1# $Id: configure.ac,v 1.583 2014/08/26 20:32:01 djm Exp $ 2# 3# Copyright (c) 1999-2004 Damien Miller 4# 5# Permission to use, copy, modify, and distribute this software for any 6# purpose with or without fee is hereby granted, provided that the above 7# copyright notice and this permission notice appear in all copies. 8# 9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 17AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 18AC_REVISION($Revision: 1.583 $) 19AC_CONFIG_SRCDIR([ssh.c]) 20AC_LANG([C]) 21 22AC_CONFIG_HEADER([config.h]) 23AC_PROG_CC 24AC_CANONICAL_HOST 25AC_C_BIGENDIAN 26 27# Checks for programs. 28AC_PROG_AWK 29AC_PROG_CPP 30AC_PROG_RANLIB 31AC_PROG_INSTALL 32AC_PROG_EGREP 33AC_CHECK_TOOLS([AR], [ar]) 34AC_PATH_PROG([CAT], [cat]) 35AC_PATH_PROG([KILL], [kill]) 36AC_PATH_PROGS([PERL], [perl5 perl]) 37AC_PATH_PROG([SED], [sed]) 38AC_SUBST([PERL]) 39AC_PATH_PROG([ENT], [ent]) 40AC_SUBST([ENT]) 41AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 42AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 43AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 44AC_PATH_PROG([SH], [sh]) 45AC_PATH_PROG([GROFF], [groff]) 46AC_PATH_PROG([NROFF], [nroff]) 47AC_PATH_PROG([MANDOC], [mandoc]) 48AC_SUBST([TEST_SHELL], [sh]) 49 50dnl select manpage formatter 51if test "x$MANDOC" != "x" ; then 52 MANFMT="$MANDOC" 53elif test "x$NROFF" != "x" ; then 54 MANFMT="$NROFF -mandoc" 55elif test "x$GROFF" != "x" ; then 56 MANFMT="$GROFF -mandoc -Tascii" 57else 58 AC_MSG_WARN([no manpage formatted found]) 59 MANFMT="false" 60fi 61AC_SUBST([MANFMT]) 62 63dnl for buildpkg.sh 64AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 65 [/usr/sbin${PATH_SEPARATOR}/etc]) 66AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 67 [/usr/sbin${PATH_SEPARATOR}/etc]) 68AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 69if test -x /sbin/sh; then 70 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 71else 72 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 73fi 74 75# System features 76AC_SYS_LARGEFILE 77 78if test -z "$AR" ; then 79 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 80fi 81 82AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 83if test ! -z "$PATH_PASSWD_PROG" ; then 84 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 85 [Full path of your "passwd" program]) 86fi 87 88if test -z "$LD" ; then 89 LD=$CC 90fi 91AC_SUBST([LD]) 92 93AC_C_INLINE 94 95AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 96AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 97 #include <sys/types.h> 98 #include <sys/param.h> 99 #include <dev/systrace.h> 100]) 101AC_CHECK_DECL([RLIMIT_NPROC], 102 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 103 #include <sys/types.h> 104 #include <sys/resource.h> 105]) 106AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 107 #include <sys/types.h> 108 #include <linux/prctl.h> 109]) 110 111openssl=yes 112ssh1=no 113COMMENT_OUT_RSA1="#no ssh1#" 114AC_ARG_WITH([openssl], 115 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 116 [ if test "x$withval" = "xno" ; then 117 openssl=no 118 ssh1=no 119 fi 120 ] 121) 122AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 123if test "x$openssl" = "xyes" ; then 124 AC_MSG_RESULT([yes]) 125 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 126else 127 AC_MSG_RESULT([no]) 128fi 129 130AC_ARG_WITH([ssh1], 131 [ --with-ssh1 Enable support for SSH protocol 1], 132 [ 133 if test "x$withval" = "xyes" ; then 134 if test "x$openssl" = "xno" ; then 135 AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled]) 136 fi 137 ssh1=yes 138 COMMENT_OUT_RSA1="" 139 elif test "x$withval" = "xno" ; then 140 ssh1=no 141 else 142 AC_MSG_ERROR([unknown --with-ssh1 argument]) 143 fi 144 ] 145) 146AC_MSG_CHECKING([whether SSH protocol 1 support is enabled]) 147if test "x$ssh1" = "xyes" ; then 148 AC_MSG_RESULT([yes]) 149 AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support]) 150 AC_SUBST([COMMENT_OUT_RSA1]) 151else 152 AC_MSG_RESULT([no]) 153fi 154 155use_stack_protector=1 156use_toolchain_hardening=1 157AC_ARG_WITH([stackprotect], 158 [ --without-stackprotect Don't use compiler's stack protection], [ 159 if test "x$withval" = "xno"; then 160 use_stack_protector=0 161 fi ]) 162AC_ARG_WITH([hardening], 163 [ --without-hardening Don't use toolchain hardening flags], [ 164 if test "x$withval" = "xno"; then 165 use_toolchain_hardening=0 166 fi ]) 167 168# We use -Werror for the tests only so that we catch warnings like "this is 169# on by default" for things like -fPIE. 170AC_MSG_CHECKING([if $CC supports -Werror]) 171saved_CFLAGS="$CFLAGS" 172CFLAGS="$CFLAGS -Werror" 173AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 174 [ AC_MSG_RESULT([yes]) 175 WERROR="-Werror"], 176 [ AC_MSG_RESULT([no]) 177 WERROR="" ] 178) 179CFLAGS="$saved_CFLAGS" 180 181if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 182 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 183 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 184 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 185 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 186 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 187 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 188 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 189 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 190 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 191 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 192 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 193 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 194 if test "x$use_toolchain_hardening" = "x1"; then 195 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 196 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 197 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 198 # NB. -ftrapv expects certain support functions to be present in 199 # the compiler library (libgcc or similar) to detect integer operations 200 # that can overflow. We must check that the result of enabling it 201 # actually links. The test program compiled/linked includes a number 202 # of integer operations that should exercise this. 203 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 204 fi 205 AC_MSG_CHECKING([gcc version]) 206 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 207 case $GCC_VER in 208 1.*) no_attrib_nonnull=1 ;; 209 2.8* | 2.9*) 210 no_attrib_nonnull=1 211 ;; 212 2.*) no_attrib_nonnull=1 ;; 213 *) ;; 214 esac 215 AC_MSG_RESULT([$GCC_VER]) 216 217 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 218 saved_CFLAGS="$CFLAGS" 219 CFLAGS="$CFLAGS -fno-builtin-memset" 220 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 221 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 222 [ AC_MSG_RESULT([yes]) ], 223 [ AC_MSG_RESULT([no]) 224 CFLAGS="$saved_CFLAGS" ] 225 ) 226 227 # -fstack-protector-all doesn't always work for some GCC versions 228 # and/or platforms, so we test if we can. If it's not supported 229 # on a given platform gcc will emit a warning so we use -Werror. 230 if test "x$use_stack_protector" = "x1"; then 231 for t in -fstack-protector-strong -fstack-protector-all \ 232 -fstack-protector; do 233 AC_MSG_CHECKING([if $CC supports $t]) 234 saved_CFLAGS="$CFLAGS" 235 saved_LDFLAGS="$LDFLAGS" 236 CFLAGS="$CFLAGS $t -Werror" 237 LDFLAGS="$LDFLAGS $t -Werror" 238 AC_LINK_IFELSE( 239 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 240 [[ 241 char x[256]; 242 snprintf(x, sizeof(x), "XXX"); 243 ]])], 244 [ AC_MSG_RESULT([yes]) 245 CFLAGS="$saved_CFLAGS $t" 246 LDFLAGS="$saved_LDFLAGS $t" 247 AC_MSG_CHECKING([if $t works]) 248 AC_RUN_IFELSE( 249 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 250 [[ 251 char x[256]; 252 snprintf(x, sizeof(x), "XXX"); 253 ]])], 254 [ AC_MSG_RESULT([yes]) 255 break ], 256 [ AC_MSG_RESULT([no]) ], 257 [ AC_MSG_WARN([cross compiling: cannot test]) 258 break ] 259 ) 260 ], 261 [ AC_MSG_RESULT([no]) ] 262 ) 263 CFLAGS="$saved_CFLAGS" 264 LDFLAGS="$saved_LDFLAGS" 265 done 266 fi 267 268 if test -z "$have_llong_max"; then 269 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 270 unset ac_cv_have_decl_LLONG_MAX 271 saved_CFLAGS="$CFLAGS" 272 CFLAGS="$CFLAGS -std=gnu99" 273 AC_CHECK_DECL([LLONG_MAX], 274 [have_llong_max=1], 275 [CFLAGS="$saved_CFLAGS"], 276 [#include <limits.h>] 277 ) 278 fi 279fi 280 281AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 282AC_COMPILE_IFELSE( 283 [AC_LANG_PROGRAM([[ 284#include <stdlib.h> 285__attribute__((__unused__)) static void foo(void){return;}]], 286 [[ exit(0); ]])], 287 [ AC_MSG_RESULT([yes]) ], 288 [ AC_MSG_RESULT([no]) 289 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 290 [compiler does not accept __attribute__ on return types]) ] 291) 292 293if test "x$no_attrib_nonnull" != "x1" ; then 294 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 295fi 296 297AC_ARG_WITH([rpath], 298 [ --without-rpath Disable auto-added -R linker paths], 299 [ 300 if test "x$withval" = "xno" ; then 301 need_dash_r="" 302 fi 303 if test "x$withval" = "xyes" ; then 304 need_dash_r=1 305 fi 306 ] 307) 308 309# Allow user to specify flags 310AC_ARG_WITH([cflags], 311 [ --with-cflags Specify additional flags to pass to compiler], 312 [ 313 if test -n "$withval" && test "x$withval" != "xno" && \ 314 test "x${withval}" != "xyes"; then 315 CFLAGS="$CFLAGS $withval" 316 fi 317 ] 318) 319AC_ARG_WITH([cppflags], 320 [ --with-cppflags Specify additional flags to pass to preprocessor] , 321 [ 322 if test -n "$withval" && test "x$withval" != "xno" && \ 323 test "x${withval}" != "xyes"; then 324 CPPFLAGS="$CPPFLAGS $withval" 325 fi 326 ] 327) 328AC_ARG_WITH([ldflags], 329 [ --with-ldflags Specify additional flags to pass to linker], 330 [ 331 if test -n "$withval" && test "x$withval" != "xno" && \ 332 test "x${withval}" != "xyes"; then 333 LDFLAGS="$LDFLAGS $withval" 334 fi 335 ] 336) 337AC_ARG_WITH([libs], 338 [ --with-libs Specify additional libraries to link with], 339 [ 340 if test -n "$withval" && test "x$withval" != "xno" && \ 341 test "x${withval}" != "xyes"; then 342 LIBS="$LIBS $withval" 343 fi 344 ] 345) 346AC_ARG_WITH([Werror], 347 [ --with-Werror Build main code with -Werror], 348 [ 349 if test -n "$withval" && test "x$withval" != "xno"; then 350 werror_flags="-Werror" 351 if test "x${withval}" != "xyes"; then 352 werror_flags="$withval" 353 fi 354 fi 355 ] 356) 357 358AC_CHECK_HEADERS([ \ 359 blf.h \ 360 bstring.h \ 361 crypt.h \ 362 crypto/sha2.h \ 363 dirent.h \ 364 endian.h \ 365 elf.h \ 366 err.h \ 367 features.h \ 368 fcntl.h \ 369 floatingpoint.h \ 370 getopt.h \ 371 glob.h \ 372 ia.h \ 373 iaf.h \ 374 inttypes.h \ 375 langinfo.h \ 376 limits.h \ 377 locale.h \ 378 login.h \ 379 maillock.h \ 380 ndir.h \ 381 net/if_tun.h \ 382 netdb.h \ 383 netgroup.h \ 384 pam/pam_appl.h \ 385 paths.h \ 386 poll.h \ 387 pty.h \ 388 readpassphrase.h \ 389 rpc/types.h \ 390 security/pam_appl.h \ 391 sha2.h \ 392 shadow.h \ 393 stddef.h \ 394 stdint.h \ 395 string.h \ 396 strings.h \ 397 sys/audit.h \ 398 sys/bitypes.h \ 399 sys/bsdtty.h \ 400 sys/capability.h \ 401 sys/cdefs.h \ 402 sys/dir.h \ 403 sys/mman.h \ 404 sys/ndir.h \ 405 sys/poll.h \ 406 sys/prctl.h \ 407 sys/pstat.h \ 408 sys/ptrace.h \ 409 sys/select.h \ 410 sys/stat.h \ 411 sys/stream.h \ 412 sys/stropts.h \ 413 sys/strtio.h \ 414 sys/statvfs.h \ 415 sys/sysmacros.h \ 416 sys/time.h \ 417 sys/timers.h \ 418 time.h \ 419 tmpdir.h \ 420 ttyent.h \ 421 ucred.h \ 422 unistd.h \ 423 usersec.h \ 424 util.h \ 425 utime.h \ 426 utmp.h \ 427 utmpx.h \ 428 vis.h \ 429 wchar.h \ 430]) 431 432# lastlog.h requires sys/time.h to be included first on Solaris 433AC_CHECK_HEADERS([lastlog.h], [], [], [ 434#ifdef HAVE_SYS_TIME_H 435# include <sys/time.h> 436#endif 437]) 438 439# sys/ptms.h requires sys/stream.h to be included first on Solaris 440AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 441#ifdef HAVE_SYS_STREAM_H 442# include <sys/stream.h> 443#endif 444]) 445 446# login_cap.h requires sys/types.h on NetBSD 447AC_CHECK_HEADERS([login_cap.h], [], [], [ 448#include <sys/types.h> 449]) 450 451# older BSDs need sys/param.h before sys/mount.h 452AC_CHECK_HEADERS([sys/mount.h], [], [], [ 453#include <sys/param.h> 454]) 455 456# Android requires sys/socket.h to be included before sys/un.h 457AC_CHECK_HEADERS([sys/un.h], [], [], [ 458#include <sys/types.h> 459#include <sys/socket.h> 460]) 461 462# Messages for features tested for in target-specific section 463SIA_MSG="no" 464SPC_MSG="no" 465SP_MSG="no" 466SPP_MSG="no" 467 468# Support for Solaris/Illumos privileges (this test is used by both 469# the --with-solaris-privs option and --with-sandbox=solaris). 470SOLARIS_PRIVS="no" 471 472# Check for some target-specific stuff 473case "$host" in 474*-*-aix*) 475 # Some versions of VAC won't allow macro redefinitions at 476 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 477 # particularly with older versions of vac or xlc. 478 # It also throws errors about null macro argments, but these are 479 # not fatal. 480 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 481 AC_COMPILE_IFELSE( 482 [AC_LANG_PROGRAM([[ 483#define testmacro foo 484#define testmacro bar]], 485 [[ exit(0); ]])], 486 [ AC_MSG_RESULT([yes]) ], 487 [ AC_MSG_RESULT([no]) 488 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 489 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`" 490 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 491 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 492 ] 493 ) 494 495 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 496 if (test -z "$blibpath"); then 497 blibpath="/usr/lib:/lib" 498 fi 499 saved_LDFLAGS="$LDFLAGS" 500 if test "$GCC" = "yes"; then 501 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 502 else 503 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 504 fi 505 for tryflags in $flags ;do 506 if (test -z "$blibflags"); then 507 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 508 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 509 [blibflags=$tryflags], []) 510 fi 511 done 512 if (test -z "$blibflags"); then 513 AC_MSG_RESULT([not found]) 514 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 515 else 516 AC_MSG_RESULT([$blibflags]) 517 fi 518 LDFLAGS="$saved_LDFLAGS" 519 dnl Check for authenticate. Might be in libs.a on older AIXes 520 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 521 [Define if you want to enable AIX4's authenticate function])], 522 [AC_CHECK_LIB([s], [authenticate], 523 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 524 LIBS="$LIBS -ls" 525 ]) 526 ]) 527 dnl Check for various auth function declarations in headers. 528 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 529 passwdexpired, setauthdb], , , [#include <usersec.h>]) 530 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 531 AC_CHECK_DECLS([loginfailed], 532 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 533 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 534 [[ (void)loginfailed("user","host","tty",0); ]])], 535 [AC_MSG_RESULT([yes]) 536 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 537 [Define if your AIX loginfailed() function 538 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 539 ])], 540 [], 541 [#include <usersec.h>] 542 ) 543 AC_CHECK_FUNCS([getgrset setauthdb]) 544 AC_CHECK_DECL([F_CLOSEM], 545 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 546 [], 547 [ #include <limits.h> 548 #include <fcntl.h> ] 549 ) 550 check_for_aix_broken_getaddrinfo=1 551 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.]) 552 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 553 [Define if your platform breaks doing a seteuid before a setuid]) 554 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 555 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 556 dnl AIX handles lastlog as part of its login message 557 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 558 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 559 [Some systems need a utmpx entry for /bin/login to work]) 560 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 561 [Define to a Set Process Title type if your system is 562 supported by bsd-setproctitle.c]) 563 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 564 [AIX 5.2 and 5.3 (and presumably newer) require this]) 565 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 566 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 567 ;; 568*-*-android*) 569 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 570 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 571 ;; 572*-*-cygwin*) 573 check_for_libcrypt_later=1 574 LIBS="$LIBS /usr/lib/textreadmode.o" 575 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 576 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 577 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 578 [Define to disable UID restoration test]) 579 AC_DEFINE([DISABLE_SHADOW], [1], 580 [Define if you want to disable shadow passwords]) 581 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 582 [Define if X11 doesn't support AF_UNIX sockets on that system]) 583 AC_DEFINE([DISABLE_FD_PASSING], [1], 584 [Define if your platform needs to skip post auth 585 file descriptor passing]) 586 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 587 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 588 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 589 # reasons which cause compile warnings, so we disable those warnings. 