1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_CONFIG_MACRO_DIR([m4]) 18AC_CONFIG_SRCDIR([ssh.c]) 19AC_LANG([C]) 20 21AC_CONFIG_HEADER([config.h]) 22AC_PROG_CC([cc gcc]) 23AC_CANONICAL_HOST 24AC_C_BIGENDIAN 25AC_PROG_CC_C99 26 27# XXX relax this after reimplementing logit() etc. 28if test "x$ac_cv_prog_cc_c99" = "xno" ; then 29 AC_MSG_ERROR([*** OpenSSH requires a C99 capable compiler ***]) 30fi 31 32# Checks for programs. 33AC_PROG_AWK 34AC_PROG_CPP 35AC_PROG_RANLIB 36AC_PROG_INSTALL 37AC_PROG_EGREP 38AC_PROG_MKDIR_P 39AC_CHECK_TOOLS([AR], [ar]) 40AC_PATH_PROG([CAT], [cat]) 41AC_PATH_PROG([KILL], [kill]) 42AC_PATH_PROG([SED], [sed]) 43AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 44AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 45AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 46AC_PATH_PROG([SH], [sh]) 47AC_PATH_PROG([GROFF], [groff]) 48AC_PATH_PROG([NROFF], [nroff awf]) 49AC_PATH_PROG([MANDOC], [mandoc]) 50AC_SUBST([TEST_SHELL], [sh]) 51 52dnl select manpage formatter to be used to build "cat" format pages. 53if test "x$MANDOC" != "x" ; then 54 MANFMT="$MANDOC" 55elif test "x$NROFF" != "x" ; then 56 MANFMT="$NROFF -mandoc" 57elif test "x$GROFF" != "x" ; then 58 MANFMT="$GROFF -mandoc -Tascii" 59else 60 AC_MSG_WARN([no manpage formatter found]) 61 MANFMT="false" 62fi 63AC_SUBST([MANFMT]) 64 65dnl for buildpkg.sh 66AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 67 [/usr/sbin${PATH_SEPARATOR}/etc]) 68AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 69 [/usr/sbin${PATH_SEPARATOR}/etc]) 70AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 71if test -x /sbin/sh; then 72 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 73else 74 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 75fi 76 77# System features 78AC_SYS_LARGEFILE 79 80if test -z "$AR" ; then 81 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 82fi 83 84AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 85if test ! -z "$PATH_PASSWD_PROG" ; then 86 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 87 [Full path of your "passwd" program]) 88fi 89 90dnl Since autoconf doesn't support it very well, we no longer allow users to 91dnl override LD, however keeping the hook here for now in case there's a use 92dnl use case we overlooked and someone needs to re-enable it. Unless a good 93dnl reason is found we'll be removing this in future. 94LD="$CC" 95AC_SUBST([LD]) 96 97AC_C_INLINE 98 99AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 100AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 101AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 102 #include <sys/types.h> 103 #include <sys/param.h> 104 #include <dev/systrace.h> 105]) 106AC_CHECK_DECL([RLIMIT_NPROC], 107 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 108 #include <sys/types.h> 109 #include <sys/resource.h> 110]) 111AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 112 #include <sys/types.h> 113 #include <linux/prctl.h> 114]) 115 116openssl=yes 117AC_ARG_WITH([openssl], 118 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 119 [ if test "x$withval" = "xno" ; then 120 openssl=no 121 fi 122 ] 123) 124AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 125if test "x$openssl" = "xyes" ; then 126 AC_MSG_RESULT([yes]) 127 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 128else 129 AC_MSG_RESULT([no]) 130fi 131 132use_stack_protector=1 133use_toolchain_hardening=1 134AC_ARG_WITH([stackprotect], 135 [ --without-stackprotect Don't use compiler's stack protection], [ 136 if test "x$withval" = "xno"; then 137 use_stack_protector=0 138 fi ]) 139AC_ARG_WITH([hardening], 140 [ --without-hardening Don't use toolchain hardening flags], [ 141 if test "x$withval" = "xno"; then 142 use_toolchain_hardening=0 143 fi ]) 144 145# We use -Werror for the tests only so that we catch warnings like "this is 146# on by default" for things like -fPIE. 147AC_MSG_CHECKING([if $CC supports -Werror]) 148saved_CFLAGS="$CFLAGS" 149CFLAGS="$CFLAGS -Werror" 150AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 151 [ AC_MSG_RESULT([yes]) 152 WERROR="-Werror"], 153 [ AC_MSG_RESULT([no]) 154 WERROR="" ] 155) 156CFLAGS="$saved_CFLAGS" 157 158if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 159 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 160 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 161 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 162 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 163 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 164 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 165 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 166 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 167 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 168 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 169 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 170 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 171 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 172 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 173 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 174 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 175 if test "x$use_toolchain_hardening" = "x1"; then 176 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 177 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 178 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 179 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 180 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 181 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 182 # NB. -ftrapv expects certain support functions to be present in 183 # the compiler library (libgcc or similar) to detect integer operations 184 # that can overflow. We must check that the result of enabling it 185 # actually links. The test program compiled/linked includes a number 186 # of integer operations that should exercise this. 187 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 188 fi 189 AC_MSG_CHECKING([gcc version]) 190 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 191 case $GCC_VER in 192 1.*) no_attrib_nonnull=1 ;; 193 2.8* | 2.9*) 194 no_attrib_nonnull=1 195 ;; 196 2.*) no_attrib_nonnull=1 ;; 197 *) ;; 198 esac 199 AC_MSG_RESULT([$GCC_VER]) 200 201 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 202 saved_CFLAGS="$CFLAGS" 203 CFLAGS="$CFLAGS -fno-builtin-memset" 204 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 205 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 206 [ AC_MSG_RESULT([yes]) ], 207 [ AC_MSG_RESULT([no]) 208 CFLAGS="$saved_CFLAGS" ] 209 ) 210 211 # -fstack-protector-all doesn't always work for some GCC versions 212 # and/or platforms, so we test if we can. If it's not supported 213 # on a given platform gcc will emit a warning so we use -Werror. 214 if test "x$use_stack_protector" = "x1"; then 215 for t in -fstack-protector-strong -fstack-protector-all \ 216 -fstack-protector; do 217 AC_MSG_CHECKING([if $CC supports $t]) 218 saved_CFLAGS="$CFLAGS" 219 saved_LDFLAGS="$LDFLAGS" 220 CFLAGS="$CFLAGS $t -Werror" 221 LDFLAGS="$LDFLAGS $t -Werror" 222 AC_LINK_IFELSE( 223 [AC_LANG_PROGRAM([[ 224 #include <stdio.h> 225 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 226 ]], 227 [[ 228 char x[256]; 229 snprintf(x, sizeof(x), "XXX%d", func(1)); 230 ]])], 231 [ AC_MSG_RESULT([yes]) 232 CFLAGS="$saved_CFLAGS $t" 233 LDFLAGS="$saved_LDFLAGS $t" 234 AC_MSG_CHECKING([if $t works]) 235 AC_RUN_IFELSE( 236 [AC_LANG_PROGRAM([[ 237 #include <stdio.h> 238 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 239 ]], 240 [[ 241 char x[256]; 242 snprintf(x, sizeof(x), "XXX%d", func(1)); 243 ]])], 244 [ AC_MSG_RESULT([yes]) 245 break ], 246 [ AC_MSG_RESULT([no]) ], 247 [ AC_MSG_WARN([cross compiling: cannot test]) 248 break ] 249 ) 250 ], 251 [ AC_MSG_RESULT([no]) ] 252 ) 253 CFLAGS="$saved_CFLAGS" 254 LDFLAGS="$saved_LDFLAGS" 255 done 256 fi 257 258 if test -z "$have_llong_max"; then 259 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 260 unset ac_cv_have_decl_LLONG_MAX 261 saved_CFLAGS="$CFLAGS" 262 CFLAGS="$CFLAGS -std=gnu99" 263 AC_CHECK_DECL([LLONG_MAX], 264 [have_llong_max=1], 265 [CFLAGS="$saved_CFLAGS"], 266 [#include <limits.h>] 267 ) 268 fi 269fi 270 271AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 272AC_COMPILE_IFELSE( 273 [AC_LANG_PROGRAM([[ 274#include <stdlib.h> 275__attribute__((__unused__)) static void foo(void){return;}]], 276 [[ exit(0); ]])], 277 [ AC_MSG_RESULT([yes]) ], 278 [ AC_MSG_RESULT([no]) 279 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 280 [compiler does not accept __attribute__ on return types]) ] 281) 282 283AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 284AC_COMPILE_IFELSE( 285 [AC_LANG_PROGRAM([[ 286#include <stdlib.h> 287typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 288 [[ exit(0); ]])], 289 [ AC_MSG_RESULT([yes]) ], 290 [ AC_MSG_RESULT([no]) 291 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 292 [compiler does not accept __attribute__ on prototype args]) ] 293) 294 295if test "x$no_attrib_nonnull" != "x1" ; then 296 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 297fi 298 299AC_ARG_WITH([rpath], 300 [ --without-rpath Disable auto-added -R linker paths], 301 [ 302 if test "x$withval" = "xno" ; then 303 rpath_opt="" 304 elif test "x$withval" = "xyes" ; then 305 rpath_opt="-R" 306 else 307 rpath_opt="$withval" 308 fi 309 ] 310) 311 312# Allow user to specify flags 313AC_ARG_WITH([cflags], 314 [ --with-cflags Specify additional flags to pass to compiler], 315 [ 316 if test -n "$withval" && test "x$withval" != "xno" && \ 317 test "x${withval}" != "xyes"; then 318 CFLAGS="$CFLAGS $withval" 319 fi 320 ] 321) 322 323AC_ARG_WITH([cflags-after], 324 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 325 [ 326 if test -n "$withval" && test "x$withval" != "xno" && \ 327 test "x${withval}" != "xyes"; then 328 CFLAGS_AFTER="$withval" 329 fi 330 ] 331) 332AC_ARG_WITH([cppflags], 333 [ --with-cppflags Specify additional flags to pass to preprocessor] , 334 [ 335 if test -n "$withval" && test "x$withval" != "xno" && \ 336 test "x${withval}" != "xyes"; then 337 CPPFLAGS="$CPPFLAGS $withval" 338 fi 339 ] 340) 341AC_ARG_WITH([ldflags], 342 [ --with-ldflags Specify additional flags to pass to linker], 343 [ 344 if test -n "$withval" && test "x$withval" != "xno" && \ 345 test "x${withval}" != "xyes"; then 346 LDFLAGS="$LDFLAGS $withval" 347 fi 348 ] 349) 350AC_ARG_WITH([ldflags-after], 351 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 352 [ 353 if test -n "$withval" && test "x$withval" != "xno" && \ 354 test "x${withval}" != "xyes"; then 355 LDFLAGS_AFTER="$withval" 356 fi 357 ] 358) 359AC_ARG_WITH([libs], 360 [ --with-libs Specify additional libraries to link with], 361 [ 362 if test -n "$withval" && test "x$withval" != "xno" && \ 363 test "x${withval}" != "xyes"; then 364 LIBS="$LIBS $withval" 365 fi 366 ] 367) 368AC_ARG_WITH([Werror], 369 [ --with-Werror Build main code with -Werror], 370 [ 371 if test -n "$withval" && test "x$withval" != "xno"; then 372 werror_flags="-Werror" 373 if test "x${withval}" != "xyes"; then 374 werror_flags="$withval" 375 fi 376 fi 377 ] 378) 379 380AC_CHECK_HEADERS([ \ 381 blf.h \ 382 bstring.h \ 383 crypt.h \ 384 crypto/sha2.h \ 385 dirent.h \ 386 endian.h \ 387 elf.h \ 388 err.h \ 389 features.h \ 390 fcntl.h \ 391 floatingpoint.h \ 392 fnmatch.h \ 393 getopt.h \ 394 glob.h \ 395 ia.h \ 396 iaf.h \ 397 ifaddrs.h \ 398 inttypes.h \ 399 langinfo.h \ 400 limits.h \ 401 locale.h \ 402 login.h \ 403 maillock.h \ 404 ndir.h \ 405 net/if_tun.h \ 406 netdb.h \ 407 netgroup.h \ 408 pam/pam_appl.h \ 409 paths.h \ 410 poll.h \ 411 pty.h \ 412 readpassphrase.h \ 413 rpc/types.h \ 414 security/pam_appl.h \ 415 sha2.h \ 416 shadow.h \ 417 stddef.h \ 418 stdint.h \ 419 string.h \ 420 strings.h \ 421 sys/bitypes.h \ 422 sys/byteorder.h \ 423 sys/bsdtty.h \ 424 sys/cdefs.h \ 425 sys/dir.h \ 426 sys/file.h \ 427 sys/mman.h \ 428 sys/label.h \ 429 sys/ndir.h \ 430 sys/poll.h \ 431 sys/prctl.h \ 432 sys/pstat.h \ 433 sys/ptrace.h \ 434 sys/random.h \ 435 sys/select.h \ 436 sys/stat.h \ 437 sys/stream.h \ 438 sys/stropts.h \ 439 sys/strtio.h \ 440 sys/statvfs.h \ 441 sys/sysmacros.h \ 442 sys/time.h \ 443 sys/timers.h \ 444 sys/vfs.h \ 445 time.h \ 446 tmpdir.h \ 447 ttyent.h \ 448 ucred.h \ 449 unistd.h \ 450 usersec.h \ 451 util.h \ 452 utime.h \ 453 utmp.h \ 454 utmpx.h \ 455 vis.h \ 456 wchar.h \ 457]) 458 459# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 460# to be included first. 461AC_CHECK_HEADERS([sys/audit.h], [], [], [ 462#ifdef HAVE_SYS_TIME_H 463# include <sys/time.h> 464#endif 465#ifdef HAVE_SYS_TYPES_H 466# include <sys/types.h> 467#endif 468#ifdef HAVE_SYS_LABEL_H 469# include <sys/label.h> 470#endif 471]) 472 473# sys/capsicum.h requires sys/types.h 474AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ 475#ifdef HAVE_SYS_TYPES_H 476# include <sys/types.h> 477#endif 478]) 479 480# net/route.h requires sys/socket.h and sys/types.h. 481# sys/sysctl.h also requires sys/param.h 482AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 483#ifdef HAVE_SYS_TYPES_H 484# include <sys/types.h> 485#endif 486#include <sys/param.h> 487#include <sys/socket.h> 488]) 489 490# lastlog.h requires sys/time.h to be included first on Solaris 491AC_CHECK_HEADERS([lastlog.h], [], [], [ 492#ifdef HAVE_SYS_TIME_H 493# include <sys/time.h> 494#endif 495]) 496 497# sys/ptms.h requires sys/stream.h to be included first on Solaris 498AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 499#ifdef HAVE_SYS_STREAM_H 500# include <sys/stream.h> 501#endif 502]) 503 504# login_cap.h requires sys/types.h on NetBSD 505AC_CHECK_HEADERS([login_cap.h], [], [], [ 506#include <sys/types.h> 507]) 508 509# older BSDs need sys/param.h before sys/mount.h 510AC_CHECK_HEADERS([sys/mount.h], [], [], [ 511#include <sys/param.h> 512]) 513 514# Android requires sys/socket.h to be included before sys/un.h 515AC_CHECK_HEADERS([sys/un.h], [], [], [ 516#include <sys/types.h> 517#include <sys/socket.h> 518]) 519 520# Messages for features tested for in target-specific section 521SIA_MSG="no" 522SPC_MSG="no" 523SP_MSG="no" 524SPP_MSG="no" 525 526# Support for Solaris/Illumos privileges (this test is used by both 527# the --with-solaris-privs option and --with-sandbox=solaris). 528SOLARIS_PRIVS="no" 529 530AC_CHECK_SIZEOF([size_t]) 531 532# Check for some target-specific stuff 533case "$host" in 534*-*-aix*) 535 # Some versions of VAC won't allow macro redefinitions at 536 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 537 # particularly with older versions of vac or xlc. 538 # It also throws errors about null macro arguments, but these are 539 # not fatal. 540 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 541 AC_COMPILE_IFELSE( 542 [AC_LANG_PROGRAM([[ 543#define testmacro foo 544#define testmacro bar]], 545 [[ exit(0); ]])], 546 [ AC_MSG_RESULT([yes]) ], 547 [ AC_MSG_RESULT([no]) 548 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 549 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 550 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 551 ] 552 ) 553 554 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 555 if (test -z "$blibpath"); then 556 blibpath="/usr/lib:/lib" 557 fi 558 saved_LDFLAGS="$LDFLAGS" 559 if test "$GCC" = "yes"; then 560 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 561 else 562 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 563 fi 564 for tryflags in $flags ;do 565 if (test -z "$blibflags"); then 566 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 567 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 568 [blibflags=$tryflags], []) 569 fi 570 done 571 if (test -z "$blibflags"); then 572 AC_MSG_RESULT([not found]) 573 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 574 else 575 AC_MSG_RESULT([$blibflags]) 576 fi 577 LDFLAGS="$saved_LDFLAGS" 578 dnl Check for authenticate. Might be in libs.a on older AIXes 579 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 580 [Define if you want to enable AIX4's authenticate function])], 581 [AC_CHECK_LIB([s], [authenticate], 582 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 583 LIBS="$LIBS -ls" 584 ]) 585 ]) 586 dnl Check for various auth function declarations in headers. 587 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 588 passwdexpired, setauthdb], , , [#include <usersec.h>]) 589 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 590 AC_CHECK_DECLS([loginfailed], 591 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 592 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 593 [[ (void)loginfailed("user","host","tty",0); ]])], 594 [AC_MSG_RESULT([yes]) 595 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 596 [Define if your AIX loginfailed() function 597 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 598 ])], 599 [], 600 [#include <usersec.h>] 601 ) 602 AC_CHECK_FUNCS([getgrset setauthdb]) 603 AC_CHECK_DECL([F_CLOSEM], 604 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 605 [], 606 [ #include <limits.h> 607 #include <fcntl.h> ] 608 ) 609 check_for_aix_broken_getaddrinfo=1 610 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 611 [Define if your platform breaks doing a seteuid before a setuid]) 612 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 613 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 614 dnl AIX handles lastlog as part of its login message 615 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 616 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 617 [Some systems need a utmpx entry for /bin/login to work]) 618 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 619 [Define to a Set Process Title type if your system is 620 supported by bsd-setproctitle.c]) 621 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 622 [AIX 5.2 and 5.3 (and presumably newer) require this]) 623 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 624 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 625 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 626 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 627 ;; 628*-*-android*) 629 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 630 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 631 ;; 632*-*-cygwin*) 633 check_for_libcrypt_later=1 634 LIBS="$LIBS /usr/lib/textreadmode.o" 635 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 636 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 637 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 638 [Define to disable UID restoration test]) 639 AC_DEFINE([DISABLE_SHADOW], [1], 640 [Define if you want to disable shadow passwords]) 641 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 642 [Define if X11 doesn't support AF_UNIX sockets on that system]) 643 AC_DEFINE([DISABLE_FD_PASSING], [1], 644 [Define if your platform needs to skip post auth 645 file descriptor passing]) 646 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 647 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 648 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 649 # reasons which cause compile warnings, so we disable those warnings. 650 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 651 ;; 652*-*-dgux*) 653 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 654 [Define if your system choked on IP TOS setting]) 655 AC_DEFINE([SETEUID_BREAKS_SETUID]) 656 AC_DEFINE([BROKEN_SETREUID]) 657 AC_DEFINE([BROKEN_SETREGID]) 658 ;; 659*-*-darwin*) 660 use_pie=auto 661 AC_MSG_CHECKING([if we have working getaddrinfo]) 662 AC_RUN_IFELSE([AC_LANG_SOURCE([[ 663#include <mach-o/dyld.h> 664#include <stdlib.h> 665main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 666 exit(0); 667 else 668 exit(1); 669} 670 ]])], 671 [AC_MSG_RESULT([working])], 672 [AC_MSG_RESULT([buggy]) 673 AC_DEFINE([BROKEN_GETADDRINFO], [1], 674 [getaddrinfo is broken (if present)]) 675 ], 676 [AC_MSG_RESULT([assume it is working])]) 677 AC_DEFINE([SETEUID_BREAKS_SETUID]) 678 AC_DEFINE([BROKEN_SETREUID]) 679 AC_DEFINE([BROKEN_SETREGID]) 680 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 681 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 682 [Define if your resolver libs need this for getrrsetbyname]) 683 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 684 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 685 [Use tunnel device compatibility to OpenBSD]) 686 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 687 [Prepend the address family to IP tunnel traffic]) 688 m4_pattern_allow([AU_IPv]) 689 AC_CHECK_DECL([AU_IPv4], [], 690 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 691 [#include <bsm/audit.h>] 692 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 693 [Define if pututxline updates lastlog too]) 694 ) 695 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 696 [Define to a Set Process Title type if your system is 697 supported by bsd-setproctitle.c]) 698 AC_CHECK_FUNCS([sandbox_init]) 699 AC_CHECK_HEADERS([sandbox.h]) 700 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 701 SSHDLIBS="$SSHDLIBS -lsandbox" 702 ]) 703 # proc_pidinfo()-based closefrom() replacement. 