1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_CONFIG_SRCDIR([ssh.c]) 18AC_LANG([C]) 19 20AC_CONFIG_HEADER([config.h]) 21AC_PROG_CC([cc gcc]) 22AC_CANONICAL_HOST 23AC_C_BIGENDIAN 24 25# Checks for programs. 26AC_PROG_AWK 27AC_PROG_CPP 28AC_PROG_RANLIB 29AC_PROG_INSTALL 30AC_PROG_EGREP 31AC_PROG_MKDIR_P 32AC_CHECK_TOOLS([AR], [ar]) 33AC_PATH_PROG([CAT], [cat]) 34AC_PATH_PROG([KILL], [kill]) 35AC_PATH_PROG([SED], [sed]) 36AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 37AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 38AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 39AC_PATH_PROG([SH], [sh]) 40AC_PATH_PROG([GROFF], [groff]) 41AC_PATH_PROG([NROFF], [nroff awf]) 42AC_PATH_PROG([MANDOC], [mandoc]) 43AC_SUBST([TEST_SHELL], [sh]) 44 45dnl select manpage formatter to be used to build "cat" format pages. 46if test "x$MANDOC" != "x" ; then 47 MANFMT="$MANDOC" 48elif test "x$NROFF" != "x" ; then 49 MANFMT="$NROFF -mandoc" 50elif test "x$GROFF" != "x" ; then 51 MANFMT="$GROFF -mandoc -Tascii" 52else 53 AC_MSG_WARN([no manpage formatter found]) 54 MANFMT="false" 55fi 56AC_SUBST([MANFMT]) 57 58dnl for buildpkg.sh 59AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 60 [/usr/sbin${PATH_SEPARATOR}/etc]) 61AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 62 [/usr/sbin${PATH_SEPARATOR}/etc]) 63AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 64if test -x /sbin/sh; then 65 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 66else 67 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 68fi 69 70# System features 71AC_SYS_LARGEFILE 72 73if test -z "$AR" ; then 74 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 75fi 76 77AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 78if test ! -z "$PATH_PASSWD_PROG" ; then 79 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 80 [Full path of your "passwd" program]) 81fi 82 83dnl Since autoconf doesn't support it very well, we no longer allow users to 84dnl override LD, however keeping the hook here for now in case there's a use 85dnl use case we overlooked and someone needs to re-enable it. Unless a good 86dnl reason is found we'll be removing this in future. 87LD="$CC" 88AC_SUBST([LD]) 89 90AC_C_INLINE 91 92AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 93AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 94AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 95 #include <sys/types.h> 96 #include <sys/param.h> 97 #include <dev/systrace.h> 98]) 99AC_CHECK_DECL([RLIMIT_NPROC], 100 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 101 #include <sys/types.h> 102 #include <sys/resource.h> 103]) 104AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 105 #include <sys/types.h> 106 #include <linux/prctl.h> 107]) 108 109openssl=yes 110AC_ARG_WITH([openssl], 111 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 112 [ if test "x$withval" = "xno" ; then 113 openssl=no 114 fi 115 ] 116) 117AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 118if test "x$openssl" = "xyes" ; then 119 AC_MSG_RESULT([yes]) 120 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 121else 122 AC_MSG_RESULT([no]) 123fi 124 125use_stack_protector=1 126use_toolchain_hardening=1 127AC_ARG_WITH([stackprotect], 128 [ --without-stackprotect Don't use compiler's stack protection], [ 129 if test "x$withval" = "xno"; then 130 use_stack_protector=0 131 fi ]) 132AC_ARG_WITH([hardening], 133 [ --without-hardening Don't use toolchain hardening flags], [ 134 if test "x$withval" = "xno"; then 135 use_toolchain_hardening=0 136 fi ]) 137 138# We use -Werror for the tests only so that we catch warnings like "this is 139# on by default" for things like -fPIE. 140AC_MSG_CHECKING([if $CC supports -Werror]) 141saved_CFLAGS="$CFLAGS" 142CFLAGS="$CFLAGS -Werror" 143AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 144 [ AC_MSG_RESULT([yes]) 145 WERROR="-Werror"], 146 [ AC_MSG_RESULT([no]) 147 WERROR="" ] 148) 149CFLAGS="$saved_CFLAGS" 150 151if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 152 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 153 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 154 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 155 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 156 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 157 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 158 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 159 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 160 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 161 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 162 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 163 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 164 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 165 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 166 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 167 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 168 if test "x$use_toolchain_hardening" = "x1"; then 169 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 170 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 171 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 172 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 173 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 174 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 175 # NB. -ftrapv expects certain support functions to be present in 176 # the compiler library (libgcc or similar) to detect integer operations 177 # that can overflow. We must check that the result of enabling it 178 # actually links. The test program compiled/linked includes a number 179 # of integer operations that should exercise this. 180 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 181 fi 182 AC_MSG_CHECKING([gcc version]) 183 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 184 case $GCC_VER in 185 1.*) no_attrib_nonnull=1 ;; 186 2.8* | 2.9*) 187 no_attrib_nonnull=1 188 ;; 189 2.*) no_attrib_nonnull=1 ;; 190 *) ;; 191 esac 192 AC_MSG_RESULT([$GCC_VER]) 193 194 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 195 saved_CFLAGS="$CFLAGS" 196 CFLAGS="$CFLAGS -fno-builtin-memset" 197 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 198 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 199 [ AC_MSG_RESULT([yes]) ], 200 [ AC_MSG_RESULT([no]) 201 CFLAGS="$saved_CFLAGS" ] 202 ) 203 204 # -fstack-protector-all doesn't always work for some GCC versions 205 # and/or platforms, so we test if we can. If it's not supported 206 # on a given platform gcc will emit a warning so we use -Werror. 207 if test "x$use_stack_protector" = "x1"; then 208 for t in -fstack-protector-strong -fstack-protector-all \ 209 -fstack-protector; do 210 AC_MSG_CHECKING([if $CC supports $t]) 211 saved_CFLAGS="$CFLAGS" 212 saved_LDFLAGS="$LDFLAGS" 213 CFLAGS="$CFLAGS $t -Werror" 214 LDFLAGS="$LDFLAGS $t -Werror" 215 AC_LINK_IFELSE( 216 [AC_LANG_PROGRAM([[ 217 #include <stdio.h> 218 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 219 ]], 220 [[ 221 char x[256]; 222 snprintf(x, sizeof(x), "XXX%d", func(1)); 223 ]])], 224 [ AC_MSG_RESULT([yes]) 225 CFLAGS="$saved_CFLAGS $t" 226 LDFLAGS="$saved_LDFLAGS $t" 227 AC_MSG_CHECKING([if $t works]) 228 AC_RUN_IFELSE( 229 [AC_LANG_PROGRAM([[ 230 #include <stdio.h> 231 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 232 ]], 233 [[ 234 char x[256]; 235 snprintf(x, sizeof(x), "XXX%d", func(1)); 236 ]])], 237 [ AC_MSG_RESULT([yes]) 238 break ], 239 [ AC_MSG_RESULT([no]) ], 240 [ AC_MSG_WARN([cross compiling: cannot test]) 241 break ] 242 ) 243 ], 244 [ AC_MSG_RESULT([no]) ] 245 ) 246 CFLAGS="$saved_CFLAGS" 247 LDFLAGS="$saved_LDFLAGS" 248 done 249 fi 250 251 if test -z "$have_llong_max"; then 252 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 253 unset ac_cv_have_decl_LLONG_MAX 254 saved_CFLAGS="$CFLAGS" 255 CFLAGS="$CFLAGS -std=gnu99" 256 AC_CHECK_DECL([LLONG_MAX], 257 [have_llong_max=1], 258 [CFLAGS="$saved_CFLAGS"], 259 [#include <limits.h>] 260 ) 261 fi 262fi 263 264AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 265AC_COMPILE_IFELSE( 266 [AC_LANG_PROGRAM([[ 267#include <stdlib.h> 268__attribute__((__unused__)) static void foo(void){return;}]], 269 [[ exit(0); ]])], 270 [ AC_MSG_RESULT([yes]) ], 271 [ AC_MSG_RESULT([no]) 272 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 273 [compiler does not accept __attribute__ on return types]) ] 274) 275 276AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 277AC_COMPILE_IFELSE( 278 [AC_LANG_PROGRAM([[ 279#include <stdlib.h> 280typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 281 [[ exit(0); ]])], 282 [ AC_MSG_RESULT([yes]) ], 283 [ AC_MSG_RESULT([no]) 284 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 285 [compiler does not accept __attribute__ on prototype args]) ] 286) 287 288if test "x$no_attrib_nonnull" != "x1" ; then 289 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 290fi 291 292AC_ARG_WITH([rpath], 293 [ --without-rpath Disable auto-added -R linker paths], 294 [ 295 if test "x$withval" = "xno" ; then 296 rpath_opt="" 297 elif test "x$withval" = "xyes" ; then 298 rpath_opt="-R" 299 else 300 rpath_opt="$withval" 301 fi 302 ] 303) 304 305# Allow user to specify flags 306AC_ARG_WITH([cflags], 307 [ --with-cflags Specify additional flags to pass to compiler], 308 [ 309 if test -n "$withval" && test "x$withval" != "xno" && \ 310 test "x${withval}" != "xyes"; then 311 CFLAGS="$CFLAGS $withval" 312 fi 313 ] 314) 315 316AC_ARG_WITH([cflags-after], 317 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 318 [ 319 if test -n "$withval" && test "x$withval" != "xno" && \ 320 test "x${withval}" != "xyes"; then 321 CFLAGS_AFTER="$withval" 322 fi 323 ] 324) 325AC_ARG_WITH([cppflags], 326 [ --with-cppflags Specify additional flags to pass to preprocessor] , 327 [ 328 if test -n "$withval" && test "x$withval" != "xno" && \ 329 test "x${withval}" != "xyes"; then 330 CPPFLAGS="$CPPFLAGS $withval" 331 fi 332 ] 333) 334AC_ARG_WITH([ldflags], 335 [ --with-ldflags Specify additional flags to pass to linker], 336 [ 337 if test -n "$withval" && test "x$withval" != "xno" && \ 338 test "x${withval}" != "xyes"; then 339 LDFLAGS="$LDFLAGS $withval" 340 fi 341 ] 342) 343AC_ARG_WITH([ldflags-after], 344 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 345 [ 346 if test -n "$withval" && test "x$withval" != "xno" && \ 347 test "x${withval}" != "xyes"; then 348 LDFLAGS_AFTER="$withval" 349 fi 350 ] 351) 352AC_ARG_WITH([libs], 353 [ --with-libs Specify additional libraries to link with], 354 [ 355 if test -n "$withval" && test "x$withval" != "xno" && \ 356 test "x${withval}" != "xyes"; then 357 LIBS="$LIBS $withval" 358 fi 359 ] 360) 361AC_ARG_WITH([Werror], 362 [ --with-Werror Build main code with -Werror], 363 [ 364 if test -n "$withval" && test "x$withval" != "xno"; then 365 werror_flags="-Werror" 366 if test "x${withval}" != "xyes"; then 367 werror_flags="$withval" 368 fi 369 fi 370 ] 371) 372 373AC_CHECK_HEADERS([ \ 374 blf.h \ 375 bstring.h \ 376 crypt.h \ 377 crypto/sha2.h \ 378 dirent.h \ 379 endian.h \ 380 elf.h \ 381 err.h \ 382 features.h \ 383 fcntl.h \ 384 floatingpoint.h \ 385 fnmatch.h \ 386 getopt.h \ 387 glob.h \ 388 ia.h \ 389 iaf.h \ 390 ifaddrs.h \ 391 inttypes.h \ 392 langinfo.h \ 393 limits.h \ 394 locale.h \ 395 login.h \ 396 maillock.h \ 397 ndir.h \ 398 net/if_tun.h \ 399 netdb.h \ 400 netgroup.h \ 401 pam/pam_appl.h \ 402 paths.h \ 403 poll.h \ 404 pty.h \ 405 readpassphrase.h \ 406 rpc/types.h \ 407 security/pam_appl.h \ 408 sha2.h \ 409 shadow.h \ 410 stddef.h \ 411 stdint.h \ 412 string.h \ 413 strings.h \ 414 sys/bitypes.h \ 415 sys/byteorder.h \ 416 sys/bsdtty.h \ 417 sys/cdefs.h \ 418 sys/dir.h \ 419 sys/file.h \ 420 sys/mman.h \ 421 sys/label.h \ 422 sys/ndir.h \ 423 sys/poll.h \ 424 sys/prctl.h \ 425 sys/pstat.h \ 426 sys/ptrace.h \ 427 sys/random.h \ 428 sys/select.h \ 429 sys/stat.h \ 430 sys/stream.h \ 431 sys/stropts.h \ 432 sys/strtio.h \ 433 sys/statvfs.h \ 434 sys/sysmacros.h \ 435 sys/time.h \ 436 sys/timers.h \ 437 sys/vfs.h \ 438 time.h \ 439 tmpdir.h \ 440 ttyent.h \ 441 ucred.h \ 442 unistd.h \ 443 usersec.h \ 444 util.h \ 445 utime.h \ 446 utmp.h \ 447 utmpx.h \ 448 vis.h \ 449 wchar.h \ 450]) 451 452# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 453# to be included first. 454AC_CHECK_HEADERS([sys/audit.h], [], [], [ 455#ifdef HAVE_SYS_TIME_H 456# include <sys/time.h> 457#endif 458#ifdef HAVE_SYS_TYPES_H 459# include <sys/types.h> 460#endif 461#ifdef HAVE_SYS_LABEL_H 462# include <sys/label.h> 463#endif 464]) 465 466# sys/capsicum.h requires sys/types.h 467AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ 468#ifdef HAVE_SYS_TYPES_H 469# include <sys/types.h> 470#endif 471]) 472 473# net/route.h requires sys/socket.h and sys/types.h. 474# sys/sysctl.h also requires sys/param.h 475AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 476#ifdef HAVE_SYS_TYPES_H 477# include <sys/types.h> 478#endif 479#include <sys/param.h> 480#include <sys/socket.h> 481]) 482 483# lastlog.h requires sys/time.h to be included first on Solaris 484AC_CHECK_HEADERS([lastlog.h], [], [], [ 485#ifdef HAVE_SYS_TIME_H 486# include <sys/time.h> 487#endif 488]) 489 490# sys/ptms.h requires sys/stream.h to be included first on Solaris 491AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 492#ifdef HAVE_SYS_STREAM_H 493# include <sys/stream.h> 494#endif 495]) 496 497# login_cap.h requires sys/types.h on NetBSD 498AC_CHECK_HEADERS([login_cap.h], [], [], [ 499#include <sys/types.h> 500]) 501 502# older BSDs need sys/param.h before sys/mount.h 503AC_CHECK_HEADERS([sys/mount.h], [], [], [ 504#include <sys/param.h> 505]) 506 507# Android requires sys/socket.h to be included before sys/un.h 508AC_CHECK_HEADERS([sys/un.h], [], [], [ 509#include <sys/types.h> 510#include <sys/socket.h> 511]) 512 513# Messages for features tested for in target-specific section 514SIA_MSG="no" 515SPC_MSG="no" 516SP_MSG="no" 517SPP_MSG="no" 518 519# Support for Solaris/Illumos privileges (this test is used by both 520# the --with-solaris-privs option and --with-sandbox=solaris). 521SOLARIS_PRIVS="no" 522 523AC_CHECK_SIZEOF([size_t]) 524 525# Check for some target-specific stuff 526case "$host" in 527*-*-aix*) 528 # Some versions of VAC won't allow macro redefinitions at 529 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 530 # particularly with older versions of vac or xlc. 531 # It also throws errors about null macro arguments, but these are 532 # not fatal. 533 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 534 AC_COMPILE_IFELSE( 535 [AC_LANG_PROGRAM([[ 536#define testmacro foo 537#define testmacro bar]], 538 [[ exit(0); ]])], 539 [ AC_MSG_RESULT([yes]) ], 540 [ AC_MSG_RESULT([no]) 541 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 542 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 543 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 544 ] 545 ) 546 547 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 548 if (test -z "$blibpath"); then 549 blibpath="/usr/lib:/lib" 550 fi 551 saved_LDFLAGS="$LDFLAGS" 552 if test "$GCC" = "yes"; then 553 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 554 else 555 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 556 fi 557 for tryflags in $flags ;do 558 if (test -z "$blibflags"); then 559 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 560 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 561 [blibflags=$tryflags], []) 562 fi 563 done 564 if (test -z "$blibflags"); then 565 AC_MSG_RESULT([not found]) 566 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 567 else 568 AC_MSG_RESULT([$blibflags]) 569 fi 570 LDFLAGS="$saved_LDFLAGS" 571 dnl Check for authenticate. Might be in libs.a on older AIXes 572 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 573 [Define if you want to enable AIX4's authenticate function])], 574 [AC_CHECK_LIB([s], [authenticate], 575 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 576 LIBS="$LIBS -ls" 577 ]) 578 ]) 579 dnl Check for various auth function declarations in headers. 580 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 581 passwdexpired, setauthdb], , , [#include <usersec.h>]) 582 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 583 AC_CHECK_DECLS([loginfailed], 584 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 585 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 586 [[ (void)loginfailed("user","host","tty",0); ]])], 587 [AC_MSG_RESULT([yes]) 588 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 589 [Define if your AIX loginfailed() function 590 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 591 ])], 592 [], 593 [#include <usersec.h>] 594 ) 595 AC_CHECK_FUNCS([getgrset setauthdb]) 596 AC_CHECK_DECL([F_CLOSEM], 597 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 598 [], 599 [ #include <limits.h> 600 #include <fcntl.h> ] 601 ) 602 check_for_aix_broken_getaddrinfo=1 603 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 604 [Define if your platform breaks doing a seteuid before a setuid]) 605 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 606 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 607 dnl AIX handles lastlog as part of its login message 608 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 609 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 610 [Some systems need a utmpx entry for /bin/login to work]) 611 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 612 [Define to a Set Process Title type if your system is 613 supported by bsd-setproctitle.c]) 614 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 615 [AIX 5.2 and 5.3 (and presumably newer) require this]) 616 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 617 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 618 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 619 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 620 ;; 621*-*-android*) 622 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 623 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 624 ;; 625*-*-cygwin*) 626 check_for_libcrypt_later=1 627 LIBS="$LIBS /usr/lib/textreadmode.o" 628 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 629 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 630 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 631 [Define to disable UID restoration test]) 632 AC_DEFINE([DISABLE_SHADOW], [1], 633 [Define if you want to disable shadow passwords]) 634 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 635 [Define if X11 doesn't support AF_UNIX sockets on that system]) 636 AC_DEFINE([DISABLE_FD_PASSING], [1], 637 [Define if your platform needs to skip post auth 638 file descriptor passing]) 639 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 640 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 641 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 642 # reasons which cause compile warnings, so we disable those warnings. 643 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 644 ;; 645*-*-dgux*) 646 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 647 [Define if your system choked on IP TOS setting]) 648 AC_DEFINE([SETEUID_BREAKS_SETUID]) 649 AC_DEFINE([BROKEN_SETREUID]) 650 AC_DEFINE([BROKEN_SETREGID]) 651 ;; 652*-*-darwin*) 653 use_pie=auto 654 AC_MSG_CHECKING([if we have working getaddrinfo]) 655 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h> 656main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 657 exit(0); 658 else 659 exit(1); 660} 661 ]])], 662 [AC_MSG_RESULT([working])], 663 [AC_MSG_RESULT([buggy]) 664 AC_DEFINE([BROKEN_GETADDRINFO], [1], 665 [getaddrinfo is broken (if present)]) 666 ], 667 [AC_MSG_RESULT([assume it is working])]) 668 AC_DEFINE([SETEUID_BREAKS_SETUID]) 669 AC_DEFINE([BROKEN_SETREUID]) 670 AC_DEFINE([BROKEN_SETREGID]) 671 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 672 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 673 [Define if your resolver libs need this for getrrsetbyname]) 674 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 675 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 676 [Use tunnel device compatibility to OpenBSD]) 677 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 678 [Prepend the address family to IP tunnel traffic]) 679 m4_pattern_allow([AU_IPv]) 680 AC_CHECK_DECL([AU_IPv4], [], 681 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 682 [#include <bsm/audit.h>] 683 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 684 [Define if pututxline updates lastlog too]) 685 ) 686 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 687 [Define to a Set Process Title type if your system is 688 supported by bsd-setproctitle.c]) 689 AC_CHECK_FUNCS([sandbox_init]) 690 AC_CHECK_HEADERS([sandbox.h]) 691 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 692 SSHDLIBS="$SSHDLIBS -lsandbox" 693 ]) 694 # proc_pidinfo()-based closefrom() replacement. 