supported by bsd-setproctitle.c])
AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
[AIX 5.2 and 5.3 (and presumably newer) require this])
+ AC_DEFINE(PTY_ZEROREAD, 1, [read(1) can return 0 for a non-closed fd])
;;
*-*-cygwin*)
check_for_libcrypt_later=1
AC_DEFINE(BROKEN_SETREGID)
AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
[Define if your resolver libs need this for getrrsetbyname])
+ AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
+ AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
+ [Use tunnel device compatibility to OpenBSD])
+ AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
+ [Prepend the address family to IP tunnel traffic])
;;
*-*-hpux*)
# first we define all of the options common to all HP-UX releases
AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
AC_DEFINE(DISABLE_LASTLOG)
+ AC_DEFINE(SSHD_ACQUIRES_CTTY)
+ enable_etc_default_login=no # has incompatible /etc/default/login
;;
*-*-ultrix*)
AC_CHECK_HEADERS( \
bstring.h \
crypt.h \
+ crypto/sha2.h \
dirent.h \
endian.h \
features.h \
iaf.h \
limits.h \
login.h \
- login_cap.h \
maillock.h \
ndir.h \
+ net/if_tun.h \
netdb.h \
netgroup.h \
pam/pam_appl.h \
readpassphrase.h \
rpc/types.h \
security/pam_appl.h \
+ sha2.h \
shadow.h \
stddef.h \
stdint.h \
#endif
])
+# login_cap.h requires sys/types.h on NetBSD
+AC_CHECK_HEADERS(login_cap.h, [], [], [
+#include <sys/types.h>
+])
+
# Checks for libraries.
AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt))
# Check for g.gl_matchc glob() extension
AC_MSG_CHECKING(for gl_matchc field in glob_t)
-AC_EGREP_CPP(FOUNDIT,
- [
- #include <glob.h>
- int main(void){glob_t g; g.gl_matchc = 1;}
- ],
+AC_TRY_COMPILE(
+ [ #include <glob.h> ],
+ [glob_t g; g.gl_matchc = 1;],
[
AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
[Define if your system glob() function has
]
)
+AC_ARG_WITH(ssl-engine,
+ [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
+ [ if test "x$withval" != "xno" ; then
+ AC_MSG_CHECKING(for OpenSSL ENGINE support)
+ AC_TRY_COMPILE(
+ [ #include <openssl/engine.h>],
+ [
+int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();}
+ ],
+ [ AC_MSG_RESULT(yes)
+ AC_DEFINE(USE_OPENSSL_ENGINE, 1,
+ [Enable OpenSSL engine support])
+ ],
+ [ AC_MSG_ERROR(OpenSSL ENGINE support not found)]
+ )
+ fi ]
+)
+
# Check for OpenSSL without EVP_aes_{192,256}_cbc
AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
AC_COMPILE_IFELSE(
AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
fi
+# Search for SHA256 support in libc and/or OpenSSL
+AC_CHECK_FUNCS(SHA256_Update EVP_sha256)
+
AC_CHECK_LIB(iaf, ia_openinfo)
### Configure cryptographic random number support
#define __USE_ISOC99
#include <limits.h>
#define DATA "conftest.llminmax"
+#define my_abs(a) ((a) < 0 ? ((a) * -1) : (a))
+
+/*
+ * printf in libc on some platforms (eg old Tru64) does not understand %lld so
+ * we do this the hard way.
+ */
+static int
+fprint_ll(FILE *f, long long n)
+{
+ unsigned int i;
+ int l[sizeof(long long) * 8];
+
+ if (n < 0)
+ if (fprintf(f, "-") < 0)
+ return -1;
+ for (i = 0; n != 0; i++) {
+ l[i] = my_abs(n % 10);
+ n /= 10;
+ }
+ do {
+ if (fprintf(f, "%d", l[--i]) < 0)
+ return -1;
+ } while (i != 0);
+ if (fprintf(f, " ") < 0)
+ return -1;
+ return 0;
+}
+
int main(void) {
FILE *f;
long long i, llmin, llmax = 0;
/* Sanity check */
if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
- || llmax - 1 > llmax) {
+ || llmax - 1 > llmax || llmin == llmax || llmin == 0
+ || llmax == 0 || llmax < LONG_MAX || llmin > LONG_MIN) {
fprintf(f, "unknown unknown\n");
exit(2);
}
- if (fprintf(f ,"%lld %lld", llmin, llmax) < 0)
+ if (fprint_ll(f, llmin) < 0)
exit(3);
-
+ if (fprint_ll(f, llmax) < 0)
+ exit(4);
+ if (fclose(f) < 0)
+ exit(5);
exit(0);
}
]])],
llong_min=`$AWK '{print $1}' conftest.llminmax`
llong_max=`$AWK '{print $2}' conftest.llminmax`
- # snprintf on some Tru64s doesn't understand "%lld"
- case "$host" in
- alpha-dec-osf*)
- if test "x$ac_cv_sizeof_long_long_int" = "x8" &&
- test "x$llong_max" = "xld"; then
- llong_min="-9223372036854775808"
- llong_max="9223372036854775807"
- fi
- ;;
- esac
-
AC_MSG_RESULT($llong_max)
AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
[max value of long long calculated by configure])
[#include <arpa/nameser.h>])
])
+# Check whether user wants SELinux support
+SELINUX_MSG="no"
+LIBSELINUX=""
+AC_ARG_WITH(selinux,
+ [ --with-selinux Enable SELinux support],
+ [ if test "x$withval" != "xno" ; then
+ AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
+ SELINUX_MSG="yes"
+ AC_CHECK_HEADER([selinux/selinux.h], ,
+ AC_MSG_ERROR(SELinux support requires selinux.h header))
+ AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
+ AC_MSG_ERROR(SELinux support requires libselinux library))
+ AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
+ fi ]
+)
+AC_SUBST(LIBSELINUX)
+
# Check whether user wants Kerberos 5 support
KRB5_MSG="no"
AC_ARG_WITH(kerberos5,
AC_EXEEXT
AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
- scard/Makefile ssh_prng_cmds survey.sh])
+ openbsd-compat/regress/Makefile scard/Makefile ssh_prng_cmds survey.sh])
AC_OUTPUT
# Print summary of options
echo " Manpage format: $MANTYPE"
echo " PAM support: $PAM_MSG"
echo " KerberosV support: $KRB5_MSG"
+echo " SELinux support: $SELINUX_MSG"
echo " Smartcard support: $SCARD_MSG"
echo " S/KEY support: $SKEY_MSG"
echo " TCP Wrappers support: $TCPW_MSG"