1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_CONFIG_MACRO_DIR([m4]) 18AC_CONFIG_SRCDIR([ssh.c]) 19AC_LANG([C]) 20 21AC_CONFIG_HEADERS([config.h]) 22AC_PROG_CC([cc gcc]) 23 24# XXX relax this after reimplementing logit() etc. 25AC_MSG_CHECKING([if $CC supports C99-style variadic macros]) 26AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 27int f(int a, int b, int c) { return a + b + c; } 28#define F(a, ...) f(a, __VA_ARGS__) 29]], [[return F(1, 2, -3);]])], 30 [ AC_MSG_RESULT([yes]) ], 31 [ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ] 32) 33 34AC_CANONICAL_HOST 35AC_C_BIGENDIAN 36 37# Checks for programs. 38AC_PROG_AWK 39AC_PROG_CPP 40AC_PROG_RANLIB 41AC_PROG_INSTALL 42AC_PROG_EGREP 43AC_PROG_MKDIR_P 44AC_CHECK_TOOLS([AR], [ar]) 45AC_PATH_PROG([CAT], [cat]) 46AC_PATH_PROG([KILL], [kill]) 47AC_PATH_PROG([SED], [sed]) 48AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 49AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 50AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 51AC_PATH_PROG([SH], [sh]) 52AC_PATH_PROG([GROFF], [groff]) 53AC_PATH_PROG([NROFF], [nroff awf]) 54AC_PATH_PROG([MANDOC], [mandoc]) 55AC_SUBST([TEST_SHELL], [sh]) 56 57dnl select manpage formatter to be used to build "cat" format pages. 58if test "x$MANDOC" != "x" ; then 59 MANFMT="$MANDOC" 60elif test "x$NROFF" != "x" ; then 61 MANFMT="$NROFF -mandoc" 62elif test "x$GROFF" != "x" ; then 63 MANFMT="$GROFF -mandoc -Tascii" 64else 65 AC_MSG_WARN([no manpage formatter found]) 66 MANFMT="false" 67fi 68AC_SUBST([MANFMT]) 69 70dnl for buildpkg.sh 71AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 72 [/usr/sbin${PATH_SEPARATOR}/etc]) 73AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 74 [/usr/sbin${PATH_SEPARATOR}/etc]) 75AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 76if test -x /sbin/sh; then 77 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 78else 79 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 80fi 81 82# System features 83AC_SYS_LARGEFILE 84 85if test -z "$AR" ; then 86 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 87fi 88 89AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 90if test ! -z "$PATH_PASSWD_PROG" ; then 91 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 92 [Full path of your "passwd" program]) 93fi 94 95dnl Since autoconf doesn't support it very well, we no longer allow users to 96dnl override LD, however keeping the hook here for now in case there's a use 97dnl use case we overlooked and someone needs to re-enable it. Unless a good 98dnl reason is found we'll be removing this in future. 99LD="$CC" 100AC_SUBST([LD]) 101 102AC_C_INLINE 103 104AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 105AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 106AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 107 #include <sys/types.h> 108 #include <sys/param.h> 109 #include <dev/systrace.h> 110]) 111AC_CHECK_DECL([RLIMIT_NPROC], 112 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 113 #include <sys/types.h> 114 #include <sys/resource.h> 115]) 116AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 117 #include <sys/types.h> 118 #include <linux/prctl.h> 119]) 120 121openssl=yes 122AC_ARG_WITH([openssl], 123 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 124 [ if test "x$withval" = "xno" ; then 125 openssl=no 126 fi 127 ] 128) 129AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 130if test "x$openssl" = "xyes" ; then 131 AC_MSG_RESULT([yes]) 132 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 133else 134 AC_MSG_RESULT([no]) 135fi 136 137use_stack_protector=1 138use_toolchain_hardening=1 139AC_ARG_WITH([stackprotect], 140 [ --without-stackprotect Don't use compiler's stack protection], [ 141 if test "x$withval" = "xno"; then 142 use_stack_protector=0 143 fi ]) 144AC_ARG_WITH([hardening], 145 [ --without-hardening Don't use toolchain hardening flags], [ 146 if test "x$withval" = "xno"; then 147 use_toolchain_hardening=0 148 fi ]) 149 150# We use -Werror for the tests only so that we catch warnings like "this is 151# on by default" for things like -fPIE. 152AC_MSG_CHECKING([if $CC supports -Werror]) 153saved_CFLAGS="$CFLAGS" 154CFLAGS="$CFLAGS -Werror" 155AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 156 [ AC_MSG_RESULT([yes]) 157 WERROR="-Werror"], 158 [ AC_MSG_RESULT([no]) 159 WERROR="" ] 160) 161CFLAGS="$saved_CFLAGS" 162 163if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 164 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 165 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 166 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 167 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 168 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 169 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 170 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 171 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 172 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 173 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 174 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 175 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 176 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 177 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 178 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 179 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 180 if test "x$use_toolchain_hardening" = "x1"; then 181 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 182 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 183 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 184 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 185 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 186 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 187 # NB. -ftrapv expects certain support functions to be present in 188 # the compiler library (libgcc or similar) to detect integer operations 189 # that can overflow. We must check that the result of enabling it 190 # actually links. The test program compiled/linked includes a number 191 # of integer operations that should exercise this. 192 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 193 fi 194 AC_MSG_CHECKING([gcc version]) 195 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 196 case $GCC_VER in 197 1.*) no_attrib_nonnull=1 ;; 198 2.8* | 2.9*) 199 no_attrib_nonnull=1 200 ;; 201 2.*) no_attrib_nonnull=1 ;; 202 *) ;; 203 esac 204 AC_MSG_RESULT([$GCC_VER]) 205 206 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 207 saved_CFLAGS="$CFLAGS" 208 CFLAGS="$CFLAGS -fno-builtin-memset" 209 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 210 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 211 [ AC_MSG_RESULT([yes]) ], 212 [ AC_MSG_RESULT([no]) 213 CFLAGS="$saved_CFLAGS" ] 214 ) 215 216 # -fstack-protector-all doesn't always work for some GCC versions 217 # and/or platforms, so we test if we can. If it's not supported 218 # on a given platform gcc will emit a warning so we use -Werror. 219 if test "x$use_stack_protector" = "x1"; then 220 for t in -fstack-protector-strong -fstack-protector-all \ 221 -fstack-protector; do 222 AC_MSG_CHECKING([if $CC supports $t]) 223 saved_CFLAGS="$CFLAGS" 224 saved_LDFLAGS="$LDFLAGS" 225 CFLAGS="$CFLAGS $t -Werror" 226 LDFLAGS="$LDFLAGS $t -Werror" 227 AC_LINK_IFELSE( 228 [AC_LANG_PROGRAM([[ 229 #include <stdio.h> 230 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 231 ]], 232 [[ 233 char x[256]; 234 snprintf(x, sizeof(x), "XXX%d", func(1)); 235 ]])], 236 [ AC_MSG_RESULT([yes]) 237 CFLAGS="$saved_CFLAGS $t" 238 LDFLAGS="$saved_LDFLAGS $t" 239 AC_MSG_CHECKING([if $t works]) 240 AC_RUN_IFELSE( 241 [AC_LANG_PROGRAM([[ 242 #include <stdio.h> 243 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 244 ]], 245 [[ 246 char x[256]; 247 snprintf(x, sizeof(x), "XXX%d", func(1)); 248 ]])], 249 [ AC_MSG_RESULT([yes]) 250 break ], 251 [ AC_MSG_RESULT([no]) ], 252 [ AC_MSG_WARN([cross compiling: cannot test]) 253 break ] 254 ) 255 ], 256 [ AC_MSG_RESULT([no]) ] 257 ) 258 CFLAGS="$saved_CFLAGS" 259 LDFLAGS="$saved_LDFLAGS" 260 done 261 fi 262 263 if test -z "$have_llong_max"; then 264 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 265 unset ac_cv_have_decl_LLONG_MAX 266 saved_CFLAGS="$CFLAGS" 267 CFLAGS="$CFLAGS -std=gnu99" 268 AC_CHECK_DECL([LLONG_MAX], 269 [have_llong_max=1], 270 [CFLAGS="$saved_CFLAGS"], 271 [#include <limits.h>] 272 ) 273 fi 274fi 275 276AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 277AC_COMPILE_IFELSE( 278 [AC_LANG_PROGRAM([[ 279#include <stdlib.h> 280__attribute__((__unused__)) static void foo(void){return;}]], 281 [[ exit(0); ]])], 282 [ AC_MSG_RESULT([yes]) ], 283 [ AC_MSG_RESULT([no]) 284 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 285 [compiler does not accept __attribute__ on return types]) ] 286) 287 288AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 289AC_COMPILE_IFELSE( 290 [AC_LANG_PROGRAM([[ 291#include <stdlib.h> 292typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 293 [[ exit(0); ]])], 294 [ AC_MSG_RESULT([yes]) ], 295 [ AC_MSG_RESULT([no]) 296 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 297 [compiler does not accept __attribute__ on prototype args]) ] 298) 299 300if test "x$no_attrib_nonnull" != "x1" ; then 301 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 302fi 303 304AC_ARG_WITH([rpath], 305 [ --without-rpath Disable auto-added -R linker paths], 306 [ 307 if test "x$withval" = "xno" ; then 308 rpath_opt="" 309 elif test "x$withval" = "xyes" ; then 310 rpath_opt="-R" 311 else 312 rpath_opt="$withval" 313 fi 314 ] 315) 316 317# Allow user to specify flags 318AC_ARG_WITH([cflags], 319 [ --with-cflags Specify additional flags to pass to compiler], 320 [ 321 if test -n "$withval" && test "x$withval" != "xno" && \ 322 test "x${withval}" != "xyes"; then 323 CFLAGS="$CFLAGS $withval" 324 fi 325 ] 326) 327 328AC_ARG_WITH([cflags-after], 329 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 330 [ 331 if test -n "$withval" && test "x$withval" != "xno" && \ 332 test "x${withval}" != "xyes"; then 333 CFLAGS_AFTER="$withval" 334 fi 335 ] 336) 337AC_ARG_WITH([cppflags], 338 [ --with-cppflags Specify additional flags to pass to preprocessor] , 339 [ 340 if test -n "$withval" && test "x$withval" != "xno" && \ 341 test "x${withval}" != "xyes"; then 342 CPPFLAGS="$CPPFLAGS $withval" 343 fi 344 ] 345) 346AC_ARG_WITH([ldflags], 347 [ --with-ldflags Specify additional flags to pass to linker], 348 [ 349 if test -n "$withval" && test "x$withval" != "xno" && \ 350 test "x${withval}" != "xyes"; then 351 LDFLAGS="$LDFLAGS $withval" 352 fi 353 ] 354) 355AC_ARG_WITH([ldflags-after], 356 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 357 [ 358 if test -n "$withval" && test "x$withval" != "xno" && \ 359 test "x${withval}" != "xyes"; then 360 LDFLAGS_AFTER="$withval" 361 fi 362 ] 363) 364AC_ARG_WITH([libs], 365 [ --with-libs Specify additional libraries to link with], 366 [ 367 if test -n "$withval" && test "x$withval" != "xno" && \ 368 test "x${withval}" != "xyes"; then 369 LIBS="$LIBS $withval" 370 fi 371 ] 372) 373AC_ARG_WITH([Werror], 374 [ --with-Werror Build main code with -Werror], 375 [ 376 if test -n "$withval" && test "x$withval" != "xno"; then 377 werror_flags="-Werror" 378 if test "x${withval}" != "xyes"; then 379 werror_flags="$withval" 380 fi 381 fi 382 ] 383) 384 385AC_CHECK_HEADERS([ \ 386 blf.h \ 387 bstring.h \ 388 crypt.h \ 389 crypto/sha2.h \ 390 dirent.h \ 391 endian.h \ 392 elf.h \ 393 err.h \ 394 features.h \ 395 fcntl.h \ 396 floatingpoint.h \ 397 fnmatch.h \ 398 getopt.h \ 399 glob.h \ 400 ia.h \ 401 iaf.h \ 402 ifaddrs.h \ 403 inttypes.h \ 404 langinfo.h \ 405 limits.h \ 406 locale.h \ 407 login.h \ 408 maillock.h \ 409 ndir.h \ 410 net/if_tun.h \ 411 netdb.h \ 412 netgroup.h \ 413 pam/pam_appl.h \ 414 paths.h \ 415 poll.h \ 416 pty.h \ 417 readpassphrase.h \ 418 rpc/types.h \ 419 security/pam_appl.h \ 420 sha2.h \ 421 shadow.h \ 422 stddef.h \ 423 stdint.h \ 424 string.h \ 425 strings.h \ 426 sys/bitypes.h \ 427 sys/byteorder.h \ 428 sys/bsdtty.h \ 429 sys/cdefs.h \ 430 sys/dir.h \ 431 sys/file.h \ 432 sys/mman.h \ 433 sys/label.h \ 434 sys/ndir.h \ 435 sys/poll.h \ 436 sys/prctl.h \ 437 sys/pstat.h \ 438 sys/ptrace.h \ 439 sys/random.h \ 440 sys/select.h \ 441 sys/stat.h \ 442 sys/stream.h \ 443 sys/stropts.h \ 444 sys/strtio.h \ 445 sys/statvfs.h \ 446 sys/sysmacros.h \ 447 sys/time.h \ 448 sys/timers.h \ 449 sys/vfs.h \ 450 time.h \ 451 tmpdir.h \ 452 ttyent.h \ 453 ucred.h \ 454 unistd.h \ 455 usersec.h \ 456 util.h \ 457 utime.h \ 458 utmp.h \ 459 utmpx.h \ 460 vis.h \ 461 wchar.h \ 462]) 463 464# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 465# to be included first. 466AC_CHECK_HEADERS([sys/audit.h], [], [], [ 467#ifdef HAVE_SYS_TIME_H 468# include <sys/time.h> 469#endif 470#ifdef HAVE_SYS_TYPES_H 471# include <sys/types.h> 472#endif 473#ifdef HAVE_SYS_LABEL_H 474# include <sys/label.h> 475#endif 476]) 477 478# sys/capsicum.h requires sys/types.h 479AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ 480#ifdef HAVE_SYS_TYPES_H 481# include <sys/types.h> 482#endif 483]) 484 485# net/route.h requires sys/socket.h and sys/types.h. 486# sys/sysctl.h also requires sys/param.h 487AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 488#ifdef HAVE_SYS_TYPES_H 489# include <sys/types.h> 490#endif 491#include <sys/param.h> 492#include <sys/socket.h> 493]) 494 495# lastlog.h requires sys/time.h to be included first on Solaris 496AC_CHECK_HEADERS([lastlog.h], [], [], [ 497#ifdef HAVE_SYS_TIME_H 498# include <sys/time.h> 499#endif 500]) 501 502# sys/ptms.h requires sys/stream.h to be included first on Solaris 503AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 504#ifdef HAVE_SYS_STREAM_H 505# include <sys/stream.h> 506#endif 507]) 508 509# login_cap.h requires sys/types.h on NetBSD 510AC_CHECK_HEADERS([login_cap.h], [], [], [ 511#include <sys/types.h> 512]) 513 514# older BSDs need sys/param.h before sys/mount.h 515AC_CHECK_HEADERS([sys/mount.h], [], [], [ 516#include <sys/param.h> 517]) 518 519# Android requires sys/socket.h to be included before sys/un.h 520AC_CHECK_HEADERS([sys/un.h], [], [], [ 521#include <sys/types.h> 522#include <sys/socket.h> 523]) 524 525# Messages for features tested for in target-specific section 526SIA_MSG="no" 527SPC_MSG="no" 528SP_MSG="no" 529SPP_MSG="no" 530 531# Support for Solaris/Illumos privileges (this test is used by both 532# the --with-solaris-privs option and --with-sandbox=solaris). 533SOLARIS_PRIVS="no" 534 535AC_CHECK_SIZEOF([size_t]) 536 537# Check for some target-specific stuff 538case "$host" in 539*-*-aix*) 540 # Some versions of VAC won't allow macro redefinitions at 541 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 542 # particularly with older versions of vac or xlc. 543 # It also throws errors about null macro arguments, but these are 544 # not fatal. 545 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 546 AC_COMPILE_IFELSE( 547 [AC_LANG_PROGRAM([[ 548#define testmacro foo 549#define testmacro bar]], 550 [[ exit(0); ]])], 551 [ AC_MSG_RESULT([yes]) ], 552 [ AC_MSG_RESULT([no]) 553 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 554 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 555 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 556 ] 557 ) 558 559 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 560 if (test -z "$blibpath"); then 561 blibpath="/usr/lib:/lib" 562 fi 563 saved_LDFLAGS="$LDFLAGS" 564 if test "$GCC" = "yes"; then 565 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 566 else 567 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 568 fi 569 for tryflags in $flags ;do 570 if (test -z "$blibflags"); then 571 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 572 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 573 [blibflags=$tryflags], []) 574 fi 575 done 576 if (test -z "$blibflags"); then 577 AC_MSG_RESULT([not found]) 578 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 579 else 580 AC_MSG_RESULT([$blibflags]) 581 fi 582 LDFLAGS="$saved_LDFLAGS" 583 dnl Check for authenticate. Might be in libs.a on older AIXes 584 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 585 [Define if you want to enable AIX4's authenticate function])], 586 [AC_CHECK_LIB([s], [authenticate], 587 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 588 LIBS="$LIBS -ls" 589 ]) 590 ]) 591 dnl Check for various auth function declarations in headers. 592 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 593 passwdexpired, setauthdb], , , [#include <usersec.h>]) 594 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 595 AC_CHECK_DECLS([loginfailed], 596 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 597 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 598 [[ (void)loginfailed("user","host","tty",0); ]])], 599 [AC_MSG_RESULT([yes]) 600 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 601 [Define if your AIX loginfailed() function 602 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 603 ])], 604 [], 605 [#include <usersec.h>] 606 ) 607 AC_CHECK_FUNCS([getgrset setauthdb]) 608 AC_CHECK_DECL([F_CLOSEM], 609 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 610 [], 611 [ #include <limits.h> 612 #include <fcntl.h> ] 613 ) 614 check_for_aix_broken_getaddrinfo=1 615 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 616 [Define if your platform breaks doing a seteuid before a setuid]) 617 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 618 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 619 dnl AIX handles lastlog as part of its login message 620 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 621 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 622 [Some systems need a utmpx entry for /bin/login to work]) 623 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 624 [Define to a Set Process Title type if your system is 625 supported by bsd-setproctitle.c]) 626 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 627 [AIX 5.2 and 5.3 (and presumably newer) require this]) 628 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 629 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 630 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 631 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 632 ;; 633*-*-android*) 634 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 635 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 636 ;; 637*-*-cygwin*) 638 check_for_libcrypt_later=1 639 LIBS="$LIBS /usr/lib/textreadmode.o" 640 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 641 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 642 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 643 [Define to disable UID restoration test]) 644 AC_DEFINE([DISABLE_SHADOW], [1], 645 [Define if you want to disable shadow passwords]) 646 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 647 [Define if X11 doesn't support AF_UNIX sockets on that system]) 648 AC_DEFINE([DISABLE_FD_PASSING], [1], 649 [Define if your platform needs to skip post auth 650 file descriptor passing]) 651 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 652 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 653 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 654 # reasons which cause compile warnings, so we disable those warnings. 655 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 656 ;; 657*-*-dgux*) 658 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 659 [Define if your system choked on IP TOS setting]) 660 AC_DEFINE([SETEUID_BREAKS_SETUID]) 661 AC_DEFINE([BROKEN_SETREUID]) 662 AC_DEFINE([BROKEN_SETREGID]) 663 ;; 664*-*-darwin*) 665 use_pie=auto 666 AC_MSG_CHECKING([if we have working getaddrinfo]) 667 AC_RUN_IFELSE([AC_LANG_SOURCE([[ 668#include <mach-o/dyld.h> 669#include <stdlib.h> 670main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 671 exit(0); 672 else 673 exit(1); 674} 675 ]])], 676 [AC_MSG_RESULT([working])], 677 [AC_MSG_RESULT([buggy]) 678 AC_DEFINE([BROKEN_GETADDRINFO], [1], 679 [getaddrinfo is broken (if present)]) 680 ], 681 [AC_MSG_RESULT([assume it is working])]) 682 AC_DEFINE([SETEUID_BREAKS_SETUID]) 683 AC_DEFINE([BROKEN_SETREUID]) 684 AC_DEFINE([BROKEN_SETREGID]) 685 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 686 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 687 [Define if your resolver libs need this for getrrsetbyname]) 688 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 689 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 690 [Use tunnel device compatibility to OpenBSD]) 691 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 692 [Prepend the address family to IP tunnel traffic]) 693 m4_pattern_allow([AU_IPv]) 694 AC_CHECK_DECL([AU_IPv4], [], 695 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 696 [#include <bsm/audit.h>] 697 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 698 [Define if pututxline updates lastlog too]) 699 ) 700 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 701 [Define to a Set Process Title type if your system is 702 supported by bsd-setproctitle.c]) 703 AC_CHECK_FUNCS([sandbox_init]) 704 AC_CHECK_HEADERS([sandbox.h]) 705 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 706 SSHDLIBS="$SSHDLIBS -lsandbox" 707 ]) 708 # proc_pidinfo()-based closefrom() replacement. 