695 AC_CHECK_HEADERS([libproc.h]) 696 AC_CHECK_FUNCS([proc_pidinfo]) 697 ;; 698*-*-dragonfly*) 699 SSHDLIBS="$SSHDLIBS -lcrypt" 700 TEST_MALLOC_OPTIONS="AFGJPRX" 701 ;; 702*-*-haiku*) 703 LIBS="$LIBS -lbsd " 704 CFLAGS="$CFLAGS -D_BSD_SOURCE" 705 AC_CHECK_LIB([network], [socket]) 706 AC_DEFINE([HAVE_U_INT64_T]) 707 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 708 MANTYPE=man 709 ;; 710*-*-hpux*) 711 # first we define all of the options common to all HP-UX releases 712 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 713 IPADDR_IN_DISPLAY=yes 714 AC_DEFINE([USE_PIPES]) 715 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 716 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 717 [String used in /etc/passwd to denote locked account]) 718 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 719 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 720 maildir="/var/mail" 721 LIBS="$LIBS -lsec" 722 AC_CHECK_LIB([xnet], [t_error], , 723 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 724 725 # next, we define all of the options specific to major releases 726 case "$host" in 727 *-*-hpux10*) 728 if test -z "$GCC"; then 729 CFLAGS="$CFLAGS -Ae" 730 fi 731 ;; 732 *-*-hpux11*) 733 AC_DEFINE([PAM_SUN_CODEBASE], [1], 734 [Define if you are using Solaris-derived PAM which 735 passes pam_messages to the conversation function 736 with an extra level of indirection]) 737 AC_DEFINE([DISABLE_UTMP], [1], 738 [Define if you don't want to use utmp]) 739 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 740 check_for_hpux_broken_getaddrinfo=1 741 check_for_conflicting_getspnam=1 742 ;; 743 esac 744 745 # lastly, we define options specific to minor releases 746 case "$host" in 747 *-*-hpux10.26) 748 AC_DEFINE([HAVE_SECUREWARE], [1], 749 [Define if you have SecureWare-based 750 protected password database]) 751 disable_ptmx_check=yes 752 LIBS="$LIBS -lsecpw" 753 ;; 754 esac 755 ;; 756*-*-irix5*) 757 PATH="$PATH:/usr/etc" 758 AC_DEFINE([BROKEN_INET_NTOA], [1], 759 [Define if you system's inet_ntoa is busted 760 (e.g. Irix gcc issue)]) 761 AC_DEFINE([SETEUID_BREAKS_SETUID]) 762 AC_DEFINE([BROKEN_SETREUID]) 763 AC_DEFINE([BROKEN_SETREGID]) 764 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 765 [Define if you shouldn't strip 'tty' from your 766 ttyname in [uw]tmp]) 767 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 768 ;; 769*-*-irix6*) 770 PATH="$PATH:/usr/etc" 771 AC_DEFINE([WITH_IRIX_ARRAY], [1], 772 [Define if you have/want arrays 773 (cluster-wide session management, not C arrays)]) 774 AC_DEFINE([WITH_IRIX_PROJECT], [1], 775 [Define if you want IRIX project management]) 776 AC_DEFINE([WITH_IRIX_AUDIT], [1], 777 [Define if you want IRIX audit trails]) 778 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 779 [Define if you want IRIX kernel jobs])]) 780 AC_DEFINE([BROKEN_INET_NTOA]) 781 AC_DEFINE([SETEUID_BREAKS_SETUID]) 782 AC_DEFINE([BROKEN_SETREUID]) 783 AC_DEFINE([BROKEN_SETREGID]) 784 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 785 AC_DEFINE([WITH_ABBREV_NO_TTY]) 786 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 787 ;; 788*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 789 check_for_libcrypt_later=1 790 AC_DEFINE([PAM_TTY_KLUDGE]) 791 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 792 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 793 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 794 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 795 ;; 796*-*-linux*) 797 no_dev_ptmx=1 798 use_pie=auto 799 check_for_libcrypt_later=1 800 check_for_openpty_ctty_bug=1 801 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 802 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 803 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" 804 AC_DEFINE([PAM_TTY_KLUDGE], [1], 805 [Work around problematic Linux PAM modules handling of PAM_TTY]) 806 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 807 [String used in /etc/passwd to denote locked account]) 808 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 809 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 810 [Define to whatever link() returns for "not supported" 811 if it doesn't return EOPNOTSUPP.]) 812 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 813 AC_DEFINE([USE_BTMP]) 814 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 815 inet6_default_4in6=yes 816 case `uname -r` in 817 1.*|2.0.*) 818 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 819 [Define if cmsg_type is not passed correctly]) 820 ;; 821 esac 822 # tun(4) forwarding compat code 823 AC_CHECK_HEADERS([linux/if_tun.h]) 824 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 825 AC_DEFINE([SSH_TUN_LINUX], [1], 826 [Open tunnel devices the Linux tun/tap way]) 827 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 828 [Use tunnel device compatibility to OpenBSD]) 829 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 830 [Prepend the address family to IP tunnel traffic]) 831 fi 832 AC_CHECK_HEADER([linux/if.h], 833 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 834 [Support routing domains using Linux VRF]), [], [ 835#ifdef HAVE_SYS_TYPES_H 836# include <sys/types.h> 837#endif 838 ]) 839 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 840 [], [#include <linux/types.h>]) 841 # Obtain MIPS ABI 842 case "$host" in 843 mips*) 844 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 845#if _MIPS_SIM != _ABIO32 846#error 847#endif 848 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 849#if _MIPS_SIM != _ABIN32 850#error 851#endif 852 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 853#if _MIPS_SIM != _ABI64 854#error 855#endif 856 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 857 ]) 858 ]) 859 ]) 860 ;; 861 esac 862 AC_MSG_CHECKING([for seccomp architecture]) 863 seccomp_audit_arch= 864 case "$host" in 865 x86_64-*) 866 seccomp_audit_arch=AUDIT_ARCH_X86_64 867 # X32: AMD64 instructions in 32bit address space. 868 if test "x$ac_cv_sizeof_size_t" = "x4" ; then 869 seccomp_audit_arch=AUDIT_ARCH_I386 870 fi 871 ;; 872 i*86-*) 873 seccomp_audit_arch=AUDIT_ARCH_I386 874 ;; 875 arm*-*) 876 seccomp_audit_arch=AUDIT_ARCH_ARM 877 ;; 878 aarch64*-*) 879 seccomp_audit_arch=AUDIT_ARCH_AARCH64 880 ;; 881 s390x-*) 882 seccomp_audit_arch=AUDIT_ARCH_S390X 883 ;; 884 s390-*) 885 seccomp_audit_arch=AUDIT_ARCH_S390 886 ;; 887 powerpc64-*) 888 seccomp_audit_arch=AUDIT_ARCH_PPC64 889 ;; 890 powerpc64le-*) 891 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 892 ;; 893 mips-*) 894 seccomp_audit_arch=AUDIT_ARCH_MIPS 895 ;; 896 mipsel-*) 897 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 898 ;; 899 mips64-*) 900 case "$mips_abi" in 901 "n32") 902 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 903 ;; 904 "n64") 905 seccomp_audit_arch=AUDIT_ARCH_MIPS64 906 ;; 907 esac 908 ;; 909 mips64el-*) 910 case "$mips_abi" in 911 "n32") 912 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 913 ;; 914 "n64") 915 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 916 ;; 917 esac 918 ;; 919 riscv64-*) 920 seccomp_audit_arch=AUDIT_ARCH_RISCV64 921 ;; 922 esac 923 if test "x$seccomp_audit_arch" != "x" ; then 924 AC_MSG_RESULT(["$seccomp_audit_arch"]) 925 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 926 [Specify the system call convention in use]) 927 else 928 AC_MSG_RESULT([architecture not supported]) 929 fi 930 ;; 931mips-sony-bsd|mips-sony-newsos4) 932 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 933 SONY=1 934 ;; 935*-*-netbsd*) 936 check_for_libcrypt_before=1 937 if test "x$withval" != "xno" ; then 938 rpath_opt="-R" 939 fi 940 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 941 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 942 AC_CHECK_HEADER([net/if_tap.h], , 943 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 944 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 945 [Prepend the address family to IP tunnel traffic]) 946 TEST_MALLOC_OPTIONS="AJRX" 947 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 948 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 949 ;; 950*-*-freebsd*) 951 check_for_libcrypt_later=1 952 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 953 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 954 AC_CHECK_HEADER([net/if_tap.h], , 955 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 956 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 957 TEST_MALLOC_OPTIONS="AJRX" 958 # Preauth crypto occasionally uses file descriptors for crypto offload 959 # and will crash if they cannot be opened. 960 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 961 [define if setrlimit RLIMIT_NOFILE breaks things]) 962 ;; 963*-*-bsdi*) 964 AC_DEFINE([SETEUID_BREAKS_SETUID]) 965 AC_DEFINE([BROKEN_SETREUID]) 966 AC_DEFINE([BROKEN_SETREGID]) 967 ;; 968*-next-*) 969 conf_lastlog_location="/usr/adm/lastlog" 970 conf_utmp_location=/etc/utmp 971 conf_wtmp_location=/usr/adm/wtmp 972 maildir=/usr/spool/mail 973 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 974 AC_DEFINE([USE_PIPES]) 975 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 976 ;; 977*-*-openbsd*) 978 use_pie=auto 979 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 980 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 981 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 982 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 983 [syslog_r function is safe to use in in a signal handler]) 984 TEST_MALLOC_OPTIONS="AFGJPRX" 985 ;; 986*-*-solaris*) 987 if test "x$withval" != "xno" ; then 988 rpath_opt="-R" 989 fi 990 AC_DEFINE([PAM_SUN_CODEBASE]) 991 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 992 AC_DEFINE([PAM_TTY_KLUDGE]) 993 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 994 [Define if pam_chauthtok wants real uid set 995 to the unpriv'ed user]) 996 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 997 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 998 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 999 [Define if sshd somehow reacquires a controlling TTY 1000 after setsid()]) 1001 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1002 in case the name is longer than 8 chars]) 1003 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1004 external_path_file=/etc/default/login 1005 # hardwire lastlog location (can't detect it on some versions) 1006 conf_lastlog_location="/var/adm/lastlog" 1007 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1008 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1009 if test "$sol2ver" -ge 8; then 1010 AC_MSG_RESULT([yes]) 1011 AC_DEFINE([DISABLE_UTMP]) 1012 AC_DEFINE([DISABLE_WTMP], [1], 1013 [Define if you don't want to use wtmp]) 1014 else 1015 AC_MSG_RESULT([no]) 1016 fi 1017 AC_CHECK_FUNCS([setpflags]) 1018 AC_CHECK_FUNCS([setppriv]) 1019 AC_CHECK_FUNCS([priv_basicset]) 1020 AC_CHECK_HEADERS([priv.h]) 1021 AC_ARG_WITH([solaris-contracts], 1022 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1023 [ 1024 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1025 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1026 [Define if you have Solaris process contracts]) 1027 LIBS="$LIBS -lcontract" 1028 SPC_MSG="yes" ], ) 1029 ], 1030 ) 1031 AC_ARG_WITH([solaris-projects], 1032 [ --with-solaris-projects Enable Solaris projects (experimental)], 1033 [ 1034 AC_CHECK_LIB([project], [setproject], 1035 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1036 [Define if you have Solaris projects]) 1037 LIBS="$LIBS -lproject" 1038 SP_MSG="yes" ], ) 1039 ], 1040 ) 1041 AC_ARG_WITH([solaris-privs], 1042 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1043 [ 1044 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1045 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1046 "x$ac_cv_header_priv_h" = "xyes" ; then 1047 SOLARIS_PRIVS=yes 1048 AC_MSG_RESULT([found]) 1049 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1050 [Define to disable UID restoration test]) 1051 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1052 [Define if you have Solaris privileges]) 1053 SPP_MSG="yes" 1054 else 1055 AC_MSG_RESULT([not found]) 1056 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1057 fi 1058 ], 1059 ) 1060 TEST_SHELL=$SHELL # let configure find us a capable shell 1061 ;; 1062*-*-sunos4*) 1063 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1064 AC_CHECK_FUNCS([getpwanam]) 1065 AC_DEFINE([PAM_SUN_CODEBASE]) 1066 conf_utmp_location=/etc/utmp 1067 conf_wtmp_location=/var/adm/wtmp 1068 conf_lastlog_location=/var/adm/lastlog 1069 AC_DEFINE([USE_PIPES]) 1070 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1071 ;; 1072*-ncr-sysv*) 1073 LIBS="$LIBS -lc89" 1074 AC_DEFINE([USE_PIPES]) 1075 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1076 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1077 AC_DEFINE([BROKEN_SETREUID]) 1078 AC_DEFINE([BROKEN_SETREGID]) 1079 ;; 1080*-sni-sysv*) 1081 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1082 AC_CHECK_LIB([dl], [dlsym], ,) 1083 # -lresolv needs to be at the end of LIBS or DNS lookups break 1084 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1085 IPADDR_IN_DISPLAY=yes 1086 AC_DEFINE([USE_PIPES]) 1087 AC_DEFINE([IP_TOS_IS_BROKEN]) 1088 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1089 AC_DEFINE([BROKEN_SETREUID]) 1090 AC_DEFINE([BROKEN_SETREGID]) 1091 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1092 external_path_file=/etc/default/login 1093 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1094 # Attention: always take care to bind libsocket and libnsl before libc, 1095 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1096 ;; 1097# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1098*-*-sysv4.2*) 1099 AC_DEFINE([USE_PIPES]) 1100 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1101 AC_DEFINE([BROKEN_SETREUID]) 1102 AC_DEFINE([BROKEN_SETREGID]) 1103 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1104 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1105 TEST_SHELL=$SHELL # let configure find us a capable shell 1106 ;; 1107# UnixWare 7.x, OpenUNIX 8 1108*-*-sysv5*) 1109 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1110 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1111 AC_DEFINE([USE_PIPES]) 1112 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1113 AC_DEFINE([BROKEN_GETADDRINFO]) 1114 AC_DEFINE([BROKEN_SETREUID]) 1115 AC_DEFINE([BROKEN_SETREGID]) 1116 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1117 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1118 TEST_SHELL=$SHELL # let configure find us a capable shell 1119 check_for_libcrypt_later=1 1120 case "$host" in 1121 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1122 maildir=/var/spool/mail 1123 AC_DEFINE([BROKEN_UPDWTMPX]) 1124 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1125 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1126 ], , ) 1127 ;; 1128 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1129 ;; 1130 esac 1131 ;; 1132*-*-sysv*) 1133 ;; 1134# SCO UNIX and OEM versions of SCO UNIX 1135*-*-sco3.2v4*) 1136 AC_MSG_ERROR("This Platform is no longer supported.") 1137 ;; 1138# SCO OpenServer 5.x 1139*-*-sco3.2v5*) 1140 if test -z "$GCC"; then 1141 CFLAGS="$CFLAGS -belf" 1142 fi 1143 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1144 no_dev_ptmx=1 1145 AC_DEFINE([USE_PIPES]) 1146 AC_DEFINE([HAVE_SECUREWARE]) 1147 AC_DEFINE([DISABLE_SHADOW]) 1148 AC_DEFINE([DISABLE_FD_PASSING]) 1149 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1150 AC_DEFINE([BROKEN_GETADDRINFO]) 1151 AC_DEFINE([BROKEN_SETREUID]) 1152 AC_DEFINE([BROKEN_SETREGID]) 1153 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1154 AC_DEFINE([BROKEN_UPDWTMPX]) 1155 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1156 AC_CHECK_FUNCS([getluid setluid]) 1157 MANTYPE=man 1158 TEST_SHELL=$SHELL # let configure find us a capable shell 1159 SKIP_DISABLE_LASTLOG_DEFINE=yes 1160 ;; 1161*-dec-osf*) 1162 AC_MSG_CHECKING([for Digital Unix SIA]) 1163 no_osfsia="" 1164 AC_ARG_WITH([osfsia], 1165 [ --with-osfsia Enable Digital Unix SIA], 1166 [ 1167 if test "x$withval" = "xno" ; then 1168 AC_MSG_RESULT([disabled]) 1169 no_osfsia=1 1170 fi 1171 ], 1172 ) 1173 if test -z "$no_osfsia" ; then 1174 if test -f /etc/sia/matrix.conf; then 1175 AC_MSG_RESULT([yes]) 1176 AC_DEFINE([HAVE_OSF_SIA], [1], 1177 [Define if you have Digital Unix Security 1178 Integration Architecture]) 1179 AC_DEFINE([DISABLE_LOGIN], [1], 1180 [Define if you don't want to use your 1181 system's login() call]) 1182 AC_DEFINE([DISABLE_FD_PASSING]) 1183 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1184 SIA_MSG="yes" 1185 else 1186 AC_MSG_RESULT([no]) 1187 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1188 [String used in /etc/passwd to denote locked account]) 1189 fi 1190 fi 1191 AC_DEFINE([BROKEN_GETADDRINFO]) 1192 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1193 AC_DEFINE([BROKEN_SETREUID]) 1194 AC_DEFINE([BROKEN_SETREGID]) 1195 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1196 ;; 1197 1198*-*-nto-qnx*) 1199 AC_DEFINE([USE_PIPES]) 1200 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1201 AC_DEFINE([DISABLE_LASTLOG]) 1202 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1203 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1204 enable_etc_default_login=no # has incompatible /etc/default/login 1205 case "$host" in 1206 *-*-nto-qnx6*) 1207 AC_DEFINE([DISABLE_FD_PASSING]) 1208 ;; 1209 esac 1210 ;; 1211 1212*-*-ultrix*) 1213 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1214 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1215 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1216 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1217 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1218 # don't get a controlling tty. 1219 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1220 # On Ultrix some headers are not protected against multiple includes, 1221 # so we create wrappers and put it where the compiler will find it. 1222 AC_MSG_WARN([creating compat wrappers for headers]) 1223 mkdir -p netinet 1224 for header in netinet/ip.h netdb.h resolv.h; do 1225 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1226 cat >$header <<EOD 1227#ifndef _SSH_COMPAT_${name} 1228#define _SSH_COMPAT_${name} 1229#include "/usr/include/${header}" 1230#endif 1231EOD 1232 done 1233 ;; 1234 1235*-*-lynxos) 1236 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1237 AC_DEFINE([BROKEN_SETVBUF], [1], 1238 [LynxOS has broken setvbuf() implementation]) 1239 ;; 1240esac 1241 1242AC_MSG_CHECKING([compiler and flags for sanity]) 1243AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], 1244 [ AC_MSG_RESULT([yes]) ], 1245 [ 1246 AC_MSG_RESULT([no]) 1247 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1248 ], 1249 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1250) 1251 1252dnl Checks for header files. 1253# Checks for libraries. 1254AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1255 1256dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1257AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1258 AC_CHECK_LIB([gen], [dirname], [ 1259 AC_CACHE_CHECK([for broken dirname], 1260 ac_cv_have_broken_dirname, [ 1261 save_LIBS="$LIBS" 1262 LIBS="$LIBS -lgen" 1263 AC_RUN_IFELSE( 1264 [AC_LANG_SOURCE([[ 1265#include <libgen.h> 1266#include <string.h> 1267 1268int main(int argc, char **argv) { 1269 char *s, buf[32]; 1270 1271 strncpy(buf,"/etc", 32); 1272 s = dirname(buf); 1273 if (!s || strncmp(s, "/", 32) != 0) { 1274 exit(1); 1275 } else { 1276 exit(0); 1277 } 1278} 1279 ]])], 1280 [ ac_cv_have_broken_dirname="no" ], 1281 [ ac_cv_have_broken_dirname="yes" ], 1282 [ ac_cv_have_broken_dirname="no" ], 1283 ) 1284 LIBS="$save_LIBS" 1285 ]) 1286 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1287 LIBS="$LIBS -lgen" 1288 AC_DEFINE([HAVE_DIRNAME]) 1289 AC_CHECK_HEADERS([libgen.h]) 1290 fi 1291 ]) 1292]) 1293 1294AC_CHECK_FUNC([getspnam], , 1295 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1296AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1297 [Define if you have the basename function.])]) 