1# $Id: configure.ac,v 1.583 2014/08/26 20:32:01 djm Exp $ 2# 3# Copyright (c) 1999-2004 Damien Miller 4# 5# Permission to use, copy, modify, and distribute this software for any 6# purpose with or without fee is hereby granted, provided that the above 7# copyright notice and this permission notice appear in all copies. 8# 9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 17AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 18AC_REVISION($Revision: 1.583 $) 19AC_CONFIG_SRCDIR([ssh.c]) 20AC_LANG([C]) 21 22AC_CONFIG_HEADER([config.h]) 23AC_PROG_CC 24AC_CANONICAL_HOST 25AC_C_BIGENDIAN 26 27# Checks for programs. 28AC_PROG_AWK 29AC_PROG_CPP 30AC_PROG_RANLIB 31AC_PROG_INSTALL 32AC_PROG_EGREP 33AC_CHECK_TOOLS([AR], [ar]) 34AC_PATH_PROG([CAT], [cat]) 35AC_PATH_PROG([KILL], [kill]) 36AC_PATH_PROGS([PERL], [perl5 perl]) 37AC_PATH_PROG([SED], [sed]) 38AC_SUBST([PERL]) 39AC_PATH_PROG([ENT], [ent]) 40AC_SUBST([ENT]) 41AC_PATH_PROG([TEST_MINUS_S_SH], [bash]) 42AC_PATH_PROG([TEST_MINUS_S_SH], [ksh]) 43AC_PATH_PROG([TEST_MINUS_S_SH], [sh]) 44AC_PATH_PROG([SH], [sh]) 45AC_PATH_PROG([GROFF], [groff]) 46AC_PATH_PROG([NROFF], [nroff]) 47AC_PATH_PROG([MANDOC], [mandoc]) 48AC_SUBST([TEST_SHELL], [sh]) 49 50dnl select manpage formatter 51if test "x$MANDOC" != "x" ; then 52 MANFMT="$MANDOC" 53elif test "x$NROFF" != "x" ; then 54 MANFMT="$NROFF -mandoc" 55elif test "x$GROFF" != "x" ; then 56 MANFMT="$GROFF -mandoc -Tascii" 57else 58 AC_MSG_WARN([no manpage formatted found]) 59 MANFMT="false" 60fi 61AC_SUBST([MANFMT]) 62 63dnl for buildpkg.sh 64AC_PATH_PROG([PATH_GROUPADD_PROG], [groupadd], [groupadd], 65 [/usr/sbin${PATH_SEPARATOR}/etc]) 66AC_PATH_PROG([PATH_USERADD_PROG], [useradd], [useradd], 67 [/usr/sbin${PATH_SEPARATOR}/etc]) 68AC_CHECK_PROG([MAKE_PACKAGE_SUPPORTED], [pkgmk], [yes], [no]) 69if test -x /sbin/sh; then 70 AC_SUBST([STARTUP_SCRIPT_SHELL], [/sbin/sh]) 71else 72 AC_SUBST([STARTUP_SCRIPT_SHELL], [/bin/sh]) 73fi 74 75# System features 76AC_SYS_LARGEFILE 77 78if test -z "$AR" ; then 79 AC_MSG_ERROR([*** 'ar' missing, please install or fix your \$PATH ***]) 80fi 81 82# Use LOGIN_PROGRAM from environment if possible 83if test ! -z "$LOGIN_PROGRAM" ; then 84 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM"], 85 [If your header files don't define LOGIN_PROGRAM, 86 then use this (detected) from environment and PATH]) 87else 88 # Search for login 89 AC_PATH_PROG([LOGIN_PROGRAM_FALLBACK], [login]) 90 if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then 91 AC_DEFINE_UNQUOTED([LOGIN_PROGRAM_FALLBACK], ["$LOGIN_PROGRAM_FALLBACK"]) 92 fi 93fi 94 95AC_PATH_PROG([PATH_PASSWD_PROG], [passwd]) 96if test ! -z "$PATH_PASSWD_PROG" ; then 97 AC_DEFINE_UNQUOTED([_PATH_PASSWD_PROG], ["$PATH_PASSWD_PROG"], 98 [Full path of your "passwd" program]) 99fi 100 101if test -z "$LD" ; then 102 LD=$CC 103fi 104AC_SUBST([LD]) 105 106AC_C_INLINE 107 108AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) 109AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ 110 #include <sys/types.h> 111 #include <sys/param.h> 112 #include <dev/systrace.h> 113]) 114AC_CHECK_DECL([RLIMIT_NPROC], 115 [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ 116 #include <sys/types.h> 117 #include <sys/resource.h> 118]) 119AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ 120 #include <sys/types.h> 121 #include <linux/prctl.h> 122]) 123 124openssl=yes 125ssh1=no 126AC_ARG_WITH([openssl], 127 [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], 128 [ if test "x$withval" = "xno" ; then 129 openssl=no 130 ssh1=no 131 fi 132 ] 133) 134AC_MSG_CHECKING([whether OpenSSL will be used for cryptography]) 135if test "x$openssl" = "xyes" ; then 136 AC_MSG_RESULT([yes]) 137 AC_DEFINE_UNQUOTED([WITH_OPENSSL], [1], [use libcrypto for cryptography]) 138else 139 AC_MSG_RESULT([no]) 140fi 141 142AC_ARG_WITH([ssh1], 143 [ --without-ssh1 Enable support for SSH protocol 1], 144 [ 145 if test "x$withval" = "xyes" ; then 146 if test "x$openssl" = "xno" ; then 147 AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled]) 148 fi 149 ssh1=yes 150 elif test "x$withval" = "xno" ; then 151 ssh1=no 152 else 153 AC_MSG_ERROR([unknown --with-ssh1 argument]) 154 fi 155 ] 156) 157AC_MSG_CHECKING([whether SSH protocol 1 support is enabled]) 158if test "x$ssh1" = "xyes" ; then 159 AC_MSG_RESULT([yes]) 160 AC_DEFINE_UNQUOTED([WITH_SSH1], [1], [include SSH protocol version 1 support]) 161else 162 AC_MSG_RESULT([no]) 163fi 164 165use_stack_protector=1 166use_toolchain_hardening=1 167AC_ARG_WITH([stackprotect], 168 [ --without-stackprotect Don't use compiler's stack protection], [ 169 if test "x$withval" = "xno"; then 170 use_stack_protector=0 171 fi ]) 172AC_ARG_WITH([hardening], 173 [ --without-hardening Don't use toolchain hardening flags], [ 174 if test "x$withval" = "xno"; then 175 use_toolchain_hardening=0 176 fi ]) 177 178# We use -Werror for the tests only so that we catch warnings like "this is 179# on by default" for things like -fPIE. 180AC_MSG_CHECKING([if $CC supports -Werror]) 181saved_CFLAGS="$CFLAGS" 182CFLAGS="$CFLAGS -Werror" 183AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], 184 [ AC_MSG_RESULT([yes]) 185 WERROR="-Werror"], 186 [ AC_MSG_RESULT([no]) 187 WERROR="" ] 188) 189CFLAGS="$saved_CFLAGS" 190 191if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 192 OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments]) 193 OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option]) 194 OSSH_CHECK_CFLAG_COMPILE([-Wall]) 195 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) 196 OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) 197 OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) 198 OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) 199 OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) 200 OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) 201 OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) 202 OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) 203 OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) 204 if test "x$use_toolchain_hardening" = "x1"; then 205 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) 206 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) 207 OSSH_CHECK_LDFLAG_LINK([-Wl,-z,noexecstack]) 208 # NB. -ftrapv expects certain support functions to be present in 209 # the compiler library (libgcc or similar) to detect integer operations 210 # that can overflow. We must check that the result of enabling it 211 # actually links. The test program compiled/linked includes a number 212 # of integer operations that should exercise this. 213 OSSH_CHECK_CFLAG_LINK([-ftrapv]) 214 fi 215 AC_MSG_CHECKING([gcc version]) 216 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` 217 case $GCC_VER in 218 1.*) no_attrib_nonnull=1 ;; 219 2.8* | 2.9*) 220 no_attrib_nonnull=1 221 ;; 222 2.*) no_attrib_nonnull=1 ;; 223 *) ;; 224 esac 225 AC_MSG_RESULT([$GCC_VER]) 226 227 AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) 228 saved_CFLAGS="$CFLAGS" 229 CFLAGS="$CFLAGS -fno-builtin-memset" 230 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <string.h> ]], 231 [[ char b[10]; memset(b, 0, sizeof(b)); ]])], 232 [ AC_MSG_RESULT([yes]) ], 233 [ AC_MSG_RESULT([no]) 234 CFLAGS="$saved_CFLAGS" ] 235 ) 236 237 # -fstack-protector-all doesn't always work for some GCC versions 238 # and/or platforms, so we test if we can. If it's not supported 239 # on a given platform gcc will emit a warning so we use -Werror. 240 if test "x$use_stack_protector" = "x1"; then 241 for t in -fstack-protector-strong -fstack-protector-all \ 242 -fstack-protector; do 243 AC_MSG_CHECKING([if $CC supports $t]) 244 saved_CFLAGS="$CFLAGS" 245 saved_LDFLAGS="$LDFLAGS" 246 CFLAGS="$CFLAGS $t -Werror" 247 LDFLAGS="$LDFLAGS $t -Werror" 248 AC_LINK_IFELSE( 249 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 250 [[ 251 char x[256]; 252 snprintf(x, sizeof(x), "XXX"); 253 ]])], 254 [ AC_MSG_RESULT([yes]) 255 CFLAGS="$saved_CFLAGS $t" 256 LDFLAGS="$saved_LDFLAGS $t" 257 AC_MSG_CHECKING([if $t works]) 258 AC_RUN_IFELSE( 259 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 260 [[ 261 char x[256]; 262 snprintf(x, sizeof(x), "XXX"); 263 ]])], 264 [ AC_MSG_RESULT([yes]) 265 break ], 266 [ AC_MSG_RESULT([no]) ], 267 [ AC_MSG_WARN([cross compiling: cannot test]) 268 break ] 269 ) 270 ], 271 [ AC_MSG_RESULT([no]) ] 272 ) 273 CFLAGS="$saved_CFLAGS" 274 LDFLAGS="$saved_LDFLAGS" 275 done 276 fi 277 278 if test -z "$have_llong_max"; then 279 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes 280 unset ac_cv_have_decl_LLONG_MAX 281 saved_CFLAGS="$CFLAGS" 282 CFLAGS="$CFLAGS -std=gnu99" 283 AC_CHECK_DECL([LLONG_MAX], 284 [have_llong_max=1], 285 [CFLAGS="$saved_CFLAGS"], 286 [#include <limits.h>] 287 ) 288 fi 289fi 290 291AC_MSG_CHECKING([if compiler allows __attribute__ on return types]) 292AC_COMPILE_IFELSE( 293 [AC_LANG_PROGRAM([[ 294#include <stdlib.h> 295__attribute__((__unused__)) static void foo(void){return;}]], 296 [[ exit(0); ]])], 297 [ AC_MSG_RESULT([yes]) ], 298 [ AC_MSG_RESULT([no]) 299 AC_DEFINE(NO_ATTRIBUTE_ON_RETURN_TYPE, 1, 300 [compiler does not accept __attribute__ on return types]) ] 301) 302 303if test "x$no_attrib_nonnull" != "x1" ; then 304 AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull]) 305fi 306 307AC_ARG_WITH([rpath], 308 [ --without-rpath Disable auto-added -R linker paths], 309 [ 310 if test "x$withval" = "xno" ; then 311 need_dash_r="" 312 fi 313 if test "x$withval" = "xyes" ; then 314 need_dash_r=1 315 fi 316 ] 317) 318 319# Allow user to specify flags 320AC_ARG_WITH([cflags], 321 [ --with-cflags Specify additional flags to pass to compiler], 322 [ 323 if test -n "$withval" && test "x$withval" != "xno" && \ 324 test "x${withval}" != "xyes"; then 325 CFLAGS="$CFLAGS $withval" 326 fi 327 ] 328) 329AC_ARG_WITH([cppflags], 330 [ --with-cppflags Specify additional flags to pass to preprocessor] , 331 [ 332 if test -n "$withval" && test "x$withval" != "xno" && \ 333 test "x${withval}" != "xyes"; then 334 CPPFLAGS="$CPPFLAGS $withval" 335 fi 336 ] 337) 338AC_ARG_WITH([ldflags], 339 [ --with-ldflags Specify additional flags to pass to linker], 340 [ 341 if test -n "$withval" && test "x$withval" != "xno" && \ 342 test "x${withval}" != "xyes"; then 343 LDFLAGS="$LDFLAGS $withval" 344 fi 345 ] 346) 347AC_ARG_WITH([libs], 348 [ --with-libs Specify additional libraries to link with], 349 [ 350 if test -n "$withval" && test "x$withval" != "xno" && \ 351 test "x${withval}" != "xyes"; then 352 LIBS="$LIBS $withval" 353 fi 354 ] 355) 356AC_ARG_WITH([Werror], 357 [ --with-Werror Build main code with -Werror], 358 [ 359 if test -n "$withval" && test "x$withval" != "xno"; then 360 werror_flags="-Werror" 361 if test "x${withval}" != "xyes"; then 362 werror_flags="$withval" 363 fi 364 fi 365 ] 366) 367 368AC_CHECK_HEADERS([ \ 369 blf.h \ 370 bstring.h \ 371 crypt.h \ 372 crypto/sha2.h \ 373 dirent.h \ 374 endian.h \ 375 elf.h \ 376 features.h \ 377 fcntl.h \ 378 floatingpoint.h \ 379 getopt.h \ 380 glob.h \ 381 ia.h \ 382 iaf.h \ 383 inttypes.h \ 384 limits.h \ 385 locale.h \ 386 login.h \ 387 maillock.h \ 388 ndir.h \ 389 net/if_tun.h \ 390 netdb.h \ 391 netgroup.h \ 392 pam/pam_appl.h \ 393 paths.h \ 394 poll.h \ 395 pty.h \ 396 readpassphrase.h \ 397 rpc/types.h \ 398 security/pam_appl.h \ 399 sha2.h \ 400 shadow.h \ 401 stddef.h \ 402 stdint.h \ 403 string.h \ 404 strings.h \ 405 sys/audit.h \ 406 sys/bitypes.h \ 407 sys/bsdtty.h \ 408 sys/capability.h \ 409 sys/cdefs.h \ 410 sys/dir.h \ 411 sys/mman.h \ 412 sys/ndir.h \ 413 sys/poll.h \ 414 sys/prctl.h \ 415 sys/pstat.h \ 416 sys/select.h \ 417 sys/stat.h \ 418 sys/stream.h \ 419 sys/stropts.h \ 420 sys/strtio.h \ 421 sys/statvfs.h \ 422 sys/sysmacros.h \ 423 sys/time.h \ 424 sys/timers.h \ 425 time.h \ 426 tmpdir.h \ 427 ttyent.h \ 428 ucred.h \ 429 unistd.h \ 430 usersec.h \ 431 util.h \ 432 utime.h \ 433 utmp.h \ 434 utmpx.h \ 435 vis.h \ 436]) 437 438# lastlog.h requires sys/time.h to be included first on Solaris 439AC_CHECK_HEADERS([lastlog.h], [], [], [ 440#ifdef HAVE_SYS_TIME_H 441# include <sys/time.h> 442#endif 443]) 444 445# sys/ptms.h requires sys/stream.h to be included first on Solaris 446AC_CHECK_HEADERS([sys/ptms.h], [], [], [ 447#ifdef HAVE_SYS_STREAM_H 448# include <sys/stream.h> 449#endif 450]) 451 452# login_cap.h requires sys/types.h on NetBSD 453AC_CHECK_HEADERS([login_cap.h], [], [], [ 454#include <sys/types.h> 455]) 456 457# older BSDs need sys/param.h before sys/mount.h 458AC_CHECK_HEADERS([sys/mount.h], [], [], [ 459#include <sys/param.h> 460]) 461 462# Android requires sys/socket.h to be included before sys/un.h 463AC_CHECK_HEADERS([sys/un.h], [], [], [ 464#include <sys/types.h> 465#include <sys/socket.h> 466]) 467 468# Messages for features tested for in target-specific section 469SIA_MSG="no" 470SPC_MSG="no" 471SP_MSG="no" 472 473# Check for some target-specific stuff 474case "$host" in 475*-*-aix*) 476 # Some versions of VAC won't allow macro redefinitions at 477 # -qlanglevel=ansi, and autoconf 2.60 sometimes insists on using that 478 # particularly with older versions of vac or xlc. 479 # It also throws errors about null macro argments, but these are 480 # not fatal. 481 AC_MSG_CHECKING([if compiler allows macro redefinitions]) 482 AC_COMPILE_IFELSE( 483 [AC_LANG_PROGRAM([[ 484#define testmacro foo 485#define testmacro bar]], 486 [[ exit(0); ]])], 487 [ AC_MSG_RESULT([yes]) ], 488 [ AC_MSG_RESULT([no]) 489 CC="`echo $CC | sed 's/-qlanglvl\=ansi//g'`" 490 LD="`echo $LD | sed 's/-qlanglvl\=ansi//g'`" 491 CFLAGS="`echo $CFLAGS | sed 's/-qlanglvl\=ansi//g'`" 492 CPPFLAGS="`echo $CPPFLAGS | sed 's/-qlanglvl\=ansi//g'`" 493 ] 494 ) 495 496 AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) 497 if (test -z "$blibpath"); then 498 blibpath="/usr/lib:/lib" 499 fi 500 saved_LDFLAGS="$LDFLAGS" 501 if test "$GCC" = "yes"; then 502 flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:" 503 else 504 flags="-blibpath: -Wl,-blibpath: -Wl,-rpath," 505 fi 506 for tryflags in $flags ;do 507 if (test -z "$blibflags"); then 508 LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" 509 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])], 510 [blibflags=$tryflags], []) 511 fi 512 done 513 if (test -z "$blibflags"); then 514 AC_MSG_RESULT([not found]) 515 AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) 516 else 517 AC_MSG_RESULT([$blibflags]) 518 fi 519 LDFLAGS="$saved_LDFLAGS" 520 dnl Check for authenticate. Might be in libs.a on older AIXes 521 AC_CHECK_FUNC([authenticate], [AC_DEFINE([WITH_AIXAUTHENTICATE], [1], 522 [Define if you want to enable AIX4's authenticate function])], 523 [AC_CHECK_LIB([s], [authenticate], 524 [ AC_DEFINE([WITH_AIXAUTHENTICATE]) 525 LIBS="$LIBS -ls" 526 ]) 527 ]) 528 dnl Check for various auth function declarations in headers. 529 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 530 passwdexpired, setauthdb], , , [#include <usersec.h>]) 531 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 532 AC_CHECK_DECLS([loginfailed], 533 [AC_MSG_CHECKING([if loginfailed takes 4 arguments]) 534 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <usersec.h> ]], 535 [[ (void)loginfailed("user","host","tty",0); ]])], 536 [AC_MSG_RESULT([yes]) 537 AC_DEFINE([AIX_LOGINFAILED_4ARG], [1], 538 [Define if your AIX loginfailed() function 539 takes 4 arguments (AIX >= 5.2)])], [AC_MSG_RESULT([no]) 540 ])], 541 [], 542 [#include <usersec.h>] 543 ) 544 AC_CHECK_FUNCS([getgrset setauthdb]) 545 AC_CHECK_DECL([F_CLOSEM], 546 AC_DEFINE([HAVE_FCNTL_CLOSEM], [1], [Use F_CLOSEM fcntl for closefrom]), 547 [], 548 [ #include <limits.h> 549 #include <fcntl.h> ] 550 ) 551 check_for_aix_broken_getaddrinfo=1 552 AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.]) 553 AC_DEFINE([SETEUID_BREAKS_SETUID], [1], 554 [Define if your platform breaks doing a seteuid before a setuid]) 555 AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken]) 556 AC_DEFINE([BROKEN_SETREGID], [1], [Define if your setregid() is broken]) 557 dnl AIX handles lastlog as part of its login message 558 AC_DEFINE([DISABLE_LASTLOG], [1], [Define if you don't want to use lastlog]) 559 AC_DEFINE([LOGIN_NEEDS_UTMPX], [1], 560 [Some systems need a utmpx entry for /bin/login to work]) 561 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 562 [Define to a Set Process Title type if your system is 563 supported by bsd-setproctitle.c]) 564 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 565 [AIX 5.2 and 5.3 (and presumably newer) require this]) 566 AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) 567 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 568 ;; 569*-*-android*) 570 AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) 571 AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) 572 ;; 573*-*-cygwin*) 574 check_for_libcrypt_later=1 575 LIBS="$LIBS /usr/lib/textreadmode.o" 576 AC_DEFINE([HAVE_CYGWIN], [1], [Define if you are on Cygwin]) 577 AC_DEFINE([USE_PIPES], [1], [Use PIPES instead of a socketpair()]) 578 AC_DEFINE([DISABLE_SHADOW], [1], 579 [Define if you want to disable shadow passwords]) 580 AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], 581 [Define if X11 doesn't support AF_UNIX sockets on that system]) 582 AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1], 583 [Define if the concept of ports only accessible to 584 superusers isn't known]) 585 AC_DEFINE([DISABLE_FD_PASSING], [1], 586 [Define if your platform needs to skip post auth 587 file descriptor passing]) 588 AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size]) 589 AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters]) 590 # Cygwin defines optargs, optargs as declspec(dllimport) for historical 591 # reasons which cause compile warnings, so we disable those warnings. 