1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_REVISION($Revision: 1.583 $) 18AC_CONFIG_SRCDIR([ssh.c]) 19AC_LANG([C]) 20 21AC_CONFIG_HEADER([config.h]) 22AC_PROG_CC([cc gcc]) 23AC_CANONICAL_HOST 24AC_C_BIGENDIAN 25 26# Checks for programs. 27AC_PROG_AWK 28AC_PROG_CPP 29AC_PROG_RANLIB 30AC_PROG_INSTALL 31AC_PROG_EGREP 32AC_PROG_MKDIR_P 33AC_CHECK_TOOLS([AR], [ar]) 34AC_PATH_PROG([CAT], [cat]) 35AC_PATH_PROG([KILL], [kill]) 36AC_PATH_PROG([SED], [sed]) 37AC_PATH_PROG([ENT], [ent]) 38AC_SUBST([ENT]) 39AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 40AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 41AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 42AC_PATH_PROG([SH], [sh]) 43AC_PATH_PROG([GROFF], [groff]) 44AC_PATH_PROG([NROFF], [nroff awf]) 45AC_PATH_PROG([MANDOC], [mandoc]) 46AC_SUBST([TEST_SHELL], [sh]) 47 48dnl select manpage formatter to be used to build "cat" format pages. 49if test "x$MANDOC" != "x" ; then 50 MANFMT="$MANDOC" 51elif test "x$NROFF" != "x" ; then 52 MANFMT="$NROFF -mandoc" 53elif test "x$GROFF" != "x" ; then 54 MANFMT="$GROFF -mandoc -Tascii" 55else 56 AC_MSG_WARN([no manpage formatter found]) 57 MANFMT="false" 58fi 59AC_SUBST([MANFMT]) 60 61dnl for buildpkg.sh 62AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 63 [/usr/sbin${PATH_SEPARATOR}/etc]) 64AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 65 [/usr/sbin${PATH_SEPARATOR}/etc]) 66AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 67if test -x /sbin/sh; then 68 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 69else 70 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 71fi 72 73# System features 74AC_SYS_LARGEFILE 75 76if test -z "$AR" ; then 77 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 78fi 79 80AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 81if test ! -z "$PATH_PASSWD_PROG" ; then 82 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 83 [Full path of your "passwd" program]) 84fi 85 86dnl Since autoconf doesn't support it very well, we no longer allow users to 87dnl override LD, however keeping the hook here for now in case there's a use 88dnl use case we overlooked and someone needs to re-enable it. Unless a good 89dnl reason is found we'll be removing this in future. 90LD="$CC" 91AC_SUBST([LD]) 92 93AC_C_INLINE 94 95AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 96AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 97AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 98 #include <sys/types.h> 99 #include <sys/param.h> 100 #include <dev/systrace.h> 101]) 102AC_CHECK_DECL([RLIMIT_NPROC], 103 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 104 #include <sys/types.h> 105 #include <sys/resource.h> 106]) 107AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 108 #include <sys/types.h> 109 #include <linux/prctl.h> 110]) 111 112openssl=yes 113AC_ARG_WITH([openssl], 114 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 115 [ if test "x$withval" = "xno" ; then 116 openssl=no 117 fi 118 ] 119) 120AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 121if test "x$openssl" = "xyes" ; then 122 AC_MSG_RESULT([yes]) 123 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 124else 125 AC_MSG_RESULT([no]) 126fi 127 128use_stack_protector=1 129use_toolchain_hardening=1 130AC_ARG_WITH([stackprotect], 131 [ --without-stackprotect Don't use compiler's stack protection], [ 132 if test "x$withval" = "xno"; then 133 use_stack_protector=0 134 fi ]) 135AC_ARG_WITH([hardening], 136 [ --without-hardening Don't use toolchain hardening flags], [ 137 if test "x$withval" = "xno"; then 138 use_toolchain_hardening=0 139 fi ]) 140 141# We use -Werror for the tests only so that we catch warnings like "this is 142# on by default" for things like -fPIE. 143AC_MSG_CHECKING([if $CC supports -Werror]) 144saved_CFLAGS="$CFLAGS" 145CFLAGS="$CFLAGS -Werror" 146AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 147 [ AC_MSG_RESULT([yes]) 148 WERROR="-Werror"], 149 [ AC_MSG_RESULT([no]) 150 WERROR="" ] 151) 152CFLAGS="$saved_CFLAGS" 153 154if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 155 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 156 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 157 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 158 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 159 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 160 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 161 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 162 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 163 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 164 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 165 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 166 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 167 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 168 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 169 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 170 if test "x$use_toolchain_hardening" = "x1"; then 171 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 172 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 173 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 174 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 175 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 176 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 177 # NB. -ftrapv expects certain support functions to be present in 178 # the compiler library (libgcc or similar) to detect integer operations 179 # that can overflow. We must check that the result of enabling it 180 # actually links. The test program compiled/linked includes a number 181 # of integer operations that should exercise this. 182 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 183 fi 184 AC_MSG_CHECKING([gcc version]) 185 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 186 case $GCC_VER in 187 1.*) no_attrib_nonnull=1 ;; 188 2.8* | 2.9*) 189 no_attrib_nonnull=1 190 ;; 191 2.*) no_attrib_nonnull=1 ;; 192 *) ;; 193 esac 194 AC_MSG_RESULT([$GCC_VER]) 195 196 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 197 saved_CFLAGS="$CFLAGS" 198 CFLAGS="$CFLAGS -fno-builtin-memset" 199 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 200 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 201 [ AC_MSG_RESULT([yes]) ], 202 [ AC_MSG_RESULT([no]) 203 CFLAGS="$saved_CFLAGS" ] 204 ) 205 206 # -fstack-protector-all doesn't always work for some GCC versions 207 # and/or platforms, so we test if we can. If it's not supported 208 # on a given platform gcc will emit a warning so we use -Werror. 209 if test "x$use_stack_protector" = "x1"; then 210 for t in -fstack-protector-strong -fstack-protector-all \ 211 -fstack-protector; do 212 AC_MSG_CHECKING([if $CC supports $t]) 213 saved_CFLAGS="$CFLAGS" 214 saved_LDFLAGS="$LDFLAGS" 215 CFLAGS="$CFLAGS $t -Werror" 216 LDFLAGS="$LDFLAGS $t -Werror" 217 AC_LINK_IFELSE( 218 [AC_LANG_PROGRAM([[ 219 #include <stdio.h> 220 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 221 ]], 222 [[ 223 char x[256]; 224 snprintf(x, sizeof(x), "XXX%d", func(1)); 225 ]])], 226 [ AC_MSG_RESULT([yes]) 227 CFLAGS="$saved_CFLAGS $t" 228 LDFLAGS="$saved_LDFLAGS $t" 229 AC_MSG_CHECKING([if $t works]) 230 AC_RUN_IFELSE( 231 [AC_LANG_PROGRAM([[ 232 #include <stdio.h> 233 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 234 ]], 235 [[ 236 char x[256]; 237 snprintf(x, sizeof(x), "XXX%d", func(1)); 238 ]])], 239 [ AC_MSG_RESULT([yes]) 240 break ], 241 [ AC_MSG_RESULT([no]) ], 242 [ AC_MSG_WARN([cross compiling: cannot test]) 243 break ] 244 ) 245 ], 246 [ AC_MSG_RESULT([no]) ] 247 ) 248 CFLAGS="$saved_CFLAGS" 249 LDFLAGS="$saved_LDFLAGS" 250 done 251 fi 252 253 if test -z "$have_llong_max"; then 254 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 255 unset ac_cv_have_decl_LLONG_MAX 256 saved_CFLAGS="$CFLAGS" 257 CFLAGS="$CFLAGS -std=gnu99" 258 AC_CHECK_DECL([LLONG_MAX], 259 [have_llong_max=1], 260 [CFLAGS="$saved_CFLAGS"], 261 [#include <limits.h>] 262 ) 263 fi 264fi 265 266AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 267AC_COMPILE_IFELSE( 268 [AC_LANG_PROGRAM([[ 269#include <stdlib.h> 270__attribute__((__unused__)) static void foo(void){return;}]], 271 [[ exit(0); ]])], 272 [ AC_MSG_RESULT([yes]) ], 273 [ AC_MSG_RESULT([no]) 274 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 275 [compiler does not accept __attribute__ on return types]) ] 276) 277 278AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 279AC_COMPILE_IFELSE( 280 [AC_LANG_PROGRAM([[ 281#include <stdlib.h> 282typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 283 [[ exit(0); ]])], 284 [ AC_MSG_RESULT([yes]) ], 285 [ AC_MSG_RESULT([no]) 286 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 287 [compiler does not accept __attribute__ on prototype args]) ] 288) 289 290if test "x$no_attrib_nonnull" != "x1" ; then 291 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 292fi 293 294AC_ARG_WITH([rpath], 295 [ --without-rpath Disable auto-added -R linker paths], 296 [ 297 if test "x$withval" = "xno" ; then 298 rpath_opt="" 299 elif test "x$withval" = "xyes" ; then 300 rpath_opt="-R" 301 else 302 rpath_opt="$withval" 303 fi 304 ] 305) 306 307# Allow user to specify flags 308AC_ARG_WITH([cflags], 309 [ --with-cflags Specify additional flags to pass to compiler], 310 [ 311 if test -n "$withval" && test "x$withval" != "xno" && \ 312 test "x${withval}" != "xyes"; then 313 CFLAGS="$CFLAGS $withval" 314 fi 315 ] 316) 317 318AC_ARG_WITH([cflags-after], 319 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 320 [ 321 if test -n "$withval" && test "x$withval" != "xno" && \ 322 test "x${withval}" != "xyes"; then 323 CFLAGS_AFTER="$withval" 324 fi 325 ] 326) 327AC_ARG_WITH([cppflags], 328 [ --with-cppflags Specify additional flags to pass to preprocessor] , 329 [ 330 if test -n "$withval" && test "x$withval" != "xno" && \ 331 test "x${withval}" != "xyes"; then 332 CPPFLAGS="$CPPFLAGS $withval" 333 fi 334 ] 335) 336AC_ARG_WITH([ldflags], 337 [ --with-ldflags Specify additional flags to pass to linker], 338 [ 339 if test -n "$withval" && test "x$withval" != "xno" && \ 340 test "x${withval}" != "xyes"; then 341 LDFLAGS="$LDFLAGS $withval" 342 fi 343 ] 344) 345AC_ARG_WITH([ldflags-after], 346 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 347 [ 348 if test -n "$withval" && test "x$withval" != "xno" && \ 349 test "x${withval}" != "xyes"; then 350 LDFLAGS_AFTER="$withval" 351 fi 352 ] 353) 354AC_ARG_WITH([libs], 355 [ --with-libs Specify additional libraries to link with], 356 [ 357 if test -n "$withval" && test "x$withval" != "xno" && \ 358 test "x${withval}" != "xyes"; then 359 LIBS="$LIBS $withval" 360 fi 361 ] 362) 363AC_ARG_WITH([Werror], 364 [ --with-Werror Build main code with -Werror], 365 [ 366 if test -n "$withval" && test "x$withval" != "xno"; then 367 werror_flags="-Werror" 368 if test "x${withval}" != "xyes"; then 369 werror_flags="$withval" 370 fi 371 fi 372 ] 373) 374 375AC_CHECK_HEADERS([ \ 376 blf.h \ 377 bstring.h \ 378 crypt.h \ 379 crypto/sha2.h \ 380 dirent.h \ 381 endian.h \ 382 elf.h \ 383 err.h \ 384 features.h \ 385 fcntl.h \ 386 floatingpoint.h \ 387 fnmatch.h \ 388 getopt.h \ 389 glob.h \ 390 ia.h \ 391 iaf.h \ 392 ifaddrs.h \ 393 inttypes.h \ 394 langinfo.h \ 395 limits.h \ 396 locale.h \ 397 login.h \ 398 maillock.h \ 399 ndir.h \ 400 net/if_tun.h \ 401 netdb.h \ 402 netgroup.h \ 403 pam/pam_appl.h \ 404 paths.h \ 405 poll.h \ 406 pty.h \ 407 readpassphrase.h \ 408 rpc/types.h \ 409 security/pam_appl.h \ 410 sha2.h \ 411 shadow.h \ 412 stddef.h \ 413 stdint.h \ 414 string.h \ 415 strings.h \ 416 sys/bitypes.h \ 417 sys/byteorder.h \ 418 sys/bsdtty.h \ 419 sys/cdefs.h \ 420 sys/dir.h \ 421 sys/file.h \ 422 sys/mman.h \ 423 sys/label.h \ 424 sys/ndir.h \ 425 sys/poll.h \ 426 sys/prctl.h \ 427 sys/pstat.h \ 428 sys/ptrace.h \ 429 sys/random.h \ 430 sys/select.h \ 431 sys/stat.h \ 432 sys/stream.h \ 433 sys/stropts.h \ 434 sys/strtio.h \ 435 sys/statvfs.h \ 436 sys/sysmacros.h \ 437 sys/time.h \ 438 sys/timers.h \ 439 sys/vfs.h \ 440 time.h \ 441 tmpdir.h \ 442 ttyent.h \ 443 ucred.h \ 444 unistd.h \ 445 usersec.h \ 446 util.h \ 447 utime.h \ 448 utmp.h \ 449 utmpx.h \ 450 vis.h \ 451 wchar.h \ 452]) 453 454# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 455# to be included first. 456AC_CHECK_HEADERS([sys/audit.h], [], [], [ 457#ifdef HAVE_SYS_TIME_H 458# include <sys/time.h> 459#endif 460#ifdef HAVE_SYS_TYPES_H 461# include <sys/types.h> 462#endif 463#ifdef HAVE_SYS_LABEL_H 464# include <sys/label.h> 465#endif 466]) 467 468# sys/capsicum.h requires sys/types.h 469AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ 470#ifdef HAVE_SYS_TYPES_H 471# include <sys/types.h> 472#endif 473]) 474 475# net/route.h requires sys/socket.h and sys/types.h. 476# sys/sysctl.h also requires sys/param.h 477AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 478#ifdef HAVE_SYS_TYPES_H 479# include <sys/types.h> 480#endif 481#include <sys/param.h> 482#include <sys/socket.h> 483]) 484 485# lastlog.h requires sys/time.h to be included first on Solaris 486AC_CHECK_HEADERS([lastlog.h], [], [], [ 487#ifdef HAVE_SYS_TIME_H 488# include <sys/time.h> 489#endif 490]) 491 492# sys/ptms.h requires sys/stream.h to be included first on Solaris 493AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 494#ifdef HAVE_SYS_STREAM_H 495# include <sys/stream.h> 496#endif 497]) 498 499# login_cap.h requires sys/types.h on NetBSD 500AC_CHECK_HEADERS([login_cap.h], [], [], [ 501#include <sys/types.h> 502]) 503 504# older BSDs need sys/param.h before sys/mount.h 505AC_CHECK_HEADERS([sys/mount.h], [], [], [ 506#include <sys/param.h> 507]) 508 509# Android requires sys/socket.h to be included before sys/un.h 510AC_CHECK_HEADERS([sys/un.h], [], [], [ 511#include <sys/types.h> 512#include <sys/socket.h> 513]) 514 515# Messages for features tested for in target-specific section 516SIA_MSG="no" 517SPC_MSG="no" 518SP_MSG="no" 519SPP_MSG="no" 520 521# Support for Solaris/Illumos privileges (this test is used by both 522# the --with-solaris-privs option and --with-sandbox=solaris). 523SOLARIS_PRIVS="no" 524 525# Check for some target-specific stuff 526case "$host" in 527*-*-aix*) 528 # Some versions of VAC won't allow macro redefinitions at 529 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 530 # particularly with older versions of vac or xlc. 531 # It also throws errors about null macro arguments, but these are 532 # not fatal. 533 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 534 AC_COMPILE_IFELSE( 535 [AC_LANG_PROGRAM([[ 536#define testmacro foo 537#define testmacro bar]], 538 [[ exit(0); ]])], 539 [ AC_MSG_RESULT([yes]) ], 540 [ AC_MSG_RESULT([no]) 541 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 542 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 543 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 544 ] 545 ) 546 547 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 548 if (test -z "$blibpath"); then 549 blibpath="/usr/lib:/lib" 550 fi 551 saved_LDFLAGS="$LDFLAGS" 552 if test "$GCC" = "yes"; then 553 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 554 else 555 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 556 fi 557 for tryflags in $flags ;do 558 if (test -z "$blibflags"); then 559 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 560 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 561 [blibflags=$tryflags], []) 562 fi 563 done 564 if (test -z "$blibflags"); then 565 AC_MSG_RESULT([not found]) 566 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 567 else 568 AC_MSG_RESULT([$blibflags]) 569 fi 570 LDFLAGS="$saved_LDFLAGS" 571 dnl Check for authenticate. Might be in libs.a on older AIXes 572 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 573 [Define if you want to enable AIX4's authenticate function])], 574 [AC_CHECK_LIB([s], [authenticate], 575 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 576 LIBS="$LIBS -ls" 577 ]) 578 ]) 579 dnl Check for various auth function declarations in headers. 580 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 581 passwdexpired, setauthdb], , , [#include <usersec.h>]) 582 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 583 AC_CHECK_DECLS([loginfailed], 584 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 585 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 586 [[ (void)loginfailed("user","host","tty",0); ]])], 587 [AC_MSG_RESULT([yes]) 588 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 589 [Define if your AIX loginfailed() function 590 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 591 ])], 592 [], 593 [#include <usersec.h>] 594 ) 595 AC_CHECK_FUNCS([getgrset setauthdb]) 596 AC_CHECK_DECL([F_CLOSEM], 597 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 598 [], 599 [ #include <limits.h> 600 #include <fcntl.h> ] 601 ) 602 check_for_aix_broken_getaddrinfo=1 603 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 604 [Define if your platform breaks doing a seteuid before a setuid]) 605 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 606 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 607 dnl AIX handles lastlog as part of its login message 608 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 609 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 610 [Some systems need a utmpx entry for /bin/login to work]) 611 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 612 [Define to a Set Process Title type if your system is 613 supported by bsd-setproctitle.c]) 614 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 615 [AIX 5.2 and 5.3 (and presumably newer) require this]) 616 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 617 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 618 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 619 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 620 ;; 621*-*-android*) 622 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 623 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 624 ;; 625*-*-cygwin*) 626 check_for_libcrypt_later=1 627 LIBS="$LIBS /usr/lib/textreadmode.o" 628 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 629 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 630 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 631 [Define to disable UID restoration test]) 632 AC_DEFINE([DISABLE_SHADOW], [1], 633 [Define if you want to disable shadow passwords]) 634 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 635 [Define if X11 doesn't support AF_UNIX sockets on that system]) 636 AC_DEFINE([DISABLE_FD_PASSING], [1], 637 [Define if your platform needs to skip post auth 638 file descriptor passing]) 639 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 640 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 641 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 642 # reasons which cause compile warnings, so we disable those warnings. 643 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 644 ;; 645*-*-dgux*) 646 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 647 [Define if your system choked on IP TOS setting]) 648 AC_DEFINE([SETEUID_BREAKS_SETUID]) 649 AC_DEFINE([BROKEN_SETREUID]) 650 AC_DEFINE([BROKEN_SETREGID]) 651 ;; 652*-*-darwin*) 653 use_pie=auto 654 AC_MSG_CHECKING([if we have working getaddrinfo]) 655 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h> 656main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 657 exit(0); 658 else 659 exit(1); 660} 661 ]])], 662 [AC_MSG_RESULT([working])], 663 [AC_MSG_RESULT([buggy]) 664 AC_DEFINE([BROKEN_GETADDRINFO], [1], 665 [getaddrinfo is broken (if present)]) 666 ], 667 [AC_MSG_RESULT([assume it is working])]) 668 AC_DEFINE([SETEUID_BREAKS_SETUID]) 669 AC_DEFINE([BROKEN_SETREUID]) 670 AC_DEFINE([BROKEN_SETREGID]) 671 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 672 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 673 [Define if your resolver libs need this for getrrsetbyname]) 674 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 675 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 676 [Use tunnel device compatibility to OpenBSD]) 677 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 678 [Prepend the address family to IP tunnel traffic]) 679 m4_pattern_allow([AU_IPv]) 680 AC_CHECK_DECL([AU_IPv4], [], 681 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 682 [#include <bsm/audit.h>] 683 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 684 [Define if pututxline updates lastlog too]) 685 ) 686 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 687 [Define to a Set Process Title type if your system is 688 supported by bsd-setproctitle.c]) 689 AC_CHECK_FUNCS([sandbox_init]) 690 AC_CHECK_HEADERS([sandbox.h]) 691 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 692 SSHDLIBS="$SSHDLIBS -lsandbox" 693 ]) 694 # proc_pidinfo()-based closefrom() replacement. 