1# 2# Copyright (c) 1999-2004 Damien Miller 3# 4# Permission to use, copy, modify, and distribute this software for any 5# purpose with or without fee is hereby granted, provided that the above 6# copyright notice and this permission notice appear in all copies. 7# 8# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 16AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_REVISION($Revision: 1.583 $) 18AC_CONFIG_SRCDIR([ssh.c]) 19AC_LANG([C]) 20 21AC_CONFIG_HEADER([config.h]) 22AC_PROG_CC([cc gcc]) 23AC_CANONICAL_HOST 24AC_C_BIGENDIAN 25 26# Checks for programs. 27AC_PROG_AWK 28AC_PROG_CPP 29AC_PROG_RANLIB 30AC_PROG_INSTALL 31AC_PROG_EGREP 32AC_PROG_MKDIR_P 33AC_CHECK_TOOLS([AR], [ar]) 34AC_PATH_PROG([CAT], [cat]) 35AC_PATH_PROG([KILL], [kill]) 36AC_PATH_PROG([SED], [sed]) 37AC_PATH_PROG([ENT], [ent]) 38AC_SUBST([ENT]) 39AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 40AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 41AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 42AC_PATH_PROG([SH], [sh]) 43AC_PATH_PROG([GROFF], [groff]) 44AC_PATH_PROG([NROFF], [nroff awf]) 45AC_PATH_PROG([MANDOC], [mandoc]) 46AC_SUBST([TEST_SHELL], [sh]) 47 48dnl select manpage formatter to be used to build "cat" format pages. 49if test "x$MANDOC" != "x" ; then 50 MANFMT="$MANDOC" 51elif test "x$NROFF" != "x" ; then 52 MANFMT="$NROFF -mandoc" 53elif test "x$GROFF" != "x" ; then 54 MANFMT="$GROFF -mandoc -Tascii" 55else 56 AC_MSG_WARN([no manpage formatter found]) 57 MANFMT="false" 58fi 59AC_SUBST([MANFMT]) 60 61dnl for buildpkg.sh 62AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 63 [/usr/sbin${PATH_SEPARATOR}/etc]) 64AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 65 [/usr/sbin${PATH_SEPARATOR}/etc]) 66AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 67if test -x /sbin/sh; then 68 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 69else 70 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 71fi 72 73# System features 74AC_SYS_LARGEFILE 75 76if test -z "$AR" ; then 77 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 78fi 79 80AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 81if test ! -z "$PATH_PASSWD_PROG" ; then 82 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 83 [Full path of your "passwd" program]) 84fi 85 86dnl Since autoconf doesn't support it very well, we no longer allow users to 87dnl override LD, however keeping the hook here for now in case there's a use 88dnl use case we overlooked and someone needs to re-enable it. Unless a good 89dnl reason is found we'll be removing this in future. 90LD="$CC" 91AC_SUBST([LD]) 92 93AC_C_INLINE 94 95AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 96AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) 97AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 98 #include <sys/types.h> 99 #include <sys/param.h> 100 #include <dev/systrace.h> 101]) 102AC_CHECK_DECL([RLIMIT_NPROC], 103 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 104 #include <sys/types.h> 105 #include <sys/resource.h> 106]) 107AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 108 #include <sys/types.h> 109 #include <linux/prctl.h> 110]) 111 112openssl=yes 113AC_ARG_WITH([openssl], 114 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 115 [ if test "x$withval" = "xno" ; then 116 openssl=no 117 fi 118 ] 119) 120AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 121if test "x$openssl" = "xyes" ; then 122 AC_MSG_RESULT([yes]) 123 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 124else 125 AC_MSG_RESULT([no]) 126fi 127 128use_stack_protector=1 129use_toolchain_hardening=1 130AC_ARG_WITH([stackprotect], 131 [ --without-stackprotect Don't use compiler's stack protection], [ 132 if test "x$withval" = "xno"; then 133 use_stack_protector=0 134 fi ]) 135AC_ARG_WITH([hardening], 136 [ --without-hardening Don't use toolchain hardening flags], [ 137 if test "x$withval" = "xno"; then 138 use_toolchain_hardening=0 139 fi ]) 140 141# We use -Werror for the tests only so that we catch warnings like "this is 142# on by default" for things like -fPIE. 143AC_MSG_CHECKING([if $CC supports -Werror]) 144saved_CFLAGS="$CFLAGS" 145CFLAGS="$CFLAGS -Werror" 146AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 147 [ AC_MSG_RESULT([yes]) 148 WERROR="-Werror"], 149 [ AC_MSG_RESULT([no]) 150 WERROR="" ] 151) 152CFLAGS="$saved_CFLAGS" 153 154if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 155 OSSH_CHECK_CFLAG_COMPILE([-pipe]) 156 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 157 OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation]) 158 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 159 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 160 OSSH_CHECK_CFLAG_COMPILE([-Wextra]) 161 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 162 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 163 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 164 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 165 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 166 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 167 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 168 OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) 169 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 170 if test "x$use_toolchain_hardening" = "x1"; then 171 OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang 172 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) 173 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 174 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 175 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 176 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 177 # NB. -ftrapv expects certain support functions to be present in 178 # the compiler library (libgcc or similar) to detect integer operations 179 # that can overflow. We must check that the result of enabling it 180 # actually links. The test program compiled/linked includes a number 181 # of integer operations that should exercise this. 182 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 183 fi 184 AC_MSG_CHECKING([gcc version]) 185 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 186 case $GCC_VER in 187 1.*) no_attrib_nonnull=1 ;; 188 2.8* | 2.9*) 189 no_attrib_nonnull=1 190 ;; 191 2.*) no_attrib_nonnull=1 ;; 192 *) ;; 193 esac 194 AC_MSG_RESULT([$GCC_VER]) 195 196 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 197 saved_CFLAGS="$CFLAGS" 198 CFLAGS="$CFLAGS -fno-builtin-memset" 199 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 200 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 201 [ AC_MSG_RESULT([yes]) ], 202 [ AC_MSG_RESULT([no]) 203 CFLAGS="$saved_CFLAGS" ] 204 ) 205 206 # -fstack-protector-all doesn't always work for some GCC versions 207 # and/or platforms, so we test if we can. If it's not supported 208 # on a given platform gcc will emit a warning so we use -Werror. 209 if test "x$use_stack_protector" = "x1"; then 210 for t in -fstack-protector-strong -fstack-protector-all \ 211 -fstack-protector; do 212 AC_MSG_CHECKING([if $CC supports $t]) 213 saved_CFLAGS="$CFLAGS" 214 saved_LDFLAGS="$LDFLAGS" 215 CFLAGS="$CFLAGS $t -Werror" 216 LDFLAGS="$LDFLAGS $t -Werror" 217 AC_LINK_IFELSE( 218 [AC_LANG_PROGRAM([[ 219 #include <stdio.h> 220 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 221 ]], 222 [[ 223 char x[256]; 224 snprintf(x, sizeof(x), "XXX%d", func(1)); 225 ]])], 226 [ AC_MSG_RESULT([yes]) 227 CFLAGS="$saved_CFLAGS $t" 228 LDFLAGS="$saved_LDFLAGS $t" 229 AC_MSG_CHECKING([if $t works]) 230 AC_RUN_IFELSE( 231 [AC_LANG_PROGRAM([[ 232 #include <stdio.h> 233 int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} 234 ]], 235 [[ 236 char x[256]; 237 snprintf(x, sizeof(x), "XXX%d", func(1)); 238 ]])], 239 [ AC_MSG_RESULT([yes]) 240 break ], 241 [ AC_MSG_RESULT([no]) ], 242 [ AC_MSG_WARN([cross compiling: cannot test]) 243 break ] 244 ) 245 ], 246 [ AC_MSG_RESULT([no]) ] 247 ) 248 CFLAGS="$saved_CFLAGS" 249 LDFLAGS="$saved_LDFLAGS" 250 done 251 fi 252 253 if test -z "$have_llong_max"; then 254 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 255 unset ac_cv_have_decl_LLONG_MAX 256 saved_CFLAGS="$CFLAGS" 257 CFLAGS="$CFLAGS -std=gnu99" 258 AC_CHECK_DECL([LLONG_MAX], 259 [have_llong_max=1], 260 [CFLAGS="$saved_CFLAGS"], 261 [#include <limits.h>] 262 ) 263 fi 264fi 265 266AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 267AC_COMPILE_IFELSE( 268 [AC_LANG_PROGRAM([[ 269#include <stdlib.h> 270__attribute__((__unused__)) static void foo(void){return;}]], 271 [[ exit(0); ]])], 272 [ AC_MSG_RESULT([yes]) ], 273 [ AC_MSG_RESULT([no]) 274 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 275 [compiler does not accept __attribute__ on return types]) ] 276) 277 278AC_MSG_CHECKING([if compiler allows __attribute__ prototype args]) 279AC_COMPILE_IFELSE( 280 [AC_LANG_PROGRAM([[ 281#include <stdlib.h> 282typedef void foo(const char *, ...) __attribute__((format(printf, 1, 2)));]], 283 [[ exit(0); ]])], 284 [ AC_MSG_RESULT([yes]) ], 285 [ AC_MSG_RESULT([no]) 286 AC_DEFINE(NO_ATTRIBUTE_ON_PROTOTYPE_ARGS, 1, 287 [compiler does not accept __attribute__ on prototype args]) ] 288) 289 290if test "x$no_attrib_nonnull" != "x1" ; then 291 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 292fi 293 294AC_ARG_WITH([rpath], 295 [ --without-rpath Disable auto-added -R linker paths], 296 [ 297 if test "x$withval" = "xno" ; then 298 rpath_opt="" 299 elif test "x$withval" = "xyes" ; then 300 rpath_opt="-R" 301 else 302 rpath_opt="$withval" 303 fi 304 ] 305) 306 307# Allow user to specify flags 308AC_ARG_WITH([cflags], 309 [ --with-cflags Specify additional flags to pass to compiler], 310 [ 311 if test -n "$withval" && test "x$withval" != "xno" && \ 312 test "x${withval}" != "xyes"; then 313 CFLAGS="$CFLAGS $withval" 314 fi 315 ] 316) 317 318AC_ARG_WITH([cflags-after], 319 [ --with-cflags-after Specify additional flags to pass to compiler after configure], 320 [ 321 if test -n "$withval" && test "x$withval" != "xno" && \ 322 test "x${withval}" != "xyes"; then 323 CFLAGS_AFTER="$withval" 324 fi 325 ] 326) 327AC_ARG_WITH([cppflags], 328 [ --with-cppflags Specify additional flags to pass to preprocessor] , 329 [ 330 if test -n "$withval" && test "x$withval" != "xno" && \ 331 test "x${withval}" != "xyes"; then 332 CPPFLAGS="$CPPFLAGS $withval" 333 fi 334 ] 335) 336AC_ARG_WITH([ldflags], 337 [ --with-ldflags Specify additional flags to pass to linker], 338 [ 339 if test -n "$withval" && test "x$withval" != "xno" && \ 340 test "x${withval}" != "xyes"; then 341 LDFLAGS="$LDFLAGS $withval" 342 fi 343 ] 344) 345AC_ARG_WITH([ldflags-after], 346 [ --with-ldflags-after Specify additional flags to pass to linker after configure], 347 [ 348 if test -n "$withval" && test "x$withval" != "xno" && \ 349 test "x${withval}" != "xyes"; then 350 LDFLAGS_AFTER="$withval" 351 fi 352 ] 353) 354AC_ARG_WITH([libs], 355 [ --with-libs Specify additional libraries to link with], 356 [ 357 if test -n "$withval" && test "x$withval" != "xno" && \ 358 test "x${withval}" != "xyes"; then 359 LIBS="$LIBS $withval" 360 fi 361 ] 362) 363AC_ARG_WITH([Werror], 364 [ --with-Werror Build main code with -Werror], 365 [ 366 if test -n "$withval" && test "x$withval" != "xno"; then 367 werror_flags="-Werror" 368 if test "x${withval}" != "xyes"; then 369 werror_flags="$withval" 370 fi 371 fi 372 ] 373) 374 375AC_CHECK_HEADERS([ \ 376 blf.h \ 377 bstring.h \ 378 crypt.h \ 379 crypto/sha2.h \ 380 dirent.h \ 381 endian.h \ 382 elf.h \ 383 err.h \ 384 features.h \ 385 fcntl.h \ 386 floatingpoint.h \ 387 fnmatch.h \ 388 getopt.h \ 389 glob.h \ 390 ia.h \ 391 iaf.h \ 392 ifaddrs.h \ 393 inttypes.h \ 394 langinfo.h \ 395 limits.h \ 396 locale.h \ 397 login.h \ 398 maillock.h \ 399 ndir.h \ 400 net/if_tun.h \ 401 netdb.h \ 402 netgroup.h \ 403 pam/pam_appl.h \ 404 paths.h \ 405 poll.h \ 406 pty.h \ 407 readpassphrase.h \ 408 rpc/types.h \ 409 security/pam_appl.h \ 410 sha2.h \ 411 shadow.h \ 412 stddef.h \ 413 stdint.h \ 414 string.h \ 415 strings.h \ 416 sys/bitypes.h \ 417 sys/byteorder.h \ 418 sys/bsdtty.h \ 419 sys/cdefs.h \ 420 sys/dir.h \ 421 sys/file.h \ 422 sys/mman.h \ 423 sys/label.h \ 424 sys/ndir.h \ 425 sys/poll.h \ 426 sys/prctl.h \ 427 sys/pstat.h \ 428 sys/ptrace.h \ 429 sys/random.h \ 430 sys/select.h \ 431 sys/stat.h \ 432 sys/stream.h \ 433 sys/stropts.h \ 434 sys/strtio.h \ 435 sys/statvfs.h \ 436 sys/sysmacros.h \ 437 sys/time.h \ 438 sys/timers.h \ 439 sys/vfs.h \ 440 time.h \ 441 tmpdir.h \ 442 ttyent.h \ 443 ucred.h \ 444 unistd.h \ 445 usersec.h \ 446 util.h \ 447 utime.h \ 448 utmp.h \ 449 utmpx.h \ 450 vis.h \ 451 wchar.h \ 452]) 453 454# On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] 455# to be included first. 456AC_CHECK_HEADERS([sys/audit.h], [], [], [ 457#ifdef HAVE_SYS_TIME_H 458# include <sys/time.h> 459#endif 460#ifdef HAVE_SYS_TYPES_H 461# include <sys/types.h> 462#endif 463#ifdef HAVE_SYS_LABEL_H 464# include <sys/label.h> 465#endif 466]) 467 468# sys/capsicum.h requires sys/types.h 469AC_CHECK_HEADERS([sys/capsicum.h], [], [], [ 470#ifdef HAVE_SYS_TYPES_H 471# include <sys/types.h> 472#endif 473]) 474 475# net/route.h requires sys/socket.h and sys/types.h. 476# sys/sysctl.h also requires sys/param.h 477AC_CHECK_HEADERS([net/route.h sys/sysctl.h], [], [], [ 478#ifdef HAVE_SYS_TYPES_H 479# include <sys/types.h> 480#endif 481#include <sys/param.h> 482#include <sys/socket.h> 483]) 484 485# lastlog.h requires sys/time.h to be included first on Solaris 486AC_CHECK_HEADERS([lastlog.h], [], [], [ 487#ifdef HAVE_SYS_TIME_H 488# include <sys/time.h> 489#endif 490]) 491 492# sys/ptms.h requires sys/stream.h to be included first on Solaris 493AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 494#ifdef HAVE_SYS_STREAM_H 495# include <sys/stream.h> 496#endif 497]) 498 499# login_cap.h requires sys/types.h on NetBSD 500AC_CHECK_HEADERS([login_cap.h], [], [], [ 501#include <sys/types.h> 502]) 503 504# older BSDs need sys/param.h before sys/mount.h 505AC_CHECK_HEADERS([sys/mount.h], [], [], [ 506#include <sys/param.h> 507]) 508 509# Android requires sys/socket.h to be included before sys/un.h 510AC_CHECK_HEADERS([sys/un.h], [], [], [ 511#include <sys/types.h> 512#include <sys/socket.h> 513]) 514 515# Messages for features tested for in target-specific section 516SIA_MSG="no" 517SPC_MSG="no" 518SP_MSG="no" 519SPP_MSG="no" 520 521# Support for Solaris/Illumos privileges (this test is used by both 522# the --with-solaris-privs option and --with-sandbox=solaris). 523SOLARIS_PRIVS="no" 524 525# Check for some target-specific stuff 526case "$host" in 527*-*-aix*) 528 # Some versions of VAC won't allow macro redefinitions at 529 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 530 # particularly with older versions of vac or xlc. 531 # It also throws errors about null macro arguments, but these are 532 # not fatal. 533 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 534 AC_COMPILE_IFELSE( 535 [AC_LANG_PROGRAM([[ 536#define testmacro foo 537#define testmacro bar]], 538 [[ exit(0); ]])], 539 [ AC_MSG_RESULT([yes]) ], 540 [ AC_MSG_RESULT([no]) 541 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 542 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 543 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 544 ] 545 ) 546 547 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 548 if (test -z "$blibpath"); then 549 blibpath="/usr/lib:/lib" 550 fi 551 saved_LDFLAGS="$LDFLAGS" 552 if test "$GCC" = "yes"; then 553 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 554 else 555 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 556 fi 557 for tryflags in $flags ;do 558 if (test -z "$blibflags"); then 559 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 560 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 561 [blibflags=$tryflags], []) 562 fi 563 done 564 if (test -z "$blibflags"); then 565 AC_MSG_RESULT([not found]) 566 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 567 else 568 AC_MSG_RESULT([$blibflags]) 569 fi 570 LDFLAGS="$saved_LDFLAGS" 571 dnl Check for authenticate. Might be in libs.a on older AIXes 572 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 573 [Define if you want to enable AIX4's authenticate function])], 574 [AC_CHECK_LIB([s], [authenticate], 575 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 576 LIBS="$LIBS -ls" 577 ]) 578 ]) 579 dnl Check for various auth function declarations in headers. 580 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 581 passwdexpired, setauthdb], , , [#include <usersec.h>]) 582 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 583 AC_CHECK_DECLS([loginfailed], 584 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 585 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 586 [[ (void)loginfailed("user","host","tty",0); ]])], 587 [AC_MSG_RESULT([yes]) 588 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 589 [Define if your AIX loginfailed() function 590 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 591 ])], 592 [], 593 [#include <usersec.h>] 594 ) 595 AC_CHECK_FUNCS([getgrset setauthdb]) 596 AC_CHECK_DECL([F_CLOSEM], 597 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 598 [], 599 [ #include <limits.h> 600 #include <fcntl.h> ] 601 ) 602 check_for_aix_broken_getaddrinfo=1 603 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 604 [Define if your platform breaks doing a seteuid before a setuid]) 605 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 606 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 607 dnl AIX handles lastlog as part of its login message 608 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 609 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 610 [Some systems need a utmpx entry for /bin/login to work]) 611 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 612 [Define to a Set Process Title type if your system is 613 supported by bsd-setproctitle.c]) 614 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 615 [AIX 5.2 and 5.3 (and presumably newer) require this]) 616 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 617 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 618 AC_DEFINE([BROKEN_STRNDUP], 1, [strndup broken, see APAR IY61211]) 619 AC_DEFINE([BROKEN_STRNLEN], 1, [strnlen broken, see APAR IY62551]) 620 ;; 621*-*-android*) 622 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 623 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 624 ;; 625*-*-cygwin*) 626 check_for_libcrypt_later=1 627 LIBS="$LIBS /usr/lib/textreadmode.o" 628 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 629 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 630 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 631 [Define to disable UID restoration test]) 632 AC_DEFINE([DISABLE_SHADOW], [1], 633 [Define if you want to disable shadow passwords]) 634 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 635 [Define if X11 doesn't support AF_UNIX sockets on that system]) 636 AC_DEFINE([DISABLE_FD_PASSING], [1], 637 [Define if your platform needs to skip post auth 638 file descriptor passing]) 639 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 640 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 641 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 642 # reasons which cause compile warnings, so we disable those warnings. 643 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 644 ;; 645*-*-dgux*) 646 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 647 [Define if your system choked on IP TOS setting]) 648 AC_DEFINE([SETEUID_BREAKS_SETUID]) 649 AC_DEFINE([BROKEN_SETREUID]) 650 AC_DEFINE([BROKEN_SETREGID]) 651 ;; 652*-*-darwin*) 653 use_pie=auto 654 AC_MSG_CHECKING([if we have working getaddrinfo]) 655 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h> 656main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 657 exit(0); 658 else 659 exit(1); 660} 661 ]])], 662 [AC_MSG_RESULT([working])], 663 [AC_MSG_RESULT([buggy]) 664 AC_DEFINE([BROKEN_GETADDRINFO], [1], 665 [getaddrinfo is broken (if present)]) 666 ], 667 [AC_MSG_RESULT([assume it is working])]) 668 AC_DEFINE([SETEUID_BREAKS_SETUID]) 669 AC_DEFINE([BROKEN_SETREUID]) 670 AC_DEFINE([BROKEN_SETREGID]) 671 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 672 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 673 [Define if your resolver libs need this for getrrsetbyname]) 674 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 675 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 676 [Use tunnel device compatibility to OpenBSD]) 677 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 678 [Prepend the address family to IP tunnel traffic]) 679 m4_pattern_allow([AU_IPv]) 680 AC_CHECK_DECL([AU_IPv4], [], 681 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 682 [#include <bsm/audit.h>] 683 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 684 [Define if pututxline updates lastlog too]) 685 ) 686 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 687 [Define to a Set Process Title type if your system is 688 supported by bsd-setproctitle.c]) 689 AC_CHECK_FUNCS([sandbox_init]) 690 AC_CHECK_HEADERS([sandbox.h]) 691 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 692 SSHDLIBS="$SSHDLIBS -lsandbox" 693 ]) 694 # proc_pidinfo()-based closefrom() replacement. 