diff options
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 137 |
1 files changed, 108 insertions, 29 deletions
diff --git a/configure.ac b/configure.ac index dbbd6e857..f3718537f 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: configure.ac,v 1.489 2012/04/19 11:46:38 djm Exp $ | 1 | # $Id: configure.ac,v 1.496 2012/07/06 01:49:29 djm Exp $ |
2 | # | 2 | # |
3 | # Copyright (c) 1999-2004 Damien Miller | 3 | # Copyright (c) 1999-2004 Damien Miller |
4 | # | 4 | # |
@@ -15,7 +15,7 @@ | |||
15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
16 | 16 | ||
17 | AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) | 17 | AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) |
18 | AC_REVISION($Revision: 1.489 $) | 18 | AC_REVISION($Revision: 1.496 $) |
19 | AC_CONFIG_SRCDIR([ssh.c]) | 19 | AC_CONFIG_SRCDIR([ssh.c]) |
20 | AC_LANG([C]) | 20 | AC_LANG([C]) |
21 | 21 | ||
@@ -126,6 +126,25 @@ AC_CHECK_DECL([SECCOMP_MODE_FILTER], [have_seccomp_filter=1], , [ | |||
126 | #include <linux/seccomp.h> | 126 | #include <linux/seccomp.h> |
127 | ]) | 127 | ]) |
128 | fi | 128 | fi |
129 | if test "x$have_seccomp_filter" = "x1" ; then | ||
130 | AC_MSG_CHECKING([kernel for seccomp_filter support]) | ||
131 | AC_RUN_IFELSE([AC_LANG_PROGRAM([[ | ||
132 | #include <errno.h> | ||
133 | #include <linux/seccomp.h> | ||
134 | #include <stdlib.h> | ||
135 | #include <sys/prctl.h> | ||
136 | ]], | ||
137 | [[ errno = 0; | ||
138 | prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL, 0, 0); | ||
139 | exit(errno == EFAULT ? 0 : 1); ]])], | ||
140 | [ AC_MSG_RESULT([yes]) ], [ | ||
141 | AC_MSG_RESULT([no]) | ||
142 | # Disable seccomp filter as a target | ||
143 | have_seccomp_filter=0 | ||
144 | ], | ||
145 | [ AC_MSG_RESULT([cross-compiling, assuming yes]) ] | ||
146 | ) | ||
147 | fi | ||
129 | 148 | ||
130 | use_stack_protector=1 | 149 | use_stack_protector=1 |
131 | AC_ARG_WITH([stackprotect], | 150 | AC_ARG_WITH([stackprotect], |
@@ -691,7 +710,8 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | |||
691 | AC_DEFINE([SSH_TUN_PREPEND_AF], [1], | 710 | AC_DEFINE([SSH_TUN_PREPEND_AF], [1], |
692 | [Prepend the address family to IP tunnel traffic]) | 711 | [Prepend the address family to IP tunnel traffic]) |
693 | fi | 712 | fi |
694 | AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h]) | 713 | AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], |
714 | [], [#include <linux/types.h>]) | ||
695 | AC_CHECK_FUNCS([prctl]) | 715 | AC_CHECK_FUNCS([prctl]) |
696 | have_seccomp_audit_arch=1 | 716 | have_seccomp_audit_arch=1 |
697 | case "$host" in | 717 | case "$host" in |
@@ -1575,6 +1595,7 @@ AC_CHECK_FUNCS([ \ | |||
1575 | seteuid \ | 1595 | seteuid \ |
1576 | setgroupent \ | 1596 | setgroupent \ |
1577 | setgroups \ | 1597 | setgroups \ |
1598 | setlinebuf \ | ||
1578 | setlogin \ | 1599 | setlogin \ |
1579 | setpassent\ | 1600 | setpassent\ |
1580 | setpcred \ | 1601 | setpcred \ |
@@ -2580,24 +2601,79 @@ AC_ARG_WITH([sandbox], | |||
2580 | fi | 2601 | fi |
2581 | ] | 2602 | ] |
2582 | ) | 2603 | ) |
2583 | SANDBOX_STYLE="" | 2604 | |
2605 | # Some platforms (seems to be the ones that have a kernel poll(2)-type | ||
2606 | # function with which they implement select(2)) use an extra file descriptor | ||
2607 | # when calling select(2), which means we can't use the rlimit sandbox. | ||
2608 | AC_MSG_CHECKING([if select works with descriptor rlimit]) | ||
2609 | AC_RUN_IFELSE( | ||
2610 | [AC_LANG_PROGRAM([[ | ||
2611 | #include <sys/types.h> | ||
2612 | #ifdef HAVE_SYS_TIME_H | ||
2613 | # include <sys/time.h> | ||
2614 | #endif | ||
2615 | #include <sys/resource.h> | ||
2616 | #ifdef HAVE_SYS_SELECT_H | ||
2617 | # include <sys/select.h> | ||
2618 | #endif | ||
2619 | #include <errno.h> | ||
2620 | #include <fcntl.h> | ||
2621 | #include <stdlib.h> | ||
2622 | ]],[[ | ||
2623 | struct rlimit rl_zero; | ||