695 AC_CHECK_HEADERS([libproc.h]) 696 AC_CHECK_FUNCS([proc_pidinfo]) 697 ;; 698*-*-dragonfly*) 699 SSHDLIBS="$SSHDLIBS -lcrypt" 700 TEST_MALLOC_OPTIONS="AFGJPRX" 701 ;; 702*-*-haiku*) 703 LIBS="$LIBS -lbsd " 704 CFLAGS="$CFLAGS -D_BSD_SOURCE" 705 AC_CHECK_LIB([network], [socket]) 706 AC_DEFINE([HAVE_U_INT64_T]) 707 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 708 MANTYPE=man 709 ;; 710*-*-hpux*) 711 # first we define all of the options common to all HP-UX releases 712 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 713 IPADDR_IN_DISPLAY=yes 714 AC_DEFINE([USE_PIPES]) 715 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 716 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 717 [String used in /etc/passwd to denote locked account]) 718 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 719 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 720 maildir="/var/mail" 721 LIBS="$LIBS -lsec" 722 AC_CHECK_LIB([xnet], [t_error], , 723 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 724 725 # next, we define all of the options specific to major releases 726 case "$host" in 727 *-*-hpux10*) 728 if test -z "$GCC"; then 729 CFLAGS="$CFLAGS -Ae" 730 fi 731 ;; 732 *-*-hpux11*) 733 AC_DEFINE([PAM_SUN_CODEBASE], [1], 734 [Define if you are using Solaris-derived PAM which 735 passes pam_messages to the conversation function 736 with an extra level of indirection]) 737 AC_DEFINE([DISABLE_UTMP], [1], 738 [Define if you don't want to use utmp]) 739 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 740 check_for_hpux_broken_getaddrinfo=1 741 check_for_conflicting_getspnam=1 742 ;; 743 esac 744 745 # lastly, we define options specific to minor releases 746 case "$host" in 747 *-*-hpux10.26) 748 AC_DEFINE([HAVE_SECUREWARE], [1], 749 [Define if you have SecureWare-based 750 protected password database]) 751 disable_ptmx_check=yes 752 LIBS="$LIBS -lsecpw" 753 ;; 754 esac 755 ;; 756*-*-irix5*) 757 PATH="$PATH:/usr/etc" 758 AC_DEFINE([BROKEN_INET_NTOA], [1], 759 [Define if you system's inet_ntoa is busted 760 (e.g. Irix gcc issue)]) 761 AC_DEFINE([SETEUID_BREAKS_SETUID]) 762 AC_DEFINE([BROKEN_SETREUID]) 763 AC_DEFINE([BROKEN_SETREGID]) 764 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 765 [Define if you shouldn't strip 'tty' from your 766 ttyname in [uw]tmp]) 767 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 768 ;; 769*-*-irix6*) 770 PATH="$PATH:/usr/etc" 771 AC_DEFINE([WITH_IRIX_ARRAY], [1], 772 [Define if you have/want arrays 773 (cluster-wide session management, not C arrays)]) 774 AC_DEFINE([WITH_IRIX_PROJECT], [1], 775 [Define if you want IRIX project management]) 776 AC_DEFINE([WITH_IRIX_AUDIT], [1], 777 [Define if you want IRIX audit trails]) 778 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 779 [Define if you want IRIX kernel jobs])]) 780 AC_DEFINE([BROKEN_INET_NTOA]) 781 AC_DEFINE([SETEUID_BREAKS_SETUID]) 782 AC_DEFINE([BROKEN_SETREUID]) 783 AC_DEFINE([BROKEN_SETREGID]) 784 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 785 AC_DEFINE([WITH_ABBREV_NO_TTY]) 786 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 787 ;; 788*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 789 check_for_libcrypt_later=1 790 AC_DEFINE([PAM_TTY_KLUDGE]) 791 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 792 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 793 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 794 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 795 ;; 796*-*-linux*) 797 no_dev_ptmx=1 798 use_pie=auto 799 check_for_libcrypt_later=1 800 check_for_openpty_ctty_bug=1 801 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 802 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 803 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" 804 AC_DEFINE([PAM_TTY_KLUDGE], [1], 805 [Work around problematic Linux PAM modules handling of PAM_TTY]) 806 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 807 [String used in /etc/passwd to denote locked account]) 808 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 809 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 810 [Define to whatever link() returns for "not supported" 811 if it doesn't return EOPNOTSUPP.]) 812 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 813 AC_DEFINE([USE_BTMP]) 814 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 815 inet6_default_4in6=yes 816 case `uname -r` in 817 1.*|2.0.*) 818 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 819 [Define if cmsg_type is not passed correctly]) 820 ;; 821 esac 822 # tun(4) forwarding compat code 823 AC_CHECK_HEADERS([linux/if_tun.h]) 824 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 825 AC_DEFINE([SSH_TUN_LINUX], [1], 826 [Open tunnel devices the Linux tun/tap way]) 827 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 828 [Use tunnel device compatibility to OpenBSD]) 829 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 830 [Prepend the address family to IP tunnel traffic]) 831 fi 832 AC_CHECK_HEADER([linux/if.h], 833 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 834 [Support routing domains using Linux VRF]), [], [ 835#ifdef HAVE_SYS_TYPES_H 836# include <sys/types.h> 837#endif 838 ]) 839 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 840 [], [#include <linux/types.h>]) 841 # Obtain MIPS ABI 842 case "$host" in 843 mips*) 844 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 845#if _MIPS_SIM != _ABIO32 846#error 847#endif 848 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 849#if _MIPS_SIM != _ABIN32 850#error 851#endif 852 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 853#if _MIPS_SIM != _ABI64 854#error 855#endif 856 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 857 ]) 858 ]) 859 ]) 860 ;; 861 esac 862 AC_MSG_CHECKING([for seccomp architecture]) 863 seccomp_audit_arch= 864 case "$host" in 865 x86_64-*) 866 seccomp_audit_arch=AUDIT_ARCH_X86_64 867 ;; 868 i*86-*) 869 seccomp_audit_arch=AUDIT_ARCH_I386 870 ;; 871 arm*-*) 872 seccomp_audit_arch=AUDIT_ARCH_ARM 873 ;; 874 aarch64*-*) 875 seccomp_audit_arch=AUDIT_ARCH_AARCH64 876 ;; 877 s390x-*) 878 seccomp_audit_arch=AUDIT_ARCH_S390X 879 ;; 880 s390-*) 881 seccomp_audit_arch=AUDIT_ARCH_S390 882 ;; 883 powerpc64-*) 884 seccomp_audit_arch=AUDIT_ARCH_PPC64 885 ;; 886 powerpc64le-*) 887 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 888 ;; 889 mips-*) 890 seccomp_audit_arch=AUDIT_ARCH_MIPS 891 ;; 892 mipsel-*) 893 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 894 ;; 895 mips64-*) 896 case "$mips_abi" in 897 "n32") 898 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 899 ;; 900 "n64") 901 seccomp_audit_arch=AUDIT_ARCH_MIPS64 902 ;; 903 esac 904 ;; 905 mips64el-*) 906 case "$mips_abi" in 907 "n32") 908 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 909 ;; 910 "n64") 911 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 912 ;; 913 esac 914 ;; 915 riscv64-*) 916 seccomp_audit_arch=AUDIT_ARCH_RISCV64 917 ;; 918 esac 919 if test "x$seccomp_audit_arch" != "x" ; then 920 AC_MSG_RESULT(["$seccomp_audit_arch"]) 921 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 922 [Specify the system call convention in use]) 923 else 924 AC_MSG_RESULT([architecture not supported]) 925 fi 926 ;; 927mips-sony-bsd|mips-sony-newsos4) 928 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 929 SONY=1 930 ;; 931*-*-netbsd*) 932 check_for_libcrypt_before=1 933 if test "x$withval" != "xno" ; then 934 rpath_opt="-R" 935 fi 936 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 937 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 938 AC_CHECK_HEADER([net/if_tap.h], , 939 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 940 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 941 [Prepend the address family to IP tunnel traffic]) 942 TEST_MALLOC_OPTIONS="AJRX" 943 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 944 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 945 ;; 946*-*-freebsd*) 947 check_for_libcrypt_later=1 948 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 949 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 950 AC_CHECK_HEADER([net/if_tap.h], , 951 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 952 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 953 TEST_MALLOC_OPTIONS="AJRX" 954 # Preauth crypto occasionally uses file descriptors for crypto offload 955 # and will crash if they cannot be opened. 956 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 957 [define if setrlimit RLIMIT_NOFILE breaks things]) 958 ;; 959*-*-bsdi*) 960 AC_DEFINE([SETEUID_BREAKS_SETUID]) 961 AC_DEFINE([BROKEN_SETREUID]) 962 AC_DEFINE([BROKEN_SETREGID]) 963 ;; 964*-next-*) 965 conf_lastlog_location="/usr/adm/lastlog" 966 conf_utmp_location=/etc/utmp 967 conf_wtmp_location=/usr/adm/wtmp 968 maildir=/usr/spool/mail 969 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 970 AC_DEFINE([USE_PIPES]) 971 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 972 ;; 973*-*-openbsd*) 974 use_pie=auto 975 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 976 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 977 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 978 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 979 [syslog_r function is safe to use in in a signal handler]) 980 TEST_MALLOC_OPTIONS="AFGJPRX" 981 ;; 982*-*-solaris*) 983 if test "x$withval" != "xno" ; then 984 rpath_opt="-R" 985 fi 986 AC_DEFINE([PAM_SUN_CODEBASE]) 987 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 988 AC_DEFINE([PAM_TTY_KLUDGE]) 989 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 990 [Define if pam_chauthtok wants real uid set 991 to the unpriv'ed user]) 992 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 993 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 994 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 995 [Define if sshd somehow reacquires a controlling TTY 996 after setsid()]) 997 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 998 in case the name is longer than 8 chars]) 999 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1000 external_path_file=/etc/default/login 1001 # hardwire lastlog location (can't detect it on some versions) 1002 conf_lastlog_location="/var/adm/lastlog" 1003 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1004 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1005 if test "$sol2ver" -ge 8; then 1006 AC_MSG_RESULT([yes]) 1007 AC_DEFINE([DISABLE_UTMP]) 1008 AC_DEFINE([DISABLE_WTMP], [1], 1009 [Define if you don't want to use wtmp]) 1010 else 1011 AC_MSG_RESULT([no]) 1012 fi 1013 AC_CHECK_FUNCS([setpflags]) 1014 AC_CHECK_FUNCS([setppriv]) 1015 AC_CHECK_FUNCS([priv_basicset]) 1016 AC_CHECK_HEADERS([priv.h]) 1017 AC_ARG_WITH([solaris-contracts], 1018 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1019 [ 1020 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1021 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1022 [Define if you have Solaris process contracts]) 1023 LIBS="$LIBS -lcontract" 1024 SPC_MSG="yes" ], ) 1025 ], 1026 ) 1027 AC_ARG_WITH([solaris-projects], 1028 [ --with-solaris-projects Enable Solaris projects (experimental)], 1029 [ 1030 AC_CHECK_LIB([project], [setproject], 1031 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1032 [Define if you have Solaris projects]) 1033 LIBS="$LIBS -lproject" 1034 SP_MSG="yes" ], ) 1035 ], 1036 ) 1037 AC_ARG_WITH([solaris-privs], 1038 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1039 [ 1040 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1041 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1042 "x$ac_cv_header_priv_h" = "xyes" ; then 1043 SOLARIS_PRIVS=yes 1044 AC_MSG_RESULT([found]) 1045 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1046 [Define to disable UID restoration test]) 1047 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1048 [Define if you have Solaris privileges]) 1049 SPP_MSG="yes" 1050 else 1051 AC_MSG_RESULT([not found]) 1052 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1053 fi 1054 ], 1055 ) 1056 TEST_SHELL=$SHELL # let configure find us a capable shell 1057 ;; 1058*-*-sunos4*) 1059 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1060 AC_CHECK_FUNCS([getpwanam]) 1061 AC_DEFINE([PAM_SUN_CODEBASE]) 1062 conf_utmp_location=/etc/utmp 1063 conf_wtmp_location=/var/adm/wtmp 1064 conf_lastlog_location=/var/adm/lastlog 1065 AC_DEFINE([USE_PIPES]) 1066 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1067 ;; 1068*-ncr-sysv*) 1069 LIBS="$LIBS -lc89" 1070 AC_DEFINE([USE_PIPES]) 1071 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1072 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1073 AC_DEFINE([BROKEN_SETREUID]) 1074 AC_DEFINE([BROKEN_SETREGID]) 1075 ;; 1076*-sni-sysv*) 1077 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1078 AC_CHECK_LIB([dl], [dlsym], ,) 1079 # -lresolv needs to be at the end of LIBS or DNS lookups break 1080 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1081 IPADDR_IN_DISPLAY=yes 1082 AC_DEFINE([USE_PIPES]) 1083 AC_DEFINE([IP_TOS_IS_BROKEN]) 1084 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1085 AC_DEFINE([BROKEN_SETREUID]) 1086 AC_DEFINE([BROKEN_SETREGID]) 1087 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1088 external_path_file=/etc/default/login 1089 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1090 # Attention: always take care to bind libsocket and libnsl before libc, 1091 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1092 ;; 1093# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1094*-*-sysv4.2*) 1095 AC_DEFINE([USE_PIPES]) 1096 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1097 AC_DEFINE([BROKEN_SETREUID]) 1098 AC_DEFINE([BROKEN_SETREGID]) 1099 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1100 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1101 TEST_SHELL=$SHELL # let configure find us a capable shell 1102 ;; 1103# UnixWare 7.x, OpenUNIX 8 1104*-*-sysv5*) 1105 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1106 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1107 AC_DEFINE([USE_PIPES]) 1108 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1109 AC_DEFINE([BROKEN_GETADDRINFO]) 1110 AC_DEFINE([BROKEN_SETREUID]) 1111 AC_DEFINE([BROKEN_SETREGID]) 1112 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1113 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1114 TEST_SHELL=$SHELL # let configure find us a capable shell 1115 check_for_libcrypt_later=1 1116 case "$host" in 1117 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1118 maildir=/var/spool/mail 1119 AC_DEFINE([BROKEN_UPDWTMPX]) 1120 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1121 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1122 ], , ) 1123 ;; 1124 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1125 ;; 1126 esac 1127 ;; 1128*-*-sysv*) 1129 ;; 1130# SCO UNIX and OEM versions of SCO UNIX 1131*-*-sco3.2v4*) 1132 AC_MSG_ERROR("This Platform is no longer supported.") 1133 ;; 1134# SCO OpenServer 5.x 1135*-*-sco3.2v5*) 1136 if test -z "$GCC"; then 1137 CFLAGS="$CFLAGS -belf" 1138 fi 1139 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1140 no_dev_ptmx=1 1141 AC_DEFINE([USE_PIPES]) 1142 AC_DEFINE([HAVE_SECUREWARE]) 1143 AC_DEFINE([DISABLE_SHADOW]) 1144 AC_DEFINE([DISABLE_FD_PASSING]) 1145 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1146 AC_DEFINE([BROKEN_GETADDRINFO]) 1147 AC_DEFINE([BROKEN_SETREUID]) 1148 AC_DEFINE([BROKEN_SETREGID]) 1149 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1150 AC_DEFINE([BROKEN_UPDWTMPX]) 1151 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1152 AC_CHECK_FUNCS([getluid setluid]) 1153 MANTYPE=man 1154 TEST_SHELL=$SHELL # let configure find us a capable shell 1155 SKIP_DISABLE_LASTLOG_DEFINE=yes 1156 ;; 1157*-dec-osf*) 1158 AC_MSG_CHECKING([for Digital Unix SIA]) 1159 no_osfsia="" 1160 AC_ARG_WITH([osfsia], 1161 [ --with-osfsia Enable Digital Unix SIA], 1162 [ 1163 if test "x$withval" = "xno" ; then 1164 AC_MSG_RESULT([disabled]) 1165 no_osfsia=1 1166 fi 1167 ], 1168 ) 1169 if test -z "$no_osfsia" ; then 1170 if test -f /etc/sia/matrix.conf; then 1171 AC_MSG_RESULT([yes]) 1172 AC_DEFINE([HAVE_OSF_SIA], [1], 1173 [Define if you have Digital Unix Security 1174 Integration Architecture]) 1175 AC_DEFINE([DISABLE_LOGIN], [1], 1176 [Define if you don't want to use your 1177 system's login() call]) 1178 AC_DEFINE([DISABLE_FD_PASSING]) 1179 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1180 SIA_MSG="yes" 1181 else 1182 AC_MSG_RESULT([no]) 1183 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1184 [String used in /etc/passwd to denote locked account]) 1185 fi 1186 fi 1187 AC_DEFINE([BROKEN_GETADDRINFO]) 1188 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1189 AC_DEFINE([BROKEN_SETREUID]) 1190 AC_DEFINE([BROKEN_SETREGID]) 1191 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1192 ;; 1193 1194*-*-nto-qnx*) 1195 AC_DEFINE([USE_PIPES]) 1196 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1197 AC_DEFINE([DISABLE_LASTLOG]) 1198 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1199 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1200 enable_etc_default_login=no # has incompatible /etc/default/login 1201 case "$host" in 1202 *-*-nto-qnx6*) 1203 AC_DEFINE([DISABLE_FD_PASSING]) 1204 ;; 1205 esac 1206 ;; 1207 1208*-*-ultrix*) 1209 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1210 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1211 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1212 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1213 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1214 # don't get a controlling tty. 1215 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1216 # On Ultrix some headers are not protected against multiple includes, 1217 # so we create wrappers and put it where the compiler will find it. 1218 AC_MSG_WARN([creating compat wrappers for headers]) 1219 mkdir -p netinet 1220 for header in netinet/ip.h netdb.h resolv.h; do 1221 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1222 cat >$header <<EOD 1223#ifndef _SSH_COMPAT_${name} 1224#define _SSH_COMPAT_${name} 1225#include "/usr/include/${header}" 1226#endif 1227EOD 1228 done 1229 ;; 1230 1231*-*-lynxos) 1232 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1233 AC_DEFINE([BROKEN_SETVBUF], [1], 1234 [LynxOS has broken setvbuf() implementation]) 1235 ;; 1236esac 1237 1238AC_MSG_CHECKING([compiler and flags for sanity]) 1239AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], 1240 [ AC_MSG_RESULT([yes]) ], 1241 [ 1242 AC_MSG_RESULT([no]) 1243 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1244 ], 1245 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1246) 1247 1248dnl Checks for header files. 1249# Checks for libraries. 1250AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1251 1252dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1253AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1254 AC_CHECK_LIB([gen], [dirname], [ 1255 AC_CACHE_CHECK([for broken dirname], 1256 ac_cv_have_broken_dirname, [ 1257 save_LIBS="$LIBS" 1258 LIBS="$LIBS -lgen" 1259 AC_RUN_IFELSE( 1260 [AC_LANG_SOURCE([[ 1261#include <libgen.h> 1262#include <string.h> 1263 1264int main(int argc, char **argv) { 1265 char *s, buf[32]; 1266 1267 strncpy(buf,"/etc", 32); 1268 s = dirname(buf); 1269 if (!s || strncmp(s, "/", 32) != 0) { 1270 exit(1); 1271 } else { 1272 exit(0); 1273 } 1274} 1275 ]])], 1276 [ ac_cv_have_broken_dirname="no" ], 1277 [ ac_cv_have_broken_dirname="yes" ], 1278 [ ac_cv_have_broken_dirname="no" ], 1279 ) 1280 LIBS="$save_LIBS" 1281 ]) 1282 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1283 LIBS="$LIBS -lgen" 1284 AC_DEFINE([HAVE_DIRNAME]) 1285 AC_CHECK_HEADERS([libgen.h]) 1286 fi 1287 ]) 1288]) 1289 1290AC_CHECK_FUNC([getspnam], , 1291 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1292AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1293 [Define if you have the basename function.])]) 