1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_CONFIG_SRCDIR([ssh.c]) 18AC_LANG([C]) 19 20AC_CONFIG_HEADER([config.h]) 21AC_PROG_CC([cc gcc]) 22AC_CANONICAL_HOST 23AC_C_BIGENDIAN 24 25# Checks for programs. 26AC_PROG_AWK 27AC_PROG_CPP 28AC_PROG_RANLIB 29AC_PROG_INSTALL 30AC_PROG_EGREP 31AC_PROG_MKDIR_P 32AC_CHECK_TOOLS([AR], [ar]) 33AC_PATH_PROG([CAT], [cat]) 34AC_PATH_PROG([KILL], [kill]) 35AC_PATH_PROG([SED], [sed]) 36AC_PATH_PROG([ENT], [ent]) 37AC_SUBST([ENT]) 38AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 39AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 40AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 41AC_PATH_PROG([SH], [sh]) 42AC_PATH_PROG([GROFF], [groff]) 43AC_PATH_PROG([NROFF], [nroff awf]) 44AC_PATH_PROG([MANDOC], [mandoc]) 45AC_SUBST([TEST_SHELL], [sh]) 46 47dnl select manpage formatter to be used to build "cat" format pages. 48if test "x$MANDOC" != "x" ; then 49 MANFMT="$MANDOC" 50elif test "x$NROFF" != "x" ; then 51 MANFMT="$NROFF -mandoc" 52elif test "x$GROFF" != "x" ; then 53 MANFMT="$GROFF -mandoc -Tascii" 54else 55 AC_MSG_WARN([no manpage formatter found]) 56 MANFMT="false" 57fi 58AC_SUBST([MANFMT]) 59 60dnl for buildpkg.sh 61AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 62 [/usr/sbin${PATH_SEPARATOR}/etc]) 63AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 64 [/usr/sbin${PATH_SEPARATOR}/etc]) 65AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 66if test -x /sbin/sh; then 67 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 68else 69 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 70fi 71 72# System features 73AC_SYS_LARGEFILE 74 75if test -z "$AR" ; then 76 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 77fi 78 79AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 80if test ! -z "$PATH_PASSWD_PROG" ; then 81 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 82 [Full path of your "passwd" program]) 83fi 84 85dnl Since autoconf doesn't support it very well, we no longer allow users to 86dnl override LD, however keeping the hook here for now in case there's a use 87dnl use case we overlooked and someone needs to re-enable it. Unless a good 88dnl reason is found we'll be removing this in future. 89LD="$CC" 90AC_SUBST([LD]) 91 92AC_C_INLINE 93 94AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 95AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 96AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 97 #include <sys/types.h> 98 #include <sys/param.h> 99 #include <dev/systrace.h> 100]) 101AC_CHECK_DECL([RLIMIT_NPROC], 102 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 103 #include <sys/types.h> 104 #include <sys/resource.h> 105]) 106AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 107 #include <sys/types.h> 108 #include <linux/prctl.h> 109]) 110 111openssl=yes 112AC_ARG_WITH([openssl], 113 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 114 [ if test "x$withval" = "xno" ; then 115 openssl=no 116 fi 117 ] 118) 119AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 120if test "x$openssl" = "xyes" ; then 121 AC_MSG_RESULT([yes]) 122 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 123else 124 AC_MSG_RESULT([no]) 125fi 126 127use_stack_protector=1 128use_toolchain_hardening=1 129AC_ARG_WITH([stackprotect], 130 [ --without-stackprotect Don't use compiler's stack protection], [ 131 if test "x$withval" = "xno"; then 132 use_stack_protector=0 133 fi ]) 134AC_ARG_WITH([hardening], 135 [ --without-hardening Don't use toolchain hardening flags], [ 136 if test "x$withval" = "xno"; then 137 use_toolchain_hardening=0 138 fi ]) 139 140# We use -Werror for the tests only so that we catch warnings like "this is 141# on by default" for things like -fPIE. 142AC_MSG_CHECKING([if $CC supports -Werror]) 143saved_CFLAGS="$CFLAGS" 144CFLAGS="$CFLAGS -Werror" 145AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 146 [ AC_MSG_RESULT([yes]) 147 WERROR="-Werror"], 148 [ AC_MSG_RESULT([no]) 149 WERROR="" ] 150) 151CFLAGS="$saved_CFLAGS" 152 153if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 154 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 155 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 156 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 157 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 158 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 159 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 160 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 161 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 162 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 163 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 164 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 165 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 166 OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter]) 167 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 168 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 169 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 170 if test "x$use_toolchain_hardening" = "x1"; then 171 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 172 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 173 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 174 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 175 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 176 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 177 # NB. -ftrapv expects certain support functions to be present in 178 # the compiler library (libgcc or similar) to detect integer operations 179 # that can overflow. We must check that the result of enabling it 180 # actually links. The test program compiled/linked includes a number 181 # of integer operations that should exercise this. 182 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 183 fi 184 AC_MSG_CHECKING([gcc version]) 185 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 186 case $GCC_VER in 187 1.*) no_attrib_nonnull=1 ;; 188 2.8* | 2.9*) 189 no_attrib_nonnull=1 190 ;; 191 2.*) no_attrib_nonnull=1 ;; 192 *) ;; 193 esac 194 AC_MSG_RESULT([$GCC_VER]) 195 196 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 197 saved_CFLAGS="$CFLAGS" 198 CFLAGS="$CFLAGS -fno-builtin-memset" 199 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 200 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 201 [ AC_MSG_RESULT([yes]) ], 202 [ AC_MSG_RESULT([no]) 203 CFLAGS="$saved_CFLAGS" ] 204 ) 205 206 # -fstack-protector-all doesn't always work for some GCC versions 207 # and/or platforms, so we test if we can. If it's not supported 208 # on a given platform gcc will emit a warning so we use -Werror. 209 if test "x$use_stack_protector" = "x1"; then 210 for t in -fstack-protector-strong -fstack-protector-all \ 211 -fstack-protector; do 212 AC_MSG_CHECKING([if $CC supports $t]) 213 saved_CFLAGS="$CFLAGS" 214 saved_LDFLAGS="$LDFLAGS" 215 CFLAGS="$CFLAGS $t -Werror" 216 LDFLAGS="$LDFLAGS $t -Werror" 217 AC_LINK_IFELSE( 218 [AC_LANG_PROGRAM([[ 219 #include <stdio.h> 220 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 221 ]], 222 [[ 223 char x[256]; 224 snprintf(x, sizeof(x), "XXX%d", func(1)); 225 ]])], 226 [ AC_MSG_RESULT([yes]) 227 CFLAGS="$saved_CFLAGS $t" 228 LDFLAGS="$saved_LDFLAGS $t" 229 AC_MSG_CHECKING([if $t works]) 230 AC_RUN_IFELSE( 231 [AC_LANG_PROGRAM([[ 232 #include <stdio.h> 233 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 234 ]], 235 [[ 236 char x[256]; 237 snprintf(x, sizeof(x), "XXX%d", func(1)); 238 ]])], 239 [ AC_MSG_RESULT([yes]) 240 break ], 241 [ AC_MSG_RESULT([no]) ], 242 [ AC_MSG_WARN([cross compiling: cannot test]) 243 break ] 244 ) 245 ], 246 [ AC_MSG_RESULT([no]) ] 247 ) 248 CFLAGS="$saved_CFLAGS" 249 LDFLAGS="$saved_LDFLAGS" 250 done 251 fi 252 253 if test -z "$have_llong_max"; then 254 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 255 unset ac_cv_have_decl_LLONG_MAX 256 saved_CFLAGS="$CFLAGS" 257 CFLAGS="$CFLAGS -std=gnu99" 258 AC_CHECK_DECL([LLONG_MAX], 259 [have_llong_max=1], 260 [CFLAGS="$saved_CFLAGS"], 261 [#include <limits.h>] 262 ) 263 fi 264fi 265 266AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 267AC_COMPILE_IFELSE( 268 [AC_LANG_PROGRAM([[ 269#include <stdlib.h> 270__attribute__((__unused__)) static void foo(void){return;}]], 271 [[ exit(0); ]])], 272 [ AC_MSG_RESULT([yes]) ], 273 [ AC_MSG_RESULT([no]) 274 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 275 [compiler does not accept __attribute__ on return types]) ] 276) 277 278AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 279AC_COMPILE_IFELSE( 280 [AC_LANG_PROGRAM([[ 281#include <stdlib.h> 282typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 283 [[ exit(0); ]])], 284 [ AC_MSG_RESULT([yes]) ], 285 [ AC_MSG_RESULT([no]) 286 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 287 [compiler does not accept __attribute__ on prototype args]) ] 288) 289 290if test "x$no_attrib_nonnull" != "x1" ; then 291 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 292fi 293 294AC_ARG_WITH([rpath], 295 [ --without-rpath Disable auto-added -R linker paths], 296 [ 297 if test "x$withval" = "xno" ; then 298 rpath_opt="" 299 elif test "x$withval" = "xyes" ; then 300 rpath_opt="-R" 301 else 302 rpath_opt="$withval" 303 fi 304 ] 305) 306 307# Allow user to specify flags 308AC_ARG_WITH([cflags], 309 [ --with-cflags Specify additional flags to pass to compiler], 310 [ 311 if test -n "$withval" && test "x$withval" != "xno" && \ 312 test "x${withval}" != "xyes"; then 313 CFLAGS="$CFLAGS $withval" 314 fi 315 ] 316) 317 318AC_ARG_WITH([cflags-after], 319 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 320 [ 321 if test -n "$withval" && test "x$withval" != "xno" && \ 322 test "x${withval}" != "xyes"; then 323 CFLAGS_AFTER="$withval" 324 fi 325 ] 326) 327AC_ARG_WITH([cppflags], 328 [ --with-cppflags Specify additional flags to pass to preprocessor] , 329 [ 330 if test -n "$withval" && test "x$withval" != "xno" && \ 331 test "x${withval}" != "xyes"; then 332 CPPFLAGS="$CPPFLAGS $withval" 333 fi 334 ] 335) 336AC_ARG_WITH([ldflags], 337 [ --with-ldflags Specify additional flags to pass to linker], 338 [ 339 if test -n "$withval" && test "x$withval" != "xno" && \ 340 test "x${withval}" != "xyes"; then 341 LDFLAGS="$LDFLAGS $withval" 342 fi 343 ] 344) 345AC_ARG_WITH([ldflags-after], 346 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 347 [ 348 if test -n "$withval" && test "x$withval" != "xno" && \ 349 test "x${withval}" != "xyes"; then 350 LDFLAGS_AFTER="$withval" 351 fi 352 ] 353) 354AC_ARG_WITH([libs], 355 [ --with-libs Specify additional libraries to link with], 356 [ 357 if test -n "$withval" && test "x$withval" != "xno" && \ 358 test "x${withval}" != "xyes"; then 359 LIBS="$LIBS $withval" 360 fi 361 ] 362) 363AC_ARG_WITH([Werror], 364 [ --with-Werror Build main code with -Werror], 365 [ 366 if test -n "$withval" && test "x$withval" != "xno"; then 367 werror_flags="-Werror" 368 if test "x${withval}" != "xyes"; then 369 werror_flags="$withval" 370 fi 371 fi 372 ] 373) 374 375AC_CHECK_HEADERS([ \ 376 blf.h \ 377 bstring.h \ 378 crypt.h \ 379 crypto/sha2.h \ 380 dirent.h \ 381 endian.h \ 382 elf.h \ 383 err.h \ 384 features.h \ 385 fcntl.h \ 386 floatingpoint.h \ 387 fnmatch.h \ 388 getopt.h \ 389 glob.h \ 390 ia.h \ 391 iaf.h \ 392 ifaddrs.h \ 393 inttypes.h \ 394 langinfo.h \ 395 limits.h \ 396 locale.h \ 397 login.h \ 398 maillock.h \ 399 ndir.h \ 400 net/if_tun.h \ 401 netdb.h \ 402 netgroup.h \ 403 pam/pam_appl.h \ 404 paths.h \ 405 poll.h \ 406 pty.h \ 407 readpassphrase.h \ 408 rpc/types.h \ 409 security/pam_appl.h \ 410 sha2.h \ 411 shadow.h \ 412 stddef.h \ 413 stdint.h \ 414 string.h \ 415 strings.h \ 416 sys/bitypes.h \ 417 sys/byteorder.h \ 418 sys/bsdtty.h \ 419 sys/cdefs.h \ 420 sys/dir.h \ 421 sys/file.h \ 422 sys/mman.h \ 423 sys/label.h \ 424 sys/ndir.h \ 425 sys/poll.h \ 426 sys/prctl.h \ 427 sys/pstat.h \ 428 sys/ptrace.h \ 429 sys/random.h \ 430 sys/select.h \ 431 sys/stat.h \ 432 sys/stream.h \ 433 sys/stropts.h \ 434 sys/strtio.h \ 435 sys/statvfs.h \ 436 sys/sysmacros.h \ 437 sys/time.h \ 438 sys/timers.h \ 439 sys/vfs.h \ 440 time.h \ 441 tmpdir.h \ 442 ttyent.h \ 443 ucred.h \ 444 unistd.h \ 445 usersec.h \ 446 util.h \ 447 utime.h \ 448 utmp.h \ 449 utmpx.h \ 450 vis.h \ 451 wchar.h \ 452]) 453 454# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 455# to be included first. 456AC_CHECK_HEADERS([sys/audit.h], [], [], [ 457#ifdef HAVE_SYS_TIME_H 458# include <sys/time.h> 459#endif 460#ifdef HAVE_SYS_TYPES_H 461# include <sys/types.h> 462#endif 463#ifdef HAVE_SYS_LABEL_H 464# include <sys/label.h> 465#endif 466]) 467 468# sys/capsicum.h requires sys/types.h 469AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ 470#ifdef HAVE_SYS_TYPES_H 471# include <sys/types.h> 472#endif 473]) 474 475# net/route.h requires sys/socket.h and sys/types.h. 476# sys/sysctl.h also requires sys/param.h 477AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 478#ifdef HAVE_SYS_TYPES_H 479# include <sys/types.h> 480#endif 481#include <sys/param.h> 482#include <sys/socket.h> 483]) 484 485# lastlog.h requires sys/time.h to be included first on Solaris 486AC_CHECK_HEADERS([lastlog.h], [], [], [ 487#ifdef HAVE_SYS_TIME_H 488# include <sys/time.h> 489#endif 490]) 491 492# sys/ptms.h requires sys/stream.h to be included first on Solaris 493AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 494#ifdef HAVE_SYS_STREAM_H 495# include <sys/stream.h> 496#endif 497]) 498 499# login_cap.h requires sys/types.h on NetBSD 500AC_CHECK_HEADERS([login_cap.h], [], [], [ 501#include <sys/types.h> 502]) 503 504# older BSDs need sys/param.h before sys/mount.h 505AC_CHECK_HEADERS([sys/mount.h], [], [], [ 506#include <sys/param.h> 507]) 508 509# Android requires sys/socket.h to be included before sys/un.h 510AC_CHECK_HEADERS([sys/un.h], [], [], [ 511#include <sys/types.h> 512#include <sys/socket.h> 513]) 514 515# Messages for features tested for in target-specific section 516SIA_MSG="no" 517SPC_MSG="no" 518SP_MSG="no" 519SPP_MSG="no" 520 521# Support for Solaris/Illumos privileges (this test is used by both 522# the --with-solaris-privs option and --with-sandbox=solaris). 523SOLARIS_PRIVS="no" 524 525AC_CHECK_SIZEOF([size_t]) 526 527# Check for some target-specific stuff 528case "$host" in 529*-*-aix*) 530 # Some versions of VAC won't allow macro redefinitions at 531 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 532 # particularly with older versions of vac or xlc. 533 # It also throws errors about null macro arguments, but these are 534 # not fatal. 535 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 536 AC_COMPILE_IFELSE( 537 [AC_LANG_PROGRAM([[ 538#define testmacro foo 539#define testmacro bar]], 540 [[ exit(0); ]])], 541 [ AC_MSG_RESULT([yes]) ], 542 [ AC_MSG_RESULT([no]) 543 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 544 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 545 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 546 ] 547 ) 548 549 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 550 if (test -z "$blibpath"); then 551 blibpath="/usr/lib:/lib" 552 fi 553 saved_LDFLAGS="$LDFLAGS" 554 if test "$GCC" = "yes"; then 555 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 556 else 557 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 558 fi 559 for tryflags in $flags ;do 560 if (test -z "$blibflags"); then 561 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 562 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 563 [blibflags=$tryflags], []) 564 fi 565 done 566 if (test -z "$blibflags"); then 567 AC_MSG_RESULT([not found]) 568 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 569 else 570 AC_MSG_RESULT([$blibflags]) 571 fi 572 LDFLAGS="$saved_LDFLAGS" 573 dnl Check for authenticate. Might be in libs.a on older AIXes 574 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 575 [Define if you want to enable AIX4's authenticate function])], 576 [AC_CHECK_LIB([s], [authenticate], 577 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 578 LIBS="$LIBS -ls" 579 ]) 580 ]) 581 dnl Check for various auth function declarations in headers. 582 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 583 passwdexpired, setauthdb], , , [#include <usersec.h>]) 584 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 585 AC_CHECK_DECLS([loginfailed], 586 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 587 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 588 [[ (void)loginfailed("user","host","tty",0); ]])], 589 [AC_MSG_RESULT([yes]) 590 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 591 [Define if your AIX loginfailed() function 592 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 593 ])], 594 [], 595 [#include <usersec.h>] 596 ) 597 AC_CHECK_FUNCS([getgrset setauthdb]) 598 AC_CHECK_DECL([F_CLOSEM], 599 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 600 [], 601 [ #include <limits.h> 602 #include <fcntl.h> ] 603 ) 604 check_for_aix_broken_getaddrinfo=1 605 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 606 [Define if your platform breaks doing a seteuid before a setuid]) 607 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 608 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 609 dnl AIX handles lastlog as part of its login message 610 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 611 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 612 [Some systems need a utmpx entry for /bin/login to work]) 613 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 614 [Define to a Set Process Title type if your system is 615 supported by bsd-setproctitle.c]) 616 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 617 [AIX 5.2 and 5.3 (and presumably newer) require this]) 618 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 619 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 620 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 621 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 622 ;; 623*-*-android*) 624 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 625 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 626 ;; 627*-*-cygwin*) 628 check_for_libcrypt_later=1 629 LIBS="$LIBS /usr/lib/textreadmode.o" 630 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 631 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 632 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 633 [Define to disable UID restoration test]) 634 AC_DEFINE([DISABLE_SHADOW], [1], 635 [Define if you want to disable shadow passwords]) 636 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 637 [Define if X11 doesn't support AF_UNIX sockets on that system]) 638 AC_DEFINE([DISABLE_FD_PASSING], [1], 639 [Define if your platform needs to skip post auth 640 file descriptor passing]) 641 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 642 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 643 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 644 # reasons which cause compile warnings, so we disable those warnings. 645 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 646 ;; 647*-*-dgux*) 648 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 649 [Define if your system choked on IP TOS setting]) 650 AC_DEFINE([SETEUID_BREAKS_SETUID]) 651 AC_DEFINE([BROKEN_SETREUID]) 652 AC_DEFINE([BROKEN_SETREGID]) 653 ;; 654*-*-darwin*) 655 use_pie=auto 656 AC_MSG_CHECKING([if we have working getaddrinfo]) 657 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h> 658main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 659 exit(0); 660 else 661 exit(1); 662} 663 ]])], 664 [AC_MSG_RESULT([working])], 665 [AC_MSG_RESULT([buggy]) 666 AC_DEFINE([BROKEN_GETADDRINFO], [1], 667 [getaddrinfo is broken (if present)]) 668 ], 669 [AC_MSG_RESULT([assume it is working])]) 670 AC_DEFINE([SETEUID_BREAKS_SETUID]) 671 AC_DEFINE([BROKEN_SETREUID]) 672 AC_DEFINE([BROKEN_SETREGID]) 673 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 674 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 675 [Define if your resolver libs need this for getrrsetbyname]) 676 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 677 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 678 [Use tunnel device compatibility to OpenBSD]) 679 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 680 [Prepend the address family to IP tunnel traffic]) 681 m4_pattern_allow([AU_IPv]) 682 AC_CHECK_DECL([AU_IPv4], [], 683 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 684 [#include <bsm/audit.h>] 685 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 686 [Define if pututxline updates lastlog too]) 687 ) 688 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 689 [Define to a Set Process Title type if your system is 690 supported by bsd-setproctitle.c]) 691 AC_CHECK_FUNCS([sandbox_init]) 692 AC_CHECK_HEADERS([sandbox.h]) 693 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 694 SSHDLIBS="$SSHDLIBS -lsandbox" 695 ]) 696 # proc_pidinfo()-based closefrom() replacement. 