diff options
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 255 |
1 files changed, 214 insertions, 41 deletions
diff --git a/configure.ac b/configure.ac index c119d6fd1..5db3013de 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -164,6 +164,7 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then | |||
164 | OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) | 164 | OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) |
165 | OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) | 165 | OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) |
166 | OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) | 166 | OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) |
167 | OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough]) | ||
167 | OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) | 168 | OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) |
168 | if test "x$use_toolchain_hardening" = "x1"; then | 169 | if test "x$use_toolchain_hardening" = "x1"; then |
169 | OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang | 170 | OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang |
@@ -213,20 +214,26 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then | |||
213 | CFLAGS="$CFLAGS $t -Werror" | 214 | CFLAGS="$CFLAGS $t -Werror" |
214 | LDFLAGS="$LDFLAGS $t -Werror" | 215 | LDFLAGS="$LDFLAGS $t -Werror" |
215 | AC_LINK_IFELSE( | 216 | AC_LINK_IFELSE( |
216 | [AC_LANG_PROGRAM([[ #include <stdio.h> ]], | 217 | [AC_LANG_PROGRAM([[ |
218 | #include <stdio.h> | ||
219 | int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} | ||
220 | ]], | ||
217 | [[ | 221 | [[ |
218 | char x[256]; | 222 | char x[256]; |
219 | snprintf(x, sizeof(x), "XXX"); | 223 | snprintf(x, sizeof(x), "XXX%d", func(1)); |
220 | ]])], | 224 | ]])], |
221 | [ AC_MSG_RESULT([yes]) | 225 | [ AC_MSG_RESULT([yes]) |
222 | CFLAGS="$saved_CFLAGS $t" | 226 | CFLAGS="$saved_CFLAGS $t" |
223 | LDFLAGS="$saved_LDFLAGS $t" | 227 | LDFLAGS="$saved_LDFLAGS $t" |
224 | AC_MSG_CHECKING([if $t works]) | 228 | AC_MSG_CHECKING([if $t works]) |
225 | AC_RUN_IFELSE( | 229 | AC_RUN_IFELSE( |
226 | [AC_LANG_PROGRAM([[ #include <stdio.h> ]], | 230 | [AC_LANG_PROGRAM([[ |
231 | #include <stdio.h> | ||
232 | int func (int t) {char b[100]; snprintf(b,sizeof b,"%d",t); return t;} | ||
233 | ]], | ||
227 | [[ | 234 | [[ |
228 | char x[256]; | 235 | char x[256]; |
229 | snprintf(x, sizeof(x), "XXX"); | 236 | snprintf(x, sizeof(x), "XXX%d", func(1)); |
230 | ]])], | 237 | ]])], |
231 | [ AC_MSG_RESULT([yes]) | 238 | [ AC_MSG_RESULT([yes]) |
232 | break ], | 239 | break ], |
@@ -376,6 +383,7 @@ AC_CHECK_HEADERS([ \ | |||
376 | features.h \ | 383 | features.h \ |
377 | fcntl.h \ | 384 | fcntl.h \ |
378 | floatingpoint.h \ | 385 | floatingpoint.h \ |
386 | fnmatch.h \ | ||
379 | getopt.h \ | 387 | getopt.h \ |
380 | glob.h \ | 388 | glob.h \ |
381 | ia.h \ | 389 | ia.h \ |
@@ -715,8 +723,10 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | |||
715 | ;; | 723 | ;; |
716 | *-*-haiku*) | 724 | *-*-haiku*) |