709 AC_CHECK_HEADERS([libproc.h]) 710 AC_CHECK_FUNCS([proc_pidinfo]) 711 ;; 712*-*-dragonfly*) 713 SSHDLIBS="$SSHDLIBS -lcrypt" 714 TEST_MALLOC_OPTIONS="AFGJPRX" 715 ;; 716*-*-haiku*) 717 LIBS="$LIBS -lbsd " 718 CFLAGS="$CFLAGS -D_BSD_SOURCE" 719 AC_CHECK_LIB([network], [socket]) 720 AC_DEFINE([HAVE_U_INT64_T]) 721 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 722 MANTYPE=man 723 ;; 724*-*-hpux*) 725 # first we define all of the options common to all HP-UX releases 726 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 727 IPADDR_IN_DISPLAY=yes 728 AC_DEFINE([USE_PIPES]) 729 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 730 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 731 [String used in /etc/passwd to denote locked account]) 732 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 733 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 734 maildir="/var/mail" 735 LIBS="$LIBS -lsec" 736 AC_CHECK_LIB([xnet], [t_error], , 737 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 738 739 # next, we define all of the options specific to major releases 740 case "$host" in 741 *-*-hpux10*) 742 if test -z "$GCC"; then 743 CFLAGS="$CFLAGS -Ae" 744 fi 745 ;; 746 *-*-hpux11*) 747 AC_DEFINE([PAM_SUN_CODEBASE], [1], 748 [Define if you are using Solaris-derived PAM which 749 passes pam_messages to the conversation function 750 with an extra level of indirection]) 751 AC_DEFINE([DISABLE_UTMP], [1], 752 [Define if you don't want to use utmp]) 753 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 754 check_for_hpux_broken_getaddrinfo=1 755 check_for_conflicting_getspnam=1 756 ;; 757 esac 758 759 # lastly, we define options specific to minor releases 760 case "$host" in 761 *-*-hpux10.26) 762 AC_DEFINE([HAVE_SECUREWARE], [1], 763 [Define if you have SecureWare-based 764 protected password database]) 765 disable_ptmx_check=yes 766 LIBS="$LIBS -lsecpw" 767 ;; 768 esac 769 ;; 770*-*-irix5*) 771 PATH="$PATH:/usr/etc" 772 AC_DEFINE([BROKEN_INET_NTOA], [1], 773 [Define if you system's inet_ntoa is busted 774 (e.g. Irix gcc issue)]) 775 AC_DEFINE([SETEUID_BREAKS_SETUID]) 776 AC_DEFINE([BROKEN_SETREUID]) 777 AC_DEFINE([BROKEN_SETREGID]) 778 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 779 [Define if you shouldn't strip 'tty' from your 780 ttyname in [uw]tmp]) 781 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 782 ;; 783*-*-irix6*) 784 PATH="$PATH:/usr/etc" 785 AC_DEFINE([WITH_IRIX_ARRAY], [1], 786 [Define if you have/want arrays 787 (cluster-wide session management, not C arrays)]) 788 AC_DEFINE([WITH_IRIX_PROJECT], [1], 789 [Define if you want IRIX project management]) 790 AC_DEFINE([WITH_IRIX_AUDIT], [1], 791 [Define if you want IRIX audit trails]) 792 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 793 [Define if you want IRIX kernel jobs])]) 794 AC_DEFINE([BROKEN_INET_NTOA]) 795 AC_DEFINE([SETEUID_BREAKS_SETUID]) 796 AC_DEFINE([BROKEN_SETREUID]) 797 AC_DEFINE([BROKEN_SETREGID]) 798 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 799 AC_DEFINE([WITH_ABBREV_NO_TTY]) 800 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 801 ;; 802*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 803 check_for_libcrypt_later=1 804 AC_DEFINE([PAM_TTY_KLUDGE]) 805 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 806 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 807 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 808 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 809 ;; 810*-*-linux*) 811 no_dev_ptmx=1 812 use_pie=auto 813 check_for_libcrypt_later=1 814 check_for_openpty_ctty_bug=1 815 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 816 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 817 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" 818 AC_DEFINE([PAM_TTY_KLUDGE], [1], 819 [Work around problematic Linux PAM modules handling of PAM_TTY]) 820 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 821 [String used in /etc/passwd to denote locked account]) 822 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 823 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 824 [Define to whatever link() returns for "not supported" 825 if it doesn't return EOPNOTSUPP.]) 826 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 827 AC_DEFINE([USE_BTMP]) 828 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 829 inet6_default_4in6=yes 830 case `uname -r` in 831 1.*|2.0.*) 832 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 833 [Define if cmsg_type is not passed correctly]) 834 ;; 835 esac 836 # tun(4) forwarding compat code 837 AC_CHECK_HEADERS([linux/if_tun.h]) 838 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 839 AC_DEFINE([SSH_TUN_LINUX], [1], 840 [Open tunnel devices the Linux tun/tap way]) 841 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 842 [Use tunnel device compatibility to OpenBSD]) 843 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 844 [Prepend the address family to IP tunnel traffic]) 845 fi 846 AC_CHECK_HEADER([linux/if.h], 847 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 848 [Support routing domains using Linux VRF]), [], [ 849#ifdef HAVE_SYS_TYPES_H 850# include <sys/types.h> 851#endif 852 ]) 853 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 854 [], [#include <linux/types.h>]) 855 # Obtain MIPS ABI 856 case "$host" in 857 mips*) 858 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 859#if _MIPS_SIM != _ABIO32 860#error 861#endif 862 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 863#if _MIPS_SIM != _ABIN32 864#error 865#endif 866 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 867#if _MIPS_SIM != _ABI64 868#error 869#endif 870 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 871 ]) 872 ]) 873 ]) 874 ;; 875 esac 876 AC_MSG_CHECKING([for seccomp architecture]) 877 seccomp_audit_arch= 878 case "$host" in 879 x86_64-*) 880 seccomp_audit_arch=AUDIT_ARCH_X86_64 881 # X32: AMD64 instructions in 32bit address space. 882 if test "x$ac_cv_sizeof_size_t" = "x4" ; then 883 seccomp_audit_arch=AUDIT_ARCH_I386 884 fi 885 ;; 886 i*86-*) 887 seccomp_audit_arch=AUDIT_ARCH_I386 888 ;; 889 arm*-*) 890 seccomp_audit_arch=AUDIT_ARCH_ARM 891 ;; 892 aarch64*-*) 893 seccomp_audit_arch=AUDIT_ARCH_AARCH64 894 ;; 895 s390x-*) 896 seccomp_audit_arch=AUDIT_ARCH_S390X 897 ;; 898 s390-*) 899 seccomp_audit_arch=AUDIT_ARCH_S390 900 ;; 901 powerpc64-*) 902 seccomp_audit_arch=AUDIT_ARCH_PPC64 903 ;; 904 powerpc64le-*) 905 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 906 ;; 907 mips-*) 908 seccomp_audit_arch=AUDIT_ARCH_MIPS 909 ;; 910 mipsel-*) 911 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 912 ;; 913 mips64-*) 914 case "$mips_abi" in 915 "n32") 916 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 917 ;; 918 "n64") 919 seccomp_audit_arch=AUDIT_ARCH_MIPS64 920 ;; 921 esac 922 ;; 923 mips64el-*) 924 case "$mips_abi" in 925 "n32") 926 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 927 ;; 928 "n64") 929 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 930 ;; 931 esac 932 ;; 933 riscv64-*) 934 seccomp_audit_arch=AUDIT_ARCH_RISCV64 935 ;; 936 esac 937 if test "x$seccomp_audit_arch" != "x" ; then 938 AC_MSG_RESULT(["$seccomp_audit_arch"]) 939 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 940 [Specify the system call convention in use]) 941 else 942 AC_MSG_RESULT([architecture not supported]) 943 fi 944 ;; 945mips-sony-bsd|mips-sony-newsos4) 946 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 947 SONY=1 948 ;; 949*-*-netbsd*) 950 check_for_libcrypt_before=1 951 if test "x$withval" != "xno" ; then 952 rpath_opt="-R" 953 fi 954 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 955 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 956 AC_CHECK_HEADER([net/if_tap.h], , 957 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 958 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 959 [Prepend the address family to IP tunnel traffic]) 960 TEST_MALLOC_OPTIONS="AJRX" 961 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 962 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 963 ;; 964*-*-freebsd*) 965 check_for_libcrypt_later=1 966 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 967 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 968 AC_CHECK_HEADER([net/if_tap.h], , 969 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 970 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 971 TEST_MALLOC_OPTIONS="AJRX" 972 # Preauth crypto occasionally uses file descriptors for crypto offload 973 # and will crash if they cannot be opened. 974 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 975 [define if setrlimit RLIMIT_NOFILE breaks things]) 976 ;; 977*-*-bsdi*) 978 AC_DEFINE([SETEUID_BREAKS_SETUID]) 979 AC_DEFINE([BROKEN_SETREUID]) 980 AC_DEFINE([BROKEN_SETREGID]) 981 ;; 982*-next-*) 983 conf_lastlog_location="/usr/adm/lastlog" 984 conf_utmp_location=/etc/utmp 985 conf_wtmp_location=/usr/adm/wtmp 986 maildir=/usr/spool/mail 987 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 988 AC_DEFINE([USE_PIPES]) 989 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 990 ;; 991*-*-openbsd*) 992 use_pie=auto 993 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 994 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 995 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 996 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 997 [syslog_r function is safe to use in in a signal handler]) 998 TEST_MALLOC_OPTIONS="AFGJPRX" 999 ;; 1000*-*-solaris*) 1001 if test "x$withval" != "xno" ; then 1002 rpath_opt="-R" 1003 fi 1004 AC_DEFINE([PAM_SUN_CODEBASE]) 1005 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 1006 AC_DEFINE([PAM_TTY_KLUDGE]) 1007 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 1008 [Define if pam_chauthtok wants real uid set 1009 to the unpriv'ed user]) 1010 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1011 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 1012 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 1013 [Define if sshd somehow reacquires a controlling TTY 1014 after setsid()]) 1015 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1016 in case the name is longer than 8 chars]) 1017 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1018 external_path_file=/etc/default/login 1019 # hardwire lastlog location (can't detect it on some versions) 1020 conf_lastlog_location="/var/adm/lastlog" 1021 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1022 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1023 if test "$sol2ver" -ge 8; then 1024 AC_MSG_RESULT([yes]) 1025 AC_DEFINE([DISABLE_UTMP]) 1026 AC_DEFINE([DISABLE_WTMP], [1], 1027 [Define if you don't want to use wtmp]) 1028 else 1029 AC_MSG_RESULT([no]) 1030 fi 1031 AC_CHECK_FUNCS([setpflags]) 1032 AC_CHECK_FUNCS([setppriv]) 1033 AC_CHECK_FUNCS([priv_basicset]) 1034 AC_CHECK_HEADERS([priv.h]) 1035 AC_ARG_WITH([solaris-contracts], 1036 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1037 [ 1038 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1039 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1040 [Define if you have Solaris process contracts]) 1041 LIBS="$LIBS -lcontract" 1042 SPC_MSG="yes" ], ) 1043 ], 1044 ) 1045 AC_ARG_WITH([solaris-projects], 1046 [ --with-solaris-projects Enable Solaris projects (experimental)], 1047 [ 1048 AC_CHECK_LIB([project], [setproject], 1049 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1050 [Define if you have Solaris projects]) 1051 LIBS="$LIBS -lproject" 1052 SP_MSG="yes" ], ) 1053 ], 1054 ) 1055 AC_ARG_WITH([solaris-privs], 1056 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1057 [ 1058 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1059 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1060 "x$ac_cv_header_priv_h" = "xyes" ; then 1061 SOLARIS_PRIVS=yes 1062 AC_MSG_RESULT([found]) 1063 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1064 [Define to disable UID restoration test]) 1065 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1066 [Define if you have Solaris privileges]) 1067 SPP_MSG="yes" 1068 else 1069 AC_MSG_RESULT([not found]) 1070 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1071 fi 1072 ], 1073 ) 1074 TEST_SHELL=$SHELL # let configure find us a capable shell 1075 ;; 1076*-*-sunos4*) 1077 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1078 AC_CHECK_FUNCS([getpwanam]) 1079 AC_DEFINE([PAM_SUN_CODEBASE]) 1080 conf_utmp_location=/etc/utmp 1081 conf_wtmp_location=/var/adm/wtmp 1082 conf_lastlog_location=/var/adm/lastlog 1083 AC_DEFINE([USE_PIPES]) 1084 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1085 ;; 1086*-ncr-sysv*) 1087 LIBS="$LIBS -lc89" 1088 AC_DEFINE([USE_PIPES]) 1089 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1090 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1091 AC_DEFINE([BROKEN_SETREUID]) 1092 AC_DEFINE([BROKEN_SETREGID]) 1093 ;; 1094*-sni-sysv*) 1095 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1096 AC_CHECK_LIB([dl], [dlsym], ,) 1097 # -lresolv needs to be at the end of LIBS or DNS lookups break 1098 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1099 IPADDR_IN_DISPLAY=yes 1100 AC_DEFINE([USE_PIPES]) 1101 AC_DEFINE([IP_TOS_IS_BROKEN]) 1102 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1103 AC_DEFINE([BROKEN_SETREUID]) 1104 AC_DEFINE([BROKEN_SETREGID]) 1105 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1106 external_path_file=/etc/default/login 1107 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1108 # Attention: always take care to bind libsocket and libnsl before libc, 1109 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1110 ;; 1111# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1112*-*-sysv4.2*) 1113 AC_DEFINE([USE_PIPES]) 1114 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1115 AC_DEFINE([BROKEN_SETREUID]) 1116 AC_DEFINE([BROKEN_SETREGID]) 1117 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1118 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1119 TEST_SHELL=$SHELL # let configure find us a capable shell 1120 ;; 1121# UnixWare 7.x, OpenUNIX 8 1122*-*-sysv5*) 1123 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1124 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1125 AC_DEFINE([USE_PIPES]) 1126 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1127 AC_DEFINE([BROKEN_GETADDRINFO]) 1128 AC_DEFINE([BROKEN_SETREUID]) 1129 AC_DEFINE([BROKEN_SETREGID]) 1130 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1131 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1132 TEST_SHELL=$SHELL # let configure find us a capable shell 1133 check_for_libcrypt_later=1 1134 case "$host" in 1135 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1136 maildir=/var/spool/mail 1137 AC_DEFINE([BROKEN_UPDWTMPX]) 1138 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1139 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1140 ], , ) 1141 ;; 1142 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1143 ;; 1144 esac 1145 ;; 1146*-*-sysv*) 1147 ;; 1148# SCO UNIX and OEM versions of SCO UNIX 1149*-*-sco3.2v4*) 1150 AC_MSG_ERROR("This Platform is no longer supported.") 1151 ;; 1152# SCO OpenServer 5.x 1153*-*-sco3.2v5*) 1154 if test -z "$GCC"; then 1155 CFLAGS="$CFLAGS -belf" 1156 fi 1157 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1158 no_dev_ptmx=1 1159 AC_DEFINE([USE_PIPES]) 1160 AC_DEFINE([HAVE_SECUREWARE]) 1161 AC_DEFINE([DISABLE_SHADOW]) 1162 AC_DEFINE([DISABLE_FD_PASSING]) 1163 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1164 AC_DEFINE([BROKEN_GETADDRINFO]) 1165 AC_DEFINE([BROKEN_SETREUID]) 1166 AC_DEFINE([BROKEN_SETREGID]) 1167 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1168 AC_DEFINE([BROKEN_UPDWTMPX]) 1169 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1170 AC_CHECK_FUNCS([getluid setluid]) 1171 MANTYPE=man 1172 TEST_SHELL=$SHELL # let configure find us a capable shell 1173 SKIP_DISABLE_LASTLOG_DEFINE=yes 1174 ;; 1175*-dec-osf*) 1176 AC_MSG_CHECKING([for Digital Unix SIA]) 1177 no_osfsia="" 1178 AC_ARG_WITH([osfsia], 1179 [ --with-osfsia Enable Digital Unix SIA], 1180 [ 1181 if test "x$withval" = "xno" ; then 1182 AC_MSG_RESULT([disabled]) 1183 no_osfsia=1 1184 fi 1185 ], 1186 ) 1187 if test -z "$no_osfsia" ; then 1188 if test -f /etc/sia/matrix.conf; then 1189 AC_MSG_RESULT([yes]) 1190 AC_DEFINE([HAVE_OSF_SIA], [1], 1191 [Define if you have Digital Unix Security 1192 Integration Architecture]) 1193 AC_DEFINE([DISABLE_LOGIN], [1], 1194 [Define if you don't want to use your 1195 system's login() call]) 1196 AC_DEFINE([DISABLE_FD_PASSING]) 1197 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1198 SIA_MSG="yes" 1199 else 1200 AC_MSG_RESULT([no]) 1201 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1202 [String used in /etc/passwd to denote locked account]) 1203 fi 1204 fi 1205 AC_DEFINE([BROKEN_GETADDRINFO]) 1206 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1207 AC_DEFINE([BROKEN_SETREUID]) 1208 AC_DEFINE([BROKEN_SETREGID]) 1209 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1210 ;; 1211 1212*-*-nto-qnx*) 1213 AC_DEFINE([USE_PIPES]) 1214 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1215 AC_DEFINE([DISABLE_LASTLOG]) 1216 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1217 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1218 enable_etc_default_login=no # has incompatible /etc/default/login 1219 case "$host" in 1220 *-*-nto-qnx6*) 1221 AC_DEFINE([DISABLE_FD_PASSING]) 1222 ;; 1223 esac 1224 ;; 1225 1226*-*-ultrix*) 1227 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1228 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1229 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1230 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1231 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1232 # don't get a controlling tty. 1233 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1234 # On Ultrix some headers are not protected against multiple includes, 1235 # so we create wrappers and put it where the compiler will find it. 1236 AC_MSG_WARN([creating compat wrappers for headers]) 1237 mkdir -p netinet 1238 for header in netinet/ip.h netdb.h resolv.h; do 1239 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1240 cat >$header <<EOD 1241#ifndef _SSH_COMPAT_${name} 1242#define _SSH_COMPAT_${name} 1243#include "/usr/include/${header}" 1244#endif 1245EOD 1246 done 1247 ;; 1248 1249*-*-lynxos) 1250 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1251 AC_DEFINE([BROKEN_SETVBUF], [1], 1252 [LynxOS has broken setvbuf() implementation]) 1253 ;; 1254esac 1255 1256AC_MSG_CHECKING([compiler and flags for sanity]) 1257AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])], 1258 [ AC_MSG_RESULT([yes]) ], 1259 [ 1260 AC_MSG_RESULT([no]) 1261 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1262 ], 1263 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1264) 1265 1266dnl Checks for header files. 1267# Checks for libraries. 1268AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1269 1270dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1271AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1272 AC_CHECK_LIB([gen], [dirname], [ 1273 AC_CACHE_CHECK([for broken dirname], 1274 ac_cv_have_broken_dirname, [ 1275 save_LIBS="$LIBS" 1276 LIBS="$LIBS -lgen" 1277 AC_RUN_IFELSE( 1278 [AC_LANG_SOURCE([[ 1279#include <libgen.h> 1280#include <string.h> 1281#include <stdlib.h> 1282 1283int main(int argc, char **argv) { 1284 char *s, buf[32]; 1285 1286 strncpy(buf,"/etc", 32); 1287 s = dirname(buf); 1288 if (!s || strncmp(s, "/", 32) != 0) { 1289 exit(1); 1290 } else { 1291 exit(0); 1292 } 1293} 1294 ]])], 1295 [ ac_cv_have_broken_dirname="no" ], 1296 [ ac_cv_have_broken_dirname="yes" ], 1297 [ ac_cv_have_broken_dirname="no" ], 1298 ) 1299 LIBS="$save_LIBS" 1300 ]) 1301 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1302 LIBS="$LIBS -lgen" 1303 AC_DEFINE([HAVE_DIRNAME]) 1304 AC_CHECK_HEADERS([libgen.h]) 1305 fi 1306 ]) 1307]) 1308 1309AC_CHECK_FUNC([getspnam], , 1310 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1311AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1312 [Define if you have the basename function.])]) 