697 AC_CHECK_HEADERS([libproc.h]) 698 AC_CHECK_FUNCS([proc_pidinfo]) 699 ;; 700*-*-dragonfly*) 701 SSHDLIBS="$SSHDLIBS -lcrypt" 702 TEST_MALLOC_OPTIONS="AFGJPRX" 703 ;; 704*-*-haiku*) 705 LIBS="$LIBS -lbsd " 706 CFLAGS="$CFLAGS -D_BSD_SOURCE" 707 AC_CHECK_LIB([network], [socket]) 708 AC_DEFINE([HAVE_U_INT64_T]) 709 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 710 MANTYPE=man 711 ;; 712*-*-hpux*) 713 # first we define all of the options common to all HP-UX releases 714 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 715 IPADDR_IN_DISPLAY=yes 716 AC_DEFINE([USE_PIPES]) 717 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 718 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 719 [String used in /etc/passwd to denote locked account]) 720 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 721 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 722 maildir="/var/mail" 723 LIBS="$LIBS -lsec" 724 AC_CHECK_LIB([xnet], [t_error], , 725 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 726 727 # next, we define all of the options specific to major releases 728 case "$host" in 729 *-*-hpux10*) 730 if test -z "$GCC"; then 731 CFLAGS="$CFLAGS -Ae" 732 fi 733 ;; 734 *-*-hpux11*) 735 AC_DEFINE([PAM_SUN_CODEBASE], [1], 736 [Define if you are using Solaris-derived PAM which 737 passes pam_messages to the conversation function 738 with an extra level of indirection]) 739 AC_DEFINE([DISABLE_UTMP], [1], 740 [Define if you don't want to use utmp]) 741 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 742 check_for_hpux_broken_getaddrinfo=1 743 check_for_conflicting_getspnam=1 744 ;; 745 esac 746 747 # lastly, we define options specific to minor releases 748 case "$host" in 749 *-*-hpux10.26) 750 AC_DEFINE([HAVE_SECUREWARE], [1], 751 [Define if you have SecureWare-based 752 protected password database]) 753 disable_ptmx_check=yes 754 LIBS="$LIBS -lsecpw" 755 ;; 756 esac 757 ;; 758*-*-irix5*) 759 PATH="$PATH:/usr/etc" 760 AC_DEFINE([BROKEN_INET_NTOA], [1], 761 [Define if you system's inet_ntoa is busted 762 (e.g. Irix gcc issue)]) 763 AC_DEFINE([SETEUID_BREAKS_SETUID]) 764 AC_DEFINE([BROKEN_SETREUID]) 765 AC_DEFINE([BROKEN_SETREGID]) 766 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 767 [Define if you shouldn't strip 'tty' from your 768 ttyname in [uw]tmp]) 769 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 770 ;; 771*-*-irix6*) 772 PATH="$PATH:/usr/etc" 773 AC_DEFINE([WITH_IRIX_ARRAY], [1], 774 [Define if you have/want arrays 775 (cluster-wide session management, not C arrays)]) 776 AC_DEFINE([WITH_IRIX_PROJECT], [1], 777 [Define if you want IRIX project management]) 778 AC_DEFINE([WITH_IRIX_AUDIT], [1], 779 [Define if you want IRIX audit trails]) 780 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 781 [Define if you want IRIX kernel jobs])]) 782 AC_DEFINE([BROKEN_INET_NTOA]) 783 AC_DEFINE([SETEUID_BREAKS_SETUID]) 784 AC_DEFINE([BROKEN_SETREUID]) 785 AC_DEFINE([BROKEN_SETREGID]) 786 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 787 AC_DEFINE([WITH_ABBREV_NO_TTY]) 788 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 789 ;; 790*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 791 check_for_libcrypt_later=1 792 AC_DEFINE([PAM_TTY_KLUDGE]) 793 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 794 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 795 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 796 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 797 ;; 798*-*-linux*) 799 no_dev_ptmx=1 800 use_pie=auto 801 check_for_libcrypt_later=1 802 check_for_openpty_ctty_bug=1 803 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 804 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 805 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" 806 AC_DEFINE([PAM_TTY_KLUDGE], [1], 807 [Work around problematic Linux PAM modules handling of PAM_TTY]) 808 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 809 [String used in /etc/passwd to denote locked account]) 810 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 811 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 812 [Define to whatever link() returns for "not supported" 813 if it doesn't return EOPNOTSUPP.]) 814 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 815 AC_DEFINE([USE_BTMP]) 816 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 817 inet6_default_4in6=yes 818 case `uname -r` in 819 1.*|2.0.*) 820 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 821 [Define if cmsg_type is not passed correctly]) 822 ;; 823 esac 824 # tun(4) forwarding compat code 825 AC_CHECK_HEADERS([linux/if_tun.h]) 826 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 827 AC_DEFINE([SSH_TUN_LINUX], [1], 828 [Open tunnel devices the Linux tun/tap way]) 829 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 830 [Use tunnel device compatibility to OpenBSD]) 831 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 832 [Prepend the address family to IP tunnel traffic]) 833 fi 834 AC_CHECK_HEADER([linux/if.h], 835 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 836 [Support routing domains using Linux VRF]), [], [ 837#ifdef HAVE_SYS_TYPES_H 838# include <sys/types.h> 839#endif 840 ]) 841 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 842 [], [#include <linux/types.h>]) 843 # Obtain MIPS ABI 844 case "$host" in 845 mips*) 846 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 847#if _MIPS_SIM != _ABIO32 848#error 849#endif 850 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 851#if _MIPS_SIM != _ABIN32 852#error 853#endif 854 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 855#if _MIPS_SIM != _ABI64 856#error 857#endif 858 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 859 ]) 860 ]) 861 ]) 862 ;; 863 esac 864 AC_MSG_CHECKING([for seccomp architecture]) 865 seccomp_audit_arch= 866 case "$host" in 867 x86_64-*) 868 seccomp_audit_arch=AUDIT_ARCH_X86_64 869 # X32: AMD64 instructions in 32bit address space. 870 if test "x$ac_cv_sizeof_size_t" = "x4" ; then 871 seccomp_audit_arch=AUDIT_ARCH_I386 872 fi 873 ;; 874 i*86-*) 875 seccomp_audit_arch=AUDIT_ARCH_I386 876 ;; 877 arm*-*) 878 seccomp_audit_arch=AUDIT_ARCH_ARM 879 ;; 880 aarch64*-*) 881 seccomp_audit_arch=AUDIT_ARCH_AARCH64 882 ;; 883 s390x-*) 884 seccomp_audit_arch=AUDIT_ARCH_S390X 885 ;; 886 s390-*) 887 seccomp_audit_arch=AUDIT_ARCH_S390 888 ;; 889 powerpc64-*) 890 seccomp_audit_arch=AUDIT_ARCH_PPC64 891 ;; 892 powerpc64le-*) 893 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 894 ;; 895 mips-*) 896 seccomp_audit_arch=AUDIT_ARCH_MIPS 897 ;; 898 mipsel-*) 899 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 900 ;; 901 mips64-*) 902 case "$mips_abi" in 903 "n32") 904 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 905 ;; 906 "n64") 907 seccomp_audit_arch=AUDIT_ARCH_MIPS64 908 ;; 909 esac 910 ;; 911 mips64el-*) 912 case "$mips_abi" in 913 "n32") 914 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 915 ;; 916 "n64") 917 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 918 ;; 919 esac 920 ;; 921 riscv64-*) 922 seccomp_audit_arch=AUDIT_ARCH_RISCV64 923 ;; 924 esac 925 if test "x$seccomp_audit_arch" != "x" ; then 926 AC_MSG_RESULT(["$seccomp_audit_arch"]) 927 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 928 [Specify the system call convention in use]) 929 else 930 AC_MSG_RESULT([architecture not supported]) 931 fi 932 ;; 933mips-sony-bsd|mips-sony-newsos4) 934 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 935 SONY=1 936 ;; 937*-*-netbsd*) 938 check_for_libcrypt_before=1 939 if test "x$withval" != "xno" ; then 940 rpath_opt="-R" 941 fi 942 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 943 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 944 AC_CHECK_HEADER([net/if_tap.h], , 945 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 946 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 947 [Prepend the address family to IP tunnel traffic]) 948 TEST_MALLOC_OPTIONS="AJRX" 949 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 950 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 951 ;; 952*-*-freebsd*) 953 check_for_libcrypt_later=1 954 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 955 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 956 AC_CHECK_HEADER([net/if_tap.h], , 957 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 958 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 959 TEST_MALLOC_OPTIONS="AJRX" 960 # Preauth crypto occasionally uses file descriptors for crypto offload 961 # and will crash if they cannot be opened. 962 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 963 [define if setrlimit RLIMIT_NOFILE breaks things]) 964 ;; 965*-*-bsdi*) 966 AC_DEFINE([SETEUID_BREAKS_SETUID]) 967 AC_DEFINE([BROKEN_SETREUID]) 968 AC_DEFINE([BROKEN_SETREGID]) 969 ;; 970*-next-*) 971 conf_lastlog_location="/usr/adm/lastlog" 972 conf_utmp_location=/etc/utmp 973 conf_wtmp_location=/usr/adm/wtmp 974 maildir=/usr/spool/mail 975 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 976 AC_DEFINE([USE_PIPES]) 977 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 978 ;; 979*-*-openbsd*) 980 use_pie=auto 981 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 982 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 983 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 984 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 985 [syslog_r function is safe to use in in a signal handler]) 986 TEST_MALLOC_OPTIONS="AFGJPRX" 987 ;; 988*-*-solaris*) 989 if test "x$withval" != "xno" ; then 990 rpath_opt="-R" 991 fi 992 AC_DEFINE([PAM_SUN_CODEBASE]) 993 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 994 AC_DEFINE([PAM_TTY_KLUDGE]) 995 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 996 [Define if pam_chauthtok wants real uid set 997 to the unpriv'ed user]) 998 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 999 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 1000 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 1001 [Define if sshd somehow reacquires a controlling TTY 1002 after setsid()]) 1003 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 1004 in case the name is longer than 8 chars]) 1005 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 1006 external_path_file=/etc/default/login 1007 # hardwire lastlog location (can't detect it on some versions) 1008 conf_lastlog_location="/var/adm/lastlog" 1009 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1010 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1011 if test "$sol2ver" -ge 8; then 1012 AC_MSG_RESULT([yes]) 1013 AC_DEFINE([DISABLE_UTMP]) 1014 AC_DEFINE([DISABLE_WTMP], [1], 1015 [Define if you don't want to use wtmp]) 1016 else 1017 AC_MSG_RESULT([no]) 1018 fi 1019 AC_CHECK_FUNCS([setpflags]) 1020 AC_CHECK_FUNCS([setppriv]) 1021 AC_CHECK_FUNCS([priv_basicset]) 1022 AC_CHECK_HEADERS([priv.h]) 1023 AC_ARG_WITH([solaris-contracts], 1024 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1025 [ 1026 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1027 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1028 [Define if you have Solaris process contracts]) 1029 LIBS="$LIBS -lcontract" 1030 SPC_MSG="yes" ], ) 1031 ], 1032 ) 1033 AC_ARG_WITH([solaris-projects], 1034 [ --with-solaris-projects Enable Solaris projects (experimental)], 1035 [ 1036 AC_CHECK_LIB([project], [setproject], 1037 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1038 [Define if you have Solaris projects]) 1039 LIBS="$LIBS -lproject" 1040 SP_MSG="yes" ], ) 1041 ], 1042 ) 1043 AC_ARG_WITH([solaris-privs], 1044 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1045 [ 1046 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1047 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1048 "x$ac_cv_header_priv_h" = "xyes" ; then 1049 SOLARIS_PRIVS=yes 1050 AC_MSG_RESULT([found]) 1051 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1052 [Define to disable UID restoration test]) 1053 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1054 [Define if you have Solaris privileges]) 1055 SPP_MSG="yes" 1056 else 1057 AC_MSG_RESULT([not found]) 1058 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1059 fi 1060 ], 1061 ) 1062 TEST_SHELL=$SHELL # let configure find us a capable shell 1063 ;; 1064*-*-sunos4*) 1065 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1066 AC_CHECK_FUNCS([getpwanam]) 1067 AC_DEFINE([PAM_SUN_CODEBASE]) 1068 conf_utmp_location=/etc/utmp 1069 conf_wtmp_location=/var/adm/wtmp 1070 conf_lastlog_location=/var/adm/lastlog 1071 AC_DEFINE([USE_PIPES]) 1072 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1073 ;; 1074*-ncr-sysv*) 1075 LIBS="$LIBS -lc89" 1076 AC_DEFINE([USE_PIPES]) 1077 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1078 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1079 AC_DEFINE([BROKEN_SETREUID]) 1080 AC_DEFINE([BROKEN_SETREGID]) 1081 ;; 1082*-sni-sysv*) 1083 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1084 AC_CHECK_LIB([dl], [dlsym], ,) 1085 # -lresolv needs to be at the end of LIBS or DNS lookups break 1086 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1087 IPADDR_IN_DISPLAY=yes 1088 AC_DEFINE([USE_PIPES]) 1089 AC_DEFINE([IP_TOS_IS_BROKEN]) 1090 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1091 AC_DEFINE([BROKEN_SETREUID]) 1092 AC_DEFINE([BROKEN_SETREGID]) 1093 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1094 external_path_file=/etc/default/login 1095 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1096 # Attention: always take care to bind libsocket and libnsl before libc, 1097 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1098 ;; 1099# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1100*-*-sysv4.2*) 1101 AC_DEFINE([USE_PIPES]) 1102 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1103 AC_DEFINE([BROKEN_SETREUID]) 1104 AC_DEFINE([BROKEN_SETREGID]) 1105 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1106 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1107 TEST_SHELL=$SHELL # let configure find us a capable shell 1108 ;; 1109# UnixWare 7.x, OpenUNIX 8 1110*-*-sysv5*) 1111 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1112 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1113 AC_DEFINE([USE_PIPES]) 1114 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1115 AC_DEFINE([BROKEN_GETADDRINFO]) 1116 AC_DEFINE([BROKEN_SETREUID]) 1117 AC_DEFINE([BROKEN_SETREGID]) 1118 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1119 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1120 TEST_SHELL=$SHELL # let configure find us a capable shell 1121 check_for_libcrypt_later=1 1122 case "$host" in 1123 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1124 maildir=/var/spool/mail 1125 AC_DEFINE([BROKEN_UPDWTMPX]) 1126 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1127 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1128 ], , ) 1129 ;; 1130 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1131 ;; 1132 esac 1133 ;; 1134*-*-sysv*) 1135 ;; 1136# SCO UNIX and OEM versions of SCO UNIX 1137*-*-sco3.2v4*) 1138 AC_MSG_ERROR("This Platform is no longer supported.") 1139 ;; 1140# SCO OpenServer 5.x 1141*-*-sco3.2v5*) 1142 if test -z "$GCC"; then 1143 CFLAGS="$CFLAGS -belf" 1144 fi 1145 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1146 no_dev_ptmx=1 1147 AC_DEFINE([USE_PIPES]) 1148 AC_DEFINE([HAVE_SECUREWARE]) 1149 AC_DEFINE([DISABLE_SHADOW]) 1150 AC_DEFINE([DISABLE_FD_PASSING]) 1151 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1152 AC_DEFINE([BROKEN_GETADDRINFO]) 1153 AC_DEFINE([BROKEN_SETREUID]) 1154 AC_DEFINE([BROKEN_SETREGID]) 1155 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1156 AC_DEFINE([BROKEN_UPDWTMPX]) 1157 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1158 AC_CHECK_FUNCS([getluid setluid]) 1159 MANTYPE=man 1160 TEST_SHELL=$SHELL # let configure find us a capable shell 1161 SKIP_DISABLE_LASTLOG_DEFINE=yes 1162 ;; 1163*-dec-osf*) 1164 AC_MSG_CHECKING([for Digital Unix SIA]) 1165 no_osfsia="" 1166 AC_ARG_WITH([osfsia], 1167 [ --with-osfsia Enable Digital Unix SIA], 1168 [ 1169 if test "x$withval" = "xno" ; then 1170 AC_MSG_RESULT([disabled]) 1171 no_osfsia=1 1172 fi 1173 ], 1174 ) 1175 if test -z "$no_osfsia" ; then 1176 if test -f /etc/sia/matrix.conf; then 1177 AC_MSG_RESULT([yes]) 1178 AC_DEFINE([HAVE_OSF_SIA], [1], 1179 [Define if you have Digital Unix Security 1180 Integration Architecture]) 1181 AC_DEFINE([DISABLE_LOGIN], [1], 1182 [Define if you don't want to use your 1183 system's login() call]) 1184 AC_DEFINE([DISABLE_FD_PASSING]) 1185 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1186 SIA_MSG="yes" 1187 else 1188 AC_MSG_RESULT([no]) 1189 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1190 [String used in /etc/passwd to denote locked account]) 1191 fi 1192 fi 1193 AC_DEFINE([BROKEN_GETADDRINFO]) 1194 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1195 AC_DEFINE([BROKEN_SETREUID]) 1196 AC_DEFINE([BROKEN_SETREGID]) 1197 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1198 ;; 1199 1200*-*-nto-qnx*) 1201 AC_DEFINE([USE_PIPES]) 1202 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1203 AC_DEFINE([DISABLE_LASTLOG]) 1204 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1205 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1206 enable_etc_default_login=no # has incompatible /etc/default/login 1207 case "$host" in 1208 *-*-nto-qnx6*) 1209 AC_DEFINE([DISABLE_FD_PASSING]) 1210 ;; 1211 esac 1212 ;; 1213 1214*-*-ultrix*) 1215 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1216 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1217 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1218 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1219 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1220 # don't get a controlling tty. 1221 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1222 # On Ultrix some headers are not protected against multiple includes, 1223 # so we create wrappers and put it where the compiler will find it. 1224 AC_MSG_WARN([creating compat wrappers for headers]) 1225 mkdir -p netinet 1226 for header in netinet/ip.h netdb.h resolv.h; do 1227 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1228 cat >$header <<EOD 1229#ifndef _SSH_COMPAT_${name} 1230#define _SSH_COMPAT_${name} 1231#include "/usr/include/${header}" 1232#endif 1233EOD 1234 done 1235 ;; 1236 1237*-*-lynxos) 1238 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1239 AC_DEFINE([BROKEN_SETVBUF], [1], 1240 [LynxOS has broken setvbuf() implementation]) 1241 ;; 1242esac 1243 1244AC_MSG_CHECKING([compiler and flags for sanity]) 1245AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], 1246 [ AC_MSG_RESULT([yes]) ], 1247 [ 1248 AC_MSG_RESULT([no]) 1249 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1250 ], 1251 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1252) 1253 1254dnl Checks for header files. 1255# Checks for libraries. 1256AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1257 1258dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1259AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1260 AC_CHECK_LIB([gen], [dirname], [ 1261 AC_CACHE_CHECK([for broken dirname], 1262 ac_cv_have_broken_dirname, [ 1263 save_LIBS="$LIBS" 1264 LIBS="$LIBS -lgen" 1265 AC_RUN_IFELSE( 1266 [AC_LANG_SOURCE([[ 1267#include <libgen.h> 1268#include <string.h> 1269 1270int main(int argc, char **argv) { 1271 char *s, buf[32]; 1272 1273 strncpy(buf,"/etc", 32); 1274 s = dirname(buf); 1275 if (!s || strncmp(s, "/", 32) != 0) { 1276 exit(1); 1277 } else { 1278 exit(0); 1279 } 1280} 1281 ]])], 1282 [ ac_cv_have_broken_dirname="no" ], 1283 [ ac_cv_have_broken_dirname="yes" ], 1284 [ ac_cv_have_broken_dirname="no" ], 1285 ) 1286 LIBS="$save_LIBS" 1287 ]) 1288 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1289 LIBS="$LIBS -lgen" 1290 AC_DEFINE([HAVE_DIRNAME]) 1291 AC_CHECK_HEADERS([libgen.h]) 1292 fi 1293 ]) 1294]) 1295 1296AC_CHECK_FUNC([getspnam], , 1297 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1298AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1299 [Define if you have the basename function.])]) 