1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_CONFIG_SRCDIR([ssh.c]) 18AC_LANG([C]) 19 20AC_CONFIG_HEADER([config.h]) 21AC_PROG_CC([cc gcc]) 22AC_CANONICAL_HOST 23AC_C_BIGENDIAN 24 25# Checks for programs. 26AC_PROG_AWK 27AC_PROG_CPP 28AC_PROG_RANLIB 29AC_PROG_INSTALL 30AC_PROG_EGREP 31AC_PROG_MKDIR_P 32AC_CHECK_TOOLS([AR], [ar]) 33AC_PATH_PROG([CAT], [cat]) 34AC_PATH_PROG([KILL], [kill]) 35AC_PATH_PROG([SED], [sed]) 36AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 37AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 38AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 39AC_PATH_PROG([SH], [sh]) 40AC_PATH_PROG([GROFF], [groff]) 41AC_PATH_PROG([NROFF], [nroff awf]) 42AC_PATH_PROG([MANDOC], [mandoc]) 43AC_SUBST([TEST_SHELL], [sh]) 44 45dnl select manpage formatter to be used to build "cat" format pages. 46if test "x$MANDOC" != "x" ; then 47 MANFMT="$MANDOC" 48elif test "x$NROFF" != "x" ; then 49 MANFMT="$NROFF -mandoc" 50elif test "x$GROFF" != "x" ; then 51 MANFMT="$GROFF -mandoc -Tascii" 52else 53 AC_MSG_WARN([no manpage formatter found]) 54 MANFMT="false" 55fi 56AC_SUBST([MANFMT]) 57 58dnl for buildpkg.sh 59AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 60 [/usr/sbin${PATH_SEPARATOR}/etc]) 61AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 62 [/usr/sbin${PATH_SEPARATOR}/etc]) 63AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 64if test -x /sbin/sh; then 65 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 66else 67 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 68fi 69 70# System features 71AC_SYS_LARGEFILE 72 73if test -z "$AR" ; then 74 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 75fi 76 77AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 78if test ! -z "$PATH_PASSWD_PROG" ; then 79 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 80 [Full path of your "passwd" program]) 81fi 82 83dnl Since autoconf doesn't support it very well, we no longer allow users to 84dnl override LD, however keeping the hook here for now in case there's a use 85dnl use case we overlooked and someone needs to re-enable it. Unless a good 86dnl reason is found we'll be removing this in future. 87LD="$CC" 88AC_SUBST([LD]) 89 90AC_C_INLINE 91 92AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 93AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 94AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 95 #include <sys/types.h> 96 #include <sys/param.h> 97 #include <dev/systrace.h> 98]) 99AC_CHECK_DECL([RLIMIT_NPROC], 100 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 101 #include <sys/types.h> 102 #include <sys/resource.h> 103]) 104AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 105 #include <sys/types.h> 106 #include <linux/prctl.h> 107]) 108 109openssl=yes 110AC_ARG_WITH([openssl], 111 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 112 [ if test "x$withval" = "xno" ; then 113 openssl=no 114 fi 115 ] 116) 117AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 118if test "x$openssl" = "xyes" ; then 119 AC_MSG_RESULT([yes]) 120 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 121else 122 AC_MSG_RESULT([no]) 123fi 124 125use_stack_protector=1 126use_toolchain_hardening=1 127AC_ARG_WITH([stackprotect], 128 [ --without-stackprotect Don't use compiler's stack protection], [ 129 if test "x$withval" = "xno"; then 130 use_stack_protector=0 131 fi ]) 132AC_ARG_WITH([hardening], 133 [ --without-hardening Don't use toolchain hardening flags], [ 134 if test "x$withval" = "xno"; then 135 use_toolchain_hardening=0 136 fi ]) 137 138# We use -Werror for the tests only so that we catch warnings like "this is 139# on by default" for things like -fPIE. 140AC_MSG_CHECKING([if $CC supports -Werror]) 141saved_CFLAGS="$CFLAGS" 142CFLAGS="$CFLAGS -Werror" 143AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 144 [ AC_MSG_RESULT([yes]) 145 WERROR="-Werror"], 146 [ AC_MSG_RESULT([no]) 147 WERROR="" ] 148) 149CFLAGS="$saved_CFLAGS" 150 151if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 152 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 153 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 154 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 155 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 156 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 157 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 158 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 159 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 160 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 161 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 162 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 163 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 164 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 165 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 166 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 167 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 168 if test "x$use_toolchain_hardening" = "x1"; then 169 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 170 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 171 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 172 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 173 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 174 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 175 # NB. -ftrapv expects certain support functions to be present in 176 # the compiler library (libgcc or similar) to detect integer operations 177 # that can overflow. We must check that the result of enabling it 178 # actually links. The test program compiled/linked includes a number 179 # of integer operations that should exercise this. 180 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 181 fi 182 AC_MSG_CHECKING([gcc version]) 183 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 184 case $GCC_VER in 185 1.*) no_attrib_nonnull=1 ;; 186 2.8* | 2.9*) 187 no_attrib_nonnull=1 188 ;; 189 2.*) no_attrib_nonnull=1 ;; 190 *) ;; 191 esac 192 AC_MSG_RESULT([$GCC_VER]) 193 194 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 195 saved_CFLAGS="$CFLAGS" 196 CFLAGS="$CFLAGS -fno-builtin-memset" 197 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 198 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 199 [ AC_MSG_RESULT([yes]) ], 200 [ AC_MSG_RESULT([no]) 201 CFLAGS="$saved_CFLAGS" ] 202 ) 203 204 # -fstack-protector-all doesn't always work for some GCC versions 205 # and/or platforms, so we test if we can. If it's not supported 206 # on a given platform gcc will emit a warning so we use -Werror. 207 if test "x$use_stack_protector" = "x1"; then 208 for t in -fstack-protector-strong -fstack-protector-all \ 209 -fstack-protector; do 210 AC_MSG_CHECKING([if $CC supports $t]) 211 saved_CFLAGS="$CFLAGS" 212 saved_LDFLAGS="$LDFLAGS" 213 CFLAGS="$CFLAGS $t -Werror" 214 LDFLAGS="$LDFLAGS $t -Werror" 215 AC_LINK_IFELSE( 216 [AC_LANG_PROGRAM([[ 217 #include <stdio.h> 218 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 219 ]], 220 [[ 221 char x[256]; 222 snprintf(x, sizeof(x), "XXX%d", func(1)); 223 ]])], 224 [ AC_MSG_RESULT([yes]) 225 CFLAGS="$saved_CFLAGS $t" 226 LDFLAGS="$saved_LDFLAGS $t" 227 AC_MSG_CHECKING([if $t works]) 228 AC_RUN_IFELSE( 229 [AC_LANG_PROGRAM([[ 230 #include <stdio.h> 231 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 232 ]], 233 [[ 234 char x[256]; 235 snprintf(x, sizeof(x), "XXX%d", func(1)); 236 ]])], 237 [ AC_MSG_RESULT([yes]) 238 break ], 239 [ AC_MSG_RESULT([no]) ], 240 [ AC_MSG_WARN([cross compiling: cannot test]) 241 break ] 242 ) 243 ], 244 [ AC_MSG_RESULT([no]) ] 245 ) 246 CFLAGS="$saved_CFLAGS" 247 LDFLAGS="$saved_LDFLAGS" 248 done 249 fi 250 251 if test -z "$have_llong_max"; then 252 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 253 unset ac_cv_have_decl_LLONG_MAX 254 saved_CFLAGS="$CFLAGS" 255 CFLAGS="$CFLAGS -std=gnu99" 256 AC_CHECK_DECL([LLONG_MAX], 257 [have_llong_max=1], 258 [CFLAGS="$saved_CFLAGS"], 259 [#include <limits.h>] 260 ) 261 fi 262fi 263 264AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 265AC_COMPILE_IFELSE( 266 [AC_LANG_PROGRAM([[ 267#include <stdlib.h> 268__attribute__((__unused__)) static void foo(void){return;}]], 269 [[ exit(0); ]])], 270 [ AC_MSG_RESULT([yes]) ], 271 [ AC_MSG_RESULT([no]) 272 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 273 [compiler does not accept __attribute__ on return types]) ] 274) 275 276AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 277AC_COMPILE_IFELSE( 278 [AC_LANG_PROGRAM([[ 279#include <stdlib.h> 280typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 281 [[ exit(0); ]])], 282 [ AC_MSG_RESULT([yes]) ], 283 [ AC_MSG_RESULT([no]) 284 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 285 [compiler does not accept __attribute__ on prototype args]) ] 286) 287 288if test "x$no_attrib_nonnull" != "x1" ; then 289 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 290fi 291 292AC_ARG_WITH([rpath], 293 [ --without-rpath Disable auto-added -R linker paths], 294 [ 295 if test "x$withval" = "xno" ; then 296 rpath_opt="" 297 elif test "x$withval" = "xyes" ; then 298 rpath_opt="-R" 299 else 300 rpath_opt="$withval" 301 fi 302 ] 303) 304 305# Allow user to specify flags 306AC_ARG_WITH([cflags], 307 [ --with-cflags Specify additional flags to pass to compiler], 308 [ 309 if test -n "$withval" && test "x$withval" != "xno" && \ 310 test "x${withval}" != "xyes"; then 311 CFLAGS="$CFLAGS $withval" 312 fi 313 ] 314) 315 316AC_ARG_WITH([cflags-after], 317 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 318 [ 319 if test -n "$withval" && test "x$withval" != "xno" && \ 320 test "x${withval}" != "xyes"; then 321 CFLAGS_AFTER="$withval" 322 fi 323 ] 324) 325AC_ARG_WITH([cppflags], 326 [ --with-cppflags Specify additional flags to pass to preprocessor] , 327 [ 328 if test -n "$withval" && test "x$withval" != "xno" && \ 329 test "x${withval}" != "xyes"; then 330 CPPFLAGS="$CPPFLAGS $withval" 331 fi 332 ] 333) 334AC_ARG_WITH([ldflags], 335 [ --with-ldflags Specify additional flags to pass to linker], 336 [ 337 if test -n "$withval" && test "x$withval" != "xno" && \ 338 test "x${withval}" != "xyes"; then 339 LDFLAGS="$LDFLAGS $withval" 340 fi 341 ] 342) 343AC_ARG_WITH([ldflags-after], 344 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 345 [ 346 if test -n "$withval" && test "x$withval" != "xno" && \ 347 test "x${withval}" != "xyes"; then 348 LDFLAGS_AFTER="$withval" 349 fi 350 ] 351) 352AC_ARG_WITH([libs], 353 [ --with-libs Specify additional libraries to link with], 354 [ 355 if test -n "$withval" && test "x$withval" != "xno" && \ 356 test "x${withval}" != "xyes"; then 357 LIBS="$LIBS $withval" 358 fi 359 ] 360) 361AC_ARG_WITH([Werror], 362 [ --with-Werror Build main code with -Werror], 363 [ 364 if test -n "$withval" && test "x$withval" != "xno"; then 365 werror_flags="-Werror" 366 if test "x${withval}" != "xyes"; then 367 werror_flags="$withval" 368 fi 369 fi 370 ] 371) 372 373AC_CHECK_HEADERS([ \ 374 blf.h \ 375 bstring.h \ 376 crypt.h \ 377 crypto/sha2.h \ 378 dirent.h \ 379 endian.h \ 380 elf.h \ 381 err.h \ 382 features.h \ 383 fcntl.h \ 384 floatingpoint.h \ 385 fnmatch.h \ 386 getopt.h \ 387 glob.h \ 388 ia.h \ 389 iaf.h \ 390 ifaddrs.h \ 391 inttypes.h \ 392 langinfo.h \ 393 limits.h \ 394 locale.h \ 395 login.h \ 396 maillock.h \ 397 ndir.h \ 398 net/if_tun.h \ 399 netdb.h \ 400 netgroup.h \ 401 pam/pam_appl.h \ 402 paths.h \ 403 poll.h \ 404 pty.h \ 405 readpassphrase.h \ 406 rpc/types.h \ 407 security/pam_appl.h \ 408 sha2.h \ 409 shadow.h \ 410 stddef.h \ 411 stdint.h \ 412 string.h \ 413 strings.h \ 414 sys/bitypes.h \ 415 sys/byteorder.h \ 416 sys/bsdtty.h \ 417 sys/cdefs.h \ 418 sys/dir.h \ 419 sys/file.h \ 420 sys/mman.h \ 421 sys/label.h \ 422 sys/ndir.h \ 423 sys/poll.h \ 424 sys/prctl.h \ 425 sys/pstat.h \ 426 sys/ptrace.h \ 427 sys/random.h \ 428 sys/select.h \ 429 sys/stat.h \ 430 sys/stream.h \ 431 sys/stropts.h \ 432 sys/strtio.h \ 433 sys/statvfs.h \ 434 sys/sysmacros.h \ 435 sys/time.h \ 436 sys/timers.h \ 437 sys/vfs.h \ 438 time.h \ 439 tmpdir.h \ 440 ttyent.h \ 441 ucred.h \ 442 unistd.h \ 443 usersec.h \ 444 util.h \ 445 utime.h \ 446 utmp.h \ 447 utmpx.h \ 448 vis.h \ 449 wchar.h \ 450]) 451 452# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 453# to be included first. 454AC_CHECK_HEADERS([sys/audit.h], [], [], [ 455#ifdef HAVE_SYS_TIME_H 456# include <sys/time.h> 457#endif 458#ifdef HAVE_SYS_TYPES_H 459# include <sys/types.h> 460#endif 461#ifdef HAVE_SYS_LABEL_H 462# include <sys/label.h> 463#endif 464]) 465 466# sys/capsicum.h requires sys/types.h 467AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ 468#ifdef HAVE_SYS_TYPES_H 469# include <sys/types.h> 470#endif 471]) 472 473# net/route.h requires sys/socket.h and sys/types.h. 474# sys/sysctl.h also requires sys/param.h 475AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 476#ifdef HAVE_SYS_TYPES_H 477# include <sys/types.h> 478#endif 479#include <sys/param.h> 480#include <sys/socket.h> 481]) 482 483# lastlog.h requires sys/time.h to be included first on Solaris 484AC_CHECK_HEADERS([lastlog.h], [], [], [ 485#ifdef HAVE_SYS_TIME_H 486# include <sys/time.h> 487#endif 488]) 489 490# sys/ptms.h requires sys/stream.h to be included first on Solaris 491AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 492#ifdef HAVE_SYS_STREAM_H 493# include <sys/stream.h> 494#endif 495]) 496 497# login_cap.h requires sys/types.h on NetBSD 498AC_CHECK_HEADERS([login_cap.h], [], [], [ 499#include <sys/types.h> 500]) 501 502# older BSDs need sys/param.h before sys/mount.h 503AC_CHECK_HEADERS([sys/mount.h], [], [], [ 504#include <sys/param.h> 505]) 506 507# Android requires sys/socket.h to be included before sys/un.h 508AC_CHECK_HEADERS([sys/un.h], [], [], [ 509#include <sys/types.h> 510#include <sys/socket.h> 511]) 512 513# Messages for features tested for in target-specific section 514SIA_MSG="no" 515SPC_MSG="no" 516SP_MSG="no" 517SPP_MSG="no" 518 519# Support for Solaris/Illumos privileges (this test is used by both 520# the --with-solaris-privs option and --with-sandbox=solaris). 521SOLARIS_PRIVS="no" 522 523AC_CHECK_SIZEOF([size_t]) 524 525# Check for some target-specific stuff 526case "$host" in 527*-*-aix*) 528 # Some versions of VAC won't allow macro redefinitions at 529 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 530 # particularly with older versions of vac or xlc. 531 # It also throws errors about null macro arguments, but these are 532 # not fatal. 533 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 534 AC_COMPILE_IFELSE( 535 [AC_LANG_PROGRAM([[ 536#define testmacro foo 537#define testmacro bar]], 538 [[ exit(0); ]])], 539 [ AC_MSG_RESULT([yes]) ], 540 [ AC_MSG_RESULT([no]) 541 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 542 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 543 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 544 ] 545 ) 546 547 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 548 if (test -z "$blibpath"); then 549 blibpath="/usr/lib:/lib" 550 fi 551 saved_LDFLAGS="$LDFLAGS" 552 if test "$GCC" = "yes"; then 553 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 554 else 555 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 556 fi 557 for tryflags in $flags ;do 558 if (test -z "$blibflags"); then 559 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 560 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 561 [blibflags=$tryflags], []) 562 fi 563 done 564 if (test -z "$blibflags"); then 565 AC_MSG_RESULT([not found]) 566 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 567 else 568 AC_MSG_RESULT([$blibflags]) 569 fi 570 LDFLAGS="$saved_LDFLAGS" 571 dnl Check for authenticate. Might be in libs.a on older AIXes 572 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 573 [Define if you want to enable AIX4's authenticate function])], 574 [AC_CHECK_LIB([s], [authenticate], 575 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 576 LIBS="$LIBS -ls" 577 ]) 578 ]) 579 dnl Check for various auth function declarations in headers. 580 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 581 passwdexpired, setauthdb], , , [#include <usersec.h>]) 582 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 583 AC_CHECK_DECLS([loginfailed], 584 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 585 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 586 [[ (void)loginfailed("user","host","tty",0); ]])], 587 [AC_MSG_RESULT([yes]) 588 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 589 [Define if your AIX loginfailed() function 590 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 591 ])], 592 [], 593 [#include <usersec.h>] 594 ) 595 AC_CHECK_FUNCS([getgrset setauthdb]) 596 AC_CHECK_DECL([F_CLOSEM], 597 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 598 [], 599 [ #include <limits.h> 600 #include <fcntl.h> ] 601 ) 602 check_for_aix_broken_getaddrinfo=1 603 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 604 [Define if your platform breaks doing a seteuid before a setuid]) 605 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 606 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 607 dnl AIX handles lastlog as part of its login message 608 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 609 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 610 [Some systems need a utmpx entry for /bin/login to work]) 611 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 612 [Define to a Set Process Title type if your system is 613 supported by bsd-setproctitle.c]) 614 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 615 [AIX 5.2 and 5.3 (and presumably newer) require this]) 616 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 617 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 618 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 619 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 620 ;; 621*-*-android*) 622 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 623 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 624 ;; 625*-*-cygwin*) 626 check_for_libcrypt_later=1 627 LIBS="$LIBS /usr/lib/textreadmode.o" 628 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 629 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 630 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 631 [Define to disable UID restoration test]) 632 AC_DEFINE([DISABLE_SHADOW], [1], 633 [Define if you want to disable shadow passwords]) 634 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 635 [Define if X11 doesn't support AF_UNIX sockets on that system]) 636 AC_DEFINE([DISABLE_FD_PASSING], [1], 637 [Define if your platform needs to skip post auth 638 file descriptor passing]) 639 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 640 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 641 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 642 # reasons which cause compile warnings, so we disable those warnings. 643 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 644 ;; 645*-*-dgux*) 646 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 647 [Define if your system choked on IP TOS setting]) 648 AC_DEFINE([SETEUID_BREAKS_SETUID]) 649 AC_DEFINE([BROKEN_SETREUID]) 650 AC_DEFINE([BROKEN_SETREGID]) 651 ;; 652*-*-darwin*) 653 use_pie=auto 654 AC_MSG_CHECKING([if we have working getaddrinfo]) 655 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h> 656main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 657 exit(0); 658 else 659 exit(1); 660} 661 ]])], 662 [AC_MSG_RESULT([working])], 663 [AC_MSG_RESULT([buggy]) 664 AC_DEFINE([BROKEN_GETADDRINFO], [1], 665 [getaddrinfo is broken (if present)]) 666 ], 667 [AC_MSG_RESULT([assume it is working])]) 668 AC_DEFINE([SETEUID_BREAKS_SETUID]) 669 AC_DEFINE([BROKEN_SETREUID]) 670 AC_DEFINE([BROKEN_SETREGID]) 671 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 672 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 673 [Define if your resolver libs need this for getrrsetbyname]) 674 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 675 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 676 [Use tunnel device compatibility to OpenBSD]) 677 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 678 [Prepend the address family to IP tunnel traffic]) 679 m4_pattern_allow([AU_IPv]) 680 AC_CHECK_DECL([AU_IPv4], [], 681 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 682 [#include <bsm/audit.h>] 683 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 684 [Define if pututxline updates lastlog too]) 685 ) 686 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 687 [Define to a Set Process Title type if your system is 688 supported by bsd-setproctitle.c]) 689 AC_CHECK_FUNCS([sandbox_init]) 690 AC_CHECK_HEADERS([sandbox.h]) 691 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 692 SSHDLIBS="$SSHDLIBS -lsandbox" 693 ]) 694 # proc_pidinfo()-based closefrom() replacement. 