "x$select_works_with_rlimit" = "xyes" && \ 3625 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3626 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3627 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3628 test "x$select_works_with_rlimit" != "xyes" && \ 3629 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3630 SANDBOX_STYLE="rlimit" 3631 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3632elif test "x$sandbox_arg" = "xsolaris" || \ 3633 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3634 SANDBOX_STYLE="solaris" 3635 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3636elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3637 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3638 SANDBOX_STYLE="none" 3639 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3640else 3641 AC_MSG_ERROR([unsupported --with-sandbox]) 3642fi 3643 3644# Cheap hack to ensure NEWS-OS libraries are arranged right. 3645if test ! -z "$SONY" ; then 3646 LIBS="$LIBS -liberty"; 3647fi 3648 3649# Check for long long datatypes 3650AC_CHECK_TYPES([long long, unsigned long long, long double]) 3651 3652# Check datatype sizes 3653AC_CHECK_SIZEOF([short int]) 3654AC_CHECK_SIZEOF([int]) 3655AC_CHECK_SIZEOF([long int]) 3656AC_CHECK_SIZEOF([long long int]) 3657 3658# Sanity check long long for some platforms (AIX) 3659if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3660 ac_cv_sizeof_long_long_int=0 3661fi 3662 3663# compute LLONG_MIN and LLONG_MAX if we don't know them. 3664if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3665 AC_MSG_CHECKING([for max value of long long]) 3666 AC_RUN_IFELSE( 3667 [AC_LANG_PROGRAM([[ 3668#include <stdio.h> 3669#include <stdlib.h> 3670/* Why is this so damn hard? */ 3671#ifdef __GNUC__ 3672# undef __GNUC__ 3673#endif 3674#define __USE_ISOC99 3675#include <limits.h> 3676#define DATA "conftest.llminmax" 3677#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3678 3679/* 3680 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3681 * we do this the hard way. 3682 */ 3683static int 3684fprint_ll(FILE *f, long long n) 3685{ 3686 unsigned int i; 3687 int l[sizeof(long long) * 8]; 3688 3689 if (n < 0) 3690 if (fprintf(f, "-") < 0) 3691 return -1; 3692 for (i = 0; n != 0; i++) { 3693 l[i] = my_abs(n % 10); 3694 n /= 10; 3695 } 3696 do { 3697 if (fprintf(f, "%d", l[--i]) < 0) 3698 return -1; 3699 } while (i != 0); 3700 if (fprintf(f, " ") < 0) 3701 return -1; 3702 return 0; 3703} 3704 ]], [[ 3705 FILE *f; 3706 long long i, llmin, llmax = 0; 3707 3708 if((f = fopen(DATA,"w")) == NULL) 3709 exit(1); 3710 3711#if defined(LLONG_MIN) && defined(LLONG_MAX) 3712 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3713 llmin = LLONG_MIN; 3714 llmax = LLONG_MAX; 3715#else 3716 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3717 /* This will work on one's complement and two's complement */ 3718 for (i = 1; i > llmax; i <<= 1, i++) 3719 llmax = i; 3720 llmin = llmax + 1LL; /* wrap */ 3721#endif 3722 3723 /* Sanity check */ 3724 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3725 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3726 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3727 fprintf(f, "unknown unknown\n"); 3728 exit(2); 3729 } 3730 3731 if (fprint_ll(f, llmin) < 0) 3732 exit(3); 3733 if (fprint_ll(f, llmax) < 0) 3734 exit(4); 3735 if (fclose(f) < 0) 3736 exit(5); 3737 exit(0); 3738 ]])], 3739 [ 3740 llong_min=`$AWK '{print $1}' conftest.llminmax` 3741 llong_max=`$AWK '{print $2}' conftest.llminmax` 3742 3743 AC_MSG_RESULT([$llong_max]) 3744 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3745 [max value of long long calculated by configure]) 3746 AC_MSG_CHECKING([for min value of long long]) 3747 AC_MSG_RESULT([$llong_min]) 3748 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3749 [min value of long long calculated by configure]) 3750 ], 3751 [ 3752 AC_MSG_RESULT([not found]) 3753 ], 3754 [ 3755 AC_MSG_WARN([cross compiling: not checking]) 3756 ] 3757 ) 3758fi 3759 3760AC_CHECK_DECLS([UINT32_MAX], , , [[ 3761#ifdef HAVE_SYS_LIMITS_H 3762# include <sys/limits.h> 3763#endif 3764#ifdef HAVE_LIMITS_H 3765# include <limits.h> 3766#endif 3767#ifdef HAVE_STDINT_H 3768# include <stdint.h> 3769#endif 3770]]) 3771 3772# More checks for data types 3773AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3774 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3775 [[ u_int a; a = 1;]])], 3776 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3777 ]) 3778]) 3779if test "x$ac_cv_have_u_int" = "xyes" ; then 3780 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3781 have_u_int=1 3782fi 3783 3784AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3785 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3786 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3787 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3788 ]) 3789]) 3790if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3791 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3792 have_intxx_t=1 3793fi 3794 3795if (test -z "$have_intxx_t" && \ 3796 test "x$ac_cv_header_stdint_h" = "xyes") 3797then 3798 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3799 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3800 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3801 [ 3802 AC_DEFINE([HAVE_INTXX_T]) 3803 AC_MSG_RESULT([yes]) 3804 ], [ AC_MSG_RESULT([no]) 3805 ]) 3806fi 3807 3808AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3809 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3810#include <sys/types.h> 3811#ifdef HAVE_STDINT_H 3812# include <stdint.h> 3813#endif 3814#include <sys/socket.h> 3815#ifdef HAVE_SYS_BITYPES_H 3816# include <sys/bitypes.h> 3817#endif 3818 ]], [[ 3819int64_t a; a = 1; 3820 ]])], 3821 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3822 ]) 3823]) 3824if test "x$ac_cv_have_int64_t" = "xyes" ; then 3825 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3826fi 3827 3828AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3829 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3830 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3831 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3832 ]) 3833]) 3834if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3835 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3836 have_u_intxx_t=1 3837fi 3838 3839if test -z "$have_u_intxx_t" ; then 3840 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3841 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3842 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3843 [ 3844 AC_DEFINE([HAVE_U_INTXX_T]) 3845 AC_MSG_RESULT([yes]) 3846 ], [ AC_MSG_RESULT([no]) 3847 ]) 3848fi 3849 3850AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3851 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3852 [[ u_int64_t a; a = 1;]])], 3853 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3854 ]) 3855]) 3856if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3857 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3858 have_u_int64_t=1 3859fi 3860 3861if (test -z "$have_u_int64_t" && \ 3862 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3863then 3864 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3865 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3866 [[ u_int64_t a; a = 1]])], 3867 [ 3868 AC_DEFINE([HAVE_U_INT64_T]) 3869 AC_MSG_RESULT([yes]) 3870 ], [ AC_MSG_RESULT([no]) 3871 ]) 3872fi 3873 3874if test -z "$have_u_intxx_t" ; then 3875 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3876 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3877#include <sys/types.h> 3878 ]], [[ 3879 uint8_t a; 3880 uint16_t b; 3881 uint32_t c; 3882 a = b = c = 1; 3883 ]])], 3884 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3885 ]) 3886 ]) 3887 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3888 AC_DEFINE([HAVE_UINTXX_T], [1], 3889 [define if you have uintxx_t data type]) 3890 fi 3891fi 3892 3893if (test -z "$have_uintxx_t" && \ 3894 test "x$ac_cv_header_stdint_h" = "xyes") 3895then 3896 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3897 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3898 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3899 [ 3900 AC_DEFINE([HAVE_UINTXX_T]) 3901 AC_MSG_RESULT([yes]) 3902 ], [ AC_MSG_RESULT([no]) 3903 ]) 3904fi 3905 3906if (test -z "$have_uintxx_t" && \ 3907 test "x$ac_cv_header_inttypes_h" = "xyes") 3908then 3909 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3910 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3911 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3912 [ 3913 AC_DEFINE([HAVE_UINTXX_T]) 3914 AC_MSG_RESULT([yes]) 3915 ], [ AC_MSG_RESULT([no]) 3916 ]) 3917fi 3918 3919if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3920 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3921then 3922 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3923 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3924#include <sys/bitypes.h> 3925 ]], [[ 3926 int8_t a; int16_t b; int32_t c; 3927 u_int8_t e; u_int16_t f; u_int32_t g; 3928 a = b = c = e = f = g = 1; 3929 ]])], 3930 [ 3931 AC_DEFINE([HAVE_U_INTXX_T]) 3932 AC_DEFINE([HAVE_INTXX_T]) 3933 AC_MSG_RESULT([yes]) 3934 ], [AC_MSG_RESULT([no]) 3935 ]) 3936fi 3937 3938 3939AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3940 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3941 [[ u_char foo; foo = 125; ]])], 3942 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3943 ]) 3944]) 3945if test "x$ac_cv_have_u_char" = "xyes" ; then 3946 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3947fi 3948 3949AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3950#include <sys/types.h> 3951#ifdef HAVE_STDINT_H 3952# include <stdint.h> 3953#endif 3954]) 3955 3956TYPE_SOCKLEN_T 3957 3958AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3959AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3960#include <sys/types.h> 3961#ifdef HAVE_SYS_BITYPES_H 3962#include <sys/bitypes.h> 3963#endif 3964#ifdef HAVE_SYS_STATFS_H 3965#include <sys/statfs.h> 3966#endif 3967#ifdef HAVE_SYS_STATVFS_H 3968#include <sys/statvfs.h> 3969#endif 3970]) 3971 3972AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 3973#include <sys/param.h> 3974#include <sys/types.h> 3975#ifdef HAVE_SYS_BITYPES_H 3976#include <sys/bitypes.h> 3977#endif 3978#ifdef HAVE_SYS_STATFS_H 3979#include <sys/statfs.h> 3980#endif 3981#ifdef HAVE_SYS_STATVFS_H 3982#include <sys/statvfs.h> 3983#endif 3984#ifdef HAVE_SYS_VFS_H 3985#include <sys/vfs.h> 3986#endif 3987#ifdef HAVE_SYS_MOUNT_H 3988#include <sys/mount.h> 3989#endif 3990]]) 3991 3992 3993AC_CHECK_TYPES([in_addr_t, in_port_t], , , 3994[#include <sys/types.h> 3995#include <netinet/in.h>]) 3996 3997AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3998 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3999 [[ size_t foo; foo = 1235; ]])], 4000 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 4001 ]) 4002]) 4003if test "x$ac_cv_have_size_t" = "xyes" ; then 4004 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 4005fi 4006 4007AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 4008 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4009 [[ ssize_t foo; foo = 1235; ]])], 4010 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 4011 ]) 4012]) 4013if test "x$ac_cv_have_ssize_t" = "xyes" ; then 4014 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 4015fi 4016 4017AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 4018 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4019 [[ clock_t foo; foo = 1235; ]])], 4020 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4021 ]) 4022]) 4023if test "x$ac_cv_have_clock_t" = "xyes" ; then 4024 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4025fi 4026 4027AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4028 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4029#include <sys/types.h> 4030#include <sys/socket.h> 4031 ]], [[ sa_family_t foo; foo = 1235; ]])], 4032 [ ac_cv_have_sa_family_t="yes" ], 4033 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4034#include <sys/types.h> 4035#include <sys/socket.h> 4036#include <netinet/in.h> 4037 ]], [[ sa_family_t foo; foo = 1235; ]])], 4038 [ ac_cv_have_sa_family_t="yes" ], 4039 [ ac_cv_have_sa_family_t="no" ] 4040 ) 4041 ]) 4042]) 4043if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4044 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4045 [define if you have sa_family_t data type]) 4046fi 4047 4048AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4049 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4050 [[ pid_t foo; foo = 1235; ]])], 4051 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4052 ]) 4053]) 4054if test "x$ac_cv_have_pid_t" = "xyes" ; then 4055 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4056fi 4057 4058AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4059 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4060 [[ mode_t foo; foo = 1235; ]])], 4061 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4062 ]) 4063]) 4064if test "x$ac_cv_have_mode_t" = "xyes" ; then 4065 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4066fi 4067 4068 4069AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4070 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4071#include <sys/types.h> 4072#include <sys/socket.h> 4073 ]], [[ struct sockaddr_storage s; ]])], 4074 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4075 [ ac_cv_have_struct_sockaddr_storage="no" 4076 ]) 4077]) 4078if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4079 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4080 [define if you have struct sockaddr_storage data type]) 4081fi 4082 4083AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4084 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4085#include <sys/types.h> 4086#include <netinet/in.h> 4087 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4088 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4089 [ ac_cv_have_struct_sockaddr_in6="no" 4090 ]) 4091]) 4092if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4093 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4094 [define if you have struct sockaddr_in6 data type]) 4095fi 4096 4097AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4098 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4099#include <sys/types.h> 4100#include <netinet/in.h> 4101 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4102 [ ac_cv_have_struct_in6_addr="yes" ], 4103 [ ac_cv_have_struct_in6_addr="no" 4104 ]) 4105]) 4106if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4107 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4108 [define if you have struct in6_addr data type]) 4109 4110dnl