590 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 591 ;; 592*-*-dgux*) 593 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 594 [Define if your system choked on IP TOS setting]) 595 AC_DEFINE([SETEUID_BREAKS_SETUID]) 596 AC_DEFINE([BROKEN_SETREUID]) 597 AC_DEFINE([BROKEN_SETREGID]) 598 ;; 599*-*-darwin*) 600 use_pie=auto 601 AC_MSG_CHECKING([if we have working getaddrinfo]) 602 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h> 603main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 604 exit(0); 605 else 606 exit(1); 607} 608 ]])], 609 [AC_MSG_RESULT([working])], 610 [AC_MSG_RESULT([buggy]) 611 AC_DEFINE([BROKEN_GETADDRINFO], [1], 612 [getaddrinfo is broken (if present)]) 613 ], 614 [AC_MSG_RESULT([assume it is working])]) 615 AC_DEFINE([SETEUID_BREAKS_SETUID]) 616 AC_DEFINE([BROKEN_SETREUID]) 617 AC_DEFINE([BROKEN_SETREGID]) 618 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 619 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 620 [Define if your resolver libs need this for getrrsetbyname]) 621 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 622 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 623 [Use tunnel device compatibility to OpenBSD]) 624 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 625 [Prepend the address family to IP tunnel traffic]) 626 m4_pattern_allow([AU_IPv]) 627 AC_CHECK_DECL([AU_IPv4], [], 628 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 629 [#include <bsm/audit.h>] 630 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 631 [Define if pututxline updates lastlog too]) 632 ) 633 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 634 [Define to a Set Process Title type if your system is 635 supported by bsd-setproctitle.c]) 636 AC_CHECK_FUNCS([sandbox_init]) 637 AC_CHECK_HEADERS([sandbox.h]) 638 AC_CHECK_LIB([sandbox], [sandbox_apply], [ 639 SSHDLIBS="$SSHDLIBS -lsandbox" 640 ]) 641 ;; 642*-*-dragonfly*) 643 SSHDLIBS="$SSHDLIBS -lcrypt" 644 TEST_MALLOC_OPTIONS="AFGJPRX" 645 ;; 646*-*-haiku*) 647 LIBS="$LIBS -lbsd " 648 AC_CHECK_LIB([network], [socket]) 649 AC_DEFINE([HAVE_U_INT64_T]) 650 MANTYPE=man 651 ;; 652*-*-hpux*) 653 # first we define all of the options common to all HP-UX releases 654 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 655 IPADDR_IN_DISPLAY=yes 656 AC_DEFINE([USE_PIPES]) 657 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 658 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 659 [String used in /etc/passwd to denote locked account]) 660 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 661 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 662 maildir="/var/mail" 663 LIBS="$LIBS -lsec" 664 AC_CHECK_LIB([xnet], [t_error], , 665 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 666 667 # next, we define all of the options specific to major releases 668 case "$host" in 669 *-*-hpux10*) 670 if test -z "$GCC"; then 671 CFLAGS="$CFLAGS -Ae" 672 fi 673 ;; 674 *-*-hpux11*) 675 AC_DEFINE([PAM_SUN_CODEBASE], [1], 676 [Define if you are using Solaris-derived PAM which 677 passes pam_messages to the conversation function 678 with an extra level of indirection]) 679 AC_DEFINE([DISABLE_UTMP], [1], 680 [Define if you don't want to use utmp]) 681 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 682 check_for_hpux_broken_getaddrinfo=1 683 check_for_conflicting_getspnam=1 684 ;; 685 esac 686 687 # lastly, we define options specific to minor releases 688 case "$host" in 689 *-*-hpux10.26) 690 AC_DEFINE([HAVE_SECUREWARE], [1], 691 [Define if you have SecureWare-based 692 protected password database]) 693 disable_ptmx_check=yes 694 LIBS="$LIBS -lsecpw" 695 ;; 696 esac 697 ;; 698*-*-irix5*) 699 PATH="$PATH:/usr/etc" 700 AC_DEFINE([BROKEN_INET_NTOA], [1], 701 [Define if you system's inet_ntoa is busted 702 (e.g. Irix gcc issue)]) 703 AC_DEFINE([SETEUID_BREAKS_SETUID]) 704 AC_DEFINE([BROKEN_SETREUID]) 705 AC_DEFINE([BROKEN_SETREGID]) 706 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 707 [Define if you shouldn't strip 'tty' from your 708 ttyname in [uw]tmp]) 709 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 710 ;; 711*-*-irix6*) 712 PATH="$PATH:/usr/etc" 713 AC_DEFINE([WITH_IRIX_ARRAY], [1], 714 [Define if you have/want arrays 715 (cluster-wide session managment, not C arrays)]) 716 AC_DEFINE([WITH_IRIX_PROJECT], [1], 717 [Define if you want IRIX project management]) 718 AC_DEFINE([WITH_IRIX_AUDIT], [1], 719 [Define if you want IRIX audit trails]) 720 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 721 [Define if you want IRIX kernel jobs])]) 722 AC_DEFINE([BROKEN_INET_NTOA]) 723 AC_DEFINE([SETEUID_BREAKS_SETUID]) 724 AC_DEFINE([BROKEN_SETREUID]) 725 AC_DEFINE([BROKEN_SETREGID]) 726 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 727 AC_DEFINE([WITH_ABBREV_NO_TTY]) 728 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 729 ;; 730*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 731 check_for_libcrypt_later=1 732 AC_DEFINE([PAM_TTY_KLUDGE]) 733 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 734 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 735 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 736 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 737 ;; 738*-*-linux*) 739 no_dev_ptmx=1 740 use_pie=auto 741 check_for_libcrypt_later=1 742 check_for_openpty_ctty_bug=1 743 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. 744 dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE 745 CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" 746 AC_DEFINE([PAM_TTY_KLUDGE], [1], 747 [Work around problematic Linux PAM modules handling of PAM_TTY]) 748 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 749 [String used in /etc/passwd to denote locked account]) 750 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 751 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 752 [Define to whatever link() returns for "not supported" 753 if it doesn't return EOPNOTSUPP.]) 754 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 755 AC_DEFINE([USE_BTMP]) 756 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 757 inet6_default_4in6=yes 758 case `uname -r` in 759 1.*|2.0.*) 760 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 761 [Define if cmsg_type is not passed correctly]) 762 ;; 763 esac 764 # tun(4) forwarding compat code 765 AC_CHECK_HEADERS([linux/if_tun.h]) 766 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 767 AC_DEFINE([SSH_TUN_LINUX], [1], 768 [Open tunnel devices the Linux tun/tap way]) 769 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 770 [Use tunnel device compatibility to OpenBSD]) 771 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 772 [Prepend the address family to IP tunnel traffic]) 773 fi 774 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 775 [], [#include <linux/types.h>]) 776 AC_MSG_CHECKING([for seccomp architecture]) 777 seccomp_audit_arch= 778 case "$host" in 779 x86_64-*) 780 seccomp_audit_arch=AUDIT_ARCH_X86_64 781 ;; 782 i*86-*) 783 seccomp_audit_arch=AUDIT_ARCH_I386 784 ;; 785 arm*-*) 786 seccomp_audit_arch=AUDIT_ARCH_ARM 787 ;; 788 aarch64*-*) 789 seccomp_audit_arch=AUDIT_ARCH_AARCH64 790 ;; 791 s390x-*) 792 seccomp_audit_arch=AUDIT_ARCH_S390X 793 ;; 794 s390-*) 795 seccomp_audit_arch=AUDIT_ARCH_S390 796 ;; 797 powerpc64-*) 798 seccomp_audit_arch=AUDIT_ARCH_PPC64 799 ;; 800 powerpc64le-*) 801 seccomp_audit_arch=AUDIT_ARCH_PPC64LE 802 ;; 803 mips-*) 804 seccomp_audit_arch=AUDIT_ARCH_MIPS 805 ;; 806 mipsel-*) 807 seccomp_audit_arch=AUDIT_ARCH_MIPSEL 808 ;; 809 mips64-*) 810 seccomp_audit_arch=AUDIT_ARCH_MIPS64 811 ;; 812 mips64el-*) 813 seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 814 ;; 815 esac 816 if test "x$seccomp_audit_arch" != "x" ; then 817 AC_MSG_RESULT(["$seccomp_audit_arch"]) 818 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 819 [Specify the system call convention in use]) 820 else 821 AC_MSG_RESULT([architecture not supported]) 822 fi 823 ;; 824mips-sony-bsd|mips-sony-newsos4) 825 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 826 SONY=1 827 ;; 828*-*-netbsd*) 829 check_for_libcrypt_before=1 830 if test "x$withval" != "xno" ; then 831 need_dash_r=1 832 fi 833 CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" 834 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 835 AC_CHECK_HEADER([net/if_tap.h], , 836 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 837 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 838 [Prepend the address family to IP tunnel traffic]) 839 TEST_MALLOC_OPTIONS="AJRX" 840 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 841 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 842 ;; 843*-*-freebsd*) 844 check_for_libcrypt_later=1 845 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 846 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 847 AC_CHECK_HEADER([net/if_tap.h], , 848 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 849 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 850 TEST_MALLOC_OPTIONS="AJRX" 851 # Preauth crypto occasionally uses file descriptors for crypto offload 852 # and will crash if they cannot be opened. 853 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 854 [define if setrlimit RLIMIT_NOFILE breaks things]) 855 ;; 856*-*-bsdi*) 857 AC_DEFINE([SETEUID_BREAKS_SETUID]) 858 AC_DEFINE([BROKEN_SETREUID]) 859 AC_DEFINE([BROKEN_SETREGID]) 860 ;; 861*-next-*) 862 conf_lastlog_location="/usr/adm/lastlog" 863 conf_utmp_location=/etc/utmp 864 conf_wtmp_location=/usr/adm/wtmp 865 maildir=/usr/spool/mail 866 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 867 AC_DEFINE([BROKEN_REALPATH]) 868 AC_DEFINE([USE_PIPES]) 869 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 870 ;; 871*-*-openbsd*) 872 use_pie=auto 873 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 874 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 875 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 876 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 877 [syslog_r function is safe to use in in a signal handler]) 878 TEST_MALLOC_OPTIONS="AFGJPRX" 879 ;; 880*-*-solaris*) 881 if test "x$withval" != "xno" ; then 882 need_dash_r=1 883 fi 884 AC_DEFINE([PAM_SUN_CODEBASE]) 885 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 886 AC_DEFINE([PAM_TTY_KLUDGE]) 887 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 888 [Define if pam_chauthtok wants real uid set 889 to the unpriv'ed user]) 890 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 891 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 892 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 893 [Define if sshd somehow reacquires a controlling TTY 894 after setsid()]) 895 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 896 in case the name is longer than 8 chars]) 897 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 898 external_path_file=/etc/default/login 899 # hardwire lastlog location (can't detect it on some versions) 900 conf_lastlog_location="/var/adm/lastlog" 901 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 902 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 903 if test "$sol2ver" -ge 8; then 904 AC_MSG_RESULT([yes]) 905 AC_DEFINE([DISABLE_UTMP]) 906 AC_DEFINE([DISABLE_WTMP], [1], 907 [Define if you don't want to use wtmp]) 908 else 909 AC_MSG_RESULT([no]) 910 fi 911 AC_CHECK_FUNCS([setpflags]) 912 AC_CHECK_FUNCS([setppriv]) 913 AC_CHECK_FUNCS([priv_basicset]) 914 AC_CHECK_HEADERS([priv.h]) 915 AC_ARG_WITH([solaris-contracts], 916 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 917 [ 918 AC_CHECK_LIB([contract], [ct_tmpl_activate], 919 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 920 [Define if you have Solaris process contracts]) 921 LIBS="$LIBS -lcontract" 922 SPC_MSG="yes" ], ) 923 ], 924 ) 925 AC_ARG_WITH([solaris-projects], 926 [ --with-solaris-projects Enable Solaris projects (experimental)], 927 [ 928 AC_CHECK_LIB([project], [setproject], 929 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 930 [Define if you have Solaris projects]) 931 LIBS="$LIBS -lproject" 932 SP_MSG="yes" ], ) 933 ], 934 ) 935 AC_ARG_WITH([solaris-privs], 936 [ --with-solaris-privs Enable Solaris/Illumos privileges (experimental)], 937 [ 938 AC_MSG_CHECKING([for Solaris/Illumos privilege support]) 939 if test "x$ac_cv_func_setppriv" = "xyes" -a \ 940 "x$ac_cv_header_priv_h" = "xyes" ; then 941 SOLARIS_PRIVS=yes 942 AC_MSG_RESULT([found]) 943 AC_DEFINE([NO_UID_RESTORATION_TEST], [1], 944 [Define to disable UID restoration test]) 945 AC_DEFINE([USE_SOLARIS_PRIVS], [1], 946 [Define if you have Solaris privileges]) 947 SPP_MSG="yes" 948 else 949 AC_MSG_RESULT([not found]) 950 AC_MSG_ERROR([*** must have support for Solaris privileges to use --with-solaris-privs]) 951 fi 952 ], 953 ) 954 TEST_SHELL=$SHELL # let configure find us a capable shell 955 ;; 956*-*-sunos4*) 957 CPPFLAGS="$CPPFLAGS -DSUNOS4" 958 AC_CHECK_FUNCS([getpwanam]) 959 AC_DEFINE([PAM_SUN_CODEBASE]) 960 conf_utmp_location=/etc/utmp 961 conf_wtmp_location=/var/adm/wtmp 962 conf_lastlog_location=/var/adm/lastlog 963 AC_DEFINE([USE_PIPES]) 964 ;; 965*-ncr-sysv*) 966 LIBS="$LIBS -lc89" 967 AC_DEFINE([USE_PIPES]) 968 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 969 AC_DEFINE([SETEUID_BREAKS_SETUID]) 970 AC_DEFINE([BROKEN_SETREUID]) 971 AC_DEFINE([BROKEN_SETREGID]) 972 ;; 973*-sni-sysv*) 974 # /usr/ucblib MUST NOT be searched on ReliantUNIX 975 AC_CHECK_LIB([dl], [dlsym], ,) 976 # -lresolv needs to be at the end of LIBS or DNS lookups break 977 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 978 IPADDR_IN_DISPLAY=yes 979 AC_DEFINE([USE_PIPES]) 980 AC_DEFINE([IP_TOS_IS_BROKEN]) 981 AC_DEFINE([SETEUID_BREAKS_SETUID]) 982 AC_DEFINE([BROKEN_SETREUID]) 983 AC_DEFINE([BROKEN_SETREGID]) 984 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 985 external_path_file=/etc/default/login 986 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 987 # Attention: always take care to bind libsocket and libnsl before libc, 988 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 989 ;; 990# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 991*-*-sysv4.2*) 992 AC_DEFINE([USE_PIPES]) 993 AC_DEFINE([SETEUID_BREAKS_SETUID]) 994 AC_DEFINE([BROKEN_SETREUID]) 995 AC_DEFINE([BROKEN_SETREGID]) 996 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 997 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 998 TEST_SHELL=$SHELL # let configure find us a capable shell 999 ;; 1000# UnixWare 7.x, OpenUNIX 8 1001*-*-sysv5*) 1002 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 1003 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 1004 AC_DEFINE([USE_PIPES]) 1005 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1006 AC_DEFINE([BROKEN_GETADDRINFO]) 1007 AC_DEFINE([BROKEN_SETREUID]) 1008 AC_DEFINE([BROKEN_SETREGID]) 1009 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1010 TEST_SHELL=$SHELL # let configure find us a capable shell 1011 case "$host" in 1012 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 1013 maildir=/var/spool/mail 1014 AC_DEFINE([BROKEN_LIBIAF], [1], 1015 [ia_uinfo routines not supported by OS yet]) 1016 AC_DEFINE([BROKEN_UPDWTMPX]) 1017 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 1018 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 1019 AC_DEFINE([HAVE_SECUREWARE]) 1020 AC_DEFINE([DISABLE_SHADOW]) 1021 ], , ) 1022 ;; 1023 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 1024 check_for_libcrypt_later=1 1025 ;; 1026 esac 1027 ;; 1028*-*-sysv*) 1029 ;; 1030# SCO UNIX and OEM versions of SCO UNIX 1031*-*-sco3.2v4*) 1032 AC_MSG_ERROR("This Platform is no longer supported.") 1033 ;; 1034# SCO OpenServer 5.x 1035*-*-sco3.2v5*) 1036 if test -z "$GCC"; then 1037 CFLAGS="$CFLAGS -belf" 1038 fi 1039 LIBS="$LIBS -lprot -lx -ltinfo -lm" 1040 no_dev_ptmx=1 1041 AC_DEFINE([USE_PIPES]) 1042 AC_DEFINE([HAVE_SECUREWARE]) 1043 AC_DEFINE([DISABLE_SHADOW]) 1044 AC_DEFINE([DISABLE_FD_PASSING]) 1045 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1046 AC_DEFINE([BROKEN_GETADDRINFO]) 1047 AC_DEFINE([BROKEN_SETREUID]) 1048 AC_DEFINE([BROKEN_SETREGID]) 1049 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1050 AC_DEFINE([BROKEN_UPDWTMPX]) 1051 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1052 AC_CHECK_FUNCS([getluid setluid]) 1053 MANTYPE=man 1054 TEST_SHELL=$SHELL # let configure find us a capable shell 1055 SKIP_DISABLE_LASTLOG_DEFINE=yes 1056 ;; 1057*-*-unicosmk*) 1058 AC_DEFINE([NO_SSH_LASTLOG], [1], 1059 [Define if you don't want to use lastlog in session.c]) 1060 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1061 AC_DEFINE([BROKEN_SETREUID]) 1062 AC_DEFINE([BROKEN_SETREGID]) 1063 AC_DEFINE([USE_PIPES]) 1064 AC_DEFINE([DISABLE_FD_PASSING]) 1065 LDFLAGS="$LDFLAGS" 1066 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" 1067 MANTYPE=cat 1068 ;; 1069*-*-unicosmp*) 1070 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1071 AC_DEFINE([BROKEN_SETREUID]) 1072 AC_DEFINE([BROKEN_SETREGID]) 1073 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1074 AC_DEFINE([USE_PIPES]) 1075 AC_DEFINE([DISABLE_FD_PASSING]) 1076 LDFLAGS="$LDFLAGS" 1077 LIBS="$LIBS -lgen -lacid -ldb" 1078 MANTYPE=cat 1079 ;; 1080*-*-unicos*) 1081 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1082 AC_DEFINE([BROKEN_SETREUID]) 1083 AC_DEFINE([BROKEN_SETREGID]) 1084 AC_DEFINE([USE_PIPES]) 1085 AC_DEFINE([DISABLE_FD_PASSING]) 1086 AC_DEFINE([NO_SSH_LASTLOG]) 1087 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" 1088 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" 1089 MANTYPE=cat 1090 ;; 1091*-dec-osf*) 1092 AC_MSG_CHECKING([for Digital Unix SIA]) 1093 no_osfsia="" 1094 AC_ARG_WITH([osfsia], 1095 [ --with-osfsia Enable Digital Unix SIA], 1096 [ 1097 if test "x$withval" = "xno" ; then 1098 AC_MSG_RESULT([disabled]) 1099 no_osfsia=1 1100 fi 1101 ], 1102 ) 1103 if test -z "$no_osfsia" ; then 1104 if test -f /etc/sia/matrix.conf; then 1105 AC_MSG_RESULT([yes]) 1106 AC_DEFINE([HAVE_OSF_SIA], [1], 1107 [Define if you have Digital Unix Security 1108 Integration Architecture]) 1109 AC_DEFINE([DISABLE_LOGIN], [1], 1110 [Define if you don't want to use your 1111 system's login() call]) 1112 AC_DEFINE([DISABLE_FD_PASSING]) 1113 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1114 SIA_MSG="yes" 1115 else 1116 AC_MSG_RESULT([no]) 1117 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1118 [String used in /etc/passwd to denote locked account]) 1119 fi 1120 fi 1121 AC_DEFINE([BROKEN_GETADDRINFO]) 1122 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1123 AC_DEFINE([BROKEN_SETREUID]) 1124 AC_DEFINE([BROKEN_SETREGID]) 1125 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1126 ;; 1127 1128*-*-nto-qnx*) 1129 AC_DEFINE([USE_PIPES]) 1130 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1131 AC_DEFINE([DISABLE_LASTLOG]) 1132 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1133 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1134 enable_etc_default_login=no # has incompatible /etc/default/login 1135 case "$host" in 1136 *-*-nto-qnx6*) 1137 AC_DEFINE([DISABLE_FD_PASSING]) 1138 ;; 1139 esac 1140 ;; 1141 1142*-*-ultrix*) 1143 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1144 AC_DEFINE([NEED_SETPGRP]) 1145 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1146 ;; 1147 1148*-*-lynxos) 1149 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1150 AC_DEFINE([BROKEN_SETVBUF], [1], 1151 [LynxOS has broken setvbuf() implementation]) 1152 ;; 1153esac 1154 1155AC_MSG_CHECKING([compiler and flags for sanity]) 1156AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], 1157 [ AC_MSG_RESULT([yes]) ], 1158 [ 1159 AC_MSG_RESULT([no]) 1160 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1161 ], 1162 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1163) 1164 1165dnl Checks for header files. 1166# Checks for libraries. 1167AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1168 1169dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1170AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1171 AC_CHECK_LIB([gen], [dirname], [ 1172 AC_CACHE_CHECK([for broken dirname], 1173 ac_cv_have_broken_dirname, [ 1174 save_LIBS="$LIBS" 1175 LIBS="$LIBS -lgen" 1176 AC_RUN_IFELSE( 1177 [AC_LANG_SOURCE([[ 1178#include <libgen.h> 1179#include <string.h> 1180 1181int main(int argc, char **argv) { 1182 char *s, buf[32]; 1183 1184 strncpy(buf,"/etc", 32); 1185 s = dirname(buf); 1186 if (!s || strncmp(s, "/", 32) != 0) { 1187 exit(1); 1188 } else { 1189 exit(0); 1190 } 1191} 1192 ]])], 1193 [ ac_cv_have_broken_dirname="no" ], 1194 [ ac_cv_have_broken_dirname="yes" ], 1195 [ ac_cv_have_broken_dirname="no" ], 1196 ) 1197 LIBS="$save_LIBS" 1198 ]) 1199 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1200 LIBS="$LIBS -lgen" 1201 AC_DEFINE([HAVE_DIRNAME]) 1202 AC_CHECK_HEADERS([libgen.h]) 1203 fi 1204 ]) 1205]) 1206 1207AC_CHECK_FUNC([getspnam], , 1208 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1209AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1210 [Define if you have the basename function.])]) 