695 AC_CHECK_HEADERS([libproc.h]) 696 AC_CHECK_FUNCS([proc_pidinfo]) 697 ;; 698*-*-dragonfly*) 699 SSHDLIBS="$SSHDLIBS -lcrypt" 700 TEST_MALLOC_OPTIONS="AFGJPRX" 701 ;; 702*-*-haiku*) 703 LIBS="$LIBS -lbsd " 704 CFLAGS="$CFLAGS -D_BSD_SOURCE" 705 AC_CHECK_LIB([network], [socket]) 706 AC_DEFINE([HAVE_U_INT64_T]) 707 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 708 MANTYPE=man 709 ;; 710*-*-hpux*) 711 # first we define all of the options common to all HP-UX releases 712 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 713 IPADDR_IN_DISPLAY=yes 714 AC_DEFINE([USE_PIPES]) 715 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 716 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 717 [String used in /etc/passwd to denote locked account]) 718 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 719 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 720 maildir="/var/mail" 721 LIBS="$LIBS -lsec" 722 AC_CHECK_LIB([xnet], [t_error], , 723 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 724 725 # next, we define all of the options specific to major releases 726 case "$host" in 727 *-*-hpux10*) 728 if test -z "$GCC"; then 729 CFLAGS="$CFLAGS -Ae" 730 fi 731 ;; 732 *-*-hpux11*) 733 AC_DEFINE([PAM_SUN_CODEBASE], [1], 734 [Define if you are using Solaris-derived PAM which 735 passes pam_messages to the conversation function 736 with an extra level of indirection]) 737 AC_DEFINE([DISABLE_UTMP], [1], 738 [Define if you don't want to use utmp]) 739 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 740 check_for_hpux_broken_getaddrinfo=1 741 check_for_conflicting_getspnam=1 742 ;; 743 esac 744 745 # lastly, we define options specific to minor releases 746 case "$host" in 747 *-*-hpux10.26) 748 AC_DEFINE([HAVE_SECUREWARE], [1], 749 [Define if you have SecureWare-based 750 protected password database]) 751 disable_ptmx_check=yes 752 LIBS="$LIBS -lsecpw" 753 ;; 754 esac 755 ;; 756*-*-irix5*) 757 PATH="$PATH:/usr/etc" 758 AC_DEFINE([BROKEN_INET_NTOA], [1], 759 [Define if you system's inet_ntoa is busted 760 (e.g. Irix gcc issue)]) 761 AC_DEFINE([SETEUID_BREAKS_SETUID]) 762 AC_DEFINE([BROKEN_SETREUID]) 763 AC_DEFINE([BROKEN_SETREGID]) 764 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 765 [Define if you shouldn't strip 'tty' from your 766 ttyname in [uw]tmp]) 767 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 768 ;; 769*-*-irix6*) 770 PATH="$PATH:/usr/etc" 771 AC_DEFINE([WITH_IRIX_ARRAY], [1], 772 [Define if you have/want arrays 773 (cluster-wide session management, not C arrays)]) 774 AC_DEFINE([WITH_IRIX_PROJECT], [1], 775 [Define if you want IRIX project management]) 776 AC_DEFINE([WITH_IRIX_AUDIT], [1], 777 [Define if you want IRIX audit trails]) 778 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 779 [Define if you want IRIX kernel jobs])]) 780 AC_DEFINE([BROKEN_INET_NTOA]) 781 AC_DEFINE([SETEUID_BREAKS_SETUID]) 782 AC_DEFINE([BROKEN_SETREUID]) 783 AC_DEFINE([BROKEN_SETREGID]) 784 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 785 AC_DEFINE([WITH_ABBREV_NO_TTY]) 786 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 787 ;; 788*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 789 check_for_libcrypt_later=1 790 AC_DEFINE([PAM_TTY_KLUDGE]) 791 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 792 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 793 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 794 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 795 ;; 796*-*-linux*) 797 no_dev_ptmx=1 798 use_pie=auto 799 check_for_libcrypt_later=1 800 check_for_openpty_ctty_bug=1 801 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 802 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 803 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" 804 AC_DEFINE([PAM_TTY_KLUDGE], [1], 805 [Work around problematic Linux PAM modules handling of PAM_TTY]) 806 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 807 [String used in /etc/passwd to denote locked account]) 808 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 809 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 810 [Define to whatever link() returns for "not supported" 811 if it doesn't return EOPNOTSUPP.]) 812 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 813 AC_DEFINE([USE_BTMP]) 814 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 815 inet6_default_4in6=yes 816 case `uname -r` in 817 1.*|2.0.*) 818 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 819 [Define if cmsg_type is not passed correctly]) 820 ;; 821 esac 822 # tun(4) forwarding compat code 823 AC_CHECK_HEADERS([linux/if_tun.h]) 824 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 825 AC_DEFINE([SSH_TUN_LINUX], [1], 826 [Open tunnel devices the Linux tun/tap way]) 827 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 828 [Use tunnel device compatibility to OpenBSD]) 829 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 830 [Prepend the address family to IP tunnel traffic]) 831 fi 832 AC_CHECK_HEADER([linux/if.h], 833 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 834 [Support routing domains using Linux VRF]), [], [ 835#ifdef HAVE_SYS_TYPES_H 836# include <sys/types.h> 837#endif 838 ]) 839 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 840 [], [#include <linux/types.h>]) 841 # Obtain MIPS ABI 842 case "$host" in 843 mips*) 844 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 845#if _MIPS_SIM != _ABIO32 846#error 847#endif 848 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 849#if _MIPS_SIM != _ABIN32 850#error 851#endif 852 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 853#if _MIPS_SIM != _ABI64 854#error 855#endif 856 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 857 ]) 858 ]) 859 ]) 860 ;; 861 esac 862 AC_MSG_CHECKING([for seccomp architecture]) 863 seccomp_audit_arch= 864 case "$host" in 865 x86_64-*) 866 seccomp_audit_arch=AUDIT_ARCH_X86_64 867 # X32: AMD64 instructions in 32bit address space. 868 if test "x$ac_cv_sizeof_size_t" = "x4" ; then 869 seccomp_audit_arch=AUDIT_ARCH_I386 870 fi 871 ;; 872 i*86-*) 873 seccomp_audit_arch=AUDIT_ARCH_I386 874 ;; 875 arm*-*) 876 seccomp_audit_arch=AUDIT_ARCH_ARM 877 ;; 878 aarch64*-*) 879 seccomp_audit_arch=AUDIT_ARCH_AARCH64 880 ;; 881 s390x-*) 882 seccomp_audit_arch=AUDIT_ARCH_S390X 883 ;; 884 s390-*) 885 seccomp_audit_arch=AUDIT_ARCH_S390 886 ;; 887 powerpc64-*) 888 seccomp_audit_arch=AUDIT_ARCH_PPC64 889 ;; 890 powerpc64le-*) 891 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 892 ;; 893 mips-*) 894 seccomp_audit_arch=AUDIT_ARCH_MIPS 895 ;; 896 mipsel-*) 897 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 898 ;; 899 mips64-*) 900 case "$mips_abi" in 901 "n32") 902 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 903 ;; 904 "n64") 905 seccomp_audit_arch=AUDIT_ARCH_MIPS64 906 ;; 907 esac 908 ;; 909 mips64el-*) 910 case "$mips_abi" in 911 "n32") 912 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 913 ;; 914 "n64") 915 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 916 ;; 917 esac 918 ;; 919 riscv64-*) 920 seccomp_audit_arch=AUDIT_ARCH_RISCV64 921 ;; 922 esac 923 if test "x$seccomp_audit_arch" != "x" ; then 924 AC_MSG_RESULT(["$seccomp_audit_arch"]) 925 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 926 [Specify the system call convention in use]) 927 else 928 AC_MSG_RESULT([architecture not supported]) 929 fi 930 ;; 931mips-sony-bsd|mips-sony-newsos4) 932 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 933 SONY=1 934 ;; 935*-*-netbsd*) 936 check_for_libcrypt_before=1 937 if test "x$withval" != "xno" ; then 938 rpath_opt="-R" 939 fi 940 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 941 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 942 AC_CHECK_HEADER([net/if_tap.h], , 943 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 944 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 945 [Prepend the address family to IP tunnel traffic]) 946 TEST_MALLOC_OPTIONS="AJRX" 947 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 948 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 949 ;; 950*-*-freebsd*) 951 check_for_libcrypt_later=1 952 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 953 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 954 AC_CHECK_HEADER([net/if_tap.h], , 955 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 956 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 957 TEST_MALLOC_OPTIONS="AJRX" 958 # Preauth crypto occasionally uses file descriptors for crypto offload 959 # and will crash if they cannot be opened. 960 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 961 [define if setrlimit RLIMIT_NOFILE breaks things]) 962 ;; 963*-*-bsdi*) 964 AC_DEFINE([SETEUID_BREAKS_SETUID]) 965 AC_DEFINE([BROKEN_SETREUID]) 966 AC_DEFINE([BROKEN_SETREGID]) 967 ;; 968*-next-*) 969 conf_lastlog_location="/usr/adm/lastlog" 970 conf_utmp_location=/etc/utmp 971 conf_wtmp_location=/usr/adm/wtmp 972 maildir=/usr/spool/mail 973 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 974 AC_DEFINE([USE_PIPES]) 975 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 976 ;; 977*-*-openbsd*) 978 use_pie=auto 979 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 980 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 981 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 982 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 983 [syslog_r function is safe to use in in a signal handler]) 984 TEST_MALLOC_OPTIONS="AFGJPRX" 985 ;; 986*-*-solaris*) 987 if test "x$withval" != "xno" ; then 988 rpath_opt="-R" 989 fi 990 AC_DEFINE([PAM_SUN_CODEBASE]) 991 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 992 AC_DEFINE([PAM_TTY_KLUDGE]) 993 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 994 [Define if pam_chauthtok wants real uid set 995 to the unpriv'ed user]) 996 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 997 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 998 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 999 [Define if sshd somehow reacquires a controlling TTY 1000 after setsid()]) 1001 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1002 in case the name is longer than 8 chars]) 1003 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1004 external_path_file=/etc/default/login 1005 # hardwire lastlog location (can't detect it on some versions) 1006 conf_lastlog_location="/var/adm/lastlog" 1007 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1008 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1009 if test "$sol2ver" -ge 8; then 1010 AC_MSG_RESULT([yes]) 1011 AC_DEFINE([DISABLE_UTMP]) 1012 AC_DEFINE([DISABLE_WTMP], [1], 1013 [Define if you don't want to use wtmp]) 1014 else 1015 AC_MSG_RESULT([no]) 1016 fi 1017 AC_CHECK_FUNCS([setpflags]) 1018 AC_CHECK_FUNCS([setppriv]) 1019 AC_CHECK_FUNCS([priv_basicset]) 1020 AC_CHECK_HEADERS([priv.h]) 1021 AC_ARG_WITH([solaris-contracts], 1022 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1023 [ 1024 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1025 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1026 [Define if you have Solaris process contracts]) 1027 LIBS="$LIBS -lcontract" 1028 SPC_MSG="yes" ], ) 1029 ], 1030 ) 1031 AC_ARG_WITH([solaris-projects], 1032 [ --with-solaris-projects Enable Solaris projects (experimental)], 1033 [ 1034 AC_CHECK_LIB([project], [setproject], 1035 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1036 [Define if you have Solaris projects]) 1037 LIBS="$LIBS -lproject" 1038 SP_MSG="yes" ], ) 1039 ], 1040 ) 1041 AC_ARG_WITH([solaris-privs], 1042 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1043 [ 1044 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1045 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1046 "x$ac_cv_header_priv_h" = "xyes" ; then 1047 SOLARIS_PRIVS=yes 1048 AC_MSG_RESULT([found]) 1049 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1050 [Define to disable UID restoration test]) 1051 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1052 [Define if you have Solaris privileges]) 1053 SPP_MSG="yes" 1054 else 1055 AC_MSG_RESULT([not found]) 1056 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1057 fi 1058 ], 1059 ) 1060 TEST_SHELL=$SHELL # let configure find us a capable shell 1061 ;; 1062*-*-sunos4*) 1063 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1064 AC_CHECK_FUNCS([getpwanam]) 1065 AC_DEFINE([PAM_SUN_CODEBASE]) 1066 conf_utmp_location=/etc/utmp 1067 conf_wtmp_location=/var/adm/wtmp 1068 conf_lastlog_location=/var/adm/lastlog 1069 AC_DEFINE([USE_PIPES]) 1070 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1071 ;; 1072*-ncr-sysv*) 1073 LIBS="$LIBS -lc89" 1074 AC_DEFINE([USE_PIPES]) 1075 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1076 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1077 AC_DEFINE([BROKEN_SETREUID]) 1078 AC_DEFINE([BROKEN_SETREGID]) 1079 ;; 1080*-sni-sysv*) 1081 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1082 AC_CHECK_LIB([dl], [dlsym], ,) 1083 # -lresolv needs to be at the end of LIBS or DNS lookups break 1084 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1085 IPADDR_IN_DISPLAY=yes 1086 AC_DEFINE([USE_PIPES]) 1087 AC_DEFINE([IP_TOS_IS_BROKEN]) 1088 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1089 AC_DEFINE([BROKEN_SETREUID]) 1090 AC_DEFINE([BROKEN_SETREGID]) 1091 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1092 external_path_file=/etc/default/login 1093 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1094 # Attention: always take care to bind libsocket and libnsl before libc, 1095 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1096 ;; 1097# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1098*-*-sysv4.2*) 1099 AC_DEFINE([USE_PIPES]) 1100 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1101 AC_DEFINE([BROKEN_SETREUID]) 1102 AC_DEFINE([BROKEN_SETREGID]) 1103 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1104 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1105 TEST_SHELL=$SHELL # let configure find us a capable shell 1106 ;; 1107# UnixWare 7.x, OpenUNIX 8 1108*-*-sysv5*) 1109 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1110 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1111 AC_DEFINE([USE_PIPES]) 1112 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1113 AC_DEFINE([BROKEN_GETADDRINFO]) 1114 AC_DEFINE([BROKEN_SETREUID]) 1115 AC_DEFINE([BROKEN_SETREGID]) 1116 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1117 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1118 TEST_SHELL=$SHELL # let configure find us a capable shell 1119 check_for_libcrypt_later=1 1120 case "$host" in 1121 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1122 maildir=/var/spool/mail 1123 AC_DEFINE([BROKEN_UPDWTMPX]) 1124 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1125 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1126 ], , ) 1127 ;; 1128 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1129 ;; 1130 esac 1131 ;; 1132*-*-sysv*) 1133 ;; 1134# SCO UNIX and OEM versions of SCO UNIX 1135*-*-sco3.2v4*) 1136 AC_MSG_ERROR("This Platform is no longer supported.") 1137 ;; 1138# SCO OpenServer 5.x 1139*-*-sco3.2v5*) 1140 if test -z "$GCC"; then 1141 CFLAGS="$CFLAGS -belf" 1142 fi 1143 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1144 no_dev_ptmx=1 1145 AC_DEFINE([USE_PIPES]) 1146 AC_DEFINE([HAVE_SECUREWARE]) 1147 AC_DEFINE([DISABLE_SHADOW]) 1148 AC_DEFINE([DISABLE_FD_PASSING]) 1149 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1150 AC_DEFINE([BROKEN_GETADDRINFO]) 1151 AC_DEFINE([BROKEN_SETREUID]) 1152 AC_DEFINE([BROKEN_SETREGID]) 1153 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1154 AC_DEFINE([BROKEN_UPDWTMPX]) 1155 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1156 AC_CHECK_FUNCS([getluid setluid]) 1157 MANTYPE=man 1158 TEST_SHELL=$SHELL # let configure find us a capable shell 1159 SKIP_DISABLE_LASTLOG_DEFINE=yes 1160 ;; 1161*-dec-osf*) 1162 AC_MSG_CHECKING([for Digital Unix SIA]) 1163 no_osfsia="" 1164 AC_ARG_WITH([osfsia], 1165 [ --with-osfsia Enable Digital Unix SIA], 1166 [ 1167 if test "x$withval" = "xno" ; then 1168 AC_MSG_RESULT([disabled]) 1169 no_osfsia=1 1170 fi 1171 ], 1172 ) 1173 if test -z "$no_osfsia" ; then 1174 if test -f /etc/sia/matrix.conf; then 1175 AC_MSG_RESULT([yes]) 1176 AC_DEFINE([HAVE_OSF_SIA], [1], 1177 [Define if you have Digital Unix Security 1178 Integration Architecture]) 1179 AC_DEFINE([DISABLE_LOGIN], [1], 1180 [Define if you don't want to use your 1181 system's login() call]) 1182 AC_DEFINE([DISABLE_FD_PASSING]) 1183 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1184 SIA_MSG="yes" 1185 else 1186 AC_MSG_RESULT([no]) 1187 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1188 [String used in /etc/passwd to denote locked account]) 1189 fi 1190 fi 1191 AC_DEFINE([BROKEN_GETADDRINFO]) 1192 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1193 AC_DEFINE([BROKEN_SETREUID]) 1194 AC_DEFINE([BROKEN_SETREGID]) 1195 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1196 ;; 1197 1198*-*-nto-qnx*) 1199 AC_DEFINE([USE_PIPES]) 1200 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1201 AC_DEFINE([DISABLE_LASTLOG]) 1202 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1203 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1204 enable_etc_default_login=no # has incompatible /etc/default/login 1205 case "$host" in 1206 *-*-nto-qnx6*) 1207 AC_DEFINE([DISABLE_FD_PASSING]) 1208 ;; 1209 esac 1210 ;; 1211 1212*-*-ultrix*) 1213 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1214 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1215 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1216 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1217 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1218 # don't get a controlling tty. 1219 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1220 # On Ultrix some headers are not protected against multiple includes, 1221 # so we create wrappers and put it where the compiler will find it. 1222 AC_MSG_WARN([creating compat wrappers for headers]) 1223 mkdir -p netinet 1224 for header in netinet/ip.h netdb.h resolv.h; do 1225 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1226 cat >$header <<EOD 1227#ifndef _SSH_COMPAT_${name} 1228#define _SSH_COMPAT_${name} 1229#include "/usr/include/${header}" 1230#endif 1231EOD 1232 done 1233 ;; 1234 1235*-*-lynxos) 1236 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1237 AC_DEFINE([BROKEN_SETVBUF], [1], 1238 [LynxOS has broken setvbuf() implementation]) 1239 ;; 1240esac 1241 1242AC_MSG_CHECKING([compiler and flags for sanity]) 1243AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], 1244 [ AC_MSG_RESULT([yes]) ], 1245 [ 1246 AC_MSG_RESULT([no]) 1247 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1248 ], 1249 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1250) 1251 1252dnl Checks for header files. 1253# Checks for libraries. 1254AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1255 1256dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1257AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1258 AC_CHECK_LIB([gen], [dirname], [ 1259 AC_CACHE_CHECK([for broken dirname], 1260 ac_cv_have_broken_dirname, [ 1261 save_LIBS="$LIBS" 1262 LIBS="$LIBS -lgen" 1263 AC_RUN_IFELSE( 1264 [AC_LANG_SOURCE([[ 1265#include <libgen.h> 1266#include <string.h> 1267 1268int main(int argc, char **argv) { 1269 char *s, buf[32]; 1270 1271 strncpy(buf,"/etc", 32); 1272 s = dirname(buf); 1273 if (!s || strncmp(s, "/", 32) != 0) { 1274 exit(1); 1275 } else { 1276 exit(0); 1277 } 1278} 1279 ]])], 1280 [ ac_cv_have_broken_dirname="no" ], 1281 [ ac_cv_have_broken_dirname="yes" ], 1282 [ ac_cv_have_broken_dirname="no" ], 1283 ) 1284 LIBS="$save_LIBS" 1285 ]) 1286 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1287 LIBS="$LIBS -lgen" 1288 AC_DEFINE([HAVE_DIRNAME]) 1289 AC_CHECK_HEADERS([libgen.h]) 1290 fi 1291 ]) 1292]) 1293 1294AC_CHECK_FUNC([getspnam], , 1295 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1296AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1297 [Define if you have the basename function.])]) 