1298 1299dnl zlib defaults to enabled 1300zlib=yes 1301AC_ARG_WITH([zlib], 1302 [ --with-zlib=PATH Use zlib in PATH], 1303 [ if test "x$withval" = "xno" ; then 1304 zlib=no 1305 elif test "x$withval" != "xyes"; then 1306 if test -d "$withval/lib"; then 1307 if test -n "${rpath_opt}"; then 1308 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1309 else 1310 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1311 fi 1312 else 1313 if test -n "${rpath_opt}"; then 1314 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1315 else 1316 LDFLAGS="-L${withval} ${LDFLAGS}" 1317 fi 1318 fi 1319 if test -d "$withval/include"; then 1320 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1321 else 1322 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1323 fi 1324 fi ] 1325) 1326 1327AC_MSG_CHECKING([for zlib]) 1328if test "x${zlib}" = "xno"; then 1329 AC_MSG_RESULT([no]) 1330else 1331 AC_MSG_RESULT([yes]) 1332 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1333 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1334 AC_CHECK_LIB([z], [deflate], , 1335 [ 1336 saved_CPPFLAGS="$CPPFLAGS" 1337 saved_LDFLAGS="$LDFLAGS" 1338 save_LIBS="$LIBS" 1339 dnl Check default zlib install dir 1340 if test -n "${rpath_opt}"; then 1341 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1342 else 1343 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1344 fi 1345 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1346 LIBS="$LIBS -lz" 1347 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1348 [ 1349 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1350 ] 1351 ) 1352 ] 1353 ) 1354 1355 AC_ARG_WITH([zlib-version-check], 1356 [ --without-zlib-version-check Disable zlib version check], 1357 [ if test "x$withval" = "xno" ; then 1358 zlib_check_nonfatal=1 1359 fi 1360 ] 1361 ) 1362 1363 AC_MSG_CHECKING([for possibly buggy zlib]) 1364 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1365#include <stdio.h> 1366#include <stdlib.h> 1367#include <zlib.h> 1368 ]], 1369 [[ 1370 int a=0, b=0, c=0, d=0, n, v; 1371 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1372 if (n != 3 && n != 4) 1373 exit(1); 1374 v = a*1000000 + b*10000 + c*100 + d; 1375 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1376 1377 /* 1.1.4 is OK */ 1378 if (a == 1 && b == 1 && c >= 4) 1379 exit(0); 1380 1381 /* 1.2.3 and up are OK */ 1382 if (v >= 1020300) 1383 exit(0); 1384 1385 exit(2); 1386 ]])], 1387 AC_MSG_RESULT([no]), 1388 [ AC_MSG_RESULT([yes]) 1389 if test -z "$zlib_check_nonfatal" ; then 1390 AC_MSG_ERROR([*** zlib too old - check config.log *** 1391Your reported zlib version has known security problems. It's possible your 1392vendor has fixed these problems without changing the version number. If you 1393are sure this is the case, you can disable the check by running 1394"./configure --without-zlib-version-check". 1395If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1396See http://www.gzip.org/zlib/ for details.]) 1397 else 1398 AC_MSG_WARN([zlib version may have security problems]) 1399 fi 1400 ], 1401 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1402 ) 1403fi 1404 1405dnl UnixWare 2.x 1406AC_CHECK_FUNC([strcasecmp], 1407 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1408) 1409AC_CHECK_FUNCS([utimes], 1410 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1411 LIBS="$LIBS -lc89"]) ] 1412) 1413 1414dnl Checks for libutil functions 1415AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1416AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1417AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1418AC_SEARCH_LIBS([login], [util bsd]) 1419AC_SEARCH_LIBS([logout], [util bsd]) 1420AC_SEARCH_LIBS([logwtmp], [util bsd]) 1421AC_SEARCH_LIBS([openpty], [util bsd]) 1422AC_SEARCH_LIBS([updwtmp], [util bsd]) 1423AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1424 1425# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1426# or libnsl. 1427AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1428AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1429 1430# "Particular Function Checks" 1431# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1432AC_FUNC_STRFTIME 1433AC_FUNC_MALLOC 1434AC_FUNC_REALLOC 1435# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1436AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1437AC_RUN_IFELSE( 1438 [AC_LANG_PROGRAM( 1439 [[ #include <stdlib.h> ]], 1440 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1441 )], 1442 [ func_calloc_0_nonnull=yes ], 1443 [ func_calloc_0_nonnull=no ], 1444 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1445 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1446) 1447AC_MSG_RESULT([$func_calloc_0_nonnull]) 1448 1449if test "x$func_calloc_0_nonnull" = "xyes"; then 1450 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1451else 1452 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1453 AC_DEFINE(calloc, rpl_calloc, 1454 [Define to rpl_calloc if the replacement function should be used.]) 1455fi 1456 1457# Check for ALTDIRFUNC glob() extension 1458AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1459AC_EGREP_CPP([FOUNDIT], 1460 [ 1461 #include <glob.h> 1462 #ifdef GLOB_ALTDIRFUNC 1463 FOUNDIT 1464 #endif 1465 ], 1466 [ 1467 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1468 [Define if your system glob() function has 1469 the GLOB_ALTDIRFUNC extension]) 1470 AC_MSG_RESULT([yes]) 1471 ], 1472 [ 1473 AC_MSG_RESULT([no]) 1474 ] 1475) 1476 1477# Check for g.gl_matchc glob() extension 1478AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1479AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1480 [[ glob_t g; g.gl_matchc = 1; ]])], 1481 [ 1482 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1483 [Define if your system glob() function has 1484 gl_matchc options in glob_t]) 1485 AC_MSG_RESULT([yes]) 1486 ], [ 1487 AC_MSG_RESULT([no]) 1488]) 1489 1490# Check for g.gl_statv glob() extension 1491AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1492AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1493#ifndef GLOB_KEEPSTAT 1494#error "glob does not support GLOB_KEEPSTAT extension" 1495#endif 1496glob_t g; 1497g.gl_statv = NULL; 1498]])], 1499 [ 1500 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1501 [Define if your system glob() function has 1502 gl_statv options in glob_t]) 1503 AC_MSG_RESULT([yes]) 1504 ], [ 1505 AC_MSG_RESULT([no]) 1506 1507]) 1508 1509AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1510 1511AC_CHECK_DECL([VIS_ALL], , 1512 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1513 1514AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1515AC_RUN_IFELSE( 1516 [AC_LANG_PROGRAM([[ 1517#include <sys/types.h> 1518#include <dirent.h>]], 1519 [[ 1520 struct dirent d; 1521 exit(sizeof(d.d_name)<=sizeof(char)); 1522 ]])], 1523 [AC_MSG_RESULT([yes])], 1524 [ 1525 AC_MSG_RESULT([no]) 1526 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1527 [Define if your struct dirent expects you to 1528 allocate extra space for d_name]) 1529 ], 1530 [ 1531 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1532 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1533 ] 1534) 1535 1536AC_MSG_CHECKING([for /proc/pid/fd directory]) 1537if test -d "/proc/$$/fd" ; then 1538 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1539 AC_MSG_RESULT([yes]) 1540else 1541 AC_MSG_RESULT([no]) 1542fi 1543 1544# Check whether user wants to use ldns 1545LDNS_MSG="no" 1546AC_ARG_WITH(ldns, 1547 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1548 [ 1549 ldns="" 1550 if test "x$withval" = "xyes" ; then 1551 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1552 if test "x$LDNSCONFIG" = "xno"; then 1553 LIBS="-lldns $LIBS" 1554 ldns=yes 1555 else 1556 LIBS="$LIBS `$LDNSCONFIG --libs`" 1557 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1558 ldns=yes 1559 fi 1560 elif test "x$withval" != "xno" ; then 1561 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1562 LDFLAGS="$LDFLAGS -L${withval}/lib" 1563 LIBS="-lldns $LIBS" 1564 ldns=yes 1565 fi 1566 1567 # Verify that it works. 1568 if test "x$ldns" = "xyes" ; then 1569 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1570 LDNS_MSG="yes" 1571 AC_MSG_CHECKING([for ldns support]) 1572 AC_LINK_IFELSE( 1573 [AC_LANG_SOURCE([[ 1574#include <stdio.h> 1575#include <stdlib.h> 1576#ifdef HAVE_STDINT_H 1577# include <stdint.h> 1578#endif 1579#include <ldns/ldns.h> 1580int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1581 ]]) 1582 ], 1583 [AC_MSG_RESULT(yes)], 1584 [ 1585 AC_MSG_RESULT(no) 1586 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1587 ]) 1588 fi 1589]) 1590 1591# Check whether user wants libedit support 1592LIBEDIT_MSG="no" 1593AC_ARG_WITH([libedit], 1594 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1595 [ if test "x$withval" != "xno" ; then 1596 if test "x$withval" = "xyes" ; then 1597 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1598 if test "x$PKGCONFIG" != "xno"; then 1599 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1600 if "$PKGCONFIG" libedit; then 1601 AC_MSG_RESULT([yes]) 1602 use_pkgconfig_for_libedit=yes 1603 else 1604 AC_MSG_RESULT([no]) 1605 fi 1606 fi 1607 else 1608 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1609 if test -n "${rpath_opt}"; then 1610 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1611 else 1612 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1613 fi 1614 fi 1615 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1616 LIBEDIT=`$PKGCONFIG --libs libedit` 1617 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1618 else 1619 LIBEDIT="-ledit -lcurses" 1620 fi 1621 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1622 AC_CHECK_LIB([edit], [el_init], 1623 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1624 LIBEDIT_MSG="yes" 1625 AC_SUBST([LIBEDIT]) 1626 ], 1627 [ AC_MSG_ERROR([libedit not found]) ], 1628 [ $OTHERLIBS ] 1629 ) 1630 AC_MSG_CHECKING([if libedit version is compatible]) 1631 AC_COMPILE_IFELSE( 1632 [AC_LANG_PROGRAM([[ #include <histedit.h> ]], 1633 [[ 1634 int i = H_SETSIZE; 1635 el_init("", NULL, NULL, NULL); 1636 exit(0); 1637 ]])], 1638 [ AC_MSG_RESULT([yes]) ], 1639 [ AC_MSG_RESULT([no]) 1640 AC_MSG_ERROR([libedit version is not compatible]) ] 1641 ) 1642 fi ] 1643) 1644 1645AUDIT_MODULE=none 1646AC_ARG_WITH([audit], 1647 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1648 [ 1649 AC_MSG_CHECKING([for supported audit module]) 1650 case "$withval" in 1651 bsm) 1652 AC_MSG_RESULT([bsm]) 1653 AUDIT_MODULE=bsm 1654 dnl Checks for headers, libs and functions 1655 AC_CHECK_HEADERS([bsm/audit.h], [], 1656 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1657 [ 1658#ifdef HAVE_TIME_H 1659# include <time.h> 1660#endif 1661 ] 1662) 1663 AC_CHECK_LIB([bsm], [getaudit], [], 1664 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1665 AC_CHECK_FUNCS([getaudit], [], 1666 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1667 # These are optional 1668 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1669 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1670 if test "$sol2ver" -ge 11; then 1671 SSHDLIBS="$SSHDLIBS -lscf" 1672 AC_DEFINE([BROKEN_BSM_API], [1], 1673 [The system has incomplete BSM API]) 1674 fi 1675 ;; 1676 linux) 1677 AC_MSG_RESULT([linux]) 1678 AUDIT_MODULE=linux 1679 dnl Checks for headers, libs and functions 1680 AC_CHECK_HEADERS([libaudit.h]) 1681 SSHDLIBS="$SSHDLIBS -laudit" 1682 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1683 ;; 1684 debug) 1685 AUDIT_MODULE=debug 1686 AC_MSG_RESULT([debug]) 1687 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1688 ;; 1689 no) 1690 AC_MSG_RESULT([no]) 1691 ;; 1692 *) 1693 AC_MSG_ERROR([Unknown audit module $withval]) 1694 ;; 1695 esac ] 1696) 1697 1698AC_ARG_WITH([pie], 1699 [ --with-pie Build Position Independent Executables if possible], [ 1700 if test "x$withval" = "xno"; then 1701 use_pie=no 1702 fi 1703 if test "x$withval" = "xyes"; then 1704 use_pie=yes 1705 fi 1706 ] 1707) 1708if test "x$use_pie" = "x"; then 1709 use_pie=no 1710fi 1711if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1712 # Turn off automatic PIE when toolchain hardening is off. 1713 use_pie=no 1714fi 1715if test "x$use_pie" = "xauto"; then 1716 # Automatic PIE requires gcc >= 4.x 1717 AC_MSG_CHECKING([for gcc >= 4.x]) 1718 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1719#if !defined(__GNUC__) || __GNUC__ < 4 1720#error gcc is too old 1721#endif 1722]])], 1723 [ AC_MSG_RESULT([yes]) ], 1724 [ AC_MSG_RESULT([no]) 1725 use_pie=no ] 1726) 1727fi 1728if test "x$use_pie" != "xno"; then 1729 SAVED_CFLAGS="$CFLAGS" 1730 SAVED_LDFLAGS="$LDFLAGS" 1731 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1732 OSSH_CHECK_LDFLAG_LINK([-pie]) 1733 # We use both -fPIE and -pie or neither. 1734 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1735 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1736 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1737 AC_MSG_RESULT([yes]) 1738 else 1739 AC_MSG_RESULT([no]) 1740 CFLAGS="$SAVED_CFLAGS" 1741 LDFLAGS="$SAVED_LDFLAGS" 1742 fi 1743fi 1744 1745AC_MSG_CHECKING([whether -fPIC is accepted]) 1746SAVED_CFLAGS="$CFLAGS" 1747CFLAGS="$CFLAGS -fPIC" 1748AC_COMPILE_IFELSE( 1749 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1750 [AC_MSG_RESULT([yes]) 1751 PICFLAG="-fPIC"; ], 1752 [AC_MSG_RESULT([no]) 1753 PICFLAG=""; ]) 1754CFLAGS="$SAVED_CFLAGS" 1755AC_SUBST([PICFLAG]) 1756 1757dnl Checks for library functions. Please keep in alphabetical order 1758AC_CHECK_FUNCS([ \ 1759 Blowfish_initstate \ 1760 Blowfish_expandstate \ 1761 Blowfish_expand0state \ 1762 Blowfish_stream2word \ 1763 SHA256Update \ 1764 SHA384Update \ 1765 SHA512Update \ 1766 asprintf \ 1767 b64_ntop \ 1768 __b64_ntop \ 1769 b64_pton \ 1770 __b64_pton \ 1771 bcopy \ 1772 bcrypt_pbkdf \ 1773 bindresvport_sa \ 1774 blf_enc \ 1775 bzero \ 1776 cap_rights_limit \ 1777 clock \ 1778 closefrom \ 1779 dirfd \ 1780 endgrent \ 1781 err \ 1782 errx \ 1783 explicit_bzero \ 1784 fchmod \ 1785 fchmodat \ 1786 fchown \ 1787 fchownat \ 1788 flock \ 1789 fnmatch \ 1790 freeaddrinfo \ 1791 freezero \ 1792 fstatfs \ 1793 fstatvfs \ 1794 futimes \ 1795 getaddrinfo \ 1796 getcwd \ 1797 getgrouplist \ 1798 getline \ 1799 getnameinfo \ 1800 getopt \ 1801 getpagesize \ 1802 getpeereid \ 1803 getpeerucred \ 1804 getpgid \ 1805 _getpty \ 1806 getrlimit \ 1807 getrandom \ 1808 getsid \ 1809 getttyent \ 1810 glob \ 1811 group_from_gid \ 1812 inet_aton \ 1813 inet_ntoa \ 1814 inet_ntop \ 1815 innetgr \ 1816 llabs \ 1817 localtime_r \ 1818 login_getcapbool \ 1819 md5_crypt \ 1820 memmem \ 1821 memmove \ 1822 memset_s \ 1823 mkdtemp \ 1824 ngetaddrinfo \ 1825 nsleep \ 1826 ogetaddrinfo \ 1827 openlog_r \ 1828 pledge \ 1829 poll \ 1830 prctl \ 1831 pstat \ 1832 raise \ 1833 readpassphrase \ 1834 reallocarray \ 1835 realpath \ 1836 recvmsg \ 1837 recallocarray \ 1838 rresvport_af \ 1839 sendmsg \ 1840 setdtablesize \ 1841 setegid \ 1842 setenv \ 1843 seteuid \ 1844 setgroupent \ 1845 setgroups \ 1846 setlinebuf \ 1847 setlogin \ 1848 setpassent\ 1849 setpcred \ 1850 setproctitle \ 1851 setregid \ 1852 setreuid \ 1853 setrlimit \ 1854 setsid \ 1855 setvbuf \ 1856 sigaction \ 1857 sigvec \ 1858 snprintf \ 1859 socketpair \ 1860 statfs \ 1861 statvfs \ 1862 strcasestr \ 1863 strdup \ 1864 strerror \ 1865 strlcat \ 1866 strlcpy \ 1867 strmode \ 1868 strndup \ 1869 strnlen \ 1870 strnvis \ 1871 strptime \ 1872 strsignal \ 1873 strtonum \ 1874 strtoll \ 1875 strtoul \ 1876 strtoull \ 1877 swap32 \ 1878 sysconf \ 1879 tcgetpgrp \ 1880 timingsafe_bcmp \ 1881 truncate \ 1882 unsetenv \ 1883 updwtmpx \ 1884 utimensat \ 1885 user_from_uid \ 1886 usleep \ 1887 vasprintf \ 1888 vsnprintf \ 1889 waitpid \ 1890 warn \ 1891]) 1892 1893AC_CHECK_DECLS([bzero, memmem]) 1894 1895dnl Wide character support. 1896AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1897 1898TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 1899AC_MSG_CHECKING([for utf8 locale support]) 1900AC_RUN_IFELSE( 1901 [AC_LANG_PROGRAM([[ 1902#include <locale.h> 1903#include <stdlib.h> 1904 ]], [[ 1905 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 1906 if (loc != NULL) 1907 exit(0); 1908 exit(1); 1909 ]])], 1910 AC_MSG_RESULT(yes), 1911 [AC_MSG_RESULT(no) 1912 TEST_SSH_UTF8=no], 1913 AC_MSG_WARN([cross compiling: assuming yes]) 1914) 1915 1916AC_LINK_IFELSE( 1917 [AC_LANG_PROGRAM( 1918 [[ #include <ctype.h> ]], 1919 [[ return (isblank('a')); ]])], 1920 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1921]) 1922 1923disable_pkcs11= 1924AC_ARG_ENABLE([pkcs11], 1925 [ --disable-pkcs11 disable PKCS#11 support code [no]], 1926 [ 1927 if test "x$enableval" = "xno" ; then 1928 disable_pkcs11=1 1929 fi 1930 ] 1931) 1932 1933disable_sk= 1934AC_ARG_ENABLE([security-key], 1935 [ --disable-security-key disable U2F/FIDO support code [no]], 1936 [ 1937 if test "x$enableval" = "xno" ; then 1938 disable_sk=1 1939 fi 1940 ] 1941) 1942enable_sk_internal= 1943AC_ARG_WITH([security-key-builtin], 1944 [ --with-security-key-builtin include builtin U2F/FIDO support], 1945 [ 1946 if test "x$withval" != "xno" ; then 1947 enable_sk_internal=yes 1948 fi 1949 ] 1950) 1951test "x$disable_sk" != "x" && enable_sk_internal="" 1952 1953AC_SEARCH_LIBS([dlopen], [dl]) 1954AC_CHECK_FUNCS([dlopen]) 1955AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 1956 1957# IRIX has a const char return value for gai_strerror() 1958AC_CHECK_FUNCS([gai_strerror], [ 1959 AC_DEFINE([HAVE_GAI_STRERROR]) 1960 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1961#include <sys/types.h> 1962#include <sys/socket.h> 1963#include <netdb.h> 1964 1965const char *gai_strerror(int); 1966 ]], [[ 1967 char *str; 1968 str = gai_strerror(0); 1969 ]])], [ 1970 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1971 [Define if gai_strerror() returns const char *])], [])]) 1972 1973AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1974 [Some systems put nanosleep outside of libc])]) 1975 1976AC_SEARCH_LIBS([clock_gettime], [rt], 1977 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1978 1979dnl check if we need -D_REENTRANT for localtime_r declaration. 1980AC_CHECK_DECL([localtime_r], [], 1981 [ saved_CPPFLAGS="$CFLAGS" 1982 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 1983 unset ac_cv_have_decl_localtime_r 1984 AC_CHECK_DECL([localtime_r], [], 1985 [ CPPFLAGS="$saved_CPPFLAGS" ], 1986 [ #include <time.h> ] 1987 ) 1988 ], 1989 [ #include <time.h> ] 1990) 1991 1992dnl Make sure prototypes are defined for these before using them. 1993AC_CHECK_DECL([strsep], 1994 [AC_CHECK_FUNCS([strsep])], 1995 [], 1996 [ 1997#ifdef HAVE_STRING_H 1998# include <string.h> 1999#endif 2000 ]) 2001 2002dnl tcsendbreak might be a macro 2003AC_CHECK_DECL([tcsendbreak], 2004 [AC_DEFINE([HAVE_TCSENDBREAK])], 2005 [AC_CHECK_FUNCS([tcsendbreak])], 2006 [#include <termios.h>] 2007) 2008 2009AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2010 2011AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2012 [ 2013#include <sys/types.h> 2014#include <sys/socket.h> 2015#include <unistd.h> 2016 ]) 2017 2018AC_CHECK_DECLS([O_NONBLOCK], , , 2019 [ 2020#include <sys/types.h> 2021#ifdef HAVE_SYS_STAT_H 2022# include <sys/stat.h> 2023#endif 2024#ifdef HAVE_FCNTL_H 2025# include <fcntl.h> 2026#endif 2027 ]) 2028 2029AC_CHECK_DECLS([readv, writev], , , [ 2030#include <sys/types.h> 2031#include <sys/uio.h> 2032#include <unistd.h> 2033 ]) 2034 2035AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2036#include <sys/param.h> 2037 ]) 2038 2039AC_CHECK_DECLS([offsetof], , , [ 2040#include <stddef.h> 2041 ]) 2042 2043# extra bits for select(2) 2044AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2045#include <sys/param.h> 2046#include <sys/types.h> 2047#ifdef HAVE_SYS_SYSMACROS_H 2048#include <sys/sysmacros.h> 2049#endif 2050#ifdef HAVE_SYS_SELECT_H 2051#include <sys/select.h> 2052#endif 2053#ifdef HAVE_SYS_TIME_H 2054#include <sys/time.h> 2055#endif 2056#ifdef HAVE_UNISTD_H 2057#include <unistd.h> 2058#endif 2059 ]]) 2060AC_CHECK_TYPES([fd_mask], [], [], [[ 2061#include <sys/param.h> 2062#include <sys/types.h> 2063#ifdef HAVE_SYS_SELECT_H 2064#include <sys/select.h> 2065#endif 2066#ifdef HAVE_SYS_TIME_H 2067#include <sys/time.h> 2068#endif 2069#ifdef HAVE_UNISTD_H 2070#include <unistd.h> 2071#endif 2072 ]]) 2073 2074AC_CHECK_FUNCS([setresuid], [ 2075 dnl Some platorms have setresuid that isn't implemented, test for this 2076 AC_MSG_CHECKING([if setresuid seems to work]) 2077 AC_RUN_IFELSE( 2078 [AC_LANG_PROGRAM([[ 2079#include <stdlib.h> 2080#include <errno.h> 2081 ]], [[ 2082 errno=0; 2083 setresuid(0,0,0); 2084 if (errno==ENOSYS) 2085 exit(1); 2086 else 2087 exit(0); 2088 ]])], 2089 [AC_MSG_RESULT([yes])], 2090 [AC_DEFINE([BROKEN_SETRESUID], [1], 2091 [Define if your setresuid() is broken]) 2092 AC_MSG_RESULT([not implemented])], 2093 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2094 ) 2095]) 2096 2097AC_CHECK_FUNCS([setresgid], [ 2098 dnl Some platorms have setresgid that isn't implemented, test for this 2099 AC_MSG_CHECKING([if setresgid seems to work]) 2100 AC_RUN_IFELSE( 2101 [AC_LANG_PROGRAM([[ 2102#include <stdlib.h> 2103#include <errno.h> 2104 ]], [[ 2105 errno=0; 2106 setresgid(0,0,0); 2107 if (errno==ENOSYS) 2108 exit(1); 2109 else 2110 exit(0); 2111 ]])], 2112 [AC_MSG_RESULT([yes])], 2113 [AC_DEFINE([BROKEN_SETRESGID], [1], 2114 [Define if your setresgid() is broken]) 2115 AC_MSG_RESULT([not implemented])], 2116 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2117 ) 2118]) 2119 2120AC_MSG_CHECKING([for working fflush(NULL)]) 2121AC_RUN_IFELSE( 2122 [AC_LANG_PROGRAM([[#include <stdio.h>]], [[fflush(NULL); exit(0);]])], 2123 AC_MSG_RESULT([yes]), 2124 [AC_MSG_RESULT([no]) 2125 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2126 [define if fflush(NULL) does not work])], 2127 AC_MSG_WARN([cross compiling: assuming working]) 2128) 2129 2130dnl Checks for time functions 2131AC_CHECK_FUNCS([gettimeofday time]) 2132dnl Checks for utmp functions 2133AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2134AC_CHECK_FUNCS([utmpname]) 2135dnl Checks for utmpx functions 2136AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2137AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2138dnl Checks for lastlog functions 2139AC_CHECK_FUNCS([getlastlogxbyname]) 2140 2141AC_CHECK_FUNC([daemon], 2142 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2143 [AC_CHECK_LIB([bsd], [daemon], 2144 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2145) 2146 2147AC_CHECK_FUNC([getpagesize], 2148 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2149 [Define if your libraries define getpagesize()])], 2150 [AC_CHECK_LIB([ucb], [getpagesize], 2151 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2152) 2153 2154# Check for broken snprintf 2155if test "x$ac_cv_func_snprintf" = "xyes" ; then 2156 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2157 AC_RUN_IFELSE( 2158 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 2159 [[ 2160 char b[5]; 2161 snprintf(b,5,"123456789"); 2162 exit(b[4]!