1211 1212dnl zlib is required 1213AC_ARG_WITH([zlib], 1214 [ --with-zlib=PATH Use zlib in PATH], 1215 [ if test "x$withval" = "xno" ; then 1216 AC_MSG_ERROR([*** zlib is required ***]) 1217 elif test "x$withval" != "xyes"; then 1218 if test -d "$withval/lib"; then 1219 if test -n "${need_dash_r}"; then 1220 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1221 else 1222 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1223 fi 1224 else 1225 if test -n "${need_dash_r}"; then 1226 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1227 else 1228 LDFLAGS="-L${withval} ${LDFLAGS}" 1229 fi 1230 fi 1231 if test -d "$withval/include"; then 1232 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1233 else 1234 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1235 fi 1236 fi ] 1237) 1238 1239AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1240AC_CHECK_LIB([z], [deflate], , 1241 [ 1242 saved_CPPFLAGS="$CPPFLAGS" 1243 saved_LDFLAGS="$LDFLAGS" 1244 save_LIBS="$LIBS" 1245 dnl Check default zlib install dir 1246 if test -n "${need_dash_r}"; then 1247 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}" 1248 else 1249 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1250 fi 1251 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1252 LIBS="$LIBS -lz" 1253 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1254 [ 1255 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1256 ] 1257 ) 1258 ] 1259) 1260 1261AC_ARG_WITH([zlib-version-check], 1262 [ --without-zlib-version-check Disable zlib version check], 1263 [ if test "x$withval" = "xno" ; then 1264 zlib_check_nonfatal=1 1265 fi 1266 ] 1267) 1268 1269AC_MSG_CHECKING([for possibly buggy zlib]) 1270AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1271#include <stdio.h> 1272#include <stdlib.h> 1273#include <zlib.h> 1274 ]], 1275 [[ 1276 int a=0, b=0, c=0, d=0, n, v; 1277 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1278 if (n != 3 && n != 4) 1279 exit(1); 1280 v = a*1000000 + b*10000 + c*100 + d; 1281 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1282 1283 /* 1.1.4 is OK */ 1284 if (a == 1 && b == 1 && c >= 4) 1285 exit(0); 1286 1287 /* 1.2.3 and up are OK */ 1288 if (v >= 1020300) 1289 exit(0); 1290 1291 exit(2); 1292 ]])], 1293 AC_MSG_RESULT([no]), 1294 [ AC_MSG_RESULT([yes]) 1295 if test -z "$zlib_check_nonfatal" ; then 1296 AC_MSG_ERROR([*** zlib too old - check config.log *** 1297Your reported zlib version has known security problems. It's possible your 1298vendor has fixed these problems without changing the version number. If you 1299are sure this is the case, you can disable the check by running 1300"./configure --without-zlib-version-check". 1301If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1302See http://www.gzip.org/zlib/ for details.]) 1303 else 1304 AC_MSG_WARN([zlib version may have security problems]) 1305 fi 1306 ], 1307 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1308) 1309 1310dnl UnixWare 2.x 1311AC_CHECK_FUNC([strcasecmp], 1312 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1313) 1314AC_CHECK_FUNCS([utimes], 1315 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1316 LIBS="$LIBS -lc89"]) ] 1317) 1318 1319dnl Checks for libutil functions 1320AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1321AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1322AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1323AC_SEARCH_LIBS([login], [util bsd]) 1324AC_SEARCH_LIBS([logout], [util bsd]) 1325AC_SEARCH_LIBS([logwtmp], [util bsd]) 1326AC_SEARCH_LIBS([openpty], [util bsd]) 1327AC_SEARCH_LIBS([updwtmp], [util bsd]) 1328AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1329 1330# On some platforms, inet_ntop and gethostbyname may be found in libresolv 1331# or libnsl. 1332AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1333AC_SEARCH_LIBS([gethostbyname], [resolv nsl]) 1334 1335AC_FUNC_STRFTIME 1336 1337# Check for ALTDIRFUNC glob() extension 1338AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1339AC_EGREP_CPP([FOUNDIT], 1340 [ 1341 #include <glob.h> 1342 #ifdef GLOB_ALTDIRFUNC 1343 FOUNDIT 1344 #endif 1345 ], 1346 [ 1347 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1348 [Define if your system glob() function has 1349 the GLOB_ALTDIRFUNC extension]) 1350 AC_MSG_RESULT([yes]) 1351 ], 1352 [ 1353 AC_MSG_RESULT([no]) 1354 ] 1355) 1356 1357# Check for g.gl_matchc glob() extension 1358AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1359AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1360 [[ glob_t g; g.gl_matchc = 1; ]])], 1361 [ 1362 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1363 [Define if your system glob() function has 1364 gl_matchc options in glob_t]) 1365 AC_MSG_RESULT([yes]) 1366 ], [ 1367 AC_MSG_RESULT([no]) 1368]) 1369 1370# Check for g.gl_statv glob() extension 1371AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1372AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1373#ifndef GLOB_KEEPSTAT 1374#error "glob does not support GLOB_KEEPSTAT extension" 1375#endif 1376glob_t g; 1377g.gl_statv = NULL; 1378]])], 1379 [ 1380 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1381 [Define if your system glob() function has 1382 gl_statv options in glob_t]) 1383 AC_MSG_RESULT([yes]) 1384 ], [ 1385 AC_MSG_RESULT([no]) 1386 1387]) 1388 1389AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1390 1391AC_CHECK_DECL([VIS_ALL], , 1392 AC_DEFINE(BROKEN_STRNVIS, 1, [missing VIS_ALL]), [#include <vis.h>]) 1393 1394AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1395AC_RUN_IFELSE( 1396 [AC_LANG_PROGRAM([[ 1397#include <sys/types.h> 1398#include <dirent.h>]], 1399 [[ 1400 struct dirent d; 1401 exit(sizeof(d.d_name)<=sizeof(char)); 1402 ]])], 1403 [AC_MSG_RESULT([yes])], 1404 [ 1405 AC_MSG_RESULT([no]) 1406 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1407 [Define if your struct dirent expects you to 1408 allocate extra space for d_name]) 1409 ], 1410 [ 1411 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1412 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1413 ] 1414) 1415 1416AC_MSG_CHECKING([for /proc/pid/fd directory]) 1417if test -d "/proc/$$/fd" ; then 1418 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1419 AC_MSG_RESULT([yes]) 1420else 1421 AC_MSG_RESULT([no]) 1422fi 1423 1424# Check whether user wants S/Key support 1425SKEY_MSG="no" 1426AC_ARG_WITH([skey], 1427 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)], 1428 [ 1429 if test "x$withval" != "xno" ; then 1430 1431 if test "x$withval" != "xyes" ; then 1432 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1433 LDFLAGS="$LDFLAGS -L${withval}/lib" 1434 fi 1435 1436 AC_DEFINE([SKEY], [1], [Define if you want S/Key support]) 1437 LIBS="-lskey $LIBS" 1438 SKEY_MSG="yes" 1439 1440 AC_MSG_CHECKING([for s/key support]) 1441 AC_LINK_IFELSE( 1442 [AC_LANG_PROGRAM([[ 1443#include <stdio.h> 1444#include <skey.h> 1445 ]], [[ 1446 char *ff = skey_keyinfo(""); ff=""; 1447 exit(0); 1448 ]])], 1449 [AC_MSG_RESULT([yes])], 1450 [ 1451 AC_MSG_RESULT([no]) 1452 AC_MSG_ERROR([** Incomplete or missing s/key libraries.]) 1453 ]) 1454 AC_MSG_CHECKING([if skeychallenge takes 4 arguments]) 1455 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1456#include <stdio.h> 1457#include <skey.h> 1458 ]], [[ 1459 (void)skeychallenge(NULL,"name","",0); 1460 ]])], 1461 [ 1462 AC_MSG_RESULT([yes]) 1463 AC_DEFINE([SKEYCHALLENGE_4ARG], [1], 1464 [Define if your skeychallenge() 1465 function takes 4 arguments (NetBSD)])], 1466 [ 1467 AC_MSG_RESULT([no]) 1468 ]) 1469 fi 1470 ] 1471) 1472 1473# Check whether user wants to use ldns 1474LDNS_MSG="no" 1475AC_ARG_WITH(ldns, 1476 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1477 [ 1478 ldns="" 1479 if test "x$withval" = "xyes" ; then 1480 AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) 1481 if test "x$PKGCONFIG" = "xno"; then 1482 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1483 LDFLAGS="$LDFLAGS -L${withval}/lib" 1484 LIBS="-lldns $LIBS" 1485 ldns=yes 1486 else 1487 LIBS="$LIBS `$LDNSCONFIG --libs`" 1488 CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`" 1489 fi 1490 elif test "x$withval" != "xno" ; then 1491 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1492 LDFLAGS="$LDFLAGS -L${withval}/lib" 1493 LIBS="-lldns $LIBS" 1494 ldns=yes 1495 fi 1496 1497 # Verify that it works. 1498 if test "x$ldns" = "xyes" ; then 1499 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1500 LDNS_MSG="yes" 1501 AC_MSG_CHECKING([for ldns support]) 1502 AC_LINK_IFELSE( 1503 [AC_LANG_SOURCE([[ 1504#include <stdio.h> 1505#include <stdlib.h> 1506#include <stdint.h> 1507#include <ldns/ldns.h> 1508int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1509 ]]) 1510 ], 1511 [AC_MSG_RESULT(yes)], 1512 [ 1513 AC_MSG_RESULT(no) 1514 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1515 ]) 1516 fi 1517]) 1518 1519# Check whether user wants libedit support 1520LIBEDIT_MSG="no" 1521AC_ARG_WITH([libedit], 1522 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1523 [ if test "x$withval" != "xno" ; then 1524 if test "x$withval" = "xyes" ; then 1525 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1526 if test "x$PKGCONFIG" != "xno"; then 1527 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1528 if "$PKGCONFIG" libedit; then 1529 AC_MSG_RESULT([yes]) 1530 use_pkgconfig_for_libedit=yes 1531 else 1532 AC_MSG_RESULT([no]) 1533 fi 1534 fi 1535 else 1536 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1537 if test -n "${need_dash_r}"; then 1538 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1539 else 1540 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1541 fi 1542 fi 1543 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1544 LIBEDIT=`$PKGCONFIG --libs libedit` 1545 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1546 else 1547 LIBEDIT="-ledit -lcurses" 1548 fi 1549 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1550 AC_CHECK_LIB([edit], [el_init], 1551 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1552 LIBEDIT_MSG="yes" 1553 AC_SUBST([LIBEDIT]) 1554 ], 1555 [ AC_MSG_ERROR([libedit not found]) ], 1556 [ $OTHERLIBS ] 1557 ) 1558 AC_MSG_CHECKING([if libedit version is compatible]) 1559 AC_COMPILE_IFELSE( 1560 [AC_LANG_PROGRAM([[ #include <histedit.h> ]], 1561 [[ 1562 int i = H_SETSIZE; 1563 el_init("", NULL, NULL, NULL); 1564 exit(0); 1565 ]])], 1566 [ AC_MSG_RESULT([yes]) ], 1567 [ AC_MSG_RESULT([no]) 1568 AC_MSG_ERROR([libedit version is not compatible]) ] 1569 ) 1570 fi ] 1571) 1572 1573AUDIT_MODULE=none 1574AC_ARG_WITH([audit], 1575 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1576 [ 1577 AC_MSG_CHECKING([for supported audit module]) 1578 case "$withval" in 1579 bsm) 1580 AC_MSG_RESULT([bsm]) 1581 AUDIT_MODULE=bsm 1582 dnl Checks for headers, libs and functions 1583 AC_CHECK_HEADERS([bsm/audit.h], [], 1584 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1585 [ 1586#ifdef HAVE_TIME_H 1587# include <time.h> 1588#endif 1589 ] 1590) 1591 AC_CHECK_LIB([bsm], [getaudit], [], 1592 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1593 AC_CHECK_FUNCS([getaudit], [], 1594 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1595 # These are optional 1596 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1597 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1598 if test "$sol2ver" -ge 11; then 1599 SSHDLIBS="$SSHDLIBS -lscf" 1600 AC_DEFINE([BROKEN_BSM_API], [1], 1601 [The system has incomplete BSM API]) 1602 fi 1603 ;; 1604 linux) 1605 AC_MSG_RESULT([linux]) 1606 AUDIT_MODULE=linux 1607 dnl Checks for headers, libs and functions 1608 AC_CHECK_HEADERS([libaudit.h]) 1609 SSHDLIBS="$SSHDLIBS -laudit" 1610 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1611 ;; 1612 debug) 1613 AUDIT_MODULE=debug 1614 AC_MSG_RESULT([debug]) 1615 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1616 ;; 1617 no) 1618 AC_MSG_RESULT([no]) 1619 ;; 1620 *) 1621 AC_MSG_ERROR([Unknown audit module $withval]) 1622 ;; 1623 esac ] 1624) 1625 1626AC_ARG_WITH([pie], 1627 [ --with-pie Build Position Independent Executables if possible], [ 1628 if test "x$withval" = "xno"; then 1629 use_pie=no 1630 fi 1631 if test "x$withval" = "xyes"; then 1632 use_pie=yes 1633 fi 1634 ] 1635) 1636if test "x$use_pie" = "x"; then 1637 use_pie=no 1638fi 1639if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1640 # Turn off automatic PIE when toolchain hardening is off. 1641 use_pie=no 1642fi 1643if test "x$use_pie" = "xauto"; then 1644 # Automatic PIE requires gcc >= 4.x 1645 AC_MSG_CHECKING([for gcc >= 4.x]) 1646 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1647#if !defined(__GNUC__) || __GNUC__ < 4 1648#error gcc is too old 1649#endif 1650]])], 1651 [ AC_MSG_RESULT([yes]) ], 1652 [ AC_MSG_RESULT([no]) 1653 use_pie=no ] 1654) 1655fi 1656if test "x$use_pie" != "xno"; then 1657 SAVED_CFLAGS="$CFLAGS" 1658 SAVED_LDFLAGS="$LDFLAGS" 1659 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1660 OSSH_CHECK_LDFLAG_LINK([-pie]) 1661 # We use both -fPIE and -pie or neither. 1662 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1663 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1664 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1665 AC_MSG_RESULT([yes]) 1666 else 1667 AC_MSG_RESULT([no]) 1668 CFLAGS="$SAVED_CFLAGS" 1669 LDFLAGS="$SAVED_LDFLAGS" 1670 fi 1671fi 1672 1673dnl Checks for library functions. Please keep in alphabetical order 1674AC_CHECK_FUNCS([ \ 1675 Blowfish_initstate \ 1676 Blowfish_expandstate \ 1677 Blowfish_expand0state \ 1678 Blowfish_stream2word \ 1679 asprintf \ 1680 b64_ntop \ 1681 __b64_ntop \ 1682 b64_pton \ 1683 __b64_pton \ 1684 bcopy \ 1685 bcrypt_pbkdf \ 1686 bindresvport_sa \ 1687 blf_enc \ 1688 cap_rights_limit \ 1689 clock \ 1690 closefrom \ 1691 dirfd \ 1692 endgrent \ 1693 err \ 1694 errx \ 1695 explicit_bzero \ 1696 fchmod \ 1697 fchown \ 1698 freeaddrinfo \ 1699 fstatfs \ 1700 fstatvfs \ 1701 futimes \ 1702 getaddrinfo \ 1703 getcwd \ 1704 getgrouplist \ 1705 getnameinfo \ 1706 getopt \ 1707 getpeereid \ 1708 getpeerucred \ 1709 getpgid \ 1710 getpgrp \ 1711 _getpty \ 1712 getrlimit \ 1713 getttyent \ 1714 glob \ 1715 group_from_gid \ 1716 inet_aton \ 1717 inet_ntoa \ 1718 inet_ntop \ 1719 innetgr \ 1720 llabs \ 1721 login_getcapbool \ 1722 md5_crypt \ 1723 memmove \ 1724 memset_s \ 1725 mkdtemp \ 1726 ngetaddrinfo \ 1727 nsleep \ 1728 ogetaddrinfo \ 1729 openlog_r \ 1730 pledge \ 1731 poll \ 1732 prctl \ 1733 pstat \ 1734 readpassphrase \ 1735 reallocarray \ 1736 recvmsg \ 1737 rresvport_af \ 1738 sendmsg \ 1739 setdtablesize \ 1740 setegid \ 1741 setenv \ 1742 seteuid \ 1743 setgroupent \ 1744 setgroups \ 1745 setlinebuf \ 1746 setlogin \ 1747 setpassent\ 1748 setpcred \ 1749 setproctitle \ 1750 setregid \ 1751 setreuid \ 1752 setrlimit \ 1753 setsid \ 1754 setvbuf \ 1755 sigaction \ 1756 sigvec \ 1757 snprintf \ 1758 socketpair \ 1759 statfs \ 1760 statvfs \ 1761 strcasestr \ 1762 strdup \ 1763 strerror \ 1764 strlcat \ 1765 strlcpy \ 1766 strmode \ 1767 strnlen \ 1768 strnvis \ 1769 strptime \ 1770 strtonum \ 1771 strtoll \ 1772 strtoul \ 1773 strtoull \ 1774 swap32 \ 1775 sysconf \ 1776 tcgetpgrp \ 1777 timingsafe_bcmp \ 1778 truncate \ 1779 unsetenv \ 1780 updwtmpx \ 1781 user_from_uid \ 1782 usleep \ 1783 vasprintf \ 1784 vsnprintf \ 1785 waitpid \ 1786 warn \ 1787]) 1788 1789dnl Wide character support. 1790AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) 1791 1792TEST_SSH_UTF8=${TEST_SSH_UTF8:=yes} 1793AC_MSG_CHECKING([for utf8 locale support]) 1794AC_RUN_IFELSE( 1795 [AC_LANG_PROGRAM([[ 1796#include <locale.h> 1797#include <stdlib.h> 1798 ]], [[ 1799 char *loc = setlocale(LC_CTYPE, "en_US.UTF-8"); 1800 if (loc != NULL) 1801 exit(0); 1802 exit(1); 1803 ]])], 1804 AC_MSG_RESULT(yes), 1805 [AC_MSG_RESULT(no) 1806 TEST_SSH_UTF8=no], 1807 AC_MSG_WARN([cross compiling: assuming yes]) 1808) 1809 1810AC_LINK_IFELSE( 1811 [AC_LANG_PROGRAM( 1812 [[ #include <ctype.h> ]], 1813 [[ return (isblank('a')); ]])], 1814 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1815]) 1816 1817disable_pkcs11= 1818AC_ARG_ENABLE([pkcs11], 1819 [ --disable-pkcs11 disable PKCS#11 support code [no]], 1820 [ 1821 if test "x$enableval" = "xno" ; then 1822 disable_pkcs11=1 1823 fi 1824 ] 1825) 1826 1827# PKCS11 depends on OpenSSL. 1828if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then 1829 # PKCS#11 support requires dlopen() and co 1830 AC_SEARCH_LIBS([dlopen], [dl], 1831 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])] 1832 ) 1833fi 1834 1835# IRIX has a const char return value for gai_strerror() 1836AC_CHECK_FUNCS([gai_strerror], [ 1837 AC_DEFINE([HAVE_GAI_STRERROR]) 1838 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1839#include <sys/types.h> 1840#include <sys/socket.h> 1841#include <netdb.h> 1842 1843const char *gai_strerror(int); 1844 ]], [[ 1845 char *str; 1846 str = gai_strerror(0); 1847 ]])], [ 1848 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1849 [Define if gai_strerror() returns const char *])], [])]) 1850 1851AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1852 [Some systems put nanosleep outside of libc])]) 1853 1854AC_SEARCH_LIBS([clock_gettime], [rt], 1855 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1856 1857dnl Make sure prototypes are defined for these before using them. 1858AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])]) 1859AC_CHECK_DECL([strsep], 1860 [AC_CHECK_FUNCS([strsep])], 1861 [], 1862 [ 1863#ifdef HAVE_STRING_H 1864# include <string.h> 1865#endif 1866 ]) 1867 1868dnl tcsendbreak might be a macro 1869AC_CHECK_DECL([tcsendbreak], 1870 [AC_DEFINE([HAVE_TCSENDBREAK])], 1871 [AC_CHECK_FUNCS([tcsendbreak])], 1872 [#include <termios.h>] 1873) 1874 1875AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 1876 1877AC_CHECK_DECLS([SHUT_RD], , , 1878 [ 1879#include <sys/types.h> 1880#include <sys/socket.h> 1881 ]) 1882 1883AC_CHECK_DECLS([O_NONBLOCK], , , 1884 [ 1885#include <sys/types.h> 1886#ifdef HAVE_SYS_STAT_H 1887# include <sys/stat.h> 1888#endif 1889#ifdef HAVE_FCNTL_H 1890# include <fcntl.h> 1891#endif 1892 ]) 1893 1894AC_CHECK_DECLS([writev], , , [ 1895#include <sys/types.h> 1896#include <sys/uio.h> 1897#include <unistd.h> 1898 ]) 1899 1900AC_CHECK_DECLS([MAXSYMLINKS], , , [ 1901#include <sys/param.h> 1902 ]) 1903 1904AC_CHECK_DECLS([offsetof], , , [ 1905#include <stddef.h> 1906 ]) 1907 1908# extra bits for select(2) 1909AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 1910#include <sys/param.h> 1911#include <sys/types.h> 1912#ifdef HAVE_SYS_SYSMACROS_H 1913#include <sys/sysmacros.h> 1914#endif 1915#ifdef HAVE_SYS_SELECT_H 1916#include <sys/select.h> 1917#endif 1918#ifdef HAVE_SYS_TIME_H 1919#include <sys/time.h> 1920#endif 1921#ifdef HAVE_UNISTD_H 1922#include <unistd.h> 1923#endif 1924 ]]) 1925AC_CHECK_TYPES([fd_mask], [], [], [[ 1926#include <sys/param.h> 1927#include <sys/types.h> 1928#ifdef HAVE_SYS_SELECT_H 1929#include <sys/select.h> 1930#endif 1931#ifdef HAVE_SYS_TIME_H 1932#include <sys/time.h> 1933#endif 1934#ifdef HAVE_UNISTD_H 1935#include <unistd.h> 1936#endif 1937 ]]) 1938 1939AC_CHECK_FUNCS([setresuid], [ 1940 dnl Some platorms have setresuid that isn't implemented, test for this 1941 AC_MSG_CHECKING([if setresuid seems to work]) 1942 AC_RUN_IFELSE( 1943 [AC_LANG_PROGRAM([[ 1944#include <stdlib.h> 1945#include <errno.h> 1946 ]], [[ 1947 errno=0; 1948 setresuid(0,0,0); 1949 if (errno==ENOSYS) 1950 exit(1); 1951 else 1952 exit(0); 1953 ]])], 1954 [AC_MSG_RESULT([yes])], 1955 [AC_DEFINE([BROKEN_SETRESUID], [1], 1956 [Define if your setresuid() is broken]) 1957 AC_MSG_RESULT([not implemented])], 1958 [AC_MSG_WARN([cross compiling: not checking setresuid])] 1959 ) 1960]) 1961 1962AC_CHECK_FUNCS([setresgid], [ 1963 dnl Some platorms have setresgid that isn't implemented, test for this 1964 AC_MSG_CHECKING([if setresgid seems to work]) 1965 AC_RUN_IFELSE( 1966 [AC_LANG_PROGRAM([[ 1967#include <stdlib.h> 1968#include <errno.h> 1969 ]], [[ 1970 errno=0; 1971 setresgid(0,0,0); 1972 if (errno==ENOSYS) 1973 exit(1); 1974 else 1975 exit(0); 1976 ]])], 1977 [AC_MSG_RESULT([yes])], 1978 [AC_DEFINE([BROKEN_SETRESGID], [1], 1979 [Define if your setresgid() is broken]) 1980 AC_MSG_RESULT([not implemented])], 1981 [AC_MSG_WARN([cross compiling: not checking setresuid])] 1982 ) 1983]) 1984 1985AC_CHECK_FUNCS([realpath], [ 1986 dnl the sftp v3 spec says SSH_FXP_REALPATH will "canonicalize any given 1987 dnl path name", however some implementations of realpath (and some 1988 dnl versions of the POSIX spec) do not work on non-existent files, 1989 dnl so we use the OpenBSD implementation on those platforms. 