]
)
+# Messages for features tested for in target-specific section
+SIA_MSG="no"
+SPC_MSG="no"
+
# Check for some target-specific stuff
case "$host" in
*-*-aix*)
blibpath="/usr/lib:/lib"
fi
saved_LDFLAGS="$LDFLAGS"
- for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
+ if test "$GCC" = "yes"; then
+ flags="-Wl,-blibpath: -Wl,-rpath, -blibpath:"
+ else
+ flags="-blibpath: -Wl,-blibpath: -Wl,-rpath,"
+ fi
+ for tryflags in $flags ;do
if (test -z "$blibflags"); then
LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
AC_TRY_LINK([], [], [blibflags=$tryflags])
[#include <usersec.h>]
)
AC_CHECK_FUNCS(setauthdb)
+ AC_CHECK_DECL(F_CLOSEM,
+ AC_DEFINE(HAVE_FCNTL_CLOSEM, 1, [Use F_CLOSEM fcntl for closefrom]),
+ [],
+ [ #include <limits.h>
+ #include <fcntl.h> ]
+ )
check_for_aix_broken_getaddrinfo=1
AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
supported by bsd-setproctitle.c])
AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
[AIX 5.2 and 5.3 (and presumably newer) require this])
+ AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
;;
*-*-cygwin*)
check_for_libcrypt_later=1
AC_DEFINE(BROKEN_SETREGID)
AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
[Define if your resolver libs need this for getrrsetbyname])
+ AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
+ AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
+ [Use tunnel device compatibility to OpenBSD])
+ AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
+ [Prepend the address family to IP tunnel traffic])
;;
*-*-hpux*)
# first we define all of the options common to all HP-UX releases
AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
+ AC_DEFINE(SYSLOG_R_SAFE_IN_SIGHAND, 1,
+ [syslog_r function is safe to use in in a signal handler])
;;
*-*-solaris*)
if test "x$withval" != "xno" ; then
AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
[Define if sshd somehow reacquires a controlling TTY
after setsid()])
+ AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd
+ in case the name is longer than 8 chars])
external_path_file=/etc/default/login
# hardwire lastlog location (can't detect it on some versions)
conf_lastlog_location="/var/adm/lastlog"
else
AC_MSG_RESULT(no)
fi
+ AC_ARG_WITH(solaris-contracts,
+ [ --with-solaris-contracts Enable Solaris process contracts (experimental)],
+ [
+ AC_CHECK_LIB(contract, ct_tmpl_activate,
+ [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
+ [Define if you have Solaris process contracts])
+ SSHDLIBS="$SSHDLIBS -lcontract"
+ AC_SUBST(SSHDLIBS)
+ SPC_MSG="yes" ], )
+ ],
+ )
;;
*-*-sunos4*)
CPPFLAGS="$CPPFLAGS -DSUNOS4"
system's login() call])
AC_DEFINE(DISABLE_FD_PASSING)
LIBS="$LIBS -lsecurity -ldb -lm -laud"
+ SIA_MSG="yes"
else
AC_MSG_RESULT(no)
AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
AC_CHECK_HEADERS( \
bstring.h \
crypt.h \
+ crypto/sha2.h \
dirent.h \
endian.h \
features.h \
+ fcntl.h \
floatingpoint.h \
getopt.h \
glob.h \
iaf.h \
limits.h \
login.h \
- login_cap.h \
maillock.h \
ndir.h \
+ net/if_tun.h \
netdb.h \
netgroup.h \
pam/pam_appl.h \
readpassphrase.h \
rpc/types.h \
security/pam_appl.h \
+ sha2.h \
shadow.h \
stddef.h \
stdint.h \
#endif
])
+# login_cap.h requires sys/types.h on NetBSD
+AC_CHECK_HEADERS(login_cap.h, [], [], [
+#include <sys/types.h>
+])
