1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_REVISION($Revision: 1.583 $) 18AC_CONFIG_SRCDIR([ssh.c]) 19AC_LANG([C]) 20 21AC_CONFIG_HEADER([config.h]) 22AC_PROG_CC([cc gcc]) 23AC_CANONICAL_HOST 24AC_C_BIGENDIAN 25 26# Checks for programs. 27AC_PROG_AWK 28AC_PROG_CPP 29AC_PROG_RANLIB 30AC_PROG_INSTALL 31AC_PROG_EGREP 32AC_PROG_MKDIR_P 33AC_CHECK_TOOLS([AR], [ar]) 34AC_PATH_PROG([CAT], [cat]) 35AC_PATH_PROG([KILL], [kill]) 36AC_PATH_PROG([SED], [sed]) 37AC_PATH_PROG([ENT], [ent]) 38AC_SUBST([ENT]) 39AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 40AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 41AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 42AC_PATH_PROG([SH], [sh]) 43AC_PATH_PROG([GROFF], [groff]) 44AC_PATH_PROG([NROFF], [nroff awf]) 45AC_PATH_PROG([MANDOC], [mandoc]) 46AC_SUBST([TEST_SHELL], [sh]) 47 48dnl select manpage formatter to be used to build "cat" format pages. 49if test "x$MANDOC" != "x" ; then 50 MANFMT="$MANDOC" 51elif test "x$NROFF" != "x" ; then 52 MANFMT="$NROFF -mandoc" 53elif test "x$GROFF" != "x" ; then 54 MANFMT="$GROFF -mandoc -Tascii" 55else 56 AC_MSG_WARN([no manpage formatter found]) 57 MANFMT="false" 58fi 59AC_SUBST([MANFMT]) 60 61dnl for buildpkg.sh 62AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 63 [/usr/sbin${PATH_SEPARATOR}/etc]) 64AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 65 [/usr/sbin${PATH_SEPARATOR}/etc]) 66AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 67if test -x /sbin/sh; then 68 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 69else 70 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 71fi 72 73# System features 74AC_SYS_LARGEFILE 75 76if test -z "$AR" ; then 77 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 78fi 79 80AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 81if test ! -z "$PATH_PASSWD_PROG" ; then 82 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 83 [Full path of your "passwd" program]) 84fi 85 86dnl Since autoconf doesn't support it very well, we no longer allow users to 87dnl override LD, however keeping the hook here for now in case there's a use 88dnl use case we overlooked and someone needs to re-enable it. Unless a good 89dnl reason is found we'll be removing this in future. 90LD="$CC" 91AC_SUBST([LD]) 92 93AC_C_INLINE 94 95AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 96AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 97AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 98 #include <sys/types.h> 99 #include <sys/param.h> 100 #include <dev/systrace.h> 101]) 102AC_CHECK_DECL([RLIMIT_NPROC], 103 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 104 #include <sys/types.h> 105 #include <sys/resource.h> 106]) 107AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 108 #include <sys/types.h> 109 #include <linux/prctl.h> 110]) 111 112openssl=yes 113AC_ARG_WITH([openssl], 114 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 115 [ if test "x$withval" = "xno" ; then 116 openssl=no 117 fi 118 ] 119) 120AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 121if test "x$openssl" = "xyes" ; then 122 AC_MSG_RESULT([yes]) 123 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 124else 125 AC_MSG_RESULT([no]) 126fi 127 128use_stack_protector=1 129use_toolchain_hardening=1 130AC_ARG_WITH([stackprotect], 131 [ --without-stackprotect Don't use compiler's stack protection], [ 132 if test "x$withval" = "xno"; then 133 use_stack_protector=0 134 fi ]) 135AC_ARG_WITH([hardening], 136 [ --without-hardening Don't use toolchain hardening flags], [ 137 if test "x$withval" = "xno"; then 138 use_toolchain_hardening=0 139 fi ]) 140 141# We use -Werror for the tests only so that we catch warnings like "this is 142# on by default" for things like -fPIE. 143AC_MSG_CHECKING([if $CC supports -Werror]) 144saved_CFLAGS="$CFLAGS" 145CFLAGS="$CFLAGS -Werror" 146AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 147 [ AC_MSG_RESULT([yes]) 148 WERROR="-Werror"], 149 [ AC_MSG_RESULT([no]) 150 WERROR="" ] 151) 152CFLAGS="$saved_CFLAGS" 153 154if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 155 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 156 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 157 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 158 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 159 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 160 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 161 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 162 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 163 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 164 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 165 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 166 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 167 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 168 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 169 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 170 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 171 if test "x$use_toolchain_hardening" = "x1"; then 172 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 173 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 174 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 175 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 176 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 177 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 178 # NB. -ftrapv expects certain support functions to be present in 179 # the compiler library (libgcc or similar) to detect integer operations 180 # that can overflow. We must check that the result of enabling it 181 # actually links. The test program compiled/linked includes a number 182 # of integer operations that should exercise this. 183 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 184 fi 185 AC_MSG_CHECKING([gcc version]) 186 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 187 case $GCC_VER in 188 1.*) no_attrib_nonnull=1 ;; 189 2.8* | 2.9*) 190 no_attrib_nonnull=1 191 ;; 192 2.*) no_attrib_nonnull=1 ;; 193 *) ;; 194 esac 195 AC_MSG_RESULT([$GCC_VER]) 196 197 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 198 saved_CFLAGS="$CFLAGS" 199 CFLAGS="$CFLAGS -fno-builtin-memset" 200 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 201 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 202 [ AC_MSG_RESULT([yes]) ], 203 [ AC_MSG_RESULT([no]) 204 CFLAGS="$saved_CFLAGS" ] 205 ) 206 207 # -fstack-protector-all doesn't always work for some GCC versions 208 # and/or platforms, so we test if we can. If it's not supported 209 # on a given platform gcc will emit a warning so we use -Werror. 210 if test "x$use_stack_protector" = "x1"; then 211 for t in -fstack-protector-strong -fstack-protector-all \ 212 -fstack-protector; do 213 AC_MSG_CHECKING([if $CC supports $t]) 214 saved_CFLAGS="$CFLAGS" 215 saved_LDFLAGS="$LDFLAGS" 216 CFLAGS="$CFLAGS $t -Werror" 217 LDFLAGS="$LDFLAGS $t -Werror" 218 AC_LINK_IFELSE( 219 [AC_LANG_PROGRAM([[ 220 #include <stdio.h> 221 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 222 ]], 223 [[ 224 char x[256]; 225 snprintf(x, sizeof(x), "XXX%d", func(1)); 226 ]])], 227 [ AC_MSG_RESULT([yes]) 228 CFLAGS="$saved_CFLAGS $t" 229 LDFLAGS="$saved_LDFLAGS $t" 230 AC_MSG_CHECKING([if $t works]) 231 AC_RUN_IFELSE( 232 [AC_LANG_PROGRAM([[ 233 #include <stdio.h> 234 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 235 ]], 236 [[ 237 char x[256]; 238 snprintf(x, sizeof(x), "XXX%d", func(1)); 239 ]])], 240 [ AC_MSG_RESULT([yes]) 241 break ], 242 [ AC_MSG_RESULT([no]) ], 243 [ AC_MSG_WARN([cross compiling: cannot test]) 244 break ] 245 ) 246 ], 247 [ AC_MSG_RESULT([no]) ] 248 ) 249 CFLAGS="$saved_CFLAGS" 250 LDFLAGS="$saved_LDFLAGS" 251 done 252 fi 253 254 if test -z "$have_llong_max"; then 255 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 256 unset ac_cv_have_decl_LLONG_MAX 257 saved_CFLAGS="$CFLAGS" 258 CFLAGS="$CFLAGS -std=gnu99" 259 AC_CHECK_DECL([LLONG_MAX], 260 [have_llong_max=1], 261 [CFLAGS="$saved_CFLAGS"], 262 [#include <limits.h>] 263 ) 264 fi 265fi 266 267AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 268AC_COMPILE_IFELSE( 269 [AC_LANG_PROGRAM([[ 270#include <stdlib.h> 271__attribute__((__unused__)) static void foo(void){return;}]], 272 [[ exit(0); ]])], 273 [ AC_MSG_RESULT([yes]) ], 274 [ AC_MSG_RESULT([no]) 275 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 276 [compiler does not accept __attribute__ on return types]) ] 277) 278 279AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 280AC_COMPILE_IFELSE( 281 [AC_LANG_PROGRAM([[ 282#include <stdlib.h> 283typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 284 [[ exit(0); ]])], 285 [ AC_MSG_RESULT([yes]) ], 286 [ AC_MSG_RESULT([no]) 287 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 288 [compiler does not accept __attribute__ on prototype args]) ] 289) 290 291if test "x$no_attrib_nonnull" != "x1" ; then 292 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 293fi 294 295AC_ARG_WITH([rpath], 296 [ --without-rpath Disable auto-added -R linker paths], 297 [ 298 if test "x$withval" = "xno" ; then 299 rpath_opt="" 300 elif test "x$withval" = "xyes" ; then 301 rpath_opt="-R" 302 else 303 rpath_opt="$withval" 304 fi 305 ] 306) 307 308# Allow user to specify flags 309AC_ARG_WITH([cflags], 310 [ --with-cflags Specify additional flags to pass to compiler], 311 [ 312 if test -n "$withval" && test "x$withval" != "xno" && \ 313 test "x${withval}" != "xyes"; then 314 CFLAGS="$CFLAGS $withval" 315 fi 316 ] 317) 318 319AC_ARG_WITH([cflags-after], 320 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 321 [ 322 if test -n "$withval" && test "x$withval" != "xno" && \ 323 test "x${withval}" != "xyes"; then 324 CFLAGS_AFTER="$withval" 325 fi 326 ] 327) 328AC_ARG_WITH([cppflags], 329 [ --with-cppflags Specify additional flags to pass to preprocessor] , 330 [ 331 if test -n "$withval" && test "x$withval" != "xno" && \ 332 test "x${withval}" != "xyes"; then 333 CPPFLAGS="$CPPFLAGS $withval" 334 fi 335 ] 336) 337AC_ARG_WITH([ldflags], 338 [ --with-ldflags Specify additional flags to pass to linker], 339 [ 340 if test -n "$withval" && test "x$withval" != "xno" && \ 341 test "x${withval}" != "xyes"; then 342 LDFLAGS="$LDFLAGS $withval" 343 fi 344 ] 345) 346AC_ARG_WITH([ldflags-after], 347 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 348 [ 349 if test -n "$withval" && test "x$withval" != "xno" && \ 350 test "x${withval}" != "xyes"; then 351 LDFLAGS_AFTER="$withval" 352 fi 353 ] 354) 355AC_ARG_WITH([libs], 356 [ --with-libs Specify additional libraries to link with], 357 [ 358 if test -n "$withval" && test "x$withval" != "xno" && \ 359 test "x${withval}" != "xyes"; then 360 LIBS="$LIBS $withval" 361 fi 362 ] 363) 364AC_ARG_WITH([Werror], 365 [ --with-Werror Build main code with -Werror], 366 [ 367 if test -n "$withval" && test "x$withval" != "xno"; then 368 werror_flags="-Werror" 369 if test "x${withval}" != "xyes"; then 370 werror_flags="$withval" 371 fi 372 fi 373 ] 374) 375 376AC_CHECK_HEADERS([ \ 377 blf.h \ 378 bstring.h \ 379 crypt.h \ 380 crypto/sha2.h \ 381 dirent.h \ 382 endian.h \ 383 elf.h \ 384 err.h \ 385 features.h \ 386 fcntl.h \ 387 floatingpoint.h \ 388 fnmatch.h \ 389 getopt.h \ 390 glob.h \ 391 ia.h \ 392 iaf.h \ 393 ifaddrs.h \ 394 inttypes.h \ 395 langinfo.h \ 396 limits.h \ 397 locale.h \ 398 login.h \ 399 maillock.h \ 400 ndir.h \ 401 net/if_tun.h \ 402 netdb.h \ 403 netgroup.h \ 404 pam/pam_appl.h \ 405 paths.h \ 406 poll.h \ 407 pty.h \ 408 readpassphrase.h \ 409 rpc/types.h \ 410 security/pam_appl.h \ 411 sha2.h \ 412 shadow.h \ 413 stddef.h \ 414 stdint.h \ 415 string.h \ 416 strings.h \ 417 sys/bitypes.h \ 418 sys/byteorder.h \ 419 sys/bsdtty.h \ 420 sys/cdefs.h \ 421 sys/dir.h \ 422 sys/file.h \ 423 sys/mman.h \ 424 sys/label.h \ 425 sys/ndir.h \ 426 sys/poll.h \ 427 sys/prctl.h \ 428 sys/pstat.h \ 429 sys/ptrace.h \ 430 sys/random.h \ 431 sys/select.h \ 432 sys/stat.h \ 433 sys/stream.h \ 434 sys/stropts.h \ 435 sys/strtio.h \ 436 sys/statvfs.h \ 437 sys/sysmacros.h \ 438 sys/time.h \ 439 sys/timers.h \ 440 sys/vfs.h \ 441 time.h \ 442 tmpdir.h \ 443 ttyent.h \ 444 ucred.h \ 445 unistd.h \ 446 usersec.h \ 447 util.h \ 448 utime.h \ 449 utmp.h \ 450 utmpx.h \ 451 vis.h \ 452 wchar.h \ 453]) 454 455# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 456# to be included first. 457AC_CHECK_HEADERS([sys/audit.h], [], [], [ 458#ifdef HAVE_SYS_TIME_H 459# include <sys/time.h> 460#endif 461#ifdef HAVE_SYS_TYPES_H 462# include <sys/types.h> 463#endif 464#ifdef HAVE_SYS_LABEL_H 465# include <sys/label.h> 466#endif 467]) 468 469# sys/capsicum.h requires sys/types.h 470AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ 471#ifdef HAVE_SYS_TYPES_H 472# include <sys/types.h> 473#endif 474]) 475 476# net/route.h requires sys/socket.h and sys/types.h. 477# sys/sysctl.h also requires sys/param.h 478AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 479#ifdef HAVE_SYS_TYPES_H 480# include <sys/types.h> 481#endif 482#include <sys/param.h> 483#include <sys/socket.h> 484]) 485 486# lastlog.h requires sys/time.h to be included first on Solaris 487AC_CHECK_HEADERS([lastlog.h], [], [], [ 488#ifdef HAVE_SYS_TIME_H 489# include <sys/time.h> 490#endif 491]) 492 493# sys/ptms.h requires sys/stream.h to be included first on Solaris 494AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 495#ifdef HAVE_SYS_STREAM_H 496# include <sys/stream.h> 497#endif 498]) 499 500# login_cap.h requires sys/types.h on NetBSD 501AC_CHECK_HEADERS([login_cap.h], [], [], [ 502#include <sys/types.h> 503]) 504 505# older BSDs need sys/param.h before sys/mount.h 506AC_CHECK_HEADERS([sys/mount.h], [], [], [ 507#include <sys/param.h> 508]) 509 510# Android requires sys/socket.h to be included before sys/un.h 511AC_CHECK_HEADERS([sys/un.h], [], [], [ 512#include <sys/types.h> 513#include <sys/socket.h> 514]) 515 516# Messages for features tested for in target-specific section 517SIA_MSG="no" 518SPC_MSG="no" 519SP_MSG="no" 520SPP_MSG="no" 521 522# Support for Solaris/Illumos privileges (this test is used by both 523# the --with-solaris-privs option and --with-sandbox=solaris). 524SOLARIS_PRIVS="no" 525 526AC_CHECK_SIZEOF([size_t]) 527 528# Check for some target-specific stuff 529case "$host" in 530*-*-aix*) 531 # Some versions of VAC won't allow macro redefinitions at 532 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 533 # particularly with older versions of vac or xlc. 534 # It also throws errors about null macro arguments, but these are 535 # not fatal. 536 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 537 AC_COMPILE_IFELSE( 538 [AC_LANG_PROGRAM([[ 539#define testmacro foo 540#define testmacro bar]], 541 [[ exit(0); ]])], 542 [ AC_MSG_RESULT([yes]) ], 543 [ AC_MSG_RESULT([no]) 544 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 545 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 546 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 547 ] 548 ) 549 550 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 551 if (test -z "$blibpath"); then 552 blibpath="/usr/lib:/lib" 553 fi 554 saved_LDFLAGS="$LDFLAGS" 555 if test "$GCC" = "yes"; then 556 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 557 else 558 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 559 fi 560 for tryflags in $flags ;do 561 if (test -z "$blibflags"); then 562 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 563 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 564 [blibflags=$tryflags], []) 565 fi 566 done 567 if (test -z "$blibflags"); then 568 AC_MSG_RESULT([not found]) 569 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 570 else 571 AC_MSG_RESULT([$blibflags]) 572 fi 573 LDFLAGS="$saved_LDFLAGS" 574 dnl Check for authenticate. Might be in libs.a on older AIXes 575 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 576 [Define if you want to enable AIX4's authenticate function])], 577 [AC_CHECK_LIB([s], [authenticate], 578 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 579 LIBS="$LIBS -ls" 580 ]) 581 ]) 582 dnl Check for various auth function declarations in headers. 583 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 584 passwdexpired, setauthdb], , , [#include <usersec.h>]) 585 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 586 AC_CHECK_DECLS([loginfailed], 587 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 588 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 589 [[ (void)loginfailed("user","host","tty",0); ]])], 590 [AC_MSG_RESULT([yes]) 591 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 592 [Define if your AIX loginfailed() function 593 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 594 ])], 595 [], 596 [#include <usersec.h>] 597 ) 598 AC_CHECK_FUNCS([getgrset setauthdb]) 599 AC_CHECK_DECL([F_CLOSEM], 600 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 601 [], 602 [ #include <limits.h> 603 #include <fcntl.h> ] 604 ) 605 check_for_aix_broken_getaddrinfo=1 606 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 607 [Define if your platform breaks doing a seteuid before a setuid]) 608 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 609 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 610 dnl AIX handles lastlog as part of its login message 611 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 612 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 613 [Some systems need a utmpx entry for /bin/login to work]) 614 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 615 [Define to a Set Process Title type if your system is 616 supported by bsd-setproctitle.c]) 617 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 618 [AIX 5.2 and 5.3 (and presumably newer) require this]) 619 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 620 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 621 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 622 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 623 ;; 624*-*-android*) 625 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 626 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 627 ;; 628*-*-cygwin*) 629 check_for_libcrypt_later=1 630 LIBS="$LIBS /usr/lib/textreadmode.o" 631 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 632 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 633 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 634 [Define to disable UID restoration test]) 635 AC_DEFINE([DISABLE_SHADOW], [1], 636 [Define if you want to disable shadow passwords]) 637 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 638 [Define if X11 doesn't support AF_UNIX sockets on that system]) 639 AC_DEFINE([DISABLE_FD_PASSING], [1], 640 [Define if your platform needs to skip post auth 641 file descriptor passing]) 642 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 643 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 644 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 645 # reasons which cause compile warnings, so we disable those warnings. 646 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 647 ;; 648*-*-dgux*) 649 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 650 [Define if your system choked on IP TOS setting]) 651 AC_DEFINE([SETEUID_BREAKS_SETUID]) 652 AC_DEFINE([BROKEN_SETREUID]) 653 AC_DEFINE([BROKEN_SETREGID]) 654 ;; 655*-*-darwin*) 656 use_pie=auto 657 AC_MSG_CHECKING([if we have working getaddrinfo]) 658 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h> 659main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 660 exit(0); 661 else 662 exit(1); 663} 664 ]])], 665 [AC_MSG_RESULT([working])], 666 [AC_MSG_RESULT([buggy]) 667 AC_DEFINE([BROKEN_GETADDRINFO], [1], 668 [getaddrinfo is broken (if present)]) 669 ], 670 [AC_MSG_RESULT([assume it is working])]) 671 AC_DEFINE([SETEUID_BREAKS_SETUID]) 672 AC_DEFINE([BROKEN_SETREUID]) 673 AC_DEFINE([BROKEN_SETREGID]) 674 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 675 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 676 [Define if your resolver libs need this for getrrsetbyname]) 677 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 678 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 679 [Use tunnel device compatibility to OpenBSD]) 680 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 681 [Prepend the address family to IP tunnel traffic]) 682 m4_pattern_allow([AU_IPv]) 683 AC_CHECK_DECL([AU_IPv4], [], 684 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 685 [#include <bsm/audit.h>] 686 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 687 [Define if pututxline updates lastlog too]) 688 ) 689 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 690 [Define to a Set Process Title type if your system is 691 supported by bsd-setproctitle.c]) 692 AC_CHECK_FUNCS([sandbox_init]) 693 AC_CHECK_HEADERS([sandbox.h]) 694 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 695 SSHDLIBS="$SSHDLIBS -lsandbox" 696 ]) 697 # proc_pidinfo()-based closefrom() replacement. 