configure.ac revision 323129
1# $Id: configure.ac,v 1.583 2014/08/26 20:32:01 djm Exp $ 2# $FreeBSD: stable/11/crypto/openssh/configure.ac 323129 2017-09-02 14:25:20Z des $ 3# 4# Copyright (c) 1999-2004 Damien Miller 5# 6# Permission to use, copy, modify, and distribute this software for any 7# purpose with or without fee is hereby granted, provided that the above 8# copyright notice and this permission notice appear in all copies. 9# 10# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 18AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 19AC_REVISION($Revision: 1.583 $) 20AC_CONFIG_SRCDIR([ssh.c]) 21AC_LANG([C]) 22 23AC_CONFIG_HEADER([config.h]) 24AC_PROG_CC 25AC_CANONICAL_HOST 26AC_C_BIGENDIAN 27 28# Checks for programs. 29AC_PROG_AWK 30AC_PROG_CPP 31AC_PROG_RANLIB 32AC_PROG_INSTALL 33AC_PROG_EGREP 34AC_CHECK_TOOLS([AR], [ar]) 35AC_PATH_PROG([CAT], [cat]) 36AC_PATH_PROG([KILL], [kill]) 37AC_PATH_PROGS([PERL], [perl5 perl]) 38AC_PATH_PROG([SED], [sed]) 39AC_SUBST([PERL]) 40AC_PATH_PROG([ENT], [ent]) 41AC_SUBST([ENT]) 42AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 43AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 44AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 45AC_PATH_PROG([SH], [sh]) 46AC_PATH_PROG([GROFF], [groff]) 47AC_PATH_PROG([NROFF], [nroff]) 48AC_PATH_PROG([MANDOC], [mandoc]) 49AC_SUBST([TEST_SHELL], [sh]) 50 51dnl select manpage formatter 52if test "x$MANDOC" != "x" ; then 53 MANFMT="$MANDOC" 54elif test "x$NROFF" != "x" ; then 55 MANFMT="$NROFF -mandoc" 56elif test "x$GROFF" != "x" ; then 57 MANFMT="$GROFF -mandoc -Tascii" 58else 59 AC_MSG_WARN([no manpage formatted found]) 60 MANFMT="false" 61fi 62AC_SUBST([MANFMT]) 63 64dnl for buildpkg.sh 65AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 66 [/usr/sbin${PATH_SEPARATOR}/etc]) 67AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 68 [/usr/sbin${PATH_SEPARATOR}/etc]) 69AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 70if test -x /sbin/sh; then 71 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 72else 73 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 74fi 75 76# System features 77AC_SYS_LARGEFILE 78 79if test -z "$AR" ; then 80 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 81fi 82 83# Use LOGIN_PROGRAM from environment if possible 84if test ! -z "$LOGIN_PROGRAM" ; then 85 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"], 86 [If your header files don't define LOGIN_PROGRAM, 87 then use this (detected) from environment and PATH]) 88else 89 # Search for login 90 AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login]) 91 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then 92 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"]) 93 fi 94fi 95 96AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 97if test ! -z "$PATH_PASSWD_PROG" ; then 98 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 99 [Full path of your "passwd" program]) 100fi 101 102if test -z "$LD" ; then 103 LD=$CC 104fi 105AC_SUBST([LD]) 106 107AC_C_INLINE 108 109AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 110AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 111 #include <sys/types.h> 112 #include <sys/param.h> 113 #include <dev/systrace.h> 114]) 115AC_CHECK_DECL([RLIMIT_NPROC], 116 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 117 #include <sys/types.h> 118 #include <sys/resource.h> 119]) 120AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 121 #include <sys/types.h> 122 #include <linux/prctl.h> 123]) 124 125openssl=yes 126ssh1=no 127AC_ARG_WITH([openssl], 128 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 129 [ if test "x$withval" = "xno" ; then 130 openssl=no 131 ssh1=no 132 fi 133 ] 134) 135AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 136if test "x$openssl" = "xyes" ; then 137 AC_MSG_RESULT([yes]) 138 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 139else 140 AC_MSG_RESULT([no]) 141fi 142 143AC_ARG_WITH([ssh1], 144 [ --with-ssh1 Enable support for SSH protocol 1], 145 [ 146 if test "x$withval" = "xyes" ; then 147 if test "x$openssl" = "xno" ; then 148 AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled]) 149 fi 150 ssh1=yes 151 elif test "x$withval" = "xno" ; then 152 ssh1=no 153 else 154 AC_MSG_ERROR([unknown --with-ssh1 argument]) 155 fi 156 ] 157) 158AC_MSG_CHECKING([whether SSH protocol 1 support is enabled]) 159if test "x$ssh1" = "xyes" ; then 160 AC_MSG_RESULT([yes]) 161 AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support]) 162else 163 AC_MSG_RESULT([no]) 164fi 165 166use_stack_protector=1 167use_toolchain_hardening=1 168AC_ARG_WITH([stackprotect], 169 [ --without-stackprotect Don't use compiler's stack protection], [ 170 if test "x$withval" = "xno"; then 171 use_stack_protector=0 172 fi ]) 173AC_ARG_WITH([hardening], 174 [ --without-hardening Don't use toolchain hardening flags], [ 175 if test "x$withval" = "xno"; then 176 use_toolchain_hardening=0 177 fi ]) 178 179# We use -Werror for the tests only so that we catch warnings like "this is 180# on by default" for things like -fPIE. 181AC_MSG_CHECKING([if $CC supports -Werror]) 182saved_CFLAGS="$CFLAGS" 183CFLAGS="$CFLAGS -Werror" 184AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 185 [ AC_MSG_RESULT([yes]) 186 WERROR="-Werror"], 187 [ AC_MSG_RESULT([no]) 188 WERROR="" ] 189) 190CFLAGS="$saved_CFLAGS" 191 192if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 193 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 194 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 195 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 196 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 197 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 198 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 199 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 200 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 201 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 202 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 203 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 204 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 205 if test "x$use_toolchain_hardening" = "x1"; then 206 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 207 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 208 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 209 # NB. -ftrapv expects certain support functions to be present in 210 # the compiler library (libgcc or similar) to detect integer operations 211 # that can overflow. We must check that the result of enabling it 212 # actually links. The test program compiled/linked includes a number 213 # of integer operations that should exercise this. 214 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 215 fi 216 AC_MSG_CHECKING([gcc version]) 217 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 218 case $GCC_VER in 219 1.*) no_attrib_nonnull=1 ;; 220 2.8* | 2.9*) 221 no_attrib_nonnull=1 222 ;; 223 2.*) no_attrib_nonnull=1 ;; 224 *) ;; 225 esac 226 AC_MSG_RESULT([$GCC_VER]) 227 228 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 229 saved_CFLAGS="$CFLAGS" 230 CFLAGS="$CFLAGS -fno-builtin-memset" 231 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 232 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 233 [ AC_MSG_RESULT([yes]) ], 234 [ AC_MSG_RESULT([no]) 235 CFLAGS="$saved_CFLAGS" ] 236 ) 237 238 # -fstack-protector-all doesn't always work for some GCC versions 239 # and/or platforms, so we test if we can. If it's not supported 240 # on a given platform gcc will emit a warning so we use -Werror. 241 if test "x$use_stack_protector" = "x1"; then 242 for t in -fstack-protector-strong -fstack-protector-all \ 243 -fstack-protector; do 244 AC_MSG_CHECKING([if $CC supports $t]) 245 saved_CFLAGS="$CFLAGS" 246 saved_LDFLAGS="$LDFLAGS" 247 CFLAGS="$CFLAGS $t -Werror" 248 LDFLAGS="$LDFLAGS $t -Werror" 249 AC_LINK_IFELSE( 250 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 251 [[ 252 char x[256]; 253 snprintf(x, sizeof(x), "XXX"); 254 ]])], 255 [ AC_MSG_RESULT([yes]) 256 CFLAGS="$saved_CFLAGS $t" 257 LDFLAGS="$saved_LDFLAGS $t" 258 AC_MSG_CHECKING([if $t works]) 259 AC_RUN_IFELSE( 260 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 261 [[ 262 char x[256]; 263 snprintf(x, sizeof(x), "XXX"); 264 ]])], 265 [ AC_MSG_RESULT([yes]) 266 break ], 267 [ AC_MSG_RESULT([no]) ], 268 [ AC_MSG_WARN([cross compiling: cannot test]) 269 break ] 270 ) 271 ], 272 [ AC_MSG_RESULT([no]) ] 273 ) 274 CFLAGS="$saved_CFLAGS" 275 LDFLAGS="$saved_LDFLAGS" 276 done 277 fi 278 279 if test -z "$have_llong_max"; then 280 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 281 unset ac_cv_have_decl_LLONG_MAX 282 saved_CFLAGS="$CFLAGS" 283 CFLAGS="$CFLAGS -std=gnu99" 284 AC_CHECK_DECL([LLONG_MAX], 285 [have_llong_max=1], 286 [CFLAGS="$saved_CFLAGS"], 287 [#include <limits.h>] 288 ) 289 fi 290fi 291 292AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 293AC_COMPILE_IFELSE( 294 [AC_LANG_PROGRAM([[ 295#include <stdlib.h> 296__attribute__((__unused__)) static void foo(void){return;}]], 297 [[ exit(0); ]])], 298 [ AC_MSG_RESULT([yes]) ], 299 [ AC_MSG_RESULT([no]) 300 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 301 [compiler does not accept __attribute__ on return types]) ] 302) 303 304if test "x$no_attrib_nonnull" != "x1" ; then 305 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 306fi 307 308AC_ARG_WITH([rpath], 309 [ --without-rpath Disable auto-added -R linker paths], 310 [ 311 if test "x$withval" = "xno" ; then 312 need_dash_r="" 313 fi 314 if test "x$withval" = "xyes" ; then 315 need_dash_r=1 316 fi 317 ] 318) 319 320# Allow user to specify flags 321AC_ARG_WITH([cflags], 322 [ --with-cflags Specify additional flags to pass to compiler], 323 [ 324 if test -n "$withval" && test "x$withval" != "xno" && \ 325 test "x${withval}" != "xyes"; then 326 CFLAGS="$CFLAGS $withval" 327 fi 328 ] 329) 330AC_ARG_WITH([cppflags], 331 [ --with-cppflags Specify additional flags to pass to preprocessor] , 332 [ 333 if test -n "$withval" && test "x$withval" != "xno" && \ 334 test "x${withval}" != "xyes"; then 335 CPPFLAGS="$CPPFLAGS $withval" 336 fi 337 ] 338) 339AC_ARG_WITH([ldflags], 340 [ --with-ldflags Specify additional flags to pass to linker], 341 [ 342 if test -n "$withval" && test "x$withval" != "xno" && \ 343 test "x${withval}" != "xyes"; then 344 LDFLAGS="$LDFLAGS $withval" 345 fi 346 ] 347) 348AC_ARG_WITH([libs], 349 [ --with-libs Specify additional libraries to link with], 350 [ 351 if test -n "$withval" && test "x$withval" != "xno" && \ 352 test "x${withval}" != "xyes"; then 353 LIBS="$LIBS $withval" 354 fi 355 ] 356) 357AC_ARG_WITH([Werror], 358 [ --with-Werror Build main code with -Werror], 359 [ 360 if test -n "$withval" && test "x$withval" != "xno"; then 361 werror_flags="-Werror" 362 if test "x${withval}" != "xyes"; then 363 werror_flags="$withval" 364 fi 365 fi 366 ] 367) 368 369AC_CHECK_HEADERS([ \ 370 blf.h \ 371 bstring.h \ 372 crypt.h \ 373 crypto/sha2.h \ 374 dirent.h \ 375 endian.h \ 376 elf.h \ 377 err.h \ 378 features.h \ 379 fcntl.h \ 380 floatingpoint.h \ 381 getopt.h \ 382 glob.h \ 383 ia.h \ 384 iaf.h \ 385 inttypes.h \ 386 langinfo.h \ 387 limits.h \ 388 locale.h \ 389 login.h \ 390 maillock.h \ 391 ndir.h \ 392 net/if_tun.h \ 393 netdb.h \ 394 netgroup.h \ 395 pam/pam_appl.h \ 396 paths.h \ 397 poll.h \ 398 pty.h \ 399 readpassphrase.h \ 400 rpc/types.h \ 401 security/pam_appl.h \ 402 sha2.h \ 403 shadow.h \ 404 stddef.h \ 405 stdint.h \ 406 string.h \ 407 strings.h \ 408 sys/audit.h \ 409 sys/bitypes.h \ 410 sys/bsdtty.h \ 411 sys/cdefs.h \ 412 sys/dir.h \ 413 sys/mman.h \ 414 sys/ndir.h \ 415 sys/poll.h \ 416 sys/prctl.h \ 417 sys/pstat.h \ 418 sys/select.h \ 419 sys/stat.h \ 420 sys/stream.h \ 421 sys/stropts.h \ 422 sys/strtio.h \ 423 sys/statvfs.h \ 424 sys/sysmacros.h \ 425 sys/time.h \ 426 sys/timers.h \ 427 time.h \ 428 tmpdir.h \ 429 ttyent.h \ 430 ucred.h \ 431 unistd.h \ 432 usersec.h \ 433 util.h \ 434 utime.h \ 435 utmp.h \ 436 utmpx.h \ 437 vis.h \ 438 wchar.h \ 439]) 440 441# sys/capsicum.h requires sys/types.h 442AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ 443#ifdef HAVE_SYS_TYPES_H 444# include <sys/types.h> 445#endif 446]) 447 448# lastlog.h requires sys/time.h to be included first on Solaris 449AC_CHECK_HEADERS([lastlog.h], [], [], [ 450#ifdef HAVE_SYS_TIME_H 451# include <sys/time.h> 452#endif 453]) 454 455# sys/ptms.h requires sys/stream.h to be included first on Solaris 456AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 457#ifdef HAVE_SYS_STREAM_H 458# include <sys/stream.h> 459#endif 460]) 461 462# login_cap.h requires sys/types.h on NetBSD 463AC_CHECK_HEADERS([login_cap.h], [], [], [ 464#include <sys/types.h> 465]) 466 467# older BSDs need sys/param.h before sys/mount.h 468AC_CHECK_HEADERS([sys/mount.h], [], [], [ 469#include <sys/param.h> 470]) 471 472# Android requires sys/socket.h to be included before sys/un.h 473AC_CHECK_HEADERS([sys/un.h], [], [], [ 474#include <sys/types.h> 475#include <sys/socket.h> 476]) 477 478# Messages for features tested for in target-specific section 479SIA_MSG="no" 480SPC_MSG="no" 481SP_MSG="no" 482SPP_MSG="no" 483 484# Support for Solaris/Illumos privileges (this test is used by both 485# the --with-solaris-privs option and --with-sandbox=solaris). 486SOLARIS_PRIVS="no" 487 488# Check for some target-specific stuff 489case "$host" in 490*-*-aix*) 491 # Some versions of VAC won't allow macro redefinitions at 492 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 493 # particularly with older versions of vac or xlc. 494 # It also throws errors about null macro argments, but these are 495 # not fatal. 496 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 497 AC_COMPILE_IFELSE( 498 [AC_LANG_PROGRAM([[ 499#define testmacro foo 500#define testmacro bar]], 501 [[ exit(0); ]])], 502 [ AC_MSG_RESULT([yes]) ], 503 [ AC_MSG_RESULT([no]) 504 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 505 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`" 506 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 507 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 508 ] 509 ) 510 511 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 512 if (test -z "$blibpath"); then 513 blibpath="/usr/lib:/lib" 514 fi 515 saved_LDFLAGS="$LDFLAGS" 516 if test "$GCC" = "yes"; then 517 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 518 else 519 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 520 fi 521 for tryflags in $flags ;do 522 if (test -z "$blibflags"); then 523 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 524 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 525 [blibflags=$tryflags], []) 526 fi 527 done 528 if (test -z "$blibflags"); then 529 AC_MSG_RESULT([not found]) 530 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 531 else 532 AC_MSG_RESULT([$blibflags]) 533 fi 534 LDFLAGS="$saved_LDFLAGS" 535 dnl Check for authenticate. Might be in libs.a on older AIXes 536 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 537 [Define if you want to enable AIX4's authenticate function])], 538 [AC_CHECK_LIB([s], [authenticate], 539 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 540 LIBS="$LIBS -ls" 541 ]) 542 ]) 543 dnl Check for various auth function declarations in headers. 544 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 545 passwdexpired, setauthdb], , , [#include <usersec.h>]) 546 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 547 AC_CHECK_DECLS([loginfailed], 548 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 549 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 550 [[ (void)loginfailed("user","host","tty",0); ]])], 551 [AC_MSG_RESULT([yes]) 552 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 553 [Define if your AIX loginfailed() function 554 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 555 ])], 556 [], 557 [#include <usersec.h>] 558 ) 559 AC_CHECK_FUNCS([getgrset setauthdb]) 560 AC_CHECK_DECL([F_CLOSEM], 561 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 562 [], 563 [ #include <limits.h> 564 #include <fcntl.h> ] 565 ) 566 check_for_aix_broken_getaddrinfo=1 567 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.]) 568 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 569 [Define if your platform breaks doing a seteuid before a setuid]) 570 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 571 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 572 dnl AIX handles lastlog as part of its login message 573 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 574 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 575 [Some systems need a utmpx entry for /bin/login to work]) 576 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 577 [Define to a Set Process Title type if your system is 578 supported by bsd-setproctitle.c]) 579 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 580 [AIX 5.2 and 5.3 (and presumably newer) require this]) 581 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 582 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 583 ;; 584*-*-android*) 585 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 586 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 587 ;; 588*-*-cygwin*) 589 check_for_libcrypt_later=1 590 LIBS="$LIBS /usr/lib/textreadmode.o" 591 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 592 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 593 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 594 [Define to disable UID restoration test]) 595 AC_DEFINE([DISABLE_SHADOW], [1], 596 [Define if you want to disable shadow passwords]) 597 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 598 [Define if X11 doesn't support AF_UNIX sockets on that system]) 599 AC_DEFINE([DISABLE_FD_PASSING], [1], 600 [Define if your platform needs to skip post auth 601 file descriptor passing]) 602 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 603 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 604 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 605 # reasons which cause compile warnings, so we disable those warnings. 