1# $Id: configure.ac,v 1.583 2014/08/26 20:32:01 djm Exp $ 2# 3# Copyright (c) 1999-2004 Damien Miller 4# 5# Permission to use, copy, modify, and distribute this software for any 6# purpose with or without fee is hereby granted, provided that the above 7# copyright notice and this permission notice appear in all copies. 8# 9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 17AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 18AC_REVISION($Revision: 1.583 $) 19AC_CONFIG_SRCDIR([ssh.c]) 20AC_LANG([C]) 21 22AC_CONFIG_HEADER([config.h]) 23AC_PROG_CC 24AC_CANONICAL_HOST 25AC_C_BIGENDIAN 26 27# Checks for programs. 28AC_PROG_AWK 29AC_PROG_CPP 30AC_PROG_RANLIB 31AC_PROG_INSTALL 32AC_PROG_EGREP 33AC_PATH_PROG([AR], [ar]) 34AC_PATH_PROG([CAT], [cat]) 35AC_PATH_PROG([KILL], [kill]) 36AC_PATH_PROGS([PERL], [perl5 perl]) 37AC_PATH_PROG([SED], [sed]) 38AC_SUBST([PERL]) 39AC_PATH_PROG([ENT], [ent]) 40AC_SUBST([ENT]) 41AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 42AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 43AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 44AC_PATH_PROG([SH], [sh]) 45AC_PATH_PROG([GROFF], [groff]) 46AC_PATH_PROG([NROFF], [nroff]) 47AC_PATH_PROG([MANDOC], [mandoc]) 48AC_SUBST([TEST_SHELL], [sh]) 49 50dnl select manpage formatter 51if test "x$MANDOC" != "x" ; then 52 MANFMT="$MANDOC" 53elif test "x$NROFF" != "x" ; then 54 MANFMT="$NROFF -mandoc" 55elif test "x$GROFF" != "x" ; then 56 MANFMT="$GROFF -mandoc -Tascii" 57else 58 AC_MSG_WARN([no manpage formatted found]) 59 MANFMT="false" 60fi 61AC_SUBST([MANFMT]) 62 63dnl for buildpkg.sh 64AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 65 [/usr/sbin${PATH_SEPARATOR}/etc]) 66AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 67 [/usr/sbin${PATH_SEPARATOR}/etc]) 68AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 69if test -x /sbin/sh; then 70 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 71else 72 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 73fi 74 75# System features 76AC_SYS_LARGEFILE 77 78if test -z "$AR" ; then 79 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 80fi 81 82# Use LOGIN_PROGRAM from environment if possible 83if test ! -z "$LOGIN_PROGRAM" ; then 84 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"], 85 [If your header files don't define LOGIN_PROGRAM, 86 then use this (detected) from environment and PATH]) 87else 88 # Search for login 89 AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login]) 90 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then 91 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"]) 92 fi 93fi 94 95AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 96if test ! -z "$PATH_PASSWD_PROG" ; then 97 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 98 [Full path of your "passwd" program]) 99fi 100 101if test -z "$LD" ; then 102 LD=$CC 103fi 104AC_SUBST([LD]) 105 106AC_C_INLINE 107 108AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 109AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 110 #include <sys/types.h> 111 #include <sys/param.h> 112 #include <dev/systrace.h> 113]) 114AC_CHECK_DECL([RLIMIT_NPROC], 115 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 116 #include <sys/types.h> 117 #include <sys/resource.h> 118]) 119AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 120 #include <sys/types.h> 121 #include <linux/prctl.h> 122]) 123 124openssl=yes 125ssh1=yes 126AC_ARG_WITH([openssl], 127 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 128 [ if test "x$withval" = "xno" ; then 129 openssl=no 130 ssh1=no 131 fi 132 ] 133) 134AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 135if test "x$openssl" = "xyes" ; then 136 AC_MSG_RESULT([yes]) 137 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 138else 139 AC_MSG_RESULT([no]) 140fi 141 142AC_ARG_WITH([ssh1], 143 [ --without-ssh1 Disable support for SSH protocol 1], 144 [ 145 if test "x$withval" = "xno" ; then 146 ssh1=no 147 elif test "x$openssl" = "xno" ; then 148 AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled]) 149 fi 150 ] 151) 152AC_MSG_CHECKING([whether SSH protocol 1 support is enabled]) 153if test "x$ssh1" = "xyes" ; then 154 AC_MSG_RESULT([yes]) 155 AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support]) 156else 157 AC_MSG_RESULT([no]) 158fi 159 160use_stack_protector=1 161use_toolchain_hardening=1 162AC_ARG_WITH([stackprotect], 163 [ --without-stackprotect Don't use compiler's stack protection], [ 164 if test "x$withval" = "xno"; then 165 use_stack_protector=0 166 fi ]) 167AC_ARG_WITH([hardening], 168 [ --without-hardening Don't use toolchain hardening flags], [ 169 if test "x$withval" = "xno"; then 170 use_toolchain_hardening=0 171 fi ]) 172 173# We use -Werror for the tests only so that we catch warnings like "this is 174# on by default" for things like -fPIE. 175AC_MSG_CHECKING([if $CC supports -Werror]) 176saved_CFLAGS="$CFLAGS" 177CFLAGS="$CFLAGS -Werror" 178AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 179 [ AC_MSG_RESULT([yes]) 180 WERROR="-Werror"], 181 [ AC_MSG_RESULT([no]) 182 WERROR="" ] 183) 184CFLAGS="$saved_CFLAGS" 185 186if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 187 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 188 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 189 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 190 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 191 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 192 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 193 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 194 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 195 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 196 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 197 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 198 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 199 if test "x$use_toolchain_hardening" = "x1"; then 200 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 201 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 202 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 203 # NB. -ftrapv expects certain support functions to be present in 204 # the compiler library (libgcc or similar) to detect integer operations 205 # that can overflow. We must check that the result of enabling it 206 # actually links. The test program compiled/linked includes a number 207 # of integer operations that should exercise this. 208 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 209 fi 210 AC_MSG_CHECKING([gcc version]) 211 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 212 case $GCC_VER in 213 1.*) no_attrib_nonnull=1 ;; 214 2.8* | 2.9*) 215 no_attrib_nonnull=1 216 ;; 217 2.*) no_attrib_nonnull=1 ;; 218 *) ;; 219 esac 220 AC_MSG_RESULT([$GCC_VER]) 221 222 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 223 saved_CFLAGS="$CFLAGS" 224 CFLAGS="$CFLAGS -fno-builtin-memset" 225 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 226 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 227 [ AC_MSG_RESULT([yes]) ], 228 [ AC_MSG_RESULT([no]) 229 CFLAGS="$saved_CFLAGS" ] 230 ) 231 232 # -fstack-protector-all doesn't always work for some GCC versions 233 # and/or platforms, so we test if we can. If it's not supported 234 # on a given platform gcc will emit a warning so we use -Werror. 235 if test "x$use_stack_protector" = "x1"; then 236 for t in -fstack-protector-strong -fstack-protector-all \ 237 -fstack-protector; do 238 AC_MSG_CHECKING([if $CC supports $t]) 239 saved_CFLAGS="$CFLAGS" 240 saved_LDFLAGS="$LDFLAGS" 241 CFLAGS="$CFLAGS $t -Werror" 242 LDFLAGS="$LDFLAGS $t -Werror" 243 AC_LINK_IFELSE( 244 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 245 [[ 246 char x[256]; 247 snprintf(x, sizeof(x), "XXX"); 248 ]])], 249 [ AC_MSG_RESULT([yes]) 250 CFLAGS="$saved_CFLAGS $t" 251 LDFLAGS="$saved_LDFLAGS $t" 252 AC_MSG_CHECKING([if $t works]) 253 AC_RUN_IFELSE( 254 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 255 [[ 256 char x[256]; 257 snprintf(x, sizeof(x), "XXX"); 258 ]])], 259 [ AC_MSG_RESULT([yes]) 260 break ], 261 [ AC_MSG_RESULT([no]) ], 262 [ AC_MSG_WARN([cross compiling: cannot test]) 263 break ] 264 ) 265 ], 266 [ AC_MSG_RESULT([no]) ] 267 ) 268 CFLAGS="$saved_CFLAGS" 269 LDFLAGS="$saved_LDFLAGS" 270 done 271 fi 272 273 if test -z "$have_llong_max"; then 274 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 275 unset ac_cv_have_decl_LLONG_MAX 276 saved_CFLAGS="$CFLAGS" 277 CFLAGS="$CFLAGS -std=gnu99" 278 AC_CHECK_DECL([LLONG_MAX], 279 [have_llong_max=1], 280 [CFLAGS="$saved_CFLAGS"], 281 [#include <limits.h>] 282 ) 283 fi 284fi 285 286AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 287AC_COMPILE_IFELSE( 288 [AC_LANG_PROGRAM([[ 289#include <stdlib.h> 290__attribute__((__unused__)) static void foo(void){return;}]], 291 [[ exit(0); ]])], 292 [ AC_MSG_RESULT([yes]) ], 293 [ AC_MSG_RESULT([no]) 294 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 295 [compiler does not accept __attribute__ on return types]) ] 296) 297 298if test "x$no_attrib_nonnull" != "x1" ; then 299 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 300fi 301 302AC_ARG_WITH([rpath], 303 [ --without-rpath Disable auto-added -R linker paths], 304 [ 305 if test "x$withval" = "xno" ; then 306 need_dash_r="" 307 fi 308 if test "x$withval" = "xyes" ; then 309 need_dash_r=1 310 fi 311 ] 312) 313 314# Allow user to specify flags 315AC_ARG_WITH([cflags], 316 [ --with-cflags Specify additional flags to pass to compiler], 317 [ 318 if test -n "$withval" && test "x$withval" != "xno" && \ 319 test "x${withval}" != "xyes"; then 320 CFLAGS="$CFLAGS $withval" 321 fi 322 ] 323) 324AC_ARG_WITH([cppflags], 325 [ --with-cppflags Specify additional flags to pass to preprocessor] , 326 [ 327 if test -n "$withval" && test "x$withval" != "xno" && \ 328 test "x${withval}" != "xyes"; then 329 CPPFLAGS="$CPPFLAGS $withval" 330 fi 331 ] 332) 333AC_ARG_WITH([ldflags], 334 [ --with-ldflags Specify additional flags to pass to linker], 335 [ 336 if test -n "$withval" && test "x$withval" != "xno" && \ 337 test "x${withval}" != "xyes"; then 338 LDFLAGS="$LDFLAGS $withval" 339 fi 340 ] 341) 342AC_ARG_WITH([libs], 343 [ --with-libs Specify additional libraries to link with], 344 [ 345 if test -n "$withval" && test "x$withval" != "xno" && \ 346 test "x${withval}" != "xyes"; then 347 LIBS="$LIBS $withval" 348 fi 349 ] 350) 351AC_ARG_WITH([Werror], 352 [ --with-Werror Build main code with -Werror], 353 [ 354 if test -n "$withval" && test "x$withval" != "xno"; then 355 werror_flags="-Werror" 356 if test "x${withval}" != "xyes"; then 357 werror_flags="$withval" 358 fi 359 fi 360 ] 361) 362 363AC_CHECK_HEADERS([ \ 364 blf.h \ 365 bstring.h \ 366 crypt.h \ 367 crypto/sha2.h \ 368 dirent.h \ 369 endian.h \ 370 elf.h \ 371 features.h \ 372 fcntl.h \ 373 floatingpoint.h \ 374 getopt.h \ 375 glob.h \ 376 ia.h \ 377 iaf.h \ 378 inttypes.h \ 379 limits.h \ 380 locale.h \ 381 login.h \ 382 maillock.h \ 383 ndir.h \ 384 net/if_tun.h \ 385 netdb.h \ 386 netgroup.h \ 387 pam/pam_appl.h \ 388 paths.h \ 389 poll.h \ 390 pty.h \ 391 readpassphrase.h \ 392 rpc/types.h \ 393 security/pam_appl.h \ 394 sha2.h \ 395 shadow.h \ 396 stddef.h \ 397 stdint.h \ 398 string.h \ 399 strings.h \ 400 sys/audit.h \ 401 sys/bitypes.h \ 402 sys/bsdtty.h \ 403 sys/capability.h \ 404 sys/cdefs.h \ 405 sys/dir.h \ 406 sys/mman.h \ 407 sys/ndir.h \ 408 sys/poll.h \ 409 sys/prctl.h \ 410 sys/pstat.h \ 411 sys/select.h \ 412 sys/stat.h \ 413 sys/stream.h \ 414 sys/stropts.h \ 415 sys/strtio.h \ 416 sys/statvfs.h \ 417 sys/sysmacros.h \ 418 sys/time.h \ 419 sys/timers.h \ 420 time.h \ 421 tmpdir.h \ 422 ttyent.h \ 423 ucred.h \ 424 unistd.h \ 425 usersec.h \ 426 util.h \ 427 utime.h \ 428 utmp.h \ 429 utmpx.h \ 430 vis.h \ 431]) 432 433# lastlog.h requires sys/time.h to be included first on Solaris 434AC_CHECK_HEADERS([lastlog.h], [], [], [ 435#ifdef HAVE_SYS_TIME_H 436# include <sys/time.h> 437#endif 438]) 439 440# sys/ptms.h requires sys/stream.h to be included first on Solaris 441AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 442#ifdef HAVE_SYS_STREAM_H 443# include <sys/stream.h> 444#endif 445]) 446 447# login_cap.h requires sys/types.h on NetBSD 448AC_CHECK_HEADERS([login_cap.h], [], [], [ 449#include <sys/types.h> 450]) 451 452# older BSDs need sys/param.h before sys/mount.h 453AC_CHECK_HEADERS([sys/mount.h], [], [], [ 454#include <sys/param.h> 455]) 456 457# Android requires sys/socket.h to be included before sys/un.h 458AC_CHECK_HEADERS([sys/un.h], [], [], [ 459#include <sys/types.h> 460#include <sys/socket.h> 461]) 462 463# Messages for features tested for in target-specific section 464SIA_MSG="no" 465SPC_MSG="no" 466SP_MSG="no" 467 468# Check for some target-specific stuff 469case "$host" in 470*-*-aix*) 471 # Some versions of VAC won't allow macro redefinitions at 472 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 473 # particularly with older versions of vac or xlc. 474 # It also throws errors about null macro argments, but these are 475 # not fatal. 476 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 477 AC_COMPILE_IFELSE( 478 [AC_LANG_PROGRAM([[ 479#define testmacro foo 480#define testmacro bar]], 481 [[ exit(0); ]])], 482 [ AC_MSG_RESULT([yes]) ], 483 [ AC_MSG_RESULT([no]) 484 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 485 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`" 486 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 487 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 488 ] 489 ) 490 491 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 492 if (test -z "$blibpath"); then 493 blibpath="/usr/lib:/lib" 494 fi 495 saved_LDFLAGS="$LDFLAGS" 496 if test "$GCC" = "yes"; then 497 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 498 else 499 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 500 fi 501 for tryflags in $flags ;do 502 if (test -z "$blibflags"); then 503 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 504 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 505 [blibflags=$tryflags], []) 506 fi 507 done 508 if (test -z "$blibflags"); then 509 AC_MSG_RESULT([not found]) 510 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 511 else 512 AC_MSG_RESULT([$blibflags]) 513 fi 514 LDFLAGS="$saved_LDFLAGS" 515 dnl Check for authenticate. Might be in libs.a on older AIXes 516 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 517 [Define if you want to enable AIX4's authenticate function])], 518 [AC_CHECK_LIB([s], [authenticate], 519 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 520 LIBS="$LIBS -ls" 521 ]) 522 ]) 523 dnl Check for various auth function declarations in headers. 524 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 525 passwdexpired, setauthdb], , , [#include <usersec.h>]) 526 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 527 AC_CHECK_DECLS([loginfailed], 528 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 529 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 530 [[ (void)loginfailed("user","host","tty",0); ]])], 531 [AC_MSG_RESULT([yes]) 532 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 533 [Define if your AIX loginfailed() function 534 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 535 ])], 536 [], 537 [#include <usersec.h>] 538 ) 539 AC_CHECK_FUNCS([getgrset setauthdb]) 540 AC_CHECK_DECL([F_CLOSEM], 541 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 542 [], 543 [ #include <limits.h> 544 #include <fcntl.h> ] 545 ) 546 check_for_aix_broken_getaddrinfo=1 547 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.]) 548 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 549 [Define if your platform breaks doing a seteuid before a setuid]) 550 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 551 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 552 dnl AIX handles lastlog as part of its login message 553 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 554 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 555 [Some systems need a utmpx entry for /bin/login to work]) 556 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 557 [Define to a Set Process Title type if your system is 558 supported by bsd-setproctitle.c]) 559 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 560 [AIX 5.2 and 5.3 (and presumably newer) require this]) 561 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 562 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 563 ;; 564*-*-android*) 565 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 566 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 567 ;; 568*-*-cygwin*) 569 check_for_libcrypt_later=1 570 LIBS="$LIBS /usr/lib/textreadmode.o" 571 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 572 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 573 AC_DEFINE([DISABLE_SHADOW], [1], 574 [Define if you want to disable shadow passwords]) 575 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 576 [Define if X11 doesn't support AF_UNIX sockets on that system]) 577 AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1], 578 [Define if the concept of ports only accessible to 579 superusers isn't known]) 580 AC_DEFINE([DISABLE_FD_PASSING], [1], 581 [Define if your platform needs to skip post auth 582 file descriptor passing]) 583 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 584 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 585 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 586 # reasons which cause compile warnings, so we disable those warnings. 