1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_CONFIG_MACRO_DIR([m4]) 18AC_CONFIG_SRCDIR([ssh.c]) 19AC_LANG([C]) 20 21AC_CONFIG_HEADER([config.h]) 22AC_PROG_CC([cc gcc]) 23AC_CANONICAL_HOST 24AC_C_BIGENDIAN 25 26# Checks for programs. 27AC_PROG_AWK 28AC_PROG_CPP 29AC_PROG_RANLIB 30AC_PROG_INSTALL 31AC_PROG_EGREP 32AC_PROG_MKDIR_P 33AC_CHECK_TOOLS([AR], [ar]) 34AC_PATH_PROG([CAT], [cat]) 35AC_PATH_PROG([KILL], [kill]) 36AC_PATH_PROG([SED], [sed]) 37AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 38AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 39AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 40AC_PATH_PROG([SH], [sh]) 41AC_PATH_PROG([GROFF], [groff]) 42AC_PATH_PROG([NROFF], [nroff awf]) 43AC_PATH_PROG([MANDOC], [mandoc]) 44AC_SUBST([TEST_SHELL], [sh]) 45 46dnl select manpage formatter to be used to build "cat" format pages. 47if test "x$MANDOC" != "x" ; then 48 MANFMT="$MANDOC" 49elif test "x$NROFF" != "x" ; then 50 MANFMT="$NROFF -mandoc" 51elif test "x$GROFF" != "x" ; then 52 MANFMT="$GROFF -mandoc -Tascii" 53else 54 AC_MSG_WARN([no manpage formatter found]) 55 MANFMT="false" 56fi 57AC_SUBST([MANFMT]) 58 59dnl for buildpkg.sh 60AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 61 [/usr/sbin${PATH_SEPARATOR}/etc]) 62AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 63 [/usr/sbin${PATH_SEPARATOR}/etc]) 64AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 65if test -x /sbin/sh; then 66 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 67else 68 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 69fi 70 71# System features 72AC_SYS_LARGEFILE 73 74if test -z "$AR" ; then 75 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 76fi 77 78AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 79if test ! -z "$PATH_PASSWD_PROG" ; then 80 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 81 [Full path of your "passwd" program]) 82fi 83 84dnl Since autoconf doesn't support it very well, we no longer allow users to 85dnl override LD, however keeping the hook here for now in case there's a use 86dnl use case we overlooked and someone needs to re-enable it. Unless a good 87dnl reason is found we'll be removing this in future. 88LD="$CC" 89AC_SUBST([LD]) 90 91AC_C_INLINE 92 93AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 94AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 95AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 96 #include <sys/types.h> 97 #include <sys/param.h> 98 #include <dev/systrace.h> 99]) 100AC_CHECK_DECL([RLIMIT_NPROC], 101 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 102 #include <sys/types.h> 103 #include <sys/resource.h> 104]) 105AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 106 #include <sys/types.h> 107 #include <linux/prctl.h> 108]) 109 110openssl=yes 111AC_ARG_WITH([openssl], 112 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 113 [ if test "x$withval" = "xno" ; then 114 openssl=no 115 fi 116 ] 117) 118AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 119if test "x$openssl" = "xyes" ; then 120 AC_MSG_RESULT([yes]) 121 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 122else 123 AC_MSG_RESULT([no]) 124fi 125 126use_stack_protector=1 127use_toolchain_hardening=1 128AC_ARG_WITH([stackprotect], 129 [ --without-stackprotect Don't use compiler's stack protection], [ 130 if test "x$withval" = "xno"; then 131 use_stack_protector=0 132 fi ]) 133AC_ARG_WITH([hardening], 134 [ --without-hardening Don't use toolchain hardening flags], [ 135 if test "x$withval" = "xno"; then 136 use_toolchain_hardening=0 137 fi ]) 138 139# We use -Werror for the tests only so that we catch warnings like "this is 140# on by default" for things like -fPIE. 141AC_MSG_CHECKING([if $CC supports -Werror]) 142saved_CFLAGS="$CFLAGS" 143CFLAGS="$CFLAGS -Werror" 144AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 145 [ AC_MSG_RESULT([yes]) 146 WERROR="-Werror"], 147 [ AC_MSG_RESULT([no]) 148 WERROR="" ] 149) 150CFLAGS="$saved_CFLAGS" 151 152if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 153 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 154 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 155 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 156 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 157 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 158 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 159 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 160 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 161 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 162 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 163 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 164 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 165 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 166 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 167 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 168 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 169 if test "x$use_toolchain_hardening" = "x1"; then 170 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 171 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 172 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 173 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 174 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 175 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 176 # NB. -ftrapv expects certain support functions to be present in 177 # the compiler library (libgcc or similar) to detect integer operations 178 # that can overflow. We must check that the result of enabling it 179 # actually links. The test program compiled/linked includes a number 180 # of integer operations that should exercise this. 181 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 182 fi 183 AC_MSG_CHECKING([gcc version]) 184 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 185 case $GCC_VER in 186 1.*) no_attrib_nonnull=1 ;; 187 2.8* | 2.9*) 188 no_attrib_nonnull=1 189 ;; 190 2.*) no_attrib_nonnull=1 ;; 191 *) ;; 192 esac 193 AC_MSG_RESULT([$GCC_VER]) 194 195 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 196 saved_CFLAGS="$CFLAGS" 197 CFLAGS="$CFLAGS -fno-builtin-memset" 198 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 199 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 200 [ AC_MSG_RESULT([yes]) ], 201 [ AC_MSG_RESULT([no]) 202 CFLAGS="$saved_CFLAGS" ] 203 ) 204 205 # -fstack-protector-all doesn't always work for some GCC versions 206 # and/or platforms, so we test if we can. If it's not supported 207 # on a given platform gcc will emit a warning so we use -Werror. 208 if test "x$use_stack_protector" = "x1"; then 209 for t in -fstack-protector-strong -fstack-protector-all \ 210 -fstack-protector; do 211 AC_MSG_CHECKING([if $CC supports $t]) 212 saved_CFLAGS="$CFLAGS" 213 saved_LDFLAGS="$LDFLAGS" 214 CFLAGS="$CFLAGS $t -Werror" 215 LDFLAGS="$LDFLAGS $t -Werror" 216 AC_LINK_IFELSE( 217 [AC_LANG_PROGRAM([[ 218 #include <stdio.h> 219 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 220 ]], 221 [[ 222 char x[256]; 223 snprintf(x, sizeof(x), "XXX%d", func(1)); 224 ]])], 225 [ AC_MSG_RESULT([yes]) 226 CFLAGS="$saved_CFLAGS $t" 227 LDFLAGS="$saved_LDFLAGS $t" 228 AC_MSG_CHECKING([if $t works]) 229 AC_RUN_IFELSE( 230 [AC_LANG_PROGRAM([[ 231 #include <stdio.h> 232 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 233 ]], 234 [[ 235 char x[256]; 236 snprintf(x, sizeof(x), "XXX%d", func(1)); 237 ]])], 238 [ AC_MSG_RESULT([yes]) 239 break ], 240 [ AC_MSG_RESULT([no]) ], 241 [ AC_MSG_WARN([cross compiling: cannot test]) 242 break ] 243 ) 244 ], 245 [ AC_MSG_RESULT([no]) ] 246 ) 247 CFLAGS="$saved_CFLAGS" 248 LDFLAGS="$saved_LDFLAGS" 249 done 250 fi 251 252 if test -z "$have_llong_max"; then 253 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 254 unset ac_cv_have_decl_LLONG_MAX 255 saved_CFLAGS="$CFLAGS" 256 CFLAGS="$CFLAGS -std=gnu99" 257 AC_CHECK_DECL([LLONG_MAX], 258 [have_llong_max=1], 259 [CFLAGS="$saved_CFLAGS"], 260 [#include <limits.h>] 261 ) 262 fi 263fi 264 265AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 266AC_COMPILE_IFELSE( 267 [AC_LANG_PROGRAM([[ 268#include <stdlib.h> 269__attribute__((__unused__)) static void foo(void){return;}]], 270 [[ exit(0); ]])], 271 [ AC_MSG_RESULT([yes]) ], 272 [ AC_MSG_RESULT([no]) 273 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 274 [compiler does not accept __attribute__ on return types]) ] 275) 276 277AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 278AC_COMPILE_IFELSE( 279 [AC_LANG_PROGRAM([[ 280#include <stdlib.h> 281typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 282 [[ exit(0); ]])], 283 [ AC_MSG_RESULT([yes]) ], 284 [ AC_MSG_RESULT([no]) 285 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 286 [compiler does not accept __attribute__ on prototype args]) ] 287) 288 289if test "x$no_attrib_nonnull" != "x1" ; then 290 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 291fi 292 293AC_ARG_WITH([rpath], 294 [ --without-rpath Disable auto-added -R linker paths], 295 [ 296 if test "x$withval" = "xno" ; then 297 rpath_opt="" 298 elif test "x$withval" = "xyes" ; then 299 rpath_opt="-R" 300 else 301 rpath_opt="$withval" 302 fi 303 ] 304) 305 306# Allow user to specify flags 307AC_ARG_WITH([cflags], 308 [ --with-cflags Specify additional flags to pass to compiler], 309 [ 310 if test -n "$withval" && test "x$withval" != "xno" && \ 311 test "x${withval}" != "xyes"; then 312 CFLAGS="$CFLAGS $withval" 313 fi 314 ] 315) 316 317AC_ARG_WITH([cflags-after], 318 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 319 [ 320 if test -n "$withval" && test "x$withval" != "xno" && \ 321 test "x${withval}" != "xyes"; then 322 CFLAGS_AFTER="$withval" 323 fi 324 ] 325) 326AC_ARG_WITH([cppflags], 327 [ --with-cppflags Specify additional flags to pass to preprocessor] , 328 [ 329 if test -n "$withval" && test "x$withval" != "xno" && \ 330 test "x${withval}" != "xyes"; then 331 CPPFLAGS="$CPPFLAGS $withval" 332 fi 333 ] 334) 335AC_ARG_WITH([ldflags], 336 [ --with-ldflags Specify additional flags to pass to linker], 337 [ 338 if test -n "$withval" && test "x$withval" != "xno" && \ 339 test "x${withval}" != "xyes"; then 340 LDFLAGS="$LDFLAGS $withval" 341 fi 342 ] 343) 344AC_ARG_WITH([ldflags-after], 345 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 346 [ 347 if test -n "$withval" && test "x$withval" != "xno" && \ 348 test "x${withval}" != "xyes"; then 349 LDFLAGS_AFTER="$withval" 350 fi 351 ] 352) 353AC_ARG_WITH([libs], 354 [ --with-libs Specify additional libraries to link with], 355 [ 356 if test -n "$withval" && test "x$withval" != "xno" && \ 357 test "x${withval}" != "xyes"; then 358 LIBS="$LIBS $withval" 359 fi 360 ] 361) 362AC_ARG_WITH([Werror], 363 [ --with-Werror Build main code with -Werror], 364 [ 365 if test -n "$withval" && test "x$withval" != "xno"; then 366 werror_flags="-Werror" 367 if test "x${withval}" != "xyes"; then 368 werror_flags="$withval" 369 fi 370 fi 371 ] 372) 373 374AC_CHECK_HEADERS([ \ 375 blf.h \ 376 bstring.h \ 377 crypt.h \ 378 crypto/sha2.h \ 379 dirent.h \ 380 endian.h \ 381 elf.h \ 382 err.h \ 383 features.h \ 384 fcntl.h \ 385 floatingpoint.h \ 386 fnmatch.h \ 387 getopt.h \ 388 glob.h \ 389 ia.h \ 390 iaf.h \ 391 ifaddrs.h \ 392 inttypes.h \ 393 langinfo.h \ 394 limits.h \ 395 locale.h \ 396 login.h \ 397 maillock.h \ 398 ndir.h \ 399 net/if_tun.h \ 400 netdb.h \ 401 netgroup.h \ 402 pam/pam_appl.h \ 403 paths.h \ 404 poll.h \ 405 pty.h \ 406 readpassphrase.h \ 407 rpc/types.h \ 408 security/pam_appl.h \ 409 sha2.h \ 410 shadow.h \ 411 stddef.h \ 412 stdint.h \ 413 string.h \ 414 strings.h \ 415 sys/bitypes.h \ 416 sys/byteorder.h \ 417 sys/bsdtty.h \ 418 sys/cdefs.h \ 419 sys/dir.h \ 420 sys/file.h \ 421 sys/mman.h \ 422 sys/label.h \ 423 sys/ndir.h \ 424 sys/poll.h \ 425 sys/prctl.h \ 426 sys/pstat.h \ 427 sys/ptrace.h \ 428 sys/random.h \ 429 sys/select.h \ 430 sys/stat.h \ 431 sys/stream.h \ 432 sys/stropts.h \ 433 sys/strtio.h \ 434 sys/statvfs.h \ 435 sys/sysmacros.h \ 436 sys/time.h \ 437 sys/timers.h \ 438 sys/vfs.h \ 439 time.h \ 440 tmpdir.h \ 441 ttyent.h \ 442 ucred.h \ 443 unistd.h \ 444 usersec.h \ 445 util.h \ 446 utime.h \ 447 utmp.h \ 448 utmpx.h \ 449 vis.h \ 450 wchar.h \ 451]) 452 453# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 454# to be included first. 455AC_CHECK_HEADERS([sys/audit.h], [], [], [ 456#ifdef HAVE_SYS_TIME_H 457# include <sys/time.h> 458#endif 459#ifdef HAVE_SYS_TYPES_H 460# include <sys/types.h> 461#endif 462#ifdef HAVE_SYS_LABEL_H 463# include <sys/label.h> 464#endif 465]) 466 467# sys/capsicum.h requires sys/types.h 468AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ 469#ifdef HAVE_SYS_TYPES_H 470# include <sys/types.h> 471#endif 472]) 473 474# net/route.h requires sys/socket.h and sys/types.h. 475# sys/sysctl.h also requires sys/param.h 476AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 477#ifdef HAVE_SYS_TYPES_H 478# include <sys/types.h> 479#endif 480#include <sys/param.h> 481#include <sys/socket.h> 482]) 483 484# lastlog.h requires sys/time.h to be included first on Solaris 485AC_CHECK_HEADERS([lastlog.h], [], [], [ 486#ifdef HAVE_SYS_TIME_H 487# include <sys/time.h> 488#endif 489]) 490 491# sys/ptms.h requires sys/stream.h to be included first on Solaris 492AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 493#ifdef HAVE_SYS_STREAM_H 494# include <sys/stream.h> 495#endif 496]) 497 498# login_cap.h requires sys/types.h on NetBSD 499AC_CHECK_HEADERS([login_cap.h], [], [], [ 500#include <sys/types.h> 501]) 502 503# older BSDs need sys/param.h before sys/mount.h 504AC_CHECK_HEADERS([sys/mount.h], [], [], [ 505#include <sys/param.h> 506]) 507 508# Android requires sys/socket.h to be included before sys/un.h 509AC_CHECK_HEADERS([sys/un.h], [], [], [ 510#include <sys/types.h> 511#include <sys/socket.h> 512]) 513 514# Messages for features tested for in target-specific section 515SIA_MSG="no" 516SPC_MSG="no" 517SP_MSG="no" 518SPP_MSG="no" 519 520# Support for Solaris/Illumos privileges (this test is used by both 521# the --with-solaris-privs option and --with-sandbox=solaris). 522SOLARIS_PRIVS="no" 523 524AC_CHECK_SIZEOF([size_t]) 525 526# Check for some target-specific stuff 527case "$host" in 528*-*-aix*) 529 # Some versions of VAC won't allow macro redefinitions at 530 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 531 # particularly with older versions of vac or xlc. 532 # It also throws errors about null macro arguments, but these are 533 # not fatal. 534 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 535 AC_COMPILE_IFELSE( 536 [AC_LANG_PROGRAM([[ 537#define testmacro foo 538#define testmacro bar]], 539 [[ exit(0); ]])], 540 [ AC_MSG_RESULT([yes]) ], 541 [ AC_MSG_RESULT([no]) 542 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 543 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 544 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 545 ] 546 ) 547 548 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 549 if (test -z "$blibpath"); then 550 blibpath="/usr/lib:/lib" 551 fi 552 saved_LDFLAGS="$LDFLAGS" 553 if test "$GCC" = "yes"; then 554 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 555 else 556 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 557 fi 558 for tryflags in $flags ;do 559 if (test -z "$blibflags"); then 560 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 561 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 562 [blibflags=$tryflags], []) 563 fi 564 done 565 if (test -z "$blibflags"); then 566 AC_MSG_RESULT([not found]) 567 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 568 else 569 AC_MSG_RESULT([$blibflags]) 570 fi 571 LDFLAGS="$saved_LDFLAGS" 572 dnl Check for authenticate. Might be in libs.a on older AIXes 573 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 574 [Define if you want to enable AIX4's authenticate function])], 575 [AC_CHECK_LIB([s], [authenticate], 576 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 577 LIBS="$LIBS -ls" 578 ]) 579 ]) 580 dnl Check for various auth function declarations in headers. 581 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 582 passwdexpired, setauthdb], , , [#include <usersec.h>]) 583 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 584 AC_CHECK_DECLS([loginfailed], 585 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 586 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 587 [[ (void)loginfailed("user","host","tty",0); ]])], 588 [AC_MSG_RESULT([yes]) 589 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 590 [Define if your AIX loginfailed() function 591 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 592 ])], 593 [], 594 [#include <usersec.h>] 595 ) 596 AC_CHECK_FUNCS([getgrset setauthdb]) 597 AC_CHECK_DECL([F_CLOSEM], 598 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 599 [], 600 [ #include <limits.h> 601 #include <fcntl.h> ] 602 ) 603 check_for_aix_broken_getaddrinfo=1 604 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 605 [Define if your platform breaks doing a seteuid before a setuid]) 606 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 607 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 608 dnl AIX handles lastlog as part of its login message 609 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 610 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 611 [Some systems need a utmpx entry for /bin/login to work]) 612 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 613 [Define to a Set Process Title type if your system is 614 supported by bsd-setproctitle.c]) 615 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 616 [AIX 5.2 and 5.3 (and presumably newer) require this]) 617 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 618 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 619 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 620 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 621 ;; 622*-*-android*) 623 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 624 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 625 ;; 626*-*-cygwin*) 627 check_for_libcrypt_later=1 628 LIBS="$LIBS /usr/lib/textreadmode.o" 629 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 630 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 631 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 632 [Define to disable UID restoration test]) 633 AC_DEFINE([DISABLE_SHADOW], [1], 634 [Define if you want to disable shadow passwords]) 635 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 636 [Define if X11 doesn't support AF_UNIX sockets on that system]) 637 AC_DEFINE([DISABLE_FD_PASSING], [1], 638 [Define if your platform needs to skip post auth 639 file descriptor passing]) 640 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 641 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 642 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 643 # reasons which cause compile warnings, so we disable those warnings. 644 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 645 ;; 646*-*-dgux*) 647 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 648 [Define if your system choked on IP TOS setting]) 649 AC_DEFINE([SETEUID_BREAKS_SETUID]) 650 AC_DEFINE([BROKEN_SETREUID]) 651 AC_DEFINE([BROKEN_SETREGID]) 652 ;; 653*-*-darwin*) 654 use_pie=auto 655 AC_MSG_CHECKING([if we have working getaddrinfo]) 656 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h> 657main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 658 exit(0); 659 else 660 exit(1); 661} 662 ]])], 663 [AC_MSG_RESULT([working])], 664 [AC_MSG_RESULT([buggy]) 665 AC_DEFINE([BROKEN_GETADDRINFO], [1], 666 [getaddrinfo is broken (if present)]) 667 ], 668 [AC_MSG_RESULT([assume it is working])]) 669 AC_DEFINE([SETEUID_BREAKS_SETUID]) 670 AC_DEFINE([BROKEN_SETREUID]) 671 AC_DEFINE([BROKEN_SETREGID]) 672 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 673 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 674 [Define if your resolver libs need this for getrrsetbyname]) 675 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 676 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 677 [Use tunnel device compatibility to OpenBSD]) 678 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 679 [Prepend the address family to IP tunnel traffic]) 680 m4_pattern_allow([AU_IPv]) 681 AC_CHECK_DECL([AU_IPv4], [], 682 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 683 [#include <bsm/audit.h>] 684 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 685 [Define if pututxline updates lastlog too]) 686 ) 687 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 688 [Define to a Set Process Title type if your system is 689 supported by bsd-setproctitle.c]) 690 AC_CHECK_FUNCS([sandbox_init]) 691 AC_CHECK_HEADERS([sandbox.h]) 692 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 693 SSHDLIBS="$SSHDLIBS -lsandbox" 694 ]) 695 # proc_pidinfo()-based closefrom() replacement. 