1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_REVISION($Revision: 1.583 $) 18AC_CONFIG_SRCDIR([ssh.c]) 19AC_LANG([C]) 20 21AC_CONFIG_HEADER([config.h]) 22AC_PROG_CC([cc gcc]) 23AC_CANONICAL_HOST 24AC_C_BIGENDIAN 25 26# Checks for programs. 27AC_PROG_AWK 28AC_PROG_CPP 29AC_PROG_RANLIB 30AC_PROG_INSTALL 31AC_PROG_EGREP 32AC_PROG_MKDIR_P 33AC_CHECK_TOOLS([AR], [ar]) 34AC_PATH_PROG([CAT], [cat]) 35AC_PATH_PROG([KILL], [kill]) 36AC_PATH_PROG([SED], [sed]) 37AC_PATH_PROG([ENT], [ent]) 38AC_SUBST([ENT]) 39AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 40AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 41AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 42AC_PATH_PROG([SH], [sh]) 43AC_PATH_PROG([GROFF], [groff]) 44AC_PATH_PROG([NROFF], [nroff awf]) 45AC_PATH_PROG([MANDOC], [mandoc]) 46AC_SUBST([TEST_SHELL], [sh]) 47 48dnl select manpage formatter to be used to build "cat" format pages. 49if test "x$MANDOC" != "x" ; then 50 MANFMT="$MANDOC" 51elif test "x$NROFF" != "x" ; then 52 MANFMT="$NROFF -mandoc" 53elif test "x$GROFF" != "x" ; then 54 MANFMT="$GROFF -mandoc -Tascii" 55else 56 AC_MSG_WARN([no manpage formatter found]) 57 MANFMT="false" 58fi 59AC_SUBST([MANFMT]) 60 61dnl for buildpkg.sh 62AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 63 [/usr/sbin${PATH_SEPARATOR}/etc]) 64AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 65 [/usr/sbin${PATH_SEPARATOR}/etc]) 66AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 67if test -x /sbin/sh; then 68 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 69else 70 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 71fi 72 73# System features 74AC_SYS_LARGEFILE 75 76if test -z "$AR" ; then 77 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 78fi 79 80AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 81if test ! -z "$PATH_PASSWD_PROG" ; then 82 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 83 [Full path of your "passwd" program]) 84fi 85 86dnl Since autoconf doesn't support it very well, we no longer allow users to 87dnl override LD, however keeping the hook here for now in case there's a use 88dnl use case we overlooked and someone needs to re-enable it. Unless a good 89dnl reason is found we'll be removing this in future. 90LD="$CC" 91AC_SUBST([LD]) 92 93AC_C_INLINE 94 95AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 96AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 97AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 98 #include <sys/types.h> 99 #include <sys/param.h> 100 #include <dev/systrace.h> 101]) 102AC_CHECK_DECL([RLIMIT_NPROC], 103 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 104 #include <sys/types.h> 105 #include <sys/resource.h> 106]) 107AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 108 #include <sys/types.h> 109 #include <linux/prctl.h> 110]) 111 112openssl=yes 113AC_ARG_WITH([openssl], 114 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 115 [ if test "x$withval" = "xno" ; then 116 openssl=no 117 fi 118 ] 119) 120AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 121if test "x$openssl" = "xyes" ; then 122 AC_MSG_RESULT([yes]) 123 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 124else 125 AC_MSG_RESULT([no]) 126fi 127 128use_stack_protector=1 129use_toolchain_hardening=1 130AC_ARG_WITH([stackprotect], 131 [ --without-stackprotect Don't use compiler's stack protection], [ 132 if test "x$withval" = "xno"; then 133 use_stack_protector=0 134 fi ]) 135AC_ARG_WITH([hardening], 136 [ --without-hardening Don't use toolchain hardening flags], [ 137 if test "x$withval" = "xno"; then 138 use_toolchain_hardening=0 139 fi ]) 140 141# We use -Werror for the tests only so that we catch warnings like "this is 142# on by default" for things like -fPIE. 143AC_MSG_CHECKING([if $CC supports -Werror]) 144saved_CFLAGS="$CFLAGS" 145CFLAGS="$CFLAGS -Werror" 146AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 147 [ AC_MSG_RESULT([yes]) 148 WERROR="-Werror"], 149 [ AC_MSG_RESULT([no]) 150 WERROR="" ] 151) 152CFLAGS="$saved_CFLAGS" 153 154if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 155 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 156 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 157 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 158 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 159 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 160 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 161 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 162 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 163 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 164 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 165 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 166 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 167 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 168 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 169 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 170 if test "x$use_toolchain_hardening" = "x1"; then 171 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 172 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 173 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 174 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 175 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 176 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 177 # NB. -ftrapv expects certain support functions to be present in 178 # the compiler library (libgcc or similar) to detect integer operations 179 # that can overflow. We must check that the result of enabling it 180 # actually links. The test program compiled/linked includes a number 181 # of integer operations that should exercise this. 182 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 183 fi 184 AC_MSG_CHECKING([gcc version]) 185 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 186 case $GCC_VER in 187 1.*) no_attrib_nonnull=1 ;; 188 2.8* | 2.9*) 189 no_attrib_nonnull=1 190 ;; 191 2.*) no_attrib_nonnull=1 ;; 192 *) ;; 193 esac 194 AC_MSG_RESULT([$GCC_VER]) 195 196 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 197 saved_CFLAGS="$CFLAGS" 198 CFLAGS="$CFLAGS -fno-builtin-memset" 199 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 200 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 201 [ AC_MSG_RESULT([yes]) ], 202 [ AC_MSG_RESULT([no]) 203 CFLAGS="$saved_CFLAGS" ] 204 ) 205 206 # -fstack-protector-all doesn't always work for some GCC versions 207 # and/or platforms, so we test if we can. If it's not supported 208 # on a given platform gcc will emit a warning so we use -Werror. 209 if test "x$use_stack_protector" = "x1"; then 210 for t in -fstack-protector-strong -fstack-protector-all \ 211 -fstack-protector; do 212 AC_MSG_CHECKING([if $CC supports $t]) 213 saved_CFLAGS="$CFLAGS" 214 saved_LDFLAGS="$LDFLAGS" 215 CFLAGS="$CFLAGS $t -Werror" 216 LDFLAGS="$LDFLAGS $t -Werror" 217 AC_LINK_IFELSE( 218 [AC_LANG_PROGRAM([[ 219 #include <stdio.h> 220 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 221 ]], 222 [[ 223 char x[256]; 224 snprintf(x, sizeof(x), "XXX%d", func(1)); 225 ]])], 226 [ AC_MSG_RESULT([yes]) 227 CFLAGS="$saved_CFLAGS $t" 228 LDFLAGS="$saved_LDFLAGS $t" 229 AC_MSG_CHECKING([if $t works]) 230 AC_RUN_IFELSE( 231 [AC_LANG_PROGRAM([[ 232 #include <stdio.h> 233 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 234 ]], 235 [[ 236 char x[256]; 237 snprintf(x, sizeof(x), "XXX%d", func(1)); 238 ]])], 239 [ AC_MSG_RESULT([yes]) 240 break ], 241 [ AC_MSG_RESULT([no]) ], 242 [ AC_MSG_WARN([cross compiling: cannot test]) 243 break ] 244 ) 245 ], 246 [ AC_MSG_RESULT([no]) ] 247 ) 248 CFLAGS="$saved_CFLAGS" 249 LDFLAGS="$saved_LDFLAGS" 250 done 251 fi 252 253 if test -z "$have_llong_max"; then 254 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 255 unset ac_cv_have_decl_LLONG_MAX 256 saved_CFLAGS="$CFLAGS" 257 CFLAGS="$CFLAGS -std=gnu99" 258 AC_CHECK_DECL([LLONG_MAX], 259 [have_llong_max=1], 260 [CFLAGS="$saved_CFLAGS"], 261 [#include <limits.h>] 262 ) 263 fi 264fi 265 266AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 267AC_COMPILE_IFELSE( 268 [AC_LANG_PROGRAM([[ 269#include <stdlib.h> 270__attribute__((__unused__)) static void foo(void){return;}]], 271 [[ exit(0); ]])], 272 [ AC_MSG_RESULT([yes]) ], 273 [ AC_MSG_RESULT([no]) 274 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 275 [compiler does not accept __attribute__ on return types]) ] 276) 277 278AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 279AC_COMPILE_IFELSE( 280 [AC_LANG_PROGRAM([[ 281#include <stdlib.h> 282typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 283 [[ exit(0); ]])], 284 [ AC_MSG_RESULT([yes]) ], 285 [ AC_MSG_RESULT([no]) 286 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 287 [compiler does not accept __attribute__ on prototype args]) ] 288) 289 290if test "x$no_attrib_nonnull" != "x1" ; then 291 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 292fi 293 294AC_ARG_WITH([rpath], 295 [ --without-rpath Disable auto-added -R linker paths], 296 [ 297 if test "x$withval" = "xno" ; then 298 rpath_opt="" 299 elif test "x$withval" = "xyes" ; then 300 rpath_opt="-R" 301 else 302 rpath_opt="$withval" 303 fi 304 ] 305) 306 307# Allow user to specify flags 308AC_ARG_WITH([cflags], 309 [ --with-cflags Specify additional flags to pass to compiler], 310 [ 311 if test -n "$withval" && test "x$withval" != "xno" && \ 312 test "x${withval}" != "xyes"; then 313 CFLAGS="$CFLAGS $withval" 314 fi 315 ] 316) 317 318AC_ARG_WITH([cflags-after], 319 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 320 [ 321 if test -n "$withval" && test "x$withval" != "xno" && \ 322 test "x${withval}" != "xyes"; then 323 CFLAGS_AFTER="$withval" 324 fi 325 ] 326) 327AC_ARG_WITH([cppflags], 328 [ --with-cppflags Specify additional flags to pass to preprocessor] , 329 [ 330 if test -n "$withval" && test "x$withval" != "xno" && \ 331 test "x${withval}" != "xyes"; then 332 CPPFLAGS="$CPPFLAGS $withval" 333 fi 334 ] 335) 336AC_ARG_WITH([ldflags], 337 [ --with-ldflags Specify additional flags to pass to linker], 338 [ 339 if test -n "$withval" && test "x$withval" != "xno" && \ 340 test "x${withval}" != "xyes"; then 341 LDFLAGS="$LDFLAGS $withval" 342 fi 343 ] 344) 345AC_ARG_WITH([ldflags-after], 346 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 347 [ 348 if test -n "$withval" && test "x$withval" != "xno" && \ 349 test "x${withval}" != "xyes"; then 350 LDFLAGS_AFTER="$withval" 351 fi 352 ] 353) 354AC_ARG_WITH([libs], 355 [ --with-libs Specify additional libraries to link with], 356 [ 357 if test -n "$withval" && test "x$withval" != "xno" && \ 358 test "x${withval}" != "xyes"; then 359 LIBS="$LIBS $withval" 360 fi 361 ] 362) 363AC_ARG_WITH([Werror], 364 [ --with-Werror Build main code with -Werror], 365 [ 366 if test -n "$withval" && test "x$withval" != "xno"; then 367 werror_flags="-Werror" 368 if test "x${withval}" != "xyes"; then 369 werror_flags="$withval" 370 fi 371 fi 372 ] 373) 374 375AC_CHECK_HEADERS([ \ 376 blf.h \ 377 bstring.h \ 378 crypt.h \ 379 crypto/sha2.h \ 380 dirent.h \ 381 endian.h \ 382 elf.h \ 383 err.h \ 384 features.h \ 385 fcntl.h \ 386 floatingpoint.h \ 387 fnmatch.h \ 388 getopt.h \ 389 glob.h \ 390 ia.h \ 391 iaf.h \ 392 ifaddrs.h \ 393 inttypes.h \ 394 langinfo.h \ 395 limits.h \ 396 locale.h \ 397 login.h \ 398 maillock.h \ 399 ndir.h \ 400 net/if_tun.h \ 401 netdb.h \ 402 netgroup.h \ 403 pam/pam_appl.h \ 404 paths.h \ 405 poll.h \ 406 pty.h \ 407 readpassphrase.h \ 408 rpc/types.h \ 409 security/pam_appl.h \ 410 sha2.h \ 411 shadow.h \ 412 stddef.h \ 413 stdint.h \ 414 string.h \ 415 strings.h \ 416 sys/bitypes.h \ 417 sys/byteorder.h \ 418 sys/bsdtty.h \ 419 sys/cdefs.h \ 420 sys/dir.h \ 421 sys/file.h \ 422 sys/mman.h \ 423 sys/label.h \ 424 sys/ndir.h \ 425 sys/poll.h \ 426 sys/prctl.h \ 427 sys/pstat.h \ 428 sys/ptrace.h \ 429 sys/random.h \ 430 sys/select.h \ 431 sys/stat.h \ 432 sys/stream.h \ 433 sys/stropts.h \ 434 sys/strtio.h \ 435 sys/statvfs.h \ 436 sys/sysmacros.h \ 437 sys/time.h \ 438 sys/timers.h \ 439 sys/vfs.h \ 440 time.h \ 441 tmpdir.h \ 442 ttyent.h \ 443 ucred.h \ 444 unistd.h \ 445 usersec.h \ 446 util.h \ 447 utime.h \ 448 utmp.h \ 449 utmpx.h \ 450 vis.h \ 451 wchar.h \ 452]) 453 454# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 455# to be included first. 456AC_CHECK_HEADERS([sys/audit.h], [], [], [ 457#ifdef HAVE_SYS_TIME_H 458# include <sys/time.h> 459#endif 460#ifdef HAVE_SYS_TYPES_H 461# include <sys/types.h> 462#endif 463#ifdef HAVE_SYS_LABEL_H 464# include <sys/label.h> 465#endif 466]) 467 468# sys/capsicum.h requires sys/types.h 469AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ 470#ifdef HAVE_SYS_TYPES_H 471# include <sys/types.h> 472#endif 473]) 474 475# net/route.h requires sys/socket.h and sys/types.h. 476# sys/sysctl.h also requires sys/param.h 477AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 478#ifdef HAVE_SYS_TYPES_H 479# include <sys/types.h> 480#endif 481#include <sys/param.h> 482#include <sys/socket.h> 483]) 484 485# lastlog.h requires sys/time.h to be included first on Solaris 486AC_CHECK_HEADERS([lastlog.h], [], [], [ 487#ifdef HAVE_SYS_TIME_H 488# include <sys/time.h> 489#endif 490]) 491 492# sys/ptms.h requires sys/stream.h to be included first on Solaris 493AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 494#ifdef HAVE_SYS_STREAM_H 495# include <sys/stream.h> 496#endif 497]) 498 499# login_cap.h requires sys/types.h on NetBSD 500AC_CHECK_HEADERS([login_cap.h], [], [], [ 501#include <sys/types.h> 502]) 503 504# older BSDs need sys/param.h before sys/mount.h 505AC_CHECK_HEADERS([sys/mount.h], [], [], [ 506#include <sys/param.h> 507]) 508 509# Android requires sys/socket.h to be included before sys/un.h 510AC_CHECK_HEADERS([sys/un.h], [], [], [ 511#include <sys/types.h> 512#include <sys/socket.h> 513]) 514 515# Messages for features tested for in target-specific section 516SIA_MSG="no" 517SPC_MSG="no" 518SP_MSG="no" 519SPP_MSG="no" 520 521# Support for Solaris/Illumos privileges (this test is used by both 522# the --with-solaris-privs option and --with-sandbox=solaris). 523SOLARIS_PRIVS="no" 524 525# Check for some target-specific stuff 526case "$host" in 527*-*-aix*) 528 # Some versions of VAC won't allow macro redefinitions at 529 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 530 # particularly with older versions of vac or xlc. 531 # It also throws errors about null macro arguments, but these are 532 # not fatal. 533 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 534 AC_COMPILE_IFELSE( 535 [AC_LANG_PROGRAM([[ 536#define testmacro foo 537#define testmacro bar]], 538 [[ exit(0); ]])], 539 [ AC_MSG_RESULT([yes]) ], 540 [ AC_MSG_RESULT([no]) 541 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 542 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 543 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 544 ] 545 ) 546 547 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 548 if (test -z "$blibpath"); then 549 blibpath="/usr/lib:/lib" 550 fi 551 saved_LDFLAGS="$LDFLAGS" 552 if test "$GCC" = "yes"; then 553 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 554 else 555 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 556 fi 557 for tryflags in $flags ;do 558 if (test -z "$blibflags"); then 559 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 560 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 561 [blibflags=$tryflags], []) 562 fi 563 done 564 if (test -z "$blibflags"); then 565 AC_MSG_RESULT([not found]) 566 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 567 else 568 AC_MSG_RESULT([$blibflags]) 569 fi 570 LDFLAGS="$saved_LDFLAGS" 571 dnl Check for authenticate. Might be in libs.a on older AIXes 572 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 573 [Define if you want to enable AIX4's authenticate function])], 574 [AC_CHECK_LIB([s], [authenticate], 575 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 576 LIBS="$LIBS -ls" 577 ]) 578 ]) 579 dnl Check for various auth function declarations in headers. 580 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 581 passwdexpired, setauthdb], , , [#include <usersec.h>]) 582 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 583 AC_CHECK_DECLS([loginfailed], 584 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 585 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 586 [[ (void)loginfailed("user","host","tty",0); ]])], 587 [AC_MSG_RESULT([yes]) 588 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 589 [Define if your AIX loginfailed() function 590 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 591 ])], 592 [], 593 [#include <usersec.h>] 594 ) 595 AC_CHECK_FUNCS([getgrset setauthdb]) 596 AC_CHECK_DECL([F_CLOSEM], 597 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 598 [], 599 [ #include <limits.h> 600 #include <fcntl.h> ] 601 ) 602 check_for_aix_broken_getaddrinfo=1 603 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 604 [Define if your platform breaks doing a seteuid before a setuid]) 605 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 606 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 607 dnl AIX handles lastlog as part of its login message 608 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 609 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 610 [Some systems need a utmpx entry for /bin/login to work]) 611 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 612 [Define to a Set Process Title type if your system is 613 supported by bsd-setproctitle.c]) 614 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 615 [AIX 5.2 and 5.3 (and presumably newer) require this]) 616 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 617 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 618 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 619 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 620 ;; 621*-*-android*) 622 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 623 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 624 ;; 625*-*-cygwin*) 626 check_for_libcrypt_later=1 627 LIBS="$LIBS /usr/lib/textreadmode.o" 628 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 629 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 630 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 631 [Define to disable UID restoration test]) 632 AC_DEFINE([DISABLE_SHADOW], [1], 633 [Define if you want to disable shadow passwords]) 634 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 635 [Define if X11 doesn't support AF_UNIX sockets on that system]) 636 AC_DEFINE([DISABLE_FD_PASSING], [1], 637 [Define if your platform needs to skip post auth 638 file descriptor passing]) 639 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 640 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 641 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 642 # reasons which cause compile warnings, so we disable those warnings. 643 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 644 ;; 645*-*-dgux*) 646 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 647 [Define if your system choked on IP TOS setting]) 648 AC_DEFINE([SETEUID_BREAKS_SETUID]) 649 AC_DEFINE([BROKEN_SETREUID]) 650 AC_DEFINE([BROKEN_SETREGID]) 651 ;; 652*-*-darwin*) 653 use_pie=auto 654 AC_MSG_CHECKING([if we have working getaddrinfo]) 655 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h> 656main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 657 exit(0); 658 else 659 exit(1); 660} 661 ]])], 662 [AC_MSG_RESULT([working])], 663 [AC_MSG_RESULT([buggy]) 664 AC_DEFINE([BROKEN_GETADDRINFO], [1], 665 [getaddrinfo is broken (if present)]) 666 ], 667 [AC_MSG_RESULT([assume it is working])]) 668 AC_DEFINE([SETEUID_BREAKS_SETUID]) 669 AC_DEFINE([BROKEN_SETREUID]) 670 AC_DEFINE([BROKEN_SETREGID]) 671 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 672 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 673 [Define if your resolver libs need this for getrrsetbyname]) 674 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 675 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 676 [Use tunnel device compatibility to OpenBSD]) 677 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 678 [Prepend the address family to IP tunnel traffic]) 679 m4_pattern_allow([AU_IPv]) 680 AC_CHECK_DECL([AU_IPv4], [], 681 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 682 [#include <bsm/audit.h>] 683 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 684 [Define if pututxline updates lastlog too]) 685 ) 686 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 687 [Define to a Set Process Title type if your system is 688 supported by bsd-setproctitle.c]) 689 AC_CHECK_FUNCS([sandbox_init]) 690 AC_CHECK_HEADERS([sandbox.h]) 691 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 692 SSHDLIBS="$SSHDLIBS -lsandbox" 693 ]) 694 # proc_pidinfo()-based closefrom() replacement. 