1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_CONFIG_SRCDIR([ssh.c]) 18AC_LANG([C]) 19 20AC_CONFIG_HEADER([config.h]) 21AC_PROG_CC([cc gcc]) 22AC_CANONICAL_HOST 23AC_C_BIGENDIAN 24 25# Checks for programs. 26AC_PROG_AWK 27AC_PROG_CPP 28AC_PROG_RANLIB 29AC_PROG_INSTALL 30AC_PROG_EGREP 31AC_PROG_MKDIR_P 32AC_CHECK_TOOLS([AR], [ar]) 33AC_PATH_PROG([CAT], [cat]) 34AC_PATH_PROG([KILL], [kill]) 35AC_PATH_PROG([SED], [sed]) 36AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 37AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 38AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 39AC_PATH_PROG([SH], [sh]) 40AC_PATH_PROG([GROFF], [groff]) 41AC_PATH_PROG([NROFF], [nroff awf]) 42AC_PATH_PROG([MANDOC], [mandoc]) 43AC_SUBST([TEST_SHELL], [sh]) 44 45dnl select manpage formatter to be used to build "cat" format pages. 46if test "x$MANDOC" != "x" ; then 47 MANFMT="$MANDOC" 48elif test "x$NROFF" != "x" ; then 49 MANFMT="$NROFF -mandoc" 50elif test "x$GROFF" != "x" ; then 51 MANFMT="$GROFF -mandoc -Tascii" 52else 53 AC_MSG_WARN([no manpage formatter found]) 54 MANFMT="false" 55fi 56AC_SUBST([MANFMT]) 57 58dnl for buildpkg.sh 59AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 60 [/usr/sbin${PATH_SEPARATOR}/etc]) 61AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 62 [/usr/sbin${PATH_SEPARATOR}/etc]) 63AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 64if test -x /sbin/sh; then 65 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 66else 67 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 68fi 69 70# System features 71AC_SYS_LARGEFILE 72 73if test -z "$AR" ; then 74 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 75fi 76 77AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 78if test ! -z "$PATH_PASSWD_PROG" ; then 79 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 80 [Full path of your "passwd" program]) 81fi 82 83dnl Since autoconf doesn't support it very well, we no longer allow users to 84dnl override LD, however keeping the hook here for now in case there's a use 85dnl use case we overlooked and someone needs to re-enable it. Unless a good 86dnl reason is found we'll be removing this in future. 87LD="$CC" 88AC_SUBST([LD]) 89 90AC_C_INLINE 91 92AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 93AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 94AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 95 #include <sys/types.h> 96 #include <sys/param.h> 97 #include <dev/systrace.h> 98]) 99AC_CHECK_DECL([RLIMIT_NPROC], 100 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 101 #include <sys/types.h> 102 #include <sys/resource.h> 103]) 104AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 105 #include <sys/types.h> 106 #include <linux/prctl.h> 107]) 108 109openssl=yes 110AC_ARG_WITH([openssl], 111 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 112 [ if test "x$withval" = "xno" ; then 113 openssl=no 114 fi 115 ] 116) 117AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 118if test "x$openssl" = "xyes" ; then 119 AC_MSG_RESULT([yes]) 120 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 121else 122 AC_MSG_RESULT([no]) 123fi 124 125use_stack_protector=1 126use_toolchain_hardening=1 127AC_ARG_WITH([stackprotect], 128 [ --without-stackprotect Don't use compiler's stack protection], [ 129 if test "x$withval" = "xno"; then 130 use_stack_protector=0 131 fi ]) 132AC_ARG_WITH([hardening], 133 [ --without-hardening Don't use toolchain hardening flags], [ 134 if test "x$withval" = "xno"; then 135 use_toolchain_hardening=0 136 fi ]) 137 138# We use -Werror for the tests only so that we catch warnings like "this is 139# on by default" for things like -fPIE. 140AC_MSG_CHECKING([if $CC supports -Werror]) 141saved_CFLAGS="$CFLAGS" 142CFLAGS="$CFLAGS -Werror" 143AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 144 [ AC_MSG_RESULT([yes]) 145 WERROR="-Werror"], 146 [ AC_MSG_RESULT([no]) 147 WERROR="" ] 148) 149CFLAGS="$saved_CFLAGS" 150 151if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 152 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 153 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 154 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 155 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 156 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 157 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 158 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 159 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 160 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 161 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 162 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 163 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 164 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 165 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 166 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 167 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 168 if test "x$use_toolchain_hardening" = "x1"; then 169 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 170 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 171 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 172 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 173 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 174 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 175 # NB. -ftrapv expects certain support functions to be present in 176 # the compiler library (libgcc or similar) to detect integer operations 177 # that can overflow. We must check that the result of enabling it 178 # actually links. The test program compiled/linked includes a number 179 # of integer operations that should exercise this. 180 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 181 fi 182 AC_MSG_CHECKING([gcc version]) 183 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 184 case $GCC_VER in 185 1.*) no_attrib_nonnull=1 ;; 186 2.8* | 2.9*) 187 no_attrib_nonnull=1 188 ;; 189 2.*) no_attrib_nonnull=1 ;; 190 *) ;; 191 esac 192 AC_MSG_RESULT([$GCC_VER]) 193 194 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 195 saved_CFLAGS="$CFLAGS" 196 CFLAGS="$CFLAGS -fno-builtin-memset" 197 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 198 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 199 [ AC_MSG_RESULT([yes]) ], 200 [ AC_MSG_RESULT([no]) 201 CFLAGS="$saved_CFLAGS" ] 202 ) 203 204 # -fstack-protector-all doesn't always work for some GCC versions 205 # and/or platforms, so we test if we can. If it's not supported 206 # on a given platform gcc will emit a warning so we use -Werror. 207 if test "x$use_stack_protector" = "x1"; then 208 for t in -fstack-protector-strong -fstack-protector-all \ 209 -fstack-protector; do 210 AC_MSG_CHECKING([if $CC supports $t]) 211 saved_CFLAGS="$CFLAGS" 212 saved_LDFLAGS="$LDFLAGS" 213 CFLAGS="$CFLAGS $t -Werror" 214 LDFLAGS="$LDFLAGS $t -Werror" 215 AC_LINK_IFELSE( 216 [AC_LANG_PROGRAM([[ 217 #include <stdio.h> 218 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 219 ]], 220 [[ 221 char x[256]; 222 snprintf(x, sizeof(x), "XXX%d", func(1)); 223 ]])], 224 [ AC_MSG_RESULT([yes]) 225 CFLAGS="$saved_CFLAGS $t" 226 LDFLAGS="$saved_LDFLAGS $t" 227 AC_MSG_CHECKING([if $t works]) 228 AC_RUN_IFELSE( 229 [AC_LANG_PROGRAM([[ 230 #include <stdio.h> 231 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 232 ]], 233 [[ 234 char x[256]; 235 snprintf(x, sizeof(x), "XXX%d", func(1)); 236 ]])], 237 [ AC_MSG_RESULT([yes]) 238 break ], 239 [ AC_MSG_RESULT([no]) ], 240 [ AC_MSG_WARN([cross compiling: cannot test]) 241 break ] 242 ) 243 ], 244 [ AC_MSG_RESULT([no]) ] 245 ) 246 CFLAGS="$saved_CFLAGS" 247 LDFLAGS="$saved_LDFLAGS" 248 done 249 fi 250 251 if test -z "$have_llong_max"; then 252 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 253 unset ac_cv_have_decl_LLONG_MAX 254 saved_CFLAGS="$CFLAGS" 255 CFLAGS="$CFLAGS -std=gnu99" 256 AC_CHECK_DECL([LLONG_MAX], 257 [have_llong_max=1], 258 [CFLAGS="$saved_CFLAGS"], 259 [#include <limits.h>] 260 ) 261 fi 262fi 263 264AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 265AC_COMPILE_IFELSE( 266 [AC_LANG_PROGRAM([[ 267#include <stdlib.h> 268__attribute__((__unused__)) static void foo(void){return;}]], 269 [[ exit(0); ]])], 270 [ AC_MSG_RESULT([yes]) ], 271 [ AC_MSG_RESULT([no]) 272 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 273 [compiler does not accept __attribute__ on return types]) ] 274) 275 276AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 277AC_COMPILE_IFELSE( 278 [AC_LANG_PROGRAM([[ 279#include <stdlib.h> 280typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 281 [[ exit(0); ]])], 282 [ AC_MSG_RESULT([yes]) ], 283 [ AC_MSG_RESULT([no]) 284 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 285 [compiler does not accept __attribute__ on prototype args]) ] 286) 287 288if test "x$no_attrib_nonnull" != "x1" ; then 289 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 290fi 291 292AC_ARG_WITH([rpath], 293 [ --without-rpath Disable auto-added -R linker paths], 294 [ 295 if test "x$withval" = "xno" ; then 296 rpath_opt="" 297 elif test "x$withval" = "xyes" ; then 298 rpath_opt="-R" 299 else 300 rpath_opt="$withval" 301 fi 302 ] 303) 304 305# Allow user to specify flags 306AC_ARG_WITH([cflags], 307 [ --with-cflags Specify additional flags to pass to compiler], 308 [ 309 if test -n "$withval" && test "x$withval" != "xno" && \ 310 test "x${withval}" != "xyes"; then 311 CFLAGS="$CFLAGS $withval" 312 fi 313 ] 314) 315 316AC_ARG_WITH([cflags-after], 317 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 318 [ 319 if test -n "$withval" && test "x$withval" != "xno" && \ 320 test "x${withval}" != "xyes"; then 321 CFLAGS_AFTER="$withval" 322 fi 323 ] 324) 325AC_ARG_WITH([cppflags], 326 [ --with-cppflags Specify additional flags to pass to preprocessor] , 327 [ 328 if test -n "$withval" && test "x$withval" != "xno" && \ 329 test "x${withval}" != "xyes"; then 330 CPPFLAGS="$CPPFLAGS $withval" 331 fi 332 ] 333) 334AC_ARG_WITH([ldflags], 335 [ --with-ldflags Specify additional flags to pass to linker], 336 [ 337 if test -n "$withval" && test "x$withval" != "xno" && \ 338 test "x${withval}" != "xyes"; then 339 LDFLAGS="$LDFLAGS $withval" 340 fi 341 ] 342) 343AC_ARG_WITH([ldflags-after], 344 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 345 [ 346 if test -n "$withval" && test "x$withval" != "xno" && \ 347 test "x${withval}" != "xyes"; then 348 LDFLAGS_AFTER="$withval" 349 fi 350 ] 351) 352AC_ARG_WITH([libs], 353 [ --with-libs Specify additional libraries to link with], 354 [ 355 if test -n "$withval" && test "x$withval" != "xno" && \ 356 test "x${withval}" != "xyes"; then 357 LIBS="$LIBS $withval" 358 fi 359 ] 360) 361AC_ARG_WITH([Werror], 362 [ --with-Werror Build main code with -Werror], 363 [ 364 if test -n "$withval" && test "x$withval" != "xno"; then 365 werror_flags="-Werror" 366 if test "x${withval}" != "xyes"; then 367 werror_flags="$withval" 368 fi 369 fi 370 ] 371) 372 373AC_CHECK_HEADERS([ \ 374 blf.h \ 375 bstring.h \ 376 crypt.h \ 377 crypto/sha2.h \ 378 dirent.h \ 379 endian.h \ 380 elf.h \ 381 err.h \ 382 features.h \ 383 fcntl.h \ 384 floatingpoint.h \ 385 fnmatch.h \ 386 getopt.h \ 387 glob.h \ 388 ia.h \ 389 iaf.h \ 390 ifaddrs.h \ 391 inttypes.h \ 392 langinfo.h \ 393 limits.h \ 394 locale.h \ 395 login.h \ 396 maillock.h \ 397 ndir.h \ 398 net/if_tun.h \ 399 netdb.h \ 400 netgroup.h \ 401 pam/pam_appl.h \ 402 paths.h \ 403 poll.h \ 404 pty.h \ 405 readpassphrase.h \ 406 rpc/types.h \ 407 security/pam_appl.h \ 408 sha2.h \ 409 shadow.h \ 410 stddef.h \ 411 stdint.h \ 412 string.h \ 413 strings.h \ 414 sys/bitypes.h \ 415 sys/byteorder.h \ 416 sys/bsdtty.h \ 417 sys/cdefs.h \ 418 sys/dir.h \ 419 sys/file.h \ 420 sys/mman.h \ 421 sys/label.h \ 422 sys/ndir.h \ 423 sys/poll.h \ 424 sys/prctl.h \ 425 sys/pstat.h \ 426 sys/ptrace.h \ 427 sys/random.h \ 428 sys/select.h \ 429 sys/stat.h \ 430 sys/stream.h \ 431 sys/stropts.h \ 432 sys/strtio.h \ 433 sys/statvfs.h \ 434 sys/sysmacros.h \ 435 sys/time.h \ 436 sys/timers.h \ 437 sys/vfs.h \ 438 time.h \ 439 tmpdir.h \ 440 ttyent.h \ 441 ucred.h \ 442 unistd.h \ 443 usersec.h \ 444 util.h \ 445 utime.h \ 446 utmp.h \ 447 utmpx.h \ 448 vis.h \ 449 wchar.h \ 450]) 451 452# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 453# to be included first. 454AC_CHECK_HEADERS([sys/audit.h], [], [], [ 455#ifdef HAVE_SYS_TIME_H 456# include <sys/time.h> 457#endif 458#ifdef HAVE_SYS_TYPES_H 459# include <sys/types.h> 460#endif 461#ifdef HAVE_SYS_LABEL_H 462# include <sys/label.h> 463#endif 464]) 465 466# sys/capsicum.h requires sys/types.h 467AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ 468#ifdef HAVE_SYS_TYPES_H 469# include <sys/types.h> 470#endif 471]) 472 473# net/route.h requires sys/socket.h and sys/types.h. 474# sys/sysctl.h also requires sys/param.h 475AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 476#ifdef HAVE_SYS_TYPES_H 477# include <sys/types.h> 478#endif 479#include <sys/param.h> 480#include <sys/socket.h> 481]) 482 483# lastlog.h requires sys/time.h to be included first on Solaris 484AC_CHECK_HEADERS([lastlog.h], [], [], [ 485#ifdef HAVE_SYS_TIME_H 486# include <sys/time.h> 487#endif 488]) 489 490# sys/ptms.h requires sys/stream.h to be included first on Solaris 491AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 492#ifdef HAVE_SYS_STREAM_H 493# include <sys/stream.h> 494#endif 495]) 496 497# login_cap.h requires sys/types.h on NetBSD 498AC_CHECK_HEADERS([login_cap.h], [], [], [ 499#include <sys/types.h> 500]) 501 502# older BSDs need sys/param.h before sys/mount.h 503AC_CHECK_HEADERS([sys/mount.h], [], [], [ 504#include <sys/param.h> 505]) 506 507# Android requires sys/socket.h to be included before sys/un.h 508AC_CHECK_HEADERS([sys/un.h], [], [], [ 509#include <sys/types.h> 510#include <sys/socket.h> 511]) 512 513# Messages for features tested for in target-specific section 514SIA_MSG="no" 515SPC_MSG="no" 516SP_MSG="no" 517SPP_MSG="no" 518 519# Support for Solaris/Illumos privileges (this test is used by both 520# the --with-solaris-privs option and --with-sandbox=solaris). 521SOLARIS_PRIVS="no" 522 523AC_CHECK_SIZEOF([size_t]) 524 525# Check for some target-specific stuff 526case "$host" in 527*-*-aix*) 528 # Some versions of VAC won't allow macro redefinitions at 529 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 530 # particularly with older versions of vac or xlc. 531 # It also throws errors about null macro arguments, but these are 532 # not fatal. 533 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 534 AC_COMPILE_IFELSE( 535 [AC_LANG_PROGRAM([[ 536#define testmacro foo 537#define testmacro bar]], 538 [[ exit(0); ]])], 539 [ AC_MSG_RESULT([yes]) ], 540 [ AC_MSG_RESULT([no]) 541 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 542 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 543 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 544 ] 545 ) 546 547 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 548 if (test -z "$blibpath"); then 549 blibpath="/usr/lib:/lib" 550 fi 551 saved_LDFLAGS="$LDFLAGS" 552 if test "$GCC" = "yes"; then 553 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 554 else 555 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 556 fi 557 for tryflags in $flags ;do 558 if (test -z "$blibflags"); then 559 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 560 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 561 [blibflags=$tryflags], []) 562 fi 563 done 564 if (test -z "$blibflags"); then 565 AC_MSG_RESULT([not found]) 566 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 567 else 568 AC_MSG_RESULT([$blibflags]) 569 fi 570 LDFLAGS="$saved_LDFLAGS" 571 dnl Check for authenticate. Might be in libs.a on older AIXes 572 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 573 [Define if you want to enable AIX4's authenticate function])], 574 [AC_CHECK_LIB([s], [authenticate], 575 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 576 LIBS="$LIBS -ls" 577 ]) 578 ]) 579 dnl Check for various auth function declarations in headers. 580 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 581 passwdexpired, setauthdb], , , [#include <usersec.h>]) 582 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 583 AC_CHECK_DECLS([loginfailed], 584 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 585 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 586 [[ (void)loginfailed("user","host","tty",0); ]])], 587 [AC_MSG_RESULT([yes]) 588 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 589 [Define if your AIX loginfailed() function 590 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 591 ])], 592 [], 593 [#include <usersec.h>] 594 ) 595 AC_CHECK_FUNCS([getgrset setauthdb]) 596 AC_CHECK_DECL([F_CLOSEM], 597 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 598 [], 599 [ #include <limits.h> 600 #include <fcntl.h> ] 601 ) 602 check_for_aix_broken_getaddrinfo=1 603 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 604 [Define if your platform breaks doing a seteuid before a setuid]) 605 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 606 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 607 dnl AIX handles lastlog as part of its login message 608 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 609 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 610 [Some systems need a utmpx entry for /bin/login to work]) 611 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 612 [Define to a Set Process Title type if your system is 613 supported by bsd-setproctitle.c]) 614 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 615 [AIX 5.2 and 5.3 (and presumably newer) require this]) 616 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 617 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 618 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 619 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 620 ;; 621*-*-android*) 622 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 623 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 624 ;; 625*-*-cygwin*) 626 check_for_libcrypt_later=1 627 LIBS="$LIBS /usr/lib/textreadmode.o" 628 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 629 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 630 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 631 [Define to disable UID restoration test]) 632 AC_DEFINE([DISABLE_SHADOW], [1], 633 [Define if you want to disable shadow passwords]) 634 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 635 [Define if X11 doesn't support AF_UNIX sockets on that system]) 636 AC_DEFINE([DISABLE_FD_PASSING], [1], 637 [Define if your platform needs to skip post auth 638 file descriptor passing]) 639 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 640 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 641 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 642 # reasons which cause compile warnings, so we disable those warnings. 643 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 644 ;; 645*-*-dgux*) 646 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 647 [Define if your system choked on IP TOS setting]) 648 AC_DEFINE([SETEUID_BREAKS_SETUID]) 649 AC_DEFINE([BROKEN_SETREUID]) 650 AC_DEFINE([BROKEN_SETREGID]) 651 ;; 652*-*-darwin*) 653 use_pie=auto 654 AC_MSG_CHECKING([if we have working getaddrinfo]) 655 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h> 656main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 657 exit(0); 658 else 659 exit(1); 660} 661 ]])], 662 [AC_MSG_RESULT([working])], 663 [AC_MSG_RESULT([buggy]) 664 AC_DEFINE([BROKEN_GETADDRINFO], [1], 665 [getaddrinfo is broken (if present)]) 666 ], 667 [AC_MSG_RESULT([assume it is working])]) 668 AC_DEFINE([SETEUID_BREAKS_SETUID]) 669 AC_DEFINE([BROKEN_SETREUID]) 670 AC_DEFINE([BROKEN_SETREGID]) 671 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 672 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 673 [Define if your resolver libs need this for getrrsetbyname]) 674 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 675 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 676 [Use tunnel device compatibility to OpenBSD]) 677 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 678 [Prepend the address family to IP tunnel traffic]) 679 m4_pattern_allow([AU_IPv]) 680 AC_CHECK_DECL([AU_IPv4], [], 681 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 682 [#include <bsm/audit.h>] 683 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 684 [Define if pututxline updates lastlog too]) 685 ) 686 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 687 [Define to a Set Process Title type if your system is 688 supported by bsd-setproctitle.c]) 689 AC_CHECK_FUNCS([sandbox_init]) 690 AC_CHECK_HEADERS([sandbox.h]) 691 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 692 SSHDLIBS="$SSHDLIBS -lsandbox" 693 ]) 694 # proc_pidinfo()-based closefrom() replacement. 