1298 1299dnl zlib defaults to enabled 1300zlib=yes 1301AC_ARG_WITH([zlib], 1302 [ --with-zlib=PATH Use zlib in PATH], 1303 [ if test "x$withval" = "xno" ; then 1304 zlib=no 1305 elif test "x$withval" != "xyes"; then 1306 if test -d "$withval/lib"; then 1307 if test -n "${rpath_opt}"; then 1308 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1309 else 1310 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1311 fi 1312 else 1313 if test -n "${rpath_opt}"; then 1314 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1315 else 1316 LDFLAGS="-L${withval} ${LDFLAGS}" 1317 fi 1318 fi 1319 if test -d "$withval/include"; then 1320 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1321 else 1322 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1323 fi 1324 fi ] 1325) 1326 1327AC_MSG_CHECKING([for zlib]) 1328if test "x${zlib}" = "xno"; then 1329 AC_MSG_RESULT([no]) 1330else 1331 AC_MSG_RESULT([yes]) 1332 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1333 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1334 AC_CHECK_LIB([z], [deflate], , 1335 [ 1336 saved_CPPFLAGS="$CPPFLAGS" 1337 saved_LDFLAGS="$LDFLAGS" 1338 save_LIBS="$LIBS" 1339 dnl Check default zlib install dir 1340 if test -n "${rpath_opt}"; then 1341 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1342 else 1343 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1344 fi 1345 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1346 LIBS="$LIBS -lz" 1347 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1348 [ 1349 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1350 ] 1351 ) 1352 ] 1353 ) 1354 1355 AC_ARG_WITH([zlib-version-check], 1356 [ --without-zlib-version-check Disable zlib version check], 1357 [ if test "x$withval" = "xno" ; then 1358 zlib_check_nonfatal=1 1359 fi 1360 ] 1361 ) 1362 1363 AC_MSG_CHECKING([for possibly buggy zlib]) 1364 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1365#include <stdio.h> 1366#include <stdlib.h> 1367#include <zlib.h> 1368 ]], 1369 [[ 1370 int a=0, b=0, c=0, d=0, n, v; 1371 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1372 if (n != 3 && n != 4) 1373 exit(1); 1374 v = a*1000000 + b*10000 + c*100 + d; 1375 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1376 1377 /* 1.1.4 is OK */ 1378 if (a == 1 && b == 1 && c >= 4) 1379 exit(0); 1380 1381 /* 1.2.3 and up are OK */ 1382 if (v >= 1020300) 1383 exit(0); 1384 1385 exit(2); 1386 ]])], 1387 AC_MSG_RESULT([no]), 1388 [ AC_MSG_RESULT([yes]) 1389 if test -z "$zlib_check_nonfatal" ; then 1390 AC_MSG_ERROR([*** zlib too old - check config.log *** 1391Your reported zlib version has known security problems. It's possible your 1392vendor has fixed these problems without changing the version number. If you 1393are sure this is the case, you can disable the check by running 1394"./configure --without-zlib-version-check". 1395If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1396See http://www.gzip.org/zlib/ for details.]) 1397 else 1398 AC_MSG_WARN([zlib version may have security problems]) 1399 fi 1400 ], 1401 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1402 ) 1403fi 1404 1405dnl UnixWare 2.x 1406AC_CHECK_FUNC([strcasecmp], 1407 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1408) 1409AC_CHECK_FUNCS([utimes], 1410 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1411 LIBS="$LIBS -lc89"]) ] 1412) 1413 1414dnl Checks for libutil functions 1415AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1416AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1417AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1418AC_SEARCH_LIBS([login], [util bsd]) 1419AC_SEARCH_LIBS([logout], [util bsd]) 1420AC_SEARCH_LIBS([logwtmp], [util bsd]) 1421AC_SEARCH_LIBS([openpty], [util bsd]) 1422AC_SEARCH_LIBS([updwtmp], [util bsd]) 1423AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1424 1425# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1426# or libnsl. 1427AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1428AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1429 1430# "Particular Function Checks" 1431# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1432AC_FUNC_STRFTIME 1433AC_FUNC_MALLOC 1434AC_FUNC_REALLOC 1435# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1436AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1437AC_RUN_IFELSE( 1438 [AC_LANG_PROGRAM( 1439 [[ #include <stdlib.h> ]], 1440 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1441 )], 1442 [ func_calloc_0_nonnull=yes ], 1443 [ func_calloc_0_nonnull=no ], 1444 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1445 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1446) 1447AC_MSG_RESULT([$func_calloc_0_nonnull]) 1448 1449if test "x$func_calloc_0_nonnull" = "xyes"; then 1450 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1451else 1452 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1453 AC_DEFINE(calloc, rpl_calloc, 1454 [Define to rpl_calloc if the replacement function should be used.]) 1455fi 1456 1457# Check for ALTDIRFUNC glob() extension 1458AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1459AC_EGREP_CPP([FOUNDIT], 1460 [ 1461 #include <glob.h> 1462 #ifdef GLOB_ALTDIRFUNC 1463 FOUNDIT 1464 #endif 1465 ], 1466 [ 1467 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1468 [Define if your system glob() function has 1469 the GLOB_ALTDIRFUNC extension]) 1470 AC_MSG_RESULT([yes]) 1471 ], 1472 [ 1473 AC_MSG_RESULT([no]) 1474 ] 1475) 1476 1477# Check for g.gl_matchc glob() extension 1478AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1479AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1480 [[ glob_t g; g.gl_matchc = 1; ]])], 1481 [ 1482 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1483 [Define if your system glob() function has 1484 gl_matchc options in glob_t]) 1485 AC_MSG_RESULT([yes]) 1486 ], [ 1487 AC_MSG_RESULT([no]) 1488]) 1489 1490# Check for g.gl_statv glob() extension 1491AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1492AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1493#ifndef GLOB_KEEPSTAT 1494#error "glob does not support GLOB_KEEPSTAT extension" 1495#endif 1496glob_t g; 1497g.gl_statv = NULL; 1498]])], 1499 [ 1500 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1501 [Define if your system glob() function has 1502 gl_statv options in glob_t]) 1503 AC_MSG_RESULT([yes]) 1504 ], [ 1505 AC_MSG_RESULT([no]) 1506 1507]) 1508 1509AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1510 1511AC_CHECK_DECL([VIS_ALL], , 1512 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1513 1514AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1515AC_RUN_IFELSE( 1516 [AC_LANG_PROGRAM([[ 1517#include <sys/types.h> 1518#include <dirent.h>]], 1519 [[ 1520 struct dirent d; 1521 exit(sizeof(d.d_name)<=sizeof(char)); 1522 ]])], 1523 [AC_MSG_RESULT([yes])], 1524 [ 1525 AC_MSG_RESULT([no]) 1526 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1527 [Define if your struct dirent expects you to 1528 allocate extra space for d_name]) 1529 ], 1530 [ 1531 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1532 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1533 ] 1534) 1535 1536AC_MSG_CHECKING([for /proc/pid/fd directory]) 1537if test -d "/proc/$$/fd" ; then 1538 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1539 AC_MSG_RESULT([yes]) 1540else 1541 AC_MSG_RESULT([no]) 1542fi 1543 1544# Check whether user wants to use ldns 1545LDNS_MSG="no" 1546AC_ARG_WITH(ldns, 1547 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1548 [ 1549 ldns="" 1550 if test "x$withval" = "xyes" ; then 1551 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1552 if test "x$LDNSCONFIG" = "xno"; then 1553 LIBS="-lldns $LIBS" 1554 ldns=yes 1555 else 1556 LIBS="$LIBS `$LDNSCONFIG --libs`" 1557 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1558 ldns=yes 1559 fi 1560 elif test "x$withval" != "xno" ; then 1561 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1562 LDFLAGS="$LDFLAGS -L${withval}/lib" 1563 LIBS="-lldns $LIBS" 1564 ldns=yes 1565 fi 1566 1567 # Verify that it works. 1568 if test "x$ldns" = "xyes" ; then 1569 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1570 LDNS_MSG="yes" 1571 AC_MSG_CHECKING([for ldns support]) 1572 AC_LINK_IFELSE( 1573 [AC_LANG_SOURCE([[ 1574#include <stdio.h> 1575#include <stdlib.h> 1576#ifdef HAVE_STDINT_H 1577# include <stdint.h> 1578#endif 1579#include <ldns/ldns.h> 1580int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1581 ]]) 1582 ], 1583 [AC_MSG_RESULT(yes)], 1584 [ 1585 AC_MSG_RESULT(no) 1586 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1587 ]) 1588 fi 1589]) 1590 1591# Check whether user wants libedit support 1592LIBEDIT_MSG="no" 1593AC_ARG_WITH([libedit], 1594 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1595 [ if test "x$withval" != "xno" ; then 1596 if test "x$withval" = "xyes" ; then 1597 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1598 if test "x$PKGCONFIG" != "xno"; then 1599 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1600 if "$PKGCONFIG" libedit; then 1601 AC_MSG_RESULT([yes]) 1602 use_pkgconfig_for_libedit=yes 1603 else 1604 AC_MSG_RESULT([no]) 1605 fi 1606 fi 1607 else 1608 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1609 if test -n "${rpath_opt}"; then 1610 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1611 else 1612 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1613 fi 1614 fi 1615 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1616 LIBEDIT=`$PKGCONFIG --libs libedit` 1617 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1618 else 1619 LIBEDIT="-ledit -lcurses" 1620 fi 1621 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1622 AC_CHECK_LIB([edit], [el_init], 1623 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1624 LIBEDIT_MSG="yes" 1625 AC_SUBST([LIBEDIT]) 1626 ], 1627 [ AC_MSG_ERROR([libedit not found]) ], 1628 [ $OTHERLIBS ] 1629 ) 1630 AC_MSG_CHECKING([if libedit version is compatible]) 1631 AC_COMPILE_IFELSE( 1632 [AC_LANG_PROGRAM([[ #include <histedit.h> ]], 1633 [[ 1634 int i = H_SETSIZE; 1635 el_init("", NULL, NULL, NULL); 1636 exit(0); 1637 ]])], 1638 [ AC_MSG_RESULT([yes]) ], 1639 [ AC_MSG_RESULT([no]) 1640 AC_MSG_ERROR([libedit version is not compatible]) ] 1641 ) 1642 fi ] 1643) 1644 1645AUDIT_MODULE=none 1646AC_ARG_WITH([audit], 1647 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1648 [ 1649 AC_MSG_CHECKING([for supported audit module]) 1650 case "$withval" in 1651 bsm) 1652 AC_MSG_RESULT([bsm]) 1653 AUDIT_MODULE=bsm 1654 dnl Checks for headers, libs and functions 1655 AC_CHECK_HEADERS([bsm/audit.h], [], 1656 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1657 [ 1658#ifdef HAVE_TIME_H 1659# include <time.h> 1660#endif 1661 ] 1662) 1663 AC_CHECK_LIB([bsm], [getaudit], [], 1664 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1665 AC_CHECK_FUNCS([getaudit], [], 1666 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1667 # These are optional 1668 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1669 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1670 if test "$sol2ver" -ge 11; then 1671 SSHDLIBS="$SSHDLIBS -lscf" 1672 AC_DEFINE([BROKEN_BSM_API], [1], 1673 [The system has incomplete BSM API]) 1674 fi 1675 ;; 1676 linux) 1677 AC_MSG_RESULT([linux]) 1678 AUDIT_MODULE=linux 1679 dnl Checks for headers, libs and functions 1680 AC_CHECK_HEADERS([libaudit.h]) 1681 SSHDLIBS="$SSHDLIBS -laudit" 1682 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1683 ;; 1684 debug) 1685 AUDIT_MODULE=debug 1686 AC_MSG_RESULT([debug]) 1687 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1688 ;; 1689 no) 1690 AC_MSG_RESULT([no]) 1691 ;; 1692 *) 1693 AC_MSG_ERROR([Unknown audit module $withval]) 1694 ;; 1695 esac ] 1696) 1697 1698AC_ARG_WITH([pie], 1699 [ --with-pie Build Position Independent Executables if possible], [ 1700 if test "x$withval" = "xno"; then 1701 use_pie=no 1702 fi 1703 if test "x$withval" = "xyes"; then 1704 use_pie=yes 1705 fi 1706 ] 1707) 1708if test "x$use_pie" = "x"; then 1709 use_pie=no 1710fi 1711if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1712 # Turn off automatic PIE when toolchain hardening is off. 1713 use_pie=no 1714fi 1715if test "x$use_pie" = "xauto"; then 1716 # Automatic PIE requires gcc >= 4.x 1717 AC_MSG_CHECKING([for gcc >= 4.x]) 1718 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1719#if !defined(__GNUC__) || __GNUC__ < 4 1720#error gcc is too old 1721#endif 1722]])], 1723 [ AC_MSG_RESULT([yes]) ], 1724 [ AC_MSG_RESULT([no]) 1725 use_pie=no ] 1726) 1727fi 1728if test "x$use_pie" != "xno"; then 1729 SAVED_CFLAGS="$CFLAGS" 1730 SAVED_LDFLAGS="$LDFLAGS" 1731 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1732 OSSH_CHECK_LDFLAG_LINK([-pie]) 1733 # We use both -fPIE and -pie or neither. 1734 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1735 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1736 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1737 AC_MSG_RESULT([yes]) 1738 else 1739 AC_MSG_RESULT([no]) 1740 CFLAGS="$SAVED_CFLAGS" 1741 LDFLAGS="$SAVED_LDFLAGS" 1742 fi 1743fi 1744 1745AC_MSG_CHECKING([whether -fPIC is accepted]) 1746SAVED_CFLAGS="$CFLAGS" 1747CFLAGS="$CFLAGS -fPIC" 1748AC_COMPILE_IFELSE( 1749 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1750 [AC_MSG_RESULT([yes]) 1751 PICFLAG="-fPIC"; ], 1752 [AC_MSG_RESULT([no]) 1753 PICFLAG=""; ]) 1754CFLAGS="$SAVED_CFLAGS" 1755AC_SUBST([PICFLAG]) 1756 1757dnl Checks for library functions. Please keep in alphabetical order 1758AC_CHECK_FUNCS([ \ 1759 Blowfish_initstate \ 1760 Blowfish_expandstate \ 1761 Blowfish_expand0state \ 1762 Blowfish_stream2word \ 1763 SHA256Update \ 1764 SHA384Update \ 1765 SHA512Update \ 1766 asprintf \ 1767 b64_ntop \ 1768 __b64_ntop \ 1769 b64_pton \ 1770 __b64_pton \ 1771 bcopy \ 1772 bcrypt_pbkdf \ 1773 bindresvport_sa \ 1774 blf_enc \ 1775 bzero \ 1776 cap_rights_limit \ 1777 clock \ 1778 closefrom \ 1779 dirfd \ 1780 endgrent \ 1781 err \ 1782 errx \ 1783 explicit_bzero \ 1784 fchmod \ 1785 fchmodat \ 1786 fchown \ 1787 fchownat \ 1788 flock \ 1789 fnmatch \ 1790 freeaddrinfo \ 1791 freezero \ 1792 fstatfs \ 1793 fstatvfs \ 1794 futimes \ 1795 getaddrinfo \ 1796 getcwd \ 1797 getgrouplist \ 1798 getline \ 1799 getnameinfo \ 1800 getopt \ 1801 getpagesize \ 1802 getpeereid \ 1803 getpeerucred \ 1804 getpgid \ 1805 _getpty \ 1806 getrlimit \ 1807 getrandom \ 1808 getsid \ 1809 getttyent \ 1810 glob \ 1811 group_from_gid \ 1812 inet_aton \ 1813 inet_ntoa \ 1814 inet_ntop \ 1815 innetgr \ 1816 llabs \ 1817 localtime_r \ 1818 login_getcapbool \ 1819 md5_crypt \ 1820 memmem \ 1821 memmove \ 1822 memset_s \ 1823 mkdtemp \ 1824 ngetaddrinfo \ 1825 nsleep \ 1826 ogetaddrinfo \ 1827 openlog_r \ 1828 pledge \ 1829 poll \ 1830 prctl \ 1831 pstat \ 1832 raise \ 1833 readpassphrase \ 1834 reallocarray \ 1835 realpath \ 1836 recvmsg \ 1837 recallocarray \ 1838 rresvport_af \ 1839 sendmsg \ 1840 setdtablesize \ 1841 setegid \ 1842 setenv \ 1843 seteuid \ 1844 setgroupent \ 1845 setgroups \ 1846 setlinebuf \ 1847 setlogin \ 1848 setpassent\ 1849 setpcred \ 1850 setproctitle \ 1851 setregid \ 1852 setreuid \ 1853 setrlimit \ 1854 setsid \ 1855 setvbuf \ 1856 sigaction \ 1857 sigvec \ 1858 snprintf \ 1859 socketpair \ 1860 statfs \ 1861 statvfs \ 1862 strcasestr \ 1863 strdup \ 1864 strerror \ 1865 strlcat \ 1866 strlcpy \ 1867 strmode \ 1868 strndup \ 1869 strnlen \ 1870 strnvis \ 1871 strptime \ 1872 strsignal \ 1873 strtonum \ 1874 strtoll \ 1875 strtoul \ 1876 strtoull \ 1877 swap32 \ 1878 sysconf \ 1879 tcgetpgrp \ 1880 timingsafe_bcmp \ 1881 truncate \ 1882 unsetenv \ 1883 updwtmpx \ 1884 utimensat \ 1885 user_from_uid \ 1886 usleep \ 1887 vasprintf \ 1888 vsnprintf \ 1889 waitpid \ 1890 warn \ 1891]) 1892 1893AC_CHECK_DECLS([bzero, memmem]) 1894 1895dnl Wide character support. 1896AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1897 1898TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 1899AC_MSG_CHECKING([for utf8 locale support]) 1900AC_RUN_IFELSE( 1901 [AC_LANG_PROGRAM([[ 1902#include <locale.h> 1903#include <stdlib.h> 1904 ]], [[ 1905 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 1906 if (loc != NULL) 1907 exit(0); 1908 exit(1); 1909 ]])], 1910 AC_MSG_RESULT(yes), 1911 [AC_MSG_RESULT(no) 1912 TEST_SSH_UTF8=no], 1913 AC_MSG_WARN([cross compiling: assuming yes]) 1914) 1915 1916AC_LINK_IFELSE( 1917 [AC_LANG_PROGRAM( 1918 [[ #include <ctype.h> ]], 1919 [[ return (isblank('a')); ]])], 1920 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1921]) 1922 1923disable_pkcs11= 1924AC_ARG_ENABLE([pkcs11], 1925 [ --disable-pkcs11 disable PKCS#11 support code [no]], 1926 [ 1927 if test "x$enableval" = "xno" ; then 1928 disable_pkcs11=1 1929 fi 1930 ] 1931) 1932 1933disable_sk= 1934AC_ARG_ENABLE([security-key], 1935 [ --disable-security-key disable U2F/FIDO support code [no]], 1936 [ 1937 if test "x$enableval" = "xno" ; then 1938 disable_sk=1 1939 fi 1940 ] 1941) 1942enable_sk_internal= 1943AC_ARG_WITH([security-key-builtin], 1944 [ --with-security-key-builtin include builtin U2F/FIDO support], 1945 [ 1946 if test "x$withval" != "xno" ; then 1947 enable_sk_internal=yes 1948 fi 1949 ] 1950) 1951test "x$disable_sk" != "x" && enable_sk_internal="" 1952 1953AC_SEARCH_LIBS([dlopen], [dl]) 1954AC_CHECK_FUNCS([dlopen]) 1955AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 1956 1957# IRIX has a const char return value for gai_strerror() 1958AC_CHECK_FUNCS([gai_strerror], [ 1959 AC_DEFINE([HAVE_GAI_STRERROR]) 1960 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1961#include <sys/types.h> 1962#include <sys/socket.h> 1963#include <netdb.h> 1964 1965const char *gai_strerror(int); 1966 ]], [[ 1967 char *str; 1968 str = gai_strerror(0); 1969 ]])], [ 1970 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1971 [Define if gai_strerror() returns const char *])], [])]) 1972 1973AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1974 [Some systems put nanosleep outside of libc])]) 1975 1976AC_SEARCH_LIBS([clock_gettime], [rt], 1977 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1978 1979dnl check if we need -D_REENTRANT for localtime_r declaration. 1980AC_CHECK_DECL([localtime_r], [], 1981 [ saved_CPPFLAGS="$CFLAGS" 1982 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 1983 unset ac_cv_have_decl_localtime_r 1984 AC_CHECK_DECL([localtime_r], [], 1985 [ CPPFLAGS="$saved_CPPFLAGS" ], 1986 [ #include <time.h> ] 1987 ) 1988 ], 1989 [ #include <time.h> ] 1990) 1991 1992dnl Make sure prototypes are defined for these before using them. 1993AC_CHECK_DECL([strsep], 1994 [AC_CHECK_FUNCS([strsep])], 1995 [], 1996 [ 1997#ifdef HAVE_STRING_H 1998# include <string.h> 1999#endif 2000 ]) 2001 2002dnl tcsendbreak might be a macro 2003AC_CHECK_DECL([tcsendbreak], 2004 [AC_DEFINE([HAVE_TCSENDBREAK])], 2005 [AC_CHECK_FUNCS([tcsendbreak])], 2006 [#include <termios.h>] 2007) 2008 2009AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2010 2011AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2012 [ 2013#include <sys/types.h> 2014#include <sys/socket.h> 2015#include <unistd.h> 2016 ]) 2017 2018AC_CHECK_DECLS([O_NONBLOCK], , , 2019 [ 2020#include <sys/types.h> 2021#ifdef HAVE_SYS_STAT_H 2022# include <sys/stat.h> 2023#endif 2024#ifdef HAVE_FCNTL_H 2025# include <fcntl.h> 2026#endif 2027 ]) 2028 2029AC_CHECK_DECLS([readv, writev], , , [ 2030#include <sys/types.h> 2031#include <sys/uio.h> 2032#include <unistd.h> 2033 ]) 2034 2035AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2036#include <sys/param.h> 2037 ]) 2038 2039AC_CHECK_DECLS([offsetof], , , [ 2040#include <stddef.h> 2041 ]) 2042 2043# extra bits for select(2) 2044AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2045#include <sys/param.h> 2046#include <sys/types.h> 2047#ifdef HAVE_SYS_SYSMACROS_H 2048#include <sys/sysmacros.h> 2049#endif 2050#ifdef HAVE_SYS_SELECT_H 2051#include <sys/select.h> 2052#endif 2053#ifdef HAVE_SYS_TIME_H 2054#include <sys/time.h> 2055#endif 2056#ifdef HAVE_UNISTD_H 2057#include <unistd.h> 2058#endif 2059 ]]) 2060AC_CHECK_TYPES([fd_mask], [], [], [[ 2061#include <sys/param.h> 2062#include <sys/types.h> 2063#ifdef HAVE_SYS_SELECT_H 2064#include <sys/select.h> 2065#endif 2066#ifdef HAVE_SYS_TIME_H 2067#include <sys/time.h> 2068#endif 2069#ifdef HAVE_UNISTD_H 2070#include <unistd.h> 2071#endif 2072 ]]) 2073 2074AC_CHECK_FUNCS([setresuid], [ 2075 dnl Some platorms have setresuid that isn't implemented, test for this 2076 AC_MSG_CHECKING([if setresuid seems to work]) 2077 AC_RUN_IFELSE( 2078 [AC_LANG_PROGRAM([[ 2079#include <stdlib.h> 2080#include <errno.h> 2081 ]], [[ 2082 errno=0; 2083 setresuid(0,0,0); 2084 if (errno==ENOSYS) 2085 exit(1); 2086 else 2087 exit(0); 2088 ]])], 2089 [AC_MSG_RESULT([yes])], 2090 [AC_DEFINE([BROKEN_SETRESUID], [1], 2091 [Define if your setresuid() is broken]) 2092 AC_MSG_RESULT([not implemented])], 2093 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2094 ) 2095]) 2096 2097AC_CHECK_FUNCS([setresgid], [ 2098 dnl Some platorms have setresgid that isn't implemented, test for this 2099 AC_MSG_CHECKING([if setresgid seems to work]) 2100 AC_RUN_IFELSE( 2101 [AC_LANG_PROGRAM([[ 2102#include <stdlib.h> 2103#include <errno.h> 2104 ]], [[ 2105 errno=0; 2106 setresgid(0,0,0); 2107 if (errno==ENOSYS) 2108 exit(1); 2109 else 2110 exit(0); 2111 ]])], 2112 [AC_MSG_RESULT([yes])], 2113 [AC_DEFINE([BROKEN_SETRESGID], [1], 2114 [Define if your setresgid() is broken]) 2115 AC_MSG_RESULT([not implemented])], 2116 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2117 ) 2118]) 2119 2120AC_MSG_CHECKING([for working fflush(NULL)]) 2121AC_RUN_IFELSE( 2122 [AC_LANG_PROGRAM([[#include <stdio.h>]], [[fflush(NULL); exit(0);]])], 2123 AC_MSG_RESULT([yes]), 2124 [AC_MSG_RESULT([no]) 2125 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2126 [define if fflush(NULL) does not work])], 2127 AC_MSG_WARN([cross compiling: assuming working]) 2128) 2129 2130dnl Checks for time functions 2131AC_CHECK_FUNCS([gettimeofday time]) 2132dnl Checks for utmp functions 2133AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2134AC_CHECK_FUNCS([utmpname]) 2135dnl Checks for utmpx functions 2136AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2137AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2138dnl Checks for lastlog functions 2139AC_CHECK_FUNCS([getlastlogxbyname]) 2140 2141AC_CHECK_FUNC([daemon], 2142 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2143 [AC_CHECK_LIB([bsd], [daemon], 2144 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2145) 2146 2147AC_CHECK_FUNC([getpagesize], 2148 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2149 [Define if your libraries define getpagesize()])], 2150 [AC_CHECK_LIB([ucb], [getpagesize], 2151 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2152) 2153 2154# Check for broken snprintf 2155if test "x$ac_cv_func_snprintf" = "xyes" ; then 2156 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2157 AC_RUN_IFELSE( 2158 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 2159 [[ 2160 char b[5]; 2161 snprintf(b,5,"123456789"); 2162 exit(b[4]!