696 AC_CHECK_HEADERS([libproc.h]) 697 AC_CHECK_FUNCS([proc_pidinfo]) 698 ;; 699*-*-dragonfly*) 700 SSHDLIBS="$SSHDLIBS -lcrypt" 701 TEST_MALLOC_OPTIONS="AFGJPRX" 702 ;; 703*-*-haiku*) 704 LIBS="$LIBS -lbsd " 705 CFLAGS="$CFLAGS -D_BSD_SOURCE" 706 AC_CHECK_LIB([network], [socket]) 707 AC_DEFINE([HAVE_U_INT64_T]) 708 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 709 MANTYPE=man 710 ;; 711*-*-hpux*) 712 # first we define all of the options common to all HP-UX releases 713 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 714 IPADDR_IN_DISPLAY=yes 715 AC_DEFINE([USE_PIPES]) 716 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 717 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 718 [String used in /etc/passwd to denote locked account]) 719 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 720 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 721 maildir="/var/mail" 722 LIBS="$LIBS -lsec" 723 AC_CHECK_LIB([xnet], [t_error], , 724 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 725 726 # next, we define all of the options specific to major releases 727 case "$host" in 728 *-*-hpux10*) 729 if test -z "$GCC"; then 730 CFLAGS="$CFLAGS -Ae" 731 fi 732 ;; 733 *-*-hpux11*) 734 AC_DEFINE([PAM_SUN_CODEBASE], [1], 735 [Define if you are using Solaris-derived PAM which 736 passes pam_messages to the conversation function 737 with an extra level of indirection]) 738 AC_DEFINE([DISABLE_UTMP], [1], 739 [Define if you don't want to use utmp]) 740 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 741 check_for_hpux_broken_getaddrinfo=1 742 check_for_conflicting_getspnam=1 743 ;; 744 esac 745 746 # lastly, we define options specific to minor releases 747 case "$host" in 748 *-*-hpux10.26) 749 AC_DEFINE([HAVE_SECUREWARE], [1], 750 [Define if you have SecureWare-based 751 protected password database]) 752 disable_ptmx_check=yes 753 LIBS="$LIBS -lsecpw" 754 ;; 755 esac 756 ;; 757*-*-irix5*) 758 PATH="$PATH:/usr/etc" 759 AC_DEFINE([BROKEN_INET_NTOA], [1], 760 [Define if you system's inet_ntoa is busted 761 (e.g. Irix gcc issue)]) 762 AC_DEFINE([SETEUID_BREAKS_SETUID]) 763 AC_DEFINE([BROKEN_SETREUID]) 764 AC_DEFINE([BROKEN_SETREGID]) 765 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 766 [Define if you shouldn't strip 'tty' from your 767 ttyname in [uw]tmp]) 768 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 769 ;; 770*-*-irix6*) 771 PATH="$PATH:/usr/etc" 772 AC_DEFINE([WITH_IRIX_ARRAY], [1], 773 [Define if you have/want arrays 774 (cluster-wide session management, not C arrays)]) 775 AC_DEFINE([WITH_IRIX_PROJECT], [1], 776 [Define if you want IRIX project management]) 777 AC_DEFINE([WITH_IRIX_AUDIT], [1], 778 [Define if you want IRIX audit trails]) 779 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 780 [Define if you want IRIX kernel jobs])]) 781 AC_DEFINE([BROKEN_INET_NTOA]) 782 AC_DEFINE([SETEUID_BREAKS_SETUID]) 783 AC_DEFINE([BROKEN_SETREUID]) 784 AC_DEFINE([BROKEN_SETREGID]) 785 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 786 AC_DEFINE([WITH_ABBREV_NO_TTY]) 787 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 788 ;; 789*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 790 check_for_libcrypt_later=1 791 AC_DEFINE([PAM_TTY_KLUDGE]) 792 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 793 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 794 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 795 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 796 ;; 797*-*-linux*) 798 no_dev_ptmx=1 799 use_pie=auto 800 check_for_libcrypt_later=1 801 check_for_openpty_ctty_bug=1 802 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 803 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 804 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" 805 AC_DEFINE([PAM_TTY_KLUDGE], [1], 806 [Work around problematic Linux PAM modules handling of PAM_TTY]) 807 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 808 [String used in /etc/passwd to denote locked account]) 809 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 810 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 811 [Define to whatever link() returns for "not supported" 812 if it doesn't return EOPNOTSUPP.]) 813 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 814 AC_DEFINE([USE_BTMP]) 815 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 816 inet6_default_4in6=yes 817 case `uname -r` in 818 1.*|2.0.*) 819 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 820 [Define if cmsg_type is not passed correctly]) 821 ;; 822 esac 823 # tun(4) forwarding compat code 824 AC_CHECK_HEADERS([linux/if_tun.h]) 825 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 826 AC_DEFINE([SSH_TUN_LINUX], [1], 827 [Open tunnel devices the Linux tun/tap way]) 828 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 829 [Use tunnel device compatibility to OpenBSD]) 830 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 831 [Prepend the address family to IP tunnel traffic]) 832 fi 833 AC_CHECK_HEADER([linux/if.h], 834 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 835 [Support routing domains using Linux VRF]), [], [ 836#ifdef HAVE_SYS_TYPES_H 837# include <sys/types.h> 838#endif 839 ]) 840 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 841 [], [#include <linux/types.h>]) 842 # Obtain MIPS ABI 843 case "$host" in 844 mips*) 845 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 846#if _MIPS_SIM != _ABIO32 847#error 848#endif 849 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 850#if _MIPS_SIM != _ABIN32 851#error 852#endif 853 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 854#if _MIPS_SIM != _ABI64 855#error 856#endif 857 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 858 ]) 859 ]) 860 ]) 861 ;; 862 esac 863 AC_MSG_CHECKING([for seccomp architecture]) 864 seccomp_audit_arch= 865 case "$host" in 866 x86_64-*) 867 seccomp_audit_arch=AUDIT_ARCH_X86_64 868 # X32: AMD64 instructions in 32bit address space. 869 if test "x$ac_cv_sizeof_size_t" = "x4" ; then 870 seccomp_audit_arch=AUDIT_ARCH_I386 871 fi 872 ;; 873 i*86-*) 874 seccomp_audit_arch=AUDIT_ARCH_I386 875 ;; 876 arm*-*) 877 seccomp_audit_arch=AUDIT_ARCH_ARM 878 ;; 879 aarch64*-*) 880 seccomp_audit_arch=AUDIT_ARCH_AARCH64 881 ;; 882 s390x-*) 883 seccomp_audit_arch=AUDIT_ARCH_S390X 884 ;; 885 s390-*) 886 seccomp_audit_arch=AUDIT_ARCH_S390 887 ;; 888 powerpc64-*) 889 seccomp_audit_arch=AUDIT_ARCH_PPC64 890 ;; 891 powerpc64le-*) 892 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 893 ;; 894 mips-*) 895 seccomp_audit_arch=AUDIT_ARCH_MIPS 896 ;; 897 mipsel-*) 898 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 899 ;; 900 mips64-*) 901 case "$mips_abi" in 902 "n32") 903 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 904 ;; 905 "n64") 906 seccomp_audit_arch=AUDIT_ARCH_MIPS64 907 ;; 908 esac 909 ;; 910 mips64el-*) 911 case "$mips_abi" in 912 "n32") 913 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 914 ;; 915 "n64") 916 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 917 ;; 918 esac 919 ;; 920 riscv64-*) 921 seccomp_audit_arch=AUDIT_ARCH_RISCV64 922 ;; 923 esac 924 if test "x$seccomp_audit_arch" != "x" ; then 925 AC_MSG_RESULT(["$seccomp_audit_arch"]) 926 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 927 [Specify the system call convention in use]) 928 else 929 AC_MSG_RESULT([architecture not supported]) 930 fi 931 ;; 932mips-sony-bsd|mips-sony-newsos4) 933 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 934 SONY=1 935 ;; 936*-*-netbsd*) 937 check_for_libcrypt_before=1 938 if test "x$withval" != "xno" ; then 939 rpath_opt="-R" 940 fi 941 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 942 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 943 AC_CHECK_HEADER([net/if_tap.h], , 944 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 945 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 946 [Prepend the address family to IP tunnel traffic]) 947 TEST_MALLOC_OPTIONS="AJRX" 948 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 949 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 950 ;; 951*-*-freebsd*) 952 check_for_libcrypt_later=1 953 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 954 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 955 AC_CHECK_HEADER([net/if_tap.h], , 956 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 957 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 958 TEST_MALLOC_OPTIONS="AJRX" 959 # Preauth crypto occasionally uses file descriptors for crypto offload 960 # and will crash if they cannot be opened. 961 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 962 [define if setrlimit RLIMIT_NOFILE breaks things]) 963 ;; 964*-*-bsdi*) 965 AC_DEFINE([SETEUID_BREAKS_SETUID]) 966 AC_DEFINE([BROKEN_SETREUID]) 967 AC_DEFINE([BROKEN_SETREGID]) 968 ;; 969*-next-*) 970 conf_lastlog_location="/usr/adm/lastlog" 971 conf_utmp_location=/etc/utmp 972 conf_wtmp_location=/usr/adm/wtmp 973 maildir=/usr/spool/mail 974 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 975 AC_DEFINE([USE_PIPES]) 976 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 977 ;; 978*-*-openbsd*) 979 use_pie=auto 980 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 981 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 982 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 983 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 984 [syslog_r function is safe to use in in a signal handler]) 985 TEST_MALLOC_OPTIONS="AFGJPRX" 986 ;; 987*-*-solaris*) 988 if test "x$withval" != "xno" ; then 989 rpath_opt="-R" 990 fi 991 AC_DEFINE([PAM_SUN_CODEBASE]) 992 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 993 AC_DEFINE([PAM_TTY_KLUDGE]) 994 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 995 [Define if pam_chauthtok wants real uid set 996 to the unpriv'ed user]) 997 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 998 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 999 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 1000 [Define if sshd somehow reacquires a controlling TTY 1001 after setsid()]) 1002 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1003 in case the name is longer than 8 chars]) 1004 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1005 external_path_file=/etc/default/login 1006 # hardwire lastlog location (can't detect it on some versions) 1007 conf_lastlog_location="/var/adm/lastlog" 1008 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1009 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1010 if test "$sol2ver" -ge 8; then 1011 AC_MSG_RESULT([yes]) 1012 AC_DEFINE([DISABLE_UTMP]) 1013 AC_DEFINE([DISABLE_WTMP], [1], 1014 [Define if you don't want to use wtmp]) 1015 else 1016 AC_MSG_RESULT([no]) 1017 fi 1018 AC_CHECK_FUNCS([setpflags]) 1019 AC_CHECK_FUNCS([setppriv]) 1020 AC_CHECK_FUNCS([priv_basicset]) 1021 AC_CHECK_HEADERS([priv.h]) 1022 AC_ARG_WITH([solaris-contracts], 1023 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1024 [ 1025 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1026 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1027 [Define if you have Solaris process contracts]) 1028 LIBS="$LIBS -lcontract" 1029 SPC_MSG="yes" ], ) 1030 ], 1031 ) 1032 AC_ARG_WITH([solaris-projects], 1033 [ --with-solaris-projects Enable Solaris projects (experimental)], 1034 [ 1035 AC_CHECK_LIB([project], [setproject], 1036 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1037 [Define if you have Solaris projects]) 1038 LIBS="$LIBS -lproject" 1039 SP_MSG="yes" ], ) 1040 ], 1041 ) 1042 AC_ARG_WITH([solaris-privs], 1043 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1044 [ 1045 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1046 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1047 "x$ac_cv_header_priv_h" = "xyes" ; then 1048 SOLARIS_PRIVS=yes 1049 AC_MSG_RESULT([found]) 1050 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1051 [Define to disable UID restoration test]) 1052 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1053 [Define if you have Solaris privileges]) 1054 SPP_MSG="yes" 1055 else 1056 AC_MSG_RESULT([not found]) 1057 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1058 fi 1059 ], 1060 ) 1061 TEST_SHELL=$SHELL # let configure find us a capable shell 1062 ;; 1063*-*-sunos4*) 1064 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1065 AC_CHECK_FUNCS([getpwanam]) 1066 AC_DEFINE([PAM_SUN_CODEBASE]) 1067 conf_utmp_location=/etc/utmp 1068 conf_wtmp_location=/var/adm/wtmp 1069 conf_lastlog_location=/var/adm/lastlog 1070 AC_DEFINE([USE_PIPES]) 1071 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1072 ;; 1073*-ncr-sysv*) 1074 LIBS="$LIBS -lc89" 1075 AC_DEFINE([USE_PIPES]) 1076 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1077 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1078 AC_DEFINE([BROKEN_SETREUID]) 1079 AC_DEFINE([BROKEN_SETREGID]) 1080 ;; 1081*-sni-sysv*) 1082 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1083 AC_CHECK_LIB([dl], [dlsym], ,) 1084 # -lresolv needs to be at the end of LIBS or DNS lookups break 1085 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1086 IPADDR_IN_DISPLAY=yes 1087 AC_DEFINE([USE_PIPES]) 1088 AC_DEFINE([IP_TOS_IS_BROKEN]) 1089 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1090 AC_DEFINE([BROKEN_SETREUID]) 1091 AC_DEFINE([BROKEN_SETREGID]) 1092 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1093 external_path_file=/etc/default/login 1094 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1095 # Attention: always take care to bind libsocket and libnsl before libc, 1096 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1097 ;; 1098# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1099*-*-sysv4.2*) 1100 AC_DEFINE([USE_PIPES]) 1101 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1102 AC_DEFINE([BROKEN_SETREUID]) 1103 AC_DEFINE([BROKEN_SETREGID]) 1104 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1105 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1106 TEST_SHELL=$SHELL # let configure find us a capable shell 1107 ;; 1108# UnixWare 7.x, OpenUNIX 8 1109*-*-sysv5*) 1110 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1111 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1112 AC_DEFINE([USE_PIPES]) 1113 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1114 AC_DEFINE([BROKEN_GETADDRINFO]) 1115 AC_DEFINE([BROKEN_SETREUID]) 1116 AC_DEFINE([BROKEN_SETREGID]) 1117 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1118 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1119 TEST_SHELL=$SHELL # let configure find us a capable shell 1120 check_for_libcrypt_later=1 1121 case "$host" in 1122 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1123 maildir=/var/spool/mail 1124 AC_DEFINE([BROKEN_UPDWTMPX]) 1125 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1126 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1127 ], , ) 1128 ;; 1129 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1130 ;; 1131 esac 1132 ;; 1133*-*-sysv*) 1134 ;; 1135# SCO UNIX and OEM versions of SCO UNIX 1136*-*-sco3.2v4*) 1137 AC_MSG_ERROR("This Platform is no longer supported.") 1138 ;; 1139# SCO OpenServer 5.x 1140*-*-sco3.2v5*) 1141 if test -z "$GCC"; then 1142 CFLAGS="$CFLAGS -belf" 1143 fi 1144 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1145 no_dev_ptmx=1 1146 AC_DEFINE([USE_PIPES]) 1147 AC_DEFINE([HAVE_SECUREWARE]) 1148 AC_DEFINE([DISABLE_SHADOW]) 1149 AC_DEFINE([DISABLE_FD_PASSING]) 1150 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1151 AC_DEFINE([BROKEN_GETADDRINFO]) 1152 AC_DEFINE([BROKEN_SETREUID]) 1153 AC_DEFINE([BROKEN_SETREGID]) 1154 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1155 AC_DEFINE([BROKEN_UPDWTMPX]) 1156 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1157 AC_CHECK_FUNCS([getluid setluid]) 1158 MANTYPE=man 1159 TEST_SHELL=$SHELL # let configure find us a capable shell 1160 SKIP_DISABLE_LASTLOG_DEFINE=yes 1161 ;; 1162*-dec-osf*) 1163 AC_MSG_CHECKING([for Digital Unix SIA]) 1164 no_osfsia="" 1165 AC_ARG_WITH([osfsia], 1166 [ --with-osfsia Enable Digital Unix SIA], 1167 [ 1168 if test "x$withval" = "xno" ; then 1169 AC_MSG_RESULT([disabled]) 1170 no_osfsia=1 1171 fi 1172 ], 1173 ) 1174 if test -z "$no_osfsia" ; then 1175 if test -f /etc/sia/matrix.conf; then 1176 AC_MSG_RESULT([yes]) 1177 AC_DEFINE([HAVE_OSF_SIA], [1], 1178 [Define if you have Digital Unix Security 1179 Integration Architecture]) 1180 AC_DEFINE([DISABLE_LOGIN], [1], 1181 [Define if you don't want to use your 1182 system's login() call]) 1183 AC_DEFINE([DISABLE_FD_PASSING]) 1184 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1185 SIA_MSG="yes" 1186 else 1187 AC_MSG_RESULT([no]) 1188 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1189 [String used in /etc/passwd to denote locked account]) 1190 fi 1191 fi 1192 AC_DEFINE([BROKEN_GETADDRINFO]) 1193 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1194 AC_DEFINE([BROKEN_SETREUID]) 1195 AC_DEFINE([BROKEN_SETREGID]) 1196 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1197 ;; 1198 1199*-*-nto-qnx*) 1200 AC_DEFINE([USE_PIPES]) 1201 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1202 AC_DEFINE([DISABLE_LASTLOG]) 1203 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1204 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1205 enable_etc_default_login=no # has incompatible /etc/default/login 1206 case "$host" in 1207 *-*-nto-qnx6*) 1208 AC_DEFINE([DISABLE_FD_PASSING]) 1209 ;; 1210 esac 1211 ;; 1212 1213*-*-ultrix*) 1214 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1215 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1216 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1217 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1218 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1219 # don't get a controlling tty. 1220 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1221 # On Ultrix some headers are not protected against multiple includes, 1222 # so we create wrappers and put it where the compiler will find it. 1223 AC_MSG_WARN([creating compat wrappers for headers]) 1224 mkdir -p netinet 1225 for header in netinet/ip.h netdb.h resolv.h; do 1226 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1227 cat >$header <<EOD 1228#ifndef _SSH_COMPAT_${name} 1229#define _SSH_COMPAT_${name} 1230#include "/usr/include/${header}" 1231#endif 1232EOD 1233 done 1234 ;; 1235 1236*-*-lynxos) 1237 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1238 AC_DEFINE([BROKEN_SETVBUF], [1], 1239 [LynxOS has broken setvbuf() implementation]) 1240 ;; 1241esac 1242 1243AC_MSG_CHECKING([compiler and flags for sanity]) 1244AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], 1245 [ AC_MSG_RESULT([yes]) ], 1246 [ 1247 AC_MSG_RESULT([no]) 1248 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1249 ], 1250 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1251) 1252 1253dnl Checks for header files. 1254# Checks for libraries. 1255AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1256 1257dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1258AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1259 AC_CHECK_LIB([gen], [dirname], [ 1260 AC_CACHE_CHECK([for broken dirname], 1261 ac_cv_have_broken_dirname, [ 1262 save_LIBS="$LIBS" 1263 LIBS="$LIBS -lgen" 1264 AC_RUN_IFELSE( 1265 [AC_LANG_SOURCE([[ 1266#include <libgen.h> 1267#include <string.h> 1268 1269int main(int argc, char **argv) { 1270 char *s, buf[32]; 1271 1272 strncpy(buf,"/etc", 32); 1273 s = dirname(buf); 1274 if (!s || strncmp(s, "/", 32) != 0) { 1275 exit(1); 1276 } else { 1277 exit(0); 1278 } 1279} 1280 ]])], 1281 [ ac_cv_have_broken_dirname="no" ], 1282 [ ac_cv_have_broken_dirname="yes" ], 1283 [ ac_cv_have_broken_dirname="no" ], 1284 ) 1285 LIBS="$save_LIBS" 1286 ]) 1287 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1288 LIBS="$LIBS -lgen" 1289 AC_DEFINE([HAVE_DIRNAME]) 1290 AC_CHECK_HEADERS([libgen.h]) 1291 fi 1292 ]) 1293]) 1294 1295AC_CHECK_FUNC([getspnam], , 1296 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1297AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1298 [Define if you have the basename function.])]) 