1300 1301dnl zlib defaults to enabled 1302zlib=yes 1303AC_ARG_WITH([zlib], 1304 [ --with-zlib=PATH Use zlib in PATH], 1305 [ if test "x$withval" = "xno" ; then 1306 zlib=no 1307 elif test "x$withval" != "xyes"; then 1308 if test -d "$withval/lib"; then 1309 if test -n "${rpath_opt}"; then 1310 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1311 else 1312 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1313 fi 1314 else 1315 if test -n "${rpath_opt}"; then 1316 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1317 else 1318 LDFLAGS="-L${withval} ${LDFLAGS}" 1319 fi 1320 fi 1321 if test -d "$withval/include"; then 1322 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1323 else 1324 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1325 fi 1326 fi ] 1327) 1328 1329AC_MSG_CHECKING([for zlib]) 1330if test "x${zlib}" = "xno"; then 1331 AC_MSG_RESULT([no]) 1332else 1333 AC_MSG_RESULT([yes]) 1334 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1335 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1336 AC_CHECK_LIB([z], [deflate], , 1337 [ 1338 saved_CPPFLAGS="$CPPFLAGS" 1339 saved_LDFLAGS="$LDFLAGS" 1340 save_LIBS="$LIBS" 1341 dnl Check default zlib install dir 1342 if test -n "${rpath_opt}"; then 1343 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1344 else 1345 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1346 fi 1347 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1348 LIBS="$LIBS -lz" 1349 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1350 [ 1351 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1352 ] 1353 ) 1354 ] 1355 ) 1356 1357 AC_ARG_WITH([zlib-version-check], 1358 [ --without-zlib-version-check Disable zlib version check], 1359 [ if test "x$withval" = "xno" ; then 1360 zlib_check_nonfatal=1 1361 fi 1362 ] 1363 ) 1364 1365 AC_MSG_CHECKING([for possibly buggy zlib]) 1366 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1367#include <stdio.h> 1368#include <stdlib.h> 1369#include <zlib.h> 1370 ]], 1371 [[ 1372 int a=0, b=0, c=0, d=0, n, v; 1373 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1374 if (n != 3 && n != 4) 1375 exit(1); 1376 v = a*1000000 + b*10000 + c*100 + d; 1377 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1378 1379 /* 1.1.4 is OK */ 1380 if (a == 1 && b == 1 && c >= 4) 1381 exit(0); 1382 1383 /* 1.2.3 and up are OK */ 1384 if (v >= 1020300) 1385 exit(0); 1386 1387 exit(2); 1388 ]])], 1389 AC_MSG_RESULT([no]), 1390 [ AC_MSG_RESULT([yes]) 1391 if test -z "$zlib_check_nonfatal" ; then 1392 AC_MSG_ERROR([*** zlib too old - check config.log *** 1393Your reported zlib version has known security problems. It's possible your 1394vendor has fixed these problems without changing the version number. If you 1395are sure this is the case, you can disable the check by running 1396"./configure --without-zlib-version-check". 1397If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1398See http://www.gzip.org/zlib/ for details.]) 1399 else 1400 AC_MSG_WARN([zlib version may have security problems]) 1401 fi 1402 ], 1403 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1404 ) 1405fi 1406 1407dnl UnixWare 2.x 1408AC_CHECK_FUNC([strcasecmp], 1409 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1410) 1411AC_CHECK_FUNCS([utimes], 1412 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1413 LIBS="$LIBS -lc89"]) ] 1414) 1415 1416dnl Checks for libutil functions 1417AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1418AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1419AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1420AC_SEARCH_LIBS([login], [util bsd]) 1421AC_SEARCH_LIBS([logout], [util bsd]) 1422AC_SEARCH_LIBS([logwtmp], [util bsd]) 1423AC_SEARCH_LIBS([openpty], [util bsd]) 1424AC_SEARCH_LIBS([updwtmp], [util bsd]) 1425AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1426 1427# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1428# or libnsl. 1429AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1430AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1431 1432# "Particular Function Checks" 1433# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1434AC_FUNC_STRFTIME 1435AC_FUNC_MALLOC 1436AC_FUNC_REALLOC 1437# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1438AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1439AC_RUN_IFELSE( 1440 [AC_LANG_PROGRAM( 1441 [[ #include <stdlib.h> ]], 1442 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1443 )], 1444 [ func_calloc_0_nonnull=yes ], 1445 [ func_calloc_0_nonnull=no ], 1446 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1447 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1448) 1449AC_MSG_RESULT([$func_calloc_0_nonnull]) 1450 1451if test "x$func_calloc_0_nonnull" = "xyes"; then 1452 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1453else 1454 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1455 AC_DEFINE(calloc, rpl_calloc, 1456 [Define to rpl_calloc if the replacement function should be used.]) 1457fi 1458 1459# Check for ALTDIRFUNC glob() extension 1460AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1461AC_EGREP_CPP([FOUNDIT], 1462 [ 1463 #include <glob.h> 1464 #ifdef GLOB_ALTDIRFUNC 1465 FOUNDIT 1466 #endif 1467 ], 1468 [ 1469 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1470 [Define if your system glob() function has 1471 the GLOB_ALTDIRFUNC extension]) 1472 AC_MSG_RESULT([yes]) 1473 ], 1474 [ 1475 AC_MSG_RESULT([no]) 1476 ] 1477) 1478 1479# Check for g.gl_matchc glob() extension 1480AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1481AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1482 [[ glob_t g; g.gl_matchc = 1; ]])], 1483 [ 1484 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1485 [Define if your system glob() function has 1486 gl_matchc options in glob_t]) 1487 AC_MSG_RESULT([yes]) 1488 ], [ 1489 AC_MSG_RESULT([no]) 1490]) 1491 1492# Check for g.gl_statv glob() extension 1493AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1494AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1495#ifndef GLOB_KEEPSTAT 1496#error "glob does not support GLOB_KEEPSTAT extension" 1497#endif 1498glob_t g; 1499g.gl_statv = NULL; 1500]])], 1501 [ 1502 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1503 [Define if your system glob() function has 1504 gl_statv options in glob_t]) 1505 AC_MSG_RESULT([yes]) 1506 ], [ 1507 AC_MSG_RESULT([no]) 1508 1509]) 1510 1511AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1512 1513AC_CHECK_DECL([VIS_ALL], , 1514 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1515 1516AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1517AC_RUN_IFELSE( 1518 [AC_LANG_PROGRAM([[ 1519#include <sys/types.h> 1520#include <dirent.h>]], 1521 [[ 1522 struct dirent d; 1523 exit(sizeof(d.d_name)<=sizeof(char)); 1524 ]])], 1525 [AC_MSG_RESULT([yes])], 1526 [ 1527 AC_MSG_RESULT([no]) 1528 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1529 [Define if your struct dirent expects you to 1530 allocate extra space for d_name]) 1531 ], 1532 [ 1533 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1534 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1535 ] 1536) 1537 1538AC_MSG_CHECKING([for /proc/pid/fd directory]) 1539if test -d "/proc/$$/fd" ; then 1540 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1541 AC_MSG_RESULT([yes]) 1542else 1543 AC_MSG_RESULT([no]) 1544fi 1545 1546# Check whether user wants to use ldns 1547LDNS_MSG="no" 1548AC_ARG_WITH(ldns, 1549 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1550 [ 1551 ldns="" 1552 if test "x$withval" = "xyes" ; then 1553 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1554 if test "x$LDNSCONFIG" = "xno"; then 1555 LIBS="-lldns $LIBS" 1556 ldns=yes 1557 else 1558 LIBS="$LIBS `$LDNSCONFIG --libs`" 1559 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1560 ldns=yes 1561 fi 1562 elif test "x$withval" != "xno" ; then 1563 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1564 LDFLAGS="$LDFLAGS -L${withval}/lib" 1565 LIBS="-lldns $LIBS" 1566 ldns=yes 1567 fi 1568 1569 # Verify that it works. 1570 if test "x$ldns" = "xyes" ; then 1571 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1572 LDNS_MSG="yes" 1573 AC_MSG_CHECKING([for ldns support]) 1574 AC_LINK_IFELSE( 1575 [AC_LANG_SOURCE([[ 1576#include <stdio.h> 1577#include <stdlib.h> 1578#ifdef HAVE_STDINT_H 1579# include <stdint.h> 1580#endif 1581#include <ldns/ldns.h> 1582int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1583 ]]) 1584 ], 1585 [AC_MSG_RESULT(yes)], 1586 [ 1587 AC_MSG_RESULT(no) 1588 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1589 ]) 1590 fi 1591]) 1592 1593# Check whether user wants libedit support 1594LIBEDIT_MSG="no" 1595AC_ARG_WITH([libedit], 1596 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1597 [ if test "x$withval" != "xno" ; then 1598 if test "x$withval" = "xyes" ; then 1599 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1600 if test "x$PKGCONFIG" != "xno"; then 1601 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1602 if "$PKGCONFIG" libedit; then 1603 AC_MSG_RESULT([yes]) 1604 use_pkgconfig_for_libedit=yes 1605 else 1606 AC_MSG_RESULT([no]) 1607 fi 1608 fi 1609 else 1610 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1611 if test -n "${rpath_opt}"; then 1612 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1613 else 1614 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1615 fi 1616 fi 1617 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1618 LIBEDIT=`$PKGCONFIG --libs libedit` 1619 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1620 else 1621 LIBEDIT="-ledit -lcurses" 1622 fi 1623 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1624 AC_CHECK_LIB([edit], [el_init], 1625 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1626 LIBEDIT_MSG="yes" 1627 AC_SUBST([LIBEDIT]) 1628 ], 1629 [ AC_MSG_ERROR([libedit not found]) ], 1630 [ $OTHERLIBS ] 1631 ) 1632 AC_MSG_CHECKING([if libedit version is compatible]) 1633 AC_COMPILE_IFELSE( 1634 [AC_LANG_PROGRAM([[ #include <histedit.h> ]], 1635 [[ 1636 int i = H_SETSIZE; 1637 el_init("", NULL, NULL, NULL); 1638 exit(0); 1639 ]])], 1640 [ AC_MSG_RESULT([yes]) ], 1641 [ AC_MSG_RESULT([no]) 1642 AC_MSG_ERROR([libedit version is not compatible]) ] 1643 ) 1644 fi ] 1645) 1646 1647AUDIT_MODULE=none 1648AC_ARG_WITH([audit], 1649 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1650 [ 1651 AC_MSG_CHECKING([for supported audit module]) 1652 case "$withval" in 1653 bsm) 1654 AC_MSG_RESULT([bsm]) 1655 AUDIT_MODULE=bsm 1656 dnl Checks for headers, libs and functions 1657 AC_CHECK_HEADERS([bsm/audit.h], [], 1658 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1659 [ 1660#ifdef HAVE_TIME_H 1661# include <time.h> 1662#endif 1663 ] 1664) 1665 AC_CHECK_LIB([bsm], [getaudit], [], 1666 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1667 AC_CHECK_FUNCS([getaudit], [], 1668 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1669 # These are optional 1670 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1671 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1672 if test "$sol2ver" -ge 11; then 1673 SSHDLIBS="$SSHDLIBS -lscf" 1674 AC_DEFINE([BROKEN_BSM_API], [1], 1675 [The system has incomplete BSM API]) 1676 fi 1677 ;; 1678 linux) 1679 AC_MSG_RESULT([linux]) 1680 AUDIT_MODULE=linux 1681 dnl Checks for headers, libs and functions 1682 AC_CHECK_HEADERS([libaudit.h]) 1683 SSHDLIBS="$SSHDLIBS -laudit" 1684 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1685 ;; 1686 debug) 1687 AUDIT_MODULE=debug 1688 AC_MSG_RESULT([debug]) 1689 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1690 ;; 1691 no) 1692 AC_MSG_RESULT([no]) 1693 ;; 1694 *) 1695 AC_MSG_ERROR([Unknown audit module $withval]) 1696 ;; 1697 esac ] 1698) 1699 1700AC_ARG_WITH([pie], 1701 [ --with-pie Build Position Independent Executables if possible], [ 1702 if test "x$withval" = "xno"; then 1703 use_pie=no 1704 fi 1705 if test "x$withval" = "xyes"; then 1706 use_pie=yes 1707 fi 1708 ] 1709) 1710if test "x$use_pie" = "x"; then 1711 use_pie=no 1712fi 1713if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1714 # Turn off automatic PIE when toolchain hardening is off. 1715 use_pie=no 1716fi 1717if test "x$use_pie" = "xauto"; then 1718 # Automatic PIE requires gcc >= 4.x 1719 AC_MSG_CHECKING([for gcc >= 4.x]) 1720 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1721#if !defined(__GNUC__) || __GNUC__ < 4 1722#error gcc is too old 1723#endif 1724]])], 1725 [ AC_MSG_RESULT([yes]) ], 1726 [ AC_MSG_RESULT([no]) 1727 use_pie=no ] 1728) 1729fi 1730if test "x$use_pie" != "xno"; then 1731 SAVED_CFLAGS="$CFLAGS" 1732 SAVED_LDFLAGS="$LDFLAGS" 1733 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1734 OSSH_CHECK_LDFLAG_LINK([-pie]) 1735 # We use both -fPIE and -pie or neither. 1736 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1737 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1738 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1739 AC_MSG_RESULT([yes]) 1740 else 1741 AC_MSG_RESULT([no]) 1742 CFLAGS="$SAVED_CFLAGS" 1743 LDFLAGS="$SAVED_LDFLAGS" 1744 fi 1745fi 1746 1747AC_MSG_CHECKING([whether -fPIC is accepted]) 1748SAVED_CFLAGS="$CFLAGS" 1749CFLAGS="$CFLAGS -fPIC" 1750AC_COMPILE_IFELSE( 1751 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1752 [AC_MSG_RESULT([yes]) 1753 PICFLAG="-fPIC"; ], 1754 [AC_MSG_RESULT([no]) 1755 PICFLAG=""; ]) 1756CFLAGS="$SAVED_CFLAGS" 1757AC_SUBST([PICFLAG]) 1758 1759dnl Checks for library functions. Please keep in alphabetical order 1760AC_CHECK_FUNCS([ \ 1761 Blowfish_initstate \ 1762 Blowfish_expandstate \ 1763 Blowfish_expand0state \ 1764 Blowfish_stream2word \ 1765 SHA256Update \ 1766 SHA384Update \ 1767 SHA512Update \ 1768 asprintf \ 1769 b64_ntop \ 1770 __b64_ntop \ 1771 b64_pton \ 1772 __b64_pton \ 1773 bcopy \ 1774 bcrypt_pbkdf \ 1775 bindresvport_sa \ 1776 blf_enc \ 1777 bzero \ 1778 cap_rights_limit \ 1779 clock \ 1780 closefrom \ 1781 dirfd \ 1782 endgrent \ 1783 err \ 1784 errx \ 1785 explicit_bzero \ 1786 fchmod \ 1787 fchmodat \ 1788 fchown \ 1789 fchownat \ 1790 flock \ 1791 fnmatch \ 1792 freeaddrinfo \ 1793 freezero \ 1794 fstatfs \ 1795 fstatvfs \ 1796 futimes \ 1797 getaddrinfo \ 1798 getcwd \ 1799 getgrouplist \ 1800 getline \ 1801 getnameinfo \ 1802 getopt \ 1803 getpagesize \ 1804 getpeereid \ 1805 getpeerucred \ 1806 getpgid \ 1807 _getpty \ 1808 getrlimit \ 1809 getrandom \ 1810 getsid \ 1811 getttyent \ 1812 glob \ 1813 group_from_gid \ 1814 inet_aton \ 1815 inet_ntoa \ 1816 inet_ntop \ 1817 innetgr \ 1818 llabs \ 1819 localtime_r \ 1820 login_getcapbool \ 1821 md5_crypt \ 1822 memmem \ 1823 memmove \ 1824 memset_s \ 1825 mkdtemp \ 1826 ngetaddrinfo \ 1827 nsleep \ 1828 ogetaddrinfo \ 1829 openlog_r \ 1830 pledge \ 1831 poll \ 1832 prctl \ 1833 pstat \ 1834 raise \ 1835 readpassphrase \ 1836 reallocarray \ 1837 realpath \ 1838 recvmsg \ 1839 recallocarray \ 1840 rresvport_af \ 1841 sendmsg \ 1842 setdtablesize \ 1843 setegid \ 1844 setenv \ 1845 seteuid \ 1846 setgroupent \ 1847 setgroups \ 1848 setlinebuf \ 1849 setlogin \ 1850 setpassent\ 1851 setpcred \ 1852 setproctitle \ 1853 setregid \ 1854 setreuid \ 1855 setrlimit \ 1856 setsid \ 1857 setvbuf \ 1858 sigaction \ 1859 sigvec \ 1860 snprintf \ 1861 socketpair \ 1862 statfs \ 1863 statvfs \ 1864 strcasestr \ 1865 strdup \ 1866 strerror \ 1867 strlcat \ 1868 strlcpy \ 1869 strmode \ 1870 strndup \ 1871 strnlen \ 1872 strnvis \ 1873 strptime \ 1874 strsignal \ 1875 strtonum \ 1876 strtoll \ 1877 strtoul \ 1878 strtoull \ 1879 swap32 \ 1880 sysconf \ 1881 tcgetpgrp \ 1882 timingsafe_bcmp \ 1883 truncate \ 1884 unsetenv \ 1885 updwtmpx \ 1886 utimensat \ 1887 user_from_uid \ 1888 usleep \ 1889 vasprintf \ 1890 vsnprintf \ 1891 waitpid \ 1892 warn \ 1893]) 1894 1895AC_CHECK_DECLS([bzero, memmem]) 1896 1897dnl Wide character support. 1898AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1899 1900TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 1901AC_MSG_CHECKING([for utf8 locale support]) 1902AC_RUN_IFELSE( 1903 [AC_LANG_PROGRAM([[ 1904#include <locale.h> 1905#include <stdlib.h> 1906 ]], [[ 1907 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 1908 if (loc != NULL) 1909 exit(0); 1910 exit(1); 1911 ]])], 1912 AC_MSG_RESULT(yes), 1913 [AC_MSG_RESULT(no) 1914 TEST_SSH_UTF8=no], 1915 AC_MSG_WARN([cross compiling: assuming yes]) 1916) 1917 1918AC_LINK_IFELSE( 1919 [AC_LANG_PROGRAM( 1920 [[ #include <ctype.h> ]], 1921 [[ return (isblank('a')); ]])], 1922 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1923]) 1924 1925disable_pkcs11= 1926AC_ARG_ENABLE([pkcs11], 1927 [ --disable-pkcs11 disable PKCS#11 support code [no]], 1928 [ 1929 if test "x$enableval" = "xno" ; then 1930 disable_pkcs11=1 1931 fi 1932 ] 1933) 1934 1935disable_sk= 1936AC_ARG_ENABLE([security-key], 1937 [ --disable-security-key disable U2F/FIDO support code [no]], 1938 [ 1939 if test "x$enableval" = "xno" ; then 1940 disable_sk=1 1941 fi 1942 ] 1943) 1944enable_sk_internal= 1945AC_ARG_WITH([security-key-builtin], 1946 [ --with-security-key-builtin include builtin U2F/FIDO support], 1947 [ 1948 if test "x$withval" != "xno" ; then 1949 enable_sk_internal=yes 1950 fi 1951 ] 1952) 1953test "x$disable_sk" != "x" && enable_sk_internal="" 1954 1955AC_SEARCH_LIBS([dlopen], [dl]) 1956AC_CHECK_FUNCS([dlopen]) 1957AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 1958 1959# IRIX has a const char return value for gai_strerror() 1960AC_CHECK_FUNCS([gai_strerror], [ 1961 AC_DEFINE([HAVE_GAI_STRERROR]) 1962 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1963#include <sys/types.h> 1964#include <sys/socket.h> 1965#include <netdb.h> 1966 1967const char *gai_strerror(int); 1968 ]], [[ 1969 char *str; 1970 str = gai_strerror(0); 1971 ]])], [ 1972 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1973 [Define if gai_strerror() returns const char *])], [])]) 1974 1975AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1976 [Some systems put nanosleep outside of libc])]) 1977 1978AC_SEARCH_LIBS([clock_gettime], [rt], 1979 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1980 1981dnl check if we need -D_REENTRANT for localtime_r declaration. 1982AC_CHECK_DECL([localtime_r], [], 1983 [ saved_CPPFLAGS="$CFLAGS" 1984 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 1985 unset ac_cv_have_decl_localtime_r 1986 AC_CHECK_DECL([localtime_r], [], 1987 [ CPPFLAGS="$saved_CPPFLAGS" ], 1988 [ #include <time.h> ] 1989 ) 1990 ], 1991 [ #include <time.h> ] 1992) 1993 1994dnl Make sure prototypes are defined for these before using them. 1995AC_CHECK_DECL([strsep], 1996 [AC_CHECK_FUNCS([strsep])], 1997 [], 1998 [ 1999#ifdef HAVE_STRING_H 2000# include <string.h> 2001#endif 2002 ]) 2003 2004dnl tcsendbreak might be a macro 2005AC_CHECK_DECL([tcsendbreak], 2006 [AC_DEFINE([HAVE_TCSENDBREAK])], 2007 [AC_CHECK_FUNCS([tcsendbreak])], 2008 [#include <termios.h>] 2009) 2010 2011AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2012 2013AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2014 [ 2015#include <sys/types.h> 2016#include <sys/socket.h> 2017#include <unistd.h> 2018 ]) 2019 2020AC_CHECK_DECLS([O_NONBLOCK], , , 2021 [ 2022#include <sys/types.h> 2023#ifdef HAVE_SYS_STAT_H 2024# include <sys/stat.h> 2025#endif 2026#ifdef HAVE_FCNTL_H 2027# include <fcntl.h> 2028#endif 2029 ]) 2030 2031AC_CHECK_DECLS([readv, writev], , , [ 2032#include <sys/types.h> 2033#include <sys/uio.h> 2034#include <unistd.h> 2035 ]) 2036 2037AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2038#include <sys/param.h> 2039 ]) 2040 2041AC_CHECK_DECLS([offsetof], , , [ 2042#include <stddef.h> 2043 ]) 2044 2045# extra bits for select(2) 2046AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2047#include <sys/param.h> 2048#include <sys/types.h> 2049#ifdef HAVE_SYS_SYSMACROS_H 2050#include <sys/sysmacros.h> 2051#endif 2052#ifdef HAVE_SYS_SELECT_H 2053#include <sys/select.h> 2054#endif 2055#ifdef HAVE_SYS_TIME_H 2056#include <sys/time.h> 2057#endif 2058#ifdef HAVE_UNISTD_H 2059#include <unistd.h> 2060#endif 2061 ]]) 2062AC_CHECK_TYPES([fd_mask], [], [], [[ 2063#include <sys/param.h> 2064#include <sys/types.h> 2065#ifdef HAVE_SYS_SELECT_H 2066#include <sys/select.h> 2067#endif 2068#ifdef HAVE_SYS_TIME_H 2069#include <sys/time.h> 2070#endif 2071#ifdef HAVE_UNISTD_H 2072#include <unistd.h> 2073#endif 2074 ]]) 2075 2076AC_CHECK_FUNCS([setresuid], [ 2077 dnl Some platorms have setresuid that isn't implemented, test for this 2078 AC_MSG_CHECKING([if setresuid seems to work]) 2079 AC_RUN_IFELSE( 2080 [AC_LANG_PROGRAM([[ 2081#include <stdlib.h> 2082#include <errno.h> 2083 ]], [[ 2084 errno=0; 2085 setresuid(0,0,0); 2086 if (errno==ENOSYS) 2087 exit(1); 2088 else 2089 exit(0); 2090 ]])], 2091 [AC_MSG_RESULT([yes])], 2092 [AC_DEFINE([BROKEN_SETRESUID], [1], 2093 [Define if your setresuid() is broken]) 2094 AC_MSG_RESULT([not implemented])], 2095 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2096 ) 2097]) 2098 2099AC_CHECK_FUNCS([setresgid], [ 2100 dnl Some platorms have setresgid that isn't implemented, test for this 2101 AC_MSG_CHECKING([if setresgid seems to work]) 2102 AC_RUN_IFELSE( 2103 [AC_LANG_PROGRAM([[ 2104#include <stdlib.h> 2105#include <errno.h> 2106 ]], [[ 2107 errno=0; 2108 setresgid(0,0,0); 2109 if (errno==ENOSYS) 2110 exit(1); 2111 else 2112 exit(0); 2113 ]])], 2114 [AC_MSG_RESULT([yes])], 2115 [AC_DEFINE([BROKEN_SETRESGID], [1], 2116 [Define if your setresgid() is broken]) 2117 AC_MSG_RESULT([not implemented])], 2118 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2119 ) 2120]) 2121 2122AC_MSG_CHECKING([for working fflush(NULL)]) 2123AC_RUN_IFELSE( 2124 [AC_LANG_PROGRAM([[#include <stdio.h>]], [[fflush(NULL); exit(0);]])], 2125 AC_MSG_RESULT([yes]), 2126 [AC_MSG_RESULT([no]) 2127 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2128 [define if fflush(NULL) does not work])], 2129 AC_MSG_WARN([cross compiling: assuming working]) 2130) 2131 2132dnl Checks for time functions 2133AC_CHECK_FUNCS([gettimeofday time]) 2134dnl Checks for utmp functions 2135AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2136AC_CHECK_FUNCS([utmpname]) 2137dnl Checks for utmpx functions 2138AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2139AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2140dnl Checks for lastlog functions 2141AC_CHECK_FUNCS([getlastlogxbyname]) 2142 2143AC_CHECK_FUNC([daemon], 2144 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2145 [AC_CHECK_LIB([bsd], [daemon], 2146 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2147) 2148 2149AC_CHECK_FUNC([getpagesize], 2150 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2151 [Define if your libraries define getpagesize()])], 2152 [AC_CHECK_LIB([ucb], [getpagesize], 2153 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2154) 2155 2156# Check for broken snprintf 2157if test "x$ac_cv_func_snprintf" = "xyes" ; then 2158 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2159 AC_RUN_IFELSE( 2160 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 2161 [[ 2162 char b[5]; 2163 snprintf(b,5,"123456789"); 2164 exit(b[4]!