diff options
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 124 |
1 files changed, 115 insertions, 9 deletions
diff --git a/configure.ac b/configure.ac index 58da1f167..cdf24bc1f 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: configure.ac,v 1.480 2011/08/18 04:48:24 tim Exp $ | 1 | # $Id: configure.ac,v 1.489 2012/04/19 11:46:38 djm Exp $ |
2 | # | 2 | # |
3 | # Copyright (c) 1999-2004 Damien Miller | 3 | # Copyright (c) 1999-2004 Damien Miller |
4 | # | 4 | # |
@@ -15,7 +15,7 @@ | |||
15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
16 | 16 | ||
17 | AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) | 17 | AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) |
18 | AC_REVISION($Revision: 1.480 $) | 18 | AC_REVISION($Revision: 1.489 $) |
19 | AC_CONFIG_SRCDIR([ssh.c]) | 19 | AC_CONFIG_SRCDIR([ssh.c]) |
20 | AC_LANG([C]) | 20 | AC_LANG([C]) |
21 | 21 | ||
@@ -116,6 +116,35 @@ AC_CHECK_DECL([RLIMIT_NPROC], | |||
116 | #include <sys/types.h> | 116 | #include <sys/types.h> |
117 | #include <sys/resource.h> | 117 | #include <sys/resource.h> |
118 | ]) | 118 | ]) |
119 | AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ | ||
120 | #include <sys/types.h> | ||
121 | #include <linux/prctl.h> | ||
122 | ]) | ||
123 | if test "x$have_linux_no_new_privs" = "x1" ; then | ||
124 | AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ | ||
125 | #include <sys/types.h> | ||
126 | #include <linux/seccomp.h> | ||
127 | ]) | ||
128 | fi | ||
129 | if test "x$have_seccomp_filter" = "x1" ; then | ||
130 | AC_MSG_CHECKING([kernel for seccomp_filter support]) | ||
131 | AC_RUN_IFELSE([AC_LANG_PROGRAM([[ | ||
132 | #include <errno.h> | ||
133 | #include <linux/seccomp.h> | ||
134 | #include <stdlib.h> | ||
135 | #include <sys/prctl.h> | ||
136 | ]], | ||
137 | [[ errno = 0; | ||
138 | prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); | ||
139 | exit(errno == EFAULT ? 0 : 1); ]])], | ||
140 | [ AC_MSG_RESULT([yes]) ], [ | ||
141 | AC_MSG_RESULT([no]) | ||
142 | # Disable seccomp filter as a target | ||
143 | have_seccomp_filter=0 | ||
144 | ], | ||
145 | [ AC_MSG_RESULT([cross-compiling, assuming yes]) ] | ||
146 | ) | ||
147 | fi | ||
119 | 148 | ||
120 | use_stack_protector=1 | 149 | use_stack_protector=1 |
121 | AC_ARG_WITH([stackprotect], | 150 | AC_ARG_WITH([stackprotect], |
@@ -134,6 +163,7 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then | |||
134 | OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) | 163 | OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) |
135 | OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) | 164 | OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) |
136 | OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) | 165 | OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) |
166 | OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) | ||
137 | AC_MSG_CHECKING([gcc version]) | 167 | AC_MSG_CHECKING([gcc version]) |
138 | GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` | 168 | GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` |
139 | case $GCC_VER in | 169 | case $GCC_VER in |
@@ -680,6 +710,22 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | |||
680 | AC_DEFINE([SSH_TUN_PREPEND_AF], [1], | 710 | AC_DEFINE([SSH_TUN_PREPEND_AF], [1], |
681 | [Prepend the address family to IP tunnel traffic]) | 711 | [Prepend the address family to IP tunnel traffic]) |
682 | fi | 712 | fi |
713 | AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h]) | ||
714 | AC_CHECK_FUNCS([prctl]) | ||
715 | have_seccomp_audit_arch=1 | ||
716 | case "$host" in | ||
717 | x86_64-*) | ||
718 | AC_DEFINE([SECCOMP_AUDIT_ARCH], [AUDIT_ARCH_X86_64], | ||
719 | [Specify the system call convention in use]) | ||