695 AC_CHECK_HEADERS([libproc.h]) 696 AC_CHECK_FUNCS([proc_pidinfo]) 697 ;; 698*-*-dragonfly*) 699 SSHDLIBS="$SSHDLIBS -lcrypt" 700 TEST_MALLOC_OPTIONS="AFGJPRX" 701 ;; 702*-*-haiku*) 703 LIBS="$LIBS -lbsd " 704 CFLAGS="$CFLAGS -D_BSD_SOURCE" 705 AC_CHECK_LIB([network], [socket]) 706 AC_DEFINE([HAVE_U_INT64_T]) 707 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 708 MANTYPE=man 709 ;; 710*-*-hpux*) 711 # first we define all of the options common to all HP-UX releases 712 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 713 IPADDR_IN_DISPLAY=yes 714 AC_DEFINE([USE_PIPES]) 715 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 716 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 717 [String used in /etc/passwd to denote locked account]) 718 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 719 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 720 maildir="/var/mail" 721 LIBS="$LIBS -lsec" 722 AC_CHECK_LIB([xnet], [t_error], , 723 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 724 725 # next, we define all of the options specific to major releases 726 case "$host" in 727 *-*-hpux10*) 728 if test -z "$GCC"; then 729 CFLAGS="$CFLAGS -Ae" 730 fi 731 ;; 732 *-*-hpux11*) 733 AC_DEFINE([PAM_SUN_CODEBASE], [1], 734 [Define if you are using Solaris-derived PAM which 735 passes pam_messages to the conversation function 736 with an extra level of indirection]) 737 AC_DEFINE([DISABLE_UTMP], [1], 738 [Define if you don't want to use utmp]) 739 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 740 check_for_hpux_broken_getaddrinfo=1 741 check_for_conflicting_getspnam=1 742 ;; 743 esac 744 745 # lastly, we define options specific to minor releases 746 case "$host" in 747 *-*-hpux10.26) 748 AC_DEFINE([HAVE_SECUREWARE], [1], 749 [Define if you have SecureWare-based 750 protected password database]) 751 disable_ptmx_check=yes 752 LIBS="$LIBS -lsecpw" 753 ;; 754 esac 755 ;; 756*-*-irix5*) 757 PATH="$PATH:/usr/etc" 758 AC_DEFINE([BROKEN_INET_NTOA], [1], 759 [Define if you system's inet_ntoa is busted 760 (e.g. Irix gcc issue)]) 761 AC_DEFINE([SETEUID_BREAKS_SETUID]) 762 AC_DEFINE([BROKEN_SETREUID]) 763 AC_DEFINE([BROKEN_SETREGID]) 764 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 765 [Define if you shouldn't strip 'tty' from your 766 ttyname in [uw]tmp]) 767 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 768 ;; 769*-*-irix6*) 770 PATH="$PATH:/usr/etc" 771 AC_DEFINE([WITH_IRIX_ARRAY], [1], 772 [Define if you have/want arrays 773 (cluster-wide session management, not C arrays)]) 774 AC_DEFINE([WITH_IRIX_PROJECT], [1], 775 [Define if you want IRIX project management]) 776 AC_DEFINE([WITH_IRIX_AUDIT], [1], 777 [Define if you want IRIX audit trails]) 778 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 779 [Define if you want IRIX kernel jobs])]) 780 AC_DEFINE([BROKEN_INET_NTOA]) 781 AC_DEFINE([SETEUID_BREAKS_SETUID]) 782 AC_DEFINE([BROKEN_SETREUID]) 783 AC_DEFINE([BROKEN_SETREGID]) 784 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 785 AC_DEFINE([WITH_ABBREV_NO_TTY]) 786 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 787 ;; 788*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 789 check_for_libcrypt_later=1 790 AC_DEFINE([PAM_TTY_KLUDGE]) 791 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 792 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 793 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 794 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 795 ;; 796*-*-linux*) 797 no_dev_ptmx=1 798 use_pie=auto 799 check_for_libcrypt_later=1 800 check_for_openpty_ctty_bug=1 801 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 802 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 803 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" 804 AC_DEFINE([PAM_TTY_KLUDGE], [1], 805 [Work around problematic Linux PAM modules handling of PAM_TTY]) 806 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 807 [String used in /etc/passwd to denote locked account]) 808 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 809 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 810 [Define to whatever link() returns for "not supported" 811 if it doesn't return EOPNOTSUPP.]) 812 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 813 AC_DEFINE([USE_BTMP]) 814 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 815 inet6_default_4in6=yes 816 case `uname -r` in 817 1.*|2.0.*) 818 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 819 [Define if cmsg_type is not passed correctly]) 820 ;; 821 esac 822 # tun(4) forwarding compat code 823 AC_CHECK_HEADERS([linux/if_tun.h]) 824 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 825 AC_DEFINE([SSH_TUN_LINUX], [1], 826 [Open tunnel devices the Linux tun/tap way]) 827 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 828 [Use tunnel device compatibility to OpenBSD]) 829 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 830 [Prepend the address family to IP tunnel traffic]) 831 fi 832 AC_CHECK_HEADER([linux/if.h], 833 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 834 [Support routing domains using Linux VRF]), [], [ 835#ifdef HAVE_SYS_TYPES_H 836# include <sys/types.h> 837#endif 838 ]) 839 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 840 [], [#include <linux/types.h>]) 841 # Obtain MIPS ABI 842 case "$host" in 843 mips*) 844 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 845#if _MIPS_SIM != _ABIO32 846#error 847#endif 848 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 849#if _MIPS_SIM != _ABIN32 850#error 851#endif 852 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 853#if _MIPS_SIM != _ABI64 854#error 855#endif 856 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 857 ]) 858 ]) 859 ]) 860 ;; 861 esac 862 AC_MSG_CHECKING([for seccomp architecture]) 863 seccomp_audit_arch= 864 case "$host" in 865 x86_64-*) 866 seccomp_audit_arch=AUDIT_ARCH_X86_64 867 # X32: AMD64 instructions in 32bit address space. 868 if test "x$ac_cv_sizeof_size_t" = "x4" ; then 869 seccomp_audit_arch=AUDIT_ARCH_I386 870 fi 871 ;; 872 i*86-*) 873 seccomp_audit_arch=AUDIT_ARCH_I386 874 ;; 875 arm*-*) 876 seccomp_audit_arch=AUDIT_ARCH_ARM 877 ;; 878 aarch64*-*) 879 seccomp_audit_arch=AUDIT_ARCH_AARCH64 880 ;; 881 s390x-*) 882 seccomp_audit_arch=AUDIT_ARCH_S390X 883 ;; 884 s390-*) 885 seccomp_audit_arch=AUDIT_ARCH_S390 886 ;; 887 powerpc64-*) 888 seccomp_audit_arch=AUDIT_ARCH_PPC64 889 ;; 890 powerpc64le-*) 891 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 892 ;; 893 mips-*) 894 seccomp_audit_arch=AUDIT_ARCH_MIPS 895 ;; 896 mipsel-*) 897 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 898 ;; 899 mips64-*) 900 case "$mips_abi" in 901 "n32") 902 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 903 ;; 904 "n64") 905 seccomp_audit_arch=AUDIT_ARCH_MIPS64 906 ;; 907 esac 908 ;; 909 mips64el-*) 910 case "$mips_abi" in 911 "n32") 912 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 913 ;; 914 "n64") 915 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 916 ;; 917 esac 918 ;; 919 riscv64-*) 920 seccomp_audit_arch=AUDIT_ARCH_RISCV64 921 ;; 922 esac 923 if test "x$seccomp_audit_arch" != "x" ; then 924 AC_MSG_RESULT(["$seccomp_audit_arch"]) 925 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 926 [Specify the system call convention in use]) 927 else 928 AC_MSG_RESULT([architecture not supported]) 929 fi 930 ;; 931mips-sony-bsd|mips-sony-newsos4) 932 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 933 SONY=1 934 ;; 935*-*-netbsd*) 936 check_for_libcrypt_before=1 937 if test "x$withval" != "xno" ; then 938 rpath_opt="-R" 939 fi 940 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 941 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 942 AC_CHECK_HEADER([net/if_tap.h], , 943 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 944 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 945 [Prepend the address family to IP tunnel traffic]) 946 TEST_MALLOC_OPTIONS="AJRX" 947 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 948 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 949 ;; 950*-*-freebsd*) 951 check_for_libcrypt_later=1 952 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 953 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 954 AC_CHECK_HEADER([net/if_tap.h], , 955 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 956 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 957 TEST_MALLOC_OPTIONS="AJRX" 958 # Preauth crypto occasionally uses file descriptors for crypto offload 959 # and will crash if they cannot be opened. 960 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 961 [define if setrlimit RLIMIT_NOFILE breaks things]) 962 ;; 963*-*-bsdi*) 964 AC_DEFINE([SETEUID_BREAKS_SETUID]) 965 AC_DEFINE([BROKEN_SETREUID]) 966 AC_DEFINE([BROKEN_SETREGID]) 967 ;; 968*-next-*) 969 conf_lastlog_location="/usr/adm/lastlog" 970 conf_utmp_location=/etc/utmp 971 conf_wtmp_location=/usr/adm/wtmp 972 maildir=/usr/spool/mail 973 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 974 AC_DEFINE([USE_PIPES]) 975 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 976 ;; 977*-*-openbsd*) 978 use_pie=auto 979 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 980 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 981 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 982 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 983 [syslog_r function is safe to use in in a signal handler]) 984 TEST_MALLOC_OPTIONS="AFGJPRX" 985 ;; 986*-*-solaris*) 987 if test "x$withval" != "xno" ; then 988 rpath_opt="-R" 989 fi 990 AC_DEFINE([PAM_SUN_CODEBASE]) 991 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 992 AC_DEFINE([PAM_TTY_KLUDGE]) 993 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 994 [Define if pam_chauthtok wants real uid set 995 to the unpriv'ed user]) 996 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 997 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 998 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 999 [Define if sshd somehow reacquires a controlling TTY 1000 after setsid()]) 1001 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1002 in case the name is longer than 8 chars]) 1003 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1004 external_path_file=/etc/default/login 1005 # hardwire lastlog location (can't detect it on some versions) 1006 conf_lastlog_location="/var/adm/lastlog" 1007 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1008 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1009 if test "$sol2ver" -ge 8; then 1010 AC_MSG_RESULT([yes]) 1011 AC_DEFINE([DISABLE_UTMP]) 1012 AC_DEFINE([DISABLE_WTMP], [1], 1013 [Define if you don't want to use wtmp]) 1014 else 1015 AC_MSG_RESULT([no]) 1016 fi 1017 AC_CHECK_FUNCS([setpflags]) 1018 AC_CHECK_FUNCS([setppriv]) 1019 AC_CHECK_FUNCS([priv_basicset]) 1020 AC_CHECK_HEADERS([priv.h]) 1021 AC_ARG_WITH([solaris-contracts], 1022 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1023 [ 1024 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1025 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1026 [Define if you have Solaris process contracts]) 1027 LIBS="$LIBS -lcontract" 1028 SPC_MSG="yes" ], ) 1029 ], 1030 ) 1031 AC_ARG_WITH([solaris-projects], 1032 [ --with-solaris-projects Enable Solaris projects (experimental)], 1033 [ 1034 AC_CHECK_LIB([project], [setproject], 1035 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1036 [Define if you have Solaris projects]) 1037 LIBS="$LIBS -lproject" 1038 SP_MSG="yes" ], ) 1039 ], 1040 ) 1041 AC_ARG_WITH([solaris-privs], 1042 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1043 [ 1044 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1045 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1046 "x$ac_cv_header_priv_h" = "xyes" ; then 1047 SOLARIS_PRIVS=yes 1048 AC_MSG_RESULT([found]) 1049 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1050 [Define to disable UID restoration test]) 1051 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1052 [Define if you have Solaris privileges]) 1053 SPP_MSG="yes" 1054 else 1055 AC_MSG_RESULT([not found]) 1056 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1057 fi 1058 ], 1059 ) 1060 TEST_SHELL=$SHELL # let configure find us a capable shell 1061 ;; 1062*-*-sunos4*) 1063 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1064 AC_CHECK_FUNCS([getpwanam]) 1065 AC_DEFINE([PAM_SUN_CODEBASE]) 1066 conf_utmp_location=/etc/utmp 1067 conf_wtmp_location=/var/adm/wtmp 1068 conf_lastlog_location=/var/adm/lastlog 1069 AC_DEFINE([USE_PIPES]) 1070 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1071 ;; 1072*-ncr-sysv*) 1073 LIBS="$LIBS -lc89" 1074 AC_DEFINE([USE_PIPES]) 1075 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1076 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1077 AC_DEFINE([BROKEN_SETREUID]) 1078 AC_DEFINE([BROKEN_SETREGID]) 1079 ;; 1080*-sni-sysv*) 1081 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1082 AC_CHECK_LIB([dl], [dlsym], ,) 1083 # -lresolv needs to be at the end of LIBS or DNS lookups break 1084 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1085 IPADDR_IN_DISPLAY=yes 1086 AC_DEFINE([USE_PIPES]) 1087 AC_DEFINE([IP_TOS_IS_BROKEN]) 1088 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1089 AC_DEFINE([BROKEN_SETREUID]) 1090 AC_DEFINE([BROKEN_SETREGID]) 1091 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1092 external_path_file=/etc/default/login 1093 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1094 # Attention: always take care to bind libsocket and libnsl before libc, 1095 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1096 ;; 1097# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1098*-*-sysv4.2*) 1099 AC_DEFINE([USE_PIPES]) 1100 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1101 AC_DEFINE([BROKEN_SETREUID]) 1102 AC_DEFINE([BROKEN_SETREGID]) 1103 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1104 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1105 TEST_SHELL=$SHELL # let configure find us a capable shell 1106 ;; 1107# UnixWare 7.x, OpenUNIX 8 1108*-*-sysv5*) 1109 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1110 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1111 AC_DEFINE([USE_PIPES]) 1112 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1113 AC_DEFINE([BROKEN_GETADDRINFO]) 1114 AC_DEFINE([BROKEN_SETREUID]) 1115 AC_DEFINE([BROKEN_SETREGID]) 1116 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1117 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1118 TEST_SHELL=$SHELL # let configure find us a capable shell 1119 check_for_libcrypt_later=1 1120 case "$host" in 1121 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1122 maildir=/var/spool/mail 1123 AC_DEFINE([BROKEN_UPDWTMPX]) 1124 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1125 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1126 ], , ) 1127 ;; 1128 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1129 ;; 1130 esac 1131 ;; 1132*-*-sysv*) 1133 ;; 1134# SCO UNIX and OEM versions of SCO UNIX 1135*-*-sco3.2v4*) 1136 AC_MSG_ERROR("This Platform is no longer supported.") 1137 ;; 1138# SCO OpenServer 5.x 1139*-*-sco3.2v5*) 1140 if test -z "$GCC"; then 1141 CFLAGS="$CFLAGS -belf" 1142 fi 1143 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1144 no_dev_ptmx=1 1145 AC_DEFINE([USE_PIPES]) 1146 AC_DEFINE([HAVE_SECUREWARE]) 1147 AC_DEFINE([DISABLE_SHADOW]) 1148 AC_DEFINE([DISABLE_FD_PASSING]) 1149 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1150 AC_DEFINE([BROKEN_GETADDRINFO]) 1151 AC_DEFINE([BROKEN_SETREUID]) 1152 AC_DEFINE([BROKEN_SETREGID]) 1153 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1154 AC_DEFINE([BROKEN_UPDWTMPX]) 1155 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1156 AC_CHECK_FUNCS([getluid setluid]) 1157 MANTYPE=man 1158 TEST_SHELL=$SHELL # let configure find us a capable shell 1159 SKIP_DISABLE_LASTLOG_DEFINE=yes 1160 ;; 1161*-dec-osf*) 1162 AC_MSG_CHECKING([for Digital Unix SIA]) 1163 no_osfsia="" 1164 AC_ARG_WITH([osfsia], 1165 [ --with-osfsia Enable Digital Unix SIA], 1166 [ 1167 if test "x$withval" = "xno" ; then 1168 AC_MSG_RESULT([disabled]) 1169 no_osfsia=1 1170 fi 1171 ], 1172 ) 1173 if test -z "$no_osfsia" ; then 1174 if test -f /etc/sia/matrix.conf; then 1175 AC_MSG_RESULT([yes]) 1176 AC_DEFINE([HAVE_OSF_SIA], [1], 1177 [Define if you have Digital Unix Security 1178 Integration Architecture]) 1179 AC_DEFINE([DISABLE_LOGIN], [1], 1180 [Define if you don't want to use your 1181 system's login() call]) 1182 AC_DEFINE([DISABLE_FD_PASSING]) 1183 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1184 SIA_MSG="yes" 1185 else 1186 AC_MSG_RESULT([no]) 1187 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1188 [String used in /etc/passwd to denote locked account]) 1189 fi 1190 fi 1191 AC_DEFINE([BROKEN_GETADDRINFO]) 1192 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1193 AC_DEFINE([BROKEN_SETREUID]) 1194 AC_DEFINE([BROKEN_SETREGID]) 1195 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1196 ;; 1197 1198*-*-nto-qnx*) 1199 AC_DEFINE([USE_PIPES]) 1200 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1201 AC_DEFINE([DISABLE_LASTLOG]) 1202 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1203 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1204 enable_etc_default_login=no # has incompatible /etc/default/login 1205 case "$host" in 1206 *-*-nto-qnx6*) 1207 AC_DEFINE([DISABLE_FD_PASSING]) 1208 ;; 1209 esac 1210 ;; 1211 1212*-*-ultrix*) 1213 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1214 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1215 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1216 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1217 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1218 # don't get a controlling tty. 1219 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1220 # On Ultrix some headers are not protected against multiple includes, 1221 # so we create wrappers and put it where the compiler will find it. 1222 AC_MSG_WARN([creating compat wrappers for headers]) 1223 mkdir -p netinet 1224 for header in netinet/ip.h netdb.h resolv.h; do 1225 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1226 cat >$header <<EOD 1227#ifndef _SSH_COMPAT_${name} 1228#define _SSH_COMPAT_${name} 1229#include "/usr/include/${header}" 1230#endif 1231EOD 1232 done 1233 ;; 1234 1235*-*-lynxos) 1236 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1237 AC_DEFINE([BROKEN_SETVBUF], [1], 1238 [LynxOS has broken setvbuf() implementation]) 1239 ;; 1240esac 1241 1242AC_MSG_CHECKING([compiler and flags for sanity]) 1243AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], 1244 [ AC_MSG_RESULT([yes]) ], 1245 [ 1246 AC_MSG_RESULT([no]) 1247 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1248 ], 1249 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1250) 1251 1252dnl Checks for header files. 1253# Checks for libraries. 1254AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1255 1256dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1257AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1258 AC_CHECK_LIB([gen], [dirname], [ 1259 AC_CACHE_CHECK([for broken dirname], 1260 ac_cv_have_broken_dirname, [ 1261 save_LIBS="$LIBS" 1262 LIBS="$LIBS -lgen" 1263 AC_RUN_IFELSE( 1264 [AC_LANG_SOURCE([[ 1265#include <libgen.h> 1266#include <string.h> 1267 1268int main(int argc, char **argv) { 1269 char *s, buf[32]; 1270 1271 strncpy(buf,"/etc", 32); 1272 s = dirname(buf); 1273 if (!s || strncmp(s, "/", 32) != 0) { 1274 exit(1); 1275 } else { 1276 exit(0); 1277 } 1278} 1279 ]])], 1280 [ ac_cv_have_broken_dirname="no" ], 1281 [ ac_cv_have_broken_dirname="yes" ], 1282 [ ac_cv_have_broken_dirname="no" ], 1283 ) 1284 LIBS="$save_LIBS" 1285 ]) 1286 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1287 LIBS="$LIBS -lgen" 1288 AC_DEFINE([HAVE_DIRNAME]) 1289 AC_CHECK_HEADERS([libgen.h]) 1290 fi 1291 ]) 1292]) 1293 1294AC_CHECK_FUNC([getspnam], , 1295 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1296AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1297 [Define if you have the basename function.])]) 