='\0'); 2165 ]])], 2166 [AC_MSG_RESULT([yes])], 2167 [ 2168 AC_MSG_RESULT([no]) 2169 AC_DEFINE([BROKEN_SNPRINTF], [1], 2170 [Define if your snprintf is busted]) 2171 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2172 ], 2173 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2174 ) 2175fi 2176 2177if test "x$ac_cv_func_snprintf" = "xyes" ; then 2178 AC_MSG_CHECKING([whether snprintf understands %zu]) 2179 AC_RUN_IFELSE( 2180 [AC_LANG_PROGRAM([[ 2181#include <sys/types.h> 2182#include <stdio.h> 2183 ]], 2184 [[ 2185 size_t a = 1, b = 2; 2186 char z[128]; 2187 snprintf(z, sizeof z, "%zu%zu", a, b); 2188 exit(strcmp(z, "12")); 2189 ]])], 2190 [AC_MSG_RESULT([yes])], 2191 [ 2192 AC_MSG_RESULT([no]) 2193 AC_DEFINE([BROKEN_SNPRINTF], [1], 2194 [snprintf does not understand %zu]) 2195 ], 2196 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2197 ) 2198fi 2199 2200# We depend on vsnprintf returning the right thing on overflow: the 2201# number of characters it tried to create (as per SUSv3) 2202if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2203 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2204 AC_RUN_IFELSE( 2205 [AC_LANG_PROGRAM([[ 2206#include <sys/types.h> 2207#include <stdio.h> 2208#include <stdarg.h> 2209 2210int x_snprintf(char *str, size_t count, const char *fmt, ...) 2211{ 2212 size_t ret; 2213 va_list ap; 2214 2215 va_start(ap, fmt); 2216 ret = vsnprintf(str, count, fmt, ap); 2217 va_end(ap); 2218 return ret; 2219} 2220 ]], [[ 2221char x[1]; 2222if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2223 return 1; 2224if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2225 return 1; 2226return 0; 2227 ]])], 2228 [AC_MSG_RESULT([yes])], 2229 [ 2230 AC_MSG_RESULT([no]) 2231 AC_DEFINE([BROKEN_SNPRINTF], [1], 2232 [Define if your snprintf is busted]) 2233 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2234 ], 2235 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2236 ) 2237fi 2238 2239# On systems where [v]snprintf is broken, but is declared in stdio, 2240# check that the fmt argument is const char * or just char *. 2241# This is only useful for when BROKEN_SNPRINTF 2242AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2243AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2244#include <stdio.h> 2245int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2246 ]], [[ 2247 snprintf(0, 0, 0); 2248 ]])], 2249 [AC_MSG_RESULT([yes]) 2250 AC_DEFINE([SNPRINTF_CONST], [const], 2251 [Define as const if snprintf() can declare const char *fmt])], 2252 [AC_MSG_RESULT([no]) 2253 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2254 2255# Check for missing getpeereid (or equiv) support 2256NO_PEERCHECK="" 2257if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2258 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2259 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2260#include <sys/types.h> 2261#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2262 [ AC_MSG_RESULT([yes]) 2263 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2264 ], [AC_MSG_RESULT([no]) 2265 NO_PEERCHECK=1 2266 ]) 2267fi 2268 2269dnl see whether mkstemp() requires XXXXXX 2270if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 2271AC_MSG_CHECKING([for (overly) strict mkstemp]) 2272AC_RUN_IFELSE( 2273 [AC_LANG_PROGRAM([[ 2274#include <stdlib.h> 2275 ]], [[ 2276 char template[]="conftest.mkstemp-test"; 2277 if (mkstemp(template) == -1) 2278 exit(1); 2279 unlink(template); 2280 exit(0); 2281 ]])], 2282 [ 2283 AC_MSG_RESULT([no]) 2284 ], 2285 [ 2286 AC_MSG_RESULT([yes]) 2287 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) 2288 ], 2289 [ 2290 AC_MSG_RESULT([yes]) 2291 AC_DEFINE([HAVE_STRICT_MKSTEMP]) 2292 ] 2293) 2294fi 2295 2296dnl make sure that openpty does not reacquire controlling terminal 2297if test ! -z "$check_for_openpty_ctty_bug"; then 2298 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2299 AC_RUN_IFELSE( 2300 [AC_LANG_PROGRAM([[ 2301#include <stdio.h> 2302#include <sys/fcntl.h> 2303#include <sys/types.h> 2304#include <sys/wait.h> 2305 ]], [[ 2306 pid_t pid; 2307 int fd, ptyfd, ttyfd, status; 2308 2309 pid = fork(); 2310 if (pid < 0) { /* failed */ 2311 exit(1); 2312 } else if (pid > 0) { /* parent */ 2313 waitpid(pid, &status, 0); 2314 if (WIFEXITED(status)) 2315 exit(WEXITSTATUS(status)); 2316 else 2317 exit(2); 2318 } else { /* child */ 2319 close(0); close(1); close(2); 2320 setsid(); 2321 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2322 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2323 if (fd >= 0) 2324 exit(3); /* Acquired ctty: broken */ 2325 else 2326 exit(0); /* Did not acquire ctty: OK */ 2327 } 2328 ]])], 2329 [ 2330 AC_MSG_RESULT([yes]) 2331 ], 2332 [ 2333 AC_MSG_RESULT([no]) 2334 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2335 ], 2336 [ 2337 AC_MSG_RESULT([cross-compiling, assuming yes]) 2338 ] 2339 ) 2340fi 2341 2342if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2343 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2344 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2345 AC_RUN_IFELSE( 2346 [AC_LANG_PROGRAM([[ 2347#include <stdio.h> 2348#include <sys/socket.h> 2349#include <netdb.h> 2350#include <errno.h> 2351#include <netinet/in.h> 2352 2353#define TEST_PORT "2222" 2354 ]], [[ 2355 int err, sock; 2356 struct addrinfo *gai_ai, *ai, hints; 2357 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2358 2359 memset(&hints, 0, sizeof(hints)); 2360 hints.ai_family = PF_UNSPEC; 2361 hints.ai_socktype = SOCK_STREAM; 2362 hints.ai_flags = AI_PASSIVE; 2363 2364 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2365 if (err != 0) { 2366 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2367 exit(1); 2368 } 2369 2370 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2371 if (ai->ai_family != AF_INET6) 2372 continue; 2373 2374 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2375 sizeof(ntop), strport, sizeof(strport), 2376 NI_NUMERICHOST|NI_NUMERICSERV); 2377 2378 if (err != 0) { 2379 if (err == EAI_SYSTEM) 2380 perror("getnameinfo EAI_SYSTEM"); 2381 else 2382 fprintf(stderr, "getnameinfo failed: %s\n", 2383 gai_strerror(err)); 2384 exit(2); 2385 } 2386 2387 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2388 if (sock < 0) 2389 perror("socket"); 2390 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2391 if (errno == EBADF) 2392 exit(3); 2393 } 2394 } 2395 exit(0); 2396 ]])], 2397 [ 2398 AC_MSG_RESULT([yes]) 2399 ], 2400 [ 2401 AC_MSG_RESULT([no]) 2402 AC_DEFINE([BROKEN_GETADDRINFO]) 2403 ], 2404 [ 2405 AC_MSG_RESULT([cross-compiling, assuming yes]) 2406 ] 2407 ) 2408fi 2409 2410if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2411 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2412 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2413 AC_RUN_IFELSE( 2414 [AC_LANG_PROGRAM([[ 2415#include <stdio.h> 2416#include <sys/socket.h> 2417#include <netdb.h> 2418#include <errno.h> 2419#include <netinet/in.h> 2420 2421#define TEST_PORT "2222" 2422 ]], [[ 2423 int err, sock; 2424 struct addrinfo *gai_ai, *ai, hints; 2425 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2426 2427 memset(&hints, 0, sizeof(hints)); 2428 hints.ai_family = PF_UNSPEC; 2429 hints.ai_socktype = SOCK_STREAM; 2430 hints.ai_flags = AI_PASSIVE; 2431 2432 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2433 if (err != 0) { 2434 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2435 exit(1); 2436 } 2437 2438 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2439 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2440 continue; 2441 2442 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2443 sizeof(ntop), strport, sizeof(strport), 2444 NI_NUMERICHOST|NI_NUMERICSERV); 2445 2446 if (ai->ai_family == AF_INET && err != 0) { 2447 perror("getnameinfo"); 2448 exit(2); 2449 } 2450 } 2451 exit(0); 2452 ]])], 2453 [ 2454 AC_MSG_RESULT([yes]) 2455 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2456 [Define if you have a getaddrinfo that fails 2457 for the all-zeros IPv6 address]) 2458 ], 2459 [ 2460 AC_MSG_RESULT([no]) 2461 AC_DEFINE([BROKEN_GETADDRINFO]) 2462 ], 2463 [ 2464 AC_MSG_RESULT([cross-compiling, assuming no]) 2465 ] 2466 ) 2467fi 2468 2469if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2470 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2471 [#include <sys/types.h> 2472 #include <sys/socket.h> 2473 #include <netdb.h>]) 2474fi 2475 2476if test "x$check_for_conflicting_getspnam" = "x1"; then 2477 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2478 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]], 2479 [[ exit(0); ]])], 2480 [ 2481 AC_MSG_RESULT([no]) 2482 ], 2483 [ 2484 AC_MSG_RESULT([yes]) 2485 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2486 [Conflicting defs for getspnam]) 2487 ] 2488 ) 2489fi 2490 2491dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2492dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2493dnl for over ten years). Despite this incompatibility being reported during 2494dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2495dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2496dnl implementation. Try to detect this mess, and assume the only safe option 2497dnl if we're cross compiling. 2498dnl 2499dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2500dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2501if test "x$ac_cv_func_strnvis" = "xyes"; then 2502 AC_MSG_CHECKING([for working strnvis]) 2503 AC_RUN_IFELSE( 2504 [AC_LANG_PROGRAM([[ 2505#include <signal.h> 2506#include <stdlib.h> 2507#include <string.h> 2508#include <vis.h> 2509static void sighandler(int sig) { _exit(1); } 2510 ]], [[ 2511 char dst[16]; 2512 2513 signal(SIGSEGV, sighandler); 2514 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2515 exit(0); 2516 exit(1) 2517 ]])], 2518 [AC_MSG_RESULT([yes])], 2519 [AC_MSG_RESULT([no]) 2520 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2521 [AC_MSG_WARN([cross compiling: assuming broken]) 2522 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2523 ) 2524fi 2525 2526AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2527AC_RUN_IFELSE( 2528 [AC_LANG_PROGRAM([[ 2529#ifdef HAVE_SYS_SELECT 2530# include <sys/select.h> 2531#endif 2532#include <sys/types.h> 2533#include <sys/time.h> 2534#include <stdlib.h> 2535#include <signal.h> 2536static void sighandler(int sig) { } 2537 ]], [[ 2538 int r; 2539 pid_t pid; 2540 struct sigaction sa; 2541 2542 sa.sa_handler = sighandler; 2543 sa.sa_flags = SA_RESTART; 2544 (void)sigaction(SIGTERM, &sa, NULL); 2545 if ((pid = fork()) == 0) { /* child */ 2546 pid = getppid(); 2547 sleep(1); 2548 kill(pid, SIGTERM); 2549 sleep(1); 2550 if (getppid() == pid) /* if parent did not exit, shoot it */ 2551 kill(pid, SIGKILL); 2552 exit(0); 2553 } else { /* parent */ 2554 r = select(0, NULL, NULL, NULL, NULL); 2555 } 2556 exit(r == -1 ? 0 : 1); 2557 ]])], 2558 [AC_MSG_RESULT([yes])], 2559 [AC_MSG_RESULT([no]) 2560 AC_DEFINE([NO_SA_RESTART], [1], 2561 [SA_RESTARTed signals do no interrupt select])], 2562 [AC_MSG_WARN([cross compiling: assuming yes])] 2563) 2564 2565AC_CHECK_FUNCS([getpgrp],[ 2566 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2567 AC_COMPILE_IFELSE( 2568 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2569 [ AC_MSG_RESULT([yes]) 2570 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2571 [ AC_MSG_RESULT([no]) 2572 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2573 ) 2574]) 2575 2576# Search for OpenSSL 2577saved_CPPFLAGS="$CPPFLAGS" 2578saved_LDFLAGS="$LDFLAGS" 2579AC_ARG_WITH([ssl-dir], 2580 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2581 [ 2582 if test "x$openssl" = "xno" ; then 2583 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2584 fi 2585 if test "x$withval" != "xno" ; then 2586 case "$withval" in 2587 # Relative paths 2588 ./*|../*) withval="`pwd`/$withval" 2589 esac 2590 if test -d "$withval/lib"; then 2591 if test -n "${rpath_opt}"; then 2592 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 2593 else 2594 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2595 fi 2596 elif test -d "$withval/lib64"; then 2597 if test -n "${rpath_opt}"; then 2598 LDFLAGS="-L${withval}/lib64 ${rpath_opt}${withval}/lib64 ${LDFLAGS}" 2599 else 2600 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2601 fi 2602 else 2603 if test -n "${rpath_opt}"; then 2604 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 2605 else 2606 LDFLAGS="-L${withval} ${LDFLAGS}" 2607 fi 2608 fi 2609 if test -d "$withval/include"; then 2610 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2611 else 2612 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2613 fi 2614 fi 2615 ] 2616) 2617 2618AC_ARG_WITH([openssl-header-check], 2619 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2620 [ 2621 if test "x$withval" = "xno" ; then 2622 openssl_check_nonfatal=1 2623 fi 2624 ] 2625) 2626 2627openssl_engine=no 2628AC_ARG_WITH([ssl-engine], 2629 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2630 [ 2631 if test "x$withval" != "xno" ; then 2632 if test "x$openssl" = "xno" ; then 2633 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2634 fi 2635 openssl_engine=yes 2636 fi 2637 ] 2638) 2639 2640if test "x$openssl" = "xyes" ; then 2641 LIBS="-lcrypto $LIBS" 2642 AC_TRY_LINK_FUNC([RAND_add], , 2643 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2644 AC_CHECK_HEADER([openssl/opensslv.h], , 2645 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2646 2647 # Determine OpenSSL header version 2648 AC_MSG_CHECKING([OpenSSL header version]) 2649 AC_RUN_IFELSE( 2650 [AC_LANG_PROGRAM([[ 2651 #include <stdlib.h> 2652 #include <stdio.h> 2653 #include <string.h> 2654 #include <openssl/opensslv.h> 2655 #define DATA "conftest.sslincver" 2656 ]], [[ 2657 FILE *fd; 2658 int rc; 2659 2660 fd = fopen(DATA,"w"); 2661 if(fd == NULL) 2662 exit(1); 2663 2664 if ((rc = fprintf(fd, "%08lx (%s)\n", 2665 (unsigned long)OPENSSL_VERSION_NUMBER, 2666 OPENSSL_VERSION_TEXT)) < 0) 2667 exit(1); 2668 2669 exit(0); 2670 ]])], 2671 [ 2672 ssl_header_ver=`cat conftest.sslincver` 2673 AC_MSG_RESULT([$ssl_header_ver]) 2674 ], 2675 [ 2676 AC_MSG_RESULT([not found]) 2677 AC_MSG_ERROR([OpenSSL version header not found.]) 2678 ], 2679 [ 2680 AC_MSG_WARN([cross compiling: not checking]) 2681 ] 2682 ) 2683 2684 # Determining OpenSSL library version is version dependent. 2685 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2686 2687 # Determine OpenSSL library version 2688 AC_MSG_CHECKING([OpenSSL library version]) 2689 AC_RUN_IFELSE( 2690 [AC_LANG_PROGRAM([[ 2691 #include <stdio.h> 2692 #include <string.h> 2693 #include <openssl/opensslv.h> 2694 #include <openssl/crypto.h> 2695 #define DATA "conftest.ssllibver" 2696 ]], [[ 2697 FILE *fd; 2698 int rc; 2699 2700 fd = fopen(DATA,"w"); 2701 if(fd == NULL) 2702 exit(1); 2703#ifndef OPENSSL_VERSION 2704# define OPENSSL_VERSION SSLEAY_VERSION 2705#endif 2706#ifndef HAVE_OPENSSL_VERSION 2707# define OpenSSL_version SSLeay_version 2708#endif 2709#ifndef HAVE_OPENSSL_VERSION_NUM 2710# define OpenSSL_version_num SSLeay 2711#endif 2712 if ((rc = fprintf(fd, "%08lx (%s)\n", 2713 (unsigned long)OpenSSL_version_num(), 2714 OpenSSL_version(OPENSSL_VERSION))) < 0) 2715 exit(1); 2716 2717 exit(0); 2718 ]])], 2719 [ 2720 ssl_library_ver=`cat conftest.ssllibver` 2721 # Check version is supported. 2722 case "$ssl_library_ver" in 2723 10000*|0*) 2724 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2725 ;; 2726 100*) ;; # 1.0.x 2727 101000[[0123456]]*) 2728 # https://github.com/openssl/openssl/pull/4613 2729 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) 2730 ;; 2731 101*) ;; # 1.1.x 2732 200*) ;; # LibreSSL 2733 300*) ;; # OpenSSL development branch. 2734 *) 2735 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) 2736 ;; 2737 esac 2738 AC_MSG_RESULT([$ssl_library_ver]) 2739 ], 2740 [ 2741 AC_MSG_RESULT([not found]) 2742 AC_MSG_ERROR([OpenSSL library not found.]) 2743 ], 2744 [ 2745 AC_MSG_WARN([cross compiling: not checking]) 2746 ] 2747 ) 2748 2749 # Sanity check OpenSSL headers 2750 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2751 AC_RUN_IFELSE( 2752 [AC_LANG_PROGRAM([[ 2753 #include <string.h> 2754 #include <openssl/opensslv.h> 2755 #include <openssl/crypto.h> 2756 ]], [[ 2757#ifndef HAVE_OPENSSL_VERSION_NUM 2758# define OpenSSL_version_num SSLeay 2759#endif 2760 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2761 ]])], 2762 [ 2763 AC_MSG_RESULT([yes]) 2764 ], 2765 [ 2766 AC_MSG_RESULT([no]) 2767 if test "x$openssl_check_nonfatal" = "x"; then 2768 AC_MSG_ERROR([Your OpenSSL headers do not match your 2769 library. Check config.log for details. 2770 If you are sure your installation is consistent, you can disable the check 2771 by running "./configure --without-openssl-header-check". 2772 Also see contrib/findssl.sh for help identifying header/library mismatches. 2773 ]) 2774 else 2775 AC_MSG_WARN([Your OpenSSL headers do not match your 2776 library. Check config.log for details. 2777 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2778 fi 2779 ], 2780 [ 2781 AC_MSG_WARN([cross compiling: not checking]) 2782 ] 2783 ) 2784 2785 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2786 AC_LINK_IFELSE( 2787 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2788 [[ ERR_load_crypto_strings(); ]])], 2789 [ 2790 AC_MSG_RESULT([yes]) 2791 ], 2792 [ 2793 AC_MSG_RESULT([no]) 2794 saved_LIBS="$LIBS" 2795 LIBS="$LIBS -ldl" 2796 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2797 AC_LINK_IFELSE( 2798 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2799 [[ ERR_load_crypto_strings(); ]])], 2800 [ 2801 AC_MSG_RESULT([yes]) 2802 ], 2803 [ 2804 AC_MSG_RESULT([no]) 2805 LIBS="$saved_LIBS" 2806 ] 2807 ) 2808 ] 2809 ) 2810 2811 AC_CHECK_FUNCS([ \ 2812 BN_is_prime_ex \ 2813 DSA_generate_parameters_ex \ 2814 EVP_CIPHER_CTX_ctrl \ 2815 EVP_DigestFinal_ex \ 2816 EVP_DigestInit_ex \ 2817 EVP_MD_CTX_cleanup \ 2818 EVP_MD_CTX_copy_ex \ 2819 EVP_MD_CTX_init \ 2820 HMAC_CTX_init \ 2821 RSA_generate_key_ex \ 2822 RSA_get_default_method \ 2823 ]) 2824 2825 # OpenSSL_add_all_algorithms may be a macro. 