1313 1314dnl zlib defaults to enabled 1315zlib=yes 1316AC_ARG_WITH([zlib], 1317 [ --with-zlib=PATH Use zlib in PATH], 1318 [ if test "x$withval" = "xno" ; then 1319 zlib=no 1320 elif test "x$withval" != "xyes"; then 1321 if test -d "$withval/lib"; then 1322 if test -n "${rpath_opt}"; then 1323 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1324 else 1325 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1326 fi 1327 else 1328 if test -n "${rpath_opt}"; then 1329 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1330 else 1331 LDFLAGS="-L${withval} ${LDFLAGS}" 1332 fi 1333 fi 1334 if test -d "$withval/include"; then 1335 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1336 else 1337 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1338 fi 1339 fi ] 1340) 1341 1342AC_MSG_CHECKING([for zlib]) 1343if test "x${zlib}" = "xno"; then 1344 AC_MSG_RESULT([no]) 1345else 1346 AC_MSG_RESULT([yes]) 1347 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1348 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1349 AC_CHECK_LIB([z], [deflate], , 1350 [ 1351 saved_CPPFLAGS="$CPPFLAGS" 1352 saved_LDFLAGS="$LDFLAGS" 1353 save_LIBS="$LIBS" 1354 dnl Check default zlib install dir 1355 if test -n "${rpath_opt}"; then 1356 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1357 else 1358 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1359 fi 1360 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1361 LIBS="$LIBS -lz" 1362 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1363 [ 1364 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1365 ] 1366 ) 1367 ] 1368 ) 1369 1370 AC_ARG_WITH([zlib-version-check], 1371 [ --without-zlib-version-check Disable zlib version check], 1372 [ if test "x$withval" = "xno" ; then 1373 zlib_check_nonfatal=1 1374 fi 1375 ] 1376 ) 1377 1378 AC_MSG_CHECKING([for possibly buggy zlib]) 1379 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1380#include <stdio.h> 1381#include <stdlib.h> 1382#include <zlib.h> 1383 ]], 1384 [[ 1385 int a=0, b=0, c=0, d=0, n, v; 1386 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1387 if (n != 3 && n != 4) 1388 exit(1); 1389 v = a*1000000 + b*10000 + c*100 + d; 1390 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1391 1392 /* 1.1.4 is OK */ 1393 if (a == 1 && b == 1 && c >= 4) 1394 exit(0); 1395 1396 /* 1.2.3 and up are OK */ 1397 if (v >= 1020300) 1398 exit(0); 1399 1400 exit(2); 1401 ]])], 1402 AC_MSG_RESULT([no]), 1403 [ AC_MSG_RESULT([yes]) 1404 if test -z "$zlib_check_nonfatal" ; then 1405 AC_MSG_ERROR([*** zlib too old - check config.log *** 1406Your reported zlib version has known security problems. It's possible your 1407vendor has fixed these problems without changing the version number. If you 1408are sure this is the case, you can disable the check by running 1409"./configure --without-zlib-version-check". 1410If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1411See http://www.gzip.org/zlib/ for details.]) 1412 else 1413 AC_MSG_WARN([zlib version may have security problems]) 1414 fi 1415 ], 1416 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1417 ) 1418fi 1419 1420dnl UnixWare 2.x 1421AC_CHECK_FUNC([strcasecmp], 1422 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1423) 1424AC_CHECK_FUNCS([utimes], 1425 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1426 LIBS="$LIBS -lc89"]) ] 1427) 1428 1429dnl Checks for libutil functions 1430AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1431AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1432AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1433AC_SEARCH_LIBS([login], [util bsd]) 1434AC_SEARCH_LIBS([logout], [util bsd]) 1435AC_SEARCH_LIBS([logwtmp], [util bsd]) 1436AC_SEARCH_LIBS([openpty], [util bsd]) 1437AC_SEARCH_LIBS([updwtmp], [util bsd]) 1438AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1439 1440# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1441# or libnsl. 1442AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1443AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1444 1445# "Particular Function Checks" 1446# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1447AC_FUNC_STRFTIME 1448AC_FUNC_MALLOC 1449AC_FUNC_REALLOC 1450# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1451AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1452AC_RUN_IFELSE( 1453 [AC_LANG_PROGRAM( 1454 [[ #include <stdlib.h> ]], 1455 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1456 )], 1457 [ func_calloc_0_nonnull=yes ], 1458 [ func_calloc_0_nonnull=no ], 1459 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1460 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1461) 1462AC_MSG_RESULT([$func_calloc_0_nonnull]) 1463 1464if test "x$func_calloc_0_nonnull" = "xyes"; then 1465 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1466else 1467 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1468 AC_DEFINE(calloc, rpl_calloc, 1469 [Define to rpl_calloc if the replacement function should be used.]) 1470fi 1471 1472# Check for ALTDIRFUNC glob() extension 1473AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1474AC_EGREP_CPP([FOUNDIT], 1475 [ 1476 #include <glob.h> 1477 #ifdef GLOB_ALTDIRFUNC 1478 FOUNDIT 1479 #endif 1480 ], 1481 [ 1482 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1483 [Define if your system glob() function has 1484 the GLOB_ALTDIRFUNC extension]) 1485 AC_MSG_RESULT([yes]) 1486 ], 1487 [ 1488 AC_MSG_RESULT([no]) 1489 ] 1490) 1491 1492# Check for g.gl_matchc glob() extension 1493AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1494AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1495 [[ glob_t g; g.gl_matchc = 1; ]])], 1496 [ 1497 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1498 [Define if your system glob() function has 1499 gl_matchc options in glob_t]) 1500 AC_MSG_RESULT([yes]) 1501 ], [ 1502 AC_MSG_RESULT([no]) 1503]) 1504 1505# Check for g.gl_statv glob() extension 1506AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1507AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1508#ifndef GLOB_KEEPSTAT 1509#error "glob does not support GLOB_KEEPSTAT extension" 1510#endif 1511glob_t g; 1512g.gl_statv = NULL; 1513]])], 1514 [ 1515 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1516 [Define if your system glob() function has 1517 gl_statv options in glob_t]) 1518 AC_MSG_RESULT([yes]) 1519 ], [ 1520 AC_MSG_RESULT([no]) 1521 1522]) 1523 1524AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1525 1526AC_CHECK_DECL([VIS_ALL], , 1527 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1528 1529AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1530AC_RUN_IFELSE( 1531 [AC_LANG_PROGRAM([[ 1532#include <sys/types.h> 1533#include <dirent.h> 1534#include <stdlib.h> 1535 ]], 1536 [[ 1537 struct dirent d; 1538 exit(sizeof(d.d_name)<=sizeof(char)); 1539 ]])], 1540 [AC_MSG_RESULT([yes])], 1541 [ 1542 AC_MSG_RESULT([no]) 1543 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1544 [Define if your struct dirent expects you to 1545 allocate extra space for d_name]) 1546 ], 1547 [ 1548 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1549 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1550 ] 1551) 1552 1553AC_MSG_CHECKING([for /proc/pid/fd directory]) 1554if test -d "/proc/$$/fd" ; then 1555 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1556 AC_MSG_RESULT([yes]) 1557else 1558 AC_MSG_RESULT([no]) 1559fi 1560 1561# Check whether user wants to use ldns 1562LDNS_MSG="no" 1563AC_ARG_WITH(ldns, 1564 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1565 [ 1566 ldns="" 1567 if test "x$withval" = "xyes" ; then 1568 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1569 if test "x$LDNSCONFIG" = "xno"; then 1570 LIBS="-lldns $LIBS" 1571 ldns=yes 1572 else 1573 LIBS="$LIBS `$LDNSCONFIG --libs`" 1574 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1575 ldns=yes 1576 fi 1577 elif test "x$withval" != "xno" ; then 1578 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1579 LDFLAGS="$LDFLAGS -L${withval}/lib" 1580 LIBS="-lldns $LIBS" 1581 ldns=yes 1582 fi 1583 1584 # Verify that it works. 1585 if test "x$ldns" = "xyes" ; then 1586 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1587 LDNS_MSG="yes" 1588 AC_MSG_CHECKING([for ldns support]) 1589 AC_LINK_IFELSE( 1590 [AC_LANG_SOURCE([[ 1591#include <stdio.h> 1592#include <stdlib.h> 1593#ifdef HAVE_STDINT_H 1594# include <stdint.h> 1595#endif 1596#include <ldns/ldns.h> 1597int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1598 ]]) 1599 ], 1600 [AC_MSG_RESULT(yes)], 1601 [ 1602 AC_MSG_RESULT(no) 1603 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1604 ]) 1605 fi 1606]) 1607 1608# Check whether user wants libedit support 1609LIBEDIT_MSG="no" 1610AC_ARG_WITH([libedit], 1611 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1612 [ if test "x$withval" != "xno" ; then 1613 if test "x$withval" = "xyes" ; then 1614 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1615 if test "x$PKGCONFIG" != "xno"; then 1616 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1617 if "$PKGCONFIG" libedit; then 1618 AC_MSG_RESULT([yes]) 1619 use_pkgconfig_for_libedit=yes 1620 else 1621 AC_MSG_RESULT([no]) 1622 fi 1623 fi 1624 else 1625 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1626 if test -n "${rpath_opt}"; then 1627 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1628 else 1629 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1630 fi 1631 fi 1632 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1633 LIBEDIT=`$PKGCONFIG --libs libedit` 1634 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1635 else 1636 LIBEDIT="-ledit -lcurses" 1637 fi 1638 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1639 AC_CHECK_LIB([edit], [el_init], 1640 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1641 LIBEDIT_MSG="yes" 1642 AC_SUBST([LIBEDIT]) 1643 ], 1644 [ AC_MSG_ERROR([libedit not found]) ], 1645 [ $OTHERLIBS ] 1646 ) 1647 AC_MSG_CHECKING([if libedit version is compatible]) 1648 AC_COMPILE_IFELSE( 1649 [AC_LANG_PROGRAM([[ 1650#include <histedit.h> 1651#include <stdlib.h> 1652 ]], 1653 [[ 1654 int i = H_SETSIZE; 1655 el_init("", NULL, NULL, NULL); 1656 exit(0); 1657 ]])], 1658 [ AC_MSG_RESULT([yes]) ], 1659 [ AC_MSG_RESULT([no]) 1660 AC_MSG_ERROR([libedit version is not compatible]) ] 1661 ) 1662 fi ] 1663) 1664 1665AUDIT_MODULE=none 1666AC_ARG_WITH([audit], 1667 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1668 [ 1669 AC_MSG_CHECKING([for supported audit module]) 1670 case "$withval" in 1671 bsm) 1672 AC_MSG_RESULT([bsm]) 1673 AUDIT_MODULE=bsm 1674 dnl Checks for headers, libs and functions 1675 AC_CHECK_HEADERS([bsm/audit.h], [], 1676 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1677 [ 1678#ifdef HAVE_TIME_H 1679# include <time.h> 1680#endif 1681 ] 1682) 1683 AC_CHECK_LIB([bsm], [getaudit], [], 1684 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1685 AC_CHECK_FUNCS([getaudit], [], 1686 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1687 # These are optional 1688 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1689 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1690 if test "$sol2ver" -ge 11; then 1691 SSHDLIBS="$SSHDLIBS -lscf" 1692 AC_DEFINE([BROKEN_BSM_API], [1], 1693 [The system has incomplete BSM API]) 1694 fi 1695 ;; 1696 linux) 1697 AC_MSG_RESULT([linux]) 1698 AUDIT_MODULE=linux 1699 dnl Checks for headers, libs and functions 1700 AC_CHECK_HEADERS([libaudit.h]) 1701 SSHDLIBS="$SSHDLIBS -laudit" 1702 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1703 ;; 1704 debug) 1705 AUDIT_MODULE=debug 1706 AC_MSG_RESULT([debug]) 1707 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1708 ;; 1709 no) 1710 AC_MSG_RESULT([no]) 1711 ;; 1712 *) 1713 AC_MSG_ERROR([Unknown audit module $withval]) 1714 ;; 1715 esac ] 1716) 1717 1718AC_ARG_WITH([pie], 1719 [ --with-pie Build Position Independent Executables if possible], [ 1720 if test "x$withval" = "xno"; then 1721 use_pie=no 1722 fi 1723 if test "x$withval" = "xyes"; then 1724 use_pie=yes 1725 fi 1726 ] 1727) 1728if test "x$use_pie" = "x"; then 1729 use_pie=no 1730fi 1731if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1732 # Turn off automatic PIE when toolchain hardening is off. 1733 use_pie=no 1734fi 1735if test "x$use_pie" = "xauto"; then 1736 # Automatic PIE requires gcc >= 4.x 1737 AC_MSG_CHECKING([for gcc >= 4.x]) 1738 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1739#if !defined(__GNUC__) || __GNUC__ < 4 1740#error gcc is too old 1741#endif 1742]])], 1743 [ AC_MSG_RESULT([yes]) ], 1744 [ AC_MSG_RESULT([no]) 1745 use_pie=no ] 1746) 1747fi 1748if test "x$use_pie" != "xno"; then 1749 SAVED_CFLAGS="$CFLAGS" 1750 SAVED_LDFLAGS="$LDFLAGS" 1751 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1752 OSSH_CHECK_LDFLAG_LINK([-pie]) 1753 # We use both -fPIE and -pie or neither. 1754 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1755 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1756 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1757 AC_MSG_RESULT([yes]) 1758 else 1759 AC_MSG_RESULT([no]) 1760 CFLAGS="$SAVED_CFLAGS" 1761 LDFLAGS="$SAVED_LDFLAGS" 1762 fi 1763fi 1764 1765AC_MSG_CHECKING([whether -fPIC is accepted]) 1766SAVED_CFLAGS="$CFLAGS" 1767CFLAGS="$CFLAGS -fPIC" 1768AC_COMPILE_IFELSE( 1769 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1770 [AC_MSG_RESULT([yes]) 1771 PICFLAG="-fPIC"; ], 1772 [AC_MSG_RESULT([no]) 1773 PICFLAG=""; ]) 1774CFLAGS="$SAVED_CFLAGS" 1775AC_SUBST([PICFLAG]) 1776 1777dnl Checks for library functions. Please keep in alphabetical order 1778AC_CHECK_FUNCS([ \ 1779 Blowfish_initstate \ 1780 Blowfish_expandstate \ 1781 Blowfish_expand0state \ 1782 Blowfish_stream2word \ 1783 SHA256Update \ 1784 SHA384Update \ 1785 SHA512Update \ 1786 asprintf \ 1787 b64_ntop \ 1788 __b64_ntop \ 1789 b64_pton \ 1790 __b64_pton \ 1791 bcopy \ 1792 bcrypt_pbkdf \ 1793 bindresvport_sa \ 1794 blf_enc \ 1795 bzero \ 1796 cap_rights_limit \ 1797 clock \ 1798 closefrom \ 1799 dirfd \ 1800 endgrent \ 1801 err \ 1802 errx \ 1803 explicit_bzero \ 1804 fchmod \ 1805 fchmodat \ 1806 fchown \ 1807 fchownat \ 1808 flock \ 1809 fnmatch \ 1810 freeaddrinfo \ 1811 freezero \ 1812 fstatfs \ 1813 fstatvfs \ 1814 futimes \ 1815 getaddrinfo \ 1816 getcwd \ 1817 getgrouplist \ 1818 getline \ 1819 getnameinfo \ 1820 getopt \ 1821 getpagesize \ 1822 getpeereid \ 1823 getpeerucred \ 1824 getpgid \ 1825 _getpty \ 1826 getrlimit \ 1827 getrandom \ 1828 getsid \ 1829 getttyent \ 1830 glob \ 1831 group_from_gid \ 1832 inet_aton \ 1833 inet_ntoa \ 1834 inet_ntop \ 1835 innetgr \ 1836 llabs \ 1837 localtime_r \ 1838 login_getcapbool \ 1839 md5_crypt \ 1840 memmem \ 1841 memmove \ 1842 memset_s \ 1843 mkdtemp \ 1844 ngetaddrinfo \ 1845 nsleep \ 1846 ogetaddrinfo \ 1847 openlog_r \ 1848 pledge \ 1849 poll \ 1850 prctl \ 1851 pstat \ 1852 raise \ 1853 readpassphrase \ 1854 reallocarray \ 1855 realpath \ 1856 recvmsg \ 1857 recallocarray \ 1858 rresvport_af \ 1859 sendmsg \ 1860 setdtablesize \ 1861 setegid \ 1862 setenv \ 1863 seteuid \ 1864 setgroupent \ 1865 setgroups \ 1866 setlinebuf \ 1867 setlogin \ 1868 setpassent\ 1869 setpcred \ 1870 setproctitle \ 1871 setregid \ 1872 setreuid \ 1873 setrlimit \ 1874 setsid \ 1875 setvbuf \ 1876 sigaction \ 1877 sigvec \ 1878 snprintf \ 1879 socketpair \ 1880 statfs \ 1881 statvfs \ 1882 strcasestr \ 1883 strdup \ 1884 strerror \ 1885 strlcat \ 1886 strlcpy \ 1887 strmode \ 1888 strndup \ 1889 strnlen \ 1890 strnvis \ 1891 strptime \ 1892 strsignal \ 1893 strtonum \ 1894 strtoll \ 1895 strtoul \ 1896 strtoull \ 1897 swap32 \ 1898 sysconf \ 1899 tcgetpgrp \ 1900 timingsafe_bcmp \ 1901 truncate \ 1902 unsetenv \ 1903 updwtmpx \ 1904 utimensat \ 1905 user_from_uid \ 1906 usleep \ 1907 vasprintf \ 1908 vsnprintf \ 1909 waitpid \ 1910 warn \ 1911]) 1912 1913AC_CHECK_DECLS([bzero, memmem]) 1914 1915dnl Wide character support. 1916AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1917 1918TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 1919AC_MSG_CHECKING([for utf8 locale support]) 1920AC_RUN_IFELSE( 1921 [AC_LANG_PROGRAM([[ 1922#include <locale.h> 1923#include <stdlib.h> 1924 ]], [[ 1925 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 1926 if (loc != NULL) 1927 exit(0); 1928 exit(1); 1929 ]])], 1930 AC_MSG_RESULT(yes), 1931 [AC_MSG_RESULT(no) 1932 TEST_SSH_UTF8=no], 1933 AC_MSG_WARN([cross compiling: assuming yes]) 1934) 1935 1936AC_LINK_IFELSE( 1937 [AC_LANG_PROGRAM( 1938 [[ #include <ctype.h> ]], 1939 [[ return (isblank('a')); ]])], 1940 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1941]) 1942 1943disable_pkcs11= 1944AC_ARG_ENABLE([pkcs11], 1945 [ --disable-pkcs11 disable PKCS#11 support code [no]], 1946 [ 1947 if test "x$enableval" = "xno" ; then 1948 disable_pkcs11=1 1949 fi 1950 ] 1951) 1952 1953disable_sk= 1954AC_ARG_ENABLE([security-key], 1955 [ --disable-security-key disable U2F/FIDO support code [no]], 1956 [ 1957 if test "x$enableval" = "xno" ; then 1958 disable_sk=1 1959 fi 1960 ] 1961) 1962enable_sk_internal= 1963AC_ARG_WITH([security-key-builtin], 1964 [ --with-security-key-builtin include builtin U2F/FIDO support], 1965 [ 1966 if test "x$withval" != "xno" ; then 1967 enable_sk_internal=yes 1968 fi 1969 ] 1970) 1971test "x$disable_sk" != "x" && enable_sk_internal="" 1972 1973AC_SEARCH_LIBS([dlopen], [dl]) 1974AC_CHECK_FUNCS([dlopen]) 1975AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 1976 1977# IRIX has a const char return value for gai_strerror() 1978AC_CHECK_FUNCS([gai_strerror], [ 1979 AC_DEFINE([HAVE_GAI_STRERROR]) 1980 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1981#include <sys/types.h> 1982#include <sys/socket.h> 1983#include <netdb.h> 1984 1985const char *gai_strerror(int); 1986 ]], [[ 1987 char *str; 1988 str = gai_strerror(0); 1989 ]])], [ 1990 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1991 [Define if gai_strerror() returns const char *])], [])]) 1992 1993AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1994 [Some systems put nanosleep outside of libc])]) 1995 1996AC_SEARCH_LIBS([clock_gettime], [rt], 1997 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1998 1999dnl check if we need -D_REENTRANT for localtime_r declaration. 