1299 1300dnl zlib defaults to enabled 1301zlib=yes 1302AC_ARG_WITH([zlib], 1303 [ --with-zlib=PATH Use zlib in PATH], 1304 [ if test "x$withval" = "xno" ; then 1305 zlib=no 1306 elif test "x$withval" != "xyes"; then 1307 if test -d "$withval/lib"; then 1308 if test -n "${rpath_opt}"; then 1309 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1310 else 1311 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1312 fi 1313 else 1314 if test -n "${rpath_opt}"; then 1315 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1316 else 1317 LDFLAGS="-L${withval} ${LDFLAGS}" 1318 fi 1319 fi 1320 if test -d "$withval/include"; then 1321 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1322 else 1323 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1324 fi 1325 fi ] 1326) 1327 1328AC_MSG_CHECKING([for zlib]) 1329if test "x${zlib}" = "xno"; then 1330 AC_MSG_RESULT([no]) 1331else 1332 AC_MSG_RESULT([yes]) 1333 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1334 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1335 AC_CHECK_LIB([z], [deflate], , 1336 [ 1337 saved_CPPFLAGS="$CPPFLAGS" 1338 saved_LDFLAGS="$LDFLAGS" 1339 save_LIBS="$LIBS" 1340 dnl Check default zlib install dir 1341 if test -n "${rpath_opt}"; then 1342 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1343 else 1344 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1345 fi 1346 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1347 LIBS="$LIBS -lz" 1348 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1349 [ 1350 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1351 ] 1352 ) 1353 ] 1354 ) 1355 1356 AC_ARG_WITH([zlib-version-check], 1357 [ --without-zlib-version-check Disable zlib version check], 1358 [ if test "x$withval" = "xno" ; then 1359 zlib_check_nonfatal=1 1360 fi 1361 ] 1362 ) 1363 1364 AC_MSG_CHECKING([for possibly buggy zlib]) 1365 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1366#include <stdio.h> 1367#include <stdlib.h> 1368#include <zlib.h> 1369 ]], 1370 [[ 1371 int a=0, b=0, c=0, d=0, n, v; 1372 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1373 if (n != 3 && n != 4) 1374 exit(1); 1375 v = a*1000000 + b*10000 + c*100 + d; 1376 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1377 1378 /* 1.1.4 is OK */ 1379 if (a == 1 && b == 1 && c >= 4) 1380 exit(0); 1381 1382 /* 1.2.3 and up are OK */ 1383 if (v >= 1020300) 1384 exit(0); 1385 1386 exit(2); 1387 ]])], 1388 AC_MSG_RESULT([no]), 1389 [ AC_MSG_RESULT([yes]) 1390 if test -z "$zlib_check_nonfatal" ; then 1391 AC_MSG_ERROR([*** zlib too old - check config.log *** 1392Your reported zlib version has known security problems. It's possible your 1393vendor has fixed these problems without changing the version number. If you 1394are sure this is the case, you can disable the check by running 1395"./configure --without-zlib-version-check". 1396If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1397See http://www.gzip.org/zlib/ for details.]) 1398 else 1399 AC_MSG_WARN([zlib version may have security problems]) 1400 fi 1401 ], 1402 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1403 ) 1404fi 1405 1406dnl UnixWare 2.x 1407AC_CHECK_FUNC([strcasecmp], 1408 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1409) 1410AC_CHECK_FUNCS([utimes], 1411 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1412 LIBS="$LIBS -lc89"]) ] 1413) 1414 1415dnl Checks for libutil functions 1416AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1417AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1418AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1419AC_SEARCH_LIBS([login], [util bsd]) 1420AC_SEARCH_LIBS([logout], [util bsd]) 1421AC_SEARCH_LIBS([logwtmp], [util bsd]) 1422AC_SEARCH_LIBS([openpty], [util bsd]) 1423AC_SEARCH_LIBS([updwtmp], [util bsd]) 1424AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1425 1426# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1427# or libnsl. 1428AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1429AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1430 1431# "Particular Function Checks" 1432# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1433AC_FUNC_STRFTIME 1434AC_FUNC_MALLOC 1435AC_FUNC_REALLOC 1436# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1437AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1438AC_RUN_IFELSE( 1439 [AC_LANG_PROGRAM( 1440 [[ #include <stdlib.h> ]], 1441 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1442 )], 1443 [ func_calloc_0_nonnull=yes ], 1444 [ func_calloc_0_nonnull=no ], 1445 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1446 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1447) 1448AC_MSG_RESULT([$func_calloc_0_nonnull]) 1449 1450if test "x$func_calloc_0_nonnull" = "xyes"; then 1451 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1452else 1453 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1454 AC_DEFINE(calloc, rpl_calloc, 1455 [Define to rpl_calloc if the replacement function should be used.]) 1456fi 1457 1458# Check for ALTDIRFUNC glob() extension 1459AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1460AC_EGREP_CPP([FOUNDIT], 1461 [ 1462 #include <glob.h> 1463 #ifdef GLOB_ALTDIRFUNC 1464 FOUNDIT 1465 #endif 1466 ], 1467 [ 1468 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1469 [Define if your system glob() function has 1470 the GLOB_ALTDIRFUNC extension]) 1471 AC_MSG_RESULT([yes]) 1472 ], 1473 [ 1474 AC_MSG_RESULT([no]) 1475 ] 1476) 1477 1478# Check for g.gl_matchc glob() extension 1479AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1480AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1481 [[ glob_t g; g.gl_matchc = 1; ]])], 1482 [ 1483 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1484 [Define if your system glob() function has 1485 gl_matchc options in glob_t]) 1486 AC_MSG_RESULT([yes]) 1487 ], [ 1488 AC_MSG_RESULT([no]) 1489]) 1490 1491# Check for g.gl_statv glob() extension 1492AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1493AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1494#ifndef GLOB_KEEPSTAT 1495#error "glob does not support GLOB_KEEPSTAT extension" 1496#endif 1497glob_t g; 1498g.gl_statv = NULL; 1499]])], 1500 [ 1501 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1502 [Define if your system glob() function has 1503 gl_statv options in glob_t]) 1504 AC_MSG_RESULT([yes]) 1505 ], [ 1506 AC_MSG_RESULT([no]) 1507 1508]) 1509 1510AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1511 1512AC_CHECK_DECL([VIS_ALL], , 1513 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1514 1515AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1516AC_RUN_IFELSE( 1517 [AC_LANG_PROGRAM([[ 1518#include <sys/types.h> 1519#include <dirent.h>]], 1520 [[ 1521 struct dirent d; 1522 exit(sizeof(d.d_name)<=sizeof(char)); 1523 ]])], 1524 [AC_MSG_RESULT([yes])], 1525 [ 1526 AC_MSG_RESULT([no]) 1527 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1528 [Define if your struct dirent expects you to 1529 allocate extra space for d_name]) 1530 ], 1531 [ 1532 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1533 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1534 ] 1535) 1536 1537AC_MSG_CHECKING([for /proc/pid/fd directory]) 1538if test -d "/proc/$$/fd" ; then 1539 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1540 AC_MSG_RESULT([yes]) 1541else 1542 AC_MSG_RESULT([no]) 1543fi 1544 1545# Check whether user wants to use ldns 1546LDNS_MSG="no" 1547AC_ARG_WITH(ldns, 1548 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1549 [ 1550 ldns="" 1551 if test "x$withval" = "xyes" ; then 1552 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1553 if test "x$LDNSCONFIG" = "xno"; then 1554 LIBS="-lldns $LIBS" 1555 ldns=yes 1556 else 1557 LIBS="$LIBS `$LDNSCONFIG --libs`" 1558 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1559 ldns=yes 1560 fi 1561 elif test "x$withval" != "xno" ; then 1562 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1563 LDFLAGS="$LDFLAGS -L${withval}/lib" 1564 LIBS="-lldns $LIBS" 1565 ldns=yes 1566 fi 1567 1568 # Verify that it works. 1569 if test "x$ldns" = "xyes" ; then 1570 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1571 LDNS_MSG="yes" 1572 AC_MSG_CHECKING([for ldns support]) 1573 AC_LINK_IFELSE( 1574 [AC_LANG_SOURCE([[ 1575#include <stdio.h> 1576#include <stdlib.h> 1577#ifdef HAVE_STDINT_H 1578# include <stdint.h> 1579#endif 1580#include <ldns/ldns.h> 1581int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1582 ]]) 1583 ], 1584 [AC_MSG_RESULT(yes)], 1585 [ 1586 AC_MSG_RESULT(no) 1587 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1588 ]) 1589 fi 1590]) 1591 1592# Check whether user wants libedit support 1593LIBEDIT_MSG="no" 1594AC_ARG_WITH([libedit], 1595 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1596 [ if test "x$withval" != "xno" ; then 1597 if test "x$withval" = "xyes" ; then 1598 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1599 if test "x$PKGCONFIG" != "xno"; then 1600 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1601 if "$PKGCONFIG" libedit; then 1602 AC_MSG_RESULT([yes]) 1603 use_pkgconfig_for_libedit=yes 1604 else 1605 AC_MSG_RESULT([no]) 1606 fi 1607 fi 1608 else 1609 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1610 if test -n "${rpath_opt}"; then 1611 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1612 else 1613 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1614 fi 1615 fi 1616 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1617 LIBEDIT=`$PKGCONFIG --libs libedit` 1618 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1619 else 1620 LIBEDIT="-ledit -lcurses" 1621 fi 1622 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1623 AC_CHECK_LIB([edit], [el_init], 1624 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1625 LIBEDIT_MSG="yes" 1626 AC_SUBST([LIBEDIT]) 1627 ], 1628 [ AC_MSG_ERROR([libedit not found]) ], 1629 [ $OTHERLIBS ] 1630 ) 1631 AC_MSG_CHECKING([if libedit version is compatible]) 1632 AC_COMPILE_IFELSE( 1633 [AC_LANG_PROGRAM([[ #include <histedit.h> ]], 1634 [[ 1635 int i = H_SETSIZE; 1636 el_init("", NULL, NULL, NULL); 1637 exit(0); 1638 ]])], 1639 [ AC_MSG_RESULT([yes]) ], 1640 [ AC_MSG_RESULT([no]) 1641 AC_MSG_ERROR([libedit version is not compatible]) ] 1642 ) 1643 fi ] 1644) 1645 1646AUDIT_MODULE=none 1647AC_ARG_WITH([audit], 1648 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1649 [ 1650 AC_MSG_CHECKING([for supported audit module]) 1651 case "$withval" in 1652 bsm) 1653 AC_MSG_RESULT([bsm]) 1654 AUDIT_MODULE=bsm 1655 dnl Checks for headers, libs and functions 1656 AC_CHECK_HEADERS([bsm/audit.h], [], 1657 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1658 [ 1659#ifdef HAVE_TIME_H 1660# include <time.h> 1661#endif 1662 ] 1663) 1664 AC_CHECK_LIB([bsm], [getaudit], [], 1665 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1666 AC_CHECK_FUNCS([getaudit], [], 1667 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1668 # These are optional 1669 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1670 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1671 if test "$sol2ver" -ge 11; then 1672 SSHDLIBS="$SSHDLIBS -lscf" 1673 AC_DEFINE([BROKEN_BSM_API], [1], 1674 [The system has incomplete BSM API]) 1675 fi 1676 ;; 1677 linux) 1678 AC_MSG_RESULT([linux]) 1679 AUDIT_MODULE=linux 1680 dnl Checks for headers, libs and functions 1681 AC_CHECK_HEADERS([libaudit.h]) 1682 SSHDLIBS="$SSHDLIBS -laudit" 1683 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1684 ;; 1685 debug) 1686 AUDIT_MODULE=debug 1687 AC_MSG_RESULT([debug]) 1688 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1689 ;; 1690 no) 1691 AC_MSG_RESULT([no]) 1692 ;; 1693 *) 1694 AC_MSG_ERROR([Unknown audit module $withval]) 1695 ;; 1696 esac ] 1697) 1698 1699AC_ARG_WITH([pie], 1700 [ --with-pie Build Position Independent Executables if possible], [ 1701 if test "x$withval" = "xno"; then 1702 use_pie=no 1703 fi 1704 if test "x$withval" = "xyes"; then 1705 use_pie=yes 1706 fi 1707 ] 1708) 1709if test "x$use_pie" = "x"; then 1710 use_pie=no 1711fi 1712if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1713 # Turn off automatic PIE when toolchain hardening is off. 1714 use_pie=no 1715fi 1716if test "x$use_pie" = "xauto"; then 1717 # Automatic PIE requires gcc >= 4.x 1718 AC_MSG_CHECKING([for gcc >= 4.x]) 1719 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1720#if !defined(__GNUC__) || __GNUC__ < 4 1721#error gcc is too old 1722#endif 1723]])], 1724 [ AC_MSG_RESULT([yes]) ], 1725 [ AC_MSG_RESULT([no]) 1726 use_pie=no ] 1727) 1728fi 1729if test "x$use_pie" != "xno"; then 1730 SAVED_CFLAGS="$CFLAGS" 1731 SAVED_LDFLAGS="$LDFLAGS" 1732 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1733 OSSH_CHECK_LDFLAG_LINK([-pie]) 1734 # We use both -fPIE and -pie or neither. 1735 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1736 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1737 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1738 AC_MSG_RESULT([yes]) 1739 else 1740 AC_MSG_RESULT([no]) 1741 CFLAGS="$SAVED_CFLAGS" 1742 LDFLAGS="$SAVED_LDFLAGS" 1743 fi 1744fi 1745 1746AC_MSG_CHECKING([whether -fPIC is accepted]) 1747SAVED_CFLAGS="$CFLAGS" 1748CFLAGS="$CFLAGS -fPIC" 1749AC_COMPILE_IFELSE( 1750 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1751 [AC_MSG_RESULT([yes]) 1752 PICFLAG="-fPIC"; ], 1753 [AC_MSG_RESULT([no]) 1754 PICFLAG=""; ]) 1755CFLAGS="$SAVED_CFLAGS" 1756AC_SUBST([PICFLAG]) 1757 1758dnl Checks for library functions. Please keep in alphabetical order 1759AC_CHECK_FUNCS([ \ 1760 Blowfish_initstate \ 1761 Blowfish_expandstate \ 1762 Blowfish_expand0state \ 1763 Blowfish_stream2word \ 1764 SHA256Update \ 1765 SHA384Update \ 1766 SHA512Update \ 1767 asprintf \ 1768 b64_ntop \ 1769 __b64_ntop \ 1770 b64_pton \ 1771 __b64_pton \ 1772 bcopy \ 1773 bcrypt_pbkdf \ 1774 bindresvport_sa \ 1775 blf_enc \ 1776 bzero \ 1777 cap_rights_limit \ 1778 clock \ 1779 closefrom \ 1780 dirfd \ 1781 endgrent \ 1782 err \ 1783 errx \ 1784 explicit_bzero \ 1785 fchmod \ 1786 fchmodat \ 1787 fchown \ 1788 fchownat \ 1789 flock \ 1790 fnmatch \ 1791 freeaddrinfo \ 1792 freezero \ 1793 fstatfs \ 1794 fstatvfs \ 1795 futimes \ 1796 getaddrinfo \ 1797 getcwd \ 1798 getgrouplist \ 1799 getline \ 1800 getnameinfo \ 1801 getopt \ 1802 getpagesize \ 1803 getpeereid \ 1804 getpeerucred \ 1805 getpgid \ 1806 _getpty \ 1807 getrlimit \ 1808 getrandom \ 1809 getsid \ 1810 getttyent \ 1811 glob \ 1812 group_from_gid \ 1813 inet_aton \ 1814 inet_ntoa \ 1815 inet_ntop \ 1816 innetgr \ 1817 llabs \ 1818 localtime_r \ 1819 login_getcapbool \ 1820 md5_crypt \ 1821 memmem \ 1822 memmove \ 1823 memset_s \ 1824 mkdtemp \ 1825 ngetaddrinfo \ 1826 nsleep \ 1827 ogetaddrinfo \ 1828 openlog_r \ 1829 pledge \ 1830 poll \ 1831 prctl \ 1832 pstat \ 1833 raise \ 1834 readpassphrase \ 1835 reallocarray \ 1836 realpath \ 1837 recvmsg \ 1838 recallocarray \ 1839 rresvport_af \ 1840 sendmsg \ 1841 setdtablesize \ 1842 setegid \ 1843 setenv \ 1844 seteuid \ 1845 setgroupent \ 1846 setgroups \ 1847 setlinebuf \ 1848 setlogin \ 1849 setpassent\ 1850 setpcred \ 1851 setproctitle \ 1852 setregid \ 1853 setreuid \ 1854 setrlimit \ 1855 setsid \ 1856 setvbuf \ 1857 sigaction \ 1858 sigvec \ 1859 snprintf \ 1860 socketpair \ 1861 statfs \ 1862 statvfs \ 1863 strcasestr \ 1864 strdup \ 1865 strerror \ 1866 strlcat \ 1867 strlcpy \ 1868 strmode \ 1869 strndup \ 1870 strnlen \ 1871 strnvis \ 1872 strptime \ 1873 strsignal \ 1874 strtonum \ 1875 strtoll \ 1876 strtoul \ 1877 strtoull \ 1878 swap32 \ 1879 sysconf \ 1880 tcgetpgrp \ 1881 timingsafe_bcmp \ 1882 truncate \ 1883 unsetenv \ 1884 updwtmpx \ 1885 utimensat \ 1886 user_from_uid \ 1887 usleep \ 1888 vasprintf \ 1889 vsnprintf \ 1890 waitpid \ 1891 warn \ 1892]) 1893 1894AC_CHECK_DECLS([bzero, memmem]) 1895 1896dnl Wide character support. 1897AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1898 1899TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 1900AC_MSG_CHECKING([for utf8 locale support]) 1901AC_RUN_IFELSE( 1902 [AC_LANG_PROGRAM([[ 1903#include <locale.h> 1904#include <stdlib.h> 1905 ]], [[ 1906 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 1907 if (loc != NULL) 1908 exit(0); 1909 exit(1); 1910 ]])], 1911 AC_MSG_RESULT(yes), 1912 [AC_MSG_RESULT(no) 1913 TEST_SSH_UTF8=no], 1914 AC_MSG_WARN([cross compiling: assuming yes]) 1915) 1916 1917AC_LINK_IFELSE( 1918 [AC_LANG_PROGRAM( 1919 [[ #include <ctype.h> ]], 1920 [[ return (isblank('a')); ]])], 1921 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1922]) 1923 1924disable_pkcs11= 1925AC_ARG_ENABLE([pkcs11], 1926 [ --disable-pkcs11 disable PKCS#11 support code [no]], 1927 [ 1928 if test "x$enableval" = "xno" ; then 1929 disable_pkcs11=1 1930 fi 1931 ] 1932) 1933 1934disable_sk= 1935AC_ARG_ENABLE([security-key], 1936 [ --disable-security-key disable U2F/FIDO support code [no]], 1937 [ 1938 if test "x$enableval" = "xno" ; then 1939 disable_sk=1 1940 fi 1941 ] 1942) 1943enable_sk_internal= 1944AC_ARG_WITH([security-key-builtin], 1945 [ --with-security-key-builtin include builtin U2F/FIDO support], 1946 [ 1947 if test "x$withval" != "xno" ; then 1948 enable_sk_internal=yes 1949 fi 1950 ] 1951) 1952test "x$disable_sk" != "x" && enable_sk_internal="" 1953 1954AC_SEARCH_LIBS([dlopen], [dl]) 1955AC_CHECK_FUNCS([dlopen]) 1956AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 1957 1958# IRIX has a const char return value for gai_strerror() 1959AC_CHECK_FUNCS([gai_strerror], [ 1960 AC_DEFINE([HAVE_GAI_STRERROR]) 1961 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1962#include <sys/types.h> 1963#include <sys/socket.h> 1964#include <netdb.h> 1965 1966const char *gai_strerror(int); 1967 ]], [[ 1968 char *str; 1969 str = gai_strerror(0); 1970 ]])], [ 1971 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1972 [Define if gai_strerror() returns const char *])], [])]) 1973 1974AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1975 [Some systems put nanosleep outside of libc])]) 1976 1977AC_SEARCH_LIBS([clock_gettime], [rt], 1978 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1979 1980dnl check if we need -D_REENTRANT for localtime_r declaration. 1981AC_CHECK_DECL([localtime_r], [], 1982 [ saved_CPPFLAGS="$CFLAGS" 1983 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 1984 unset ac_cv_have_decl_localtime_r 1985 AC_CHECK_DECL([localtime_r], [], 1986 [ CPPFLAGS="$saved_CPPFLAGS" ], 1987 [ #include <time.h> ] 1988 ) 1989 ], 1990 [ #include <time.h> ] 1991) 1992 1993dnl Make sure prototypes are defined for these before using them. 1994AC_CHECK_DECL([strsep], 1995 [AC_CHECK_FUNCS([strsep])], 1996 [], 1997 [ 1998#ifdef HAVE_STRING_H 1999# include <string.h> 2000#endif 2001 ]) 2002 2003dnl tcsendbreak might be a macro 2004AC_CHECK_DECL([tcsendbreak], 2005 [AC_DEFINE([HAVE_TCSENDBREAK])], 2006 [AC_CHECK_FUNCS([tcsendbreak])], 2007 [#include <termios.h>] 2008) 2009 2010AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2011 2012AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2013 [ 2014#include <sys/types.h> 2015#include <sys/socket.h> 2016#include <unistd.h> 2017 ]) 2018 2019AC_CHECK_DECLS([O_NONBLOCK], , , 2020 [ 2021#include <sys/types.h> 2022#ifdef HAVE_SYS_STAT_H 2023# include <sys/stat.h> 2024#endif 2025#ifdef HAVE_FCNTL_H 2026# include <fcntl.h> 2027#endif 2028 ]) 2029 2030AC_CHECK_DECLS([readv, writev], , , [ 2031#include <sys/types.h> 2032#include <sys/uio.h> 2033#include <unistd.h> 2034 ]) 2035 2036AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2037#include <sys/param.h> 2038 ]) 2039 2040AC_CHECK_DECLS([offsetof], , , [ 2041#include <stddef.h> 2042 ]) 2043 2044# extra bits for select(2) 2045AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2046#include <sys/param.h> 2047#include <sys/types.h> 2048#ifdef HAVE_SYS_SYSMACROS_H 2049#include <sys/sysmacros.h> 2050#endif 2051#ifdef HAVE_SYS_SELECT_H 2052#include <sys/select.h> 2053#endif 2054#ifdef HAVE_SYS_TIME_H 2055#include <sys/time.h> 2056#endif 2057#ifdef HAVE_UNISTD_H 2058#include <unistd.h> 2059#endif 2060 ]]) 2061AC_CHECK_TYPES([fd_mask], [], [], [[ 2062#include <sys/param.h> 2063#include <sys/types.h> 2064#ifdef HAVE_SYS_SELECT_H 2065#include <sys/select.h> 2066#endif 2067#ifdef HAVE_SYS_TIME_H 2068#include <sys/time.h> 2069#endif 2070#ifdef HAVE_UNISTD_H 2071#include <unistd.h> 2072#endif 2073 ]]) 2074 2075AC_CHECK_FUNCS([setresuid], [ 2076 dnl Some platorms have setresuid that isn't implemented, test for this 2077 AC_MSG_CHECKING([if setresuid seems to work]) 2078 AC_RUN_IFELSE( 2079 [AC_LANG_PROGRAM([[ 2080#include <stdlib.h> 2081#include <errno.h> 2082 ]], [[ 2083 errno=0; 2084 setresuid(0,0,0); 2085 if (errno==ENOSYS) 2086 exit(1); 2087 else 2088 exit(0); 2089 ]])], 2090 [AC_MSG_RESULT([yes])], 2091 [AC_DEFINE([BROKEN_SETRESUID], [1], 2092 [Define if your setresuid() is broken]) 2093 AC_MSG_RESULT([not implemented])], 2094 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2095 ) 2096]) 2097 2098AC_CHECK_FUNCS([setresgid], [ 2099 dnl Some platorms have setresgid that isn't implemented, test for this 2100 AC_MSG_CHECKING([if setresgid seems to work]) 2101 AC_RUN_IFELSE( 2102 [AC_LANG_PROGRAM([[ 2103#include <stdlib.h> 2104#include <errno.h> 2105 ]], [[ 2106 errno=0; 2107 setresgid(0,0,0); 2108 if (errno==ENOSYS) 2109 exit(1); 2110 else 2111 exit(0); 2112 ]])], 2113 [AC_MSG_RESULT([yes])], 2114 [AC_DEFINE([BROKEN_SETRESGID], [1], 2115 [Define if your setresgid() is broken]) 2116 AC_MSG_RESULT([not implemented])], 2117 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2118 ) 2119]) 2120 2121AC_MSG_CHECKING([for working fflush(NULL)]) 2122AC_RUN_IFELSE( 2123 [AC_LANG_PROGRAM([[#include <stdio.h>]], [[fflush(NULL); exit(0);]])], 2124 AC_MSG_RESULT([yes]), 2125 [AC_MSG_RESULT([no]) 2126 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2127 [define if fflush(NULL) does not work])], 2128 AC_MSG_WARN([cross compiling: assuming working]) 2129) 2130 2131dnl Checks for time functions 2132AC_CHECK_FUNCS([gettimeofday time]) 2133dnl Checks for utmp functions 2134AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2135AC_CHECK_FUNCS([utmpname]) 2136dnl Checks for utmpx functions 2137AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2138AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2139dnl Checks for lastlog functions 2140AC_CHECK_FUNCS([getlastlogxbyname]) 2141 2142AC_CHECK_FUNC([daemon], 2143 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2144 [AC_CHECK_LIB([bsd], [daemon], 2145 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2146) 2147 2148AC_CHECK_FUNC([getpagesize], 2149 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2150 [Define if your libraries define getpagesize()])], 2151 [AC_CHECK_LIB([ucb], [getpagesize], 2152 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2153) 2154 2155# Check for broken snprintf 2156if test "x$ac_cv_func_snprintf" = "xyes" ; then 2157 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2158 AC_RUN_IFELSE( 2159 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 2160 [[ 2161 char b[5]; 2162 snprintf(b,5,"123456789"); 2163 exit(b[4]!