717 | LIBS="$LIBS -lbsd " | 725 | LIBS="$LIBS -lbsd " |
726 | CFLAGS="$CFLAGS -D_BSD_SOURCE" | ||
718 | AC_CHECK_LIB([network], [socket]) | 727 | AC_CHECK_LIB([network], [socket]) |
719 | AC_DEFINE([HAVE_U_INT64_T]) | 728 | AC_DEFINE([HAVE_U_INT64_T]) |
729 | AC_DEFINE([DISABLE_UTMPX], [1], [no utmpx]) | ||
720 | MANTYPE=man | 730 | MANTYPE=man |
721 | ;; | 731 | ;; |
722 | *-*-hpux*) | 732 | *-*-hpux*) |
@@ -1216,8 +1226,25 @@ mips-sony-bsd|mips-sony-newsos4) | |||
1216 | 1226 | ||
1217 | *-*-ultrix*) | 1227 | *-*-ultrix*) |
1218 | AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) | 1228 | AC_DEFINE([BROKEN_GETGROUPS], [1], [getgroups(0,NULL) will return -1]) |
1219 | AC_DEFINE([NEED_SETPGRP]) | 1229 | AC_DEFINE([NEED_SETPGRP], [1], [Need setpgrp to for controlling tty]) |
1220 | AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) | 1230 | AC_DEFINE([HAVE_SYS_SYSLOG_H], [1], [Force use of sys/syslog.h on Ultrix]) |
1231 | AC_DEFINE([DISABLE_UTMPX], [1], [Disable utmpx]) | ||
1232 | # DISABLE_FD_PASSING so that we call setpgrp as root, otherwise we | ||
1233 | # don't get a controlling tty. | ||
1234 | AC_DEFINE([DISABLE_FD_PASSING], [1], [Need to call setpgrp as root]) | ||
1235 | # On Ultrix some headers are not protected against multiple includes, | ||
1236 | # so we create wrappers and put it where the compiler will find it. | ||
1237 | AC_MSG_WARN([creating compat wrappers for headers]) | ||
1238 | mkdir -p netinet | ||
1239 | for header in netinet/ip.h netdb.h resolv.h; do | ||
1240 | name=`echo $header | tr 'a-z/.' 'A-Z__'` | ||
1241 | cat >$header <<EOD | ||
1242 | #ifndef _SSH_COMPAT_${name} | ||
1243 | #define _SSH_COMPAT_${name} | ||
1244 | #include "/usr/include/${header}" | ||
1245 | #endif | ||
1246 | EOD | ||
1247 | done | ||
1221 | ;; | 1248 | ;; |
1222 | 1249 | ||
1223 | *-*-lynxos) | 1250 | *-*-lynxos) |
@@ -1284,11 +1311,12 @@ AC_CHECK_FUNC([getspnam], , | |||
1284 | AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], | 1311 | AC_SEARCH_LIBS([basename], [gen], [AC_DEFINE([HAVE_BASENAME], [1], |
1285 | [Define if you have the basename function.])]) | 1312 | [Define if you have the basename function.])]) |
1286 | 1313 | ||
1287 | dnl zlib is required | 1314 | dnl zlib defaults to enabled |
1315 | zlib=yes | ||
1288 | AC_ARG_WITH([zlib], | 1316 | AC_ARG_WITH([zlib], |
1289 | [ --with-zlib=PATH Use zlib in PATH], | 1317 | [ --with-zlib=PATH Use zlib in PATH], |
1290 | [ if test "x$withval" = "xno" ; then | 1318 | [ if test "x$withval" = "xno" ; then |
1291 | AC_MSG_ERROR([*** zlib is required ***]) | 1319 | zlib=no |
1292 | elif test "x$withval" != "xyes"; then | 1320 | elif test "x$withval" != "xyes"; then |
1293 | if test -d "$withval/lib"; then | 1321 | if test -d "$withval/lib"; then |
1294 | if test -n "${rpath_opt}"; then | 1322 | if test -n "${rpath_opt}"; then |
@@ -1311,8 +1339,14 @@ AC_ARG_WITH([zlib], | |||
1311 | fi ] | 1339 | fi ] |
1312 | ) | 1340 | ) |
1313 | 1341 | ||
1314 | AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) | 1342 | AC_MSG_CHECKING([for zlib]) |