695 AC_CHECK_HEADERS([libproc.h]) 696 AC_CHECK_FUNCS([proc_pidinfo]) 697 ;; 698*-*-dragonfly*) 699 SSHDLIBS="$SSHDLIBS -lcrypt" 700 TEST_MALLOC_OPTIONS="AFGJPRX" 701 ;; 702*-*-haiku*) 703 LIBS="$LIBS -lbsd " 704 CFLAGS="$CFLAGS -D_BSD_SOURCE" 705 AC_CHECK_LIB([network], [socket]) 706 AC_DEFINE([HAVE_U_INT64_T]) 707 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 708 MANTYPE=man 709 ;; 710*-*-hpux*) 711 # first we define all of the options common to all HP-UX releases 712 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 713 IPADDR_IN_DISPLAY=yes 714 AC_DEFINE([USE_PIPES]) 715 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 716 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 717 [String used in /etc/passwd to denote locked account]) 718 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 719 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 720 maildir="/var/mail" 721 LIBS="$LIBS -lsec" 722 AC_CHECK_LIB([xnet], [t_error], , 723 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 724 725 # next, we define all of the options specific to major releases 726 case "$host" in 727 *-*-hpux10*) 728 if test -z "$GCC"; then 729 CFLAGS="$CFLAGS -Ae" 730 fi 731 ;; 732 *-*-hpux11*) 733 AC_DEFINE([PAM_SUN_CODEBASE], [1], 734 [Define if you are using Solaris-derived PAM which 735 passes pam_messages to the conversation function 736 with an extra level of indirection]) 737 AC_DEFINE([DISABLE_UTMP], [1], 738 [Define if you don't want to use utmp]) 739 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 740 check_for_hpux_broken_getaddrinfo=1 741 check_for_conflicting_getspnam=1 742 ;; 743 esac 744 745 # lastly, we define options specific to minor releases 746 case "$host" in 747 *-*-hpux10.26) 748 AC_DEFINE([HAVE_SECUREWARE], [1], 749 [Define if you have SecureWare-based 750 protected password database]) 751 disable_ptmx_check=yes 752 LIBS="$LIBS -lsecpw" 753 ;; 754 esac 755 ;; 756*-*-irix5*) 757 PATH="$PATH:/usr/etc" 758 AC_DEFINE([BROKEN_INET_NTOA], [1], 759 [Define if you system's inet_ntoa is busted 760 (e.g. Irix gcc issue)]) 761 AC_DEFINE([SETEUID_BREAKS_SETUID]) 762 AC_DEFINE([BROKEN_SETREUID]) 763 AC_DEFINE([BROKEN_SETREGID]) 764 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 765 [Define if you shouldn't strip 'tty' from your 766 ttyname in [uw]tmp]) 767 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 768 ;; 769*-*-irix6*) 770 PATH="$PATH:/usr/etc" 771 AC_DEFINE([WITH_IRIX_ARRAY], [1], 772 [Define if you have/want arrays 773 (cluster-wide session management, not C arrays)]) 774 AC_DEFINE([WITH_IRIX_PROJECT], [1], 775 [Define if you want IRIX project management]) 776 AC_DEFINE([WITH_IRIX_AUDIT], [1], 777 [Define if you want IRIX audit trails]) 778 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 779 [Define if you want IRIX kernel jobs])]) 780 AC_DEFINE([BROKEN_INET_NTOA]) 781 AC_DEFINE([SETEUID_BREAKS_SETUID]) 782 AC_DEFINE([BROKEN_SETREUID]) 783 AC_DEFINE([BROKEN_SETREGID]) 784 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 785 AC_DEFINE([WITH_ABBREV_NO_TTY]) 786 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 787 ;; 788*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 789 check_for_libcrypt_later=1 790 AC_DEFINE([PAM_TTY_KLUDGE]) 791 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 792 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 793 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 794 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 795 ;; 796*-*-linux*) 797 no_dev_ptmx=1 798 use_pie=auto 799 check_for_libcrypt_later=1 800 check_for_openpty_ctty_bug=1 801 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 802 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 803 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" 804 AC_DEFINE([PAM_TTY_KLUDGE], [1], 805 [Work around problematic Linux PAM modules handling of PAM_TTY]) 806 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 807 [String used in /etc/passwd to denote locked account]) 808 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 809 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 810 [Define to whatever link() returns for "not supported" 811 if it doesn't return EOPNOTSUPP.]) 812 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 813 AC_DEFINE([USE_BTMP]) 814 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 815 inet6_default_4in6=yes 816 case `uname -r` in 817 1.*|2.0.*) 818 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 819 [Define if cmsg_type is not passed correctly]) 820 ;; 821 esac 822 # tun(4) forwarding compat code 823 AC_CHECK_HEADERS([linux/if_tun.h]) 824 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 825 AC_DEFINE([SSH_TUN_LINUX], [1], 826 [Open tunnel devices the Linux tun/tap way]) 827 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 828 [Use tunnel device compatibility to OpenBSD]) 829 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 830 [Prepend the address family to IP tunnel traffic]) 831 fi 832 AC_CHECK_HEADER([linux/if.h], 833 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 834 [Support routing domains using Linux VRF]), [], [ 835#ifdef HAVE_SYS_TYPES_H 836# include <sys/types.h> 837#endif 838 ]) 839 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 840 [], [#include <linux/types.h>]) 841 # Obtain MIPS ABI 842 case "$host" in 843 mips*) 844 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 845#if _MIPS_SIM != _ABIO32 846#error 847#endif 848 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 849#if _MIPS_SIM != _ABIN32 850#error 851#endif 852 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 853#if _MIPS_SIM != _ABI64 854#error 855#endif 856 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 857 ]) 858 ]) 859 ]) 860 ;; 861 esac 862 AC_MSG_CHECKING([for seccomp architecture]) 863 seccomp_audit_arch= 864 case "$host" in 865 x86_64-*) 866 seccomp_audit_arch=AUDIT_ARCH_X86_64 867 ;; 868 i*86-*) 869 seccomp_audit_arch=AUDIT_ARCH_I386 870 ;; 871 arm*-*) 872 seccomp_audit_arch=AUDIT_ARCH_ARM 873 ;; 874 aarch64*-*) 875 seccomp_audit_arch=AUDIT_ARCH_AARCH64 876 ;; 877 s390x-*) 878 seccomp_audit_arch=AUDIT_ARCH_S390X 879 ;; 880 s390-*) 881 seccomp_audit_arch=AUDIT_ARCH_S390 882 ;; 883 powerpc64-*) 884 seccomp_audit_arch=AUDIT_ARCH_PPC64 885 ;; 886 powerpc64le-*) 887 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 888 ;; 889 mips-*) 890 seccomp_audit_arch=AUDIT_ARCH_MIPS 891 ;; 892 mipsel-*) 893 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 894 ;; 895 mips64-*) 896 case "$mips_abi" in 897 "n32") 898 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 899 ;; 900 "n64") 901 seccomp_audit_arch=AUDIT_ARCH_MIPS64 902 ;; 903 esac 904 ;; 905 mips64el-*) 906 case "$mips_abi" in 907 "n32") 908 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 909 ;; 910 "n64") 911 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 912 ;; 913 esac 914 ;; 915 riscv64-*) 916 seccomp_audit_arch=AUDIT_ARCH_RISCV64 917 ;; 918 esac 919 if test "x$seccomp_audit_arch" != "x" ; then 920 AC_MSG_RESULT(["$seccomp_audit_arch"]) 921 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 922 [Specify the system call convention in use]) 923 else 924 AC_MSG_RESULT([architecture not supported]) 925 fi 926 ;; 927mips-sony-bsd|mips-sony-newsos4) 928 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 929 SONY=1 930 ;; 931*-*-netbsd*) 932 check_for_libcrypt_before=1 933 if test "x$withval" != "xno" ; then 934 rpath_opt="-R" 935 fi 936 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 937 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 938 AC_CHECK_HEADER([net/if_tap.h], , 939 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 940 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 941 [Prepend the address family to IP tunnel traffic]) 942 TEST_MALLOC_OPTIONS="AJRX" 943 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 944 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 945 ;; 946*-*-freebsd*) 947 check_for_libcrypt_later=1 948 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 949 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 950 AC_CHECK_HEADER([net/if_tap.h], , 951 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 952 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 953 TEST_MALLOC_OPTIONS="AJRX" 954 # Preauth crypto occasionally uses file descriptors for crypto offload 955 # and will crash if they cannot be opened. 956 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 957 [define if setrlimit RLIMIT_NOFILE breaks things]) 958 ;; 959*-*-bsdi*) 960 AC_DEFINE([SETEUID_BREAKS_SETUID]) 961 AC_DEFINE([BROKEN_SETREUID]) 962 AC_DEFINE([BROKEN_SETREGID]) 963 ;; 964*-next-*) 965 conf_lastlog_location="/usr/adm/lastlog" 966 conf_utmp_location=/etc/utmp 967 conf_wtmp_location=/usr/adm/wtmp 968 maildir=/usr/spool/mail 969 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 970 AC_DEFINE([USE_PIPES]) 971 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 972 ;; 973*-*-openbsd*) 974 use_pie=auto 975 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 976 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 977 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 978 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 979 [syslog_r function is safe to use in in a signal handler]) 980 TEST_MALLOC_OPTIONS="AFGJPRX" 981 ;; 982*-*-solaris*) 983 if test "x$withval" != "xno" ; then 984 rpath_opt="-R" 985 fi 986 AC_DEFINE([PAM_SUN_CODEBASE]) 987 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 988 AC_DEFINE([PAM_TTY_KLUDGE]) 989 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 990 [Define if pam_chauthtok wants real uid set 991 to the unpriv'ed user]) 992 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 993 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 994 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 995 [Define if sshd somehow reacquires a controlling TTY 996 after setsid()]) 997 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 998 in case the name is longer than 8 chars]) 999 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1000 external_path_file=/etc/default/login 1001 # hardwire lastlog location (can't detect it on some versions) 1002 conf_lastlog_location="/var/adm/lastlog" 1003 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1004 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1005 if test "$sol2ver" -ge 8; then 1006 AC_MSG_RESULT([yes]) 1007 AC_DEFINE([DISABLE_UTMP]) 1008 AC_DEFINE([DISABLE_WTMP], [1], 1009 [Define if you don't want to use wtmp]) 1010 else 1011 AC_MSG_RESULT([no]) 1012 fi 1013 AC_CHECK_FUNCS([setpflags]) 1014 AC_CHECK_FUNCS([setppriv]) 1015 AC_CHECK_FUNCS([priv_basicset]) 1016 AC_CHECK_HEADERS([priv.h]) 1017 AC_ARG_WITH([solaris-contracts], 1018 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1019 [ 1020 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1021 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1022 [Define if you have Solaris process contracts]) 1023 LIBS="$LIBS -lcontract" 1024 SPC_MSG="yes" ], ) 1025 ], 1026 ) 1027 AC_ARG_WITH([solaris-projects], 1028 [ --with-solaris-projects Enable Solaris projects (experimental)], 1029 [ 1030 AC_CHECK_LIB([project], [setproject], 1031 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1032 [Define if you have Solaris projects]) 1033 LIBS="$LIBS -lproject" 1034 SP_MSG="yes" ], ) 1035 ], 1036 ) 1037 AC_ARG_WITH([solaris-privs], 1038 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1039 [ 1040 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1041 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1042 "x$ac_cv_header_priv_h" = "xyes" ; then 1043 SOLARIS_PRIVS=yes 1044 AC_MSG_RESULT([found]) 1045 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1046 [Define to disable UID restoration test]) 1047 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1048 [Define if you have Solaris privileges]) 1049 SPP_MSG="yes" 1050 else 1051 AC_MSG_RESULT([not found]) 1052 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1053 fi 1054 ], 1055 ) 1056 TEST_SHELL=$SHELL # let configure find us a capable shell 1057 ;; 1058*-*-sunos4*) 1059 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1060 AC_CHECK_FUNCS([getpwanam]) 1061 AC_DEFINE([PAM_SUN_CODEBASE]) 1062 conf_utmp_location=/etc/utmp 1063 conf_wtmp_location=/var/adm/wtmp 1064 conf_lastlog_location=/var/adm/lastlog 1065 AC_DEFINE([USE_PIPES]) 1066 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1067 ;; 1068*-ncr-sysv*) 1069 LIBS="$LIBS -lc89" 1070 AC_DEFINE([USE_PIPES]) 1071 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1072 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1073 AC_DEFINE([BROKEN_SETREUID]) 1074 AC_DEFINE([BROKEN_SETREGID]) 1075 ;; 1076*-sni-sysv*) 1077 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1078 AC_CHECK_LIB([dl], [dlsym], ,) 1079 # -lresolv needs to be at the end of LIBS or DNS lookups break 1080 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1081 IPADDR_IN_DISPLAY=yes 1082 AC_DEFINE([USE_PIPES]) 1083 AC_DEFINE([IP_TOS_IS_BROKEN]) 1084 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1085 AC_DEFINE([BROKEN_SETREUID]) 1086 AC_DEFINE([BROKEN_SETREGID]) 1087 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1088 external_path_file=/etc/default/login 1089 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1090 # Attention: always take care to bind libsocket and libnsl before libc, 1091 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1092 ;; 1093# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1094*-*-sysv4.2*) 1095 AC_DEFINE([USE_PIPES]) 1096 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1097 AC_DEFINE([BROKEN_SETREUID]) 1098 AC_DEFINE([BROKEN_SETREGID]) 1099 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1100 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1101 TEST_SHELL=$SHELL # let configure find us a capable shell 1102 ;; 1103# UnixWare 7.x, OpenUNIX 8 1104*-*-sysv5*) 1105 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1106 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1107 AC_DEFINE([USE_PIPES]) 1108 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1109 AC_DEFINE([BROKEN_GETADDRINFO]) 1110 AC_DEFINE([BROKEN_SETREUID]) 1111 AC_DEFINE([BROKEN_SETREGID]) 1112 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1113 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1114 TEST_SHELL=$SHELL # let configure find us a capable shell 1115 check_for_libcrypt_later=1 1116 case "$host" in 1117 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1118 maildir=/var/spool/mail 1119 AC_DEFINE([BROKEN_UPDWTMPX]) 1120 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1121 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1122 ], , ) 1123 ;; 1124 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1125 ;; 1126 esac 1127 ;; 1128*-*-sysv*) 1129 ;; 1130# SCO UNIX and OEM versions of SCO UNIX 1131*-*-sco3.2v4*) 1132 AC_MSG_ERROR("This Platform is no longer supported.") 1133 ;; 1134# SCO OpenServer 5.x 1135*-*-sco3.2v5*) 1136 if test -z "$GCC"; then 1137 CFLAGS="$CFLAGS -belf" 1138 fi 1139 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1140 no_dev_ptmx=1 1141 AC_DEFINE([USE_PIPES]) 1142 AC_DEFINE([HAVE_SECUREWARE]) 1143 AC_DEFINE([DISABLE_SHADOW]) 1144 AC_DEFINE([DISABLE_FD_PASSING]) 1145 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1146 AC_DEFINE([BROKEN_GETADDRINFO]) 1147 AC_DEFINE([BROKEN_SETREUID]) 1148 AC_DEFINE([BROKEN_SETREGID]) 1149 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1150 AC_DEFINE([BROKEN_UPDWTMPX]) 1151 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1152 AC_CHECK_FUNCS([getluid setluid]) 1153 MANTYPE=man 1154 TEST_SHELL=$SHELL # let configure find us a capable shell 1155 SKIP_DISABLE_LASTLOG_DEFINE=yes 1156 ;; 1157*-dec-osf*) 1158 AC_MSG_CHECKING([for Digital Unix SIA]) 1159 no_osfsia="" 1160 AC_ARG_WITH([osfsia], 1161 [ --with-osfsia Enable Digital Unix SIA], 1162 [ 1163 if test "x$withval" = "xno" ; then 1164 AC_MSG_RESULT([disabled]) 1165 no_osfsia=1 1166 fi 1167 ], 1168 ) 1169 if test -z "$no_osfsia" ; then 1170 if test -f /etc/sia/matrix.conf; then 1171 AC_MSG_RESULT([yes]) 1172 AC_DEFINE([HAVE_OSF_SIA], [1], 1173 [Define if you have Digital Unix Security 1174 Integration Architecture]) 1175 AC_DEFINE([DISABLE_LOGIN], [1], 1176 [Define if you don't want to use your 1177 system's login() call]) 1178 AC_DEFINE([DISABLE_FD_PASSING]) 1179 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1180 SIA_MSG="yes" 1181 else 1182 AC_MSG_RESULT([no]) 1183 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1184 [String used in /etc/passwd to denote locked account]) 1185 fi 1186 fi 1187 AC_DEFINE([BROKEN_GETADDRINFO]) 1188 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1189 AC_DEFINE([BROKEN_SETREUID]) 1190 AC_DEFINE([BROKEN_SETREGID]) 1191 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1192 ;; 1193 1194*-*-nto-qnx*) 1195 AC_DEFINE([USE_PIPES]) 1196 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1197 AC_DEFINE([DISABLE_LASTLOG]) 1198 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1199 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1200 enable_etc_default_login=no # has incompatible /etc/default/login 1201 case "$host" in 1202 *-*-nto-qnx6*) 1203 AC_DEFINE([DISABLE_FD_PASSING]) 1204 ;; 1205 esac 1206 ;; 1207 1208*-*-ultrix*) 1209 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1210 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1211 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1212 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1213 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1214 # don't get a controlling tty. 1215 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1216 # On Ultrix some headers are not protected against multiple includes, 1217 # so we create wrappers and put it where the compiler will find it. 1218 AC_MSG_WARN([creating compat wrappers for headers]) 1219 mkdir -p netinet 1220 for header in netinet/ip.h netdb.h resolv.h; do 1221 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1222 cat >$header <<EOD 1223#ifndef _SSH_COMPAT_${name} 1224#define _SSH_COMPAT_${name} 1225#include "/usr/include/${header}" 1226#endif 1227EOD 1228 done 1229 ;; 1230 1231*-*-lynxos) 1232 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1233 AC_DEFINE([BROKEN_SETVBUF], [1], 1234 [LynxOS has broken setvbuf() implementation]) 1235 ;; 1236esac 1237 1238AC_MSG_CHECKING([compiler and flags for sanity]) 1239AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], 1240 [ AC_MSG_RESULT([yes]) ], 1241 [ 1242 AC_MSG_RESULT([no]) 1243 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1244 ], 1245 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1246) 1247 1248dnl Checks for header files. 1249# Checks for libraries. 1250AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1251 1252dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1253AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1254 AC_CHECK_LIB([gen], [dirname], [ 1255 AC_CACHE_CHECK([for broken dirname], 1256 ac_cv_have_broken_dirname, [ 1257 save_LIBS="$LIBS" 1258 LIBS="$LIBS -lgen" 1259 AC_RUN_IFELSE( 1260 [AC_LANG_SOURCE([[ 1261#include <libgen.h> 1262#include <string.h> 1263 1264int main(int argc, char **argv) { 1265 char *s, buf[32]; 1266 1267 strncpy(buf,"/etc", 32); 1268 s = dirname(buf); 1269 if (!s || strncmp(s, "/", 32) != 0) { 1270 exit(1); 1271 } else { 1272 exit(0); 1273 } 1274} 1275 ]])], 1276 [ ac_cv_have_broken_dirname="no" ], 1277 [ ac_cv_have_broken_dirname="yes" ], 1278 [ ac_cv_have_broken_dirname="no" ], 1279 ) 1280 LIBS="$save_LIBS" 1281 ]) 1282 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1283 LIBS="$LIBS -lgen" 1284 AC_DEFINE([HAVE_DIRNAME]) 1285 AC_CHECK_HEADERS([libgen.h]) 1286 fi 1287 ]) 1288]) 1289 1290AC_CHECK_FUNC([getspnam], , 1291 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1292AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1293 [Define if you have the basename function.])]) 