='\0'); 2163 ]])], 2164 [AC_MSG_RESULT([yes])], 2165 [ 2166 AC_MSG_RESULT([no]) 2167 AC_DEFINE([BROKEN_SNPRINTF], [1], 2168 [Define if your snprintf is busted]) 2169 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2170 ], 2171 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2172 ) 2173fi 2174 2175if test "x$ac_cv_func_snprintf" = "xyes" ; then 2176 AC_MSG_CHECKING([whether snprintf understands %zu]) 2177 AC_RUN_IFELSE( 2178 [AC_LANG_PROGRAM([[ 2179#include <sys/types.h> 2180#include <stdio.h> 2181 ]], 2182 [[ 2183 size_t a = 1, b = 2; 2184 char z[128]; 2185 snprintf(z, sizeof z, "%zu%zu", a, b); 2186 exit(strcmp(z, "12")); 2187 ]])], 2188 [AC_MSG_RESULT([yes])], 2189 [ 2190 AC_MSG_RESULT([no]) 2191 AC_DEFINE([BROKEN_SNPRINTF], [1], 2192 [snprintf does not understand %zu]) 2193 ], 2194 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2195 ) 2196fi 2197 2198# We depend on vsnprintf returning the right thing on overflow: the 2199# number of characters it tried to create (as per SUSv3) 2200if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2201 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2202 AC_RUN_IFELSE( 2203 [AC_LANG_PROGRAM([[ 2204#include <sys/types.h> 2205#include <stdio.h> 2206#include <stdarg.h> 2207 2208int x_snprintf(char *str, size_t count, const char *fmt, ...) 2209{ 2210 size_t ret; 2211 va_list ap; 2212 2213 va_start(ap, fmt); 2214 ret = vsnprintf(str, count, fmt, ap); 2215 va_end(ap); 2216 return ret; 2217} 2218 ]], [[ 2219char x[1]; 2220if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2221 return 1; 2222if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2223 return 1; 2224return 0; 2225 ]])], 2226 [AC_MSG_RESULT([yes])], 2227 [ 2228 AC_MSG_RESULT([no]) 2229 AC_DEFINE([BROKEN_SNPRINTF], [1], 2230 [Define if your snprintf is busted]) 2231 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2232 ], 2233 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2234 ) 2235fi 2236 2237# On systems where [v]snprintf is broken, but is declared in stdio, 2238# check that the fmt argument is const char * or just char *. 2239# This is only useful for when BROKEN_SNPRINTF 2240AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2241AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2242#include <stdio.h> 2243int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2244 ]], [[ 2245 snprintf(0, 0, 0); 2246 ]])], 2247 [AC_MSG_RESULT([yes]) 2248 AC_DEFINE([SNPRINTF_CONST], [const], 2249 [Define as const if snprintf() can declare const char *fmt])], 2250 [AC_MSG_RESULT([no]) 2251 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2252 2253# Check for missing getpeereid (or equiv) support 2254NO_PEERCHECK="" 2255if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2256 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2257 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2258#include <sys/types.h> 2259#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2260 [ AC_MSG_RESULT([yes]) 2261 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2262 ], [AC_MSG_RESULT([no]) 2263 NO_PEERCHECK=1 2264 ]) 2265fi 2266 2267dnl see whether mkstemp() requires XXXXXX 2268if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 2269AC_MSG_CHECKING([for (overly) strict mkstemp]) 2270AC_RUN_IFELSE( 2271 [AC_LANG_PROGRAM([[ 2272#include <stdlib.h> 2273 ]], [[ 2274 char template[]="conftest.mkstemp-test"; 2275 if (mkstemp(template) == -1) 2276 exit(1); 2277 unlink(template); 2278 exit(0); 2279 ]])], 2280 [ 2281 AC_MSG_RESULT([no]) 2282 ], 2283 [ 2284 AC_MSG_RESULT([yes]) 2285 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) 2286 ], 2287 [ 2288 AC_MSG_RESULT([yes]) 2289 AC_DEFINE([HAVE_STRICT_MKSTEMP]) 2290 ] 2291) 2292fi 2293 2294dnl make sure that openpty does not reacquire controlling terminal 2295if test ! -z "$check_for_openpty_ctty_bug"; then 2296 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2297 AC_RUN_IFELSE( 2298 [AC_LANG_PROGRAM([[ 2299#include <stdio.h> 2300#include <sys/fcntl.h> 2301#include <sys/types.h> 2302#include <sys/wait.h> 2303 ]], [[ 2304 pid_t pid; 2305 int fd, ptyfd, ttyfd, status; 2306 2307 pid = fork(); 2308 if (pid < 0) { /* failed */ 2309 exit(1); 2310 } else if (pid > 0) { /* parent */ 2311 waitpid(pid, &status, 0); 2312 if (WIFEXITED(status)) 2313 exit(WEXITSTATUS(status)); 2314 else 2315 exit(2); 2316 } else { /* child */ 2317 close(0); close(1); close(2); 2318 setsid(); 2319 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2320 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2321 if (fd >= 0) 2322 exit(3); /* Acquired ctty: broken */ 2323 else 2324 exit(0); /* Did not acquire ctty: OK */ 2325 } 2326 ]])], 2327 [ 2328 AC_MSG_RESULT([yes]) 2329 ], 2330 [ 2331 AC_MSG_RESULT([no]) 2332 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2333 ], 2334 [ 2335 AC_MSG_RESULT([cross-compiling, assuming yes]) 2336 ] 2337 ) 2338fi 2339 2340if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2341 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2342 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2343 AC_RUN_IFELSE( 2344 [AC_LANG_PROGRAM([[ 2345#include <stdio.h> 2346#include <sys/socket.h> 2347#include <netdb.h> 2348#include <errno.h> 2349#include <netinet/in.h> 2350 2351#define TEST_PORT "2222" 2352 ]], [[ 2353 int err, sock; 2354 struct addrinfo *gai_ai, *ai, hints; 2355 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2356 2357 memset(&hints, 0, sizeof(hints)); 2358 hints.ai_family = PF_UNSPEC; 2359 hints.ai_socktype = SOCK_STREAM; 2360 hints.ai_flags = AI_PASSIVE; 2361 2362 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2363 if (err != 0) { 2364 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2365 exit(1); 2366 } 2367 2368 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2369 if (ai->ai_family != AF_INET6) 2370 continue; 2371 2372 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2373 sizeof(ntop), strport, sizeof(strport), 2374 NI_NUMERICHOST|NI_NUMERICSERV); 2375 2376 if (err != 0) { 2377 if (err == EAI_SYSTEM) 2378 perror("getnameinfo EAI_SYSTEM"); 2379 else 2380 fprintf(stderr, "getnameinfo failed: %s\n", 2381 gai_strerror(err)); 2382 exit(2); 2383 } 2384 2385 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2386 if (sock < 0) 2387 perror("socket"); 2388 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2389 if (errno == EBADF) 2390 exit(3); 2391 } 2392 } 2393 exit(0); 2394 ]])], 2395 [ 2396 AC_MSG_RESULT([yes]) 2397 ], 2398 [ 2399 AC_MSG_RESULT([no]) 2400 AC_DEFINE([BROKEN_GETADDRINFO]) 2401 ], 2402 [ 2403 AC_MSG_RESULT([cross-compiling, assuming yes]) 2404 ] 2405 ) 2406fi 2407 2408if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2409 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2410 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2411 AC_RUN_IFELSE( 2412 [AC_LANG_PROGRAM([[ 2413#include <stdio.h> 2414#include <sys/socket.h> 2415#include <netdb.h> 2416#include <errno.h> 2417#include <netinet/in.h> 2418 2419#define TEST_PORT "2222" 2420 ]], [[ 2421 int err, sock; 2422 struct addrinfo *gai_ai, *ai, hints; 2423 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2424 2425 memset(&hints, 0, sizeof(hints)); 2426 hints.ai_family = PF_UNSPEC; 2427 hints.ai_socktype = SOCK_STREAM; 2428 hints.ai_flags = AI_PASSIVE; 2429 2430 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2431 if (err != 0) { 2432 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2433 exit(1); 2434 } 2435 2436 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2437 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2438 continue; 2439 2440 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2441 sizeof(ntop), strport, sizeof(strport), 2442 NI_NUMERICHOST|NI_NUMERICSERV); 2443 2444 if (ai->ai_family == AF_INET && err != 0) { 2445 perror("getnameinfo"); 2446 exit(2); 2447 } 2448 } 2449 exit(0); 2450 ]])], 2451 [ 2452 AC_MSG_RESULT([yes]) 2453 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2454 [Define if you have a getaddrinfo that fails 2455 for the all-zeros IPv6 address]) 2456 ], 2457 [ 2458 AC_MSG_RESULT([no]) 2459 AC_DEFINE([BROKEN_GETADDRINFO]) 2460 ], 2461 [ 2462 AC_MSG_RESULT([cross-compiling, assuming no]) 2463 ] 2464 ) 2465fi 2466 2467if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2468 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2469 [#include <sys/types.h> 2470 #include <sys/socket.h> 2471 #include <netdb.h>]) 2472fi 2473 2474if test "x$check_for_conflicting_getspnam" = "x1"; then 2475 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2476 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]], 2477 [[ exit(0); ]])], 2478 [ 2479 AC_MSG_RESULT([no]) 2480 ], 2481 [ 2482 AC_MSG_RESULT([yes]) 2483 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2484 [Conflicting defs for getspnam]) 2485 ] 2486 ) 2487fi 2488 2489dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2490dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2491dnl for over ten years). Despite this incompatibility being reported during 2492dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2493dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2494dnl implementation. Try to detect this mess, and assume the only safe option 2495dnl if we're cross compiling. 2496dnl 2497dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2498dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2499if test "x$ac_cv_func_strnvis" = "xyes"; then 2500 AC_MSG_CHECKING([for working strnvis]) 2501 AC_RUN_IFELSE( 2502 [AC_LANG_PROGRAM([[ 2503#include <signal.h> 2504#include <stdlib.h> 2505#include <string.h> 2506#include <vis.h> 2507static void sighandler(int sig) { _exit(1); } 2508 ]], [[ 2509 char dst[16]; 2510 2511 signal(SIGSEGV, sighandler); 2512 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2513 exit(0); 2514 exit(1) 2515 ]])], 2516 [AC_MSG_RESULT([yes])], 2517 [AC_MSG_RESULT([no]) 2518 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2519 [AC_MSG_WARN([cross compiling: assuming broken]) 2520 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2521 ) 2522fi 2523 2524AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2525AC_RUN_IFELSE( 2526 [AC_LANG_PROGRAM([[ 2527#ifdef HAVE_SYS_SELECT 2528# include <sys/select.h> 2529#endif 2530#include <sys/types.h> 2531#include <sys/time.h> 2532#include <stdlib.h> 2533#include <signal.h> 2534static void sighandler(int sig) { } 2535 ]], [[ 2536 int r; 2537 pid_t pid; 2538 struct sigaction sa; 2539 2540 sa.sa_handler = sighandler; 2541 sa.sa_flags = SA_RESTART; 2542 (void)sigaction(SIGTERM, &sa, NULL); 2543 if ((pid = fork()) == 0) { /* child */ 2544 pid = getppid(); 2545 sleep(1); 2546 kill(pid, SIGTERM); 2547 sleep(1); 2548 if (getppid() == pid) /* if parent did not exit, shoot it */ 2549 kill(pid, SIGKILL); 2550 exit(0); 2551 } else { /* parent */ 2552 r = select(0, NULL, NULL, NULL, NULL); 2553 } 2554 exit(r == -1 ? 0 : 1); 2555 ]])], 2556 [AC_MSG_RESULT([yes])], 2557 [AC_MSG_RESULT([no]) 2558 AC_DEFINE([NO_SA_RESTART], [1], 2559 [SA_RESTARTed signals do no interrupt select])], 2560 [AC_MSG_WARN([cross compiling: assuming yes])] 2561) 2562 2563AC_CHECK_FUNCS([getpgrp],[ 2564 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2565 AC_COMPILE_IFELSE( 2566 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2567 [ AC_MSG_RESULT([yes]) 2568 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2569 [ AC_MSG_RESULT([no]) 2570 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2571 ) 2572]) 2573 2574# Search for OpenSSL 2575saved_CPPFLAGS="$CPPFLAGS" 2576saved_LDFLAGS="$LDFLAGS" 2577AC_ARG_WITH([ssl-dir], 2578 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2579 [ 2580 if test "x$openssl" = "xno" ; then 2581 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2582 fi 2583 if test "x$withval" != "xno" ; then 2584 case "$withval" in 2585 # Relative paths 2586 ./*|../*) withval="`pwd`/$withval" 2587 esac 2588 if test -d "$withval/lib"; then 2589 if test -n "${rpath_opt}"; then 2590 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 2591 else 2592 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2593 fi 2594 elif test -d "$withval/lib64"; then 2595 if test -n "${rpath_opt}"; then 2596 LDFLAGS="-L${withval}/lib64 ${rpath_opt}${withval}/lib64 ${LDFLAGS}" 2597 else 2598 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2599 fi 2600 else 2601 if test -n "${rpath_opt}"; then 2602 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 2603 else 2604 LDFLAGS="-L${withval} ${LDFLAGS}" 2605 fi 2606 fi 2607 if test -d "$withval/include"; then 2608 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2609 else 2610 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2611 fi 2612 fi 2613 ] 2614) 2615 2616AC_ARG_WITH([openssl-header-check], 2617 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2618 [ 2619 if test "x$withval" = "xno" ; then 2620 openssl_check_nonfatal=1 2621 fi 2622 ] 2623) 2624 2625openssl_engine=no 2626AC_ARG_WITH([ssl-engine], 2627 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2628 [ 2629 if test "x$withval" != "xno" ; then 2630 if test "x$openssl" = "xno" ; then 2631 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2632 fi 2633 openssl_engine=yes 2634 fi 2635 ] 2636) 2637 2638if test "x$openssl" = "xyes" ; then 2639 LIBS="-lcrypto $LIBS" 2640 AC_TRY_LINK_FUNC([RAND_add], , 2641 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2642 AC_CHECK_HEADER([openssl/opensslv.h], , 2643 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2644 2645 # Determine OpenSSL header version 2646 AC_MSG_CHECKING([OpenSSL header version]) 2647 AC_RUN_IFELSE( 2648 [AC_LANG_PROGRAM([[ 2649 #include <stdlib.h> 2650 #include <stdio.h> 2651 #include <string.h> 2652 #include <openssl/opensslv.h> 2653 #define DATA "conftest.sslincver" 2654 ]], [[ 2655 FILE *fd; 2656 int rc; 2657 2658 fd = fopen(DATA,"w"); 2659 if(fd == NULL) 2660 exit(1); 2661 2662 if ((rc = fprintf(fd, "%08lx (%s)\n", 2663 (unsigned long)OPENSSL_VERSION_NUMBER, 2664 OPENSSL_VERSION_TEXT)) < 0) 2665 exit(1); 2666 2667 exit(0); 2668 ]])], 2669 [ 2670 ssl_header_ver=`cat conftest.sslincver` 2671 AC_MSG_RESULT([$ssl_header_ver]) 2672 ], 2673 [ 2674 AC_MSG_RESULT([not found]) 2675 AC_MSG_ERROR([OpenSSL version header not found.]) 2676 ], 2677 [ 2678 AC_MSG_WARN([cross compiling: not checking]) 2679 ] 2680 ) 2681 2682 # Determining OpenSSL library version is version dependent. 2683 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2684 2685 # Determine OpenSSL library version 2686 AC_MSG_CHECKING([OpenSSL library version]) 2687 AC_RUN_IFELSE( 2688 [AC_LANG_PROGRAM([[ 2689 #include <stdio.h> 2690 #include <string.h> 2691 #include <openssl/opensslv.h> 2692 #include <openssl/crypto.h> 2693 #define DATA "conftest.ssllibver" 2694 ]], [[ 2695 FILE *fd; 2696 int rc; 2697 2698 fd = fopen(DATA,"w"); 2699 if(fd == NULL) 2700 exit(1); 2701#ifndef OPENSSL_VERSION 2702# define OPENSSL_VERSION SSLEAY_VERSION 2703#endif 2704#ifndef HAVE_OPENSSL_VERSION 2705# define OpenSSL_version SSLeay_version 2706#endif 2707#ifndef HAVE_OPENSSL_VERSION_NUM 2708# define OpenSSL_version_num SSLeay 2709#endif 2710 if ((rc = fprintf(fd, "%08lx (%s)\n", 2711 (unsigned long)OpenSSL_version_num(), 2712 OpenSSL_version(OPENSSL_VERSION))) < 0) 2713 exit(1); 2714 2715 exit(0); 2716 ]])], 2717 [ 2718 ssl_library_ver=`cat conftest.ssllibver` 2719 # Check version is supported. 2720 case "$ssl_library_ver" in 2721 10000*|0*) 2722 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2723 ;; 2724 100*) ;; # 1.0.x 2725 101000[[0123456]]*) 2726 # https://github.com/openssl/openssl/pull/4613 2727 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) 2728 ;; 2729 101*) ;; # 1.1.x 2730 200*) ;; # LibreSSL 2731 300*) ;; # OpenSSL development branch. 2732 *) 2733 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) 2734 ;; 2735 esac 2736 AC_MSG_RESULT([$ssl_library_ver]) 2737 ], 2738 [ 2739 AC_MSG_RESULT([not found]) 2740 AC_MSG_ERROR([OpenSSL library not found.]) 2741 ], 2742 [ 2743 AC_MSG_WARN([cross compiling: not checking]) 2744 ] 2745 ) 2746 2747 # Sanity check OpenSSL headers 2748 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2749 AC_RUN_IFELSE( 2750 [AC_LANG_PROGRAM([[ 2751 #include <string.h> 2752 #include <openssl/opensslv.h> 2753 #include <openssl/crypto.h> 2754 ]], [[ 2755#ifndef HAVE_OPENSSL_VERSION_NUM 2756# define OpenSSL_version_num SSLeay 2757#endif 2758 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2759 ]])], 2760 [ 2761 AC_MSG_RESULT([yes]) 2762 ], 2763 [ 2764 AC_MSG_RESULT([no]) 2765 if test "x$openssl_check_nonfatal" = "x"; then 2766 AC_MSG_ERROR([Your OpenSSL headers do not match your 2767 library. Check config.log for details. 2768 If you are sure your installation is consistent, you can disable the check 2769 by running "./configure --without-openssl-header-check". 2770 Also see contrib/findssl.sh for help identifying header/library mismatches. 2771 ]) 2772 else 2773 AC_MSG_WARN([Your OpenSSL headers do not match your 2774 library. Check config.log for details. 2775 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2776 fi 2777 ], 2778 [ 2779 AC_MSG_WARN([cross compiling: not checking]) 2780 ] 2781 ) 2782 2783 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2784 AC_LINK_IFELSE( 2785 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2786 [[ ERR_load_crypto_strings(); ]])], 2787 [ 2788 AC_MSG_RESULT([yes]) 2789 ], 2790 [ 2791 AC_MSG_RESULT([no]) 2792 saved_LIBS="$LIBS" 2793 LIBS="$LIBS -ldl" 2794 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2795 AC_LINK_IFELSE( 2796 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2797 [[ ERR_load_crypto_strings(); ]])], 2798 [ 2799 AC_MSG_RESULT([yes]) 2800 ], 2801 [ 2802 AC_MSG_RESULT([no]) 2803 LIBS="$saved_LIBS" 2804 ] 2805 ) 2806 ] 2807 ) 2808 2809 AC_CHECK_FUNCS([ \ 2810 BN_is_prime_ex \ 2811 DSA_generate_parameters_ex \ 2812 EVP_CIPHER_CTX_ctrl \ 2813 EVP_DigestFinal_ex \ 2814 EVP_DigestInit_ex \ 2815 EVP_MD_CTX_cleanup \ 2816 EVP_MD_CTX_copy_ex \ 2817 EVP_MD_CTX_init \ 2818 HMAC_CTX_init \ 2819 RSA_generate_key_ex \ 2820 RSA_get_default_method \ 2821 ]) 2822 2823 # OpenSSL_add_all_algorithms may be a macro. 