1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_CONFIG_MACRO_DIR([m4]) 18AC_CONFIG_SRCDIR([ssh.c]) 19AC_LANG([C]) 20 21AC_CONFIG_HEADERS([config.h]) 22AC_PROG_CC([cc gcc]) 23 24# XXX relax this after reimplementing logit() etc. 25AC_MSG_CHECKING([if $CC supports C99-style variadic macros]) 26AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 27int f(int a, int b, int c) { return a + b + c; } 28#define F(a, ...) f(a, __VA_ARGS__) 29]], [[return F(1, 2, -3);]])], 30 [ AC_MSG_RESULT([yes]) ], 31 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ] 32) 33 34AC_CANONICAL_HOST 35AC_C_BIGENDIAN 36 37# Checks for programs. 38AC_PROG_AWK 39AC_PROG_CPP 40AC_PROG_RANLIB 41AC_PROG_INSTALL 42AC_PROG_EGREP 43AC_PROG_MKDIR_P 44AC_CHECK_TOOLS([AR], [ar]) 45AC_PATH_PROG([CAT], [cat]) 46AC_PATH_PROG([KILL], [kill]) 47AC_PATH_PROG([SED], [sed]) 48AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 49AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 50AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 51AC_PATH_PROG([SH], [sh]) 52AC_PATH_PROG([GROFF], [groff]) 53AC_PATH_PROG([NROFF], [nroff awf]) 54AC_PATH_PROG([MANDOC], [mandoc]) 55AC_SUBST([TEST_SHELL], [sh]) 56 57dnl select manpage formatter to be used to build "cat" format pages. 58if test "x$MANDOC" != "x" ; then 59 MANFMT="$MANDOC" 60elif test "x$NROFF" != "x" ; then 61 MANFMT="$NROFF -mandoc" 62elif test "x$GROFF" != "x" ; then 63 MANFMT="$GROFF -mandoc -Tascii" 64else 65 AC_MSG_WARN([no manpage formatter found]) 66 MANFMT="false" 67fi 68AC_SUBST([MANFMT]) 69 70dnl for buildpkg.sh 71AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 72 [/usr/sbin${PATH_SEPARATOR}/etc]) 73AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 74 [/usr/sbin${PATH_SEPARATOR}/etc]) 75AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 76if test -x /sbin/sh; then 77 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 78else 79 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 80fi 81 82# System features 83AC_SYS_LARGEFILE 84 85if test -z "$AR" ; then 86 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 87fi 88 89AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 90if test ! -z "$PATH_PASSWD_PROG" ; then 91 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 92 [Full path of your "passwd" program]) 93fi 94 95dnl Since autoconf doesn't support it very well, we no longer allow users to 96dnl override LD, however keeping the hook here for now in case there's a use 97dnl use case we overlooked and someone needs to re-enable it. Unless a good 98dnl reason is found we'll be removing this in future. 99LD="$CC" 100AC_SUBST([LD]) 101 102AC_C_INLINE 103 104AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 105AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 106AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 107 #include <sys/types.h> 108 #include <sys/param.h> 109 #include <dev/systrace.h> 110]) 111AC_CHECK_DECL([RLIMIT_NPROC], 112 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 113 #include <sys/types.h> 114 #include <sys/resource.h> 115]) 116AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 117 #include <sys/types.h> 118 #include <linux/prctl.h> 119]) 120 121openssl=yes 122AC_ARG_WITH([openssl], 123 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 124 [ if test "x$withval" = "xno" ; then 125 openssl=no 126 fi 127 ] 128) 129AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 130if test "x$openssl" = "xyes" ; then 131 AC_MSG_RESULT([yes]) 132 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 133else 134 AC_MSG_RESULT([no]) 135fi 136 137use_stack_protector=1 138use_toolchain_hardening=1 139AC_ARG_WITH([stackprotect], 140 [ --without-stackprotect Don't use compiler's stack protection], [ 141 if test "x$withval" = "xno"; then 142 use_stack_protector=0 143 fi ]) 144AC_ARG_WITH([hardening], 145 [ --without-hardening Don't use toolchain hardening flags], [ 146 if test "x$withval" = "xno"; then 147 use_toolchain_hardening=0 148 fi ]) 149 150# We use -Werror for the tests only so that we catch warnings like "this is 151# on by default" for things like -fPIE. 152AC_MSG_CHECKING([if $CC supports -Werror]) 153saved_CFLAGS="$CFLAGS" 154CFLAGS="$CFLAGS -Werror" 155AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 156 [ AC_MSG_RESULT([yes]) 157 WERROR="-Werror"], 158 [ AC_MSG_RESULT([no]) 159 WERROR="" ] 160) 161CFLAGS="$saved_CFLAGS" 162 163if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 164 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 165 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 166 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 167 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 168 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 169 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 170 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 171 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 172 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 173 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 174 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 175 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 176 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 177 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 178 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 179 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 180 if test "x$use_toolchain_hardening" = "x1"; then 181 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 182 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 183 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 184 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 185 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 186 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 187 # NB. -ftrapv expects certain support functions to be present in 188 # the compiler library (libgcc or similar) to detect integer operations 189 # that can overflow. We must check that the result of enabling it 190 # actually links. The test program compiled/linked includes a number 191 # of integer operations that should exercise this. 192 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 193 fi 194 AC_MSG_CHECKING([gcc version]) 195 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 196 case $GCC_VER in 197 1.*) no_attrib_nonnull=1 ;; 198 2.8* | 2.9*) 199 no_attrib_nonnull=1 200 ;; 201 2.*) no_attrib_nonnull=1 ;; 202 *) ;; 203 esac 204 AC_MSG_RESULT([$GCC_VER]) 205 206 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 207 saved_CFLAGS="$CFLAGS" 208 CFLAGS="$CFLAGS -fno-builtin-memset" 209 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 210 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 211 [ AC_MSG_RESULT([yes]) ], 212 [ AC_MSG_RESULT([no]) 213 CFLAGS="$saved_CFLAGS" ] 214 ) 215 216 # -fstack-protector-all doesn't always work for some GCC versions 217 # and/or platforms, so we test if we can. If it's not supported 218 # on a given platform gcc will emit a warning so we use -Werror. 219 if test "x$use_stack_protector" = "x1"; then 220 for t in -fstack-protector-strong -fstack-protector-all \ 221 -fstack-protector; do 222 AC_MSG_CHECKING([if $CC supports $t]) 223 saved_CFLAGS="$CFLAGS" 224 saved_LDFLAGS="$LDFLAGS" 225 CFLAGS="$CFLAGS $t -Werror" 226 LDFLAGS="$LDFLAGS $t -Werror" 227 AC_LINK_IFELSE( 228 [AC_LANG_PROGRAM([[ 229 #include <stdio.h> 230 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 231 ]], 232 [[ 233 char x[256]; 234 snprintf(x, sizeof(x), "XXX%d", func(1)); 235 ]])], 236 [ AC_MSG_RESULT([yes]) 237 CFLAGS="$saved_CFLAGS $t" 238 LDFLAGS="$saved_LDFLAGS $t" 239 AC_MSG_CHECKING([if $t works]) 240 AC_RUN_IFELSE( 241 [AC_LANG_PROGRAM([[ 242 #include <stdio.h> 243 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 244 ]], 245 [[ 246 char x[256]; 247 snprintf(x, sizeof(x), "XXX%d", func(1)); 248 ]])], 249 [ AC_MSG_RESULT([yes]) 250 break ], 251 [ AC_MSG_RESULT([no]) ], 252 [ AC_MSG_WARN([cross compiling: cannot test]) 253 break ] 254 ) 255 ], 256 [ AC_MSG_RESULT([no]) ] 257 ) 258 CFLAGS="$saved_CFLAGS" 259 LDFLAGS="$saved_LDFLAGS" 260 done 261 fi 262 263 if test -z "$have_llong_max"; then 264 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 265 unset ac_cv_have_decl_LLONG_MAX 266 saved_CFLAGS="$CFLAGS" 267 CFLAGS="$CFLAGS -std=gnu99" 268 AC_CHECK_DECL([LLONG_MAX], 269 [have_llong_max=1], 270 [CFLAGS="$saved_CFLAGS"], 271 [#include <limits.h>] 272 ) 273 fi 274fi 275 276AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 277AC_COMPILE_IFELSE( 278 [AC_LANG_PROGRAM([[ 279#include <stdlib.h> 280__attribute__((__unused__)) static void foo(void){return;}]], 281 [[ exit(0); ]])], 282 [ AC_MSG_RESULT([yes]) ], 283 [ AC_MSG_RESULT([no]) 284 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 285 [compiler does not accept __attribute__ on return types]) ] 286) 287 288AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 289AC_COMPILE_IFELSE( 290 [AC_LANG_PROGRAM([[ 291#include <stdlib.h> 292typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 293 [[ exit(0); ]])], 294 [ AC_MSG_RESULT([yes]) ], 295 [ AC_MSG_RESULT([no]) 296 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 297 [compiler does not accept __attribute__ on prototype args]) ] 298) 299 300if test "x$no_attrib_nonnull" != "x1" ; then 301 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 302fi 303 304AC_ARG_WITH([rpath], 305 [ --without-rpath Disable auto-added -R linker paths], 306 [ 307 if test "x$withval" = "xno" ; then 308 rpath_opt="" 309 elif test "x$withval" = "xyes" ; then 310 rpath_opt="-R" 311 else 312 rpath_opt="$withval" 313 fi 314 ] 315) 316 317# Allow user to specify flags 318AC_ARG_WITH([cflags], 319 [ --with-cflags Specify additional flags to pass to compiler], 320 [ 321 if test -n "$withval" && test "x$withval" != "xno" && \ 322 test "x${withval}" != "xyes"; then 323 CFLAGS="$CFLAGS $withval" 324 fi 325 ] 326) 327 328AC_ARG_WITH([cflags-after], 329 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 330 [ 331 if test -n "$withval" && test "x$withval" != "xno" && \ 332 test "x${withval}" != "xyes"; then 333 CFLAGS_AFTER="$withval" 334 fi 335 ] 336) 337AC_ARG_WITH([cppflags], 338 [ --with-cppflags Specify additional flags to pass to preprocessor] , 339 [ 340 if test -n "$withval" && test "x$withval" != "xno" && \ 341 test "x${withval}" != "xyes"; then 342 CPPFLAGS="$CPPFLAGS $withval" 343 fi 344 ] 345) 346AC_ARG_WITH([ldflags], 347 [ --with-ldflags Specify additional flags to pass to linker], 348 [ 349 if test -n "$withval" && test "x$withval" != "xno" && \ 350 test "x${withval}" != "xyes"; then 351 LDFLAGS="$LDFLAGS $withval" 352 fi 353 ] 354) 355AC_ARG_WITH([ldflags-after], 356 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 357 [ 358 if test -n "$withval" && test "x$withval" != "xno" && \ 359 test "x${withval}" != "xyes"; then 360 LDFLAGS_AFTER="$withval" 361 fi 362 ] 363) 364AC_ARG_WITH([libs], 365 [ --with-libs Specify additional libraries to link with], 366 [ 367 if test -n "$withval" && test "x$withval" != "xno" && \ 368 test "x${withval}" != "xyes"; then 369 LIBS="$LIBS $withval" 370 fi 371 ] 372) 373AC_ARG_WITH([Werror], 374 [ --with-Werror Build main code with -Werror], 375 [ 376 if test -n "$withval" && test "x$withval" != "xno"; then 377 werror_flags="-Werror" 378 if test "x${withval}" != "xyes"; then 379 werror_flags="$withval" 380 fi 381 fi 382 ] 383) 384 385AC_CHECK_HEADERS([ \ 386 blf.h \ 387 bstring.h \ 388 crypt.h \ 389 crypto/sha2.h \ 390 dirent.h \ 391 endian.h \ 392 elf.h \ 393 err.h \ 394 features.h \ 395 fcntl.h \ 396 floatingpoint.h \ 397 fnmatch.h \ 398 getopt.h \ 399 glob.h \ 400 ia.h \ 401 iaf.h \ 402 ifaddrs.h \ 403 inttypes.h \ 404 langinfo.h \ 405 limits.h \ 406 locale.h \ 407 login.h \ 408 maillock.h \ 409 ndir.h \ 410 net/if_tun.h \ 411 netdb.h \ 412 netgroup.h \ 413 pam/pam_appl.h \ 414 paths.h \ 415 poll.h \ 416 pty.h \ 417 readpassphrase.h \ 418 rpc/types.h \ 419 security/pam_appl.h \ 420 sha2.h \ 421 shadow.h \ 422 stddef.h \ 423 stdint.h \ 424 string.h \ 425 strings.h \ 426 sys/bitypes.h \ 427 sys/byteorder.h \ 428 sys/bsdtty.h \ 429 sys/cdefs.h \ 430 sys/dir.h \ 431 sys/file.h \ 432 sys/mman.h \ 433 sys/label.h \ 434 sys/ndir.h \ 435 sys/poll.h \ 436 sys/prctl.h \ 437 sys/pstat.h \ 438 sys/ptrace.h \ 439 sys/random.h \ 440 sys/select.h \ 441 sys/stat.h \ 442 sys/stream.h \ 443 sys/stropts.h \ 444 sys/strtio.h \ 445 sys/statvfs.h \ 446 sys/sysmacros.h \ 447 sys/time.h \ 448 sys/timers.h \ 449 sys/vfs.h \ 450 time.h \ 451 tmpdir.h \ 452 ttyent.h \ 453 ucred.h \ 454 unistd.h \ 455 usersec.h \ 456 util.h \ 457 utime.h \ 458 utmp.h \ 459 utmpx.h \ 460 vis.h \ 461 wchar.h \ 462]) 463 464# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 465# to be included first. 466AC_CHECK_HEADERS([sys/audit.h], [], [], [ 467#ifdef HAVE_SYS_TIME_H 468# include <sys/time.h> 469#endif 470#ifdef HAVE_SYS_TYPES_H 471# include <sys/types.h> 472#endif 473#ifdef HAVE_SYS_LABEL_H 474# include <sys/label.h> 475#endif 476]) 477 478# sys/capsicum.h requires sys/types.h 479AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ 480#ifdef HAVE_SYS_TYPES_H 481# include <sys/types.h> 482#endif 483]) 484 485# net/route.h requires sys/socket.h and sys/types.h. 486# sys/sysctl.h also requires sys/param.h 487AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 488#ifdef HAVE_SYS_TYPES_H 489# include <sys/types.h> 490#endif 491#include <sys/param.h> 492#include <sys/socket.h> 493]) 494 495# lastlog.h requires sys/time.h to be included first on Solaris 496AC_CHECK_HEADERS([lastlog.h], [], [], [ 497#ifdef HAVE_SYS_TIME_H 498# include <sys/time.h> 499#endif 500]) 501 502# sys/ptms.h requires sys/stream.h to be included first on Solaris 503AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 504#ifdef HAVE_SYS_STREAM_H 505# include <sys/stream.h> 506#endif 507]) 508 509# login_cap.h requires sys/types.h on NetBSD 510AC_CHECK_HEADERS([login_cap.h], [], [], [ 511#include <sys/types.h> 512]) 513 514# older BSDs need sys/param.h before sys/mount.h 515AC_CHECK_HEADERS([sys/mount.h], [], [], [ 516#include <sys/param.h> 517]) 518 519# Android requires sys/socket.h to be included before sys/un.h 520AC_CHECK_HEADERS([sys/un.h], [], [], [ 521#include <sys/types.h> 522#include <sys/socket.h> 523]) 524 525# Messages for features tested for in target-specific section 526SIA_MSG="no" 527SPC_MSG="no" 528SP_MSG="no" 529SPP_MSG="no" 530 531# Support for Solaris/Illumos privileges (this test is used by both 532# the --with-solaris-privs option and --with-sandbox=solaris). 533SOLARIS_PRIVS="no" 534 535AC_CHECK_SIZEOF([size_t]) 536 537# Check for some target-specific stuff 538case "$host" in 539*-*-aix*) 540 # Some versions of VAC won't allow macro redefinitions at 541 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 542 # particularly with older versions of vac or xlc. 543 # It also throws errors about null macro arguments, but these are 544 # not fatal. 545 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 546 AC_COMPILE_IFELSE( 547 [AC_LANG_PROGRAM([[ 548#define testmacro foo 549#define testmacro bar]], 550 [[ exit(0); ]])], 551 [ AC_MSG_RESULT([yes]) ], 552 [ AC_MSG_RESULT([no]) 553 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 554 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 555 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 556 ] 557 ) 558 559 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 560 if (test -z "$blibpath"); then 561 blibpath="/usr/lib:/lib" 562 fi 563 saved_LDFLAGS="$LDFLAGS" 564 if test "$GCC" = "yes"; then 565 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 566 else 567 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 568 fi 569 for tryflags in $flags ;do 570 if (test -z "$blibflags"); then 571 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 572 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 573 [blibflags=$tryflags], []) 574 fi 575 done 576 if (test -z "$blibflags"); then 577 AC_MSG_RESULT([not found]) 578 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 579 else 580 AC_MSG_RESULT([$blibflags]) 581 fi 582 LDFLAGS="$saved_LDFLAGS" 583 dnl Check for authenticate. Might be in libs.a on older AIXes 584 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 585 [Define if you want to enable AIX4's authenticate function])], 586 [AC_CHECK_LIB([s], [authenticate], 587 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 588 LIBS="$LIBS -ls" 589 ]) 590 ]) 591 dnl Check for various auth function declarations in headers. 592 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 593 passwdexpired, setauthdb], , , [#include <usersec.h>]) 594 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 595 AC_CHECK_DECLS([loginfailed], 596 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 597 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 598 [[ (void)loginfailed("user","host","tty",0); ]])], 599 [AC_MSG_RESULT([yes]) 600 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 601 [Define if your AIX loginfailed() function 602 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 603 ])], 604 [], 605 [#include <usersec.h>] 606 ) 607 AC_CHECK_FUNCS([getgrset setauthdb]) 608 AC_CHECK_DECL([F_CLOSEM], 609 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 610 [], 611 [ #include <limits.h> 612 #include <fcntl.h> ] 613 ) 614 check_for_aix_broken_getaddrinfo=1 615 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 616 [Define if your platform breaks doing a seteuid before a setuid]) 617 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 618 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 619 dnl AIX handles lastlog as part of its login message 620 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 621 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 622 [Some systems need a utmpx entry for /bin/login to work]) 623 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 624 [Define to a Set Process Title type if your system is 625 supported by bsd-setproctitle.c]) 626 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 627 [AIX 5.2 and 5.3 (and presumably newer) require this]) 628 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 629 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 630 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 631 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 632 ;; 633*-*-android*) 634 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 635 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 636 ;; 637*-*-cygwin*) 638 check_for_libcrypt_later=1 639 LIBS="$LIBS /usr/lib/textreadmode.o" 640 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 641 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 642 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 643 [Define to disable UID restoration test]) 644 AC_DEFINE([DISABLE_SHADOW], [1], 645 [Define if you want to disable shadow passwords]) 646 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 647 [Define if X11 doesn't support AF_UNIX sockets on that system]) 648 AC_DEFINE([DISABLE_FD_PASSING], [1], 649 [Define if your platform needs to skip post auth 650 file descriptor passing]) 651 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 652 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 653 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 654 # reasons which cause compile warnings, so we disable those warnings. 655 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 656 ;; 657*-*-dgux*) 658 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 659 [Define if your system choked on IP TOS setting]) 660 AC_DEFINE([SETEUID_BREAKS_SETUID]) 661 AC_DEFINE([BROKEN_SETREUID]) 662 AC_DEFINE([BROKEN_SETREGID]) 663 ;; 664*-*-darwin*) 665 use_pie=auto 666 AC_MSG_CHECKING([if we have working getaddrinfo]) 667 AC_RUN_IFELSE([AC_LANG_SOURCE([[ 668#include <mach-o/dyld.h> 669#include <stdlib.h> 670main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 671 exit(0); 672 else 673 exit(1); 674} 675 ]])], 676 [AC_MSG_RESULT([working])], 677 [AC_MSG_RESULT([buggy]) 678 AC_DEFINE([BROKEN_GETADDRINFO], [1], 679 [getaddrinfo is broken (if present)]) 680 ], 681 [AC_MSG_RESULT([assume it is working])]) 682 AC_DEFINE([SETEUID_BREAKS_SETUID]) 683 AC_DEFINE([BROKEN_SETREUID]) 684 AC_DEFINE([BROKEN_SETREGID]) 685 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 686 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 687 [Define if your resolver libs need this for getrrsetbyname]) 688 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 689 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 690 [Use tunnel device compatibility to OpenBSD]) 691 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 692 [Prepend the address family to IP tunnel traffic]) 693 m4_pattern_allow([AU_IPv]) 694 AC_CHECK_DECL([AU_IPv4], [], 695 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 696 [#include <bsm/audit.h>] 697 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 698 [Define if pututxline updates lastlog too]) 699 ) 700 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 701 [Define to a Set Process Title type if your system is 702 supported by bsd-setproctitle.c]) 703 AC_CHECK_FUNCS([sandbox_init]) 704 AC_CHECK_HEADERS([sandbox.h]) 705 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 706 SSHDLIBS="$SSHDLIBS -lsandbox" 707 ]) 708 # proc_pidinfo()-based closefrom() replacement. 