606 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 607 ;; 608*-*-dgux*) 609 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 610 [Define if your system choked on IP TOS setting]) 611 AC_DEFINE([SETEUID_BREAKS_SETUID]) 612 AC_DEFINE([BROKEN_SETREUID]) 613 AC_DEFINE([BROKEN_SETREGID]) 614 ;; 615*-*-darwin*) 616 use_pie=auto 617 AC_MSG_CHECKING([if we have working getaddrinfo]) 618 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h> 619main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 620 exit(0); 621 else 622 exit(1); 623} 624 ]])], 625 [AC_MSG_RESULT([working])], 626 [AC_MSG_RESULT([buggy]) 627 AC_DEFINE([BROKEN_GETADDRINFO], [1], 628 [getaddrinfo is broken (if present)]) 629 ], 630 [AC_MSG_RESULT([assume it is working])]) 631 AC_DEFINE([SETEUID_BREAKS_SETUID]) 632 AC_DEFINE([BROKEN_SETREUID]) 633 AC_DEFINE([BROKEN_SETREGID]) 634 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 635 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 636 [Define if your resolver libs need this for getrrsetbyname]) 637 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 638 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 639 [Use tunnel device compatibility to OpenBSD]) 640 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 641 [Prepend the address family to IP tunnel traffic]) 642 m4_pattern_allow([AU_IPv]) 643 AC_CHECK_DECL([AU_IPv4], [], 644 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 645 [#include <bsm/audit.h>] 646 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 647 [Define if pututxline updates lastlog too]) 648 ) 649 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 650 [Define to a Set Process Title type if your system is 651 supported by bsd-setproctitle.c]) 652 AC_CHECK_FUNCS([sandbox_init]) 653 AC_CHECK_HEADERS([sandbox.h]) 654 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 655 SSHDLIBS="$SSHDLIBS -lsandbox" 656 ]) 657 ;; 658*-*-dragonfly*) 659 SSHDLIBS="$SSHDLIBS -lcrypt" 660 TEST_MALLOC_OPTIONS="AFGJPRX" 661 ;; 662*-*-haiku*) 663 LIBS="$LIBS -lbsd " 664 AC_CHECK_LIB([network], [socket]) 665 AC_DEFINE([HAVE_U_INT64_T]) 666 MANTYPE=man 667 ;; 668*-*-hpux*) 669 # first we define all of the options common to all HP-UX releases 670 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 671 IPADDR_IN_DISPLAY=yes 672 AC_DEFINE([USE_PIPES]) 673 AC_DEFINE([LOGIN_NO_ENDOPT], [1], 674 [Define if your login program cannot handle end of options ("--")]) 675 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 676 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 677 [String used in /etc/passwd to denote locked account]) 678 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 679 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 680 maildir="/var/mail" 681 LIBS="$LIBS -lsec" 682 AC_CHECK_LIB([xnet], [t_error], , 683 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 684 685 # next, we define all of the options specific to major releases 686 case "$host" in 687 *-*-hpux10*) 688 if test -z "$GCC"; then 689 CFLAGS="$CFLAGS -Ae" 690 fi 691 ;; 692 *-*-hpux11*) 693 AC_DEFINE([PAM_SUN_CODEBASE], [1], 694 [Define if you are using Solaris-derived PAM which 695 passes pam_messages to the conversation function 696 with an extra level of indirection]) 697 AC_DEFINE([DISABLE_UTMP], [1], 698 [Define if you don't want to use utmp]) 699 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 700 check_for_hpux_broken_getaddrinfo=1 701 check_for_conflicting_getspnam=1 702 ;; 703 esac 704 705 # lastly, we define options specific to minor releases 706 case "$host" in 707 *-*-hpux10.26) 708 AC_DEFINE([HAVE_SECUREWARE], [1], 709 [Define if you have SecureWare-based 710 protected password database]) 711 disable_ptmx_check=yes 712 LIBS="$LIBS -lsecpw" 713 ;; 714 esac 715 ;; 716*-*-irix5*) 717 PATH="$PATH:/usr/etc" 718 AC_DEFINE([BROKEN_INET_NTOA], [1], 719 [Define if you system's inet_ntoa is busted 720 (e.g. Irix gcc issue)]) 721 AC_DEFINE([SETEUID_BREAKS_SETUID]) 722 AC_DEFINE([BROKEN_SETREUID]) 723 AC_DEFINE([BROKEN_SETREGID]) 724 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 725 [Define if you shouldn't strip 'tty' from your 726 ttyname in [uw]tmp]) 727 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 728 ;; 729*-*-irix6*) 730 PATH="$PATH:/usr/etc" 731 AC_DEFINE([WITH_IRIX_ARRAY], [1], 732 [Define if you have/want arrays 733 (cluster-wide session managment, not C arrays)]) 734 AC_DEFINE([WITH_IRIX_PROJECT], [1], 735 [Define if you want IRIX project management]) 736 AC_DEFINE([WITH_IRIX_AUDIT], [1], 737 [Define if you want IRIX audit trails]) 738 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 739 [Define if you want IRIX kernel jobs])]) 740 AC_DEFINE([BROKEN_INET_NTOA]) 741 AC_DEFINE([SETEUID_BREAKS_SETUID]) 742 AC_DEFINE([BROKEN_SETREUID]) 743 AC_DEFINE([BROKEN_SETREGID]) 744 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 745 AC_DEFINE([WITH_ABBREV_NO_TTY]) 746 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 747 ;; 748*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 749 check_for_libcrypt_later=1 750 AC_DEFINE([PAM_TTY_KLUDGE]) 751 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 752 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 753 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 754 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 755 ;; 756*-*-linux*) 757 no_dev_ptmx=1 758 use_pie=auto 759 check_for_libcrypt_later=1 760 check_for_openpty_ctty_bug=1 761 AC_DEFINE([PAM_TTY_KLUDGE], [1], 762 [Work around problematic Linux PAM modules handling of PAM_TTY]) 763 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 764 [String used in /etc/passwd to denote locked account]) 765 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 766 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 767 [Define to whatever link() returns for "not supported" 768 if it doesn't return EOPNOTSUPP.]) 769 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 770 AC_DEFINE([USE_BTMP]) 771 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 772 inet6_default_4in6=yes 773 case `uname -r` in 774 1.*|2.0.*) 775 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 776 [Define if cmsg_type is not passed correctly]) 777 ;; 778 esac 779 # tun(4) forwarding compat code 780 AC_CHECK_HEADERS([linux/if_tun.h]) 781 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 782 AC_DEFINE([SSH_TUN_LINUX], [1], 783 [Open tunnel devices the Linux tun/tap way]) 784 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 785 [Use tunnel device compatibility to OpenBSD]) 786 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 787 [Prepend the address family to IP tunnel traffic]) 788 fi 789 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 790 [], [#include <linux/types.h>]) 791 AC_CHECK_FUNCS([prctl]) 792 AC_MSG_CHECKING([for seccomp architecture]) 793 seccomp_audit_arch= 794 case "$host" in 795 x86_64-*) 796 seccomp_audit_arch=AUDIT_ARCH_X86_64 797 ;; 798 i*86-*) 799 seccomp_audit_arch=AUDIT_ARCH_I386 800 ;; 801 arm*-*) 802 seccomp_audit_arch=AUDIT_ARCH_ARM 803 ;; 804 aarch64*-*) 805 seccomp_audit_arch=AUDIT_ARCH_AARCH64 806 ;; 807 s390x-*) 808 seccomp_audit_arch=AUDIT_ARCH_S390X 809 ;; 810 s390-*) 811 seccomp_audit_arch=AUDIT_ARCH_S390 812 ;; 813 powerpc64-*) 814 seccomp_audit_arch=AUDIT_ARCH_PPC64 815 ;; 816 powerpc64le-*) 817 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 818 ;; 819 mips-*) 820 seccomp_audit_arch=AUDIT_ARCH_MIPS 821 ;; 822 mipsel-*) 823 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 824 ;; 825 mips64-*) 826 seccomp_audit_arch=AUDIT_ARCH_MIPS64 827 ;; 828 mips64el-*) 829 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 830 ;; 831 esac 832 if test "x$seccomp_audit_arch" != "x" ; then 833 AC_MSG_RESULT(["$seccomp_audit_arch"]) 834 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 835 [Specify the system call convention in use]) 836 else 837 AC_MSG_RESULT([architecture not supported]) 838 fi 839 ;; 840mips-sony-bsd|mips-sony-newsos4) 841 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 842 SONY=1 843 ;; 844*-*-netbsd*) 845 check_for_libcrypt_before=1 846 if test "x$withval" != "xno" ; then 847 need_dash_r=1 848 fi 849 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 850 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 851 AC_CHECK_HEADER([net/if_tap.h], , 852 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 853 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 854 [Prepend the address family to IP tunnel traffic]) 855 TEST_MALLOC_OPTIONS="AJRX" 856 AC_DEFINE([BROKEN_STRNVIS], [1], 857 [NetBSD strnvis argument order is swapped compared to OpenBSD]) 858 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 859 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 860 ;; 861*-*-freebsd*) 862 check_for_libcrypt_later=1 863 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 864 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 865 AC_CHECK_HEADER([net/if_tap.h], , 866 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 867 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 868 AC_DEFINE([BROKEN_STRNVIS], [1], 869 [FreeBSD strnvis argument order is swapped compared to OpenBSD]) 870 TEST_MALLOC_OPTIONS="AJRX" 871 # Preauth crypto occasionally uses file descriptors for crypto offload 872 # and will crash if they cannot be opened. 873 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 874 [define if setrlimit RLIMIT_NOFILE breaks things]) 875 ;; 876*-*-bsdi*) 877 AC_DEFINE([SETEUID_BREAKS_SETUID]) 878 AC_DEFINE([BROKEN_SETREUID]) 879 AC_DEFINE([BROKEN_SETREGID]) 880 ;; 881*-next-*) 882 conf_lastlog_location="/usr/adm/lastlog" 883 conf_utmp_location=/etc/utmp 884 conf_wtmp_location=/usr/adm/wtmp 885 maildir=/usr/spool/mail 886 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 887 AC_DEFINE([BROKEN_REALPATH]) 888 AC_DEFINE([USE_PIPES]) 889 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 890 ;; 891*-*-openbsd*) 892 use_pie=auto 893 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 894 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 895 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 896 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 897 [syslog_r function is safe to use in in a signal handler]) 898 TEST_MALLOC_OPTIONS="AFGJPRX" 899 ;; 900*-*-solaris*) 901 if test "x$withval" != "xno" ; then 902 need_dash_r=1 903 fi 904 AC_DEFINE([PAM_SUN_CODEBASE]) 905 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 906 AC_DEFINE([LOGIN_NEEDS_TERM], [1], 907 [Some versions of /bin/login need the TERM supplied 908 on the commandline]) 909 AC_DEFINE([PAM_TTY_KLUDGE]) 910 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 911 [Define if pam_chauthtok wants real uid set 912 to the unpriv'ed user]) 913 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 914 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 915 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 916 [Define if sshd somehow reacquires a controlling TTY 917 after setsid()]) 918 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 919 in case the name is longer than 8 chars]) 920 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 921 external_path_file=/etc/default/login 922 # hardwire lastlog location (can't detect it on some versions) 923 conf_lastlog_location="/var/adm/lastlog" 924 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 925 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 926 if test "$sol2ver" -ge 8; then 927 AC_MSG_RESULT([yes]) 928 AC_DEFINE([DISABLE_UTMP]) 929 AC_DEFINE([DISABLE_WTMP], [1], 930 [Define if you don't want to use wtmp]) 931 else 932 AC_MSG_RESULT([no]) 933 fi 934 AC_CHECK_FUNCS([setpflags]) 935 AC_CHECK_FUNCS([setppriv]) 936 AC_CHECK_FUNCS([priv_basicset]) 937 AC_CHECK_HEADERS([priv.h]) 938 AC_ARG_WITH([solaris-contracts], 939 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 940 [ 941 AC_CHECK_LIB([contract], [ct_tmpl_activate], 942 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 943 [Define if you have Solaris process contracts]) 944 LIBS="$LIBS -lcontract" 945 SPC_MSG="yes" ], ) 946 ], 947 ) 948 AC_ARG_WITH([solaris-projects], 949 [ --with-solaris-projects Enable Solaris projects (experimental)], 950 [ 951 AC_CHECK_LIB([project], [setproject], 952 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 953 [Define if you have Solaris projects]) 954 LIBS="$LIBS -lproject" 955 SP_MSG="yes" ], ) 956 ], 957 ) 958 AC_ARG_WITH([solaris-privs], 959 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 960 [ 961 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 962 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 963 "x$ac_cv_header_priv_h" = "xyes" ; then 964 SOLARIS_PRIVS=yes 965 AC_MSG_RESULT([found]) 966 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 967 [Define to disable UID restoration test]) 968 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 969 [Define if you have Solaris privileges]) 970 SPP_MSG="yes" 971 else 972 AC_MSG_RESULT([not found]) 973 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 974 fi 975 ], 976 ) 977 TEST_SHELL=$SHELL # let configure find us a capable shell 978 ;; 979*-*-sunos4*) 980 CPPFLAGS="$CPPFLAGS -DSUNOS4" 981 AC_CHECK_FUNCS([getpwanam]) 982 AC_DEFINE([PAM_SUN_CODEBASE]) 983 conf_utmp_location=/etc/utmp 984 conf_wtmp_location=/var/adm/wtmp 985 conf_lastlog_location=/var/adm/lastlog 986 AC_DEFINE([USE_PIPES]) 987 ;; 988*-ncr-sysv*) 989 LIBS="$LIBS -lc89" 990 AC_DEFINE([USE_PIPES]) 991 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 992 AC_DEFINE([SETEUID_BREAKS_SETUID]) 993 AC_DEFINE([BROKEN_SETREUID]) 994 AC_DEFINE([BROKEN_SETREGID]) 995 ;; 996*-sni-sysv*) 997 # /usr/ucblib MUST NOT be searched on ReliantUNIX 998 AC_CHECK_LIB([dl], [dlsym], ,) 999 # -lresolv needs to be at the end of LIBS or DNS lookups break 1000 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1001 IPADDR_IN_DISPLAY=yes 1002 AC_DEFINE([USE_PIPES]) 1003 AC_DEFINE([IP_TOS_IS_BROKEN]) 1004 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1005 AC_DEFINE([BROKEN_SETREUID]) 1006 AC_DEFINE([BROKEN_SETREGID]) 1007 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1008 external_path_file=/etc/default/login 1009 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1010 # Attention: always take care to bind libsocket and libnsl before libc, 1011 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1012 ;; 1013# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1014*-*-sysv4.2*) 1015 AC_DEFINE([USE_PIPES]) 1016 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1017 AC_DEFINE([BROKEN_SETREUID]) 1018 AC_DEFINE([BROKEN_SETREGID]) 1019 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1020 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1021 TEST_SHELL=$SHELL # let configure find us a capable shell 1022 ;; 1023# UnixWare 7.x, OpenUNIX 8 1024*-*-sysv5*) 1025 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1026 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1027 AC_DEFINE([USE_PIPES]) 1028 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1029 AC_DEFINE([BROKEN_GETADDRINFO]) 1030 AC_DEFINE([BROKEN_SETREUID]) 1031 AC_DEFINE([BROKEN_SETREGID]) 1032 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1033 TEST_SHELL=$SHELL # let configure find us a capable shell 1034 case "$host" in 1035 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1036 maildir=/var/spool/mail 1037 AC_DEFINE([BROKEN_LIBIAF], [1], 1038 [ia_uinfo routines not supported by OS yet]) 1039 AC_DEFINE([BROKEN_UPDWTMPX]) 1040 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1041 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1042 AC_DEFINE([HAVE_SECUREWARE]) 1043 AC_DEFINE([DISABLE_SHADOW]) 1044 ], , ) 1045 ;; 1046 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1047 check_for_libcrypt_later=1 1048 ;; 1049 esac 1050 ;; 1051*-*-sysv*) 1052 ;; 1053# SCO UNIX and OEM versions of SCO UNIX 1054*-*-sco3.2v4*) 1055 AC_MSG_ERROR("This Platform is no longer supported.") 1056 ;; 1057# SCO OpenServer 5.x 1058*-*-sco3.2v5*) 1059 if test -z "$GCC"; then 1060 CFLAGS="$CFLAGS -belf" 1061 fi 1062 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1063 no_dev_ptmx=1 1064 AC_DEFINE([USE_PIPES]) 1065 AC_DEFINE([HAVE_SECUREWARE]) 1066 AC_DEFINE([DISABLE_SHADOW]) 1067 AC_DEFINE([DISABLE_FD_PASSING]) 1068 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1069 AC_DEFINE([BROKEN_GETADDRINFO]) 1070 AC_DEFINE([BROKEN_SETREUID]) 1071 AC_DEFINE([BROKEN_SETREGID]) 1072 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1073 AC_DEFINE([BROKEN_UPDWTMPX]) 1074 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1075 AC_CHECK_FUNCS([getluid setluid]) 1076 MANTYPE=man 1077 TEST_SHELL=$SHELL # let configure find us a capable shell 1078 SKIP_DISABLE_LASTLOG_DEFINE=yes 1079 ;; 1080*-*-unicosmk*) 1081 AC_DEFINE([NO_SSH_LASTLOG], [1], 1082 [Define if you don't want to use lastlog in session.c]) 1083 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1084 AC_DEFINE([BROKEN_SETREUID]) 1085 AC_DEFINE([BROKEN_SETREGID]) 1086 AC_DEFINE([USE_PIPES]) 1087 AC_DEFINE([DISABLE_FD_PASSING]) 1088 LDFLAGS="$LDFLAGS" 1089 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" 1090 MANTYPE=cat 1091 ;; 1092*-*-unicosmp*) 1093 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1094 AC_DEFINE([BROKEN_SETREUID]) 1095 AC_DEFINE([BROKEN_SETREGID]) 1096 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1097 AC_DEFINE([USE_PIPES]) 1098 AC_DEFINE([DISABLE_FD_PASSING]) 1099 LDFLAGS="$LDFLAGS" 1100 LIBS="$LIBS -lgen -lacid -ldb" 1101 MANTYPE=cat 1102 ;; 1103*-*-unicos*) 1104 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1105 AC_DEFINE([BROKEN_SETREUID]) 1106 AC_DEFINE([BROKEN_SETREGID]) 1107 AC_DEFINE([USE_PIPES]) 1108 AC_DEFINE([DISABLE_FD_PASSING]) 1109 AC_DEFINE([NO_SSH_LASTLOG]) 1110 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" 1111 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" 1112 MANTYPE=cat 1113 ;; 1114*-dec-osf*) 1115 AC_MSG_CHECKING([for Digital Unix SIA]) 1116 no_osfsia="" 1117 AC_ARG_WITH([osfsia], 1118 [ --with-osfsia Enable Digital Unix SIA], 1119 [ 1120 if test "x$withval" = "xno" ; then 1121 AC_MSG_RESULT([disabled]) 1122 no_osfsia=1 1123 fi 1124 ], 1125 ) 1126 if test -z "$no_osfsia" ; then 1127 if test -f /etc/sia/matrix.conf; then 1128 AC_MSG_RESULT([yes]) 1129 AC_DEFINE([HAVE_OSF_SIA], [1], 1130 [Define if you have Digital Unix Security 1131 Integration Architecture]) 1132 AC_DEFINE([DISABLE_LOGIN], [1], 1133 [Define if you don't want to use your 1134 system's login() call]) 1135 AC_DEFINE([DISABLE_FD_PASSING]) 1136 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1137 SIA_MSG="yes" 1138 else 1139 AC_MSG_RESULT([no]) 1140 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1141 [String used in /etc/passwd to denote locked account]) 1142 fi 1143 fi 1144 AC_DEFINE([BROKEN_GETADDRINFO]) 1145 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1146 AC_DEFINE([BROKEN_SETREUID]) 1147 AC_DEFINE([BROKEN_SETREGID]) 1148 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1149 ;; 1150 1151*-*-nto-qnx*) 1152 AC_DEFINE([USE_PIPES]) 1153 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1154 AC_DEFINE([DISABLE_LASTLOG]) 1155 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1156 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1157 enable_etc_default_login=no # has incompatible /etc/default/login 1158 case "$host" in 1159 *-*-nto-qnx6*) 1160 AC_DEFINE([DISABLE_FD_PASSING]) 1161 ;; 1162 esac 1163 ;; 1164 1165*-*-ultrix*) 1166 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1167 AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files]) 1168 AC_DEFINE([NEED_SETPGRP]) 1169 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1170 ;; 1171 1172*-*-lynxos) 1173 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1174 AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation]) 1175 ;; 1176esac 1177 1178AC_MSG_CHECKING([compiler and flags for sanity]) 1179AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], 1180 [ AC_MSG_RESULT([yes]) ], 1181 [ 1182 AC_MSG_RESULT([no]) 1183 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1184 ], 1185 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1186) 1187 1188dnl Checks for header files. 1189# Checks for libraries. 