1294 1295dnl zlib defaults to enabled 1296zlib=yes 1297AC_ARG_WITH([zlib], 1298 [ --with-zlib=PATH Use zlib in PATH], 1299 [ if test "x$withval" = "xno" ; then 1300 zlib=no 1301 elif test "x$withval" != "xyes"; then 1302 if test -d "$withval/lib"; then 1303 if test -n "${rpath_opt}"; then 1304 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1305 else 1306 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1307 fi 1308 else 1309 if test -n "${rpath_opt}"; then 1310 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1311 else 1312 LDFLAGS="-L${withval} ${LDFLAGS}" 1313 fi 1314 fi 1315 if test -d "$withval/include"; then 1316 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1317 else 1318 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1319 fi 1320 fi ] 1321) 1322 1323AC_MSG_CHECKING([for zlib]) 1324if test "x${zlib}" = "xno"; then 1325 AC_MSG_RESULT([no]) 1326else 1327 AC_MSG_RESULT([yes]) 1328 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1329 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1330 AC_CHECK_LIB([z], [deflate], , 1331 [ 1332 saved_CPPFLAGS="$CPPFLAGS" 1333 saved_LDFLAGS="$LDFLAGS" 1334 save_LIBS="$LIBS" 1335 dnl Check default zlib install dir 1336 if test -n "${rpath_opt}"; then 1337 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1338 else 1339 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1340 fi 1341 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1342 LIBS="$LIBS -lz" 1343 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1344 [ 1345 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1346 ] 1347 ) 1348 ] 1349 ) 1350 1351 AC_ARG_WITH([zlib-version-check], 1352 [ --without-zlib-version-check Disable zlib version check], 1353 [ if test "x$withval" = "xno" ; then 1354 zlib_check_nonfatal=1 1355 fi 1356 ] 1357 ) 1358 1359 AC_MSG_CHECKING([for possibly buggy zlib]) 1360 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1361#include <stdio.h> 1362#include <stdlib.h> 1363#include <zlib.h> 1364 ]], 1365 [[ 1366 int a=0, b=0, c=0, d=0, n, v; 1367 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1368 if (n != 3 && n != 4) 1369 exit(1); 1370 v = a*1000000 + b*10000 + c*100 + d; 1371 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1372 1373 /* 1.1.4 is OK */ 1374 if (a == 1 && b == 1 && c >= 4) 1375 exit(0); 1376 1377 /* 1.2.3 and up are OK */ 1378 if (v >= 1020300) 1379 exit(0); 1380 1381 exit(2); 1382 ]])], 1383 AC_MSG_RESULT([no]), 1384 [ AC_MSG_RESULT([yes]) 1385 if test -z "$zlib_check_nonfatal" ; then 1386 AC_MSG_ERROR([*** zlib too old - check config.log *** 1387Your reported zlib version has known security problems. It's possible your 1388vendor has fixed these problems without changing the version number. If you 1389are sure this is the case, you can disable the check by running 1390"./configure --without-zlib-version-check". 1391If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1392See http://www.gzip.org/zlib/ for details.]) 1393 else 1394 AC_MSG_WARN([zlib version may have security problems]) 1395 fi 1396 ], 1397 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1398 ) 1399fi 1400 1401dnl UnixWare 2.x 1402AC_CHECK_FUNC([strcasecmp], 1403 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1404) 1405AC_CHECK_FUNCS([utimes], 1406 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1407 LIBS="$LIBS -lc89"]) ] 1408) 1409 1410dnl Checks for libutil functions 1411AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1412AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1413AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1414AC_SEARCH_LIBS([login], [util bsd]) 1415AC_SEARCH_LIBS([logout], [util bsd]) 1416AC_SEARCH_LIBS([logwtmp], [util bsd]) 1417AC_SEARCH_LIBS([openpty], [util bsd]) 1418AC_SEARCH_LIBS([updwtmp], [util bsd]) 1419AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1420 1421# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1422# or libnsl. 1423AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1424AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1425 1426# "Particular Function Checks" 1427# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1428AC_FUNC_STRFTIME 1429AC_FUNC_MALLOC 1430AC_FUNC_REALLOC 1431# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1432AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1433AC_RUN_IFELSE( 1434 [AC_LANG_PROGRAM( 1435 [[ #include <stdlib.h> ]], 1436 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1437 )], 1438 [ func_calloc_0_nonnull=yes ], 1439 [ func_calloc_0_nonnull=no ], 1440 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1441 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1442) 1443AC_MSG_RESULT([$func_calloc_0_nonnull]) 1444 1445if test "x$func_calloc_0_nonnull" = "xyes"; then 1446 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1447else 1448 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1449 AC_DEFINE(calloc, rpl_calloc, 1450 [Define to rpl_calloc if the replacement function should be used.]) 1451fi 1452 1453# Check for ALTDIRFUNC glob() extension 1454AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1455AC_EGREP_CPP([FOUNDIT], 1456 [ 1457 #include <glob.h> 1458 #ifdef GLOB_ALTDIRFUNC 1459 FOUNDIT 1460 #endif 1461 ], 1462 [ 1463 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1464 [Define if your system glob() function has 1465 the GLOB_ALTDIRFUNC extension]) 1466 AC_MSG_RESULT([yes]) 1467 ], 1468 [ 1469 AC_MSG_RESULT([no]) 1470 ] 1471) 1472 1473# Check for g.gl_matchc glob() extension 1474AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1475AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1476 [[ glob_t g; g.gl_matchc = 1; ]])], 1477 [ 1478 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1479 [Define if your system glob() function has 1480 gl_matchc options in glob_t]) 1481 AC_MSG_RESULT([yes]) 1482 ], [ 1483 AC_MSG_RESULT([no]) 1484]) 1485 1486# Check for g.gl_statv glob() extension 1487AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1488AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1489#ifndef GLOB_KEEPSTAT 1490#error "glob does not support GLOB_KEEPSTAT extension" 1491#endif 1492glob_t g; 1493g.gl_statv = NULL; 1494]])], 1495 [ 1496 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1497 [Define if your system glob() function has 1498 gl_statv options in glob_t]) 1499 AC_MSG_RESULT([yes]) 1500 ], [ 1501 AC_MSG_RESULT([no]) 1502 1503]) 1504 1505AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1506 1507AC_CHECK_DECL([VIS_ALL], , 1508 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1509 1510AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1511AC_RUN_IFELSE( 1512 [AC_LANG_PROGRAM([[ 1513#include <sys/types.h> 1514#include <dirent.h>]], 1515 [[ 1516 struct dirent d; 1517 exit(sizeof(d.d_name)<=sizeof(char)); 1518 ]])], 1519 [AC_MSG_RESULT([yes])], 1520 [ 1521 AC_MSG_RESULT([no]) 1522 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1523 [Define if your struct dirent expects you to 1524 allocate extra space for d_name]) 1525 ], 1526 [ 1527 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1528 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1529 ] 1530) 1531 1532AC_MSG_CHECKING([for /proc/pid/fd directory]) 1533if test -d "/proc/$$/fd" ; then 1534 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1535 AC_MSG_RESULT([yes]) 1536else 1537 AC_MSG_RESULT([no]) 1538fi 1539 1540# Check whether user wants to use ldns 1541LDNS_MSG="no" 1542AC_ARG_WITH(ldns, 1543 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1544 [ 1545 ldns="" 1546 if test "x$withval" = "xyes" ; then 1547 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1548 if test "x$LDNSCONFIG" = "xno"; then 1549 LIBS="-lldns $LIBS" 1550 ldns=yes 1551 else 1552 LIBS="$LIBS `$LDNSCONFIG --libs`" 1553 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1554 ldns=yes 1555 fi 1556 elif test "x$withval" != "xno" ; then 1557 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1558 LDFLAGS="$LDFLAGS -L${withval}/lib" 1559 LIBS="-lldns $LIBS" 1560 ldns=yes 1561 fi 1562 1563 # Verify that it works. 1564 if test "x$ldns" = "xyes" ; then 1565 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1566 LDNS_MSG="yes" 1567 AC_MSG_CHECKING([for ldns support]) 1568 AC_LINK_IFELSE( 1569 [AC_LANG_SOURCE([[ 1570#include <stdio.h> 1571#include <stdlib.h> 1572#ifdef HAVE_STDINT_H 1573# include <stdint.h> 1574#endif 1575#include <ldns/ldns.h> 1576int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1577 ]]) 1578 ], 1579 [AC_MSG_RESULT(yes)], 1580 [ 1581 AC_MSG_RESULT(no) 1582 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1583 ]) 1584 fi 1585]) 1586 1587# Check whether user wants libedit support 1588LIBEDIT_MSG="no" 1589AC_ARG_WITH([libedit], 1590 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1591 [ if test "x$withval" != "xno" ; then 1592 if test "x$withval" = "xyes" ; then 1593 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1594 if test "x$PKGCONFIG" != "xno"; then 1595 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1596 if "$PKGCONFIG" libedit; then 1597 AC_MSG_RESULT([yes]) 1598 use_pkgconfig_for_libedit=yes 1599 else 1600 AC_MSG_RESULT([no]) 1601 fi 1602 fi 1603 else 1604 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1605 if test -n "${rpath_opt}"; then 1606 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1607 else 1608 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1609 fi 1610 fi 1611 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1612 LIBEDIT=`$PKGCONFIG --libs libedit` 1613 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1614 else 1615 LIBEDIT="-ledit -lcurses" 1616 fi 1617 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1618 AC_CHECK_LIB([edit], [el_init], 1619 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1620 LIBEDIT_MSG="yes" 1621 AC_SUBST([LIBEDIT]) 1622 ], 1623 [ AC_MSG_ERROR([libedit not found]) ], 1624 [ $OTHERLIBS ] 1625 ) 1626 AC_MSG_CHECKING([if libedit version is compatible]) 1627 AC_COMPILE_IFELSE( 1628 [AC_LANG_PROGRAM([[ #include <histedit.h> ]], 1629 [[ 1630 int i = H_SETSIZE; 1631 el_init("", NULL, NULL, NULL); 1632 exit(0); 1633 ]])], 1634 [ AC_MSG_RESULT([yes]) ], 1635 [ AC_MSG_RESULT([no]) 1636 AC_MSG_ERROR([libedit version is not compatible]) ] 1637 ) 1638 fi ] 1639) 1640 1641AUDIT_MODULE=none 1642AC_ARG_WITH([audit], 1643 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1644 [ 1645 AC_MSG_CHECKING([for supported audit module]) 1646 case "$withval" in 1647 bsm) 1648 AC_MSG_RESULT([bsm]) 1649 AUDIT_MODULE=bsm 1650 dnl Checks for headers, libs and functions 1651 AC_CHECK_HEADERS([bsm/audit.h], [], 1652 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1653 [ 1654#ifdef HAVE_TIME_H 1655# include <time.h> 1656#endif 1657 ] 1658) 1659 AC_CHECK_LIB([bsm], [getaudit], [], 1660 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1661 AC_CHECK_FUNCS([getaudit], [], 1662 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1663 # These are optional 1664 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1665 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1666 if test "$sol2ver" -ge 11; then 1667 SSHDLIBS="$SSHDLIBS -lscf" 1668 AC_DEFINE([BROKEN_BSM_API], [1], 1669 [The system has incomplete BSM API]) 1670 fi 1671 ;; 1672 linux) 1673 AC_MSG_RESULT([linux]) 1674 AUDIT_MODULE=linux 1675 dnl Checks for headers, libs and functions 1676 AC_CHECK_HEADERS([libaudit.h]) 1677 SSHDLIBS="$SSHDLIBS -laudit" 1678 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1679 ;; 1680 debug) 1681 AUDIT_MODULE=debug 1682 AC_MSG_RESULT([debug]) 1683 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1684 ;; 1685 no) 1686 AC_MSG_RESULT([no]) 1687 ;; 1688 *) 1689 AC_MSG_ERROR([Unknown audit module $withval]) 1690 ;; 1691 esac ] 1692) 1693 1694AC_ARG_WITH([pie], 1695 [ --with-pie Build Position Independent Executables if possible], [ 1696 if test "x$withval" = "xno"; then 1697 use_pie=no 1698 fi 1699 if test "x$withval" = "xyes"; then 1700 use_pie=yes 1701 fi 1702 ] 1703) 1704if test "x$use_pie" = "x"; then 1705 use_pie=no 1706fi 1707if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1708 # Turn off automatic PIE when toolchain hardening is off. 1709 use_pie=no 1710fi 1711if test "x$use_pie" = "xauto"; then 1712 # Automatic PIE requires gcc >= 4.x 1713 AC_MSG_CHECKING([for gcc >= 4.x]) 1714 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1715#if !defined(__GNUC__) || __GNUC__ < 4 1716#error gcc is too old 1717#endif 1718]])], 1719 [ AC_MSG_RESULT([yes]) ], 1720 [ AC_MSG_RESULT([no]) 1721 use_pie=no ] 1722) 1723fi 1724if test "x$use_pie" != "xno"; then 1725 SAVED_CFLAGS="$CFLAGS" 1726 SAVED_LDFLAGS="$LDFLAGS" 1727 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1728 OSSH_CHECK_LDFLAG_LINK([-pie]) 1729 # We use both -fPIE and -pie or neither. 1730 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1731 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1732 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1733 AC_MSG_RESULT([yes]) 1734 else 1735 AC_MSG_RESULT([no]) 1736 CFLAGS="$SAVED_CFLAGS" 1737 LDFLAGS="$SAVED_LDFLAGS" 1738 fi 1739fi 1740 1741AC_MSG_CHECKING([whether -fPIC is accepted]) 1742SAVED_CFLAGS="$CFLAGS" 1743CFLAGS="$CFLAGS -fPIC" 1744AC_COMPILE_IFELSE( 1745 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1746 [AC_MSG_RESULT([yes]) 1747 PICFLAG="-fPIC"; ], 1748 [AC_MSG_RESULT([no]) 1749 PICFLAG=""; ]) 1750CFLAGS="$SAVED_CFLAGS" 1751AC_SUBST([PICFLAG]) 1752 1753dnl Checks for library functions. Please keep in alphabetical order 1754AC_CHECK_FUNCS([ \ 1755 Blowfish_initstate \ 1756 Blowfish_expandstate \ 1757 Blowfish_expand0state \ 1758 Blowfish_stream2word \ 1759 SHA256Update \ 1760 SHA384Update \ 1761 SHA512Update \ 1762 asprintf \ 1763 b64_ntop \ 1764 __b64_ntop \ 1765 b64_pton \ 1766 __b64_pton \ 1767 bcopy \ 1768 bcrypt_pbkdf \ 1769 bindresvport_sa \ 1770 blf_enc \ 1771 bzero \ 1772 cap_rights_limit \ 1773 clock \ 1774 closefrom \ 1775 dirfd \ 1776 endgrent \ 1777 err \ 1778 errx \ 1779 explicit_bzero \ 1780 fchmod \ 1781 fchmodat \ 1782 fchown \ 1783 fchownat \ 1784 flock \ 1785 fnmatch \ 1786 freeaddrinfo \ 1787 freezero \ 1788 fstatfs \ 1789 fstatvfs \ 1790 futimes \ 1791 getaddrinfo \ 1792 getcwd \ 1793 getgrouplist \ 1794 getline \ 1795 getnameinfo \ 1796 getopt \ 1797 getpagesize \ 1798 getpeereid \ 1799 getpeerucred \ 1800 getpgid \ 1801 _getpty \ 1802 getrlimit \ 1803 getrandom \ 1804 getsid \ 1805 getttyent \ 1806 glob \ 1807 group_from_gid \ 1808 inet_aton \ 1809 inet_ntoa \ 1810 inet_ntop \ 1811 innetgr \ 1812 llabs \ 1813 localtime_r \ 1814 login_getcapbool \ 1815 md5_crypt \ 1816 memmem \ 1817 memmove \ 1818 memset_s \ 1819 mkdtemp \ 1820 ngetaddrinfo \ 1821 nsleep \ 1822 ogetaddrinfo \ 1823 openlog_r \ 1824 pledge \ 1825 poll \ 1826 prctl \ 1827 pstat \ 1828 raise \ 1829 readpassphrase \ 1830 reallocarray \ 1831 realpath \ 1832 recvmsg \ 1833 recallocarray \ 1834 rresvport_af \ 1835 sendmsg \ 1836 setdtablesize \ 1837 setegid \ 1838 setenv \ 1839 seteuid \ 1840 setgroupent \ 1841 setgroups \ 1842 setlinebuf \ 1843 setlogin \ 1844 setpassent\ 1845 setpcred \ 1846 setproctitle \ 1847 setregid \ 1848 setreuid \ 1849 setrlimit \ 1850 setsid \ 1851 setvbuf \ 1852 sigaction \ 1853 sigvec \ 1854 snprintf \ 1855 socketpair \ 1856 statfs \ 1857 statvfs \ 1858 strcasestr \ 1859 strdup \ 1860 strerror \ 1861 strlcat \ 1862 strlcpy \ 1863 strmode \ 1864 strndup \ 1865 strnlen \ 1866 strnvis \ 1867 strptime \ 1868 strsignal \ 1869 strtonum \ 1870 strtoll \ 1871 strtoul \ 1872 strtoull \ 1873 swap32 \ 1874 sysconf \ 1875 tcgetpgrp \ 1876 timingsafe_bcmp \ 1877 truncate \ 1878 unsetenv \ 1879 updwtmpx \ 1880 utimensat \ 1881 user_from_uid \ 1882 usleep \ 1883 vasprintf \ 1884 vsnprintf \ 1885 waitpid \ 1886 warn \ 1887]) 1888 1889AC_CHECK_DECLS([bzero, memmem]) 1890 1891dnl Wide character support. 1892AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1893 1894TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 1895AC_MSG_CHECKING([for utf8 locale support]) 1896AC_RUN_IFELSE( 1897 [AC_LANG_PROGRAM([[ 1898#include <locale.h> 1899#include <stdlib.h> 1900 ]], [[ 1901 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 1902 if (loc != NULL) 1903 exit(0); 1904 exit(1); 1905 ]])], 1906 AC_MSG_RESULT(yes), 1907 [AC_MSG_RESULT(no) 1908 TEST_SSH_UTF8=no], 1909 AC_MSG_WARN([cross compiling: assuming yes]) 1910) 1911 1912AC_LINK_IFELSE( 1913 [AC_LANG_PROGRAM( 1914 [[ #include <ctype.h> ]], 1915 [[ return (isblank('a')); ]])], 1916 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1917]) 1918 1919disable_pkcs11= 1920AC_ARG_ENABLE([pkcs11], 1921 [ --disable-pkcs11 disable PKCS#11 support code [no]], 1922 [ 1923 if test "x$enableval" = "xno" ; then 1924 disable_pkcs11=1 1925 fi 1926 ] 1927) 1928 1929disable_sk= 1930AC_ARG_ENABLE([security-key], 1931 [ --disable-security-key disable U2F/FIDO support code [no]], 1932 [ 1933 if test "x$enableval" = "xno" ; then 1934 disable_sk=1 1935 fi 1936 ] 1937) 1938enable_sk_internal= 1939AC_ARG_WITH([security-key-builtin], 1940 [ --with-security-key-builtin include builtin U2F/FIDO support], 1941 [ 1942 if test "x$withval" != "xno" ; then 1943 enable_sk_internal=yes 1944 fi 1945 ] 1946) 1947test "x$disable_sk" != "x" && enable_sk_internal="" 1948 1949AC_SEARCH_LIBS([dlopen], [dl]) 1950AC_CHECK_FUNCS([dlopen]) 1951AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 1952 1953# IRIX has a const char return value for gai_strerror() 1954AC_CHECK_FUNCS([gai_strerror], [ 1955 AC_DEFINE([HAVE_GAI_STRERROR]) 1956 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1957#include <sys/types.h> 1958#include <sys/socket.h> 1959#include <netdb.h> 1960 1961const char *gai_strerror(int); 1962 ]], [[ 1963 char *str; 1964 str = gai_strerror(0); 1965 ]])], [ 1966 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1967 [Define if gai_strerror() returns const char *])], [])]) 1968 1969AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1970 [Some systems put nanosleep outside of libc])]) 1971 1972AC_SEARCH_LIBS([clock_gettime], [rt], 1973 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1974 1975dnl check if we need -D_REENTRANT for localtime_r declaration. 1976AC_CHECK_DECL([localtime_r], [], 1977 [ saved_CPPFLAGS="$CFLAGS" 1978 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 1979 unset ac_cv_have_decl_localtime_r 1980 AC_CHECK_DECL([localtime_r], [], 1981 [ CPPFLAGS="$saved_CPPFLAGS" ], 1982 [ #include <time.h> ] 1983 ) 1984 ], 1985 [ #include <time.h> ] 1986) 1987 1988dnl Make sure prototypes are defined for these before using them. 1989AC_CHECK_DECL([strsep], 1990 [AC_CHECK_FUNCS([strsep])], 1991 [], 1992 [ 1993#ifdef HAVE_STRING_H 1994# include <string.h> 1995#endif 1996 ]) 1997 1998dnl tcsendbreak might be a macro 1999AC_CHECK_DECL([tcsendbreak], 2000 [AC_DEFINE([HAVE_TCSENDBREAK])], 2001 [AC_CHECK_FUNCS([tcsendbreak])], 2002 [#include <termios.h>] 2003) 2004 2005AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2006 2007AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2008 [ 2009#include <sys/types.h> 2010#include <sys/socket.h> 2011#include <unistd.h> 2012 ]) 2013 2014AC_CHECK_DECLS([O_NONBLOCK], , , 2015 [ 2016#include <sys/types.h> 2017#ifdef HAVE_SYS_STAT_H 2018# include <sys/stat.h> 2019#endif 2020#ifdef HAVE_FCNTL_H 2021# include <fcntl.h> 2022#endif 2023 ]) 2024 2025AC_CHECK_DECLS([readv, writev], , , [ 2026#include <sys/types.h> 2027#include <sys/uio.h> 2028#include <unistd.h> 2029 ]) 2030 2031AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2032#include <sys/param.h> 2033 ]) 2034 2035AC_CHECK_DECLS([offsetof], , , [ 2036#include <stddef.h> 2037 ]) 2038 2039# extra bits for select(2) 2040AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2041#include <sys/param.h> 2042#include <sys/types.h> 2043#ifdef HAVE_SYS_SYSMACROS_H 2044#include <sys/sysmacros.h> 2045#endif 2046#ifdef HAVE_SYS_SELECT_H 2047#include <sys/select.h> 2048#endif 2049#ifdef HAVE_SYS_TIME_H 2050#include <sys/time.h> 2051#endif 2052#ifdef HAVE_UNISTD_H 2053#include <unistd.h> 2054#endif 2055 ]]) 2056AC_CHECK_TYPES([fd_mask], [], [], [[ 2057#include <sys/param.h> 2058#include <sys/types.h> 2059#ifdef HAVE_SYS_SELECT_H 2060#include <sys/select.h> 2061#endif 2062#ifdef HAVE_SYS_TIME_H 2063#include <sys/time.h> 2064#endif 2065#ifdef HAVE_UNISTD_H 2066#include <unistd.h> 2067#endif 2068 ]]) 2069 2070AC_CHECK_FUNCS([setresuid], [ 2071 dnl Some platorms have setresuid that isn't implemented, test for this 2072 AC_MSG_CHECKING([if setresuid seems to work]) 2073 AC_RUN_IFELSE( 2074 [AC_LANG_PROGRAM([[ 2075#include <stdlib.h> 2076#include <errno.h> 2077 ]], [[ 2078 errno=0; 2079 setresuid(0,0,0); 2080 if (errno==ENOSYS) 2081 exit(1); 2082 else 2083 exit(0); 2084 ]])], 2085 [AC_MSG_RESULT([yes])], 2086 [AC_DEFINE([BROKEN_SETRESUID], [1], 2087 [Define if your setresuid() is broken]) 2088 AC_MSG_RESULT([not implemented])], 2089 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2090 ) 2091]) 2092 2093AC_CHECK_FUNCS([setresgid], [ 2094 dnl Some platorms have setresgid that isn't implemented, test for this 2095 AC_MSG_CHECKING([if setresgid seems to work]) 2096 AC_RUN_IFELSE( 2097 [AC_LANG_PROGRAM([[ 2098#include <stdlib.h> 2099#include <errno.h> 2100 ]], [[ 2101 errno=0; 2102 setresgid(0,0,0); 2103 if (errno==ENOSYS) 2104 exit(1); 2105 else 2106 exit(0); 2107 ]])], 2108 [AC_MSG_RESULT([yes])], 2109 [AC_DEFINE([BROKEN_SETRESGID], [1], 2110 [Define if your setresgid() is broken]) 2111 AC_MSG_RESULT([not implemented])], 2112 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2113 ) 2114]) 2115 2116AC_MSG_CHECKING([for working fflush(NULL)]) 2117AC_RUN_IFELSE( 2118 [AC_LANG_PROGRAM([[#include <stdio.h>]], [[fflush(NULL); exit(0);]])], 2119 AC_MSG_RESULT([yes]), 2120 [AC_MSG_RESULT([no]) 2121 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2122 [define if fflush(NULL) does not work])], 2123 AC_MSG_WARN([cross compiling: assuming working]) 2124) 2125 2126dnl Checks for time functions 2127AC_CHECK_FUNCS([gettimeofday time]) 2128dnl Checks for utmp functions 2129AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2130AC_CHECK_FUNCS([utmpname]) 2131dnl Checks for utmpx functions 2132AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2133AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2134dnl Checks for lastlog functions 2135AC_CHECK_FUNCS([getlastlogxbyname]) 2136 2137AC_CHECK_FUNC([daemon], 2138 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2139 [AC_CHECK_LIB([bsd], [daemon], 2140 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2141) 2142 2143AC_CHECK_FUNC([getpagesize], 2144 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2145 [Define if your libraries define getpagesize()])], 2146 [AC_CHECK_LIB([ucb], [getpagesize], 2147 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2148) 2149 2150# Check for broken snprintf 2151if test "x$ac_cv_func_snprintf" = "xyes" ; then 2152 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2153 AC_RUN_IFELSE( 2154 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 2155 [[ 2156 char b[5]; 2157 snprintf(b,5,"123456789"); 2158 exit(b[4]!