709 AC_CHECK_HEADERS([libproc.h]) 710 AC_CHECK_FUNCS([proc_pidinfo]) 711 ;; 712*-*-dragonfly*) 713 SSHDLIBS="$SSHDLIBS -lcrypt" 714 TEST_MALLOC_OPTIONS="AFGJPRX" 715 ;; 716*-*-haiku*) 717 LIBS="$LIBS -lbsd " 718 CFLAGS="$CFLAGS -D_BSD_SOURCE" 719 AC_CHECK_LIB([network], [socket]) 720 AC_DEFINE([HAVE_U_INT64_T]) 721 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 722 MANTYPE=man 723 ;; 724*-*-hpux*) 725 # first we define all of the options common to all HP-UX releases 726 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 727 IPADDR_IN_DISPLAY=yes 728 AC_DEFINE([USE_PIPES]) 729 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 730 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 731 [String used in /etc/passwd to denote locked account]) 732 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 733 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 734 maildir="/var/mail" 735 LIBS="$LIBS -lsec" 736 AC_CHECK_LIB([xnet], [t_error], , 737 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 738 739 # next, we define all of the options specific to major releases 740 case "$host" in 741 *-*-hpux10*) 742 if test -z "$GCC"; then 743 CFLAGS="$CFLAGS -Ae" 744 fi 745 ;; 746 *-*-hpux11*) 747 AC_DEFINE([PAM_SUN_CODEBASE], [1], 748 [Define if you are using Solaris-derived PAM which 749 passes pam_messages to the conversation function 750 with an extra level of indirection]) 751 AC_DEFINE([DISABLE_UTMP], [1], 752 [Define if you don't want to use utmp]) 753 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 754 check_for_hpux_broken_getaddrinfo=1 755 check_for_conflicting_getspnam=1 756 ;; 757 esac 758 759 # lastly, we define options specific to minor releases 760 case "$host" in 761 *-*-hpux10.26) 762 AC_DEFINE([HAVE_SECUREWARE], [1], 763 [Define if you have SecureWare-based 764 protected password database]) 765 disable_ptmx_check=yes 766 LIBS="$LIBS -lsecpw" 767 ;; 768 esac 769 ;; 770*-*-irix5*) 771 PATH="$PATH:/usr/etc" 772 AC_DEFINE([BROKEN_INET_NTOA], [1], 773 [Define if you system's inet_ntoa is busted 774 (e.g. Irix gcc issue)]) 775 AC_DEFINE([SETEUID_BREAKS_SETUID]) 776 AC_DEFINE([BROKEN_SETREUID]) 777 AC_DEFINE([BROKEN_SETREGID]) 778 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 779 [Define if you shouldn't strip 'tty' from your 780 ttyname in [uw]tmp]) 781 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 782 ;; 783*-*-irix6*) 784 PATH="$PATH:/usr/etc" 785 AC_DEFINE([WITH_IRIX_ARRAY], [1], 786 [Define if you have/want arrays 787 (cluster-wide session management, not C arrays)]) 788 AC_DEFINE([WITH_IRIX_PROJECT], [1], 789 [Define if you want IRIX project management]) 790 AC_DEFINE([WITH_IRIX_AUDIT], [1], 791 [Define if you want IRIX audit trails]) 792 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 793 [Define if you want IRIX kernel jobs])]) 794 AC_DEFINE([BROKEN_INET_NTOA]) 795 AC_DEFINE([SETEUID_BREAKS_SETUID]) 796 AC_DEFINE([BROKEN_SETREUID]) 797 AC_DEFINE([BROKEN_SETREGID]) 798 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 799 AC_DEFINE([WITH_ABBREV_NO_TTY]) 800 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 801 ;; 802*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 803 check_for_libcrypt_later=1 804 AC_DEFINE([PAM_TTY_KLUDGE]) 805 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 806 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 807 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 808 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 809 ;; 810*-*-linux*) 811 no_dev_ptmx=1 812 use_pie=auto 813 check_for_libcrypt_later=1 814 check_for_openpty_ctty_bug=1 815 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 816 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 817 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" 818 AC_DEFINE([PAM_TTY_KLUDGE], [1], 819 [Work around problematic Linux PAM modules handling of PAM_TTY]) 820 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 821 [String used in /etc/passwd to denote locked account]) 822 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 823 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 824 [Define to whatever link() returns for "not supported" 825 if it doesn't return EOPNOTSUPP.]) 826 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 827 AC_DEFINE([USE_BTMP]) 828 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 829 inet6_default_4in6=yes 830 case `uname -r` in 831 1.*|2.0.*) 832 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 833 [Define if cmsg_type is not passed correctly]) 834 ;; 835 esac 836 # tun(4) forwarding compat code 837 AC_CHECK_HEADERS([linux/if_tun.h]) 838 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 839 AC_DEFINE([SSH_TUN_LINUX], [1], 840 [Open tunnel devices the Linux tun/tap way]) 841 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 842 [Use tunnel device compatibility to OpenBSD]) 843 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 844 [Prepend the address family to IP tunnel traffic]) 845 fi 846 AC_CHECK_HEADER([linux/if.h], 847 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 848 [Support routing domains using Linux VRF]), [], [ 849#ifdef HAVE_SYS_TYPES_H 850# include <sys/types.h> 851#endif 852 ]) 853 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 854 [], [#include <linux/types.h>]) 855 # Obtain MIPS ABI 856 case "$host" in 857 mips*) 858 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 859#if _MIPS_SIM != _ABIO32 860#error 861#endif 862 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 863#if _MIPS_SIM != _ABIN32 864#error 865#endif 866 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 867#if _MIPS_SIM != _ABI64 868#error 869#endif 870 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 871 ]) 872 ]) 873 ]) 874 ;; 875 esac 876 AC_MSG_CHECKING([for seccomp architecture]) 877 seccomp_audit_arch= 878 case "$host" in 879 x86_64-*) 880 seccomp_audit_arch=AUDIT_ARCH_X86_64 881 # X32: AMD64 instructions in 32bit address space. 882 if test "x$ac_cv_sizeof_size_t" = "x4" ; then 883 seccomp_audit_arch=AUDIT_ARCH_I386 884 fi 885 ;; 886 i*86-*) 887 seccomp_audit_arch=AUDIT_ARCH_I386 888 ;; 889 arm*-*) 890 seccomp_audit_arch=AUDIT_ARCH_ARM 891 ;; 892 aarch64*-*) 893 seccomp_audit_arch=AUDIT_ARCH_AARCH64 894 ;; 895 s390x-*) 896 seccomp_audit_arch=AUDIT_ARCH_S390X 897 ;; 898 s390-*) 899 seccomp_audit_arch=AUDIT_ARCH_S390 900 ;; 901 powerpc64-*) 902 seccomp_audit_arch=AUDIT_ARCH_PPC64 903 ;; 904 powerpc64le-*) 905 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 906 ;; 907 mips-*) 908 seccomp_audit_arch=AUDIT_ARCH_MIPS 909 ;; 910 mipsel-*) 911 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 912 ;; 913 mips64-*) 914 case "$mips_abi" in 915 "n32") 916 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 917 ;; 918 "n64") 919 seccomp_audit_arch=AUDIT_ARCH_MIPS64 920 ;; 921 esac 922 ;; 923 mips64el-*) 924 case "$mips_abi" in 925 "n32") 926 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 927 ;; 928 "n64") 929 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 930 ;; 931 esac 932 ;; 933 riscv64-*) 934 seccomp_audit_arch=AUDIT_ARCH_RISCV64 935 ;; 936 esac 937 if test "x$seccomp_audit_arch" != "x" ; then 938 AC_MSG_RESULT(["$seccomp_audit_arch"]) 939 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 940 [Specify the system call convention in use]) 941 else 942 AC_MSG_RESULT([architecture not supported]) 943 fi 944 ;; 945mips-sony-bsd|mips-sony-newsos4) 946 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 947 SONY=1 948 ;; 949*-*-netbsd*) 950 check_for_libcrypt_before=1 951 if test "x$withval" != "xno" ; then 952 rpath_opt="-R" 953 fi 954 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 955 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 956 AC_CHECK_HEADER([net/if_tap.h], , 957 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 958 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 959 [Prepend the address family to IP tunnel traffic]) 960 TEST_MALLOC_OPTIONS="AJRX" 961 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 962 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 963 ;; 964*-*-freebsd*) 965 check_for_libcrypt_later=1 966 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 967 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 968 AC_CHECK_HEADER([net/if_tap.h], , 969 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 970 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 971 TEST_MALLOC_OPTIONS="AJRX" 972 # Preauth crypto occasionally uses file descriptors for crypto offload 973 # and will crash if they cannot be opened. 974 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 975 [define if setrlimit RLIMIT_NOFILE breaks things]) 976 ;; 977*-*-bsdi*) 978 AC_DEFINE([SETEUID_BREAKS_SETUID]) 979 AC_DEFINE([BROKEN_SETREUID]) 980 AC_DEFINE([BROKEN_SETREGID]) 981 ;; 982*-next-*) 983 conf_lastlog_location="/usr/adm/lastlog" 984 conf_utmp_location=/etc/utmp 985 conf_wtmp_location=/usr/adm/wtmp 986 maildir=/usr/spool/mail 987 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 988 AC_DEFINE([USE_PIPES]) 989 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 990 ;; 991*-*-openbsd*) 992 use_pie=auto 993 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 994 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 995 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 996 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 997 [syslog_r function is safe to use in in a signal handler]) 998 TEST_MALLOC_OPTIONS="AFGJPRX" 999 ;; 1000*-*-solaris*) 1001 if test "x$withval" != "xno" ; then 1002 rpath_opt="-R" 1003 fi 1004 AC_DEFINE([PAM_SUN_CODEBASE]) 1005 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 1006 AC_DEFINE([PAM_TTY_KLUDGE]) 1007 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 1008 [Define if pam_chauthtok wants real uid set 1009 to the unpriv'ed user]) 1010 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1011 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 1012 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 1013 [Define if sshd somehow reacquires a controlling TTY 1014 after setsid()]) 1015 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1016 in case the name is longer than 8 chars]) 1017 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1018 external_path_file=/etc/default/login 1019 # hardwire lastlog location (can't detect it on some versions) 1020 conf_lastlog_location="/var/adm/lastlog" 1021 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1022 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1023 if test "$sol2ver" -ge 8; then 1024 AC_MSG_RESULT([yes]) 1025 AC_DEFINE([DISABLE_UTMP]) 1026 AC_DEFINE([DISABLE_WTMP], [1], 1027 [Define if you don't want to use wtmp]) 1028 else 1029 AC_MSG_RESULT([no]) 1030 fi 1031 AC_CHECK_FUNCS([setpflags]) 1032 AC_CHECK_FUNCS([setppriv]) 1033 AC_CHECK_FUNCS([priv_basicset]) 1034 AC_CHECK_HEADERS([priv.h]) 1035 AC_ARG_WITH([solaris-contracts], 1036 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1037 [ 1038 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1039 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1040 [Define if you have Solaris process contracts]) 1041 LIBS="$LIBS -lcontract" 1042 SPC_MSG="yes" ], ) 1043 ], 1044 ) 1045 AC_ARG_WITH([solaris-projects], 1046 [ --with-solaris-projects Enable Solaris projects (experimental)], 1047 [ 1048 AC_CHECK_LIB([project], [setproject], 1049 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1050 [Define if you have Solaris projects]) 1051 LIBS="$LIBS -lproject" 1052 SP_MSG="yes" ], ) 1053 ], 1054 ) 1055 AC_ARG_WITH([solaris-privs], 1056 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1057 [ 1058 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1059 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1060 "x$ac_cv_header_priv_h" = "xyes" ; then 1061 SOLARIS_PRIVS=yes 1062 AC_MSG_RESULT([found]) 1063 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1064 [Define to disable UID restoration test]) 1065 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1066 [Define if you have Solaris privileges]) 1067 SPP_MSG="yes" 1068 else 1069 AC_MSG_RESULT([not found]) 1070 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1071 fi 1072 ], 1073 ) 1074 TEST_SHELL=$SHELL # let configure find us a capable shell 1075 ;; 1076*-*-sunos4*) 1077 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1078 AC_CHECK_FUNCS([getpwanam]) 1079 AC_DEFINE([PAM_SUN_CODEBASE]) 1080 conf_utmp_location=/etc/utmp 1081 conf_wtmp_location=/var/adm/wtmp 1082 conf_lastlog_location=/var/adm/lastlog 1083 AC_DEFINE([USE_PIPES]) 1084 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1085 ;; 1086*-ncr-sysv*) 1087 LIBS="$LIBS -lc89" 1088 AC_DEFINE([USE_PIPES]) 1089 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1090 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1091 AC_DEFINE([BROKEN_SETREUID]) 1092 AC_DEFINE([BROKEN_SETREGID]) 1093 ;; 1094*-sni-sysv*) 1095 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1096 AC_CHECK_LIB([dl], [dlsym], ,) 1097 # -lresolv needs to be at the end of LIBS or DNS lookups break 1098 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1099 IPADDR_IN_DISPLAY=yes 1100 AC_DEFINE([USE_PIPES]) 1101 AC_DEFINE([IP_TOS_IS_BROKEN]) 1102 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1103 AC_DEFINE([BROKEN_SETREUID]) 1104 AC_DEFINE([BROKEN_SETREGID]) 1105 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1106 external_path_file=/etc/default/login 1107 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1108 # Attention: always take care to bind libsocket and libnsl before libc, 1109 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1110 ;; 1111# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1112*-*-sysv4.2*) 1113 AC_DEFINE([USE_PIPES]) 1114 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1115 AC_DEFINE([BROKEN_SETREUID]) 1116 AC_DEFINE([BROKEN_SETREGID]) 1117 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1118 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1119 TEST_SHELL=$SHELL # let configure find us a capable shell 1120 ;; 1121# UnixWare 7.x, OpenUNIX 8 1122*-*-sysv5*) 1123 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1124 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1125 AC_DEFINE([USE_PIPES]) 1126 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1127 AC_DEFINE([BROKEN_GETADDRINFO]) 1128 AC_DEFINE([BROKEN_SETREUID]) 1129 AC_DEFINE([BROKEN_SETREGID]) 1130 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1131 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1132 TEST_SHELL=$SHELL # let configure find us a capable shell 1133 check_for_libcrypt_later=1 1134 case "$host" in 1135 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1136 maildir=/var/spool/mail 1137 AC_DEFINE([BROKEN_UPDWTMPX]) 1138 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1139 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1140 ], , ) 1141 ;; 1142 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1143 ;; 1144 esac 1145 ;; 1146*-*-sysv*) 1147 ;; 1148# SCO UNIX and OEM versions of SCO UNIX 1149*-*-sco3.2v4*) 1150 AC_MSG_ERROR("This Platform is no longer supported.") 1151 ;; 1152# SCO OpenServer 5.x 1153*-*-sco3.2v5*) 1154 if test -z "$GCC"; then 1155 CFLAGS="$CFLAGS -belf" 1156 fi 1157 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1158 no_dev_ptmx=1 1159 AC_DEFINE([USE_PIPES]) 1160 AC_DEFINE([HAVE_SECUREWARE]) 1161 AC_DEFINE([DISABLE_SHADOW]) 1162 AC_DEFINE([DISABLE_FD_PASSING]) 1163 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1164 AC_DEFINE([BROKEN_GETADDRINFO]) 1165 AC_DEFINE([BROKEN_SETREUID]) 1166 AC_DEFINE([BROKEN_SETREGID]) 1167 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1168 AC_DEFINE([BROKEN_UPDWTMPX]) 1169 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1170 AC_CHECK_FUNCS([getluid setluid]) 1171 MANTYPE=man 1172 TEST_SHELL=$SHELL # let configure find us a capable shell 1173 SKIP_DISABLE_LASTLOG_DEFINE=yes 1174 ;; 1175*-dec-osf*) 1176 AC_MSG_CHECKING([for Digital Unix SIA]) 1177 no_osfsia="" 1178 AC_ARG_WITH([osfsia], 1179 [ --with-osfsia Enable Digital Unix SIA], 1180 [ 1181 if test "x$withval" = "xno" ; then 1182 AC_MSG_RESULT([disabled]) 1183 no_osfsia=1 1184 fi 1185 ], 1186 ) 1187 if test -z "$no_osfsia" ; then 1188 if test -f /etc/sia/matrix.conf; then 1189 AC_MSG_RESULT([yes]) 1190 AC_DEFINE([HAVE_OSF_SIA], [1], 1191 [Define if you have Digital Unix Security 1192 Integration Architecture]) 1193 AC_DEFINE([DISABLE_LOGIN], [1], 1194 [Define if you don't want to use your 1195 system's login() call]) 1196 AC_DEFINE([DISABLE_FD_PASSING]) 1197 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1198 SIA_MSG="yes" 1199 else 1200 AC_MSG_RESULT([no]) 1201 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1202 [String used in /etc/passwd to denote locked account]) 1203 fi 1204 fi 1205 AC_DEFINE([BROKEN_GETADDRINFO]) 1206 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1207 AC_DEFINE([BROKEN_SETREUID]) 1208 AC_DEFINE([BROKEN_SETREGID]) 1209 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1210 ;; 1211 1212*-*-nto-qnx*) 1213 AC_DEFINE([USE_PIPES]) 1214 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1215 AC_DEFINE([DISABLE_LASTLOG]) 1216 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1217 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1218 enable_etc_default_login=no # has incompatible /etc/default/login 1219 case "$host" in 1220 *-*-nto-qnx6*) 1221 AC_DEFINE([DISABLE_FD_PASSING]) 1222 ;; 1223 esac 1224 ;; 1225 1226*-*-ultrix*) 1227 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1228 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1229 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1230 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1231 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1232 # don't get a controlling tty. 1233 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1234 # On Ultrix some headers are not protected against multiple includes, 1235 # so we create wrappers and put it where the compiler will find it. 1236 AC_MSG_WARN([creating compat wrappers for headers]) 1237 mkdir -p netinet 1238 for header in netinet/ip.h netdb.h resolv.h; do 1239 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1240 cat >$header <<EOD 1241#ifndef _SSH_COMPAT_${name} 1242#define _SSH_COMPAT_${name} 1243#include "/usr/include/${header}" 1244#endif 1245EOD 1246 done 1247 ;; 1248 1249*-*-lynxos) 1250 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1251 AC_DEFINE([BROKEN_SETVBUF], [1], 1252 [LynxOS has broken setvbuf() implementation]) 1253 ;; 1254esac 1255 1256AC_MSG_CHECKING([compiler and flags for sanity]) 1257AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])], 1258 [ AC_MSG_RESULT([yes]) ], 1259 [ 1260 AC_MSG_RESULT([no]) 1261 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1262 ], 1263 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1264) 1265 1266dnl Checks for header files. 1267# Checks for libraries. 1268AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1269 1270dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1271AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1272 AC_CHECK_LIB([gen], [dirname], [ 1273 AC_CACHE_CHECK([for broken dirname], 1274 ac_cv_have_broken_dirname, [ 1275 save_LIBS="$LIBS" 1276 LIBS="$LIBS -lgen" 1277 AC_RUN_IFELSE( 1278 [AC_LANG_SOURCE([[ 1279#include <libgen.h> 1280#include <string.h> 1281#include <stdlib.h> 1282 1283int main(int argc, char **argv) { 1284 char *s, buf[32]; 1285 1286 strncpy(buf,"/etc", 32); 1287 s = dirname(buf); 1288 if (!s || strncmp(s, "/", 32) != 0) { 1289 exit(1); 1290 } else { 1291 exit(0); 1292 } 1293} 1294 ]])], 1295 [ ac_cv_have_broken_dirname="no" ], 1296 [ ac_cv_have_broken_dirname="yes" ], 1297 [ ac_cv_have_broken_dirname="no" ], 1298 ) 1299 LIBS="$save_LIBS" 1300 ]) 1301 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1302 LIBS="$LIBS -lgen" 1303 AC_DEFINE([HAVE_DIRNAME]) 1304 AC_CHECK_HEADERS([libgen.h]) 1305 fi 1306 ]) 1307]) 1308 1309AC_CHECK_FUNC([getspnam], , 1310 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1311AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1312 [Define if you have the basename function.])]) 