Now check for sin6_scope_id 4111 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4112 [ 4113#ifdef HAVE_SYS_TYPES_H 4114#include <sys/types.h> 4115#endif 4116#include <netinet/in.h> 4117 ]) 4118fi 4119 4120AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4121 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4122#include <sys/types.h> 4123#include <sys/socket.h> 4124#include <netdb.h> 4125 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4126 [ ac_cv_have_struct_addrinfo="yes" ], 4127 [ ac_cv_have_struct_addrinfo="no" 4128 ]) 4129]) 4130if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4131 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4132 [define if you have struct addrinfo data type]) 4133fi 4134 4135AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4136 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4137 [[ struct timeval tv; tv.tv_sec = 1;]])], 4138 [ ac_cv_have_struct_timeval="yes" ], 4139 [ ac_cv_have_struct_timeval="no" 4140 ]) 4141]) 4142if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4143 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4144 have_struct_timeval=1 4145fi 4146 4147AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4148 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4149 #ifdef HAVE_SYS_TIME_H 4150 # include <sys/time.h> 4151 #endif 4152 #ifdef HAVE_TIME_H 4153 # include <time.h> 4154 #endif 4155 ]], 4156 [[ struct timespec ts; ts.tv_sec = 1;]])], 4157 [ ac_cv_have_struct_timespec="yes" ], 4158 [ ac_cv_have_struct_timespec="no" 4159 ]) 4160]) 4161if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4162 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4163 have_struct_timespec=1 4164fi 4165 4166# We need int64_t or else certain parts of the compile will fail. 4167if test "x$ac_cv_have_int64_t" = "xno" && \ 4168 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4169 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4170 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4171 echo "an alternative compiler (I.E., GCC) before continuing." 4172 echo "" 4173 exit 1; 4174else 4175dnl test snprintf (broken on SCO w/gcc) 4176 AC_RUN_IFELSE( 4177 [AC_LANG_SOURCE([[ 4178#include <stdio.h> 4179#include <stdlib.h> 4180#include <string.h> 4181#ifdef HAVE_SNPRINTF 4182main() 4183{ 4184 char buf[50]; 4185 char expected_out[50]; 4186 int mazsize = 50 ; 4187#if (SIZEOF_LONG_INT == 8) 4188 long int num = 0x7fffffffffffffff; 4189#else 4190 long long num = 0x7fffffffffffffffll; 4191#endif 4192 strcpy(expected_out, "9223372036854775807"); 4193 snprintf(buf, mazsize, "%lld", num); 4194 if(strcmp(buf, expected_out) != 0) 4195 exit(1); 4196 exit(0); 4197} 4198#else 4199main() { exit(0); } 4200#endif 4201 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4202 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4203 ) 4204fi 4205 4206dnl Checks for structure members 4207OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4208OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4209OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4210OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4211OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4212OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4213OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4214OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4215OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4216OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4217OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4218OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4219OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4220OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4221OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4222OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4223OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4224OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX]) 4225 4226AC_CHECK_MEMBERS([struct stat.st_blksize]) 4227AC_CHECK_MEMBERS([struct stat.st_mtim]) 4228AC_CHECK_MEMBERS([struct stat.st_mtime]) 4229AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4230struct passwd.pw_change, struct passwd.pw_expire], 4231[], [], [[ 4232#include <sys/types.h> 4233#include <pwd.h> 4234]]) 4235 4236AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4237 [Define if we don't have struct __res_state in resolv.h])], 4238[[ 4239#include <stdio.h> 4240#if HAVE_SYS_TYPES_H 4241# include <sys/types.h> 4242#endif 4243#include <netinet/in.h> 4244#include <arpa/nameser.h> 4245#include <resolv.h> 4246]]) 4247 4248AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4249 ac_cv_have_ss_family_in_struct_ss, [ 4250 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4251#include <sys/types.h> 4252#include <sys/socket.h> 4253 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4254 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4255 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4256]) 4257if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4258 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4259fi 4260 4261AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4262 ac_cv_have___ss_family_in_struct_ss, [ 4263 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4264#include <sys/types.h> 4265#include <sys/socket.h> 4266 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4267 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4268 [ ac_cv_have___ss_family_in_struct_ss="no" 4269 ]) 4270]) 4271if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4272 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4273 [Fields in struct sockaddr_storage]) 4274fi 4275 4276dnl make sure we're using the real structure members and not defines 4277AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4278 ac_cv_have_accrights_in_msghdr, [ 4279 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4280#include <sys/types.h> 4281#include <sys/socket.h> 4282#include <sys/uio.h> 4283#include <stdlib.h> 4284 ]], [[ 4285#ifdef msg_accrights 4286#error "msg_accrights is a macro" 4287exit(1); 4288#endif 4289struct msghdr m; 4290m.msg_accrights = 0; 4291exit(0); 4292 ]])], 4293 [ ac_cv_have_accrights_in_msghdr="yes" ], 4294 [ ac_cv_have_accrights_in_msghdr="no" ] 4295 ) 4296]) 4297if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4298 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4299 [Define if your system uses access rights style 4300 file descriptor passing]) 4301fi 4302 4303AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4304AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4305#include <sys/param.h> 4306#include <sys/stat.h> 4307#ifdef HAVE_SYS_TIME_H 4308# include <sys/time.h> 4309#endif 4310#ifdef HAVE_SYS_MOUNT_H 4311#include <sys/mount.h> 4312#endif 4313#ifdef HAVE_SYS_STATVFS_H 4314#include <sys/statvfs.h> 4315#endif 4316 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4317 [ AC_MSG_RESULT([yes]) ], 4318 [ AC_MSG_RESULT([no]) 4319 4320 AC_MSG_CHECKING([if fsid_t has member val]) 4321 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4322#include <sys/types.h> 4323#include <sys/statvfs.h> 4324 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4325 [ AC_MSG_RESULT([yes]) 4326 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4327 [ AC_MSG_RESULT([no]) ]) 4328 4329 AC_MSG_CHECKING([if f_fsid has member __val]) 4330 