1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_CONFIG_MACRO_DIR([m4]) 18AC_CONFIG_SRCDIR([ssh.c]) 19AC_LANG([C]) 20 21AC_CONFIG_HEADER([config.h]) 22AC_PROG_CC([cc gcc]) 23AC_CANONICAL_HOST 24AC_C_BIGENDIAN 25 26# Checks for programs. 27AC_PROG_AWK 28AC_PROG_CPP 29AC_PROG_RANLIB 30AC_PROG_INSTALL 31AC_PROG_EGREP 32AC_PROG_MKDIR_P 33AC_CHECK_TOOLS([AR], [ar]) 34AC_PATH_PROG([CAT], [cat]) 35AC_PATH_PROG([KILL], [kill]) 36AC_PATH_PROG([SED], [sed]) 37AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 38AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 39AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 40AC_PATH_PROG([SH], [sh]) 41AC_PATH_PROG([GROFF], [groff]) 42AC_PATH_PROG([NROFF], [nroff awf]) 43AC_PATH_PROG([MANDOC], [mandoc]) 44AC_SUBST([TEST_SHELL], [sh]) 45 46dnl select manpage formatter to be used to build "cat" format pages. 47if test "x$MANDOC" != "x" ; then 48 MANFMT="$MANDOC" 49elif test "x$NROFF" != "x" ; then 50 MANFMT="$NROFF -mandoc" 51elif test "x$GROFF" != "x" ; then 52 MANFMT="$GROFF -mandoc -Tascii" 53else 54 AC_MSG_WARN([no manpage formatter found]) 55 MANFMT="false" 56fi 57AC_SUBST([MANFMT]) 58 59dnl for buildpkg.sh 60AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 61 [/usr/sbin${PATH_SEPARATOR}/etc]) 62AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 63 [/usr/sbin${PATH_SEPARATOR}/etc]) 64AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 65if test -x /sbin/sh; then 66 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 67else 68 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 69fi 70 71# System features 72AC_SYS_LARGEFILE 73 74if test -z "$AR" ; then 75 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 76fi 77 78AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 79if test ! -z "$PATH_PASSWD_PROG" ; then 80 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 81 [Full path of your "passwd" program]) 82fi 83 84dnl Since autoconf doesn't support it very well, we no longer allow users to 85dnl override LD, however keeping the hook here for now in case there's a use 86dnl use case we overlooked and someone needs to re-enable it. Unless a good 87dnl reason is found we'll be removing this in future. 88LD="$CC" 89AC_SUBST([LD]) 90 91AC_C_INLINE 92 93AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 94AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 95AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 96 #include <sys/types.h> 97 #include <sys/param.h> 98 #include <dev/systrace.h> 99]) 100AC_CHECK_DECL([RLIMIT_NPROC], 101 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 102 #include <sys/types.h> 103 #include <sys/resource.h> 104]) 105AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 106 #include <sys/types.h> 107 #include <linux/prctl.h> 108]) 109 110openssl=yes 111AC_ARG_WITH([openssl], 112 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 113 [ if test "x$withval" = "xno" ; then 114 openssl=no 115 fi 116 ] 117) 118AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 119if test "x$openssl" = "xyes" ; then 120 AC_MSG_RESULT([yes]) 121 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 122else 123 AC_MSG_RESULT([no]) 124fi 125 126use_stack_protector=1 127use_toolchain_hardening=1 128AC_ARG_WITH([stackprotect], 129 [ --without-stackprotect Don't use compiler's stack protection], [ 130 if test "x$withval" = "xno"; then 131 use_stack_protector=0 132 fi ]) 133AC_ARG_WITH([hardening], 134 [ --without-hardening Don't use toolchain hardening flags], [ 135 if test "x$withval" = "xno"; then 136 use_toolchain_hardening=0 137 fi ]) 138 139# We use -Werror for the tests only so that we catch warnings like "this is 140# on by default" for things like -fPIE. 141AC_MSG_CHECKING([if $CC supports -Werror]) 142saved_CFLAGS="$CFLAGS" 143CFLAGS="$CFLAGS -Werror" 144AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 145 [ AC_MSG_RESULT([yes]) 146 WERROR="-Werror"], 147 [ AC_MSG_RESULT([no]) 148 WERROR="" ] 149) 150CFLAGS="$saved_CFLAGS" 151 152if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 153 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 154 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 155 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 156 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 157 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 158 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 159 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 160 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 161 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 162 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 163 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 164 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 165 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 166 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 167 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 168 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 169 if test "x$use_toolchain_hardening" = "x1"; then 170 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 171 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 172 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 173 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 174 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 175 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 176 # NB. -ftrapv expects certain support functions to be present in 177 # the compiler library (libgcc or similar) to detect integer operations 178 # that can overflow. We must check that the result of enabling it 179 # actually links. The test program compiled/linked includes a number 180 # of integer operations that should exercise this. 181 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 182 fi 183 AC_MSG_CHECKING([gcc version]) 184 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 185 case $GCC_VER in 186 1.*) no_attrib_nonnull=1 ;; 187 2.8* | 2.9*) 188 no_attrib_nonnull=1 189 ;; 190 2.*) no_attrib_nonnull=1 ;; 191 *) ;; 192 esac 193 AC_MSG_RESULT([$GCC_VER]) 194 195 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 196 saved_CFLAGS="$CFLAGS" 197 CFLAGS="$CFLAGS -fno-builtin-memset" 198 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 199 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 200 [ AC_MSG_RESULT([yes]) ], 201 [ AC_MSG_RESULT([no]) 202 CFLAGS="$saved_CFLAGS" ] 203 ) 204 205 # -fstack-protector-all doesn't always work for some GCC versions 206 # and/or platforms, so we test if we can. If it's not supported 207 # on a given platform gcc will emit a warning so we use -Werror. 208 if test "x$use_stack_protector" = "x1"; then 209 for t in -fstack-protector-strong -fstack-protector-all \ 210 -fstack-protector; do 211 AC_MSG_CHECKING([if $CC supports $t]) 212 saved_CFLAGS="$CFLAGS" 213 saved_LDFLAGS="$LDFLAGS" 214 CFLAGS="$CFLAGS $t -Werror" 215 LDFLAGS="$LDFLAGS $t -Werror" 216 AC_LINK_IFELSE( 217 [AC_LANG_PROGRAM([[ 218 #include <stdio.h> 219 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 220 ]], 221 [[ 222 char x[256]; 223 snprintf(x, sizeof(x), "XXX%d", func(1)); 224 ]])], 225 [ AC_MSG_RESULT([yes]) 226 CFLAGS="$saved_CFLAGS $t" 227 LDFLAGS="$saved_LDFLAGS $t" 228 AC_MSG_CHECKING([if $t works]) 229 AC_RUN_IFELSE( 230 [AC_LANG_PROGRAM([[ 231 #include <stdio.h> 232 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 233 ]], 234 [[ 235 char x[256]; 236 snprintf(x, sizeof(x), "XXX%d", func(1)); 237 ]])], 238 [ AC_MSG_RESULT([yes]) 239 break ], 240 [ AC_MSG_RESULT([no]) ], 241 [ AC_MSG_WARN([cross compiling: cannot test]) 242 break ] 243 ) 244 ], 245 [ AC_MSG_RESULT([no]) ] 246 ) 247 CFLAGS="$saved_CFLAGS" 248 LDFLAGS="$saved_LDFLAGS" 249 done 250 fi 251 252 if test -z "$have_llong_max"; then 253 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 254 unset ac_cv_have_decl_LLONG_MAX 255 saved_CFLAGS="$CFLAGS" 256 CFLAGS="$CFLAGS -std=gnu99" 257 AC_CHECK_DECL([LLONG_MAX], 258 [have_llong_max=1], 259 [CFLAGS="$saved_CFLAGS"], 260 [#include <limits.h>] 261 ) 262 fi 263fi 264 265AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 266AC_COMPILE_IFELSE( 267 [AC_LANG_PROGRAM([[ 268#include <stdlib.h> 269__attribute__((__unused__)) static void foo(void){return;}]], 270 [[ exit(0); ]])], 271 [ AC_MSG_RESULT([yes]) ], 272 [ AC_MSG_RESULT([no]) 273 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 274 [compiler does not accept __attribute__ on return types]) ] 275) 276 277AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 278AC_COMPILE_IFELSE( 279 [AC_LANG_PROGRAM([[ 280#include <stdlib.h> 281typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 282 [[ exit(0); ]])], 283 [ AC_MSG_RESULT([yes]) ], 284 [ AC_MSG_RESULT([no]) 285 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 286 [compiler does not accept __attribute__ on prototype args]) ] 287) 288 289if test "x$no_attrib_nonnull" != "x1" ; then 290 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 291fi 292 293AC_ARG_WITH([rpath], 294 [ --without-rpath Disable auto-added -R linker paths], 295 [ 296 if test "x$withval" = "xno" ; then 297 rpath_opt="" 298 elif test "x$withval" = "xyes" ; then 299 rpath_opt="-R" 300 else 301 rpath_opt="$withval" 302 fi 303 ] 304) 305 306# Allow user to specify flags 307AC_ARG_WITH([cflags], 308 [ --with-cflags Specify additional flags to pass to compiler], 309 [ 310 if test -n "$withval" && test "x$withval" != "xno" && \ 311 test "x${withval}" != "xyes"; then 312 CFLAGS="$CFLAGS $withval" 313 fi 314 ] 315) 316 317AC_ARG_WITH([cflags-after], 318 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 319 [ 320 if test -n "$withval" && test "x$withval" != "xno" && \ 321 test "x${withval}" != "xyes"; then 322 CFLAGS_AFTER="$withval" 323 fi 324 ] 325) 326AC_ARG_WITH([cppflags], 327 [ --with-cppflags Specify additional flags to pass to preprocessor] , 328 [ 329 if test -n "$withval" && test "x$withval" != "xno" && \ 330 test "x${withval}" != "xyes"; then 331 CPPFLAGS="$CPPFLAGS $withval" 332 fi 333 ] 334) 335AC_ARG_WITH([ldflags], 336 [ --with-ldflags Specify additional flags to pass to linker], 337 [ 338 if test -n "$withval" && test "x$withval" != "xno" && \ 339 test "x${withval}" != "xyes"; then 340 LDFLAGS="$LDFLAGS $withval" 341 fi 342 ] 343) 344AC_ARG_WITH([ldflags-after], 345 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 346 [ 347 if test -n "$withval" && test "x$withval" != "xno" && \ 348 test "x${withval}" != "xyes"; then 349 LDFLAGS_AFTER="$withval" 350 fi 351 ] 352) 353AC_ARG_WITH([libs], 354 [ --with-libs Specify additional libraries to link with], 355 [ 356 if test -n "$withval" && test "x$withval" != "xno" && \ 357 test "x${withval}" != "xyes"; then 358 LIBS="$LIBS $withval" 359 fi 360 ] 361) 362AC_ARG_WITH([Werror], 363 [ --with-Werror Build main code with -Werror], 364 [ 365 if test -n "$withval" && test "x$withval" != "xno"; then 366 werror_flags="-Werror" 367 if test "x${withval}" != "xyes"; then 368 werror_flags="$withval" 369 fi 370 fi 371 ] 372) 373 374AC_CHECK_HEADERS([ \ 375 blf.h \ 376 bstring.h \ 377 crypt.h \ 378 crypto/sha2.h \ 379 dirent.h \ 380 endian.h \ 381 elf.h \ 382 err.h \ 383 features.h \ 384 fcntl.h \ 385 floatingpoint.h \ 386 fnmatch.h \ 387 getopt.h \ 388 glob.h \ 389 ia.h \ 390 iaf.h \ 391 ifaddrs.h \ 392 inttypes.h \ 393 langinfo.h \ 394 limits.h \ 395 locale.h \ 396 login.h \ 397 maillock.h \ 398 ndir.h \ 399 net/if_tun.h \ 400 netdb.h \ 401 netgroup.h \ 402 pam/pam_appl.h \ 403 paths.h \ 404 poll.h \ 405 pty.h \ 406 readpassphrase.h \ 407 rpc/types.h \ 408 security/pam_appl.h \ 409 sha2.h \ 410 shadow.h \ 411 stddef.h \ 412 stdint.h \ 413 string.h \ 414 strings.h \ 415 sys/bitypes.h \ 416 sys/byteorder.h \ 417 sys/bsdtty.h \ 418 sys/cdefs.h \ 419 sys/dir.h \ 420 sys/file.h \ 421 sys/mman.h \ 422 sys/label.h \ 423 sys/ndir.h \ 424 sys/poll.h \ 425 sys/prctl.h \ 426 sys/pstat.h \ 427 sys/ptrace.h \ 428 sys/random.h \ 429 sys/select.h \ 430 sys/stat.h \ 431 sys/stream.h \ 432 sys/stropts.h \ 433 sys/strtio.h \ 434 sys/statvfs.h \ 435 sys/sysmacros.h \ 436 sys/time.h \ 437 sys/timers.h \ 438 sys/vfs.h \ 439 time.h \ 440 tmpdir.h \ 441 ttyent.h \ 442 ucred.h \ 443 unistd.h \ 444 usersec.h \ 445 util.h \ 446 utime.h \ 447 utmp.h \ 448 utmpx.h \ 449 vis.h \ 450 wchar.h \ 451]) 452 453# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 454# to be included first. 455AC_CHECK_HEADERS([sys/audit.h], [], [], [ 456#ifdef HAVE_SYS_TIME_H 457# include <sys/time.h> 458#endif 459#ifdef HAVE_SYS_TYPES_H 460# include <sys/types.h> 461#endif 462#ifdef HAVE_SYS_LABEL_H 463# include <sys/label.h> 464#endif 465]) 466 467# sys/capsicum.h requires sys/types.h 468AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ 469#ifdef HAVE_SYS_TYPES_H 470# include <sys/types.h> 471#endif 472]) 473 474# net/route.h requires sys/socket.h and sys/types.h. 475# sys/sysctl.h also requires sys/param.h 476AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 477#ifdef HAVE_SYS_TYPES_H 478# include <sys/types.h> 479#endif 480#include <sys/param.h> 481#include <sys/socket.h> 482]) 483 484# lastlog.h requires sys/time.h to be included first on Solaris 485AC_CHECK_HEADERS([lastlog.h], [], [], [ 486#ifdef HAVE_SYS_TIME_H 487# include <sys/time.h> 488#endif 489]) 490 491# sys/ptms.h requires sys/stream.h to be included first on Solaris 492AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 493#ifdef HAVE_SYS_STREAM_H 494# include <sys/stream.h> 495#endif 496]) 497 498# login_cap.h requires sys/types.h on NetBSD 499AC_CHECK_HEADERS([login_cap.h], [], [], [ 500#include <sys/types.h> 501]) 502 503# older BSDs need sys/param.h before sys/mount.h 504AC_CHECK_HEADERS([sys/mount.h], [], [], [ 505#include <sys/param.h> 506]) 507 508# Android requires sys/socket.h to be included before sys/un.h 509AC_CHECK_HEADERS([sys/un.h], [], [], [ 510#include <sys/types.h> 511#include <sys/socket.h> 512]) 513 514# Messages for features tested for in target-specific section 515SIA_MSG="no" 516SPC_MSG="no" 517SP_MSG="no" 518SPP_MSG="no" 519 520# Support for Solaris/Illumos privileges (this test is used by both 521# the --with-solaris-privs option and --with-sandbox=solaris). 522SOLARIS_PRIVS="no" 523 524AC_CHECK_SIZEOF([size_t]) 525 526# Check for some target-specific stuff 527case "$host" in 528*-*-aix*) 529 # Some versions of VAC won't allow macro redefinitions at 530 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 531 # particularly with older versions of vac or xlc. 532 # It also throws errors about null macro arguments, but these are 533 # not fatal. 534 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 535 AC_COMPILE_IFELSE( 536 [AC_LANG_PROGRAM([[ 537#define testmacro foo 538#define testmacro bar]], 539 [[ exit(0); ]])], 540 [ AC_MSG_RESULT([yes]) ], 541 [ AC_MSG_RESULT([no]) 542 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 543 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 544 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 545 ] 546 ) 547 548 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 549 if (test -z "$blibpath"); then 550 blibpath="/usr/lib:/lib" 551 fi 552 saved_LDFLAGS="$LDFLAGS" 553 if test "$GCC" = "yes"; then 554 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 555 else 556 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 557 fi 558 for tryflags in $flags ;do 559 if (test -z "$blibflags"); then 560 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 561 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 562 [blibflags=$tryflags], []) 563 fi 564 done 565 if (test -z "$blibflags"); then 566 AC_MSG_RESULT([not found]) 567 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 568 else 569 AC_MSG_RESULT([$blibflags]) 570 fi 571 LDFLAGS="$saved_LDFLAGS" 572 dnl Check for authenticate. Might be in libs.a on older AIXes 573 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 574 [Define if you want to enable AIX4's authenticate function])], 575 [AC_CHECK_LIB([s], [authenticate], 576 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 577 LIBS="$LIBS -ls" 578 ]) 579 ]) 580 dnl Check for various auth function declarations in headers. 581 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 582 passwdexpired, setauthdb], , , [#include <usersec.h>]) 583 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 584 AC_CHECK_DECLS([loginfailed], 585 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 586 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 587 [[ (void)loginfailed("user","host","tty",0); ]])], 588 [AC_MSG_RESULT([yes]) 589 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 590 [Define if your AIX loginfailed() function 591 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 592 ])], 593 [], 594 [#include <usersec.h>] 595 ) 596 AC_CHECK_FUNCS([getgrset setauthdb]) 597 AC_CHECK_DECL([F_CLOSEM], 598 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 599 [], 600 [ #include <limits.h> 601 #include <fcntl.h> ] 602 ) 603 check_for_aix_broken_getaddrinfo=1 604 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 605 [Define if your platform breaks doing a seteuid before a setuid]) 606 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 607 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 608 dnl AIX handles lastlog as part of its login message 609 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 610 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 611 [Some systems need a utmpx entry for /bin/login to work]) 612 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 613 [Define to a Set Process Title type if your system is 614 supported by bsd-setproctitle.c]) 615 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 616 [AIX 5.2 and 5.3 (and presumably newer) require this]) 617 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 618 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 619 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 620 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 621 ;; 622*-*-android*) 623 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 624 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 625 ;; 626*-*-cygwin*) 627 check_for_libcrypt_later=1 628 LIBS="$LIBS /usr/lib/textreadmode.o" 629 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 630 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 631 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 632 [Define to disable UID restoration test]) 633 AC_DEFINE([DISABLE_SHADOW], [1], 634 [Define if you want to disable shadow passwords]) 635 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 636 [Define if X11 doesn't support AF_UNIX sockets on that system]) 637 AC_DEFINE([DISABLE_FD_PASSING], [1], 638 [Define if your platform needs to skip post auth 639 file descriptor passing]) 640 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 641 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 642 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 643 # reasons which cause compile warnings, so we disable those warnings. 644 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 645 ;; 646*-*-dgux*) 647 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 648 [Define if your system choked on IP TOS setting]) 649 AC_DEFINE([SETEUID_BREAKS_SETUID]) 650 AC_DEFINE([BROKEN_SETREUID]) 651 AC_DEFINE([BROKEN_SETREGID]) 652 ;; 653*-*-darwin*) 654 use_pie=auto 655 AC_MSG_CHECKING([if we have working getaddrinfo]) 656 AC_RUN_IFELSE([AC_LANG_SOURCE([[ 657#include <mach-o/dyld.h> 658#include <stdlib.h> 659main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 660 exit(0); 661 else 662 exit(1); 663} 664 ]])], 665 [AC_MSG_RESULT([working])], 666 [AC_MSG_RESULT([buggy]) 667 AC_DEFINE([BROKEN_GETADDRINFO], [1], 668 [getaddrinfo is broken (if present)]) 669 ], 670 [AC_MSG_RESULT([assume it is working])]) 671 AC_DEFINE([SETEUID_BREAKS_SETUID]) 672 AC_DEFINE([BROKEN_SETREUID]) 673 AC_DEFINE([BROKEN_SETREGID]) 674 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 675 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 676 [Define if your resolver libs need this for getrrsetbyname]) 677 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 678 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 679 [Use tunnel device compatibility to OpenBSD]) 680 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 681 [Prepend the address family to IP tunnel traffic]) 682 m4_pattern_allow([AU_IPv]) 683 AC_CHECK_DECL([AU_IPv4], [], 684 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 685 [#include <bsm/audit.h>] 686 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 687 [Define if pututxline updates lastlog too]) 688 ) 689 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 690 [Define to a Set Process Title type if your system is 691 supported by bsd-setproctitle.c]) 692 AC_CHECK_FUNCS([sandbox_init]) 693 AC_CHECK_HEADERS([sandbox.h]) 694 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 695 SSHDLIBS="$SSHDLIBS -lsandbox" 696 ]) 697 # proc_pidinfo()-based closefrom() replacement. 