='\0'); 2164 ]])], 2165 [AC_MSG_RESULT([yes])], 2166 [ 2167 AC_MSG_RESULT([no]) 2168 AC_DEFINE([BROKEN_SNPRINTF], [1], 2169 [Define if your snprintf is busted]) 2170 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2171 ], 2172 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2173 ) 2174fi 2175 2176if test "x$ac_cv_func_snprintf" = "xyes" ; then 2177 AC_MSG_CHECKING([whether snprintf understands %zu]) 2178 AC_RUN_IFELSE( 2179 [AC_LANG_PROGRAM([[ 2180#include <sys/types.h> 2181#include <stdio.h> 2182 ]], 2183 [[ 2184 size_t a = 1, b = 2; 2185 char z[128]; 2186 snprintf(z, sizeof z, "%zu%zu", a, b); 2187 exit(strcmp(z, "12")); 2188 ]])], 2189 [AC_MSG_RESULT([yes])], 2190 [ 2191 AC_MSG_RESULT([no]) 2192 AC_DEFINE([BROKEN_SNPRINTF], [1], 2193 [snprintf does not understand %zu]) 2194 ], 2195 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2196 ) 2197fi 2198 2199# We depend on vsnprintf returning the right thing on overflow: the 2200# number of characters it tried to create (as per SUSv3) 2201if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2202 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2203 AC_RUN_IFELSE( 2204 [AC_LANG_PROGRAM([[ 2205#include <sys/types.h> 2206#include <stdio.h> 2207#include <stdarg.h> 2208 2209int x_snprintf(char *str, size_t count, const char *fmt, ...) 2210{ 2211 size_t ret; 2212 va_list ap; 2213 2214 va_start(ap, fmt); 2215 ret = vsnprintf(str, count, fmt, ap); 2216 va_end(ap); 2217 return ret; 2218} 2219 ]], [[ 2220char x[1]; 2221if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2222 return 1; 2223if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2224 return 1; 2225return 0; 2226 ]])], 2227 [AC_MSG_RESULT([yes])], 2228 [ 2229 AC_MSG_RESULT([no]) 2230 AC_DEFINE([BROKEN_SNPRINTF], [1], 2231 [Define if your snprintf is busted]) 2232 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2233 ], 2234 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2235 ) 2236fi 2237 2238# On systems where [v]snprintf is broken, but is declared in stdio, 2239# check that the fmt argument is const char * or just char *. 2240# This is only useful for when BROKEN_SNPRINTF 2241AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2242AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2243#include <stdio.h> 2244int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2245 ]], [[ 2246 snprintf(0, 0, 0); 2247 ]])], 2248 [AC_MSG_RESULT([yes]) 2249 AC_DEFINE([SNPRINTF_CONST], [const], 2250 [Define as const if snprintf() can declare const char *fmt])], 2251 [AC_MSG_RESULT([no]) 2252 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2253 2254# Check for missing getpeereid (or equiv) support 2255NO_PEERCHECK="" 2256if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2257 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2258 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2259#include <sys/types.h> 2260#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2261 [ AC_MSG_RESULT([yes]) 2262 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2263 ], [AC_MSG_RESULT([no]) 2264 NO_PEERCHECK=1 2265 ]) 2266fi 2267 2268dnl see whether mkstemp() requires XXXXXX 2269if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 2270AC_MSG_CHECKING([for (overly) strict mkstemp]) 2271AC_RUN_IFELSE( 2272 [AC_LANG_PROGRAM([[ 2273#include <stdlib.h> 2274 ]], [[ 2275 char template[]="conftest.mkstemp-test"; 2276 if (mkstemp(template) == -1) 2277 exit(1); 2278 unlink(template); 2279 exit(0); 2280 ]])], 2281 [ 2282 AC_MSG_RESULT([no]) 2283 ], 2284 [ 2285 AC_MSG_RESULT([yes]) 2286 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) 2287 ], 2288 [ 2289 AC_MSG_RESULT([yes]) 2290 AC_DEFINE([HAVE_STRICT_MKSTEMP]) 2291 ] 2292) 2293fi 2294 2295dnl make sure that openpty does not reacquire controlling terminal 2296if test ! -z "$check_for_openpty_ctty_bug"; then 2297 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2298 AC_RUN_IFELSE( 2299 [AC_LANG_PROGRAM([[ 2300#include <stdio.h> 2301#include <sys/fcntl.h> 2302#include <sys/types.h> 2303#include <sys/wait.h> 2304 ]], [[ 2305 pid_t pid; 2306 int fd, ptyfd, ttyfd, status; 2307 2308 pid = fork(); 2309 if (pid < 0) { /* failed */ 2310 exit(1); 2311 } else if (pid > 0) { /* parent */ 2312 waitpid(pid, &status, 0); 2313 if (WIFEXITED(status)) 2314 exit(WEXITSTATUS(status)); 2315 else 2316 exit(2); 2317 } else { /* child */ 2318 close(0); close(1); close(2); 2319 setsid(); 2320 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2321 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2322 if (fd >= 0) 2323 exit(3); /* Acquired ctty: broken */ 2324 else 2325 exit(0); /* Did not acquire ctty: OK */ 2326 } 2327 ]])], 2328 [ 2329 AC_MSG_RESULT([yes]) 2330 ], 2331 [ 2332 AC_MSG_RESULT([no]) 2333 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2334 ], 2335 [ 2336 AC_MSG_RESULT([cross-compiling, assuming yes]) 2337 ] 2338 ) 2339fi 2340 2341if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2342 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2343 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2344 AC_RUN_IFELSE( 2345 [AC_LANG_PROGRAM([[ 2346#include <stdio.h> 2347#include <sys/socket.h> 2348#include <netdb.h> 2349#include <errno.h> 2350#include <netinet/in.h> 2351 2352#define TEST_PORT "2222" 2353 ]], [[ 2354 int err, sock; 2355 struct addrinfo *gai_ai, *ai, hints; 2356 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2357 2358 memset(&hints, 0, sizeof(hints)); 2359 hints.ai_family = PF_UNSPEC; 2360 hints.ai_socktype = SOCK_STREAM; 2361 hints.ai_flags = AI_PASSIVE; 2362 2363 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2364 if (err != 0) { 2365 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2366 exit(1); 2367 } 2368 2369 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2370 if (ai->ai_family != AF_INET6) 2371 continue; 2372 2373 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2374 sizeof(ntop), strport, sizeof(strport), 2375 NI_NUMERICHOST|NI_NUMERICSERV); 2376 2377 if (err != 0) { 2378 if (err == EAI_SYSTEM) 2379 perror("getnameinfo EAI_SYSTEM"); 2380 else 2381 fprintf(stderr, "getnameinfo failed: %s\n", 2382 gai_strerror(err)); 2383 exit(2); 2384 } 2385 2386 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2387 if (sock < 0) 2388 perror("socket"); 2389 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2390 if (errno == EBADF) 2391 exit(3); 2392 } 2393 } 2394 exit(0); 2395 ]])], 2396 [ 2397 AC_MSG_RESULT([yes]) 2398 ], 2399 [ 2400 AC_MSG_RESULT([no]) 2401 AC_DEFINE([BROKEN_GETADDRINFO]) 2402 ], 2403 [ 2404 AC_MSG_RESULT([cross-compiling, assuming yes]) 2405 ] 2406 ) 2407fi 2408 2409if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2410 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2411 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2412 AC_RUN_IFELSE( 2413 [AC_LANG_PROGRAM([[ 2414#include <stdio.h> 2415#include <sys/socket.h> 2416#include <netdb.h> 2417#include <errno.h> 2418#include <netinet/in.h> 2419 2420#define TEST_PORT "2222" 2421 ]], [[ 2422 int err, sock; 2423 struct addrinfo *gai_ai, *ai, hints; 2424 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2425 2426 memset(&hints, 0, sizeof(hints)); 2427 hints.ai_family = PF_UNSPEC; 2428 hints.ai_socktype = SOCK_STREAM; 2429 hints.ai_flags = AI_PASSIVE; 2430 2431 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2432 if (err != 0) { 2433 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2434 exit(1); 2435 } 2436 2437 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2438 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2439 continue; 2440 2441 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2442 sizeof(ntop), strport, sizeof(strport), 2443 NI_NUMERICHOST|NI_NUMERICSERV); 2444 2445 if (ai->ai_family == AF_INET && err != 0) { 2446 perror("getnameinfo"); 2447 exit(2); 2448 } 2449 } 2450 exit(0); 2451 ]])], 2452 [ 2453 AC_MSG_RESULT([yes]) 2454 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2455 [Define if you have a getaddrinfo that fails 2456 for the all-zeros IPv6 address]) 2457 ], 2458 [ 2459 AC_MSG_RESULT([no]) 2460 AC_DEFINE([BROKEN_GETADDRINFO]) 2461 ], 2462 [ 2463 AC_MSG_RESULT([cross-compiling, assuming no]) 2464 ] 2465 ) 2466fi 2467 2468if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2469 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2470 [#include <sys/types.h> 2471 #include <sys/socket.h> 2472 #include <netdb.h>]) 2473fi 2474 2475if test "x$check_for_conflicting_getspnam" = "x1"; then 2476 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2477 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]], 2478 [[ exit(0); ]])], 2479 [ 2480 AC_MSG_RESULT([no]) 2481 ], 2482 [ 2483 AC_MSG_RESULT([yes]) 2484 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2485 [Conflicting defs for getspnam]) 2486 ] 2487 ) 2488fi 2489 2490dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2491dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2492dnl for over ten years). Despite this incompatibility being reported during 2493dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2494dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2495dnl implementation. Try to detect this mess, and assume the only safe option 2496dnl if we're cross compiling. 2497dnl 2498dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2499dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2500if test "x$ac_cv_func_strnvis" = "xyes"; then 2501 AC_MSG_CHECKING([for working strnvis]) 2502 AC_RUN_IFELSE( 2503 [AC_LANG_PROGRAM([[ 2504#include <signal.h> 2505#include <stdlib.h> 2506#include <string.h> 2507#include <vis.h> 2508static void sighandler(int sig) { _exit(1); } 2509 ]], [[ 2510 char dst[16]; 2511 2512 signal(SIGSEGV, sighandler); 2513 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2514 exit(0); 2515 exit(1) 2516 ]])], 2517 [AC_MSG_RESULT([yes])], 2518 [AC_MSG_RESULT([no]) 2519 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2520 [AC_MSG_WARN([cross compiling: assuming broken]) 2521 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2522 ) 2523fi 2524 2525AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2526AC_RUN_IFELSE( 2527 [AC_LANG_PROGRAM([[ 2528#ifdef HAVE_SYS_SELECT 2529# include <sys/select.h> 2530#endif 2531#include <sys/types.h> 2532#include <sys/time.h> 2533#include <stdlib.h> 2534#include <signal.h> 2535static void sighandler(int sig) { } 2536 ]], [[ 2537 int r; 2538 pid_t pid; 2539 struct sigaction sa; 2540 2541 sa.sa_handler = sighandler; 2542 sa.sa_flags = SA_RESTART; 2543 (void)sigaction(SIGTERM, &sa, NULL); 2544 if ((pid = fork()) == 0) { /* child */ 2545 pid = getppid(); 2546 sleep(1); 2547 kill(pid, SIGTERM); 2548 sleep(1); 2549 if (getppid() == pid) /* if parent did not exit, shoot it */ 2550 kill(pid, SIGKILL); 2551 exit(0); 2552 } else { /* parent */ 2553 r = select(0, NULL, NULL, NULL, NULL); 2554 } 2555 exit(r == -1 ? 0 : 1); 2556 ]])], 2557 [AC_MSG_RESULT([yes])], 2558 [AC_MSG_RESULT([no]) 2559 AC_DEFINE([NO_SA_RESTART], [1], 2560 [SA_RESTARTed signals do no interrupt select])], 2561 [AC_MSG_WARN([cross compiling: assuming yes])] 2562) 2563 2564AC_CHECK_FUNCS([getpgrp],[ 2565 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2566 AC_COMPILE_IFELSE( 2567 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2568 [ AC_MSG_RESULT([yes]) 2569 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2570 [ AC_MSG_RESULT([no]) 2571 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2572 ) 2573]) 2574 2575# Search for OpenSSL 2576saved_CPPFLAGS="$CPPFLAGS" 2577saved_LDFLAGS="$LDFLAGS" 2578AC_ARG_WITH([ssl-dir], 2579 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2580 [ 2581 if test "x$openssl" = "xno" ; then 2582 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2583 fi 2584 if test "x$withval" != "xno" ; then 2585 case "$withval" in 2586 # Relative paths 2587 ./*|../*) withval="`pwd`/$withval" 2588 esac 2589 if test -d "$withval/lib"; then 2590 if test -n "${rpath_opt}"; then 2591 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 2592 else 2593 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2594 fi 2595 elif test -d "$withval/lib64"; then 2596 if test -n "${rpath_opt}"; then 2597 LDFLAGS="-L${withval}/lib64 ${rpath_opt}${withval}/lib64 ${LDFLAGS}" 2598 else 2599 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2600 fi 2601 else 2602 if test -n "${rpath_opt}"; then 2603 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 2604 else 2605 LDFLAGS="-L${withval} ${LDFLAGS}" 2606 fi 2607 fi 2608 if test -d "$withval/include"; then 2609 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2610 else 2611 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2612 fi 2613 fi 2614 ] 2615) 2616 2617AC_ARG_WITH([openssl-header-check], 2618 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2619 [ 2620 if test "x$withval" = "xno" ; then 2621 openssl_check_nonfatal=1 2622 fi 2623 ] 2624) 2625 2626openssl_engine=no 2627AC_ARG_WITH([ssl-engine], 2628 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2629 [ 2630 if test "x$withval" != "xno" ; then 2631 if test "x$openssl" = "xno" ; then 2632 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2633 fi 2634 openssl_engine=yes 2635 fi 2636 ] 2637) 2638 2639if test "x$openssl" = "xyes" ; then 2640 LIBS="-lcrypto $LIBS" 2641 AC_TRY_LINK_FUNC([RAND_add], , 2642 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2643 AC_CHECK_HEADER([openssl/opensslv.h], , 2644 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2645 2646 # Determine OpenSSL header version 2647 AC_MSG_CHECKING([OpenSSL header version]) 2648 AC_RUN_IFELSE( 2649 [AC_LANG_PROGRAM([[ 2650 #include <stdlib.h> 2651 #include <stdio.h> 2652 #include <string.h> 2653 #include <openssl/opensslv.h> 2654 #define DATA "conftest.sslincver" 2655 ]], [[ 2656 FILE *fd; 2657 int rc; 2658 2659 fd = fopen(DATA,"w"); 2660 if(fd == NULL) 2661 exit(1); 2662 2663 if ((rc = fprintf(fd, "%08lx (%s)\n", 2664 (unsigned long)OPENSSL_VERSION_NUMBER, 2665 OPENSSL_VERSION_TEXT)) < 0) 2666 exit(1); 2667 2668 exit(0); 2669 ]])], 2670 [ 2671 ssl_header_ver=`cat conftest.sslincver` 2672 AC_MSG_RESULT([$ssl_header_ver]) 2673 ], 2674 [ 2675 AC_MSG_RESULT([not found]) 2676 AC_MSG_ERROR([OpenSSL version header not found.]) 2677 ], 2678 [ 2679 AC_MSG_WARN([cross compiling: not checking]) 2680 ] 2681 ) 2682 2683 # Determining OpenSSL library version is version dependent. 2684 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2685 2686 # Determine OpenSSL library version 2687 AC_MSG_CHECKING([OpenSSL library version]) 2688 AC_RUN_IFELSE( 2689 [AC_LANG_PROGRAM([[ 2690 #include <stdio.h> 2691 #include <string.h> 2692 #include <openssl/opensslv.h> 2693 #include <openssl/crypto.h> 2694 #define DATA "conftest.ssllibver" 2695 ]], [[ 2696 FILE *fd; 2697 int rc; 2698 2699 fd = fopen(DATA,"w"); 2700 if(fd == NULL) 2701 exit(1); 2702#ifndef OPENSSL_VERSION 2703# define OPENSSL_VERSION SSLEAY_VERSION 2704#endif 2705#ifndef HAVE_OPENSSL_VERSION 2706# define OpenSSL_version SSLeay_version 2707#endif 2708#ifndef HAVE_OPENSSL_VERSION_NUM 2709# define OpenSSL_version_num SSLeay 2710#endif 2711 if ((rc = fprintf(fd, "%08lx (%s)\n", 2712 (unsigned long)OpenSSL_version_num(), 2713 OpenSSL_version(OPENSSL_VERSION))) < 0) 2714 exit(1); 2715 2716 exit(0); 2717 ]])], 2718 [ 2719 ssl_library_ver=`cat conftest.ssllibver` 2720 # Check version is supported. 2721 case "$ssl_library_ver" in 2722 10000*|0*) 2723 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2724 ;; 2725 100*) ;; # 1.0.x 2726 101000[[0123456]]*) 2727 # https://github.com/openssl/openssl/pull/4613 2728 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) 2729 ;; 2730 101*) ;; # 1.1.x 2731 200*) ;; # LibreSSL 2732 300*) ;; # OpenSSL development branch. 2733 *) 2734 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) 2735 ;; 2736 esac 2737 AC_MSG_RESULT([$ssl_library_ver]) 2738 ], 2739 [ 2740 AC_MSG_RESULT([not found]) 2741 AC_MSG_ERROR([OpenSSL library not found.]) 2742 ], 2743 [ 2744 AC_MSG_WARN([cross compiling: not checking]) 2745 ] 2746 ) 2747 2748 # Sanity check OpenSSL headers 2749 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2750 AC_RUN_IFELSE( 2751 [AC_LANG_PROGRAM([[ 2752 #include <string.h> 2753 #include <openssl/opensslv.h> 2754 #include <openssl/crypto.h> 2755 ]], [[ 2756#ifndef HAVE_OPENSSL_VERSION_NUM 2757# define OpenSSL_version_num SSLeay 2758#endif 2759 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2760 ]])], 2761 [ 2762 AC_MSG_RESULT([yes]) 2763 ], 2764 [ 2765 AC_MSG_RESULT([no]) 2766 if test "x$openssl_check_nonfatal" = "x"; then 2767 AC_MSG_ERROR([Your OpenSSL headers do not match your 2768 library. Check config.log for details. 2769 If you are sure your installation is consistent, you can disable the check 2770 by running "./configure --without-openssl-header-check". 2771 Also see contrib/findssl.sh for help identifying header/library mismatches. 2772 ]) 2773 else 2774 AC_MSG_WARN([Your OpenSSL headers do not match your 2775 library. Check config.log for details. 2776 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2777 fi 2778 ], 2779 [ 2780 AC_MSG_WARN([cross compiling: not checking]) 2781 ] 2782 ) 2783 2784 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2785 AC_LINK_IFELSE( 2786 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2787 [[ ERR_load_crypto_strings(); ]])], 2788 [ 2789 AC_MSG_RESULT([yes]) 2790 ], 2791 [ 2792 AC_MSG_RESULT([no]) 2793 saved_LIBS="$LIBS" 2794 LIBS="$LIBS -ldl" 2795 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2796 AC_LINK_IFELSE( 2797 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2798 [[ ERR_load_crypto_strings(); ]])], 2799 [ 2800 AC_MSG_RESULT([yes]) 2801 ], 2802 [ 2803 AC_MSG_RESULT([no]) 2804 LIBS="$saved_LIBS" 2805 ] 2806 ) 2807 ] 2808 ) 2809 2810 AC_CHECK_FUNCS([ \ 2811 BN_is_prime_ex \ 2812 DSA_generate_parameters_ex \ 2813 EVP_CIPHER_CTX_ctrl \ 2814 EVP_DigestFinal_ex \ 2815 EVP_DigestInit_ex \ 2816 EVP_MD_CTX_cleanup \ 2817 EVP_MD_CTX_copy_ex \ 2818 EVP_MD_CTX_init \ 2819 HMAC_CTX_init \ 2820 RSA_generate_key_ex \ 2821 RSA_get_default_method \ 2822 ]) 2823 2824 # OpenSSL_add_all_algorithms may be a macro. 