587 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 588 ;; 589*-*-dgux*) 590 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 591 [Define if your system choked on IP TOS setting]) 592 AC_DEFINE([SETEUID_BREAKS_SETUID]) 593 AC_DEFINE([BROKEN_SETREUID]) 594 AC_DEFINE([BROKEN_SETREGID]) 595 ;; 596*-*-darwin*) 597 use_pie=auto 598 AC_MSG_CHECKING([if we have working getaddrinfo]) 599 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h> 600main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 601 exit(0); 602 else 603 exit(1); 604} 605 ]])], 606 [AC_MSG_RESULT([working])], 607 [AC_MSG_RESULT([buggy]) 608 AC_DEFINE([BROKEN_GETADDRINFO], [1], 609 [getaddrinfo is broken (if present)]) 610 ], 611 [AC_MSG_RESULT([assume it is working])]) 612 AC_DEFINE([SETEUID_BREAKS_SETUID]) 613 AC_DEFINE([BROKEN_SETREUID]) 614 AC_DEFINE([BROKEN_SETREGID]) 615 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 616 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 617 [Define if your resolver libs need this for getrrsetbyname]) 618 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 619 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 620 [Use tunnel device compatibility to OpenBSD]) 621 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 622 [Prepend the address family to IP tunnel traffic]) 623 m4_pattern_allow([AU_IPv]) 624 AC_CHECK_DECL([AU_IPv4], [], 625 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 626 [#include <bsm/audit.h>] 627 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 628 [Define if pututxline updates lastlog too]) 629 ) 630 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 631 [Define to a Set Process Title type if your system is 632 supported by bsd-setproctitle.c]) 633 AC_CHECK_FUNCS([sandbox_init]) 634 AC_CHECK_HEADERS([sandbox.h]) 635 ;; 636*-*-dragonfly*) 637 SSHDLIBS="$SSHDLIBS -lcrypt" 638 TEST_MALLOC_OPTIONS="AFGJPRX" 639 ;; 640*-*-haiku*) 641 LIBS="$LIBS -lbsd " 642 AC_CHECK_LIB([network], [socket]) 643 AC_DEFINE([HAVE_U_INT64_T]) 644 MANTYPE=man 645 ;; 646*-*-hpux*) 647 # first we define all of the options common to all HP-UX releases 648 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 649 IPADDR_IN_DISPLAY=yes 650 AC_DEFINE([USE_PIPES]) 651 AC_DEFINE([LOGIN_NO_ENDOPT], [1], 652 [Define if your login program cannot handle end of options ("--")]) 653 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 654 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 655 [String used in /etc/passwd to denote locked account]) 656 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 657 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 658 maildir="/var/mail" 659 LIBS="$LIBS -lsec" 660 AC_CHECK_LIB([xnet], [t_error], , 661 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 662 663 # next, we define all of the options specific to major releases 664 case "$host" in 665 *-*-hpux10*) 666 if test -z "$GCC"; then 667 CFLAGS="$CFLAGS -Ae" 668 fi 669 ;; 670 *-*-hpux11*) 671 AC_DEFINE([PAM_SUN_CODEBASE], [1], 672 [Define if you are using Solaris-derived PAM which 673 passes pam_messages to the conversation function 674 with an extra level of indirection]) 675 AC_DEFINE([DISABLE_UTMP], [1], 676 [Define if you don't want to use utmp]) 677 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 678 check_for_hpux_broken_getaddrinfo=1 679 check_for_conflicting_getspnam=1 680 ;; 681 esac 682 683 # lastly, we define options specific to minor releases 684 case "$host" in 685 *-*-hpux10.26) 686 AC_DEFINE([HAVE_SECUREWARE], [1], 687 [Define if you have SecureWare-based 688 protected password database]) 689 disable_ptmx_check=yes 690 LIBS="$LIBS -lsecpw" 691 ;; 692 esac 693 ;; 694*-*-irix5*) 695 PATH="$PATH:/usr/etc" 696 AC_DEFINE([BROKEN_INET_NTOA], [1], 697 [Define if you system's inet_ntoa is busted 698 (e.g. Irix gcc issue)]) 699 AC_DEFINE([SETEUID_BREAKS_SETUID]) 700 AC_DEFINE([BROKEN_SETREUID]) 701 AC_DEFINE([BROKEN_SETREGID]) 702 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 703 [Define if you shouldn't strip 'tty' from your 704 ttyname in [uw]tmp]) 705 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 706 ;; 707*-*-irix6*) 708 PATH="$PATH:/usr/etc" 709 AC_DEFINE([WITH_IRIX_ARRAY], [1], 710 [Define if you have/want arrays 711 (cluster-wide session managment, not C arrays)]) 712 AC_DEFINE([WITH_IRIX_PROJECT], [1], 713 [Define if you want IRIX project management]) 714 AC_DEFINE([WITH_IRIX_AUDIT], [1], 715 [Define if you want IRIX audit trails]) 716 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 717 [Define if you want IRIX kernel jobs])]) 718 AC_DEFINE([BROKEN_INET_NTOA]) 719 AC_DEFINE([SETEUID_BREAKS_SETUID]) 720 AC_DEFINE([BROKEN_SETREUID]) 721 AC_DEFINE([BROKEN_SETREGID]) 722 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 723 AC_DEFINE([WITH_ABBREV_NO_TTY]) 724 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 725 ;; 726*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 727 check_for_libcrypt_later=1 728 AC_DEFINE([PAM_TTY_KLUDGE]) 729 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 730 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 731 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 732 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 733 ;; 734*-*-linux*) 735 no_dev_ptmx=1 736 use_pie=auto 737 check_for_libcrypt_later=1 738 check_for_openpty_ctty_bug=1 739 AC_DEFINE([PAM_TTY_KLUDGE], [1], 740 [Work around problematic Linux PAM modules handling of PAM_TTY]) 741 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 742 [String used in /etc/passwd to denote locked account]) 743 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 744 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 745 [Define to whatever link() returns for "not supported" 746 if it doesn't return EOPNOTSUPP.]) 747 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 748 AC_DEFINE([USE_BTMP]) 749 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 750 inet6_default_4in6=yes 751 case `uname -r` in 752 1.*|2.0.*) 753 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 754 [Define if cmsg_type is not passed correctly]) 755 ;; 756 esac 757 # tun(4) forwarding compat code 758 AC_CHECK_HEADERS([linux/if_tun.h]) 759 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 760 AC_DEFINE([SSH_TUN_LINUX], [1], 761 [Open tunnel devices the Linux tun/tap way]) 762 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 763 [Use tunnel device compatibility to OpenBSD]) 764 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 765 [Prepend the address family to IP tunnel traffic]) 766 fi 767 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 768 [], [#include <linux/types.h>]) 769 AC_CHECK_FUNCS([prctl]) 770 AC_MSG_CHECKING([for seccomp architecture]) 771 seccomp_audit_arch= 772 case "$host" in 773 x86_64-*) 774 seccomp_audit_arch=AUDIT_ARCH_X86_64 775 ;; 776 i*86-*) 777 seccomp_audit_arch=AUDIT_ARCH_I386 778 ;; 779 arm*-*) 780 seccomp_audit_arch=AUDIT_ARCH_ARM 781 ;; 782 esac 783 if test "x$seccomp_audit_arch" != "x" ; then 784 AC_MSG_RESULT(["$seccomp_audit_arch"]) 785 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 786 [Specify the system call convention in use]) 787 else 788 AC_MSG_RESULT([architecture not supported]) 789 fi 790 ;; 791mips-sony-bsd|mips-sony-newsos4) 792 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 793 SONY=1 794 ;; 795*-*-netbsd*) 796 check_for_libcrypt_before=1 797 if test "x$withval" != "xno" ; then 798 need_dash_r=1 799 fi 800 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 801 AC_CHECK_HEADER([net/if_tap.h], , 802 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 803 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 804 [Prepend the address family to IP tunnel traffic]) 805 TEST_MALLOC_OPTIONS="AJRX" 806 AC_DEFINE([BROKEN_STRNVIS], [1], 807 [NetBSD strnvis argument order is swapped compared to OpenBSD]) 808 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 809 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 810 ;; 811*-*-freebsd*) 812 check_for_libcrypt_later=1 813 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 814 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 815 AC_CHECK_HEADER([net/if_tap.h], , 816 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 817 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 818 AC_DEFINE([BROKEN_STRNVIS], [1], 819 [FreeBSD strnvis argument order is swapped compared to OpenBSD]) 820 TEST_MALLOC_OPTIONS="AJRX" 821 # Preauth crypto occasionally uses file descriptors for crypto offload 822 # and will crash if they cannot be opened. 823 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 824 [define if setrlimit RLIMIT_NOFILE breaks things]) 825 ;; 826*-*-bsdi*) 827 AC_DEFINE([SETEUID_BREAKS_SETUID]) 828 AC_DEFINE([BROKEN_SETREUID]) 829 AC_DEFINE([BROKEN_SETREGID]) 830 ;; 831*-next-*) 832 conf_lastlog_location="/usr/adm/lastlog" 833 conf_utmp_location=/etc/utmp 834 conf_wtmp_location=/usr/adm/wtmp 835 maildir=/usr/spool/mail 836 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 837 AC_DEFINE([BROKEN_REALPATH]) 838 AC_DEFINE([USE_PIPES]) 839 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 840 ;; 841*-*-openbsd*) 842 use_pie=auto 843 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 844 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 845 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 846 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 847 [syslog_r function is safe to use in in a signal handler]) 848 TEST_MALLOC_OPTIONS="AFGJPRX" 849 ;; 850*-*-solaris*) 851 if test "x$withval" != "xno" ; then 852 need_dash_r=1 853 fi 854 AC_DEFINE([PAM_SUN_CODEBASE]) 855 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 856 AC_DEFINE([LOGIN_NEEDS_TERM], [1], 857 [Some versions of /bin/login need the TERM supplied 858 on the commandline]) 859 AC_DEFINE([PAM_TTY_KLUDGE]) 860 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 861 [Define if pam_chauthtok wants real uid set 862 to the unpriv'ed user]) 863 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 864 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 865 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 866 [Define if sshd somehow reacquires a controlling TTY 867 after setsid()]) 868 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 869 in case the name is longer than 8 chars]) 870 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 871 external_path_file=/etc/default/login 872 # hardwire lastlog location (can't detect it on some versions) 873 conf_lastlog_location="/var/adm/lastlog" 874 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 875 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 876 if test "$sol2ver" -ge 8; then 877 AC_MSG_RESULT([yes]) 878 AC_DEFINE([DISABLE_UTMP]) 879 AC_DEFINE([DISABLE_WTMP], [1], 880 [Define if you don't want to use wtmp]) 881 else 882 AC_MSG_RESULT([no]) 883 fi 884 AC_ARG_WITH([solaris-contracts], 885 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 886 [ 887 AC_CHECK_LIB([contract], [ct_tmpl_activate], 888 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 889 [Define if you have Solaris process contracts]) 890 SSHDLIBS="$SSHDLIBS -lcontract" 891 SPC_MSG="yes" ], ) 892 ], 893 ) 894 AC_ARG_WITH([solaris-projects], 895 [ --with-solaris-projects Enable Solaris projects (experimental)], 896 [ 897 AC_CHECK_LIB([project], [setproject], 898 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 899 [Define if you have Solaris projects]) 900 SSHDLIBS="$SSHDLIBS -lproject" 901 SP_MSG="yes" ], ) 902 ], 903 ) 904 TEST_SHELL=$SHELL # let configure find us a capable shell 905 ;; 906*-*-sunos4*) 907 CPPFLAGS="$CPPFLAGS -DSUNOS4" 908 AC_CHECK_FUNCS([getpwanam]) 909 AC_DEFINE([PAM_SUN_CODEBASE]) 910 conf_utmp_location=/etc/utmp 911 conf_wtmp_location=/var/adm/wtmp 912 conf_lastlog_location=/var/adm/lastlog 913 AC_DEFINE([USE_PIPES]) 914 ;; 915*-ncr-sysv*) 916 LIBS="$LIBS -lc89" 917 AC_DEFINE([USE_PIPES]) 918 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 919 AC_DEFINE([SETEUID_BREAKS_SETUID]) 920 AC_DEFINE([BROKEN_SETREUID]) 921 AC_DEFINE([BROKEN_SETREGID]) 922 ;; 923*-sni-sysv*) 924 # /usr/ucblib MUST NOT be searched on ReliantUNIX 925 AC_CHECK_LIB([dl], [dlsym], ,) 926 # -lresolv needs to be at the end of LIBS or DNS lookups break 927 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 928 IPADDR_IN_DISPLAY=yes 929 AC_DEFINE([USE_PIPES]) 930 AC_DEFINE([IP_TOS_IS_BROKEN]) 931 AC_DEFINE([SETEUID_BREAKS_SETUID]) 932 AC_DEFINE([BROKEN_SETREUID]) 933 AC_DEFINE([BROKEN_SETREGID]) 934 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 935 external_path_file=/etc/default/login 936 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 937 # Attention: always take care to bind libsocket and libnsl before libc, 938 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 939 ;; 940# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 941*-*-sysv4.2*) 942 AC_DEFINE([USE_PIPES]) 943 AC_DEFINE([SETEUID_BREAKS_SETUID]) 944 AC_DEFINE([BROKEN_SETREUID]) 945 AC_DEFINE([BROKEN_SETREGID]) 946 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 947 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 948 TEST_SHELL=$SHELL # let configure find us a capable shell 949 ;; 950# UnixWare 7.x, OpenUNIX 8 951*-*-sysv5*) 952 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 953 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 954 AC_DEFINE([USE_PIPES]) 955 AC_DEFINE([SETEUID_BREAKS_SETUID]) 956 AC_DEFINE([BROKEN_GETADDRINFO]) 957 AC_DEFINE([BROKEN_SETREUID]) 958 AC_DEFINE([BROKEN_SETREGID]) 959 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 960 TEST_SHELL=$SHELL # let configure find us a capable shell 961 case "$host" in 962 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 963 maildir=/var/spool/mail 964 AC_DEFINE([BROKEN_LIBIAF], [1], 965 [ia_uinfo routines not supported by OS yet]) 966 AC_DEFINE([BROKEN_UPDWTMPX]) 967 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 968 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 969 AC_DEFINE([HAVE_SECUREWARE]) 970 AC_DEFINE([DISABLE_SHADOW]) 971 ], , ) 972 ;; 973 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 974 check_for_libcrypt_later=1 975 ;; 976 esac 977 ;; 978*-*-sysv*) 979 ;; 980# SCO UNIX and OEM versions of SCO UNIX 981*-*-sco3.2v4*) 982 AC_MSG_ERROR("This Platform is no longer supported.") 983 ;; 984# SCO OpenServer 5.x 985*-*-sco3.2v5*) 986 if test -z "$GCC"; then 987 CFLAGS="$CFLAGS -belf" 988 fi 989 LIBS="$LIBS -lprot -lx -ltinfo -lm" 990 no_dev_ptmx=1 991 AC_DEFINE([USE_PIPES]) 992 AC_DEFINE([HAVE_SECUREWARE]) 993 AC_DEFINE([DISABLE_SHADOW]) 994 AC_DEFINE([DISABLE_FD_PASSING]) 995 AC_DEFINE([SETEUID_BREAKS_SETUID]) 996 AC_DEFINE([BROKEN_GETADDRINFO]) 997 AC_DEFINE([BROKEN_SETREUID]) 998 AC_DEFINE([BROKEN_SETREGID]) 999 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1000 AC_DEFINE([BROKEN_UPDWTMPX]) 1001 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1002 AC_CHECK_FUNCS([getluid setluid]) 1003 MANTYPE=man 1004 TEST_SHELL=$SHELL # let configure find us a capable shell 1005 SKIP_DISABLE_LASTLOG_DEFINE=yes 1006 ;; 1007*-*-unicosmk*) 1008 AC_DEFINE([NO_SSH_LASTLOG], [1], 1009 [Define if you don't want to use lastlog in session.c]) 1010 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1011 AC_DEFINE([BROKEN_SETREUID]) 1012 AC_DEFINE([BROKEN_SETREGID]) 1013 AC_DEFINE([USE_PIPES]) 1014 AC_DEFINE([DISABLE_FD_PASSING]) 1015 LDFLAGS="$LDFLAGS" 1016 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" 1017 MANTYPE=cat 1018 ;; 1019*-*-unicosmp*) 1020 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1021 AC_DEFINE([BROKEN_SETREUID]) 1022 AC_DEFINE([BROKEN_SETREGID]) 1023 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1024 AC_DEFINE([USE_PIPES]) 1025 AC_DEFINE([DISABLE_FD_PASSING]) 1026 LDFLAGS="$LDFLAGS" 1027 LIBS="$LIBS -lgen -lacid -ldb" 1028 MANTYPE=cat 1029 ;; 1030*-*-unicos*) 1031 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1032 AC_DEFINE([BROKEN_SETREUID]) 1033 AC_DEFINE([BROKEN_SETREGID]) 1034 AC_DEFINE([USE_PIPES]) 1035 AC_DEFINE([DISABLE_FD_PASSING]) 1036 AC_DEFINE([NO_SSH_LASTLOG]) 1037 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" 1038 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" 1039 MANTYPE=cat 1040 ;; 1041*-dec-osf*) 1042 AC_MSG_CHECKING([for Digital Unix SIA]) 1043 no_osfsia="" 1044 AC_ARG_WITH([osfsia], 1045 [ --with-osfsia Enable Digital Unix SIA], 1046 [ 1047 if test "x$withval" = "xno" ; then 1048 AC_MSG_RESULT([disabled]) 1049 no_osfsia=1 1050 fi 1051 ], 1052 ) 1053 if test -z "$no_osfsia" ; then 1054 if test -f /etc/sia/matrix.conf; then 1055 AC_MSG_RESULT([yes]) 1056 AC_DEFINE([HAVE_OSF_SIA], [1], 1057 [Define if you have Digital Unix Security 1058 Integration Architecture]) 1059 AC_DEFINE([DISABLE_LOGIN], [1], 1060 [Define if you don't want to use your 1061 system's login() call]) 1062 AC_DEFINE([DISABLE_FD_PASSING]) 1063 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1064 SIA_MSG="yes" 1065 else 1066 AC_MSG_RESULT([no]) 1067 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1068 [String used in /etc/passwd to denote locked account]) 1069 fi 1070 fi 1071 AC_DEFINE([BROKEN_GETADDRINFO]) 1072 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1073 AC_DEFINE([BROKEN_SETREUID]) 1074 AC_DEFINE([BROKEN_SETREGID]) 1075 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1076 ;; 1077 1078*-*-nto-qnx*) 1079 AC_DEFINE([USE_PIPES]) 1080 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1081 AC_DEFINE([DISABLE_LASTLOG]) 1082 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1083 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1084 enable_etc_default_login=no # has incompatible /etc/default/login 1085 case "$host" in 1086 *-*-nto-qnx6*) 1087 AC_DEFINE([DISABLE_FD_PASSING]) 1088 ;; 1089 esac 1090 ;; 1091 1092*-*-ultrix*) 1093 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1094 AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files]) 1095 AC_DEFINE([NEED_SETPGRP]) 1096 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1097 ;; 1098 1099*-*-lynxos) 1100 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1101 AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation]) 1102 ;; 1103esac 1104 1105AC_MSG_CHECKING([compiler and flags for sanity]) 1106AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], 1107 [ AC_MSG_RESULT([yes]) ], 1108 [ 1109 AC_MSG_RESULT([no]) 1110 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1111 ], 1112 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1113) 1114 1115dnl Checks for header files. 1116# Checks for libraries. 1117AC_CHECK_FUNC([yp_match], , [AC_CHECK_LIB([nsl], [yp_match])]) 1118AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1119 1120dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1121AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1122 AC_CHECK_LIB([gen], [dirname], [ 1123 AC_CACHE_CHECK([for broken dirname], 1124 ac_cv_have_broken_dirname, [ 1125 save_LIBS="$LIBS" 1126 LIBS="$LIBS -lgen" 1127 AC_RUN_IFELSE( 1128 [AC_LANG_SOURCE([[ 1129#include <libgen.h> 1130#include <string.h> 1131 1132int main(int argc, char **argv) { 1133 char *s, buf[32]; 1134 1135 strncpy(buf,"/etc", 32); 1136 s = dirname(buf); 1137 if (!s || strncmp(s, "/", 32) != 0) { 1138 exit(1); 1139 } else { 1140 exit(0); 1141 } 1142} 1143 ]])], 1144 [ ac_cv_have_broken_dirname="no" ], 1145 [ ac_cv_have_broken_dirname="yes" ], 1146 [ ac_cv_have_broken_dirname="no" ], 1147 ) 1148 LIBS="$save_LIBS" 1149 ]) 1150 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1151 LIBS="$LIBS -lgen" 1152 AC_DEFINE([HAVE_DIRNAME]) 1153 AC_CHECK_HEADERS([libgen.h]) 1154 fi 1155 ]) 1156]) 1157 1158AC_CHECK_FUNC([getspnam], , 1159 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1160AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1161 [Define if you have the basename function.])]) 