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4331#include <sys/types.h> 4332#include <sys/statvfs.h> 4333 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4334 [ AC_MSG_RESULT([yes]) 4335 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4336 [ AC_MSG_RESULT([no]) ]) 4337]) 4338 4339AC_CACHE_CHECK([for msg_control field in struct msghdr], 4340 ac_cv_have_control_in_msghdr, [ 4341 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4342#include <sys/types.h> 4343#include <sys/socket.h> 4344#include <sys/uio.h> 4345#include <stdlib.h> 4346 ]], [[ 4347#ifdef msg_control 4348#error "msg_control is a macro" 4349exit(1); 4350#endif 4351struct msghdr m; 4352m.msg_control = 0; 4353exit(0); 4354 ]])], 4355 [ ac_cv_have_control_in_msghdr="yes" ], 4356 [ ac_cv_have_control_in_msghdr="no" ] 4357 ) 4358]) 4359if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4360 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4361 [Define if your system uses ancillary data style 4362 file descriptor passing]) 4363fi 4364 4365AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4366 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4367 [[ extern char *__progname; printf("%s", __progname); ]])], 4368 [ ac_cv_libc_defines___progname="yes" ], 4369 [ ac_cv_libc_defines___progname="no" 4370 ]) 4371]) 4372if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4373 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4374fi 4375 4376AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4377 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4378 [[ printf("%s", __FUNCTION__); ]])], 4379 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4380 [ ac_cv_cc_implements___FUNCTION__="no" 4381 ]) 4382]) 4383if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4384 AC_DEFINE([HAVE___FUNCTION__], [1], 4385 [Define if compiler implements __FUNCTION__]) 4386fi 4387 4388AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4389 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4390 [[ printf("%s", __func__); ]])], 4391 [ ac_cv_cc_implements___func__="yes" ], 4392 [ ac_cv_cc_implements___func__="no" 4393 ]) 4394]) 4395if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4396 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4397fi 4398 4399AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4400 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4401#include <stdarg.h> 4402va_list x,y; 4403 ]], [[ va_copy(x,y); ]])], 4404 [ ac_cv_have_va_copy="yes" ], 4405 [ ac_cv_have_va_copy="no" 4406 ]) 4407]) 4408if test "x$ac_cv_have_va_copy" = "xyes" ; then 4409 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4410fi 4411 4412AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4413 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4414#include <stdarg.h> 4415va_list x,y; 4416 ]], [[ __va_copy(x,y); ]])], 4417 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4418 ]) 4419]) 4420if test "x$ac_cv_have___va_copy" = "xyes" ; then 4421 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4422fi 4423 4424AC_CACHE_CHECK([whether getopt has optreset support], 4425 ac_cv_have_getopt_optreset, [ 4426 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4427 [[ extern int optreset; optreset = 0; ]])], 4428 [ ac_cv_have_getopt_optreset="yes" ], 4429 [ ac_cv_have_getopt_optreset="no" 4430 ]) 4431]) 4432if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4433 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4434 [Define if your getopt(3) defines and uses optreset]) 4435fi 4436 4437AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4438 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4439[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4440 [ ac_cv_libc_defines_sys_errlist="yes" ], 4441 [ ac_cv_libc_defines_sys_errlist="no" 4442 ]) 4443]) 4444if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4445 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4446 [Define if your system defines sys_errlist[]]) 4447fi 4448 4449 4450AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4451 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4452[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4453 [ ac_cv_libc_defines_sys_nerr="yes" ], 4454 [ ac_cv_libc_defines_sys_nerr="no" 4455 ]) 4456]) 4457if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4458 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4459fi 4460 4461# Check libraries needed by DNS fingerprint support 4462AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4463 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4464 [Define if getrrsetbyname() exists])], 4465 [ 4466 # Needed by our getrrsetbyname() 4467 AC_SEARCH_LIBS([res_query], [resolv]) 4468 AC_SEARCH_LIBS([dn_expand], [resolv]) 4469 AC_MSG_CHECKING([if res_query will link]) 4470 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4471#include <sys/types.h> 4472#include <netinet/in.h> 4473#include <arpa/nameser.h> 4474#include <netdb.h> 4475#include <resolv.h> 4476 ]], [[ 4477 res_query (0, 0, 0, 0, 0); 4478 ]])], 4479 AC_MSG_RESULT([yes]), 4480 [AC_MSG_RESULT([no]) 4481 saved_LIBS="$LIBS" 4482 LIBS="$LIBS -lresolv" 4483 AC_MSG_CHECKING([for res_query in -lresolv]) 4484 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4485#include <sys/types.h> 4486#include <netinet/in.h> 4487#include <arpa/nameser.h> 4488#include <netdb.h> 4489#include <resolv.h> 4490 ]], [[ 4491 res_query (0, 0, 0, 0, 0); 4492 ]])], 4493 [AC_MSG_RESULT([yes])], 4494 [LIBS="$saved_LIBS" 4495 AC_MSG_RESULT([no])]) 4496 ]) 4497 AC_CHECK_FUNCS([_getshort _getlong]) 4498 AC_CHECK_DECLS([_getshort, _getlong], , , 4499 [#include <sys/types.h> 4500 #include <arpa/nameser.h>]) 4501 AC_CHECK_MEMBER([HEADER.ad], 4502 [AC_DEFINE([HAVE_HEADER_AD], [1], 4503 [Define if HEADER.ad exists in arpa/nameser.h])], , 4504 [#include <arpa/nameser.h>]) 4505 ]) 4506 4507AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4508AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4509#include <stdio.h> 4510#if HAVE_SYS_TYPES_H 4511# include <sys/types.h> 4512#endif 4513#include <netinet/in.h> 4514#include <arpa/nameser.h> 4515#include <resolv.h> 4516extern struct __res_state _res; 4517 ]], [[ 4518struct __res_state *volatile p = &_res; /* force resolution of _res */ 4519return 0; 4520 ]],)], 4521 [AC_MSG_RESULT([yes]) 4522 AC_DEFINE([HAVE__RES_EXTERN], [1], 4523 [Define if you have struct __res_state _res as an extern]) 4524 ], 4525 [ AC_MSG_RESULT([no]) ] 4526) 4527 4528# Check whether user wants SELinux support 4529SELINUX_MSG="no" 4530LIBSELINUX="" 4531AC_ARG_WITH([selinux], 4532 [ --with-selinux Enable SELinux support], 4533 [ if test "x$withval" != "xno" ; then 4534 save_LIBS="$LIBS" 4535 AC_DEFINE([WITH_SELINUX], [1], 4536 [Define if you want SELinux support.]) 