2826 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 2827 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 2828 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 2829 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 2830 [[#include <openssl/evp.h>]] 2831 ) 2832 ) 2833 2834 # LibreSSL/OpenSSL 1.1x API 2835 AC_CHECK_FUNCS([ \ 2836 OPENSSL_init_crypto \ 2837 DH_get0_key \ 2838 DH_get0_pqg \ 2839 DH_set0_key \ 2840 DH_set_length \ 2841 DH_set0_pqg \ 2842 DSA_get0_key \ 2843 DSA_get0_pqg \ 2844 DSA_set0_key \ 2845 DSA_set0_pqg \ 2846 DSA_SIG_get0 \ 2847 DSA_SIG_set0 \ 2848 ECDSA_SIG_get0 \ 2849 ECDSA_SIG_set0 \ 2850 EVP_CIPHER_CTX_iv \ 2851 EVP_CIPHER_CTX_iv_noconst \ 2852 EVP_CIPHER_CTX_get_iv \ 2853 EVP_CIPHER_CTX_set_iv \ 2854 RSA_get0_crt_params \ 2855 RSA_get0_factors \ 2856 RSA_get0_key \ 2857 RSA_set0_crt_params \ 2858 RSA_set0_factors \ 2859 RSA_set0_key \ 2860 RSA_meth_free \ 2861 RSA_meth_dup \ 2862 RSA_meth_set1_name \ 2863 RSA_meth_get_finish \ 2864 RSA_meth_set_priv_enc \ 2865 RSA_meth_set_priv_dec \ 2866 RSA_meth_set_finish \ 2867 EVP_PKEY_get0_RSA \ 2868 EVP_MD_CTX_new \ 2869 EVP_MD_CTX_free \ 2870 EVP_chacha20 \ 2871 ]) 2872 2873 if test "x$openssl_engine" = "xyes" ; then 2874 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2875 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2876 #include <openssl/engine.h> 2877 ]], [[ 2878 ENGINE_load_builtin_engines(); 2879 ENGINE_register_all_complete(); 2880 ]])], 2881 [ AC_MSG_RESULT([yes]) 2882 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2883 [Enable OpenSSL engine support]) 2884 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2885 ]) 2886 fi 2887 2888 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2889 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2890 AC_LINK_IFELSE( 2891 [AC_LANG_PROGRAM([[ 2892 #include <string.h> 2893 #include <openssl/evp.h> 2894 ]], [[ 2895 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2896 ]])], 2897 [ 2898 AC_MSG_RESULT([no]) 2899 ], 2900 [ 2901 AC_MSG_RESULT([yes]) 2902 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2903 [libcrypto is missing AES 192 and 256 bit functions]) 2904 ] 2905 ) 2906 2907 # Check for OpenSSL with EVP_aes_*ctr 2908 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2909 AC_LINK_IFELSE( 2910 [AC_LANG_PROGRAM([[ 2911 #include <string.h> 2912 #include <openssl/evp.h> 2913 ]], [[ 2914 exit(EVP_aes_128_ctr() == NULL || 2915 EVP_aes_192_cbc() == NULL || 2916 EVP_aes_256_cbc() == NULL); 2917 ]])], 2918 [ 2919 AC_MSG_RESULT([yes]) 2920 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2921 [libcrypto has EVP AES CTR]) 2922 ], 2923 [ 2924 AC_MSG_RESULT([no]) 2925 ] 2926 ) 2927 2928 # Check for OpenSSL with EVP_aes_*gcm 2929 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2930 AC_LINK_IFELSE( 2931 [AC_LANG_PROGRAM([[ 2932 #include <string.h> 2933 #include <openssl/evp.h> 2934 ]], [[ 2935 exit(EVP_aes_128_gcm() == NULL || 2936 EVP_aes_256_gcm() == NULL || 2937 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2938 EVP_CTRL_GCM_IV_GEN == 0 || 2939 EVP_CTRL_GCM_SET_TAG == 0 || 2940 EVP_CTRL_GCM_GET_TAG == 0 || 2941 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2942 ]])], 2943 [ 2944 AC_MSG_RESULT([yes]) 2945 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2946 [libcrypto has EVP AES GCM]) 2947 ], 2948 [ 2949 AC_MSG_RESULT([no]) 2950 unsupported_algorithms="$unsupported_cipers \ 2951 aes128-gcm@openssh.com \ 2952 aes256-gcm@openssh.com" 2953 ] 2954 ) 2955 2956 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2957 AC_LINK_IFELSE( 2958 [AC_LANG_PROGRAM([[ 2959 #include <string.h> 2960 #include <openssl/evp.h> 2961 ]], [[ 2962 if(EVP_DigestUpdate(NULL, NULL,0)) 2963 exit(0); 2964 ]])], 2965 [ 2966 AC_MSG_RESULT([yes]) 2967 ], 2968 [ 2969 AC_MSG_RESULT([no]) 2970 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2971 [Define if EVP_DigestUpdate returns void]) 2972 ] 2973 ) 2974 2975 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2976 # because the system crypt() is more featureful. 2977 if test "x$check_for_libcrypt_before" = "x1"; then 2978 AC_CHECK_LIB([crypt], [crypt]) 2979 fi 2980 2981 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2982 # version in OpenSSL. 2983 if test "x$check_for_libcrypt_later" = "x1"; then 2984 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2985 fi 2986 AC_CHECK_FUNCS([crypt DES_crypt]) 2987 2988 # Check for SHA256, SHA384 and SHA512 support in OpenSSL 2989 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) 2990 2991 # Check complete ECC support in OpenSSL 2992 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 2993 AC_LINK_IFELSE( 2994 [AC_LANG_PROGRAM([[ 2995 #include <openssl/ec.h> 2996 #include <openssl/ecdh.h> 2997 #include <openssl/ecdsa.h> 2998 #include <openssl/evp.h> 2999 #include <openssl/objects.h> 3000 #include <openssl/opensslv.h> 3001 ]], [[ 3002 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 3003 const EVP_MD *m = EVP_sha256(); /* We need this too */ 3004 ]])], 3005 [ AC_MSG_RESULT([yes]) 3006 enable_nistp256=1 ], 3007 [ AC_MSG_RESULT([no]) ] 3008 ) 3009 3010 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3011 AC_LINK_IFELSE( 3012 [AC_LANG_PROGRAM([[ 3013 #include <openssl/ec.h> 3014 #include <openssl/ecdh.h> 3015 #include <openssl/ecdsa.h> 3016 #include <openssl/evp.h> 3017 #include <openssl/objects.h> 3018 #include <openssl/opensslv.h> 3019 ]], [[ 3020 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3021 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3022 ]])], 3023 [ AC_MSG_RESULT([yes]) 3024 enable_nistp384=1 ], 3025 [ AC_MSG_RESULT([no]) ] 3026 ) 3027 3028 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3029 AC_LINK_IFELSE( 3030 [AC_LANG_PROGRAM([[ 3031 #include <openssl/ec.h> 3032 #include <openssl/ecdh.h> 3033 #include <openssl/ecdsa.h> 3034 #include <openssl/evp.h> 3035 #include <openssl/objects.h> 3036 #include <openssl/opensslv.h> 3037 ]], [[ 3038 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3039 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3040 ]])], 3041 [ AC_MSG_RESULT([yes]) 3042 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3043 AC_RUN_IFELSE( 3044 [AC_LANG_PROGRAM([[ 3045 #include <openssl/ec.h> 3046 #include <openssl/ecdh.h> 3047 #include <openssl/ecdsa.h> 3048 #include <openssl/evp.h> 3049 #include <openssl/objects.h> 3050 #include <openssl/opensslv.h> 3051 ]],[[ 3052 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3053 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3054 exit(e == NULL || m == NULL); 3055 ]])], 3056 [ AC_MSG_RESULT([yes]) 3057 enable_nistp521=1 ], 3058 [ AC_MSG_RESULT([no]) ], 3059 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3060 enable_nistp521=1 ] 3061 )], 3062 AC_MSG_RESULT([no]) 3063 ) 3064 3065 COMMENT_OUT_ECC="#no ecc#" 3066 TEST_SSH_ECC=no 3067 3068 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3069 test x$enable_nistp521 = x1; then 3070 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3071 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3072 openssl_ecc=yes 3073 else 3074 openssl_ecc=no 3075 fi 3076 if test x$enable_nistp256 = x1; then 3077 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3078 [libcrypto has NID_X9_62_prime256v1]) 3079 TEST_SSH_ECC=yes 3080 COMMENT_OUT_ECC="" 3081 else 3082 unsupported_algorithms="$unsupported_algorithms \ 3083 ecdsa-sha2-nistp256 \ 3084 ecdh-sha2-nistp256 \ 3085 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3086 fi 3087 if test x$enable_nistp384 = x1; then 3088 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3089 TEST_SSH_ECC=yes 3090 COMMENT_OUT_ECC="" 3091 else 3092 unsupported_algorithms="$unsupported_algorithms \ 3093 ecdsa-sha2-nistp384 \ 3094 ecdh-sha2-nistp384 \ 3095 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3096 fi 3097 if test x$enable_nistp521 = x1; then 3098 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3099 TEST_SSH_ECC=yes 3100 COMMENT_OUT_ECC="" 3101 else 3102 unsupported_algorithms="$unsupported_algorithms \ 3103 ecdh-sha2-nistp521 \ 3104 ecdsa-sha2-nistp521 \ 3105 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3106 fi 3107 3108 AC_SUBST([TEST_SSH_ECC]) 3109 AC_SUBST([COMMENT_OUT_ECC]) 3110else 3111 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3112 AC_CHECK_FUNCS([crypt]) 3113fi 3114 3115# PKCS11/U2F depend on OpenSSL and dlopen(). 3116enable_pkcs11=yes 3117enable_sk=yes 3118if test "x$openssl" != "xyes" ; then 3119 enable_pkcs11="disabled; missing libcrypto" 3120 enable_sk="disabled; missing libcrypto" 3121fi 3122if test "x$openssl_ecc" != "xyes" ; then 3123 enable_sk="disabled; OpenSSL has no ECC support" 3124fi 3125if test "x$ac_cv_func_dlopen" != "xyes" ; then 3126 enable_pkcs11="disabled; missing dlopen(3)" 3127 enable_sk="disabled; missing dlopen(3)" 3128fi 3129if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3130 enable_pkcs11="disabled; missing RTLD_NOW" 3131 enable_sk="disabled; missing RTLD_NOW" 3132fi 3133if test ! -z "$disable_pkcs11" ; then 3134 enable_pkcs11="disabled by user" 3135fi 3136if test ! -z "$disable_sk" ; then 3137 enable_sk="disabled by user" 3138fi 3139 3140AC_MSG_CHECKING([whether to enable PKCS11]) 3141if test "x$enable_pkcs11" = "xyes" ; then 3142 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3143fi 3144AC_MSG_RESULT([$enable_pkcs11]) 3145 3146AC_MSG_CHECKING([whether to enable U2F]) 3147if test "x$enable_sk" = "xyes" ; then 3148 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3149 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3150else 3151 # Do not try to build sk-dummy library. 3152 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3153fi 3154AC_MSG_RESULT([$enable_sk]) 3155 3156# Now check for built-in security key support. 3157if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then 3158 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 3159 use_pkgconfig_for_libfido2= 3160 if test "x$PKGCONFIG" != "xno"; then 3161 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3162 if "$PKGCONFIG" libfido2; then 3163 AC_MSG_RESULT([yes]) 3164 use_pkgconfig_for_libfido2=yes 3165 else 3166 AC_MSG_RESULT([no]) 3167 fi 3168 fi 3169 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3170 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3171 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3172 else 3173 LIBFIDO2="-lfido2 -lcbor" 3174 fi 3175 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3176 AC_CHECK_LIB([fido2], [fido_init], 3177 [ 3178 AC_SUBST([LIBFIDO2]) 3179 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3180 [Enable for built-in U2F/FIDO support]) 3181 enable_sk="built-in" 3182 ], [ AC_MSG_ERROR([no usable libfido2 found]) ], 3183 [ $OTHERLIBS ] 3184 ) 3185 AC_CHECK_LIB([fido2], [fido_cred_set_prot], [], 3186 [ AC_MSG_ERROR([libfido2 missing fido_cred_set_prot; please use libfido2 >= 1.4.0]) ], 3187 ) 3188 AC_CHECK_HEADER([fido.h], [], 3189 AC_MSG_ERROR([missing fido.h from libfido2])) 3190 AC_CHECK_HEADER([fido/credman.h], [], 3191 AC_MSG_ERROR([missing fido/credman.h from libfido2]), 3192 [#include <fido.h>] 3193 ) 3194fi 3195 3196AC_CHECK_FUNCS([ \ 3197 arc4random \ 3198 arc4random_buf \ 3199 arc4random_stir \ 3200 arc4random_uniform \ 3201]) 3202 3203saved_LIBS="$LIBS" 3204AC_CHECK_LIB([iaf], [ia_openinfo], [ 3205 LIBS="$LIBS -liaf" 3206 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3207 AC_DEFINE([HAVE_LIBIAF], [1], 3208 [Define if system has libiaf that supports set_id]) 3209 ]) 3210]) 3211LIBS="$saved_LIBS" 3212 3213### Configure cryptographic random number support 3214 3215# Check whether OpenSSL seeds itself 3216if test "x$openssl" = "xyes" ; then 3217 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3218 AC_RUN_IFELSE( 3219 [AC_LANG_PROGRAM([[ 3220 #include <string.h> 3221 #include <openssl/rand.h> 3222 ]], [[ 3223 exit(RAND_status() == 1 ? 0 : 1); 3224 ]])], 3225 [ 3226 OPENSSL_SEEDS_ITSELF=yes 3227 AC_MSG_RESULT([yes]) 3228 ], 3229 [ 3230 AC_MSG_RESULT([no]) 3231 ], 3232 [ 3233 AC_MSG_WARN([cross compiling: assuming yes]) 3234 # This is safe, since we will fatal() at runtime if 3235 # OpenSSL is not seeded correctly. 3236 OPENSSL_SEEDS_ITSELF=yes 3237 ] 3238 ) 3239fi 3240 3241# PRNGD TCP socket 3242AC_ARG_WITH([prngd-port], 3243 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3244 [ 3245 case "$withval" in 3246 no) 3247 withval="" 3248 ;; 3249 [[0-9]]*) 3250 ;; 3251 *) 3252 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3253 ;; 3254 esac 3255 if test ! -z "$withval" ; then 3256 PRNGD_PORT="$withval" 3257 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3258 [Port number of PRNGD/EGD random number socket]) 3259 fi 3260 ] 3261) 3262 3263# PRNGD Unix domain socket 3264AC_ARG_WITH([prngd-socket], 3265 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3266 [ 3267 case "$withval" in 3268 yes) 3269 withval="/var/run/egd-pool" 3270 ;; 3271 no) 3272 withval="" 3273 ;; 3274 /*) 3275 ;; 3276 *) 3277 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3278 ;; 3279 esac 3280 3281 if test ! -z "$withval" ; then 3282 if test ! -z "$PRNGD_PORT" ; then 3283 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3284 fi 3285 if test ! -r "$withval" ; then 3286 AC_MSG_WARN([Entropy socket is not readable]) 3287 fi 3288 PRNGD_SOCKET="$withval" 3289 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3290 [Location of PRNGD/EGD random number socket]) 3291 fi 3292 ], 3293 [ 3294 # Check for existing socket only if we don't have a random device already 3295 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3296 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3297 # Insert other locations here 3298 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3299 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3300 PRNGD_SOCKET="$sock" 3301 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3302 break; 3303 fi 3304 done 3305 if test ! -z "$PRNGD_SOCKET" ; then 3306 AC_MSG_RESULT([$PRNGD_SOCKET]) 3307 else 3308 AC_MSG_RESULT([not found]) 3309 fi 3310 fi 3311 ] 3312) 3313 3314# Which randomness source do we use? 3315if test ! -z "$PRNGD_PORT" ; then 3316 RAND_MSG="PRNGd port $PRNGD_PORT" 3317elif test ! -z "$PRNGD_SOCKET" ; then 3318 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3319elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3320 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3321 [Define if you want the OpenSSL internally seeded PRNG only]) 3322 RAND_MSG="OpenSSL internal ONLY" 3323elif test "x$openssl" = "xno" ; then 3324 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3325else 3326 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3327fi 3328 3329# Check for PAM libs 3330PAM_MSG="no" 3331AC_ARG_WITH([pam], 3332 [ --with-pam Enable PAM support ], 3333 [ 3334 if test "x$withval" != "xno" ; then 3335 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3336 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3337 AC_MSG_ERROR([PAM headers not found]) 3338 fi 3339 3340 saved_LIBS="$LIBS" 3341 AC_CHECK_LIB([dl], [dlopen], , ) 3342 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3343 AC_CHECK_FUNCS([pam_getenvlist]) 3344 AC_CHECK_FUNCS([pam_putenv]) 3345 LIBS="$saved_LIBS" 3346 3347 PAM_MSG="yes" 3348 3349 SSHDLIBS="$SSHDLIBS -lpam" 3350 AC_DEFINE([USE_PAM], [1], 3351 [Define if you want to enable PAM support]) 3352 3353 if test $ac_cv_lib_dl_dlopen = yes; then 3354 case "$LIBS" in 3355 *-ldl*) 3356 # libdl already in LIBS 3357 ;; 3358 *) 3359 SSHDLIBS="$SSHDLIBS -ldl" 3360 ;; 3361 esac 3362 fi 3363 fi 3364 ] 3365) 3366 3367AC_ARG_WITH([pam-service], 3368 [ --with-pam-service=name Specify PAM service name ], 3369 [ 3370 if test "x$withval" != "xno" && \ 3371 test "x$withval" != "xyes" ; then 3372 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3373 ["$withval"], [sshd PAM service name]) 3374 fi 3375 ] 3376) 3377 3378# Check for older PAM 3379if test "x$PAM_MSG" = "xyes" ; then 3380 # Check PAM strerror arguments (old PAM) 3381 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3382 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3383#include <stdlib.h> 3384#if defined(HAVE_SECURITY_PAM_APPL_H) 3385#include <security/pam_appl.h> 3386#elif defined (HAVE_PAM_PAM_APPL_H) 3387#include <pam/pam_appl.h> 3388#endif 3389 ]], [[ 3390(void)pam_strerror((pam_handle_t *)NULL, -1); 3391 ]])], [AC_MSG_RESULT([no])], [ 3392 AC_DEFINE([HAVE_OLD_PAM], [1], 3393 [Define if you have an old version of PAM 3394 which takes only one argument to pam_strerror]) 3395 AC_MSG_RESULT([yes]) 3396 PAM_MSG="yes (old library)" 3397 3398 ]) 3399fi 3400 3401case "$host" in 3402*-*-cygwin*) 3403 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3404 ;; 3405*) 3406 SSH_PRIVSEP_USER=sshd 3407 ;; 3408esac 3409AC_ARG_WITH([privsep-user], 3410 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3411 [ 3412 if test -n "$withval" && test "x$withval" != "xno" && \ 3413 test "x${withval}" != "xyes"; then 3414 SSH_PRIVSEP_USER=$withval 3415 fi 3416 ] 3417) 3418if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3419 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3420 [Cygwin function to fetch non-privileged user for privilege separation]) 3421else 3422 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3423 [non-privileged user for privilege separation]) 3424fi 3425AC_SUBST([SSH_PRIVSEP_USER]) 3426 3427if test "x$have_linux_no_new_privs" = "x1" ; then 3428AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3429 #include <sys/types.h> 3430 #include <linux/seccomp.h> 3431]) 3432fi 3433if test "x$have_seccomp_filter" = "x1" ; then 3434AC_MSG_CHECKING([kernel for seccomp_filter support]) 3435AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3436 #include <errno.h> 3437 #include <elf.h> 3438 #include <linux/audit.h> 3439 #include <linux/seccomp.h> 3440 #include <stdlib.h> 3441 #include <sys/prctl.h> 3442 ]], 3443 [[ int i = $seccomp_audit_arch; 3444 errno = 0; 3445 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3446 exit(errno == EFAULT ? 0 : 1); ]])], 3447 [ AC_MSG_RESULT([yes]) ], [ 3448 AC_MSG_RESULT([no]) 3449 # Disable seccomp filter as a target 3450 have_seccomp_filter=0 3451 ] 3452) 3453fi 3454 3455# Decide which sandbox style to use 3456sandbox_arg="" 3457AC_ARG_WITH([sandbox], 3458 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3459 [ 3460 if test "x$withval" = "xyes" ; then 3461 sandbox_arg="" 3462 else 3463 sandbox_arg="$withval" 3464 fi 3465 ] 3466) 3467 3468# Some platforms (seems to be the ones that have a kernel poll(2)-type 3469# function with which they implement select(2)) use an extra file descriptor 3470# when calling select(2), which means we can't use the rlimit sandbox. 3471AC_MSG_CHECKING([if select works with descriptor rlimit]) 3472AC_RUN_IFELSE( 3473 [AC_LANG_PROGRAM([[ 3474#include <sys/types.h> 3475#ifdef HAVE_SYS_TIME_H 3476# include <sys/time.h> 3477#endif 3478#include <sys/resource.h> 3479#ifdef HAVE_SYS_SELECT_H 3480# include <sys/select.h> 3481#endif 3482#include <errno.h> 3483#include <fcntl.h> 3484#include <stdlib.h> 3485 ]],[[ 3486 struct rlimit rl_zero; 3487 int fd, r; 3488 fd_set fds; 3489 struct timeval tv; 3490 3491 fd = open("/dev/null", O_RDONLY); 3492 FD_ZERO(&fds); 3493 FD_SET(fd, &fds); 3494 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3495 setrlimit(RLIMIT_FSIZE, &rl_zero); 3496 setrlimit(RLIMIT_NOFILE, &rl_zero); 3497 tv.tv_sec = 1; 3498 tv.tv_usec = 0; 3499 r = select(fd+1, &fds, NULL, NULL, &tv); 3500 exit (r == -1 ? 1 : 0); 3501 ]])], 3502 [AC_MSG_RESULT([yes]) 3503 select_works_with_rlimit=yes], 3504 [AC_MSG_RESULT([no]) 3505 select_works_with_rlimit=no], 3506 [AC_MSG_WARN([cross compiling: assuming yes]) 3507 select_works_with_rlimit=yes] 3508) 3509 3510AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3511AC_RUN_IFELSE( 3512 [AC_LANG_PROGRAM([[ 3513#include <sys/types.h> 3514#ifdef HAVE_SYS_TIME_H 3515# include <sys/time.h> 3516#endif 3517#include <sys/resource.h> 3518#include <errno.h> 3519#include <stdlib.h> 3520 ]],[[ 3521 struct rlimit rl_zero; 3522 int r; 3523 3524 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3525 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3526 exit (r == -1 ? 