698 AC_CHECK_HEADERS([libproc.h]) 699 AC_CHECK_FUNCS([proc_pidinfo]) 700 ;; 701*-*-dragonfly*) 702 SSHDLIBS="$SSHDLIBS -lcrypt" 703 TEST_MALLOC_OPTIONS="AFGJPRX" 704 ;; 705*-*-haiku*) 706 LIBS="$LIBS -lbsd " 707 CFLAGS="$CFLAGS -D_BSD_SOURCE" 708 AC_CHECK_LIB([network], [socket]) 709 AC_DEFINE([HAVE_U_INT64_T]) 710 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 711 MANTYPE=man 712 ;; 713*-*-hpux*) 714 # first we define all of the options common to all HP-UX releases 715 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 716 IPADDR_IN_DISPLAY=yes 717 AC_DEFINE([USE_PIPES]) 718 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 719 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 720 [String used in /etc/passwd to denote locked account]) 721 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 722 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 723 maildir="/var/mail" 724 LIBS="$LIBS -lsec" 725 AC_CHECK_LIB([xnet], [t_error], , 726 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 727 728 # next, we define all of the options specific to major releases 729 case "$host" in 730 *-*-hpux10*) 731 if test -z "$GCC"; then 732 CFLAGS="$CFLAGS -Ae" 733 fi 734 ;; 735 *-*-hpux11*) 736 AC_DEFINE([PAM_SUN_CODEBASE], [1], 737 [Define if you are using Solaris-derived PAM which 738 passes pam_messages to the conversation function 739 with an extra level of indirection]) 740 AC_DEFINE([DISABLE_UTMP], [1], 741 [Define if you don't want to use utmp]) 742 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 743 check_for_hpux_broken_getaddrinfo=1 744 check_for_conflicting_getspnam=1 745 ;; 746 esac 747 748 # lastly, we define options specific to minor releases 749 case "$host" in 750 *-*-hpux10.26) 751 AC_DEFINE([HAVE_SECUREWARE], [1], 752 [Define if you have SecureWare-based 753 protected password database]) 754 disable_ptmx_check=yes 755 LIBS="$LIBS -lsecpw" 756 ;; 757 esac 758 ;; 759*-*-irix5*) 760 PATH="$PATH:/usr/etc" 761 AC_DEFINE([BROKEN_INET_NTOA], [1], 762 [Define if you system's inet_ntoa is busted 763 (e.g. Irix gcc issue)]) 764 AC_DEFINE([SETEUID_BREAKS_SETUID]) 765 AC_DEFINE([BROKEN_SETREUID]) 766 AC_DEFINE([BROKEN_SETREGID]) 767 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 768 [Define if you shouldn't strip 'tty' from your 769 ttyname in [uw]tmp]) 770 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 771 ;; 772*-*-irix6*) 773 PATH="$PATH:/usr/etc" 774 AC_DEFINE([WITH_IRIX_ARRAY], [1], 775 [Define if you have/want arrays 776 (cluster-wide session management, not C arrays)]) 777 AC_DEFINE([WITH_IRIX_PROJECT], [1], 778 [Define if you want IRIX project management]) 779 AC_DEFINE([WITH_IRIX_AUDIT], [1], 780 [Define if you want IRIX audit trails]) 781 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 782 [Define if you want IRIX kernel jobs])]) 783 AC_DEFINE([BROKEN_INET_NTOA]) 784 AC_DEFINE([SETEUID_BREAKS_SETUID]) 785 AC_DEFINE([BROKEN_SETREUID]) 786 AC_DEFINE([BROKEN_SETREGID]) 787 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 788 AC_DEFINE([WITH_ABBREV_NO_TTY]) 789 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 790 ;; 791*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 792 check_for_libcrypt_later=1 793 AC_DEFINE([PAM_TTY_KLUDGE]) 794 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 795 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 796 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 797 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 798 ;; 799*-*-linux*) 800 no_dev_ptmx=1 801 use_pie=auto 802 check_for_libcrypt_later=1 803 check_for_openpty_ctty_bug=1 804 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 805 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 806 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" 807 AC_DEFINE([PAM_TTY_KLUDGE], [1], 808 [Work around problematic Linux PAM modules handling of PAM_TTY]) 809 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 810 [String used in /etc/passwd to denote locked account]) 811 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 812 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 813 [Define to whatever link() returns for "not supported" 814 if it doesn't return EOPNOTSUPP.]) 815 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 816 AC_DEFINE([USE_BTMP]) 817 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 818 inet6_default_4in6=yes 819 case `uname -r` in 820 1.*|2.0.*) 821 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 822 [Define if cmsg_type is not passed correctly]) 823 ;; 824 esac 825 # tun(4) forwarding compat code 826 AC_CHECK_HEADERS([linux/if_tun.h]) 827 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 828 AC_DEFINE([SSH_TUN_LINUX], [1], 829 [Open tunnel devices the Linux tun/tap way]) 830 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 831 [Use tunnel device compatibility to OpenBSD]) 832 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 833 [Prepend the address family to IP tunnel traffic]) 834 fi 835 AC_CHECK_HEADER([linux/if.h], 836 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 837 [Support routing domains using Linux VRF]), [], [ 838#ifdef HAVE_SYS_TYPES_H 839# include <sys/types.h> 840#endif 841 ]) 842 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 843 [], [#include <linux/types.h>]) 844 # Obtain MIPS ABI 845 case "$host" in 846 mips*) 847 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 848#if _MIPS_SIM != _ABIO32 849#error 850#endif 851 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 852#if _MIPS_SIM != _ABIN32 853#error 854#endif 855 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 856#if _MIPS_SIM != _ABI64 857#error 858#endif 859 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 860 ]) 861 ]) 862 ]) 863 ;; 864 esac 865 AC_MSG_CHECKING([for seccomp architecture]) 866 seccomp_audit_arch= 867 case "$host" in 868 x86_64-*) 869 seccomp_audit_arch=AUDIT_ARCH_X86_64 870 # X32: AMD64 instructions in 32bit address space. 871 if test "x$ac_cv_sizeof_size_t" = "x4" ; then 872 seccomp_audit_arch=AUDIT_ARCH_I386 873 fi 874 ;; 875 i*86-*) 876 seccomp_audit_arch=AUDIT_ARCH_I386 877 ;; 878 arm*-*) 879 seccomp_audit_arch=AUDIT_ARCH_ARM 880 ;; 881 aarch64*-*) 882 seccomp_audit_arch=AUDIT_ARCH_AARCH64 883 ;; 884 s390x-*) 885 seccomp_audit_arch=AUDIT_ARCH_S390X 886 ;; 887 s390-*) 888 seccomp_audit_arch=AUDIT_ARCH_S390 889 ;; 890 powerpc64-*) 891 seccomp_audit_arch=AUDIT_ARCH_PPC64 892 ;; 893 powerpc64le-*) 894 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 895 ;; 896 mips-*) 897 seccomp_audit_arch=AUDIT_ARCH_MIPS 898 ;; 899 mipsel-*) 900 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 901 ;; 902 mips64-*) 903 case "$mips_abi" in 904 "n32") 905 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 906 ;; 907 "n64") 908 seccomp_audit_arch=AUDIT_ARCH_MIPS64 909 ;; 910 esac 911 ;; 912 mips64el-*) 913 case "$mips_abi" in 914 "n32") 915 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 916 ;; 917 "n64") 918 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 919 ;; 920 esac 921 ;; 922 riscv64-*) 923 seccomp_audit_arch=AUDIT_ARCH_RISCV64 924 ;; 925 esac 926 if test "x$seccomp_audit_arch" != "x" ; then 927 AC_MSG_RESULT(["$seccomp_audit_arch"]) 928 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 929 [Specify the system call convention in use]) 930 else 931 AC_MSG_RESULT([architecture not supported]) 932 fi 933 ;; 934mips-sony-bsd|mips-sony-newsos4) 935 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 936 SONY=1 937 ;; 938*-*-netbsd*) 939 check_for_libcrypt_before=1 940 if test "x$withval" != "xno" ; then 941 rpath_opt="-R" 942 fi 943 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 944 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 945 AC_CHECK_HEADER([net/if_tap.h], , 946 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 947 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 948 [Prepend the address family to IP tunnel traffic]) 949 TEST_MALLOC_OPTIONS="AJRX" 950 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 951 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 952 ;; 953*-*-freebsd*) 954 check_for_libcrypt_later=1 955 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 956 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 957 AC_CHECK_HEADER([net/if_tap.h], , 958 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 959 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 960 TEST_MALLOC_OPTIONS="AJRX" 961 # Preauth crypto occasionally uses file descriptors for crypto offload 962 # and will crash if they cannot be opened. 963 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 964 [define if setrlimit RLIMIT_NOFILE breaks things]) 965 ;; 966*-*-bsdi*) 967 AC_DEFINE([SETEUID_BREAKS_SETUID]) 968 AC_DEFINE([BROKEN_SETREUID]) 969 AC_DEFINE([BROKEN_SETREGID]) 970 ;; 971*-next-*) 972 conf_lastlog_location="/usr/adm/lastlog" 973 conf_utmp_location=/etc/utmp 974 conf_wtmp_location=/usr/adm/wtmp 975 maildir=/usr/spool/mail 976 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 977 AC_DEFINE([USE_PIPES]) 978 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 979 ;; 980*-*-openbsd*) 981 use_pie=auto 982 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 983 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 984 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 985 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 986 [syslog_r function is safe to use in in a signal handler]) 987 TEST_MALLOC_OPTIONS="AFGJPRX" 988 ;; 989*-*-solaris*) 990 if test "x$withval" != "xno" ; then 991 rpath_opt="-R" 992 fi 993 AC_DEFINE([PAM_SUN_CODEBASE]) 994 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 995 AC_DEFINE([PAM_TTY_KLUDGE]) 996 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 997 [Define if pam_chauthtok wants real uid set 998 to the unpriv'ed user]) 999 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1000 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 1001 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 1002 [Define if sshd somehow reacquires a controlling TTY 1003 after setsid()]) 1004 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1005 in case the name is longer than 8 chars]) 1006 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1007 external_path_file=/etc/default/login 1008 # hardwire lastlog location (can't detect it on some versions) 1009 conf_lastlog_location="/var/adm/lastlog" 1010 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1011 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1012 if test "$sol2ver" -ge 8; then 1013 AC_MSG_RESULT([yes]) 1014 AC_DEFINE([DISABLE_UTMP]) 1015 AC_DEFINE([DISABLE_WTMP], [1], 1016 [Define if you don't want to use wtmp]) 1017 else 1018 AC_MSG_RESULT([no]) 1019 fi 1020 AC_CHECK_FUNCS([setpflags]) 1021 AC_CHECK_FUNCS([setppriv]) 1022 AC_CHECK_FUNCS([priv_basicset]) 1023 AC_CHECK_HEADERS([priv.h]) 1024 AC_ARG_WITH([solaris-contracts], 1025 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1026 [ 1027 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1028 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1029 [Define if you have Solaris process contracts]) 1030 LIBS="$LIBS -lcontract" 1031 SPC_MSG="yes" ], ) 1032 ], 1033 ) 1034 AC_ARG_WITH([solaris-projects], 1035 [ --with-solaris-projects Enable Solaris projects (experimental)], 1036 [ 1037 AC_CHECK_LIB([project], [setproject], 1038 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1039 [Define if you have Solaris projects]) 1040 LIBS="$LIBS -lproject" 1041 SP_MSG="yes" ], ) 1042 ], 1043 ) 1044 AC_ARG_WITH([solaris-privs], 1045 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1046 [ 1047 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1048 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1049 "x$ac_cv_header_priv_h" = "xyes" ; then 1050 SOLARIS_PRIVS=yes 1051 AC_MSG_RESULT([found]) 1052 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1053 [Define to disable UID restoration test]) 1054 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1055 [Define if you have Solaris privileges]) 1056 SPP_MSG="yes" 1057 else 1058 AC_MSG_RESULT([not found]) 1059 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1060 fi 1061 ], 1062 ) 1063 TEST_SHELL=$SHELL # let configure find us a capable shell 1064 ;; 1065*-*-sunos4*) 1066 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1067 AC_CHECK_FUNCS([getpwanam]) 1068 AC_DEFINE([PAM_SUN_CODEBASE]) 1069 conf_utmp_location=/etc/utmp 1070 conf_wtmp_location=/var/adm/wtmp 1071 conf_lastlog_location=/var/adm/lastlog 1072 AC_DEFINE([USE_PIPES]) 1073 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1074 ;; 1075*-ncr-sysv*) 1076 LIBS="$LIBS -lc89" 1077 AC_DEFINE([USE_PIPES]) 1078 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1079 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1080 AC_DEFINE([BROKEN_SETREUID]) 1081 AC_DEFINE([BROKEN_SETREGID]) 1082 ;; 1083*-sni-sysv*) 1084 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1085 AC_CHECK_LIB([dl], [dlsym], ,) 1086 # -lresolv needs to be at the end of LIBS or DNS lookups break 1087 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1088 IPADDR_IN_DISPLAY=yes 1089 AC_DEFINE([USE_PIPES]) 1090 AC_DEFINE([IP_TOS_IS_BROKEN]) 1091 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1092 AC_DEFINE([BROKEN_SETREUID]) 1093 AC_DEFINE([BROKEN_SETREGID]) 1094 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1095 external_path_file=/etc/default/login 1096 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1097 # Attention: always take care to bind libsocket and libnsl before libc, 1098 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1099 ;; 1100# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1101*-*-sysv4.2*) 1102 AC_DEFINE([USE_PIPES]) 1103 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1104 AC_DEFINE([BROKEN_SETREUID]) 1105 AC_DEFINE([BROKEN_SETREGID]) 1106 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1107 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1108 TEST_SHELL=$SHELL # let configure find us a capable shell 1109 ;; 1110# UnixWare 7.x, OpenUNIX 8 1111*-*-sysv5*) 1112 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1113 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1114 AC_DEFINE([USE_PIPES]) 1115 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1116 AC_DEFINE([BROKEN_GETADDRINFO]) 1117 AC_DEFINE([BROKEN_SETREUID]) 1118 AC_DEFINE([BROKEN_SETREGID]) 1119 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1120 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1121 TEST_SHELL=$SHELL # let configure find us a capable shell 1122 check_for_libcrypt_later=1 1123 case "$host" in 1124 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1125 maildir=/var/spool/mail 1126 AC_DEFINE([BROKEN_UPDWTMPX]) 1127 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1128 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1129 ], , ) 1130 ;; 1131 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1132 ;; 1133 esac 1134 ;; 1135*-*-sysv*) 1136 ;; 1137# SCO UNIX and OEM versions of SCO UNIX 1138*-*-sco3.2v4*) 1139 AC_MSG_ERROR("This Platform is no longer supported.") 1140 ;; 1141# SCO OpenServer 5.x 1142*-*-sco3.2v5*) 1143 if test -z "$GCC"; then 1144 CFLAGS="$CFLAGS -belf" 1145 fi 1146 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1147 no_dev_ptmx=1 1148 AC_DEFINE([USE_PIPES]) 1149 AC_DEFINE([HAVE_SECUREWARE]) 1150 AC_DEFINE([DISABLE_SHADOW]) 1151 AC_DEFINE([DISABLE_FD_PASSING]) 1152 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1153 AC_DEFINE([BROKEN_GETADDRINFO]) 1154 AC_DEFINE([BROKEN_SETREUID]) 1155 AC_DEFINE([BROKEN_SETREGID]) 1156 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1157 AC_DEFINE([BROKEN_UPDWTMPX]) 1158 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1159 AC_CHECK_FUNCS([getluid setluid]) 1160 MANTYPE=man 1161 TEST_SHELL=$SHELL # let configure find us a capable shell 1162 SKIP_DISABLE_LASTLOG_DEFINE=yes 1163 ;; 1164*-dec-osf*) 1165 AC_MSG_CHECKING([for Digital Unix SIA]) 1166 no_osfsia="" 1167 AC_ARG_WITH([osfsia], 1168 [ --with-osfsia Enable Digital Unix SIA], 1169 [ 1170 if test "x$withval" = "xno" ; then 1171 AC_MSG_RESULT([disabled]) 1172 no_osfsia=1 1173 fi 1174 ], 1175 ) 1176 if test -z "$no_osfsia" ; then 1177 if test -f /etc/sia/matrix.conf; then 1178 AC_MSG_RESULT([yes]) 1179 AC_DEFINE([HAVE_OSF_SIA], [1], 1180 [Define if you have Digital Unix Security 1181 Integration Architecture]) 1182 AC_DEFINE([DISABLE_LOGIN], [1], 1183 [Define if you don't want to use your 1184 system's login() call]) 1185 AC_DEFINE([DISABLE_FD_PASSING]) 1186 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1187 SIA_MSG="yes" 1188 else 1189 AC_MSG_RESULT([no]) 1190 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1191 [String used in /etc/passwd to denote locked account]) 1192 fi 1193 fi 1194 AC_DEFINE([BROKEN_GETADDRINFO]) 1195 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1196 AC_DEFINE([BROKEN_SETREUID]) 1197 AC_DEFINE([BROKEN_SETREGID]) 1198 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1199 ;; 1200 1201*-*-nto-qnx*) 1202 AC_DEFINE([USE_PIPES]) 1203 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1204 AC_DEFINE([DISABLE_LASTLOG]) 1205 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1206 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1207 enable_etc_default_login=no # has incompatible /etc/default/login 1208 case "$host" in 1209 *-*-nto-qnx6*) 1210 AC_DEFINE([DISABLE_FD_PASSING]) 1211 ;; 1212 esac 1213 ;; 1214 1215*-*-ultrix*) 1216 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1217 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1218 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1219 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1220 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1221 # don't get a controlling tty. 1222 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1223 # On Ultrix some headers are not protected against multiple includes, 1224 # so we create wrappers and put it where the compiler will find it. 1225 AC_MSG_WARN([creating compat wrappers for headers]) 1226 mkdir -p netinet 1227 for header in netinet/ip.h netdb.h resolv.h; do 1228 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1229 cat >$header <<EOD 1230#ifndef _SSH_COMPAT_${name} 1231#define _SSH_COMPAT_${name} 1232#include "/usr/include/${header}" 1233#endif 1234EOD 1235 done 1236 ;; 1237 1238*-*-lynxos) 1239 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1240 AC_DEFINE([BROKEN_SETVBUF], [1], 1241 [LynxOS has broken setvbuf() implementation]) 1242 ;; 1243esac 1244 1245AC_MSG_CHECKING([compiler and flags for sanity]) 1246AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])], 1247 [ AC_MSG_RESULT([yes]) ], 1248 [ 1249 AC_MSG_RESULT([no]) 1250 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1251 ], 1252 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1253) 1254 1255dnl Checks for header files. 1256# Checks for libraries. 1257AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1258 1259dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1260AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1261 AC_CHECK_LIB([gen], [dirname], [ 1262 AC_CACHE_CHECK([for broken dirname], 1263 ac_cv_have_broken_dirname, [ 1264 save_LIBS="$LIBS" 1265 LIBS="$LIBS -lgen" 1266 AC_RUN_IFELSE( 1267 [AC_LANG_SOURCE([[ 1268#include <libgen.h> 1269#include <string.h> 1270#include <stdlib.h> 1271 1272int main(int argc, char **argv) { 1273 char *s, buf[32]; 1274 1275 strncpy(buf,"/etc", 32); 1276 s = dirname(buf); 1277 if (!s || strncmp(s, "/", 32) != 0) { 1278 exit(1); 1279 } else { 1280 exit(0); 1281 } 1282} 1283 ]])], 1284 [ ac_cv_have_broken_dirname="no" ], 1285 [ ac_cv_have_broken_dirname="yes" ], 1286 [ ac_cv_have_broken_dirname="no" ], 1287 ) 1288 LIBS="$save_LIBS" 1289 ]) 1290 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1291 LIBS="$LIBS -lgen" 1292 AC_DEFINE([HAVE_DIRNAME]) 1293 AC_CHECK_HEADERS([libgen.h]) 1294 fi 1295 ]) 1296]) 1297 1298AC_CHECK_FUNC([getspnam], , 1299 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1300AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1301 [Define if you have the basename function.])]) 