1298 1299dnl zlib defaults to enabled 1300zlib=yes 1301AC_ARG_WITH([zlib], 1302 [ --with-zlib=PATH Use zlib in PATH], 1303 [ if test "x$withval" = "xno" ; then 1304 zlib=no 1305 elif test "x$withval" != "xyes"; then 1306 if test -d "$withval/lib"; then 1307 if test -n "${rpath_opt}"; then 1308 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1309 else 1310 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1311 fi 1312 else 1313 if test -n "${rpath_opt}"; then 1314 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1315 else 1316 LDFLAGS="-L${withval} ${LDFLAGS}" 1317 fi 1318 fi 1319 if test -d "$withval/include"; then 1320 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1321 else 1322 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1323 fi 1324 fi ] 1325) 1326 1327AC_MSG_CHECKING([for zlib]) 1328if test "x${zlib}" = "xno"; then 1329 AC_MSG_RESULT([no]) 1330else 1331 AC_MSG_RESULT([yes]) 1332 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1333 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1334 AC_CHECK_LIB([z], [deflate], , 1335 [ 1336 saved_CPPFLAGS="$CPPFLAGS" 1337 saved_LDFLAGS="$LDFLAGS" 1338 save_LIBS="$LIBS" 1339 dnl Check default zlib install dir 1340 if test -n "${rpath_opt}"; then 1341 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1342 else 1343 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1344 fi 1345 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1346 LIBS="$LIBS -lz" 1347 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1348 [ 1349 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1350 ] 1351 ) 1352 ] 1353 ) 1354 1355 AC_ARG_WITH([zlib-version-check], 1356 [ --without-zlib-version-check Disable zlib version check], 1357 [ if test "x$withval" = "xno" ; then 1358 zlib_check_nonfatal=1 1359 fi 1360 ] 1361 ) 1362 1363 AC_MSG_CHECKING([for possibly buggy zlib]) 1364 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1365#include <stdio.h> 1366#include <stdlib.h> 1367#include <zlib.h> 1368 ]], 1369 [[ 1370 int a=0, b=0, c=0, d=0, n, v; 1371 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1372 if (n != 3 && n != 4) 1373 exit(1); 1374 v = a*1000000 + b*10000 + c*100 + d; 1375 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1376 1377 /* 1.1.4 is OK */ 1378 if (a == 1 && b == 1 && c >= 4) 1379 exit(0); 1380 1381 /* 1.2.3 and up are OK */ 1382 if (v >= 1020300) 1383 exit(0); 1384 1385 exit(2); 1386 ]])], 1387 AC_MSG_RESULT([no]), 1388 [ AC_MSG_RESULT([yes]) 1389 if test -z "$zlib_check_nonfatal" ; then 1390 AC_MSG_ERROR([*** zlib too old - check config.log *** 1391Your reported zlib version has known security problems. It's possible your 1392vendor has fixed these problems without changing the version number. If you 1393are sure this is the case, you can disable the check by running 1394"./configure --without-zlib-version-check". 1395If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1396See http://www.gzip.org/zlib/ for details.]) 1397 else 1398 AC_MSG_WARN([zlib version may have security problems]) 1399 fi 1400 ], 1401 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1402 ) 1403fi 1404 1405dnl UnixWare 2.x 1406AC_CHECK_FUNC([strcasecmp], 1407 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1408) 1409AC_CHECK_FUNCS([utimes], 1410 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1411 LIBS="$LIBS -lc89"]) ] 1412) 1413 1414dnl Checks for libutil functions 1415AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1416AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1417AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1418AC_SEARCH_LIBS([login], [util bsd]) 1419AC_SEARCH_LIBS([logout], [util bsd]) 1420AC_SEARCH_LIBS([logwtmp], [util bsd]) 1421AC_SEARCH_LIBS([openpty], [util bsd]) 1422AC_SEARCH_LIBS([updwtmp], [util bsd]) 1423AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1424 1425# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1426# or libnsl. 1427AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1428AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1429 1430# "Particular Function Checks" 1431# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1432AC_FUNC_STRFTIME 1433AC_FUNC_MALLOC 1434AC_FUNC_REALLOC 1435# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1436AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1437AC_RUN_IFELSE( 1438 [AC_LANG_PROGRAM( 1439 [[ #include <stdlib.h> ]], 1440 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1441 )], 1442 [ func_calloc_0_nonnull=yes ], 1443 [ func_calloc_0_nonnull=no ], 1444 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1445 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1446) 1447AC_MSG_RESULT([$func_calloc_0_nonnull]) 1448 1449if test "x$func_calloc_0_nonnull" = "xyes"; then 1450 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1451else 1452 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1453 AC_DEFINE(calloc, rpl_calloc, 1454 [Define to rpl_calloc if the replacement function should be used.]) 1455fi 1456 1457# Check for ALTDIRFUNC glob() extension 1458AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1459AC_EGREP_CPP([FOUNDIT], 1460 [ 1461 #include <glob.h> 1462 #ifdef GLOB_ALTDIRFUNC 1463 FOUNDIT 1464 #endif 1465 ], 1466 [ 1467 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1468 [Define if your system glob() function has 1469 the GLOB_ALTDIRFUNC extension]) 1470 AC_MSG_RESULT([yes]) 1471 ], 1472 [ 1473 AC_MSG_RESULT([no]) 1474 ] 1475) 1476 1477# Check for g.gl_matchc glob() extension 1478AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1479AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1480 [[ glob_t g; g.gl_matchc = 1; ]])], 1481 [ 1482 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1483 [Define if your system glob() function has 1484 gl_matchc options in glob_t]) 1485 AC_MSG_RESULT([yes]) 1486 ], [ 1487 AC_MSG_RESULT([no]) 1488]) 1489 1490# Check for g.gl_statv glob() extension 1491AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1492AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1493#ifndef GLOB_KEEPSTAT 1494#error "glob does not support GLOB_KEEPSTAT extension" 1495#endif 1496glob_t g; 1497g.gl_statv = NULL; 1498]])], 1499 [ 1500 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1501 [Define if your system glob() function has 1502 gl_statv options in glob_t]) 1503 AC_MSG_RESULT([yes]) 1504 ], [ 1505 AC_MSG_RESULT([no]) 1506 1507]) 1508 1509AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1510 1511AC_CHECK_DECL([VIS_ALL], , 1512 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1513 1514AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1515AC_RUN_IFELSE( 1516 [AC_LANG_PROGRAM([[ 1517#include <sys/types.h> 1518#include <dirent.h>]], 1519 [[ 1520 struct dirent d; 1521 exit(sizeof(d.d_name)<=sizeof(char)); 1522 ]])], 1523 [AC_MSG_RESULT([yes])], 1524 [ 1525 AC_MSG_RESULT([no]) 1526 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1527 [Define if your struct dirent expects you to 1528 allocate extra space for d_name]) 1529 ], 1530 [ 1531 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1532 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1533 ] 1534) 1535 1536AC_MSG_CHECKING([for /proc/pid/fd directory]) 1537if test -d "/proc/$$/fd" ; then 1538 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1539 AC_MSG_RESULT([yes]) 1540else 1541 AC_MSG_RESULT([no]) 1542fi 1543 1544# Check whether user wants to use ldns 1545LDNS_MSG="no" 1546AC_ARG_WITH(ldns, 1547 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1548 [ 1549 ldns="" 1550 if test "x$withval" = "xyes" ; then 1551 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1552 if test "x$LDNSCONFIG" = "xno"; then 1553 LIBS="-lldns $LIBS" 1554 ldns=yes 1555 else 1556 LIBS="$LIBS `$LDNSCONFIG --libs`" 1557 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1558 ldns=yes 1559 fi 1560 elif test "x$withval" != "xno" ; then 1561 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1562 LDFLAGS="$LDFLAGS -L${withval}/lib" 1563 LIBS="-lldns $LIBS" 1564 ldns=yes 1565 fi 1566 1567 # Verify that it works. 1568 if test "x$ldns" = "xyes" ; then 1569 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1570 LDNS_MSG="yes" 1571 AC_MSG_CHECKING([for ldns support]) 1572 AC_LINK_IFELSE( 1573 [AC_LANG_SOURCE([[ 1574#include <stdio.h> 1575#include <stdlib.h> 1576#ifdef HAVE_STDINT_H 1577# include <stdint.h> 1578#endif 1579#include <ldns/ldns.h> 1580int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1581 ]]) 1582 ], 1583 [AC_MSG_RESULT(yes)], 1584 [ 1585 AC_MSG_RESULT(no) 1586 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1587 ]) 1588 fi 1589]) 1590 1591# Check whether user wants libedit support 1592LIBEDIT_MSG="no" 1593AC_ARG_WITH([libedit], 1594 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1595 [ if test "x$withval" != "xno" ; then 1596 if test "x$withval" = "xyes" ; then 1597 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1598 if test "x$PKGCONFIG" != "xno"; then 1599 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1600 if "$PKGCONFIG" libedit; then 1601 AC_MSG_RESULT([yes]) 1602 use_pkgconfig_for_libedit=yes 1603 else 1604 AC_MSG_RESULT([no]) 1605 fi 1606 fi 1607 else 1608 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1609 if test -n "${rpath_opt}"; then 1610 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1611 else 1612 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1613 fi 1614 fi 1615 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1616 LIBEDIT=`$PKGCONFIG --libs libedit` 1617 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1618 else 1619 LIBEDIT="-ledit -lcurses" 1620 fi 1621 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1622 AC_CHECK_LIB([edit], [el_init], 1623 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1624 LIBEDIT_MSG="yes" 1625 AC_SUBST([LIBEDIT]) 1626 ], 1627 [ AC_MSG_ERROR([libedit not found]) ], 1628 [ $OTHERLIBS ] 1629 ) 1630 AC_MSG_CHECKING([if libedit version is compatible]) 1631 AC_COMPILE_IFELSE( 1632 [AC_LANG_PROGRAM([[ #include <histedit.h> ]], 1633 [[ 1634 int i = H_SETSIZE; 1635 el_init("", NULL, NULL, NULL); 1636 exit(0); 1637 ]])], 1638 [ AC_MSG_RESULT([yes]) ], 1639 [ AC_MSG_RESULT([no]) 1640 AC_MSG_ERROR([libedit version is not compatible]) ] 1641 ) 1642 fi ] 1643) 1644 1645AUDIT_MODULE=none 1646AC_ARG_WITH([audit], 1647 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1648 [ 1649 AC_MSG_CHECKING([for supported audit module]) 1650 case "$withval" in 1651 bsm) 1652 AC_MSG_RESULT([bsm]) 1653 AUDIT_MODULE=bsm 1654 dnl Checks for headers, libs and functions 1655 AC_CHECK_HEADERS([bsm/audit.h], [], 1656 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1657 [ 1658#ifdef HAVE_TIME_H 1659# include <time.h> 1660#endif 1661 ] 1662) 1663 AC_CHECK_LIB([bsm], [getaudit], [], 1664 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1665 AC_CHECK_FUNCS([getaudit], [], 1666 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1667 # These are optional 1668 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1669 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1670 if test "$sol2ver" -ge 11; then 1671 SSHDLIBS="$SSHDLIBS -lscf" 1672 AC_DEFINE([BROKEN_BSM_API], [1], 1673 [The system has incomplete BSM API]) 1674 fi 1675 ;; 1676 linux) 1677 AC_MSG_RESULT([linux]) 1678 AUDIT_MODULE=linux 1679 dnl Checks for headers, libs and functions 1680 AC_CHECK_HEADERS([libaudit.h]) 1681 SSHDLIBS="$SSHDLIBS -laudit" 1682 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1683 ;; 1684 debug) 1685 AUDIT_MODULE=debug 1686 AC_MSG_RESULT([debug]) 1687 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1688 ;; 1689 no) 1690 AC_MSG_RESULT([no]) 1691 ;; 1692 *) 1693 AC_MSG_ERROR([Unknown audit module $withval]) 1694 ;; 1695 esac ] 1696) 1697 1698AC_ARG_WITH([pie], 1699 [ --with-pie Build Position Independent Executables if possible], [ 1700 if test "x$withval" = "xno"; then 1701 use_pie=no 1702 fi 1703 if test "x$withval" = "xyes"; then 1704 use_pie=yes 1705 fi 1706 ] 1707) 1708if test "x$use_pie" = "x"; then 1709 use_pie=no 1710fi 1711if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1712 # Turn off automatic PIE when toolchain hardening is off. 1713 use_pie=no 1714fi 1715if test "x$use_pie" = "xauto"; then 1716 # Automatic PIE requires gcc >= 4.x 1717 AC_MSG_CHECKING([for gcc >= 4.x]) 1718 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1719#if !defined(__GNUC__) || __GNUC__ < 4 1720#error gcc is too old 1721#endif 1722]])], 1723 [ AC_MSG_RESULT([yes]) ], 1724 [ AC_MSG_RESULT([no]) 1725 use_pie=no ] 1726) 1727fi 1728if test "x$use_pie" != "xno"; then 1729 SAVED_CFLAGS="$CFLAGS" 1730 SAVED_LDFLAGS="$LDFLAGS" 1731 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1732 OSSH_CHECK_LDFLAG_LINK([-pie]) 1733 # We use both -fPIE and -pie or neither. 1734 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1735 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1736 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1737 AC_MSG_RESULT([yes]) 1738 else 1739 AC_MSG_RESULT([no]) 1740 CFLAGS="$SAVED_CFLAGS" 1741 LDFLAGS="$SAVED_LDFLAGS" 1742 fi 1743fi 1744 1745AC_MSG_CHECKING([whether -fPIC is accepted]) 1746SAVED_CFLAGS="$CFLAGS" 1747CFLAGS="$CFLAGS -fPIC" 1748AC_COMPILE_IFELSE( 1749 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1750 [AC_MSG_RESULT([yes]) 1751 PICFLAG="-fPIC"; ], 1752 [AC_MSG_RESULT([no]) 1753 PICFLAG=""; ]) 1754CFLAGS="$SAVED_CFLAGS" 1755AC_SUBST([PICFLAG]) 1756 1757dnl Checks for library functions. Please keep in alphabetical order 1758AC_CHECK_FUNCS([ \ 1759 Blowfish_initstate \ 1760 Blowfish_expandstate \ 1761 Blowfish_expand0state \ 1762 Blowfish_stream2word \ 1763 SHA256Update \ 1764 SHA384Update \ 1765 SHA512Update \ 1766 asprintf \ 1767 b64_ntop \ 1768 __b64_ntop \ 1769 b64_pton \ 1770 __b64_pton \ 1771 bcopy \ 1772 bcrypt_pbkdf \ 1773 bindresvport_sa \ 1774 blf_enc \ 1775 bzero \ 1776 cap_rights_limit \ 1777 clock \ 1778 closefrom \ 1779 dirfd \ 1780 endgrent \ 1781 err \ 1782 errx \ 1783 explicit_bzero \ 1784 fchmod \ 1785 fchmodat \ 1786 fchown \ 1787 fchownat \ 1788 flock \ 1789 fnmatch \ 1790 freeaddrinfo \ 1791 freezero \ 1792 fstatfs \ 1793 fstatvfs \ 1794 futimes \ 1795 getaddrinfo \ 1796 getcwd \ 1797 getgrouplist \ 1798 getline \ 1799 getnameinfo \ 1800 getopt \ 1801 getpagesize \ 1802 getpeereid \ 1803 getpeerucred \ 1804 getpgid \ 1805 _getpty \ 1806 getrlimit \ 1807 getrandom \ 1808 getsid \ 1809 getttyent \ 1810 glob \ 1811 group_from_gid \ 1812 inet_aton \ 1813 inet_ntoa \ 1814 inet_ntop \ 1815 innetgr \ 1816 llabs \ 1817 localtime_r \ 1818 login_getcapbool \ 1819 md5_crypt \ 1820 memmem \ 1821 memmove \ 1822 memset_s \ 1823 mkdtemp \ 1824 ngetaddrinfo \ 1825 nsleep \ 1826 ogetaddrinfo \ 1827 openlog_r \ 1828 pledge \ 1829 poll \ 1830 prctl \ 1831 pstat \ 1832 raise \ 1833 readpassphrase \ 1834 reallocarray \ 1835 realpath \ 1836 recvmsg \ 1837 recallocarray \ 1838 rresvport_af \ 1839 sendmsg \ 1840 setdtablesize \ 1841 setegid \ 1842 setenv \ 1843 seteuid \ 1844 setgroupent \ 1845 setgroups \ 1846 setlinebuf \ 1847 setlogin \ 1848 setpassent\ 1849 setpcred \ 1850 setproctitle \ 1851 setregid \ 1852 setreuid \ 1853 setrlimit \ 1854 setsid \ 1855 setvbuf \ 1856 sigaction \ 1857 sigvec \ 1858 snprintf \ 1859 socketpair \ 1860 statfs \ 1861 statvfs \ 1862 strcasestr \ 1863 strdup \ 1864 strerror \ 1865 strlcat \ 1866 strlcpy \ 1867 strmode \ 1868 strndup \ 1869 strnlen \ 1870 strnvis \ 1871 strptime \ 1872 strsignal \ 1873 strtonum \ 1874 strtoll \ 1875 strtoul \ 1876 strtoull \ 1877 swap32 \ 1878 sysconf \ 1879 tcgetpgrp \ 1880 timingsafe_bcmp \ 1881 truncate \ 1882 unsetenv \ 1883 updwtmpx \ 1884 utimensat \ 1885 user_from_uid \ 1886 usleep \ 1887 vasprintf \ 1888 vsnprintf \ 1889 waitpid \ 1890 warn \ 1891]) 1892 1893AC_CHECK_DECLS([bzero, memmem]) 1894 1895dnl Wide character support. 1896AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1897 1898TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 1899AC_MSG_CHECKING([for utf8 locale support]) 1900AC_RUN_IFELSE( 1901 [AC_LANG_PROGRAM([[ 1902#include <locale.h> 1903#include <stdlib.h> 1904 ]], [[ 1905 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 1906 if (loc != NULL) 1907 exit(0); 1908 exit(1); 1909 ]])], 1910 AC_MSG_RESULT(yes), 1911 [AC_MSG_RESULT(no) 1912 TEST_SSH_UTF8=no], 1913 AC_MSG_WARN([cross compiling: assuming yes]) 1914) 1915 1916AC_LINK_IFELSE( 1917 [AC_LANG_PROGRAM( 1918 [[ #include <ctype.h> ]], 1919 [[ return (isblank('a')); ]])], 1920 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1921]) 1922 1923disable_pkcs11= 1924AC_ARG_ENABLE([pkcs11], 1925 [ --disable-pkcs11 disable PKCS#11 support code [no]], 1926 [ 1927 if test "x$enableval" = "xno" ; then 1928 disable_pkcs11=1 1929 fi 1930 ] 1931) 1932 1933disable_sk= 1934AC_ARG_ENABLE([security-key], 1935 [ --disable-security-key disable U2F/FIDO support code [no]], 1936 [ 1937 if test "x$enableval" = "xno" ; then 1938 disable_sk=1 1939 fi 1940 ] 1941) 1942enable_sk_internal= 1943AC_ARG_WITH([security-key-builtin], 1944 [ --with-security-key-builtin include builtin U2F/FIDO support], 1945 [ 1946 if test "x$withval" != "xno" ; then 1947 enable_sk_internal=yes 1948 fi 1949 ] 1950) 1951test "x$disable_sk" != "x" && enable_sk_internal="" 1952 1953AC_SEARCH_LIBS([dlopen], [dl]) 1954AC_CHECK_FUNCS([dlopen]) 1955AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 1956 1957# IRIX has a const char return value for gai_strerror() 1958AC_CHECK_FUNCS([gai_strerror], [ 1959 AC_DEFINE([HAVE_GAI_STRERROR]) 1960 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1961#include <sys/types.h> 1962#include <sys/socket.h> 1963#include <netdb.h> 1964 1965const char *gai_strerror(int); 1966 ]], [[ 1967 char *str; 1968 str = gai_strerror(0); 1969 ]])], [ 1970 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1971 [Define if gai_strerror() returns const char *])], [])]) 1972 1973AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1974 [Some systems put nanosleep outside of libc])]) 1975 1976AC_SEARCH_LIBS([clock_gettime], [rt], 1977 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1978 1979dnl check if we need -D_REENTRANT for localtime_r declaration. 1980AC_CHECK_DECL([localtime_r], [], 1981 [ saved_CPPFLAGS="$CFLAGS" 1982 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 1983 unset ac_cv_have_decl_localtime_r 1984 AC_CHECK_DECL([localtime_r], [], 1985 [ CPPFLAGS="$saved_CPPFLAGS" ], 1986 [ #include <time.h> ] 1987 ) 1988 ], 1989 [ #include <time.h> ] 1990) 1991 1992dnl Make sure prototypes are defined for these before using them. 1993AC_CHECK_DECL([strsep], 1994 [AC_CHECK_FUNCS([strsep])], 1995 [], 1996 [ 1997#ifdef HAVE_STRING_H 1998# include <string.h> 1999#endif 2000 ]) 2001 2002dnl tcsendbreak might be a macro 2003AC_CHECK_DECL([tcsendbreak], 2004 [AC_DEFINE([HAVE_TCSENDBREAK])], 2005 [AC_CHECK_FUNCS([tcsendbreak])], 2006 [#include <termios.h>] 2007) 2008 2009AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2010 2011AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2012 [ 2013#include <sys/types.h> 2014#include <sys/socket.h> 2015#include <unistd.h> 2016 ]) 2017 2018AC_CHECK_DECLS([O_NONBLOCK], , , 2019 [ 2020#include <sys/types.h> 2021#ifdef HAVE_SYS_STAT_H 2022# include <sys/stat.h> 2023#endif 2024#ifdef HAVE_FCNTL_H 2025# include <fcntl.h> 2026#endif 2027 ]) 2028 2029AC_CHECK_DECLS([readv, writev], , , [ 2030#include <sys/types.h> 2031#include <sys/uio.h> 2032#include <unistd.h> 2033 ]) 2034 2035AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2036#include <sys/param.h> 2037 ]) 2038 2039AC_CHECK_DECLS([offsetof], , , [ 2040#include <stddef.h> 2041 ]) 2042 2043# extra bits for select(2) 2044AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2045#include <sys/param.h> 2046#include <sys/types.h> 2047#ifdef HAVE_SYS_SYSMACROS_H 2048#include <sys/sysmacros.h> 2049#endif 2050#ifdef HAVE_SYS_SELECT_H 2051#include <sys/select.h> 2052#endif 2053#ifdef HAVE_SYS_TIME_H 2054#include <sys/time.h> 2055#endif 2056#ifdef HAVE_UNISTD_H 2057#include <unistd.h> 2058#endif 2059 ]]) 2060AC_CHECK_TYPES([fd_mask], [], [], [[ 2061#include <sys/param.h> 2062#include <sys/types.h> 2063#ifdef HAVE_SYS_SELECT_H 2064#include <sys/select.h> 2065#endif 2066#ifdef HAVE_SYS_TIME_H 2067#include <sys/time.h> 2068#endif 2069#ifdef HAVE_UNISTD_H 2070#include <unistd.h> 2071#endif 2072 ]]) 2073 2074AC_CHECK_FUNCS([setresuid], [ 2075 dnl Some platorms have setresuid that isn't implemented, test for this 2076 AC_MSG_CHECKING([if setresuid seems to work]) 2077 AC_RUN_IFELSE( 2078 [AC_LANG_PROGRAM([[ 2079#include <stdlib.h> 2080#include <errno.h> 2081 ]], [[ 2082 errno=0; 2083 setresuid(0,0,0); 2084 if (errno==ENOSYS) 2085 exit(1); 2086 else 2087 exit(0); 2088 ]])], 2089 [AC_MSG_RESULT([yes])], 2090 [AC_DEFINE([BROKEN_SETRESUID], [1], 2091 [Define if your setresuid() is broken]) 2092 AC_MSG_RESULT([not implemented])], 2093 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2094 ) 2095]) 2096 2097AC_CHECK_FUNCS([setresgid], [ 2098 dnl Some platorms have setresgid that isn't implemented, test for this 2099 AC_MSG_CHECKING([if setresgid seems to work]) 2100 AC_RUN_IFELSE( 2101 [AC_LANG_PROGRAM([[ 2102#include <stdlib.h> 2103#include <errno.h> 2104 ]], [[ 2105 errno=0; 2106 setresgid(0,0,0); 2107 if (errno==ENOSYS) 2108 exit(1); 2109 else 2110 exit(0); 2111 ]])], 2112 [AC_MSG_RESULT([yes])], 2113 [AC_DEFINE([BROKEN_SETRESGID], [1], 2114 [Define if your setresgid() is broken]) 2115 AC_MSG_RESULT([not implemented])], 2116 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2117 ) 2118]) 2119 2120AC_MSG_CHECKING([for working fflush(NULL)]) 2121AC_RUN_IFELSE( 2122 [AC_LANG_PROGRAM([[#include <stdio.h>]], [[fflush(NULL); exit(0);]])], 2123 AC_MSG_RESULT([yes]), 2124 [AC_MSG_RESULT([no]) 2125 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2126 [define if fflush(NULL) does not work])], 2127 AC_MSG_WARN([cross compiling: assuming working]) 2128) 2129 2130dnl Checks for time functions 2131AC_CHECK_FUNCS([gettimeofday time]) 2132dnl Checks for utmp functions 2133AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2134AC_CHECK_FUNCS([utmpname]) 2135dnl Checks for utmpx functions 2136AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2137AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2138dnl Checks for lastlog functions 2139AC_CHECK_FUNCS([getlastlogxbyname]) 2140 2141AC_CHECK_FUNC([daemon], 2142 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2143 [AC_CHECK_LIB([bsd], [daemon], 2144 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2145) 2146 2147AC_CHECK_FUNC([getpagesize], 2148 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2149 [Define if your libraries define getpagesize()])], 2150 [AC_CHECK_LIB([ucb], [getpagesize], 2151 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2152) 2153 2154# Check for broken snprintf 2155if test "x$ac_cv_func_snprintf" = "xyes" ; then 2156 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2157 AC_RUN_IFELSE( 2158 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 2159 [[ 2160 char b[5]; 2161 snprintf(b,5,"123456789"); 2162 exit(b[4]!