='\0'); 2159 ]])], 2160 [AC_MSG_RESULT([yes])], 2161 [ 2162 AC_MSG_RESULT([no]) 2163 AC_DEFINE([BROKEN_SNPRINTF], [1], 2164 [Define if your snprintf is busted]) 2165 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2166 ], 2167 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2168 ) 2169fi 2170 2171if test "x$ac_cv_func_snprintf" = "xyes" ; then 2172 AC_MSG_CHECKING([whether snprintf understands %zu]) 2173 AC_RUN_IFELSE( 2174 [AC_LANG_PROGRAM([[ 2175#include <sys/types.h> 2176#include <stdio.h> 2177 ]], 2178 [[ 2179 size_t a = 1, b = 2; 2180 char z[128]; 2181 snprintf(z, sizeof z, "%zu%zu", a, b); 2182 exit(strcmp(z, "12")); 2183 ]])], 2184 [AC_MSG_RESULT([yes])], 2185 [ 2186 AC_MSG_RESULT([no]) 2187 AC_DEFINE([BROKEN_SNPRINTF], [1], 2188 [snprintf does not understand %zu]) 2189 ], 2190 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2191 ) 2192fi 2193 2194# We depend on vsnprintf returning the right thing on overflow: the 2195# number of characters it tried to create (as per SUSv3) 2196if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2197 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2198 AC_RUN_IFELSE( 2199 [AC_LANG_PROGRAM([[ 2200#include <sys/types.h> 2201#include <stdio.h> 2202#include <stdarg.h> 2203 2204int x_snprintf(char *str, size_t count, const char *fmt, ...) 2205{ 2206 size_t ret; 2207 va_list ap; 2208 2209 va_start(ap, fmt); 2210 ret = vsnprintf(str, count, fmt, ap); 2211 va_end(ap); 2212 return ret; 2213} 2214 ]], [[ 2215char x[1]; 2216if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2217 return 1; 2218if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2219 return 1; 2220return 0; 2221 ]])], 2222 [AC_MSG_RESULT([yes])], 2223 [ 2224 AC_MSG_RESULT([no]) 2225 AC_DEFINE([BROKEN_SNPRINTF], [1], 2226 [Define if your snprintf is busted]) 2227 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2228 ], 2229 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2230 ) 2231fi 2232 2233# On systems where [v]snprintf is broken, but is declared in stdio, 2234# check that the fmt argument is const char * or just char *. 2235# This is only useful for when BROKEN_SNPRINTF 2236AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2237AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2238#include <stdio.h> 2239int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2240 ]], [[ 2241 snprintf(0, 0, 0); 2242 ]])], 2243 [AC_MSG_RESULT([yes]) 2244 AC_DEFINE([SNPRINTF_CONST], [const], 2245 [Define as const if snprintf() can declare const char *fmt])], 2246 [AC_MSG_RESULT([no]) 2247 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2248 2249# Check for missing getpeereid (or equiv) support 2250NO_PEERCHECK="" 2251if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2252 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2253 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2254#include <sys/types.h> 2255#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2256 [ AC_MSG_RESULT([yes]) 2257 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2258 ], [AC_MSG_RESULT([no]) 2259 NO_PEERCHECK=1 2260 ]) 2261fi 2262 2263dnl see whether mkstemp() requires XXXXXX 2264if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 2265AC_MSG_CHECKING([for (overly) strict mkstemp]) 2266AC_RUN_IFELSE( 2267 [AC_LANG_PROGRAM([[ 2268#include <stdlib.h> 2269 ]], [[ 2270 char template[]="conftest.mkstemp-test"; 2271 if (mkstemp(template) == -1) 2272 exit(1); 2273 unlink(template); 2274 exit(0); 2275 ]])], 2276 [ 2277 AC_MSG_RESULT([no]) 2278 ], 2279 [ 2280 AC_MSG_RESULT([yes]) 2281 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) 2282 ], 2283 [ 2284 AC_MSG_RESULT([yes]) 2285 AC_DEFINE([HAVE_STRICT_MKSTEMP]) 2286 ] 2287) 2288fi 2289 2290dnl make sure that openpty does not reacquire controlling terminal 2291if test ! -z "$check_for_openpty_ctty_bug"; then 2292 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2293 AC_RUN_IFELSE( 2294 [AC_LANG_PROGRAM([[ 2295#include <stdio.h> 2296#include <sys/fcntl.h> 2297#include <sys/types.h> 2298#include <sys/wait.h> 2299 ]], [[ 2300 pid_t pid; 2301 int fd, ptyfd, ttyfd, status; 2302 2303 pid = fork(); 2304 if (pid < 0) { /* failed */ 2305 exit(1); 2306 } else if (pid > 0) { /* parent */ 2307 waitpid(pid, &status, 0); 2308 if (WIFEXITED(status)) 2309 exit(WEXITSTATUS(status)); 2310 else 2311 exit(2); 2312 } else { /* child */ 2313 close(0); close(1); close(2); 2314 setsid(); 2315 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2316 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2317 if (fd >= 0) 2318 exit(3); /* Acquired ctty: broken */ 2319 else 2320 exit(0); /* Did not acquire ctty: OK */ 2321 } 2322 ]])], 2323 [ 2324 AC_MSG_RESULT([yes]) 2325 ], 2326 [ 2327 AC_MSG_RESULT([no]) 2328 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2329 ], 2330 [ 2331 AC_MSG_RESULT([cross-compiling, assuming yes]) 2332 ] 2333 ) 2334fi 2335 2336if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2337 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2338 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2339 AC_RUN_IFELSE( 2340 [AC_LANG_PROGRAM([[ 2341#include <stdio.h> 2342#include <sys/socket.h> 2343#include <netdb.h> 2344#include <errno.h> 2345#include <netinet/in.h> 2346 2347#define TEST_PORT "2222" 2348 ]], [[ 2349 int err, sock; 2350 struct addrinfo *gai_ai, *ai, hints; 2351 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2352 2353 memset(&hints, 0, sizeof(hints)); 2354 hints.ai_family = PF_UNSPEC; 2355 hints.ai_socktype = SOCK_STREAM; 2356 hints.ai_flags = AI_PASSIVE; 2357 2358 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2359 if (err != 0) { 2360 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2361 exit(1); 2362 } 2363 2364 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2365 if (ai->ai_family != AF_INET6) 2366 continue; 2367 2368 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2369 sizeof(ntop), strport, sizeof(strport), 2370 NI_NUMERICHOST|NI_NUMERICSERV); 2371 2372 if (err != 0) { 2373 if (err == EAI_SYSTEM) 2374 perror("getnameinfo EAI_SYSTEM"); 2375 else 2376 fprintf(stderr, "getnameinfo failed: %s\n", 2377 gai_strerror(err)); 2378 exit(2); 2379 } 2380 2381 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2382 if (sock < 0) 2383 perror("socket"); 2384 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2385 if (errno == EBADF) 2386 exit(3); 2387 } 2388 } 2389 exit(0); 2390 ]])], 2391 [ 2392 AC_MSG_RESULT([yes]) 2393 ], 2394 [ 2395 AC_MSG_RESULT([no]) 2396 AC_DEFINE([BROKEN_GETADDRINFO]) 2397 ], 2398 [ 2399 AC_MSG_RESULT([cross-compiling, assuming yes]) 2400 ] 2401 ) 2402fi 2403 2404if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2405 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2406 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2407 AC_RUN_IFELSE( 2408 [AC_LANG_PROGRAM([[ 2409#include <stdio.h> 2410#include <sys/socket.h> 2411#include <netdb.h> 2412#include <errno.h> 2413#include <netinet/in.h> 2414 2415#define TEST_PORT "2222" 2416 ]], [[ 2417 int err, sock; 2418 struct addrinfo *gai_ai, *ai, hints; 2419 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2420 2421 memset(&hints, 0, sizeof(hints)); 2422 hints.ai_family = PF_UNSPEC; 2423 hints.ai_socktype = SOCK_STREAM; 2424 hints.ai_flags = AI_PASSIVE; 2425 2426 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2427 if (err != 0) { 2428 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2429 exit(1); 2430 } 2431 2432 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2433 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2434 continue; 2435 2436 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2437 sizeof(ntop), strport, sizeof(strport), 2438 NI_NUMERICHOST|NI_NUMERICSERV); 2439 2440 if (ai->ai_family == AF_INET && err != 0) { 2441 perror("getnameinfo"); 2442 exit(2); 2443 } 2444 } 2445 exit(0); 2446 ]])], 2447 [ 2448 AC_MSG_RESULT([yes]) 2449 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2450 [Define if you have a getaddrinfo that fails 2451 for the all-zeros IPv6 address]) 2452 ], 2453 [ 2454 AC_MSG_RESULT([no]) 2455 AC_DEFINE([BROKEN_GETADDRINFO]) 2456 ], 2457 [ 2458 AC_MSG_RESULT([cross-compiling, assuming no]) 2459 ] 2460 ) 2461fi 2462 2463if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2464 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2465 [#include <sys/types.h> 2466 #include <sys/socket.h> 2467 #include <netdb.h>]) 2468fi 2469 2470if test "x$check_for_conflicting_getspnam" = "x1"; then 2471 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2472 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]], 2473 [[ exit(0); ]])], 2474 [ 2475 AC_MSG_RESULT([no]) 2476 ], 2477 [ 2478 AC_MSG_RESULT([yes]) 2479 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2480 [Conflicting defs for getspnam]) 2481 ] 2482 ) 2483fi 2484 2485dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2486dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2487dnl for over ten years). Despite this incompatibility being reported during 2488dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2489dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2490dnl implementation. Try to detect this mess, and assume the only safe option 2491dnl if we're cross compiling. 2492dnl 2493dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2494dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2495if test "x$ac_cv_func_strnvis" = "xyes"; then 2496 AC_MSG_CHECKING([for working strnvis]) 2497 AC_RUN_IFELSE( 2498 [AC_LANG_PROGRAM([[ 2499#include <signal.h> 2500#include <stdlib.h> 2501#include <string.h> 2502#include <vis.h> 2503static void sighandler(int sig) { _exit(1); } 2504 ]], [[ 2505 char dst[16]; 2506 2507 signal(SIGSEGV, sighandler); 2508 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2509 exit(0); 2510 exit(1) 2511 ]])], 2512 [AC_MSG_RESULT([yes])], 2513 [AC_MSG_RESULT([no]) 2514 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2515 [AC_MSG_WARN([cross compiling: assuming broken]) 2516 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2517 ) 2518fi 2519 2520AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2521AC_RUN_IFELSE( 2522 [AC_LANG_PROGRAM([[ 2523#ifdef HAVE_SYS_SELECT 2524# include <sys/select.h> 2525#endif 2526#include <sys/types.h> 2527#include <sys/time.h> 2528#include <stdlib.h> 2529#include <signal.h> 2530static void sighandler(int sig) { } 2531 ]], [[ 2532 int r; 2533 pid_t pid; 2534 struct sigaction sa; 2535 2536 sa.sa_handler = sighandler; 2537 sa.sa_flags = SA_RESTART; 2538 (void)sigaction(SIGTERM, &sa, NULL); 2539 if ((pid = fork()) == 0) { /* child */ 2540 pid = getppid(); 2541 sleep(1); 2542 kill(pid, SIGTERM); 2543 sleep(1); 2544 if (getppid() == pid) /* if parent did not exit, shoot it */ 2545 kill(pid, SIGKILL); 2546 exit(0); 2547 } else { /* parent */ 2548 r = select(0, NULL, NULL, NULL, NULL); 2549 } 2550 exit(r == -1 ? 0 : 1); 2551 ]])], 2552 [AC_MSG_RESULT([yes])], 2553 [AC_MSG_RESULT([no]) 2554 AC_DEFINE([NO_SA_RESTART], [1], 2555 [SA_RESTARTed signals do no interrupt select])], 2556 [AC_MSG_WARN([cross compiling: assuming yes])] 2557) 2558 2559AC_CHECK_FUNCS([getpgrp],[ 2560 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2561 AC_COMPILE_IFELSE( 2562 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2563 [ AC_MSG_RESULT([yes]) 2564 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2565 [ AC_MSG_RESULT([no]) 2566 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2567 ) 2568]) 2569 2570# Search for OpenSSL 2571saved_CPPFLAGS="$CPPFLAGS" 2572saved_LDFLAGS="$LDFLAGS" 2573AC_ARG_WITH([ssl-dir], 2574 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2575 [ 2576 if test "x$openssl" = "xno" ; then 2577 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2578 fi 2579 if test "x$withval" != "xno" ; then 2580 case "$withval" in 2581 # Relative paths 2582 ./*|../*) withval="`pwd`/$withval" 2583 esac 2584 if test -d "$withval/lib"; then 2585 if test -n "${rpath_opt}"; then 2586 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 2587 else 2588 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2589 fi 2590 elif test -d "$withval/lib64"; then 2591 if test -n "${rpath_opt}"; then 2592 LDFLAGS="-L${withval}/lib64 ${rpath_opt}${withval}/lib64 ${LDFLAGS}" 2593 else 2594 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2595 fi 2596 else 2597 if test -n "${rpath_opt}"; then 2598 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 2599 else 2600 LDFLAGS="-L${withval} ${LDFLAGS}" 2601 fi 2602 fi 2603 if test -d "$withval/include"; then 2604 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2605 else 2606 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2607 fi 2608 fi 2609 ] 2610) 2611 2612AC_ARG_WITH([openssl-header-check], 2613 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2614 [ 2615 if test "x$withval" = "xno" ; then 2616 openssl_check_nonfatal=1 2617 fi 2618 ] 2619) 2620 2621openssl_engine=no 2622AC_ARG_WITH([ssl-engine], 2623 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2624 [ 2625 if test "x$withval" != "xno" ; then 2626 if test "x$openssl" = "xno" ; then 2627 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2628 fi 2629 openssl_engine=yes 2630 fi 2631 ] 2632) 2633 2634if test "x$openssl" = "xyes" ; then 2635 LIBS="-lcrypto $LIBS" 2636 AC_TRY_LINK_FUNC([RAND_add], , 2637 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2638 AC_CHECK_HEADER([openssl/opensslv.h], , 2639 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2640 2641 # Determine OpenSSL header version 2642 AC_MSG_CHECKING([OpenSSL header version]) 2643 AC_RUN_IFELSE( 2644 [AC_LANG_PROGRAM([[ 2645 #include <stdlib.h> 2646 #include <stdio.h> 2647 #include <string.h> 2648 #include <openssl/opensslv.h> 2649 #define DATA "conftest.sslincver" 2650 ]], [[ 2651 FILE *fd; 2652 int rc; 2653 2654 fd = fopen(DATA,"w"); 2655 if(fd == NULL) 2656 exit(1); 2657 2658 if ((rc = fprintf(fd, "%08lx (%s)\n", 2659 (unsigned long)OPENSSL_VERSION_NUMBER, 2660 OPENSSL_VERSION_TEXT)) < 0) 2661 exit(1); 2662 2663 exit(0); 2664 ]])], 2665 [ 2666 ssl_header_ver=`cat conftest.sslincver` 2667 AC_MSG_RESULT([$ssl_header_ver]) 2668 ], 2669 [ 2670 AC_MSG_RESULT([not found]) 2671 AC_MSG_ERROR([OpenSSL version header not found.]) 2672 ], 2673 [ 2674 AC_MSG_WARN([cross compiling: not checking]) 2675 ] 2676 ) 2677 2678 # Determining OpenSSL library version is version dependent. 2679 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2680 2681 # Determine OpenSSL library version 2682 AC_MSG_CHECKING([OpenSSL library version]) 2683 AC_RUN_IFELSE( 2684 [AC_LANG_PROGRAM([[ 2685 #include <stdio.h> 2686 #include <string.h> 2687 #include <openssl/opensslv.h> 2688 #include <openssl/crypto.h> 2689 #define DATA "conftest.ssllibver" 2690 ]], [[ 2691 FILE *fd; 2692 int rc; 2693 2694 fd = fopen(DATA,"w"); 2695 if(fd == NULL) 2696 exit(1); 2697#ifndef OPENSSL_VERSION 2698# define OPENSSL_VERSION SSLEAY_VERSION 2699#endif 2700#ifndef HAVE_OPENSSL_VERSION 2701# define OpenSSL_version SSLeay_version 2702#endif 2703#ifndef HAVE_OPENSSL_VERSION_NUM 2704# define OpenSSL_version_num SSLeay 2705#endif 2706 if ((rc = fprintf(fd, "%08lx (%s)\n", 2707 (unsigned long)OpenSSL_version_num(), 2708 OpenSSL_version(OPENSSL_VERSION))) < 0) 2709 exit(1); 2710 2711 exit(0); 2712 ]])], 2713 [ 2714 ssl_library_ver=`cat conftest.ssllibver` 2715 # Check version is supported. 2716 case "$ssl_library_ver" in 2717 10000*|0*) 2718 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2719 ;; 2720 100*) ;; # 1.0.x 2721 101000[[0123456]]*) 2722 # https://github.com/openssl/openssl/pull/4613 2723 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) 2724 ;; 2725 101*) ;; # 1.1.x 2726 200*) ;; # LibreSSL 2727 300*) ;; # OpenSSL development branch. 2728 *) 2729 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) 2730 ;; 2731 esac 2732 AC_MSG_RESULT([$ssl_library_ver]) 2733 ], 2734 [ 2735 AC_MSG_RESULT([not found]) 2736 AC_MSG_ERROR([OpenSSL library not found.]) 2737 ], 2738 [ 2739 AC_MSG_WARN([cross compiling: not checking]) 2740 ] 2741 ) 2742 2743 # Sanity check OpenSSL headers 2744 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2745 AC_RUN_IFELSE( 2746 [AC_LANG_PROGRAM([[ 2747 #include <string.h> 2748 #include <openssl/opensslv.h> 2749 #include <openssl/crypto.h> 2750 ]], [[ 2751#ifndef HAVE_OPENSSL_VERSION_NUM 2752# define OpenSSL_version_num SSLeay 2753#endif 2754 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2755 ]])], 2756 [ 2757 AC_MSG_RESULT([yes]) 2758 ], 2759 [ 2760 AC_MSG_RESULT([no]) 2761 if test "x$openssl_check_nonfatal" = "x"; then 2762 AC_MSG_ERROR([Your OpenSSL headers do not match your 2763 library. Check config.log for details. 2764 If you are sure your installation is consistent, you can disable the check 2765 by running "./configure --without-openssl-header-check". 2766 Also see contrib/findssl.sh for help identifying header/library mismatches. 2767 ]) 2768 else 2769 AC_MSG_WARN([Your OpenSSL headers do not match your 2770 library. Check config.log for details. 2771 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2772 fi 2773 ], 2774 [ 2775 AC_MSG_WARN([cross compiling: not checking]) 2776 ] 2777 ) 2778 2779 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2780 AC_LINK_IFELSE( 2781 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2782 [[ ERR_load_crypto_strings(); ]])], 2783 [ 2784 AC_MSG_RESULT([yes]) 2785 ], 2786 [ 2787 AC_MSG_RESULT([no]) 2788 saved_LIBS="$LIBS" 2789 LIBS="$LIBS -ldl" 2790 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2791 AC_LINK_IFELSE( 2792 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2793 [[ ERR_load_crypto_strings(); ]])], 2794 [ 2795 AC_MSG_RESULT([yes]) 2796 ], 2797 [ 2798 AC_MSG_RESULT([no]) 2799 LIBS="$saved_LIBS" 2800 ] 2801 ) 2802 ] 2803 ) 2804 2805 AC_CHECK_FUNCS([ \ 2806 BN_is_prime_ex \ 2807 DSA_generate_parameters_ex \ 2808 EVP_CIPHER_CTX_ctrl \ 2809 EVP_DigestFinal_ex \ 2810 EVP_DigestInit_ex \ 2811 EVP_MD_CTX_cleanup \ 2812 EVP_MD_CTX_copy_ex \ 2813 EVP_MD_CTX_init \ 2814 HMAC_CTX_init \ 2815 RSA_generate_key_ex \ 2816 RSA_get_default_method \ 2817 ]) 2818 2819 # OpenSSL_add_all_algorithms may be a macro. 