2824 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 2825 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 2826 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 2827 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 2828 [[#include <openssl/evp.h>]] 2829 ) 2830 ) 2831 2832 # LibreSSL/OpenSSL 1.1x API 2833 AC_CHECK_FUNCS([ \ 2834 OPENSSL_init_crypto \ 2835 DH_get0_key \ 2836 DH_get0_pqg \ 2837 DH_set0_key \ 2838 DH_set_length \ 2839 DH_set0_pqg \ 2840 DSA_get0_key \ 2841 DSA_get0_pqg \ 2842 DSA_set0_key \ 2843 DSA_set0_pqg \ 2844 DSA_SIG_get0 \ 2845 DSA_SIG_set0 \ 2846 ECDSA_SIG_get0 \ 2847 ECDSA_SIG_set0 \ 2848 EVP_CIPHER_CTX_iv \ 2849 EVP_CIPHER_CTX_iv_noconst \ 2850 EVP_CIPHER_CTX_get_iv \ 2851 EVP_CIPHER_CTX_set_iv \ 2852 RSA_get0_crt_params \ 2853 RSA_get0_factors \ 2854 RSA_get0_key \ 2855 RSA_set0_crt_params \ 2856 RSA_set0_factors \ 2857 RSA_set0_key \ 2858 RSA_meth_free \ 2859 RSA_meth_dup \ 2860 RSA_meth_set1_name \ 2861 RSA_meth_get_finish \ 2862 RSA_meth_set_priv_enc \ 2863 RSA_meth_set_priv_dec \ 2864 RSA_meth_set_finish \ 2865 EVP_PKEY_get0_RSA \ 2866 EVP_MD_CTX_new \ 2867 EVP_MD_CTX_free \ 2868 EVP_chacha20 \ 2869 ]) 2870 2871 if test "x$openssl_engine" = "xyes" ; then 2872 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2873 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2874 #include <openssl/engine.h> 2875 ]], [[ 2876 ENGINE_load_builtin_engines(); 2877 ENGINE_register_all_complete(); 2878 ]])], 2879 [ AC_MSG_RESULT([yes]) 2880 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2881 [Enable OpenSSL engine support]) 2882 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2883 ]) 2884 fi 2885 2886 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2887 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2888 AC_LINK_IFELSE( 2889 [AC_LANG_PROGRAM([[ 2890 #include <string.h> 2891 #include <openssl/evp.h> 2892 ]], [[ 2893 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2894 ]])], 2895 [ 2896 AC_MSG_RESULT([no]) 2897 ], 2898 [ 2899 AC_MSG_RESULT([yes]) 2900 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2901 [libcrypto is missing AES 192 and 256 bit functions]) 2902 ] 2903 ) 2904 2905 # Check for OpenSSL with EVP_aes_*ctr 2906 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2907 AC_LINK_IFELSE( 2908 [AC_LANG_PROGRAM([[ 2909 #include <string.h> 2910 #include <openssl/evp.h> 2911 ]], [[ 2912 exit(EVP_aes_128_ctr() == NULL || 2913 EVP_aes_192_cbc() == NULL || 2914 EVP_aes_256_cbc() == NULL); 2915 ]])], 2916 [ 2917 AC_MSG_RESULT([yes]) 2918 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2919 [libcrypto has EVP AES CTR]) 2920 ], 2921 [ 2922 AC_MSG_RESULT([no]) 2923 ] 2924 ) 2925 2926 # Check for OpenSSL with EVP_aes_*gcm 2927 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2928 AC_LINK_IFELSE( 2929 [AC_LANG_PROGRAM([[ 2930 #include <string.h> 2931 #include <openssl/evp.h> 2932 ]], [[ 2933 exit(EVP_aes_128_gcm() == NULL || 2934 EVP_aes_256_gcm() == NULL || 2935 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2936 EVP_CTRL_GCM_IV_GEN == 0 || 2937 EVP_CTRL_GCM_SET_TAG == 0 || 2938 EVP_CTRL_GCM_GET_TAG == 0 || 2939 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2940 ]])], 2941 [ 2942 AC_MSG_RESULT([yes]) 2943 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2944 [libcrypto has EVP AES GCM]) 2945 ], 2946 [ 2947 AC_MSG_RESULT([no]) 2948 unsupported_algorithms="$unsupported_cipers \ 2949 aes128-gcm@openssh.com \ 2950 aes256-gcm@openssh.com" 2951 ] 2952 ) 2953 2954 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2955 AC_LINK_IFELSE( 2956 [AC_LANG_PROGRAM([[ 2957 #include <string.h> 2958 #include <openssl/evp.h> 2959 ]], [[ 2960 if(EVP_DigestUpdate(NULL, NULL,0)) 2961 exit(0); 2962 ]])], 2963 [ 2964 AC_MSG_RESULT([yes]) 2965 ], 2966 [ 2967 AC_MSG_RESULT([no]) 2968 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2969 [Define if EVP_DigestUpdate returns void]) 2970 ] 2971 ) 2972 2973 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2974 # because the system crypt() is more featureful. 2975 if test "x$check_for_libcrypt_before" = "x1"; then 2976 AC_CHECK_LIB([crypt], [crypt]) 2977 fi 2978 2979 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2980 # version in OpenSSL. 2981 if test "x$check_for_libcrypt_later" = "x1"; then 2982 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2983 fi 2984 AC_CHECK_FUNCS([crypt DES_crypt]) 2985 2986 # Check for SHA256, SHA384 and SHA512 support in OpenSSL 2987 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) 2988 2989 # Check complete ECC support in OpenSSL 2990 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 2991 AC_LINK_IFELSE( 2992 [AC_LANG_PROGRAM([[ 2993 #include <openssl/ec.h> 2994 #include <openssl/ecdh.h> 2995 #include <openssl/ecdsa.h> 2996 #include <openssl/evp.h> 2997 #include <openssl/objects.h> 2998 #include <openssl/opensslv.h> 2999 ]], [[ 3000 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3001 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3002 ]])], 3003 [ AC_MSG_RESULT([yes]) 3004 enable_nistp256=1 ], 3005 [ AC_MSG_RESULT([no]) ] 3006 ) 3007 3008 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3009 AC_LINK_IFELSE( 3010 [AC_LANG_PROGRAM([[ 3011 #include <openssl/ec.h> 3012 #include <openssl/ecdh.h> 3013 #include <openssl/ecdsa.h> 3014 #include <openssl/evp.h> 3015 #include <openssl/objects.h> 3016 #include <openssl/opensslv.h> 3017 ]], [[ 3018 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3019 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3020 ]])], 3021 [ AC_MSG_RESULT([yes]) 3022 enable_nistp384=1 ], 3023 [ AC_MSG_RESULT([no]) ] 3024 ) 3025 3026 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3027 AC_LINK_IFELSE( 3028 [AC_LANG_PROGRAM([[ 3029 #include <openssl/ec.h> 3030 #include <openssl/ecdh.h> 3031 #include <openssl/ecdsa.h> 3032 #include <openssl/evp.h> 3033 #include <openssl/objects.h> 3034 #include <openssl/opensslv.h> 3035 ]], [[ 3036 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3037 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3038 ]])], 3039 [ AC_MSG_RESULT([yes]) 3040 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3041 AC_RUN_IFELSE( 3042 [AC_LANG_PROGRAM([[ 3043 #include <openssl/ec.h> 3044 #include <openssl/ecdh.h> 3045 #include <openssl/ecdsa.h> 3046 #include <openssl/evp.h> 3047 #include <openssl/objects.h> 3048 #include <openssl/opensslv.h> 3049 ]],[[ 3050 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3051 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3052 exit(e == NULL || m == NULL); 3053 ]])], 3054 [ AC_MSG_RESULT([yes]) 3055 enable_nistp521=1 ], 3056 [ AC_MSG_RESULT([no]) ], 3057 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3058 enable_nistp521=1 ] 3059 )], 3060 AC_MSG_RESULT([no]) 3061 ) 3062 3063 COMMENT_OUT_ECC="#no ecc#" 3064 TEST_SSH_ECC=no 3065 3066 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3067 test x$enable_nistp521 = x1; then 3068 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3069 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3070 openssl_ecc=yes 3071 else 3072 openssl_ecc=no 3073 fi 3074 if test x$enable_nistp256 = x1; then 3075 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3076 [libcrypto has NID_X9_62_prime256v1]) 3077 TEST_SSH_ECC=yes 3078 COMMENT_OUT_ECC="" 3079 else 3080 unsupported_algorithms="$unsupported_algorithms \ 3081 ecdsa-sha2-nistp256 \ 3082 ecdh-sha2-nistp256 \ 3083 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3084 fi 3085 if test x$enable_nistp384 = x1; then 3086 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3087 TEST_SSH_ECC=yes 3088 COMMENT_OUT_ECC="" 3089 else 3090 unsupported_algorithms="$unsupported_algorithms \ 3091 ecdsa-sha2-nistp384 \ 3092 ecdh-sha2-nistp384 \ 3093 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3094 fi 3095 if test x$enable_nistp521 = x1; then 3096 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3097 TEST_SSH_ECC=yes 3098 COMMENT_OUT_ECC="" 3099 else 3100 unsupported_algorithms="$unsupported_algorithms \ 3101 ecdh-sha2-nistp521 \ 3102 ecdsa-sha2-nistp521 \ 3103 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3104 fi 3105 3106 AC_SUBST([TEST_SSH_ECC]) 3107 AC_SUBST([COMMENT_OUT_ECC]) 3108else 3109 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3110 AC_CHECK_FUNCS([crypt]) 3111fi 3112 3113# PKCS11/U2F depend on OpenSSL and dlopen(). 3114enable_pkcs11=yes 3115enable_sk=yes 3116if test "x$openssl" != "xyes" ; then 3117 enable_pkcs11="disabled; missing libcrypto" 3118 enable_sk="disabled; missing libcrypto" 3119fi 3120if test "x$openssl_ecc" != "xyes" ; then 3121 enable_sk="disabled; OpenSSL has no ECC support" 3122fi 3123if test "x$ac_cv_func_dlopen" != "xyes" ; then 3124 enable_pkcs11="disabled; missing dlopen(3)" 3125 enable_sk="disabled; missing dlopen(3)" 3126fi 3127if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3128 enable_pkcs11="disabled; missing RTLD_NOW" 3129 enable_sk="disabled; missing RTLD_NOW" 3130fi 3131if test ! -z "$disable_pkcs11" ; then 3132 enable_pkcs11="disabled by user" 3133fi 3134if test ! -z "$disable_sk" ; then 3135 enable_sk="disabled by user" 3136fi 3137 3138AC_MSG_CHECKING([whether to enable PKCS11]) 3139if test "x$enable_pkcs11" = "xyes" ; then 3140 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3141fi 3142AC_MSG_RESULT([$enable_pkcs11]) 3143 3144AC_MSG_CHECKING([whether to enable U2F]) 3145if test "x$enable_sk" = "xyes" ; then 3146 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3147 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3148else 3149 # Do not try to build sk-dummy library. 3150 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3151fi 3152AC_MSG_RESULT([$enable_sk]) 3153 3154# Now check for built-in security key support. 3155if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then 3156 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 3157 use_pkgconfig_for_libfido2= 3158 if test "x$PKGCONFIG" != "xno"; then 3159 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3160 if "$PKGCONFIG" libfido2; then 3161 AC_MSG_RESULT([yes]) 3162 use_pkgconfig_for_libfido2=yes 3163 else 3164 AC_MSG_RESULT([no]) 3165 fi 3166 fi 3167 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3168 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3169 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3170 else 3171 LIBFIDO2="-lfido2 -lcbor" 3172 fi 3173 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3174 AC_CHECK_LIB([fido2], [fido_init], 3175 [ 3176 AC_SUBST([LIBFIDO2]) 3177 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3178 [Enable for built-in U2F/FIDO support]) 3179 enable_sk="built-in" 3180 ], [ AC_MSG_ERROR([no usable libfido2 found]) ], 3181 [ $OTHERLIBS ] 3182 ) 3183 saved_LIBS="$LIBS" 3184 LIBS="$LIBS $LIBFIDO2" 3185 AC_CHECK_FUNCS([ \ 3186 fido_cred_set_prot \ 3187 fido_dev_get_touch_status \ 3188 fido_dev_supports_cred_prot \ 3189 ]) 3190 LIBS="$saved_LIBS" 3191 AC_CHECK_HEADER([fido.h], [], 3192 AC_MSG_ERROR([missing fido.h from libfido2])) 3193 AC_CHECK_HEADER([fido/credman.h], [], 3194 AC_MSG_ERROR([missing fido/credman.h from libfido2]), 3195 [#include <fido.h>] 3196 ) 3197fi 3198 3199AC_CHECK_FUNCS([ \ 3200 arc4random \ 3201 arc4random_buf \ 3202 arc4random_stir \ 3203 arc4random_uniform \ 3204]) 3205 3206saved_LIBS="$LIBS" 3207AC_CHECK_LIB([iaf], [ia_openinfo], [ 3208 LIBS="$LIBS -liaf" 3209 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3210 AC_DEFINE([HAVE_LIBIAF], [1], 3211 [Define if system has libiaf that supports set_id]) 3212 ]) 3213]) 3214LIBS="$saved_LIBS" 3215 3216### Configure cryptographic random number support 3217 3218# Check whether OpenSSL seeds itself 3219if test "x$openssl" = "xyes" ; then 3220 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3221 AC_RUN_IFELSE( 3222 [AC_LANG_PROGRAM([[ 3223 #include <string.h> 3224 #include <openssl/rand.h> 3225 ]], [[ 3226 exit(RAND_status() == 1 ? 0 : 1); 3227 ]])], 3228 [ 3229 OPENSSL_SEEDS_ITSELF=yes 3230 AC_MSG_RESULT([yes]) 3231 ], 3232 [ 3233 AC_MSG_RESULT([no]) 3234 ], 3235 [ 3236 AC_MSG_WARN([cross compiling: assuming yes]) 3237 # This is safe, since we will fatal() at runtime if 3238 # OpenSSL is not seeded correctly. 3239 OPENSSL_SEEDS_ITSELF=yes 3240 ] 3241 ) 3242fi 3243 3244# PRNGD TCP socket 3245AC_ARG_WITH([prngd-port], 3246 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3247 [ 3248 case "$withval" in 3249 no) 3250 withval="" 3251 ;; 3252 [[0-9]]*) 3253 ;; 3254 *) 3255 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3256 ;; 3257 esac 3258 if test ! -z "$withval" ; then 3259 PRNGD_PORT="$withval" 3260 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3261 [Port number of PRNGD/EGD random number socket]) 3262 fi 3263 ] 3264) 3265 3266# PRNGD Unix domain socket 3267AC_ARG_WITH([prngd-socket], 3268 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3269 [ 3270 case "$withval" in 3271 yes) 3272 withval="/var/run/egd-pool" 3273 ;; 3274 no) 3275 withval="" 3276 ;; 3277 /*) 3278 ;; 3279 *) 3280 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3281 ;; 3282 esac 3283 3284 if test ! -z "$withval" ; then 3285 if test ! -z "$PRNGD_PORT" ; then 3286 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3287 fi 3288 if test ! -r "$withval" ; then 3289 AC_MSG_WARN([Entropy socket is not readable]) 3290 fi 3291 PRNGD_SOCKET="$withval" 3292 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3293 [Location of PRNGD/EGD random number socket]) 3294 fi 3295 ], 3296 [ 3297 # Check for existing socket only if we don't have a random device already 3298 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3299 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3300 # Insert other locations here 3301 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3302 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3303 PRNGD_SOCKET="$sock" 3304 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3305 break; 3306 fi 3307 done 3308 if test ! -z "$PRNGD_SOCKET" ; then 3309 AC_MSG_RESULT([$PRNGD_SOCKET]) 3310 else 3311 AC_MSG_RESULT([not found]) 3312 fi 3313 fi 3314 ] 3315) 3316 3317# Which randomness source do we use? 3318if test ! -z "$PRNGD_PORT" ; then 3319 RAND_MSG="PRNGd port $PRNGD_PORT" 3320elif test ! -z "$PRNGD_SOCKET" ; then 3321 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3322elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3323 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3324 [Define if you want the OpenSSL internally seeded PRNG only]) 3325 RAND_MSG="OpenSSL internal ONLY" 3326elif test "x$openssl" = "xno" ; then 3327 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3328else 3329 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3330fi 3331 3332# Check for PAM libs 3333PAM_MSG="no" 3334AC_ARG_WITH([pam], 3335 [ --with-pam Enable PAM support ], 3336 [ 3337 if test "x$withval" != "xno" ; then 3338 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3339 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3340 AC_MSG_ERROR([PAM headers not found]) 3341 fi 3342 3343 saved_LIBS="$LIBS" 3344 AC_CHECK_LIB([dl], [dlopen], , ) 3345 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3346 AC_CHECK_FUNCS([pam_getenvlist]) 3347 AC_CHECK_FUNCS([pam_putenv]) 3348 LIBS="$saved_LIBS" 3349 3350 PAM_MSG="yes" 3351 3352 SSHDLIBS="$SSHDLIBS -lpam" 3353 AC_DEFINE([USE_PAM], [1], 3354 [Define if you want to enable PAM support]) 3355 3356 if test $ac_cv_lib_dl_dlopen = yes; then 3357 case "$LIBS" in 3358 *-ldl*) 3359 # libdl already in LIBS 3360 ;; 3361 *) 3362 SSHDLIBS="$SSHDLIBS -ldl" 3363 ;; 3364 esac 3365 fi 3366 fi 3367 ] 3368) 3369 3370AC_ARG_WITH([pam-service], 3371 [ --with-pam-service=name Specify PAM service name ], 3372 [ 3373 if test "x$withval" != "xno" && \ 3374 test "x$withval" != "xyes" ; then 3375 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3376 ["$withval"], [sshd PAM service name]) 3377 fi 3378 ] 3379) 3380 3381# Check for older PAM 3382if test "x$PAM_MSG" = "xyes" ; then 3383 # Check PAM strerror arguments (old PAM) 3384 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3385 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3386#include <stdlib.h> 3387#if defined(HAVE_SECURITY_PAM_APPL_H) 3388#include <security/pam_appl.h> 3389#elif defined (HAVE_PAM_PAM_APPL_H) 3390#include <pam/pam_appl.h> 3391#endif 3392 ]], [[ 3393(void)pam_strerror((pam_handle_t *)NULL, -1); 3394 ]])], [AC_MSG_RESULT([no])], [ 3395 AC_DEFINE([HAVE_OLD_PAM], [1], 3396 [Define if you have an old version of PAM 3397 which takes only one argument to pam_strerror]) 3398 AC_MSG_RESULT([yes]) 3399 PAM_MSG="yes (old library)" 3400 3401 ]) 3402fi 3403 3404case "$host" in 3405*-*-cygwin*) 3406 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3407 ;; 3408*) 3409 SSH_PRIVSEP_USER=sshd 3410 ;; 3411esac 3412AC_ARG_WITH([privsep-user], 3413 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3414 [ 3415 if test -n "$withval" && test "x$withval" != "xno" && \ 3416 test "x${withval}" != "xyes"; then 3417 SSH_PRIVSEP_USER=$withval 3418 fi 3419 ] 3420) 3421if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3422 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3423 [Cygwin function to fetch non-privileged user for privilege separation]) 3424else 3425 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3426 [non-privileged user for privilege separation]) 3427fi 3428AC_SUBST([SSH_PRIVSEP_USER]) 3429 3430if test "x$have_linux_no_new_privs" = "x1" ; then 3431AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3432 #include <sys/types.h> 3433 #include <linux/seccomp.h> 3434]) 3435fi 3436if test "x$have_seccomp_filter" = "x1" ; then 3437AC_MSG_CHECKING([kernel for seccomp_filter support]) 3438AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3439 #include <errno.h> 3440 #include <elf.h> 3441 #include <linux/audit.h> 3442 #include <linux/seccomp.h> 3443 #include <stdlib.h> 3444 #include <sys/prctl.h> 3445 ]], 3446 [[ int i = $seccomp_audit_arch; 3447 errno = 0; 3448 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3449 exit(errno == EFAULT ? 0 : 1); ]])], 3450 [ AC_MSG_RESULT([yes]) ], [ 3451 AC_MSG_RESULT([no]) 3452 # Disable seccomp filter as a target 3453 have_seccomp_filter=0 3454 ] 3455) 3456fi 3457 3458# Decide which sandbox style to use 3459sandbox_arg="" 3460AC_ARG_WITH([sandbox], 3461 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3462 [ 3463 if test "x$withval" = "xyes" ; then 3464 sandbox_arg="" 3465 else 3466 sandbox_arg="$withval" 3467 fi 3468 ] 3469) 3470 3471# Some platforms (seems to be the ones that have a kernel poll(2)-type 3472# function with which they implement select(2)) use an extra file descriptor 3473# when calling select(2), which means we can't use the rlimit sandbox. 3474AC_MSG_CHECKING([if select works with descriptor rlimit]) 3475AC_RUN_IFELSE( 3476 [AC_LANG_PROGRAM([[ 3477#include <sys/types.h> 3478#ifdef HAVE_SYS_TIME_H 3479# include <sys/time.h> 3480#endif 3481#include <sys/resource.h> 3482#ifdef HAVE_SYS_SELECT_H 3483# include <sys/select.h> 3484#endif 3485#include <errno.h> 3486#include <fcntl.h> 3487#include <stdlib.h> 3488 ]],[[ 3489 struct rlimit rl_zero; 3490 int fd, r; 3491 fd_set fds; 3492 struct timeval tv; 3493 3494 fd = open("/dev/null", O_RDONLY); 3495 FD_ZERO(&fds); 3496 FD_SET(fd, &fds); 3497 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3498 setrlimit(RLIMIT_FSIZE, &rl_zero); 3499 setrlimit(RLIMIT_NOFILE, &rl_zero); 3500 tv.tv_sec = 1; 3501 tv.tv_usec = 0; 3502 r = select(fd+1, &fds, NULL, NULL, &tv); 3503 exit (r == -1 ? 1 : 0); 3504 ]])], 3505 [AC_MSG_RESULT([yes]) 3506 select_works_with_rlimit=yes], 3507 [AC_MSG_RESULT([no]) 3508 select_works_with_rlimit=no], 3509 [AC_MSG_WARN([cross compiling: assuming yes]) 3510 select_works_with_rlimit=yes] 3511) 3512 3513AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3514AC_RUN_IFELSE( 3515 [AC_LANG_PROGRAM([[ 3516#include <sys/types.h> 3517#ifdef HAVE_SYS_TIME_H 3518# include <sys/time.h> 3519#endif 3520#include <sys/resource.h> 3521#include <errno.h> 3522#include <stdlib.h> 3523 ]],[[ 3524 struct rlimit rl_zero; 3525 int r; 3526 3527 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3528 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3529 exit (r == -1 ? 