1990 AC_MSG_CHECKING([if realpath works with non-existent files]) 1991 AC_RUN_IFELSE( 1992 [AC_LANG_PROGRAM([[ 1993#include <limits.h> 1994#include <stdlib.h> 1995#include <errno.h> 1996 ]], [[ 1997 char buf[PATH_MAX]; 1998 if (realpath("/opensshnonexistentfilename1234", buf) == NULL) 1999 if (errno == ENOENT) 2000 exit(1); 2001 exit(0); 2002 ]])], 2003 [AC_MSG_RESULT([yes])], 2004 [AC_DEFINE([BROKEN_REALPATH], [1], 2005 [realpath does not work with nonexistent files]) 2006 AC_MSG_RESULT([no])], 2007 [AC_MSG_WARN([cross compiling: assuming working])] 2008 ) 2009]) 2010 2011dnl Checks for time functions 2012AC_CHECK_FUNCS([gettimeofday time]) 2013dnl Checks for utmp functions 2014AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 2015AC_CHECK_FUNCS([utmpname]) 2016dnl Checks for utmpx functions 2017AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 2018AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 2019dnl Checks for lastlog functions 2020AC_CHECK_FUNCS([getlastlogxbyname]) 2021 2022AC_CHECK_FUNC([daemon], 2023 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 2024 [AC_CHECK_LIB([bsd], [daemon], 2025 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 2026) 2027 2028AC_CHECK_FUNC([getpagesize], 2029 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 2030 [Define if your libraries define getpagesize()])], 2031 [AC_CHECK_LIB([ucb], [getpagesize], 2032 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 2033) 2034 2035# Check for broken snprintf 2036if test "x$ac_cv_func_snprintf" = "xyes" ; then 2037 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 2038 AC_RUN_IFELSE( 2039 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 2040 [[ 2041 char b[5]; 2042 snprintf(b,5,"123456789"); 2043 exit(b[4]!='\0'); 2044 ]])], 2045 [AC_MSG_RESULT([yes])], 2046 [ 2047 AC_MSG_RESULT([no]) 2048 AC_DEFINE([BROKEN_SNPRINTF], [1], 2049 [Define if your snprintf is busted]) 2050 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 2051 ], 2052 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 2053 ) 2054fi 2055 2056# We depend on vsnprintf returning the right thing on overflow: the 2057# number of characters it tried to create (as per SUSv3) 2058if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 2059 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 2060 AC_RUN_IFELSE( 2061 [AC_LANG_PROGRAM([[ 2062#include <sys/types.h> 2063#include <stdio.h> 2064#include <stdarg.h> 2065 2066int x_snprintf(char *str, size_t count, const char *fmt, ...) 2067{ 2068 size_t ret; 2069 va_list ap; 2070 2071 va_start(ap, fmt); 2072 ret = vsnprintf(str, count, fmt, ap); 2073 va_end(ap); 2074 return ret; 2075} 2076 ]], [[ 2077char x[1]; 2078if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 2079 return 1; 2080if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 2081 return 1; 2082return 0; 2083 ]])], 2084 [AC_MSG_RESULT([yes])], 2085 [ 2086 AC_MSG_RESULT([no]) 2087 AC_DEFINE([BROKEN_SNPRINTF], [1], 2088 [Define if your snprintf is busted]) 2089 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 2090 ], 2091 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2092 ) 2093fi 2094 2095# On systems where [v]snprintf is broken, but is declared in stdio, 2096# check that the fmt argument is const char * or just char *. 2097# This is only useful for when BROKEN_SNPRINTF 2098AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2099AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2100#include <stdio.h> 2101int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2102 ]], [[ 2103 snprintf(0, 0, 0); 2104 ]])], 2105 [AC_MSG_RESULT([yes]) 2106 AC_DEFINE([SNPRINTF_CONST], [const], 2107 [Define as const if snprintf() can declare const char *fmt])], 2108 [AC_MSG_RESULT([no]) 2109 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2110 2111# Check for missing getpeereid (or equiv) support 2112NO_PEERCHECK="" 2113if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2114 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2115 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2116#include <sys/types.h> 2117#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2118 [ AC_MSG_RESULT([yes]) 2119 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2120 ], [AC_MSG_RESULT([no]) 2121 NO_PEERCHECK=1 2122 ]) 2123fi 2124 2125dnl see whether mkstemp() requires XXXXXX 2126if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 2127AC_MSG_CHECKING([for (overly) strict mkstemp]) 2128AC_RUN_IFELSE( 2129 [AC_LANG_PROGRAM([[ 2130#include <stdlib.h> 2131 ]], [[ 2132 char template[]="conftest.mkstemp-test"; 2133 if (mkstemp(template) == -1) 2134 exit(1); 2135 unlink(template); 2136 exit(0); 2137 ]])], 2138 [ 2139 AC_MSG_RESULT([no]) 2140 ], 2141 [ 2142 AC_MSG_RESULT([yes]) 2143 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) 2144 ], 2145 [ 2146 AC_MSG_RESULT([yes]) 2147 AC_DEFINE([HAVE_STRICT_MKSTEMP]) 2148 ] 2149) 2150fi 2151 2152dnl make sure that openpty does not reacquire controlling terminal 2153if test ! -z "$check_for_openpty_ctty_bug"; then 2154 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2155 AC_RUN_IFELSE( 2156 [AC_LANG_PROGRAM([[ 2157#include <stdio.h> 2158#include <sys/fcntl.h> 2159#include <sys/types.h> 2160#include <sys/wait.h> 2161 ]], [[ 2162 pid_t pid; 2163 int fd, ptyfd, ttyfd, status; 2164 2165 pid = fork(); 2166 if (pid < 0) { /* failed */ 2167 exit(1); 2168 } else if (pid > 0) { /* parent */ 2169 waitpid(pid, &status, 0); 2170 if (WIFEXITED(status)) 2171 exit(WEXITSTATUS(status)); 2172 else 2173 exit(2); 2174 } else { /* child */ 2175 close(0); close(1); close(2); 2176 setsid(); 2177 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2178 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2179 if (fd >= 0) 2180 exit(3); /* Acquired ctty: broken */ 2181 else 2182 exit(0); /* Did not acquire ctty: OK */ 2183 } 2184 ]])], 2185 [ 2186 AC_MSG_RESULT([yes]) 2187 ], 2188 [ 2189 AC_MSG_RESULT([no]) 2190 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2191 ], 2192 [ 2193 AC_MSG_RESULT([cross-compiling, assuming yes]) 2194 ] 2195 ) 2196fi 2197 2198if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2199 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2200 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2201 AC_RUN_IFELSE( 2202 [AC_LANG_PROGRAM([[ 2203#include <stdio.h> 2204#include <sys/socket.h> 2205#include <netdb.h> 2206#include <errno.h> 2207#include <netinet/in.h> 2208 2209#define TEST_PORT "2222" 2210 ]], [[ 2211 int err, sock; 2212 struct addrinfo *gai_ai, *ai, hints; 2213 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2214 2215 memset(&hints, 0, sizeof(hints)); 2216 hints.ai_family = PF_UNSPEC; 2217 hints.ai_socktype = SOCK_STREAM; 2218 hints.ai_flags = AI_PASSIVE; 2219 2220 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2221 if (err != 0) { 2222 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2223 exit(1); 2224 } 2225 2226 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2227 if (ai->ai_family != AF_INET6) 2228 continue; 2229 2230 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2231 sizeof(ntop), strport, sizeof(strport), 2232 NI_NUMERICHOST|NI_NUMERICSERV); 2233 2234 if (err != 0) { 2235 if (err == EAI_SYSTEM) 2236 perror("getnameinfo EAI_SYSTEM"); 2237 else 2238 fprintf(stderr, "getnameinfo failed: %s\n", 2239 gai_strerror(err)); 2240 exit(2); 2241 } 2242 2243 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2244 if (sock < 0) 2245 perror("socket"); 2246 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2247 if (errno == EBADF) 2248 exit(3); 2249 } 2250 } 2251 exit(0); 2252 ]])], 2253 [ 2254 AC_MSG_RESULT([yes]) 2255 ], 2256 [ 2257 AC_MSG_RESULT([no]) 2258 AC_DEFINE([BROKEN_GETADDRINFO]) 2259 ], 2260 [ 2261 AC_MSG_RESULT([cross-compiling, assuming yes]) 2262 ] 2263 ) 2264fi 2265 2266if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2267 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2268 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2269 AC_RUN_IFELSE( 2270 [AC_LANG_PROGRAM([[ 2271#include <stdio.h> 2272#include <sys/socket.h> 2273#include <netdb.h> 2274#include <errno.h> 2275#include <netinet/in.h> 2276 2277#define TEST_PORT "2222" 2278 ]], [[ 2279 int err, sock; 2280 struct addrinfo *gai_ai, *ai, hints; 2281 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2282 2283 memset(&hints, 0, sizeof(hints)); 2284 hints.ai_family = PF_UNSPEC; 2285 hints.ai_socktype = SOCK_STREAM; 2286 hints.ai_flags = AI_PASSIVE; 2287 2288 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2289 if (err != 0) { 2290 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2291 exit(1); 2292 } 2293 2294 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2295 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2296 continue; 2297 2298 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2299 sizeof(ntop), strport, sizeof(strport), 2300 NI_NUMERICHOST|NI_NUMERICSERV); 2301 2302 if (ai->ai_family == AF_INET && err != 0) { 2303 perror("getnameinfo"); 2304 exit(2); 2305 } 2306 } 2307 exit(0); 2308 ]])], 2309 [ 2310 AC_MSG_RESULT([yes]) 2311 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2312 [Define if you have a getaddrinfo that fails 2313 for the all-zeros IPv6 address]) 2314 ], 2315 [ 2316 AC_MSG_RESULT([no]) 2317 AC_DEFINE([BROKEN_GETADDRINFO]) 2318 ], 2319 [ 2320 AC_MSG_RESULT([cross-compiling, assuming no]) 2321 ] 2322 ) 2323fi 2324 2325if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2326 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2327 [#include <sys/types.h> 2328 #include <sys/socket.h> 2329 #include <netdb.h>]) 2330fi 2331 2332if test "x$check_for_conflicting_getspnam" = "x1"; then 2333 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2334 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]], 2335 [[ exit(0); ]])], 2336 [ 2337 AC_MSG_RESULT([no]) 2338 ], 2339 [ 2340 AC_MSG_RESULT([yes]) 2341 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2342 [Conflicting defs for getspnam]) 2343 ] 2344 ) 2345fi 2346 2347dnl NetBSD added an strnvis and unfortunately made it incompatible with the 2348dnl existing one in OpenBSD and Linux's libbsd (the former having existed 2349dnl for over ten years). Despite this incompatibility being reported during 2350dnl development (see http://gnats.netbsd.org/44977) they still shipped it. 2351dnl Even more unfortunately FreeBSD and later MacOS picked up this incompatible 2352dnl implementation. Try to detect this mess, and assume the only safe option 2353dnl if we're cross compiling. 2354dnl 2355dnl OpenBSD, 2001: strnvis(char *dst, const char *src, size_t dlen, int flag); 2356dnl NetBSD: 2012, strnvis(char *dst, size_t dlen, const char *src, int flag); 2357if test "x$ac_cv_func_strnvis" = "xyes"; then 2358 AC_MSG_CHECKING([for working strnvis]) 2359 AC_RUN_IFELSE( 2360 [AC_LANG_PROGRAM([[ 2361#include <signal.h> 2362#include <stdlib.h> 2363#include <string.h> 2364#include <vis.h> 2365static void sighandler(int sig) { _exit(1); } 2366 ]], [[ 2367 char dst[16]; 2368 2369 signal(SIGSEGV, sighandler); 2370 if (strnvis(dst, "src", 4, 0) && strcmp(dst, "src") == 0) 2371 exit(0); 2372 exit(1) 2373 ]])], 2374 [AC_MSG_RESULT([yes])], 2375 [AC_MSG_RESULT([no]) 2376 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis detected broken])], 2377 [AC_MSG_WARN([cross compiling: assuming broken]) 2378 AC_DEFINE([BROKEN_STRNVIS], [1], [strnvis assumed broken])] 2379 ) 2380fi 2381 2382AC_FUNC_GETPGRP 2383 2384# Search for OpenSSL 2385saved_CPPFLAGS="$CPPFLAGS" 2386saved_LDFLAGS="$LDFLAGS" 2387AC_ARG_WITH([ssl-dir], 2388 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2389 [ 2390 if test "x$openssl" = "xno" ; then 2391 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2392 fi 2393 if test "x$withval" != "xno" ; then 2394 case "$withval" in 2395 # Relative paths 2396 ./*|../*) withval="`pwd`/$withval" 2397 esac 2398 if test -d "$withval/lib"; then 2399 if test -n "${need_dash_r}"; then 2400 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 2401 else 2402 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2403 fi 2404 elif test -d "$withval/lib64"; then 2405 if test -n "${need_dash_r}"; then 2406 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}" 2407 else 2408 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2409 fi 2410 else 2411 if test -n "${need_dash_r}"; then 2412 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 2413 else 2414 LDFLAGS="-L${withval} ${LDFLAGS}" 2415 fi 2416 fi 2417 if test -d "$withval/include"; then 2418 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2419 else 2420 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2421 fi 2422 fi 2423 ] 2424) 2425 2426AC_ARG_WITH([openssl-header-check], 2427 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2428 [ 2429 if test "x$withval" = "xno" ; then 2430 openssl_check_nonfatal=1 2431 fi 2432 ] 2433) 2434 2435openssl_engine=no 2436AC_ARG_WITH([ssl-engine], 2437 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2438 [ 2439 if test "x$withval" != "xno" ; then 2440 if test "x$openssl" = "xno" ; then 2441 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2442 fi 2443 openssl_engine=yes 2444 fi 2445 ] 2446) 2447 2448if test "x$openssl" = "xyes" ; then 2449 LIBS="-lcrypto $LIBS" 2450 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1], 2451 [Define if your ssl headers are included 2452 with #include <openssl/header.h>])], 2453 [ 2454 dnl Check default openssl install dir 2455 if test -n "${need_dash_r}"; then 2456 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" 2457 else 2458 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" 2459 fi 2460 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" 2461 AC_CHECK_HEADER([openssl/opensslv.h], , 2462 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2463 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])], 2464 [ 2465 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***]) 2466 ] 2467 ) 2468 ] 2469 ) 2470 2471 # Determine OpenSSL header version 2472 AC_MSG_CHECKING([OpenSSL header version]) 2473 AC_RUN_IFELSE( 2474 [AC_LANG_PROGRAM([[ 2475 #include <stdlib.h> 2476 #include <stdio.h> 2477 #include <string.h> 2478 #include <openssl/opensslv.h> 2479 #define DATA "conftest.sslincver" 2480 ]], [[ 2481 FILE *fd; 2482 int rc; 2483 2484 fd = fopen(DATA,"w"); 2485 if(fd == NULL) 2486 exit(1); 2487 2488 if ((rc = fprintf(fd, "%08lx (%s)\n", 2489 (unsigned long)OPENSSL_VERSION_NUMBER, 2490 OPENSSL_VERSION_TEXT)) < 0) 2491 exit(1); 2492 2493 exit(0); 2494 ]])], 2495 [ 2496 ssl_header_ver=`cat conftest.sslincver` 2497 AC_MSG_RESULT([$ssl_header_ver]) 2498 ], 2499 [ 2500 AC_MSG_RESULT([not found]) 2501 AC_MSG_ERROR([OpenSSL version header not found.]) 2502 ], 2503 [ 2504 AC_MSG_WARN([cross compiling: not checking]) 2505 ] 2506 ) 2507 2508 # Determine OpenSSL library version 2509 AC_MSG_CHECKING([OpenSSL library version]) 2510 AC_RUN_IFELSE( 2511 [AC_LANG_PROGRAM([[ 2512 #include <stdio.h> 2513 #include <string.h> 2514 #include <openssl/opensslv.h> 2515 #include <openssl/crypto.h> 2516 #define DATA "conftest.ssllibver" 2517 ]], [[ 2518 FILE *fd; 2519 int rc; 2520 2521 fd = fopen(DATA,"w"); 2522 if(fd == NULL) 2523 exit(1); 2524 2525 if ((rc = fprintf(fd, "%08lx (%s)\n", (unsigned long)SSLeay(), 2526 SSLeay_version(SSLEAY_VERSION))) < 0) 2527 exit(1); 2528 2529 exit(0); 2530 ]])], 2531 [ 2532 ssl_library_ver=`cat conftest.ssllibver` 2533 # Check version is supported. 2534 case "$ssl_library_ver" in 2535 10000*|0*) 2536 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2537 ;; 2538 *) ;; 2539 esac 2540 AC_MSG_RESULT([$ssl_library_ver]) 2541 ], 2542 [ 2543 AC_MSG_RESULT([not found]) 2544 AC_MSG_ERROR([OpenSSL library not found.]) 2545 ], 2546 [ 2547 AC_MSG_WARN([cross compiling: not checking]) 2548 ] 2549 ) 2550 2551 # Sanity check OpenSSL headers 2552 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2553 AC_RUN_IFELSE( 2554 [AC_LANG_PROGRAM([[ 2555 #include <string.h> 2556 #include <openssl/opensslv.h> 2557 #include <openssl/crypto.h> 2558 ]], [[ 2559 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2560 ]])], 2561 [ 2562 AC_MSG_RESULT([yes]) 2563 ], 2564 [ 2565 AC_MSG_RESULT([no]) 2566 if test "x$openssl_check_nonfatal" = "x"; then 2567 AC_MSG_ERROR([Your OpenSSL headers do not match your 2568 library. Check config.log for details. 2569 If you are sure your installation is consistent, you can disable the check 2570 by running "./configure --without-openssl-header-check". 2571 Also see contrib/findssl.sh for help identifying header/library mismatches. 2572 ]) 2573 else 2574 AC_MSG_WARN([Your OpenSSL headers do not match your 2575 library. Check config.log for details. 