='\0'); 2163 ]])], 2164 [AC_MSG_RESULT([yes])], 2165 [ 2166 AC_MSG_RESULT([no]) 2167 AC_DEFINE([BROKEN_SNPRINTF], [1], 2168 [Define if your snprintf is busted]) 2169 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2170 ], 2171 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2172 ) 2173fi 2174 2175if test "x$ac_cv_func_snprintf" = "xyes" ; then 2176 AC_MSG_CHECKING([whether snprintf understands %zu]) 2177 AC_RUN_IFELSE( 2178 [AC_LANG_PROGRAM([[ 2179#include <sys/types.h> 2180#include <stdio.h> 2181 ]], 2182 [[ 2183 size_t a = 1, b = 2; 2184 char z[128]; 2185 snprintf(z, sizeof z, "%zu%zu", a, b); 2186 exit(strcmp(z, "12")); 2187 ]])], 2188 [AC_MSG_RESULT([yes])], 2189 [ 2190 AC_MSG_RESULT([no]) 2191 AC_DEFINE([BROKEN_SNPRINTF], [1], 2192 [snprintf does not understand %zu]) 2193 ], 2194 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2195 ) 2196fi 2197 2198# We depend on vsnprintf returning the right thing on overflow: the 2199# number of characters it tried to create (as per SUSv3) 2200if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2201 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2202 AC_RUN_IFELSE( 2203 [AC_LANG_PROGRAM([[ 2204#include <sys/types.h> 2205#include <stdio.h> 2206#include <stdarg.h> 2207 2208int x_snprintf(char *str, size_t count, const char *fmt, ...) 2209{ 2210 size_t ret; 2211 va_list ap; 2212 2213 va_start(ap, fmt); 2214 ret = vsnprintf(str, count, fmt, ap); 2215 va_end(ap); 2216 return ret; 2217} 2218 ]], [[ 2219char x[1]; 2220if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2221 return 1; 2222if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2223 return 1; 2224return 0; 2225 ]])], 2226 [AC_MSG_RESULT([yes])], 2227 [ 2228 AC_MSG_RESULT([no]) 2229 AC_DEFINE([BROKEN_SNPRINTF], [1], 2230 [Define if your snprintf is busted]) 2231 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2232 ], 2233 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2234 ) 2235fi 2236 2237# On systems where [v]snprintf is broken, but is declared in stdio, 2238# check that the fmt argument is const char * or just char *. 2239# This is only useful for when BROKEN_SNPRINTF 2240AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2241AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2242#include <stdio.h> 2243int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2244 ]], [[ 2245 snprintf(0, 0, 0); 2246 ]])], 2247 [AC_MSG_RESULT([yes]) 2248 AC_DEFINE([SNPRINTF_CONST], [const], 2249 [Define as const if snprintf() can declare const char *fmt])], 2250 [AC_MSG_RESULT([no]) 2251 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2252 2253# Check for missing getpeereid (or equiv) support 2254NO_PEERCHECK="" 2255if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2256 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2257 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2258#include <sys/types.h> 2259#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2260 [ AC_MSG_RESULT([yes]) 2261 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2262 ], [AC_MSG_RESULT([no]) 2263 NO_PEERCHECK=1 2264 ]) 2265fi 2266 2267dnl see whether mkstemp() requires XXXXXX 2268if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 2269AC_MSG_CHECKING([for (overly) strict mkstemp]) 2270AC_RUN_IFELSE( 2271 [AC_LANG_PROGRAM([[ 2272#include <stdlib.h> 2273 ]], [[ 2274 char template[]="conftest.mkstemp-test"; 2275 if (mkstemp(template) == -1) 2276 exit(1); 2277 unlink(template); 2278 exit(0); 2279 ]])], 2280 [ 2281 AC_MSG_RESULT([no]) 2282 ], 2283 [ 2284 AC_MSG_RESULT([yes]) 2285 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) 2286 ], 2287 [ 2288 AC_MSG_RESULT([yes]) 2289 AC_DEFINE([HAVE_STRICT_MKSTEMP]) 2290 ] 2291) 2292fi 2293 2294dnl make sure that openpty does not reacquire controlling terminal 2295if test ! -z "$check_for_openpty_ctty_bug"; then 2296 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2297 AC_RUN_IFELSE( 2298 [AC_LANG_PROGRAM([[ 2299#include <stdio.h> 2300#include <sys/fcntl.h> 2301#include <sys/types.h> 2302#include <sys/wait.h> 2303 ]], [[ 2304 pid_t pid; 2305 int fd, ptyfd, ttyfd, status; 2306 2307 pid = fork(); 2308 if (pid < 0) { /* failed */ 2309 exit(1); 2310 } else if (pid > 0) { /* parent */ 2311 waitpid(pid, &status, 0); 2312 if (WIFEXITED(status)) 2313 exit(WEXITSTATUS(status)); 2314 else 2315 exit(2); 2316 } else { /* child */ 2317 close(0); close(1); close(2); 2318 setsid(); 2319 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2320 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2321 if (fd >= 0) 2322 exit(3); /* Acquired ctty: broken */ 2323 else 2324 exit(0); /* Did not acquire ctty: OK */ 2325 } 2326 ]])], 2327 [ 2328 AC_MSG_RESULT([yes]) 2329 ], 2330 [ 2331 AC_MSG_RESULT([no]) 2332 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2333 ], 2334 [ 2335 AC_MSG_RESULT([cross-compiling, assuming yes]) 2336 ] 2337 ) 2338fi 2339 2340if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2341 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2342 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2343 AC_RUN_IFELSE( 2344 [AC_LANG_PROGRAM([[ 2345#include <stdio.h> 2346#include <sys/socket.h> 2347#include <netdb.h> 2348#include <errno.h> 2349#include <netinet/in.h> 2350 2351#define TEST_PORT "2222" 2352 ]], [[ 2353 int err, sock; 2354 struct addrinfo *gai_ai, *ai, hints; 2355 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2356 2357 memset(&hints, 0, sizeof(hints)); 2358 hints.ai_family = PF_UNSPEC; 2359 hints.ai_socktype = SOCK_STREAM; 2360 hints.ai_flags = AI_PASSIVE; 2361 2362 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2363 if (err != 0) { 2364 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2365 exit(1); 2366 } 2367 2368 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2369 if (ai->ai_family != AF_INET6) 2370 continue; 2371 2372 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2373 sizeof(ntop), strport, sizeof(strport), 2374 NI_NUMERICHOST|NI_NUMERICSERV); 2375 2376 if (err != 0) { 2377 if (err == EAI_SYSTEM) 2378 perror("getnameinfo EAI_SYSTEM"); 2379 else 2380 fprintf(stderr, "getnameinfo failed: %s\n", 2381 gai_strerror(err)); 2382 exit(2); 2383 } 2384 2385 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2386 if (sock < 0) 2387 perror("socket"); 2388 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2389 if (errno == EBADF) 2390 exit(3); 2391 } 2392 } 2393 exit(0); 2394 ]])], 2395 [ 2396 AC_MSG_RESULT([yes]) 2397 ], 2398 [ 2399 AC_MSG_RESULT([no]) 2400 AC_DEFINE([BROKEN_GETADDRINFO]) 2401 ], 2402 [ 2403 AC_MSG_RESULT([cross-compiling, assuming yes]) 2404 ] 2405 ) 2406fi 2407 2408if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2409 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2410 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2411 AC_RUN_IFELSE( 2412 [AC_LANG_PROGRAM([[ 2413#include <stdio.h> 2414#include <sys/socket.h> 2415#include <netdb.h> 2416#include <errno.h> 2417#include <netinet/in.h> 2418 2419#define TEST_PORT "2222" 2420 ]], [[ 2421 int err, sock; 2422 struct addrinfo *gai_ai, *ai, hints; 2423 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2424 2425 memset(&hints, 0, sizeof(hints)); 2426 hints.ai_family = PF_UNSPEC; 2427 hints.ai_socktype = SOCK_STREAM; 2428 hints.ai_flags = AI_PASSIVE; 2429 2430 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2431 if (err != 0) { 2432 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2433 exit(1); 2434 } 2435 2436 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2437 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2438 continue; 2439 2440 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2441 sizeof(ntop), strport, sizeof(strport), 2442 NI_NUMERICHOST|NI_NUMERICSERV); 2443 2444 if (ai->ai_family == AF_INET && err != 0) { 2445 perror("getnameinfo"); 2446 exit(2); 2447 } 2448 } 2449 exit(0); 2450 ]])], 2451 [ 2452 AC_MSG_RESULT([yes]) 2453 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2454 [Define if you have a getaddrinfo that fails 2455 for the all-zeros IPv6 address]) 2456 ], 2457 [ 2458 AC_MSG_RESULT([no]) 2459 AC_DEFINE([BROKEN_GETADDRINFO]) 2460 ], 2461 [ 2462 AC_MSG_RESULT([cross-compiling, assuming no]) 2463 ] 2464 ) 2465fi 2466 2467if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2468 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2469 [#include <sys/types.h> 2470 #include <sys/socket.h> 2471 #include <netdb.h>]) 2472fi 2473 2474if test "x$check_for_conflicting_getspnam" = "x1"; then 2475 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2476 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]], 2477 [[ exit(0); ]])], 2478 [ 2479 AC_MSG_RESULT([no]) 2480 ], 2481 [ 2482 AC_MSG_RESULT([yes]) 2483 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2484 [Conflicting defs for getspnam]) 2485 ] 2486 ) 2487fi 2488 2489dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2490dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2491dnl for over ten years). Despite this incompatibility being reported during 2492dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2493dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2494dnl implementation. Try to detect this mess, and assume the only safe option 2495dnl if we're cross compiling. 2496dnl 2497dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2498dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2499if test "x$ac_cv_func_strnvis" = "xyes"; then 2500 AC_MSG_CHECKING([for working strnvis]) 2501 AC_RUN_IFELSE( 2502 [AC_LANG_PROGRAM([[ 2503#include <signal.h> 2504#include <stdlib.h> 2505#include <string.h> 2506#include <vis.h> 2507static void sighandler(int sig) { _exit(1); } 2508 ]], [[ 2509 char dst[16]; 2510 2511 signal(SIGSEGV, sighandler); 2512 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2513 exit(0); 2514 exit(1) 2515 ]])], 2516 [AC_MSG_RESULT([yes])], 2517 [AC_MSG_RESULT([no]) 2518 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2519 [AC_MSG_WARN([cross compiling: assuming broken]) 2520 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2521 ) 2522fi 2523 2524AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2525AC_RUN_IFELSE( 2526 [AC_LANG_PROGRAM([[ 2527#ifdef HAVE_SYS_SELECT 2528# include <sys/select.h> 2529#endif 2530#include <sys/types.h> 2531#include <sys/time.h> 2532#include <stdlib.h> 2533#include <signal.h> 2534static void sighandler(int sig) { } 2535 ]], [[ 2536 int r; 2537 pid_t pid; 2538 struct sigaction sa; 2539 2540 sa.sa_handler = sighandler; 2541 sa.sa_flags = SA_RESTART; 2542 (void)sigaction(SIGTERM, &sa, NULL); 2543 if ((pid = fork()) == 0) { /* child */ 2544 pid = getppid(); 2545 sleep(1); 2546 kill(pid, SIGTERM); 2547 sleep(1); 2548 if (getppid() == pid) /* if parent did not exit, shoot it */ 2549 kill(pid, SIGKILL); 2550 exit(0); 2551 } else { /* parent */ 2552 r = select(0, NULL, NULL, NULL, NULL); 2553 } 2554 exit(r == -1 ? 0 : 1); 2555 ]])], 2556 [AC_MSG_RESULT([yes])], 2557 [AC_MSG_RESULT([no]) 2558 AC_DEFINE([NO_SA_RESTART], [1], 2559 [SA_RESTARTed signals do no interrupt select])], 2560 [AC_MSG_WARN([cross compiling: assuming yes])] 2561) 2562 2563AC_CHECK_FUNCS([getpgrp],[ 2564 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2565 AC_COMPILE_IFELSE( 2566 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2567 [ AC_MSG_RESULT([yes]) 2568 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2569 [ AC_MSG_RESULT([no]) 2570 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2571 ) 2572]) 2573 2574# Search for OpenSSL 2575saved_CPPFLAGS="$CPPFLAGS" 2576saved_LDFLAGS="$LDFLAGS" 2577AC_ARG_WITH([ssl-dir], 2578 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2579 [ 2580 if test "x$openssl" = "xno" ; then 2581 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2582 fi 2583 if test "x$withval" != "xno" ; then 2584 case "$withval" in 2585 # Relative paths 2586 ./*|../*) withval="`pwd`/$withval" 2587 esac 2588 if test -d "$withval/lib"; then 2589 if test -n "${rpath_opt}"; then 2590 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 2591 else 2592 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2593 fi 2594 elif test -d "$withval/lib64"; then 2595 if test -n "${rpath_opt}"; then 2596 LDFLAGS="-L${withval}/lib64 ${rpath_opt}${withval}/lib64 ${LDFLAGS}" 2597 else 2598 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2599 fi 2600 else 2601 if test -n "${rpath_opt}"; then 2602 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 2603 else 2604 LDFLAGS="-L${withval} ${LDFLAGS}" 2605 fi 2606 fi 2607 if test -d "$withval/include"; then 2608 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2609 else 2610 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2611 fi 2612 fi 2613 ] 2614) 2615 2616AC_ARG_WITH([openssl-header-check], 2617 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2618 [ 2619 if test "x$withval" = "xno" ; then 2620 openssl_check_nonfatal=1 2621 fi 2622 ] 2623) 2624 2625openssl_engine=no 2626AC_ARG_WITH([ssl-engine], 2627 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2628 [ 2629 if test "x$withval" != "xno" ; then 2630 if test "x$openssl" = "xno" ; then 2631 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2632 fi 2633 openssl_engine=yes 2634 fi 2635 ] 2636) 2637 2638if test "x$openssl" = "xyes" ; then 2639 LIBS="-lcrypto $LIBS" 2640 AC_TRY_LINK_FUNC([RAND_add], , 2641 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2642 AC_CHECK_HEADER([openssl/opensslv.h], , 2643 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2644 2645 # Determine OpenSSL header version 2646 AC_MSG_CHECKING([OpenSSL header version]) 2647 AC_RUN_IFELSE( 2648 [AC_LANG_PROGRAM([[ 2649 #include <stdlib.h> 2650 #include <stdio.h> 2651 #include <string.h> 2652 #include <openssl/opensslv.h> 2653 #define DATA "conftest.sslincver" 2654 ]], [[ 2655 FILE *fd; 2656 int rc; 2657 2658 fd = fopen(DATA,"w"); 2659 if(fd == NULL) 2660 exit(1); 2661 2662 if ((rc = fprintf(fd, "%08lx (%s)\n", 2663 (unsigned long)OPENSSL_VERSION_NUMBER, 2664 OPENSSL_VERSION_TEXT)) < 0) 2665 exit(1); 2666 2667 exit(0); 2668 ]])], 2669 [ 2670 ssl_header_ver=`cat conftest.sslincver` 2671 AC_MSG_RESULT([$ssl_header_ver]) 2672 ], 2673 [ 2674 AC_MSG_RESULT([not found]) 2675 AC_MSG_ERROR([OpenSSL version header not found.]) 2676 ], 2677 [ 2678 AC_MSG_WARN([cross compiling: not checking]) 2679 ] 2680 ) 2681 2682 # Determining OpenSSL library version is version dependent. 2683 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2684 2685 # Determine OpenSSL library version 2686 AC_MSG_CHECKING([OpenSSL library version]) 2687 AC_RUN_IFELSE( 2688 [AC_LANG_PROGRAM([[ 2689 #include <stdio.h> 2690 #include <string.h> 2691 #include <openssl/opensslv.h> 2692 #include <openssl/crypto.h> 2693 #define DATA "conftest.ssllibver" 2694 ]], [[ 2695 FILE *fd; 2696 int rc; 2697 2698 fd = fopen(DATA,"w"); 2699 if(fd == NULL) 2700 exit(1); 2701#ifndef OPENSSL_VERSION 2702# define OPENSSL_VERSION SSLEAY_VERSION 2703#endif 2704#ifndef HAVE_OPENSSL_VERSION 2705# define OpenSSL_version SSLeay_version 2706#endif 2707#ifndef HAVE_OPENSSL_VERSION_NUM 2708# define OpenSSL_version_num SSLeay 2709#endif 2710 if ((rc = fprintf(fd, "%08lx (%s)\n", 2711 (unsigned long)OpenSSL_version_num(), 2712 OpenSSL_version(OPENSSL_VERSION))) < 0) 2713 exit(1); 2714 2715 exit(0); 2716 ]])], 2717 [ 2718 ssl_library_ver=`cat conftest.ssllibver` 2719 # Check version is supported. 2720 case "$ssl_library_ver" in 2721 10000*|0*) 2722 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2723 ;; 2724 100*) ;; # 1.0.x 2725 101000[[0123456]]*) 2726 # https://github.com/openssl/openssl/pull/4613 2727 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) 2728 ;; 2729 101*) ;; # 1.1.x 2730 200*) ;; # LibreSSL 2731 300*) ;; # OpenSSL development branch. 2732 *) 2733 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) 2734 ;; 2735 esac 2736 AC_MSG_RESULT([$ssl_library_ver]) 2737 ], 2738 [ 2739 AC_MSG_RESULT([not found]) 2740 AC_MSG_ERROR([OpenSSL library not found.]) 2741 ], 2742 [ 2743 AC_MSG_WARN([cross compiling: not checking]) 2744 ] 2745 ) 2746 2747 # Sanity check OpenSSL headers 2748 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2749 AC_RUN_IFELSE( 2750 [AC_LANG_PROGRAM([[ 2751 #include <string.h> 2752 #include <openssl/opensslv.h> 2753 #include <openssl/crypto.h> 2754 ]], [[ 2755#ifndef HAVE_OPENSSL_VERSION_NUM 2756# define OpenSSL_version_num SSLeay 2757#endif 2758 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2759 ]])], 2760 [ 2761 AC_MSG_RESULT([yes]) 2762 ], 2763 [ 2764 AC_MSG_RESULT([no]) 2765 if test "x$openssl_check_nonfatal" = "x"; then 2766 AC_MSG_ERROR([Your OpenSSL headers do not match your 2767 library. Check config.log for details. 2768 If you are sure your installation is consistent, you can disable the check 2769 by running "./configure --without-openssl-header-check". 2770 Also see contrib/findssl.sh for help identifying header/library mismatches. 2771 ]) 2772 else 2773 AC_MSG_WARN([Your OpenSSL headers do not match your 2774 library. Check config.log for details. 2775 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2776 fi 2777 ], 2778 [ 2779 AC_MSG_WARN([cross compiling: not checking]) 2780 ] 2781 ) 2782 2783 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2784 AC_LINK_IFELSE( 2785 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2786 [[ ERR_load_crypto_strings(); ]])], 2787 [ 2788 AC_MSG_RESULT([yes]) 2789 ], 2790 [ 2791 AC_MSG_RESULT([no]) 2792 saved_LIBS="$LIBS" 2793 LIBS="$LIBS -ldl" 2794 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2795 AC_LINK_IFELSE( 2796 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2797 [[ ERR_load_crypto_strings(); ]])], 2798 [ 2799 AC_MSG_RESULT([yes]) 2800 ], 2801 [ 2802 AC_MSG_RESULT([no]) 2803 LIBS="$saved_LIBS" 2804 ] 2805 ) 2806 ] 2807 ) 2808 2809 AC_CHECK_FUNCS([ \ 2810 BN_is_prime_ex \ 2811 DSA_generate_parameters_ex \ 2812 EVP_CIPHER_CTX_ctrl \ 2813 EVP_DigestFinal_ex \ 2814 EVP_DigestInit_ex \ 2815 EVP_MD_CTX_cleanup \ 2816 EVP_MD_CTX_copy_ex \ 2817 EVP_MD_CTX_init \ 2818 HMAC_CTX_init \ 2819 RSA_generate_key_ex \ 2820 RSA_get_default_method \ 2821 ]) 2822 2823 # OpenSSL_add_all_algorithms may be a macro. 