704 AC_CHECK_HEADERS([libproc.h]) 705 AC_CHECK_FUNCS([proc_pidinfo]) 706 ;; 707*-*-dragonfly*) 708 SSHDLIBS="$SSHDLIBS -lcrypt" 709 TEST_MALLOC_OPTIONS="AFGJPRX" 710 ;; 711*-*-haiku*) 712 LIBS="$LIBS -lbsd " 713 CFLAGS="$CFLAGS -D_BSD_SOURCE" 714 AC_CHECK_LIB([network], [socket]) 715 AC_DEFINE([HAVE_U_INT64_T]) 716 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 717 MANTYPE=man 718 ;; 719*-*-hpux*) 720 # first we define all of the options common to all HP-UX releases 721 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 722 IPADDR_IN_DISPLAY=yes 723 AC_DEFINE([USE_PIPES]) 724 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 725 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 726 [String used in /etc/passwd to denote locked account]) 727 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 728 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 729 maildir="/var/mail" 730 LIBS="$LIBS -lsec" 731 AC_CHECK_LIB([xnet], [t_error], , 732 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 733 734 # next, we define all of the options specific to major releases 735 case "$host" in 736 *-*-hpux10*) 737 if test -z "$GCC"; then 738 CFLAGS="$CFLAGS -Ae" 739 fi 740 ;; 741 *-*-hpux11*) 742 AC_DEFINE([PAM_SUN_CODEBASE], [1], 743 [Define if you are using Solaris-derived PAM which 744 passes pam_messages to the conversation function 745 with an extra level of indirection]) 746 AC_DEFINE([DISABLE_UTMP], [1], 747 [Define if you don't want to use utmp]) 748 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 749 check_for_hpux_broken_getaddrinfo=1 750 check_for_conflicting_getspnam=1 751 ;; 752 esac 753 754 # lastly, we define options specific to minor releases 755 case "$host" in 756 *-*-hpux10.26) 757 AC_DEFINE([HAVE_SECUREWARE], [1], 758 [Define if you have SecureWare-based 759 protected password database]) 760 disable_ptmx_check=yes 761 LIBS="$LIBS -lsecpw" 762 ;; 763 esac 764 ;; 765*-*-irix5*) 766 PATH="$PATH:/usr/etc" 767 AC_DEFINE([BROKEN_INET_NTOA], [1], 768 [Define if you system's inet_ntoa is busted 769 (e.g. Irix gcc issue)]) 770 AC_DEFINE([SETEUID_BREAKS_SETUID]) 771 AC_DEFINE([BROKEN_SETREUID]) 772 AC_DEFINE([BROKEN_SETREGID]) 773 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 774 [Define if you shouldn't strip 'tty' from your 775 ttyname in [uw]tmp]) 776 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 777 ;; 778*-*-irix6*) 779 PATH="$PATH:/usr/etc" 780 AC_DEFINE([WITH_IRIX_ARRAY], [1], 781 [Define if you have/want arrays 782 (cluster-wide session management, not C arrays)]) 783 AC_DEFINE([WITH_IRIX_PROJECT], [1], 784 [Define if you want IRIX project management]) 785 AC_DEFINE([WITH_IRIX_AUDIT], [1], 786 [Define if you want IRIX audit trails]) 787 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 788 [Define if you want IRIX kernel jobs])]) 789 AC_DEFINE([BROKEN_INET_NTOA]) 790 AC_DEFINE([SETEUID_BREAKS_SETUID]) 791 AC_DEFINE([BROKEN_SETREUID]) 792 AC_DEFINE([BROKEN_SETREGID]) 793 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 794 AC_DEFINE([WITH_ABBREV_NO_TTY]) 795 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 796 ;; 797*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 798 check_for_libcrypt_later=1 799 AC_DEFINE([PAM_TTY_KLUDGE]) 800 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 801 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 802 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 803 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 804 ;; 805*-*-linux*) 806 no_dev_ptmx=1 807 use_pie=auto 808 check_for_libcrypt_later=1 809 check_for_openpty_ctty_bug=1 810 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 811 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 812 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" 813 AC_DEFINE([PAM_TTY_KLUDGE], [1], 814 [Work around problematic Linux PAM modules handling of PAM_TTY]) 815 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 816 [String used in /etc/passwd to denote locked account]) 817 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 818 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 819 [Define to whatever link() returns for "not supported" 820 if it doesn't return EOPNOTSUPP.]) 821 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 822 AC_DEFINE([USE_BTMP]) 823 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 824 inet6_default_4in6=yes 825 case `uname -r` in 826 1.*|2.0.*) 827 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 828 [Define if cmsg_type is not passed correctly]) 829 ;; 830 esac 831 # tun(4) forwarding compat code 832 AC_CHECK_HEADERS([linux/if_tun.h]) 833 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 834 AC_DEFINE([SSH_TUN_LINUX], [1], 835 [Open tunnel devices the Linux tun/tap way]) 836 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 837 [Use tunnel device compatibility to OpenBSD]) 838 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 839 [Prepend the address family to IP tunnel traffic]) 840 fi 841 AC_CHECK_HEADER([linux/if.h], 842 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 843 [Support routing domains using Linux VRF]), [], [ 844#ifdef HAVE_SYS_TYPES_H 845# include <sys/types.h> 846#endif 847 ]) 848 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 849 [], [#include <linux/types.h>]) 850 # Obtain MIPS ABI 851 case "$host" in 852 mips*) 853 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 854#if _MIPS_SIM != _ABIO32 855#error 856#endif 857 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 858#if _MIPS_SIM != _ABIN32 859#error 860#endif 861 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 862#if _MIPS_SIM != _ABI64 863#error 864#endif 865 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 866 ]) 867 ]) 868 ]) 869 ;; 870 esac 871 AC_MSG_CHECKING([for seccomp architecture]) 872 seccomp_audit_arch= 873 case "$host" in 874 x86_64-*) 875 seccomp_audit_arch=AUDIT_ARCH_X86_64 876 # X32: AMD64 instructions in 32bit address space. 877 if test "x$ac_cv_sizeof_size_t" = "x4" ; then 878 seccomp_audit_arch=AUDIT_ARCH_I386 879 fi 880 ;; 881 i*86-*) 882 seccomp_audit_arch=AUDIT_ARCH_I386 883 ;; 884 arm*-*) 885 seccomp_audit_arch=AUDIT_ARCH_ARM 886 ;; 887 aarch64*-*) 888 seccomp_audit_arch=AUDIT_ARCH_AARCH64 889 ;; 890 s390x-*) 891 seccomp_audit_arch=AUDIT_ARCH_S390X 892 ;; 893 s390-*) 894 seccomp_audit_arch=AUDIT_ARCH_S390 895 ;; 896 powerpc64-*) 897 seccomp_audit_arch=AUDIT_ARCH_PPC64 898 ;; 899 powerpc64le-*) 900 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 901 ;; 902 mips-*) 903 seccomp_audit_arch=AUDIT_ARCH_MIPS 904 ;; 905 mipsel-*) 906 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 907 ;; 908 mips64-*) 909 case "$mips_abi" in 910 "n32") 911 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 912 ;; 913 "n64") 914 seccomp_audit_arch=AUDIT_ARCH_MIPS64 915 ;; 916 esac 917 ;; 918 mips64el-*) 919 case "$mips_abi" in 920 "n32") 921 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 922 ;; 923 "n64") 924 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 925 ;; 926 esac 927 ;; 928 riscv64-*) 929 seccomp_audit_arch=AUDIT_ARCH_RISCV64 930 ;; 931 esac 932 if test "x$seccomp_audit_arch" != "x" ; then 933 AC_MSG_RESULT(["$seccomp_audit_arch"]) 934 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 935 [Specify the system call convention in use]) 936 else 937 AC_MSG_RESULT([architecture not supported]) 938 fi 939 ;; 940mips-sony-bsd|mips-sony-newsos4) 941 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 942 SONY=1 943 ;; 944*-*-netbsd*) 945 check_for_libcrypt_before=1 946 if test "x$withval" != "xno" ; then 947 rpath_opt="-R" 948 fi 949 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 950 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 951 AC_CHECK_HEADER([net/if_tap.h], , 952 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 953 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 954 [Prepend the address family to IP tunnel traffic]) 955 TEST_MALLOC_OPTIONS="AJRX" 956 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 957 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 958 ;; 959*-*-freebsd*) 960 check_for_libcrypt_later=1 961 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 962 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 963 AC_CHECK_HEADER([net/if_tap.h], , 964 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 965 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 966 TEST_MALLOC_OPTIONS="AJRX" 967 # Preauth crypto occasionally uses file descriptors for crypto offload 968 # and will crash if they cannot be opened. 969 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 970 [define if setrlimit RLIMIT_NOFILE breaks things]) 971 ;; 972*-*-bsdi*) 973 AC_DEFINE([SETEUID_BREAKS_SETUID]) 974 AC_DEFINE([BROKEN_SETREUID]) 975 AC_DEFINE([BROKEN_SETREGID]) 976 ;; 977*-next-*) 978 conf_lastlog_location="/usr/adm/lastlog" 979 conf_utmp_location=/etc/utmp 980 conf_wtmp_location=/usr/adm/wtmp 981 maildir=/usr/spool/mail 982 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 983 AC_DEFINE([USE_PIPES]) 984 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 985 ;; 986*-*-openbsd*) 987 use_pie=auto 988 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 989 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 990 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 991 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 992 [syslog_r function is safe to use in in a signal handler]) 993 TEST_MALLOC_OPTIONS="AFGJPRX" 994 ;; 995*-*-solaris*) 996 if test "x$withval" != "xno" ; then 997 rpath_opt="-R" 998 fi 999 AC_DEFINE([PAM_SUN_CODEBASE]) 1000 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 1001 AC_DEFINE([PAM_TTY_KLUDGE]) 1002 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 1003 [Define if pam_chauthtok wants real uid set 1004 to the unpriv'ed user]) 1005 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1006 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 1007 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 1008 [Define if sshd somehow reacquires a controlling TTY 1009 after setsid()]) 1010 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1011 in case the name is longer than 8 chars]) 1012 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1013 external_path_file=/etc/default/login 1014 # hardwire lastlog location (can't detect it on some versions) 1015 conf_lastlog_location="/var/adm/lastlog" 1016 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1017 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1018 if test "$sol2ver" -ge 8; then 1019 AC_MSG_RESULT([yes]) 1020 AC_DEFINE([DISABLE_UTMP]) 1021 AC_DEFINE([DISABLE_WTMP], [1], 1022 [Define if you don't want to use wtmp]) 1023 else 1024 AC_MSG_RESULT([no]) 1025 fi 1026 AC_CHECK_FUNCS([setpflags]) 1027 AC_CHECK_FUNCS([setppriv]) 1028 AC_CHECK_FUNCS([priv_basicset]) 1029 AC_CHECK_HEADERS([priv.h]) 1030 AC_ARG_WITH([solaris-contracts], 1031 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1032 [ 1033 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1034 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1035 [Define if you have Solaris process contracts]) 1036 LIBS="$LIBS -lcontract" 1037 SPC_MSG="yes" ], ) 1038 ], 1039 ) 1040 AC_ARG_WITH([solaris-projects], 1041 [ --with-solaris-projects Enable Solaris projects (experimental)], 1042 [ 1043 AC_CHECK_LIB([project], [setproject], 1044 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1045 [Define if you have Solaris projects]) 1046 LIBS="$LIBS -lproject" 1047 SP_MSG="yes" ], ) 1048 ], 1049 ) 1050 AC_ARG_WITH([solaris-privs], 1051 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1052 [ 1053 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1054 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1055 "x$ac_cv_header_priv_h" = "xyes" ; then 1056 SOLARIS_PRIVS=yes 1057 AC_MSG_RESULT([found]) 1058 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1059 [Define to disable UID restoration test]) 1060 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1061 [Define if you have Solaris privileges]) 1062 SPP_MSG="yes" 1063 else 1064 AC_MSG_RESULT([not found]) 1065 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1066 fi 1067 ], 1068 ) 1069 TEST_SHELL=$SHELL # let configure find us a capable shell 1070 ;; 1071*-*-sunos4*) 1072 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1073 AC_CHECK_FUNCS([getpwanam]) 1074 AC_DEFINE([PAM_SUN_CODEBASE]) 1075 conf_utmp_location=/etc/utmp 1076 conf_wtmp_location=/var/adm/wtmp 1077 conf_lastlog_location=/var/adm/lastlog 1078 AC_DEFINE([USE_PIPES]) 1079 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1080 ;; 1081*-ncr-sysv*) 1082 LIBS="$LIBS -lc89" 1083 AC_DEFINE([USE_PIPES]) 1084 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1085 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1086 AC_DEFINE([BROKEN_SETREUID]) 1087 AC_DEFINE([BROKEN_SETREGID]) 1088 ;; 1089*-sni-sysv*) 1090 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1091 AC_CHECK_LIB([dl], [dlsym], ,) 1092 # -lresolv needs to be at the end of LIBS or DNS lookups break 1093 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1094 IPADDR_IN_DISPLAY=yes 1095 AC_DEFINE([USE_PIPES]) 1096 AC_DEFINE([IP_TOS_IS_BROKEN]) 1097 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1098 AC_DEFINE([BROKEN_SETREUID]) 1099 AC_DEFINE([BROKEN_SETREGID]) 1100 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1101 external_path_file=/etc/default/login 1102 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1103 # Attention: always take care to bind libsocket and libnsl before libc, 1104 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1105 ;; 1106# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1107*-*-sysv4.2*) 1108 AC_DEFINE([USE_PIPES]) 1109 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1110 AC_DEFINE([BROKEN_SETREUID]) 1111 AC_DEFINE([BROKEN_SETREGID]) 1112 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1113 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1114 TEST_SHELL=$SHELL # let configure find us a capable shell 1115 ;; 1116# UnixWare 7.x, OpenUNIX 8 1117*-*-sysv5*) 1118 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1119 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1120 AC_DEFINE([USE_PIPES]) 1121 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1122 AC_DEFINE([BROKEN_GETADDRINFO]) 1123 AC_DEFINE([BROKEN_SETREUID]) 1124 AC_DEFINE([BROKEN_SETREGID]) 1125 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1126 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1127 TEST_SHELL=$SHELL # let configure find us a capable shell 1128 check_for_libcrypt_later=1 1129 case "$host" in 1130 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1131 maildir=/var/spool/mail 1132 AC_DEFINE([BROKEN_UPDWTMPX]) 1133 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1134 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1135 ], , ) 1136 ;; 1137 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1138 ;; 1139 esac 1140 ;; 1141*-*-sysv*) 1142 ;; 1143# SCO UNIX and OEM versions of SCO UNIX 1144*-*-sco3.2v4*) 1145 AC_MSG_ERROR("This Platform is no longer supported.") 1146 ;; 1147# SCO OpenServer 5.x 1148*-*-sco3.2v5*) 1149 if test -z "$GCC"; then 1150 CFLAGS="$CFLAGS -belf" 1151 fi 1152 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1153 no_dev_ptmx=1 1154 AC_DEFINE([USE_PIPES]) 1155 AC_DEFINE([HAVE_SECUREWARE]) 1156 AC_DEFINE([DISABLE_SHADOW]) 1157 AC_DEFINE([DISABLE_FD_PASSING]) 1158 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1159 AC_DEFINE([BROKEN_GETADDRINFO]) 1160 AC_DEFINE([BROKEN_SETREUID]) 1161 AC_DEFINE([BROKEN_SETREGID]) 1162 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1163 AC_DEFINE([BROKEN_UPDWTMPX]) 1164 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1165 AC_CHECK_FUNCS([getluid setluid]) 1166 MANTYPE=man 1167 TEST_SHELL=$SHELL # let configure find us a capable shell 1168 SKIP_DISABLE_LASTLOG_DEFINE=yes 1169 ;; 1170*-dec-osf*) 1171 AC_MSG_CHECKING([for Digital Unix SIA]) 1172 no_osfsia="" 1173 AC_ARG_WITH([osfsia], 1174 [ --with-osfsia Enable Digital Unix SIA], 1175 [ 1176 if test "x$withval" = "xno" ; then 1177 AC_MSG_RESULT([disabled]) 1178 no_osfsia=1 1179 fi 1180 ], 1181 ) 1182 if test -z "$no_osfsia" ; then 1183 if test -f /etc/sia/matrix.conf; then 1184 AC_MSG_RESULT([yes]) 1185 AC_DEFINE([HAVE_OSF_SIA], [1], 1186 [Define if you have Digital Unix Security 1187 Integration Architecture]) 1188 AC_DEFINE([DISABLE_LOGIN], [1], 1189 [Define if you don't want to use your 1190 system's login() call]) 1191 AC_DEFINE([DISABLE_FD_PASSING]) 1192 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1193 SIA_MSG="yes" 1194 else 1195 AC_MSG_RESULT([no]) 1196 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1197 [String used in /etc/passwd to denote locked account]) 1198 fi 1199 fi 1200 AC_DEFINE([BROKEN_GETADDRINFO]) 1201 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1202 AC_DEFINE([BROKEN_SETREUID]) 1203 AC_DEFINE([BROKEN_SETREGID]) 1204 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1205 ;; 1206 1207*-*-nto-qnx*) 1208 AC_DEFINE([USE_PIPES]) 1209 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1210 AC_DEFINE([DISABLE_LASTLOG]) 1211 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1212 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1213 enable_etc_default_login=no # has incompatible /etc/default/login 1214 case "$host" in 1215 *-*-nto-qnx6*) 1216 AC_DEFINE([DISABLE_FD_PASSING]) 1217 ;; 1218 esac 1219 ;; 1220 1221*-*-ultrix*) 1222 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1223 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1224 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1225 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1226 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1227 # don't get a controlling tty. 1228 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1229 # On Ultrix some headers are not protected against multiple includes, 1230 # so we create wrappers and put it where the compiler will find it. 1231 AC_MSG_WARN([creating compat wrappers for headers]) 1232 mkdir -p netinet 1233 for header in netinet/ip.h netdb.h resolv.h; do 1234 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1235 cat >$header <<EOD 1236#ifndef _SSH_COMPAT_${name} 1237#define _SSH_COMPAT_${name} 1238#include "/usr/include/${header}" 1239#endif 1240EOD 1241 done 1242 ;; 1243 1244*-*-lynxos) 1245 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1246 AC_DEFINE([BROKEN_SETVBUF], [1], 1247 [LynxOS has broken setvbuf() implementation]) 1248 ;; 1249esac 1250 1251AC_MSG_CHECKING([compiler and flags for sanity]) 1252AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])], 1253 [ AC_MSG_RESULT([yes]) ], 1254 [ 1255 AC_MSG_RESULT([no]) 1256 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1257 ], 1258 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1259) 1260 1261dnl Checks for header files. 1262# Checks for libraries. 1263AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1264 1265dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1266AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1267 AC_CHECK_LIB([gen], [dirname], [ 1268 AC_CACHE_CHECK([for broken dirname], 1269 ac_cv_have_broken_dirname, [ 1270 save_LIBS="$LIBS" 1271 LIBS="$LIBS -lgen" 1272 AC_RUN_IFELSE( 1273 [AC_LANG_SOURCE([[ 1274#include <libgen.h> 1275#include <string.h> 1276#include <stdlib.h> 1277 1278int main(int argc, char **argv) { 1279 char *s, buf[32]; 1280 1281 strncpy(buf,"/etc", 32); 1282 s = dirname(buf); 1283 if (!s || strncmp(s, "/", 32) != 0) { 1284 exit(1); 1285 } else { 1286 exit(0); 1287 } 1288} 1289 ]])], 1290 [ ac_cv_have_broken_dirname="no" ], 1291 [ ac_cv_have_broken_dirname="yes" ], 1292 [ ac_cv_have_broken_dirname="no" ], 1293 ) 1294 LIBS="$save_LIBS" 1295 ]) 1296 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1297 LIBS="$LIBS -lgen" 1298 AC_DEFINE([HAVE_DIRNAME]) 1299 AC_CHECK_HEADERS([libgen.h]) 1300 fi 1301 ]) 1302]) 1303 1304AC_CHECK_FUNC([getspnam], , 1305 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1306AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1307 [Define if you have the basename function.])]) 