695 AC_CHECK_HEADERS([libproc.h]) 696 AC_CHECK_FUNCS([proc_pidinfo]) 697 ;; 698*-*-dragonfly*) 699 SSHDLIBS="$SSHDLIBS -lcrypt" 700 TEST_MALLOC_OPTIONS="AFGJPRX" 701 ;; 702*-*-haiku*) 703 LIBS="$LIBS -lbsd " 704 CFLAGS="$CFLAGS -D_BSD_SOURCE" 705 AC_CHECK_LIB([network], [socket]) 706 AC_DEFINE([HAVE_U_INT64_T]) 707 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 708 MANTYPE=man 709 ;; 710*-*-hpux*) 711 # first we define all of the options common to all HP-UX releases 712 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 713 IPADDR_IN_DISPLAY=yes 714 AC_DEFINE([USE_PIPES]) 715 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 716 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 717 [String used in /etc/passwd to denote locked account]) 718 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 719 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 720 maildir="/var/mail" 721 LIBS="$LIBS -lsec" 722 AC_CHECK_LIB([xnet], [t_error], , 723 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 724 725 # next, we define all of the options specific to major releases 726 case "$host" in 727 *-*-hpux10*) 728 if test -z "$GCC"; then 729 CFLAGS="$CFLAGS -Ae" 730 fi 731 ;; 732 *-*-hpux11*) 733 AC_DEFINE([PAM_SUN_CODEBASE], [1], 734 [Define if you are using Solaris-derived PAM which 735 passes pam_messages to the conversation function 736 with an extra level of indirection]) 737 AC_DEFINE([DISABLE_UTMP], [1], 738 [Define if you don't want to use utmp]) 739 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 740 check_for_hpux_broken_getaddrinfo=1 741 check_for_conflicting_getspnam=1 742 ;; 743 esac 744 745 # lastly, we define options specific to minor releases 746 case "$host" in 747 *-*-hpux10.26) 748 AC_DEFINE([HAVE_SECUREWARE], [1], 749 [Define if you have SecureWare-based 750 protected password database]) 751 disable_ptmx_check=yes 752 LIBS="$LIBS -lsecpw" 753 ;; 754 esac 755 ;; 756*-*-irix5*) 757 PATH="$PATH:/usr/etc" 758 AC_DEFINE([BROKEN_INET_NTOA], [1], 759 [Define if you system's inet_ntoa is busted 760 (e.g. Irix gcc issue)]) 761 AC_DEFINE([SETEUID_BREAKS_SETUID]) 762 AC_DEFINE([BROKEN_SETREUID]) 763 AC_DEFINE([BROKEN_SETREGID]) 764 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 765 [Define if you shouldn't strip 'tty' from your 766 ttyname in [uw]tmp]) 767 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 768 ;; 769*-*-irix6*) 770 PATH="$PATH:/usr/etc" 771 AC_DEFINE([WITH_IRIX_ARRAY], [1], 772 [Define if you have/want arrays 773 (cluster-wide session management, not C arrays)]) 774 AC_DEFINE([WITH_IRIX_PROJECT], [1], 775 [Define if you want IRIX project management]) 776 AC_DEFINE([WITH_IRIX_AUDIT], [1], 777 [Define if you want IRIX audit trails]) 778 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 779 [Define if you want IRIX kernel jobs])]) 780 AC_DEFINE([BROKEN_INET_NTOA]) 781 AC_DEFINE([SETEUID_BREAKS_SETUID]) 782 AC_DEFINE([BROKEN_SETREUID]) 783 AC_DEFINE([BROKEN_SETREGID]) 784 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 785 AC_DEFINE([WITH_ABBREV_NO_TTY]) 786 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 787 ;; 788*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 789 check_for_libcrypt_later=1 790 AC_DEFINE([PAM_TTY_KLUDGE]) 791 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 792 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 793 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 794 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 795 ;; 796*-*-linux*) 797 no_dev_ptmx=1 798 use_pie=auto 799 check_for_libcrypt_later=1 800 check_for_openpty_ctty_bug=1 801 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 802 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 803 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" 804 AC_DEFINE([PAM_TTY_KLUDGE], [1], 805 [Work around problematic Linux PAM modules handling of PAM_TTY]) 806 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 807 [String used in /etc/passwd to denote locked account]) 808 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 809 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 810 [Define to whatever link() returns for "not supported" 811 if it doesn't return EOPNOTSUPP.]) 812 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 813 AC_DEFINE([USE_BTMP]) 814 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 815 inet6_default_4in6=yes 816 case `uname -r` in 817 1.*|2.0.*) 818 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 819 [Define if cmsg_type is not passed correctly]) 820 ;; 821 esac 822 # tun(4) forwarding compat code 823 AC_CHECK_HEADERS([linux/if_tun.h]) 824 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 825 AC_DEFINE([SSH_TUN_LINUX], [1], 826 [Open tunnel devices the Linux tun/tap way]) 827 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 828 [Use tunnel device compatibility to OpenBSD]) 829 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 830 [Prepend the address family to IP tunnel traffic]) 831 fi 832 AC_CHECK_HEADER([linux/if.h], 833 AC_DEFINE([SYS_RDOMAIN_LINUX], [1], 834 [Support routing domains using Linux VRF]), [], [ 835#ifdef HAVE_SYS_TYPES_H 836# include <sys/types.h> 837#endif 838 ]) 839 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 840 [], [#include <linux/types.h>]) 841 # Obtain MIPS ABI 842 case "$host" in 843 mips*) 844 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 845#if _MIPS_SIM != _ABIO32 846#error 847#endif 848 ]])],[mips_abi="o32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 849#if _MIPS_SIM != _ABIN32 850#error 851#endif 852 ]])],[mips_abi="n32"],[AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 853#if _MIPS_SIM != _ABI64 854#error 855#endif 856 ]])],[mips_abi="n64"],[AC_MSG_ERROR([unknown MIPS ABI]) 857 ]) 858 ]) 859 ]) 860 ;; 861 esac 862 AC_MSG_CHECKING([for seccomp architecture]) 863 seccomp_audit_arch= 864 case "$host" in 865 x86_64-*) 866 seccomp_audit_arch=AUDIT_ARCH_X86_64 867 ;; 868 i*86-*) 869 seccomp_audit_arch=AUDIT_ARCH_I386 870 ;; 871 arm*-*) 872 seccomp_audit_arch=AUDIT_ARCH_ARM 873 ;; 874 aarch64*-*) 875 seccomp_audit_arch=AUDIT_ARCH_AARCH64 876 ;; 877 s390x-*) 878 seccomp_audit_arch=AUDIT_ARCH_S390X 879 ;; 880 s390-*) 881 seccomp_audit_arch=AUDIT_ARCH_S390 882 ;; 883 powerpc64-*) 884 seccomp_audit_arch=AUDIT_ARCH_PPC64 885 ;; 886 powerpc64le-*) 887 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 888 ;; 889 mips-*) 890 seccomp_audit_arch=AUDIT_ARCH_MIPS 891 ;; 892 mipsel-*) 893 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 894 ;; 895 mips64-*) 896 case "$mips_abi" in 897 "n32") 898 seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 899 ;; 900 "n64") 901 seccomp_audit_arch=AUDIT_ARCH_MIPS64 902 ;; 903 esac 904 ;; 905 mips64el-*) 906 case "$mips_abi" in 907 "n32") 908 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 909 ;; 910 "n64") 911 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 912 ;; 913 esac 914 ;; 915 esac 916 if test "x$seccomp_audit_arch" != "x" ; then 917 AC_MSG_RESULT(["$seccomp_audit_arch"]) 918 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 919 [Specify the system call convention in use]) 920 else 921 AC_MSG_RESULT([architecture not supported]) 922 fi 923 ;; 924mips-sony-bsd|mips-sony-newsos4) 925 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 926 SONY=1 927 ;; 928*-*-netbsd*) 929 check_for_libcrypt_before=1 930 if test "x$withval" != "xno" ; then 931 rpath_opt="-R" 932 fi 933 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 934 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 935 AC_CHECK_HEADER([net/if_tap.h], , 936 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 937 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 938 [Prepend the address family to IP tunnel traffic]) 939 TEST_MALLOC_OPTIONS="AJRX" 940 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 941 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 942 ;; 943*-*-freebsd*) 944 check_for_libcrypt_later=1 945 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 946 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 947 AC_CHECK_HEADER([net/if_tap.h], , 948 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 949 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 950 TEST_MALLOC_OPTIONS="AJRX" 951 # Preauth crypto occasionally uses file descriptors for crypto offload 952 # and will crash if they cannot be opened. 953 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 954 [define if setrlimit RLIMIT_NOFILE breaks things]) 955 ;; 956*-*-bsdi*) 957 AC_DEFINE([SETEUID_BREAKS_SETUID]) 958 AC_DEFINE([BROKEN_SETREUID]) 959 AC_DEFINE([BROKEN_SETREGID]) 960 ;; 961*-next-*) 962 conf_lastlog_location="/usr/adm/lastlog" 963 conf_utmp_location=/etc/utmp 964 conf_wtmp_location=/usr/adm/wtmp 965 maildir=/usr/spool/mail 966 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 967 AC_DEFINE([USE_PIPES]) 968 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 969 ;; 970*-*-openbsd*) 971 use_pie=auto 972 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 973 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 974 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 975 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 976 [syslog_r function is safe to use in in a signal handler]) 977 TEST_MALLOC_OPTIONS="AFGJPRX" 978 ;; 979*-*-solaris*) 980 if test "x$withval" != "xno" ; then 981 rpath_opt="-R" 982 fi 983 AC_DEFINE([PAM_SUN_CODEBASE]) 984 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 985 AC_DEFINE([PAM_TTY_KLUDGE]) 986 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 987 [Define if pam_chauthtok wants real uid set 988 to the unpriv'ed user]) 989 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 990 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 991 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 992 [Define if sshd somehow reacquires a controlling TTY 993 after setsid()]) 994 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 995 in case the name is longer than 8 chars]) 996 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 997 external_path_file=/etc/default/login 998 # hardwire lastlog location (can't detect it on some versions) 999 conf_lastlog_location="/var/adm/lastlog" 1000 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 1001 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 1002 if test "$sol2ver" -ge 8; then 1003 AC_MSG_RESULT([yes]) 1004 AC_DEFINE([DISABLE_UTMP]) 1005 AC_DEFINE([DISABLE_WTMP], [1], 1006 [Define if you don't want to use wtmp]) 1007 else 1008 AC_MSG_RESULT([no]) 1009 fi 1010 AC_CHECK_FUNCS([setpflags]) 1011 AC_CHECK_FUNCS([setppriv]) 1012 AC_CHECK_FUNCS([priv_basicset]) 1013 AC_CHECK_HEADERS([priv.h]) 1014 AC_ARG_WITH([solaris-contracts], 1015 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 1016 [ 1017 AC_CHECK_LIB([contract], [ct_tmpl_activate], 1018 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 1019 [Define if you have Solaris process contracts]) 1020 LIBS="$LIBS -lcontract" 1021 SPC_MSG="yes" ], ) 1022 ], 1023 ) 1024 AC_ARG_WITH([solaris-projects], 1025 [ --with-solaris-projects Enable Solaris projects (experimental)], 1026 [ 1027 AC_CHECK_LIB([project], [setproject], 1028 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 1029 [Define if you have Solaris projects]) 1030 LIBS="$LIBS -lproject" 1031 SP_MSG="yes" ], ) 1032 ], 1033 ) 1034 AC_ARG_WITH([solaris-privs], 1035 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 1036 [ 1037 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 1038 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 1039 "x$ac_cv_header_priv_h" = "xyes" ; then 1040 SOLARIS_PRIVS=yes 1041 AC_MSG_RESULT([found]) 1042 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 1043 [Define to disable UID restoration test]) 1044 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 1045 [Define if you have Solaris privileges]) 1046 SPP_MSG="yes" 1047 else 1048 AC_MSG_RESULT([not found]) 1049 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 1050 fi 1051 ], 1052 ) 1053 TEST_SHELL=$SHELL # let configure find us a capable shell 1054 ;; 1055*-*-sunos4*) 1056 CPPFLAGS="$CPPFLAGS -DSUNOS4" 1057 AC_CHECK_FUNCS([getpwanam]) 1058 AC_DEFINE([PAM_SUN_CODEBASE]) 1059 conf_utmp_location=/etc/utmp 1060 conf_wtmp_location=/var/adm/wtmp 1061 conf_lastlog_location=/var/adm/lastlog 1062 AC_DEFINE([USE_PIPES]) 1063 AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) 1064 ;; 1065*-ncr-sysv*) 1066 LIBS="$LIBS -lc89" 1067 AC_DEFINE([USE_PIPES]) 1068 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1069 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1070 AC_DEFINE([BROKEN_SETREUID]) 1071 AC_DEFINE([BROKEN_SETREGID]) 1072 ;; 1073*-sni-sysv*) 1074 # /usr/ucblib MUST NOT be searched on ReliantUNIX 1075 AC_CHECK_LIB([dl], [dlsym], ,) 1076 # -lresolv needs to be at the end of LIBS or DNS lookups break 1077 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 1078 IPADDR_IN_DISPLAY=yes 1079 AC_DEFINE([USE_PIPES]) 1080 AC_DEFINE([IP_TOS_IS_BROKEN]) 1081 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1082 AC_DEFINE([BROKEN_SETREUID]) 1083 AC_DEFINE([BROKEN_SETREGID]) 1084 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1085 external_path_file=/etc/default/login 1086 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 1087 # Attention: always take care to bind libsocket and libnsl before libc, 1088 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 1089 ;; 1090# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 1091*-*-sysv4.2*) 1092 AC_DEFINE([USE_PIPES]) 1093 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1094 AC_DEFINE([BROKEN_SETREUID]) 1095 AC_DEFINE([BROKEN_SETREGID]) 1096 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 1097 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1098 TEST_SHELL=$SHELL # let configure find us a capable shell 1099 ;; 1100# UnixWare 7.x, OpenUNIX 8 1101*-*-sysv5*) 1102 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1103 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1104 AC_DEFINE([USE_PIPES]) 1105 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1106 AC_DEFINE([BROKEN_GETADDRINFO]) 1107 AC_DEFINE([BROKEN_SETREUID]) 1108 AC_DEFINE([BROKEN_SETREGID]) 1109 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1110 AC_DEFINE([BROKEN_TCGETATTR_ICANON]) 1111 TEST_SHELL=$SHELL # let configure find us a capable shell 1112 check_for_libcrypt_later=1 1113 case "$host" in 1114 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1115 maildir=/var/spool/mail 1116 AC_DEFINE([BROKEN_UPDWTMPX]) 1117 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1118 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1119 ], , ) 1120 ;; 1121 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1122 ;; 1123 esac 1124 ;; 1125*-*-sysv*) 1126 ;; 1127# SCO UNIX and OEM versions of SCO UNIX 1128*-*-sco3.2v4*) 1129 AC_MSG_ERROR("This Platform is no longer supported.") 1130 ;; 1131# SCO OpenServer 5.x 1132*-*-sco3.2v5*) 1133 if test -z "$GCC"; then 1134 CFLAGS="$CFLAGS -belf" 1135 fi 1136 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1137 no_dev_ptmx=1 1138 AC_DEFINE([USE_PIPES]) 1139 AC_DEFINE([HAVE_SECUREWARE]) 1140 AC_DEFINE([DISABLE_SHADOW]) 1141 AC_DEFINE([DISABLE_FD_PASSING]) 1142 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1143 AC_DEFINE([BROKEN_GETADDRINFO]) 1144 AC_DEFINE([BROKEN_SETREUID]) 1145 AC_DEFINE([BROKEN_SETREGID]) 1146 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1147 AC_DEFINE([BROKEN_UPDWTMPX]) 1148 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1149 AC_CHECK_FUNCS([getluid setluid]) 1150 MANTYPE=man 1151 TEST_SHELL=$SHELL # let configure find us a capable shell 1152 SKIP_DISABLE_LASTLOG_DEFINE=yes 1153 ;; 1154*-dec-osf*) 1155 AC_MSG_CHECKING([for Digital Unix SIA]) 1156 no_osfsia="" 1157 AC_ARG_WITH([osfsia], 1158 [ --with-osfsia Enable Digital Unix SIA], 1159 [ 1160 if test "x$withval" = "xno" ; then 1161 AC_MSG_RESULT([disabled]) 1162 no_osfsia=1 1163 fi 1164 ], 1165 ) 1166 if test -z "$no_osfsia" ; then 1167 if test -f /etc/sia/matrix.conf; then 1168 AC_MSG_RESULT([yes]) 1169 AC_DEFINE([HAVE_OSF_SIA], [1], 1170 [Define if you have Digital Unix Security 1171 Integration Architecture]) 1172 AC_DEFINE([DISABLE_LOGIN], [1], 1173 [Define if you don't want to use your 1174 system's login() call]) 1175 AC_DEFINE([DISABLE_FD_PASSING]) 1176 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1177 SIA_MSG="yes" 1178 else 1179 AC_MSG_RESULT([no]) 1180 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1181 [String used in /etc/passwd to denote locked account]) 1182 fi 1183 fi 1184 AC_DEFINE([BROKEN_GETADDRINFO]) 1185 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1186 AC_DEFINE([BROKEN_SETREUID]) 1187 AC_DEFINE([BROKEN_SETREGID]) 1188 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1189 ;; 1190 1191*-*-nto-qnx*) 1192 AC_DEFINE([USE_PIPES]) 1193 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1194 AC_DEFINE([DISABLE_LASTLOG]) 1195 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1196 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1197 enable_etc_default_login=no # has incompatible /etc/default/login 1198 case "$host" in 1199 *-*-nto-qnx6*) 1200 AC_DEFINE([DISABLE_FD_PASSING]) 1201 ;; 1202 esac 1203 ;; 1204 1205*-*-ultrix*) 1206 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1207 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) 1208 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1209 AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) 1210 # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we 1211 # don't get a controlling tty. 1212 AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) 1213 # On Ultrix some headers are not protected against multiple includes, 1214 # so we create wrappers and put it where the compiler will find it. 1215 AC_MSG_WARN([creating compat wrappers for headers]) 1216 mkdir -p netinet 1217 for header in netinet/ip.h netdb.h resolv.h; do 1218 name=`echo $header | tr 'a-z/.' 'A-Z__'` 1219 cat >$header <<EOD 1220#ifndef _SSH_COMPAT_${name} 1221#define _SSH_COMPAT_${name} 1222#include "/usr/include/${header}" 1223#endif 1224EOD 1225 done 1226 ;; 1227 1228*-*-lynxos) 1229 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1230 AC_DEFINE([BROKEN_SETVBUF], [1], 1231 [LynxOS has broken setvbuf() implementation]) 1232 ;; 1233esac 1234 1235AC_MSG_CHECKING([compiler and flags for sanity]) 1236AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], 1237 [ AC_MSG_RESULT([yes]) ], 1238 [ 1239 AC_MSG_RESULT([no]) 1240 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1241 ], 1242 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1243) 1244 1245dnl Checks for header files. 1246# Checks for libraries. 1247AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1248 1249dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1250AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1251 AC_CHECK_LIB([gen], [dirname], [ 1252 AC_CACHE_CHECK([for broken dirname], 1253 ac_cv_have_broken_dirname, [ 1254 save_LIBS="$LIBS" 1255 LIBS="$LIBS -lgen" 1256 AC_RUN_IFELSE( 1257 [AC_LANG_SOURCE([[ 1258#include <libgen.h> 1259#include <string.h> 1260 1261int main(int argc, char **argv) { 1262 char *s, buf[32]; 1263 1264 strncpy(buf,"/etc", 32); 1265 s = dirname(buf); 1266 if (!s || strncmp(s, "/", 32) != 0) { 1267 exit(1); 1268 } else { 1269 exit(0); 1270 } 1271} 1272 ]])], 1273 [ ac_cv_have_broken_dirname="no" ], 1274 [ ac_cv_have_broken_dirname="yes" ], 1275 [ ac_cv_have_broken_dirname="no" ], 1276 ) 1277 LIBS="$save_LIBS" 1278 ]) 1279 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1280 LIBS="$LIBS -lgen" 1281 AC_DEFINE([HAVE_DIRNAME]) 1282 AC_CHECK_HEADERS([libgen.h]) 1283 fi 1284 ]) 1285]) 1286 1287AC_CHECK_FUNC([getspnam], , 1288 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1289AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1290 [Define if you have the basename function.])]) 