2000AC_CHECK_DECL([localtime_r], [], 2001 [ saved_CPPFLAGS="$CFLAGS" 2002 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 2003 unset ac_cv_have_decl_localtime_r 2004 AC_CHECK_DECL([localtime_r], [], 2005 [ CPPFLAGS="$saved_CPPFLAGS" ], 2006 [ #include <time.h> ] 2007 ) 2008 ], 2009 [ #include <time.h> ] 2010) 2011 2012dnl Make sure prototypes are defined for these before using them. 2013AC_CHECK_DECL([strsep], 2014 [AC_CHECK_FUNCS([strsep])], 2015 [], 2016 [ 2017#ifdef HAVE_STRING_H 2018# include <string.h> 2019#endif 2020 ]) 2021 2022dnl tcsendbreak might be a macro 2023AC_CHECK_DECL([tcsendbreak], 2024 [AC_DEFINE([HAVE_TCSENDBREAK])], 2025 [AC_CHECK_FUNCS([tcsendbreak])], 2026 [#include <termios.h>] 2027) 2028 2029AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2030 2031AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2032 [ 2033#include <sys/types.h> 2034#include <sys/socket.h> 2035#include <unistd.h> 2036 ]) 2037 2038AC_CHECK_DECLS([O_NONBLOCK], , , 2039 [ 2040#include <sys/types.h> 2041#ifdef HAVE_SYS_STAT_H 2042# include <sys/stat.h> 2043#endif 2044#ifdef HAVE_FCNTL_H 2045# include <fcntl.h> 2046#endif 2047 ]) 2048 2049AC_CHECK_DECLS([readv, writev], , , [ 2050#include <sys/types.h> 2051#include <sys/uio.h> 2052#include <unistd.h> 2053 ]) 2054 2055AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2056#include <sys/param.h> 2057 ]) 2058 2059AC_CHECK_DECLS([offsetof], , , [ 2060#include <stddef.h> 2061 ]) 2062 2063# extra bits for select(2) 2064AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2065#include <sys/param.h> 2066#include <sys/types.h> 2067#ifdef HAVE_SYS_SYSMACROS_H 2068#include <sys/sysmacros.h> 2069#endif 2070#ifdef HAVE_SYS_SELECT_H 2071#include <sys/select.h> 2072#endif 2073#ifdef HAVE_SYS_TIME_H 2074#include <sys/time.h> 2075#endif 2076#ifdef HAVE_UNISTD_H 2077#include <unistd.h> 2078#endif 2079 ]]) 2080AC_CHECK_TYPES([fd_mask], [], [], [[ 2081#include <sys/param.h> 2082#include <sys/types.h> 2083#ifdef HAVE_SYS_SELECT_H 2084#include <sys/select.h> 2085#endif 2086#ifdef HAVE_SYS_TIME_H 2087#include <sys/time.h> 2088#endif 2089#ifdef HAVE_UNISTD_H 2090#include <unistd.h> 2091#endif 2092 ]]) 2093 2094AC_CHECK_FUNCS([setresuid], [ 2095 dnl Some platorms have setresuid that isn't implemented, test for this 2096 AC_MSG_CHECKING([if setresuid seems to work]) 2097 AC_RUN_IFELSE( 2098 [AC_LANG_PROGRAM([[ 2099#include <stdlib.h> 2100#include <errno.h> 2101 ]], [[ 2102 errno=0; 2103 setresuid(0,0,0); 2104 if (errno==ENOSYS) 2105 exit(1); 2106 else 2107 exit(0); 2108 ]])], 2109 [AC_MSG_RESULT([yes])], 2110 [AC_DEFINE([BROKEN_SETRESUID], [1], 2111 [Define if your setresuid() is broken]) 2112 AC_MSG_RESULT([not implemented])], 2113 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2114 ) 2115]) 2116 2117AC_CHECK_FUNCS([setresgid], [ 2118 dnl Some platorms have setresgid that isn't implemented, test for this 2119 AC_MSG_CHECKING([if setresgid seems to work]) 2120 AC_RUN_IFELSE( 2121 [AC_LANG_PROGRAM([[ 2122#include <stdlib.h> 2123#include <errno.h> 2124 ]], [[ 2125 errno=0; 2126 setresgid(0,0,0); 2127 if (errno==ENOSYS) 2128 exit(1); 2129 else 2130 exit(0); 2131 ]])], 2132 [AC_MSG_RESULT([yes])], 2133 [AC_DEFINE([BROKEN_SETRESGID], [1], 2134 [Define if your setresgid() is broken]) 2135 AC_MSG_RESULT([not implemented])], 2136 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2137 ) 2138]) 2139 2140AC_MSG_CHECKING([for working fflush(NULL)]) 2141AC_RUN_IFELSE( 2142 [AC_LANG_PROGRAM([[ 2143#include <stdio.h> 2144#include <stdlib.h> 2145 ]], 2146 [[fflush(NULL); exit(0);]])], 2147 AC_MSG_RESULT([yes]), 2148 [AC_MSG_RESULT([no]) 2149 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2150 [define if fflush(NULL) does not work])], 2151 AC_MSG_WARN([cross compiling: assuming working]) 2152) 2153 2154dnl Checks for time functions 2155AC_CHECK_FUNCS([gettimeofday time]) 2156dnl Checks for utmp functions 2157AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2158AC_CHECK_FUNCS([utmpname]) 2159dnl Checks for utmpx functions 2160AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2161AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2162dnl Checks for lastlog functions 2163AC_CHECK_FUNCS([getlastlogxbyname]) 2164 2165AC_CHECK_FUNC([daemon], 2166 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2167 [AC_CHECK_LIB([bsd], [daemon], 2168 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2169) 2170 2171AC_CHECK_FUNC([getpagesize], 2172 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2173 [Define if your libraries define getpagesize()])], 2174 [AC_CHECK_LIB([ucb], [getpagesize], 2175 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2176) 2177 2178# Check for broken snprintf 2179if test "x$ac_cv_func_snprintf" = "xyes" ; then 2180 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2181 AC_RUN_IFELSE( 2182 [AC_LANG_PROGRAM([[ 2183#include <stdio.h> 2184#include <stdlib.h> 2185 ]], 2186 [[ 2187 char b[5]; 2188 snprintf(b,5,"123456789"); 2189 exit(b[4]!='\0'); 2190 ]])], 2191 [AC_MSG_RESULT([yes])], 2192 [ 2193 AC_MSG_RESULT([no]) 2194 AC_DEFINE([BROKEN_SNPRINTF], [1], 2195 [Define if your snprintf is busted]) 2196 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2197 ], 2198 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2199 ) 2200fi 2201 2202if test "x$ac_cv_func_snprintf" = "xyes" ; then 2203 AC_MSG_CHECKING([whether snprintf understands %zu]) 2204 AC_RUN_IFELSE( 2205 [AC_LANG_PROGRAM([[ 2206#include <sys/types.h> 2207#include <stdio.h> 2208#include <stdlib.h> 2209#include <string.h> 2210 ]], 2211 [[ 2212 size_t a = 1, b = 2; 2213 char z[128]; 2214 snprintf(z, sizeof z, "%zu%zu", a, b); 2215 exit(strcmp(z, "12")); 2216 ]])], 2217 [AC_MSG_RESULT([yes])], 2218 [ 2219 AC_MSG_RESULT([no]) 2220 AC_DEFINE([BROKEN_SNPRINTF], [1], 2221 [snprintf does not understand %zu]) 2222 ], 2223 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2224 ) 2225fi 2226 2227# We depend on vsnprintf returning the right thing on overflow: the 2228# number of characters it tried to create (as per SUSv3) 2229if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2230 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2231 AC_RUN_IFELSE( 2232 [AC_LANG_PROGRAM([[ 2233#include <sys/types.h> 2234#include <stdio.h> 2235#include <stdarg.h> 2236 2237int x_snprintf(char *str, size_t count, const char *fmt, ...) 2238{ 2239 size_t ret; 2240 va_list ap; 2241 2242 va_start(ap, fmt); 2243 ret = vsnprintf(str, count, fmt, ap); 2244 va_end(ap); 2245 return ret; 2246} 2247 ]], [[ 2248char x[1]; 2249if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2250 return 1; 2251if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2252 return 1; 2253return 0; 2254 ]])], 2255 [AC_MSG_RESULT([yes])], 2256 [ 2257 AC_MSG_RESULT([no]) 2258 AC_DEFINE([BROKEN_SNPRINTF], [1], 2259 [Define if your snprintf is busted]) 2260 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2261 ], 2262 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2263 ) 2264fi 2265 2266# On systems where [v]snprintf is broken, but is declared in stdio, 2267# check that the fmt argument is const char * or just char *. 2268# This is only useful for when BROKEN_SNPRINTF 2269AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2270AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2271#include <stdio.h> 2272int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2273 ]], [[ 2274 snprintf(0, 0, 0); 2275 ]])], 2276 [AC_MSG_RESULT([yes]) 2277 AC_DEFINE([SNPRINTF_CONST], [const], 2278 [Define as const if snprintf() can declare const char *fmt])], 2279 [AC_MSG_RESULT([no]) 2280 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2281 2282# Check for missing getpeereid (or equiv) support 2283NO_PEERCHECK="" 2284if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2285 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2286 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2287#include <sys/types.h> 2288#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2289 [ AC_MSG_RESULT([yes]) 2290 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2291 ], [AC_MSG_RESULT([no]) 2292 NO_PEERCHECK=1 2293 ]) 2294fi 2295 2296dnl make sure that openpty does not reacquire controlling terminal 2297if test ! -z "$check_for_openpty_ctty_bug"; then 2298 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2299 AC_RUN_IFELSE( 2300 [AC_LANG_PROGRAM([[ 2301#include <stdio.h> 2302#include <stdlib.h> 2303#include <unistd.h> 2304#include <sys/fcntl.h> 2305#include <sys/types.h> 2306#include <sys/wait.h> 2307 ]], [[ 2308 pid_t pid; 2309 int fd, ptyfd, ttyfd, status; 2310 2311 pid = fork(); 2312 if (pid < 0) { /* failed */ 2313 exit(1); 2314 } else if (pid > 0) { /* parent */ 2315 waitpid(pid, &status, 0); 2316 if (WIFEXITED(status)) 2317 exit(WEXITSTATUS(status)); 2318 else 2319 exit(2); 2320 } else { /* child */ 2321 close(0); close(1); close(2); 2322 setsid(); 2323 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2324 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2325 if (fd >= 0) 2326 exit(3); /* Acquired ctty: broken */ 2327 else 2328 exit(0); /* Did not acquire ctty: OK */ 2329 } 2330 ]])], 2331 [ 2332 AC_MSG_RESULT([yes]) 2333 ], 2334 [ 2335 AC_MSG_RESULT([no]) 2336 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2337 ], 2338 [ 2339 AC_MSG_RESULT([cross-compiling, assuming yes]) 2340 ] 2341 ) 2342fi 2343 2344if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2345 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2346 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2347 AC_RUN_IFELSE( 2348 [AC_LANG_PROGRAM([[ 2349#include <stdio.h> 2350#include <stdlib.h> 2351#include <sys/socket.h> 2352#include <netdb.h> 2353#include <errno.h> 2354#include <netinet/in.h> 2355 2356#define TEST_PORT "2222" 2357 ]], [[ 2358 int err, sock; 2359 struct addrinfo *gai_ai, *ai, hints; 2360 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2361 2362 memset(&hints, 0, sizeof(hints)); 2363 hints.ai_family = PF_UNSPEC; 2364 hints.ai_socktype = SOCK_STREAM; 2365 hints.ai_flags = AI_PASSIVE; 2366 2367 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2368 if (err != 0) { 2369 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2370 exit(1); 2371 } 2372 2373 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2374 if (ai->ai_family != AF_INET6) 2375 continue; 2376 2377 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2378 sizeof(ntop), strport, sizeof(strport), 2379 NI_NUMERICHOST|NI_NUMERICSERV); 2380 2381 if (err != 0) { 2382 if (err == EAI_SYSTEM) 2383 perror("getnameinfo EAI_SYSTEM"); 2384 else 2385 fprintf(stderr, "getnameinfo failed: %s\n", 2386 gai_strerror(err)); 2387 exit(2); 2388 } 2389 2390 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2391 if (sock < 0) 2392 perror("socket"); 2393 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2394 if (errno == EBADF) 2395 exit(3); 2396 } 2397 } 2398 exit(0); 2399 ]])], 2400 [ 2401 AC_MSG_RESULT([yes]) 2402 ], 2403 [ 2404 AC_MSG_RESULT([no]) 2405 AC_DEFINE([BROKEN_GETADDRINFO]) 2406 ], 2407 [ 2408 AC_MSG_RESULT([cross-compiling, assuming yes]) 2409 ] 2410 ) 2411fi 2412 2413if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2414 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2415 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2416 AC_RUN_IFELSE( 2417 [AC_LANG_PROGRAM([[ 2418#include <stdio.h> 2419#include <stdlib.h> 2420#include <sys/socket.h> 2421#include <netdb.h> 2422#include <errno.h> 2423#include <netinet/in.h> 2424 2425#define TEST_PORT "2222" 2426 ]], [[ 2427 int err, sock; 2428 struct addrinfo *gai_ai, *ai, hints; 2429 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2430 2431 memset(&hints, 0, sizeof(hints)); 2432 hints.ai_family = PF_UNSPEC; 2433 hints.ai_socktype = SOCK_STREAM; 2434 hints.ai_flags = AI_PASSIVE; 2435 2436 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2437 if (err != 0) { 2438 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2439 exit(1); 2440 } 2441 2442 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2443 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2444 continue; 2445 2446 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2447 sizeof(ntop), strport, sizeof(strport), 2448 NI_NUMERICHOST|NI_NUMERICSERV); 2449 2450 if (ai->ai_family == AF_INET && err != 0) { 2451 perror("getnameinfo"); 2452 exit(2); 2453 } 2454 } 2455 exit(0); 2456 ]])], 2457 [ 2458 AC_MSG_RESULT([yes]) 2459 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2460 [Define if you have a getaddrinfo that fails 2461 for the all-zeros IPv6 address]) 2462 ], 2463 [ 2464 AC_MSG_RESULT([no]) 2465 AC_DEFINE([BROKEN_GETADDRINFO]) 2466 ], 2467 [ 2468 AC_MSG_RESULT([cross-compiling, assuming no]) 2469 ] 2470 ) 2471fi 2472 2473if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2474 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2475 [#include <sys/types.h> 2476 #include <sys/socket.h> 2477 #include <netdb.h>]) 2478fi 2479 2480if test "x$check_for_conflicting_getspnam" = "x1"; then 2481 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2482 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2483#include <shadow.h> 2484#include <stdlib.h> 2485 ]], 2486 [[ exit(0); ]])], 2487 [ 2488 AC_MSG_RESULT([no]) 2489 ], 2490 [ 2491 AC_MSG_RESULT([yes]) 2492 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2493 [Conflicting defs for getspnam]) 2494 ] 2495 ) 2496fi 2497 2498dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2499dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2500dnl for over ten years). Despite this incompatibility being reported during 2501dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2502dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2503dnl implementation. Try to detect this mess, and assume the only safe option 2504dnl if we're cross compiling. 2505dnl 2506dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2507dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2508if test "x$ac_cv_func_strnvis" = "xyes"; then 2509 AC_MSG_CHECKING([for working strnvis]) 2510 AC_RUN_IFELSE( 2511 [AC_LANG_PROGRAM([[ 2512#include <signal.h> 2513#include <stdlib.h> 2514#include <string.h> 2515#include <unistd.h> 2516#include <vis.h> 2517static void sighandler(int sig) { _exit(1); } 2518 ]], [[ 2519 char dst[16]; 2520 2521 signal(SIGSEGV, sighandler); 2522 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2523 exit(0); 2524 exit(1) 2525 ]])], 2526 [AC_MSG_RESULT([yes])], 2527 [AC_MSG_RESULT([no]) 2528 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2529 [AC_MSG_WARN([cross compiling: assuming broken]) 2530 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2531 ) 2532fi 2533 2534AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2535AC_RUN_IFELSE( 2536 [AC_LANG_PROGRAM([[ 2537#ifdef HAVE_SYS_SELECT 2538# include <sys/select.h> 2539#endif 2540#include <sys/types.h> 2541#include <sys/time.h> 2542#include <stdlib.h> 2543#include <signal.h> 2544#include <unistd.h> 2545static void sighandler(int sig) { } 2546 ]], [[ 2547 int r; 2548 pid_t pid; 2549 struct sigaction sa; 2550 2551 sa.sa_handler = sighandler; 2552 sa.sa_flags = SA_RESTART; 2553 (void)sigaction(SIGTERM, &sa, NULL); 2554 if ((pid = fork()) == 0) { /* child */ 2555 pid = getppid(); 2556 sleep(1); 2557 kill(pid, SIGTERM); 2558 sleep(1); 2559 if (getppid() == pid) /* if parent did not exit, shoot it */ 2560 kill(pid, SIGKILL); 2561 exit(0); 2562 } else { /* parent */ 2563 r = select(0, NULL, NULL, NULL, NULL); 2564 } 2565 exit(r == -1 ? 0 : 1); 2566 ]])], 2567 [AC_MSG_RESULT([yes])], 2568 [AC_MSG_RESULT([no]) 2569 AC_DEFINE([NO_SA_RESTART], [1], 2570 [SA_RESTARTed signals do no interrupt select])], 2571 [AC_MSG_WARN([cross compiling: assuming yes])] 2572) 2573 2574AC_CHECK_FUNCS([getpgrp],[ 2575 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2576 AC_COMPILE_IFELSE( 2577 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2578 [ AC_MSG_RESULT([yes]) 2579 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2580 [ AC_MSG_RESULT([no]) 2581 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2582 ) 2583]) 2584 2585# Search for OpenSSL 2586saved_CPPFLAGS="$CPPFLAGS" 2587saved_LDFLAGS="$LDFLAGS" 2588AC_ARG_WITH([ssl-dir], 2589 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2590 [ 2591 if test "x$openssl" = "xno" ; then 2592 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2593 fi 2594 if test "x$withval" != "xno" ; then 2595 case "$withval" in 2596 # Relative paths 2597 ./*|../*) withval="`pwd`/$withval" 2598 esac 2599 if test -d "$withval/lib"; then 2600 if test -n "${rpath_opt}"; then 2601 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 2602 else 2603 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2604 fi 2605 elif test -d "$withval/lib64"; then 2606 if test -n "${rpath_opt}"; then 2607 LDFLAGS="-L${withval}/lib64 ${rpath_opt}${withval}/lib64 ${LDFLAGS}" 2608 else 2609 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2610 fi 2611 else 2612 if test -n "${rpath_opt}"; then 2613 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 2614 else 2615 LDFLAGS="-L${withval} ${LDFLAGS}" 2616 fi 2617 fi 2618 if test -d "$withval/include"; then 2619 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2620 else 2621 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2622 fi 2623 fi 2624 ] 2625) 2626 2627AC_ARG_WITH([openssl-header-check], 2628 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2629 [ 2630 if test "x$withval" = "xno" ; then 2631 openssl_check_nonfatal=1 2632 fi 2633 ] 2634) 2635 2636openssl_engine=no 2637AC_ARG_WITH([ssl-engine], 2638 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2639 [ 2640 if test "x$withval" != "xno" ; then 2641 if test "x$openssl" = "xno" ; then 2642 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2643 fi 2644 openssl_engine=yes 2645 fi 2646 ] 2647) 2648 2649if test "x$openssl" = "xyes" ; then 2650 LIBS="-lcrypto $LIBS" 2651 AC_TRY_LINK_FUNC([RAND_add], , 2652 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2653 AC_CHECK_HEADER([openssl/opensslv.h], , 2654 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2655 2656 # Determine OpenSSL header version 2657 AC_MSG_CHECKING([OpenSSL header version]) 2658 AC_RUN_IFELSE( 2659 [AC_LANG_PROGRAM([[ 2660 #include <stdlib.h> 2661 #include <stdio.h> 2662 #include <string.h> 2663 #include <openssl/opensslv.h> 2664 #define DATA "conftest.sslincver" 2665 ]], [[ 2666 FILE *fd; 2667 int rc; 2668 2669 fd = fopen(DATA,"w"); 2670 if(fd == NULL) 2671 exit(1); 2672 2673 if ((rc = fprintf(fd, "%08lx (%s)\n", 2674 (unsigned long)OPENSSL_VERSION_NUMBER, 2675 OPENSSL_VERSION_TEXT)) < 0) 2676 exit(1); 2677 2678 exit(0); 2679 ]])], 2680 [ 2681 ssl_header_ver=`cat conftest.sslincver` 2682 AC_MSG_RESULT([$ssl_header_ver]) 2683 ], 2684 [ 2685 AC_MSG_RESULT([not found]) 2686 AC_MSG_ERROR([OpenSSL version header not found.]) 2687 ], 2688 [ 2689 AC_MSG_WARN([cross compiling: not checking]) 2690 ] 2691 ) 2692 2693 # Determining OpenSSL library version is version dependent. 2694 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2695 2696 # Determine OpenSSL library version 2697 AC_MSG_CHECKING([OpenSSL library version]) 2698 AC_RUN_IFELSE( 2699 [AC_LANG_PROGRAM([[ 2700 #include <stdio.h> 2701 #include <stdlib.h> 2702 #include <string.h> 2703 #include <openssl/opensslv.h> 2704 #include <openssl/crypto.h> 2705 #define DATA "conftest.ssllibver" 2706 ]], [[ 2707 FILE *fd; 2708 int rc; 2709 2710 fd = fopen(DATA,"w"); 2711 if(fd == NULL) 2712 exit(1); 2713#ifndef OPENSSL_VERSION 2714# define OPENSSL_VERSION SSLEAY_VERSION 2715#endif 2716#ifndef HAVE_OPENSSL_VERSION 2717# define OpenSSL_version SSLeay_version 2718#endif 2719#ifndef HAVE_OPENSSL_VERSION_NUM 2720# define OpenSSL_version_num SSLeay 2721#endif 2722 if ((rc = fprintf(fd, "%08lx (%s)\n", 2723 (unsigned long)OpenSSL_version_num(), 2724 OpenSSL_version(OPENSSL_VERSION))) < 0) 2725 exit(1); 2726 2727 exit(0); 2728 ]])], 2729 [ 2730 ssl_library_ver=`cat conftest.ssllibver` 2731 # Check version is supported. 2732 case "$ssl_library_ver" in 2733 10000*|0*) 2734 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2735 ;; 2736 100*) ;; # 1.0.x 2737 101000[[0123456]]*) 2738 # https://github.com/openssl/openssl/pull/4613 2739 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) 2740 ;; 2741 101*) ;; # 1.1.x 2742 200*) ;; # LibreSSL 2743 300*) ;; # OpenSSL development branch. 2744 *) 2745 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) 2746 ;; 2747 esac 2748 AC_MSG_RESULT([$ssl_library_ver]) 2749 ], 2750 [ 2751 AC_MSG_RESULT([not found]) 2752 AC_MSG_ERROR([OpenSSL library not found.]) 2753 ], 2754 [ 2755 AC_MSG_WARN([cross compiling: not checking]) 2756 ] 2757 ) 2758 2759 # Sanity check OpenSSL headers 2760 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2761 AC_RUN_IFELSE( 2762 [AC_LANG_PROGRAM([[ 2763 #include <stdlib.h> 2764 #include <string.h> 2765 #include <openssl/opensslv.h> 2766 #include <openssl/crypto.h> 2767 ]], [[ 2768#ifndef HAVE_OPENSSL_VERSION_NUM 2769# define OpenSSL_version_num SSLeay 2770#endif 2771 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2772 ]])], 2773 [ 2774 AC_MSG_RESULT([yes]) 2775 ], 2776 [ 2777 AC_MSG_RESULT([no]) 2778 if test "x$openssl_check_nonfatal" = "x"; then 2779 AC_MSG_ERROR([Your OpenSSL headers do not match your 2780 library. Check config.log for details. 2781 If you are sure your installation is consistent, you can disable the check 2782 by running "./configure --without-openssl-header-check". 2783 Also see contrib/findssl.sh for help identifying header/library mismatches. 2784 ]) 2785 else 2786 AC_MSG_WARN([Your OpenSSL headers do not match your 2787 library. Check config.log for details. 2788 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2789 fi 2790 ], 2791 [ 2792 AC_MSG_WARN([cross compiling: not checking]) 2793 ] 2794 ) 2795 2796 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2797 AC_LINK_IFELSE( 2798 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2799 [[ ERR_load_crypto_strings(); ]])], 2800 [ 2801 AC_MSG_RESULT([yes]) 2802 ], 2803 [ 2804 AC_MSG_RESULT([no]) 2805 saved_LIBS="$LIBS" 2806 LIBS="$LIBS -ldl" 2807 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2808 AC_LINK_IFELSE( 2809 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2810 [[ ERR_load_crypto_strings(); ]])], 2811 [ 2812 AC_MSG_RESULT([yes]) 2813 ], 2814 [ 2815 AC_MSG_RESULT([no]) 2816 LIBS="$saved_LIBS" 2817 ] 2818 ) 2819 ] 2820 ) 2821 2822 AC_CHECK_FUNCS([ \ 2823 BN_is_prime_ex \ 2824 DSA_generate_parameters_ex \ 2825 EVP_CIPHER_CTX_ctrl \ 2826 EVP_DigestFinal_ex \ 2827 EVP_DigestInit_ex \ 2828 EVP_MD_CTX_cleanup \ 2829 EVP_MD_CTX_copy_ex \ 2830 EVP_MD_CTX_init \ 2831 HMAC_CTX_init \ 2832 RSA_generate_key_ex \ 2833 RSA_get_default_method \ 2834 ]) 2835 2836 # OpenSSL_add_all_algorithms may be a macro. 