2824 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 2825 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 2826 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 2827 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 2828 [[#include <openssl/evp.h>]] 2829 ) 2830 ) 2831 2832 # LibreSSL/OpenSSL 1.1x API 2833 AC_CHECK_FUNCS([ \ 2834 OPENSSL_init_crypto \ 2835 DH_get0_key \ 2836 DH_get0_pqg \ 2837 DH_set0_key \ 2838 DH_set_length \ 2839 DH_set0_pqg \ 2840 DSA_get0_key \ 2841 DSA_get0_pqg \ 2842 DSA_set0_key \ 2843 DSA_set0_pqg \ 2844 DSA_SIG_get0 \ 2845 DSA_SIG_set0 \ 2846 ECDSA_SIG_get0 \ 2847 ECDSA_SIG_set0 \ 2848 EVP_CIPHER_CTX_iv \ 2849 EVP_CIPHER_CTX_iv_noconst \ 2850 EVP_CIPHER_CTX_get_iv \ 2851 EVP_CIPHER_CTX_set_iv \ 2852 RSA_get0_crt_params \ 2853 RSA_get0_factors \ 2854 RSA_get0_key \ 2855 RSA_set0_crt_params \ 2856 RSA_set0_factors \ 2857 RSA_set0_key \ 2858 RSA_meth_free \ 2859 RSA_meth_dup \ 2860 RSA_meth_set1_name \ 2861 RSA_meth_get_finish \ 2862 RSA_meth_set_priv_enc \ 2863 RSA_meth_set_priv_dec \ 2864 RSA_meth_set_finish \ 2865 EVP_PKEY_get0_RSA \ 2866 EVP_MD_CTX_new \ 2867 EVP_MD_CTX_free \ 2868 EVP_chacha20 \ 2869 ]) 2870 2871 if test "x$openssl_engine" = "xyes" ; then 2872 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2873 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2874 #include <openssl/engine.h> 2875 ]], [[ 2876 ENGINE_load_builtin_engines(); 2877 ENGINE_register_all_complete(); 2878 ]])], 2879 [ AC_MSG_RESULT([yes]) 2880 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2881 [Enable OpenSSL engine support]) 2882 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2883 ]) 2884 fi 2885 2886 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2887 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2888 AC_LINK_IFELSE( 2889 [AC_LANG_PROGRAM([[ 2890 #include <string.h> 2891 #include <openssl/evp.h> 2892 ]], [[ 2893 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2894 ]])], 2895 [ 2896 AC_MSG_RESULT([no]) 2897 ], 2898 [ 2899 AC_MSG_RESULT([yes]) 2900 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2901 [libcrypto is missing AES 192 and 256 bit functions]) 2902 ] 2903 ) 2904 2905 # Check for OpenSSL with EVP_aes_*ctr 2906 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2907 AC_LINK_IFELSE( 2908 [AC_LANG_PROGRAM([[ 2909 #include <string.h> 2910 #include <openssl/evp.h> 2911 ]], [[ 2912 exit(EVP_aes_128_ctr() == NULL || 2913 EVP_aes_192_cbc() == NULL || 2914 EVP_aes_256_cbc() == NULL); 2915 ]])], 2916 [ 2917 AC_MSG_RESULT([yes]) 2918 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2919 [libcrypto has EVP AES CTR]) 2920 ], 2921 [ 2922 AC_MSG_RESULT([no]) 2923 ] 2924 ) 2925 2926 # Check for OpenSSL with EVP_aes_*gcm 2927 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2928 AC_LINK_IFELSE( 2929 [AC_LANG_PROGRAM([[ 2930 #include <string.h> 2931 #include <openssl/evp.h> 2932 ]], [[ 2933 exit(EVP_aes_128_gcm() == NULL || 2934 EVP_aes_256_gcm() == NULL || 2935 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2936 EVP_CTRL_GCM_IV_GEN == 0 || 2937 EVP_CTRL_GCM_SET_TAG == 0 || 2938 EVP_CTRL_GCM_GET_TAG == 0 || 2939 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2940 ]])], 2941 [ 2942 AC_MSG_RESULT([yes]) 2943 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2944 [libcrypto has EVP AES GCM]) 2945 ], 2946 [ 2947 AC_MSG_RESULT([no]) 2948 unsupported_algorithms="$unsupported_cipers \ 2949 aes128-gcm@openssh.com \ 2950 aes256-gcm@openssh.com" 2951 ] 2952 ) 2953 2954 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2955 AC_LINK_IFELSE( 2956 [AC_LANG_PROGRAM([[ 2957 #include <string.h> 2958 #include <openssl/evp.h> 2959 ]], [[ 2960 if(EVP_DigestUpdate(NULL, NULL,0)) 2961 exit(0); 2962 ]])], 2963 [ 2964 AC_MSG_RESULT([yes]) 2965 ], 2966 [ 2967 AC_MSG_RESULT([no]) 2968 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2969 [Define if EVP_DigestUpdate returns void]) 2970 ] 2971 ) 2972 2973 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2974 # because the system crypt() is more featureful. 2975 if test "x$check_for_libcrypt_before" = "x1"; then 2976 AC_CHECK_LIB([crypt], [crypt]) 2977 fi 2978 2979 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2980 # version in OpenSSL. 2981 if test "x$check_for_libcrypt_later" = "x1"; then 2982 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2983 fi 2984 AC_CHECK_FUNCS([crypt DES_crypt]) 2985 2986 # Check for SHA256, SHA384 and SHA512 support in OpenSSL 2987 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) 2988 2989 # Check complete ECC support in OpenSSL 2990 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 2991 AC_LINK_IFELSE( 2992 [AC_LANG_PROGRAM([[ 2993 #include <openssl/ec.h> 2994 #include <openssl/ecdh.h> 2995 #include <openssl/ecdsa.h> 2996 #include <openssl/evp.h> 2997 #include <openssl/objects.h> 2998 #include <openssl/opensslv.h> 2999 ]], [[ 3000 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3001 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3002 ]])], 3003 [ AC_MSG_RESULT([yes]) 3004 enable_nistp256=1 ], 3005 [ AC_MSG_RESULT([no]) ] 3006 ) 3007 3008 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3009 AC_LINK_IFELSE( 3010 [AC_LANG_PROGRAM([[ 3011 #include <openssl/ec.h> 3012 #include <openssl/ecdh.h> 3013 #include <openssl/ecdsa.h> 3014 #include <openssl/evp.h> 3015 #include <openssl/objects.h> 3016 #include <openssl/opensslv.h> 3017 ]], [[ 3018 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3019 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3020 ]])], 3021 [ AC_MSG_RESULT([yes]) 3022 enable_nistp384=1 ], 3023 [ AC_MSG_RESULT([no]) ] 3024 ) 3025 3026 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3027 AC_LINK_IFELSE( 3028 [AC_LANG_PROGRAM([[ 3029 #include <openssl/ec.h> 3030 #include <openssl/ecdh.h> 3031 #include <openssl/ecdsa.h> 3032 #include <openssl/evp.h> 3033 #include <openssl/objects.h> 3034 #include <openssl/opensslv.h> 3035 ]], [[ 3036 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3037 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3038 ]])], 3039 [ AC_MSG_RESULT([yes]) 3040 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3041 AC_RUN_IFELSE( 3042 [AC_LANG_PROGRAM([[ 3043 #include <openssl/ec.h> 3044 #include <openssl/ecdh.h> 3045 #include <openssl/ecdsa.h> 3046 #include <openssl/evp.h> 3047 #include <openssl/objects.h> 3048 #include <openssl/opensslv.h> 3049 ]],[[ 3050 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3051 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3052 exit(e == NULL || m == NULL); 3053 ]])], 3054 [ AC_MSG_RESULT([yes]) 3055 enable_nistp521=1 ], 3056 [ AC_MSG_RESULT([no]) ], 3057 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3058 enable_nistp521=1 ] 3059 )], 3060 AC_MSG_RESULT([no]) 3061 ) 3062 3063 COMMENT_OUT_ECC="#no ecc#" 3064 TEST_SSH_ECC=no 3065 3066 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3067 test x$enable_nistp521 = x1; then 3068 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3069 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3070 openssl_ecc=yes 3071 else 3072 openssl_ecc=no 3073 fi 3074 if test x$enable_nistp256 = x1; then 3075 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3076 [libcrypto has NID_X9_62_prime256v1]) 3077 TEST_SSH_ECC=yes 3078 COMMENT_OUT_ECC="" 3079 else 3080 unsupported_algorithms="$unsupported_algorithms \ 3081 ecdsa-sha2-nistp256 \ 3082 ecdh-sha2-nistp256 \ 3083 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3084 fi 3085 if test x$enable_nistp384 = x1; then 3086 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3087 TEST_SSH_ECC=yes 3088 COMMENT_OUT_ECC="" 3089 else 3090 unsupported_algorithms="$unsupported_algorithms \ 3091 ecdsa-sha2-nistp384 \ 3092 ecdh-sha2-nistp384 \ 3093 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3094 fi 3095 if test x$enable_nistp521 = x1; then 3096 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3097 TEST_SSH_ECC=yes 3098 COMMENT_OUT_ECC="" 3099 else 3100 unsupported_algorithms="$unsupported_algorithms \ 3101 ecdh-sha2-nistp521 \ 3102 ecdsa-sha2-nistp521 \ 3103 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3104 fi 3105 3106 AC_SUBST([TEST_SSH_ECC]) 3107 AC_SUBST([COMMENT_OUT_ECC]) 3108else 3109 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3110 AC_CHECK_FUNCS([crypt]) 3111fi 3112 3113# PKCS11/U2F depend on OpenSSL and dlopen(). 3114enable_pkcs11=yes 3115enable_sk=yes 3116if test "x$openssl" != "xyes" ; then 3117 enable_pkcs11="disabled; missing libcrypto" 3118 enable_sk="disabled; missing libcrypto" 3119fi 3120if test "x$openssl_ecc" != "xyes" ; then 3121 enable_sk="disabled; OpenSSL has no ECC support" 3122fi 3123if test "x$ac_cv_func_dlopen" != "xyes" ; then 3124 enable_pkcs11="disabled; missing dlopen(3)" 3125 enable_sk="disabled; missing dlopen(3)" 3126fi 3127if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3128 enable_pkcs11="disabled; missing RTLD_NOW" 3129 enable_sk="disabled; missing RTLD_NOW" 3130fi 3131if test ! -z "$disable_pkcs11" ; then 3132 enable_pkcs11="disabled by user" 3133fi 3134if test ! -z "$disable_sk" ; then 3135 enable_sk="disabled by user" 3136fi 3137 3138AC_MSG_CHECKING([whether to enable PKCS11]) 3139if test "x$enable_pkcs11" = "xyes" ; then 3140 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3141fi 3142AC_MSG_RESULT([$enable_pkcs11]) 3143 3144AC_MSG_CHECKING([whether to enable U2F]) 3145if test "x$enable_sk" = "xyes" ; then 3146 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3147 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3148else 3149 # Do not try to build sk-dummy library. 3150 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3151fi 3152AC_MSG_RESULT([$enable_sk]) 3153 3154# Now check for built-in security key support. 3155if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then 3156 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 3157 use_pkgconfig_for_libfido2= 3158 if test "x$PKGCONFIG" != "xno"; then 3159 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3160 if "$PKGCONFIG" libfido2; then 3161 AC_MSG_RESULT([yes]) 3162 use_pkgconfig_for_libfido2=yes 3163 else 3164 AC_MSG_RESULT([no]) 3165 fi 3166 fi 3167 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3168 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3169 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3170 else 3171 LIBFIDO2="-lfido2 -lcbor" 3172 fi 3173 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3174 AC_CHECK_LIB([fido2], [fido_init], 3175 [ 3176 AC_SUBST([LIBFIDO2]) 3177 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3178 [Enable for built-in U2F/FIDO support]) 3179 enable_sk="built-in" 3180 ], [ AC_MSG_ERROR([no usable libfido2 found]) ], 3181 [ $OTHERLIBS ] 3182 ) 3183 saved_LIBS="$LIBS" 3184 LIBS="$LIBS $LIBFIDO2" 3185 AC_CHECK_FUNCS([ \ 3186 fido_cred_prot \ 3187 fido_cred_set_prot \ 3188 fido_dev_get_touch_begin \ 3189 fido_dev_get_touch_status \ 3190 fido_dev_supports_cred_prot \ 3191 ]) 3192 LIBS="$saved_LIBS" 3193 AC_CHECK_HEADER([fido.h], [], 3194 AC_MSG_ERROR([missing fido.h from libfido2])) 3195 AC_CHECK_HEADER([fido/credman.h], [], 3196 AC_MSG_ERROR([missing fido/credman.h from libfido2]), 3197 [#include <fido.h>] 3198 ) 3199fi 3200 3201AC_CHECK_FUNCS([ \ 3202 arc4random \ 3203 arc4random_buf \ 3204 arc4random_stir \ 3205 arc4random_uniform \ 3206]) 3207 3208saved_LIBS="$LIBS" 3209AC_CHECK_LIB([iaf], [ia_openinfo], [ 3210 LIBS="$LIBS -liaf" 3211 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3212 AC_DEFINE([HAVE_LIBIAF], [1], 3213 [Define if system has libiaf that supports set_id]) 3214 ]) 3215]) 3216LIBS="$saved_LIBS" 3217 3218### Configure cryptographic random number support 3219 3220# Check whether OpenSSL seeds itself 3221if test "x$openssl" = "xyes" ; then 3222 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3223 AC_RUN_IFELSE( 3224 [AC_LANG_PROGRAM([[ 3225 #include <string.h> 3226 #include <openssl/rand.h> 3227 ]], [[ 3228 exit(RAND_status() == 1 ? 0 : 1); 3229 ]])], 3230 [ 3231 OPENSSL_SEEDS_ITSELF=yes 3232 AC_MSG_RESULT([yes]) 3233 ], 3234 [ 3235 AC_MSG_RESULT([no]) 3236 ], 3237 [ 3238 AC_MSG_WARN([cross compiling: assuming yes]) 3239 # This is safe, since we will fatal() at runtime if 3240 # OpenSSL is not seeded correctly. 3241 OPENSSL_SEEDS_ITSELF=yes 3242 ] 3243 ) 3244fi 3245 3246# PRNGD TCP socket 3247AC_ARG_WITH([prngd-port], 3248 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3249 [ 3250 case "$withval" in 3251 no) 3252 withval="" 3253 ;; 3254 [[0-9]]*) 3255 ;; 3256 *) 3257 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3258 ;; 3259 esac 3260 if test ! -z "$withval" ; then 3261 PRNGD_PORT="$withval" 3262 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3263 [Port number of PRNGD/EGD random number socket]) 3264 fi 3265 ] 3266) 3267 3268# PRNGD Unix domain socket 3269AC_ARG_WITH([prngd-socket], 3270 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3271 [ 3272 case "$withval" in 3273 yes) 3274 withval="/var/run/egd-pool" 3275 ;; 3276 no) 3277 withval="" 3278 ;; 3279 /*) 3280 ;; 3281 *) 3282 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3283 ;; 3284 esac 3285 3286 if test ! -z "$withval" ; then 3287 if test ! -z "$PRNGD_PORT" ; then 3288 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3289 fi 3290 if test ! -r "$withval" ; then 3291 AC_MSG_WARN([Entropy socket is not readable]) 3292 fi 3293 PRNGD_SOCKET="$withval" 3294 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3295 [Location of PRNGD/EGD random number socket]) 3296 fi 3297 ], 3298 [ 3299 # Check for existing socket only if we don't have a random device already 3300 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3301 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3302 # Insert other locations here 3303 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3304 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3305 PRNGD_SOCKET="$sock" 3306 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3307 break; 3308 fi 3309 done 3310 if test ! -z "$PRNGD_SOCKET" ; then 3311 AC_MSG_RESULT([$PRNGD_SOCKET]) 3312 else 3313 AC_MSG_RESULT([not found]) 3314 fi 3315 fi 3316 ] 3317) 3318 3319# Which randomness source do we use? 3320if test ! -z "$PRNGD_PORT" ; then 3321 RAND_MSG="PRNGd port $PRNGD_PORT" 3322elif test ! -z "$PRNGD_SOCKET" ; then 3323 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3324elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3325 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3326 [Define if you want the OpenSSL internally seeded PRNG only]) 3327 RAND_MSG="OpenSSL internal ONLY" 3328elif test "x$openssl" = "xno" ; then 3329 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3330else 3331 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3332fi 3333 3334# Check for PAM libs 3335PAM_MSG="no" 3336AC_ARG_WITH([pam], 3337 [ --with-pam Enable PAM support ], 3338 [ 3339 if test "x$withval" != "xno" ; then 3340 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3341 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3342 AC_MSG_ERROR([PAM headers not found]) 3343 fi 3344 3345 saved_LIBS="$LIBS" 3346 AC_CHECK_LIB([dl], [dlopen], , ) 3347 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3348 AC_CHECK_FUNCS([pam_getenvlist]) 3349 AC_CHECK_FUNCS([pam_putenv]) 3350 LIBS="$saved_LIBS" 3351 3352 PAM_MSG="yes" 3353 3354 SSHDLIBS="$SSHDLIBS -lpam" 3355 AC_DEFINE([USE_PAM], [1], 3356 [Define if you want to enable PAM support]) 3357 3358 if test $ac_cv_lib_dl_dlopen = yes; then 3359 case "$LIBS" in 3360 *-ldl*) 3361 # libdl already in LIBS 3362 ;; 3363 *) 3364 SSHDLIBS="$SSHDLIBS -ldl" 3365 ;; 3366 esac 3367 fi 3368 fi 3369 ] 3370) 3371 3372AC_ARG_WITH([pam-service], 3373 [ --with-pam-service=name Specify PAM service name ], 3374 [ 3375 if test "x$withval" != "xno" && \ 3376 test "x$withval" != "xyes" ; then 3377 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3378 ["$withval"], [sshd PAM service name]) 3379 fi 3380 ] 3381) 3382 3383# Check for older PAM 3384if test "x$PAM_MSG" = "xyes" ; then 3385 # Check PAM strerror arguments (old PAM) 3386 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3387 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3388#include <stdlib.h> 3389#if defined(HAVE_SECURITY_PAM_APPL_H) 3390#include <security/pam_appl.h> 3391#elif defined (HAVE_PAM_PAM_APPL_H) 3392#include <pam/pam_appl.h> 3393#endif 3394 ]], [[ 3395(void)pam_strerror((pam_handle_t *)NULL, -1); 3396 ]])], [AC_MSG_RESULT([no])], [ 3397 AC_DEFINE([HAVE_OLD_PAM], [1], 3398 [Define if you have an old version of PAM 3399 which takes only one argument to pam_strerror]) 3400 AC_MSG_RESULT([yes]) 3401 PAM_MSG="yes (old library)" 3402 3403 ]) 3404fi 3405 3406case "$host" in 3407*-*-cygwin*) 3408 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3409 ;; 3410*) 3411 SSH_PRIVSEP_USER=sshd 3412 ;; 3413esac 3414AC_ARG_WITH([privsep-user], 3415 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3416 [ 3417 if test -n "$withval" && test "x$withval" != "xno" && \ 3418 test "x${withval}" != "xyes"; then 3419 SSH_PRIVSEP_USER=$withval 3420 fi 3421 ] 3422) 3423if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3424 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3425 [Cygwin function to fetch non-privileged user for privilege separation]) 3426else 3427 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3428 [non-privileged user for privilege separation]) 3429fi 3430AC_SUBST([SSH_PRIVSEP_USER]) 3431 3432if test "x$have_linux_no_new_privs" = "x1" ; then 3433AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3434 #include <sys/types.h> 3435 #include <linux/seccomp.h> 3436]) 3437fi 3438if test "x$have_seccomp_filter" = "x1" ; then 3439AC_MSG_CHECKING([kernel for seccomp_filter support]) 3440AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3441 #include <errno.h> 3442 #include <elf.h> 3443 #include <linux/audit.h> 3444 #include <linux/seccomp.h> 3445 #include <stdlib.h> 3446 #include <sys/prctl.h> 3447 ]], 3448 [[ int i = $seccomp_audit_arch; 3449 errno = 0; 3450 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3451 exit(errno == EFAULT ? 0 : 1); ]])], 3452 [ AC_MSG_RESULT([yes]) ], [ 3453 AC_MSG_RESULT([no]) 3454 # Disable seccomp filter as a target 3455 have_seccomp_filter=0 3456 ] 3457) 3458fi 3459 3460# Decide which sandbox style to use 3461sandbox_arg="" 3462AC_ARG_WITH([sandbox], 3463 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3464 [ 3465 if test "x$withval" = "xyes" ; then 3466 sandbox_arg="" 3467 else 3468 sandbox_arg="$withval" 3469 fi 3470 ] 3471) 3472 3473# Some platforms (seems to be the ones that have a kernel poll(2)-type 3474# function with which they implement select(2)) use an extra file descriptor 3475# when calling select(2), which means we can't use the rlimit sandbox. 3476AC_MSG_CHECKING([if select works with descriptor rlimit]) 3477AC_RUN_IFELSE( 3478 [AC_LANG_PROGRAM([[ 3479#include <sys/types.h> 3480#ifdef HAVE_SYS_TIME_H 3481# include <sys/time.h> 3482#endif 3483#include <sys/resource.h> 3484#ifdef HAVE_SYS_SELECT_H 3485# include <sys/select.h> 3486#endif 3487#include <errno.h> 3488#include <fcntl.h> 3489#include <stdlib.h> 3490 ]],[[ 3491 struct rlimit rl_zero; 3492 int fd, r; 3493 fd_set fds; 3494 struct timeval tv; 3495 3496 fd = open("/dev/null", O_RDONLY); 3497 FD_ZERO(&fds); 3498 FD_SET(fd, &fds); 3499 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3500 setrlimit(RLIMIT_FSIZE, &rl_zero); 3501 setrlimit(RLIMIT_NOFILE, &rl_zero); 3502 tv.tv_sec = 1; 3503 tv.tv_usec = 0; 3504 r = select(fd+1, &fds, NULL, NULL, &tv); 3505 exit (r == -1 ? 1 : 0); 3506 ]])], 3507 [AC_MSG_RESULT([yes]) 3508 select_works_with_rlimit=yes], 3509 [AC_MSG_RESULT([no]) 3510 select_works_with_rlimit=no], 3511 [AC_MSG_WARN([cross compiling: assuming yes]) 3512 select_works_with_rlimit=yes] 3513) 3514 3515AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3516AC_RUN_IFELSE( 3517 [AC_LANG_PROGRAM([[ 3518#include <sys/types.h> 3519#ifdef HAVE_SYS_TIME_H 3520# include <sys/time.h> 3521#endif 3522#include <sys/resource.h> 3523#include <errno.h> 3524#include <stdlib.h> 3525 ]],[[ 3526 struct rlimit rl_zero; 3527 int r; 3528 3529 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3530 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3531 exit (r == -1 ? 