1 : 0); 3530 ]])], 3531 [AC_MSG_RESULT([yes]) 3532 rlimit_nofile_zero_works=yes], 3533 [AC_MSG_RESULT([no]) 3534 rlimit_nofile_zero_works=no], 3535 [AC_MSG_WARN([cross compiling: assuming yes]) 3536 rlimit_nofile_zero_works=yes] 3537) 3538 3539AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3540AC_RUN_IFELSE( 3541 [AC_LANG_PROGRAM([[ 3542#include <sys/types.h> 3543#include <sys/resource.h> 3544#include <stdlib.h> 3545 ]],[[ 3546 struct rlimit rl_zero; 3547 3548 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3549 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3550 ]])], 3551 [AC_MSG_RESULT([yes])], 3552 [AC_MSG_RESULT([no]) 3553 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3554 [setrlimit RLIMIT_FSIZE works])], 3555 [AC_MSG_WARN([cross compiling: assuming yes])] 3556) 3557 3558if test "x$sandbox_arg" = "xpledge" || \ 3559 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3560 test "x$ac_cv_func_pledge" != "xyes" && \ 3561 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3562 SANDBOX_STYLE="pledge" 3563 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3564elif test "x$sandbox_arg" = "xsystrace" || \ 3565 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3566 test "x$have_systr_policy_kill" != "x1" && \ 3567 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3568 SANDBOX_STYLE="systrace" 3569 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3570elif test "x$sandbox_arg" = "xdarwin" || \ 3571 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3572 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3573 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3574 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3575 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3576 SANDBOX_STYLE="darwin" 3577 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3578elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3579 ( test -z "$sandbox_arg" && \ 3580 test "x$have_seccomp_filter" = "x1" && \ 3581 test "x$ac_cv_header_elf_h" = "xyes" && \ 3582 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3583 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3584 test "x$seccomp_audit_arch" != "x" && \ 3585 test "x$have_linux_no_new_privs" = "x1" && \ 3586 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3587 test "x$seccomp_audit_arch" = "x" && \ 3588 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3589 test "x$have_linux_no_new_privs" != "x1" && \ 3590 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3591 test "x$have_seccomp_filter" != "x1" && \ 3592 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3593 test "x$ac_cv_func_prctl" != "xyes" && \ 3594 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3595 SANDBOX_STYLE="seccomp_filter" 3596 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3597elif test "x$sandbox_arg" = "xcapsicum" || \ 3598 ( test -z "$sandbox_arg" && \ 3599 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3600 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3601 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3602 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3603 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3604 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3605 SANDBOX_STYLE="capsicum" 3606 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3607elif test "x$sandbox_arg" = "xrlimit" || \ 3608 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3609 test "x$select_works_with_rlimit" = "xyes" && \ 3610 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3611 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3612 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3613 test "x$select_works_with_rlimit" != "xyes" && \ 3614 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3615 SANDBOX_STYLE="rlimit" 3616 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3617elif test "x$sandbox_arg" = "xsolaris" || \ 3618 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3619 SANDBOX_STYLE="solaris" 3620 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3621elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3622 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3623 SANDBOX_STYLE="none" 3624 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3625else 3626 AC_MSG_ERROR([unsupported --with-sandbox]) 3627fi 3628 3629# Cheap hack to ensure NEWS-OS libraries are arranged right. 3630if test ! -z "$SONY" ; then 3631 LIBS="$LIBS -liberty"; 3632fi 3633 3634# Check for long long datatypes 3635AC_CHECK_TYPES([long long, unsigned long long, long double]) 3636 3637# Check datatype sizes 3638AC_CHECK_SIZEOF([short int]) 3639AC_CHECK_SIZEOF([int]) 3640AC_CHECK_SIZEOF([long int]) 3641AC_CHECK_SIZEOF([long long int]) 3642 3643# Sanity check long long for some platforms (AIX) 3644if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3645 ac_cv_sizeof_long_long_int=0 3646fi 3647 3648# compute LLONG_MIN and LLONG_MAX if we don't know them. 3649if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3650 AC_MSG_CHECKING([for max value of long long]) 3651 AC_RUN_IFELSE( 3652 [AC_LANG_PROGRAM([[ 3653#include <stdio.h> 3654/* Why is this so damn hard? */ 3655#ifdef __GNUC__ 3656# undef __GNUC__ 3657#endif 3658#define __USE_ISOC99 3659#include <limits.h> 3660#define DATA "conftest.llminmax" 3661#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3662 3663/* 3664 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3665 * we do this the hard way. 3666 */ 3667static int 3668fprint_ll(FILE *f, long long n) 3669{ 3670 unsigned int i; 3671 int l[sizeof(long long) * 8]; 3672 3673 if (n < 0) 3674 if (fprintf(f, "-") < 0) 3675 return -1; 3676 for (i = 0; n != 0; i++) { 3677 l[i] = my_abs(n % 10); 3678 n /= 10; 3679 } 3680 do { 3681 if (fprintf(f, "%d", l[--i]) < 0) 3682 return -1; 3683 } while (i != 0); 3684 if (fprintf(f, " ") < 0) 3685 return -1; 3686 return 0; 3687} 3688 ]], [[ 3689 FILE *f; 3690 long long i, llmin, llmax = 0; 3691 3692 if((f = fopen(DATA,"w")) == NULL) 3693 exit(1); 3694 3695#if defined(LLONG_MIN) && defined(LLONG_MAX) 3696 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3697 llmin = LLONG_MIN; 3698 llmax = LLONG_MAX; 3699#else 3700 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3701 /* This will work on one's complement and two's complement */ 3702 for (i = 1; i > llmax; i <<= 1, i++) 3703 llmax = i; 3704 llmin = llmax + 1LL; /* wrap */ 3705#endif 3706 3707 /* Sanity check */ 3708 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3709 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3710 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3711 fprintf(f, "unknown unknown\n"); 3712 exit(2); 3713 } 3714 3715 if (fprint_ll(f, llmin) < 0) 3716 exit(3); 3717 if (fprint_ll(f, llmax) < 0) 3718 exit(4); 3719 if (fclose(f) < 0) 3720 exit(5); 3721 exit(0); 3722 ]])], 3723 [ 3724 llong_min=`$AWK '{print $1}' conftest.llminmax` 3725 llong_max=`$AWK '{print $2}' conftest.llminmax` 3726 3727 AC_MSG_RESULT([$llong_max]) 3728 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3729 [max value of long long calculated by configure]) 3730 AC_MSG_CHECKING([for min value of long long]) 3731 AC_MSG_RESULT([$llong_min]) 3732 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3733 [min value of long long calculated by configure]) 3734 ], 3735 [ 3736 AC_MSG_RESULT([not found]) 3737 ], 3738 [ 3739 AC_MSG_WARN([cross compiling: not checking]) 3740 ] 3741 ) 3742fi 3743 3744AC_CHECK_DECLS([UINT32_MAX], , , [[ 3745#ifdef HAVE_SYS_LIMITS_H 3746# include <sys/limits.h> 3747#endif 3748#ifdef HAVE_LIMITS_H 3749# include <limits.h> 3750#endif 3751#ifdef HAVE_STDINT_H 3752# include <stdint.h> 3753#endif 3754]]) 3755 3756# More checks for data types 3757AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3758 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3759 [[ u_int a; a = 1;]])], 3760 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3761 ]) 3762]) 3763if test "x$ac_cv_have_u_int" = "xyes" ; then 3764 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3765 have_u_int=1 3766fi 3767 3768AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3769 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3770 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3771 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3772 ]) 3773]) 3774if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3775 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3776 have_intxx_t=1 3777fi 3778 3779if (test -z "$have_intxx_t" && \ 3780 test "x$ac_cv_header_stdint_h" = "xyes") 3781then 3782 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3783 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3784 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3785 [ 3786 AC_DEFINE([HAVE_INTXX_T]) 3787 AC_MSG_RESULT([yes]) 3788 ], [ AC_MSG_RESULT([no]) 3789 ]) 3790fi 3791 3792AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3793 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3794#include <sys/types.h> 3795#ifdef HAVE_STDINT_H 3796# include <stdint.h> 3797#endif 3798#include <sys/socket.h> 3799#ifdef HAVE_SYS_BITYPES_H 3800# include <sys/bitypes.h> 3801#endif 3802 ]], [[ 3803int64_t a; a = 1; 3804 ]])], 3805 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3806 ]) 3807]) 3808if test "x$ac_cv_have_int64_t" = "xyes" ; then 3809 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3810fi 3811 3812AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3813 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3814 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3815 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3816 ]) 3817]) 3818if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3819 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3820 have_u_intxx_t=1 3821fi 3822 3823if test -z "$have_u_intxx_t" ; then 3824 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3825 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3826 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3827 [ 3828 AC_DEFINE([HAVE_U_INTXX_T]) 3829 AC_MSG_RESULT([yes]) 3830 ], [ AC_MSG_RESULT([no]) 3831 ]) 3832fi 3833 3834AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3835 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3836 [[ u_int64_t a; a = 1;]])], 3837 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3838 ]) 3839]) 3840if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3841 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3842 have_u_int64_t=1 3843fi 3844 3845if (test -z "$have_u_int64_t" && \ 3846 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3847then 3848 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3849 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3850 [[ u_int64_t a; a = 1]])], 3851 [ 3852 AC_DEFINE([HAVE_U_INT64_T]) 3853 AC_MSG_RESULT([yes]) 3854 ], [ AC_MSG_RESULT([no]) 3855 ]) 3856fi 3857 3858if test -z "$have_u_intxx_t" ; then 3859 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3860 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3861#include <sys/types.h> 3862 ]], [[ 3863 uint8_t a; 3864 uint16_t b; 3865 uint32_t c; 3866 a = b = c = 1; 3867 ]])], 3868 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3869 ]) 3870 ]) 3871 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3872 AC_DEFINE([HAVE_UINTXX_T], [1], 3873 [define if you have uintxx_t data type]) 3874 fi 3875fi 3876 3877if (test -z "$have_uintxx_t" && \ 3878 test "x$ac_cv_header_stdint_h" = "xyes") 3879then 3880 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3881 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3882 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3883 [ 3884 AC_DEFINE([HAVE_UINTXX_T]) 3885 AC_MSG_RESULT([yes]) 3886 ], [ AC_MSG_RESULT([no]) 3887 ]) 3888fi 3889 3890if (test -z "$have_uintxx_t" && \ 3891 test "x$ac_cv_header_inttypes_h" = "xyes") 3892then 3893 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3894 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3895 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3896 [ 3897 AC_DEFINE([HAVE_UINTXX_T]) 3898 AC_MSG_RESULT([yes]) 3899 ], [ AC_MSG_RESULT([no]) 3900 ]) 3901fi 3902 3903if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3904 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3905then 3906 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3907 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3908#include <sys/bitypes.h> 3909 ]], [[ 3910 int8_t a; int16_t b; int32_t c; 3911 u_int8_t e; u_int16_t f; u_int32_t g; 3912 a = b = c = e = f = g = 1; 3913 ]])], 3914 [ 3915 AC_DEFINE([HAVE_U_INTXX_T]) 3916 AC_DEFINE([HAVE_INTXX_T]) 3917 AC_MSG_RESULT([yes]) 3918 ], [AC_MSG_RESULT([no]) 3919 ]) 3920fi 3921 3922 3923AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3924 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3925 [[ u_char foo; foo = 125; ]])], 3926 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3927 ]) 3928]) 3929if test "x$ac_cv_have_u_char" = "xyes" ; then 3930 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3931fi 3932 3933AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3934#include <sys/types.h> 3935#ifdef HAVE_STDINT_H 3936# include <stdint.h> 3937#endif 3938]) 3939 3940TYPE_SOCKLEN_T 3941 3942AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3943AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3944#include <sys/types.h> 3945#ifdef HAVE_SYS_BITYPES_H 3946#include <sys/bitypes.h> 3947#endif 3948#ifdef HAVE_SYS_STATFS_H 3949#include <sys/statfs.h> 3950#endif 3951#ifdef HAVE_SYS_STATVFS_H 3952#include <sys/statvfs.h> 3953#endif 3954]) 3955 3956AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 3957#include <sys/param.h> 3958#include <sys/types.h> 3959#ifdef HAVE_SYS_BITYPES_H 3960#include <sys/bitypes.h> 3961#endif 3962#ifdef HAVE_SYS_STATFS_H 3963#include <sys/statfs.h> 3964#endif 3965#ifdef HAVE_SYS_STATVFS_H 3966#include <sys/statvfs.h> 3967#endif 3968#ifdef HAVE_SYS_VFS_H 3969#include <sys/vfs.h> 3970#endif 3971#ifdef HAVE_SYS_MOUNT_H 3972#include <sys/mount.h> 3973#endif 3974]]) 3975 3976 3977AC_CHECK_TYPES([in_addr_t, in_port_t], , , 3978[#include <sys/types.h> 3979#include <netinet/in.h>]) 3980 3981AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3982 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3983 [[ size_t foo; foo = 1235; ]])], 3984 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 3985 ]) 3986]) 3987if test "x$ac_cv_have_size_t" = "xyes" ; then 3988 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 3989fi 3990 3991AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 3992 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3993 [[ ssize_t foo; foo = 1235; ]])], 3994 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 3995 ]) 3996]) 3997if test "x$ac_cv_have_ssize_t" = "xyes" ; then 3998 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 3999fi 4000 4001AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 4002 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4003 [[ clock_t foo; foo = 1235; ]])], 4004 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4005 ]) 4006]) 4007if test "x$ac_cv_have_clock_t" = "xyes" ; then 4008 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4009fi 4010 4011AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4012 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4013#include <sys/types.h> 4014#include <sys/socket.h> 4015 ]], [[ sa_family_t foo; foo = 1235; ]])], 4016 [ ac_cv_have_sa_family_t="yes" ], 4017 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4018#include <sys/types.h> 4019#include <sys/socket.h> 4020#include <netinet/in.h> 4021 ]], [[ sa_family_t foo; foo = 1235; ]])], 4022 [ ac_cv_have_sa_family_t="yes" ], 4023 [ ac_cv_have_sa_family_t="no" ] 4024 ) 4025 ]) 4026]) 4027if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4028 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4029 [define if you have sa_family_t data type]) 4030fi 4031 4032AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4033 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4034 [[ pid_t foo; foo = 1235; ]])], 4035 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4036 ]) 4037]) 4038if test "x$ac_cv_have_pid_t" = "xyes" ; then 4039 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4040fi 4041 4042AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4043 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4044 [[ mode_t foo; foo = 1235; ]])], 4045 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4046 ]) 4047]) 4048if test "x$ac_cv_have_mode_t" = "xyes" ; then 4049 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4050fi 4051 4052 4053AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4054 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4055#include <sys/types.h> 4056#include <sys/socket.h> 4057 ]], [[ struct sockaddr_storage s; ]])], 4058 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4059 [ ac_cv_have_struct_sockaddr_storage="no" 4060 ]) 4061]) 4062if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4063 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4064 [define if you have struct sockaddr_storage data type]) 4065fi 4066 4067AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4068 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4069#include <sys/types.h> 4070#include <netinet/in.h> 4071 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4072 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4073 [ ac_cv_have_struct_sockaddr_in6="no" 4074 ]) 4075]) 4076if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4077 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4078 [define if you have struct sockaddr_in6 data type]) 4079fi 4080 4081AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4082 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4083#include <sys/types.h> 4084#include <netinet/in.h> 4085 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4086 [ ac_cv_have_struct_in6_addr="yes" ], 4087 [ ac_cv_have_struct_in6_addr="no" 4088 ]) 4089]) 4090if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4091 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4092 [define if you have struct in6_addr data type]) 4093 4094dnl Now check for sin6_scope_id 4095 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4096 [ 4097#ifdef HAVE_SYS_TYPES_H 4098#include <sys/types.h> 4099#endif 4100#include <netinet/in.h> 4101 ]) 4102fi 4103 4104AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4105 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4106#include <sys/types.h> 4107#include <sys/socket.h> 4108#include <netdb.h> 4109 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4110 [ ac_cv_have_struct_addrinfo="yes" ], 4111 [ ac_cv_have_struct_addrinfo="no" 4112 ]) 4113]) 4114if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4115 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4116 [define if you have struct addrinfo data type]) 4117fi 4118 4119AC_HEADER_TIME 4120 4121AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4122 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4123 [[ struct timeval tv; tv.tv_sec = 1;]])], 4124 [ ac_cv_have_struct_timeval="yes" ], 4125 [ ac_cv_have_struct_timeval="no" 4126 ]) 4127]) 4128if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4129 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4130 have_struct_timeval=1 4131fi 4132 4133AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4134 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4135 #ifdef TIME_WITH_SYS_TIME 4136 # include <sys/time.h> 4137 # include <time.h> 4138 #else 4139 # ifdef HAVE_SYS_TIME_H 4140 # include <sys/time.h> 4141 # else 4142 # include <time.h> 4143 # endif 4144 #endif 4145 ]], 4146 [[ struct timespec ts; ts.tv_sec = 1;]])], 4147 [ ac_cv_have_struct_timespec="yes" ], 4148 [ ac_cv_have_struct_timespec="no" 4149 ]) 4150]) 4151if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4152 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4153 have_struct_timespec=1 4154fi 4155 4156# We need int64_t or else certain parts of the compile will fail. 4157if test "x$ac_cv_have_int64_t" = "xno" && \ 4158 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4159 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4160 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4161 echo "an alternative compiler (I.E., GCC) before continuing." 