592 OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) 593 ;; 594*-*-dgux*) 595 AC_DEFINE([IP_TOS_IS_BROKEN], [1], 596 [Define if your system choked on IP TOS setting]) 597 AC_DEFINE([SETEUID_BREAKS_SETUID]) 598 AC_DEFINE([BROKEN_SETREUID]) 599 AC_DEFINE([BROKEN_SETREGID]) 600 ;; 601*-*-darwin*) 602 use_pie=auto 603 AC_MSG_CHECKING([if we have working getaddrinfo]) 604 AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h> 605main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 606 exit(0); 607 else 608 exit(1); 609} 610 ]])], 611 [AC_MSG_RESULT([working])], 612 [AC_MSG_RESULT([buggy]) 613 AC_DEFINE([BROKEN_GETADDRINFO], [1], 614 [getaddrinfo is broken (if present)]) 615 ], 616 [AC_MSG_RESULT([assume it is working])]) 617 AC_DEFINE([SETEUID_BREAKS_SETUID]) 618 AC_DEFINE([BROKEN_SETREUID]) 619 AC_DEFINE([BROKEN_SETREGID]) 620 AC_DEFINE([BROKEN_GLOB], [1], [OS X glob does not do what we expect]) 621 AC_DEFINE_UNQUOTED([BIND_8_COMPAT], [1], 622 [Define if your resolver libs need this for getrrsetbyname]) 623 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 624 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 625 [Use tunnel device compatibility to OpenBSD]) 626 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 627 [Prepend the address family to IP tunnel traffic]) 628 m4_pattern_allow([AU_IPv]) 629 AC_CHECK_DECL([AU_IPv4], [], 630 AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) 631 [#include <bsm/audit.h>] 632 AC_DEFINE([LASTLOG_WRITE_PUTUTXLINE], [1], 633 [Define if pututxline updates lastlog too]) 634 ) 635 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV], 636 [Define to a Set Process Title type if your system is 637 supported by bsd-setproctitle.c]) 638 AC_CHECK_FUNCS([sandbox_init]) 639 AC_CHECK_HEADERS([sandbox.h]) 640 ;; 641*-*-dragonfly*) 642 SSHDLIBS="$SSHDLIBS -lcrypt" 643 TEST_MALLOC_OPTIONS="AFGJPRX" 644 ;; 645*-*-haiku*) 646 LIBS="$LIBS -lbsd " 647 AC_CHECK_LIB([network], [socket]) 648 AC_DEFINE([HAVE_U_INT64_T]) 649 MANTYPE=man 650 ;; 651*-*-hpux*) 652 # first we define all of the options common to all HP-UX releases 653 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 654 IPADDR_IN_DISPLAY=yes 655 AC_DEFINE([USE_PIPES]) 656 AC_DEFINE([LOGIN_NO_ENDOPT], [1], 657 [Define if your login program cannot handle end of options ("--")]) 658 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 659 AC_DEFINE([LOCKED_PASSWD_STRING], ["*"], 660 [String used in /etc/passwd to denote locked account]) 661 AC_DEFINE([SPT_TYPE], [SPT_PSTAT]) 662 AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) 663 maildir="/var/mail" 664 LIBS="$LIBS -lsec" 665 AC_CHECK_LIB([xnet], [t_error], , 666 [AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])]) 667 668 # next, we define all of the options specific to major releases 669 case "$host" in 670 *-*-hpux10*) 671 if test -z "$GCC"; then 672 CFLAGS="$CFLAGS -Ae" 673 fi 674 ;; 675 *-*-hpux11*) 676 AC_DEFINE([PAM_SUN_CODEBASE], [1], 677 [Define if you are using Solaris-derived PAM which 678 passes pam_messages to the conversation function 679 with an extra level of indirection]) 680 AC_DEFINE([DISABLE_UTMP], [1], 681 [Define if you don't want to use utmp]) 682 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 683 check_for_hpux_broken_getaddrinfo=1 684 check_for_conflicting_getspnam=1 685 ;; 686 esac 687 688 # lastly, we define options specific to minor releases 689 case "$host" in 690 *-*-hpux10.26) 691 AC_DEFINE([HAVE_SECUREWARE], [1], 692 [Define if you have SecureWare-based 693 protected password database]) 694 disable_ptmx_check=yes 695 LIBS="$LIBS -lsecpw" 696 ;; 697 esac 698 ;; 699*-*-irix5*) 700 PATH="$PATH:/usr/etc" 701 AC_DEFINE([BROKEN_INET_NTOA], [1], 702 [Define if you system's inet_ntoa is busted 703 (e.g. Irix gcc issue)]) 704 AC_DEFINE([SETEUID_BREAKS_SETUID]) 705 AC_DEFINE([BROKEN_SETREUID]) 706 AC_DEFINE([BROKEN_SETREGID]) 707 AC_DEFINE([WITH_ABBREV_NO_TTY], [1], 708 [Define if you shouldn't strip 'tty' from your 709 ttyname in [uw]tmp]) 710 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 711 ;; 712*-*-irix6*) 713 PATH="$PATH:/usr/etc" 714 AC_DEFINE([WITH_IRIX_ARRAY], [1], 715 [Define if you have/want arrays 716 (cluster-wide session managment, not C arrays)]) 717 AC_DEFINE([WITH_IRIX_PROJECT], [1], 718 [Define if you want IRIX project management]) 719 AC_DEFINE([WITH_IRIX_AUDIT], [1], 720 [Define if you want IRIX audit trails]) 721 AC_CHECK_FUNC([jlimit_startjob], [AC_DEFINE([WITH_IRIX_JOBS], [1], 722 [Define if you want IRIX kernel jobs])]) 723 AC_DEFINE([BROKEN_INET_NTOA]) 724 AC_DEFINE([SETEUID_BREAKS_SETUID]) 725 AC_DEFINE([BROKEN_SETREUID]) 726 AC_DEFINE([BROKEN_SETREGID]) 727 AC_DEFINE([BROKEN_UPDWTMPX], [1], [updwtmpx is broken (if present)]) 728 AC_DEFINE([WITH_ABBREV_NO_TTY]) 729 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 730 ;; 731*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu) 732 check_for_libcrypt_later=1 733 AC_DEFINE([PAM_TTY_KLUDGE]) 734 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"]) 735 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 736 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 737 AC_DEFINE([USE_BTMP], [1], [Use btmp to log bad logins]) 738 ;; 739*-*-linux*) 740 no_dev_ptmx=1 741 use_pie=auto 742 check_for_libcrypt_later=1 743 check_for_openpty_ctty_bug=1 744 AC_DEFINE([PAM_TTY_KLUDGE], [1], 745 [Work around problematic Linux PAM modules handling of PAM_TTY]) 746 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], 747 [String used in /etc/passwd to denote locked account]) 748 AC_DEFINE([SPT_TYPE], [SPT_REUSEARGV]) 749 AC_DEFINE([LINK_OPNOTSUPP_ERRNO], [EPERM], 750 [Define to whatever link() returns for "not supported" 751 if it doesn't return EOPNOTSUPP.]) 752 AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) 753 AC_DEFINE([USE_BTMP]) 754 AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) 755 inet6_default_4in6=yes 756 case `uname -r` in 757 1.*|2.0.*) 758 AC_DEFINE([BROKEN_CMSG_TYPE], [1], 759 [Define if cmsg_type is not passed correctly]) 760 ;; 761 esac 762 # tun(4) forwarding compat code 763 AC_CHECK_HEADERS([linux/if_tun.h]) 764 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then 765 AC_DEFINE([SSH_TUN_LINUX], [1], 766 [Open tunnel devices the Linux tun/tap way]) 767 AC_DEFINE([SSH_TUN_COMPAT_AF], [1], 768 [Use tunnel device compatibility to OpenBSD]) 769 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 770 [Prepend the address family to IP tunnel traffic]) 771 fi 772 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], 773 [], [#include <linux/types.h>]) 774 AC_CHECK_FUNCS([prctl]) 775 AC_MSG_CHECKING([for seccomp architecture]) 776 seccomp_audit_arch= 777 case "$host" in 778 x86_64-*) 779 seccomp_audit_arch=AUDIT_ARCH_X86_64 780 ;; 781 i*86-*) 782 seccomp_audit_arch=AUDIT_ARCH_I386 783 ;; 784 arm*-*) 785 seccomp_audit_arch=AUDIT_ARCH_ARM 786 ;; 787 aarch64*-*) 788 seccomp_audit_arch=AUDIT_ARCH_AARCH64 789 ;; 790 esac 791 if test "x$seccomp_audit_arch" != "x" ; then 792 AC_MSG_RESULT(["$seccomp_audit_arch"]) 793 AC_DEFINE_UNQUOTED([SECCOMP_AUDIT_ARCH], [$seccomp_audit_arch], 794 [Specify the system call convention in use]) 795 else 796 AC_MSG_RESULT([architecture not supported]) 797 fi 798 ;; 799mips-sony-bsd|mips-sony-newsos4) 800 AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) 801 SONY=1 802 ;; 803*-*-netbsd*) 804 check_for_libcrypt_before=1 805 if test "x$withval" != "xno" ; then 806 need_dash_r=1 807 fi 808 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 809 AC_CHECK_HEADER([net/if_tap.h], , 810 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 811 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 812 [Prepend the address family to IP tunnel traffic]) 813 TEST_MALLOC_OPTIONS="AJRX" 814 AC_DEFINE([BROKEN_STRNVIS], [1], 815 [NetBSD strnvis argument order is swapped compared to OpenBSD]) 816 AC_DEFINE([BROKEN_READ_COMPARISON], [1], 817 [NetBSD read function is sometimes redirected, breaking atomicio comparisons against it]) 818 ;; 819*-*-freebsd*) 820 check_for_libcrypt_later=1 821 AC_DEFINE([LOCKED_PASSWD_PREFIX], ["*LOCKED*"], [Account locked with pw(1)]) 822 AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way]) 823 AC_CHECK_HEADER([net/if_tap.h], , 824 AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support])) 825 AC_DEFINE([BROKEN_GLOB], [1], [FreeBSD glob does not do what we need]) 826 AC_DEFINE([BROKEN_STRNVIS], [1], 827 [FreeBSD strnvis argument order is swapped compared to OpenBSD]) 828 TEST_MALLOC_OPTIONS="AJRX" 829 # Preauth crypto occasionally uses file descriptors for crypto offload 830 # and will crash if they cannot be opened. 831 AC_DEFINE([SANDBOX_SKIP_RLIMIT_NOFILE], [1], 832 [define if setrlimit RLIMIT_NOFILE breaks things]) 833 ;; 834*-*-bsdi*) 835 AC_DEFINE([SETEUID_BREAKS_SETUID]) 836 AC_DEFINE([BROKEN_SETREUID]) 837 AC_DEFINE([BROKEN_SETREGID]) 838 ;; 839*-next-*) 840 conf_lastlog_location="/usr/adm/lastlog" 841 conf_utmp_location=/etc/utmp 842 conf_wtmp_location=/usr/adm/wtmp 843 maildir=/usr/spool/mail 844 AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT]) 845 AC_DEFINE([BROKEN_REALPATH]) 846 AC_DEFINE([USE_PIPES]) 847 AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT]) 848 ;; 849*-*-openbsd*) 850 use_pie=auto 851 AC_DEFINE([HAVE_ATTRIBUTE__SENTINEL__], [1], [OpenBSD's gcc has sentinel]) 852 AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD's gcc has bounded]) 853 AC_DEFINE([SSH_TUN_OPENBSD], [1], [Open tunnel devices the OpenBSD way]) 854 AC_DEFINE([SYSLOG_R_SAFE_IN_SIGHAND], [1], 855 [syslog_r function is safe to use in in a signal handler]) 856 TEST_MALLOC_OPTIONS="AFGJPRX" 857 ;; 858*-*-solaris*) 859 if test "x$withval" != "xno" ; then 860 need_dash_r=1 861 fi 862 AC_DEFINE([PAM_SUN_CODEBASE]) 863 AC_DEFINE([LOGIN_NEEDS_UTMPX]) 864 AC_DEFINE([LOGIN_NEEDS_TERM], [1], 865 [Some versions of /bin/login need the TERM supplied 866 on the commandline]) 867 AC_DEFINE([PAM_TTY_KLUDGE]) 868 AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], 869 [Define if pam_chauthtok wants real uid set 870 to the unpriv'ed user]) 871 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 872 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 873 AC_DEFINE([SSHD_ACQUIRES_CTTY], [1], 874 [Define if sshd somehow reacquires a controlling TTY 875 after setsid()]) 876 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd 877 in case the name is longer than 8 chars]) 878 AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) 879 external_path_file=/etc/default/login 880 # hardwire lastlog location (can't detect it on some versions) 881 conf_lastlog_location="/var/adm/lastlog" 882 AC_MSG_CHECKING([for obsolete utmp and wtmp in solaris2.x]) 883 sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'` 884 if test "$sol2ver" -ge 8; then 885 AC_MSG_RESULT([yes]) 886 AC_DEFINE([DISABLE_UTMP]) 887 AC_DEFINE([DISABLE_WTMP], [1], 888 [Define if you don't want to use wtmp]) 889 else 890 AC_MSG_RESULT([no]) 891 fi 892 AC_ARG_WITH([solaris-contracts], 893 [ --with-solaris-contracts Enable Solaris process contracts (experimental)], 894 [ 895 AC_CHECK_LIB([contract], [ct_tmpl_activate], 896 [ AC_DEFINE([USE_SOLARIS_PROCESS_CONTRACTS], [1], 897 [Define if you have Solaris process contracts]) 898 SSHDLIBS="$SSHDLIBS -lcontract" 899 SPC_MSG="yes" ], ) 900 ], 901 ) 902 AC_ARG_WITH([solaris-projects], 903 [ --with-solaris-projects Enable Solaris projects (experimental)], 904 [ 905 AC_CHECK_LIB([project], [setproject], 906 [ AC_DEFINE([USE_SOLARIS_PROJECTS], [1], 907 [Define if you have Solaris projects]) 908 SSHDLIBS="$SSHDLIBS -lproject" 909 SP_MSG="yes" ], ) 910 ], 911 ) 912 TEST_SHELL=$SHELL # let configure find us a capable shell 913 ;; 914*-*-sunos4*) 915 CPPFLAGS="$CPPFLAGS -DSUNOS4" 916 AC_CHECK_FUNCS([getpwanam]) 917 AC_DEFINE([PAM_SUN_CODEBASE]) 918 conf_utmp_location=/etc/utmp 919 conf_wtmp_location=/var/adm/wtmp 920 conf_lastlog_location=/var/adm/lastlog 921 AC_DEFINE([USE_PIPES]) 922 ;; 923*-ncr-sysv*) 924 LIBS="$LIBS -lc89" 925 AC_DEFINE([USE_PIPES]) 926 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 927 AC_DEFINE([SETEUID_BREAKS_SETUID]) 928 AC_DEFINE([BROKEN_SETREUID]) 929 AC_DEFINE([BROKEN_SETREGID]) 930 ;; 931*-sni-sysv*) 932 # /usr/ucblib MUST NOT be searched on ReliantUNIX 933 AC_CHECK_LIB([dl], [dlsym], ,) 934 # -lresolv needs to be at the end of LIBS or DNS lookups break 935 AC_CHECK_LIB([resolv], [res_query], [ LIBS="$LIBS -lresolv" ]) 936 IPADDR_IN_DISPLAY=yes 937 AC_DEFINE([USE_PIPES]) 938 AC_DEFINE([IP_TOS_IS_BROKEN]) 939 AC_DEFINE([SETEUID_BREAKS_SETUID]) 940 AC_DEFINE([BROKEN_SETREUID]) 941 AC_DEFINE([BROKEN_SETREGID]) 942 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 943 external_path_file=/etc/default/login 944 # /usr/ucblib/libucb.a no longer needed on ReliantUNIX 945 # Attention: always take care to bind libsocket and libnsl before libc, 946 # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog 947 ;; 948# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 949*-*-sysv4.2*) 950 AC_DEFINE([USE_PIPES]) 951 AC_DEFINE([SETEUID_BREAKS_SETUID]) 952 AC_DEFINE([BROKEN_SETREUID]) 953 AC_DEFINE([BROKEN_SETREGID]) 954 AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) 955 AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 956 TEST_SHELL=$SHELL # let configure find us a capable shell 957 ;; 958# UnixWare 7.x, OpenUNIX 8 959*-*-sysv5*) 960 CPPFLAGS="$CPPFLAGS -Dvsnprintf=_xvsnprintf -Dsnprintf=_xsnprintf" 961 AC_DEFINE([UNIXWARE_LONG_PASSWORDS], [1], [Support passwords > 8 chars]) 962 AC_DEFINE([USE_PIPES]) 963 AC_DEFINE([SETEUID_BREAKS_SETUID]) 964 AC_DEFINE([BROKEN_GETADDRINFO]) 965 AC_DEFINE([BROKEN_SETREUID]) 966 AC_DEFINE([BROKEN_SETREGID]) 967 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 968 TEST_SHELL=$SHELL # let configure find us a capable shell 969 case "$host" in 970 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 971 maildir=/var/spool/mail 972 AC_DEFINE([BROKEN_LIBIAF], [1], 973 [ia_uinfo routines not supported by OS yet]) 974 AC_DEFINE([BROKEN_UPDWTMPX]) 975 AC_CHECK_LIB([prot], [getluid], [ LIBS="$LIBS -lprot" 976 AC_CHECK_FUNCS([getluid setluid], , , [-lprot]) 977 AC_DEFINE([HAVE_SECUREWARE]) 978 AC_DEFINE([DISABLE_SHADOW]) 979 ], , ) 980 ;; 981 *) AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) 982 check_for_libcrypt_later=1 983 ;; 984 esac 985 ;; 986*-*-sysv*) 987 ;; 988# SCO UNIX and OEM versions of SCO UNIX 989*-*-sco3.2v4*) 990 AC_MSG_ERROR("This Platform is no longer supported.") 991 ;; 992# SCO OpenServer 5.x 993*-*-sco3.2v5*) 994 if test -z "$GCC"; then 995 CFLAGS="$CFLAGS -belf" 996 fi 997 LIBS="$LIBS -lprot -lx -ltinfo -lm" 998 no_dev_ptmx=1 999 AC_DEFINE([USE_PIPES]) 1000 AC_DEFINE([HAVE_SECUREWARE]) 1001 AC_DEFINE([DISABLE_SHADOW]) 1002 AC_DEFINE([DISABLE_FD_PASSING]) 1003 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1004 AC_DEFINE([BROKEN_GETADDRINFO]) 1005 AC_DEFINE([BROKEN_SETREUID]) 1006 AC_DEFINE([BROKEN_SETREGID]) 1007 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1008 AC_DEFINE([BROKEN_UPDWTMPX]) 1009 AC_DEFINE([PASSWD_NEEDS_USERNAME]) 1010 AC_CHECK_FUNCS([getluid setluid]) 1011 MANTYPE=man 1012 TEST_SHELL=$SHELL # let configure find us a capable shell 1013 SKIP_DISABLE_LASTLOG_DEFINE=yes 1014 ;; 1015*-*-unicosmk*) 1016 AC_DEFINE([NO_SSH_LASTLOG], [1], 1017 [Define if you don't want to use lastlog in session.c]) 1018 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1019 AC_DEFINE([BROKEN_SETREUID]) 1020 AC_DEFINE([BROKEN_SETREGID]) 1021 AC_DEFINE([USE_PIPES]) 1022 AC_DEFINE([DISABLE_FD_PASSING]) 1023 LDFLAGS="$LDFLAGS" 1024 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" 1025 MANTYPE=cat 1026 ;; 1027*-*-unicosmp*) 1028 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1029 AC_DEFINE([BROKEN_SETREUID]) 1030 AC_DEFINE([BROKEN_SETREGID]) 1031 AC_DEFINE([WITH_ABBREV_NO_TTY]) 1032 AC_DEFINE([USE_PIPES]) 1033 AC_DEFINE([DISABLE_FD_PASSING]) 1034 LDFLAGS="$LDFLAGS" 1035 LIBS="$LIBS -lgen -lacid -ldb" 1036 MANTYPE=cat 1037 ;; 1038*-*-unicos*) 1039 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1040 AC_DEFINE([BROKEN_SETREUID]) 1041 AC_DEFINE([BROKEN_SETREGID]) 1042 AC_DEFINE([USE_PIPES]) 1043 AC_DEFINE([DISABLE_FD_PASSING]) 1044 AC_DEFINE([NO_SSH_LASTLOG]) 1045 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" 1046 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" 1047 MANTYPE=cat 1048 ;; 1049*-dec-osf*) 1050 AC_MSG_CHECKING([for Digital Unix SIA]) 1051 no_osfsia="" 1052 AC_ARG_WITH([osfsia], 1053 [ --with-osfsia Enable Digital Unix SIA], 1054 [ 1055 if test "x$withval" = "xno" ; then 1056 AC_MSG_RESULT([disabled]) 1057 no_osfsia=1 1058 fi 1059 ], 1060 ) 1061 if test -z "$no_osfsia" ; then 1062 if test -f /etc/sia/matrix.conf; then 1063 AC_MSG_RESULT([yes]) 1064 AC_DEFINE([HAVE_OSF_SIA], [1], 1065 [Define if you have Digital Unix Security 1066 Integration Architecture]) 1067 AC_DEFINE([DISABLE_LOGIN], [1], 1068 [Define if you don't want to use your 1069 system's login() call]) 1070 AC_DEFINE([DISABLE_FD_PASSING]) 1071 LIBS="$LIBS -lsecurity -ldb -lm -laud" 1072 SIA_MSG="yes" 1073 else 1074 AC_MSG_RESULT([no]) 1075 AC_DEFINE([LOCKED_PASSWD_SUBSTR], ["Nologin"], 1076 [String used in /etc/passwd to denote locked account]) 1077 fi 1078 fi 1079 AC_DEFINE([BROKEN_GETADDRINFO]) 1080 AC_DEFINE([SETEUID_BREAKS_SETUID]) 1081 AC_DEFINE([BROKEN_SETREUID]) 1082 AC_DEFINE([BROKEN_SETREGID]) 1083 AC_DEFINE([BROKEN_READV_COMPARISON], [1], [Can't do comparisons on readv]) 1084 ;; 1085 1086*-*-nto-qnx*) 1087 AC_DEFINE([USE_PIPES]) 1088 AC_DEFINE([NO_X11_UNIX_SOCKETS]) 1089 AC_DEFINE([DISABLE_LASTLOG]) 1090 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 1091 AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) 1092 enable_etc_default_login=no # has incompatible /etc/default/login 1093 case "$host" in 1094 *-*-nto-qnx6*) 1095 AC_DEFINE([DISABLE_FD_PASSING]) 1096 ;; 1097 esac 1098 ;; 1099 1100*-*-ultrix*) 1101 AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) 1102 AC_DEFINE([BROKEN_MMAP], [1], [Ultrix mmap can't map files]) 1103 AC_DEFINE([NEED_SETPGRP]) 1104 AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) 1105 ;; 1106 1107*-*-lynxos) 1108 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 1109 AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation]) 1110 ;; 1111esac 1112 1113AC_MSG_CHECKING([compiler and flags for sanity]) 1114AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])], 1115 [ AC_MSG_RESULT([yes]) ], 1116 [ 1117 AC_MSG_RESULT([no]) 1118 AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) 1119 ], 1120 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 1121) 1122 1123dnl Checks for header files. 1124# Checks for libraries. 1125AC_CHECK_FUNC([yp_match], , [AC_CHECK_LIB([nsl], [yp_match])]) 1126AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) 1127 1128dnl IRIX and Solaris 2.5.1 have dirname() in libgen 1129AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS([libgen.h])] , [ 1130 AC_CHECK_LIB([gen], [dirname], [ 1131 AC_CACHE_CHECK([for broken dirname], 1132 ac_cv_have_broken_dirname, [ 1133 save_LIBS="$LIBS" 1134 LIBS="$LIBS -lgen" 1135 AC_RUN_IFELSE( 1136 [AC_LANG_SOURCE([[ 1137#include <libgen.h> 1138#include <string.h> 1139 1140int main(int argc, char **argv) { 1141 char *s, buf[32]; 1142 1143 strncpy(buf,"/etc", 32); 1144 s = dirname(buf); 1145 if (!s || strncmp(s, "/", 32) != 0) { 1146 exit(1); 1147 } else { 1148 exit(0); 1149 } 1150} 1151 ]])], 1152 [ ac_cv_have_broken_dirname="no" ], 1153 [ ac_cv_have_broken_dirname="yes" ], 1154 [ ac_cv_have_broken_dirname="no" ], 1155 ) 1156 LIBS="$save_LIBS" 1157 ]) 1158 if test "x$ac_cv_have_broken_dirname" = "xno" ; then 1159 LIBS="$LIBS -lgen" 1160 AC_DEFINE([HAVE_DIRNAME]) 1161 AC_CHECK_HEADERS([libgen.h]) 1162 fi 1163 ]) 1164]) 1165 1166AC_CHECK_FUNC([getspnam], , 1167 [AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])]) 1168AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], 1169 [Define if you have the basename function.])]) 