2820 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 2821 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 2822 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 2823 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 2824 [[#include <openssl/evp.h>]] 2825 ) 2826 ) 2827 2828 # LibreSSL/OpenSSL 1.1x API 2829 AC_CHECK_FUNCS([ \ 2830 OPENSSL_init_crypto \ 2831 DH_get0_key \ 2832 DH_get0_pqg \ 2833 DH_set0_key \ 2834 DH_set_length \ 2835 DH_set0_pqg \ 2836 DSA_get0_key \ 2837 DSA_get0_pqg \ 2838 DSA_set0_key \ 2839 DSA_set0_pqg \ 2840 DSA_SIG_get0 \ 2841 DSA_SIG_set0 \ 2842 ECDSA_SIG_get0 \ 2843 ECDSA_SIG_set0 \ 2844 EVP_CIPHER_CTX_iv \ 2845 EVP_CIPHER_CTX_iv_noconst \ 2846 EVP_CIPHER_CTX_get_iv \ 2847 EVP_CIPHER_CTX_set_iv \ 2848 RSA_get0_crt_params \ 2849 RSA_get0_factors \ 2850 RSA_get0_key \ 2851 RSA_set0_crt_params \ 2852 RSA_set0_factors \ 2853 RSA_set0_key \ 2854 RSA_meth_free \ 2855 RSA_meth_dup \ 2856 RSA_meth_set1_name \ 2857 RSA_meth_get_finish \ 2858 RSA_meth_set_priv_enc \ 2859 RSA_meth_set_priv_dec \ 2860 RSA_meth_set_finish \ 2861 EVP_PKEY_get0_RSA \ 2862 EVP_MD_CTX_new \ 2863 EVP_MD_CTX_free \ 2864 EVP_chacha20 \ 2865 ]) 2866 2867 if test "x$openssl_engine" = "xyes" ; then 2868 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2869 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2870 #include <openssl/engine.h> 2871 ]], [[ 2872 ENGINE_load_builtin_engines(); 2873 ENGINE_register_all_complete(); 2874 ]])], 2875 [ AC_MSG_RESULT([yes]) 2876 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2877 [Enable OpenSSL engine support]) 2878 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2879 ]) 2880 fi 2881 2882 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2883 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2884 AC_LINK_IFELSE( 2885 [AC_LANG_PROGRAM([[ 2886 #include <string.h> 2887 #include <openssl/evp.h> 2888 ]], [[ 2889 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2890 ]])], 2891 [ 2892 AC_MSG_RESULT([no]) 2893 ], 2894 [ 2895 AC_MSG_RESULT([yes]) 2896 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2897 [libcrypto is missing AES 192 and 256 bit functions]) 2898 ] 2899 ) 2900 2901 # Check for OpenSSL with EVP_aes_*ctr 2902 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2903 AC_LINK_IFELSE( 2904 [AC_LANG_PROGRAM([[ 2905 #include <string.h> 2906 #include <openssl/evp.h> 2907 ]], [[ 2908 exit(EVP_aes_128_ctr() == NULL || 2909 EVP_aes_192_cbc() == NULL || 2910 EVP_aes_256_cbc() == NULL); 2911 ]])], 2912 [ 2913 AC_MSG_RESULT([yes]) 2914 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2915 [libcrypto has EVP AES CTR]) 2916 ], 2917 [ 2918 AC_MSG_RESULT([no]) 2919 ] 2920 ) 2921 2922 # Check for OpenSSL with EVP_aes_*gcm 2923 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2924 AC_LINK_IFELSE( 2925 [AC_LANG_PROGRAM([[ 2926 #include <string.h> 2927 #include <openssl/evp.h> 2928 ]], [[ 2929 exit(EVP_aes_128_gcm() == NULL || 2930 EVP_aes_256_gcm() == NULL || 2931 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2932 EVP_CTRL_GCM_IV_GEN == 0 || 2933 EVP_CTRL_GCM_SET_TAG == 0 || 2934 EVP_CTRL_GCM_GET_TAG == 0 || 2935 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2936 ]])], 2937 [ 2938 AC_MSG_RESULT([yes]) 2939 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2940 [libcrypto has EVP AES GCM]) 2941 ], 2942 [ 2943 AC_MSG_RESULT([no]) 2944 unsupported_algorithms="$unsupported_cipers \ 2945 aes128-gcm@openssh.com \ 2946 aes256-gcm@openssh.com" 2947 ] 2948 ) 2949 2950 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2951 AC_LINK_IFELSE( 2952 [AC_LANG_PROGRAM([[ 2953 #include <string.h> 2954 #include <openssl/evp.h> 2955 ]], [[ 2956 if(EVP_DigestUpdate(NULL, NULL,0)) 2957 exit(0); 2958 ]])], 2959 [ 2960 AC_MSG_RESULT([yes]) 2961 ], 2962 [ 2963 AC_MSG_RESULT([no]) 2964 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2965 [Define if EVP_DigestUpdate returns void]) 2966 ] 2967 ) 2968 2969 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2970 # because the system crypt() is more featureful. 2971 if test "x$check_for_libcrypt_before" = "x1"; then 2972 AC_CHECK_LIB([crypt], [crypt]) 2973 fi 2974 2975 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2976 # version in OpenSSL. 2977 if test "x$check_for_libcrypt_later" = "x1"; then 2978 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2979 fi 2980 AC_CHECK_FUNCS([crypt DES_crypt]) 2981 2982 # Check for SHA256, SHA384 and SHA512 support in OpenSSL 2983 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) 2984 2985 # Check complete ECC support in OpenSSL 2986 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 2987 AC_LINK_IFELSE( 2988 [AC_LANG_PROGRAM([[ 2989 #include <openssl/ec.h> 2990 #include <openssl/ecdh.h> 2991 #include <openssl/ecdsa.h> 2992 #include <openssl/evp.h> 2993 #include <openssl/objects.h> 2994 #include <openssl/opensslv.h> 2995 ]], [[ 2996 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 2997 const EVP_MD *m = EVP_sha256(); /* We need this too */ 2998 ]])], 2999 [ AC_MSG_RESULT([yes]) 3000 enable_nistp256=1 ], 3001 [ AC_MSG_RESULT([no]) ] 3002 ) 3003 3004 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3005 AC_LINK_IFELSE( 3006 [AC_LANG_PROGRAM([[ 3007 #include <openssl/ec.h> 3008 #include <openssl/ecdh.h> 3009 #include <openssl/ecdsa.h> 3010 #include <openssl/evp.h> 3011 #include <openssl/objects.h> 3012 #include <openssl/opensslv.h> 3013 ]], [[ 3014 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3015 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3016 ]])], 3017 [ AC_MSG_RESULT([yes]) 3018 enable_nistp384=1 ], 3019 [ AC_MSG_RESULT([no]) ] 3020 ) 3021 3022 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3023 AC_LINK_IFELSE( 3024 [AC_LANG_PROGRAM([[ 3025 #include <openssl/ec.h> 3026 #include <openssl/ecdh.h> 3027 #include <openssl/ecdsa.h> 3028 #include <openssl/evp.h> 3029 #include <openssl/objects.h> 3030 #include <openssl/opensslv.h> 3031 ]], [[ 3032 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3033 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3034 ]])], 3035 [ AC_MSG_RESULT([yes]) 3036 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3037 AC_RUN_IFELSE( 3038 [AC_LANG_PROGRAM([[ 3039 #include <openssl/ec.h> 3040 #include <openssl/ecdh.h> 3041 #include <openssl/ecdsa.h> 3042 #include <openssl/evp.h> 3043 #include <openssl/objects.h> 3044 #include <openssl/opensslv.h> 3045 ]],[[ 3046 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3047 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3048 exit(e == NULL || m == NULL); 3049 ]])], 3050 [ AC_MSG_RESULT([yes]) 3051 enable_nistp521=1 ], 3052 [ AC_MSG_RESULT([no]) ], 3053 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3054 enable_nistp521=1 ] 3055 )], 3056 AC_MSG_RESULT([no]) 3057 ) 3058 3059 COMMENT_OUT_ECC="#no ecc#" 3060 TEST_SSH_ECC=no 3061 3062 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3063 test x$enable_nistp521 = x1; then 3064 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3065 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3066 openssl_ecc=yes 3067 else 3068 openssl_ecc=no 3069 fi 3070 if test x$enable_nistp256 = x1; then 3071 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3072 [libcrypto has NID_X9_62_prime256v1]) 3073 TEST_SSH_ECC=yes 3074 COMMENT_OUT_ECC="" 3075 else 3076 unsupported_algorithms="$unsupported_algorithms \ 3077 ecdsa-sha2-nistp256 \ 3078 ecdh-sha2-nistp256 \ 3079 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3080 fi 3081 if test x$enable_nistp384 = x1; then 3082 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3083 TEST_SSH_ECC=yes 3084 COMMENT_OUT_ECC="" 3085 else 3086 unsupported_algorithms="$unsupported_algorithms \ 3087 ecdsa-sha2-nistp384 \ 3088 ecdh-sha2-nistp384 \ 3089 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3090 fi 3091 if test x$enable_nistp521 = x1; then 3092 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3093 TEST_SSH_ECC=yes 3094 COMMENT_OUT_ECC="" 3095 else 3096 unsupported_algorithms="$unsupported_algorithms \ 3097 ecdh-sha2-nistp521 \ 3098 ecdsa-sha2-nistp521 \ 3099 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3100 fi 3101 3102 AC_SUBST([TEST_SSH_ECC]) 3103 AC_SUBST([COMMENT_OUT_ECC]) 3104else 3105 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3106 AC_CHECK_FUNCS([crypt]) 3107fi 3108 3109# PKCS11/U2F depend on OpenSSL and dlopen(). 3110enable_pkcs11=yes 3111enable_sk=yes 3112if test "x$openssl" != "xyes" ; then 3113 enable_pkcs11="disabled; missing libcrypto" 3114 enable_sk="disabled; missing libcrypto" 3115fi 3116if test "x$openssl_ecc" != "xyes" ; then 3117 enable_sk="disabled; OpenSSL has no ECC support" 3118fi 3119if test "x$ac_cv_func_dlopen" != "xyes" ; then 3120 enable_pkcs11="disabled; missing dlopen(3)" 3121 enable_sk="disabled; missing dlopen(3)" 3122fi 3123if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3124 enable_pkcs11="disabled; missing RTLD_NOW" 3125 enable_sk="disabled; missing RTLD_NOW" 3126fi 3127if test ! -z "$disable_pkcs11" ; then 3128 enable_pkcs11="disabled by user" 3129fi 3130if test ! -z "$disable_sk" ; then 3131 enable_sk="disabled by user" 3132fi 3133 3134AC_MSG_CHECKING([whether to enable PKCS11]) 3135if test "x$enable_pkcs11" = "xyes" ; then 3136 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3137fi 3138AC_MSG_RESULT([$enable_pkcs11]) 3139 3140AC_MSG_CHECKING([whether to enable U2F]) 3141if test "x$enable_sk" = "xyes" ; then 3142 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3143 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3144else 3145 # Do not try to build sk-dummy library. 3146 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3147fi 3148AC_MSG_RESULT([$enable_sk]) 3149 3150# Now check for built-in security key support. 3151if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then 3152 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 3153 use_pkgconfig_for_libfido2= 3154 if test "x$PKGCONFIG" != "xno"; then 3155 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3156 if "$PKGCONFIG" libfido2; then 3157 AC_MSG_RESULT([yes]) 3158 use_pkgconfig_for_libfido2=yes 3159 else 3160 AC_MSG_RESULT([no]) 3161 fi 3162 fi 3163 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3164 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3165 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3166 else 3167 LIBFIDO2="-lfido2 -lcbor" 3168 fi 3169 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3170 AC_CHECK_LIB([fido2], [fido_init], 3171 [ 3172 AC_SUBST([LIBFIDO2]) 3173 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3174 [Enable for built-in U2F/FIDO support]) 3175 enable_sk="built-in" 3176 ], [ AC_MSG_ERROR([no usable libfido2 found]) ], 3177 [ $OTHERLIBS ] 3178 ) 3179 AC_CHECK_HEADER([fido.h], [], 3180 AC_MSG_ERROR([missing fido.h from libfido2])) 3181 AC_CHECK_HEADER([fido/credman.h], [], 3182 AC_MSG_ERROR([missing fido/credman.h from libfido2]), 3183 [#include <fido.h>] 3184 ) 3185fi 3186 3187AC_CHECK_FUNCS([ \ 3188 arc4random \ 3189 arc4random_buf \ 3190 arc4random_stir \ 3191 arc4random_uniform \ 3192]) 3193 3194saved_LIBS="$LIBS" 3195AC_CHECK_LIB([iaf], [ia_openinfo], [ 3196 LIBS="$LIBS -liaf" 3197 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3198 AC_DEFINE([HAVE_LIBIAF], [1], 3199 [Define if system has libiaf that supports set_id]) 3200 ]) 3201]) 3202LIBS="$saved_LIBS" 3203 3204### Configure cryptographic random number support 3205 3206# Check whether OpenSSL seeds itself 3207if test "x$openssl" = "xyes" ; then 3208 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3209 AC_RUN_IFELSE( 3210 [AC_LANG_PROGRAM([[ 3211 #include <string.h> 3212 #include <openssl/rand.h> 3213 ]], [[ 3214 exit(RAND_status() == 1 ? 0 : 1); 3215 ]])], 3216 [ 3217 OPENSSL_SEEDS_ITSELF=yes 3218 AC_MSG_RESULT([yes]) 3219 ], 3220 [ 3221 AC_MSG_RESULT([no]) 3222 ], 3223 [ 3224 AC_MSG_WARN([cross compiling: assuming yes]) 3225 # This is safe, since we will fatal() at runtime if 3226 # OpenSSL is not seeded correctly. 3227 OPENSSL_SEEDS_ITSELF=yes 3228 ] 3229 ) 3230fi 3231 3232# PRNGD TCP socket 3233AC_ARG_WITH([prngd-port], 3234 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3235 [ 3236 case "$withval" in 3237 no) 3238 withval="" 3239 ;; 3240 [[0-9]]*) 3241 ;; 3242 *) 3243 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3244 ;; 3245 esac 3246 if test ! -z "$withval" ; then 3247 PRNGD_PORT="$withval" 3248 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3249 [Port number of PRNGD/EGD random number socket]) 3250 fi 3251 ] 3252) 3253 3254# PRNGD Unix domain socket 3255AC_ARG_WITH([prngd-socket], 3256 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3257 [ 3258 case "$withval" in 3259 yes) 3260 withval="/var/run/egd-pool" 3261 ;; 3262 no) 3263 withval="" 3264 ;; 3265 /*) 3266 ;; 3267 *) 3268 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3269 ;; 3270 esac 3271 3272 if test ! -z "$withval" ; then 3273 if test ! -z "$PRNGD_PORT" ; then 3274 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3275 fi 3276 if test ! -r "$withval" ; then 3277 AC_MSG_WARN([Entropy socket is not readable]) 3278 fi 3279 PRNGD_SOCKET="$withval" 3280 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3281 [Location of PRNGD/EGD random number socket]) 3282 fi 3283 ], 3284 [ 3285 # Check for existing socket only if we don't have a random device already 3286 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3287 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3288 # Insert other locations here 3289 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3290 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3291 PRNGD_SOCKET="$sock" 3292 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3293 break; 3294 fi 3295 done 3296 if test ! -z "$PRNGD_SOCKET" ; then 3297 AC_MSG_RESULT([$PRNGD_SOCKET]) 3298 else 3299 AC_MSG_RESULT([not found]) 3300 fi 3301 fi 3302 ] 3303) 3304 3305# Which randomness source do we use? 3306if test ! -z "$PRNGD_PORT" ; then 3307 RAND_MSG="PRNGd port $PRNGD_PORT" 3308elif test ! -z "$PRNGD_SOCKET" ; then 3309 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3310elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3311 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3312 [Define if you want the OpenSSL internally seeded PRNG only]) 3313 RAND_MSG="OpenSSL internal ONLY" 3314elif test "x$openssl" = "xno" ; then 3315 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3316else 3317 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3318fi 3319 3320# Check for PAM libs 3321PAM_MSG="no" 3322AC_ARG_WITH([pam], 3323 [ --with-pam Enable PAM support ], 3324 [ 3325 if test "x$withval" != "xno" ; then 3326 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3327 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3328 AC_MSG_ERROR([PAM headers not found]) 3329 fi 3330 3331 saved_LIBS="$LIBS" 3332 AC_CHECK_LIB([dl], [dlopen], , ) 3333 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3334 AC_CHECK_FUNCS([pam_getenvlist]) 3335 AC_CHECK_FUNCS([pam_putenv]) 3336 LIBS="$saved_LIBS" 3337 3338 PAM_MSG="yes" 3339 3340 SSHDLIBS="$SSHDLIBS -lpam" 3341 AC_DEFINE([USE_PAM], [1], 3342 [Define if you want to enable PAM support]) 3343 3344 if test $ac_cv_lib_dl_dlopen = yes; then 3345 case "$LIBS" in 3346 *-ldl*) 3347 # libdl already in LIBS 3348 ;; 3349 *) 3350 SSHDLIBS="$SSHDLIBS -ldl" 3351 ;; 3352 esac 3353 fi 3354 fi 3355 ] 3356) 3357 3358AC_ARG_WITH([pam-service], 3359 [ --with-pam-service=name Specify PAM service name ], 3360 [ 3361 if test "x$withval" != "xno" && \ 3362 test "x$withval" != "xyes" ; then 3363 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3364 ["$withval"], [sshd PAM service name]) 3365 fi 3366 ] 3367) 3368 3369# Check for older PAM 3370if test "x$PAM_MSG" = "xyes" ; then 3371 # Check PAM strerror arguments (old PAM) 3372 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3373 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3374#include <stdlib.h> 3375#if defined(HAVE_SECURITY_PAM_APPL_H) 3376#include <security/pam_appl.h> 3377#elif defined (HAVE_PAM_PAM_APPL_H) 3378#include <pam/pam_appl.h> 3379#endif 3380 ]], [[ 3381(void)pam_strerror((pam_handle_t *)NULL, -1); 3382 ]])], [AC_MSG_RESULT([no])], [ 3383 AC_DEFINE([HAVE_OLD_PAM], [1], 3384 [Define if you have an old version of PAM 3385 which takes only one argument to pam_strerror]) 3386 AC_MSG_RESULT([yes]) 3387 PAM_MSG="yes (old library)" 3388 3389 ]) 3390fi 3391 3392case "$host" in 3393*-*-cygwin*) 3394 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3395 ;; 3396*) 3397 SSH_PRIVSEP_USER=sshd 3398 ;; 3399esac 3400AC_ARG_WITH([privsep-user], 3401 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3402 [ 3403 if test -n "$withval" && test "x$withval" != "xno" && \ 3404 test "x${withval}" != "xyes"; then 3405 SSH_PRIVSEP_USER=$withval 3406 fi 3407 ] 3408) 3409if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3410 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3411 [Cygwin function to fetch non-privileged user for privilege separation]) 3412else 3413 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3414 [non-privileged user for privilege separation]) 3415fi 3416AC_SUBST([SSH_PRIVSEP_USER]) 3417 3418if test "x$have_linux_no_new_privs" = "x1" ; then 3419AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3420 #include <sys/types.h> 3421 #include <linux/seccomp.h> 3422]) 3423fi 3424if test "x$have_seccomp_filter" = "x1" ; then 3425AC_MSG_CHECKING([kernel for seccomp_filter support]) 3426AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3427 #include <errno.h> 3428 #include <elf.h> 3429 #include <linux/audit.h> 3430 #include <linux/seccomp.h> 3431 #include <stdlib.h> 3432 #include <sys/prctl.h> 3433 ]], 3434 [[ int i = $seccomp_audit_arch; 3435 errno = 0; 3436 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3437 exit(errno == EFAULT ? 0 : 1); ]])], 3438 [ AC_MSG_RESULT([yes]) ], [ 3439 AC_MSG_RESULT([no]) 3440 # Disable seccomp filter as a target 3441 have_seccomp_filter=0 3442 ] 3443) 3444fi 3445 3446# Decide which sandbox style to use 3447sandbox_arg="" 3448AC_ARG_WITH([sandbox], 3449 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3450 [ 3451 if test "x$withval" = "xyes" ; then 3452 sandbox_arg="" 3453 else 3454 sandbox_arg="$withval" 3455 fi 3456 ] 3457) 3458 3459# Some platforms (seems to be the ones that have a kernel poll(2)-type 3460# function with which they implement select(2)) use an extra file descriptor 3461# when calling select(2), which means we can't use the rlimit sandbox. 3462AC_MSG_CHECKING([if select works with descriptor rlimit]) 3463AC_RUN_IFELSE( 3464 [AC_LANG_PROGRAM([[ 3465#include <sys/types.h> 3466#ifdef HAVE_SYS_TIME_H 3467# include <sys/time.h> 3468#endif 3469#include <sys/resource.h> 3470#ifdef HAVE_SYS_SELECT_H 3471# include <sys/select.h> 3472#endif 3473#include <errno.h> 3474#include <fcntl.h> 3475#include <stdlib.h> 3476 ]],[[ 3477 struct rlimit rl_zero; 3478 int fd, r; 3479 fd_set fds; 3480 struct timeval tv; 3481 3482 fd = open("/dev/null", O_RDONLY); 3483 FD_ZERO(&fds); 3484 FD_SET(fd, &fds); 3485 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3486 setrlimit(RLIMIT_FSIZE, &rl_zero); 3487 setrlimit(RLIMIT_NOFILE, &rl_zero); 3488 tv.tv_sec = 1; 3489 tv.tv_usec = 0; 3490 r = select(fd+1, &fds, NULL, NULL, &tv); 3491 exit (r == -1 ? 1 : 0); 3492 ]])], 3493 [AC_MSG_RESULT([yes]) 3494 select_works_with_rlimit=yes], 3495 [AC_MSG_RESULT([no]) 3496 select_works_with_rlimit=no], 3497 [AC_MSG_WARN([cross compiling: assuming yes]) 3498 select_works_with_rlimit=yes] 3499) 3500 3501AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3502AC_RUN_IFELSE( 3503 [AC_LANG_PROGRAM([[ 3504#include <sys/types.h> 3505#ifdef HAVE_SYS_TIME_H 3506# include <sys/time.h> 3507#endif 3508#include <sys/resource.h> 3509#include <errno.h> 3510#include <stdlib.h> 3511 ]],[[ 3512 struct rlimit rl_zero; 3513 int r; 3514 3515 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3516 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3517 exit (r == -1 ? 