summaryrefslogtreecommitdiff
path: root/configure.ac
diff options
context:
space:
mode:
Diffstat (limited to 'configure.ac')
-rw-r--r--configure.ac137
1 files changed, 108 insertions, 29 deletions
diff --git a/configure.ac b/configure.ac
index dbbd6e857..f3718537f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
1# $Id: configure.ac,v 1.489 2012/04/19 11:46:38 djm Exp $ 1# $Id: configure.ac,v 1.496 2012/07/06 01:49:29 djm Exp $
2# 2#
3# Copyright (c) 1999-2004 Damien Miller 3# Copyright (c) 1999-2004 Damien Miller
4# 4#
@@ -15,7 +15,7 @@
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 16
17AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
18AC_REVISION($Revision: 1.489 $) 18AC_REVISION($Revision: 1.496 $)
19AC_CONFIG_SRCDIR([ssh.c]) 19AC_CONFIG_SRCDIR([ssh.c])
20AC_LANG([C]) 20AC_LANG([C])
21 21
@@ -126,6 +126,25 @@ AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [
126 #include <linux/seccomp.h> 126 #include <linux/seccomp.h>
127]) 127])
128fi 128fi
129if test "x$have_seccomp_filter" = "x1" ; then
130AC_MSG_CHECKING([kernel for seccomp_filter support])
131AC_RUN_IFELSE([AC_LANG_PROGRAM([[
132 #include <errno.h>
133 #include <linux/seccomp.h>
134 #include <stdlib.h>
135 #include <sys/prctl.h>
136 ]],
137 [[ errno = 0;
138 prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0);
139 exit(errno == EFAULT ? 0 : 1); ]])],
140 [ AC_MSG_RESULT([yes]) ], [
141 AC_MSG_RESULT([no])
142 # Disable seccomp filter as a target
143 have_seccomp_filter=0
144 ],
145 [ AC_MSG_RESULT([cross-compiling, assuming yes]) ]
146)
147fi
129 148
130use_stack_protector=1 149use_stack_protector=1
131AC_ARG_WITH([stackprotect], 150AC_ARG_WITH([stackprotect],
@@ -691,7 +710,8 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
691 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 710 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
692 [Prepend the address family to IP tunnel traffic]) 711 [Prepend the address family to IP tunnel traffic])
693 fi 712 fi
694 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h]) 713 AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
714 [], [#include <linux/types.h>])
695 AC_CHECK_FUNCS([prctl]) 715 AC_CHECK_FUNCS([prctl])
696 have_seccomp_audit_arch=1 716 have_seccomp_audit_arch=1
697 case "$host" in 717 case "$host" in
@@ -1575,6 +1595,7 @@ AC_CHECK_FUNCS([ \
1575 seteuid \ 1595 seteuid \
1576 setgroupent \ 1596 setgroupent \
1577 setgroups \ 1597 setgroups \
1598 setlinebuf \
1578 setlogin \ 1599 setlogin \
1579 setpassent\ 1600 setpassent\
1580 setpcred \ 1601 setpcred \
@@ -2580,24 +2601,79 @@ AC_ARG_WITH([sandbox],
2580 fi 2601 fi
2581 ] 2602 ]
2582) 2603)
2583SANDBOX_STYLE="" 2604
2605# Some platforms (seems to be the ones that have a kernel poll(2)-type
2606# function with which they implement select(2)) use an extra file descriptor
2607# when calling select(2), which means we can't use the rlimit sandbox.
2608AC_MSG_CHECKING([if select works with descriptor rlimit])
2609AC_RUN_IFELSE(
2610 [AC_LANG_PROGRAM([[
2611#include <sys/types.h>
2612#ifdef HAVE_SYS_TIME_H
2613# include <sys/time.h>
2614#endif
2615#include <sys/resource.h>
2616#ifdef HAVE_SYS_SELECT_H
2617# include <sys/select.h>
2618#endif
2619#include <errno.h>
2620#include <fcntl.h>
2621#include <stdlib.h>
2622 ]],[[
2623 struct rlimit rl_zero;
2624 int fd, r;
2625 fd_set fds;
2626
2627 fd = open("/dev/null", O_RDONLY);
2628 FD_ZERO(&fds);
2629 FD_SET(fd, &fds);
2630 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
2631 setrlimit(RLIMIT_FSIZE, &rl_zero);
2632 setrlimit(RLIMIT_NOFILE, &rl_zero);
2633 r = select(fd+1, &fds, NULL, NULL, NULL);
2634 exit (r == -1 ? 1 : 0);
2635 ]])],
2636 [AC_MSG_RESULT([yes])
2637 select_works_with_rlimit=yes],
2638 [AC_MSG_RESULT([no])
2639 select_works_with_rlimit=no],
2640 [AC_MSG_WARN([cross compiling: assuming yes])]
2641)
2642
2643AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works])
2644AC_RUN_IFELSE(
2645 [AC_LANG_PROGRAM([[
2646#include <sys/types.h>
2647#include <sys/resource.h>
2648#include <stdlib.h>
2649 ]],[[
2650 struct rlimit rl_zero;
2651
2652 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
2653 exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0);
2654 ]])],
2655 [AC_MSG_RESULT([yes])],
2656 [AC_MSG_RESULT([no])
2657 AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1,
2658 [setrlimit RLIMIT_FSIZE works])],
2659 [AC_MSG_WARN([cross compiling: assuming yes])]
2660)
2661
2584if test "x$sandbox_arg" = "xsystrace" || \ 2662if test "x$sandbox_arg" = "xsystrace" || \
2585 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then 2663 ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then
2586 test "x$have_systr_policy_kill" != "x1" && \ 2664 test "x$have_systr_policy_kill" != "x1" && \
2587 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) 2665 AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support])
2588 SANDBOX_STYLE="$SANDBOX_STYLE systrace" 2666 SANDBOX_STYLE="systrace"
2589 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) 2667 AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)])