1170 1171dnl zlib is required 1172AC_ARG_WITH([zlib], 1173 [ --with-zlib=PATH Use zlib in PATH], 1174 [ if test "x$withval" = "xno" ; then 1175 AC_MSG_ERROR([*** zlib is required ***]) 1176 elif test "x$withval" != "xyes"; then 1177 if test -d "$withval/lib"; then 1178 if test -n "${need_dash_r}"; then 1179 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1180 else 1181 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1182 fi 1183 else 1184 if test -n "${need_dash_r}"; then 1185 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 1186 else 1187 LDFLAGS="-L${withval} ${LDFLAGS}" 1188 fi 1189 fi 1190 if test -d "$withval/include"; then 1191 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 1192 else 1193 CPPFLAGS="-I${withval} ${CPPFLAGS}" 1194 fi 1195 fi ] 1196) 1197 1198AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) 1199AC_CHECK_LIB([z], [deflate], , 1200 [ 1201 saved_CPPFLAGS="$CPPFLAGS" 1202 saved_LDFLAGS="$LDFLAGS" 1203 save_LIBS="$LIBS" 1204 dnl Check default zlib install dir 1205 if test -n "${need_dash_r}"; then 1206 LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}" 1207 else 1208 LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}" 1209 fi 1210 CPPFLAGS="-I/usr/local/include ${saved_CPPFLAGS}" 1211 LIBS="$LIBS -lz" 1212 AC_TRY_LINK_FUNC([deflate], [AC_DEFINE([HAVE_LIBZ])], 1213 [ 1214 AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***]) 1215 ] 1216 ) 1217 ] 1218) 1219 1220AC_ARG_WITH([zlib-version-check], 1221 [ --without-zlib-version-check Disable zlib version check], 1222 [ if test "x$withval" = "xno" ; then 1223 zlib_check_nonfatal=1 1224 fi 1225 ] 1226) 1227 1228AC_MSG_CHECKING([for possibly buggy zlib]) 1229AC_RUN_IFELSE([AC_LANG_PROGRAM([[ 1230#include <stdio.h> 1231#include <stdlib.h> 1232#include <zlib.h> 1233 ]], 1234 [[ 1235 int a=0, b=0, c=0, d=0, n, v; 1236 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d); 1237 if (n != 3 && n != 4) 1238 exit(1); 1239 v = a*1000000 + b*10000 + c*100 + d; 1240 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v); 1241 1242 /* 1.1.4 is OK */ 1243 if (a == 1 && b == 1 && c >= 4) 1244 exit(0); 1245 1246 /* 1.2.3 and up are OK */ 1247 if (v >= 1020300) 1248 exit(0); 1249 1250 exit(2); 1251 ]])], 1252 AC_MSG_RESULT([no]), 1253 [ AC_MSG_RESULT([yes]) 1254 if test -z "$zlib_check_nonfatal" ; then 1255 AC_MSG_ERROR([*** zlib too old - check config.log *** 1256Your reported zlib version has known security problems. It's possible your 1257vendor has fixed these problems without changing the version number. If you 1258are sure this is the case, you can disable the check by running 1259"./configure --without-zlib-version-check". 1260If you are in doubt, upgrade zlib to version 1.2.3 or greater. 1261See http://www.gzip.org/zlib/ for details.]) 1262 else 1263 AC_MSG_WARN([zlib version may have security problems]) 1264 fi 1265 ], 1266 [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] 1267) 1268 1269dnl UnixWare 2.x 1270AC_CHECK_FUNC([strcasecmp], 1271 [], [ AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) ] 1272) 1273AC_CHECK_FUNCS([utimes], 1274 [], [ AC_CHECK_LIB([c89], [utimes], [AC_DEFINE([HAVE_UTIMES]) 1275 LIBS="$LIBS -lc89"]) ] 1276) 1277 1278dnl Checks for libutil functions 1279AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) 1280AC_SEARCH_LIBS([fmt_scaled], [util bsd]) 1281AC_SEARCH_LIBS([scan_scaled], [util bsd]) 1282AC_SEARCH_LIBS([login], [util bsd]) 1283AC_SEARCH_LIBS([logout], [util bsd]) 1284AC_SEARCH_LIBS([logwtmp], [util bsd]) 1285AC_SEARCH_LIBS([openpty], [util bsd]) 1286AC_SEARCH_LIBS([updwtmp], [util bsd]) 1287AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) 1288 1289# On some platforms, inet_ntop may be found in libresolv or libnsl. 1290AC_SEARCH_LIBS([inet_ntop], [resolv nsl]) 1291 1292AC_FUNC_STRFTIME 1293 1294# Check for ALTDIRFUNC glob() extension 1295AC_MSG_CHECKING([for GLOB_ALTDIRFUNC support]) 1296AC_EGREP_CPP([FOUNDIT], 1297 [ 1298 #include <glob.h> 1299 #ifdef GLOB_ALTDIRFUNC 1300 FOUNDIT 1301 #endif 1302 ], 1303 [ 1304 AC_DEFINE([GLOB_HAS_ALTDIRFUNC], [1], 1305 [Define if your system glob() function has 1306 the GLOB_ALTDIRFUNC extension]) 1307 AC_MSG_RESULT([yes]) 1308 ], 1309 [ 1310 AC_MSG_RESULT([no]) 1311 ] 1312) 1313 1314# Check for g.gl_matchc glob() extension 1315AC_MSG_CHECKING([for gl_matchc field in glob_t]) 1316AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], 1317 [[ glob_t g; g.gl_matchc = 1; ]])], 1318 [ 1319 AC_DEFINE([GLOB_HAS_GL_MATCHC], [1], 1320 [Define if your system glob() function has 1321 gl_matchc options in glob_t]) 1322 AC_MSG_RESULT([yes]) 1323 ], [ 1324 AC_MSG_RESULT([no]) 1325]) 1326 1327# Check for g.gl_statv glob() extension 1328AC_MSG_CHECKING([for gl_statv and GLOB_KEEPSTAT extensions for glob]) 1329AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <glob.h> ]], [[ 1330#ifndef GLOB_KEEPSTAT 1331#error "glob does not support GLOB_KEEPSTAT extension" 1332#endif 1333glob_t g; 1334g.gl_statv = NULL; 1335]])], 1336 [ 1337 AC_DEFINE([GLOB_HAS_GL_STATV], [1], 1338 [Define if your system glob() function has 1339 gl_statv options in glob_t]) 1340 AC_MSG_RESULT([yes]) 1341 ], [ 1342 AC_MSG_RESULT([no]) 1343 1344]) 1345 1346AC_CHECK_DECLS([GLOB_NOMATCH], , , [#include <glob.h>]) 1347 1348AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) 1349AC_RUN_IFELSE( 1350 [AC_LANG_PROGRAM([[ 1351#include <sys/types.h> 1352#include <dirent.h>]], 1353 [[ 1354 struct dirent d; 1355 exit(sizeof(d.d_name)<=sizeof(char)); 1356 ]])], 1357 [AC_MSG_RESULT([yes])], 1358 [ 1359 AC_MSG_RESULT([no]) 1360 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME], [1], 1361 [Define if your struct dirent expects you to 1362 allocate extra space for d_name]) 1363 ], 1364 [ 1365 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1366 AC_DEFINE([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 1367 ] 1368) 1369 1370AC_MSG_CHECKING([for /proc/pid/fd directory]) 1371if test -d "/proc/$$/fd" ; then 1372 AC_DEFINE([HAVE_PROC_PID], [1], [Define if you have /proc/$pid/fd]) 1373 AC_MSG_RESULT([yes]) 1374else 1375 AC_MSG_RESULT([no]) 1376fi 1377 1378# Check whether user wants S/Key support 1379SKEY_MSG="no" 1380AC_ARG_WITH([skey], 1381 [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)], 1382 [ 1383 if test "x$withval" != "xno" ; then 1384 1385 if test "x$withval" != "xyes" ; then 1386 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1387 LDFLAGS="$LDFLAGS -L${withval}/lib" 1388 fi 1389 1390 AC_DEFINE([SKEY], [1], [Define if you want S/Key support]) 1391 LIBS="-lskey $LIBS" 1392 SKEY_MSG="yes" 1393 1394 AC_MSG_CHECKING([for s/key support]) 1395 AC_LINK_IFELSE( 1396 [AC_LANG_PROGRAM([[ 1397#include <stdio.h> 1398#include <skey.h> 1399 ]], [[ 1400 char *ff = skey_keyinfo(""); ff=""; 1401 exit(0); 1402 ]])], 1403 [AC_MSG_RESULT([yes])], 1404 [ 1405 AC_MSG_RESULT([no]) 1406 AC_MSG_ERROR([** Incomplete or missing s/key libraries.]) 1407 ]) 1408 AC_MSG_CHECKING([if skeychallenge takes 4 arguments]) 1409 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1410#include <stdio.h> 1411#include <skey.h> 1412 ]], [[ 1413 (void)skeychallenge(NULL,"name","",0); 1414 ]])], 1415 [ 1416 AC_MSG_RESULT([yes]) 1417 AC_DEFINE([SKEYCHALLENGE_4ARG], [1], 1418 [Define if your skeychallenge() 1419 function takes 4 arguments (NetBSD)])], 1420 [ 1421 AC_MSG_RESULT([no]) 1422 ]) 1423 fi 1424 ] 1425) 1426 1427# Check whether user wants to use ldns 1428LDNS_MSG="no" 1429AC_ARG_WITH(ldns, 1430 [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], 1431 [ 1432 if test "x$withval" != "xno" ; then 1433 1434 if test "x$withval" != "xyes" ; then 1435 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1436 LDFLAGS="$LDFLAGS -L${withval}/lib" 1437 fi 1438 1439 AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) 1440 LIBS="-lldns $LIBS" 1441 LDNS_MSG="yes" 1442 1443 AC_MSG_CHECKING([for ldns support]) 1444 AC_LINK_IFELSE( 1445 [AC_LANG_SOURCE([[ 1446#include <stdio.h> 1447#include <stdlib.h> 1448#include <stdint.h> 1449#include <ldns/ldns.h> 1450int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } 1451 ]]) 1452 ], 1453 [AC_MSG_RESULT(yes)], 1454 [ 1455 AC_MSG_RESULT(no) 1456 AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) 1457 ]) 1458 fi 1459 ] 1460) 1461 1462# Check whether user wants libedit support 1463LIBEDIT_MSG="no" 1464AC_ARG_WITH([libedit], 1465 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1466 [ if test "x$withval" != "xno" ; then 1467 if test "x$withval" = "xyes" ; then 1468 AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) 1469 if test "x$PKGCONFIG" != "xno"; then 1470 AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) 1471 if "$PKGCONFIG" libedit; then 1472 AC_MSG_RESULT([yes]) 1473 use_pkgconfig_for_libedit=yes 1474 else 1475 AC_MSG_RESULT([no]) 1476 fi 1477 fi 1478 else 1479 CPPFLAGS="$CPPFLAGS -I${withval}/include" 1480 if test -n "${need_dash_r}"; then 1481 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 1482 else 1483 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 1484 fi 1485 fi 1486 if test "x$use_pkgconfig_for_libedit" = "xyes"; then 1487 LIBEDIT=`$PKGCONFIG --libs libedit` 1488 CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`" 1489 else 1490 LIBEDIT="-ledit -lcurses" 1491 fi 1492 OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'` 1493 AC_CHECK_LIB([edit], [el_init], 1494 [ AC_DEFINE([USE_LIBEDIT], [1], [Use libedit for sftp]) 1495 LIBEDIT_MSG="yes" 1496 AC_SUBST([LIBEDIT]) 1497 ], 1498 [ AC_MSG_ERROR([libedit not found]) ], 1499 [ $OTHERLIBS ] 1500 ) 1501 AC_MSG_CHECKING([if libedit version is compatible]) 1502 AC_COMPILE_IFELSE( 1503 [AC_LANG_PROGRAM([[ #include <histedit.h> ]], 1504 [[ 1505 int i = H_SETSIZE; 1506 el_init("", NULL, NULL, NULL); 1507 exit(0); 1508 ]])], 1509 [ AC_MSG_RESULT([yes]) ], 1510 [ AC_MSG_RESULT([no]) 1511 AC_MSG_ERROR([libedit version is not compatible]) ] 1512 ) 1513 fi ] 1514) 1515 1516AUDIT_MODULE=none 1517AC_ARG_WITH([audit], 1518 [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], 1519 [ 1520 AC_MSG_CHECKING([for supported audit module]) 1521 case "$withval" in 1522 bsm) 1523 AC_MSG_RESULT([bsm]) 1524 AUDIT_MODULE=bsm 1525 dnl Checks for headers, libs and functions 1526 AC_CHECK_HEADERS([bsm/audit.h], [], 1527 [AC_MSG_ERROR([BSM enabled and bsm/audit.h not found])], 1528 [ 1529#ifdef HAVE_TIME_H 1530# include <time.h> 1531#endif 1532 ] 1533) 1534 AC_CHECK_LIB([bsm], [getaudit], [], 1535 [AC_MSG_ERROR([BSM enabled and required library not found])]) 1536 AC_CHECK_FUNCS([getaudit], [], 1537 [AC_MSG_ERROR([BSM enabled and required function not found])]) 1538 # These are optional 1539 AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) 1540 AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) 1541 if test "$sol2ver" -ge 11; then 1542 SSHDLIBS="$SSHDLIBS -lscf" 1543 AC_DEFINE([BROKEN_BSM_API], [1], 1544 [The system has incomplete BSM API]) 1545 fi 1546 ;; 1547 linux) 1548 AC_MSG_RESULT([linux]) 1549 AUDIT_MODULE=linux 1550 dnl Checks for headers, libs and functions 1551 AC_CHECK_HEADERS([libaudit.h]) 1552 SSHDLIBS="$SSHDLIBS -laudit" 1553 AC_DEFINE([USE_LINUX_AUDIT], [1], [Use Linux audit module]) 1554 ;; 1555 debug) 1556 AUDIT_MODULE=debug 1557 AC_MSG_RESULT([debug]) 1558 AC_DEFINE([SSH_AUDIT_EVENTS], [1], [Use audit debugging module]) 1559 ;; 1560 no) 1561 AC_MSG_RESULT([no]) 1562 ;; 1563 *) 1564 AC_MSG_ERROR([Unknown audit module $withval]) 1565 ;; 1566 esac ] 1567) 1568 1569AC_ARG_WITH([pie], 1570 [ --with-pie Build Position Independent Executables if possible], [ 1571 if test "x$withval" = "xno"; then 1572 use_pie=no 1573 fi 1574 if test "x$withval" = "xyes"; then 1575 use_pie=yes 1576 fi 1577 ] 1578) 1579if test "x$use_pie" = "x"; then 1580 use_pie=no 1581fi 1582if test "x$use_toolchain_hardening" != "x1" && test "x$use_pie" = "xauto"; then 1583 # Turn off automatic PIE when toolchain hardening is off. 1584 use_pie=no 1585fi 1586if test "x$use_pie" = "xauto"; then 1587 # Automatic PIE requires gcc >= 4.x 1588 AC_MSG_CHECKING([for gcc >= 4.x]) 1589 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ 1590#if !defined(__GNUC__) || __GNUC__ < 4 1591#error gcc is too old 1592#endif 1593]])], 1594 [ AC_MSG_RESULT([yes]) ], 1595 [ AC_MSG_RESULT([no]) 1596 use_pie=no ] 1597) 1598fi 1599if test "x$use_pie" != "xno"; then 1600 SAVED_CFLAGS="$CFLAGS" 1601 SAVED_LDFLAGS="$LDFLAGS" 1602 OSSH_CHECK_CFLAG_COMPILE([-fPIE]) 1603 OSSH_CHECK_LDFLAG_LINK([-pie]) 1604 # We use both -fPIE and -pie or neither. 1605 AC_MSG_CHECKING([whether both -fPIE and -pie are supported]) 1606 if echo "x $CFLAGS" | grep ' -fPIE' >/dev/null 2>&1 && \ 1607 echo "x $LDFLAGS" | grep ' -pie' >/dev/null 2>&1 ; then 1608 AC_MSG_RESULT([yes]) 1609 else 1610 AC_MSG_RESULT([no]) 1611 CFLAGS="$SAVED_CFLAGS" 1612 LDFLAGS="$SAVED_LDFLAGS" 1613 fi 1614fi 1615 1616dnl Checks for library functions. Please keep in alphabetical order 1617AC_CHECK_FUNCS([ \ 1618 Blowfish_initstate \ 1619 Blowfish_expandstate \ 1620 Blowfish_expand0state \ 1621 Blowfish_stream2word \ 1622 asprintf \ 1623 b64_ntop \ 1624 __b64_ntop \ 1625 b64_pton \ 1626 __b64_pton \ 1627 bcopy \ 1628 bcrypt_pbkdf \ 1629 bindresvport_sa \ 1630 blf_enc \ 1631 cap_rights_limit \ 1632 clock \ 1633 closefrom \ 1634 dirfd \ 1635 endgrent \ 1636 explicit_bzero \ 1637 fchmod \ 1638 fchown \ 1639 freeaddrinfo \ 1640 fstatfs \ 1641 fstatvfs \ 1642 futimes \ 1643 getaddrinfo \ 1644 getcwd \ 1645 getgrouplist \ 1646 getnameinfo \ 1647 getopt \ 1648 getpeereid \ 1649 getpeerucred \ 1650 getpgid \ 1651 getpgrp \ 1652 _getpty \ 1653 getrlimit \ 1654 getttyent \ 1655 glob \ 1656 group_from_gid \ 1657 inet_aton \ 1658 inet_ntoa \ 1659 inet_ntop \ 1660 innetgr \ 1661 login_getcapbool \ 1662 mblen \ 1663 md5_crypt \ 1664 memmove \ 1665 memset_s \ 1666 mkdtemp \ 1667 mmap \ 1668 ngetaddrinfo \ 1669 nsleep \ 1670 ogetaddrinfo \ 1671 openlog_r \ 1672 poll \ 1673 prctl \ 1674 pstat \ 1675 readpassphrase \ 1676 reallocarray \ 1677 recvmsg \ 1678 rresvport_af \ 1679 sendmsg \ 1680 setdtablesize \ 1681 setegid \ 1682 setenv \ 1683 seteuid \ 1684 setgroupent \ 1685 setgroups \ 1686 setlinebuf \ 1687 setlogin \ 1688 setpassent\ 1689 setpcred \ 1690 setproctitle \ 1691 setregid \ 1692 setreuid \ 1693 setrlimit \ 1694 setsid \ 1695 setvbuf \ 1696 sigaction \ 1697 sigvec \ 1698 snprintf \ 1699 socketpair \ 1700 statfs \ 1701 statvfs \ 1702 strdup \ 1703 strerror \ 1704 strlcat \ 1705 strlcpy \ 1706 strmode \ 1707 strnlen \ 1708 strnvis \ 1709 strptime \ 1710 strtonum \ 1711 strtoll \ 1712 strtoul \ 1713 strtoull \ 1714 swap32 \ 1715 sysconf \ 1716 tcgetpgrp \ 1717 timingsafe_bcmp \ 1718 truncate \ 1719 unsetenv \ 1720 updwtmpx \ 1721 user_from_uid \ 1722 usleep \ 1723 vasprintf \ 1724 vsnprintf \ 1725 waitpid \ 1726]) 1727 1728AC_LINK_IFELSE( 1729 [AC_LANG_PROGRAM( 1730 [[ #include <ctype.h> ]], 1731 [[ return (isblank('a')); ]])], 1732 [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) 1733]) 1734 1735# PKCS11 depends on OpenSSL. 1736if test "x$openssl" = "xyes" ; then 1737 # PKCS#11 support requires dlopen() and co 1738 AC_SEARCH_LIBS([dlopen], [dl], 1739 [AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support])] 1740 ) 1741fi 1742 1743# IRIX has a const char return value for gai_strerror() 1744AC_CHECK_FUNCS([gai_strerror], [ 1745 AC_DEFINE([HAVE_GAI_STRERROR]) 1746 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 1747#include <sys/types.h> 1748#include <sys/socket.h> 1749#include <netdb.h> 1750 1751const char *gai_strerror(int); 1752 ]], [[ 1753 char *str; 1754 str = gai_strerror(0); 1755 ]])], [ 1756 AC_DEFINE([HAVE_CONST_GAI_STRERROR_PROTO], [1], 1757 [Define if gai_strerror() returns const char *])], [])]) 1758 1759AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], 1760 [Some systems put nanosleep outside of libc])]) 1761 1762AC_SEARCH_LIBS([clock_gettime], [rt], 1763 [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) 1764 1765dnl Make sure prototypes are defined for these before using them. 1766AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])]) 1767AC_CHECK_DECL([strsep], 1768 [AC_CHECK_FUNCS([strsep])], 1769 [], 1770 [ 1771#ifdef HAVE_STRING_H 1772# include <string.h> 1773#endif 1774 ]) 1775 1776dnl tcsendbreak might be a macro 1777AC_CHECK_DECL([tcsendbreak], 1778 [AC_DEFINE([HAVE_TCSENDBREAK])], 1779 [AC_CHECK_FUNCS([tcsendbreak])], 1780 [#include <termios.h>] 1781) 1782 1783AC_CHECK_DECLS([h_errno], , ,[#include <netdb.h>]) 1784 1785AC_CHECK_DECLS([SHUT_RD], , , 1786 [ 1787#include <sys/types.h> 1788#include <sys/socket.h> 1789 ]) 1790 1791AC_CHECK_DECLS([O_NONBLOCK], , , 1792 [ 1793#include <sys/types.h> 1794#ifdef HAVE_SYS_STAT_H 1795# include <sys/stat.h> 1796#endif 1797#ifdef HAVE_FCNTL_H 1798# include <fcntl.h> 1799#endif 1800 ]) 1801 1802AC_CHECK_DECLS([writev], , , [ 1803#include <sys/types.h> 1804#include <sys/uio.h> 1805#include <unistd.h> 1806 ]) 1807 1808AC_CHECK_DECLS([MAXSYMLINKS], , , [ 1809#include <sys/param.h> 1810 ]) 1811 1812AC_CHECK_DECLS([offsetof], , , [ 1813#include <stddef.h> 1814 ]) 1815 1816# extra bits for select(2) 1817AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ 1818#include <sys/param.h> 1819#include <sys/types.h> 1820#ifdef HAVE_SYS_SYSMACROS_H 1821#include <sys/sysmacros.h> 1822#endif 1823#ifdef HAVE_SYS_SELECT_H 1824#include <sys/select.h> 1825#endif 1826#ifdef HAVE_SYS_TIME_H 1827#include <sys/time.h> 1828#endif 1829#ifdef HAVE_UNISTD_H 1830#include <unistd.h> 1831#endif 1832 ]]) 1833AC_CHECK_TYPES([fd_mask], [], [], [[ 1834#include <sys/param.h> 1835#include <sys/types.h> 1836#ifdef HAVE_SYS_SELECT_H 1837#include <sys/select.h> 1838#endif 1839#ifdef HAVE_SYS_TIME_H 1840#include <sys/time.h> 1841#endif 1842#ifdef HAVE_UNISTD_H 1843#include <unistd.h> 1844#endif 1845 ]]) 1846 1847AC_CHECK_FUNCS([setresuid], [ 1848 dnl Some platorms have setresuid that isn't implemented, test for this 1849 AC_MSG_CHECKING([if setresuid seems to work]) 1850 AC_RUN_IFELSE( 1851 [AC_LANG_PROGRAM([[ 1852#include <stdlib.h> 1853#include <errno.h> 1854 ]], [[ 1855 errno=0; 1856 setresuid(0,0,0); 1857 if (errno==ENOSYS) 1858 exit(1); 1859 else 1860 exit(0); 1861 ]])], 1862 [AC_MSG_RESULT([yes])], 1863 [AC_DEFINE([BROKEN_SETRESUID], [1], 1864 [Define if your setresuid() is broken]) 1865 AC_MSG_RESULT([not implemented])], 1866 [AC_MSG_WARN([cross compiling: not checking setresuid])] 1867 ) 1868]) 1869 1870AC_CHECK_FUNCS([setresgid], [ 1871 dnl Some platorms have setresgid that isn't implemented, test for this 1872 AC_MSG_CHECKING([if setresgid seems to work]) 1873 AC_RUN_IFELSE( 1874 [AC_LANG_PROGRAM([[ 1875#include <stdlib.h> 1876#include <errno.h> 1877 ]], [[ 1878 errno=0; 1879 setresgid(0,0,0); 1880 if (errno==ENOSYS) 1881 exit(1); 1882 else 1883 exit(0); 1884 ]])], 1885 [AC_MSG_RESULT([yes])], 1886 [AC_DEFINE([BROKEN_SETRESGID], [1], 1887 [Define if your setresgid() is broken]) 1888 AC_MSG_RESULT([not implemented])], 1889 [AC_MSG_WARN([cross compiling: not checking setresuid])] 1890 ) 1891]) 1892 1893AC_CHECK_FUNCS([realpath], [ 1894 dnl the sftp v3 spec says SSH_FXP_REALPATH will "canonicalize any given 1895 dnl path name", however some implementations of realpath (and some 1896 dnl versions of the POSIX spec) do not work on non-existent files, 1897 dnl so we use the OpenBSD implementation on those platforms. 