1 : 0); 3527 ]])], 3528 [AC_MSG_RESULT([yes]) 3529 rlimit_nofile_zero_works=yes], 3530 [AC_MSG_RESULT([no]) 3531 rlimit_nofile_zero_works=no], 3532 [AC_MSG_WARN([cross compiling: assuming yes]) 3533 rlimit_nofile_zero_works=yes] 3534) 3535 3536AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3537AC_RUN_IFELSE( 3538 [AC_LANG_PROGRAM([[ 3539#include <sys/types.h> 3540#include <sys/resource.h> 3541#include <stdlib.h> 3542 ]],[[ 3543 struct rlimit rl_zero; 3544 3545 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3546 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3547 ]])], 3548 [AC_MSG_RESULT([yes])], 3549 [AC_MSG_RESULT([no]) 3550 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3551 [setrlimit RLIMIT_FSIZE works])], 3552 [AC_MSG_WARN([cross compiling: assuming yes])] 3553) 3554 3555if test "x$sandbox_arg" = "xpledge" || \ 3556 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3557 test "x$ac_cv_func_pledge" != "xyes" && \ 3558 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3559 SANDBOX_STYLE="pledge" 3560 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3561elif test "x$sandbox_arg" = "xsystrace" || \ 3562 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3563 test "x$have_systr_policy_kill" != "x1" && \ 3564 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3565 SANDBOX_STYLE="systrace" 3566 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3567elif test "x$sandbox_arg" = "xdarwin" || \ 3568 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3569 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3570 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3571 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3572 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3573 SANDBOX_STYLE="darwin" 3574 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3575elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3576 ( test -z "$sandbox_arg" && \ 3577 test "x$have_seccomp_filter" = "x1" && \ 3578 test "x$ac_cv_header_elf_h" = "xyes" && \ 3579 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3580 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3581 test "x$seccomp_audit_arch" != "x" && \ 3582 test "x$have_linux_no_new_privs" = "x1" && \ 3583 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3584 test "x$seccomp_audit_arch" = "x" && \ 3585 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3586 test "x$have_linux_no_new_privs" != "x1" && \ 3587 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3588 test "x$have_seccomp_filter" != "x1" && \ 3589 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3590 test "x$ac_cv_func_prctl" != "xyes" && \ 3591 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3592 SANDBOX_STYLE="seccomp_filter" 3593 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3594elif test "x$sandbox_arg" = "xcapsicum" || \ 3595 ( test -z "$sandbox_arg" && \ 3596 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3597 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3598 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3599 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3600 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3601 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3602 SANDBOX_STYLE="capsicum" 3603 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3604elif test "x$sandbox_arg" = "xrlimit" || \ 3605 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3606 test "x$select_works_with_rlimit" = "xyes" && \ 3607 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3608 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3609 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3610 test "x$select_works_with_rlimit" != "xyes" && \ 3611 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3612 SANDBOX_STYLE="rlimit" 3613 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3614elif test "x$sandbox_arg" = "xsolaris" || \ 3615 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3616 SANDBOX_STYLE="solaris" 3617 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3618elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3619 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3620 SANDBOX_STYLE="none" 3621 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3622else 3623 AC_MSG_ERROR([unsupported --with-sandbox]) 3624fi 3625 3626# Cheap hack to ensure NEWS-OS libraries are arranged right. 3627if test ! -z "$SONY" ; then 3628 LIBS="$LIBS -liberty"; 3629fi 3630 3631# Check for long long datatypes 3632AC_CHECK_TYPES([long long, unsigned long long, long double]) 3633 3634# Check datatype sizes 3635AC_CHECK_SIZEOF([short int]) 3636AC_CHECK_SIZEOF([int]) 3637AC_CHECK_SIZEOF([long int]) 3638AC_CHECK_SIZEOF([long long int]) 3639 3640# Sanity check long long for some platforms (AIX) 3641if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3642 ac_cv_sizeof_long_long_int=0 3643fi 3644 3645# compute LLONG_MIN and LLONG_MAX if we don't know them. 3646if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3647 AC_MSG_CHECKING([for max value of long long]) 3648 AC_RUN_IFELSE( 3649 [AC_LANG_PROGRAM([[ 3650#include <stdio.h> 3651/* Why is this so damn hard? */ 3652#ifdef __GNUC__ 3653# undef __GNUC__ 3654#endif 3655#define __USE_ISOC99 3656#include <limits.h> 3657#define DATA "conftest.llminmax" 3658#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3659 3660/* 3661 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3662 * we do this the hard way. 3663 */ 3664static int 3665fprint_ll(FILE *f, long long n) 3666{ 3667 unsigned int i; 3668 int l[sizeof(long long) * 8]; 3669 3670 if (n < 0) 3671 if (fprintf(f, "-") < 0) 3672 return -1; 3673 for (i = 0; n != 0; i++) { 3674 l[i] = my_abs(n % 10); 3675 n /= 10; 3676 } 3677 do { 3678 if (fprintf(f, "%d", l[--i]) < 0) 3679 return -1; 3680 } while (i != 0); 3681 if (fprintf(f, " ") < 0) 3682 return -1; 3683 return 0; 3684} 3685 ]], [[ 3686 FILE *f; 3687 long long i, llmin, llmax = 0; 3688 3689 if((f = fopen(DATA,"w")) == NULL) 3690 exit(1); 3691 3692#if defined(LLONG_MIN) && defined(LLONG_MAX) 3693 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3694 llmin = LLONG_MIN; 3695 llmax = LLONG_MAX; 3696#else 3697 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3698 /* This will work on one's complement and two's complement */ 3699 for (i = 1; i > llmax; i <<= 1, i++) 3700 llmax = i; 3701 llmin = llmax + 1LL; /* wrap */ 3702#endif 3703 3704 /* Sanity check */ 3705 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3706 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3707 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3708 fprintf(f, "unknown unknown\n"); 3709 exit(2); 3710 } 3711 3712 if (fprint_ll(f, llmin) < 0) 3713 exit(3); 3714 if (fprint_ll(f, llmax) < 0) 3715 exit(4); 3716 if (fclose(f) < 0) 3717 exit(5); 3718 exit(0); 3719 ]])], 3720 [ 3721 llong_min=`$AWK '{print $1}' conftest.llminmax` 3722 llong_max=`$AWK '{print $2}' conftest.llminmax` 3723 3724 AC_MSG_RESULT([$llong_max]) 3725 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3726 [max value of long long calculated by configure]) 3727 AC_MSG_CHECKING([for min value of long long]) 3728 AC_MSG_RESULT([$llong_min]) 3729 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3730 [min value of long long calculated by configure]) 3731 ], 3732 [ 3733 AC_MSG_RESULT([not found]) 3734 ], 3735 [ 3736 AC_MSG_WARN([cross compiling: not checking]) 3737 ] 3738 ) 3739fi 3740 3741AC_CHECK_DECLS([UINT32_MAX], , , [[ 3742#ifdef HAVE_SYS_LIMITS_H 3743# include <sys/limits.h> 3744#endif 3745#ifdef HAVE_LIMITS_H 3746# include <limits.h> 3747#endif 3748#ifdef HAVE_STDINT_H 3749# include <stdint.h> 3750#endif 3751]]) 3752 3753# More checks for data types 3754AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3755 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3756 [[ u_int a; a = 1;]])], 3757 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3758 ]) 3759]) 3760if test "x$ac_cv_have_u_int" = "xyes" ; then 3761 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3762 have_u_int=1 3763fi 3764 3765AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3766 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3767 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3768 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3769 ]) 3770]) 3771if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3772 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3773 have_intxx_t=1 3774fi 3775 3776if (test -z "$have_intxx_t" && \ 3777 test "x$ac_cv_header_stdint_h" = "xyes") 3778then 3779 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3780 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3781 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3782 [ 3783 AC_DEFINE([HAVE_INTXX_T]) 3784 AC_MSG_RESULT([yes]) 3785 ], [ AC_MSG_RESULT([no]) 3786 ]) 3787fi 3788 3789AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3790 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3791#include <sys/types.h> 3792#ifdef HAVE_STDINT_H 3793# include <stdint.h> 3794#endif 3795#include <sys/socket.h> 3796#ifdef HAVE_SYS_BITYPES_H 3797# include <sys/bitypes.h> 3798#endif 3799 ]], [[ 3800int64_t a; a = 1; 3801 ]])], 3802 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3803 ]) 3804]) 3805if test "x$ac_cv_have_int64_t" = "xyes" ; then 3806 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3807fi 3808 3809AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3810 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3811 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3812 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3813 ]) 3814]) 3815if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3816 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3817 have_u_intxx_t=1 3818fi 3819 3820if test -z "$have_u_intxx_t" ; then 3821 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3822 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3823 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3824 [ 3825 AC_DEFINE([HAVE_U_INTXX_T]) 3826 AC_MSG_RESULT([yes]) 3827 ], [ AC_MSG_RESULT([no]) 3828 ]) 3829fi 3830 3831AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3832 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3833 [[ u_int64_t a; a = 1;]])], 3834 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3835 ]) 3836]) 3837if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3838 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3839 have_u_int64_t=1 3840fi 3841 3842if (test -z "$have_u_int64_t" && \ 3843 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3844then 3845 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3846 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3847 [[ u_int64_t a; a = 1]])], 3848 [ 3849 AC_DEFINE([HAVE_U_INT64_T]) 3850 AC_MSG_RESULT([yes]) 3851 ], [ AC_MSG_RESULT([no]) 3852 ]) 3853fi 3854 3855if test -z "$have_u_intxx_t" ; then 3856 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3857 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3858#include <sys/types.h> 3859 ]], [[ 3860 uint8_t a; 3861 uint16_t b; 3862 uint32_t c; 3863 a = b = c = 1; 3864 ]])], 3865 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3866 ]) 3867 ]) 3868 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3869 AC_DEFINE([HAVE_UINTXX_T], [1], 3870 [define if you have uintxx_t data type]) 3871 fi 3872fi 3873 3874if (test -z "$have_uintxx_t" && \ 3875 test "x$ac_cv_header_stdint_h" = "xyes") 3876then 3877 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3878 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3879 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3880 [ 3881 AC_DEFINE([HAVE_UINTXX_T]) 3882 AC_MSG_RESULT([yes]) 3883 ], [ AC_MSG_RESULT([no]) 3884 ]) 3885fi 3886 3887if (test -z "$have_uintxx_t" && \ 3888 test "x$ac_cv_header_inttypes_h" = "xyes") 3889then 3890 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3891 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3892 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3893 [ 3894 AC_DEFINE([HAVE_UINTXX_T]) 3895 AC_MSG_RESULT([yes]) 3896 ], [ AC_MSG_RESULT([no]) 3897 ]) 3898fi 3899 3900if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3901 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3902then 3903 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3904 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3905#include <sys/bitypes.h> 3906 ]], [[ 3907 int8_t a; int16_t b; int32_t c; 3908 u_int8_t e; u_int16_t f; u_int32_t g; 3909 a = b = c = e = f = g = 1; 3910 ]])], 3911 [ 3912 AC_DEFINE([HAVE_U_INTXX_T]) 3913 AC_DEFINE([HAVE_INTXX_T]) 3914 AC_MSG_RESULT([yes]) 3915 ], [AC_MSG_RESULT([no]) 3916 ]) 3917fi 3918 3919 3920AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3921 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3922 [[ u_char foo; foo = 125; ]])], 3923 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3924 ]) 3925]) 3926if test "x$ac_cv_have_u_char" = "xyes" ; then 3927 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3928fi 3929 3930AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3931#include <sys/types.h> 3932#ifdef HAVE_STDINT_H 3933# include <stdint.h> 3934#endif 3935]) 3936 3937TYPE_SOCKLEN_T 3938 3939AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3940AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3941#include <sys/types.h> 3942#ifdef HAVE_SYS_BITYPES_H 3943#include <sys/bitypes.h> 3944#endif 3945#ifdef HAVE_SYS_STATFS_H 3946#include <sys/statfs.h> 3947#endif 3948#ifdef HAVE_SYS_STATVFS_H 3949#include <sys/statvfs.h> 3950#endif 3951]) 3952 3953AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 3954#include <sys/param.h> 3955#include <sys/types.h> 3956#ifdef HAVE_SYS_BITYPES_H 3957#include <sys/bitypes.h> 3958#endif 3959#ifdef HAVE_SYS_STATFS_H 3960#include <sys/statfs.h> 3961#endif 3962#ifdef HAVE_SYS_STATVFS_H 3963#include <sys/statvfs.h> 3964#endif 3965#ifdef HAVE_SYS_VFS_H 3966#include <sys/vfs.h> 3967#endif 3968#ifdef HAVE_SYS_MOUNT_H 3969#include <sys/mount.h> 3970#endif 3971]]) 3972 3973 3974AC_CHECK_TYPES([in_addr_t, in_port_t], , , 3975[#include <sys/types.h> 3976#include <netinet/in.h>]) 3977 3978AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3979 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3980 [[ size_t foo; foo = 1235; ]])], 3981 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 3982 ]) 3983]) 3984if test "x$ac_cv_have_size_t" = "xyes" ; then 3985 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 3986fi 3987 3988AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 3989 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3990 [[ ssize_t foo; foo = 1235; ]])], 3991 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 3992 ]) 3993]) 3994if test "x$ac_cv_have_ssize_t" = "xyes" ; then 3995 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 3996fi 3997 3998AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 3999 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 4000 [[ clock_t foo; foo = 1235; ]])], 4001 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 4002 ]) 4003]) 4004if test "x$ac_cv_have_clock_t" = "xyes" ; then 4005 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 4006fi 4007 4008AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 4009 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4010#include <sys/types.h> 4011#include <sys/socket.h> 4012 ]], [[ sa_family_t foo; foo = 1235; ]])], 4013 [ ac_cv_have_sa_family_t="yes" ], 4014 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4015#include <sys/types.h> 4016#include <sys/socket.h> 4017#include <netinet/in.h> 4018 ]], [[ sa_family_t foo; foo = 1235; ]])], 4019 [ ac_cv_have_sa_family_t="yes" ], 4020 [ ac_cv_have_sa_family_t="no" ] 4021 ) 4022 ]) 4023]) 4024if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4025 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4026 [define if you have sa_family_t data type]) 4027fi 4028 4029AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4030 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4031 [[ pid_t foo; foo = 1235; ]])], 4032 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4033 ]) 4034]) 4035if test "x$ac_cv_have_pid_t" = "xyes" ; then 4036 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4037fi 4038 4039AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4040 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4041 [[ mode_t foo; foo = 1235; ]])], 4042 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4043 ]) 4044]) 4045if test "x$ac_cv_have_mode_t" = "xyes" ; then 4046 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4047fi 4048 4049 4050AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4051 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4052#include <sys/types.h> 4053#include <sys/socket.h> 4054 ]], [[ struct sockaddr_storage s; ]])], 4055 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4056 [ ac_cv_have_struct_sockaddr_storage="no" 4057 ]) 4058]) 4059if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4060 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4061 [define if you have struct sockaddr_storage data type]) 4062fi 4063 4064AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4065 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4066#include <sys/types.h> 4067#include <netinet/in.h> 4068 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4069 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4070 [ ac_cv_have_struct_sockaddr_in6="no" 4071 ]) 4072]) 4073if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4074 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4075 [define if you have struct sockaddr_in6 data type]) 4076fi 4077 4078AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4079 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4080#include <sys/types.h> 4081#include <netinet/in.h> 4082 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4083 [ ac_cv_have_struct_in6_addr="yes" ], 4084 [ ac_cv_have_struct_in6_addr="no" 4085 ]) 4086]) 4087if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4088 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4089 [define if you have struct in6_addr data type]) 4090 4091dnl Now check for sin6_scope_id 4092 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4093 [ 4094#ifdef HAVE_SYS_TYPES_H 4095#include <sys/types.h> 4096#endif 4097#include <netinet/in.h> 4098 ]) 4099fi 4100 4101AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4102 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4103#include <sys/types.h> 4104#include <sys/socket.h> 4105#include <netdb.h> 4106 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4107 [ ac_cv_have_struct_addrinfo="yes" ], 4108 [ ac_cv_have_struct_addrinfo="no" 4109 ]) 4110]) 4111if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4112 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4113 [define if you have struct addrinfo data type]) 4114fi 4115 4116AC_HEADER_TIME 4117 4118AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4119 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4120 [[ struct timeval tv; tv.tv_sec = 1;]])], 4121 [ ac_cv_have_struct_timeval="yes" ], 4122 [ ac_cv_have_struct_timeval="no" 4123 ]) 4124]) 4125if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4126 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4127 have_struct_timeval=1 4128fi 4129 4130AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4131 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4132 #ifdef TIME_WITH_SYS_TIME 4133 # include <sys/time.h> 4134 # include <time.h> 4135 #else 4136 # ifdef HAVE_SYS_TIME_H 4137 # include <sys/time.h> 4138 # else 4139 # include <time.h> 4140 # endif 4141 #endif 4142 ]], 4143 [[ struct timespec ts; ts.tv_sec = 1;]])], 4144 [ ac_cv_have_struct_timespec="yes" ], 4145 [ ac_cv_have_struct_timespec="no" 4146 ]) 4147]) 4148if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4149 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4150 have_struct_timespec=1 4151fi 4152 4153# We need int64_t or else certain parts of the compile will fail. 4154if test "x$ac_cv_have_int64_t" = "xno" && \ 4155 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4156 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4157 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4158 echo "an alternative compiler (I.E., GCC) before continuing." 