1302 1303dnl zlib defaults to enabled 1304zlib=yes 1305AC_ARG_WITH([zlib], 1306 [ --with-zlib=PATH Use zlib in PATH], 1307 [ if test "x$withval" = "xno" ; then 1308 zlib=no 1309 elif test "x$withval" != "xyes"; then 1310 if test -d "$withval/lib"; then 1311 if test -n "${rpath_opt}"; then 1312 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1313 else 1314 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1315 fi 1316 else 1317 if test -n "${rpath_opt}"; then 1318 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1319 else 1320 LDFLAGS="-L${withval} ${LDFLAGS}" 1321 fi 1322 fi 1323 if test -d "$withval/include"; then 1324 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1325 else 1326 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1327 fi 1328 fi ] 1329) 1330 1331AC_MSG_CHECKING([for zlib]) 1332if test "x${zlib}" = "xno"; then 1333 AC_MSG_RESULT([no]) 1334else 1335 AC_MSG_RESULT([yes]) 1336 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1337 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1338 AC_CHECK_LIB([z], [deflate], , 1339 [ 1340 saved_CPPFLAGS="$CPPFLAGS" 1341 saved_LDFLAGS="$LDFLAGS" 1342 save_LIBS="$LIBS" 1343 dnl Check default zlib install dir 1344 if test -n "${rpath_opt}"; then 1345 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1346 else 1347 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1348 fi 1349 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1350 LIBS="$LIBS -lz" 1351 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1352 [ 1353 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1354 ] 1355 ) 1356 ] 1357 ) 1358 1359 AC_ARG_WITH([zlib-version-check], 1360 [ --without-zlib-version-check Disable zlib version check], 1361 [ if test "x$withval" = "xno" ; then 1362 zlib_check_nonfatal=1 1363 fi 1364 ] 1365 ) 1366 1367 AC_MSG_CHECKING([for possibly buggy zlib]) 1368 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1369#include <stdio.h> 1370#include <stdlib.h> 1371#include <zlib.h> 1372 ]], 1373 [[ 1374 int a=0, b=0, c=0, d=0, n, v; 1375 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1376 if (n != 3 && n != 4) 1377 exit(1); 1378 v = a*1000000 + b*10000 + c*100 + d; 1379 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1380 1381 /* 1.1.4 is OK */ 1382 if (a == 1 && b == 1 && c >= 4) 1383 exit(0); 1384 1385 /* 1.2.3 and up are OK */ 1386 if (v >= 1020300) 1387 exit(0); 1388 1389 exit(2); 1390 ]])], 1391 AC_MSG_RESULT([no]), 1392 [ AC_MSG_RESULT([yes]) 1393 if test -z "$zlib_check_nonfatal" ; then 1394 AC_MSG_ERROR([*** zlib too old - check config.log *** 1395Your reported zlib version has known security problems. It's possible your 1396vendor has fixed these problems without changing the version number. If you 1397are sure this is the case, you can disable the check by running 1398"./configure --without-zlib-version-check". 1399If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1400See http://www.gzip.org/zlib/ for details.]) 1401 else 1402 AC_MSG_WARN([zlib version may have security problems]) 1403 fi 1404 ], 1405 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1406 ) 1407fi 1408 1409dnl UnixWare 2.x 1410AC_CHECK_FUNC([strcasecmp], 1411 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1412) 1413AC_CHECK_FUNCS([utimes], 1414 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1415 LIBS="$LIBS -lc89"]) ] 1416) 1417 1418dnl Checks for libutil functions 1419AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1420AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1421AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1422AC_SEARCH_LIBS([login], [util bsd]) 1423AC_SEARCH_LIBS([logout], [util bsd]) 1424AC_SEARCH_LIBS([logwtmp], [util bsd]) 1425AC_SEARCH_LIBS([openpty], [util bsd]) 1426AC_SEARCH_LIBS([updwtmp], [util bsd]) 1427AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1428 1429# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1430# or libnsl. 1431AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1432AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1433 1434# "Particular Function Checks" 1435# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1436AC_FUNC_STRFTIME 1437AC_FUNC_MALLOC 1438AC_FUNC_REALLOC 1439# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1440AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1441AC_RUN_IFELSE( 1442 [AC_LANG_PROGRAM( 1443 [[ #include <stdlib.h> ]], 1444 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1445 )], 1446 [ func_calloc_0_nonnull=yes ], 1447 [ func_calloc_0_nonnull=no ], 1448 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1449 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1450) 1451AC_MSG_RESULT([$func_calloc_0_nonnull]) 1452 1453if test "x$func_calloc_0_nonnull" = "xyes"; then 1454 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1455else 1456 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1457 AC_DEFINE(calloc, rpl_calloc, 1458 [Define to rpl_calloc if the replacement function should be used.]) 1459fi 1460 1461# Check for ALTDIRFUNC glob() extension 1462AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1463AC_EGREP_CPP([FOUNDIT], 1464 [ 1465 #include <glob.h> 1466 #ifdef GLOB_ALTDIRFUNC 1467 FOUNDIT 1468 #endif 1469 ], 1470 [ 1471 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1472 [Define if your system glob() function has 1473 the GLOB_ALTDIRFUNC extension]) 1474 AC_MSG_RESULT([yes]) 1475 ], 1476 [ 1477 AC_MSG_RESULT([no]) 1478 ] 1479) 1480 1481# Check for g.gl_matchc glob() extension 1482AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1483AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1484 [[ glob_t g; g.gl_matchc = 1; ]])], 1485 [ 1486 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1487 [Define if your system glob() function has 1488 gl_matchc options in glob_t]) 1489 AC_MSG_RESULT([yes]) 1490 ], [ 1491 AC_MSG_RESULT([no]) 1492]) 1493 1494# Check for g.gl_statv glob() extension 1495AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1496AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1497#ifndef GLOB_KEEPSTAT 1498#error "glob does not support GLOB_KEEPSTAT extension" 1499#endif 1500glob_t g; 1501g.gl_statv = NULL; 1502]])], 1503 [ 1504 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1505 [Define if your system glob() function has 1506 gl_statv options in glob_t]) 1507 AC_MSG_RESULT([yes]) 1508 ], [ 1509 AC_MSG_RESULT([no]) 1510 1511]) 1512 1513AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1514 1515AC_CHECK_DECL([VIS_ALL], , 1516 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1517 1518AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1519AC_RUN_IFELSE( 1520 [AC_LANG_PROGRAM([[ 1521#include <sys/types.h> 1522#include <dirent.h> 1523#include <stdlib.h> 1524 ]], 1525 [[ 1526 struct dirent d; 1527 exit(sizeof(d.d_name)<=sizeof(char)); 1528 ]])], 1529 [AC_MSG_RESULT([yes])], 1530 [ 1531 AC_MSG_RESULT([no]) 1532 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1533 [Define if your struct dirent expects you to 1534 allocate extra space for d_name]) 1535 ], 1536 [ 1537 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1538 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1539 ] 1540) 1541 1542AC_MSG_CHECKING([for /proc/pid/fd directory]) 1543if test -d "/proc/$$/fd" ; then 1544 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1545 AC_MSG_RESULT([yes]) 1546else 1547 AC_MSG_RESULT([no]) 1548fi 1549 1550# Check whether user wants to use ldns 1551LDNS_MSG="no" 1552AC_ARG_WITH(ldns, 1553 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1554 [ 1555 ldns="" 1556 if test "x$withval" = "xyes" ; then 1557 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1558 if test "x$LDNSCONFIG" = "xno"; then 1559 LIBS="-lldns $LIBS" 1560 ldns=yes 1561 else 1562 LIBS="$LIBS `$LDNSCONFIG --libs`" 1563 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1564 ldns=yes 1565 fi 1566 elif test "x$withval" != "xno" ; then 1567 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1568 LDFLAGS="$LDFLAGS -L${withval}/lib" 1569 LIBS="-lldns $LIBS" 1570 ldns=yes 1571 fi 1572 1573 # Verify that it works. 1574 if test "x$ldns" = "xyes" ; then 1575 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1576 LDNS_MSG="yes" 1577 AC_MSG_CHECKING([for ldns support]) 1578 AC_LINK_IFELSE( 1579 [AC_LANG_SOURCE([[ 1580#include <stdio.h> 1581#include <stdlib.h> 1582#ifdef HAVE_STDINT_H 1583# include <stdint.h> 1584#endif 1585#include <ldns/ldns.h> 1586int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1587 ]]) 1588 ], 1589 [AC_MSG_RESULT(yes)], 1590 [ 1591 AC_MSG_RESULT(no) 1592 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1593 ]) 1594 fi 1595]) 1596 1597# Check whether user wants libedit support 1598LIBEDIT_MSG="no" 1599AC_ARG_WITH([libedit], 1600 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1601 [ if test "x$withval" != "xno" ; then 1602 if test "x$withval" = "xyes" ; then 1603 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1604 if test "x$PKGCONFIG" != "xno"; then 1605 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1606 if "$PKGCONFIG" libedit; then 1607 AC_MSG_RESULT([yes]) 1608 use_pkgconfig_for_libedit=yes 1609 else 1610 AC_MSG_RESULT([no]) 1611 fi 1612 fi 1613 else 1614 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1615 if test -n "${rpath_opt}"; then 1616 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1617 else 1618 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1619 fi 1620 fi 1621 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1622 LIBEDIT=`$PKGCONFIG --libs libedit` 1623 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1624 else 1625 LIBEDIT="-ledit -lcurses" 1626 fi 1627 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1628 AC_CHECK_LIB([edit], [el_init], 1629 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1630 LIBEDIT_MSG="yes" 1631 AC_SUBST([LIBEDIT]) 1632 ], 1633 [ AC_MSG_ERROR([libedit not found]) ], 1634 [ $OTHERLIBS ] 1635 ) 1636 AC_MSG_CHECKING([if libedit version is compatible]) 1637 AC_COMPILE_IFELSE( 1638 [AC_LANG_PROGRAM([[ 1639#include <histedit.h> 1640#include <stdlib.h> 1641 ]], 1642 [[ 1643 int i = H_SETSIZE; 1644 el_init("", NULL, NULL, NULL); 1645 exit(0); 1646 ]])], 1647 [ AC_MSG_RESULT([yes]) ], 1648 [ AC_MSG_RESULT([no]) 1649 AC_MSG_ERROR([libedit version is not compatible]) ] 1650 ) 1651 fi ] 1652) 1653 1654AUDIT_MODULE=none 1655AC_ARG_WITH([audit], 1656 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1657 [ 1658 AC_MSG_CHECKING([for supported audit module]) 1659 case "$withval" in 1660 bsm) 1661 AC_MSG_RESULT([bsm]) 1662 AUDIT_MODULE=bsm 1663 dnl Checks for headers, libs and functions 1664 AC_CHECK_HEADERS([bsm/audit.h], [], 1665 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1666 [ 1667#ifdef HAVE_TIME_H 1668# include <time.h> 1669#endif 1670 ] 1671) 1672 AC_CHECK_LIB([bsm], [getaudit], [], 1673 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1674 AC_CHECK_FUNCS([getaudit], [], 1675 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1676 # These are optional 1677 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1678 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1679 if test "$sol2ver" -ge 11; then 1680 SSHDLIBS="$SSHDLIBS -lscf" 1681 AC_DEFINE([BROKEN_BSM_API], [1], 1682 [The system has incomplete BSM API]) 1683 fi 1684 ;; 1685 linux) 1686 AC_MSG_RESULT([linux]) 1687 AUDIT_MODULE=linux 1688 dnl Checks for headers, libs and functions 1689 AC_CHECK_HEADERS([libaudit.h]) 1690 SSHDLIBS="$SSHDLIBS -laudit" 1691 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1692 ;; 1693 debug) 1694 AUDIT_MODULE=debug 1695 AC_MSG_RESULT([debug]) 1696 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1697 ;; 1698 no) 1699 AC_MSG_RESULT([no]) 1700 ;; 1701 *) 1702 AC_MSG_ERROR([Unknown audit module $withval]) 1703 ;; 1704 esac ] 1705) 1706 1707AC_ARG_WITH([pie], 1708 [ --with-pie Build Position Independent Executables if possible], [ 1709 if test "x$withval" = "xno"; then 1710 use_pie=no 1711 fi 1712 if test "x$withval" = "xyes"; then 1713 use_pie=yes 1714 fi 1715 ] 1716) 1717if test "x$use_pie" = "x"; then 1718 use_pie=no 1719fi 1720if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1721 # Turn off automatic PIE when toolchain hardening is off. 1722 use_pie=no 1723fi 1724if test "x$use_pie" = "xauto"; then 1725 # Automatic PIE requires gcc >= 4.x 1726 AC_MSG_CHECKING([for gcc >= 4.x]) 1727 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1728#if !defined(__GNUC__) || __GNUC__ < 4 1729#error gcc is too old 1730#endif 1731]])], 1732 [ AC_MSG_RESULT([yes]) ], 1733 [ AC_MSG_RESULT([no]) 1734 use_pie=no ] 1735) 1736fi 1737if test "x$use_pie" != "xno"; then 1738 SAVED_CFLAGS="$CFLAGS" 1739 SAVED_LDFLAGS="$LDFLAGS" 1740 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1741 OSSH_CHECK_LDFLAG_LINK([-pie]) 1742 # We use both -fPIE and -pie or neither. 1743 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1744 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1745 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1746 AC_MSG_RESULT([yes]) 1747 else 1748 AC_MSG_RESULT([no]) 1749 CFLAGS="$SAVED_CFLAGS" 1750 LDFLAGS="$SAVED_LDFLAGS" 1751 fi 1752fi 1753 1754AC_MSG_CHECKING([whether -fPIC is accepted]) 1755SAVED_CFLAGS="$CFLAGS" 1756CFLAGS="$CFLAGS -fPIC" 1757AC_COMPILE_IFELSE( 1758 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1759 [AC_MSG_RESULT([yes]) 1760 PICFLAG="-fPIC"; ], 1761 [AC_MSG_RESULT([no]) 1762 PICFLAG=""; ]) 1763CFLAGS="$SAVED_CFLAGS" 1764AC_SUBST([PICFLAG]) 1765 1766dnl Checks for library functions. Please keep in alphabetical order 1767AC_CHECK_FUNCS([ \ 1768 Blowfish_initstate \ 1769 Blowfish_expandstate \ 1770 Blowfish_expand0state \ 1771 Blowfish_stream2word \ 1772 SHA256Update \ 1773 SHA384Update \ 1774 SHA512Update \ 1775 asprintf \ 1776 b64_ntop \ 1777 __b64_ntop \ 1778 b64_pton \ 1779 __b64_pton \ 1780 bcopy \ 1781 bcrypt_pbkdf \ 1782 bindresvport_sa \ 1783 blf_enc \ 1784 bzero \ 1785 cap_rights_limit \ 1786 clock \ 1787 closefrom \ 1788 dirfd \ 1789 endgrent \ 1790 err \ 1791 errx \ 1792 explicit_bzero \ 1793 fchmod \ 1794 fchmodat \ 1795 fchown \ 1796 fchownat \ 1797 flock \ 1798 fnmatch \ 1799 freeaddrinfo \ 1800 freezero \ 1801 fstatfs \ 1802 fstatvfs \ 1803 futimes \ 1804 getaddrinfo \ 1805 getcwd \ 1806 getgrouplist \ 1807 getline \ 1808 getnameinfo \ 1809 getopt \ 1810 getpagesize \ 1811 getpeereid \ 1812 getpeerucred \ 1813 getpgid \ 1814 _getpty \ 1815 getrlimit \ 1816 getrandom \ 1817 getsid \ 1818 getttyent \ 1819 glob \ 1820 group_from_gid \ 1821 inet_aton \ 1822 inet_ntoa \ 1823 inet_ntop \ 1824 innetgr \ 1825 llabs \ 1826 localtime_r \ 1827 login_getcapbool \ 1828 md5_crypt \ 1829 memmem \ 1830 memmove \ 1831 memset_s \ 1832 mkdtemp \ 1833 ngetaddrinfo \ 1834 nsleep \ 1835 ogetaddrinfo \ 1836 openlog_r \ 1837 pledge \ 1838 poll \ 1839 prctl \ 1840 pstat \ 1841 raise \ 1842 readpassphrase \ 1843 reallocarray \ 1844 realpath \ 1845 recvmsg \ 1846 recallocarray \ 1847 rresvport_af \ 1848 sendmsg \ 1849 setdtablesize \ 1850 setegid \ 1851 setenv \ 1852 seteuid \ 1853 setgroupent \ 1854 setgroups \ 1855 setlinebuf \ 1856 setlogin \ 1857 setpassent\ 1858 setpcred \ 1859 setproctitle \ 1860 setregid \ 1861 setreuid \ 1862 setrlimit \ 1863 setsid \ 1864 setvbuf \ 1865 sigaction \ 1866 sigvec \ 1867 snprintf \ 1868 socketpair \ 1869 statfs \ 1870 statvfs \ 1871 strcasestr \ 1872 strdup \ 1873 strerror \ 1874 strlcat \ 1875 strlcpy \ 1876 strmode \ 1877 strndup \ 1878 strnlen \ 1879 strnvis \ 1880 strptime \ 1881 strsignal \ 1882 strtonum \ 1883 strtoll \ 1884 strtoul \ 1885 strtoull \ 1886 swap32 \ 1887 sysconf \ 1888 tcgetpgrp \ 1889 timingsafe_bcmp \ 1890 truncate \ 1891 unsetenv \ 1892 updwtmpx \ 1893 utimensat \ 1894 user_from_uid \ 1895 usleep \ 1896 vasprintf \ 1897 vsnprintf \ 1898 waitpid \ 1899 warn \ 1900]) 1901 1902AC_CHECK_DECLS([bzero, memmem]) 1903 1904dnl Wide character support. 1905AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1906 1907TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 1908AC_MSG_CHECKING([for utf8 locale support]) 1909AC_RUN_IFELSE( 1910 [AC_LANG_PROGRAM([[ 1911#include <locale.h> 1912#include <stdlib.h> 1913 ]], [[ 1914 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 1915 if (loc != NULL) 1916 exit(0); 1917 exit(1); 1918 ]])], 1919 AC_MSG_RESULT(yes), 1920 [AC_MSG_RESULT(no) 1921 TEST_SSH_UTF8=no], 1922 AC_MSG_WARN([cross compiling: assuming yes]) 1923) 1924 1925AC_LINK_IFELSE( 1926 [AC_LANG_PROGRAM( 1927 [[ #include <ctype.h> ]], 1928 [[ return (isblank('a')); ]])], 1929 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1930]) 1931 1932disable_pkcs11= 1933AC_ARG_ENABLE([pkcs11], 1934 [ --disable-pkcs11 disable PKCS#11 support code [no]], 1935 [ 1936 if test "x$enableval" = "xno" ; then 1937 disable_pkcs11=1 1938 fi 1939 ] 1940) 1941 1942disable_sk= 1943AC_ARG_ENABLE([security-key], 1944 [ --disable-security-key disable U2F/FIDO support code [no]], 1945 [ 1946 if test "x$enableval" = "xno" ; then 1947 disable_sk=1 1948 fi 1949 ] 1950) 1951enable_sk_internal= 1952AC_ARG_WITH([security-key-builtin], 1953 [ --with-security-key-builtin include builtin U2F/FIDO support], 1954 [ 1955 if test "x$withval" != "xno" ; then 1956 enable_sk_internal=yes 1957 fi 1958 ] 1959) 1960test "x$disable_sk" != "x" && enable_sk_internal="" 1961 1962AC_SEARCH_LIBS([dlopen], [dl]) 1963AC_CHECK_FUNCS([dlopen]) 1964AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 1965 1966# IRIX has a const char return value for gai_strerror() 1967AC_CHECK_FUNCS([gai_strerror], [ 1968 AC_DEFINE([HAVE_GAI_STRERROR]) 1969 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1970#include <sys/types.h> 1971#include <sys/socket.h> 1972#include <netdb.h> 1973 1974const char *gai_strerror(int); 1975 ]], [[ 1976 char *str; 1977 str = gai_strerror(0); 1978 ]])], [ 1979 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1980 [Define if gai_strerror() returns const char *])], [])]) 1981 1982AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1983 [Some systems put nanosleep outside of libc])]) 1984 1985AC_SEARCH_LIBS([clock_gettime], [rt], 1986 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1987 1988dnl check if we need -D_REENTRANT for localtime_r declaration. 1989AC_CHECK_DECL([localtime_r], [], 1990 [ saved_CPPFLAGS="$CFLAGS" 1991 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 1992 unset ac_cv_have_decl_localtime_r 1993 AC_CHECK_DECL([localtime_r], [], 1994 [ CPPFLAGS="$saved_CPPFLAGS" ], 1995 [ #include <time.h> ] 1996 ) 1997 ], 1998 [ #include <time.h> ] 1999) 2000 2001dnl Make sure prototypes are defined for these before using them. 2002AC_CHECK_DECL([strsep], 2003 [AC_CHECK_FUNCS([strsep])], 2004 [], 2005 [ 2006#ifdef HAVE_STRING_H 2007# include <string.h> 2008#endif 2009 ]) 2010 2011dnl tcsendbreak might be a macro 2012AC_CHECK_DECL([tcsendbreak], 2013 [AC_DEFINE([HAVE_TCSENDBREAK])], 2014 [AC_CHECK_FUNCS([tcsendbreak])], 2015 [#include <termios.h>] 2016) 2017 2018AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2019 2020AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2021 [ 2022#include <sys/types.h> 2023#include <sys/socket.h> 2024#include <unistd.h> 2025 ]) 2026 2027AC_CHECK_DECLS([O_NONBLOCK], , , 2028 [ 2029#include <sys/types.h> 2030#ifdef HAVE_SYS_STAT_H 2031# include <sys/stat.h> 2032#endif 2033#ifdef HAVE_FCNTL_H 2034# include <fcntl.h> 2035#endif 2036 ]) 2037 2038AC_CHECK_DECLS([readv, writev], , , [ 2039#include <sys/types.h> 2040#include <sys/uio.h> 2041#include <unistd.h> 2042 ]) 2043 2044AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2045#include <sys/param.h> 2046 ]) 2047 2048AC_CHECK_DECLS([offsetof], , , [ 2049#include <stddef.h> 2050 ]) 2051 2052# extra bits for select(2) 2053AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2054#include <sys/param.h> 2055#include <sys/types.h> 2056#ifdef HAVE_SYS_SYSMACROS_H 2057#include <sys/sysmacros.h> 2058#endif 2059#ifdef HAVE_SYS_SELECT_H 2060#include <sys/select.h> 2061#endif 2062#ifdef HAVE_SYS_TIME_H 2063#include <sys/time.h> 2064#endif 2065#ifdef HAVE_UNISTD_H 2066#include <unistd.h> 2067#endif 2068 ]]) 2069AC_CHECK_TYPES([fd_mask], [], [], [[ 2070#include <sys/param.h> 2071#include <sys/types.h> 2072#ifdef HAVE_SYS_SELECT_H 2073#include <sys/select.h> 2074#endif 2075#ifdef HAVE_SYS_TIME_H 2076#include <sys/time.h> 2077#endif 2078#ifdef HAVE_UNISTD_H 2079#include <unistd.h> 2080#endif 2081 ]]) 2082 2083AC_CHECK_FUNCS([setresuid], [ 2084 dnl Some platorms have setresuid that isn't implemented, test for this 2085 AC_MSG_CHECKING([if setresuid seems to work]) 2086 AC_RUN_IFELSE( 2087 [AC_LANG_PROGRAM([[ 2088#include <stdlib.h> 2089#include <errno.h> 2090 ]], [[ 2091 errno=0; 2092 setresuid(0,0,0); 2093 if (errno==ENOSYS) 2094 exit(1); 2095 else 2096 exit(0); 2097 ]])], 2098 [AC_MSG_RESULT([yes])], 2099 [AC_DEFINE([BROKEN_SETRESUID], [1], 2100 [Define if your setresuid() is broken]) 2101 AC_MSG_RESULT([not implemented])], 2102 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2103 ) 2104]) 2105 2106AC_CHECK_FUNCS([setresgid], [ 2107 dnl Some platorms have setresgid that isn't implemented, test for this 2108 AC_MSG_CHECKING([if setresgid seems to work]) 2109 AC_RUN_IFELSE( 2110 [AC_LANG_PROGRAM([[ 2111#include <stdlib.h> 2112#include <errno.h> 2113 ]], [[ 2114 errno=0; 2115 setresgid(0,0,0); 2116 if (errno==ENOSYS) 2117 exit(1); 2118 else 2119 exit(0); 2120 ]])], 2121 [AC_MSG_RESULT([yes])], 2122 [AC_DEFINE([BROKEN_SETRESGID], [1], 2123 [Define if your setresgid() is broken]) 2124 AC_MSG_RESULT([not implemented])], 2125 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2126 ) 2127]) 2128 2129AC_MSG_CHECKING([for working fflush(NULL)]) 2130AC_RUN_IFELSE( 2131 [AC_LANG_PROGRAM([[ 2132#include <stdio.h> 2133#include <stdlib.h> 2134 ]], 2135 [[fflush(NULL); exit(0);]])], 2136 AC_MSG_RESULT([yes]), 2137 [AC_MSG_RESULT([no]) 2138 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2139 [define if fflush(NULL) does not work])], 2140 AC_MSG_WARN([cross compiling: assuming working]) 2141) 2142 2143dnl Checks for time functions 2144AC_CHECK_FUNCS([gettimeofday time]) 2145dnl Checks for utmp functions 2146AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2147AC_CHECK_FUNCS([utmpname]) 2148dnl Checks for utmpx functions 2149AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2150AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2151dnl Checks for lastlog functions 2152AC_CHECK_FUNCS([getlastlogxbyname]) 2153 2154AC_CHECK_FUNC([daemon], 2155 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2156 [AC_CHECK_LIB([bsd], [daemon], 2157 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2158) 2159 2160AC_CHECK_FUNC([getpagesize], 2161 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2162 [Define if your libraries define getpagesize()])], 2163 [AC_CHECK_LIB([ucb], [getpagesize], 2164 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2165) 2166 2167# Check for broken snprintf 2168if test "x$ac_cv_func_snprintf" = "xyes" ; then 2169 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2170 AC_RUN_IFELSE( 2171 [AC_LANG_PROGRAM([[ 2172#include <stdio.h> 2173#include <stdlib.h> 2174 ]], 2175 [[ 2176 char b[5]; 2177 snprintf(b,5,"123456789"); 2178 exit(b[4]!