1294 1295dnl zlib defaults to enabled 1296zlib=yes 1297AC_ARG_WITH([zlib], 1298 [ --with-zlib=PATH Use zlib in PATH], 1299 [ if test "x$withval" = "xno" ; then 1300 zlib=no 1301 elif test "x$withval" != "xyes"; then 1302 if test -d "$withval/lib"; then 1303 if test -n "${rpath_opt}"; then 1304 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1305 else 1306 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1307 fi 1308 else 1309 if test -n "${rpath_opt}"; then 1310 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1311 else 1312 LDFLAGS="-L${withval} ${LDFLAGS}" 1313 fi 1314 fi 1315 if test -d "$withval/include"; then 1316 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1317 else 1318 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1319 fi 1320 fi ] 1321) 1322 1323AC_MSG_CHECKING([for zlib]) 1324if test "x${zlib}" = "xno"; then 1325 AC_MSG_RESULT([no]) 1326else 1327 AC_MSG_RESULT([yes]) 1328 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1329 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1330 AC_CHECK_LIB([z], [deflate], , 1331 [ 1332 saved_CPPFLAGS="$CPPFLAGS" 1333 saved_LDFLAGS="$LDFLAGS" 1334 save_LIBS="$LIBS" 1335 dnl Check default zlib install dir 1336 if test -n "${rpath_opt}"; then 1337 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1338 else 1339 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1340 fi 1341 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1342 LIBS="$LIBS -lz" 1343 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1344 [ 1345 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1346 ] 1347 ) 1348 ] 1349 ) 1350 1351 AC_ARG_WITH([zlib-version-check], 1352 [ --without-zlib-version-check Disable zlib version check], 1353 [ if test "x$withval" = "xno" ; then 1354 zlib_check_nonfatal=1 1355 fi 1356 ] 1357 ) 1358 1359 AC_MSG_CHECKING([for possibly buggy zlib]) 1360 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1361#include <stdio.h> 1362#include <stdlib.h> 1363#include <zlib.h> 1364 ]], 1365 [[ 1366 int a=0, b=0, c=0, d=0, n, v; 1367 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1368 if (n != 3 && n != 4) 1369 exit(1); 1370 v = a*1000000 + b*10000 + c*100 + d; 1371 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1372 1373 /* 1.1.4 is OK */ 1374 if (a == 1 && b == 1 && c >= 4) 1375 exit(0); 1376 1377 /* 1.2.3 and up are OK */ 1378 if (v >= 1020300) 1379 exit(0); 1380 1381 exit(2); 1382 ]])], 1383 AC_MSG_RESULT([no]), 1384 [ AC_MSG_RESULT([yes]) 1385 if test -z "$zlib_check_nonfatal" ; then 1386 AC_MSG_ERROR([*** zlib too old - check config.log *** 1387Your reported zlib version has known security problems. It's possible your 1388vendor has fixed these problems without changing the version number. If you 1389are sure this is the case, you can disable the check by running 1390"./configure --without-zlib-version-check". 1391If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1392See http://www.gzip.org/zlib/ for details.]) 1393 else 1394 AC_MSG_WARN([zlib version may have security problems]) 1395 fi 1396 ], 1397 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1398 ) 1399fi 1400 1401dnl UnixWare 2.x 1402AC_CHECK_FUNC([strcasecmp], 1403 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1404) 1405AC_CHECK_FUNCS([utimes], 1406 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1407 LIBS="$LIBS -lc89"]) ] 1408) 1409 1410dnl Checks for libutil functions 1411AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1412AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1413AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1414AC_SEARCH_LIBS([login], [util bsd]) 1415AC_SEARCH_LIBS([logout], [util bsd]) 1416AC_SEARCH_LIBS([logwtmp], [util bsd]) 1417AC_SEARCH_LIBS([openpty], [util bsd]) 1418AC_SEARCH_LIBS([updwtmp], [util bsd]) 1419AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1420 1421# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1422# or libnsl. 1423AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1424AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1425 1426# "Particular Function Checks" 1427# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1428AC_FUNC_STRFTIME 1429AC_FUNC_MALLOC 1430AC_FUNC_REALLOC 1431# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1432AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1433AC_RUN_IFELSE( 1434 [AC_LANG_PROGRAM( 1435 [[ #include <stdlib.h> ]], 1436 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1437 )], 1438 [ func_calloc_0_nonnull=yes ], 1439 [ func_calloc_0_nonnull=no ], 1440 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1441 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1442) 1443AC_MSG_RESULT([$func_calloc_0_nonnull]) 1444 1445if test "x$func_calloc_0_nonnull" = "xyes"; then 1446 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1447else 1448 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1449 AC_DEFINE(calloc, rpl_calloc, 1450 [Define to rpl_calloc if the replacement function should be used.]) 1451fi 1452 1453# Check for ALTDIRFUNC glob() extension 1454AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1455AC_EGREP_CPP([FOUNDIT], 1456 [ 1457 #include <glob.h> 1458 #ifdef GLOB_ALTDIRFUNC 1459 FOUNDIT 1460 #endif 1461 ], 1462 [ 1463 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1464 [Define if your system glob() function has 1465 the GLOB_ALTDIRFUNC extension]) 1466 AC_MSG_RESULT([yes]) 1467 ], 1468 [ 1469 AC_MSG_RESULT([no]) 1470 ] 1471) 1472 1473# Check for g.gl_matchc glob() extension 1474AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1475AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1476 [[ glob_t g; g.gl_matchc = 1; ]])], 1477 [ 1478 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1479 [Define if your system glob() function has 1480 gl_matchc options in glob_t]) 1481 AC_MSG_RESULT([yes]) 1482 ], [ 1483 AC_MSG_RESULT([no]) 1484]) 1485 1486# Check for g.gl_statv glob() extension 1487AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1488AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1489#ifndef GLOB_KEEPSTAT 1490#error "glob does not support GLOB_KEEPSTAT extension" 1491#endif 1492glob_t g; 1493g.gl_statv = NULL; 1494]])], 1495 [ 1496 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1497 [Define if your system glob() function has 1498 gl_statv options in glob_t]) 1499 AC_MSG_RESULT([yes]) 1500 ], [ 1501 AC_MSG_RESULT([no]) 1502 1503]) 1504 1505AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1506 1507AC_CHECK_DECL([VIS_ALL], , 1508 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1509 1510AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1511AC_RUN_IFELSE( 1512 [AC_LANG_PROGRAM([[ 1513#include <sys/types.h> 1514#include <dirent.h>]], 1515 [[ 1516 struct dirent d; 1517 exit(sizeof(d.d_name)<=sizeof(char)); 1518 ]])], 1519 [AC_MSG_RESULT([yes])], 1520 [ 1521 AC_MSG_RESULT([no]) 1522 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1523 [Define if your struct dirent expects you to 1524 allocate extra space for d_name]) 1525 ], 1526 [ 1527 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1528 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1529 ] 1530) 1531 1532AC_MSG_CHECKING([for /proc/pid/fd directory]) 1533if test -d "/proc/$$/fd" ; then 1534 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1535 AC_MSG_RESULT([yes]) 1536else 1537 AC_MSG_RESULT([no]) 1538fi 1539 1540# Check whether user wants to use ldns 1541LDNS_MSG="no" 1542AC_ARG_WITH(ldns, 1543 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1544 [ 1545 ldns="" 1546 if test "x$withval" = "xyes" ; then 1547 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1548 if test "x$LDNSCONFIG" = "xno"; then 1549 LIBS="-lldns $LIBS" 1550 ldns=yes 1551 else 1552 LIBS="$LIBS `$LDNSCONFIG --libs`" 1553 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1554 ldns=yes 1555 fi 1556 elif test "x$withval" != "xno" ; then 1557 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1558 LDFLAGS="$LDFLAGS -L${withval}/lib" 1559 LIBS="-lldns $LIBS" 1560 ldns=yes 1561 fi 1562 1563 # Verify that it works. 1564 if test "x$ldns" = "xyes" ; then 1565 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1566 LDNS_MSG="yes" 1567 AC_MSG_CHECKING([for ldns support]) 1568 AC_LINK_IFELSE( 1569 [AC_LANG_SOURCE([[ 1570#include <stdio.h> 1571#include <stdlib.h> 1572#ifdef HAVE_STDINT_H 1573# include <stdint.h> 1574#endif 1575#include <ldns/ldns.h> 1576int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1577 ]]) 1578 ], 1579 [AC_MSG_RESULT(yes)], 1580 [ 1581 AC_MSG_RESULT(no) 1582 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1583 ]) 1584 fi 1585]) 1586 1587# Check whether user wants libedit support 1588LIBEDIT_MSG="no" 1589AC_ARG_WITH([libedit], 1590 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1591 [ if test "x$withval" != "xno" ; then 1592 if test "x$withval" = "xyes" ; then 1593 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1594 if test "x$PKGCONFIG" != "xno"; then 1595 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1596 if "$PKGCONFIG" libedit; then 1597 AC_MSG_RESULT([yes]) 1598 use_pkgconfig_for_libedit=yes 1599 else 1600 AC_MSG_RESULT([no]) 1601 fi 1602 fi 1603 else 1604 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1605 if test -n "${rpath_opt}"; then 1606 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1607 else 1608 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1609 fi 1610 fi 1611 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1612 LIBEDIT=`$PKGCONFIG --libs libedit` 1613 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1614 else 1615 LIBEDIT="-ledit -lcurses" 1616 fi 1617 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1618 AC_CHECK_LIB([edit], [el_init], 1619 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1620 LIBEDIT_MSG="yes" 1621 AC_SUBST([LIBEDIT]) 1622 ], 1623 [ AC_MSG_ERROR([libedit not found]) ], 1624 [ $OTHERLIBS ] 1625 ) 1626 AC_MSG_CHECKING([if libedit version is compatible]) 1627 AC_COMPILE_IFELSE( 1628 [AC_LANG_PROGRAM([[ #include <histedit.h> ]], 1629 [[ 1630 int i = H_SETSIZE; 1631 el_init("", NULL, NULL, NULL); 1632 exit(0); 1633 ]])], 1634 [ AC_MSG_RESULT([yes]) ], 1635 [ AC_MSG_RESULT([no]) 1636 AC_MSG_ERROR([libedit version is not compatible]) ] 1637 ) 1638 fi ] 1639) 1640 1641AUDIT_MODULE=none 1642AC_ARG_WITH([audit], 1643 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1644 [ 1645 AC_MSG_CHECKING([for supported audit module]) 1646 case "$withval" in 1647 bsm) 1648 AC_MSG_RESULT([bsm]) 1649 AUDIT_MODULE=bsm 1650 dnl Checks for headers, libs and functions 1651 AC_CHECK_HEADERS([bsm/audit.h], [], 1652 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1653 [ 1654#ifdef HAVE_TIME_H 1655# include <time.h> 1656#endif 1657 ] 1658) 1659 AC_CHECK_LIB([bsm], [getaudit], [], 1660 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1661 AC_CHECK_FUNCS([getaudit], [], 1662 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1663 # These are optional 1664 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1665 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1666 if test "$sol2ver" -ge 11; then 1667 SSHDLIBS="$SSHDLIBS -lscf" 1668 AC_DEFINE([BROKEN_BSM_API], [1], 1669 [The system has incomplete BSM API]) 1670 fi 1671 ;; 1672 linux) 1673 AC_MSG_RESULT([linux]) 1674 AUDIT_MODULE=linux 1675 dnl Checks for headers, libs and functions 1676 AC_CHECK_HEADERS([libaudit.h]) 1677 SSHDLIBS="$SSHDLIBS -laudit" 1678 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1679 ;; 1680 debug) 1681 AUDIT_MODULE=debug 1682 AC_MSG_RESULT([debug]) 1683 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1684 ;; 1685 no) 1686 AC_MSG_RESULT([no]) 1687 ;; 1688 *) 1689 AC_MSG_ERROR([Unknown audit module $withval]) 1690 ;; 1691 esac ] 1692) 1693 1694AC_ARG_WITH([pie], 1695 [ --with-pie Build Position Independent Executables if possible], [ 1696 if test "x$withval" = "xno"; then 1697 use_pie=no 1698 fi 1699 if test "x$withval" = "xyes"; then 1700 use_pie=yes 1701 fi 1702 ] 1703) 1704if test "x$use_pie" = "x"; then 1705 use_pie=no 1706fi 1707if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1708 # Turn off automatic PIE when toolchain hardening is off. 1709 use_pie=no 1710fi 1711if test "x$use_pie" = "xauto"; then 1712 # Automatic PIE requires gcc >= 4.x 1713 AC_MSG_CHECKING([for gcc >= 4.x]) 1714 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1715#if !defined(__GNUC__) || __GNUC__ < 4 1716#error gcc is too old 1717#endif 1718]])], 1719 [ AC_MSG_RESULT([yes]) ], 1720 [ AC_MSG_RESULT([no]) 1721 use_pie=no ] 1722) 1723fi 1724if test "x$use_pie" != "xno"; then 1725 SAVED_CFLAGS="$CFLAGS" 1726 SAVED_LDFLAGS="$LDFLAGS" 1727 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1728 OSSH_CHECK_LDFLAG_LINK([-pie]) 1729 # We use both -fPIE and -pie or neither. 1730 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1731 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1732 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1733 AC_MSG_RESULT([yes]) 1734 else 1735 AC_MSG_RESULT([no]) 1736 CFLAGS="$SAVED_CFLAGS" 1737 LDFLAGS="$SAVED_LDFLAGS" 1738 fi 1739fi 1740 1741AC_MSG_CHECKING([whether -fPIC is accepted]) 1742SAVED_CFLAGS="$CFLAGS" 1743CFLAGS="$CFLAGS -fPIC" 1744AC_COMPILE_IFELSE( 1745 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1746 [AC_MSG_RESULT([yes]) 1747 PICFLAG="-fPIC"; ], 1748 [AC_MSG_RESULT([no]) 1749 PICFLAG=""; ]) 1750CFLAGS="$SAVED_CFLAGS" 1751AC_SUBST([PICFLAG]) 1752 1753dnl Checks for library functions. Please keep in alphabetical order 1754AC_CHECK_FUNCS([ \ 1755 Blowfish_initstate \ 1756 Blowfish_expandstate \ 1757 Blowfish_expand0state \ 1758 Blowfish_stream2word \ 1759 SHA256Update \ 1760 SHA384Update \ 1761 SHA512Update \ 1762 asprintf \ 1763 b64_ntop \ 1764 __b64_ntop \ 1765 b64_pton \ 1766 __b64_pton \ 1767 bcopy \ 1768 bcrypt_pbkdf \ 1769 bindresvport_sa \ 1770 blf_enc \ 1771 bzero \ 1772 cap_rights_limit \ 1773 clock \ 1774 closefrom \ 1775 dirfd \ 1776 endgrent \ 1777 err \ 1778 errx \ 1779 explicit_bzero \ 1780 fchmod \ 1781 fchmodat \ 1782 fchown \ 1783 fchownat \ 1784 flock \ 1785 fnmatch \ 1786 freeaddrinfo \ 1787 freezero \ 1788 fstatfs \ 1789 fstatvfs \ 1790 futimes \ 1791 getaddrinfo \ 1792 getcwd \ 1793 getgrouplist \ 1794 getline \ 1795 getnameinfo \ 1796 getopt \ 1797 getpagesize \ 1798 getpeereid \ 1799 getpeerucred \ 1800 getpgid \ 1801 _getpty \ 1802 getrlimit \ 1803 getrandom \ 1804 getsid \ 1805 getttyent \ 1806 glob \ 1807 group_from_gid \ 1808 inet_aton \ 1809 inet_ntoa \ 1810 inet_ntop \ 1811 innetgr \ 1812 llabs \ 1813 localtime_r \ 1814 login_getcapbool \ 1815 md5_crypt \ 1816 memmem \ 1817 memmove \ 1818 memset_s \ 1819 mkdtemp \ 1820 ngetaddrinfo \ 1821 nsleep \ 1822 ogetaddrinfo \ 1823 openlog_r \ 1824 pledge \ 1825 poll \ 1826 prctl \ 1827 pstat \ 1828 raise \ 1829 readpassphrase \ 1830 reallocarray \ 1831 realpath \ 1832 recvmsg \ 1833 recallocarray \ 1834 rresvport_af \ 1835 sendmsg \ 1836 setdtablesize \ 1837 setegid \ 1838 setenv \ 1839 seteuid \ 1840 setgroupent \ 1841 setgroups \ 1842 setlinebuf \ 1843 setlogin \ 1844 setpassent\ 1845 setpcred \ 1846 setproctitle \ 1847 setregid \ 1848 setreuid \ 1849 setrlimit \ 1850 setsid \ 1851 setvbuf \ 1852 sigaction \ 1853 sigvec \ 1854 snprintf \ 1855 socketpair \ 1856 statfs \ 1857 statvfs \ 1858 strcasestr \ 1859 strdup \ 1860 strerror \ 1861 strlcat \ 1862 strlcpy \ 1863 strmode \ 1864 strndup \ 1865 strnlen \ 1866 strnvis \ 1867 strptime \ 1868 strsignal \ 1869 strtonum \ 1870 strtoll \ 1871 strtoul \ 1872 strtoull \ 1873 swap32 \ 1874 sysconf \ 1875 tcgetpgrp \ 1876 timingsafe_bcmp \ 1877 truncate \ 1878 unsetenv \ 1879 updwtmpx \ 1880 utimensat \ 1881 user_from_uid \ 1882 usleep \ 1883 vasprintf \ 1884 vsnprintf \ 1885 waitpid \ 1886 warn \ 1887]) 1888 1889AC_CHECK_DECLS([bzero, memmem]) 1890 1891dnl Wide character support. 1892AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1893 1894TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 1895AC_MSG_CHECKING([for utf8 locale support]) 1896AC_RUN_IFELSE( 1897 [AC_LANG_PROGRAM([[ 1898#include <locale.h> 1899#include <stdlib.h> 1900 ]], [[ 1901 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 1902 if (loc != NULL) 1903 exit(0); 1904 exit(1); 1905 ]])], 1906 AC_MSG_RESULT(yes), 1907 [AC_MSG_RESULT(no) 1908 TEST_SSH_UTF8=no], 1909 AC_MSG_WARN([cross compiling: assuming yes]) 1910) 1911 1912AC_LINK_IFELSE( 1913 [AC_LANG_PROGRAM( 1914 [[ #include <ctype.h> ]], 1915 [[ return (isblank('a')); ]])], 1916 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1917]) 1918 1919disable_pkcs11= 1920AC_ARG_ENABLE([pkcs11], 1921 [ --disable-pkcs11 disable PKCS#11 support code [no]], 1922 [ 1923 if test "x$enableval" = "xno" ; then 1924 disable_pkcs11=1 1925 fi 1926 ] 1927) 1928 1929disable_sk= 1930AC_ARG_ENABLE([security-key], 1931 [ --disable-security-key disable U2F/FIDO support code [no]], 1932 [ 1933 if test "x$enableval" = "xno" ; then 1934 disable_sk=1 1935 fi 1936 ] 1937) 1938enable_sk_internal= 1939AC_ARG_WITH([security-key-builtin], 1940 [ --with-security-key-builtin include builtin U2F/FIDO support], 1941 [ 1942 if test "x$withval" != "xno" ; then 1943 enable_sk_internal=yes 1944 fi 1945 ] 1946) 1947test "x$disable_sk" != "x" && enable_sk_internal="" 1948 1949AC_SEARCH_LIBS([dlopen], [dl]) 1950AC_CHECK_FUNCS([dlopen]) 1951AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 1952 1953# IRIX has a const char return value for gai_strerror() 1954AC_CHECK_FUNCS([gai_strerror], [ 1955 AC_DEFINE([HAVE_GAI_STRERROR]) 1956 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1957#include <sys/types.h> 1958#include <sys/socket.h> 1959#include <netdb.h> 1960 1961const char *gai_strerror(int); 1962 ]], [[ 1963 char *str; 1964 str = gai_strerror(0); 1965 ]])], [ 1966 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1967 [Define if gai_strerror() returns const char *])], [])]) 1968 1969AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1970 [Some systems put nanosleep outside of libc])]) 1971 1972AC_SEARCH_LIBS([clock_gettime], [rt], 1973 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1974 1975dnl check if we need -D_REENTRANT for localtime_r declaration. 1976AC_CHECK_DECL([localtime_r], [], 1977 [ saved_CPPFLAGS="$CFLAGS" 1978 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 1979 unset ac_cv_have_decl_localtime_r 1980 AC_CHECK_DECL([localtime_r], [], 1981 [ CPPFLAGS="$saved_CPPFLAGS" ], 1982 [ #include <time.h> ] 1983 ) 1984 ], 1985 [ #include <time.h> ] 1986) 1987 1988dnl Make sure prototypes are defined for these before using them. 1989AC_CHECK_DECL([strsep], 1990 [AC_CHECK_FUNCS([strsep])], 1991 [], 1992 [ 1993#ifdef HAVE_STRING_H 1994# include <string.h> 1995#endif 1996 ]) 1997 1998dnl tcsendbreak might be a macro 1999AC_CHECK_DECL([tcsendbreak], 2000 [AC_DEFINE([HAVE_TCSENDBREAK])], 2001 [AC_CHECK_FUNCS([tcsendbreak])], 2002 [#include <termios.h>] 2003) 2004 2005AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2006 2007AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2008 [ 2009#include <sys/types.h> 2010#include <sys/socket.h> 2011#include <unistd.h> 2012 ]) 2013 2014AC_CHECK_DECLS([O_NONBLOCK], , , 2015 [ 2016#include <sys/types.h> 2017#ifdef HAVE_SYS_STAT_H 2018# include <sys/stat.h> 2019#endif 2020#ifdef HAVE_FCNTL_H 2021# include <fcntl.h> 2022#endif 2023 ]) 2024 2025AC_CHECK_DECLS([readv, writev], , , [ 2026#include <sys/types.h> 2027#include <sys/uio.h> 2028#include <unistd.h> 2029 ]) 2030 2031AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2032#include <sys/param.h> 2033 ]) 2034 2035AC_CHECK_DECLS([offsetof], , , [ 2036#include <stddef.h> 2037 ]) 2038 2039# extra bits for select(2) 2040AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2041#include <sys/param.h> 2042#include <sys/types.h> 2043#ifdef HAVE_SYS_SYSMACROS_H 2044#include <sys/sysmacros.h> 2045#endif 2046#ifdef HAVE_SYS_SELECT_H 2047#include <sys/select.h> 2048#endif 2049#ifdef HAVE_SYS_TIME_H 2050#include <sys/time.h> 2051#endif 2052#ifdef HAVE_UNISTD_H 2053#include <unistd.h> 2054#endif 2055 ]]) 2056AC_CHECK_TYPES([fd_mask], [], [], [[ 2057#include <sys/param.h> 2058#include <sys/types.h> 2059#ifdef HAVE_SYS_SELECT_H 2060#include <sys/select.h> 2061#endif 2062#ifdef HAVE_SYS_TIME_H 2063#include <sys/time.h> 2064#endif 2065#ifdef HAVE_UNISTD_H 2066#include <unistd.h> 2067#endif 2068 ]]) 2069 2070AC_CHECK_FUNCS([setresuid], [ 2071 dnl Some platorms have setresuid that isn't implemented, test for this 2072 AC_MSG_CHECKING([if setresuid seems to work]) 2073 AC_RUN_IFELSE( 2074 [AC_LANG_PROGRAM([[ 2075#include <stdlib.h> 2076#include <errno.h> 2077 ]], [[ 2078 errno=0; 2079 setresuid(0,0,0); 2080 if (errno==ENOSYS) 2081 exit(1); 2082 else 2083 exit(0); 2084 ]])], 2085 [AC_MSG_RESULT([yes])], 2086 [AC_DEFINE([BROKEN_SETRESUID], [1], 2087 [Define if your setresuid() is broken]) 2088 AC_MSG_RESULT([not implemented])], 2089 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2090 ) 2091]) 2092 2093AC_CHECK_FUNCS([setresgid], [ 2094 dnl Some platorms have setresgid that isn't implemented, test for this 2095 AC_MSG_CHECKING([if setresgid seems to work]) 2096 AC_RUN_IFELSE( 2097 [AC_LANG_PROGRAM([[ 2098#include <stdlib.h> 2099#include <errno.h> 2100 ]], [[ 2101 errno=0; 2102 setresgid(0,0,0); 2103 if (errno==ENOSYS) 2104 exit(1); 2105 else 2106 exit(0); 2107 ]])], 2108 [AC_MSG_RESULT([yes])], 2109 [AC_DEFINE([BROKEN_SETRESGID], [1], 2110 [Define if your setresgid() is broken]) 2111 AC_MSG_RESULT([not implemented])], 2112 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2113 ) 2114]) 2115 2116AC_MSG_CHECKING([for working fflush(NULL)]) 2117AC_RUN_IFELSE( 2118 [AC_LANG_PROGRAM([[#include <stdio.h>]], [[fflush(NULL); exit(0);]])], 2119 AC_MSG_RESULT([yes]), 2120 [AC_MSG_RESULT([no]) 2121 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2122 [define if fflush(NULL) does not work])], 2123 AC_MSG_WARN([cross compiling: assuming working]) 2124) 2125 2126dnl Checks for time functions 2127AC_CHECK_FUNCS([gettimeofday time]) 2128dnl Checks for utmp functions 2129AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2130AC_CHECK_FUNCS([utmpname]) 2131dnl Checks for utmpx functions 2132AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2133AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2134dnl Checks for lastlog functions 2135AC_CHECK_FUNCS([getlastlogxbyname]) 2136 2137AC_CHECK_FUNC([daemon], 2138 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2139 [AC_CHECK_LIB([bsd], [daemon], 2140 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2141) 2142 2143AC_CHECK_FUNC([getpagesize], 2144 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2145 [Define if your libraries define getpagesize()])], 2146 [AC_CHECK_LIB([ucb], [getpagesize], 2147 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2148) 2149 2150# Check for broken snprintf 2151if test "x$ac_cv_func_snprintf" = "xyes" ; then 2152 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2153 AC_RUN_IFELSE( 2154 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 2155 [[ 2156 char b[5]; 2157 snprintf(b,5,"123456789"); 2158 exit(b[4]!