4159 echo "" 4160 exit 1; 4161else 4162dnl test snprintf (broken on SCO w/gcc) 4163 AC_RUN_IFELSE( 4164 [AC_LANG_SOURCE([[ 4165#include <stdio.h> 4166#include <string.h> 4167#ifdef HAVE_SNPRINTF 4168main() 4169{ 4170 char buf[50]; 4171 char expected_out[50]; 4172 int mazsize = 50 ; 4173#if (SIZEOF_LONG_INT == 8) 4174 long int num = 0x7fffffffffffffff; 4175#else 4176 long long num = 0x7fffffffffffffffll; 4177#endif 4178 strcpy(expected_out, "9223372036854775807"); 4179 snprintf(buf, mazsize, "%lld", num); 4180 if(strcmp(buf, expected_out) != 0) 4181 exit(1); 4182 exit(0); 4183} 4184#else 4185main() { exit(0); } 4186#endif 4187 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4188 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4189 ) 4190fi 4191 4192dnl Checks for structure members 4193OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4194OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4195OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4196OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4197OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4198OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4199OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4200OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4201OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4202OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4203OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4204OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4205OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4206OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4207OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4208OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4209OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4210OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX]) 4211 4212AC_CHECK_MEMBERS([struct stat.st_blksize]) 4213AC_CHECK_MEMBERS([struct stat.st_mtim]) 4214AC_CHECK_MEMBERS([struct stat.st_mtime]) 4215AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4216struct passwd.pw_change, struct passwd.pw_expire], 4217[], [], [[ 4218#include <sys/types.h> 4219#include <pwd.h> 4220]]) 4221 4222AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4223 [Define if we don't have struct __res_state in resolv.h])], 4224[[ 4225#include <stdio.h> 4226#if HAVE_SYS_TYPES_H 4227# include <sys/types.h> 4228#endif 4229#include <netinet/in.h> 4230#include <arpa/nameser.h> 4231#include <resolv.h> 4232]]) 4233 4234AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4235 ac_cv_have_ss_family_in_struct_ss, [ 4236 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4237#include <sys/types.h> 4238#include <sys/socket.h> 4239 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4240 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4241 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4242]) 4243if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4244 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4245fi 4246 4247AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4248 ac_cv_have___ss_family_in_struct_ss, [ 4249 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4250#include <sys/types.h> 4251#include <sys/socket.h> 4252 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4253 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4254 [ ac_cv_have___ss_family_in_struct_ss="no" 4255 ]) 4256]) 4257if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4258 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4259 [Fields in struct sockaddr_storage]) 4260fi 4261 4262dnl make sure we're using the real structure members and not defines 4263AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4264 ac_cv_have_accrights_in_msghdr, [ 4265 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4266#include <sys/types.h> 4267#include <sys/socket.h> 4268#include <sys/uio.h> 4269 ]], [[ 4270#ifdef msg_accrights 4271#error "msg_accrights is a macro" 4272exit(1); 4273#endif 4274struct msghdr m; 4275m.msg_accrights = 0; 4276exit(0); 4277 ]])], 4278 [ ac_cv_have_accrights_in_msghdr="yes" ], 4279 [ ac_cv_have_accrights_in_msghdr="no" ] 4280 ) 4281]) 4282if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4283 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4284 [Define if your system uses access rights style 4285 file descriptor passing]) 4286fi 4287 4288AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4289AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4290#include <sys/param.h> 4291#include <sys/stat.h> 4292#ifdef HAVE_SYS_TIME_H 4293# include <sys/time.h> 4294#endif 4295#ifdef HAVE_SYS_MOUNT_H 4296#include <sys/mount.h> 4297#endif 4298#ifdef HAVE_SYS_STATVFS_H 4299#include <sys/statvfs.h> 4300#endif 4301 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4302 [ AC_MSG_RESULT([yes]) ], 4303 [ AC_MSG_RESULT([no]) 4304 4305 AC_MSG_CHECKING([if fsid_t has member val]) 4306 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4307#include <sys/types.h> 4308#include <sys/statvfs.h> 4309 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4310 [ AC_MSG_RESULT([yes]) 4311 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4312 [ AC_MSG_RESULT([no]) ]) 4313 4314 AC_MSG_CHECKING([if f_fsid has member __val]) 4315 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4316#include <sys/types.h> 4317#include <sys/statvfs.h> 4318 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4319 [ AC_MSG_RESULT([yes]) 4320 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4321 [ AC_MSG_RESULT([no]) ]) 4322]) 4323 4324AC_CACHE_CHECK([for msg_control field in struct msghdr], 4325 ac_cv_have_control_in_msghdr, [ 4326 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4327#include <sys/types.h> 4328#include <sys/socket.h> 4329#include <sys/uio.h> 4330 ]], [[ 4331#ifdef msg_control 4332#error "msg_control is a macro" 4333exit(1); 4334#endif 4335struct msghdr m; 4336m.msg_control = 0; 4337exit(0); 4338 ]])], 4339 [ ac_cv_have_control_in_msghdr="yes" ], 4340 [ ac_cv_have_control_in_msghdr="no" ] 4341 ) 4342]) 4343if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4344 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4345 [Define if your system uses ancillary data style 4346 file descriptor passing]) 4347fi 4348 4349AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4350 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4351 [[ extern char *__progname; printf("%s", __progname); ]])], 4352 [ ac_cv_libc_defines___progname="yes" ], 4353 [ ac_cv_libc_defines___progname="no" 4354 ]) 4355]) 4356if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4357 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4358fi 4359 4360AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4361 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4362 [[ printf("%s", __FUNCTION__); ]])], 4363 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4364 [ ac_cv_cc_implements___FUNCTION__="no" 4365 ]) 4366]) 4367if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4368 AC_DEFINE([HAVE___FUNCTION__], [1], 4369 [Define if compiler implements __FUNCTION__]) 4370fi 4371 4372AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4373 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4374 [[ printf("%s", __func__); ]])], 4375 [ ac_cv_cc_implements___func__="yes" ], 4376 [ ac_cv_cc_implements___func__="no" 4377 ]) 4378]) 4379if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4380 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4381fi 4382 4383AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4384 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4385#include <stdarg.h> 4386va_list x,y; 4387 ]], [[ va_copy(x,y); ]])], 4388 [ ac_cv_have_va_copy="yes" ], 4389 [ ac_cv_have_va_copy="no" 4390 ]) 4391]) 4392if test "x$ac_cv_have_va_copy" = "xyes" ; then 4393 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4394fi 4395 4396AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4397 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4398#include <stdarg.h> 4399va_list x,y; 4400 ]], [[ __va_copy(x,y); ]])], 4401 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4402 ]) 4403]) 4404if test "x$ac_cv_have___va_copy" = "xyes" ; then 4405 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4406fi 4407 4408AC_CACHE_CHECK([whether getopt has optreset support], 4409 ac_cv_have_getopt_optreset, [ 4410 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4411 [[ extern int optreset; optreset = 0; ]])], 4412 [ ac_cv_have_getopt_optreset="yes" ], 4413 [ ac_cv_have_getopt_optreset="no" 4414 ]) 4415]) 4416if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4417 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4418 [Define if your getopt(3) defines and uses optreset]) 4419fi 4420 4421AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4422 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4423[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4424 [ ac_cv_libc_defines_sys_errlist="yes" ], 4425 [ ac_cv_libc_defines_sys_errlist="no" 4426 ]) 4427]) 4428if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4429 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4430 [Define if your system defines sys_errlist[]]) 4431fi 4432 4433 4434AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4435 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4436[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4437 [ ac_cv_libc_defines_sys_nerr="yes" ], 4438 [ ac_cv_libc_defines_sys_nerr="no" 4439 ]) 4440]) 4441if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4442 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4443fi 4444 4445# Check libraries needed by DNS fingerprint support 4446AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4447 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4448 [Define if getrrsetbyname() exists])], 4449 [ 4450 # Needed by our getrrsetbyname() 4451 AC_SEARCH_LIBS([res_query], [resolv]) 4452 AC_SEARCH_LIBS([dn_expand], [resolv]) 4453 AC_MSG_CHECKING([if res_query will link]) 4454 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4455#include <sys/types.h> 4456#include <netinet/in.h> 4457#include <arpa/nameser.h> 4458#include <netdb.h> 4459#include <resolv.h> 4460 ]], [[ 4461 res_query (0, 0, 0, 0, 0); 4462 ]])], 4463 AC_MSG_RESULT([yes]), 4464 [AC_MSG_RESULT([no]) 4465 saved_LIBS="$LIBS" 4466 LIBS="$LIBS -lresolv" 4467 AC_MSG_CHECKING([for res_query in -lresolv]) 4468 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4469#include <sys/types.h> 4470#include <netinet/in.h> 4471#include <arpa/nameser.h> 4472#include <netdb.h> 4473#include <resolv.h> 4474 ]], [[ 4475 res_query (0, 0, 0, 0, 0); 4476 ]])], 4477 [AC_MSG_RESULT([yes])], 4478 [LIBS="$saved_LIBS" 4479 AC_MSG_RESULT([no])]) 4480 ]) 4481 AC_CHECK_FUNCS([_getshort _getlong]) 4482 AC_CHECK_DECLS([_getshort, _getlong], , , 4483 [#include <sys/types.h> 4484 #include <arpa/nameser.h>]) 4485 AC_CHECK_MEMBER([HEADER.ad], 4486 [AC_DEFINE([HAVE_HEADER_AD], [1], 4487 [Define if HEADER.ad exists in arpa/nameser.h])], , 4488 [#include <arpa/nameser.h>]) 4489 ]) 4490 4491AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4492AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4493#include <stdio.h> 4494#if HAVE_SYS_TYPES_H 4495# include <sys/types.h> 4496#endif 4497#include <netinet/in.h> 4498#include <arpa/nameser.h> 4499#include <resolv.h> 4500extern struct __res_state _res; 4501 ]], [[ 4502struct __res_state *volatile p = &_res; /* force resolution of _res */ 4503return 0; 4504 ]],)], 4505 [AC_MSG_RESULT([yes]) 4506 AC_DEFINE([HAVE__RES_EXTERN], [1], 4507 [Define if you have struct __res_state _res as an extern]) 4508 ], 4509 [ AC_MSG_RESULT([no]) ] 4510) 4511 4512# Check whether user wants SELinux support 4513SELINUX_MSG="no" 4514LIBSELINUX="" 4515AC_ARG_WITH([selinux], 4516 [ --with-selinux Enable SELinux support], 4517 [ if test "x$withval" != "xno" ; then 4518 save_LIBS="$LIBS" 4519 AC_DEFINE([WITH_SELINUX], [1], 4520 [Define if you want SELinux support.]) 4521 SELINUX_MSG="yes" 4522 AC_CHECK_HEADER([selinux/selinux.h], , 4523 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4524 AC_CHECK_LIB([selinux], [setexeccon], 4525 [ LIBSELINUX="-lselinux" 4526 LIBS="$LIBS -lselinux" 4527 ], 4528 AC_MSG_ERROR([SELinux support requires libselinux library])) 4529 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4530 LIBS="$save_LIBS $LIBSELINUX" 4531 fi ] 4532) 4533AC_SUBST([SSHDLIBS]) 4534 4535# Check whether user wants Kerberos 5 support 4536KRB5_MSG="no" 4537AC_ARG_WITH([kerberos5], 4538 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4539 [ if test "x$withval" != "xno" ; then 4540 if test "x$withval" = "xyes" ; then 4541 KRB5ROOT="/usr/local" 4542 else 4543 KRB5ROOT=${withval} 4544 fi 4545 4546 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4547 KRB5_MSG="yes" 4548 4549 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4550 [$KRB5ROOT/bin/krb5-config], 4551 [$KRB5ROOT/bin:$PATH]) 4552 if test -x $KRB5CONF ; then 4553 K5CFLAGS="`$KRB5CONF --cflags`" 4554 K5LIBS="`$KRB5CONF --libs`" 4555 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4556 4557 AC_MSG_CHECKING([for gssapi support]) 4558 if $KRB5CONF | grep gssapi >/dev/null ; then 4559 AC_MSG_RESULT([yes]) 4560 AC_DEFINE([GSSAPI], [1], 4561 [Define this if you want GSSAPI 4562 support in the version 2 protocol]) 4563 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4564 GSSLIBS="`$KRB5CONF --libs gssapi`" 4565 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4566 else 4567 AC_MSG_RESULT([no]) 4568 fi 4569 AC_MSG_CHECKING([whether we are using Heimdal]) 4570 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4571 ]], [[ char *tmp = heimdal_version; ]])], 4572 [ AC_MSG_RESULT([yes]) 4573 AC_DEFINE([HEIMDAL], [1], 4574 [Define this if you are using the Heimdal 4575 version of Kerberos V5]) ], 4576 [AC_MSG_RESULT([no]) 4577 ]) 4578 else 4579 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4580 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4581 AC_MSG_CHECKING([whether we are using Heimdal]) 4582 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4583 ]], [[ char *tmp = heimdal_version; ]])], 4584 [ AC_MSG_RESULT([yes]) 4585 AC_DEFINE([HEIMDAL]) 4586 K5LIBS="-lkrb5" 4587 K5LIBS="$K5LIBS -lcom_err -lasn1" 4588 AC_CHECK_LIB([roken], [net_write], 4589 [K5LIBS="$K5LIBS -lroken"]) 4590 AC_CHECK_LIB([des], [des_cbc_encrypt], 4591 [K5LIBS="$K5LIBS -ldes"]) 4592 ], [ AC_MSG_RESULT([no]) 4593 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4594 ]) 4595 AC_SEARCH_LIBS([dn_expand], [resolv]) 4596 4597 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4598 [ AC_DEFINE([GSSAPI]) 4599 GSSLIBS="-lgssapi_krb5" ], 4600 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4601 [ AC_DEFINE([GSSAPI]) 4602 GSSLIBS="-lgssapi" ], 4603 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4604 [ AC_DEFINE([GSSAPI]) 4605 GSSLIBS="-lgss" ], 4606 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4607 ]) 4608 ]) 4609 4610 AC_CHECK_HEADER([gssapi.h], , 4611 [ unset ac_cv_header_gssapi_h 4612 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4613 AC_CHECK_HEADERS([gssapi.h], , 4614 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4615 ) 4616 ] 4617 ) 4618 4619 oldCPP="$CPPFLAGS" 4620 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4621 AC_CHECK_HEADER([gssapi_krb5.h], , 4622 [ CPPFLAGS="$oldCPP" ]) 4623 4624 fi 4625 if test -n "${rpath_opt}" ; then 4626 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4627 fi 4628 if test ! -z "$blibpath" ; then 4629 blibpath="$blibpath:${KRB5ROOT}/lib" 4630 fi 4631 4632 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4633 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4634 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4635 4636 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4637 [Define this if you want to use libkafs' AFS support])]) 4638 4639 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4640#ifdef HAVE_GSSAPI_H 4641# include <gssapi.h> 4642#elif defined(HAVE_GSSAPI_GSSAPI_H) 4643# include <gssapi/gssapi.h> 4644#endif 4645 4646#ifdef HAVE_GSSAPI_GENERIC_H 4647# include <gssapi_generic.h> 4648#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4649# include <gssapi/gssapi_generic.h> 4650#endif 4651 ]]) 4652 saved_LIBS="$LIBS" 4653 LIBS="$LIBS $K5LIBS" 4654 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4655 LIBS="$saved_LIBS" 4656 4657 fi 4658 ] 4659) 4660AC_SUBST([GSSLIBS]) 4661AC_SUBST([K5LIBS]) 4662 4663# Looking for programs, paths and files 4664 4665PRIVSEP_PATH=/var/empty 4666AC_ARG_WITH([privsep-path], 4667 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4668 [ 4669 if test -n "$withval" && test "x$withval" != "xno" && \ 4670 test "x${withval}" != "xyes"; then 4671 PRIVSEP_PATH=$withval 4672 fi 4673 ] 4674) 4675AC_SUBST([PRIVSEP_PATH]) 4676 4677AC_ARG_WITH([xauth], 4678 [ --with-xauth=PATH Specify path to xauth program ], 4679 [ 4680 if test -n "$withval" && test "x$withval" != "xno" && \ 4681 test "x${withval}" != "xyes"; then 4682 xauth_path=$withval 4683 fi 4684 ], 4685 [ 4686 TestPath="$PATH" 4687 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4688 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4689 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4690 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4691 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4692 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4693 xauth_path="/usr/openwin/bin/xauth" 4694 fi 4695 ] 4696) 4697 4698STRIP_OPT=-s 4699AC_ARG_ENABLE([strip], 4700 [ --disable-strip Disable calling strip(1) on install], 4701 [ 4702 if test "x$enableval" = "xno" ; then 4703 STRIP_OPT= 4704 fi 4705 ] 4706) 4707AC_SUBST([STRIP_OPT]) 4708 4709if test -z "$xauth_path" ; then 4710 XAUTH_PATH="undefined" 4711 AC_SUBST([XAUTH_PATH]) 4712else 4713 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4714 [Define if xauth is found in your path]) 4715 XAUTH_PATH=$xauth_path 4716 AC_SUBST([XAUTH_PATH]) 4717fi 4718 4719dnl # --with-maildir=/path/to/mail gets top priority. 4720dnl # if maildir is set in the platform case statement above we use that. 4721dnl # Otherwise we run a program to get the dir from system headers. 4722dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4723dnl # If we find _PATH_MAILDIR we do nothing because that is what 4724dnl # session.c expects anyway. Otherwise we set to the value found 4725dnl # stripping any trailing slash. If for some strage reason our program 4726dnl # does not find what it needs, we default to /var/spool/mail. 4727# Check for mail directory 4728AC_ARG_WITH([maildir], 4729 [ --with-maildir=/path/to/mail Specify your system mail directory], 4730 [ 4731 if test "X$withval" != X && test "x$withval" != xno && \ 4732 test "x${withval}" != xyes; then 4733 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4734 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4735 fi 4736 ],[ 4737 if test "X$maildir" != "X"; then 4738 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4739 else 4740 AC_MSG_CHECKING([Discovering system mail directory]) 4741 AC_RUN_IFELSE( 4742 [AC_LANG_PROGRAM([[ 4743#include <stdio.h> 4744#include <string.h> 4745#ifdef HAVE_PATHS_H 4746#include <paths.h> 4747#endif 4748#ifdef HAVE_MAILLOCK_H 4749#include <maillock.h> 4750#endif 4751#define DATA "conftest.maildir" 4752 ]], [[ 4753 FILE *fd; 4754 int rc; 4755 4756 fd = fopen(DATA,"w"); 4757 if(fd == NULL) 4758 exit(1); 4759 4760#if defined (_PATH_MAILDIR) 4761 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4762 exit(1); 4763#elif defined (MAILDIR) 4764 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4765 exit(1); 4766#elif defined (_PATH_MAIL) 4767 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4768 exit(1); 4769#else 4770 exit (2); 4771#endif 4772 4773 exit(0); 4774 ]])], 4775 [ 4776 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4777 maildir=`awk -F: '{print $2}' conftest.maildir \ 4778 | sed 's|/$||'` 4779 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4780 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4781 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4782 fi 4783 ], 4784 [ 4785 if test "X$ac_status" = "X2";then 4786# our test program didn't find it. Default to /var/spool/mail 4787 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4788 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4789 else 4790 AC_MSG_RESULT([*** not found ***]) 4791 fi 4792 ], 4793 [ 4794 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4795 ] 4796 ) 4797 fi 4798 ] 4799) # maildir 4800 4801if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4802 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4803 disable_ptmx_check=yes 4804fi 4805if test -z "$no_dev_ptmx" ; then 4806 if test "x$disable_ptmx_check" != "xyes" ; then 4807 AC_CHECK_FILE(["/dev/ptmx"], 4808 [ 4809 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4810 [Define if you have /dev/ptmx]) 4811 have_dev_ptmx=1 4812 ] 4813 ) 4814 fi 4815fi 4816 4817if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4818 AC_CHECK_FILE(["/dev/ptc"], 4819 [ 4820 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4821 [Define if you have /dev/ptc]) 4822 have_dev_ptc=1 4823 ] 4824 ) 4825else 4826 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4827fi 4828 4829# Options from here on. Some of these are preset by platform above 4830AC_ARG_WITH([mantype], 4831 [ --with-mantype=man|cat|doc Set man page type], 4832 [ 4833 case "$withval" in 4834 man|cat|doc) 4835 MANTYPE=$withval 4836 ;; 4837 *) 4838 AC_MSG_ERROR([invalid man type: $withval]) 4839 ;; 4840 esac 4841 ] 4842) 4843if test -z "$MANTYPE"; then 4844 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 4845 MANTYPE=doc 4846 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4847 MANTYPE=doc 4848 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4849 MANTYPE=man 4850 else 4851 MANTYPE=cat 4852 fi 4853fi 4854AC_SUBST([MANTYPE]) 4855if test "$MANTYPE" = "doc"; then 4856 mansubdir=man; 4857else 4858 mansubdir=$MANTYPE; 4859fi 4860AC_SUBST([mansubdir]) 4861 4862# Check whether to enable MD5 passwords 4863MD5_MSG="no" 4864AC_ARG_WITH([md5-passwords], 4865 [ --with-md5-passwords Enable use of MD5 passwords], 4866 [ 4867 if test "x$withval" != "xno" ; then 4868 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4869 [Define if you want to allow MD5 passwords]) 4870 MD5_MSG="yes" 4871 fi 4872 ] 4873) 4874 4875# Whether to disable shadow password support 4876AC_ARG_WITH([shadow], 4877 [ --without-shadow Disable shadow password support], 4878 [ 4879 if test "x$withval" = "xno" ; then 4880 AC_DEFINE([DISABLE_SHADOW]) 4881 disable_shadow=yes 4882 fi 4883 ] 4884) 4885 4886if test -z "$disable_shadow" ; then 4887 AC_MSG_CHECKING([if the systems has expire shadow information]) 4888 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4889#include <sys/types.h> 4890#include <shadow.h> 4891struct spwd sp; 4892 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4893 [ sp_expire_available=yes ], [ 4894 ]) 4895 4896 if test "x$sp_expire_available" = "xyes" ; then 4897 AC_MSG_RESULT([yes]) 4898 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4899 [Define if you want to use shadow password expire field]) 4900 else 4901 AC_MSG_RESULT([no]) 4902 fi 4903fi 4904 4905# Use ip address instead of hostname in $DISPLAY 4906if test ! -z "$IPADDR_IN_DISPLAY" ; then 4907 DISPLAY_HACK_MSG="yes" 4908 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4909 [Define if you need to use IP address 4910 instead of hostname in $DISPLAY]) 4911else 4912 DISPLAY_HACK_MSG="no" 4913 AC_ARG_WITH([ipaddr-display], 4914 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 4915 [ 4916 if test "x$withval" != "xno" ; then 4917 AC_DEFINE([IPADDR_IN_DISPLAY]) 4918 DISPLAY_HACK_MSG="yes" 4919 fi 4920 ] 4921 ) 4922fi 4923 4924# check for /etc/default/login and use it if present. 