1190AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1191 1192dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1193AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1194 AC_CHECK_LIB([gen], [dirname], [ 1195 AC_CACHE_CHECK([for broken dirname], 1196 ac_cv_have_broken_dirname, [ 1197 save_LIBS="$LIBS" 1198 LIBS="$LIBS -lgen" 1199 AC_RUN_IFELSE( 1200 [AC_LANG_SOURCE([[ 1201#include <libgen.h> 1202#include <string.h> 1203 1204int main(int argc, char **argv) { 1205 char *s, buf[32]; 1206 1207 strncpy(buf,"/etc", 32); 1208 s = dirname(buf); 1209 if (!s || strncmp(s, "/", 32) != 0) { 1210 exit(1); 1211 } else { 1212 exit(0); 1213 } 1214} 1215 ]])], 1216 [ ac_cv_have_broken_dirname="no" ], 1217 [ ac_cv_have_broken_dirname="yes" ], 1218 [ ac_cv_have_broken_dirname="no" ], 1219 ) 1220 LIBS="$save_LIBS" 1221 ]) 1222 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1223 LIBS="$LIBS -lgen" 1224 AC_DEFINE([HAVE_DIRNAME]) 1225 AC_CHECK_HEADERS([libgen.h]) 1226 fi 1227 ]) 1228]) 1229 1230AC_CHECK_FUNC([getspnam], , 1231 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1232AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1233 [Define if you have the basename function.])]) 1234 1235dnl zlib is required 1236AC_ARG_WITH([zlib], 1237 [ --with-zlib=PATH Use zlib in PATH], 1238 [ if test "x$withval" = "xno" ; then 1239 AC_MSG_ERROR([*** zlib is required ***]) 1240 elif test "x$withval" != "xyes"; then 1241 if test -d "$withval/lib"; then 1242 if test -n "${need_dash_r}"; then 1243 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1244 else 1245 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1246 fi 1247 else 1248 if test -n "${need_dash_r}"; then 1249 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1250 else 1251 LDFLAGS="-L${withval} ${LDFLAGS}" 1252 fi 1253 fi 1254 if test -d "$withval/include"; then 1255 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1256 else 1257 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1258 fi 1259 fi ] 1260) 1261 1262AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1263AC_CHECK_LIB([z], [deflate], , 1264 [ 1265 saved_CPPFLAGS="$CPPFLAGS" 1266 saved_LDFLAGS="$LDFLAGS" 1267 save_LIBS="$LIBS" 1268 dnl Check default zlib install dir 1269 if test -n "${need_dash_r}"; then 1270 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}" 1271 else 1272 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1273 fi 1274 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1275 LIBS="$LIBS -lz" 1276 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1277 [ 1278 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1279 ] 1280 ) 1281 ] 1282) 1283 1284AC_ARG_WITH([zlib-version-check], 1285 [ --without-zlib-version-check Disable zlib version check], 1286 [ if test "x$withval" = "xno" ; then 1287 zlib_check_nonfatal=1 1288 fi 1289 ] 1290) 1291 1292AC_MSG_CHECKING([for possibly buggy zlib]) 1293AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1294#include <stdio.h> 1295#include <stdlib.h> 1296#include <zlib.h> 1297 ]], 1298 [[ 1299 int a=0, b=0, c=0, d=0, n, v; 1300 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1301 if (n != 3 && n != 4) 1302 exit(1); 1303 v = a*1000000 + b*10000 + c*100 + d; 1304 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1305 1306 /* 1.1.4 is OK */ 1307 if (a == 1 && b == 1 && c >= 4) 1308 exit(0); 1309 1310 /* 1.2.3 and up are OK */ 1311 if (v >= 1020300) 1312 exit(0); 1313 1314 exit(2); 1315 ]])], 1316 AC_MSG_RESULT([no]), 1317 [ AC_MSG_RESULT([yes]) 1318 if test -z "$zlib_check_nonfatal" ; then 1319 AC_MSG_ERROR([*** zlib too old - check config.log *** 1320Your reported zlib version has known security problems. It's possible your 1321vendor has fixed these problems without changing the version number. If you 1322are sure this is the case, you can disable the check by running 1323"./configure --without-zlib-version-check". 1324If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1325See http://www.gzip.org/zlib/ for details.]) 1326 else 1327 AC_MSG_WARN([zlib version may have security problems]) 1328 fi 1329 ], 1330 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1331) 1332 1333dnl UnixWare 2.x 1334AC_CHECK_FUNC([strcasecmp], 1335 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1336) 1337AC_CHECK_FUNCS([utimes], 1338 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1339 LIBS="$LIBS -lc89"]) ] 1340) 1341 1342dnl Checks for libutil functions 1343AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1344AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1345AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1346AC_SEARCH_LIBS([login], [util bsd]) 1347AC_SEARCH_LIBS([logout], [util bsd]) 1348AC_SEARCH_LIBS([logwtmp], [util bsd]) 1349AC_SEARCH_LIBS([openpty], [util bsd]) 1350AC_SEARCH_LIBS([updwtmp], [util bsd]) 1351AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1352 1353# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1354# or libnsl. 1355AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1356AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1357 1358AC_FUNC_STRFTIME 1359 1360# Check for ALTDIRFUNC glob() extension 1361AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1362AC_EGREP_CPP([FOUNDIT], 1363 [ 1364 #include <glob.h> 1365 #ifdef GLOB_ALTDIRFUNC 1366 FOUNDIT 1367 #endif 1368 ], 1369 [ 1370 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1371 [Define if your system glob() function has 1372 the GLOB_ALTDIRFUNC extension]) 1373 AC_MSG_RESULT([yes]) 1374 ], 1375 [ 1376 AC_MSG_RESULT([no]) 1377 ] 1378) 1379 1380# Check for g.gl_matchc glob() extension 1381AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1382AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1383 [[ glob_t g; g.gl_matchc = 1; ]])], 1384 [ 1385 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1386 [Define if your system glob() function has 1387 gl_matchc options in glob_t]) 1388 AC_MSG_RESULT([yes]) 1389 ], [ 1390 AC_MSG_RESULT([no]) 1391]) 1392 1393# Check for g.gl_statv glob() extension 1394AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1395AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1396#ifndef GLOB_KEEPSTAT 1397#error "glob does not support GLOB_KEEPSTAT extension" 1398#endif 1399glob_t g; 1400g.gl_statv = NULL; 1401]])], 1402 [ 1403 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1404 [Define if your system glob() function has 1405 gl_statv options in glob_t]) 1406 AC_MSG_RESULT([yes]) 1407 ], [ 1408 AC_MSG_RESULT([no]) 1409 1410]) 1411 1412AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1413 1414AC_CHECK_DECL([VIS_ALL], , 1415 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1416 1417AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1418AC_RUN_IFELSE( 1419 [AC_LANG_PROGRAM([[ 1420#include <sys/types.h> 1421#include <dirent.h>]], 1422 [[ 1423 struct dirent d; 1424 exit(sizeof(d.d_name)<=sizeof(char)); 1425 ]])], 1426 [AC_MSG_RESULT([yes])], 1427 [ 1428 AC_MSG_RESULT([no]) 1429 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1430 [Define if your struct dirent expects you to 1431 allocate extra space for d_name]) 1432 ], 1433 [ 1434 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1435 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1436 ] 1437) 1438 1439AC_MSG_CHECKING([for /proc/pid/fd directory]) 1440if test -d "/proc/$$/fd" ; then 1441 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1442 AC_MSG_RESULT([yes]) 1443else 1444 AC_MSG_RESULT([no]) 1445fi 1446 1447# Check whether user wants S/Key support 1448SKEY_MSG="no" 1449AC_ARG_WITH([skey], 1450 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)], 1451 [ 1452 if test "x$withval" != "xno" ; then 1453 1454 if test "x$withval" != "xyes" ; then 1455 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1456 LDFLAGS="$LDFLAGS -L${withval}/lib" 1457 fi 1458 1459 AC_DEFINE([SKEY], [1], [Define if you want S/Key support]) 1460 LIBS="-lskey $LIBS" 1461 SKEY_MSG="yes" 1462 1463 AC_MSG_CHECKING([for s/key support]) 1464 AC_LINK_IFELSE( 1465 [AC_LANG_PROGRAM([[ 1466#include <stdio.h> 1467#include <skey.h> 1468 ]], [[ 1469 char *ff = skey_keyinfo(""); ff=""; 1470 exit(0); 1471 ]])], 1472 [AC_MSG_RESULT([yes])], 1473 [ 1474 AC_MSG_RESULT([no]) 1475 AC_MSG_ERROR([** Incomplete or missing s/key libraries.]) 1476 ]) 1477 AC_MSG_CHECKING([if skeychallenge takes 4 arguments]) 1478 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1479#include <stdio.h> 1480#include <skey.h> 1481 ]], [[ 1482 (void)skeychallenge(NULL,"name","",0); 1483 ]])], 1484 [ 1485 AC_MSG_RESULT([yes]) 1486 AC_DEFINE([SKEYCHALLENGE_4ARG], [1], 1487 [Define if your skeychallenge() 1488 function takes 4 arguments (NetBSD)])], 1489 [ 1490 AC_MSG_RESULT([no]) 1491 ]) 1492 fi 1493 ] 1494) 1495 1496# Check whether user wants TCP wrappers support 1497TCPW_MSG="no" 1498AC_ARG_WITH([tcp-wrappers], 1499 [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], 1500 [ 1501 if test "x$withval" != "xno" ; then 1502 saved_LIBS="$LIBS" 1503 saved_LDFLAGS="$LDFLAGS" 1504 saved_CPPFLAGS="$CPPFLAGS" 1505 if test -n "${withval}" && \ 1506 test "x${withval}" != "xyes"; then 1507 if test -d "${withval}/lib"; then 1508 if test -n "${need_dash_r}"; then 1509 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1510 else 1511 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1512 fi 1513 else 1514 if test -n "${need_dash_r}"; then 1515 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1516 else 1517 LDFLAGS="-L${withval} ${LDFLAGS}" 1518 fi 1519 fi 1520 if test -d "${withval}/include"; then 1521 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1522 else 1523 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1524 fi 1525 fi 1526 LIBS="-lwrap $LIBS" 1527 AC_MSG_CHECKING([for libwrap]) 1528 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 1529#include <sys/types.h> 1530#include <sys/socket.h> 1531#include <netinet/in.h> 1532#include <tcpd.h> 1533int deny_severity = 0, allow_severity = 0; 1534 ]], [[ 1535 hosts_access(0); 1536 ]])], [ 1537 AC_MSG_RESULT([yes]) 1538 AC_DEFINE([LIBWRAP], [1], 1539 [Define if you want 1540 TCP Wrappers support]) 1541 SSHDLIBS="$SSHDLIBS -lwrap" 1542 TCPW_MSG="yes" 1543 ], [ 1544 AC_MSG_ERROR([*** libwrap missing]) 1545 1546 ]) 1547 LIBS="$saved_LIBS" 1548 fi 1549 ] 1550) 1551 1552# Check whether user wants to use ldns 1553LDNS_MSG="no" 1554AC_ARG_WITH(ldns, 1555 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1556 [ 1557 if test "x$withval" != "xno" ; then 1558 1559 if test "x$withval" != "xyes" ; then 1560 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1561 LDFLAGS="$LDFLAGS -L${withval}/lib" 1562 fi 1563 1564 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1565 LIBS="-lldns $LIBS" 1566 LDNS_MSG="yes" 1567 1568 AC_MSG_CHECKING([for ldns support]) 1569 AC_LINK_IFELSE( 1570 [AC_LANG_SOURCE([[ 1571#include <stdio.h> 1572#include <stdlib.h> 1573#include <stdint.h> 1574#include <ldns/ldns.h> 1575int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1576 ]]) 1577 ], 1578 [AC_MSG_RESULT(yes)], 1579 [ 1580 AC_MSG_RESULT(no) 1581 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1582 ]) 1583 fi 1584 ] 1585) 1586 1587# Check whether user wants libedit support 1588LIBEDIT_MSG="no" 1589AC_ARG_WITH([libedit], 1590 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1591 [ if test "x$withval" != "xno" ; then 1592 if test "x$withval" = "xyes" ; then 1593 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1594 if test "x$PKGCONFIG" != "xno"; then 1595 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1596 if "$PKGCONFIG" libedit; then 1597 AC_MSG_RESULT([yes]) 1598 use_pkgconfig_for_libedit=yes 1599 else 1600 AC_MSG_RESULT([no]) 1601 fi 1602 fi 1603 else 1604 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1605 if test -n "${need_dash_r}"; then 1606 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1607 else 1608 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1609 fi 1610 fi 1611 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1612 LIBEDIT=`$PKGCONFIG --libs libedit` 1613 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1614 else 1615 LIBEDIT="-ledit -lcurses" 1616 fi 1617 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1618 AC_CHECK_LIB([edit], [el_init], 1619 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1620 LIBEDIT_MSG="yes" 1621 AC_SUBST([LIBEDIT]) 1622 ], 1623 [ AC_MSG_ERROR([libedit not found]) ], 1624 [ $OTHERLIBS ] 1625 ) 1626 AC_MSG_CHECKING([if libedit version is compatible]) 1627 AC_COMPILE_IFELSE( 1628 [AC_LANG_PROGRAM([[ #include <histedit.h> ]], 1629 [[ 1630 int i = H_SETSIZE; 1631 el_init("", NULL, NULL, NULL); 1632 exit(0); 1633 ]])], 1634 [ AC_MSG_RESULT([yes]) ], 1635 [ AC_MSG_RESULT([no]) 1636 AC_MSG_ERROR([libedit version is not compatible]) ] 1637 ) 1638 fi ] 1639) 1640 1641AUDIT_MODULE=none 1642AC_ARG_WITH([audit], 1643 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1644 [ 1645 AC_MSG_CHECKING([for supported audit module]) 1646 case "$withval" in 1647 bsm) 1648 AC_MSG_RESULT([bsm]) 1649 AUDIT_MODULE=bsm 1650 dnl Checks for headers, libs and functions 1651 AC_CHECK_HEADERS([bsm/audit.h], [], 1652 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1653 [ 1654#ifdef HAVE_TIME_H 1655# include <time.h> 1656#endif 1657 ] 1658) 1659 AC_CHECK_LIB([bsm], [getaudit], [], 1660 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1661 AC_CHECK_FUNCS([getaudit], [], 1662 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1663 # These are optional 1664 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1665 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1666 if test "$sol2ver" -ge 11; then 1667 SSHDLIBS="$SSHDLIBS -lscf" 1668 AC_DEFINE([BROKEN_BSM_API], [1], 1669 [The system has incomplete BSM API]) 1670 fi 1671 ;; 1672 linux) 1673 AC_MSG_RESULT([linux]) 1674 AUDIT_MODULE=linux 1675 dnl Checks for headers, libs and functions 1676 AC_CHECK_HEADERS([libaudit.h]) 1677 SSHDLIBS="$SSHDLIBS -laudit" 1678 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1679 ;; 1680 debug) 1681 AUDIT_MODULE=debug 1682 AC_MSG_RESULT([debug]) 1683 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1684 ;; 1685 no) 1686 AC_MSG_RESULT([no]) 1687 ;; 1688 *) 1689 AC_MSG_ERROR([Unknown audit module $withval]) 1690 ;; 1691 esac ] 1692) 1693 1694AC_ARG_WITH([pie], 1695 [ --with-pie Build Position Independent Executables if possible], [ 1696 if test "x$withval" = "xno"; then 1697 use_pie=no 1698 fi 1699 if test "x$withval" = "xyes"; then 1700 use_pie=yes 1701 fi 1702 ] 1703) 1704if test "x$use_pie" = "x"; then 1705 use_pie=no 1706fi 1707if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1708 # Turn off automatic PIE when toolchain hardening is off. 1709 use_pie=no 1710fi 1711if test "x$use_pie" = "xauto"; then 1712 # Automatic PIE requires gcc >= 4.x 1713 AC_MSG_CHECKING([for gcc >= 4.x]) 1714 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1715#if !defined(__GNUC__) || __GNUC__ < 4 1716#error gcc is too old 1717#endif 1718]])], 1719 [ AC_MSG_RESULT([yes]) ], 1720 [ AC_MSG_RESULT([no]) 1721 use_pie=no ] 1722) 1723fi 1724if test "x$use_pie" != "xno"; then 1725 SAVED_CFLAGS="$CFLAGS" 1726 SAVED_LDFLAGS="$LDFLAGS" 1727 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1728 OSSH_CHECK_LDFLAG_LINK([-pie]) 1729 # We use both -fPIE and -pie or neither. 1730 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1731 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1732 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1733 AC_MSG_RESULT([yes]) 1734 else 1735 AC_MSG_RESULT([no]) 1736 CFLAGS="$SAVED_CFLAGS" 1737 LDFLAGS="$SAVED_LDFLAGS" 1738 fi 1739fi 1740 1741dnl Checks for library functions. Please keep in alphabetical order 1742AC_CHECK_FUNCS([ \ 1743 Blowfish_initstate \ 1744 Blowfish_expandstate \ 1745 Blowfish_expand0state \ 1746 Blowfish_stream2word \ 1747 asprintf \ 1748 b64_ntop \ 1749 __b64_ntop \ 1750 b64_pton \ 1751 __b64_pton \ 1752 bcopy \ 1753 bcrypt_pbkdf \ 1754 bindresvport_sa \ 1755 blf_enc \ 1756 cap_rights_limit \ 1757 clock \ 1758 closefrom \ 1759 dirfd \ 1760 endgrent \ 1761 err \ 1762 errx \ 1763 explicit_bzero \ 1764 fchmod \ 1765 fchown \ 1766 freeaddrinfo \ 1767 fstatfs \ 1768 fstatvfs \ 1769 futimes \ 1770 getaddrinfo \ 1771 getcwd \ 1772 getgrouplist \ 1773 getnameinfo \ 1774 getopt \ 1775 getpeereid \ 1776 getpeerucred \ 1777 getpgid \ 1778 getpgrp \ 1779 _getpty \ 1780 getrlimit \ 1781 getttyent \ 1782 glob \ 1783 group_from_gid \ 1784 inet_aton \ 1785 inet_ntoa \ 1786 inet_ntop \ 1787 innetgr \ 1788 login_getcapbool \ 1789 md5_crypt \ 1790 memmove \ 1791 memset_s \ 1792 mkdtemp \ 1793 mmap \ 1794 ngetaddrinfo \ 1795 nsleep \ 1796 ogetaddrinfo \ 1797 openlog_r \ 1798 pledge \ 1799 poll \ 1800 prctl \ 1801 pstat \ 1802 readpassphrase \ 1803 reallocarray \ 1804 recvmsg \ 1805 rresvport_af \ 1806 sendmsg \ 1807 setdtablesize \ 1808 setegid \ 1809 setenv \ 1810 seteuid \ 1811 setgroupent \ 1812 setgroups \ 1813 setlinebuf \ 1814 setlogin \ 1815 setpassent\ 1816 setpcred \ 1817 setproctitle \ 1818 setregid \ 1819 setreuid \ 1820 setrlimit \ 1821 setsid \ 1822 setvbuf \ 1823 sigaction \ 1824 sigvec \ 1825 snprintf \ 1826 socketpair \ 1827 statfs \ 1828 statvfs \ 1829 strdup \ 1830 strerror \ 1831 strlcat \ 1832 strlcpy \ 1833 strmode \ 1834 strnlen \ 1835 strnvis \ 1836 strptime \ 1837 strtonum \ 1838 strtoll \ 1839 strtoul \ 1840 strtoull \ 1841 swap32 \ 1842 sysconf \ 1843 tcgetpgrp \ 1844 timingsafe_bcmp \ 1845 truncate \ 1846 unsetenv \ 1847 updwtmpx \ 1848 user_from_uid \ 1849 usleep \ 1850 vasprintf \ 1851 vsnprintf \ 1852 waitpid \ 1853 warn \ 1854]) 1855 1856dnl Wide character support. Linux man page says it needs _XOPEN_SOURCE. 1857saved_CFLAGS="$CFLAGS" 1858CFLAGS="$CFLAGS -D_XOPEN_SOURCE" 1859AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1860CFLAGS="$saved_CFLAGS" 1861 1862AC_LINK_IFELSE( 1863 [AC_LANG_PROGRAM( 1864 [[ #include <ctype.h> ]], 1865 [[ return (isblank('a')); ]])], 1866 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1867]) 1868 1869disable_pkcs11= 1870AC_ARG_ENABLE([pkcs11], 1871 [ --disable-pkcs11 disable PKCS#11 support code [no]], 1872 [ 1873 if test "x$enableval" = "xno" ; then 1874 disable_pkcs11=1 1875 fi 1876 ] 1877) 1878 1879# PKCS11 depends on OpenSSL. 