='\0'); 2159 ]])], 2160 [AC_MSG_RESULT([yes])], 2161 [ 2162 AC_MSG_RESULT([no]) 2163 AC_DEFINE([BROKEN_SNPRINTF], [1], 2164 [Define if your snprintf is busted]) 2165 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2166 ], 2167 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2168 ) 2169fi 2170 2171if test "x$ac_cv_func_snprintf" = "xyes" ; then 2172 AC_MSG_CHECKING([whether snprintf understands %zu]) 2173 AC_RUN_IFELSE( 2174 [AC_LANG_PROGRAM([[ 2175#include <sys/types.h> 2176#include <stdio.h> 2177 ]], 2178 [[ 2179 size_t a = 1, b = 2; 2180 char z[128]; 2181 snprintf(z, sizeof z, "%zu%zu", a, b); 2182 exit(strcmp(z, "12")); 2183 ]])], 2184 [AC_MSG_RESULT([yes])], 2185 [ 2186 AC_MSG_RESULT([no]) 2187 AC_DEFINE([BROKEN_SNPRINTF], [1], 2188 [snprintf does not understand %zu]) 2189 ], 2190 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2191 ) 2192fi 2193 2194# We depend on vsnprintf returning the right thing on overflow: the 2195# number of characters it tried to create (as per SUSv3) 2196if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2197 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2198 AC_RUN_IFELSE( 2199 [AC_LANG_PROGRAM([[ 2200#include <sys/types.h> 2201#include <stdio.h> 2202#include <stdarg.h> 2203 2204int x_snprintf(char *str, size_t count, const char *fmt, ...) 2205{ 2206 size_t ret; 2207 va_list ap; 2208 2209 va_start(ap, fmt); 2210 ret = vsnprintf(str, count, fmt, ap); 2211 va_end(ap); 2212 return ret; 2213} 2214 ]], [[ 2215char x[1]; 2216if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2217 return 1; 2218if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2219 return 1; 2220return 0; 2221 ]])], 2222 [AC_MSG_RESULT([yes])], 2223 [ 2224 AC_MSG_RESULT([no]) 2225 AC_DEFINE([BROKEN_SNPRINTF], [1], 2226 [Define if your snprintf is busted]) 2227 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2228 ], 2229 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2230 ) 2231fi 2232 2233# On systems where [v]snprintf is broken, but is declared in stdio, 2234# check that the fmt argument is const char * or just char *. 2235# This is only useful for when BROKEN_SNPRINTF 2236AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2237AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2238#include <stdio.h> 2239int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2240 ]], [[ 2241 snprintf(0, 0, 0); 2242 ]])], 2243 [AC_MSG_RESULT([yes]) 2244 AC_DEFINE([SNPRINTF_CONST], [const], 2245 [Define as const if snprintf() can declare const char *fmt])], 2246 [AC_MSG_RESULT([no]) 2247 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2248 2249# Check for missing getpeereid (or equiv) support 2250NO_PEERCHECK="" 2251if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2252 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2253 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2254#include <sys/types.h> 2255#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2256 [ AC_MSG_RESULT([yes]) 2257 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2258 ], [AC_MSG_RESULT([no]) 2259 NO_PEERCHECK=1 2260 ]) 2261fi 2262 2263dnl see whether mkstemp() requires XXXXXX 2264if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 2265AC_MSG_CHECKING([for (overly) strict mkstemp]) 2266AC_RUN_IFELSE( 2267 [AC_LANG_PROGRAM([[ 2268#include <stdlib.h> 2269 ]], [[ 2270 char template[]="conftest.mkstemp-test"; 2271 if (mkstemp(template) == -1) 2272 exit(1); 2273 unlink(template); 2274 exit(0); 2275 ]])], 2276 [ 2277 AC_MSG_RESULT([no]) 2278 ], 2279 [ 2280 AC_MSG_RESULT([yes]) 2281 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) 2282 ], 2283 [ 2284 AC_MSG_RESULT([yes]) 2285 AC_DEFINE([HAVE_STRICT_MKSTEMP]) 2286 ] 2287) 2288fi 2289 2290dnl make sure that openpty does not reacquire controlling terminal 2291if test ! -z "$check_for_openpty_ctty_bug"; then 2292 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2293 AC_RUN_IFELSE( 2294 [AC_LANG_PROGRAM([[ 2295#include <stdio.h> 2296#include <sys/fcntl.h> 2297#include <sys/types.h> 2298#include <sys/wait.h> 2299 ]], [[ 2300 pid_t pid; 2301 int fd, ptyfd, ttyfd, status; 2302 2303 pid = fork(); 2304 if (pid < 0) { /* failed */ 2305 exit(1); 2306 } else if (pid > 0) { /* parent */ 2307 waitpid(pid, &status, 0); 2308 if (WIFEXITED(status)) 2309 exit(WEXITSTATUS(status)); 2310 else 2311 exit(2); 2312 } else { /* child */ 2313 close(0); close(1); close(2); 2314 setsid(); 2315 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2316 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2317 if (fd >= 0) 2318 exit(3); /* Acquired ctty: broken */ 2319 else 2320 exit(0); /* Did not acquire ctty: OK */ 2321 } 2322 ]])], 2323 [ 2324 AC_MSG_RESULT([yes]) 2325 ], 2326 [ 2327 AC_MSG_RESULT([no]) 2328 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2329 ], 2330 [ 2331 AC_MSG_RESULT([cross-compiling, assuming yes]) 2332 ] 2333 ) 2334fi 2335 2336if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2337 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2338 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2339 AC_RUN_IFELSE( 2340 [AC_LANG_PROGRAM([[ 2341#include <stdio.h> 2342#include <sys/socket.h> 2343#include <netdb.h> 2344#include <errno.h> 2345#include <netinet/in.h> 2346 2347#define TEST_PORT "2222" 2348 ]], [[ 2349 int err, sock; 2350 struct addrinfo *gai_ai, *ai, hints; 2351 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2352 2353 memset(&hints, 0, sizeof(hints)); 2354 hints.ai_family = PF_UNSPEC; 2355 hints.ai_socktype = SOCK_STREAM; 2356 hints.ai_flags = AI_PASSIVE; 2357 2358 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2359 if (err != 0) { 2360 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2361 exit(1); 2362 } 2363 2364 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2365 if (ai->ai_family != AF_INET6) 2366 continue; 2367 2368 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2369 sizeof(ntop), strport, sizeof(strport), 2370 NI_NUMERICHOST|NI_NUMERICSERV); 2371 2372 if (err != 0) { 2373 if (err == EAI_SYSTEM) 2374 perror("getnameinfo EAI_SYSTEM"); 2375 else 2376 fprintf(stderr, "getnameinfo failed: %s\n", 2377 gai_strerror(err)); 2378 exit(2); 2379 } 2380 2381 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2382 if (sock < 0) 2383 perror("socket"); 2384 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2385 if (errno == EBADF) 2386 exit(3); 2387 } 2388 } 2389 exit(0); 2390 ]])], 2391 [ 2392 AC_MSG_RESULT([yes]) 2393 ], 2394 [ 2395 AC_MSG_RESULT([no]) 2396 AC_DEFINE([BROKEN_GETADDRINFO]) 2397 ], 2398 [ 2399 AC_MSG_RESULT([cross-compiling, assuming yes]) 2400 ] 2401 ) 2402fi 2403 2404if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2405 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2406 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2407 AC_RUN_IFELSE( 2408 [AC_LANG_PROGRAM([[ 2409#include <stdio.h> 2410#include <sys/socket.h> 2411#include <netdb.h> 2412#include <errno.h> 2413#include <netinet/in.h> 2414 2415#define TEST_PORT "2222" 2416 ]], [[ 2417 int err, sock; 2418 struct addrinfo *gai_ai, *ai, hints; 2419 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2420 2421 memset(&hints, 0, sizeof(hints)); 2422 hints.ai_family = PF_UNSPEC; 2423 hints.ai_socktype = SOCK_STREAM; 2424 hints.ai_flags = AI_PASSIVE; 2425 2426 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2427 if (err != 0) { 2428 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2429 exit(1); 2430 } 2431 2432 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2433 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2434 continue; 2435 2436 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2437 sizeof(ntop), strport, sizeof(strport), 2438 NI_NUMERICHOST|NI_NUMERICSERV); 2439 2440 if (ai->ai_family == AF_INET && err != 0) { 2441 perror("getnameinfo"); 2442 exit(2); 2443 } 2444 } 2445 exit(0); 2446 ]])], 2447 [ 2448 AC_MSG_RESULT([yes]) 2449 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2450 [Define if you have a getaddrinfo that fails 2451 for the all-zeros IPv6 address]) 2452 ], 2453 [ 2454 AC_MSG_RESULT([no]) 2455 AC_DEFINE([BROKEN_GETADDRINFO]) 2456 ], 2457 [ 2458 AC_MSG_RESULT([cross-compiling, assuming no]) 2459 ] 2460 ) 2461fi 2462 2463if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2464 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2465 [#include <sys/types.h> 2466 #include <sys/socket.h> 2467 #include <netdb.h>]) 2468fi 2469 2470if test "x$check_for_conflicting_getspnam" = "x1"; then 2471 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2472 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]], 2473 [[ exit(0); ]])], 2474 [ 2475 AC_MSG_RESULT([no]) 2476 ], 2477 [ 2478 AC_MSG_RESULT([yes]) 2479 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2480 [Conflicting defs for getspnam]) 2481 ] 2482 ) 2483fi 2484 2485dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2486dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2487dnl for over ten years). Despite this incompatibility being reported during 2488dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2489dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2490dnl implementation. Try to detect this mess, and assume the only safe option 2491dnl if we're cross compiling. 2492dnl 2493dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2494dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2495if test "x$ac_cv_func_strnvis" = "xyes"; then 2496 AC_MSG_CHECKING([for working strnvis]) 2497 AC_RUN_IFELSE( 2498 [AC_LANG_PROGRAM([[ 2499#include <signal.h> 2500#include <stdlib.h> 2501#include <string.h> 2502#include <vis.h> 2503static void sighandler(int sig) { _exit(1); } 2504 ]], [[ 2505 char dst[16]; 2506 2507 signal(SIGSEGV, sighandler); 2508 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2509 exit(0); 2510 exit(1) 2511 ]])], 2512 [AC_MSG_RESULT([yes])], 2513 [AC_MSG_RESULT([no]) 2514 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2515 [AC_MSG_WARN([cross compiling: assuming broken]) 2516 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2517 ) 2518fi 2519 2520AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2521AC_RUN_IFELSE( 2522 [AC_LANG_PROGRAM([[ 2523#ifdef HAVE_SYS_SELECT 2524# include <sys/select.h> 2525#endif 2526#include <sys/types.h> 2527#include <sys/time.h> 2528#include <stdlib.h> 2529#include <signal.h> 2530static void sighandler(int sig) { } 2531 ]], [[ 2532 int r; 2533 pid_t pid; 2534 struct sigaction sa; 2535 2536 sa.sa_handler = sighandler; 2537 sa.sa_flags = SA_RESTART; 2538 (void)sigaction(SIGTERM, &sa, NULL); 2539 if ((pid = fork()) == 0) { /* child */ 2540 pid = getppid(); 2541 sleep(1); 2542 kill(pid, SIGTERM); 2543 sleep(1); 2544 if (getppid() == pid) /* if parent did not exit, shoot it */ 2545 kill(pid, SIGKILL); 2546 exit(0); 2547 } else { /* parent */ 2548 r = select(0, NULL, NULL, NULL, NULL); 2549 } 2550 exit(r == -1 ? 0 : 1); 2551 ]])], 2552 [AC_MSG_RESULT([yes])], 2553 [AC_MSG_RESULT([no]) 2554 AC_DEFINE([NO_SA_RESTART], [1], 2555 [SA_RESTARTed signals do no interrupt select])], 2556 [AC_MSG_WARN([cross compiling: assuming yes])] 2557) 2558 2559AC_CHECK_FUNCS([getpgrp],[ 2560 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2561 AC_COMPILE_IFELSE( 2562 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2563 [ AC_MSG_RESULT([yes]) 2564 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2565 [ AC_MSG_RESULT([no]) 2566 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2567 ) 2568]) 2569 2570# Search for OpenSSL 2571saved_CPPFLAGS="$CPPFLAGS" 2572saved_LDFLAGS="$LDFLAGS" 2573AC_ARG_WITH([ssl-dir], 2574 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2575 [ 2576 if test "x$openssl" = "xno" ; then 2577 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2578 fi 2579 if test "x$withval" != "xno" ; then 2580 case "$withval" in 2581 # Relative paths 2582 ./*|../*) withval="`pwd`/$withval" 2583 esac 2584 if test -d "$withval/lib"; then 2585 if test -n "${rpath_opt}"; then 2586 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 2587 else 2588 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2589 fi 2590 elif test -d "$withval/lib64"; then 2591 if test -n "${rpath_opt}"; then 2592 LDFLAGS="-L${withval}/lib64 ${rpath_opt}${withval}/lib64 ${LDFLAGS}" 2593 else 2594 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2595 fi 2596 else 2597 if test -n "${rpath_opt}"; then 2598 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 2599 else 2600 LDFLAGS="-L${withval} ${LDFLAGS}" 2601 fi 2602 fi 2603 if test -d "$withval/include"; then 2604 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2605 else 2606 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2607 fi 2608 fi 2609 ] 2610) 2611 2612AC_ARG_WITH([openssl-header-check], 2613 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2614 [ 2615 if test "x$withval" = "xno" ; then 2616 openssl_check_nonfatal=1 2617 fi 2618 ] 2619) 2620 2621openssl_engine=no 2622AC_ARG_WITH([ssl-engine], 2623 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2624 [ 2625 if test "x$withval" != "xno" ; then 2626 if test "x$openssl" = "xno" ; then 2627 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2628 fi 2629 openssl_engine=yes 2630 fi 2631 ] 2632) 2633 2634if test "x$openssl" = "xyes" ; then 2635 LIBS="-lcrypto $LIBS" 2636 AC_TRY_LINK_FUNC([RAND_add], , 2637 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2638 AC_CHECK_HEADER([openssl/opensslv.h], , 2639 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2640 2641 # Determine OpenSSL header version 2642 AC_MSG_CHECKING([OpenSSL header version]) 2643 AC_RUN_IFELSE( 2644 [AC_LANG_PROGRAM([[ 2645 #include <stdlib.h> 2646 #include <stdio.h> 2647 #include <string.h> 2648 #include <openssl/opensslv.h> 2649 #define DATA "conftest.sslincver" 2650 ]], [[ 2651 FILE *fd; 2652 int rc; 2653 2654 fd = fopen(DATA,"w"); 2655 if(fd == NULL) 2656 exit(1); 2657 2658 if ((rc = fprintf(fd, "%08lx (%s)\n", 2659 (unsigned long)OPENSSL_VERSION_NUMBER, 2660 OPENSSL_VERSION_TEXT)) < 0) 2661 exit(1); 2662 2663 exit(0); 2664 ]])], 2665 [ 2666 ssl_header_ver=`cat conftest.sslincver` 2667 AC_MSG_RESULT([$ssl_header_ver]) 2668 ], 2669 [ 2670 AC_MSG_RESULT([not found]) 2671 AC_MSG_ERROR([OpenSSL version header not found.]) 2672 ], 2673 [ 2674 AC_MSG_WARN([cross compiling: not checking]) 2675 ] 2676 ) 2677 2678 # Determining OpenSSL library version is version dependent. 2679 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2680 2681 # Determine OpenSSL library version 2682 AC_MSG_CHECKING([OpenSSL library version]) 2683 AC_RUN_IFELSE( 2684 [AC_LANG_PROGRAM([[ 2685 #include <stdio.h> 2686 #include <string.h> 2687 #include <openssl/opensslv.h> 2688 #include <openssl/crypto.h> 2689 #define DATA "conftest.ssllibver" 2690 ]], [[ 2691 FILE *fd; 2692 int rc; 2693 2694 fd = fopen(DATA,"w"); 2695 if(fd == NULL) 2696 exit(1); 2697#ifndef OPENSSL_VERSION 2698# define OPENSSL_VERSION SSLEAY_VERSION 2699#endif 2700#ifndef HAVE_OPENSSL_VERSION 2701# define OpenSSL_version SSLeay_version 2702#endif 2703#ifndef HAVE_OPENSSL_VERSION_NUM 2704# define OpenSSL_version_num SSLeay 2705#endif 2706 if ((rc = fprintf(fd, "%08lx (%s)\n", 2707 (unsigned long)OpenSSL_version_num(), 2708 OpenSSL_version(OPENSSL_VERSION))) < 0) 2709 exit(1); 2710 2711 exit(0); 2712 ]])], 2713 [ 2714 ssl_library_ver=`cat conftest.ssllibver` 2715 # Check version is supported. 2716 case "$ssl_library_ver" in 2717 10000*|0*) 2718 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2719 ;; 2720 100*) ;; # 1.0.x 2721 101000[[0123456]]*) 2722 # https://github.com/openssl/openssl/pull/4613 2723 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) 2724 ;; 2725 101*) ;; # 1.1.x 2726 200*) ;; # LibreSSL 2727 300*) ;; # OpenSSL development branch. 2728 *) 2729 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) 2730 ;; 2731 esac 2732 AC_MSG_RESULT([$ssl_library_ver]) 2733 ], 2734 [ 2735 AC_MSG_RESULT([not found]) 2736 AC_MSG_ERROR([OpenSSL library not found.]) 2737 ], 2738 [ 2739 AC_MSG_WARN([cross compiling: not checking]) 2740 ] 2741 ) 2742 2743 # Sanity check OpenSSL headers 2744 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2745 AC_RUN_IFELSE( 2746 [AC_LANG_PROGRAM([[ 2747 #include <string.h> 2748 #include <openssl/opensslv.h> 2749 #include <openssl/crypto.h> 2750 ]], [[ 2751#ifndef HAVE_OPENSSL_VERSION_NUM 2752# define OpenSSL_version_num SSLeay 2753#endif 2754 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2755 ]])], 2756 [ 2757 AC_MSG_RESULT([yes]) 2758 ], 2759 [ 2760 AC_MSG_RESULT([no]) 2761 if test "x$openssl_check_nonfatal" = "x"; then 2762 AC_MSG_ERROR([Your OpenSSL headers do not match your 2763 library. Check config.log for details. 2764 If you are sure your installation is consistent, you can disable the check 2765 by running "./configure --without-openssl-header-check". 2766 Also see contrib/findssl.sh for help identifying header/library mismatches. 2767 ]) 2768 else 2769 AC_MSG_WARN([Your OpenSSL headers do not match your 2770 library. Check config.log for details. 2771 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2772 fi 2773 ], 2774 [ 2775 AC_MSG_WARN([cross compiling: not checking]) 2776 ] 2777 ) 2778 2779 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2780 AC_LINK_IFELSE( 2781 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2782 [[ ERR_load_crypto_strings(); ]])], 2783 [ 2784 AC_MSG_RESULT([yes]) 2785 ], 2786 [ 2787 AC_MSG_RESULT([no]) 2788 saved_LIBS="$LIBS" 2789 LIBS="$LIBS -ldl" 2790 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2791 AC_LINK_IFELSE( 2792 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2793 [[ ERR_load_crypto_strings(); ]])], 2794 [ 2795 AC_MSG_RESULT([yes]) 2796 ], 2797 [ 2798 AC_MSG_RESULT([no]) 2799 LIBS="$saved_LIBS" 2800 ] 2801 ) 2802 ] 2803 ) 2804 2805 AC_CHECK_FUNCS([ \ 2806 BN_is_prime_ex \ 2807 DSA_generate_parameters_ex \ 2808 EVP_CIPHER_CTX_ctrl \ 2809 EVP_DigestFinal_ex \ 2810 EVP_DigestInit_ex \ 2811 EVP_MD_CTX_cleanup \ 2812 EVP_MD_CTX_copy_ex \ 2813 EVP_MD_CTX_init \ 2814 HMAC_CTX_init \ 2815 RSA_generate_key_ex \ 2816 RSA_get_default_method \ 2817 ]) 2818 2819 # OpenSSL_add_all_algorithms may be a macro. 