698 AC_CHECK_HEADERS([libproc.h]) 699 AC_CHECK_FUNCS([proc_pidinfo]) 700 ;; 701*-*-dragonfly*) 702 SSHDLIBS="$SSHDLIBS -lcrypt" 703 TEST_MALLOC_OPTIONS="AFGJPRX" 704 ;; 705*-*-haiku*) 706 LIBS="$LIBS -lbsd " 707 CFLAGS="$CFLAGS -D_BSD_SOURCE" 708 AC_CHECK_LIB([network], [socket]) 709 AC_DEFINE([HAVE_U_INT64_T]) 710 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 711 MANTYPE=man 712 ;; 713*-*-hpux*) 714 # first we define all of the options common to all HP-UX releases 715 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 716 IPADDR_IN_DISPLAY=yes 717 AC_DEFINE([USE_PIPES]) 718 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 719 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 720 [String used in /etc/passwd to denote locked account]) 721 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 722 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 723 maildir="/var/mail" 724 LIBS="$LIBS -lsec" 725 AC_CHECK_LIB([xnet], [t_error], , 726 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 727 728 # next, we define all of the options specific to major releases 729 case "$host" in 730 *-*-hpux10*) 731 if test -z "$GCC"; then 732 CFLAGS="$CFLAGS -Ae" 733 fi 734 ;; 735 *-*-hpux11*) 736 AC_DEFINE([PAM_SUN_CODEBASE], [1], 737 [Define if you are using Solaris-derived PAM which 738 passes pam_messages to the conversation function 739 with an extra level of indirection]) 740 AC_DEFINE([DISABLE_UTMP], [1], 741 [Define if you don't want to use utmp]) 742 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 743 check_for_hpux_broken_getaddrinfo=1 744 check_for_conflicting_getspnam=1 745 ;; 746 esac 747 748 # lastly, we define options specific to minor releases 749 case "$host" in 750 *-*-hpux10.26) 751 AC_DEFINE([HAVE_SECUREWARE], [1], 752 [Define if you have SecureWare-based 753 protected password database]) 754 disable_ptmx_check=yes 755 LIBS="$LIBS -lsecpw" 756 ;; 757 esac 758 ;; 759*-*-irix5*) 760 PATH="$PATH:/usr/etc" 761 AC_DEFINE([BROKEN_INET_NTOA], [1], 762 [Define if you system's inet_ntoa is busted 763 (e.g. Irix gcc issue)]) 764 AC_DEFINE([SETEUID_BREAKS_SETUID]) 765 AC_DEFINE([BROKEN_SETREUID]) 766 AC_DEFINE([BROKEN_SETREGID]) 767 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 768 [Define if you shouldn't strip 'tty' from your 769 ttyname in [uw]tmp]) 770 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 771 ;; 772*-*-irix6*) 773 PATH="$PATH:/usr/etc" 774 AC_DEFINE([WITH_IRIX_ARRAY], [1], 775 [Define if you have/want arrays 776 (cluster-wide session management, not C arrays)]) 777 AC_DEFINE([WITH_IRIX_PROJECT], [1], 778 [Define if you want IRIX project management]) 779 AC_DEFINE([WITH_IRIX_AUDIT], [1], 780 [Define if you want IRIX audit trails]) 781 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 782 [Define if you want IRIX kernel jobs])]) 783 AC_DEFINE([BROKEN_INET_NTOA]) 784 AC_DEFINE([SETEUID_BREAKS_SETUID]) 785 AC_DEFINE([BROKEN_SETREUID]) 786 AC_DEFINE([BROKEN_SETREGID]) 787 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 788 AC_DEFINE([WITH_ABBREV_NO_TTY]) 789 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 790 ;; 791*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 792 check_for_libcrypt_later=1 793 AC_DEFINE([PAM_TTY_KLUDGE]) 794 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 795 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 796 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 797 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 798 ;; 799*-*-linux*) 800 no_dev_ptmx=1 801 use_pie=auto 802 check_for_libcrypt_later=1 803 check_for_openpty_ctty_bug=1 804 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 805 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 806 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" 807 AC_DEFINE([PAM_TTY_KLUDGE], [1], 808 [Work around problematic Linux PAM modules handling of PAM_TTY]) 809 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 810 [String used in /etc/passwd to denote locked account]) 811 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 812 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 813 [Define to whatever link() returns for "not supported" 814 if it doesn't return EOPNOTSUPP.]) 815 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 816 AC_DEFINE([USE_BTMP]) 817 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 818 inet6_default_4in6=yes 819 case `uname -r` in 820 1.*|2.0.*) 821 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 822 [Define if cmsg_type is not passed correctly]) 823 ;; 824 esac 825 # tun(4) forwarding compat code 826 AC_CHECK_HEADERS([linux/if_tun.h]) 827 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 828 AC_DEFINE([SSH_TUN_LINUX], [1], 829 [Open tunnel devices the Linux tun/tap way]) 830 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 831 [Use tunnel device compatibility to OpenBSD]) 832 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 833 [Prepend the address family to IP tunnel traffic]) 834 fi 835 AC_CHECK_HEADER([linux/if.h], 836 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 837 [Support routing domains using Linux VRF]), [], [ 838#ifdef HAVE_SYS_TYPES_H 839# include <sys/types.h> 840#endif 841 ]) 842 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 843 [], [#include <linux/types.h>]) 844 # Obtain MIPS ABI 845 case "$host" in 846 mips*) 847 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 848#if _MIPS_SIM != _ABIO32 849#error 850#endif 851 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 852#if _MIPS_SIM != _ABIN32 853#error 854#endif 855 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 856#if _MIPS_SIM != _ABI64 857#error 858#endif 859 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 860 ]) 861 ]) 862 ]) 863 ;; 864 esac 865 AC_MSG_CHECKING([for seccomp architecture]) 866 seccomp_audit_arch= 867 case "$host" in 868 x86_64-*) 869 seccomp_audit_arch=AUDIT_ARCH_X86_64 870 # X32: AMD64 instructions in 32bit address space. 871 if test "x$ac_cv_sizeof_size_t" = "x4" ; then 872 seccomp_audit_arch=AUDIT_ARCH_I386 873 fi 874 ;; 875 i*86-*) 876 seccomp_audit_arch=AUDIT_ARCH_I386 877 ;; 878 arm*-*) 879 seccomp_audit_arch=AUDIT_ARCH_ARM 880 ;; 881 aarch64*-*) 882 seccomp_audit_arch=AUDIT_ARCH_AARCH64 883 ;; 884 s390x-*) 885 seccomp_audit_arch=AUDIT_ARCH_S390X 886 ;; 887 s390-*) 888 seccomp_audit_arch=AUDIT_ARCH_S390 889 ;; 890 powerpc64-*) 891 seccomp_audit_arch=AUDIT_ARCH_PPC64 892 ;; 893 powerpc64le-*) 894 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 895 ;; 896 mips-*) 897 seccomp_audit_arch=AUDIT_ARCH_MIPS 898 ;; 899 mipsel-*) 900 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 901 ;; 902 mips64-*) 903 case "$mips_abi" in 904 "n32") 905 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 906 ;; 907 "n64") 908 seccomp_audit_arch=AUDIT_ARCH_MIPS64 909 ;; 910 esac 911 ;; 912 mips64el-*) 913 case "$mips_abi" in 914 "n32") 915 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 916 ;; 917 "n64") 918 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 919 ;; 920 esac 921 ;; 922 riscv64-*) 923 seccomp_audit_arch=AUDIT_ARCH_RISCV64 924 ;; 925 esac 926 if test "x$seccomp_audit_arch" != "x" ; then 927 AC_MSG_RESULT(["$seccomp_audit_arch"]) 928 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 929 [Specify the system call convention in use]) 930 else 931 AC_MSG_RESULT([architecture not supported]) 932 fi 933 ;; 934mips-sony-bsd|mips-sony-newsos4) 935 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 936 SONY=1 937 ;; 938*-*-netbsd*) 939 check_for_libcrypt_before=1 940 if test "x$withval" != "xno" ; then 941 rpath_opt="-R" 942 fi 943 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 944 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 945 AC_CHECK_HEADER([net/if_tap.h], , 946 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 947 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 948 [Prepend the address family to IP tunnel traffic]) 949 TEST_MALLOC_OPTIONS="AJRX" 950 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 951 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 952 ;; 953*-*-freebsd*) 954 check_for_libcrypt_later=1 955 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 956 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 957 AC_CHECK_HEADER([net/if_tap.h], , 958 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 959 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 960 TEST_MALLOC_OPTIONS="AJRX" 961 # Preauth crypto occasionally uses file descriptors for crypto offload 962 # and will crash if they cannot be opened. 963 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 964 [define if setrlimit RLIMIT_NOFILE breaks things]) 965 ;; 966*-*-bsdi*) 967 AC_DEFINE([SETEUID_BREAKS_SETUID]) 968 AC_DEFINE([BROKEN_SETREUID]) 969 AC_DEFINE([BROKEN_SETREGID]) 970 ;; 971*-next-*) 972 conf_lastlog_location="/usr/adm/lastlog" 973 conf_utmp_location=/etc/utmp 974 conf_wtmp_location=/usr/adm/wtmp 975 maildir=/usr/spool/mail 976 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 977 AC_DEFINE([USE_PIPES]) 978 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 979 ;; 980*-*-openbsd*) 981 use_pie=auto 982 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 983 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 984 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 985 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 986 [syslog_r function is safe to use in in a signal handler]) 987 TEST_MALLOC_OPTIONS="AFGJPRX" 988 ;; 989*-*-solaris*) 990 if test "x$withval" != "xno" ; then 991 rpath_opt="-R" 992 fi 993 AC_DEFINE([PAM_SUN_CODEBASE]) 994 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 995 AC_DEFINE([PAM_TTY_KLUDGE]) 996 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 997 [Define if pam_chauthtok wants real uid set 998 to the unpriv'ed user]) 999 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1000 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 1001 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 1002 [Define if sshd somehow reacquires a controlling TTY 1003 after setsid()]) 1004 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1005 in case the name is longer than 8 chars]) 1006 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1007 external_path_file=/etc/default/login 1008 # hardwire lastlog location (can't detect it on some versions) 1009 conf_lastlog_location="/var/adm/lastlog" 1010 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1011 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1012 if test "$sol2ver" -ge 8; then 1013 AC_MSG_RESULT([yes]) 1014 AC_DEFINE([DISABLE_UTMP]) 1015 AC_DEFINE([DISABLE_WTMP], [1], 1016 [Define if you don't want to use wtmp]) 1017 else 1018 AC_MSG_RESULT([no]) 1019 fi 1020 AC_CHECK_FUNCS([setpflags]) 1021 AC_CHECK_FUNCS([setppriv]) 1022 AC_CHECK_FUNCS([priv_basicset]) 1023 AC_CHECK_HEADERS([priv.h]) 1024 AC_ARG_WITH([solaris-contracts], 1025 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1026 [ 1027 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1028 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1029 [Define if you have Solaris process contracts]) 1030 LIBS="$LIBS -lcontract" 1031 SPC_MSG="yes" ], ) 1032 ], 1033 ) 1034 AC_ARG_WITH([solaris-projects], 1035 [ --with-solaris-projects Enable Solaris projects (experimental)], 1036 [ 1037 AC_CHECK_LIB([project], [setproject], 1038 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1039 [Define if you have Solaris projects]) 1040 LIBS="$LIBS -lproject" 1041 SP_MSG="yes" ], ) 1042 ], 1043 ) 1044 AC_ARG_WITH([solaris-privs], 1045 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1046 [ 1047 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1048 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1049 "x$ac_cv_header_priv_h" = "xyes" ; then 1050 SOLARIS_PRIVS=yes 1051 AC_MSG_RESULT([found]) 1052 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1053 [Define to disable UID restoration test]) 1054 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1055 [Define if you have Solaris privileges]) 1056 SPP_MSG="yes" 1057 else 1058 AC_MSG_RESULT([not found]) 1059 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1060 fi 1061 ], 1062 ) 1063 TEST_SHELL=$SHELL # let configure find us a capable shell 1064 ;; 1065*-*-sunos4*) 1066 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1067 AC_CHECK_FUNCS([getpwanam]) 1068 AC_DEFINE([PAM_SUN_CODEBASE]) 1069 conf_utmp_location=/etc/utmp 1070 conf_wtmp_location=/var/adm/wtmp 1071 conf_lastlog_location=/var/adm/lastlog 1072 AC_DEFINE([USE_PIPES]) 1073 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1074 ;; 1075*-ncr-sysv*) 1076 LIBS="$LIBS -lc89" 1077 AC_DEFINE([USE_PIPES]) 1078 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1079 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1080 AC_DEFINE([BROKEN_SETREUID]) 1081 AC_DEFINE([BROKEN_SETREGID]) 1082 ;; 1083*-sni-sysv*) 1084 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1085 AC_CHECK_LIB([dl], [dlsym], ,) 1086 # -lresolv needs to be at the end of LIBS or DNS lookups break 1087 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1088 IPADDR_IN_DISPLAY=yes 1089 AC_DEFINE([USE_PIPES]) 1090 AC_DEFINE([IP_TOS_IS_BROKEN]) 1091 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1092 AC_DEFINE([BROKEN_SETREUID]) 1093 AC_DEFINE([BROKEN_SETREGID]) 1094 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1095 external_path_file=/etc/default/login 1096 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1097 # Attention: always take care to bind libsocket and libnsl before libc, 1098 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1099 ;; 1100# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1101*-*-sysv4.2*) 1102 AC_DEFINE([USE_PIPES]) 1103 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1104 AC_DEFINE([BROKEN_SETREUID]) 1105 AC_DEFINE([BROKEN_SETREGID]) 1106 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1107 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1108 TEST_SHELL=$SHELL # let configure find us a capable shell 1109 ;; 1110# UnixWare 7.x, OpenUNIX 8 1111*-*-sysv5*) 1112 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1113 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1114 AC_DEFINE([USE_PIPES]) 1115 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1116 AC_DEFINE([BROKEN_GETADDRINFO]) 1117 AC_DEFINE([BROKEN_SETREUID]) 1118 AC_DEFINE([BROKEN_SETREGID]) 1119 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1120 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1121 TEST_SHELL=$SHELL # let configure find us a capable shell 1122 check_for_libcrypt_later=1 1123 case "$host" in 1124 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1125 maildir=/var/spool/mail 1126 AC_DEFINE([BROKEN_UPDWTMPX]) 1127 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1128 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1129 ], , ) 1130 ;; 1131 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1132 ;; 1133 esac 1134 ;; 1135*-*-sysv*) 1136 ;; 1137# SCO UNIX and OEM versions of SCO UNIX 1138*-*-sco3.2v4*) 1139 AC_MSG_ERROR("This Platform is no longer supported.") 1140 ;; 1141# SCO OpenServer 5.x 1142*-*-sco3.2v5*) 1143 if test -z "$GCC"; then 1144 CFLAGS="$CFLAGS -belf" 1145 fi 1146 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1147 no_dev_ptmx=1 1148 AC_DEFINE([USE_PIPES]) 1149 AC_DEFINE([HAVE_SECUREWARE]) 1150 AC_DEFINE([DISABLE_SHADOW]) 1151 AC_DEFINE([DISABLE_FD_PASSING]) 1152 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1153 AC_DEFINE([BROKEN_GETADDRINFO]) 1154 AC_DEFINE([BROKEN_SETREUID]) 1155 AC_DEFINE([BROKEN_SETREGID]) 1156 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1157 AC_DEFINE([BROKEN_UPDWTMPX]) 1158 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1159 AC_CHECK_FUNCS([getluid setluid]) 1160 MANTYPE=man 1161 TEST_SHELL=$SHELL # let configure find us a capable shell 1162 SKIP_DISABLE_LASTLOG_DEFINE=yes 1163 ;; 1164*-dec-osf*) 1165 AC_MSG_CHECKING([for Digital Unix SIA]) 1166 no_osfsia="" 1167 AC_ARG_WITH([osfsia], 1168 [ --with-osfsia Enable Digital Unix SIA], 1169 [ 1170 if test "x$withval" = "xno" ; then 1171 AC_MSG_RESULT([disabled]) 1172 no_osfsia=1 1173 fi 1174 ], 1175 ) 1176 if test -z "$no_osfsia" ; then 1177 if test -f /etc/sia/matrix.conf; then 1178 AC_MSG_RESULT([yes]) 1179 AC_DEFINE([HAVE_OSF_SIA], [1], 1180 [Define if you have Digital Unix Security 1181 Integration Architecture]) 1182 AC_DEFINE([DISABLE_LOGIN], [1], 1183 [Define if you don't want to use your 1184 system's login() call]) 1185 AC_DEFINE([DISABLE_FD_PASSING]) 1186 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1187 SIA_MSG="yes" 1188 else 1189 AC_MSG_RESULT([no]) 1190 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1191 [String used in /etc/passwd to denote locked account]) 1192 fi 1193 fi 1194 AC_DEFINE([BROKEN_GETADDRINFO]) 1195 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1196 AC_DEFINE([BROKEN_SETREUID]) 1197 AC_DEFINE([BROKEN_SETREGID]) 1198 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1199 ;; 1200 1201*-*-nto-qnx*) 1202 AC_DEFINE([USE_PIPES]) 1203 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1204 AC_DEFINE([DISABLE_LASTLOG]) 1205 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1206 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1207 enable_etc_default_login=no # has incompatible /etc/default/login 1208 case "$host" in 1209 *-*-nto-qnx6*) 1210 AC_DEFINE([DISABLE_FD_PASSING]) 1211 ;; 1212 esac 1213 ;; 1214 1215*-*-ultrix*) 1216 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1217 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1218 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1219 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1220 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1221 # don't get a controlling tty. 1222 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1223 # On Ultrix some headers are not protected against multiple includes, 1224 # so we create wrappers and put it where the compiler will find it. 1225 AC_MSG_WARN([creating compat wrappers for headers]) 1226 mkdir -p netinet 1227 for header in netinet/ip.h netdb.h resolv.h; do 1228 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1229 cat >$header <<EOD 1230#ifndef _SSH_COMPAT_${name} 1231#define _SSH_COMPAT_${name} 1232#include "/usr/include/${header}" 1233#endif 1234EOD 1235 done 1236 ;; 1237 1238*-*-lynxos) 1239 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1240 AC_DEFINE([BROKEN_SETVBUF], [1], 1241 [LynxOS has broken setvbuf() implementation]) 1242 ;; 1243esac 1244 1245AC_MSG_CHECKING([compiler and flags for sanity]) 1246AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], 1247 [ AC_MSG_RESULT([yes]) ], 1248 [ 1249 AC_MSG_RESULT([no]) 1250 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1251 ], 1252 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1253) 1254 1255dnl Checks for header files. 1256# Checks for libraries. 1257AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1258 1259dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1260AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1261 AC_CHECK_LIB([gen], [dirname], [ 1262 AC_CACHE_CHECK([for broken dirname], 1263 ac_cv_have_broken_dirname, [ 1264 save_LIBS="$LIBS" 1265 LIBS="$LIBS -lgen" 1266 AC_RUN_IFELSE( 1267 [AC_LANG_SOURCE([[ 1268#include <libgen.h> 1269#include <string.h> 1270 1271int main(int argc, char **argv) { 1272 char *s, buf[32]; 1273 1274 strncpy(buf,"/etc", 32); 1275 s = dirname(buf); 1276 if (!s || strncmp(s, "/", 32) != 0) { 1277 exit(1); 1278 } else { 1279 exit(0); 1280 } 1281} 1282 ]])], 1283 [ ac_cv_have_broken_dirname="no" ], 1284 [ ac_cv_have_broken_dirname="yes" ], 1285 [ ac_cv_have_broken_dirname="no" ], 1286 ) 1287 LIBS="$save_LIBS" 1288 ]) 1289 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1290 LIBS="$LIBS -lgen" 1291 AC_DEFINE([HAVE_DIRNAME]) 1292 AC_CHECK_HEADERS([libgen.h]) 1293 fi 1294 ]) 1295]) 1296 1297AC_CHECK_FUNC([getspnam], , 1298 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1299AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1300 [Define if you have the basename function.])]) 