1 : 0); 3518 ]])], 3519 [AC_MSG_RESULT([yes]) 3520 rlimit_nofile_zero_works=yes], 3521 [AC_MSG_RESULT([no]) 3522 rlimit_nofile_zero_works=no], 3523 [AC_MSG_WARN([cross compiling: assuming yes]) 3524 rlimit_nofile_zero_works=yes] 3525) 3526 3527AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3528AC_RUN_IFELSE( 3529 [AC_LANG_PROGRAM([[ 3530#include <sys/types.h> 3531#include <sys/resource.h> 3532#include <stdlib.h> 3533 ]],[[ 3534 struct rlimit rl_zero; 3535 3536 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3537 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3538 ]])], 3539 [AC_MSG_RESULT([yes])], 3540 [AC_MSG_RESULT([no]) 3541 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3542 [setrlimit RLIMIT_FSIZE works])], 3543 [AC_MSG_WARN([cross compiling: assuming yes])] 3544) 3545 3546if test "x$sandbox_arg" = "xpledge" || \ 3547 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3548 test "x$ac_cv_func_pledge" != "xyes" && \ 3549 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3550 SANDBOX_STYLE="pledge" 3551 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3552elif test "x$sandbox_arg" = "xsystrace" || \ 3553 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3554 test "x$have_systr_policy_kill" != "x1" && \ 3555 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3556 SANDBOX_STYLE="systrace" 3557 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3558elif test "x$sandbox_arg" = "xdarwin" || \ 3559 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3560 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3561 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3562 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3563 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3564 SANDBOX_STYLE="darwin" 3565 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3566elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3567 ( test -z "$sandbox_arg" && \ 3568 test "x$have_seccomp_filter" = "x1" && \ 3569 test "x$ac_cv_header_elf_h" = "xyes" && \ 3570 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3571 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3572 test "x$seccomp_audit_arch" != "x" && \ 3573 test "x$have_linux_no_new_privs" = "x1" && \ 3574 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3575 test "x$seccomp_audit_arch" = "x" && \ 3576 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3577 test "x$have_linux_no_new_privs" != "x1" && \ 3578 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3579 test "x$have_seccomp_filter" != "x1" && \ 3580 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3581 test "x$ac_cv_func_prctl" != "xyes" && \ 3582 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3583 SANDBOX_STYLE="seccomp_filter" 3584 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3585elif test "x$sandbox_arg" = "xcapsicum" || \ 3586 ( test -z "$sandbox_arg" && \ 3587 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3588 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3589 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3590 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3591 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3592 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3593 SANDBOX_STYLE="capsicum" 3594 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3595elif test "x$sandbox_arg" = "xrlimit" || \ 3596 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3597 test "x$select_works_with_rlimit" = "xyes" && \ 3598 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3599 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3600 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3601 test "x$select_works_with_rlimit" != "xyes" && \ 3602 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3603 SANDBOX_STYLE="rlimit" 3604 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3605elif test "x$sandbox_arg" = "xsolaris" || \ 3606 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3607 SANDBOX_STYLE="solaris" 3608 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3609elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3610 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3611 SANDBOX_STYLE="none" 3612 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3613else 3614 AC_MSG_ERROR([unsupported --with-sandbox]) 3615fi 3616 3617# Cheap hack to ensure NEWS-OS libraries are arranged right. 3618if test ! -z "$SONY" ; then 3619 LIBS="$LIBS -liberty"; 3620fi 3621 3622# Check for long long datatypes 3623AC_CHECK_TYPES([long long, unsigned long long, long double]) 3624 3625# Check datatype sizes 3626AC_CHECK_SIZEOF([short int]) 3627AC_CHECK_SIZEOF([int]) 3628AC_CHECK_SIZEOF([long int]) 3629AC_CHECK_SIZEOF([long long int]) 3630 3631# Sanity check long long for some platforms (AIX) 3632if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3633 ac_cv_sizeof_long_long_int=0 3634fi 3635 3636# compute LLONG_MIN and LLONG_MAX if we don't know them. 3637if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3638 AC_MSG_CHECKING([for max value of long long]) 3639 AC_RUN_IFELSE( 3640 [AC_LANG_PROGRAM([[ 3641#include <stdio.h> 3642/* Why is this so damn hard? */ 3643#ifdef __GNUC__ 3644# undef __GNUC__ 3645#endif 3646#define __USE_ISOC99 3647#include <limits.h> 3648#define DATA "conftest.llminmax" 3649#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3650 3651/* 3652 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3653 * we do this the hard way. 3654 */ 3655static int 3656fprint_ll(FILE *f, long long n) 3657{ 3658 unsigned int i; 3659 int l[sizeof(long long) * 8]; 3660 3661 if (n < 0) 3662 if (fprintf(f, "-") < 0) 3663 return -1; 3664 for (i = 0; n != 0; i++) { 3665 l[i] = my_abs(n % 10); 3666 n /= 10; 3667 } 3668 do { 3669 if (fprintf(f, "%d", l[--i]) < 0) 3670 return -1; 3671 } while (i != 0); 3672 if (fprintf(f, " ") < 0) 3673 return -1; 3674 return 0; 3675} 3676 ]], [[ 3677 FILE *f; 3678 long long i, llmin, llmax = 0; 3679 3680 if((f = fopen(DATA,"w")) == NULL) 3681 exit(1); 3682 3683#if defined(LLONG_MIN) && defined(LLONG_MAX) 3684 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3685 llmin = LLONG_MIN; 3686 llmax = LLONG_MAX; 3687#else 3688 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3689 /* This will work on one's complement and two's complement */ 3690 for (i = 1; i > llmax; i <<= 1, i++) 3691 llmax = i; 3692 llmin = llmax + 1LL; /* wrap */ 3693#endif 3694 3695 /* Sanity check */ 3696 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3697 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3698 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3699 fprintf(f, "unknown unknown\n"); 3700 exit(2); 3701 } 3702 3703 if (fprint_ll(f, llmin) < 0) 3704 exit(3); 3705 if (fprint_ll(f, llmax) < 0) 3706 exit(4); 3707 if (fclose(f) < 0) 3708 exit(5); 3709 exit(0); 3710 ]])], 3711 [ 3712 llong_min=`$AWK '{print $1}' conftest.llminmax` 3713 llong_max=`$AWK '{print $2}' conftest.llminmax` 3714 3715 AC_MSG_RESULT([$llong_max]) 3716 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3717 [max value of long long calculated by configure]) 3718 AC_MSG_CHECKING([for min value of long long]) 3719 AC_MSG_RESULT([$llong_min]) 3720 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3721 [min value of long long calculated by configure]) 3722 ], 3723 [ 3724 AC_MSG_RESULT([not found]) 3725 ], 3726 [ 3727 AC_MSG_WARN([cross compiling: not checking]) 3728 ] 3729 ) 3730fi 3731 3732AC_CHECK_DECLS([UINT32_MAX], , , [[ 3733#ifdef HAVE_SYS_LIMITS_H 3734# include <sys/limits.h> 3735#endif 3736#ifdef HAVE_LIMITS_H 3737# include <limits.h> 3738#endif 3739#ifdef HAVE_STDINT_H 3740# include <stdint.h> 3741#endif 3742]]) 3743 3744# More checks for data types 3745AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3746 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3747 [[ u_int a; a = 1;]])], 3748 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3749 ]) 3750]) 3751if test "x$ac_cv_have_u_int" = "xyes" ; then 3752 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3753 have_u_int=1 3754fi 3755 3756AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3757 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3758 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3759 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3760 ]) 3761]) 3762if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3763 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3764 have_intxx_t=1 3765fi 3766 3767if (test -z "$have_intxx_t" && \ 3768 test "x$ac_cv_header_stdint_h" = "xyes") 3769then 3770 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3771 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3772 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3773 [ 3774 AC_DEFINE([HAVE_INTXX_T]) 3775 AC_MSG_RESULT([yes]) 3776 ], [ AC_MSG_RESULT([no]) 3777 ]) 3778fi 3779 3780AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3781 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3782#include <sys/types.h> 3783#ifdef HAVE_STDINT_H 3784# include <stdint.h> 3785#endif 3786#include <sys/socket.h> 3787#ifdef HAVE_SYS_BITYPES_H 3788# include <sys/bitypes.h> 3789#endif 3790 ]], [[ 3791int64_t a; a = 1; 3792 ]])], 3793 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3794 ]) 3795]) 3796if test "x$ac_cv_have_int64_t" = "xyes" ; then 3797 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3798fi 3799 3800AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3801 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3802 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3803 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3804 ]) 3805]) 3806if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3807 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3808 have_u_intxx_t=1 3809fi 3810 3811if test -z "$have_u_intxx_t" ; then 3812 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3813 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3814 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3815 [ 3816 AC_DEFINE([HAVE_U_INTXX_T]) 3817 AC_MSG_RESULT([yes]) 3818 ], [ AC_MSG_RESULT([no]) 3819 ]) 3820fi 3821 3822AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3823 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3824 [[ u_int64_t a; a = 1;]])], 3825 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3826 ]) 3827]) 3828if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3829 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3830 have_u_int64_t=1 3831fi 3832 3833if (test -z "$have_u_int64_t" && \ 3834 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3835then 3836 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3837 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3838 [[ u_int64_t a; a = 1]])], 3839 [ 3840 AC_DEFINE([HAVE_U_INT64_T]) 3841 AC_MSG_RESULT([yes]) 3842 ], [ AC_MSG_RESULT([no]) 3843 ]) 3844fi 3845 3846if test -z "$have_u_intxx_t" ; then 3847 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3848 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3849#include <sys/types.h> 3850 ]], [[ 3851 uint8_t a; 3852 uint16_t b; 3853 uint32_t c; 3854 a = b = c = 1; 3855 ]])], 3856 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3857 ]) 3858 ]) 3859 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3860 AC_DEFINE([HAVE_UINTXX_T], [1], 3861 [define if you have uintxx_t data type]) 3862 fi 3863fi 3864 3865if (test -z "$have_uintxx_t" && \ 3866 test "x$ac_cv_header_stdint_h" = "xyes") 3867then 3868 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3869 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3870 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3871 [ 3872 AC_DEFINE([HAVE_UINTXX_T]) 3873 AC_MSG_RESULT([yes]) 3874 ], [ AC_MSG_RESULT([no]) 3875 ]) 3876fi 3877 3878if (test -z "$have_uintxx_t" && \ 3879 test "x$ac_cv_header_inttypes_h" = "xyes") 3880then 3881 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3882 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3883 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3884 [ 3885 AC_DEFINE([HAVE_UINTXX_T]) 3886 AC_MSG_RESULT([yes]) 3887 ], [ AC_MSG_RESULT([no]) 3888 ]) 3889fi 3890 3891if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3892 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3893then 3894 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3895 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3896#include <sys/bitypes.h> 3897 ]], [[ 3898 int8_t a; int16_t b; int32_t c; 3899 u_int8_t e; u_int16_t f; u_int32_t g; 3900 a = b = c = e = f = g = 1; 3901 ]])], 3902 [ 3903 AC_DEFINE([HAVE_U_INTXX_T]) 3904 AC_DEFINE([HAVE_INTXX_T]) 3905 AC_MSG_RESULT([yes]) 3906 ], [AC_MSG_RESULT([no]) 3907 ]) 3908fi 3909 3910 3911AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3912 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3913 [[ u_char foo; foo = 125; ]])], 3914 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3915 ]) 3916]) 3917if test "x$ac_cv_have_u_char" = "xyes" ; then 3918 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3919fi 3920 3921AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3922#include <sys/types.h> 3923#ifdef HAVE_STDINT_H 3924# include <stdint.h> 3925#endif 3926]) 3927 3928TYPE_SOCKLEN_T 3929 3930AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3931AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3932#include <sys/types.h> 3933#ifdef HAVE_SYS_BITYPES_H 3934#include <sys/bitypes.h> 3935#endif 3936#ifdef HAVE_SYS_STATFS_H 3937#include <sys/statfs.h> 3938#endif 3939#ifdef HAVE_SYS_STATVFS_H 3940#include <sys/statvfs.h> 3941#endif 3942]) 3943 3944AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 3945#include <sys/param.h> 3946#include <sys/types.h> 3947#ifdef HAVE_SYS_BITYPES_H 3948#include <sys/bitypes.h> 3949#endif 3950#ifdef HAVE_SYS_STATFS_H 3951#include <sys/statfs.h> 3952#endif 3953#ifdef HAVE_SYS_STATVFS_H 3954#include <sys/statvfs.h> 3955#endif 3956#ifdef HAVE_SYS_VFS_H 3957#include <sys/vfs.h> 3958#endif 3959#ifdef HAVE_SYS_MOUNT_H 3960#include <sys/mount.h> 3961#endif 3962]]) 3963 3964 3965AC_CHECK_TYPES([in_addr_t, in_port_t], , , 3966[#include <sys/types.h> 3967#include <netinet/in.h>]) 3968 3969AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3970 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3971 [[ size_t foo; foo = 1235; ]])], 3972 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 3973 ]) 3974]) 3975if test "x$ac_cv_have_size_t" = "xyes" ; then 3976 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 3977fi 3978 3979AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 3980 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3981 [[ ssize_t foo; foo = 1235; ]])], 3982 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 3983 ]) 3984]) 3985if test "x$ac_cv_have_ssize_t" = "xyes" ; then 3986 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 3987fi 3988 3989AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 3990 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 3991 [[ clock_t foo; foo = 1235; ]])], 3992 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 3993 ]) 3994]) 3995if test "x$ac_cv_have_clock_t" = "xyes" ; then 3996 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 3997fi 3998 3999AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4000 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4001#include <sys/types.h> 4002#include <sys/socket.h> 4003 ]], [[ sa_family_t foo; foo = 1235; ]])], 4004 [ ac_cv_have_sa_family_t="yes" ], 4005 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4006#include <sys/types.h> 4007#include <sys/socket.h> 4008#include <netinet/in.h> 4009 ]], [[ sa_family_t foo; foo = 1235; ]])], 4010 [ ac_cv_have_sa_family_t="yes" ], 4011 [ ac_cv_have_sa_family_t="no" ] 4012 ) 4013 ]) 4014]) 4015if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4016 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4017 [define if you have sa_family_t data type]) 4018fi 4019 4020AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4021 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4022 [[ pid_t foo; foo = 1235; ]])], 4023 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4024 ]) 4025]) 4026if test "x$ac_cv_have_pid_t" = "xyes" ; then 4027 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4028fi 4029 4030AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4031 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4032 [[ mode_t foo; foo = 1235; ]])], 4033 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4034 ]) 4035]) 4036if test "x$ac_cv_have_mode_t" = "xyes" ; then 4037 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4038fi 4039 4040 4041AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4042 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4043#include <sys/types.h> 4044#include <sys/socket.h> 4045 ]], [[ struct sockaddr_storage s; ]])], 4046 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4047 [ ac_cv_have_struct_sockaddr_storage="no" 4048 ]) 4049]) 4050if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4051 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4052 [define if you have struct sockaddr_storage data type]) 4053fi 4054 4055AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4056 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4057#include <sys/types.h> 4058#include <netinet/in.h> 4059 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4060 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4061 [ ac_cv_have_struct_sockaddr_in6="no" 4062 ]) 4063]) 4064if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4065 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4066 [define if you have struct sockaddr_in6 data type]) 4067fi 4068 4069AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4070 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4071#include <sys/types.h> 4072#include <netinet/in.h> 4073 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4074 [ ac_cv_have_struct_in6_addr="yes" ], 4075 [ ac_cv_have_struct_in6_addr="no" 4076 ]) 4077]) 4078if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4079 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4080 [define if you have struct in6_addr data type]) 4081 4082dnl Now check for sin6_scope_id 4083 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4084 [ 4085#ifdef HAVE_SYS_TYPES_H 4086#include <sys/types.h> 4087#endif 4088#include <netinet/in.h> 4089 ]) 4090fi 4091 4092AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4093 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4094#include <sys/types.h> 4095#include <sys/socket.h> 4096#include <netdb.h> 4097 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4098 [ ac_cv_have_struct_addrinfo="yes" ], 4099 [ ac_cv_have_struct_addrinfo="no" 4100 ]) 4101]) 4102if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4103 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4104 [define if you have struct addrinfo data type]) 4105fi 4106 4107AC_HEADER_TIME 4108 4109AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4110 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4111 [[ struct timeval tv; tv.tv_sec = 1;]])], 4112 [ ac_cv_have_struct_timeval="yes" ], 4113 [ ac_cv_have_struct_timeval="no" 4114 ]) 4115]) 4116if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4117 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4118 have_struct_timeval=1 4119fi 4120 4121AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4122 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4123 #ifdef TIME_WITH_SYS_TIME 4124 # include <sys/time.h> 4125 # include <time.h> 4126 #else 4127 # ifdef HAVE_SYS_TIME_H 4128 # include <sys/time.h> 4129 # else 4130 # include <time.h> 4131 # endif 4132 #endif 4133 ]], 4134 [[ struct timespec ts; ts.tv_sec = 1;]])], 4135 [ ac_cv_have_struct_timespec="yes" ], 4136 [ ac_cv_have_struct_timespec="no" 4137 ]) 4138]) 4139if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4140 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4141 have_struct_timespec=1 4142fi 4143 4144# We need int64_t or else certain parts of the compile will fail. 4145if test "x$ac_cv_have_int64_t" = "xno" && \ 4146 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4147 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4148 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4149 echo "an alternative compiler (I.E., GCC) before continuing." 