diff options
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 94 |
1 files changed, 80 insertions, 14 deletions
diff --git a/configure.ac b/configure.ac index 1457b8a89..a704fc7ff 100644 --- a/configure.ac +++ b/configure.ac | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $Id: configure.ac,v 1.489 2012/04/19 11:46:38 djm Exp $ | 1 | # $Id: configure.ac,v 1.496 2012/07/06 01:49:29 djm Exp $ |
| 2 | # | 2 | # |
| 3 | # Copyright (c) 1999-2004 Damien Miller | 3 | # Copyright (c) 1999-2004 Damien Miller |
| 4 | # | 4 | # |
| @@ -15,7 +15,7 @@ | |||
| 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| 16 | 16 | ||
| 17 | AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) | 17 | AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) |
| 18 | AC_REVISION($Revision: 1.489 $) | 18 | AC_REVISION($Revision: 1.496 $) |
| 19 | AC_CONFIG_SRCDIR([ssh.c]) | 19 | AC_CONFIG_SRCDIR([ssh.c]) |
| 20 | AC_LANG([C]) | 20 | AC_LANG([C]) |
| 21 | 21 | ||
| @@ -686,7 +686,8 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | |||
| 686 | AC_DEFINE([SSH_TUN_PREPEND_AF], [1], | 686 | AC_DEFINE([SSH_TUN_PREPEND_AF], [1], |
| 687 | [Prepend the address family to IP tunnel traffic]) | 687 | [Prepend the address family to IP tunnel traffic]) |
| 688 | fi | 688 | fi |
| 689 | AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h]) | 689 | AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], |
| 690 | [], [#include <linux/types.h>]) | ||
| 690 | AC_CHECK_FUNCS([prctl]) | 691 | AC_CHECK_FUNCS([prctl]) |
| 691 | have_seccomp_audit_arch=1 | 692 | have_seccomp_audit_arch=1 |
| 692 | case "$host" in | 693 | case "$host" in |
| @@ -1410,7 +1411,7 @@ AC_ARG_WITH([libedit], | |||
| 1410 | [ --with-libedit[[=PATH]] Enable libedit support for sftp], | 1411 | [ --with-libedit[[=PATH]] Enable libedit support for sftp], |
| 1411 | [ if test "x$withval" != "xno" ; then | 1412 | [ if test "x$withval" != "xno" ; then |
| 1412 | if test "x$withval" = "xyes" ; then | 1413 | if test "x$withval" = "xyes" ; then |
| 1413 | AC_PATH_PROG([PKGCONFIG], [pkg-config], [no]) | 1414 | AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) |
| 1414 | if test "x$PKGCONFIG" != "xno"; then | 1415 | if test "x$PKGCONFIG" != "xno"; then |
| 1415 | AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) | 1416 | AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) |
| 1416 | if "$PKGCONFIG" libedit; then | 1417 | if "$PKGCONFIG" libedit; then |
| @@ -1570,6 +1571,7 @@ AC_CHECK_FUNCS([ \ | |||
| 1570 | seteuid \ | 1571 | seteuid \ |
| 1571 | setgroupent \ | 1572 | setgroupent \ |
| 1572 | setgroups \ | 1573 | setgroups \ |
| 1574 | setlinebuf \ | ||
| 1573 | setlogin \ | 1575 | setlogin \ |
| 1574 | setpassent\ | 1576 | setpassent\ |
| 1575 | setpcred \ | 1577 | setpcred \ |
| @@ -2575,6 +2577,64 @@ AC_ARG_WITH([sandbox], | |||
| 2575 | fi | 2577 | fi |
| 2576 | ] | 2578 | ] |
| 2577 | ) | 2579 | ) |
| 2580 | |||
| 2581 | # Some platforms (seems to be the ones that have a kernel poll(2)-type | ||
| 2582 | # function with which they implement select(2)) use an extra file descriptor | ||
| 2583 | # when calling select(2), which means we can't use the rlimit sandbox. | ||
| 2584 | AC_MSG_CHECKING([if select works with descriptor rlimit]) | ||
| 2585 | AC_RUN_IFELSE( | ||
| 2586 | [AC_LANG_PROGRAM([[ | ||
| 2587 | #include <sys/types.h> | ||
| 2588 | #ifdef HAVE_SYS_TIME_H | ||
| 2589 | # include <sys/time.h> | ||
| 2590 | #endif | ||
| 2591 | #include <sys/resource.h> | ||
| 2592 | #ifdef HAVE_SYS_SELECT_H | ||
| 2593 | # include <sys/select.h> | ||
| 2594 | #endif | ||
| 2595 | #include <errno.h> | ||
| 2596 | #include <fcntl.h> | ||
| 2597 | #include <stdlib.h> | ||
| 2598 | ]],[[ | ||
| 2599 | struct rlimit rl_zero; | ||
| 2600 | int fd, r; | ||
| 2601 | fd_set fds; | ||
| 2602 | |||
| 2603 | fd = open("/dev/null", O_RDONLY); | ||
| 2604 | FD_ZERO(&fds); | ||
| 2605 | FD_SET(fd, &fds); | ||
| 2606 | rl_zero.rlim_cur = rl_zero.rlim_max = 0; | ||
| 2607 | setrlimit(RLIMIT_FSIZE, &rl_zero); | ||
| 2608 | setrlimit(RLIMIT_NOFILE, &rl_zero); | ||
| 2609 | r = select(fd+1, &fds, NULL, NULL, NULL); | ||
| 2610 | exit (r == -1 ? 1 : 0); | ||
| 2611 | ]])], | ||
| 2612 | [AC_MSG_RESULT([yes]) | ||
| 2613 | select_works_with_rlimit=yes], | ||
| 2614 | [AC_MSG_RESULT([no]) | ||
| 2615 | select_works_with_rlimit=no], | ||
| 2616 | [AC_MSG_WARN([cross compiling: assuming yes])] | ||
| 2617 | ) | ||
| 2618 | |||
| 2619 | AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) | ||
| 2620 | AC_RUN_IFELSE( | ||
| 2621 | [AC_LANG_PROGRAM([[ | ||
| 2622 | #include <sys/types.h> | ||
| 2623 | #include <sys/resource.h> | ||
| 2624 | #include <stdlib.h> | ||
| 2625 | ]],[[ | ||
| 2626 | struct rlimit rl_zero; | ||
| 2627 | |||
| 2628 | rl_zero.rlim_cur = rl_zero.rlim_max = 0; | ||