='\0'); 2179 ]])], 2180 [AC_MSG_RESULT([yes])], 2181 [ 2182 AC_MSG_RESULT([no]) 2183 AC_DEFINE([BROKEN_SNPRINTF], [1], 2184 [Define if your snprintf is busted]) 2185 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2186 ], 2187 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2188 ) 2189fi 2190 2191if test "x$ac_cv_func_snprintf" = "xyes" ; then 2192 AC_MSG_CHECKING([whether snprintf understands %zu]) 2193 AC_RUN_IFELSE( 2194 [AC_LANG_PROGRAM([[ 2195#include <sys/types.h> 2196#include <stdio.h> 2197#include <stdlib.h> 2198#include <string.h> 2199 ]], 2200 [[ 2201 size_t a = 1, b = 2; 2202 char z[128]; 2203 snprintf(z, sizeof z, "%zu%zu", a, b); 2204 exit(strcmp(z, "12")); 2205 ]])], 2206 [AC_MSG_RESULT([yes])], 2207 [ 2208 AC_MSG_RESULT([no]) 2209 AC_DEFINE([BROKEN_SNPRINTF], [1], 2210 [snprintf does not understand %zu]) 2211 ], 2212 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2213 ) 2214fi 2215 2216# We depend on vsnprintf returning the right thing on overflow: the 2217# number of characters it tried to create (as per SUSv3) 2218if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2219 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2220 AC_RUN_IFELSE( 2221 [AC_LANG_PROGRAM([[ 2222#include <sys/types.h> 2223#include <stdio.h> 2224#include <stdarg.h> 2225 2226int x_snprintf(char *str, size_t count, const char *fmt, ...) 2227{ 2228 size_t ret; 2229 va_list ap; 2230 2231 va_start(ap, fmt); 2232 ret = vsnprintf(str, count, fmt, ap); 2233 va_end(ap); 2234 return ret; 2235} 2236 ]], [[ 2237char x[1]; 2238if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2239 return 1; 2240if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2241 return 1; 2242return 0; 2243 ]])], 2244 [AC_MSG_RESULT([yes])], 2245 [ 2246 AC_MSG_RESULT([no]) 2247 AC_DEFINE([BROKEN_SNPRINTF], [1], 2248 [Define if your snprintf is busted]) 2249 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2250 ], 2251 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2252 ) 2253fi 2254 2255# On systems where [v]snprintf is broken, but is declared in stdio, 2256# check that the fmt argument is const char * or just char *. 2257# This is only useful for when BROKEN_SNPRINTF 2258AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2259AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2260#include <stdio.h> 2261int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2262 ]], [[ 2263 snprintf(0, 0, 0); 2264 ]])], 2265 [AC_MSG_RESULT([yes]) 2266 AC_DEFINE([SNPRINTF_CONST], [const], 2267 [Define as const if snprintf() can declare const char *fmt])], 2268 [AC_MSG_RESULT([no]) 2269 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2270 2271# Check for missing getpeereid (or equiv) support 2272NO_PEERCHECK="" 2273if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2274 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2275 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2276#include <sys/types.h> 2277#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2278 [ AC_MSG_RESULT([yes]) 2279 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2280 ], [AC_MSG_RESULT([no]) 2281 NO_PEERCHECK=1 2282 ]) 2283fi 2284 2285dnl see whether mkstemp() requires XXXXXX 2286if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 2287AC_MSG_CHECKING([for (overly) strict mkstemp]) 2288AC_RUN_IFELSE( 2289 [AC_LANG_PROGRAM([[ 2290#include <stdlib.h> 2291#include <unistd.h> 2292 ]], [[ 2293 char template[]="conftest.mkstemp-test"; 2294 if (mkstemp(template) == -1) 2295 exit(1); 2296 unlink(template); 2297 exit(0); 2298 ]])], 2299 [ 2300 AC_MSG_RESULT([no]) 2301 ], 2302 [ 2303 AC_MSG_RESULT([yes]) 2304 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) 2305 ], 2306 [ 2307 AC_MSG_RESULT([yes]) 2308 AC_DEFINE([HAVE_STRICT_MKSTEMP]) 2309 ] 2310) 2311fi 2312 2313dnl make sure that openpty does not reacquire controlling terminal 2314if test ! -z "$check_for_openpty_ctty_bug"; then 2315 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2316 AC_RUN_IFELSE( 2317 [AC_LANG_PROGRAM([[ 2318#include <stdio.h> 2319#include <stdlib.h> 2320#include <unistd.h> 2321#include <sys/fcntl.h> 2322#include <sys/types.h> 2323#include <sys/wait.h> 2324 ]], [[ 2325 pid_t pid; 2326 int fd, ptyfd, ttyfd, status; 2327 2328 pid = fork(); 2329 if (pid < 0) { /* failed */ 2330 exit(1); 2331 } else if (pid > 0) { /* parent */ 2332 waitpid(pid, &status, 0); 2333 if (WIFEXITED(status)) 2334 exit(WEXITSTATUS(status)); 2335 else 2336 exit(2); 2337 } else { /* child */ 2338 close(0); close(1); close(2); 2339 setsid(); 2340 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2341 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2342 if (fd >= 0) 2343 exit(3); /* Acquired ctty: broken */ 2344 else 2345 exit(0); /* Did not acquire ctty: OK */ 2346 } 2347 ]])], 2348 [ 2349 AC_MSG_RESULT([yes]) 2350 ], 2351 [ 2352 AC_MSG_RESULT([no]) 2353 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2354 ], 2355 [ 2356 AC_MSG_RESULT([cross-compiling, assuming yes]) 2357 ] 2358 ) 2359fi 2360 2361if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2362 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2363 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2364 AC_RUN_IFELSE( 2365 [AC_LANG_PROGRAM([[ 2366#include <stdio.h> 2367#include <stdlib.h> 2368#include <sys/socket.h> 2369#include <netdb.h> 2370#include <errno.h> 2371#include <netinet/in.h> 2372 2373#define TEST_PORT "2222" 2374 ]], [[ 2375 int err, sock; 2376 struct addrinfo *gai_ai, *ai, hints; 2377 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2378 2379 memset(&hints, 0, sizeof(hints)); 2380 hints.ai_family = PF_UNSPEC; 2381 hints.ai_socktype = SOCK_STREAM; 2382 hints.ai_flags = AI_PASSIVE; 2383 2384 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2385 if (err != 0) { 2386 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2387 exit(1); 2388 } 2389 2390 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2391 if (ai->ai_family != AF_INET6) 2392 continue; 2393 2394 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2395 sizeof(ntop), strport, sizeof(strport), 2396 NI_NUMERICHOST|NI_NUMERICSERV); 2397 2398 if (err != 0) { 2399 if (err == EAI_SYSTEM) 2400 perror("getnameinfo EAI_SYSTEM"); 2401 else 2402 fprintf(stderr, "getnameinfo failed: %s\n", 2403 gai_strerror(err)); 2404 exit(2); 2405 } 2406 2407 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2408 if (sock < 0) 2409 perror("socket"); 2410 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2411 if (errno == EBADF) 2412 exit(3); 2413 } 2414 } 2415 exit(0); 2416 ]])], 2417 [ 2418 AC_MSG_RESULT([yes]) 2419 ], 2420 [ 2421 AC_MSG_RESULT([no]) 2422 AC_DEFINE([BROKEN_GETADDRINFO]) 2423 ], 2424 [ 2425 AC_MSG_RESULT([cross-compiling, assuming yes]) 2426 ] 2427 ) 2428fi 2429 2430if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2431 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2432 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2433 AC_RUN_IFELSE( 2434 [AC_LANG_PROGRAM([[ 2435#include <stdio.h> 2436#include <stdlib.h> 2437#include <sys/socket.h> 2438#include <netdb.h> 2439#include <errno.h> 2440#include <netinet/in.h> 2441 2442#define TEST_PORT "2222" 2443 ]], [[ 2444 int err, sock; 2445 struct addrinfo *gai_ai, *ai, hints; 2446 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2447 2448 memset(&hints, 0, sizeof(hints)); 2449 hints.ai_family = PF_UNSPEC; 2450 hints.ai_socktype = SOCK_STREAM; 2451 hints.ai_flags = AI_PASSIVE; 2452 2453 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2454 if (err != 0) { 2455 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2456 exit(1); 2457 } 2458 2459 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2460 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2461 continue; 2462 2463 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2464 sizeof(ntop), strport, sizeof(strport), 2465 NI_NUMERICHOST|NI_NUMERICSERV); 2466 2467 if (ai->ai_family == AF_INET && err != 0) { 2468 perror("getnameinfo"); 2469 exit(2); 2470 } 2471 } 2472 exit(0); 2473 ]])], 2474 [ 2475 AC_MSG_RESULT([yes]) 2476 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2477 [Define if you have a getaddrinfo that fails 2478 for the all-zeros IPv6 address]) 2479 ], 2480 [ 2481 AC_MSG_RESULT([no]) 2482 AC_DEFINE([BROKEN_GETADDRINFO]) 2483 ], 2484 [ 2485 AC_MSG_RESULT([cross-compiling, assuming no]) 2486 ] 2487 ) 2488fi 2489 2490if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2491 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2492 [#include <sys/types.h> 2493 #include <sys/socket.h> 2494 #include <netdb.h>]) 2495fi 2496 2497if test "x$check_for_conflicting_getspnam" = "x1"; then 2498 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2499 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2500#include <shadow.h> 2501#include <stdlib.h> 2502 ]], 2503 [[ exit(0); ]])], 2504 [ 2505 AC_MSG_RESULT([no]) 2506 ], 2507 [ 2508 AC_MSG_RESULT([yes]) 2509 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2510 [Conflicting defs for getspnam]) 2511 ] 2512 ) 2513fi 2514 2515dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2516dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2517dnl for over ten years). Despite this incompatibility being reported during 2518dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2519dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2520dnl implementation. Try to detect this mess, and assume the only safe option 2521dnl if we're cross compiling. 2522dnl 2523dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2524dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2525if test "x$ac_cv_func_strnvis" = "xyes"; then 2526 AC_MSG_CHECKING([for working strnvis]) 2527 AC_RUN_IFELSE( 2528 [AC_LANG_PROGRAM([[ 2529#include <signal.h> 2530#include <stdlib.h> 2531#include <string.h> 2532#include <unistd.h> 2533#include <vis.h> 2534static void sighandler(int sig) { _exit(1); } 2535 ]], [[ 2536 char dst[16]; 2537 2538 signal(SIGSEGV, sighandler); 2539 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2540 exit(0); 2541 exit(1) 2542 ]])], 2543 [AC_MSG_RESULT([yes])], 2544 [AC_MSG_RESULT([no]) 2545 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2546 [AC_MSG_WARN([cross compiling: assuming broken]) 2547 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2548 ) 2549fi 2550 2551AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2552AC_RUN_IFELSE( 2553 [AC_LANG_PROGRAM([[ 2554#ifdef HAVE_SYS_SELECT 2555# include <sys/select.h> 2556#endif 2557#include <sys/types.h> 2558#include <sys/time.h> 2559#include <stdlib.h> 2560#include <signal.h> 2561#include <unistd.h> 2562static void sighandler(int sig) { } 2563 ]], [[ 2564 int r; 2565 pid_t pid; 2566 struct sigaction sa; 2567 2568 sa.sa_handler = sighandler; 2569 sa.sa_flags = SA_RESTART; 2570 (void)sigaction(SIGTERM, &sa, NULL); 2571 if ((pid = fork()) == 0) { /* child */ 2572 pid = getppid(); 2573 sleep(1); 2574 kill(pid, SIGTERM); 2575 sleep(1); 2576 if (getppid() == pid) /* if parent did not exit, shoot it */ 2577 kill(pid, SIGKILL); 2578 exit(0); 2579 } else { /* parent */ 2580 r = select(0, NULL, NULL, NULL, NULL); 2581 } 2582 exit(r == -1 ? 0 : 1); 2583 ]])], 2584 [AC_MSG_RESULT([yes])], 2585 [AC_MSG_RESULT([no]) 2586 AC_DEFINE([NO_SA_RESTART], [1], 2587 [SA_RESTARTed signals do no interrupt select])], 2588 [AC_MSG_WARN([cross compiling: assuming yes])] 2589) 2590 2591AC_CHECK_FUNCS([getpgrp],[ 2592 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2593 AC_COMPILE_IFELSE( 2594 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2595 [ AC_MSG_RESULT([yes]) 2596 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2597 [ AC_MSG_RESULT([no]) 2598 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2599 ) 2600]) 2601 2602# Search for OpenSSL 2603saved_CPPFLAGS="$CPPFLAGS" 2604saved_LDFLAGS="$LDFLAGS" 2605AC_ARG_WITH([ssl-dir], 2606 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2607 [ 2608 if test "x$openssl" = "xno" ; then 2609 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2610 fi 2611 if test "x$withval" != "xno" ; then 2612 case "$withval" in 2613 # Relative paths 2614 ./*|../*) withval="`pwd`/$withval" 2615 esac 2616 if test -d "$withval/lib"; then 2617 if test -n "${rpath_opt}"; then 2618 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 2619 else 2620 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2621 fi 2622 elif test -d "$withval/lib64"; then 2623 if test -n "${rpath_opt}"; then 2624 LDFLAGS="-L${withval}/lib64 ${rpath_opt}${withval}/lib64 ${LDFLAGS}" 2625 else 2626 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2627 fi 2628 else 2629 if test -n "${rpath_opt}"; then 2630 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 2631 else 2632 LDFLAGS="-L${withval} ${LDFLAGS}" 2633 fi 2634 fi 2635 if test -d "$withval/include"; then 2636 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2637 else 2638 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2639 fi 2640 fi 2641 ] 2642) 2643 2644AC_ARG_WITH([openssl-header-check], 2645 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2646 [ 2647 if test "x$withval" = "xno" ; then 2648 openssl_check_nonfatal=1 2649 fi 2650 ] 2651) 2652 2653openssl_engine=no 2654AC_ARG_WITH([ssl-engine], 2655 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2656 [ 2657 if test "x$withval" != "xno" ; then 2658 if test "x$openssl" = "xno" ; then 2659 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2660 fi 2661 openssl_engine=yes 2662 fi 2663 ] 2664) 2665 2666if test "x$openssl" = "xyes" ; then 2667 LIBS="-lcrypto $LIBS" 2668 AC_TRY_LINK_FUNC([RAND_add], , 2669 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2670 AC_CHECK_HEADER([openssl/opensslv.h], , 2671 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2672 2673 # Determine OpenSSL header version 2674 AC_MSG_CHECKING([OpenSSL header version]) 2675 AC_RUN_IFELSE( 2676 [AC_LANG_PROGRAM([[ 2677 #include <stdlib.h> 2678 #include <stdio.h> 2679 #include <string.h> 2680 #include <openssl/opensslv.h> 2681 #define DATA "conftest.sslincver" 2682 ]], [[ 2683 FILE *fd; 2684 int rc; 2685 2686 fd = fopen(DATA,"w"); 2687 if(fd == NULL) 2688 exit(1); 2689 2690 if ((rc = fprintf(fd, "%08lx (%s)\n", 2691 (unsigned long)OPENSSL_VERSION_NUMBER, 2692 OPENSSL_VERSION_TEXT)) < 0) 2693 exit(1); 2694 2695 exit(0); 2696 ]])], 2697 [ 2698 ssl_header_ver=`cat conftest.sslincver` 2699 AC_MSG_RESULT([$ssl_header_ver]) 2700 ], 2701 [ 2702 AC_MSG_RESULT([not found]) 2703 AC_MSG_ERROR([OpenSSL version header not found.]) 2704 ], 2705 [ 2706 AC_MSG_WARN([cross compiling: not checking]) 2707 ] 2708 ) 2709 2710 # Determining OpenSSL library version is version dependent. 2711 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2712 2713 # Determine OpenSSL library version 2714 AC_MSG_CHECKING([OpenSSL library version]) 2715 AC_RUN_IFELSE( 2716 [AC_LANG_PROGRAM([[ 2717 #include <stdio.h> 2718 #include <stdlib.h> 2719 #include <string.h> 2720 #include <openssl/opensslv.h> 2721 #include <openssl/crypto.h> 2722 #define DATA "conftest.ssllibver" 2723 ]], [[ 2724 FILE *fd; 2725 int rc; 2726 2727 fd = fopen(DATA,"w"); 2728 if(fd == NULL) 2729 exit(1); 2730#ifndef OPENSSL_VERSION 2731# define OPENSSL_VERSION SSLEAY_VERSION 2732#endif 2733#ifndef HAVE_OPENSSL_VERSION 2734# define OpenSSL_version SSLeay_version 2735#endif 2736#ifndef HAVE_OPENSSL_VERSION_NUM 2737# define OpenSSL_version_num SSLeay 2738#endif 2739 if ((rc = fprintf(fd, "%08lx (%s)\n", 2740 (unsigned long)OpenSSL_version_num(), 2741 OpenSSL_version(OPENSSL_VERSION))) < 0) 2742 exit(1); 2743 2744 exit(0); 2745 ]])], 2746 [ 2747 ssl_library_ver=`cat conftest.ssllibver` 2748 # Check version is supported. 2749 case "$ssl_library_ver" in 2750 10000*|0*) 2751 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2752 ;; 2753 100*) ;; # 1.0.x 2754 101000[[0123456]]*) 2755 # https://github.com/openssl/openssl/pull/4613 2756 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) 2757 ;; 2758 101*) ;; # 1.1.x 2759 200*) ;; # LibreSSL 2760 300*) ;; # OpenSSL development branch. 2761 *) 2762 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) 2763 ;; 2764 esac 2765 AC_MSG_RESULT([$ssl_library_ver]) 2766 ], 2767 [ 2768 AC_MSG_RESULT([not found]) 2769 AC_MSG_ERROR([OpenSSL library not found.]) 2770 ], 2771 [ 2772 AC_MSG_WARN([cross compiling: not checking]) 2773 ] 2774 ) 2775 2776 # Sanity check OpenSSL headers 2777 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2778 AC_RUN_IFELSE( 2779 [AC_LANG_PROGRAM([[ 2780 #include <stdlib.h> 2781 #include <string.h> 2782 #include <openssl/opensslv.h> 2783 #include <openssl/crypto.h> 2784 ]], [[ 2785#ifndef HAVE_OPENSSL_VERSION_NUM 2786# define OpenSSL_version_num SSLeay 2787#endif 2788 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2789 ]])], 2790 [ 2791 AC_MSG_RESULT([yes]) 2792 ], 2793 [ 2794 AC_MSG_RESULT([no]) 2795 if test "x$openssl_check_nonfatal" = "x"; then 2796 AC_MSG_ERROR([Your OpenSSL headers do not match your 2797 library. Check config.log for details. 2798 If you are sure your installation is consistent, you can disable the check 2799 by running "./configure --without-openssl-header-check". 2800 Also see contrib/findssl.sh for help identifying header/library mismatches. 2801 ]) 2802 else 2803 AC_MSG_WARN([Your OpenSSL headers do not match your 2804 library. Check config.log for details. 2805 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2806 fi 2807 ], 2808 [ 2809 AC_MSG_WARN([cross compiling: not checking]) 2810 ] 2811 ) 2812 2813 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2814 AC_LINK_IFELSE( 2815 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2816 [[ ERR_load_crypto_strings(); ]])], 2817 [ 2818 AC_MSG_RESULT([yes]) 2819 ], 2820 [ 2821 AC_MSG_RESULT([no]) 2822 saved_LIBS="$LIBS" 2823 LIBS="$LIBS -ldl" 2824 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2825 AC_LINK_IFELSE( 2826 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2827 [[ ERR_load_crypto_strings(); ]])], 2828 [ 2829 AC_MSG_RESULT([yes]) 2830 ], 2831 [ 2832 AC_MSG_RESULT([no]) 2833 LIBS="$saved_LIBS" 2834 ] 2835 ) 2836 ] 2837 ) 2838 2839 AC_CHECK_FUNCS([ \ 2840 BN_is_prime_ex \ 2841 DSA_generate_parameters_ex \ 2842 EVP_CIPHER_CTX_ctrl \ 2843 EVP_DigestFinal_ex \ 2844 EVP_DigestInit_ex \ 2845 EVP_MD_CTX_cleanup \ 2846 EVP_MD_CTX_copy_ex \ 2847 EVP_MD_CTX_init \ 2848 HMAC_CTX_init \ 2849 RSA_generate_key_ex \ 2850 RSA_get_default_method \ 2851 ]) 2852 2853 # OpenSSL_add_all_algorithms may be a macro. 