1880if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then 1881 # PKCS#11 support requires dlopen() and co 1882 AC_SEARCH_LIBS([dlopen], [dl], 1883 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])] 1884 ) 1885fi 1886 1887# IRIX has a const char return value for gai_strerror() 1888AC_CHECK_FUNCS([gai_strerror], [ 1889 AC_DEFINE([HAVE_GAI_STRERROR]) 1890 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1891#include <sys/types.h> 1892#include <sys/socket.h> 1893#include <netdb.h> 1894 1895const char *gai_strerror(int); 1896 ]], [[ 1897 char *str; 1898 str = gai_strerror(0); 1899 ]])], [ 1900 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1901 [Define if gai_strerror() returns const char *])], [])]) 1902 1903AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1904 [Some systems put nanosleep outside of libc])]) 1905 1906AC_SEARCH_LIBS([clock_gettime], [rt], 1907 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1908 1909dnl Make sure prototypes are defined for these before using them. 1910AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])]) 1911AC_CHECK_DECL([strsep], 1912 [AC_CHECK_FUNCS([strsep])], 1913 [], 1914 [ 1915#ifdef HAVE_STRING_H 1916# include <string.h> 1917#endif 1918 ]) 1919 1920dnl tcsendbreak might be a macro 1921AC_CHECK_DECL([tcsendbreak], 1922 [AC_DEFINE([HAVE_TCSENDBREAK])], 1923 [AC_CHECK_FUNCS([tcsendbreak])], 1924 [#include <termios.h>] 1925) 1926 1927AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 1928 1929AC_CHECK_DECLS([SHUT_RD], , , 1930 [ 1931#include <sys/types.h> 1932#include <sys/socket.h> 1933 ]) 1934 1935AC_CHECK_DECLS([O_NONBLOCK], , , 1936 [ 1937#include <sys/types.h> 1938#ifdef HAVE_SYS_STAT_H 1939# include <sys/stat.h> 1940#endif 1941#ifdef HAVE_FCNTL_H 1942# include <fcntl.h> 1943#endif 1944 ]) 1945 1946AC_CHECK_DECLS([writev], , , [ 1947#include <sys/types.h> 1948#include <sys/uio.h> 1949#include <unistd.h> 1950 ]) 1951 1952AC_CHECK_DECLS([MAXSYMLINKS], , , [ 1953#include <sys/param.h> 1954 ]) 1955 1956AC_CHECK_DECLS([offsetof], , , [ 1957#include <stddef.h> 1958 ]) 1959 1960# extra bits for select(2) 1961AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 1962#include <sys/param.h> 1963#include <sys/types.h> 1964#ifdef HAVE_SYS_SYSMACROS_H 1965#include <sys/sysmacros.h> 1966#endif 1967#ifdef HAVE_SYS_SELECT_H 1968#include <sys/select.h> 1969#endif 1970#ifdef HAVE_SYS_TIME_H 1971#include <sys/time.h> 1972#endif 1973#ifdef HAVE_UNISTD_H 1974#include <unistd.h> 1975#endif 1976 ]]) 1977AC_CHECK_TYPES([fd_mask], [], [], [[ 1978#include <sys/param.h> 1979#include <sys/types.h> 1980#ifdef HAVE_SYS_SELECT_H 1981#include <sys/select.h> 1982#endif 1983#ifdef HAVE_SYS_TIME_H 1984#include <sys/time.h> 1985#endif 1986#ifdef HAVE_UNISTD_H 1987#include <unistd.h> 1988#endif 1989 ]]) 1990 1991AC_CHECK_FUNCS([setresuid], [ 1992 dnl Some platorms have setresuid that isn't implemented, test for this 1993 AC_MSG_CHECKING([if setresuid seems to work]) 1994 AC_RUN_IFELSE( 1995 [AC_LANG_PROGRAM([[ 1996#include <stdlib.h> 1997#include <errno.h> 1998 ]], [[ 1999 errno=0; 2000 setresuid(0,0,0); 2001 if (errno==ENOSYS) 2002 exit(1); 2003 else 2004 exit(0); 2005 ]])], 2006 [AC_MSG_RESULT([yes])], 2007 [AC_DEFINE([BROKEN_SETRESUID], [1], 2008 [Define if your setresuid() is broken]) 2009 AC_MSG_RESULT([not implemented])], 2010 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2011 ) 2012]) 2013 2014AC_CHECK_FUNCS([setresgid], [ 2015 dnl Some platorms have setresgid that isn't implemented, test for this 2016 AC_MSG_CHECKING([if setresgid seems to work]) 2017 AC_RUN_IFELSE( 2018 [AC_LANG_PROGRAM([[ 2019#include <stdlib.h> 2020#include <errno.h> 2021 ]], [[ 2022 errno=0; 2023 setresgid(0,0,0); 2024 if (errno==ENOSYS) 2025 exit(1); 2026 else 2027 exit(0); 2028 ]])], 2029 [AC_MSG_RESULT([yes])], 2030 [AC_DEFINE([BROKEN_SETRESGID], [1], 2031 [Define if your setresgid() is broken]) 2032 AC_MSG_RESULT([not implemented])], 2033 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2034 ) 2035]) 2036 2037AC_CHECK_FUNCS([realpath], [ 2038 dnl the sftp v3 spec says SSH_FXP_REALPATH will "canonicalize any given 2039 dnl path name", however some implementations of realpath (and some 2040 dnl versions of the POSIX spec) do not work on non-existent files, 2041 dnl so we use the OpenBSD implementation on those platforms. 2042 AC_MSG_CHECKING([if realpath works with non-existent files]) 2043 AC_RUN_IFELSE( 2044 [AC_LANG_PROGRAM([[ 2045#include <limits.h> 2046#include <stdlib.h> 2047#include <errno.h> 2048 ]], [[ 2049 char buf[PATH_MAX]; 2050 if (realpath("/opensshnonexistentfilename1234", buf) == NULL) 2051 if (errno == ENOENT) 2052 exit(1); 2053 exit(0); 2054 ]])], 2055 [AC_MSG_RESULT([yes])], 2056 [AC_DEFINE([BROKEN_REALPATH], [1], 2057 [realpath does not work with nonexistent files]) 2058 AC_MSG_RESULT([no])], 2059 [AC_MSG_WARN([cross compiling: assuming working])] 2060 ) 2061]) 2062 2063dnl Checks for time functions 2064AC_CHECK_FUNCS([gettimeofday time]) 2065dnl Checks for utmp functions 2066AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2067AC_CHECK_FUNCS([utmpname]) 2068dnl Checks for utmpx functions 2069AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2070AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2071dnl Checks for lastlog functions 2072AC_CHECK_FUNCS([getlastlogxbyname]) 2073 2074AC_CHECK_FUNC([daemon], 2075 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2076 [AC_CHECK_LIB([bsd], [daemon], 2077 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2078) 2079 2080AC_CHECK_FUNC([getpagesize], 2081 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2082 [Define if your libraries define getpagesize()])], 2083 [AC_CHECK_LIB([ucb], [getpagesize], 2084 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2085) 2086 2087# Check for broken snprintf 2088if test "x$ac_cv_func_snprintf" = "xyes" ; then 2089 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2090 AC_RUN_IFELSE( 2091 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 2092 [[ 2093 char b[5]; 2094 snprintf(b,5,"123456789"); 2095 exit(b[4]!='\0'); 2096 ]])], 2097 [AC_MSG_RESULT([yes])], 2098 [ 2099 AC_MSG_RESULT([no]) 2100 AC_DEFINE([BROKEN_SNPRINTF], [1], 2101 [Define if your snprintf is busted]) 2102 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2103 ], 2104 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2105 ) 2106fi 2107 2108# We depend on vsnprintf returning the right thing on overflow: the 2109# number of characters it tried to create (as per SUSv3) 2110if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2111 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2112 AC_RUN_IFELSE( 2113 [AC_LANG_PROGRAM([[ 2114#include <sys/types.h> 2115#include <stdio.h> 2116#include <stdarg.h> 2117 2118int x_snprintf(char *str, size_t count, const char *fmt, ...) 2119{ 2120 size_t ret; 2121 va_list ap; 2122 2123 va_start(ap, fmt); 2124 ret = vsnprintf(str, count, fmt, ap); 2125 va_end(ap); 2126 return ret; 2127} 2128 ]], [[ 2129char x[1]; 2130if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2131 return 1; 2132if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2133 return 1; 2134return 0; 2135 ]])], 2136 [AC_MSG_RESULT([yes])], 2137 [ 2138 AC_MSG_RESULT([no]) 2139 AC_DEFINE([BROKEN_SNPRINTF], [1], 2140 [Define if your snprintf is busted]) 2141 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2142 ], 2143 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2144 ) 2145fi 2146 2147# On systems where [v]snprintf is broken, but is declared in stdio, 2148# check that the fmt argument is const char * or just char *. 2149# This is only useful for when BROKEN_SNPRINTF 2150AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2151AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2152#include <stdio.h> 2153int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2154 ]], [[ 2155 snprintf(0, 0, 0); 2156 ]])], 2157 [AC_MSG_RESULT([yes]) 2158 AC_DEFINE([SNPRINTF_CONST], [const], 2159 [Define as const if snprintf() can declare const char *fmt])], 2160 [AC_MSG_RESULT([no]) 2161 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2162 2163# Check for missing getpeereid (or equiv) support 2164NO_PEERCHECK="" 2165if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2166 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2167 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2168#include <sys/types.h> 2169#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2170 [ AC_MSG_RESULT([yes]) 2171 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2172 ], [AC_MSG_RESULT([no]) 2173 NO_PEERCHECK=1 2174 ]) 2175fi 2176 2177dnl see whether mkstemp() requires XXXXXX 2178if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 2179AC_MSG_CHECKING([for (overly) strict mkstemp]) 2180AC_RUN_IFELSE( 2181 [AC_LANG_PROGRAM([[ 2182#include <stdlib.h> 2183 ]], [[ 2184 char template[]="conftest.mkstemp-test"; 2185 if (mkstemp(template) == -1) 2186 exit(1); 2187 unlink(template); 2188 exit(0); 2189 ]])], 2190 [ 2191 AC_MSG_RESULT([no]) 2192 ], 2193 [ 2194 AC_MSG_RESULT([yes]) 2195 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) 2196 ], 2197 [ 2198 AC_MSG_RESULT([yes]) 2199 AC_DEFINE([HAVE_STRICT_MKSTEMP]) 2200 ] 2201) 2202fi 2203 2204dnl make sure that openpty does not reacquire controlling terminal 2205if test ! -z "$check_for_openpty_ctty_bug"; then 2206 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2207 AC_RUN_IFELSE( 2208 [AC_LANG_PROGRAM([[ 2209#include <stdio.h> 2210#include <sys/fcntl.h> 2211#include <sys/types.h> 2212#include <sys/wait.h> 2213 ]], [[ 2214 pid_t pid; 2215 int fd, ptyfd, ttyfd, status; 2216 2217 pid = fork(); 2218 if (pid < 0) { /* failed */ 2219 exit(1); 2220 } else if (pid > 0) { /* parent */ 2221 waitpid(pid, &status, 0); 2222 if (WIFEXITED(status)) 2223 exit(WEXITSTATUS(status)); 2224 else 2225 exit(2); 2226 } else { /* child */ 2227 close(0); close(1); close(2); 2228 setsid(); 2229 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2230 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2231 if (fd >= 0) 2232 exit(3); /* Acquired ctty: broken */ 2233 else 2234 exit(0); /* Did not acquire ctty: OK */ 2235 } 2236 ]])], 2237 [ 2238 AC_MSG_RESULT([yes]) 2239 ], 2240 [ 2241 AC_MSG_RESULT([no]) 2242 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2243 ], 2244 [ 2245 AC_MSG_RESULT([cross-compiling, assuming yes]) 2246 ] 2247 ) 2248fi 2249 2250if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2251 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2252 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2253 AC_RUN_IFELSE( 2254 [AC_LANG_PROGRAM([[ 2255#include <stdio.h> 2256#include <sys/socket.h> 2257#include <netdb.h> 2258#include <errno.h> 2259#include <netinet/in.h> 2260 2261#define TEST_PORT "2222" 2262 ]], [[ 2263 int err, sock; 2264 struct addrinfo *gai_ai, *ai, hints; 2265 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2266 2267 memset(&hints, 0, sizeof(hints)); 2268 hints.ai_family = PF_UNSPEC; 2269 hints.ai_socktype = SOCK_STREAM; 2270 hints.ai_flags = AI_PASSIVE; 2271 2272 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2273 if (err != 0) { 2274 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2275 exit(1); 2276 } 2277 2278 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2279 if (ai->ai_family != AF_INET6) 2280 continue; 2281 2282 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2283 sizeof(ntop), strport, sizeof(strport), 2284 NI_NUMERICHOST|NI_NUMERICSERV); 2285 2286 if (err != 0) { 2287 if (err == EAI_SYSTEM) 2288 perror("getnameinfo EAI_SYSTEM"); 2289 else 2290 fprintf(stderr, "getnameinfo failed: %s\n", 2291 gai_strerror(err)); 2292 exit(2); 2293 } 2294 2295 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2296 if (sock < 0) 2297 perror("socket"); 2298 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2299 if (errno == EBADF) 2300 exit(3); 2301 } 2302 } 2303 exit(0); 2304 ]])], 2305 [ 2306 AC_MSG_RESULT([yes]) 2307 ], 2308 [ 2309 AC_MSG_RESULT([no]) 2310 AC_DEFINE([BROKEN_GETADDRINFO]) 2311 ], 2312 [ 2313 AC_MSG_RESULT([cross-compiling, assuming yes]) 2314 ] 2315 ) 2316fi 2317 2318if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2319 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2320 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2321 AC_RUN_IFELSE( 2322 [AC_LANG_PROGRAM([[ 2323#include <stdio.h> 2324#include <sys/socket.h> 2325#include <netdb.h> 2326#include <errno.h> 2327#include <netinet/in.h> 2328 2329#define TEST_PORT "2222" 2330 ]], [[ 2331 int err, sock; 2332 struct addrinfo *gai_ai, *ai, hints; 2333 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2334 2335 memset(&hints, 0, sizeof(hints)); 2336 hints.ai_family = PF_UNSPEC; 2337 hints.ai_socktype = SOCK_STREAM; 2338 hints.ai_flags = AI_PASSIVE; 2339 2340 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2341 if (err != 0) { 2342 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2343 exit(1); 2344 } 2345 2346 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2347 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2348 continue; 2349 2350 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2351 sizeof(ntop), strport, sizeof(strport), 2352 NI_NUMERICHOST|NI_NUMERICSERV); 2353 2354 if (ai->ai_family == AF_INET && err != 0) { 2355 perror("getnameinfo"); 2356 exit(2); 2357 } 2358 } 2359 exit(0); 2360 ]])], 2361 [ 2362 AC_MSG_RESULT([yes]) 2363 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2364 [Define if you have a getaddrinfo that fails 2365 for the all-zeros IPv6 address]) 2366 ], 2367 [ 2368 AC_MSG_RESULT([no]) 2369 AC_DEFINE([BROKEN_GETADDRINFO]) 2370 ], 2371 [ 2372 AC_MSG_RESULT([cross-compiling, assuming no]) 2373 ] 2374 ) 2375fi 2376 2377if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2378 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2379 [#include <sys/types.h> 2380 #include <sys/socket.h> 2381 #include <netdb.h>]) 2382fi 2383 2384if test "x$check_for_conflicting_getspnam" = "x1"; then 2385 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2386 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]], 2387 [[ exit(0); ]])], 2388 [ 2389 AC_MSG_RESULT([no]) 2390 ], 2391 [ 2392 AC_MSG_RESULT([yes]) 2393 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2394 [Conflicting defs for getspnam]) 2395 ] 2396 ) 2397fi 2398 2399AC_FUNC_GETPGRP 2400 2401# Search for OpenSSL 2402saved_CPPFLAGS="$CPPFLAGS" 2403saved_LDFLAGS="$LDFLAGS" 2404AC_ARG_WITH([ssl-dir], 2405 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2406 [ 2407 if test "x$openssl" = "xno" ; then 2408 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2409 fi 2410 if test "x$withval" != "xno" ; then 2411 case "$withval" in 2412 # Relative paths 2413 ./*|../*) withval="`pwd`/$withval" 2414 esac 2415 if test -d "$withval/lib"; then 2416 if test -n "${need_dash_r}"; then 2417 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 2418 else 2419 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2420 fi 2421 elif test -d "$withval/lib64"; then 2422 if test -n "${need_dash_r}"; then 2423 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}" 2424 else 2425 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2426 fi 2427 else 2428 if test -n "${need_dash_r}"; then 2429 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 2430 else 2431 LDFLAGS="-L${withval} ${LDFLAGS}" 2432 fi 2433 fi 2434 if test -d "$withval/include"; then 2435 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2436 else 2437 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2438 fi 2439 fi 2440 ] 2441) 2442 2443AC_ARG_WITH([openssl-header-check], 2444 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2445 [ 2446 if test "x$withval" = "xno" ; then 2447 openssl_check_nonfatal=1 2448 fi 2449 ] 2450) 2451 2452openssl_engine=no 2453AC_ARG_WITH([ssl-engine], 2454 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2455 [ 2456 if test "x$withval" != "xno" ; then 2457 if test "x$openssl" = "xno" ; then 2458 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2459 fi 2460 openssl_engine=yes 2461 fi 2462 ] 2463) 2464 2465if test "x$openssl" = "xyes" ; then 2466 LIBS="-lcrypto $LIBS" 2467 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1], 2468 [Define if your ssl headers are included 2469 with #include <openssl/header.h>])], 2470 [ 2471 dnl Check default openssl install dir 2472 if test -n "${need_dash_r}"; then 2473 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" 2474 else 2475 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" 2476 fi 2477 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" 2478 AC_CHECK_HEADER([openssl/opensslv.h], , 2479 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2480 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])], 2481 [ 2482 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***]) 2483 ] 2484 ) 2485 ] 2486 ) 2487 2488 # Determine OpenSSL header version 2489 AC_MSG_CHECKING([OpenSSL header version]) 2490 AC_RUN_IFELSE( 2491 [AC_LANG_PROGRAM([[ 2492 #include <stdlib.h> 2493 #include <stdio.h> 2494 #include <string.h> 2495 #include <openssl/opensslv.h> 2496 #define DATA "conftest.sslincver" 2497 ]], [[ 2498 FILE *fd; 2499 int rc; 2500 2501 fd = fopen(DATA,"w"); 2502 if(fd == NULL) 2503 exit(1); 2504 2505 if ((rc = fprintf(fd, "%08lx (%s)\n", 2506 (unsigned long)OPENSSL_VERSION_NUMBER, 2507 OPENSSL_VERSION_TEXT)) < 0) 2508 exit(1); 2509 2510 exit(0); 2511 ]])], 2512 [ 2513 ssl_header_ver=`cat conftest.sslincver` 2514 AC_MSG_RESULT([$ssl_header_ver]) 2515 ], 2516 [ 2517 AC_MSG_RESULT([not found]) 2518 AC_MSG_ERROR([OpenSSL version header not found.]) 2519 ], 2520 [ 2521 AC_MSG_WARN([cross compiling: not checking]) 2522 ] 2523 ) 2524 2525 # Determine OpenSSL library version 2526 AC_MSG_CHECKING([OpenSSL library version]) 2527 AC_RUN_IFELSE( 2528 [AC_LANG_PROGRAM([[ 2529 #include <stdio.h> 2530 #include <string.h> 2531 #include <openssl/opensslv.h> 2532 #include <openssl/crypto.h> 2533 #define DATA "conftest.ssllibver" 2534 ]], [[ 2535 FILE *fd; 2536 int rc; 2537 2538 fd = fopen(DATA,"w"); 2539 if(fd == NULL) 2540 exit(1); 2541 2542 if ((rc = fprintf(fd, "%08lx (%s)\n", (unsigned long)SSLeay(), 2543 SSLeay_version(SSLEAY_VERSION))) < 0) 2544 exit(1); 2545 2546 exit(0); 2547 ]])], 2548 [ 2549 ssl_library_ver=`cat conftest.ssllibver` 2550 # Check version is supported. 2551 case "$ssl_library_ver" in 2552 0090[[0-7]]*|009080[[0-5]]*) 2553 AC_MSG_ERROR([OpenSSL >= 0.9.8f required (have "$ssl_library_ver")]) 2554 ;; 2555 *) ;; 2556 esac 2557 AC_MSG_RESULT([$ssl_library_ver]) 2558 ], 2559 [ 2560 AC_MSG_RESULT([not found]) 2561 AC_MSG_ERROR([OpenSSL library not found.]) 2562 ], 2563 [ 2564 AC_MSG_WARN([cross compiling: not checking]) 2565 ] 2566 ) 2567 2568 # Sanity check OpenSSL headers 2569 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2570 AC_RUN_IFELSE( 2571 [AC_LANG_PROGRAM([[ 2572 #include <string.h> 2573 #include <openssl/opensslv.h> 2574 #include <openssl/crypto.h> 2575 ]], [[ 2576 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2577 ]])], 2578 [ 2579 AC_MSG_RESULT([yes]) 2580 ], 2581 [ 2582 AC_MSG_RESULT([no]) 2583 if test "x$openssl_check_nonfatal" = "x"; then 2584 AC_MSG_ERROR([Your OpenSSL headers do not match your 2585 library. Check config.log for details. 2586 If you are sure your installation is consistent, you can disable the check 2587 by running "./configure --without-openssl-header-check". 2588 Also see contrib/findssl.sh for help identifying header/library mismatches. 2589 ]) 2590 else 2591 AC_MSG_WARN([Your OpenSSL headers do not match your 2592 library. Check config.log for details. 