1308 1309dnl zlib defaults to enabled 1310zlib=yes 1311AC_ARG_WITH([zlib], 1312 [ --with-zlib=PATH Use zlib in PATH], 1313 [ if test "x$withval" = "xno" ; then 1314 zlib=no 1315 elif test "x$withval" != "xyes"; then 1316 if test -d "$withval/lib"; then 1317 if test -n "${rpath_opt}"; then 1318 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1319 else 1320 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1321 fi 1322 else 1323 if test -n "${rpath_opt}"; then 1324 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1325 else 1326 LDFLAGS="-L${withval} ${LDFLAGS}" 1327 fi 1328 fi 1329 if test -d "$withval/include"; then 1330 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1331 else 1332 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1333 fi 1334 fi ] 1335) 1336 1337AC_MSG_CHECKING([for zlib]) 1338if test "x${zlib}" = "xno"; then 1339 AC_MSG_RESULT([no]) 1340else 1341 AC_MSG_RESULT([yes]) 1342 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1343 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1344 AC_CHECK_LIB([z], [deflate], , 1345 [ 1346 saved_CPPFLAGS="$CPPFLAGS" 1347 saved_LDFLAGS="$LDFLAGS" 1348 save_LIBS="$LIBS" 1349 dnl Check default zlib install dir 1350 if test -n "${rpath_opt}"; then 1351 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1352 else 1353 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1354 fi 1355 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1356 LIBS="$LIBS -lz" 1357 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1358 [ 1359 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1360 ] 1361 ) 1362 ] 1363 ) 1364 1365 AC_ARG_WITH([zlib-version-check], 1366 [ --without-zlib-version-check Disable zlib version check], 1367 [ if test "x$withval" = "xno" ; then 1368 zlib_check_nonfatal=1 1369 fi 1370 ] 1371 ) 1372 1373 AC_MSG_CHECKING([for possibly buggy zlib]) 1374 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1375#include <stdio.h> 1376#include <stdlib.h> 1377#include <zlib.h> 1378 ]], 1379 [[ 1380 int a=0, b=0, c=0, d=0, n, v; 1381 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1382 if (n != 3 && n != 4) 1383 exit(1); 1384 v = a*1000000 + b*10000 + c*100 + d; 1385 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1386 1387 /* 1.1.4 is OK */ 1388 if (a == 1 && b == 1 && c >= 4) 1389 exit(0); 1390 1391 /* 1.2.3 and up are OK */ 1392 if (v >= 1020300) 1393 exit(0); 1394 1395 exit(2); 1396 ]])], 1397 AC_MSG_RESULT([no]), 1398 [ AC_MSG_RESULT([yes]) 1399 if test -z "$zlib_check_nonfatal" ; then 1400 AC_MSG_ERROR([*** zlib too old - check config.log *** 1401Your reported zlib version has known security problems. It's possible your 1402vendor has fixed these problems without changing the version number. If you 1403are sure this is the case, you can disable the check by running 1404"./configure --without-zlib-version-check". 1405If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1406See http://www.gzip.org/zlib/ for details.]) 1407 else 1408 AC_MSG_WARN([zlib version may have security problems]) 1409 fi 1410 ], 1411 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1412 ) 1413fi 1414 1415dnl UnixWare 2.x 1416AC_CHECK_FUNC([strcasecmp], 1417 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1418) 1419AC_CHECK_FUNCS([utimes], 1420 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1421 LIBS="$LIBS -lc89"]) ] 1422) 1423 1424dnl Checks for libutil functions 1425AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1426AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1427AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1428AC_SEARCH_LIBS([login], [util bsd]) 1429AC_SEARCH_LIBS([logout], [util bsd]) 1430AC_SEARCH_LIBS([logwtmp], [util bsd]) 1431AC_SEARCH_LIBS([openpty], [util bsd]) 1432AC_SEARCH_LIBS([updwtmp], [util bsd]) 1433AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1434 1435# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1436# or libnsl. 1437AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1438AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1439 1440# "Particular Function Checks" 1441# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1442AC_FUNC_STRFTIME 1443AC_FUNC_MALLOC 1444AC_FUNC_REALLOC 1445# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1446AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1447AC_RUN_IFELSE( 1448 [AC_LANG_PROGRAM( 1449 [[ #include <stdlib.h> ]], 1450 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1451 )], 1452 [ func_calloc_0_nonnull=yes ], 1453 [ func_calloc_0_nonnull=no ], 1454 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1455 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1456) 1457AC_MSG_RESULT([$func_calloc_0_nonnull]) 1458 1459if test "x$func_calloc_0_nonnull" = "xyes"; then 1460 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1461else 1462 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1463 AC_DEFINE(calloc, rpl_calloc, 1464 [Define to rpl_calloc if the replacement function should be used.]) 1465fi 1466 1467# Check for ALTDIRFUNC glob() extension 1468AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1469AC_EGREP_CPP([FOUNDIT], 1470 [ 1471 #include <glob.h> 1472 #ifdef GLOB_ALTDIRFUNC 1473 FOUNDIT 1474 #endif 1475 ], 1476 [ 1477 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1478 [Define if your system glob() function has 1479 the GLOB_ALTDIRFUNC extension]) 1480 AC_MSG_RESULT([yes]) 1481 ], 1482 [ 1483 AC_MSG_RESULT([no]) 1484 ] 1485) 1486 1487# Check for g.gl_matchc glob() extension 1488AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1489AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1490 [[ glob_t g; g.gl_matchc = 1; ]])], 1491 [ 1492 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1493 [Define if your system glob() function has 1494 gl_matchc options in glob_t]) 1495 AC_MSG_RESULT([yes]) 1496 ], [ 1497 AC_MSG_RESULT([no]) 1498]) 1499 1500# Check for g.gl_statv glob() extension 1501AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1502AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1503#ifndef GLOB_KEEPSTAT 1504#error "glob does not support GLOB_KEEPSTAT extension" 1505#endif 1506glob_t g; 1507g.gl_statv = NULL; 1508]])], 1509 [ 1510 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1511 [Define if your system glob() function has 1512 gl_statv options in glob_t]) 1513 AC_MSG_RESULT([yes]) 1514 ], [ 1515 AC_MSG_RESULT([no]) 1516 1517]) 1518 1519AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1520 1521AC_CHECK_DECL([VIS_ALL], , 1522 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1523 1524AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1525AC_RUN_IFELSE( 1526 [AC_LANG_PROGRAM([[ 1527#include <sys/types.h> 1528#include <dirent.h> 1529#include <stdlib.h> 1530 ]], 1531 [[ 1532 struct dirent d; 1533 exit(sizeof(d.d_name)<=sizeof(char)); 1534 ]])], 1535 [AC_MSG_RESULT([yes])], 1536 [ 1537 AC_MSG_RESULT([no]) 1538 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1539 [Define if your struct dirent expects you to 1540 allocate extra space for d_name]) 1541 ], 1542 [ 1543 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1544 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1545 ] 1546) 1547 1548AC_MSG_CHECKING([for /proc/pid/fd directory]) 1549if test -d "/proc/$$/fd" ; then 1550 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1551 AC_MSG_RESULT([yes]) 1552else 1553 AC_MSG_RESULT([no]) 1554fi 1555 1556# Check whether user wants to use ldns 1557LDNS_MSG="no" 1558AC_ARG_WITH(ldns, 1559 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1560 [ 1561 ldns="" 1562 if test "x$withval" = "xyes" ; then 1563 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1564 if test "x$LDNSCONFIG" = "xno"; then 1565 LIBS="-lldns $LIBS" 1566 ldns=yes 1567 else 1568 LIBS="$LIBS `$LDNSCONFIG --libs`" 1569 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1570 ldns=yes 1571 fi 1572 elif test "x$withval" != "xno" ; then 1573 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1574 LDFLAGS="$LDFLAGS -L${withval}/lib" 1575 LIBS="-lldns $LIBS" 1576 ldns=yes 1577 fi 1578 1579 # Verify that it works. 1580 if test "x$ldns" = "xyes" ; then 1581 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1582 LDNS_MSG="yes" 1583 AC_MSG_CHECKING([for ldns support]) 1584 AC_LINK_IFELSE( 1585 [AC_LANG_SOURCE([[ 1586#include <stdio.h> 1587#include <stdlib.h> 1588#ifdef HAVE_STDINT_H 1589# include <stdint.h> 1590#endif 1591#include <ldns/ldns.h> 1592int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1593 ]]) 1594 ], 1595 [AC_MSG_RESULT(yes)], 1596 [ 1597 AC_MSG_RESULT(no) 1598 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1599 ]) 1600 fi 1601]) 1602 1603# Check whether user wants libedit support 1604LIBEDIT_MSG="no" 1605AC_ARG_WITH([libedit], 1606 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1607 [ if test "x$withval" != "xno" ; then 1608 if test "x$withval" = "xyes" ; then 1609 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1610 if test "x$PKGCONFIG" != "xno"; then 1611 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1612 if "$PKGCONFIG" libedit; then 1613 AC_MSG_RESULT([yes]) 1614 use_pkgconfig_for_libedit=yes 1615 else 1616 AC_MSG_RESULT([no]) 1617 fi 1618 fi 1619 else 1620 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1621 if test -n "${rpath_opt}"; then 1622 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1623 else 1624 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1625 fi 1626 fi 1627 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1628 LIBEDIT=`$PKGCONFIG --libs libedit` 1629 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1630 else 1631 LIBEDIT="-ledit -lcurses" 1632 fi 1633 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1634 AC_CHECK_LIB([edit], [el_init], 1635 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1636 LIBEDIT_MSG="yes" 1637 AC_SUBST([LIBEDIT]) 1638 ], 1639 [ AC_MSG_ERROR([libedit not found]) ], 1640 [ $OTHERLIBS ] 1641 ) 1642 AC_MSG_CHECKING([if libedit version is compatible]) 1643 AC_COMPILE_IFELSE( 1644 [AC_LANG_PROGRAM([[ 1645#include <histedit.h> 1646#include <stdlib.h> 1647 ]], 1648 [[ 1649 int i = H_SETSIZE; 1650 el_init("", NULL, NULL, NULL); 1651 exit(0); 1652 ]])], 1653 [ AC_MSG_RESULT([yes]) ], 1654 [ AC_MSG_RESULT([no]) 1655 AC_MSG_ERROR([libedit version is not compatible]) ] 1656 ) 1657 fi ] 1658) 1659 1660AUDIT_MODULE=none 1661AC_ARG_WITH([audit], 1662 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1663 [ 1664 AC_MSG_CHECKING([for supported audit module]) 1665 case "$withval" in 1666 bsm) 1667 AC_MSG_RESULT([bsm]) 1668 AUDIT_MODULE=bsm 1669 dnl Checks for headers, libs and functions 1670 AC_CHECK_HEADERS([bsm/audit.h], [], 1671 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1672 [ 1673#ifdef HAVE_TIME_H 1674# include <time.h> 1675#endif 1676 ] 1677) 1678 AC_CHECK_LIB([bsm], [getaudit], [], 1679 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1680 AC_CHECK_FUNCS([getaudit], [], 1681 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1682 # These are optional 1683 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1684 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1685 if test "$sol2ver" -ge 11; then 1686 SSHDLIBS="$SSHDLIBS -lscf" 1687 AC_DEFINE([BROKEN_BSM_API], [1], 1688 [The system has incomplete BSM API]) 1689 fi 1690 ;; 1691 linux) 1692 AC_MSG_RESULT([linux]) 1693 AUDIT_MODULE=linux 1694 dnl Checks for headers, libs and functions 1695 AC_CHECK_HEADERS([libaudit.h]) 1696 SSHDLIBS="$SSHDLIBS -laudit" 1697 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1698 ;; 1699 debug) 1700 AUDIT_MODULE=debug 1701 AC_MSG_RESULT([debug]) 1702 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1703 ;; 1704 no) 1705 AC_MSG_RESULT([no]) 1706 ;; 1707 *) 1708 AC_MSG_ERROR([Unknown audit module $withval]) 1709 ;; 1710 esac ] 1711) 1712 1713AC_ARG_WITH([pie], 1714 [ --with-pie Build Position Independent Executables if possible], [ 1715 if test "x$withval" = "xno"; then 1716 use_pie=no 1717 fi 1718 if test "x$withval" = "xyes"; then 1719 use_pie=yes 1720 fi 1721 ] 1722) 1723if test "x$use_pie" = "x"; then 1724 use_pie=no 1725fi 1726if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1727 # Turn off automatic PIE when toolchain hardening is off. 1728 use_pie=no 1729fi 1730if test "x$use_pie" = "xauto"; then 1731 # Automatic PIE requires gcc >= 4.x 1732 AC_MSG_CHECKING([for gcc >= 4.x]) 1733 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1734#if !defined(__GNUC__) || __GNUC__ < 4 1735#error gcc is too old 1736#endif 1737]])], 1738 [ AC_MSG_RESULT([yes]) ], 1739 [ AC_MSG_RESULT([no]) 1740 use_pie=no ] 1741) 1742fi 1743if test "x$use_pie" != "xno"; then 1744 SAVED_CFLAGS="$CFLAGS" 1745 SAVED_LDFLAGS="$LDFLAGS" 1746 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1747 OSSH_CHECK_LDFLAG_LINK([-pie]) 1748 # We use both -fPIE and -pie or neither. 1749 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1750 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1751 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1752 AC_MSG_RESULT([yes]) 1753 else 1754 AC_MSG_RESULT([no]) 1755 CFLAGS="$SAVED_CFLAGS" 1756 LDFLAGS="$SAVED_LDFLAGS" 1757 fi 1758fi 1759 1760AC_MSG_CHECKING([whether -fPIC is accepted]) 1761SAVED_CFLAGS="$CFLAGS" 1762CFLAGS="$CFLAGS -fPIC" 1763AC_COMPILE_IFELSE( 1764 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1765 [AC_MSG_RESULT([yes]) 1766 PICFLAG="-fPIC"; ], 1767 [AC_MSG_RESULT([no]) 1768 PICFLAG=""; ]) 1769CFLAGS="$SAVED_CFLAGS" 1770AC_SUBST([PICFLAG]) 1771 1772dnl Checks for library functions. Please keep in alphabetical order 1773AC_CHECK_FUNCS([ \ 1774 Blowfish_initstate \ 1775 Blowfish_expandstate \ 1776 Blowfish_expand0state \ 1777 Blowfish_stream2word \ 1778 SHA256Update \ 1779 SHA384Update \ 1780 SHA512Update \ 1781 asprintf \ 1782 b64_ntop \ 1783 __b64_ntop \ 1784 b64_pton \ 1785 __b64_pton \ 1786 bcopy \ 1787 bcrypt_pbkdf \ 1788 bindresvport_sa \ 1789 blf_enc \ 1790 bzero \ 1791 cap_rights_limit \ 1792 clock \ 1793 closefrom \ 1794 dirfd \ 1795 endgrent \ 1796 err \ 1797 errx \ 1798 explicit_bzero \ 1799 fchmod \ 1800 fchmodat \ 1801 fchown \ 1802 fchownat \ 1803 flock \ 1804 fnmatch \ 1805 freeaddrinfo \ 1806 freezero \ 1807 fstatfs \ 1808 fstatvfs \ 1809 futimes \ 1810 getaddrinfo \ 1811 getcwd \ 1812 getgrouplist \ 1813 getline \ 1814 getnameinfo \ 1815 getopt \ 1816 getpagesize \ 1817 getpeereid \ 1818 getpeerucred \ 1819 getpgid \ 1820 _getpty \ 1821 getrlimit \ 1822 getrandom \ 1823 getsid \ 1824 getttyent \ 1825 glob \ 1826 group_from_gid \ 1827 inet_aton \ 1828 inet_ntoa \ 1829 inet_ntop \ 1830 innetgr \ 1831 llabs \ 1832 localtime_r \ 1833 login_getcapbool \ 1834 md5_crypt \ 1835 memmem \ 1836 memmove \ 1837 memset_s \ 1838 mkdtemp \ 1839 ngetaddrinfo \ 1840 nsleep \ 1841 ogetaddrinfo \ 1842 openlog_r \ 1843 pledge \ 1844 poll \ 1845 prctl \ 1846 pstat \ 1847 raise \ 1848 readpassphrase \ 1849 reallocarray \ 1850 realpath \ 1851 recvmsg \ 1852 recallocarray \ 1853 rresvport_af \ 1854 sendmsg \ 1855 setdtablesize \ 1856 setegid \ 1857 setenv \ 1858 seteuid \ 1859 setgroupent \ 1860 setgroups \ 1861 setlinebuf \ 1862 setlogin \ 1863 setpassent\ 1864 setpcred \ 1865 setproctitle \ 1866 setregid \ 1867 setreuid \ 1868 setrlimit \ 1869 setsid \ 1870 setvbuf \ 1871 sigaction \ 1872 sigvec \ 1873 snprintf \ 1874 socketpair \ 1875 statfs \ 1876 statvfs \ 1877 strcasestr \ 1878 strdup \ 1879 strerror \ 1880 strlcat \ 1881 strlcpy \ 1882 strmode \ 1883 strndup \ 1884 strnlen \ 1885 strnvis \ 1886 strptime \ 1887 strsignal \ 1888 strtonum \ 1889 strtoll \ 1890 strtoul \ 1891 strtoull \ 1892 swap32 \ 1893 sysconf \ 1894 tcgetpgrp \ 1895 timingsafe_bcmp \ 1896 truncate \ 1897 unsetenv \ 1898 updwtmpx \ 1899 utimensat \ 1900 user_from_uid \ 1901 usleep \ 1902 vasprintf \ 1903 vsnprintf \ 1904 waitpid \ 1905 warn \ 1906]) 1907 1908AC_CHECK_DECLS([bzero, memmem]) 1909 1910dnl Wide character support. 1911AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1912 1913TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 1914AC_MSG_CHECKING([for utf8 locale support]) 1915AC_RUN_IFELSE( 1916 [AC_LANG_PROGRAM([[ 1917#include <locale.h> 1918#include <stdlib.h> 1919 ]], [[ 1920 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 1921 if (loc != NULL) 1922 exit(0); 1923 exit(1); 1924 ]])], 1925 AC_MSG_RESULT(yes), 1926 [AC_MSG_RESULT(no) 1927 TEST_SSH_UTF8=no], 1928 AC_MSG_WARN([cross compiling: assuming yes]) 1929) 1930 1931AC_LINK_IFELSE( 1932 [AC_LANG_PROGRAM( 1933 [[ #include <ctype.h> ]], 1934 [[ return (isblank('a')); ]])], 1935 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1936]) 1937 1938disable_pkcs11= 1939AC_ARG_ENABLE([pkcs11], 1940 [ --disable-pkcs11 disable PKCS#11 support code [no]], 1941 [ 1942 if test "x$enableval" = "xno" ; then 1943 disable_pkcs11=1 1944 fi 1945 ] 1946) 1947 1948disable_sk= 1949AC_ARG_ENABLE([security-key], 1950 [ --disable-security-key disable U2F/FIDO support code [no]], 1951 [ 1952 if test "x$enableval" = "xno" ; then 1953 disable_sk=1 1954 fi 1955 ] 1956) 1957enable_sk_internal= 1958AC_ARG_WITH([security-key-builtin], 1959 [ --with-security-key-builtin include builtin U2F/FIDO support], 1960 [ 1961 if test "x$withval" != "xno" ; then 1962 enable_sk_internal=yes 1963 fi 1964 ] 1965) 1966test "x$disable_sk" != "x" && enable_sk_internal="" 1967 1968AC_SEARCH_LIBS([dlopen], [dl]) 1969AC_CHECK_FUNCS([dlopen]) 1970AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 1971 1972# IRIX has a const char return value for gai_strerror() 1973AC_CHECK_FUNCS([gai_strerror], [ 1974 AC_DEFINE([HAVE_GAI_STRERROR]) 1975 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1976#include <sys/types.h> 1977#include <sys/socket.h> 1978#include <netdb.h> 1979 1980const char *gai_strerror(int); 1981 ]], [[ 1982 char *str; 1983 str = gai_strerror(0); 1984 ]])], [ 1985 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1986 [Define if gai_strerror() returns const char *])], [])]) 1987 1988AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1989 [Some systems put nanosleep outside of libc])]) 1990 1991AC_SEARCH_LIBS([clock_gettime], [rt], 1992 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1993 1994dnl check if we need -D_REENTRANT for localtime_r declaration. 