2854 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 2855 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 2856 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 2857 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 2858 [[#include <openssl/evp.h>]] 2859 ) 2860 ) 2861 2862 # LibreSSL/OpenSSL 1.1x API 2863 AC_CHECK_FUNCS([ \ 2864 OPENSSL_init_crypto \ 2865 DH_get0_key \ 2866 DH_get0_pqg \ 2867 DH_set0_key \ 2868 DH_set_length \ 2869 DH_set0_pqg \ 2870 DSA_get0_key \ 2871 DSA_get0_pqg \ 2872 DSA_set0_key \ 2873 DSA_set0_pqg \ 2874 DSA_SIG_get0 \ 2875 DSA_SIG_set0 \ 2876 ECDSA_SIG_get0 \ 2877 ECDSA_SIG_set0 \ 2878 EVP_CIPHER_CTX_iv \ 2879 EVP_CIPHER_CTX_iv_noconst \ 2880 EVP_CIPHER_CTX_get_iv \ 2881 EVP_CIPHER_CTX_set_iv \ 2882 RSA_get0_crt_params \ 2883 RSA_get0_factors \ 2884 RSA_get0_key \ 2885 RSA_set0_crt_params \ 2886 RSA_set0_factors \ 2887 RSA_set0_key \ 2888 RSA_meth_free \ 2889 RSA_meth_dup \ 2890 RSA_meth_set1_name \ 2891 RSA_meth_get_finish \ 2892 RSA_meth_set_priv_enc \ 2893 RSA_meth_set_priv_dec \ 2894 RSA_meth_set_finish \ 2895 EVP_PKEY_get0_RSA \ 2896 EVP_MD_CTX_new \ 2897 EVP_MD_CTX_free \ 2898 EVP_chacha20 \ 2899 ]) 2900 2901 if test "x$openssl_engine" = "xyes" ; then 2902 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2903 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2904 #include <openssl/engine.h> 2905 ]], [[ 2906 ENGINE_load_builtin_engines(); 2907 ENGINE_register_all_complete(); 2908 ]])], 2909 [ AC_MSG_RESULT([yes]) 2910 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2911 [Enable OpenSSL engine support]) 2912 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2913 ]) 2914 fi 2915 2916 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2917 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2918 AC_LINK_IFELSE( 2919 [AC_LANG_PROGRAM([[ 2920 #include <stdlib.h> 2921 #include <string.h> 2922 #include <openssl/evp.h> 2923 ]], [[ 2924 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2925 ]])], 2926 [ 2927 AC_MSG_RESULT([no]) 2928 ], 2929 [ 2930 AC_MSG_RESULT([yes]) 2931 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2932 [libcrypto is missing AES 192 and 256 bit functions]) 2933 ] 2934 ) 2935 2936 # Check for OpenSSL with EVP_aes_*ctr 2937 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2938 AC_LINK_IFELSE( 2939 [AC_LANG_PROGRAM([[ 2940 #include <stdlib.h> 2941 #include <string.h> 2942 #include <openssl/evp.h> 2943 ]], [[ 2944 exit(EVP_aes_128_ctr() == NULL || 2945 EVP_aes_192_cbc() == NULL || 2946 EVP_aes_256_cbc() == NULL); 2947 ]])], 2948 [ 2949 AC_MSG_RESULT([yes]) 2950 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2951 [libcrypto has EVP AES CTR]) 2952 ], 2953 [ 2954 AC_MSG_RESULT([no]) 2955 ] 2956 ) 2957 2958 # Check for OpenSSL with EVP_aes_*gcm 2959 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2960 AC_LINK_IFELSE( 2961 [AC_LANG_PROGRAM([[ 2962 #include <stdlib.h> 2963 #include <string.h> 2964 #include <openssl/evp.h> 2965 ]], [[ 2966 exit(EVP_aes_128_gcm() == NULL || 2967 EVP_aes_256_gcm() == NULL || 2968 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2969 EVP_CTRL_GCM_IV_GEN == 0 || 2970 EVP_CTRL_GCM_SET_TAG == 0 || 2971 EVP_CTRL_GCM_GET_TAG == 0 || 2972 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2973 ]])], 2974 [ 2975 AC_MSG_RESULT([yes]) 2976 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2977 [libcrypto has EVP AES GCM]) 2978 ], 2979 [ 2980 AC_MSG_RESULT([no]) 2981 unsupported_algorithms="$unsupported_cipers \ 2982 aes128-gcm@openssh.com \ 2983 aes256-gcm@openssh.com" 2984 ] 2985 ) 2986 2987 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2988 AC_LINK_IFELSE( 2989 [AC_LANG_PROGRAM([[ 2990 #include <stdlib.h> 2991 #include <string.h> 2992 #include <openssl/evp.h> 2993 ]], [[ 2994 if(EVP_DigestUpdate(NULL, NULL,0)) 2995 exit(0); 2996 ]])], 2997 [ 2998 AC_MSG_RESULT([yes]) 2999 ], 3000 [ 3001 AC_MSG_RESULT([no]) 3002 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 3003 [Define if EVP_DigestUpdate returns void]) 3004 ] 3005 ) 3006 3007 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 3008 # because the system crypt() is more featureful. 3009 if test "x$check_for_libcrypt_before" = "x1"; then 3010 AC_CHECK_LIB([crypt], [crypt]) 3011 fi 3012 3013 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 3014 # version in OpenSSL. 3015 if test "x$check_for_libcrypt_later" = "x1"; then 3016 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3017 fi 3018 AC_CHECK_FUNCS([crypt DES_crypt]) 3019 3020 # Check for SHA256, SHA384 and SHA512 support in OpenSSL 3021 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) 3022 3023 # Check complete ECC support in OpenSSL 3024 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 3025 AC_LINK_IFELSE( 3026 [AC_LANG_PROGRAM([[ 3027 #include <openssl/ec.h> 3028 #include <openssl/ecdh.h> 3029 #include <openssl/ecdsa.h> 3030 #include <openssl/evp.h> 3031 #include <openssl/objects.h> 3032 #include <openssl/opensslv.h> 3033 ]], [[ 3034 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3035 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3036 ]])], 3037 [ AC_MSG_RESULT([yes]) 3038 enable_nistp256=1 ], 3039 [ AC_MSG_RESULT([no]) ] 3040 ) 3041 3042 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3043 AC_LINK_IFELSE( 3044 [AC_LANG_PROGRAM([[ 3045 #include <openssl/ec.h> 3046 #include <openssl/ecdh.h> 3047 #include <openssl/ecdsa.h> 3048 #include <openssl/evp.h> 3049 #include <openssl/objects.h> 3050 #include <openssl/opensslv.h> 3051 ]], [[ 3052 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3053 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3054 ]])], 3055 [ AC_MSG_RESULT([yes]) 3056 enable_nistp384=1 ], 3057 [ AC_MSG_RESULT([no]) ] 3058 ) 3059 3060 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3061 AC_LINK_IFELSE( 3062 [AC_LANG_PROGRAM([[ 3063 #include <openssl/ec.h> 3064 #include <openssl/ecdh.h> 3065 #include <openssl/ecdsa.h> 3066 #include <openssl/evp.h> 3067 #include <openssl/objects.h> 3068 #include <openssl/opensslv.h> 3069 ]], [[ 3070 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3071 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3072 ]])], 3073 [ AC_MSG_RESULT([yes]) 3074 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3075 AC_RUN_IFELSE( 3076 [AC_LANG_PROGRAM([[ 3077 #include <stdlib.h> 3078 #include <openssl/ec.h> 3079 #include <openssl/ecdh.h> 3080 #include <openssl/ecdsa.h> 3081 #include <openssl/evp.h> 3082 #include <openssl/objects.h> 3083 #include <openssl/opensslv.h> 3084 ]],[[ 3085 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3086 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3087 exit(e == NULL || m == NULL); 3088 ]])], 3089 [ AC_MSG_RESULT([yes]) 3090 enable_nistp521=1 ], 3091 [ AC_MSG_RESULT([no]) ], 3092 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3093 enable_nistp521=1 ] 3094 )], 3095 AC_MSG_RESULT([no]) 3096 ) 3097 3098 COMMENT_OUT_ECC="#no ecc#" 3099 TEST_SSH_ECC=no 3100 3101 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3102 test x$enable_nistp521 = x1; then 3103 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3104 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3105 openssl_ecc=yes 3106 else 3107 openssl_ecc=no 3108 fi 3109 if test x$enable_nistp256 = x1; then 3110 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3111 [libcrypto has NID_X9_62_prime256v1]) 3112 TEST_SSH_ECC=yes 3113 COMMENT_OUT_ECC="" 3114 else 3115 unsupported_algorithms="$unsupported_algorithms \ 3116 ecdsa-sha2-nistp256 \ 3117 ecdh-sha2-nistp256 \ 3118 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3119 fi 3120 if test x$enable_nistp384 = x1; then 3121 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3122 TEST_SSH_ECC=yes 3123 COMMENT_OUT_ECC="" 3124 else 3125 unsupported_algorithms="$unsupported_algorithms \ 3126 ecdsa-sha2-nistp384 \ 3127 ecdh-sha2-nistp384 \ 3128 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3129 fi 3130 if test x$enable_nistp521 = x1; then 3131 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3132 TEST_SSH_ECC=yes 3133 COMMENT_OUT_ECC="" 3134 else 3135 unsupported_algorithms="$unsupported_algorithms \ 3136 ecdh-sha2-nistp521 \ 3137 ecdsa-sha2-nistp521 \ 3138 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3139 fi 3140 3141 AC_SUBST([TEST_SSH_ECC]) 3142 AC_SUBST([COMMENT_OUT_ECC]) 3143else 3144 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3145 AC_CHECK_FUNCS([crypt]) 3146fi 3147 3148# PKCS11/U2F depend on OpenSSL and dlopen(). 3149enable_pkcs11=yes 3150enable_sk=yes 3151if test "x$openssl" != "xyes" ; then 3152 enable_pkcs11="disabled; missing libcrypto" 3153 enable_sk="disabled; missing libcrypto" 3154fi 3155if test "x$openssl_ecc" != "xyes" ; then 3156 enable_sk="disabled; OpenSSL has no ECC support" 3157fi 3158if test "x$ac_cv_func_dlopen" != "xyes" ; then 3159 enable_pkcs11="disabled; missing dlopen(3)" 3160 enable_sk="disabled; missing dlopen(3)" 3161fi 3162if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3163 enable_pkcs11="disabled; missing RTLD_NOW" 3164 enable_sk="disabled; missing RTLD_NOW" 3165fi 3166if test ! -z "$disable_pkcs11" ; then 3167 enable_pkcs11="disabled by user" 3168fi 3169if test ! -z "$disable_sk" ; then 3170 enable_sk="disabled by user" 3171fi 3172 3173AC_MSG_CHECKING([whether to enable PKCS11]) 3174if test "x$enable_pkcs11" = "xyes" ; then 3175 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3176fi 3177AC_MSG_RESULT([$enable_pkcs11]) 3178 3179AC_MSG_CHECKING([whether to enable U2F]) 3180if test "x$enable_sk" = "xyes" ; then 3181 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3182 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3183else 3184 # Do not try to build sk-dummy library. 3185 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3186fi 3187AC_MSG_RESULT([$enable_sk]) 3188 3189# Now check for built-in security key support. 3190if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then 3191 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 3192 use_pkgconfig_for_libfido2= 3193 if test "x$PKGCONFIG" != "xno"; then 3194 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3195 if "$PKGCONFIG" libfido2; then 3196 AC_MSG_RESULT([yes]) 3197 use_pkgconfig_for_libfido2=yes 3198 else 3199 AC_MSG_RESULT([no]) 3200 fi 3201 fi 3202 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3203 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3204 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3205 else 3206 LIBFIDO2="-lfido2 -lcbor" 3207 fi 3208 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3209 AC_CHECK_LIB([fido2], [fido_init], 3210 [ 3211 AC_SUBST([LIBFIDO2]) 3212 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3213 [Enable for built-in U2F/FIDO support]) 3214 enable_sk="built-in" 3215 ], [ AC_MSG_ERROR([no usable libfido2 found]) ], 3216 [ $OTHERLIBS ] 3217 ) 3218 saved_LIBS="$LIBS" 3219 LIBS="$LIBS $LIBFIDO2" 3220 AC_CHECK_FUNCS([ \ 3221 fido_cred_prot \ 3222 fido_cred_set_prot \ 3223 fido_dev_get_touch_begin \ 3224 fido_dev_get_touch_status \ 3225 fido_dev_supports_cred_prot \ 3226 ]) 3227 LIBS="$saved_LIBS" 3228 AC_CHECK_HEADER([fido.h], [], 3229 AC_MSG_ERROR([missing fido.h from libfido2])) 3230 AC_CHECK_HEADER([fido/credman.h], [], 3231 AC_MSG_ERROR([missing fido/credman.h from libfido2]), 3232 [#include <fido.h>] 3233 ) 3234fi 3235 3236AC_CHECK_FUNCS([ \ 3237 arc4random \ 3238 arc4random_buf \ 3239 arc4random_stir \ 3240 arc4random_uniform \ 3241]) 3242 3243saved_LIBS="$LIBS" 3244AC_CHECK_LIB([iaf], [ia_openinfo], [ 3245 LIBS="$LIBS -liaf" 3246 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3247 AC_DEFINE([HAVE_LIBIAF], [1], 3248 [Define if system has libiaf that supports set_id]) 3249 ]) 3250]) 3251LIBS="$saved_LIBS" 3252 3253### Configure cryptographic random number support 3254 3255# Check whether OpenSSL seeds itself 3256if test "x$openssl" = "xyes" ; then 3257 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3258 AC_RUN_IFELSE( 3259 [AC_LANG_PROGRAM([[ 3260 #include <stdlib.h> 3261 #include <string.h> 3262 #include <openssl/rand.h> 3263 ]], [[ 3264 exit(RAND_status() == 1 ? 0 : 1); 3265 ]])], 3266 [ 3267 OPENSSL_SEEDS_ITSELF=yes 3268 AC_MSG_RESULT([yes]) 3269 ], 3270 [ 3271 AC_MSG_RESULT([no]) 3272 ], 3273 [ 3274 AC_MSG_WARN([cross compiling: assuming yes]) 3275 # This is safe, since we will fatal() at runtime if 3276 # OpenSSL is not seeded correctly. 3277 OPENSSL_SEEDS_ITSELF=yes 3278 ] 3279 ) 3280fi 3281 3282# PRNGD TCP socket 3283AC_ARG_WITH([prngd-port], 3284 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3285 [ 3286 case "$withval" in 3287 no) 3288 withval="" 3289 ;; 3290 [[0-9]]*) 3291 ;; 3292 *) 3293 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3294 ;; 3295 esac 3296 if test ! -z "$withval" ; then 3297 PRNGD_PORT="$withval" 3298 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3299 [Port number of PRNGD/EGD random number socket]) 3300 fi 3301 ] 3302) 3303 3304# PRNGD Unix domain socket 3305AC_ARG_WITH([prngd-socket], 3306 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3307 [ 3308 case "$withval" in 3309 yes) 3310 withval="/var/run/egd-pool" 3311 ;; 3312 no) 3313 withval="" 3314 ;; 3315 /*) 3316 ;; 3317 *) 3318 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3319 ;; 3320 esac 3321 3322 if test ! -z "$withval" ; then 3323 if test ! -z "$PRNGD_PORT" ; then 3324 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3325 fi 3326 if test ! -r "$withval" ; then 3327 AC_MSG_WARN([Entropy socket is not readable]) 3328 fi 3329 PRNGD_SOCKET="$withval" 3330 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3331 [Location of PRNGD/EGD random number socket]) 3332 fi 3333 ], 3334 [ 3335 # Check for existing socket only if we don't have a random device already 3336 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3337 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3338 # Insert other locations here 3339 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3340 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3341 PRNGD_SOCKET="$sock" 3342 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3343 break; 3344 fi 3345 done 3346 if test ! -z "$PRNGD_SOCKET" ; then 3347 AC_MSG_RESULT([$PRNGD_SOCKET]) 3348 else 3349 AC_MSG_RESULT([not found]) 3350 fi 3351 fi 3352 ] 3353) 3354 3355# Which randomness source do we use? 3356if test ! -z "$PRNGD_PORT" ; then 3357 RAND_MSG="PRNGd port $PRNGD_PORT" 3358elif test ! -z "$PRNGD_SOCKET" ; then 3359 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3360elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3361 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3362 [Define if you want the OpenSSL internally seeded PRNG only]) 3363 RAND_MSG="OpenSSL internal ONLY" 3364elif test "x$openssl" = "xno" ; then 3365 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3366else 3367 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3368fi 3369 3370# Check for PAM libs 3371PAM_MSG="no" 3372AC_ARG_WITH([pam], 3373 [ --with-pam Enable PAM support ], 3374 [ 3375 if test "x$withval" != "xno" ; then 3376 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3377 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3378 AC_MSG_ERROR([PAM headers not found]) 3379 fi 3380 3381 saved_LIBS="$LIBS" 3382 AC_CHECK_LIB([dl], [dlopen], , ) 3383 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3384 AC_CHECK_FUNCS([pam_getenvlist]) 3385 AC_CHECK_FUNCS([pam_putenv]) 3386 LIBS="$saved_LIBS" 3387 3388 PAM_MSG="yes" 3389 3390 SSHDLIBS="$SSHDLIBS -lpam" 3391 AC_DEFINE([USE_PAM], [1], 3392 [Define if you want to enable PAM support]) 3393 3394 if test $ac_cv_lib_dl_dlopen = yes; then 3395 case "$LIBS" in 3396 *-ldl*) 3397 # libdl already in LIBS 3398 ;; 3399 *) 3400 SSHDLIBS="$SSHDLIBS -ldl" 3401 ;; 3402 esac 3403 fi 3404 fi 3405 ] 3406) 3407 3408AC_ARG_WITH([pam-service], 3409 [ --with-pam-service=name Specify PAM service name ], 3410 [ 3411 if test "x$withval" != "xno" && \ 3412 test "x$withval" != "xyes" ; then 3413 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3414 ["$withval"], [sshd PAM service name]) 3415 fi 3416 ] 3417) 3418 3419# Check for older PAM 3420if test "x$PAM_MSG" = "xyes" ; then 3421 # Check PAM strerror arguments (old PAM) 3422 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3423 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3424#include <stdlib.h> 3425#if defined(HAVE_SECURITY_PAM_APPL_H) 3426#include <security/pam_appl.h> 3427#elif defined (HAVE_PAM_PAM_APPL_H) 3428#include <pam/pam_appl.h> 3429#endif 3430 ]], [[ 3431(void)pam_strerror((pam_handle_t *)NULL, -1); 3432 ]])], [AC_MSG_RESULT([no])], [ 3433 AC_DEFINE([HAVE_OLD_PAM], [1], 3434 [Define if you have an old version of PAM 3435 which takes only one argument to pam_strerror]) 3436 AC_MSG_RESULT([yes]) 3437 PAM_MSG="yes (old library)" 3438 3439 ]) 3440fi 3441 3442case "$host" in 3443*-*-cygwin*) 3444 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3445 ;; 3446*) 3447 SSH_PRIVSEP_USER=sshd 3448 ;; 3449esac 3450AC_ARG_WITH([privsep-user], 3451 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3452 [ 3453 if test -n "$withval" && test "x$withval" != "xno" && \ 3454 test "x${withval}" != "xyes"; then 3455 SSH_PRIVSEP_USER=$withval 3456 fi 3457 ] 3458) 3459if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3460 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3461 [Cygwin function to fetch non-privileged user for privilege separation]) 3462else 3463 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3464 [non-privileged user for privilege separation]) 3465fi 3466AC_SUBST([SSH_PRIVSEP_USER]) 3467 3468if test "x$have_linux_no_new_privs" = "x1" ; then 3469AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3470 #include <sys/types.h> 3471 #include <linux/seccomp.h> 3472]) 3473fi 3474if test "x$have_seccomp_filter" = "x1" ; then 3475AC_MSG_CHECKING([kernel for seccomp_filter support]) 3476AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3477 #include <errno.h> 3478 #include <elf.h> 3479 #include <linux/audit.h> 3480 #include <linux/seccomp.h> 3481 #include <stdlib.h> 3482 #include <sys/prctl.h> 3483 ]], 3484 [[ int i = $seccomp_audit_arch; 3485 errno = 0; 3486 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3487 exit(errno == EFAULT ? 0 : 1); ]])], 3488 [ AC_MSG_RESULT([yes]) ], [ 3489 AC_MSG_RESULT([no]) 3490 # Disable seccomp filter as a target 3491 have_seccomp_filter=0 3492 ] 3493) 3494fi 3495 3496# Decide which sandbox style to use 3497sandbox_arg="" 3498AC_ARG_WITH([sandbox], 3499 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3500 [ 3501 if test "x$withval" = "xyes" ; then 3502 sandbox_arg="" 3503 else 3504 sandbox_arg="$withval" 3505 fi 3506 ] 3507) 3508 3509# Some platforms (seems to be the ones that have a kernel poll(2)-type 3510# function with which they implement select(2)) use an extra file descriptor 3511# when calling select(2), which means we can't use the rlimit sandbox. 3512AC_MSG_CHECKING([if select works with descriptor rlimit]) 3513AC_RUN_IFELSE( 3514 [AC_LANG_PROGRAM([[ 3515#include <sys/types.h> 3516#ifdef HAVE_SYS_TIME_H 3517# include <sys/time.h> 3518#endif 3519#include <sys/resource.h> 3520#ifdef HAVE_SYS_SELECT_H 3521# include <sys/select.h> 3522#endif 3523#include <errno.h> 3524#include <fcntl.h> 3525#include <stdlib.h> 3526 ]],[[ 3527 struct rlimit rl_zero; 3528 int fd, r; 3529 fd_set fds; 3530 struct timeval tv; 3531 3532 fd = open("/dev/null", O_RDONLY); 3533 FD_ZERO(&fds); 3534 FD_SET(fd, &fds); 3535 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3536 setrlimit(RLIMIT_FSIZE, &rl_zero); 3537 setrlimit(RLIMIT_NOFILE, &rl_zero); 3538 tv.tv_sec = 1; 3539 tv.tv_usec = 0; 3540 r = select(fd+1, &fds, NULL, NULL, &tv); 3541 exit (r == -1 ? 1 : 0); 3542 ]])], 3543 [AC_MSG_RESULT([yes]) 3544 select_works_with_rlimit=yes], 3545 [AC_MSG_RESULT([no]) 3546 select_works_with_rlimit=no], 3547 [AC_MSG_WARN([cross compiling: assuming yes]) 3548 select_works_with_rlimit=yes] 3549) 3550 3551AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3552AC_RUN_IFELSE( 3553 [AC_LANG_PROGRAM([[ 3554#include <sys/types.h> 3555#ifdef HAVE_SYS_TIME_H 3556# include <sys/time.h> 3557#endif 3558#include <sys/resource.h> 3559#include <errno.h> 3560#include <stdlib.h> 3561 ]],[[ 3562 struct rlimit rl_zero; 3563 int r; 3564 3565 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3566 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3567 exit (r == -1 ? 