1 : 0); 3532 ]])], 3533 [AC_MSG_RESULT([yes]) 3534 rlimit_nofile_zero_works=yes], 3535 [AC_MSG_RESULT([no]) 3536 rlimit_nofile_zero_works=no], 3537 [AC_MSG_WARN([cross compiling: assuming yes]) 3538 rlimit_nofile_zero_works=yes] 3539) 3540 3541AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3542AC_RUN_IFELSE( 3543 [AC_LANG_PROGRAM([[ 3544#include <sys/types.h> 3545#include <sys/resource.h> 3546#include <stdlib.h> 3547 ]],[[ 3548 struct rlimit rl_zero; 3549 3550 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3551 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3552 ]])], 3553 [AC_MSG_RESULT([yes])], 3554 [AC_MSG_RESULT([no]) 3555 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3556 [setrlimit RLIMIT_FSIZE works])], 3557 [AC_MSG_WARN([cross compiling: assuming yes])] 3558) 3559 3560if test "x$sandbox_arg" = "xpledge" || \ 3561 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3562 test "x$ac_cv_func_pledge" != "xyes" && \ 3563 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3564 SANDBOX_STYLE="pledge" 3565 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3566elif test "x$sandbox_arg" = "xsystrace" || \ 3567 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3568 test "x$have_systr_policy_kill" != "x1" && \ 3569 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3570 SANDBOX_STYLE="systrace" 3571 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3572elif test "x$sandbox_arg" = "xdarwin" || \ 3573 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3574 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3575 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3576 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3577 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3578 SANDBOX_STYLE="darwin" 3579 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3580elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3581 ( test -z "$sandbox_arg" && \ 3582 test "x$have_seccomp_filter" = "x1" && \ 3583 test "x$ac_cv_header_elf_h" = "xyes" && \ 3584 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3585 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3586 test "x$seccomp_audit_arch" != "x" && \ 3587 test "x$have_linux_no_new_privs" = "x1" && \ 3588 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3589 test "x$seccomp_audit_arch" = "x" && \ 3590 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3591 test "x$have_linux_no_new_privs" != "x1" && \ 3592 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3593 test "x$have_seccomp_filter" != "x1" && \ 3594 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3595 test "x$ac_cv_func_prctl" != "xyes" && \ 3596 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3597 SANDBOX_STYLE="seccomp_filter" 3598 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3599elif test "x$sandbox_arg" = "xcapsicum" || \ 3600 ( test -z "$sandbox_arg" && \ 3601 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3602 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3603 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3604 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3605 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3606 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3607 SANDBOX_STYLE="capsicum" 3608 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3609elif test "x$sandbox_arg" = "xrlimit" || \ 3610 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3611 test "x$select_works_with_rlimit" = "xyes" && \ 3612 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3613 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3614 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3615 test "x$select_works_with_rlimit" != "xyes" && \ 3616 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3617 SANDBOX_STYLE="rlimit" 3618 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3619elif test "x$sandbox_arg" = "xsolaris" || \ 3620 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3621 SANDBOX_STYLE="solaris" 3622 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3623elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3624 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3625 SANDBOX_STYLE="none" 3626 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3627else 3628 AC_MSG_ERROR([unsupported --with-sandbox]) 3629fi 3630 3631# Cheap hack to ensure NEWS-OS libraries are arranged right. 3632if test ! -z "$SONY" ; then 3633 LIBS="$LIBS -liberty"; 3634fi 3635 3636# Check for long long datatypes 3637AC_CHECK_TYPES([long long, unsigned long long, long double]) 3638 3639# Check datatype sizes 3640AC_CHECK_SIZEOF([short int]) 3641AC_CHECK_SIZEOF([int]) 3642AC_CHECK_SIZEOF([long int]) 3643AC_CHECK_SIZEOF([long long int]) 3644 3645# Sanity check long long for some platforms (AIX) 3646if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3647 ac_cv_sizeof_long_long_int=0 3648fi 3649 3650# compute LLONG_MIN and LLONG_MAX if we don't know them. 3651if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3652 AC_MSG_CHECKING([for max value of long long]) 3653 AC_RUN_IFELSE( 3654 [AC_LANG_PROGRAM([[ 3655#include <stdio.h> 3656/* Why is this so damn hard? */ 3657#ifdef __GNUC__ 3658# undef __GNUC__ 3659#endif 3660#define __USE_ISOC99 3661#include <limits.h> 3662#define DATA "conftest.llminmax" 3663#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3664 3665/* 3666 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3667 * we do this the hard way. 3668 */ 3669static int 3670fprint_ll(FILE *f, long long n) 3671{ 3672 unsigned int i; 3673 int l[sizeof(long long) * 8]; 3674 3675 if (n < 0) 3676 if (fprintf(f, "-") < 0) 3677 return -1; 3678 for (i = 0; n != 0; i++) { 3679 l[i] = my_abs(n % 10); 3680 n /= 10; 3681 } 3682 do { 3683 if (fprintf(f, "%d", l[--i]) < 0) 3684 return -1; 3685 } while (i != 0); 3686 if (fprintf(f, " ") < 0) 3687 return -1; 3688 return 0; 3689} 3690 ]], [[ 3691 FILE *f; 3692 long long i, llmin, llmax = 0; 3693 3694 if((f = fopen(DATA,"w")) == NULL) 3695 exit(1); 3696 3697#if defined(LLONG_MIN) && defined(LLONG_MAX) 3698 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3699 llmin = LLONG_MIN; 3700 llmax = LLONG_MAX; 3701#else 3702 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3703 /* This will work on one's complement and two's complement */ 3704 for (i = 1; i > llmax; i <<= 1, i++) 3705 llmax = i; 3706 llmin = llmax + 1LL; /* wrap */ 3707#endif 3708 3709 /* Sanity check */ 3710 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3711 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3712 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3713 fprintf(f, "unknown unknown\n"); 3714 exit(2); 3715 } 3716 3717 if (fprint_ll(f, llmin) < 0) 3718 exit(3); 3719 if (fprint_ll(f, llmax) < 0) 3720 exit(4); 3721 if (fclose(f) < 0) 3722 exit(5); 3723 exit(0); 3724 ]])], 3725 [ 3726 llong_min=`$AWK '{print $1}' conftest.llminmax` 3727 llong_max=`$AWK '{print $2}' conftest.llminmax` 3728 3729 AC_MSG_RESULT([$llong_max]) 3730 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3731 [max value of long long calculated by configure]) 3732 AC_MSG_CHECKING([for min value of long long]) 3733 AC_MSG_RESULT([$llong_min]) 3734 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3735 [min value of long long calculated by configure]) 3736 ], 3737 [ 3738 AC_MSG_RESULT([not found]) 3739 ], 3740 [ 3741 AC_MSG_WARN([cross compiling: not checking]) 3742 ] 3743 ) 3744fi 3745 3746AC_CHECK_DECLS([UINT32_MAX], , , [[ 3747#ifdef HAVE_SYS_LIMITS_H 3748# include <sys/limits.h> 3749#endif 3750#ifdef HAVE_LIMITS_H 3751# include <limits.h> 3752#endif 3753#ifdef HAVE_STDINT_H 3754# include <stdint.h> 3755#endif 3756]]) 3757 3758# More checks for data types 3759AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3760 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3761 [[ u_int a; a = 1;]])], 3762 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3763 ]) 3764]) 3765if test "x$ac_cv_have_u_int" = "xyes" ; then 3766 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3767 have_u_int=1 3768fi 3769 3770AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3771 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3772 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3773 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3774 ]) 3775]) 3776if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3777 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3778 have_intxx_t=1 3779fi 3780 3781if (test -z "$have_intxx_t" && \ 3782 test "x$ac_cv_header_stdint_h" = "xyes") 3783then 3784 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3785 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3786 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3787 [ 3788 AC_DEFINE([HAVE_INTXX_T]) 3789 AC_MSG_RESULT([yes]) 3790 ], [ AC_MSG_RESULT([no]) 3791 ]) 3792fi 3793 3794AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3795 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3796#include <sys/types.h> 3797#ifdef HAVE_STDINT_H 3798# include <stdint.h> 3799#endif 3800#include <sys/socket.h> 3801#ifdef HAVE_SYS_BITYPES_H 3802# include <sys/bitypes.h> 3803#endif 3804 ]], [[ 3805int64_t a; a = 1; 3806 ]])], 3807 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3808 ]) 3809]) 3810if test "x$ac_cv_have_int64_t" = "xyes" ; then 3811 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3812fi 3813 3814AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3815 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3816 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3817 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3818 ]) 3819]) 3820if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3821 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3822 have_u_intxx_t=1 3823fi 3824 3825if test -z "$have_u_intxx_t" ; then 3826 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3827 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3828 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3829 [ 3830 AC_DEFINE([HAVE_U_INTXX_T]) 3831 AC_MSG_RESULT([yes]) 3832 ], [ AC_MSG_RESULT([no]) 3833 ]) 3834fi 3835 3836AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3837 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3838 [[ u_int64_t a; a = 1;]])], 3839 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3840 ]) 3841]) 3842if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3843 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3844 have_u_int64_t=1 3845fi 3846 3847if (test -z "$have_u_int64_t" && \ 3848 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3849then 3850 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3851 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3852 [[ u_int64_t a; a = 1]])], 3853 [ 3854 AC_DEFINE([HAVE_U_INT64_T]) 3855 AC_MSG_RESULT([yes]) 3856 ], [ AC_MSG_RESULT([no]) 3857 ]) 3858fi 3859 3860if test -z "$have_u_intxx_t" ; then 3861 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3862 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3863#include <sys/types.h> 3864 ]], [[ 3865 uint8_t a; 3866 uint16_t b; 3867 uint32_t c; 3868 a = b = c = 1; 3869 ]])], 3870 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3871 ]) 3872 ]) 3873 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3874 AC_DEFINE([HAVE_UINTXX_T], [1], 3875 [define if you have uintxx_t data type]) 3876 fi 3877fi 3878 3879if (test -z "$have_uintxx_t" && \ 3880 test "x$ac_cv_header_stdint_h" = "xyes") 3881then 3882 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3883 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3884 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3885 [ 3886 AC_DEFINE([HAVE_UINTXX_T]) 3887 AC_MSG_RESULT([yes]) 3888 ], [ AC_MSG_RESULT([no]) 3889 ]) 3890fi 3891 3892if (test -z "$have_uintxx_t" && \ 3893 test "x$ac_cv_header_inttypes_h" = "xyes") 3894then 3895 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3896 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3897 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3898 [ 3899 AC_DEFINE([HAVE_UINTXX_T]) 3900 AC_MSG_RESULT([yes]) 3901 ], [ AC_MSG_RESULT([no]) 3902 ]) 3903fi 3904 3905if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3906 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3907then 3908 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3909 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3910#include <sys/bitypes.h> 3911 ]], [[ 3912 int8_t a; int16_t b; int32_t c; 3913 u_int8_t e; u_int16_t f; u_int32_t g; 3914 a = b = c = e = f = g = 1; 3915 ]])], 3916 [ 3917 AC_DEFINE([HAVE_U_INTXX_T]) 3918 AC_DEFINE([HAVE_INTXX_T]) 3919 AC_MSG_RESULT([yes]) 3920 ], [AC_MSG_RESULT([no]) 3921 ]) 3922fi 3923 3924 3925AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3926 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3927 [[ u_char foo; foo = 125; ]])], 3928 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3929 ]) 3930]) 3931if test "x$ac_cv_have_u_char" = "xyes" ; then 3932 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3933fi 3934 3935AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3936#include <sys/types.h> 3937#ifdef HAVE_STDINT_H 3938# include <stdint.h> 3939#endif 3940]) 3941 3942TYPE_SOCKLEN_T 3943 3944AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3945AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3946#include <sys/types.h> 3947#ifdef HAVE_SYS_BITYPES_H 3948#include <sys/bitypes.h> 3949#endif 3950#ifdef HAVE_SYS_STATFS_H 3951#include <sys/statfs.h> 3952#endif 3953#ifdef HAVE_SYS_STATVFS_H 3954#include <sys/statvfs.h> 3955#endif 3956]) 3957 3958AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 3959#include <sys/param.h> 3960#include <sys/types.h> 3961#ifdef HAVE_SYS_BITYPES_H 3962#include <sys/bitypes.h> 3963#endif 3964#ifdef HAVE_SYS_STATFS_H 3965#include <sys/statfs.h> 3966#endif 3967#ifdef HAVE_SYS_STATVFS_H 3968#include <sys/statvfs.h> 3969#endif 3970#ifdef HAVE_SYS_VFS_H 3971#include <sys/vfs.h> 3972#endif 3973#ifdef HAVE_SYS_MOUNT_H 3974#include <sys/mount.h> 3975#endif 3976]]) 3977 3978 3979AC_CHECK_TYPES([in_addr_t, in_port_t], , , 3980[#include <sys/types.h> 3981#include <netinet/in.h>]) 3982 3983AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3984 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3985 [[ size_t foo; foo = 1235; ]])], 3986 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 3987 ]) 3988]) 3989if test "x$ac_cv_have_size_t" = "xyes" ; then 3990 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 3991fi 3992 3993AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 3994 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3995 [[ ssize_t foo; foo = 1235; ]])], 3996 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 3997 ]) 3998]) 3999if test "x$ac_cv_have_ssize_t" = "xyes" ; then 4000 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 4001fi 4002 4003AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 4004 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4005 [[ clock_t foo; foo = 1235; ]])], 4006 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4007 ]) 4008]) 4009if test "x$ac_cv_have_clock_t" = "xyes" ; then 4010 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4011fi 4012 4013AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4014 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4015#include <sys/types.h> 4016#include <sys/socket.h> 4017 ]], [[ sa_family_t foo; foo = 1235; ]])], 4018 [ ac_cv_have_sa_family_t="yes" ], 4019 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4020#include <sys/types.h> 4021#include <sys/socket.h> 4022#include <netinet/in.h> 4023 ]], [[ sa_family_t foo; foo = 1235; ]])], 4024 [ ac_cv_have_sa_family_t="yes" ], 4025 [ ac_cv_have_sa_family_t="no" ] 4026 ) 4027 ]) 4028]) 4029if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4030 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4031 [define if you have sa_family_t data type]) 4032fi 4033 4034AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4035 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4036 [[ pid_t foo; foo = 1235; ]])], 4037 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4038 ]) 4039]) 4040if test "x$ac_cv_have_pid_t" = "xyes" ; then 4041 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4042fi 4043 4044AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4045 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4046 [[ mode_t foo; foo = 1235; ]])], 4047 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4048 ]) 4049]) 4050if test "x$ac_cv_have_mode_t" = "xyes" ; then 4051 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4052fi 4053 4054 4055AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4056 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4057#include <sys/types.h> 4058#include <sys/socket.h> 4059 ]], [[ struct sockaddr_storage s; ]])], 4060 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4061 [ ac_cv_have_struct_sockaddr_storage="no" 4062 ]) 4063]) 4064if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4065 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4066 [define if you have struct sockaddr_storage data type]) 4067fi 4068 4069AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4070 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4071#include <sys/types.h> 4072#include <netinet/in.h> 4073 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4074 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4075 [ ac_cv_have_struct_sockaddr_in6="no" 4076 ]) 4077]) 4078if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4079 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4080 [define if you have struct sockaddr_in6 data type]) 4081fi 4082 4083AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4084 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4085#include <sys/types.h> 4086#include <netinet/in.h> 4087 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4088 [ ac_cv_have_struct_in6_addr="yes" ], 4089 [ ac_cv_have_struct_in6_addr="no" 4090 ]) 4091]) 4092if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4093 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4094 [define if you have struct in6_addr data type]) 4095 4096dnl Now check for sin6_scope_id 4097 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4098 [ 4099#ifdef HAVE_SYS_TYPES_H 4100#include <sys/types.h> 4101#endif 4102#include <netinet/in.h> 4103 ]) 4104fi 4105 4106AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4107 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4108#include <sys/types.h> 4109#include <sys/socket.h> 4110#include <netdb.h> 4111 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4112 [ ac_cv_have_struct_addrinfo="yes" ], 4113 [ ac_cv_have_struct_addrinfo="no" 4114 ]) 4115]) 4116if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4117 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4118 [define if you have struct addrinfo data type]) 4119fi 4120 4121AC_HEADER_TIME 4122 4123AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4124 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4125 [[ struct timeval tv; tv.tv_sec = 1;]])], 4126 [ ac_cv_have_struct_timeval="yes" ], 4127 [ ac_cv_have_struct_timeval="no" 4128 ]) 4129]) 4130if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4131 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4132 have_struct_timeval=1 4133fi 4134 4135AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4136 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4137 #ifdef TIME_WITH_SYS_TIME 4138 # include <sys/time.h> 4139 # include <time.h> 4140 #else 4141 # ifdef HAVE_SYS_TIME_H 4142 # include <sys/time.h> 4143 # else 4144 # include <time.h> 4145 # endif 4146 #endif 4147 ]], 4148 [[ struct timespec ts; ts.tv_sec = 1;]])], 4149 [ ac_cv_have_struct_timespec="yes" ], 4150 [ ac_cv_have_struct_timespec="no" 4151 ]) 4152]) 4153if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4154 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4155 have_struct_timespec=1 4156fi 4157 4158# We need int64_t or else certain parts of the compile will fail. 4159if test "x$ac_cv_have_int64_t" = "xno" && \ 4160 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4161 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4162 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4163 echo "an alternative compiler (I.E., GCC) before continuing." 