1313 1314dnl zlib defaults to enabled 1315zlib=yes 1316AC_ARG_WITH([zlib], 1317 [ --with-zlib=PATH Use zlib in PATH], 1318 [ if test "x$withval" = "xno" ; then 1319 zlib=no 1320 elif test "x$withval" != "xyes"; then 1321 if test -d "$withval/lib"; then 1322 if test -n "${rpath_opt}"; then 1323 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1324 else 1325 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1326 fi 1327 else 1328 if test -n "${rpath_opt}"; then 1329 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1330 else 1331 LDFLAGS="-L${withval} ${LDFLAGS}" 1332 fi 1333 fi 1334 if test -d "$withval/include"; then 1335 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1336 else 1337 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1338 fi 1339 fi ] 1340) 1341 1342AC_MSG_CHECKING([for zlib]) 1343if test "x${zlib}" = "xno"; then 1344 AC_MSG_RESULT([no]) 1345else 1346 AC_MSG_RESULT([yes]) 1347 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1348 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1349 AC_CHECK_LIB([z], [deflate], , 1350 [ 1351 saved_CPPFLAGS="$CPPFLAGS" 1352 saved_LDFLAGS="$LDFLAGS" 1353 save_LIBS="$LIBS" 1354 dnl Check default zlib install dir 1355 if test -n "${rpath_opt}"; then 1356 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1357 else 1358 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1359 fi 1360 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1361 LIBS="$LIBS -lz" 1362 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1363 [ 1364 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1365 ] 1366 ) 1367 ] 1368 ) 1369 1370 AC_ARG_WITH([zlib-version-check], 1371 [ --without-zlib-version-check Disable zlib version check], 1372 [ if test "x$withval" = "xno" ; then 1373 zlib_check_nonfatal=1 1374 fi 1375 ] 1376 ) 1377 1378 AC_MSG_CHECKING([for possibly buggy zlib]) 1379 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1380#include <stdio.h> 1381#include <stdlib.h> 1382#include <zlib.h> 1383 ]], 1384 [[ 1385 int a=0, b=0, c=0, d=0, n, v; 1386 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1387 if (n != 3 && n != 4) 1388 exit(1); 1389 v = a*1000000 + b*10000 + c*100 + d; 1390 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1391 1392 /* 1.1.4 is OK */ 1393 if (a == 1 && b == 1 && c >= 4) 1394 exit(0); 1395 1396 /* 1.2.3 and up are OK */ 1397 if (v >= 1020300) 1398 exit(0); 1399 1400 exit(2); 1401 ]])], 1402 AC_MSG_RESULT([no]), 1403 [ AC_MSG_RESULT([yes]) 1404 if test -z "$zlib_check_nonfatal" ; then 1405 AC_MSG_ERROR([*** zlib too old - check config.log *** 1406Your reported zlib version has known security problems. It's possible your 1407vendor has fixed these problems without changing the version number. If you 1408are sure this is the case, you can disable the check by running 1409"./configure --without-zlib-version-check". 1410If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1411See http://www.gzip.org/zlib/ for details.]) 1412 else 1413 AC_MSG_WARN([zlib version may have security problems]) 1414 fi 1415 ], 1416 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1417 ) 1418fi 1419 1420dnl UnixWare 2.x 1421AC_CHECK_FUNC([strcasecmp], 1422 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1423) 1424AC_CHECK_FUNCS([utimes], 1425 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1426 LIBS="$LIBS -lc89"]) ] 1427) 1428 1429dnl Checks for libutil functions 1430AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1431AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1432AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1433AC_SEARCH_LIBS([login], [util bsd]) 1434AC_SEARCH_LIBS([logout], [util bsd]) 1435AC_SEARCH_LIBS([logwtmp], [util bsd]) 1436AC_SEARCH_LIBS([openpty], [util bsd]) 1437AC_SEARCH_LIBS([updwtmp], [util bsd]) 1438AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1439 1440# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1441# or libnsl. 1442AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1443AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1444 1445# "Particular Function Checks" 1446# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1447AC_FUNC_STRFTIME 1448AC_FUNC_MALLOC 1449AC_FUNC_REALLOC 1450# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1451AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1452AC_RUN_IFELSE( 1453 [AC_LANG_PROGRAM( 1454 [[ #include <stdlib.h> ]], 1455 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1456 )], 1457 [ func_calloc_0_nonnull=yes ], 1458 [ func_calloc_0_nonnull=no ], 1459 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1460 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1461) 1462AC_MSG_RESULT([$func_calloc_0_nonnull]) 1463 1464if test "x$func_calloc_0_nonnull" = "xyes"; then 1465 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1466else 1467 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1468 AC_DEFINE(calloc, rpl_calloc, 1469 [Define to rpl_calloc if the replacement function should be used.]) 1470fi 1471 1472# Check for ALTDIRFUNC glob() extension 1473AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1474AC_EGREP_CPP([FOUNDIT], 1475 [ 1476 #include <glob.h> 1477 #ifdef GLOB_ALTDIRFUNC 1478 FOUNDIT 1479 #endif 1480 ], 1481 [ 1482 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1483 [Define if your system glob() function has 1484 the GLOB_ALTDIRFUNC extension]) 1485 AC_MSG_RESULT([yes]) 1486 ], 1487 [ 1488 AC_MSG_RESULT([no]) 1489 ] 1490) 1491 1492# Check for g.gl_matchc glob() extension 1493AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1494AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1495 [[ glob_t g; g.gl_matchc = 1; ]])], 1496 [ 1497 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1498 [Define if your system glob() function has 1499 gl_matchc options in glob_t]) 1500 AC_MSG_RESULT([yes]) 1501 ], [ 1502 AC_MSG_RESULT([no]) 1503]) 1504 1505# Check for g.gl_statv glob() extension 1506AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1507AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1508#ifndef GLOB_KEEPSTAT 1509#error "glob does not support GLOB_KEEPSTAT extension" 1510#endif 1511glob_t g; 1512g.gl_statv = NULL; 1513]])], 1514 [ 1515 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1516 [Define if your system glob() function has 1517 gl_statv options in glob_t]) 1518 AC_MSG_RESULT([yes]) 1519 ], [ 1520 AC_MSG_RESULT([no]) 1521 1522]) 1523 1524AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1525 1526AC_CHECK_DECL([VIS_ALL], , 1527 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1528 1529AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1530AC_RUN_IFELSE( 1531 [AC_LANG_PROGRAM([[ 1532#include <sys/types.h> 1533#include <dirent.h> 1534#include <stdlib.h> 1535 ]], 1536 [[ 1537 struct dirent d; 1538 exit(sizeof(d.d_name)<=sizeof(char)); 1539 ]])], 1540 [AC_MSG_RESULT([yes])], 1541 [ 1542 AC_MSG_RESULT([no]) 1543 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1544 [Define if your struct dirent expects you to 1545 allocate extra space for d_name]) 1546 ], 1547 [ 1548 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1549 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1550 ] 1551) 1552 1553AC_MSG_CHECKING([for /proc/pid/fd directory]) 1554if test -d "/proc/$$/fd" ; then 1555 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1556 AC_MSG_RESULT([yes]) 1557else 1558 AC_MSG_RESULT([no]) 1559fi 1560 1561# Check whether user wants to use ldns 1562LDNS_MSG="no" 1563AC_ARG_WITH(ldns, 1564 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1565 [ 1566 ldns="" 1567 if test "x$withval" = "xyes" ; then 1568 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1569 if test "x$LDNSCONFIG" = "xno"; then 1570 LIBS="-lldns $LIBS" 1571 ldns=yes 1572 else 1573 LIBS="$LIBS `$LDNSCONFIG --libs`" 1574 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1575 ldns=yes 1576 fi 1577 elif test "x$withval" != "xno" ; then 1578 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1579 LDFLAGS="$LDFLAGS -L${withval}/lib" 1580 LIBS="-lldns $LIBS" 1581 ldns=yes 1582 fi 1583 1584 # Verify that it works. 1585 if test "x$ldns" = "xyes" ; then 1586 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1587 LDNS_MSG="yes" 1588 AC_MSG_CHECKING([for ldns support]) 1589 AC_LINK_IFELSE( 1590 [AC_LANG_SOURCE([[ 1591#include <stdio.h> 1592#include <stdlib.h> 1593#ifdef HAVE_STDINT_H 1594# include <stdint.h> 1595#endif 1596#include <ldns/ldns.h> 1597int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1598 ]]) 1599 ], 1600 [AC_MSG_RESULT(yes)], 1601 [ 1602 AC_MSG_RESULT(no) 1603 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1604 ]) 1605 fi 1606]) 1607 1608# Check whether user wants libedit support 1609LIBEDIT_MSG="no" 1610AC_ARG_WITH([libedit], 1611 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1612 [ if test "x$withval" != "xno" ; then 1613 if test "x$withval" = "xyes" ; then 1614 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1615 if test "x$PKGCONFIG" != "xno"; then 1616 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1617 if "$PKGCONFIG" libedit; then 1618 AC_MSG_RESULT([yes]) 1619 use_pkgconfig_for_libedit=yes 1620 else 1621 AC_MSG_RESULT([no]) 1622 fi 1623 fi 1624 else 1625 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1626 if test -n "${rpath_opt}"; then 1627 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1628 else 1629 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1630 fi 1631 fi 1632 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1633 LIBEDIT=`$PKGCONFIG --libs libedit` 1634 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1635 else 1636 LIBEDIT="-ledit -lcurses" 1637 fi 1638 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1639 AC_CHECK_LIB([edit], [el_init], 1640 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1641 LIBEDIT_MSG="yes" 1642 AC_SUBST([LIBEDIT]) 1643 ], 1644 [ AC_MSG_ERROR([libedit not found]) ], 1645 [ $OTHERLIBS ] 1646 ) 1647 AC_MSG_CHECKING([if libedit version is compatible]) 1648 AC_COMPILE_IFELSE( 1649 [AC_LANG_PROGRAM([[ 1650#include <histedit.h> 1651#include <stdlib.h> 1652 ]], 1653 [[ 1654 int i = H_SETSIZE; 1655 el_init("", NULL, NULL, NULL); 1656 exit(0); 1657 ]])], 1658 [ AC_MSG_RESULT([yes]) ], 1659 [ AC_MSG_RESULT([no]) 1660 AC_MSG_ERROR([libedit version is not compatible]) ] 1661 ) 1662 fi ] 1663) 1664 1665AUDIT_MODULE=none 1666AC_ARG_WITH([audit], 1667 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1668 [ 1669 AC_MSG_CHECKING([for supported audit module]) 1670 case "$withval" in 1671 bsm) 1672 AC_MSG_RESULT([bsm]) 1673 AUDIT_MODULE=bsm 1674 dnl Checks for headers, libs and functions 1675 AC_CHECK_HEADERS([bsm/audit.h], [], 1676 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1677 [ 1678#ifdef HAVE_TIME_H 1679# include <time.h> 1680#endif 1681 ] 1682) 1683 AC_CHECK_LIB([bsm], [getaudit], [], 1684 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1685 AC_CHECK_FUNCS([getaudit], [], 1686 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1687 # These are optional 1688 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1689 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1690 if test "$sol2ver" -ge 11; then 1691 SSHDLIBS="$SSHDLIBS -lscf" 1692 AC_DEFINE([BROKEN_BSM_API], [1], 1693 [The system has incomplete BSM API]) 1694 fi 1695 ;; 1696 linux) 1697 AC_MSG_RESULT([linux]) 1698 AUDIT_MODULE=linux 1699 dnl Checks for headers, libs and functions 1700 AC_CHECK_HEADERS([libaudit.h]) 1701 SSHDLIBS="$SSHDLIBS -laudit" 1702 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1703 ;; 1704 debug) 1705 AUDIT_MODULE=debug 1706 AC_MSG_RESULT([debug]) 1707 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1708 ;; 1709 no) 1710 AC_MSG_RESULT([no]) 1711 ;; 1712 *) 1713 AC_MSG_ERROR([Unknown audit module $withval]) 1714 ;; 1715 esac ] 1716) 1717 1718AC_ARG_WITH([pie], 1719 [ --with-pie Build Position Independent Executables if possible], [ 1720 if test "x$withval" = "xno"; then 1721 use_pie=no 1722 fi 1723 if test "x$withval" = "xyes"; then 1724 use_pie=yes 1725 fi 1726 ] 1727) 1728if test "x$use_pie" = "x"; then 1729 use_pie=no 1730fi 1731if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1732 # Turn off automatic PIE when toolchain hardening is off. 1733 use_pie=no 1734fi 1735if test "x$use_pie" = "xauto"; then 1736 # Automatic PIE requires gcc >= 4.x 1737 AC_MSG_CHECKING([for gcc >= 4.x]) 1738 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1739#if !defined(__GNUC__) || __GNUC__ < 4 1740#error gcc is too old 1741#endif 1742]])], 1743 [ AC_MSG_RESULT([yes]) ], 1744 [ AC_MSG_RESULT([no]) 1745 use_pie=no ] 1746) 1747fi 1748if test "x$use_pie" != "xno"; then 1749 SAVED_CFLAGS="$CFLAGS" 1750 SAVED_LDFLAGS="$LDFLAGS" 1751 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1752 OSSH_CHECK_LDFLAG_LINK([-pie]) 1753 # We use both -fPIE and -pie or neither. 1754 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1755 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1756 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1757 AC_MSG_RESULT([yes]) 1758 else 1759 AC_MSG_RESULT([no]) 1760 CFLAGS="$SAVED_CFLAGS" 1761 LDFLAGS="$SAVED_LDFLAGS" 1762 fi 1763fi 1764 1765AC_MSG_CHECKING([whether -fPIC is accepted]) 1766SAVED_CFLAGS="$CFLAGS" 1767CFLAGS="$CFLAGS -fPIC" 1768AC_COMPILE_IFELSE( 1769 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1770 [AC_MSG_RESULT([yes]) 1771 PICFLAG="-fPIC"; ], 1772 [AC_MSG_RESULT([no]) 1773 PICFLAG=""; ]) 1774CFLAGS="$SAVED_CFLAGS" 1775AC_SUBST([PICFLAG]) 1776 1777dnl Checks for library functions. Please keep in alphabetical order 1778AC_CHECK_FUNCS([ \ 1779 Blowfish_initstate \ 1780 Blowfish_expandstate \ 1781 Blowfish_expand0state \ 1782 Blowfish_stream2word \ 1783 SHA256Update \ 1784 SHA384Update \ 1785 SHA512Update \ 1786 asprintf \ 1787 b64_ntop \ 1788 __b64_ntop \ 1789 b64_pton \ 1790 __b64_pton \ 1791 bcopy \ 1792 bcrypt_pbkdf \ 1793 bindresvport_sa \ 1794 blf_enc \ 1795 bzero \ 1796 cap_rights_limit \ 1797 clock \ 1798 closefrom \ 1799 dirfd \ 1800 endgrent \ 1801 err \ 1802 errx \ 1803 explicit_bzero \ 1804 fchmod \ 1805 fchmodat \ 1806 fchown \ 1807 fchownat \ 1808 flock \ 1809 fnmatch \ 1810 freeaddrinfo \ 1811 freezero \ 1812 fstatfs \ 1813 fstatvfs \ 1814 futimes \ 1815 getaddrinfo \ 1816 getcwd \ 1817 getgrouplist \ 1818 getline \ 1819 getnameinfo \ 1820 getopt \ 1821 getpagesize \ 1822 getpeereid \ 1823 getpeerucred \ 1824 getpgid \ 1825 _getpty \ 1826 getrlimit \ 1827 getrandom \ 1828 getsid \ 1829 getttyent \ 1830 glob \ 1831 group_from_gid \ 1832 inet_aton \ 1833 inet_ntoa \ 1834 inet_ntop \ 1835 innetgr \ 1836 llabs \ 1837 localtime_r \ 1838 login_getcapbool \ 1839 md5_crypt \ 1840 memmem \ 1841 memmove \ 1842 memset_s \ 1843 mkdtemp \ 1844 ngetaddrinfo \ 1845 nsleep \ 1846 ogetaddrinfo \ 1847 openlog_r \ 1848 pledge \ 1849 poll \ 1850 prctl \ 1851 pstat \ 1852 raise \ 1853 readpassphrase \ 1854 reallocarray \ 1855 realpath \ 1856 recvmsg \ 1857 recallocarray \ 1858 rresvport_af \ 1859 sendmsg \ 1860 setdtablesize \ 1861 setegid \ 1862 setenv \ 1863 seteuid \ 1864 setgroupent \ 1865 setgroups \ 1866 setlinebuf \ 1867 setlogin \ 1868 setpassent\ 1869 setpcred \ 1870 setproctitle \ 1871 setregid \ 1872 setreuid \ 1873 setrlimit \ 1874 setsid \ 1875 setvbuf \ 1876 sigaction \ 1877 sigvec \ 1878 snprintf \ 1879 socketpair \ 1880 statfs \ 1881 statvfs \ 1882 strcasestr \ 1883 strdup \ 1884 strerror \ 1885 strlcat \ 1886 strlcpy \ 1887 strmode \ 1888 strndup \ 1889 strnlen \ 1890 strnvis \ 1891 strptime \ 1892 strsignal \ 1893 strtonum \ 1894 strtoll \ 1895 strtoul \ 1896 strtoull \ 1897 swap32 \ 1898 sysconf \ 1899 tcgetpgrp \ 1900 timingsafe_bcmp \ 1901 truncate \ 1902 unsetenv \ 1903 updwtmpx \ 1904 utimensat \ 1905 user_from_uid \ 1906 usleep \ 1907 vasprintf \ 1908 vsnprintf \ 1909 waitpid \ 1910 warn \ 1911]) 1912 1913AC_CHECK_DECLS([bzero, memmem]) 1914 1915dnl Wide character support. 1916AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1917 1918TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 1919AC_MSG_CHECKING([for utf8 locale support]) 1920AC_RUN_IFELSE( 1921 [AC_LANG_PROGRAM([[ 1922#include <locale.h> 1923#include <stdlib.h> 1924 ]], [[ 1925 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 1926 if (loc != NULL) 1927 exit(0); 1928 exit(1); 1929 ]])], 1930 AC_MSG_RESULT(yes), 1931 [AC_MSG_RESULT(no) 1932 TEST_SSH_UTF8=no], 1933 AC_MSG_WARN([cross compiling: assuming yes]) 1934) 1935 1936AC_LINK_IFELSE( 1937 [AC_LANG_PROGRAM( 1938 [[ #include <ctype.h> ]], 1939 [[ return (isblank('a')); ]])], 1940 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1941]) 1942 1943disable_pkcs11= 1944AC_ARG_ENABLE([pkcs11], 1945 [ --disable-pkcs11 disable PKCS#11 support code [no]], 1946 [ 1947 if test "x$enableval" = "xno" ; then 1948 disable_pkcs11=1 1949 fi 1950 ] 1951) 1952 1953disable_sk= 1954AC_ARG_ENABLE([security-key], 1955 [ --disable-security-key disable U2F/FIDO support code [no]], 1956 [ 1957 if test "x$enableval" = "xno" ; then 1958 disable_sk=1 1959 fi 1960 ] 1961) 1962enable_sk_internal= 1963AC_ARG_WITH([security-key-builtin], 1964 [ --with-security-key-builtin include builtin U2F/FIDO support], 1965 [ 1966 if test "x$withval" != "xno" ; then 1967 enable_sk_internal=yes 1968 fi 1969 ] 1970) 1971test "x$disable_sk" != "x" && enable_sk_internal="" 1972 1973AC_SEARCH_LIBS([dlopen], [dl]) 1974AC_CHECK_FUNCS([dlopen]) 1975AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 1976 1977# IRIX has a const char return value for gai_strerror() 1978AC_CHECK_FUNCS([gai_strerror], [ 1979 AC_DEFINE([HAVE_GAI_STRERROR]) 1980 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1981#include <sys/types.h> 1982#include <sys/socket.h> 1983#include <netdb.h> 1984 1985const char *gai_strerror(int); 1986 ]], [[ 1987 char *str; 1988 str = gai_strerror(0); 1989 ]])], [ 1990 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1991 [Define if gai_strerror() returns const char *])], [])]) 1992 1993AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1994 [Some systems put nanosleep outside of libc])]) 1995 1996AC_SEARCH_LIBS([clock_gettime], [rt], 1997 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1998 1999dnl check if we need -D_REENTRANT for localtime_r declaration. 