2590fi 2668elif test "x$sandbox_arg" = "xdarwin" || \
2591if test "x$sandbox_arg" = "xdarwin" || \
2592 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ 2669 ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \
2593 test "x$ac_cv_header_sandbox_h" = "xyes") ; then 2670 test "x$ac_cv_header_sandbox_h" = "xyes") ; then
2594 test "x$ac_cv_func_sandbox_init" != "xyes" -o \ 2671 test "x$ac_cv_func_sandbox_init" != "xyes" -o \
2595 "x$ac_cv_header_sandbox_h" != "xyes" && \ 2672 "x$ac_cv_header_sandbox_h" != "xyes" && \
2596 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) 2673 AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function])
2597 SANDBOX_STYLE="$SANDBOX_STYLE darwin" 2674 SANDBOX_STYLE="darwin"
2598 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) 2675 AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)])
2599fi 2676elif test "x$sandbox_arg" = "xseccomp_filter" || \
2600if test "x$sandbox_arg" = "xseccomp_filter" || \
2601 ( test -z "$sandbox_arg" && \ 2677 ( test -z "$sandbox_arg" && \
2602 test "x$have_seccomp_filter" = "x1" && \ 2678 test "x$have_seccomp_filter" = "x1" && \
2603 test "x$ac_cv_header_linux_audit_h" = "xyes" && \ 2679 test "x$ac_cv_header_linux_audit_h" = "xyes" && \
@@ -2612,24 +2688,24 @@ if test "x$sandbox_arg" = "xseccomp_filter" || \
2612 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) 2688 AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers])
2613 test "x$ac_cv_func_prctl" != "xyes" && \ 2689 test "x$ac_cv_func_prctl" != "xyes" && \
2614 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) 2690 AC_MSG_ERROR([seccomp_filter sandbox requires prctl function])
2615 SANDBOX_STYLE="$SANDBOX_STYLE seccomp_filter" 2691 SANDBOX_STYLE="seccomp_filter"
2616 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) 2692 AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter])
2617fi 2693elif test "x$sandbox_arg" = "xrlimit" || \
2618if test "x$sandbox_arg" = "xrlimit" || \ 2694 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \
2619 ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then 2695 test "x$select_works_with_rlimit" == "xyes" ) ; then
2620 test "x$ac_cv_func_setrlimit" != "xyes" && \ 2696 test "x$ac_cv_func_setrlimit" != "xyes" && \
2621 AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) 2697 AC_MSG_ERROR([rlimit sandbox requires setrlimit function])
2622 SANDBOX_STYLE="$SANDBOX_STYLE rlimit" 2698 test "x$select_works_with_rlimit" != "xyes" && \
2699 AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit])
2700 SANDBOX_STYLE="rlimit"
2623 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) 2701 AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)])
2624fi 2702elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
2625if test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \
2626 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then 2703 test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then
2627 SANDBOX_STYLE="$SANDBOX_STYLE none" 2704 SANDBOX_STYLE="none"
2628fi 2705 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
2629if test -z "$SANDBOX_STYLE" ; then 2706else
2630 AC_MSG_ERROR([unsupported --with-sandbox]) 2707 AC_MSG_ERROR([unsupported --with-sandbox])
2631fi 2708fi
2632SANDBOX_STYLE="${SANDBOX_STYLE# }"
2633 2709
2634# Cheap hack to ensure NEWS-OS libraries are arranged right. 2710# Cheap hack to ensure NEWS-OS libraries are arranged right.
2635if test ! -z "$SONY" ; then 2711if test ! -z "$SONY" ; then
@@ -3245,7 +3321,7 @@ fi
3245 3321
3246AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) 3322AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type])
3247AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 3323AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
3248#include <sys/types.h> 3324#include <sys/param.h>
3249#include <sys/stat.h> 3325#include <sys/stat.h>
3250#ifdef HAVE_SYS_TIME_H 3326#ifdef HAVE_SYS_TIME_H
3251# include <sys/time.h> 3327# include <sys/time.h>
@@ -3953,13 +4029,16 @@ otherwise scp will not work.])
3953 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 4029 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3954 ) 4030 )
3955# make sure $bindir is in USER_PATH so scp will work 4031# make sure $bindir is in USER_PATH so scp will work
3956 t_bindir=`eval echo ${bindir}` 4032 t_bindir="${bindir}"
3957 case $t_bindir in 4033 while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do
3958 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; 4034 t_bindir=`eval echo ${t_bindir}`
3959 esac 4035 case $t_bindir in
3960 case $t_bindir in 4036 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
3961 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; 4037 esac
3962 esac 4038 case $t_bindir in
4039 NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
4040 esac
4041 done
3963 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 4042 echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
3964 if test $? -ne 0 ; then 4043 if test $? -ne 0 ; then
3965 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 4044 echo $user_path | grep "^$t_bindir" > /dev/null 2>&1