1 : 0); 3568 ]])], 3569 [AC_MSG_RESULT([yes]) 3570 rlimit_nofile_zero_works=yes], 3571 [AC_MSG_RESULT([no]) 3572 rlimit_nofile_zero_works=no], 3573 [AC_MSG_WARN([cross compiling: assuming yes]) 3574 rlimit_nofile_zero_works=yes] 3575) 3576 3577AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3578AC_RUN_IFELSE( 3579 [AC_LANG_PROGRAM([[ 3580#include <sys/types.h> 3581#include <sys/resource.h> 3582#include <stdlib.h> 3583 ]],[[ 3584 struct rlimit rl_zero; 3585 3586 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3587 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3588 ]])], 3589 [AC_MSG_RESULT([yes])], 3590 [AC_MSG_RESULT([no]) 3591 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3592 [setrlimit RLIMIT_FSIZE works])], 3593 [AC_MSG_WARN([cross compiling: assuming yes])] 3594) 3595 3596if test "x$sandbox_arg" = "xpledge" || \ 3597 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3598 test "x$ac_cv_func_pledge" != "xyes" && \ 3599 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3600 SANDBOX_STYLE="pledge" 3601 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3602elif test "x$sandbox_arg" = "xsystrace" || \ 3603 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3604 test "x$have_systr_policy_kill" != "x1" && \ 3605 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3606 SANDBOX_STYLE="systrace" 3607 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3608elif test "x$sandbox_arg" = "xdarwin" || \ 3609 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3610 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3611 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3612 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3613 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3614 SANDBOX_STYLE="darwin" 3615 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3616elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3617 ( test -z "$sandbox_arg" && \ 3618 test "x$have_seccomp_filter" = "x1" && \ 3619 test "x$ac_cv_header_elf_h" = "xyes" && \ 3620 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3621 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3622 test "x$seccomp_audit_arch" != "x" && \ 3623 test "x$have_linux_no_new_privs" = "x1" && \ 3624 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3625 test "x$seccomp_audit_arch" = "x" && \ 3626 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3627 test "x$have_linux_no_new_privs" != "x1" && \ 3628 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3629 test "x$have_seccomp_filter" != "x1" && \ 3630 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3631 test "x$ac_cv_func_prctl" != "xyes" && \ 3632 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3633 SANDBOX_STYLE="seccomp_filter" 3634 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3635elif test "x$sandbox_arg" = "xcapsicum" || \ 3636 ( test -z "$sandbox_arg" && \ 3637 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3638 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3639 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3640 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3641 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3642 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3643 SANDBOX_STYLE="capsicum" 3644 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3645elif test "x$sandbox_arg" = "xrlimit" || \ 3646 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3647 test "x$select_works_with_rlimit" = "xyes" && \ 3648 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3649 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3650 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3651 test "x$select_works_with_rlimit" != "xyes" && \ 3652 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3653 SANDBOX_STYLE="rlimit" 3654 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3655elif test "x$sandbox_arg" = "xsolaris" || \ 3656 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3657 SANDBOX_STYLE="solaris" 3658 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3659elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3660 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3661 SANDBOX_STYLE="none" 3662 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3663else 3664 AC_MSG_ERROR([unsupported --with-sandbox]) 3665fi 3666 3667# Cheap hack to ensure NEWS-OS libraries are arranged right. 3668if test ! -z "$SONY" ; then 3669 LIBS="$LIBS -liberty"; 3670fi 3671 3672# Check for long long datatypes 3673AC_CHECK_TYPES([long long, unsigned long long, long double]) 3674 3675# Check datatype sizes 3676AC_CHECK_SIZEOF([short int]) 3677AC_CHECK_SIZEOF([int]) 3678AC_CHECK_SIZEOF([long int]) 3679AC_CHECK_SIZEOF([long long int]) 3680 3681# Sanity check long long for some platforms (AIX) 3682if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3683 ac_cv_sizeof_long_long_int=0 3684fi 3685 3686# compute LLONG_MIN and LLONG_MAX if we don't know them. 3687if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3688 AC_MSG_CHECKING([for max value of long long]) 3689 AC_RUN_IFELSE( 3690 [AC_LANG_PROGRAM([[ 3691#include <stdio.h> 3692#include <stdlib.h> 3693/* Why is this so damn hard? */ 3694#ifdef __GNUC__ 3695# undef __GNUC__ 3696#endif 3697#define __USE_ISOC99 3698#include <limits.h> 3699#define DATA "conftest.llminmax" 3700#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3701 3702/* 3703 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3704 * we do this the hard way. 3705 */ 3706static int 3707fprint_ll(FILE *f, long long n) 3708{ 3709 unsigned int i; 3710 int l[sizeof(long long) * 8]; 3711 3712 if (n < 0) 3713 if (fprintf(f, "-") < 0) 3714 return -1; 3715 for (i = 0; n != 0; i++) { 3716 l[i] = my_abs(n % 10); 3717 n /= 10; 3718 } 3719 do { 3720 if (fprintf(f, "%d", l[--i]) < 0) 3721 return -1; 3722 } while (i != 0); 3723 if (fprintf(f, " ") < 0) 3724 return -1; 3725 return 0; 3726} 3727 ]], [[ 3728 FILE *f; 3729 long long i, llmin, llmax = 0; 3730 3731 if((f = fopen(DATA,"w")) == NULL) 3732 exit(1); 3733 3734#if defined(LLONG_MIN) && defined(LLONG_MAX) 3735 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3736 llmin = LLONG_MIN; 3737 llmax = LLONG_MAX; 3738#else 3739 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3740 /* This will work on one's complement and two's complement */ 3741 for (i = 1; i > llmax; i <<= 1, i++) 3742 llmax = i; 3743 llmin = llmax + 1LL; /* wrap */ 3744#endif 3745 3746 /* Sanity check */ 3747 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3748 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3749 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3750 fprintf(f, "unknown unknown\n"); 3751 exit(2); 3752 } 3753 3754 if (fprint_ll(f, llmin) < 0) 3755 exit(3); 3756 if (fprint_ll(f, llmax) < 0) 3757 exit(4); 3758 if (fclose(f) < 0) 3759 exit(5); 3760 exit(0); 3761 ]])], 3762 [ 3763 llong_min=`$AWK '{print $1}' conftest.llminmax` 3764 llong_max=`$AWK '{print $2}' conftest.llminmax` 3765 3766 AC_MSG_RESULT([$llong_max]) 3767 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3768 [max value of long long calculated by configure]) 3769 AC_MSG_CHECKING([for min value of long long]) 3770 AC_MSG_RESULT([$llong_min]) 3771 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3772 [min value of long long calculated by configure]) 3773 ], 3774 [ 3775 AC_MSG_RESULT([not found]) 3776 ], 3777 [ 3778 AC_MSG_WARN([cross compiling: not checking]) 3779 ] 3780 ) 3781fi 3782 3783AC_CHECK_DECLS([UINT32_MAX], , , [[ 3784#ifdef HAVE_SYS_LIMITS_H 3785# include <sys/limits.h> 3786#endif 3787#ifdef HAVE_LIMITS_H 3788# include <limits.h> 3789#endif 3790#ifdef HAVE_STDINT_H 3791# include <stdint.h> 3792#endif 3793]]) 3794 3795# More checks for data types 3796AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3797 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3798 [[ u_int a; a = 1;]])], 3799 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3800 ]) 3801]) 3802if test "x$ac_cv_have_u_int" = "xyes" ; then 3803 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3804 have_u_int=1 3805fi 3806 3807AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3808 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3809 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3810 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3811 ]) 3812]) 3813if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3814 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3815 have_intxx_t=1 3816fi 3817 3818if (test -z "$have_intxx_t" && \ 3819 test "x$ac_cv_header_stdint_h" = "xyes") 3820then 3821 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3822 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3823 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3824 [ 3825 AC_DEFINE([HAVE_INTXX_T]) 3826 AC_MSG_RESULT([yes]) 3827 ], [ AC_MSG_RESULT([no]) 3828 ]) 3829fi 3830 3831AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3832 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3833#include <sys/types.h> 3834#ifdef HAVE_STDINT_H 3835# include <stdint.h> 3836#endif 3837#include <sys/socket.h> 3838#ifdef HAVE_SYS_BITYPES_H 3839# include <sys/bitypes.h> 3840#endif 3841 ]], [[ 3842int64_t a; a = 1; 3843 ]])], 3844 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3845 ]) 3846]) 3847if test "x$ac_cv_have_int64_t" = "xyes" ; then 3848 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3849fi 3850 3851AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3852 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3853 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3854 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3855 ]) 3856]) 3857if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3858 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3859 have_u_intxx_t=1 3860fi 3861 3862if test -z "$have_u_intxx_t" ; then 3863 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3864 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3865 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3866 [ 3867 AC_DEFINE([HAVE_U_INTXX_T]) 3868 AC_MSG_RESULT([yes]) 3869 ], [ AC_MSG_RESULT([no]) 3870 ]) 3871fi 3872 3873AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3874 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3875 [[ u_int64_t a; a = 1;]])], 3876 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3877 ]) 3878]) 3879if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3880 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3881 have_u_int64_t=1 3882fi 3883 3884if (test -z "$have_u_int64_t" && \ 3885 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3886then 3887 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3888 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3889 [[ u_int64_t a; a = 1]])], 3890 [ 3891 AC_DEFINE([HAVE_U_INT64_T]) 3892 AC_MSG_RESULT([yes]) 3893 ], [ AC_MSG_RESULT([no]) 3894 ]) 3895fi 3896 3897if test -z "$have_u_intxx_t" ; then 3898 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3899 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3900#include <sys/types.h> 3901 ]], [[ 3902 uint8_t a; 3903 uint16_t b; 3904 uint32_t c; 3905 a = b = c = 1; 3906 ]])], 3907 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3908 ]) 3909 ]) 3910 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3911 AC_DEFINE([HAVE_UINTXX_T], [1], 3912 [define if you have uintxx_t data type]) 3913 fi 3914fi 3915 3916if (test -z "$have_uintxx_t" && \ 3917 test "x$ac_cv_header_stdint_h" = "xyes") 3918then 3919 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3920 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3921 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3922 [ 3923 AC_DEFINE([HAVE_UINTXX_T]) 3924 AC_MSG_RESULT([yes]) 3925 ], [ AC_MSG_RESULT([no]) 3926 ]) 3927fi 3928 3929if (test -z "$have_uintxx_t" && \ 3930 test "x$ac_cv_header_inttypes_h" = "xyes") 3931then 3932 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3933 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3934 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3935 [ 3936 AC_DEFINE([HAVE_UINTXX_T]) 3937 AC_MSG_RESULT([yes]) 3938 ], [ AC_MSG_RESULT([no]) 3939 ]) 3940fi 3941 3942if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3943 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3944then 3945 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3946 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3947#include <sys/bitypes.h> 3948 ]], [[ 3949 int8_t a; int16_t b; int32_t c; 3950 u_int8_t e; u_int16_t f; u_int32_t g; 3951 a = b = c = e = f = g = 1; 3952 ]])], 3953 [ 3954 AC_DEFINE([HAVE_U_INTXX_T]) 3955 AC_DEFINE([HAVE_INTXX_T]) 3956 AC_MSG_RESULT([yes]) 3957 ], [AC_MSG_RESULT([no]) 3958 ]) 3959fi 3960 3961 3962AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3963 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3964 [[ u_char foo; foo = 125; ]])], 3965 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3966 ]) 3967]) 3968if test "x$ac_cv_have_u_char" = "xyes" ; then 3969 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3970fi 3971 3972AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3973#include <sys/types.h> 3974#ifdef HAVE_STDINT_H 3975# include <stdint.h> 3976#endif 3977]) 3978 3979TYPE_SOCKLEN_T 3980 3981AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3982AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3983#include <sys/types.h> 3984#ifdef HAVE_SYS_BITYPES_H 3985#include <sys/bitypes.h> 3986#endif 3987#ifdef HAVE_SYS_STATFS_H 3988#include <sys/statfs.h> 3989#endif 3990#ifdef HAVE_SYS_STATVFS_H 3991#include <sys/statvfs.h> 3992#endif 3993]) 3994 3995AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 3996#include <sys/param.h> 3997#include <sys/types.h> 3998#ifdef HAVE_SYS_BITYPES_H 3999#include <sys/bitypes.h> 4000#endif 4001#ifdef HAVE_SYS_STATFS_H 4002#include <sys/statfs.h> 4003#endif 4004#ifdef HAVE_SYS_STATVFS_H 4005#include <sys/statvfs.h> 4006#endif 4007#ifdef HAVE_SYS_VFS_H 4008#include <sys/vfs.h> 4009#endif 4010#ifdef HAVE_SYS_MOUNT_H 4011#include <sys/mount.h> 4012#endif 4013]]) 4014 4015 4016AC_CHECK_TYPES([in_addr_t, in_port_t], , , 4017[#include <sys/types.h> 4018#include <netinet/in.h>]) 4019 4020AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 4021 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4022 [[ size_t foo; foo = 1235; ]])], 4023 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 4024 ]) 4025]) 4026if test "x$ac_cv_have_size_t" = "xyes" ; then 4027 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 4028fi 4029 4030AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 4031 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4032 [[ ssize_t foo; foo = 1235; ]])], 4033 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 4034 ]) 4035]) 4036if test "x$ac_cv_have_ssize_t" = "xyes" ; then 4037 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 4038fi 4039 4040AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 4041 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4042 [[ clock_t foo; foo = 1235; ]])], 4043 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4044 ]) 4045]) 4046if test "x$ac_cv_have_clock_t" = "xyes" ; then 4047 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4048fi 4049 4050AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4051 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4052#include <sys/types.h> 4053#include <sys/socket.h> 4054 ]], [[ sa_family_t foo; foo = 1235; ]])], 4055 [ ac_cv_have_sa_family_t="yes" ], 4056 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4057#include <sys/types.h> 4058#include <sys/socket.h> 4059#include <netinet/in.h> 4060 ]], [[ sa_family_t foo; foo = 1235; ]])], 4061 [ ac_cv_have_sa_family_t="yes" ], 4062 [ ac_cv_have_sa_family_t="no" ] 4063 ) 4064 ]) 4065]) 4066if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4067 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4068 [define if you have sa_family_t data type]) 4069fi 4070 4071AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4072 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4073 [[ pid_t foo; foo = 1235; ]])], 4074 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4075 ]) 4076]) 4077if test "x$ac_cv_have_pid_t" = "xyes" ; then 4078 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4079fi 4080 4081AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4082 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4083 [[ mode_t foo; foo = 1235; ]])], 4084 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4085 ]) 4086]) 4087if test "x$ac_cv_have_mode_t" = "xyes" ; then 4088 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4089fi 4090 4091 4092AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4093 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4094#include <sys/types.h> 4095#include <sys/socket.h> 4096 ]], [[ struct sockaddr_storage s; ]])], 4097 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4098 [ ac_cv_have_struct_sockaddr_storage="no" 4099 ]) 4100]) 4101if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4102 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4103 [define if you have struct sockaddr_storage data type]) 4104fi 4105 4106AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4107 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4108#include <sys/types.h> 4109#include <netinet/in.h> 4110 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4111 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4112 [ ac_cv_have_struct_sockaddr_in6="no" 4113 ]) 4114]) 4115if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4116 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4117 [define if you have struct sockaddr_in6 data type]) 4118fi 4119 4120AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4121 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4122#include <sys/types.h> 4123#include <netinet/in.h> 4124 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4125 [ ac_cv_have_struct_in6_addr="yes" ], 4126 [ ac_cv_have_struct_in6_addr="no" 4127 ]) 4128]) 4129if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4130 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4131 [define if you have struct in6_addr data type]) 4132 4133dnl Now check for sin6_scope_id 4134 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4135 [ 4136#ifdef HAVE_SYS_TYPES_H 4137#include <sys/types.h> 4138#endif 4139#include <netinet/in.h> 4140 ]) 4141fi 4142 4143AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4144 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4145#include <sys/types.h> 4146#include <sys/socket.h> 4147#include <netdb.h> 4148 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4149 [ ac_cv_have_struct_addrinfo="yes" ], 4150 [ ac_cv_have_struct_addrinfo="no" 4151 ]) 4152]) 4153if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4154 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4155 [define if you have struct addrinfo data type]) 4156fi 4157 4158AC_HEADER_TIME 4159 4160AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4161 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4162 [[ struct timeval tv; tv.tv_sec = 1;]])], 4163 [ ac_cv_have_struct_timeval="yes" ], 4164 [ ac_cv_have_struct_timeval="no" 4165 ]) 4166]) 4167if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4168 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4169 have_struct_timeval=1 4170fi 4171 4172AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4173 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4174 #ifdef TIME_WITH_SYS_TIME 4175 # include <sys/time.h> 4176 # include <time.h> 4177 #else 4178 # ifdef HAVE_SYS_TIME_H 4179 # include <sys/time.h> 4180 # else 4181 # include <time.h> 4182 # endif 4183 #endif 4184 ]], 4185 [[ struct timespec ts; ts.tv_sec = 1;]])], 4186 [ ac_cv_have_struct_timespec="yes" ], 4187 [ ac_cv_have_struct_timespec="no" 4188 ]) 4189]) 4190if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4191 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4192 have_struct_timespec=1 4193fi 4194 4195# We need int64_t or else certain parts of the compile will fail. 4196if test "x$ac_cv_have_int64_t" = "xno" && \ 4197 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4198 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4199 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4200 echo "an alternative compiler (I.E., GCC) before continuing." 