1291 1292dnl zlib defaults to enabled 1293zlib=yes 1294AC_ARG_WITH([zlib], 1295 [ --with-zlib=PATH Use zlib in PATH], 1296 [ if test "x$withval" = "xno" ; then 1297 zlib=no 1298 elif test "x$withval" != "xyes"; then 1299 if test -d "$withval/lib"; then 1300 if test -n "${rpath_opt}"; then 1301 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1302 else 1303 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1304 fi 1305 else 1306 if test -n "${rpath_opt}"; then 1307 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 1308 else 1309 LDFLAGS="-L${withval} ${LDFLAGS}" 1310 fi 1311 fi 1312 if test -d "$withval/include"; then 1313 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1314 else 1315 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1316 fi 1317 fi ] 1318) 1319 1320AC_MSG_CHECKING([for zlib]) 1321if test "x${zlib}" = "xno"; then 1322 AC_MSG_RESULT([no]) 1323else 1324 AC_MSG_RESULT([yes]) 1325 AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) 1326 AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1327 AC_CHECK_LIB([z], [deflate], , 1328 [ 1329 saved_CPPFLAGS="$CPPFLAGS" 1330 saved_LDFLAGS="$LDFLAGS" 1331 save_LIBS="$LIBS" 1332 dnl Check default zlib install dir 1333 if test -n "${rpath_opt}"; then 1334 LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}" 1335 else 1336 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1337 fi 1338 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1339 LIBS="$LIBS -lz" 1340 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1341 [ 1342 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1343 ] 1344 ) 1345 ] 1346 ) 1347 1348 AC_ARG_WITH([zlib-version-check], 1349 [ --without-zlib-version-check Disable zlib version check], 1350 [ if test "x$withval" = "xno" ; then 1351 zlib_check_nonfatal=1 1352 fi 1353 ] 1354 ) 1355 1356 AC_MSG_CHECKING([for possibly buggy zlib]) 1357 AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1358#include <stdio.h> 1359#include <stdlib.h> 1360#include <zlib.h> 1361 ]], 1362 [[ 1363 int a=0, b=0, c=0, d=0, n, v; 1364 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1365 if (n != 3 && n != 4) 1366 exit(1); 1367 v = a*1000000 + b*10000 + c*100 + d; 1368 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1369 1370 /* 1.1.4 is OK */ 1371 if (a == 1 && b == 1 && c >= 4) 1372 exit(0); 1373 1374 /* 1.2.3 and up are OK */ 1375 if (v >= 1020300) 1376 exit(0); 1377 1378 exit(2); 1379 ]])], 1380 AC_MSG_RESULT([no]), 1381 [ AC_MSG_RESULT([yes]) 1382 if test -z "$zlib_check_nonfatal" ; then 1383 AC_MSG_ERROR([*** zlib too old - check config.log *** 1384Your reported zlib version has known security problems. It's possible your 1385vendor has fixed these problems without changing the version number. If you 1386are sure this is the case, you can disable the check by running 1387"./configure --without-zlib-version-check". 1388If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1389See http://www.gzip.org/zlib/ for details.]) 1390 else 1391 AC_MSG_WARN([zlib version may have security problems]) 1392 fi 1393 ], 1394 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1395 ) 1396fi 1397 1398dnl UnixWare 2.x 1399AC_CHECK_FUNC([strcasecmp], 1400 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1401) 1402AC_CHECK_FUNCS([utimes], 1403 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1404 LIBS="$LIBS -lc89"]) ] 1405) 1406 1407dnl Checks for libutil functions 1408AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1409AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1410AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1411AC_SEARCH_LIBS([login], [util bsd]) 1412AC_SEARCH_LIBS([logout], [util bsd]) 1413AC_SEARCH_LIBS([logwtmp], [util bsd]) 1414AC_SEARCH_LIBS([openpty], [util bsd]) 1415AC_SEARCH_LIBS([updwtmp], [util bsd]) 1416AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1417 1418# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1419# or libnsl. 1420AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1421AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1422 1423# "Particular Function Checks" 1424# see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html 1425AC_FUNC_STRFTIME 1426AC_FUNC_MALLOC 1427AC_FUNC_REALLOC 1428# autoconf doesn't have AC_FUNC_CALLOC so fake it if malloc returns NULL; 1429AC_MSG_CHECKING([if calloc(0, N) returns non-null]) 1430AC_RUN_IFELSE( 1431 [AC_LANG_PROGRAM( 1432 [[ #include <stdlib.h> ]], 1433 [[ void *p = calloc(0, 1); exit(p == NULL); ]] 1434 )], 1435 [ func_calloc_0_nonnull=yes ], 1436 [ func_calloc_0_nonnull=no ], 1437 [ AC_MSG_WARN([cross compiling: assuming same as malloc]) 1438 func_calloc_0_nonnull="$ac_cv_func_malloc_0_nonnull"] 1439) 1440AC_MSG_RESULT([$func_calloc_0_nonnull]) 1441 1442if test "x$func_calloc_0_nonnull" = "xyes"; then 1443 AC_DEFINE(HAVE_CALLOC, 1, [calloc(0, x) returns non-null]) 1444else 1445 AC_DEFINE(HAVE_CALLOC, 0, [calloc(0, x) returns NULL]) 1446 AC_DEFINE(calloc, rpl_calloc, 1447 [Define to rpl_calloc if the replacement function should be used.]) 1448fi 1449 1450# Check for ALTDIRFUNC glob() extension 1451AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1452AC_EGREP_CPP([FOUNDIT], 1453 [ 1454 #include <glob.h> 1455 #ifdef GLOB_ALTDIRFUNC 1456 FOUNDIT 1457 #endif 1458 ], 1459 [ 1460 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1461 [Define if your system glob() function has 1462 the GLOB_ALTDIRFUNC extension]) 1463 AC_MSG_RESULT([yes]) 1464 ], 1465 [ 1466 AC_MSG_RESULT([no]) 1467 ] 1468) 1469 1470# Check for g.gl_matchc glob() extension 1471AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1472AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1473 [[ glob_t g; g.gl_matchc = 1; ]])], 1474 [ 1475 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1476 [Define if your system glob() function has 1477 gl_matchc options in glob_t]) 1478 AC_MSG_RESULT([yes]) 1479 ], [ 1480 AC_MSG_RESULT([no]) 1481]) 1482 1483# Check for g.gl_statv glob() extension 1484AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1485AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1486#ifndef GLOB_KEEPSTAT 1487#error "glob does not support GLOB_KEEPSTAT extension" 1488#endif 1489glob_t g; 1490g.gl_statv = NULL; 1491]])], 1492 [ 1493 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1494 [Define if your system glob() function has 1495 gl_statv options in glob_t]) 1496 AC_MSG_RESULT([yes]) 1497 ], [ 1498 AC_MSG_RESULT([no]) 1499 1500]) 1501 1502AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1503 1504AC_CHECK_DECL([VIS_ALL], , 1505 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1506 1507AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1508AC_RUN_IFELSE( 1509 [AC_LANG_PROGRAM([[ 1510#include <sys/types.h> 1511#include <dirent.h>]], 1512 [[ 1513 struct dirent d; 1514 exit(sizeof(d.d_name)<=sizeof(char)); 1515 ]])], 1516 [AC_MSG_RESULT([yes])], 1517 [ 1518 AC_MSG_RESULT([no]) 1519 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1520 [Define if your struct dirent expects you to 1521 allocate extra space for d_name]) 1522 ], 1523 [ 1524 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1525 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1526 ] 1527) 1528 1529AC_MSG_CHECKING([for /proc/pid/fd directory]) 1530if test -d "/proc/$$/fd" ; then 1531 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1532 AC_MSG_RESULT([yes]) 1533else 1534 AC_MSG_RESULT([no]) 1535fi 1536 1537# Check whether user wants to use ldns 1538LDNS_MSG="no" 1539AC_ARG_WITH(ldns, 1540 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1541 [ 1542 ldns="" 1543 if test "x$withval" = "xyes" ; then 1544 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1545 if test "x$LDNSCONFIG" = "xno"; then 1546 LIBS="-lldns $LIBS" 1547 ldns=yes 1548 else 1549 LIBS="$LIBS `$LDNSCONFIG --libs`" 1550 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1551 ldns=yes 1552 fi 1553 elif test "x$withval" != "xno" ; then 1554 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1555 LDFLAGS="$LDFLAGS -L${withval}/lib" 1556 LIBS="-lldns $LIBS" 1557 ldns=yes 1558 fi 1559 1560 # Verify that it works. 1561 if test "x$ldns" = "xyes" ; then 1562 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1563 LDNS_MSG="yes" 1564 AC_MSG_CHECKING([for ldns support]) 1565 AC_LINK_IFELSE( 1566 [AC_LANG_SOURCE([[ 1567#include <stdio.h> 1568#include <stdlib.h> 1569#ifdef HAVE_STDINT_H 1570# include <stdint.h> 1571#endif 1572#include <ldns/ldns.h> 1573int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1574 ]]) 1575 ], 1576 [AC_MSG_RESULT(yes)], 1577 [ 1578 AC_MSG_RESULT(no) 1579 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1580 ]) 1581 fi 1582]) 1583 1584# Check whether user wants libedit support 1585LIBEDIT_MSG="no" 1586AC_ARG_WITH([libedit], 1587 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1588 [ if test "x$withval" != "xno" ; then 1589 if test "x$withval" = "xyes" ; then 1590 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1591 if test "x$PKGCONFIG" != "xno"; then 1592 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1593 if "$PKGCONFIG" libedit; then 1594 AC_MSG_RESULT([yes]) 1595 use_pkgconfig_for_libedit=yes 1596 else 1597 AC_MSG_RESULT([no]) 1598 fi 1599 fi 1600 else 1601 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1602 if test -n "${rpath_opt}"; then 1603 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 1604 else 1605 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1606 fi 1607 fi 1608 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1609 LIBEDIT=`$PKGCONFIG --libs libedit` 1610 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1611 else 1612 LIBEDIT="-ledit -lcurses" 1613 fi 1614 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1615 AC_CHECK_LIB([edit], [el_init], 1616 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1617 LIBEDIT_MSG="yes" 1618 AC_SUBST([LIBEDIT]) 1619 ], 1620 [ AC_MSG_ERROR([libedit not found]) ], 1621 [ $OTHERLIBS ] 1622 ) 1623 AC_MSG_CHECKING([if libedit version is compatible]) 1624 AC_COMPILE_IFELSE( 1625 [AC_LANG_PROGRAM([[ #include <histedit.h> ]], 1626 [[ 1627 int i = H_SETSIZE; 1628 el_init("", NULL, NULL, NULL); 1629 exit(0); 1630 ]])], 1631 [ AC_MSG_RESULT([yes]) ], 1632 [ AC_MSG_RESULT([no]) 1633 AC_MSG_ERROR([libedit version is not compatible]) ] 1634 ) 1635 fi ] 1636) 1637 1638AUDIT_MODULE=none 1639AC_ARG_WITH([audit], 1640 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1641 [ 1642 AC_MSG_CHECKING([for supported audit module]) 1643 case "$withval" in 1644 bsm) 1645 AC_MSG_RESULT([bsm]) 1646 AUDIT_MODULE=bsm 1647 dnl Checks for headers, libs and functions 1648 AC_CHECK_HEADERS([bsm/audit.h], [], 1649 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1650 [ 1651#ifdef HAVE_TIME_H 1652# include <time.h> 1653#endif 1654 ] 1655) 1656 AC_CHECK_LIB([bsm], [getaudit], [], 1657 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1658 AC_CHECK_FUNCS([getaudit], [], 1659 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1660 # These are optional 1661 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1662 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1663 if test "$sol2ver" -ge 11; then 1664 SSHDLIBS="$SSHDLIBS -lscf" 1665 AC_DEFINE([BROKEN_BSM_API], [1], 1666 [The system has incomplete BSM API]) 1667 fi 1668 ;; 1669 linux) 1670 AC_MSG_RESULT([linux]) 1671 AUDIT_MODULE=linux 1672 dnl Checks for headers, libs and functions 1673 AC_CHECK_HEADERS([libaudit.h]) 1674 SSHDLIBS="$SSHDLIBS -laudit" 1675 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1676 ;; 1677 debug) 1678 AUDIT_MODULE=debug 1679 AC_MSG_RESULT([debug]) 1680 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1681 ;; 1682 no) 1683 AC_MSG_RESULT([no]) 1684 ;; 1685 *) 1686 AC_MSG_ERROR([Unknown audit module $withval]) 1687 ;; 1688 esac ] 1689) 1690 1691AC_ARG_WITH([pie], 1692 [ --with-pie Build Position Independent Executables if possible], [ 1693 if test "x$withval" = "xno"; then 1694 use_pie=no 1695 fi 1696 if test "x$withval" = "xyes"; then 1697 use_pie=yes 1698 fi 1699 ] 1700) 1701if test "x$use_pie" = "x"; then 1702 use_pie=no 1703fi 1704if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1705 # Turn off automatic PIE when toolchain hardening is off. 1706 use_pie=no 1707fi 1708if test "x$use_pie" = "xauto"; then 1709 # Automatic PIE requires gcc >= 4.x 1710 AC_MSG_CHECKING([for gcc >= 4.x]) 1711 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1712#if !defined(__GNUC__) || __GNUC__ < 4 1713#error gcc is too old 1714#endif 1715]])], 1716 [ AC_MSG_RESULT([yes]) ], 1717 [ AC_MSG_RESULT([no]) 1718 use_pie=no ] 1719) 1720fi 1721if test "x$use_pie" != "xno"; then 1722 SAVED_CFLAGS="$CFLAGS" 1723 SAVED_LDFLAGS="$LDFLAGS" 1724 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1725 OSSH_CHECK_LDFLAG_LINK([-pie]) 1726 # We use both -fPIE and -pie or neither. 1727 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1728 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1729 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1730 AC_MSG_RESULT([yes]) 1731 else 1732 AC_MSG_RESULT([no]) 1733 CFLAGS="$SAVED_CFLAGS" 1734 LDFLAGS="$SAVED_LDFLAGS" 1735 fi 1736fi 1737 1738AC_MSG_CHECKING([whether -fPIC is accepted]) 1739SAVED_CFLAGS="$CFLAGS" 1740CFLAGS="$CFLAGS -fPIC" 1741AC_COMPILE_IFELSE( 1742 [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], 1743 [AC_MSG_RESULT([yes]) 1744 PICFLAG="-fPIC"; ], 1745 [AC_MSG_RESULT([no]) 1746 PICFLAG=""; ]) 1747CFLAGS="$SAVED_CFLAGS" 1748AC_SUBST([PICFLAG]) 1749 1750dnl Checks for library functions. Please keep in alphabetical order 1751AC_CHECK_FUNCS([ \ 1752 Blowfish_initstate \ 1753 Blowfish_expandstate \ 1754 Blowfish_expand0state \ 1755 Blowfish_stream2word \ 1756 SHA256Update \ 1757 SHA384Update \ 1758 SHA512Update \ 1759 asprintf \ 1760 b64_ntop \ 1761 __b64_ntop \ 1762 b64_pton \ 1763 __b64_pton \ 1764 bcopy \ 1765 bcrypt_pbkdf \ 1766 bindresvport_sa \ 1767 blf_enc \ 1768 bzero \ 1769 cap_rights_limit \ 1770 clock \ 1771 closefrom \ 1772 dirfd \ 1773 endgrent \ 1774 err \ 1775 errx \ 1776 explicit_bzero \ 1777 fchmod \ 1778 fchmodat \ 1779 fchown \ 1780 fchownat \ 1781 flock \ 1782 fnmatch \ 1783 freeaddrinfo \ 1784 freezero \ 1785 fstatfs \ 1786 fstatvfs \ 1787 futimes \ 1788 getaddrinfo \ 1789 getcwd \ 1790 getgrouplist \ 1791 getline \ 1792 getnameinfo \ 1793 getopt \ 1794 getpagesize \ 1795 getpeereid \ 1796 getpeerucred \ 1797 getpgid \ 1798 _getpty \ 1799 getrlimit \ 1800 getrandom \ 1801 getsid \ 1802 getttyent \ 1803 glob \ 1804 group_from_gid \ 1805 inet_aton \ 1806 inet_ntoa \ 1807 inet_ntop \ 1808 innetgr \ 1809 llabs \ 1810 localtime_r \ 1811 login_getcapbool \ 1812 md5_crypt \ 1813 memmem \ 1814 memmove \ 1815 memset_s \ 1816 mkdtemp \ 1817 ngetaddrinfo \ 1818 nsleep \ 1819 ogetaddrinfo \ 1820 openlog_r \ 1821 pledge \ 1822 poll \ 1823 prctl \ 1824 pstat \ 1825 raise \ 1826 readpassphrase \ 1827 reallocarray \ 1828 realpath \ 1829 recvmsg \ 1830 recallocarray \ 1831 rresvport_af \ 1832 sendmsg \ 1833 setdtablesize \ 1834 setegid \ 1835 setenv \ 1836 seteuid \ 1837 setgroupent \ 1838 setgroups \ 1839 setlinebuf \ 1840 setlogin \ 1841 setpassent\ 1842 setpcred \ 1843 setproctitle \ 1844 setregid \ 1845 setreuid \ 1846 setrlimit \ 1847 setsid \ 1848 setvbuf \ 1849 sigaction \ 1850 sigvec \ 1851 snprintf \ 1852 socketpair \ 1853 statfs \ 1854 statvfs \ 1855 strcasestr \ 1856 strdup \ 1857 strerror \ 1858 strlcat \ 1859 strlcpy \ 1860 strmode \ 1861 strndup \ 1862 strnlen \ 1863 strnvis \ 1864 strptime \ 1865 strsignal \ 1866 strtonum \ 1867 strtoll \ 1868 strtoul \ 1869 strtoull \ 1870 swap32 \ 1871 sysconf \ 1872 tcgetpgrp \ 1873 timingsafe_bcmp \ 1874 truncate \ 1875 unsetenv \ 1876 updwtmpx \ 1877 utimensat \ 1878 user_from_uid \ 1879 usleep \ 1880 vasprintf \ 1881 vsnprintf \ 1882 waitpid \ 1883 warn \ 1884]) 1885 1886AC_CHECK_DECLS([bzero, memmem]) 1887 1888dnl Wide character support. 1889AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1890 1891TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 1892AC_MSG_CHECKING([for utf8 locale support]) 1893AC_RUN_IFELSE( 1894 [AC_LANG_PROGRAM([[ 1895#include <locale.h> 1896#include <stdlib.h> 1897 ]], [[ 1898 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 1899 if (loc != NULL) 1900 exit(0); 1901 exit(1); 1902 ]])], 1903 AC_MSG_RESULT(yes), 1904 [AC_MSG_RESULT(no) 1905 TEST_SSH_UTF8=no], 1906 AC_MSG_WARN([cross compiling: assuming yes]) 1907) 1908 1909AC_LINK_IFELSE( 1910 [AC_LANG_PROGRAM( 1911 [[ #include <ctype.h> ]], 1912 [[ return (isblank('a')); ]])], 1913 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1914]) 1915 1916disable_pkcs11= 1917AC_ARG_ENABLE([pkcs11], 1918 [ --disable-pkcs11 disable PKCS#11 support code [no]], 1919 [ 1920 if test "x$enableval" = "xno" ; then 1921 disable_pkcs11=1 1922 fi 1923 ] 1924) 1925 1926disable_sk= 1927AC_ARG_ENABLE([security-key], 1928 [ --disable-security-key disable U2F/FIDO support code [no]], 1929 [ 1930 if test "x$enableval" = "xno" ; then 1931 disable_sk=1 1932 fi 1933 ] 1934) 1935enable_sk_internal= 1936AC_ARG_WITH([security-key-builtin], 1937 [ --with-security-key-builtin include builtin U2F/FIDO support], 1938 [ 1939 if test "x$withval" != "xno" ; then 1940 enable_sk_internal=yes 1941 fi 1942 ] 1943) 1944test "x$disable_sk" != "x" && enable_sk_internal="" 1945 1946AC_SEARCH_LIBS([dlopen], [dl]) 1947AC_CHECK_FUNCS([dlopen]) 1948AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) 1949 1950# IRIX has a const char return value for gai_strerror() 1951AC_CHECK_FUNCS([gai_strerror], [ 1952 AC_DEFINE([HAVE_GAI_STRERROR]) 1953 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1954#include <sys/types.h> 1955#include <sys/socket.h> 1956#include <netdb.h> 1957 1958const char *gai_strerror(int); 1959 ]], [[ 1960 char *str; 1961 str = gai_strerror(0); 1962 ]])], [ 1963 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1964 [Define if gai_strerror() returns const char *])], [])]) 1965 1966AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1967 [Some systems put nanosleep outside of libc])]) 1968 1969AC_SEARCH_LIBS([clock_gettime], [rt], 1970 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1971 1972dnl check if we need -D_REENTRANT for localtime_r declaration. 1973AC_CHECK_DECL([localtime_r], [], 1974 [ saved_CPPFLAGS="$CFLAGS" 1975 CPPFLAGS="$CPPFLAGS -D_REENTRANT" 1976 unset ac_cv_have_decl_localtime_r 1977 AC_CHECK_DECL([localtime_r], [], 1978 [ CPPFLAGS="$saved_CPPFLAGS" ], 1979 [ #include <time.h> ] 1980 ) 1981 ], 1982 [ #include <time.h> ] 1983) 1984 1985dnl Make sure prototypes are defined for these before using them. 1986AC_CHECK_DECL([strsep], 1987 [AC_CHECK_FUNCS([strsep])], 1988 [], 1989 [ 1990#ifdef HAVE_STRING_H 1991# include <string.h> 1992#endif 1993 ]) 1994 1995dnl tcsendbreak might be a macro 1996AC_CHECK_DECL([tcsendbreak], 1997 [AC_DEFINE([HAVE_TCSENDBREAK])], 1998 [AC_CHECK_FUNCS([tcsendbreak])], 1999 [#include <termios.h>] 2000) 2001 2002AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 2003 2004AC_CHECK_DECLS([SHUT_RD, getpeereid], , , 2005 [ 2006#include <sys/types.h> 2007#include <sys/socket.h> 2008#include <unistd.h> 2009 ]) 2010 2011AC_CHECK_DECLS([O_NONBLOCK], , , 2012 [ 2013#include <sys/types.h> 2014#ifdef HAVE_SYS_STAT_H 2015# include <sys/stat.h> 2016#endif 2017#ifdef HAVE_FCNTL_H 2018# include <fcntl.h> 2019#endif 2020 ]) 2021 2022AC_CHECK_DECLS([readv, writev], , , [ 2023#include <sys/types.h> 2024#include <sys/uio.h> 2025#include <unistd.h> 2026 ]) 2027 2028AC_CHECK_DECLS([MAXSYMLINKS], , , [ 2029#include <sys/param.h> 2030 ]) 2031 2032AC_CHECK_DECLS([offsetof], , , [ 2033#include <stddef.h> 2034 ]) 2035 2036# extra bits for select(2) 2037AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 2038#include <sys/param.h> 2039#include <sys/types.h> 2040#ifdef HAVE_SYS_SYSMACROS_H 2041#include <sys/sysmacros.h> 2042#endif 2043#ifdef HAVE_SYS_SELECT_H 2044#include <sys/select.h> 2045#endif 2046#ifdef HAVE_SYS_TIME_H 2047#include <sys/time.h> 2048#endif 2049#ifdef HAVE_UNISTD_H 2050#include <unistd.h> 2051#endif 2052 ]]) 2053AC_CHECK_TYPES([fd_mask], [], [], [[ 2054#include <sys/param.h> 2055#include <sys/types.h> 2056#ifdef HAVE_SYS_SELECT_H 2057#include <sys/select.h> 2058#endif 2059#ifdef HAVE_SYS_TIME_H 2060#include <sys/time.h> 2061#endif 2062#ifdef HAVE_UNISTD_H 2063#include <unistd.h> 2064#endif 2065 ]]) 2066 2067AC_CHECK_FUNCS([setresuid], [ 2068 dnl Some platorms have setresuid that isn't implemented, test for this 2069 AC_MSG_CHECKING([if setresuid seems to work]) 2070 AC_RUN_IFELSE( 2071 [AC_LANG_PROGRAM([[ 2072#include <stdlib.h> 2073#include <errno.h> 2074 ]], [[ 2075 errno=0; 2076 setresuid(0,0,0); 2077 if (errno==ENOSYS) 2078 exit(1); 2079 else 2080 exit(0); 2081 ]])], 2082 [AC_MSG_RESULT([yes])], 2083 [AC_DEFINE([BROKEN_SETRESUID], [1], 2084 [Define if your setresuid() is broken]) 2085 AC_MSG_RESULT([not implemented])], 2086 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2087 ) 2088]) 2089 2090AC_CHECK_FUNCS([setresgid], [ 2091 dnl Some platorms have setresgid that isn't implemented, test for this 2092 AC_MSG_CHECKING([if setresgid seems to work]) 2093 AC_RUN_IFELSE( 2094 [AC_LANG_PROGRAM([[ 2095#include <stdlib.h> 2096#include <errno.h> 2097 ]], [[ 2098 errno=0; 2099 setresgid(0,0,0); 2100 if (errno==ENOSYS) 2101 exit(1); 2102 else 2103 exit(0); 2104 ]])], 2105 [AC_MSG_RESULT([yes])], 2106 [AC_DEFINE([BROKEN_SETRESGID], [1], 2107 [Define if your setresgid() is broken]) 2108 AC_MSG_RESULT([not implemented])], 2109 [AC_MSG_WARN([cross compiling: not checking setresuid])] 2110 ) 2111]) 2112 2113AC_MSG_CHECKING([for working fflush(NULL)]) 2114AC_RUN_IFELSE( 2115 [AC_LANG_PROGRAM([[#include <stdio.h>]], [[fflush(NULL); exit(0);]])], 2116 AC_MSG_RESULT([yes]), 2117 [AC_MSG_RESULT([no]) 2118 AC_DEFINE([FFLUSH_NULL_BUG], [1], 2119 [define if fflush(NULL) does not work])], 2120 AC_MSG_WARN([cross compiling: assuming working]) 2121) 2122 2123dnl Checks for time functions 2124AC_CHECK_FUNCS([gettimeofday time]) 2125dnl Checks for utmp functions 2126AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2127AC_CHECK_FUNCS([utmpname]) 2128dnl Checks for utmpx functions 2129AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2130AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2131dnl Checks for lastlog functions 2132AC_CHECK_FUNCS([getlastlogxbyname]) 2133 2134AC_CHECK_FUNC([daemon], 2135 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2136 [AC_CHECK_LIB([bsd], [daemon], 2137 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2138) 2139 2140AC_CHECK_FUNC([getpagesize], 2141 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2142 [Define if your libraries define getpagesize()])], 2143 [AC_CHECK_LIB([ucb], [getpagesize], 2144 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2145) 2146 2147# Check for broken snprintf 2148if test "x$ac_cv_func_snprintf" = "xyes" ; then 2149 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2150 AC_RUN_IFELSE( 2151 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 2152 [[ 2153 char b[5]; 2154 snprintf(b,5,"123456789"); 2155 exit(b[4]!