720 | ;; | ||
721 | i*86-*) | ||
722 | AC_DEFINE([SECCOMP_AUDIT_ARCH], [AUDIT_ARCH_I386], | ||
723 | [Specify the system call convention in use]) | ||
724 | ;; | ||
725 | *) | ||
726 | have_seccomp_audit_arch=0 | ||
727 | ;; | ||
728 | esac | ||
683 | ;; | 729 | ;; |
684 | mips-sony-bsd|mips-sony-newsos4) | 730 | mips-sony-bsd|mips-sony-newsos4) |
685 | AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) | 731 | AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to acquire controlling tty]) |
@@ -1148,9 +1194,13 @@ AC_CHECK_FUNCS([utimes], | |||
1148 | 1194 | ||
1149 | dnl Checks for libutil functions | 1195 | dnl Checks for libutil functions |
1150 | AC_CHECK_HEADERS([libutil.h]) | 1196 | AC_CHECK_HEADERS([libutil.h]) |
1151 | AC_SEARCH_LIBS([login], [util bsd], [AC_DEFINE([HAVE_LOGIN], [1], | 1197 | AC_SEARCH_LIBS([fmt_scaled], [util bsd]) |
1152 | [Define if your libraries define login()])]) | 1198 | AC_SEARCH_LIBS([login], [util bsd]) |
1153 | AC_CHECK_FUNCS([fmt_scaled logout updwtmp logwtmp]) | 1199 | AC_SEARCH_LIBS([logout], [util bsd]) |
1200 | AC_SEARCH_LIBS([logwtmp], [util bsd]) | ||
1201 | AC_SEARCH_LIBS([openpty], [util bsd]) | ||
1202 | AC_SEARCH_LIBS([updwtmp], [util bsd]) | ||
1203 | AC_CHECK_FUNCS([fmt_scaled login logout openpty updwtmp logwtmp]) | ||
1154 | 1204 | ||
1155 | AC_FUNC_STRFTIME | 1205 | AC_FUNC_STRFTIME |
1156 | 1206 | ||
@@ -1343,6 +1393,41 @@ int deny_severity = 0, allow_severity = 0; | |||
1343 | ] | 1393 | ] |
1344 | ) | 1394 | ) |
1345 | 1395 | ||
1396 | # Check whether user wants to use ldns | ||
1397 | LDNS_MSG="no" | ||
1398 | AC_ARG_WITH(ldns, | ||
1399 | [ --with-ldns[[=PATH]] Use ldns for DNSSEC support (optionally in PATH)], | ||
1400 | [ | ||
1401 | if test "x$withval" != "xno" ; then | ||
1402 | |||
1403 | if test "x$withval" != "xyes" ; then | ||
1404 | CPPFLAGS="$CPPFLAGS -I${withval}/include" | ||
1405 | LDFLAGS="$LDFLAGS -L${withval}/lib" | ||
1406 | fi | ||
1407 | |||
1408 | AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) | ||
1409 | LIBS="-lldns $LIBS" | ||
1410 | LDNS_MSG="yes" | ||
1411 | |||
1412 | AC_MSG_CHECKING([for ldns support]) | ||
1413 | AC_LINK_IFELSE( | ||
1414 | [AC_LANG_SOURCE([[ | ||
1415 | #include <stdio.h> | ||
1416 | #include <stdlib.h> | ||
1417 | #include <stdint.h> | ||
1418 | #include <ldns/ldns.h> | ||
1419 | int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } | ||
1420 | ]]) | ||
1421 | ], | ||
1422 | [AC_MSG_RESULT(yes)], | ||
1423 | [ | ||
1424 | AC_MSG_RESULT(no) | ||
1425 | AC_MSG_ERROR([** Incomplete or missing ldns libraries.]) | ||
1426 | ]) | ||
1427 | fi | ||
1428 | ] | ||
1429 | ) | ||
1430 | |||
1346 | # Check whether user wants libedit support | 1431 | # Check whether user wants libedit support |
1347 | LIBEDIT_MSG="no" | 1432 | LIBEDIT_MSG="no" |
1348 | AC_ARG_WITH([libedit], | 1433 | AC_ARG_WITH([libedit], |
@@ -1422,6 +1507,11 @@ AC_ARG_WITH([audit], | |||
1422 | # These are optional | 1507 | # These are optional |
1423 | AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) | 1508 | AC_CHECK_FUNCS([getaudit_addr aug_get_machine]) |
1424 | AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) | 1509 | AC_DEFINE([USE_BSM_AUDIT], [1], [Use BSM audit module]) |
1510 | if test "$sol2ver" -eq 11; then | ||
1511 | SSHDLIBS="$SSHDLIBS -lscf" | ||
1512 | AC_DEFINE([BROKEN_BSM_API], [1], | ||
1513 | [The system has incomplete BSM API]) | ||
1514 | fi | ||
1425 | ;; | 1515 | ;; |
1426 | linux) | 1516 | linux) |
1427 | AC_MSG_RESULT([linux]) | 1517 | AC_MSG_RESULT([linux]) |
@@ -1490,7 +1580,6 @@ AC_CHECK_FUNCS([ \ | |||
1490 | nsleep \ | 1580 | nsleep \ |
1491 | ogetaddrinfo \ | 1581 | ogetaddrinfo \ |
1492 | openlog_r \ | 1582 | openlog_r \ |
1493 | openpty \ | ||
1494 | poll \ | 1583 | poll \ |