2593 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2594 fi 2595 ], 2596 [ 2597 AC_MSG_WARN([cross compiling: not checking]) 2598 ] 2599 ) 2600 2601 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2602 AC_LINK_IFELSE( 2603 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2604 [[ SSLeay_add_all_algorithms(); ]])], 2605 [ 2606 AC_MSG_RESULT([yes]) 2607 ], 2608 [ 2609 AC_MSG_RESULT([no]) 2610 saved_LIBS="$LIBS" 2611 LIBS="$LIBS -ldl" 2612 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2613 AC_LINK_IFELSE( 2614 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2615 [[ SSLeay_add_all_algorithms(); ]])], 2616 [ 2617 AC_MSG_RESULT([yes]) 2618 ], 2619 [ 2620 AC_MSG_RESULT([no]) 2621 LIBS="$saved_LIBS" 2622 ] 2623 ) 2624 ] 2625 ) 2626 2627 AC_CHECK_FUNCS([ \ 2628 BN_is_prime_ex \ 2629 DSA_generate_parameters_ex \ 2630 EVP_DigestInit_ex \ 2631 EVP_DigestFinal_ex \ 2632 EVP_MD_CTX_init \ 2633 EVP_MD_CTX_cleanup \ 2634 EVP_MD_CTX_copy_ex \ 2635 HMAC_CTX_init \ 2636 RSA_generate_key_ex \ 2637 RSA_get_default_method \ 2638 ]) 2639 2640 if test "x$openssl_engine" = "xyes" ; then 2641 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2642 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2643 #include <openssl/engine.h> 2644 ]], [[ 2645 ENGINE_load_builtin_engines(); 2646 ENGINE_register_all_complete(); 2647 ]])], 2648 [ AC_MSG_RESULT([yes]) 2649 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2650 [Enable OpenSSL engine support]) 2651 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2652 ]) 2653 fi 2654 2655 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2656 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2657 AC_LINK_IFELSE( 2658 [AC_LANG_PROGRAM([[ 2659 #include <string.h> 2660 #include <openssl/evp.h> 2661 ]], [[ 2662 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2663 ]])], 2664 [ 2665 AC_MSG_RESULT([no]) 2666 ], 2667 [ 2668 AC_MSG_RESULT([yes]) 2669 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2670 [libcrypto is missing AES 192 and 256 bit functions]) 2671 ] 2672 ) 2673 2674 # Check for OpenSSL with EVP_aes_*ctr 2675 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2676 AC_LINK_IFELSE( 2677 [AC_LANG_PROGRAM([[ 2678 #include <string.h> 2679 #include <openssl/evp.h> 2680 ]], [[ 2681 exit(EVP_aes_128_ctr() == NULL || 2682 EVP_aes_192_cbc() == NULL || 2683 EVP_aes_256_cbc() == NULL); 2684 ]])], 2685 [ 2686 AC_MSG_RESULT([yes]) 2687 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2688 [libcrypto has EVP AES CTR]) 2689 ], 2690 [ 2691 AC_MSG_RESULT([no]) 2692 ] 2693 ) 2694 2695 # Check for OpenSSL with EVP_aes_*gcm 2696 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2697 AC_LINK_IFELSE( 2698 [AC_LANG_PROGRAM([[ 2699 #include <string.h> 2700 #include <openssl/evp.h> 2701 ]], [[ 2702 exit(EVP_aes_128_gcm() == NULL || 2703 EVP_aes_256_gcm() == NULL || 2704 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2705 EVP_CTRL_GCM_IV_GEN == 0 || 2706 EVP_CTRL_GCM_SET_TAG == 0 || 2707 EVP_CTRL_GCM_GET_TAG == 0 || 2708 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2709 ]])], 2710 [ 2711 AC_MSG_RESULT([yes]) 2712 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2713 [libcrypto has EVP AES GCM]) 2714 ], 2715 [ 2716 AC_MSG_RESULT([no]) 2717 unsupported_algorithms="$unsupported_cipers \ 2718 aes128-gcm@openssh.com \ 2719 aes256-gcm@openssh.com" 2720 ] 2721 ) 2722 2723 AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto], 2724 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1], 2725 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])]) 2726 2727 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2728 AC_LINK_IFELSE( 2729 [AC_LANG_PROGRAM([[ 2730 #include <string.h> 2731 #include <openssl/evp.h> 2732 ]], [[ 2733 if(EVP_DigestUpdate(NULL, NULL,0)) 2734 exit(0); 2735 ]])], 2736 [ 2737 AC_MSG_RESULT([yes]) 2738 ], 2739 [ 2740 AC_MSG_RESULT([no]) 2741 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2742 [Define if EVP_DigestUpdate returns void]) 2743 ] 2744 ) 2745 2746 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2747 # because the system crypt() is more featureful. 2748 if test "x$check_for_libcrypt_before" = "x1"; then 2749 AC_CHECK_LIB([crypt], [crypt]) 2750 fi 2751 2752 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2753 # version in OpenSSL. 2754 if test "x$check_for_libcrypt_later" = "x1"; then 2755 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2756 fi 2757 AC_CHECK_FUNCS([crypt DES_crypt]) 2758 2759 # Search for SHA256 support in libc and/or OpenSSL 2760 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], , 2761 [unsupported_algorithms="$unsupported_algorithms \ 2762 hmac-sha2-256 \ 2763 hmac-sha2-512 \ 2764 diffie-hellman-group-exchange-sha256 \ 2765 hmac-sha2-256-etm@openssh.com \ 2766 hmac-sha2-512-etm@openssh.com" 2767 ] 2768 ) 2769 # Search for RIPE-MD support in OpenSSL 2770 AC_CHECK_FUNCS([EVP_ripemd160], , 2771 [unsupported_algorithms="$unsupported_algorithms \ 2772 hmac-ripemd160 \ 2773 hmac-ripemd160@openssh.com \ 2774 hmac-ripemd160-etm@openssh.com" 2775 ] 2776 ) 2777 2778 # Check complete ECC support in OpenSSL 2779 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 2780 AC_LINK_IFELSE( 2781 [AC_LANG_PROGRAM([[ 2782 #include <openssl/ec.h> 2783 #include <openssl/ecdh.h> 2784 #include <openssl/ecdsa.h> 2785 #include <openssl/evp.h> 2786 #include <openssl/objects.h> 2787 #include <openssl/opensslv.h> 2788 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2789 # error "OpenSSL < 0.9.8g has unreliable ECC code" 2790 #endif 2791 ]], [[ 2792 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 2793 const EVP_MD *m = EVP_sha256(); /* We need this too */ 2794 ]])], 2795 [ AC_MSG_RESULT([yes]) 2796 enable_nistp256=1 ], 2797 [ AC_MSG_RESULT([no]) ] 2798 ) 2799 2800 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 2801 AC_LINK_IFELSE( 2802 [AC_LANG_PROGRAM([[ 2803 #include <openssl/ec.h> 2804 #include <openssl/ecdh.h> 2805 #include <openssl/ecdsa.h> 2806 #include <openssl/evp.h> 2807 #include <openssl/objects.h> 2808 #include <openssl/opensslv.h> 2809 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2810 # error "OpenSSL < 0.9.8g has unreliable ECC code" 2811 #endif 2812 ]], [[ 2813 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 2814 const EVP_MD *m = EVP_sha384(); /* We need this too */ 2815 ]])], 2816 [ AC_MSG_RESULT([yes]) 2817 enable_nistp384=1 ], 2818 [ AC_MSG_RESULT([no]) ] 2819 ) 2820 2821 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 2822 AC_LINK_IFELSE( 2823 [AC_LANG_PROGRAM([[ 2824 #include <openssl/ec.h> 2825 #include <openssl/ecdh.h> 2826 #include <openssl/ecdsa.h> 2827 #include <openssl/evp.h> 2828 #include <openssl/objects.h> 2829 #include <openssl/opensslv.h> 2830 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2831 # error "OpenSSL < 0.9.8g has unreliable ECC code" 2832 #endif 2833 ]], [[ 2834 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 2835 const EVP_MD *m = EVP_sha512(); /* We need this too */ 2836 ]])], 2837 [ AC_MSG_RESULT([yes]) 2838 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 2839 AC_RUN_IFELSE( 2840 [AC_LANG_PROGRAM([[ 2841 #include <openssl/ec.h> 2842 #include <openssl/ecdh.h> 2843 #include <openssl/ecdsa.h> 2844 #include <openssl/evp.h> 2845 #include <openssl/objects.h> 2846 #include <openssl/opensslv.h> 2847 ]],[[ 2848 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 2849 const EVP_MD *m = EVP_sha512(); /* We need this too */ 2850 exit(e == NULL || m == NULL); 2851 ]])], 2852 [ AC_MSG_RESULT([yes]) 2853 enable_nistp521=1 ], 2854 [ AC_MSG_RESULT([no]) ], 2855 [ AC_MSG_WARN([cross-compiling: assuming yes]) 2856 enable_nistp521=1 ] 2857 )], 2858 AC_MSG_RESULT([no]) 2859 ) 2860 2861 COMMENT_OUT_ECC="#no ecc#" 2862 TEST_SSH_ECC=no 2863 2864 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 2865 test x$enable_nistp521 = x1; then 2866 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 2867 fi 2868 if test x$enable_nistp256 = x1; then 2869 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 2870 [libcrypto has NID_X9_62_prime256v1]) 2871 TEST_SSH_ECC=yes 2872 COMMENT_OUT_ECC="" 2873 else 2874 unsupported_algorithms="$unsupported_algorithms \ 2875 ecdsa-sha2-nistp256 \ 2876 ecdh-sha2-nistp256 \ 2877 ecdsa-sha2-nistp256-cert-v01@openssh.com" 2878 fi 2879 if test x$enable_nistp384 = x1; then 2880 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 2881 TEST_SSH_ECC=yes 2882 COMMENT_OUT_ECC="" 2883 else 2884 unsupported_algorithms="$unsupported_algorithms \ 2885 ecdsa-sha2-nistp384 \ 2886 ecdh-sha2-nistp384 \ 2887 ecdsa-sha2-nistp384-cert-v01@openssh.com" 2888 fi 2889 if test x$enable_nistp521 = x1; then 2890 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 2891 TEST_SSH_ECC=yes 2892 COMMENT_OUT_ECC="" 2893 else 2894 unsupported_algorithms="$unsupported_algorithms \ 2895 ecdh-sha2-nistp521 \ 2896 ecdsa-sha2-nistp521 \ 2897 ecdsa-sha2-nistp521-cert-v01@openssh.com" 2898 fi 2899 2900 AC_SUBST([TEST_SSH_ECC]) 2901 AC_SUBST([COMMENT_OUT_ECC]) 2902else 2903 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2904 AC_CHECK_FUNCS([crypt]) 2905fi 2906 2907AC_CHECK_FUNCS([ \ 2908 arc4random \ 2909 arc4random_buf \ 2910 arc4random_stir \ 2911 arc4random_uniform \ 2912]) 2913 2914saved_LIBS="$LIBS" 2915AC_CHECK_LIB([iaf], [ia_openinfo], [ 2916 LIBS="$LIBS -liaf" 2917 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 2918 AC_DEFINE([HAVE_LIBIAF], [1], 2919 [Define if system has libiaf that supports set_id]) 2920 ]) 2921]) 2922LIBS="$saved_LIBS" 2923 2924### Configure cryptographic random number support 2925 2926# Check wheter OpenSSL seeds itself 2927if test "x$openssl" = "xyes" ; then 2928 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 2929 AC_RUN_IFELSE( 2930 [AC_LANG_PROGRAM([[ 2931 #include <string.h> 2932 #include <openssl/rand.h> 2933 ]], [[ 2934 exit(RAND_status() == 1 ? 0 : 1); 2935 ]])], 2936 [ 2937 OPENSSL_SEEDS_ITSELF=yes 2938 AC_MSG_RESULT([yes]) 2939 ], 2940 [ 2941 AC_MSG_RESULT([no]) 2942 ], 2943 [ 2944 AC_MSG_WARN([cross compiling: assuming yes]) 2945 # This is safe, since we will fatal() at runtime if 2946 # OpenSSL is not seeded correctly. 2947 OPENSSL_SEEDS_ITSELF=yes 2948 ] 2949 ) 2950fi 2951 2952# PRNGD TCP socket 2953AC_ARG_WITH([prngd-port], 2954 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 2955 [ 2956 case "$withval" in 2957 no) 2958 withval="" 2959 ;; 2960 [[0-9]]*) 2961 ;; 2962 *) 2963 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 2964 ;; 2965 esac 2966 if test ! -z "$withval" ; then 2967 PRNGD_PORT="$withval" 2968 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 2969 [Port number of PRNGD/EGD random number socket]) 2970 fi 2971 ] 2972) 2973 2974# PRNGD Unix domain socket 2975AC_ARG_WITH([prngd-socket], 2976 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 2977 [ 2978 case "$withval" in 2979 yes) 2980 withval="/var/run/egd-pool" 2981 ;; 2982 no) 2983 withval="" 2984 ;; 2985 /*) 2986 ;; 2987 *) 2988 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 2989 ;; 2990 esac 2991 2992 if test ! -z "$withval" ; then 2993 if test ! -z "$PRNGD_PORT" ; then 2994 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 2995 fi 2996 if test ! -r "$withval" ; then 2997 AC_MSG_WARN([Entropy socket is not readable]) 2998 fi 2999 PRNGD_SOCKET="$withval" 3000 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3001 [Location of PRNGD/EGD random number socket]) 3002 fi 3003 ], 3004 [ 3005 # Check for existing socket only if we don't have a random device already 3006 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3007 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3008 # Insert other locations here 3009 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3010 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3011 PRNGD_SOCKET="$sock" 3012 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3013 break; 3014 fi 3015 done 3016 if test ! -z "$PRNGD_SOCKET" ; then 3017 AC_MSG_RESULT([$PRNGD_SOCKET]) 3018 else 3019 AC_MSG_RESULT([not found]) 3020 fi 3021 fi 3022 ] 3023) 3024 3025# Which randomness source do we use? 3026if test ! -z "$PRNGD_PORT" ; then 3027 RAND_MSG="PRNGd port $PRNGD_PORT" 3028elif test ! -z "$PRNGD_SOCKET" ; then 3029 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3030elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3031 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3032 [Define if you want the OpenSSL internally seeded PRNG only]) 3033 RAND_MSG="OpenSSL internal ONLY" 3034elif test "x$openssl" = "xno" ; then 3035 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3036else 3037 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3038fi 3039 3040# Check for PAM libs 3041PAM_MSG="no" 3042AC_ARG_WITH([pam], 3043 [ --with-pam Enable PAM support ], 3044 [ 3045 if test "x$withval" != "xno" ; then 3046 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3047 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3048 AC_MSG_ERROR([PAM headers not found]) 3049 fi 3050 3051 saved_LIBS="$LIBS" 3052 AC_CHECK_LIB([dl], [dlopen], , ) 3053 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3054 AC_CHECK_FUNCS([pam_getenvlist]) 3055 AC_CHECK_FUNCS([pam_putenv]) 3056 LIBS="$saved_LIBS" 3057 3058 PAM_MSG="yes" 3059 3060 SSHDLIBS="$SSHDLIBS -lpam" 3061 AC_DEFINE([USE_PAM], [1], 3062 [Define if you want to enable PAM support]) 3063 3064 if test $ac_cv_lib_dl_dlopen = yes; then 3065 case "$LIBS" in 3066 *-ldl*) 3067 # libdl already in LIBS 3068 ;; 3069 *) 3070 SSHDLIBS="$SSHDLIBS -ldl" 3071 ;; 3072 esac 3073 fi 3074 fi 3075 ] 3076) 3077 3078# Check for older PAM 3079if test "x$PAM_MSG" = "xyes" ; then 3080 # Check PAM strerror arguments (old PAM) 3081 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3082 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3083#include <stdlib.h> 3084#if defined(HAVE_SECURITY_PAM_APPL_H) 3085#include <security/pam_appl.h> 3086#elif defined (HAVE_PAM_PAM_APPL_H) 3087#include <pam/pam_appl.h> 3088#endif 3089 ]], [[ 3090(void)pam_strerror((pam_handle_t *)NULL, -1); 3091 ]])], [AC_MSG_RESULT([no])], [ 3092 AC_DEFINE([HAVE_OLD_PAM], [1], 3093 [Define if you have an old version of PAM 3094 which takes only one argument to pam_strerror]) 3095 AC_MSG_RESULT([yes]) 3096 PAM_MSG="yes (old library)" 3097 3098 ]) 3099fi 3100 3101case "$host" in 3102*-*-cygwin*) 3103 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3104 ;; 3105*) 3106 SSH_PRIVSEP_USER=sshd 3107 ;; 3108esac 3109AC_ARG_WITH([privsep-user], 3110 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3111 [ 3112 if test -n "$withval" && test "x$withval" != "xno" && \ 3113 test "x${withval}" != "xyes"; then 3114 SSH_PRIVSEP_USER=$withval 3115 fi 3116 ] 3117) 3118if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3119 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3120 [Cygwin function to fetch non-privileged user for privilege separation]) 3121else 3122 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3123 [non-privileged user for privilege separation]) 3124fi 3125AC_SUBST([SSH_PRIVSEP_USER]) 3126 3127if test "x$have_linux_no_new_privs" = "x1" ; then 3128AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3129 #include <sys/types.h> 3130 #include <linux/seccomp.h> 3131]) 3132fi 3133if test "x$have_seccomp_filter" = "x1" ; then 3134AC_MSG_CHECKING([kernel for seccomp_filter support]) 3135AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3136 #include <errno.h> 3137 #include <elf.h> 3138 #include <linux/audit.h> 3139 #include <linux/seccomp.h> 3140 #include <stdlib.h> 3141 #include <sys/prctl.h> 3142 ]], 3143 [[ int i = $seccomp_audit_arch; 3144 errno = 0; 3145 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3146 exit(errno == EFAULT ? 0 : 1); ]])], 3147 [ AC_MSG_RESULT([yes]) ], [ 3148 AC_MSG_RESULT([no]) 3149 # Disable seccomp filter as a target 3150 have_seccomp_filter=0 3151 ] 3152) 3153fi 3154 3155# Decide which sandbox style to use 3156sandbox_arg="" 3157AC_ARG_WITH([sandbox], 3158 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3159 [ 3160 if test "x$withval" = "xyes" ; then 3161 sandbox_arg="" 3162 else 3163 sandbox_arg="$withval" 3164 fi 3165 ] 3166) 3167 3168# Some platforms (seems to be the ones that have a kernel poll(2)-type 3169# function with which they implement select(2)) use an extra file descriptor 3170# when calling select(2), which means we can't use the rlimit sandbox. 3171AC_MSG_CHECKING([if select works with descriptor rlimit]) 3172AC_RUN_IFELSE( 3173 [AC_LANG_PROGRAM([[ 3174#include <sys/types.h> 3175#ifdef HAVE_SYS_TIME_H 3176# include <sys/time.h> 3177#endif 3178#include <sys/resource.h> 3179#ifdef HAVE_SYS_SELECT_H 3180# include <sys/select.h> 3181#endif 3182#include <errno.h> 3183#include <fcntl.h> 3184#include <stdlib.h> 3185 ]],[[ 3186 struct rlimit rl_zero; 3187 int fd, r; 3188 fd_set fds; 3189 struct timeval tv; 3190 3191 fd = open("/dev/null", O_RDONLY); 3192 FD_ZERO(&fds); 3193 FD_SET(fd, &fds); 3194 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3195 setrlimit(RLIMIT_FSIZE, &rl_zero); 3196 setrlimit(RLIMIT_NOFILE, &rl_zero); 3197 tv.tv_sec = 1; 3198 tv.tv_usec = 0; 3199 r = select(fd+1, &fds, NULL, NULL, &tv); 3200 exit (r == -1 ? 1 : 0); 3201 ]])], 3202 [AC_MSG_RESULT([yes]) 3203 select_works_with_rlimit=yes], 3204 [AC_MSG_RESULT([no]) 3205 select_works_with_rlimit=no], 3206 [AC_MSG_WARN([cross compiling: assuming yes])] 3207) 3208 3209AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3210AC_RUN_IFELSE( 3211 [AC_LANG_PROGRAM([[ 3212#include <sys/types.h> 3213#ifdef HAVE_SYS_TIME_H 3214# include <sys/time.h> 3215#endif 3216#include <sys/resource.h> 3217#include <errno.h> 3218#include <stdlib.h> 3219 ]],[[ 3220 struct rlimit rl_zero; 3221 int fd, r; 3222 fd_set fds; 3223 3224 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3225 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3226 exit (r == -1 ? 1 : 0); 3227 ]])], 3228 [AC_MSG_RESULT([yes]) 3229 rlimit_nofile_zero_works=yes], 3230 [AC_MSG_RESULT([no]) 3231 rlimit_nofile_zero_works=no], 3232 [AC_MSG_WARN([cross compiling: assuming yes])] 3233) 3234 3235AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3236AC_RUN_IFELSE( 3237 [AC_LANG_PROGRAM([[ 3238#include <sys/types.h> 3239#include <sys/resource.h> 3240#include <stdlib.h> 3241 ]],[[ 3242 struct rlimit rl_zero; 3243 3244 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3245 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3246 ]])], 3247 [AC_MSG_RESULT([yes])], 3248 [AC_MSG_RESULT([no]) 3249 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3250 [setrlimit RLIMIT_FSIZE works])], 3251 [AC_MSG_WARN([cross compiling: assuming yes])] 3252) 3253 3254if test "x$sandbox_arg" = "xpledge" || \ 3255 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3256 test "x$ac_cv_func_pledge" != "xyes" && \ 3257 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3258 SANDBOX_STYLE="pledge" 3259 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3260elif test "x$sandbox_arg" = "xsystrace" || \ 3261 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3262 test "x$have_systr_policy_kill" != "x1" && \ 3263 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3264 SANDBOX_STYLE="systrace" 3265 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3266elif test "x$sandbox_arg" = "xdarwin" || \ 3267 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3268 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3269 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3270 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3271 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3272 SANDBOX_STYLE="darwin" 3273 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3274elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3275 ( test -z "$sandbox_arg" && \ 3276 test "x$have_seccomp_filter" = "x1" && \ 3277 test "x$ac_cv_header_elf_h" = "xyes" && \ 3278 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3279 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3280 test "x$seccomp_audit_arch" != "x" && \ 3281 test "x$have_linux_no_new_privs" = "x1" && \ 3282 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3283 test "x$seccomp_audit_arch" = "x" && \ 3284 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3285 test "x$have_linux_no_new_privs" != "x1" && \ 3286 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3287 test "x$have_seccomp_filter" != "x1" && \ 3288 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3289 test "x$ac_cv_func_prctl" != "xyes" && \ 3290 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3291 SANDBOX_STYLE="seccomp_filter" 3292 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3293elif test "x$sandbox_arg" = "xcapsicum" || \ 3294 ( test -z "$sandbox_arg" && \ 3295 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3296 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3297 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3298 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3299 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3300 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3301 SANDBOX_STYLE="capsicum" 3302 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3303elif test "x$sandbox_arg" = "xrlimit" || \ 3304 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3305 test "x$select_works_with_rlimit" = "xyes" && \ 3306 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3307 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3308 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3309 test "x$select_works_with_rlimit" != "xyes" && \ 3310 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3311 SANDBOX_STYLE="rlimit" 3312 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3313elif test "x$sandbox_arg" = "xsolaris" || \ 3314 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3315 SANDBOX_STYLE="solaris" 3316 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3317elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3318 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3319 SANDBOX_STYLE="none" 3320 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3321else 3322 AC_MSG_ERROR([unsupported --with-sandbox]) 3323fi 3324 3325# Cheap hack to ensure NEWS-OS libraries are arranged right. 