1995AC_CHECK_DECL([localtime_r], [], 1996 [ saved_CPPFLAGS="$CFLAGS" 1997 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 1998 unset ac_cv_have_decl_localtime_r 1999 AC_CHECK_DECL([localtime_r], [], 2000 [ CPPFLAGS="$saved_CPPFLAGS" ], 2001 [ #include <time.h> ] 2002 ) 2003 ], 2004 [ #include <time.h> ] 2005) 2006 2007dnl Make sure prototypes are defined for these before using them. 2008AC_CHECK_DECL([strsep], 2009 [AC_CHECK_FUNCS([strsep])], 2010 [], 2011 [ 2012#ifdef HAVE_STRING_H 2013# include <string.h> 2014#endif 2015 ]) 2016 2017dnl tcsendbreak might be a macro 2018AC_CHECK_DECL([tcsendbreak], 2019 [AC_DEFINE([HAVE_TCSENDBREAK])], 2020 [AC_CHECK_FUNCS([tcsendbreak])], 2021 [#include <termios.h>] 2022) 2023 2024AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2025 2026AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2027 [ 2028#include <sys/types.h> 2029#include <sys/socket.h> 2030#include <unistd.h> 2031 ]) 2032 2033AC_CHECK_DECLS([O_NONBLOCK], , , 2034 [ 2035#include <sys/types.h> 2036#ifdef HAVE_SYS_STAT_H 2037# include <sys/stat.h> 2038#endif 2039#ifdef HAVE_FCNTL_H 2040# include <fcntl.h> 2041#endif 2042 ]) 2043 2044AC_CHECK_DECLS([readv, writev], , , [ 2045#include <sys/types.h> 2046#include <sys/uio.h> 2047#include <unistd.h> 2048 ]) 2049 2050AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2051#include <sys/param.h> 2052 ]) 2053 2054AC_CHECK_DECLS([offsetof], , , [ 2055#include <stddef.h> 2056 ]) 2057 2058# extra bits for select(2) 2059AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2060#include <sys/param.h> 2061#include <sys/types.h> 2062#ifdef HAVE_SYS_SYSMACROS_H 2063#include <sys/sysmacros.h> 2064#endif 2065#ifdef HAVE_SYS_SELECT_H 2066#include <sys/select.h> 2067#endif 2068#ifdef HAVE_SYS_TIME_H 2069#include <sys/time.h> 2070#endif 2071#ifdef HAVE_UNISTD_H 2072#include <unistd.h> 2073#endif 2074 ]]) 2075AC_CHECK_TYPES([fd_mask], [], [], [[ 2076#include <sys/param.h> 2077#include <sys/types.h> 2078#ifdef HAVE_SYS_SELECT_H 2079#include <sys/select.h> 2080#endif 2081#ifdef HAVE_SYS_TIME_H 2082#include <sys/time.h> 2083#endif 2084#ifdef HAVE_UNISTD_H 2085#include <unistd.h> 2086#endif 2087 ]]) 2088 2089AC_CHECK_FUNCS([setresuid], [ 2090 dnl Some platorms have setresuid that isn't implemented, test for this 2091 AC_MSG_CHECKING([if setresuid seems to work]) 2092 AC_RUN_IFELSE( 2093 [AC_LANG_PROGRAM([[ 2094#include <stdlib.h> 2095#include <errno.h> 2096 ]], [[ 2097 errno=0; 2098 setresuid(0,0,0); 2099 if (errno==ENOSYS) 2100 exit(1); 2101 else 2102 exit(0); 2103 ]])], 2104 [AC_MSG_RESULT([yes])], 2105 [AC_DEFINE([BROKEN_SETRESUID], [1], 2106 [Define if your setresuid() is broken]) 2107 AC_MSG_RESULT([not implemented])], 2108 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2109 ) 2110]) 2111 2112AC_CHECK_FUNCS([setresgid], [ 2113 dnl Some platorms have setresgid that isn't implemented, test for this 2114 AC_MSG_CHECKING([if setresgid seems to work]) 2115 AC_RUN_IFELSE( 2116 [AC_LANG_PROGRAM([[ 2117#include <stdlib.h> 2118#include <errno.h> 2119 ]], [[ 2120 errno=0; 2121 setresgid(0,0,0); 2122 if (errno==ENOSYS) 2123 exit(1); 2124 else 2125 exit(0); 2126 ]])], 2127 [AC_MSG_RESULT([yes])], 2128 [AC_DEFINE([BROKEN_SETRESGID], [1], 2129 [Define if your setresgid() is broken]) 2130 AC_MSG_RESULT([not implemented])], 2131 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2132 ) 2133]) 2134 2135AC_MSG_CHECKING([for working fflush(NULL)]) 2136AC_RUN_IFELSE( 2137 [AC_LANG_PROGRAM([[ 2138#include <stdio.h> 2139#include <stdlib.h> 2140 ]], 2141 [[fflush(NULL); exit(0);]])], 2142 AC_MSG_RESULT([yes]), 2143 [AC_MSG_RESULT([no]) 2144 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2145 [define if fflush(NULL) does not work])], 2146 AC_MSG_WARN([cross compiling: assuming working]) 2147) 2148 2149dnl Checks for time functions 2150AC_CHECK_FUNCS([gettimeofday time]) 2151dnl Checks for utmp functions 2152AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2153AC_CHECK_FUNCS([utmpname]) 2154dnl Checks for utmpx functions 2155AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2156AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2157dnl Checks for lastlog functions 2158AC_CHECK_FUNCS([getlastlogxbyname]) 2159 2160AC_CHECK_FUNC([daemon], 2161 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2162 [AC_CHECK_LIB([bsd], [daemon], 2163 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2164) 2165 2166AC_CHECK_FUNC([getpagesize], 2167 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2168 [Define if your libraries define getpagesize()])], 2169 [AC_CHECK_LIB([ucb], [getpagesize], 2170 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2171) 2172 2173# Check for broken snprintf 2174if test "x$ac_cv_func_snprintf" = "xyes" ; then 2175 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2176 AC_RUN_IFELSE( 2177 [AC_LANG_PROGRAM([[ 2178#include <stdio.h> 2179#include <stdlib.h> 2180 ]], 2181 [[ 2182 char b[5]; 2183 snprintf(b,5,"123456789"); 2184 exit(b[4]!='\0'); 2185 ]])], 2186 [AC_MSG_RESULT([yes])], 2187 [ 2188 AC_MSG_RESULT([no]) 2189 AC_DEFINE([BROKEN_SNPRINTF], [1], 2190 [Define if your snprintf is busted]) 2191 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2192 ], 2193 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2194 ) 2195fi 2196 2197if test "x$ac_cv_func_snprintf" = "xyes" ; then 2198 AC_MSG_CHECKING([whether snprintf understands %zu]) 2199 AC_RUN_IFELSE( 2200 [AC_LANG_PROGRAM([[ 2201#include <sys/types.h> 2202#include <stdio.h> 2203#include <stdlib.h> 2204#include <string.h> 2205 ]], 2206 [[ 2207 size_t a = 1, b = 2; 2208 char z[128]; 2209 snprintf(z, sizeof z, "%zu%zu", a, b); 2210 exit(strcmp(z, "12")); 2211 ]])], 2212 [AC_MSG_RESULT([yes])], 2213 [ 2214 AC_MSG_RESULT([no]) 2215 AC_DEFINE([BROKEN_SNPRINTF], [1], 2216 [snprintf does not understand %zu]) 2217 ], 2218 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2219 ) 2220fi 2221 2222# We depend on vsnprintf returning the right thing on overflow: the 2223# number of characters it tried to create (as per SUSv3) 2224if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2225 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2226 AC_RUN_IFELSE( 2227 [AC_LANG_PROGRAM([[ 2228#include <sys/types.h> 2229#include <stdio.h> 2230#include <stdarg.h> 2231 2232int x_snprintf(char *str, size_t count, const char *fmt, ...) 2233{ 2234 size_t ret; 2235 va_list ap; 2236 2237 va_start(ap, fmt); 2238 ret = vsnprintf(str, count, fmt, ap); 2239 va_end(ap); 2240 return ret; 2241} 2242 ]], [[ 2243char x[1]; 2244if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2245 return 1; 2246if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2247 return 1; 2248return 0; 2249 ]])], 2250 [AC_MSG_RESULT([yes])], 2251 [ 2252 AC_MSG_RESULT([no]) 2253 AC_DEFINE([BROKEN_SNPRINTF], [1], 2254 [Define if your snprintf is busted]) 2255 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2256 ], 2257 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2258 ) 2259fi 2260 2261# On systems where [v]snprintf is broken, but is declared in stdio, 2262# check that the fmt argument is const char * or just char *. 2263# This is only useful for when BROKEN_SNPRINTF 2264AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2265AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2266#include <stdio.h> 2267int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2268 ]], [[ 2269 snprintf(0, 0, 0); 2270 ]])], 2271 [AC_MSG_RESULT([yes]) 2272 AC_DEFINE([SNPRINTF_CONST], [const], 2273 [Define as const if snprintf() can declare const char *fmt])], 2274 [AC_MSG_RESULT([no]) 2275 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2276 2277# Check for missing getpeereid (or equiv) support 2278NO_PEERCHECK="" 2279if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2280 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2281 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2282#include <sys/types.h> 2283#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2284 [ AC_MSG_RESULT([yes]) 2285 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2286 ], [AC_MSG_RESULT([no]) 2287 NO_PEERCHECK=1 2288 ]) 2289fi 2290 2291dnl make sure that openpty does not reacquire controlling terminal 2292if test ! -z "$check_for_openpty_ctty_bug"; then 2293 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2294 AC_RUN_IFELSE( 2295 [AC_LANG_PROGRAM([[ 2296#include <stdio.h> 2297#include <stdlib.h> 2298#include <unistd.h> 2299#include <sys/fcntl.h> 2300#include <sys/types.h> 2301#include <sys/wait.h> 2302 ]], [[ 2303 pid_t pid; 2304 int fd, ptyfd, ttyfd, status; 2305 2306 pid = fork(); 2307 if (pid < 0) { /* failed */ 2308 exit(1); 2309 } else if (pid > 0) { /* parent */ 2310 waitpid(pid, &status, 0); 2311 if (WIFEXITED(status)) 2312 exit(WEXITSTATUS(status)); 2313 else 2314 exit(2); 2315 } else { /* child */ 2316 close(0); close(1); close(2); 2317 setsid(); 2318 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2319 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2320 if (fd >= 0) 2321 exit(3); /* Acquired ctty: broken */ 2322 else 2323 exit(0); /* Did not acquire ctty: OK */ 2324 } 2325 ]])], 2326 [ 2327 AC_MSG_RESULT([yes]) 2328 ], 2329 [ 2330 AC_MSG_RESULT([no]) 2331 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2332 ], 2333 [ 2334 AC_MSG_RESULT([cross-compiling, assuming yes]) 2335 ] 2336 ) 2337fi 2338 2339if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2340 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2341 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2342 AC_RUN_IFELSE( 2343 [AC_LANG_PROGRAM([[ 2344#include <stdio.h> 2345#include <stdlib.h> 2346#include <sys/socket.h> 2347#include <netdb.h> 2348#include <errno.h> 2349#include <netinet/in.h> 2350 2351#define TEST_PORT "2222" 2352 ]], [[ 2353 int err, sock; 2354 struct addrinfo *gai_ai, *ai, hints; 2355 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2356 2357 memset(&hints, 0, sizeof(hints)); 2358 hints.ai_family = PF_UNSPEC; 2359 hints.ai_socktype = SOCK_STREAM; 2360 hints.ai_flags = AI_PASSIVE; 2361 2362 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2363 if (err != 0) { 2364 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2365 exit(1); 2366 } 2367 2368 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2369 if (ai->ai_family != AF_INET6) 2370 continue; 2371 2372 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2373 sizeof(ntop), strport, sizeof(strport), 2374 NI_NUMERICHOST|NI_NUMERICSERV); 2375 2376 if (err != 0) { 2377 if (err == EAI_SYSTEM) 2378 perror("getnameinfo EAI_SYSTEM"); 2379 else 2380 fprintf(stderr, "getnameinfo failed: %s\n", 2381 gai_strerror(err)); 2382 exit(2); 2383 } 2384 2385 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2386 if (sock < 0) 2387 perror("socket"); 2388 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2389 if (errno == EBADF) 2390 exit(3); 2391 } 2392 } 2393 exit(0); 2394 ]])], 2395 [ 2396 AC_MSG_RESULT([yes]) 2397 ], 2398 [ 2399 AC_MSG_RESULT([no]) 2400 AC_DEFINE([BROKEN_GETADDRINFO]) 2401 ], 2402 [ 2403 AC_MSG_RESULT([cross-compiling, assuming yes]) 2404 ] 2405 ) 2406fi 2407 2408if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2409 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2410 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2411 AC_RUN_IFELSE( 2412 [AC_LANG_PROGRAM([[ 2413#include <stdio.h> 2414#include <stdlib.h> 2415#include <sys/socket.h> 2416#include <netdb.h> 2417#include <errno.h> 2418#include <netinet/in.h> 2419 2420#define TEST_PORT "2222" 2421 ]], [[ 2422 int err, sock; 2423 struct addrinfo *gai_ai, *ai, hints; 2424 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2425 2426 memset(&hints, 0, sizeof(hints)); 2427 hints.ai_family = PF_UNSPEC; 2428 hints.ai_socktype = SOCK_STREAM; 2429 hints.ai_flags = AI_PASSIVE; 2430 2431 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2432 if (err != 0) { 2433 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2434 exit(1); 2435 } 2436 2437 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2438 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2439 continue; 2440 2441 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2442 sizeof(ntop), strport, sizeof(strport), 2443 NI_NUMERICHOST|NI_NUMERICSERV); 2444 2445 if (ai->ai_family == AF_INET && err != 0) { 2446 perror("getnameinfo"); 2447 exit(2); 2448 } 2449 } 2450 exit(0); 2451 ]])], 2452 [ 2453 AC_MSG_RESULT([yes]) 2454 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2455 [Define if you have a getaddrinfo that fails 2456 for the all-zeros IPv6 address]) 2457 ], 2458 [ 2459 AC_MSG_RESULT([no]) 2460 AC_DEFINE([BROKEN_GETADDRINFO]) 2461 ], 2462 [ 2463 AC_MSG_RESULT([cross-compiling, assuming no]) 2464 ] 2465 ) 2466fi 2467 2468if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2469 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2470 [#include <sys/types.h> 2471 #include <sys/socket.h> 2472 #include <netdb.h>]) 2473fi 2474 2475if test "x$check_for_conflicting_getspnam" = "x1"; then 2476 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2477 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2478#include <shadow.h> 2479#include <stdlib.h> 2480 ]], 2481 [[ exit(0); ]])], 2482 [ 2483 AC_MSG_RESULT([no]) 2484 ], 2485 [ 2486 AC_MSG_RESULT([yes]) 2487 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2488 [Conflicting defs for getspnam]) 2489 ] 2490 ) 2491fi 2492 2493dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2494dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2495dnl for over ten years). Despite this incompatibility being reported during 2496dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2497dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2498dnl implementation. Try to detect this mess, and assume the only safe option 2499dnl if we're cross compiling. 2500dnl 2501dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2502dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2503if test "x$ac_cv_func_strnvis" = "xyes"; then 2504 AC_MSG_CHECKING([for working strnvis]) 2505 AC_RUN_IFELSE( 2506 [AC_LANG_PROGRAM([[ 2507#include <signal.h> 2508#include <stdlib.h> 2509#include <string.h> 2510#include <unistd.h> 2511#include <vis.h> 2512static void sighandler(int sig) { _exit(1); } 2513 ]], [[ 2514 char dst[16]; 2515 2516 signal(SIGSEGV, sighandler); 2517 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2518 exit(0); 2519 exit(1) 2520 ]])], 2521 [AC_MSG_RESULT([yes])], 2522 [AC_MSG_RESULT([no]) 2523 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2524 [AC_MSG_WARN([cross compiling: assuming broken]) 2525 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2526 ) 2527fi 2528 2529AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2530AC_RUN_IFELSE( 2531 [AC_LANG_PROGRAM([[ 2532#ifdef HAVE_SYS_SELECT 2533# include <sys/select.h> 2534#endif 2535#include <sys/types.h> 2536#include <sys/time.h> 2537#include <stdlib.h> 2538#include <signal.h> 2539#include <unistd.h> 2540static void sighandler(int sig) { } 2541 ]], [[ 2542 int r; 2543 pid_t pid; 2544 struct sigaction sa; 2545 2546 sa.sa_handler = sighandler; 2547 sa.sa_flags = SA_RESTART; 2548 (void)sigaction(SIGTERM, &sa, NULL); 2549 if ((pid = fork()) == 0) { /* child */ 2550 pid = getppid(); 2551 sleep(1); 2552 kill(pid, SIGTERM); 2553 sleep(1); 2554 if (getppid() == pid) /* if parent did not exit, shoot it */ 2555 kill(pid, SIGKILL); 2556 exit(0); 2557 } else { /* parent */ 2558 r = select(0, NULL, NULL, NULL, NULL); 2559 } 2560 exit(r == -1 ? 0 : 1); 2561 ]])], 2562 [AC_MSG_RESULT([yes])], 2563 [AC_MSG_RESULT([no]) 2564 AC_DEFINE([NO_SA_RESTART], [1], 2565 [SA_RESTARTed signals do no interrupt select])], 2566 [AC_MSG_WARN([cross compiling: assuming yes])] 2567) 2568 2569AC_CHECK_FUNCS([getpgrp],[ 2570 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2571 AC_COMPILE_IFELSE( 2572 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2573 [ AC_MSG_RESULT([yes]) 2574 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2575 [ AC_MSG_RESULT([no]) 2576 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2577 ) 2578]) 2579 2580# Search for OpenSSL 2581saved_CPPFLAGS="$CPPFLAGS" 2582saved_LDFLAGS="$LDFLAGS" 2583AC_ARG_WITH([ssl-dir], 2584 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2585 [ 2586 if test "x$openssl" = "xno" ; then 2587 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2588 fi 2589 if test "x$withval" != "xno" ; then 2590 case "$withval" in 2591 # Relative paths 2592 ./*|../*) withval="`pwd`/$withval" 2593 esac 2594 if test -d "$withval/lib"; then 2595 if test -n "${rpath_opt}"; then 2596 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 2597 else 2598 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2599 fi 2600 elif test -d "$withval/lib64"; then 2601 if test -n "${rpath_opt}"; then 2602 LDFLAGS="-L${withval}/lib64 ${rpath_opt}${withval}/lib64 ${LDFLAGS}" 2603 else 2604 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2605 fi 2606 else 2607 if test -n "${rpath_opt}"; then 2608 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 2609 else 2610 LDFLAGS="-L${withval} ${LDFLAGS}" 2611 fi 2612 fi 2613 if test -d "$withval/include"; then 2614 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2615 else 2616 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2617 fi 2618 fi 2619 ] 2620) 2621 2622AC_ARG_WITH([openssl-header-check], 2623 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2624 [ 2625 if test "x$withval" = "xno" ; then 2626 openssl_check_nonfatal=1 2627 fi 2628 ] 2629) 2630 2631openssl_engine=no 2632AC_ARG_WITH([ssl-engine], 2633 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2634 [ 2635 if test "x$withval" != "xno" ; then 2636 if test "x$openssl" = "xno" ; then 2637 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2638 fi 2639 openssl_engine=yes 2640 fi 2641 ] 2642) 2643 2644if test "x$openssl" = "xyes" ; then 2645 LIBS="-lcrypto $LIBS" 2646 AC_TRY_LINK_FUNC([RAND_add], , 2647 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2648 AC_CHECK_HEADER([openssl/opensslv.h], , 2649 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2650 2651 # Determine OpenSSL header version 2652 AC_MSG_CHECKING([OpenSSL header version]) 2653 AC_RUN_IFELSE( 2654 [AC_LANG_PROGRAM([[ 2655 #include <stdlib.h> 2656 #include <stdio.h> 2657 #include <string.h> 2658 #include <openssl/opensslv.h> 2659 #define DATA "conftest.sslincver" 2660 ]], [[ 2661 FILE *fd; 2662 int rc; 2663 2664 fd = fopen(DATA,"w"); 2665 if(fd == NULL) 2666 exit(1); 2667 2668 if ((rc = fprintf(fd, "%08lx (%s)\n", 2669 (unsigned long)OPENSSL_VERSION_NUMBER, 2670 OPENSSL_VERSION_TEXT)) < 0) 2671 exit(1); 2672 2673 exit(0); 2674 ]])], 2675 [ 2676 ssl_header_ver=`cat conftest.sslincver` 2677 AC_MSG_RESULT([$ssl_header_ver]) 2678 ], 2679 [ 2680 AC_MSG_RESULT([not found]) 2681 AC_MSG_ERROR([OpenSSL version header not found.]) 2682 ], 2683 [ 2684 AC_MSG_WARN([cross compiling: not checking]) 2685 ] 2686 ) 2687 2688 # Determining OpenSSL library version is version dependent. 2689 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2690 2691 # Determine OpenSSL library version 2692 AC_MSG_CHECKING([OpenSSL library version]) 2693 AC_RUN_IFELSE( 2694 [AC_LANG_PROGRAM([[ 2695 #include <stdio.h> 2696 #include <stdlib.h> 2697 #include <string.h> 2698 #include <openssl/opensslv.h> 2699 #include <openssl/crypto.h> 2700 #define DATA "conftest.ssllibver" 2701 ]], [[ 2702 FILE *fd; 2703 int rc; 2704 2705 fd = fopen(DATA,"w"); 2706 if(fd == NULL) 2707 exit(1); 2708#ifndef OPENSSL_VERSION 2709# define OPENSSL_VERSION SSLEAY_VERSION 2710#endif 2711#ifndef HAVE_OPENSSL_VERSION 2712# define OpenSSL_version SSLeay_version 2713#endif 2714#ifndef HAVE_OPENSSL_VERSION_NUM 2715# define OpenSSL_version_num SSLeay 2716#endif 2717 if ((rc = fprintf(fd, "%08lx (%s)\n", 2718 (unsigned long)OpenSSL_version_num(), 2719 OpenSSL_version(OPENSSL_VERSION))) < 0) 2720 exit(1); 2721 2722 exit(0); 2723 ]])], 2724 [ 2725 ssl_library_ver=`cat conftest.ssllibver` 2726 # Check version is supported. 2727 case "$ssl_library_ver" in 2728 10000*|0*) 2729 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2730 ;; 2731 100*) ;; # 1.0.x 2732 101000[[0123456]]*) 2733 # https://github.com/openssl/openssl/pull/4613 2734 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) 2735 ;; 2736 101*) ;; # 1.1.x 2737 200*) ;; # LibreSSL 2738 300*) ;; # OpenSSL development branch. 2739 *) 2740 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) 2741 ;; 2742 esac 2743 AC_MSG_RESULT([$ssl_library_ver]) 2744 ], 2745 [ 2746 AC_MSG_RESULT([not found]) 2747 AC_MSG_ERROR([OpenSSL library not found.]) 2748 ], 2749 [ 2750 AC_MSG_WARN([cross compiling: not checking]) 2751 ] 2752 ) 2753 2754 # Sanity check OpenSSL headers 2755 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2756 AC_RUN_IFELSE( 2757 [AC_LANG_PROGRAM([[ 2758 #include <stdlib.h> 2759 #include <string.h> 2760 #include <openssl/opensslv.h> 2761 #include <openssl/crypto.h> 2762 ]], [[ 2763#ifndef HAVE_OPENSSL_VERSION_NUM 2764# define OpenSSL_version_num SSLeay 2765#endif 2766 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2767 ]])], 2768 [ 2769 AC_MSG_RESULT([yes]) 2770 ], 2771 [ 2772 AC_MSG_RESULT([no]) 2773 if test "x$openssl_check_nonfatal" = "x"; then 2774 AC_MSG_ERROR([Your OpenSSL headers do not match your 2775 library. Check config.log for details. 2776 If you are sure your installation is consistent, you can disable the check 2777 by running "./configure --without-openssl-header-check". 2778 Also see contrib/findssl.sh for help identifying header/library mismatches. 2779 ]) 2780 else 2781 AC_MSG_WARN([Your OpenSSL headers do not match your 2782 library. Check config.log for details. 2783 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2784 fi 2785 ], 2786 [ 2787 AC_MSG_WARN([cross compiling: not checking]) 2788 ] 2789 ) 2790 2791 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2792 AC_LINK_IFELSE( 2793 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2794 [[ ERR_load_crypto_strings(); ]])], 2795 [ 2796 AC_MSG_RESULT([yes]) 2797 ], 2798 [ 2799 AC_MSG_RESULT([no]) 2800 saved_LIBS="$LIBS" 2801 LIBS="$LIBS -ldl" 2802 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2803 AC_LINK_IFELSE( 2804 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2805 [[ ERR_load_crypto_strings(); ]])], 2806 [ 2807 AC_MSG_RESULT([yes]) 2808 ], 2809 [ 2810 AC_MSG_RESULT([no]) 2811 LIBS="$saved_LIBS" 2812 ] 2813 ) 2814 ] 2815 ) 2816 2817 AC_CHECK_FUNCS([ \ 2818 BN_is_prime_ex \ 2819 DSA_generate_parameters_ex \ 2820 EVP_CIPHER_CTX_ctrl \ 2821 EVP_DigestFinal_ex \ 2822 EVP_DigestInit_ex \ 2823 EVP_MD_CTX_cleanup \ 2824 EVP_MD_CTX_copy_ex \ 2825 EVP_MD_CTX_init \ 2826 HMAC_CTX_init \ 2827 RSA_generate_key_ex \ 2828 RSA_get_default_method \ 2829 ]) 2830 2831 # OpenSSL_add_all_algorithms may be a macro. 