1162 1163dnl zlib is required 1164AC_ARG_WITH([zlib], 1165 [ --with-zlib=PATH Use zlib in PATH], 1166 [ if test "x$withval" = "xno" ; then 1167 AC_MSG_ERROR([*** zlib is required ***]) 1168 elif test "x$withval" != "xyes"; then 1169 if test -d "$withval/lib"; then 1170 if test -n "${need_dash_r}"; then 1171 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1172 else 1173 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1174 fi 1175 else 1176 if test -n "${need_dash_r}"; then 1177 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1178 else 1179 LDFLAGS="-L${withval} ${LDFLAGS}" 1180 fi 1181 fi 1182 if test -d "$withval/include"; then 1183 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1184 else 1185 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1186 fi 1187 fi ] 1188) 1189 1190AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1191AC_CHECK_LIB([z], [deflate], , 1192 [ 1193 saved_CPPFLAGS="$CPPFLAGS" 1194 saved_LDFLAGS="$LDFLAGS" 1195 save_LIBS="$LIBS" 1196 dnl Check default zlib install dir 1197 if test -n "${need_dash_r}"; then 1198 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}" 1199 else 1200 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1201 fi 1202 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1203 LIBS="$LIBS -lz" 1204 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1205 [ 1206 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1207 ] 1208 ) 1209 ] 1210) 1211 1212AC_ARG_WITH([zlib-version-check], 1213 [ --without-zlib-version-check Disable zlib version check], 1214 [ if test "x$withval" = "xno" ; then 1215 zlib_check_nonfatal=1 1216 fi 1217 ] 1218) 1219 1220AC_MSG_CHECKING([for possibly buggy zlib]) 1221AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1222#include <stdio.h> 1223#include <stdlib.h> 1224#include <zlib.h> 1225 ]], 1226 [[ 1227 int a=0, b=0, c=0, d=0, n, v; 1228 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1229 if (n != 3 && n != 4) 1230 exit(1); 1231 v = a*1000000 + b*10000 + c*100 + d; 1232 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1233 1234 /* 1.1.4 is OK */ 1235 if (a == 1 && b == 1 && c >= 4) 1236 exit(0); 1237 1238 /* 1.2.3 and up are OK */ 1239 if (v >= 1020300) 1240 exit(0); 1241 1242 exit(2); 1243 ]])], 1244 AC_MSG_RESULT([no]), 1245 [ AC_MSG_RESULT([yes]) 1246 if test -z "$zlib_check_nonfatal" ; then 1247 AC_MSG_ERROR([*** zlib too old - check config.log *** 1248Your reported zlib version has known security problems. It's possible your 1249vendor has fixed these problems without changing the version number. If you 1250are sure this is the case, you can disable the check by running 1251"./configure --without-zlib-version-check". 1252If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1253See http://www.gzip.org/zlib/ for details.]) 1254 else 1255 AC_MSG_WARN([zlib version may have security problems]) 1256 fi 1257 ], 1258 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1259) 1260 1261dnl UnixWare 2.x 1262AC_CHECK_FUNC([strcasecmp], 1263 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1264) 1265AC_CHECK_FUNCS([utimes], 1266 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1267 LIBS="$LIBS -lc89"]) ] 1268) 1269 1270dnl Checks for libutil functions 1271AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1272AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1273AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1274AC_SEARCH_LIBS([login], [util bsd]) 1275AC_SEARCH_LIBS([logout], [util bsd]) 1276AC_SEARCH_LIBS([logwtmp], [util bsd]) 1277AC_SEARCH_LIBS([openpty], [util bsd]) 1278AC_SEARCH_LIBS([updwtmp], [util bsd]) 1279AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1280 1281# On some platforms, inet_ntop may be found in libresolv or libnsl. 1282AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1283 1284AC_FUNC_STRFTIME 1285 1286# Check for ALTDIRFUNC glob() extension 1287AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1288AC_EGREP_CPP([FOUNDIT], 1289 [ 1290 #include <glob.h> 1291 #ifdef GLOB_ALTDIRFUNC 1292 FOUNDIT 1293 #endif 1294 ], 1295 [ 1296 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1297 [Define if your system glob() function has 1298 the GLOB_ALTDIRFUNC extension]) 1299 AC_MSG_RESULT([yes]) 1300 ], 1301 [ 1302 AC_MSG_RESULT([no]) 1303 ] 1304) 1305 1306# Check for g.gl_matchc glob() extension 1307AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1308AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1309 [[ glob_t g; g.gl_matchc = 1; ]])], 1310 [ 1311 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1312 [Define if your system glob() function has 1313 gl_matchc options in glob_t]) 1314 AC_MSG_RESULT([yes]) 1315 ], [ 1316 AC_MSG_RESULT([no]) 1317]) 1318 1319# Check for g.gl_statv glob() extension 1320AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1321AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1322#ifndef GLOB_KEEPSTAT 1323#error "glob does not support GLOB_KEEPSTAT extension" 1324#endif 1325glob_t g; 1326g.gl_statv = NULL; 1327]])], 1328 [ 1329 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1330 [Define if your system glob() function has 1331 gl_statv options in glob_t]) 1332 AC_MSG_RESULT([yes]) 1333 ], [ 1334 AC_MSG_RESULT([no]) 1335 1336]) 1337 1338AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1339 1340AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1341AC_RUN_IFELSE( 1342 [AC_LANG_PROGRAM([[ 1343#include <sys/types.h> 1344#include <dirent.h>]], 1345 [[ 1346 struct dirent d; 1347 exit(sizeof(d.d_name)<=sizeof(char)); 1348 ]])], 1349 [AC_MSG_RESULT([yes])], 1350 [ 1351 AC_MSG_RESULT([no]) 1352 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1353 [Define if your struct dirent expects you to 1354 allocate extra space for d_name]) 1355 ], 1356 [ 1357 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1358 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1359 ] 1360) 1361 1362AC_MSG_CHECKING([for /proc/pid/fd directory]) 1363if test -d "/proc/$$/fd" ; then 1364 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1365 AC_MSG_RESULT([yes]) 1366else 1367 AC_MSG_RESULT([no]) 1368fi 1369 1370# Check whether user wants S/Key support 1371SKEY_MSG="no" 1372AC_ARG_WITH([skey], 1373 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)], 1374 [ 1375 if test "x$withval" != "xno" ; then 1376 1377 if test "x$withval" != "xyes" ; then 1378 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1379 LDFLAGS="$LDFLAGS -L${withval}/lib" 1380 fi 1381 1382 AC_DEFINE([SKEY], [1], [Define if you want S/Key support]) 1383 LIBS="-lskey $LIBS" 1384 SKEY_MSG="yes" 1385 1386 AC_MSG_CHECKING([for s/key support]) 1387 AC_LINK_IFELSE( 1388 [AC_LANG_PROGRAM([[ 1389#include <stdio.h> 1390#include <skey.h> 1391 ]], [[ 1392 char *ff = skey_keyinfo(""); ff=""; 1393 exit(0); 1394 ]])], 1395 [AC_MSG_RESULT([yes])], 1396 [ 1397 AC_MSG_RESULT([no]) 1398 AC_MSG_ERROR([** Incomplete or missing s/key libraries.]) 1399 ]) 1400 AC_MSG_CHECKING([if skeychallenge takes 4 arguments]) 1401 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1402#include <stdio.h> 1403#include <skey.h> 1404 ]], [[ 1405 (void)skeychallenge(NULL,"name","",0); 1406 ]])], 1407 [ 1408 AC_MSG_RESULT([yes]) 1409 AC_DEFINE([SKEYCHALLENGE_4ARG], [1], 1410 [Define if your skeychallenge() 1411 function takes 4 arguments (NetBSD)])], 1412 [ 1413 AC_MSG_RESULT([no]) 1414 ]) 1415 fi 1416 ] 1417) 1418 1419# Check whether user wants to use ldns 1420LDNS_MSG="no" 1421AC_ARG_WITH(ldns, 1422 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1423 [ 1424 if test "x$withval" != "xno" ; then 1425 1426 if test "x$withval" != "xyes" ; then 1427 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1428 LDFLAGS="$LDFLAGS -L${withval}/lib" 1429 fi 1430 1431 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1432 LIBS="-lldns $LIBS" 1433 LDNS_MSG="yes" 1434 1435 AC_MSG_CHECKING([for ldns support]) 1436 AC_LINK_IFELSE( 1437 [AC_LANG_SOURCE([[ 1438#include <stdio.h> 1439#include <stdlib.h> 1440#include <stdint.h> 1441#include <ldns/ldns.h> 1442int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1443 ]]) 1444 ], 1445 [AC_MSG_RESULT(yes)], 1446 [ 1447 AC_MSG_RESULT(no) 1448 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1449 ]) 1450 fi 1451 ] 1452) 1453 1454# Check whether user wants libedit support 1455LIBEDIT_MSG="no" 1456AC_ARG_WITH([libedit], 1457 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1458 [ if test "x$withval" != "xno" ; then 1459 if test "x$withval" = "xyes" ; then 1460 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1461 if test "x$PKGCONFIG" != "xno"; then 1462 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1463 if "$PKGCONFIG" libedit; then 1464 AC_MSG_RESULT([yes]) 1465 use_pkgconfig_for_libedit=yes 1466 else 1467 AC_MSG_RESULT([no]) 1468 fi 1469 fi 1470 else 1471 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1472 if test -n "${need_dash_r}"; then 1473 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1474 else 1475 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1476 fi 1477 fi 1478 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1479 LIBEDIT=`$PKGCONFIG --libs libedit` 1480 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1481 else 1482 LIBEDIT="-ledit -lcurses" 1483 fi 1484 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1485 AC_CHECK_LIB([edit], [el_init], 1486 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1487 LIBEDIT_MSG="yes" 1488 AC_SUBST([LIBEDIT]) 1489 ], 1490 [ AC_MSG_ERROR([libedit not found]) ], 1491 [ $OTHERLIBS ] 1492 ) 1493 AC_MSG_CHECKING([if libedit version is compatible]) 1494 AC_COMPILE_IFELSE( 1495 [AC_LANG_PROGRAM([[ #include <histedit.h> ]], 1496 [[ 1497 int i = H_SETSIZE; 1498 el_init("", NULL, NULL, NULL); 1499 exit(0); 1500 ]])], 1501 [ AC_MSG_RESULT([yes]) ], 1502 [ AC_MSG_RESULT([no]) 1503 AC_MSG_ERROR([libedit version is not compatible]) ] 1504 ) 1505 fi ] 1506) 1507 1508AUDIT_MODULE=none 1509AC_ARG_WITH([audit], 1510 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1511 [ 1512 AC_MSG_CHECKING([for supported audit module]) 1513 case "$withval" in 1514 bsm) 1515 AC_MSG_RESULT([bsm]) 1516 AUDIT_MODULE=bsm 1517 dnl Checks for headers, libs and functions 1518 AC_CHECK_HEADERS([bsm/audit.h], [], 1519 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1520 [ 1521#ifdef HAVE_TIME_H 1522# include <time.h> 1523#endif 1524 ] 1525) 1526 AC_CHECK_LIB([bsm], [getaudit], [], 1527 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1528 AC_CHECK_FUNCS([getaudit], [], 1529 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1530 # These are optional 1531 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1532 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1533 if test "$sol2ver" -ge 11; then 1534 SSHDLIBS="$SSHDLIBS -lscf" 1535 AC_DEFINE([BROKEN_BSM_API], [1], 1536 [The system has incomplete BSM API]) 1537 fi 1538 ;; 1539 linux) 1540 AC_MSG_RESULT([linux]) 1541 AUDIT_MODULE=linux 1542 dnl Checks for headers, libs and functions 1543 AC_CHECK_HEADERS([libaudit.h]) 1544 SSHDLIBS="$SSHDLIBS -laudit" 1545 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1546 ;; 1547 debug) 1548 AUDIT_MODULE=debug 1549 AC_MSG_RESULT([debug]) 1550 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1551 ;; 1552 no) 1553 AC_MSG_RESULT([no]) 1554 ;; 1555 *) 1556 AC_MSG_ERROR([Unknown audit module $withval]) 1557 ;; 1558 esac ] 1559) 1560 1561AC_ARG_WITH([pie], 1562 [ --with-pie Build Position Independent Executables if possible], [ 1563 if test "x$withval" = "xno"; then 1564 use_pie=no 1565 fi 1566 if test "x$withval" = "xyes"; then 1567 use_pie=yes 1568 fi 1569 ] 1570) 1571if test "x$use_pie" = "x"; then 1572 use_pie=no 1573fi 1574if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1575 # Turn off automatic PIE when toolchain hardening is off. 1576 use_pie=no 1577fi 1578if test "x$use_pie" = "xauto"; then 1579 # Automatic PIE requires gcc >= 4.x 1580 AC_MSG_CHECKING([for gcc >= 4.x]) 1581 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1582#if !defined(__GNUC__) || __GNUC__ < 4 1583#error gcc is too old 1584#endif 1585]])], 1586 [ AC_MSG_RESULT([yes]) ], 1587 [ AC_MSG_RESULT([no]) 1588 use_pie=no ] 1589) 1590fi 1591if test "x$use_pie" != "xno"; then 1592 SAVED_CFLAGS="$CFLAGS" 1593 SAVED_LDFLAGS="$LDFLAGS" 1594 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1595 OSSH_CHECK_LDFLAG_LINK([-pie]) 1596 # We use both -fPIE and -pie or neither. 1597 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1598 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1599 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1600 AC_MSG_RESULT([yes]) 1601 else 1602 AC_MSG_RESULT([no]) 1603 CFLAGS="$SAVED_CFLAGS" 1604 LDFLAGS="$SAVED_LDFLAGS" 1605 fi 1606fi 1607 1608dnl Checks for library functions. Please keep in alphabetical order 1609AC_CHECK_FUNCS([ \ 1610 Blowfish_initstate \ 1611 Blowfish_expandstate \ 1612 Blowfish_expand0state \ 1613 Blowfish_stream2word \ 1614 asprintf \ 1615 b64_ntop \ 1616 __b64_ntop \ 1617 b64_pton \ 1618 __b64_pton \ 1619 bcopy \ 1620 bcrypt_pbkdf \ 1621 bindresvport_sa \ 1622 blf_enc \ 1623 cap_rights_limit \ 1624 clock \ 1625 closefrom \ 1626 dirfd \ 1627 endgrent \ 1628 explicit_bzero \ 1629 fchmod \ 1630 fchown \ 1631 freeaddrinfo \ 1632 fstatfs \ 1633 fstatvfs \ 1634 futimes \ 1635 getaddrinfo \ 1636 getcwd \ 1637 getgrouplist \ 1638 getnameinfo \ 1639 getopt \ 1640 getpeereid \ 1641 getpeerucred \ 1642 getpgid \ 1643 getpgrp \ 1644 _getpty \ 1645 getrlimit \ 1646 getttyent \ 1647 glob \ 1648 group_from_gid \ 1649 inet_aton \ 1650 inet_ntoa \ 1651 inet_ntop \ 1652 innetgr \ 1653 login_getcapbool \ 1654 mblen \ 1655 md5_crypt \ 1656 memmove \ 1657 memset_s \ 1658 mkdtemp \ 1659 mmap \ 1660 ngetaddrinfo \ 1661 nsleep \ 1662 ogetaddrinfo \ 1663 openlog_r \ 1664 poll \ 1665 prctl \ 1666 pstat \ 1667 readpassphrase \ 1668 reallocarray \ 1669 realpath \ 1670 recvmsg \ 1671 rresvport_af \ 1672 sendmsg \ 1673 setdtablesize \ 1674 setegid \ 1675 setenv \ 1676 seteuid \ 1677 setgroupent \ 1678 setgroups \ 1679 setlinebuf \ 1680 setlogin \ 1681 setpassent\ 1682 setpcred \ 1683 setproctitle \ 1684 setregid \ 1685 setreuid \ 1686 setrlimit \ 1687 setsid \ 1688 setvbuf \ 1689 sigaction \ 1690 sigvec \ 1691 snprintf \ 1692 socketpair \ 1693 statfs \ 1694 statvfs \ 1695 strdup \ 1696 strerror \ 1697 strlcat \ 1698 strlcpy \ 1699 strmode \ 1700 strnlen \ 1701 strnvis \ 1702 strptime \ 1703 strtonum \ 1704 strtoll \ 1705 strtoul \ 1706 strtoull \ 1707 swap32 \ 1708 sysconf \ 1709 tcgetpgrp \ 1710 timingsafe_bcmp \ 1711 truncate \ 1712 unsetenv \ 1713 updwtmpx \ 1714 user_from_uid \ 1715 usleep \ 1716 vasprintf \ 1717 vsnprintf \ 1718 waitpid \ 1719]) 1720 1721AC_LINK_IFELSE( 1722 [AC_LANG_PROGRAM( 1723 [[ #include <ctype.h> ]], 1724 [[ return (isblank('a')); ]])], 1725 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1726]) 1727 1728# PKCS11 depends on OpenSSL. 1729if test "x$openssl" = "xyes" ; then 1730 # PKCS#11 support requires dlopen() and co 1731 AC_SEARCH_LIBS([dlopen], [dl], 1732 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])] 1733 ) 1734fi 1735 1736# IRIX has a const char return value for gai_strerror() 1737AC_CHECK_FUNCS([gai_strerror], [ 1738 AC_DEFINE([HAVE_GAI_STRERROR]) 1739 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1740#include <sys/types.h> 1741#include <sys/socket.h> 1742#include <netdb.h> 1743 1744const char *gai_strerror(int); 1745 ]], [[ 1746 char *str; 1747 str = gai_strerror(0); 1748 ]])], [ 1749 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1750 [Define if gai_strerror() returns const char *])], [])]) 1751 1752AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1753 [Some systems put nanosleep outside of libc])]) 1754 1755AC_SEARCH_LIBS([clock_gettime], [rt], 1756 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1757 1758dnl Make sure prototypes are defined for these before using them. 1759AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])]) 1760AC_CHECK_DECL([strsep], 1761 [AC_CHECK_FUNCS([strsep])], 1762 [], 1763 [ 1764#ifdef HAVE_STRING_H 1765# include <string.h> 1766#endif 1767 ]) 1768 1769dnl tcsendbreak might be a macro 1770AC_CHECK_DECL([tcsendbreak], 1771 [AC_DEFINE([HAVE_TCSENDBREAK])], 1772 [AC_CHECK_FUNCS([tcsendbreak])], 1773 [#include <termios.h>] 1774) 1775 1776AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 1777 1778AC_CHECK_DECLS([SHUT_RD], , , 1779 [ 1780#include <sys/types.h> 1781#include <sys/socket.h> 1782 ]) 1783 1784AC_CHECK_DECLS([O_NONBLOCK], , , 1785 [ 1786#include <sys/types.h> 1787#ifdef HAVE_SYS_STAT_H 1788# include <sys/stat.h> 1789#endif 1790#ifdef HAVE_FCNTL_H 1791# include <fcntl.h> 1792#endif 1793 ]) 1794 1795AC_CHECK_DECLS([writev], , , [ 1796#include <sys/types.h> 1797#include <sys/uio.h> 1798#include <unistd.h> 1799 ]) 1800 1801AC_CHECK_DECLS([MAXSYMLINKS], , , [ 1802#include <sys/param.h> 1803 ]) 1804 1805AC_CHECK_DECLS([offsetof], , , [ 1806#include <stddef.h> 1807 ]) 1808 1809# extra bits for select(2) 1810AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 1811#include <sys/param.h> 1812#include <sys/types.h> 1813#ifdef HAVE_SYS_SYSMACROS_H 1814#include <sys/sysmacros.h> 1815#endif 1816#ifdef HAVE_SYS_SELECT_H 1817#include <sys/select.h> 1818#endif 1819#ifdef HAVE_SYS_TIME_H 1820#include <sys/time.h> 1821#endif 1822#ifdef HAVE_UNISTD_H 1823#include <unistd.h> 1824#endif 1825 ]]) 1826AC_CHECK_TYPES([fd_mask], [], [], [[ 1827#include <sys/param.h> 1828#include <sys/types.h> 1829#ifdef HAVE_SYS_SELECT_H 1830#include <sys/select.h> 1831#endif 1832#ifdef HAVE_SYS_TIME_H 1833#include <sys/time.h> 1834#endif 1835#ifdef HAVE_UNISTD_H 1836#include <unistd.h> 1837#endif 1838 ]]) 1839 1840AC_CHECK_FUNCS([setresuid], [ 1841 dnl Some platorms have setresuid that isn't implemented, test for this 1842 AC_MSG_CHECKING([if setresuid seems to work]) 1843 AC_RUN_IFELSE( 1844 [AC_LANG_PROGRAM([[ 1845#include <stdlib.h> 1846#include <errno.h> 1847 ]], [[ 1848 errno=0; 1849 setresuid(0,0,0); 1850 if (errno==ENOSYS) 1851 exit(1); 1852 else 1853 exit(0); 1854 ]])], 1855 [AC_MSG_RESULT([yes])], 1856 [AC_DEFINE([BROKEN_SETRESUID], [1], 1857 [Define if your setresuid() is broken]) 1858 AC_MSG_RESULT([not implemented])], 1859 [AC_MSG_WARN([cross compiling: not checking setresuid])] 1860 ) 1861]) 1862 1863AC_CHECK_FUNCS([setresgid], [ 1864 dnl Some platorms have setresgid that isn't implemented, test for this 1865 AC_MSG_CHECKING([if setresgid seems to work]) 1866 AC_RUN_IFELSE( 1867 [AC_LANG_PROGRAM([[ 1868#include <stdlib.h> 1869#include <errno.h> 1870 ]], [[ 1871 errno=0; 1872 setresgid(0,0,0); 1873 if (errno==ENOSYS) 1874 exit(1); 1875 else 1876 exit(0); 1877 ]])], 1878 [AC_MSG_RESULT([yes])], 1879 [AC_DEFINE([BROKEN_SETRESGID], [1], 1880 [Define if your setresgid() is broken]) 1881 AC_MSG_RESULT([not implemented])], 1882 [AC_MSG_WARN([cross compiling: not checking setresuid])] 1883 ) 1884]) 1885 1886dnl Checks for time functions 1887AC_CHECK_FUNCS([gettimeofday time]) 1888dnl Checks for utmp functions 1889AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 1890AC_CHECK_FUNCS([utmpname]) 1891dnl Checks for utmpx functions 1892AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 1893AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 1894dnl Checks for lastlog functions 1895AC_CHECK_FUNCS([getlastlogxbyname]) 1896 1897AC_CHECK_FUNC([daemon], 1898 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 1899 [AC_CHECK_LIB([bsd], [daemon], 1900 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 1901) 1902 1903AC_CHECK_FUNC([getpagesize], 1904 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 1905 [Define if your libraries define getpagesize()])], 1906 [AC_CHECK_LIB([ucb], [getpagesize], 1907 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 1908) 1909 1910# Check for broken snprintf 1911if test "x$ac_cv_func_snprintf" = "xyes" ; then 1912 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 1913 AC_RUN_IFELSE( 1914 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 1915 [[ 1916 char b[5]; 1917 snprintf(b,5,"123456789"); 1918 exit(b[4]!