1898 AC_MSG_CHECKING([if realpath works with non-existent files]) 1899 AC_RUN_IFELSE( 1900 [AC_LANG_PROGRAM([[ 1901#include <limits.h> 1902#include <stdlib.h> 1903#include <errno.h> 1904 ]], [[ 1905 char buf[PATH_MAX]; 1906 if (realpath("/opensshnonexistentfilename1234", buf) == NULL) 1907 if (errno == ENOENT) 1908 exit(1); 1909 exit(0); 1910 ]])], 1911 [AC_MSG_RESULT([yes])], 1912 [AC_DEFINE([BROKEN_REALPATH], [1], 1913 [realpath does not work with nonexistent files]) 1914 AC_MSG_RESULT([no])], 1915 [AC_MSG_WARN([cross compiling: assuming working])] 1916 ) 1917]) 1918 1919dnl Checks for time functions 1920AC_CHECK_FUNCS([gettimeofday time]) 1921dnl Checks for utmp functions 1922AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 1923AC_CHECK_FUNCS([utmpname]) 1924dnl Checks for utmpx functions 1925AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline getutxuser pututxline]) 1926AC_CHECK_FUNCS([setutxdb setutxent utmpxname]) 1927dnl Checks for lastlog functions 1928AC_CHECK_FUNCS([getlastlogxbyname]) 1929 1930AC_CHECK_FUNC([daemon], 1931 [AC_DEFINE([HAVE_DAEMON], [1], [Define if your libraries define daemon()])], 1932 [AC_CHECK_LIB([bsd], [daemon], 1933 [LIBS="$LIBS -lbsd"; AC_DEFINE([HAVE_DAEMON])])] 1934) 1935 1936AC_CHECK_FUNC([getpagesize], 1937 [AC_DEFINE([HAVE_GETPAGESIZE], [1], 1938 [Define if your libraries define getpagesize()])], 1939 [AC_CHECK_LIB([ucb], [getpagesize], 1940 [LIBS="$LIBS -lucb"; AC_DEFINE([HAVE_GETPAGESIZE])])] 1941) 1942 1943# Check for broken snprintf 1944if test "x$ac_cv_func_snprintf" = "xyes" ; then 1945 AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) 1946 AC_RUN_IFELSE( 1947 [AC_LANG_PROGRAM([[ #include <stdio.h> ]], 1948 [[ 1949 char b[5]; 1950 snprintf(b,5,"123456789"); 1951 exit(b[4]!='\0'); 1952 ]])], 1953 [AC_MSG_RESULT([yes])], 1954 [ 1955 AC_MSG_RESULT([no]) 1956 AC_DEFINE([BROKEN_SNPRINTF], [1], 1957 [Define if your snprintf is busted]) 1958 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 1959 ], 1960 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 1961 ) 1962fi 1963 1964# We depend on vsnprintf returning the right thing on overflow: the 1965# number of characters it tried to create (as per SUSv3) 1966if test "x$ac_cv_func_vsnprintf" = "xyes" ; then 1967 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow]) 1968 AC_RUN_IFELSE( 1969 [AC_LANG_PROGRAM([[ 1970#include <sys/types.h> 1971#include <stdio.h> 1972#include <stdarg.h> 1973 1974int x_snprintf(char *str, size_t count, const char *fmt, ...) 1975{ 1976 size_t ret; 1977 va_list ap; 1978 1979 va_start(ap, fmt); 1980 ret = vsnprintf(str, count, fmt, ap); 1981 va_end(ap); 1982 return ret; 1983} 1984 ]], [[ 1985char x[1]; 1986if (x_snprintf(x, 1, "%s %d", "hello", 12345) != 11) 1987 return 1; 1988if (x_snprintf(NULL, 0, "%s %d", "hello", 12345) != 11) 1989 return 1; 1990return 0; 1991 ]])], 1992 [AC_MSG_RESULT([yes])], 1993 [ 1994 AC_MSG_RESULT([no]) 1995 AC_DEFINE([BROKEN_SNPRINTF], [1], 1996 [Define if your snprintf is busted]) 1997 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor]) 1998 ], 1999 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ] 2000 ) 2001fi 2002 2003# On systems where [v]snprintf is broken, but is declared in stdio, 2004# check that the fmt argument is const char * or just char *. 2005# This is only useful for when BROKEN_SNPRINTF 2006AC_MSG_CHECKING([whether snprintf can declare const char *fmt]) 2007AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2008#include <stdio.h> 2009int snprintf(char *a, size_t b, const char *c, ...) { return 0; } 2010 ]], [[ 2011 snprintf(0, 0, 0); 2012 ]])], 2013 [AC_MSG_RESULT([yes]) 2014 AC_DEFINE([SNPRINTF_CONST], [const], 2015 [Define as const if snprintf() can declare const char *fmt])], 2016 [AC_MSG_RESULT([no]) 2017 AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) 2018 2019# Check for missing getpeereid (or equiv) support 2020NO_PEERCHECK="" 2021if test "x$ac_cv_func_getpeereid" != "xyes" -a "x$ac_cv_func_getpeerucred" != "xyes"; then 2022 AC_MSG_CHECKING([whether system supports SO_PEERCRED getsockopt]) 2023 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2024#include <sys/types.h> 2025#include <sys/socket.h>]], [[int i = SO_PEERCRED;]])], 2026 [ AC_MSG_RESULT([yes]) 2027 AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) 2028 ], [AC_MSG_RESULT([no]) 2029 NO_PEERCHECK=1 2030 ]) 2031fi 2032 2033dnl see whether mkstemp() requires XXXXXX 2034if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 2035AC_MSG_CHECKING([for (overly) strict mkstemp]) 2036AC_RUN_IFELSE( 2037 [AC_LANG_PROGRAM([[ 2038#include <stdlib.h> 2039 ]], [[ 2040 char template[]="conftest.mkstemp-test"; 2041 if (mkstemp(template) == -1) 2042 exit(1); 2043 unlink(template); 2044 exit(0); 2045 ]])], 2046 [ 2047 AC_MSG_RESULT([no]) 2048 ], 2049 [ 2050 AC_MSG_RESULT([yes]) 2051 AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()]) 2052 ], 2053 [ 2054 AC_MSG_RESULT([yes]) 2055 AC_DEFINE([HAVE_STRICT_MKSTEMP]) 2056 ] 2057) 2058fi 2059 2060dnl make sure that openpty does not reacquire controlling terminal 2061if test ! -z "$check_for_openpty_ctty_bug"; then 2062 AC_MSG_CHECKING([if openpty correctly handles controlling tty]) 2063 AC_RUN_IFELSE( 2064 [AC_LANG_PROGRAM([[ 2065#include <stdio.h> 2066#include <sys/fcntl.h> 2067#include <sys/types.h> 2068#include <sys/wait.h> 2069 ]], [[ 2070 pid_t pid; 2071 int fd, ptyfd, ttyfd, status; 2072 2073 pid = fork(); 2074 if (pid < 0) { /* failed */ 2075 exit(1); 2076 } else if (pid > 0) { /* parent */ 2077 waitpid(pid, &status, 0); 2078 if (WIFEXITED(status)) 2079 exit(WEXITSTATUS(status)); 2080 else 2081 exit(2); 2082 } else { /* child */ 2083 close(0); close(1); close(2); 2084 setsid(); 2085 openpty(&ptyfd, &ttyfd, NULL, NULL, NULL); 2086 fd = open("/dev/tty", O_RDWR | O_NOCTTY); 2087 if (fd >= 0) 2088 exit(3); /* Acquired ctty: broken */ 2089 else 2090 exit(0); /* Did not acquire ctty: OK */ 2091 } 2092 ]])], 2093 [ 2094 AC_MSG_RESULT([yes]) 2095 ], 2096 [ 2097 AC_MSG_RESULT([no]) 2098 AC_DEFINE([SSHD_ACQUIRES_CTTY]) 2099 ], 2100 [ 2101 AC_MSG_RESULT([cross-compiling, assuming yes]) 2102 ] 2103 ) 2104fi 2105 2106if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2107 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 2108 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2109 AC_RUN_IFELSE( 2110 [AC_LANG_PROGRAM([[ 2111#include <stdio.h> 2112#include <sys/socket.h> 2113#include <netdb.h> 2114#include <errno.h> 2115#include <netinet/in.h> 2116 2117#define TEST_PORT "2222" 2118 ]], [[ 2119 int err, sock; 2120 struct addrinfo *gai_ai, *ai, hints; 2121 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2122 2123 memset(&hints, 0, sizeof(hints)); 2124 hints.ai_family = PF_UNSPEC; 2125 hints.ai_socktype = SOCK_STREAM; 2126 hints.ai_flags = AI_PASSIVE; 2127 2128 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2129 if (err != 0) { 2130 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2131 exit(1); 2132 } 2133 2134 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2135 if (ai->ai_family != AF_INET6) 2136 continue; 2137 2138 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2139 sizeof(ntop), strport, sizeof(strport), 2140 NI_NUMERICHOST|NI_NUMERICSERV); 2141 2142 if (err != 0) { 2143 if (err == EAI_SYSTEM) 2144 perror("getnameinfo EAI_SYSTEM"); 2145 else 2146 fprintf(stderr, "getnameinfo failed: %s\n", 2147 gai_strerror(err)); 2148 exit(2); 2149 } 2150 2151 sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); 2152 if (sock < 0) 2153 perror("socket"); 2154 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2155 if (errno == EBADF) 2156 exit(3); 2157 } 2158 } 2159 exit(0); 2160 ]])], 2161 [ 2162 AC_MSG_RESULT([yes]) 2163 ], 2164 [ 2165 AC_MSG_RESULT([no]) 2166 AC_DEFINE([BROKEN_GETADDRINFO]) 2167 ], 2168 [ 2169 AC_MSG_RESULT([cross-compiling, assuming yes]) 2170 ] 2171 ) 2172fi 2173 2174if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 2175 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 2176 AC_MSG_CHECKING([if getaddrinfo seems to work]) 2177 AC_RUN_IFELSE( 2178 [AC_LANG_PROGRAM([[ 2179#include <stdio.h> 2180#include <sys/socket.h> 2181#include <netdb.h> 2182#include <errno.h> 2183#include <netinet/in.h> 2184 2185#define TEST_PORT "2222" 2186 ]], [[ 2187 int err, sock; 2188 struct addrinfo *gai_ai, *ai, hints; 2189 char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; 2190 2191 memset(&hints, 0, sizeof(hints)); 2192 hints.ai_family = PF_UNSPEC; 2193 hints.ai_socktype = SOCK_STREAM; 2194 hints.ai_flags = AI_PASSIVE; 2195 2196 err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); 2197 if (err != 0) { 2198 fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); 2199 exit(1); 2200 } 2201 2202 for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { 2203 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) 2204 continue; 2205 2206 err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, 2207 sizeof(ntop), strport, sizeof(strport), 2208 NI_NUMERICHOST|NI_NUMERICSERV); 2209 2210 if (ai->ai_family == AF_INET && err != 0) { 2211 perror("getnameinfo"); 2212 exit(2); 2213 } 2214 } 2215 exit(0); 2216 ]])], 2217 [ 2218 AC_MSG_RESULT([yes]) 2219 AC_DEFINE([AIX_GETNAMEINFO_HACK], [1], 2220 [Define if you have a getaddrinfo that fails 2221 for the all-zeros IPv6 address]) 2222 ], 2223 [ 2224 AC_MSG_RESULT([no]) 2225 AC_DEFINE([BROKEN_GETADDRINFO]) 2226 ], 2227 [ 2228 AC_MSG_RESULT([cross-compiling, assuming no]) 2229 ] 2230 ) 2231fi 2232 2233if test "x$ac_cv_func_getaddrinfo" = "xyes"; then 2234 AC_CHECK_DECLS(AI_NUMERICSERV, , , 2235 [#include <sys/types.h> 2236 #include <sys/socket.h> 2237 #include <netdb.h>]) 2238fi 2239 2240if test "x$check_for_conflicting_getspnam" = "x1"; then 2241 AC_MSG_CHECKING([for conflicting getspnam in shadow.h]) 2242 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]], 2243 [[ exit(0); ]])], 2244 [ 2245 AC_MSG_RESULT([no]) 2246 ], 2247 [ 2248 AC_MSG_RESULT([yes]) 2249 AC_DEFINE([GETSPNAM_CONFLICTING_DEFS], [1], 2250 [Conflicting defs for getspnam]) 2251 ] 2252 ) 2253fi 2254 2255AC_FUNC_GETPGRP 2256 2257# Search for OpenSSL 2258saved_CPPFLAGS="$CPPFLAGS" 2259saved_LDFLAGS="$LDFLAGS" 2260AC_ARG_WITH([ssl-dir], 2261 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 2262 [ 2263 if test "x$openssl" = "xno" ; then 2264 AC_MSG_ERROR([cannot use --with-ssl-dir when OpenSSL disabled]) 2265 fi 2266 if test "x$withval" != "xno" ; then 2267 case "$withval" in 2268 # Relative paths 2269 ./*|../*) withval="`pwd`/$withval" 2270 esac 2271 if test -d "$withval/lib"; then 2272 if test -n "${need_dash_r}"; then 2273 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 2274 else 2275 LDFLAGS="-L${withval}/lib ${LDFLAGS}" 2276 fi 2277 elif test -d "$withval/lib64"; then 2278 if test -n "${need_dash_r}"; then 2279 LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}" 2280 else 2281 LDFLAGS="-L${withval}/lib64 ${LDFLAGS}" 2282 fi 2283 else 2284 if test -n "${need_dash_r}"; then 2285 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}" 2286 else 2287 LDFLAGS="-L${withval} ${LDFLAGS}" 2288 fi 2289 fi 2290 if test -d "$withval/include"; then 2291 CPPFLAGS="-I${withval}/include ${CPPFLAGS}" 2292 else 2293 CPPFLAGS="-I${withval} ${CPPFLAGS}" 2294 fi 2295 fi 2296 ] 2297) 2298 2299AC_ARG_WITH([openssl-header-check], 2300 [ --without-openssl-header-check Disable OpenSSL version consistency check], 2301 [ 2302 if test "x$withval" = "xno" ; then 2303 openssl_check_nonfatal=1 2304 fi 2305 ] 2306) 2307 2308openssl_engine=no 2309AC_ARG_WITH([ssl-engine], 2310 [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], 2311 [ 2312 if test "x$openssl" = "xno" ; then 2313 AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled]) 2314 fi 2315 if test "x$withval" != "xno" ; then 2316 openssl_engine=yes 2317 fi 2318 ] 2319) 2320 2321if test "x$openssl" = "xyes" ; then 2322 LIBS="-lcrypto $LIBS" 2323 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1], 2324 [Define if your ssl headers are included 2325 with #include <openssl/header.h>])], 2326 [ 2327 dnl Check default openssl install dir 2328 if test -n "${need_dash_r}"; then 2329 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}" 2330 else 2331 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}" 2332 fi 2333 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" 2334 AC_CHECK_HEADER([openssl/opensslv.h], , 2335 [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])]) 2336 AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])], 2337 [ 2338 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***]) 2339 ] 2340 ) 2341 ] 2342 ) 2343 2344 # Determine OpenSSL header version 2345 AC_MSG_CHECKING([OpenSSL header version]) 2346 AC_RUN_IFELSE( 2347 [AC_LANG_PROGRAM([[ 2348 #include <stdio.h> 2349 #include <string.h> 2350 #include <openssl/opensslv.h> 2351 #define DATA "conftest.sslincver" 2352 ]], [[ 2353 FILE *fd; 2354 int rc; 2355 2356 fd = fopen(DATA,"w"); 2357 if(fd == NULL) 2358 exit(1); 2359 2360 if ((rc = fprintf(fd ,"%08x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) 2361 exit(1); 2362 2363 exit(0); 2364 ]])], 2365 [ 2366 ssl_header_ver=`cat conftest.sslincver` 2367 AC_MSG_RESULT([$ssl_header_ver]) 2368 ], 2369 [ 2370 AC_MSG_RESULT([not found]) 2371 AC_MSG_ERROR([OpenSSL version header not found.]) 2372 ], 2373 [ 2374 AC_MSG_WARN([cross compiling: not checking]) 2375 ] 2376 ) 2377 2378 # Determine OpenSSL library version 2379 AC_MSG_CHECKING([OpenSSL library version]) 2380 AC_RUN_IFELSE( 2381 [AC_LANG_PROGRAM([[ 2382 #include <stdio.h> 2383 #include <string.h> 2384 #include <openssl/opensslv.h> 2385 #include <openssl/crypto.h> 2386 #define DATA "conftest.ssllibver" 2387 ]], [[ 2388 FILE *fd; 2389 int rc; 2390 2391 fd = fopen(DATA,"w"); 2392 if(fd == NULL) 2393 exit(1); 2394 2395 if ((rc = fprintf(fd ,"%08x (%s)\n", SSLeay(), 2396 SSLeay_version(SSLEAY_VERSION))) <0) 2397 exit(1); 2398 2399 exit(0); 2400 ]])], 2401 [ 2402 ssl_library_ver=`cat conftest.ssllibver` 2403 # Check version is supported. 2404 case "$ssl_library_ver" in 2405 0090[[0-7]]*|009080[[0-5]]*) 2406 AC_MSG_ERROR([OpenSSL >= 0.9.8f required (have "$ssl_library_ver")]) 2407 ;; 2408 *) ;; 2409 esac 2410 AC_MSG_RESULT([$ssl_library_ver]) 2411 ], 2412 [ 2413 AC_MSG_RESULT([not found]) 2414 AC_MSG_ERROR([OpenSSL library not found.]) 2415 ], 2416 [ 2417 AC_MSG_WARN([cross compiling: not checking]) 2418 ] 2419 ) 2420 2421 # Sanity check OpenSSL headers 2422 AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 2423 AC_RUN_IFELSE( 2424 [AC_LANG_PROGRAM([[ 2425 #include <string.h> 2426 #include <openssl/opensslv.h> 2427 ]], [[ 2428 exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); 2429 ]])], 2430 [ 2431 AC_MSG_RESULT([yes]) 2432 ], 2433 [ 2434 AC_MSG_RESULT([no]) 2435 if test "x$openssl_check_nonfatal" = "x"; then 2436 AC_MSG_ERROR([Your OpenSSL headers do not match your 2437 library. Check config.log for details. 2438 If you are sure your installation is consistent, you can disable the check 2439 by running "./configure --without-openssl-header-check". 2440 Also see contrib/findssl.sh for help identifying header/library mismatches. 2441 ]) 2442 else 2443 AC_MSG_WARN([Your OpenSSL headers do not match your 2444 library. Check config.log for details. 2445 Also see contrib/findssl.sh for help identifying header/library mismatches.]) 2446 fi 2447 ], 2448 [ 2449 AC_MSG_WARN([cross compiling: not checking]) 2450 ] 2451 ) 2452 2453 AC_MSG_CHECKING([if programs using OpenSSL functions will link]) 2454 AC_LINK_IFELSE( 2455 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2456 [[ SSLeay_add_all_algorithms(); ]])], 2457 [ 2458 AC_MSG_RESULT([yes]) 2459 ], 2460 [ 2461 AC_MSG_RESULT([no]) 2462 saved_LIBS="$LIBS" 2463 LIBS="$LIBS -ldl" 2464 AC_MSG_CHECKING([if programs using OpenSSL need -ldl]) 2465 AC_LINK_IFELSE( 2466 [AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]], 2467 [[ SSLeay_add_all_algorithms(); ]])], 2468 [ 2469 AC_MSG_RESULT([yes]) 2470 ], 2471 [ 2472 AC_MSG_RESULT([no]) 2473 LIBS="$saved_LIBS" 2474 ] 2475 ) 2476 ] 2477 ) 2478 2479 AC_CHECK_FUNCS([ \ 2480 BN_is_prime_ex \ 2481 DSA_generate_parameters_ex \ 2482 EVP_DigestInit_ex \ 2483 EVP_DigestFinal_ex \ 2484 EVP_MD_CTX_init \ 2485 EVP_MD_CTX_cleanup \ 2486 EVP_MD_CTX_copy_ex \ 2487 HMAC_CTX_init \ 2488 RSA_generate_key_ex \ 2489 RSA_get_default_method \ 2490 ]) 2491 2492 if test "x$openssl_engine" = "xyes" ; then 2493 AC_MSG_CHECKING([for OpenSSL ENGINE support]) 2494 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2495 #include <openssl/engine.h> 2496 ]], [[ 2497 ENGINE_load_builtin_engines(); 2498 ENGINE_register_all_complete(); 2499 ]])], 2500 [ AC_MSG_RESULT([yes]) 2501 AC_DEFINE([USE_OPENSSL_ENGINE], [1], 2502 [Enable OpenSSL engine support]) 2503 ], [ AC_MSG_ERROR([OpenSSL ENGINE support not found]) 2504 ]) 2505 fi 2506 2507 # Check for OpenSSL without EVP_aes_{192,256}_cbc 2508 AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) 2509 AC_LINK_IFELSE( 2510 [AC_LANG_PROGRAM([[ 2511 #include <string.h> 2512 #include <openssl/evp.h> 2513 ]], [[ 2514 exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL); 2515 ]])], 2516 [ 2517 AC_MSG_RESULT([no]) 2518 ], 2519 [ 2520 AC_MSG_RESULT([yes]) 2521 AC_DEFINE([OPENSSL_LOBOTOMISED_AES], [1], 2522 [libcrypto is missing AES 192 and 256 bit functions]) 2523 ] 2524 ) 2525 2526 # Check for OpenSSL with EVP_aes_*ctr 2527 AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP]) 2528 AC_LINK_IFELSE( 2529 [AC_LANG_PROGRAM([[ 2530 #include <string.h> 2531 #include <openssl/evp.h> 2532 ]], [[ 2533 exit(EVP_aes_128_ctr() == NULL || 2534 EVP_aes_192_cbc() == NULL || 2535 EVP_aes_256_cbc() == NULL); 2536 ]])], 2537 [ 2538 AC_MSG_RESULT([yes]) 2539 AC_DEFINE([OPENSSL_HAVE_EVPCTR], [1], 2540 [libcrypto has EVP AES CTR]) 2541 ], 2542 [ 2543 AC_MSG_RESULT([no]) 2544 ] 2545 ) 2546 2547 # Check for OpenSSL with EVP_aes_*gcm 2548 AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP]) 2549 AC_LINK_IFELSE( 2550 [AC_LANG_PROGRAM([[ 2551 #include <string.h> 2552 #include <openssl/evp.h> 2553 ]], [[ 2554 exit(EVP_aes_128_gcm() == NULL || 2555 EVP_aes_256_gcm() == NULL || 2556 EVP_CTRL_GCM_SET_IV_FIXED == 0 || 2557 EVP_CTRL_GCM_IV_GEN == 0 || 2558 EVP_CTRL_GCM_SET_TAG == 0 || 2559 EVP_CTRL_GCM_GET_TAG == 0 || 2560 EVP_CIPHER_CTX_ctrl(NULL, 0, 0, NULL) == 0); 2561 ]])], 2562 [ 2563 AC_MSG_RESULT([yes]) 2564 AC_DEFINE([OPENSSL_HAVE_EVPGCM], [1], 2565 [libcrypto has EVP AES GCM]) 2566 ], 2567 [ 2568 AC_MSG_RESULT([no]) 2569 unsupported_algorithms="$unsupported_cipers \ 2570 aes128-gcm@openssh.com aes256-gcm@openssh.com" 2571 ] 2572 ) 2573 2574 AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto], 2575 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1], 2576 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])]) 2577 2578 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2579 AC_LINK_IFELSE( 2580 [AC_LANG_PROGRAM([[ 2581 #include <string.h> 2582 #include <openssl/evp.h> 2583 ]], [[ 2584 if(EVP_DigestUpdate(NULL, NULL,0)) 2585 exit(0); 2586 ]])], 2587 [ 2588 AC_MSG_RESULT([yes]) 2589 ], 2590 [ 2591 AC_MSG_RESULT([no]) 2592 AC_DEFINE([OPENSSL_EVP_DIGESTUPDATE_VOID], [1], 2593 [Define if EVP_DigestUpdate returns void]) 2594 ] 2595 ) 2596 2597 # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 2598 # because the system crypt() is more featureful. 