4537 SELINUX_MSG="yes" 4538 AC_CHECK_HEADER([selinux/selinux.h], , 4539 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4540 AC_CHECK_LIB([selinux], [setexeccon], 4541 [ LIBSELINUX="-lselinux" 4542 LIBS="$LIBS -lselinux" 4543 ], 4544 AC_MSG_ERROR([SELinux support requires libselinux library])) 4545 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4546 LIBS="$save_LIBS $LIBSELINUX" 4547 fi ] 4548) 4549AC_SUBST([SSHDLIBS]) 4550 4551# Check whether user wants Kerberos 5 support 4552KRB5_MSG="no" 4553AC_ARG_WITH([kerberos5], 4554 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4555 [ if test "x$withval" != "xno" ; then 4556 if test "x$withval" = "xyes" ; then 4557 KRB5ROOT="/usr/local" 4558 else 4559 KRB5ROOT=${withval} 4560 fi 4561 4562 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4563 KRB5_MSG="yes" 4564 4565 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4566 [$KRB5ROOT/bin/krb5-config], 4567 [$KRB5ROOT/bin:$PATH]) 4568 if test -x $KRB5CONF ; then 4569 K5CFLAGS="`$KRB5CONF --cflags`" 4570 K5LIBS="`$KRB5CONF --libs`" 4571 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4572 4573 AC_MSG_CHECKING([for gssapi support]) 4574 if $KRB5CONF | grep gssapi >/dev/null ; then 4575 AC_MSG_RESULT([yes]) 4576 AC_DEFINE([GSSAPI], [1], 4577 [Define this if you want GSSAPI 4578 support in the version 2 protocol]) 4579 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4580 GSSLIBS="`$KRB5CONF --libs gssapi`" 4581 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4582 else 4583 AC_MSG_RESULT([no]) 4584 fi 4585 AC_MSG_CHECKING([whether we are using Heimdal]) 4586 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4587 ]], [[ char *tmp = heimdal_version; ]])], 4588 [ AC_MSG_RESULT([yes]) 4589 AC_DEFINE([HEIMDAL], [1], 4590 [Define this if you are using the Heimdal 4591 version of Kerberos V5]) ], 4592 [AC_MSG_RESULT([no]) 4593 ]) 4594 else 4595 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4596 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4597 AC_MSG_CHECKING([whether we are using Heimdal]) 4598 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4599 ]], [[ char *tmp = heimdal_version; ]])], 4600 [ AC_MSG_RESULT([yes]) 4601 AC_DEFINE([HEIMDAL]) 4602 K5LIBS="-lkrb5" 4603 K5LIBS="$K5LIBS -lcom_err -lasn1" 4604 AC_CHECK_LIB([roken], [net_write], 4605 [K5LIBS="$K5LIBS -lroken"]) 4606 AC_CHECK_LIB([des], [des_cbc_encrypt], 4607 [K5LIBS="$K5LIBS -ldes"]) 4608 ], [ AC_MSG_RESULT([no]) 4609 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4610 ]) 4611 AC_SEARCH_LIBS([dn_expand], [resolv]) 4612 4613 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4614 [ AC_DEFINE([GSSAPI]) 4615 GSSLIBS="-lgssapi_krb5" ], 4616 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4617 [ AC_DEFINE([GSSAPI]) 4618 GSSLIBS="-lgssapi" ], 4619 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4620 [ AC_DEFINE([GSSAPI]) 4621 GSSLIBS="-lgss" ], 4622 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4623 ]) 4624 ]) 4625 4626 AC_CHECK_HEADER([gssapi.h], , 4627 [ unset ac_cv_header_gssapi_h 4628 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4629 AC_CHECK_HEADERS([gssapi.h], , 4630 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4631 ) 4632 ] 4633 ) 4634 4635 oldCPP="$CPPFLAGS" 4636 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4637 AC_CHECK_HEADER([gssapi_krb5.h], , 4638 [ CPPFLAGS="$oldCPP" ]) 4639 4640 fi 4641 if test -n "${rpath_opt}" ; then 4642 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4643 fi 4644 if test ! -z "$blibpath" ; then 4645 blibpath="$blibpath:${KRB5ROOT}/lib" 4646 fi 4647 4648 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4649 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4650 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4651 4652 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4653 [Define this if you want to use libkafs' AFS support])]) 4654 4655 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4656#ifdef HAVE_GSSAPI_H 4657# include <gssapi.h> 4658#elif defined(HAVE_GSSAPI_GSSAPI_H) 4659# include <gssapi/gssapi.h> 4660#endif 4661 4662#ifdef HAVE_GSSAPI_GENERIC_H 4663# include <gssapi_generic.h> 4664#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4665# include <gssapi/gssapi_generic.h> 4666#endif 4667 ]]) 4668 saved_LIBS="$LIBS" 4669 LIBS="$LIBS $K5LIBS" 4670 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4671 LIBS="$saved_LIBS" 4672 4673 fi 4674 ] 4675) 4676AC_SUBST([GSSLIBS]) 4677AC_SUBST([K5LIBS]) 4678 4679# Looking for programs, paths and files 4680 4681PRIVSEP_PATH=/var/empty 4682AC_ARG_WITH([privsep-path], 4683 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4684 [ 4685 if test -n "$withval" && test "x$withval" != "xno" && \ 4686 test "x${withval}" != "xyes"; then 4687 PRIVSEP_PATH=$withval 4688 fi 4689 ] 4690) 4691AC_SUBST([PRIVSEP_PATH]) 4692 4693AC_ARG_WITH([xauth], 4694 [ --with-xauth=PATH Specify path to xauth program ], 4695 [ 4696 if test -n "$withval" && test "x$withval" != "xno" && \ 4697 test "x${withval}" != "xyes"; then 4698 xauth_path=$withval 4699 fi 4700 ], 4701 [ 4702 TestPath="$PATH" 4703 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4704 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4705 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4706 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4707 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4708 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4709 xauth_path="/usr/openwin/bin/xauth" 4710 fi 4711 ] 4712) 4713 4714STRIP_OPT=-s 4715AC_ARG_ENABLE([strip], 4716 [ --disable-strip Disable calling strip(1) on install], 4717 [ 4718 if test "x$enableval" = "xno" ; then 4719 STRIP_OPT= 4720 fi 4721 ] 4722) 4723AC_SUBST([STRIP_OPT]) 4724 4725if test -z "$xauth_path" ; then 4726 XAUTH_PATH="undefined" 4727 AC_SUBST([XAUTH_PATH]) 4728else 4729 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4730 [Define if xauth is found in your path]) 4731 XAUTH_PATH=$xauth_path 4732 AC_SUBST([XAUTH_PATH]) 4733fi 4734 4735dnl # --with-maildir=/path/to/mail gets top priority. 4736dnl # if maildir is set in the platform case statement above we use that. 4737dnl # Otherwise we run a program to get the dir from system headers. 4738dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4739dnl # If we find _PATH_MAILDIR we do nothing because that is what 4740dnl # session.c expects anyway. Otherwise we set to the value found 4741dnl # stripping any trailing slash. If for some strage reason our program 4742dnl # does not find what it needs, we default to /var/spool/mail. 4743# Check for mail directory 4744AC_ARG_WITH([maildir], 4745 [ --with-maildir=/path/to/mail Specify your system mail directory], 4746 [ 4747 if test "X$withval" != X && test "x$withval" != xno && \ 4748 test "x${withval}" != xyes; then 4749 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4750 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4751 fi 4752 ],[ 4753 if test "X$maildir" != "X"; then 4754 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4755 else 4756 AC_MSG_CHECKING([Discovering system mail directory]) 4757 AC_RUN_IFELSE( 4758 [AC_LANG_PROGRAM([[ 4759#include <stdio.h> 4760#include <stdlib.h> 4761#include <string.h> 4762#ifdef HAVE_PATHS_H 4763#include <paths.h> 4764#endif 4765#ifdef HAVE_MAILLOCK_H 4766#include <maillock.h> 4767#endif 4768#define DATA "conftest.maildir" 4769 ]], [[ 4770 FILE *fd; 4771 int rc; 4772 4773 fd = fopen(DATA,"w"); 4774 if(fd == NULL) 4775 exit(1); 4776 4777#if defined (_PATH_MAILDIR) 4778 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4779 exit(1); 4780#elif defined (MAILDIR) 4781 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4782 exit(1); 4783#elif defined (_PATH_MAIL) 4784 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4785 exit(1); 4786#else 4787 exit (2); 4788#endif 4789 4790 exit(0); 4791 ]])], 4792 [ 4793 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4794 maildir=`awk -F: '{print $2}' conftest.maildir \ 4795 | sed 