='\0'); 1919 ]])], 1920 [AC_MSG_RESULT([yes])], 1921 [ 1922 AC_MSG_RESULT([no]) 1923 AC_DEFINE([BROKEN_SNPRINTF], [1], 1924 [Define if your snprintf is busted]) 1925 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 1926 ], 1927 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 1928 ) 1929fi 1930 1931# We depend on vsnprintf returning the right thing on overflow: the 1932# number of characters it tried to create (as per SUSv3) 1933if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 1934 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 1935 AC_RUN_IFELSE( 1936 [AC_LANG_PROGRAM([[ 1937#include <sys/types.h> 1938#include <stdio.h> 1939#include <stdarg.h> 1940 1941int x_snprintf(char *str, size_t count, const char *fmt, ...) 1942{ 1943 size_t ret; 1944 va_list ap; 1945 1946 va_start(ap, fmt); 1947 ret = vsnprintf(str, count, fmt, ap); 1948 va_end(ap); 1949 return ret; 1950} 1951 ]], [[ 1952char x[1]; 1953if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 1954 return 1; 1955if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 1956 return 1; 1957return 0; 1958 ]])], 1959 [AC_MSG_RESULT([yes])], 1960 [ 1961 AC_MSG_RESULT([no]) 1962 AC_DEFINE([BROKEN_SNPRINTF], [1], 1963 [Define if your snprintf is busted]) 1964 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 1965 ], 1966 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 1967 ) 1968fi 1969 1970# On systems where [v]snprintf is broken, but is declared in stdio, 1971# check that the fmt argument is const char * or just char *. 1972# This is only useful for when BROKEN_SNPRINTF 1973AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 1974AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1975#include <stdio.h> 1976int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 1977 ]], [[ 1978 snprintf(0, 0, 0); 1979 ]])], 1980 [AC_MSG_RESULT([yes]) 1981 AC_DEFINE([SNPRINTF_CONST], [const], 1982 [Define as const if snprintf() can declare const char *fmt])], 1983 [AC_MSG_RESULT([no]) 1984 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 1985 1986# Check for missing getpeereid (or equiv) support 1987NO_PEERCHECK="" 1988if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 1989 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 1990 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1991#include <sys/types.h> 1992#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 1993 [ AC_MSG_RESULT([yes]) 1994 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 1995 ], [AC_MSG_RESULT([no]) 1996 NO_PEERCHECK=1 1997 ]) 1998fi 1999 2000dnl see whether mkstemp() requires XXXXXX 2001if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 2002AC_MSG_CHECKING([for (overly) strict mkstemp]) 2003AC_RUN_IFELSE( 2004 [AC_LANG_PROGRAM([[ 2005#include <stdlib.h> 2006 ]], [[ 2007 char template[]="conftest.mkstemp-test"; 2008 if (mkstemp(template) == -1) 2009 exit(1); 2010 unlink(template); 2011 exit(0); 2012 ]])], 2013 [ 2014 AC_MSG_RESULT([no]) 2015 ], 2016 [ 2017 AC_MSG_RESULT([yes]) 2018 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) 2019 ], 2020 [ 2021 AC_MSG_RESULT([yes]) 2022 AC_DEFINE([HAVE_STRICT_MKSTEMP]) 2023 ] 2024) 2025fi 2026 2027dnl make sure that openpty does not reacquire controlling terminal 2028if test ! -z "$check_for_openpty_ctty_bug"; then 2029 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2030 AC_RUN_IFELSE( 2031 [AC_LANG_PROGRAM([[ 2032#include <stdio.h> 2033#include <sys/fcntl.h> 2034#include <sys/types.h> 2035#include <sys/wait.h> 2036 ]], [[ 2037 pid_t pid; 2038 int fd, ptyfd, ttyfd, status; 2039 2040 pid = fork(); 2041 if (pid < 0) { /* failed */ 2042 exit(1); 2043 } else if (pid > 0) { /* parent */ 2044 waitpid(pid, &status, 0); 2045 if (WIFEXITED(status)) 2046 exit(WEXITSTATUS(status)); 2047 else 2048 exit(2); 2049 } else { /* child */ 2050 close(0); close(1); close(2); 2051 setsid(); 2052 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2053 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2054 if (fd >= 0) 2055 exit(3); /* Acquired ctty: broken */ 2056 else 2057 exit(0); /* Did not acquire ctty: OK */ 2058 } 2059 ]])], 2060 [ 2061 AC_MSG_RESULT([yes]) 2062 ], 2063 [ 2064 AC_MSG_RESULT([no]) 2065 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2066 ], 2067 [ 2068 AC_MSG_RESULT([cross-compiling, assuming yes]) 2069 ] 2070 ) 2071fi 2072 2073if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2074 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2075 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2076 AC_RUN_IFELSE( 2077 [AC_LANG_PROGRAM([[ 2078#include <stdio.h> 2079#include <sys/socket.h> 2080#include <netdb.h> 2081#include <errno.h> 2082#include <netinet/in.h> 2083 2084#define TEST_PORT "2222" 2085 ]], [[ 2086 int err, sock; 2087 struct addrinfo *gai_ai, *ai, hints; 2088 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2089 2090 memset(&hints, 0, sizeof(hints)); 2091 hints.ai_family = PF_UNSPEC; 2092 hints.ai_socktype = SOCK_STREAM; 2093 hints.ai_flags = AI_PASSIVE; 2094 2095 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2096 if (err != 0) { 2097 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2098 exit(1); 2099 } 2100 2101 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2102 if (ai->ai_family != AF_INET6) 2103 continue; 2104 2105 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2106 sizeof(ntop), strport, sizeof(strport), 2107 NI_NUMERICHOST|NI_NUMERICSERV); 2108 2109 if (err != 0) { 2110 if (err == EAI_SYSTEM) 2111 perror("getnameinfo EAI_SYSTEM"); 2112 else 2113 fprintf(stderr, "getnameinfo failed: %s\n", 2114 gai_strerror(err)); 2115 exit(2); 2116 } 2117 2118 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2119 if (sock < 0) 2120 perror("socket"); 2121 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2122 if (errno == EBADF) 2123 exit(3); 2124 } 2125 } 2126 exit(0); 2127 ]])], 2128 [ 2129 AC_MSG_RESULT([yes]) 2130 ], 2131 [ 2132 AC_MSG_RESULT([no]) 2133 AC_DEFINE([BROKEN_GETADDRINFO]) 2134 ], 2135 [ 2136 AC_MSG_RESULT([cross-compiling, assuming yes]) 2137 ] 2138 ) 2139fi 2140 2141if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2142 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2143 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2144 AC_RUN_IFELSE( 2145 [AC_LANG_PROGRAM([[ 2146#include <stdio.h> 2147#include <sys/socket.h> 2148#include <netdb.h> 2149#include <errno.h> 2150#include <netinet/in.h> 2151 2152#define TEST_PORT "2222" 2153 ]], [[ 2154 int err, sock; 2155 struct addrinfo *gai_ai, *ai, hints; 2156 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2157 2158 memset(&hints, 0, sizeof(hints)); 2159 hints.ai_family = PF_UNSPEC; 2160 hints.ai_socktype = SOCK_STREAM; 2161 hints.ai_flags = AI_PASSIVE; 2162 2163 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2164 if (err != 0) { 2165 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2166 exit(1); 2167 } 2168 2169 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2170 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2171 continue; 2172 2173 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2174 sizeof(ntop), strport, sizeof(strport), 2175 NI_NUMERICHOST|NI_NUMERICSERV); 2176 2177 if (ai->ai_family == AF_INET && err != 0) { 2178 perror("getnameinfo"); 2179 exit(2); 2180 } 2181 } 2182 exit(0); 2183 ]])], 2184 [ 2185 AC_MSG_RESULT([yes]) 2186 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2187 [Define if you have a getaddrinfo that fails 2188 for the all-zeros IPv6 address]) 2189 ], 2190 [ 2191 AC_MSG_RESULT([no]) 2192 AC_DEFINE([BROKEN_GETADDRINFO]) 2193 ], 2194 [ 2195 AC_MSG_RESULT([cross-compiling, assuming no]) 2196 ] 2197 ) 2198fi 2199 2200if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2201 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2202 [#include <sys/types.h> 2203 #include <sys/socket.h> 2204 #include <netdb.h>]) 2205fi 2206 2207if test "x$check_for_conflicting_getspnam" = "x1"; then 2208 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2209 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]], 2210 [[ exit(0); ]])], 2211 [ 2212 AC_MSG_RESULT([no]) 2213 ], 2214 [ 2215 AC_MSG_RESULT([yes]) 2216 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2217 [Conflicting defs for getspnam]) 2218 ] 2219 ) 2220fi 2221 2222AC_FUNC_GETPGRP 2223 2224# Search for OpenSSL 2225saved_CPPFLAGS="$CPPFLAGS" 2226saved_LDFLAGS="$LDFLAGS" 2227AC_ARG_WITH([ssl-dir], 2228 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2229 [ 2230 if test "x$openssl" = "xno" ; then 2231 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2232 fi 2233 if test "x$withval" != "xno" ; then 2234 case "$withval" in 2235 # Relative paths 2236 ./*|../*) withval="`pwd`/$withval" 2237 esac 2238 if test -d "$withval/lib"; then 2239 if test -n "${need_dash_r}"; then 2240 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 2241 else 2242 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2243 fi 2244 elif test -d "$withval/lib64"; then 2245 if test -n "${need_dash_r}"; then 2246 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}" 2247 else 2248 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2249 fi 2250 else 2251 if test -n "${need_dash_r}"; then 2252 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 2253 else 2254 LDFLAGS="-L${withval} ${LDFLAGS}" 2255 fi 2256 fi 2257 if test -d "$withval/include"; then 2258 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2259 else 2260 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2261 fi 2262 fi 2263 ] 2264) 2265 2266AC_ARG_WITH([openssl-header-check], 2267 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2268 [ 2269 if test "x$withval" = "xno" ; then 2270 openssl_check_nonfatal=1 2271 fi 2272 ] 2273) 2274 2275openssl_engine=no 2276AC_ARG_WITH([ssl-engine], 2277 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2278 [ 2279 if test "x$openssl" = "xno" ; then 2280 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2281 fi 2282 if test "x$withval" != "xno" ; then 2283 openssl_engine=yes 2284 fi 2285 ] 2286) 2287 2288if test "x$openssl" = "xyes" ; then 2289 LIBS="-lcrypto $LIBS" 2290 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1], 2291 [Define if your ssl headers are included 2292 with #include <openssl/header.h>])], 2293 [ 2294 dnl Check default openssl install dir 2295 if test -n "${need_dash_r}"; then 2296 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" 2297 else 2298 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" 2299 fi 2300 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" 2301 AC_CHECK_HEADER([openssl/opensslv.h], , 2302 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2303 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])], 2304 [ 2305 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***]) 2306 ] 2307 ) 2308 ] 2309 ) 2310 2311 # Determine OpenSSL header version 2312 AC_MSG_CHECKING([OpenSSL header version]) 2313 AC_RUN_IFELSE( 2314 [AC_LANG_PROGRAM([[ 2315 #include <stdio.h> 2316 #include <string.h> 2317 #include <openssl/opensslv.h> 2318 #define DATA "conftest.sslincver" 2319 ]], [[ 2320 FILE *fd; 2321 int rc; 2322 2323 fd = fopen(DATA,"w"); 2324 if(fd == NULL) 2325 exit(1); 2326 2327 if ((rc = fprintf(fd ,"%08x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) 2328 exit(1); 2329 2330 exit(0); 2331 ]])], 2332 [ 2333 ssl_header_ver=`cat conftest.sslincver` 2334 AC_MSG_RESULT([$ssl_header_ver]) 2335 ], 2336 [ 2337 AC_MSG_RESULT([not found]) 2338 AC_MSG_ERROR([OpenSSL version header not found.]) 2339 ], 2340 [ 2341 AC_MSG_WARN([cross compiling: not checking]) 2342 ] 2343 ) 2344 2345 # Determine OpenSSL library version 2346 AC_MSG_CHECKING([OpenSSL library version]) 2347 AC_RUN_IFELSE( 2348 [AC_LANG_PROGRAM([[ 2349 #include <stdio.h> 2350 #include <string.h> 2351 #include <openssl/opensslv.h> 2352 #include <openssl/crypto.h> 2353 #define DATA "conftest.ssllibver" 2354 ]], [[ 2355 FILE *fd; 2356 int rc; 2357 2358 fd = fopen(DATA,"w"); 2359 if(fd == NULL) 2360 exit(1); 2361 2362 if ((rc = fprintf(fd ,"%08x (%s)\n", SSLeay(), 2363 SSLeay_version(SSLEAY_VERSION))) <0) 2364 exit(1); 2365 2366 exit(0); 2367 ]])], 2368 [ 2369 ssl_library_ver=`cat conftest.ssllibver` 2370 # Check version is supported. 2371 case "$ssl_library_ver" in 2372 0090[[0-7]]*|009080[[0-5]]*) 2373 AC_MSG_ERROR([OpenSSL >= 0.9.8f required (have "$ssl_library_ver")]) 2374 ;; 2375 *) ;; 2376 esac 2377 AC_MSG_RESULT([$ssl_library_ver]) 2378 ], 2379 [ 2380 AC_MSG_RESULT([not found]) 2381 AC_MSG_ERROR([OpenSSL library not found.]) 2382 ], 2383 [ 2384 AC_MSG_WARN([cross compiling: not checking]) 2385 ] 2386 ) 2387 2388 # Sanity check OpenSSL headers 2389 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2390 AC_RUN_IFELSE( 2391 [AC_LANG_PROGRAM([[ 2392 #include <string.h> 2393 #include <openssl/opensslv.h> 2394 ]], [[ 2395 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2396 ]])], 2397 [ 2398 AC_MSG_RESULT([yes]) 2399 ], 2400 [ 2401 AC_MSG_RESULT([no]) 2402 if test "x$openssl_check_nonfatal" = "x"; then 2403 AC_MSG_ERROR([Your OpenSSL headers do not match your 2404 library. Check config.log for details. 2405 If you are sure your installation is consistent, you can disable the check 2406 by running "./configure --without-openssl-header-check". 2407 Also see contrib/findssl.sh for help identifying header/library mismatches. 2408 ]) 2409 else 2410 AC_MSG_WARN([Your OpenSSL headers do not match your 2411 library. Check config.log for details. 2412 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2413 fi 2414 ], 2415 [ 2416 AC_MSG_WARN([cross compiling: not checking]) 2417 ] 2418 ) 2419 2420 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2421 AC_LINK_IFELSE( 2422 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2423 [[ SSLeay_add_all_algorithms(); ]])], 2424 [ 2425 AC_MSG_RESULT([yes]) 2426 ], 2427 [ 2428 AC_MSG_RESULT([no]) 2429 saved_LIBS="$LIBS" 2430 LIBS="$LIBS -ldl" 2431 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2432 AC_LINK_IFELSE( 2433 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2434 [[ SSLeay_add_all_algorithms(); ]])], 2435 [ 2436 AC_MSG_RESULT([yes]) 2437 ], 2438 [ 2439 AC_MSG_RESULT([no]) 2440 LIBS="$saved_LIBS" 2441 ] 2442 ) 2443 ] 2444 ) 2445 2446 AC_CHECK_FUNCS([ \ 2447 BN_is_prime_ex \ 2448 DSA_generate_parameters_ex \ 2449 EVP_DigestInit_ex \ 2450 EVP_DigestFinal_ex \ 2451 EVP_MD_CTX_init \ 2452 EVP_MD_CTX_cleanup \ 2453 EVP_MD_CTX_copy_ex \ 2454 HMAC_CTX_init \ 2455 RSA_generate_key_ex \ 2456 RSA_get_default_method \ 2457 ]) 2458 2459 if test "x$openssl_engine" = "xyes" ; then 2460 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2461 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2462 #include <openssl/engine.h> 2463 ]], [[ 2464 ENGINE_load_builtin_engines(); 2465 ENGINE_register_all_complete(); 2466 ]])], 2467 [ AC_MSG_RESULT([yes]) 2468 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2469 [Enable OpenSSL engine support]) 2470 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2471 ]) 2472 fi 2473 2474 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2475 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2476 AC_LINK_IFELSE( 2477 [AC_LANG_PROGRAM([[ 2478 #include <string.h> 2479 #include <openssl/evp.h> 2480 ]], [[ 2481 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2482 ]])], 2483 [ 2484 AC_MSG_RESULT([no]) 2485 ], 2486 [ 2487 AC_MSG_RESULT([yes]) 2488 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2489 [libcrypto is missing AES 192 and 256 bit functions]) 2490 ] 2491 ) 2492 2493 # Check for OpenSSL with EVP_aes_*ctr 2494 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2495 AC_LINK_IFELSE( 2496 [AC_LANG_PROGRAM([[ 2497 #include <string.h> 2498 #include <openssl/evp.h> 2499 ]], [[ 2500 exit(EVP_aes_128_ctr() == NULL || 2501 EVP_aes_192_cbc() == NULL || 2502 EVP_aes_256_cbc() == NULL); 2503 ]])], 2504 [ 2505 AC_MSG_RESULT([yes]) 2506 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2507 [libcrypto has EVP AES CTR]) 2508 ], 2509 [ 2510 AC_MSG_RESULT([no]) 2511 ] 2512 ) 2513 2514 # Check for OpenSSL with EVP_aes_*gcm 2515 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2516 AC_LINK_IFELSE( 2517 [AC_LANG_PROGRAM([[ 2518 #include <string.h> 2519 #include <openssl/evp.h> 2520 ]], [[ 2521 exit(EVP_aes_128_gcm() == NULL || 2522 EVP_aes_256_gcm() == NULL || 2523 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2524 EVP_CTRL_GCM_IV_GEN == 0 || 2525 EVP_CTRL_GCM_SET_TAG == 0 || 2526 EVP_CTRL_GCM_GET_TAG == 0 || 2527 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2528 ]])], 2529 [ 2530 AC_MSG_RESULT([yes]) 2531 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2532 [libcrypto has EVP AES GCM]) 2533 ], 2534 [ 2535 AC_MSG_RESULT([no]) 2536 unsupported_algorithms="$unsupported_cipers \ 2537 aes128-gcm@openssh.com aes256-gcm@openssh.com" 2538 ] 2539 ) 2540 2541 AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto], 2542 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1], 2543 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])]) 2544 2545 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2546 AC_LINK_IFELSE( 2547 [AC_LANG_PROGRAM([[ 2548 #include <string.h> 2549 #include <openssl/evp.h> 2550 ]], [[ 2551 if(EVP_DigestUpdate(NULL, NULL,0)) 2552 exit(0); 2553 ]])], 2554 [ 2555 AC_MSG_RESULT([yes]) 2556 ], 2557 [ 2558 AC_MSG_RESULT([no]) 2559 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2560 [Define if EVP_DigestUpdate returns void]) 2561 ] 2562 ) 2563 2564 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2565 # because the system crypt() is more featureful. 