2825 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 2826 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 2827 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 2828 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 2829 [[#include <openssl/evp.h>]] 2830 ) 2831 ) 2832 2833 # LibreSSL/OpenSSL 1.1x API 2834 AC_CHECK_FUNCS([ \ 2835 OPENSSL_init_crypto \ 2836 DH_get0_key \ 2837 DH_get0_pqg \ 2838 DH_set0_key \ 2839 DH_set_length \ 2840 DH_set0_pqg \ 2841 DSA_get0_key \ 2842 DSA_get0_pqg \ 2843 DSA_set0_key \ 2844 DSA_set0_pqg \ 2845 DSA_SIG_get0 \ 2846 DSA_SIG_set0 \ 2847 ECDSA_SIG_get0 \ 2848 ECDSA_SIG_set0 \ 2849 EVP_CIPHER_CTX_iv \ 2850 EVP_CIPHER_CTX_iv_noconst \ 2851 EVP_CIPHER_CTX_get_iv \ 2852 EVP_CIPHER_CTX_set_iv \ 2853 RSA_get0_crt_params \ 2854 RSA_get0_factors \ 2855 RSA_get0_key \ 2856 RSA_set0_crt_params \ 2857 RSA_set0_factors \ 2858 RSA_set0_key \ 2859 RSA_meth_free \ 2860 RSA_meth_dup \ 2861 RSA_meth_set1_name \ 2862 RSA_meth_get_finish \ 2863 RSA_meth_set_priv_enc \ 2864 RSA_meth_set_priv_dec \ 2865 RSA_meth_set_finish \ 2866 EVP_PKEY_get0_RSA \ 2867 EVP_MD_CTX_new \ 2868 EVP_MD_CTX_free \ 2869 EVP_chacha20 \ 2870 ]) 2871 2872 if test "x$openssl_engine" = "xyes" ; then 2873 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2874 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2875 #include <openssl/engine.h> 2876 ]], [[ 2877 ENGINE_load_builtin_engines(); 2878 ENGINE_register_all_complete(); 2879 ]])], 2880 [ AC_MSG_RESULT([yes]) 2881 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2882 [Enable OpenSSL engine support]) 2883 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2884 ]) 2885 fi 2886 2887 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2888 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2889 AC_LINK_IFELSE( 2890 [AC_LANG_PROGRAM([[ 2891 #include <string.h> 2892 #include <openssl/evp.h> 2893 ]], [[ 2894 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2895 ]])], 2896 [ 2897 AC_MSG_RESULT([no]) 2898 ], 2899 [ 2900 AC_MSG_RESULT([yes]) 2901 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2902 [libcrypto is missing AES 192 and 256 bit functions]) 2903 ] 2904 ) 2905 2906 # Check for OpenSSL with EVP_aes_*ctr 2907 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2908 AC_LINK_IFELSE( 2909 [AC_LANG_PROGRAM([[ 2910 #include <string.h> 2911 #include <openssl/evp.h> 2912 ]], [[ 2913 exit(EVP_aes_128_ctr() == NULL || 2914 EVP_aes_192_cbc() == NULL || 2915 EVP_aes_256_cbc() == NULL); 2916 ]])], 2917 [ 2918 AC_MSG_RESULT([yes]) 2919 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2920 [libcrypto has EVP AES CTR]) 2921 ], 2922 [ 2923 AC_MSG_RESULT([no]) 2924 ] 2925 ) 2926 2927 # Check for OpenSSL with EVP_aes_*gcm 2928 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2929 AC_LINK_IFELSE( 2930 [AC_LANG_PROGRAM([[ 2931 #include <string.h> 2932 #include <openssl/evp.h> 2933 ]], [[ 2934 exit(EVP_aes_128_gcm() == NULL || 2935 EVP_aes_256_gcm() == NULL || 2936 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2937 EVP_CTRL_GCM_IV_GEN == 0 || 2938 EVP_CTRL_GCM_SET_TAG == 0 || 2939 EVP_CTRL_GCM_GET_TAG == 0 || 2940 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2941 ]])], 2942 [ 2943 AC_MSG_RESULT([yes]) 2944 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2945 [libcrypto has EVP AES GCM]) 2946 ], 2947 [ 2948 AC_MSG_RESULT([no]) 2949 unsupported_algorithms="$unsupported_cipers \ 2950 aes128-gcm@openssh.com \ 2951 aes256-gcm@openssh.com" 2952 ] 2953 ) 2954 2955 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2956 AC_LINK_IFELSE( 2957 [AC_LANG_PROGRAM([[ 2958 #include <string.h> 2959 #include <openssl/evp.h> 2960 ]], [[ 2961 if(EVP_DigestUpdate(NULL, NULL,0)) 2962 exit(0); 2963 ]])], 2964 [ 2965 AC_MSG_RESULT([yes]) 2966 ], 2967 [ 2968 AC_MSG_RESULT([no]) 2969 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2970 [Define if EVP_DigestUpdate returns void]) 2971 ] 2972 ) 2973 2974 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2975 # because the system crypt() is more featureful. 2976 if test "x$check_for_libcrypt_before" = "x1"; then 2977 AC_CHECK_LIB([crypt], [crypt]) 2978 fi 2979 2980 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2981 # version in OpenSSL. 2982 if test "x$check_for_libcrypt_later" = "x1"; then 2983 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2984 fi 2985 AC_CHECK_FUNCS([crypt DES_crypt]) 2986 2987 # Check for SHA256, SHA384 and SHA512 support in OpenSSL 2988 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) 2989 2990 # Check complete ECC support in OpenSSL 2991 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 2992 AC_LINK_IFELSE( 2993 [AC_LANG_PROGRAM([[ 2994 #include <openssl/ec.h> 2995 #include <openssl/ecdh.h> 2996 #include <openssl/ecdsa.h> 2997 #include <openssl/evp.h> 2998 #include <openssl/objects.h> 2999 #include <openssl/opensslv.h> 3000 ]], [[ 3001 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3002 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3003 ]])], 3004 [ AC_MSG_RESULT([yes]) 3005 enable_nistp256=1 ], 3006 [ AC_MSG_RESULT([no]) ] 3007 ) 3008 3009 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3010 AC_LINK_IFELSE( 3011 [AC_LANG_PROGRAM([[ 3012 #include <openssl/ec.h> 3013 #include <openssl/ecdh.h> 3014 #include <openssl/ecdsa.h> 3015 #include <openssl/evp.h> 3016 #include <openssl/objects.h> 3017 #include <openssl/opensslv.h> 3018 ]], [[ 3019 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3020 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3021 ]])], 3022 [ AC_MSG_RESULT([yes]) 3023 enable_nistp384=1 ], 3024 [ AC_MSG_RESULT([no]) ] 3025 ) 3026 3027 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3028 AC_LINK_IFELSE( 3029 [AC_LANG_PROGRAM([[ 3030 #include <openssl/ec.h> 3031 #include <openssl/ecdh.h> 3032 #include <openssl/ecdsa.h> 3033 #include <openssl/evp.h> 3034 #include <openssl/objects.h> 3035 #include <openssl/opensslv.h> 3036 ]], [[ 3037 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3038 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3039 ]])], 3040 [ AC_MSG_RESULT([yes]) 3041 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3042 AC_RUN_IFELSE( 3043 [AC_LANG_PROGRAM([[ 3044 #include <openssl/ec.h> 3045 #include <openssl/ecdh.h> 3046 #include <openssl/ecdsa.h> 3047 #include <openssl/evp.h> 3048 #include <openssl/objects.h> 3049 #include <openssl/opensslv.h> 3050 ]],[[ 3051 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3052 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3053 exit(e == NULL || m == NULL); 3054 ]])], 3055 [ AC_MSG_RESULT([yes]) 3056 enable_nistp521=1 ], 3057 [ AC_MSG_RESULT([no]) ], 3058 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3059 enable_nistp521=1 ] 3060 )], 3061 AC_MSG_RESULT([no]) 3062 ) 3063 3064 COMMENT_OUT_ECC="#no ecc#" 3065 TEST_SSH_ECC=no 3066 3067 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3068 test x$enable_nistp521 = x1; then 3069 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3070 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3071 openssl_ecc=yes 3072 else 3073 openssl_ecc=no 3074 fi 3075 if test x$enable_nistp256 = x1; then 3076 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3077 [libcrypto has NID_X9_62_prime256v1]) 3078 TEST_SSH_ECC=yes 3079 COMMENT_OUT_ECC="" 3080 else 3081 unsupported_algorithms="$unsupported_algorithms \ 3082 ecdsa-sha2-nistp256 \ 3083 ecdh-sha2-nistp256 \ 3084 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3085 fi 3086 if test x$enable_nistp384 = x1; then 3087 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3088 TEST_SSH_ECC=yes 3089 COMMENT_OUT_ECC="" 3090 else 3091 unsupported_algorithms="$unsupported_algorithms \ 3092 ecdsa-sha2-nistp384 \ 3093 ecdh-sha2-nistp384 \ 3094 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3095 fi 3096 if test x$enable_nistp521 = x1; then 3097 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3098 TEST_SSH_ECC=yes 3099 COMMENT_OUT_ECC="" 3100 else 3101 unsupported_algorithms="$unsupported_algorithms \ 3102 ecdh-sha2-nistp521 \ 3103 ecdsa-sha2-nistp521 \ 3104 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3105 fi 3106 3107 AC_SUBST([TEST_SSH_ECC]) 3108 AC_SUBST([COMMENT_OUT_ECC]) 3109else 3110 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3111 AC_CHECK_FUNCS([crypt]) 3112fi 3113 3114# PKCS11/U2F depend on OpenSSL and dlopen(). 3115enable_pkcs11=yes 3116enable_sk=yes 3117if test "x$openssl" != "xyes" ; then 3118 enable_pkcs11="disabled; missing libcrypto" 3119 enable_sk="disabled; missing libcrypto" 3120fi 3121if test "x$openssl_ecc" != "xyes" ; then 3122 enable_sk="disabled; OpenSSL has no ECC support" 3123fi 3124if test "x$ac_cv_func_dlopen" != "xyes" ; then 3125 enable_pkcs11="disabled; missing dlopen(3)" 3126 enable_sk="disabled; missing dlopen(3)" 3127fi 3128if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3129 enable_pkcs11="disabled; missing RTLD_NOW" 3130 enable_sk="disabled; missing RTLD_NOW" 3131fi 3132if test ! -z "$disable_pkcs11" ; then 3133 enable_pkcs11="disabled by user" 3134fi 3135if test ! -z "$disable_sk" ; then 3136 enable_sk="disabled by user" 3137fi 3138 3139AC_MSG_CHECKING([whether to enable PKCS11]) 3140if test "x$enable_pkcs11" = "xyes" ; then 3141 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3142fi 3143AC_MSG_RESULT([$enable_pkcs11]) 3144 3145AC_MSG_CHECKING([whether to enable U2F]) 3146if test "x$enable_sk" = "xyes" ; then 3147 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3148 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3149else 3150 # Do not try to build sk-dummy library. 3151 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3152fi 3153AC_MSG_RESULT([$enable_sk]) 3154 3155# Now check for built-in security key support. 3156if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then 3157 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 3158 use_pkgconfig_for_libfido2= 3159 if test "x$PKGCONFIG" != "xno"; then 3160 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3161 if "$PKGCONFIG" libfido2; then 3162 AC_MSG_RESULT([yes]) 3163 use_pkgconfig_for_libfido2=yes 3164 else 3165 AC_MSG_RESULT([no]) 3166 fi 3167 fi 3168 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3169 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3170 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3171 else 3172 LIBFIDO2="-lfido2 -lcbor" 3173 fi 3174 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3175 AC_CHECK_LIB([fido2], [fido_init], 3176 [ 3177 AC_SUBST([LIBFIDO2]) 3178 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3179 [Enable for built-in U2F/FIDO support]) 3180 enable_sk="built-in" 3181 ], [ AC_MSG_ERROR([no usable libfido2 found]) ], 3182 [ $OTHERLIBS ] 3183 ) 3184 saved_LIBS="$LIBS" 3185 LIBS="$LIBS $LIBFIDO2" 3186 AC_CHECK_FUNCS([ \ 3187 fido_cred_prot \ 3188 fido_cred_set_prot \ 3189 fido_dev_get_touch_begin \ 3190 fido_dev_get_touch_status \ 3191 fido_dev_supports_cred_prot \ 3192 ]) 3193 LIBS="$saved_LIBS" 3194 AC_CHECK_HEADER([fido.h], [], 3195 AC_MSG_ERROR([missing fido.h from libfido2])) 3196 AC_CHECK_HEADER([fido/credman.h], [], 3197 AC_MSG_ERROR([missing fido/credman.h from libfido2]), 3198 [#include <fido.h>] 3199 ) 3200fi 3201 3202AC_CHECK_FUNCS([ \ 3203 arc4random \ 3204 arc4random_buf \ 3205 arc4random_stir \ 3206 arc4random_uniform \ 3207]) 3208 3209saved_LIBS="$LIBS" 3210AC_CHECK_LIB([iaf], [ia_openinfo], [ 3211 LIBS="$LIBS -liaf" 3212 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3213 AC_DEFINE([HAVE_LIBIAF], [1], 3214 [Define if system has libiaf that supports set_id]) 3215 ]) 3216]) 3217LIBS="$saved_LIBS" 3218 3219### Configure cryptographic random number support 3220 3221# Check whether OpenSSL seeds itself 3222if test "x$openssl" = "xyes" ; then 3223 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3224 AC_RUN_IFELSE( 3225 [AC_LANG_PROGRAM([[ 3226 #include <string.h> 3227 #include <openssl/rand.h> 3228 ]], [[ 3229 exit(RAND_status() == 1 ? 0 : 1); 3230 ]])], 3231 [ 3232 OPENSSL_SEEDS_ITSELF=yes 3233 AC_MSG_RESULT([yes]) 3234 ], 3235 [ 3236 AC_MSG_RESULT([no]) 3237 ], 3238 [ 3239 AC_MSG_WARN([cross compiling: assuming yes]) 3240 # This is safe, since we will fatal() at runtime if 3241 # OpenSSL is not seeded correctly. 3242 OPENSSL_SEEDS_ITSELF=yes 3243 ] 3244 ) 3245fi 3246 3247# PRNGD TCP socket 3248AC_ARG_WITH([prngd-port], 3249 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3250 [ 3251 case "$withval" in 3252 no) 3253 withval="" 3254 ;; 3255 [[0-9]]*) 3256 ;; 3257 *) 3258 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3259 ;; 3260 esac 3261 if test ! -z "$withval" ; then 3262 PRNGD_PORT="$withval" 3263 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3264 [Port number of PRNGD/EGD random number socket]) 3265 fi 3266 ] 3267) 3268 3269# PRNGD Unix domain socket 3270AC_ARG_WITH([prngd-socket], 3271 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3272 [ 3273 case "$withval" in 3274 yes) 3275 withval="/var/run/egd-pool" 3276 ;; 3277 no) 3278 withval="" 3279 ;; 3280 /*) 3281 ;; 3282 *) 3283 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3284 ;; 3285 esac 3286 3287 if test ! -z "$withval" ; then 3288 if test ! -z "$PRNGD_PORT" ; then 3289 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3290 fi 3291 if test ! -r "$withval" ; then 3292 AC_MSG_WARN([Entropy socket is not readable]) 3293 fi 3294 PRNGD_SOCKET="$withval" 3295 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3296 [Location of PRNGD/EGD random number socket]) 3297 fi 3298 ], 3299 [ 3300 # Check for existing socket only if we don't have a random device already 3301 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3302 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3303 # Insert other locations here 3304 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3305 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3306 PRNGD_SOCKET="$sock" 3307 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3308 break; 3309 fi 3310 done 3311 if test ! -z "$PRNGD_SOCKET" ; then 3312 AC_MSG_RESULT([$PRNGD_SOCKET]) 3313 else 3314 AC_MSG_RESULT([not found]) 3315 fi 3316 fi 3317 ] 3318) 3319 3320# Which randomness source do we use? 3321if test ! -z "$PRNGD_PORT" ; then 3322 RAND_MSG="PRNGd port $PRNGD_PORT" 3323elif test ! -z "$PRNGD_SOCKET" ; then 3324 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3325elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3326 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3327 [Define if you want the OpenSSL internally seeded PRNG only]) 3328 RAND_MSG="OpenSSL internal ONLY" 3329elif test "x$openssl" = "xno" ; then 3330 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3331else 3332 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3333fi 3334 3335# Check for PAM libs 3336PAM_MSG="no" 3337AC_ARG_WITH([pam], 3338 [ --with-pam Enable PAM support ], 3339 [ 3340 if test "x$withval" != "xno" ; then 3341 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3342 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3343 AC_MSG_ERROR([PAM headers not found]) 3344 fi 3345 3346 saved_LIBS="$LIBS" 3347 AC_CHECK_LIB([dl], [dlopen], , ) 3348 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3349 AC_CHECK_FUNCS([pam_getenvlist]) 3350 AC_CHECK_FUNCS([pam_putenv]) 3351 LIBS="$saved_LIBS" 3352 3353 PAM_MSG="yes" 3354 3355 SSHDLIBS="$SSHDLIBS -lpam" 3356 AC_DEFINE([USE_PAM], [1], 3357 [Define if you want to enable PAM support]) 3358 3359 if test $ac_cv_lib_dl_dlopen = yes; then 3360 case "$LIBS" in 3361 *-ldl*) 3362 # libdl already in LIBS 3363 ;; 3364 *) 3365 SSHDLIBS="$SSHDLIBS -ldl" 3366 ;; 3367 esac 3368 fi 3369 fi 3370 ] 3371) 3372 3373AC_ARG_WITH([pam-service], 3374 [ --with-pam-service=name Specify PAM service name ], 3375 [ 3376 if test "x$withval" != "xno" && \ 3377 test "x$withval" != "xyes" ; then 3378 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3379 ["$withval"], [sshd PAM service name]) 3380 fi 3381 ] 3382) 3383 3384# Check for older PAM 3385if test "x$PAM_MSG" = "xyes" ; then 3386 # Check PAM strerror arguments (old PAM) 3387 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3388 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3389#include <stdlib.h> 3390#if defined(HAVE_SECURITY_PAM_APPL_H) 3391#include <security/pam_appl.h> 3392#elif defined (HAVE_PAM_PAM_APPL_H) 3393#include <pam/pam_appl.h> 3394#endif 3395 ]], [[ 3396(void)pam_strerror((pam_handle_t *)NULL, -1); 3397 ]])], [AC_MSG_RESULT([no])], [ 3398 AC_DEFINE([HAVE_OLD_PAM], [1], 3399 [Define if you have an old version of PAM 3400 which takes only one argument to pam_strerror]) 3401 AC_MSG_RESULT([yes]) 3402 PAM_MSG="yes (old library)" 3403 3404 ]) 3405fi 3406 3407case "$host" in 3408*-*-cygwin*) 3409 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3410 ;; 3411*) 3412 SSH_PRIVSEP_USER=sshd 3413 ;; 3414esac 3415AC_ARG_WITH([privsep-user], 3416 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3417 [ 3418 if test -n "$withval" && test "x$withval" != "xno" && \ 3419 test "x${withval}" != "xyes"; then 3420 SSH_PRIVSEP_USER=$withval 3421 fi 3422 ] 3423) 3424if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3425 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3426 [Cygwin function to fetch non-privileged user for privilege separation]) 3427else 3428 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3429 [non-privileged user for privilege separation]) 3430fi 3431AC_SUBST([SSH_PRIVSEP_USER]) 3432 3433if test "x$have_linux_no_new_privs" = "x1" ; then 3434AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3435 #include <sys/types.h> 3436 #include <linux/seccomp.h> 3437]) 3438fi 3439if test "x$have_seccomp_filter" = "x1" ; then 3440AC_MSG_CHECKING([kernel for seccomp_filter support]) 3441AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3442 #include <errno.h> 3443 #include <elf.h> 3444 #include <linux/audit.h> 3445 #include <linux/seccomp.h> 3446 #include <stdlib.h> 3447 #include <sys/prctl.h> 3448 ]], 3449 [[ int i = $seccomp_audit_arch; 3450 errno = 0; 3451 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3452 exit(errno == EFAULT ? 0 : 1); ]])], 3453 [ AC_MSG_RESULT([yes]) ], [ 3454 AC_MSG_RESULT([no]) 3455 # Disable seccomp filter as a target 3456 have_seccomp_filter=0 3457 ] 3458) 3459fi 3460 3461# Decide which sandbox style to use 3462sandbox_arg="" 3463AC_ARG_WITH([sandbox], 3464 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3465 [ 3466 if test "x$withval" = "xyes" ; then 3467 sandbox_arg="" 3468 else 3469 sandbox_arg="$withval" 3470 fi 3471 ] 3472) 3473 3474# Some platforms (seems to be the ones that have a kernel poll(2)-type 3475# function with which they implement select(2)) use an extra file descriptor 3476# when calling select(2), which means we can't use the rlimit sandbox. 3477AC_MSG_CHECKING([if select works with descriptor rlimit]) 3478AC_RUN_IFELSE( 3479 [AC_LANG_PROGRAM([[ 3480#include <sys/types.h> 3481#ifdef HAVE_SYS_TIME_H 3482# include <sys/time.h> 3483#endif 3484#include <sys/resource.h> 3485#ifdef HAVE_SYS_SELECT_H 3486# include <sys/select.h> 3487#endif 3488#include <errno.h> 3489#include <fcntl.h> 3490#include <stdlib.h> 3491 ]],[[ 3492 struct rlimit rl_zero; 3493 int fd, r; 3494 fd_set fds; 3495 struct timeval tv; 3496 3497 fd = open("/dev/null", O_RDONLY); 3498 FD_ZERO(&fds); 3499 FD_SET(fd, &fds); 3500 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3501 setrlimit(RLIMIT_FSIZE, &rl_zero); 3502 setrlimit(RLIMIT_NOFILE, &rl_zero); 3503 tv.tv_sec = 1; 3504 tv.tv_usec = 0; 3505 r = select(fd+1, &fds, NULL, NULL, &tv); 3506 exit (r == -1 ? 1 : 0); 3507 ]])], 3508 [AC_MSG_RESULT([yes]) 3509 select_works_with_rlimit=yes], 3510 [AC_MSG_RESULT([no]) 3511 select_works_with_rlimit=no], 3512 [AC_MSG_WARN([cross compiling: assuming yes]) 3513 select_works_with_rlimit=yes] 3514) 3515 3516AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3517AC_RUN_IFELSE( 3518 [AC_LANG_PROGRAM([[ 3519#include <sys/types.h> 3520#ifdef HAVE_SYS_TIME_H 3521# include <sys/time.h> 3522#endif 3523#include <sys/resource.h> 3524#include <errno.h> 3525#include <stdlib.h> 3526 ]],[[ 3527 struct rlimit rl_zero; 3528 int r; 3529 3530 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3531 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3532 exit (r == -1 ? 