's|/$||'` 4796 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4797 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4798 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4799 fi 4800 ], 4801 [ 4802 if test "X$ac_status" = "X2";then 4803# our test program didn't find it. Default to /var/spool/mail 4804 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4805 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4806 else 4807 AC_MSG_RESULT([*** not found ***]) 4808 fi 4809 ], 4810 [ 4811 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4812 ] 4813 ) 4814 fi 4815 ] 4816) # maildir 4817 4818if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4819 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4820 disable_ptmx_check=yes 4821fi 4822if test -z "$no_dev_ptmx" ; then 4823 if test "x$disable_ptmx_check" != "xyes" ; then 4824 AC_CHECK_FILE(["/dev/ptmx"], 4825 [ 4826 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4827 [Define if you have /dev/ptmx]) 4828 have_dev_ptmx=1 4829 ] 4830 ) 4831 fi 4832fi 4833 4834if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4835 AC_CHECK_FILE(["/dev/ptc"], 4836 [ 4837 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4838 [Define if you have /dev/ptc]) 4839 have_dev_ptc=1 4840 ] 4841 ) 4842else 4843 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4844fi 4845 4846# Options from here on. Some of these are preset by platform above 4847AC_ARG_WITH([mantype], 4848 [ --with-mantype=man|cat|doc Set man page type], 4849 [ 4850 case "$withval" in 4851 man|cat|doc) 4852 MANTYPE=$withval 4853 ;; 4854 *) 4855 AC_MSG_ERROR([invalid man type: $withval]) 4856 ;; 4857 esac 4858 ] 4859) 4860if test -z "$MANTYPE"; then 4861 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 4862 MANTYPE=doc 4863 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4864 MANTYPE=doc 4865 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4866 MANTYPE=man 4867 else 4868 MANTYPE=cat 4869 fi 4870fi 4871AC_SUBST([MANTYPE]) 4872if test "$MANTYPE" = "doc"; then 4873 mansubdir=man; 4874else 4875 mansubdir=$MANTYPE; 4876fi 4877AC_SUBST([mansubdir]) 4878 4879# Check whether to enable MD5 passwords 4880MD5_MSG="no" 4881AC_ARG_WITH([md5-passwords], 4882 [ --with-md5-passwords Enable use of MD5 passwords], 4883 [ 4884 if test "x$withval" != "xno" ; then 4885 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4886 [Define if you want to allow MD5 passwords]) 4887 MD5_MSG="yes" 4888 fi 4889 ] 4890) 4891 4892# Whether to disable shadow password support 4893AC_ARG_WITH([shadow], 4894 [ --without-shadow Disable shadow password support], 4895 [ 4896 if test "x$withval" = "xno" ; then 4897 AC_DEFINE([DISABLE_SHADOW]) 4898 disable_shadow=yes 4899 fi 4900 ] 4901) 4902 4903if test -z "$disable_shadow" ; then 4904 AC_MSG_CHECKING([if the systems has expire shadow information]) 4905 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4906#include <sys/types.h> 4907#include <shadow.h> 4908struct spwd sp; 4909 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4910 [ sp_expire_available=yes ], [ 4911 ]) 4912 4913 if test "x$sp_expire_available" = "xyes" ; then 4914 AC_MSG_RESULT([yes]) 4915 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4916 [Define if you want to use shadow password expire field]) 4917 else 4918 AC_MSG_RESULT([no]) 4919 fi 4920fi 4921 4922# Use ip address instead of hostname in $DISPLAY 4923if test ! -z "$IPADDR_IN_DISPLAY" ; then 4924 DISPLAY_HACK_MSG="yes" 4925 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4926 [Define if you need to use IP address 4927 instead of hostname in $DISPLAY]) 4928else 4929 DISPLAY_HACK_MSG="no" 4930 AC_ARG_WITH([ipaddr-display], 4931 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 4932 [ 4933 if test "x$withval" != "xno" ; then 4934 AC_DEFINE([IPADDR_IN_DISPLAY]) 4935 DISPLAY_HACK_MSG="yes" 4936 fi 4937 ] 4938 ) 4939fi 4940 4941# check for /etc/default/login and use it if present. 4942AC_ARG_ENABLE([etc-default-login], 4943 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4944 [ if test "x$enableval" = "xno"; then 4945 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4946 etc_default_login=no 4947 else 4948 etc_default_login=yes 4949 fi ], 4950 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4951 then 4952 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4953 etc_default_login=no 4954 else 4955 etc_default_login=yes 4956 fi ] 4957) 4958 4959if test "x$etc_default_login" != "xno"; then 4960 AC_CHECK_FILE(["/etc/default/login"], 4961 [ external_path_file=/etc/default/login ]) 4962 if test "x$external_path_file" = "x/etc/default/login"; then 4963 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4964 [Define if your system has /etc/default/login]) 4965 fi 4966fi 4967 4968dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4969if test $ac_cv_func_login_getcapbool = "yes" && \ 4970 test $ac_cv_header_login_cap_h = "yes" ; then 4971 external_path_file=/etc/login.conf 4972fi 4973 4974# Whether to mess with the default path 4975SERVER_PATH_MSG="(default)" 4976AC_ARG_WITH([default-path], 4977 [ --with-default-path= Specify default $PATH environment for server], 4978 [ 4979 if test "x$external_path_file" = "x/etc/login.conf" ; then 4980 AC_MSG_WARN([ 4981--with-default-path=PATH has no effect on this system. 4982Edit /etc/login.conf instead.]) 4983 elif test "x$withval" != "xno" ; then 4984 if test ! -z "$external_path_file" ; then 4985 AC_MSG_WARN([ 4986--with-default-path=PATH will only be used if PATH is not defined in 4987$external_path_file .]) 4988 fi 4989 user_path="$withval" 4990 SERVER_PATH_MSG="$withval" 4991 fi 4992 ], 4993 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 4994 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 4995 else 4996 if test ! -z "$external_path_file" ; then 4997 AC_MSG_WARN([ 4998If PATH is defined in $external_path_file, ensure the path to scp is included, 4999otherwise scp will not work.]) 5000 fi 5001 AC_RUN_IFELSE( 5002 [AC_LANG_PROGRAM([[ 5003/* find out what STDPATH is */ 5004#include <stdio.h> 5005#include <stdlib.h> 5006#ifdef HAVE_PATHS_H 5007# include <paths.h> 5008#endif 5009#ifndef _PATH_STDPATH 5010# ifdef _PATH_USERPATH /* Irix */ 5011# define _PATH_STDPATH _PATH_USERPATH 5012# else 5013# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 5014# endif 5015#endif 5016#include <sys/types.h> 5017#include <sys/stat.h> 5018#include <fcntl.h> 5019#define DATA "conftest.stdpath" 5020 ]], [[ 5021 FILE *fd; 5022 int rc; 5023 5024 fd = fopen(DATA,"w"); 5025 if(fd == NULL) 5026 exit(1); 5027 5028 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5029 exit(1); 5030 5031 exit(0); 5032 ]])], 5033 [ user_path=`cat conftest.stdpath` ], 5034 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5035 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5036 ) 5037# make sure $bindir is in USER_PATH so scp will work 5038 t_bindir="${bindir}" 5039 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5040 t_bindir=`eval echo ${t_bindir}` 5041 case $t_bindir in 5042 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5043 esac 5044 case $t_bindir in 5045 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5046 esac 5047 done 5048 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5049 if test $? -ne 0 ; then 5050 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5051 if test $? -ne 0 ; then 5052 