2837 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 2838 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 2839 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 2840 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 2841 [[#include <openssl/evp.h>]] 2842 ) 2843 ) 2844 2845 # LibreSSL/OpenSSL 1.1x API 2846 AC_CHECK_FUNCS([ \ 2847 OPENSSL_init_crypto \ 2848 DH_get0_key \ 2849 DH_get0_pqg \ 2850 DH_set0_key \ 2851 DH_set_length \ 2852 DH_set0_pqg \ 2853 DSA_get0_key \ 2854 DSA_get0_pqg \ 2855 DSA_set0_key \ 2856 DSA_set0_pqg \ 2857 DSA_SIG_get0 \ 2858 DSA_SIG_set0 \ 2859 ECDSA_SIG_get0 \ 2860 ECDSA_SIG_set0 \ 2861 EVP_CIPHER_CTX_iv \ 2862 EVP_CIPHER_CTX_iv_noconst \ 2863 EVP_CIPHER_CTX_get_iv \ 2864 EVP_CIPHER_CTX_set_iv \ 2865 RSA_get0_crt_params \ 2866 RSA_get0_factors \ 2867 RSA_get0_key \ 2868 RSA_set0_crt_params \ 2869 RSA_set0_factors \ 2870 RSA_set0_key \ 2871 RSA_meth_free \ 2872 RSA_meth_dup \ 2873 RSA_meth_set1_name \ 2874 RSA_meth_get_finish \ 2875 RSA_meth_set_priv_enc \ 2876 RSA_meth_set_priv_dec \ 2877 RSA_meth_set_finish \ 2878 EVP_PKEY_get0_RSA \ 2879 EVP_MD_CTX_new \ 2880 EVP_MD_CTX_free \ 2881 EVP_chacha20 \ 2882 ]) 2883 2884 if test "x$openssl_engine" = "xyes" ; then 2885 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2886 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2887 #include <openssl/engine.h> 2888 ]], [[ 2889 ENGINE_load_builtin_engines(); 2890 ENGINE_register_all_complete(); 2891 ]])], 2892 [ AC_MSG_RESULT([yes]) 2893 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2894 [Enable OpenSSL engine support]) 2895 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2896 ]) 2897 fi 2898 2899 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2900 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2901 AC_LINK_IFELSE( 2902 [AC_LANG_PROGRAM([[ 2903 #include <stdlib.h> 2904 #include <string.h> 2905 #include <openssl/evp.h> 2906 ]], [[ 2907 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2908 ]])], 2909 [ 2910 AC_MSG_RESULT([no]) 2911 ], 2912 [ 2913 AC_MSG_RESULT([yes]) 2914 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2915 [libcrypto is missing AES 192 and 256 bit functions]) 2916 ] 2917 ) 2918 2919 # Check for OpenSSL with EVP_aes_*ctr 2920 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2921 AC_LINK_IFELSE( 2922 [AC_LANG_PROGRAM([[ 2923 #include <stdlib.h> 2924 #include <string.h> 2925 #include <openssl/evp.h> 2926 ]], [[ 2927 exit(EVP_aes_128_ctr() == NULL || 2928 EVP_aes_192_cbc() == NULL || 2929 EVP_aes_256_cbc() == NULL); 2930 ]])], 2931 [ 2932 AC_MSG_RESULT([yes]) 2933 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2934 [libcrypto has EVP AES CTR]) 2935 ], 2936 [ 2937 AC_MSG_RESULT([no]) 2938 ] 2939 ) 2940 2941 # Check for OpenSSL with EVP_aes_*gcm 2942 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2943 AC_LINK_IFELSE( 2944 [AC_LANG_PROGRAM([[ 2945 #include <stdlib.h> 2946 #include <string.h> 2947 #include <openssl/evp.h> 2948 ]], [[ 2949 exit(EVP_aes_128_gcm() == NULL || 2950 EVP_aes_256_gcm() == NULL || 2951 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2952 EVP_CTRL_GCM_IV_GEN == 0 || 2953 EVP_CTRL_GCM_SET_TAG == 0 || 2954 EVP_CTRL_GCM_GET_TAG == 0 || 2955 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2956 ]])], 2957 [ 2958 AC_MSG_RESULT([yes]) 2959 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2960 [libcrypto has EVP AES GCM]) 2961 ], 2962 [ 2963 AC_MSG_RESULT([no]) 2964 unsupported_algorithms="$unsupported_cipers \ 2965 aes128-gcm@openssh.com \ 2966 aes256-gcm@openssh.com" 2967 ] 2968 ) 2969 2970 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2971 AC_LINK_IFELSE( 2972 [AC_LANG_PROGRAM([[ 2973 #include <stdlib.h> 2974 #include <string.h> 2975 #include <openssl/evp.h> 2976 ]], [[ 2977 if(EVP_DigestUpdate(NULL, NULL,0)) 2978 exit(0); 2979 ]])], 2980 [ 2981 AC_MSG_RESULT([yes]) 2982 ], 2983 [ 2984 AC_MSG_RESULT([no]) 2985 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2986 [Define if EVP_DigestUpdate returns void]) 2987 ] 2988 ) 2989 2990 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2991 # because the system crypt() is more featureful. 2992 if test "x$check_for_libcrypt_before" = "x1"; then 2993 AC_CHECK_LIB([crypt], [crypt]) 2994 fi 2995 2996 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2997 # version in OpenSSL. 2998 if test "x$check_for_libcrypt_later" = "x1"; then 2999 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3000 fi 3001 AC_CHECK_FUNCS([crypt DES_crypt]) 3002 3003 # Check for SHA256, SHA384 and SHA512 support in OpenSSL 3004 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) 3005 3006 # Check complete ECC support in OpenSSL 3007 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 3008 AC_LINK_IFELSE( 3009 [AC_LANG_PROGRAM([[ 3010 #include <openssl/ec.h> 3011 #include <openssl/ecdh.h> 3012 #include <openssl/ecdsa.h> 3013 #include <openssl/evp.h> 3014 #include <openssl/objects.h> 3015 #include <openssl/opensslv.h> 3016 ]], [[ 3017 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3018 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3019 ]])], 3020 [ AC_MSG_RESULT([yes]) 3021 enable_nistp256=1 ], 3022 [ AC_MSG_RESULT([no]) ] 3023 ) 3024 3025 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3026 AC_LINK_IFELSE( 3027 [AC_LANG_PROGRAM([[ 3028 #include <openssl/ec.h> 3029 #include <openssl/ecdh.h> 3030 #include <openssl/ecdsa.h> 3031 #include <openssl/evp.h> 3032 #include <openssl/objects.h> 3033 #include <openssl/opensslv.h> 3034 ]], [[ 3035 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3036 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3037 ]])], 3038 [ AC_MSG_RESULT([yes]) 3039 enable_nistp384=1 ], 3040 [ AC_MSG_RESULT([no]) ] 3041 ) 3042 3043 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3044 AC_LINK_IFELSE( 3045 [AC_LANG_PROGRAM([[ 3046 #include <openssl/ec.h> 3047 #include <openssl/ecdh.h> 3048 #include <openssl/ecdsa.h> 3049 #include <openssl/evp.h> 3050 #include <openssl/objects.h> 3051 #include <openssl/opensslv.h> 3052 ]], [[ 3053 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3054 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3055 ]])], 3056 [ AC_MSG_RESULT([yes]) 3057 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3058 AC_RUN_IFELSE( 3059 [AC_LANG_PROGRAM([[ 3060 #include <stdlib.h> 3061 #include <openssl/ec.h> 3062 #include <openssl/ecdh.h> 3063 #include <openssl/ecdsa.h> 3064 #include <openssl/evp.h> 3065 #include <openssl/objects.h> 3066 #include <openssl/opensslv.h> 3067 ]],[[ 3068 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3069 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3070 exit(e == NULL || m == NULL); 3071 ]])], 3072 [ AC_MSG_RESULT([yes]) 3073 enable_nistp521=1 ], 3074 [ AC_MSG_RESULT([no]) ], 3075 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3076 enable_nistp521=1 ] 3077 )], 3078 AC_MSG_RESULT([no]) 3079 ) 3080 3081 COMMENT_OUT_ECC="#no ecc#" 3082 TEST_SSH_ECC=no 3083 3084 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3085 test x$enable_nistp521 = x1; then 3086 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3087 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3088 openssl_ecc=yes 3089 else 3090 openssl_ecc=no 3091 fi 3092 if test x$enable_nistp256 = x1; then 3093 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3094 [libcrypto has NID_X9_62_prime256v1]) 3095 TEST_SSH_ECC=yes 3096 COMMENT_OUT_ECC="" 3097 else 3098 unsupported_algorithms="$unsupported_algorithms \ 3099 ecdsa-sha2-nistp256 \ 3100 ecdh-sha2-nistp256 \ 3101 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3102 fi 3103 if test x$enable_nistp384 = x1; then 3104 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3105 TEST_SSH_ECC=yes 3106 COMMENT_OUT_ECC="" 3107 else 3108 unsupported_algorithms="$unsupported_algorithms \ 3109 ecdsa-sha2-nistp384 \ 3110 ecdh-sha2-nistp384 \ 3111 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3112 fi 3113 if test x$enable_nistp521 = x1; then 3114 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3115 TEST_SSH_ECC=yes 3116 COMMENT_OUT_ECC="" 3117 else 3118 unsupported_algorithms="$unsupported_algorithms \ 3119 ecdh-sha2-nistp521 \ 3120 ecdsa-sha2-nistp521 \ 3121 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3122 fi 3123 3124 AC_SUBST([TEST_SSH_ECC]) 3125 AC_SUBST([COMMENT_OUT_ECC]) 3126else 3127 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3128 AC_CHECK_FUNCS([crypt]) 3129fi 3130 3131# PKCS11/U2F depend on OpenSSL and dlopen(). 3132enable_pkcs11=yes 3133enable_sk=yes 3134if test "x$openssl" != "xyes" ; then 3135 enable_pkcs11="disabled; missing libcrypto" 3136 enable_sk="disabled; missing libcrypto" 3137fi 3138if test "x$openssl_ecc" != "xyes" ; then 3139 enable_sk="disabled; OpenSSL has no ECC support" 3140fi 3141if test "x$ac_cv_func_dlopen" != "xyes" ; then 3142 enable_pkcs11="disabled; missing dlopen(3)" 3143 enable_sk="disabled; missing dlopen(3)" 3144fi 3145if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3146 enable_pkcs11="disabled; missing RTLD_NOW" 3147 enable_sk="disabled; missing RTLD_NOW" 3148fi 3149if test ! -z "$disable_pkcs11" ; then 3150 enable_pkcs11="disabled by user" 3151fi 3152if test ! -z "$disable_sk" ; then 3153 enable_sk="disabled by user" 3154fi 3155 3156AC_MSG_CHECKING([whether to enable PKCS11]) 3157if test "x$enable_pkcs11" = "xyes" ; then 3158 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3159fi 3160AC_MSG_RESULT([$enable_pkcs11]) 3161 3162AC_MSG_CHECKING([whether to enable U2F]) 3163if test "x$enable_sk" = "xyes" ; then 3164 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3165 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3166else 3167 # Do not try to build sk-dummy library. 3168 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3169fi 3170AC_MSG_RESULT([$enable_sk]) 3171 3172# Now check for built-in security key support. 3173if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then 3174 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 3175 use_pkgconfig_for_libfido2= 3176 if test "x$PKGCONFIG" != "xno"; then 3177 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3178 if "$PKGCONFIG" libfido2; then 3179 AC_MSG_RESULT([yes]) 3180 use_pkgconfig_for_libfido2=yes 3181 else 3182 AC_MSG_RESULT([no]) 3183 fi 3184 fi 3185 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3186 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3187 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3188 else 3189 LIBFIDO2="-lfido2 -lcbor" 3190 fi 3191 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3192 AC_CHECK_LIB([fido2], [fido_init], 3193 [ 3194 AC_SUBST([LIBFIDO2]) 3195 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3196 [Enable for built-in U2F/FIDO support]) 3197 enable_sk="built-in" 3198 ], [ AC_MSG_ERROR([no usable libfido2 found]) ], 3199 [ $OTHERLIBS ] 3200 ) 3201 saved_LIBS="$LIBS" 3202 LIBS="$LIBS $LIBFIDO2" 3203 AC_CHECK_FUNCS([ \ 3204 fido_cred_prot \ 3205 fido_cred_set_prot \ 3206 fido_dev_get_touch_begin \ 3207 fido_dev_get_touch_status \ 3208 fido_dev_supports_cred_prot \ 3209 ]) 3210 LIBS="$saved_LIBS" 3211 AC_CHECK_HEADER([fido.h], [], 3212 AC_MSG_ERROR([missing fido.h from libfido2])) 3213 AC_CHECK_HEADER([fido/credman.h], [], 3214 AC_MSG_ERROR([missing fido/credman.h from libfido2]), 3215 [#include <fido.h>] 3216 ) 3217fi 3218 3219AC_CHECK_FUNCS([ \ 3220 arc4random \ 3221 arc4random_buf \ 3222 arc4random_stir \ 3223 arc4random_uniform \ 3224]) 3225 3226saved_LIBS="$LIBS" 3227AC_CHECK_LIB([iaf], [ia_openinfo], [ 3228 LIBS="$LIBS -liaf" 3229 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3230 AC_DEFINE([HAVE_LIBIAF], [1], 3231 [Define if system has libiaf that supports set_id]) 3232 ]) 3233]) 3234LIBS="$saved_LIBS" 3235 3236### Configure cryptographic random number support 3237 3238# Check whether OpenSSL seeds itself 3239if test "x$openssl" = "xyes" ; then 3240 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3241 AC_RUN_IFELSE( 3242 [AC_LANG_PROGRAM([[ 3243 #include <stdlib.h> 3244 #include <string.h> 3245 #include <openssl/rand.h> 3246 ]], [[ 3247 exit(RAND_status() == 1 ? 0 : 1); 3248 ]])], 3249 [ 3250 OPENSSL_SEEDS_ITSELF=yes 3251 AC_MSG_RESULT([yes]) 3252 ], 3253 [ 3254 AC_MSG_RESULT([no]) 3255 ], 3256 [ 3257 AC_MSG_WARN([cross compiling: assuming yes]) 3258 # This is safe, since we will fatal() at runtime if 3259 # OpenSSL is not seeded correctly. 3260 OPENSSL_SEEDS_ITSELF=yes 3261 ] 3262 ) 3263fi 3264 3265# PRNGD TCP socket 3266AC_ARG_WITH([prngd-port], 3267 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3268 [ 3269 case "$withval" in 3270 no) 3271 withval="" 3272 ;; 3273 [[0-9]]*) 3274 ;; 3275 *) 3276 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3277 ;; 3278 esac 3279 if test ! -z "$withval" ; then 3280 PRNGD_PORT="$withval" 3281 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3282 [Port number of PRNGD/EGD random number socket]) 3283 fi 3284 ] 3285) 3286 3287# PRNGD Unix domain socket 3288AC_ARG_WITH([prngd-socket], 3289 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3290 [ 3291 case "$withval" in 3292 yes) 3293 withval="/var/run/egd-pool" 3294 ;; 3295 no) 3296 withval="" 3297 ;; 3298 /*) 3299 ;; 3300 *) 3301 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3302 ;; 3303 esac 3304 3305 if test ! -z "$withval" ; then 3306 if test ! -z "$PRNGD_PORT" ; then 3307 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3308 fi 3309 if test ! -r "$withval" ; then 3310 AC_MSG_WARN([Entropy socket is not readable]) 3311 fi 3312 PRNGD_SOCKET="$withval" 3313 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3314 [Location of PRNGD/EGD random number socket]) 3315 fi 3316 ], 3317 [ 3318 # Check for existing socket only if we don't have a random device already 3319 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3320 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3321 # Insert other locations here 3322 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3323 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3324 PRNGD_SOCKET="$sock" 3325 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3326 break; 3327 fi 3328 done 3329 if test ! -z "$PRNGD_SOCKET" ; then 3330 AC_MSG_RESULT([$PRNGD_SOCKET]) 3331 else 3332 AC_MSG_RESULT([not found]) 3333 fi 3334 fi 3335 ] 3336) 3337 3338# Which randomness source do we use? 3339if test ! -z "$PRNGD_PORT" ; then 3340 RAND_MSG="PRNGd port $PRNGD_PORT" 3341elif test ! -z "$PRNGD_SOCKET" ; then 3342 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3343elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3344 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3345 [Define if you want the OpenSSL internally seeded PRNG only]) 3346 RAND_MSG="OpenSSL internal ONLY" 3347elif test "x$openssl" = "xno" ; then 3348 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3349else 3350 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3351fi 3352 3353# Check for PAM libs 3354PAM_MSG="no" 3355AC_ARG_WITH([pam], 3356 [ --with-pam Enable PAM support ], 3357 [ 3358 if test "x$withval" != "xno" ; then 3359 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3360 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3361 AC_MSG_ERROR([PAM headers not found]) 3362 fi 3363 3364 saved_LIBS="$LIBS" 3365 AC_CHECK_LIB([dl], [dlopen], , ) 3366 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3367 AC_CHECK_FUNCS([pam_getenvlist]) 3368 AC_CHECK_FUNCS([pam_putenv]) 3369 LIBS="$saved_LIBS" 3370 3371 PAM_MSG="yes" 3372 3373 SSHDLIBS="$SSHDLIBS -lpam" 3374 AC_DEFINE([USE_PAM], [1], 3375 [Define if you want to enable PAM support]) 3376 3377 if test $ac_cv_lib_dl_dlopen = yes; then 3378 case "$LIBS" in 3379 *-ldl*) 3380 # libdl already in LIBS 3381 ;; 3382 *) 3383 SSHDLIBS="$SSHDLIBS -ldl" 3384 ;; 3385 esac 3386 fi 3387 fi 3388 ] 3389) 3390 3391AC_ARG_WITH([pam-service], 3392 [ --with-pam-service=name Specify PAM service name ], 3393 [ 3394 if test "x$withval" != "xno" && \ 3395 test "x$withval" != "xyes" ; then 3396 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3397 ["$withval"], [sshd PAM service name]) 3398 fi 3399 ] 3400) 3401 3402# Check for older PAM 3403if test "x$PAM_MSG" = "xyes" ; then 3404 # Check PAM strerror arguments (old PAM) 3405 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3406 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3407#include <stdlib.h> 3408#if defined(HAVE_SECURITY_PAM_APPL_H) 3409#include <security/pam_appl.h> 3410#elif defined (HAVE_PAM_PAM_APPL_H) 3411#include <pam/pam_appl.h> 3412#endif 3413 ]], [[ 3414(void)pam_strerror((pam_handle_t *)NULL, -1); 3415 ]])], [AC_MSG_RESULT([no])], [ 3416 AC_DEFINE([HAVE_OLD_PAM], [1], 3417 [Define if you have an old version of PAM 3418 which takes only one argument to pam_strerror]) 3419 AC_MSG_RESULT([yes]) 3420 PAM_MSG="yes (old library)" 3421 3422 ]) 3423fi 3424 3425case "$host" in 3426*-*-cygwin*) 3427 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3428 ;; 3429*) 3430 SSH_PRIVSEP_USER=sshd 3431 ;; 3432esac 3433AC_ARG_WITH([privsep-user], 3434 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3435 [ 3436 if test -n "$withval" && test "x$withval" != "xno" && \ 3437 test "x${withval}" != "xyes"; then 3438 SSH_PRIVSEP_USER=$withval 3439 fi 3440 ] 3441) 3442if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3443 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3444 [Cygwin function to fetch non-privileged user for privilege separation]) 3445else 3446 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3447 [non-privileged user for privilege separation]) 3448fi 3449AC_SUBST([SSH_PRIVSEP_USER]) 3450 3451if test "x$have_linux_no_new_privs" = "x1" ; then 3452AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3453 #include <sys/types.h> 3454 #include <linux/seccomp.h> 3455]) 3456fi 3457if test "x$have_seccomp_filter" = "x1" ; then 3458AC_MSG_CHECKING([kernel for seccomp_filter support]) 3459AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3460 #include <errno.h> 3461 #include <elf.h> 3462 #include <linux/audit.h> 3463 #include <linux/seccomp.h> 3464 #include <stdlib.h> 3465 #include <sys/prctl.h> 3466 ]], 3467 [[ int i = $seccomp_audit_arch; 3468 errno = 0; 3469 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3470 exit(errno == EFAULT ? 0 : 1); ]])], 3471 [ AC_MSG_RESULT([yes]) ], [ 3472 AC_MSG_RESULT([no]) 3473 # Disable seccomp filter as a target 3474 have_seccomp_filter=0 3475 ] 3476) 3477fi 3478 3479# Decide which sandbox style to use 3480sandbox_arg="" 3481AC_ARG_WITH([sandbox], 3482 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3483 [ 3484 if test "x$withval" = "xyes" ; then 3485 sandbox_arg="" 3486 else 3487 sandbox_arg="$withval" 3488 fi 3489 ] 3490) 3491 3492# Some platforms (seems to be the ones that have a kernel poll(2)-type 3493# function with which they implement select(2)) use an extra file descriptor 3494# when calling select(2), which means we can't use the rlimit sandbox. 3495AC_MSG_CHECKING([if select works with descriptor rlimit]) 3496AC_RUN_IFELSE( 3497 [AC_LANG_PROGRAM([[ 3498#include <sys/types.h> 3499#ifdef HAVE_SYS_TIME_H 3500# include <sys/time.h> 3501#endif 3502#include <sys/resource.h> 3503#ifdef HAVE_SYS_SELECT_H 3504# include <sys/select.h> 3505#endif 3506#include <errno.h> 3507#include <fcntl.h> 3508#include <stdlib.h> 3509 ]],[[ 3510 struct rlimit rl_zero; 3511 int fd, r; 3512 fd_set fds; 3513 struct timeval tv; 3514 3515 fd = open("/dev/null", O_RDONLY); 3516 FD_ZERO(&fds); 3517 FD_SET(fd, &fds); 3518 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3519 setrlimit(RLIMIT_FSIZE, &rl_zero); 3520 setrlimit(RLIMIT_NOFILE, &rl_zero); 3521 tv.tv_sec = 1; 3522 tv.tv_usec = 0; 3523 r = select(fd+1, &fds, NULL, NULL, &tv); 3524 exit (r == -1 ? 1 : 0); 3525 ]])], 3526 [AC_MSG_RESULT([yes]) 3527 select_works_with_rlimit=yes], 3528 [AC_MSG_RESULT([no]) 3529 select_works_with_rlimit=no], 3530 [AC_MSG_WARN([cross compiling: assuming yes]) 3531 select_works_with_rlimit=yes] 3532) 3533 3534AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3535AC_RUN_IFELSE( 3536 [AC_LANG_PROGRAM([[ 3537#include <sys/types.h> 3538#ifdef HAVE_SYS_TIME_H 3539# include <sys/time.h> 3540#endif 3541#include <sys/resource.h> 3542#include <errno.h> 3543#include <stdlib.h> 3544 ]],[[ 3545 struct rlimit rl_zero; 3546 int r; 3547 3548 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3549 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3550 exit (r == -1 ? 