2820 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 2821 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 2822 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 2823 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 2824 [[#include <openssl/evp.h>]] 2825 ) 2826 ) 2827 2828 # LibreSSL/OpenSSL 1.1x API 2829 AC_CHECK_FUNCS([ \ 2830 OPENSSL_init_crypto \ 2831 DH_get0_key \ 2832 DH_get0_pqg \ 2833 DH_set0_key \ 2834 DH_set_length \ 2835 DH_set0_pqg \ 2836 DSA_get0_key \ 2837 DSA_get0_pqg \ 2838 DSA_set0_key \ 2839 DSA_set0_pqg \ 2840 DSA_SIG_get0 \ 2841 DSA_SIG_set0 \ 2842 ECDSA_SIG_get0 \ 2843 ECDSA_SIG_set0 \ 2844 EVP_CIPHER_CTX_iv \ 2845 EVP_CIPHER_CTX_iv_noconst \ 2846 EVP_CIPHER_CTX_get_iv \ 2847 EVP_CIPHER_CTX_set_iv \ 2848 RSA_get0_crt_params \ 2849 RSA_get0_factors \ 2850 RSA_get0_key \ 2851 RSA_set0_crt_params \ 2852 RSA_set0_factors \ 2853 RSA_set0_key \ 2854 RSA_meth_free \ 2855 RSA_meth_dup \ 2856 RSA_meth_set1_name \ 2857 RSA_meth_get_finish \ 2858 RSA_meth_set_priv_enc \ 2859 RSA_meth_set_priv_dec \ 2860 RSA_meth_set_finish \ 2861 EVP_PKEY_get0_RSA \ 2862 EVP_MD_CTX_new \ 2863 EVP_MD_CTX_free \ 2864 EVP_chacha20 \ 2865 ]) 2866 2867 if test "x$openssl_engine" = "xyes" ; then 2868 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2869 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2870 #include <openssl/engine.h> 2871 ]], [[ 2872 ENGINE_load_builtin_engines(); 2873 ENGINE_register_all_complete(); 2874 ]])], 2875 [ AC_MSG_RESULT([yes]) 2876 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2877 [Enable OpenSSL engine support]) 2878 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2879 ]) 2880 fi 2881 2882 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2883 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2884 AC_LINK_IFELSE( 2885 [AC_LANG_PROGRAM([[ 2886 #include <string.h> 2887 #include <openssl/evp.h> 2888 ]], [[ 2889 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2890 ]])], 2891 [ 2892 AC_MSG_RESULT([no]) 2893 ], 2894 [ 2895 AC_MSG_RESULT([yes]) 2896 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2897 [libcrypto is missing AES 192 and 256 bit functions]) 2898 ] 2899 ) 2900 2901 # Check for OpenSSL with EVP_aes_*ctr 2902 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2903 AC_LINK_IFELSE( 2904 [AC_LANG_PROGRAM([[ 2905 #include <string.h> 2906 #include <openssl/evp.h> 2907 ]], [[ 2908 exit(EVP_aes_128_ctr() == NULL || 2909 EVP_aes_192_cbc() == NULL || 2910 EVP_aes_256_cbc() == NULL); 2911 ]])], 2912 [ 2913 AC_MSG_RESULT([yes]) 2914 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2915 [libcrypto has EVP AES CTR]) 2916 ], 2917 [ 2918 AC_MSG_RESULT([no]) 2919 ] 2920 ) 2921 2922 # Check for OpenSSL with EVP_aes_*gcm 2923 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2924 AC_LINK_IFELSE( 2925 [AC_LANG_PROGRAM([[ 2926 #include <string.h> 2927 #include <openssl/evp.h> 2928 ]], [[ 2929 exit(EVP_aes_128_gcm() == NULL || 2930 EVP_aes_256_gcm() == NULL || 2931 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2932 EVP_CTRL_GCM_IV_GEN == 0 || 2933 EVP_CTRL_GCM_SET_TAG == 0 || 2934 EVP_CTRL_GCM_GET_TAG == 0 || 2935 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2936 ]])], 2937 [ 2938 AC_MSG_RESULT([yes]) 2939 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2940 [libcrypto has EVP AES GCM]) 2941 ], 2942 [ 2943 AC_MSG_RESULT([no]) 2944 unsupported_algorithms="$unsupported_cipers \ 2945 aes128-gcm@openssh.com \ 2946 aes256-gcm@openssh.com" 2947 ] 2948 ) 2949 2950 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2951 AC_LINK_IFELSE( 2952 [AC_LANG_PROGRAM([[ 2953 #include <string.h> 2954 #include <openssl/evp.h> 2955 ]], [[ 2956 if(EVP_DigestUpdate(NULL, NULL,0)) 2957 exit(0); 2958 ]])], 2959 [ 2960 AC_MSG_RESULT([yes]) 2961 ], 2962 [ 2963 AC_MSG_RESULT([no]) 2964 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2965 [Define if EVP_DigestUpdate returns void]) 2966 ] 2967 ) 2968 2969 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2970 # because the system crypt() is more featureful. 2971 if test "x$check_for_libcrypt_before" = "x1"; then 2972 AC_CHECK_LIB([crypt], [crypt]) 2973 fi 2974 2975 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2976 # version in OpenSSL. 2977 if test "x$check_for_libcrypt_later" = "x1"; then 2978 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2979 fi 2980 AC_CHECK_FUNCS([crypt DES_crypt]) 2981 2982 # Check for SHA256, SHA384 and SHA512 support in OpenSSL 2983 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) 2984 2985 # Check complete ECC support in OpenSSL 2986 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 2987 AC_LINK_IFELSE( 2988 [AC_LANG_PROGRAM([[ 2989 #include <openssl/ec.h> 2990 #include <openssl/ecdh.h> 2991 #include <openssl/ecdsa.h> 2992 #include <openssl/evp.h> 2993 #include <openssl/objects.h> 2994 #include <openssl/opensslv.h> 2995 ]], [[ 2996 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 2997 const EVP_MD *m = EVP_sha256(); /* We need this too */ 2998 ]])], 2999 [ AC_MSG_RESULT([yes]) 3000 enable_nistp256=1 ], 3001 [ AC_MSG_RESULT([no]) ] 3002 ) 3003 3004 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3005 AC_LINK_IFELSE( 3006 [AC_LANG_PROGRAM([[ 3007 #include <openssl/ec.h> 3008 #include <openssl/ecdh.h> 3009 #include <openssl/ecdsa.h> 3010 #include <openssl/evp.h> 3011 #include <openssl/objects.h> 3012 #include <openssl/opensslv.h> 3013 ]], [[ 3014 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3015 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3016 ]])], 3017 [ AC_MSG_RESULT([yes]) 3018 enable_nistp384=1 ], 3019 [ AC_MSG_RESULT([no]) ] 3020 ) 3021 3022 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3023 AC_LINK_IFELSE( 3024 [AC_LANG_PROGRAM([[ 3025 #include <openssl/ec.h> 3026 #include <openssl/ecdh.h> 3027 #include <openssl/ecdsa.h> 3028 #include <openssl/evp.h> 3029 #include <openssl/objects.h> 3030 #include <openssl/opensslv.h> 3031 ]], [[ 3032 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3033 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3034 ]])], 3035 [ AC_MSG_RESULT([yes]) 3036 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3037 AC_RUN_IFELSE( 3038 [AC_LANG_PROGRAM([[ 3039 #include <openssl/ec.h> 3040 #include <openssl/ecdh.h> 3041 #include <openssl/ecdsa.h> 3042 #include <openssl/evp.h> 3043 #include <openssl/objects.h> 3044 #include <openssl/opensslv.h> 3045 ]],[[ 3046 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3047 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3048 exit(e == NULL || m == NULL); 3049 ]])], 3050 [ AC_MSG_RESULT([yes]) 3051 enable_nistp521=1 ], 3052 [ AC_MSG_RESULT([no]) ], 3053 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3054 enable_nistp521=1 ] 3055 )], 3056 AC_MSG_RESULT([no]) 3057 ) 3058 3059 COMMENT_OUT_ECC="#no ecc#" 3060 TEST_SSH_ECC=no 3061 3062 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3063 test x$enable_nistp521 = x1; then 3064 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3065 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3066 openssl_ecc=yes 3067 else 3068 openssl_ecc=no 3069 fi 3070 if test x$enable_nistp256 = x1; then 3071 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3072 [libcrypto has NID_X9_62_prime256v1]) 3073 TEST_SSH_ECC=yes 3074 COMMENT_OUT_ECC="" 3075 else 3076 unsupported_algorithms="$unsupported_algorithms \ 3077 ecdsa-sha2-nistp256 \ 3078 ecdh-sha2-nistp256 \ 3079 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3080 fi 3081 if test x$enable_nistp384 = x1; then 3082 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3083 TEST_SSH_ECC=yes 3084 COMMENT_OUT_ECC="" 3085 else 3086 unsupported_algorithms="$unsupported_algorithms \ 3087 ecdsa-sha2-nistp384 \ 3088 ecdh-sha2-nistp384 \ 3089 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3090 fi 3091 if test x$enable_nistp521 = x1; then 3092 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3093 TEST_SSH_ECC=yes 3094 COMMENT_OUT_ECC="" 3095 else 3096 unsupported_algorithms="$unsupported_algorithms \ 3097 ecdh-sha2-nistp521 \ 3098 ecdsa-sha2-nistp521 \ 3099 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3100 fi 3101 3102 AC_SUBST([TEST_SSH_ECC]) 3103 AC_SUBST([COMMENT_OUT_ECC]) 3104else 3105 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3106 AC_CHECK_FUNCS([crypt]) 3107fi 3108 3109# PKCS11/U2F depend on OpenSSL and dlopen(). 3110enable_pkcs11=yes 3111enable_sk=yes 3112if test "x$openssl" != "xyes" ; then 3113 enable_pkcs11="disabled; missing libcrypto" 3114 enable_sk="disabled; missing libcrypto" 3115fi 3116if test "x$openssl_ecc" != "xyes" ; then 3117 enable_sk="disabled; OpenSSL has no ECC support" 3118fi 3119if test "x$ac_cv_func_dlopen" != "xyes" ; then 3120 enable_pkcs11="disabled; missing dlopen(3)" 3121 enable_sk="disabled; missing dlopen(3)" 3122fi 3123if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3124 enable_pkcs11="disabled; missing RTLD_NOW" 3125 enable_sk="disabled; missing RTLD_NOW" 3126fi 3127if test ! -z "$disable_pkcs11" ; then 3128 enable_pkcs11="disabled by user" 3129fi 3130if test ! -z "$disable_sk" ; then 3131 enable_sk="disabled by user" 3132fi 3133 3134AC_MSG_CHECKING([whether to enable PKCS11]) 3135if test "x$enable_pkcs11" = "xyes" ; then 3136 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3137fi 3138AC_MSG_RESULT([$enable_pkcs11]) 3139 3140AC_MSG_CHECKING([whether to enable U2F]) 3141if test "x$enable_sk" = "xyes" ; then 3142 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3143 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3144else 3145 # Do not try to build sk-dummy library. 3146 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3147fi 3148AC_MSG_RESULT([$enable_sk]) 3149 3150# Now check for built-in security key support. 3151if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then 3152 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 3153 use_pkgconfig_for_libfido2= 3154 if test "x$PKGCONFIG" != "xno"; then 3155 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3156 if "$PKGCONFIG" libfido2; then 3157 AC_MSG_RESULT([yes]) 3158 use_pkgconfig_for_libfido2=yes 3159 else 3160 AC_MSG_RESULT([no]) 3161 fi 3162 fi 3163 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3164 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3165 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3166 else 3167 LIBFIDO2="-lfido2 -lcbor" 3168 fi 3169 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3170 AC_CHECK_LIB([fido2], [fido_init], 3171 [ 3172 AC_SUBST([LIBFIDO2]) 3173 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3174 [Enable for built-in U2F/FIDO support]) 3175 enable_sk="built-in" 3176 ], [ AC_MSG_ERROR([no usable libfido2 found]) ], 3177 [ $OTHERLIBS ] 3178 ) 3179 AC_CHECK_HEADER([fido.h], [], 3180 AC_MSG_ERROR([missing fido.h from libfido2])) 3181 AC_CHECK_HEADER([fido/credman.h], [], 3182 AC_MSG_ERROR([missing fido/credman.h from libfido2]), 3183 [#include <fido.h>] 3184 ) 3185fi 3186 3187AC_CHECK_FUNCS([ \ 3188 arc4random \ 3189 arc4random_buf \ 3190 arc4random_stir \ 3191 arc4random_uniform \ 3192]) 3193 3194saved_LIBS="$LIBS" 3195AC_CHECK_LIB([iaf], [ia_openinfo], [ 3196 LIBS="$LIBS -liaf" 3197 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3198 AC_DEFINE([HAVE_LIBIAF], [1], 3199 [Define if system has libiaf that supports set_id]) 3200 ]) 3201]) 3202LIBS="$saved_LIBS" 3203 3204### Configure cryptographic random number support 3205 3206# Check whether OpenSSL seeds itself 3207if test "x$openssl" = "xyes" ; then 3208 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3209 AC_RUN_IFELSE( 3210 [AC_LANG_PROGRAM([[ 3211 #include <string.h> 3212 #include <openssl/rand.h> 3213 ]], [[ 3214 exit(RAND_status() == 1 ? 0 : 1); 3215 ]])], 3216 [ 3217 OPENSSL_SEEDS_ITSELF=yes 3218 AC_MSG_RESULT([yes]) 3219 ], 3220 [ 3221 AC_MSG_RESULT([no]) 3222 ], 3223 [ 3224 AC_MSG_WARN([cross compiling: assuming yes]) 3225 # This is safe, since we will fatal() at runtime if 3226 # OpenSSL is not seeded correctly. 3227 OPENSSL_SEEDS_ITSELF=yes 3228 ] 3229 ) 3230fi 3231 3232# PRNGD TCP socket 3233AC_ARG_WITH([prngd-port], 3234 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3235 [ 3236 case "$withval" in 3237 no) 3238 withval="" 3239 ;; 3240 [[0-9]]*) 3241 ;; 3242 *) 3243 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3244 ;; 3245 esac 3246 if test ! -z "$withval" ; then 3247 PRNGD_PORT="$withval" 3248 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3249 [Port number of PRNGD/EGD random number socket]) 3250 fi 3251 ] 3252) 3253 3254# PRNGD Unix domain socket 3255AC_ARG_WITH([prngd-socket], 3256 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3257 [ 3258 case "$withval" in 3259 yes) 3260 withval="/var/run/egd-pool" 3261 ;; 3262 no) 3263 withval="" 3264 ;; 3265 /*) 3266 ;; 3267 *) 3268 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3269 ;; 3270 esac 3271 3272 if test ! -z "$withval" ; then 3273 if test ! -z "$PRNGD_PORT" ; then 3274 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3275 fi 3276 if test ! -r "$withval" ; then 3277 AC_MSG_WARN([Entropy socket is not readable]) 3278 fi 3279 PRNGD_SOCKET="$withval" 3280 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3281 [Location of PRNGD/EGD random number socket]) 3282 fi 3283 ], 3284 [ 3285 # Check for existing socket only if we don't have a random device already 3286 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3287 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3288 # Insert other locations here 3289 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3290 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3291 PRNGD_SOCKET="$sock" 3292 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3293 break; 3294 fi 3295 done 3296 if test ! -z "$PRNGD_SOCKET" ; then 3297 AC_MSG_RESULT([$PRNGD_SOCKET]) 3298 else 3299 AC_MSG_RESULT([not found]) 3300 fi 3301 fi 3302 ] 3303) 3304 3305# Which randomness source do we use? 3306if test ! -z "$PRNGD_PORT" ; then 3307 RAND_MSG="PRNGd port $PRNGD_PORT" 3308elif test ! -z "$PRNGD_SOCKET" ; then 3309 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3310elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3311 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3312 [Define if you want the OpenSSL internally seeded PRNG only]) 3313 RAND_MSG="OpenSSL internal ONLY" 3314elif test "x$openssl" = "xno" ; then 3315 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3316else 3317 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3318fi 3319 3320# Check for PAM libs 3321PAM_MSG="no" 3322AC_ARG_WITH([pam], 3323 [ --with-pam Enable PAM support ], 3324 [ 3325 if test "x$withval" != "xno" ; then 3326 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3327 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3328 AC_MSG_ERROR([PAM headers not found]) 3329 fi 3330 3331 saved_LIBS="$LIBS" 3332 AC_CHECK_LIB([dl], [dlopen], , ) 3333 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3334 AC_CHECK_FUNCS([pam_getenvlist]) 3335 AC_CHECK_FUNCS([pam_putenv]) 3336 LIBS="$saved_LIBS" 3337 3338 PAM_MSG="yes" 3339 3340 SSHDLIBS="$SSHDLIBS -lpam" 3341 AC_DEFINE([USE_PAM], [1], 3342 [Define if you want to enable PAM support]) 3343 3344 if test $ac_cv_lib_dl_dlopen = yes; then 3345 case "$LIBS" in 3346 *-ldl*) 3347 # libdl already in LIBS 3348 ;; 3349 *) 3350 SSHDLIBS="$SSHDLIBS -ldl" 3351 ;; 3352 esac 3353 fi 3354 fi 3355 ] 3356) 3357 3358AC_ARG_WITH([pam-service], 3359 [ --with-pam-service=name Specify PAM service name ], 3360 [ 3361 if test "x$withval" != "xno" && \ 3362 test "x$withval" != "xyes" ; then 3363 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3364 ["$withval"], [sshd PAM service name]) 3365 fi 3366 ] 3367) 3368 3369# Check for older PAM 3370if test "x$PAM_MSG" = "xyes" ; then 3371 # Check PAM strerror arguments (old PAM) 3372 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3373 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3374#include <stdlib.h> 3375#if defined(HAVE_SECURITY_PAM_APPL_H) 3376#include <security/pam_appl.h> 3377#elif defined (HAVE_PAM_PAM_APPL_H) 3378#include <pam/pam_appl.h> 3379#endif 3380 ]], [[ 3381(void)pam_strerror((pam_handle_t *)NULL, -1); 3382 ]])], [AC_MSG_RESULT([no])], [ 3383 AC_DEFINE([HAVE_OLD_PAM], [1], 3384 [Define if you have an old version of PAM 3385 which takes only one argument to pam_strerror]) 3386 AC_MSG_RESULT([yes]) 3387 PAM_MSG="yes (old library)" 3388 3389 ]) 3390fi 3391 3392case "$host" in 3393*-*-cygwin*) 3394 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3395 ;; 3396*) 3397 SSH_PRIVSEP_USER=sshd 3398 ;; 3399esac 3400AC_ARG_WITH([privsep-user], 3401 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3402 [ 3403 if test -n "$withval" && test "x$withval" != "xno" && \ 3404 test "x${withval}" != "xyes"; then 3405 SSH_PRIVSEP_USER=$withval 3406 fi 3407 ] 3408) 3409if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3410 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3411 [Cygwin function to fetch non-privileged user for privilege separation]) 3412else 3413 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3414 [non-privileged user for privilege separation]) 3415fi 3416AC_SUBST([SSH_PRIVSEP_USER]) 3417 3418if test "x$have_linux_no_new_privs" = "x1" ; then 3419AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3420 #include <sys/types.h> 3421 #include <linux/seccomp.h> 3422]) 3423fi 3424if test "x$have_seccomp_filter" = "x1" ; then 3425AC_MSG_CHECKING([kernel for seccomp_filter support]) 3426AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3427 #include <errno.h> 3428 #include <elf.h> 3429 #include <linux/audit.h> 3430 #include <linux/seccomp.h> 3431 #include <stdlib.h> 3432 #include <sys/prctl.h> 3433 ]], 3434 [[ int i = $seccomp_audit_arch; 3435 errno = 0; 3436 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3437 exit(errno == EFAULT ? 0 : 1); ]])], 3438 [ AC_MSG_RESULT([yes]) ], [ 3439 AC_MSG_RESULT([no]) 3440 # Disable seccomp filter as a target 3441 have_seccomp_filter=0 3442 ] 3443) 3444fi 3445 3446# Decide which sandbox style to use 3447sandbox_arg="" 3448AC_ARG_WITH([sandbox], 3449 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3450 [ 3451 if test "x$withval" = "xyes" ; then 3452 sandbox_arg="" 3453 else 3454 sandbox_arg="$withval" 3455 fi 3456 ] 3457) 3458 3459# Some platforms (seems to be the ones that have a kernel poll(2)-type 3460# function with which they implement select(2)) use an extra file descriptor 3461# when calling select(2), which means we can't use the rlimit sandbox. 3462AC_MSG_CHECKING([if select works with descriptor rlimit]) 3463AC_RUN_IFELSE( 3464 [AC_LANG_PROGRAM([[ 3465#include <sys/types.h> 3466#ifdef HAVE_SYS_TIME_H 3467# include <sys/time.h> 3468#endif 3469#include <sys/resource.h> 3470#ifdef HAVE_SYS_SELECT_H 3471# include <sys/select.h> 3472#endif 3473#include <errno.h> 3474#include <fcntl.h> 3475#include <stdlib.h> 3476 ]],[[ 3477 struct rlimit rl_zero; 3478 int fd, r; 3479 fd_set fds; 3480 struct timeval tv; 3481 3482 fd = open("/dev/null", O_RDONLY); 3483 FD_ZERO(&fds); 3484 FD_SET(fd, &fds); 3485 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3486 setrlimit(RLIMIT_FSIZE, &rl_zero); 3487 setrlimit(RLIMIT_NOFILE, &rl_zero); 3488 tv.tv_sec = 1; 3489 tv.tv_usec = 0; 3490 r = select(fd+1, &fds, NULL, NULL, &tv); 3491 exit (r == -1 ? 1 : 0); 3492 ]])], 3493 [AC_MSG_RESULT([yes]) 3494 select_works_with_rlimit=yes], 3495 [AC_MSG_RESULT([no]) 3496 select_works_with_rlimit=no], 3497 [AC_MSG_WARN([cross compiling: assuming yes]) 3498 select_works_with_rlimit=yes] 3499) 3500 3501AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3502AC_RUN_IFELSE( 3503 [AC_LANG_PROGRAM([[ 3504#include <sys/types.h> 3505#ifdef HAVE_SYS_TIME_H 3506# include <sys/time.h> 3507#endif 3508#include <sys/resource.h> 3509#include <errno.h> 3510#include <stdlib.h> 3511 ]],[[ 3512 struct rlimit rl_zero; 3513 int r; 3514 3515 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3516 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3517 exit (r == -1 ? 