2599 if test "x$check_for_libcrypt_before" = "x1"; then 2600 AC_CHECK_LIB([crypt], [crypt]) 2601 fi 2602 2603 # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 2604 # version in OpenSSL. 2605 if test "x$check_for_libcrypt_later" = "x1"; then 2606 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2607 fi 2608 AC_CHECK_FUNCS([crypt DES_crypt]) 2609 2610 # Search for SHA256 support in libc and/or OpenSSL 2611 AC_CHECK_FUNCS([SHA256_Update EVP_sha256], , 2612 [unsupported_algorithms="$unsupported_algorithms \ 2613 hmac-sha2-256 hmac-sha2-512 \ 2614 diffie-hellman-group-exchange-sha256 \ 2615 hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" 2616 ] 2617 ) 2618 # Search for RIPE-MD support in OpenSSL 2619 AC_CHECK_FUNCS([EVP_ripemd160], , 2620 [unsupported_algorithms="$unsupported_algorithms \ 2621 hmac-ripemd160 2622 hmac-ripemd160@openssh.com 2623 hmac-ripemd160-etm@openssh.com" 2624 ] 2625 ) 2626 2627 # Check complete ECC support in OpenSSL 2628 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) 2629 AC_LINK_IFELSE( 2630 [AC_LANG_PROGRAM([[ 2631 #include <openssl/ec.h> 2632 #include <openssl/ecdh.h> 2633 #include <openssl/ecdsa.h> 2634 #include <openssl/evp.h> 2635 #include <openssl/objects.h> 2636 #include <openssl/opensslv.h> 2637 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2638 # error "OpenSSL < 0.9.8g has unreliable ECC code" 2639 #endif 2640 ]], [[ 2641 EC_KEY *e = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 2642 const EVP_MD *m = EVP_sha256(); /* We need this too */ 2643 ]])], 2644 [ AC_MSG_RESULT([yes]) 2645 enable_nistp256=1 ], 2646 [ AC_MSG_RESULT([no]) ] 2647 ) 2648 2649 AC_MSG_CHECKING([whether OpenSSL has NID_secp384r1]) 2650 AC_LINK_IFELSE( 2651 [AC_LANG_PROGRAM([[ 2652 #include <openssl/ec.h> 2653 #include <openssl/ecdh.h> 2654 #include <openssl/ecdsa.h> 2655 #include <openssl/evp.h> 2656 #include <openssl/objects.h> 2657 #include <openssl/opensslv.h> 2658 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2659 # error "OpenSSL < 0.9.8g has unreliable ECC code" 2660 #endif 2661 ]], [[ 2662 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp384r1); 2663 const EVP_MD *m = EVP_sha384(); /* We need this too */ 2664 ]])], 2665 [ AC_MSG_RESULT([yes]) 2666 enable_nistp384=1 ], 2667 [ AC_MSG_RESULT([no]) ] 2668 ) 2669 2670 AC_MSG_CHECKING([whether OpenSSL has NID_secp521r1]) 2671 AC_LINK_IFELSE( 2672 [AC_LANG_PROGRAM([[ 2673 #include <openssl/ec.h> 2674 #include <openssl/ecdh.h> 2675 #include <openssl/ecdsa.h> 2676 #include <openssl/evp.h> 2677 #include <openssl/objects.h> 2678 #include <openssl/opensslv.h> 2679 #if OPENSSL_VERSION_NUMBER < 0x0090807f /* 0.9.8g */ 2680 # error "OpenSSL < 0.9.8g has unreliable ECC code" 2681 #endif 2682 ]], [[ 2683 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 2684 const EVP_MD *m = EVP_sha512(); /* We need this too */ 2685 ]])], 2686 [ AC_MSG_RESULT([yes]) 2687 AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional]) 2688 AC_RUN_IFELSE( 2689 [AC_LANG_PROGRAM([[ 2690 #include <openssl/ec.h> 2691 #include <openssl/ecdh.h> 2692 #include <openssl/ecdsa.h> 2693 #include <openssl/evp.h> 2694 #include <openssl/objects.h> 2695 #include <openssl/opensslv.h> 2696 ]],[[ 2697 EC_KEY *e = EC_KEY_new_by_curve_name(NID_secp521r1); 2698 const EVP_MD *m = EVP_sha512(); /* We need this too */ 2699 exit(e == NULL || m == NULL); 2700 ]])], 2701 [ AC_MSG_RESULT([yes]) 2702 enable_nistp521=1 ], 2703 [ AC_MSG_RESULT([no]) ], 2704 [ AC_MSG_WARN([cross-compiling: assuming yes]) 2705 enable_nistp521=1 ] 2706 )], 2707 AC_MSG_RESULT([no]) 2708 ) 2709 2710 COMMENT_OUT_ECC="#no ecc#" 2711 TEST_SSH_ECC=no 2712 2713 if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \ 2714 test x$enable_nistp521 = x1; then 2715 AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) 2716 fi 2717 if test x$enable_nistp256 = x1; then 2718 AC_DEFINE([OPENSSL_HAS_NISTP256], [1], 2719 [libcrypto has NID_X9_62_prime256v1]) 2720 TEST_SSH_ECC=yes 2721 COMMENT_OUT_ECC="" 2722 else 2723 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp256 \ 2724 ecdh-sha2-nistp256 ecdsa-sha2-nistp256-cert-v01@openssh.com" 2725 fi 2726 if test x$enable_nistp384 = x1; then 2727 AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1]) 2728 TEST_SSH_ECC=yes 2729 COMMENT_OUT_ECC="" 2730 else 2731 unsupported_algorithms="$unsupported_algorithms ecdsa-sha2-nistp384 \ 2732 ecdh-sha2-nistp384 ecdsa-sha2-nistp384-cert-v01@openssh.com" 2733 fi 2734 if test x$enable_nistp521 = x1; then 2735 AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1]) 2736 TEST_SSH_ECC=yes 2737 COMMENT_OUT_ECC="" 2738 else 2739 unsupported_algorithms="$unsupported_algorithms ecdh-sha2-nistp521 \ 2740 ecdsa-sha2-nistp521 ecdsa-sha2-nistp521-cert-v01@openssh.com" 2741 fi 2742 2743 AC_SUBST([TEST_SSH_ECC]) 2744 AC_SUBST([COMMENT_OUT_ECC]) 2745else 2746 AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 2747 AC_CHECK_FUNCS([crypt]) 2748fi 2749 2750AC_CHECK_FUNCS([ \ 2751 arc4random \ 2752 arc4random_buf \ 2753 arc4random_stir \ 2754 arc4random_uniform \ 2755]) 2756 2757saved_LIBS="$LIBS" 2758AC_CHECK_LIB([iaf], [ia_openinfo], [ 2759 LIBS="$LIBS -liaf" 2760 AC_CHECK_FUNCS([set_id], [SSHDLIBS="$SSHDLIBS -liaf" 2761 AC_DEFINE([HAVE_LIBIAF], [1], 2762 [Define if system has libiaf that supports set_id]) 2763 ]) 2764]) 2765LIBS="$saved_LIBS" 2766 2767### Configure cryptographic random number support 2768 2769# Check wheter OpenSSL seeds itself 2770if test "x$openssl" = "xyes" ; then 2771 AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) 2772 AC_RUN_IFELSE( 2773 [AC_LANG_PROGRAM([[ 2774 #include <string.h> 2775 #include <openssl/rand.h> 2776 ]], [[ 2777 exit(RAND_status() == 1 ? 0 : 1); 2778 ]])], 2779 [ 2780 OPENSSL_SEEDS_ITSELF=yes 2781 AC_MSG_RESULT([yes]) 2782 ], 2783 [ 2784 AC_MSG_RESULT([no]) 2785 ], 2786 [ 2787 AC_MSG_WARN([cross compiling: assuming yes]) 2788 # This is safe, since we will fatal() at runtime if 2789 # OpenSSL is not seeded correctly. 2790 OPENSSL_SEEDS_ITSELF=yes 2791 ] 2792 ) 2793fi 2794 2795# PRNGD TCP socket 2796AC_ARG_WITH([prngd-port], 2797 [ --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT], 2798 [ 2799 case "$withval" in 2800 no) 2801 withval="" 2802 ;; 2803 [[0-9]]*) 2804 ;; 2805 *) 2806 AC_MSG_ERROR([You must specify a numeric port number for --with-prngd-port]) 2807 ;; 2808 esac 2809 if test ! -z "$withval" ; then 2810 PRNGD_PORT="$withval" 2811 AC_DEFINE_UNQUOTED([PRNGD_PORT], [$PRNGD_PORT], 2812 [Port number of PRNGD/EGD random number socket]) 2813 fi 2814 ] 2815) 2816 2817# PRNGD Unix domain socket 2818AC_ARG_WITH([prngd-socket], 2819 [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], 2820 [ 2821 case "$withval" in 2822 yes) 2823 withval="/var/run/egd-pool" 2824 ;; 2825 no) 2826 withval="" 2827 ;; 2828 /*) 2829 ;; 2830 *) 2831 AC_MSG_ERROR([You must specify an absolute path to the entropy socket]) 2832 ;; 2833 esac 2834 2835 if test ! -z "$withval" ; then 2836 if test ! -z "$PRNGD_PORT" ; then 2837 AC_MSG_ERROR([You may not specify both a PRNGD/EGD port and socket]) 2838 fi 2839 if test ! -r "$withval" ; then 2840 AC_MSG_WARN([Entropy socket is not readable]) 2841 fi 2842 PRNGD_SOCKET="$withval" 2843 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"], 2844 [Location of PRNGD/EGD random number socket]) 2845 fi 2846 ], 2847 [ 2848 # Check for existing socket only if we don't have a random device already 2849 if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then 2850 AC_MSG_CHECKING([for PRNGD/EGD socket]) 2851 # Insert other locations here 2852 for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do 2853 if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then 2854 PRNGD_SOCKET="$sock" 2855 AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) 2856 break; 2857 fi 2858 done 2859 if test ! -z "$PRNGD_SOCKET" ; then 2860 AC_MSG_RESULT([$PRNGD_SOCKET]) 2861 else 2862 AC_MSG_RESULT([not found]) 2863 fi 2864 fi 2865 ] 2866) 2867 2868# Which randomness source do we use? 2869if test ! -z "$PRNGD_PORT" ; then 2870 RAND_MSG="PRNGd port $PRNGD_PORT" 2871elif test ! -z "$PRNGD_SOCKET" ; then 2872 RAND_MSG="PRNGd socket $PRNGD_SOCKET" 2873elif test ! -z "$OPENSSL_SEEDS_ITSELF" ; then 2874 AC_DEFINE([OPENSSL_PRNG_ONLY], [1], 2875 [Define if you want the OpenSSL internally seeded PRNG only]) 2876 RAND_MSG="OpenSSL internal ONLY" 2877elif test "x$openssl" = "xno" ; then 2878 AC_MSG_WARN([OpenSSH will use /dev/urandom as a source of random numbers. It will fail if this device is not supported or accessible]) 2879else 2880 AC_MSG_ERROR([OpenSSH has no source of random numbers. Please configure OpenSSL with an entropy source or re-run configure using one of the --with-prngd-port or --with-prngd-socket options]) 2881fi 2882 2883# Check for PAM libs 2884PAM_MSG="no" 2885AC_ARG_WITH([pam], 2886 [ --with-pam Enable PAM support ], 2887 [ 2888 if test "x$withval" != "xno" ; then 2889 if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ 2890 test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then 2891 AC_MSG_ERROR([PAM headers not found]) 2892 fi 2893 2894 saved_LIBS="$LIBS" 2895 AC_CHECK_LIB([dl], [dlopen], , ) 2896 AC_CHECK_LIB([pam], [pam_set_item], , [AC_MSG_ERROR([*** libpam missing])]) 2897 AC_CHECK_FUNCS([pam_getenvlist]) 2898 AC_CHECK_FUNCS([pam_putenv]) 2899 LIBS="$saved_LIBS" 2900 2901 PAM_MSG="yes" 2902 2903 SSHDLIBS="$SSHDLIBS -lpam" 2904 AC_DEFINE([USE_PAM], [1], 2905 [Define if you want to enable PAM support]) 2906 2907 if test $ac_cv_lib_dl_dlopen = yes; then 2908 case "$LIBS" in 2909 *-ldl*) 2910 # libdl already in LIBS 2911 ;; 2912 *) 2913 SSHDLIBS="$SSHDLIBS -ldl" 2914 ;; 2915 esac 2916 fi 2917 fi 2918 ] 2919) 2920 2921# Check for older PAM 2922if test "x$PAM_MSG" = "xyes" ; then 2923 # Check PAM strerror arguments (old PAM) 2924 AC_MSG_CHECKING([whether pam_strerror takes only one argument]) 2925 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 2926#include <stdlib.h> 2927#if defined(HAVE_SECURITY_PAM_APPL_H) 2928#include <security/pam_appl.h> 2929#elif defined (HAVE_PAM_PAM_APPL_H) 2930#include <pam/pam_appl.h> 2931#endif 2932 ]], [[ 2933(void)pam_strerror((pam_handle_t *)NULL, -1); 2934 ]])], [AC_MSG_RESULT([no])], [ 2935 AC_DEFINE([HAVE_OLD_PAM], [1], 2936 [Define if you have an old version of PAM 2937 which takes only one argument to pam_strerror]) 2938 AC_MSG_RESULT([yes]) 2939 PAM_MSG="yes (old library)" 2940 2941 ]) 2942fi 2943 2944case "$host" in 2945*-*-cygwin*) 2946 SSH_PRIVSEP_USER=CYGWIN_SSH_PRIVSEP_USER 2947 ;; 2948*) 2949 SSH_PRIVSEP_USER=sshd 2950 ;; 2951esac 2952AC_ARG_WITH([privsep-user], 2953 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 2954 [ 2955 if test -n "$withval" && test "x$withval" != "xno" && \ 2956 test "x${withval}" != "xyes"; then 2957 SSH_PRIVSEP_USER=$withval 2958 fi 2959 ] 2960) 2961if test "x$SSH_PRIVSEP_USER" = "xCYGWIN_SSH_PRIVSEP_USER" ; then 2962 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], [CYGWIN_SSH_PRIVSEP_USER], 2963 [Cygwin function to fetch non-privileged user for privilege separation]) 2964else 2965 AC_DEFINE_UNQUOTED([SSH_PRIVSEP_USER], ["$SSH_PRIVSEP_USER"], 2966 [non-privileged user for privilege separation]) 2967fi 2968AC_SUBST([SSH_PRIVSEP_USER]) 2969 2970if test "x$have_linux_no_new_privs" = "x1" ; then 2971AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ 2972 #include <sys/types.h> 2973 #include <linux/seccomp.h> 2974]) 2975fi 2976if test "x$have_seccomp_filter" = "x1" ; then 2977AC_MSG_CHECKING([kernel for seccomp_filter support]) 2978AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 2979 #include <errno.h> 2980 #include <elf.h> 2981 #include <linux/audit.h> 2982 #include <linux/seccomp.h> 2983 #include <stdlib.h> 2984 #include <sys/prctl.h> 2985 ]], 2986 [[ int i = $seccomp_audit_arch; 2987 errno = 0; 2988 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); 2989 exit(errno == EFAULT ? 0 : 1); ]])], 2990 [ AC_MSG_RESULT([yes]) ], [ 2991 AC_MSG_RESULT([no]) 2992 # Disable seccomp filter as a target 2993 have_seccomp_filter=0 2994 ] 2995) 2996fi 2997 2998# Decide which sandbox style to use 2999sandbox_arg="" 3000AC_ARG_WITH([sandbox], 3001 [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter, capsicum)], 3002 [ 3003 if test "x$withval" = "xyes" ; then 3004 sandbox_arg="" 3005 else 3006 sandbox_arg="$withval" 3007 fi 3008 ] 3009) 3010 3011# Some platforms (seems to be the ones that have a kernel poll(2)-type 3012# function with which they implement select(2)) use an extra file descriptor 3013# when calling select(2), which means we can't use the rlimit sandbox. 3014AC_MSG_CHECKING([if select works with descriptor rlimit]) 3015AC_RUN_IFELSE( 3016 [AC_LANG_PROGRAM([[ 3017#include <sys/types.h> 3018#ifdef HAVE_SYS_TIME_H 3019# include <sys/time.h> 3020#endif 3021#include <sys/resource.h> 3022#ifdef HAVE_SYS_SELECT_H 3023# include <sys/select.h> 3024#endif 3025#include <errno.h> 3026#include <fcntl.h> 3027#include <stdlib.h> 3028 ]],[[ 3029 struct rlimit rl_zero; 3030 int fd, r; 3031 fd_set fds; 3032 struct timeval tv; 3033 3034 fd = open("/dev/null", O_RDONLY); 3035 FD_ZERO(&fds); 3036 FD_SET(fd, &fds); 3037 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3038 setrlimit(RLIMIT_FSIZE, &rl_zero); 3039 setrlimit(RLIMIT_NOFILE, &rl_zero); 3040 tv.tv_sec = 1; 3041 tv.tv_usec = 0; 3042 r = select(fd+1, &fds, NULL, NULL, &tv); 3043 exit (r == -1 ? 1 : 0); 3044 ]])], 3045 [AC_MSG_RESULT([yes]) 3046 select_works_with_rlimit=yes], 3047 [AC_MSG_RESULT([no]) 3048 select_works_with_rlimit=no], 3049 [AC_MSG_WARN([cross compiling: assuming yes])] 3050) 3051 3052AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) 3053AC_RUN_IFELSE( 3054 [AC_LANG_PROGRAM([[ 3055#include <sys/types.h> 3056#ifdef HAVE_SYS_TIME_H 3057# include <sys/time.h> 3058#endif 3059#include <sys/resource.h> 3060#include <errno.h> 3061#include <stdlib.h> 3062 ]],[[ 3063 struct rlimit rl_zero; 3064 int fd, r; 3065 fd_set fds; 3066 3067 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3068 r = setrlimit(RLIMIT_NOFILE, &rl_zero); 3069 exit (r == -1 ? 1 : 0); 3070 ]])], 3071 [AC_MSG_RESULT([yes]) 3072 rlimit_nofile_zero_works=yes], 3073 [AC_MSG_RESULT([no]) 3074 rlimit_nofile_zero_works=no], 3075 [AC_MSG_WARN([cross compiling: assuming yes])] 3076) 3077 3078AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) 3079AC_RUN_IFELSE( 3080 [AC_LANG_PROGRAM([[ 3081#include <sys/types.h> 3082#include <sys/resource.h> 3083#include <stdlib.h> 3084 ]],[[ 3085 struct rlimit rl_zero; 3086 3087 rl_zero.rlim_cur = rl_zero.rlim_max = 0; 3088 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); 3089 ]])], 3090 [AC_MSG_RESULT([yes])], 3091 [AC_MSG_RESULT([no]) 3092 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, 3093 [setrlimit RLIMIT_FSIZE works])], 3094 [AC_MSG_WARN([cross compiling: assuming yes])] 3095) 3096 3097if test "x$sandbox_arg" = "xsystrace" || \ 3098 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 3099 test "x$have_systr_policy_kill" != "x1" && \ 3100 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 3101 SANDBOX_STYLE="systrace" 3102 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 3103elif test "x$sandbox_arg" = "xdarwin" || \ 3104 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 3105 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 3106 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 3107 "x$ac_cv_header_sandbox_h" != "xyes" && \ 3108 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 3109 SANDBOX_STYLE="darwin" 3110 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 3111elif test "x$sandbox_arg" = "xseccomp_filter" || \ 3112 ( test -z "$sandbox_arg" && \ 3113 test "x$have_seccomp_filter" = "x1" && \ 3114 test "x$ac_cv_header_elf_h" = "xyes" && \ 3115 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 3116 test "x$ac_cv_header_linux_filter_h" = "xyes" && \ 3117 test "x$seccomp_audit_arch" != "x" && \ 3118 test "x$have_linux_no_new_privs" = "x1" && \ 3119 test "x$ac_cv_func_prctl" = "xyes" ) ; then 3120 test "x$seccomp_audit_arch" = "x" && \ 3121 AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) 3122 test "x$have_linux_no_new_privs" != "x1" && \ 3123 AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) 3124 test "x$have_seccomp_filter" != "x1" && \ 3125 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 3126 test "x$ac_cv_func_prctl" != "xyes" && \ 3127 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 3128 SANDBOX_STYLE="seccomp_filter" 3129 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 3130elif test "x$sandbox_arg" = "xcapsicum" || \ 3131 ( test -z "$sandbox_arg" && \ 3132 test "x$ac_cv_header_sys_capability_h" = "xyes" && \ 3133 test "x$ac_cv_func_cap_rights_limit" = "xyes") ; then 3134 test "x$ac_cv_header_sys_capability_h" != "xyes" && \ 3135 AC_MSG_ERROR([capsicum sandbox requires sys/capability.h header]) 3136 test "x$ac_cv_func_cap_rights_limit" != "xyes" && \ 3137 AC_MSG_ERROR([capsicum sandbox requires cap_rights_limit function]) 3138 SANDBOX_STYLE="capsicum" 3139 AC_DEFINE([SANDBOX_CAPSICUM], [1], [Sandbox using capsicum]) 3140elif test "x$sandbox_arg" = "xrlimit" || \ 3141 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ 3142 test "x$select_works_with_rlimit" = "xyes" && \ 3143 test "x$rlimit_nofile_zero_works" = "xyes" ) ; then 3144 test "x$ac_cv_func_setrlimit" != "xyes" && \ 3145 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 3146 test "x$select_works_with_rlimit" != "xyes" && \ 3147 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) 3148 SANDBOX_STYLE="rlimit" 3149 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 3150elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ 3151 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 3152 SANDBOX_STYLE="none" 3153 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) 3154else 3155 AC_MSG_ERROR([unsupported --with-sandbox]) 3156fi 3157 3158# Cheap hack to ensure NEWS-OS libraries are arranged right. 