diff options
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 94 |
1 files changed, 80 insertions, 14 deletions
diff --git a/configure.ac b/configure.ac index cdf24bc1f..f3718537f 100644 --- a/configure.ac +++ b/configure.ac | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $Id: configure.ac,v 1.489 2012/04/19 11:46:38 djm Exp $ | 1 | # $Id: configure.ac,v 1.496 2012/07/06 01:49:29 djm Exp $ |
| 2 | # | 2 | # |
| 3 | # Copyright (c) 1999-2004 Damien Miller | 3 | # Copyright (c) 1999-2004 Damien Miller |
| 4 | # | 4 | # |
| @@ -15,7 +15,7 @@ | |||
| 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| 16 | 16 | ||
| 17 | AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) | 17 | AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) |
| 18 | AC_REVISION($Revision: 1.489 $) | 18 | AC_REVISION($Revision: 1.496 $) |
| 19 | AC_CONFIG_SRCDIR([ssh.c]) | 19 | AC_CONFIG_SRCDIR([ssh.c]) |
| 20 | AC_LANG([C]) | 20 | AC_LANG([C]) |
| 21 | 21 | ||
| @@ -710,7 +710,8 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | |||
| 710 | AC_DEFINE([SSH_TUN_PREPEND_AF], [1], | 710 | AC_DEFINE([SSH_TUN_PREPEND_AF], [1], |
| 711 | [Prepend the address family to IP tunnel traffic]) | 711 | [Prepend the address family to IP tunnel traffic]) |
| 712 | fi | 712 | fi |
| 713 | AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h]) | 713 | AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], |
| 714 | [], [#include <linux/types.h>]) | ||
| 714 | AC_CHECK_FUNCS([prctl]) | 715 | AC_CHECK_FUNCS([prctl]) |
| 715 | have_seccomp_audit_arch=1 | 716 | have_seccomp_audit_arch=1 |
| 716 | case "$host" in | 717 | case "$host" in |
| @@ -1434,7 +1435,7 @@ AC_ARG_WITH([libedit], | |||
| 1434 | [ --with-libedit[[=PATH]] Enable libedit support for sftp], | 1435 | [ --with-libedit[[=PATH]] Enable libedit support for sftp], |
| 1435 | [ if test "x$withval" != "xno" ; then | 1436 | [ if test "x$withval" != "xno" ; then |
| 1436 | if test "x$withval" = "xyes" ; then | 1437 | if test "x$withval" = "xyes" ; then |
| 1437 | AC_PATH_PROG([PKGCONFIG], [pkg-config], [no]) | 1438 | AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) |
| 1438 | if test "x$PKGCONFIG" != "xno"; then | 1439 | if test "x$PKGCONFIG" != "xno"; then |
| 1439 | AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) | 1440 | AC_MSG_CHECKING([if $PKGCONFIG knows about libedit]) |
| 1440 | if "$PKGCONFIG" libedit; then | 1441 | if "$PKGCONFIG" libedit; then |
| @@ -1594,6 +1595,7 @@ AC_CHECK_FUNCS([ \ | |||
| 1594 | seteuid \ | 1595 | seteuid \ |
| 1595 | setgroupent \ | 1596 | setgroupent \ |
| 1596 | setgroups \ | 1597 | setgroups \ |
| 1598 | setlinebuf \ | ||
| 1597 | setlogin \ | 1599 | setlogin \ |
| 1598 | setpassent\ | 1600 | setpassent\ |
| 1599 | setpcred \ | 1601 | setpcred \ |
| @@ -2599,6 +2601,64 @@ AC_ARG_WITH([sandbox], | |||
| 2599 | fi | 2601 | fi |
| 2600 | ] | 2602 | ] |
| 2601 | ) | 2603 | ) |
| 2604 | |||
| 2605 | # Some platforms (seems to be the ones that have a kernel poll(2)-type | ||
| 2606 | # function with which they implement select(2)) use an extra file descriptor | ||
| 2607 | # when calling select(2), which means we can't use the rlimit sandbox. | ||
| 2608 | AC_MSG_CHECKING([if select works with descriptor rlimit]) | ||
| 2609 | AC_RUN_IFELSE( | ||
| 2610 | [AC_LANG_PROGRAM([[ | ||
| 2611 | #include <sys/types.h> | ||
| 2612 | #ifdef HAVE_SYS_TIME_H | ||
| 2613 | # include <sys/time.h> | ||
| 2614 | #endif | ||
| 2615 | #include <sys/resource.h> | ||
| 2616 | #ifdef HAVE_SYS_SELECT_H | ||
| 2617 | # include <sys/select.h> | ||
| 2618 | #endif | ||
| 2619 | #include <errno.h> | ||
| 2620 | #include <fcntl.h> | ||
| 2621 | #include <stdlib.h> | ||
| 2622 | ]],[[ | ||
| 2623 | struct rlimit rl_zero; | ||
| 2624 | int fd, r; | ||
| 2625 | fd_set fds; | ||
| 2626 | |||
| 2627 | fd = open("/dev/null", O_RDONLY); | ||
| 2628 | FD_ZERO(&fds); | ||
| 2629 | FD_SET(fd, &fds); | ||
| 2630 | rl_zero.rlim_cur = rl_zero.rlim_max = 0; | ||
| 2631 | setrlimit(RLIMIT_FSIZE, &rl_zero); | ||
| 2632 | setrlimit(RLIMIT_NOFILE, &rl_zero); | ||
| 2633 | r = select(fd+1, &fds, NULL, NULL, NULL); | ||
| 2634 | exit (r == -1 ? 1 : 0); | ||
| 2635 | ]])], | ||
| 2636 | [AC_MSG_RESULT([yes]) | ||
| 2637 | select_works_with_rlimit=yes], | ||
| 2638 | [AC_MSG_RESULT([no]) | ||
| 2639 | select_works_with_rlimit=no], | ||
| 2640 | [AC_MSG_WARN([cross compiling: assuming yes])] | ||
| 2641 | ) | ||
| 2642 | |||
| 2643 | AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) | ||
| 2644 | AC_RUN_IFELSE( | ||
| 2645 | [AC_LANG_PROGRAM([[ | ||
| 2646 | #include <sys/types.h> | ||
| 2647 | #include <sys/resource.h> | ||
| 2648 | #include <stdlib.h> | ||
| 2649 | ]],[[ | ||
| 2650 | struct rlimit rl_zero; | ||
| 2651 | |||
| 2652 | rl_zero.rlim_cur = rl_zero.rlim_max = 0; | ||