4201 echo "" 4202 exit 1; 4203else 4204dnl test snprintf (broken on SCO w/gcc) 4205 AC_RUN_IFELSE( 4206 [AC_LANG_SOURCE([[ 4207#include <stdio.h> 4208#include <stdlib.h> 4209#include <string.h> 4210#ifdef HAVE_SNPRINTF 4211main() 4212{ 4213 char buf[50]; 4214 char expected_out[50]; 4215 int mazsize = 50 ; 4216#if (SIZEOF_LONG_INT == 8) 4217 long int num = 0x7fffffffffffffff; 4218#else 4219 long long num = 0x7fffffffffffffffll; 4220#endif 4221 strcpy(expected_out, "9223372036854775807"); 4222 snprintf(buf, mazsize, "%lld", num); 4223 if(strcmp(buf, expected_out) != 0) 4224 exit(1); 4225 exit(0); 4226} 4227#else 4228main() { exit(0); } 4229#endif 4230 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4231 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4232 ) 4233fi 4234 4235dnl Checks for structure members 4236OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4237OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4238OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4239OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4240OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4241OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4242OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4243OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4244OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4245OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4246OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4247OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4248OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4249OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4250OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4251OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4252OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4253OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX]) 4254 4255AC_CHECK_MEMBERS([struct stat.st_blksize]) 4256AC_CHECK_MEMBERS([struct stat.st_mtim]) 4257AC_CHECK_MEMBERS([struct stat.st_mtime]) 4258AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4259struct passwd.pw_change, struct passwd.pw_expire], 4260[], [], [[ 4261#include <sys/types.h> 4262#include <pwd.h> 4263]]) 4264 4265AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4266 [Define if we don't have struct __res_state in resolv.h])], 4267[[ 4268#include <stdio.h> 4269#if HAVE_SYS_TYPES_H 4270# include <sys/types.h> 4271#endif 4272#include <netinet/in.h> 4273#include <arpa/nameser.h> 4274#include <resolv.h> 4275]]) 4276 4277AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4278 ac_cv_have_ss_family_in_struct_ss, [ 4279 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4280#include <sys/types.h> 4281#include <sys/socket.h> 4282 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4283 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4284 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4285]) 4286if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4287 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4288fi 4289 4290AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4291 ac_cv_have___ss_family_in_struct_ss, [ 4292 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4293#include <sys/types.h> 4294#include <sys/socket.h> 4295 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4296 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4297 [ ac_cv_have___ss_family_in_struct_ss="no" 4298 ]) 4299]) 4300if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4301 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4302 [Fields in struct sockaddr_storage]) 4303fi 4304 4305dnl make sure we're using the real structure members and not defines 4306AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4307 ac_cv_have_accrights_in_msghdr, [ 4308 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4309#include <sys/types.h> 4310#include <sys/socket.h> 4311#include <sys/uio.h> 4312#include <stdlib.h> 4313 ]], [[ 4314#ifdef msg_accrights 4315#error "msg_accrights is a macro" 4316exit(1); 4317#endif 4318struct msghdr m; 4319m.msg_accrights = 0; 4320exit(0); 4321 ]])], 4322 [ ac_cv_have_accrights_in_msghdr="yes" ], 4323 [ ac_cv_have_accrights_in_msghdr="no" ] 4324 ) 4325]) 4326if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4327 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4328 [Define if your system uses access rights style 4329 file descriptor passing]) 4330fi 4331 4332AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4333AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4334#include <sys/param.h> 4335#include <sys/stat.h> 4336#ifdef HAVE_SYS_TIME_H 4337# include <sys/time.h> 4338#endif 4339#ifdef HAVE_SYS_MOUNT_H 4340#include <sys/mount.h> 4341#endif 4342#ifdef HAVE_SYS_STATVFS_H 4343#include <sys/statvfs.h> 4344#endif 4345 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4346 [ AC_MSG_RESULT([yes]) ], 4347 [ AC_MSG_RESULT([no]) 4348 4349 AC_MSG_CHECKING([if fsid_t has member val]) 4350 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4351#include <sys/types.h> 4352#include <sys/statvfs.h> 4353 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4354 [ AC_MSG_RESULT([yes]) 4355 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4356 [ AC_MSG_RESULT([no]) ]) 4357 4358 AC_MSG_CHECKING([if f_fsid has member __val]) 4359 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4360#include <sys/types.h> 4361#include <sys/statvfs.h> 4362 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4363 [ AC_MSG_RESULT([yes]) 4364 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4365 [ AC_MSG_RESULT([no]) ]) 4366]) 4367 4368AC_CACHE_CHECK([for msg_control field in struct msghdr], 4369 ac_cv_have_control_in_msghdr, [ 4370 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4371#include <sys/types.h> 4372#include <sys/socket.h> 4373#include <sys/uio.h> 4374#include <stdlib.h> 4375 ]], [[ 4376#ifdef msg_control 4377#error "msg_control is a macro" 4378exit(1); 4379#endif 4380struct msghdr m; 4381m.msg_control = 0; 4382exit(0); 4383 ]])], 4384 [ ac_cv_have_control_in_msghdr="yes" ], 4385 [ ac_cv_have_control_in_msghdr="no" ] 4386 ) 4387]) 4388if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4389 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4390 [Define if your system uses ancillary data style 4391 file descriptor passing]) 4392fi 4393 4394AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4395 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4396 [[ extern char *__progname; printf("%s", __progname); ]])], 4397 [ ac_cv_libc_defines___progname="yes" ], 4398 [ ac_cv_libc_defines___progname="no" 4399 ]) 4400]) 4401if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4402 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4403fi 4404 4405AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4406 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4407 [[ printf("%s", __FUNCTION__); ]])], 4408 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4409 [ ac_cv_cc_implements___FUNCTION__="no" 4410 ]) 4411]) 4412if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4413 AC_DEFINE([HAVE___FUNCTION__], [1], 4414 [Define if compiler implements __FUNCTION__]) 4415fi 4416 4417AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4418 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4419 [[ printf("%s", __func__); ]])], 4420 [ ac_cv_cc_implements___func__="yes" ], 4421 [ ac_cv_cc_implements___func__="no" 4422 ]) 4423]) 4424if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4425 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4426fi 4427 4428AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4429 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4430#include <stdarg.h> 4431va_list x,y; 4432 ]], [[ va_copy(x,y); ]])], 4433 [ ac_cv_have_va_copy="yes" ], 4434 [ ac_cv_have_va_copy="no" 4435 ]) 4436]) 4437if test "x$ac_cv_have_va_copy" = "xyes" ; then 4438 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4439fi 4440 4441AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4442 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4443#include <stdarg.h> 4444va_list x,y; 4445 ]], [[ __va_copy(x,y); ]])], 4446 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4447 ]) 4448]) 4449if test "x$ac_cv_have___va_copy" = "xyes" ; then 4450 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4451fi 4452 4453AC_CACHE_CHECK([whether getopt has optreset support], 4454 ac_cv_have_getopt_optreset, [ 4455 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4456 [[ extern int optreset; optreset = 0; ]])], 4457 [ ac_cv_have_getopt_optreset="yes" ], 4458 [ ac_cv_have_getopt_optreset="no" 4459 ]) 4460]) 4461if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4462 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4463 [Define if your getopt(3) defines and uses optreset]) 4464fi 4465 4466AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4467 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4468[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4469 [ ac_cv_libc_defines_sys_errlist="yes" ], 4470 [ ac_cv_libc_defines_sys_errlist="no" 4471 ]) 4472]) 4473if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4474 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4475 [Define if your system defines sys_errlist[]]) 4476fi 4477 4478 4479AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4480 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4481[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4482 [ ac_cv_libc_defines_sys_nerr="yes" ], 4483 [ ac_cv_libc_defines_sys_nerr="no" 4484 ]) 4485]) 4486if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4487 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4488fi 4489 4490# Check libraries needed by DNS fingerprint support 4491AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4492 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4493 [Define if getrrsetbyname() exists])], 4494 [ 4495 # Needed by our getrrsetbyname() 4496 AC_SEARCH_LIBS([res_query], [resolv]) 4497 AC_SEARCH_LIBS([dn_expand], [resolv]) 4498 AC_MSG_CHECKING([if res_query will link]) 4499 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4500#include <sys/types.h> 4501#include <netinet/in.h> 4502#include <arpa/nameser.h> 4503#include <netdb.h> 4504#include <resolv.h> 4505 ]], [[ 4506 res_query (0, 0, 0, 0, 0); 4507 ]])], 4508 AC_MSG_RESULT([yes]), 4509 [AC_MSG_RESULT([no]) 4510 saved_LIBS="$LIBS" 4511 LIBS="$LIBS -lresolv" 4512 AC_MSG_CHECKING([for res_query in -lresolv]) 4513 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4514#include <sys/types.h> 4515#include <netinet/in.h> 4516#include <arpa/nameser.h> 4517#include <netdb.h> 4518#include <resolv.h> 4519 ]], [[ 4520 res_query (0, 0, 0, 0, 0); 4521 ]])], 4522 [AC_MSG_RESULT([yes])], 4523 [LIBS="$saved_LIBS" 4524 AC_MSG_RESULT([no])]) 4525 ]) 4526 AC_CHECK_FUNCS([_getshort _getlong]) 4527 AC_CHECK_DECLS([_getshort, _getlong], , , 4528 [#include <sys/types.h> 4529 #include <arpa/nameser.h>]) 4530 AC_CHECK_MEMBER([HEADER.ad], 4531 [AC_DEFINE([HAVE_HEADER_AD], [1], 4532 [Define if HEADER.ad exists in arpa/nameser.h])], , 4533 [#include <arpa/nameser.h>]) 4534 ]) 4535 4536AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4537AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4538#include <stdio.h> 4539#if HAVE_SYS_TYPES_H 4540# include <sys/types.h> 4541#endif 4542#include <netinet/in.h> 4543#include <arpa/nameser.h> 4544#include <resolv.h> 4545extern struct __res_state _res; 4546 ]], [[ 4547struct __res_state *volatile p = &_res; /* force resolution of _res */ 4548return 0; 4549 ]],)], 4550 [AC_MSG_RESULT([yes]) 4551 AC_DEFINE([HAVE__RES_EXTERN], [1], 4552 [Define if you have struct __res_state _res as an extern]) 4553 ], 4554 [ AC_MSG_RESULT([no]) ] 4555) 4556 4557# Check whether user wants SELinux support 4558SELINUX_MSG="no" 4559LIBSELINUX="" 4560AC_ARG_WITH([selinux], 4561 [ --with-selinux Enable SELinux support], 4562 [ if test "x$withval" != "xno" ; then 4563 save_LIBS="$LIBS" 4564 AC_DEFINE([WITH_SELINUX], [1], 4565 [Define if you want SELinux support.]) 4566 SELINUX_MSG="yes" 4567 AC_CHECK_HEADER([selinux/selinux.h], , 4568 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4569 AC_CHECK_LIB([selinux], [setexeccon], 4570 [ LIBSELINUX="-lselinux" 4571 LIBS="$LIBS -lselinux" 4572 ], 4573 AC_MSG_ERROR([SELinux support requires libselinux library])) 4574 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4575 LIBS="$save_LIBS $LIBSELINUX" 4576 fi ] 4577) 4578AC_SUBST([SSHDLIBS]) 4579 4580# Check whether user wants Kerberos 5 support 4581KRB5_MSG="no" 4582AC_ARG_WITH([kerberos5], 4583 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4584 [ if test "x$withval" != "xno" ; then 4585 if test "x$withval" = "xyes" ; then 4586 KRB5ROOT="/usr/local" 4587 else 4588 KRB5ROOT=${withval} 4589 fi 4590 4591 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4592 KRB5_MSG="yes" 4593 4594 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4595 [$KRB5ROOT/bin/krb5-config], 4596 [$KRB5ROOT/bin:$PATH]) 4597 if test -x $KRB5CONF ; then 4598 K5CFLAGS="`$KRB5CONF --cflags`" 4599 K5LIBS="`$KRB5CONF --libs`" 4600 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4601 4602 AC_MSG_CHECKING([for gssapi support]) 4603 if $KRB5CONF | grep gssapi >/dev/null ; then 4604 AC_MSG_RESULT([yes]) 4605 AC_DEFINE([GSSAPI], [1], 4606 [Define this if you want GSSAPI 4607 support in the version 2 protocol]) 4608 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4609 GSSLIBS="`$KRB5CONF --libs gssapi`" 4610 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4611 else 4612 AC_MSG_RESULT([no]) 4613 fi 4614 AC_MSG_CHECKING([whether we are using Heimdal]) 4615 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4616 ]], [[ char *tmp = heimdal_version; ]])], 4617 [ AC_MSG_RESULT([yes]) 4618 AC_DEFINE([HEIMDAL], [1], 4619 [Define this if you are using the Heimdal 4620 version of Kerberos V5]) ], 4621 [AC_MSG_RESULT([no]) 4622 ]) 4623 else 4624 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4625 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4626 AC_MSG_CHECKING([whether we are using Heimdal]) 4627 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4628 ]], [[ char *tmp = heimdal_version; ]])], 4629 [ AC_MSG_RESULT([yes]) 4630 AC_DEFINE([HEIMDAL]) 4631 K5LIBS="-lkrb5" 4632 K5LIBS="$K5LIBS -lcom_err -lasn1" 4633 AC_CHECK_LIB([roken], [net_write], 4634 [K5LIBS="$K5LIBS -lroken"]) 4635 AC_CHECK_LIB([des], [des_cbc_encrypt], 4636 [K5LIBS="$K5LIBS -ldes"]) 4637 ], [ AC_MSG_RESULT([no]) 4638 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4639 ]) 4640 AC_SEARCH_LIBS([dn_expand], [resolv]) 4641 4642 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4643 [ AC_DEFINE([GSSAPI]) 4644 GSSLIBS="-lgssapi_krb5" ], 4645 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4646 [ AC_DEFINE([GSSAPI]) 4647 GSSLIBS="-lgssapi" ], 4648 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4649 [ AC_DEFINE([GSSAPI]) 4650 GSSLIBS="-lgss" ], 4651 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4652 ]) 4653 ]) 4654 4655 AC_CHECK_HEADER([gssapi.h], , 4656 [ unset ac_cv_header_gssapi_h 4657 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4658 AC_CHECK_HEADERS([gssapi.h], , 4659 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4660 ) 4661 ] 4662 ) 4663 4664 oldCPP="$CPPFLAGS" 4665 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4666 AC_CHECK_HEADER([gssapi_krb5.h], , 4667 [ CPPFLAGS="$oldCPP" ]) 4668 4669 fi 4670 if test -n "${rpath_opt}" ; then 4671 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4672 fi 4673 if test ! -z "$blibpath" ; then 4674 blibpath="$blibpath:${KRB5ROOT}/lib" 4675 fi 4676 4677 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4678 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4679 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4680 4681 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4682 [Define this if you want to use libkafs' AFS support])]) 4683 4684 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4685#ifdef HAVE_GSSAPI_H 4686# include <gssapi.h> 4687#elif defined(HAVE_GSSAPI_GSSAPI_H) 4688# include <gssapi/gssapi.h> 4689#endif 4690 4691#ifdef HAVE_GSSAPI_GENERIC_H 4692# include <gssapi_generic.h> 4693#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4694# include <gssapi/gssapi_generic.h> 4695#endif 4696 ]]) 4697 saved_LIBS="$LIBS" 4698 LIBS="$LIBS $K5LIBS" 4699 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4700 LIBS="$saved_LIBS" 4701 4702 fi 4703 ] 4704) 4705AC_SUBST([GSSLIBS]) 4706AC_SUBST([K5LIBS]) 4707 4708# Looking for programs, paths and files 4709 4710PRIVSEP_PATH=/var/empty 4711AC_ARG_WITH([privsep-path], 4712 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4713 [ 4714 if test -n "$withval" && test "x$withval" != "xno" && \ 4715 test "x${withval}" != "xyes"; then 4716 PRIVSEP_PATH=$withval 4717 fi 4718 ] 4719) 4720AC_SUBST([PRIVSEP_PATH]) 4721 4722AC_ARG_WITH([xauth], 4723 [ --with-xauth=PATH Specify path to xauth program ], 4724 [ 4725 if test -n "$withval" && test "x$withval" != "xno" && \ 4726 test "x${withval}" != "xyes"; then 4727 xauth_path=$withval 4728 fi 4729 ], 4730 [ 4731 TestPath="$PATH" 4732 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4733 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4734 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4735 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4736 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4737 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4738 xauth_path="/usr/openwin/bin/xauth" 4739 fi 4740 ] 4741) 4742 4743STRIP_OPT=-s 4744AC_ARG_ENABLE([strip], 4745 [ --disable-strip Disable calling strip(1) on install], 4746 [ 4747 if test "x$enableval" = "xno" ; then 4748 STRIP_OPT= 4749 fi 4750 ] 4751) 4752AC_SUBST([STRIP_OPT]) 4753 4754if test -z "$xauth_path" ; then 4755 XAUTH_PATH="undefined" 4756 AC_SUBST([XAUTH_PATH]) 4757else 4758 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4759 [Define if xauth is found in your path]) 4760 XAUTH_PATH=$xauth_path 4761 AC_SUBST([XAUTH_PATH]) 4762fi 4763 4764dnl # --with-maildir=/path/to/mail gets top priority. 4765dnl # if maildir is set in the platform case statement above we use that. 4766dnl # Otherwise we run a program to get the dir from system headers. 4767dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4768dnl # If we find _PATH_MAILDIR we do nothing because that is what 4769dnl # session.c expects anyway. Otherwise we set to the value found 4770dnl # stripping any trailing slash. If for some strage reason our program 4771dnl # does not find what it needs, we default to /var/spool/mail. 4772# Check for mail directory 4773AC_ARG_WITH([maildir], 4774 [ --with-maildir=/path/to/mail Specify your system mail directory], 4775 [ 4776 if test "X$withval" != X && test "x$withval" != xno && \ 4777 test "x${withval}" != xyes; then 4778 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4779 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4780 fi 4781 ],[ 4782 if test "X$maildir" != "X"; then 4783 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4784 else 4785 AC_MSG_CHECKING([Discovering system mail directory]) 4786 AC_RUN_IFELSE( 4787 [AC_LANG_PROGRAM([[ 4788#include <stdio.h> 4789#include <stdlib.h> 4790#include <string.h> 4791#ifdef HAVE_PATHS_H 4792#include <paths.h> 4793#endif 4794#ifdef HAVE_MAILLOCK_H 4795#include <maillock.h> 4796#endif 4797#define DATA "conftest.maildir" 4798 ]], [[ 4799 FILE *fd; 4800 int rc; 4801 4802 fd = fopen(DATA,"w"); 4803 if(fd == NULL) 4804 exit(1); 4805 4806#if defined (_PATH_MAILDIR) 4807 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4808 exit(1); 4809#elif defined (MAILDIR) 4810 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4811 exit(1); 4812#elif defined (_PATH_MAIL) 4813 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4814 exit(1); 4815#else 4816 exit (2); 4817#endif 4818 4819 exit(0); 4820 ]])], 4821 [ 4822 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4823 maildir=`awk -F: '{print $2}' conftest.maildir \ 4824 | sed 's|/$||'` 4825 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4826 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4827 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4828 fi 4829 ], 4830 [ 4831 if test "X$ac_status" = "X2";then 4832# our test program didn't find it. Default to /var/spool/mail 4833 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4834 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4835 else 4836 AC_MSG_RESULT([*** not found ***]) 4837 fi 4838 ], 4839 [ 4840 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4841 ] 4842 ) 4843 fi 4844 ] 4845) # maildir 4846 4847if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4848 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4849 disable_ptmx_check=yes 4850fi 4851if test -z "$no_dev_ptmx" ; then 4852 if test "x$disable_ptmx_check" != "xyes" ; then 4853 AC_CHECK_FILE(["/dev/ptmx"], 4854 [ 4855 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4856 [Define if you have /dev/ptmx]) 4857 have_dev_ptmx=1 4858 ] 4859 ) 4860 fi 4861fi 4862 4863if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4864 AC_CHECK_FILE(["/dev/ptc"], 4865 [ 4866 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4867 [Define if you have /dev/ptc]) 4868 have_dev_ptc=1 4869 ] 4870 ) 4871else 4872 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4873fi 4874 4875# Options from here on. Some of these are preset by platform above 4876AC_ARG_WITH([mantype], 4877 [ --with-mantype=man|cat|doc Set man page type], 4878 [ 4879 case "$withval" in 4880 man|cat|doc) 4881 MANTYPE=$withval 4882 ;; 4883 *) 4884 AC_MSG_ERROR([invalid man type: $withval]) 4885 ;; 4886 esac 4887 ] 4888) 4889if test -z "$MANTYPE"; then 4890 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 4891 MANTYPE=doc 4892 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4893 MANTYPE=doc 4894 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4895 MANTYPE=man 4896 else 4897 MANTYPE=cat 4898 fi 4899fi 4900AC_SUBST([MANTYPE]) 4901if test "$MANTYPE" = "doc"; then 4902 mansubdir=man; 4903else 4904 mansubdir=$MANTYPE; 4905fi 4906AC_SUBST([mansubdir]) 4907 4908# Check whether to enable MD5 passwords 4909MD5_MSG="no" 4910AC_ARG_WITH([md5-passwords], 4911 [ --with-md5-passwords Enable use of MD5 passwords], 4912 [ 4913 if test "x$withval" != "xno" ; then 4914 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4915 [Define if you want to allow MD5 passwords]) 4916 MD5_MSG="yes" 4917 fi 4918 ] 4919) 4920 4921# Whether to disable shadow password support 4922AC_ARG_WITH([shadow], 4923 [ --without-shadow Disable shadow password support], 4924 [ 4925 if test "x$withval" = "xno" ; then 4926 AC_DEFINE([DISABLE_SHADOW]) 4927 disable_shadow=yes 4928 fi 4929 ] 4930) 4931 4932if test -z "$disable_shadow" ; then 4933 AC_MSG_CHECKING([if the systems has expire shadow information]) 4934 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4935#include <sys/types.h> 4936#include <shadow.h> 4937struct spwd sp; 4938 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4939 [ sp_expire_available=yes ], [ 4940 ]) 4941 4942 if test "x$sp_expire_available" = "xyes" ; then 4943 AC_MSG_RESULT([yes]) 4944 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4945 [Define if you want to use shadow password expire field]) 4946 else 4947 AC_MSG_RESULT([no]) 4948 fi 4949fi 4950 4951# Use ip address instead of hostname in $DISPLAY 4952if test ! -z "$IPADDR_IN_DISPLAY" ; then 4953 DISPLAY_HACK_MSG="yes" 4954 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4955 [Define if you need to use IP address 4956 instead of hostname in $DISPLAY]) 4957else 4958 DISPLAY_HACK_MSG="no" 4959 AC_ARG_WITH([ipaddr-display], 4960 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 4961 [ 4962 if test "x$withval" != "xno" ; then 4963 AC_DEFINE([IPADDR_IN_DISPLAY]) 4964 DISPLAY_HACK_MSG="yes" 4965 fi 4966 ] 4967 ) 4968fi 4969 4970# check for /etc/default/login and use it if present. 