1 : 0); 3551 ]])], 3552 [AC_MSG_RESULT([yes]) 3553 rlimit_nofile_zero_works=yes], 3554 [AC_MSG_RESULT([no]) 3555 rlimit_nofile_zero_works=no], 3556 [AC_MSG_WARN([cross compiling: assuming yes]) 3557 rlimit_nofile_zero_works=yes] 3558) 3559 3560AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3561AC_RUN_IFELSE( 3562 [AC_LANG_PROGRAM([[ 3563#include <sys/types.h> 3564#include <sys/resource.h> 3565#include <stdlib.h> 3566 ]],[[ 3567 struct rlimit rl_zero; 3568 3569 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3570 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3571 ]])], 3572 [AC_MSG_RESULT([yes])], 3573 [AC_MSG_RESULT([no]) 3574 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3575 [setrlimit RLIMIT_FSIZE works])], 3576 [AC_MSG_WARN([cross compiling: assuming yes])] 3577) 3578 3579if test "x$sandbox_arg" = "xpledge" || \ 3580 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3581 test "x$ac_cv_func_pledge" != "xyes" && \ 3582 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3583 SANDBOX_STYLE="pledge" 3584 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3585elif test "x$sandbox_arg" = "xsystrace" || \ 3586 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3587 test "x$have_systr_policy_kill" != "x1" && \ 3588 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3589 SANDBOX_STYLE="systrace" 3590 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3591elif test "x$sandbox_arg" = "xdarwin" || \ 3592 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3593 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3594 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3595 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3596 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3597 SANDBOX_STYLE="darwin" 3598 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3599elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3600 ( test -z "$sandbox_arg" && \ 3601 test "x$have_seccomp_filter" = "x1" && \ 3602 test "x$ac_cv_header_elf_h" = "xyes" && \ 3603 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3604 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3605 test "x$seccomp_audit_arch" != "x" && \ 3606 test "x$have_linux_no_new_privs" = "x1" && \ 3607 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3608 test "x$seccomp_audit_arch" = "x" && \ 3609 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3610 test "x$have_linux_no_new_privs" != "x1" && \ 3611 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3612 test "x$have_seccomp_filter" != "x1" && \ 3613 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3614 test "x$ac_cv_func_prctl" != "xyes" && \ 3615 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3616 SANDBOX_STYLE="seccomp_filter" 3617 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3618elif test "x$sandbox_arg" = "xcapsicum" || \ 3619 ( test -z "$sandbox_arg" && \ 3620 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3621 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3622 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3623 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3624 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3625 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3626 SANDBOX_STYLE="capsicum" 3627 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3628elif test "x$sandbox_arg" = "xrlimit" || \ 3629 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3630 test "x$select_works_with_rlimit" = "xyes" && \ 3631 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3632 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3633 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3634 test "x$select_works_with_rlimit" != "xyes" && \ 3635 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3636 SANDBOX_STYLE="rlimit" 3637 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3638elif test "x$sandbox_arg" = "xsolaris" || \ 3639 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3640 SANDBOX_STYLE="solaris" 3641 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3642elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3643 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3644 SANDBOX_STYLE="none" 3645 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3646else 3647 AC_MSG_ERROR([unsupported --with-sandbox]) 3648fi 3649 3650# Cheap hack to ensure NEWS-OS libraries are arranged right. 3651if test ! -z "$SONY" ; then 3652 LIBS="$LIBS -liberty"; 3653fi 3654 3655# Check for long long datatypes 3656AC_CHECK_TYPES([long long, unsigned long long, long double]) 3657 3658# Check datatype sizes 3659AC_CHECK_SIZEOF([short int]) 3660AC_CHECK_SIZEOF([int]) 3661AC_CHECK_SIZEOF([long int]) 3662AC_CHECK_SIZEOF([long long int]) 3663 3664# Sanity check long long for some platforms (AIX) 3665if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3666 ac_cv_sizeof_long_long_int=0 3667fi 3668 3669# compute LLONG_MIN and LLONG_MAX if we don't know them. 3670if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3671 AC_MSG_CHECKING([for max value of long long]) 3672 AC_RUN_IFELSE( 3673 [AC_LANG_PROGRAM([[ 3674#include <stdio.h> 3675#include <stdlib.h> 3676/* Why is this so damn hard? */ 3677#ifdef __GNUC__ 3678# undef __GNUC__ 3679#endif 3680#define __USE_ISOC99 3681#include <limits.h> 3682#define DATA "conftest.llminmax" 3683#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3684 3685/* 3686 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3687 * we do this the hard way. 3688 */ 3689static int 3690fprint_ll(FILE *f, long long n) 3691{ 3692 unsigned int i; 3693 int l[sizeof(long long) * 8]; 3694 3695 if (n < 0) 3696 if (fprintf(f, "-") < 0) 3697 return -1; 3698 for (i = 0; n != 0; i++) { 3699 l[i] = my_abs(n % 10); 3700 n /= 10; 3701 } 3702 do { 3703 if (fprintf(f, "%d", l[--i]) < 0) 3704 return -1; 3705 } while (i != 0); 3706 if (fprintf(f, " ") < 0) 3707 return -1; 3708 return 0; 3709} 3710 ]], [[ 3711 FILE *f; 3712 long long i, llmin, llmax = 0; 3713 3714 if((f = fopen(DATA,"w")) == NULL) 3715 exit(1); 3716 3717#if defined(LLONG_MIN) && defined(LLONG_MAX) 3718 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3719 llmin = LLONG_MIN; 3720 llmax = LLONG_MAX; 3721#else 3722 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3723 /* This will work on one's complement and two's complement */ 3724 for (i = 1; i > llmax; i <<= 1, i++) 3725 llmax = i; 3726 llmin = llmax + 1LL; /* wrap */ 3727#endif 3728 3729 /* Sanity check */ 3730 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3731 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3732 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3733 fprintf(f, "unknown unknown\n"); 3734 exit(2); 3735 } 3736 3737 if (fprint_ll(f, llmin) < 0) 3738 exit(3); 3739 if (fprint_ll(f, llmax) < 0) 3740 exit(4); 3741 if (fclose(f) < 0) 3742 exit(5); 3743 exit(0); 3744 ]])], 3745 [ 3746 llong_min=`$AWK '{print $1}' conftest.llminmax` 3747 llong_max=`$AWK '{print $2}' conftest.llminmax` 3748 3749 AC_MSG_RESULT([$llong_max]) 3750 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3751 [max value of long long calculated by configure]) 3752 AC_MSG_CHECKING([for min value of long long]) 3753 AC_MSG_RESULT([$llong_min]) 3754 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3755 [min value of long long calculated by configure]) 3756 ], 3757 [ 3758 AC_MSG_RESULT([not found]) 3759 ], 3760 [ 3761 AC_MSG_WARN([cross compiling: not checking]) 3762 ] 3763 ) 3764fi 3765 3766AC_CHECK_DECLS([UINT32_MAX], , , [[ 3767#ifdef HAVE_SYS_LIMITS_H 3768# include <sys/limits.h> 3769#endif 3770#ifdef HAVE_LIMITS_H 3771# include <limits.h> 3772#endif 3773#ifdef HAVE_STDINT_H 3774# include <stdint.h> 3775#endif 3776]]) 3777 3778# More checks for data types 3779AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3780 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3781 [[ u_int a; a = 1;]])], 3782 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3783 ]) 3784]) 3785if test "x$ac_cv_have_u_int" = "xyes" ; then 3786 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3787 have_u_int=1 3788fi 3789 3790AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3791 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3792 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3793 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3794 ]) 3795]) 3796if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3797 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3798 have_intxx_t=1 3799fi 3800 3801if (test -z "$have_intxx_t" && \ 3802 test "x$ac_cv_header_stdint_h" = "xyes") 3803then 3804 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3805 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3806 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3807 [ 3808 AC_DEFINE([HAVE_INTXX_T]) 3809 AC_MSG_RESULT([yes]) 3810 ], [ AC_MSG_RESULT([no]) 3811 ]) 3812fi 3813 3814AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3815 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3816#include <sys/types.h> 3817#ifdef HAVE_STDINT_H 3818# include <stdint.h> 3819#endif 3820#include <sys/socket.h> 3821#ifdef HAVE_SYS_BITYPES_H 3822# include <sys/bitypes.h> 3823#endif 3824 ]], [[ 3825int64_t a; a = 1; 3826 ]])], 3827 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3828 ]) 3829]) 3830if test "x$ac_cv_have_int64_t" = "xyes" ; then 3831 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3832fi 3833 3834AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3835 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3836 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3837 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3838 ]) 3839]) 3840if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3841 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3842 have_u_intxx_t=1 3843fi 3844 3845if test -z "$have_u_intxx_t" ; then 3846 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3847 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3848 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3849 [ 3850 AC_DEFINE([HAVE_U_INTXX_T]) 3851 AC_MSG_RESULT([yes]) 3852 ], [ AC_MSG_RESULT([no]) 3853 ]) 3854fi 3855 3856AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3857 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3858 [[ u_int64_t a; a = 1;]])], 3859 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3860 ]) 3861]) 3862if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3863 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3864 have_u_int64_t=1 3865fi 3866 3867if (test -z "$have_u_int64_t" && \ 3868 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3869then 3870 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3871 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3872 [[ u_int64_t a; a = 1]])], 3873 [ 3874 AC_DEFINE([HAVE_U_INT64_T]) 3875 AC_MSG_RESULT([yes]) 3876 ], [ AC_MSG_RESULT([no]) 3877 ]) 3878fi 3879 3880if test -z "$have_u_intxx_t" ; then 3881 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3882 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3883#include <sys/types.h> 3884 ]], [[ 3885 uint8_t a; 3886 uint16_t b; 3887 uint32_t c; 3888 a = b = c = 1; 3889 ]])], 3890 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3891 ]) 3892 ]) 3893 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3894 AC_DEFINE([HAVE_UINTXX_T], [1], 3895 [define if you have uintxx_t data type]) 3896 fi 3897fi 3898 3899if (test -z "$have_uintxx_t" && \ 3900 test "x$ac_cv_header_stdint_h" = "xyes") 3901then 3902 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3903 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3904 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3905 [ 3906 AC_DEFINE([HAVE_UINTXX_T]) 3907 AC_MSG_RESULT([yes]) 3908 ], [ AC_MSG_RESULT([no]) 3909 ]) 3910fi 3911 3912if (test -z "$have_uintxx_t" && \ 3913 test "x$ac_cv_header_inttypes_h" = "xyes") 3914then 3915 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3916 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3917 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3918 [ 3919 AC_DEFINE([HAVE_UINTXX_T]) 3920 AC_MSG_RESULT([yes]) 3921 ], [ AC_MSG_RESULT([no]) 3922 ]) 3923fi 3924 3925if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3926 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3927then 3928 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3929 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3930#include <sys/bitypes.h> 3931 ]], [[ 3932 int8_t a; int16_t b; int32_t c; 3933 u_int8_t e; u_int16_t f; u_int32_t g; 3934 a = b = c = e = f = g = 1; 3935 ]])], 3936 [ 3937 AC_DEFINE([HAVE_U_INTXX_T]) 3938 AC_DEFINE([HAVE_INTXX_T]) 3939 AC_MSG_RESULT([yes]) 3940 ], [AC_MSG_RESULT([no]) 3941 ]) 3942fi 3943 3944 3945AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3946 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3947 [[ u_char foo; foo = 125; ]])], 3948 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3949 ]) 3950]) 3951if test "x$ac_cv_have_u_char" = "xyes" ; then 3952 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3953fi 3954 3955AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3956#include <sys/types.h> 3957#ifdef HAVE_STDINT_H 3958# include <stdint.h> 3959#endif 3960]) 3961 3962TYPE_SOCKLEN_T 3963 3964AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3965AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3966#include <sys/types.h> 3967#ifdef HAVE_SYS_BITYPES_H 3968#include <sys/bitypes.h> 3969#endif 3970#ifdef HAVE_SYS_STATFS_H 3971#include <sys/statfs.h> 3972#endif 3973#ifdef HAVE_SYS_STATVFS_H 3974#include <sys/statvfs.h> 3975#endif 3976]) 3977 3978AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 3979#include <sys/param.h> 3980#include <sys/types.h> 3981#ifdef HAVE_SYS_BITYPES_H 3982#include <sys/bitypes.h> 3983#endif 3984#ifdef HAVE_SYS_STATFS_H 3985#include <sys/statfs.h> 3986#endif 3987#ifdef HAVE_SYS_STATVFS_H 3988#include <sys/statvfs.h> 3989#endif 3990#ifdef HAVE_SYS_VFS_H 3991#include <sys/vfs.h> 3992#endif 3993#ifdef HAVE_SYS_MOUNT_H 3994#include <sys/mount.h> 3995#endif 3996]]) 3997 3998 3999AC_CHECK_TYPES([in_addr_t, in_port_t], , , 4000[#include <sys/types.h> 4001#include <netinet/in.h>]) 4002 4003AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 4004 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4005 [[ size_t foo; foo = 1235; ]])], 4006 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 4007 ]) 4008]) 4009if test "x$ac_cv_have_size_t" = "xyes" ; then 4010 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 4011fi 4012 4013AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 4014 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4015 [[ ssize_t foo; foo = 1235; ]])], 4016 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 4017 ]) 4018]) 4019if test "x$ac_cv_have_ssize_t" = "xyes" ; then 4020 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 4021fi 4022 4023AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 4024 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4025 [[ clock_t foo; foo = 1235; ]])], 4026 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4027 ]) 4028]) 4029if test "x$ac_cv_have_clock_t" = "xyes" ; then 4030 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4031fi 4032 4033AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4034 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4035#include <sys/types.h> 4036#include <sys/socket.h> 4037 ]], [[ sa_family_t foo; foo = 1235; ]])], 4038 [ ac_cv_have_sa_family_t="yes" ], 4039 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4040#include <sys/types.h> 4041#include <sys/socket.h> 4042#include <netinet/in.h> 4043 ]], [[ sa_family_t foo; foo = 1235; ]])], 4044 [ ac_cv_have_sa_family_t="yes" ], 4045 [ ac_cv_have_sa_family_t="no" ] 4046 ) 4047 ]) 4048]) 4049if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4050 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4051 [define if you have sa_family_t data type]) 4052fi 4053 4054AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4055 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4056 [[ pid_t foo; foo = 1235; ]])], 4057 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4058 ]) 4059]) 4060if test "x$ac_cv_have_pid_t" = "xyes" ; then 4061 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4062fi 4063 4064AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4065 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4066 [[ mode_t foo; foo = 1235; ]])], 4067 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4068 ]) 4069]) 4070if test "x$ac_cv_have_mode_t" = "xyes" ; then 4071 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4072fi 4073 4074 4075AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4076 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4077#include <sys/types.h> 4078#include <sys/socket.h> 4079 ]], [[ struct sockaddr_storage s; ]])], 4080 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4081 [ ac_cv_have_struct_sockaddr_storage="no" 4082 ]) 4083]) 4084if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4085 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4086 [define if you have struct sockaddr_storage data type]) 4087fi 4088 4089AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4090 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4091#include <sys/types.h> 4092#include <netinet/in.h> 4093 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4094 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4095 [ ac_cv_have_struct_sockaddr_in6="no" 4096 ]) 4097]) 4098if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4099 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4100 [define if you have struct sockaddr_in6 data type]) 4101fi 4102 4103AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4104 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4105#include <sys/types.h> 4106#include <netinet/in.h> 4107 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4108 [ ac_cv_have_struct_in6_addr="yes" ], 4109 [ ac_cv_have_struct_in6_addr="no" 4110 ]) 4111]) 4112if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4113 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4114 [define if you have struct in6_addr data type]) 4115 4116dnl Now check for sin6_scope_id 4117 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4118 [ 4119#ifdef HAVE_SYS_TYPES_H 4120#include <sys/types.h> 4121#endif 4122#include <netinet/in.h> 4123 ]) 4124fi 4125 4126AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4127 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4128#include <sys/types.h> 4129#include <sys/socket.h> 4130#include <netdb.h> 4131 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4132 [ ac_cv_have_struct_addrinfo="yes" ], 4133 [ ac_cv_have_struct_addrinfo="no" 4134 ]) 4135]) 4136if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4137 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4138 [define if you have struct addrinfo data type]) 4139fi 4140 4141AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4142 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4143 [[ struct timeval tv; tv.tv_sec = 1;]])], 4144 [ ac_cv_have_struct_timeval="yes" ], 4145 [ ac_cv_have_struct_timeval="no" 4146 ]) 4147]) 4148if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4149 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4150 have_struct_timeval=1 4151fi 4152 4153AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4154 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4155 #ifdef TIME_WITH_SYS_TIME 4156 # include <sys/time.h> 4157 # include <time.h> 4158 #else 4159 # ifdef HAVE_SYS_TIME_H 4160 # include <sys/time.h> 4161 # else 4162 # include <time.h> 4163 # endif 4164 #endif 4165 ]], 4166 [[ struct timespec ts; ts.tv_sec = 1;]])], 4167 [ ac_cv_have_struct_timespec="yes" ], 4168 [ ac_cv_have_struct_timespec="no" 4169 ]) 4170]) 4171if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4172 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4173 have_struct_timespec=1 4174fi 4175 4176# We need int64_t or else certain parts of the compile will fail. 4177if test "x$ac_cv_have_int64_t" = "xno" && \ 4178 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4179 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4180 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4181 echo "an alternative compiler (I.E., GCC) before continuing." 