4162 echo "" 4163 exit 1; 4164else 4165dnl test snprintf (broken on SCO w/gcc) 4166 AC_RUN_IFELSE( 4167 [AC_LANG_SOURCE([[ 4168#include <stdio.h> 4169#include <string.h> 4170#ifdef HAVE_SNPRINTF 4171main() 4172{ 4173 char buf[50]; 4174 char expected_out[50]; 4175 int mazsize = 50 ; 4176#if (SIZEOF_LONG_INT == 8) 4177 long int num = 0x7fffffffffffffff; 4178#else 4179 long long num = 0x7fffffffffffffffll; 4180#endif 4181 strcpy(expected_out, "9223372036854775807"); 4182 snprintf(buf, mazsize, "%lld", num); 4183 if(strcmp(buf, expected_out) != 0) 4184 exit(1); 4185 exit(0); 4186} 4187#else 4188main() { exit(0); } 4189#endif 4190 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4191 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4192 ) 4193fi 4194 4195dnl Checks for structure members 4196OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4197OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4198OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4199OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4200OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4201OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4202OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4203OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4204OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4205OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4206OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4207OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4208OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4209OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4210OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4211OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4212OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4213OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX]) 4214 4215AC_CHECK_MEMBERS([struct stat.st_blksize]) 4216AC_CHECK_MEMBERS([struct stat.st_mtim]) 4217AC_CHECK_MEMBERS([struct stat.st_mtime]) 4218AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4219struct passwd.pw_change, struct passwd.pw_expire], 4220[], [], [[ 4221#include <sys/types.h> 4222#include <pwd.h> 4223]]) 4224 4225AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4226 [Define if we don't have struct __res_state in resolv.h])], 4227[[ 4228#include <stdio.h> 4229#if HAVE_SYS_TYPES_H 4230# include <sys/types.h> 4231#endif 4232#include <netinet/in.h> 4233#include <arpa/nameser.h> 4234#include <resolv.h> 4235]]) 4236 4237AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4238 ac_cv_have_ss_family_in_struct_ss, [ 4239 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4240#include <sys/types.h> 4241#include <sys/socket.h> 4242 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4243 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4244 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4245]) 4246if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4247 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4248fi 4249 4250AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4251 ac_cv_have___ss_family_in_struct_ss, [ 4252 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4253#include <sys/types.h> 4254#include <sys/socket.h> 4255 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4256 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4257 [ ac_cv_have___ss_family_in_struct_ss="no" 4258 ]) 4259]) 4260if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4261 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4262 [Fields in struct sockaddr_storage]) 4263fi 4264 4265dnl make sure we're using the real structure members and not defines 4266AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4267 ac_cv_have_accrights_in_msghdr, [ 4268 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4269#include <sys/types.h> 4270#include <sys/socket.h> 4271#include <sys/uio.h> 4272 ]], [[ 4273#ifdef msg_accrights 4274#error "msg_accrights is a macro" 4275exit(1); 4276#endif 4277struct msghdr m; 4278m.msg_accrights = 0; 4279exit(0); 4280 ]])], 4281 [ ac_cv_have_accrights_in_msghdr="yes" ], 4282 [ ac_cv_have_accrights_in_msghdr="no" ] 4283 ) 4284]) 4285if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4286 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4287 [Define if your system uses access rights style 4288 file descriptor passing]) 4289fi 4290 4291AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4292AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4293#include <sys/param.h> 4294#include <sys/stat.h> 4295#ifdef HAVE_SYS_TIME_H 4296# include <sys/time.h> 4297#endif 4298#ifdef HAVE_SYS_MOUNT_H 4299#include <sys/mount.h> 4300#endif 4301#ifdef HAVE_SYS_STATVFS_H 4302#include <sys/statvfs.h> 4303#endif 4304 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4305 [ AC_MSG_RESULT([yes]) ], 4306 [ AC_MSG_RESULT([no]) 4307 4308 AC_MSG_CHECKING([if fsid_t has member val]) 4309 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4310#include <sys/types.h> 4311#include <sys/statvfs.h> 4312 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4313 [ AC_MSG_RESULT([yes]) 4314 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4315 [ AC_MSG_RESULT([no]) ]) 4316 4317 AC_MSG_CHECKING([if f_fsid has member __val]) 4318 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4319#include <sys/types.h> 4320#include <sys/statvfs.h> 4321 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4322 [ AC_MSG_RESULT([yes]) 4323 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4324 [ AC_MSG_RESULT([no]) ]) 4325]) 4326 4327AC_CACHE_CHECK([for msg_control field in struct msghdr], 4328 ac_cv_have_control_in_msghdr, [ 4329 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4330#include <sys/types.h> 4331#include <sys/socket.h> 4332#include <sys/uio.h> 4333 ]], [[ 4334#ifdef msg_control 4335#error "msg_control is a macro" 4336exit(1); 4337#endif 4338struct msghdr m; 4339m.msg_control = 0; 4340exit(0); 4341 ]])], 4342 [ ac_cv_have_control_in_msghdr="yes" ], 4343 [ ac_cv_have_control_in_msghdr="no" ] 4344 ) 4345]) 4346if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4347 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4348 [Define if your system uses ancillary data style 4349 file descriptor passing]) 4350fi 4351 4352AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4353 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4354 [[ extern char *__progname; printf("%s", __progname); ]])], 4355 [ ac_cv_libc_defines___progname="yes" ], 4356 [ ac_cv_libc_defines___progname="no" 4357 ]) 4358]) 4359if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4360 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4361fi 4362 4363AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4364 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4365 [[ printf("%s", __FUNCTION__); ]])], 4366 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4367 [ ac_cv_cc_implements___FUNCTION__="no" 4368 ]) 4369]) 4370if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4371 AC_DEFINE([HAVE___FUNCTION__], [1], 4372 [Define if compiler implements __FUNCTION__]) 4373fi 4374 4375AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4376 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4377 [[ printf("%s", __func__); ]])], 4378 [ ac_cv_cc_implements___func__="yes" ], 4379 [ ac_cv_cc_implements___func__="no" 4380 ]) 4381]) 4382if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4383 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4384fi 4385 4386AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4387 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4388#include <stdarg.h> 4389va_list x,y; 4390 ]], [[ va_copy(x,y); ]])], 4391 [ ac_cv_have_va_copy="yes" ], 4392 [ ac_cv_have_va_copy="no" 4393 ]) 4394]) 4395if test "x$ac_cv_have_va_copy" = "xyes" ; then 4396 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4397fi 4398 4399AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4400 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4401#include <stdarg.h> 4402va_list x,y; 4403 ]], [[ __va_copy(x,y); ]])], 4404 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4405 ]) 4406]) 4407if test "x$ac_cv_have___va_copy" = "xyes" ; then 4408 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4409fi 4410 4411AC_CACHE_CHECK([whether getopt has optreset support], 4412 ac_cv_have_getopt_optreset, [ 4413 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4414 [[ extern int optreset; optreset = 0; ]])], 4415 [ ac_cv_have_getopt_optreset="yes" ], 4416 [ ac_cv_have_getopt_optreset="no" 4417 ]) 4418]) 4419if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4420 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4421 [Define if your getopt(3) defines and uses optreset]) 4422fi 4423 4424AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4425 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4426[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4427 [ ac_cv_libc_defines_sys_errlist="yes" ], 4428 [ ac_cv_libc_defines_sys_errlist="no" 4429 ]) 4430]) 4431if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4432 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4433 [Define if your system defines sys_errlist[]]) 4434fi 4435 4436 4437AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4438 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4439[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4440 [ ac_cv_libc_defines_sys_nerr="yes" ], 4441 [ ac_cv_libc_defines_sys_nerr="no" 4442 ]) 4443]) 4444if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4445 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4446fi 4447 4448# Check libraries needed by DNS fingerprint support 4449AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4450 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4451 [Define if getrrsetbyname() exists])], 4452 [ 4453 # Needed by our getrrsetbyname() 4454 AC_SEARCH_LIBS([res_query], [resolv]) 4455 AC_SEARCH_LIBS([dn_expand], [resolv]) 4456 AC_MSG_CHECKING([if res_query will link]) 4457 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4458#include <sys/types.h> 4459#include <netinet/in.h> 4460#include <arpa/nameser.h> 4461#include <netdb.h> 4462#include <resolv.h> 4463 ]], [[ 4464 res_query (0, 0, 0, 0, 0); 4465 ]])], 4466 AC_MSG_RESULT([yes]), 4467 [AC_MSG_RESULT([no]) 4468 saved_LIBS="$LIBS" 4469 LIBS="$LIBS -lresolv" 4470 AC_MSG_CHECKING([for res_query in -lresolv]) 4471 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4472#include <sys/types.h> 4473#include <netinet/in.h> 4474#include <arpa/nameser.h> 4475#include <netdb.h> 4476#include <resolv.h> 4477 ]], [[ 4478 res_query (0, 0, 0, 0, 0); 4479 ]])], 4480 [AC_MSG_RESULT([yes])], 4481 [LIBS="$saved_LIBS" 4482 AC_MSG_RESULT([no])]) 4483 ]) 4484 AC_CHECK_FUNCS([_getshort _getlong]) 4485 AC_CHECK_DECLS([_getshort, _getlong], , , 4486 [#include <sys/types.h> 4487 #include <arpa/nameser.h>]) 4488 AC_CHECK_MEMBER([HEADER.ad], 4489 [AC_DEFINE([HAVE_HEADER_AD], [1], 4490 [Define if HEADER.ad exists in arpa/nameser.h])], , 4491 [#include <arpa/nameser.h>]) 4492 ]) 4493 4494AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4495AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4496#include <stdio.h> 4497#if HAVE_SYS_TYPES_H 4498# include <sys/types.h> 4499#endif 4500#include <netinet/in.h> 4501#include <arpa/nameser.h> 4502#include <resolv.h> 4503extern struct __res_state _res; 4504 ]], [[ 4505struct __res_state *volatile p = &_res; /* force resolution of _res */ 4506return 0; 4507 ]],)], 4508 [AC_MSG_RESULT([yes]) 4509 AC_DEFINE([HAVE__RES_EXTERN], [1], 4510 [Define if you have struct __res_state _res as an extern]) 4511 ], 4512 [ AC_MSG_RESULT([no]) ] 4513) 4514 4515# Check whether user wants SELinux support 4516SELINUX_MSG="no" 4517LIBSELINUX="" 4518AC_ARG_WITH([selinux], 4519 [ --with-selinux Enable SELinux support], 4520 [ if test "x$withval" != "xno" ; then 4521 save_LIBS="$LIBS" 4522 AC_DEFINE([WITH_SELINUX], [1], 4523 [Define if you want SELinux support.]) 4524 SELINUX_MSG="yes" 4525 AC_CHECK_HEADER([selinux/selinux.h], , 4526 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4527 AC_CHECK_LIB([selinux], [setexeccon], 4528 [ LIBSELINUX="-lselinux" 4529 LIBS="$LIBS -lselinux" 4530 ], 4531 AC_MSG_ERROR([SELinux support requires libselinux library])) 4532 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4533 LIBS="$save_LIBS $LIBSELINUX" 4534 fi ] 4535) 4536AC_SUBST([SSHDLIBS]) 4537 4538# Check whether user wants Kerberos 5 support 4539KRB5_MSG="no" 4540AC_ARG_WITH([kerberos5], 4541 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4542 [ if test "x$withval" != "xno" ; then 4543 if test "x$withval" = "xyes" ; then 4544 KRB5ROOT="/usr/local" 4545 else 4546 KRB5ROOT=${withval} 4547 fi 4548 4549 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4550 KRB5_MSG="yes" 4551 4552 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4553 [$KRB5ROOT/bin/krb5-config], 4554 [$KRB5ROOT/bin:$PATH]) 4555 if test -x $KRB5CONF ; then 4556 K5CFLAGS="`$KRB5CONF --cflags`" 4557 K5LIBS="`$KRB5CONF --libs`" 4558 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4559 4560 AC_MSG_CHECKING([for gssapi support]) 4561 if $KRB5CONF | grep gssapi >/dev/null ; then 4562 AC_MSG_RESULT([yes]) 4563 AC_DEFINE([GSSAPI], [1], 4564 [Define this if you want GSSAPI 4565 support in the version 2 protocol]) 4566 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4567 GSSLIBS="`$KRB5CONF --libs gssapi`" 4568 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4569 else 4570 AC_MSG_RESULT([no]) 4571 fi 4572 AC_MSG_CHECKING([whether we are using Heimdal]) 4573 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4574 ]], [[ char *tmp = heimdal_version; ]])], 4575 [ AC_MSG_RESULT([yes]) 4576 AC_DEFINE([HEIMDAL], [1], 4577 [Define this if you are using the Heimdal 4578 version of Kerberos V5]) ], 4579 [AC_MSG_RESULT([no]) 4580 ]) 4581 else 4582 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4583 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4584 AC_MSG_CHECKING([whether we are using Heimdal]) 4585 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4586 ]], [[ char *tmp = heimdal_version; ]])], 4587 [ AC_MSG_RESULT([yes]) 4588 AC_DEFINE([HEIMDAL]) 4589 K5LIBS="-lkrb5" 4590 K5LIBS="$K5LIBS -lcom_err -lasn1" 4591 AC_CHECK_LIB([roken], [net_write], 4592 [K5LIBS="$K5LIBS -lroken"]) 4593 AC_CHECK_LIB([des], [des_cbc_encrypt], 4594 [K5LIBS="$K5LIBS -ldes"]) 4595 ], [ AC_MSG_RESULT([no]) 4596 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4597 ]) 4598 AC_SEARCH_LIBS([dn_expand], [resolv]) 4599 4600 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4601 [ AC_DEFINE([GSSAPI]) 4602 GSSLIBS="-lgssapi_krb5" ], 4603 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4604 [ AC_DEFINE([GSSAPI]) 4605 GSSLIBS="-lgssapi" ], 4606 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4607 [ AC_DEFINE([GSSAPI]) 4608 GSSLIBS="-lgss" ], 4609 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4610 ]) 4611 ]) 4612 4613 AC_CHECK_HEADER([gssapi.h], , 4614 [ unset ac_cv_header_gssapi_h 4615 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4616 AC_CHECK_HEADERS([gssapi.h], , 4617 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4618 ) 4619 ] 4620 ) 4621 4622 oldCPP="$CPPFLAGS" 4623 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4624 AC_CHECK_HEADER([gssapi_krb5.h], , 4625 [ CPPFLAGS="$oldCPP" ]) 4626 4627 fi 4628 if test -n "${rpath_opt}" ; then 4629 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4630 fi 4631 if test ! -z "$blibpath" ; then 4632 blibpath="$blibpath:${KRB5ROOT}/lib" 4633 fi 4634 4635 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4636 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4637 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4638 4639 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4640 [Define this if you want to use libkafs' AFS support])]) 4641 4642 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4643#ifdef HAVE_GSSAPI_H 4644# include <gssapi.h> 4645#elif defined(HAVE_GSSAPI_GSSAPI_H) 4646# include <gssapi/gssapi.h> 4647#endif 4648 4649#ifdef HAVE_GSSAPI_GENERIC_H 4650# include <gssapi_generic.h> 4651#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4652# include <gssapi/gssapi_generic.h> 4653#endif 4654 ]]) 4655 saved_LIBS="$LIBS" 4656 LIBS="$LIBS $K5LIBS" 4657 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4658 LIBS="$saved_LIBS" 4659 4660 fi 4661 ] 4662) 4663AC_SUBST([GSSLIBS]) 4664AC_SUBST([K5LIBS]) 4665 4666# Looking for programs, paths and files 4667 4668PRIVSEP_PATH=/var/empty 4669AC_ARG_WITH([privsep-path], 4670 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4671 [ 4672 if test -n "$withval" && test "x$withval" != "xno" && \ 4673 test "x${withval}" != "xyes"; then 4674 PRIVSEP_PATH=$withval 4675 fi 4676 ] 4677) 4678AC_SUBST([PRIVSEP_PATH]) 4679 4680AC_ARG_WITH([xauth], 4681 [ --with-xauth=PATH Specify path to xauth program ], 4682 [ 4683 if test -n "$withval" && test "x$withval" != "xno" && \ 4684 test "x${withval}" != "xyes"; then 4685 xauth_path=$withval 4686 fi 4687 ], 4688 [ 4689 TestPath="$PATH" 4690 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4691 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4692 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4693 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4694 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4695 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4696 xauth_path="/usr/openwin/bin/xauth" 4697 fi 4698 ] 4699) 4700 4701STRIP_OPT=-s 4702AC_ARG_ENABLE([strip], 4703 [ --disable-strip Disable calling strip(1) on install], 4704 [ 4705 if test "x$enableval" = "xno" ; then 4706 STRIP_OPT= 4707 fi 4708 ] 4709) 4710AC_SUBST([STRIP_OPT]) 4711 4712if test -z "$xauth_path" ; then 4713 XAUTH_PATH="undefined" 4714 AC_SUBST([XAUTH_PATH]) 4715else 4716 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4717 [Define if xauth is found in your path]) 4718 XAUTH_PATH=$xauth_path 4719 AC_SUBST([XAUTH_PATH]) 4720fi 4721 4722dnl # --with-maildir=/path/to/mail gets top priority. 4723dnl # if maildir is set in the platform case statement above we use that. 4724dnl # Otherwise we run a program to get the dir from system headers. 4725dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4726dnl # If we find _PATH_MAILDIR we do nothing because that is what 4727dnl # session.c expects anyway. Otherwise we set to the value found 4728dnl # stripping any trailing slash. If for some strage reason our program 4729dnl # does not find what it needs, we default to /var/spool/mail. 4730# Check for mail directory 4731AC_ARG_WITH([maildir], 4732 [ --with-maildir=/path/to/mail Specify your system mail directory], 4733 [ 4734 if test "X$withval" != X && test "x$withval" != xno && \ 4735 test "x${withval}" != xyes; then 4736 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4737 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4738 fi 4739 ],[ 4740 if test "X$maildir" != "X"; then 4741 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4742 else 4743 AC_MSG_CHECKING([Discovering system mail directory]) 4744 AC_RUN_IFELSE( 4745 [AC_LANG_PROGRAM([[ 4746#include <stdio.h> 4747#include <string.h> 4748#ifdef HAVE_PATHS_H 4749#include <paths.h> 4750#endif 4751#ifdef HAVE_MAILLOCK_H 4752#include <maillock.h> 4753#endif 4754#define DATA "conftest.maildir" 4755 ]], [[ 4756 FILE *fd; 4757 int rc; 4758 4759 fd = fopen(DATA,"w"); 4760 if(fd == NULL) 4761 exit(1); 4762 4763#if defined (_PATH_MAILDIR) 4764 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4765 exit(1); 4766#elif defined (MAILDIR) 4767 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4768 exit(1); 4769#elif defined (_PATH_MAIL) 4770 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4771 exit(1); 4772#else 4773 exit (2); 4774#endif 4775 4776 exit(0); 4777 ]])], 4778 [ 4779 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4780 maildir=`awk -F: '{print $2}' conftest.maildir \ 4781 | sed 's|/$||'` 4782 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4783 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4784 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4785 fi 4786 ], 4787 [ 4788 if test "X$ac_status" = "X2";then 4789# our test program didn't find it. Default to /var/spool/mail 4790 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4791 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4792 else 4793 AC_MSG_RESULT([*** not found ***]) 4794 fi 4795 ], 4796 [ 4797 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4798 ] 4799 ) 4800 fi 4801 ] 4802) # maildir 4803 4804if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4805 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4806 disable_ptmx_check=yes 4807fi 4808if test -z "$no_dev_ptmx" ; then 4809 if test "x$disable_ptmx_check" != "xyes" ; then 4810 AC_CHECK_FILE(["/dev/ptmx"], 4811 [ 4812 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4813 [Define if you have /dev/ptmx]) 4814 have_dev_ptmx=1 4815 ] 4816 ) 4817 fi 4818fi 4819 4820if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4821 AC_CHECK_FILE(["/dev/ptc"], 4822 [ 4823 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4824 [Define if you have /dev/ptc]) 4825 have_dev_ptc=1 4826 ] 4827 ) 4828else 4829 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4830fi 4831 4832# Options from here on. Some of these are preset by platform above 4833AC_ARG_WITH([mantype], 4834 [ --with-mantype=man|cat|doc Set man page type], 4835 [ 4836 case "$withval" in 4837 man|cat|doc) 4838 MANTYPE=$withval 4839 ;; 4840 *) 4841 AC_MSG_ERROR([invalid man type: $withval]) 4842 ;; 4843 esac 4844 ] 4845) 4846if test -z "$MANTYPE"; then 4847 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 4848 MANTYPE=doc 4849 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4850 MANTYPE=doc 4851 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4852 MANTYPE=man 4853 else 4854 MANTYPE=cat 4855 fi 4856fi 4857AC_SUBST([MANTYPE]) 4858if test "$MANTYPE" = "doc"; then 4859 mansubdir=man; 4860else 4861 mansubdir=$MANTYPE; 4862fi 4863AC_SUBST([mansubdir]) 4864 4865# Check whether to enable MD5 passwords 4866MD5_MSG="no" 4867AC_ARG_WITH([md5-passwords], 4868 [ --with-md5-passwords Enable use of MD5 passwords], 4869 [ 4870 if test "x$withval" != "xno" ; then 4871 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4872 [Define if you want to allow MD5 passwords]) 4873 MD5_MSG="yes" 4874 fi 4875 ] 4876) 4877 4878# Whether to disable shadow password support 4879AC_ARG_WITH([shadow], 4880 [ --without-shadow Disable shadow password support], 4881 [ 4882 if test "x$withval" = "xno" ; then 4883 AC_DEFINE([DISABLE_SHADOW]) 4884 disable_shadow=yes 4885 fi 4886 ] 4887) 4888 4889if test -z "$disable_shadow" ; then 4890 AC_MSG_CHECKING([if the systems has expire shadow information]) 4891 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4892#include <sys/types.h> 4893#include <shadow.h> 4894struct spwd sp; 4895 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4896 [ sp_expire_available=yes ], [ 4897 ]) 4898 4899 if test "x$sp_expire_available" = "xyes" ; then 4900 AC_MSG_RESULT([yes]) 4901 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4902 [Define if you want to use shadow password expire field]) 4903 else 4904 AC_MSG_RESULT([no]) 4905 fi 4906fi 4907 4908# Use ip address instead of hostname in $DISPLAY 4909if test ! -z "$IPADDR_IN_DISPLAY" ; then 4910 DISPLAY_HACK_MSG="yes" 4911 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4912 [Define if you need to use IP address 4913 instead of hostname in $DISPLAY]) 4914else 4915 DISPLAY_HACK_MSG="no" 4916 AC_ARG_WITH([ipaddr-display], 4917 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 4918 [ 4919 if test "x$withval" != "xno" ; then 4920 AC_DEFINE([IPADDR_IN_DISPLAY]) 4921 DISPLAY_HACK_MSG="yes" 4922 fi 4923 ] 4924 ) 4925fi 4926 4927# check for /etc/default/login and use it if present. 