4971AC_ARG_ENABLE([etc-default-login], 4972 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4973 [ if test "x$enableval" = "xno"; then 4974 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4975 etc_default_login=no 4976 else 4977 etc_default_login=yes 4978 fi ], 4979 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4980 then 4981 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4982 etc_default_login=no 4983 else 4984 etc_default_login=yes 4985 fi ] 4986) 4987 4988if test "x$etc_default_login" != "xno"; then 4989 AC_CHECK_FILE(["/etc/default/login"], 4990 [ external_path_file=/etc/default/login ]) 4991 if test "x$external_path_file" = "x/etc/default/login"; then 4992 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4993 [Define if your system has /etc/default/login]) 4994 fi 4995fi 4996 4997dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4998if test $ac_cv_func_login_getcapbool = "yes" && \ 4999 test $ac_cv_header_login_cap_h = "yes" ; then 5000 external_path_file=/etc/login.conf 5001fi 5002 5003# Whether to mess with the default path 5004SERVER_PATH_MSG="(default)" 5005AC_ARG_WITH([default-path], 5006 [ --with-default-path= Specify default $PATH environment for server], 5007 [ 5008 if test "x$external_path_file" = "x/etc/login.conf" ; then 5009 AC_MSG_WARN([ 5010--with-default-path=PATH has no effect on this system. 5011Edit /etc/login.conf instead.]) 5012 elif test "x$withval" != "xno" ; then 5013 if test ! -z "$external_path_file" ; then 5014 AC_MSG_WARN([ 5015--with-default-path=PATH will only be used if PATH is not defined in 5016$external_path_file .]) 5017 fi 5018 user_path="$withval" 5019 SERVER_PATH_MSG="$withval" 5020 fi 5021 ], 5022 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 5023 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 5024 else 5025 if test ! -z "$external_path_file" ; then 5026 AC_MSG_WARN([ 5027If PATH is defined in $external_path_file, ensure the path to scp is included, 5028otherwise scp will not work.]) 5029 fi 5030 AC_RUN_IFELSE( 5031 [AC_LANG_PROGRAM([[ 5032/* find out what STDPATH is */ 5033#include <stdio.h> 5034#include <stdlib.h> 5035#ifdef HAVE_PATHS_H 5036# include <paths.h> 5037#endif 5038#ifndef _PATH_STDPATH 5039# ifdef _PATH_USERPATH /* Irix */ 5040# define _PATH_STDPATH _PATH_USERPATH 5041# else 5042# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 5043# endif 5044#endif 5045#include <sys/types.h> 5046#include <sys/stat.h> 5047#include <fcntl.h> 5048#define DATA "conftest.stdpath" 5049 ]], [[ 5050 FILE *fd; 5051 int rc; 5052 5053 fd = fopen(DATA,"w"); 5054 if(fd == NULL) 5055 exit(1); 5056 5057 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5058 exit(1); 5059 5060 exit(0); 5061 ]])], 5062 [ user_path=`cat conftest.stdpath` ], 5063 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5064 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5065 ) 5066# make sure $bindir is in USER_PATH so scp will work 5067 t_bindir="${bindir}" 5068 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5069 t_bindir=`eval echo ${t_bindir}` 5070 case $t_bindir in 5071 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5072 esac 5073 case $t_bindir in 5074 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5075 esac 5076 done 5077 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5078 if test $? -ne 0 ; then 5079 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5080 if test $? -ne 0 ; then 5081 user_path=$user_path:$t_bindir 5082 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5083 fi 5084 fi 5085 fi ] 5086) 5087if test "x$external_path_file" != "x/etc/login.conf" ; then 5088 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5089 AC_SUBST([user_path]) 5090fi 5091 5092# Set superuser path separately to user path 5093AC_ARG_WITH([superuser-path], 5094 [ --with-superuser-path= Specify different path for super-user], 5095 [ 5096 if test -n "$withval" && test "x$withval" != "xno" && \ 5097 test "x${withval}" != "xyes"; then 5098 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5099 [Define if you want a different $PATH 5100 for the superuser]) 5101 superuser_path=$withval 5102 fi 5103 ] 5104) 5105 5106 5107AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5108IPV4_IN6_HACK_MSG="no" 5109AC_ARG_WITH(4in6, 5110 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5111 [ 5112 if test "x$withval" != "xno" ; then 5113 AC_MSG_RESULT([yes]) 5114 AC_DEFINE([IPV4_IN_IPV6], [1], 5115 [Detect IPv4 in IPv6 mapped addresses 5116 and treat as IPv4]) 5117 IPV4_IN6_HACK_MSG="yes" 5118 else 5119 AC_MSG_RESULT([no]) 5120 fi 5121 ], [ 5122 if test "x$inet6_default_4in6" = "xyes"; then 5123 AC_MSG_RESULT([yes (default)]) 5124 AC_DEFINE([IPV4_IN_IPV6]) 5125 IPV4_IN6_HACK_MSG="yes" 5126 else 5127 AC_MSG_RESULT([no (default)]) 5128 fi 5129 ] 5130) 5131 5132# Whether to enable BSD auth support 5133BSD_AUTH_MSG=no 5134AC_ARG_WITH([bsd-auth], 5135 [ --with-bsd-auth Enable BSD auth support], 5136 [ 5137 if test "x$withval" != "xno" ; then 5138 AC_DEFINE([BSD_AUTH], [1], 5139 [Define if you have BSD auth support]) 5140 BSD_AUTH_MSG=yes 5141 fi 5142 ] 5143) 5144 5145# Where to place sshd.pid 5146piddir=/var/run 5147# make sure the directory exists 5148if test ! -d $piddir ; then 5149 piddir=`eval echo ${sysconfdir}` 5150 case $piddir in 5151 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5152 esac 5153fi 5154 5155AC_ARG_WITH([pid-dir], 5156 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5157 [ 5158 if test -n "$withval" && test "x$withval" != "xno" && \ 5159 test "x${withval}" != "xyes"; then 5160 piddir=$withval 5161 if test ! -d $piddir ; then 5162 AC_MSG_WARN([** no $piddir directory on this system **]) 5163 fi 5164 fi 5165 ] 5166) 5167 5168AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5169 [Specify location of ssh.pid]) 5170AC_SUBST([piddir]) 5171 5172dnl allow user to disable some login recording features 5173AC_ARG_ENABLE([lastlog], 5174 [ --disable-lastlog disable use of lastlog even if detected [no]], 5175 [ 5176 if test "x$enableval" = "xno" ; then 5177 AC_DEFINE([DISABLE_LASTLOG]) 5178 fi 5179 ] 5180) 5181AC_ARG_ENABLE([utmp], 5182 [ --disable-utmp disable use of utmp even if detected [no]], 5183 [ 5184 if test "x$enableval" = "xno" ; then 5185 AC_DEFINE([DISABLE_UTMP]) 5186 fi 5187 ] 5188) 5189AC_ARG_ENABLE([utmpx], 5190 [ --disable-utmpx disable use of utmpx even if detected [no]], 5191 [ 5192 if test "x$enableval" = "xno" ; then 5193 AC_DEFINE([DISABLE_UTMPX], [1], 5194 [Define if you don't want to use utmpx]) 5195 fi 5196 ] 5197) 5198AC_ARG_ENABLE([wtmp], 5199 [ --disable-wtmp disable use of wtmp even if detected [no]], 5200 [ 5201 if test "x$enableval" = "xno" ; then 5202 AC_DEFINE([DISABLE_WTMP]) 5203 fi 5204 ] 5205) 5206AC_ARG_ENABLE([wtmpx], 5207 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5208 [ 5209 if test "x$enableval" = "xno" ; then 5210 AC_DEFINE([DISABLE_WTMPX], [1], 5211 [Define if you don't want to use wtmpx]) 5212 fi 5213 ] 5214) 5215AC_ARG_ENABLE([libutil], 5216 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5217 [ 5218 if test "x$enableval" = "xno" ; then 5219 AC_DEFINE([DISABLE_LOGIN]) 5220 fi 5221 ] 5222) 5223AC_ARG_ENABLE([pututline], 5224 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5225 [ 5226 if test "x$enableval" = "xno" ; then 5227 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5228 [Define if you don't want to use pututline() 5229 etc. to write [uw]tmp]) 5230 fi 5231 ] 5232) 5233AC_ARG_ENABLE([pututxline], 5234 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5235 [ 5236 if test "x$enableval" = "xno" ; then 5237 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5238 [Define if you don't want to use pututxline() 5239 etc. to write [uw]tmpx]) 5240 fi 5241 ] 5242) 5243AC_ARG_WITH([lastlog], 5244 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5245 [ 5246 if test "x$withval" = "xno" ; then 5247 AC_DEFINE([DISABLE_LASTLOG]) 5248 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5249 conf_lastlog_location=$withval 5250 fi 5251 ] 5252) 5253 5254dnl lastlog, [uw]tmpx? detection 5255dnl NOTE: set the paths in the platform section to avoid the 5256dnl need for command-line parameters 5257dnl lastlog and [uw]tmp are subject to a file search if all else fails 5258 5259dnl lastlog detection 5260dnl NOTE: the code itself will detect if lastlog is a directory 5261AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5262AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5263#include <sys/types.h> 5264#include <utmp.h> 5265#ifdef HAVE_LASTLOG_H 5266# include <lastlog.h> 5267#endif 5268#ifdef HAVE_PATHS_H 5269# include <paths.h> 5270#endif 5271#ifdef HAVE_LOGIN_H 5272# include <login.h> 5273#endif 5274 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5275 [ AC_MSG_RESULT([yes]) ], 5276 [ 5277 AC_MSG_RESULT([no]) 5278 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5279 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5280#include <sys/types.h> 5281#include <utmp.h> 5282#ifdef HAVE_LASTLOG_H 5283# include <lastlog.h> 5284#endif 5285#ifdef HAVE_PATHS_H 5286# include <paths.h> 5287#endif 5288 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5289 [ AC_MSG_RESULT([yes]) ], 5290 [ 5291 AC_MSG_RESULT([no]) 5292 system_lastlog_path=no 5293 ]) 5294]) 5295 5296if test -z "$conf_lastlog_location"; then 5297 if test x"$system_lastlog_path" = x"no" ; then 5298 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5299 if (test -d "$f" || test -f "$f") ; then 5300 conf_lastlog_location=$f 5301 fi 5302 done 5303 if test -z "$conf_lastlog_location"; then 5304 AC_MSG_WARN([** Cannot find lastlog **]) 5305 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5306 fi 5307 fi 5308fi 5309 5310if test -n "$conf_lastlog_location"; then 5311 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5312 [Define if you want to specify the path to your lastlog file]) 5313fi 5314 5315dnl utmp detection 5316AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5317AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5318#include <sys/types.h> 5319#include <utmp.h> 5320#ifdef HAVE_PATHS_H 5321# include <paths.h> 5322#endif 5323 ]], [[ char *utmp = UTMP_FILE; ]])], 5324 [ AC_MSG_RESULT([yes]) ], 5325 [ AC_MSG_RESULT([no]) 5326 system_utmp_path=no 5327]) 5328if test -z "$conf_utmp_location"; then 5329 if test x"$system_utmp_path" = x"no" ; then 5330 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5331 if test -f $f ; then 5332 conf_utmp_location=$f 5333 fi 5334 done 5335 if test -z "$conf_utmp_location"; then 5336 AC_DEFINE([DISABLE_UTMP]) 5337 fi 5338 fi 5339fi 5340if test -n "$conf_utmp_location"; then 5341 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5342 [Define if you want to specify the path to your utmp file]) 5343fi 5344 5345dnl wtmp detection 5346AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5347AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5348#include <sys/types.h> 5349#include <utmp.h> 5350#ifdef HAVE_PATHS_H 5351# include <paths.h> 5352#endif 5353 ]], [[ char *wtmp = WTMP_FILE; ]])], 5354 [ AC_MSG_RESULT([yes]) ], 5355 [ AC_MSG_RESULT([no]) 5356 system_wtmp_path=no 5357]) 5358if test -z "$conf_wtmp_location"; then 5359 if test x"$system_wtmp_path" = x"no" ; then 5360 for f in /usr/adm/wtmp /var/log/wtmp; do 5361 if test -f $f ; then 5362 conf_wtmp_location=$f 5363 fi 5364 done 5365 if test -z "$conf_wtmp_location"; then 5366 AC_DEFINE([DISABLE_WTMP]) 5367 fi 5368 fi 5369fi 5370if test -n "$conf_wtmp_location"; then 5371 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5372 [Define if you want to specify the path to your wtmp file]) 5373fi 5374 5375dnl wtmpx detection 5376AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5377AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5378#include <sys/types.h> 5379#include <utmp.h> 5380#ifdef HAVE_UTMPX_H 5381#include <utmpx.h> 5382#endif 5383#ifdef HAVE_PATHS_H 5384# include <paths.h> 5385#endif 5386 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5387 [ AC_MSG_RESULT([yes]) ], 5388 [ AC_MSG_RESULT([no]) 5389 system_wtmpx_path=no 5390]) 5391if test -z "$conf_wtmpx_location"; then 5392 if test x"$system_wtmpx_path" = x"no" ; then 5393 AC_DEFINE([DISABLE_WTMPX]) 5394 fi 5395else 5396 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5397 [Define if you want to specify the path to your wtmpx file]) 5398fi 5399 5400 5401if test ! -z "$blibpath" ; then 5402 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5403 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5404fi 5405 5406AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5407 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5408 AC_DEFINE([DISABLE_LASTLOG]) 5409 fi 5410 ], [ 5411#ifdef HAVE_SYS_TYPES_H 5412#include <sys/types.h> 5413#endif 5414#ifdef HAVE_UTMP_H 5415#include <utmp.h> 5416#endif 5417#ifdef HAVE_UTMPX_H 5418#include <utmpx.h> 5419#endif 5420#ifdef HAVE_LASTLOG_H 5421#include <lastlog.h> 5422#endif 5423 ]) 5424 5425AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5426 AC_DEFINE([DISABLE_UTMP]) 5427 AC_DEFINE([DISABLE_WTMP]) 5428 ], [ 5429#ifdef HAVE_SYS_TYPES_H 5430#include <sys/types.h> 5431#endif 5432#ifdef HAVE_UTMP_H 5433#include <utmp.h> 5434#endif 5435#ifdef HAVE_UTMPX_H 5436#include <utmpx.h> 5437#endif 5438#ifdef HAVE_LASTLOG_H 5439#include <lastlog.h> 5440#endif 5441 ]) 5442 5443dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5444dnl Add now. 5445CFLAGS="$CFLAGS $werror_flags" 5446 5447if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5448 TEST_SSH_IPV6=no 5449else 5450 TEST_SSH_IPV6=yes 5451fi 5452AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5453AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5454AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5455AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5456AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5457AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5458 5459CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5460LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5461 5462# Make a copy of CFLAGS/LDFLAGS without PIE options. 5463LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5464CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5465AC_SUBST([LDFLAGS_NOPIE]) 5466AC_SUBST([CFLAGS_NOPIE]) 5467 5468AC_EXEEXT 5469AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5470 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5471 survey.sh]) 5472AC_OUTPUT 5473 5474# Print summary of options 5475 5476# Someone please show me a better way :) 5477A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5478B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5479C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5480D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5481E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5482F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5483G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5484H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5485I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5486J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5487 5488echo "" 5489echo "OpenSSH has been configured with the following options:" 5490echo " User binaries: $B" 5491echo " System binaries: $C" 5492echo " Configuration files: $D" 5493echo " Askpass program: $E" 5494echo " Manual pages: $F" 5495echo " PID file: $G" 5496echo " Privilege separation chroot path: $H" 5497if test "x$external_path_file" = "x/etc/login.conf" ; then 5498echo " At runtime, sshd will use the path defined in $external_path_file" 5499echo " Make sure the path to scp is present, otherwise scp will not work" 5500else 5501echo " sshd default user PATH: $I" 5502 if test ! -z "$external_path_file"; then 5503echo " (If PATH is set in $external_path_file it will be used instead. If" 5504echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5505 fi 5506fi 5507if test ! -z "$superuser_path" ; then 5508echo " sshd superuser user PATH: $J" 5509fi 5510echo " Manpage format: $MANTYPE" 5511echo " PAM support: $PAM_MSG" 5512echo " OSF SIA support: $SIA_MSG" 5513echo " KerberosV support: $KRB5_MSG" 5514echo " SELinux support: $SELINUX_MSG" 5515echo " MD5 password support: $MD5_MSG" 5516echo " libedit support: $LIBEDIT_MSG" 5517echo " libldns support: $LDNS_MSG" 5518echo " Solaris process contract support: $SPC_MSG" 5519echo " Solaris project support: $SP_MSG" 5520echo " Solaris privilege support: $SPP_MSG" 5521echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5522echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5523echo " BSD Auth support: $BSD_AUTH_MSG" 5524echo " Random number source: $RAND_MSG" 5525echo " Privsep sandbox style: $SANDBOX_STYLE" 5526echo " PKCS#11 support: $enable_pkcs11" 5527echo " U2F/FIDO support: $enable_sk" 5528 5529echo "" 5530 5531echo " Host: ${host}" 5532echo " Compiler: ${CC}" 5533echo " Compiler flags: ${CFLAGS}" 5534echo "Preprocessor flags: ${CPPFLAGS}" 5535echo " Linker flags: ${LDFLAGS}" 5536echo " Libraries: ${LIBS}" 5537if test ! -z "${SSHDLIBS}"; then 5538echo " +for sshd: ${SSHDLIBS}" 5539fi 5540 5541echo "" 5542 5543if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5544 echo "SVR4 style packages are supported with \"make package\"" 5545 echo "" 5546fi 5547 5548if test "x$PAM_MSG" = "xyes" ; then 5549 echo "PAM is enabled. You may need to install a PAM control file " 5550 echo "for sshd, otherwise password authentication may fail. " 5551 echo "Example PAM control files can be found in the contrib/ " 5552 echo "subdirectory" 5553 echo "" 5554fi 5555 5556if test ! -z "$NO_PEERCHECK" ; then 5557 echo "WARNING: the operating system that you are using does not" 5558 echo "appear to support getpeereid(), getpeerucred() or the" 5559 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5560 echo "enforce security checks to prevent unauthorised connections to" 5561 echo "ssh-agent. Their absence increases the risk that a malicious" 5562 echo "user can connect to your agent." 5563 echo "" 5564fi 5565 5566if test "$AUDIT_MODULE" = "bsm" ; then 5567 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5568 echo "See the Solaris section in README.platform for details." 5569fi 5570