='\0'); 2163 ]])], 2164 [AC_MSG_RESULT([yes])], 2165 [ 2166 AC_MSG_RESULT([no]) 2167 AC_DEFINE([BROKEN_SNPRINTF], [1], 2168 [Define if your snprintf is busted]) 2169 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2170 ], 2171 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2172 ) 2173fi 2174 2175if test "x$ac_cv_func_snprintf" = "xyes" ; then 2176 AC_MSG_CHECKING([whether snprintf understands %zu]) 2177 AC_RUN_IFELSE( 2178 [AC_LANG_PROGRAM([[ 2179#include <sys/types.h> 2180#include <stdio.h> 2181 ]], 2182 [[ 2183 size_t a = 1, b = 2; 2184 char z[128]; 2185 snprintf(z, sizeof z, "%zu%zu", a, b); 2186 exit(strcmp(z, "12")); 2187 ]])], 2188 [AC_MSG_RESULT([yes])], 2189 [ 2190 AC_MSG_RESULT([no]) 2191 AC_DEFINE([BROKEN_SNPRINTF], [1], 2192 [snprintf does not understand %zu]) 2193 ], 2194 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2195 ) 2196fi 2197 2198# We depend on vsnprintf returning the right thing on overflow: the 2199# number of characters it tried to create (as per SUSv3) 2200if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2201 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2202 AC_RUN_IFELSE( 2203 [AC_LANG_PROGRAM([[ 2204#include <sys/types.h> 2205#include <stdio.h> 2206#include <stdarg.h> 2207 2208int x_snprintf(char *str, size_t count, const char *fmt, ...) 2209{ 2210 size_t ret; 2211 va_list ap; 2212 2213 va_start(ap, fmt); 2214 ret = vsnprintf(str, count, fmt, ap); 2215 va_end(ap); 2216 return ret; 2217} 2218 ]], [[ 2219char x[1]; 2220if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2221 return 1; 2222if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2223 return 1; 2224return 0; 2225 ]])], 2226 [AC_MSG_RESULT([yes])], 2227 [ 2228 AC_MSG_RESULT([no]) 2229 AC_DEFINE([BROKEN_SNPRINTF], [1], 2230 [Define if your snprintf is busted]) 2231 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2232 ], 2233 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2234 ) 2235fi 2236 2237# On systems where [v]snprintf is broken, but is declared in stdio, 2238# check that the fmt argument is const char * or just char *. 2239# This is only useful for when BROKEN_SNPRINTF 2240AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2241AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2242#include <stdio.h> 2243int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2244 ]], [[ 2245 snprintf(0, 0, 0); 2246 ]])], 2247 [AC_MSG_RESULT([yes]) 2248 AC_DEFINE([SNPRINTF_CONST], [const], 2249 [Define as const if snprintf() can declare const char *fmt])], 2250 [AC_MSG_RESULT([no]) 2251 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2252 2253# Check for missing getpeereid (or equiv) support 2254NO_PEERCHECK="" 2255if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2256 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2257 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2258#include <sys/types.h> 2259#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2260 [ AC_MSG_RESULT([yes]) 2261 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2262 ], [AC_MSG_RESULT([no]) 2263 NO_PEERCHECK=1 2264 ]) 2265fi 2266 2267dnl see whether mkstemp() requires XXXXXX 2268if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 2269AC_MSG_CHECKING([for (overly) strict mkstemp]) 2270AC_RUN_IFELSE( 2271 [AC_LANG_PROGRAM([[ 2272#include <stdlib.h> 2273 ]], [[ 2274 char template[]="conftest.mkstemp-test"; 2275 if (mkstemp(template) == -1) 2276 exit(1); 2277 unlink(template); 2278 exit(0); 2279 ]])], 2280 [ 2281 AC_MSG_RESULT([no]) 2282 ], 2283 [ 2284 AC_MSG_RESULT([yes]) 2285 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) 2286 ], 2287 [ 2288 AC_MSG_RESULT([yes]) 2289 AC_DEFINE([HAVE_STRICT_MKSTEMP]) 2290 ] 2291) 2292fi 2293 2294dnl make sure that openpty does not reacquire controlling terminal 2295if test ! -z "$check_for_openpty_ctty_bug"; then 2296 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2297 AC_RUN_IFELSE( 2298 [AC_LANG_PROGRAM([[ 2299#include <stdio.h> 2300#include <sys/fcntl.h> 2301#include <sys/types.h> 2302#include <sys/wait.h> 2303 ]], [[ 2304 pid_t pid; 2305 int fd, ptyfd, ttyfd, status; 2306 2307 pid = fork(); 2308 if (pid < 0) { /* failed */ 2309 exit(1); 2310 } else if (pid > 0) { /* parent */ 2311 waitpid(pid, &status, 0); 2312 if (WIFEXITED(status)) 2313 exit(WEXITSTATUS(status)); 2314 else 2315 exit(2); 2316 } else { /* child */ 2317 close(0); close(1); close(2); 2318 setsid(); 2319 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2320 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2321 if (fd >= 0) 2322 exit(3); /* Acquired ctty: broken */ 2323 else 2324 exit(0); /* Did not acquire ctty: OK */ 2325 } 2326 ]])], 2327 [ 2328 AC_MSG_RESULT([yes]) 2329 ], 2330 [ 2331 AC_MSG_RESULT([no]) 2332 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2333 ], 2334 [ 2335 AC_MSG_RESULT([cross-compiling, assuming yes]) 2336 ] 2337 ) 2338fi 2339 2340if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2341 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2342 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2343 AC_RUN_IFELSE( 2344 [AC_LANG_PROGRAM([[ 2345#include <stdio.h> 2346#include <sys/socket.h> 2347#include <netdb.h> 2348#include <errno.h> 2349#include <netinet/in.h> 2350 2351#define TEST_PORT "2222" 2352 ]], [[ 2353 int err, sock; 2354 struct addrinfo *gai_ai, *ai, hints; 2355 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2356 2357 memset(&hints, 0, sizeof(hints)); 2358 hints.ai_family = PF_UNSPEC; 2359 hints.ai_socktype = SOCK_STREAM; 2360 hints.ai_flags = AI_PASSIVE; 2361 2362 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2363 if (err != 0) { 2364 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2365 exit(1); 2366 } 2367 2368 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2369 if (ai->ai_family != AF_INET6) 2370 continue; 2371 2372 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2373 sizeof(ntop), strport, sizeof(strport), 2374 NI_NUMERICHOST|NI_NUMERICSERV); 2375 2376 if (err != 0) { 2377 if (err == EAI_SYSTEM) 2378 perror("getnameinfo EAI_SYSTEM"); 2379 else 2380 fprintf(stderr, "getnameinfo failed: %s\n", 2381 gai_strerror(err)); 2382 exit(2); 2383 } 2384 2385 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2386 if (sock < 0) 2387 perror("socket"); 2388 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2389 if (errno == EBADF) 2390 exit(3); 2391 } 2392 } 2393 exit(0); 2394 ]])], 2395 [ 2396 AC_MSG_RESULT([yes]) 2397 ], 2398 [ 2399 AC_MSG_RESULT([no]) 2400 AC_DEFINE([BROKEN_GETADDRINFO]) 2401 ], 2402 [ 2403 AC_MSG_RESULT([cross-compiling, assuming yes]) 2404 ] 2405 ) 2406fi 2407 2408if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2409 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2410 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2411 AC_RUN_IFELSE( 2412 [AC_LANG_PROGRAM([[ 2413#include <stdio.h> 2414#include <sys/socket.h> 2415#include <netdb.h> 2416#include <errno.h> 2417#include <netinet/in.h> 2418 2419#define TEST_PORT "2222" 2420 ]], [[ 2421 int err, sock; 2422 struct addrinfo *gai_ai, *ai, hints; 2423 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2424 2425 memset(&hints, 0, sizeof(hints)); 2426 hints.ai_family = PF_UNSPEC; 2427 hints.ai_socktype = SOCK_STREAM; 2428 hints.ai_flags = AI_PASSIVE; 2429 2430 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2431 if (err != 0) { 2432 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2433 exit(1); 2434 } 2435 2436 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2437 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2438 continue; 2439 2440 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2441 sizeof(ntop), strport, sizeof(strport), 2442 NI_NUMERICHOST|NI_NUMERICSERV); 2443 2444 if (ai->ai_family == AF_INET && err != 0) { 2445 perror("getnameinfo"); 2446 exit(2); 2447 } 2448 } 2449 exit(0); 2450 ]])], 2451 [ 2452 AC_MSG_RESULT([yes]) 2453 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2454 [Define if you have a getaddrinfo that fails 2455 for the all-zeros IPv6 address]) 2456 ], 2457 [ 2458 AC_MSG_RESULT([no]) 2459 AC_DEFINE([BROKEN_GETADDRINFO]) 2460 ], 2461 [ 2462 AC_MSG_RESULT([cross-compiling, assuming no]) 2463 ] 2464 ) 2465fi 2466 2467if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2468 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2469 [#include <sys/types.h> 2470 #include <sys/socket.h> 2471 #include <netdb.h>]) 2472fi 2473 2474if test "x$check_for_conflicting_getspnam" = "x1"; then 2475 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2476 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]], 2477 [[ exit(0); ]])], 2478 [ 2479 AC_MSG_RESULT([no]) 2480 ], 2481 [ 2482 AC_MSG_RESULT([yes]) 2483 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2484 [Conflicting defs for getspnam]) 2485 ] 2486 ) 2487fi 2488 2489dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2490dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2491dnl for over ten years). Despite this incompatibility being reported during 2492dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2493dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2494dnl implementation. Try to detect this mess, and assume the only safe option 2495dnl if we're cross compiling. 2496dnl 2497dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2498dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2499if test "x$ac_cv_func_strnvis" = "xyes"; then 2500 AC_MSG_CHECKING([for working strnvis]) 2501 AC_RUN_IFELSE( 2502 [AC_LANG_PROGRAM([[ 2503#include <signal.h> 2504#include <stdlib.h> 2505#include <string.h> 2506#include <vis.h> 2507static void sighandler(int sig) { _exit(1); } 2508 ]], [[ 2509 char dst[16]; 2510 2511 signal(SIGSEGV, sighandler); 2512 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2513 exit(0); 2514 exit(1) 2515 ]])], 2516 [AC_MSG_RESULT([yes])], 2517 [AC_MSG_RESULT([no]) 2518 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2519 [AC_MSG_WARN([cross compiling: assuming broken]) 2520 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2521 ) 2522fi 2523 2524AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2525AC_RUN_IFELSE( 2526 [AC_LANG_PROGRAM([[ 2527#ifdef HAVE_SYS_SELECT 2528# include <sys/select.h> 2529#endif 2530#include <sys/types.h> 2531#include <sys/time.h> 2532#include <stdlib.h> 2533#include <signal.h> 2534static void sighandler(int sig) { } 2535 ]], [[ 2536 int r; 2537 pid_t pid; 2538 struct sigaction sa; 2539 2540 sa.sa_handler = sighandler; 2541 sa.sa_flags = SA_RESTART; 2542 (void)sigaction(SIGTERM, &sa, NULL); 2543 if ((pid = fork()) == 0) { /* child */ 2544 pid = getppid(); 2545 sleep(1); 2546 kill(pid, SIGTERM); 2547 sleep(1); 2548 if (getppid() == pid) /* if parent did not exit, shoot it */ 2549 kill(pid, SIGKILL); 2550 exit(0); 2551 } else { /* parent */ 2552 r = select(0, NULL, NULL, NULL, NULL); 2553 } 2554 exit(r == -1 ? 0 : 1); 2555 ]])], 2556 [AC_MSG_RESULT([yes])], 2557 [AC_MSG_RESULT([no]) 2558 AC_DEFINE([NO_SA_RESTART], [1], 2559 [SA_RESTARTed signals do no interrupt select])], 2560 [AC_MSG_WARN([cross compiling: assuming yes])] 2561) 2562 2563AC_CHECK_FUNCS([getpgrp],[ 2564 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2565 AC_COMPILE_IFELSE( 2566 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2567 [ AC_MSG_RESULT([yes]) 2568 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2569 [ AC_MSG_RESULT([no]) 2570 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2571 ) 2572]) 2573 2574# Search for OpenSSL 2575saved_CPPFLAGS="$CPPFLAGS" 2576saved_LDFLAGS="$LDFLAGS" 2577AC_ARG_WITH([ssl-dir], 2578 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2579 [ 2580 if test "x$openssl" = "xno" ; then 2581 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2582 fi 2583 if test "x$withval" != "xno" ; then 2584 case "$withval" in 2585 # Relative paths 2586 ./*|../*) withval="`pwd`/$withval" 2587 esac 2588 if test -d "$withval/lib"; then 2589 if test -n "${rpath_opt}"; then 2590 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 2591 else 2592 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2593 fi 2594 elif test -d "$withval/lib64"; then 2595 if test -n "${rpath_opt}"; then 2596 LDFLAGS="-L${withval}/lib64 ${rpath_opt}${withval}/lib64 ${LDFLAGS}" 2597 else 2598 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2599 fi 2600 else 2601 if test -n "${rpath_opt}"; then 2602 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 2603 else 2604 LDFLAGS="-L${withval} ${LDFLAGS}" 2605 fi 2606 fi 2607 if test -d "$withval/include"; then 2608 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2609 else 2610 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2611 fi 2612 fi 2613 ] 2614) 2615 2616AC_ARG_WITH([openssl-header-check], 2617 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2618 [ 2619 if test "x$withval" = "xno" ; then 2620 openssl_check_nonfatal=1 2621 fi 2622 ] 2623) 2624 2625openssl_engine=no 2626AC_ARG_WITH([ssl-engine], 2627 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2628 [ 2629 if test "x$withval" != "xno" ; then 2630 if test "x$openssl" = "xno" ; then 2631 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2632 fi 2633 openssl_engine=yes 2634 fi 2635 ] 2636) 2637 2638if test "x$openssl" = "xyes" ; then 2639 LIBS="-lcrypto $LIBS" 2640 AC_TRY_LINK_FUNC([RAND_add], , 2641 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2642 AC_CHECK_HEADER([openssl/opensslv.h], , 2643 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2644 2645 # Determine OpenSSL header version 2646 AC_MSG_CHECKING([OpenSSL header version]) 2647 AC_RUN_IFELSE( 2648 [AC_LANG_PROGRAM([[ 2649 #include <stdlib.h> 2650 #include <stdio.h> 2651 #include <string.h> 2652 #include <openssl/opensslv.h> 2653 #define DATA "conftest.sslincver" 2654 ]], [[ 2655 FILE *fd; 2656 int rc; 2657 2658 fd = fopen(DATA,"w"); 2659 if(fd == NULL) 2660 exit(1); 2661 2662 if ((rc = fprintf(fd, "%08lx (%s)\n", 2663 (unsigned long)OPENSSL_VERSION_NUMBER, 2664 OPENSSL_VERSION_TEXT)) < 0) 2665 exit(1); 2666 2667 exit(0); 2668 ]])], 2669 [ 2670 ssl_header_ver=`cat conftest.sslincver` 2671 AC_MSG_RESULT([$ssl_header_ver]) 2672 ], 2673 [ 2674 AC_MSG_RESULT([not found]) 2675 AC_MSG_ERROR([OpenSSL version header not found.]) 2676 ], 2677 [ 2678 AC_MSG_WARN([cross compiling: not checking]) 2679 ] 2680 ) 2681 2682 # Determining OpenSSL library version is version dependent. 2683 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2684 2685 # Determine OpenSSL library version 2686 AC_MSG_CHECKING([OpenSSL library version]) 2687 AC_RUN_IFELSE( 2688 [AC_LANG_PROGRAM([[ 2689 #include <stdio.h> 2690 #include <string.h> 2691 #include <openssl/opensslv.h> 2692 #include <openssl/crypto.h> 2693 #define DATA "conftest.ssllibver" 2694 ]], [[ 2695 FILE *fd; 2696 int rc; 2697 2698 fd = fopen(DATA,"w"); 2699 if(fd == NULL) 2700 exit(1); 2701#ifndef OPENSSL_VERSION 2702# define OPENSSL_VERSION SSLEAY_VERSION 2703#endif 2704#ifndef HAVE_OPENSSL_VERSION 2705# define OpenSSL_version SSLeay_version 2706#endif 2707#ifndef HAVE_OPENSSL_VERSION_NUM 2708# define OpenSSL_version_num SSLeay 2709#endif 2710 if ((rc = fprintf(fd, "%08lx (%s)\n", 2711 (unsigned long)OpenSSL_version_num(), 2712 OpenSSL_version(OPENSSL_VERSION))) < 0) 2713 exit(1); 2714 2715 exit(0); 2716 ]])], 2717 [ 2718 ssl_library_ver=`cat conftest.ssllibver` 2719 # Check version is supported. 2720 case "$ssl_library_ver" in 2721 10000*|0*) 2722 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2723 ;; 2724 100*) ;; # 1.0.x 2725 101000[[0123456]]*) 2726 # https://github.com/openssl/openssl/pull/4613 2727 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) 2728 ;; 2729 101*) ;; # 1.1.x 2730 200*) ;; # LibreSSL 2731 300*) ;; # OpenSSL development branch. 2732 *) 2733 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) 2734 ;; 2735 esac 2736 AC_MSG_RESULT([$ssl_library_ver]) 2737 ], 2738 [ 2739 AC_MSG_RESULT([not found]) 2740 AC_MSG_ERROR([OpenSSL library not found.]) 2741 ], 2742 [ 2743 AC_MSG_WARN([cross compiling: not checking]) 2744 ] 2745 ) 2746 2747 # Sanity check OpenSSL headers 2748 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2749 AC_RUN_IFELSE( 2750 [AC_LANG_PROGRAM([[ 2751 #include <string.h> 2752 #include <openssl/opensslv.h> 2753 #include <openssl/crypto.h> 2754 ]], [[ 2755#ifndef HAVE_OPENSSL_VERSION_NUM 2756# define OpenSSL_version_num SSLeay 2757#endif 2758 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2759 ]])], 2760 [ 2761 AC_MSG_RESULT([yes]) 2762 ], 2763 [ 2764 AC_MSG_RESULT([no]) 2765 if test "x$openssl_check_nonfatal" = "x"; then 2766 AC_MSG_ERROR([Your OpenSSL headers do not match your 2767 library. Check config.log for details. 2768 If you are sure your installation is consistent, you can disable the check 2769 by running "./configure --without-openssl-header-check". 2770 Also see contrib/findssl.sh for help identifying header/library mismatches. 2771 ]) 2772 else 2773 AC_MSG_WARN([Your OpenSSL headers do not match your 2774 library. Check config.log for details. 2775 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2776 fi 2777 ], 2778 [ 2779 AC_MSG_WARN([cross compiling: not checking]) 2780 ] 2781 ) 2782 2783 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2784 AC_LINK_IFELSE( 2785 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2786 [[ ERR_load_crypto_strings(); ]])], 2787 [ 2788 AC_MSG_RESULT([yes]) 2789 ], 2790 [ 2791 AC_MSG_RESULT([no]) 2792 saved_LIBS="$LIBS" 2793 LIBS="$LIBS -ldl" 2794 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2795 AC_LINK_IFELSE( 2796 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2797 [[ ERR_load_crypto_strings(); ]])], 2798 [ 2799 AC_MSG_RESULT([yes]) 2800 ], 2801 [ 2802 AC_MSG_RESULT([no]) 2803 LIBS="$saved_LIBS" 2804 ] 2805 ) 2806 ] 2807 ) 2808 2809 AC_CHECK_FUNCS([ \ 2810 BN_is_prime_ex \ 2811 DSA_generate_parameters_ex \ 2812 EVP_CIPHER_CTX_ctrl \ 2813 EVP_DigestFinal_ex \ 2814 EVP_DigestInit_ex \ 2815 EVP_MD_CTX_cleanup \ 2816 EVP_MD_CTX_copy_ex \ 2817 EVP_MD_CTX_init \ 2818 HMAC_CTX_init \ 2819 RSA_generate_key_ex \ 2820 RSA_get_default_method \ 2821 ]) 2822 2823 # OpenSSL_add_all_algorithms may be a macro. 