2624 | int fd, r; | ||
2625 | fd_set fds; | ||
2626 | |||
2627 | fd = open("/dev/null", O_RDONLY); | ||
2628 | FD_ZERO(&fds); | ||
2629 | FD_SET(fd, &fds); | ||
2630 | rl_zero.rlim_cur = rl_zero.rlim_max = 0; | ||
2631 | setrlimit(RLIMIT_FSIZE, &rl_zero); | ||
2632 | setrlimit(RLIMIT_NOFILE, &rl_zero); | ||
2633 | r = select(fd+1, &fds, NULL, NULL, NULL); | ||
2634 | exit (r == -1 ? 1 : 0); | ||
2635 | ]])], | ||
2636 | [AC_MSG_RESULT([yes]) | ||
2637 | select_works_with_rlimit=yes], | ||
2638 | [AC_MSG_RESULT([no]) | ||
2639 | select_works_with_rlimit=no], | ||
2640 | [AC_MSG_WARN([cross compiling: assuming yes])] | ||
2641 | ) | ||
2642 | |||
2643 | AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) | ||
2644 | AC_RUN_IFELSE( | ||
2645 | [AC_LANG_PROGRAM([[ | ||
2646 | #include <sys/types.h> | ||
2647 | #include <sys/resource.h> | ||
2648 | #include <stdlib.h> | ||
2649 | ]],[[ | ||
2650 | struct rlimit rl_zero; | ||
2651 | |||
2652 | rl_zero.rlim_cur = rl_zero.rlim_max = 0; | ||
2653 | exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); | ||
2654 | ]])], | ||
2655 | [AC_MSG_RESULT([yes])], | ||
2656 | [AC_MSG_RESULT([no]) | ||
2657 | AC_DEFINE(SANDBOX_SKIP_RLIMIT_FSIZE, 1, | ||
2658 | [setrlimit RLIMIT_FSIZE works])], | ||
2659 | [AC_MSG_WARN([cross compiling: assuming yes])] | ||
2660 | ) | ||
2661 | |||
2584 | if test "x$sandbox_arg" = "xsystrace" || \ | 2662 | if test "x$sandbox_arg" = "xsystrace" || \ |
2585 | ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then | 2663 | ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then |
2586 | test "x$have_systr_policy_kill" != "x1" && \ | 2664 | test "x$have_systr_policy_kill" != "x1" && \ |
2587 | AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) | 2665 | AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) |
2588 | SANDBOX_STYLE="$SANDBOX_STYLE systrace" | 2666 | SANDBOX_STYLE="systrace" |
2589 | AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) | 2667 | AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) |
2590 | fi | 2668 | elif test "x$sandbox_arg" = "xdarwin" || \ |
2591 | if test "x$sandbox_arg" = "xdarwin" || \ | ||
2592 | ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ | 2669 | ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ |
2593 | test "x$ac_cv_header_sandbox_h" = "xyes") ; then | 2670 | test "x$ac_cv_header_sandbox_h" = "xyes") ; then |
2594 | test "x$ac_cv_func_sandbox_init" != "xyes" -o \ | 2671 | test "x$ac_cv_func_sandbox_init" != "xyes" -o \ |
2595 | "x$ac_cv_header_sandbox_h" != "xyes" && \ | 2672 | "x$ac_cv_header_sandbox_h" != "xyes" && \ |
2596 | AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) | 2673 | AC_MSG_ERROR([Darwin seatbelt sandbox requires sandbox.h and sandbox_init function]) |
2597 | SANDBOX_STYLE="$SANDBOX_STYLE darwin" | 2674 | SANDBOX_STYLE="darwin" |
2598 | AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) | 2675 | AC_DEFINE([SANDBOX_DARWIN], [1], [Sandbox using Darwin sandbox_init(3)]) |
2599 | fi | 2676 | elif test "x$sandbox_arg" = "xseccomp_filter" || \ |
2600 | if test "x$sandbox_arg" = "xseccomp_filter" || \ | ||
2601 | ( test -z "$sandbox_arg" && \ | 2677 | ( test -z "$sandbox_arg" && \ |
2602 | test "x$have_seccomp_filter" = "x1" && \ | 2678 | test "x$have_seccomp_filter" = "x1" && \ |
2603 | test "x$ac_cv_header_linux_audit_h" = "xyes" && \ | 2679 | test "x$ac_cv_header_linux_audit_h" = "xyes" && \ |
@@ -2612,24 +2688,24 @@ if test "x$sandbox_arg" = "xseccomp_filter" || \ | |||
2612 | AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) | 2688 | AC_MSG_ERROR([seccomp_filter sandbox requires seccomp headers]) |
2613 | test "x$ac_cv_func_prctl" != "xyes" && \ | 2689 | test "x$ac_cv_func_prctl" != "xyes" && \ |
2614 | AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) | 2690 | AC_MSG_ERROR([seccomp_filter sandbox requires prctl function]) |