4182 echo "" 4183 exit 1; 4184else 4185dnl test snprintf (broken on SCO w/gcc) 4186 AC_RUN_IFELSE( 4187 [AC_LANG_SOURCE([[ 4188#include <stdio.h> 4189#include <stdlib.h> 4190#include <string.h> 4191#ifdef HAVE_SNPRINTF 4192main() 4193{ 4194 char buf[50]; 4195 char expected_out[50]; 4196 int mazsize = 50 ; 4197#if (SIZEOF_LONG_INT == 8) 4198 long int num = 0x7fffffffffffffff; 4199#else 4200 long long num = 0x7fffffffffffffffll; 4201#endif 4202 strcpy(expected_out, "9223372036854775807"); 4203 snprintf(buf, mazsize, "%lld", num); 4204 if(strcmp(buf, expected_out) != 0) 4205 exit(1); 4206 exit(0); 4207} 4208#else 4209main() { exit(0); } 4210#endif 4211 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4212 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4213 ) 4214fi 4215 4216dnl Checks for structure members 4217OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4218OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4219OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4220OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4221OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4222OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4223OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4224OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4225OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4226OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4227OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4228OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4229OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4230OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4231OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4232OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4233OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4234OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX]) 4235 4236AC_CHECK_MEMBERS([struct stat.st_blksize]) 4237AC_CHECK_MEMBERS([struct stat.st_mtim]) 4238AC_CHECK_MEMBERS([struct stat.st_mtime]) 4239AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4240struct passwd.pw_change, struct passwd.pw_expire], 4241[], [], [[ 4242#include <sys/types.h> 4243#include <pwd.h> 4244]]) 4245 4246AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4247 [Define if we don't have struct __res_state in resolv.h])], 4248[[ 4249#include <stdio.h> 4250#if HAVE_SYS_TYPES_H 4251# include <sys/types.h> 4252#endif 4253#include <netinet/in.h> 4254#include <arpa/nameser.h> 4255#include <resolv.h> 4256]]) 4257 4258AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4259 ac_cv_have_ss_family_in_struct_ss, [ 4260 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4261#include <sys/types.h> 4262#include <sys/socket.h> 4263 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4264 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4265 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4266]) 4267if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4268 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4269fi 4270 4271AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4272 ac_cv_have___ss_family_in_struct_ss, [ 4273 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4274#include <sys/types.h> 4275#include <sys/socket.h> 4276 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4277 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4278 [ ac_cv_have___ss_family_in_struct_ss="no" 4279 ]) 4280]) 4281if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4282 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4283 [Fields in struct sockaddr_storage]) 4284fi 4285 4286dnl make sure we're using the real structure members and not defines 4287AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4288 ac_cv_have_accrights_in_msghdr, [ 4289 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4290#include <sys/types.h> 4291#include <sys/socket.h> 4292#include <sys/uio.h> 4293#include <stdlib.h> 4294 ]], [[ 4295#ifdef msg_accrights 4296#error "msg_accrights is a macro" 4297exit(1); 4298#endif 4299struct msghdr m; 4300m.msg_accrights = 0; 4301exit(0); 4302 ]])], 4303 [ ac_cv_have_accrights_in_msghdr="yes" ], 4304 [ ac_cv_have_accrights_in_msghdr="no" ] 4305 ) 4306]) 4307if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4308 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4309 [Define if your system uses access rights style 4310 file descriptor passing]) 4311fi 4312 4313AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4314AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4315#include <sys/param.h> 4316#include <sys/stat.h> 4317#ifdef HAVE_SYS_TIME_H 4318# include <sys/time.h> 4319#endif 4320#ifdef HAVE_SYS_MOUNT_H 4321#include <sys/mount.h> 4322#endif 4323#ifdef HAVE_SYS_STATVFS_H 4324#include <sys/statvfs.h> 4325#endif 4326 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4327 [ AC_MSG_RESULT([yes]) ], 4328 [ AC_MSG_RESULT([no]) 4329 4330 AC_MSG_CHECKING([if fsid_t has member val]) 4331 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4332#include <sys/types.h> 4333#include <sys/statvfs.h> 4334 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4335 [ AC_MSG_RESULT([yes]) 4336 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4337 [ AC_MSG_RESULT([no]) ]) 4338 4339 AC_MSG_CHECKING([if f_fsid has member __val]) 4340 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4341#include <sys/types.h> 4342#include <sys/statvfs.h> 4343 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4344 [ AC_MSG_RESULT([yes]) 4345 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4346 [ AC_MSG_RESULT([no]) ]) 4347]) 4348 4349AC_CACHE_CHECK([for msg_control field in struct msghdr], 4350 ac_cv_have_control_in_msghdr, [ 4351 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4352#include <sys/types.h> 4353#include <sys/socket.h> 4354#include <sys/uio.h> 4355#include <stdlib.h> 4356 ]], [[ 4357#ifdef msg_control 4358#error "msg_control is a macro" 4359exit(1); 4360#endif 4361struct msghdr m; 4362m.msg_control = 0; 4363exit(0); 4364 ]])], 4365 [ ac_cv_have_control_in_msghdr="yes" ], 4366 [ ac_cv_have_control_in_msghdr="no" ] 4367 ) 4368]) 4369if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4370 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4371 [Define if your system uses ancillary data style 4372 file descriptor passing]) 4373fi 4374 4375AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4376 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4377 [[ extern char *__progname; printf("%s", __progname); ]])], 4378 [ ac_cv_libc_defines___progname="yes" ], 4379 [ ac_cv_libc_defines___progname="no" 4380 ]) 4381]) 4382if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4383 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4384fi 4385 4386AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4387 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4388 [[ printf("%s", __FUNCTION__); ]])], 4389 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4390 [ ac_cv_cc_implements___FUNCTION__="no" 4391 ]) 4392]) 4393if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4394 AC_DEFINE([HAVE___FUNCTION__], [1], 4395 [Define if compiler implements __FUNCTION__]) 4396fi 4397 4398AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4399 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4400 [[ printf("%s", __func__); ]])], 4401 [ ac_cv_cc_implements___func__="yes" ], 4402 [ ac_cv_cc_implements___func__="no" 4403 ]) 4404]) 4405if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4406 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4407fi 4408 4409AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4410 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4411#include <stdarg.h> 4412va_list x,y; 4413 ]], [[ va_copy(x,y); ]])], 4414 [ ac_cv_have_va_copy="yes" ], 4415 [ ac_cv_have_va_copy="no" 4416 ]) 4417]) 4418if test "x$ac_cv_have_va_copy" = "xyes" ; then 4419 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4420fi 4421 4422AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4423 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4424#include <stdarg.h> 4425va_list x,y; 4426 ]], [[ __va_copy(x,y); ]])], 4427 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4428 ]) 4429]) 4430if test "x$ac_cv_have___va_copy" = "xyes" ; then 4431 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4432fi 4433 4434AC_CACHE_CHECK([whether getopt has optreset support], 4435 ac_cv_have_getopt_optreset, [ 4436 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4437 [[ extern int optreset; optreset = 0; ]])], 4438 [ ac_cv_have_getopt_optreset="yes" ], 4439 [ ac_cv_have_getopt_optreset="no" 4440 ]) 4441]) 4442if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4443 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4444 [Define if your getopt(3) defines and uses optreset]) 4445fi 4446 4447AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4448 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4449[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4450 [ ac_cv_libc_defines_sys_errlist="yes" ], 4451 [ ac_cv_libc_defines_sys_errlist="no" 4452 ]) 4453]) 4454if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4455 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4456 [Define if your system defines sys_errlist[]]) 4457fi 4458 4459 4460AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4461 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4462[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4463 [ ac_cv_libc_defines_sys_nerr="yes" ], 4464 [ ac_cv_libc_defines_sys_nerr="no" 4465 ]) 4466]) 4467if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4468 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4469fi 4470 4471# Check libraries needed by DNS fingerprint support 4472AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4473 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4474 [Define if getrrsetbyname() exists])], 4475 [ 4476 # Needed by our getrrsetbyname() 4477 AC_SEARCH_LIBS([res_query], [resolv]) 4478 AC_SEARCH_LIBS([dn_expand], [resolv]) 4479 AC_MSG_CHECKING([if res_query will link]) 4480 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4481#include <sys/types.h> 4482#include <netinet/in.h> 4483#include <arpa/nameser.h> 4484#include <netdb.h> 4485#include <resolv.h> 4486 ]], [[ 4487 res_query (0, 0, 0, 0, 0); 4488 ]])], 4489 AC_MSG_RESULT([yes]), 4490 [AC_MSG_RESULT([no]) 4491 saved_LIBS="$LIBS" 4492 LIBS="$LIBS -lresolv" 4493 AC_MSG_CHECKING([for res_query in -lresolv]) 4494 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4495#include <sys/types.h> 4496#include <netinet/in.h> 4497#include <arpa/nameser.h> 4498#include <netdb.h> 4499#include <resolv.h> 4500 ]], [[ 4501 res_query (0, 0, 0, 0, 0); 4502 ]])], 4503 [AC_MSG_RESULT([yes])], 4504 [LIBS="$saved_LIBS" 4505 AC_MSG_RESULT([no])]) 4506 ]) 4507 AC_CHECK_FUNCS([_getshort _getlong]) 4508 AC_CHECK_DECLS([_getshort, _getlong], , , 4509 [#include <sys/types.h> 4510 #include <arpa/nameser.h>]) 4511 AC_CHECK_MEMBER([HEADER.ad], 4512 [AC_DEFINE([HAVE_HEADER_AD], [1], 4513 [Define if HEADER.ad exists in arpa/nameser.h])], , 4514 [#include <arpa/nameser.h>]) 4515 ]) 4516 4517AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4518AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4519#include <stdio.h> 4520#if HAVE_SYS_TYPES_H 4521# include <sys/types.h> 4522#endif 4523#include <netinet/in.h> 4524#include <arpa/nameser.h> 4525#include <resolv.h> 4526extern struct __res_state _res; 4527 ]], [[ 4528struct __res_state *volatile p = &_res; /* force resolution of _res */ 4529return 0; 4530 ]],)], 4531 [AC_MSG_RESULT([yes]) 4532 AC_DEFINE([HAVE__RES_EXTERN], [1], 4533 [Define if you have struct __res_state _res as an extern]) 4534 ], 4535 [ AC_MSG_RESULT([no]) ] 4536) 4537 4538# Check whether user wants SELinux support 4539SELINUX_MSG="no" 4540LIBSELINUX="" 4541AC_ARG_WITH([selinux], 4542 [ --with-selinux Enable SELinux support], 4543 [ if test "x$withval" != "xno" ; then 4544 save_LIBS="$LIBS" 4545 AC_DEFINE([WITH_SELINUX], [1], 4546 [Define if you want SELinux support.]) 4547 SELINUX_MSG="yes" 4548 AC_CHECK_HEADER([selinux/selinux.h], , 4549 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4550 AC_CHECK_LIB([selinux], [setexeccon], 4551 [ LIBSELINUX="-lselinux" 4552 LIBS="$LIBS -lselinux" 4553 ], 4554 AC_MSG_ERROR([SELinux support requires libselinux library])) 4555 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4556 LIBS="$save_LIBS $LIBSELINUX" 4557 fi ] 4558) 4559AC_SUBST([SSHDLIBS]) 4560 4561# Check whether user wants Kerberos 5 support 4562KRB5_MSG="no" 4563AC_ARG_WITH([kerberos5], 4564 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4565 [ if test "x$withval" != "xno" ; then 4566 if test "x$withval" = "xyes" ; then 4567 KRB5ROOT="/usr/local" 4568 else 4569 KRB5ROOT=${withval} 4570 fi 4571 4572 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4573 KRB5_MSG="yes" 4574 4575 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4576 [$KRB5ROOT/bin/krb5-config], 4577 [$KRB5ROOT/bin:$PATH]) 4578 if test -x $KRB5CONF ; then 4579 K5CFLAGS="`$KRB5CONF --cflags`" 4580 K5LIBS="`$KRB5CONF --libs`" 4581 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4582 4583 AC_MSG_CHECKING([for gssapi support]) 4584 if $KRB5CONF | grep gssapi >/dev/null ; then 4585 AC_MSG_RESULT([yes]) 4586 AC_DEFINE([GSSAPI], [1], 4587 [Define this if you want GSSAPI 4588 support in the version 2 protocol]) 4589 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4590 GSSLIBS="`$KRB5CONF --libs gssapi`" 4591 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4592 else 4593 AC_MSG_RESULT([no]) 4594 fi 4595 AC_MSG_CHECKING([whether we are using Heimdal]) 4596 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4597 ]], [[ char *tmp = heimdal_version; ]])], 4598 [ AC_MSG_RESULT([yes]) 4599 AC_DEFINE([HEIMDAL], [1], 4600 [Define this if you are using the Heimdal 4601 version of Kerberos V5]) ], 4602 [AC_MSG_RESULT([no]) 4603 ]) 4604 else 4605 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4606 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4607 AC_MSG_CHECKING([whether we are using Heimdal]) 4608 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4609 ]], [[ char *tmp = heimdal_version; ]])], 4610 [ AC_MSG_RESULT([yes]) 4611 AC_DEFINE([HEIMDAL]) 4612 K5LIBS="-lkrb5" 4613 K5LIBS="$K5LIBS -lcom_err -lasn1" 4614 AC_CHECK_LIB([roken], [net_write], 4615 [K5LIBS="$K5LIBS -lroken"]) 4616 AC_CHECK_LIB([des], [des_cbc_encrypt], 4617 [K5LIBS="$K5LIBS -ldes"]) 4618 ], [ AC_MSG_RESULT([no]) 4619 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4620 ]) 4621 AC_SEARCH_LIBS([dn_expand], [resolv]) 4622 4623 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4624 [ AC_DEFINE([GSSAPI]) 4625 GSSLIBS="-lgssapi_krb5" ], 4626 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4627 [ AC_DEFINE([GSSAPI]) 4628 GSSLIBS="-lgssapi" ], 4629 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4630 [ AC_DEFINE([GSSAPI]) 4631 GSSLIBS="-lgss" ], 4632 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4633 ]) 4634 ]) 4635 4636 AC_CHECK_HEADER([gssapi.h], , 4637 [ unset ac_cv_header_gssapi_h 4638 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4639 AC_CHECK_HEADERS([gssapi.h], , 4640 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4641 ) 4642 ] 4643 ) 4644 4645 oldCPP="$CPPFLAGS" 4646 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4647 AC_CHECK_HEADER([gssapi_krb5.h], , 4648 [ CPPFLAGS="$oldCPP" ]) 4649 4650 fi 4651 if test -n "${rpath_opt}" ; then 4652 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4653 fi 4654 if test ! -z "$blibpath" ; then 4655 blibpath="$blibpath:${KRB5ROOT}/lib" 4656 fi 4657 4658 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4659 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4660 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4661 4662 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4663 [Define this if you want to use libkafs' AFS support])]) 4664 4665 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4666#ifdef HAVE_GSSAPI_H 4667# include <gssapi.h> 4668#elif defined(HAVE_GSSAPI_GSSAPI_H) 4669# include <gssapi/gssapi.h> 4670#endif 4671 4672#ifdef HAVE_GSSAPI_GENERIC_H 4673# include <gssapi_generic.h> 4674#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4675# include <gssapi/gssapi_generic.h> 4676#endif 4677 ]]) 4678 saved_LIBS="$LIBS" 4679 LIBS="$LIBS $K5LIBS" 4680 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4681 LIBS="$saved_LIBS" 4682 4683 fi 4684 ] 4685) 4686AC_SUBST([GSSLIBS]) 4687AC_SUBST([K5LIBS]) 4688 4689# Looking for programs, paths and files 4690 4691PRIVSEP_PATH=/var/empty 4692AC_ARG_WITH([privsep-path], 4693 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4694 [ 4695 if test -n "$withval" && test "x$withval" != "xno" && \ 4696 test "x${withval}" != "xyes"; then 4697 PRIVSEP_PATH=$withval 4698 fi 4699 ] 4700) 4701AC_SUBST([PRIVSEP_PATH]) 4702 4703AC_ARG_WITH([xauth], 4704 [ --with-xauth=PATH Specify path to xauth program ], 4705 [ 4706 if test -n "$withval" && test "x$withval" != "xno" && \ 4707 test "x${withval}" != "xyes"; then 4708 xauth_path=$withval 4709 fi 4710 ], 4711 [ 4712 TestPath="$PATH" 4713 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4714 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4715 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4716 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4717 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4718 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4719 xauth_path="/usr/openwin/bin/xauth" 4720 fi 4721 ] 4722) 4723 4724STRIP_OPT=-s 4725AC_ARG_ENABLE([strip], 4726 [ --disable-strip Disable calling strip(1) on install], 4727 [ 4728 if test "x$enableval" = "xno" ; then 4729 STRIP_OPT= 4730 fi 4731 ] 4732) 4733AC_SUBST([STRIP_OPT]) 4734 4735if test -z "$xauth_path" ; then 4736 XAUTH_PATH="undefined" 4737 AC_SUBST([XAUTH_PATH]) 4738else 4739 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4740 [Define if xauth is found in your path]) 4741 XAUTH_PATH=$xauth_path 4742 AC_SUBST([XAUTH_PATH]) 4743fi 4744 4745dnl # --with-maildir=/path/to/mail gets top priority. 4746dnl # if maildir is set in the platform case statement above we use that. 4747dnl # Otherwise we run a program to get the dir from system headers. 4748dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4749dnl # If we find _PATH_MAILDIR we do nothing because that is what 4750dnl # session.c expects anyway. Otherwise we set to the value found 4751dnl # stripping any trailing slash. If for some strage reason our program 4752dnl # does not find what it needs, we default to /var/spool/mail. 4753# Check for mail directory 4754AC_ARG_WITH([maildir], 4755 [ --with-maildir=/path/to/mail Specify your system mail directory], 4756 [ 4757 if test "X$withval" != X && test "x$withval" != xno && \ 4758 test "x${withval}" != xyes; then 4759 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4760 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4761 fi 4762 ],[ 4763 if test "X$maildir" != "X"; then 4764 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4765 else 4766 AC_MSG_CHECKING([Discovering system mail directory]) 4767 AC_RUN_IFELSE( 4768 [AC_LANG_PROGRAM([[ 4769#include <stdio.h> 4770#include <stdlib.h> 4771#include <string.h> 4772#ifdef HAVE_PATHS_H 4773#include <paths.h> 4774#endif 4775#ifdef HAVE_MAILLOCK_H 4776#include <maillock.h> 4777#endif 4778#define DATA "conftest.maildir" 4779 ]], [[ 4780 FILE *fd; 4781 int rc; 4782 4783 fd = fopen(DATA,"w"); 4784 if(fd == NULL) 4785 exit(1); 4786 4787#if defined (_PATH_MAILDIR) 4788 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4789 exit(1); 4790#elif defined (MAILDIR) 4791 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4792 exit(1); 4793#elif defined (_PATH_MAIL) 4794 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4795 exit(1); 4796#else 4797 exit (2); 4798#endif 4799 4800 exit(0); 4801 ]])], 4802 [ 4803 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4804 maildir=`awk -F: '{print $2}' conftest.maildir \ 4805 | sed 's|/$||'` 4806 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4807 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4808 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4809 fi 4810 ], 4811 [ 4812 if test "X$ac_status" = "X2";then 4813# our test program didn't find it. Default to /var/spool/mail 4814 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4815 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4816 else 4817 AC_MSG_RESULT([*** not found ***]) 4818 fi 4819 ], 4820 [ 4821 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4822 ] 4823 ) 4824 fi 4825 ] 4826) # maildir 4827 4828if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4829 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4830 disable_ptmx_check=yes 4831fi 4832if test -z "$no_dev_ptmx" ; then 4833 if test "x$disable_ptmx_check" != "xyes" ; then 4834 AC_CHECK_FILE(["/dev/ptmx"], 4835 [ 4836 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4837 [Define if you have /dev/ptmx]) 4838 have_dev_ptmx=1 4839 ] 4840 ) 4841 fi 4842fi 4843 4844if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4845 AC_CHECK_FILE(["/dev/ptc"], 4846 [ 4847 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4848 [Define if you have /dev/ptc]) 4849 have_dev_ptc=1 4850 ] 4851 ) 4852else 4853 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4854fi 4855 4856# Options from here on. Some of these are preset by platform above 4857AC_ARG_WITH([mantype], 4858 [ --with-mantype=man|cat|doc Set man page type], 4859 [ 4860 case "$withval" in 4861 man|cat|doc) 4862 MANTYPE=$withval 4863 ;; 4864 *) 4865 AC_MSG_ERROR([invalid man type: $withval]) 4866 ;; 4867 esac 4868 ] 4869) 4870if test -z "$MANTYPE"; then 4871 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 4872 MANTYPE=doc 4873 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4874 MANTYPE=doc 4875 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4876 MANTYPE=man 4877 else 4878 MANTYPE=cat 4879 fi 4880fi 4881AC_SUBST([MANTYPE]) 4882if test "$MANTYPE" = "doc"; then 4883 mansubdir=man; 4884else 4885 mansubdir=$MANTYPE; 4886fi 4887AC_SUBST([mansubdir]) 4888 4889# Check whether to enable MD5 passwords 4890MD5_MSG="no" 4891AC_ARG_WITH([md5-passwords], 4892 [ --with-md5-passwords Enable use of MD5 passwords], 4893 [ 4894 if test "x$withval" != "xno" ; then 4895 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4896 [Define if you want to allow MD5 passwords]) 4897 MD5_MSG="yes" 4898 fi 4899 ] 4900) 4901 4902# Whether to disable shadow password support 4903AC_ARG_WITH([shadow], 4904 [ --without-shadow Disable shadow password support], 4905 [ 4906 if test "x$withval" = "xno" ; then 4907 AC_DEFINE([DISABLE_SHADOW]) 4908 disable_shadow=yes 4909 fi 4910 ] 4911) 4912 4913if test -z "$disable_shadow" ; then 4914 AC_MSG_CHECKING([if the systems has expire shadow information]) 4915 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4916#include <sys/types.h> 4917#include <shadow.h> 4918struct spwd sp; 4919 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4920 [ sp_expire_available=yes ], [ 4921 ]) 4922 4923 if test "x$sp_expire_available" = "xyes" ; then 4924 AC_MSG_RESULT([yes]) 4925 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4926 [Define if you want to use shadow password expire field]) 4927 else 4928 AC_MSG_RESULT([no]) 4929 fi 4930fi 4931 4932# Use ip address instead of hostname in $DISPLAY 4933if test ! -z "$IPADDR_IN_DISPLAY" ; then 4934 DISPLAY_HACK_MSG="yes" 4935 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4936 [Define if you need to use IP address 4937 instead of hostname in $DISPLAY]) 4938else 4939 DISPLAY_HACK_MSG="no" 4940 AC_ARG_WITH([ipaddr-display], 4941 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 4942 [ 4943 if test "x$withval" != "xno" ; then 4944 AC_DEFINE([IPADDR_IN_DISPLAY]) 4945 DISPLAY_HACK_MSG="yes" 4946 fi 4947 ] 4948 ) 4949fi 4950 4951# check for /etc/default/login and use it if present. 