1301 1302dnl zlib defaults to enabled 1303zlib=yes 1304AC_ARG_WITH([zlib], 1305 [ --with-zlib=PATH Use zlib in PATH], 1306 [ if test "x$withval" = "xno" ; then 1307 zlib=no 1308 elif test "x$withval" != "xyes"; then 1309 if test -d "$withval/lib"; then 1310 if test -n "${rpath_opt}"; then 1311 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1312 else 1313 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1314 fi 1315 else 1316 if test -n "${rpath_opt}"; then 1317 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1318 else 1319 LDFLAGS="-L${withval} ${LDFLAGS}" 1320 fi 1321 fi 1322 if test -d "$withval/include"; then 1323 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1324 else 1325 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1326 fi 1327 fi ] 1328) 1329 1330AC_MSG_CHECKING([for zlib]) 1331if test "x${zlib}" = "xno"; then 1332 AC_MSG_RESULT([no]) 1333else 1334 AC_MSG_RESULT([yes]) 1335 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1336 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1337 AC_CHECK_LIB([z], [deflate], , 1338 [ 1339 saved_CPPFLAGS="$CPPFLAGS" 1340 saved_LDFLAGS="$LDFLAGS" 1341 save_LIBS="$LIBS" 1342 dnl Check default zlib install dir 1343 if test -n "${rpath_opt}"; then 1344 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1345 else 1346 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1347 fi 1348 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1349 LIBS="$LIBS -lz" 1350 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1351 [ 1352 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1353 ] 1354 ) 1355 ] 1356 ) 1357 1358 AC_ARG_WITH([zlib-version-check], 1359 [ --without-zlib-version-check Disable zlib version check], 1360 [ if test "x$withval" = "xno" ; then 1361 zlib_check_nonfatal=1 1362 fi 1363 ] 1364 ) 1365 1366 AC_MSG_CHECKING([for possibly buggy zlib]) 1367 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1368#include <stdio.h> 1369#include <stdlib.h> 1370#include <zlib.h> 1371 ]], 1372 [[ 1373 int a=0, b=0, c=0, d=0, n, v; 1374 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1375 if (n != 3 && n != 4) 1376 exit(1); 1377 v = a*1000000 + b*10000 + c*100 + d; 1378 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1379 1380 /* 1.1.4 is OK */ 1381 if (a == 1 && b == 1 && c >= 4) 1382 exit(0); 1383 1384 /* 1.2.3 and up are OK */ 1385 if (v >= 1020300) 1386 exit(0); 1387 1388 exit(2); 1389 ]])], 1390 AC_MSG_RESULT([no]), 1391 [ AC_MSG_RESULT([yes]) 1392 if test -z "$zlib_check_nonfatal" ; then 1393 AC_MSG_ERROR([*** zlib too old - check config.log *** 1394Your reported zlib version has known security problems. It's possible your 1395vendor has fixed these problems without changing the version number. If you 1396are sure this is the case, you can disable the check by running 1397"./configure --without-zlib-version-check". 1398If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1399See http://www.gzip.org/zlib/ for details.]) 1400 else 1401 AC_MSG_WARN([zlib version may have security problems]) 1402 fi 1403 ], 1404 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1405 ) 1406fi 1407 1408dnl UnixWare 2.x 1409AC_CHECK_FUNC([strcasecmp], 1410 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1411) 1412AC_CHECK_FUNCS([utimes], 1413 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1414 LIBS="$LIBS -lc89"]) ] 1415) 1416 1417dnl Checks for libutil functions 1418AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1419AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1420AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1421AC_SEARCH_LIBS([login], [util bsd]) 1422AC_SEARCH_LIBS([logout], [util bsd]) 1423AC_SEARCH_LIBS([logwtmp], [util bsd]) 1424AC_SEARCH_LIBS([openpty], [util bsd]) 1425AC_SEARCH_LIBS([updwtmp], [util bsd]) 1426AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1427 1428# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1429# or libnsl. 1430AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1431AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1432 1433# "Particular Function Checks" 1434# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1435AC_FUNC_STRFTIME 1436AC_FUNC_MALLOC 1437AC_FUNC_REALLOC 1438# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1439AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1440AC_RUN_IFELSE( 1441 [AC_LANG_PROGRAM( 1442 [[ #include <stdlib.h> ]], 1443 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1444 )], 1445 [ func_calloc_0_nonnull=yes ], 1446 [ func_calloc_0_nonnull=no ], 1447 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1448 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1449) 1450AC_MSG_RESULT([$func_calloc_0_nonnull]) 1451 1452if test "x$func_calloc_0_nonnull" = "xyes"; then 1453 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1454else 1455 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1456 AC_DEFINE(calloc, rpl_calloc, 1457 [Define to rpl_calloc if the replacement function should be used.]) 1458fi 1459 1460# Check for ALTDIRFUNC glob() extension 1461AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1462AC_EGREP_CPP([FOUNDIT], 1463 [ 1464 #include <glob.h> 1465 #ifdef GLOB_ALTDIRFUNC 1466 FOUNDIT 1467 #endif 1468 ], 1469 [ 1470 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1471 [Define if your system glob() function has 1472 the GLOB_ALTDIRFUNC extension]) 1473 AC_MSG_RESULT([yes]) 1474 ], 1475 [ 1476 AC_MSG_RESULT([no]) 1477 ] 1478) 1479 1480# Check for g.gl_matchc glob() extension 1481AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1482AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1483 [[ glob_t g; g.gl_matchc = 1; ]])], 1484 [ 1485 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1486 [Define if your system glob() function has 1487 gl_matchc options in glob_t]) 1488 AC_MSG_RESULT([yes]) 1489 ], [ 1490 AC_MSG_RESULT([no]) 1491]) 1492 1493# Check for g.gl_statv glob() extension 1494AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1495AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1496#ifndef GLOB_KEEPSTAT 1497#error "glob does not support GLOB_KEEPSTAT extension" 1498#endif 1499glob_t g; 1500g.gl_statv = NULL; 1501]])], 1502 [ 1503 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1504 [Define if your system glob() function has 1505 gl_statv options in glob_t]) 1506 AC_MSG_RESULT([yes]) 1507 ], [ 1508 AC_MSG_RESULT([no]) 1509 1510]) 1511 1512AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1513 1514AC_CHECK_DECL([VIS_ALL], , 1515 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1516 1517AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1518AC_RUN_IFELSE( 1519 [AC_LANG_PROGRAM([[ 1520#include <sys/types.h> 1521#include <dirent.h>]], 1522 [[ 1523 struct dirent d; 1524 exit(sizeof(d.d_name)<=sizeof(char)); 1525 ]])], 1526 [AC_MSG_RESULT([yes])], 1527 [ 1528 AC_MSG_RESULT([no]) 1529 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1530 [Define if your struct dirent expects you to 1531 allocate extra space for d_name]) 1532 ], 1533 [ 1534 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1535 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1536 ] 1537) 1538 1539AC_MSG_CHECKING([for /proc/pid/fd directory]) 1540if test -d "/proc/$$/fd" ; then 1541 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1542 AC_MSG_RESULT([yes]) 1543else 1544 AC_MSG_RESULT([no]) 1545fi 1546 1547# Check whether user wants to use ldns 1548LDNS_MSG="no" 1549AC_ARG_WITH(ldns, 1550 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1551 [ 1552 ldns="" 1553 if test "x$withval" = "xyes" ; then 1554 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1555 if test "x$LDNSCONFIG" = "xno"; then 1556 LIBS="-lldns $LIBS" 1557 ldns=yes 1558 else 1559 LIBS="$LIBS `$LDNSCONFIG --libs`" 1560 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1561 ldns=yes 1562 fi 1563 elif test "x$withval" != "xno" ; then 1564 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1565 LDFLAGS="$LDFLAGS -L${withval}/lib" 1566 LIBS="-lldns $LIBS" 1567 ldns=yes 1568 fi 1569 1570 # Verify that it works. 1571 if test "x$ldns" = "xyes" ; then 1572 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1573 LDNS_MSG="yes" 1574 AC_MSG_CHECKING([for ldns support]) 1575 AC_LINK_IFELSE( 1576 [AC_LANG_SOURCE([[ 1577#include <stdio.h> 1578#include <stdlib.h> 1579#ifdef HAVE_STDINT_H 1580# include <stdint.h> 1581#endif 1582#include <ldns/ldns.h> 1583int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1584 ]]) 1585 ], 1586 [AC_MSG_RESULT(yes)], 1587 [ 1588 AC_MSG_RESULT(no) 1589 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1590 ]) 1591 fi 1592]) 1593 1594# Check whether user wants libedit support 1595LIBEDIT_MSG="no" 1596AC_ARG_WITH([libedit], 1597 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1598 [ if test "x$withval" != "xno" ; then 1599 if test "x$withval" = "xyes" ; then 1600 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1601 if test "x$PKGCONFIG" != "xno"; then 1602 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1603 if "$PKGCONFIG" libedit; then 1604 AC_MSG_RESULT([yes]) 1605 use_pkgconfig_for_libedit=yes 1606 else 1607 AC_MSG_RESULT([no]) 1608 fi 1609 fi 1610 else 1611 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1612 if test -n "${rpath_opt}"; then 1613 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1614 else 1615 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1616 fi 1617 fi 1618 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1619 LIBEDIT=`$PKGCONFIG --libs libedit` 1620 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1621 else 1622 LIBEDIT="-ledit -lcurses" 1623 fi 1624 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1625 AC_CHECK_LIB([edit], [el_init], 1626 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1627 LIBEDIT_MSG="yes" 1628 AC_SUBST([LIBEDIT]) 1629 ], 1630 [ AC_MSG_ERROR([libedit not found]) ], 1631 [ $OTHERLIBS ] 1632 ) 1633 AC_MSG_CHECKING([if libedit version is compatible]) 1634 AC_COMPILE_IFELSE( 1635 [AC_LANG_PROGRAM([[ #include <histedit.h> ]], 1636 [[ 1637 int i = H_SETSIZE; 1638 el_init("", NULL, NULL, NULL); 1639 exit(0); 1640 ]])], 1641 [ AC_MSG_RESULT([yes]) ], 1642 [ AC_MSG_RESULT([no]) 1643 AC_MSG_ERROR([libedit version is not compatible]) ] 1644 ) 1645 fi ] 1646) 1647 1648AUDIT_MODULE=none 1649AC_ARG_WITH([audit], 1650 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1651 [ 1652 AC_MSG_CHECKING([for supported audit module]) 1653 case "$withval" in 1654 bsm) 1655 AC_MSG_RESULT([bsm]) 1656 AUDIT_MODULE=bsm 1657 dnl Checks for headers, libs and functions 1658 AC_CHECK_HEADERS([bsm/audit.h], [], 1659 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1660 [ 1661#ifdef HAVE_TIME_H 1662# include <time.h> 1663#endif 1664 ] 1665) 1666 AC_CHECK_LIB([bsm], [getaudit], [], 1667 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1668 AC_CHECK_FUNCS([getaudit], [], 1669 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1670 # These are optional 1671 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1672 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1673 if test "$sol2ver" -ge 11; then 1674 SSHDLIBS="$SSHDLIBS -lscf" 1675 AC_DEFINE([BROKEN_BSM_API], [1], 1676 [The system has incomplete BSM API]) 1677 fi 1678 ;; 1679 linux) 1680 AC_MSG_RESULT([linux]) 1681 AUDIT_MODULE=linux 1682 dnl Checks for headers, libs and functions 1683 AC_CHECK_HEADERS([libaudit.h]) 1684 SSHDLIBS="$SSHDLIBS -laudit" 1685 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1686 ;; 1687 debug) 1688 AUDIT_MODULE=debug 1689 AC_MSG_RESULT([debug]) 1690 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1691 ;; 1692 no) 1693 AC_MSG_RESULT([no]) 1694 ;; 1695 *) 1696 AC_MSG_ERROR([Unknown audit module $withval]) 1697 ;; 1698 esac ] 1699) 1700 1701AC_ARG_WITH([pie], 1702 [ --with-pie Build Position Independent Executables if possible], [ 1703 if test "x$withval" = "xno"; then 1704 use_pie=no 1705 fi 1706 if test "x$withval" = "xyes"; then 1707 use_pie=yes 1708 fi 1709 ] 1710) 1711if test "x$use_pie" = "x"; then 1712 use_pie=no 1713fi 1714if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1715 # Turn off automatic PIE when toolchain hardening is off. 1716 use_pie=no 1717fi 1718if test "x$use_pie" = "xauto"; then 1719 # Automatic PIE requires gcc >= 4.x 1720 AC_MSG_CHECKING([for gcc >= 4.x]) 1721 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1722#if !defined(__GNUC__) || __GNUC__ < 4 1723#error gcc is too old 1724#endif 1725]])], 1726 [ AC_MSG_RESULT([yes]) ], 1727 [ AC_MSG_RESULT([no]) 1728 use_pie=no ] 1729) 1730fi 1731if test "x$use_pie" != "xno"; then 1732 SAVED_CFLAGS="$CFLAGS" 1733 SAVED_LDFLAGS="$LDFLAGS" 1734 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1735 OSSH_CHECK_LDFLAG_LINK([-pie]) 1736 # We use both -fPIE and -pie or neither. 1737 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1738 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1739 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1740 AC_MSG_RESULT([yes]) 1741 else 1742 AC_MSG_RESULT([no]) 1743 CFLAGS="$SAVED_CFLAGS" 1744 LDFLAGS="$SAVED_LDFLAGS" 1745 fi 1746fi 1747 1748AC_MSG_CHECKING([whether -fPIC is accepted]) 1749SAVED_CFLAGS="$CFLAGS" 1750CFLAGS="$CFLAGS -fPIC" 1751AC_COMPILE_IFELSE( 1752 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1753 [AC_MSG_RESULT([yes]) 1754 PICFLAG="-fPIC"; ], 1755 [AC_MSG_RESULT([no]) 1756 PICFLAG=""; ]) 1757CFLAGS="$SAVED_CFLAGS" 1758AC_SUBST([PICFLAG]) 1759 1760dnl Checks for library functions. Please keep in alphabetical order 1761AC_CHECK_FUNCS([ \ 1762 Blowfish_initstate \ 1763 Blowfish_expandstate \ 1764 Blowfish_expand0state \ 1765 Blowfish_stream2word \ 1766 SHA256Update \ 1767 SHA384Update \ 1768 SHA512Update \ 1769 asprintf \ 1770 b64_ntop \ 1771 __b64_ntop \ 1772 b64_pton \ 1773 __b64_pton \ 1774 bcopy \ 1775 bcrypt_pbkdf \ 1776 bindresvport_sa \ 1777 blf_enc \ 1778 bzero \ 1779 cap_rights_limit \ 1780 clock \ 1781 closefrom \ 1782 dirfd \ 1783 endgrent \ 1784 err \ 1785 errx \ 1786 explicit_bzero \ 1787 fchmod \ 1788 fchmodat \ 1789 fchown \ 1790 fchownat \ 1791 flock \ 1792 fnmatch \ 1793 freeaddrinfo \ 1794 freezero \ 1795 fstatfs \ 1796 fstatvfs \ 1797 futimes \ 1798 getaddrinfo \ 1799 getcwd \ 1800 getgrouplist \ 1801 getline \ 1802 getnameinfo \ 1803 getopt \ 1804 getpagesize \ 1805 getpeereid \ 1806 getpeerucred \ 1807 getpgid \ 1808 _getpty \ 1809 getrlimit \ 1810 getrandom \ 1811 getsid \ 1812 getttyent \ 1813 glob \ 1814 group_from_gid \ 1815 inet_aton \ 1816 inet_ntoa \ 1817 inet_ntop \ 1818 innetgr \ 1819 llabs \ 1820 localtime_r \ 1821 login_getcapbool \ 1822 md5_crypt \ 1823 memmem \ 1824 memmove \ 1825 memset_s \ 1826 mkdtemp \ 1827 ngetaddrinfo \ 1828 nsleep \ 1829 ogetaddrinfo \ 1830 openlog_r \ 1831 pledge \ 1832 poll \ 1833 prctl \ 1834 pstat \ 1835 raise \ 1836 readpassphrase \ 1837 reallocarray \ 1838 realpath \ 1839 recvmsg \ 1840 recallocarray \ 1841 rresvport_af \ 1842 sendmsg \ 1843 setdtablesize \ 1844 setegid \ 1845 setenv \ 1846 seteuid \ 1847 setgroupent \ 1848 setgroups \ 1849 setlinebuf \ 1850 setlogin \ 1851 setpassent\ 1852 setpcred \ 1853 setproctitle \ 1854 setregid \ 1855 setreuid \ 1856 setrlimit \ 1857 setsid \ 1858 setvbuf \ 1859 sigaction \ 1860 sigvec \ 1861 snprintf \ 1862 socketpair \ 1863 statfs \ 1864 statvfs \ 1865 strcasestr \ 1866 strdup \ 1867 strerror \ 1868 strlcat \ 1869 strlcpy \ 1870 strmode \ 1871 strndup \ 1872 strnlen \ 1873 strnvis \ 1874 strptime \ 1875 strsignal \ 1876 strtonum \ 1877 strtoll \ 1878 strtoul \ 1879 strtoull \ 1880 swap32 \ 1881 sysconf \ 1882 tcgetpgrp \ 1883 timingsafe_bcmp \ 1884 truncate \ 1885 unsetenv \ 1886 updwtmpx \ 1887 utimensat \ 1888 user_from_uid \ 1889 usleep \ 1890 vasprintf \ 1891 vsnprintf \ 1892 waitpid \ 1893 warn \ 1894]) 1895 1896AC_CHECK_DECLS([bzero, memmem]) 1897 1898dnl Wide character support. 1899AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1900 1901TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 1902AC_MSG_CHECKING([for utf8 locale support]) 1903AC_RUN_IFELSE( 1904 [AC_LANG_PROGRAM([[ 1905#include <locale.h> 1906#include <stdlib.h> 1907 ]], [[ 1908 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 1909 if (loc != NULL) 1910 exit(0); 1911 exit(1); 1912 ]])], 1913 AC_MSG_RESULT(yes), 1914 [AC_MSG_RESULT(no) 1915 TEST_SSH_UTF8=no], 1916 AC_MSG_WARN([cross compiling: assuming yes]) 1917) 1918 1919AC_LINK_IFELSE( 1920 [AC_LANG_PROGRAM( 1921 [[ #include <ctype.h> ]], 1922 [[ return (isblank('a')); ]])], 1923 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1924]) 1925 1926disable_pkcs11= 1927AC_ARG_ENABLE([pkcs11], 1928 [ --disable-pkcs11 disable PKCS#11 support code [no]], 1929 [ 1930 if test "x$enableval" = "xno" ; then 1931 disable_pkcs11=1 1932 fi 1933 ] 1934) 1935 1936disable_sk= 1937AC_ARG_ENABLE([security-key], 1938 [ --disable-security-key disable U2F/FIDO support code [no]], 1939 [ 1940 if test "x$enableval" = "xno" ; then 1941 disable_sk=1 1942 fi 1943 ] 1944) 1945enable_sk_internal= 1946AC_ARG_WITH([security-key-builtin], 1947 [ --with-security-key-builtin include builtin U2F/FIDO support], 1948 [ 1949 if test "x$withval" != "xno" ; then 1950 enable_sk_internal=yes 1951 fi 1952 ] 1953) 1954test "x$disable_sk" != "x" && enable_sk_internal="" 1955 1956AC_SEARCH_LIBS([dlopen], [dl]) 1957AC_CHECK_FUNCS([dlopen]) 1958AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 1959 1960# IRIX has a const char return value for gai_strerror() 1961AC_CHECK_FUNCS([gai_strerror], [ 1962 AC_DEFINE([HAVE_GAI_STRERROR]) 1963 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1964#include <sys/types.h> 1965#include <sys/socket.h> 1966#include <netdb.h> 1967 1968const char *gai_strerror(int); 1969 ]], [[ 1970 char *str; 1971 str = gai_strerror(0); 1972 ]])], [ 1973 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1974 [Define if gai_strerror() returns const char *])], [])]) 1975 1976AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1977 [Some systems put nanosleep outside of libc])]) 1978 1979AC_SEARCH_LIBS([clock_gettime], [rt], 1980 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1981 1982dnl check if we need -D_REENTRANT for localtime_r declaration. 1983AC_CHECK_DECL([localtime_r], [], 1984 [ saved_CPPFLAGS="$CFLAGS" 1985 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 1986 unset ac_cv_have_decl_localtime_r 1987 AC_CHECK_DECL([localtime_r], [], 1988 [ CPPFLAGS="$saved_CPPFLAGS" ], 1989 [ #include <time.h> ] 1990 ) 1991 ], 1992 [ #include <time.h> ] 1993) 1994 1995dnl Make sure prototypes are defined for these before using them. 1996AC_CHECK_DECL([strsep], 1997 [AC_CHECK_FUNCS([strsep])], 1998 [], 1999 [ 2000#ifdef HAVE_STRING_H 2001# include <string.h> 2002#endif 2003 ]) 2004 2005dnl tcsendbreak might be a macro 2006AC_CHECK_DECL([tcsendbreak], 2007 [AC_DEFINE([HAVE_TCSENDBREAK])], 2008 [AC_CHECK_FUNCS([tcsendbreak])], 2009 [#include <termios.h>] 2010) 2011 2012AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2013 2014AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2015 [ 2016#include <sys/types.h> 2017#include <sys/socket.h> 2018#include <unistd.h> 2019 ]) 2020 2021AC_CHECK_DECLS([O_NONBLOCK], , , 2022 [ 2023#include <sys/types.h> 2024#ifdef HAVE_SYS_STAT_H 2025# include <sys/stat.h> 2026#endif 2027#ifdef HAVE_FCNTL_H 2028# include <fcntl.h> 2029#endif 2030 ]) 2031 2032AC_CHECK_DECLS([readv, writev], , , [ 2033#include <sys/types.h> 2034#include <sys/uio.h> 2035#include <unistd.h> 2036 ]) 2037 2038AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2039#include <sys/param.h> 2040 ]) 2041 2042AC_CHECK_DECLS([offsetof], , , [ 2043#include <stddef.h> 2044 ]) 2045 2046# extra bits for select(2) 2047AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2048#include <sys/param.h> 2049#include <sys/types.h> 2050#ifdef HAVE_SYS_SYSMACROS_H 2051#include <sys/sysmacros.h> 2052#endif 2053#ifdef HAVE_SYS_SELECT_H 2054#include <sys/select.h> 2055#endif 2056#ifdef HAVE_SYS_TIME_H 2057#include <sys/time.h> 2058#endif 2059#ifdef HAVE_UNISTD_H 2060#include <unistd.h> 2061#endif 2062 ]]) 2063AC_CHECK_TYPES([fd_mask], [], [], [[ 2064#include <sys/param.h> 2065#include <sys/types.h> 2066#ifdef HAVE_SYS_SELECT_H 2067#include <sys/select.h> 2068#endif 2069#ifdef HAVE_SYS_TIME_H 2070#include <sys/time.h> 2071#endif 2072#ifdef HAVE_UNISTD_H 2073#include <unistd.h> 2074#endif 2075 ]]) 2076 2077AC_CHECK_FUNCS([setresuid], [ 2078 dnl Some platorms have setresuid that isn't implemented, test for this 2079 AC_MSG_CHECKING([if setresuid seems to work]) 2080 AC_RUN_IFELSE( 2081 [AC_LANG_PROGRAM([[ 2082#include <stdlib.h> 2083#include <errno.h> 2084 ]], [[ 2085 errno=0; 2086 setresuid(0,0,0); 2087 if (errno==ENOSYS) 2088 exit(1); 2089 else 2090 exit(0); 2091 ]])], 2092 [AC_MSG_RESULT([yes])], 2093 [AC_DEFINE([BROKEN_SETRESUID], [1], 2094 [Define if your setresuid() is broken]) 2095 AC_MSG_RESULT([not implemented])], 2096 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2097 ) 2098]) 2099 2100AC_CHECK_FUNCS([setresgid], [ 2101 dnl Some platorms have setresgid that isn't implemented, test for this 2102 AC_MSG_CHECKING([if setresgid seems to work]) 2103 AC_RUN_IFELSE( 2104 [AC_LANG_PROGRAM([[ 2105#include <stdlib.h> 2106#include <errno.h> 2107 ]], [[ 2108 errno=0; 2109 setresgid(0,0,0); 2110 if (errno==ENOSYS) 2111 exit(1); 2112 else 2113 exit(0); 2114 ]])], 2115 [AC_MSG_RESULT([yes])], 2116 [AC_DEFINE([BROKEN_SETRESGID], [1], 2117 [Define if your setresgid() is broken]) 2118 AC_MSG_RESULT([not implemented])], 2119 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2120 ) 2121]) 2122 2123AC_MSG_CHECKING([for working fflush(NULL)]) 2124AC_RUN_IFELSE( 2125 [AC_LANG_PROGRAM([[#include <stdio.h>]], [[fflush(NULL); exit(0);]])], 2126 AC_MSG_RESULT([yes]), 2127 [AC_MSG_RESULT([no]) 2128 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2129 [define if fflush(NULL) does not work])], 2130 AC_MSG_WARN([cross compiling: assuming working]) 2131) 2132 2133dnl Checks for time functions 2134AC_CHECK_FUNCS([gettimeofday time]) 2135dnl Checks for utmp functions 2136AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2137AC_CHECK_FUNCS([utmpname]) 2138dnl Checks for utmpx functions 2139AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2140AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2141dnl Checks for lastlog functions 2142AC_CHECK_FUNCS([getlastlogxbyname]) 2143 2144AC_CHECK_FUNC([daemon], 2145 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2146 [AC_CHECK_LIB([bsd], [daemon], 2147 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2148) 2149 2150AC_CHECK_FUNC([getpagesize], 2151 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2152 [Define if your libraries define getpagesize()])], 2153 [AC_CHECK_LIB([ucb], [getpagesize], 2154 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2155) 2156 2157# Check for broken snprintf 2158if test "x$ac_cv_func_snprintf" = "xyes" ; then 2159 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2160 AC_RUN_IFELSE( 2161 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 2162 [[ 2163 char b[5]; 2164 snprintf(b,5,"123456789"); 2165 exit(b[4]!