1 : 0); 3518 ]])], 3519 [AC_MSG_RESULT([yes]) 3520 rlimit_nofile_zero_works=yes], 3521 [AC_MSG_RESULT([no]) 3522 rlimit_nofile_zero_works=no], 3523 [AC_MSG_WARN([cross compiling: assuming yes]) 3524 rlimit_nofile_zero_works=yes] 3525) 3526 3527AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3528AC_RUN_IFELSE( 3529 [AC_LANG_PROGRAM([[ 3530#include <sys/types.h> 3531#include <sys/resource.h> 3532#include <stdlib.h> 3533 ]],[[ 3534 struct rlimit rl_zero; 3535 3536 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3537 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3538 ]])], 3539 [AC_MSG_RESULT([yes])], 3540 [AC_MSG_RESULT([no]) 3541 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3542 [setrlimit RLIMIT_FSIZE works])], 3543 [AC_MSG_WARN([cross compiling: assuming yes])] 3544) 3545 3546if test "x$sandbox_arg" = "xpledge" || \ 3547 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3548 test "x$ac_cv_func_pledge" != "xyes" && \ 3549 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3550 SANDBOX_STYLE="pledge" 3551 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3552elif test "x$sandbox_arg" = "xsystrace" || \ 3553 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3554 test "x$have_systr_policy_kill" != "x1" && \ 3555 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3556 SANDBOX_STYLE="systrace" 3557 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3558elif test "x$sandbox_arg" = "xdarwin" || \ 3559 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3560 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3561 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3562 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3563 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3564 SANDBOX_STYLE="darwin" 3565 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3566elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3567 ( test -z "$sandbox_arg" && \ 3568 test "x$have_seccomp_filter" = "x1" && \ 3569 test "x$ac_cv_header_elf_h" = "xyes" && \ 3570 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3571 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3572 test "x$seccomp_audit_arch" != "x" && \ 3573 test "x$have_linux_no_new_privs" = "x1" && \ 3574 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3575 test "x$seccomp_audit_arch" = "x" && \ 3576 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3577 test "x$have_linux_no_new_privs" != "x1" && \ 3578 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3579 test "x$have_seccomp_filter" != "x1" && \ 3580 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3581 test "x$ac_cv_func_prctl" != "xyes" && \ 3582 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3583 SANDBOX_STYLE="seccomp_filter" 3584 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3585elif test "x$sandbox_arg" = "xcapsicum" || \ 3586 ( test -z "$sandbox_arg" && \ 3587 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3588 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3589 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3590 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3591 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3592 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3593 SANDBOX_STYLE="capsicum" 3594 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3595elif test "x$sandbox_arg" = "xrlimit" || \ 3596 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3597 test "x$select_works_with_rlimit" = "xyes" && \ 3598 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3599 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3600 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3601 test "x$select_works_with_rlimit" != "xyes" && \ 3602 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3603 SANDBOX_STYLE="rlimit" 3604 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3605elif test "x$sandbox_arg" = "xsolaris" || \ 3606 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3607 SANDBOX_STYLE="solaris" 3608 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3609elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3610 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3611 SANDBOX_STYLE="none" 3612 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3613else 3614 AC_MSG_ERROR([unsupported --with-sandbox]) 3615fi 3616 3617# Cheap hack to ensure NEWS-OS libraries are arranged right. 3618if test ! -z "$SONY" ; then 3619 LIBS="$LIBS -liberty"; 3620fi 3621 3622# Check for long long datatypes 3623AC_CHECK_TYPES([long long, unsigned long long, long double]) 3624 3625# Check datatype sizes 3626AC_CHECK_SIZEOF([short int]) 3627AC_CHECK_SIZEOF([int]) 3628AC_CHECK_SIZEOF([long int]) 3629AC_CHECK_SIZEOF([long long int]) 3630 3631# Sanity check long long for some platforms (AIX) 3632if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3633 ac_cv_sizeof_long_long_int=0 3634fi 3635 3636# compute LLONG_MIN and LLONG_MAX if we don't know them. 3637if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3638 AC_MSG_CHECKING([for max value of long long]) 3639 AC_RUN_IFELSE( 3640 [AC_LANG_PROGRAM([[ 3641#include <stdio.h> 3642/* Why is this so damn hard? */ 3643#ifdef __GNUC__ 3644# undef __GNUC__ 3645#endif 3646#define __USE_ISOC99 3647#include <limits.h> 3648#define DATA "conftest.llminmax" 3649#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3650 3651/* 3652 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3653 * we do this the hard way. 3654 */ 3655static int 3656fprint_ll(FILE *f, long long n) 3657{ 3658 unsigned int i; 3659 int l[sizeof(long long) * 8]; 3660 3661 if (n < 0) 3662 if (fprintf(f, "-") < 0) 3663 return -1; 3664 for (i = 0; n != 0; i++) { 3665 l[i] = my_abs(n % 10); 3666 n /= 10; 3667 } 3668 do { 3669 if (fprintf(f, "%d", l[--i]) < 0) 3670 return -1; 3671 } while (i != 0); 3672 if (fprintf(f, " ") < 0) 3673 return -1; 3674 return 0; 3675} 3676 ]], [[ 3677 FILE *f; 3678 long long i, llmin, llmax = 0; 3679 3680 if((f = fopen(DATA,"w")) == NULL) 3681 exit(1); 3682 3683#if defined(LLONG_MIN) && defined(LLONG_MAX) 3684 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3685 llmin = LLONG_MIN; 3686 llmax = LLONG_MAX; 3687#else 3688 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3689 /* This will work on one's complement and two's complement */ 3690 for (i = 1; i > llmax; i <<= 1, i++) 3691 llmax = i; 3692 llmin = llmax + 1LL; /* wrap */ 3693#endif 3694 3695 /* Sanity check */ 3696 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3697 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3698 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3699 fprintf(f, "unknown unknown\n"); 3700 exit(2); 3701 } 3702 3703 if (fprint_ll(f, llmin) < 0) 3704 exit(3); 3705 if (fprint_ll(f, llmax) < 0) 3706 exit(4); 3707 if (fclose(f) < 0) 3708 exit(5); 3709 exit(0); 3710 ]])], 3711 [ 3712 llong_min=`$AWK '{print $1}' conftest.llminmax` 3713 llong_max=`$AWK '{print $2}' conftest.llminmax` 3714 3715 AC_MSG_RESULT([$llong_max]) 3716 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3717 [max value of long long calculated by configure]) 3718 AC_MSG_CHECKING([for min value of long long]) 3719 AC_MSG_RESULT([$llong_min]) 3720 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3721 [min value of long long calculated by configure]) 3722 ], 3723 [ 3724 AC_MSG_RESULT([not found]) 3725 ], 3726 [ 3727 AC_MSG_WARN([cross compiling: not checking]) 3728 ] 3729 ) 3730fi 3731 3732AC_CHECK_DECLS([UINT32_MAX], , , [[ 3733#ifdef HAVE_SYS_LIMITS_H 3734# include <sys/limits.h> 3735#endif 3736#ifdef HAVE_LIMITS_H 3737# include <limits.h> 3738#endif 3739#ifdef HAVE_STDINT_H 3740# include <stdint.h> 3741#endif 3742]]) 3743 3744# More checks for data types 3745AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3746 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3747 [[ u_int a; a = 1;]])], 3748 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3749 ]) 3750]) 3751if test "x$ac_cv_have_u_int" = "xyes" ; then 3752 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3753 have_u_int=1 3754fi 3755 3756AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3757 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3758 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3759 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3760 ]) 3761]) 3762if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3763 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3764 have_intxx_t=1 3765fi 3766 3767if (test -z "$have_intxx_t" && \ 3768 test "x$ac_cv_header_stdint_h" = "xyes") 3769then 3770 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3771 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3772 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3773 [ 3774 AC_DEFINE([HAVE_INTXX_T]) 3775 AC_MSG_RESULT([yes]) 3776 ], [ AC_MSG_RESULT([no]) 3777 ]) 3778fi 3779 3780AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3781 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3782#include <sys/types.h> 3783#ifdef HAVE_STDINT_H 3784# include <stdint.h> 3785#endif 3786#include <sys/socket.h> 3787#ifdef HAVE_SYS_BITYPES_H 3788# include <sys/bitypes.h> 3789#endif 3790 ]], [[ 3791int64_t a; a = 1; 3792 ]])], 3793 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3794 ]) 3795]) 3796if test "x$ac_cv_have_int64_t" = "xyes" ; then 3797 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3798fi 3799 3800AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3801 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3802 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3803 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3804 ]) 3805]) 3806if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3807 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3808 have_u_intxx_t=1 3809fi 3810 3811if test -z "$have_u_intxx_t" ; then 3812 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3813 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3814 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3815 [ 3816 AC_DEFINE([HAVE_U_INTXX_T]) 3817 AC_MSG_RESULT([yes]) 3818 ], [ AC_MSG_RESULT([no]) 3819 ]) 3820fi 3821 3822AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3823 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3824 [[ u_int64_t a; a = 1;]])], 3825 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3826 ]) 3827]) 3828if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3829 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3830 have_u_int64_t=1 3831fi 3832 3833if (test -z "$have_u_int64_t" && \ 3834 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3835then 3836 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3837 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3838 [[ u_int64_t a; a = 1]])], 3839 [ 3840 AC_DEFINE([HAVE_U_INT64_T]) 3841 AC_MSG_RESULT([yes]) 3842 ], [ AC_MSG_RESULT([no]) 3843 ]) 3844fi 3845 3846if test -z "$have_u_intxx_t" ; then 3847 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3848 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3849#include <sys/types.h> 3850 ]], [[ 3851 uint8_t a; 3852 uint16_t b; 3853 uint32_t c; 3854 a = b = c = 1; 3855 ]])], 3856 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3857 ]) 3858 ]) 3859 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3860 AC_DEFINE([HAVE_UINTXX_T], [1], 3861 [define if you have uintxx_t data type]) 3862 fi 3863fi 3864 3865if (test -z "$have_uintxx_t" && \ 3866 test "x$ac_cv_header_stdint_h" = "xyes") 3867then 3868 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3869 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3870 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3871 [ 3872 AC_DEFINE([HAVE_UINTXX_T]) 3873 AC_MSG_RESULT([yes]) 3874 ], [ AC_MSG_RESULT([no]) 3875 ]) 3876fi 3877 3878if (test -z "$have_uintxx_t" && \ 3879 test "x$ac_cv_header_inttypes_h" = "xyes") 3880then 3881 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3882 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3883 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3884 [ 3885 AC_DEFINE([HAVE_UINTXX_T]) 3886 AC_MSG_RESULT([yes]) 3887 ], [ AC_MSG_RESULT([no]) 3888 ]) 3889fi 3890 3891if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3892 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3893then 3894 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3895 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3896#include <sys/bitypes.h> 3897 ]], [[ 3898 int8_t a; int16_t b; int32_t c; 3899 u_int8_t e; u_int16_t f; u_int32_t g; 3900 a = b = c = e = f = g = 1; 3901 ]])], 3902 [ 3903 AC_DEFINE([HAVE_U_INTXX_T]) 3904 AC_DEFINE([HAVE_INTXX_T]) 3905 AC_MSG_RESULT([yes]) 3906 ], [AC_MSG_RESULT([no]) 3907 ]) 3908fi 3909 3910 3911AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3912 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3913 [[ u_char foo; foo = 125; ]])], 3914 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3915 ]) 3916]) 3917if test "x$ac_cv_have_u_char" = "xyes" ; then 3918 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3919fi 3920 3921AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3922#include <sys/types.h> 3923#ifdef HAVE_STDINT_H 3924# include <stdint.h> 3925#endif 3926]) 3927 3928TYPE_SOCKLEN_T 3929 3930AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3931AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3932#include <sys/types.h> 3933#ifdef HAVE_SYS_BITYPES_H 3934#include <sys/bitypes.h> 3935#endif 3936#ifdef HAVE_SYS_STATFS_H 3937#include <sys/statfs.h> 3938#endif 3939#ifdef HAVE_SYS_STATVFS_H 3940#include <sys/statvfs.h> 3941#endif 3942]) 3943 3944AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 3945#include <sys/param.h> 3946#include <sys/types.h> 3947#ifdef HAVE_SYS_BITYPES_H 3948#include <sys/bitypes.h> 3949#endif 3950#ifdef HAVE_SYS_STATFS_H 3951#include <sys/statfs.h> 3952#endif 3953#ifdef HAVE_SYS_STATVFS_H 3954#include <sys/statvfs.h> 3955#endif 3956#ifdef HAVE_SYS_VFS_H 3957#include <sys/vfs.h> 3958#endif 3959#ifdef HAVE_SYS_MOUNT_H 3960#include <sys/mount.h> 3961#endif 3962]]) 3963 3964 3965AC_CHECK_TYPES([in_addr_t, in_port_t], , , 3966[#include <sys/types.h> 3967#include <netinet/in.h>]) 3968 3969AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3970 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3971 [[ size_t foo; foo = 1235; ]])], 3972 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 3973 ]) 3974]) 3975if test "x$ac_cv_have_size_t" = "xyes" ; then 3976 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 3977fi 3978 3979AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 3980 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3981 [[ ssize_t foo; foo = 1235; ]])], 3982 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 3983 ]) 3984]) 3985if test "x$ac_cv_have_ssize_t" = "xyes" ; then 3986 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 3987fi 3988 3989AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 3990 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 3991 [[ clock_t foo; foo = 1235; ]])], 3992 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 3993 ]) 3994]) 3995if test "x$ac_cv_have_clock_t" = "xyes" ; then 3996 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 3997fi 3998 3999AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4000 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4001#include <sys/types.h> 4002#include <sys/socket.h> 4003 ]], [[ sa_family_t foo; foo = 1235; ]])], 4004 [ ac_cv_have_sa_family_t="yes" ], 4005 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4006#include <sys/types.h> 4007#include <sys/socket.h> 4008#include <netinet/in.h> 4009 ]], [[ sa_family_t foo; foo = 1235; ]])], 4010 [ ac_cv_have_sa_family_t="yes" ], 4011 [ ac_cv_have_sa_family_t="no" ] 4012 ) 4013 ]) 4014]) 4015if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4016 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4017 [define if you have sa_family_t data type]) 4018fi 4019 4020AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4021 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4022 [[ pid_t foo; foo = 1235; ]])], 4023 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4024 ]) 4025]) 4026if test "x$ac_cv_have_pid_t" = "xyes" ; then 4027 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4028fi 4029 4030AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4031 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4032 [[ mode_t foo; foo = 1235; ]])], 4033 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4034 ]) 4035]) 4036if test "x$ac_cv_have_mode_t" = "xyes" ; then 4037 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4038fi 4039 4040 4041AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4042 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4043#include <sys/types.h> 4044#include <sys/socket.h> 4045 ]], [[ struct sockaddr_storage s; ]])], 4046 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4047 [ ac_cv_have_struct_sockaddr_storage="no" 4048 ]) 4049]) 4050if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4051 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4052 [define if you have struct sockaddr_storage data type]) 4053fi 4054 4055AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4056 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4057#include <sys/types.h> 4058#include <netinet/in.h> 4059 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4060 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4061 [ ac_cv_have_struct_sockaddr_in6="no" 4062 ]) 4063]) 4064if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4065 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4066 [define if you have struct sockaddr_in6 data type]) 4067fi 4068 4069AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4070 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4071#include <sys/types.h> 4072#include <netinet/in.h> 4073 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4074 [ ac_cv_have_struct_in6_addr="yes" ], 4075 [ ac_cv_have_struct_in6_addr="no" 4076 ]) 4077]) 4078if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4079 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4080 [define if you have struct in6_addr data type]) 4081 4082dnl Now check for sin6_scope_id 4083 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4084 [ 4085#ifdef HAVE_SYS_TYPES_H 4086#include <sys/types.h> 4087#endif 4088#include <netinet/in.h> 4089 ]) 4090fi 4091 4092AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4093 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4094#include <sys/types.h> 4095#include <sys/socket.h> 4096#include <netdb.h> 4097 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4098 [ ac_cv_have_struct_addrinfo="yes" ], 4099 [ ac_cv_have_struct_addrinfo="no" 4100 ]) 4101]) 4102if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4103 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4104 [define if you have struct addrinfo data type]) 4105fi 4106 4107AC_HEADER_TIME 4108 4109AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4110 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4111 [[ struct timeval tv; tv.tv_sec = 1;]])], 4112 [ ac_cv_have_struct_timeval="yes" ], 4113 [ ac_cv_have_struct_timeval="no" 4114 ]) 4115]) 4116if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4117 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4118 have_struct_timeval=1 4119fi 4120 4121AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4122 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4123 #ifdef TIME_WITH_SYS_TIME 4124 # include <sys/time.h> 4125 # include <time.h> 4126 #else 4127 # ifdef HAVE_SYS_TIME_H 4128 # include <sys/time.h> 4129 # else 4130 # include <time.h> 4131 # endif 4132 #endif 4133 ]], 4134 [[ struct timespec ts; ts.tv_sec = 1;]])], 4135 [ ac_cv_have_struct_timespec="yes" ], 4136 [ ac_cv_have_struct_timespec="no" 4137 ]) 4138]) 4139if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4140 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4141 have_struct_timespec=1 4142fi 4143 4144# We need int64_t or else certain parts of the compile will fail. 4145if test "x$ac_cv_have_int64_t" = "xno" && \ 4146 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4147 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4148 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4149 echo "an alternative compiler (I.E., GCC) before continuing." 