4164 echo "" 4165 exit 1; 4166else 4167dnl test snprintf (broken on SCO w/gcc) 4168 AC_RUN_IFELSE( 4169 [AC_LANG_SOURCE([[ 4170#include <stdio.h> 4171#include <string.h> 4172#ifdef HAVE_SNPRINTF 4173main() 4174{ 4175 char buf[50]; 4176 char expected_out[50]; 4177 int mazsize = 50 ; 4178#if (SIZEOF_LONG_INT == 8) 4179 long int num = 0x7fffffffffffffff; 4180#else 4181 long long num = 0x7fffffffffffffffll; 4182#endif 4183 strcpy(expected_out, "9223372036854775807"); 4184 snprintf(buf, mazsize, "%lld", num); 4185 if(strcmp(buf, expected_out) != 0) 4186 exit(1); 4187 exit(0); 4188} 4189#else 4190main() { exit(0); } 4191#endif 4192 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4193 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4194 ) 4195fi 4196 4197dnl Checks for structure members 4198OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4199OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4200OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4201OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4202OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4203OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4204OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4205OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4206OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4207OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4208OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4209OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4210OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4211OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4212OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4213OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4214OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4215OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX]) 4216 4217AC_CHECK_MEMBERS([struct stat.st_blksize]) 4218AC_CHECK_MEMBERS([struct stat.st_mtim]) 4219AC_CHECK_MEMBERS([struct stat.st_mtime]) 4220AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4221struct passwd.pw_change, struct passwd.pw_expire], 4222[], [], [[ 4223#include <sys/types.h> 4224#include <pwd.h> 4225]]) 4226 4227AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4228 [Define if we don't have struct __res_state in resolv.h])], 4229[[ 4230#include <stdio.h> 4231#if HAVE_SYS_TYPES_H 4232# include <sys/types.h> 4233#endif 4234#include <netinet/in.h> 4235#include <arpa/nameser.h> 4236#include <resolv.h> 4237]]) 4238 4239AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4240 ac_cv_have_ss_family_in_struct_ss, [ 4241 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4242#include <sys/types.h> 4243#include <sys/socket.h> 4244 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4245 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4246 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4247]) 4248if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4249 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4250fi 4251 4252AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4253 ac_cv_have___ss_family_in_struct_ss, [ 4254 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4255#include <sys/types.h> 4256#include <sys/socket.h> 4257 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4258 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4259 [ ac_cv_have___ss_family_in_struct_ss="no" 4260 ]) 4261]) 4262if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4263 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4264 [Fields in struct sockaddr_storage]) 4265fi 4266 4267dnl make sure we're using the real structure members and not defines 4268AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4269 ac_cv_have_accrights_in_msghdr, [ 4270 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4271#include <sys/types.h> 4272#include <sys/socket.h> 4273#include <sys/uio.h> 4274 ]], [[ 4275#ifdef msg_accrights 4276#error "msg_accrights is a macro" 4277exit(1); 4278#endif 4279struct msghdr m; 4280m.msg_accrights = 0; 4281exit(0); 4282 ]])], 4283 [ ac_cv_have_accrights_in_msghdr="yes" ], 4284 [ ac_cv_have_accrights_in_msghdr="no" ] 4285 ) 4286]) 4287if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4288 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4289 [Define if your system uses access rights style 4290 file descriptor passing]) 4291fi 4292 4293AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4294AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4295#include <sys/param.h> 4296#include <sys/stat.h> 4297#ifdef HAVE_SYS_TIME_H 4298# include <sys/time.h> 4299#endif 4300#ifdef HAVE_SYS_MOUNT_H 4301#include <sys/mount.h> 4302#endif 4303#ifdef HAVE_SYS_STATVFS_H 4304#include <sys/statvfs.h> 4305#endif 4306 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4307 [ AC_MSG_RESULT([yes]) ], 4308 [ AC_MSG_RESULT([no]) 4309 4310 AC_MSG_CHECKING([if fsid_t has member val]) 4311 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4312#include <sys/types.h> 4313#include <sys/statvfs.h> 4314 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4315 [ AC_MSG_RESULT([yes]) 4316 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4317 [ AC_MSG_RESULT([no]) ]) 4318 4319 AC_MSG_CHECKING([if f_fsid has member __val]) 4320 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4321#include <sys/types.h> 4322#include <sys/statvfs.h> 4323 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4324 [ AC_MSG_RESULT([yes]) 4325 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4326 [ AC_MSG_RESULT([no]) ]) 4327]) 4328 4329AC_CACHE_CHECK([for msg_control field in struct msghdr], 4330 ac_cv_have_control_in_msghdr, [ 4331 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4332#include <sys/types.h> 4333#include <sys/socket.h> 4334#include <sys/uio.h> 4335 ]], [[ 4336#ifdef msg_control 4337#error "msg_control is a macro" 4338exit(1); 4339#endif 4340struct msghdr m; 4341m.msg_control = 0; 4342exit(0); 4343 ]])], 4344 [ ac_cv_have_control_in_msghdr="yes" ], 4345 [ ac_cv_have_control_in_msghdr="no" ] 4346 ) 4347]) 4348if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4349 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4350 [Define if your system uses ancillary data style 4351 file descriptor passing]) 4352fi 4353 4354AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4355 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4356 [[ extern char *__progname; printf("%s", __progname); ]])], 4357 [ ac_cv_libc_defines___progname="yes" ], 4358 [ ac_cv_libc_defines___progname="no" 4359 ]) 4360]) 4361if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4362 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4363fi 4364 4365AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4366 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4367 [[ printf("%s", __FUNCTION__); ]])], 4368 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4369 [ ac_cv_cc_implements___FUNCTION__="no" 4370 ]) 4371]) 4372if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4373 AC_DEFINE([HAVE___FUNCTION__], [1], 4374 [Define if compiler implements __FUNCTION__]) 4375fi 4376 4377AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4378 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4379 [[ printf("%s", __func__); ]])], 4380 [ ac_cv_cc_implements___func__="yes" ], 4381 [ ac_cv_cc_implements___func__="no" 4382 ]) 4383]) 4384if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4385 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4386fi 4387 4388AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4389 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4390#include <stdarg.h> 4391va_list x,y; 4392 ]], [[ va_copy(x,y); ]])], 4393 [ ac_cv_have_va_copy="yes" ], 4394 [ ac_cv_have_va_copy="no" 4395 ]) 4396]) 4397if test "x$ac_cv_have_va_copy" = "xyes" ; then 4398 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4399fi 4400 4401AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4402 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4403#include <stdarg.h> 4404va_list x,y; 4405 ]], [[ __va_copy(x,y); ]])], 4406 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4407 ]) 4408]) 4409if test "x$ac_cv_have___va_copy" = "xyes" ; then 4410 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4411fi 4412 4413AC_CACHE_CHECK([whether getopt has optreset support], 4414 ac_cv_have_getopt_optreset, [ 4415 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4416 [[ extern int optreset; optreset = 0; ]])], 4417 [ ac_cv_have_getopt_optreset="yes" ], 4418 [ ac_cv_have_getopt_optreset="no" 4419 ]) 4420]) 4421if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4422 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4423 [Define if your getopt(3) defines and uses optreset]) 4424fi 4425 4426AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4427 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4428[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4429 [ ac_cv_libc_defines_sys_errlist="yes" ], 4430 [ ac_cv_libc_defines_sys_errlist="no" 4431 ]) 4432]) 4433if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4434 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4435 [Define if your system defines sys_errlist[]]) 4436fi 4437 4438 4439AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4440 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4441[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4442 [ ac_cv_libc_defines_sys_nerr="yes" ], 4443 [ ac_cv_libc_defines_sys_nerr="no" 4444 ]) 4445]) 4446if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4447 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4448fi 4449 4450# Check libraries needed by DNS fingerprint support 4451AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4452 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4453 [Define if getrrsetbyname() exists])], 4454 [ 4455 # Needed by our getrrsetbyname() 4456 AC_SEARCH_LIBS([res_query], [resolv]) 4457 AC_SEARCH_LIBS([dn_expand], [resolv]) 4458 AC_MSG_CHECKING([if res_query will link]) 4459 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4460#include <sys/types.h> 4461#include <netinet/in.h> 4462#include <arpa/nameser.h> 4463#include <netdb.h> 4464#include <resolv.h> 4465 ]], [[ 4466 res_query (0, 0, 0, 0, 0); 4467 ]])], 4468 AC_MSG_RESULT([yes]), 4469 [AC_MSG_RESULT([no]) 4470 saved_LIBS="$LIBS" 4471 LIBS="$LIBS -lresolv" 4472 AC_MSG_CHECKING([for res_query in -lresolv]) 4473 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4474#include <sys/types.h> 4475#include <netinet/in.h> 4476#include <arpa/nameser.h> 4477#include <netdb.h> 4478#include <resolv.h> 4479 ]], [[ 4480 res_query (0, 0, 0, 0, 0); 4481 ]])], 4482 [AC_MSG_RESULT([yes])], 4483 [LIBS="$saved_LIBS" 4484 AC_MSG_RESULT([no])]) 4485 ]) 4486 AC_CHECK_FUNCS([_getshort _getlong]) 4487 AC_CHECK_DECLS([_getshort, _getlong], , , 4488 [#include <sys/types.h> 4489 #include <arpa/nameser.h>]) 4490 AC_CHECK_MEMBER([HEADER.ad], 4491 [AC_DEFINE([HAVE_HEADER_AD], [1], 4492 [Define if HEADER.ad exists in arpa/nameser.h])], , 4493 [#include <arpa/nameser.h>]) 4494 ]) 4495 4496AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4497AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4498#include <stdio.h> 4499#if HAVE_SYS_TYPES_H 4500# include <sys/types.h> 4501#endif 4502#include <netinet/in.h> 4503#include <arpa/nameser.h> 4504#include <resolv.h> 4505extern struct __res_state _res; 4506 ]], [[ 4507struct __res_state *volatile p = &_res; /* force resolution of _res */ 4508return 0; 4509 ]],)], 4510 [AC_MSG_RESULT([yes]) 4511 AC_DEFINE([HAVE__RES_EXTERN], [1], 4512 [Define if you have struct __res_state _res as an extern]) 4513 ], 4514 [ AC_MSG_RESULT([no]) ] 4515) 4516 4517# Check whether user wants SELinux support 4518SELINUX_MSG="no" 4519LIBSELINUX="" 4520AC_ARG_WITH([selinux], 4521 [ --with-selinux Enable SELinux support], 4522 [ if test "x$withval" != "xno" ; then 4523 save_LIBS="$LIBS" 4524 AC_DEFINE([WITH_SELINUX], [1], 4525 [Define if you want SELinux support.]) 4526 SELINUX_MSG="yes" 4527 AC_CHECK_HEADER([selinux/selinux.h], , 4528 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4529 AC_CHECK_LIB([selinux], [setexeccon], 4530 [ LIBSELINUX="-lselinux" 4531 LIBS="$LIBS -lselinux" 4532 ], 4533 AC_MSG_ERROR([SELinux support requires libselinux library])) 4534 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4535 LIBS="$save_LIBS $LIBSELINUX" 4536 fi ] 4537) 4538AC_SUBST([SSHDLIBS]) 4539 4540# Check whether user wants Kerberos 5 support 4541KRB5_MSG="no" 4542AC_ARG_WITH([kerberos5], 4543 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4544 [ if test "x$withval" != "xno" ; then 4545 if test "x$withval" = "xyes" ; then 4546 KRB5ROOT="/usr/local" 4547 else 4548 KRB5ROOT=${withval} 4549 fi 4550 4551 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4552 KRB5_MSG="yes" 4553 4554 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4555 [$KRB5ROOT/bin/krb5-config], 4556 [$KRB5ROOT/bin:$PATH]) 4557 if test -x $KRB5CONF ; then 4558 K5CFLAGS="`$KRB5CONF --cflags`" 4559 K5LIBS="`$KRB5CONF --libs`" 4560 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4561 4562 AC_MSG_CHECKING([for gssapi support]) 4563 if $KRB5CONF | grep gssapi >/dev/null ; then 4564 AC_MSG_RESULT([yes]) 4565 AC_DEFINE([GSSAPI], [1], 4566 [Define this if you want GSSAPI 4567 support in the version 2 protocol]) 4568 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4569 GSSLIBS="`$KRB5CONF --libs gssapi`" 4570 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4571 else 4572 AC_MSG_RESULT([no]) 4573 fi 4574 AC_MSG_CHECKING([whether we are using Heimdal]) 4575 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4576 ]], [[ char *tmp = heimdal_version; ]])], 4577 [ AC_MSG_RESULT([yes]) 4578 AC_DEFINE([HEIMDAL], [1], 4579 [Define this if you are using the Heimdal 4580 version of Kerberos V5]) ], 4581 [AC_MSG_RESULT([no]) 4582 ]) 4583 else 4584 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4585 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4586 AC_MSG_CHECKING([whether we are using Heimdal]) 4587 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4588 ]], [[ char *tmp = heimdal_version; ]])], 4589 [ AC_MSG_RESULT([yes]) 4590 AC_DEFINE([HEIMDAL]) 4591 K5LIBS="-lkrb5" 4592 K5LIBS="$K5LIBS -lcom_err -lasn1" 4593 AC_CHECK_LIB([roken], [net_write], 4594 [K5LIBS="$K5LIBS -lroken"]) 4595 AC_CHECK_LIB([des], [des_cbc_encrypt], 4596 [K5LIBS="$K5LIBS -ldes"]) 4597 ], [ AC_MSG_RESULT([no]) 4598 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4599 ]) 4600 AC_SEARCH_LIBS([dn_expand], [resolv]) 4601 4602 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4603 [ AC_DEFINE([GSSAPI]) 4604 GSSLIBS="-lgssapi_krb5" ], 4605 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4606 [ AC_DEFINE([GSSAPI]) 4607 GSSLIBS="-lgssapi" ], 4608 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4609 [ AC_DEFINE([GSSAPI]) 4610 GSSLIBS="-lgss" ], 4611 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4612 ]) 4613 ]) 4614 4615 AC_CHECK_HEADER([gssapi.h], , 4616 [ unset ac_cv_header_gssapi_h 4617 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4618 AC_CHECK_HEADERS([gssapi.h], , 4619 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4620 ) 4621 ] 4622 ) 4623 4624 oldCPP="$CPPFLAGS" 4625 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4626 AC_CHECK_HEADER([gssapi_krb5.h], , 4627 [ CPPFLAGS="$oldCPP" ]) 4628 4629 fi 4630 if test -n "${rpath_opt}" ; then 4631 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4632 fi 4633 if test ! -z "$blibpath" ; then 4634 blibpath="$blibpath:${KRB5ROOT}/lib" 4635 fi 4636 4637 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4638 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4639 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4640 4641 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4642 [Define this if you want to use libkafs' AFS support])]) 4643 4644 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4645#ifdef HAVE_GSSAPI_H 4646# include <gssapi.h> 4647#elif defined(HAVE_GSSAPI_GSSAPI_H) 4648# include <gssapi/gssapi.h> 4649#endif 4650 4651#ifdef HAVE_GSSAPI_GENERIC_H 4652# include <gssapi_generic.h> 4653#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4654# include <gssapi/gssapi_generic.h> 4655#endif 4656 ]]) 4657 saved_LIBS="$LIBS" 4658 LIBS="$LIBS $K5LIBS" 4659 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4660 LIBS="$saved_LIBS" 4661 4662 fi 4663 ] 4664) 4665AC_SUBST([GSSLIBS]) 4666AC_SUBST([K5LIBS]) 4667 4668# Looking for programs, paths and files 4669 4670PRIVSEP_PATH=/var/empty 4671AC_ARG_WITH([privsep-path], 4672 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4673 [ 4674 if test -n "$withval" && test "x$withval" != "xno" && \ 4675 test "x${withval}" != "xyes"; then 4676 PRIVSEP_PATH=$withval 4677 fi 4678 ] 4679) 4680AC_SUBST([PRIVSEP_PATH]) 4681 4682AC_ARG_WITH([xauth], 4683 [ --with-xauth=PATH Specify path to xauth program ], 4684 [ 4685 if test -n "$withval" && test "x$withval" != "xno" && \ 4686 test "x${withval}" != "xyes"; then 4687 xauth_path=$withval 4688 fi 4689 ], 4690 [ 4691 TestPath="$PATH" 4692 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4693 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4694 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4695 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4696 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4697 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4698 xauth_path="/usr/openwin/bin/xauth" 4699 fi 4700 ] 4701) 4702 4703STRIP_OPT=-s 4704AC_ARG_ENABLE([strip], 4705 [ --disable-strip Disable calling strip(1) on install], 4706 [ 4707 if test "x$enableval" = "xno" ; then 4708 STRIP_OPT= 4709 fi 4710 ] 4711) 4712AC_SUBST([STRIP_OPT]) 4713 4714if test -z "$xauth_path" ; then 4715 XAUTH_PATH="undefined" 4716 AC_SUBST([XAUTH_PATH]) 4717else 4718 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4719 [Define if xauth is found in your path]) 4720 XAUTH_PATH=$xauth_path 4721 AC_SUBST([XAUTH_PATH]) 4722fi 4723 4724dnl # --with-maildir=/path/to/mail gets top priority. 4725dnl # if maildir is set in the platform case statement above we use that. 4726dnl # Otherwise we run a program to get the dir from system headers. 4727dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4728dnl # If we find _PATH_MAILDIR we do nothing because that is what 4729dnl # session.c expects anyway. Otherwise we set to the value found 4730dnl # stripping any trailing slash. If for some strage reason our program 4731dnl # does not find what it needs, we default to /var/spool/mail. 4732# Check for mail directory 4733AC_ARG_WITH([maildir], 4734 [ --with-maildir=/path/to/mail Specify your system mail directory], 4735 [ 4736 if test "X$withval" != X && test "x$withval" != xno && \ 4737 test "x${withval}" != xyes; then 4738 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4739 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4740 fi 4741 ],[ 4742 if test "X$maildir" != "X"; then 4743 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4744 else 4745 AC_MSG_CHECKING([Discovering system mail directory]) 4746 AC_RUN_IFELSE( 4747 [AC_LANG_PROGRAM([[ 4748#include <stdio.h> 4749#include <string.h> 4750#ifdef HAVE_PATHS_H 4751#include <paths.h> 4752#endif 4753#ifdef HAVE_MAILLOCK_H 4754#include <maillock.h> 4755#endif 4756#define DATA "conftest.maildir" 4757 ]], [[ 4758 FILE *fd; 4759 int rc; 4760 4761 fd = fopen(DATA,"w"); 4762 if(fd == NULL) 4763 exit(1); 4764 4765#if defined (_PATH_MAILDIR) 4766 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4767 exit(1); 4768#elif defined (MAILDIR) 4769 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4770 exit(1); 4771#elif defined (_PATH_MAIL) 4772 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4773 exit(1); 4774#else 4775 exit (2); 4776#endif 4777 4778 exit(0); 4779 ]])], 4780 [ 4781 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4782 maildir=`awk -F: '{print $2}' conftest.maildir \ 4783 | sed 's|/$||'` 4784 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4785 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4786 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4787 fi 4788 ], 4789 [ 4790 if test "X$ac_status" = "X2";then 4791# our test program didn't find it. Default to /var/spool/mail 4792 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4793 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4794 else 4795 AC_MSG_RESULT([*** not found ***]) 4796 fi 4797 ], 4798 [ 4799 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4800 ] 4801 ) 4802 fi 4803 ] 4804) # maildir 4805 4806if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4807 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4808 disable_ptmx_check=yes 4809fi 4810if test -z "$no_dev_ptmx" ; then 4811 if test "x$disable_ptmx_check" != "xyes" ; then 4812 AC_CHECK_FILE(["/dev/ptmx"], 4813 [ 4814 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4815 [Define if you have /dev/ptmx]) 4816 have_dev_ptmx=1 4817 ] 4818 ) 4819 fi 4820fi 4821 4822if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4823 AC_CHECK_FILE(["/dev/ptc"], 4824 [ 4825 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4826 [Define if you have /dev/ptc]) 4827 have_dev_ptc=1 4828 ] 4829 ) 4830else 4831 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4832fi 4833 4834# Options from here on. Some of these are preset by platform above 4835AC_ARG_WITH([mantype], 4836 [ --with-mantype=man|cat|doc Set man page type], 4837 [ 4838 case "$withval" in 4839 man|cat|doc) 4840 MANTYPE=$withval 4841 ;; 4842 *) 4843 AC_MSG_ERROR([invalid man type: $withval]) 4844 ;; 4845 esac 4846 ] 4847) 4848if test -z "$MANTYPE"; then 4849 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 4850 MANTYPE=doc 4851 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4852 MANTYPE=doc 4853 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4854 MANTYPE=man 4855 else 4856 MANTYPE=cat 4857 fi 4858fi 4859AC_SUBST([MANTYPE]) 4860if test "$MANTYPE" = "doc"; then 4861 mansubdir=man; 4862else 4863 mansubdir=$MANTYPE; 4864fi 4865AC_SUBST([mansubdir]) 4866 4867# Check whether to enable MD5 passwords 4868MD5_MSG="no" 4869AC_ARG_WITH([md5-passwords], 4870 [ --with-md5-passwords Enable use of MD5 passwords], 4871 [ 4872 if test "x$withval" != "xno" ; then 4873 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4874 [Define if you want to allow MD5 passwords]) 4875 MD5_MSG="yes" 4876 fi 4877 ] 4878) 4879 4880# Whether to disable shadow password support 4881AC_ARG_WITH([shadow], 4882 [ --without-shadow Disable shadow password support], 4883 [ 4884 if test "x$withval" = "xno" ; then 4885 AC_DEFINE([DISABLE_SHADOW]) 4886 disable_shadow=yes 4887 fi 4888 ] 4889) 4890 4891if test -z "$disable_shadow" ; then 4892 AC_MSG_CHECKING([if the systems has expire shadow information]) 4893 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4894#include <sys/types.h> 4895#include <shadow.h> 4896struct spwd sp; 4897 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4898 [ sp_expire_available=yes ], [ 4899 ]) 4900 4901 if test "x$sp_expire_available" = "xyes" ; then 4902 AC_MSG_RESULT([yes]) 4903 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4904 [Define if you want to use shadow password expire field]) 4905 else 4906 AC_MSG_RESULT([no]) 4907 fi 4908fi 4909 4910# Use ip address instead of hostname in $DISPLAY 4911if test ! -z "$IPADDR_IN_DISPLAY" ; then 4912 DISPLAY_HACK_MSG="yes" 4913 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4914 [Define if you need to use IP address 4915 instead of hostname in $DISPLAY]) 4916else 4917 DISPLAY_HACK_MSG="no" 4918 AC_ARG_WITH([ipaddr-display], 4919 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 4920 [ 4921 if test "x$withval" != "xno" ; then 4922 AC_DEFINE([IPADDR_IN_DISPLAY]) 4923 DISPLAY_HACK_MSG="yes" 4924 fi 4925 ] 4926 ) 4927fi 4928 4929# check for /etc/default/login and use it if present. 