| 2629 | exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); | ||
| 2630 | ]])], | ||
| 2631 | [AC_MSG_RESULT([yes])], | ||
| 2632 | [AC_MSG_RESULT([no]) | ||
| 2633 | AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, | ||
| 2634 | [setrlimit RLIMIT_FSIZE works])], | ||
| 2635 | [AC_MSG_WARN([cross compiling: assuming yes])] | ||
| 2636 | ) | ||
| 2637 | |||
| 2578 | if test "x$sandbox_arg" = "xsystrace" || \ | 2638 | if test "x$sandbox_arg" = "xsystrace" || \ |
| 2579 | ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then | 2639 | ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then |
| 2580 | test "x$have_systr_policy_kill" != "x1" && \ | 2640 | test "x$have_systr_policy_kill" != "x1" && \ |
| @@ -2591,7 +2651,7 @@ elif test "x$sandbox_arg" = "xdarwin" || \ | |||
| 2591 | AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) | 2651 | AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) |
| 2592 | elif test "x$sandbox_arg" = "xseccomp_filter" || \ | 2652 | elif test "x$sandbox_arg" = "xseccomp_filter" || \ |
| 2593 | ( test -z "$sandbox_arg" && \ | 2653 | ( test -z "$sandbox_arg" && \ |
| 2594 | test "x$have_seccomp_filter" == "x1" && \ | 2654 | test "x$have_seccomp_filter" = "x1" && \ |
| 2595 | test "x$ac_cv_header_linux_audit_h" = "xyes" && \ | 2655 | test "x$ac_cv_header_linux_audit_h" = "xyes" && \ |
| 2596 | test "x$have_seccomp_audit_arch" = "x1" && \ | 2656 | test "x$have_seccomp_audit_arch" = "x1" && \ |
| 2597 | test "x$have_linux_no_new_privs" = "x1" && \ | 2657 | test "x$have_linux_no_new_privs" = "x1" && \ |
| @@ -2607,9 +2667,12 @@ elif test "x$sandbox_arg" = "xseccomp_filter" || \ | |||
| 2607 | SANDBOX_STYLE="seccomp_filter" | 2667 | SANDBOX_STYLE="seccomp_filter" |
| 2608 | AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) | 2668 | AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) |
| 2609 | elif test "x$sandbox_arg" = "xrlimit" || \ | 2669 | elif test "x$sandbox_arg" = "xrlimit" || \ |
| 2610 | ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then | 2670 | ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ |
| 2671 | test "x$select_works_with_rlimit" == "xyes" ) ; then | ||
| 2611 | test "x$ac_cv_func_setrlimit" != "xyes" && \ | 2672 | test "x$ac_cv_func_setrlimit" != "xyes" && \ |
| 2612 | AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) | 2673 | AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) |
| 2674 | test "x$select_works_with_rlimit" != "xyes" && \ | ||
| 2675 | AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) | ||
| 2613 | SANDBOX_STYLE="rlimit" | 2676 | SANDBOX_STYLE="rlimit" |
| 2614 | AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) | 2677 | AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) |
| 2615 | elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ | 2678 | elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ |
| @@ -3234,7 +3297,7 @@ fi | |||
| 3234 | 3297 | ||
| 3235 | AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) | 3298 | AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) |
| 3236 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ | 3299 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ |
| 3237 | #include <sys/types.h> | 3300 | #include <sys/param.h> |
| 3238 | #include <sys/stat.h> | 3301 | #include <sys/stat.h> |
| 3239 | #ifdef HAVE_SYS_TIME_H | 3302 | #ifdef HAVE_SYS_TIME_H |
| 3240 | # include <sys/time.h> | 3303 | # include <sys/time.h> |
| @@ -3942,13 +4005,16 @@ otherwise scp will not work.]) | |||
| 3942 | [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] | 4005 | [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] |
| 3943 | ) | 4006 | ) |
| 3944 | # make sure $bindir is in USER_PATH so scp will work | 4007 | # make sure $bindir is in USER_PATH so scp will work |
| 3945 | t_bindir=`eval echo ${bindir}` | 4008 | t_bindir="${bindir}" |
| 3946 | case $t_bindir in | 4009 | while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do |
| 3947 | NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; | 4010 | t_bindir=`eval echo ${t_bindir}` |
| 3948 | esac | 4011 | case $t_bindir in |
| 3949 | case $t_bindir in | 4012 | NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; |
| 3950 | NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; | 4013 | esac |
| 3951 | esac | 4014 | case $t_bindir in |
| 4015 | NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; | ||
| 4016 | esac | ||
| 4017 | done | ||
| 3952 | echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 | 4018 | echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 |
| 3953 | if test $? -ne 0 ; then | 4019 | if test $? -ne 0 ; then |
| 3954 | echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 | 4020 | echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 |