1315 | AC_CHECK_LIB([z], [deflate], , | 1343 | if test "x${zlib}" = "xno"; then |
1344 | AC_MSG_RESULT([no]) | ||
1345 | else | ||
1346 | AC_MSG_RESULT([yes]) | ||
1347 | AC_DEFINE([WITH_ZLIB], [1], [Enable zlib]) | ||
1348 | AC_CHECK_HEADER([zlib.h], ,[AC_MSG_ERROR([*** zlib.h missing - please install first or check config.log ***])]) | ||
1349 | AC_CHECK_LIB([z], [deflate], , | ||
1316 | [ | 1350 | [ |
1317 | saved_CPPFLAGS="$CPPFLAGS" | 1351 | saved_CPPFLAGS="$CPPFLAGS" |
1318 | saved_LDFLAGS="$LDFLAGS" | 1352 | saved_LDFLAGS="$LDFLAGS" |
@@ -1331,18 +1365,18 @@ AC_CHECK_LIB([z], [deflate], , | |||
1331 | ] | 1365 | ] |
1332 | ) | 1366 | ) |
1333 | ] | 1367 | ] |
1334 | ) | 1368 | ) |
1335 | 1369 | ||
1336 | AC_ARG_WITH([zlib-version-check], | 1370 | AC_ARG_WITH([zlib-version-check], |
1337 | [ --without-zlib-version-check Disable zlib version check], | 1371 | [ --without-zlib-version-check Disable zlib version check], |
1338 | [ if test "x$withval" = "xno" ; then | 1372 | [ if test "x$withval" = "xno" ; then |
1339 | zlib_check_nonfatal=1 | 1373 | zlib_check_nonfatal=1 |
1340 | fi | 1374 | fi |
1341 | ] | 1375 | ] |
1342 | ) | 1376 | ) |
1343 | 1377 | ||
1344 | AC_MSG_CHECKING([for possibly buggy zlib]) | 1378 | AC_MSG_CHECKING([for possibly buggy zlib]) |
1345 | AC_RUN_IFELSE([AC_LANG_PROGRAM([[ | 1379 | AC_RUN_IFELSE([AC_LANG_PROGRAM([[ |
1346 | #include <stdio.h> | 1380 | #include <stdio.h> |
1347 | #include <stdlib.h> | 1381 | #include <stdlib.h> |
1348 | #include <zlib.h> | 1382 | #include <zlib.h> |
@@ -1380,7 +1414,8 @@ See http://www.gzip.org/zlib/ for details.]) | |||
1380 | fi | 1414 | fi |
1381 | ], | 1415 | ], |
1382 | [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] | 1416 | [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] |
1383 | ) | 1417 | ) |
1418 | fi | ||
1384 | 1419 | ||
1385 | dnl UnixWare 2.x | 1420 | dnl UnixWare 2.x |
1386 | AC_CHECK_FUNC([strcasecmp], | 1421 | AC_CHECK_FUNC([strcasecmp], |
@@ -1586,8 +1621,6 @@ AC_ARG_WITH(ldns, | |||
1586 | if test "x$withval" = "xyes" ; then | 1621 | if test "x$withval" = "xyes" ; then |
1587 | AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) | 1622 | AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no]) |
1588 | if test "x$LDNSCONFIG" = "xno"; then | 1623 | if test "x$LDNSCONFIG" = "xno"; then |
1589 | CPPFLAGS="$CPPFLAGS -I${withval}/include" | ||
1590 | LDFLAGS="$LDFLAGS -L${withval}/lib" | ||
1591 | LIBS="-lldns $LIBS" | 1624 | LIBS="-lldns $LIBS" |
1592 | ldns=yes | 1625 | ldns=yes |
1593 | else | 1626 | else |
@@ -1611,7 +1644,9 @@ AC_ARG_WITH(ldns, | |||
1611 | [AC_LANG_SOURCE([[ | 1644 | [AC_LANG_SOURCE([[ |
1612 | #include <stdio.h> | 1645 | #include <stdio.h> |
1613 | #include <stdlib.h> | 1646 | #include <stdlib.h> |
1614 | #include <stdint.h> | 1647 | #ifdef HAVE_STDINT_H |
1648 | # include <stdint.h> | ||
1649 | #endif | ||
1615 | #include <ldns/ldns.h> | 1650 | #include <ldns/ldns.h> |
1616 | int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } | 1651 | int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } |
1617 | ]]) | 1652 | ]]) |
@@ -1778,6 +1813,18 @@ if test "x$use_pie" != "xno"; then | |||
1778 | fi | 1813 | fi |
1779 | fi | 1814 | fi |
1780 | 1815 | ||
1816 | AC_MSG_CHECKING([whether -fPIC is accepted]) | ||
1817 | SAVED_CFLAGS="$CFLAGS" | ||
1818 | CFLAGS="$CFLAGS -fPIC" | ||
1819 | AC_COMPILE_IFELSE( | ||
1820 | [AC_LANG_PROGRAM( [[ #include <stdlib.h> ]], [[ exit(0); ]] )], | ||
1821 | [AC_MSG_RESULT([yes]) | ||
1822 | PICFLAG="-fPIC"; ], | ||
1823 | [AC_MSG_RESULT([no]) | ||
1824 | PICFLAG=""; ]) | ||
1825 | CFLAGS="$SAVED_CFLAGS" | ||
1826 | AC_SUBST([PICFLAG]) | ||
1827 | |||
1781 | dnl Checks for library functions. Please keep in alphabetical order | 1828 | dnl Checks for library functions. Please keep in alphabetical order |
1782 | AC_CHECK_FUNCS([ \ | 1829 | AC_CHECK_FUNCS([ \ |
1783 | Blowfish_initstate \ | 1830 | Blowfish_initstate \ |
@@ -1810,6 +1857,7 @@ AC_CHECK_FUNCS([ \ | |||
1810 | fchown \ | 1857 | fchown \ |
1811 | fchownat \ | 1858 | fchownat \ |
1812 | flock \ | 1859 | flock \ |
1860 | fnmatch \ | ||
1813 | freeaddrinfo \ | 1861 | freeaddrinfo \ |
1814 | freezero \ | 1862 | freezero \ |
1815 | fstatfs \ | 1863 | fstatfs \ |
@@ -1837,6 +1885,7 @@ AC_CHECK_FUNCS([ \ | |||
1837 | inet_ntop \ | 1885 | inet_ntop \ |
1838 | innetgr \ | 1886 | innetgr \ |
1839 | llabs \ | 1887 | llabs \ |
1888 | localtime_r \ | ||
1840 | login_getcapbool \ | 1889 | login_getcapbool \ |
1841 | md5_crypt \ | 1890 | md5_crypt \ |
1842 | memmem \ | 1891 | memmem \ |
@@ -1854,6 +1903,7 @@ AC_CHECK_FUNCS([ \ | |||
1854 | raise \ | 1903 | raise \ |
1855 | readpassphrase \ | 1904 | readpassphrase \ |
1856 | reallocarray \ | 1905 | reallocarray \ |
1906 | realpath \ | ||
1857 | recvmsg \ | 1907 | recvmsg \ |
1858 | recallocarray \ | 1908 | recallocarray \ |
1859 | rresvport_af \ | 1909 | rresvport_af \ |
@@ -1911,7 +1961,7 @@ AC_CHECK_FUNCS([ \ | |||
1911 | warn \ | 1961 | warn \ |
1912 | ]) | 1962 | ]) |
1913 | 1963 | ||
1914 | AC_CHECK_DECLS([bzero]) | 1964 | AC_CHECK_DECLS([bzero, memmem]) |
1915 | 1965 | ||
1916 | dnl Wide character support. | 1966 | dnl Wide character support. |
1917 | AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) | 1967 | AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) |
@@ -1951,16 +2001,29 @@ AC_ARG_ENABLE([pkcs11], | |||
1951 | ] | 2001 | ] |
1952 | ) | 2002 | ) |
1953 | 2003 | ||
1954 | # PKCS11 depends on OpenSSL. | 2004 | disable_sk= |
1955 | if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then | 2005 | AC_ARG_ENABLE([security-key], |
1956 | # PKCS#11 support requires dlopen() and co | 2006 | [ --disable-security-key disable U2F/FIDO support code [no]], |
1957 | AC_SEARCH_LIBS([dlopen], [dl], | 2007 | [ |
1958 | AC_CHECK_DECL([RTLD_NOW], | 2008 | if test "x$enableval" = "xno" ; then |
1959 | AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]), | 2009 | disable_sk=1 |
1960 | [], [#include <dlfcn.h>] | 2010 | fi |
1961 | ) | 2011 | ] |
1962 | ) | 2012 | ) |
1963 | fi | 2013 | enable_sk_internal= |
2014 | AC_ARG_WITH([security-key-builtin], | ||