2832 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 2833 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 2834 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 2835 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 2836 [[#include <openssl/evp.h>]] 2837 ) 2838 ) 2839 2840 # LibreSSL/OpenSSL 1.1x API 2841 AC_CHECK_FUNCS([ \ 2842 OPENSSL_init_crypto \ 2843 DH_get0_key \ 2844 DH_get0_pqg \ 2845 DH_set0_key \ 2846 DH_set_length \ 2847 DH_set0_pqg \ 2848 DSA_get0_key \ 2849 DSA_get0_pqg \ 2850 DSA_set0_key \ 2851 DSA_set0_pqg \ 2852 DSA_SIG_get0 \ 2853 DSA_SIG_set0 \ 2854 ECDSA_SIG_get0 \ 2855 ECDSA_SIG_set0 \ 2856 EVP_CIPHER_CTX_iv \ 2857 EVP_CIPHER_CTX_iv_noconst \ 2858 EVP_CIPHER_CTX_get_iv \ 2859 EVP_CIPHER_CTX_set_iv \ 2860 RSA_get0_crt_params \ 2861 RSA_get0_factors \ 2862 RSA_get0_key \ 2863 RSA_set0_crt_params \ 2864 RSA_set0_factors \ 2865 RSA_set0_key \ 2866 RSA_meth_free \ 2867 RSA_meth_dup \ 2868 RSA_meth_set1_name \ 2869 RSA_meth_get_finish \ 2870 RSA_meth_set_priv_enc \ 2871 RSA_meth_set_priv_dec \ 2872 RSA_meth_set_finish \ 2873 EVP_PKEY_get0_RSA \ 2874 EVP_MD_CTX_new \ 2875 EVP_MD_CTX_free \ 2876 EVP_chacha20 \ 2877 ]) 2878 2879 if test "x$openssl_engine" = "xyes" ; then 2880 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2881 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2882 #include <openssl/engine.h> 2883 ]], [[ 2884 ENGINE_load_builtin_engines(); 2885 ENGINE_register_all_complete(); 2886 ]])], 2887 [ AC_MSG_RESULT([yes]) 2888 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2889 [Enable OpenSSL engine support]) 2890 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2891 ]) 2892 fi 2893 2894 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2895 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2896 AC_LINK_IFELSE( 2897 [AC_LANG_PROGRAM([[ 2898 #include <stdlib.h> 2899 #include <string.h> 2900 #include <openssl/evp.h> 2901 ]], [[ 2902 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2903 ]])], 2904 [ 2905 AC_MSG_RESULT([no]) 2906 ], 2907 [ 2908 AC_MSG_RESULT([yes]) 2909 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2910 [libcrypto is missing AES 192 and 256 bit functions]) 2911 ] 2912 ) 2913 2914 # Check for OpenSSL with EVP_aes_*ctr 2915 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2916 AC_LINK_IFELSE( 2917 [AC_LANG_PROGRAM([[ 2918 #include <stdlib.h> 2919 #include <string.h> 2920 #include <openssl/evp.h> 2921 ]], [[ 2922 exit(EVP_aes_128_ctr() == NULL || 2923 EVP_aes_192_cbc() == NULL || 2924 EVP_aes_256_cbc() == NULL); 2925 ]])], 2926 [ 2927 AC_MSG_RESULT([yes]) 2928 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2929 [libcrypto has EVP AES CTR]) 2930 ], 2931 [ 2932 AC_MSG_RESULT([no]) 2933 ] 2934 ) 2935 2936 # Check for OpenSSL with EVP_aes_*gcm 2937 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2938 AC_LINK_IFELSE( 2939 [AC_LANG_PROGRAM([[ 2940 #include <stdlib.h> 2941 #include <string.h> 2942 #include <openssl/evp.h> 2943 ]], [[ 2944 exit(EVP_aes_128_gcm() == NULL || 2945 EVP_aes_256_gcm() == NULL || 2946 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2947 EVP_CTRL_GCM_IV_GEN == 0 || 2948 EVP_CTRL_GCM_SET_TAG == 0 || 2949 EVP_CTRL_GCM_GET_TAG == 0 || 2950 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2951 ]])], 2952 [ 2953 AC_MSG_RESULT([yes]) 2954 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2955 [libcrypto has EVP AES GCM]) 2956 ], 2957 [ 2958 AC_MSG_RESULT([no]) 2959 unsupported_algorithms="$unsupported_cipers \ 2960 aes128-gcm@openssh.com \ 2961 aes256-gcm@openssh.com" 2962 ] 2963 ) 2964 2965 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2966 AC_LINK_IFELSE( 2967 [AC_LANG_PROGRAM([[ 2968 #include <stdlib.h> 2969 #include <string.h> 2970 #include <openssl/evp.h> 2971 ]], [[ 2972 if(EVP_DigestUpdate(NULL, NULL,0)) 2973 exit(0); 2974 ]])], 2975 [ 2976 AC_MSG_RESULT([yes]) 2977 ], 2978 [ 2979 AC_MSG_RESULT([no]) 2980 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2981 [Define if EVP_DigestUpdate returns void]) 2982 ] 2983 ) 2984 2985 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2986 # because the system crypt() is more featureful. 2987 if test "x$check_for_libcrypt_before" = "x1"; then 2988 AC_CHECK_LIB([crypt], [crypt]) 2989 fi 2990 2991 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2992 # version in OpenSSL. 2993 if test "x$check_for_libcrypt_later" = "x1"; then 2994 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2995 fi 2996 AC_CHECK_FUNCS([crypt DES_crypt]) 2997 2998 # Check for SHA256, SHA384 and SHA512 support in OpenSSL 2999 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) 3000 3001 # Check complete ECC support in OpenSSL 3002 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 3003 AC_LINK_IFELSE( 3004 [AC_LANG_PROGRAM([[ 3005 #include <openssl/ec.h> 3006 #include <openssl/ecdh.h> 3007 #include <openssl/ecdsa.h> 3008 #include <openssl/evp.h> 3009 #include <openssl/objects.h> 3010 #include <openssl/opensslv.h> 3011 ]], [[ 3012 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3013 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3014 ]])], 3015 [ AC_MSG_RESULT([yes]) 3016 enable_nistp256=1 ], 3017 [ AC_MSG_RESULT([no]) ] 3018 ) 3019 3020 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3021 AC_LINK_IFELSE( 3022 [AC_LANG_PROGRAM([[ 3023 #include <openssl/ec.h> 3024 #include <openssl/ecdh.h> 3025 #include <openssl/ecdsa.h> 3026 #include <openssl/evp.h> 3027 #include <openssl/objects.h> 3028 #include <openssl/opensslv.h> 3029 ]], [[ 3030 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3031 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3032 ]])], 3033 [ AC_MSG_RESULT([yes]) 3034 enable_nistp384=1 ], 3035 [ AC_MSG_RESULT([no]) ] 3036 ) 3037 3038 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3039 AC_LINK_IFELSE( 3040 [AC_LANG_PROGRAM([[ 3041 #include <openssl/ec.h> 3042 #include <openssl/ecdh.h> 3043 #include <openssl/ecdsa.h> 3044 #include <openssl/evp.h> 3045 #include <openssl/objects.h> 3046 #include <openssl/opensslv.h> 3047 ]], [[ 3048 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3049 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3050 ]])], 3051 [ AC_MSG_RESULT([yes]) 3052 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3053 AC_RUN_IFELSE( 3054 [AC_LANG_PROGRAM([[ 3055 #include <stdlib.h> 3056 #include <openssl/ec.h> 3057 #include <openssl/ecdh.h> 3058 #include <openssl/ecdsa.h> 3059 #include <openssl/evp.h> 3060 #include <openssl/objects.h> 3061 #include <openssl/opensslv.h> 3062 ]],[[ 3063 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3064 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3065 exit(e == NULL || m == NULL); 3066 ]])], 3067 [ AC_MSG_RESULT([yes]) 3068 enable_nistp521=1 ], 3069 [ AC_MSG_RESULT([no]) ], 3070 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3071 enable_nistp521=1 ] 3072 )], 3073 AC_MSG_RESULT([no]) 3074 ) 3075 3076 COMMENT_OUT_ECC="#no ecc#" 3077 TEST_SSH_ECC=no 3078 3079 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3080 test x$enable_nistp521 = x1; then 3081 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3082 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3083 openssl_ecc=yes 3084 else 3085 openssl_ecc=no 3086 fi 3087 if test x$enable_nistp256 = x1; then 3088 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3089 [libcrypto has NID_X9_62_prime256v1]) 3090 TEST_SSH_ECC=yes 3091 COMMENT_OUT_ECC="" 3092 else 3093 unsupported_algorithms="$unsupported_algorithms \ 3094 ecdsa-sha2-nistp256 \ 3095 ecdh-sha2-nistp256 \ 3096 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3097 fi 3098 if test x$enable_nistp384 = x1; then 3099 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3100 TEST_SSH_ECC=yes 3101 COMMENT_OUT_ECC="" 3102 else 3103 unsupported_algorithms="$unsupported_algorithms \ 3104 ecdsa-sha2-nistp384 \ 3105 ecdh-sha2-nistp384 \ 3106 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3107 fi 3108 if test x$enable_nistp521 = x1; then 3109 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3110 TEST_SSH_ECC=yes 3111 COMMENT_OUT_ECC="" 3112 else 3113 unsupported_algorithms="$unsupported_algorithms \ 3114 ecdh-sha2-nistp521 \ 3115 ecdsa-sha2-nistp521 \ 3116 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3117 fi 3118 3119 AC_SUBST([TEST_SSH_ECC]) 3120 AC_SUBST([COMMENT_OUT_ECC]) 3121else 3122 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3123 AC_CHECK_FUNCS([crypt]) 3124fi 3125 3126# PKCS11/U2F depend on OpenSSL and dlopen(). 3127enable_pkcs11=yes 3128enable_sk=yes 3129if test "x$openssl" != "xyes" ; then 3130 enable_pkcs11="disabled; missing libcrypto" 3131 enable_sk="disabled; missing libcrypto" 3132fi 3133if test "x$openssl_ecc" != "xyes" ; then 3134 enable_sk="disabled; OpenSSL has no ECC support" 3135fi 3136if test "x$ac_cv_func_dlopen" != "xyes" ; then 3137 enable_pkcs11="disabled; missing dlopen(3)" 3138 enable_sk="disabled; missing dlopen(3)" 3139fi 3140if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3141 enable_pkcs11="disabled; missing RTLD_NOW" 3142 enable_sk="disabled; missing RTLD_NOW" 3143fi 3144if test ! -z "$disable_pkcs11" ; then 3145 enable_pkcs11="disabled by user" 3146fi 3147if test ! -z "$disable_sk" ; then 3148 enable_sk="disabled by user" 3149fi 3150 3151AC_MSG_CHECKING([whether to enable PKCS11]) 3152if test "x$enable_pkcs11" = "xyes" ; then 3153 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3154fi 3155AC_MSG_RESULT([$enable_pkcs11]) 3156 3157AC_MSG_CHECKING([whether to enable U2F]) 3158if test "x$enable_sk" = "xyes" ; then 3159 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3160 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3161else 3162 # Do not try to build sk-dummy library. 3163 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3164fi 3165AC_MSG_RESULT([$enable_sk]) 3166 3167# Now check for built-in security key support. 3168if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then 3169 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 3170 use_pkgconfig_for_libfido2= 3171 if test "x$PKGCONFIG" != "xno"; then 3172 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3173 if "$PKGCONFIG" libfido2; then 3174 AC_MSG_RESULT([yes]) 3175 use_pkgconfig_for_libfido2=yes 3176 else 3177 AC_MSG_RESULT([no]) 3178 fi 3179 fi 3180 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3181 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3182 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3183 else 3184 LIBFIDO2="-lfido2 -lcbor" 3185 fi 3186 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3187 AC_CHECK_LIB([fido2], [fido_init], 3188 [ 3189 AC_SUBST([LIBFIDO2]) 3190 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3191 [Enable for built-in U2F/FIDO support]) 3192 enable_sk="built-in" 3193 ], [ AC_MSG_ERROR([no usable libfido2 found]) ], 3194 [ $OTHERLIBS ] 3195 ) 3196 saved_LIBS="$LIBS" 3197 LIBS="$LIBS $LIBFIDO2" 3198 AC_CHECK_FUNCS([ \ 3199 fido_cred_prot \ 3200 fido_cred_set_prot \ 3201 fido_dev_get_touch_begin \ 3202 fido_dev_get_touch_status \ 3203 fido_dev_supports_cred_prot \ 3204 ]) 3205 LIBS="$saved_LIBS" 3206 AC_CHECK_HEADER([fido.h], [], 3207 AC_MSG_ERROR([missing fido.h from libfido2])) 3208 AC_CHECK_HEADER([fido/credman.h], [], 3209 AC_MSG_ERROR([missing fido/credman.h from libfido2]), 3210 [#include <fido.h>] 3211 ) 3212fi 3213 3214AC_CHECK_FUNCS([ \ 3215 arc4random \ 3216 arc4random_buf \ 3217 arc4random_stir \ 3218 arc4random_uniform \ 3219]) 3220 3221saved_LIBS="$LIBS" 3222AC_CHECK_LIB([iaf], [ia_openinfo], [ 3223 LIBS="$LIBS -liaf" 3224 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3225 AC_DEFINE([HAVE_LIBIAF], [1], 3226 [Define if system has libiaf that supports set_id]) 3227 ]) 3228]) 3229LIBS="$saved_LIBS" 3230 3231### Configure cryptographic random number support 3232 3233# Check whether OpenSSL seeds itself 3234if test "x$openssl" = "xyes" ; then 3235 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3236 AC_RUN_IFELSE( 3237 [AC_LANG_PROGRAM([[ 3238 #include <stdlib.h> 3239 #include <string.h> 3240 #include <openssl/rand.h> 3241 ]], [[ 3242 exit(RAND_status() == 1 ? 0 : 1); 3243 ]])], 3244 [ 3245 OPENSSL_SEEDS_ITSELF=yes 3246 AC_MSG_RESULT([yes]) 3247 ], 3248 [ 3249 AC_MSG_RESULT([no]) 3250 ], 3251 [ 3252 AC_MSG_WARN([cross compiling: assuming yes]) 3253 # This is safe, since we will fatal() at runtime if 3254 # OpenSSL is not seeded correctly. 3255 OPENSSL_SEEDS_ITSELF=yes 3256 ] 3257 ) 3258fi 3259 3260# PRNGD TCP socket 3261AC_ARG_WITH([prngd-port], 3262 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3263 [ 3264 case "$withval" in 3265 no) 3266 withval="" 3267 ;; 3268 [[0-9]]*) 3269 ;; 3270 *) 3271 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3272 ;; 3273 esac 3274 if test ! -z "$withval" ; then 3275 PRNGD_PORT="$withval" 3276 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3277 [Port number of PRNGD/EGD random number socket]) 3278 fi 3279 ] 3280) 3281 3282# PRNGD Unix domain socket 3283AC_ARG_WITH([prngd-socket], 3284 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3285 [ 3286 case "$withval" in 3287 yes) 3288 withval="/var/run/egd-pool" 3289 ;; 3290 no) 3291 withval="" 3292 ;; 3293 /*) 3294 ;; 3295 *) 3296 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3297 ;; 3298 esac 3299 3300 if test ! -z "$withval" ; then 3301 if test ! -z "$PRNGD_PORT" ; then 3302 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3303 fi 3304 if test ! -r "$withval" ; then 3305 AC_MSG_WARN([Entropy socket is not readable]) 3306 fi 3307 PRNGD_SOCKET="$withval" 3308 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3309 [Location of PRNGD/EGD random number socket]) 3310 fi 3311 ], 3312 [ 3313 # Check for existing socket only if we don't have a random device already 3314 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3315 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3316 # Insert other locations here 3317 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3318 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3319 PRNGD_SOCKET="$sock" 3320 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3321 break; 3322 fi 3323 done 3324 if test ! -z "$PRNGD_SOCKET" ; then 3325 AC_MSG_RESULT([$PRNGD_SOCKET]) 3326 else 3327 AC_MSG_RESULT([not found]) 3328 fi 3329 fi 3330 ] 3331) 3332 3333# Which randomness source do we use? 3334if test ! -z "$PRNGD_PORT" ; then 3335 RAND_MSG="PRNGd port $PRNGD_PORT" 3336elif test ! -z "$PRNGD_SOCKET" ; then 3337 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3338elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3339 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3340 [Define if you want the OpenSSL internally seeded PRNG only]) 3341 RAND_MSG="OpenSSL internal ONLY" 3342elif test "x$openssl" = "xno" ; then 3343 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3344else 3345 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3346fi 3347 3348# Check for PAM libs 3349PAM_MSG="no" 3350AC_ARG_WITH([pam], 3351 [ --with-pam Enable PAM support ], 3352 [ 3353 if test "x$withval" != "xno" ; then 3354 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3355 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3356 AC_MSG_ERROR([PAM headers not found]) 3357 fi 3358 3359 saved_LIBS="$LIBS" 3360 AC_CHECK_LIB([dl], [dlopen], , ) 3361 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3362 AC_CHECK_FUNCS([pam_getenvlist]) 3363 AC_CHECK_FUNCS([pam_putenv]) 3364 LIBS="$saved_LIBS" 3365 3366 PAM_MSG="yes" 3367 3368 SSHDLIBS="$SSHDLIBS -lpam" 3369 AC_DEFINE([USE_PAM], [1], 3370 [Define if you want to enable PAM support]) 3371 3372 if test $ac_cv_lib_dl_dlopen = yes; then 3373 case "$LIBS" in 3374 *-ldl*) 3375 # libdl already in LIBS 3376 ;; 3377 *) 3378 SSHDLIBS="$SSHDLIBS -ldl" 3379 ;; 3380 esac 3381 fi 3382 fi 3383 ] 3384) 3385 3386AC_ARG_WITH([pam-service], 3387 [ --with-pam-service=name Specify PAM service name ], 3388 [ 3389 if test "x$withval" != "xno" && \ 3390 test "x$withval" != "xyes" ; then 3391 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3392 ["$withval"], [sshd PAM service name]) 3393 fi 3394 ] 3395) 3396 3397# Check for older PAM 3398if test "x$PAM_MSG" = "xyes" ; then 3399 # Check PAM strerror arguments (old PAM) 3400 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3401 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3402#include <stdlib.h> 3403#if defined(HAVE_SECURITY_PAM_APPL_H) 3404#include <security/pam_appl.h> 3405#elif defined (HAVE_PAM_PAM_APPL_H) 3406#include <pam/pam_appl.h> 3407#endif 3408 ]], [[ 3409(void)pam_strerror((pam_handle_t *)NULL, -1); 3410 ]])], [AC_MSG_RESULT([no])], [ 3411 AC_DEFINE([HAVE_OLD_PAM], [1], 3412 [Define if you have an old version of PAM 3413 which takes only one argument to pam_strerror]) 3414 AC_MSG_RESULT([yes]) 3415 PAM_MSG="yes (old library)" 3416 3417 ]) 3418fi 3419 3420case "$host" in 3421*-*-cygwin*) 3422 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3423 ;; 3424*) 3425 SSH_PRIVSEP_USER=sshd 3426 ;; 3427esac 3428AC_ARG_WITH([privsep-user], 3429 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3430 [ 3431 if test -n "$withval" && test "x$withval" != "xno" && \ 3432 test "x${withval}" != "xyes"; then 3433 SSH_PRIVSEP_USER=$withval 3434 fi 3435 ] 3436) 3437if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3438 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3439 [Cygwin function to fetch non-privileged user for privilege separation]) 3440else 3441 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3442 [non-privileged user for privilege separation]) 3443fi 3444AC_SUBST([SSH_PRIVSEP_USER]) 3445 3446if test "x$have_linux_no_new_privs" = "x1" ; then 3447AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3448 #include <sys/types.h> 3449 #include <linux/seccomp.h> 3450]) 3451fi 3452if test "x$have_seccomp_filter" = "x1" ; then 3453AC_MSG_CHECKING([kernel for seccomp_filter support]) 3454AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3455 #include <errno.h> 3456 #include <elf.h> 3457 #include <linux/audit.h> 3458 #include <linux/seccomp.h> 3459 #include <stdlib.h> 3460 #include <sys/prctl.h> 3461 ]], 3462 [[ int i = $seccomp_audit_arch; 3463 errno = 0; 3464 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3465 exit(errno == EFAULT ? 0 : 1); ]])], 3466 [ AC_MSG_RESULT([yes]) ], [ 3467 AC_MSG_RESULT([no]) 3468 # Disable seccomp filter as a target 3469 have_seccomp_filter=0 3470 ] 3471) 3472fi 3473 3474# Decide which sandbox style to use 3475sandbox_arg="" 3476AC_ARG_WITH([sandbox], 3477 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3478 [ 3479 if test "x$withval" = "xyes" ; then 3480 sandbox_arg="" 3481 else 3482 sandbox_arg="$withval" 3483 fi 3484 ] 3485) 3486 3487# Some platforms (seems to be the ones that have a kernel poll(2)-type 3488# function with which they implement select(2)) use an extra file descriptor 3489# when calling select(2), which means we can't use the rlimit sandbox. 3490AC_MSG_CHECKING([if select works with descriptor rlimit]) 3491AC_RUN_IFELSE( 3492 [AC_LANG_PROGRAM([[ 3493#include <sys/types.h> 3494#ifdef HAVE_SYS_TIME_H 3495# include <sys/time.h> 3496#endif 3497#include <sys/resource.h> 3498#ifdef HAVE_SYS_SELECT_H 3499# include <sys/select.h> 3500#endif 3501#include <errno.h> 3502#include <fcntl.h> 3503#include <stdlib.h> 3504 ]],[[ 3505 struct rlimit rl_zero; 3506 int fd, r; 3507 fd_set fds; 3508 struct timeval tv; 3509 3510 fd = open("/dev/null", O_RDONLY); 3511 FD_ZERO(&fds); 3512 FD_SET(fd, &fds); 3513 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3514 setrlimit(RLIMIT_FSIZE, &rl_zero); 3515 setrlimit(RLIMIT_NOFILE, &rl_zero); 3516 tv.tv_sec = 1; 3517 tv.tv_usec = 0; 3518 r = select(fd+1, &fds, NULL, NULL, &tv); 3519 exit (r == -1 ? 1 : 0); 3520 ]])], 3521 [AC_MSG_RESULT([yes]) 3522 select_works_with_rlimit=yes], 3523 [AC_MSG_RESULT([no]) 3524 select_works_with_rlimit=no], 3525 [AC_MSG_WARN([cross compiling: assuming yes]) 3526 select_works_with_rlimit=yes] 3527) 3528 3529AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3530AC_RUN_IFELSE( 3531 [AC_LANG_PROGRAM([[ 3532#include <sys/types.h> 3533#ifdef HAVE_SYS_TIME_H 3534# include <sys/time.h> 3535#endif 3536#include <sys/resource.h> 3537#include <errno.h> 3538#include <stdlib.h> 3539 ]],[[ 3540 struct rlimit rl_zero; 3541 int r; 3542 3543 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3544 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3545 exit (r == -1 ? 