+
# Checks for libraries.
AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
# Check for g.gl_matchc glob() extension
AC_MSG_CHECKING(for gl_matchc field in glob_t)
-AC_TRY_COMPILE(FOUNDIT,
+AC_TRY_COMPILE(
[ #include <glob.h> ],
[glob_t g; g.gl_matchc = 1;],
[
]
)
+AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include <glob.h>])
+
AC_MSG_CHECKING([whether struct dirent allocates space for d_name])
AC_RUN_IFELSE(
[AC_LANG_SOURCE([[
AC_CHECK_DECLS(h_errno, , ,[#include <netdb.h>])
+AC_CHECK_DECLS(SHUT_RD, , ,
+ [
+#include <sys/types.h>
+#include <sys/socket.h>
+ ])
+
+AC_CHECK_DECLS(O_NONBLOCK, , ,
+ [
+#include <sys/types.h>
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#ifdef HAVE_FCNTL_H
+# include <fcntl.h>
+#endif
+ ])
+
+AC_CHECK_DECLS(writev, , , [
+#include <sys/types.h>
+#include <sys/uio.h>
+#include <unistd.h>
+ ])
+
AC_CHECK_FUNCS(setresuid, [
dnl Some platorms have setresuid that isn't implemented, test for this
AC_MSG_CHECKING(if setresuid seems to work)
AC_MSG_RESULT(no)
AC_DEFINE(BROKEN_GETADDRINFO)
],
+ [
AC_MSG_RESULT(cross-compiling, assuming no)
]
)
AC_FUNC_GETPGRP
-# Check for PAM libs
-PAM_MSG="no"
-AC_ARG_WITH(pam,
- [ --with-pam Enable PAM support ],
- [
- if test "x$withval" != "xno" ; then
- if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
- test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
- AC_MSG_ERROR([PAM headers not found])
- fi
-
- AC_CHECK_LIB(dl, dlopen, , )
- AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
- AC_CHECK_FUNCS(pam_getenvlist)
- AC_CHECK_FUNCS(pam_putenv)
-
- PAM_MSG="yes"
-
- AC_DEFINE(USE_PAM, 1,
- [Define if you want to enable PAM support])
- if test $ac_cv_lib_dl_dlopen = yes; then
- LIBPAM="-lpam -ldl"
- else
- LIBPAM="-lpam"
- fi
- AC_SUBST(LIBPAM)
- fi
- ]
-)
-
-# Check for older PAM
-if test "x$PAM_MSG" = "xyes" ; then
- # Check PAM strerror arguments (old PAM)
- AC_MSG_CHECKING([whether pam_strerror takes only one argument])
- AC_TRY_COMPILE(
- [
-#include <stdlib.h>
-#if defined(HAVE_SECURITY_PAM_APPL_H)
-#include <security/pam_appl.h>
-#elif defined (HAVE_PAM_PAM_APPL_H)
-#include <pam/pam_appl.h>
-#endif
- ],
- [(void)pam_strerror((pam_handle_t *)NULL, -1);],
- [AC_MSG_RESULT(no)],
- [
- AC_DEFINE(HAVE_OLD_PAM, 1,
- [Define if you have an old version of PAM
- which takes only one argument to pam_strerror])
- AC_MSG_RESULT(yes)
- PAM_MSG="yes (old library)"
- ]
- )
-fi
-
# Search for OpenSSL
saved_CPPFLAGS="$CPPFLAGS"
saved_LDFLAGS="$LDFLAGS"
]
)
+AC_MSG_CHECKING([if programs using OpenSSL functions will link])
+AC_LINK_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <openssl/evp.h>
+int main(void) { SSLeay_add_all_algorithms(); }
+ ]])],
+ [
+ AC_MSG_RESULT(yes)
+ ],
+ [
+ AC_MSG_RESULT(no)
+ saved_LIBS="$LIBS"
+ LIBS="$LIBS -ldl"
+ AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
+ AC_LINK_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <openssl/evp.h>
+int main(void) { SSLeay_add_all_algorithms(); }
+ ]])],
+ [
+ AC_MSG_RESULT(yes)
+ ],
+ [
+ AC_MSG_RESULT(no)
+ LIBS="$saved_LIBS"
+ ]
+ )
+ ]
+)
+
AC_ARG_WITH(ssl-engine,
[ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
[ if test "x$withval" != "xno" ; then
# Check for OpenSSL without EVP_aes_{192,256}_cbc
AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