4930AC_ARG_ENABLE([etc-default-login], 4931 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4932 [ if test "x$enableval" = "xno"; then 4933 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4934 etc_default_login=no 4935 else 4936 etc_default_login=yes 4937 fi ], 4938 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4939 then 4940 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4941 etc_default_login=no 4942 else 4943 etc_default_login=yes 4944 fi ] 4945) 4946 4947if test "x$etc_default_login" != "xno"; then 4948 AC_CHECK_FILE(["/etc/default/login"], 4949 [ external_path_file=/etc/default/login ]) 4950 if test "x$external_path_file" = "x/etc/default/login"; then 4951 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4952 [Define if your system has /etc/default/login]) 4953 fi 4954fi 4955 4956dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4957if test $ac_cv_func_login_getcapbool = "yes" && \ 4958 test $ac_cv_header_login_cap_h = "yes" ; then 4959 external_path_file=/etc/login.conf 4960fi 4961 4962# Whether to mess with the default path 4963SERVER_PATH_MSG="(default)" 4964AC_ARG_WITH([default-path], 4965 [ --with-default-path= Specify default $PATH environment for server], 4966 [ 4967 if test "x$external_path_file" = "x/etc/login.conf" ; then 4968 AC_MSG_WARN([ 4969--with-default-path=PATH has no effect on this system. 4970Edit /etc/login.conf instead.]) 4971 elif test "x$withval" != "xno" ; then 4972 if test ! -z "$external_path_file" ; then 4973 AC_MSG_WARN([ 4974--with-default-path=PATH will only be used if PATH is not defined in 4975$external_path_file .]) 4976 fi 4977 user_path="$withval" 4978 SERVER_PATH_MSG="$withval" 4979 fi 4980 ], 4981 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 4982 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 4983 else 4984 if test ! -z "$external_path_file" ; then 4985 AC_MSG_WARN([ 4986If PATH is defined in $external_path_file, ensure the path to scp is included, 4987otherwise scp will not work.]) 4988 fi 4989 AC_RUN_IFELSE( 4990 [AC_LANG_PROGRAM([[ 4991/* find out what STDPATH is */ 4992#include <stdio.h> 4993#ifdef HAVE_PATHS_H 4994# include <paths.h> 4995#endif 4996#ifndef _PATH_STDPATH 4997# ifdef _PATH_USERPATH /* Irix */ 4998# define _PATH_STDPATH _PATH_USERPATH 4999# else 5000# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 5001# endif 5002#endif 5003#include <sys/types.h> 5004#include <sys/stat.h> 5005#include <fcntl.h> 5006#define DATA "conftest.stdpath" 5007 ]], [[ 5008 FILE *fd; 5009 int rc; 5010 5011 fd = fopen(DATA,"w"); 5012 if(fd == NULL) 5013 exit(1); 5014 5015 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5016 exit(1); 5017 5018 exit(0); 5019 ]])], 5020 [ user_path=`cat conftest.stdpath` ], 5021 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5022 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5023 ) 5024# make sure $bindir is in USER_PATH so scp will work 5025 t_bindir="${bindir}" 5026 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5027 t_bindir=`eval echo ${t_bindir}` 5028 case $t_bindir in 5029 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5030 esac 5031 case $t_bindir in 5032 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5033 esac 5034 done 5035 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5036 if test $? -ne 0 ; then 5037 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5038 if test $? -ne 0 ; then 5039 user_path=$user_path:$t_bindir 5040 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5041 fi 5042 fi 5043 fi ] 5044) 5045if test "x$external_path_file" != "x/etc/login.conf" ; then 5046 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5047 AC_SUBST([user_path]) 5048fi 5049 5050# Set superuser path separately to user path 5051AC_ARG_WITH([superuser-path], 5052 [ --with-superuser-path= Specify different path for super-user], 5053 [ 5054 if test -n "$withval" && test "x$withval" != "xno" && \ 5055 test "x${withval}" != "xyes"; then 5056 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5057 [Define if you want a different $PATH 5058 for the superuser]) 5059 superuser_path=$withval 5060 fi 5061 ] 5062) 5063 5064 5065AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5066IPV4_IN6_HACK_MSG="no" 5067AC_ARG_WITH(4in6, 5068 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5069 [ 5070 if test "x$withval" != "xno" ; then 5071 AC_MSG_RESULT([yes]) 5072 AC_DEFINE([IPV4_IN_IPV6], [1], 5073 [Detect IPv4 in IPv6 mapped addresses 5074 and treat as IPv4]) 5075 IPV4_IN6_HACK_MSG="yes" 5076 else 5077 AC_MSG_RESULT([no]) 5078 fi 5079 ], [ 5080 if test "x$inet6_default_4in6" = "xyes"; then 5081 AC_MSG_RESULT([yes (default)]) 5082 AC_DEFINE([IPV4_IN_IPV6]) 5083 IPV4_IN6_HACK_MSG="yes" 5084 else 5085 AC_MSG_RESULT([no (default)]) 5086 fi 5087 ] 5088) 5089 5090# Whether to enable BSD auth support 5091BSD_AUTH_MSG=no 5092AC_ARG_WITH([bsd-auth], 5093 [ --with-bsd-auth Enable BSD auth support], 5094 [ 5095 if test "x$withval" != "xno" ; then 5096 AC_DEFINE([BSD_AUTH], [1], 5097 [Define if you have BSD auth support]) 5098 BSD_AUTH_MSG=yes 5099 fi 5100 ] 5101) 5102 5103# Where to place sshd.pid 5104piddir=/var/run 5105# make sure the directory exists 5106if test ! -d $piddir ; then 5107 piddir=`eval echo ${sysconfdir}` 5108 case $piddir in 5109 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5110 esac 5111fi 5112 5113AC_ARG_WITH([pid-dir], 5114 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5115 [ 5116 if test -n "$withval" && test "x$withval" != "xno" && \ 5117 test "x${withval}" != "xyes"; then 5118 piddir=$withval 5119 if test ! -d $piddir ; then 5120 AC_MSG_WARN([** no $piddir directory on this system **]) 5121 fi 5122 fi 5123 ] 5124) 5125 5126AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5127 [Specify location of ssh.pid]) 5128AC_SUBST([piddir]) 5129 5130dnl allow user to disable some login recording features 5131AC_ARG_ENABLE([lastlog], 5132 [ --disable-lastlog disable use of lastlog even if detected [no]], 5133 [ 5134 if test "x$enableval" = "xno" ; then 5135 AC_DEFINE([DISABLE_LASTLOG]) 5136 fi 5137 ] 5138) 5139AC_ARG_ENABLE([utmp], 5140 [ --disable-utmp disable use of utmp even if detected [no]], 5141 [ 5142 if test "x$enableval" = "xno" ; then 5143 AC_DEFINE([DISABLE_UTMP]) 5144 fi 5145 ] 5146) 5147AC_ARG_ENABLE([utmpx], 5148 [ --disable-utmpx disable use of utmpx even if detected [no]], 5149 [ 5150 if test "x$enableval" = "xno" ; then 5151 AC_DEFINE([DISABLE_UTMPX], [1], 5152 [Define if you don't want to use utmpx]) 5153 fi 5154 ] 5155) 5156AC_ARG_ENABLE([wtmp], 5157 [ --disable-wtmp disable use of wtmp even if detected [no]], 5158 [ 5159 if test "x$enableval" = "xno" ; then 5160 AC_DEFINE([DISABLE_WTMP]) 5161 fi 5162 ] 5163) 5164AC_ARG_ENABLE([wtmpx], 5165 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5166 [ 5167 if test "x$enableval" = "xno" ; then 5168 AC_DEFINE([DISABLE_WTMPX], [1], 5169 [Define if you don't want to use wtmpx]) 5170 fi 5171 ] 5172) 5173AC_ARG_ENABLE([libutil], 5174 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5175 [ 5176 if test "x$enableval" = "xno" ; then 5177 AC_DEFINE([DISABLE_LOGIN]) 5178 fi 5179 ] 5180) 5181AC_ARG_ENABLE([pututline], 5182 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5183 [ 5184 if test "x$enableval" = "xno" ; then 5185 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5186 [Define if you don't want to use pututline() 5187 etc. to write [uw]tmp]) 5188 fi 5189 ] 5190) 5191AC_ARG_ENABLE([pututxline], 5192 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5193 [ 5194 if test "x$enableval" = "xno" ; then 5195 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5196 [Define if you don't want to use pututxline() 5197 etc. to write [uw]tmpx]) 5198 fi 5199 ] 5200) 5201AC_ARG_WITH([lastlog], 5202 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5203 [ 5204 if test "x$withval" = "xno" ; then 5205 AC_DEFINE([DISABLE_LASTLOG]) 5206 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5207 conf_lastlog_location=$withval 5208 fi 5209 ] 5210) 5211 5212dnl lastlog, [uw]tmpx? detection 5213dnl NOTE: set the paths in the platform section to avoid the 5214dnl need for command-line parameters 5215dnl lastlog and [uw]tmp are subject to a file search if all else fails 5216 5217dnl lastlog detection 5218dnl NOTE: the code itself will detect if lastlog is a directory 5219AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5220AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5221#include <sys/types.h> 5222#include <utmp.h> 5223#ifdef HAVE_LASTLOG_H 5224# include <lastlog.h> 5225#endif 5226#ifdef HAVE_PATHS_H 5227# include <paths.h> 5228#endif 5229#ifdef HAVE_LOGIN_H 5230# include <login.h> 5231#endif 5232 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5233 [ AC_MSG_RESULT([yes]) ], 5234 [ 5235 AC_MSG_RESULT([no]) 5236 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5237 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5238#include <sys/types.h> 5239#include <utmp.h> 5240#ifdef HAVE_LASTLOG_H 5241# include <lastlog.h> 5242#endif 5243#ifdef HAVE_PATHS_H 5244# include <paths.h> 5245#endif 5246 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5247 [ AC_MSG_RESULT([yes]) ], 5248 [ 5249 AC_MSG_RESULT([no]) 5250 system_lastlog_path=no 5251 ]) 5252]) 5253 5254if test -z "$conf_lastlog_location"; then 5255 if test x"$system_lastlog_path" = x"no" ; then 5256 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5257 if (test -d "$f" || test -f "$f") ; then 5258 conf_lastlog_location=$f 5259 fi 5260 done 5261 if test -z "$conf_lastlog_location"; then 5262 AC_MSG_WARN([** Cannot find lastlog **]) 5263 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5264 fi 5265 fi 5266fi 5267 5268if test -n "$conf_lastlog_location"; then 5269 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5270 [Define if you want to specify the path to your lastlog file]) 5271fi 5272 5273dnl utmp detection 5274AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5275AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5276#include <sys/types.h> 5277#include <utmp.h> 5278#ifdef HAVE_PATHS_H 5279# include <paths.h> 5280#endif 5281 ]], [[ char *utmp = UTMP_FILE; ]])], 5282 [ AC_MSG_RESULT([yes]) ], 5283 [ AC_MSG_RESULT([no]) 5284 system_utmp_path=no 5285]) 5286if test -z "$conf_utmp_location"; then 5287 if test x"$system_utmp_path" = x"no" ; then 5288 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5289 if test -f $f ; then 5290 conf_utmp_location=$f 5291 fi 5292 done 5293 if test -z "$conf_utmp_location"; then 5294 AC_DEFINE([DISABLE_UTMP]) 5295 fi 5296 fi 5297fi 5298if test -n "$conf_utmp_location"; then 5299 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5300 [Define if you want to specify the path to your utmp file]) 5301fi 5302 5303dnl wtmp detection 5304AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5305AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5306#include <sys/types.h> 5307#include <utmp.h> 5308#ifdef HAVE_PATHS_H 5309# include <paths.h> 5310#endif 5311 ]], [[ char *wtmp = WTMP_FILE; ]])], 5312 [ AC_MSG_RESULT([yes]) ], 5313 [ AC_MSG_RESULT([no]) 5314 system_wtmp_path=no 5315]) 5316if test -z "$conf_wtmp_location"; then 5317 if test x"$system_wtmp_path" = x"no" ; then 5318 for f in /usr/adm/wtmp /var/log/wtmp; do 5319 if test -f $f ; then 5320 conf_wtmp_location=$f 5321 fi 5322 done 5323 if test -z "$conf_wtmp_location"; then 5324 AC_DEFINE([DISABLE_WTMP]) 5325 fi 5326 fi 5327fi 5328if test -n "$conf_wtmp_location"; then 5329 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5330 [Define if you want to specify the path to your wtmp file]) 5331fi 5332 5333dnl wtmpx detection 5334AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5335AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5336#include <sys/types.h> 5337#include <utmp.h> 5338#ifdef HAVE_UTMPX_H 5339#include <utmpx.h> 5340#endif 5341#ifdef HAVE_PATHS_H 5342# include <paths.h> 5343#endif 5344 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5345 [ AC_MSG_RESULT([yes]) ], 5346 [ AC_MSG_RESULT([no]) 5347 system_wtmpx_path=no 5348]) 5349if test -z "$conf_wtmpx_location"; then 5350 if test x"$system_wtmpx_path" = x"no" ; then 5351 AC_DEFINE([DISABLE_WTMPX]) 5352 fi 5353else 5354 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5355 [Define if you want to specify the path to your wtmpx file]) 5356fi 5357 5358 5359if test ! -z "$blibpath" ; then 5360 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5361 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5362fi 5363 5364AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5365 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5366 AC_DEFINE([DISABLE_LASTLOG]) 5367 fi 5368 ], [ 5369#ifdef HAVE_SYS_TYPES_H 5370#include <sys/types.h> 5371#endif 5372#ifdef HAVE_UTMP_H 5373#include <utmp.h> 5374#endif 5375#ifdef HAVE_UTMPX_H 5376#include <utmpx.h> 5377#endif 5378#ifdef HAVE_LASTLOG_H 5379#include <lastlog.h> 5380#endif 5381 ]) 5382 5383AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5384 AC_DEFINE([DISABLE_UTMP]) 5385 AC_DEFINE([DISABLE_WTMP]) 5386 ], [ 5387#ifdef HAVE_SYS_TYPES_H 5388#include <sys/types.h> 5389#endif 5390#ifdef HAVE_UTMP_H 5391#include <utmp.h> 5392#endif 5393#ifdef HAVE_UTMPX_H 5394#include <utmpx.h> 5395#endif 5396#ifdef HAVE_LASTLOG_H 5397#include <lastlog.h> 5398#endif 5399 ]) 5400 5401dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5402dnl Add now. 5403CFLAGS="$CFLAGS $werror_flags" 5404 5405if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5406 TEST_SSH_IPV6=no 5407else 5408 TEST_SSH_IPV6=yes 5409fi 5410AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5411AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5412AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5413AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5414AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5415AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5416 5417CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5418LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5419 5420# Make a copy of CFLAGS/LDFLAGS without PIE options. 5421LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5422CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5423AC_SUBST([LDFLAGS_NOPIE]) 5424AC_SUBST([CFLAGS_NOPIE]) 5425 5426AC_EXEEXT 5427AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5428 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5429 survey.sh]) 5430AC_OUTPUT 5431 5432# Print summary of options 5433 5434# Someone please show me a better way :) 5435A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5436B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5437C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5438D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5439E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5440F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5441G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5442H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5443I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5444J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5445 5446echo "" 5447echo "OpenSSH has been configured with the following options:" 5448echo " User binaries: $B" 5449echo " System binaries: $C" 5450echo " Configuration files: $D" 5451echo " Askpass program: $E" 5452echo " Manual pages: $F" 5453echo " PID file: $G" 5454echo " Privilege separation chroot path: $H" 5455if test "x$external_path_file" = "x/etc/login.conf" ; then 5456echo " At runtime, sshd will use the path defined in $external_path_file" 5457echo " Make sure the path to scp is present, otherwise scp will not work" 5458else 5459echo " sshd default user PATH: $I" 5460 if test ! -z "$external_path_file"; then 5461echo " (If PATH is set in $external_path_file it will be used instead. If" 5462echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5463 fi 5464fi 5465if test ! -z "$superuser_path" ; then 5466echo " sshd superuser user PATH: $J" 5467fi 5468echo " Manpage format: $MANTYPE" 5469echo " PAM support: $PAM_MSG" 5470echo " OSF SIA support: $SIA_MSG" 5471echo " KerberosV support: $KRB5_MSG" 5472echo " SELinux support: $SELINUX_MSG" 5473echo " MD5 password support: $MD5_MSG" 5474echo " libedit support: $LIBEDIT_MSG" 5475echo " libldns support: $LDNS_MSG" 5476echo " Solaris process contract support: $SPC_MSG" 5477echo " Solaris project support: $SP_MSG" 5478echo " Solaris privilege support: $SPP_MSG" 5479echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5480echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5481echo " BSD Auth support: $BSD_AUTH_MSG" 5482echo " Random number source: $RAND_MSG" 5483echo " Privsep sandbox style: $SANDBOX_STYLE" 5484echo " PKCS#11 support: $enable_pkcs11" 5485echo " U2F/FIDO support: $enable_sk" 5486 5487echo "" 5488 5489echo " Host: ${host}" 5490echo " Compiler: ${CC}" 5491echo " Compiler flags: ${CFLAGS}" 5492echo "Preprocessor flags: ${CPPFLAGS}" 5493echo " Linker flags: ${LDFLAGS}" 5494echo " Libraries: ${LIBS}" 5495if test ! -z "${SSHDLIBS}"; then 5496echo " +for sshd: ${SSHDLIBS}" 5497fi 5498 5499echo "" 5500 5501if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5502 echo "SVR4 style packages are supported with \"make package\"" 5503 echo "" 5504fi 5505 5506if test "x$PAM_MSG" = "xyes" ; then 5507 echo "PAM is enabled. You may need to install a PAM control file " 5508 echo "for sshd, otherwise password authentication may fail. " 5509 echo "Example PAM control files can be found in the contrib/ " 5510 echo "subdirectory" 5511 echo "" 5512fi 5513 5514if test ! -z "$NO_PEERCHECK" ; then 5515 echo "WARNING: the operating system that you are using does not" 5516 echo "appear to support getpeereid(), getpeerucred() or the" 5517 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5518 echo "enforce security checks to prevent unauthorised connections to" 5519 echo "ssh-agent. Their absence increases the risk that a malicious" 5520 echo "user can connect to your agent." 5521 echo "" 5522fi 5523 5524if test "$AUDIT_MODULE" = "bsm" ; then 5525 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5526 echo "See the Solaris section in README.platform for details." 5527fi 5528