2566 if test "x$check_for_libcrypt_before" = "x1"; then 2567 AC_CHECK_LIB([crypt], [crypt]) 2568 fi 2569 2570 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2571 # version in OpenSSL. 2572 if test "x$check_for_libcrypt_later" = "x1"; then 2573 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2574 fi 2575 AC_CHECK_FUNCS([crypt DES_crypt]) 2576 2577 # Search for SHA256 support in libc and/or OpenSSL 2578 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], , 2579 [unsupported_algorithms="$unsupported_algorithms \ 2580 hmac-sha2-256 hmac-sha2-512 \ 2581 diffie-hellman-group-exchange-sha256 \ 2582 hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" 2583 ] 2584 ) 2585 # Search for RIPE-MD support in OpenSSL 2586 AC_CHECK_FUNCS([EVP_ripemd160], , 2587 [unsupported_algorithms="$unsupported_algorithms \ 2588 hmac-ripemd160 2589 hmac-ripemd160@openssh.com 2590 hmac-ripemd160-etm@openssh.com" 2591 ] 2592 ) 2593 2594 # Check complete ECC support in OpenSSL 2595 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 2596 AC_LINK_IFELSE( 2597 [AC_LANG_PROGRAM([[ 2598 #include <openssl/ec.h> 2599 #include <openssl/ecdh.h> 2600 #include <openssl/ecdsa.h> 2601 #include <openssl/evp.h> 2602 #include <openssl/objects.h> 2603 #include <openssl/opensslv.h> 2604 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2605 # error "OpenSSL < 0.9.8g has unreliable ECC code" 2606 #endif 2607 ]], [[ 2608 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 2609 const EVP_MD *m = EVP_sha256(); /* We need this too */ 2610 ]])], 2611 [ AC_MSG_RESULT([yes]) 2612 enable_nistp256=1 ], 2613 [ AC_MSG_RESULT([no]) ] 2614 ) 2615 2616 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 2617 AC_LINK_IFELSE( 2618 [AC_LANG_PROGRAM([[ 2619 #include <openssl/ec.h> 2620 #include <openssl/ecdh.h> 2621 #include <openssl/ecdsa.h> 2622 #include <openssl/evp.h> 2623 #include <openssl/objects.h> 2624 #include <openssl/opensslv.h> 2625 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2626 # error "OpenSSL < 0.9.8g has unreliable ECC code" 2627 #endif 2628 ]], [[ 2629 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 2630 const EVP_MD *m = EVP_sha384(); /* We need this too */ 2631 ]])], 2632 [ AC_MSG_RESULT([yes]) 2633 enable_nistp384=1 ], 2634 [ AC_MSG_RESULT([no]) ] 2635 ) 2636 2637 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 2638 AC_LINK_IFELSE( 2639 [AC_LANG_PROGRAM([[ 2640 #include <openssl/ec.h> 2641 #include <openssl/ecdh.h> 2642 #include <openssl/ecdsa.h> 2643 #include <openssl/evp.h> 2644 #include <openssl/objects.h> 2645 #include <openssl/opensslv.h> 2646 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2647 # error "OpenSSL < 0.9.8g has unreliable ECC code" 2648 #endif 2649 ]], [[ 2650 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 2651 const EVP_MD *m = EVP_sha512(); /* We need this too */ 2652 ]])], 2653 [ AC_MSG_RESULT([yes]) 2654 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 2655 AC_RUN_IFELSE( 2656 [AC_LANG_PROGRAM([[ 2657 #include <openssl/ec.h> 2658 #include <openssl/ecdh.h> 2659 #include <openssl/ecdsa.h> 2660 #include <openssl/evp.h> 2661 #include <openssl/objects.h> 2662 #include <openssl/opensslv.h> 2663 ]],[[ 2664 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 2665 const EVP_MD *m = EVP_sha512(); /* We need this too */ 2666 exit(e == NULL || m == NULL); 2667 ]])], 2668 [ AC_MSG_RESULT([yes]) 2669 enable_nistp521=1 ], 2670 [ AC_MSG_RESULT([no]) ], 2671 [ AC_MSG_WARN([cross-compiling: assuming yes]) 2672 enable_nistp521=1 ] 2673 )], 2674 AC_MSG_RESULT([no]) 2675 ) 2676 2677 COMMENT_OUT_ECC="#no ecc#" 2678 TEST_SSH_ECC=no 2679 2680 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 2681 test x$enable_nistp521 = x1; then 2682 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 2683 fi 2684 if test x$enable_nistp256 = x1; then 2685 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 2686 [libcrypto has NID_X9_62_prime256v1]) 2687 TEST_SSH_ECC=yes 2688 COMMENT_OUT_ECC="" 2689 else 2690 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp256 \ 2691 ecdh-sha2-nistp256 ecdsa-sha2-nistp256-cert-v01@openssh.com" 2692 fi 2693 if test x$enable_nistp384 = x1; then 2694 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 2695 TEST_SSH_ECC=yes 2696 COMMENT_OUT_ECC="" 2697 else 2698 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp384 \ 2699 ecdh-sha2-nistp384 ecdsa-sha2-nistp384-cert-v01@openssh.com" 2700 fi 2701 if test x$enable_nistp521 = x1; then 2702 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 2703 TEST_SSH_ECC=yes 2704 COMMENT_OUT_ECC="" 2705 else 2706 unsupported_algorithms="$unsupported_algorithms ecdh-sha2-nistp521 \ 2707 ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01@openssh.com" 2708 fi 2709 2710 AC_SUBST([TEST_SSH_ECC]) 2711 AC_SUBST([COMMENT_OUT_ECC]) 2712else 2713 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2714 AC_CHECK_FUNCS([crypt]) 2715fi 2716 2717AC_CHECK_FUNCS([ \ 2718 arc4random \ 2719 arc4random_buf \ 2720 arc4random_stir \ 2721 arc4random_uniform \ 2722]) 2723 2724saved_LIBS="$LIBS" 2725AC_CHECK_LIB([iaf], [ia_openinfo], [ 2726 LIBS="$LIBS -liaf" 2727 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 2728 AC_DEFINE([HAVE_LIBIAF], [1], 2729 [Define if system has libiaf that supports set_id]) 2730 ]) 2731]) 2732LIBS="$saved_LIBS" 2733 2734### Configure cryptographic random number support 2735 2736# Check wheter OpenSSL seeds itself 2737if test "x$openssl" = "xyes" ; then 2738 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 2739 AC_RUN_IFELSE( 2740 [AC_LANG_PROGRAM([[ 2741 #include <string.h> 2742 #include <openssl/rand.h> 2743 ]], [[ 2744 exit(RAND_status() == 1 ? 0 : 1); 2745 ]])], 2746 [ 2747 OPENSSL_SEEDS_ITSELF=yes 2748 AC_MSG_RESULT([yes]) 2749 ], 2750 [ 2751 AC_MSG_RESULT([no]) 2752 ], 2753 [ 2754 AC_MSG_WARN([cross compiling: assuming yes]) 2755 # This is safe, since we will fatal() at runtime if 2756 # OpenSSL is not seeded correctly. 2757 OPENSSL_SEEDS_ITSELF=yes 2758 ] 2759 ) 2760fi 2761 2762# PRNGD TCP socket 2763AC_ARG_WITH([prngd-port], 2764 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 2765 [ 2766 case "$withval" in 2767 no) 2768 withval="" 2769 ;; 2770 [[0-9]]*) 2771 ;; 2772 *) 2773 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 2774 ;; 2775 esac 2776 if test ! -z "$withval" ; then 2777 PRNGD_PORT="$withval" 2778 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 2779 [Port number of PRNGD/EGD random number socket]) 2780 fi 2781 ] 2782) 2783 2784# PRNGD Unix domain socket 2785AC_ARG_WITH([prngd-socket], 2786 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 2787 [ 2788 case "$withval" in 2789 yes) 2790 withval="/var/run/egd-pool" 2791 ;; 2792 no) 2793 withval="" 2794 ;; 2795 /*) 2796 ;; 2797 *) 2798 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 2799 ;; 2800 esac 2801 2802 if test ! -z "$withval" ; then 2803 if test ! -z "$PRNGD_PORT" ; then 2804 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 2805 fi 2806 if test ! -r "$withval" ; then 2807 AC_MSG_WARN([Entropy socket is not readable]) 2808 fi 2809 PRNGD_SOCKET="$withval" 2810 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 2811 [Location of PRNGD/EGD random number socket]) 2812 fi 2813 ], 2814 [ 2815 # Check for existing socket only if we don't have a random device already 2816 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 2817 AC_MSG_CHECKING([for PRNGD/EGD socket]) 2818 # Insert other locations here 2819 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 2820 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 2821 PRNGD_SOCKET="$sock" 2822 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 2823 break; 2824 fi 2825 done 2826 if test ! -z "$PRNGD_SOCKET" ; then 2827 AC_MSG_RESULT([$PRNGD_SOCKET]) 2828 else 2829 AC_MSG_RESULT([not found]) 2830 fi 2831 fi 2832 ] 2833) 2834 2835# Which randomness source do we use? 2836if test ! -z "$PRNGD_PORT" ; then 2837 RAND_MSG="PRNGd port $PRNGD_PORT" 2838elif test ! -z "$PRNGD_SOCKET" ; then 2839 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 2840elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 2841 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 2842 [Define if you want the OpenSSL internally seeded PRNG only]) 2843 RAND_MSG="OpenSSL internal ONLY" 2844elif test "x$openssl" = "xno" ; then 2845 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 2846else 2847 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 2848fi 2849 2850# Check for PAM libs 2851PAM_MSG="no" 2852AC_ARG_WITH([pam], 2853 [ --with-pam Enable PAM support ], 2854 [ 2855 if test "x$withval" != "xno" ; then 2856 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 2857 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 2858 AC_MSG_ERROR([PAM headers not found]) 2859 fi 2860 2861 saved_LIBS="$LIBS" 2862 AC_CHECK_LIB([dl], [dlopen], , ) 2863 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 2864 AC_CHECK_FUNCS([pam_getenvlist]) 2865 AC_CHECK_FUNCS([pam_putenv]) 2866 LIBS="$saved_LIBS" 2867 2868 PAM_MSG="yes" 2869 2870 SSHDLIBS="$SSHDLIBS -lpam" 2871 AC_DEFINE([USE_PAM], [1], 2872 [Define if you want to enable PAM support]) 2873 2874 if test $ac_cv_lib_dl_dlopen = yes; then 2875 case "$LIBS" in 2876 *-ldl*) 2877 # libdl already in LIBS 2878 ;; 2879 *) 2880 SSHDLIBS="$SSHDLIBS -ldl" 2881 ;; 2882 esac 2883 fi 2884 fi 2885 ] 2886) 2887 2888# Check for older PAM 2889if test "x$PAM_MSG" = "xyes" ; then 2890 # Check PAM strerror arguments (old PAM) 2891 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 2892 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2893#include <stdlib.h> 2894#if defined(HAVE_SECURITY_PAM_APPL_H) 2895#include <security/pam_appl.h> 2896#elif defined (HAVE_PAM_PAM_APPL_H) 2897#include <pam/pam_appl.h> 2898#endif 2899 ]], [[ 2900(void)pam_strerror((pam_handle_t *)NULL, -1); 2901 ]])], [AC_MSG_RESULT([no])], [ 2902 AC_DEFINE([HAVE_OLD_PAM], [1], 2903 [Define if you have an old version of PAM 2904 which takes only one argument to pam_strerror]) 2905 AC_MSG_RESULT([yes]) 2906 PAM_MSG="yes (old library)" 2907 2908 ]) 2909fi 2910 2911case "$host" in 2912*-*-cygwin*) 2913 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 2914 ;; 2915*) 2916 SSH_PRIVSEP_USER=sshd 2917 ;; 2918esac 2919AC_ARG_WITH([privsep-user], 2920 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 2921 [ 2922 if test -n "$withval" && test "x$withval" != "xno" && \ 2923 test "x${withval}" != "xyes"; then 2924 SSH_PRIVSEP_USER=$withval 2925 fi 2926 ] 2927) 2928if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 2929 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 2930 [Cygwin function to fetch non-privileged user for privilege separation]) 2931else 2932 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 2933 [non-privileged user for privilege separation]) 2934fi 2935AC_SUBST([SSH_PRIVSEP_USER]) 2936 2937if test "x$have_linux_no_new_privs" = "x1" ; then 2938AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 2939 #include <sys/types.h> 2940 #include <linux/seccomp.h> 2941]) 2942fi 2943if test "x$have_seccomp_filter" = "x1" ; then 2944AC_MSG_CHECKING([kernel for seccomp_filter support]) 2945AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 2946 #include <errno.h> 2947 #include <elf.h> 2948 #include <linux/audit.h> 2949 #include <linux/seccomp.h> 2950 #include <stdlib.h> 2951 #include <sys/prctl.h> 2952 ]], 2953 [[ int i = $seccomp_audit_arch; 2954 errno = 0; 2955 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 2956 exit(errno == EFAULT ? 0 : 1); ]])], 2957 [ AC_MSG_RESULT([yes]) ], [ 2958 AC_MSG_RESULT([no]) 2959 # Disable seccomp filter as a target 2960 have_seccomp_filter=0 2961 ] 2962) 2963fi 2964 2965# Decide which sandbox style to use 2966sandbox_arg="" 2967AC_ARG_WITH([sandbox], 2968 [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter, capsicum)], 2969 [ 2970 if test "x$withval" = "xyes" ; then 2971 sandbox_arg="" 2972 else 2973 sandbox_arg="$withval" 2974 fi 2975 ] 2976) 2977 2978# Some platforms (seems to be the ones that have a kernel poll(2)-type 2979# function with which they implement select(2)) use an extra file descriptor 2980# when calling select(2), which means we can't use the rlimit sandbox. 2981AC_MSG_CHECKING([if select works with descriptor rlimit]) 2982AC_RUN_IFELSE( 2983 [AC_LANG_PROGRAM([[ 2984#include <sys/types.h> 2985#ifdef HAVE_SYS_TIME_H 2986# include <sys/time.h> 2987#endif 2988#include <sys/resource.h> 2989#ifdef HAVE_SYS_SELECT_H 2990# include <sys/select.h> 2991#endif 2992#include <errno.h> 2993#include <fcntl.h> 2994#include <stdlib.h> 2995 ]],[[ 2996 struct rlimit rl_zero; 2997 int fd, r; 2998 fd_set fds; 2999 struct timeval tv; 3000 3001 fd = open("/dev/null", O_RDONLY); 3002 FD_ZERO(&fds); 3003 FD_SET(fd, &fds); 3004 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3005 setrlimit(RLIMIT_FSIZE, &rl_zero); 3006 setrlimit(RLIMIT_NOFILE, &rl_zero); 3007 tv.tv_sec = 1; 3008 tv.tv_usec = 0; 3009 r = select(fd+1, &fds, NULL, NULL, &tv); 3010 exit (r == -1 ? 1 : 0); 3011 ]])], 3012 [AC_MSG_RESULT([yes]) 3013 select_works_with_rlimit=yes], 3014 [AC_MSG_RESULT([no]) 3015 select_works_with_rlimit=no], 3016 [AC_MSG_WARN([cross compiling: assuming yes])] 3017) 3018 3019AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3020AC_RUN_IFELSE( 3021 [AC_LANG_PROGRAM([[ 3022#include <sys/types.h> 3023#ifdef HAVE_SYS_TIME_H 3024# include <sys/time.h> 3025#endif 3026#include <sys/resource.h> 3027#include <errno.h> 3028#include <stdlib.h> 3029 ]],[[ 3030 struct rlimit rl_zero; 3031 int fd, r; 3032 fd_set fds; 3033 3034 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3035 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3036 exit (r == -1 ? 1 : 0); 3037 ]])], 3038 [AC_MSG_RESULT([yes]) 3039 rlimit_nofile_zero_works=yes], 3040 [AC_MSG_RESULT([no]) 3041 rlimit_nofile_zero_works=no], 3042 [AC_MSG_WARN([cross compiling: assuming yes])] 3043) 3044 3045AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3046AC_RUN_IFELSE( 3047 [AC_LANG_PROGRAM([[ 3048#include <sys/types.h> 3049#include <sys/resource.h> 3050#include <stdlib.h> 3051 ]],[[ 3052 struct rlimit rl_zero; 3053 3054 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3055 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3056 ]])], 3057 [AC_MSG_RESULT([yes])], 3058 [AC_MSG_RESULT([no]) 3059 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3060 [setrlimit RLIMIT_FSIZE works])], 3061 [AC_MSG_WARN([cross compiling: assuming yes])] 3062) 3063 3064if test "x$sandbox_arg" = "xsystrace" || \ 3065 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3066 test "x$have_systr_policy_kill" != "x1" && \ 3067 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3068 SANDBOX_STYLE="systrace" 3069 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3070elif test "x$sandbox_arg" = "xdarwin" || \ 3071 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3072 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3073 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3074 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3075 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3076 SANDBOX_STYLE="darwin" 3077 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3078elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3079 ( test -z "$sandbox_arg" && \ 3080 test "x$have_seccomp_filter" = "x1" && \ 3081 test "x$ac_cv_header_elf_h" = "xyes" && \ 3082 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3083 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3084 test "x$seccomp_audit_arch" != "x" && \ 3085 test "x$have_linux_no_new_privs" = "x1" && \ 3086 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3087 test "x$seccomp_audit_arch" = "x" && \ 3088 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3089 test "x$have_linux_no_new_privs" != "x1" && \ 3090 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3091 test "x$have_seccomp_filter" != "x1" && \ 3092 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3093 test "x$ac_cv_func_prctl" != "xyes" && \ 3094 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3095 SANDBOX_STYLE="seccomp_filter" 3096 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3097elif test "x$sandbox_arg" = "xcapsicum" || \ 3098 ( test -z "$sandbox_arg" && \ 3099 test "x$ac_cv_header_sys_capability_h" = "xyes" && \ 3100 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3101 test "x$ac_cv_header_sys_capability_h" != "xyes" && \ 3102 AC_MSG_ERROR([capsicum sandbox requires sys/capability.h header]) 3103 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3104 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3105 SANDBOX_STYLE="capsicum" 3106 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3107elif test "x$sandbox_arg" = "xrlimit" || \ 3108 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3109 test "x$select_works_with_rlimit" = "xyes" && \ 3110 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3111 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3112 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3113 test "x$select_works_with_rlimit" != "xyes" && \ 3114 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3115 SANDBOX_STYLE="rlimit" 3116 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3117elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3118 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3119 SANDBOX_STYLE="none" 3120 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3121else 3122 AC_MSG_ERROR([unsupported --with-sandbox]) 3123fi 3124 3125# Cheap hack to ensure NEWS-OS libraries are arranged right. 