='\0'); 2156 ]])], 2157 [AC_MSG_RESULT([yes])], 2158 [ 2159 AC_MSG_RESULT([no]) 2160 AC_DEFINE([BROKEN_SNPRINTF], [1], 2161 [Define if your snprintf is busted]) 2162 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2163 ], 2164 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2165 ) 2166fi 2167 2168if test "x$ac_cv_func_snprintf" = "xyes" ; then 2169 AC_MSG_CHECKING([whether snprintf understands %zu]) 2170 AC_RUN_IFELSE( 2171 [AC_LANG_PROGRAM([[ 2172#include <sys/types.h> 2173#include <stdio.h> 2174 ]], 2175 [[ 2176 size_t a = 1, b = 2; 2177 char z[128]; 2178 snprintf(z, sizeof z, "%zu%zu", a, b); 2179 exit(strcmp(z, "12")); 2180 ]])], 2181 [AC_MSG_RESULT([yes])], 2182 [ 2183 AC_MSG_RESULT([no]) 2184 AC_DEFINE([BROKEN_SNPRINTF], [1], 2185 [snprintf does not understand %zu]) 2186 ], 2187 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2188 ) 2189fi 2190 2191# We depend on vsnprintf returning the right thing on overflow: the 2192# number of characters it tried to create (as per SUSv3) 2193if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2194 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2195 AC_RUN_IFELSE( 2196 [AC_LANG_PROGRAM([[ 2197#include <sys/types.h> 2198#include <stdio.h> 2199#include <stdarg.h> 2200 2201int x_snprintf(char *str, size_t count, const char *fmt, ...) 2202{ 2203 size_t ret; 2204 va_list ap; 2205 2206 va_start(ap, fmt); 2207 ret = vsnprintf(str, count, fmt, ap); 2208 va_end(ap); 2209 return ret; 2210} 2211 ]], [[ 2212char x[1]; 2213if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2214 return 1; 2215if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2216 return 1; 2217return 0; 2218 ]])], 2219 [AC_MSG_RESULT([yes])], 2220 [ 2221 AC_MSG_RESULT([no]) 2222 AC_DEFINE([BROKEN_SNPRINTF], [1], 2223 [Define if your snprintf is busted]) 2224 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2225 ], 2226 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2227 ) 2228fi 2229 2230# On systems where [v]snprintf is broken, but is declared in stdio, 2231# check that the fmt argument is const char * or just char *. 2232# This is only useful for when BROKEN_SNPRINTF 2233AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2234AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2235#include <stdio.h> 2236int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2237 ]], [[ 2238 snprintf(0, 0, 0); 2239 ]])], 2240 [AC_MSG_RESULT([yes]) 2241 AC_DEFINE([SNPRINTF_CONST], [const], 2242 [Define as const if snprintf() can declare const char *fmt])], 2243 [AC_MSG_RESULT([no]) 2244 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2245 2246# Check for missing getpeereid (or equiv) support 2247NO_PEERCHECK="" 2248if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2249 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2250 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2251#include <sys/types.h> 2252#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2253 [ AC_MSG_RESULT([yes]) 2254 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2255 ], [AC_MSG_RESULT([no]) 2256 NO_PEERCHECK=1 2257 ]) 2258fi 2259 2260dnl see whether mkstemp() requires XXXXXX 2261if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 2262AC_MSG_CHECKING([for (overly) strict mkstemp]) 2263AC_RUN_IFELSE( 2264 [AC_LANG_PROGRAM([[ 2265#include <stdlib.h> 2266 ]], [[ 2267 char template[]="conftest.mkstemp-test"; 2268 if (mkstemp(template) == -1) 2269 exit(1); 2270 unlink(template); 2271 exit(0); 2272 ]])], 2273 [ 2274 AC_MSG_RESULT([no]) 2275 ], 2276 [ 2277 AC_MSG_RESULT([yes]) 2278 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) 2279 ], 2280 [ 2281 AC_MSG_RESULT([yes]) 2282 AC_DEFINE([HAVE_STRICT_MKSTEMP]) 2283 ] 2284) 2285fi 2286 2287dnl make sure that openpty does not reacquire controlling terminal 2288if test ! -z "$check_for_openpty_ctty_bug"; then 2289 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2290 AC_RUN_IFELSE( 2291 [AC_LANG_PROGRAM([[ 2292#include <stdio.h> 2293#include <sys/fcntl.h> 2294#include <sys/types.h> 2295#include <sys/wait.h> 2296 ]], [[ 2297 pid_t pid; 2298 int fd, ptyfd, ttyfd, status; 2299 2300 pid = fork(); 2301 if (pid < 0) { /* failed */ 2302 exit(1); 2303 } else if (pid > 0) { /* parent */ 2304 waitpid(pid, &status, 0); 2305 if (WIFEXITED(status)) 2306 exit(WEXITSTATUS(status)); 2307 else 2308 exit(2); 2309 } else { /* child */ 2310 close(0); close(1); close(2); 2311 setsid(); 2312 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2313 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2314 if (fd >= 0) 2315 exit(3); /* Acquired ctty: broken */ 2316 else 2317 exit(0); /* Did not acquire ctty: OK */ 2318 } 2319 ]])], 2320 [ 2321 AC_MSG_RESULT([yes]) 2322 ], 2323 [ 2324 AC_MSG_RESULT([no]) 2325 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2326 ], 2327 [ 2328 AC_MSG_RESULT([cross-compiling, assuming yes]) 2329 ] 2330 ) 2331fi 2332 2333if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2334 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2335 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2336 AC_RUN_IFELSE( 2337 [AC_LANG_PROGRAM([[ 2338#include <stdio.h> 2339#include <sys/socket.h> 2340#include <netdb.h> 2341#include <errno.h> 2342#include <netinet/in.h> 2343 2344#define TEST_PORT "2222" 2345 ]], [[ 2346 int err, sock; 2347 struct addrinfo *gai_ai, *ai, hints; 2348 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2349 2350 memset(&hints, 0, sizeof(hints)); 2351 hints.ai_family = PF_UNSPEC; 2352 hints.ai_socktype = SOCK_STREAM; 2353 hints.ai_flags = AI_PASSIVE; 2354 2355 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2356 if (err != 0) { 2357 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2358 exit(1); 2359 } 2360 2361 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2362 if (ai->ai_family != AF_INET6) 2363 continue; 2364 2365 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2366 sizeof(ntop), strport, sizeof(strport), 2367 NI_NUMERICHOST|NI_NUMERICSERV); 2368 2369 if (err != 0) { 2370 if (err == EAI_SYSTEM) 2371 perror("getnameinfo EAI_SYSTEM"); 2372 else 2373 fprintf(stderr, "getnameinfo failed: %s\n", 2374 gai_strerror(err)); 2375 exit(2); 2376 } 2377 2378 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2379 if (sock < 0) 2380 perror("socket"); 2381 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2382 if (errno == EBADF) 2383 exit(3); 2384 } 2385 } 2386 exit(0); 2387 ]])], 2388 [ 2389 AC_MSG_RESULT([yes]) 2390 ], 2391 [ 2392 AC_MSG_RESULT([no]) 2393 AC_DEFINE([BROKEN_GETADDRINFO]) 2394 ], 2395 [ 2396 AC_MSG_RESULT([cross-compiling, assuming yes]) 2397 ] 2398 ) 2399fi 2400 2401if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2402 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2403 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2404 AC_RUN_IFELSE( 2405 [AC_LANG_PROGRAM([[ 2406#include <stdio.h> 2407#include <sys/socket.h> 2408#include <netdb.h> 2409#include <errno.h> 2410#include <netinet/in.h> 2411 2412#define TEST_PORT "2222" 2413 ]], [[ 2414 int err, sock; 2415 struct addrinfo *gai_ai, *ai, hints; 2416 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2417 2418 memset(&hints, 0, sizeof(hints)); 2419 hints.ai_family = PF_UNSPEC; 2420 hints.ai_socktype = SOCK_STREAM; 2421 hints.ai_flags = AI_PASSIVE; 2422 2423 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2424 if (err != 0) { 2425 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2426 exit(1); 2427 } 2428 2429 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2430 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2431 continue; 2432 2433 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2434 sizeof(ntop), strport, sizeof(strport), 2435 NI_NUMERICHOST|NI_NUMERICSERV); 2436 2437 if (ai->ai_family == AF_INET && err != 0) { 2438 perror("getnameinfo"); 2439 exit(2); 2440 } 2441 } 2442 exit(0); 2443 ]])], 2444 [ 2445 AC_MSG_RESULT([yes]) 2446 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2447 [Define if you have a getaddrinfo that fails 2448 for the all-zeros IPv6 address]) 2449 ], 2450 [ 2451 AC_MSG_RESULT([no]) 2452 AC_DEFINE([BROKEN_GETADDRINFO]) 2453 ], 2454 [ 2455 AC_MSG_RESULT([cross-compiling, assuming no]) 2456 ] 2457 ) 2458fi 2459 2460if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2461 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2462 [#include <sys/types.h> 2463 #include <sys/socket.h> 2464 #include <netdb.h>]) 2465fi 2466 2467if test "x$check_for_conflicting_getspnam" = "x1"; then 2468 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2469 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]], 2470 [[ exit(0); ]])], 2471 [ 2472 AC_MSG_RESULT([no]) 2473 ], 2474 [ 2475 AC_MSG_RESULT([yes]) 2476 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2477 [Conflicting defs for getspnam]) 2478 ] 2479 ) 2480fi 2481 2482dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2483dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2484dnl for over ten years). Despite this incompatibility being reported during 2485dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2486dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2487dnl implementation. Try to detect this mess, and assume the only safe option 2488dnl if we're cross compiling. 2489dnl 2490dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2491dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2492if test "x$ac_cv_func_strnvis" = "xyes"; then 2493 AC_MSG_CHECKING([for working strnvis]) 2494 AC_RUN_IFELSE( 2495 [AC_LANG_PROGRAM([[ 2496#include <signal.h> 2497#include <stdlib.h> 2498#include <string.h> 2499#include <vis.h> 2500static void sighandler(int sig) { _exit(1); } 2501 ]], [[ 2502 char dst[16]; 2503 2504 signal(SIGSEGV, sighandler); 2505 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2506 exit(0); 2507 exit(1) 2508 ]])], 2509 [AC_MSG_RESULT([yes])], 2510 [AC_MSG_RESULT([no]) 2511 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2512 [AC_MSG_WARN([cross compiling: assuming broken]) 2513 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2514 ) 2515fi 2516 2517AC_MSG_CHECKING([if SA_RESTARTed signals interrupt select()]) 2518AC_RUN_IFELSE( 2519 [AC_LANG_PROGRAM([[ 2520#ifdef HAVE_SYS_SELECT 2521# include <sys/select.h> 2522#endif 2523#include <sys/types.h> 2524#include <sys/time.h> 2525#include <stdlib.h> 2526#include <signal.h> 2527static void sighandler(int sig) { } 2528 ]], [[ 2529 int r; 2530 pid_t pid; 2531 struct sigaction sa; 2532 2533 sa.sa_handler = sighandler; 2534 sa.sa_flags = SA_RESTART; 2535 (void)sigaction(SIGTERM, &sa, NULL); 2536 if ((pid = fork()) == 0) { /* child */ 2537 pid = getppid(); 2538 sleep(1); 2539 kill(pid, SIGTERM); 2540 sleep(1); 2541 if (getppid() == pid) /* if parent did not exit, shoot it */ 2542 kill(pid, SIGKILL); 2543 exit(0); 2544 } else { /* parent */ 2545 r = select(0, NULL, NULL, NULL, NULL); 2546 } 2547 exit(r == -1 ? 0 : 1); 2548 ]])], 2549 [AC_MSG_RESULT([yes])], 2550 [AC_MSG_RESULT([no]) 2551 AC_DEFINE([NO_SA_RESTART], [1], 2552 [SA_RESTARTed signals do no interrupt select])], 2553 [AC_MSG_WARN([cross compiling: assuming yes])] 2554) 2555 2556AC_CHECK_FUNCS([getpgrp],[ 2557 AC_MSG_CHECKING([if getpgrp accepts zero args]) 2558 AC_COMPILE_IFELSE( 2559 [AC_LANG_PROGRAM([[$ac_includes_default]], [[ getpgrp(); ]])], 2560 [ AC_MSG_RESULT([yes]) 2561 AC_DEFINE([GETPGRP_VOID], [1], [getpgrp takes zero args])], 2562 [ AC_MSG_RESULT([no]) 2563 AC_DEFINE([GETPGRP_VOID], [0], [getpgrp takes one arg])] 2564 ) 2565]) 2566 2567# Search for OpenSSL 2568saved_CPPFLAGS="$CPPFLAGS" 2569saved_LDFLAGS="$LDFLAGS" 2570AC_ARG_WITH([ssl-dir], 2571 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2572 [ 2573 if test "x$openssl" = "xno" ; then 2574 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2575 fi 2576 if test "x$withval" != "xno" ; then 2577 case "$withval" in 2578 # Relative paths 2579 ./*|../*) withval="`pwd`/$withval" 2580 esac 2581 if test -d "$withval/lib"; then 2582 if test -n "${rpath_opt}"; then 2583 LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" 2584 else 2585 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2586 fi 2587 elif test -d "$withval/lib64"; then 2588 if test -n "${rpath_opt}"; then 2589 LDFLAGS="-L${withval}/lib64 ${rpath_opt}${withval}/lib64 ${LDFLAGS}" 2590 else 2591 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2592 fi 2593 else 2594 if test -n "${rpath_opt}"; then 2595 LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}" 2596 else 2597 LDFLAGS="-L${withval} ${LDFLAGS}" 2598 fi 2599 fi 2600 if test -d "$withval/include"; then 2601 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2602 else 2603 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2604 fi 2605 fi 2606 ] 2607) 2608 2609AC_ARG_WITH([openssl-header-check], 2610 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2611 [ 2612 if test "x$withval" = "xno" ; then 2613 openssl_check_nonfatal=1 2614 fi 2615 ] 2616) 2617 2618openssl_engine=no 2619AC_ARG_WITH([ssl-engine], 2620 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2621 [ 2622 if test "x$withval" != "xno" ; then 2623 if test "x$openssl" = "xno" ; then 2624 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2625 fi 2626 openssl_engine=yes 2627 fi 2628 ] 2629) 2630 2631if test "x$openssl" = "xyes" ; then 2632 LIBS="-lcrypto $LIBS" 2633 AC_TRY_LINK_FUNC([RAND_add], , 2634 [AC_MSG_ERROR([*** working libcrypto not found, check config.log])]) 2635 AC_CHECK_HEADER([openssl/opensslv.h], , 2636 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2637 2638 # Determine OpenSSL header version 2639 AC_MSG_CHECKING([OpenSSL header version]) 2640 AC_RUN_IFELSE( 2641 [AC_LANG_PROGRAM([[ 2642 #include <stdlib.h> 2643 #include <stdio.h> 2644 #include <string.h> 2645 #include <openssl/opensslv.h> 2646 #define DATA "conftest.sslincver" 2647 ]], [[ 2648 FILE *fd; 2649 int rc; 2650 2651 fd = fopen(DATA,"w"); 2652 if(fd == NULL) 2653 exit(1); 2654 2655 if ((rc = fprintf(fd, "%08lx (%s)\n", 2656 (unsigned long)OPENSSL_VERSION_NUMBER, 2657 OPENSSL_VERSION_TEXT)) < 0) 2658 exit(1); 2659 2660 exit(0); 2661 ]])], 2662 [ 2663 ssl_header_ver=`cat conftest.sslincver` 2664 AC_MSG_RESULT([$ssl_header_ver]) 2665 ], 2666 [ 2667 AC_MSG_RESULT([not found]) 2668 AC_MSG_ERROR([OpenSSL version header not found.]) 2669 ], 2670 [ 2671 AC_MSG_WARN([cross compiling: not checking]) 2672 ] 2673 ) 2674 2675 # Determining OpenSSL library version is version dependent. 2676 AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num]) 2677 2678 # Determine OpenSSL library version 2679 AC_MSG_CHECKING([OpenSSL library version]) 2680 AC_RUN_IFELSE( 2681 [AC_LANG_PROGRAM([[ 2682 #include <stdio.h> 2683 #include <string.h> 2684 #include <openssl/opensslv.h> 2685 #include <openssl/crypto.h> 2686 #define DATA "conftest.ssllibver" 2687 ]], [[ 2688 FILE *fd; 2689 int rc; 2690 2691 fd = fopen(DATA,"w"); 2692 if(fd == NULL) 2693 exit(1); 2694#ifndef OPENSSL_VERSION 2695# define OPENSSL_VERSION SSLEAY_VERSION 2696#endif 2697#ifndef HAVE_OPENSSL_VERSION 2698# define OpenSSL_version SSLeay_version 2699#endif 2700#ifndef HAVE_OPENSSL_VERSION_NUM 2701# define OpenSSL_version_num SSLeay 2702#endif 2703 if ((rc = fprintf(fd, "%08lx (%s)\n", 2704 (unsigned long)OpenSSL_version_num(), 2705 OpenSSL_version(OPENSSL_VERSION))) < 0) 2706 exit(1); 2707 2708 exit(0); 2709 ]])], 2710 [ 2711 ssl_library_ver=`cat conftest.ssllibver` 2712 # Check version is supported. 2713 case "$ssl_library_ver" in 2714 10000*|0*) 2715 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2716 ;; 2717 100*) ;; # 1.0.x 2718 101000[[0123456]]*) 2719 # https://github.com/openssl/openssl/pull/4613 2720 AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) 2721 ;; 2722 101*) ;; # 1.1.x 2723 200*) ;; # LibreSSL 2724 300*) ;; # OpenSSL development branch. 2725 *) 2726 AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) 2727 ;; 2728 esac 2729 AC_MSG_RESULT([$ssl_library_ver]) 2730 ], 2731 [ 2732 AC_MSG_RESULT([not found]) 2733 AC_MSG_ERROR([OpenSSL library not found.]) 2734 ], 2735 [ 2736 AC_MSG_WARN([cross compiling: not checking]) 2737 ] 2738 ) 2739 2740 # Sanity check OpenSSL headers 2741 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2742 AC_RUN_IFELSE( 2743 [AC_LANG_PROGRAM([[ 2744 #include <string.h> 2745 #include <openssl/opensslv.h> 2746 #include <openssl/crypto.h> 2747 ]], [[ 2748#ifndef HAVE_OPENSSL_VERSION_NUM 2749# define OpenSSL_version_num SSLeay 2750#endif 2751 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2752 ]])], 2753 [ 2754 AC_MSG_RESULT([yes]) 2755 ], 2756 [ 2757 AC_MSG_RESULT([no]) 2758 if test "x$openssl_check_nonfatal" = "x"; then 2759 AC_MSG_ERROR([Your OpenSSL headers do not match your 2760 library. Check config.log for details. 2761 If you are sure your installation is consistent, you can disable the check 2762 by running "./configure --without-openssl-header-check". 2763 Also see contrib/findssl.sh for help identifying header/library mismatches. 2764 ]) 2765 else 2766 AC_MSG_WARN([Your OpenSSL headers do not match your 2767 library. Check config.log for details. 2768 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2769 fi 2770 ], 2771 [ 2772 AC_MSG_WARN([cross compiling: not checking]) 2773 ] 2774 ) 2775 2776 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2777 AC_LINK_IFELSE( 2778 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2779 [[ ERR_load_crypto_strings(); ]])], 2780 [ 2781 AC_MSG_RESULT([yes]) 2782 ], 2783 [ 2784 AC_MSG_RESULT([no]) 2785 saved_LIBS="$LIBS" 2786 LIBS="$LIBS -ldl" 2787 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2788 AC_LINK_IFELSE( 2789 [AC_LANG_PROGRAM([[ #include <openssl/err.h> ]], 2790 [[ ERR_load_crypto_strings(); ]])], 2791 [ 2792 AC_MSG_RESULT([yes]) 2793 ], 2794 [ 2795 AC_MSG_RESULT([no]) 2796 LIBS="$saved_LIBS" 2797 ] 2798 ) 2799 ] 2800 ) 2801 2802 AC_CHECK_FUNCS([ \ 2803 BN_is_prime_ex \ 2804 DSA_generate_parameters_ex \ 2805 EVP_CIPHER_CTX_ctrl \ 2806 EVP_DigestFinal_ex \ 2807 EVP_DigestInit_ex \ 2808 EVP_MD_CTX_cleanup \ 2809 EVP_MD_CTX_copy_ex \ 2810 EVP_MD_CTX_init \ 2811 HMAC_CTX_init \ 2812 RSA_generate_key_ex \ 2813 RSA_get_default_method \ 2814 ]) 2815 2816 # OpenSSL_add_all_algorithms may be a macro. 