='\0'); 2166 ]])], 2167 [AC_MSG_RESULT([yes])], 2168 [ 2169 AC_MSG_RESULT([no]) 2170 AC_DEFINE([BROKEN_SNPRINTF], [1], 2171 [Define if your snprintf is busted]) 2172 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2173 ], 2174 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2175 ) 2176fi 2177 2178if test "x$ac_cv_func_snprintf" = "xyes" ; then 2179 AC_MSG_CHECKING([whether snprintf understands %zu]) 2180 AC_RUN_IFELSE( 2181 [AC_LANG_PROGRAM([[ 2182#include <sys/types.h> 2183#include <stdio.h> 2184 ]], 2185 [[ 2186 size_t a = 1, b = 2; 2187 char z[128]; 2188 snprintf(z, sizeof z, "%zu%zu", a, b); 2189 exit(strcmp(z, "12")); 2190 ]])], 2191 [AC_MSG_RESULT([yes])], 2192 [ 2193 AC_MSG_RESULT([no]) 2194 AC_DEFINE([BROKEN_SNPRINTF], [1], 2195 [snprintf does not understand %zu]) 2196 ], 2197 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2198 ) 2199fi 2200 2201# We depend on vsnprintf returning the right thing on overflow: the 2202# number of characters it tried to create (as per SUSv3) 2203if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2204 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2205 AC_RUN_IFELSE( 2206 [AC_LANG_PROGRAM([[ 2207#include <sys/types.h> 2208#include <stdio.h> 2209#include <stdarg.h> 2210 2211int x_snprintf(char *str, size_t count, const char *fmt, ...) 2212{ 2213 size_t ret; 2214 va_list ap; 2215 2216 va_start(ap, fmt); 2217 ret = vsnprintf(str, count, fmt, ap); 2218 va_end(ap); 2219 return ret; 2220} 2221 ]], [[ 2222char x[1]; 2223if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2224 return 1; 2225if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2226 return 1; 2227return 0; 2228 ]])], 2229 [AC_MSG_RESULT([yes])], 2230 [ 2231 AC_MSG_RESULT([no]) 2232 AC_DEFINE([BROKEN_SNPRINTF], [1], 2233 [Define if your snprintf is busted]) 2234 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2235 ], 2236 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2237 ) 2238fi 2239 2240# On systems where [v]snprintf is broken, but is declared in stdio, 2241# check that the fmt argument is const char * or just char *. 2242# This is only useful for when BROKEN_SNPRINTF 2243AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2244AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2245#include <stdio.h> 2246int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2247 ]], [[ 2248 snprintf(0, 0, 0); 2249 ]])], 2250 [AC_MSG_RESULT([yes]) 2251 AC_DEFINE([SNPRINTF_CONST], [const], 2252 [Define as const if snprintf() can declare const char *fmt])], 2253 [AC_MSG_RESULT([no]) 2254 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2255 2256# Check for missing getpeereid (or equiv) support 2257NO_PEERCHECK="" 2258if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2259 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2260 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2261#include <sys/types.h> 2262#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2263 [ AC_MSG_RESULT([yes]) 2264 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2265 ], [AC_MSG_RESULT([no]) 2266 NO_PEERCHECK=1 2267 ]) 2268fi 2269 2270dnl see whether mkstemp() requires XXXXXX 2271if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 2272AC_MSG_CHECKING([for (overly) strict mkstemp]) 2273AC_RUN_IFELSE( 2274 [AC_LANG_PROGRAM([[ 2275#include <stdlib.h> 2276 ]], [[ 2277 char template[]="conftest.mkstemp-test"; 2278 if (mkstemp(template) == -1) 2279 exit(1); 2280 unlink(template); 2281 exit(0); 2282 ]])], 2283 [ 2284 AC_MSG_RESULT([no]) 2285 ], 2286 [ 2287 AC_MSG_RESULT([yes]) 2288 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) 2289 ], 2290 [ 2291 AC_MSG_RESULT([yes]) 2292 AC_DEFINE([HAVE_STRICT_MKSTEMP]) 2293 ] 2294) 2295fi 2296 2297dnl make sure that openpty does not reacquire controlling terminal 2298if test ! -z "$check_for_openpty_ctty_bug"; then 2299 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2300 AC_RUN_IFELSE( 2301 [AC_LANG_PROGRAM([[ 2302#include <stdio.h> 2303#include <sys/fcntl.h> 2304#include <sys/types.h> 2305#include <sys/wait.h> 2306 ]], [[ 2307 pid_t pid; 2308 int fd, ptyfd, ttyfd, status; 2309 2310 pid = fork(); 2311 if (pid < 0) { /* failed */ 2312 exit(1); 2313 } else if (pid > 0) { /* parent */ 2314 waitpid(pid, &status, 0); 2315 if (WIFEXITED(status)) 2316 exit(WEXITSTATUS(status)); 2317 else 2318 exit(2); 2319 } else { /* child */ 2320 close(0); close(1); close(2); 2321 setsid(); 2322 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2323 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2324 if (fd >= 0) 2325 exit(3); /* Acquired ctty: broken */ 2326 else 2327 exit(0); /* Did not acquire ctty: OK */ 2328 } 2329 ]])], 2330 [ 2331 AC_MSG_RESULT([yes]) 2332 ], 2333 [ 2334 AC_MSG_RESULT([no]) 2335 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2336 ], 2337 [ 2338 AC_MSG_RESULT([cross-compiling, assuming yes]) 2339 ] 2340 ) 2341fi 2342 2343if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2344 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2345 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2346 AC_RUN_IFELSE( 2347 [AC_LANG_PROGRAM([[ 2348#include <stdio.h> 2349#include <sys/socket.h> 2350#include <netdb.h> 2351#include <errno.h> 2352#include <netinet/in.h> 2353 2354#define TEST_PORT "2222" 2355 ]], [[ 2356 int err, sock; 2357 struct addrinfo *gai_ai, *ai, hints; 2358 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2359 2360 memset(&hints, 0, sizeof(hints)); 2361 hints.ai_family = PF_UNSPEC; 2362 hints.ai_socktype = SOCK_STREAM; 2363 hints.ai_flags = AI_PASSIVE; 2364 2365 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2366 if (err != 0) { 2367 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2368 exit(1); 2369 } 2370 2371 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2372 if (ai->ai_family != AF_INET6) 2373 continue; 2374 2375 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2376 sizeof(ntop), strport, sizeof(strport), 2377 NI_NUMERICHOST|NI_NUMERICSERV); 2378 2379 if (err != 0) { 2380 if (err == EAI_SYSTEM) 2381 perror("getnameinfo EAI_SYSTEM"); 2382 else 2383 fprintf(stderr, "getnameinfo failed: %s\n", 2384 gai_strerror(err)); 2385 exit(2); 2386 } 2387 2388 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2389 if (sock < 0) 2390 perror("socket"); 2391 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2392 if (errno == EBADF) 2393 exit(3); 2394 } 2395 } 2396 exit(0); 2397 ]])], 2398 [ 2399 AC_MSG_RESULT([yes]) 2400 ], 2401 [ 2402 AC_MSG_RESULT([no]) 2403 AC_DEFINE([BROKEN_GETADDRINFO]) 2404 ], 2405 [ 2406 AC_MSG_RESULT([cross-compiling, assuming yes]) 2407 ] 2408 ) 2409fi 2410 2411if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2412 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2413 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2414 AC_RUN_IFELSE( 2415 [AC_LANG_PROGRAM([[ 2416#include <stdio.h> 2417#include <sys/socket.h> 2418#include <netdb.h> 2419#include <errno.h> 2420#include <netinet/in.h> 2421 2422#define TEST_PORT "2222" 2423 ]], [[ 2424 int err, sock; 2425 struct addrinfo *gai_ai, *ai, hints; 2426 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2427 2428 memset(&hints, 0, sizeof(hints)); 2429 hints.ai_family = PF_UNSPEC; 2430 hints.ai_socktype = SOCK_STREAM; 2431 hints.ai_flags = AI_PASSIVE; 2432 2433 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2434 if (err != 0) { 2435 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2436 exit(1); 2437 } 2438 2439 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2440 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2441 continue; 2442 2443 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2444 sizeof(ntop), strport, sizeof(strport), 2445 NI_NUMERICHOST|NI_NUMERICSERV); 2446 2447 if (ai->ai_family == AF_INET && err != 0) { 2448 perror("getnameinfo"); 2449 exit(2); 2450 } 2451 } 2452 exit(0); 2453 ]])], 2454 [ 2455 AC_MSG_RESULT([yes]) 2456 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2457 [Define if you have a getaddrinfo that fails 2458 for the all-zeros IPv6 address]) 2459 ], 2460 [ 2461 AC_MSG_RESULT([no]) 2462 AC_DEFINE([BROKEN_GETADDRINFO]) 2463 ], 2464 [ 2465 AC_MSG_RESULT([cross-compiling, assuming no]) 2466 ] 2467 ) 2468fi 2469 2470if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2471 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2472 [#include <sys/types.h> 2473 #include <sys/socket.h> 2474 #include <netdb.h>]) 2475fi 2476 2477if test "x$check_for_conflicting_getspnam" = "x1"; then 2478 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2479 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]], 2480 [[ exit(0); ]])], 2481 [ 2482 AC_MSG_RESULT([no]) 2483 ], 2484 [ 2485 AC_MSG_RESULT([yes]) 2486 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2487 [Conflicting defs for getspnam]) 2488 ] 2489 ) 2490fi 2491 2492dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2493dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2494dnl for over ten years). Despite this incompatibility being reported during 2495dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2496dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2497dnl implementation. Try to detect this mess, and assume the only safe option 2498dnl if we're cross compiling. 2499dnl 2500dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2501dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2502if test "x$ac_cv_func_strnvis" = "xyes"; then 2503 AC_MSG_CHECKING([for working strnvis]) 2504 AC_RUN_IFELSE( 2505 [AC_LANG_PROGRAM([[ 2506#include <signal.h> 2507#include <stdlib.h> 2508#include <string.h> 2509#include <vis.h> 2510static void sighandler(int sig) { _exit(1); } 2511 ]], [[ 2512 char dst[16]; 2513 2514 signal(SIGSEGV, sighandler); 2515 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2516 exit(0); 2517 exit(1) 2518 ]])], 2519 [AC_MSG_RESULT([yes])], 2520 [AC_MSG_RESULT([no]) 2521 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2522 [AC_MSG_WARN([cross compiling: assuming broken]) 2523 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2524 ) 2525fi 2526 2527AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2528AC_RUN_IFELSE( 2529 [AC_LANG_PROGRAM([[ 2530#ifdef HAVE_SYS_SELECT 2531# include <sys/select.h> 2532#endif 2533#include <sys/types.h> 2534#include <sys/time.h> 2535#include <stdlib.h> 2536#include <signal.h> 2537static void sighandler(int sig) { } 2538 ]], [[ 2539 int r; 2540 pid_t pid; 2541 struct sigaction sa; 2542 2543 sa.sa_handler = sighandler; 2544 sa.sa_flags = SA_RESTART; 2545 (void)sigaction(SIGTERM, &sa, NULL); 2546 if ((pid = fork()) == 0) { /* child */ 2547 pid = getppid(); 2548 sleep(1); 2549 kill(pid, SIGTERM); 2550 sleep(1); 2551 if (getppid() == pid) /* if parent did not exit, shoot it */ 2552 kill(pid, SIGKILL); 2553 exit(0); 2554 } else { /* parent */ 2555 r = select(0, NULL, NULL, NULL, NULL); 2556 } 2557 exit(r == -1 ? 0 : 1); 2558 ]])], 2559 [AC_MSG_RESULT([yes])], 2560 [AC_MSG_RESULT([no]) 2561 AC_DEFINE([NO_SA_RESTART], [1], 2562 [SA_RESTARTed signals do no interrupt select])], 2563 [AC_MSG_WARN([cross compiling: assuming yes])] 2564) 2565 2566AC_CHECK_FUNCS([getpgrp],[ 2567 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2568 AC_COMPILE_IFELSE( 2569 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2570 [ AC_MSG_RESULT([yes]) 2571 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2572 [ AC_MSG_RESULT([no]) 2573 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2574 ) 2575]) 2576 2577# Search for OpenSSL 2578saved_CPPFLAGS="$CPPFLAGS" 2579saved_LDFLAGS="$LDFLAGS" 2580AC_ARG_WITH([ssl-dir], 2581 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2582 [ 2583 if test "x$openssl" = "xno" ; then 2584 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2585 fi 2586 if test "x$withval" != "xno" ; then 2587 case "$withval" in 2588 # Relative paths 2589 ./*|../*) withval="`pwd`/$withval" 2590 esac 2591 if test -d "$withval/lib"; then 2592 if test -n "${rpath_opt}"; then 2593 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 2594 else 2595 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2596 fi 2597 elif test -d "$withval/lib64"; then 2598 if test -n "${rpath_opt}"; then 2599 LDFLAGS="-L${withval}/lib64 ${rpath_opt}${withval}/lib64 ${LDFLAGS}" 2600 else 2601 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2602 fi 2603 else 2604 if test -n "${rpath_opt}"; then 2605 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 2606 else 2607 LDFLAGS="-L${withval} ${LDFLAGS}" 2608 fi 2609 fi 2610 if test -d "$withval/include"; then 2611 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2612 else 2613 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2614 fi 2615 fi 2616 ] 2617) 2618 2619AC_ARG_WITH([openssl-header-check], 2620 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2621 [ 2622 if test "x$withval" = "xno" ; then 2623 openssl_check_nonfatal=1 2624 fi 2625 ] 2626) 2627 2628openssl_engine=no 2629AC_ARG_WITH([ssl-engine], 2630 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2631 [ 2632 if test "x$withval" != "xno" ; then 2633 if test "x$openssl" = "xno" ; then 2634 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2635 fi 2636 openssl_engine=yes 2637 fi 2638 ] 2639) 2640 2641if test "x$openssl" = "xyes" ; then 2642 LIBS="-lcrypto $LIBS" 2643 AC_TRY_LINK_FUNC([RAND_add], , 2644 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2645 AC_CHECK_HEADER([openssl/opensslv.h], , 2646 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2647 2648 # Determine OpenSSL header version 2649 AC_MSG_CHECKING([OpenSSL header version]) 2650 AC_RUN_IFELSE( 2651 [AC_LANG_PROGRAM([[ 2652 #include <stdlib.h> 2653 #include <stdio.h> 2654 #include <string.h> 2655 #include <openssl/opensslv.h> 2656 #define DATA "conftest.sslincver" 2657 ]], [[ 2658 FILE *fd; 2659 int rc; 2660 2661 fd = fopen(DATA,"w"); 2662 if(fd == NULL) 2663 exit(1); 2664 2665 if ((rc = fprintf(fd, "%08lx (%s)\n", 2666 (unsigned long)OPENSSL_VERSION_NUMBER, 2667 OPENSSL_VERSION_TEXT)) < 0) 2668 exit(1); 2669 2670 exit(0); 2671 ]])], 2672 [ 2673 ssl_header_ver=`cat conftest.sslincver` 2674 AC_MSG_RESULT([$ssl_header_ver]) 2675 ], 2676 [ 2677 AC_MSG_RESULT([not found]) 2678 AC_MSG_ERROR([OpenSSL version header not found.]) 2679 ], 2680 [ 2681 AC_MSG_WARN([cross compiling: not checking]) 2682 ] 2683 ) 2684 2685 # Determining OpenSSL library version is version dependent. 2686 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2687 2688 # Determine OpenSSL library version 2689 AC_MSG_CHECKING([OpenSSL library version]) 2690 AC_RUN_IFELSE( 2691 [AC_LANG_PROGRAM([[ 2692 #include <stdio.h> 2693 #include <string.h> 2694 #include <openssl/opensslv.h> 2695 #include <openssl/crypto.h> 2696 #define DATA "conftest.ssllibver" 2697 ]], [[ 2698 FILE *fd; 2699 int rc; 2700 2701 fd = fopen(DATA,"w"); 2702 if(fd == NULL) 2703 exit(1); 2704#ifndef OPENSSL_VERSION 2705# define OPENSSL_VERSION SSLEAY_VERSION 2706#endif 2707#ifndef HAVE_OPENSSL_VERSION 2708# define OpenSSL_version SSLeay_version 2709#endif 2710#ifndef HAVE_OPENSSL_VERSION_NUM 2711# define OpenSSL_version_num SSLeay 2712#endif 2713 if ((rc = fprintf(fd, "%08lx (%s)\n", 2714 (unsigned long)OpenSSL_version_num(), 2715 OpenSSL_version(OPENSSL_VERSION))) < 0) 2716 exit(1); 2717 2718 exit(0); 2719 ]])], 2720 [ 2721 ssl_library_ver=`cat conftest.ssllibver` 2722 # Check version is supported. 2723 case "$ssl_library_ver" in 2724 10000*|0*) 2725 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2726 ;; 2727 100*) ;; # 1.0.x 2728 101000[[0123456]]*) 2729 # https://github.com/openssl/openssl/pull/4613 2730 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) 2731 ;; 2732 101*) ;; # 1.1.x 2733 200*) ;; # LibreSSL 2734 300*) ;; # OpenSSL development branch. 2735 *) 2736 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) 2737 ;; 2738 esac 2739 AC_MSG_RESULT([$ssl_library_ver]) 2740 ], 2741 [ 2742 AC_MSG_RESULT([not found]) 2743 AC_MSG_ERROR([OpenSSL library not found.]) 2744 ], 2745 [ 2746 AC_MSG_WARN([cross compiling: not checking]) 2747 ] 2748 ) 2749 2750 # Sanity check OpenSSL headers 2751 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2752 AC_RUN_IFELSE( 2753 [AC_LANG_PROGRAM([[ 2754 #include <string.h> 2755 #include <openssl/opensslv.h> 2756 #include <openssl/crypto.h> 2757 ]], [[ 2758#ifndef HAVE_OPENSSL_VERSION_NUM 2759# define OpenSSL_version_num SSLeay 2760#endif 2761 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2762 ]])], 2763 [ 2764 AC_MSG_RESULT([yes]) 2765 ], 2766 [ 2767 AC_MSG_RESULT([no]) 2768 if test "x$openssl_check_nonfatal" = "x"; then 2769 AC_MSG_ERROR([Your OpenSSL headers do not match your 2770 library. Check config.log for details. 2771 If you are sure your installation is consistent, you can disable the check 2772 by running "./configure --without-openssl-header-check". 2773 Also see contrib/findssl.sh for help identifying header/library mismatches. 2774 ]) 2775 else 2776 AC_MSG_WARN([Your OpenSSL headers do not match your 2777 library. Check config.log for details. 2778 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2779 fi 2780 ], 2781 [ 2782 AC_MSG_WARN([cross compiling: not checking]) 2783 ] 2784 ) 2785 2786 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2787 AC_LINK_IFELSE( 2788 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2789 [[ ERR_load_crypto_strings(); ]])], 2790 [ 2791 AC_MSG_RESULT([yes]) 2792 ], 2793 [ 2794 AC_MSG_RESULT([no]) 2795 saved_LIBS="$LIBS" 2796 LIBS="$LIBS -ldl" 2797 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2798 AC_LINK_IFELSE( 2799 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2800 [[ ERR_load_crypto_strings(); ]])], 2801 [ 2802 AC_MSG_RESULT([yes]) 2803 ], 2804 [ 2805 AC_MSG_RESULT([no]) 2806 LIBS="$saved_LIBS" 2807 ] 2808 ) 2809 ] 2810 ) 2811 2812 AC_CHECK_FUNCS([ \ 2813 BN_is_prime_ex \ 2814 DSA_generate_parameters_ex \ 2815 EVP_CIPHER_CTX_ctrl \ 2816 EVP_DigestFinal_ex \ 2817 EVP_DigestInit_ex \ 2818 EVP_MD_CTX_cleanup \ 2819 EVP_MD_CTX_copy_ex \ 2820 EVP_MD_CTX_init \ 2821 HMAC_CTX_init \ 2822 RSA_generate_key_ex \ 2823 RSA_get_default_method \ 2824 ]) 2825 2826 # OpenSSL_add_all_algorithms may be a macro. 