2015 | [ --with-security-key-builtin include builtin U2F/FIDO support], | ||
2016 | [ | ||
2017 | if test "x$withval" != "xno" ; then | ||
2018 | enable_sk_internal=yes | ||
2019 | fi | ||
2020 | ] | ||
2021 | ) | ||
2022 | test "x$disable_sk" != "x" && enable_sk_internal="" | ||
2023 | |||
2024 | AC_SEARCH_LIBS([dlopen], [dl]) | ||
2025 | AC_CHECK_FUNCS([dlopen]) | ||
2026 | AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) | ||
1964 | 2027 | ||
1965 | # IRIX has a const char return value for gai_strerror() | 2028 | # IRIX has a const char return value for gai_strerror() |
1966 | AC_CHECK_FUNCS([gai_strerror], [ | 2029 | AC_CHECK_FUNCS([gai_strerror], [ |
@@ -2940,15 +3003,6 @@ if test "x$openssl" = "xyes" ; then | |||
2940 | # Check for SHA256, SHA384 and SHA512 support in OpenSSL | 3003 | # Check for SHA256, SHA384 and SHA512 support in OpenSSL |
2941 | AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) | 3004 | AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) |
2942 | 3005 | ||
2943 | # Search for RIPE-MD support in OpenSSL | ||
2944 | AC_CHECK_FUNCS([EVP_ripemd160], , | ||
2945 | [unsupported_algorithms="$unsupported_algorithms \ | ||
2946 | hmac-ripemd160 \ | ||
2947 | hmac-ripemd160@openssh.com \ | ||
2948 | hmac-ripemd160-etm@openssh.com" | ||
2949 | ] | ||
2950 | ) | ||
2951 | |||
2952 | # Check complete ECC support in OpenSSL | 3006 | # Check complete ECC support in OpenSSL |
2953 | AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) | 3007 | AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) |
2954 | AC_LINK_IFELSE( | 3008 | AC_LINK_IFELSE( |
@@ -3030,6 +3084,9 @@ if test "x$openssl" = "xyes" ; then | |||
3030 | test x$enable_nistp521 = x1; then | 3084 | test x$enable_nistp521 = x1; then |
3031 | AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) | 3085 | AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC]) |
3032 | AC_CHECK_FUNCS([EC_KEY_METHOD_new]) | 3086 | AC_CHECK_FUNCS([EC_KEY_METHOD_new]) |
3087 | openssl_ecc=yes | ||
3088 | else | ||
3089 | openssl_ecc=no | ||
3033 | fi | 3090 | fi |
3034 | if test x$enable_nistp256 = x1; then | 3091 | if test x$enable_nistp256 = x1; then |
3035 | AC_DEFINE([OPENSSL_HAS_NISTP256], [1], | 3092 | AC_DEFINE([OPENSSL_HAS_NISTP256], [1], |
@@ -3070,6 +3127,74 @@ else | |||
3070 | AC_CHECK_FUNCS([crypt]) | 3127 | AC_CHECK_FUNCS([crypt]) |
3071 | fi | 3128 | fi |
3072 | 3129 | ||
3130 | # PKCS11/U2F depend on OpenSSL and dlopen(). | ||
3131 | enable_pkcs11=yes | ||
3132 | enable_sk=yes | ||
3133 | if test "x$openssl" != "xyes" ; then | ||
3134 | enable_pkcs11="disabled; missing libcrypto" | ||
3135 | enable_sk="disabled; missing libcrypto" | ||
3136 | fi | ||
3137 | if test "x$openssl_ecc" != "xyes" ; then | ||
3138 | enable_sk="disabled; OpenSSL has no ECC support" | ||
3139 | fi | ||
3140 | if test "x$ac_cv_func_dlopen" != "xyes" ; then | ||
3141 | enable_pkcs11="disabled; missing dlopen(3)" | ||
3142 | enable_sk="disabled; missing dlopen(3)" | ||
3143 | fi | ||
3144 | if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then | ||