2000AC_CHECK_DECL([localtime_r], [], 2001 [ saved_CPPFLAGS="$CFLAGS" 2002 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 2003 unset ac_cv_have_decl_localtime_r 2004 AC_CHECK_DECL([localtime_r], [], 2005 [ CPPFLAGS="$saved_CPPFLAGS" ], 2006 [ #include <time.h> ] 2007 ) 2008 ], 2009 [ #include <time.h> ] 2010) 2011 2012dnl Make sure prototypes are defined for these before using them. 2013AC_CHECK_DECL([strsep], 2014 [AC_CHECK_FUNCS([strsep])], 2015 [], 2016 [ 2017#ifdef HAVE_STRING_H 2018# include <string.h> 2019#endif 2020 ]) 2021 2022dnl tcsendbreak might be a macro 2023AC_CHECK_DECL([tcsendbreak], 2024 [AC_DEFINE([HAVE_TCSENDBREAK])], 2025 [AC_CHECK_FUNCS([tcsendbreak])], 2026 [#include <termios.h>] 2027) 2028 2029AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2030 2031AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2032 [ 2033#include <sys/types.h> 2034#include <sys/socket.h> 2035#include <unistd.h> 2036 ]) 2037 2038AC_CHECK_DECLS([O_NONBLOCK], , , 2039 [ 2040#include <sys/types.h> 2041#ifdef HAVE_SYS_STAT_H 2042# include <sys/stat.h> 2043#endif 2044#ifdef HAVE_FCNTL_H 2045# include <fcntl.h> 2046#endif 2047 ]) 2048 2049AC_CHECK_DECLS([readv, writev], , , [ 2050#include <sys/types.h> 2051#include <sys/uio.h> 2052#include <unistd.h> 2053 ]) 2054 2055AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2056#include <sys/param.h> 2057 ]) 2058 2059AC_CHECK_DECLS([offsetof], , , [ 2060#include <stddef.h> 2061 ]) 2062 2063# extra bits for select(2) 2064AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2065#include <sys/param.h> 2066#include <sys/types.h> 2067#ifdef HAVE_SYS_SYSMACROS_H 2068#include <sys/sysmacros.h> 2069#endif 2070#ifdef HAVE_SYS_SELECT_H 2071#include <sys/select.h> 2072#endif 2073#ifdef HAVE_SYS_TIME_H 2074#include <sys/time.h> 2075#endif 2076#ifdef HAVE_UNISTD_H 2077#include <unistd.h> 2078#endif 2079 ]]) 2080AC_CHECK_TYPES([fd_mask], [], [], [[ 2081#include <sys/param.h> 2082#include <sys/types.h> 2083#ifdef HAVE_SYS_SELECT_H 2084#include <sys/select.h> 2085#endif 2086#ifdef HAVE_SYS_TIME_H 2087#include <sys/time.h> 2088#endif 2089#ifdef HAVE_UNISTD_H 2090#include <unistd.h> 2091#endif 2092 ]]) 2093 2094AC_CHECK_FUNCS([setresuid], [ 2095 dnl Some platorms have setresuid that isn't implemented, test for this 2096 AC_MSG_CHECKING([if setresuid seems to work]) 2097 AC_RUN_IFELSE( 2098 [AC_LANG_PROGRAM([[ 2099#include <stdlib.h> 2100#include <errno.h> 2101 ]], [[ 2102 errno=0; 2103 setresuid(0,0,0); 2104 if (errno==ENOSYS) 2105 exit(1); 2106 else 2107 exit(0); 2108 ]])], 2109 [AC_MSG_RESULT([yes])], 2110 [AC_DEFINE([BROKEN_SETRESUID], [1], 2111 [Define if your setresuid() is broken]) 2112 AC_MSG_RESULT([not implemented])], 2113 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2114 ) 2115]) 2116 2117AC_CHECK_FUNCS([setresgid], [ 2118 dnl Some platorms have setresgid that isn't implemented, test for this 2119 AC_MSG_CHECKING([if setresgid seems to work]) 2120 AC_RUN_IFELSE( 2121 [AC_LANG_PROGRAM([[ 2122#include <stdlib.h> 2123#include <errno.h> 2124 ]], [[ 2125 errno=0; 2126 setresgid(0,0,0); 2127 if (errno==ENOSYS) 2128 exit(1); 2129 else 2130 exit(0); 2131 ]])], 2132 [AC_MSG_RESULT([yes])], 2133 [AC_DEFINE([BROKEN_SETRESGID], [1], 2134 [Define if your setresgid() is broken]) 2135 AC_MSG_RESULT([not implemented])], 2136 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2137 ) 2138]) 2139 2140AC_MSG_CHECKING([for working fflush(NULL)]) 2141AC_RUN_IFELSE( 2142 [AC_LANG_PROGRAM([[ 2143#include <stdio.h> 2144#include <stdlib.h> 2145 ]], 2146 [[fflush(NULL); exit(0);]])], 2147 AC_MSG_RESULT([yes]), 2148 [AC_MSG_RESULT([no]) 2149 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2150 [define if fflush(NULL) does not work])], 2151 AC_MSG_WARN([cross compiling: assuming working]) 2152) 2153 2154dnl Checks for time functions 2155AC_CHECK_FUNCS([gettimeofday time]) 2156dnl Checks for utmp functions 2157AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2158AC_CHECK_FUNCS([utmpname]) 2159dnl Checks for utmpx functions 2160AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2161AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2162dnl Checks for lastlog functions 2163AC_CHECK_FUNCS([getlastlogxbyname]) 2164 2165AC_CHECK_FUNC([daemon], 2166 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2167 [AC_CHECK_LIB([bsd], [daemon], 2168 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2169) 2170 2171AC_CHECK_FUNC([getpagesize], 2172 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2173 [Define if your libraries define getpagesize()])], 2174 [AC_CHECK_LIB([ucb], [getpagesize], 2175 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2176) 2177 2178# Check for broken snprintf 2179if test "x$ac_cv_func_snprintf" = "xyes" ; then 2180 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2181 AC_RUN_IFELSE( 2182 [AC_LANG_PROGRAM([[ 2183#include <stdio.h> 2184#include <stdlib.h> 2185 ]], 2186 [[ 2187 char b[5]; 2188 snprintf(b,5,"123456789"); 2189 exit(b[4]!='\0'); 2190 ]])], 2191 [AC_MSG_RESULT([yes])], 2192 [ 2193 AC_MSG_RESULT([no]) 2194 AC_DEFINE([BROKEN_SNPRINTF], [1], 2195 [Define if your snprintf is busted]) 2196 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2197 ], 2198 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2199 ) 2200fi 2201 2202if test "x$ac_cv_func_snprintf" = "xyes" ; then 2203 AC_MSG_CHECKING([whether snprintf understands %zu]) 2204 AC_RUN_IFELSE( 2205 [AC_LANG_PROGRAM([[ 2206#include <sys/types.h> 2207#include <stdio.h> 2208#include <stdlib.h> 2209#include <string.h> 2210 ]], 2211 [[ 2212 size_t a = 1, b = 2; 2213 char z[128]; 2214 snprintf(z, sizeof z, "%zu%zu", a, b); 2215 exit(strcmp(z, "12")); 2216 ]])], 2217 [AC_MSG_RESULT([yes])], 2218 [ 2219 AC_MSG_RESULT([no]) 2220 AC_DEFINE([BROKEN_SNPRINTF], [1], 2221 [snprintf does not understand %zu]) 2222 ], 2223 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2224 ) 2225fi 2226 2227# We depend on vsnprintf returning the right thing on overflow: the 2228# number of characters it tried to create (as per SUSv3) 2229if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2230 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2231 AC_RUN_IFELSE( 2232 [AC_LANG_PROGRAM([[ 2233#include <sys/types.h> 2234#include <stdio.h> 2235#include <stdarg.h> 2236 2237int x_snprintf(char *str, size_t count, const char *fmt, ...) 2238{ 2239 size_t ret; 2240 va_list ap; 2241 2242 va_start(ap, fmt); 2243 ret = vsnprintf(str, count, fmt, ap); 2244 va_end(ap); 2245 return ret; 2246} 2247 ]], [[ 2248char x[1]; 2249if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2250 return 1; 2251if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2252 return 1; 2253return 0; 2254 ]])], 2255 [AC_MSG_RESULT([yes])], 2256 [ 2257 AC_MSG_RESULT([no]) 2258 AC_DEFINE([BROKEN_SNPRINTF], [1], 2259 [Define if your snprintf is busted]) 2260 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2261 ], 2262 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2263 ) 2264fi 2265 2266# On systems where [v]snprintf is broken, but is declared in stdio, 2267# check that the fmt argument is const char * or just char *. 2268# This is only useful for when BROKEN_SNPRINTF 2269AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2270AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2271#include <stdio.h> 2272int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2273 ]], [[ 2274 snprintf(0, 0, 0); 2275 ]])], 2276 [AC_MSG_RESULT([yes]) 2277 AC_DEFINE([SNPRINTF_CONST], [const], 2278 [Define as const if snprintf() can declare const char *fmt])], 2279 [AC_MSG_RESULT([no]) 2280 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2281 2282# Check for missing getpeereid (or equiv) support 2283NO_PEERCHECK="" 2284if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2285 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2286 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2287#include <sys/types.h> 2288#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2289 [ AC_MSG_RESULT([yes]) 2290 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2291 ], [AC_MSG_RESULT([no]) 2292 NO_PEERCHECK=1 2293 ]) 2294fi 2295 2296dnl make sure that openpty does not reacquire controlling terminal 2297if test ! -z "$check_for_openpty_ctty_bug"; then 2298 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2299 AC_RUN_IFELSE( 2300 [AC_LANG_PROGRAM([[ 2301#include <stdio.h> 2302#include <stdlib.h> 2303#include <unistd.h> 2304#include <sys/fcntl.h> 2305#include <sys/types.h> 2306#include <sys/wait.h> 2307 ]], [[ 2308 pid_t pid; 2309 int fd, ptyfd, ttyfd, status; 2310 2311 pid = fork(); 2312 if (pid < 0) { /* failed */ 2313 exit(1); 2314 } else if (pid > 0) { /* parent */ 2315 waitpid(pid, &status, 0); 2316 if (WIFEXITED(status)) 2317 exit(WEXITSTATUS(status)); 2318 else 2319 exit(2); 2320 } else { /* child */ 2321 close(0); close(1); close(2); 2322 setsid(); 2323 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2324 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2325 if (fd >= 0) 2326 exit(3); /* Acquired ctty: broken */ 2327 else 2328 exit(0); /* Did not acquire ctty: OK */ 2329 } 2330 ]])], 2331 [ 2332 AC_MSG_RESULT([yes]) 2333 ], 2334 [ 2335 AC_MSG_RESULT([no]) 2336 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2337 ], 2338 [ 2339 AC_MSG_RESULT([cross-compiling, assuming yes]) 2340 ] 2341 ) 2342fi 2343 2344if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2345 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2346 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2347 AC_RUN_IFELSE( 2348 [AC_LANG_PROGRAM([[ 2349#include <stdio.h> 2350#include <stdlib.h> 2351#include <sys/socket.h> 2352#include <netdb.h> 2353#include <errno.h> 2354#include <netinet/in.h> 2355 2356#define TEST_PORT "2222" 2357 ]], [[ 2358 int err, sock; 2359 struct addrinfo *gai_ai, *ai, hints; 2360 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2361 2362 memset(&hints, 0, sizeof(hints)); 2363 hints.ai_family = PF_UNSPEC; 2364 hints.ai_socktype = SOCK_STREAM; 2365 hints.ai_flags = AI_PASSIVE; 2366 2367 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2368 if (err != 0) { 2369 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2370 exit(1); 2371 } 2372 2373 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2374 if (ai->ai_family != AF_INET6) 2375 continue; 2376 2377 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2378 sizeof(ntop), strport, sizeof(strport), 2379 NI_NUMERICHOST|NI_NUMERICSERV); 2380 2381 if (err != 0) { 2382 if (err == EAI_SYSTEM) 2383 perror("getnameinfo EAI_SYSTEM"); 2384 else 2385 fprintf(stderr, "getnameinfo failed: %s\n", 2386 gai_strerror(err)); 2387 exit(2); 2388 } 2389 2390 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2391 if (sock < 0) 2392 perror("socket"); 2393 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2394 if (errno == EBADF) 2395 exit(3); 2396 } 2397 } 2398 exit(0); 2399 ]])], 2400 [ 2401 AC_MSG_RESULT([yes]) 2402 ], 2403 [ 2404 AC_MSG_RESULT([no]) 2405 AC_DEFINE([BROKEN_GETADDRINFO]) 2406 ], 2407 [ 2408 AC_MSG_RESULT([cross-compiling, assuming yes]) 2409 ] 2410 ) 2411fi 2412 2413if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2414 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2415 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2416 AC_RUN_IFELSE( 2417 [AC_LANG_PROGRAM([[ 2418#include <stdio.h> 2419#include <stdlib.h> 2420#include <sys/socket.h> 2421#include <netdb.h> 2422#include <errno.h> 2423#include <netinet/in.h> 2424 2425#define TEST_PORT "2222" 2426 ]], [[ 2427 int err, sock; 2428 struct addrinfo *gai_ai, *ai, hints; 2429 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2430 2431 memset(&hints, 0, sizeof(hints)); 2432 hints.ai_family = PF_UNSPEC; 2433 hints.ai_socktype = SOCK_STREAM; 2434 hints.ai_flags = AI_PASSIVE; 2435 2436 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2437 if (err != 0) { 2438 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2439 exit(1); 2440 } 2441 2442 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2443 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2444 continue; 2445 2446 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2447 sizeof(ntop), strport, sizeof(strport), 2448 NI_NUMERICHOST|NI_NUMERICSERV); 2449 2450 if (ai->ai_family == AF_INET && err != 0) { 2451 perror("getnameinfo"); 2452 exit(2); 2453 } 2454 } 2455 exit(0); 2456 ]])], 2457 [ 2458 AC_MSG_RESULT([yes]) 2459 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2460 [Define if you have a getaddrinfo that fails 2461 for the all-zeros IPv6 address]) 2462 ], 2463 [ 2464 AC_MSG_RESULT([no]) 2465 AC_DEFINE([BROKEN_GETADDRINFO]) 2466 ], 2467 [ 2468 AC_MSG_RESULT([cross-compiling, assuming no]) 2469 ] 2470 ) 2471fi 2472 2473if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2474 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2475 [#include <sys/types.h> 2476 #include <sys/socket.h> 2477 #include <netdb.h>]) 2478fi 2479 2480if test "x$check_for_conflicting_getspnam" = "x1"; then 2481 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2482 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2483#include <shadow.h> 2484#include <stdlib.h> 2485 ]], 2486 [[ exit(0); ]])], 2487 [ 2488 AC_MSG_RESULT([no]) 2489 ], 2490 [ 2491 AC_MSG_RESULT([yes]) 2492 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2493 [Conflicting defs for getspnam]) 2494 ] 2495 ) 2496fi 2497 2498dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2499dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2500dnl for over ten years). Despite this incompatibility being reported during 2501dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2502dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2503dnl implementation. Try to detect this mess, and assume the only safe option 2504dnl if we're cross compiling. 2505dnl 2506dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2507dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2508if test "x$ac_cv_func_strnvis" = "xyes"; then 2509 AC_MSG_CHECKING([for working strnvis]) 2510 AC_RUN_IFELSE( 2511 [AC_LANG_PROGRAM([[ 2512#include <signal.h> 2513#include <stdlib.h> 2514#include <string.h> 2515#include <unistd.h> 2516#include <vis.h> 2517static void sighandler(int sig) { _exit(1); } 2518 ]], [[ 2519 char dst[16]; 2520 2521 signal(SIGSEGV, sighandler); 2522 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2523 exit(0); 2524 exit(1) 2525 ]])], 2526 [AC_MSG_RESULT([yes])], 2527 [AC_MSG_RESULT([no]) 2528 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2529 [AC_MSG_WARN([cross compiling: assuming broken]) 2530 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2531 ) 2532fi 2533 2534AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2535AC_RUN_IFELSE( 2536 [AC_LANG_PROGRAM([[ 2537#ifdef HAVE_SYS_SELECT 2538# include <sys/select.h> 2539#endif 2540#include <sys/types.h> 2541#include <sys/time.h> 2542#include <stdlib.h> 2543#include <signal.h> 2544#include <unistd.h> 2545static void sighandler(int sig) { } 2546 ]], [[ 2547 int r; 2548 pid_t pid; 2549 struct sigaction sa; 2550 2551 sa.sa_handler = sighandler; 2552 sa.sa_flags = SA_RESTART; 2553 (void)sigaction(SIGTERM, &sa, NULL); 2554 if ((pid = fork()) == 0) { /* child */ 2555 pid = getppid(); 2556 sleep(1); 2557 kill(pid, SIGTERM); 2558 sleep(1); 2559 if (getppid() == pid) /* if parent did not exit, shoot it */ 2560 kill(pid, SIGKILL); 2561 exit(0); 2562 } else { /* parent */ 2563 r = select(0, NULL, NULL, NULL, NULL); 2564 } 2565 exit(r == -1 ? 0 : 1); 2566 ]])], 2567 [AC_MSG_RESULT([yes])], 2568 [AC_MSG_RESULT([no]) 2569 AC_DEFINE([NO_SA_RESTART], [1], 2570 [SA_RESTARTed signals do no interrupt select])], 2571 [AC_MSG_WARN([cross compiling: assuming yes])] 2572) 2573 2574AC_CHECK_FUNCS([getpgrp],[ 2575 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2576 AC_COMPILE_IFELSE( 2577 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2578 [ AC_MSG_RESULT([yes]) 2579 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2580 [ AC_MSG_RESULT([no]) 2581 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2582 ) 2583]) 2584 2585# Search for OpenSSL 2586saved_CPPFLAGS="$CPPFLAGS" 2587saved_LDFLAGS="$LDFLAGS" 2588AC_ARG_WITH([ssl-dir], 2589 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2590 [ 2591 if test "x$openssl" = "xno" ; then 2592 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2593 fi 2594 if test "x$withval" != "xno" ; then 2595 case "$withval" in 2596 # Relative paths 2597 ./*|../*) withval="`pwd`/$withval" 2598 esac 2599 if test -d "$withval/lib"; then 2600 if test -n "${rpath_opt}"; then 2601 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 2602 else 2603 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2604 fi 2605 elif test -d "$withval/lib64"; then 2606 if test -n "${rpath_opt}"; then 2607 LDFLAGS="-L${withval}/lib64 ${rpath_opt}${withval}/lib64 ${LDFLAGS}" 2608 else 2609 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2610 fi 2611 else 2612 if test -n "${rpath_opt}"; then 2613 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 2614 else 2615 LDFLAGS="-L${withval} ${LDFLAGS}" 2616 fi 2617 fi 2618 if test -d "$withval/include"; then 2619 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2620 else 2621 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2622 fi 2623 fi 2624 ] 2625) 2626 2627AC_ARG_WITH([openssl-header-check], 2628 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2629 [ 2630 if test "x$withval" = "xno" ; then 2631 openssl_check_nonfatal=1 2632 fi 2633 ] 2634) 2635 2636openssl_engine=no 2637AC_ARG_WITH([ssl-engine], 2638 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2639 [ 2640 if test "x$withval" != "xno" ; then 2641 if test "x$openssl" = "xno" ; then 2642 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2643 fi 2644 openssl_engine=yes 2645 fi 2646 ] 2647) 2648 2649if test "x$openssl" = "xyes" ; then 2650 LIBS="-lcrypto $LIBS" 2651 AC_TRY_LINK_FUNC([RAND_add], , 2652 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2653 AC_CHECK_HEADER([openssl/opensslv.h], , 2654 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2655 2656 # Determine OpenSSL header version 2657 AC_MSG_CHECKING([OpenSSL header version]) 2658 AC_RUN_IFELSE( 2659 [AC_LANG_PROGRAM([[ 2660 #include <stdlib.h> 2661 #include <stdio.h> 2662 #include <string.h> 2663 #include <openssl/opensslv.h> 2664 #define DATA "conftest.sslincver" 2665 ]], [[ 2666 FILE *fd; 2667 int rc; 2668 2669 fd = fopen(DATA,"w"); 2670 if(fd == NULL) 2671 exit(1); 2672 2673 if ((rc = fprintf(fd, "%08lx (%s)\n", 2674 (unsigned long)OPENSSL_VERSION_NUMBER, 2675 OPENSSL_VERSION_TEXT)) < 0) 2676 exit(1); 2677 2678 exit(0); 2679 ]])], 2680 [ 2681 ssl_header_ver=`cat conftest.sslincver` 2682 AC_MSG_RESULT([$ssl_header_ver]) 2683 ], 2684 [ 2685 AC_MSG_RESULT([not found]) 2686 AC_MSG_ERROR([OpenSSL version header not found.]) 2687 ], 2688 [ 2689 AC_MSG_WARN([cross compiling: not checking]) 2690 ] 2691 ) 2692 2693 # Determining OpenSSL library version is version dependent. 2694 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2695 2696 # Determine OpenSSL library version 2697 AC_MSG_CHECKING([OpenSSL library version]) 2698 AC_RUN_IFELSE( 2699 [AC_LANG_PROGRAM([[ 2700 #include <stdio.h> 2701 #include <stdlib.h> 2702 #include <string.h> 2703 #include <openssl/opensslv.h> 2704 #include <openssl/crypto.h> 2705 #define DATA "conftest.ssllibver" 2706 ]], [[ 2707 FILE *fd; 2708 int rc; 2709 2710 fd = fopen(DATA,"w"); 2711 if(fd == NULL) 2712 exit(1); 2713#ifndef OPENSSL_VERSION 2714# define OPENSSL_VERSION SSLEAY_VERSION 2715#endif 2716#ifndef HAVE_OPENSSL_VERSION 2717# define OpenSSL_version SSLeay_version 2718#endif 2719#ifndef HAVE_OPENSSL_VERSION_NUM 2720# define OpenSSL_version_num SSLeay 2721#endif 2722 if ((rc = fprintf(fd, "%08lx (%s)\n", 2723 (unsigned long)OpenSSL_version_num(), 2724 OpenSSL_version(OPENSSL_VERSION))) < 0) 2725 exit(1); 2726 2727 exit(0); 2728 ]])], 2729 [ 2730 ssl_library_ver=`cat conftest.ssllibver` 2731 # Check version is supported. 2732 case "$ssl_library_ver" in 2733 10000*|0*) 2734 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2735 ;; 2736 100*) ;; # 1.0.x 2737 101000[[0123456]]*) 2738 # https://github.com/openssl/openssl/pull/4613 2739 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) 2740 ;; 2741 101*) ;; # 1.1.x 2742 200*) ;; # LibreSSL 2743 300*) ;; # OpenSSL development branch. 2744 *) 2745 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) 2746 ;; 2747 esac 2748 AC_MSG_RESULT([$ssl_library_ver]) 2749 ], 2750 [ 2751 AC_MSG_RESULT([not found]) 2752 AC_MSG_ERROR([OpenSSL library not found.]) 2753 ], 2754 [ 2755 AC_MSG_WARN([cross compiling: not checking]) 2756 ] 2757 ) 2758 2759 # Sanity check OpenSSL headers 2760 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2761 AC_RUN_IFELSE( 2762 [AC_LANG_PROGRAM([[ 2763 #include <stdlib.h> 2764 #include <string.h> 2765 #include <openssl/opensslv.h> 2766 #include <openssl/crypto.h> 2767 ]], [[ 2768#ifndef HAVE_OPENSSL_VERSION_NUM 2769# define OpenSSL_version_num SSLeay 2770#endif 2771 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2772 ]])], 2773 [ 2774 AC_MSG_RESULT([yes]) 2775 ], 2776 [ 2777 AC_MSG_RESULT([no]) 2778 if test "x$openssl_check_nonfatal" = "x"; then 2779 AC_MSG_ERROR([Your OpenSSL headers do not match your 2780 library. Check config.log for details. 2781 If you are sure your installation is consistent, you can disable the check 2782 by running "./configure --without-openssl-header-check". 2783 Also see contrib/findssl.sh for help identifying header/library mismatches. 2784 ]) 2785 else 2786 AC_MSG_WARN([Your OpenSSL headers do not match your 2787 library. Check config.log for details. 2788 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2789 fi 2790 ], 2791 [ 2792 AC_MSG_WARN([cross compiling: not checking]) 2793 ] 2794 ) 2795 2796 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2797 AC_LINK_IFELSE( 2798 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2799 [[ ERR_load_crypto_strings(); ]])], 2800 [ 2801 AC_MSG_RESULT([yes]) 2802 ], 2803 [ 2804 AC_MSG_RESULT([no]) 2805 saved_LIBS="$LIBS" 2806 LIBS="$LIBS -ldl" 2807 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2808 AC_LINK_IFELSE( 2809 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2810 [[ ERR_load_crypto_strings(); ]])], 2811 [ 2812 AC_MSG_RESULT([yes]) 2813 ], 2814 [ 2815 AC_MSG_RESULT([no]) 2816 LIBS="$saved_LIBS" 2817 ] 2818 ) 2819 ] 2820 ) 2821 2822 AC_CHECK_FUNCS([ \ 2823 BN_is_prime_ex \ 2824 DSA_generate_parameters_ex \ 2825 EVP_CIPHER_CTX_ctrl \ 2826 EVP_DigestFinal_ex \ 2827 EVP_DigestInit_ex \ 2828 EVP_MD_CTX_cleanup \ 2829 EVP_MD_CTX_copy_ex \ 2830 EVP_MD_CTX_init \ 2831 HMAC_CTX_init \ 2832 RSA_generate_key_ex \ 2833 RSA_get_default_method \ 2834 ]) 2835 2836 # OpenSSL_add_all_algorithms may be a macro. 