3159if test ! -z "$SONY" ; then 3160 LIBS="$LIBS -liberty"; 3161fi 3162 3163# Check for long long datatypes 3164AC_CHECK_TYPES([long long, unsigned long long, long double]) 3165 3166# Check datatype sizes 3167AC_CHECK_SIZEOF([short int], [2]) 3168AC_CHECK_SIZEOF([int], [4]) 3169AC_CHECK_SIZEOF([long int], [4]) 3170AC_CHECK_SIZEOF([long long int], [8]) 3171 3172# Sanity check long long for some platforms (AIX) 3173if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then 3174 ac_cv_sizeof_long_long_int=0 3175fi 3176 3177# compute LLONG_MIN and LLONG_MAX if we don't know them. 3178if test -z "$have_llong_max"; then 3179 AC_MSG_CHECKING([for max value of long long]) 3180 AC_RUN_IFELSE( 3181 [AC_LANG_PROGRAM([[ 3182#include <stdio.h> 3183/* Why is this so damn hard? */ 3184#ifdef __GNUC__ 3185# undef __GNUC__ 3186#endif 3187#define __USE_ISOC99 3188#include <limits.h> 3189#define DATA "conftest.llminmax" 3190#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a)) 3191 3192/* 3193 * printf in libc on some platforms (eg old Tru64) does not understand %lld so 3194 * we do this the hard way. 3195 */ 3196static int 3197fprint_ll(FILE *f, long long n) 3198{ 3199 unsigned int i; 3200 int l[sizeof(long long) * 8]; 3201 3202 if (n < 0) 3203 if (fprintf(f, "-") < 0) 3204 return -1; 3205 for (i = 0; n != 0; i++) { 3206 l[i] = my_abs(n % 10); 3207 n /= 10; 3208 } 3209 do { 3210 if (fprintf(f, "%d", l[--i]) < 0) 3211 return -1; 3212 } while (i != 0); 3213 if (fprintf(f, " ") < 0) 3214 return -1; 3215 return 0; 3216} 3217 ]], [[ 3218 FILE *f; 3219 long long i, llmin, llmax = 0; 3220 3221 if((f = fopen(DATA,"w")) == NULL) 3222 exit(1); 3223 3224#if defined(LLONG_MIN) && defined(LLONG_MAX) 3225 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n"); 3226 llmin = LLONG_MIN; 3227 llmax = LLONG_MAX; 3228#else 3229 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n"); 3230 /* This will work on one's complement and two's complement */ 3231 for (i = 1; i > llmax; i <<= 1, i++) 3232 llmax = i; 3233 llmin = llmax + 1LL; /* wrap */ 3234#endif 3235 3236 /* Sanity check */ 3237 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax 3238 || llmax - 1 > llmax || llmin == llmax || llmin == 0 3239 || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) { 3240 fprintf(f, "unknown unknown\n"); 3241 exit(2); 3242 } 3243 3244 if (fprint_ll(f, llmin) < 0) 3245 exit(3); 3246 if (fprint_ll(f, llmax) < 0) 3247 exit(4); 3248 if (fclose(f) < 0) 3249 exit(5); 3250 exit(0); 3251 ]])], 3252 [ 3253 llong_min=`$AWK '{print $1}' conftest.llminmax` 3254 llong_max=`$AWK '{print $2}' conftest.llminmax` 3255 3256 AC_MSG_RESULT([$llong_max]) 3257 AC_DEFINE_UNQUOTED([LLONG_MAX], [${llong_max}LL], 3258 [max value of long long calculated by configure]) 3259 AC_MSG_CHECKING([for min value of long long]) 3260 AC_MSG_RESULT([$llong_min]) 3261 AC_DEFINE_UNQUOTED([LLONG_MIN], [${llong_min}LL], 3262 [min value of long long calculated by configure]) 3263 ], 3264 [ 3265 AC_MSG_RESULT([not found]) 3266 ], 3267 [ 3268 AC_MSG_WARN([cross compiling: not checking]) 3269 ] 3270 ) 3271fi 3272 3273 3274# More checks for data types 3275AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 3276 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3277 [[ u_int a; a = 1;]])], 3278 [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" 3279 ]) 3280]) 3281if test "x$ac_cv_have_u_int" = "xyes" ; then 3282 AC_DEFINE([HAVE_U_INT], [1], [define if you have u_int data type]) 3283 have_u_int=1 3284fi 3285 3286AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ 3287 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3288 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3289 [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" 3290 ]) 3291]) 3292if test "x$ac_cv_have_intxx_t" = "xyes" ; then 3293 AC_DEFINE([HAVE_INTXX_T], [1], [define if you have intxx_t data type]) 3294 have_intxx_t=1 3295fi 3296 3297if (test -z "$have_intxx_t" && \ 3298 test "x$ac_cv_header_stdint_h" = "xyes") 3299then 3300 AC_MSG_CHECKING([for intXX_t types in stdint.h]) 3301 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3302 [[ int8_t a; int16_t b; int32_t c; a = b = c = 1;]])], 3303 [ 3304 AC_DEFINE([HAVE_INTXX_T]) 3305 AC_MSG_RESULT([yes]) 3306 ], [ AC_MSG_RESULT([no]) 3307 ]) 3308fi 3309 3310AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 3311 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3312#include <sys/types.h> 3313#ifdef HAVE_STDINT_H 3314# include <stdint.h> 3315#endif 3316#include <sys/socket.h> 3317#ifdef HAVE_SYS_BITYPES_H 3318# include <sys/bitypes.h> 3319#endif 3320 ]], [[ 3321int64_t a; a = 1; 3322 ]])], 3323 [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" 3324 ]) 3325]) 3326if test "x$ac_cv_have_int64_t" = "xyes" ; then 3327 AC_DEFINE([HAVE_INT64_T], [1], [define if you have int64_t data type]) 3328fi 3329 3330AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 3331 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3332 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3333 [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" 3334 ]) 3335]) 3336if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 3337 AC_DEFINE([HAVE_U_INTXX_T], [1], [define if you have u_intxx_t data type]) 3338 have_u_intxx_t=1 3339fi 3340 3341if test -z "$have_u_intxx_t" ; then 3342 AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) 3343 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/socket.h> ]], 3344 [[ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;]])], 3345 [ 3346 AC_DEFINE([HAVE_U_INTXX_T]) 3347 AC_MSG_RESULT([yes]) 3348 ], [ AC_MSG_RESULT([no]) 3349 ]) 3350fi 3351 3352AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ 3353 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3354 [[ u_int64_t a; a = 1;]])], 3355 [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" 3356 ]) 3357]) 3358if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 3359 AC_DEFINE([HAVE_U_INT64_T], [1], [define if you have u_int64_t data type]) 3360 have_u_int64_t=1 3361fi 3362 3363if (test -z "$have_u_int64_t" && \ 3364 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3365then 3366 AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) 3367 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/bitypes.h> ]], 3368 [[ u_int64_t a; a = 1]])], 3369 [ 3370 AC_DEFINE([HAVE_U_INT64_T]) 3371 AC_MSG_RESULT([yes]) 3372 ], [ AC_MSG_RESULT([no]) 3373 ]) 3374fi 3375 3376if test -z "$have_u_intxx_t" ; then 3377 AC_CACHE_CHECK([for uintXX_t types], ac_cv_have_uintxx_t, [ 3378 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3379#include <sys/types.h> 3380 ]], [[ 3381 uint8_t a; 3382 uint16_t b; 3383 uint32_t c; 3384 a = b = c = 1; 3385 ]])], 3386 [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" 3387 ]) 3388 ]) 3389 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 3390 AC_DEFINE([HAVE_UINTXX_T], [1], 3391 [define if you have uintxx_t data type]) 3392 fi 3393fi 3394 3395if (test -z "$have_uintxx_t" && \ 3396 test "x$ac_cv_header_stdint_h" = "xyes") 3397then 3398 AC_MSG_CHECKING([for uintXX_t types in stdint.h]) 3399 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <stdint.h> ]], 3400 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3401 [ 3402 AC_DEFINE([HAVE_UINTXX_T]) 3403 AC_MSG_RESULT([yes]) 3404 ], [ AC_MSG_RESULT([no]) 3405 ]) 3406fi 3407 3408if (test -z "$have_uintxx_t" && \ 3409 test "x$ac_cv_header_inttypes_h" = "xyes") 3410then 3411 AC_MSG_CHECKING([for uintXX_t types in inttypes.h]) 3412 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <inttypes.h> ]], 3413 [[ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;]])], 3414 [ 3415 AC_DEFINE([HAVE_UINTXX_T]) 3416 AC_MSG_RESULT([yes]) 3417 ], [ AC_MSG_RESULT([no]) 3418 ]) 3419fi 3420 3421if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ 3422 test "x$ac_cv_header_sys_bitypes_h" = "xyes") 3423then 3424 AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) 3425 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3426#include <sys/bitypes.h> 3427 ]], [[ 3428 int8_t a; int16_t b; int32_t c; 3429 u_int8_t e; u_int16_t f; u_int32_t g; 3430 a = b = c = e = f = g = 1; 3431 ]])], 3432 [ 3433 AC_DEFINE([HAVE_U_INTXX_T]) 3434 AC_DEFINE([HAVE_INTXX_T]) 3435 AC_MSG_RESULT([yes]) 3436 ], [AC_MSG_RESULT([no]) 3437 ]) 3438fi 3439 3440 3441AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [ 3442 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3443 [[ u_char foo; foo = 125; ]])], 3444 [ ac_cv_have_u_char="yes" ], [ ac_cv_have_u_char="no" 3445 ]) 3446]) 3447if test "x$ac_cv_have_u_char" = "xyes" ; then 3448 AC_DEFINE([HAVE_U_CHAR], [1], [define if you have u_char data type]) 3449fi 3450 3451AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ 3452#include <sys/types.h> 3453#include <stdint.h> 3454]) 3455 3456TYPE_SOCKLEN_T 3457 3458AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>]) 3459AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ 3460#include <sys/types.h> 3461#ifdef HAVE_SYS_BITYPES_H 3462#include <sys/bitypes.h> 3463#endif 3464#ifdef HAVE_SYS_STATFS_H 3465#include <sys/statfs.h> 3466#endif 3467#ifdef HAVE_SYS_STATVFS_H 3468#include <sys/statvfs.h> 3469#endif 3470]) 3471 3472AC_CHECK_TYPES([in_addr_t, in_port_t], , , 3473[#include <sys/types.h> 3474#include <netinet/in.h>]) 3475 3476AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ 3477 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3478 [[ size_t foo; foo = 1235; ]])], 3479 [ ac_cv_have_size_t="yes" ], [ ac_cv_have_size_t="no" 3480 ]) 3481]) 3482if test "x$ac_cv_have_size_t" = "xyes" ; then 3483 AC_DEFINE([HAVE_SIZE_T], [1], [define if you have size_t data type]) 3484fi 3485 3486AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 3487 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3488 [[ ssize_t foo; foo = 1235; ]])], 3489 [ ac_cv_have_ssize_t="yes" ], [ ac_cv_have_ssize_t="no" 3490 ]) 3491]) 3492if test "x$ac_cv_have_ssize_t" = "xyes" ; then 3493 AC_DEFINE([HAVE_SSIZE_T], [1], [define if you have ssize_t data type]) 3494fi 3495 3496AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 3497 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <time.h> ]], 3498 [[ clock_t foo; foo = 1235; ]])], 3499 [ ac_cv_have_clock_t="yes" ], [ ac_cv_have_clock_t="no" 3500 ]) 3501]) 3502if test "x$ac_cv_have_clock_t" = "xyes" ; then 3503 AC_DEFINE([HAVE_CLOCK_T], [1], [define if you have clock_t data type]) 3504fi 3505 3506AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 3507 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3508#include <sys/types.h> 3509#include <sys/socket.h> 3510 ]], [[ sa_family_t foo; foo = 1235; ]])], 3511 [ ac_cv_have_sa_family_t="yes" ], 3512 [ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3513#include <sys/types.h> 3514#include <sys/socket.h> 3515#include <netinet/in.h> 3516 ]], [[ sa_family_t foo; foo = 1235; ]])], 3517 [ ac_cv_have_sa_family_t="yes" ], 3518 [ ac_cv_have_sa_family_t="no" ] 3519 ) 3520 ]) 3521]) 3522if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 3523 AC_DEFINE([HAVE_SA_FAMILY_T], [1], 3524 [define if you have sa_family_t data type]) 3525fi 3526 3527AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 3528 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3529 [[ pid_t foo; foo = 1235; ]])], 3530 [ ac_cv_have_pid_t="yes" ], [ ac_cv_have_pid_t="no" 3531 ]) 3532]) 3533if test "x$ac_cv_have_pid_t" = "xyes" ; then 3534 AC_DEFINE([HAVE_PID_T], [1], [define if you have pid_t data type]) 3535fi 3536 3537AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 3538 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/types.h> ]], 3539 [[ mode_t foo; foo = 1235; ]])], 3540 [ ac_cv_have_mode_t="yes" ], [ ac_cv_have_mode_t="no" 3541 ]) 3542]) 3543if test "x$ac_cv_have_mode_t" = "xyes" ; then 3544 AC_DEFINE([HAVE_MODE_T], [1], [define if you have mode_t data type]) 3545fi 3546 3547 3548AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [ 3549 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3550#include <sys/types.h> 3551#include <sys/socket.h> 3552 ]], [[ struct sockaddr_storage s; ]])], 3553 [ ac_cv_have_struct_sockaddr_storage="yes" ], 3554 [ ac_cv_have_struct_sockaddr_storage="no" 3555 ]) 3556]) 3557if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 3558 AC_DEFINE([HAVE_STRUCT_SOCKADDR_STORAGE], [1], 3559 [define if you have struct sockaddr_storage data type]) 3560fi 3561 3562AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 3563 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3564#include <sys/types.h> 3565#include <netinet/in.h> 3566 ]], [[ struct sockaddr_in6 s; s.sin6_family = 0; ]])], 3567 [ ac_cv_have_struct_sockaddr_in6="yes" ], 3568 [ ac_cv_have_struct_sockaddr_in6="no" 3569 ]) 3570]) 3571if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 3572 AC_DEFINE([HAVE_STRUCT_SOCKADDR_IN6], [1], 3573 [define if you have struct sockaddr_in6 data type]) 3574fi 3575 3576AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 3577 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3578#include <sys/types.h> 3579#include <netinet/in.h> 3580 ]], [[ struct in6_addr s; s.s6_addr[0] = 0; ]])], 3581 [ ac_cv_have_struct_in6_addr="yes" ], 3582 [ ac_cv_have_struct_in6_addr="no" 3583 ]) 3584]) 3585if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 3586 AC_DEFINE([HAVE_STRUCT_IN6_ADDR], [1], 3587 [define if you have struct in6_addr data type]) 3588 3589dnl Now check for sin6_scope_id 3590 AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id], , , 3591 [ 3592#ifdef HAVE_SYS_TYPES_H 3593#include <sys/types.h> 3594#endif 3595#include <netinet/in.h> 3596 ]) 3597fi 3598 3599AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 3600 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3601#include <sys/types.h> 3602#include <sys/socket.h> 3603#include <netdb.h> 3604 ]], [[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ]])], 3605 [ ac_cv_have_struct_addrinfo="yes" ], 3606 [ ac_cv_have_struct_addrinfo="no" 3607 ]) 3608]) 3609if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 3610 AC_DEFINE([HAVE_STRUCT_ADDRINFO], [1], 3611 [define if you have struct addrinfo data type]) 3612fi 3613 3614AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 3615 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], 3616 [[ struct timeval tv; tv.tv_sec = 1;]])], 3617 [ ac_cv_have_struct_timeval="yes" ], 3618 [ ac_cv_have_struct_timeval="no" 3619 ]) 3620]) 3621if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 3622 AC_DEFINE([HAVE_STRUCT_TIMEVAL], [1], [define if you have struct timeval]) 3623 have_struct_timeval=1 3624fi 3625 3626AC_CHECK_TYPES([struct timespec]) 3627 3628# We need int64_t or else certian parts of the compile will fail. 3629if test "x$ac_cv_have_int64_t" = "xno" && \ 3630 test "x$ac_cv_sizeof_long_int" != "x8" && \ 3631 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then 3632 echo "OpenSSH requires int64_t support. Contact your vendor or install" 3633 echo "an alternative compiler (I.E., GCC) before continuing." 3634 echo "" 3635 exit 1; 3636else 3637dnl test snprintf (broken on SCO w/gcc) 3638 AC_RUN_IFELSE( 3639 [AC_LANG_SOURCE([[ 3640#include <stdio.h> 3641#include <string.h> 3642#ifdef HAVE_SNPRINTF 3643main() 3644{ 3645 char buf[50]; 3646 char expected_out[50]; 3647 int mazsize = 50 ; 3648#if (SIZEOF_LONG_INT == 8) 3649 long int num = 0x7fffffffffffffff; 3650#else 3651 long long num = 0x7fffffffffffffffll; 3652#endif 3653 strcpy(expected_out, "9223372036854775807"); 3654 snprintf(buf, mazsize, "%lld", num); 3655 if(strcmp(buf, expected_out) != 0) 3656 exit(1); 3657 exit(0); 3658} 3659#else 3660main() { exit(0); } 3661#endif 3662 ]])], [ true ], [ AC_DEFINE([BROKEN_SNPRINTF]) ], 3663 AC_MSG_WARN([cross compiling: Assuming working snprintf()]) 3664 ) 3665fi 3666 3667dnl Checks for structure members 3668OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmp.h], [HAVE_HOST_IN_UTMP]) 3669OSSH_CHECK_HEADER_FOR_FIELD([ut_host], [utmpx.h], [HAVE_HOST_IN_UTMPX]) 3670OSSH_CHECK_HEADER_FOR_FIELD([syslen], [utmpx.h], [HAVE_SYSLEN_IN_UTMPX]) 3671OSSH_CHECK_HEADER_FOR_FIELD([ut_pid], [utmp.h], [HAVE_PID_IN_UTMP]) 3672OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmp.h], [HAVE_TYPE_IN_UTMP]) 3673OSSH_CHECK_HEADER_FOR_FIELD([ut_type], [utmpx.h], [HAVE_TYPE_IN_UTMPX]) 3674OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmp.h], [HAVE_TV_IN_UTMP]) 3675OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmp.h], [HAVE_ID_IN_UTMP]) 3676OSSH_CHECK_HEADER_FOR_FIELD([ut_id], [utmpx.h], [HAVE_ID_IN_UTMPX]) 3677OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmp.h], [HAVE_ADDR_IN_UTMP]) 3678OSSH_CHECK_HEADER_FOR_FIELD([ut_addr], [utmpx.h], [HAVE_ADDR_IN_UTMPX]) 3679OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmp.h], [HAVE_ADDR_V6_IN_UTMP]) 3680OSSH_CHECK_HEADER_FOR_FIELD([ut_addr_v6], [utmpx.h], [HAVE_ADDR_V6_IN_UTMPX]) 3681OSSH_CHECK_HEADER_FOR_FIELD([ut_exit], [utmp.h], [HAVE_EXIT_IN_UTMP]) 3682OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP]) 3683OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) 3684OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) 3685 3686AC_CHECK_MEMBERS([struct stat.st_blksize]) 3687AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, 3688struct passwd.pw_change, struct passwd.pw_expire], 3689[], [], [[ 3690#include <sys/types.h> 3691#include <pwd.h> 3692]]) 3693 3694AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], 3695 [Define if we don't have struct __res_state in resolv.h])], 3696[[ 3697#include <stdio.h> 3698#if HAVE_SYS_TYPES_H 3699# include <sys/types.h> 3700#endif 3701#include <netinet/in.h> 3702#include <arpa/nameser.h> 3703#include <resolv.h> 3704]]) 3705 3706AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 3707 ac_cv_have_ss_family_in_struct_ss, [ 3708 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3709#include <sys/types.h> 3710#include <sys/socket.h> 3711 ]], [[ struct sockaddr_storage s; s.ss_family = 1; ]])], 3712 [ ac_cv_have_ss_family_in_struct_ss="yes" ], 3713 [ ac_cv_have_ss_family_in_struct_ss="no" ]) 3714]) 3715if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 3716 AC_DEFINE([HAVE_SS_FAMILY_IN_SS], [1], [Fields in struct sockaddr_storage]) 3717fi 3718 3719AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 3720 ac_cv_have___ss_family_in_struct_ss, [ 3721 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3722#include <sys/types.h> 3723#include <sys/socket.h> 3724 ]], [[ struct sockaddr_storage s; s.