2615 | SANDBOX_STYLE="$SANDBOX_STYLE seccomp_filter" | 2691 | SANDBOX_STYLE="seccomp_filter" |
2616 | AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) | 2692 | AC_DEFINE([SANDBOX_SECCOMP_FILTER], [1], [Sandbox using seccomp filter]) |
2617 | fi | 2693 | elif test "x$sandbox_arg" = "xrlimit" || \ |
2618 | if test "x$sandbox_arg" = "xrlimit" || \ | 2694 | ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ |
2619 | ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then | 2695 | test "x$select_works_with_rlimit" == "xyes" ) ; then |
2620 | test "x$ac_cv_func_setrlimit" != "xyes" && \ | 2696 | test "x$ac_cv_func_setrlimit" != "xyes" && \ |
2621 | AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) | 2697 | AC_MSG_ERROR([rlimit sandbox requires setrlimit function]) |
2622 | SANDBOX_STYLE="$SANDBOX_STYLE rlimit" | 2698 | test "x$select_works_with_rlimit" != "xyes" && \ |
2699 | AC_MSG_ERROR([rlimit sandbox requires select to work with rlimit]) | ||
2700 | SANDBOX_STYLE="rlimit" | ||
2623 | AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) | 2701 | AC_DEFINE([SANDBOX_RLIMIT], [1], [Sandbox using setrlimit(2)]) |
2624 | fi | 2702 | elif test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ |
2625 | if test -z "$sandbox_arg" || test "x$sandbox_arg" = "xno" || \ | ||
2626 | test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then | 2703 | test "x$sandbox_arg" = "xnone" || test "x$sandbox_arg" = "xnull" ; then |
2627 | SANDBOX_STYLE="$SANDBOX_STYLE none" | 2704 | SANDBOX_STYLE="none" |
2628 | fi | 2705 | AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing]) |
2629 | if test -z "$SANDBOX_STYLE" ; then | 2706 | else |
2630 | AC_MSG_ERROR([unsupported --with-sandbox]) | 2707 | AC_MSG_ERROR([unsupported --with-sandbox]) |
2631 | fi | 2708 | fi |
2632 | SANDBOX_STYLE="${SANDBOX_STYLE# }" | ||
2633 | 2709 | ||
2634 | # Cheap hack to ensure NEWS-OS libraries are arranged right. | 2710 | # Cheap hack to ensure NEWS-OS libraries are arranged right. |
2635 | if test ! -z "$SONY" ; then | 2711 | if test ! -z "$SONY" ; then |
@@ -3245,7 +3321,7 @@ fi | |||
3245 | 3321 | ||
3246 | AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) | 3322 | AC_MSG_CHECKING([if struct statvfs.f_fsid is integral type]) |
3247 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ | 3323 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ |
3248 | #include <sys/types.h> | 3324 | #include <sys/param.h> |
3249 | #include <sys/stat.h> | 3325 | #include <sys/stat.h> |
3250 | #ifdef HAVE_SYS_TIME_H | 3326 | #ifdef HAVE_SYS_TIME_H |
3251 | # include <sys/time.h> | 3327 | # include <sys/time.h> |
@@ -3953,13 +4029,16 @@ otherwise scp will not work.]) | |||
3953 | [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] | 4029 | [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] |
3954 | ) | 4030 | ) |
3955 | # make sure $bindir is in USER_PATH so scp will work | 4031 | # make sure $bindir is in USER_PATH so scp will work |
3956 | t_bindir=`eval echo ${bindir}` | 4032 | t_bindir="${bindir}" |
3957 | case $t_bindir in | 4033 | while echo "${t_bindir}" | egrep '\$\{|NONE/' >/dev/null 2>&1; do |
3958 | NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; | 4034 | t_bindir=`eval echo ${t_bindir}` |
3959 | esac | 4035 | case $t_bindir in |
3960 | case $t_bindir in | 4036 | NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; |
3961 | NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; | 4037 | esac |
3962 | esac | 4038 | case $t_bindir in |
4039 | NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; | ||
4040 | esac | ||
4041 | done | ||
3963 | echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 | 4042 | echo $user_path | grep ":$t_bindir" > /dev/null 2>&1 |
3964 | if test $? -ne 0 ; then | 4043 | if test $? -ne 0 ; then |
3965 | echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 | 4044 | echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 |