2824 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 2825 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 2826 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 2827 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 2828 [[#include <openssl/evp.h>]] 2829 ) 2830 ) 2831 2832 # LibreSSL/OpenSSL 1.1x API 2833 AC_CHECK_FUNCS([ \ 2834 OPENSSL_init_crypto \ 2835 DH_get0_key \ 2836 DH_get0_pqg \ 2837 DH_set0_key \ 2838 DH_set_length \ 2839 DH_set0_pqg \ 2840 DSA_get0_key \ 2841 DSA_get0_pqg \ 2842 DSA_set0_key \ 2843 DSA_set0_pqg \ 2844 DSA_SIG_get0 \ 2845 DSA_SIG_set0 \ 2846 ECDSA_SIG_get0 \ 2847 ECDSA_SIG_set0 \ 2848 EVP_CIPHER_CTX_iv \ 2849 EVP_CIPHER_CTX_iv_noconst \ 2850 EVP_CIPHER_CTX_get_iv \ 2851 EVP_CIPHER_CTX_set_iv \ 2852 RSA_get0_crt_params \ 2853 RSA_get0_factors \ 2854 RSA_get0_key \ 2855 RSA_set0_crt_params \ 2856 RSA_set0_factors \ 2857 RSA_set0_key \ 2858 RSA_meth_free \ 2859 RSA_meth_dup \ 2860 RSA_meth_set1_name \ 2861 RSA_meth_get_finish \ 2862 RSA_meth_set_priv_enc \ 2863 RSA_meth_set_priv_dec \ 2864 RSA_meth_set_finish \ 2865 EVP_PKEY_get0_RSA \ 2866 EVP_MD_CTX_new \ 2867 EVP_MD_CTX_free \ 2868 EVP_chacha20 \ 2869 ]) 2870 2871 if test "x$openssl_engine" = "xyes" ; then 2872 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2873 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2874 #include <openssl/engine.h> 2875 ]], [[ 2876 ENGINE_load_builtin_engines(); 2877 ENGINE_register_all_complete(); 2878 ]])], 2879 [ AC_MSG_RESULT([yes]) 2880 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2881 [Enable OpenSSL engine support]) 2882 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2883 ]) 2884 fi 2885 2886 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2887 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2888 AC_LINK_IFELSE( 2889 [AC_LANG_PROGRAM([[ 2890 #include <string.h> 2891 #include <openssl/evp.h> 2892 ]], [[ 2893 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2894 ]])], 2895 [ 2896 AC_MSG_RESULT([no]) 2897 ], 2898 [ 2899 AC_MSG_RESULT([yes]) 2900 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2901 [libcrypto is missing AES 192 and 256 bit functions]) 2902 ] 2903 ) 2904 2905 # Check for OpenSSL with EVP_aes_*ctr 2906 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2907 AC_LINK_IFELSE( 2908 [AC_LANG_PROGRAM([[ 2909 #include <string.h> 2910 #include <openssl/evp.h> 2911 ]], [[ 2912 exit(EVP_aes_128_ctr() == NULL || 2913 EVP_aes_192_cbc() == NULL || 2914 EVP_aes_256_cbc() == NULL); 2915 ]])], 2916 [ 2917 AC_MSG_RESULT([yes]) 2918 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2919 [libcrypto has EVP AES CTR]) 2920 ], 2921 [ 2922 AC_MSG_RESULT([no]) 2923 ] 2924 ) 2925 2926 # Check for OpenSSL with EVP_aes_*gcm 2927 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2928 AC_LINK_IFELSE( 2929 [AC_LANG_PROGRAM([[ 2930 #include <string.h> 2931 #include <openssl/evp.h> 2932 ]], [[ 2933 exit(EVP_aes_128_gcm() == NULL || 2934 EVP_aes_256_gcm() == NULL || 2935 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2936 EVP_CTRL_GCM_IV_GEN == 0 || 2937 EVP_CTRL_GCM_SET_TAG == 0 || 2938 EVP_CTRL_GCM_GET_TAG == 0 || 2939 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2940 ]])], 2941 [ 2942 AC_MSG_RESULT([yes]) 2943 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2944 [libcrypto has EVP AES GCM]) 2945 ], 2946 [ 2947 AC_MSG_RESULT([no]) 2948 unsupported_algorithms="$unsupported_cipers \ 2949 aes128-gcm@openssh.com \ 2950 aes256-gcm@openssh.com" 2951 ] 2952 ) 2953 2954 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2955 AC_LINK_IFELSE( 2956 [AC_LANG_PROGRAM([[ 2957 #include <string.h> 2958 #include <openssl/evp.h> 2959 ]], [[ 2960 if(EVP_DigestUpdate(NULL, NULL,0)) 2961 exit(0); 2962 ]])], 2963 [ 2964 AC_MSG_RESULT([yes]) 2965 ], 2966 [ 2967 AC_MSG_RESULT([no]) 2968 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2969 [Define if EVP_DigestUpdate returns void]) 2970 ] 2971 ) 2972 2973 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2974 # because the system crypt() is more featureful. 2975 if test "x$check_for_libcrypt_before" = "x1"; then 2976 AC_CHECK_LIB([crypt], [crypt]) 2977 fi 2978 2979 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2980 # version in OpenSSL. 2981 if test "x$check_for_libcrypt_later" = "x1"; then 2982 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2983 fi 2984 AC_CHECK_FUNCS([crypt DES_crypt]) 2985 2986 # Check for SHA256, SHA384 and SHA512 support in OpenSSL 2987 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) 2988 2989 # Check complete ECC support in OpenSSL 2990 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 2991 AC_LINK_IFELSE( 2992 [AC_LANG_PROGRAM([[ 2993 #include <openssl/ec.h> 2994 #include <openssl/ecdh.h> 2995 #include <openssl/ecdsa.h> 2996 #include <openssl/evp.h> 2997 #include <openssl/objects.h> 2998 #include <openssl/opensslv.h> 2999 ]], [[ 3000 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3001 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3002 ]])], 3003 [ AC_MSG_RESULT([yes]) 3004 enable_nistp256=1 ], 3005 [ AC_MSG_RESULT([no]) ] 3006 ) 3007 3008 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3009 AC_LINK_IFELSE( 3010 [AC_LANG_PROGRAM([[ 3011 #include <openssl/ec.h> 3012 #include <openssl/ecdh.h> 3013 #include <openssl/ecdsa.h> 3014 #include <openssl/evp.h> 3015 #include <openssl/objects.h> 3016 #include <openssl/opensslv.h> 3017 ]], [[ 3018 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3019 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3020 ]])], 3021 [ AC_MSG_RESULT([yes]) 3022 enable_nistp384=1 ], 3023 [ AC_MSG_RESULT([no]) ] 3024 ) 3025 3026 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3027 AC_LINK_IFELSE( 3028 [AC_LANG_PROGRAM([[ 3029 #include <openssl/ec.h> 3030 #include <openssl/ecdh.h> 3031 #include <openssl/ecdsa.h> 3032 #include <openssl/evp.h> 3033 #include <openssl/objects.h> 3034 #include <openssl/opensslv.h> 3035 ]], [[ 3036 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3037 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3038 ]])], 3039 [ AC_MSG_RESULT([yes]) 3040 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3041 AC_RUN_IFELSE( 3042 [AC_LANG_PROGRAM([[ 3043 #include <openssl/ec.h> 3044 #include <openssl/ecdh.h> 3045 #include <openssl/ecdsa.h> 3046 #include <openssl/evp.h> 3047 #include <openssl/objects.h> 3048 #include <openssl/opensslv.h> 3049 ]],[[ 3050 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3051 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3052 exit(e == NULL || m == NULL); 3053 ]])], 3054 [ AC_MSG_RESULT([yes]) 3055 enable_nistp521=1 ], 3056 [ AC_MSG_RESULT([no]) ], 3057 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3058 enable_nistp521=1 ] 3059 )], 3060 AC_MSG_RESULT([no]) 3061 ) 3062 3063 COMMENT_OUT_ECC="#no ecc#" 3064 TEST_SSH_ECC=no 3065 3066 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3067 test x$enable_nistp521 = x1; then 3068 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3069 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3070 openssl_ecc=yes 3071 else 3072 openssl_ecc=no 3073 fi 3074 if test x$enable_nistp256 = x1; then 3075 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3076 [libcrypto has NID_X9_62_prime256v1]) 3077 TEST_SSH_ECC=yes 3078 COMMENT_OUT_ECC="" 3079 else 3080 unsupported_algorithms="$unsupported_algorithms \ 3081 ecdsa-sha2-nistp256 \ 3082 ecdh-sha2-nistp256 \ 3083 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3084 fi 3085 if test x$enable_nistp384 = x1; then 3086 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3087 TEST_SSH_ECC=yes 3088 COMMENT_OUT_ECC="" 3089 else 3090 unsupported_algorithms="$unsupported_algorithms \ 3091 ecdsa-sha2-nistp384 \ 3092 ecdh-sha2-nistp384 \ 3093 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3094 fi 3095 if test x$enable_nistp521 = x1; then 3096 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3097 TEST_SSH_ECC=yes 3098 COMMENT_OUT_ECC="" 3099 else 3100 unsupported_algorithms="$unsupported_algorithms \ 3101 ecdh-sha2-nistp521 \ 3102 ecdsa-sha2-nistp521 \ 3103 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3104 fi 3105 3106 AC_SUBST([TEST_SSH_ECC]) 3107 AC_SUBST([COMMENT_OUT_ECC]) 3108else 3109 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3110 AC_CHECK_FUNCS([crypt]) 3111fi 3112 3113# PKCS11/U2F depend on OpenSSL and dlopen(). 3114enable_pkcs11=yes 3115enable_sk=yes 3116if test "x$openssl" != "xyes" ; then 3117 enable_pkcs11="disabled; missing libcrypto" 3118 enable_sk="disabled; missing libcrypto" 3119fi 3120if test "x$openssl_ecc" != "xyes" ; then 3121 enable_sk="disabled; OpenSSL has no ECC support" 3122fi 3123if test "x$ac_cv_func_dlopen" != "xyes" ; then 3124 enable_pkcs11="disabled; missing dlopen(3)" 3125 enable_sk="disabled; missing dlopen(3)" 3126fi 3127if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3128 enable_pkcs11="disabled; missing RTLD_NOW" 3129 enable_sk="disabled; missing RTLD_NOW" 3130fi 3131if test ! -z "$disable_pkcs11" ; then 3132 enable_pkcs11="disabled by user" 3133fi 3134if test ! -z "$disable_sk" ; then 3135 enable_sk="disabled by user" 3136fi 3137 3138AC_MSG_CHECKING([whether to enable PKCS11]) 3139if test "x$enable_pkcs11" = "xyes" ; then 3140 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3141fi 3142AC_MSG_RESULT([$enable_pkcs11]) 3143 3144AC_MSG_CHECKING([whether to enable U2F]) 3145if test "x$enable_sk" = "xyes" ; then 3146 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3147 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3148else 3149 # Do not try to build sk-dummy library. 3150 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3151fi 3152AC_MSG_RESULT([$enable_sk]) 3153 3154# Now check for built-in security key support. 3155if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then 3156 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 3157 use_pkgconfig_for_libfido2= 3158 if test "x$PKGCONFIG" != "xno"; then 3159 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3160 if "$PKGCONFIG" libfido2; then 3161 AC_MSG_RESULT([yes]) 3162 use_pkgconfig_for_libfido2=yes 3163 else 3164 AC_MSG_RESULT([no]) 3165 fi 3166 fi 3167 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3168 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3169 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3170 else 3171 LIBFIDO2="-lfido2 -lcbor" 3172 fi 3173 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3174 AC_CHECK_LIB([fido2], [fido_init], 3175 [ 3176 AC_SUBST([LIBFIDO2]) 3177 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3178 [Enable for built-in U2F/FIDO support]) 3179 enable_sk="built-in" 3180 ], [ AC_MSG_ERROR([no usable libfido2 found]) ], 3181 [ $OTHERLIBS ] 3182 ) 3183 saved_LIBS="$LIBS" 3184 LIBS="$LIBS $LIBFIDO2" 3185 AC_CHECK_FUNCS([ \ 3186 fido_cred_prot \ 3187 fido_cred_set_prot \ 3188 fido_dev_get_touch_status \ 3189 fido_dev_supports_cred_prot \ 3190 ]) 3191 LIBS="$saved_LIBS" 3192 AC_CHECK_HEADER([fido.h], [], 3193 AC_MSG_ERROR([missing fido.h from libfido2])) 3194 AC_CHECK_HEADER([fido/credman.h], [], 3195 AC_MSG_ERROR([missing fido/credman.h from libfido2]), 3196 [#include <fido.h>] 3197 ) 3198fi 3199 3200AC_CHECK_FUNCS([ \ 3201 arc4random \ 3202 arc4random_buf \ 3203 arc4random_stir \ 3204 arc4random_uniform \ 3205]) 3206 3207saved_LIBS="$LIBS" 3208AC_CHECK_LIB([iaf], [ia_openinfo], [ 3209 LIBS="$LIBS -liaf" 3210 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3211 AC_DEFINE([HAVE_LIBIAF], [1], 3212 [Define if system has libiaf that supports set_id]) 3213 ]) 3214]) 3215LIBS="$saved_LIBS" 3216 3217### Configure cryptographic random number support 3218 3219# Check whether OpenSSL seeds itself 3220if test "x$openssl" = "xyes" ; then 3221 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3222 AC_RUN_IFELSE( 3223 [AC_LANG_PROGRAM([[ 3224 #include <string.h> 3225 #include <openssl/rand.h> 3226 ]], [[ 3227 exit(RAND_status() == 1 ? 0 : 1); 3228 ]])], 3229 [ 3230 OPENSSL_SEEDS_ITSELF=yes 3231 AC_MSG_RESULT([yes]) 3232 ], 3233 [ 3234 AC_MSG_RESULT([no]) 3235 ], 3236 [ 3237 AC_MSG_WARN([cross compiling: assuming yes]) 3238 # This is safe, since we will fatal() at runtime if 3239 # OpenSSL is not seeded correctly. 3240 OPENSSL_SEEDS_ITSELF=yes 3241 ] 3242 ) 3243fi 3244 3245# PRNGD TCP socket 3246AC_ARG_WITH([prngd-port], 3247 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3248 [ 3249 case "$withval" in 3250 no) 3251 withval="" 3252 ;; 3253 [[0-9]]*) 3254 ;; 3255 *) 3256 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3257 ;; 3258 esac 3259 if test ! -z "$withval" ; then 3260 PRNGD_PORT="$withval" 3261 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3262 [Port number of PRNGD/EGD random number socket]) 3263 fi 3264 ] 3265) 3266 3267# PRNGD Unix domain socket 3268AC_ARG_WITH([prngd-socket], 3269 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3270 [ 3271 case "$withval" in 3272 yes) 3273 withval="/var/run/egd-pool" 3274 ;; 3275 no) 3276 withval="" 3277 ;; 3278 /*) 3279 ;; 3280 *) 3281 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3282 ;; 3283 esac 3284 3285 if test ! -z "$withval" ; then 3286 if test ! -z "$PRNGD_PORT" ; then 3287 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3288 fi 3289 if test ! -r "$withval" ; then 3290 AC_MSG_WARN([Entropy socket is not readable]) 3291 fi 3292 PRNGD_SOCKET="$withval" 3293 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3294 [Location of PRNGD/EGD random number socket]) 3295 fi 3296 ], 3297 [ 3298 # Check for existing socket only if we don't have a random device already 3299 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3300 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3301 # Insert other locations here 3302 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3303 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3304 PRNGD_SOCKET="$sock" 3305 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3306 break; 3307 fi 3308 done 3309 if test ! -z "$PRNGD_SOCKET" ; then 3310 AC_MSG_RESULT([$PRNGD_SOCKET]) 3311 else 3312 AC_MSG_RESULT([not found]) 3313 fi 3314 fi 3315 ] 3316) 3317 3318# Which randomness source do we use? 3319if test ! -z "$PRNGD_PORT" ; then 3320 RAND_MSG="PRNGd port $PRNGD_PORT" 3321elif test ! -z "$PRNGD_SOCKET" ; then 3322 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3323elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3324 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3325 [Define if you want the OpenSSL internally seeded PRNG only]) 3326 RAND_MSG="OpenSSL internal ONLY" 3327elif test "x$openssl" = "xno" ; then 3328 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3329else 3330 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3331fi 3332 3333# Check for PAM libs 3334PAM_MSG="no" 3335AC_ARG_WITH([pam], 3336 [ --with-pam Enable PAM support ], 3337 [ 3338 if test "x$withval" != "xno" ; then 3339 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3340 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3341 AC_MSG_ERROR([PAM headers not found]) 3342 fi 3343 3344 saved_LIBS="$LIBS" 3345 AC_CHECK_LIB([dl], [dlopen], , ) 3346 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3347 AC_CHECK_FUNCS([pam_getenvlist]) 3348 AC_CHECK_FUNCS([pam_putenv]) 3349 LIBS="$saved_LIBS" 3350 3351 PAM_MSG="yes" 3352 3353 SSHDLIBS="$SSHDLIBS -lpam" 3354 AC_DEFINE([USE_PAM], [1], 3355 [Define if you want to enable PAM support]) 3356 3357 if test $ac_cv_lib_dl_dlopen = yes; then 3358 case "$LIBS" in 3359 *-ldl*) 3360 # libdl already in LIBS 3361 ;; 3362 *) 3363 SSHDLIBS="$SSHDLIBS -ldl" 3364 ;; 3365 esac 3366 fi 3367 fi 3368 ] 3369) 3370 3371AC_ARG_WITH([pam-service], 3372 [ --with-pam-service=name Specify PAM service name ], 3373 [ 3374 if test "x$withval" != "xno" && \ 3375 test "x$withval" != "xyes" ; then 3376 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3377 ["$withval"], [sshd PAM service name]) 3378 fi 3379 ] 3380) 3381 3382# Check for older PAM 3383if test "x$PAM_MSG" = "xyes" ; then 3384 # Check PAM strerror arguments (old PAM) 3385 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3386 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3387#include <stdlib.h> 3388#if defined(HAVE_SECURITY_PAM_APPL_H) 3389#include <security/pam_appl.h> 3390#elif defined (HAVE_PAM_PAM_APPL_H) 3391#include <pam/pam_appl.h> 3392#endif 3393 ]], [[ 3394(void)pam_strerror((pam_handle_t *)NULL, -1); 3395 ]])], [AC_MSG_RESULT([no])], [ 3396 AC_DEFINE([HAVE_OLD_PAM], [1], 3397 [Define if you have an old version of PAM 3398 which takes only one argument to pam_strerror]) 3399 AC_MSG_RESULT([yes]) 3400 PAM_MSG="yes (old library)" 3401 3402 ]) 3403fi 3404 3405case "$host" in 3406*-*-cygwin*) 3407 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3408 ;; 3409*) 3410 SSH_PRIVSEP_USER=sshd 3411 ;; 3412esac 3413AC_ARG_WITH([privsep-user], 3414 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3415 [ 3416 if test -n "$withval" && test "x$withval" != "xno" && \ 3417 test "x${withval}" != "xyes"; then 3418 SSH_PRIVSEP_USER=$withval 3419 fi 3420 ] 3421) 3422if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3423 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3424 [Cygwin function to fetch non-privileged user for privilege separation]) 3425else 3426 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3427 [non-privileged user for privilege separation]) 3428fi 3429AC_SUBST([SSH_PRIVSEP_USER]) 3430 3431if test "x$have_linux_no_new_privs" = "x1" ; then 3432AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3433 #include <sys/types.h> 3434 #include <linux/seccomp.h> 3435]) 3436fi 3437if test "x$have_seccomp_filter" = "x1" ; then 3438AC_MSG_CHECKING([kernel for seccomp_filter support]) 3439AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3440 #include <errno.h> 3441 #include <elf.h> 3442 #include <linux/audit.h> 3443 #include <linux/seccomp.h> 3444 #include <stdlib.h> 3445 #include <sys/prctl.h> 3446 ]], 3447 [[ int i = $seccomp_audit_arch; 3448 errno = 0; 3449 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3450 exit(errno == EFAULT ? 0 : 1); ]])], 3451 [ AC_MSG_RESULT([yes]) ], [ 3452 AC_MSG_RESULT([no]) 3453 # Disable seccomp filter as a target 3454 have_seccomp_filter=0 3455 ] 3456) 3457fi 3458 3459# Decide which sandbox style to use 3460sandbox_arg="" 3461AC_ARG_WITH([sandbox], 3462 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3463 [ 3464 if test "x$withval" = "xyes" ; then 3465 sandbox_arg="" 3466 else 3467 sandbox_arg="$withval" 3468 fi 3469 ] 3470) 3471 3472# Some platforms (seems to be the ones that have a kernel poll(2)-type 3473# function with which they implement select(2)) use an extra file descriptor 3474# when calling select(2), which means we can't use the rlimit sandbox. 3475AC_MSG_CHECKING([if select works with descriptor rlimit]) 3476AC_RUN_IFELSE( 3477 [AC_LANG_PROGRAM([[ 3478#include <sys/types.h> 3479#ifdef HAVE_SYS_TIME_H 3480# include <sys/time.h> 3481#endif 3482#include <sys/resource.h> 3483#ifdef HAVE_SYS_SELECT_H 3484# include <sys/select.h> 3485#endif 3486#include <errno.h> 3487#include <fcntl.h> 3488#include <stdlib.h> 3489 ]],[[ 3490 struct rlimit rl_zero; 3491 int fd, r; 3492 fd_set fds; 3493 struct timeval tv; 3494 3495 fd = open("/dev/null", O_RDONLY); 3496 FD_ZERO(&fds); 3497 FD_SET(fd, &fds); 3498 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3499 setrlimit(RLIMIT_FSIZE, &rl_zero); 3500 setrlimit(RLIMIT_NOFILE, &rl_zero); 3501 tv.tv_sec = 1; 3502 tv.tv_usec = 0; 3503 r = select(fd+1, &fds, NULL, NULL, &tv); 3504 exit (r == -1 ? 1 : 0); 3505 ]])], 3506 [AC_MSG_RESULT([yes]) 3507 select_works_with_rlimit=yes], 3508 [AC_MSG_RESULT([no]) 3509 select_works_with_rlimit=no], 3510 [AC_MSG_WARN([cross compiling: assuming yes]) 3511 select_works_with_rlimit=yes] 3512) 3513 3514AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3515AC_RUN_IFELSE( 3516 [AC_LANG_PROGRAM([[ 3517#include <sys/types.h> 3518#ifdef HAVE_SYS_TIME_H 3519# include <sys/time.h> 3520#endif 3521#include <sys/resource.h> 3522#include <errno.h> 3523#include <stdlib.h> 3524 ]],[[ 3525 struct rlimit rl_zero; 3526 int r; 3527 3528 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3529 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3530 exit (r == -1 ? 