1 : 0); 3533 ]])], 3534 [AC_MSG_RESULT([yes]) 3535 rlimit_nofile_zero_works=yes], 3536 [AC_MSG_RESULT([no]) 3537 rlimit_nofile_zero_works=no], 3538 [AC_MSG_WARN([cross compiling: assuming yes]) 3539 rlimit_nofile_zero_works=yes] 3540) 3541 3542AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3543AC_RUN_IFELSE( 3544 [AC_LANG_PROGRAM([[ 3545#include <sys/types.h> 3546#include <sys/resource.h> 3547#include <stdlib.h> 3548 ]],[[ 3549 struct rlimit rl_zero; 3550 3551 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3552 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3553 ]])], 3554 [AC_MSG_RESULT([yes])], 3555 [AC_MSG_RESULT([no]) 3556 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3557 [setrlimit RLIMIT_FSIZE works])], 3558 [AC_MSG_WARN([cross compiling: assuming yes])] 3559) 3560 3561if test "x$sandbox_arg" = "xpledge" || \ 3562 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3563 test "x$ac_cv_func_pledge" != "xyes" && \ 3564 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3565 SANDBOX_STYLE="pledge" 3566 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3567elif test "x$sandbox_arg" = "xsystrace" || \ 3568 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3569 test "x$have_systr_policy_kill" != "x1" && \ 3570 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3571 SANDBOX_STYLE="systrace" 3572 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3573elif test "x$sandbox_arg" = "xdarwin" || \ 3574 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3575 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3576 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3577 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3578 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3579 SANDBOX_STYLE="darwin" 3580 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3581elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3582 ( test -z "$sandbox_arg" && \ 3583 test "x$have_seccomp_filter" = "x1" && \ 3584 test "x$ac_cv_header_elf_h" = "xyes" && \ 3585 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3586 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3587 test "x$seccomp_audit_arch" != "x" && \ 3588 test "x$have_linux_no_new_privs" = "x1" && \ 3589 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3590 test "x$seccomp_audit_arch" = "x" && \ 3591 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3592 test "x$have_linux_no_new_privs" != "x1" && \ 3593 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3594 test "x$have_seccomp_filter" != "x1" && \ 3595 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3596 test "x$ac_cv_func_prctl" != "xyes" && \ 3597 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3598 SANDBOX_STYLE="seccomp_filter" 3599 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3600elif test "x$sandbox_arg" = "xcapsicum" || \ 3601 ( test -z "$sandbox_arg" && \ 3602 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3603 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3604 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3605 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3606 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3607 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3608 SANDBOX_STYLE="capsicum" 3609 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3610elif test "x$sandbox_arg" = "xrlimit" || \ 3611 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3612 test "x$select_works_with_rlimit" = "xyes" && \ 3613 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3614 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3615 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3616 test "x$select_works_with_rlimit" != "xyes" && \ 3617 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3618 SANDBOX_STYLE="rlimit" 3619 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3620elif test "x$sandbox_arg" = "xsolaris" || \ 3621 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3622 SANDBOX_STYLE="solaris" 3623 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3624elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3625 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3626 SANDBOX_STYLE="none" 3627 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3628else 3629 AC_MSG_ERROR([unsupported --with-sandbox]) 3630fi 3631 3632# Cheap hack to ensure NEWS-OS libraries are arranged right. 3633if test ! -z "$SONY" ; then 3634 LIBS="$LIBS -liberty"; 3635fi 3636 3637# Check for long long datatypes 3638AC_CHECK_TYPES([long long, unsigned long long, long double]) 3639 3640# Check datatype sizes 3641AC_CHECK_SIZEOF([short int]) 3642AC_CHECK_SIZEOF([int]) 3643AC_CHECK_SIZEOF([long int]) 3644AC_CHECK_SIZEOF([long long int]) 3645 3646# Sanity check long long for some platforms (AIX) 3647if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3648 ac_cv_sizeof_long_long_int=0 3649fi 3650 3651# compute LLONG_MIN and LLONG_MAX if we don't know them. 3652if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3653 AC_MSG_CHECKING([for max value of long long]) 3654 AC_RUN_IFELSE( 3655 [AC_LANG_PROGRAM([[ 3656#include <stdio.h> 3657/* Why is this so damn hard? */ 3658#ifdef __GNUC__ 3659# undef __GNUC__ 3660#endif 3661#define __USE_ISOC99 3662#include <limits.h> 3663#define DATA "conftest.llminmax" 3664#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3665 3666/* 3667 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3668 * we do this the hard way. 3669 */ 3670static int 3671fprint_ll(FILE *f, long long n) 3672{ 3673 unsigned int i; 3674 int l[sizeof(long long) * 8]; 3675 3676 if (n < 0) 3677 if (fprintf(f, "-") < 0) 3678 return -1; 3679 for (i = 0; n != 0; i++) { 3680 l[i] = my_abs(n % 10); 3681 n /= 10; 3682 } 3683 do { 3684 if (fprintf(f, "%d", l[--i]) < 0) 3685 return -1; 3686 } while (i != 0); 3687 if (fprintf(f, " ") < 0) 3688 return -1; 3689 return 0; 3690} 3691 ]], [[ 3692 FILE *f; 3693 long long i, llmin, llmax = 0; 3694 3695 if((f = fopen(DATA,"w")) == NULL) 3696 exit(1); 3697 3698#if defined(LLONG_MIN) && defined(LLONG_MAX) 3699 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3700 llmin = LLONG_MIN; 3701 llmax = LLONG_MAX; 3702#else 3703 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3704 /* This will work on one's complement and two's complement */ 3705 for (i = 1; i > llmax; i <<= 1, i++) 3706 llmax = i; 3707 llmin = llmax + 1LL; /* wrap */ 3708#endif 3709 3710 /* Sanity check */ 3711 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3712 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3713 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3714 fprintf(f, "unknown unknown\n"); 3715 exit(2); 3716 } 3717 3718 if (fprint_ll(f, llmin) < 0) 3719 exit(3); 3720 if (fprint_ll(f, llmax) < 0) 3721 exit(4); 3722 if (fclose(f) < 0) 3723 exit(5); 3724 exit(0); 3725 ]])], 3726 [ 3727 llong_min=`$AWK '{print $1}' conftest.llminmax` 3728 llong_max=`$AWK '{print $2}' conftest.llminmax` 3729 3730 AC_MSG_RESULT([$llong_max]) 3731 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3732 [max value of long long calculated by configure]) 3733 AC_MSG_CHECKING([for min value of long long]) 3734 AC_MSG_RESULT([$llong_min]) 3735 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3736 [min value of long long calculated by configure]) 3737 ], 3738 [ 3739 AC_MSG_RESULT([not found]) 3740 ], 3741 [ 3742 AC_MSG_WARN([cross compiling: not checking]) 3743 ] 3744 ) 3745fi 3746 3747AC_CHECK_DECLS([UINT32_MAX], , , [[ 3748#ifdef HAVE_SYS_LIMITS_H 3749# include <sys/limits.h> 3750#endif 3751#ifdef HAVE_LIMITS_H 3752# include <limits.h> 3753#endif 3754#ifdef HAVE_STDINT_H 3755# include <stdint.h> 3756#endif 3757]]) 3758 3759# More checks for data types 3760AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3761 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3762 [[ u_int a; a = 1;]])], 3763 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3764 ]) 3765]) 3766if test "x$ac_cv_have_u_int" = "xyes" ; then 3767 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3768 have_u_int=1 3769fi 3770 3771AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3772 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3773 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3774 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3775 ]) 3776]) 3777if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3778 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3779 have_intxx_t=1 3780fi 3781 3782if (test -z "$have_intxx_t" && \ 3783 test "x$ac_cv_header_stdint_h" = "xyes") 3784then 3785 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3786 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3787 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3788 [ 3789 AC_DEFINE([HAVE_INTXX_T]) 3790 AC_MSG_RESULT([yes]) 3791 ], [ AC_MSG_RESULT([no]) 3792 ]) 3793fi 3794 3795AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3796 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3797#include <sys/types.h> 3798#ifdef HAVE_STDINT_H 3799# include <stdint.h> 3800#endif 3801#include <sys/socket.h> 3802#ifdef HAVE_SYS_BITYPES_H 3803# include <sys/bitypes.h> 3804#endif 3805 ]], [[ 3806int64_t a; a = 1; 3807 ]])], 3808 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3809 ]) 3810]) 3811if test "x$ac_cv_have_int64_t" = "xyes" ; then 3812 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3813fi 3814 3815AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3816 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3817 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3818 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3819 ]) 3820]) 3821if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3822 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3823 have_u_intxx_t=1 3824fi 3825 3826if test -z "$have_u_intxx_t" ; then 3827 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3828 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3829 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3830 [ 3831 AC_DEFINE([HAVE_U_INTXX_T]) 3832 AC_MSG_RESULT([yes]) 3833 ], [ AC_MSG_RESULT([no]) 3834 ]) 3835fi 3836 3837AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3838 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3839 [[ u_int64_t a; a = 1;]])], 3840 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3841 ]) 3842]) 3843if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3844 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3845 have_u_int64_t=1 3846fi 3847 3848if (test -z "$have_u_int64_t" && \ 3849 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3850then 3851 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3852 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3853 [[ u_int64_t a; a = 1]])], 3854 [ 3855 AC_DEFINE([HAVE_U_INT64_T]) 3856 AC_MSG_RESULT([yes]) 3857 ], [ AC_MSG_RESULT([no]) 3858 ]) 3859fi 3860 3861if test -z "$have_u_intxx_t" ; then 3862 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3863 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3864#include <sys/types.h> 3865 ]], [[ 3866 uint8_t a; 3867 uint16_t b; 3868 uint32_t c; 3869 a = b = c = 1; 3870 ]])], 3871 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3872 ]) 3873 ]) 3874 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3875 AC_DEFINE([HAVE_UINTXX_T], [1], 3876 [define if you have uintxx_t data type]) 3877 fi 3878fi 3879 3880if (test -z "$have_uintxx_t" && \ 3881 test "x$ac_cv_header_stdint_h" = "xyes") 3882then 3883 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3884 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3885 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3886 [ 3887 AC_DEFINE([HAVE_UINTXX_T]) 3888 AC_MSG_RESULT([yes]) 3889 ], [ AC_MSG_RESULT([no]) 3890 ]) 3891fi 3892 3893if (test -z "$have_uintxx_t" && \ 3894 test "x$ac_cv_header_inttypes_h" = "xyes") 3895then 3896 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3897 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3898 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3899 [ 3900 AC_DEFINE([HAVE_UINTXX_T]) 3901 AC_MSG_RESULT([yes]) 3902 ], [ AC_MSG_RESULT([no]) 3903 ]) 3904fi 3905 3906if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3907 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3908then 3909 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3910 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3911#include <sys/bitypes.h> 3912 ]], [[ 3913 int8_t a; int16_t b; int32_t c; 3914 u_int8_t e; u_int16_t f; u_int32_t g; 3915 a = b = c = e = f = g = 1; 3916 ]])], 3917 [ 3918 AC_DEFINE([HAVE_U_INTXX_T]) 3919 AC_DEFINE([HAVE_INTXX_T]) 3920 AC_MSG_RESULT([yes]) 3921 ], [AC_MSG_RESULT([no]) 3922 ]) 3923fi 3924 3925 3926AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3927 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3928 [[ u_char foo; foo = 125; ]])], 3929 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3930 ]) 3931]) 3932if test "x$ac_cv_have_u_char" = "xyes" ; then 3933 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3934fi 3935 3936AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3937#include <sys/types.h> 3938#ifdef HAVE_STDINT_H 3939# include <stdint.h> 3940#endif 3941]) 3942 3943TYPE_SOCKLEN_T 3944 3945AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3946AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3947#include <sys/types.h> 3948#ifdef HAVE_SYS_BITYPES_H 3949#include <sys/bitypes.h> 3950#endif 3951#ifdef HAVE_SYS_STATFS_H 3952#include <sys/statfs.h> 3953#endif 3954#ifdef HAVE_SYS_STATVFS_H 3955#include <sys/statvfs.h> 3956#endif 3957]) 3958 3959AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 3960#include <sys/param.h> 3961#include <sys/types.h> 3962#ifdef HAVE_SYS_BITYPES_H 3963#include <sys/bitypes.h> 3964#endif 3965#ifdef HAVE_SYS_STATFS_H 3966#include <sys/statfs.h> 3967#endif 3968#ifdef HAVE_SYS_STATVFS_H 3969#include <sys/statvfs.h> 3970#endif 3971#ifdef HAVE_SYS_VFS_H 3972#include <sys/vfs.h> 3973#endif 3974#ifdef HAVE_SYS_MOUNT_H 3975#include <sys/mount.h> 3976#endif 3977]]) 3978 3979 3980AC_CHECK_TYPES([in_addr_t, in_port_t], , , 3981[#include <sys/types.h> 3982#include <netinet/in.h>]) 3983 3984AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3985 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3986 [[ size_t foo; foo = 1235; ]])], 3987 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 3988 ]) 3989]) 3990if test "x$ac_cv_have_size_t" = "xyes" ; then 3991 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 3992fi 3993 3994AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 3995 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3996 [[ ssize_t foo; foo = 1235; ]])], 3997 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 3998 ]) 3999]) 4000if test "x$ac_cv_have_ssize_t" = "xyes" ; then 4001 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 4002fi 4003 4004AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 4005 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4006 [[ clock_t foo; foo = 1235; ]])], 4007 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4008 ]) 4009]) 4010if test "x$ac_cv_have_clock_t" = "xyes" ; then 4011 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4012fi 4013 4014AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4015 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4016#include <sys/types.h> 4017#include <sys/socket.h> 4018 ]], [[ sa_family_t foo; foo = 1235; ]])], 4019 [ ac_cv_have_sa_family_t="yes" ], 4020 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4021#include <sys/types.h> 4022#include <sys/socket.h> 4023#include <netinet/in.h> 4024 ]], [[ sa_family_t foo; foo = 1235; ]])], 4025 [ ac_cv_have_sa_family_t="yes" ], 4026 [ ac_cv_have_sa_family_t="no" ] 4027 ) 4028 ]) 4029]) 4030if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4031 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4032 [define if you have sa_family_t data type]) 4033fi 4034 4035AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4036 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4037 [[ pid_t foo; foo = 1235; ]])], 4038 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4039 ]) 4040]) 4041if test "x$ac_cv_have_pid_t" = "xyes" ; then 4042 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4043fi 4044 4045AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4046 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4047 [[ mode_t foo; foo = 1235; ]])], 4048 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4049 ]) 4050]) 4051if test "x$ac_cv_have_mode_t" = "xyes" ; then 4052 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4053fi 4054 4055 4056AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4057 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4058#include <sys/types.h> 4059#include <sys/socket.h> 4060 ]], [[ struct sockaddr_storage s; ]])], 4061 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4062 [ ac_cv_have_struct_sockaddr_storage="no" 4063 ]) 4064]) 4065if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4066 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4067 [define if you have struct sockaddr_storage data type]) 4068fi 4069 4070AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4071 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4072#include <sys/types.h> 4073#include <netinet/in.h> 4074 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4075 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4076 [ ac_cv_have_struct_sockaddr_in6="no" 4077 ]) 4078]) 4079if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4080 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4081 [define if you have struct sockaddr_in6 data type]) 4082fi 4083 4084AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4085 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4086#include <sys/types.h> 4087#include <netinet/in.h> 4088 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4089 [ ac_cv_have_struct_in6_addr="yes" ], 4090 [ ac_cv_have_struct_in6_addr="no" 4091 ]) 4092]) 4093if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4094 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4095 [define if you have struct in6_addr data type]) 4096 4097dnl Now check for sin6_scope_id 4098 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4099 [ 4100#ifdef HAVE_SYS_TYPES_H 4101#include <sys/types.h> 4102#endif 4103#include <netinet/in.h> 4104 ]) 4105fi 4106 4107AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4108 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4109#include <sys/types.h> 4110#include <sys/socket.h> 4111#include <netdb.h> 4112 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4113 [ ac_cv_have_struct_addrinfo="yes" ], 4114 [ ac_cv_have_struct_addrinfo="no" 4115 ]) 4116]) 4117if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4118 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4119 [define if you have struct addrinfo data type]) 4120fi 4121 4122AC_HEADER_TIME 4123 4124AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4125 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4126 [[ struct timeval tv; tv.tv_sec = 1;]])], 4127 [ ac_cv_have_struct_timeval="yes" ], 4128 [ ac_cv_have_struct_timeval="no" 4129 ]) 4130]) 4131if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4132 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4133 have_struct_timeval=1 4134fi 4135 4136AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4137 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4138 #ifdef TIME_WITH_SYS_TIME 4139 # include <sys/time.h> 4140 # include <time.h> 4141 #else 4142 # ifdef HAVE_SYS_TIME_H 4143 # include <sys/time.h> 4144 # else 4145 # include <time.h> 4146 # endif 4147 #endif 4148 ]], 4149 [[ struct timespec ts; ts.tv_sec = 1;]])], 4150 [ ac_cv_have_struct_timespec="yes" ], 4151 [ ac_cv_have_struct_timespec="no" 4152 ]) 4153]) 4154if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4155 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4156 have_struct_timespec=1 4157fi 4158 4159# We need int64_t or else certain parts of the compile will fail. 4160if test "x$ac_cv_have_int64_t" = "xno" && \ 4161 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4162 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4163 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4164 echo "an alternative compiler (I.E., GCC) before continuing." 