1495 | prctl \ | 1584 | prctl \ |
1496 | pstat \ | 1585 | pstat \ |
@@ -1525,6 +1614,7 @@ AC_CHECK_FUNCS([ \ | |||
1525 | strlcat \ | 1614 | strlcat \ |
1526 | strlcpy \ | 1615 | strlcpy \ |
1527 | strmode \ | 1616 | strmode \ |
1617 | strnlen \ | ||
1528 | strnvis \ | 1618 | strnvis \ |
1529 | strptime \ | 1619 | strptime \ |
1530 | strtonum \ | 1620 | strtonum \ |
@@ -2192,7 +2282,7 @@ AC_LINK_IFELSE( | |||
2192 | ] | 2282 | ] |
2193 | ) | 2283 | ) |
2194 | 2284 | ||
2195 | AC_CHECK_FUNCS([RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method]) | 2285 | AC_CHECK_FUNCS([RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method HMAC_CTX_init]) |
2196 | 2286 | ||
2197 | AC_ARG_WITH([ssl-engine], | 2287 | AC_ARG_WITH([ssl-engine], |
2198 | [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], | 2288 | [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], |
@@ -2500,7 +2590,7 @@ AC_SUBST([SSH_PRIVSEP_USER]) | |||
2500 | # Decide which sandbox style to use | 2590 | # Decide which sandbox style to use |
2501 | sandbox_arg="" | 2591 | sandbox_arg="" |
2502 | AC_ARG_WITH([sandbox], | 2592 | AC_ARG_WITH([sandbox], |
2503 | [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace)], | 2593 | [ --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter)], |
2504 | [ | 2594 | [ |
2505 | if test "x$withval" = "xyes" ; then | 2595 | if test "x$withval" = "xyes" ; then |
2506 | sandbox_arg="" | 2596 | sandbox_arg="" |
@@ -2523,6 +2613,23 @@ elif test "x$sandbox_arg" = "xdarwin" || \ | |||
2523 | AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) | 2613 | AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) |
2524 | SANDBOX_STYLE="darwin" | 2614 | SANDBOX_STYLE="darwin" |
2525 | AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) | 2615 | AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) |
2616 | elif test "x$sandbox_arg" = "xseccomp_filter" || \ | ||
2617 | ( test -z "$sandbox_arg" && \ | ||
2618 | test "x$have_seccomp_filter" == "x1" && \ | ||
2619 | test "x$ac_cv_header_linux_audit_h" = "xyes" && \ | ||
2620 | test "x$have_seccomp_audit_arch" = "x1" && \ | ||
2621 | test "x$have_linux_no_new_privs" = "x1" && \ | ||
2622 | test "x$ac_cv_func_prctl" = "xyes" ) ; then | ||
2623 | test "x$have_seccomp_audit_arch" != "x1" && \ | ||
2624 | AC_MSG_ERROR([seccomp_filter sandbox not supported on $host]) | ||
2625 | test "x$have_linux_no_new_privs" != "x1" && \ | ||
2626 | AC_MSG_ERROR([seccomp_filter sandbox requires PR_SET_NO_NEW_PRIVS]) | ||
2627 | test "x$have_seccomp_filter" != "x1" && \ | ||
2628 | AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) | ||
2629 | test "x$ac_cv_func_prctl" != "xyes" && \ | ||
2630 | AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) | ||
2631 | SANDBOX_STYLE="seccomp_filter" | ||
2632 | AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) | ||
2526 | elif test "x$sandbox_arg" = "xrlimit" || \ | 2633 | elif test "x$sandbox_arg" = "xrlimit" || \ |
2527 | ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then | 2634 | ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then |
2528 | test "x$ac_cv_func_setrlimit" != "xyes" && \ | 2635 | test "x$ac_cv_func_setrlimit" != "xyes" && \ |
@@ -2546,7 +2653,6 @@ fi | |||
2546 | AC_CHECK_TYPES([long long, unsigned long long, long double]) | 2653 | AC_CHECK_TYPES([long long, unsigned long long, long double]) |
2547 | 2654 | ||
2548 | # Check datatype sizes | 2655 | # Check datatype sizes |
2549 | AC_CHECK_SIZEOF([char], [1]) | ||
2550 | AC_CHECK_SIZEOF([short int], [2]) | 2656 | AC_CHECK_SIZEOF([short int], [2]) |
2551 | AC_CHECK_SIZEOF([int], [4]) | 2657 | AC_CHECK_SIZEOF([int], [4]) |
2552 | AC_CHECK_SIZEOF([long int], [4]) | 2658 | AC_CHECK_SIZEOF([long int], [4]) |