-AC_COMPILE_IFELSE(
+AC_LINK_IFELSE(
[AC_LANG_SOURCE([[
#include <string.h>
#include <openssl/evp.h>
]
)
+# Check for PAM libs
+PAM_MSG="no"
+AC_ARG_WITH(pam,
+ [ --with-pam Enable PAM support ],
+ [
+ if test "x$withval" != "xno" ; then
+ if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \
+ test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then
+ AC_MSG_ERROR([PAM headers not found])
+ fi
+
+ saved_LIBS="$LIBS"
+ AC_CHECK_LIB(dl, dlopen, , )
+ AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
+ AC_CHECK_FUNCS(pam_getenvlist)
+ AC_CHECK_FUNCS(pam_putenv)
+ LIBS="$saved_LIBS"
+
+ PAM_MSG="yes"
+
+ LIBPAM="-lpam"
+ AC_DEFINE(USE_PAM, 1,
+ [Define if you want to enable PAM support])
+
+ if test $ac_cv_lib_dl_dlopen = yes; then
+ case "$LIBS" in
+ *-ldl*)
+ # libdl already in LIBS
+ ;;
+ *)
+ LIBPAM="$LIBPAM -ldl"
+ ;;
+ esac
+ fi
+ AC_SUBST(LIBPAM)
+ fi
+ ]
+)
+
+# Check for older PAM
+if test "x$PAM_MSG" = "xyes" ; then
+ # Check PAM strerror arguments (old PAM)
+ AC_MSG_CHECKING([whether pam_strerror takes only one argument])
+ AC_TRY_COMPILE(
+ [
+#include <stdlib.h>
+#if defined(HAVE_SECURITY_PAM_APPL_H)
+#include <security/pam_appl.h>
+#elif defined (HAVE_PAM_PAM_APPL_H)
+#include <pam/pam_appl.h>
+#endif
+ ],
+ [(void)pam_strerror((pam_handle_t *)NULL, -1);],
+ [AC_MSG_RESULT(no)],
+ [
+ AC_DEFINE(HAVE_OLD_PAM, 1,
+ [Define if you have an old version of PAM
+ which takes only one argument to pam_strerror])
+ AC_MSG_RESULT(yes)
+ PAM_MSG="yes (old library)"
+ ]
+ )
+fi
# Do we want to force the use of the rand helper?
AC_ARG_WITH(rand-helper,
[#include <arpa/nameser.h>])
])
+# Check whether user wants SELinux support
+SELINUX_MSG="no"
+LIBSELINUX=""
+AC_ARG_WITH(selinux,
+ [ --with-selinux Enable SELinux support],
+ [ if test "x$withval" != "xno" ; then
+ AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
+ SELINUX_MSG="yes"
+ AC_CHECK_HEADER([selinux/selinux.h], ,
+ AC_MSG_ERROR(SELinux support requires selinux.h header))
+ AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
+ AC_MSG_ERROR(SELinux support requires libselinux library))
+ AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
+ fi ]
+)
+AC_SUBST(LIBSELINUX)
+
# Check whether user wants Kerberos 5 support
KRB5_MSG="no"
AC_ARG_WITH(kerberos5,
AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
fi
-dnl remove pam and dl because they are in $LIBPAM
-if test "$PAM_MSG" = yes ; then
- LIBS=`echo $LIBS | sed 's/-lpam //'`
-fi
-if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
- LIBS=`echo $LIBS | sed 's/-ldl //'`
-fi
-
dnl Adding -Werror to CFLAGS early prevents configure tests from running.
dnl Add now.
CFLAGS="$CFLAGS $werror_flags"
fi
echo " Manpage format: $MANTYPE"
echo " PAM support: $PAM_MSG"
+echo " OSF SIA support: $SIA_MSG"
echo " KerberosV support: $KRB5_MSG"
+echo " SELinux support: $SELINUX_MSG"
echo " Smartcard support: $SCARD_MSG"
echo " S/KEY support: $SKEY_MSG"
echo " TCP Wrappers support: $TCPW_MSG"
echo " MD5 password support: $MD5_MSG"
echo " libedit support: $LIBEDIT_MSG"
+echo " Solaris process contract support: $SPC_MSG"
echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
echo " BSD Auth support: $BSD_AUTH_MSG"