4150 echo "" 4151 exit 1; 4152else 4153dnl test snprintf (broken on SCO w/gcc) 4154 AC_RUN_IFELSE( 4155 [AC_LANG_SOURCE([[ 4156#include <stdio.h> 4157#include <string.h> 4158#ifdef HAVE_SNPRINTF 4159main() 4160{ 4161 char buf[50]; 4162 char expected_out[50]; 4163 int mazsize = 50 ; 4164#if (SIZEOF_LONG_INT == 8) 4165 long int num = 0x7fffffffffffffff; 4166#else 4167 long long num = 0x7fffffffffffffffll; 4168#endif 4169 strcpy(expected_out, "9223372036854775807"); 4170 snprintf(buf, mazsize, "%lld", num); 4171 if(strcmp(buf, expected_out) != 0) 4172 exit(1); 4173 exit(0); 4174} 4175#else 4176main() { exit(0); } 4177#endif 4178 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4179 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4180 ) 4181fi 4182 4183dnl Checks for structure members 4184OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4185OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4186OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4187OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4188OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4189OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4190OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4191OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4192OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4193OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4194OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4195OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4196OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4197OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4198OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4199OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4200OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4201 4202AC_CHECK_MEMBERS([struct stat.st_blksize]) 4203AC_CHECK_MEMBERS([struct stat.st_mtim]) 4204AC_CHECK_MEMBERS([struct stat.st_mtime]) 4205AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4206struct passwd.pw_change, struct passwd.pw_expire], 4207[], [], [[ 4208#include <sys/types.h> 4209#include <pwd.h> 4210]]) 4211 4212AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4213 [Define if we don't have struct __res_state in resolv.h])], 4214[[ 4215#include <stdio.h> 4216#if HAVE_SYS_TYPES_H 4217# include <sys/types.h> 4218#endif 4219#include <netinet/in.h> 4220#include <arpa/nameser.h> 4221#include <resolv.h> 4222]]) 4223 4224AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4225 ac_cv_have_ss_family_in_struct_ss, [ 4226 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4227#include <sys/types.h> 4228#include <sys/socket.h> 4229 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4230 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4231 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4232]) 4233if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4234 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4235fi 4236 4237AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4238 ac_cv_have___ss_family_in_struct_ss, [ 4239 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4240#include <sys/types.h> 4241#include <sys/socket.h> 4242 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4243 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4244 [ ac_cv_have___ss_family_in_struct_ss="no" 4245 ]) 4246]) 4247if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4248 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4249 [Fields in struct sockaddr_storage]) 4250fi 4251 4252dnl make sure we're using the real structure members and not defines 4253AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4254 ac_cv_have_accrights_in_msghdr, [ 4255 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4256#include <sys/types.h> 4257#include <sys/socket.h> 4258#include <sys/uio.h> 4259 ]], [[ 4260#ifdef msg_accrights 4261#error "msg_accrights is a macro" 4262exit(1); 4263#endif 4264struct msghdr m; 4265m.msg_accrights = 0; 4266exit(0); 4267 ]])], 4268 [ ac_cv_have_accrights_in_msghdr="yes" ], 4269 [ ac_cv_have_accrights_in_msghdr="no" ] 4270 ) 4271]) 4272if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4273 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4274 [Define if your system uses access rights style 4275 file descriptor passing]) 4276fi 4277 4278AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4279AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4280#include <sys/param.h> 4281#include <sys/stat.h> 4282#ifdef HAVE_SYS_TIME_H 4283# include <sys/time.h> 4284#endif 4285#ifdef HAVE_SYS_MOUNT_H 4286#include <sys/mount.h> 4287#endif 4288#ifdef HAVE_SYS_STATVFS_H 4289#include <sys/statvfs.h> 4290#endif 4291 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4292 [ AC_MSG_RESULT([yes]) ], 4293 [ AC_MSG_RESULT([no]) 4294 4295 AC_MSG_CHECKING([if fsid_t has member val]) 4296 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4297#include <sys/types.h> 4298#include <sys/statvfs.h> 4299 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4300 [ AC_MSG_RESULT([yes]) 4301 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4302 [ AC_MSG_RESULT([no]) ]) 4303 4304 AC_MSG_CHECKING([if f_fsid has member __val]) 4305 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4306#include <sys/types.h> 4307#include <sys/statvfs.h> 4308 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4309 [ AC_MSG_RESULT([yes]) 4310 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4311 [ AC_MSG_RESULT([no]) ]) 4312]) 4313 4314AC_CACHE_CHECK([for msg_control field in struct msghdr], 4315 ac_cv_have_control_in_msghdr, [ 4316 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4317#include <sys/types.h> 4318#include <sys/socket.h> 4319#include <sys/uio.h> 4320 ]], [[ 4321#ifdef msg_control 4322#error "msg_control is a macro" 4323exit(1); 4324#endif 4325struct msghdr m; 4326m.msg_control = 0; 4327exit(0); 4328 ]])], 4329 [ ac_cv_have_control_in_msghdr="yes" ], 4330 [ ac_cv_have_control_in_msghdr="no" ] 4331 ) 4332]) 4333if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4334 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4335 [Define if your system uses ancillary data style 4336 file descriptor passing]) 4337fi 4338 4339AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4340 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4341 [[ extern char *__progname; printf("%s", __progname); ]])], 4342 [ ac_cv_libc_defines___progname="yes" ], 4343 [ ac_cv_libc_defines___progname="no" 4344 ]) 4345]) 4346if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4347 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4348fi 4349 4350AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4351 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4352 [[ printf("%s", __FUNCTION__); ]])], 4353 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4354 [ ac_cv_cc_implements___FUNCTION__="no" 4355 ]) 4356]) 4357if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4358 AC_DEFINE([HAVE___FUNCTION__], [1], 4359 [Define if compiler implements __FUNCTION__]) 4360fi 4361 4362AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4363 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4364 [[ printf("%s", __func__); ]])], 4365 [ ac_cv_cc_implements___func__="yes" ], 4366 [ ac_cv_cc_implements___func__="no" 4367 ]) 4368]) 4369if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4370 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4371fi 4372 4373AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4374 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4375#include <stdarg.h> 4376va_list x,y; 4377 ]], [[ va_copy(x,y); ]])], 4378 [ ac_cv_have_va_copy="yes" ], 4379 [ ac_cv_have_va_copy="no" 4380 ]) 4381]) 4382if test "x$ac_cv_have_va_copy" = "xyes" ; then 4383 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4384fi 4385 4386AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4387 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4388#include <stdarg.h> 4389va_list x,y; 4390 ]], [[ __va_copy(x,y); ]])], 4391 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4392 ]) 4393]) 4394if test "x$ac_cv_have___va_copy" = "xyes" ; then 4395 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4396fi 4397 4398AC_CACHE_CHECK([whether getopt has optreset support], 4399 ac_cv_have_getopt_optreset, [ 4400 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4401 [[ extern int optreset; optreset = 0; ]])], 4402 [ ac_cv_have_getopt_optreset="yes" ], 4403 [ ac_cv_have_getopt_optreset="no" 4404 ]) 4405]) 4406if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4407 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4408 [Define if your getopt(3) defines and uses optreset]) 4409fi 4410 4411AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4412 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4413[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4414 [ ac_cv_libc_defines_sys_errlist="yes" ], 4415 [ ac_cv_libc_defines_sys_errlist="no" 4416 ]) 4417]) 4418if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4419 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4420 [Define if your system defines sys_errlist[]]) 4421fi 4422 4423 4424AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4425 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4426[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4427 [ ac_cv_libc_defines_sys_nerr="yes" ], 4428 [ ac_cv_libc_defines_sys_nerr="no" 4429 ]) 4430]) 4431if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4432 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4433fi 4434 4435# Check libraries needed by DNS fingerprint support 4436AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4437 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4438 [Define if getrrsetbyname() exists])], 4439 [ 4440 # Needed by our getrrsetbyname() 4441 AC_SEARCH_LIBS([res_query], [resolv]) 4442 AC_SEARCH_LIBS([dn_expand], [resolv]) 4443 AC_MSG_CHECKING([if res_query will link]) 4444 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4445#include <sys/types.h> 4446#include <netinet/in.h> 4447#include <arpa/nameser.h> 4448#include <netdb.h> 4449#include <resolv.h> 4450 ]], [[ 4451 res_query (0, 0, 0, 0, 0); 4452 ]])], 4453 AC_MSG_RESULT([yes]), 4454 [AC_MSG_RESULT([no]) 4455 saved_LIBS="$LIBS" 4456 LIBS="$LIBS -lresolv" 4457 AC_MSG_CHECKING([for res_query in -lresolv]) 4458 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4459#include <sys/types.h> 4460#include <netinet/in.h> 4461#include <arpa/nameser.h> 4462#include <netdb.h> 4463#include <resolv.h> 4464 ]], [[ 4465 res_query (0, 0, 0, 0, 0); 4466 ]])], 4467 [AC_MSG_RESULT([yes])], 4468 [LIBS="$saved_LIBS" 4469 AC_MSG_RESULT([no])]) 4470 ]) 4471 AC_CHECK_FUNCS([_getshort _getlong]) 4472 AC_CHECK_DECLS([_getshort, _getlong], , , 4473 [#include <sys/types.h> 4474 #include <arpa/nameser.h>]) 4475 AC_CHECK_MEMBER([HEADER.ad], 4476 [AC_DEFINE([HAVE_HEADER_AD], [1], 4477 [Define if HEADER.ad exists in arpa/nameser.h])], , 4478 [#include <arpa/nameser.h>]) 4479 ]) 4480 4481AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4482AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4483#include <stdio.h> 4484#if HAVE_SYS_TYPES_H 4485# include <sys/types.h> 4486#endif 4487#include <netinet/in.h> 4488#include <arpa/nameser.h> 4489#include <resolv.h> 4490extern struct __res_state _res; 4491 ]], [[ 4492struct __res_state *volatile p = &_res; /* force resolution of _res */ 4493return 0; 4494 ]],)], 4495 [AC_MSG_RESULT([yes]) 4496 AC_DEFINE([HAVE__RES_EXTERN], [1], 4497 [Define if you have struct __res_state _res as an extern]) 4498 ], 4499 [ AC_MSG_RESULT([no]) ] 4500) 4501 4502# Check whether user wants SELinux support 4503SELINUX_MSG="no" 4504LIBSELINUX="" 4505AC_ARG_WITH([selinux], 4506 [ --with-selinux Enable SELinux support], 4507 [ if test "x$withval" != "xno" ; then 4508 save_LIBS="$LIBS" 4509 AC_DEFINE([WITH_SELINUX], [1], 4510 [Define if you want SELinux support.]) 4511 SELINUX_MSG="yes" 4512 AC_CHECK_HEADER([selinux/selinux.h], , 4513 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4514 AC_CHECK_LIB([selinux], [setexeccon], 4515 [ LIBSELINUX="-lselinux" 4516 LIBS="$LIBS -lselinux" 4517 ], 4518 AC_MSG_ERROR([SELinux support requires libselinux library])) 4519 SSHLIBS="$SSHLIBS $LIBSELINUX" 4520 SSHDLIBS="$SSHDLIBS $LIBSELINUX" 4521 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4522 LIBS="$save_LIBS" 4523 fi ] 4524) 4525AC_SUBST([SSHLIBS]) 4526AC_SUBST([SSHDLIBS]) 4527 4528# Check whether user wants Kerberos 5 support 4529KRB5_MSG="no" 4530AC_ARG_WITH([kerberos5], 4531 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4532 [ if test "x$withval" != "xno" ; then 4533 if test "x$withval" = "xyes" ; then 4534 KRB5ROOT="/usr/local" 4535 else 4536 KRB5ROOT=${withval} 4537 fi 4538 4539 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4540 KRB5_MSG="yes" 4541 4542 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4543 [$KRB5ROOT/bin/krb5-config], 4544 [$KRB5ROOT/bin:$PATH]) 4545 if test -x $KRB5CONF ; then 4546 K5CFLAGS="`$KRB5CONF --cflags`" 4547 K5LIBS="`$KRB5CONF --libs`" 4548 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4549 4550 AC_MSG_CHECKING([for gssapi support]) 4551 if $KRB5CONF | grep gssapi >/dev/null ; then 4552 AC_MSG_RESULT([yes]) 4553 AC_DEFINE([GSSAPI], [1], 4554 [Define this if you want GSSAPI 4555 support in the version 2 protocol]) 4556 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4557 GSSLIBS="`$KRB5CONF --libs gssapi`" 4558 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4559 else 4560 AC_MSG_RESULT([no]) 4561 fi 4562 AC_MSG_CHECKING([whether we are using Heimdal]) 4563 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4564 ]], [[ char *tmp = heimdal_version; ]])], 4565 [ AC_MSG_RESULT([yes]) 4566 AC_DEFINE([HEIMDAL], [1], 4567 [Define this if you are using the Heimdal 4568 version of Kerberos V5]) ], 4569 [AC_MSG_RESULT([no]) 4570 ]) 4571 else 4572 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4573 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4574 AC_MSG_CHECKING([whether we are using Heimdal]) 4575 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4576 ]], [[ char *tmp = heimdal_version; ]])], 4577 [ AC_MSG_RESULT([yes]) 4578 AC_DEFINE([HEIMDAL]) 4579 K5LIBS="-lkrb5" 4580 K5LIBS="$K5LIBS -lcom_err -lasn1" 4581 AC_CHECK_LIB([roken], [net_write], 4582 [K5LIBS="$K5LIBS -lroken"]) 4583 AC_CHECK_LIB([des], [des_cbc_encrypt], 4584 [K5LIBS="$K5LIBS -ldes"]) 4585 ], [ AC_MSG_RESULT([no]) 4586 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4587 ]) 4588 AC_SEARCH_LIBS([dn_expand], [resolv]) 4589 4590 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4591 [ AC_DEFINE([GSSAPI]) 4592 GSSLIBS="-lgssapi_krb5" ], 4593 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4594 [ AC_DEFINE([GSSAPI]) 4595 GSSLIBS="-lgssapi" ], 4596 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4597 [ AC_DEFINE([GSSAPI]) 4598 GSSLIBS="-lgss" ], 4599 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4600 ]) 4601 ]) 4602 4603 AC_CHECK_HEADER([gssapi.h], , 4604 [ unset ac_cv_header_gssapi_h 4605 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4606 AC_CHECK_HEADERS([gssapi.h], , 4607 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4608 ) 4609 ] 4610 ) 4611 4612 oldCPP="$CPPFLAGS" 4613 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4614 AC_CHECK_HEADER([gssapi_krb5.h], , 4615 [ CPPFLAGS="$oldCPP" ]) 4616 4617 fi 4618 if test -n "${rpath_opt}" ; then 4619 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4620 fi 4621 if test ! -z "$blibpath" ; then 4622 blibpath="$blibpath:${KRB5ROOT}/lib" 4623 fi 4624 4625 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4626 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4627 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4628 4629 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4630 [Define this if you want to use libkafs' AFS support])]) 4631 4632 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4633#ifdef HAVE_GSSAPI_H 4634# include <gssapi.h> 4635#elif defined(HAVE_GSSAPI_GSSAPI_H) 4636# include <gssapi/gssapi.h> 4637#endif 4638 4639#ifdef HAVE_GSSAPI_GENERIC_H 4640# include <gssapi_generic.h> 4641#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4642# include <gssapi/gssapi_generic.h> 4643#endif 4644 ]]) 4645 saved_LIBS="$LIBS" 4646 LIBS="$LIBS $K5LIBS" 4647 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4648 LIBS="$saved_LIBS" 4649 4650 fi 4651 ] 4652) 4653AC_SUBST([GSSLIBS]) 4654AC_SUBST([K5LIBS]) 4655 4656# Looking for programs, paths and files 4657 4658PRIVSEP_PATH=/var/empty 4659AC_ARG_WITH([privsep-path], 4660 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4661 [ 4662 if test -n "$withval" && test "x$withval" != "xno" && \ 4663 test "x${withval}" != "xyes"; then 4664 PRIVSEP_PATH=$withval 4665 fi 4666 ] 4667) 4668AC_SUBST([PRIVSEP_PATH]) 4669 4670AC_ARG_WITH([xauth], 4671 [ --with-xauth=PATH Specify path to xauth program ], 4672 [ 4673 if test -n "$withval" && test "x$withval" != "xno" && \ 4674 test "x${withval}" != "xyes"; then 4675 xauth_path=$withval 4676 fi 4677 ], 4678 [ 4679 TestPath="$PATH" 4680 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4681 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4682 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4683 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4684 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4685 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4686 xauth_path="/usr/openwin/bin/xauth" 4687 fi 4688 ] 4689) 4690 4691STRIP_OPT=-s 4692AC_ARG_ENABLE([strip], 4693 [ --disable-strip Disable calling strip(1) on install], 4694 [ 4695 if test "x$enableval" = "xno" ; then 4696 STRIP_OPT= 4697 fi 4698 ] 4699) 4700AC_SUBST([STRIP_OPT]) 4701 4702if test -z "$xauth_path" ; then 4703 XAUTH_PATH="undefined" 4704 AC_SUBST([XAUTH_PATH]) 4705else 4706 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4707 [Define if xauth is found in your path]) 4708 XAUTH_PATH=$xauth_path 4709 AC_SUBST([XAUTH_PATH]) 4710fi 4711 4712dnl # --with-maildir=/path/to/mail gets top priority. 4713dnl # if maildir is set in the platform case statement above we use that. 4714dnl # Otherwise we run a program to get the dir from system headers. 4715dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4716dnl # If we find _PATH_MAILDIR we do nothing because that is what 4717dnl # session.c expects anyway. Otherwise we set to the value found 4718dnl # stripping any trailing slash. If for some strage reason our program 4719dnl # does not find what it needs, we default to /var/spool/mail. 4720# Check for mail directory 4721AC_ARG_WITH([maildir], 4722 [ --with-maildir=/path/to/mail Specify your system mail directory], 4723 [ 4724 if test "X$withval" != X && test "x$withval" != xno && \ 4725 test "x${withval}" != xyes; then 4726 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4727 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4728 fi 4729 ],[ 4730 if test "X$maildir" != "X"; then 4731 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4732 else 4733 AC_MSG_CHECKING([Discovering system mail directory]) 4734 AC_RUN_IFELSE( 4735 [AC_LANG_PROGRAM([[ 4736#include <stdio.h> 4737#include <string.h> 4738#ifdef HAVE_PATHS_H 4739#include <paths.h> 4740#endif 4741#ifdef HAVE_MAILLOCK_H 4742#include <maillock.h> 4743#endif 4744#define DATA "conftest.maildir" 4745 ]], [[ 4746 FILE *fd; 4747 int rc; 4748 4749 fd = fopen(DATA,"w"); 4750 if(fd == NULL) 4751 exit(1); 4752 4753#if defined (_PATH_MAILDIR) 4754 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4755 exit(1); 4756#elif defined (MAILDIR) 4757 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4758 exit(1); 4759#elif defined (_PATH_MAIL) 4760 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4761 exit(1); 4762#else 4763 exit (2); 4764#endif 4765 4766 exit(0); 4767 ]])], 4768 [ 4769 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4770 maildir=`awk -F: '{print $2}' conftest.maildir \ 4771 | sed 's|/$||'` 4772 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4773 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4774 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4775 fi 4776 ], 4777 [ 4778 if test "X$ac_status" = "X2";then 4779# our test program didn't find it. Default to /var/spool/mail 4780 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4781 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4782 else 4783 AC_MSG_RESULT([*** not found ***]) 4784 fi 4785 ], 4786 [ 4787 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4788 ] 4789 ) 4790 fi 4791 ] 4792) # maildir 4793 4794if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4795 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4796 disable_ptmx_check=yes 4797fi 4798if test -z "$no_dev_ptmx" ; then 4799 if test "x$disable_ptmx_check" != "xyes" ; then 4800 AC_CHECK_FILE(["/dev/ptmx"], 4801 [ 4802 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4803 [Define if you have /dev/ptmx]) 4804 have_dev_ptmx=1 4805 ] 4806 ) 4807 fi 4808fi 4809 4810if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4811 AC_CHECK_FILE(["/dev/ptc"], 4812 [ 4813 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4814 [Define if you have /dev/ptc]) 4815 have_dev_ptc=1 4816 ] 4817 ) 4818else 4819 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4820fi 4821 4822# Options from here on. Some of these are preset by platform above 4823AC_ARG_WITH([mantype], 4824 [ --with-mantype=man|cat|doc Set man page type], 4825 [ 4826 case "$withval" in 4827 man|cat|doc) 4828 MANTYPE=$withval 4829 ;; 4830 *) 4831 AC_MSG_ERROR([invalid man type: $withval]) 4832 ;; 4833 esac 4834 ] 4835) 4836if test -z "$MANTYPE"; then 4837 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 4838 MANTYPE=doc 4839 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4840 MANTYPE=doc 4841 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4842 MANTYPE=man 4843 else 4844 MANTYPE=cat 4845 fi 4846fi 4847AC_SUBST([MANTYPE]) 4848if test "$MANTYPE" = "doc"; then 4849 mansubdir=man; 4850else 4851 mansubdir=$MANTYPE; 4852fi 4853AC_SUBST([mansubdir]) 4854 4855# Check whether to enable MD5 passwords 4856MD5_MSG="no" 4857AC_ARG_WITH([md5-passwords], 4858 [ --with-md5-passwords Enable use of MD5 passwords], 4859 [ 4860 if test "x$withval" != "xno" ; then 4861 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4862 [Define if you want to allow MD5 passwords]) 4863 MD5_MSG="yes" 4864 fi 4865 ] 4866) 4867 4868# Whether to disable shadow password support 4869AC_ARG_WITH([shadow], 4870 [ --without-shadow Disable shadow password support], 4871 [ 4872 if test "x$withval" = "xno" ; then 4873 AC_DEFINE([DISABLE_SHADOW]) 4874 disable_shadow=yes 4875 fi 4876 ] 4877) 4878 4879if test -z "$disable_shadow" ; then 4880 AC_MSG_CHECKING([if the systems has expire shadow information]) 4881 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4882#include <sys/types.h> 4883#include <shadow.h> 4884struct spwd sp; 4885 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4886 [ sp_expire_available=yes ], [ 4887 ]) 4888 4889 if test "x$sp_expire_available" = "xyes" ; then 4890 AC_MSG_RESULT([yes]) 4891 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4892 [Define if you want to use shadow password expire field]) 4893 else 4894 AC_MSG_RESULT([no]) 4895 fi 4896fi 4897 4898# Use ip address instead of hostname in $DISPLAY 4899if test ! -z "$IPADDR_IN_DISPLAY" ; then 4900 DISPLAY_HACK_MSG="yes" 4901 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4902 [Define if you need to use IP address 4903 instead of hostname in $DISPLAY]) 4904else 4905 DISPLAY_HACK_MSG="no" 4906 AC_ARG_WITH([ipaddr-display], 4907 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 4908 [ 4909 if test "x$withval" != "xno" ; then 4910 AC_DEFINE([IPADDR_IN_DISPLAY]) 4911 DISPLAY_HACK_MSG="yes" 4912 fi 4913 ] 4914 ) 4915fi 4916 4917# check for /etc/default/login and use it if present. 