2827 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 2828 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 2829 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 2830 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 2831 [[#include <openssl/evp.h>]] 2832 ) 2833 ) 2834 2835 # LibreSSL/OpenSSL 1.1x API 2836 AC_CHECK_FUNCS([ \ 2837 OPENSSL_init_crypto \ 2838 DH_get0_key \ 2839 DH_get0_pqg \ 2840 DH_set0_key \ 2841 DH_set_length \ 2842 DH_set0_pqg \ 2843 DSA_get0_key \ 2844 DSA_get0_pqg \ 2845 DSA_set0_key \ 2846 DSA_set0_pqg \ 2847 DSA_SIG_get0 \ 2848 DSA_SIG_set0 \ 2849 ECDSA_SIG_get0 \ 2850 ECDSA_SIG_set0 \ 2851 EVP_CIPHER_CTX_iv \ 2852 EVP_CIPHER_CTX_iv_noconst \ 2853 EVP_CIPHER_CTX_get_iv \ 2854 EVP_CIPHER_CTX_set_iv \ 2855 RSA_get0_crt_params \ 2856 RSA_get0_factors \ 2857 RSA_get0_key \ 2858 RSA_set0_crt_params \ 2859 RSA_set0_factors \ 2860 RSA_set0_key \ 2861 RSA_meth_free \ 2862 RSA_meth_dup \ 2863 RSA_meth_set1_name \ 2864 RSA_meth_get_finish \ 2865 RSA_meth_set_priv_enc \ 2866 RSA_meth_set_priv_dec \ 2867 RSA_meth_set_finish \ 2868 EVP_PKEY_get0_RSA \ 2869 EVP_MD_CTX_new \ 2870 EVP_MD_CTX_free \ 2871 EVP_chacha20 \ 2872 ]) 2873 2874 if test "x$openssl_engine" = "xyes" ; then 2875 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2876 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2877 #include <openssl/engine.h> 2878 ]], [[ 2879 ENGINE_load_builtin_engines(); 2880 ENGINE_register_all_complete(); 2881 ]])], 2882 [ AC_MSG_RESULT([yes]) 2883 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2884 [Enable OpenSSL engine support]) 2885 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2886 ]) 2887 fi 2888 2889 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2890 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2891 AC_LINK_IFELSE( 2892 [AC_LANG_PROGRAM([[ 2893 #include <string.h> 2894 #include <openssl/evp.h> 2895 ]], [[ 2896 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2897 ]])], 2898 [ 2899 AC_MSG_RESULT([no]) 2900 ], 2901 [ 2902 AC_MSG_RESULT([yes]) 2903 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2904 [libcrypto is missing AES 192 and 256 bit functions]) 2905 ] 2906 ) 2907 2908 # Check for OpenSSL with EVP_aes_*ctr 2909 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2910 AC_LINK_IFELSE( 2911 [AC_LANG_PROGRAM([[ 2912 #include <string.h> 2913 #include <openssl/evp.h> 2914 ]], [[ 2915 exit(EVP_aes_128_ctr() == NULL || 2916 EVP_aes_192_cbc() == NULL || 2917 EVP_aes_256_cbc() == NULL); 2918 ]])], 2919 [ 2920 AC_MSG_RESULT([yes]) 2921 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2922 [libcrypto has EVP AES CTR]) 2923 ], 2924 [ 2925 AC_MSG_RESULT([no]) 2926 ] 2927 ) 2928 2929 # Check for OpenSSL with EVP_aes_*gcm 2930 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2931 AC_LINK_IFELSE( 2932 [AC_LANG_PROGRAM([[ 2933 #include <string.h> 2934 #include <openssl/evp.h> 2935 ]], [[ 2936 exit(EVP_aes_128_gcm() == NULL || 2937 EVP_aes_256_gcm() == NULL || 2938 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2939 EVP_CTRL_GCM_IV_GEN == 0 || 2940 EVP_CTRL_GCM_SET_TAG == 0 || 2941 EVP_CTRL_GCM_GET_TAG == 0 || 2942 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2943 ]])], 2944 [ 2945 AC_MSG_RESULT([yes]) 2946 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2947 [libcrypto has EVP AES GCM]) 2948 ], 2949 [ 2950 AC_MSG_RESULT([no]) 2951 unsupported_algorithms="$unsupported_cipers \ 2952 aes128-gcm@openssh.com \ 2953 aes256-gcm@openssh.com" 2954 ] 2955 ) 2956 2957 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2958 AC_LINK_IFELSE( 2959 [AC_LANG_PROGRAM([[ 2960 #include <string.h> 2961 #include <openssl/evp.h> 2962 ]], [[ 2963 if(EVP_DigestUpdate(NULL, NULL,0)) 2964 exit(0); 2965 ]])], 2966 [ 2967 AC_MSG_RESULT([yes]) 2968 ], 2969 [ 2970 AC_MSG_RESULT([no]) 2971 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2972 [Define if EVP_DigestUpdate returns void]) 2973 ] 2974 ) 2975 2976 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2977 # because the system crypt() is more featureful. 2978 if test "x$check_for_libcrypt_before" = "x1"; then 2979 AC_CHECK_LIB([crypt], [crypt]) 2980 fi 2981 2982 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2983 # version in OpenSSL. 2984 if test "x$check_for_libcrypt_later" = "x1"; then 2985 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2986 fi 2987 AC_CHECK_FUNCS([crypt DES_crypt]) 2988 2989 # Check for SHA256, SHA384 and SHA512 support in OpenSSL 2990 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) 2991 2992 # Check complete ECC support in OpenSSL 2993 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 2994 AC_LINK_IFELSE( 2995 [AC_LANG_PROGRAM([[ 2996 #include <openssl/ec.h> 2997 #include <openssl/ecdh.h> 2998 #include <openssl/ecdsa.h> 2999 #include <openssl/evp.h> 3000 #include <openssl/objects.h> 3001 #include <openssl/opensslv.h> 3002 ]], [[ 3003 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3004 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3005 ]])], 3006 [ AC_MSG_RESULT([yes]) 3007 enable_nistp256=1 ], 3008 [ AC_MSG_RESULT([no]) ] 3009 ) 3010 3011 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3012 AC_LINK_IFELSE( 3013 [AC_LANG_PROGRAM([[ 3014 #include <openssl/ec.h> 3015 #include <openssl/ecdh.h> 3016 #include <openssl/ecdsa.h> 3017 #include <openssl/evp.h> 3018 #include <openssl/objects.h> 3019 #include <openssl/opensslv.h> 3020 ]], [[ 3021 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3022 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3023 ]])], 3024 [ AC_MSG_RESULT([yes]) 3025 enable_nistp384=1 ], 3026 [ AC_MSG_RESULT([no]) ] 3027 ) 3028 3029 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3030 AC_LINK_IFELSE( 3031 [AC_LANG_PROGRAM([[ 3032 #include <openssl/ec.h> 3033 #include <openssl/ecdh.h> 3034 #include <openssl/ecdsa.h> 3035 #include <openssl/evp.h> 3036 #include <openssl/objects.h> 3037 #include <openssl/opensslv.h> 3038 ]], [[ 3039 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3040 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3041 ]])], 3042 [ AC_MSG_RESULT([yes]) 3043 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3044 AC_RUN_IFELSE( 3045 [AC_LANG_PROGRAM([[ 3046 #include <openssl/ec.h> 3047 #include <openssl/ecdh.h> 3048 #include <openssl/ecdsa.h> 3049 #include <openssl/evp.h> 3050 #include <openssl/objects.h> 3051 #include <openssl/opensslv.h> 3052 ]],[[ 3053 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3054 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3055 exit(e == NULL || m == NULL); 3056 ]])], 3057 [ AC_MSG_RESULT([yes]) 3058 enable_nistp521=1 ], 3059 [ AC_MSG_RESULT([no]) ], 3060 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3061 enable_nistp521=1 ] 3062 )], 3063 AC_MSG_RESULT([no]) 3064 ) 3065 3066 COMMENT_OUT_ECC="#no ecc#" 3067 TEST_SSH_ECC=no 3068 3069 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3070 test x$enable_nistp521 = x1; then 3071 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3072 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3073 openssl_ecc=yes 3074 else 3075 openssl_ecc=no 3076 fi 3077 if test x$enable_nistp256 = x1; then 3078 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3079 [libcrypto has NID_X9_62_prime256v1]) 3080 TEST_SSH_ECC=yes 3081 COMMENT_OUT_ECC="" 3082 else 3083 unsupported_algorithms="$unsupported_algorithms \ 3084 ecdsa-sha2-nistp256 \ 3085 ecdh-sha2-nistp256 \ 3086 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3087 fi 3088 if test x$enable_nistp384 = x1; then 3089 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3090 TEST_SSH_ECC=yes 3091 COMMENT_OUT_ECC="" 3092 else 3093 unsupported_algorithms="$unsupported_algorithms \ 3094 ecdsa-sha2-nistp384 \ 3095 ecdh-sha2-nistp384 \ 3096 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3097 fi 3098 if test x$enable_nistp521 = x1; then 3099 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3100 TEST_SSH_ECC=yes 3101 COMMENT_OUT_ECC="" 3102 else 3103 unsupported_algorithms="$unsupported_algorithms \ 3104 ecdh-sha2-nistp521 \ 3105 ecdsa-sha2-nistp521 \ 3106 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3107 fi 3108 3109 AC_SUBST([TEST_SSH_ECC]) 3110 AC_SUBST([COMMENT_OUT_ECC]) 3111else 3112 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3113 AC_CHECK_FUNCS([crypt]) 3114fi 3115 3116# PKCS11/U2F depend on OpenSSL and dlopen(). 3117enable_pkcs11=yes 3118enable_sk=yes 3119if test "x$openssl" != "xyes" ; then 3120 enable_pkcs11="disabled; missing libcrypto" 3121 enable_sk="disabled; missing libcrypto" 3122fi 3123if test "x$openssl_ecc" != "xyes" ; then 3124 enable_sk="disabled; OpenSSL has no ECC support" 3125fi 3126if test "x$ac_cv_func_dlopen" != "xyes" ; then 3127 enable_pkcs11="disabled; missing dlopen(3)" 3128 enable_sk="disabled; missing dlopen(3)" 3129fi 3130if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3131 enable_pkcs11="disabled; missing RTLD_NOW" 3132 enable_sk="disabled; missing RTLD_NOW" 3133fi 3134if test ! -z "$disable_pkcs11" ; then 3135 enable_pkcs11="disabled by user" 3136fi 3137if test ! -z "$disable_sk" ; then 3138 enable_sk="disabled by user" 3139fi 3140 3141AC_MSG_CHECKING([whether to enable PKCS11]) 3142if test "x$enable_pkcs11" = "xyes" ; then 3143 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3144fi 3145AC_MSG_RESULT([$enable_pkcs11]) 3146 3147AC_MSG_CHECKING([whether to enable U2F]) 3148if test "x$enable_sk" = "xyes" ; then 3149 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3150 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3151else 3152 # Do not try to build sk-dummy library. 3153 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3154fi 3155AC_MSG_RESULT([$enable_sk]) 3156 3157# Now check for built-in security key support. 3158if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then 3159 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 3160 use_pkgconfig_for_libfido2= 3161 if test "x$PKGCONFIG" != "xno"; then 3162 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3163 if "$PKGCONFIG" libfido2; then 3164 AC_MSG_RESULT([yes]) 3165 use_pkgconfig_for_libfido2=yes 3166 else 3167 AC_MSG_RESULT([no]) 3168 fi 3169 fi 3170 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3171 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3172 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3173 else 3174 LIBFIDO2="-lfido2 -lcbor" 3175 fi 3176 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3177 AC_CHECK_LIB([fido2], [fido_init], 3178 [ 3179 AC_SUBST([LIBFIDO2]) 3180 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3181 [Enable for built-in U2F/FIDO support]) 3182 enable_sk="built-in" 3183 ], [ AC_MSG_ERROR([no usable libfido2 found]) ], 3184 [ $OTHERLIBS ] 3185 ) 3186 AC_CHECK_LIB([fido2], [fido_cred_set_prot], [], 3187 [ AC_MSG_ERROR([libfido2 missing fido_cred_set_prot; please use libfido2 >= 1.4.0]) ], 3188 ) 3189 AC_CHECK_HEADER([fido.h], [], 3190 AC_MSG_ERROR([missing fido.h from libfido2])) 3191 AC_CHECK_HEADER([fido/credman.h], [], 3192 AC_MSG_ERROR([missing fido/credman.h from libfido2]), 3193 [#include <fido.h>] 3194 ) 3195fi 3196 3197AC_CHECK_FUNCS([ \ 3198 arc4random \ 3199 arc4random_buf \ 3200 arc4random_stir \ 3201 arc4random_uniform \ 3202]) 3203 3204saved_LIBS="$LIBS" 3205AC_CHECK_LIB([iaf], [ia_openinfo], [ 3206 LIBS="$LIBS -liaf" 3207 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3208 AC_DEFINE([HAVE_LIBIAF], [1], 3209 [Define if system has libiaf that supports set_id]) 3210 ]) 3211]) 3212LIBS="$saved_LIBS" 3213 3214### Configure cryptographic random number support 3215 3216# Check whether OpenSSL seeds itself 3217if test "x$openssl" = "xyes" ; then 3218 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3219 AC_RUN_IFELSE( 3220 [AC_LANG_PROGRAM([[ 3221 #include <string.h> 3222 #include <openssl/rand.h> 3223 ]], [[ 3224 exit(RAND_status() == 1 ? 0 : 1); 3225 ]])], 3226 [ 3227 OPENSSL_SEEDS_ITSELF=yes 3228 AC_MSG_RESULT([yes]) 3229 ], 3230 [ 3231 AC_MSG_RESULT([no]) 3232 ], 3233 [ 3234 AC_MSG_WARN([cross compiling: assuming yes]) 3235 # This is safe, since we will fatal() at runtime if 3236 # OpenSSL is not seeded correctly. 3237 OPENSSL_SEEDS_ITSELF=yes 3238 ] 3239 ) 3240fi 3241 3242# PRNGD TCP socket 3243AC_ARG_WITH([prngd-port], 3244 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3245 [ 3246 case "$withval" in 3247 no) 3248 withval="" 3249 ;; 3250 [[0-9]]*) 3251 ;; 3252 *) 3253 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3254 ;; 3255 esac 3256 if test ! -z "$withval" ; then 3257 PRNGD_PORT="$withval" 3258 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3259 [Port number of PRNGD/EGD random number socket]) 3260 fi 3261 ] 3262) 3263 3264# PRNGD Unix domain socket 3265AC_ARG_WITH([prngd-socket], 3266 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3267 [ 3268 case "$withval" in 3269 yes) 3270 withval="/var/run/egd-pool" 3271 ;; 3272 no) 3273 withval="" 3274 ;; 3275 /*) 3276 ;; 3277 *) 3278 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3279 ;; 3280 esac 3281 3282 if test ! -z "$withval" ; then 3283 if test ! -z "$PRNGD_PORT" ; then 3284 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3285 fi 3286 if test ! -r "$withval" ; then 3287 AC_MSG_WARN([Entropy socket is not readable]) 3288 fi 3289 PRNGD_SOCKET="$withval" 3290 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3291 [Location of PRNGD/EGD random number socket]) 3292 fi 3293 ], 3294 [ 3295 # Check for existing socket only if we don't have a random device already 3296 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3297 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3298 # Insert other locations here 3299 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3300 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3301 PRNGD_SOCKET="$sock" 3302 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3303 break; 3304 fi 3305 done 3306 if test ! -z "$PRNGD_SOCKET" ; then 3307 AC_MSG_RESULT([$PRNGD_SOCKET]) 3308 else 3309 AC_MSG_RESULT([not found]) 3310 fi 3311 fi 3312 ] 3313) 3314 3315# Which randomness source do we use? 3316if test ! -z "$PRNGD_PORT" ; then 3317 RAND_MSG="PRNGd port $PRNGD_PORT" 3318elif test ! -z "$PRNGD_SOCKET" ; then 3319 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3320elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3321 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3322 [Define if you want the OpenSSL internally seeded PRNG only]) 3323 RAND_MSG="OpenSSL internal ONLY" 3324elif test "x$openssl" = "xno" ; then 3325 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3326else 3327 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3328fi 3329 3330# Check for PAM libs 3331PAM_MSG="no" 3332AC_ARG_WITH([pam], 3333 [ --with-pam Enable PAM support ], 3334 [ 3335 if test "x$withval" != "xno" ; then 3336 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3337 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3338 AC_MSG_ERROR([PAM headers not found]) 3339 fi 3340 3341 saved_LIBS="$LIBS" 3342 AC_CHECK_LIB([dl], [dlopen], , ) 3343 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3344 AC_CHECK_FUNCS([pam_getenvlist]) 3345 AC_CHECK_FUNCS([pam_putenv]) 3346 LIBS="$saved_LIBS" 3347 3348 PAM_MSG="yes" 3349 3350 SSHDLIBS="$SSHDLIBS -lpam" 3351 AC_DEFINE([USE_PAM], [1], 3352 [Define if you want to enable PAM support]) 3353 3354 if test $ac_cv_lib_dl_dlopen = yes; then 3355 case "$LIBS" in 3356 *-ldl*) 3357 # libdl already in LIBS 3358 ;; 3359 *) 3360 SSHDLIBS="$SSHDLIBS -ldl" 3361 ;; 3362 esac 3363 fi 3364 fi 3365 ] 3366) 3367 3368AC_ARG_WITH([pam-service], 3369 [ --with-pam-service=name Specify PAM service name ], 3370 [ 3371 if test "x$withval" != "xno" && \ 3372 test "x$withval" != "xyes" ; then 3373 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3374 ["$withval"], [sshd PAM service name]) 3375 fi 3376 ] 3377) 3378 3379# Check for older PAM 3380if test "x$PAM_MSG" = "xyes" ; then 3381 # Check PAM strerror arguments (old PAM) 3382 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3383 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3384#include <stdlib.h> 3385#if defined(HAVE_SECURITY_PAM_APPL_H) 3386#include <security/pam_appl.h> 3387#elif defined (HAVE_PAM_PAM_APPL_H) 3388#include <pam/pam_appl.h> 3389#endif 3390 ]], [[ 3391(void)pam_strerror((pam_handle_t *)NULL, -1); 3392 ]])], [AC_MSG_RESULT([no])], [ 3393 AC_DEFINE([HAVE_OLD_PAM], [1], 3394 [Define if you have an old version of PAM 3395 which takes only one argument to pam_strerror]) 3396 AC_MSG_RESULT([yes]) 3397 PAM_MSG="yes (old library)" 3398 3399 ]) 3400fi 3401 3402case "$host" in 3403*-*-cygwin*) 3404 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3405 ;; 3406*) 3407 SSH_PRIVSEP_USER=sshd 3408 ;; 3409esac 3410AC_ARG_WITH([privsep-user], 3411 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3412 [ 3413 if test -n "$withval" && test "x$withval" != "xno" && \ 3414 test "x${withval}" != "xyes"; then 3415 SSH_PRIVSEP_USER=$withval 3416 fi 3417 ] 3418) 3419if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3420 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3421 [Cygwin function to fetch non-privileged user for privilege separation]) 3422else 3423 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3424 [non-privileged user for privilege separation]) 3425fi 3426AC_SUBST([SSH_PRIVSEP_USER]) 3427 3428if test "x$have_linux_no_new_privs" = "x1" ; then 3429AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3430 #include <sys/types.h> 3431 #include <linux/seccomp.h> 3432]) 3433fi 3434if test "x$have_seccomp_filter" = "x1" ; then 3435AC_MSG_CHECKING([kernel for seccomp_filter support]) 3436AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3437 #include <errno.h> 3438 #include <elf.h> 3439 #include <linux/audit.h> 3440 #include <linux/seccomp.h> 3441 #include <stdlib.h> 3442 #include <sys/prctl.h> 3443 ]], 3444 [[ int i = $seccomp_audit_arch; 3445 errno = 0; 3446 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3447 exit(errno == EFAULT ? 0 : 1); ]])], 3448 [ AC_MSG_RESULT([yes]) ], [ 3449 AC_MSG_RESULT([no]) 3450 # Disable seccomp filter as a target 3451 have_seccomp_filter=0 3452 ] 3453) 3454fi 3455 3456# Decide which sandbox style to use 3457sandbox_arg="" 3458AC_ARG_WITH([sandbox], 3459 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3460 [ 3461 if test "x$withval" = "xyes" ; then 3462 sandbox_arg="" 3463 else 3464 sandbox_arg="$withval" 3465 fi 3466 ] 3467) 3468 3469# Some platforms (seems to be the ones that have a kernel poll(2)-type 3470# function with which they implement select(2)) use an extra file descriptor 3471# when calling select(2), which means we can't use the rlimit sandbox. 3472AC_MSG_CHECKING([if select works with descriptor rlimit]) 3473AC_RUN_IFELSE( 3474 [AC_LANG_PROGRAM([[ 3475#include <sys/types.h> 3476#ifdef HAVE_SYS_TIME_H 3477# include <sys/time.h> 3478#endif 3479#include <sys/resource.h> 3480#ifdef HAVE_SYS_SELECT_H 3481# include <sys/select.h> 3482#endif 3483#include <errno.h> 3484#include <fcntl.h> 3485#include <stdlib.h> 3486 ]],[[ 3487 struct rlimit rl_zero; 3488 int fd, r; 3489 fd_set fds; 3490 struct timeval tv; 3491 3492 fd = open("/dev/null", O_RDONLY); 3493 FD_ZERO(&fds); 3494 FD_SET(fd, &fds); 3495 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3496 setrlimit(RLIMIT_FSIZE, &rl_zero); 3497 setrlimit(RLIMIT_NOFILE, &rl_zero); 3498 tv.tv_sec = 1; 3499 tv.tv_usec = 0; 3500 r = select(fd+1, &fds, NULL, NULL, &tv); 3501 exit (r == -1 ? 1 : 0); 3502 ]])], 3503 [AC_MSG_RESULT([yes]) 3504 select_works_with_rlimit=yes], 3505 [AC_MSG_RESULT([no]) 3506 select_works_with_rlimit=no], 3507 [AC_MSG_WARN([cross compiling: assuming yes]) 3508 select_works_with_rlimit=yes] 3509) 3510 3511AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3512AC_RUN_IFELSE( 3513 [AC_LANG_PROGRAM([[ 3514#include <sys/types.h> 3515#ifdef HAVE_SYS_TIME_H 3516# include <sys/time.h> 3517#endif 3518#include <sys/resource.h> 3519#include <errno.h> 3520#include <stdlib.h> 3521 ]],[[ 3522 struct rlimit rl_zero; 3523 int r; 3524 3525 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3526 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3527 exit (r == -1 ? 