__ss_family = 1; ]])], 3725 [ ac_cv_have___ss_family_in_struct_ss="yes" ], 3726 [ ac_cv_have___ss_family_in_struct_ss="no" 3727 ]) 3728]) 3729if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 3730 AC_DEFINE([HAVE___SS_FAMILY_IN_SS], [1], 3731 [Fields in struct sockaddr_storage]) 3732fi 3733 3734dnl make sure we're using the real structure members and not defines 3735AC_CACHE_CHECK([for msg_accrights field in struct msghdr], 3736 ac_cv_have_accrights_in_msghdr, [ 3737 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3738#include <sys/types.h> 3739#include <sys/socket.h> 3740#include <sys/uio.h> 3741 ]], [[ 3742#ifdef msg_accrights 3743#error "msg_accrights is a macro" 3744exit(1); 3745#endif 3746struct msghdr m; 3747m.msg_accrights = 0; 3748exit(0); 3749 ]])], 3750 [ ac_cv_have_accrights_in_msghdr="yes" ], 3751 [ ac_cv_have_accrights_in_msghdr="no" ] 3752 ) 3753]) 3754if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 3755 AC_DEFINE([HAVE_ACCRIGHTS_IN_MSGHDR], [1], 3756 [Define if your system uses access rights style 3757 file descriptor passing]) 3758fi 3759 3760AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 3761AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3762#include <sys/param.h> 3763#include <sys/stat.h> 3764#ifdef HAVE_SYS_TIME_H 3765# include <sys/time.h> 3766#endif 3767#ifdef HAVE_SYS_MOUNT_H 3768#include <sys/mount.h> 3769#endif 3770#ifdef HAVE_SYS_STATVFS_H 3771#include <sys/statvfs.h> 3772#endif 3773 ]], [[ struct statvfs s; s.f_fsid = 0; ]])], 3774 [ AC_MSG_RESULT([yes]) ], 3775 [ AC_MSG_RESULT([no]) 3776 3777 AC_MSG_CHECKING([if fsid_t has member val]) 3778 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3779#include <sys/types.h> 3780#include <sys/statvfs.h> 3781 ]], [[ fsid_t t; t.val[0] = 0; ]])], 3782 [ AC_MSG_RESULT([yes]) 3783 AC_DEFINE([FSID_HAS_VAL], [1], [fsid_t has member val]) ], 3784 [ AC_MSG_RESULT([no]) ]) 3785 3786 AC_MSG_CHECKING([if f_fsid has member __val]) 3787 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3788#include <sys/types.h> 3789#include <sys/statvfs.h> 3790 ]], [[ fsid_t t; t.__val[0] = 0; ]])], 3791 [ AC_MSG_RESULT([yes]) 3792 AC_DEFINE([FSID_HAS___VAL], [1], [fsid_t has member __val]) ], 3793 [ AC_MSG_RESULT([no]) ]) 3794]) 3795 3796AC_CACHE_CHECK([for msg_control field in struct msghdr], 3797 ac_cv_have_control_in_msghdr, [ 3798 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3799#include <sys/types.h> 3800#include <sys/socket.h> 3801#include <sys/uio.h> 3802 ]], [[ 3803#ifdef msg_control 3804#error "msg_control is a macro" 3805exit(1); 3806#endif 3807struct msghdr m; 3808m.msg_control = 0; 3809exit(0); 3810 ]])], 3811 [ ac_cv_have_control_in_msghdr="yes" ], 3812 [ ac_cv_have_control_in_msghdr="no" ] 3813 ) 3814]) 3815if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 3816 AC_DEFINE([HAVE_CONTROL_IN_MSGHDR], [1], 3817 [Define if your system uses ancillary data style 3818 file descriptor passing]) 3819fi 3820 3821AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 3822 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 3823 [[ extern char *__progname; printf("%s", __progname); ]])], 3824 [ ac_cv_libc_defines___progname="yes" ], 3825 [ ac_cv_libc_defines___progname="no" 3826 ]) 3827]) 3828if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 3829 AC_DEFINE([HAVE___PROGNAME], [1], [Define if libc defines __progname]) 3830fi 3831 3832AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 3833 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 3834 [[ printf("%s", __FUNCTION__); ]])], 3835 [ ac_cv_cc_implements___FUNCTION__="yes" ], 3836 [ ac_cv_cc_implements___FUNCTION__="no" 3837 ]) 3838]) 3839if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 3840 AC_DEFINE([HAVE___FUNCTION__], [1], 3841 [Define if compiler implements __FUNCTION__]) 3842fi 3843 3844AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 3845 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], 3846 [[ printf("%s", __func__); ]])], 3847 [ ac_cv_cc_implements___func__="yes" ], 3848 [ ac_cv_cc_implements___func__="no" 3849 ]) 3850]) 3851if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 3852 AC_DEFINE([HAVE___func__], [1], [Define if compiler implements __func__]) 3853fi 3854 3855AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ 3856 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3857#include <stdarg.h> 3858va_list x,y; 3859 ]], [[ va_copy(x,y); ]])], 3860 [ ac_cv_have_va_copy="yes" ], 3861 [ ac_cv_have_va_copy="no" 3862 ]) 3863]) 3864if test "x$ac_cv_have_va_copy" = "xyes" ; then 3865 AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) 3866fi 3867 3868AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ 3869 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3870#include <stdarg.h> 3871va_list x,y; 3872 ]], [[ __va_copy(x,y); ]])], 3873 [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" 3874 ]) 3875]) 3876if test "x$ac_cv_have___va_copy" = "xyes" ; then 3877 AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) 3878fi 3879 3880AC_CACHE_CHECK([whether getopt has optreset support], 3881 ac_cv_have_getopt_optreset, [ 3882 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <getopt.h> ]], 3883 [[ extern int optreset; optreset = 0; ]])], 3884 [ ac_cv_have_getopt_optreset="yes" ], 3885 [ ac_cv_have_getopt_optreset="no" 3886 ]) 3887]) 3888if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 3889 AC_DEFINE([HAVE_GETOPT_OPTRESET], [1], 3890 [Define if your getopt(3) defines and uses optreset]) 3891fi 3892 3893AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 3894 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 3895[[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])], 3896 [ ac_cv_libc_defines_sys_errlist="yes" ], 3897 [ ac_cv_libc_defines_sys_errlist="no" 3898 ]) 3899]) 3900if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 3901 AC_DEFINE([HAVE_SYS_ERRLIST], [1], 3902 [Define if your system defines sys_errlist[]]) 3903fi 3904 3905 3906AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ 3907 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], 3908[[ extern int sys_nerr; printf("%i", sys_nerr);]])], 3909 [ ac_cv_libc_defines_sys_nerr="yes" ], 3910 [ ac_cv_libc_defines_sys_nerr="no" 3911 ]) 3912]) 3913if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 3914 AC_DEFINE([HAVE_SYS_NERR], [1], [Define if your system defines sys_nerr]) 3915fi 3916 3917# Check libraries needed by DNS fingerprint support 3918AC_SEARCH_LIBS([getrrsetbyname], [resolv], 3919 [AC_DEFINE([HAVE_GETRRSETBYNAME], [1], 3920 [Define if getrrsetbyname() exists])], 3921 [ 3922 # Needed by our getrrsetbyname() 3923 AC_SEARCH_LIBS([res_query], [resolv]) 3924 AC_SEARCH_LIBS([dn_expand], [resolv]) 3925 AC_MSG_CHECKING([if res_query will link]) 3926 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3927#include <sys/types.h> 3928#include <netinet/in.h> 3929#include <arpa/nameser.h> 3930#include <netdb.h> 3931#include <resolv.h> 3932 ]], [[ 3933 res_query (0, 0, 0, 0, 0); 3934 ]])], 3935 AC_MSG_RESULT([yes]), 3936 [AC_MSG_RESULT([no]) 3937 saved_LIBS="$LIBS" 3938 LIBS="$LIBS -lresolv" 3939 AC_MSG_CHECKING([for res_query in -lresolv]) 3940 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3941#include <sys/types.h> 3942#include <netinet/in.h> 3943#include <arpa/nameser.h> 3944#include <netdb.h> 3945#include <resolv.h> 3946 ]], [[ 3947 res_query (0, 0, 0, 0, 0); 3948 ]])], 3949 [AC_MSG_RESULT([yes])], 3950 [LIBS="$saved_LIBS" 3951 AC_MSG_RESULT([no])]) 3952 ]) 3953 AC_CHECK_FUNCS([_getshort _getlong]) 3954 AC_CHECK_DECLS([_getshort, _getlong], , , 3955 [#include <sys/types.h> 3956 #include <arpa/nameser.h>]) 3957 AC_CHECK_MEMBER([HEADER.ad], 3958 [AC_DEFINE([HAVE_HEADER_AD], [1], 3959 [Define if HEADER.ad exists in arpa/nameser.h])], , 3960 [#include <arpa/nameser.h>]) 3961 ]) 3962 3963AC_MSG_CHECKING([if struct __res_state _res is an extern]) 3964AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 3965#include <stdio.h> 3966#if HAVE_SYS_TYPES_H 3967# include <sys/types.h> 3968#endif 3969#include <netinet/in.h> 3970#include <arpa/nameser.h> 3971#include <resolv.h> 3972extern struct __res_state _res; 3973 ]], [[ ]])], 3974 [AC_MSG_RESULT([yes]) 3975 AC_DEFINE([HAVE__RES_EXTERN], [1], 3976 [Define if you have struct __res_state _res as an extern]) 3977 ], 3978 [ AC_MSG_RESULT([no]) ] 3979) 3980 3981# Check whether user wants SELinux support 3982SELINUX_MSG="no" 3983LIBSELINUX="" 3984AC_ARG_WITH([selinux], 3985 [ --with-selinux Enable SELinux support], 3986 [ if test "x$withval" != "xno" ; then 3987 save_LIBS="$LIBS" 3988 AC_DEFINE([WITH_SELINUX], [1], 3989 [Define if you want SELinux support.]) 3990 SELINUX_MSG="yes" 3991 AC_CHECK_HEADER([selinux/selinux.h], , 3992 AC_MSG_ERROR([SELinux support requires selinux.h header])) 3993 AC_CHECK_LIB([selinux], [setexeccon], 3994 [ LIBSELINUX="-lselinux" 3995 LIBS="$LIBS -lselinux" 3996 ], 3997 AC_MSG_ERROR([SELinux support requires libselinux library])) 3998 SSHLIBS="$SSHLIBS $LIBSELINUX" 3999 SSHDLIBS="$SSHDLIBS $LIBSELINUX" 4000 AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level]) 4001 LIBS="$save_LIBS" 4002 fi ] 4003) 4004AC_SUBST([SSHLIBS]) 4005AC_SUBST([SSHDLIBS]) 4006 4007# Check whether user wants Kerberos 5 support 4008KRB5_MSG="no" 4009AC_ARG_WITH([kerberos5], 4010 [ --with-kerberos5=PATH Enable Kerberos 5 support], 4011 [ if test "x$withval" != "xno" ; then 4012 if test "x$withval" = "xyes" ; then 4013 KRB5ROOT="/usr/local" 4014 else 4015 KRB5ROOT=${withval} 4016 fi 4017 4018 AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support]) 4019 KRB5_MSG="yes" 4020 4021 AC_PATH_PROG([KRB5CONF], [krb5-config], 4022 [$KRB5ROOT/bin/krb5-config], 4023 [$KRB5ROOT/bin:$PATH]) 4024 if test -x $KRB5CONF ; then 4025 K5CFLAGS="`$KRB5CONF --cflags`" 4026 K5LIBS="`$KRB5CONF --libs`" 4027 CPPFLAGS="$CPPFLAGS $K5CFLAGS" 4028 4029 AC_MSG_CHECKING([for gssapi support]) 4030 if $KRB5CONF | grep gssapi >/dev/null ; then 4031 AC_MSG_RESULT([yes]) 4032 AC_DEFINE([GSSAPI], [1], 4033 [Define this if you want GSSAPI 4034 support in the version 2 protocol]) 4035 GSSCFLAGS="`$KRB5CONF --cflags gssapi`" 4036 GSSLIBS="`$KRB5CONF --libs gssapi`" 4037 CPPFLAGS="$CPPFLAGS $GSSCFLAGS" 4038 else 4039 AC_MSG_RESULT([no]) 4040 fi 4041 AC_MSG_CHECKING([whether we are using Heimdal]) 4042 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4043 ]], [[ char *tmp = heimdal_version; ]])], 4044 [ AC_MSG_RESULT([yes]) 4045 AC_DEFINE([HEIMDAL], [1], 4046 [Define this if you are using the Heimdal 4047 version of Kerberos V5]) ], 4048 [AC_MSG_RESULT([no]) 4049 ]) 4050 else 4051 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" 4052 LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" 4053 AC_MSG_CHECKING([whether we are using Heimdal]) 4054 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h> 4055 ]], [[ char *tmp = heimdal_version; ]])], 4056 [ AC_MSG_RESULT([yes]) 4057 AC_DEFINE([HEIMDAL]) 4058 K5LIBS="-lkrb5" 4059 K5LIBS="$K5LIBS -lcom_err -lasn1" 4060 AC_CHECK_LIB([roken], [net_write], 4061 [K5LIBS="$K5LIBS -lroken"]) 4062 AC_CHECK_LIB([des], [des_cbc_encrypt], 4063 [K5LIBS="$K5LIBS -ldes"]) 4064 ], [ AC_MSG_RESULT([no]) 4065 K5LIBS="-lkrb5 -lk5crypto -lcom_err" 4066 4067 ]) 4068 AC_SEARCH_LIBS([dn_expand], [resolv]) 4069 4070 AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context], 4071 [ AC_DEFINE([GSSAPI]) 4072 GSSLIBS="-lgssapi_krb5" ], 4073 [ AC_CHECK_LIB([gssapi], [gss_init_sec_context], 4074 [ AC_DEFINE([GSSAPI]) 4075 GSSLIBS="-lgssapi" ], 4076 [ AC_CHECK_LIB([gss], [gss_init_sec_context], 4077 [ AC_DEFINE([GSSAPI]) 4078 GSSLIBS="-lgss" ], 4079 AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail])) 4080 ]) 4081 ]) 4082 4083 AC_CHECK_HEADER([gssapi.h], , 4084 [ unset ac_cv_header_gssapi_h 4085 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4086 AC_CHECK_HEADERS([gssapi.h], , 4087 AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) 4088 ) 4089 ] 4090 ) 4091 4092 oldCPP="$CPPFLAGS" 4093 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 4094 AC_CHECK_HEADER([gssapi_krb5.h], , 4095 [ CPPFLAGS="$oldCPP" ]) 4096 4097 fi 4098 if test ! -z "$need_dash_r" ; then 4099 LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" 4100 fi 4101 if test ! -z "$blibpath" ; then 4102 blibpath="$blibpath:${KRB5ROOT}/lib" 4103 fi 4104 4105 AC_CHECK_HEADERS([gssapi.h gssapi/gssapi.h]) 4106 AC_CHECK_HEADERS([gssapi_krb5.h gssapi/gssapi_krb5.h]) 4107 AC_CHECK_HEADERS([gssapi_generic.h gssapi/gssapi_generic.h]) 4108 4109 AC_SEARCH_LIBS([k_hasafs], [kafs], [AC_DEFINE([USE_AFS], [1], 4110 [Define this if you want to use libkafs' AFS support])]) 4111 4112 AC_CHECK_DECLS([GSS_C_NT_HOSTBASED_SERVICE], [], [], [[ 4113#ifdef HAVE_GSSAPI_H 4114# include <gssapi.h> 4115#elif defined(HAVE_GSSAPI_GSSAPI_H) 4116# include <gssapi/gssapi.h> 4117#endif 4118 4119#ifdef HAVE_GSSAPI_GENERIC_H 4120# include <gssapi_generic.h> 4121#elif defined(HAVE_GSSAPI_GSSAPI_GENERIC_H) 4122# include <gssapi/gssapi_generic.h> 4123#endif 4124 ]]) 4125 saved_LIBS="$LIBS" 4126 LIBS="$LIBS $K5LIBS" 4127 AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) 4128 LIBS="$saved_LIBS" 4129 4130 fi 4131 ] 4132) 4133AC_SUBST([GSSLIBS]) 4134AC_SUBST([K5LIBS]) 4135 4136# Looking for programs, paths and files 4137 4138PRIVSEP_PATH=/var/empty 4139AC_ARG_WITH([privsep-path], 4140 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 4141 [ 4142 if test -n "$withval" && test "x$withval" != "xno" && \ 4143 test "x${withval}" != "xyes"; then 4144 PRIVSEP_PATH=$withval 4145 fi 4146 ] 4147) 4148AC_SUBST([PRIVSEP_PATH]) 4149 4150AC_ARG_WITH([xauth], 4151 [ --with-xauth=PATH Specify path to xauth program ], 4152 [ 4153 if test -n "$withval" && test "x$withval" != "xno" && \ 4154 test "x${withval}" != "xyes"; then 4155 xauth_path=$withval 4156 fi 4157 ], 4158 [ 4159 TestPath="$PATH" 4160 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" 4161 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" 4162 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" 4163 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" 4164 AC_PATH_PROG([xauth_path], [xauth], , [$TestPath]) 4165 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 4166 xauth_path="/usr/openwin/bin/xauth" 4167 fi 4168 ] 4169) 4170 4171STRIP_OPT=-s 4172AC_ARG_ENABLE([strip], 4173 [ --disable-strip Disable calling strip(1) on install], 4174 [ 4175 if test "x$enableval" = "xno" ; then 4176 STRIP_OPT= 4177 fi 4178 ] 4179) 4180AC_SUBST([STRIP_OPT]) 4181 4182if test -z "$xauth_path" ; then 4183 XAUTH_PATH="undefined" 4184 AC_SUBST([XAUTH_PATH]) 4185else 4186 AC_DEFINE_UNQUOTED([XAUTH_PATH], ["$xauth_path"], 4187 [Define if xauth is found in your path]) 4188 XAUTH_PATH=$xauth_path 4189 AC_SUBST([XAUTH_PATH]) 4190fi 4191 4192dnl # --with-maildir=/path/to/mail gets top priority. 4193dnl # if maildir is set in the platform case statement above we use that. 4194dnl # Otherwise we run a program to get the dir from system headers. 4195dnl # We first look for _PATH_MAILDIR then MAILDIR then _PATH_MAIL 4196dnl # If we find _PATH_MAILDIR we do nothing because that is what 4197dnl # session.c expects anyway. Otherwise we set to the value found 4198dnl # stripping any trailing slash. If for some strage reason our program 4199dnl # does not find what it needs, we default to /var/spool/mail. 4200# Check for mail directory 4201AC_ARG_WITH([maildir], 4202 [ --with-maildir=/path/to/mail Specify your system mail directory], 4203 [ 4204 if test "X$withval" != X && test "x$withval" != xno && \ 4205 test "x${withval}" != xyes; then 4206 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], 4207 [Set this to your mail directory if you do not have _PATH_MAILDIR]) 4208 fi 4209 ],[ 4210 if test "X$maildir" != "X"; then 4211 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4212 else 4213 AC_MSG_CHECKING([Discovering system mail directory]) 4214 AC_RUN_IFELSE( 4215 [AC_LANG_PROGRAM([[ 4216#include <stdio.h> 4217#include <string.h> 4218#ifdef HAVE_PATHS_H 4219#include <paths.h> 4220#endif 4221#ifdef HAVE_MAILLOCK_H 4222#include <maillock.h> 4223#endif 4224#define DATA "conftest.maildir" 4225 ]], [[ 4226 FILE *fd; 4227 int rc; 4228 4229 fd = fopen(DATA,"w"); 4230 if(fd == NULL) 4231 exit(1); 4232 4233#if defined (_PATH_MAILDIR) 4234 if ((rc = fprintf(fd ,"_PATH_MAILDIR:%s\n", _PATH_MAILDIR)) <0) 4235 exit(1); 4236#elif defined (MAILDIR) 4237 if ((rc = fprintf(fd ,"MAILDIR:%s\n", MAILDIR)) <0) 4238 exit(1); 4239#elif defined (_PATH_MAIL) 4240 if ((rc = fprintf(fd ,"_PATH_MAIL:%s\n", _PATH_MAIL)) <0) 4241 exit(1); 4242#else 4243 exit (2); 4244#endif 4245 4246 exit(0); 4247 ]])], 4248 [ 4249 maildir_what=`awk -F: '{print $1}' conftest.maildir` 4250 maildir=`awk -F: '{print $2}' conftest.maildir \ 4251 | sed 's|/$||'` 4252 AC_MSG_RESULT([Using: $maildir from $maildir_what]) 4253 if test "x$maildir_what" != "x_PATH_MAILDIR"; then 4254 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$maildir"]) 4255 fi 4256 ], 4257 [ 4258 if test "X$ac_status" = "X2";then 4259# our test program didn't find it. Default to /var/spool/mail 4260 AC_MSG_RESULT([Using: default value of /var/spool/mail]) 4261 AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["/var/spool/mail"]) 4262 else 4263 AC_MSG_RESULT([*** not found ***]) 4264 fi 4265 ], 4266 [ 4267 AC_MSG_WARN([cross compiling: use --with-maildir=/path/to/mail]) 4268 ] 4269 ) 4270 fi 4271 ] 4272) # maildir 4273 4274if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 4275 AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) 4276 disable_ptmx_check=yes 4277fi 4278if test -z "$no_dev_ptmx" ; then 4279 if test "x$disable_ptmx_check" != "xyes" ; then 4280 AC_CHECK_FILE(["/dev/ptmx"], 4281 [ 4282 AC_DEFINE_UNQUOTED([HAVE_DEV_PTMX], [1], 4283 [Define if you have /dev/ptmx]) 4284 have_dev_ptmx=1 4285 ] 4286 ) 4287 fi 4288fi 4289 4290if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 4291 AC_CHECK_FILE(["/dev/ptc"], 4292 [ 4293 AC_DEFINE_UNQUOTED([HAVE_DEV_PTS_AND_PTC], [1], 4294 [Define if you have /dev/ptc]) 4295 have_dev_ptc=1 4296 ] 4297 ) 4298else 4299 AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) 4300fi 4301 4302# Options from here on. Some of these are preset by platform above 4303AC_ARG_WITH([mantype], 4304 [ --with-mantype=man|cat|doc Set man page type], 4305 [ 4306 case "$withval" in 4307 man|cat|doc) 4308 MANTYPE=$withval 4309 ;; 4310 *) 4311 AC_MSG_ERROR([invalid man type: $withval]) 4312 ;; 4313 esac 4314 ] 4315) 4316if test -z "$MANTYPE"; then 4317 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" 4318 AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath]) 4319 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 4320 MANTYPE=doc 4321 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 4322 MANTYPE=man 4323 else 4324 MANTYPE=cat 4325 fi 4326fi 4327AC_SUBST([MANTYPE]) 4328if test "$MANTYPE" = "doc"; then 4329 mansubdir=man; 4330else 4331 mansubdir=$MANTYPE; 4332fi 4333AC_SUBST([mansubdir]) 4334 4335# Check whether to enable MD5 passwords 4336MD5_MSG="no" 4337AC_ARG_WITH([md5-passwords], 4338 [ --with-md5-passwords Enable use of MD5 passwords], 4339 [ 4340 if test "x$withval" != "xno" ; then 4341 AC_DEFINE([HAVE_MD5_PASSWORDS], [1], 4342 [Define if you want to allow MD5 passwords]) 4343 MD5_MSG="yes" 4344 fi 4345 ] 4346) 4347 4348# Whether to disable shadow password support 4349AC_ARG_WITH([shadow], 4350 [ --without-shadow Disable shadow password support], 4351 [ 4352 if test "x$withval" = "xno" ; then 4353 AC_DEFINE([DISABLE_SHADOW]) 4354 disable_shadow=yes 4355 fi 4356 ] 4357) 4358 4359if test -z "$disable_shadow" ; then 4360 AC_MSG_CHECKING([if the systems has expire shadow information]) 4361 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4362#include <sys/types.h> 4363#include <shadow.h> 4364struct spwd sp; 4365 ]], [[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ]])], 4366 [ sp_expire_available=yes ], [ 4367 ]) 4368 4369 if test "x$sp_expire_available" = "xyes" ; then 4370 AC_MSG_RESULT([yes]) 4371 AC_DEFINE([HAS_SHADOW_EXPIRE], [1], 4372 [Define if you want to use shadow password expire field]) 4373 else 4374 AC_MSG_RESULT([no]) 4375 fi 4376fi 4377 4378# Use ip address instead of hostname in $DISPLAY 4379if test ! -z "$IPADDR_IN_DISPLAY" ; then 4380 DISPLAY_HACK_MSG="yes" 4381 AC_DEFINE([IPADDR_IN_DISPLAY], [1], 4382 [Define if you need to use IP address 4383 instead of hostname in $DISPLAY]) 4384else 4385 DISPLAY_HACK_MSG="no" 4386 AC_ARG_WITH([ipaddr-display], 4387 [ --with-ipaddr-display Use ip address instead of hostname in $DISPLAY], 4388 [ 4389 if test "x$withval" != "xno" ; then 4390 AC_DEFINE([IPADDR_IN_DISPLAY]) 4391 DISPLAY_HACK_MSG="yes" 4392 fi 4393 ] 4394 ) 4395fi 4396 4397# check for /etc/default/login and use it if present. 