2817 AC_CHECK_FUNC(OpenSSL_add_all_algorithms, 2818 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]), 2819 AC_CHECK_DECL(OpenSSL_add_all_algorithms, 2820 AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), , 2821 [[#include <openssl/evp.h>]] 2822 ) 2823 ) 2824 2825 # LibreSSL/OpenSSL 1.1x API 2826 AC_CHECK_FUNCS([ \ 2827 OPENSSL_init_crypto \ 2828 DH_get0_key \ 2829 DH_get0_pqg \ 2830 DH_set0_key \ 2831 DH_set_length \ 2832 DH_set0_pqg \ 2833 DSA_get0_key \ 2834 DSA_get0_pqg \ 2835 DSA_set0_key \ 2836 DSA_set0_pqg \ 2837 DSA_SIG_get0 \ 2838 DSA_SIG_set0 \ 2839 ECDSA_SIG_get0 \ 2840 ECDSA_SIG_set0 \ 2841 EVP_CIPHER_CTX_iv \ 2842 EVP_CIPHER_CTX_iv_noconst \ 2843 EVP_CIPHER_CTX_get_iv \ 2844 EVP_CIPHER_CTX_set_iv \ 2845 RSA_get0_crt_params \ 2846 RSA_get0_factors \ 2847 RSA_get0_key \ 2848 RSA_set0_crt_params \ 2849 RSA_set0_factors \ 2850 RSA_set0_key \ 2851 RSA_meth_free \ 2852 RSA_meth_dup \ 2853 RSA_meth_set1_name \ 2854 RSA_meth_get_finish \ 2855 RSA_meth_set_priv_enc \ 2856 RSA_meth_set_priv_dec \ 2857 RSA_meth_set_finish \ 2858 EVP_PKEY_get0_RSA \ 2859 EVP_MD_CTX_new \ 2860 EVP_MD_CTX_free \ 2861 EVP_chacha20 \ 2862 ]) 2863 2864 if test "x$openssl_engine" = "xyes" ; then 2865 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2866 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2867 #include <openssl/engine.h> 2868 ]], [[ 2869 ENGINE_load_builtin_engines(); 2870 ENGINE_register_all_complete(); 2871 ]])], 2872 [ AC_MSG_RESULT([yes]) 2873 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2874 [Enable OpenSSL engine support]) 2875 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2876 ]) 2877 fi 2878 2879 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2880 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2881 AC_LINK_IFELSE( 2882 [AC_LANG_PROGRAM([[ 2883 #include <string.h> 2884 #include <openssl/evp.h> 2885 ]], [[ 2886 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2887 ]])], 2888 [ 2889 AC_MSG_RESULT([no]) 2890 ], 2891 [ 2892 AC_MSG_RESULT([yes]) 2893 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2894 [libcrypto is missing AES 192 and 256 bit functions]) 2895 ] 2896 ) 2897 2898 # Check for OpenSSL with EVP_aes_*ctr 2899 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2900 AC_LINK_IFELSE( 2901 [AC_LANG_PROGRAM([[ 2902 #include <string.h> 2903 #include <openssl/evp.h> 2904 ]], [[ 2905 exit(EVP_aes_128_ctr() == NULL || 2906 EVP_aes_192_cbc() == NULL || 2907 EVP_aes_256_cbc() == NULL); 2908 ]])], 2909 [ 2910 AC_MSG_RESULT([yes]) 2911 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2912 [libcrypto has EVP AES CTR]) 2913 ], 2914 [ 2915 AC_MSG_RESULT([no]) 2916 ] 2917 ) 2918 2919 # Check for OpenSSL with EVP_aes_*gcm 2920 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2921 AC_LINK_IFELSE( 2922 [AC_LANG_PROGRAM([[ 2923 #include <string.h> 2924 #include <openssl/evp.h> 2925 ]], [[ 2926 exit(EVP_aes_128_gcm() == NULL || 2927 EVP_aes_256_gcm() == NULL || 2928 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2929 EVP_CTRL_GCM_IV_GEN == 0 || 2930 EVP_CTRL_GCM_SET_TAG == 0 || 2931 EVP_CTRL_GCM_GET_TAG == 0 || 2932 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2933 ]])], 2934 [ 2935 AC_MSG_RESULT([yes]) 2936 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2937 [libcrypto has EVP AES GCM]) 2938 ], 2939 [ 2940 AC_MSG_RESULT([no]) 2941 unsupported_algorithms="$unsupported_cipers \ 2942 aes128-gcm@openssh.com \ 2943 aes256-gcm@openssh.com" 2944 ] 2945 ) 2946 2947 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2948 AC_LINK_IFELSE( 2949 [AC_LANG_PROGRAM([[ 2950 #include <string.h> 2951 #include <openssl/evp.h> 2952 ]], [[ 2953 if(EVP_DigestUpdate(NULL, NULL,0)) 2954 exit(0); 2955 ]])], 2956 [ 2957 AC_MSG_RESULT([yes]) 2958 ], 2959 [ 2960 AC_MSG_RESULT([no]) 2961 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2962 [Define if EVP_DigestUpdate returns void]) 2963 ] 2964 ) 2965 2966 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2967 # because the system crypt() is more featureful. 2968 if test "x$check_for_libcrypt_before" = "x1"; then 2969 AC_CHECK_LIB([crypt], [crypt]) 2970 fi 2971 2972 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2973 # version in OpenSSL. 2974 if test "x$check_for_libcrypt_later" = "x1"; then 2975 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2976 fi 2977 AC_CHECK_FUNCS([crypt DES_crypt]) 2978 2979 # Check for SHA256, SHA384 and SHA512 support in OpenSSL 2980 AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) 2981 2982 # Check complete ECC support in OpenSSL 2983 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 2984 AC_LINK_IFELSE( 2985 [AC_LANG_PROGRAM([[ 2986 #include <openssl/ec.h> 2987 #include <openssl/ecdh.h> 2988 #include <openssl/ecdsa.h> 2989 #include <openssl/evp.h> 2990 #include <openssl/objects.h> 2991 #include <openssl/opensslv.h> 2992 ]], [[ 2993 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 2994 const EVP_MD *m = EVP_sha256(); /* We need this too */ 2995 ]])], 2996 [ AC_MSG_RESULT([yes]) 2997 enable_nistp256=1 ], 2998 [ AC_MSG_RESULT([no]) ] 2999 ) 3000 3001 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 3002 AC_LINK_IFELSE( 3003 [AC_LANG_PROGRAM([[ 3004 #include <openssl/ec.h> 3005 #include <openssl/ecdh.h> 3006 #include <openssl/ecdsa.h> 3007 #include <openssl/evp.h> 3008 #include <openssl/objects.h> 3009 #include <openssl/opensslv.h> 3010 ]], [[ 3011 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 3012 const EVP_MD *m = EVP_sha384(); /* We need this too */ 3013 ]])], 3014 [ AC_MSG_RESULT([yes]) 3015 enable_nistp384=1 ], 3016 [ AC_MSG_RESULT([no]) ] 3017 ) 3018 3019 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 3020 AC_LINK_IFELSE( 3021 [AC_LANG_PROGRAM([[ 3022 #include <openssl/ec.h> 3023 #include <openssl/ecdh.h> 3024 #include <openssl/ecdsa.h> 3025 #include <openssl/evp.h> 3026 #include <openssl/objects.h> 3027 #include <openssl/opensslv.h> 3028 ]], [[ 3029 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3030 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3031 ]])], 3032 [ AC_MSG_RESULT([yes]) 3033 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 3034 AC_RUN_IFELSE( 3035 [AC_LANG_PROGRAM([[ 3036 #include <openssl/ec.h> 3037 #include <openssl/ecdh.h> 3038 #include <openssl/ecdsa.h> 3039 #include <openssl/evp.h> 3040 #include <openssl/objects.h> 3041 #include <openssl/opensslv.h> 3042 ]],[[ 3043 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 3044 const EVP_MD *m = EVP_sha512(); /* We need this too */ 3045 exit(e == NULL || m == NULL); 3046 ]])], 3047 [ AC_MSG_RESULT([yes]) 3048 enable_nistp521=1 ], 3049 [ AC_MSG_RESULT([no]) ], 3050 [ AC_MSG_WARN([cross-compiling: assuming yes]) 3051 enable_nistp521=1 ] 3052 )], 3053 AC_MSG_RESULT([no]) 3054 ) 3055 3056 COMMENT_OUT_ECC="#no ecc#" 3057 TEST_SSH_ECC=no 3058 3059 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 3060 test x$enable_nistp521 = x1; then 3061 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 3062 AC_CHECK_FUNCS([EC_KEY_METHOD_new]) 3063 openssl_ecc=yes 3064 else 3065 openssl_ecc=no 3066 fi 3067 if test x$enable_nistp256 = x1; then 3068 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 3069 [libcrypto has NID_X9_62_prime256v1]) 3070 TEST_SSH_ECC=yes 3071 COMMENT_OUT_ECC="" 3072 else 3073 unsupported_algorithms="$unsupported_algorithms \ 3074 ecdsa-sha2-nistp256 \ 3075 ecdh-sha2-nistp256 \ 3076 ecdsa-sha2-nistp256-cert-v01@openssh.com" 3077 fi 3078 if test x$enable_nistp384 = x1; then 3079 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 3080 TEST_SSH_ECC=yes 3081 COMMENT_OUT_ECC="" 3082 else 3083 unsupported_algorithms="$unsupported_algorithms \ 3084 ecdsa-sha2-nistp384 \ 3085 ecdh-sha2-nistp384 \ 3086 ecdsa-sha2-nistp384-cert-v01@openssh.com" 3087 fi 3088 if test x$enable_nistp521 = x1; then 3089 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 3090 TEST_SSH_ECC=yes 3091 COMMENT_OUT_ECC="" 3092 else 3093 unsupported_algorithms="$unsupported_algorithms \ 3094 ecdh-sha2-nistp521 \ 3095 ecdsa-sha2-nistp521 \ 3096 ecdsa-sha2-nistp521-cert-v01@openssh.com" 3097 fi 3098 3099 AC_SUBST([TEST_SSH_ECC]) 3100 AC_SUBST([COMMENT_OUT_ECC]) 3101else 3102 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 3103 AC_CHECK_FUNCS([crypt]) 3104fi 3105 3106# PKCS11/U2F depend on OpenSSL and dlopen(). 3107enable_pkcs11=yes 3108enable_sk=yes 3109if test "x$openssl" != "xyes" ; then 3110 enable_pkcs11="disabled; missing libcrypto" 3111 enable_sk="disabled; missing libcrypto" 3112fi 3113if test "x$openssl_ecc" != "xyes" ; then 3114 enable_sk="disabled; OpenSSL has no ECC support" 3115fi 3116if test "x$ac_cv_func_dlopen" != "xyes" ; then 3117 enable_pkcs11="disabled; missing dlopen(3)" 3118 enable_sk="disabled; missing dlopen(3)" 3119fi 3120if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then 3121 enable_pkcs11="disabled; missing RTLD_NOW" 3122 enable_sk="disabled; missing RTLD_NOW" 3123fi 3124if test ! -z "$disable_pkcs11" ; then 3125 enable_pkcs11="disabled by user" 3126fi 3127if test ! -z "$disable_sk" ; then 3128 enable_sk="disabled by user" 3129fi 3130 3131AC_MSG_CHECKING([whether to enable PKCS11]) 3132if test "x$enable_pkcs11" = "xyes" ; then 3133 AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) 3134fi 3135AC_MSG_RESULT([$enable_pkcs11]) 3136 3137AC_MSG_CHECKING([whether to enable U2F]) 3138if test "x$enable_sk" = "xyes" ; then 3139 AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) 3140 AC_SUBST(SK_DUMMY_LIBRARY, [regress/misc/sk-dummy/sk-dummy.so]) 3141else 3142 # Do not try to build sk-dummy library. 3143 AC_SUBST(SK_DUMMY_LIBRARY, [""]) 3144fi 3145AC_MSG_RESULT([$enable_sk]) 3146 3147# Now check for built-in security key support. 3148if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then 3149 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 3150 use_pkgconfig_for_libfido2= 3151 if test "x$PKGCONFIG" != "xno"; then 3152 AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) 3153 if "$PKGCONFIG" libfido2; then 3154 AC_MSG_RESULT([yes]) 3155 use_pkgconfig_for_libfido2=yes 3156 else 3157 AC_MSG_RESULT([no]) 3158 fi 3159 fi 3160 if test "x$use_pkgconfig_for_libfido2" = "xyes"; then 3161 LIBFIDO2=`$PKGCONFIG --libs libfido2` 3162 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" 3163 else 3164 LIBFIDO2="-lfido2 -lcbor" 3165 fi 3166 OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` 3167 AC_CHECK_LIB([fido2], [fido_init], 3168 [ 3169 AC_SUBST([LIBFIDO2]) 3170 AC_DEFINE([ENABLE_SK_INTERNAL], [], 3171 [Enable for built-in U2F/FIDO support]) 3172 enable_sk="built-in" 3173 ], [ AC_MSG_ERROR([no usable libfido2 found]) ], 3174 [ $OTHERLIBS ] 3175 ) 3176 AC_CHECK_HEADER([fido.h], [], 3177 AC_MSG_ERROR([missing fido.h from libfido2])) 3178 AC_CHECK_HEADER([fido/credman.h], [], 3179 AC_MSG_ERROR([missing fido/credman.h from libfido2]), 3180 [#include <fido.h>] 3181 ) 3182fi 3183 3184AC_CHECK_FUNCS([ \ 3185 arc4random \ 3186 arc4random_buf \ 3187 arc4random_stir \ 3188 arc4random_uniform \ 3189]) 3190 3191saved_LIBS="$LIBS" 3192AC_CHECK_LIB([iaf], [ia_openinfo], [ 3193 LIBS="$LIBS -liaf" 3194 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 3195 AC_DEFINE([HAVE_LIBIAF], [1], 3196 [Define if system has libiaf that supports set_id]) 3197 ]) 3198]) 3199LIBS="$saved_LIBS" 3200 3201### Configure cryptographic random number support 3202 3203# Check whether OpenSSL seeds itself 3204if test "x$openssl" = "xyes" ; then 3205 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 3206 AC_RUN_IFELSE( 3207 [AC_LANG_PROGRAM([[ 3208 #include <string.h> 3209 #include <openssl/rand.h> 3210 ]], [[ 3211 exit(RAND_status() == 1 ? 0 : 1); 3212 ]])], 3213 [ 3214 OPENSSL_SEEDS_ITSELF=yes 3215 AC_MSG_RESULT([yes]) 3216 ], 3217 [ 3218 AC_MSG_RESULT([no]) 3219 ], 3220 [ 3221 AC_MSG_WARN([cross compiling: assuming yes]) 3222 # This is safe, since we will fatal() at runtime if 3223 # OpenSSL is not seeded correctly. 3224 OPENSSL_SEEDS_ITSELF=yes 3225 ] 3226 ) 3227fi 3228 3229# PRNGD TCP socket 3230AC_ARG_WITH([prngd-port], 3231 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 3232 [ 3233 case "$withval" in 3234 no) 3235 withval="" 3236 ;; 3237 [[0-9]]*) 3238 ;; 3239 *) 3240 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 3241 ;; 3242 esac 3243 if test ! -z "$withval" ; then 3244 PRNGD_PORT="$withval" 3245 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 3246 [Port number of PRNGD/EGD random number socket]) 3247 fi 3248 ] 3249) 3250 3251# PRNGD Unix domain socket 3252AC_ARG_WITH([prngd-socket], 3253 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 3254 [ 3255 case "$withval" in 3256 yes) 3257 withval="/var/run/egd-pool" 3258 ;; 3259 no) 3260 withval="" 3261 ;; 3262 /*) 3263 ;; 3264 *) 3265 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 3266 ;; 3267 esac 3268 3269 if test ! -z "$withval" ; then 3270 if test ! -z "$PRNGD_PORT" ; then 3271 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 3272 fi 3273 if test ! -r "$withval" ; then 3274 AC_MSG_WARN([Entropy socket is not readable]) 3275 fi 3276 PRNGD_SOCKET="$withval" 3277 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 3278 [Location of PRNGD/EGD random number socket]) 3279 fi 3280 ], 3281 [ 3282 # Check for existing socket only if we don't have a random device already 3283 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 3284 AC_MSG_CHECKING([for PRNGD/EGD socket]) 3285 # Insert other locations here 3286 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 3287 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 3288 PRNGD_SOCKET="$sock" 3289 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 3290 break; 3291 fi 3292 done 3293 if test ! -z "$PRNGD_SOCKET" ; then 3294 AC_MSG_RESULT([$PRNGD_SOCKET]) 3295 else 3296 AC_MSG_RESULT([not found]) 3297 fi 3298 fi 3299 ] 3300) 3301 3302# Which randomness source do we use? 3303if test ! -z "$PRNGD_PORT" ; then 3304 RAND_MSG="PRNGd port $PRNGD_PORT" 3305elif test ! -z "$PRNGD_SOCKET" ; then 3306 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3307elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3308 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3309 [Define if you want the OpenSSL internally seeded PRNG only]) 3310 RAND_MSG="OpenSSL internal ONLY" 3311elif test "x$openssl" = "xno" ; then 3312 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3313else 3314 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3315fi 3316 3317# Check for PAM libs 3318PAM_MSG="no" 3319AC_ARG_WITH([pam], 3320 [ --with-pam Enable PAM support ], 3321 [ 3322 if test "x$withval" != "xno" ; then 3323 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3324 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3325 AC_MSG_ERROR([PAM headers not found]) 3326 fi 3327 3328 saved_LIBS="$LIBS" 3329 AC_CHECK_LIB([dl], [dlopen], , ) 3330 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3331 AC_CHECK_FUNCS([pam_getenvlist]) 3332 AC_CHECK_FUNCS([pam_putenv]) 3333 LIBS="$saved_LIBS" 3334 3335 PAM_MSG="yes" 3336 3337 SSHDLIBS="$SSHDLIBS -lpam" 3338 AC_DEFINE([USE_PAM], [1], 3339 [Define if you want to enable PAM support]) 3340 3341 if test $ac_cv_lib_dl_dlopen = yes; then 3342 case "$LIBS" in 3343 *-ldl*) 3344 # libdl already in LIBS 3345 ;; 3346 *) 3347 SSHDLIBS="$SSHDLIBS -ldl" 3348 ;; 3349 esac 3350 fi 3351 fi 3352 ] 3353) 3354 3355AC_ARG_WITH([pam-service], 3356 [ --with-pam-service=name Specify PAM service name ], 3357 [ 3358 if test "x$withval" != "xno" && \ 3359 test "x$withval" != "xyes" ; then 3360 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3361 ["$withval"], [sshd PAM service name]) 3362 fi 3363 ] 3364) 3365 3366# Check for older PAM 3367if test "x$PAM_MSG" = "xyes" ; then 3368 # Check PAM strerror arguments (old PAM) 3369 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3370 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3371#include <stdlib.h> 3372#if defined(HAVE_SECURITY_PAM_APPL_H) 3373#include <security/pam_appl.h> 3374#elif defined (HAVE_PAM_PAM_APPL_H) 3375#include <pam/pam_appl.h> 3376#endif 3377 ]], [[ 3378(void)pam_strerror((pam_handle_t *)NULL, -1); 3379 ]])], [AC_MSG_RESULT([no])], [ 3380 AC_DEFINE([HAVE_OLD_PAM], [1], 3381 [Define if you have an old version of PAM 3382 which takes only one argument to pam_strerror]) 3383 AC_MSG_RESULT([yes]) 3384 PAM_MSG="yes (old library)" 3385 3386 ]) 3387fi 3388 3389case "$host" in 3390*-*-cygwin*) 3391 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3392 ;; 3393*) 3394 SSH_PRIVSEP_USER=sshd 3395 ;; 3396esac 3397AC_ARG_WITH([privsep-user], 3398 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3399 [ 3400 if test -n "$withval" && test "x$withval" != "xno" && \ 3401 test "x${withval}" != "xyes"; then 3402 SSH_PRIVSEP_USER=$withval 3403 fi 3404 ] 3405) 3406if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3407 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3408 [Cygwin function to fetch non-privileged user for privilege separation]) 3409else 3410 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3411 [non-privileged user for privilege separation]) 3412fi 3413AC_SUBST([SSH_PRIVSEP_USER]) 3414 3415if test "x$have_linux_no_new_privs" = "x1" ; then 3416AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3417 #include <sys/types.h> 3418 #include <linux/seccomp.h> 3419]) 3420fi 3421if test "x$have_seccomp_filter" = "x1" ; then 3422AC_MSG_CHECKING([kernel for seccomp_filter support]) 3423AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3424 #include <errno.h> 3425 #include <elf.h> 3426 #include <linux/audit.h> 3427 #include <linux/seccomp.h> 3428 #include <stdlib.h> 3429 #include <sys/prctl.h> 3430 ]], 3431 [[ int i = $seccomp_audit_arch; 3432 errno = 0; 3433 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3434 exit(errno == EFAULT ? 0 : 1); ]])], 3435 [ AC_MSG_RESULT([yes]) ], [ 3436 AC_MSG_RESULT([no]) 3437 # Disable seccomp filter as a target 3438 have_seccomp_filter=0 3439 ] 3440) 3441fi 3442 3443# Decide which sandbox style to use 3444sandbox_arg="" 3445AC_ARG_WITH([sandbox], 3446 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3447 [ 3448 if test "x$withval" = "xyes" ; then 3449 sandbox_arg="" 3450 else 3451 sandbox_arg="$withval" 3452 fi 3453 ] 3454) 3455 3456# Some platforms (seems to be the ones that have a kernel poll(2)-type 3457# function with which they implement select(2)) use an extra file descriptor 3458# when calling select(2), which means we can't use the rlimit sandbox. 3459AC_MSG_CHECKING([if select works with descriptor rlimit]) 3460AC_RUN_IFELSE( 3461 [AC_LANG_PROGRAM([[ 3462#include <sys/types.h> 3463#ifdef HAVE_SYS_TIME_H 3464# include <sys/time.h> 3465#endif 3466#include <sys/resource.h> 3467#ifdef HAVE_SYS_SELECT_H 3468# include <sys/select.h> 3469#endif 3470#include <errno.h> 3471#include <fcntl.h> 3472#include <stdlib.h> 3473 ]],[[ 3474 struct rlimit rl_zero; 3475 int fd, r; 3476 fd_set fds; 3477 struct timeval tv; 3478 3479 fd = open("/dev/null", O_RDONLY); 3480 FD_ZERO(&fds); 3481 FD_SET(fd, &fds); 3482 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3483 setrlimit(RLIMIT_FSIZE, &rl_zero); 3484 setrlimit(RLIMIT_NOFILE, &rl_zero); 3485 tv.tv_sec = 1; 3486 tv.tv_usec = 0; 3487 r = select(fd+1, &fds, NULL, NULL, &tv); 3488 exit (r == -1 ? 1 : 0); 3489 ]])], 3490 [AC_MSG_RESULT([yes]) 3491 select_works_with_rlimit=yes], 3492 [AC_MSG_RESULT([no]) 3493 select_works_with_rlimit=no], 3494 [AC_MSG_WARN([cross compiling: assuming yes]) 3495 select_works_with_rlimit=yes] 3496) 3497 3498AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3499AC_RUN_IFELSE( 3500 [AC_LANG_PROGRAM([[ 3501#include <sys/types.h> 3502#ifdef HAVE_SYS_TIME_H 3503# include <sys/time.h> 3504#endif 3505#include <sys/resource.h> 3506#include <errno.h> 3507#include <stdlib.h> 3508 ]],[[ 3509 struct rlimit rl_zero; 3510 int r; 3511 3512 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3513 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3514 exit (r == -1 ? 