3126if test ! -z "$SONY" ; then 3127 LIBS="$LIBS -liberty"; 3128fi 3129 3130# Check for long long datatypes 3131AC_CHECK_TYPES([long long, unsigned long long, long double]) 3132 3133# Check datatype sizes 3134AC_CHECK_SIZEOF([short int], [2]) 3135AC_CHECK_SIZEOF([int], [4]) 3136AC_CHECK_SIZEOF([long int], [4]) 3137AC_CHECK_SIZEOF([long long int], [8]) 3138 3139# Sanity check long long for some platforms (AIX) 3140if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3141 ac_cv_sizeof_long_long_int=0 3142fi 3143 3144# compute LLONG_MIN and LLONG_MAX if we don't know them. 3145if test -z "$have_llong_max"; then 3146 AC_MSG_CHECKING([for max value of long long]) 3147 AC_RUN_IFELSE( 3148 [AC_LANG_PROGRAM([[ 3149#include <stdio.h> 3150/* Why is this so damn hard? */ 3151#ifdef __GNUC__ 3152# undef __GNUC__ 3153#endif 3154#define __USE_ISOC99 3155#include <limits.h> 3156#define DATA "conftest.llminmax" 3157#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3158 3159/* 3160 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3161 * we do this the hard way. 3162 */ 3163static int 3164fprint_ll(FILE *f, long long n) 3165{ 3166 unsigned int i; 3167 int l[sizeof(long long) * 8]; 3168 3169 if (n < 0) 3170 if (fprintf(f, "-") < 0) 3171 return -1; 3172 for (i = 0; n != 0; i++) { 3173 l[i] = my_abs(n % 10); 3174 n /= 10; 3175 } 3176 do { 3177 if (fprintf(f, "%d", l[--i]) < 0) 3178 return -1; 3179 } while (i != 0); 3180 if (fprintf(f, " ") < 0) 3181 return -1; 3182 return 0; 3183} 3184 ]], [[ 3185 FILE *f; 3186 long long i, llmin, llmax = 0; 3187 3188 if((f = fopen(DATA,"w")) == NULL) 3189 exit(1); 3190 3191#if defined(LLONG_MIN) && defined(LLONG_MAX) 3192 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3193 llmin = LLONG_MIN; 3194 llmax = LLONG_MAX; 3195#else 3196 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3197 /* This will work on one's complement and two's complement */ 3198 for (i = 1; i > llmax; i <<= 1, i++) 3199 llmax = i; 3200 llmin = llmax + 1LL; /* wrap */ 3201#endif 3202 3203 /* Sanity check */ 3204 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3205 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3206 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3207 fprintf(f, "unknown unknown\n"); 3208 exit(2); 3209 } 3210 3211 if (fprint_ll(f, llmin) < 0) 3212 exit(3); 3213 if (fprint_ll(f, llmax) < 0) 3214 exit(4); 3215 if (fclose(f) < 0) 3216 exit(5); 3217 exit(0); 3218 ]])], 3219 [ 3220 llong_min=`$AWK '{print $1}' conftest.llminmax` 3221 llong_max=`$AWK '{print $2}' conftest.llminmax` 3222 3223 AC_MSG_RESULT([$llong_max]) 3224 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3225 [max value of long long calculated by configure]) 3226 AC_MSG_CHECKING([for min value of long long]) 3227 AC_MSG_RESULT([$llong_min]) 3228 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3229 [min value of long long calculated by configure]) 3230 ], 3231 [ 3232 AC_MSG_RESULT([not found]) 3233 ], 3234 [ 3235 AC_MSG_WARN([cross compiling: not checking]) 3236 ] 3237 ) 3238fi 3239 3240 3241# More checks for data types 3242AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3243 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3244 [[ u_int a; a = 1;]])], 3245 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3246 ]) 3247]) 3248if test "x$ac_cv_have_u_int" = "xyes" ; then 3249 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3250 have_u_int=1 3251fi 3252 3253AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3254 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3255 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3256 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3257 ]) 3258]) 3259if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3260 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3261 have_intxx_t=1 3262fi 3263 3264if (test -z "$have_intxx_t" && \ 3265 test "x$ac_cv_header_stdint_h" = "xyes") 3266then 3267 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3268 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3269 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3270 [ 3271 AC_DEFINE([HAVE_INTXX_T]) 3272 AC_MSG_RESULT([yes]) 3273 ], [ AC_MSG_RESULT([no]) 3274 ]) 3275fi 3276 3277AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3278 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3279#include <sys/types.h> 3280#ifdef HAVE_STDINT_H 3281# include <stdint.h> 3282#endif 3283#include <sys/socket.h> 3284#ifdef HAVE_SYS_BITYPES_H 3285# include <sys/bitypes.h> 3286#endif 3287 ]], [[ 3288int64_t a; a = 1; 3289 ]])], 3290 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3291 ]) 3292]) 3293if test "x$ac_cv_have_int64_t" = "xyes" ; then 3294 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3295fi 3296 3297AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3298 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3299 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3300 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3301 ]) 3302]) 3303if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3304 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3305 have_u_intxx_t=1 3306fi 3307 3308if test -z "$have_u_intxx_t" ; then 3309 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3310 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3311 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3312 [ 3313 AC_DEFINE([HAVE_U_INTXX_T]) 3314 AC_MSG_RESULT([yes]) 3315 ], [ AC_MSG_RESULT([no]) 3316 ]) 3317fi 3318 3319AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3320 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3321 [[ u_int64_t a; a = 1;]])], 3322 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3323 ]) 3324]) 3325if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3326 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3327 have_u_int64_t=1 3328fi 3329 3330if (test -z "$have_u_int64_t" && \ 3331 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3332then 3333 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3334 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3335 [[ u_int64_t a; a = 1]])], 3336 [ 3337 AC_DEFINE([HAVE_U_INT64_T]) 3338 AC_MSG_RESULT([yes]) 3339 ], [ AC_MSG_RESULT([no]) 3340 ]) 3341fi 3342 3343if test -z "$have_u_intxx_t" ; then 3344 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3345 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3346#include <sys/types.h> 3347 ]], [[ 3348 uint8_t a; 3349 uint16_t b; 3350 uint32_t c; 3351 a = b = c = 1; 3352 ]])], 3353 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3354 ]) 3355 ]) 3356 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3357 AC_DEFINE([HAVE_UINTXX_T], [1], 3358 [define if you have uintxx_t data type]) 3359 fi 3360fi 3361 3362if (test -z "$have_uintxx_t" && \ 3363 test "x$ac_cv_header_stdint_h" = "xyes") 3364then 3365 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3366 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3367 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3368 [ 3369 AC_DEFINE([HAVE_UINTXX_T]) 3370 AC_MSG_RESULT([yes]) 3371 ], [ AC_MSG_RESULT([no]) 3372 ]) 3373fi 3374 3375if (test -z "$have_uintxx_t" && \ 3376 test "x$ac_cv_header_inttypes_h" = "xyes") 3377then 3378 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3379 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3380 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3381 [ 3382 AC_DEFINE([HAVE_UINTXX_T]) 3383 AC_MSG_RESULT([yes]) 3384 ], [ AC_MSG_RESULT([no]) 3385 ]) 3386fi 3387 3388if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3389 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3390then 3391 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3392 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3393#include <sys/bitypes.h> 3394 ]], [[ 3395 int8_t a; int16_t b; int32_t c; 3396 u_int8_t e; u_int16_t f; u_int32_t g; 3397 a = b = c = e = f = g = 1; 3398 ]])], 3399 [ 3400 AC_DEFINE([HAVE_U_INTXX_T]) 3401 AC_DEFINE([HAVE_INTXX_T]) 3402 AC_MSG_RESULT([yes]) 3403 ], [AC_MSG_RESULT([no]) 3404 ]) 3405fi 3406 3407 3408AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3409 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3410 [[ u_char foo; foo = 125; ]])], 3411 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3412 ]) 3413]) 3414if test "x$ac_cv_have_u_char" = "xyes" ; then 3415 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3416fi 3417 3418AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3419#include <sys/types.h> 3420#include <stdint.h> 3421]) 3422 3423TYPE_SOCKLEN_T 3424 3425AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3426AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3427#include <sys/types.h> 3428#ifdef HAVE_SYS_BITYPES_H 3429#include <sys/bitypes.h> 3430#endif 3431#ifdef HAVE_SYS_STATFS_H 3432#include <sys/statfs.h> 3433#endif 3434#ifdef HAVE_SYS_STATVFS_H 3435#include <sys/statvfs.h> 3436#endif 3437]) 3438 3439AC_CHECK_TYPES([in_addr_t, in_port_t], , , 3440[#include <sys/types.h> 3441#include <netinet/in.h>]) 3442 3443AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3444 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3445 [[ size_t foo; foo = 1235; ]])], 3446 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 3447 ]) 3448]) 3449if test "x$ac_cv_have_size_t" = "xyes" ; then 3450 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 3451fi 3452 3453AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 3454 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3455 [[ ssize_t foo; foo = 1235; ]])], 3456 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 3457 ]) 3458]) 3459if test "x$ac_cv_have_ssize_t" = "xyes" ; then 3460 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 3461fi 3462 3463AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 3464 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 3465 [[ clock_t foo; foo = 1235; ]])], 3466 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 3467 ]) 3468]) 3469if test "x$ac_cv_have_clock_t" = "xyes" ; then 3470 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 3471fi 3472 3473AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 3474 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3475#include <sys/types.h> 3476#include <sys/socket.h> 3477 ]], [[ sa_family_t foo; foo = 1235; ]])], 3478 [ ac_cv_have_sa_family_t="yes" ], 3479 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3480#include <sys/types.h> 3481#include <sys/socket.h> 3482#include <netinet/in.h> 3483 ]], [[ sa_family_t foo; foo = 1235; ]])], 3484 [ ac_cv_have_sa_family_t="yes" ], 3485 [ ac_cv_have_sa_family_t="no" ] 3486 ) 3487 ]) 3488]) 3489if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 3490 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 3491 [define if you have sa_family_t data type]) 3492fi 3493 3494AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 3495 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3496 [[ pid_t foo; foo = 1235; ]])], 3497 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 3498 ]) 3499]) 3500if test "x$ac_cv_have_pid_t" = "xyes" ; then 3501 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 3502fi 3503 3504AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 3505 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3506 [[ mode_t foo; foo = 1235; ]])], 3507 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 3508 ]) 3509]) 3510if test "x$ac_cv_have_mode_t" = "xyes" ; then 3511 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 3512fi 3513 3514 3515AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 3516 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3517#include <sys/types.h> 3518#include <sys/socket.h> 3519 ]], [[ struct sockaddr_storage s; ]])], 3520 [ ac_cv_have_struct_sockaddr_storage="yes" ], 3521 [ ac_cv_have_struct_sockaddr_storage="no" 3522 ]) 3523]) 3524if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 3525 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 3526 [define if you have struct sockaddr_storage data type]) 3527fi 3528 3529AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 3530 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3531#include <sys/types.h> 3532#include <netinet/in.h> 3533 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 3534 [ ac_cv_have_struct_sockaddr_in6="yes" ], 3535 [ ac_cv_have_struct_sockaddr_in6="no" 3536 ]) 3537]) 3538if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 3539 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 3540 [define if you have struct sockaddr_in6 data type]) 3541fi 3542 3543AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 3544 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3545#include <sys/types.h> 3546#include <netinet/in.h> 3547 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 3548 [ ac_cv_have_struct_in6_addr="yes" ], 3549 [ ac_cv_have_struct_in6_addr="no" 3550 ]) 3551]) 3552if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 3553 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 3554 [define if you have struct in6_addr data type]) 3555 3556dnl Now check for sin6_scope_id 3557 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 3558 [ 3559#ifdef HAVE_SYS_TYPES_H 3560#include <sys/types.h> 3561#endif 3562#include <netinet/in.h> 3563 ]) 3564fi 3565 3566AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 3567 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3568#include <sys/types.h> 3569#include <sys/socket.h> 3570#include <netdb.h> 3571 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 3572 [ ac_cv_have_struct_addrinfo="yes" ], 3573 [ ac_cv_have_struct_addrinfo="no" 3574 ]) 3575]) 3576if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 3577 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 3578 [define if you have struct addrinfo data type]) 3579fi 3580 3581AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 3582 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 3583 [[ struct timeval tv; tv.tv_sec = 1;]])], 3584 [ ac_cv_have_struct_timeval="yes" ], 3585 [ ac_cv_have_struct_timeval="no" 3586 ]) 3587]) 3588if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 3589 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 3590 have_struct_timeval=1 3591fi 3592 3593AC_CHECK_TYPES([struct timespec]) 3594 3595# We need int64_t or else certian parts of the compile will fail. 3596if test "x$ac_cv_have_int64_t" = "xno" && \ 3597 test "x$ac_cv_sizeof_long_int" != "x8" && \ 3598 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 3599 echo "OpenSSH requires int64_t support. Contact your vendor or install" 3600 echo "an alternative compiler (I.E., GCC) before continuing." 3601 echo "" 3602 exit 1; 3603else 3604dnl test snprintf (broken on SCO w/gcc) 3605 AC_RUN_IFELSE( 3606 [AC_LANG_SOURCE([[ 3607#include <stdio.h> 3608#include <string.h> 3609#ifdef HAVE_SNPRINTF 3610main() 3611{ 3612 char buf[50]; 3613 char expected_out[50]; 3614 int mazsize = 50 ; 3615#if (SIZEOF_LONG_INT == 8) 3616 long int num = 0x7fffffffffffffff; 3617#else 3618 long long num = 0x7fffffffffffffffll; 3619#endif 3620 strcpy(expected_out, "9223372036854775807"); 3621 snprintf(buf, mazsize, "%lld", num); 3622 if(strcmp(buf, expected_out) != 0) 3623 exit(1); 3624 exit(0); 3625} 3626#else 3627main() { exit(0); } 3628#endif 3629 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 3630 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 3631 ) 3632fi 3633 3634dnl Checks for structure members 3635OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 3636OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 3637OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 3638OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 3639OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 3640OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 3641OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 3642OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 3643OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 3644OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 3645OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 3646OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 3647OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 3648OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 3649OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 3650OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 3651OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 3652 3653AC_CHECK_MEMBERS([struct stat.st_blksize]) 3654AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 3655struct passwd.pw_change, struct passwd.pw_expire], 3656[], [], [[ 3657#include <sys/types.h> 3658#include <pwd.h> 3659]]) 3660 3661AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 3662 [Define if we don't have struct __res_state in resolv.h])], 3663[[ 3664#include <stdio.h> 3665#if HAVE_SYS_TYPES_H 3666# include <sys/types.h> 3667#endif 3668#include <netinet/in.h> 3669#include <arpa/nameser.h> 3670#include <resolv.h> 3671]]) 3672 3673AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 3674 ac_cv_have_ss_family_in_struct_ss, [ 3675 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3676#include <sys/types.h> 3677#include <sys/socket.h> 3678 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 3679 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 3680 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 3681]) 3682if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 3683 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 3684fi 3685 3686AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 3687 ac_cv_have___ss_family_in_struct_ss, [ 3688 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3689#include <sys/types.h> 3690#include <sys/socket.h> 3691 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 3692 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 3693 [ ac_cv_have___ss_family_in_struct_ss="no" 3694 ]) 3695]) 3696if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 3697 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 3698 [Fields in struct sockaddr_storage]) 3699fi 3700 3701dnl make sure we're using the real structure members and not defines 3702AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 3703 ac_cv_have_accrights_in_msghdr, [ 3704 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3705#include <sys/types.h> 3706#include <sys/socket.h> 3707#include <sys/uio.h> 3708 ]], [[ 3709#ifdef msg_accrights 3710#error "msg_accrights is a macro" 3711exit(1); 3712#endif 3713struct msghdr m; 3714m.msg_accrights = 0; 3715exit(0); 3716 ]])], 3717 [ ac_cv_have_accrights_in_msghdr="yes" ], 3718 [ ac_cv_have_accrights_in_msghdr="no" ] 3719 ) 3720]) 3721if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 3722 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 3723 [Define if your system uses access rights style 3724 file descriptor passing]) 3725fi 3726 3727AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 3728AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3729#include <sys/param.h> 3730#include <sys/stat.h> 3731#ifdef HAVE_SYS_TIME_H 3732# include <sys/time.h> 3733#endif 3734#ifdef HAVE_SYS_MOUNT_H 3735#include <sys/mount.h> 3736#endif 3737#ifdef HAVE_SYS_STATVFS_H 3738#include <sys/statvfs.h> 3739#endif 3740 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 3741 [ AC_MSG_RESULT([yes]) ], 3742 [ AC_MSG_RESULT([no]) 3743 3744 AC_MSG_CHECKING([if fsid_t has member val]) 3745 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3746#include <sys/types.h> 3747#include <sys/statvfs.h> 3748 ]], [[ fsid_t t; t.val[0] = 0; ]])], 3749 [ AC_MSG_RESULT([yes]) 3750 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 3751 [ AC_MSG_RESULT([no]) ]) 3752 3753 AC_MSG_CHECKING([if f_fsid has member __val]) 3754 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3755#include <sys/types.h> 3756#include <sys/statvfs.h> 3757 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 3758 [ AC_MSG_RESULT([yes]) 3759 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 3760 [ AC_MSG_RESULT([no]) ]) 3761]) 3762 3763AC_CACHE_CHECK([for msg_control field in struct msghdr], 3764 ac_cv_have_control_in_msghdr, [ 3765 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3766#include <sys/types.h> 3767#include <sys/socket.h> 3768#include <sys/uio.h> 3769 ]], [[ 3770#ifdef msg_control 3771#error "msg_control is a macro" 3772exit(1); 3773#endif 3774struct msghdr m; 3775m.msg_control = 0; 3776exit(0); 3777 ]])], 3778 [ ac_cv_have_control_in_msghdr="yes" ], 3779 [ ac_cv_have_control_in_msghdr="no" ] 3780 ) 3781]) 3782if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 3783 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 3784 [Define if your system uses ancillary data style 3785 file descriptor passing]) 3786fi 3787 3788AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 3789 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 3790 [[ extern char *__progname; printf("%s", __progname); ]])], 3791 [ ac_cv_libc_defines___progname="yes" ], 3792 [ ac_cv_libc_defines___progname="no" 3793 ]) 3794]) 3795if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 3796 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 3797fi 3798 3799AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 3800 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 3801 [[ printf("%s", __FUNCTION__); ]])], 3802 [ ac_cv_cc_implements___FUNCTION__="yes" ], 3803 [ ac_cv_cc_implements___FUNCTION__="no" 3804 ]) 3805]) 3806if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 3807 AC_DEFINE([HAVE___FUNCTION__], [1], 3808 [Define if compiler implements __FUNCTION__]) 3809fi 3810 3811AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 3812 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 3813 [[ printf("%s", __func__); ]])], 3814 [ ac_cv_cc_implements___func__="yes" ], 3815 [ ac_cv_cc_implements___func__="no" 3816 ]) 3817]) 3818if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 3819 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 3820fi 3821 3822AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 3823 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3824#include <stdarg.h> 3825va_list x,y; 3826 ]], [[ va_copy(x,y); ]])], 3827 [ ac_cv_have_va_copy="yes" ], 3828 [ ac_cv_have_va_copy="no" 3829 ]) 3830]) 3831if test "x$ac_cv_have_va_copy" = "xyes" ; then 3832 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 3833fi 3834 3835AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 3836 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3837#include <stdarg.h> 3838va_list x,y; 3839 ]], [[ __va_copy(x,y); ]])], 3840 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 3841 ]) 3842]) 3843if test "x$ac_cv_have___va_copy" = "xyes" ; then 3844 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 3845fi 3846 3847AC_CACHE_CHECK([whether getopt has optreset support], 3848 ac_cv_have_getopt_optreset, [ 3849 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 3850 [[ extern int optreset; optreset = 0; ]])], 3851 [ ac_cv_have_getopt_optreset="yes" ], 3852 [ ac_cv_have_getopt_optreset="no" 3853 ]) 3854]) 3855if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 3856 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 3857 [Define if your getopt(3) defines and uses optreset]) 3858fi 3859 3860AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 3861 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 3862[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 3863 [ ac_cv_libc_defines_sys_errlist="yes" ], 3864 [ ac_cv_libc_defines_sys_errlist="no" 3865 ]) 3866]) 3867if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 3868 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 3869 [Define if your system defines sys_errlist[]]) 3870fi 3871 3872 3873AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 3874 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 3875[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 3876 [ ac_cv_libc_defines_sys_nerr="yes" ], 3877 [ ac_cv_libc_defines_sys_nerr="no" 3878 ]) 3879]) 3880if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 3881 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 3882fi 3883 3884# Check libraries needed by DNS fingerprint support 3885AC_SEARCH_LIBS([getrrsetbyname], [resolv], 3886 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 3887 [Define if getrrsetbyname() exists])], 3888 [ 3889 # Needed by our getrrsetbyname() 3890 AC_SEARCH_LIBS([res_query], [resolv]) 3891 AC_SEARCH_LIBS([dn_expand], [resolv]) 3892 AC_MSG_CHECKING([if res_query will link]) 3893 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3894#include <sys/types.h> 3895#include <netinet/in.h> 3896#include <arpa/nameser.h> 3897#include <netdb.h> 3898#include <resolv.h> 3899 ]], [[ 3900 res_query (0, 0, 0, 0, 0); 3901 ]])], 3902 AC_MSG_RESULT([yes]), 3903 [AC_MSG_RESULT([no]) 3904 saved_LIBS="$LIBS" 3905 LIBS="$LIBS -lresolv" 3906 AC_MSG_CHECKING([for res_query in -lresolv]) 3907 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3908#include <sys/types.h> 3909#include <netinet/in.h> 3910#include <arpa/nameser.h> 3911#include <netdb.h> 3912#include <resolv.h> 3913 ]], [[ 3914 res_query (0, 0, 0, 0, 0); 3915 ]])], 3916 [AC_MSG_RESULT([yes])], 3917 [LIBS="$saved_LIBS" 3918 AC_MSG_RESULT([no])]) 3919 ]) 3920 AC_CHECK_FUNCS([_getshort _getlong]) 3921 AC_CHECK_DECLS([_getshort, _getlong], , , 3922 [#include <sys/types.h> 3923 #include <arpa/nameser.h>]) 3924 AC_CHECK_MEMBER([HEADER.ad], 3925 [AC_DEFINE([HAVE_HEADER_AD], [1], 3926 [Define if HEADER.ad exists in arpa/nameser.h])], , 3927 [#include <arpa/nameser.h>]) 3928 ]) 3929 3930AC_MSG_CHECKING([if struct __res_state _res is an extern]) 3931AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3932#include <stdio.h> 3933#if HAVE_SYS_TYPES_H 3934# include <sys/types.h> 3935#endif 3936#include <netinet/in.h> 3937#include <arpa/nameser.h> 3938#include <resolv.h> 3939extern struct __res_state _res; 3940 ]], [[ ]])], 3941 [AC_MSG_RESULT([yes]) 3942 AC_DEFINE([HAVE__RES_EXTERN], [1], 3943 [Define if you have struct __res_state _res as an extern]) 3944 ], 3945 [ AC_MSG_RESULT([no]) ] 3946) 3947 3948# Check whether user wants SELinux support 3949SELINUX_MSG="no" 3950LIBSELINUX="" 3951AC_ARG_WITH([selinux], 3952 [ --with-selinux Enable SELinux support], 3953 [ if test "x$withval" != "xno" ; then 3954 save_LIBS="$LIBS" 3955 AC_DEFINE([WITH_SELINUX], [1], 3956 [Define if you want SELinux support.]) 3957 SELINUX_MSG="yes" 3958 AC_CHECK_HEADER([selinux/selinux.h], , 3959 AC_MSG_ERROR([SELinux support requires selinux.h header])) 3960 AC_CHECK_LIB([selinux], [setexeccon], 3961 [ LIBSELINUX="-lselinux" 3962 LIBS="$LIBS -lselinux" 3963 ], 3964 AC_MSG_ERROR([SELinux support requires libselinux library])) 3965 SSHLIBS="$SSHLIBS $LIBSELINUX" 3966 SSHDLIBS="$SSHDLIBS $LIBSELINUX" 3967 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 3968 LIBS="$save_LIBS" 3969 fi ] 3970) 3971AC_SUBST([SSHLIBS]) 3972AC_SUBST([SSHDLIBS]) 3973 3974# Check whether user wants Kerberos 5 support 3975KRB5_MSG="no" 3976AC_ARG_WITH([kerberos5], 3977 [ --with-kerberos5=PATH Enable Kerberos 5 support], 3978 [ if test "x$withval" != "xno" ; then 3979 if test "x$withval" = "xyes" ; then 3980 KRB5ROOT="/usr/local" 3981 else 3982 KRB5ROOT=${withval} 3983 fi 3984 3985 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 3986 KRB5_MSG="yes" 3987 3988 AC_PATH_PROG([KRB5CONF], [krb5-config], 3989 [$KRB5ROOT/bin/krb5-config], 3990 [$KRB5ROOT/bin:$PATH]) 3991 if test -x $KRB5CONF ; then 3992 K5CFLAGS="`$KRB5CONF --cflags`" 3993 K5LIBS="`$KRB5CONF --libs`" 3994 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 3995 3996 AC_MSG_CHECKING([for gssapi support]) 3997 if $KRB5CONF | grep gssapi >/dev/null ; then 3998 AC_MSG_RESULT([yes]) 3999 AC_DEFINE([GSSAPI], [1], 4000 [Define this if you want GSSAPI 4001 support in the version 2 protocol]) 4002 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4003 GSSLIBS="`$KRB5CONF --libs gssapi`" 4004 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4005 else 4006 AC_MSG_RESULT([no]) 4007 fi 4008 AC_MSG_CHECKING([whether we are using Heimdal]) 4009 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4010 ]], [[ char *tmp = heimdal_version; ]])], 4011 [ AC_MSG_RESULT([yes]) 4012 AC_DEFINE([HEIMDAL], [1], 4013 [Define this if you are using the Heimdal 4014 version of Kerberos V5]) ], 4015 [AC_MSG_RESULT([no]) 4016 ]) 4017 else 4018 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4019 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4020 AC_MSG_CHECKING([whether we are using Heimdal]) 4021 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4022 ]], [[ char *tmp = heimdal_version; ]])], 4023 [ AC_MSG_RESULT([yes]) 4024 AC_DEFINE([HEIMDAL]) 4025 K5LIBS="-lkrb5" 4026 K5LIBS="$K5LIBS -lcom_err -lasn1" 4027 AC_CHECK_LIB([roken], [net_write], 4028 [K5LIBS="$K5LIBS -lroken"]) 4029 AC_CHECK_LIB([des], [des_cbc_encrypt], 4030 [K5LIBS="$K5LIBS -ldes"]) 4031 ], [ AC_MSG_RESULT([no]) 4032 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4033 4034 ]) 4035 AC_SEARCH_LIBS([dn_expand], [resolv]) 4036 4037 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4038 [ AC_DEFINE([GSSAPI]) 4039 GSSLIBS="-lgssapi_krb5" ], 4040 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4041 [ AC_DEFINE([GSSAPI]) 4042 GSSLIBS="-lgssapi" ], 4043 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4044 [ AC_DEFINE([GSSAPI]) 4045 GSSLIBS="-lgss" ], 4046 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4047 ]) 4048 ]) 4049 4050 AC_CHECK_HEADER([gssapi.h], , 4051 [ unset ac_cv_header_gssapi_h 4052 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4053 AC_CHECK_HEADERS([gssapi.h], , 4054 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4055 ) 4056 ] 4057 ) 4058 4059 oldCPP="$CPPFLAGS" 4060 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4061 AC_CHECK_HEADER([gssapi_krb5.h], , 4062 [ CPPFLAGS="$oldCPP" ]) 4063 4064 fi 4065 if test ! -z "$need_dash_r" ; then 4066 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" 4067 fi 4068 if test ! -z "$blibpath" ; then 4069 blibpath="$blibpath:${KRB5ROOT}/lib" 4070 fi 4071 4072 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4073 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4074 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4075 4076 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4077 [Define this if you want to use libkafs' AFS support])]) 4078 4079 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4080#ifdef HAVE_GSSAPI_H 4081# include <gssapi.h> 4082#elif defined(HAVE_GSSAPI_GSSAPI_H) 4083# include <gssapi/gssapi.h> 4084#endif 4085 4086#ifdef HAVE_GSSAPI_GENERIC_H 4087# include <gssapi_generic.h> 4088#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4089# include <gssapi/gssapi_generic.h> 4090#endif 4091 ]]) 4092 saved_LIBS="$LIBS" 4093 LIBS="$LIBS $K5LIBS" 4094 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4095 LIBS="$saved_LIBS" 4096 4097 fi 4098 ] 4099) 4100AC_SUBST([GSSLIBS]) 4101AC_SUBST([K5LIBS]) 4102 4103# Looking for programs, paths and files 4104 4105PRIVSEP_PATH=/var/empty 4106AC_ARG_WITH([privsep-path], 4107 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4108 [ 4109 if test -n "$withval" && test "x$withval" != "xno" && \ 4110 test "x${withval}" != "xyes"; then 4111 PRIVSEP_PATH=$withval 4112 fi 4113 ] 4114) 4115AC_SUBST([PRIVSEP_PATH]) 4116 4117AC_ARG_WITH([xauth], 4118 [ --with-xauth=PATH Specify path to xauth program ], 4119 [ 4120 if test -n "$withval" && test "x$withval" != "xno" && \ 4121 test "x${withval}" != "xyes"; then 4122 xauth_path=$withval 4123 fi 4124 ], 4125 [ 4126 TestPath="$PATH" 4127 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4128 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4129 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4130 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4131 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4132 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4133 xauth_path="/usr/openwin/bin/xauth" 4134 fi 4135 ] 4136) 4137 4138STRIP_OPT=-s 4139AC_ARG_ENABLE([strip], 4140 [ --disable-strip Disable calling strip(1) on install], 4141 [ 4142 if test "x$enableval" = "xno" ; then 4143 STRIP_OPT= 4144 fi 4145 ] 4146) 4147AC_SUBST([STRIP_OPT]) 4148 4149if test -z "$xauth_path" ; then 4150 XAUTH_PATH="undefined" 4151 AC_SUBST([XAUTH_PATH]) 4152else 4153 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4154 [Define if xauth is found in your path]) 4155 XAUTH_PATH=$xauth_path 4156 AC_SUBST([XAUTH_PATH]) 4157fi 4158 4159dnl # --with-maildir=/path/to/mail gets top priority. 4160dnl # if maildir is set in the platform case statement above we use that. 4161dnl # Otherwise we run a program to get the dir from system headers. 4162dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4163dnl # If we find _PATH_MAILDIR we do nothing because that is what 4164dnl # session.c expects anyway. Otherwise we set to the value found 4165dnl # stripping any trailing slash. If for some strage reason our program 4166dnl # does not find what it needs, we default to /var/spool/mail. 4167# Check for mail directory 4168AC_ARG_WITH([maildir], 4169 [ --with-maildir=/path/to/mail Specify your system mail directory], 4170 [ 4171 if test "X$withval" != X && test "x$withval" != xno && \ 4172 test "x${withval}" != xyes; then 4173 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4174 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4175 fi 4176 ],[ 4177 if test "X$maildir" != "X"; then 4178 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4179 else 4180 AC_MSG_CHECKING([Discovering system mail directory]) 4181 AC_RUN_IFELSE( 4182 [AC_LANG_PROGRAM([[ 4183#include <stdio.h> 4184#include <string.h> 4185#ifdef HAVE_PATHS_H 4186#include <paths.h> 4187#endif 4188#ifdef HAVE_MAILLOCK_H 4189#include <maillock.h> 4190#endif 4191#define DATA "conftest.maildir" 4192 ]], [[ 4193 FILE *fd; 4194 int rc; 4195 4196 fd = fopen(DATA,"w"); 4197 if(fd == NULL) 4198 exit(1); 4199 4200#if defined (_PATH_MAILDIR) 4201 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4202 exit(1); 4203#elif defined (MAILDIR) 4204 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4205 exit(1); 4206#elif defined (_PATH_MAIL) 4207 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4208 exit(1); 4209#else 4210 exit (2); 4211#endif 4212 4213 exit(0); 4214 ]])], 4215 [ 4216 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4217 maildir=`awk -F: '{print $2}' conftest.maildir \ 4218 | sed 's|/$||'` 4219 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4220 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4221 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4222 fi 4223 ], 4224 [ 4225 if test "X$ac_status" = "X2";then 4226# our test program didn't find it. Default to /var/spool/mail 4227 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4228 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4229 else 4230 AC_MSG_RESULT([*** not found ***]) 4231 fi 4232 ], 4233 [ 4234 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4235 ] 4236 ) 4237 fi 4238 ] 4239) # maildir 4240 4241if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4242 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4243 disable_ptmx_check=yes 4244fi 4245if test -z "$no_dev_ptmx" ; then 4246 if test "x$disable_ptmx_check" != "xyes" ; then 4247 AC_CHECK_FILE(["/dev/ptmx"], 4248 [ 4249 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4250 [Define if you have /dev/ptmx]) 4251 have_dev_ptmx=1 4252 ] 4253 ) 4254 fi 4255fi 4256 4257if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4258 AC_CHECK_FILE(["/dev/ptc"], 4259 [ 4260 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4261 [Define if you have /dev/ptc]) 4262 have_dev_ptc=1 4263 ] 4264 ) 4265else 4266 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4267fi 4268 4269# Options from here on. Some of these are preset by platform above 4270AC_ARG_WITH([mantype], 4271 [ --with-mantype=man|cat|doc Set man page type], 4272 [ 4273 case "$withval" in 4274 man|cat|doc) 4275 MANTYPE=$withval 4276 ;; 4277 *) 4278 AC_MSG_ERROR([invalid man type: $withval]) 4279 ;; 4280 esac 4281 ] 4282) 4283if test -z "$MANTYPE"; then 4284 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" 4285 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath]) 4286 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4287 MANTYPE=doc 4288 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4289 MANTYPE=man 4290 else 4291 MANTYPE=cat 4292 fi 4293fi 4294AC_SUBST([MANTYPE]) 4295if test "$MANTYPE" = "doc"; then 4296 mansubdir=man; 4297else 4298 mansubdir=$MANTYPE; 4299fi 4300AC_SUBST([mansubdir]) 4301 4302# Check whether to enable MD5 passwords 4303MD5_MSG="no" 4304AC_ARG_WITH([md5-passwords], 4305 [ --with-md5-passwords Enable use of MD5 passwords], 4306 [ 4307 if test "x$withval" != "xno" ; then 4308 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4309 [Define if you want to allow MD5 passwords]) 4310 MD5_MSG="yes" 4311 fi 4312 ] 4313) 4314 4315# Whether to disable shadow password support 4316AC_ARG_WITH([shadow], 4317 [ --without-shadow Disable shadow password support], 4318 [ 4319 if test "x$withval" = "xno" ; then 4320 AC_DEFINE([DISABLE_SHADOW]) 4321 disable_shadow=yes 4322 fi 4323 ] 4324) 4325 4326if test -z "$disable_shadow" ; then 4327 AC_MSG_CHECKING([if the systems has expire shadow information]) 4328 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4329#include <sys/types.h> 4330#include <shadow.h> 4331struct spwd sp; 4332 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4333 [ sp_expire_available=yes ], [ 4334 ]) 4335 4336 if test "x$sp_expire_available" = "xyes" ; then 4337 AC_MSG_RESULT([yes]) 4338 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4339 [Define if you want to use shadow password expire field]) 4340 else 4341 AC_MSG_RESULT([no]) 4342 fi 4343fi 4344 4345# Use ip address instead of hostname in $DISPLAY 4346if test ! -z "$IPADDR_IN_DISPLAY" ; then 4347 DISPLAY_HACK_MSG="yes" 4348 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4349 [Define if you need to use IP address 4350 instead of hostname in $DISPLAY]) 4351else 4352 DISPLAY_HACK_MSG="no" 4353 AC_ARG_WITH([ipaddr-display], 4354 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY], 4355 [ 4356 if test "x$withval" != "xno" ; then 4357 AC_DEFINE([IPADDR_IN_DISPLAY]) 4358 DISPLAY_HACK_MSG="yes" 4359 fi 4360 ] 4361 ) 4362fi 4363 4364# check for /etc/default/login and use it if present. 