4398AC_ARG_ENABLE([etc-default-login], 4399 [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], 4400 [ if test "x$enableval" = "xno"; then 4401 AC_MSG_NOTICE([/etc/default/login handling disabled]) 4402 etc_default_login=no 4403 else 4404 etc_default_login=yes 4405 fi ], 4406 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 4407 then 4408 AC_MSG_WARN([cross compiling: not checking /etc/default/login]) 4409 etc_default_login=no 4410 else 4411 etc_default_login=yes 4412 fi ] 4413) 4414 4415if test "x$etc_default_login" != "xno"; then 4416 AC_CHECK_FILE(["/etc/default/login"], 4417 [ external_path_file=/etc/default/login ]) 4418 if test "x$external_path_file" = "x/etc/default/login"; then 4419 AC_DEFINE([HAVE_ETC_DEFAULT_LOGIN], [1], 4420 [Define if your system has /etc/default/login]) 4421 fi 4422fi 4423 4424dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 4425if test $ac_cv_func_login_getcapbool = "yes" && \ 4426 test $ac_cv_header_login_cap_h = "yes" ; then 4427 external_path_file=/etc/login.conf 4428fi 4429 4430# Whether to mess with the default path 4431SERVER_PATH_MSG="(default)" 4432AC_ARG_WITH([default-path], 4433 [ --with-default-path= Specify default $PATH environment for server], 4434 [ 4435 if test "x$external_path_file" = "x/etc/login.conf" ; then 4436 AC_MSG_WARN([ 4437--with-default-path=PATH has no effect on this system. 4438Edit /etc/login.conf instead.]) 4439 elif test "x$withval" != "xno" ; then 4440 if test ! -z "$external_path_file" ; then 4441 AC_MSG_WARN([ 4442--with-default-path=PATH will only be used if PATH is not defined in 4443$external_path_file .]) 4444 fi 4445 user_path="$withval" 4446 SERVER_PATH_MSG="$withval" 4447 fi 4448 ], 4449 [ if test "x$external_path_file" = "x/etc/login.conf" ; then 4450 AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf]) 4451 else 4452 if test ! -z "$external_path_file" ; then 4453 AC_MSG_WARN([ 4454If PATH is defined in $external_path_file, ensure the path to scp is included, 4455otherwise scp will not work.]) 4456 fi 4457 AC_RUN_IFELSE( 4458 [AC_LANG_PROGRAM([[ 4459/* find out what STDPATH is */ 4460#include <stdio.h> 4461#ifdef HAVE_PATHS_H 4462# include <paths.h> 4463#endif 4464#ifndef _PATH_STDPATH 4465# ifdef _PATH_USERPATH /* Irix */ 4466# define _PATH_STDPATH _PATH_USERPATH 4467# else 4468# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin" 4469# endif 4470#endif 4471#include <sys/types.h> 4472#include <sys/stat.h> 4473#include <fcntl.h> 4474#define DATA "conftest.stdpath" 4475 ]], [[ 4476 FILE *fd; 4477 int rc; 4478 4479 fd = fopen(DATA,"w"); 4480 if(fd == NULL) 4481 exit(1); 4482 4483 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 4484 exit(1); 4485 4486 exit(0); 4487 ]])], 4488 [ user_path=`cat conftest.stdpath` ], 4489 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 4490 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 4491 ) 4492# make sure $bindir is in USER_PATH so scp will work 4493 t_bindir="${bindir}" 4494 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do 4495 t_bindir=`eval echo ${t_bindir}` 4496 case $t_bindir in 4497 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 4498 esac 4499 case $t_bindir in 4500 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 4501 esac 4502 done 4503 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 4504 if test $? -ne 0 ; then 4505 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 4506 if test $? -ne 0 ; then 4507 user_path=$user_path:$t_bindir 4508 AC_MSG_RESULT([Adding $t_bindir to USER_PATH so scp will work]) 4509 fi 4510 fi 4511 fi ] 4512) 4513if test "x$external_path_file" != "x/etc/login.conf" ; then 4514 AC_DEFINE_UNQUOTED([USER_PATH], ["$user_path"], [Specify default $PATH]) 4515 AC_SUBST([user_path]) 4516fi 4517 4518# Set superuser path separately to user path 4519AC_ARG_WITH([superuser-path], 4520 [ --with-superuser-path= Specify different path for super-user], 4521 [ 4522 if test -n "$withval" && test "x$withval" != "xno" && \ 4523 test "x${withval}" != "xyes"; then 4524 AC_DEFINE_UNQUOTED([SUPERUSER_PATH], ["$withval"], 4525 [Define if you want a different $PATH 4526 for the superuser]) 4527 superuser_path=$withval 4528 fi 4529 ] 4530) 4531 4532 4533AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) 4534IPV4_IN6_HACK_MSG="no" 4535AC_ARG_WITH(4in6, 4536 [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], 4537 [ 4538 if test "x$withval" != "xno" ; then 4539 AC_MSG_RESULT([yes]) 4540 AC_DEFINE([IPV4_IN_IPV6], [1], 4541 [Detect IPv4 in IPv6 mapped addresses 4542 and treat as IPv4]) 4543 IPV4_IN6_HACK_MSG="yes" 4544 else 4545 AC_MSG_RESULT([no]) 4546 fi 4547 ], [ 4548 if test "x$inet6_default_4in6" = "xyes"; then 4549 AC_MSG_RESULT([yes (default)]) 4550 AC_DEFINE([IPV4_IN_IPV6]) 4551 IPV4_IN6_HACK_MSG="yes" 4552 else 4553 AC_MSG_RESULT([no (default)]) 4554 fi 4555 ] 4556) 4557 4558# Whether to enable BSD auth support 4559BSD_AUTH_MSG=no 4560AC_ARG_WITH([bsd-auth], 4561 [ --with-bsd-auth Enable BSD auth support], 4562 [ 4563 if test "x$withval" != "xno" ; then 4564 AC_DEFINE([BSD_AUTH], [1], 4565 [Define if you have BSD auth support]) 4566 BSD_AUTH_MSG=yes 4567 fi 4568 ] 4569) 4570 4571# Where to place sshd.pid 4572piddir=/var/run 4573# make sure the directory exists 4574if test ! -d $piddir ; then 4575 piddir=`eval echo ${sysconfdir}` 4576 case $piddir in 4577 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 4578 esac 4579fi 4580 4581AC_ARG_WITH([pid-dir], 4582 [ --with-pid-dir=PATH Specify location of ssh.pid file], 4583 [ 4584 if test -n "$withval" && test "x$withval" != "xno" && \ 4585 test "x${withval}" != "xyes"; then 4586 piddir=$withval 4587 if test ! -d $piddir ; then 4588 AC_MSG_WARN([** no $piddir directory on this system **]) 4589 fi 4590 fi 4591 ] 4592) 4593 4594AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], 4595 [Specify location of ssh.pid]) 4596AC_SUBST([piddir]) 4597 4598dnl allow user to disable some login recording features 4599AC_ARG_ENABLE([lastlog], 4600 [ --disable-lastlog disable use of lastlog even if detected [no]], 4601 [ 4602 if test "x$enableval" = "xno" ; then 4603 AC_DEFINE([DISABLE_LASTLOG]) 4604 fi 4605 ] 4606) 4607AC_ARG_ENABLE([utmp], 4608 [ --disable-utmp disable use of utmp even if detected [no]], 4609 [ 4610 if test "x$enableval" = "xno" ; then 4611 AC_DEFINE([DISABLE_UTMP]) 4612 fi 4613 ] 4614) 4615AC_ARG_ENABLE([utmpx], 4616 [ --disable-utmpx disable use of utmpx even if detected [no]], 4617 [ 4618 if test "x$enableval" = "xno" ; then 4619 AC_DEFINE([DISABLE_UTMPX], [1], 4620 [Define if you don't want to use utmpx]) 4621 fi 4622 ] 4623) 4624AC_ARG_ENABLE([wtmp], 4625 [ --disable-wtmp disable use of wtmp even if detected [no]], 4626 [ 4627 if test "x$enableval" = "xno" ; then 4628 AC_DEFINE([DISABLE_WTMP]) 4629 fi 4630 ] 4631) 4632AC_ARG_ENABLE([wtmpx], 4633 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 4634 [ 4635 if test "x$enableval" = "xno" ; then 4636 AC_DEFINE([DISABLE_WTMPX], [1], 4637 [Define if you don't want to use wtmpx]) 4638 fi 4639 ] 4640) 4641AC_ARG_ENABLE([libutil], 4642 [ --disable-libutil disable use of libutil (login() etc.) [no]], 4643 [ 4644 if test "x$enableval" = "xno" ; then 4645 AC_DEFINE([DISABLE_LOGIN]) 4646 fi 4647 ] 4648) 4649AC_ARG_ENABLE([pututline], 4650 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 4651 [ 4652 if test "x$enableval" = "xno" ; then 4653 AC_DEFINE([DISABLE_PUTUTLINE], [1], 4654 [Define if you don't want to use pututline() 4655 etc. to write [uw]tmp]) 4656 fi 4657 ] 4658) 4659AC_ARG_ENABLE([pututxline], 4660 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 4661 [ 4662 if test "x$enableval" = "xno" ; then 4663 AC_DEFINE([DISABLE_PUTUTXLINE], [1], 4664 [Define if you don't want to use pututxline() 4665 etc. to write [uw]tmpx]) 4666 fi 4667 ] 4668) 4669AC_ARG_WITH([lastlog], 4670 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 4671 [ 4672 if test "x$withval" = "xno" ; then 4673 AC_DEFINE([DISABLE_LASTLOG]) 4674 elif test -n "$withval" && test "x${withval}" != "xyes"; then 4675 conf_lastlog_location=$withval 4676 fi 4677 ] 4678) 4679 4680dnl lastlog, [uw]tmpx? detection 4681dnl NOTE: set the paths in the platform section to avoid the 4682dnl need for command-line parameters 4683dnl lastlog and [uw]tmp are subject to a file search if all else fails 4684 4685dnl lastlog detection 4686dnl NOTE: the code itself will detect if lastlog is a directory 4687AC_MSG_CHECKING([if your system defines LASTLOG_FILE]) 4688AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4689#include <sys/types.h> 4690#include <utmp.h> 4691#ifdef HAVE_LASTLOG_H 4692# include <lastlog.h> 4693#endif 4694#ifdef HAVE_PATHS_H 4695# include <paths.h> 4696#endif 4697#ifdef HAVE_LOGIN_H 4698# include <login.h> 4699#endif 4700 ]], [[ char *lastlog = LASTLOG_FILE; ]])], 4701 [ AC_MSG_RESULT([yes]) ], 4702 [ 4703 AC_MSG_RESULT([no]) 4704 AC_MSG_CHECKING([if your system defines _PATH_LASTLOG]) 4705 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4706#include <sys/types.h> 4707#include <utmp.h> 4708#ifdef HAVE_LASTLOG_H 4709# include <lastlog.h> 4710#endif 4711#ifdef HAVE_PATHS_H 4712# include <paths.h> 4713#endif 4714 ]], [[ char *lastlog = _PATH_LASTLOG; ]])], 4715 [ AC_MSG_RESULT([yes]) ], 4716 [ 4717 AC_MSG_RESULT([no]) 4718 system_lastlog_path=no 4719 ]) 4720]) 4721 4722if test -z "$conf_lastlog_location"; then 4723 if test x"$system_lastlog_path" = x"no" ; then 4724 for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do 4725 if (test -d "$f" || test -f "$f") ; then 4726 conf_lastlog_location=$f 4727 fi 4728 done 4729 if test -z "$conf_lastlog_location"; then 4730 AC_MSG_WARN([** Cannot find lastlog **]) 4731 dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx 4732 fi 4733 fi 4734fi 4735 4736if test -n "$conf_lastlog_location"; then 4737 AC_DEFINE_UNQUOTED([CONF_LASTLOG_FILE], ["$conf_lastlog_location"], 4738 [Define if you want to specify the path to your lastlog file]) 4739fi 4740 4741dnl utmp detection 4742AC_MSG_CHECKING([if your system defines UTMP_FILE]) 4743AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4744#include <sys/types.h> 4745#include <utmp.h> 4746#ifdef HAVE_PATHS_H 4747# include <paths.h> 4748#endif 4749 ]], [[ char *utmp = UTMP_FILE; ]])], 4750 [ AC_MSG_RESULT([yes]) ], 4751 [ AC_MSG_RESULT([no]) 4752 system_utmp_path=no 4753]) 4754if test -z "$conf_utmp_location"; then 4755 if test x"$system_utmp_path" = x"no" ; then 4756 for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do 4757 if test -f $f ; then 4758 conf_utmp_location=$f 4759 fi 4760 done 4761 if test -z "$conf_utmp_location"; then 4762 AC_DEFINE([DISABLE_UTMP]) 4763 fi 4764 fi 4765fi 4766if test -n "$conf_utmp_location"; then 4767 AC_DEFINE_UNQUOTED([CONF_UTMP_FILE], ["$conf_utmp_location"], 4768 [Define if you want to specify the path to your utmp file]) 4769fi 4770 4771dnl wtmp detection 4772AC_MSG_CHECKING([if your system defines WTMP_FILE]) 4773AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4774#include <sys/types.h> 4775#include <utmp.h> 4776#ifdef HAVE_PATHS_H 4777# include <paths.h> 4778#endif 4779 ]], [[ char *wtmp = WTMP_FILE; ]])], 4780 [ AC_MSG_RESULT([yes]) ], 4781 [ AC_MSG_RESULT([no]) 4782 system_wtmp_path=no 4783]) 4784if test -z "$conf_wtmp_location"; then 4785 if test x"$system_wtmp_path" = x"no" ; then 4786 for f in /usr/adm/wtmp /var/log/wtmp; do 4787 if test -f $f ; then 4788 conf_wtmp_location=$f 4789 fi 4790 done 4791 if test -z "$conf_wtmp_location"; then 4792 AC_DEFINE([DISABLE_WTMP]) 4793 fi 4794 fi 4795fi 4796if test -n "$conf_wtmp_location"; then 4797 AC_DEFINE_UNQUOTED([CONF_WTMP_FILE], ["$conf_wtmp_location"], 4798 [Define if you want to specify the path to your wtmp file]) 4799fi 4800 4801dnl wtmpx detection 4802AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 4803AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 4804#include <sys/types.h> 4805#include <utmp.h> 4806#ifdef HAVE_UTMPX_H 4807#include <utmpx.h> 4808#endif 4809#ifdef HAVE_PATHS_H 4810# include <paths.h> 4811#endif 4812 ]], [[ char *wtmpx = WTMPX_FILE; ]])], 4813 [ AC_MSG_RESULT([yes]) ], 4814 [ AC_MSG_RESULT([no]) 4815 system_wtmpx_path=no 4816]) 4817if test -z "$conf_wtmpx_location"; then 4818 if test x"$system_wtmpx_path" = x"no" ; then 4819 AC_DEFINE([DISABLE_WTMPX]) 4820 fi 4821else 4822 AC_DEFINE_UNQUOTED([CONF_WTMPX_FILE], ["$conf_wtmpx_location"], 4823 [Define if you want to specify the path to your wtmpx file]) 4824fi 4825 4826 4827if test ! -z "$blibpath" ; then 4828 LDFLAGS="$LDFLAGS $blibflags$blibpath" 4829 AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) 4830fi 4831 4832AC_CHECK_MEMBER([struct lastlog.ll_line], [], [ 4833 if test x$SKIP_DISABLE_LASTLOG_DEFINE != "xyes" ; then 4834 AC_DEFINE([DISABLE_LASTLOG]) 4835 fi 4836 ], [ 4837#ifdef HAVE_SYS_TYPES_H 4838#include <sys/types.h> 4839#endif 4840#ifdef HAVE_UTMP_H 4841#include <utmp.h> 4842#endif 4843#ifdef HAVE_UTMPX_H 4844#include <utmpx.h> 4845#endif 4846#ifdef HAVE_LASTLOG_H 4847#include <lastlog.h> 4848#endif 4849 ]) 4850 4851AC_CHECK_MEMBER([struct utmp.ut_line], [], [ 4852 AC_DEFINE([DISABLE_UTMP]) 4853 AC_DEFINE([DISABLE_WTMP]) 4854 ], [ 4855#ifdef HAVE_SYS_TYPES_H 4856#include <sys/types.h> 4857#endif 4858#ifdef HAVE_UTMP_H 4859#include <utmp.h> 4860#endif 4861#ifdef HAVE_UTMPX_H 4862#include <utmpx.h> 4863#endif 4864#ifdef HAVE_LASTLOG_H 4865#include <lastlog.h> 4866#endif 4867 ]) 4868 4869dnl Adding -Werror to CFLAGS early prevents configure tests from running. 4870dnl Add now. 4871CFLAGS="$CFLAGS $werror_flags" 4872 4873if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then 4874 TEST_SSH_IPV6=no 4875else 4876 TEST_SSH_IPV6=yes 4877fi 4878AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) 4879AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) 4880AC_SUBST([TEST_MALLOC_OPTIONS], [$TEST_MALLOC_OPTIONS]) 4881AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) 4882 4883AC_EXEEXT 4884AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ 4885 openbsd-compat/Makefile openbsd-compat/regress/Makefile \ 4886 survey.sh]) 4887AC_OUTPUT 4888 4889# Print summary of options 4890 4891# Someone please show me a better way :) 4892A=`eval echo ${prefix}` ; A=`eval echo ${A}` 4893B=`eval echo ${bindir}` ; B=`eval echo ${B}` 4894C=`eval echo ${sbindir}` ; C=`eval echo ${C}` 4895D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` 4896E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}` 4897F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` 4898G=`eval echo ${piddir}` ; G=`eval echo ${G}` 4899H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}` 4900I=`eval echo ${user_path}` ; I=`eval echo ${I}` 4901J=`eval echo ${superuser_path}` ; J=`eval echo ${J}` 4902 4903echo "" 4904echo "OpenSSH has been configured with the following options:" 4905echo " User binaries: $B" 4906echo " System binaries: $C" 4907echo " Configuration files: $D" 4908echo " Askpass program: $E" 4909echo " Manual pages: $F" 4910echo " PID file: $G" 4911echo " Privilege separation chroot path: $H" 4912if test "x$external_path_file" = "x/etc/login.conf" ; then 4913echo " At runtime, sshd will use the path defined in $external_path_file" 4914echo " Make sure the path to scp is present, otherwise scp will not work" 4915else 4916echo " sshd default user PATH: $I" 4917 if test ! -z "$external_path_file"; then 4918echo " (If PATH is set in $external_path_file it will be used instead. If" 4919echo " used, ensure the path to scp is present, otherwise scp will not work.)" 4920 fi 4921fi 4922if test ! -z "$superuser_path" ; then 4923echo " sshd superuser user PATH: $J" 4924fi 4925echo " Manpage format: $MANTYPE" 4926echo " PAM support: $PAM_MSG" 4927echo " OSF SIA support: $SIA_MSG" 4928echo " KerberosV support: $KRB5_MSG" 4929echo " SELinux support: $SELINUX_MSG" 4930echo " Smartcard support: $SCARD_MSG" 4931echo " S/KEY support: $SKEY_MSG" 4932echo " MD5 password support: $MD5_MSG" 4933echo " libedit support: $LIBEDIT_MSG" 4934echo " Solaris process contract support: $SPC_MSG" 4935echo " Solaris project support: $SP_MSG" 4936echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" 4937echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" 4938echo " BSD Auth support: $BSD_AUTH_MSG" 4939echo " Random number source: $RAND_MSG" 4940echo " Privsep sandbox style: $SANDBOX_STYLE" 4941 4942echo "" 4943 4944echo " Host: ${host}" 4945echo " Compiler: ${CC}" 4946echo " Compiler flags: ${CFLAGS}" 4947echo "Preprocessor flags: ${CPPFLAGS}" 4948echo " Linker flags: ${LDFLAGS}" 4949echo " Libraries: ${LIBS}" 4950if test ! -z "${SSHDLIBS}"; then 4951echo " +for sshd: ${SSHDLIBS}" 4952fi 4953if test ! -z "${SSHLIBS}"; then 4954echo " +for ssh: ${SSHLIBS}" 4955fi 4956 4957echo "" 4958 4959if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then 4960 echo "SVR4 style packages are supported with \"make package\"" 4961 echo "" 4962fi 4963 4964if test "x$PAM_MSG" = "xyes" ; then 4965 echo "PAM is enabled. You may need to install a PAM control file " 4966 echo "for sshd, otherwise password authentication may fail. " 4967 echo "Example PAM control files can be found in the contrib/ " 4968 echo "subdirectory" 4969 echo "" 4970fi 4971 4972if test ! -z "$NO_PEERCHECK" ; then 4973 echo "WARNING: the operating system that you are using does not" 4974 echo "appear to support getpeereid(), getpeerucred() or the" 4975 echo "SO_PEERCRED getsockopt() option. These facilities are used to" 4976 echo "enforce security checks to prevent unauthorised connections to" 4977 echo "ssh-agent. Their absence increases the risk that a malicious" 4978 echo "user can connect to your agent." 4979 echo "" 4980fi 4981 4982if test "$AUDIT_MODULE" = "bsm" ; then 4983 echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." 4984 echo "See the Solaris section in README.platform for details." 4985fi 4986