1 : 0); 3515 ]])], 3516 [AC_MSG_RESULT([yes]) 3517 rlimit_nofile_zero_works=yes], 3518 [AC_MSG_RESULT([no]) 3519 rlimit_nofile_zero_works=no], 3520 [AC_MSG_WARN([cross compiling: assuming yes]) 3521 rlimit_nofile_zero_works=yes] 3522) 3523 3524AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3525AC_RUN_IFELSE( 3526 [AC_LANG_PROGRAM([[ 3527#include <sys/types.h> 3528#include <sys/resource.h> 3529#include <stdlib.h> 3530 ]],[[ 3531 struct rlimit rl_zero; 3532 3533 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3534 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3535 ]])], 3536 [AC_MSG_RESULT([yes])], 3537 [AC_MSG_RESULT([no]) 3538 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3539 [setrlimit RLIMIT_FSIZE works])], 3540 [AC_MSG_WARN([cross compiling: assuming yes])] 3541) 3542 3543if test "x$sandbox_arg" = "xpledge" || \ 3544 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3545 test "x$ac_cv_func_pledge" != "xyes" && \ 3546 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3547 SANDBOX_STYLE="pledge" 3548 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3549elif test "x$sandbox_arg" = "xsystrace" || \ 3550 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3551 test "x$have_systr_policy_kill" != "x1" && \ 3552 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3553 SANDBOX_STYLE="systrace" 3554 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3555elif test "x$sandbox_arg" = "xdarwin" || \ 3556 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3557 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3558 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3559 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3560 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3561 SANDBOX_STYLE="darwin" 3562 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3563elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3564 ( test -z "$sandbox_arg" && \ 3565 test "x$have_seccomp_filter" = "x1" && \ 3566 test "x$ac_cv_header_elf_h" = "xyes" && \ 3567 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3568 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3569 test "x$seccomp_audit_arch" != "x" && \ 3570 test "x$have_linux_no_new_privs" = "x1" && \ 3571 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3572 test "x$seccomp_audit_arch" = "x" && \ 3573 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3574 test "x$have_linux_no_new_privs" != "x1" && \ 3575 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3576 test "x$have_seccomp_filter" != "x1" && \ 3577 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3578 test "x$ac_cv_func_prctl" != "xyes" && \ 3579 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3580 SANDBOX_STYLE="seccomp_filter" 3581 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3582elif test "x$sandbox_arg" = "xcapsicum" || \ 3583 ( test -z "$sandbox_arg" && \ 3584 test "x$ac_cv_header_sys_capsicum_h" = "xyes" && \ 3585 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3586 test "x$ac_cv_header_sys_capsicum_h" != "xyes" && \ 3587 AC_MSG_ERROR([capsicum sandbox requires sys/capsicum.h header]) 3588 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3589 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3590 SANDBOX_STYLE="capsicum" 3591 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3592elif test "x$sandbox_arg" = "xrlimit" || \ 3593 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3594 test "x$select_works_with_rlimit" = "xyes" && \ 3595 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3596 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3597 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3598 test "x$select_works_with_rlimit" != "xyes" && \ 3599 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3600 SANDBOX_STYLE="rlimit" 3601 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3602elif test "x$sandbox_arg" = "xsolaris" || \ 3603 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3604 SANDBOX_STYLE="solaris" 3605 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3606elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3607 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3608 SANDBOX_STYLE="none" 3609 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3610else 3611 AC_MSG_ERROR([unsupported --with-sandbox]) 3612fi 3613 3614# Cheap hack to ensure NEWS-OS libraries are arranged right. 3615if test ! -z "$SONY" ; then 3616 LIBS="$LIBS -liberty"; 3617fi 3618 3619# Check for long long datatypes 3620AC_CHECK_TYPES([long long, unsigned long long, long double]) 3621 3622# Check datatype sizes 3623AC_CHECK_SIZEOF([short int]) 3624AC_CHECK_SIZEOF([int]) 3625AC_CHECK_SIZEOF([long int]) 3626AC_CHECK_SIZEOF([long long int]) 3627 3628# Sanity check long long for some platforms (AIX) 3629if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3630 ac_cv_sizeof_long_long_int=0 3631fi 3632 3633# compute LLONG_MIN and LLONG_MAX if we don't know them. 3634if test -z "$have_llong_max" && test -z "$have_long_long_max"; then 3635 AC_MSG_CHECKING([for max value of long long]) 3636 AC_RUN_IFELSE( 3637 [AC_LANG_PROGRAM([[ 3638#include <stdio.h> 3639/* Why is this so damn hard? */ 3640#ifdef __GNUC__ 3641# undef __GNUC__ 3642#endif 3643#define __USE_ISOC99 3644#include <limits.h> 3645#define DATA "conftest.llminmax" 3646#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3647 3648/* 3649 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3650 * we do this the hard way. 3651 */ 3652static int 3653fprint_ll(FILE *f, long long n) 3654{ 3655 unsigned int i; 3656 int l[sizeof(long long) * 8]; 3657 3658 if (n < 0) 3659 if (fprintf(f, "-") < 0) 3660 return -1; 3661 for (i = 0; n != 0; i++) { 3662 l[i] = my_abs(n % 10); 3663 n /= 10; 3664 } 3665 do { 3666 if (fprintf(f, "%d", l[--i]) < 0) 3667 return -1; 3668 } while (i != 0); 3669 if (fprintf(f, " ") < 0) 3670 return -1; 3671 return 0; 3672} 3673 ]], [[ 3674 FILE *f; 3675 long long i, llmin, llmax = 0; 3676 3677 if((f = fopen(DATA,"w")) == NULL) 3678 exit(1); 3679 3680#if defined(LLONG_MIN) && defined(LLONG_MAX) 3681 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3682 llmin = LLONG_MIN; 3683 llmax = LLONG_MAX; 3684#else 3685 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3686 /* This will work on one's complement and two's complement */ 3687 for (i = 1; i > llmax; i <<= 1, i++) 3688 llmax = i; 3689 llmin = llmax + 1LL; /* wrap */ 3690#endif 3691 3692 /* Sanity check */ 3693 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3694 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3695 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3696 fprintf(f, "unknown unknown\n"); 3697 exit(2); 3698 } 3699 3700 if (fprint_ll(f, llmin) < 0) 3701 exit(3); 3702 if (fprint_ll(f, llmax) < 0) 3703 exit(4); 3704 if (fclose(f) < 0) 3705 exit(5); 3706 exit(0); 3707 ]])], 3708 [ 3709 llong_min=`$AWK '{print $1}' conftest.llminmax` 3710 llong_max=`$AWK '{print $2}' conftest.llminmax` 3711 3712 AC_MSG_RESULT([$llong_max]) 3713 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3714 [max value of long long calculated by configure]) 3715 AC_MSG_CHECKING([for min value of long long]) 3716 AC_MSG_RESULT([$llong_min]) 3717 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3718 [min value of long long calculated by configure]) 3719 ], 3720 [ 3721 AC_MSG_RESULT([not found]) 3722 ], 3723 [ 3724 AC_MSG_WARN([cross compiling: not checking]) 3725 ] 3726 ) 3727fi 3728 3729AC_CHECK_DECLS([UINT32_MAX], , , [[ 3730#ifdef HAVE_SYS_LIMITS_H 3731# include <sys/limits.h> 3732#endif 3733#ifdef HAVE_LIMITS_H 3734# include <limits.h> 3735#endif 3736#ifdef HAVE_STDINT_H 3737# include <stdint.h> 3738#endif 3739]]) 3740 3741# More checks for data types 3742AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3743 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3744 [[ u_int a; a = 1;]])], 3745 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3746 ]) 3747]) 3748if test "x$ac_cv_have_u_int" = "xyes" ; then 3749 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3750 have_u_int=1 3751fi 3752 3753AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3754 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3755 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3756 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3757 ]) 3758]) 3759if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3760 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3761 have_intxx_t=1 3762fi 3763 3764if (test -z "$have_intxx_t" && \ 3765 test "x$ac_cv_header_stdint_h" = "xyes") 3766then 3767 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3768 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3769 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3770 [ 3771 AC_DEFINE([HAVE_INTXX_T]) 3772 AC_MSG_RESULT([yes]) 3773 ], [ AC_MSG_RESULT([no]) 3774 ]) 3775fi 3776 3777AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3778 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3779#include <sys/types.h> 3780#ifdef HAVE_STDINT_H 3781# include <stdint.h> 3782#endif 3783#include <sys/socket.h> 3784#ifdef HAVE_SYS_BITYPES_H 3785# include <sys/bitypes.h> 3786#endif 3787 ]], [[ 3788int64_t a; a = 1; 3789 ]])], 3790 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3791 ]) 3792]) 3793if test "x$ac_cv_have_int64_t" = "xyes" ; then 3794 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3795fi 3796 3797AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3798 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3799 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3800 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3801 ]) 3802]) 3803if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3804 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3805 have_u_intxx_t=1 3806fi 3807 3808if test -z "$have_u_intxx_t" ; then 3809 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3810 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3811 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3812 [ 3813 AC_DEFINE([HAVE_U_INTXX_T]) 3814 AC_MSG_RESULT([yes]) 3815 ], [ AC_MSG_RESULT([no]) 3816 ]) 3817fi 3818 3819AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3820 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3821 [[ u_int64_t a; a = 1;]])], 3822 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3823 ]) 3824]) 3825if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3826 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3827 have_u_int64_t=1 3828fi 3829 3830if (test -z "$have_u_int64_t" && \ 3831 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3832then 3833 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3834 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3835 [[ u_int64_t a; a = 1]])], 3836 [ 3837 AC_DEFINE([HAVE_U_INT64_T]) 3838 AC_MSG_RESULT([yes]) 3839 ], [ AC_MSG_RESULT([no]) 3840 ]) 3841fi 3842 3843if test -z "$have_u_intxx_t" ; then 3844 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3845 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3846#include <sys/types.h> 3847 ]], [[ 3848 uint8_t a; 3849 uint16_t b; 3850 uint32_t c; 3851 a = b = c = 1; 3852 ]])], 3853 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3854 ]) 3855 ]) 3856 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3857 AC_DEFINE([HAVE_UINTXX_T], [1], 3858 [define if you have uintxx_t data type]) 3859 fi 3860fi 3861 3862if (test -z "$have_uintxx_t" && \ 3863 test "x$ac_cv_header_stdint_h" = "xyes") 3864then 3865 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3866 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3867 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3868 [ 3869 AC_DEFINE([HAVE_UINTXX_T]) 3870 AC_MSG_RESULT([yes]) 3871 ], [ AC_MSG_RESULT([no]) 3872 ]) 3873fi 3874 3875if (test -z "$have_uintxx_t" && \ 3876 test "x$ac_cv_header_inttypes_h" = "xyes") 3877then 3878 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3879 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3880 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3881 [ 3882 AC_DEFINE([HAVE_UINTXX_T]) 3883 AC_MSG_RESULT([yes]) 3884 ], [ AC_MSG_RESULT([no]) 3885 ]) 3886fi 3887 3888if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3889 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3890then 3891 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3892 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3893#include <sys/bitypes.h> 3894 ]], [[ 3895 int8_t a; int16_t b; int32_t c; 3896 u_int8_t e; u_int16_t f; u_int32_t g; 3897 a = b = c = e = f = g = 1; 3898 ]])], 3899 [ 3900 AC_DEFINE([HAVE_U_INTXX_T]) 3901 AC_DEFINE([HAVE_INTXX_T]) 3902 AC_MSG_RESULT([yes]) 3903 ], [AC_MSG_RESULT([no]) 3904 ]) 3905fi 3906 3907 3908AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3909 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3910 [[ u_char foo; foo = 125; ]])], 3911 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3912 ]) 3913]) 3914if test "x$ac_cv_have_u_char" = "xyes" ; then 3915 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3916fi 3917 3918AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3919#include <sys/types.h> 3920#ifdef HAVE_STDINT_H 3921# include <stdint.h> 3922#endif 3923]) 3924 3925TYPE_SOCKLEN_T 3926 3927AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3928AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3929#include <sys/types.h> 3930#ifdef HAVE_SYS_BITYPES_H 3931#include <sys/bitypes.h> 3932#endif 3933#ifdef HAVE_SYS_STATFS_H 3934#include <sys/statfs.h> 3935#endif 3936#ifdef HAVE_SYS_STATVFS_H 3937#include <sys/statvfs.h> 3938#endif 3939]) 3940 3941AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ 3942#include <sys/param.h> 3943#include <sys/types.h> 3944#ifdef HAVE_SYS_BITYPES_H 3945#include <sys/bitypes.h> 3946#endif 3947#ifdef HAVE_SYS_STATFS_H 3948#include <sys/statfs.h> 3949#endif 3950#ifdef HAVE_SYS_STATVFS_H 3951#include <sys/statvfs.h> 3952#endif 3953#ifdef HAVE_SYS_VFS_H 3954#include <sys/vfs.h> 3955#endif 3956#ifdef HAVE_SYS_MOUNT_H 3957#include <sys/mount.h> 3958#endif 3959]]) 3960 3961 3962AC_CHECK_TYPES([in_addr_t, in_port_t], , , 3963[#include <sys/types.h> 3964#include <netinet/in.h>]) 3965 3966AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3967 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3968 [[ size_t foo; foo = 1235; ]])], 3969 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 3970 ]) 3971]) 3972if test "x$ac_cv_have_size_t" = "xyes" ; then 3973 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 3974fi 3975 3976AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 3977 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3978 [[ ssize_t foo; foo = 1235; ]])], 3979 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 3980 ]) 3981]) 3982if test "x$ac_cv_have_ssize_t" = "xyes" ; then 3983 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 3984fi 3985 3986AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 3987 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 3988 [[ clock_t foo; foo = 1235; ]])], 3989 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 3990 ]) 3991]) 3992if test "x$ac_cv_have_clock_t" = "xyes" ; then 3993 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 3994fi 3995 3996AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 3997 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3998#include <sys/types.h> 3999#include <sys/socket.h> 4000 ]], [[ sa_family_t foo; foo = 1235; ]])], 4001 [ ac_cv_have_sa_family_t="yes" ], 4002 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4003#include <sys/types.h> 4004#include <sys/socket.h> 4005#include <netinet/in.h> 4006 ]], [[ sa_family_t foo; foo = 1235; ]])], 4007 [ ac_cv_have_sa_family_t="yes" ], 4008 [ ac_cv_have_sa_family_t="no" ] 4009 ) 4010 ]) 4011]) 4012if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 4013 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 4014 [define if you have sa_family_t data type]) 4015fi 4016 4017AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 4018 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4019 [[ pid_t foo; foo = 1235; ]])], 4020 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 4021 ]) 4022]) 4023if test "x$ac_cv_have_pid_t" = "xyes" ; then 4024 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 4025fi 4026 4027AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 4028 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 4029 [[ mode_t foo; foo = 1235; ]])], 4030 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 4031 ]) 4032]) 4033if test "x$ac_cv_have_mode_t" = "xyes" ; then 4034 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 4035fi 4036 4037 4038AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 4039 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4040#include <sys/types.h> 4041#include <sys/socket.h> 4042 ]], [[ struct sockaddr_storage s; ]])], 4043 [ ac_cv_have_struct_sockaddr_storage="yes" ], 4044 [ ac_cv_have_struct_sockaddr_storage="no" 4045 ]) 4046]) 4047if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 4048 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 4049 [define if you have struct sockaddr_storage data type]) 4050fi 4051 4052AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 4053 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4054#include <sys/types.h> 4055#include <netinet/in.h> 4056 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 4057 [ ac_cv_have_struct_sockaddr_in6="yes" ], 4058 [ ac_cv_have_struct_sockaddr_in6="no" 4059 ]) 4060]) 4061if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 4062 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 4063 [define if you have struct sockaddr_in6 data type]) 4064fi 4065 4066AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 4067 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4068#include <sys/types.h> 4069#include <netinet/in.h> 4070 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 4071 [ ac_cv_have_struct_in6_addr="yes" ], 4072 [ ac_cv_have_struct_in6_addr="no" 4073 ]) 4074]) 4075if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 4076 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 4077 [define if you have struct in6_addr data type]) 4078 4079dnl Now check for sin6_scope_id 4080 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 4081 [ 4082#ifdef HAVE_SYS_TYPES_H 4083#include <sys/types.h> 4084#endif 4085#include <netinet/in.h> 4086 ]) 4087fi 4088 4089AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 4090 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4091#include <sys/types.h> 4092#include <sys/socket.h> 4093#include <netdb.h> 4094 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 4095 [ ac_cv_have_struct_addrinfo="yes" ], 4096 [ ac_cv_have_struct_addrinfo="no" 4097 ]) 4098]) 4099if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 4100 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 4101 [define if you have struct addrinfo data type]) 4102fi 4103 4104AC_HEADER_TIME 4105 4106AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 4107 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 4108 [[ struct timeval tv; tv.tv_sec = 1;]])], 4109 [ ac_cv_have_struct_timeval="yes" ], 4110 [ ac_cv_have_struct_timeval="no" 4111 ]) 4112]) 4113if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 4114 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 4115 have_struct_timeval=1 4116fi 4117 4118AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ 4119 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4120 #ifdef TIME_WITH_SYS_TIME 4121 # include <sys/time.h> 4122 # include <time.h> 4123 #else 4124 # ifdef HAVE_SYS_TIME_H 4125 # include <sys/time.h> 4126 # else 4127 # include <time.h> 4128 # endif 4129 #endif 4130 ]], 4131 [[ struct timespec ts; ts.tv_sec = 1;]])], 4132 [ ac_cv_have_struct_timespec="yes" ], 4133 [ ac_cv_have_struct_timespec="no" 4134 ]) 4135]) 4136if test "x$ac_cv_have_struct_timespec" = "xyes" ; then 4137 AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) 4138 have_struct_timespec=1 4139fi 4140 4141# We need int64_t or else certain parts of the compile will fail. 4142if test "x$ac_cv_have_int64_t" = "xno" && \ 4143 test "x$ac_cv_sizeof_long_int" != "x8" && \ 4144 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 4145 echo "OpenSSH requires int64_t support. Contact your vendor or install" 4146 echo "an alternative compiler (I.E., GCC) before continuing." 