2837 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 2838 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 2839 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 2840 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 2841 [[#include <openssl/evp.h>]] 2842 ) 2843 ) 2844 2845 # LibreSSL/OpenSSL 1.1x API 2846 AC_CHECK_FUNCS([ \ 2847 OPENSSL_init_crypto \ 2848 DH_get0_key \ 2849 DH_get0_pqg \ 2850 DH_set0_key \ 2851 DH_set_length \ 2852 DH_set0_pqg \ 2853 DSA_get0_key \ 2854 DSA_get0_pqg \ 2855 DSA_set0_key \ 2856 DSA_set0_pqg \ 2857 DSA_SIG_get0 \ 2858 DSA_SIG_set0 \ 2859 ECDSA_SIG_get0 \ 2860 ECDSA_SIG_set0 \ 2861 EVP_CIPHER_CTX_iv \ 2862 EVP_CIPHER_CTX_iv_noconst \ 2863 EVP_CIPHER_CTX_get_iv \ 2864 EVP_CIPHER_CTX_set_iv \ 2865 RSA_get0_crt_params \ 2866 RSA_get0_factors \ 2867 RSA_get0_key \ 2868 RSA_set0_crt_params \ 2869 RSA_set0_factors \ 2870 RSA_set0_key \ 2871 RSA_meth_free \ 2872 RSA_meth_dup \ 2873 RSA_meth_set1_name \ 2874 RSA_meth_get_finish \ 2875 RSA_meth_set_priv_enc \ 2876 RSA_meth_set_priv_dec \ 2877 RSA_meth_set_finish \ 2878 EVP_PKEY_get0_RSA \ 2879 EVP_MD_CTX_new \ 2880 EVP_MD_CTX_free \ 2881 EVP_chacha20 \ 2882 ]) 2883 2884 if test "x$openssl_engine" = "xyes" ; then 2885 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2886 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2887 #include <openssl/engine.h> 2888 ]], [[ 2889 ENGINE_load_builtin_engines(); 2890 ENGINE_register_all_complete(); 2891 ]])], 2892 [ AC_MSG_RESULT([yes]) 2893 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2894 [Enable OpenSSL engine support]) 2895 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2896 ]) 2897 fi 2898 2899 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2900 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2901 AC_LINK_IFELSE( 2902 [AC_LANG_PROGRAM([[ 2903 #include <stdlib.h> 2904 #include <string.h> 2905 #include <openssl/evp.h> 2906 ]], [[ 2907 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2908 ]])], 2909 [ 2910 AC_MSG_RESULT([no]) 2911 ], 2912 [ 2913 AC_MSG_RESULT([yes]) 2914 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2915 [libcrypto is missing AES 192 and 256 bit functions]) 2916 ] 2917 ) 2918 2919 # Check for OpenSSL with EVP_aes_*ctr 2920 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2921 AC_LINK_IFELSE( 2922 [AC_LANG_PROGRAM([[ 2923 #include <stdlib.h> 2924 #include <string.h> 2925 #include <openssl/evp.h> 2926 ]], [[ 2927 exit(EVP_aes_128_ctr() == NULL || 2928 EVP_aes_192_cbc() == NULL || 2929 EVP_aes_256_cbc() == NULL); 2930 ]])], 2931 [ 2932 AC_MSG_RESULT([yes]) 2933 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2934 [libcrypto has EVP AES CTR]) 2935 ], 2936 [ 2937 AC_MSG_RESULT([no]) 2938 ] 2939 ) 2940 2941 # Check for OpenSSL with EVP_aes_*gcm 2942 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2943 AC_LINK_IFELSE( 2944 [AC_LANG_PROGRAM([[ 2945 #include <stdlib.h> 2946 #include <string.h> 2947 #include <openssl/evp.h> 2948 ]], [[ 2949 exit(EVP_aes_128_gcm() == NULL || 2950 EVP_aes_256_gcm() == NULL || 2951 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2952 EVP_CTRL_GCM_IV_GEN == 0 || 2953 EVP_CTRL_GCM_SET_TAG == 0 || 2954 EVP_CTRL_GCM_GET_TAG == 0 || 2955 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2956 ]])], 2957 [ 2958 AC_MSG_RESULT([yes]) 2959 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2960 [libcrypto has EVP AES GCM]) 2961 ], 2962 [ 2963 AC_MSG_RESULT([no]) 2964 unsupported_algorithms="$unsupported_cipers \ 2965 aes128-gcm@openssh.com \ 2966 aes256-gcm@openssh.com" 2967 ] 2968 ) 2969 2970 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2971 AC_LINK_IFELSE( 2972 [AC_LANG_PROGRAM([[ 2973 #include <stdlib.h> 2974 #include <string.h> 2975 #include <openssl/evp.h> 2976 ]], [[ 2977 if(EVP_DigestUpdate(NULL, NULL,0)) 2978 exit(0); 2979 ]])], 2980 [ 2981 AC_MSG_RESULT([yes]) 2982 ], 2983 [ 2984 AC_MSG_RESULT([no]) 2985 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2986 [Define if EVP_DigestUpdate returns void]) 2987 ] 2988 ) 2989 2990 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2991 # because the system crypt() is more featureful. 2992 if test "x$check_for_libcrypt_before" = "x1"; then 2993 AC_CHECK_LIB([crypt], [crypt]) 2994 fi 2995 2996 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2997 # version in OpenSSL. 2998 if test "x$check_for_libcrypt_later" = "x1"; then 2999 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3000 fi 3001 AC_CHECK_FUNCS([crypt DES_crypt]) 3002 3003 # Check for SHA256, SHA384 and SHA512 support in OpenSSL 3004 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) 3005 3006 # Check complete ECC support in OpenSSL 3007 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 3008 AC_LINK_IFELSE( 3009 [AC_LANG_PROGRAM([[ 3010 #include <openssl/ec.h> 3011 #include <openssl/ecdh.h> 3012 #include <openssl/ecdsa.h> 3013 #include <openssl/evp.h> 3014 #include <openssl/objects.h> 3015 #include <openssl/opensslv.h> 3016 ]], [[ 3017 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3018 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3019 ]])], 3020 [ AC_MSG_RESULT([yes]) 3021 enable_nistp256=1 ], 3022 [ AC_MSG_RESULT([no]) ] 3023 ) 3024 3025 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3026 AC_LINK_IFELSE( 3027 [AC_LANG_PROGRAM([[ 3028 #include <openssl/ec.h> 3029 #include <openssl/ecdh.h> 3030 #include <openssl/ecdsa.h> 3031 #include <openssl/evp.h> 3032 #include <openssl/objects.h> 3033 #include <openssl/opensslv.h> 3034 ]], [[ 3035 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3036 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3037 ]])], 3038 [ AC_MSG_RESULT([yes]) 3039 enable_nistp384=1 ], 3040 [ AC_MSG_RESULT([no]) ] 3041 ) 3042 3043 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3044 AC_LINK_IFELSE( 3045 [AC_LANG_PROGRAM([[ 3046 #include <openssl/ec.h> 3047 #include <openssl/ecdh.h> 3048 #include <openssl/ecdsa.h> 3049 #include <openssl/evp.h> 3050 #include <openssl/objects.h> 3051 #include <openssl/opensslv.h> 3052 ]], [[ 3053 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3054 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3055 ]])], 3056 [ AC_MSG_RESULT([yes]) 3057 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3058 AC_RUN_IFELSE( 3059 [AC_LANG_PROGRAM([[ 3060 #include <stdlib.h> 3061 #include <openssl/ec.h> 3062 #include <openssl/ecdh.h> 3063 #include <openssl/ecdsa.h> 3064 #include <openssl/evp.h> 3065 #include <openssl/objects.h> 3066 #include <openssl/opensslv.h> 3067 ]],[[ 3068 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3069 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3070 exit(e == NULL || m == NULL); 3071 ]])], 3072 [ AC_MSG_RESULT([yes]) 3073 enable_nistp521=1 ], 3074 [ AC_MSG_RESULT([no]) ], 3075 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3076 enable_nistp521=1 ] 3077 )], 3078 AC_MSG_RESULT([no]) 3079 ) 3080 3081 COMMENT_OUT_ECC="#no ecc#" 3082 TEST_SSH_ECC=no 3083 3084 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3085 test x$enable_nistp521 = x1; then 3086 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3087 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3088 openssl_ecc=yes 3089 else 3090 openssl_ecc=no 3091 fi 3092 if test x$enable_nistp256 = x1; then 3093 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3094 [libcrypto has NID_X9_62_prime256v1]) 3095 TEST_SSH_ECC=yes 3096 COMMENT_OUT_ECC="" 3097 else 3098 unsupported_algorithms="$unsupported_algorithms \ 3099 ecdsa-sha2-nistp256 \ 3100 ecdh-sha2-nistp256 \ 3101 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3102 fi 3103 if test x$enable_nistp384 = x1; then 3104 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3105 TEST_SSH_ECC=yes 3106 COMMENT_OUT_ECC="" 3107 else 3108 unsupported_algorithms="$unsupported_algorithms \ 3109 ecdsa-sha2-nistp384 \ 3110 ecdh-sha2-nistp384 \ 3111 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3112 fi 3113 if test x$enable_nistp521 = x1; then 3114 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3115 TEST_SSH_ECC=yes 3116 COMMENT_OUT_ECC="" 3117 else 3118 unsupported_algorithms="$unsupported_algorithms \ 3119 ecdh-sha2-nistp521 \ 3120 ecdsa-sha2-nistp521 \ 3121 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3122 fi 3123 3124 AC_SUBST([TEST_SSH_ECC]) 3125 AC_SUBST([COMMENT_OUT_ECC]) 3126else 3127 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3128 AC_CHECK_FUNCS([crypt]) 3129fi 3130 3131# PKCS11/U2F depend on OpenSSL and dlopen(). 3132enable_pkcs11=yes 3133enable_sk=yes 3134if test "x$openssl" != "xyes" ; then 3135 enable_pkcs11="disabled; missing libcrypto" 3136 enable_sk="disabled; missing libcrypto" 3137fi 3138if test "x$openssl_ecc" != "xyes" ; then 3139 enable_sk="disabled; OpenSSL has no ECC support" 3140fi 3141if test "x$ac_cv_func_dlopen" != "xyes" ; then 3142 enable_pkcs11="disabled; missing dlopen(3)" 3143 enable_sk="disabled; missing dlopen(3)" 3144fi 3145if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3146 enable_pkcs11="disabled; missing RTLD_NOW" 3147 enable_sk="disabled; missing RTLD_NOW" 3148fi 3149if test ! -z "$disable_pkcs11" ; then 3150 enable_pkcs11="disabled by user" 3151fi 3152if test ! -z "$disable_sk" ; then 3153 enable_sk="disabled by user" 3154fi 3155 3156AC_MSG_CHECKING([whether to enable PKCS11]) 3157if test "x$enable_pkcs11" = "xyes" ; then 3158 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3159fi 3160AC_MSG_RESULT([$enable_pkcs11]) 3161 3162AC_MSG_CHECKING([whether to enable U2F]) 3163if test "x$enable_sk" = "xyes" ; then 3164 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3165 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3166else 3167 # Do not try to build sk-dummy library. 3168 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3169fi 3170AC_MSG_RESULT([$enable_sk]) 3171 3172# Now check for built-in security key support. 3173if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then 3174 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 3175 use_pkgconfig_for_libfido2= 3176 if test "x$PKGCONFIG" != "xno"; then 3177 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3178 if "$PKGCONFIG" libfido2; then 3179 AC_MSG_RESULT([yes]) 3180 use_pkgconfig_for_libfido2=yes 3181 else 3182 AC_MSG_RESULT([no]) 3183 fi 3184 fi 3185 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3186 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3187 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3188 else 3189 LIBFIDO2="-lfido2 -lcbor" 3190 fi 3191 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3192 AC_CHECK_LIB([fido2], [fido_init], 3193 [ 3194 AC_SUBST([LIBFIDO2]) 3195 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3196 [Enable for built-in U2F/FIDO support]) 3197 enable_sk="built-in" 3198 ], [ AC_MSG_ERROR([no usable libfido2 found]) ], 3199 [ $OTHERLIBS ] 3200 ) 3201 saved_LIBS="$LIBS" 3202 LIBS="$LIBS $LIBFIDO2" 3203 AC_CHECK_FUNCS([ \ 3204 fido_cred_prot \ 3205 fido_cred_set_prot \ 3206 fido_dev_get_touch_begin \ 3207 fido_dev_get_touch_status \ 3208 fido_dev_supports_cred_prot \ 3209 ]) 3210 LIBS="$saved_LIBS" 3211 AC_CHECK_HEADER([fido.h], [], 3212 AC_MSG_ERROR([missing fido.h from libfido2])) 3213 AC_CHECK_HEADER([fido/credman.h], [], 3214 AC_MSG_ERROR([missing fido/credman.h from libfido2]), 3215 [#include <fido.h>] 3216 ) 3217fi 3218 3219AC_CHECK_FUNCS([ \ 3220 arc4random \ 3221 arc4random_buf \ 3222 arc4random_stir \ 3223 arc4random_uniform \ 3224]) 3225 3226saved_LIBS="$LIBS" 3227AC_CHECK_LIB([iaf], [ia_openinfo], [ 3228 LIBS="$LIBS -liaf" 3229 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3230 AC_DEFINE([HAVE_LIBIAF], [1], 3231 [Define if system has libiaf that supports set_id]) 3232 ]) 3233]) 3234LIBS="$saved_LIBS" 3235 3236### Configure cryptographic random number support 3237 3238# Check whether OpenSSL seeds itself 3239if test "x$openssl" = "xyes" ; then 3240 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3241 AC_RUN_IFELSE( 3242 [AC_LANG_PROGRAM([[ 3243 #include <stdlib.h> 3244 #include <string.h> 3245 #include <openssl/rand.h> 3246 ]], [[ 3247 exit(RAND_status() == 1 ? 0 : 1); 3248 ]])], 3249 [ 3250 OPENSSL_SEEDS_ITSELF=yes 3251 AC_MSG_RESULT([yes]) 3252 ], 3253 [ 3254 AC_MSG_RESULT([no]) 3255 ], 3256 [ 3257 AC_MSG_WARN([cross compiling: assuming yes]) 3258 # This is safe, since we will fatal() at runtime if 3259 # OpenSSL is not seeded correctly. 3260 OPENSSL_SEEDS_ITSELF=yes 3261 ] 3262 ) 3263fi 3264 3265# PRNGD TCP socket 3266AC_ARG_WITH([prngd-port], 3267 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3268 [ 3269 case "$withval" in 3270 no) 3271 withval="" 3272 ;; 3273 [[0-9]]*) 3274 ;; 3275 *) 3276 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3277 ;; 3278 esac 3279 if test ! -z "$withval" ; then 3280 PRNGD_PORT="$withval" 3281 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3282 [Port number of PRNGD/EGD random number socket]) 3283 fi 3284 ] 3285) 3286 3287# PRNGD Unix domain socket 3288AC_ARG_WITH([prngd-socket], 3289 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3290 [ 3291 case "$withval" in 3292 yes) 3293 withval="/var/run/egd-pool" 3294 ;; 3295 no) 3296 withval="" 3297 ;; 3298 /*) 3299 ;; 3300 *) 3301 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3302 ;; 3303 esac 3304 3305 if test ! -z "$withval" ; then 3306 if test ! -z "$PRNGD_PORT" ; then 3307 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3308 fi 3309 if test ! -r "$withval" ; then 3310 AC_MSG_WARN([Entropy socket is not readable]) 3311 fi 3312 PRNGD_SOCKET="$withval" 3313 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3314 [Location of PRNGD/EGD random number socket]) 3315 fi 3316 ], 3317 [ 3318 # Check for existing socket only if we don't have a random device already 3319 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3320 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3321 # Insert other locations here 3322 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3323 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3324 PRNGD_SOCKET="$sock" 3325 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3326 break; 3327 fi 3328 done 3329 if test ! -z "$PRNGD_SOCKET" ; then 3330 AC_MSG_RESULT([$PRNGD_SOCKET]) 3331 else 3332 AC_MSG_RESULT([not found]) 3333 fi 3334 fi 3335 ] 3336) 3337 3338# Which randomness source do we use? 3339if test ! -z "$PRNGD_PORT" ; then 3340 RAND_MSG="PRNGd port $PRNGD_PORT" 3341elif test ! -z "$PRNGD_SOCKET" ; then 3342 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3343elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3344 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3345 [Define if you want the OpenSSL internally seeded PRNG only]) 3346 RAND_MSG="OpenSSL internal ONLY" 3347elif test "x$openssl" = "xno" ; then 3348 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3349else 3350 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3351fi 3352 3353# Check for PAM libs 3354PAM_MSG="no" 3355AC_ARG_WITH([pam], 3356 [ --with-pam Enable PAM support ], 3357 [ 3358 if test "x$withval" != "xno" ; then 3359 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3360 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3361 AC_MSG_ERROR([PAM headers not found]) 3362 fi 3363 3364 saved_LIBS="$LIBS" 3365 AC_CHECK_LIB([dl], [dlopen], , ) 3366 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3367 AC_CHECK_FUNCS([pam_getenvlist]) 3368 AC_CHECK_FUNCS([pam_putenv]) 3369 LIBS="$saved_LIBS" 3370 3371 PAM_MSG="yes" 3372 3373 SSHDLIBS="$SSHDLIBS -lpam" 3374 AC_DEFINE([USE_PAM], [1], 3375 [Define if you want to enable PAM support]) 3376 3377 if test $ac_cv_lib_dl_dlopen = yes; then 3378 case "$LIBS" in 3379 *-ldl*) 3380 # libdl already in LIBS 3381 ;; 3382 *) 3383 SSHDLIBS="$SSHDLIBS -ldl" 3384 ;; 3385 esac 3386 fi 3387 fi 3388 ] 3389) 3390 3391AC_ARG_WITH([pam-service], 3392 [ --with-pam-service=name Specify PAM service name ], 3393 [ 3394 if test "x$withval" != "xno" && \ 3395 test "x$withval" != "xyes" ; then 3396 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3397 ["$withval"], [sshd PAM service name]) 3398 fi 3399 ] 3400) 3401 3402# Check for older PAM 3403if test "x$PAM_MSG" = "xyes" ; then 3404 # Check PAM strerror arguments (old PAM) 3405 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3406 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3407#include <stdlib.h> 3408#if defined(HAVE_SECURITY_PAM_APPL_H) 3409#include <security/pam_appl.h> 3410#elif defined (HAVE_PAM_PAM_APPL_H) 3411#include <pam/pam_appl.h> 3412#endif 3413 ]], [[ 3414(void)pam_strerror((pam_handle_t *)NULL, -1); 3415 ]])], [AC_MSG_RESULT([no])], [ 3416 AC_DEFINE([HAVE_OLD_PAM], [1], 3417 [Define if you have an old version of PAM 3418 which takes only one argument to pam_strerror]) 3419 AC_MSG_RESULT([yes]) 3420 PAM_MSG="yes (old library)" 3421 3422 ]) 3423fi 3424 3425case "$host" in 3426*-*-cygwin*) 3427 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3428 ;; 3429*) 3430 SSH_PRIVSEP_USER=sshd 3431 ;; 3432esac 3433AC_ARG_WITH([privsep-user], 3434 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3435 [ 3436 if test -n "$withval" && test "x$withval" != "xno" && \ 3437 test "x${withval}" != "xyes"; then 3438 SSH_PRIVSEP_USER=$withval 3439 fi 3440 ] 3441) 3442if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3443 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3444 [Cygwin function to fetch non-privileged user for privilege separation]) 3445else 3446 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3447 [non-privileged user for privilege separation]) 3448fi 3449AC_SUBST([SSH_PRIVSEP_USER]) 3450 3451if test "x$have_linux_no_new_privs" = "x1" ; then 3452AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3453 #include <sys/types.h> 3454 #include <linux/seccomp.h> 3455]) 3456fi 3457if test "x$have_seccomp_filter" = "x1" ; then 3458AC_MSG_CHECKING([kernel for seccomp_filter support]) 3459AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3460 #include <errno.h> 3461 #include <elf.h> 3462 #include <linux/audit.h> 3463 #include <linux/seccomp.h> 3464 #include <stdlib.h> 3465 #include <sys/prctl.h> 3466 ]], 3467 [[ int i = $seccomp_audit_arch; 3468 errno = 0; 3469 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3470 exit(errno == EFAULT ? 0 : 1); ]])], 3471 [ AC_MSG_RESULT([yes]) ], [ 3472 AC_MSG_RESULT([no]) 3473 # Disable seccomp filter as a target 3474 have_seccomp_filter=0 3475 ] 3476) 3477fi 3478 3479# Decide which sandbox style to use 3480sandbox_arg="" 3481AC_ARG_WITH([sandbox], 3482 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3483 [ 3484 if test "x$withval" = "xyes" ; then 3485 sandbox_arg="" 3486 else 3487 sandbox_arg="$withval" 3488 fi 3489 ] 3490) 3491 3492# Some platforms (seems to be the ones that have a kernel poll(2)-type 3493# function with which they implement select(2)) use an extra file descriptor 3494# when calling select(2), which means we can't use the rlimit sandbox. 3495AC_MSG_CHECKING([if select works with descriptor rlimit]) 3496AC_RUN_IFELSE( 3497 [AC_LANG_PROGRAM([[ 3498#include <sys/types.h> 3499#ifdef HAVE_SYS_TIME_H 3500# include <sys/time.h> 3501#endif 3502#include <sys/resource.h> 3503#ifdef HAVE_SYS_SELECT_H 3504# include <sys/select.h> 3505#endif 3506#include <errno.h> 3507#include <fcntl.h> 3508#include <stdlib.h> 3509 ]],[[ 3510 struct rlimit rl_zero; 3511 int fd, r; 3512 fd_set fds; 3513 struct timeval tv; 3514 3515 fd = open("/dev/null", O_RDONLY); 3516 FD_ZERO(&fds); 3517 FD_SET(fd, &fds); 3518 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3519 setrlimit(RLIMIT_FSIZE, &rl_zero); 3520 setrlimit(RLIMIT_NOFILE, &rl_zero); 3521 tv.tv_sec = 1; 3522 tv.tv_usec = 0; 3523 r = select(fd+1, &fds, NULL, NULL, &tv); 3524 exit (r == -1 ? 1 : 0); 3525 ]])], 3526 [AC_MSG_RESULT([yes]) 3527 select_works_with_rlimit=yes], 3528 [AC_MSG_RESULT([no]) 3529 select_works_with_rlimit=no], 3530 [AC_MSG_WARN([cross compiling: assuming yes]) 3531 select_works_with_rlimit=yes] 3532) 3533 3534AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3535AC_RUN_IFELSE( 3536 [AC_LANG_PROGRAM([[ 3537#include <sys/types.h> 3538#ifdef HAVE_SYS_TIME_H 3539# include <sys/time.h> 3540#endif 3541#include <sys/resource.h> 3542#include <errno.h> 3543#include <stdlib.h> 3544 ]],[[ 3545 struct rlimit rl_zero; 3546 int r; 3547 3548 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3549 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3550 exit (r == -1 ? 