4150 echo "" 4151 exit 1; 4152else 4153dnl test snprintf (broken on SCO w/gcc) 4154 AC_RUN_IFELSE( 4155 [AC_LANG_SOURCE([[ 4156#include <stdio.h> 4157#include <string.h> 4158#ifdef HAVE_SNPRINTF 4159main() 4160{ 4161 char buf[50]; 4162 char expected_out[50]; 4163 int mazsize = 50 ; 4164#if (SIZEOF_LONG_INT == 8) 4165 long int num = 0x7fffffffffffffff; 4166#else 4167 long long num = 0x7fffffffffffffffll; 4168#endif 4169 strcpy(expected_out, "9223372036854775807"); 4170 snprintf(buf, mazsize, "%lld", num); 4171 if(strcmp(buf, expected_out) != 0) 4172 exit(1); 4173 exit(0); 4174} 4175#else 4176main() { exit(0); } 4177#endif 4178 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4179 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4180 ) 4181fi 4182 4183dnl Checks for structure members 4184OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4185OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4186OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4187OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4188OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4189OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4190OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4191OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4192OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4193OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4194OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4195OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4196OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4197OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4198OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4199OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4200OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4201 4202AC_CHECK_MEMBERS([struct stat.st_blksize]) 4203AC_CHECK_MEMBERS([struct stat.st_mtim]) 4204AC_CHECK_MEMBERS([struct stat.st_mtime]) 4205AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4206struct passwd.pw_change, struct passwd.pw_expire], 4207[], [], [[ 4208#include <sys/types.h> 4209#include <pwd.h> 4210]]) 4211 4212AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4213 [Define if we don't have struct __res_state in resolv.h])], 4214[[ 4215#include <stdio.h> 4216#if HAVE_SYS_TYPES_H 4217# include <sys/types.h> 4218#endif 4219#include <netinet/in.h> 4220#include <arpa/nameser.h> 4221#include <resolv.h> 4222]]) 4223 4224AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4225 ac_cv_have_ss_family_in_struct_ss, [ 4226 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4227#include <sys/types.h> 4228#include <sys/socket.h> 4229 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4230 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4231 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4232]) 4233if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4234 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4235fi 4236 4237AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4238 ac_cv_have___ss_family_in_struct_ss, [ 4239 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4240#include <sys/types.h> 4241#include <sys/socket.h> 4242 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4243 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4244 [ ac_cv_have___ss_family_in_struct_ss="no" 4245 ]) 4246]) 4247if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4248 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4249 [Fields in struct sockaddr_storage]) 4250fi 4251 4252dnl make sure we're using the real structure members and not defines 4253AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4254 ac_cv_have_accrights_in_msghdr, [ 4255 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4256#include <sys/types.h> 4257#include <sys/socket.h> 4258#include <sys/uio.h> 4259 ]], [[ 4260#ifdef msg_accrights 4261#error "msg_accrights is a macro" 4262exit(1); 4263#endif 4264struct msghdr m; 4265m.msg_accrights = 0; 4266exit(0); 4267 ]])], 4268 [ ac_cv_have_accrights_in_msghdr="yes" ], 4269 [ ac_cv_have_accrights_in_msghdr="no" ] 4270 ) 4271]) 4272if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4273 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4274 [Define if your system uses access rights style 4275 file descriptor passing]) 4276fi 4277 4278AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4279AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4280#include <sys/param.h> 4281#include <sys/stat.h> 4282#ifdef HAVE_SYS_TIME_H 4283# include <sys/time.h> 4284#endif 4285#ifdef HAVE_SYS_MOUNT_H 4286#include <sys/mount.h> 4287#endif 4288#ifdef HAVE_SYS_STATVFS_H 4289#include <sys/statvfs.h> 4290#endif 4291 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4292 [ AC_MSG_RESULT([yes]) ], 4293 [ AC_MSG_RESULT([no]) 4294 4295 AC_MSG_CHECKING([if fsid_t has member val]) 4296 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4297#include <sys/types.h> 4298#include <sys/statvfs.h> 4299 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4300 [ AC_MSG_RESULT([yes]) 4301 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4302 [ AC_MSG_RESULT([no]) ]) 4303 4304 AC_MSG_CHECKING([if f_fsid has member __val]) 4305 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4306#include <sys/types.h> 4307#include <sys/statvfs.h> 4308 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4309 [ AC_MSG_RESULT([yes]) 4310 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4311 [ AC_MSG_RESULT([no]) ]) 4312]) 4313 4314AC_CACHE_CHECK([for msg_control field in struct msghdr], 4315 ac_cv_have_control_in_msghdr, [ 4316 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4317#include <sys/types.h> 4318#include <sys/socket.h> 4319#include <sys/uio.h> 4320 ]], [[ 4321#ifdef msg_control 4322#error "msg_control is a macro" 4323exit(1); 4324#endif 4325struct msghdr m; 4326m.msg_control = 0; 4327exit(0); 4328 ]])], 4329 [ ac_cv_have_control_in_msghdr="yes" ], 4330 [ ac_cv_have_control_in_msghdr="no" ] 4331 ) 4332]) 4333if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4334 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4335 [Define if your system uses ancillary data style 4336 file descriptor passing]) 4337fi 4338 4339AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4340 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4341 [[ extern char *__progname; printf("%s", __progname); ]])], 4342 [ ac_cv_libc_defines___progname="yes" ], 4343 [ ac_cv_libc_defines___progname="no" 4344 ]) 4345]) 4346if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4347 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4348fi 4349 4350AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4351 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4352 [[ printf("%s", __FUNCTION__); ]])], 4353 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4354 [ ac_cv_cc_implements___FUNCTION__="no" 4355 ]) 4356]) 4357if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4358 AC_DEFINE([HAVE___FUNCTION__], [1], 4359 [Define if compiler implements __FUNCTION__]) 4360fi 4361 4362AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4363 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4364 [[ printf("%s", __func__); ]])], 4365 [ ac_cv_cc_implements___func__="yes" ], 4366 [ ac_cv_cc_implements___func__="no" 4367 ]) 4368]) 4369if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4370 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4371fi 4372 4373AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4374 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4375#include <stdarg.h> 4376va_list x,y; 4377 ]], [[ va_copy(x,y); ]])], 4378 [ ac_cv_have_va_copy="yes" ], 4379 [ ac_cv_have_va_copy="no" 4380 ]) 4381]) 4382if test "x$ac_cv_have_va_copy" = "xyes" ; then 4383 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4384fi 4385 4386AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4387 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4388#include <stdarg.h> 4389va_list x,y; 4390 ]], [[ __va_copy(x,y); ]])], 4391 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4392 ]) 4393]) 4394if test "x$ac_cv_have___va_copy" = "xyes" ; then 4395 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4396fi 4397 4398AC_CACHE_CHECK([whether getopt has optreset support], 4399 ac_cv_have_getopt_optreset, [ 4400 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4401 [[ extern int optreset; optreset = 0; ]])], 4402 [ ac_cv_have_getopt_optreset="yes" ], 4403 [ ac_cv_have_getopt_optreset="no" 4404 ]) 4405]) 4406if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4407 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4408 [Define if your getopt(3) defines and uses optreset]) 4409fi 4410 4411AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4412 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4413[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4414 [ ac_cv_libc_defines_sys_errlist="yes" ], 4415 [ ac_cv_libc_defines_sys_errlist="no" 4416 ]) 4417]) 4418if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4419 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4420 [Define if your system defines sys_errlist[]]) 4421fi 4422 4423 4424AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4425 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4426[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4427 [ ac_cv_libc_defines_sys_nerr="yes" ], 4428 [ ac_cv_libc_defines_sys_nerr="no" 4429 ]) 4430]) 4431if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4432 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4433fi 4434 4435# Check libraries needed by DNS fingerprint support 4436AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4437 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4438 [Define if getrrsetbyname() exists])], 4439 [ 4440 # Needed by our getrrsetbyname() 4441 AC_SEARCH_LIBS([res_query], [resolv]) 4442 AC_SEARCH_LIBS([dn_expand], [resolv]) 4443 AC_MSG_CHECKING([if res_query will link]) 4444 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4445#include <sys/types.h> 4446#include <netinet/in.h> 4447#include <arpa/nameser.h> 4448#include <netdb.h> 4449#include <resolv.h> 4450 ]], [[ 4451 res_query (0, 0, 0, 0, 0); 4452 ]])], 4453 AC_MSG_RESULT([yes]), 4454 [AC_MSG_RESULT([no]) 4455 saved_LIBS="$LIBS" 4456 LIBS="$LIBS -lresolv" 4457 AC_MSG_CHECKING([for res_query in -lresolv]) 4458 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4459#include <sys/types.h> 4460#include <netinet/in.h> 4461#include <arpa/nameser.h> 4462#include <netdb.h> 4463#include <resolv.h> 4464 ]], [[ 4465 res_query (0, 0, 0, 0, 0); 4466 ]])], 4467 [AC_MSG_RESULT([yes])], 4468 [LIBS="$saved_LIBS" 4469 AC_MSG_RESULT([no])]) 4470 ]) 4471 AC_CHECK_FUNCS([_getshort _getlong]) 4472 AC_CHECK_DECLS([_getshort, _getlong], , , 4473 [#include <sys/types.h> 4474 #include <arpa/nameser.h>]) 4475 AC_CHECK_MEMBER([HEADER.ad], 4476 [AC_DEFINE([HAVE_HEADER_AD], [1], 4477 [Define if HEADER.ad exists in arpa/nameser.h])], , 4478 [#include <arpa/nameser.h>]) 4479 ]) 4480 4481AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4482AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4483#include <stdio.h> 4484#if HAVE_SYS_TYPES_H 4485# include <sys/types.h> 4486#endif 4487#include <netinet/in.h> 4488#include <arpa/nameser.h> 4489#include <resolv.h> 4490extern struct __res_state _res; 4491 ]], [[ 4492struct __res_state *volatile p = &_res; /* force resolution of _res */ 4493return 0; 4494 ]],)], 4495 [AC_MSG_RESULT([yes]) 4496 AC_DEFINE([HAVE__RES_EXTERN], [1], 4497 [Define if you have struct __res_state _res as an extern]) 4498 ], 4499 [ AC_MSG_RESULT([no]) ] 4500) 4501 4502# Check whether user wants SELinux support 4503SELINUX_MSG="no" 4504LIBSELINUX="" 4505AC_ARG_WITH([selinux], 4506 [ --with-selinux Enable SELinux support], 4507 [ if test "x$withval" != "xno" ; then 4508 save_LIBS="$LIBS" 4509 AC_DEFINE([WITH_SELINUX], [1], 4510 [Define if you want SELinux support.]) 4511 SELINUX_MSG="yes" 4512 AC_CHECK_HEADER([selinux/selinux.h], , 4513 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4514 AC_CHECK_LIB([selinux], [setexeccon], 4515 [ LIBSELINUX="-lselinux" 4516 LIBS="$LIBS -lselinux" 4517 ], 4518 AC_MSG_ERROR([SELinux support requires libselinux library])) 4519 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4520 LIBS="$save_LIBS $LIBSELINUX" 4521 fi ] 4522) 4523AC_SUBST([SSHDLIBS]) 4524 4525# Check whether user wants Kerberos 5 support 4526KRB5_MSG="no" 4527AC_ARG_WITH([kerberos5], 4528 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4529 [ if test "x$withval" != "xno" ; then 4530 if test "x$withval" = "xyes" ; then 4531 KRB5ROOT="/usr/local" 4532 else 4533 KRB5ROOT=${withval} 4534 fi 4535 4536 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4537 KRB5_MSG="yes" 4538 4539 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4540 [$KRB5ROOT/bin/krb5-config], 4541 [$KRB5ROOT/bin:$PATH]) 4542 if test -x $KRB5CONF ; then 4543 K5CFLAGS="`$KRB5CONF --cflags`" 4544 K5LIBS="`$KRB5CONF --libs`" 4545 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4546 4547 AC_MSG_CHECKING([for gssapi support]) 4548 if $KRB5CONF | grep gssapi >/dev/null ; then 4549 AC_MSG_RESULT([yes]) 4550 AC_DEFINE([GSSAPI], [1], 4551 [Define this if you want GSSAPI 4552 support in the version 2 protocol]) 4553 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4554 GSSLIBS="`$KRB5CONF --libs gssapi`" 4555 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4556 else 4557 AC_MSG_RESULT([no]) 4558 fi 4559 AC_MSG_CHECKING([whether we are using Heimdal]) 4560 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4561 ]], [[ char *tmp = heimdal_version; ]])], 4562 [ AC_MSG_RESULT([yes]) 4563 AC_DEFINE([HEIMDAL], [1], 4564 [Define this if you are using the Heimdal 4565 version of Kerberos V5]) ], 4566 [AC_MSG_RESULT([no]) 4567 ]) 4568 else 4569 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4570 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4571 AC_MSG_CHECKING([whether we are using Heimdal]) 4572 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4573 ]], [[ char *tmp = heimdal_version; ]])], 4574 [ AC_MSG_RESULT([yes]) 4575 AC_DEFINE([HEIMDAL]) 4576 K5LIBS="-lkrb5" 4577 K5LIBS="$K5LIBS -lcom_err -lasn1" 4578 AC_CHECK_LIB([roken], [net_write], 4579 [K5LIBS="$K5LIBS -lroken"]) 4580 AC_CHECK_LIB([des], [des_cbc_encrypt], 4581 [K5LIBS="$K5LIBS -ldes"]) 4582 ], [ AC_MSG_RESULT([no]) 4583 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4584 ]) 4585 AC_SEARCH_LIBS([dn_expand], [resolv]) 4586 4587 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4588 [ AC_DEFINE([GSSAPI]) 4589 GSSLIBS="-lgssapi_krb5" ], 4590 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4591 [ AC_DEFINE([GSSAPI]) 4592 GSSLIBS="-lgssapi" ], 4593 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4594 [ AC_DEFINE([GSSAPI]) 4595 GSSLIBS="-lgss" ], 4596 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4597 ]) 4598 ]) 4599 4600 AC_CHECK_HEADER([gssapi.h], , 4601 [ unset ac_cv_header_gssapi_h 4602 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4603 AC_CHECK_HEADERS([gssapi.h], , 4604 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4605 ) 4606 ] 4607 ) 4608 4609 oldCPP="$CPPFLAGS" 4610 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4611 AC_CHECK_HEADER([gssapi_krb5.h], , 4612 [ CPPFLAGS="$oldCPP" ]) 4613 4614 fi 4615 if test -n "${rpath_opt}" ; then 4616 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4617 fi 4618 if test ! -z "$blibpath" ; then 4619 blibpath="$blibpath:${KRB5ROOT}/lib" 4620 fi 4621 4622 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4623 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4624 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4625 4626 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4627 [Define this if you want to use libkafs' AFS support])]) 4628 4629 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4630#ifdef HAVE_GSSAPI_H 4631# include <gssapi.h> 4632#elif defined(HAVE_GSSAPI_GSSAPI_H) 4633# include <gssapi/gssapi.h> 4634#endif 4635 4636#ifdef HAVE_GSSAPI_GENERIC_H 4637# include <gssapi_generic.h> 4638#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4639# include <gssapi/gssapi_generic.h> 4640#endif 4641 ]]) 4642 saved_LIBS="$LIBS" 4643 LIBS="$LIBS $K5LIBS" 4644 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4645 LIBS="$saved_LIBS" 4646 4647 fi 4648 ] 4649) 4650AC_SUBST([GSSLIBS]) 4651AC_SUBST([K5LIBS]) 4652 4653# Looking for programs, paths and files 4654 4655PRIVSEP_PATH=/var/empty 4656AC_ARG_WITH([privsep-path], 4657 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4658 [ 4659 if test -n "$withval" && test "x$withval" != "xno" && \ 4660 test "x${withval}" != "xyes"; then 4661 PRIVSEP_PATH=$withval 4662 fi 4663 ] 4664) 4665AC_SUBST([PRIVSEP_PATH]) 4666 4667AC_ARG_WITH([xauth], 4668 [ --with-xauth=PATH Specify path to xauth program ], 4669 [ 4670 if test -n "$withval" && test "x$withval" != "xno" && \ 4671 test "x${withval}" != "xyes"; then 4672 xauth_path=$withval 4673 fi 4674 ], 4675 [ 4676 TestPath="$PATH" 4677 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4678 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4679 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4680 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4681 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4682 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4683 xauth_path="/usr/openwin/bin/xauth" 4684 fi 4685 ] 4686) 4687 4688STRIP_OPT=-s 4689AC_ARG_ENABLE([strip], 4690 [ --disable-strip Disable calling strip(1) on install], 4691 [ 4692 if test "x$enableval" = "xno" ; then 4693 STRIP_OPT= 4694 fi 4695 ] 4696) 4697AC_SUBST([STRIP_OPT]) 4698 4699if test -z "$xauth_path" ; then 4700 XAUTH_PATH="undefined" 4701 AC_SUBST([XAUTH_PATH]) 4702else 4703 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4704 [Define if xauth is found in your path]) 4705 XAUTH_PATH=$xauth_path 4706 AC_SUBST([XAUTH_PATH]) 4707fi 4708 4709dnl # --with-maildir=/path/to/mail gets top priority. 4710dnl # if maildir is set in the platform case statement above we use that. 4711dnl # Otherwise we run a program to get the dir from system headers. 4712dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4713dnl # If we find _PATH_MAILDIR we do nothing because that is what 4714dnl # session.c expects anyway. Otherwise we set to the value found 4715dnl # stripping any trailing slash. If for some strage reason our program 4716dnl # does not find what it needs, we default to /var/spool/mail. 4717# Check for mail directory 4718AC_ARG_WITH([maildir], 4719 [ --with-maildir=/path/to/mail Specify your system mail directory], 4720 [ 4721 if test "X$withval" != X && test "x$withval" != xno && \ 4722 test "x${withval}" != xyes; then 4723 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4724 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4725 fi 4726 ],[ 4727 if test "X$maildir" != "X"; then 4728 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4729 else 4730 AC_MSG_CHECKING([Discovering system mail directory]) 4731 AC_RUN_IFELSE( 4732 [AC_LANG_PROGRAM([[ 4733#include <stdio.h> 4734#include <string.h> 4735#ifdef HAVE_PATHS_H 4736#include <paths.h> 4737#endif 4738#ifdef HAVE_MAILLOCK_H 4739#include <maillock.h> 4740#endif 4741#define DATA "conftest.maildir" 4742 ]], [[ 4743 FILE *fd; 4744 int rc; 4745 4746 fd = fopen(DATA,"w"); 4747 if(fd == NULL) 4748 exit(1); 4749 4750#if defined (_PATH_MAILDIR) 4751 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4752 exit(1); 4753#elif defined (MAILDIR) 4754 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4755 exit(1); 4756#elif defined (_PATH_MAIL) 4757 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4758 exit(1); 4759#else 4760 exit (2); 4761#endif 4762 4763 exit(0); 4764 ]])], 4765 [ 4766 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4767 maildir=`awk -F: '{print $2}' conftest.maildir \ 4768 | sed 's|/$||'` 4769 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4770 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4771 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4772 fi 4773 ], 4774 [ 4775 if test "X$ac_status" = "X2";then 4776# our test program didn't find it. Default to /var/spool/mail 4777 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4778 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4779 else 4780 AC_MSG_RESULT([*** not found ***]) 4781 fi 4782 ], 4783 [ 4784 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4785 ] 4786 ) 4787 fi 4788 ] 4789) # maildir 4790 4791if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4792 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4793 disable_ptmx_check=yes 4794fi 4795if test -z "$no_dev_ptmx" ; then 4796 if test "x$disable_ptmx_check" != "xyes" ; then 4797 AC_CHECK_FILE(["/dev/ptmx"], 4798 [ 4799 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4800 [Define if you have /dev/ptmx]) 4801 have_dev_ptmx=1 4802 ] 4803 ) 4804 fi 4805fi 4806 4807if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4808 AC_CHECK_FILE(["/dev/ptc"], 4809 [ 4810 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4811 [Define if you have /dev/ptc]) 4812 have_dev_ptc=1 4813 ] 4814 ) 4815else 4816 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4817fi 4818 4819# Options from here on. Some of these are preset by platform above 4820AC_ARG_WITH([mantype], 4821 [ --with-mantype=man|cat|doc Set man page type], 4822 [ 4823 case "$withval" in 4824 man|cat|doc) 4825 MANTYPE=$withval 4826 ;; 4827 *) 4828 AC_MSG_ERROR([invalid man type: $withval]) 4829 ;; 4830 esac 4831 ] 4832) 4833if test -z "$MANTYPE"; then 4834 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 4835 MANTYPE=doc 4836 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4837 MANTYPE=doc 4838 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4839 MANTYPE=man 4840 else 4841 MANTYPE=cat 4842 fi 4843fi 4844AC_SUBST([MANTYPE]) 4845if test "$MANTYPE" = "doc"; then 4846 mansubdir=man; 4847else 4848 mansubdir=$MANTYPE; 4849fi 4850AC_SUBST([mansubdir]) 4851 4852# Check whether to enable MD5 passwords 4853MD5_MSG="no" 4854AC_ARG_WITH([md5-passwords], 4855 [ --with-md5-passwords Enable use of MD5 passwords], 4856 [ 4857 if test "x$withval" != "xno" ; then 4858 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4859 [Define if you want to allow MD5 passwords]) 4860 MD5_MSG="yes" 4861 fi 4862 ] 4863) 4864 4865# Whether to disable shadow password support 4866AC_ARG_WITH([shadow], 4867 [ --without-shadow Disable shadow password support], 4868 [ 4869 if test "x$withval" = "xno" ; then 4870 AC_DEFINE([DISABLE_SHADOW]) 4871 disable_shadow=yes 4872 fi 4873 ] 4874) 4875 4876if test -z "$disable_shadow" ; then 4877 AC_MSG_CHECKING([if the systems has expire shadow information]) 4878 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4879#include <sys/types.h> 4880#include <shadow.h> 4881struct spwd sp; 4882 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4883 [ sp_expire_available=yes ], [ 4884 ]) 4885 4886 if test "x$sp_expire_available" = "xyes" ; then 4887 AC_MSG_RESULT([yes]) 4888 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4889 [Define if you want to use shadow password expire field]) 4890 else 4891 AC_MSG_RESULT([no]) 4892 fi 4893fi 4894 4895# Use ip address instead of hostname in $DISPLAY 4896if test ! -z "$IPADDR_IN_DISPLAY" ; then 4897 DISPLAY_HACK_MSG="yes" 4898 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4899 [Define if you need to use IP address 4900 instead of hostname in $DISPLAY]) 4901else 4902 DISPLAY_HACK_MSG="no" 4903 AC_ARG_WITH([ipaddr-display], 4904 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 4905 [ 4906 if test "x$withval" != "xno" ; then 4907 AC_DEFINE([IPADDR_IN_DISPLAY]) 4908 DISPLAY_HACK_MSG="yes" 4909 fi 4910 ] 4911 ) 4912fi 4913 4914# check for /etc/default/login and use it if present. 