| 2653 | exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); | ||
| 2654 | ]])], | ||
| 2655 | [AC_MSG_RESULT([yes])], | ||
| 2656 | [AC_MSG_RESULT([no]) | ||
| 2657 | AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, | ||
| 2658 | [setrlimit RLIMIT_FSIZE works])], | ||
| 2659 | [AC_MSG_WARN([cross compiling: assuming yes])] | ||
| 2660 | ) | ||
| 2661 | |||
| 2602 | if test "x$sandbox_arg" = "xsystrace" || \ | 2662 | if test "x$sandbox_arg" = "xsystrace" || \ |
| 2603 | ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then | 2663 | ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then |
| 2604 | test "x$have_systr_policy_kill" != "x1" && \ | 2664 | test "x$have_systr_policy_kill" != "x1" && \ |
| @@ -2615,7 +2675,7 @@ elif test "x$sandbox_arg" = "xdarwin" || \ | |||
| 2615 | AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) | 2675 | AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) |
| 2616 | elif test "x$sandbox_arg" = "xseccomp_filter" || \ | 2676 | elif test "x$sandbox_arg" = "xseccomp_filter" || \ |
| 2617 | ( test -z "$sandbox_arg" && \ | 2677 | ( test -z "$sandbox_arg" && \ |
| 2618 | test "x$have_seccomp_filter" == "x1" && \ | 2678 | test "x$have_seccomp_filter" = "x1" && \ |
| 2619 | test "x$ac_cv_header_linux_audit_h" = "xyes" && \ | 2679 | test "x$ac_cv_header_linux_audit_h" = "xyes" && \ |
| 2620 | test "x$have_seccomp_audit_arch" = "x1" && \ | 2680 | test "x$have_seccomp_audit_arch" = "x1" && \ |
| 2621 | test "x$have_linux_no_new_privs" = "x1" && \ | 2681 | test "x$have_linux_no_new_privs" = "x1" && \ |
| @@ -2631,9 +2691,12 @@ elif test "x$sandbox_arg" = "xseccomp_filter" || \ | |||
| 2631 | SANDBOX_STYLE="seccomp_filter" | 2691 | SANDBOX_STYLE="seccomp_filter" |
| 2632 | AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) | 2692 | AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) |
| 2633 | elif test "x$sandbox_arg" = "xrlimit" || \ | 2693 | elif test "x$sandbox_arg" = "xrlimit" || \ |
| 2634 | ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then | 2694 | ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ |
| 2695 | test "x$select_works_with_rlimit" == "xyes" ) ; then | ||
| 2635 | test "x$ac_cv_func_setrlimit" != "xyes" && \ | 2696 | test "x$ac_cv_func_setrlimit" != "xyes" && \ |
| 2636 | AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) | 2697 | AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) |
| 2698 | test "x$select_works_with_rlimit" != "xyes" && \ | ||
| 2699 | AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) | ||
| 2637 | SANDBOX_STYLE="rlimit" | 2700 | SANDBOX_STYLE="rlimit" |
| 2638 | AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) | 2701 | AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) |
| 2639 | elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ | 2702 | elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ |
| @@ -3258,7 +3321,7 @@ fi | |||
| 3258 | 3321 | ||
| 3259 | AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) | 3322 | AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) |
| 3260 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ | 3323 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ |
| 3261 | #include <sys/types.h> | 3324 | #include <sys/param.h> |
| 3262 | #include <sys/stat.h> | 3325 | #include <sys/stat.h> |
| 3263 | #ifdef HAVE_SYS_TIME_H | 3326 | #ifdef HAVE_SYS_TIME_H |
| 3264 | # include <sys/time.h> | 3327 | # include <sys/time.h> |
| @@ -3966,13 +4029,16 @@ otherwise scp will not work.]) | |||
| 3966 | [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] | 4029 | [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] |
| 3967 | ) | 4030 | ) |
| 3968 | # make sure $bindir is in USER_PATH so scp will work | 4031 | # make sure $bindir is in USER_PATH so scp will work |
| 3969 | t_bindir=`eval echo ${bindir}` | 4032 | t_bindir="${bindir}" |
| 3970 | case $t_bindir in | 4033 | while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do |
| 3971 | NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; | 4034 | t_bindir=`eval echo ${t_bindir}` |
| 3972 | esac | 4035 | case $t_bindir in |
| 3973 | case $t_bindir in | 4036 | NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; |
| 3974 | NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; | 4037 | esac |
| 3975 | esac | 4038 | case $t_bindir in |
| 4039 | NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; | ||
| 4040 | esac | ||
| 4041 | done | ||
| 3976 | echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 | 4042 | echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 |
| 3977 | if test $? -ne 0 ; then | 4043 | if test $? -ne 0 ; then |
| 3978 | echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 | 4044 | echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 |