4928AC_ARG_ENABLE([etc-default-login], 4929 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4930 [ if test "x$enableval" = "xno"; then 4931 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4932 etc_default_login=no 4933 else 4934 etc_default_login=yes 4935 fi ], 4936 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4937 then 4938 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4939 etc_default_login=no 4940 else 4941 etc_default_login=yes 4942 fi ] 4943) 4944 4945if test "x$etc_default_login" != "xno"; then 4946 AC_CHECK_FILE(["/etc/default/login"], 4947 [ external_path_file=/etc/default/login ]) 4948 if test "x$external_path_file" = "x/etc/default/login"; then 4949 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4950 [Define if your system has /etc/default/login]) 4951 fi 4952fi 4953 4954dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4955if test $ac_cv_func_login_getcapbool = "yes" && \ 4956 test $ac_cv_header_login_cap_h = "yes" ; then 4957 external_path_file=/etc/login.conf 4958fi 4959 4960# Whether to mess with the default path 4961SERVER_PATH_MSG="(default)" 4962AC_ARG_WITH([default-path], 4963 [ --with-default-path= Specify default $PATH environment for server], 4964 [ 4965 if test "x$external_path_file" = "x/etc/login.conf" ; then 4966 AC_MSG_WARN([ 4967--with-default-path=PATH has no effect on this system. 4968Edit /etc/login.conf instead.]) 4969 elif test "x$withval" != "xno" ; then 4970 if test ! -z "$external_path_file" ; then 4971 AC_MSG_WARN([ 4972--with-default-path=PATH will only be used if PATH is not defined in 4973$external_path_file .]) 4974 fi 4975 user_path="$withval" 4976 SERVER_PATH_MSG="$withval" 4977 fi 4978 ], 4979 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 4980 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 4981 else 4982 if test ! -z "$external_path_file" ; then 4983 AC_MSG_WARN([ 4984If PATH is defined in $external_path_file, ensure the path to scp is included, 4985otherwise scp will not work.]) 4986 fi 4987 AC_RUN_IFELSE( 4988 [AC_LANG_PROGRAM([[ 4989/* find out what STDPATH is */ 4990#include <stdio.h> 4991#ifdef HAVE_PATHS_H 4992# include <paths.h> 4993#endif 4994#ifndef _PATH_STDPATH 4995# ifdef _PATH_USERPATH /* Irix */ 4996# define _PATH_STDPATH _PATH_USERPATH 4997# else 4998# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 4999# endif 5000#endif 5001#include <sys/types.h> 5002#include <sys/stat.h> 5003#include <fcntl.h> 5004#define DATA "conftest.stdpath" 5005 ]], [[ 5006 FILE *fd; 5007 int rc; 5008 5009 fd = fopen(DATA,"w"); 5010 if(fd == NULL) 5011 exit(1); 5012 5013 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5014 exit(1); 5015 5016 exit(0); 5017 ]])], 5018 [ user_path=`cat conftest.stdpath` ], 5019 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5020 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5021 ) 5022# make sure $bindir is in USER_PATH so scp will work 5023 t_bindir="${bindir}" 5024 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5025 t_bindir=`eval echo ${t_bindir}` 5026 case $t_bindir in 5027 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5028 esac 5029 case $t_bindir in 5030 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5031 esac 5032 done 5033 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5034 if test $? -ne 0 ; then 5035 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5036 if test $? -ne 0 ; then 5037 user_path=$user_path:$t_bindir 5038 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5039 fi 5040 fi 5041 fi ] 5042) 5043if test "x$external_path_file" != "x/etc/login.conf" ; then 5044 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5045 AC_SUBST([user_path]) 5046fi 5047 5048# Set superuser path separately to user path 5049AC_ARG_WITH([superuser-path], 5050 [ --with-superuser-path= Specify different path for super-user], 5051 [ 5052 if test -n "$withval" && test "x$withval" != "xno" && \ 5053 test "x${withval}" != "xyes"; then 5054 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5055 [Define if you want a different $PATH 5056 for the superuser]) 5057 superuser_path=$withval 5058 fi 5059 ] 5060) 5061 5062 5063AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5064IPV4_IN6_HACK_MSG="no" 5065AC_ARG_WITH(4in6, 5066 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5067 [ 5068 if test "x$withval" != "xno" ; then 5069 AC_MSG_RESULT([yes]) 5070 AC_DEFINE([IPV4_IN_IPV6], [1], 5071 [Detect IPv4 in IPv6 mapped addresses 5072 and treat as IPv4]) 5073 IPV4_IN6_HACK_MSG="yes" 5074 else 5075 AC_MSG_RESULT([no]) 5076 fi 5077 ], [ 5078 if test "x$inet6_default_4in6" = "xyes"; then 5079 AC_MSG_RESULT([yes (default)]) 5080 AC_DEFINE([IPV4_IN_IPV6]) 5081 IPV4_IN6_HACK_MSG="yes" 5082 else 5083 AC_MSG_RESULT([no (default)]) 5084 fi 5085 ] 5086) 5087 5088# Whether to enable BSD auth support 5089BSD_AUTH_MSG=no 5090AC_ARG_WITH([bsd-auth], 5091 [ --with-bsd-auth Enable BSD auth support], 5092 [ 5093 if test "x$withval" != "xno" ; then 5094 AC_DEFINE([BSD_AUTH], [1], 5095 [Define if you have BSD auth support]) 5096 BSD_AUTH_MSG=yes 5097 fi 5098 ] 5099) 5100 5101# Where to place sshd.pid 5102piddir=/var/run 5103# make sure the directory exists 5104if test ! -d $piddir ; then 5105 piddir=`eval echo ${sysconfdir}` 5106 case $piddir in 5107 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5108 esac 5109fi 5110 5111AC_ARG_WITH([pid-dir], 5112 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5113 [ 5114 if test -n "$withval" && test "x$withval" != "xno" && \ 5115 test "x${withval}" != "xyes"; then 5116 piddir=$withval 5117 if test ! -d $piddir ; then 5118 AC_MSG_WARN([** no $piddir directory on this system **]) 5119 fi 5120 fi 5121 ] 5122) 5123 5124AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5125 [Specify location of ssh.pid]) 5126AC_SUBST([piddir]) 5127 5128dnl allow user to disable some login recording features 5129AC_ARG_ENABLE([lastlog], 5130 [ --disable-lastlog disable use of lastlog even if detected [no]], 5131 [ 5132 if test "x$enableval" = "xno" ; then 5133 AC_DEFINE([DISABLE_LASTLOG]) 5134 fi 5135 ] 5136) 5137AC_ARG_ENABLE([utmp], 5138 [ --disable-utmp disable use of utmp even if detected [no]], 5139 [ 5140 if test "x$enableval" = "xno" ; then 5141 AC_DEFINE([DISABLE_UTMP]) 5142 fi 5143 ] 5144) 5145AC_ARG_ENABLE([utmpx], 5146 [ --disable-utmpx disable use of utmpx even if detected [no]], 5147 [ 5148 if test "x$enableval" = "xno" ; then 5149 AC_DEFINE([DISABLE_UTMPX], [1], 5150 [Define if you don't want to use utmpx]) 5151 fi 5152 ] 5153) 5154AC_ARG_ENABLE([wtmp], 5155 [ --disable-wtmp disable use of wtmp even if detected [no]], 5156 [ 5157 if test "x$enableval" = "xno" ; then 5158 AC_DEFINE([DISABLE_WTMP]) 5159 fi 5160 ] 5161) 5162AC_ARG_ENABLE([wtmpx], 5163 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5164 [ 5165 if test "x$enableval" = "xno" ; then 5166 AC_DEFINE([DISABLE_WTMPX], [1], 5167 [Define if you don't want to use wtmpx]) 5168 fi 5169 ] 5170) 5171AC_ARG_ENABLE([libutil], 5172 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5173 [ 5174 if test "x$enableval" = "xno" ; then 5175 AC_DEFINE([DISABLE_LOGIN]) 5176 fi 5177 ] 5178) 5179AC_ARG_ENABLE([pututline], 5180 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5181 [ 5182 if test "x$enableval" = "xno" ; then 5183 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5184 [Define if you don't want to use pututline() 5185 etc. to write [uw]tmp]) 5186 fi 5187 ] 5188) 5189AC_ARG_ENABLE([pututxline], 5190 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5191 [ 5192 if test "x$enableval" = "xno" ; then 5193 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5194 [Define if you don't want to use pututxline() 5195 etc. to write [uw]tmpx]) 5196 fi 5197 ] 5198) 5199AC_ARG_WITH([lastlog], 5200 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5201 [ 5202 if test "x$withval" = "xno" ; then 5203 AC_DEFINE([DISABLE_LASTLOG]) 5204 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5205 conf_lastlog_location=$withval 5206 fi 5207 ] 5208) 5209 5210dnl lastlog, [uw]tmpx? detection 5211dnl NOTE: set the paths in the platform section to avoid the 5212dnl need for command-line parameters 5213dnl lastlog and [uw]tmp are subject to a file search if all else fails 5214 5215dnl lastlog detection 5216dnl NOTE: the code itself will detect if lastlog is a directory 5217AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5218AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5219#include <sys/types.h> 5220#include <utmp.h> 5221#ifdef HAVE_LASTLOG_H 5222# include <lastlog.h> 5223#endif 5224#ifdef HAVE_PATHS_H 5225# include <paths.h> 5226#endif 5227#ifdef HAVE_LOGIN_H 5228# include <login.h> 5229#endif 5230 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5231 [ AC_MSG_RESULT([yes]) ], 5232 [ 5233 AC_MSG_RESULT([no]) 5234 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5235 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5236#include <sys/types.h> 5237#include <utmp.h> 5238#ifdef HAVE_LASTLOG_H 5239# include <lastlog.h> 5240#endif 5241#ifdef HAVE_PATHS_H 5242# include <paths.h> 5243#endif 5244 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5245 [ AC_MSG_RESULT([yes]) ], 5246 [ 5247 AC_MSG_RESULT([no]) 5248 system_lastlog_path=no 5249 ]) 5250]) 5251 5252if test -z "$conf_lastlog_location"; then 5253 if test x"$system_lastlog_path" = x"no" ; then 5254 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5255 if (test -d "$f" || test -f "$f") ; then 5256 conf_lastlog_location=$f 5257 fi 5258 done 5259 if test -z "$conf_lastlog_location"; then 5260 AC_MSG_WARN([** Cannot find lastlog **]) 5261 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5262 fi 5263 fi 5264fi 5265 5266if test -n "$conf_lastlog_location"; then 5267 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5268 [Define if you want to specify the path to your lastlog file]) 5269fi 5270 5271dnl utmp detection 5272AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5273AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5274#include <sys/types.h> 5275#include <utmp.h> 5276#ifdef HAVE_PATHS_H 5277# include <paths.h> 5278#endif 5279 ]], [[ char *utmp = UTMP_FILE; ]])], 5280 [ AC_MSG_RESULT([yes]) ], 5281 [ AC_MSG_RESULT([no]) 5282 system_utmp_path=no 5283]) 5284if test -z "$conf_utmp_location"; then 5285 if test x"$system_utmp_path" = x"no" ; then 5286 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5287 if test -f $f ; then 5288 conf_utmp_location=$f 5289 fi 5290 done 5291 if test -z "$conf_utmp_location"; then 5292 AC_DEFINE([DISABLE_UTMP]) 5293 fi 5294 fi 5295fi 5296if test -n "$conf_utmp_location"; then 5297 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5298 [Define if you want to specify the path to your utmp file]) 5299fi 5300 5301dnl wtmp detection 5302AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5303AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5304#include <sys/types.h> 5305#include <utmp.h> 5306#ifdef HAVE_PATHS_H 5307# include <paths.h> 5308#endif 5309 ]], [[ char *wtmp = WTMP_FILE; ]])], 5310 [ AC_MSG_RESULT([yes]) ], 5311 [ AC_MSG_RESULT([no]) 5312 system_wtmp_path=no 5313]) 5314if test -z "$conf_wtmp_location"; then 5315 if test x"$system_wtmp_path" = x"no" ; then 5316 for f in /usr/adm/wtmp /var/log/wtmp; do 5317 if test -f $f ; then 5318 conf_wtmp_location=$f 5319 fi 5320 done 5321 if test -z "$conf_wtmp_location"; then 5322 AC_DEFINE([DISABLE_WTMP]) 5323 fi 5324 fi 5325fi 5326if test -n "$conf_wtmp_location"; then 5327 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5328 [Define if you want to specify the path to your wtmp file]) 5329fi 5330 5331dnl wtmpx detection 5332AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5333AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5334#include <sys/types.h> 5335#include <utmp.h> 5336#ifdef HAVE_UTMPX_H 5337#include <utmpx.h> 5338#endif 5339#ifdef HAVE_PATHS_H 5340# include <paths.h> 5341#endif 5342 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5343 [ AC_MSG_RESULT([yes]) ], 5344 [ AC_MSG_RESULT([no]) 5345 system_wtmpx_path=no 5346]) 5347if test -z "$conf_wtmpx_location"; then 5348 if test x"$system_wtmpx_path" = x"no" ; then 5349 AC_DEFINE([DISABLE_WTMPX]) 5350 fi 5351else 5352 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5353 [Define if you want to specify the path to your wtmpx file]) 5354fi 5355 5356 5357if test ! -z "$blibpath" ; then 5358 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5359 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5360fi 5361 5362AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5363 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5364 AC_DEFINE([DISABLE_LASTLOG]) 5365 fi 5366 ], [ 5367#ifdef HAVE_SYS_TYPES_H 5368#include <sys/types.h> 5369#endif 5370#ifdef HAVE_UTMP_H 5371#include <utmp.h> 5372#endif 5373#ifdef HAVE_UTMPX_H 5374#include <utmpx.h> 5375#endif 5376#ifdef HAVE_LASTLOG_H 5377#include <lastlog.h> 5378#endif 5379 ]) 5380 5381AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5382 AC_DEFINE([DISABLE_UTMP]) 5383 AC_DEFINE([DISABLE_WTMP]) 5384 ], [ 5385#ifdef HAVE_SYS_TYPES_H 5386#include <sys/types.h> 5387#endif 5388#ifdef HAVE_UTMP_H 5389#include <utmp.h> 5390#endif 5391#ifdef HAVE_UTMPX_H 5392#include <utmpx.h> 5393#endif 5394#ifdef HAVE_LASTLOG_H 5395#include <lastlog.h> 5396#endif 5397 ]) 5398 5399dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5400dnl Add now. 5401CFLAGS="$CFLAGS $werror_flags" 5402 5403if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5404 TEST_SSH_IPV6=no 5405else 5406 TEST_SSH_IPV6=yes 5407fi 5408AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5409AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5410AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5411AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5412AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5413AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5414 5415CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5416LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5417 5418# Make a copy of CFLAGS/LDFLAGS without PIE options. 5419LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5420CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5421AC_SUBST([LDFLAGS_NOPIE]) 5422AC_SUBST([CFLAGS_NOPIE]) 5423 5424AC_EXEEXT 5425AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5426 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5427 survey.sh]) 5428AC_OUTPUT 5429 5430# Print summary of options 5431 5432# Someone please show me a better way :) 5433A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5434B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5435C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5436D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5437E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5438F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5439G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5440H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5441I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5442J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5443 5444echo "" 5445echo "OpenSSH has been configured with the following options:" 5446echo " User binaries: $B" 5447echo " System binaries: $C" 5448echo " Configuration files: $D" 5449echo " Askpass program: $E" 5450echo " Manual pages: $F" 5451echo " PID file: $G" 5452echo " Privilege separation chroot path: $H" 5453if test "x$external_path_file" = "x/etc/login.conf" ; then 5454echo " At runtime, sshd will use the path defined in $external_path_file" 5455echo " Make sure the path to scp is present, otherwise scp will not work" 5456else 5457echo " sshd default user PATH: $I" 5458 if test ! -z "$external_path_file"; then 5459echo " (If PATH is set in $external_path_file it will be used instead. If" 5460echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5461 fi 5462fi 5463if test ! -z "$superuser_path" ; then 5464echo " sshd superuser user PATH: $J" 5465fi 5466echo " Manpage format: $MANTYPE" 5467echo " PAM support: $PAM_MSG" 5468echo " OSF SIA support: $SIA_MSG" 5469echo " KerberosV support: $KRB5_MSG" 5470echo " SELinux support: $SELINUX_MSG" 5471echo " MD5 password support: $MD5_MSG" 5472echo " libedit support: $LIBEDIT_MSG" 5473echo " libldns support: $LDNS_MSG" 5474echo " Solaris process contract support: $SPC_MSG" 5475echo " Solaris project support: $SP_MSG" 5476echo " Solaris privilege support: $SPP_MSG" 5477echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5478echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5479echo " BSD Auth support: $BSD_AUTH_MSG" 5480echo " Random number source: $RAND_MSG" 5481echo " Privsep sandbox style: $SANDBOX_STYLE" 5482echo " PKCS#11 support: $enable_pkcs11" 5483echo " U2F/FIDO support: $enable_sk" 5484 5485echo "" 5486 5487echo " Host: ${host}" 5488echo " Compiler: ${CC}" 5489echo " Compiler flags: ${CFLAGS}" 5490echo "Preprocessor flags: ${CPPFLAGS}" 5491echo " Linker flags: ${LDFLAGS}" 5492echo " Libraries: ${LIBS}" 5493if test ! -z "${SSHDLIBS}"; then 5494echo " +for sshd: ${SSHDLIBS}" 5495fi 5496 5497echo "" 5498 5499if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5500 echo "SVR4 style packages are supported with \"make package\"" 5501 echo "" 5502fi 5503 5504if test "x$PAM_MSG" = "xyes" ; then 5505 echo "PAM is enabled. You may need to install a PAM control file " 5506 echo "for sshd, otherwise password authentication may fail. " 5507 echo "Example PAM control files can be found in the contrib/ " 5508 echo "subdirectory" 5509 echo "" 5510fi 5511 5512if test ! -z "$NO_PEERCHECK" ; then 5513 echo "WARNING: the operating system that you are using does not" 5514 echo "appear to support getpeereid(), getpeerucred() or the" 5515 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5516 echo "enforce security checks to prevent unauthorised connections to" 5517 echo "ssh-agent. Their absence increases the risk that a malicious" 5518 echo "user can connect to your agent." 5519 echo "" 5520fi 5521 5522if test "$AUDIT_MODULE" = "bsm" ; then 5523 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5524 echo "See the Solaris section in README.platform for details." 5525fi 5526