1 : 0); 3546 ]])], 3547 [AC_MSG_RESULT([yes]) 3548 rlimit_nofile_zero_works=yes], 3549 [AC_MSG_RESULT([no]) 3550 rlimit_nofile_zero_works=no], 3551 [AC_MSG_WARN([cross compiling: assuming yes]) 3552 rlimit_nofile_zero_works=yes] 3553) 3554 3555AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3556AC_RUN_IFELSE( 3557 [AC_LANG_PROGRAM([[ 3558#include <sys/types.h> 3559#include <sys/resource.h> 3560#include <stdlib.h> 3561 ]],[[ 3562 struct rlimit rl_zero; 3563 3564 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3565 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3566 ]])], 3567 [AC_MSG_RESULT([yes])], 3568 [AC_MSG_RESULT([no]) 3569 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3570 [setrlimit RLIMIT_FSIZE works])], 3571 [AC_MSG_WARN([cross compiling: assuming yes])] 3572) 3573 3574if test "x$sandbox_arg" = "xpledge" || \ 3575 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3576 test "x$ac_cv_func_pledge" != "xyes" && \ 3577 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3578 SANDBOX_STYLE="pledge" 3579 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3580elif test "x$sandbox_arg" = "xsystrace" || \ 3581 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3582 test "x$have_systr_policy_kill" != "x1" && \ 3583 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3584 SANDBOX_STYLE="systrace" 3585 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3586elif test "x$sandbox_arg" = "xdarwin" || \ 3587 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3588 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3589 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3590 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3591 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3592 SANDBOX_STYLE="darwin" 3593 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3594elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3595 ( test -z "$sandbox_arg" && \ 3596 test "x$have_seccomp_filter" = "x1" && \ 3597 test "x$ac_cv_header_elf_h" = "xyes" && \ 3598 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3599 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3600 test "x$seccomp_audit_arch" != "x" && \ 3601 test "x$have_linux_no_new_privs" = "x1" && \ 3602 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3603 test "x$seccomp_audit_arch" = "x" && \ 3604 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3605 test "x$have_linux_no_new_privs" != "x1" && \ 3606 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3607 test "x$have_seccomp_filter" != "x1" && \ 3608 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3609 test "x$ac_cv_func_prctl" != "xyes" && \ 3610 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3611 SANDBOX_STYLE="seccomp_filter" 3612 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3613elif test "x$sandbox_arg" = "xcapsicum" || \ 3614 ( test -z "$sandbox_arg" && \ 3615 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3616 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3617 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3618 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3619 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3620 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3621 SANDBOX_STYLE="capsicum" 3622 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3623elif test "x$sandbox_arg" = "xrlimit" || \ 3624 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3625 test "x$select_works_with_rlimit" = "xyes" && \ 3626 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3627 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3628 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3629 test "x$select_works_with_rlimit" != "xyes" && \ 3630 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3631 SANDBOX_STYLE="rlimit" 3632 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3633elif test "x$sandbox_arg" = "xsolaris" || \ 3634 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3635 SANDBOX_STYLE="solaris" 3636 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3637elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3638 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3639 SANDBOX_STYLE="none" 3640 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3641else 3642 AC_MSG_ERROR([unsupported --with-sandbox]) 3643fi 3644 3645# Cheap hack to ensure NEWS-OS libraries are arranged right. 3646if test ! -z "$SONY" ; then 3647 LIBS="$LIBS -liberty"; 3648fi 3649 3650# Check for long long datatypes 3651AC_CHECK_TYPES([long long, unsigned long long, long double]) 3652 3653# Check datatype sizes 3654AC_CHECK_SIZEOF([short int]) 3655AC_CHECK_SIZEOF([int]) 3656AC_CHECK_SIZEOF([long int]) 3657AC_CHECK_SIZEOF([long long int]) 3658 3659# Sanity check long long for some platforms (AIX) 3660if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3661 ac_cv_sizeof_long_long_int=0 3662fi 3663 3664# compute LLONG_MIN and LLONG_MAX if we don't know them. 3665if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3666 AC_MSG_CHECKING([for max value of long long]) 3667 AC_RUN_IFELSE( 3668 [AC_LANG_PROGRAM([[ 3669#include <stdio.h> 3670#include <stdlib.h> 3671/* Why is this so damn hard? */ 3672#ifdef __GNUC__ 3673# undef __GNUC__ 3674#endif 3675#define __USE_ISOC99 3676#include <limits.h> 3677#define DATA "conftest.llminmax" 3678#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3679 3680/* 3681 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3682 * we do this the hard way. 3683 */ 3684static int 3685fprint_ll(FILE *f, long long n) 3686{ 3687 unsigned int i; 3688 int l[sizeof(long long) * 8]; 3689 3690 if (n < 0) 3691 if (fprintf(f, "-") < 0) 3692 return -1; 3693 for (i = 0; n != 0; i++) { 3694 l[i] = my_abs(n % 10); 3695 n /= 10; 3696 } 3697 do { 3698 if (fprintf(f, "%d", l[--i]) < 0) 3699 return -1; 3700 } while (i != 0); 3701 if (fprintf(f, " ") < 0) 3702 return -1; 3703 return 0; 3704} 3705 ]], [[ 3706 FILE *f; 3707 long long i, llmin, llmax = 0; 3708 3709 if((f = fopen(DATA,"w")) == NULL) 3710 exit(1); 3711 3712#if defined(LLONG_MIN) && defined(LLONG_MAX) 3713 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3714 llmin = LLONG_MIN; 3715 llmax = LLONG_MAX; 3716#else 3717 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3718 /* This will work on one's complement and two's complement */ 3719 for (i = 1; i > llmax; i <<= 1, i++) 3720 llmax = i; 3721 llmin = llmax + 1LL; /* wrap */ 3722#endif 3723 3724 /* Sanity check */ 3725 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3726 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3727 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3728 fprintf(f, "unknown unknown\n"); 3729 exit(2); 3730 } 3731 3732 if (fprint_ll(f, llmin) < 0) 3733 exit(3); 3734 if (fprint_ll(f, llmax) < 0) 3735 exit(4); 3736 if (fclose(f) < 0) 3737 exit(5); 3738 exit(0); 3739 ]])], 3740 [ 3741 llong_min=`$AWK '{print $1}' conftest.llminmax` 3742 llong_max=`$AWK '{print $2}' conftest.llminmax` 3743 3744 AC_MSG_RESULT([$llong_max]) 3745 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3746 [max value of long long calculated by configure]) 3747 AC_MSG_CHECKING([for min value of long long]) 3748 AC_MSG_RESULT([$llong_min]) 3749 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3750 [min value of long long calculated by configure]) 3751 ], 3752 [ 3753 AC_MSG_RESULT([not found]) 3754 ], 3755 [ 3756 AC_MSG_WARN([cross compiling: not checking]) 3757 ] 3758 ) 3759fi 3760 3761AC_CHECK_DECLS([UINT32_MAX], , , [[ 3762#ifdef HAVE_SYS_LIMITS_H 3763# include <sys/limits.h> 3764#endif 3765#ifdef HAVE_LIMITS_H 3766# include <limits.h> 3767#endif 3768#ifdef HAVE_STDINT_H 3769# include <stdint.h> 3770#endif 3771]]) 3772 3773# More checks for data types 3774AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3775 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3776 [[ u_int a; a = 1;]])], 3777 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3778 ]) 3779]) 3780if test "x$ac_cv_have_u_int" = "xyes" ; then 3781 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3782 have_u_int=1 3783fi 3784 3785AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3786 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3787 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3788 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3789 ]) 3790]) 3791if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3792 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3793 have_intxx_t=1 3794fi 3795 3796if (test -z "$have_intxx_t" && \ 3797 test "x$ac_cv_header_stdint_h" = "xyes") 3798then 3799 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3800 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3801 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3802 [ 3803 AC_DEFINE([HAVE_INTXX_T]) 3804 AC_MSG_RESULT([yes]) 3805 ], [ AC_MSG_RESULT([no]) 3806 ]) 3807fi 3808 3809AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3810 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3811#include <sys/types.h> 3812#ifdef HAVE_STDINT_H 3813# include <stdint.h> 3814#endif 3815#include <sys/socket.h> 3816#ifdef HAVE_SYS_BITYPES_H 3817# include <sys/bitypes.h> 3818#endif 3819 ]], [[ 3820int64_t a; a = 1; 3821 ]])], 3822 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3823 ]) 3824]) 3825if test "x$ac_cv_have_int64_t" = "xyes" ; then 3826 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3827fi 3828 3829AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3830 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3831 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3832 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3833 ]) 3834]) 3835if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3836 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3837 have_u_intxx_t=1 3838fi 3839 3840if test -z "$have_u_intxx_t" ; then 3841 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3842 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3843 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3844 [ 3845 AC_DEFINE([HAVE_U_INTXX_T]) 3846 AC_MSG_RESULT([yes]) 3847 ], [ AC_MSG_RESULT([no]) 3848 ]) 3849fi 3850 3851AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3852 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3853 [[ u_int64_t a; a = 1;]])], 3854 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3855 ]) 3856]) 3857if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3858 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3859 have_u_int64_t=1 3860fi 3861 3862if (test -z "$have_u_int64_t" && \ 3863 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3864then 3865 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3866 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3867 [[ u_int64_t a; a = 1]])], 3868 [ 3869 AC_DEFINE([HAVE_U_INT64_T]) 3870 AC_MSG_RESULT([yes]) 3871 ], [ AC_MSG_RESULT([no]) 3872 ]) 3873fi 3874 3875if test -z "$have_u_intxx_t" ; then 3876 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3877 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3878#include <sys/types.h> 3879 ]], [[ 3880 uint8_t a; 3881 uint16_t b; 3882 uint32_t c; 3883 a = b = c = 1; 3884 ]])], 3885 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3886 ]) 3887 ]) 3888 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3889 AC_DEFINE([HAVE_UINTXX_T], [1], 3890 [define if you have uintxx_t data type]) 3891 fi 3892fi 3893 3894if (test -z "$have_uintxx_t" && \ 3895 test "x$ac_cv_header_stdint_h" = "xyes") 3896then 3897 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3898 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3899 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3900 [ 3901 AC_DEFINE([HAVE_UINTXX_T]) 3902 AC_MSG_RESULT([yes]) 3903 ], [ AC_MSG_RESULT([no]) 3904 ]) 3905fi 3906 3907if (test -z "$have_uintxx_t" && \ 3908 test "x$ac_cv_header_inttypes_h" = "xyes") 3909then 3910 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3911 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3912 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3913 [ 3914 AC_DEFINE([HAVE_UINTXX_T]) 3915 AC_MSG_RESULT([yes]) 3916 ], [ AC_MSG_RESULT([no]) 3917 ]) 3918fi 3919 3920if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3921 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3922then 3923 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3924 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3925#include <sys/bitypes.h> 3926 ]], [[ 3927 int8_t a; int16_t b; int32_t c; 3928 u_int8_t e; u_int16_t f; u_int32_t g; 3929 a = b = c = e = f = g = 1; 3930 ]])], 3931 [ 3932 AC_DEFINE([HAVE_U_INTXX_T]) 3933 AC_DEFINE([HAVE_INTXX_T]) 3934 AC_MSG_RESULT([yes]) 3935 ], [AC_MSG_RESULT([no]) 3936 ]) 3937fi 3938 3939 3940AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3941 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3942 [[ u_char foo; foo = 125; ]])], 3943 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3944 ]) 3945]) 3946if test "x$ac_cv_have_u_char" = "xyes" ; then 3947 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3948fi 3949 3950AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3951#include <sys/types.h> 3952#ifdef HAVE_STDINT_H 3953# include <stdint.h> 3954#endif 3955]) 3956 3957TYPE_SOCKLEN_T 3958 3959AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3960AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3961#include <sys/types.h> 3962#ifdef HAVE_SYS_BITYPES_H 3963#include <sys/bitypes.h> 3964#endif 3965#ifdef HAVE_SYS_STATFS_H 3966#include <sys/statfs.h> 3967#endif 3968#ifdef HAVE_SYS_STATVFS_H 3969#include <sys/statvfs.h> 3970#endif 3971]) 3972 3973AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 3974#include <sys/param.h> 3975#include <sys/types.h> 3976#ifdef HAVE_SYS_BITYPES_H 3977#include <sys/bitypes.h> 3978#endif 3979#ifdef HAVE_SYS_STATFS_H 3980#include <sys/statfs.h> 3981#endif 3982#ifdef HAVE_SYS_STATVFS_H 3983#include <sys/statvfs.h> 3984#endif 3985#ifdef HAVE_SYS_VFS_H 3986#include <sys/vfs.h> 3987#endif 3988#ifdef HAVE_SYS_MOUNT_H 3989#include <sys/mount.h> 3990#endif 3991]]) 3992 3993 3994AC_CHECK_TYPES([in_addr_t, in_port_t], , , 3995[#include <sys/types.h> 3996#include <netinet/in.h>]) 3997 3998AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3999 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4000 [[ size_t foo; foo = 1235; ]])], 4001 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 4002 ]) 4003]) 4004if test "x$ac_cv_have_size_t" = "xyes" ; then 4005 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 4006fi 4007 4008AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 4009 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4010 [[ ssize_t foo; foo = 1235; ]])], 4011 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 4012 ]) 4013]) 4014if test "x$ac_cv_have_ssize_t" = "xyes" ; then 4015 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 4016fi 4017 4018AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 4019 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4020 [[ clock_t foo; foo = 1235; ]])], 4021 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4022 ]) 4023]) 4024if test "x$ac_cv_have_clock_t" = "xyes" ; then 4025 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4026fi 4027 4028AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4029 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4030#include <sys/types.h> 4031#include <sys/socket.h> 4032 ]], [[ sa_family_t foo; foo = 1235; ]])], 4033 [ ac_cv_have_sa_family_t="yes" ], 4034 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4035#include <sys/types.h> 4036#include <sys/socket.h> 4037#include <netinet/in.h> 4038 ]], [[ sa_family_t foo; foo = 1235; ]])], 4039 [ ac_cv_have_sa_family_t="yes" ], 4040 [ ac_cv_have_sa_family_t="no" ] 4041 ) 4042 ]) 4043]) 4044if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4045 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4046 [define if you have sa_family_t data type]) 4047fi 4048 4049AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4050 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4051 [[ pid_t foo; foo = 1235; ]])], 4052 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4053 ]) 4054]) 4055if test "x$ac_cv_have_pid_t" = "xyes" ; then 4056 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4057fi 4058 4059AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4060 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4061 [[ mode_t foo; foo = 1235; ]])], 4062 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4063 ]) 4064]) 4065if test "x$ac_cv_have_mode_t" = "xyes" ; then 4066 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4067fi 4068 4069 4070AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4071 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4072#include <sys/types.h> 4073#include <sys/socket.h> 4074 ]], [[ struct sockaddr_storage s; ]])], 4075 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4076 [ ac_cv_have_struct_sockaddr_storage="no" 4077 ]) 4078]) 4079if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4080 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4081 [define if you have struct sockaddr_storage data type]) 4082fi 4083 4084AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4085 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4086#include <sys/types.h> 4087#include <netinet/in.h> 4088 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4089 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4090 [ ac_cv_have_struct_sockaddr_in6="no" 4091 ]) 4092]) 4093if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4094 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4095 [define if you have struct sockaddr_in6 data type]) 4096fi 4097 4098AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4099 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4100#include <sys/types.h> 4101#include <netinet/in.h> 4102 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4103 [ ac_cv_have_struct_in6_addr="yes" ], 4104 [ ac_cv_have_struct_in6_addr="no" 4105 ]) 4106]) 4107if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4108 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4109 [define if you have struct in6_addr data type]) 4110 4111dnl Now check for sin6_scope_id 4112 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4113 [ 4114#ifdef HAVE_SYS_TYPES_H 4115#include <sys/types.h> 4116#endif 4117#include <netinet/in.h> 4118 ]) 4119fi 4120 4121AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4122 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4123#include <sys/types.h> 4124#include <sys/socket.h> 4125#include <netdb.h> 4126 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4127 [ ac_cv_have_struct_addrinfo="yes" ], 4128 [ ac_cv_have_struct_addrinfo="no" 4129 ]) 4130]) 4131if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4132 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4133 [define if you have struct addrinfo data type]) 4134fi 4135 4136AC_HEADER_TIME 4137 4138AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4139 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4140 [[ struct timeval tv; tv.tv_sec = 1;]])], 4141 [ ac_cv_have_struct_timeval="yes" ], 4142 [ ac_cv_have_struct_timeval="no" 4143 ]) 4144]) 4145if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4146 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4147 have_struct_timeval=1 4148fi 4149 4150AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4151 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4152 #ifdef TIME_WITH_SYS_TIME 4153 # include <sys/time.h> 4154 # include <time.h> 4155 #else 4156 # ifdef HAVE_SYS_TIME_H 4157 # include <sys/time.h> 4158 # else 4159 # include <time.h> 4160 # endif 4161 #endif 4162 ]], 4163 [[ struct timespec ts; ts.tv_sec = 1;]])], 4164 [ ac_cv_have_struct_timespec="yes" ], 4165 [ ac_cv_have_struct_timespec="no" 4166 ]) 4167]) 4168if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4169 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4170 have_struct_timespec=1 4171fi 4172 4173# We need int64_t or else certain parts of the compile will fail. 4174if test "x$ac_cv_have_int64_t" = "xno" && \ 4175 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4176 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4177 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4178 echo "an alternative compiler (I.E., GCC) before continuing." 