4918AC_ARG_ENABLE([etc-default-login], 4919 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4920 [ if test "x$enableval" = "xno"; then 4921 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4922 etc_default_login=no 4923 else 4924 etc_default_login=yes 4925 fi ], 4926 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4927 then 4928 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4929 etc_default_login=no 4930 else 4931 etc_default_login=yes 4932 fi ] 4933) 4934 4935if test "x$etc_default_login" != "xno"; then 4936 AC_CHECK_FILE(["/etc/default/login"], 4937 [ external_path_file=/etc/default/login ]) 4938 if test "x$external_path_file" = "x/etc/default/login"; then 4939 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4940 [Define if your system has /etc/default/login]) 4941 fi 4942fi 4943 4944dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4945if test $ac_cv_func_login_getcapbool = "yes" && \ 4946 test $ac_cv_header_login_cap_h = "yes" ; then 4947 external_path_file=/etc/login.conf 4948fi 4949 4950# Whether to mess with the default path 4951SERVER_PATH_MSG="(default)" 4952AC_ARG_WITH([default-path], 4953 [ --with-default-path= Specify default $PATH environment for server], 4954 [ 4955 if test "x$external_path_file" = "x/etc/login.conf" ; then 4956 AC_MSG_WARN([ 4957--with-default-path=PATH has no effect on this system. 4958Edit /etc/login.conf instead.]) 4959 elif test "x$withval" != "xno" ; then 4960 if test ! -z "$external_path_file" ; then 4961 AC_MSG_WARN([ 4962--with-default-path=PATH will only be used if PATH is not defined in 4963$external_path_file .]) 4964 fi 4965 user_path="$withval" 4966 SERVER_PATH_MSG="$withval" 4967 fi 4968 ], 4969 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 4970 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 4971 else 4972 if test ! -z "$external_path_file" ; then 4973 AC_MSG_WARN([ 4974If PATH is defined in $external_path_file, ensure the path to scp is included, 4975otherwise scp will not work.]) 4976 fi 4977 AC_RUN_IFELSE( 4978 [AC_LANG_PROGRAM([[ 4979/* find out what STDPATH is */ 4980#include <stdio.h> 4981#ifdef HAVE_PATHS_H 4982# include <paths.h> 4983#endif 4984#ifndef _PATH_STDPATH 4985# ifdef _PATH_USERPATH /* Irix */ 4986# define _PATH_STDPATH _PATH_USERPATH 4987# else 4988# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 4989# endif 4990#endif 4991#include <sys/types.h> 4992#include <sys/stat.h> 4993#include <fcntl.h> 4994#define DATA "conftest.stdpath" 4995 ]], [[ 4996 FILE *fd; 4997 int rc; 4998 4999 fd = fopen(DATA,"w"); 5000 if(fd == NULL) 5001 exit(1); 5002 5003 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5004 exit(1); 5005 5006 exit(0); 5007 ]])], 5008 [ user_path=`cat conftest.stdpath` ], 5009 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5010 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5011 ) 5012# make sure $bindir is in USER_PATH so scp will work 5013 t_bindir="${bindir}" 5014 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5015 t_bindir=`eval echo ${t_bindir}` 5016 case $t_bindir in 5017 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5018 esac 5019 case $t_bindir in 5020 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5021 esac 5022 done 5023 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5024 if test $? -ne 0 ; then 5025 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5026 if test $? -ne 0 ; then 5027 user_path=$user_path:$t_bindir 5028 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5029 fi 5030 fi 5031 fi ] 5032) 5033if test "x$external_path_file" != "x/etc/login.conf" ; then 5034 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5035 AC_SUBST([user_path]) 5036fi 5037 5038# Set superuser path separately to user path 5039AC_ARG_WITH([superuser-path], 5040 [ --with-superuser-path= Specify different path for super-user], 5041 [ 5042 if test -n "$withval" && test "x$withval" != "xno" && \ 5043 test "x${withval}" != "xyes"; then 5044 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5045 [Define if you want a different $PATH 5046 for the superuser]) 5047 superuser_path=$withval 5048 fi 5049 ] 5050) 5051 5052 5053AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5054IPV4_IN6_HACK_MSG="no" 5055AC_ARG_WITH(4in6, 5056 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5057 [ 5058 if test "x$withval" != "xno" ; then 5059 AC_MSG_RESULT([yes]) 5060 AC_DEFINE([IPV4_IN_IPV6], [1], 5061 [Detect IPv4 in IPv6 mapped addresses 5062 and treat as IPv4]) 5063 IPV4_IN6_HACK_MSG="yes" 5064 else 5065 AC_MSG_RESULT([no]) 5066 fi 5067 ], [ 5068 if test "x$inet6_default_4in6" = "xyes"; then 5069 AC_MSG_RESULT([yes (default)]) 5070 AC_DEFINE([IPV4_IN_IPV6]) 5071 IPV4_IN6_HACK_MSG="yes" 5072 else 5073 AC_MSG_RESULT([no (default)]) 5074 fi 5075 ] 5076) 5077 5078# Whether to enable BSD auth support 5079BSD_AUTH_MSG=no 5080AC_ARG_WITH([bsd-auth], 5081 [ --with-bsd-auth Enable BSD auth support], 5082 [ 5083 if test "x$withval" != "xno" ; then 5084 AC_DEFINE([BSD_AUTH], [1], 5085 [Define if you have BSD auth support]) 5086 BSD_AUTH_MSG=yes 5087 fi 5088 ] 5089) 5090 5091# Where to place sshd.pid 5092piddir=/var/run 5093# make sure the directory exists 5094if test ! -d $piddir ; then 5095 piddir=`eval echo ${sysconfdir}` 5096 case $piddir in 5097 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5098 esac 5099fi 5100 5101AC_ARG_WITH([pid-dir], 5102 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5103 [ 5104 if test -n "$withval" && test "x$withval" != "xno" && \ 5105 test "x${withval}" != "xyes"; then 5106 piddir=$withval 5107 if test ! -d $piddir ; then 5108 AC_MSG_WARN([** no $piddir directory on this system **]) 5109 fi 5110 fi 5111 ] 5112) 5113 5114AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5115 [Specify location of ssh.pid]) 5116AC_SUBST([piddir]) 5117 5118dnl allow user to disable some login recording features 5119AC_ARG_ENABLE([lastlog], 5120 [ --disable-lastlog disable use of lastlog even if detected [no]], 5121 [ 5122 if test "x$enableval" = "xno" ; then 5123 AC_DEFINE([DISABLE_LASTLOG]) 5124 fi 5125 ] 5126) 5127AC_ARG_ENABLE([utmp], 5128 [ --disable-utmp disable use of utmp even if detected [no]], 5129 [ 5130 if test "x$enableval" = "xno" ; then 5131 AC_DEFINE([DISABLE_UTMP]) 5132 fi 5133 ] 5134) 5135AC_ARG_ENABLE([utmpx], 5136 [ --disable-utmpx disable use of utmpx even if detected [no]], 5137 [ 5138 if test "x$enableval" = "xno" ; then 5139 AC_DEFINE([DISABLE_UTMPX], [1], 5140 [Define if you don't want to use utmpx]) 5141 fi 5142 ] 5143) 5144AC_ARG_ENABLE([wtmp], 5145 [ --disable-wtmp disable use of wtmp even if detected [no]], 5146 [ 5147 if test "x$enableval" = "xno" ; then 5148 AC_DEFINE([DISABLE_WTMP]) 5149 fi 5150 ] 5151) 5152AC_ARG_ENABLE([wtmpx], 5153 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5154 [ 5155 if test "x$enableval" = "xno" ; then 5156 AC_DEFINE([DISABLE_WTMPX], [1], 5157 [Define if you don't want to use wtmpx]) 5158 fi 5159 ] 5160) 5161AC_ARG_ENABLE([libutil], 5162 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5163 [ 5164 if test "x$enableval" = "xno" ; then 5165 AC_DEFINE([DISABLE_LOGIN]) 5166 fi 5167 ] 5168) 5169AC_ARG_ENABLE([pututline], 5170 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5171 [ 5172 if test "x$enableval" = "xno" ; then 5173 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5174 [Define if you don't want to use pututline() 5175 etc. to write [uw]tmp]) 5176 fi 5177 ] 5178) 5179AC_ARG_ENABLE([pututxline], 5180 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5181 [ 5182 if test "x$enableval" = "xno" ; then 5183 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5184 [Define if you don't want to use pututxline() 5185 etc. to write [uw]tmpx]) 5186 fi 5187 ] 5188) 5189AC_ARG_WITH([lastlog], 5190 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5191 [ 5192 if test "x$withval" = "xno" ; then 5193 AC_DEFINE([DISABLE_LASTLOG]) 5194 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5195 conf_lastlog_location=$withval 5196 fi 5197 ] 5198) 5199 5200dnl lastlog, [uw]tmpx? detection 5201dnl NOTE: set the paths in the platform section to avoid the 5202dnl need for command-line parameters 5203dnl lastlog and [uw]tmp are subject to a file search if all else fails 5204 5205dnl lastlog detection 5206dnl NOTE: the code itself will detect if lastlog is a directory 5207AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5208AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5209#include <sys/types.h> 5210#include <utmp.h> 5211#ifdef HAVE_LASTLOG_H 5212# include <lastlog.h> 5213#endif 5214#ifdef HAVE_PATHS_H 5215# include <paths.h> 5216#endif 5217#ifdef HAVE_LOGIN_H 5218# include <login.h> 5219#endif 5220 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5221 [ AC_MSG_RESULT([yes]) ], 5222 [ 5223 AC_MSG_RESULT([no]) 5224 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5225 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5226#include <sys/types.h> 5227#include <utmp.h> 5228#ifdef HAVE_LASTLOG_H 5229# include <lastlog.h> 5230#endif 5231#ifdef HAVE_PATHS_H 5232# include <paths.h> 5233#endif 5234 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5235 [ AC_MSG_RESULT([yes]) ], 5236 [ 5237 AC_MSG_RESULT([no]) 5238 system_lastlog_path=no 5239 ]) 5240]) 5241 5242if test -z "$conf_lastlog_location"; then 5243 if test x"$system_lastlog_path" = x"no" ; then 5244 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5245 if (test -d "$f" || test -f "$f") ; then 5246 conf_lastlog_location=$f 5247 fi 5248 done 5249 if test -z "$conf_lastlog_location"; then 5250 AC_MSG_WARN([** Cannot find lastlog **]) 5251 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5252 fi 5253 fi 5254fi 5255 5256if test -n "$conf_lastlog_location"; then 5257 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5258 [Define if you want to specify the path to your lastlog file]) 5259fi 5260 5261dnl utmp detection 5262AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5263AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5264#include <sys/types.h> 5265#include <utmp.h> 5266#ifdef HAVE_PATHS_H 5267# include <paths.h> 5268#endif 5269 ]], [[ char *utmp = UTMP_FILE; ]])], 5270 [ AC_MSG_RESULT([yes]) ], 5271 [ AC_MSG_RESULT([no]) 5272 system_utmp_path=no 5273]) 5274if test -z "$conf_utmp_location"; then 5275 if test x"$system_utmp_path" = x"no" ; then 5276 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5277 if test -f $f ; then 5278 conf_utmp_location=$f 5279 fi 5280 done 5281 if test -z "$conf_utmp_location"; then 5282 AC_DEFINE([DISABLE_UTMP]) 5283 fi 5284 fi 5285fi 5286if test -n "$conf_utmp_location"; then 5287 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5288 [Define if you want to specify the path to your utmp file]) 5289fi 5290 5291dnl wtmp detection 5292AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5293AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5294#include <sys/types.h> 5295#include <utmp.h> 5296#ifdef HAVE_PATHS_H 5297# include <paths.h> 5298#endif 5299 ]], [[ char *wtmp = WTMP_FILE; ]])], 5300 [ AC_MSG_RESULT([yes]) ], 5301 [ AC_MSG_RESULT([no]) 5302 system_wtmp_path=no 5303]) 5304if test -z "$conf_wtmp_location"; then 5305 if test x"$system_wtmp_path" = x"no" ; then 5306 for f in /usr/adm/wtmp /var/log/wtmp; do 5307 if test -f $f ; then 5308 conf_wtmp_location=$f 5309 fi 5310 done 5311 if test -z "$conf_wtmp_location"; then 5312 AC_DEFINE([DISABLE_WTMP]) 5313 fi 5314 fi 5315fi 5316if test -n "$conf_wtmp_location"; then 5317 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5318 [Define if you want to specify the path to your wtmp file]) 5319fi 5320 5321dnl wtmpx detection 5322AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5323AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5324#include <sys/types.h> 5325#include <utmp.h> 5326#ifdef HAVE_UTMPX_H 5327#include <utmpx.h> 5328#endif 5329#ifdef HAVE_PATHS_H 5330# include <paths.h> 5331#endif 5332 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5333 [ AC_MSG_RESULT([yes]) ], 5334 [ AC_MSG_RESULT([no]) 5335 system_wtmpx_path=no 5336]) 5337if test -z "$conf_wtmpx_location"; then 5338 if test x"$system_wtmpx_path" = x"no" ; then 5339 AC_DEFINE([DISABLE_WTMPX]) 5340 fi 5341else 5342 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5343 [Define if you want to specify the path to your wtmpx file]) 5344fi 5345 5346 5347if test ! -z "$blibpath" ; then 5348 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5349 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5350fi 5351 5352AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5353 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5354 AC_DEFINE([DISABLE_LASTLOG]) 5355 fi 5356 ], [ 5357#ifdef HAVE_SYS_TYPES_H 5358#include <sys/types.h> 5359#endif 5360#ifdef HAVE_UTMP_H 5361#include <utmp.h> 5362#endif 5363#ifdef HAVE_UTMPX_H 5364#include <utmpx.h> 5365#endif 5366#ifdef HAVE_LASTLOG_H 5367#include <lastlog.h> 5368#endif 5369 ]) 5370 5371AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5372 AC_DEFINE([DISABLE_UTMP]) 5373 AC_DEFINE([DISABLE_WTMP]) 5374 ], [ 5375#ifdef HAVE_SYS_TYPES_H 5376#include <sys/types.h> 5377#endif 5378#ifdef HAVE_UTMP_H 5379#include <utmp.h> 5380#endif 5381#ifdef HAVE_UTMPX_H 5382#include <utmpx.h> 5383#endif 5384#ifdef HAVE_LASTLOG_H 5385#include <lastlog.h> 5386#endif 5387 ]) 5388 5389dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5390dnl Add now. 5391CFLAGS="$CFLAGS $werror_flags" 5392 5393if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5394 TEST_SSH_IPV6=no 5395else 5396 TEST_SSH_IPV6=yes 5397fi 5398AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5399AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5400AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5401AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5402AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5403AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5404 5405CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5406LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5407 5408# Make a copy of CFLAGS/LDFLAGS without PIE options. 5409LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5410CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5411AC_SUBST([LDFLAGS_NOPIE]) 5412AC_SUBST([CFLAGS_NOPIE]) 5413 5414AC_EXEEXT 5415AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5416 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5417 survey.sh]) 5418AC_OUTPUT 5419 5420# Print summary of options 5421 5422# Someone please show me a better way :) 5423A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5424B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5425C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5426D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5427E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5428F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5429G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5430H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5431I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5432J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5433 5434echo "" 5435echo "OpenSSH has been configured with the following options:" 5436echo " User binaries: $B" 5437echo " System binaries: $C" 5438echo " Configuration files: $D" 5439echo " Askpass program: $E" 5440echo " Manual pages: $F" 5441echo " PID file: $G" 5442echo " Privilege separation chroot path: $H" 5443if test "x$external_path_file" = "x/etc/login.conf" ; then 5444echo " At runtime, sshd will use the path defined in $external_path_file" 5445echo " Make sure the path to scp is present, otherwise scp will not work" 5446else 5447echo " sshd default user PATH: $I" 5448 if test ! -z "$external_path_file"; then 5449echo " (If PATH is set in $external_path_file it will be used instead. If" 5450echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5451 fi 5452fi 5453if test ! -z "$superuser_path" ; then 5454echo " sshd superuser user PATH: $J" 5455fi 5456echo " Manpage format: $MANTYPE" 5457echo " PAM support: $PAM_MSG" 5458echo " OSF SIA support: $SIA_MSG" 5459echo " KerberosV support: $KRB5_MSG" 5460echo " SELinux support: $SELINUX_MSG" 5461echo " MD5 password support: $MD5_MSG" 5462echo " libedit support: $LIBEDIT_MSG" 5463echo " libldns support: $LDNS_MSG" 5464echo " Solaris process contract support: $SPC_MSG" 5465echo " Solaris project support: $SP_MSG" 5466echo " Solaris privilege support: $SPP_MSG" 5467echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5468echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5469echo " BSD Auth support: $BSD_AUTH_MSG" 5470echo " Random number source: $RAND_MSG" 5471echo " Privsep sandbox style: $SANDBOX_STYLE" 5472echo " PKCS#11 support: $enable_pkcs11" 5473echo " U2F/FIDO support: $enable_sk" 5474 5475echo "" 5476 5477echo " Host: ${host}" 5478echo " Compiler: ${CC}" 5479echo " Compiler flags: ${CFLAGS}" 5480echo "Preprocessor flags: ${CPPFLAGS}" 5481echo " Linker flags: ${LDFLAGS}" 5482echo " Libraries: ${LIBS}" 5483if test ! -z "${SSHDLIBS}"; then 5484echo " +for sshd: ${SSHDLIBS}" 5485fi 5486if test ! -z "${SSHLIBS}"; then 5487echo " +for ssh: ${SSHLIBS}" 5488fi 5489 5490echo "" 5491 5492if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5493 echo "SVR4 style packages are supported with \"make package\"" 5494 echo "" 5495fi 5496 5497if test "x$PAM_MSG" = "xyes" ; then 5498 echo "PAM is enabled. You may need to install a PAM control file " 5499 echo "for sshd, otherwise password authentication may fail. " 5500 echo "Example PAM control files can be found in the contrib/ " 5501 echo "subdirectory" 5502 echo "" 5503fi 5504 5505if test ! -z "$NO_PEERCHECK" ; then 5506 echo "WARNING: the operating system that you are using does not" 5507 echo "appear to support getpeereid(), getpeerucred() or the" 5508 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5509 echo "enforce security checks to prevent unauthorised connections to" 5510 echo "ssh-agent. Their absence increases the risk that a malicious" 5511 echo "user can connect to your agent." 5512 echo "" 5513fi 5514 5515if test "$AUDIT_MODULE" = "bsm" ; then 5516 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5517 echo "See the Solaris section in README.platform for details." 5518fi 5519