1 : 0); 3528 ]])], 3529 [AC_MSG_RESULT([yes]) 3530 rlimit_nofile_zero_works=yes], 3531 [AC_MSG_RESULT([no]) 3532 rlimit_nofile_zero_works=no], 3533 [AC_MSG_WARN([cross compiling: assuming yes]) 3534 rlimit_nofile_zero_works=yes] 3535) 3536 3537AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3538AC_RUN_IFELSE( 3539 [AC_LANG_PROGRAM([[ 3540#include <sys/types.h> 3541#include <sys/resource.h> 3542#include <stdlib.h> 3543 ]],[[ 3544 struct rlimit rl_zero; 3545 3546 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3547 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3548 ]])], 3549 [AC_MSG_RESULT([yes])], 3550 [AC_MSG_RESULT([no]) 3551 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3552 [setrlimit RLIMIT_FSIZE works])], 3553 [AC_MSG_WARN([cross compiling: assuming yes])] 3554) 3555 3556if test "x$sandbox_arg" = "xpledge" || \ 3557 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3558 test "x$ac_cv_func_pledge" != "xyes" && \ 3559 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3560 SANDBOX_STYLE="pledge" 3561 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3562elif test "x$sandbox_arg" = "xsystrace" || \ 3563 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3564 test "x$have_systr_policy_kill" != "x1" && \ 3565 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3566 SANDBOX_STYLE="systrace" 3567 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3568elif test "x$sandbox_arg" = "xdarwin" || \ 3569 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3570 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3571 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3572 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3573 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3574 SANDBOX_STYLE="darwin" 3575 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3576elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3577 ( test -z "$sandbox_arg" && \ 3578 test "x$have_seccomp_filter" = "x1" && \ 3579 test "x$ac_cv_header_elf_h" = "xyes" && \ 3580 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3581 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3582 test "x$seccomp_audit_arch" != "x" && \ 3583 test "x$have_linux_no_new_privs" = "x1" && \ 3584 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3585 test "x$seccomp_audit_arch" = "x" && \ 3586 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3587 test "x$have_linux_no_new_privs" != "x1" && \ 3588 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3589 test "x$have_seccomp_filter" != "x1" && \ 3590 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3591 test "x$ac_cv_func_prctl" != "xyes" && \ 3592 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3593 SANDBOX_STYLE="seccomp_filter" 3594 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3595elif test "x$sandbox_arg" = "xcapsicum" || \ 3596 ( test -z "$sandbox_arg" && \ 3597 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3598 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3599 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3600 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3601 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3602 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3603 SANDBOX_STYLE="capsicum" 3604 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3605elif test "x$sandbox_arg" = "xrlimit" || \ 3606 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3607 test "x$select_works_with_rlimit" = "xyes" && \ 3608 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3609 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3610 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3611 test "x$select_works_with_rlimit" != "xyes" && \ 3612 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3613 SANDBOX_STYLE="rlimit" 3614 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3615elif test "x$sandbox_arg" = "xsolaris" || \ 3616 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3617 SANDBOX_STYLE="solaris" 3618 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3619elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3620 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3621 SANDBOX_STYLE="none" 3622 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3623else 3624 AC_MSG_ERROR([unsupported --with-sandbox]) 3625fi 3626 3627# Cheap hack to ensure NEWS-OS libraries are arranged right. 3628if test ! -z "$SONY" ; then 3629 LIBS="$LIBS -liberty"; 3630fi 3631 3632# Check for long long datatypes 3633AC_CHECK_TYPES([long long, unsigned long long, long double]) 3634 3635# Check datatype sizes 3636AC_CHECK_SIZEOF([short int]) 3637AC_CHECK_SIZEOF([int]) 3638AC_CHECK_SIZEOF([long int]) 3639AC_CHECK_SIZEOF([long long int]) 3640 3641# Sanity check long long for some platforms (AIX) 3642if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3643 ac_cv_sizeof_long_long_int=0 3644fi 3645 3646# compute LLONG_MIN and LLONG_MAX if we don't know them. 3647if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3648 AC_MSG_CHECKING([for max value of long long]) 3649 AC_RUN_IFELSE( 3650 [AC_LANG_PROGRAM([[ 3651#include <stdio.h> 3652/* Why is this so damn hard? */ 3653#ifdef __GNUC__ 3654# undef __GNUC__ 3655#endif 3656#define __USE_ISOC99 3657#include <limits.h> 3658#define DATA "conftest.llminmax" 3659#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3660 3661/* 3662 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3663 * we do this the hard way. 3664 */ 3665static int 3666fprint_ll(FILE *f, long long n) 3667{ 3668 unsigned int i; 3669 int l[sizeof(long long) * 8]; 3670 3671 if (n < 0) 3672 if (fprintf(f, "-") < 0) 3673 return -1; 3674 for (i = 0; n != 0; i++) { 3675 l[i] = my_abs(n % 10); 3676 n /= 10; 3677 } 3678 do { 3679 if (fprintf(f, "%d", l[--i]) < 0) 3680 return -1; 3681 } while (i != 0); 3682 if (fprintf(f, " ") < 0) 3683 return -1; 3684 return 0; 3685} 3686 ]], [[ 3687 FILE *f; 3688 long long i, llmin, llmax = 0; 3689 3690 if((f = fopen(DATA,"w")) == NULL) 3691 exit(1); 3692 3693#if defined(LLONG_MIN) && defined(LLONG_MAX) 3694 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3695 llmin = LLONG_MIN; 3696 llmax = LLONG_MAX; 3697#else 3698 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3699 /* This will work on one's complement and two's complement */ 3700 for (i = 1; i > llmax; i <<= 1, i++) 3701 llmax = i; 3702 llmin = llmax + 1LL; /* wrap */ 3703#endif 3704 3705 /* Sanity check */ 3706 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3707 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3708 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3709 fprintf(f, "unknown unknown\n"); 3710 exit(2); 3711 } 3712 3713 if (fprint_ll(f, llmin) < 0) 3714 exit(3); 3715 if (fprint_ll(f, llmax) < 0) 3716 exit(4); 3717 if (fclose(f) < 0) 3718 exit(5); 3719 exit(0); 3720 ]])], 3721 [ 3722 llong_min=`$AWK '{print $1}' conftest.llminmax` 3723 llong_max=`$AWK '{print $2}' conftest.llminmax` 3724 3725 AC_MSG_RESULT([$llong_max]) 3726 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3727 [max value of long long calculated by configure]) 3728 AC_MSG_CHECKING([for min value of long long]) 3729 AC_MSG_RESULT([$llong_min]) 3730 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3731 [min value of long long calculated by configure]) 3732 ], 3733 [ 3734 AC_MSG_RESULT([not found]) 3735 ], 3736 [ 3737 AC_MSG_WARN([cross compiling: not checking]) 3738 ] 3739 ) 3740fi 3741 3742AC_CHECK_DECLS([UINT32_MAX], , , [[ 3743#ifdef HAVE_SYS_LIMITS_H 3744# include <sys/limits.h> 3745#endif 3746#ifdef HAVE_LIMITS_H 3747# include <limits.h> 3748#endif 3749#ifdef HAVE_STDINT_H 3750# include <stdint.h> 3751#endif 3752]]) 3753 3754# More checks for data types 3755AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3756 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3757 [[ u_int a; a = 1;]])], 3758 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3759 ]) 3760]) 3761if test "x$ac_cv_have_u_int" = "xyes" ; then 3762 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3763 have_u_int=1 3764fi 3765 3766AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3767 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3768 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3769 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3770 ]) 3771]) 3772if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3773 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3774 have_intxx_t=1 3775fi 3776 3777if (test -z "$have_intxx_t" && \ 3778 test "x$ac_cv_header_stdint_h" = "xyes") 3779then 3780 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3781 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3782 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3783 [ 3784 AC_DEFINE([HAVE_INTXX_T]) 3785 AC_MSG_RESULT([yes]) 3786 ], [ AC_MSG_RESULT([no]) 3787 ]) 3788fi 3789 3790AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3791 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3792#include <sys/types.h> 3793#ifdef HAVE_STDINT_H 3794# include <stdint.h> 3795#endif 3796#include <sys/socket.h> 3797#ifdef HAVE_SYS_BITYPES_H 3798# include <sys/bitypes.h> 3799#endif 3800 ]], [[ 3801int64_t a; a = 1; 3802 ]])], 3803 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3804 ]) 3805]) 3806if test "x$ac_cv_have_int64_t" = "xyes" ; then 3807 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3808fi 3809 3810AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3811 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3812 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3813 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3814 ]) 3815]) 3816if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3817 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3818 have_u_intxx_t=1 3819fi 3820 3821if test -z "$have_u_intxx_t" ; then 3822 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3823 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3824 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3825 [ 3826 AC_DEFINE([HAVE_U_INTXX_T]) 3827 AC_MSG_RESULT([yes]) 3828 ], [ AC_MSG_RESULT([no]) 3829 ]) 3830fi 3831 3832AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3833 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3834 [[ u_int64_t a; a = 1;]])], 3835 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3836 ]) 3837]) 3838if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3839 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3840 have_u_int64_t=1 3841fi 3842 3843if (test -z "$have_u_int64_t" && \ 3844 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3845then 3846 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3847 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3848 [[ u_int64_t a; a = 1]])], 3849 [ 3850 AC_DEFINE([HAVE_U_INT64_T]) 3851 AC_MSG_RESULT([yes]) 3852 ], [ AC_MSG_RESULT([no]) 3853 ]) 3854fi 3855 3856if test -z "$have_u_intxx_t" ; then 3857 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3858 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3859#include <sys/types.h> 3860 ]], [[ 3861 uint8_t a; 3862 uint16_t b; 3863 uint32_t c; 3864 a = b = c = 1; 3865 ]])], 3866 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3867 ]) 3868 ]) 3869 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3870 AC_DEFINE([HAVE_UINTXX_T], [1], 3871 [define if you have uintxx_t data type]) 3872 fi 3873fi 3874 3875if (test -z "$have_uintxx_t" && \ 3876 test "x$ac_cv_header_stdint_h" = "xyes") 3877then 3878 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3879 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3880 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3881 [ 3882 AC_DEFINE([HAVE_UINTXX_T]) 3883 AC_MSG_RESULT([yes]) 3884 ], [ AC_MSG_RESULT([no]) 3885 ]) 3886fi 3887 3888if (test -z "$have_uintxx_t" && \ 3889 test "x$ac_cv_header_inttypes_h" = "xyes") 3890then 3891 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3892 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3893 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3894 [ 3895 AC_DEFINE([HAVE_UINTXX_T]) 3896 AC_MSG_RESULT([yes]) 3897 ], [ AC_MSG_RESULT([no]) 3898 ]) 3899fi 3900 3901if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3902 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3903then 3904 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3905 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3906#include <sys/bitypes.h> 3907 ]], [[ 3908 int8_t a; int16_t b; int32_t c; 3909 u_int8_t e; u_int16_t f; u_int32_t g; 3910 a = b = c = e = f = g = 1; 3911 ]])], 3912 [ 3913 AC_DEFINE([HAVE_U_INTXX_T]) 3914 AC_DEFINE([HAVE_INTXX_T]) 3915 AC_MSG_RESULT([yes]) 3916 ], [AC_MSG_RESULT([no]) 3917 ]) 3918fi 3919 3920 3921AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3922 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3923 [[ u_char foo; foo = 125; ]])], 3924 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3925 ]) 3926]) 3927if test "x$ac_cv_have_u_char" = "xyes" ; then 3928 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3929fi 3930 3931AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3932#include <sys/types.h> 3933#ifdef HAVE_STDINT_H 3934# include <stdint.h> 3935#endif 3936]) 3937 3938TYPE_SOCKLEN_T 3939 3940AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3941AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3942#include <sys/types.h> 3943#ifdef HAVE_SYS_BITYPES_H 3944#include <sys/bitypes.h> 3945#endif 3946#ifdef HAVE_SYS_STATFS_H 3947#include <sys/statfs.h> 3948#endif 3949#ifdef HAVE_SYS_STATVFS_H 3950#include <sys/statvfs.h> 3951#endif 3952]) 3953 3954AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 3955#include <sys/param.h> 3956#include <sys/types.h> 3957#ifdef HAVE_SYS_BITYPES_H 3958#include <sys/bitypes.h> 3959#endif 3960#ifdef HAVE_SYS_STATFS_H 3961#include <sys/statfs.h> 3962#endif 3963#ifdef HAVE_SYS_STATVFS_H 3964#include <sys/statvfs.h> 3965#endif 3966#ifdef HAVE_SYS_VFS_H 3967#include <sys/vfs.h> 3968#endif 3969#ifdef HAVE_SYS_MOUNT_H 3970#include <sys/mount.h> 3971#endif 3972]]) 3973 3974 3975AC_CHECK_TYPES([in_addr_t, in_port_t], , , 3976[#include <sys/types.h> 3977#include <netinet/in.h>]) 3978 3979AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3980 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3981 [[ size_t foo; foo = 1235; ]])], 3982 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 3983 ]) 3984]) 3985if test "x$ac_cv_have_size_t" = "xyes" ; then 3986 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 3987fi 3988 3989AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 3990 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3991 [[ ssize_t foo; foo = 1235; ]])], 3992 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 3993 ]) 3994]) 3995if test "x$ac_cv_have_ssize_t" = "xyes" ; then 3996 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 3997fi 3998 3999AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 4000 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4001 [[ clock_t foo; foo = 1235; ]])], 4002 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4003 ]) 4004]) 4005if test "x$ac_cv_have_clock_t" = "xyes" ; then 4006 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4007fi 4008 4009AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4010 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4011#include <sys/types.h> 4012#include <sys/socket.h> 4013 ]], [[ sa_family_t foo; foo = 1235; ]])], 4014 [ ac_cv_have_sa_family_t="yes" ], 4015 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4016#include <sys/types.h> 4017#include <sys/socket.h> 4018#include <netinet/in.h> 4019 ]], [[ sa_family_t foo; foo = 1235; ]])], 4020 [ ac_cv_have_sa_family_t="yes" ], 4021 [ ac_cv_have_sa_family_t="no" ] 4022 ) 4023 ]) 4024]) 4025if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4026 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4027 [define if you have sa_family_t data type]) 4028fi 4029 4030AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4031 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4032 [[ pid_t foo; foo = 1235; ]])], 4033 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4034 ]) 4035]) 4036if test "x$ac_cv_have_pid_t" = "xyes" ; then 4037 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4038fi 4039 4040AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4041 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4042 [[ mode_t foo; foo = 1235; ]])], 4043 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4044 ]) 4045]) 4046if test "x$ac_cv_have_mode_t" = "xyes" ; then 4047 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4048fi 4049 4050 4051AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4052 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4053#include <sys/types.h> 4054#include <sys/socket.h> 4055 ]], [[ struct sockaddr_storage s; ]])], 4056 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4057 [ ac_cv_have_struct_sockaddr_storage="no" 4058 ]) 4059]) 4060if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4061 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4062 [define if you have struct sockaddr_storage data type]) 4063fi 4064 4065AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4066 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4067#include <sys/types.h> 4068#include <netinet/in.h> 4069 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4070 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4071 [ ac_cv_have_struct_sockaddr_in6="no" 4072 ]) 4073]) 4074if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4075 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4076 [define if you have struct sockaddr_in6 data type]) 4077fi 4078 4079AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4080 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4081#include <sys/types.h> 4082#include <netinet/in.h> 4083 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4084 [ ac_cv_have_struct_in6_addr="yes" ], 4085 [ ac_cv_have_struct_in6_addr="no" 4086 ]) 4087]) 4088if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4089 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4090 [define if you have struct in6_addr data type]) 4091 4092dnl Now check for sin6_scope_id 4093 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4094 [ 4095#ifdef HAVE_SYS_TYPES_H 4096#include <sys/types.h> 4097#endif 4098#include <netinet/in.h> 4099 ]) 4100fi 4101 4102AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4103 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4104#include <sys/types.h> 4105#include <sys/socket.h> 4106#include <netdb.h> 4107 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4108 [ ac_cv_have_struct_addrinfo="yes" ], 4109 [ ac_cv_have_struct_addrinfo="no" 4110 ]) 4111]) 4112if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4113 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4114 [define if you have struct addrinfo data type]) 4115fi 4116 4117AC_HEADER_TIME 4118 4119AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4120 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4121 [[ struct timeval tv; tv.tv_sec = 1;]])], 4122 [ ac_cv_have_struct_timeval="yes" ], 4123 [ ac_cv_have_struct_timeval="no" 4124 ]) 4125]) 4126if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4127 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4128 have_struct_timeval=1 4129fi 4130 4131AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4132 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4133 #ifdef TIME_WITH_SYS_TIME 4134 # include <sys/time.h> 4135 # include <time.h> 4136 #else 4137 # ifdef HAVE_SYS_TIME_H 4138 # include <sys/time.h> 4139 # else 4140 # include <time.h> 4141 # endif 4142 #endif 4143 ]], 4144 [[ struct timespec ts; ts.tv_sec = 1;]])], 4145 [ ac_cv_have_struct_timespec="yes" ], 4146 [ ac_cv_have_struct_timespec="no" 4147 ]) 4148]) 4149if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4150 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4151 have_struct_timespec=1 4152fi 4153 4154# We need int64_t or else certain parts of the compile will fail. 4155if test "x$ac_cv_have_int64_t" = "xno" && \ 4156 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4157 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4158 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4159 echo "an alternative compiler (I.E., GCC) before continuing." 