3145 | enable_pkcs11="disabled; missing RTLD_NOW" | ||
3146 | enable_sk="disabled; missing RTLD_NOW" | ||
3147 | fi | ||
3148 | if test ! -z "$disable_pkcs11" ; then | ||
3149 | enable_pkcs11="disabled by user" | ||
3150 | fi | ||
3151 | if test ! -z "$disable_sk" ; then | ||
3152 | enable_sk="disabled by user" | ||
3153 | fi | ||
3154 | |||
3155 | AC_MSG_CHECKING([whether to enable PKCS11]) | ||
3156 | if test "x$enable_pkcs11" = "xyes" ; then | ||
3157 | AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) | ||
3158 | fi | ||
3159 | AC_MSG_RESULT([$enable_pkcs11]) | ||
3160 | |||
3161 | AC_MSG_CHECKING([whether to enable U2F]) | ||
3162 | if test "x$enable_sk" = "xyes" ; then | ||
3163 | AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) | ||
3164 | fi | ||
3165 | AC_MSG_RESULT([$enable_sk]) | ||
3166 | |||
3167 | # Now check for built-in security key support. | ||
3168 | if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then | ||
3169 | AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) | ||
3170 | use_pkgconfig_for_libfido2= | ||
3171 | if test "x$PKGCONFIG" != "xno"; then | ||
3172 | AC_MSG_CHECKING([if $PKGCONFIG knows about libfido2]) | ||
3173 | if "$PKGCONFIG" libfido2; then | ||
3174 | AC_MSG_RESULT([yes]) | ||
3175 | use_pkgconfig_for_libfido2=yes | ||
3176 | else | ||
3177 | AC_MSG_RESULT([no]) | ||
3178 | fi | ||
3179 | fi | ||
3180 | if test "x$use_pkgconfig_for_libfido2" = "xyes"; then | ||
3181 | LIBFIDO2=`$PKGCONFIG --libs libfido2` | ||
3182 | CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" | ||
3183 | else | ||
3184 | LIBFIDO2="-lfido2 -lcbor" | ||
3185 | fi | ||
3186 | OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` | ||
3187 | AC_CHECK_LIB([fido2], [fido_init], | ||
3188 | [ | ||
3189 | AC_SUBST([LIBFIDO2]) | ||
3190 | AC_DEFINE([ENABLE_SK_INTERNAL], [], | ||
3191 | [Enable for built-in U2F/FIDO support]) | ||
3192 | enable_sk="built-in" | ||
3193 | ], [ ], | ||
3194 | [ $OTHERLIBS ] | ||
3195 | ) | ||
3196 | fi | ||
3197 | |||
3073 | AC_CHECK_FUNCS([ \ | 3198 | AC_CHECK_FUNCS([ \ |
3074 | arc4random \ | 3199 | arc4random \ |
3075 | arc4random_buf \ | 3200 | arc4random_buf \ |
@@ -3615,6 +3740,17 @@ fprint_ll(FILE *f, long long n) | |||
3615 | ) | 3740 | ) |
3616 | fi | 3741 | fi |
3617 | 3742 | ||
3743 | AC_CHECK_DECLS([UINT32_MAX], , , [[ | ||
3744 | #ifdef HAVE_SYS_LIMITS_H | ||
3745 | # include <sys/limits.h> | ||
3746 | #endif | ||
3747 | #ifdef HAVE_LIMITS_H | ||
3748 | # include <limits.h> | ||
3749 | #endif | ||
3750 | #ifdef HAVE_STDINT_H | ||
3751 | # include <stdint.h> | ||
3752 | #endif | ||
3753 | ]]) | ||
3618 | 3754 | ||
3619 | # More checks for data types | 3755 | # More checks for data types |
3620 | AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ | 3756 | AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ |
@@ -3795,7 +3931,9 @@ fi | |||
3795 | 3931 | ||
3796 | AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ | 3932 | AC_CHECK_TYPES([intmax_t, uintmax_t], , , [ |
3797 | #include <sys/types.h> | 3933 | #include <sys/types.h> |