1 : 0); 3531 ]])], 3532 [AC_MSG_RESULT([yes]) 3533 rlimit_nofile_zero_works=yes], 3534 [AC_MSG_RESULT([no]) 3535 rlimit_nofile_zero_works=no], 3536 [AC_MSG_WARN([cross compiling: assuming yes]) 3537 rlimit_nofile_zero_works=yes] 3538) 3539 3540AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3541AC_RUN_IFELSE( 3542 [AC_LANG_PROGRAM([[ 3543#include <sys/types.h> 3544#include <sys/resource.h> 3545#include <stdlib.h> 3546 ]],[[ 3547 struct rlimit rl_zero; 3548 3549 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3550 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3551 ]])], 3552 [AC_MSG_RESULT([yes])], 3553 [AC_MSG_RESULT([no]) 3554 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3555 [setrlimit RLIMIT_FSIZE works])], 3556 [AC_MSG_WARN([cross compiling: assuming yes])] 3557) 3558 3559if test "x$sandbox_arg" = "xpledge" || \ 3560 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3561 test "x$ac_cv_func_pledge" != "xyes" && \ 3562 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3563 SANDBOX_STYLE="pledge" 3564 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3565elif test "x$sandbox_arg" = "xsystrace" || \ 3566 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3567 test "x$have_systr_policy_kill" != "x1" && \ 3568 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3569 SANDBOX_STYLE="systrace" 3570 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3571elif test "x$sandbox_arg" = "xdarwin" || \ 3572 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3573 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3574 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3575 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3576 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3577 SANDBOX_STYLE="darwin" 3578 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3579elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3580 ( test -z "$sandbox_arg" && \ 3581 test "x$have_seccomp_filter" = "x1" && \ 3582 test "x$ac_cv_header_elf_h" = "xyes" && \ 3583 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3584 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3585 test "x$seccomp_audit_arch" != "x" && \ 3586 test "x$have_linux_no_new_privs" = "x1" && \ 3587 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3588 test "x$seccomp_audit_arch" = "x" && \ 3589 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3590 test "x$have_linux_no_new_privs" != "x1" && \ 3591 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3592 test "x$have_seccomp_filter" != "x1" && \ 3593 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3594 test "x$ac_cv_func_prctl" != "xyes" && \ 3595 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3596 SANDBOX_STYLE="seccomp_filter" 3597 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3598elif test "x$sandbox_arg" = "xcapsicum" || \ 3599 ( test -z "$sandbox_arg" && \ 3600 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3601 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3602 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3603 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3604 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3605 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3606 SANDBOX_STYLE="capsicum" 3607 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3608elif test "x$sandbox_arg" = "xrlimit" || \ 3609 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3610 test "x$select_works_with_rlimit" = "xyes" && \ 3611 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3612 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3613 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3614 test "x$select_works_with_rlimit" != "xyes" && \ 3615 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3616 SANDBOX_STYLE="rlimit" 3617 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3618elif test "x$sandbox_arg" = "xsolaris" || \ 3619 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3620 SANDBOX_STYLE="solaris" 3621 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3622elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3623 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3624 SANDBOX_STYLE="none" 3625 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3626else 3627 AC_MSG_ERROR([unsupported --with-sandbox]) 3628fi 3629 3630# Cheap hack to ensure NEWS-OS libraries are arranged right. 3631if test ! -z "$SONY" ; then 3632 LIBS="$LIBS -liberty"; 3633fi 3634 3635# Check for long long datatypes 3636AC_CHECK_TYPES([long long, unsigned long long, long double]) 3637 3638# Check datatype sizes 3639AC_CHECK_SIZEOF([short int]) 3640AC_CHECK_SIZEOF([int]) 3641AC_CHECK_SIZEOF([long int]) 3642AC_CHECK_SIZEOF([long long int]) 3643 3644# Sanity check long long for some platforms (AIX) 3645if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3646 ac_cv_sizeof_long_long_int=0 3647fi 3648 3649# compute LLONG_MIN and LLONG_MAX if we don't know them. 3650if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3651 AC_MSG_CHECKING([for max value of long long]) 3652 AC_RUN_IFELSE( 3653 [AC_LANG_PROGRAM([[ 3654#include <stdio.h> 3655/* Why is this so damn hard? */ 3656#ifdef __GNUC__ 3657# undef __GNUC__ 3658#endif 3659#define __USE_ISOC99 3660#include <limits.h> 3661#define DATA "conftest.llminmax" 3662#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3663 3664/* 3665 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3666 * we do this the hard way. 3667 */ 3668static int 3669fprint_ll(FILE *f, long long n) 3670{ 3671 unsigned int i; 3672 int l[sizeof(long long) * 8]; 3673 3674 if (n < 0) 3675 if (fprintf(f, "-") < 0) 3676 return -1; 3677 for (i = 0; n != 0; i++) { 3678 l[i] = my_abs(n % 10); 3679 n /= 10; 3680 } 3681 do { 3682 if (fprintf(f, "%d", l[--i]) < 0) 3683 return -1; 3684 } while (i != 0); 3685 if (fprintf(f, " ") < 0) 3686 return -1; 3687 return 0; 3688} 3689 ]], [[ 3690 FILE *f; 3691 long long i, llmin, llmax = 0; 3692 3693 if((f = fopen(DATA,"w")) == NULL) 3694 exit(1); 3695 3696#if defined(LLONG_MIN) && defined(LLONG_MAX) 3697 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3698 llmin = LLONG_MIN; 3699 llmax = LLONG_MAX; 3700#else 3701 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3702 /* This will work on one's complement and two's complement */ 3703 for (i = 1; i > llmax; i <<= 1, i++) 3704 llmax = i; 3705 llmin = llmax + 1LL; /* wrap */ 3706#endif 3707 3708 /* Sanity check */ 3709 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3710 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3711 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3712 fprintf(f, "unknown unknown\n"); 3713 exit(2); 3714 } 3715 3716 if (fprint_ll(f, llmin) < 0) 3717 exit(3); 3718 if (fprint_ll(f, llmax) < 0) 3719 exit(4); 3720 if (fclose(f) < 0) 3721 exit(5); 3722 exit(0); 3723 ]])], 3724 [ 3725 llong_min=`$AWK '{print $1}' conftest.llminmax` 3726 llong_max=`$AWK '{print $2}' conftest.llminmax` 3727 3728 AC_MSG_RESULT([$llong_max]) 3729 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3730 [max value of long long calculated by configure]) 3731 AC_MSG_CHECKING([for min value of long long]) 3732 AC_MSG_RESULT([$llong_min]) 3733 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3734 [min value of long long calculated by configure]) 3735 ], 3736 [ 3737 AC_MSG_RESULT([not found]) 3738 ], 3739 [ 3740 AC_MSG_WARN([cross compiling: not checking]) 3741 ] 3742 ) 3743fi 3744 3745AC_CHECK_DECLS([UINT32_MAX], , , [[ 3746#ifdef HAVE_SYS_LIMITS_H 3747# include <sys/limits.h> 3748#endif 3749#ifdef HAVE_LIMITS_H 3750# include <limits.h> 3751#endif 3752#ifdef HAVE_STDINT_H 3753# include <stdint.h> 3754#endif 3755]]) 3756 3757# More checks for data types 3758AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3759 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3760 [[ u_int a; a = 1;]])], 3761 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3762 ]) 3763]) 3764if test "x$ac_cv_have_u_int" = "xyes" ; then 3765 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3766 have_u_int=1 3767fi 3768 3769AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3770 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3771 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3772 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3773 ]) 3774]) 3775if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3776 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3777 have_intxx_t=1 3778fi 3779 3780if (test -z "$have_intxx_t" && \ 3781 test "x$ac_cv_header_stdint_h" = "xyes") 3782then 3783 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3784 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3785 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3786 [ 3787 AC_DEFINE([HAVE_INTXX_T]) 3788 AC_MSG_RESULT([yes]) 3789 ], [ AC_MSG_RESULT([no]) 3790 ]) 3791fi 3792 3793AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3794 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3795#include <sys/types.h> 3796#ifdef HAVE_STDINT_H 3797# include <stdint.h> 3798#endif 3799#include <sys/socket.h> 3800#ifdef HAVE_SYS_BITYPES_H 3801# include <sys/bitypes.h> 3802#endif 3803 ]], [[ 3804int64_t a; a = 1; 3805 ]])], 3806 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3807 ]) 3808]) 3809if test "x$ac_cv_have_int64_t" = "xyes" ; then 3810 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3811fi 3812 3813AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3814 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3815 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3816 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3817 ]) 3818]) 3819if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3820 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3821 have_u_intxx_t=1 3822fi 3823 3824if test -z "$have_u_intxx_t" ; then 3825 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3826 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3827 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3828 [ 3829 AC_DEFINE([HAVE_U_INTXX_T]) 3830 AC_MSG_RESULT([yes]) 3831 ], [ AC_MSG_RESULT([no]) 3832 ]) 3833fi 3834 3835AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3836 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3837 [[ u_int64_t a; a = 1;]])], 3838 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3839 ]) 3840]) 3841if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3842 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3843 have_u_int64_t=1 3844fi 3845 3846if (test -z "$have_u_int64_t" && \ 3847 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3848then 3849 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3850 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3851 [[ u_int64_t a; a = 1]])], 3852 [ 3853 AC_DEFINE([HAVE_U_INT64_T]) 3854 AC_MSG_RESULT([yes]) 3855 ], [ AC_MSG_RESULT([no]) 3856 ]) 3857fi 3858 3859if test -z "$have_u_intxx_t" ; then 3860 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3861 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3862#include <sys/types.h> 3863 ]], [[ 3864 uint8_t a; 3865 uint16_t b; 3866 uint32_t c; 3867 a = b = c = 1; 3868 ]])], 3869 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3870 ]) 3871 ]) 3872 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3873 AC_DEFINE([HAVE_UINTXX_T], [1], 3874 [define if you have uintxx_t data type]) 3875 fi 3876fi 3877 3878if (test -z "$have_uintxx_t" && \ 3879 test "x$ac_cv_header_stdint_h" = "xyes") 3880then 3881 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3882 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3883 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3884 [ 3885 AC_DEFINE([HAVE_UINTXX_T]) 3886 AC_MSG_RESULT([yes]) 3887 ], [ AC_MSG_RESULT([no]) 3888 ]) 3889fi 3890 3891if (test -z "$have_uintxx_t" && \ 3892 test "x$ac_cv_header_inttypes_h" = "xyes") 3893then 3894 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3895 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3896 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3897 [ 3898 AC_DEFINE([HAVE_UINTXX_T]) 3899 AC_MSG_RESULT([yes]) 3900 ], [ AC_MSG_RESULT([no]) 3901 ]) 3902fi 3903 3904if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3905 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3906then 3907 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3908 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3909#include <sys/bitypes.h> 3910 ]], [[ 3911 int8_t a; int16_t b; int32_t c; 3912 u_int8_t e; u_int16_t f; u_int32_t g; 3913 a = b = c = e = f = g = 1; 3914 ]])], 3915 [ 3916 AC_DEFINE([HAVE_U_INTXX_T]) 3917 AC_DEFINE([HAVE_INTXX_T]) 3918 AC_MSG_RESULT([yes]) 3919 ], [AC_MSG_RESULT([no]) 3920 ]) 3921fi 3922 3923 3924AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3925 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3926 [[ u_char foo; foo = 125; ]])], 3927 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3928 ]) 3929]) 3930if test "x$ac_cv_have_u_char" = "xyes" ; then 3931 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3932fi 3933 3934AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3935#include <sys/types.h> 3936#ifdef HAVE_STDINT_H 3937# include <stdint.h> 3938#endif 3939]) 3940 3941TYPE_SOCKLEN_T 3942 3943AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3944AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3945#include <sys/types.h> 3946#ifdef HAVE_SYS_BITYPES_H 3947#include <sys/bitypes.h> 3948#endif 3949#ifdef HAVE_SYS_STATFS_H 3950#include <sys/statfs.h> 3951#endif 3952#ifdef HAVE_SYS_STATVFS_H 3953#include <sys/statvfs.h> 3954#endif 3955]) 3956 3957AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 3958#include <sys/param.h> 3959#include <sys/types.h> 3960#ifdef HAVE_SYS_BITYPES_H 3961#include <sys/bitypes.h> 3962#endif 3963#ifdef HAVE_SYS_STATFS_H 3964#include <sys/statfs.h> 3965#endif 3966#ifdef HAVE_SYS_STATVFS_H 3967#include <sys/statvfs.h> 3968#endif 3969#ifdef HAVE_SYS_VFS_H 3970#include <sys/vfs.h> 3971#endif 3972#ifdef HAVE_SYS_MOUNT_H 3973#include <sys/mount.h> 3974#endif 3975]]) 3976 3977 3978AC_CHECK_TYPES([in_addr_t, in_port_t], , , 3979[#include <sys/types.h> 3980#include <netinet/in.h>]) 3981 3982AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3983 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3984 [[ size_t foo; foo = 1235; ]])], 3985 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 3986 ]) 3987]) 3988if test "x$ac_cv_have_size_t" = "xyes" ; then 3989 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 3990fi 3991 3992AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 3993 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3994 [[ ssize_t foo; foo = 1235; ]])], 3995 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 3996 ]) 3997]) 3998if test "x$ac_cv_have_ssize_t" = "xyes" ; then 3999 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 4000fi 4001 4002AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 4003 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4004 [[ clock_t foo; foo = 1235; ]])], 4005 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4006 ]) 4007]) 4008if test "x$ac_cv_have_clock_t" = "xyes" ; then 4009 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4010fi 4011 4012AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4013 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4014#include <sys/types.h> 4015#include <sys/socket.h> 4016 ]], [[ sa_family_t foo; foo = 1235; ]])], 4017 [ ac_cv_have_sa_family_t="yes" ], 4018 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4019#include <sys/types.h> 4020#include <sys/socket.h> 4021#include <netinet/in.h> 4022 ]], [[ sa_family_t foo; foo = 1235; ]])], 4023 [ ac_cv_have_sa_family_t="yes" ], 4024 [ ac_cv_have_sa_family_t="no" ] 4025 ) 4026 ]) 4027]) 4028if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4029 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4030 [define if you have sa_family_t data type]) 4031fi 4032 4033AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4034 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4035 [[ pid_t foo; foo = 1235; ]])], 4036 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4037 ]) 4038]) 4039if test "x$ac_cv_have_pid_t" = "xyes" ; then 4040 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4041fi 4042 4043AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4044 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4045 [[ mode_t foo; foo = 1235; ]])], 4046 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4047 ]) 4048]) 4049if test "x$ac_cv_have_mode_t" = "xyes" ; then 4050 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4051fi 4052 4053 4054AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4055 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4056#include <sys/types.h> 4057#include <sys/socket.h> 4058 ]], [[ struct sockaddr_storage s; ]])], 4059 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4060 [ ac_cv_have_struct_sockaddr_storage="no" 4061 ]) 4062]) 4063if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4064 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4065 [define if you have struct sockaddr_storage data type]) 4066fi 4067 4068AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4069 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4070#include <sys/types.h> 4071#include <netinet/in.h> 4072 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4073 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4074 [ ac_cv_have_struct_sockaddr_in6="no" 4075 ]) 4076]) 4077if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4078 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4079 [define if you have struct sockaddr_in6 data type]) 4080fi 4081 4082AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4083 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4084#include <sys/types.h> 4085#include <netinet/in.h> 4086 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4087 [ ac_cv_have_struct_in6_addr="yes" ], 4088 [ ac_cv_have_struct_in6_addr="no" 4089 ]) 4090]) 4091if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4092 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4093 [define if you have struct in6_addr data type]) 4094 4095dnl Now check for sin6_scope_id 4096 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4097 [ 4098#ifdef HAVE_SYS_TYPES_H 4099#include <sys/types.h> 4100#endif 4101#include <netinet/in.h> 4102 ]) 4103fi 4104 4105AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4106 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4107#include <sys/types.h> 4108#include <sys/socket.h> 4109#include <netdb.h> 4110 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4111 [ ac_cv_have_struct_addrinfo="yes" ], 4112 [ ac_cv_have_struct_addrinfo="no" 4113 ]) 4114]) 4115if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4116 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4117 [define if you have struct addrinfo data type]) 4118fi 4119 4120AC_HEADER_TIME 4121 4122AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4123 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4124 [[ struct timeval tv; tv.tv_sec = 1;]])], 4125 [ ac_cv_have_struct_timeval="yes" ], 4126 [ ac_cv_have_struct_timeval="no" 4127 ]) 4128]) 4129if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4130 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4131 have_struct_timeval=1 4132fi 4133 4134AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4135 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4136 #ifdef TIME_WITH_SYS_TIME 4137 # include <sys/time.h> 4138 # include <time.h> 4139 #else 4140 # ifdef HAVE_SYS_TIME_H 4141 # include <sys/time.h> 4142 # else 4143 # include <time.h> 4144 # endif 4145 #endif 4146 ]], 4147 [[ struct timespec ts; ts.tv_sec = 1;]])], 4148 [ ac_cv_have_struct_timespec="yes" ], 4149 [ ac_cv_have_struct_timespec="no" 4150 ]) 4151]) 4152if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4153 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4154 have_struct_timespec=1 4155fi 4156 4157# We need int64_t or else certain parts of the compile will fail. 4158if test "x$ac_cv_have_int64_t" = "xno" && \ 4159 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4160 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4161 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4162 echo "an alternative compiler (I.E., GCC) before continuing." 