1 : 0); 3551 ]])], 3552 [AC_MSG_RESULT([yes]) 3553 rlimit_nofile_zero_works=yes], 3554 [AC_MSG_RESULT([no]) 3555 rlimit_nofile_zero_works=no], 3556 [AC_MSG_WARN([cross compiling: assuming yes]) 3557 rlimit_nofile_zero_works=yes] 3558) 3559 3560AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3561AC_RUN_IFELSE( 3562 [AC_LANG_PROGRAM([[ 3563#include <sys/types.h> 3564#include <sys/resource.h> 3565#include <stdlib.h> 3566 ]],[[ 3567 struct rlimit rl_zero; 3568 3569 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3570 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3571 ]])], 3572 [AC_MSG_RESULT([yes])], 3573 [AC_MSG_RESULT([no]) 3574 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3575 [setrlimit RLIMIT_FSIZE works])], 3576 [AC_MSG_WARN([cross compiling: assuming yes])] 3577) 3578 3579if test "x$sandbox_arg" = "xpledge" || \ 3580 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3581 test "x$ac_cv_func_pledge" != "xyes" && \ 3582 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3583 SANDBOX_STYLE="pledge" 3584 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3585elif test "x$sandbox_arg" = "xsystrace" || \ 3586 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3587 test "x$have_systr_policy_kill" != "x1" && \ 3588 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3589 SANDBOX_STYLE="systrace" 3590 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3591elif test "x$sandbox_arg" = "xdarwin" || \ 3592 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3593 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3594 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3595 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3596 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3597 SANDBOX_STYLE="darwin" 3598 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3599elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3600 ( test -z "$sandbox_arg" && \ 3601 test "x$have_seccomp_filter" = "x1" && \ 3602 test "x$ac_cv_header_elf_h" = "xyes" && \ 3603 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3604 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3605 test "x$seccomp_audit_arch" != "x" && \ 3606 test "x$have_linux_no_new_privs" = "x1" && \ 3607 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3608 test "x$seccomp_audit_arch" = "x" && \ 3609 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3610 test "x$have_linux_no_new_privs" != "x1" && \ 3611 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3612 test "x$have_seccomp_filter" != "x1" && \ 3613 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3614 test "x$ac_cv_func_prctl" != "xyes" && \ 3615 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3616 SANDBOX_STYLE="seccomp_filter" 3617 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3618elif test "x$sandbox_arg" = "xcapsicum" || \ 3619 ( test -z "$sandbox_arg" && \ 3620 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3621 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3622 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3623 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3624 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3625 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3626 SANDBOX_STYLE="capsicum" 3627 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3628elif test "x$sandbox_arg" = "xrlimit" || \ 3629 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3630 test "x$select_works_with_rlimit" = "xyes" && \ 3631 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3632 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3633 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3634 test "x$select_works_with_rlimit" != "xyes" && \ 3635 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3636 SANDBOX_STYLE="rlimit" 3637 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3638elif test "x$sandbox_arg" = "xsolaris" || \ 3639 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3640 SANDBOX_STYLE="solaris" 3641 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3642elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3643 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3644 SANDBOX_STYLE="none" 3645 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3646else 3647 AC_MSG_ERROR([unsupported --with-sandbox]) 3648fi 3649 3650# Cheap hack to ensure NEWS-OS libraries are arranged right. 3651if test ! -z "$SONY" ; then 3652 LIBS="$LIBS -liberty"; 3653fi 3654 3655# Check for long long datatypes 3656AC_CHECK_TYPES([long long, unsigned long long, long double]) 3657 3658# Check datatype sizes 3659AC_CHECK_SIZEOF([short int]) 3660AC_CHECK_SIZEOF([int]) 3661AC_CHECK_SIZEOF([long int]) 3662AC_CHECK_SIZEOF([long long int]) 3663 3664# Sanity check long long for some platforms (AIX) 3665if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3666 ac_cv_sizeof_long_long_int=0 3667fi 3668 3669# compute LLONG_MIN and LLONG_MAX if we don't know them. 3670if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3671 AC_MSG_CHECKING([for max value of long long]) 3672 AC_RUN_IFELSE( 3673 [AC_LANG_PROGRAM([[ 3674#include <stdio.h> 3675#include <stdlib.h> 3676/* Why is this so damn hard? */ 3677#ifdef __GNUC__ 3678# undef __GNUC__ 3679#endif 3680#define __USE_ISOC99 3681#include <limits.h> 3682#define DATA "conftest.llminmax" 3683#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3684 3685/* 3686 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3687 * we do this the hard way. 3688 */ 3689static int 3690fprint_ll(FILE *f, long long n) 3691{ 3692 unsigned int i; 3693 int l[sizeof(long long) * 8]; 3694 3695 if (n < 0) 3696 if (fprintf(f, "-") < 0) 3697 return -1; 3698 for (i = 0; n != 0; i++) { 3699 l[i] = my_abs(n % 10); 3700 n /= 10; 3701 } 3702 do { 3703 if (fprintf(f, "%d", l[--i]) < 0) 3704 return -1; 3705 } while (i != 0); 3706 if (fprintf(f, " ") < 0) 3707 return -1; 3708 return 0; 3709} 3710 ]], [[ 3711 FILE *f; 3712 long long i, llmin, llmax = 0; 3713 3714 if((f = fopen(DATA,"w")) == NULL) 3715 exit(1); 3716 3717#if defined(LLONG_MIN) && defined(LLONG_MAX) 3718 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3719 llmin = LLONG_MIN; 3720 llmax = LLONG_MAX; 3721#else 3722 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3723 /* This will work on one's complement and two's complement */ 3724 for (i = 1; i > llmax; i <<= 1, i++) 3725 llmax = i; 3726 llmin = llmax + 1LL; /* wrap */ 3727#endif 3728 3729 /* Sanity check */ 3730 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3731 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3732 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3733 fprintf(f, "unknown unknown\n"); 3734 exit(2); 3735 } 3736 3737 if (fprint_ll(f, llmin) < 0) 3738 exit(3); 3739 if (fprint_ll(f, llmax) < 0) 3740 exit(4); 3741 if (fclose(f) < 0) 3742 exit(5); 3743 exit(0); 3744 ]])], 3745 [ 3746 llong_min=`$AWK '{print $1}' conftest.llminmax` 3747 llong_max=`$AWK '{print $2}' conftest.llminmax` 3748 3749 AC_MSG_RESULT([$llong_max]) 3750 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3751 [max value of long long calculated by configure]) 3752 AC_MSG_CHECKING([for min value of long long]) 3753 AC_MSG_RESULT([$llong_min]) 3754 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3755 [min value of long long calculated by configure]) 3756 ], 3757 [ 3758 AC_MSG_RESULT([not found]) 3759 ], 3760 [ 3761 AC_MSG_WARN([cross compiling: not checking]) 3762 ] 3763 ) 3764fi 3765 3766AC_CHECK_DECLS([UINT32_MAX], , , [[ 3767#ifdef HAVE_SYS_LIMITS_H 3768# include <sys/limits.h> 3769#endif 3770#ifdef HAVE_LIMITS_H 3771# include <limits.h> 3772#endif 3773#ifdef HAVE_STDINT_H 3774# include <stdint.h> 3775#endif 3776]]) 3777 3778# More checks for data types 3779AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3780 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3781 [[ u_int a; a = 1;]])], 3782 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3783 ]) 3784]) 3785if test "x$ac_cv_have_u_int" = "xyes" ; then 3786 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3787 have_u_int=1 3788fi 3789 3790AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3791 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3792 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3793 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3794 ]) 3795]) 3796if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3797 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3798 have_intxx_t=1 3799fi 3800 3801if (test -z "$have_intxx_t" && \ 3802 test "x$ac_cv_header_stdint_h" = "xyes") 3803then 3804 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3805 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3806 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3807 [ 3808 AC_DEFINE([HAVE_INTXX_T]) 3809 AC_MSG_RESULT([yes]) 3810 ], [ AC_MSG_RESULT([no]) 3811 ]) 3812fi 3813 3814AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3815 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3816#include <sys/types.h> 3817#ifdef HAVE_STDINT_H 3818# include <stdint.h> 3819#endif 3820#include <sys/socket.h> 3821#ifdef HAVE_SYS_BITYPES_H 3822# include <sys/bitypes.h> 3823#endif 3824 ]], [[ 3825int64_t a; a = 1; 3826 ]])], 3827 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3828 ]) 3829]) 3830if test "x$ac_cv_have_int64_t" = "xyes" ; then 3831 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3832fi 3833 3834AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3835 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3836 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3837 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3838 ]) 3839]) 3840if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3841 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3842 have_u_intxx_t=1 3843fi 3844 3845if test -z "$have_u_intxx_t" ; then 3846 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3847 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3848 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3849 [ 3850 AC_DEFINE([HAVE_U_INTXX_T]) 3851 AC_MSG_RESULT([yes]) 3852 ], [ AC_MSG_RESULT([no]) 3853 ]) 3854fi 3855 3856AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3857 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3858 [[ u_int64_t a; a = 1;]])], 3859 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3860 ]) 3861]) 3862if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3863 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3864 have_u_int64_t=1 3865fi 3866 3867if (test -z "$have_u_int64_t" && \ 3868 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3869then 3870 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3871 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3872 [[ u_int64_t a; a = 1]])], 3873 [ 3874 AC_DEFINE([HAVE_U_INT64_T]) 3875 AC_MSG_RESULT([yes]) 3876 ], [ AC_MSG_RESULT([no]) 3877 ]) 3878fi 3879 3880if test -z "$have_u_intxx_t" ; then 3881 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3882 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3883#include <sys/types.h> 3884 ]], [[ 3885 uint8_t a; 3886 uint16_t b; 3887 uint32_t c; 3888 a = b = c = 1; 3889 ]])], 3890 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3891 ]) 3892 ]) 3893 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3894 AC_DEFINE([HAVE_UINTXX_T], [1], 3895 [define if you have uintxx_t data type]) 3896 fi 3897fi 3898 3899if (test -z "$have_uintxx_t" && \ 3900 test "x$ac_cv_header_stdint_h" = "xyes") 3901then 3902 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3903 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3904 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3905 [ 3906 AC_DEFINE([HAVE_UINTXX_T]) 3907 AC_MSG_RESULT([yes]) 3908 ], [ AC_MSG_RESULT([no]) 3909 ]) 3910fi 3911 3912if (test -z "$have_uintxx_t" && \ 3913 test "x$ac_cv_header_inttypes_h" = "xyes") 3914then 3915 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3916 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3917 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3918 [ 3919 AC_DEFINE([HAVE_UINTXX_T]) 3920 AC_MSG_RESULT([yes]) 3921 ], [ AC_MSG_RESULT([no]) 3922 ]) 3923fi 3924 3925if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3926 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3927then 3928 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3929 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3930#include <sys/bitypes.h> 3931 ]], [[ 3932 int8_t a; int16_t b; int32_t c; 3933 u_int8_t e; u_int16_t f; u_int32_t g; 3934 a = b = c = e = f = g = 1; 3935 ]])], 3936 [ 3937 AC_DEFINE([HAVE_U_INTXX_T]) 3938 AC_DEFINE([HAVE_INTXX_T]) 3939 AC_MSG_RESULT([yes]) 3940 ], [AC_MSG_RESULT([no]) 3941 ]) 3942fi 3943 3944 3945AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3946 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3947 [[ u_char foo; foo = 125; ]])], 3948 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3949 ]) 3950]) 3951if test "x$ac_cv_have_u_char" = "xyes" ; then 3952 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3953fi 3954 3955AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3956#include <sys/types.h> 3957#ifdef HAVE_STDINT_H 3958# include <stdint.h> 3959#endif 3960]) 3961 3962TYPE_SOCKLEN_T 3963 3964AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3965AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3966#include <sys/types.h> 3967#ifdef HAVE_SYS_BITYPES_H 3968#include <sys/bitypes.h> 3969#endif 3970#ifdef HAVE_SYS_STATFS_H 3971#include <sys/statfs.h> 3972#endif 3973#ifdef HAVE_SYS_STATVFS_H 3974#include <sys/statvfs.h> 3975#endif 3976]) 3977 3978AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 3979#include <sys/param.h> 3980#include <sys/types.h> 3981#ifdef HAVE_SYS_BITYPES_H 3982#include <sys/bitypes.h> 3983#endif 3984#ifdef HAVE_SYS_STATFS_H 3985#include <sys/statfs.h> 3986#endif 3987#ifdef HAVE_SYS_STATVFS_H 3988#include <sys/statvfs.h> 3989#endif 3990#ifdef HAVE_SYS_VFS_H 3991#include <sys/vfs.h> 3992#endif 3993#ifdef HAVE_SYS_MOUNT_H 3994#include <sys/mount.h> 3995#endif 3996]]) 3997 3998 3999AC_CHECK_TYPES([in_addr_t, in_port_t], , , 4000[#include <sys/types.h> 4001#include <netinet/in.h>]) 4002 4003AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 4004 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4005 [[ size_t foo; foo = 1235; ]])], 4006 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 4007 ]) 4008]) 4009if test "x$ac_cv_have_size_t" = "xyes" ; then 4010 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 4011fi 4012 4013AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 4014 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4015 [[ ssize_t foo; foo = 1235; ]])], 4016 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 4017 ]) 4018]) 4019if test "x$ac_cv_have_ssize_t" = "xyes" ; then 4020 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 4021fi 4022 4023AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 4024 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4025 [[ clock_t foo; foo = 1235; ]])], 4026 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4027 ]) 4028]) 4029if test "x$ac_cv_have_clock_t" = "xyes" ; then 4030 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4031fi 4032 4033AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4034 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4035#include <sys/types.h> 4036#include <sys/socket.h> 4037 ]], [[ sa_family_t foo; foo = 1235; ]])], 4038 [ ac_cv_have_sa_family_t="yes" ], 4039 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4040#include <sys/types.h> 4041#include <sys/socket.h> 4042#include <netinet/in.h> 4043 ]], [[ sa_family_t foo; foo = 1235; ]])], 4044 [ ac_cv_have_sa_family_t="yes" ], 4045 [ ac_cv_have_sa_family_t="no" ] 4046 ) 4047 ]) 4048]) 4049if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4050 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4051 [define if you have sa_family_t data type]) 4052fi 4053 4054AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4055 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4056 [[ pid_t foo; foo = 1235; ]])], 4057 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4058 ]) 4059]) 4060if test "x$ac_cv_have_pid_t" = "xyes" ; then 4061 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4062fi 4063 4064AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4065 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4066 [[ mode_t foo; foo = 1235; ]])], 4067 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4068 ]) 4069]) 4070if test "x$ac_cv_have_mode_t" = "xyes" ; then 4071 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4072fi 4073 4074 4075AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4076 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4077#include <sys/types.h> 4078#include <sys/socket.h> 4079 ]], [[ struct sockaddr_storage s; ]])], 4080 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4081 [ ac_cv_have_struct_sockaddr_storage="no" 4082 ]) 4083]) 4084if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4085 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4086 [define if you have struct sockaddr_storage data type]) 4087fi 4088 4089AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4090 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4091#include <sys/types.h> 4092#include <netinet/in.h> 4093 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4094 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4095 [ ac_cv_have_struct_sockaddr_in6="no" 4096 ]) 4097]) 4098if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4099 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4100 [define if you have struct sockaddr_in6 data type]) 4101fi 4102 4103AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4104 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4105#include <sys/types.h> 4106#include <netinet/in.h> 4107 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4108 [ ac_cv_have_struct_in6_addr="yes" ], 4109 [ ac_cv_have_struct_in6_addr="no" 4110 ]) 4111]) 4112if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4113 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4114 [define if you have struct in6_addr data type]) 4115 4116dnl Now check for sin6_scope_id 4117 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4118 [ 4119#ifdef HAVE_SYS_TYPES_H 4120#include <sys/types.h> 4121#endif 4122#include <netinet/in.h> 4123 ]) 4124fi 4125 4126AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4127 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4128#include <sys/types.h> 4129#include <sys/socket.h> 4130#include <netdb.h> 4131 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4132 [ ac_cv_have_struct_addrinfo="yes" ], 4133 [ ac_cv_have_struct_addrinfo="no" 4134 ]) 4135]) 4136if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4137 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4138 [define if you have struct addrinfo data type]) 4139fi 4140 4141AC_HEADER_TIME 4142 4143AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4144 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4145 [[ struct timeval tv; tv.tv_sec = 1;]])], 4146 [ ac_cv_have_struct_timeval="yes" ], 4147 [ ac_cv_have_struct_timeval="no" 4148 ]) 4149]) 4150if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4151 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4152 have_struct_timeval=1 4153fi 4154 4155AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4156 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4157 #ifdef TIME_WITH_SYS_TIME 4158 # include <sys/time.h> 4159 # include <time.h> 4160 #else 4161 # ifdef HAVE_SYS_TIME_H 4162 # include <sys/time.h> 4163 # else 4164 # include <time.h> 4165 # endif 4166 #endif 4167 ]], 4168 [[ struct timespec ts; ts.tv_sec = 1;]])], 4169 [ ac_cv_have_struct_timespec="yes" ], 4170 [ ac_cv_have_struct_timespec="no" 4171 ]) 4172]) 4173if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4174 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4175 have_struct_timespec=1 4176fi 4177 4178# We need int64_t or else certain parts of the compile will fail. 4179if test "x$ac_cv_have_int64_t" = "xno" && \ 4180 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4181 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4182 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4183 echo "an alternative compiler (I.E., GCC) before continuing." 