4160 echo "" 4161 exit 1; 4162else 4163dnl test snprintf (broken on SCO w/gcc) 4164 AC_RUN_IFELSE( 4165 [AC_LANG_SOURCE([[ 4166#include <stdio.h> 4167#include <string.h> 4168#ifdef HAVE_SNPRINTF 4169main() 4170{ 4171 char buf[50]; 4172 char expected_out[50]; 4173 int mazsize = 50 ; 4174#if (SIZEOF_LONG_INT == 8) 4175 long int num = 0x7fffffffffffffff; 4176#else 4177 long long num = 0x7fffffffffffffffll; 4178#endif 4179 strcpy(expected_out, "9223372036854775807"); 4180 snprintf(buf, mazsize, "%lld", num); 4181 if(strcmp(buf, expected_out) != 0) 4182 exit(1); 4183 exit(0); 4184} 4185#else 4186main() { exit(0); } 4187#endif 4188 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4189 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4190 ) 4191fi 4192 4193dnl Checks for structure members 4194OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4195OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4196OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4197OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4198OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4199OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4200OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4201OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4202OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4203OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4204OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4205OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4206OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4207OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4208OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4209OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4210OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4211 4212AC_CHECK_MEMBERS([struct stat.st_blksize]) 4213AC_CHECK_MEMBERS([struct stat.st_mtim]) 4214AC_CHECK_MEMBERS([struct stat.st_mtime]) 4215AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4216struct passwd.pw_change, struct passwd.pw_expire], 4217[], [], [[ 4218#include <sys/types.h> 4219#include <pwd.h> 4220]]) 4221 4222AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4223 [Define if we don't have struct __res_state in resolv.h])], 4224[[ 4225#include <stdio.h> 4226#if HAVE_SYS_TYPES_H 4227# include <sys/types.h> 4228#endif 4229#include <netinet/in.h> 4230#include <arpa/nameser.h> 4231#include <resolv.h> 4232]]) 4233 4234AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4235 ac_cv_have_ss_family_in_struct_ss, [ 4236 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4237#include <sys/types.h> 4238#include <sys/socket.h> 4239 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4240 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4241 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4242]) 4243if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4244 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4245fi 4246 4247AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4248 ac_cv_have___ss_family_in_struct_ss, [ 4249 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4250#include <sys/types.h> 4251#include <sys/socket.h> 4252 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4253 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4254 [ ac_cv_have___ss_family_in_struct_ss="no" 4255 ]) 4256]) 4257if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4258 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4259 [Fields in struct sockaddr_storage]) 4260fi 4261 4262dnl make sure we're using the real structure members and not defines 4263AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4264 ac_cv_have_accrights_in_msghdr, [ 4265 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4266#include <sys/types.h> 4267#include <sys/socket.h> 4268#include <sys/uio.h> 4269 ]], [[ 4270#ifdef msg_accrights 4271#error "msg_accrights is a macro" 4272exit(1); 4273#endif 4274struct msghdr m; 4275m.msg_accrights = 0; 4276exit(0); 4277 ]])], 4278 [ ac_cv_have_accrights_in_msghdr="yes" ], 4279 [ ac_cv_have_accrights_in_msghdr="no" ] 4280 ) 4281]) 4282if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4283 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4284 [Define if your system uses access rights style 4285 file descriptor passing]) 4286fi 4287 4288AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4289AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4290#include <sys/param.h> 4291#include <sys/stat.h> 4292#ifdef HAVE_SYS_TIME_H 4293# include <sys/time.h> 4294#endif 4295#ifdef HAVE_SYS_MOUNT_H 4296#include <sys/mount.h> 4297#endif 4298#ifdef HAVE_SYS_STATVFS_H 4299#include <sys/statvfs.h> 4300#endif 4301 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4302 [ AC_MSG_RESULT([yes]) ], 4303 [ AC_MSG_RESULT([no]) 4304 4305 AC_MSG_CHECKING([if fsid_t has member val]) 4306 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4307#include <sys/types.h> 4308#include <sys/statvfs.h> 4309 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4310 [ AC_MSG_RESULT([yes]) 4311 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4312 [ AC_MSG_RESULT([no]) ]) 4313 4314 AC_MSG_CHECKING([if f_fsid has member __val]) 4315 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4316#include <sys/types.h> 4317#include <sys/statvfs.h> 4318 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4319 [ AC_MSG_RESULT([yes]) 4320 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4321 [ AC_MSG_RESULT([no]) ]) 4322]) 4323 4324AC_CACHE_CHECK([for msg_control field in struct msghdr], 4325 ac_cv_have_control_in_msghdr, [ 4326 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4327#include <sys/types.h> 4328#include <sys/socket.h> 4329#include <sys/uio.h> 4330 ]], [[ 4331#ifdef msg_control 4332#error "msg_control is a macro" 4333exit(1); 4334#endif 4335struct msghdr m; 4336m.msg_control = 0; 4337exit(0); 4338 ]])], 4339 [ ac_cv_have_control_in_msghdr="yes" ], 4340 [ ac_cv_have_control_in_msghdr="no" ] 4341 ) 4342]) 4343if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4344 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4345 [Define if your system uses ancillary data style 4346 file descriptor passing]) 4347fi 4348 4349AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4350 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4351 [[ extern char *__progname; printf("%s", __progname); ]])], 4352 [ ac_cv_libc_defines___progname="yes" ], 4353 [ ac_cv_libc_defines___progname="no" 4354 ]) 4355]) 4356if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4357 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4358fi 4359 4360AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4361 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4362 [[ printf("%s", __FUNCTION__); ]])], 4363 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4364 [ ac_cv_cc_implements___FUNCTION__="no" 4365 ]) 4366]) 4367if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4368 AC_DEFINE([HAVE___FUNCTION__], [1], 4369 [Define if compiler implements __FUNCTION__]) 4370fi 4371 4372AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4373 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4374 [[ printf("%s", __func__); ]])], 4375 [ ac_cv_cc_implements___func__="yes" ], 4376 [ ac_cv_cc_implements___func__="no" 4377 ]) 4378]) 4379if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4380 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4381fi 4382 4383AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4384 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4385#include <stdarg.h> 4386va_list x,y; 4387 ]], [[ va_copy(x,y); ]])], 4388 [ ac_cv_have_va_copy="yes" ], 4389 [ ac_cv_have_va_copy="no" 4390 ]) 4391]) 4392if test "x$ac_cv_have_va_copy" = "xyes" ; then 4393 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4394fi 4395 4396AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4397 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4398#include <stdarg.h> 4399va_list x,y; 4400 ]], [[ __va_copy(x,y); ]])], 4401 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4402 ]) 4403]) 4404if test "x$ac_cv_have___va_copy" = "xyes" ; then 4405 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4406fi 4407 4408AC_CACHE_CHECK([whether getopt has optreset support], 4409 ac_cv_have_getopt_optreset, [ 4410 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4411 [[ extern int optreset; optreset = 0; ]])], 4412 [ ac_cv_have_getopt_optreset="yes" ], 4413 [ ac_cv_have_getopt_optreset="no" 4414 ]) 4415]) 4416if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4417 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4418 [Define if your getopt(3) defines and uses optreset]) 4419fi 4420 4421AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4422 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4423[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4424 [ ac_cv_libc_defines_sys_errlist="yes" ], 4425 [ ac_cv_libc_defines_sys_errlist="no" 4426 ]) 4427]) 4428if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4429 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4430 [Define if your system defines sys_errlist[]]) 4431fi 4432 4433 4434AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4435 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4436[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4437 [ ac_cv_libc_defines_sys_nerr="yes" ], 4438 [ ac_cv_libc_defines_sys_nerr="no" 4439 ]) 4440]) 4441if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4442 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4443fi 4444 4445# Check libraries needed by DNS fingerprint support 4446AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4447 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4448 [Define if getrrsetbyname() exists])], 4449 [ 4450 # Needed by our getrrsetbyname() 4451 AC_SEARCH_LIBS([res_query], [resolv]) 4452 AC_SEARCH_LIBS([dn_expand], [resolv]) 4453 AC_MSG_CHECKING([if res_query will link]) 4454 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4455#include <sys/types.h> 4456#include <netinet/in.h> 4457#include <arpa/nameser.h> 4458#include <netdb.h> 4459#include <resolv.h> 4460 ]], [[ 4461 res_query (0, 0, 0, 0, 0); 4462 ]])], 4463 AC_MSG_RESULT([yes]), 4464 [AC_MSG_RESULT([no]) 4465 saved_LIBS="$LIBS" 4466 LIBS="$LIBS -lresolv" 4467 AC_MSG_CHECKING([for res_query in -lresolv]) 4468 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4469#include <sys/types.h> 4470#include <netinet/in.h> 4471#include <arpa/nameser.h> 4472#include <netdb.h> 4473#include <resolv.h> 4474 ]], [[ 4475 res_query (0, 0, 0, 0, 0); 4476 ]])], 4477 [AC_MSG_RESULT([yes])], 4478 [LIBS="$saved_LIBS" 4479 AC_MSG_RESULT([no])]) 4480 ]) 4481 AC_CHECK_FUNCS([_getshort _getlong]) 4482 AC_CHECK_DECLS([_getshort, _getlong], , , 4483 [#include <sys/types.h> 4484 #include <arpa/nameser.h>]) 4485 AC_CHECK_MEMBER([HEADER.ad], 4486 [AC_DEFINE([HAVE_HEADER_AD], [1], 4487 [Define if HEADER.ad exists in arpa/nameser.h])], , 4488 [#include <arpa/nameser.h>]) 4489 ]) 4490 4491AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4492AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4493#include <stdio.h> 4494#if HAVE_SYS_TYPES_H 4495# include <sys/types.h> 4496#endif 4497#include <netinet/in.h> 4498#include <arpa/nameser.h> 4499#include <resolv.h> 4500extern struct __res_state _res; 4501 ]], [[ 4502struct __res_state *volatile p = &_res; /* force resolution of _res */ 4503return 0; 4504 ]],)], 4505 [AC_MSG_RESULT([yes]) 4506 AC_DEFINE([HAVE__RES_EXTERN], [1], 4507 [Define if you have struct __res_state _res as an extern]) 4508 ], 4509 [ AC_MSG_RESULT([no]) ] 4510) 4511 4512# Check whether user wants SELinux support 4513SELINUX_MSG="no" 4514LIBSELINUX="" 4515AC_ARG_WITH([selinux], 4516 [ --with-selinux Enable SELinux support], 4517 [ if test "x$withval" != "xno" ; then 4518 save_LIBS="$LIBS" 4519 AC_DEFINE([WITH_SELINUX], [1], 4520 [Define if you want SELinux support.]) 4521 SELINUX_MSG="yes" 4522 AC_CHECK_HEADER([selinux/selinux.h], , 4523 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4524 AC_CHECK_LIB([selinux], [setexeccon], 4525 [ LIBSELINUX="-lselinux" 4526 LIBS="$LIBS -lselinux" 4527 ], 4528 AC_MSG_ERROR([SELinux support requires libselinux library])) 4529 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4530 LIBS="$save_LIBS $LIBSELINUX" 4531 fi ] 4532) 4533AC_SUBST([SSHDLIBS]) 4534 4535# Check whether user wants Kerberos 5 support 4536KRB5_MSG="no" 4537AC_ARG_WITH([kerberos5], 4538 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4539 [ if test "x$withval" != "xno" ; then 4540 if test "x$withval" = "xyes" ; then 4541 KRB5ROOT="/usr/local" 4542 else 4543 KRB5ROOT=${withval} 4544 fi 4545 4546 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4547 KRB5_MSG="yes" 4548 4549 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4550 [$KRB5ROOT/bin/krb5-config], 4551 [$KRB5ROOT/bin:$PATH]) 4552 if test -x $KRB5CONF ; then 4553 K5CFLAGS="`$KRB5CONF --cflags`" 4554 K5LIBS="`$KRB5CONF --libs`" 4555 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4556 4557 AC_MSG_CHECKING([for gssapi support]) 4558 if $KRB5CONF | grep gssapi >/dev/null ; then 4559 AC_MSG_RESULT([yes]) 4560 AC_DEFINE([GSSAPI], [1], 4561 [Define this if you want GSSAPI 4562 support in the version 2 protocol]) 4563 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4564 GSSLIBS="`$KRB5CONF --libs gssapi`" 4565 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4566 else 4567 AC_MSG_RESULT([no]) 4568 fi 4569 AC_MSG_CHECKING([whether we are using Heimdal]) 4570 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4571 ]], [[ char *tmp = heimdal_version; ]])], 4572 [ AC_MSG_RESULT([yes]) 4573 AC_DEFINE([HEIMDAL], [1], 4574 [Define this if you are using the Heimdal 4575 version of Kerberos V5]) ], 4576 [AC_MSG_RESULT([no]) 4577 ]) 4578 else 4579 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4580 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4581 AC_MSG_CHECKING([whether we are using Heimdal]) 4582 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4583 ]], [[ char *tmp = heimdal_version; ]])], 4584 [ AC_MSG_RESULT([yes]) 4585 AC_DEFINE([HEIMDAL]) 4586 K5LIBS="-lkrb5" 4587 K5LIBS="$K5LIBS -lcom_err -lasn1" 4588 AC_CHECK_LIB([roken], [net_write], 4589 [K5LIBS="$K5LIBS -lroken"]) 4590 AC_CHECK_LIB([des], [des_cbc_encrypt], 4591 [K5LIBS="$K5LIBS -ldes"]) 4592 ], [ AC_MSG_RESULT([no]) 4593 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4594 ]) 4595 AC_SEARCH_LIBS([dn_expand], [resolv]) 4596 4597 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4598 [ AC_DEFINE([GSSAPI]) 4599 GSSLIBS="-lgssapi_krb5" ], 4600 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4601 [ AC_DEFINE([GSSAPI]) 4602 GSSLIBS="-lgssapi" ], 4603 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4604 [ AC_DEFINE([GSSAPI]) 4605 GSSLIBS="-lgss" ], 4606 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4607 ]) 4608 ]) 4609 4610 AC_CHECK_HEADER([gssapi.h], , 4611 [ unset ac_cv_header_gssapi_h 4612 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4613 AC_CHECK_HEADERS([gssapi.h], , 4614 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4615 ) 4616 ] 4617 ) 4618 4619 oldCPP="$CPPFLAGS" 4620 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4621 AC_CHECK_HEADER([gssapi_krb5.h], , 4622 [ CPPFLAGS="$oldCPP" ]) 4623 4624 fi 4625 if test -n "${rpath_opt}" ; then 4626 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4627 fi 4628 if test ! -z "$blibpath" ; then 4629 blibpath="$blibpath:${KRB5ROOT}/lib" 4630 fi 4631 4632 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4633 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4634 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4635 4636 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4637 [Define this if you want to use libkafs' AFS support])]) 4638 4639 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4640#ifdef HAVE_GSSAPI_H 4641# include <gssapi.h> 4642#elif defined(HAVE_GSSAPI_GSSAPI_H) 4643# include <gssapi/gssapi.h> 4644#endif 4645 4646#ifdef HAVE_GSSAPI_GENERIC_H 4647# include <gssapi_generic.h> 4648#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4649# include <gssapi/gssapi_generic.h> 4650#endif 4651 ]]) 4652 saved_LIBS="$LIBS" 4653 LIBS="$LIBS $K5LIBS" 4654 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4655 LIBS="$saved_LIBS" 4656 4657 fi 4658 ] 4659) 4660AC_SUBST([GSSLIBS]) 4661AC_SUBST([K5LIBS]) 4662 4663# Looking for programs, paths and files 4664 4665PRIVSEP_PATH=/var/empty 4666AC_ARG_WITH([privsep-path], 4667 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4668 [ 4669 if test -n "$withval" && test "x$withval" != "xno" && \ 4670 test "x${withval}" != "xyes"; then 4671 PRIVSEP_PATH=$withval 4672 fi 4673 ] 4674) 4675AC_SUBST([PRIVSEP_PATH]) 4676 4677AC_ARG_WITH([xauth], 4678 [ --with-xauth=PATH Specify path to xauth program ], 4679 [ 4680 if test -n "$withval" && test "x$withval" != "xno" && \ 4681 test "x${withval}" != "xyes"; then 4682 xauth_path=$withval 4683 fi 4684 ], 4685 [ 4686 TestPath="$PATH" 4687 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4688 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4689 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4690 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4691 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4692 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4693 xauth_path="/usr/openwin/bin/xauth" 4694 fi 4695 ] 4696) 4697 4698STRIP_OPT=-s 4699AC_ARG_ENABLE([strip], 4700 [ --disable-strip Disable calling strip(1) on install], 4701 [ 4702 if test "x$enableval" = "xno" ; then 4703 STRIP_OPT= 4704 fi 4705 ] 4706) 4707AC_SUBST([STRIP_OPT]) 4708 4709if test -z "$xauth_path" ; then 4710 XAUTH_PATH="undefined" 4711 AC_SUBST([XAUTH_PATH]) 4712else 4713 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4714 [Define if xauth is found in your path]) 4715 XAUTH_PATH=$xauth_path 4716 AC_SUBST([XAUTH_PATH]) 4717fi 4718 4719dnl # --with-maildir=/path/to/mail gets top priority. 4720dnl # if maildir is set in the platform case statement above we use that. 4721dnl # Otherwise we run a program to get the dir from system headers. 4722dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4723dnl # If we find _PATH_MAILDIR we do nothing because that is what 4724dnl # session.c expects anyway. Otherwise we set to the value found 4725dnl # stripping any trailing slash. If for some strage reason our program 4726dnl # does not find what it needs, we default to /var/spool/mail. 4727# Check for mail directory 4728AC_ARG_WITH([maildir], 4729 [ --with-maildir=/path/to/mail Specify your system mail directory], 4730 [ 4731 if test "X$withval" != X && test "x$withval" != xno && \ 4732 test "x${withval}" != xyes; then 4733 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4734 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4735 fi 4736 ],[ 4737 if test "X$maildir" != "X"; then 4738 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4739 else 4740 AC_MSG_CHECKING([Discovering system mail directory]) 4741 AC_RUN_IFELSE( 4742 [AC_LANG_PROGRAM([[ 4743#include <stdio.h> 4744#include <string.h> 4745#ifdef HAVE_PATHS_H 4746#include <paths.h> 4747#endif 4748#ifdef HAVE_MAILLOCK_H 4749#include <maillock.h> 4750#endif 4751#define DATA "conftest.maildir" 4752 ]], [[ 4753 FILE *fd; 4754 int rc; 4755 4756 fd = fopen(DATA,"w"); 4757 if(fd == NULL) 4758 exit(1); 4759 4760#if defined (_PATH_MAILDIR) 4761 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4762 exit(1); 4763#elif defined (MAILDIR) 4764 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4765 exit(1); 4766#elif defined (_PATH_MAIL) 4767 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4768 exit(1); 4769#else 4770 exit (2); 4771#endif 4772 4773 exit(0); 4774 ]])], 4775 [ 4776 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4777 maildir=`awk -F: '{print $2}' conftest.maildir \ 4778 | sed 's|/$||'` 4779 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4780 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4781 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4782 fi 4783 ], 4784 [ 4785 if test "X$ac_status" = "X2";then 4786# our test program didn't find it. Default to /var/spool/mail 4787 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4788 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4789 else 4790 AC_MSG_RESULT([*** not found ***]) 4791 fi 4792 ], 4793 [ 4794 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4795 ] 4796 ) 4797 fi 4798 ] 4799) # maildir 4800 4801if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4802 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4803 disable_ptmx_check=yes 4804fi 4805if test -z "$no_dev_ptmx" ; then 4806 if test "x$disable_ptmx_check" != "xyes" ; then 4807 AC_CHECK_FILE(["/dev/ptmx"], 4808 [ 4809 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4810 [Define if you have /dev/ptmx]) 4811 have_dev_ptmx=1 4812 ] 4813 ) 4814 fi 4815fi 4816 4817if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4818 AC_CHECK_FILE(["/dev/ptc"], 4819 [ 4820 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4821 [Define if you have /dev/ptc]) 4822 have_dev_ptc=1 4823 ] 4824 ) 4825else 4826 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4827fi 4828 4829# Options from here on. Some of these are preset by platform above 4830AC_ARG_WITH([mantype], 4831 [ --with-mantype=man|cat|doc Set man page type], 4832 [ 4833 case "$withval" in 4834 man|cat|doc) 4835 MANTYPE=$withval 4836 ;; 4837 *) 4838 AC_MSG_ERROR([invalid man type: $withval]) 4839 ;; 4840 esac 4841 ] 4842) 4843if test -z "$MANTYPE"; then 4844 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 4845 MANTYPE=doc 4846 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4847 MANTYPE=doc 4848 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4849 MANTYPE=man 4850 else 4851 MANTYPE=cat 4852 fi 4853fi 4854AC_SUBST([MANTYPE]) 4855if test "$MANTYPE" = "doc"; then 4856 mansubdir=man; 4857else 4858 mansubdir=$MANTYPE; 4859fi 4860AC_SUBST([mansubdir]) 4861 4862# Check whether to enable MD5 passwords 4863MD5_MSG="no" 4864AC_ARG_WITH([md5-passwords], 4865 [ --with-md5-passwords Enable use of MD5 passwords], 4866 [ 4867 if test "x$withval" != "xno" ; then 4868 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4869 [Define if you want to allow MD5 passwords]) 4870 MD5_MSG="yes" 4871 fi 4872 ] 4873) 4874 4875# Whether to disable shadow password support 4876AC_ARG_WITH([shadow], 4877 [ --without-shadow Disable shadow password support], 4878 [ 4879 if test "x$withval" = "xno" ; then 4880 AC_DEFINE([DISABLE_SHADOW]) 4881 disable_shadow=yes 4882 fi 4883 ] 4884) 4885 4886if test -z "$disable_shadow" ; then 4887 AC_MSG_CHECKING([if the systems has expire shadow information]) 4888 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4889#include <sys/types.h> 4890#include <shadow.h> 4891struct spwd sp; 4892 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4893 [ sp_expire_available=yes ], [ 4894 ]) 4895 4896 if test "x$sp_expire_available" = "xyes" ; then 4897 AC_MSG_RESULT([yes]) 4898 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4899 [Define if you want to use shadow password expire field]) 4900 else 4901 AC_MSG_RESULT([no]) 4902 fi 4903fi 4904 4905# Use ip address instead of hostname in $DISPLAY 4906if test ! -z "$IPADDR_IN_DISPLAY" ; then 4907 DISPLAY_HACK_MSG="yes" 4908 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4909 [Define if you need to use IP address 4910 instead of hostname in $DISPLAY]) 4911else 4912 DISPLAY_HACK_MSG="no" 4913 AC_ARG_WITH([ipaddr-display], 4914 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 4915 [ 4916 if test "x$withval" != "xno" ; then 4917 AC_DEFINE([IPADDR_IN_DISPLAY]) 4918 DISPLAY_HACK_MSG="yes" 4919 fi 4920 ] 4921 ) 4922fi 4923 4924# check for /etc/default/login and use it if present. 