user_path=$user_path:$t_bindir 5053 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5054 fi 5055 fi 5056 fi ] 5057) 5058if test "x$external_path_file" != "x/etc/login.conf" ; then 5059 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5060 AC_SUBST([user_path]) 5061fi 5062 5063# Set superuser path separately to user path 5064AC_ARG_WITH([superuser-path], 5065 [ --with-superuser-path= Specify different path for super-user], 5066 [ 5067 if test -n "$withval" && test "x$withval" != "xno" && \ 5068 test "x${withval}" != "xyes"; then 5069 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5070 [Define if you want a different $PATH 5071 for the superuser]) 5072 superuser_path=$withval 5073 fi 5074 ] 5075) 5076 5077 5078AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5079IPV4_IN6_HACK_MSG="no" 5080AC_ARG_WITH(4in6, 5081 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5082 [ 5083 if test "x$withval" != "xno" ; then 5084 AC_MSG_RESULT([yes]) 5085 AC_DEFINE([IPV4_IN_IPV6], [1], 5086 [Detect IPv4 in IPv6 mapped addresses 5087 and treat as IPv4]) 5088 IPV4_IN6_HACK_MSG="yes" 5089 else 5090 AC_MSG_RESULT([no]) 5091 fi 5092 ], [ 5093 if test "x$inet6_default_4in6" = "xyes"; then 5094 AC_MSG_RESULT([yes (default)]) 5095 AC_DEFINE([IPV4_IN_IPV6]) 5096 IPV4_IN6_HACK_MSG="yes" 5097 else 5098 AC_MSG_RESULT([no (default)]) 5099 fi 5100 ] 5101) 5102 5103# Whether to enable BSD auth support 5104BSD_AUTH_MSG=no 5105AC_ARG_WITH([bsd-auth], 5106 [ --with-bsd-auth Enable BSD auth support], 5107 [ 5108 if test "x$withval" != "xno" ; then 5109 AC_DEFINE([BSD_AUTH], [1], 5110 [Define if you have BSD auth support]) 5111 BSD_AUTH_MSG=yes 5112 fi 5113 ] 5114) 5115 5116# Where to place sshd.pid 5117piddir=/var/run 5118# make sure the directory exists 5119if test ! -d $piddir ; then 5120 piddir=`eval echo ${sysconfdir}` 5121 case $piddir in 5122 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5123 esac 5124fi 5125 5126AC_ARG_WITH([pid-dir], 5127 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5128 [ 5129 if test -n "$withval" && test "x$withval" != "xno" && \ 5130 test "x${withval}" != "xyes"; then 5131 piddir=$withval 5132 if test ! -d $piddir ; then 5133 AC_MSG_WARN([** no $piddir directory on this system **]) 5134 fi 5135 fi 5136 ] 5137) 5138 5139AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5140 [Specify location of ssh.pid]) 5141AC_SUBST([piddir]) 5142 5143dnl allow user to disable some login recording features 5144AC_ARG_ENABLE([lastlog], 5145 [ --disable-lastlog disable use of lastlog even if detected [no]], 5146 [ 5147 if test "x$enableval" = "xno" ; then 5148 AC_DEFINE([DISABLE_LASTLOG]) 5149 fi 5150 ] 5151) 5152AC_ARG_ENABLE([utmp], 5153 [ --disable-utmp disable use of utmp even if detected [no]], 5154 [ 5155 if test "x$enableval" = "xno" ; then 5156 AC_DEFINE([DISABLE_UTMP]) 5157 fi 5158 ] 5159) 5160AC_ARG_ENABLE([utmpx], 5161 [ --disable-utmpx disable use of utmpx even if detected [no]], 5162 [ 5163 if test "x$enableval" = "xno" ; then 5164 AC_DEFINE([DISABLE_UTMPX], [1], 5165 [Define if you don't want to use utmpx]) 5166 fi 5167 ] 5168) 5169AC_ARG_ENABLE([wtmp], 5170 [ --disable-wtmp disable use of wtmp even if detected [no]], 5171 [ 5172 if test "x$enableval" = "xno" ; then 5173 AC_DEFINE([DISABLE_WTMP]) 5174 fi 5175 ] 5176) 5177AC_ARG_ENABLE([wtmpx], 5178 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5179 [ 5180 if test "x$enableval" = "xno" ; then 5181 AC_DEFINE([DISABLE_WTMPX], [1], 5182 [Define if you don't want to use wtmpx]) 5183 fi 5184 ] 5185) 5186AC_ARG_ENABLE([libutil], 5187 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5188 [ 5189 if test "x$enableval" = "xno" ; then 5190 AC_DEFINE([DISABLE_LOGIN]) 5191 fi 5192 ] 5193) 5194AC_ARG_ENABLE([pututline], 5195 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5196 [ 5197 if test "x$enableval" = "xno" ; then 5198 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5199 [Define if you don't want to use pututline() 5200 etc. to write [uw]tmp]) 5201 fi 5202 ] 5203) 5204AC_ARG_ENABLE([pututxline], 5205 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5206 [ 5207 if test "x$enableval" = "xno" ; then 5208 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5209 [Define if you don't want to use pututxline() 5210 etc. to write [uw]tmpx]) 5211 fi 5212 ] 5213) 5214AC_ARG_WITH([lastlog], 5215 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5216 [ 5217 if test "x$withval" = "xno" ; then 5218 AC_DEFINE([DISABLE_LASTLOG]) 5219 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5220 conf_lastlog_location=$withval 5221 fi 5222 ] 5223) 5224 5225dnl lastlog, [uw]tmpx? detection 5226dnl NOTE: set the paths in the platform section to avoid the 5227dnl need for command-line parameters 5228dnl lastlog and [uw]tmp are subject to a file search if all else fails 5229 5230dnl lastlog detection 5231dnl NOTE: the code itself will detect if lastlog is a directory 5232AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5233AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5234#include <sys/types.h> 5235#include <utmp.h> 5236#ifdef HAVE_LASTLOG_H 5237# include <lastlog.h> 5238#endif 5239#ifdef HAVE_PATHS_H 5240# include <paths.h> 5241#endif 5242#ifdef HAVE_LOGIN_H 5243# include <login.h> 5244#endif 5245 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5246 [ AC_MSG_RESULT([yes]) ], 5247 [ 5248 AC_MSG_RESULT([no]) 5249 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5250 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5251#include <sys/types.h> 5252#include <utmp.h> 5253#ifdef HAVE_LASTLOG_H 5254# include <lastlog.h> 5255#endif 5256#ifdef HAVE_PATHS_H 5257# include <paths.h> 5258#endif 5259 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5260 [ AC_MSG_RESULT([yes]) ], 5261 [ 5262 AC_MSG_RESULT([no]) 5263 system_lastlog_path=no 5264 ]) 5265]) 5266 5267if test -z "$conf_lastlog_location"; then 5268 if test x"$system_lastlog_path" = x"no" ; then 5269 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5270 if (test -d "$f" || test -f "$f") ; then 5271 conf_lastlog_location=$f 5272 fi 5273 done 5274 if test -z "$conf_lastlog_location"; then 5275 AC_MSG_WARN([** Cannot find lastlog **]) 5276 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5277 fi 5278 fi 5279fi 5280 5281if test -n "$conf_lastlog_location"; then 5282 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5283 [Define if you want to specify the path to your lastlog file]) 5284fi 5285 5286dnl utmp detection 5287AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5288AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5289#include <sys/types.h> 5290#include <utmp.h> 5291#ifdef HAVE_PATHS_H 5292# include <paths.h> 5293#endif 5294 ]], [[ char *utmp = UTMP_FILE; ]])], 5295 [ AC_MSG_RESULT([yes]) ], 5296 [ AC_MSG_RESULT([no]) 5297 system_utmp_path=no 5298]) 5299if test -z "$conf_utmp_location"; then 5300 if test x"$system_utmp_path" = x"no" ; then 5301 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5302 if test -f $f ; then 5303 conf_utmp_location=$f 5304 fi 5305 done 5306 if test -z "$conf_utmp_location"; then 5307 AC_DEFINE([DISABLE_UTMP]) 5308 fi 5309 fi 5310fi 5311if test -n "$conf_utmp_location"; then 5312 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5313 [Define if you want to specify the path to your utmp file]) 5314fi 5315 5316dnl wtmp detection 