4952AC_ARG_ENABLE([etc-default-login], 4953 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4954 [ if test "x$enableval" = "xno"; then 4955 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4956 etc_default_login=no 4957 else 4958 etc_default_login=yes 4959 fi ], 4960 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4961 then 4962 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4963 etc_default_login=no 4964 else 4965 etc_default_login=yes 4966 fi ] 4967) 4968 4969if test "x$etc_default_login" != "xno"; then 4970 AC_CHECK_FILE(["/etc/default/login"], 4971 [ external_path_file=/etc/default/login ]) 4972 if test "x$external_path_file" = "x/etc/default/login"; then 4973 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4974 [Define if your system has /etc/default/login]) 4975 fi 4976fi 4977 4978dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4979if test $ac_cv_func_login_getcapbool = "yes" && \ 4980 test $ac_cv_header_login_cap_h = "yes" ; then 4981 external_path_file=/etc/login.conf 4982fi 4983 4984# Whether to mess with the default path 4985SERVER_PATH_MSG="(default)" 4986AC_ARG_WITH([default-path], 4987 [ --with-default-path= Specify default $PATH environment for server], 4988 [ 4989 if test "x$external_path_file" = "x/etc/login.conf" ; then 4990 AC_MSG_WARN([ 4991--with-default-path=PATH has no effect on this system. 4992Edit /etc/login.conf instead.]) 4993 elif test "x$withval" != "xno" ; then 4994 if test ! -z "$external_path_file" ; then 4995 AC_MSG_WARN([ 4996--with-default-path=PATH will only be used if PATH is not defined in 4997$external_path_file .]) 4998 fi 4999 user_path="$withval" 5000 SERVER_PATH_MSG="$withval" 5001 fi 5002 ], 5003 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 5004 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 5005 else 5006 if test ! -z "$external_path_file" ; then 5007 AC_MSG_WARN([ 5008If PATH is defined in $external_path_file, ensure the path to scp is included, 5009otherwise scp will not work.]) 5010 fi 5011 AC_RUN_IFELSE( 5012 [AC_LANG_PROGRAM([[ 5013/* find out what STDPATH is */ 5014#include <stdio.h> 5015#include <stdlib.h> 5016#ifdef HAVE_PATHS_H 5017# include <paths.h> 5018#endif 5019#ifndef _PATH_STDPATH 5020# ifdef _PATH_USERPATH /* Irix */ 5021# define _PATH_STDPATH _PATH_USERPATH 5022# else 5023# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 5024# endif 5025#endif 5026#include <sys/types.h> 5027#include <sys/stat.h> 5028#include <fcntl.h> 5029#define DATA "conftest.stdpath" 5030 ]], [[ 5031 FILE *fd; 5032 int rc; 5033 5034 fd = fopen(DATA,"w"); 5035 if(fd == NULL) 5036 exit(1); 5037 5038 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5039 exit(1); 5040 5041 exit(0); 5042 ]])], 5043 [ user_path=`cat conftest.stdpath` ], 5044 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5045 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5046 ) 5047# make sure $bindir is in USER_PATH so scp will work 5048 t_bindir="${bindir}" 5049 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5050 t_bindir=`eval echo ${t_bindir}` 5051 case $t_bindir in 5052 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5053 esac 5054 case $t_bindir in 5055 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5056 esac 5057 done 5058 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5059 if test $? -ne 0 ; then 5060 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5061 if test $? -ne 0 ; then 5062 user_path=$user_path:$t_bindir 5063 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5064 fi 5065 fi 5066 fi ] 5067) 5068if test "x$external_path_file" != "x/etc/login.conf" ; then 5069 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5070 AC_SUBST([user_path]) 5071fi 5072 5073# Set superuser path separately to user path 5074AC_ARG_WITH([superuser-path], 5075 [ --with-superuser-path= Specify different path for super-user], 5076 [ 5077 if test -n "$withval" && test "x$withval" != "xno" && \ 5078 test "x${withval}" != "xyes"; then 5079 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5080 [Define if you want a different $PATH 5081 for the superuser]) 5082 superuser_path=$withval 5083 fi 5084 ] 5085) 5086 5087 5088AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5089IPV4_IN6_HACK_MSG="no" 5090AC_ARG_WITH(4in6, 5091 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5092 [ 5093 if test "x$withval" != "xno" ; then 5094 AC_MSG_RESULT([yes]) 5095 AC_DEFINE([IPV4_IN_IPV6], [1], 5096 [Detect IPv4 in IPv6 mapped addresses 5097 and treat as IPv4]) 5098 IPV4_IN6_HACK_MSG="yes" 5099 else 5100 AC_MSG_RESULT([no]) 5101 fi 5102 ], [ 5103 if test "x$inet6_default_4in6" = "xyes"; then 5104 AC_MSG_RESULT([yes (default)]) 5105 AC_DEFINE([IPV4_IN_IPV6]) 5106 IPV4_IN6_HACK_MSG="yes" 5107 else 5108 AC_MSG_RESULT([no (default)]) 5109 fi 5110 ] 5111) 5112 5113# Whether to enable BSD auth support 5114BSD_AUTH_MSG=no 5115AC_ARG_WITH([bsd-auth], 5116 [ --with-bsd-auth Enable BSD auth support], 5117 [ 5118 if test "x$withval" != "xno" ; then 5119 AC_DEFINE([BSD_AUTH], [1], 5120 [Define if you have BSD auth support]) 5121 BSD_AUTH_MSG=yes 5122 fi 5123 ] 5124) 5125 5126# Where to place sshd.pid 5127piddir=/var/run 5128# make sure the directory exists 5129if test ! -d $piddir ; then 5130 piddir=`eval echo ${sysconfdir}` 5131 case $piddir in 5132 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5133 esac 5134fi 5135 5136AC_ARG_WITH([pid-dir], 5137 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5138 [ 5139 if test -n "$withval" && test "x$withval" != "xno" && \ 5140 test "x${withval}" != "xyes"; then 5141 piddir=$withval 5142 if test ! -d $piddir ; then 5143 AC_MSG_WARN([** no $piddir directory on this system **]) 5144 fi 5145 fi 5146 ] 5147) 5148 5149AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5150 [Specify location of ssh.pid]) 5151AC_SUBST([piddir]) 5152 5153dnl allow user to disable some login recording features 5154AC_ARG_ENABLE([lastlog], 5155 [ --disable-lastlog disable use of lastlog even if detected [no]], 5156 [ 5157 if test "x$enableval" = "xno" ; then 5158 AC_DEFINE([DISABLE_LASTLOG]) 5159 fi 5160 ] 5161) 5162AC_ARG_ENABLE([utmp], 5163 [ --disable-utmp disable use of utmp even if detected [no]], 5164 [ 5165 if test "x$enableval" = "xno" ; then 5166 AC_DEFINE([DISABLE_UTMP]) 5167 fi 5168 ] 5169) 5170AC_ARG_ENABLE([utmpx], 5171 [ --disable-utmpx disable use of utmpx even if detected [no]], 5172 [ 5173 if test "x$enableval" = "xno" ; then 5174 AC_DEFINE([DISABLE_UTMPX], [1], 5175 [Define if you don't want to use utmpx]) 5176 fi 5177 ] 5178) 5179AC_ARG_ENABLE([wtmp], 5180 [ --disable-wtmp disable use of wtmp even if detected [no]], 5181 [ 5182 if test "x$enableval" = "xno" ; then 5183 AC_DEFINE([DISABLE_WTMP]) 5184 fi 5185 ] 5186) 5187AC_ARG_ENABLE([wtmpx], 5188 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5189 [ 5190 if test "x$enableval" = "xno" ; then 5191 AC_DEFINE([DISABLE_WTMPX], [1], 5192 [Define if you don't want to use wtmpx]) 5193 fi 5194 ] 5195) 5196AC_ARG_ENABLE([libutil], 5197 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5198 [ 5199 if test "x$enableval" = "xno" ; then 5200 AC_DEFINE([DISABLE_LOGIN]) 5201 fi 5202 ] 5203) 5204AC_ARG_ENABLE([pututline], 5205 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5206 [ 5207 if test "x$enableval" = "xno" ; then 5208 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5209 [Define if you don't want to use pututline() 5210 etc. to write [uw]tmp]) 5211 fi 5212 ] 5213) 5214AC_ARG_ENABLE([pututxline], 5215 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5216 [ 5217 if test "x$enableval" = "xno" ; then 5218 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5219 [Define if you don't want to use pututxline() 5220 etc. to write [uw]tmpx]) 5221 fi 5222 ] 5223) 5224AC_ARG_WITH([lastlog], 5225 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5226 [ 5227 if test "x$withval" = "xno" ; then 5228 AC_DEFINE([DISABLE_LASTLOG]) 5229 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5230 conf_lastlog_location=$withval 5231 fi 5232 ] 5233) 5234 5235dnl lastlog, [uw]tmpx? detection 5236dnl NOTE: set the paths in the platform section to avoid the 5237dnl need for command-line parameters 5238dnl lastlog and [uw]tmp are subject to a file search if all else fails 5239 5240dnl lastlog detection 5241dnl NOTE: the code itself will detect if lastlog is a directory 5242AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5243AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5244#include <sys/types.h> 5245#include <utmp.h> 5246#ifdef HAVE_LASTLOG_H 5247# include <lastlog.h> 5248#endif 5249#ifdef HAVE_PATHS_H 5250# include <paths.h> 5251#endif 5252#ifdef HAVE_LOGIN_H 5253# include <login.h> 5254#endif 5255 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5256 [ AC_MSG_RESULT([yes]) ], 5257 [ 5258 AC_MSG_RESULT([no]) 5259 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5260 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5261#include <sys/types.h> 5262#include <utmp.h> 5263#ifdef HAVE_LASTLOG_H 5264# include <lastlog.h> 5265#endif 5266#ifdef HAVE_PATHS_H 5267# include <paths.h> 5268#endif 5269 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5270 [ AC_MSG_RESULT([yes]) ], 5271 [ 5272 AC_MSG_RESULT([no]) 5273 system_lastlog_path=no 5274 ]) 5275]) 5276 5277if test -z "$conf_lastlog_location"; then 5278 if test x"$system_lastlog_path" = x"no" ; then 5279 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5280 if (test -d "$f" || test -f "$f") ; then 5281 conf_lastlog_location=$f 5282 fi 5283 done 5284 if test -z "$conf_lastlog_location"; then 5285 AC_MSG_WARN([** Cannot find lastlog **]) 5286 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5287 fi 5288 fi 5289fi 5290 5291if test -n "$conf_lastlog_location"; then 5292 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5293 [Define if you want to specify the path to your lastlog file]) 5294fi 5295 5296dnl utmp detection 5297AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5298AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5299#include <sys/types.h> 5300#include <utmp.h> 5301#ifdef HAVE_PATHS_H 5302# include <paths.h> 5303#endif 5304 ]], [[ char *utmp = UTMP_FILE; ]])], 5305 [ AC_MSG_RESULT([yes]) ], 5306 [ AC_MSG_RESULT([no]) 5307 system_utmp_path=no 5308]) 5309if test -z "$conf_utmp_location"; then 5310 if test x"$system_utmp_path" = x"no" ; then 5311 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5312 if test -f $f ; then 5313 conf_utmp_location=$f 5314 fi 5315 done 5316 if test -z "$conf_utmp_location"; then 5317 AC_DEFINE([DISABLE_UTMP]) 5318 fi 5319 fi 5320fi 5321if test -n "$conf_utmp_location"; then 5322 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5323 [Define if you want to specify the path to your utmp file]) 5324fi 5325 5326dnl wtmp detection 5327AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5328AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5329#include <sys/types.h> 5330#include <utmp.h> 5331#ifdef HAVE_PATHS_H 5332# include <paths.h> 5333#endif 5334 ]], [[ char *wtmp = WTMP_FILE; ]])], 5335 [ AC_MSG_RESULT([yes]) ], 5336 [ AC_MSG_RESULT([no]) 5337 system_wtmp_path=no 5338]) 5339if test -z "$conf_wtmp_location"; then 5340 if test x"$system_wtmp_path" = x"no" ; then 5341 for f in /usr/adm/wtmp /var/log/wtmp; do 5342 if test -f $f ; then 5343 conf_wtmp_location=$f 5344 fi 5345 done 5346 if test -z "$conf_wtmp_location"; then 5347 AC_DEFINE([DISABLE_WTMP]) 5348 fi 5349 fi 5350fi 5351if test -n "$conf_wtmp_location"; then 5352 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5353 [Define if you want to specify the path to your wtmp file]) 5354fi 5355 5356dnl wtmpx detection 5357AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5358AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5359#include <sys/types.h> 5360#include <utmp.h> 5361#ifdef HAVE_UTMPX_H 5362#include <utmpx.h> 5363#endif 5364#ifdef HAVE_PATHS_H 5365# include <paths.h> 5366#endif 5367 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5368 [ AC_MSG_RESULT([yes]) ], 5369 [ AC_MSG_RESULT([no]) 5370 system_wtmpx_path=no 5371]) 5372if test -z "$conf_wtmpx_location"; then 5373 if test x"$system_wtmpx_path" = x"no" ; then 5374 AC_DEFINE([DISABLE_WTMPX]) 5375 fi 5376else 5377 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5378 [Define if you want to specify the path to your wtmpx file]) 5379fi 5380 5381 5382if test ! -z "$blibpath" ; then 5383 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5384 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5385fi 5386 5387AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5388 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5389 AC_DEFINE([DISABLE_LASTLOG]) 5390 fi 5391 ], [ 5392#ifdef HAVE_SYS_TYPES_H 5393#include <sys/types.h> 5394#endif 5395#ifdef HAVE_UTMP_H 5396#include <utmp.h> 5397#endif 5398#ifdef HAVE_UTMPX_H 5399#include <utmpx.h> 5400#endif 5401#ifdef HAVE_LASTLOG_H 5402#include <lastlog.h> 5403#endif 5404 ]) 5405 5406AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5407 AC_DEFINE([DISABLE_UTMP]) 5408 AC_DEFINE([DISABLE_WTMP]) 5409 ], [ 5410#ifdef HAVE_SYS_TYPES_H 5411#include <sys/types.h> 5412#endif 5413#ifdef HAVE_UTMP_H 5414#include <utmp.h> 5415#endif 5416#ifdef HAVE_UTMPX_H 5417#include <utmpx.h> 5418#endif 5419#ifdef HAVE_LASTLOG_H 5420#include <lastlog.h> 5421#endif 5422 ]) 5423 5424dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5425dnl Add now. 5426CFLAGS="$CFLAGS $werror_flags" 5427 5428if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5429 TEST_SSH_IPV6=no 5430else 5431 TEST_SSH_IPV6=yes 5432fi 5433AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5434AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5435AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5436AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5437AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5438AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5439 5440CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5441LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5442 5443# Make a copy of CFLAGS/LDFLAGS without PIE options. 5444LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5445CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5446AC_SUBST([LDFLAGS_NOPIE]) 5447AC_SUBST([CFLAGS_NOPIE]) 5448 5449AC_EXEEXT 5450AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5451 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5452 survey.sh]) 5453AC_OUTPUT 5454 5455# Print summary of options 5456 5457# Someone please show me a better way :) 5458A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5459B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5460C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5461D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5462E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5463F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5464G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5465H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5466I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5467J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5468 5469echo "" 5470echo "OpenSSH has been configured with the following options:" 5471echo " User binaries: $B" 5472echo " System binaries: $C" 5473echo " Configuration files: $D" 5474echo " Askpass program: $E" 5475echo " Manual pages: $F" 5476echo " PID file: $G" 5477echo " Privilege separation chroot path: $H" 5478if test "x$external_path_file" = "x/etc/login.conf" ; then 5479echo " At runtime, sshd will use the path defined in $external_path_file" 5480echo " Make sure the path to scp is present, otherwise scp will not work" 5481else 5482echo " sshd default user PATH: $I" 5483 if test ! -z "$external_path_file"; then 5484echo " (If PATH is set in $external_path_file it will be used instead. If" 5485echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5486 fi 5487fi 5488if test ! -z "$superuser_path" ; then 5489echo " sshd superuser user PATH: $J" 5490fi 5491echo " Manpage format: $MANTYPE" 5492echo " PAM support: $PAM_MSG" 5493echo " OSF SIA support: $SIA_MSG" 5494echo " KerberosV support: $KRB5_MSG" 5495echo " SELinux support: $SELINUX_MSG" 5496echo " MD5 password support: $MD5_MSG" 5497echo " libedit support: $LIBEDIT_MSG" 5498echo " libldns support: $LDNS_MSG" 5499echo " Solaris process contract support: $SPC_MSG" 5500echo " Solaris project support: $SP_MSG" 5501echo " Solaris privilege support: $SPP_MSG" 5502echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5503echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5504echo " BSD Auth support: $BSD_AUTH_MSG" 5505echo " Random number source: $RAND_MSG" 5506echo " Privsep sandbox style: $SANDBOX_STYLE" 5507echo " PKCS#11 support: $enable_pkcs11" 5508echo " U2F/FIDO support: $enable_sk" 5509 5510echo "" 5511 5512echo " Host: ${host}" 5513echo " Compiler: ${CC}" 5514echo " Compiler flags: ${CFLAGS}" 5515echo "Preprocessor flags: ${CPPFLAGS}" 5516echo " Linker flags: ${LDFLAGS}" 5517echo " Libraries: ${LIBS}" 5518if test ! -z "${SSHDLIBS}"; then 5519echo " +for sshd: ${SSHDLIBS}" 5520fi 5521 5522echo "" 5523 5524if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5525 echo "SVR4 style packages are supported with \"make package\"" 5526 echo "" 5527fi 5528 5529if test "x$PAM_MSG" = "xyes" ; then 5530 echo "PAM is enabled. You may need to install a PAM control file " 5531 echo "for sshd, otherwise password authentication may fail. " 5532 echo "Example PAM control files can be found in the contrib/ " 5533 echo "subdirectory" 5534 echo "" 5535fi 5536 5537if test ! -z "$NO_PEERCHECK" ; then 5538 echo "WARNING: the operating system that you are using does not" 5539 echo "appear to support getpeereid(), getpeerucred() or the" 5540 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5541 echo "enforce security checks to prevent unauthorised connections to" 5542 echo "ssh-agent. Their absence increases the risk that a malicious" 5543 echo "user can connect to your agent." 5544 echo "" 5545fi 5546 5547if test "$AUDIT_MODULE" = "bsm" ; then 5548 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5549 echo "See the Solaris section in README.platform for details." 5550fi 5551