4147 echo "" 4148 exit 1; 4149else 4150dnl test snprintf (broken on SCO w/gcc) 4151 AC_RUN_IFELSE( 4152 [AC_LANG_SOURCE([[ 4153#include <stdio.h> 4154#include <string.h> 4155#ifdef HAVE_SNPRINTF 4156main() 4157{ 4158 char buf[50]; 4159 char expected_out[50]; 4160 int mazsize = 50 ; 4161#if (SIZEOF_LONG_INT == 8) 4162 long int num = 0x7fffffffffffffff; 4163#else 4164 long long num = 0x7fffffffffffffffll; 4165#endif 4166 strcpy(expected_out, "9223372036854775807"); 4167 snprintf(buf, mazsize, "%lld", num); 4168 if(strcmp(buf, expected_out) != 0) 4169 exit(1); 4170 exit(0); 4171} 4172#else 4173main() { exit(0); } 4174#endif 4175 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 4176 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 4177 ) 4178fi 4179 4180dnl Checks for structure members 4181OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 4182OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 4183OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 4184OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 4185OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 4186OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 4187OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 4188OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 4189OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 4190OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 4191OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 4192OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 4193OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 4194OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 4195OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 4196OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 4197OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 4198 4199AC_CHECK_MEMBERS([struct stat.st_blksize]) 4200AC_CHECK_MEMBERS([struct stat.st_mtim]) 4201AC_CHECK_MEMBERS([struct stat.st_mtime]) 4202AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 4203struct passwd.pw_change, struct passwd.pw_expire], 4204[], [], [[ 4205#include <sys/types.h> 4206#include <pwd.h> 4207]]) 4208 4209AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 4210 [Define if we don't have struct __res_state in resolv.h])], 4211[[ 4212#include <stdio.h> 4213#if HAVE_SYS_TYPES_H 4214# include <sys/types.h> 4215#endif 4216#include <netinet/in.h> 4217#include <arpa/nameser.h> 4218#include <resolv.h> 4219]]) 4220 4221AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 4222 ac_cv_have_ss_family_in_struct_ss, [ 4223 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4224#include <sys/types.h> 4225#include <sys/socket.h> 4226 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 4227 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 4228 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 4229]) 4230if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 4231 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 4232fi 4233 4234AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 4235 ac_cv_have___ss_family_in_struct_ss, [ 4236 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4237#include <sys/types.h> 4238#include <sys/socket.h> 4239 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 4240 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 4241 [ ac_cv_have___ss_family_in_struct_ss="no" 4242 ]) 4243]) 4244if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 4245 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 4246 [Fields in struct sockaddr_storage]) 4247fi 4248 4249dnl make sure we're using the real structure members and not defines 4250AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 4251 ac_cv_have_accrights_in_msghdr, [ 4252 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4253#include <sys/types.h> 4254#include <sys/socket.h> 4255#include <sys/uio.h> 4256 ]], [[ 4257#ifdef msg_accrights 4258#error "msg_accrights is a macro" 4259exit(1); 4260#endif 4261struct msghdr m; 4262m.msg_accrights = 0; 4263exit(0); 4264 ]])], 4265 [ ac_cv_have_accrights_in_msghdr="yes" ], 4266 [ ac_cv_have_accrights_in_msghdr="no" ] 4267 ) 4268]) 4269if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 4270 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 4271 [Define if your system uses access rights style 4272 file descriptor passing]) 4273fi 4274 4275AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 4276AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4277#include <sys/param.h> 4278#include <sys/stat.h> 4279#ifdef HAVE_SYS_TIME_H 4280# include <sys/time.h> 4281#endif 4282#ifdef HAVE_SYS_MOUNT_H 4283#include <sys/mount.h> 4284#endif 4285#ifdef HAVE_SYS_STATVFS_H 4286#include <sys/statvfs.h> 4287#endif 4288 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 4289 [ AC_MSG_RESULT([yes]) ], 4290 [ AC_MSG_RESULT([no]) 4291 4292 AC_MSG_CHECKING([if fsid_t has member val]) 4293 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4294#include <sys/types.h> 4295#include <sys/statvfs.h> 4296 ]], [[ fsid_t t; t.val[0] = 0; ]])], 4297 [ AC_MSG_RESULT([yes]) 4298 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 4299 [ AC_MSG_RESULT([no]) ]) 4300 4301 AC_MSG_CHECKING([if f_fsid has member __val]) 4302 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4303#include <sys/types.h> 4304#include <sys/statvfs.h> 4305 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 4306 [ AC_MSG_RESULT([yes]) 4307 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 4308 [ AC_MSG_RESULT([no]) ]) 4309]) 4310 4311AC_CACHE_CHECK([for msg_control field in struct msghdr], 4312 ac_cv_have_control_in_msghdr, [ 4313 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4314#include <sys/types.h> 4315#include <sys/socket.h> 4316#include <sys/uio.h> 4317 ]], [[ 4318#ifdef msg_control 4319#error "msg_control is a macro" 4320exit(1); 4321#endif 4322struct msghdr m; 4323m.msg_control = 0; 4324exit(0); 4325 ]])], 4326 [ ac_cv_have_control_in_msghdr="yes" ], 4327 [ ac_cv_have_control_in_msghdr="no" ] 4328 ) 4329]) 4330if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 4331 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 4332 [Define if your system uses ancillary data style 4333 file descriptor passing]) 4334fi 4335 4336AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 4337 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4338 [[ extern char *__progname; printf("%s", __progname); ]])], 4339 [ ac_cv_libc_defines___progname="yes" ], 4340 [ ac_cv_libc_defines___progname="no" 4341 ]) 4342]) 4343if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 4344 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 4345fi 4346 4347AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 4348 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4349 [[ printf("%s", __FUNCTION__); ]])], 4350 [ ac_cv_cc_implements___FUNCTION__="yes" ], 4351 [ ac_cv_cc_implements___FUNCTION__="no" 4352 ]) 4353]) 4354if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4355 AC_DEFINE([HAVE___FUNCTION__], [1], 4356 [Define if compiler implements __FUNCTION__]) 4357fi 4358 4359AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4360 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4361 [[ printf("%s", __func__); ]])], 4362 [ ac_cv_cc_implements___func__="yes" ], 4363 [ ac_cv_cc_implements___func__="no" 4364 ]) 4365]) 4366if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4367 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4368fi 4369 4370AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4371 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4372#include <stdarg.h> 4373va_list x,y; 4374 ]], [[ va_copy(x,y); ]])], 4375 [ ac_cv_have_va_copy="yes" ], 4376 [ ac_cv_have_va_copy="no" 4377 ]) 4378]) 4379if test "x$ac_cv_have_va_copy" = "xyes" ; then 4380 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4381fi 4382 4383AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4384 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4385#include <stdarg.h> 4386va_list x,y; 4387 ]], [[ __va_copy(x,y); ]])], 4388 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4389 ]) 4390]) 4391if test "x$ac_cv_have___va_copy" = "xyes" ; then 4392 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4393fi 4394 4395AC_CACHE_CHECK([whether getopt has optreset support], 4396 ac_cv_have_getopt_optreset, [ 4397 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4398 [[ extern int optreset; optreset = 0; ]])], 4399 [ ac_cv_have_getopt_optreset="yes" ], 4400 [ ac_cv_have_getopt_optreset="no" 4401 ]) 4402]) 4403if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4404 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4405 [Define if your getopt(3) defines and uses optreset]) 4406fi 4407 4408AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4409 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4410[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4411 [ ac_cv_libc_defines_sys_errlist="yes" ], 4412 [ ac_cv_libc_defines_sys_errlist="no" 4413 ]) 4414]) 4415if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4416 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4417 [Define if your system defines sys_errlist[]]) 4418fi 4419 4420 4421AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4422 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4423[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4424 [ ac_cv_libc_defines_sys_nerr="yes" ], 4425 [ ac_cv_libc_defines_sys_nerr="no" 4426 ]) 4427]) 4428if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4429 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4430fi 4431 4432# Check libraries needed by DNS fingerprint support 4433AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4434 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4435 [Define if getrrsetbyname() exists])], 4436 [ 4437 # Needed by our getrrsetbyname() 4438 AC_SEARCH_LIBS([res_query], [resolv]) 4439 AC_SEARCH_LIBS([dn_expand], [resolv]) 4440 AC_MSG_CHECKING([if res_query will link]) 4441 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4442#include <sys/types.h> 4443#include <netinet/in.h> 4444#include <arpa/nameser.h> 4445#include <netdb.h> 4446#include <resolv.h> 4447 ]], [[ 4448 res_query (0, 0, 0, 0, 0); 4449 ]])], 4450 AC_MSG_RESULT([yes]), 4451 [AC_MSG_RESULT([no]) 4452 saved_LIBS="$LIBS" 4453 LIBS="$LIBS -lresolv" 4454 AC_MSG_CHECKING([for res_query in -lresolv]) 4455 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4456#include <sys/types.h> 4457#include <netinet/in.h> 4458#include <arpa/nameser.h> 4459#include <netdb.h> 4460#include <resolv.h> 4461 ]], [[ 4462 res_query (0, 0, 0, 0, 0); 4463 ]])], 4464 [AC_MSG_RESULT([yes])], 4465 [LIBS="$saved_LIBS" 4466 AC_MSG_RESULT([no])]) 4467 ]) 4468 AC_CHECK_FUNCS([_getshort _getlong]) 4469 AC_CHECK_DECLS([_getshort, _getlong], , , 4470 [#include <sys/types.h> 4471 #include <arpa/nameser.h>]) 4472 AC_CHECK_MEMBER([HEADER.ad], 4473 [AC_DEFINE([HAVE_HEADER_AD], [1], 4474 [Define if HEADER.ad exists in arpa/nameser.h])], , 4475 [#include <arpa/nameser.h>]) 4476 ]) 4477 4478AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4479AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4480#include <stdio.h> 4481#if HAVE_SYS_TYPES_H 4482# include <sys/types.h> 4483#endif 4484#include <netinet/in.h> 4485#include <arpa/nameser.h> 4486#include <resolv.h> 4487extern struct __res_state _res; 4488 ]], [[ 4489struct __res_state *volatile p = &_res; /* force resolution of _res */ 4490return 0; 4491 ]],)], 4492 [AC_MSG_RESULT([yes]) 4493 AC_DEFINE([HAVE__RES_EXTERN], [1], 4494 [Define if you have struct __res_state _res as an extern]) 4495 ], 4496 [ AC_MSG_RESULT([no]) ] 4497) 4498 4499# Check whether user wants SELinux support 4500SELINUX_MSG="no" 4501LIBSELINUX="" 4502AC_ARG_WITH([selinux], 4503 [ --with-selinux Enable SELinux support], 4504 [ if test "x$withval" != "xno" ; then 4505 save_LIBS="$LIBS" 4506 AC_DEFINE([WITH_SELINUX], [1], 4507 [Define if you want SELinux support.]) 4508 SELINUX_MSG="yes" 4509 AC_CHECK_HEADER([selinux/selinux.h], , 4510 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4511 AC_CHECK_LIB([selinux], [setexeccon], 4512 [ LIBSELINUX="-lselinux" 4513 LIBS="$LIBS -lselinux" 4514 ], 4515 AC_MSG_ERROR([SELinux support requires libselinux library])) 4516 SSHLIBS="$SSHLIBS $LIBSELINUX" 4517 SSHDLIBS="$SSHDLIBS $LIBSELINUX" 4518 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4519 LIBS="$save_LIBS" 4520 fi ] 4521) 4522AC_SUBST([SSHLIBS]) 4523AC_SUBST([SSHDLIBS]) 4524 4525# Check whether user wants Kerberos 5 support 4526KRB5_MSG="no" 4527AC_ARG_WITH([kerberos5], 4528 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4529 [ if test "x$withval" != "xno" ; then 4530 if test "x$withval" = "xyes" ; then 4531 KRB5ROOT="/usr/local" 4532 else 4533 KRB5ROOT=${withval} 4534 fi 4535 4536 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4537 KRB5_MSG="yes" 4538 4539 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4540 [$KRB5ROOT/bin/krb5-config], 4541 [$KRB5ROOT/bin:$PATH]) 4542 if test -x $KRB5CONF ; then 4543 K5CFLAGS="`$KRB5CONF --cflags`" 4544 K5LIBS="`$KRB5CONF --libs`" 4545 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4546 4547 AC_MSG_CHECKING([for gssapi support]) 4548 if $KRB5CONF | grep gssapi >/dev/null ; then 4549 AC_MSG_RESULT([yes]) 4550 AC_DEFINE([GSSAPI], [1], 4551 [Define this if you want GSSAPI 4552 support in the version 2 protocol]) 4553 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4554 GSSLIBS="`$KRB5CONF --libs gssapi`" 4555 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4556 else 4557 AC_MSG_RESULT([no]) 4558 fi 4559 AC_MSG_CHECKING([whether we are using Heimdal]) 4560 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4561 ]], [[ char *tmp = heimdal_version; ]])], 4562 [ AC_MSG_RESULT([yes]) 4563 AC_DEFINE([HEIMDAL], [1], 4564 [Define this if you are using the Heimdal 4565 version of Kerberos V5]) ], 4566 [AC_MSG_RESULT([no]) 4567 ]) 4568 else 4569 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4570 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4571 AC_MSG_CHECKING([whether we are using Heimdal]) 4572 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4573 ]], [[ char *tmp = heimdal_version; ]])], 4574 [ AC_MSG_RESULT([yes]) 4575 AC_DEFINE([HEIMDAL]) 4576 K5LIBS="-lkrb5" 4577 K5LIBS="$K5LIBS -lcom_err -lasn1" 4578 AC_CHECK_LIB([roken], [net_write], 4579 [K5LIBS="$K5LIBS -lroken"]) 4580 AC_CHECK_LIB([des], [des_cbc_encrypt], 4581 [K5LIBS="$K5LIBS -ldes"]) 4582 ], [ AC_MSG_RESULT([no]) 4583 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4584 ]) 4585 AC_SEARCH_LIBS([dn_expand], [resolv]) 4586 4587 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4588 [ AC_DEFINE([GSSAPI]) 4589 GSSLIBS="-lgssapi_krb5" ], 4590 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4591 [ AC_DEFINE([GSSAPI]) 4592 GSSLIBS="-lgssapi" ], 4593 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4594 [ AC_DEFINE([GSSAPI]) 4595 GSSLIBS="-lgss" ], 4596 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4597 ]) 4598 ]) 4599 4600 AC_CHECK_HEADER([gssapi.h], , 4601 [ unset ac_cv_header_gssapi_h 4602 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4603 AC_CHECK_HEADERS([gssapi.h], , 4604 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4605 ) 4606 ] 4607 ) 4608 4609 oldCPP="$CPPFLAGS" 4610 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4611 AC_CHECK_HEADER([gssapi_krb5.h], , 4612 [ CPPFLAGS="$oldCPP" ]) 4613 4614 fi 4615 if test -n "${rpath_opt}" ; then 4616 LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib" 4617 fi 4618 if test ! -z "$blibpath" ; then 4619 blibpath="$blibpath:${KRB5ROOT}/lib" 4620 fi 4621 4622 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4623 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4624 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4625 4626 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4627 [Define this if you want to use libkafs' AFS support])]) 4628 4629 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4630#ifdef HAVE_GSSAPI_H 4631# include <gssapi.h> 4632#elif defined(HAVE_GSSAPI_GSSAPI_H) 4633# include <gssapi/gssapi.h> 4634#endif 4635 4636#ifdef HAVE_GSSAPI_GENERIC_H 4637# include <gssapi_generic.h> 4638#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4639# include <gssapi/gssapi_generic.h> 4640#endif 4641 ]]) 4642 saved_LIBS="$LIBS" 4643 LIBS="$LIBS $K5LIBS" 4644 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4645 LIBS="$saved_LIBS" 4646 4647 fi 4648 ] 4649) 4650AC_SUBST([GSSLIBS]) 4651AC_SUBST([K5LIBS]) 4652 4653# Looking for programs, paths and files 4654 4655PRIVSEP_PATH=/var/empty 4656AC_ARG_WITH([privsep-path], 4657 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4658 [ 4659 if test -n "$withval" && test "x$withval" != "xno" && \ 4660 test "x${withval}" != "xyes"; then 4661 PRIVSEP_PATH=$withval 4662 fi 4663 ] 4664) 4665AC_SUBST([PRIVSEP_PATH]) 4666 4667AC_ARG_WITH([xauth], 4668 [ --with-xauth=PATH Specify path to xauth program ], 4669 [ 4670 if test -n "$withval" && test "x$withval" != "xno" && \ 4671 test "x${withval}" != "xyes"; then 4672 xauth_path=$withval 4673 fi 4674 ], 4675 [ 4676 TestPath="$PATH" 4677 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4678 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4679 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4680 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4681 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4682 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4683 xauth_path="/usr/openwin/bin/xauth" 4684 fi 4685 ] 4686) 4687 4688STRIP_OPT=-s 4689AC_ARG_ENABLE([strip], 4690 [ --disable-strip Disable calling strip(1) on install], 4691 [ 4692 if test "x$enableval" = "xno" ; then 4693 STRIP_OPT= 4694 fi 4695 ] 4696) 4697AC_SUBST([STRIP_OPT]) 4698 4699if test -z "$xauth_path" ; then 4700 XAUTH_PATH="undefined" 4701 AC_SUBST([XAUTH_PATH]) 4702else 4703 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4704 [Define if xauth is found in your path]) 4705 XAUTH_PATH=$xauth_path 4706 AC_SUBST([XAUTH_PATH]) 4707fi 4708 4709dnl # --with-maildir=/path/to/mail gets top priority. 4710dnl # if maildir is set in the platform case statement above we use that. 4711dnl # Otherwise we run a program to get the dir from system headers. 4712dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4713dnl # If we find _PATH_MAILDIR we do nothing because that is what 4714dnl # session.c expects anyway. Otherwise we set to the value found 4715dnl # stripping any trailing slash. If for some strage reason our program 4716dnl # does not find what it needs, we default to /var/spool/mail. 4717# Check for mail directory 4718AC_ARG_WITH([maildir], 4719 [ --with-maildir=/path/to/mail Specify your system mail directory], 4720 [ 4721 if test "X$withval" != X && test "x$withval" != xno && \ 4722 test "x${withval}" != xyes; then 4723 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4724 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4725 fi 4726 ],[ 4727 if test "X$maildir" != "X"; then 4728 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4729 else 4730 AC_MSG_CHECKING([Discovering system mail directory]) 4731 AC_RUN_IFELSE( 4732 [AC_LANG_PROGRAM([[ 4733#include <stdio.h> 4734#include <string.h> 4735#ifdef HAVE_PATHS_H 4736#include <paths.h> 4737#endif 4738#ifdef HAVE_MAILLOCK_H 4739#include <maillock.h> 4740#endif 4741#define DATA "conftest.maildir" 4742 ]], [[ 4743 FILE *fd; 4744 int rc; 4745 4746 fd = fopen(DATA,"w"); 4747 if(fd == NULL) 4748 exit(1); 4749 4750#if defined (_PATH_MAILDIR) 4751 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4752 exit(1); 4753#elif defined (MAILDIR) 4754 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4755 exit(1); 4756#elif defined (_PATH_MAIL) 4757 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4758 exit(1); 4759#else 4760 exit (2); 4761#endif 4762 4763 exit(0); 4764 ]])], 4765 [ 4766 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4767 maildir=`awk -F: '{print $2}' conftest.maildir \ 4768 | sed 's|/$||'` 4769 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4770 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4771 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4772 fi 4773 ], 4774 [ 4775 if test "X$ac_status" = "X2";then 4776# our test program didn't find it. Default to /var/spool/mail 4777 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4778 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4779 else 4780 AC_MSG_RESULT([*** not found ***]) 4781 fi 4782 ], 4783 [ 4784 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4785 ] 4786 ) 4787 fi 4788 ] 4789) # maildir 4790 4791if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4792 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4793 disable_ptmx_check=yes 4794fi 4795if test -z "$no_dev_ptmx" ; then 4796 if test "x$disable_ptmx_check" != "xyes" ; then 4797 AC_CHECK_FILE(["/dev/ptmx"], 4798 [ 4799 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4800 [Define if you have /dev/ptmx]) 4801 have_dev_ptmx=1 4802 ] 4803 ) 4804 fi 4805fi 4806 4807if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4808 AC_CHECK_FILE(["/dev/ptc"], 4809 [ 4810 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4811 [Define if you have /dev/ptc]) 4812 have_dev_ptc=1 4813 ] 4814 ) 4815else 4816 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4817fi 4818 4819# Options from here on. Some of these are preset by platform above 4820AC_ARG_WITH([mantype], 4821 [ --with-mantype=man|cat|doc Set man page type], 4822 [ 4823 case "$withval" in 4824 man|cat|doc) 4825 MANTYPE=$withval 4826 ;; 4827 *) 4828 AC_MSG_ERROR([invalid man type: $withval]) 4829 ;; 4830 esac 4831 ] 4832) 4833if test -z "$MANTYPE"; then 4834 if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then 4835 MANTYPE=doc 4836 elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4837 MANTYPE=doc 4838 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4839 MANTYPE=man 4840 else 4841 MANTYPE=cat 4842 fi 4843fi 4844AC_SUBST([MANTYPE]) 4845if test "$MANTYPE" = "doc"; then 4846 mansubdir=man; 4847else 4848 mansubdir=$MANTYPE; 4849fi 4850AC_SUBST([mansubdir]) 4851 4852# Check whether to enable MD5 passwords 4853MD5_MSG="no" 4854AC_ARG_WITH([md5-passwords], 4855 [ --with-md5-passwords Enable use of MD5 passwords], 4856 [ 4857 if test "x$withval" != "xno" ; then 4858 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4859 [Define if you want to allow MD5 passwords]) 4860 MD5_MSG="yes" 4861 fi 4862 ] 4863) 4864 4865# Whether to disable shadow password support 4866AC_ARG_WITH([shadow], 4867 [ --without-shadow Disable shadow password support], 4868 [ 4869 if test "x$withval" = "xno" ; then 4870 AC_DEFINE([DISABLE_SHADOW]) 4871 disable_shadow=yes 4872 fi 4873 ] 4874) 4875 4876if test -z "$disable_shadow" ; then 4877 AC_MSG_CHECKING([if the systems has expire shadow information]) 4878 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4879#include <sys/types.h> 4880#include <shadow.h> 4881struct spwd sp; 4882 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4883 [ sp_expire_available=yes ], [ 4884 ]) 4885 4886 if test "x$sp_expire_available" = "xyes" ; then 4887 AC_MSG_RESULT([yes]) 4888 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4889 [Define if you want to use shadow password expire field]) 4890 else 4891 AC_MSG_RESULT([no]) 4892 fi 4893fi 4894 4895# Use ip address instead of hostname in $DISPLAY 4896if test ! -z "$IPADDR_IN_DISPLAY" ; then 4897 DISPLAY_HACK_MSG="yes" 4898 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4899 [Define if you need to use IP address 4900 instead of hostname in $DISPLAY]) 4901else 4902 DISPLAY_HACK_MSG="no" 4903 AC_ARG_WITH([ipaddr-display], 4904 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 4905 [ 4906 if test "x$withval" != "xno" ; then 4907 AC_DEFINE([IPADDR_IN_DISPLAY]) 4908 DISPLAY_HACK_MSG="yes" 4909 fi 4910 ] 4911 ) 4912fi 4913 4914# check for /etc/default/login and use it if present. 