3326if test ! -z "$SONY" ; then 3327 LIBS="$LIBS -liberty"; 3328fi 3329 3330# Check for long long datatypes 3331AC_CHECK_TYPES([long long, unsigned long long, long double]) 3332 3333# Check datatype sizes 3334AC_CHECK_SIZEOF([short int], [2]) 3335AC_CHECK_SIZEOF([int], [4]) 3336AC_CHECK_SIZEOF([long int], [4]) 3337AC_CHECK_SIZEOF([long long int], [8]) 3338 3339# Sanity check long long for some platforms (AIX) 3340if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3341 ac_cv_sizeof_long_long_int=0 3342fi 3343 3344# compute LLONG_MIN and LLONG_MAX if we don't know them. 3345if test -z "$have_llong_max"; then 3346 AC_MSG_CHECKING([for max value of long long]) 3347 AC_RUN_IFELSE( 3348 [AC_LANG_PROGRAM([[ 3349#include <stdio.h> 3350/* Why is this so damn hard? */ 3351#ifdef __GNUC__ 3352# undef __GNUC__ 3353#endif 3354#define __USE_ISOC99 3355#include <limits.h> 3356#define DATA "conftest.llminmax" 3357#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3358 3359/* 3360 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3361 * we do this the hard way. 3362 */ 3363static int 3364fprint_ll(FILE *f, long long n) 3365{ 3366 unsigned int i; 3367 int l[sizeof(long long) * 8]; 3368 3369 if (n < 0) 3370 if (fprintf(f, "-") < 0) 3371 return -1; 3372 for (i = 0; n != 0; i++) { 3373 l[i] = my_abs(n % 10); 3374 n /= 10; 3375 } 3376 do { 3377 if (fprintf(f, "%d", l[--i]) < 0) 3378 return -1; 3379 } while (i != 0); 3380 if (fprintf(f, " ") < 0) 3381 return -1; 3382 return 0; 3383} 3384 ]], [[ 3385 FILE *f; 3386 long long i, llmin, llmax = 0; 3387 3388 if((f = fopen(DATA,"w")) == NULL) 3389 exit(1); 3390 3391#if defined(LLONG_MIN) && defined(LLONG_MAX) 3392 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3393 llmin = LLONG_MIN; 3394 llmax = LLONG_MAX; 3395#else 3396 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3397 /* This will work on one's complement and two's complement */ 3398 for (i = 1; i > llmax; i <<= 1, i++) 3399 llmax = i; 3400 llmin = llmax + 1LL; /* wrap */ 3401#endif 3402 3403 /* Sanity check */ 3404 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3405 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3406 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3407 fprintf(f, "unknown unknown\n"); 3408 exit(2); 3409 } 3410 3411 if (fprint_ll(f, llmin) < 0) 3412 exit(3); 3413 if (fprint_ll(f, llmax) < 0) 3414 exit(4); 3415 if (fclose(f) < 0) 3416 exit(5); 3417 exit(0); 3418 ]])], 3419 [ 3420 llong_min=`$AWK '{print $1}' conftest.llminmax` 3421 llong_max=`$AWK '{print $2}' conftest.llminmax` 3422 3423 AC_MSG_RESULT([$llong_max]) 3424 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3425 [max value of long long calculated by configure]) 3426 AC_MSG_CHECKING([for min value of long long]) 3427 AC_MSG_RESULT([$llong_min]) 3428 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3429 [min value of long long calculated by configure]) 3430 ], 3431 [ 3432 AC_MSG_RESULT([not found]) 3433 ], 3434 [ 3435 AC_MSG_WARN([cross compiling: not checking]) 3436 ] 3437 ) 3438fi 3439 3440 3441# More checks for data types 3442AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3443 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3444 [[ u_int a; a = 1;]])], 3445 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3446 ]) 3447]) 3448if test "x$ac_cv_have_u_int" = "xyes" ; then 3449 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3450 have_u_int=1 3451fi 3452 3453AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3454 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3455 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3456 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3457 ]) 3458]) 3459if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3460 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3461 have_intxx_t=1 3462fi 3463 3464if (test -z "$have_intxx_t" && \ 3465 test "x$ac_cv_header_stdint_h" = "xyes") 3466then 3467 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3468 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3469 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3470 [ 3471 AC_DEFINE([HAVE_INTXX_T]) 3472 AC_MSG_RESULT([yes]) 3473 ], [ AC_MSG_RESULT([no]) 3474 ]) 3475fi 3476 3477AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3478 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3479#include <sys/types.h> 3480#ifdef HAVE_STDINT_H 3481# include <stdint.h> 3482#endif 3483#include <sys/socket.h> 3484#ifdef HAVE_SYS_BITYPES_H 3485# include <sys/bitypes.h> 3486#endif 3487 ]], [[ 3488int64_t a; a = 1; 3489 ]])], 3490 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3491 ]) 3492]) 3493if test "x$ac_cv_have_int64_t" = "xyes" ; then 3494 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3495fi 3496 3497AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3498 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3499 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3500 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3501 ]) 3502]) 3503if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3504 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3505 have_u_intxx_t=1 3506fi 3507 3508if test -z "$have_u_intxx_t" ; then 3509 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3510 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3511 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3512 [ 3513 AC_DEFINE([HAVE_U_INTXX_T]) 3514 AC_MSG_RESULT([yes]) 3515 ], [ AC_MSG_RESULT([no]) 3516 ]) 3517fi 3518 3519AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3520 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3521 [[ u_int64_t a; a = 1;]])], 3522 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3523 ]) 3524]) 3525if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3526 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3527 have_u_int64_t=1 3528fi 3529 3530if (test -z "$have_u_int64_t" && \ 3531 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3532then 3533 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3534 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3535 [[ u_int64_t a; a = 1]])], 3536 [ 3537 AC_DEFINE([HAVE_U_INT64_T]) 3538 AC_MSG_RESULT([yes]) 3539 ], [ AC_MSG_RESULT([no]) 3540 ]) 3541fi 3542 3543if test -z "$have_u_intxx_t" ; then 3544 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3545 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3546#include <sys/types.h> 3547 ]], [[ 3548 uint8_t a; 3549 uint16_t b; 3550 uint32_t c; 3551 a = b = c = 1; 3552 ]])], 3553 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3554 ]) 3555 ]) 3556 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3557 AC_DEFINE([HAVE_UINTXX_T], [1], 3558 [define if you have uintxx_t data type]) 3559 fi 3560fi 3561 3562if (test -z "$have_uintxx_t" && \ 3563 test "x$ac_cv_header_stdint_h" = "xyes") 3564then 3565 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3566 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3567 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3568 [ 3569 AC_DEFINE([HAVE_UINTXX_T]) 3570 AC_MSG_RESULT([yes]) 3571 ], [ AC_MSG_RESULT([no]) 3572 ]) 3573fi 3574 3575if (test -z "$have_uintxx_t" && \ 3576 test "x$ac_cv_header_inttypes_h" = "xyes") 3577then 3578 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3579 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3580 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3581 [ 3582 AC_DEFINE([HAVE_UINTXX_T]) 3583 AC_MSG_RESULT([yes]) 3584 ], [ AC_MSG_RESULT([no]) 3585 ]) 3586fi 3587 3588if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3589 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3590then 3591 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3592 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3593#include <sys/bitypes.h> 3594 ]], [[ 3595 int8_t a; int16_t b; int32_t c; 3596 u_int8_t e; u_int16_t f; u_int32_t g; 3597 a = b = c = e = f = g = 1; 3598 ]])], 3599 [ 3600 AC_DEFINE([HAVE_U_INTXX_T]) 3601 AC_DEFINE([HAVE_INTXX_T]) 3602 AC_MSG_RESULT([yes]) 3603 ], [AC_MSG_RESULT([no]) 3604 ]) 3605fi 3606 3607 3608AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3609 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3610 [[ u_char foo; foo = 125; ]])], 3611 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3612 ]) 3613]) 3614if test "x$ac_cv_have_u_char" = "xyes" ; then 3615 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3616fi 3617 3618AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3619#include <sys/types.h> 3620#include <stdint.h> 3621]) 3622 3623TYPE_SOCKLEN_T 3624 3625AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3626AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3627#include <sys/types.h> 3628#ifdef HAVE_SYS_BITYPES_H 3629#include <sys/bitypes.h> 3630#endif 3631#ifdef HAVE_SYS_STATFS_H 3632#include <sys/statfs.h> 3633#endif 3634#ifdef HAVE_SYS_STATVFS_H 3635#include <sys/statvfs.h> 3636#endif 3637]) 3638 3639AC_CHECK_TYPES([in_addr_t, in_port_t], , , 3640[#include <sys/types.h> 3641#include <netinet/in.h>]) 3642 3643AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3644 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3645 [[ size_t foo; foo = 1235; ]])], 3646 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 3647 ]) 3648]) 3649if test "x$ac_cv_have_size_t" = "xyes" ; then 3650 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 3651fi 3652 3653AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 3654 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3655 [[ ssize_t foo; foo = 1235; ]])], 3656 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 3657 ]) 3658]) 3659if test "x$ac_cv_have_ssize_t" = "xyes" ; then 3660 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 3661fi 3662 3663AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 3664 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 3665 [[ clock_t foo; foo = 1235; ]])], 3666 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 3667 ]) 3668]) 3669if test "x$ac_cv_have_clock_t" = "xyes" ; then 3670 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 3671fi 3672 3673AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 3674 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3675#include <sys/types.h> 3676#include <sys/socket.h> 3677 ]], [[ sa_family_t foo; foo = 1235; ]])], 3678 [ ac_cv_have_sa_family_t="yes" ], 3679 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3680#include <sys/types.h> 3681#include <sys/socket.h> 3682#include <netinet/in.h> 3683 ]], [[ sa_family_t foo; foo = 1235; ]])], 3684 [ ac_cv_have_sa_family_t="yes" ], 3685 [ ac_cv_have_sa_family_t="no" ] 3686 ) 3687 ]) 3688]) 3689if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 3690 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 3691 [define if you have sa_family_t data type]) 3692fi 3693 3694AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 3695 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3696 [[ pid_t foo; foo = 1235; ]])], 3697 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 3698 ]) 3699]) 3700if test "x$ac_cv_have_pid_t" = "xyes" ; then 3701 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 3702fi 3703 3704AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 3705 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3706 [[ mode_t foo; foo = 1235; ]])], 3707 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 3708 ]) 3709]) 3710if test "x$ac_cv_have_mode_t" = "xyes" ; then 3711 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 3712fi 3713 3714 3715AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 3716 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3717#include <sys/types.h> 3718#include <sys/socket.h> 3719 ]], [[ struct sockaddr_storage s; ]])], 3720 [ ac_cv_have_struct_sockaddr_storage="yes" ], 3721 [ ac_cv_have_struct_sockaddr_storage="no" 3722 ]) 3723]) 3724if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 3725 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 3726 [define if you have struct sockaddr_storage data type]) 3727fi 3728 3729AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 3730 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3731#include <sys/types.h> 3732#include <netinet/in.h> 3733 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 3734 [ ac_cv_have_struct_sockaddr_in6="yes" ], 3735 [ ac_cv_have_struct_sockaddr_in6="no" 3736 ]) 3737]) 3738if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 3739 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 3740 [define if you have struct sockaddr_in6 data type]) 3741fi 3742 3743AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 3744 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3745#include <sys/types.h> 3746#include <netinet/in.h> 3747 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 3748 [ ac_cv_have_struct_in6_addr="yes" ], 3749 [ ac_cv_have_struct_in6_addr="no" 3750 ]) 3751]) 3752if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 3753 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 3754 [define if you have struct in6_addr data type]) 3755 3756dnl Now check for sin6_scope_id 3757 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 3758 [ 3759#ifdef HAVE_SYS_TYPES_H 3760#include <sys/types.h> 3761#endif 3762#include <netinet/in.h> 3763 ]) 3764fi 3765 3766AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 3767 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3768#include <sys/types.h> 3769#include <sys/socket.h> 3770#include <netdb.h> 3771 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 3772 [ ac_cv_have_struct_addrinfo="yes" ], 3773 [ ac_cv_have_struct_addrinfo="no" 3774 ]) 3775]) 3776if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 3777 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 3778 [define if you have struct addrinfo data type]) 3779fi 3780 3781AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 3782 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 3783 [[ struct timeval tv; tv.tv_sec = 1;]])], 3784 [ ac_cv_have_struct_timeval="yes" ], 3785 [ ac_cv_have_struct_timeval="no" 3786 ]) 3787]) 3788if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 3789 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 3790 have_struct_timeval=1 3791fi 3792 3793AC_CHECK_TYPES([struct timespec]) 3794 3795# We need int64_t or else certian parts of the compile will fail. 3796if test "x$ac_cv_have_int64_t" = "xno" && \ 3797 test "x$ac_cv_sizeof_long_int" != "x8" && \ 3798 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 3799 echo "OpenSSH requires int64_t support. Contact your vendor or install" 3800 echo "an alternative compiler (I.E., GCC) before continuing." 3801 echo "" 3802 exit 1; 3803else 3804dnl test snprintf (broken on SCO w/gcc) 3805 AC_RUN_IFELSE( 3806 [AC_LANG_SOURCE([[ 3807#include <stdio.h> 3808#include <string.h> 3809#ifdef HAVE_SNPRINTF 3810main() 3811{ 3812 char buf[50]; 3813 char expected_out[50]; 3814 int mazsize = 50 ; 3815#if (SIZEOF_LONG_INT == 8) 3816 long int num = 0x7fffffffffffffff; 3817#else 3818 long long num = 0x7fffffffffffffffll; 3819#endif 3820 strcpy(expected_out, "9223372036854775807"); 3821 snprintf(buf, mazsize, "%lld", num); 3822 if(strcmp(buf, expected_out) != 0) 3823 exit(1); 3824 exit(0); 3825} 3826#else 3827main() { exit(0); } 3828#endif 3829 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 3830 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 3831 ) 3832fi 3833 3834dnl Checks for structure members 3835OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 3836OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 3837OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 3838OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 3839OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 3840OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 3841OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 3842OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 3843OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 3844OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 3845OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 3846OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 3847OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 3848OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 3849OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 3850OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 3851OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 3852 3853AC_CHECK_MEMBERS([struct stat.st_blksize]) 3854AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 3855struct passwd.pw_change, struct passwd.pw_expire], 3856[], [], [[ 3857#include <sys/types.h> 3858#include <pwd.h> 3859]]) 3860 3861AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 3862 [Define if we don't have struct __res_state in resolv.h])], 3863[[ 3864#include <stdio.h> 3865#if HAVE_SYS_TYPES_H 3866# include <sys/types.h> 3867#endif 3868#include <netinet/in.h> 3869#include <arpa/nameser.h> 3870#include <resolv.h> 3871]]) 3872 3873AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 3874 ac_cv_have_ss_family_in_struct_ss, [ 3875 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3876#include <sys/types.h> 3877#include <sys/socket.h> 3878 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 3879 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 3880 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 3881]) 3882if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 3883 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 3884fi 3885 3886AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 3887 ac_cv_have___ss_family_in_struct_ss, [ 3888 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3889#include <sys/types.h> 3890#include <sys/socket.h> 3891 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 3892 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 3893 [ ac_cv_have___ss_family_in_struct_ss="no" 3894 ]) 3895]) 3896if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 3897 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 3898 [Fields in struct sockaddr_storage]) 3899fi 3900 3901dnl make sure we're using the real structure members and not defines 3902AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 3903 ac_cv_have_accrights_in_msghdr, [ 3904 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3905#include <sys/types.h> 3906#include <sys/socket.h> 3907#include <sys/uio.h> 3908 ]], [[ 3909#ifdef msg_accrights 3910#error "msg_accrights is a macro" 3911exit(1); 3912#endif 3913struct msghdr m; 3914m.msg_accrights = 0; 3915exit(0); 3916 ]])], 3917 [ ac_cv_have_accrights_in_msghdr="yes" ], 3918 [ ac_cv_have_accrights_in_msghdr="no" ] 3919 ) 3920]) 3921if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 3922 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 3923 [Define if your system uses access rights style 3924 file descriptor passing]) 3925fi 3926 3927AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 3928AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3929#include <sys/param.h> 3930#include <sys/stat.h> 3931#ifdef HAVE_SYS_TIME_H 3932# include <sys/time.h> 3933#endif 3934#ifdef HAVE_SYS_MOUNT_H 3935#include <sys/mount.h> 3936#endif 3937#ifdef HAVE_SYS_STATVFS_H 3938#include <sys/statvfs.h> 3939#endif 3940 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 3941 [ AC_MSG_RESULT([yes]) ], 3942 [ AC_MSG_RESULT([no]) 3943 3944 AC_MSG_CHECKING([if fsid_t has member val]) 3945 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3946#include <sys/types.h> 3947#include <sys/statvfs.h> 3948 ]], [[ fsid_t t; t.val[0] = 0; ]])], 3949 [ AC_MSG_RESULT([yes]) 3950 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 3951 [ AC_MSG_RESULT([no]) ]) 3952 3953 AC_MSG_CHECKING([if f_fsid has member __val]) 3954 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3955#include <sys/types.h> 3956#include <sys/statvfs.h> 3957 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 3958 [ AC_MSG_RESULT([yes]) 3959 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 3960 [ AC_MSG_RESULT([no]) ]) 3961]) 3962 3963AC_CACHE_CHECK([for msg_control field in struct msghdr], 3964 ac_cv_have_control_in_msghdr, [ 3965 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3966#include <sys/types.h> 3967#include <sys/socket.h> 3968#include <sys/uio.h> 3969 ]], [[ 3970#ifdef msg_control 3971#error "msg_control is a macro" 3972exit(1); 3973#endif 3974struct msghdr m; 3975m.msg_control = 0; 3976exit(0); 3977 ]])], 3978 [ ac_cv_have_control_in_msghdr="yes" ], 3979 [ ac_cv_have_control_in_msghdr="no" ] 3980 ) 3981]) 3982if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 3983 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 3984 [Define if your system uses ancillary data style 3985 file descriptor passing]) 3986fi 3987 3988AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 3989 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 3990 [[ extern char *__progname; printf("%s", __progname); ]])], 3991 [ ac_cv_libc_defines___progname="yes" ], 3992 [ ac_cv_libc_defines___progname="no" 3993 ]) 3994]) 3995if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 3996 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 3997fi 3998 3999AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4000 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4001 [[ printf("%s", __FUNCTION__); ]])], 4002 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4003 [ ac_cv_cc_implements___FUNCTION__="no" 4004 ]) 4005]) 4006if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4007 AC_DEFINE([HAVE___FUNCTION__], [1], 4008 [Define if compiler implements __FUNCTION__]) 4009fi 4010 4011AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4012 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4013 [[ printf("%s", __func__); ]])], 4014 [ ac_cv_cc_implements___func__="yes" ], 4015 [ ac_cv_cc_implements___func__="no" 4016 ]) 4017]) 4018if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4019 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4020fi 4021 4022AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4023 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4024#include <stdarg.h> 4025va_list x,y; 4026 ]], [[ va_copy(x,y); ]])], 4027 [ ac_cv_have_va_copy="yes" ], 4028 [ ac_cv_have_va_copy="no" 4029 ]) 4030]) 4031if test "x$ac_cv_have_va_copy" = "xyes" ; then 4032 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4033fi 4034 4035AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4036 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4037#include <stdarg.h> 4038va_list x,y; 4039 ]], [[ __va_copy(x,y); ]])], 4040 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4041 ]) 4042]) 4043if test "x$ac_cv_have___va_copy" = "xyes" ; then 4044 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4045fi 4046 4047AC_CACHE_CHECK([whether getopt has optreset support], 4048 ac_cv_have_getopt_optreset, [ 4049 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4050 [[ extern int optreset; optreset = 0; ]])], 4051 [ ac_cv_have_getopt_optreset="yes" ], 4052 [ ac_cv_have_getopt_optreset="no" 4053 ]) 4054]) 4055if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4056 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4057 [Define if your getopt(3) defines and uses optreset]) 4058fi 4059 4060AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4061 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4062[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4063 [ ac_cv_libc_defines_sys_errlist="yes" ], 4064 [ ac_cv_libc_defines_sys_errlist="no" 4065 ]) 4066]) 4067if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4068 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4069 [Define if your system defines sys_errlist[]]) 4070fi 4071 4072 4073AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4074 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4075[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4076 [ ac_cv_libc_defines_sys_nerr="yes" ], 4077 [ ac_cv_libc_defines_sys_nerr="no" 4078 ]) 4079]) 4080if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4081 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4082fi 4083 4084# Check libraries needed by DNS fingerprint support 4085AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4086 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4087 [Define if getrrsetbyname() exists])], 4088 [ 4089 # Needed by our getrrsetbyname() 4090 AC_SEARCH_LIBS([res_query], [resolv]) 4091 AC_SEARCH_LIBS([dn_expand], [resolv]) 4092 AC_MSG_CHECKING([if res_query will link]) 4093 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4094#include <sys/types.h> 4095#include <netinet/in.h> 4096#include <arpa/nameser.h> 4097#include <netdb.h> 4098#include <resolv.h> 4099 ]], [[ 4100 res_query (0, 0, 0, 0, 0); 4101 ]])], 4102 AC_MSG_RESULT([yes]), 4103 [AC_MSG_RESULT([no]) 4104 saved_LIBS="$LIBS" 4105 LIBS="$LIBS -lresolv" 4106 AC_MSG_CHECKING([for res_query in -lresolv]) 4107 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4108#include <sys/types.h> 4109#include <netinet/in.h> 4110#include <arpa/nameser.h> 4111#include <netdb.h> 4112#include <resolv.h> 4113 ]], [[ 4114 res_query (0, 0, 0, 0, 0); 4115 ]])], 4116 [AC_MSG_RESULT([yes])], 4117 [LIBS="$saved_LIBS" 4118 AC_MSG_RESULT([no])]) 4119 ]) 4120 AC_CHECK_FUNCS([_getshort _getlong]) 4121 AC_CHECK_DECLS([_getshort, _getlong], , , 4122 [#include <sys/types.h> 4123 #include <arpa/nameser.h>]) 4124 AC_CHECK_MEMBER([HEADER.ad], 4125 [AC_DEFINE([HAVE_HEADER_AD], [1], 4126 [Define if HEADER.ad exists in arpa/nameser.h])], , 4127 [#include <arpa/nameser.h>]) 4128 ]) 4129 4130AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4131AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4132#include <stdio.h> 4133#if HAVE_SYS_TYPES_H 4134# include <sys/types.h> 4135#endif 4136#include <netinet/in.h> 4137#include <arpa/nameser.h> 4138#include <resolv.h> 4139extern struct __res_state _res; 4140 ]], [[ 4141struct __res_state *volatile p = &_res; /* force resolution of _res */ 4142return 0; 4143 ]],)], 4144 [AC_MSG_RESULT([yes]) 4145 AC_DEFINE([HAVE__RES_EXTERN], [1], 4146 [Define if you have struct __res_state _res as an extern]) 4147 ], 4148 [ AC_MSG_RESULT([no]) ] 4149) 4150 4151# Check whether user wants SELinux support 4152SELINUX_MSG="no" 4153LIBSELINUX="" 4154AC_ARG_WITH([selinux], 4155 [ --with-selinux Enable SELinux support], 4156 [ if test "x$withval" != "xno" ; then 4157 save_LIBS="$LIBS" 4158 AC_DEFINE([WITH_SELINUX], [1], 4159 [Define if you want SELinux support.]) 4160 SELINUX_MSG="yes" 4161 AC_CHECK_HEADER([selinux/selinux.h], , 4162 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4163 AC_CHECK_LIB([selinux], [setexeccon], 4164 [ LIBSELINUX="-lselinux" 4165 LIBS="$LIBS -lselinux" 4166 ], 4167 AC_MSG_ERROR([SELinux support requires libselinux library])) 4168 SSHLIBS="$SSHLIBS $LIBSELINUX" 4169 SSHDLIBS="$SSHDLIBS $LIBSELINUX" 4170 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4171 LIBS="$save_LIBS" 4172 fi ] 4173) 4174AC_SUBST([SSHLIBS]) 4175AC_SUBST([SSHDLIBS]) 4176 4177# Check whether user wants Kerberos 5 support 4178KRB5_MSG="no" 4179AC_ARG_WITH([kerberos5], 4180 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4181 [ if test "x$withval" != "xno" ; then 4182 if test "x$withval" = "xyes" ; then 4183 KRB5ROOT="/usr/local" 4184 else 4185 KRB5ROOT=${withval} 4186 fi 4187 4188 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4189 KRB5_MSG="yes" 4190 4191 AC_PATH_PROG([KRB5CONF], [krb5-config], 4192 [$KRB5ROOT/bin/krb5-config], 4193 [$KRB5ROOT/bin:$PATH]) 4194 if test -x $KRB5CONF ; then 4195 K5CFLAGS="`$KRB5CONF --cflags`" 4196 K5LIBS="`$KRB5CONF --libs`" 4197 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4198 4199 AC_MSG_CHECKING([for gssapi support]) 4200 if $KRB5CONF | grep gssapi >/dev/null ; then 4201 AC_MSG_RESULT([yes]) 4202 AC_DEFINE([GSSAPI], [1], 4203 [Define this if you want GSSAPI 4204 support in the version 2 protocol]) 4205 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4206 GSSLIBS="`$KRB5CONF --libs gssapi`" 4207 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4208 else 4209 AC_MSG_RESULT([no]) 4210 fi 4211 AC_MSG_CHECKING([whether we are using Heimdal]) 4212 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4213 ]], [[ char *tmp = heimdal_version; ]])], 4214 [ AC_MSG_RESULT([yes]) 4215 AC_DEFINE([HEIMDAL], [1], 4216 [Define this if you are using the Heimdal 4217 version of Kerberos V5]) ], 4218 [AC_MSG_RESULT([no]) 4219 ]) 4220 else 4221 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4222 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4223 AC_MSG_CHECKING([whether we are using Heimdal]) 4224 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4225 ]], [[ char *tmp = heimdal_version; ]])], 4226 [ AC_MSG_RESULT([yes]) 4227 AC_DEFINE([HEIMDAL]) 4228 K5LIBS="-lkrb5" 4229 K5LIBS="$K5LIBS -lcom_err -lasn1" 4230 AC_CHECK_LIB([roken], [net_write], 4231 [K5LIBS="$K5LIBS -lroken"]) 4232 AC_CHECK_LIB([des], [des_cbc_encrypt], 4233 [K5LIBS="$K5LIBS -ldes"]) 4234 ], [ AC_MSG_RESULT([no]) 4235 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4236 ]) 4237 AC_SEARCH_LIBS([dn_expand], [resolv]) 4238 4239 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4240 [ AC_DEFINE([GSSAPI]) 4241 GSSLIBS="-lgssapi_krb5" ], 4242 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4243 [ AC_DEFINE([GSSAPI]) 4244 GSSLIBS="-lgssapi" ], 4245 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4246 [ AC_DEFINE([GSSAPI]) 4247 GSSLIBS="-lgss" ], 4248 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4249 ]) 4250 ]) 4251 4252 AC_CHECK_HEADER([gssapi.h], , 4253 [ unset ac_cv_header_gssapi_h 4254 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4255 AC_CHECK_HEADERS([gssapi.h], , 4256 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4257 ) 4258 ] 4259 ) 4260 4261 oldCPP="$CPPFLAGS" 4262 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4263 AC_CHECK_HEADER([gssapi_krb5.h], , 4264 [ CPPFLAGS="$oldCPP" ]) 4265 4266 fi 4267 if test ! -z "$need_dash_r" ; then 4268 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" 4269 fi 4270 if test ! -z "$blibpath" ; then 4271 blibpath="$blibpath:${KRB5ROOT}/lib" 4272 fi 4273 4274 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4275 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4276 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4277 4278 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4279 [Define this if you want to use libkafs' AFS support])]) 4280 4281 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4282#ifdef HAVE_GSSAPI_H 4283# include <gssapi.h> 4284#elif defined(HAVE_GSSAPI_GSSAPI_H) 4285# include <gssapi/gssapi.h> 4286#endif 4287 4288#ifdef HAVE_GSSAPI_GENERIC_H 4289# include <gssapi_generic.h> 4290#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4291# include <gssapi/gssapi_generic.h> 4292#endif 4293 ]]) 4294 saved_LIBS="$LIBS" 4295 LIBS="$LIBS $K5LIBS" 4296 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4297 LIBS="$saved_LIBS" 4298 4299 fi 4300 ] 4301) 4302AC_SUBST([GSSLIBS]) 4303AC_SUBST([K5LIBS]) 4304 4305# Looking for programs, paths and files 4306 4307PRIVSEP_PATH=/var/empty 4308AC_ARG_WITH([privsep-path], 4309 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4310 [ 4311 if test -n "$withval" && test "x$withval" != "xno" && \ 4312 test "x${withval}" != "xyes"; then 4313 PRIVSEP_PATH=$withval 4314 fi 4315 ] 4316) 4317AC_SUBST([PRIVSEP_PATH]) 4318 4319AC_ARG_WITH([xauth], 4320 [ --with-xauth=PATH Specify path to xauth program ], 4321 [ 4322 if test -n "$withval" && test "x$withval" != "xno" && \ 4323 test "x${withval}" != "xyes"; then 4324 xauth_path=$withval 4325 fi 4326 ], 4327 [ 4328 TestPath="$PATH" 4329 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4330 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4331 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4332 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4333 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4334 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4335 xauth_path="/usr/openwin/bin/xauth" 4336 fi 4337 ] 4338) 4339 4340STRIP_OPT=-s 4341AC_ARG_ENABLE([strip], 4342 [ --disable-strip Disable calling strip(1) on install], 4343 [ 4344 if test "x$enableval" = "xno" ; then 4345 STRIP_OPT= 4346 fi 4347 ] 4348) 4349AC_SUBST([STRIP_OPT]) 4350 4351if test -z "$xauth_path" ; then 4352 XAUTH_PATH="undefined" 4353 AC_SUBST([XAUTH_PATH]) 4354else 4355 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4356 [Define if xauth is found in your path]) 4357 XAUTH_PATH=$xauth_path 4358 AC_SUBST([XAUTH_PATH]) 4359fi 4360 4361dnl # --with-maildir=/path/to/mail gets top priority. 4362dnl # if maildir is set in the platform case statement above we use that. 4363dnl # Otherwise we run a program to get the dir from system headers. 4364dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4365dnl # If we find _PATH_MAILDIR we do nothing because that is what 4366dnl # session.c expects anyway. Otherwise we set to the value found 4367dnl # stripping any trailing slash. If for some strage reason our program 4368dnl # does not find what it needs, we default to /var/spool/mail. 4369# Check for mail directory 4370AC_ARG_WITH([maildir], 4371 [ --with-maildir=/path/to/mail Specify your system mail directory], 4372 [ 4373 if test "X$withval" != X && test "x$withval" != xno && \ 4374 test "x${withval}" != xyes; then 4375 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4376 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4377 fi 4378 ],[ 4379 if test "X$maildir" != "X"; then 4380 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4381 else 4382 AC_MSG_CHECKING([Discovering system mail directory]) 4383 AC_RUN_IFELSE( 4384 [AC_LANG_PROGRAM([[ 4385#include <stdio.h> 4386#include <string.h> 4387#ifdef HAVE_PATHS_H 4388#include <paths.h> 4389#endif 4390#ifdef HAVE_MAILLOCK_H 4391#include <maillock.h> 4392#endif 4393#define DATA "conftest.maildir" 4394 ]], [[ 4395 FILE *fd; 4396 int rc; 4397 4398 fd = fopen(DATA,"w"); 4399 if(fd == NULL) 4400 exit(1); 4401 4402#if defined (_PATH_MAILDIR) 4403 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4404 exit(1); 4405#elif defined (MAILDIR) 4406 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4407 exit(1); 4408#elif defined (_PATH_MAIL) 4409 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4410 exit(1); 4411#else 4412 exit (2); 4413#endif 4414 4415 exit(0); 4416 ]])], 4417 [ 4418 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4419 maildir=`awk -F: '{print $2}' conftest.maildir \ 4420 | sed 's|/$||'` 4421 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4422 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4423 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4424 fi 4425 ], 4426 [ 4427 if test "X$ac_status" = "X2";then 4428# our test program didn't find it. Default to /var/spool/mail 4429 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4430 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4431 else 4432 AC_MSG_RESULT([*** not found ***]) 4433 fi 4434 ], 4435 [ 4436 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4437 ] 4438 ) 4439 fi 4440 ] 4441) # maildir 4442 4443if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4444 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4445 disable_ptmx_check=yes 4446fi 4447if test -z "$no_dev_ptmx" ; then 4448 if test "x$disable_ptmx_check" != "xyes" ; then 4449 AC_CHECK_FILE(["/dev/ptmx"], 4450 [ 4451 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4452 [Define if you have /dev/ptmx]) 4453 have_dev_ptmx=1 4454 ] 4455 ) 4456 fi 4457fi 4458 4459if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4460 AC_CHECK_FILE(["/dev/ptc"], 4461 [ 4462 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4463 [Define if you have /dev/ptc]) 4464 have_dev_ptc=1 4465 ] 4466 ) 4467else 4468 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4469fi 4470 4471# Options from here on. Some of these are preset by platform above 4472AC_ARG_WITH([mantype], 4473 [ --with-mantype=man|cat|doc Set man page type], 4474 [ 4475 case "$withval" in 4476 man|cat|doc) 4477 MANTYPE=$withval 4478 ;; 4479 *) 4480 AC_MSG_ERROR([invalid man type: $withval]) 4481 ;; 4482 esac 4483 ] 4484) 4485if test -z "$MANTYPE"; then 4486 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" 4487 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath]) 4488 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4489 MANTYPE=doc 4490 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4491 MANTYPE=man 4492 else 4493 MANTYPE=cat 4494 fi 4495fi 4496AC_SUBST([MANTYPE]) 4497if test "$MANTYPE" = "doc"; then 4498 mansubdir=man; 4499else 4500 mansubdir=$MANTYPE; 4501fi 4502AC_SUBST([mansubdir]) 4503 4504# Check whether to enable MD5 passwords 4505MD5_MSG="no" 4506AC_ARG_WITH([md5-passwords], 4507 [ --with-md5-passwords Enable use of MD5 passwords], 4508 [ 4509 if test "x$withval" != "xno" ; then 4510 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4511 [Define if you want to allow MD5 passwords]) 4512 MD5_MSG="yes" 4513 fi 4514 ] 4515) 4516 4517# Whether to disable shadow password support 4518AC_ARG_WITH([shadow], 4519 [ --without-shadow Disable shadow password support], 4520 [ 4521 if test "x$withval" = "xno" ; then 4522 AC_DEFINE([DISABLE_SHADOW]) 4523 disable_shadow=yes 4524 fi 4525 ] 4526) 4527 4528if test -z "$disable_shadow" ; then 4529 AC_MSG_CHECKING([if the systems has expire shadow information]) 4530 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4531#include <sys/types.h> 4532#include <shadow.h> 4533struct spwd sp; 4534 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4535 [ sp_expire_available=yes ], [ 4536 ]) 4537 4538 if test "x$sp_expire_available" = "xyes" ; then 4539 AC_MSG_RESULT([yes]) 4540 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4541 [Define if you want to use shadow password expire field]) 4542 else 4543 AC_MSG_RESULT([no]) 4544 fi 4545fi 4546 4547# Use ip address instead of hostname in $DISPLAY 4548if test ! -z "$IPADDR_IN_DISPLAY" ; then 4549 DISPLAY_HACK_MSG="yes" 4550 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4551 [Define if you need to use IP address 4552 instead of hostname in $DISPLAY]) 4553else 4554 DISPLAY_HACK_MSG="no" 4555 AC_ARG_WITH([ipaddr-display], 4556 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 4557 [ 4558 if test "x$withval" != "xno" ; then 4559 AC_DEFINE([IPADDR_IN_DISPLAY]) 4560 DISPLAY_HACK_MSG="yes" 4561 fi 4562 ] 4563 ) 4564fi 4565 4566# check for /etc/default/login and use it if present. 