4179 echo "" 4180 exit 1; 4181else 4182dnl test snprintf (broken on SCO w/gcc) 4183 AC_RUN_IFELSE( 4184 [AC_LANG_SOURCE([[ 4185#include <stdio.h> 4186#include <stdlib.h> 4187#include <string.h> 4188#ifdef HAVE_SNPRINTF 4189main() 4190{ 4191 char buf[50]; 4192 char expected_out[50]; 4193 int mazsize = 50 ; 4194#if (SIZEOF_LONG_INT == 8) 4195 long int num = 0x7fffffffffffffff; 4196#else 4197 long long num = 0x7fffffffffffffffll; 4198#endif 4199 strcpy(expected_out, "9223372036854775807"); 4200 snprintf(buf, mazsize, "%lld", num); 4201 if(strcmp(buf, expected_out) != 0) 4202 exit(1); 4203 exit(0); 4204} 4205#else 4206main() { exit(0); } 4207#endif 4208 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4209 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4210 ) 4211fi 4212 4213dnl Checks for structure members 4214OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4215OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4216OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4217OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4218OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4219OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4220OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4221OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4222OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4223OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4224OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4225OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4226OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4227OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4228OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4229OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4230OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4231OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX]) 4232 4233AC_CHECK_MEMBERS([struct stat.st_blksize]) 4234AC_CHECK_MEMBERS([struct stat.st_mtim]) 4235AC_CHECK_MEMBERS([struct stat.st_mtime]) 4236AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4237struct passwd.pw_change, struct passwd.pw_expire], 4238[], [], [[ 4239#include <sys/types.h> 4240#include <pwd.h> 4241]]) 4242 4243AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4244 [Define if we don't have struct __res_state in resolv.h])], 4245[[ 4246#include <stdio.h> 4247#if HAVE_SYS_TYPES_H 4248# include <sys/types.h> 4249#endif 4250#include <netinet/in.h> 4251#include <arpa/nameser.h> 4252#include <resolv.h> 4253]]) 4254 4255AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4256 ac_cv_have_ss_family_in_struct_ss, [ 4257 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4258#include <sys/types.h> 4259#include <sys/socket.h> 4260 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4261 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4262 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4263]) 4264if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4265 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4266fi 4267 4268AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4269 ac_cv_have___ss_family_in_struct_ss, [ 4270 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4271#include <sys/types.h> 4272#include <sys/socket.h> 4273 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4274 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4275 [ ac_cv_have___ss_family_in_struct_ss="no" 4276 ]) 4277]) 4278if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4279 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4280 [Fields in struct sockaddr_storage]) 4281fi 4282 4283dnl make sure we're using the real structure members and not defines 4284AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4285 ac_cv_have_accrights_in_msghdr, [ 4286 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4287#include <sys/types.h> 4288#include <sys/socket.h> 4289#include <sys/uio.h> 4290#include <stdlib.h> 4291 ]], [[ 4292#ifdef msg_accrights 4293#error "msg_accrights is a macro" 4294exit(1); 4295#endif 4296struct msghdr m; 4297m.msg_accrights = 0; 4298exit(0); 4299 ]])], 4300 [ ac_cv_have_accrights_in_msghdr="yes" ], 4301 [ ac_cv_have_accrights_in_msghdr="no" ] 4302 ) 4303]) 4304if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4305 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4306 [Define if your system uses access rights style 4307 file descriptor passing]) 4308fi 4309 4310AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4311AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4312#include <sys/param.h> 4313#include <sys/stat.h> 4314#ifdef HAVE_SYS_TIME_H 4315# include <sys/time.h> 4316#endif 4317#ifdef HAVE_SYS_MOUNT_H 4318#include <sys/mount.h> 4319#endif 4320#ifdef HAVE_SYS_STATVFS_H 4321#include <sys/statvfs.h> 4322#endif 4323 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4324 [ AC_MSG_RESULT([yes]) ], 4325 [ AC_MSG_RESULT([no]) 4326 4327 AC_MSG_CHECKING([if fsid_t has member val]) 4328 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4329#include <sys/types.h> 4330#include <sys/statvfs.h> 4331 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4332 [ AC_MSG_RESULT([yes]) 4333 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4334 [ AC_MSG_RESULT([no]) ]) 4335 4336 AC_MSG_CHECKING([if f_fsid has member __val]) 4337 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4338#include <sys/types.h> 4339#include <sys/statvfs.h> 4340 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4341 [ AC_MSG_RESULT([yes]) 4342 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4343 [ AC_MSG_RESULT([no]) ]) 4344]) 4345 4346AC_CACHE_CHECK([for msg_control field in struct msghdr], 4347 ac_cv_have_control_in_msghdr, [ 4348 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4349#include <sys/types.h> 4350#include <sys/socket.h> 4351#include <sys/uio.h> 4352#include <stdlib.h> 4353 ]], [[ 4354#ifdef msg_control 4355#error "msg_control is a macro" 4356exit(1); 4357#endif 4358struct msghdr m; 4359m.msg_control = 0; 4360exit(0); 4361 ]])], 4362 [ ac_cv_have_control_in_msghdr="yes" ], 4363 [ ac_cv_have_control_in_msghdr="no" ] 4364 ) 4365]) 4366if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4367 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4368 [Define if your system uses ancillary data style 4369 file descriptor passing]) 4370fi 4371 4372AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4373 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4374 [[ extern char *__progname; printf("%s", __progname); ]])], 4375 [ ac_cv_libc_defines___progname="yes" ], 4376 [ ac_cv_libc_defines___progname="no" 4377 ]) 4378]) 4379if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4380 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4381fi 4382 4383AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4384 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4385 [[ printf("%s", __FUNCTION__); ]])], 4386 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4387 [ ac_cv_cc_implements___FUNCTION__="no" 4388 ]) 4389]) 4390if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4391 AC_DEFINE([HAVE___FUNCTION__], [1], 4392 [Define if compiler implements __FUNCTION__]) 4393fi 4394 4395AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4396 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4397 [[ printf("%s", __func__); ]])], 4398 [ ac_cv_cc_implements___func__="yes" ], 4399 [ ac_cv_cc_implements___func__="no" 4400 ]) 4401]) 4402if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4403 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4404fi 4405 4406AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4407 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4408#include <stdarg.h> 4409va_list x,y; 4410 ]], [[ va_copy(x,y); ]])], 4411 [ ac_cv_have_va_copy="yes" ], 4412 [ ac_cv_have_va_copy="no" 4413 ]) 4414]) 4415if test "x$ac_cv_have_va_copy" = "xyes" ; then 4416 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4417fi 4418 4419AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4420 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4421#include <stdarg.h> 4422va_list x,y; 4423 ]], [[ __va_copy(x,y); ]])], 4424 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4425 ]) 4426]) 4427if test "x$ac_cv_have___va_copy" = "xyes" ; then 4428 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4429fi 4430 4431AC_CACHE_CHECK([whether getopt has optreset support], 4432 ac_cv_have_getopt_optreset, [ 4433 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4434 [[ extern int optreset; optreset = 0; ]])], 4435 [ ac_cv_have_getopt_optreset="yes" ], 4436 [ ac_cv_have_getopt_optreset="no" 4437 ]) 4438]) 4439if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4440 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4441 [Define if your getopt(3) defines and uses optreset]) 4442fi 4443 4444AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4445 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4446[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4447 [ ac_cv_libc_defines_sys_errlist="yes" ], 4448 [ ac_cv_libc_defines_sys_errlist="no" 4449 ]) 4450]) 4451if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4452 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4453 [Define if your system defines sys_errlist[]]) 4454fi 4455 4456 4457AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4458 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4459[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4460 [ ac_cv_libc_defines_sys_nerr="yes" ], 4461 [ ac_cv_libc_defines_sys_nerr="no" 4462 ]) 4463]) 4464if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4465 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4466fi 4467 4468# Check libraries needed by DNS fingerprint support 4469AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4470 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4471 [Define if getrrsetbyname() exists])], 4472 [ 4473 # Needed by our getrrsetbyname() 4474 AC_SEARCH_LIBS([res_query], [resolv]) 4475 AC_SEARCH_LIBS([dn_expand], [resolv]) 4476 AC_MSG_CHECKING([if res_query will link]) 4477 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4478#include <sys/types.h> 4479#include <netinet/in.h> 4480#include <arpa/nameser.h> 4481#include <netdb.h> 4482#include <resolv.h> 4483 ]], [[ 4484 res_query (0, 0, 0, 0, 0); 4485 ]])], 4486 AC_MSG_RESULT([yes]), 4487 [AC_MSG_RESULT([no]) 4488 saved_LIBS="$LIBS" 4489 LIBS="$LIBS -lresolv" 4490 AC_MSG_CHECKING([for res_query in -lresolv]) 4491 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4492#include <sys/types.h> 4493#include <netinet/in.h> 4494#include <arpa/nameser.h> 4495#include <netdb.h> 4496#include <resolv.h> 4497 ]], [[ 4498 res_query (0, 0, 0, 0, 0); 4499 ]])], 4500 [AC_MSG_RESULT([yes])], 4501 [LIBS="$saved_LIBS" 4502 AC_MSG_RESULT([no])]) 4503 ]) 4504 AC_CHECK_FUNCS([_getshort _getlong]) 4505 AC_CHECK_DECLS([_getshort, _getlong], , , 4506 [#include <sys/types.h> 4507 #include <arpa/nameser.h>]) 4508 AC_CHECK_MEMBER([HEADER.ad], 4509 [AC_DEFINE([HAVE_HEADER_AD], [1], 4510 [Define if HEADER.ad exists in arpa/nameser.h])], , 4511 [#include <arpa/nameser.h>]) 4512 ]) 4513 4514AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4515AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4516#include <stdio.h> 4517#if HAVE_SYS_TYPES_H 4518# include <sys/types.h> 4519#endif 4520#include <netinet/in.h> 4521#include <arpa/nameser.h> 4522#include <resolv.h> 4523extern struct __res_state _res; 4524 ]], [[ 4525struct __res_state *volatile p = &_res; /* force resolution of _res */ 4526return 0; 4527 ]],)], 4528 [AC_MSG_RESULT([yes]) 4529 AC_DEFINE([HAVE__RES_EXTERN], [1], 4530 [Define if you have struct __res_state _res as an extern]) 4531 ], 4532 [ AC_MSG_RESULT([no]) ] 4533) 4534 4535# Check whether user wants SELinux support 4536SELINUX_MSG="no" 4537LIBSELINUX="" 4538AC_ARG_WITH([selinux], 4539 [ --with-selinux Enable SELinux support], 4540 [ if test "x$withval" != "xno" ; then 4541 save_LIBS="$LIBS" 4542 AC_DEFINE([WITH_SELINUX], [1], 4543 [Define if you want SELinux support.]) 4544 SELINUX_MSG="yes" 4545 AC_CHECK_HEADER([selinux/selinux.h], , 4546 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4547 AC_CHECK_LIB([selinux], [setexeccon], 4548 [ LIBSELINUX="-lselinux" 4549 LIBS="$LIBS -lselinux" 4550 ], 4551 AC_MSG_ERROR([SELinux support requires libselinux library])) 4552 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4553 LIBS="$save_LIBS $LIBSELINUX" 4554 fi ] 4555) 4556AC_SUBST([SSHDLIBS]) 4557 4558# Check whether user wants Kerberos 5 support 4559KRB5_MSG="no" 4560AC_ARG_WITH([kerberos5], 4561 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4562 [ if test "x$withval" != "xno" ; then 4563 if test "x$withval" = "xyes" ; then 4564 KRB5ROOT="/usr/local" 4565 else 4566 KRB5ROOT=${withval} 4567 fi 4568 4569 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4570 KRB5_MSG="yes" 4571 4572 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4573 [$KRB5ROOT/bin/krb5-config], 4574 [$KRB5ROOT/bin:$PATH]) 4575 if test -x $KRB5CONF ; then 4576 K5CFLAGS="`$KRB5CONF --cflags`" 4577 K5LIBS="`$KRB5CONF --libs`" 4578 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4579 4580 AC_MSG_CHECKING([for gssapi support]) 4581 if $KRB5CONF | grep gssapi >/dev/null ; then 4582 AC_MSG_RESULT([yes]) 4583 AC_DEFINE([GSSAPI], [1], 4584 [Define this if you want GSSAPI 4585 support in the version 2 protocol]) 4586 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4587 GSSLIBS="`$KRB5CONF --libs gssapi`" 4588 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4589 else 4590 AC_MSG_RESULT([no]) 4591 fi 4592 AC_MSG_CHECKING([whether we are using Heimdal]) 4593 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4594 ]], [[ char *tmp = heimdal_version; ]])], 4595 [ AC_MSG_RESULT([yes]) 4596 AC_DEFINE([HEIMDAL], [1], 4597 [Define this if you are using the Heimdal 4598 version of Kerberos V5]) ], 4599 [AC_MSG_RESULT([no]) 4600 ]) 4601 else 4602 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4603 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4604 AC_MSG_CHECKING([whether we are using Heimdal]) 4605 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4606 ]], [[ char *tmp = heimdal_version; ]])], 4607 [ AC_MSG_RESULT([yes]) 4608 AC_DEFINE([HEIMDAL]) 4609 K5LIBS="-lkrb5" 4610 K5LIBS="$K5LIBS -lcom_err -lasn1" 4611 AC_CHECK_LIB([roken], [net_write], 4612 [K5LIBS="$K5LIBS -lroken"]) 4613 AC_CHECK_LIB([des], [des_cbc_encrypt], 4614 [K5LIBS="$K5LIBS -ldes"]) 4615 ], [ AC_MSG_RESULT([no]) 4616 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4617 ]) 4618 AC_SEARCH_LIBS([dn_expand], [resolv]) 4619 4620 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4621 [ AC_DEFINE([GSSAPI]) 4622 GSSLIBS="-lgssapi_krb5" ], 4623 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4624 [ AC_DEFINE([GSSAPI]) 4625 GSSLIBS="-lgssapi" ], 4626 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4627 [ AC_DEFINE([GSSAPI]) 4628 GSSLIBS="-lgss" ], 4629 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4630 ]) 4631 ]) 4632 4633 AC_CHECK_HEADER([gssapi.h], , 4634 [ unset ac_cv_header_gssapi_h 4635 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4636 AC_CHECK_HEADERS([gssapi.h], , 4637 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4638 ) 4639 ] 4640 ) 4641 4642 oldCPP="$CPPFLAGS" 4643 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4644 AC_CHECK_HEADER([gssapi_krb5.h], , 4645 [ CPPFLAGS="$oldCPP" ]) 4646 4647 fi 4648 if test -n "${rpath_opt}" ; then 4649 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4650 fi 4651 if test ! -z "$blibpath" ; then 4652 blibpath="$blibpath:${KRB5ROOT}/lib" 4653 fi 4654 4655 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4656 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4657 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4658 4659 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4660 [Define this if you want to use libkafs' AFS support])]) 4661 4662 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4663#ifdef HAVE_GSSAPI_H 4664# include <gssapi.h> 4665#elif defined(HAVE_GSSAPI_GSSAPI_H) 4666# include <gssapi/gssapi.h> 4667#endif 4668 4669#ifdef HAVE_GSSAPI_GENERIC_H 4670# include <gssapi_generic.h> 4671#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4672# include <gssapi/gssapi_generic.h> 4673#endif 4674 ]]) 4675 saved_LIBS="$LIBS" 4676 LIBS="$LIBS $K5LIBS" 4677 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4678 LIBS="$saved_LIBS" 4679 4680 fi 4681 ] 4682) 4683AC_SUBST([GSSLIBS]) 4684AC_SUBST([K5LIBS]) 4685 4686# Looking for programs, paths and files 4687 4688PRIVSEP_PATH=/var/empty 4689AC_ARG_WITH([privsep-path], 4690 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4691 [ 4692 if test -n "$withval" && test "x$withval" != "xno" && \ 4693 test "x${withval}" != "xyes"; then 4694 PRIVSEP_PATH=$withval 4695 fi 4696 ] 4697) 4698AC_SUBST([PRIVSEP_PATH]) 4699 4700AC_ARG_WITH([xauth], 4701 [ --with-xauth=PATH Specify path to xauth program ], 4702 [ 4703 if test -n "$withval" && test "x$withval" != "xno" && \ 4704 test "x${withval}" != "xyes"; then 4705 xauth_path=$withval 4706 fi 4707 ], 4708 [ 4709 TestPath="$PATH" 4710 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4711 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4712 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4713 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4714 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4715 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4716 xauth_path="/usr/openwin/bin/xauth" 4717 fi 4718 ] 4719) 4720 4721STRIP_OPT=-s 4722AC_ARG_ENABLE([strip], 4723 [ --disable-strip Disable calling strip(1) on install], 4724 [ 4725 if test "x$enableval" = "xno" ; then 4726 STRIP_OPT= 4727 fi 4728 ] 4729) 4730AC_SUBST([STRIP_OPT]) 4731 4732if test -z "$xauth_path" ; then 4733 XAUTH_PATH="undefined" 4734 AC_SUBST([XAUTH_PATH]) 4735else 4736 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4737 [Define if xauth is found in your path]) 4738 XAUTH_PATH=$xauth_path 4739 AC_SUBST([XAUTH_PATH]) 4740fi 4741 4742dnl # --with-maildir=/path/to/mail gets top priority. 4743dnl # if maildir is set in the platform case statement above we use that. 4744dnl # Otherwise we run a program to get the dir from system headers. 4745dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4746dnl # If we find _PATH_MAILDIR we do nothing because that is what 4747dnl # session.c expects anyway. Otherwise we set to the value found 4748dnl # stripping any trailing slash. If for some strage reason our program 4749dnl # does not find what it needs, we default to /var/spool/mail. 4750# Check for mail directory 4751AC_ARG_WITH([maildir], 4752 [ --with-maildir=/path/to/mail Specify your system mail directory], 4753 [ 4754 if test "X$withval" != X && test "x$withval" != xno && \ 4755 test "x${withval}" != xyes; then 4756 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4757 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4758 fi 4759 ],[ 4760 if test "X$maildir" != "X"; then 4761 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4762 else 4763 AC_MSG_CHECKING([Discovering system mail directory]) 4764 AC_RUN_IFELSE( 4765 [AC_LANG_PROGRAM([[ 4766#include <stdio.h> 4767#include <stdlib.h> 4768#include <string.h> 4769#ifdef HAVE_PATHS_H 4770#include <paths.h> 4771#endif 4772#ifdef HAVE_MAILLOCK_H 4773#include <maillock.h> 4774#endif 4775#define DATA "conftest.maildir" 4776 ]], [[ 4777 FILE *fd; 4778 int rc; 4779 4780 fd = fopen(DATA,"w"); 4781 if(fd == NULL) 4782 exit(1); 4783 4784#if defined (_PATH_MAILDIR) 4785 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4786 exit(1); 4787#elif defined (MAILDIR) 4788 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4789 exit(1); 4790#elif defined (_PATH_MAIL) 4791 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4792 exit(1); 4793#else 4794 exit (2); 4795#endif 4796 4797 exit(0); 4798 ]])], 4799 [ 4800 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4801 maildir=`awk -F: '{print $2}' conftest.maildir \ 4802 | sed 's|/$||'` 4803 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4804 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4805 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4806 fi 4807 ], 4808 [ 4809 if test "X$ac_status" = "X2";then 4810# our test program didn't find it. Default to /var/spool/mail 4811 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4812 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4813 else 4814 AC_MSG_RESULT([*** not found ***]) 4815 fi 4816 ], 4817 [ 4818 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4819 ] 4820 ) 4821 fi 4822 ] 4823) # maildir 4824 4825if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4826 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4827 disable_ptmx_check=yes 4828fi 4829if test -z "$no_dev_ptmx" ; then 4830 if test "x$disable_ptmx_check" != "xyes" ; then 4831 AC_CHECK_FILE(["/dev/ptmx"], 4832 [ 4833 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4834 [Define if you have /dev/ptmx]) 4835 have_dev_ptmx=1 4836 ] 4837 ) 4838 fi 4839fi 4840 4841if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4842 AC_CHECK_FILE(["/dev/ptc"], 4843 [ 4844 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4845 [Define if you have /dev/ptc]) 4846 have_dev_ptc=1 4847 ] 4848 ) 4849else 4850 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4851fi 4852 4853# Options from here on. Some of these are preset by platform above 4854AC_ARG_WITH([mantype], 4855 [ --with-mantype=man|cat|doc Set man page type], 4856 [ 4857 case "$withval" in 4858 man|cat|doc) 4859 MANTYPE=$withval 4860 ;; 4861 *) 4862 AC_MSG_ERROR([invalid man type: $withval]) 4863 ;; 4864 esac 4865 ] 4866) 4867if test -z "$MANTYPE"; then 4868 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 4869 MANTYPE=doc 4870 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4871 MANTYPE=doc 4872 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4873 MANTYPE=man 4874 else 4875 MANTYPE=cat 4876 fi 4877fi 4878AC_SUBST([MANTYPE]) 4879if test "$MANTYPE" = "doc"; then 4880 mansubdir=man; 4881else 4882 mansubdir=$MANTYPE; 4883fi 4884AC_SUBST([mansubdir]) 4885 4886# Check whether to enable MD5 passwords 4887MD5_MSG="no" 4888AC_ARG_WITH([md5-passwords], 4889 [ --with-md5-passwords Enable use of MD5 passwords], 4890 [ 4891 if test "x$withval" != "xno" ; then 4892 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4893 [Define if you want to allow MD5 passwords]) 4894 MD5_MSG="yes" 4895 fi 4896 ] 4897) 4898 4899# Whether to disable shadow password support 4900AC_ARG_WITH([shadow], 4901 [ --without-shadow Disable shadow password support], 4902 [ 4903 if test "x$withval" = "xno" ; then 4904 AC_DEFINE([DISABLE_SHADOW]) 4905 disable_shadow=yes 4906 fi 4907 ] 4908) 4909 4910if test -z "$disable_shadow" ; then 4911 AC_MSG_CHECKING([if the systems has expire shadow information]) 4912 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4913#include <sys/types.h> 4914#include <shadow.h> 4915struct spwd sp; 4916 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4917 [ sp_expire_available=yes ], [ 4918 ]) 4919 4920 if test "x$sp_expire_available" = "xyes" ; then 4921 AC_MSG_RESULT([yes]) 4922 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4923 [Define if you want to use shadow password expire field]) 4924 else 4925 AC_MSG_RESULT([no]) 4926 fi 4927fi 4928 4929# Use ip address instead of hostname in $DISPLAY 4930if test ! -z "$IPADDR_IN_DISPLAY" ; then 4931 DISPLAY_HACK_MSG="yes" 4932 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4933 [Define if you need to use IP address 4934 instead of hostname in $DISPLAY]) 4935else 4936 DISPLAY_HACK_MSG="no" 4937 AC_ARG_WITH([ipaddr-display], 4938 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 4939 [ 4940 if test "x$withval" != "xno" ; then 4941 AC_DEFINE([IPADDR_IN_DISPLAY]) 4942 DISPLAY_HACK_MSG="yes" 4943 fi 4944 ] 4945 ) 4946fi 4947 4948# check for /etc/default/login and use it if present. 