4925AC_ARG_ENABLE([etc-default-login], 4926 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4927 [ if test "x$enableval" = "xno"; then 4928 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4929 etc_default_login=no 4930 else 4931 etc_default_login=yes 4932 fi ], 4933 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4934 then 4935 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4936 etc_default_login=no 4937 else 4938 etc_default_login=yes 4939 fi ] 4940) 4941 4942if test "x$etc_default_login" != "xno"; then 4943 AC_CHECK_FILE(["/etc/default/login"], 4944 [ external_path_file=/etc/default/login ]) 4945 if test "x$external_path_file" = "x/etc/default/login"; then 4946 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4947 [Define if your system has /etc/default/login]) 4948 fi 4949fi 4950 4951dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4952if test $ac_cv_func_login_getcapbool = "yes" && \ 4953 test $ac_cv_header_login_cap_h = "yes" ; then 4954 external_path_file=/etc/login.conf 4955fi 4956 4957# Whether to mess with the default path 4958SERVER_PATH_MSG="(default)" 4959AC_ARG_WITH([default-path], 4960 [ --with-default-path= Specify default $PATH environment for server], 4961 [ 4962 if test "x$external_path_file" = "x/etc/login.conf" ; then 4963 AC_MSG_WARN([ 4964--with-default-path=PATH has no effect on this system. 4965Edit /etc/login.conf instead.]) 4966 elif test "x$withval" != "xno" ; then 4967 if test ! -z "$external_path_file" ; then 4968 AC_MSG_WARN([ 4969--with-default-path=PATH will only be used if PATH is not defined in 4970$external_path_file .]) 4971 fi 4972 user_path="$withval" 4973 SERVER_PATH_MSG="$withval" 4974 fi 4975 ], 4976 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 4977 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 4978 else 4979 if test ! -z "$external_path_file" ; then 4980 AC_MSG_WARN([ 4981If PATH is defined in $external_path_file, ensure the path to scp is included, 4982otherwise scp will not work.]) 4983 fi 4984 AC_RUN_IFELSE( 4985 [AC_LANG_PROGRAM([[ 4986/* find out what STDPATH is */ 4987#include <stdio.h> 4988#ifdef HAVE_PATHS_H 4989# include <paths.h> 4990#endif 4991#ifndef _PATH_STDPATH 4992# ifdef _PATH_USERPATH /* Irix */ 4993# define _PATH_STDPATH _PATH_USERPATH 4994# else 4995# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 4996# endif 4997#endif 4998#include <sys/types.h> 4999#include <sys/stat.h> 5000#include <fcntl.h> 5001#define DATA "conftest.stdpath" 5002 ]], [[ 5003 FILE *fd; 5004 int rc; 5005 5006 fd = fopen(DATA,"w"); 5007 if(fd == NULL) 5008 exit(1); 5009 5010 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5011 exit(1); 5012 5013 exit(0); 5014 ]])], 5015 [ user_path=`cat conftest.stdpath` ], 5016 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5017 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5018 ) 5019# make sure $bindir is in USER_PATH so scp will work 5020 t_bindir="${bindir}" 5021 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5022 t_bindir=`eval echo ${t_bindir}` 5023 case $t_bindir in 5024 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5025 esac 5026 case $t_bindir in 5027 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5028 esac 5029 done 5030 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5031 if test $? -ne 0 ; then 5032 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5033 if test $? -ne 0 ; then 5034 user_path=$user_path:$t_bindir 5035 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5036 fi 5037 fi 5038 fi ] 5039) 5040if test "x$external_path_file" != "x/etc/login.conf" ; then 5041 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5042 AC_SUBST([user_path]) 5043fi 5044 5045# Set superuser path separately to user path 5046AC_ARG_WITH([superuser-path], 5047 [ --with-superuser-path= Specify different path for super-user], 5048 [ 5049 if test -n "$withval" && test "x$withval" != "xno" && \ 5050 test "x${withval}" != "xyes"; then 5051 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5052 [Define if you want a different $PATH 5053 for the superuser]) 5054 superuser_path=$withval 5055 fi 5056 ] 5057) 5058 5059 5060AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5061IPV4_IN6_HACK_MSG="no" 5062AC_ARG_WITH(4in6, 5063 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5064 [ 5065 if test "x$withval" != "xno" ; then 5066 AC_MSG_RESULT([yes]) 5067 AC_DEFINE([IPV4_IN_IPV6], [1], 5068 [Detect IPv4 in IPv6 mapped addresses 5069 and treat as IPv4]) 5070 IPV4_IN6_HACK_MSG="yes" 5071 else 5072 AC_MSG_RESULT([no]) 5073 fi 5074 ], [ 5075 if test "x$inet6_default_4in6" = "xyes"; then 5076 AC_MSG_RESULT([yes (default)]) 5077 AC_DEFINE([IPV4_IN_IPV6]) 5078 IPV4_IN6_HACK_MSG="yes" 5079 else 5080 AC_MSG_RESULT([no (default)]) 5081 fi 5082 ] 5083) 5084 5085# Whether to enable BSD auth support 5086BSD_AUTH_MSG=no 5087AC_ARG_WITH([bsd-auth], 5088 [ --with-bsd-auth Enable BSD auth support], 5089 [ 5090 if test "x$withval" != "xno" ; then 5091 AC_DEFINE([BSD_AUTH], [1], 5092 [Define if you have BSD auth support]) 5093 BSD_AUTH_MSG=yes 5094 fi 5095 ] 5096) 5097 5098# Where to place sshd.pid 5099piddir=/var/run 5100# make sure the directory exists 5101if test ! -d $piddir ; then 5102 piddir=`eval echo ${sysconfdir}` 5103 case $piddir in 5104 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5105 esac 5106fi 5107 5108AC_ARG_WITH([pid-dir], 5109 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5110 [ 5111 if test -n "$withval" && test "x$withval" != "xno" && \ 5112 test "x${withval}" != "xyes"; then 5113 piddir=$withval 5114 if test ! -d $piddir ; then 5115 AC_MSG_WARN([** no $piddir directory on this system **]) 5116 fi 5117 fi 5118 ] 5119) 5120 5121AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5122 [Specify location of ssh.pid]) 5123AC_SUBST([piddir]) 5124 5125dnl allow user to disable some login recording features 5126AC_ARG_ENABLE([lastlog], 5127 [ --disable-lastlog disable use of lastlog even if detected [no]], 5128 [ 5129 if test "x$enableval" = "xno" ; then 5130 AC_DEFINE([DISABLE_LASTLOG]) 5131 fi 5132 ] 5133) 5134AC_ARG_ENABLE([utmp], 5135 [ --disable-utmp disable use of utmp even if detected [no]], 5136 [ 5137 if test "x$enableval" = "xno" ; then 5138 AC_DEFINE([DISABLE_UTMP]) 5139 fi 5140 ] 5141) 5142AC_ARG_ENABLE([utmpx], 5143 [ --disable-utmpx disable use of utmpx even if detected [no]], 5144 [ 5145 if test "x$enableval" = "xno" ; then 5146 AC_DEFINE([DISABLE_UTMPX], [1], 5147 [Define if you don't want to use utmpx]) 5148 fi 5149 ] 5150) 5151AC_ARG_ENABLE([wtmp], 5152 [ --disable-wtmp disable use of wtmp even if detected [no]], 5153 [ 5154 if test "x$enableval" = "xno" ; then 5155 AC_DEFINE([DISABLE_WTMP]) 5156 fi 5157 ] 5158) 5159AC_ARG_ENABLE([wtmpx], 5160 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5161 [ 5162 if test "x$enableval" = "xno" ; then 5163 AC_DEFINE([DISABLE_WTMPX], [1], 5164 [Define if you don't want to use wtmpx]) 5165 fi 5166 ] 5167) 5168AC_ARG_ENABLE([libutil], 5169 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5170 [ 5171 if test "x$enableval" = "xno" ; then 5172 AC_DEFINE([DISABLE_LOGIN]) 5173 fi 5174 ] 5175) 5176AC_ARG_ENABLE([pututline], 5177 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5178 [ 5179 if test "x$enableval" = "xno" ; then 5180 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5181 [Define if you don't want to use pututline() 5182 etc. to write [uw]tmp]) 5183 fi 5184 ] 5185) 5186AC_ARG_ENABLE([pututxline], 5187 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5188 [ 5189 if test "x$enableval" = "xno" ; then 5190 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5191 [Define if you don't want to use pututxline() 5192 etc. to write [uw]tmpx]) 5193 fi 5194 ] 5195) 5196AC_ARG_WITH([lastlog], 5197 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5198 [ 5199 if test "x$withval" = "xno" ; then 5200 AC_DEFINE([DISABLE_LASTLOG]) 5201 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5202 conf_lastlog_location=$withval 5203 fi 5204 ] 5205) 5206 5207dnl lastlog, [uw]tmpx? detection 5208dnl NOTE: set the paths in the platform section to avoid the 5209dnl need for command-line parameters 5210dnl lastlog and [uw]tmp are subject to a file search if all else fails 5211 5212dnl lastlog detection 5213dnl NOTE: the code itself will detect if lastlog is a directory 5214AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5215AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5216#include <sys/types.h> 5217#include <utmp.h> 5218#ifdef HAVE_LASTLOG_H 5219# include <lastlog.h> 5220#endif 5221#ifdef HAVE_PATHS_H 5222# include <paths.h> 5223#endif 5224#ifdef HAVE_LOGIN_H 5225# include <login.h> 5226#endif 5227 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5228 [ AC_MSG_RESULT([yes]) ], 5229 [ 5230 AC_MSG_RESULT([no]) 5231 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5232 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5233#include <sys/types.h> 5234#include <utmp.h> 5235#ifdef HAVE_LASTLOG_H 5236# include <lastlog.h> 5237#endif 5238#ifdef HAVE_PATHS_H 5239# include <paths.h> 5240#endif 5241 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5242 [ AC_MSG_RESULT([yes]) ], 5243 [ 5244 AC_MSG_RESULT([no]) 5245 system_lastlog_path=no 5246 ]) 5247]) 5248 5249if test -z "$conf_lastlog_location"; then 5250 if test x"$system_lastlog_path" = x"no" ; then 5251 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5252 if (test -d "$f" || test -f "$f") ; then 5253 conf_lastlog_location=$f 5254 fi 5255 done 5256 if test -z "$conf_lastlog_location"; then 5257 AC_MSG_WARN([** Cannot find lastlog **]) 5258 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5259 fi 5260 fi 5261fi 5262 5263if test -n "$conf_lastlog_location"; then 5264 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5265 [Define if you want to specify the path to your lastlog file]) 5266fi 5267 5268dnl utmp detection 5269AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5270AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5271#include <sys/types.h> 5272#include <utmp.h> 5273#ifdef HAVE_PATHS_H 5274# include <paths.h> 5275#endif 5276 ]], [[ char *utmp = UTMP_FILE; ]])], 5277 [ AC_MSG_RESULT([yes]) ], 5278 [ AC_MSG_RESULT([no]) 5279 system_utmp_path=no 5280]) 5281if test -z "$conf_utmp_location"; then 5282 if test x"$system_utmp_path" = x"no" ; then 5283 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5284 if test -f $f ; then 5285 conf_utmp_location=$f 5286 fi 5287 done 5288 if test -z "$conf_utmp_location"; then 5289 AC_DEFINE([DISABLE_UTMP]) 5290 fi 5291 fi 5292fi 5293if test -n "$conf_utmp_location"; then 5294 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5295 [Define if you want to specify the path to your utmp file]) 5296fi 5297 5298dnl wtmp detection 5299AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5300AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5301#include <sys/types.h> 5302#include <utmp.h> 5303#ifdef HAVE_PATHS_H 5304# include <paths.h> 5305#endif 5306 ]], [[ char *wtmp = WTMP_FILE; ]])], 5307 [ AC_MSG_RESULT([yes]) ], 5308 [ AC_MSG_RESULT([no]) 5309 system_wtmp_path=no 5310]) 5311if test -z "$conf_wtmp_location"; then 5312 if test x"$system_wtmp_path" = x"no" ; then 5313 for f in /usr/adm/wtmp /var/log/wtmp; do 5314 if test -f $f ; then 5315 conf_wtmp_location=$f 5316 fi 5317 done 5318 if test -z "$conf_wtmp_location"; then 5319 AC_DEFINE([DISABLE_WTMP]) 5320 fi 5321 fi 5322fi 5323if test -n "$conf_wtmp_location"; then 5324 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5325 [Define if you want to specify the path to your wtmp file]) 5326fi 5327 5328dnl wtmpx detection 5329AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5330AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5331#include <sys/types.h> 5332#include <utmp.h> 5333#ifdef HAVE_UTMPX_H 5334#include <utmpx.h> 5335#endif 5336#ifdef HAVE_PATHS_H 5337# include <paths.h> 5338#endif 5339 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5340 [ AC_MSG_RESULT([yes]) ], 5341 [ AC_MSG_RESULT([no]) 5342 system_wtmpx_path=no 5343]) 5344if test -z "$conf_wtmpx_location"; then 5345 if test x"$system_wtmpx_path" = x"no" ; then 5346 AC_DEFINE([DISABLE_WTMPX]) 5347 fi 5348else 5349 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5350 [Define if you want to specify the path to your wtmpx file]) 5351fi 5352 5353 5354if test ! -z "$blibpath" ; then 5355 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5356 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5357fi 5358 5359AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5360 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5361 AC_DEFINE([DISABLE_LASTLOG]) 5362 fi 5363 ], [ 5364#ifdef HAVE_SYS_TYPES_H 5365#include <sys/types.h> 5366#endif 5367#ifdef HAVE_UTMP_H 5368#include <utmp.h> 5369#endif 5370#ifdef HAVE_UTMPX_H 5371#include <utmpx.h> 5372#endif 5373#ifdef HAVE_LASTLOG_H 5374#include <lastlog.h> 5375#endif 5376 ]) 5377 5378AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5379 AC_DEFINE([DISABLE_UTMP]) 5380 AC_DEFINE([DISABLE_WTMP]) 5381 ], [ 5382#ifdef HAVE_SYS_TYPES_H 5383#include <sys/types.h> 5384#endif 5385#ifdef HAVE_UTMP_H 5386#include <utmp.h> 5387#endif 5388#ifdef HAVE_UTMPX_H 5389#include <utmpx.h> 5390#endif 5391#ifdef HAVE_LASTLOG_H 5392#include <lastlog.h> 5393#endif 5394 ]) 5395 5396dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5397dnl Add now. 5398CFLAGS="$CFLAGS $werror_flags" 5399 5400if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5401 TEST_SSH_IPV6=no 5402else 5403 TEST_SSH_IPV6=yes 5404fi 5405AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5406AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5407AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5408AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5409AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5410AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5411 5412CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5413LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5414 5415# Make a copy of CFLAGS/LDFLAGS without PIE options. 5416LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5417CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5418AC_SUBST([LDFLAGS_NOPIE]) 5419AC_SUBST([CFLAGS_NOPIE]) 5420 5421AC_EXEEXT 5422AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5423 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5424 survey.sh]) 5425AC_OUTPUT 5426 5427# Print summary of options 5428 5429# Someone please show me a better way :) 5430A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5431B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5432C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5433D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5434E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5435F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5436G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5437H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5438I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5439J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5440 5441echo "" 5442echo "OpenSSH has been configured with the following options:" 5443echo " User binaries: $B" 5444echo " System binaries: $C" 5445echo " Configuration files: $D" 5446echo " Askpass program: $E" 5447echo " Manual pages: $F" 5448echo " PID file: $G" 5449echo " Privilege separation chroot path: $H" 5450if test "x$external_path_file" = "x/etc/login.conf" ; then 5451echo " At runtime, sshd will use the path defined in $external_path_file" 5452echo " Make sure the path to scp is present, otherwise scp will not work" 5453else 5454echo " sshd default user PATH: $I" 5455 if test ! -z "$external_path_file"; then 5456echo " (If PATH is set in $external_path_file it will be used instead. If" 5457echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5458 fi 5459fi 5460if test ! -z "$superuser_path" ; then 5461echo " sshd superuser user PATH: $J" 5462fi 5463echo " Manpage format: $MANTYPE" 5464echo " PAM support: $PAM_MSG" 5465echo " OSF SIA support: $SIA_MSG" 5466echo " KerberosV support: $KRB5_MSG" 5467echo " SELinux support: $SELINUX_MSG" 5468echo " MD5 password support: $MD5_MSG" 5469echo " libedit support: $LIBEDIT_MSG" 5470echo " libldns support: $LDNS_MSG" 5471echo " Solaris process contract support: $SPC_MSG" 5472echo " Solaris project support: $SP_MSG" 5473echo " Solaris privilege support: $SPP_MSG" 5474echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5475echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5476echo " BSD Auth support: $BSD_AUTH_MSG" 5477echo " Random number source: $RAND_MSG" 5478echo " Privsep sandbox style: $SANDBOX_STYLE" 5479echo " PKCS#11 support: $enable_pkcs11" 5480echo " U2F/FIDO support: $enable_sk" 5481 5482echo "" 5483 5484echo " Host: ${host}" 5485echo " Compiler: ${CC}" 5486echo " Compiler flags: ${CFLAGS}" 5487echo "Preprocessor flags: ${CPPFLAGS}" 5488echo " Linker flags: ${LDFLAGS}" 5489echo " Libraries: ${LIBS}" 5490if test ! -z "${SSHDLIBS}"; then 5491echo " +for sshd: ${SSHDLIBS}" 5492fi 5493 5494echo "" 5495 5496if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5497 echo "SVR4 style packages are supported with \"make package\"" 5498 echo "" 5499fi 5500 5501if test "x$PAM_MSG" = "xyes" ; then 5502 echo "PAM is enabled. You may need to install a PAM control file " 5503 echo "for sshd, otherwise password authentication may fail. " 5504 echo "Example PAM control files can be found in the contrib/ " 5505 echo "subdirectory" 5506 echo "" 5507fi 5508 5509if test ! -z "$NO_PEERCHECK" ; then 5510 echo "WARNING: the operating system that you are using does not" 5511 echo "appear to support getpeereid(), getpeerucred() or the" 5512 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5513 echo "enforce security checks to prevent unauthorised connections to" 5514 echo "ssh-agent. Their absence increases the risk that a malicious" 5515 echo "user can connect to your agent." 5516 echo "" 5517fi 5518 5519if test "$AUDIT_MODULE" = "bsm" ; then 5520 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5521 echo "See the Solaris section in README.platform for details." 5522fi 5523