4925AC_ARG_ENABLE([etc-default-login], 4926 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4927 [ if test "x$enableval" = "xno"; then 4928 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4929 etc_default_login=no 4930 else 4931 etc_default_login=yes 4932 fi ], 4933 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4934 then 4935 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4936 etc_default_login=no 4937 else 4938 etc_default_login=yes 4939 fi ] 4940) 4941 4942if test "x$etc_default_login" != "xno"; then 4943 AC_CHECK_FILE(["/etc/default/login"], 4944 [ external_path_file=/etc/default/login ]) 4945 if test "x$external_path_file" = "x/etc/default/login"; then 4946 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4947 [Define if your system has /etc/default/login]) 4948 fi 4949fi 4950 4951dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4952if test $ac_cv_func_login_getcapbool = "yes" && \ 4953 test $ac_cv_header_login_cap_h = "yes" ; then 4954 external_path_file=/etc/login.conf 4955fi 4956 4957# Whether to mess with the default path 4958SERVER_PATH_MSG="(default)" 4959AC_ARG_WITH([default-path], 4960 [ --with-default-path= Specify default $PATH environment for server], 4961 [ 4962 if test "x$external_path_file" = "x/etc/login.conf" ; then 4963 AC_MSG_WARN([ 4964--with-default-path=PATH has no effect on this system. 4965Edit /etc/login.conf instead.]) 4966 elif test "x$withval" != "xno" ; then 4967 if test ! -z "$external_path_file" ; then 4968 AC_MSG_WARN([ 4969--with-default-path=PATH will only be used if PATH is not defined in 4970$external_path_file .]) 4971 fi 4972 user_path="$withval" 4973 SERVER_PATH_MSG="$withval" 4974 fi 4975 ], 4976 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 4977 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 4978 else 4979 if test ! -z "$external_path_file" ; then 4980 AC_MSG_WARN([ 4981If PATH is defined in $external_path_file, ensure the path to scp is included, 4982otherwise scp will not work.]) 4983 fi 4984 AC_RUN_IFELSE( 4985 [AC_LANG_PROGRAM([[ 4986/* find out what STDPATH is */ 4987#include <stdio.h> 4988#ifdef HAVE_PATHS_H 4989# include <paths.h> 4990#endif 4991#ifndef _PATH_STDPATH 4992# ifdef _PATH_USERPATH /* Irix */ 4993# define _PATH_STDPATH _PATH_USERPATH 4994# else 4995# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 4996# endif 4997#endif 4998#include <sys/types.h> 4999#include <sys/stat.h> 5000#include <fcntl.h> 5001#define DATA "conftest.stdpath" 5002 ]], [[ 5003 FILE *fd; 5004 int rc; 5005 5006 fd = fopen(DATA,"w"); 5007 if(fd == NULL) 5008 exit(1); 5009 5010 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5011 exit(1); 5012 5013 exit(0); 5014 ]])], 5015 [ user_path=`cat conftest.stdpath` ], 5016 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5017 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5018 ) 5019# make sure $bindir is in USER_PATH so scp will work 5020 t_bindir="${bindir}" 5021 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5022 t_bindir=`eval echo ${t_bindir}` 5023 case $t_bindir in 5024 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5025 esac 5026 case $t_bindir in 5027 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5028 esac 5029 done 5030 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5031 if test $? -ne 0 ; then 5032 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5033 if test $? -ne 0 ; then 5034 user_path=$user_path:$t_bindir 5035 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5036 fi 5037 fi 5038 fi ] 5039) 5040if test "x$external_path_file" != "x/etc/login.conf" ; then 5041 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5042 AC_SUBST([user_path]) 5043fi 5044 5045# Set superuser path separately to user path 5046AC_ARG_WITH([superuser-path], 5047 [ --with-superuser-path= Specify different path for super-user], 5048 [ 5049 if test -n "$withval" && test "x$withval" != "xno" && \ 5050 test "x${withval}" != "xyes"; then 5051 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5052 [Define if you want a different $PATH 5053 for the superuser]) 5054 superuser_path=$withval 5055 fi 5056 ] 5057) 5058 5059 5060AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5061IPV4_IN6_HACK_MSG="no" 5062AC_ARG_WITH(4in6, 5063 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5064 [ 5065 if test "x$withval" != "xno" ; then 5066 AC_MSG_RESULT([yes]) 5067 AC_DEFINE([IPV4_IN_IPV6], [1], 5068 [Detect IPv4 in IPv6 mapped addresses 5069 and treat as IPv4]) 5070 IPV4_IN6_HACK_MSG="yes" 5071 else 5072 AC_MSG_RESULT([no]) 5073 fi 5074 ], [ 5075 if test "x$inet6_default_4in6" = "xyes"; then 5076 AC_MSG_RESULT([yes (default)]) 5077 AC_DEFINE([IPV4_IN_IPV6]) 5078 IPV4_IN6_HACK_MSG="yes" 5079 else 5080 AC_MSG_RESULT([no (default)]) 5081 fi 5082 ] 5083) 5084 5085# Whether to enable BSD auth support 5086BSD_AUTH_MSG=no 5087AC_ARG_WITH([bsd-auth], 5088 [ --with-bsd-auth Enable BSD auth support], 5089 [ 5090 if test "x$withval" != "xno" ; then 5091 AC_DEFINE([BSD_AUTH], [1], 5092 [Define if you have BSD auth support]) 5093 BSD_AUTH_MSG=yes 5094 fi 5095 ] 5096) 5097 5098# Where to place sshd.pid 5099piddir=/var/run 5100# make sure the directory exists 5101if test ! -d $piddir ; then 5102 piddir=`eval echo ${sysconfdir}` 5103 case $piddir in 5104 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5105 esac 5106fi 5107 5108AC_ARG_WITH([pid-dir], 5109 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5110 [ 5111 if test -n "$withval" && test "x$withval" != "xno" && \ 5112 test "x${withval}" != "xyes"; then 5113 piddir=$withval 5114 if test ! -d $piddir ; then 5115 AC_MSG_WARN([** no $piddir directory on this system **]) 5116 fi 5117 fi 5118 ] 5119) 5120 5121AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5122 [Specify location of ssh.pid]) 5123AC_SUBST([piddir]) 5124 5125dnl allow user to disable some login recording features 5126AC_ARG_ENABLE([lastlog], 5127 [ --disable-lastlog disable use of lastlog even if detected [no]], 5128 [ 5129 if test "x$enableval" = "xno" ; then 5130 AC_DEFINE([DISABLE_LASTLOG]) 5131 fi 5132 ] 5133) 5134AC_ARG_ENABLE([utmp], 5135 [ --disable-utmp disable use of utmp even if detected [no]], 5136 [ 5137 if test "x$enableval" = "xno" ; then 5138 AC_DEFINE([DISABLE_UTMP]) 5139 fi 5140 ] 5141) 5142AC_ARG_ENABLE([utmpx], 5143 [ --disable-utmpx disable use of utmpx even if detected [no]], 5144 [ 5145 if test "x$enableval" = "xno" ; then 5146 AC_DEFINE([DISABLE_UTMPX], [1], 5147 [Define if you don't want to use utmpx]) 5148 fi 5149 ] 5150) 5151AC_ARG_ENABLE([wtmp], 5152 [ --disable-wtmp disable use of wtmp even if detected [no]], 5153 [ 5154 if test "x$enableval" = "xno" ; then 5155 AC_DEFINE([DISABLE_WTMP]) 5156 fi 5157 ] 5158) 5159AC_ARG_ENABLE([wtmpx], 5160 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5161 [ 5162 if test "x$enableval" = "xno" ; then 5163 AC_DEFINE([DISABLE_WTMPX], [1], 5164 [Define if you don't want to use wtmpx]) 5165 fi 5166 ] 5167) 5168AC_ARG_ENABLE([libutil], 5169 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5170 [ 5171 if test "x$enableval" = "xno" ; then 5172 AC_DEFINE([DISABLE_LOGIN]) 5173 fi 5174 ] 5175) 5176AC_ARG_ENABLE([pututline], 5177 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5178 [ 5179 if test "x$enableval" = "xno" ; then 5180 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5181 [Define if you don't want to use pututline() 5182 etc. to write [uw]tmp]) 5183 fi 5184 ] 5185) 5186AC_ARG_ENABLE([pututxline], 5187 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5188 [ 5189 if test "x$enableval" = "xno" ; then 5190 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5191 [Define if you don't want to use pututxline() 5192 etc. to write [uw]tmpx]) 5193 fi 5194 ] 5195) 5196AC_ARG_WITH([lastlog], 5197 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5198 [ 5199 if test "x$withval" = "xno" ; then 5200 AC_DEFINE([DISABLE_LASTLOG]) 5201 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5202 conf_lastlog_location=$withval 5203 fi 5204 ] 5205) 5206 5207dnl lastlog, [uw]tmpx? detection 5208dnl NOTE: set the paths in the platform section to avoid the 5209dnl need for command-line parameters 5210dnl lastlog and [uw]tmp are subject to a file search if all else fails 5211 5212dnl lastlog detection 5213dnl NOTE: the code itself will detect if lastlog is a directory 5214AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5215AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5216#include <sys/types.h> 5217#include <utmp.h> 5218#ifdef HAVE_LASTLOG_H 5219# include <lastlog.h> 5220#endif 5221#ifdef HAVE_PATHS_H 5222# include <paths.h> 5223#endif 5224#ifdef HAVE_LOGIN_H 5225# include <login.h> 5226#endif 5227 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5228 [ AC_MSG_RESULT([yes]) ], 5229 [ 5230 AC_MSG_RESULT([no]) 5231 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5232 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5233#include <sys/types.h> 5234#include <utmp.h> 5235#ifdef HAVE_LASTLOG_H 5236# include <lastlog.h> 5237#endif 5238#ifdef HAVE_PATHS_H 5239# include <paths.h> 5240#endif 5241 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5242 [ AC_MSG_RESULT([yes]) ], 5243 [ 5244 AC_MSG_RESULT([no]) 5245 system_lastlog_path=no 5246 ]) 5247]) 5248 5249if test -z "$conf_lastlog_location"; then 5250 if test x"$system_lastlog_path" = x"no" ; then 5251 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5252 if (test -d "$f" || test -f "$f") ; then 5253 conf_lastlog_location=$f 5254 fi 5255 done 5256 if test -z "$conf_lastlog_location"; then 5257 AC_MSG_WARN([** Cannot find lastlog **]) 5258 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5259 fi 5260 fi 5261fi 5262 5263if test -n "$conf_lastlog_location"; then 5264 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5265 [Define if you want to specify the path to your lastlog file]) 5266fi 5267 5268dnl utmp detection 5269AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5270AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5271#include <sys/types.h> 5272#include <utmp.h> 5273#ifdef HAVE_PATHS_H 5274# include <paths.h> 5275#endif 5276 ]], [[ char *utmp = UTMP_FILE; ]])], 5277 [ AC_MSG_RESULT([yes]) ], 5278 [ AC_MSG_RESULT([no]) 5279 system_utmp_path=no 5280]) 5281if test -z "$conf_utmp_location"; then 5282 if test x"$system_utmp_path" = x"no" ; then 5283 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5284 if test -f $f ; then 5285 conf_utmp_location=$f 5286 fi 5287 done 5288 if test -z "$conf_utmp_location"; then 5289 AC_DEFINE([DISABLE_UTMP]) 5290 fi 5291 fi 5292fi 5293if test -n "$conf_utmp_location"; then 5294 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5295 [Define if you want to specify the path to your utmp file]) 5296fi 5297 5298dnl wtmp detection 5299AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5300AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5301#include <sys/types.h> 5302#include <utmp.h> 5303#ifdef HAVE_PATHS_H 5304# include <paths.h> 5305#endif 5306 ]], [[ char *wtmp = WTMP_FILE; ]])], 5307 [ AC_MSG_RESULT([yes]) ], 5308 [ AC_MSG_RESULT([no]) 5309 system_wtmp_path=no 5310]) 5311if test -z "$conf_wtmp_location"; then 5312 if test x"$system_wtmp_path" = x"no" ; then 5313 for f in /usr/adm/wtmp /var/log/wtmp; do 5314 if test -f $f ; then 5315 conf_wtmp_location=$f 5316 fi 5317 done 5318 if test -z "$conf_wtmp_location"; then 5319 AC_DEFINE([DISABLE_WTMP]) 5320 fi 5321 fi 5322fi 5323if test -n "$conf_wtmp_location"; then 5324 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5325 [Define if you want to specify the path to your wtmp file]) 5326fi 5327 5328dnl wtmpx detection 5329AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5330AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5331#include <sys/types.h> 5332#include <utmp.h> 5333#ifdef HAVE_UTMPX_H 5334#include <utmpx.h> 5335#endif 5336#ifdef HAVE_PATHS_H 5337# include <paths.h> 5338#endif 5339 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5340 [ AC_MSG_RESULT([yes]) ], 5341 [ AC_MSG_RESULT([no]) 5342 system_wtmpx_path=no 5343]) 5344if test -z "$conf_wtmpx_location"; then 5345 if test x"$system_wtmpx_path" = x"no" ; then 5346 AC_DEFINE([DISABLE_WTMPX]) 5347 fi 5348else 5349 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5350 [Define if you want to specify the path to your wtmpx file]) 5351fi 5352 5353 5354if test ! -z "$blibpath" ; then 5355 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5356 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5357fi 5358 5359AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5360 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5361 AC_DEFINE([DISABLE_LASTLOG]) 5362 fi 5363 ], [ 5364#ifdef HAVE_SYS_TYPES_H 5365#include <sys/types.h> 5366#endif 5367#ifdef HAVE_UTMP_H 5368#include <utmp.h> 5369#endif 5370#ifdef HAVE_UTMPX_H 5371#include <utmpx.h> 5372#endif 5373#ifdef HAVE_LASTLOG_H 5374#include <lastlog.h> 5375#endif 5376 ]) 5377 5378AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5379 AC_DEFINE([DISABLE_UTMP]) 5380 AC_DEFINE([DISABLE_WTMP]) 5381 ], [ 5382#ifdef HAVE_SYS_TYPES_H 5383#include <sys/types.h> 5384#endif 5385#ifdef HAVE_UTMP_H 5386#include <utmp.h> 5387#endif 5388#ifdef HAVE_UTMPX_H 5389#include <utmpx.h> 5390#endif 5391#ifdef HAVE_LASTLOG_H 5392#include <lastlog.h> 5393#endif 5394 ]) 5395 5396dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5397dnl Add now. 5398CFLAGS="$CFLAGS $werror_flags" 5399 5400if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5401 TEST_SSH_IPV6=no 5402else 5403 TEST_SSH_IPV6=yes 5404fi 5405AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5406AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5407AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5408AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5409AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5410AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5411 5412CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5413LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5414 5415# Make a copy of CFLAGS/LDFLAGS without PIE options. 5416LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5417CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5418AC_SUBST([LDFLAGS_NOPIE]) 5419AC_SUBST([CFLAGS_NOPIE]) 5420 5421AC_EXEEXT 5422AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5423 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5424 survey.sh]) 5425AC_OUTPUT 5426 5427# Print summary of options 5428 5429# Someone please show me a better way :) 5430A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5431B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5432C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5433D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5434E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5435F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5436G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5437H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5438I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5439J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5440 5441echo "" 5442echo "OpenSSH has been configured with the following options:" 5443echo " User binaries: $B" 5444echo " System binaries: $C" 5445echo " Configuration files: $D" 5446echo " Askpass program: $E" 5447echo " Manual pages: $F" 5448echo " PID file: $G" 5449echo " Privilege separation chroot path: $H" 5450if test "x$external_path_file" = "x/etc/login.conf" ; then 5451echo " At runtime, sshd will use the path defined in $external_path_file" 5452echo " Make sure the path to scp is present, otherwise scp will not work" 5453else 5454echo " sshd default user PATH: $I" 5455 if test ! -z "$external_path_file"; then 5456echo " (If PATH is set in $external_path_file it will be used instead. If" 5457echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5458 fi 5459fi 5460if test ! -z "$superuser_path" ; then 5461echo " sshd superuser user PATH: $J" 5462fi 5463echo " Manpage format: $MANTYPE" 5464echo " PAM support: $PAM_MSG" 5465echo " OSF SIA support: $SIA_MSG" 5466echo " KerberosV support: $KRB5_MSG" 5467echo " SELinux support: $SELINUX_MSG" 5468echo " MD5 password support: $MD5_MSG" 5469echo " libedit support: $LIBEDIT_MSG" 5470echo " libldns support: $LDNS_MSG" 5471echo " Solaris process contract support: $SPC_MSG" 5472echo " Solaris project support: $SP_MSG" 5473echo " Solaris privilege support: $SPP_MSG" 5474echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5475echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5476echo " BSD Auth support: $BSD_AUTH_MSG" 5477echo " Random number source: $RAND_MSG" 5478echo " Privsep sandbox style: $SANDBOX_STYLE" 5479echo " PKCS#11 support: $enable_pkcs11" 5480echo " U2F/FIDO support: $enable_sk" 5481 5482echo "" 5483 5484echo " Host: ${host}" 5485echo " Compiler: ${CC}" 5486echo " Compiler flags: ${CFLAGS}" 5487echo "Preprocessor flags: ${CPPFLAGS}" 5488echo " Linker flags: ${LDFLAGS}" 5489echo " Libraries: ${LIBS}" 5490if test ! -z "${SSHDLIBS}"; then 5491echo " +for sshd: ${SSHDLIBS}" 5492fi 5493 5494echo "" 5495 5496if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5497 echo "SVR4 style packages are supported with \"make package\"" 5498 echo "" 5499fi 5500 5501if test "x$PAM_MSG" = "xyes" ; then 5502 echo "PAM is enabled. You may need to install a PAM control file " 5503 echo "for sshd, otherwise password authentication may fail. " 5504 echo "Example PAM control files can be found in the contrib/ " 5505 echo "subdirectory" 5506 echo "" 5507fi 5508 5509if test ! -z "$NO_PEERCHECK" ; then 5510 echo "WARNING: the operating system that you are using does not" 5511 echo "appear to support getpeereid(), getpeerucred() or the" 5512 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5513 echo "enforce security checks to prevent unauthorised connections to" 5514 echo "ssh-agent. Their absence increases the risk that a malicious" 5515 echo "user can connect to your agent." 5516 echo "" 5517fi 5518 5519if test "$AUDIT_MODULE" = "bsm" ; then 5520 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5521 echo "See the Solaris section in README.platform for details." 5522fi 5523