2576 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2577 fi 2578 ], 2579 [ 2580 AC_MSG_WARN([cross compiling: not checking]) 2581 ] 2582 ) 2583 2584 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2585 AC_LINK_IFELSE( 2586 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2587 [[ SSLeay_add_all_algorithms(); ]])], 2588 [ 2589 AC_MSG_RESULT([yes]) 2590 ], 2591 [ 2592 AC_MSG_RESULT([no]) 2593 saved_LIBS="$LIBS" 2594 LIBS="$LIBS -ldl" 2595 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2596 AC_LINK_IFELSE( 2597 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2598 [[ SSLeay_add_all_algorithms(); ]])], 2599 [ 2600 AC_MSG_RESULT([yes]) 2601 ], 2602 [ 2603 AC_MSG_RESULT([no]) 2604 LIBS="$saved_LIBS" 2605 ] 2606 ) 2607 ] 2608 ) 2609 2610 AC_CHECK_FUNCS([ \ 2611 BN_is_prime_ex \ 2612 DSA_generate_parameters_ex \ 2613 EVP_DigestInit_ex \ 2614 EVP_DigestFinal_ex \ 2615 EVP_MD_CTX_init \ 2616 EVP_MD_CTX_cleanup \ 2617 EVP_MD_CTX_copy_ex \ 2618 HMAC_CTX_init \ 2619 RSA_generate_key_ex \ 2620 RSA_get_default_method \ 2621 ]) 2622 2623 if test "x$openssl_engine" = "xyes" ; then 2624 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2625 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2626 #include <openssl/engine.h> 2627 ]], [[ 2628 ENGINE_load_builtin_engines(); 2629 ENGINE_register_all_complete(); 2630 ]])], 2631 [ AC_MSG_RESULT([yes]) 2632 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2633 [Enable OpenSSL engine support]) 2634 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2635 ]) 2636 fi 2637 2638 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2639 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2640 AC_LINK_IFELSE( 2641 [AC_LANG_PROGRAM([[ 2642 #include <string.h> 2643 #include <openssl/evp.h> 2644 ]], [[ 2645 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2646 ]])], 2647 [ 2648 AC_MSG_RESULT([no]) 2649 ], 2650 [ 2651 AC_MSG_RESULT([yes]) 2652 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2653 [libcrypto is missing AES 192 and 256 bit functions]) 2654 ] 2655 ) 2656 2657 # Check for OpenSSL with EVP_aes_*ctr 2658 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2659 AC_LINK_IFELSE( 2660 [AC_LANG_PROGRAM([[ 2661 #include <string.h> 2662 #include <openssl/evp.h> 2663 ]], [[ 2664 exit(EVP_aes_128_ctr() == NULL || 2665 EVP_aes_192_cbc() == NULL || 2666 EVP_aes_256_cbc() == NULL); 2667 ]])], 2668 [ 2669 AC_MSG_RESULT([yes]) 2670 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2671 [libcrypto has EVP AES CTR]) 2672 ], 2673 [ 2674 AC_MSG_RESULT([no]) 2675 ] 2676 ) 2677 2678 # Check for OpenSSL with EVP_aes_*gcm 2679 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2680 AC_LINK_IFELSE( 2681 [AC_LANG_PROGRAM([[ 2682 #include <string.h> 2683 #include <openssl/evp.h> 2684 ]], [[ 2685 exit(EVP_aes_128_gcm() == NULL || 2686 EVP_aes_256_gcm() == NULL || 2687 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2688 EVP_CTRL_GCM_IV_GEN == 0 || 2689 EVP_CTRL_GCM_SET_TAG == 0 || 2690 EVP_CTRL_GCM_GET_TAG == 0 || 2691 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2692 ]])], 2693 [ 2694 AC_MSG_RESULT([yes]) 2695 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2696 [libcrypto has EVP AES GCM]) 2697 ], 2698 [ 2699 AC_MSG_RESULT([no]) 2700 unsupported_algorithms="$unsupported_cipers \ 2701 aes128-gcm@openssh.com \ 2702 aes256-gcm@openssh.com" 2703 ] 2704 ) 2705 2706 AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto], 2707 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1], 2708 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])]) 2709 2710 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2711 AC_LINK_IFELSE( 2712 [AC_LANG_PROGRAM([[ 2713 #include <string.h> 2714 #include <openssl/evp.h> 2715 ]], [[ 2716 if(EVP_DigestUpdate(NULL, NULL,0)) 2717 exit(0); 2718 ]])], 2719 [ 2720 AC_MSG_RESULT([yes]) 2721 ], 2722 [ 2723 AC_MSG_RESULT([no]) 2724 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2725 [Define if EVP_DigestUpdate returns void]) 2726 ] 2727 ) 2728 2729 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2730 # because the system crypt() is more featureful. 2731 if test "x$check_for_libcrypt_before" = "x1"; then 2732 AC_CHECK_LIB([crypt], [crypt]) 2733 fi 2734 2735 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2736 # version in OpenSSL. 2737 if test "x$check_for_libcrypt_later" = "x1"; then 2738 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2739 fi 2740 AC_CHECK_FUNCS([crypt DES_crypt]) 2741 2742 # Search for SHA256 support in libc and/or OpenSSL 2743 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], , 2744 [unsupported_algorithms="$unsupported_algorithms \ 2745 hmac-sha2-256 \ 2746 hmac-sha2-512 \ 2747 diffie-hellman-group-exchange-sha256 \ 2748 hmac-sha2-256-etm@openssh.com \ 2749 hmac-sha2-512-etm@openssh.com" 2750 ] 2751 ) 2752 # Search for RIPE-MD support in OpenSSL 2753 AC_CHECK_FUNCS([EVP_ripemd160], , 2754 [unsupported_algorithms="$unsupported_algorithms \ 2755 hmac-ripemd160 \ 2756 hmac-ripemd160@openssh.com \ 2757 hmac-ripemd160-etm@openssh.com" 2758 ] 2759 ) 2760 2761 # Check complete ECC support in OpenSSL 2762 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 2763 AC_LINK_IFELSE( 2764 [AC_LANG_PROGRAM([[ 2765 #include <openssl/ec.h> 2766 #include <openssl/ecdh.h> 2767 #include <openssl/ecdsa.h> 2768 #include <openssl/evp.h> 2769 #include <openssl/objects.h> 2770 #include <openssl/opensslv.h> 2771 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2772 # error "OpenSSL < 0.9.8g has unreliable ECC code" 2773 #endif 2774 ]], [[ 2775 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 2776 const EVP_MD *m = EVP_sha256(); /* We need this too */ 2777 ]])], 2778 [ AC_MSG_RESULT([yes]) 2779 enable_nistp256=1 ], 2780 [ AC_MSG_RESULT([no]) ] 2781 ) 2782 2783 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 2784 AC_LINK_IFELSE( 2785 [AC_LANG_PROGRAM([[ 2786 #include <openssl/ec.h> 2787 #include <openssl/ecdh.h> 2788 #include <openssl/ecdsa.h> 2789 #include <openssl/evp.h> 2790 #include <openssl/objects.h> 2791 #include <openssl/opensslv.h> 2792 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2793 # error "OpenSSL < 0.9.8g has unreliable ECC code" 2794 #endif 2795 ]], [[ 2796 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 2797 const EVP_MD *m = EVP_sha384(); /* We need this too */ 2798 ]])], 2799 [ AC_MSG_RESULT([yes]) 2800 enable_nistp384=1 ], 2801 [ AC_MSG_RESULT([no]) ] 2802 ) 2803 2804 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 2805 AC_LINK_IFELSE( 2806 [AC_LANG_PROGRAM([[ 2807 #include <openssl/ec.h> 2808 #include <openssl/ecdh.h> 2809 #include <openssl/ecdsa.h> 2810 #include <openssl/evp.h> 2811 #include <openssl/objects.h> 2812 #include <openssl/opensslv.h> 2813 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2814 # error "OpenSSL < 0.9.8g has unreliable ECC code" 2815 #endif 2816 ]], [[ 2817 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 2818 const EVP_MD *m = EVP_sha512(); /* We need this too */ 2819 ]])], 2820 [ AC_MSG_RESULT([yes]) 2821 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 2822 AC_RUN_IFELSE( 2823 [AC_LANG_PROGRAM([[ 2824 #include <openssl/ec.h> 2825 #include <openssl/ecdh.h> 2826 #include <openssl/ecdsa.h> 2827 #include <openssl/evp.h> 2828 #include <openssl/objects.h> 2829 #include <openssl/opensslv.h> 2830 ]],[[ 2831 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 2832 const EVP_MD *m = EVP_sha512(); /* We need this too */ 2833 exit(e == NULL || m == NULL); 2834 ]])], 2835 [ AC_MSG_RESULT([yes]) 2836 enable_nistp521=1 ], 2837 [ AC_MSG_RESULT([no]) ], 2838 [ AC_MSG_WARN([cross-compiling: assuming yes]) 2839 enable_nistp521=1 ] 2840 )], 2841 AC_MSG_RESULT([no]) 2842 ) 2843 2844 COMMENT_OUT_ECC="#no ecc#" 2845 TEST_SSH_ECC=no 2846 2847 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 2848 test x$enable_nistp521 = x1; then 2849 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 2850 fi 2851 if test x$enable_nistp256 = x1; then 2852 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 2853 [libcrypto has NID_X9_62_prime256v1]) 2854 TEST_SSH_ECC=yes 2855 COMMENT_OUT_ECC="" 2856 else 2857 unsupported_algorithms="$unsupported_algorithms \ 2858 ecdsa-sha2-nistp256 \ 2859 ecdh-sha2-nistp256 \ 2860 ecdsa-sha2-nistp256-cert-v01@openssh.com" 2861 fi 2862 if test x$enable_nistp384 = x1; then 2863 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 2864 TEST_SSH_ECC=yes 2865 COMMENT_OUT_ECC="" 2866 else 2867 unsupported_algorithms="$unsupported_algorithms \ 2868 ecdsa-sha2-nistp384 \ 2869 ecdh-sha2-nistp384 \ 2870 ecdsa-sha2-nistp384-cert-v01@openssh.com" 2871 fi 2872 if test x$enable_nistp521 = x1; then 2873 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 2874 TEST_SSH_ECC=yes 2875 COMMENT_OUT_ECC="" 2876 else 2877 unsupported_algorithms="$unsupported_algorithms \ 2878 ecdh-sha2-nistp521 \ 2879 ecdsa-sha2-nistp521 \ 2880 ecdsa-sha2-nistp521-cert-v01@openssh.com" 2881 fi 2882 2883 AC_SUBST([TEST_SSH_ECC]) 2884 AC_SUBST([COMMENT_OUT_ECC]) 2885else 2886 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2887 AC_CHECK_FUNCS([crypt]) 2888fi 2889 2890AC_CHECK_FUNCS([ \ 2891 arc4random \ 2892 arc4random_buf \ 2893 arc4random_stir \ 2894 arc4random_uniform \ 2895]) 2896 2897saved_LIBS="$LIBS" 2898AC_CHECK_LIB([iaf], [ia_openinfo], [ 2899 LIBS="$LIBS -liaf" 2900 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 2901 AC_DEFINE([HAVE_LIBIAF], [1], 2902 [Define if system has libiaf that supports set_id]) 2903 ]) 2904]) 2905LIBS="$saved_LIBS" 2906 2907### Configure cryptographic random number support 2908 2909# Check wheter OpenSSL seeds itself 2910if test "x$openssl" = "xyes" ; then 2911 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 2912 AC_RUN_IFELSE( 2913 [AC_LANG_PROGRAM([[ 2914 #include <string.h> 2915 #include <openssl/rand.h> 2916 ]], [[ 2917 exit(RAND_status() == 1 ? 0 : 1); 2918 ]])], 2919 [ 2920 OPENSSL_SEEDS_ITSELF=yes 2921 AC_MSG_RESULT([yes]) 2922 ], 2923 [ 2924 AC_MSG_RESULT([no]) 2925 ], 2926 [ 2927 AC_MSG_WARN([cross compiling: assuming yes]) 2928 # This is safe, since we will fatal() at runtime if 2929 # OpenSSL is not seeded correctly. 2930 OPENSSL_SEEDS_ITSELF=yes 2931 ] 2932 ) 2933fi 2934 2935# PRNGD TCP socket 2936AC_ARG_WITH([prngd-port], 2937 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 2938 [ 2939 case "$withval" in 2940 no) 2941 withval="" 2942 ;; 2943 [[0-9]]*) 2944 ;; 2945 *) 2946 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 2947 ;; 2948 esac 2949 if test ! -z "$withval" ; then 2950 PRNGD_PORT="$withval" 2951 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 2952 [Port number of PRNGD/EGD random number socket]) 2953 fi 2954 ] 2955) 2956 2957# PRNGD Unix domain socket 2958AC_ARG_WITH([prngd-socket], 2959 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 2960 [ 2961 case "$withval" in 2962 yes) 2963 withval="/var/run/egd-pool" 2964 ;; 2965 no) 2966 withval="" 2967 ;; 2968 /*) 2969 ;; 2970 *) 2971 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 2972 ;; 2973 esac 2974 2975 if test ! -z "$withval" ; then 2976 if test ! -z "$PRNGD_PORT" ; then 2977 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 2978 fi 2979 if test ! -r "$withval" ; then 2980 AC_MSG_WARN([Entropy socket is not readable]) 2981 fi 2982 PRNGD_SOCKET="$withval" 2983 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 2984 [Location of PRNGD/EGD random number socket]) 2985 fi 2986 ], 2987 [ 2988 # Check for existing socket only if we don't have a random device already 2989 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 2990 AC_MSG_CHECKING([for PRNGD/EGD socket]) 2991 # Insert other locations here 2992 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 2993 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 2994 PRNGD_SOCKET="$sock" 2995 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 2996 break; 2997 fi 2998 done 2999 if test ! -z "$PRNGD_SOCKET" ; then 3000 AC_MSG_RESULT([$PRNGD_SOCKET]) 3001 else 3002 AC_MSG_RESULT([not found]) 3003 fi 3004 fi 3005 ] 3006) 3007 3008# Which randomness source do we use? 3009if test ! -z "$PRNGD_PORT" ; then 3010 RAND_MSG="PRNGd port $PRNGD_PORT" 3011elif test ! -z "$PRNGD_SOCKET" ; then 3012 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 3013elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 3014 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 3015 [Define if you want the OpenSSL internally seeded PRNG only]) 3016 RAND_MSG="OpenSSL internal ONLY" 3017elif test "x$openssl" = "xno" ; then 3018 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 3019else 3020 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 3021fi 3022 3023# Check for PAM libs 3024PAM_MSG="no" 3025AC_ARG_WITH([pam], 3026 [ --with-pam Enable PAM support ], 3027 [ 3028 if test "x$withval" != "xno" ; then 3029 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 3030 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 3031 AC_MSG_ERROR([PAM headers not found]) 3032 fi 3033 3034 saved_LIBS="$LIBS" 3035 AC_CHECK_LIB([dl], [dlopen], , ) 3036 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 3037 AC_CHECK_FUNCS([pam_getenvlist]) 3038 AC_CHECK_FUNCS([pam_putenv]) 3039 LIBS="$saved_LIBS" 3040 3041 PAM_MSG="yes" 3042 3043 SSHDLIBS="$SSHDLIBS -lpam" 3044 AC_DEFINE([USE_PAM], [1], 3045 [Define if you want to enable PAM support]) 3046 3047 if test $ac_cv_lib_dl_dlopen = yes; then 3048 case "$LIBS" in 3049 *-ldl*) 3050 # libdl already in LIBS 3051 ;; 3052 *) 3053 SSHDLIBS="$SSHDLIBS -ldl" 3054 ;; 3055 esac 3056 fi 3057 fi 3058 ] 3059) 3060 3061AC_ARG_WITH([pam-service], 3062 [ --with-pam-service=name Specify PAM service name ], 3063 [ 3064 if test "x$withval" != "xno" && \ 3065 test "x$withval" != "xyes" ; then 3066 AC_DEFINE_UNQUOTED([SSHD_PAM_SERVICE], 3067 ["$withval"], [sshd PAM service name]) 3068 fi 3069 ] 3070) 3071 3072# Check for older PAM 3073if test "x$PAM_MSG" = "xyes" ; then 3074 # Check PAM strerror arguments (old PAM) 3075 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 3076 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3077#include <stdlib.h> 3078#if defined(HAVE_SECURITY_PAM_APPL_H) 3079#include <security/pam_appl.h> 3080#elif defined (HAVE_PAM_PAM_APPL_H) 3081#include <pam/pam_appl.h> 3082#endif 3083 ]], [[ 3084(void)pam_strerror((pam_handle_t *)NULL, -1); 3085 ]])], [AC_MSG_RESULT([no])], [ 3086 AC_DEFINE([HAVE_OLD_PAM], [1], 3087 [Define if you have an old version of PAM 3088 which takes only one argument to pam_strerror]) 3089 AC_MSG_RESULT([yes]) 3090 PAM_MSG="yes (old library)" 3091 3092 ]) 3093fi 3094 3095case "$host" in 3096*-*-cygwin*) 3097 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 3098 ;; 3099*) 3100 SSH_PRIVSEP_USER=sshd 3101 ;; 3102esac 3103AC_ARG_WITH([privsep-user], 3104 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 3105 [ 3106 if test -n "$withval" && test "x$withval" != "xno" && \ 3107 test "x${withval}" != "xyes"; then 3108 SSH_PRIVSEP_USER=$withval 3109 fi 3110 ] 3111) 3112if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 3113 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 3114 [Cygwin function to fetch non-privileged user for privilege separation]) 3115else 3116 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 3117 [non-privileged user for privilege separation]) 3118fi 3119AC_SUBST([SSH_PRIVSEP_USER]) 3120 3121if test "x$have_linux_no_new_privs" = "x1" ; then 3122AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 3123 #include <sys/types.h> 3124 #include <linux/seccomp.h> 3125]) 3126fi 3127if test "x$have_seccomp_filter" = "x1" ; then 3128AC_MSG_CHECKING([kernel for seccomp_filter support]) 3129AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3130 #include <errno.h> 3131 #include <elf.h> 3132 #include <linux/audit.h> 3133 #include <linux/seccomp.h> 3134 #include <stdlib.h> 3135 #include <sys/prctl.h> 3136 ]], 3137 [[ int i = $seccomp_audit_arch; 3138 errno = 0; 3139 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 3140 exit(errno == EFAULT ? 0 : 1); ]])], 3141 [ AC_MSG_RESULT([yes]) ], [ 3142 AC_MSG_RESULT([no]) 3143 # Disable seccomp filter as a target 3144 have_seccomp_filter=0 3145 ] 3146) 3147fi 3148 3149# Decide which sandbox style to use 3150sandbox_arg="" 3151AC_ARG_WITH([sandbox], 3152 [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], 3153 [ 3154 if test "x$withval" = "xyes" ; then 3155 sandbox_arg="" 3156 else 3157 sandbox_arg="$withval" 3158 fi 3159 ] 3160) 3161 3162# Some platforms (seems to be the ones that have a kernel poll(2)-type 3163# function with which they implement select(2)) use an extra file descriptor 3164# when calling select(2), which means we can't use the rlimit sandbox. 3165AC_MSG_CHECKING([if select works with descriptor rlimit]) 3166AC_RUN_IFELSE( 3167 [AC_LANG_PROGRAM([[ 3168#include <sys/types.h> 3169#ifdef HAVE_SYS_TIME_H 3170# include <sys/time.h> 3171#endif 3172#include <sys/resource.h> 3173#ifdef HAVE_SYS_SELECT_H 3174# include <sys/select.h> 3175#endif 3176#include <errno.h> 3177#include <fcntl.h> 3178#include <stdlib.h> 3179 ]],[[ 3180 struct rlimit rl_zero; 3181 int fd, r; 3182 fd_set fds; 3183 struct timeval tv; 3184 3185 fd = open("/dev/null", O_RDONLY); 3186 FD_ZERO(&fds); 3187 FD_SET(fd, &fds); 3188 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3189 setrlimit(RLIMIT_FSIZE, &rl_zero); 3190 setrlimit(RLIMIT_NOFILE, &rl_zero); 3191 tv.tv_sec = 1; 3192 tv.tv_usec = 0; 3193 r = select(fd+1, &fds, NULL, NULL, &tv); 3194 exit (r == -1 ? 1 : 0); 3195 ]])], 3196 [AC_MSG_RESULT([yes]) 3197 select_works_with_rlimit=yes], 3198 [AC_MSG_RESULT([no]) 3199 select_works_with_rlimit=no], 3200 [AC_MSG_WARN([cross compiling: assuming yes])] 3201) 3202 3203AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3204AC_RUN_IFELSE( 3205 [AC_LANG_PROGRAM([[ 3206#include <sys/types.h> 3207#ifdef HAVE_SYS_TIME_H 3208# include <sys/time.h> 3209#endif 3210#include <sys/resource.h> 3211#include <errno.h> 3212#include <stdlib.h> 3213 ]],[[ 3214 struct rlimit rl_zero; 3215 int fd, r; 3216 fd_set fds; 3217 3218 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3219 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3220 exit (r == -1 ? 1 : 0); 3221 ]])], 3222 [AC_MSG_RESULT([yes]) 3223 rlimit_nofile_zero_works=yes], 3224 [AC_MSG_RESULT([no]) 3225 rlimit_nofile_zero_works=no], 3226 [AC_MSG_WARN([cross compiling: assuming yes])] 3227) 3228 3229AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3230AC_RUN_IFELSE( 3231 [AC_LANG_PROGRAM([[ 3232#include <sys/types.h> 3233#include <sys/resource.h> 3234#include <stdlib.h> 3235 ]],[[ 3236 struct rlimit rl_zero; 3237 3238 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3239 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3240 ]])], 3241 [AC_MSG_RESULT([yes])], 3242 [AC_MSG_RESULT([no]) 3243 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3244 [setrlimit RLIMIT_FSIZE works])], 3245 [AC_MSG_WARN([cross compiling: assuming yes])] 3246) 3247 3248if test "x$sandbox_arg" = "xpledge" || \ 3249 ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then 3250 test "x$ac_cv_func_pledge" != "xyes" && \ 3251 AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) 3252 SANDBOX_STYLE="pledge" 3253 AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) 3254elif test "x$sandbox_arg" = "xsystrace" || \ 3255 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3256 test "x$have_systr_policy_kill" != "x1" && \ 3257 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3258 SANDBOX_STYLE="systrace" 3259 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3260elif test "x$sandbox_arg" = "xdarwin" || \ 3261 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3262 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3263 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3264 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3265 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3266 SANDBOX_STYLE="darwin" 3267 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3268elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3269 ( test -z "$sandbox_arg" && \ 3270 test "x$have_seccomp_filter" = "x1" && \ 3271 test "x$ac_cv_header_elf_h" = "xyes" && \ 3272 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3273 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3274 test "x$seccomp_audit_arch" != "x" && \ 3275 test "x$have_linux_no_new_privs" = "x1" && \ 3276 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3277 test "x$seccomp_audit_arch" = "x" && \ 3278 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3279 test "x$have_linux_no_new_privs" != "x1" && \ 3280 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3281 test "x$have_seccomp_filter" != "x1" && \ 3282 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3283 test "x$ac_cv_func_prctl" != "xyes" && \ 3284 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3285 SANDBOX_STYLE="seccomp_filter" 3286 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3287elif test "x$sandbox_arg" = "xcapsicum" || \ 3288 ( test -z "$sandbox_arg" && \ 3289 test "x$ac_cv_header_sys_capability_h" = "xyes" && \ 3290 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3291 test "x$ac_cv_header_sys_capability_h" != "xyes" && \ 3292 AC_MSG_ERROR([capsicum sandbox requires sys/capability.h header]) 3293 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3294 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3295 SANDBOX_STYLE="capsicum" 3296 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3297elif test "x$sandbox_arg" = "xrlimit" || \ 3298 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3299 test "x$select_works_with_rlimit" = "xyes" && \ 3300 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3301 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3302 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3303 test "x$select_works_with_rlimit" != "xyes" && \ 3304 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3305 SANDBOX_STYLE="rlimit" 3306 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3307elif test "x$sandbox_arg" = "xsolaris" || \ 3308 ( test -z "$sandbox_arg" && test "x$SOLARIS_PRIVS" = "xyes" ) ; then 3309 SANDBOX_STYLE="solaris" 3310 AC_DEFINE([SANDBOX_SOLARIS], [1], [Sandbox using Solaris/Illumos privileges]) 3311elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3312 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3313 SANDBOX_STYLE="none" 3314 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3315else 3316 AC_MSG_ERROR([unsupported --with-sandbox]) 3317fi 3318 3319# Cheap hack to ensure NEWS-OS libraries are arranged right. 