4163 echo "" 4164 exit 1; 4165else 4166dnl test snprintf (broken on SCO w/gcc) 4167 AC_RUN_IFELSE( 4168 [AC_LANG_SOURCE([[ 4169#include <stdio.h> 4170#include <string.h> 4171#ifdef HAVE_SNPRINTF 4172main() 4173{ 4174 char buf[50]; 4175 char expected_out[50]; 4176 int mazsize = 50 ; 4177#if (SIZEOF_LONG_INT == 8) 4178 long int num = 0x7fffffffffffffff; 4179#else 4180 long long num = 0x7fffffffffffffffll; 4181#endif 4182 strcpy(expected_out, "9223372036854775807"); 4183 snprintf(buf, mazsize, "%lld", num); 4184 if(strcmp(buf, expected_out) != 0) 4185 exit(1); 4186 exit(0); 4187} 4188#else 4189main() { exit(0); } 4190#endif 4191 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4192 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4193 ) 4194fi 4195 4196dnl Checks for structure members 4197OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4198OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4199OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4200OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4201OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4202OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4203OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4204OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4205OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4206OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4207OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4208OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4209OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4210OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4211OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4212OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4213OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4214OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX]) 4215 4216AC_CHECK_MEMBERS([struct stat.st_blksize]) 4217AC_CHECK_MEMBERS([struct stat.st_mtim]) 4218AC_CHECK_MEMBERS([struct stat.st_mtime]) 4219AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4220struct passwd.pw_change, struct passwd.pw_expire], 4221[], [], [[ 4222#include <sys/types.h> 4223#include <pwd.h> 4224]]) 4225 4226AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4227 [Define if we don't have struct __res_state in resolv.h])], 4228[[ 4229#include <stdio.h> 4230#if HAVE_SYS_TYPES_H 4231# include <sys/types.h> 4232#endif 4233#include <netinet/in.h> 4234#include <arpa/nameser.h> 4235#include <resolv.h> 4236]]) 4237 4238AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4239 ac_cv_have_ss_family_in_struct_ss, [ 4240 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4241#include <sys/types.h> 4242#include <sys/socket.h> 4243 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4244 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4245 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4246]) 4247if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4248 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4249fi 4250 4251AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4252 ac_cv_have___ss_family_in_struct_ss, [ 4253 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4254#include <sys/types.h> 4255#include <sys/socket.h> 4256 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4257 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4258 [ ac_cv_have___ss_family_in_struct_ss="no" 4259 ]) 4260]) 4261if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4262 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4263 [Fields in struct sockaddr_storage]) 4264fi 4265 4266dnl make sure we're using the real structure members and not defines 4267AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4268 ac_cv_have_accrights_in_msghdr, [ 4269 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4270#include <sys/types.h> 4271#include <sys/socket.h> 4272#include <sys/uio.h> 4273 ]], [[ 4274#ifdef msg_accrights 4275#error "msg_accrights is a macro" 4276exit(1); 4277#endif 4278struct msghdr m; 4279m.msg_accrights = 0; 4280exit(0); 4281 ]])], 4282 [ ac_cv_have_accrights_in_msghdr="yes" ], 4283 [ ac_cv_have_accrights_in_msghdr="no" ] 4284 ) 4285]) 4286if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4287 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4288 [Define if your system uses access rights style 4289 file descriptor passing]) 4290fi 4291 4292AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4293AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4294#include <sys/param.h> 4295#include <sys/stat.h> 4296#ifdef HAVE_SYS_TIME_H 4297# include <sys/time.h> 4298#endif 4299#ifdef HAVE_SYS_MOUNT_H 4300#include <sys/mount.h> 4301#endif 4302#ifdef HAVE_SYS_STATVFS_H 4303#include <sys/statvfs.h> 4304#endif 4305 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4306 [ AC_MSG_RESULT([yes]) ], 4307 [ AC_MSG_RESULT([no]) 4308 4309 AC_MSG_CHECKING([if fsid_t has member val]) 4310 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4311#include <sys/types.h> 4312#include <sys/statvfs.h> 4313 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4314 [ AC_MSG_RESULT([yes]) 4315 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4316 [ AC_MSG_RESULT([no]) ]) 4317 4318 AC_MSG_CHECKING([if f_fsid has member __val]) 4319 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4320#include <sys/types.h> 4321#include <sys/statvfs.h> 4322 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4323 [ AC_MSG_RESULT([yes]) 4324 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4325 [ AC_MSG_RESULT([no]) ]) 4326]) 4327 4328AC_CACHE_CHECK([for msg_control field in struct msghdr], 4329 ac_cv_have_control_in_msghdr, [ 4330 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4331#include <sys/types.h> 4332#include <sys/socket.h> 4333#include <sys/uio.h> 4334 ]], [[ 4335#ifdef msg_control 4336#error "msg_control is a macro" 4337exit(1); 4338#endif 4339struct msghdr m; 4340m.msg_control = 0; 4341exit(0); 4342 ]])], 4343 [ ac_cv_have_control_in_msghdr="yes" ], 4344 [ ac_cv_have_control_in_msghdr="no" ] 4345 ) 4346]) 4347if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4348 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4349 [Define if your system uses ancillary data style 4350 file descriptor passing]) 4351fi 4352 4353AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4354 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4355 [[ extern char *__progname; printf("%s", __progname); ]])], 4356 [ ac_cv_libc_defines___progname="yes" ], 4357 [ ac_cv_libc_defines___progname="no" 4358 ]) 4359]) 4360if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4361 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4362fi 4363 4364AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4365 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4366 [[ printf("%s", __FUNCTION__); ]])], 4367 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4368 [ ac_cv_cc_implements___FUNCTION__="no" 4369 ]) 4370]) 4371if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4372 AC_DEFINE([HAVE___FUNCTION__], [1], 4373 [Define if compiler implements __FUNCTION__]) 4374fi 4375 4376AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4377 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4378 [[ printf("%s", __func__); ]])], 4379 [ ac_cv_cc_implements___func__="yes" ], 4380 [ ac_cv_cc_implements___func__="no" 4381 ]) 4382]) 4383if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4384 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4385fi 4386 4387AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4388 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4389#include <stdarg.h> 4390va_list x,y; 4391 ]], [[ va_copy(x,y); ]])], 4392 [ ac_cv_have_va_copy="yes" ], 4393 [ ac_cv_have_va_copy="no" 4394 ]) 4395]) 4396if test "x$ac_cv_have_va_copy" = "xyes" ; then 4397 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4398fi 4399 4400AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4401 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4402#include <stdarg.h> 4403va_list x,y; 4404 ]], [[ __va_copy(x,y); ]])], 4405 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4406 ]) 4407]) 4408if test "x$ac_cv_have___va_copy" = "xyes" ; then 4409 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4410fi 4411 4412AC_CACHE_CHECK([whether getopt has optreset support], 4413 ac_cv_have_getopt_optreset, [ 4414 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4415 [[ extern int optreset; optreset = 0; ]])], 4416 [ ac_cv_have_getopt_optreset="yes" ], 4417 [ ac_cv_have_getopt_optreset="no" 4418 ]) 4419]) 4420if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4421 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4422 [Define if your getopt(3) defines and uses optreset]) 4423fi 4424 4425AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4426 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4427[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4428 [ ac_cv_libc_defines_sys_errlist="yes" ], 4429 [ ac_cv_libc_defines_sys_errlist="no" 4430 ]) 4431]) 4432if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4433 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4434 [Define if your system defines sys_errlist[]]) 4435fi 4436 4437 4438AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4439 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4440[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4441 [ ac_cv_libc_defines_sys_nerr="yes" ], 4442 [ ac_cv_libc_defines_sys_nerr="no" 4443 ]) 4444]) 4445if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4446 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4447fi 4448 4449# Check libraries needed by DNS fingerprint support 4450AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4451 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4452 [Define if getrrsetbyname() exists])], 4453 [ 4454 # Needed by our getrrsetbyname() 4455 AC_SEARCH_LIBS([res_query], [resolv]) 4456 AC_SEARCH_LIBS([dn_expand], [resolv]) 4457 AC_MSG_CHECKING([if res_query will link]) 4458 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4459#include <sys/types.h> 4460#include <netinet/in.h> 4461#include <arpa/nameser.h> 4462#include <netdb.h> 4463#include <resolv.h> 4464 ]], [[ 4465 res_query (0, 0, 0, 0, 0); 4466 ]])], 4467 AC_MSG_RESULT([yes]), 4468 [AC_MSG_RESULT([no]) 4469 saved_LIBS="$LIBS" 4470 LIBS="$LIBS -lresolv" 4471 AC_MSG_CHECKING([for res_query in -lresolv]) 4472 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4473#include <sys/types.h> 4474#include <netinet/in.h> 4475#include <arpa/nameser.h> 4476#include <netdb.h> 4477#include <resolv.h> 4478 ]], [[ 4479 res_query (0, 0, 0, 0, 0); 4480 ]])], 4481 [AC_MSG_RESULT([yes])], 4482 [LIBS="$saved_LIBS" 4483 AC_MSG_RESULT([no])]) 4484 ]) 4485 AC_CHECK_FUNCS([_getshort _getlong]) 4486 AC_CHECK_DECLS([_getshort, _getlong], , , 4487 [#include <sys/types.h> 4488 #include <arpa/nameser.h>]) 4489 AC_CHECK_MEMBER([HEADER.ad], 4490 [AC_DEFINE([HAVE_HEADER_AD], [1], 4491 [Define if HEADER.ad exists in arpa/nameser.h])], , 4492 [#include <arpa/nameser.h>]) 4493 ]) 4494 4495AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4496AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4497#include <stdio.h> 4498#if HAVE_SYS_TYPES_H 4499# include <sys/types.h> 4500#endif 4501#include <netinet/in.h> 4502#include <arpa/nameser.h> 4503#include <resolv.h> 4504extern struct __res_state _res; 4505 ]], [[ 4506struct __res_state *volatile p = &_res; /* force resolution of _res */ 4507return 0; 4508 ]],)], 4509 [AC_MSG_RESULT([yes]) 4510 AC_DEFINE([HAVE__RES_EXTERN], [1], 4511 [Define if you have struct __res_state _res as an extern]) 4512 ], 4513 [ AC_MSG_RESULT([no]) ] 4514) 4515 4516# Check whether user wants SELinux support 4517SELINUX_MSG="no" 4518LIBSELINUX="" 4519AC_ARG_WITH([selinux], 4520 [ --with-selinux Enable SELinux support], 4521 [ if test "x$withval" != "xno" ; then 4522 save_LIBS="$LIBS" 4523 AC_DEFINE([WITH_SELINUX], [1], 4524 [Define if you want SELinux support.]) 4525 SELINUX_MSG="yes" 4526 AC_CHECK_HEADER([selinux/selinux.h], , 4527 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4528 AC_CHECK_LIB([selinux], [setexeccon], 4529 [ LIBSELINUX="-lselinux" 4530 LIBS="$LIBS -lselinux" 4531 ], 4532 AC_MSG_ERROR([SELinux support requires libselinux library])) 4533 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4534 LIBS="$save_LIBS $LIBSELINUX" 4535 fi ] 4536) 4537AC_SUBST([SSHDLIBS]) 4538 4539# Check whether user wants Kerberos 5 support 4540KRB5_MSG="no" 4541AC_ARG_WITH([kerberos5], 4542 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4543 [ if test "x$withval" != "xno" ; then 4544 if test "x$withval" = "xyes" ; then 4545 KRB5ROOT="/usr/local" 4546 else 4547 KRB5ROOT=${withval} 4548 fi 4549 4550 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4551 KRB5_MSG="yes" 4552 4553 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4554 [$KRB5ROOT/bin/krb5-config], 4555 [$KRB5ROOT/bin:$PATH]) 4556 if test -x $KRB5CONF ; then 4557 K5CFLAGS="`$KRB5CONF --cflags`" 4558 K5LIBS="`$KRB5CONF --libs`" 4559 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4560 4561 AC_MSG_CHECKING([for gssapi support]) 4562 if $KRB5CONF | grep gssapi >/dev/null ; then 4563 AC_MSG_RESULT([yes]) 4564 AC_DEFINE([GSSAPI], [1], 4565 [Define this if you want GSSAPI 4566 support in the version 2 protocol]) 4567 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4568 GSSLIBS="`$KRB5CONF --libs gssapi`" 4569 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4570 else 4571 AC_MSG_RESULT([no]) 4572 fi 4573 AC_MSG_CHECKING([whether we are using Heimdal]) 4574 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4575 ]], [[ char *tmp = heimdal_version; ]])], 4576 [ AC_MSG_RESULT([yes]) 4577 AC_DEFINE([HEIMDAL], [1], 4578 [Define this if you are using the Heimdal 4579 version of Kerberos V5]) ], 4580 [AC_MSG_RESULT([no]) 4581 ]) 4582 else 4583 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4584 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4585 AC_MSG_CHECKING([whether we are using Heimdal]) 4586 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4587 ]], [[ char *tmp = heimdal_version; ]])], 4588 [ AC_MSG_RESULT([yes]) 4589 AC_DEFINE([HEIMDAL]) 4590 K5LIBS="-lkrb5" 4591 K5LIBS="$K5LIBS -lcom_err -lasn1" 4592 AC_CHECK_LIB([roken], [net_write], 4593 [K5LIBS="$K5LIBS -lroken"]) 4594 AC_CHECK_LIB([des], [des_cbc_encrypt], 4595 [K5LIBS="$K5LIBS -ldes"]) 4596 ], [ AC_MSG_RESULT([no]) 4597 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4598 ]) 4599 AC_SEARCH_LIBS([dn_expand], [resolv]) 4600 4601 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4602 [ AC_DEFINE([GSSAPI]) 4603 GSSLIBS="-lgssapi_krb5" ], 4604 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4605 [ AC_DEFINE([GSSAPI]) 4606 GSSLIBS="-lgssapi" ], 4607 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4608 [ AC_DEFINE([GSSAPI]) 4609 GSSLIBS="-lgss" ], 4610 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4611 ]) 4612 ]) 4613 4614 AC_CHECK_HEADER([gssapi.h], , 4615 [ unset ac_cv_header_gssapi_h 4616 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4617 AC_CHECK_HEADERS([gssapi.h], , 4618 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4619 ) 4620 ] 4621 ) 4622 4623 oldCPP="$CPPFLAGS" 4624 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4625 AC_CHECK_HEADER([gssapi_krb5.h], , 4626 [ CPPFLAGS="$oldCPP" ]) 4627 4628 fi 4629 if test -n "${rpath_opt}" ; then 4630 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4631 fi 4632 if test ! -z "$blibpath" ; then 4633 blibpath="$blibpath:${KRB5ROOT}/lib" 4634 fi 4635 4636 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4637 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4638 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4639 4640 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4641 [Define this if you want to use libkafs' AFS support])]) 4642 4643 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4644#ifdef HAVE_GSSAPI_H 4645# include <gssapi.h> 4646#elif defined(HAVE_GSSAPI_GSSAPI_H) 4647# include <gssapi/gssapi.h> 4648#endif 4649 4650#ifdef HAVE_GSSAPI_GENERIC_H 4651# include <gssapi_generic.h> 4652#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4653# include <gssapi/gssapi_generic.h> 4654#endif 4655 ]]) 4656 saved_LIBS="$LIBS" 4657 LIBS="$LIBS $K5LIBS" 4658 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4659 LIBS="$saved_LIBS" 4660 4661 fi 4662 ] 4663) 4664AC_SUBST([GSSLIBS]) 4665AC_SUBST([K5LIBS]) 4666 4667# Looking for programs, paths and files 4668 4669PRIVSEP_PATH=/var/empty 4670AC_ARG_WITH([privsep-path], 4671 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4672 [ 4673 if test -n "$withval" && test "x$withval" != "xno" && \ 4674 test "x${withval}" != "xyes"; then 4675 PRIVSEP_PATH=$withval 4676 fi 4677 ] 4678) 4679AC_SUBST([PRIVSEP_PATH]) 4680 4681AC_ARG_WITH([xauth], 4682 [ --with-xauth=PATH Specify path to xauth program ], 4683 [ 4684 if test -n "$withval" && test "x$withval" != "xno" && \ 4685 test "x${withval}" != "xyes"; then 4686 xauth_path=$withval 4687 fi 4688 ], 4689 [ 4690 TestPath="$PATH" 4691 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4692 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4693 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4694 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4695 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4696 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4697 xauth_path="/usr/openwin/bin/xauth" 4698 fi 4699 ] 4700) 4701 4702STRIP_OPT=-s 4703AC_ARG_ENABLE([strip], 4704 [ --disable-strip Disable calling strip(1) on install], 4705 [ 4706 if test "x$enableval" = "xno" ; then 4707 STRIP_OPT= 4708 fi 4709 ] 4710) 4711AC_SUBST([STRIP_OPT]) 4712 4713if test -z "$xauth_path" ; then 4714 XAUTH_PATH="undefined" 4715 AC_SUBST([XAUTH_PATH]) 4716else 4717 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4718 [Define if xauth is found in your path]) 4719 XAUTH_PATH=$xauth_path 4720 AC_SUBST([XAUTH_PATH]) 4721fi 4722 4723dnl # --with-maildir=/path/to/mail gets top priority. 4724dnl # if maildir is set in the platform case statement above we use that. 4725dnl # Otherwise we run a program to get the dir from system headers. 4726dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4727dnl # If we find _PATH_MAILDIR we do nothing because that is what 4728dnl # session.c expects anyway. Otherwise we set to the value found 4729dnl # stripping any trailing slash. If for some strage reason our program 4730dnl # does not find what it needs, we default to /var/spool/mail. 4731# Check for mail directory 4732AC_ARG_WITH([maildir], 4733 [ --with-maildir=/path/to/mail Specify your system mail directory], 4734 [ 4735 if test "X$withval" != X && test "x$withval" != xno && \ 4736 test "x${withval}" != xyes; then 4737 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4738 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4739 fi 4740 ],[ 4741 if test "X$maildir" != "X"; then 4742 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4743 else 4744 AC_MSG_CHECKING([Discovering system mail directory]) 4745 AC_RUN_IFELSE( 4746 [AC_LANG_PROGRAM([[ 4747#include <stdio.h> 4748#include <string.h> 4749#ifdef HAVE_PATHS_H 4750#include <paths.h> 4751#endif 4752#ifdef HAVE_MAILLOCK_H 4753#include <maillock.h> 4754#endif 4755#define DATA "conftest.maildir" 4756 ]], [[ 4757 FILE *fd; 4758 int rc; 4759 4760 fd = fopen(DATA,"w"); 4761 if(fd == NULL) 4762 exit(1); 4763 4764#if defined (_PATH_MAILDIR) 4765 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4766 exit(1); 4767#elif defined (MAILDIR) 4768 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4769 exit(1); 4770#elif defined (_PATH_MAIL) 4771 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4772 exit(1); 4773#else 4774 exit (2); 4775#endif 4776 4777 exit(0); 4778 ]])], 4779 [ 4780 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4781 maildir=`awk -F: '{print $2}' conftest.maildir \ 4782 | sed 's|/$||'` 4783 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4784 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4785 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4786 fi 4787 ], 4788 [ 4789 if test "X$ac_status" = "X2";then 4790# our test program didn't find it. Default to /var/spool/mail 4791 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4792 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4793 else 4794 AC_MSG_RESULT([*** not found ***]) 4795 fi 4796 ], 4797 [ 4798 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4799 ] 4800 ) 4801 fi 4802 ] 4803) # maildir 4804 4805if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4806 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4807 disable_ptmx_check=yes 4808fi 4809if test -z "$no_dev_ptmx" ; then 4810 if test "x$disable_ptmx_check" != "xyes" ; then 4811 AC_CHECK_FILE(["/dev/ptmx"], 4812 [ 4813 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4814 [Define if you have /dev/ptmx]) 4815 have_dev_ptmx=1 4816 ] 4817 ) 4818 fi 4819fi 4820 4821if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4822 AC_CHECK_FILE(["/dev/ptc"], 4823 [ 4824 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4825 [Define if you have /dev/ptc]) 4826 have_dev_ptc=1 4827 ] 4828 ) 4829else 4830 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4831fi 4832 4833# Options from here on. Some of these are preset by platform above 4834AC_ARG_WITH([mantype], 4835 [ --with-mantype=man|cat|doc Set man page type], 4836 [ 4837 case "$withval" in 4838 man|cat|doc) 4839 MANTYPE=$withval 4840 ;; 4841 *) 4842 AC_MSG_ERROR([invalid man type: $withval]) 4843 ;; 4844 esac 4845 ] 4846) 4847if test -z "$MANTYPE"; then 4848 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 4849 MANTYPE=doc 4850 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4851 MANTYPE=doc 4852 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4853 MANTYPE=man 4854 else 4855 MANTYPE=cat 4856 fi 4857fi 4858AC_SUBST([MANTYPE]) 4859if test "$MANTYPE" = "doc"; then 4860 mansubdir=man; 4861else 4862 mansubdir=$MANTYPE; 4863fi 4864AC_SUBST([mansubdir]) 4865 4866# Check whether to enable MD5 passwords 4867MD5_MSG="no" 4868AC_ARG_WITH([md5-passwords], 4869 [ --with-md5-passwords Enable use of MD5 passwords], 4870 [ 4871 if test "x$withval" != "xno" ; then 4872 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4873 [Define if you want to allow MD5 passwords]) 4874 MD5_MSG="yes" 4875 fi 4876 ] 4877) 4878 4879# Whether to disable shadow password support 4880AC_ARG_WITH([shadow], 4881 [ --without-shadow Disable shadow password support], 4882 [ 4883 if test "x$withval" = "xno" ; then 4884 AC_DEFINE([DISABLE_SHADOW]) 4885 disable_shadow=yes 4886 fi 4887 ] 4888) 4889 4890if test -z "$disable_shadow" ; then 4891 AC_MSG_CHECKING([if the systems has expire shadow information]) 4892 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4893#include <sys/types.h> 4894#include <shadow.h> 4895struct spwd sp; 4896 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4897 [ sp_expire_available=yes ], [ 4898 ]) 4899 4900 if test "x$sp_expire_available" = "xyes" ; then 4901 AC_MSG_RESULT([yes]) 4902 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4903 [Define if you want to use shadow password expire field]) 4904 else 4905 AC_MSG_RESULT([no]) 4906 fi 4907fi 4908 4909# Use ip address instead of hostname in $DISPLAY 4910if test ! -z "$IPADDR_IN_DISPLAY" ; then 4911 DISPLAY_HACK_MSG="yes" 4912 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4913 [Define if you need to use IP address 4914 instead of hostname in $DISPLAY]) 4915else 4916 DISPLAY_HACK_MSG="no" 4917 AC_ARG_WITH([ipaddr-display], 4918 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 4919 [ 4920 if test "x$withval" != "xno" ; then 4921 AC_DEFINE([IPADDR_IN_DISPLAY]) 4922 DISPLAY_HACK_MSG="yes" 4923 fi 4924 ] 4925 ) 4926fi 4927 4928# check for /etc/default/login and use it if present. 