4184 echo "" 4185 exit 1; 4186else 4187dnl test snprintf (broken on SCO w/gcc) 4188 AC_RUN_IFELSE( 4189 [AC_LANG_SOURCE([[ 4190#include <stdio.h> 4191#include <stdlib.h> 4192#include <string.h> 4193#ifdef HAVE_SNPRINTF 4194main() 4195{ 4196 char buf[50]; 4197 char expected_out[50]; 4198 int mazsize = 50 ; 4199#if (SIZEOF_LONG_INT == 8) 4200 long int num = 0x7fffffffffffffff; 4201#else 4202 long long num = 0x7fffffffffffffffll; 4203#endif 4204 strcpy(expected_out, "9223372036854775807"); 4205 snprintf(buf, mazsize, "%lld", num); 4206 if(strcmp(buf, expected_out) != 0) 4207 exit(1); 4208 exit(0); 4209} 4210#else 4211main() { exit(0); } 4212#endif 4213 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4214 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4215 ) 4216fi 4217 4218dnl Checks for structure members 4219OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4220OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4221OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4222OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4223OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4224OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4225OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4226OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4227OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4228OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4229OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4230OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4231OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4232OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4233OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4234OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4235OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4236OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX]) 4237 4238AC_CHECK_MEMBERS([struct stat.st_blksize]) 4239AC_CHECK_MEMBERS([struct stat.st_mtim]) 4240AC_CHECK_MEMBERS([struct stat.st_mtime]) 4241AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4242struct passwd.pw_change, struct passwd.pw_expire], 4243[], [], [[ 4244#include <sys/types.h> 4245#include <pwd.h> 4246]]) 4247 4248AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4249 [Define if we don't have struct __res_state in resolv.h])], 4250[[ 4251#include <stdio.h> 4252#if HAVE_SYS_TYPES_H 4253# include <sys/types.h> 4254#endif 4255#include <netinet/in.h> 4256#include <arpa/nameser.h> 4257#include <resolv.h> 4258]]) 4259 4260AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4261 ac_cv_have_ss_family_in_struct_ss, [ 4262 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4263#include <sys/types.h> 4264#include <sys/socket.h> 4265 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4266 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4267 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4268]) 4269if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4270 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4271fi 4272 4273AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4274 ac_cv_have___ss_family_in_struct_ss, [ 4275 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4276#include <sys/types.h> 4277#include <sys/socket.h> 4278 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4279 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4280 [ ac_cv_have___ss_family_in_struct_ss="no" 4281 ]) 4282]) 4283if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4284 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4285 [Fields in struct sockaddr_storage]) 4286fi 4287 4288dnl make sure we're using the real structure members and not defines 4289AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4290 ac_cv_have_accrights_in_msghdr, [ 4291 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4292#include <sys/types.h> 4293#include <sys/socket.h> 4294#include <sys/uio.h> 4295#include <stdlib.h> 4296 ]], [[ 4297#ifdef msg_accrights 4298#error "msg_accrights is a macro" 4299exit(1); 4300#endif 4301struct msghdr m; 4302m.msg_accrights = 0; 4303exit(0); 4304 ]])], 4305 [ ac_cv_have_accrights_in_msghdr="yes" ], 4306 [ ac_cv_have_accrights_in_msghdr="no" ] 4307 ) 4308]) 4309if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4310 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4311 [Define if your system uses access rights style 4312 file descriptor passing]) 4313fi 4314 4315AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4316AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4317#include <sys/param.h> 4318#include <sys/stat.h> 4319#ifdef HAVE_SYS_TIME_H 4320# include <sys/time.h> 4321#endif 4322#ifdef HAVE_SYS_MOUNT_H 4323#include <sys/mount.h> 4324#endif 4325#ifdef HAVE_SYS_STATVFS_H 4326#include <sys/statvfs.h> 4327#endif 4328 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4329 [ AC_MSG_RESULT([yes]) ], 4330 [ AC_MSG_RESULT([no]) 4331 4332 AC_MSG_CHECKING([if fsid_t has member val]) 4333 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4334#include <sys/types.h> 4335#include <sys/statvfs.h> 4336 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4337 [ AC_MSG_RESULT([yes]) 4338 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4339 [ AC_MSG_RESULT([no]) ]) 4340 4341 AC_MSG_CHECKING([if f_fsid has member __val]) 4342 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4343#include <sys/types.h> 4344#include <sys/statvfs.h> 4345 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4346 [ AC_MSG_RESULT([yes]) 4347 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4348 [ AC_MSG_RESULT([no]) ]) 4349]) 4350 4351AC_CACHE_CHECK([for msg_control field in struct msghdr], 4352 ac_cv_have_control_in_msghdr, [ 4353 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4354#include <sys/types.h> 4355#include <sys/socket.h> 4356#include <sys/uio.h> 4357#include <stdlib.h> 4358 ]], [[ 4359#ifdef msg_control 4360#error "msg_control is a macro" 4361exit(1); 4362#endif 4363struct msghdr m; 4364m.msg_control = 0; 4365exit(0); 4366 ]])], 4367 [ ac_cv_have_control_in_msghdr="yes" ], 4368 [ ac_cv_have_control_in_msghdr="no" ] 4369 ) 4370]) 4371if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4372 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4373 [Define if your system uses ancillary data style 4374 file descriptor passing]) 4375fi 4376 4377AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4378 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4379 [[ extern char *__progname; printf("%s", __progname); ]])], 4380 [ ac_cv_libc_defines___progname="yes" ], 4381 [ ac_cv_libc_defines___progname="no" 4382 ]) 4383]) 4384if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4385 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4386fi 4387 4388AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4389 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4390 [[ printf("%s", __FUNCTION__); ]])], 4391 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4392 [ ac_cv_cc_implements___FUNCTION__="no" 4393 ]) 4394]) 4395if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4396 AC_DEFINE([HAVE___FUNCTION__], [1], 4397 [Define if compiler implements __FUNCTION__]) 4398fi 4399 4400AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4401 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4402 [[ printf("%s", __func__); ]])], 4403 [ ac_cv_cc_implements___func__="yes" ], 4404 [ ac_cv_cc_implements___func__="no" 4405 ]) 4406]) 4407if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4408 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4409fi 4410 4411AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4412 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4413#include <stdarg.h> 4414va_list x,y; 4415 ]], [[ va_copy(x,y); ]])], 4416 [ ac_cv_have_va_copy="yes" ], 4417 [ ac_cv_have_va_copy="no" 4418 ]) 4419]) 4420if test "x$ac_cv_have_va_copy" = "xyes" ; then 4421 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4422fi 4423 4424AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4425 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4426#include <stdarg.h> 4427va_list x,y; 4428 ]], [[ __va_copy(x,y); ]])], 4429 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4430 ]) 4431]) 4432if test "x$ac_cv_have___va_copy" = "xyes" ; then 4433 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4434fi 4435 4436AC_CACHE_CHECK([whether getopt has optreset support], 4437 ac_cv_have_getopt_optreset, [ 4438 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4439 [[ extern int optreset; optreset = 0; ]])], 4440 [ ac_cv_have_getopt_optreset="yes" ], 4441 [ ac_cv_have_getopt_optreset="no" 4442 ]) 4443]) 4444if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4445 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4446 [Define if your getopt(3) defines and uses optreset]) 4447fi 4448 4449AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4450 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4451[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4452 [ ac_cv_libc_defines_sys_errlist="yes" ], 4453 [ ac_cv_libc_defines_sys_errlist="no" 4454 ]) 4455]) 4456if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4457 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4458 [Define if your system defines sys_errlist[]]) 4459fi 4460 4461 4462AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4463 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4464[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4465 [ ac_cv_libc_defines_sys_nerr="yes" ], 4466 [ ac_cv_libc_defines_sys_nerr="no" 4467 ]) 4468]) 4469if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4470 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4471fi 4472 4473# Check libraries needed by DNS fingerprint support 4474AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4475 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4476 [Define if getrrsetbyname() exists])], 4477 [ 4478 # Needed by our getrrsetbyname() 4479 AC_SEARCH_LIBS([res_query], [resolv]) 4480 AC_SEARCH_LIBS([dn_expand], [resolv]) 4481 AC_MSG_CHECKING([if res_query will link]) 4482 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4483#include <sys/types.h> 4484#include <netinet/in.h> 4485#include <arpa/nameser.h> 4486#include <netdb.h> 4487#include <resolv.h> 4488 ]], [[ 4489 res_query (0, 0, 0, 0, 0); 4490 ]])], 4491 AC_MSG_RESULT([yes]), 4492 [AC_MSG_RESULT([no]) 4493 saved_LIBS="$LIBS" 4494 LIBS="$LIBS -lresolv" 4495 AC_MSG_CHECKING([for res_query in -lresolv]) 4496 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4497#include <sys/types.h> 4498#include <netinet/in.h> 4499#include <arpa/nameser.h> 4500#include <netdb.h> 4501#include <resolv.h> 4502 ]], [[ 4503 res_query (0, 0, 0, 0, 0); 4504 ]])], 4505 [AC_MSG_RESULT([yes])], 4506 [LIBS="$saved_LIBS" 4507 AC_MSG_RESULT([no])]) 4508 ]) 4509 AC_CHECK_FUNCS([_getshort _getlong]) 4510 AC_CHECK_DECLS([_getshort, _getlong], , , 4511 [#include <sys/types.h> 4512 #include <arpa/nameser.h>]) 4513 AC_CHECK_MEMBER([HEADER.ad], 4514 [AC_DEFINE([HAVE_HEADER_AD], [1], 4515 [Define if HEADER.ad exists in arpa/nameser.h])], , 4516 [#include <arpa/nameser.h>]) 4517 ]) 4518 4519AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4520AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4521#include <stdio.h> 4522#if HAVE_SYS_TYPES_H 4523# include <sys/types.h> 4524#endif 4525#include <netinet/in.h> 4526#include <arpa/nameser.h> 4527#include <resolv.h> 4528extern struct __res_state _res; 4529 ]], [[ 4530struct __res_state *volatile p = &_res; /* force resolution of _res */ 4531return 0; 4532 ]],)], 4533 [AC_MSG_RESULT([yes]) 4534 AC_DEFINE([HAVE__RES_EXTERN], [1], 4535 [Define if you have struct __res_state _res as an extern]) 4536 ], 4537 [ AC_MSG_RESULT([no]) ] 4538) 4539 4540# Check whether user wants SELinux support 4541SELINUX_MSG="no" 4542LIBSELINUX="" 4543AC_ARG_WITH([selinux], 4544 [ --with-selinux Enable SELinux support], 4545 [ if test "x$withval" != "xno" ; then 4546 save_LIBS="$LIBS" 4547 AC_DEFINE([WITH_SELINUX], [1], 4548 [Define if you want SELinux support.]) 4549 SELINUX_MSG="yes" 4550 AC_CHECK_HEADER([selinux/selinux.h], , 4551 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4552 AC_CHECK_LIB([selinux], [setexeccon], 4553 [ LIBSELINUX="-lselinux" 4554 LIBS="$LIBS -lselinux" 4555 ], 4556 AC_MSG_ERROR([SELinux support requires libselinux library])) 4557 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4558 LIBS="$save_LIBS $LIBSELINUX" 4559 fi ] 4560) 4561AC_SUBST([SSHDLIBS]) 4562 4563# Check whether user wants Kerberos 5 support 4564KRB5_MSG="no" 4565AC_ARG_WITH([kerberos5], 4566 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4567 [ if test "x$withval" != "xno" ; then 4568 if test "x$withval" = "xyes" ; then 4569 KRB5ROOT="/usr/local" 4570 else 4571 KRB5ROOT=${withval} 4572 fi 4573 4574 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4575 KRB5_MSG="yes" 4576 4577 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4578 [$KRB5ROOT/bin/krb5-config], 4579 [$KRB5ROOT/bin:$PATH]) 4580 if test -x $KRB5CONF ; then 4581 K5CFLAGS="`$KRB5CONF --cflags`" 4582 K5LIBS="`$KRB5CONF --libs`" 4583 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4584 4585 AC_MSG_CHECKING([for gssapi support]) 4586 if $KRB5CONF | grep gssapi >/dev/null ; then 4587 AC_MSG_RESULT([yes]) 4588 AC_DEFINE([GSSAPI], [1], 4589 [Define this if you want GSSAPI 4590 support in the version 2 protocol]) 4591 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4592 GSSLIBS="`$KRB5CONF --libs gssapi`" 4593 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4594 else 4595 AC_MSG_RESULT([no]) 4596 fi 4597 AC_MSG_CHECKING([whether we are using Heimdal]) 4598 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4599 ]], [[ char *tmp = heimdal_version; ]])], 4600 [ AC_MSG_RESULT([yes]) 4601 AC_DEFINE([HEIMDAL], [1], 4602 [Define this if you are using the Heimdal 4603 version of Kerberos V5]) ], 4604 [AC_MSG_RESULT([no]) 4605 ]) 4606 else 4607 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4608 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4609 AC_MSG_CHECKING([whether we are using Heimdal]) 4610 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4611 ]], [[ char *tmp = heimdal_version; ]])], 4612 [ AC_MSG_RESULT([yes]) 4613 AC_DEFINE([HEIMDAL]) 4614 K5LIBS="-lkrb5" 4615 K5LIBS="$K5LIBS -lcom_err -lasn1" 4616 AC_CHECK_LIB([roken], [net_write], 4617 [K5LIBS="$K5LIBS -lroken"]) 4618 AC_CHECK_LIB([des], [des_cbc_encrypt], 4619 [K5LIBS="$K5LIBS -ldes"]) 4620 ], [ AC_MSG_RESULT([no]) 4621 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4622 ]) 4623 AC_SEARCH_LIBS([dn_expand], [resolv]) 4624 4625 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4626 [ AC_DEFINE([GSSAPI]) 4627 GSSLIBS="-lgssapi_krb5" ], 4628 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4629 [ AC_DEFINE([GSSAPI]) 4630 GSSLIBS="-lgssapi" ], 4631 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4632 [ AC_DEFINE([GSSAPI]) 4633 GSSLIBS="-lgss" ], 4634 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4635 ]) 4636 ]) 4637 4638 AC_CHECK_HEADER([gssapi.h], , 4639 [ unset ac_cv_header_gssapi_h 4640 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4641 AC_CHECK_HEADERS([gssapi.h], , 4642 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4643 ) 4644 ] 4645 ) 4646 4647 oldCPP="$CPPFLAGS" 4648 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4649 AC_CHECK_HEADER([gssapi_krb5.h], , 4650 [ CPPFLAGS="$oldCPP" ]) 4651 4652 fi 4653 if test -n "${rpath_opt}" ; then 4654 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4655 fi 4656 if test ! -z "$blibpath" ; then 4657 blibpath="$blibpath:${KRB5ROOT}/lib" 4658 fi 4659 4660 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4661 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4662 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4663 4664 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4665 [Define this if you want to use libkafs' AFS support])]) 4666 4667 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4668#ifdef HAVE_GSSAPI_H 4669# include <gssapi.h> 4670#elif defined(HAVE_GSSAPI_GSSAPI_H) 4671# include <gssapi/gssapi.h> 4672#endif 4673 4674#ifdef HAVE_GSSAPI_GENERIC_H 4675# include <gssapi_generic.h> 4676#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4677# include <gssapi/gssapi_generic.h> 4678#endif 4679 ]]) 4680 saved_LIBS="$LIBS" 4681 LIBS="$LIBS $K5LIBS" 4682 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4683 LIBS="$saved_LIBS" 4684 4685 fi 4686 ] 4687) 4688AC_SUBST([GSSLIBS]) 4689AC_SUBST([K5LIBS]) 4690 4691# Looking for programs, paths and files 4692 4693PRIVSEP_PATH=/var/empty 4694AC_ARG_WITH([privsep-path], 4695 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4696 [ 4697 if test -n "$withval" && test "x$withval" != "xno" && \ 4698 test "x${withval}" != "xyes"; then 4699 PRIVSEP_PATH=$withval 4700 fi 4701 ] 4702) 4703AC_SUBST([PRIVSEP_PATH]) 4704 4705AC_ARG_WITH([xauth], 4706 [ --with-xauth=PATH Specify path to xauth program ], 4707 [ 4708 if test -n "$withval" && test "x$withval" != "xno" && \ 4709 test "x${withval}" != "xyes"; then 4710 xauth_path=$withval 4711 fi 4712 ], 4713 [ 4714 TestPath="$PATH" 4715 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4716 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4717 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4718 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4719 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4720 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4721 xauth_path="/usr/openwin/bin/xauth" 4722 fi 4723 ] 4724) 4725 4726STRIP_OPT=-s 4727AC_ARG_ENABLE([strip], 4728 [ --disable-strip Disable calling strip(1) on install], 4729 [ 4730 if test "x$enableval" = "xno" ; then 4731 STRIP_OPT= 4732 fi 4733 ] 4734) 4735AC_SUBST([STRIP_OPT]) 4736 4737if test -z "$xauth_path" ; then 4738 XAUTH_PATH="undefined" 4739 AC_SUBST([XAUTH_PATH]) 4740else 4741 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4742 [Define if xauth is found in your path]) 4743 XAUTH_PATH=$xauth_path 4744 AC_SUBST([XAUTH_PATH]) 4745fi 4746 4747dnl # --with-maildir=/path/to/mail gets top priority. 4748dnl # if maildir is set in the platform case statement above we use that. 4749dnl # Otherwise we run a program to get the dir from system headers. 4750dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4751dnl # If we find _PATH_MAILDIR we do nothing because that is what 4752dnl # session.c expects anyway. Otherwise we set to the value found 4753dnl # stripping any trailing slash. If for some strage reason our program 4754dnl # does not find what it needs, we default to /var/spool/mail. 4755# Check for mail directory 4756AC_ARG_WITH([maildir], 4757 [ --with-maildir=/path/to/mail Specify your system mail directory], 4758 [ 4759 if test "X$withval" != X && test "x$withval" != xno && \ 4760 test "x${withval}" != xyes; then 4761 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4762 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4763 fi 4764 ],[ 4765 if test "X$maildir" != "X"; then 4766 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4767 else 4768 AC_MSG_CHECKING([Discovering system mail directory]) 4769 AC_RUN_IFELSE( 4770 [AC_LANG_PROGRAM([[ 4771#include <stdio.h> 4772#include <stdlib.h> 4773#include <string.h> 4774#ifdef HAVE_PATHS_H 4775#include <paths.h> 4776#endif 4777#ifdef HAVE_MAILLOCK_H 4778#include <maillock.h> 4779#endif 4780#define DATA "conftest.maildir" 4781 ]], [[ 4782 FILE *fd; 4783 int rc; 4784 4785 fd = fopen(DATA,"w"); 4786 if(fd == NULL) 4787 exit(1); 4788 4789#if defined (_PATH_MAILDIR) 4790 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4791 exit(1); 4792#elif defined (MAILDIR) 4793 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4794 exit(1); 4795#elif defined (_PATH_MAIL) 4796 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4797 exit(1); 4798#else 4799 exit (2); 4800#endif 4801 4802 exit(0); 4803 ]])], 4804 [ 4805 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4806 maildir=`awk -F: '{print $2}' conftest.maildir \ 4807 | sed 's|/$||'` 4808 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4809 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4810 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4811 fi 4812 ], 4813 [ 4814 if test "X$ac_status" = "X2";then 4815# our test program didn't find it. Default to /var/spool/mail 4816 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4817 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4818 else 4819 AC_MSG_RESULT([*** not found ***]) 4820 fi 4821 ], 4822 [ 4823 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4824 ] 4825 ) 4826 fi 4827 ] 4828) # maildir 4829 4830if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4831 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4832 disable_ptmx_check=yes 4833fi 4834if test -z "$no_dev_ptmx" ; then 4835 if test "x$disable_ptmx_check" != "xyes" ; then 4836 AC_CHECK_FILE(["/dev/ptmx"], 4837 [ 4838 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4839 [Define if you have /dev/ptmx]) 4840 have_dev_ptmx=1 4841 ] 4842 ) 4843 fi 4844fi 4845 4846if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4847 AC_CHECK_FILE(["/dev/ptc"], 4848 [ 4849 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4850 [Define if you have /dev/ptc]) 4851 have_dev_ptc=1 4852 ] 4853 ) 4854else 4855 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4856fi 4857 4858# Options from here on. Some of these are preset by platform above 4859AC_ARG_WITH([mantype], 4860 [ --with-mantype=man|cat|doc Set man page type], 4861 [ 4862 case "$withval" in 4863 man|cat|doc) 4864 MANTYPE=$withval 4865 ;; 4866 *) 4867 AC_MSG_ERROR([invalid man type: $withval]) 4868 ;; 4869 esac 4870 ] 4871) 4872if test -z "$MANTYPE"; then 4873 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 4874 MANTYPE=doc 4875 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4876 MANTYPE=doc 4877 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4878 MANTYPE=man 4879 else 4880 MANTYPE=cat 4881 fi 4882fi 4883AC_SUBST([MANTYPE]) 4884if test "$MANTYPE" = "doc"; then 4885 mansubdir=man; 4886else 4887 mansubdir=$MANTYPE; 4888fi 4889AC_SUBST([mansubdir]) 4890 4891# Check whether to enable MD5 passwords 4892MD5_MSG="no" 4893AC_ARG_WITH([md5-passwords], 4894 [ --with-md5-passwords Enable use of MD5 passwords], 4895 [ 4896 if test "x$withval" != "xno" ; then 4897 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4898 [Define if you want to allow MD5 passwords]) 4899 MD5_MSG="yes" 4900 fi 4901 ] 4902) 4903 4904# Whether to disable shadow password support 4905AC_ARG_WITH([shadow], 4906 [ --without-shadow Disable shadow password support], 4907 [ 4908 if test "x$withval" = "xno" ; then 4909 AC_DEFINE([DISABLE_SHADOW]) 4910 disable_shadow=yes 4911 fi 4912 ] 4913) 4914 4915if test -z "$disable_shadow" ; then 4916 AC_MSG_CHECKING([if the systems has expire shadow information]) 4917 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4918#include <sys/types.h> 4919#include <shadow.h> 4920struct spwd sp; 4921 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4922 [ sp_expire_available=yes ], [ 4923 ]) 4924 4925 if test "x$sp_expire_available" = "xyes" ; then 4926 AC_MSG_RESULT([yes]) 4927 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4928 [Define if you want to use shadow password expire field]) 4929 else 4930 AC_MSG_RESULT([no]) 4931 fi 4932fi 4933 4934# Use ip address instead of hostname in $DISPLAY 4935if test ! -z "$IPADDR_IN_DISPLAY" ; then 4936 DISPLAY_HACK_MSG="yes" 4937 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4938 [Define if you need to use IP address 4939 instead of hostname in $DISPLAY]) 4940else 4941 DISPLAY_HACK_MSG="no" 4942 AC_ARG_WITH([ipaddr-display], 4943 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 4944 [ 4945 if test "x$withval" != "xno" ; then 4946 AC_DEFINE([IPADDR_IN_DISPLAY]) 4947 DISPLAY_HACK_MSG="yes" 4948 fi 4949 ] 4950 ) 4951fi 4952 4953# check for /etc/default/login and use it if present. 