3320if test ! -z "$SONY" ; then 3321 LIBS="$LIBS -liberty"; 3322fi 3323 3324# Check for long long datatypes 3325AC_CHECK_TYPES([long long, unsigned long long, long double]) 3326 3327# Check datatype sizes 3328AC_CHECK_SIZEOF([short int], [2]) 3329AC_CHECK_SIZEOF([int], [4]) 3330AC_CHECK_SIZEOF([long int], [4]) 3331AC_CHECK_SIZEOF([long long int], [8]) 3332 3333# Sanity check long long for some platforms (AIX) 3334if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3335 ac_cv_sizeof_long_long_int=0 3336fi 3337 3338# compute LLONG_MIN and LLONG_MAX if we don't know them. 3339if test -z "$have_llong_max"; then 3340 AC_MSG_CHECKING([for max value of long long]) 3341 AC_RUN_IFELSE( 3342 [AC_LANG_PROGRAM([[ 3343#include <stdio.h> 3344/* Why is this so damn hard? */ 3345#ifdef __GNUC__ 3346# undef __GNUC__ 3347#endif 3348#define __USE_ISOC99 3349#include <limits.h> 3350#define DATA "conftest.llminmax" 3351#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3352 3353/* 3354 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3355 * we do this the hard way. 3356 */ 3357static int 3358fprint_ll(FILE *f, long long n) 3359{ 3360 unsigned int i; 3361 int l[sizeof(long long) * 8]; 3362 3363 if (n < 0) 3364 if (fprintf(f, "-") < 0) 3365 return -1; 3366 for (i = 0; n != 0; i++) { 3367 l[i] = my_abs(n % 10); 3368 n /= 10; 3369 } 3370 do { 3371 if (fprintf(f, "%d", l[--i]) < 0) 3372 return -1; 3373 } while (i != 0); 3374 if (fprintf(f, " ") < 0) 3375 return -1; 3376 return 0; 3377} 3378 ]], [[ 3379 FILE *f; 3380 long long i, llmin, llmax = 0; 3381 3382 if((f = fopen(DATA,"w")) == NULL) 3383 exit(1); 3384 3385#if defined(LLONG_MIN) && defined(LLONG_MAX) 3386 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3387 llmin = LLONG_MIN; 3388 llmax = LLONG_MAX; 3389#else 3390 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3391 /* This will work on one's complement and two's complement */ 3392 for (i = 1; i > llmax; i <<= 1, i++) 3393 llmax = i; 3394 llmin = llmax + 1LL; /* wrap */ 3395#endif 3396 3397 /* Sanity check */ 3398 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3399 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3400 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3401 fprintf(f, "unknown unknown\n"); 3402 exit(2); 3403 } 3404 3405 if (fprint_ll(f, llmin) < 0) 3406 exit(3); 3407 if (fprint_ll(f, llmax) < 0) 3408 exit(4); 3409 if (fclose(f) < 0) 3410 exit(5); 3411 exit(0); 3412 ]])], 3413 [ 3414 llong_min=`$AWK '{print $1}' conftest.llminmax` 3415 llong_max=`$AWK '{print $2}' conftest.llminmax` 3416 3417 AC_MSG_RESULT([$llong_max]) 3418 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3419 [max value of long long calculated by configure]) 3420 AC_MSG_CHECKING([for min value of long long]) 3421 AC_MSG_RESULT([$llong_min]) 3422 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3423 [min value of long long calculated by configure]) 3424 ], 3425 [ 3426 AC_MSG_RESULT([not found]) 3427 ], 3428 [ 3429 AC_MSG_WARN([cross compiling: not checking]) 3430 ] 3431 ) 3432fi 3433 3434 3435# More checks for data types 3436AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3437 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3438 [[ u_int a; a = 1;]])], 3439 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3440 ]) 3441]) 3442if test "x$ac_cv_have_u_int" = "xyes" ; then 3443 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3444 have_u_int=1 3445fi 3446 3447AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3448 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3449 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3450 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3451 ]) 3452]) 3453if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3454 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3455 have_intxx_t=1 3456fi 3457 3458if (test -z "$have_intxx_t" && \ 3459 test "x$ac_cv_header_stdint_h" = "xyes") 3460then 3461 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3462 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3463 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3464 [ 3465 AC_DEFINE([HAVE_INTXX_T]) 3466 AC_MSG_RESULT([yes]) 3467 ], [ AC_MSG_RESULT([no]) 3468 ]) 3469fi 3470 3471AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3472 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3473#include <sys/types.h> 3474#ifdef HAVE_STDINT_H 3475# include <stdint.h> 3476#endif 3477#include <sys/socket.h> 3478#ifdef HAVE_SYS_BITYPES_H 3479# include <sys/bitypes.h> 3480#endif 3481 ]], [[ 3482int64_t a; a = 1; 3483 ]])], 3484 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3485 ]) 3486]) 3487if test "x$ac_cv_have_int64_t" = "xyes" ; then 3488 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3489fi 3490 3491AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3492 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3493 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3494 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3495 ]) 3496]) 3497if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3498 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3499 have_u_intxx_t=1 3500fi 3501 3502if test -z "$have_u_intxx_t" ; then 3503 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3504 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3505 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3506 [ 3507 AC_DEFINE([HAVE_U_INTXX_T]) 3508 AC_MSG_RESULT([yes]) 3509 ], [ AC_MSG_RESULT([no]) 3510 ]) 3511fi 3512 3513AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3514 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3515 [[ u_int64_t a; a = 1;]])], 3516 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3517 ]) 3518]) 3519if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3520 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3521 have_u_int64_t=1 3522fi 3523 3524if (test -z "$have_u_int64_t" && \ 3525 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3526then 3527 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3528 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3529 [[ u_int64_t a; a = 1]])], 3530 [ 3531 AC_DEFINE([HAVE_U_INT64_T]) 3532 AC_MSG_RESULT([yes]) 3533 ], [ AC_MSG_RESULT([no]) 3534 ]) 3535fi 3536 3537if test -z "$have_u_intxx_t" ; then 3538 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3539 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3540#include <sys/types.h> 3541 ]], [[ 3542 uint8_t a; 3543 uint16_t b; 3544 uint32_t c; 3545 a = b = c = 1; 3546 ]])], 3547 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3548 ]) 3549 ]) 3550 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3551 AC_DEFINE([HAVE_UINTXX_T], [1], 3552 [define if you have uintxx_t data type]) 3553 fi 3554fi 3555 3556if (test -z "$have_uintxx_t" && \ 3557 test "x$ac_cv_header_stdint_h" = "xyes") 3558then 3559 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3560 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3561 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3562 [ 3563 AC_DEFINE([HAVE_UINTXX_T]) 3564 AC_MSG_RESULT([yes]) 3565 ], [ AC_MSG_RESULT([no]) 3566 ]) 3567fi 3568 3569if (test -z "$have_uintxx_t" && \ 3570 test "x$ac_cv_header_inttypes_h" = "xyes") 3571then 3572 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3573 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3574 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3575 [ 3576 AC_DEFINE([HAVE_UINTXX_T]) 3577 AC_MSG_RESULT([yes]) 3578 ], [ AC_MSG_RESULT([no]) 3579 ]) 3580fi 3581 3582if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3583 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3584then 3585 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3586 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3587#include <sys/bitypes.h> 3588 ]], [[ 3589 int8_t a; int16_t b; int32_t c; 3590 u_int8_t e; u_int16_t f; u_int32_t g; 3591 a = b = c = e = f = g = 1; 3592 ]])], 3593 [ 3594 AC_DEFINE([HAVE_U_INTXX_T]) 3595 AC_DEFINE([HAVE_INTXX_T]) 3596 AC_MSG_RESULT([yes]) 3597 ], [AC_MSG_RESULT([no]) 3598 ]) 3599fi 3600 3601 3602AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3603 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3604 [[ u_char foo; foo = 125; ]])], 3605 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3606 ]) 3607]) 3608if test "x$ac_cv_have_u_char" = "xyes" ; then 3609 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3610fi 3611 3612AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3613#include <sys/types.h> 3614#include <stdint.h> 3615]) 3616 3617TYPE_SOCKLEN_T 3618 3619AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3620AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3621#include <sys/types.h> 3622#ifdef HAVE_SYS_BITYPES_H 3623#include <sys/bitypes.h> 3624#endif 3625#ifdef HAVE_SYS_STATFS_H 3626#include <sys/statfs.h> 3627#endif 3628#ifdef HAVE_SYS_STATVFS_H 3629#include <sys/statvfs.h> 3630#endif 3631]) 3632 3633AC_CHECK_TYPES([in_addr_t, in_port_t], , , 3634[#include <sys/types.h> 3635#include <netinet/in.h>]) 3636 3637AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3638 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3639 [[ size_t foo; foo = 1235; ]])], 3640 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 3641 ]) 3642]) 3643if test "x$ac_cv_have_size_t" = "xyes" ; then 3644 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 3645fi 3646 3647AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 3648 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3649 [[ ssize_t foo; foo = 1235; ]])], 3650 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 3651 ]) 3652]) 3653if test "x$ac_cv_have_ssize_t" = "xyes" ; then 3654 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 3655fi 3656 3657AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 3658 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 3659 [[ clock_t foo; foo = 1235; ]])], 3660 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 3661 ]) 3662]) 3663if test "x$ac_cv_have_clock_t" = "xyes" ; then 3664 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 3665fi 3666 3667AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 3668 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3669#include <sys/types.h> 3670#include <sys/socket.h> 3671 ]], [[ sa_family_t foo; foo = 1235; ]])], 3672 [ ac_cv_have_sa_family_t="yes" ], 3673 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3674#include <sys/types.h> 3675#include <sys/socket.h> 3676#include <netinet/in.h> 3677 ]], [[ sa_family_t foo; foo = 1235; ]])], 3678 [ ac_cv_have_sa_family_t="yes" ], 3679 [ ac_cv_have_sa_family_t="no" ] 3680 ) 3681 ]) 3682]) 3683if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 3684 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 3685 [define if you have sa_family_t data type]) 3686fi 3687 3688AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 3689 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3690 [[ pid_t foo; foo = 1235; ]])], 3691 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 3692 ]) 3693]) 3694if test "x$ac_cv_have_pid_t" = "xyes" ; then 3695 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 3696fi 3697 3698AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 3699 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3700 [[ mode_t foo; foo = 1235; ]])], 3701 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 3702 ]) 3703]) 3704if test "x$ac_cv_have_mode_t" = "xyes" ; then 3705 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 3706fi 3707 3708 3709AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 3710 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3711#include <sys/types.h> 3712#include <sys/socket.h> 3713 ]], [[ struct sockaddr_storage s; ]])], 3714 [ ac_cv_have_struct_sockaddr_storage="yes" ], 3715 [ ac_cv_have_struct_sockaddr_storage="no" 3716 ]) 3717]) 3718if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 3719 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 3720 [define if you have struct sockaddr_storage data type]) 3721fi 3722 3723AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 3724 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3725#include <sys/types.h> 3726#include <netinet/in.h> 3727 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 3728 [ ac_cv_have_struct_sockaddr_in6="yes" ], 3729 [ ac_cv_have_struct_sockaddr_in6="no" 3730 ]) 3731]) 3732if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 3733 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 3734 [define if you have struct sockaddr_in6 data type]) 3735fi 3736 3737AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 3738 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3739#include <sys/types.h> 3740#include <netinet/in.h> 3741 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 3742 [ ac_cv_have_struct_in6_addr="yes" ], 3743 [ ac_cv_have_struct_in6_addr="no" 3744 ]) 3745]) 3746if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 3747 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 3748 [define if you have struct in6_addr data type]) 3749 3750dnl Now check for sin6_scope_id 3751 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 3752 [ 3753#ifdef HAVE_SYS_TYPES_H 3754#include <sys/types.h> 3755#endif 3756#include <netinet/in.h> 3757 ]) 3758fi 3759 3760AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 3761 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3762#include <sys/types.h> 3763#include <sys/socket.h> 3764#include <netdb.h> 3765 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 3766 [ ac_cv_have_struct_addrinfo="yes" ], 3767 [ ac_cv_have_struct_addrinfo="no" 3768 ]) 3769]) 3770if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 3771 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 3772 [define if you have struct addrinfo data type]) 3773fi 3774 3775AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 3776 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 3777 [[ struct timeval tv; tv.tv_sec = 1;]])], 3778 [ ac_cv_have_struct_timeval="yes" ], 3779 [ ac_cv_have_struct_timeval="no" 3780 ]) 3781]) 3782if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 3783 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 3784 have_struct_timeval=1 3785fi 3786 3787AC_CHECK_TYPES([struct timespec]) 3788 3789# We need int64_t or else certian parts of the compile will fail. 3790if test "x$ac_cv_have_int64_t" = "xno" && \ 3791 test "x$ac_cv_sizeof_long_int" != "x8" && \ 3792 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 3793 echo "OpenSSH requires int64_t support. Contact your vendor or install" 3794 echo "an alternative compiler (I.E., GCC) before continuing." 3795 echo "" 3796 exit 1; 3797else 3798dnl test snprintf (broken on SCO w/gcc) 3799 AC_RUN_IFELSE( 3800 [AC_LANG_SOURCE([[ 3801#include <stdio.h> 3802#include <string.h> 3803#ifdef HAVE_SNPRINTF 3804main() 3805{ 3806 char buf[50]; 3807 char expected_out[50]; 3808 int mazsize = 50 ; 3809#if (SIZEOF_LONG_INT == 8) 3810 long int num = 0x7fffffffffffffff; 3811#else 3812 long long num = 0x7fffffffffffffffll; 3813#endif 3814 strcpy(expected_out, "9223372036854775807"); 3815 snprintf(buf, mazsize, "%lld", num); 3816 if(strcmp(buf, expected_out) != 0) 3817 exit(1); 3818 exit(0); 3819} 3820#else 3821main() { exit(0); } 3822#endif 3823 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 3824 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 3825 ) 3826fi 3827 3828dnl Checks for structure members 3829OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 3830OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 3831OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 3832OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 3833OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 3834OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 3835OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 3836OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 3837OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 3838OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 3839OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 3840OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 3841OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 3842OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 3843OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 3844OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 3845OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 3846 3847AC_CHECK_MEMBERS([struct stat.st_blksize]) 3848AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 3849struct passwd.pw_change, struct passwd.pw_expire], 3850[], [], [[ 3851#include <sys/types.h> 3852#include <pwd.h> 3853]]) 3854 3855AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 3856 [Define if we don't have struct __res_state in resolv.h])], 3857[[ 3858#include <stdio.h> 3859#if HAVE_SYS_TYPES_H 3860# include <sys/types.h> 3861#endif 3862#include <netinet/in.h> 3863#include <arpa/nameser.h> 3864#include <resolv.h> 3865]]) 3866 3867AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 3868 ac_cv_have_ss_family_in_struct_ss, [ 3869 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3870#include <sys/types.h> 3871#include <sys/socket.h> 3872 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 3873 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 3874 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 3875]) 3876if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 3877 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 3878fi 3879 3880AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 3881 ac_cv_have___ss_family_in_struct_ss, [ 3882 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3883#include <sys/types.h> 3884#include <sys/socket.h> 3885 