4365AC_ARG_ENABLE([etc-default-login], 4366 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4367 [ if test "x$enableval" = "xno"; then 4368 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4369 etc_default_login=no 4370 else 4371 etc_default_login=yes 4372 fi ], 4373 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4374 then 4375 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4376 etc_default_login=no 4377 else 4378 etc_default_login=yes 4379 fi ] 4380) 4381 4382if test "x$etc_default_login" != "xno"; then 4383 AC_CHECK_FILE(["/etc/default/login"], 4384 [ external_path_file=/etc/default/login ]) 4385 if test "x$external_path_file" = "x/etc/default/login"; then 4386 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4387 [Define if your system has /etc/default/login]) 4388 fi 4389fi 4390 4391dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4392if test $ac_cv_func_login_getcapbool = "yes" && \ 4393 test $ac_cv_header_login_cap_h = "yes" ; then 4394 external_path_file=/etc/login.conf 4395fi 4396 4397# Whether to mess with the default path 4398SERVER_PATH_MSG="(default)" 4399AC_ARG_WITH([default-path], 4400 [ --with-default-path= Specify default \$PATH environment for server], 4401 [ 4402 if test "x$external_path_file" = "x/etc/login.conf" ; then 4403 AC_MSG_WARN([ 4404--with-default-path=PATH has no effect on this system. 4405Edit /etc/login.conf instead.]) 4406 elif test "x$withval" != "xno" ; then 4407 if test ! -z "$external_path_file" ; then 4408 AC_MSG_WARN([ 4409--with-default-path=PATH will only be used if PATH is not defined in 4410$external_path_file .]) 4411 fi 4412 user_path="$withval" 4413 SERVER_PATH_MSG="$withval" 4414 fi 4415 ], 4416 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 4417 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 4418 else 4419 if test ! -z "$external_path_file" ; then 4420 AC_MSG_WARN([ 4421If PATH is defined in $external_path_file, ensure the path to scp is included, 4422otherwise scp will not work.]) 4423 fi 4424 AC_RUN_IFELSE( 4425 [AC_LANG_PROGRAM([[ 4426/* find out what STDPATH is */ 4427#include <stdio.h> 4428#ifdef HAVE_PATHS_H 4429# include <paths.h> 4430#endif 4431#ifndef _PATH_STDPATH 4432# ifdef _PATH_USERPATH /* Irix */ 4433# define _PATH_STDPATH _PATH_USERPATH 4434# else 4435# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 4436# endif 4437#endif 4438#include <sys/types.h> 4439#include <sys/stat.h> 4440#include <fcntl.h> 4441#define DATA "conftest.stdpath" 4442 ]], [[ 4443 FILE *fd; 4444 int rc; 4445 4446 fd = fopen(DATA,"w"); 4447 if(fd == NULL) 4448 exit(1); 4449 4450 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 4451 exit(1); 4452 4453 exit(0); 4454 ]])], 4455 [ user_path=`cat conftest.stdpath` ], 4456 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 4457 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 4458 ) 4459# make sure $bindir is in USER_PATH so scp will work 4460 t_bindir="${bindir}" 4461 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 4462 t_bindir=`eval echo ${t_bindir}` 4463 case $t_bindir in 4464 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 4465 esac 4466 case $t_bindir in 4467 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 4468 esac 4469 done 4470 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 4471 if test $? -ne 0 ; then 4472 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 4473 if test $? -ne 0 ; then 4474 user_path=$user_path:$t_bindir 4475 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 4476 fi 4477 fi 4478 fi ] 4479) 4480if test "x$external_path_file" != "x/etc/login.conf" ; then 4481 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 4482 AC_SUBST([user_path]) 4483fi 4484 4485# Set superuser path separately to user path 4486AC_ARG_WITH([superuser-path], 4487 [ --with-superuser-path= Specify different path for super-user], 4488 [ 4489 if test -n "$withval" && test "x$withval" != "xno" && \ 4490 test "x${withval}" != "xyes"; then 4491 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 4492 [Define if you want a different $PATH 4493 for the superuser]) 4494 superuser_path=$withval 4495 fi 4496 ] 4497) 4498 4499 4500AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 4501IPV4_IN6_HACK_MSG="no" 4502AC_ARG_WITH(4in6, 4503 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 4504 [ 4505 if test "x$withval" != "xno" ; then 4506 AC_MSG_RESULT([yes]) 4507 AC_DEFINE([IPV4_IN_IPV6], [1], 4508 [Detect IPv4 in IPv6 mapped addresses 4509 and treat as IPv4]) 4510 IPV4_IN6_HACK_MSG="yes" 4511 else 4512 AC_MSG_RESULT([no]) 4513 fi 4514 ], [ 4515 if test "x$inet6_default_4in6" = "xyes"; then 4516 AC_MSG_RESULT([yes (default)]) 4517 AC_DEFINE([IPV4_IN_IPV6]) 4518 IPV4_IN6_HACK_MSG="yes" 4519 else 4520 AC_MSG_RESULT([no (default)]) 4521 fi 4522 ] 4523) 4524 4525# Whether to enable BSD auth support 4526BSD_AUTH_MSG=no 4527AC_ARG_WITH([bsd-auth], 4528 [ --with-bsd-auth Enable BSD auth support], 4529 [ 4530 if test "x$withval" != "xno" ; then 4531 AC_DEFINE([BSD_AUTH], [1], 4532 [Define if you have BSD auth support]) 4533 BSD_AUTH_MSG=yes 4534 fi 4535 ] 4536) 4537 4538# Where to place sshd.pid 4539piddir=/var/run 4540# make sure the directory exists 4541if test ! -d $piddir ; then 4542 piddir=`eval echo ${sysconfdir}` 4543 case $piddir in 4544 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 4545 esac 4546fi 4547 4548AC_ARG_WITH([pid-dir], 4549 [ --with-pid-dir=PATH Specify location of ssh.pid file], 4550 [ 4551 if test -n "$withval" && test "x$withval" != "xno" && \ 4552 test "x${withval}" != "xyes"; then 4553 piddir=$withval 4554 if test ! -d $piddir ; then 4555 AC_MSG_WARN([** no $piddir directory on this system **]) 4556 fi 4557 fi 4558 ] 4559) 4560 4561AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 4562 [Specify location of ssh.pid]) 4563AC_SUBST([piddir]) 4564 4565dnl allow user to disable some login recording features 4566AC_ARG_ENABLE([lastlog], 4567 [ --disable-lastlog disable use of lastlog even if detected [no]], 4568 [ 4569 if test "x$enableval" = "xno" ; then 4570 AC_DEFINE([DISABLE_LASTLOG]) 4571 fi 4572 ] 4573) 4574AC_ARG_ENABLE([utmp], 4575 [ --disable-utmp disable use of utmp even if detected [no]], 4576 [ 4577 if test "x$enableval" = "xno" ; then 4578 AC_DEFINE([DISABLE_UTMP]) 4579 fi 4580 ] 4581) 4582AC_ARG_ENABLE([utmpx], 4583 [ --disable-utmpx disable use of utmpx even if detected [no]], 4584 [ 4585 if test "x$enableval" = "xno" ; then 4586 AC_DEFINE([DISABLE_UTMPX], [1], 4587 [Define if you don't want to use utmpx]) 4588 fi 4589 ] 4590) 4591AC_ARG_ENABLE([wtmp], 4592 [ --disable-wtmp disable use of wtmp even if detected [no]], 4593 [ 4594 if test "x$enableval" = "xno" ; then 4595 AC_DEFINE([DISABLE_WTMP]) 4596 fi 4597 ] 4598) 4599AC_ARG_ENABLE([wtmpx], 4600 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 4601 [ 4602 if test "x$enableval" = "xno" ; then 4603 AC_DEFINE([DISABLE_WTMPX], [1], 4604 [Define if you don't want to use wtmpx]) 4605 fi 4606 ] 4607) 4608AC_ARG_ENABLE([libutil], 4609 [ --disable-libutil disable use of libutil (login() etc.) [no]], 4610 [ 4611 if test "x$enableval" = "xno" ; then 4612 AC_DEFINE([DISABLE_LOGIN]) 4613 fi 4614 ] 4615) 4616AC_ARG_ENABLE([pututline], 4617 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 4618 [ 4619 if test "x$enableval" = "xno" ; then 4620 AC_DEFINE([DISABLE_PUTUTLINE], [1], 4621 [Define if you don't want to use pututline() 4622 etc. to write [uw]tmp]) 4623 fi 4624 ] 4625) 4626AC_ARG_ENABLE([pututxline], 4627 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 4628 [ 4629 if test "x$enableval" = "xno" ; then 4630 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 4631 [Define if you don't want to use pututxline() 4632 etc. to write [uw]tmpx]) 4633 fi 4634 ] 4635) 4636AC_ARG_WITH([lastlog], 4637 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 4638 [ 4639 if test "x$withval" = "xno" ; then 4640 AC_DEFINE([DISABLE_LASTLOG]) 4641 elif test -n "$withval" && test "x${withval}" != "xyes"; then 4642 conf_lastlog_location=$withval 4643 fi 4644 ] 4645) 4646 4647dnl lastlog, [uw]tmpx? detection 4648dnl NOTE: set the paths in the platform section to avoid the 4649dnl need for command-line parameters 4650dnl lastlog and [uw]tmp are subject to a file search if all else fails 4651 4652dnl lastlog detection 4653dnl NOTE: the code itself will detect if lastlog is a directory 4654AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 4655AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4656#include <sys/types.h> 4657#include <utmp.h> 4658#ifdef HAVE_LASTLOG_H 4659# include <lastlog.h> 4660#endif 4661#ifdef HAVE_PATHS_H 4662# include <paths.h> 4663#endif 4664#ifdef HAVE_LOGIN_H 4665# include <login.h> 4666#endif 4667 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 4668 [ AC_MSG_RESULT([yes]) ], 4669 [ 4670 AC_MSG_RESULT([no]) 4671 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 4672 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4673#include <sys/types.h> 4674#include <utmp.h> 4675#ifdef HAVE_LASTLOG_H 4676# include <lastlog.h> 4677#endif 4678#ifdef HAVE_PATHS_H 4679# include <paths.h> 4680#endif 4681 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 4682 [ AC_MSG_RESULT([yes]) ], 4683 [ 4684 AC_MSG_RESULT([no]) 4685 system_lastlog_path=no 4686 ]) 4687]) 4688 4689if test -z "$conf_lastlog_location"; then 4690 if test x"$system_lastlog_path" = x"no" ; then 4691 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 4692 if (test -d "$f" || test -f "$f") ; then 4693 conf_lastlog_location=$f 4694 fi 4695 done 4696 if test -z "$conf_lastlog_location"; then 4697 AC_MSG_WARN([** Cannot find lastlog **]) 4698 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 4699 fi 4700 fi 4701fi 4702 4703if test -n "$conf_lastlog_location"; then 4704 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 4705 [Define if you want to specify the path to your lastlog file]) 4706fi 4707 4708dnl utmp detection 4709AC_MSG_CHECKING([if your system defines UTMP_FILE]) 4710AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4711#include <sys/types.h> 4712#include <utmp.h> 4713#ifdef HAVE_PATHS_H 4714# include <paths.h> 4715#endif 4716 ]], [[ char *utmp = UTMP_FILE; ]])], 4717 [ AC_MSG_RESULT([yes]) ], 4718 [ AC_MSG_RESULT([no]) 4719 system_utmp_path=no 4720]) 4721if test -z "$conf_utmp_location"; then 4722 if test x"$system_utmp_path" = x"no" ; then 4723 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 4724 if test -f $f ; then 4725 conf_utmp_location=$f 4726 fi 4727 done 4728 if test -z "$conf_utmp_location"; then 4729 AC_DEFINE([DISABLE_UTMP]) 4730 fi 4731 fi 4732fi 4733if test -n "$conf_utmp_location"; then 4734 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 4735 [Define if you want to specify the path to your utmp file]) 4736fi 4737 4738dnl wtmp detection 4739AC_MSG_CHECKING([if your system defines WTMP_FILE]) 4740AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4741#include <sys/types.h> 4742#include <utmp.h> 4743#ifdef HAVE_PATHS_H 4744# include <paths.h> 4745#endif 4746 ]], [[ char *wtmp = WTMP_FILE; ]])], 4747 [ AC_MSG_RESULT([yes]) ], 4748 [ AC_MSG_RESULT([no]) 4749 system_wtmp_path=no 4750]) 4751if test -z "$conf_wtmp_location"; then 4752 if test x"$system_wtmp_path" = x"no" ; then 4753 for f in /usr/adm/wtmp /var/log/wtmp; do 4754 if test -f $f ; then 4755 conf_wtmp_location=$f 4756 fi 4757 done 4758 if test -z "$conf_wtmp_location"; then 4759 AC_DEFINE([DISABLE_WTMP]) 4760 fi 4761 fi 4762fi 4763if test -n "$conf_wtmp_location"; then 4764 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 4765 [Define if you want to specify the path to your wtmp file]) 4766fi 4767 4768dnl wtmpx detection 4769AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 4770AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4771#include <sys/types.h> 4772#include <utmp.h> 4773#ifdef HAVE_UTMPX_H 4774#include <utmpx.h> 4775#endif 4776#ifdef HAVE_PATHS_H 4777# include <paths.h> 4778#endif 4779 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 4780 [ AC_MSG_RESULT([yes]) ], 4781 [ AC_MSG_RESULT([no]) 4782 system_wtmpx_path=no 4783]) 4784if test -z "$conf_wtmpx_location"; then 4785 if test x"$system_wtmpx_path" = x"no" ; then 4786 AC_DEFINE([DISABLE_WTMPX]) 4787 fi 4788else 4789 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 4790 [Define if you want to specify the path to your wtmpx file]) 4791fi 4792 4793 4794if test ! -z "$blibpath" ; then 4795 LDFLAGS="$LDFLAGS $blibflags$blibpath" 4796 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 4797fi 4798 4799AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 4800 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 4801 AC_DEFINE([DISABLE_LASTLOG]) 4802 fi 4803 ], [ 4804#ifdef HAVE_SYS_TYPES_H 4805#include <sys/types.h> 4806#endif 4807#ifdef HAVE_UTMP_H 4808#include <utmp.h> 4809#endif 4810#ifdef HAVE_UTMPX_H 4811#include <utmpx.h> 4812#endif 4813#ifdef HAVE_LASTLOG_H 4814#include <lastlog.h> 4815#endif 4816 ]) 4817 4818AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 4819 AC_DEFINE([DISABLE_UTMP]) 4820 AC_DEFINE([DISABLE_WTMP]) 4821 ], [ 4822#ifdef HAVE_SYS_TYPES_H 4823#include <sys/types.h> 4824#endif 4825#ifdef HAVE_UTMP_H 4826#include <utmp.h> 4827#endif 4828#ifdef HAVE_UTMPX_H 4829#include <utmpx.h> 4830#endif 4831#ifdef HAVE_LASTLOG_H 4832#include <lastlog.h> 4833#endif 4834 ]) 4835 4836dnl Adding -Werror to CFLAGS early prevents configure tests from running. 4837dnl Add now. 4838CFLAGS="$CFLAGS $werror_flags" 4839 4840if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 4841 TEST_SSH_IPV6=no 4842else 4843 TEST_SSH_IPV6=yes 4844fi 4845AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 4846AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 4847AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 4848AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 4849 4850AC_EXEEXT 4851AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 4852 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 4853 survey.sh]) 4854AC_OUTPUT 4855 4856# Print summary of options 4857 4858# Someone please show me a better way :) 4859A=`eval echo ${prefix}` ; A=`eval echo ${A}` 4860B=`eval echo ${bindir}` ; B=`eval echo ${B}` 4861C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 4862D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 4863E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 4864F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 4865G=`eval echo ${piddir}` ; G=`eval echo ${G}` 4866H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 4867I=`eval echo ${user_path}` ; I=`eval echo ${I}` 4868J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 4869 4870echo "" 4871echo "OpenSSH has been configured with the following options:" 4872echo " User binaries: $B" 4873echo " System binaries: $C" 4874echo " Configuration files: $D" 4875echo " Askpass program: $E" 4876echo " Manual pages: $F" 4877echo " PID file: $G" 4878echo " Privilege separation chroot path: $H" 4879if test "x$external_path_file" = "x/etc/login.conf" ; then 4880echo " At runtime, sshd will use the path defined in $external_path_file" 4881echo " Make sure the path to scp is present, otherwise scp will not work" 4882else 4883echo " sshd default user PATH: $I" 4884 if test ! -z "$external_path_file"; then 4885echo " (If PATH is set in $external_path_file it will be used instead. If" 4886echo " used, ensure the path to scp is present, otherwise scp will not work.)" 4887 fi 4888fi 4889if test ! -z "$superuser_path" ; then 4890echo " sshd superuser user PATH: $J" 4891fi 4892echo " Manpage format: $MANTYPE" 4893echo " PAM support: $PAM_MSG" 4894echo " OSF SIA support: $SIA_MSG" 4895echo " KerberosV support: $KRB5_MSG" 4896echo " SELinux support: $SELINUX_MSG" 4897echo " Smartcard support: $SCARD_MSG" 4898echo " S/KEY support: $SKEY_MSG" 4899echo " MD5 password support: $MD5_MSG" 4900echo " libedit support: $LIBEDIT_MSG" 4901echo " Solaris process contract support: $SPC_MSG" 4902echo " Solaris project support: $SP_MSG" 4903echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 4904echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 4905echo " BSD Auth support: $BSD_AUTH_MSG" 4906echo " Random number source: $RAND_MSG" 4907echo " Privsep sandbox style: $SANDBOX_STYLE" 4908 4909echo "" 4910 4911echo " Host: ${host}" 4912echo " Compiler: ${CC}" 4913echo " Compiler flags: ${CFLAGS}" 4914echo "Preprocessor flags: ${CPPFLAGS}" 4915echo " Linker flags: ${LDFLAGS}" 4916echo " Libraries: ${LIBS}" 4917if test ! -z "${SSHDLIBS}"; then 4918echo " +for sshd: ${SSHDLIBS}" 4919fi 4920if test ! -z "${SSHLIBS}"; then 4921echo " +for ssh: ${SSHLIBS}" 4922fi 4923 4924echo "" 4925 4926if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 4927 echo "SVR4 style packages are supported with \"make package\"" 4928 echo "" 4929fi 4930 4931if test "x$PAM_MSG" = "xyes" ; then 4932 echo "PAM is enabled. You may need to install a PAM control file " 4933 echo "for sshd, otherwise password authentication may fail. " 4934 echo "Example PAM control files can be found in the contrib/ " 4935 echo "subdirectory" 4936 echo "" 4937fi 4938 4939if test ! -z "$NO_PEERCHECK" ; then 4940 echo "WARNING: the operating system that you are using does not" 4941 echo "appear to support getpeereid(), getpeerucred() or the" 4942 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 4943 echo "enforce security checks to prevent unauthorised connections to" 4944 echo "ssh-agent. Their absence increases the risk that a malicious" 4945 echo "user can connect to your agent." 4946 echo "" 4947fi 4948 4949if test "$AUDIT_MODULE" = "bsm" ; then 4950 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 4951 echo "See the Solaris section in README.platform for details." 4952fi 4953