4954AC_ARG_ENABLE([etc-default-login], 4955 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4956 [ if test "x$enableval" = "xno"; then 4957 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4958 etc_default_login=no 4959 else 4960 etc_default_login=yes 4961 fi ], 4962 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4963 then 4964 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4965 etc_default_login=no 4966 else 4967 etc_default_login=yes 4968 fi ] 4969) 4970 4971if test "x$etc_default_login" != "xno"; then 4972 AC_CHECK_FILE(["/etc/default/login"], 4973 [ external_path_file=/etc/default/login ]) 4974 if test "x$external_path_file" = "x/etc/default/login"; then 4975 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4976 [Define if your system has /etc/default/login]) 4977 fi 4978fi 4979 4980dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4981if test $ac_cv_func_login_getcapbool = "yes" && \ 4982 test $ac_cv_header_login_cap_h = "yes" ; then 4983 external_path_file=/etc/login.conf 4984fi 4985 4986# Whether to mess with the default path 4987SERVER_PATH_MSG="(default)" 4988AC_ARG_WITH([default-path], 4989 [ --with-default-path= Specify default $PATH environment for server], 4990 [ 4991 if test "x$external_path_file" = "x/etc/login.conf" ; then 4992 AC_MSG_WARN([ 4993--with-default-path=PATH has no effect on this system. 4994Edit /etc/login.conf instead.]) 4995 elif test "x$withval" != "xno" ; then 4996 if test ! -z "$external_path_file" ; then 4997 AC_MSG_WARN([ 4998--with-default-path=PATH will only be used if PATH is not defined in 4999$external_path_file .]) 5000 fi 5001 user_path="$withval" 5002 SERVER_PATH_MSG="$withval" 5003 fi 5004 ], 5005 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 5006 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 5007 else 5008 if test ! -z "$external_path_file" ; then 5009 AC_MSG_WARN([ 5010If PATH is defined in $external_path_file, ensure the path to scp is included, 5011otherwise scp will not work.]) 5012 fi 5013 AC_RUN_IFELSE( 5014 [AC_LANG_PROGRAM([[ 5015/* find out what STDPATH is */ 5016#include <stdio.h> 5017#include <stdlib.h> 5018#ifdef HAVE_PATHS_H 5019# include <paths.h> 5020#endif 5021#ifndef _PATH_STDPATH 5022# ifdef _PATH_USERPATH /* Irix */ 5023# define _PATH_STDPATH _PATH_USERPATH 5024# else 5025# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 5026# endif 5027#endif 5028#include <sys/types.h> 5029#include <sys/stat.h> 5030#include <fcntl.h> 5031#define DATA "conftest.stdpath" 5032 ]], [[ 5033 FILE *fd; 5034 int rc; 5035 5036 fd = fopen(DATA,"w"); 5037 if(fd == NULL) 5038 exit(1); 5039 5040 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5041 exit(1); 5042 5043 exit(0); 5044 ]])], 5045 [ user_path=`cat conftest.stdpath` ], 5046 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5047 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5048 ) 5049# make sure $bindir is in USER_PATH so scp will work 5050 t_bindir="${bindir}" 5051 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5052 t_bindir=`eval echo ${t_bindir}` 5053 case $t_bindir in 5054 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5055 esac 5056 case $t_bindir in 5057 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5058 esac 5059 done 5060 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5061 if test $? -ne 0 ; then 5062 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5063 if test $? -ne 0 ; then 5064 user_path=$user_path:$t_bindir 5065 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5066 fi 5067 fi 5068 fi ] 5069) 5070if test "x$external_path_file" != "x/etc/login.conf" ; then 5071 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5072 AC_SUBST([user_path]) 5073fi 5074 5075# Set superuser path separately to user path 5076AC_ARG_WITH([superuser-path], 5077 [ --with-superuser-path= Specify different path for super-user], 5078 [ 5079 if test -n "$withval" && test "x$withval" != "xno" && \ 5080 test "x${withval}" != "xyes"; then 5081 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5082 [Define if you want a different $PATH 5083 for the superuser]) 5084 superuser_path=$withval 5085 fi 5086 ] 5087) 5088 5089 5090AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5091IPV4_IN6_HACK_MSG="no" 5092AC_ARG_WITH(4in6, 5093 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5094 [ 5095 if test "x$withval" != "xno" ; then 5096 AC_MSG_RESULT([yes]) 5097 AC_DEFINE([IPV4_IN_IPV6], [1], 5098 [Detect IPv4 in IPv6 mapped addresses 5099 and treat as IPv4]) 5100 IPV4_IN6_HACK_MSG="yes" 5101 else 5102 AC_MSG_RESULT([no]) 5103 fi 5104 ], [ 5105 if test "x$inet6_default_4in6" = "xyes"; then 5106 AC_MSG_RESULT([yes (default)]) 5107 AC_DEFINE([IPV4_IN_IPV6]) 5108 IPV4_IN6_HACK_MSG="yes" 5109 else 5110 AC_MSG_RESULT([no (default)]) 5111 fi 5112 ] 5113) 5114 5115# Whether to enable BSD auth support 5116BSD_AUTH_MSG=no 5117AC_ARG_WITH([bsd-auth], 5118 [ --with-bsd-auth Enable BSD auth support], 5119 [ 5120 if test "x$withval" != "xno" ; then 5121 AC_DEFINE([BSD_AUTH], [1], 5122 [Define if you have BSD auth support]) 5123 BSD_AUTH_MSG=yes 5124 fi 5125 ] 5126) 5127 5128# Where to place sshd.pid 5129piddir=/var/run 5130# make sure the directory exists 5131if test ! -d $piddir ; then 5132 piddir=`eval echo ${sysconfdir}` 5133 case $piddir in 5134 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5135 esac 5136fi 5137 5138AC_ARG_WITH([pid-dir], 5139 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5140 [ 5141 if test -n "$withval" && test "x$withval" != "xno" && \ 5142 test "x${withval}" != "xyes"; then 5143 piddir=$withval 5144 if test ! -d $piddir ; then 5145 AC_MSG_WARN([** no $piddir directory on this system **]) 5146 fi 5147 fi 5148 ] 5149) 5150 5151AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5152 [Specify location of ssh.pid]) 5153AC_SUBST([piddir]) 5154 5155dnl allow user to disable some login recording features 5156AC_ARG_ENABLE([lastlog], 5157 [ --disable-lastlog disable use of lastlog even if detected [no]], 5158 [ 5159 if test "x$enableval" = "xno" ; then 5160 AC_DEFINE([DISABLE_LASTLOG]) 5161 fi 5162 ] 5163) 5164AC_ARG_ENABLE([utmp], 5165 [ --disable-utmp disable use of utmp even if detected [no]], 5166 [ 5167 if test "x$enableval" = "xno" ; then 5168 AC_DEFINE([DISABLE_UTMP]) 5169 fi 5170 ] 5171) 5172AC_ARG_ENABLE([utmpx], 5173 [ --disable-utmpx disable use of utmpx even if detected [no]], 5174 [ 5175 if test "x$enableval" = "xno" ; then 5176 AC_DEFINE([DISABLE_UTMPX], [1], 5177 [Define if you don't want to use utmpx]) 5178 fi 5179 ] 5180) 5181AC_ARG_ENABLE([wtmp], 5182 [ --disable-wtmp disable use of wtmp even if detected [no]], 5183 [ 5184 if test "x$enableval" = "xno" ; then 5185 AC_DEFINE([DISABLE_WTMP]) 5186 fi 5187 ] 5188) 5189AC_ARG_ENABLE([wtmpx], 5190 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5191 [ 5192 if test "x$enableval" = "xno" ; then 5193 AC_DEFINE([DISABLE_WTMPX], [1], 5194 [Define if you don't want to use wtmpx]) 5195 fi 5196 ] 5197) 5198AC_ARG_ENABLE([libutil], 5199 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5200 [ 5201 if test "x$enableval" = "xno" ; then 5202 AC_DEFINE([DISABLE_LOGIN]) 5203 fi 5204 ] 5205) 5206AC_ARG_ENABLE([pututline], 5207 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5208 [ 5209 if test "x$enableval" = "xno" ; then 5210 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5211 [Define if you don't want to use pututline() 5212 etc. to write [uw]tmp]) 5213 fi 5214 ] 5215) 5216AC_ARG_ENABLE([pututxline], 5217 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5218 [ 5219 if test "x$enableval" = "xno" ; then 5220 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5221 [Define if you don't want to use pututxline() 5222 etc. to write [uw]tmpx]) 5223 fi 5224 ] 5225) 5226AC_ARG_WITH([lastlog], 5227 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5228 [ 5229 if test "x$withval" = "xno" ; then 5230 AC_DEFINE([DISABLE_LASTLOG]) 5231 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5232 conf_lastlog_location=$withval 5233 fi 5234 ] 5235) 5236 5237dnl lastlog, [uw]tmpx? detection 5238dnl NOTE: set the paths in the platform section to avoid the 5239dnl need for command-line parameters 5240dnl lastlog and [uw]tmp are subject to a file search if all else fails 5241 5242dnl lastlog detection 5243dnl NOTE: the code itself will detect if lastlog is a directory 5244AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5245AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5246#include <sys/types.h> 5247#include <utmp.h> 5248#ifdef HAVE_LASTLOG_H 5249# include <lastlog.h> 5250#endif 5251#ifdef HAVE_PATHS_H 5252# include <paths.h> 5253#endif 5254#ifdef HAVE_LOGIN_H 5255# include <login.h> 5256#endif 5257 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5258 [ AC_MSG_RESULT([yes]) ], 5259 [ 5260 AC_MSG_RESULT([no]) 5261 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5262 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5263#include <sys/types.h> 5264#include <utmp.h> 5265#ifdef HAVE_LASTLOG_H 5266# include <lastlog.h> 5267#endif 5268#ifdef HAVE_PATHS_H 5269# include <paths.h> 5270#endif 5271 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5272 [ AC_MSG_RESULT([yes]) ], 5273 [ 5274 AC_MSG_RESULT([no]) 5275 system_lastlog_path=no 5276 ]) 5277]) 5278 5279if test -z "$conf_lastlog_location"; then 5280 if test x"$system_lastlog_path" = x"no" ; then 5281 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5282 if (test -d "$f" || test -f "$f") ; then 5283 conf_lastlog_location=$f 5284 fi 5285 done 5286 if test -z "$conf_lastlog_location"; then 5287 AC_MSG_WARN([** Cannot find lastlog **]) 5288 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5289 fi 5290 fi 5291fi 5292 5293if test -n "$conf_lastlog_location"; then 5294 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5295 [Define if you want to specify the path to your lastlog file]) 5296fi 5297 5298dnl utmp detection 5299AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5300AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5301#include <sys/types.h> 5302#include <utmp.h> 5303#ifdef HAVE_PATHS_H 5304# include <paths.h> 5305#endif 5306 ]], [[ char *utmp = UTMP_FILE; ]])], 5307 [ AC_MSG_RESULT([yes]) ], 5308 [ AC_MSG_RESULT([no]) 5309 system_utmp_path=no 5310]) 5311if test -z "$conf_utmp_location"; then 5312 if test x"$system_utmp_path" = x"no" ; then 5313 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5314 if test -f $f ; then 5315 conf_utmp_location=$f 5316 fi 5317 done 5318 if test -z "$conf_utmp_location"; then 5319 AC_DEFINE([DISABLE_UTMP]) 5320 fi 5321 fi 5322fi 5323if test -n "$conf_utmp_location"; then 5324 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5325 [Define if you want to specify the path to your utmp file]) 5326fi 5327 5328dnl wtmp detection 5329AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5330AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5331#include <sys/types.h> 5332#include <utmp.h> 5333#ifdef HAVE_PATHS_H 5334# include <paths.h> 5335#endif 5336 ]], [[ char *wtmp = WTMP_FILE; ]])], 5337 [ AC_MSG_RESULT([yes]) ], 5338 [ AC_MSG_RESULT([no]) 5339 system_wtmp_path=no 5340]) 5341if test -z "$conf_wtmp_location"; then 5342 if test x"$system_wtmp_path" = x"no" ; then 5343 for f in /usr/adm/wtmp /var/log/wtmp; do 5344 if test -f $f ; then 5345 conf_wtmp_location=$f 5346 fi 5347 done 5348 if test -z "$conf_wtmp_location"; then 5349 AC_DEFINE([DISABLE_WTMP]) 5350 fi 5351 fi 5352fi 5353if test -n "$conf_wtmp_location"; then 5354 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5355 [Define if you want to specify the path to your wtmp file]) 5356fi 5357 5358dnl wtmpx detection 5359AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5360AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5361#include <sys/types.h> 5362#include <utmp.h> 5363#ifdef HAVE_UTMPX_H 5364#include <utmpx.h> 5365#endif 5366#ifdef HAVE_PATHS_H 5367# include <paths.h> 5368#endif 5369 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5370 [ AC_MSG_RESULT([yes]) ], 5371 [ AC_MSG_RESULT([no]) 5372 system_wtmpx_path=no 5373]) 5374if test -z "$conf_wtmpx_location"; then 5375 if test x"$system_wtmpx_path" = x"no" ; then 5376 AC_DEFINE([DISABLE_WTMPX]) 5377 fi 5378else 5379 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5380 [Define if you want to specify the path to your wtmpx file]) 5381fi 5382 5383 5384if test ! -z "$blibpath" ; then 5385 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5386 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5387fi 5388 5389AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5390 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5391 AC_DEFINE([DISABLE_LASTLOG]) 5392 fi 5393 ], [ 5394#ifdef HAVE_SYS_TYPES_H 5395#include <sys/types.h> 5396#endif 5397#ifdef HAVE_UTMP_H 5398#include <utmp.h> 5399#endif 5400#ifdef HAVE_UTMPX_H 5401#include <utmpx.h> 5402#endif 5403#ifdef HAVE_LASTLOG_H 5404#include <lastlog.h> 5405#endif 5406 ]) 5407 5408AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5409 AC_DEFINE([DISABLE_UTMP]) 5410 AC_DEFINE([DISABLE_WTMP]) 5411 ], [ 5412#ifdef HAVE_SYS_TYPES_H 5413#include <sys/types.h> 5414#endif 5415#ifdef HAVE_UTMP_H 5416#include <utmp.h> 5417#endif 5418#ifdef HAVE_UTMPX_H 5419#include <utmpx.h> 5420#endif 5421#ifdef HAVE_LASTLOG_H 5422#include <lastlog.h> 5423#endif 5424 ]) 5425 5426dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5427dnl Add now. 5428CFLAGS="$CFLAGS $werror_flags" 5429 5430if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5431 TEST_SSH_IPV6=no 5432else 5433 TEST_SSH_IPV6=yes 5434fi 5435AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5436AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5437AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5438AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5439AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5440AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5441 5442CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5443LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5444 5445# Make a copy of CFLAGS/LDFLAGS without PIE options. 5446LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5447CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5448AC_SUBST([LDFLAGS_NOPIE]) 5449AC_SUBST([CFLAGS_NOPIE]) 5450 5451AC_EXEEXT 5452AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5453 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5454 survey.sh]) 5455AC_OUTPUT 5456 5457# Print summary of options 5458 5459# Someone please show me a better way :) 5460A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5461B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5462C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5463D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5464E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5465F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5466G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5467H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5468I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5469J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5470 5471echo "" 5472echo "OpenSSH has been configured with the following options:" 5473echo " User binaries: $B" 5474echo " System binaries: $C" 5475echo " Configuration files: $D" 5476echo " Askpass program: $E" 5477echo " Manual pages: $F" 5478echo " PID file: $G" 5479echo " Privilege separation chroot path: $H" 5480if test "x$external_path_file" = "x/etc/login.conf" ; then 5481echo " At runtime, sshd will use the path defined in $external_path_file" 5482echo " Make sure the path to scp is present, otherwise scp will not work" 5483else 5484echo " sshd default user PATH: $I" 5485 if test ! -z "$external_path_file"; then 5486echo " (If PATH is set in $external_path_file it will be used instead. If" 5487echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5488 fi 5489fi 5490if test ! -z "$superuser_path" ; then 5491echo " sshd superuser user PATH: $J" 5492fi 5493echo " Manpage format: $MANTYPE" 5494echo " PAM support: $PAM_MSG" 5495echo " OSF SIA support: $SIA_MSG" 5496echo " KerberosV support: $KRB5_MSG" 5497echo " SELinux support: $SELINUX_MSG" 5498echo " MD5 password support: $MD5_MSG" 5499echo " libedit support: $LIBEDIT_MSG" 5500echo " libldns support: $LDNS_MSG" 5501echo " Solaris process contract support: $SPC_MSG" 5502echo " Solaris project support: $SP_MSG" 5503echo " Solaris privilege support: $SPP_MSG" 5504echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5505echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5506echo " BSD Auth support: $BSD_AUTH_MSG" 5507echo " Random number source: $RAND_MSG" 5508echo " Privsep sandbox style: $SANDBOX_STYLE" 5509echo " PKCS#11 support: $enable_pkcs11" 5510echo " U2F/FIDO support: $enable_sk" 5511 5512echo "" 5513 5514echo " Host: ${host}" 5515echo " Compiler: ${CC}" 5516echo " Compiler flags: ${CFLAGS}" 5517echo "Preprocessor flags: ${CPPFLAGS}" 5518echo " Linker flags: ${LDFLAGS}" 5519echo " Libraries: ${LIBS}" 5520if test ! -z "${SSHDLIBS}"; then 5521echo " +for sshd: ${SSHDLIBS}" 5522fi 5523 5524echo "" 5525 5526if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5527 echo "SVR4 style packages are supported with \"make package\"" 5528 echo "" 5529fi 5530 5531if test "x$PAM_MSG" = "xyes" ; then 5532 echo "PAM is enabled. You may need to install a PAM control file " 5533 echo "for sshd, otherwise password authentication may fail. " 5534 echo "Example PAM control files can be found in the contrib/ " 5535 echo "subdirectory" 5536 echo "" 5537fi 5538 5539if test ! -z "$NO_PEERCHECK" ; then 5540 echo "WARNING: the operating system that you are using does not" 5541 echo "appear to support getpeereid(), getpeerucred() or the" 5542 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5543 echo "enforce security checks to prevent unauthorised connections to" 5544 echo "ssh-agent. Their absence increases the risk that a malicious" 5545 echo "user can connect to your agent." 5546 echo "" 5547fi 5548 5549if test "$AUDIT_MODULE" = "bsm" ; then 5550 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5551 echo "See the Solaris section in README.platform for details." 5552fi 5553