5317AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5318AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5319#include <sys/types.h> 5320#include <utmp.h> 5321#ifdef HAVE_PATHS_H 5322# include <paths.h> 5323#endif 5324 ]], [[ char *wtmp = WTMP_FILE; ]])], 5325 [ AC_MSG_RESULT([yes]) ], 5326 [ AC_MSG_RESULT([no]) 5327 system_wtmp_path=no 5328]) 5329if test -z "$conf_wtmp_location"; then 5330 if test x"$system_wtmp_path" = x"no" ; then 5331 for f in /usr/adm/wtmp /var/log/wtmp; do 5332 if test -f $f ; then 5333 conf_wtmp_location=$f 5334 fi 5335 done 5336 if test -z "$conf_wtmp_location"; then 5337 AC_DEFINE([DISABLE_WTMP]) 5338 fi 5339 fi 5340fi 5341if test -n "$conf_wtmp_location"; then 5342 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5343 [Define if you want to specify the path to your wtmp file]) 5344fi 5345 5346dnl wtmpx detection 5347AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5348AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5349#include <sys/types.h> 5350#include <utmp.h> 5351#ifdef HAVE_UTMPX_H 5352#include <utmpx.h> 5353#endif 5354#ifdef HAVE_PATHS_H 5355# include <paths.h> 5356#endif 5357 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5358 [ AC_MSG_RESULT([yes]) ], 5359 [ AC_MSG_RESULT([no]) 5360 system_wtmpx_path=no 5361]) 5362if test -z "$conf_wtmpx_location"; then 5363 if test x"$system_wtmpx_path" = x"no" ; then 5364 AC_DEFINE([DISABLE_WTMPX]) 5365 fi 5366else 5367 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5368 [Define if you want to specify the path to your wtmpx file]) 5369fi 5370 5371 5372if test ! -z "$blibpath" ; then 5373 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5374 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5375fi 5376 5377AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5378 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5379 AC_DEFINE([DISABLE_LASTLOG]) 5380 fi 5381 ], [ 5382#ifdef HAVE_SYS_TYPES_H 5383#include <sys/types.h> 5384#endif 5385#ifdef HAVE_UTMP_H 5386#include <utmp.h> 5387#endif 5388#ifdef HAVE_UTMPX_H 5389#include <utmpx.h> 5390#endif 5391#ifdef HAVE_LASTLOG_H 5392#include <lastlog.h> 5393#endif 5394 ]) 5395 5396AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5397 AC_DEFINE([DISABLE_UTMP]) 5398 AC_DEFINE([DISABLE_WTMP]) 5399 ], [ 5400#ifdef HAVE_SYS_TYPES_H 5401#include <sys/types.h> 5402#endif 5403#ifdef HAVE_UTMP_H 5404#include <utmp.h> 5405#endif 5406#ifdef HAVE_UTMPX_H 5407#include <utmpx.h> 5408#endif 5409#ifdef HAVE_LASTLOG_H 5410#include <lastlog.h> 5411#endif 5412 ]) 5413 5414dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5415dnl Add now. 5416CFLAGS="$CFLAGS $werror_flags" 5417 5418if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5419 TEST_SSH_IPV6=no 5420else 5421 TEST_SSH_IPV6=yes 5422fi 5423AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5424AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5425AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5426AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5427AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5428AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5429 5430CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5431LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5432 5433# Make a copy of CFLAGS/LDFLAGS without PIE options. 5434LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5435CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5436AC_SUBST([LDFLAGS_NOPIE]) 5437AC_SUBST([CFLAGS_NOPIE]) 5438 5439AC_EXEEXT 5440AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5441 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5442 survey.sh]) 5443AC_OUTPUT 5444 5445# Print summary of options 5446 5447# Someone please show me a better way :) 5448A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5449B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5450C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5451D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5452E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5453F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5454G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5455H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5456I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5457J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5458 5459echo "" 5460echo "OpenSSH has been configured with the following options:" 5461echo " User binaries: $B" 5462echo " System binaries: $C" 5463echo " Configuration files: $D" 5464echo " Askpass program: $E" 5465echo " Manual pages: $F" 5466echo " PID file: $G" 5467echo " Privilege separation chroot path: $H" 5468if test "x$external_path_file" = "x/etc/login.conf" ; then 5469echo " At runtime, sshd will use the path defined in $external_path_file" 5470echo " Make sure the path to scp is present, otherwise scp will not work" 5471else 5472echo " sshd default user PATH: $I" 5473 if test ! -z "$external_path_file"; then 5474echo " (If PATH is set in $external_path_file it will be used instead. If" 5475echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5476 fi 5477fi 5478if test ! -z "$superuser_path" ; then 5479echo " sshd superuser user PATH: $J" 5480fi 5481echo " Manpage format: $MANTYPE" 5482echo " PAM support: $PAM_MSG" 5483echo " OSF SIA support: $SIA_MSG" 5484echo " KerberosV support: $KRB5_MSG" 5485echo " SELinux support: $SELINUX_MSG" 5486echo " MD5 password support: $MD5_MSG" 5487echo " libedit support: $LIBEDIT_MSG" 5488echo " libldns support: $LDNS_MSG" 5489echo " Solaris process contract support: $SPC_MSG" 5490echo " Solaris project support: $SP_MSG" 5491echo " Solaris privilege support: $SPP_MSG" 5492echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5493echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5494echo " BSD Auth support: $BSD_AUTH_MSG" 5495echo " Random number source: $RAND_MSG" 5496echo " Privsep sandbox style: $SANDBOX_STYLE" 5497echo " PKCS#11 support: $enable_pkcs11" 5498echo " U2F/FIDO support: $enable_sk" 5499 5500echo "" 5501 5502echo " Host: ${host}" 5503echo " Compiler: ${CC}" 5504echo " Compiler flags: ${CFLAGS}" 5505echo "Preprocessor flags: ${CPPFLAGS}" 5506echo " Linker flags: ${LDFLAGS}" 5507echo " Libraries: ${LIBS}" 5508if test ! -z "${SSHDLIBS}"; then 5509echo " +for sshd: ${SSHDLIBS}" 5510fi 5511 5512echo "" 5513 5514if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5515 echo "SVR4 style packages are supported with \"make package\"" 5516 echo "" 5517fi 5518 5519if test "x$PAM_MSG" = "xyes" ; then 5520 echo "PAM is enabled. You may need to install a PAM control file " 5521 echo "for sshd, otherwise password authentication may fail. " 5522 echo "Example PAM control files can be found in the contrib/ " 5523 echo "subdirectory" 5524 echo "" 5525fi 5526 5527if test ! -z "$NO_PEERCHECK" ; then 5528 echo "WARNING: the operating system that you are using does not" 5529 echo "appear to support getpeereid(), getpeerucred() or the" 5530 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5531 echo "enforce security checks to prevent unauthorised connections to" 5532 echo "ssh-agent. Their absence increases the risk that a malicious" 5533 echo "user can connect to your agent." 5534 echo "" 5535fi 5536 5537if test "$AUDIT_MODULE" = "bsm" ; then 5538 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5539 echo "See the Solaris section in README.platform for details." 5540fi 5541