diff options
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 94 |
1 files changed, 80 insertions, 14 deletions
diff --git a/configure.ac b/configure.ac index 1457b8a89..a704fc7ff 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: configure.ac,v 1.489 2012/04/19 11:46:38 djm Exp $ | 1 | # $Id: configure.ac,v 1.496 2012/07/06 01:49:29 djm Exp $ |
2 | # | 2 | # |
3 | # Copyright (c) 1999-2004 Damien Miller | 3 | # Copyright (c) 1999-2004 Damien Miller |
4 | # | 4 | # |
@@ -15,7 +15,7 @@ | |||
15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
16 | 16 | ||
17 | AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) | 17 | AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) |
18 | AC_REVISION($Revision: 1.489 $) | 18 | AC_REVISION($Revision: 1.496 $) |
19 | AC_CONFIG_SRCDIR([ssh.c]) | 19 | AC_CONFIG_SRCDIR([ssh.c]) |
20 | AC_LANG([C]) | 20 | AC_LANG([C]) |
21 | 21 | ||
@@ -686,7 +686,8 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | |||
686 | AC_DEFINE([SSH_TUN_PREPEND_AF], [1], | 686 | AC_DEFINE([SSH_TUN_PREPEND_AF], [1], |
687 | [Prepend the address family to IP tunnel traffic]) | 687 | [Prepend the address family to IP tunnel traffic]) |
688 | fi | 688 | fi |
689 | AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h]) | 689 | AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], |
690 | [], [#include <linux/types.h>]) | ||
690 | AC_CHECK_FUNCS([prctl]) | 691 | AC_CHECK_FUNCS([prctl]) |
691 | have_seccomp_audit_arch=1 | 692 | have_seccomp_audit_arch=1 |
692 | case "$host" in | 693 | case "$host" in |
@@ -1410,7 +1411,7 @@ AC_ARG_WITH([libedit], | |||
1410 | [ --with-libedit[[=PATH]] Enable libedit support for sftp], | 1411 | [ --with-libedit[[=PATH]] Enable libedit support for sftp], |
1411 | [ if test "x$withval" != "xno" ; then | 1412 | [ if test "x$withval" != "xno" ; then |
1412 | if test "x$withval" = "xyes" ; then | 1413 | if test "x$withval" = "xyes" ; then |
1413 | AC_PATH_PROG([PKGCONFIG], [pkg-config], [no]) | 1414 | AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) |
1414 | if test "x$PKGCONFIG" != "xno"; then | 1415 | if test "x$PKGCONFIG" != "xno"; then |
1415 | AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) | 1416 | AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) |
1416 | if "$PKGCONFIG" libedit; then | 1417 | if "$PKGCONFIG" libedit; then |
@@ -1570,6 +1571,7 @@ AC_CHECK_FUNCS([ \ | |||
1570 | seteuid \ | 1571 | seteuid \ |
1571 | setgroupent \ | 1572 | setgroupent \ |
1572 | setgroups \ | 1573 | setgroups \ |
1574 | setlinebuf \ | ||
1573 | setlogin \ | 1575 | setlogin \ |
1574 | setpassent\ | 1576 | setpassent\ |
1575 | setpcred \ | 1577 | setpcred \ |
@@ -2575,6 +2577,64 @@ AC_ARG_WITH([sandbox], | |||
2575 | fi | 2577 | fi |
2576 | ] | 2578 | ] |
2577 | ) | 2579 | ) |
2580 | |||
2581 | # Some platforms (seems to be the ones that have a kernel poll(2)-type | ||
2582 | # function with which they implement select(2)) use an extra file descriptor | ||
2583 | # when calling select(2), which means we can't use the rlimit sandbox. | ||
2584 | AC_MSG_CHECKING([if select works with descriptor rlimit]) | ||
2585 | AC_RUN_IFELSE( | ||
2586 | [AC_LANG_PROGRAM([[ | ||
2587 | #include <sys/types.h> | ||
2588 | #ifdef HAVE_SYS_TIME_H | ||
2589 | # include <sys/time.h> | ||
2590 | #endif | ||
2591 | #include <sys/resource.h> | ||
2592 | #ifdef HAVE_SYS_SELECT_H | ||
2593 | # include <sys/select.h> | ||
2594 | #endif | ||
2595 | #include <errno.h> | ||
2596 | #include <fcntl.h> | ||
2597 | #include <stdlib.h> | ||
2598 | ]],[[ | ||
2599 | struct rlimit rl_zero; | ||
2600 | int fd, r; | ||
2601 | fd_set fds; | ||
2602 | |||
2603 | fd = open("/dev/null", O_RDONLY); | ||
2604 | FD_ZERO(&fds); | ||
2605 | FD_SET(fd, &fds); | ||
2606 | rl_zero.rlim_cur = rl_zero.rlim_max = 0; | ||
2607 | setrlimit(RLIMIT_FSIZE, &rl_zero); | ||
2608 | setrlimit(RLIMIT_NOFILE, &rl_zero); | ||
2609 | r = select(fd+1, &fds, NULL, NULL, NULL); | ||
2610 | exit (r == -1 ? 1 : 0); | ||
2611 | ]])], | ||
2612 | [AC_MSG_RESULT([yes]) | ||
2613 | select_works_with_rlimit=yes], | ||
2614 | [AC_MSG_RESULT([no]) | ||
2615 | select_works_with_rlimit=no], | ||
2616 | [AC_MSG_WARN([cross compiling: assuming yes])] | ||
2617 | ) | ||
2618 | |||
2619 | AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) | ||
2620 | AC_RUN_IFELSE( | ||
2621 | [AC_LANG_PROGRAM([[ | ||
2622 | #include <sys/types.h> | ||
2623 | #include <sys/resource.h> | ||
2624 | #include <stdlib.h> | ||
2625 | ]],[[ | ||
2626 | struct rlimit rl_zero; | ||
2627 | |||
2628 | rl_zero.rlim_cur = rl_zero.rlim_max = 0; | ||
2629 | exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); | ||