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 3886 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 3887 [ ac_cv_have___ss_family_in_struct_ss="no" 3888 ]) 3889]) 3890if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 3891 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 3892 [Fields in struct sockaddr_storage]) 3893fi 3894 3895dnl make sure we're using the real structure members and not defines 3896AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 3897 ac_cv_have_accrights_in_msghdr, [ 3898 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3899#include <sys/types.h> 3900#include <sys/socket.h> 3901#include <sys/uio.h> 3902 ]], [[ 3903#ifdef msg_accrights 3904#error "msg_accrights is a macro" 3905exit(1); 3906#endif 3907struct msghdr m; 3908m.msg_accrights = 0; 3909exit(0); 3910 ]])], 3911 [ ac_cv_have_accrights_in_msghdr="yes" ], 3912 [ ac_cv_have_accrights_in_msghdr="no" ] 3913 ) 3914]) 3915if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 3916 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 3917 [Define if your system uses access rights style 3918 file descriptor passing]) 3919fi 3920 3921AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 3922AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3923#include <sys/param.h> 3924#include <sys/stat.h> 3925#ifdef HAVE_SYS_TIME_H 3926# include <sys/time.h> 3927#endif 3928#ifdef HAVE_SYS_MOUNT_H 3929#include <sys/mount.h> 3930#endif 3931#ifdef HAVE_SYS_STATVFS_H 3932#include <sys/statvfs.h> 3933#endif 3934 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 3935 [ AC_MSG_RESULT([yes]) ], 3936 [ AC_MSG_RESULT([no]) 3937 3938 AC_MSG_CHECKING([if fsid_t has member val]) 3939 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3940#include <sys/types.h> 3941#include <sys/statvfs.h> 3942 ]], [[ fsid_t t; t.val[0] = 0; ]])], 3943 [ AC_MSG_RESULT([yes]) 3944 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 3945 [ AC_MSG_RESULT([no]) ]) 3946 3947 AC_MSG_CHECKING([if f_fsid has member __val]) 3948 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3949#include <sys/types.h> 3950#include <sys/statvfs.h> 3951 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 3952 [ AC_MSG_RESULT([yes]) 3953 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 3954 [ AC_MSG_RESULT([no]) ]) 3955]) 3956 3957AC_CACHE_CHECK([for msg_control field in struct msghdr], 3958 ac_cv_have_control_in_msghdr, [ 3959 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3960#include <sys/types.h> 3961#include <sys/socket.h> 3962#include <sys/uio.h> 3963 ]], [[ 3964#ifdef msg_control 3965#error "msg_control is a macro" 3966exit(1); 3967#endif 3968struct msghdr m; 3969m.msg_control = 0; 3970exit(0); 3971 ]])], 3972 [ ac_cv_have_control_in_msghdr="yes" ], 3973 [ ac_cv_have_control_in_msghdr="no" ] 3974 ) 3975]) 3976if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 3977 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 3978 [Define if your system uses ancillary data style 3979 file descriptor passing]) 3980fi 3981 3982AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 3983 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 3984 [[ extern char *__progname; printf("%s", __progname); ]])], 3985 [ ac_cv_libc_defines___progname="yes" ], 3986 [ ac_cv_libc_defines___progname="no" 3987 ]) 3988]) 3989if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 3990 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 3991fi 3992 3993AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 3994 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 3995 [[ printf("%s", __FUNCTION__); ]])], 3996 [ ac_cv_cc_implements___FUNCTION__="yes" ], 3997 [ ac_cv_cc_implements___FUNCTION__="no" 3998 ]) 3999]) 4000if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 4001 AC_DEFINE([HAVE___FUNCTION__], [1], 4002 [Define if compiler implements __FUNCTION__]) 4003fi 4004 4005AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 4006 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 4007 [[ printf("%s", __func__); ]])], 4008 [ ac_cv_cc_implements___func__="yes" ], 4009 [ ac_cv_cc_implements___func__="no" 4010 ]) 4011]) 4012if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 4013 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 4014fi 4015 4016AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 4017 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4018#include <stdarg.h> 4019va_list x,y; 4020 ]], [[ va_copy(x,y); ]])], 4021 [ ac_cv_have_va_copy="yes" ], 4022 [ ac_cv_have_va_copy="no" 4023 ]) 4024]) 4025if test "x$ac_cv_have_va_copy" = "xyes" ; then 4026 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 4027fi 4028 4029AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 4030 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4031#include <stdarg.h> 4032va_list x,y; 4033 ]], [[ __va_copy(x,y); ]])], 4034 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 4035 ]) 4036]) 4037if test "x$ac_cv_have___va_copy" = "xyes" ; then 4038 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 4039fi 4040 4041AC_CACHE_CHECK([whether getopt has optreset support], 4042 ac_cv_have_getopt_optreset, [ 4043 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 4044 [[ extern int optreset; optreset = 0; ]])], 4045 [ ac_cv_have_getopt_optreset="yes" ], 4046 [ ac_cv_have_getopt_optreset="no" 4047 ]) 4048]) 4049if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 4050 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 4051 [Define if your getopt(3) defines and uses optreset]) 4052fi 4053 4054AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 4055 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4056[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 4057 [ ac_cv_libc_defines_sys_errlist="yes" ], 4058 [ ac_cv_libc_defines_sys_errlist="no" 4059 ]) 4060]) 4061if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 4062 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 4063 [Define if your system defines sys_errlist[]]) 4064fi 4065 4066 4067AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 4068 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 4069[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 4070 [ ac_cv_libc_defines_sys_nerr="yes" ], 4071 [ ac_cv_libc_defines_sys_nerr="no" 4072 ]) 4073]) 4074if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 4075 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 4076fi 4077 4078# Check libraries needed by DNS fingerprint support 4079AC_SEARCH_LIBS([getrrsetbyname], [resolv], 4080 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 4081 [Define if getrrsetbyname() exists])], 4082 [ 4083 # Needed by our getrrsetbyname() 4084 AC_SEARCH_LIBS([res_query], [resolv]) 4085 AC_SEARCH_LIBS([dn_expand], [resolv]) 4086 AC_MSG_CHECKING([if res_query will link]) 4087 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4088#include <sys/types.h> 4089#include <netinet/in.h> 4090#include <arpa/nameser.h> 4091#include <netdb.h> 4092#include <resolv.h> 4093 ]], [[ 4094 res_query (0, 0, 0, 0, 0); 4095 ]])], 4096 AC_MSG_RESULT([yes]), 4097 [AC_MSG_RESULT([no]) 4098 saved_LIBS="$LIBS" 4099 LIBS="$LIBS -lresolv" 4100 AC_MSG_CHECKING([for res_query in -lresolv]) 4101 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4102#include <sys/types.h> 4103#include <netinet/in.h> 4104#include <arpa/nameser.h> 4105#include <netdb.h> 4106#include <resolv.h> 4107 ]], [[ 4108 res_query (0, 0, 0, 0, 0); 4109 ]])], 4110 [AC_MSG_RESULT([yes])], 4111 [LIBS="$saved_LIBS" 4112 AC_MSG_RESULT([no])]) 4113 ]) 4114 AC_CHECK_FUNCS([_getshort _getlong]) 4115 AC_CHECK_DECLS([_getshort, _getlong], , , 4116 [#include <sys/types.h> 4117 #include <arpa/nameser.h>]) 4118 AC_CHECK_MEMBER([HEADER.ad], 4119 [AC_DEFINE([HAVE_HEADER_AD], [1], 4120 [Define if HEADER.ad exists in arpa/nameser.h])], , 4121 [#include <arpa/nameser.h>]) 4122 ]) 4123 4124AC_MSG_CHECKING([if struct __res_state _res is an extern]) 4125AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 4126#include <stdio.h> 4127#if HAVE_SYS_TYPES_H 4128# include <sys/types.h> 4129#endif 4130#include <netinet/in.h> 4131#include <arpa/nameser.h> 4132#include <resolv.h> 4133extern struct __res_state _res; 4134 ]], [[ 4135struct __res_state *volatile p = &_res; /* force resolution of _res */ 4136return 0; 4137 ]],)], 4138 [AC_MSG_RESULT([yes]) 4139 AC_DEFINE([HAVE__RES_EXTERN], [1], 4140 [Define if you have struct __res_state _res as an extern]) 4141 ], 4142 [ AC_MSG_RESULT([no]) ] 4143) 4144 4145# Check whether user wants SELinux support 4146SELINUX_MSG="no" 4147LIBSELINUX="" 4148AC_ARG_WITH([selinux], 4149 [ --with-selinux Enable SELinux support], 4150 [ if test "x$withval" != "xno" ; then 4151 save_LIBS="$LIBS" 4152 AC_DEFINE([WITH_SELINUX], [1], 4153 [Define if you want SELinux support.]) 4154 SELINUX_MSG="yes" 4155 AC_CHECK_HEADER([selinux/selinux.h], , 4156 AC_MSG_ERROR([SELinux support requires selinux.h header])) 4157 AC_CHECK_LIB([selinux], [setexeccon], 4158 [ LIBSELINUX="-lselinux" 4159 LIBS="$LIBS -lselinux" 4160 ], 4161 AC_MSG_ERROR([SELinux support requires libselinux library])) 4162 SSHLIBS="$SSHLIBS $LIBSELINUX" 4163 SSHDLIBS="$SSHDLIBS $LIBSELINUX" 4164 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4165 LIBS="$save_LIBS" 4166 fi ] 4167) 4168AC_SUBST([SSHLIBS]) 4169AC_SUBST([SSHDLIBS]) 4170 4171# Check whether user wants Kerberos 5 support 4172KRB5_MSG="no" 4173AC_ARG_WITH([kerberos5], 4174 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4175 [ if test "x$withval" != "xno" ; then 4176 if test "x$withval" = "xyes" ; then 4177 KRB5ROOT="/usr/local" 4178 else 4179 KRB5ROOT=${withval} 4180 fi 4181 4182 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4183 KRB5_MSG="yes" 4184 4185 AC_PATH_TOOL([KRB5CONF], [krb5-config], 4186 [$KRB5ROOT/bin/krb5-config], 4187 [$KRB5ROOT/bin:$PATH]) 4188 if test -x $KRB5CONF ; then 4189 K5CFLAGS="`$KRB5CONF --cflags`" 4190 K5LIBS="`$KRB5CONF --libs`" 4191 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4192 4193 AC_MSG_CHECKING([for gssapi support]) 4194 if $KRB5CONF | grep gssapi >/dev/null ; then 4195 AC_MSG_RESULT([yes]) 4196 AC_DEFINE([GSSAPI], [1], 4197 [Define this if you want GSSAPI 4198 support in the version 2 protocol]) 4199 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4200 GSSLIBS="`$KRB5CONF --libs gssapi`" 4201 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4202 else 4203 AC_MSG_RESULT([no]) 4204 fi 4205 AC_MSG_CHECKING([whether we are using Heimdal]) 4206 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4207 ]], [[ char *tmp = heimdal_version; ]])], 4208 [ AC_MSG_RESULT([yes]) 4209 AC_DEFINE([HEIMDAL], [1], 4210 [Define this if you are using the Heimdal 4211 version of Kerberos V5]) ], 4212 [AC_MSG_RESULT([no]) 4213 ]) 4214 else 4215 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4216 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4217 AC_MSG_CHECKING([whether we are using Heimdal]) 4218 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4219 ]], [[ char *tmp = heimdal_version; ]])], 4220 [ AC_MSG_RESULT([yes]) 4221 AC_DEFINE([HEIMDAL]) 4222 K5LIBS="-lkrb5" 4223 K5LIBS="$K5LIBS -lcom_err -lasn1" 4224 AC_CHECK_LIB([roken], [net_write], 4225 [K5LIBS="$K5LIBS -lroken"]) 4226 AC_CHECK_LIB([des], [des_cbc_encrypt], 4227 [K5LIBS="$K5LIBS -ldes"]) 4228 ], [ AC_MSG_RESULT([no]) 4229 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4230 ]) 4231 AC_SEARCH_LIBS([dn_expand], [resolv]) 4232 4233 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4234 [ AC_DEFINE([GSSAPI]) 4235 GSSLIBS="-lgssapi_krb5" ], 4236 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4237 [ AC_DEFINE([GSSAPI]) 4238 GSSLIBS="-lgssapi" ], 4239 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4240 [ AC_DEFINE([GSSAPI]) 4241 GSSLIBS="-lgss" ], 4242 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4243 ]) 4244 ]) 4245 4246 AC_CHECK_HEADER([gssapi.h], , 4247 [ unset ac_cv_header_gssapi_h 4248 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4249 AC_CHECK_HEADERS([gssapi.h], , 4250 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4251 ) 4252 ] 4253 ) 4254 4255 oldCPP="$CPPFLAGS" 4256 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4257 AC_CHECK_HEADER([gssapi_krb5.h], , 4258 [ CPPFLAGS="$oldCPP" ]) 4259 4260 fi 4261 if test ! -z "$need_dash_r" ; then 4262 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" 4263 fi 4264 if test ! -z "$blibpath" ; then 4265 blibpath="$blibpath:${KRB5ROOT}/lib" 4266 fi 4267 4268 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4269 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4270 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4271 4272 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4273 [Define this if you want to use libkafs' AFS support])]) 4274 4275 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4276#ifdef HAVE_GSSAPI_H 4277# include <gssapi.h> 4278#elif defined(HAVE_GSSAPI_GSSAPI_H) 4279# include <gssapi/gssapi.h> 4280#endif 4281 4282#ifdef HAVE_GSSAPI_GENERIC_H 4283# include <gssapi_generic.h> 4284#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4285# include <gssapi/gssapi_generic.h> 4286#endif 4287 ]]) 4288 saved_LIBS="$LIBS" 4289 LIBS="$LIBS $K5LIBS" 4290 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4291 LIBS="$saved_LIBS" 4292 4293 fi 4294 ] 4295) 4296AC_SUBST([GSSLIBS]) 4297AC_SUBST([K5LIBS]) 4298 4299# Looking for programs, paths and files 4300 4301PRIVSEP_PATH=/var/empty 4302AC_ARG_WITH([privsep-path], 4303 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4304 [ 4305 if test -n "$withval" && test "x$withval" != "xno" && \ 4306 test "x${withval}" != "xyes"; then 4307 PRIVSEP_PATH=$withval 4308 fi 4309 ] 4310) 4311AC_SUBST([PRIVSEP_PATH]) 4312 4313AC_ARG_WITH([xauth], 4314 [ --with-xauth=PATH Specify path to xauth program ], 4315 [ 4316 if test -n "$withval" && test "x$withval" != "xno" && \ 4317 test "x${withval}" != "xyes"; then 4318 xauth_path=$withval 4319 fi 4320 ], 4321 [ 4322 TestPath="$PATH" 4323 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4324 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4325 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4326 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4327 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4328 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4329 xauth_path="/usr/openwin/bin/xauth" 4330 fi 4331 ] 4332) 4333 4334STRIP_OPT=-s 4335AC_ARG_ENABLE([strip], 4336 [ --disable-strip Disable calling strip(1) on install], 4337 [ 4338 if test "x$enableval" = "xno" ; then 4339 STRIP_OPT= 4340 fi 4341 ] 4342) 4343AC_SUBST([STRIP_OPT]) 4344 4345if test -z "$xauth_path" ; then 4346 XAUTH_PATH="undefined" 4347 AC_SUBST([XAUTH_PATH]) 4348else 4349 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4350 [Define if xauth is found in your path]) 4351 XAUTH_PATH=$xauth_path 4352 AC_SUBST([XAUTH_PATH]) 4353fi 4354 4355dnl # --with-maildir=/path/to/mail gets top priority. 4356dnl # if maildir is set in the platform case statement above we use that. 4357dnl # Otherwise we run a program to get the dir from system headers. 4358dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4359dnl # If we find _PATH_MAILDIR we do nothing because that is what 4360dnl # session.c expects anyway. Otherwise we set to the value found 4361dnl # stripping any trailing slash. If for some strage reason our program 4362dnl # does not find what it needs, we default to /var/spool/mail. 4363# Check for mail directory 4364AC_ARG_WITH([maildir], 4365 [ --with-maildir=/path/to/mail Specify your system mail directory], 4366 [ 4367 if test "X$withval" != X && test "x$withval" != xno && \ 4368 test "x${withval}" != xyes; then 4369 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4370 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4371 fi 4372 ],[ 4373 if test "X$maildir" != "X"; then 4374 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4375 else 4376 AC_MSG_CHECKING([Discovering system mail directory]) 4377 AC_RUN_IFELSE( 4378 [AC_LANG_PROGRAM([[ 4379#include <stdio.h> 4380#include <string.h> 4381#ifdef HAVE_PATHS_H 4382#include <paths.h> 4383#endif 4384#ifdef HAVE_MAILLOCK_H 4385#include <maillock.h> 4386#endif 4387#define DATA "conftest.maildir" 4388 ]], [[ 4389 FILE *fd; 4390 int rc; 4391 4392 fd = fopen(DATA,"w"); 4393 if(fd == NULL) 4394 exit(1); 4395 4396#if defined (_PATH_MAILDIR) 4397 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4398 exit(1); 4399#elif defined (MAILDIR) 4400 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4401 exit(1); 4402#elif defined (_PATH_MAIL) 4403 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4404 exit(1); 4405#else 4406 exit (2); 4407#endif 4408 4409 exit(0); 4410 ]])], 4411 [ 4412 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4413 maildir=`awk -F: '{print $2}' conftest.maildir \ 4414 | sed 's|/$||'` 4415 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4416 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4417 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4418 fi 4419 ], 4420 [ 4421 if test "X$ac_status" = "X2";then 4422# our test program didn't find it. Default to /var/spool/mail 4423 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4424 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4425 else 4426 AC_MSG_RESULT([*** not found ***]) 4427 fi 4428 ], 4429 [ 4430 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4431 ] 4432 ) 4433 fi 4434 ] 4435) # maildir 4436 4437if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4438 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4439 disable_ptmx_check=yes 4440fi 4441if test -z "$no_dev_ptmx" ; then 4442 if test "x$disable_ptmx_check" != "xyes" ; then 4443 AC_CHECK_FILE(["/dev/ptmx"], 4444 [ 4445 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4446 [Define if you have /dev/ptmx]) 4447 have_dev_ptmx=1 4448 ] 4449 ) 4450 fi 4451fi 4452 4453if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4454 AC_CHECK_FILE(["/dev/ptc"], 4455 [ 4456 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4457 [Define if you have /dev/ptc]) 4458 have_dev_ptc=1 4459 ] 4460 ) 4461else 4462 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4463fi 4464 4465# Options from here on. Some of these are preset by platform above 4466AC_ARG_WITH([mantype], 4467 [ --with-mantype=man|cat|doc Set man page type], 4468 [ 4469 case "$withval" in 4470 man|cat|doc) 4471 MANTYPE=$withval 4472 ;; 4473 *) 4474 AC_MSG_ERROR([invalid man type: $withval]) 4475 ;; 4476 esac 4477 ] 4478) 4479if test -z "$MANTYPE"; then 4480 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" 4481 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath]) 4482 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4483 MANTYPE=doc 4484 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4485 MANTYPE=man 4486 else 4487 MANTYPE=cat 4488 fi 4489fi 4490AC_SUBST([MANTYPE]) 4491if test "$MANTYPE" = "doc"; then 4492 mansubdir=man; 4493else 4494 mansubdir=$MANTYPE; 4495fi 4496AC_SUBST([mansubdir]) 4497 4498# Check whether to enable MD5 passwords 4499MD5_MSG="no" 4500AC_ARG_WITH([md5-passwords], 4501 [ --with-md5-passwords Enable use of MD5 passwords], 4502 [ 4503 if test "x$withval" != "xno" ; then 4504 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4505 [Define if you want to allow MD5 passwords]) 4506 MD5_MSG="yes" 4507 fi 4508 ] 4509) 4510 4511# Whether to disable shadow password support 4512AC_ARG_WITH([shadow], 4513 [ --without-shadow Disable shadow password support], 4514 [ 4515 if test "x$withval" = "xno" ; then 4516 AC_DEFINE([DISABLE_SHADOW]) 4517 disable_shadow=yes 4518 fi 4519 ] 4520) 4521 4522if test -z "$disable_shadow" ; then 4523 AC_MSG_CHECKING([if the systems has expire shadow information]) 4524 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4525#include <sys/types.h> 4526#include <shadow.h> 4527struct spwd sp; 4528 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4529 [ sp_expire_available=yes ], [ 4530 ]) 4531 4532 if test "x$sp_expire_available" = "xyes" ; then 4533 AC_MSG_RESULT([yes]) 4534 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4535 [Define if you want to use shadow password expire field]) 4536 else 4537 AC_MSG_RESULT([no]) 4538 fi 4539fi 4540 4541# Use ip address instead of hostname in $DISPLAY 4542if test ! -z "$IPADDR_IN_DISPLAY" ; then 4543 DISPLAY_HACK_MSG="yes" 4544 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4545 [Define if you need to use IP address 4546 instead of hostname in $DISPLAY]) 4547else 4548 DISPLAY_HACK_MSG="no" 4549 AC_ARG_WITH([ipaddr-display], 4550 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 4551 [ 4552 if test "x$withval" != "xno" ; then 4553 AC_DEFINE([IPADDR_IN_DISPLAY]) 4554 DISPLAY_HACK_MSG="yes" 4555 fi 4556 ] 4557 ) 4558fi 4559 4560# check for /etc/default/login and use it if present. 