4165 echo "" 4166 exit 1; 4167else 4168dnl test snprintf (broken on SCO w/gcc) 4169 AC_RUN_IFELSE( 4170 [AC_LANG_SOURCE([[ 4171#include <stdio.h> 4172#include <string.h> 4173#ifdef HAVE_SNPRINTF 4174main() 4175{ 4176 char buf[50]; 4177 char expected_out[50]; 4178 int mazsize = 50 ; 4179#if (SIZEOF_LONG_INT == 8) 4180 long int num = 0x7fffffffffffffff; 4181#else 4182 long long num = 0x7fffffffffffffffll; 4183#endif 4184 strcpy(expected_out, "9223372036854775807"); 4185 snprintf(buf, mazsize, "%lld", num); 4186 if(strcmp(buf, expected_out) != 0) 4187 exit(1); 4188 exit(0); 4189} 4190#else 4191main() { exit(0); } 4192#endif 4193 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4194 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4195 ) 4196fi 4197 4198dnl Checks for structure members 4199OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4200OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4201OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4202OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4203OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4204OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4205OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4206OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4207OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4208OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4209OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4210OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4211OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4212OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4213OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4214OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4215OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4216OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX]) 4217 4218AC_CHECK_MEMBERS([struct stat.st_blksize]) 4219AC_CHECK_MEMBERS([struct stat.st_mtim]) 4220AC_CHECK_MEMBERS([struct stat.st_mtime]) 4221AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4222struct passwd.pw_change, struct passwd.pw_expire], 4223[], [], [[ 4224#include <sys/types.h> 4225#include <pwd.h> 4226]]) 4227 4228AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4229 [Define if we don't have struct __res_state in resolv.h])], 4230[[ 4231#include <stdio.h> 4232#if HAVE_SYS_TYPES_H 4233# include <sys/types.h> 4234#endif 4235#include <netinet/in.h> 4236#include <arpa/nameser.h> 4237#include <resolv.h> 4238]]) 4239 4240AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4241 ac_cv_have_ss_family_in_struct_ss, [ 4242 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4243#include <sys/types.h> 4244#include <sys/socket.h> 4245 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4246 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4247 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4248]) 4249if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4250 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4251fi 4252 4253AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4254 ac_cv_have___ss_family_in_struct_ss, [ 4255 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4256#include <sys/types.h> 4257#include <sys/socket.h> 4258 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4259 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4260 [ ac_cv_have___ss_family_in_struct_ss="no" 4261 ]) 4262]) 4263if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4264 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4265 [Fields in struct sockaddr_storage]) 4266fi 4267 4268dnl make sure we're using the real structure members and not defines 4269AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4270 ac_cv_have_accrights_in_msghdr, [ 4271 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4272#include <sys/types.h> 4273#include <sys/socket.h> 4274#include <sys/uio.h> 4275 ]], [[ 4276#ifdef msg_accrights 4277#error "msg_accrights is a macro" 4278exit(1); 4279#endif 4280struct msghdr m; 4281m.msg_accrights = 0; 4282exit(0); 4283 ]])], 4284 [ ac_cv_have_accrights_in_msghdr="yes" ], 4285 [ ac_cv_have_accrights_in_msghdr="no" ] 4286 ) 4287]) 4288if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4289 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4290 [Define if your system uses access rights style 4291 file descriptor passing]) 4292fi 4293 4294AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4295AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4296#include <sys/param.h> 4297#include <sys/stat.h> 4298#ifdef HAVE_SYS_TIME_H 4299# include <sys/time.h> 4300#endif 4301#ifdef HAVE_SYS_MOUNT_H 4302#include <sys/mount.h> 4303#endif 4304#ifdef HAVE_SYS_STATVFS_H 4305#include <sys/statvfs.h> 4306#endif 4307 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4308 [ AC_MSG_RESULT([yes]) ], 4309 [ AC_MSG_RESULT([no]) 4310 4311 AC_MSG_CHECKING([if fsid_t has member val]) 4312 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4313#include <sys/types.h> 4314#include <sys/statvfs.h> 4315 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4316 [ AC_MSG_RESULT([yes]) 4317 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4318 [ AC_MSG_RESULT([no]) ]) 4319 4320 AC_MSG_CHECKING([if f_fsid has member __val]) 4321 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4322#include <sys/types.h> 4323#include <sys/statvfs.h> 4324 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4325 [ AC_MSG_RESULT([yes]) 4326 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4327 [ AC_MSG_RESULT([no]) ]) 4328]) 4329 4330AC_CACHE_CHECK([for msg_control field in struct msghdr], 4331 ac_cv_have_control_in_msghdr, [ 4332 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4333#include <sys/types.h> 4334#include <sys/socket.h> 4335#include <sys/uio.h> 4336 ]], [[ 4337#ifdef msg_control 4338#error "msg_control is a macro" 4339exit(1); 4340#endif 4341struct msghdr m; 4342m.msg_control = 0; 4343exit(0); 4344 ]])], 4345 [ ac_cv_have_control_in_msghdr="yes" ], 4346 [ ac_cv_have_control_in_msghdr="no" ] 4347 ) 4348]) 4349if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4350 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4351 [Define if your system uses ancillary data style 4352 file descriptor passing]) 4353fi 4354 4355AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4356 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4357 [[ extern char *__progname; printf("%s", __progname); ]])], 4358 [ ac_cv_libc_defines___progname="yes" ], 4359 [ ac_cv_libc_defines___progname="no" 4360 ]) 4361]) 4362if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4363 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4364fi 4365 4366AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4367 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4368 [[ printf("%s", __FUNCTION__); ]])], 4369 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4370 [ ac_cv_cc_implements___FUNCTION__="no" 4371 ]) 4372]) 4373if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4374 AC_DEFINE([HAVE___FUNCTION__], [1], 4375 [Define if compiler implements __FUNCTION__]) 4376fi 4377 4378AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4379 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4380 [[ printf("%s", __func__); ]])], 4381 [ ac_cv_cc_implements___func__="yes" ], 4382 [ ac_cv_cc_implements___func__="no" 4383 ]) 4384]) 4385if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4386 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4387fi 4388 4389AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4390 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4391#include <stdarg.h> 4392va_list x,y; 4393 ]], [[ va_copy(x,y); ]])], 4394 [ ac_cv_have_va_copy="yes" ], 4395 [ ac_cv_have_va_copy="no" 4396 ]) 4397]) 4398if test "x$ac_cv_have_va_copy" = "xyes" ; then 4399 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4400fi 4401 4402AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4403 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4404#include <stdarg.h> 4405va_list x,y; 4406 ]], [[ __va_copy(x,y); ]])], 4407 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4408 ]) 4409]) 4410if test "x$ac_cv_have___va_copy" = "xyes" ; then 4411 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4412fi 4413 4414AC_CACHE_CHECK([whether getopt has optreset support], 4415 ac_cv_have_getopt_optreset, [ 4416 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4417 [[ extern int optreset; optreset = 0; ]])], 4418 [ ac_cv_have_getopt_optreset="yes" ], 4419 [ ac_cv_have_getopt_optreset="no" 4420 ]) 4421]) 4422if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4423 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4424 [Define if your getopt(3) defines and uses optreset]) 4425fi 4426 4427AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4428 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4429[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4430 [ ac_cv_libc_defines_sys_errlist="yes" ], 4431 [ ac_cv_libc_defines_sys_errlist="no" 4432 ]) 4433]) 4434if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4435 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4436 [Define if your system defines sys_errlist[]]) 4437fi 4438 4439 4440AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4441 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4442[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4443 [ ac_cv_libc_defines_sys_nerr="yes" ], 4444 [ ac_cv_libc_defines_sys_nerr="no" 4445 ]) 4446]) 4447if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4448 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4449fi 4450 4451# Check libraries needed by DNS fingerprint support 4452AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4453 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4454 [Define if getrrsetbyname() exists])], 4455 [ 4456 # Needed by our getrrsetbyname() 4457 AC_SEARCH_LIBS([res_query], [resolv]) 4458 AC_SEARCH_LIBS([dn_expand], [resolv]) 4459 AC_MSG_CHECKING([if res_query will link]) 4460 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4461#include <sys/types.h> 4462#include <netinet/in.h> 4463#include <arpa/nameser.h> 4464#include <netdb.h> 4465#include <resolv.h> 4466 ]], [[ 4467 res_query (0, 0, 0, 0, 0); 4468 ]])], 4469 AC_MSG_RESULT([yes]), 4470 [AC_MSG_RESULT([no]) 4471 saved_LIBS="$LIBS" 4472 LIBS="$LIBS -lresolv" 4473 AC_MSG_CHECKING([for res_query in -lresolv]) 4474 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4475#include <sys/types.h> 4476#include <netinet/in.h> 4477#include <arpa/nameser.h> 4478#include <netdb.h> 4479#include <resolv.h> 4480 ]], [[ 4481 res_query (0, 0, 0, 0, 0); 4482 ]])], 4483 [AC_MSG_RESULT([yes])], 4484 [LIBS="$saved_LIBS" 4485 AC_MSG_RESULT([no])]) 4486 ]) 4487 AC_CHECK_FUNCS([_getshort _getlong]) 4488 AC_CHECK_DECLS([_getshort, _getlong], , , 4489 [#include <sys/types.h> 4490 #include <arpa/nameser.h>]) 4491 AC_CHECK_MEMBER([HEADER.ad], 4492 [AC_DEFINE([HAVE_HEADER_AD], [1], 4493 [Define if HEADER.ad exists in arpa/nameser.h])], , 4494 [#include <arpa/nameser.h>]) 4495 ]) 4496 4497AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4498AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4499#include <stdio.h> 4500#if HAVE_SYS_TYPES_H 4501# include <sys/types.h> 4502#endif 4503#include <netinet/in.h> 4504#include <arpa/nameser.h> 4505#include <resolv.h> 4506extern struct __res_state _res; 4507 ]], [[ 4508struct __res_state *volatile p = &_res; /* force resolution of _res */ 4509return 0; 4510 ]],)], 4511 [AC_MSG_RESULT([yes]) 4512 AC_DEFINE([HAVE__RES_EXTERN], [1], 4513 [Define if you have struct __res_state _res as an extern]) 4514 ], 4515 [ AC_MSG_RESULT([no]) ] 4516) 4517 4518# Check whether user wants SELinux support 4519SELINUX_MSG="no" 4520LIBSELINUX="" 4521AC_ARG_WITH([selinux], 4522 [ --with-selinux Enable SELinux support], 4523 [ if test "x$withval" != "xno" ; then 4524 save_LIBS="$LIBS" 4525 AC_DEFINE([WITH_SELINUX], [1], 4526 [Define if you want SELinux support.]) 4527 SELINUX_MSG="yes" 4528 AC_CHECK_HEADER([selinux/selinux.h], , 4529 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4530 AC_CHECK_LIB([selinux], [setexeccon], 4531 [ LIBSELINUX="-lselinux" 4532 LIBS="$LIBS -lselinux" 4533 ], 4534 AC_MSG_ERROR([SELinux support requires libselinux library])) 4535 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4536 LIBS="$save_LIBS $LIBSELINUX" 4537 fi ] 4538) 4539AC_SUBST([SSHDLIBS]) 4540 4541# Check whether user wants Kerberos 5 support 4542KRB5_MSG="no" 4543AC_ARG_WITH([kerberos5], 4544 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4545 [ if test "x$withval" != "xno" ; then 4546 if test "x$withval" = "xyes" ; then 4547 KRB5ROOT="/usr/local" 4548 else 4549 KRB5ROOT=${withval} 4550 fi 4551 4552 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4553 KRB5_MSG="yes" 4554 4555 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4556 [$KRB5ROOT/bin/krb5-config], 4557 [$KRB5ROOT/bin:$PATH]) 4558 if test -x $KRB5CONF ; then 4559 K5CFLAGS="`$KRB5CONF --cflags`" 4560 K5LIBS="`$KRB5CONF --libs`" 4561 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4562 4563 AC_MSG_CHECKING([for gssapi support]) 4564 if $KRB5CONF | grep gssapi >/dev/null ; then 4565 AC_MSG_RESULT([yes]) 4566 AC_DEFINE([GSSAPI], [1], 4567 [Define this if you want GSSAPI 4568 support in the version 2 protocol]) 4569 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4570 GSSLIBS="`$KRB5CONF --libs gssapi`" 4571 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4572 else 4573 AC_MSG_RESULT([no]) 4574 fi 4575 AC_MSG_CHECKING([whether we are using Heimdal]) 4576 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4577 ]], [[ char *tmp = heimdal_version; ]])], 4578 [ AC_MSG_RESULT([yes]) 4579 AC_DEFINE([HEIMDAL], [1], 4580 [Define this if you are using the Heimdal 4581 version of Kerberos V5]) ], 4582 [AC_MSG_RESULT([no]) 4583 ]) 4584 else 4585 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4586 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4587 AC_MSG_CHECKING([whether we are using Heimdal]) 4588 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4589 ]], [[ char *tmp = heimdal_version; ]])], 4590 [ AC_MSG_RESULT([yes]) 4591 AC_DEFINE([HEIMDAL]) 4592 K5LIBS="-lkrb5" 4593 K5LIBS="$K5LIBS -lcom_err -lasn1" 4594 AC_CHECK_LIB([roken], [net_write], 4595 [K5LIBS="$K5LIBS -lroken"]) 4596 AC_CHECK_LIB([des], [des_cbc_encrypt], 4597 [K5LIBS="$K5LIBS -ldes"]) 4598 ], [ AC_MSG_RESULT([no]) 4599 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4600 ]) 4601 AC_SEARCH_LIBS([dn_expand], [resolv]) 4602 4603 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4604 [ AC_DEFINE([GSSAPI]) 4605 GSSLIBS="-lgssapi_krb5" ], 4606 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4607 [ AC_DEFINE([GSSAPI]) 4608 GSSLIBS="-lgssapi" ], 4609 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4610 [ AC_DEFINE([GSSAPI]) 4611 GSSLIBS="-lgss" ], 4612 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4613 ]) 4614 ]) 4615 4616 AC_CHECK_HEADER([gssapi.h], , 4617 [ unset ac_cv_header_gssapi_h 4618 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4619 AC_CHECK_HEADERS([gssapi.h], , 4620 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4621 ) 4622 ] 4623 ) 4624 4625 oldCPP="$CPPFLAGS" 4626 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4627 AC_CHECK_HEADER([gssapi_krb5.h], , 4628 [ CPPFLAGS="$oldCPP" ]) 4629 4630 fi 4631 if test -n "${rpath_opt}" ; then 4632 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4633 fi 4634 if test ! -z "$blibpath" ; then 4635 blibpath="$blibpath:${KRB5ROOT}/lib" 4636 fi 4637 4638 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4639 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4640 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4641 4642 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4643 [Define this if you want to use libkafs' AFS support])]) 4644 4645 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4646#ifdef HAVE_GSSAPI_H 4647# include <gssapi.h> 4648#elif defined(HAVE_GSSAPI_GSSAPI_H) 4649# include <gssapi/gssapi.h> 4650#endif 4651 4652#ifdef HAVE_GSSAPI_GENERIC_H 4653# include <gssapi_generic.h> 4654#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4655# include <gssapi/gssapi_generic.h> 4656#endif 4657 ]]) 4658 saved_LIBS="$LIBS" 4659 LIBS="$LIBS $K5LIBS" 4660 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4661 LIBS="$saved_LIBS" 4662 4663 fi 4664 ] 4665) 4666AC_SUBST([GSSLIBS]) 4667AC_SUBST([K5LIBS]) 4668 4669# Looking for programs, paths and files 4670 4671PRIVSEP_PATH=/var/empty 4672AC_ARG_WITH([privsep-path], 4673 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4674 [ 4675 if test -n "$withval" && test "x$withval" != "xno" && \ 4676 test "x${withval}" != "xyes"; then 4677 PRIVSEP_PATH=$withval 4678 fi 4679 ] 4680) 4681AC_SUBST([PRIVSEP_PATH]) 4682 4683AC_ARG_WITH([xauth], 4684 [ --with-xauth=PATH Specify path to xauth program ], 4685 [ 4686 if test -n "$withval" && test "x$withval" != "xno" && \ 4687 test "x${withval}" != "xyes"; then 4688 xauth_path=$withval 4689 fi 4690 ], 4691 [ 4692 TestPath="$PATH" 4693 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4694 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4695 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4696 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4697 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4698 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4699 xauth_path="/usr/openwin/bin/xauth" 4700 fi 4701 ] 4702) 4703 4704STRIP_OPT=-s 4705AC_ARG_ENABLE([strip], 4706 [ --disable-strip Disable calling strip(1) on install], 4707 [ 4708 if test "x$enableval" = "xno" ; then 4709 STRIP_OPT= 4710 fi 4711 ] 4712) 4713AC_SUBST([STRIP_OPT]) 4714 4715if test -z "$xauth_path" ; then 4716 XAUTH_PATH="undefined" 4717 AC_SUBST([XAUTH_PATH]) 4718else 4719 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4720 [Define if xauth is found in your path]) 4721 XAUTH_PATH=$xauth_path 4722 AC_SUBST([XAUTH_PATH]) 4723fi 4724 4725dnl # --with-maildir=/path/to/mail gets top priority. 4726dnl # if maildir is set in the platform case statement above we use that. 4727dnl # Otherwise we run a program to get the dir from system headers. 4728dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4729dnl # If we find _PATH_MAILDIR we do nothing because that is what 4730dnl # session.c expects anyway. Otherwise we set to the value found 4731dnl # stripping any trailing slash. If for some strage reason our program 4732dnl # does not find what it needs, we default to /var/spool/mail. 4733# Check for mail directory 4734AC_ARG_WITH([maildir], 4735 [ --with-maildir=/path/to/mail Specify your system mail directory], 4736 [ 4737 if test "X$withval" != X && test "x$withval" != xno && \ 4738 test "x${withval}" != xyes; then 4739 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4740 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4741 fi 4742 ],[ 4743 if test "X$maildir" != "X"; then 4744 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4745 else 4746 AC_MSG_CHECKING([Discovering system mail directory]) 4747 AC_RUN_IFELSE( 4748 [AC_LANG_PROGRAM([[ 4749#include <stdio.h> 4750#include <string.h> 4751#ifdef HAVE_PATHS_H 4752#include <paths.h> 4753#endif 4754#ifdef HAVE_MAILLOCK_H 4755#include <maillock.h> 4756#endif 4757#define DATA "conftest.maildir" 4758 ]], [[ 4759 FILE *fd; 4760 int rc; 4761 4762 fd = fopen(DATA,"w"); 4763 if(fd == NULL) 4764 exit(1); 4765 4766#if defined (_PATH_MAILDIR) 4767 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4768 exit(1); 4769#elif defined (MAILDIR) 4770 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4771 exit(1); 4772#elif defined (_PATH_MAIL) 4773 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4774 exit(1); 4775#else 4776 exit (2); 4777#endif 4778 4779 exit(0); 4780 ]])], 4781 [ 4782 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4783 maildir=`awk -F: '{print $2}' conftest.maildir \ 4784 | sed 's|/$||'` 4785 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4786 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4787 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4788 fi 4789 ], 4790 [ 4791 if test "X$ac_status" = "X2";then 4792# our test program didn't find it. Default to /var/spool/mail 4793 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4794 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4795 else 4796 AC_MSG_RESULT([*** not found ***]) 4797 fi 4798 ], 4799 [ 4800 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4801 ] 4802 ) 4803 fi 4804 ] 4805) # maildir 4806 4807if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4808 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4809 disable_ptmx_check=yes 4810fi 4811if test -z "$no_dev_ptmx" ; then 4812 if test "x$disable_ptmx_check" != "xyes" ; then 4813 AC_CHECK_FILE(["/dev/ptmx"], 4814 [ 4815 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4816 [Define if you have /dev/ptmx]) 4817 have_dev_ptmx=1 4818 ] 4819 ) 4820 fi 4821fi 4822 4823if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4824 AC_CHECK_FILE(["/dev/ptc"], 4825 [ 4826 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4827 [Define if you have /dev/ptc]) 4828 have_dev_ptc=1 4829 ] 4830 ) 4831else 4832 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4833fi 4834 4835# Options from here on. Some of these are preset by platform above 4836AC_ARG_WITH([mantype], 4837 [ --with-mantype=man|cat|doc Set man page type], 4838 [ 4839 case "$withval" in 4840 man|cat|doc) 4841 MANTYPE=$withval 4842 ;; 4843 *) 4844 AC_MSG_ERROR([invalid man type: $withval]) 4845 ;; 4846 esac 4847 ] 4848) 4849if test -z "$MANTYPE"; then 4850 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 4851 MANTYPE=doc 4852 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4853 MANTYPE=doc 4854 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4855 MANTYPE=man 4856 else 4857 MANTYPE=cat 4858 fi 4859fi 4860AC_SUBST([MANTYPE]) 4861if test "$MANTYPE" = "doc"; then 4862 mansubdir=man; 4863else 4864 mansubdir=$MANTYPE; 4865fi 4866AC_SUBST([mansubdir]) 4867 4868# Check whether to enable MD5 passwords 4869MD5_MSG="no" 4870AC_ARG_WITH([md5-passwords], 4871 [ --with-md5-passwords Enable use of MD5 passwords], 4872 [ 4873 if test "x$withval" != "xno" ; then 4874 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4875 [Define if you want to allow MD5 passwords]) 4876 MD5_MSG="yes" 4877 fi 4878 ] 4879) 4880 4881# Whether to disable shadow password support 4882AC_ARG_WITH([shadow], 4883 [ --without-shadow Disable shadow password support], 4884 [ 4885 if test "x$withval" = "xno" ; then 4886 AC_DEFINE([DISABLE_SHADOW]) 4887 disable_shadow=yes 4888 fi 4889 ] 4890) 4891 4892if test -z "$disable_shadow" ; then 4893 AC_MSG_CHECKING([if the systems has expire shadow information]) 4894 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4895#include <sys/types.h> 4896#include <shadow.h> 4897struct spwd sp; 4898 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4899 [ sp_expire_available=yes ], [ 4900 ]) 4901 4902 if test "x$sp_expire_available" = "xyes" ; then 4903 AC_MSG_RESULT([yes]) 4904 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4905 [Define if you want to use shadow password expire field]) 4906 else 4907 AC_MSG_RESULT([no]) 4908 fi 4909fi 4910 4911# Use ip address instead of hostname in $DISPLAY 4912if test ! -z "$IPADDR_IN_DISPLAY" ; then 4913 DISPLAY_HACK_MSG="yes" 4914 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4915 [Define if you need to use IP address 4916 instead of hostname in $DISPLAY]) 4917else 4918 DISPLAY_HACK_MSG="no" 4919 AC_ARG_WITH([ipaddr-display], 4920 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 4921 [ 4922 if test "x$withval" != "xno" ; then 4923 AC_DEFINE([IPADDR_IN_DISPLAY]) 4924 DISPLAY_HACK_MSG="yes" 4925 fi 4926 ] 4927 ) 4928fi 4929 4930# check for /etc/default/login and use it if present. 