2630 | ]])], | ||
2631 | [AC_MSG_RESULT([yes])], | ||
2632 | [AC_MSG_RESULT([no]) | ||
2633 | AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, | ||
2634 | [setrlimit RLIMIT_FSIZE works])], | ||
2635 | [AC_MSG_WARN([cross compiling: assuming yes])] | ||
2636 | ) | ||
2637 | |||
2578 | if test "x$sandbox_arg" = "xsystrace" || \ | 2638 | if test "x$sandbox_arg" = "xsystrace" || \ |
2579 | ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then | 2639 | ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then |
2580 | test "x$have_systr_policy_kill" != "x1" && \ | 2640 | test "x$have_systr_policy_kill" != "x1" && \ |
@@ -2591,7 +2651,7 @@ elif test "x$sandbox_arg" = "xdarwin" || \ | |||
2591 | AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) | 2651 | AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) |
2592 | elif test "x$sandbox_arg" = "xseccomp_filter" || \ | 2652 | elif test "x$sandbox_arg" = "xseccomp_filter" || \ |
2593 | ( test -z "$sandbox_arg" && \ | 2653 | ( test -z "$sandbox_arg" && \ |
2594 | test "x$have_seccomp_filter" == "x1" && \ | 2654 | test "x$have_seccomp_filter" = "x1" && \ |
2595 | test "x$ac_cv_header_linux_audit_h" = "xyes" && \ | 2655 | test "x$ac_cv_header_linux_audit_h" = "xyes" && \ |
2596 | test "x$have_seccomp_audit_arch" = "x1" && \ | 2656 | test "x$have_seccomp_audit_arch" = "x1" && \ |
2597 | test "x$have_linux_no_new_privs" = "x1" && \ | 2657 | test "x$have_linux_no_new_privs" = "x1" && \ |
@@ -2607,9 +2667,12 @@ elif test "x$sandbox_arg" = "xseccomp_filter" || \ | |||
2607 | SANDBOX_STYLE="seccomp_filter" | 2667 | SANDBOX_STYLE="seccomp_filter" |
2608 | AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) | 2668 | AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) |
2609 | elif test "x$sandbox_arg" = "xrlimit" || \ | 2669 | elif test "x$sandbox_arg" = "xrlimit" || \ |
2610 | ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then | 2670 | ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ |
2671 | test "x$select_works_with_rlimit" == "xyes" ) ; then | ||
2611 | test "x$ac_cv_func_setrlimit" != "xyes" && \ | 2672 | test "x$ac_cv_func_setrlimit" != "xyes" && \ |
2612 | AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) | 2673 | AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) |
2674 | test "x$select_works_with_rlimit" != "xyes" && \ | ||
2675 | AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) | ||
2613 | SANDBOX_STYLE="rlimit" | 2676 | SANDBOX_STYLE="rlimit" |
2614 | AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) | 2677 | AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) |
2615 | elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ | 2678 | elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ |
@@ -3234,7 +3297,7 @@ fi | |||
3234 | 3297 | ||
3235 | AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) | 3298 | AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) |
3236 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ | 3299 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ |
3237 | #include <sys/types.h> | 3300 | #include <sys/param.h> |
3238 | #include <sys/stat.h> | 3301 | #include <sys/stat.h> |
3239 | #ifdef HAVE_SYS_TIME_H | 3302 | #ifdef HAVE_SYS_TIME_H |
3240 | # include <sys/time.h> | 3303 | # include <sys/time.h> |
@@ -3942,13 +4005,16 @@ otherwise scp will not work.]) | |||
3942 | [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] | 4005 | [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] |
3943 | ) | 4006 | ) |
3944 | # make sure $bindir is in USER_PATH so scp will work | 4007 | # make sure $bindir is in USER_PATH so scp will work |
3945 | t_bindir=`eval echo ${bindir}` | 4008 | t_bindir="${bindir}" |
3946 | case $t_bindir in | 4009 | while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do |
3947 | NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; | 4010 | t_bindir=`eval echo ${t_bindir}` |
3948 | esac | 4011 | case $t_bindir in |
3949 | case $t_bindir in | 4012 | NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; |
3950 | NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; | 4013 | esac |
3951 | esac | 4014 | case $t_bindir in |
4015 | NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; | ||
4016 | esac | ||
4017 | done | ||
3952 | echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 | 4018 | echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 |
3953 | if test $? -ne 0 ; then | 4019 | if test $? -ne 0 ; then |
3954 | echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 | 4020 | echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 |