4915AC_ARG_ENABLE([etc-default-login], 4916 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4917 [ if test "x$enableval" = "xno"; then 4918 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4919 etc_default_login=no 4920 else 4921 etc_default_login=yes 4922 fi ], 4923 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4924 then 4925 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4926 etc_default_login=no 4927 else 4928 etc_default_login=yes 4929 fi ] 4930) 4931 4932if test "x$etc_default_login" != "xno"; then 4933 AC_CHECK_FILE(["/etc/default/login"], 4934 [ external_path_file=/etc/default/login ]) 4935 if test "x$external_path_file" = "x/etc/default/login"; then 4936 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4937 [Define if your system has /etc/default/login]) 4938 fi 4939fi 4940 4941dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4942if test $ac_cv_func_login_getcapbool = "yes" && \ 4943 test $ac_cv_header_login_cap_h = "yes" ; then 4944 external_path_file=/etc/login.conf 4945fi 4946 4947# Whether to mess with the default path 4948SERVER_PATH_MSG="(default)" 4949AC_ARG_WITH([default-path], 4950 [ --with-default-path= Specify default $PATH environment for server], 4951 [ 4952 if test "x$external_path_file" = "x/etc/login.conf" ; then 4953 AC_MSG_WARN([ 4954--with-default-path=PATH has no effect on this system. 4955Edit /etc/login.conf instead.]) 4956 elif test "x$withval" != "xno" ; then 4957 if test ! -z "$external_path_file" ; then 4958 AC_MSG_WARN([ 4959--with-default-path=PATH will only be used if PATH is not defined in 4960$external_path_file .]) 4961 fi 4962 user_path="$withval" 4963 SERVER_PATH_MSG="$withval" 4964 fi 4965 ], 4966 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 4967 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 4968 else 4969 if test ! -z "$external_path_file" ; then 4970 AC_MSG_WARN([ 4971If PATH is defined in $external_path_file, ensure the path to scp is included, 4972otherwise scp will not work.]) 4973 fi 4974 AC_RUN_IFELSE( 4975 [AC_LANG_PROGRAM([[ 4976/* find out what STDPATH is */ 4977#include <stdio.h> 4978#ifdef HAVE_PATHS_H 4979# include <paths.h> 4980#endif 4981#ifndef _PATH_STDPATH 4982# ifdef _PATH_USERPATH /* Irix */ 4983# define _PATH_STDPATH _PATH_USERPATH 4984# else 4985# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 4986# endif 4987#endif 4988#include <sys/types.h> 4989#include <sys/stat.h> 4990#include <fcntl.h> 4991#define DATA "conftest.stdpath" 4992 ]], [[ 4993 FILE *fd; 4994 int rc; 4995 4996 fd = fopen(DATA,"w"); 4997 if(fd == NULL) 4998 exit(1); 4999 5000 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5001 exit(1); 5002 5003 exit(0); 5004 ]])], 5005 [ user_path=`cat conftest.stdpath` ], 5006 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5007 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5008 ) 5009# make sure $bindir is in USER_PATH so scp will work 5010 t_bindir="${bindir}" 5011 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5012 t_bindir=`eval echo ${t_bindir}` 5013 case $t_bindir in 5014 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5015 esac 5016 case $t_bindir in 5017 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5018 esac 5019 done 5020 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5021 if test $? -ne 0 ; then 5022 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5023 if test $? -ne 0 ; then 5024 user_path=$user_path:$t_bindir 5025 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5026 fi 5027 fi 5028 fi ] 5029) 5030if test "x$external_path_file" != "x/etc/login.conf" ; then 5031 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5032 AC_SUBST([user_path]) 5033fi 5034 5035# Set superuser path separately to user path 5036AC_ARG_WITH([superuser-path], 5037 [ --with-superuser-path= Specify different path for super-user], 5038 [ 5039 if test -n "$withval" && test "x$withval" != "xno" && \ 5040 test "x${withval}" != "xyes"; then 5041 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5042 [Define if you want a different $PATH 5043 for the superuser]) 5044 superuser_path=$withval 5045 fi 5046 ] 5047) 5048 5049 5050AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5051IPV4_IN6_HACK_MSG="no" 5052AC_ARG_WITH(4in6, 5053 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5054 [ 5055 if test "x$withval" != "xno" ; then 5056 AC_MSG_RESULT([yes]) 5057 AC_DEFINE([IPV4_IN_IPV6], [1], 5058 [Detect IPv4 in IPv6 mapped addresses 5059 and treat as IPv4]) 5060 IPV4_IN6_HACK_MSG="yes" 5061 else 5062 AC_MSG_RESULT([no]) 5063 fi 5064 ], [ 5065 if test "x$inet6_default_4in6" = "xyes"; then 5066 AC_MSG_RESULT([yes (default)]) 5067 AC_DEFINE([IPV4_IN_IPV6]) 5068 IPV4_IN6_HACK_MSG="yes" 5069 else 5070 AC_MSG_RESULT([no (default)]) 5071 fi 5072 ] 5073) 5074 5075# Whether to enable BSD auth support 5076BSD_AUTH_MSG=no 5077AC_ARG_WITH([bsd-auth], 5078 [ --with-bsd-auth Enable BSD auth support], 5079 [ 5080 if test "x$withval" != "xno" ; then 5081 AC_DEFINE([BSD_AUTH], [1], 5082 [Define if you have BSD auth support]) 5083 BSD_AUTH_MSG=yes 5084 fi 5085 ] 5086) 5087 5088# Where to place sshd.pid 5089piddir=/var/run 5090# make sure the directory exists 5091if test ! -d $piddir ; then 5092 piddir=`eval echo ${sysconfdir}` 5093 case $piddir in 5094 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5095 esac 5096fi 5097 5098AC_ARG_WITH([pid-dir], 5099 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5100 [ 5101 if test -n "$withval" && test "x$withval" != "xno" && \ 5102 test "x${withval}" != "xyes"; then 5103 piddir=$withval 5104 if test ! -d $piddir ; then 5105 AC_MSG_WARN([** no $piddir directory on this system **]) 5106 fi 5107 fi 5108 ] 5109) 5110 5111AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5112 [Specify location of ssh.pid]) 5113AC_SUBST([piddir]) 5114 5115dnl allow user to disable some login recording features 5116AC_ARG_ENABLE([lastlog], 5117 [ --disable-lastlog disable use of lastlog even if detected [no]], 5118 [ 5119 if test "x$enableval" = "xno" ; then 5120 AC_DEFINE([DISABLE_LASTLOG]) 5121 fi 5122 ] 5123) 5124AC_ARG_ENABLE([utmp], 5125 [ --disable-utmp disable use of utmp even if detected [no]], 5126 [ 5127 if test "x$enableval" = "xno" ; then 5128 AC_DEFINE([DISABLE_UTMP]) 5129 fi 5130 ] 5131) 5132AC_ARG_ENABLE([utmpx], 5133 [ --disable-utmpx disable use of utmpx even if detected [no]], 5134 [ 5135 if test "x$enableval" = "xno" ; then 5136 AC_DEFINE([DISABLE_UTMPX], [1], 5137 [Define if you don't want to use utmpx]) 5138 fi 5139 ] 5140) 5141AC_ARG_ENABLE([wtmp], 5142 [ --disable-wtmp disable use of wtmp even if detected [no]], 5143 [ 5144 if test "x$enableval" = "xno" ; then 5145 AC_DEFINE([DISABLE_WTMP]) 5146 fi 5147 ] 5148) 5149AC_ARG_ENABLE([wtmpx], 5150 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5151 [ 5152 if test "x$enableval" = "xno" ; then 5153 AC_DEFINE([DISABLE_WTMPX], [1], 5154 [Define if you don't want to use wtmpx]) 5155 fi 5156 ] 5157) 5158AC_ARG_ENABLE([libutil], 5159 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5160 [ 5161 if test "x$enableval" = "xno" ; then 5162 AC_DEFINE([DISABLE_LOGIN]) 5163 fi 5164 ] 5165) 5166AC_ARG_ENABLE([pututline], 5167 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5168 [ 5169 if test "x$enableval" = "xno" ; then 5170 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5171 [Define if you don't want to use pututline() 5172 etc. to write [uw]tmp]) 5173 fi 5174 ] 5175) 5176AC_ARG_ENABLE([pututxline], 5177 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5178 [ 5179 if test "x$enableval" = "xno" ; then 5180 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5181 [Define if you don't want to use pututxline() 5182 etc. to write [uw]tmpx]) 5183 fi 5184 ] 5185) 5186AC_ARG_WITH([lastlog], 5187 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5188 [ 5189 if test "x$withval" = "xno" ; then 5190 AC_DEFINE([DISABLE_LASTLOG]) 5191 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5192 conf_lastlog_location=$withval 5193 fi 5194 ] 5195) 5196 5197dnl lastlog, [uw]tmpx? detection 5198dnl NOTE: set the paths in the platform section to avoid the 5199dnl need for command-line parameters 5200dnl lastlog and [uw]tmp are subject to a file search if all else fails 5201 5202dnl lastlog detection 5203dnl NOTE: the code itself will detect if lastlog is a directory 5204AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5205AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5206#include <sys/types.h> 5207#include <utmp.h> 5208#ifdef HAVE_LASTLOG_H 5209# include <lastlog.h> 5210#endif 5211#ifdef HAVE_PATHS_H 5212# include <paths.h> 5213#endif 5214#ifdef HAVE_LOGIN_H 5215# include <login.h> 5216#endif 5217 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5218 [ AC_MSG_RESULT([yes]) ], 5219 [ 5220 AC_MSG_RESULT([no]) 5221 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5222 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5223#include <sys/types.h> 5224#include <utmp.h> 5225#ifdef HAVE_LASTLOG_H 5226# include <lastlog.h> 5227#endif 5228#ifdef HAVE_PATHS_H 5229# include <paths.h> 5230#endif 5231 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5232 [ AC_MSG_RESULT([yes]) ], 5233 [ 5234 AC_MSG_RESULT([no]) 5235 system_lastlog_path=no 5236 ]) 5237]) 5238 5239if test -z "$conf_lastlog_location"; then 5240 if test x"$system_lastlog_path" = x"no" ; then 5241 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5242 if (test -d "$f" || test -f "$f") ; then 5243 conf_lastlog_location=$f 5244 fi 5245 done 5246 if test -z "$conf_lastlog_location"; then 5247 AC_MSG_WARN([** Cannot find lastlog **]) 5248 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5249 fi 5250 fi 5251fi 5252 5253if test -n "$conf_lastlog_location"; then 5254 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5255 [Define if you want to specify the path to your lastlog file]) 5256fi 5257 5258dnl utmp detection 5259AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5260AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5261#include <sys/types.h> 5262#include <utmp.h> 5263#ifdef HAVE_PATHS_H 5264# include <paths.h> 5265#endif 5266 ]], [[ char *utmp = UTMP_FILE; ]])], 5267 [ AC_MSG_RESULT([yes]) ], 5268 [ AC_MSG_RESULT([no]) 5269 system_utmp_path=no 5270]) 5271if test -z "$conf_utmp_location"; then 5272 if test x"$system_utmp_path" = x"no" ; then 5273 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5274 if test -f $f ; then 5275 conf_utmp_location=$f 5276 fi 5277 done 5278 if test -z "$conf_utmp_location"; then 5279 AC_DEFINE([DISABLE_UTMP]) 5280 fi 5281 fi 5282fi 5283if test -n "$conf_utmp_location"; then 5284 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5285 [Define if you want to specify the path to your utmp file]) 5286fi 5287 5288dnl wtmp detection 5289AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5290AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5291#include <sys/types.h> 5292#include <utmp.h> 5293#ifdef HAVE_PATHS_H 5294# include <paths.h> 5295#endif 5296 ]], [[ char *wtmp = WTMP_FILE; ]])], 5297 [ AC_MSG_RESULT([yes]) ], 5298 [ AC_MSG_RESULT([no]) 5299 system_wtmp_path=no 5300]) 5301if test -z "$conf_wtmp_location"; then 5302 if test x"$system_wtmp_path" = x"no" ; then 5303 for f in /usr/adm/wtmp /var/log/wtmp; do 5304 if test -f $f ; then 5305 conf_wtmp_location=$f 5306 fi 5307 done 5308 if test -z "$conf_wtmp_location"; then 5309 AC_DEFINE([DISABLE_WTMP]) 5310 fi 5311 fi 5312fi 5313if test -n "$conf_wtmp_location"; then 5314 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5315 [Define if you want to specify the path to your wtmp file]) 5316fi 5317 5318dnl wtmpx detection 5319AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5320AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5321#include <sys/types.h> 5322#include <utmp.h> 5323#ifdef HAVE_UTMPX_H 5324#include <utmpx.h> 5325#endif 5326#ifdef HAVE_PATHS_H 5327# include <paths.h> 5328#endif 5329 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5330 [ AC_MSG_RESULT([yes]) ], 5331 [ AC_MSG_RESULT([no]) 5332 system_wtmpx_path=no 5333]) 5334if test -z "$conf_wtmpx_location"; then 5335 if test x"$system_wtmpx_path" = x"no" ; then 5336 AC_DEFINE([DISABLE_WTMPX]) 5337 fi 5338else 5339 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5340 [Define if you want to specify the path to your wtmpx file]) 5341fi 5342 5343 5344if test ! -z "$blibpath" ; then 5345 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5346 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5347fi 5348 5349AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5350 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5351 AC_DEFINE([DISABLE_LASTLOG]) 5352 fi 5353 ], [ 5354#ifdef HAVE_SYS_TYPES_H 5355#include <sys/types.h> 5356#endif 5357#ifdef HAVE_UTMP_H 5358#include <utmp.h> 5359#endif 5360#ifdef HAVE_UTMPX_H 5361#include <utmpx.h> 5362#endif 5363#ifdef HAVE_LASTLOG_H 5364#include <lastlog.h> 5365#endif 5366 ]) 5367 5368AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5369 AC_DEFINE([DISABLE_UTMP]) 5370 AC_DEFINE([DISABLE_WTMP]) 5371 ], [ 5372#ifdef HAVE_SYS_TYPES_H 5373#include <sys/types.h> 5374#endif 5375#ifdef HAVE_UTMP_H 5376#include <utmp.h> 5377#endif 5378#ifdef HAVE_UTMPX_H 5379#include <utmpx.h> 5380#endif 5381#ifdef HAVE_LASTLOG_H 5382#include <lastlog.h> 5383#endif 5384 ]) 5385 5386dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5387dnl Add now. 5388CFLAGS="$CFLAGS $werror_flags" 5389 5390if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5391 TEST_SSH_IPV6=no 5392else 5393 TEST_SSH_IPV6=yes 5394fi 5395AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5396AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5397AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5398AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5399AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5400AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5401 5402CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5403LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5404 5405# Make a copy of CFLAGS/LDFLAGS without PIE options. 5406LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5407CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5408AC_SUBST([LDFLAGS_NOPIE]) 5409AC_SUBST([CFLAGS_NOPIE]) 5410 5411AC_EXEEXT 5412AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5413 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5414 survey.sh]) 5415AC_OUTPUT 5416 5417# Print summary of options 5418 5419# Someone please show me a better way :) 5420A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5421B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5422C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5423D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5424E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5425F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5426G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5427H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5428I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5429J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5430 5431echo "" 5432echo "OpenSSH has been configured with the following options:" 5433echo " User binaries: $B" 5434echo " System binaries: $C" 5435echo " Configuration files: $D" 5436echo " Askpass program: $E" 5437echo " Manual pages: $F" 5438echo " PID file: $G" 5439echo " Privilege separation chroot path: $H" 5440if test "x$external_path_file" = "x/etc/login.conf" ; then 5441echo " At runtime, sshd will use the path defined in $external_path_file" 5442echo " Make sure the path to scp is present, otherwise scp will not work" 5443else 5444echo " sshd default user PATH: $I" 5445 if test ! -z "$external_path_file"; then 5446echo " (If PATH is set in $external_path_file it will be used instead. If" 5447echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5448 fi 5449fi 5450if test ! -z "$superuser_path" ; then 5451echo " sshd superuser user PATH: $J" 5452fi 5453echo " Manpage format: $MANTYPE" 5454echo " PAM support: $PAM_MSG" 5455echo " OSF SIA support: $SIA_MSG" 5456echo " KerberosV support: $KRB5_MSG" 5457echo " SELinux support: $SELINUX_MSG" 5458echo " MD5 password support: $MD5_MSG" 5459echo " libedit support: $LIBEDIT_MSG" 5460echo " libldns support: $LDNS_MSG" 5461echo " Solaris process contract support: $SPC_MSG" 5462echo " Solaris project support: $SP_MSG" 5463echo " Solaris privilege support: $SPP_MSG" 5464echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5465echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5466echo " BSD Auth support: $BSD_AUTH_MSG" 5467echo " Random number source: $RAND_MSG" 5468echo " Privsep sandbox style: $SANDBOX_STYLE" 5469echo " PKCS#11 support: $enable_pkcs11" 5470echo " U2F/FIDO support: $enable_sk" 5471 5472echo "" 5473 5474echo " Host: ${host}" 5475echo " Compiler: ${CC}" 5476echo " Compiler flags: ${CFLAGS}" 5477echo "Preprocessor flags: ${CPPFLAGS}" 5478echo " Linker flags: ${LDFLAGS}" 5479echo " Libraries: ${LIBS}" 5480if test ! -z "${SSHDLIBS}"; then 5481echo " +for sshd: ${SSHDLIBS}" 5482fi 5483 5484echo "" 5485 5486if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5487 echo "SVR4 style packages are supported with \"make package\"" 5488 echo "" 5489fi 5490 5491if test "x$PAM_MSG" = "xyes" ; then 5492 echo "PAM is enabled. You may need to install a PAM control file " 5493 echo "for sshd, otherwise password authentication may fail. " 5494 echo "Example PAM control files can be found in the contrib/ " 5495 echo "subdirectory" 5496 echo "" 5497fi 5498 5499if test ! -z "$NO_PEERCHECK" ; then 5500 echo "WARNING: the operating system that you are using does not" 5501 echo "appear to support getpeereid(), getpeerucred() or the" 5502 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5503 echo "enforce security checks to prevent unauthorised connections to" 5504 echo "ssh-agent. Their absence increases the risk that a malicious" 5505 echo "user can connect to your agent." 5506 echo "" 5507fi 5508 5509if test "$AUDIT_MODULE" = "bsm" ; then 5510 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5511 echo "See the Solaris section in README.platform for details." 5512fi 5513