AC_CONFIG_SRCDIR([ssh.c])
AC_CONFIG_HEADER(config.h)
+
AC_PROG_CC
AC_CANONICAL_HOST
AC_C_BIGENDIAN
AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
+use_stack_protector=1
+AC_ARG_WITH(stackprotect,
+ [ --without-stackprotect Don't use compiler's stack protection], [
+ if test "x$withval" = "xno"; then
+ use_stack_protector=0
+ fi ])
+
if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
CFLAGS="$CFLAGS -Wall -Wpointer-arith"
GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
no_attrib_nonnull=1
;;
2.*) no_attrib_nonnull=1 ;;
- 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
- 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
+ 3.*) CFLAGS="$CFLAGS -Wsign-compare -Wformat-security" ;;
+ 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign -Wformat-security" ;;
*) ;;
esac
+ AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset)
+ saved_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -fno-builtin-memset"
+ AC_LINK_IFELSE( [AC_LANG_SOURCE([[
+#include <string.h>
+int main(void){char b[10]; memset(b, 0, sizeof(b));}
+ ]])],
+ [ AC_MSG_RESULT(yes) ],
+ [ AC_MSG_RESULT(no)
+ CFLAGS="$saved_CFLAGS" ]
+)
+
+ # -fstack-protector-all doesn't always work for some GCC versions
+ # and/or platforms, so we test if we can. If it's not supported
+ # on a given platform gcc will emit a warning so we use -Werror.
+ if test "x$use_stack_protector" = "x1"; then
+ for t in -fstack-protector-all -fstack-protector; do
+ AC_MSG_CHECKING(if $CC supports $t)
+ saved_CFLAGS="$CFLAGS"
+ saved_LDFLAGS="$LDFLAGS"
+ CFLAGS="$CFLAGS $t -Werror"
+ LDFLAGS="$LDFLAGS $t -Werror"
+ AC_LINK_IFELSE(
+ [AC_LANG_SOURCE([
+#include <stdio.h>
+int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
+ ])],
+ [ AC_MSG_RESULT(yes)
+ CFLAGS="$saved_CFLAGS $t"
+ LDFLAGS="$saved_LDFLAGS $t"
+ AC_MSG_CHECKING(if $t works)
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([
+#include <stdio.h>
+int main(void){char x[[256]]; snprintf(x, sizeof(x), "XXX"); return 0;}
+ ])],
+ [ AC_MSG_RESULT(yes)
+ break ],
+ [ AC_MSG_RESULT(no) ],
+ [ AC_MSG_WARN([cross compiling: cannot test])
+ break ]
+ )
+ ],
+ [ AC_MSG_RESULT(no) ]
+ )
+ CFLAGS="$saved_CFLAGS"
+ LDFLAGS="$saved_LDFLAGS"
+ done
+ fi
+
if test -z "$have_llong_max"; then
# retry LLONG_MAX with -std=gnu99, needed on some Linuxes
unset ac_cv_have_decl_LLONG_MAX
sys/cdefs.h \
sys/dir.h \
sys/mman.h \
+ sys/mount.h \
sys/ndir.h \
+ sys/poll.h \
sys/prctl.h \
sys/pstat.h \
sys/select.h \
sys/stream.h \
sys/stropts.h \
sys/strtio.h \
+ sys/statvfs.h \
sys/sysmacros.h \
sys/time.h \
sys/timers.h \
[],
[#include <usersec.h>]
)
- AC_CHECK_FUNCS(setauthdb)
+ AC_CHECK_FUNCS(getgrset setauthdb)
AC_CHECK_DECL(F_CLOSEM,
AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
[],
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_SETREUID)
AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE(BROKEN_GLOB, 1, [OS X glob does not do what we expect])
AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
[Define if your resolver libs need this for getrrsetbyname])
AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
[Use tunnel device compatibility to OpenBSD])
AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
[Prepend the address family to IP tunnel traffic])
+ m4_pattern_allow(AU_IPv)
+ AC_CHECK_DECL(AU_IPv4, [],
+ AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
+ [#include <bsm/audit.h>]
+ AC_DEFINE(LASTLOG_WRITE_PUTUTXLINE, 1,
+ [Define if pututxline updates lastlog too])
+ )
AC_MSG_CHECKING(if we have the Security Authorization Session API)
AC_TRY_COMPILE([#include <Security/AuthSession.h>],
[SessionCreate(0, 0);],
fi],
[AC_MSG_RESULT(no)]
)
- ;;
+ ;;
*-*-dragonfly*)
SSHDLIBS="$SSHDLIBS -lcrypt"
;;
AC_DEFINE(WITH_ABBREV_NO_TTY)
AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
;;
+*-*-k*bsd*-gnu | *-*-kopensolaris*-gnu)
+ check_for_libcrypt_later=1
+ AC_DEFINE(PAM_TTY_KLUDGE)
+ AC_DEFINE(LOCKED_PASSWD_PREFIX, "!")
+ AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
+ AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
+ AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
+ ;;
*-*-linux*)
no_dev_ptmx=1
check_for_libcrypt_later=1
check_for_openpty_ctty_bug=1
- AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
AC_DEFINE(PAM_TTY_KLUDGE, 1,
[Work around problematic Linux PAM modules handling of PAM_TTY])
AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
AC_CHECK_HEADER([net/if_tap.h], ,
AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
+ AC_DEFINE(BROKEN_GLOB, 1, [FreeBSD glob does not do what we need])
;;
*-*-bsdi*)
AC_DEFINE(SETEUID_BREAKS_SETUID)
;;
# UnixWare 7.x, OpenUNIX 8
*-*-sysv5*)
- check_for_libcrypt_later=1
AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
AC_DEFINE(USE_PIPES)
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_LIBIAF, 1,
[ia_uinfo routines not supported by OS yet])
AC_DEFINE(BROKEN_UPDWTMPX)
+ AC_CHECK_LIB(prot, getluid,[ LIBS="$LIBS -lprot"
+ AC_CHECK_FUNCS(getluid setluid,,,-lprot)
+ AC_DEFINE(HAVE_SECUREWARE)
+ AC_DEFINE(DISABLE_SHADOW)
+ ],,)
;;
*) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
+ check_for_libcrypt_later=1
;;
esac
;;
AC_DEFINE(SETEUID_BREAKS_SETUID)
AC_DEFINE(BROKEN_SETREUID)
AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE(BROKEN_READV_COMPARISON, 1, [Can't do comparisons on readv])
;;
*-*-nto-qnx*)
AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
AC_DEFINE(DISABLE_LASTLOG)
AC_DEFINE(SSHD_ACQUIRES_CTTY)
+ AC_DEFINE(BROKEN_SHADOW_EXPIRE, 1, [QNX shadow support is broken])
enable_etc_default_login=no # has incompatible /etc/default/login
case "$host" in
*-*-nto-qnx6*)
AC_CHECK_HEADERS(libutil.h)
AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
[Define if your libraries define login()])])
-AC_CHECK_FUNCS(logout updwtmp logwtmp)
+AC_CHECK_FUNCS(fmt_scaled logout updwtmp logwtmp)
AC_FUNC_STRFTIME
fi
. ./gpt_build_temp.sh
if test -n "${need_dash_r}"; then
- GSI_LDFLAGS="-L${gsi_path}/lib -R{gsi_path}/lib"
+ GSI_LDFLAGS="-L${gsi_path}/lib -R${gsi_path}/lib"
else
GSI_LDFLAGS="-L${gsi_path}/lib"
fi
AC_DEFINE(HAVE_GSSAPI_H)
- LIBS="$LIBS $GSI_LIBS"
+ LIBS="$LIBS $GSI_LIBS $GPT_CONFIG_LIBS"
LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
- CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS"
+ CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS $GPT_CONFIG_INCLUDES"
+ CFLAGS="$CFLAGS $GPT_CONFIG_CFLAGS"
AC_MSG_CHECKING(that Globus linkline works)
# test that we got the libraries OK
AC_CHECK_FUNCS(getaudit, [],
[AC_MSG_ERROR(BSM enabled and required function not found)])
# These are optional
- AC_CHECK_FUNCS(getaudit_addr)
+ AC_CHECK_FUNCS(getaudit_addr aug_get_machine)
AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
;;
debug)
dnl Checks for library functions. Please keep in alphabetical order
AC_CHECK_FUNCS( \
arc4random \
+ arc4random_buf \
+ arc4random_uniform \
asprintf \
b64_ntop \
__b64_ntop \
fchmod \
fchown \
freeaddrinfo \
+ fstatvfs \
futimes \
getaddrinfo \
getcwd \
sigvec \
snprintf \
socketpair \
+ statfs \
+ statvfs \
strdup \
strerror \
strlcat \
dnl Checks for utmpx functions
AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
AC_CHECK_FUNCS(setutxent utmpxname)
+dnl Checks for lastlog functions
+AC_CHECK_FUNCS(getlastlogxbyname)
AC_CHECK_FUNC(daemon,
[AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
saved_LIBS="$LIBS"
AC_CHECK_LIB(iaf, ia_openinfo, [
LIBS="$LIBS -liaf"
- AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"])
+ AC_CHECK_FUNCS(set_id, [SSHDLIBS="$SSHDLIBS -liaf"
+ AC_DEFINE(HAVE_LIBIAF, 1,
+ [Define if system has libiaf that supports set_id])
+ ])
])
LIBS="$saved_LIBS"
TYPE_SOCKLEN_T
AC_CHECK_TYPES(sig_atomic_t,,,[#include <signal.h>])
+AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t],,,[
+#include <sys/types.h>
+#ifdef HAVE_SYS_BITYPES_H
+#include <sys/bitypes.h>
+#endif
+#ifdef HAVE_SYS_STATFS_H
+#include <sys/statfs.h>
+#endif
+#ifdef HAVE_SYS_STATVFS_H
+#include <sys/statvfs.h>
+#endif
+])
AC_CHECK_TYPES(in_addr_t,,,
[#include <sys/types.h>
if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
[define if you have struct in6_addr data type])
+
+dnl Now check for sin6_scope_id
+ AC_CHECK_MEMBERS([struct sockaddr_in6.sin6_scope_id],,,
+ [
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#include <netinet/in.h>
+ ])
fi
AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
file descriptor passing])
fi
+AC_MSG_CHECKING(if f_fsid has val members)
+AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <sys/statvfs.h>],
+[struct fsid_t t; t.val[0] = 0;],
+ [ AC_MSG_RESULT(yes)
+ AC_DEFINE(FSID_HAS_VAL, 1, f_fsid has members) ],
+ [ AC_MSG_RESULT(no) ]
+)
+
AC_CACHE_CHECK([for msg_control field in struct msghdr],
ac_cv_have_control_in_msghdr, [
AC_COMPILE_IFELSE(
SELINUX_MSG="no"
LIBSELINUX=""
AC_ARG_WITH(selinux,
- [ --with-selinux Enable SELinux support],
+ [ --with-selinux Enable SELinux support],
[ if test "x$withval" != "xno" ; then
save_LIBS="$LIBS"
AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
)
AC_SEARCH_LIBS(dn_expand, resolv)
- AC_CHECK_LIB(gssapi,gss_init_sec_context,
+ AC_CHECK_LIB(gssapi_krb5, gss_init_sec_context,
[ AC_DEFINE(GSSAPI)
- K5LIBS="-lgssapi $K5LIBS" ],
- [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
+ K5LIBS="-lgssapi_krb5 $K5LIBS" ],
+ [ AC_CHECK_LIB(gssapi, gss_init_sec_context,
[ AC_DEFINE(GSSAPI)
- K5LIBS="-lgssapi_krb5 $K5LIBS" ],
+ K5LIBS="-lgssapi $K5LIBS" ],
AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
$K5LIBS)
],
]
)
+# strip causes problems with GSI libraries...
+if test -z "$GSI_LIBS" ; then
STRIP_OPT=-s
+fi
AC_ARG_ENABLE(strip,
[ --disable-strip Disable calling strip(1) on install],
[
AC_SUBST(XAUTH_PATH)
fi
-AC_CHECK_DECL(_PATH_BSHELL, ,
- AC_DEFINE_UNQUOTED(_PATH_BSHELL, "/bin/sh",
- [Define to your C shell if not defined in paths.h]),
- [ #include <paths.h> ]
-)
-
-AC_CHECK_DECL(_PATH_CSHELL, ,
- AC_DEFINE_UNQUOTED(_PATH_CSHELL, "/bin/csh",
- [Define to your Bourne shell if not defined in paths.h]),
- [ #include <paths.h> ]
-)
-
-AC_CHECK_DECL(_PATH_SHELLS, ,
- AC_DEFINE_UNQUOTED(_PATH_SHELLS, "/etc/shells",
- [Define to your shells file if not defined in paths.h]),
- [ #include <paths.h> ]
-)
-
-# if _PATH_MAILDIR is in paths.h then we won't go hunting for it.
-AC_CHECK_DECL(_PATH_MAILDIR,
- AC_DEFINE(PATH_MAILDIR_IN_PATHS_H, 1,
- [Define if _PATH_MAILDIR is in paths.h]),
- ,
- [ #include <paths.h> ]
-)
-
# Check for mail directory (last resort if we cannot get it from headers)
if test ! -z "$MAIL" ; then
maildir=`dirname $MAIL`
dnl Add now.
CFLAGS="$CFLAGS $werror_flags"
+if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
+ test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
+ AC_SUBST(TEST_SSH_IPV6, no)
+else
+ AC_SUBST(TEST_SSH_IPV6, yes)
+fi
+
AC_EXEEXT
AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
openbsd-compat/Makefile openbsd-compat/regress/Makefile \
andersk / gssapi-openssh.git / blobdiff