4949AC_ARG_ENABLE([etc-default-login], 4950 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4951 [ if test "x$enableval" = "xno"; then 4952 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4953 etc_default_login=no 4954 else 4955 etc_default_login=yes 4956 fi ], 4957 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4958 then 4959 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4960 etc_default_login=no 4961 else 4962 etc_default_login=yes 4963 fi ] 4964) 4965 4966if test "x$etc_default_login" != "xno"; then 4967 AC_CHECK_FILE(["/etc/default/login"], 4968 [ external_path_file=/etc/default/login ]) 4969 if test "x$external_path_file" = "x/etc/default/login"; then 4970 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4971 [Define if your system has /etc/default/login]) 4972 fi 4973fi 4974 4975dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4976if test $ac_cv_func_login_getcapbool = "yes" && \ 4977 test $ac_cv_header_login_cap_h = "yes" ; then 4978 external_path_file=/etc/login.conf 4979fi 4980 4981# Whether to mess with the default path 4982SERVER_PATH_MSG="(default)" 4983AC_ARG_WITH([default-path], 4984 [ --with-default-path= Specify default $PATH environment for server], 4985 [ 4986 if test "x$external_path_file" = "x/etc/login.conf" ; then 4987 AC_MSG_WARN([ 4988--with-default-path=PATH has no effect on this system. 4989Edit /etc/login.conf instead.]) 4990 elif test "x$withval" != "xno" ; then 4991 if test ! -z "$external_path_file" ; then 4992 AC_MSG_WARN([ 4993--with-default-path=PATH will only be used if PATH is not defined in 4994$external_path_file .]) 4995 fi 4996 user_path="$withval" 4997 SERVER_PATH_MSG="$withval" 4998 fi 4999 ], 5000 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 5001 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 5002 else 5003 if test ! -z "$external_path_file" ; then 5004 AC_MSG_WARN([ 5005If PATH is defined in $external_path_file, ensure the path to scp is included, 5006otherwise scp will not work.]) 5007 fi 5008 AC_RUN_IFELSE( 5009 [AC_LANG_PROGRAM([[ 5010/* find out what STDPATH is */ 5011#include <stdio.h> 5012#include <stdlib.h> 5013#ifdef HAVE_PATHS_H 5014# include <paths.h> 5015#endif 5016#ifndef _PATH_STDPATH 5017# ifdef _PATH_USERPATH /* Irix */ 5018# define _PATH_STDPATH _PATH_USERPATH 5019# else 5020# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 5021# endif 5022#endif 5023#include <sys/types.h> 5024#include <sys/stat.h> 5025#include <fcntl.h> 5026#define DATA "conftest.stdpath" 5027 ]], [[ 5028 FILE *fd; 5029 int rc; 5030 5031 fd = fopen(DATA,"w"); 5032 if(fd == NULL) 5033 exit(1); 5034 5035 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5036 exit(1); 5037 5038 exit(0); 5039 ]])], 5040 [ user_path=`cat conftest.stdpath` ], 5041 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5042 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5043 ) 5044# make sure $bindir is in USER_PATH so scp will work 5045 t_bindir="${bindir}" 5046 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5047 t_bindir=`eval echo ${t_bindir}` 5048 case $t_bindir in 5049 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5050 esac 5051 case $t_bindir in 5052 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5053 esac 5054 done 5055 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5056 if test $? -ne 0 ; then 5057 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5058 if test $? -ne 0 ; then 5059 user_path=$user_path:$t_bindir 5060 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5061 fi 5062 fi 5063 fi ] 5064) 5065if test "x$external_path_file" != "x/etc/login.conf" ; then 5066 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5067 AC_SUBST([user_path]) 5068fi 5069 5070# Set superuser path separately to user path 5071AC_ARG_WITH([superuser-path], 5072 [ --with-superuser-path= Specify different path for super-user], 5073 [ 5074 if test -n "$withval" && test "x$withval" != "xno" && \ 5075 test "x${withval}" != "xyes"; then 5076 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5077 [Define if you want a different $PATH 5078 for the superuser]) 5079 superuser_path=$withval 5080 fi 5081 ] 5082) 5083 5084 5085AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5086IPV4_IN6_HACK_MSG="no" 5087AC_ARG_WITH(4in6, 5088 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5089 [ 5090 if test "x$withval" != "xno" ; then 5091 AC_MSG_RESULT([yes]) 5092 AC_DEFINE([IPV4_IN_IPV6], [1], 5093 [Detect IPv4 in IPv6 mapped addresses 5094 and treat as IPv4]) 5095 IPV4_IN6_HACK_MSG="yes" 5096 else 5097 AC_MSG_RESULT([no]) 5098 fi 5099 ], [ 5100 if test "x$inet6_default_4in6" = "xyes"; then 5101 AC_MSG_RESULT([yes (default)]) 5102 AC_DEFINE([IPV4_IN_IPV6]) 5103 IPV4_IN6_HACK_MSG="yes" 5104 else 5105 AC_MSG_RESULT([no (default)]) 5106 fi 5107 ] 5108) 5109 5110# Whether to enable BSD auth support 5111BSD_AUTH_MSG=no 5112AC_ARG_WITH([bsd-auth], 5113 [ --with-bsd-auth Enable BSD auth support], 5114 [ 5115 if test "x$withval" != "xno" ; then 5116 AC_DEFINE([BSD_AUTH], [1], 5117 [Define if you have BSD auth support]) 5118 BSD_AUTH_MSG=yes 5119 fi 5120 ] 5121) 5122 5123# Where to place sshd.pid 5124piddir=/var/run 5125# make sure the directory exists 5126if test ! -d $piddir ; then 5127 piddir=`eval echo ${sysconfdir}` 5128 case $piddir in 5129 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5130 esac 5131fi 5132 5133AC_ARG_WITH([pid-dir], 5134 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5135 [ 5136 if test -n "$withval" && test "x$withval" != "xno" && \ 5137 test "x${withval}" != "xyes"; then 5138 piddir=$withval 5139 if test ! -d $piddir ; then 5140 AC_MSG_WARN([** no $piddir directory on this system **]) 5141 fi 5142 fi 5143 ] 5144) 5145 5146AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5147 [Specify location of ssh.pid]) 5148AC_SUBST([piddir]) 5149 5150dnl allow user to disable some login recording features 5151AC_ARG_ENABLE([lastlog], 5152 [ --disable-lastlog disable use of lastlog even if detected [no]], 5153 [ 5154 if test "x$enableval" = "xno" ; then 5155 AC_DEFINE([DISABLE_LASTLOG]) 5156 fi 5157 ] 5158) 5159AC_ARG_ENABLE([utmp], 5160 [ --disable-utmp disable use of utmp even if detected [no]], 5161 [ 5162 if test "x$enableval" = "xno" ; then 5163 AC_DEFINE([DISABLE_UTMP]) 5164 fi 5165 ] 5166) 5167AC_ARG_ENABLE([utmpx], 5168 [ --disable-utmpx disable use of utmpx even if detected [no]], 5169 [ 5170 if test "x$enableval" = "xno" ; then 5171 AC_DEFINE([DISABLE_UTMPX], [1], 5172 [Define if you don't want to use utmpx]) 5173 fi 5174 ] 5175) 5176AC_ARG_ENABLE([wtmp], 5177 [ --disable-wtmp disable use of wtmp even if detected [no]], 5178 [ 5179 if test "x$enableval" = "xno" ; then 5180 AC_DEFINE([DISABLE_WTMP]) 5181 fi 5182 ] 5183) 5184AC_ARG_ENABLE([wtmpx], 5185 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5186 [ 5187 if test "x$enableval" = "xno" ; then 5188 AC_DEFINE([DISABLE_WTMPX], [1], 5189 [Define if you don't want to use wtmpx]) 5190 fi 5191 ] 5192) 5193AC_ARG_ENABLE([libutil], 5194 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5195 [ 5196 if test "x$enableval" = "xno" ; then 5197 AC_DEFINE([DISABLE_LOGIN]) 5198 fi 5199 ] 5200) 5201AC_ARG_ENABLE([pututline], 5202 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5203 [ 5204 if test "x$enableval" = "xno" ; then 5205 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5206 [Define if you don't want to use pututline() 5207 etc. to write [uw]tmp]) 5208 fi 5209 ] 5210) 5211AC_ARG_ENABLE([pututxline], 5212 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5213 [ 5214 if test "x$enableval" = "xno" ; then 5215 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5216 [Define if you don't want to use pututxline() 5217 etc. to write [uw]tmpx]) 5218 fi 5219 ] 5220) 5221AC_ARG_WITH([lastlog], 5222 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5223 [ 5224 if test "x$withval" = "xno" ; then 5225 AC_DEFINE([DISABLE_LASTLOG]) 5226 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5227 conf_lastlog_location=$withval 5228 fi 5229 ] 5230) 5231 5232dnl lastlog, [uw]tmpx? detection 5233dnl NOTE: set the paths in the platform section to avoid the 5234dnl need for command-line parameters 5235dnl lastlog and [uw]tmp are subject to a file search if all else fails 5236 5237dnl lastlog detection 5238dnl NOTE: the code itself will detect if lastlog is a directory 5239AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5240AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5241#include <sys/types.h> 5242#include <utmp.h> 5243#ifdef HAVE_LASTLOG_H 5244# include <lastlog.h> 5245#endif 5246#ifdef HAVE_PATHS_H 5247# include <paths.h> 5248#endif 5249#ifdef HAVE_LOGIN_H 5250# include <login.h> 5251#endif 5252 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5253 [ AC_MSG_RESULT([yes]) ], 5254 [ 5255 AC_MSG_RESULT([no]) 5256 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5257 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5258#include <sys/types.h> 5259#include <utmp.h> 5260#ifdef HAVE_LASTLOG_H 5261# include <lastlog.h> 5262#endif 5263#ifdef HAVE_PATHS_H 5264# include <paths.h> 5265#endif 5266 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5267 [ AC_MSG_RESULT([yes]) ], 5268 [ 5269 AC_MSG_RESULT([no]) 5270 system_lastlog_path=no 5271 ]) 5272]) 5273 5274if test -z "$conf_lastlog_location"; then 5275 if test x"$system_lastlog_path" = x"no" ; then 5276 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5277 if (test -d "$f" || test -f "$f") ; then 5278 conf_lastlog_location=$f 5279 fi 5280 done 5281 if test -z "$conf_lastlog_location"; then 5282 AC_MSG_WARN([** Cannot find lastlog **]) 5283 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5284 fi 5285 fi 5286fi 5287 5288if test -n "$conf_lastlog_location"; then 5289 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5290 [Define if you want to specify the path to your lastlog file]) 5291fi 5292 5293dnl utmp detection 5294AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5295AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5296#include <sys/types.h> 5297#include <utmp.h> 5298#ifdef HAVE_PATHS_H 5299# include <paths.h> 5300#endif 5301 ]], [[ char *utmp = UTMP_FILE; ]])], 5302 [ AC_MSG_RESULT([yes]) ], 5303 [ AC_MSG_RESULT([no]) 5304 system_utmp_path=no 5305]) 5306if test -z "$conf_utmp_location"; then 5307 if test x"$system_utmp_path" = x"no" ; then 5308 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5309 if test -f $f ; then 5310 conf_utmp_location=$f 5311 fi 5312 done 5313 if test -z "$conf_utmp_location"; then 5314 AC_DEFINE([DISABLE_UTMP]) 5315 fi 5316 fi 5317fi 5318if test -n "$conf_utmp_location"; then 5319 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5320 [Define if you want to specify the path to your utmp file]) 5321fi 5322 5323dnl wtmp detection 5324AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5325AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5326#include <sys/types.h> 5327#include <utmp.h> 5328#ifdef HAVE_PATHS_H 5329# include <paths.h> 5330#endif 5331 ]], [[ char *wtmp = WTMP_FILE; ]])], 5332 [ AC_MSG_RESULT([yes]) ], 5333 [ AC_MSG_RESULT([no]) 5334 system_wtmp_path=no 5335]) 5336if test -z "$conf_wtmp_location"; then 5337 if test x"$system_wtmp_path" = x"no" ; then 5338 for f in /usr/adm/wtmp /var/log/wtmp; do 5339 if test -f $f ; then 5340 conf_wtmp_location=$f 5341 fi 5342 done 5343 if test -z "$conf_wtmp_location"; then 5344 AC_DEFINE([DISABLE_WTMP]) 5345 fi 5346 fi 5347fi 5348if test -n "$conf_wtmp_location"; then 5349 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5350 [Define if you want to specify the path to your wtmp file]) 5351fi 5352 5353dnl wtmpx detection 5354AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5355AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5356#include <sys/types.h> 5357#include <utmp.h> 5358#ifdef HAVE_UTMPX_H 5359#include <utmpx.h> 5360#endif 5361#ifdef HAVE_PATHS_H 5362# include <paths.h> 5363#endif 5364 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5365 [ AC_MSG_RESULT([yes]) ], 5366 [ AC_MSG_RESULT([no]) 5367 system_wtmpx_path=no 5368]) 5369if test -z "$conf_wtmpx_location"; then 5370 if test x"$system_wtmpx_path" = x"no" ; then 5371 AC_DEFINE([DISABLE_WTMPX]) 5372 fi 5373else 5374 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5375 [Define if you want to specify the path to your wtmpx file]) 5376fi 5377 5378 5379if test ! -z "$blibpath" ; then 5380 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5381 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5382fi 5383 5384AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5385 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5386 AC_DEFINE([DISABLE_LASTLOG]) 5387 fi 5388 ], [ 5389#ifdef HAVE_SYS_TYPES_H 5390#include <sys/types.h> 5391#endif 5392#ifdef HAVE_UTMP_H 5393#include <utmp.h> 5394#endif 5395#ifdef HAVE_UTMPX_H 5396#include <utmpx.h> 5397#endif 5398#ifdef HAVE_LASTLOG_H 5399#include <lastlog.h> 5400#endif 5401 ]) 5402 5403AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5404 AC_DEFINE([DISABLE_UTMP]) 5405 AC_DEFINE([DISABLE_WTMP]) 5406 ], [ 5407#ifdef HAVE_SYS_TYPES_H 5408#include <sys/types.h> 5409#endif 5410#ifdef HAVE_UTMP_H 5411#include <utmp.h> 5412#endif 5413#ifdef HAVE_UTMPX_H 5414#include <utmpx.h> 5415#endif 5416#ifdef HAVE_LASTLOG_H 5417#include <lastlog.h> 5418#endif 5419 ]) 5420 5421dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5422dnl Add now. 5423CFLAGS="$CFLAGS $werror_flags" 5424 5425if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5426 TEST_SSH_IPV6=no 5427else 5428 TEST_SSH_IPV6=yes 5429fi 5430AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5431AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5432AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5433AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5434AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5435AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5436 5437CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5438LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5439 5440# Make a copy of CFLAGS/LDFLAGS without PIE options. 5441LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5442CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5443AC_SUBST([LDFLAGS_NOPIE]) 5444AC_SUBST([CFLAGS_NOPIE]) 5445 5446AC_EXEEXT 5447AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5448 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5449 survey.sh]) 5450AC_OUTPUT 5451 5452# Print summary of options 5453 5454# Someone please show me a better way :) 5455A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5456B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5457C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5458D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5459E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5460F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5461G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5462H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5463I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5464J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5465 5466echo "" 5467echo "OpenSSH has been configured with the following options:" 5468echo " User binaries: $B" 5469echo " System binaries: $C" 5470echo " Configuration files: $D" 5471echo " Askpass program: $E" 5472echo " Manual pages: $F" 5473echo " PID file: $G" 5474echo " Privilege separation chroot path: $H" 5475if test "x$external_path_file" = "x/etc/login.conf" ; then 5476echo " At runtime, sshd will use the path defined in $external_path_file" 5477echo " Make sure the path to scp is present, otherwise scp will not work" 5478else 5479echo " sshd default user PATH: $I" 5480 if test ! -z "$external_path_file"; then 5481echo " (If PATH is set in $external_path_file it will be used instead. If" 5482echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5483 fi 5484fi 5485if test ! -z "$superuser_path" ; then 5486echo " sshd superuser user PATH: $J" 5487fi 5488echo " Manpage format: $MANTYPE" 5489echo " PAM support: $PAM_MSG" 5490echo " OSF SIA support: $SIA_MSG" 5491echo " KerberosV support: $KRB5_MSG" 5492echo " SELinux support: $SELINUX_MSG" 5493echo " MD5 password support: $MD5_MSG" 5494echo " libedit support: $LIBEDIT_MSG" 5495echo " libldns support: $LDNS_MSG" 5496echo " Solaris process contract support: $SPC_MSG" 5497echo " Solaris project support: $SP_MSG" 5498echo " Solaris privilege support: $SPP_MSG" 5499echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5500echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5501echo " BSD Auth support: $BSD_AUTH_MSG" 5502echo " Random number source: $RAND_MSG" 5503echo " Privsep sandbox style: $SANDBOX_STYLE" 5504echo " PKCS#11 support: $enable_pkcs11" 5505echo " U2F/FIDO support: $enable_sk" 5506 5507echo "" 5508 5509echo " Host: ${host}" 5510echo " Compiler: ${CC}" 5511echo " Compiler flags: ${CFLAGS}" 5512echo "Preprocessor flags: ${CPPFLAGS}" 5513echo " Linker flags: ${LDFLAGS}" 5514echo " Libraries: ${LIBS}" 5515if test ! -z "${SSHDLIBS}"; then 5516echo " +for sshd: ${SSHDLIBS}" 5517fi 5518 5519echo "" 5520 5521if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5522 echo "SVR4 style packages are supported with \"make package\"" 5523 echo "" 5524fi 5525 5526if test "x$PAM_MSG" = "xyes" ; then 5527 echo "PAM is enabled. You may need to install a PAM control file " 5528 echo "for sshd, otherwise password authentication may fail. " 5529 echo "Example PAM control files can be found in the contrib/ " 5530 echo "subdirectory" 5531 echo "" 5532fi 5533 5534if test ! -z "$NO_PEERCHECK" ; then 5535 echo "WARNING: the operating system that you are using does not" 5536 echo "appear to support getpeereid(), getpeerucred() or the" 5537 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5538 echo "enforce security checks to prevent unauthorised connections to" 5539 echo "ssh-agent. Their absence increases the risk that a malicious" 5540 echo "user can connect to your agent." 5541 echo "" 5542fi 5543 5544if test "$AUDIT_MODULE" = "bsm" ; then 5545 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5546 echo "See the Solaris section in README.platform for details." 5547fi 5548