4567AC_ARG_ENABLE([etc-default-login], 4568 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4569 [ if test "x$enableval" = "xno"; then 4570 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4571 etc_default_login=no 4572 else 4573 etc_default_login=yes 4574 fi ], 4575 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4576 then 4577 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4578 etc_default_login=no 4579 else 4580 etc_default_login=yes 4581 fi ] 4582) 4583 4584if test "x$etc_default_login" != "xno"; then 4585 AC_CHECK_FILE(["/etc/default/login"], 4586 [ external_path_file=/etc/default/login ]) 4587 if test "x$external_path_file" = "x/etc/default/login"; then 4588 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4589 [Define if your system has /etc/default/login]) 4590 fi 4591fi 4592 4593dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4594if test $ac_cv_func_login_getcapbool = "yes" && \ 4595 test $ac_cv_header_login_cap_h = "yes" ; then 4596 external_path_file=/etc/login.conf 4597fi 4598 4599# Whether to mess with the default path 4600SERVER_PATH_MSG="(default)" 4601AC_ARG_WITH([default-path], 4602 [ --with-default-path= Specify default $PATH environment for server], 4603 [ 4604 if test "x$external_path_file" = "x/etc/login.conf" ; then 4605 AC_MSG_WARN([ 4606--with-default-path=PATH has no effect on this system. 4607Edit /etc/login.conf instead.]) 4608 elif test "x$withval" != "xno" ; then 4609 if test ! -z "$external_path_file" ; then 4610 AC_MSG_WARN([ 4611--with-default-path=PATH will only be used if PATH is not defined in 4612$external_path_file .]) 4613 fi 4614 user_path="$withval" 4615 SERVER_PATH_MSG="$withval" 4616 fi 4617 ], 4618 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 4619 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 4620 else 4621 if test ! -z "$external_path_file" ; then 4622 AC_MSG_WARN([ 4623If PATH is defined in $external_path_file, ensure the path to scp is included, 4624otherwise scp will not work.]) 4625 fi 4626 AC_RUN_IFELSE( 4627 [AC_LANG_PROGRAM([[ 4628/* find out what STDPATH is */ 4629#include <stdio.h> 4630#ifdef HAVE_PATHS_H 4631# include <paths.h> 4632#endif 4633#ifndef _PATH_STDPATH 4634# ifdef _PATH_USERPATH /* Irix */ 4635# define _PATH_STDPATH _PATH_USERPATH 4636# else 4637# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 4638# endif 4639#endif 4640#include <sys/types.h> 4641#include <sys/stat.h> 4642#include <fcntl.h> 4643#define DATA "conftest.stdpath" 4644 ]], [[ 4645 FILE *fd; 4646 int rc; 4647 4648 fd = fopen(DATA,"w"); 4649 if(fd == NULL) 4650 exit(1); 4651 4652 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 4653 exit(1); 4654 4655 exit(0); 4656 ]])], 4657 [ user_path=`cat conftest.stdpath` ], 4658 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 4659 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 4660 ) 4661# make sure $bindir is in USER_PATH so scp will work 4662 t_bindir="${bindir}" 4663 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 4664 t_bindir=`eval echo ${t_bindir}` 4665 case $t_bindir in 4666 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 4667 esac 4668 case $t_bindir in 4669 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 4670 esac 4671 done 4672 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 4673 if test $? -ne 0 ; then 4674 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 4675 if test $? -ne 0 ; then 4676 user_path=$user_path:$t_bindir 4677 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 4678 fi 4679 fi 4680 fi ] 4681) 4682if test "x$external_path_file" != "x/etc/login.conf" ; then 4683 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 4684 AC_SUBST([user_path]) 4685fi 4686 4687# Set superuser path separately to user path 4688AC_ARG_WITH([superuser-path], 4689 [ --with-superuser-path= Specify different path for super-user], 4690 [ 4691 if test -n "$withval" && test "x$withval" != "xno" && \ 4692 test "x${withval}" != "xyes"; then 4693 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 4694 [Define if you want a different $PATH 4695 for the superuser]) 4696 superuser_path=$withval 4697 fi 4698 ] 4699) 4700 4701 4702AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 4703IPV4_IN6_HACK_MSG="no" 4704AC_ARG_WITH(4in6, 4705 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 4706 [ 4707 if test "x$withval" != "xno" ; then 4708 AC_MSG_RESULT([yes]) 4709 AC_DEFINE([IPV4_IN_IPV6], [1], 4710 [Detect IPv4 in IPv6 mapped addresses 4711 and treat as IPv4]) 4712 IPV4_IN6_HACK_MSG="yes" 4713 else 4714 AC_MSG_RESULT([no]) 4715 fi 4716 ], [ 4717 if test "x$inet6_default_4in6" = "xyes"; then 4718 AC_MSG_RESULT([yes (default)]) 4719 AC_DEFINE([IPV4_IN_IPV6]) 4720 IPV4_IN6_HACK_MSG="yes" 4721 else 4722 AC_MSG_RESULT([no (default)]) 4723 fi 4724 ] 4725) 4726 4727# Whether to enable BSD auth support 4728BSD_AUTH_MSG=no 4729AC_ARG_WITH([bsd-auth], 4730 [ --with-bsd-auth Enable BSD auth support], 4731 [ 4732 if test "x$withval" != "xno" ; then 4733 AC_DEFINE([BSD_AUTH], [1], 4734 [Define if you have BSD auth support]) 4735 BSD_AUTH_MSG=yes 4736 fi 4737 ] 4738) 4739 4740# Where to place sshd.pid 4741piddir=/var/run 4742# make sure the directory exists 4743if test ! -d $piddir ; then 4744 piddir=`eval echo ${sysconfdir}` 4745 case $piddir in 4746 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 4747 esac 4748fi 4749 4750AC_ARG_WITH([pid-dir], 4751 [ --with-pid-dir=PATH Specify location of ssh.pid file], 4752 [ 4753 if test -n "$withval" && test "x$withval" != "xno" && \ 4754 test "x${withval}" != "xyes"; then 4755 piddir=$withval 4756 if test ! -d $piddir ; then 4757 AC_MSG_WARN([** no $piddir directory on this system **]) 4758 fi 4759 fi 4760 ] 4761) 4762 4763AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 4764 [Specify location of ssh.pid]) 4765AC_SUBST([piddir]) 4766 4767dnl allow user to disable some login recording features 4768AC_ARG_ENABLE([lastlog], 4769 [ --disable-lastlog disable use of lastlog even if detected [no]], 4770 [ 4771 if test "x$enableval" = "xno" ; then 4772 AC_DEFINE([DISABLE_LASTLOG]) 4773 fi 4774 ] 4775) 4776AC_ARG_ENABLE([utmp], 4777 [ --disable-utmp disable use of utmp even if detected [no]], 4778 [ 4779 if test "x$enableval" = "xno" ; then 4780 AC_DEFINE([DISABLE_UTMP]) 4781 fi 4782 ] 4783) 4784AC_ARG_ENABLE([utmpx], 4785 [ --disable-utmpx disable use of utmpx even if detected [no]], 4786 [ 4787 if test "x$enableval" = "xno" ; then 4788 AC_DEFINE([DISABLE_UTMPX], [1], 4789 [Define if you don't want to use utmpx]) 4790 fi 4791 ] 4792) 4793AC_ARG_ENABLE([wtmp], 4794 [ --disable-wtmp disable use of wtmp even if detected [no]], 4795 [ 4796 if test "x$enableval" = "xno" ; then 4797 AC_DEFINE([DISABLE_WTMP]) 4798 fi 4799 ] 4800) 4801AC_ARG_ENABLE([wtmpx], 4802 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 4803 [ 4804 if test "x$enableval" = "xno" ; then 4805 AC_DEFINE([DISABLE_WTMPX], [1], 4806 [Define if you don't want to use wtmpx]) 4807 fi 4808 ] 4809) 4810AC_ARG_ENABLE([libutil], 4811 [ --disable-libutil disable use of libutil (login() etc.) [no]], 4812 [ 4813 if test "x$enableval" = "xno" ; then 4814 AC_DEFINE([DISABLE_LOGIN]) 4815 fi 4816 ] 4817) 4818AC_ARG_ENABLE([pututline], 4819 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 4820 [ 4821 if test "x$enableval" = "xno" ; then 4822 AC_DEFINE([DISABLE_PUTUTLINE], [1], 4823 [Define if you don't want to use pututline() 4824 etc. to write [uw]tmp]) 4825 fi 4826 ] 4827) 4828AC_ARG_ENABLE([pututxline], 4829 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 4830 [ 4831 if test "x$enableval" = "xno" ; then 4832 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 4833 [Define if you don't want to use pututxline() 4834 etc. to write [uw]tmpx]) 4835 fi 4836 ] 4837) 4838AC_ARG_WITH([lastlog], 4839 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 4840 [ 4841 if test "x$withval" = "xno" ; then 4842 AC_DEFINE([DISABLE_LASTLOG]) 4843 elif test -n "$withval" && test "x${withval}" != "xyes"; then 4844 conf_lastlog_location=$withval 4845 fi 4846 ] 4847) 4848 4849dnl lastlog, [uw]tmpx? detection 4850dnl NOTE: set the paths in the platform section to avoid the 4851dnl need for command-line parameters 4852dnl lastlog and [uw]tmp are subject to a file search if all else fails 4853 4854dnl lastlog detection 4855dnl NOTE: the code itself will detect if lastlog is a directory 4856AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 4857AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4858#include <sys/types.h> 4859#include <utmp.h> 4860#ifdef HAVE_LASTLOG_H 4861# include <lastlog.h> 4862#endif 4863#ifdef HAVE_PATHS_H 4864# include <paths.h> 4865#endif 4866#ifdef HAVE_LOGIN_H 4867# include <login.h> 4868#endif 4869 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 4870 [ AC_MSG_RESULT([yes]) ], 4871 [ 4872 AC_MSG_RESULT([no]) 4873 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 4874 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4875#include <sys/types.h> 4876#include <utmp.h> 4877#ifdef HAVE_LASTLOG_H 4878# include <lastlog.h> 4879#endif 4880#ifdef HAVE_PATHS_H 4881# include <paths.h> 4882#endif 4883 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 4884 [ AC_MSG_RESULT([yes]) ], 4885 [ 4886 AC_MSG_RESULT([no]) 4887 system_lastlog_path=no 4888 ]) 4889]) 4890 4891if test -z "$conf_lastlog_location"; then 4892 if test x"$system_lastlog_path" = x"no" ; then 4893 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 4894 if (test -d "$f" || test -f "$f") ; then 4895 conf_lastlog_location=$f 4896 fi 4897 done 4898 if test -z "$conf_lastlog_location"; then 4899 AC_MSG_WARN([** Cannot find lastlog **]) 4900 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 4901 fi 4902 fi 4903fi 4904 4905if test -n "$conf_lastlog_location"; then 4906 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 4907 [Define if you want to specify the path to your lastlog file]) 4908fi 4909 4910dnl utmp detection 4911AC_MSG_CHECKING([if your system defines UTMP_FILE]) 4912AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4913#include <sys/types.h> 4914#include <utmp.h> 4915#ifdef HAVE_PATHS_H 4916# include <paths.h> 4917#endif 4918 ]], [[ char *utmp = UTMP_FILE; ]])], 4919 [ AC_MSG_RESULT([yes]) ], 4920 [ AC_MSG_RESULT([no]) 4921 system_utmp_path=no 4922]) 4923if test -z "$conf_utmp_location"; then 4924 if test x"$system_utmp_path" = x"no" ; then 4925 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 4926 if test -f $f ; then 4927 conf_utmp_location=$f 4928 fi 4929 done 4930 if test -z "$conf_utmp_location"; then 4931 AC_DEFINE([DISABLE_UTMP]) 4932 fi 4933 fi 4934fi 4935if test -n "$conf_utmp_location"; then 4936 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 4937 [Define if you want to specify the path to your utmp file]) 4938fi 4939 4940dnl wtmp detection 4941AC_MSG_CHECKING([if your system defines WTMP_FILE]) 4942AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4943#include <sys/types.h> 4944#include <utmp.h> 4945#ifdef HAVE_PATHS_H 4946# include <paths.h> 4947#endif 4948 ]], [[ char *wtmp = WTMP_FILE; ]])], 4949 [ AC_MSG_RESULT([yes]) ], 4950 [ AC_MSG_RESULT([no]) 4951 system_wtmp_path=no 4952]) 4953if test -z "$conf_wtmp_location"; then 4954 if test x"$system_wtmp_path" = x"no" ; then 4955 for f in /usr/adm/wtmp /var/log/wtmp; do 4956 if test -f $f ; then 4957 conf_wtmp_location=$f 4958 fi 4959 done 4960 if test -z "$conf_wtmp_location"; then 4961 AC_DEFINE([DISABLE_WTMP]) 4962 fi 4963 fi 4964fi 4965if test -n "$conf_wtmp_location"; then 4966 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 4967 [Define if you want to specify the path to your wtmp file]) 4968fi 4969 4970dnl wtmpx detection 4971AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 4972AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4973#include <sys/types.h> 4974#include <utmp.h> 4975#ifdef HAVE_UTMPX_H 4976#include <utmpx.h> 4977#endif 4978#ifdef HAVE_PATHS_H 4979# include <paths.h> 4980#endif 4981 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 4982 [ AC_MSG_RESULT([yes]) ], 4983 [ AC_MSG_RESULT([no]) 4984 system_wtmpx_path=no 4985]) 4986if test -z "$conf_wtmpx_location"; then 4987 if test x"$system_wtmpx_path" = x"no" ; then 4988 AC_DEFINE([DISABLE_WTMPX]) 4989 fi 4990else 4991 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 4992 [Define if you want to specify the path to your wtmpx file]) 4993fi 4994 4995 4996if test ! -z "$blibpath" ; then 4997 LDFLAGS="$LDFLAGS $blibflags$blibpath" 4998 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 4999fi 5000 5001AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5002 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5003 AC_DEFINE([DISABLE_LASTLOG]) 5004 fi 5005 ], [ 5006#ifdef HAVE_SYS_TYPES_H 5007#include <sys/types.h> 5008#endif 5009#ifdef HAVE_UTMP_H 5010#include <utmp.h> 5011#endif 5012#ifdef HAVE_UTMPX_H 5013#include <utmpx.h> 5014#endif 5015#ifdef HAVE_LASTLOG_H 5016#include <lastlog.h> 5017#endif 5018 ]) 5019 5020AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5021 AC_DEFINE([DISABLE_UTMP]) 5022 AC_DEFINE([DISABLE_WTMP]) 5023 ], [ 5024#ifdef HAVE_SYS_TYPES_H 5025#include <sys/types.h> 5026#endif 5027#ifdef HAVE_UTMP_H 5028#include <utmp.h> 5029#endif 5030#ifdef HAVE_UTMPX_H 5031#include <utmpx.h> 5032#endif 5033#ifdef HAVE_LASTLOG_H 5034#include <lastlog.h> 5035#endif 5036 ]) 5037 5038dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5039dnl Add now. 5040CFLAGS="$CFLAGS $werror_flags" 5041 5042if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5043 TEST_SSH_IPV6=no 5044else 5045 TEST_SSH_IPV6=yes 5046fi 5047AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5048AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5049AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5050AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5051 5052AC_EXEEXT 5053AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5054 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5055 survey.sh]) 5056AC_OUTPUT 5057 5058# Print summary of options 5059 5060# Someone please show me a better way :) 5061A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5062B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5063C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5064D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5065E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5066F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5067G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5068H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5069I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5070J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5071 5072echo "" 5073echo "OpenSSH has been configured with the following options:" 5074echo " User binaries: $B" 5075echo " System binaries: $C" 5076echo " Configuration files: $D" 5077echo " Askpass program: $E" 5078echo " Manual pages: $F" 5079echo " PID file: $G" 5080echo " Privilege separation chroot path: $H" 5081if test "x$external_path_file" = "x/etc/login.conf" ; then 5082echo " At runtime, sshd will use the path defined in $external_path_file" 5083echo " Make sure the path to scp is present, otherwise scp will not work" 5084else 5085echo " sshd default user PATH: $I" 5086 if test ! -z "$external_path_file"; then 5087echo " (If PATH is set in $external_path_file it will be used instead. If" 5088echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5089 fi 5090fi 5091if test ! -z "$superuser_path" ; then 5092echo " sshd superuser user PATH: $J" 5093fi 5094echo " Manpage format: $MANTYPE" 5095echo " PAM support: $PAM_MSG" 5096echo " OSF SIA support: $SIA_MSG" 5097echo " KerberosV support: $KRB5_MSG" 5098echo " SELinux support: $SELINUX_MSG" 5099echo " Smartcard support: $SCARD_MSG" 5100echo " S/KEY support: $SKEY_MSG" 5101echo " TCP Wrappers support: $TCPW_MSG" 5102echo " MD5 password support: $MD5_MSG" 5103echo " libedit support: $LIBEDIT_MSG" 5104echo " Solaris process contract support: $SPC_MSG" 5105echo " Solaris project support: $SP_MSG" 5106echo " Solaris privilege support: $SPP_MSG" 5107echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5108echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5109echo " BSD Auth support: $BSD_AUTH_MSG" 5110echo " Random number source: $RAND_MSG" 5111echo " Privsep sandbox style: $SANDBOX_STYLE" 5112 5113echo "" 5114 5115echo " Host: ${host}" 5116echo " Compiler: ${CC}" 5117echo " Compiler flags: ${CFLAGS}" 5118echo "Preprocessor flags: ${CPPFLAGS}" 5119echo " Linker flags: ${LDFLAGS}" 5120echo " Libraries: ${LIBS}" 5121if test ! -z "${SSHDLIBS}"; then 5122echo " +for sshd: ${SSHDLIBS}" 5123fi 5124if test ! -z "${SSHLIBS}"; then 5125echo " +for ssh: ${SSHLIBS}" 5126fi 5127 5128echo "" 5129 5130if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5131 echo "SVR4 style packages are supported with \"make package\"" 5132 echo "" 5133fi 5134 5135if test "x$PAM_MSG" = "xyes" ; then 5136 echo "PAM is enabled. You may need to install a PAM control file " 5137 echo "for sshd, otherwise password authentication may fail. " 5138 echo "Example PAM control files can be found in the contrib/ " 5139 echo "subdirectory" 5140 echo "" 5141fi 5142 5143if test ! -z "$NO_PEERCHECK" ; then 5144 echo "WARNING: the operating system that you are using does not" 5145 echo "appear to support getpeereid(), getpeerucred() or the" 5146 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5147 echo "enforce security checks to prevent unauthorised connections to" 5148 echo "ssh-agent. Their absence increases the risk that a malicious" 5149 echo "user can connect to your agent." 5150 echo "" 5151fi 5152 5153if test "$AUDIT_MODULE" = "bsm" ; then 5154 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5155 echo "See the Solaris section in README.platform for details." 5156fi 5157