4929AC_ARG_ENABLE([etc-default-login], 4930 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4931 [ if test "x$enableval" = "xno"; then 4932 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4933 etc_default_login=no 4934 else 4935 etc_default_login=yes 4936 fi ], 4937 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4938 then 4939 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4940 etc_default_login=no 4941 else 4942 etc_default_login=yes 4943 fi ] 4944) 4945 4946if test "x$etc_default_login" != "xno"; then 4947 AC_CHECK_FILE(["/etc/default/login"], 4948 [ external_path_file=/etc/default/login ]) 4949 if test "x$external_path_file" = "x/etc/default/login"; then 4950 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4951 [Define if your system has /etc/default/login]) 4952 fi 4953fi 4954 4955dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4956if test $ac_cv_func_login_getcapbool = "yes" && \ 4957 test $ac_cv_header_login_cap_h = "yes" ; then 4958 external_path_file=/etc/login.conf 4959fi 4960 4961# Whether to mess with the default path 4962SERVER_PATH_MSG="(default)" 4963AC_ARG_WITH([default-path], 4964 [ --with-default-path= Specify default $PATH environment for server], 4965 [ 4966 if test "x$external_path_file" = "x/etc/login.conf" ; then 4967 AC_MSG_WARN([ 4968--with-default-path=PATH has no effect on this system. 4969Edit /etc/login.conf instead.]) 4970 elif test "x$withval" != "xno" ; then 4971 if test ! -z "$external_path_file" ; then 4972 AC_MSG_WARN([ 4973--with-default-path=PATH will only be used if PATH is not defined in 4974$external_path_file .]) 4975 fi 4976 user_path="$withval" 4977 SERVER_PATH_MSG="$withval" 4978 fi 4979 ], 4980 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 4981 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 4982 else 4983 if test ! -z "$external_path_file" ; then 4984 AC_MSG_WARN([ 4985If PATH is defined in $external_path_file, ensure the path to scp is included, 4986otherwise scp will not work.]) 4987 fi 4988 AC_RUN_IFELSE( 4989 [AC_LANG_PROGRAM([[ 4990/* find out what STDPATH is */ 4991#include <stdio.h> 4992#ifdef HAVE_PATHS_H 4993# include <paths.h> 4994#endif 4995#ifndef _PATH_STDPATH 4996# ifdef _PATH_USERPATH /* Irix */ 4997# define _PATH_STDPATH _PATH_USERPATH 4998# else 4999# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 5000# endif 5001#endif 5002#include <sys/types.h> 5003#include <sys/stat.h> 5004#include <fcntl.h> 5005#define DATA "conftest.stdpath" 5006 ]], [[ 5007 FILE *fd; 5008 int rc; 5009 5010 fd = fopen(DATA,"w"); 5011 if(fd == NULL) 5012 exit(1); 5013 5014 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5015 exit(1); 5016 5017 exit(0); 5018 ]])], 5019 [ user_path=`cat conftest.stdpath` ], 5020 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5021 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5022 ) 5023# make sure $bindir is in USER_PATH so scp will work 5024 t_bindir="${bindir}" 5025 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5026 t_bindir=`eval echo ${t_bindir}` 5027 case $t_bindir in 5028 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5029 esac 5030 case $t_bindir in 5031 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5032 esac 5033 done 5034 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5035 if test $? -ne 0 ; then 5036 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5037 if test $? -ne 0 ; then 5038 user_path=$user_path:$t_bindir 5039 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5040 fi 5041 fi 5042 fi ] 5043) 5044if test "x$external_path_file" != "x/etc/login.conf" ; then 5045 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5046 AC_SUBST([user_path]) 5047fi 5048 5049# Set superuser path separately to user path 5050AC_ARG_WITH([superuser-path], 5051 [ --with-superuser-path= Specify different path for super-user], 5052 [ 5053 if test -n "$withval" && test "x$withval" != "xno" && \ 5054 test "x${withval}" != "xyes"; then 5055 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5056 [Define if you want a different $PATH 5057 for the superuser]) 5058 superuser_path=$withval 5059 fi 5060 ] 5061) 5062 5063 5064AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5065IPV4_IN6_HACK_MSG="no" 5066AC_ARG_WITH(4in6, 5067 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5068 [ 5069 if test "x$withval" != "xno" ; then 5070 AC_MSG_RESULT([yes]) 5071 AC_DEFINE([IPV4_IN_IPV6], [1], 5072 [Detect IPv4 in IPv6 mapped addresses 5073 and treat as IPv4]) 5074 IPV4_IN6_HACK_MSG="yes" 5075 else 5076 AC_MSG_RESULT([no]) 5077 fi 5078 ], [ 5079 if test "x$inet6_default_4in6" = "xyes"; then 5080 AC_MSG_RESULT([yes (default)]) 5081 AC_DEFINE([IPV4_IN_IPV6]) 5082 IPV4_IN6_HACK_MSG="yes" 5083 else 5084 AC_MSG_RESULT([no (default)]) 5085 fi 5086 ] 5087) 5088 5089# Whether to enable BSD auth support 5090BSD_AUTH_MSG=no 5091AC_ARG_WITH([bsd-auth], 5092 [ --with-bsd-auth Enable BSD auth support], 5093 [ 5094 if test "x$withval" != "xno" ; then 5095 AC_DEFINE([BSD_AUTH], [1], 5096 [Define if you have BSD auth support]) 5097 BSD_AUTH_MSG=yes 5098 fi 5099 ] 5100) 5101 5102# Where to place sshd.pid 5103piddir=/var/run 5104# make sure the directory exists 5105if test ! -d $piddir ; then 5106 piddir=`eval echo ${sysconfdir}` 5107 case $piddir in 5108 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5109 esac 5110fi 5111 5112AC_ARG_WITH([pid-dir], 5113 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5114 [ 5115 if test -n "$withval" && test "x$withval" != "xno" && \ 5116 test "x${withval}" != "xyes"; then 5117 piddir=$withval 5118 if test ! -d $piddir ; then 5119 AC_MSG_WARN([** no $piddir directory on this system **]) 5120 fi 5121 fi 5122 ] 5123) 5124 5125AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5126 [Specify location of ssh.pid]) 5127AC_SUBST([piddir]) 5128 5129dnl allow user to disable some login recording features 5130AC_ARG_ENABLE([lastlog], 5131 [ --disable-lastlog disable use of lastlog even if detected [no]], 5132 [ 5133 if test "x$enableval" = "xno" ; then 5134 AC_DEFINE([DISABLE_LASTLOG]) 5135 fi 5136 ] 5137) 5138AC_ARG_ENABLE([utmp], 5139 [ --disable-utmp disable use of utmp even if detected [no]], 5140 [ 5141 if test "x$enableval" = "xno" ; then 5142 AC_DEFINE([DISABLE_UTMP]) 5143 fi 5144 ] 5145) 5146AC_ARG_ENABLE([utmpx], 5147 [ --disable-utmpx disable use of utmpx even if detected [no]], 5148 [ 5149 if test "x$enableval" = "xno" ; then 5150 AC_DEFINE([DISABLE_UTMPX], [1], 5151 [Define if you don't want to use utmpx]) 5152 fi 5153 ] 5154) 5155AC_ARG_ENABLE([wtmp], 5156 [ --disable-wtmp disable use of wtmp even if detected [no]], 5157 [ 5158 if test "x$enableval" = "xno" ; then 5159 AC_DEFINE([DISABLE_WTMP]) 5160 fi 5161 ] 5162) 5163AC_ARG_ENABLE([wtmpx], 5164 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5165 [ 5166 if test "x$enableval" = "xno" ; then 5167 AC_DEFINE([DISABLE_WTMPX], [1], 5168 [Define if you don't want to use wtmpx]) 5169 fi 5170 ] 5171) 5172AC_ARG_ENABLE([libutil], 5173 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5174 [ 5175 if test "x$enableval" = "xno" ; then 5176 AC_DEFINE([DISABLE_LOGIN]) 5177 fi 5178 ] 5179) 5180AC_ARG_ENABLE([pututline], 5181 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5182 [ 5183 if test "x$enableval" = "xno" ; then 5184 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5185 [Define if you don't want to use pututline() 5186 etc. to write [uw]tmp]) 5187 fi 5188 ] 5189) 5190AC_ARG_ENABLE([pututxline], 5191 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5192 [ 5193 if test "x$enableval" = "xno" ; then 5194 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5195 [Define if you don't want to use pututxline() 5196 etc. to write [uw]tmpx]) 5197 fi 5198 ] 5199) 5200AC_ARG_WITH([lastlog], 5201 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5202 [ 5203 if test "x$withval" = "xno" ; then 5204 AC_DEFINE([DISABLE_LASTLOG]) 5205 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5206 conf_lastlog_location=$withval 5207 fi 5208 ] 5209) 5210 5211dnl lastlog, [uw]tmpx? detection 5212dnl NOTE: set the paths in the platform section to avoid the 5213dnl need for command-line parameters 5214dnl lastlog and [uw]tmp are subject to a file search if all else fails 5215 5216dnl lastlog detection 5217dnl NOTE: the code itself will detect if lastlog is a directory 5218AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5219AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5220#include <sys/types.h> 5221#include <utmp.h> 5222#ifdef HAVE_LASTLOG_H 5223# include <lastlog.h> 5224#endif 5225#ifdef HAVE_PATHS_H 5226# include <paths.h> 5227#endif 5228#ifdef HAVE_LOGIN_H 5229# include <login.h> 5230#endif 5231 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5232 [ AC_MSG_RESULT([yes]) ], 5233 [ 5234 AC_MSG_RESULT([no]) 5235 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5236 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5237#include <sys/types.h> 5238#include <utmp.h> 5239#ifdef HAVE_LASTLOG_H 5240# include <lastlog.h> 5241#endif 5242#ifdef HAVE_PATHS_H 5243# include <paths.h> 5244#endif 5245 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5246 [ AC_MSG_RESULT([yes]) ], 5247 [ 5248 AC_MSG_RESULT([no]) 5249 system_lastlog_path=no 5250 ]) 5251]) 5252 5253if test -z "$conf_lastlog_location"; then 5254 if test x"$system_lastlog_path" = x"no" ; then 5255 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5256 if (test -d "$f" || test -f "$f") ; then 5257 conf_lastlog_location=$f 5258 fi 5259 done 5260 if test -z "$conf_lastlog_location"; then 5261 AC_MSG_WARN([** Cannot find lastlog **]) 5262 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5263 fi 5264 fi 5265fi 5266 5267if test -n "$conf_lastlog_location"; then 5268 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5269 [Define if you want to specify the path to your lastlog file]) 5270fi 5271 5272dnl utmp detection 5273AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5274AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5275#include <sys/types.h> 5276#include <utmp.h> 5277#ifdef HAVE_PATHS_H 5278# include <paths.h> 5279#endif 5280 ]], [[ char *utmp = UTMP_FILE; ]])], 5281 [ AC_MSG_RESULT([yes]) ], 5282 [ AC_MSG_RESULT([no]) 5283 system_utmp_path=no 5284]) 5285if test -z "$conf_utmp_location"; then 5286 if test x"$system_utmp_path" = x"no" ; then 5287 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5288 if test -f $f ; then 5289 conf_utmp_location=$f 5290 fi 5291 done 5292 if test -z "$conf_utmp_location"; then 5293 AC_DEFINE([DISABLE_UTMP]) 5294 fi 5295 fi 5296fi 5297if test -n "$conf_utmp_location"; then 5298 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5299 [Define if you want to specify the path to your utmp file]) 5300fi 5301 5302dnl wtmp detection 5303AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5304AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5305#include <sys/types.h> 5306#include <utmp.h> 5307#ifdef HAVE_PATHS_H 5308# include <paths.h> 5309#endif 5310 ]], [[ char *wtmp = WTMP_FILE; ]])], 5311 [ AC_MSG_RESULT([yes]) ], 5312 [ AC_MSG_RESULT([no]) 5313 system_wtmp_path=no 5314]) 5315if test -z "$conf_wtmp_location"; then 5316 if test x"$system_wtmp_path" = x"no" ; then 5317 for f in /usr/adm/wtmp /var/log/wtmp; do 5318 if test -f $f ; then 5319 conf_wtmp_location=$f 5320 fi 5321 done 5322 if test -z "$conf_wtmp_location"; then 5323 AC_DEFINE([DISABLE_WTMP]) 5324 fi 5325 fi 5326fi 5327if test -n "$conf_wtmp_location"; then 5328 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5329 [Define if you want to specify the path to your wtmp file]) 5330fi 5331 5332dnl wtmpx detection 5333AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5334AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5335#include <sys/types.h> 5336#include <utmp.h> 5337#ifdef HAVE_UTMPX_H 5338#include <utmpx.h> 5339#endif 5340#ifdef HAVE_PATHS_H 5341# include <paths.h> 5342#endif 5343 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5344 [ AC_MSG_RESULT([yes]) ], 5345 [ AC_MSG_RESULT([no]) 5346 system_wtmpx_path=no 5347]) 5348if test -z "$conf_wtmpx_location"; then 5349 if test x"$system_wtmpx_path" = x"no" ; then 5350 AC_DEFINE([DISABLE_WTMPX]) 5351 fi 5352else 5353 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5354 [Define if you want to specify the path to your wtmpx file]) 5355fi 5356 5357 5358if test ! -z "$blibpath" ; then 5359 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5360 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5361fi 5362 5363AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5364 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5365 AC_DEFINE([DISABLE_LASTLOG]) 5366 fi 5367 ], [ 5368#ifdef HAVE_SYS_TYPES_H 5369#include <sys/types.h> 5370#endif 5371#ifdef HAVE_UTMP_H 5372#include <utmp.h> 5373#endif 5374#ifdef HAVE_UTMPX_H 5375#include <utmpx.h> 5376#endif 5377#ifdef HAVE_LASTLOG_H 5378#include <lastlog.h> 5379#endif 5380 ]) 5381 5382AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5383 AC_DEFINE([DISABLE_UTMP]) 5384 AC_DEFINE([DISABLE_WTMP]) 5385 ], [ 5386#ifdef HAVE_SYS_TYPES_H 5387#include <sys/types.h> 5388#endif 5389#ifdef HAVE_UTMP_H 5390#include <utmp.h> 5391#endif 5392#ifdef HAVE_UTMPX_H 5393#include <utmpx.h> 5394#endif 5395#ifdef HAVE_LASTLOG_H 5396#include <lastlog.h> 5397#endif 5398 ]) 5399 5400dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5401dnl Add now. 5402CFLAGS="$CFLAGS $werror_flags" 5403 5404if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5405 TEST_SSH_IPV6=no 5406else 5407 TEST_SSH_IPV6=yes 5408fi 5409AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5410AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5411AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5412AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5413AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5414AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5415 5416CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5417LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5418 5419# Make a copy of CFLAGS/LDFLAGS without PIE options. 5420LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5421CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5422AC_SUBST([LDFLAGS_NOPIE]) 5423AC_SUBST([CFLAGS_NOPIE]) 5424 5425AC_EXEEXT 5426AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5427 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5428 survey.sh]) 5429AC_OUTPUT 5430 5431# Print summary of options 5432 5433# Someone please show me a better way :) 5434A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5435B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5436C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5437D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5438E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5439F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5440G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5441H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5442I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5443J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5444 5445echo "" 5446echo "OpenSSH has been configured with the following options:" 5447echo " User binaries: $B" 5448echo " System binaries: $C" 5449echo " Configuration files: $D" 5450echo " Askpass program: $E" 5451echo " Manual pages: $F" 5452echo " PID file: $G" 5453echo " Privilege separation chroot path: $H" 5454if test "x$external_path_file" = "x/etc/login.conf" ; then 5455echo " At runtime, sshd will use the path defined in $external_path_file" 5456echo " Make sure the path to scp is present, otherwise scp will not work" 5457else 5458echo " sshd default user PATH: $I" 5459 if test ! -z "$external_path_file"; then 5460echo " (If PATH is set in $external_path_file it will be used instead. If" 5461echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5462 fi 5463fi 5464if test ! -z "$superuser_path" ; then 5465echo " sshd superuser user PATH: $J" 5466fi 5467echo " Manpage format: $MANTYPE" 5468echo " PAM support: $PAM_MSG" 5469echo " OSF SIA support: $SIA_MSG" 5470echo " KerberosV support: $KRB5_MSG" 5471echo " SELinux support: $SELINUX_MSG" 5472echo " MD5 password support: $MD5_MSG" 5473echo " libedit support: $LIBEDIT_MSG" 5474echo " libldns support: $LDNS_MSG" 5475echo " Solaris process contract support: $SPC_MSG" 5476echo " Solaris project support: $SP_MSG" 5477echo " Solaris privilege support: $SPP_MSG" 5478echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5479echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5480echo " BSD Auth support: $BSD_AUTH_MSG" 5481echo " Random number source: $RAND_MSG" 5482echo " Privsep sandbox style: $SANDBOX_STYLE" 5483echo " PKCS#11 support: $enable_pkcs11" 5484echo " U2F/FIDO support: $enable_sk" 5485 5486echo "" 5487 5488echo " Host: ${host}" 5489echo " Compiler: ${CC}" 5490echo " Compiler flags: ${CFLAGS}" 5491echo "Preprocessor flags: ${CPPFLAGS}" 5492echo " Linker flags: ${LDFLAGS}" 5493echo " Libraries: ${LIBS}" 5494if test ! -z "${SSHDLIBS}"; then 5495echo " +for sshd: ${SSHDLIBS}" 5496fi 5497 5498echo "" 5499 5500if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5501 echo "SVR4 style packages are supported with \"make package\"" 5502 echo "" 5503fi 5504 5505if test "x$PAM_MSG" = "xyes" ; then 5506 echo "PAM is enabled. You may need to install a PAM control file " 5507 echo "for sshd, otherwise password authentication may fail. " 5508 echo "Example PAM control files can be found in the contrib/ " 5509 echo "subdirectory" 5510 echo "" 5511fi 5512 5513if test ! -z "$NO_PEERCHECK" ; then 5514 echo "WARNING: the operating system that you are using does not" 5515 echo "appear to support getpeereid(), getpeerucred() or the" 5516 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5517 echo "enforce security checks to prevent unauthorised connections to" 5518 echo "ssh-agent. Their absence increases the risk that a malicious" 5519 echo "user can connect to your agent." 5520 echo "" 5521fi 5522 5523if test "$AUDIT_MODULE" = "bsm" ; then 5524 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5525 echo "See the Solaris section in README.platform for details." 5526fi 5527