4915AC_ARG_ENABLE([etc-default-login], 4916 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4917 [ if test "x$enableval" = "xno"; then 4918 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4919 etc_default_login=no 4920 else 4921 etc_default_login=yes 4922 fi ], 4923 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4924 then 4925 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4926 etc_default_login=no 4927 else 4928 etc_default_login=yes 4929 fi ] 4930) 4931 4932if test "x$etc_default_login" != "xno"; then 4933 AC_CHECK_FILE(["/etc/default/login"], 4934 [ external_path_file=/etc/default/login ]) 4935 if test "x$external_path_file" = "x/etc/default/login"; then 4936 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4937 [Define if your system has /etc/default/login]) 4938 fi 4939fi 4940 4941dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4942if test $ac_cv_func_login_getcapbool = "yes" && \ 4943 test $ac_cv_header_login_cap_h = "yes" ; then 4944 external_path_file=/etc/login.conf 4945fi 4946 4947# Whether to mess with the default path 4948SERVER_PATH_MSG="(default)" 4949AC_ARG_WITH([default-path], 4950 [ --with-default-path= Specify default $PATH environment for server], 4951 [ 4952 if test "x$external_path_file" = "x/etc/login.conf" ; then 4953 AC_MSG_WARN([ 4954--with-default-path=PATH has no effect on this system. 4955Edit /etc/login.conf instead.]) 4956 elif test "x$withval" != "xno" ; then 4957 if test ! -z "$external_path_file" ; then 4958 AC_MSG_WARN([ 4959--with-default-path=PATH will only be used if PATH is not defined in 4960$external_path_file .]) 4961 fi 4962 user_path="$withval" 4963 SERVER_PATH_MSG="$withval" 4964 fi 4965 ], 4966 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 4967 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 4968 else 4969 if test ! -z "$external_path_file" ; then 4970 AC_MSG_WARN([ 4971If PATH is defined in $external_path_file, ensure the path to scp is included, 4972otherwise scp will not work.]) 4973 fi 4974 AC_RUN_IFELSE( 4975 [AC_LANG_PROGRAM([[ 4976/* find out what STDPATH is */ 4977#include <stdio.h> 4978#ifdef HAVE_PATHS_H 4979# include <paths.h> 4980#endif 4981#ifndef _PATH_STDPATH 4982# ifdef _PATH_USERPATH /* Irix */ 4983# define _PATH_STDPATH _PATH_USERPATH 4984# else 4985# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 4986# endif 4987#endif 4988#include <sys/types.h> 4989#include <sys/stat.h> 4990#include <fcntl.h> 4991#define DATA "conftest.stdpath" 4992 ]], [[ 4993 FILE *fd; 4994 int rc; 4995 4996 fd = fopen(DATA,"w"); 4997 if(fd == NULL) 4998 exit(1); 4999 5000 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 5001 exit(1); 5002 5003 exit(0); 5004 ]])], 5005 [ user_path=`cat conftest.stdpath` ], 5006 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 5007 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 5008 ) 5009# make sure $bindir is in USER_PATH so scp will work 5010 t_bindir="${bindir}" 5011 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 5012 t_bindir=`eval echo ${t_bindir}` 5013 case $t_bindir in 5014 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 5015 esac 5016 case $t_bindir in 5017 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 5018 esac 5019 done 5020 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 5021 if test $? -ne 0 ; then 5022 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 5023 if test $? -ne 0 ; then 5024 user_path=$user_path:$t_bindir 5025 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 5026 fi 5027 fi 5028 fi ] 5029) 5030if test "x$external_path_file" != "x/etc/login.conf" ; then 5031 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 5032 AC_SUBST([user_path]) 5033fi 5034 5035# Set superuser path separately to user path 5036AC_ARG_WITH([superuser-path], 5037 [ --with-superuser-path= Specify different path for super-user], 5038 [ 5039 if test -n "$withval" && test "x$withval" != "xno" && \ 5040 test "x${withval}" != "xyes"; then 5041 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 5042 [Define if you want a different $PATH 5043 for the superuser]) 5044 superuser_path=$withval 5045 fi 5046 ] 5047) 5048 5049 5050AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 5051IPV4_IN6_HACK_MSG="no" 5052AC_ARG_WITH(4in6, 5053 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 5054 [ 5055 if test "x$withval" != "xno" ; then 5056 AC_MSG_RESULT([yes]) 5057 AC_DEFINE([IPV4_IN_IPV6], [1], 5058 [Detect IPv4 in IPv6 mapped addresses 5059 and treat as IPv4]) 5060 IPV4_IN6_HACK_MSG="yes" 5061 else 5062 AC_MSG_RESULT([no]) 5063 fi 5064 ], [ 5065 if test "x$inet6_default_4in6" = "xyes"; then 5066 AC_MSG_RESULT([yes (default)]) 5067 AC_DEFINE([IPV4_IN_IPV6]) 5068 IPV4_IN6_HACK_MSG="yes" 5069 else 5070 AC_MSG_RESULT([no (default)]) 5071 fi 5072 ] 5073) 5074 5075# Whether to enable BSD auth support 5076BSD_AUTH_MSG=no 5077AC_ARG_WITH([bsd-auth], 5078 [ --with-bsd-auth Enable BSD auth support], 5079 [ 5080 if test "x$withval" != "xno" ; then 5081 AC_DEFINE([BSD_AUTH], [1], 5082 [Define if you have BSD auth support]) 5083 BSD_AUTH_MSG=yes 5084 fi 5085 ] 5086) 5087 5088# Where to place sshd.pid 5089piddir=/var/run 5090# make sure the directory exists 5091if test ! -d $piddir ; then 5092 piddir=`eval echo ${sysconfdir}` 5093 case $piddir in 5094 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 5095 esac 5096fi 5097 5098AC_ARG_WITH([pid-dir], 5099 [ --with-pid-dir=PATH Specify location of sshd.pid file], 5100 [ 5101 if test -n "$withval" && test "x$withval" != "xno" && \ 5102 test "x${withval}" != "xyes"; then 5103 piddir=$withval 5104 if test ! -d $piddir ; then 5105 AC_MSG_WARN([** no $piddir directory on this system **]) 5106 fi 5107 fi 5108 ] 5109) 5110 5111AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 5112 [Specify location of ssh.pid]) 5113AC_SUBST([piddir]) 5114 5115dnl allow user to disable some login recording features 5116AC_ARG_ENABLE([lastlog], 5117 [ --disable-lastlog disable use of lastlog even if detected [no]], 5118 [ 5119 if test "x$enableval" = "xno" ; then 5120 AC_DEFINE([DISABLE_LASTLOG]) 5121 fi 5122 ] 5123) 5124AC_ARG_ENABLE([utmp], 5125 [ --disable-utmp disable use of utmp even if detected [no]], 5126 [ 5127 if test "x$enableval" = "xno" ; then 5128 AC_DEFINE([DISABLE_UTMP]) 5129 fi 5130 ] 5131) 5132AC_ARG_ENABLE([utmpx], 5133 [ --disable-utmpx disable use of utmpx even if detected [no]], 5134 [ 5135 if test "x$enableval" = "xno" ; then 5136 AC_DEFINE([DISABLE_UTMPX], [1], 5137 [Define if you don't want to use utmpx]) 5138 fi 5139 ] 5140) 5141AC_ARG_ENABLE([wtmp], 5142 [ --disable-wtmp disable use of wtmp even if detected [no]], 5143 [ 5144 if test "x$enableval" = "xno" ; then 5145 AC_DEFINE([DISABLE_WTMP]) 5146 fi 5147 ] 5148) 5149AC_ARG_ENABLE([wtmpx], 5150 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 5151 [ 5152 if test "x$enableval" = "xno" ; then 5153 AC_DEFINE([DISABLE_WTMPX], [1], 5154 [Define if you don't want to use wtmpx]) 5155 fi 5156 ] 5157) 5158AC_ARG_ENABLE([libutil], 5159 [ --disable-libutil disable use of libutil (login() etc.) [no]], 5160 [ 5161 if test "x$enableval" = "xno" ; then 5162 AC_DEFINE([DISABLE_LOGIN]) 5163 fi 5164 ] 5165) 5166AC_ARG_ENABLE([pututline], 5167 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 5168 [ 5169 if test "x$enableval" = "xno" ; then 5170 AC_DEFINE([DISABLE_PUTUTLINE], [1], 5171 [Define if you don't want to use pututline() 5172 etc. to write [uw]tmp]) 5173 fi 5174 ] 5175) 5176AC_ARG_ENABLE([pututxline], 5177 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 5178 [ 5179 if test "x$enableval" = "xno" ; then 5180 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 5181 [Define if you don't want to use pututxline() 5182 etc. to write [uw]tmpx]) 5183 fi 5184 ] 5185) 5186AC_ARG_WITH([lastlog], 5187 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 5188 [ 5189 if test "x$withval" = "xno" ; then 5190 AC_DEFINE([DISABLE_LASTLOG]) 5191 elif test -n "$withval" && test "x${withval}" != "xyes"; then 5192 conf_lastlog_location=$withval 5193 fi 5194 ] 5195) 5196 5197dnl lastlog, [uw]tmpx? detection 5198dnl NOTE: set the paths in the platform section to avoid the 5199dnl need for command-line parameters 5200dnl lastlog and [uw]tmp are subject to a file search if all else fails 5201 5202dnl lastlog detection 5203dnl NOTE: the code itself will detect if lastlog is a directory 5204AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 5205AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5206#include <sys/types.h> 5207#include <utmp.h> 5208#ifdef HAVE_LASTLOG_H 5209# include <lastlog.h> 5210#endif 5211#ifdef HAVE_PATHS_H 5212# include <paths.h> 5213#endif 5214#ifdef HAVE_LOGIN_H 5215# include <login.h> 5216#endif 5217 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 5218 [ AC_MSG_RESULT([yes]) ], 5219 [ 5220 AC_MSG_RESULT([no]) 5221 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 5222 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5223#include <sys/types.h> 5224#include <utmp.h> 5225#ifdef HAVE_LASTLOG_H 5226# include <lastlog.h> 5227#endif 5228#ifdef HAVE_PATHS_H 5229# include <paths.h> 5230#endif 5231 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 5232 [ AC_MSG_RESULT([yes]) ], 5233 [ 5234 AC_MSG_RESULT([no]) 5235 system_lastlog_path=no 5236 ]) 5237]) 5238 5239if test -z "$conf_lastlog_location"; then 5240 if test x"$system_lastlog_path" = x"no" ; then 5241 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 5242 if (test -d "$f" || test -f "$f") ; then 5243 conf_lastlog_location=$f 5244 fi 5245 done 5246 if test -z "$conf_lastlog_location"; then 5247 AC_MSG_WARN([** Cannot find lastlog **]) 5248 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 5249 fi 5250 fi 5251fi 5252 5253if test -n "$conf_lastlog_location"; then 5254 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 5255 [Define if you want to specify the path to your lastlog file]) 5256fi 5257 5258dnl utmp detection 5259AC_MSG_CHECKING([if your system defines UTMP_FILE]) 5260AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5261#include <sys/types.h> 5262#include <utmp.h> 5263#ifdef HAVE_PATHS_H 5264# include <paths.h> 5265#endif 5266 ]], [[ char *utmp = UTMP_FILE; ]])], 5267 [ AC_MSG_RESULT([yes]) ], 5268 [ AC_MSG_RESULT([no]) 5269 system_utmp_path=no 5270]) 5271if test -z "$conf_utmp_location"; then 5272 if test x"$system_utmp_path" = x"no" ; then 5273 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 5274 if test -f $f ; then 5275 conf_utmp_location=$f 5276 fi 5277 done 5278 if test -z "$conf_utmp_location"; then 5279 AC_DEFINE([DISABLE_UTMP]) 5280 fi 5281 fi 5282fi 5283if test -n "$conf_utmp_location"; then 5284 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 5285 [Define if you want to specify the path to your utmp file]) 5286fi 5287 5288dnl wtmp detection 5289AC_MSG_CHECKING([if your system defines WTMP_FILE]) 5290AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5291#include <sys/types.h> 5292#include <utmp.h> 5293#ifdef HAVE_PATHS_H 5294# include <paths.h> 5295#endif 5296 ]], [[ char *wtmp = WTMP_FILE; ]])], 5297 [ AC_MSG_RESULT([yes]) ], 5298 [ AC_MSG_RESULT([no]) 5299 system_wtmp_path=no 5300]) 5301if test -z "$conf_wtmp_location"; then 5302 if test x"$system_wtmp_path" = x"no" ; then 5303 for f in /usr/adm/wtmp /var/log/wtmp; do 5304 if test -f $f ; then 5305 conf_wtmp_location=$f 5306 fi 5307 done 5308 if test -z "$conf_wtmp_location"; then 5309 AC_DEFINE([DISABLE_WTMP]) 5310 fi 5311 fi 5312fi 5313if test -n "$conf_wtmp_location"; then 5314 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 5315 [Define if you want to specify the path to your wtmp file]) 5316fi 5317 5318dnl wtmpx detection 5319AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 5320AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 5321#include <sys/types.h> 5322#include <utmp.h> 5323#ifdef HAVE_UTMPX_H 5324#include <utmpx.h> 5325#endif 5326#ifdef HAVE_PATHS_H 5327# include <paths.h> 5328#endif 5329 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 5330 [ AC_MSG_RESULT([yes]) ], 5331 [ AC_MSG_RESULT([no]) 5332 system_wtmpx_path=no 5333]) 5334if test -z "$conf_wtmpx_location"; then 5335 if test x"$system_wtmpx_path" = x"no" ; then 5336 AC_DEFINE([DISABLE_WTMPX]) 5337 fi 5338else 5339 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 5340 [Define if you want to specify the path to your wtmpx file]) 5341fi 5342 5343 5344if test ! -z "$blibpath" ; then 5345 LDFLAGS="$LDFLAGS $blibflags$blibpath" 5346 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 5347fi 5348 5349AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 5350 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 5351 AC_DEFINE([DISABLE_LASTLOG]) 5352 fi 5353 ], [ 5354#ifdef HAVE_SYS_TYPES_H 5355#include <sys/types.h> 5356#endif 5357#ifdef HAVE_UTMP_H 5358#include <utmp.h> 5359#endif 5360#ifdef HAVE_UTMPX_H 5361#include <utmpx.h> 5362#endif 5363#ifdef HAVE_LASTLOG_H 5364#include <lastlog.h> 5365#endif 5366 ]) 5367 5368AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5369 AC_DEFINE([DISABLE_UTMP]) 5370 AC_DEFINE([DISABLE_WTMP]) 5371 ], [ 5372#ifdef HAVE_SYS_TYPES_H 5373#include <sys/types.h> 5374#endif 5375#ifdef HAVE_UTMP_H 5376#include <utmp.h> 5377#endif 5378#ifdef HAVE_UTMPX_H 5379#include <utmpx.h> 5380#endif 5381#ifdef HAVE_LASTLOG_H 5382#include <lastlog.h> 5383#endif 5384 ]) 5385 5386dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5387dnl Add now. 5388CFLAGS="$CFLAGS $werror_flags" 5389 5390if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5391 TEST_SSH_IPV6=no 5392else 5393 TEST_SSH_IPV6=yes 5394fi 5395AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5396AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5397AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5398AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5399AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5400AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) 5401 5402CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" 5403LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" 5404 5405# Make a copy of CFLAGS/LDFLAGS without PIE options. 5406LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` 5407CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` 5408AC_SUBST([LDFLAGS_NOPIE]) 5409AC_SUBST([CFLAGS_NOPIE]) 5410 5411AC_EXEEXT 5412AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5413 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5414 survey.sh]) 5415AC_OUTPUT 5416 5417# Print summary of options 5418 5419# Someone please show me a better way :) 5420A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5421B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5422C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5423D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5424E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5425F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5426G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5427H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5428I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5429J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5430 5431echo "" 5432echo "OpenSSH has been configured with the following options:" 5433echo " User binaries: $B" 5434echo " System binaries: $C" 5435echo " Configuration files: $D" 5436echo " Askpass program: $E" 5437echo " Manual pages: $F" 5438echo " PID file: $G" 5439echo " Privilege separation chroot path: $H" 5440if test "x$external_path_file" = "x/etc/login.conf" ; then 5441echo " At runtime, sshd will use the path defined in $external_path_file" 5442echo " Make sure the path to scp is present, otherwise scp will not work" 5443else 5444echo " sshd default user PATH: $I" 5445 if test ! -z "$external_path_file"; then 5446echo " (If PATH is set in $external_path_file it will be used instead. If" 5447echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5448 fi 5449fi 5450if test ! -z "$superuser_path" ; then 5451echo " sshd superuser user PATH: $J" 5452fi 5453echo " Manpage format: $MANTYPE" 5454echo " PAM support: $PAM_MSG" 5455echo " OSF SIA support: $SIA_MSG" 5456echo " KerberosV support: $KRB5_MSG" 5457echo " SELinux support: $SELINUX_MSG" 5458echo " MD5 password support: $MD5_MSG" 5459echo " libedit support: $LIBEDIT_MSG" 5460echo " libldns support: $LDNS_MSG" 5461echo " Solaris process contract support: $SPC_MSG" 5462echo " Solaris project support: $SP_MSG" 5463echo " Solaris privilege support: $SPP_MSG" 5464echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5465echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5466echo " BSD Auth support: $BSD_AUTH_MSG" 5467echo " Random number source: $RAND_MSG" 5468echo " Privsep sandbox style: $SANDBOX_STYLE" 5469echo " PKCS#11 support: $enable_pkcs11" 5470echo " U2F/FIDO support: $enable_sk" 5471 5472echo "" 5473 5474echo " Host: ${host}" 5475echo " Compiler: ${CC}" 5476echo " Compiler flags: ${CFLAGS}" 5477echo "Preprocessor flags: ${CPPFLAGS}" 5478echo " Linker flags: ${LDFLAGS}" 5479echo " Libraries: ${LIBS}" 5480if test ! -z "${SSHDLIBS}"; then 5481echo " +for sshd: ${SSHDLIBS}" 5482fi 5483if test ! -z "${SSHLIBS}"; then 5484echo " +for ssh: ${SSHLIBS}" 5485fi 5486 5487echo "" 5488 5489if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5490 echo "SVR4 style packages are supported with \"make package\"" 5491 echo "" 5492fi 5493 5494if test "x$PAM_MSG" = "xyes" ; then 5495 echo "PAM is enabled. You may need to install a PAM control file " 5496 echo "for sshd, otherwise password authentication may fail. " 5497 echo "Example PAM control files can be found in the contrib/ " 5498 echo "subdirectory" 5499 echo "" 5500fi 5501 5502if test ! -z "$NO_PEERCHECK" ; then 5503 echo "WARNING: the operating system that you are using does not" 5504 echo "appear to support getpeereid(), getpeerucred() or the" 5505 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5506 echo "enforce security checks to prevent unauthorised connections to" 5507 echo "ssh-agent. Their absence increases the risk that a malicious" 5508 echo "user can connect to your agent." 5509 echo "" 5510fi 5511 5512if test "$AUDIT_MODULE" = "bsm" ; then 5513 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5514 echo "See the Solaris section in README.platform for details." 5515fi 5516