4931AC_ARG_ENABLE([etc-default-login], 4932 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4933 [ if test "x$enableval" = "xno"; then 4934 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4935 etc_default_login=no 4936 else 4937 etc_default_login=yes 4938 fi ], 4939 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4940 then 4941 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4942 etc_default_login=no 4943 else 4944 etc_default_login=yes 4945 fi ] 4946) 4947 4948if test "x$etc_default_login" != "xno"; then 4949 AC_CHECK_FILE(["/etc/default/login"], 4950 [ external_path_file=/etc/default/login ]) 4951 if test "x$external_path_file" = "x/etc/default/login"; then 4952 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4953 [Define if your system has /etc/default/login]) 4954 fi 4955fi 4956 4957dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4958if test $ac_cv_func_login_getcapbool = "yes" && \ 4959 test $ac_cv_header_login_cap_h = "yes" ; then 4960 external_path_file=/etc/login.conf 4961fi 4962 4963# Whether to mess with the default path 4964SERVER_PATH_MSG="(default)" 4965AC_ARG_WITH([default-path], 4966 [ --with-default-path= Specify default $PATH environment for server], 4967 [ 4968 if test "x$external_path_file" = "x/etc/login.conf" ; then 4969 AC_MSG_WARN([ 4970--with-default-path=PATH has no effect on this system. 4971Edit /etc/login.conf instead.]) 4972 elif test "x$withval" != "xno" ; then 4973 if test ! -z "$external_path_file" ; then 4974 AC_MSG_WARN([ 4975--with-default-path=PATH will only be used if PATH is not defined in 4976$external_path_file .]) 4977 fi 4978 user_path="$withval" 4979 SERVER_PATH_MSG="$withval" 4980 fi 4981 ], 4982 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 4983 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 4984 else 4985 if test ! -z "$external_path_file" ; then 4986 AC_MSG_WARN([ 4987If PATH is defined in $external_path_file, ensure the path to scp is included, 4988otherwise scp will not work.]) 4989 fi 4990 AC_RUN_IFELSE( 4991 [AC_LANG_PROGRAM([[ 4992/* find out what STDPATH is */ 4993#include <stdio.h> 4994#ifdef HAVE_PATHS_H 4995# include <paths.h> 4996#endif 4997#ifndef _PATH_STDPATH 4998# ifdef _PATH_USERPATH /* Irix */ 4999# define _PATH_STDPATH _PATH_USERPATH 5000# else 5001# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 5002# endif 5003#endif 5004#include <sys/types.h> 5005#include <sys/stat.h> 5006#include <fcntl.h> 5007#define DATA "conftest.stdpath" 5008 ]], [[ 5009 FILE *fd; 5010 int rc; 5011 5012 fd = fopen(DATA,"w"); 5013 if(fd == NULL) 5014 exit(1); 5015 5016 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5017 exit(1); 5018 5019 exit(0); 5020 ]])], 5021 [ user_path=`cat conftest.stdpath` ], 5022 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5023 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5024 ) 5025# make sure $bindir is in USER_PATH so scp will work 5026 t_bindir="${bindir}" 5027 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5028 t_bindir=`eval echo ${t_bindir}` 5029 case $t_bindir in 5030 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5031 esac 5032 case $t_bindir in 5033 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5034 esac 5035 done 5036 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5037 if test $? -ne 0 ; then 5038 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5039 if test $? -ne 0 ; then 5040 user_path=$user_path:$t_bindir 5041 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5042 fi 5043 fi 5044 fi ] 5045) 5046if test "x$external_path_file" != "x/etc/login.conf" ; then 5047 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5048 AC_SUBST([user_path]) 5049fi 5050 5051# Set superuser path separately to user path 5052AC_ARG_WITH([superuser-path], 5053 [ --with-superuser-path= Specify different path for super-user], 5054 [ 5055 if test -n "$withval" && test "x$withval" != "xno" && \ 5056 test "x${withval}" != "xyes"; then 5057 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5058 [Define if you want a different $PATH 5059 for the superuser]) 5060 superuser_path=$withval 5061 fi 5062 ] 5063) 5064 5065 5066AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5067IPV4_IN6_HACK_MSG="no" 5068AC_ARG_WITH(4in6, 5069 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5070 [ 5071 if test "x$withval" != "xno" ; then 5072 AC_MSG_RESULT([yes]) 5073 AC_DEFINE([IPV4_IN_IPV6], [1], 5074 [Detect IPv4 in IPv6 mapped addresses 5075 and treat as IPv4]) 5076 IPV4_IN6_HACK_MSG="yes" 5077 else 5078 AC_MSG_RESULT([no]) 5079 fi 5080 ], [ 5081 if test "x$inet6_default_4in6" = "xyes"; then 5082 AC_MSG_RESULT([yes (default)]) 5083 AC_DEFINE([IPV4_IN_IPV6]) 5084 IPV4_IN6_HACK_MSG="yes" 5085 else 5086 AC_MSG_RESULT([no (default)]) 5087 fi 5088 ] 5089) 5090 5091# Whether to enable BSD auth support 5092BSD_AUTH_MSG=no 5093AC_ARG_WITH([bsd-auth], 5094 [ --with-bsd-auth Enable BSD auth support], 5095 [ 5096 if test "x$withval" != "xno" ; then 5097 AC_DEFINE([BSD_AUTH], [1], 5098 [Define if you have BSD auth support]) 5099 BSD_AUTH_MSG=yes 5100 fi 5101 ] 5102) 5103 5104# Where to place sshd.pid 5105piddir=/var/run 5106# make sure the directory exists 5107if test ! -d $piddir ; then 5108 piddir=`eval echo ${sysconfdir}` 5109 case $piddir in 5110 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5111 esac 5112fi 5113 5114AC_ARG_WITH([pid-dir], 5115 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5116 [ 5117 if test -n "$withval" && test "x$withval" != "xno" && \ 5118 test "x${withval}" != "xyes"; then 5119 piddir=$withval 5120 if test ! -d $piddir ; then 5121 AC_MSG_WARN([** no $piddir directory on this system **]) 5122 fi 5123 fi 5124 ] 5125) 5126 5127AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5128 [Specify location of ssh.pid]) 5129AC_SUBST([piddir]) 5130 5131dnl allow user to disable some login recording features 5132AC_ARG_ENABLE([lastlog], 5133 [ --disable-lastlog disable use of lastlog even if detected [no]], 5134 [ 5135 if test "x$enableval" = "xno" ; then 5136 AC_DEFINE([DISABLE_LASTLOG]) 5137 fi 5138 ] 5139) 5140AC_ARG_ENABLE([utmp], 5141 [ --disable-utmp disable use of utmp even if detected [no]], 5142 [ 5143 if test "x$enableval" = "xno" ; then 5144 AC_DEFINE([DISABLE_UTMP]) 5145 fi 5146 ] 5147) 5148AC_ARG_ENABLE([utmpx], 5149 [ --disable-utmpx disable use of utmpx even if detected [no]], 5150 [ 5151 if test "x$enableval" = "xno" ; then 5152 AC_DEFINE([DISABLE_UTMPX], [1], 5153 [Define if you don't want to use utmpx]) 5154 fi 5155 ] 5156) 5157AC_ARG_ENABLE([wtmp], 5158 [ --disable-wtmp disable use of wtmp even if detected [no]], 5159 [ 5160 if test "x$enableval" = "xno" ; then 5161 AC_DEFINE([DISABLE_WTMP]) 5162 fi 5163 ] 5164) 5165AC_ARG_ENABLE([wtmpx], 5166 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5167 [ 5168 if test "x$enableval" = "xno" ; then 5169 AC_DEFINE([DISABLE_WTMPX], [1], 5170 [Define if you don't want to use wtmpx]) 5171 fi 5172 ] 5173) 5174AC_ARG_ENABLE([libutil], 5175 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5176 [ 5177 if test "x$enableval" = "xno" ; then 5178 AC_DEFINE([DISABLE_LOGIN]) 5179 fi 5180 ] 5181) 5182AC_ARG_ENABLE([pututline], 5183 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5184 [ 5185 if test "x$enableval" = "xno" ; then 5186 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5187 [Define if you don't want to use pututline() 5188 etc. to write [uw]tmp]) 5189 fi 5190 ] 5191) 5192AC_ARG_ENABLE([pututxline], 5193 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5194 [ 5195 if test "x$enableval" = "xno" ; then 5196 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5197 [Define if you don't want to use pututxline() 5198 etc. to write [uw]tmpx]) 5199 fi 5200 ] 5201) 5202AC_ARG_WITH([lastlog], 5203 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5204 [ 5205 if test "x$withval" = "xno" ; then 5206 AC_DEFINE([DISABLE_LASTLOG]) 5207 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5208 conf_lastlog_location=$withval 5209 fi 5210 ] 5211) 5212 5213dnl lastlog, [uw]tmpx? detection 5214dnl NOTE: set the paths in the platform section to avoid the 5215dnl need for command-line parameters 5216dnl lastlog and [uw]tmp are subject to a file search if all else fails 5217 5218dnl lastlog detection 5219dnl NOTE: the code itself will detect if lastlog is a directory 5220AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5221AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5222#include <sys/types.h> 5223#include <utmp.h> 5224#ifdef HAVE_LASTLOG_H 5225# include <lastlog.h> 5226#endif 5227#ifdef HAVE_PATHS_H 5228# include <paths.h> 5229#endif 5230#ifdef HAVE_LOGIN_H 5231# include <login.h> 5232#endif 5233 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5234 [ AC_MSG_RESULT([yes]) ], 5235 [ 5236 AC_MSG_RESULT([no]) 5237 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5238 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5239#include <sys/types.h> 5240#include <utmp.h> 5241#ifdef HAVE_LASTLOG_H 5242# include <lastlog.h> 5243#endif 5244#ifdef HAVE_PATHS_H 5245# include <paths.h> 5246#endif 5247 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5248 [ AC_MSG_RESULT([yes]) ], 5249 [ 5250 AC_MSG_RESULT([no]) 5251 system_lastlog_path=no 5252 ]) 5253]) 5254 5255if test -z "$conf_lastlog_location"; then 5256 if test x"$system_lastlog_path" = x"no" ; then 5257 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5258 if (test -d "$f" || test -f "$f") ; then 5259 conf_lastlog_location=$f 5260 fi 5261 done 5262 if test -z "$conf_lastlog_location"; then 5263 AC_MSG_WARN([** Cannot find lastlog **]) 5264 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5265 fi 5266 fi 5267fi 5268 5269if test -n "$conf_lastlog_location"; then 5270 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5271 [Define if you want to specify the path to your lastlog file]) 5272fi 5273 5274dnl utmp detection 5275AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5276AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5277#include <sys/types.h> 5278#include <utmp.h> 5279#ifdef HAVE_PATHS_H 5280# include <paths.h> 5281#endif 5282 ]], [[ char *utmp = UTMP_FILE; ]])], 5283 [ AC_MSG_RESULT([yes]) ], 5284 [ AC_MSG_RESULT([no]) 5285 system_utmp_path=no 5286]) 5287if test -z "$conf_utmp_location"; then 5288 if test x"$system_utmp_path" = x"no" ; then 5289 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5290 if test -f $f ; then 5291 conf_utmp_location=$f 5292 fi 5293 done 5294 if test -z "$conf_utmp_location"; then 5295 AC_DEFINE([DISABLE_UTMP]) 5296 fi 5297 fi 5298fi 5299if test -n "$conf_utmp_location"; then 5300 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5301 [Define if you want to specify the path to your utmp file]) 5302fi 5303 5304dnl wtmp detection 5305AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5306AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5307#include <sys/types.h> 5308#include <utmp.h> 5309#ifdef HAVE_PATHS_H 5310# include <paths.h> 5311#endif 5312 ]], [[ char *wtmp = WTMP_FILE; ]])], 5313 [ AC_MSG_RESULT([yes]) ], 5314 [ AC_MSG_RESULT([no]) 5315 system_wtmp_path=no 5316]) 5317if test -z "$conf_wtmp_location"; then 5318 if test x"$system_wtmp_path" = x"no" ; then 5319 for f in /usr/adm/wtmp /var/log/wtmp; do 5320 if test -f $f ; then 5321 conf_wtmp_location=$f 5322 fi 5323 done 5324 if test -z "$conf_wtmp_location"; then 5325 AC_DEFINE([DISABLE_WTMP]) 5326 fi 5327 fi 5328fi 5329if test -n "$conf_wtmp_location"; then 5330 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5331 [Define if you want to specify the path to your wtmp file]) 5332fi 5333 5334dnl wtmpx detection 5335AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5336AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5337#include <sys/types.h> 5338#include <utmp.h> 5339#ifdef HAVE_UTMPX_H 5340#include <utmpx.h> 5341#endif 5342#ifdef HAVE_PATHS_H 5343# include <paths.h> 5344#endif 5345 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5346 [ AC_MSG_RESULT([yes]) ], 5347 [ AC_MSG_RESULT([no]) 5348 system_wtmpx_path=no 5349]) 5350if test -z "$conf_wtmpx_location"; then 5351 if test x"$system_wtmpx_path" = x"no" ; then 5352 AC_DEFINE([DISABLE_WTMPX]) 5353 fi 5354else 5355 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5356 [Define if you want to specify the path to your wtmpx file]) 5357fi 5358 5359 5360if test ! -z "$blibpath" ; then 5361 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5362 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5363fi 5364 5365AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5366 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5367 AC_DEFINE([DISABLE_LASTLOG]) 5368 fi 5369 ], [ 5370#ifdef HAVE_SYS_TYPES_H 5371#include <sys/types.h> 5372#endif 5373#ifdef HAVE_UTMP_H 5374#include <utmp.h> 5375#endif 5376#ifdef HAVE_UTMPX_H 5377#include <utmpx.h> 5378#endif 5379#ifdef HAVE_LASTLOG_H 5380#include <lastlog.h> 5381#endif 5382 ]) 5383 5384AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5385 AC_DEFINE([DISABLE_UTMP]) 5386 AC_DEFINE([DISABLE_WTMP]) 5387 ], [ 5388#ifdef HAVE_SYS_TYPES_H 5389#include <sys/types.h> 5390#endif 5391#ifdef HAVE_UTMP_H 5392#include <utmp.h> 5393#endif 5394#ifdef HAVE_UTMPX_H 5395#include <utmpx.h> 5396#endif 5397#ifdef HAVE_LASTLOG_H 5398#include <lastlog.h> 5399#endif 5400 ]) 5401 5402dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5403dnl Add now. 5404CFLAGS="$CFLAGS $werror_flags" 5405 5406if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5407 TEST_SSH_IPV6=no 5408else 5409 TEST_SSH_IPV6=yes 5410fi 5411AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5412AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5413AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5414AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5415AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5416AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5417 5418CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5419LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5420 5421# Make a copy of CFLAGS/LDFLAGS without PIE options. 5422LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5423CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5424AC_SUBST([LDFLAGS_NOPIE]) 5425AC_SUBST([CFLAGS_NOPIE]) 5426 5427AC_EXEEXT 5428AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5429 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5430 survey.sh]) 5431AC_OUTPUT 5432 5433# Print summary of options 5434 5435# Someone please show me a better way :) 5436A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5437B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5438C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5439D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5440E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5441F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5442G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5443H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5444I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5445J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5446 5447echo "" 5448echo "OpenSSH has been configured with the following options:" 5449echo " User binaries: $B" 5450echo " System binaries: $C" 5451echo " Configuration files: $D" 5452echo " Askpass program: $E" 5453echo " Manual pages: $F" 5454echo " PID file: $G" 5455echo " Privilege separation chroot path: $H" 5456if test "x$external_path_file" = "x/etc/login.conf" ; then 5457echo " At runtime, sshd will use the path defined in $external_path_file" 5458echo " Make sure the path to scp is present, otherwise scp will not work" 5459else 5460echo " sshd default user PATH: $I" 5461 if test ! -z "$external_path_file"; then 5462echo " (If PATH is set in $external_path_file it will be used instead. If" 5463echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5464 fi 5465fi 5466if test ! -z "$superuser_path" ; then 5467echo " sshd superuser user PATH: $J" 5468fi 5469echo " Manpage format: $MANTYPE" 5470echo " PAM support: $PAM_MSG" 5471echo " OSF SIA support: $SIA_MSG" 5472echo " KerberosV support: $KRB5_MSG" 5473echo " SELinux support: $SELINUX_MSG" 5474echo " MD5 password support: $MD5_MSG" 5475echo " libedit support: $LIBEDIT_MSG" 5476echo " libldns support: $LDNS_MSG" 5477echo " Solaris process contract support: $SPC_MSG" 5478echo " Solaris project support: $SP_MSG" 5479echo " Solaris privilege support: $SPP_MSG" 5480echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5481echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5482echo " BSD Auth support: $BSD_AUTH_MSG" 5483echo " Random number source: $RAND_MSG" 5484echo " Privsep sandbox style: $SANDBOX_STYLE" 5485echo " PKCS#11 support: $enable_pkcs11" 5486echo " U2F/FIDO support: $enable_sk" 5487 5488echo "" 5489 5490echo " Host: ${host}" 5491echo " Compiler: ${CC}" 5492echo " Compiler flags: ${CFLAGS}" 5493echo "Preprocessor flags: ${CPPFLAGS}" 5494echo " Linker flags: ${LDFLAGS}" 5495echo " Libraries: ${LIBS}" 5496if test ! -z "${SSHDLIBS}"; then 5497echo " +for sshd: ${SSHDLIBS}" 5498fi 5499 5500echo "" 5501 5502if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5503 echo "SVR4 style packages are supported with \"make package\"" 5504 echo "" 5505fi 5506 5507if test "x$PAM_MSG" = "xyes" ; then 5508 echo "PAM is enabled. You may need to install a PAM control file " 5509 echo "for sshd, otherwise password authentication may fail. " 5510 echo "Example PAM control files can be found in the contrib/ " 5511 echo "subdirectory" 5512 echo "" 5513fi 5514 5515if test ! -z "$NO_PEERCHECK" ; then 5516 echo "WARNING: the operating system that you are using does not" 5517 echo "appear to support getpeereid(), getpeerucred() or the" 5518 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5519 echo "enforce security checks to prevent unauthorised connections to" 5520 echo "ssh-agent. Their absence increases the risk that a malicious" 5521 echo "user can connect to your agent." 5522 echo "" 5523fi 5524 5525if test "$AUDIT_MODULE" = "bsm" ; then 5526 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5527 echo "See the Solaris section in README.platform for details." 5528fi 5529