4561AC_ARG_ENABLE([etc-default-login], 4562 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4563 [ if test "x$enableval" = "xno"; then 4564 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4565 etc_default_login=no 4566 else 4567 etc_default_login=yes 4568 fi ], 4569 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4570 then 4571 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4572 etc_default_login=no 4573 else 4574 etc_default_login=yes 4575 fi ] 4576) 4577 4578if test "x$etc_default_login" != "xno"; then 4579 AC_CHECK_FILE(["/etc/default/login"], 4580 [ external_path_file=/etc/default/login ]) 4581 if test "x$external_path_file" = "x/etc/default/login"; then 4582 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4583 [Define if your system has /etc/default/login]) 4584 fi 4585fi 4586 4587dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4588if test $ac_cv_func_login_getcapbool = "yes" && \ 4589 test $ac_cv_header_login_cap_h = "yes" ; then 4590 external_path_file=/etc/login.conf 4591fi 4592 4593# Whether to mess with the default path 4594SERVER_PATH_MSG="(default)" 4595AC_ARG_WITH([default-path], 4596 [ --with-default-path= Specify default $PATH environment for server], 4597 [ 4598 if test "x$external_path_file" = "x/etc/login.conf" ; then 4599 AC_MSG_WARN([ 4600--with-default-path=PATH has no effect on this system. 4601Edit /etc/login.conf instead.]) 4602 elif test "x$withval" != "xno" ; then 4603 if test ! -z "$external_path_file" ; then 4604 AC_MSG_WARN([ 4605--with-default-path=PATH will only be used if PATH is not defined in 4606$external_path_file .]) 4607 fi 4608 user_path="$withval" 4609 SERVER_PATH_MSG="$withval" 4610 fi 4611 ], 4612 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 4613 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 4614 else 4615 if test ! -z "$external_path_file" ; then 4616 AC_MSG_WARN([ 4617If PATH is defined in $external_path_file, ensure the path to scp is included, 4618otherwise scp will not work.]) 4619 fi 4620 AC_RUN_IFELSE( 4621 [AC_LANG_PROGRAM([[ 4622/* find out what STDPATH is */ 4623#include <stdio.h> 4624#ifdef HAVE_PATHS_H 4625# include <paths.h> 4626#endif 4627#ifndef _PATH_STDPATH 4628# ifdef _PATH_USERPATH /* Irix */ 4629# define _PATH_STDPATH _PATH_USERPATH 4630# else 4631# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 4632# endif 4633#endif 4634#include <sys/types.h> 4635#include <sys/stat.h> 4636#include <fcntl.h> 4637#define DATA "conftest.stdpath" 4638 ]], [[ 4639 FILE *fd; 4640 int rc; 4641 4642 fd = fopen(DATA,"w"); 4643 if(fd == NULL) 4644 exit(1); 4645 4646 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 4647 exit(1); 4648 4649 exit(0); 4650 ]])], 4651 [ user_path=`cat conftest.stdpath` ], 4652 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 4653 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 4654 ) 4655# make sure $bindir is in USER_PATH so scp will work 4656 t_bindir="${bindir}" 4657 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 4658 t_bindir=`eval echo ${t_bindir}` 4659 case $t_bindir in 4660 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 4661 esac 4662 case $t_bindir in 4663 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 4664 esac 4665 done 4666 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 4667 if test $? -ne 0 ; then 4668 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 4669 if test $? -ne 0 ; then 4670 user_path=$user_path:$t_bindir 4671 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 4672 fi 4673 fi 4674 fi ] 4675) 4676if test "x$external_path_file" != "x/etc/login.conf" ; then 4677 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 4678 AC_SUBST([user_path]) 4679fi 4680 4681# Set superuser path separately to user path 4682AC_ARG_WITH([superuser-path], 4683 [ --with-superuser-path= Specify different path for super-user], 4684 [ 4685 if test -n "$withval" && test "x$withval" != "xno" && \ 4686 test "x${withval}" != "xyes"; then 4687 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 4688 [Define if you want a different $PATH 4689 for the superuser]) 4690 superuser_path=$withval 4691 fi 4692 ] 4693) 4694 4695 4696AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 4697IPV4_IN6_HACK_MSG="no" 4698AC_ARG_WITH(4in6, 4699 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 4700 [ 4701 if test "x$withval" != "xno" ; then 4702 AC_MSG_RESULT([yes]) 4703 AC_DEFINE([IPV4_IN_IPV6], [1], 4704 [Detect IPv4 in IPv6 mapped addresses 4705 and treat as IPv4]) 4706 IPV4_IN6_HACK_MSG="yes" 4707 else 4708 AC_MSG_RESULT([no]) 4709 fi 4710 ], [ 4711 if test "x$inet6_default_4in6" = "xyes"; then 4712 AC_MSG_RESULT([yes (default)]) 4713 AC_DEFINE([IPV4_IN_IPV6]) 4714 IPV4_IN6_HACK_MSG="yes" 4715 else 4716 AC_MSG_RESULT([no (default)]) 4717 fi 4718 ] 4719) 4720 4721# Whether to enable BSD auth support 4722BSD_AUTH_MSG=no 4723AC_ARG_WITH([bsd-auth], 4724 [ --with-bsd-auth Enable BSD auth support], 4725 [ 4726 if test "x$withval" != "xno" ; then 4727 AC_DEFINE([BSD_AUTH], [1], 4728 [Define if you have BSD auth support]) 4729 BSD_AUTH_MSG=yes 4730 fi 4731 ] 4732) 4733 4734# Where to place sshd.pid 4735piddir=/var/run 4736# make sure the directory exists 4737if test ! -d $piddir ; then 4738 piddir=`eval echo ${sysconfdir}` 4739 case $piddir in 4740 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 4741 esac 4742fi 4743 4744AC_ARG_WITH([pid-dir], 4745 [ --with-pid-dir=PATH Specify location of ssh.pid file], 4746 [ 4747 if test -n "$withval" && test "x$withval" != "xno" && \ 4748 test "x${withval}" != "xyes"; then 4749 piddir=$withval 4750 if test ! -d $piddir ; then 4751 AC_MSG_WARN([** no $piddir directory on this system **]) 4752 fi 4753 fi 4754 ] 4755) 4756 4757AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 4758 [Specify location of ssh.pid]) 4759AC_SUBST([piddir]) 4760 4761dnl allow user to disable some login recording features 4762AC_ARG_ENABLE([lastlog], 4763 [ --disable-lastlog disable use of lastlog even if detected [no]], 4764 [ 4765 if test "x$enableval" = "xno" ; then 4766 AC_DEFINE([DISABLE_LASTLOG]) 4767 fi 4768 ] 4769) 4770AC_ARG_ENABLE([utmp], 4771 [ --disable-utmp disable use of utmp even if detected [no]], 4772 [ 4773 if test "x$enableval" = "xno" ; then 4774 AC_DEFINE([DISABLE_UTMP]) 4775 fi 4776 ] 4777) 4778AC_ARG_ENABLE([utmpx], 4779 [ --disable-utmpx disable use of utmpx even if detected [no]], 4780 [ 4781 if test "x$enableval" = "xno" ; then 4782 AC_DEFINE([DISABLE_UTMPX], [1], 4783 [Define if you don't want to use utmpx]) 4784 fi 4785 ] 4786) 4787AC_ARG_ENABLE([wtmp], 4788 [ --disable-wtmp disable use of wtmp even if detected [no]], 4789 [ 4790 if test "x$enableval" = "xno" ; then 4791 AC_DEFINE([DISABLE_WTMP]) 4792 fi 4793 ] 4794) 4795AC_ARG_ENABLE([wtmpx], 4796 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 4797 [ 4798 if test "x$enableval" = "xno" ; then 4799 AC_DEFINE([DISABLE_WTMPX], [1], 4800 [Define if you don't want to use wtmpx]) 4801 fi 4802 ] 4803) 4804AC_ARG_ENABLE([libutil], 4805 [ --disable-libutil disable use of libutil (login() etc.) [no]], 4806 [ 4807 if test "x$enableval" = "xno" ; then 4808 AC_DEFINE([DISABLE_LOGIN]) 4809 fi 4810 ] 4811) 4812AC_ARG_ENABLE([pututline], 4813 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 4814 [ 4815 if test "x$enableval" = "xno" ; then 4816 AC_DEFINE([DISABLE_PUTUTLINE], [1], 4817 [Define if you don't want to use pututline() 4818 etc. to write [uw]tmp]) 4819 fi 4820 ] 4821) 4822AC_ARG_ENABLE([pututxline], 4823 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 4824 [ 4825 if test "x$enableval" = "xno" ; then 4826 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 4827 [Define if you don't want to use pututxline() 4828 etc. to write [uw]tmpx]) 4829 fi 4830 ] 4831) 4832AC_ARG_WITH([lastlog], 4833 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 4834 [ 4835 if test "x$withval" = "xno" ; then 4836 AC_DEFINE([DISABLE_LASTLOG]) 4837 elif test -n "$withval" && test "x${withval}" != "xyes"; then 4838 conf_lastlog_location=$withval 4839 fi 4840 ] 4841) 4842 4843dnl lastlog, [uw]tmpx? detection 4844dnl NOTE: set the paths in the platform section to avoid the 4845dnl need for command-line parameters 4846dnl lastlog and [uw]tmp are subject to a file search if all else fails 4847 4848dnl lastlog detection 4849dnl NOTE: the code itself will detect if lastlog is a directory 4850AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 4851AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4852#include <sys/types.h> 4853#include <utmp.h> 4854#ifdef HAVE_LASTLOG_H 4855# include <lastlog.h> 4856#endif 4857#ifdef HAVE_PATHS_H 4858# include <paths.h> 4859#endif 4860#ifdef HAVE_LOGIN_H 4861# include <login.h> 4862#endif 4863 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 4864 [ AC_MSG_RESULT([yes]) ], 4865 [ 4866 AC_MSG_RESULT([no]) 4867 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 4868 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4869#include <sys/types.h> 4870#include <utmp.h> 4871#ifdef HAVE_LASTLOG_H 4872# include <lastlog.h> 4873#endif 4874#ifdef HAVE_PATHS_H 4875# include <paths.h> 4876#endif 4877 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 4878 [ AC_MSG_RESULT([yes]) ], 4879 [ 4880 AC_MSG_RESULT([no]) 4881 system_lastlog_path=no 4882 ]) 4883]) 4884 4885if test -z "$conf_lastlog_location"; then 4886 if test x"$system_lastlog_path" = x"no" ; then 4887 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 4888 if (test -d "$f" || test -f "$f") ; then 4889 conf_lastlog_location=$f 4890 fi 4891 done 4892 if test -z "$conf_lastlog_location"; then 4893 AC_MSG_WARN([** Cannot find lastlog **]) 4894 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 4895 fi 4896 fi 4897fi 4898 4899if test -n "$conf_lastlog_location"; then 4900 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 4901 [Define if you want to specify the path to your lastlog file]) 4902fi 4903 4904dnl utmp detection 4905AC_MSG_CHECKING([if your system defines UTMP_FILE]) 4906AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4907#include <sys/types.h> 4908#include <utmp.h> 4909#ifdef HAVE_PATHS_H 4910# include <paths.h> 4911#endif 4912 ]], [[ char *utmp = UTMP_FILE; ]])], 4913 [ AC_MSG_RESULT([yes]) ], 4914 [ AC_MSG_RESULT([no]) 4915 system_utmp_path=no 4916]) 4917if test -z "$conf_utmp_location"; then 4918 if test x"$system_utmp_path" = x"no" ; then 4919 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 4920 if test -f $f ; then 4921 conf_utmp_location=$f 4922 fi 4923 done 4924 if test -z "$conf_utmp_location"; then 4925 AC_DEFINE([DISABLE_UTMP]) 4926 fi 4927 fi 4928fi 4929if test -n "$conf_utmp_location"; then 4930 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 4931 [Define if you want to specify the path to your utmp file]) 4932fi 4933 4934dnl wtmp detection 4935AC_MSG_CHECKING([if your system defines WTMP_FILE]) 4936AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4937#include <sys/types.h> 4938#include <utmp.h> 4939#ifdef HAVE_PATHS_H 4940# include <paths.h> 4941#endif 4942 ]], [[ char *wtmp = WTMP_FILE; ]])], 4943 [ AC_MSG_RESULT([yes]) ], 4944 [ AC_MSG_RESULT([no]) 4945 system_wtmp_path=no 4946]) 4947if test -z "$conf_wtmp_location"; then 4948 if test x"$system_wtmp_path" = x"no" ; then 4949 for f in /usr/adm/wtmp /var/log/wtmp; do 4950 if test -f $f ; then 4951 conf_wtmp_location=$f 4952 fi 4953 done 4954 if test -z "$conf_wtmp_location"; then 4955 AC_DEFINE([DISABLE_WTMP]) 4956 fi 4957 fi 4958fi 4959if test -n "$conf_wtmp_location"; then 4960 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 4961 [Define if you want to specify the path to your wtmp file]) 4962fi 4963 4964dnl wtmpx detection 4965AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 4966AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4967#include <sys/types.h> 4968#include <utmp.h> 4969#ifdef HAVE_UTMPX_H 4970#include <utmpx.h> 4971#endif 4972#ifdef HAVE_PATHS_H 4973# include <paths.h> 4974#endif 4975 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 4976 [ AC_MSG_RESULT([yes]) ], 4977 [ AC_MSG_RESULT([no]) 4978 system_wtmpx_path=no 4979]) 4980if test -z "$conf_wtmpx_location"; then 4981 if test x"$system_wtmpx_path" = x"no" ; then 4982 AC_DEFINE([DISABLE_WTMPX]) 4983 fi 4984else 4985 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 4986 [Define if you want to specify the path to your wtmpx file]) 4987fi 4988 4989 4990if test ! -z "$blibpath" ; then 4991 LDFLAGS="$LDFLAGS $blibflags$blibpath" 4992 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 4993fi 4994 4995AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 4996 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 4997 AC_DEFINE([DISABLE_LASTLOG]) 4998 fi 4999 ], [ 5000#ifdef HAVE_SYS_TYPES_H 5001#include <sys/types.h> 5002#endif 5003#ifdef HAVE_UTMP_H 5004#include <utmp.h> 5005#endif 5006#ifdef HAVE_UTMPX_H 5007#include <utmpx.h> 5008#endif 5009#ifdef HAVE_LASTLOG_H 5010#include <lastlog.h> 5011#endif 5012 ]) 5013 5014AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 5015 AC_DEFINE([DISABLE_UTMP]) 5016 AC_DEFINE([DISABLE_WTMP]) 5017 ], [ 5018#ifdef HAVE_SYS_TYPES_H 5019#include <sys/types.h> 5020#endif 5021#ifdef HAVE_UTMP_H 5022#include <utmp.h> 5023#endif 5024#ifdef HAVE_UTMPX_H 5025#include <utmpx.h> 5026#endif 5027#ifdef HAVE_LASTLOG_H 5028#include <lastlog.h> 5029#endif 5030 ]) 5031 5032dnl Adding -Werror to CFLAGS early prevents configure tests from running. 5033dnl Add now. 5034CFLAGS="$CFLAGS $werror_flags" 5035 5036if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 5037 TEST_SSH_IPV6=no 5038else 5039 TEST_SSH_IPV6=yes 5040fi 5041AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 5042AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 5043AC_SUBST([TEST_SSH_UTF8], [$TEST_SSH_UTF8]) 5044AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 5045AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 5046 5047AC_EXEEXT 5048AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 5049 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 5050 survey.sh]) 5051AC_OUTPUT 5052 5053# Print summary of options 5054 5055# Someone please show me a better way :) 5056A=`eval echo ${prefix}` ; A=`eval echo ${A}` 5057B=`eval echo ${bindir}` ; B=`eval echo ${B}` 5058C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 5059D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 5060E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 5061F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 5062G=`eval echo ${piddir}` ; G=`eval echo ${G}` 5063H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 5064I=`eval echo ${user_path}` ; I=`eval echo ${I}` 5065J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 5066 5067echo "" 5068echo "OpenSSH has been configured with the following options:" 5069echo " User binaries: $B" 5070echo " System binaries: $C" 5071echo " Configuration files: $D" 5072echo " Askpass program: $E" 5073echo " Manual pages: $F" 5074echo " PID file: $G" 5075echo " Privilege separation chroot path: $H" 5076if test "x$external_path_file" = "x/etc/login.conf" ; then 5077echo " At runtime, sshd will use the path defined in $external_path_file" 5078echo " Make sure the path to scp is present, otherwise scp will not work" 5079else 5080echo " sshd default user PATH: $I" 5081 if test ! -z "$external_path_file"; then 5082echo " (If PATH is set in $external_path_file it will be used instead. If" 5083echo " used, ensure the path to scp is present, otherwise scp will not work.)" 5084 fi 5085fi 5086if test ! -z "$superuser_path" ; then 5087echo " sshd superuser user PATH: $J" 5088fi 5089echo " Manpage format: $MANTYPE" 5090echo " PAM support: $PAM_MSG" 5091echo " OSF SIA support: $SIA_MSG" 5092echo " KerberosV support: $KRB5_MSG" 5093echo " SELinux support: $SELINUX_MSG" 5094echo " Smartcard support: $SCARD_MSG" 5095echo " S/KEY support: $SKEY_MSG" 5096echo " MD5 password support: $MD5_MSG" 5097echo " libedit support: $LIBEDIT_MSG" 5098echo " libldns support: $LDNS_MSG" 5099echo " Solaris process contract support: $SPC_MSG" 5100echo " Solaris project support: $SP_MSG" 5101echo " Solaris privilege support: $SPP_MSG" 5102echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 5103echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 5104echo " BSD Auth support: $BSD_AUTH_MSG" 5105echo " Random number source: $RAND_MSG" 5106echo " Privsep sandbox style: $SANDBOX_STYLE" 5107 5108echo "" 5109 5110echo " Host: ${host}" 5111echo " Compiler: ${CC}" 5112echo " Compiler flags: ${CFLAGS}" 5113echo "Preprocessor flags: ${CPPFLAGS}" 5114echo " Linker flags: ${LDFLAGS}" 5115echo " Libraries: ${LIBS}" 5116if test ! -z "${SSHDLIBS}"; then 5117echo " +for sshd: ${SSHDLIBS}" 5118fi 5119if test ! -z "${SSHLIBS}"; then 5120echo " +for ssh: ${SSHLIBS}" 5121fi 5122 5123echo "" 5124 5125if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 5126 echo "SVR4 style packages are supported with \"make package\"" 5127 echo "" 5128fi 5129 5130if test "x$PAM_MSG" = "xyes" ; then 5131 echo "PAM is enabled. You may need to install a PAM control file " 5132 echo "for sshd, otherwise password authentication may fail. " 5133 echo "Example PAM control files can be found in the contrib/ " 5134 echo "subdirectory" 5135 echo "" 5136fi 5137 5138if test ! -z "$NO_PEERCHECK" ; then 5139 echo "WARNING: the operating system that you are using does not" 5140 echo "appear to support getpeereid(), getpeerucred() or the" 5141 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 5142 echo "enforce security checks to prevent unauthorised connections to" 5143 echo "ssh-agent. Their absence increases the risk that a malicious" 5144 echo "user can connect to your agent." 5145 echo "" 5146fi 5147 5148if test "$AUDIT_MODULE" = "bsm" ; then 5149 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 5150 echo "See the Solaris section in README.platform for details." 5151fi 5152