3798 | #include <stdint.h> | 3934 | #ifdef HAVE_STDINT_H |
3935 | # include <stdint.h> | ||
3936 | #endif | ||
3799 | ]) | 3937 | ]) |
3800 | 3938 | ||
3801 | TYPE_SOCKLEN_T | 3939 | TYPE_SOCKLEN_T |
@@ -3814,7 +3952,8 @@ AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [ | |||
3814 | #endif | 3952 | #endif |
3815 | ]) | 3953 | ]) |
3816 | 3954 | ||
3817 | AC_CHECK_MEMBERS([struct statfs.f_flags], [], [], [[ | 3955 | AC_CHECK_MEMBERS([struct statfs.f_files, struct statfs.f_flags], [], [], [[ |
3956 | #include <sys/param.h> | ||
3818 | #include <sys/types.h> | 3957 | #include <sys/types.h> |
3819 | #ifdef HAVE_SYS_BITYPES_H | 3958 | #ifdef HAVE_SYS_BITYPES_H |
3820 | #include <sys/bitypes.h> | 3959 | #include <sys/bitypes.h> |
@@ -3828,6 +3967,9 @@ AC_CHECK_MEMBERS([struct statfs.f_flags], [], [], [[ | |||
3828 | #ifdef HAVE_SYS_VFS_H | 3967 | #ifdef HAVE_SYS_VFS_H |
3829 | #include <sys/vfs.h> | 3968 | #include <sys/vfs.h> |
3830 | #endif | 3969 | #endif |
3970 | #ifdef HAVE_SYS_MOUNT_H | ||
3971 | #include <sys/mount.h> | ||
3972 | #endif | ||
3831 | ]]) | 3973 | ]]) |
3832 | 3974 | ||
3833 | 3975 | ||
@@ -3973,6 +4115,8 @@ if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then | |||
3973 | [define if you have struct addrinfo data type]) | 4115 | [define if you have struct addrinfo data type]) |
3974 | fi | 4116 | fi |
3975 | 4117 | ||
4118 | AC_HEADER_TIME | ||
4119 | |||
3976 | AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ | 4120 | AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ |
3977 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], | 4121 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]], |
3978 | [[ struct timeval tv; tv.tv_sec = 1;]])], | 4122 | [[ struct timeval tv; tv.tv_sec = 1;]])], |
@@ -3985,7 +4129,28 @@ if test "x$ac_cv_have_struct_timeval" = "xyes" ; then | |||
3985 | have_struct_timeval=1 | 4129 | have_struct_timeval=1 |
3986 | fi | 4130 | fi |
3987 | 4131 | ||
3988 | AC_CHECK_TYPES([struct timespec]) | 4132 | AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [ |
4133 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ | ||
4134 | #ifdef TIME_WITH_SYS_TIME | ||
4135 | # include <sys/time.h> | ||
4136 | # include <time.h> | ||
4137 | #else | ||
4138 | # ifdef HAVE_SYS_TIME_H | ||
4139 | # include <sys/time.h> | ||
4140 | # else | ||
4141 | # include <time.h> | ||
4142 | # endif | ||
4143 | #endif | ||
4144 | ]], | ||
4145 | [[ struct timespec ts; ts.tv_sec = 1;]])], | ||
4146 | [ ac_cv_have_struct_timespec="yes" ], | ||
4147 | [ ac_cv_have_struct_timespec="no" | ||
4148 | ]) | ||
4149 | ]) | ||
4150 | if test "x$ac_cv_have_struct_timespec" = "xyes" ; then | ||
4151 | AC_DEFINE([HAVE_STRUCT_TIMESPEC], [1], [define if you have struct timespec]) | ||
4152 | have_struct_timespec=1 | ||
4153 | fi | ||
3989 | 4154 | ||
3990 | # We need int64_t or else certain parts of the compile will fail. | 4155 | # We need int64_t or else certain parts of the compile will fail. |
3991 | if test "x$ac_cv_have_int64_t" = "xno" && \ | 4156 | if test "x$ac_cv_have_int64_t" = "xno" && \ |
@@ -5274,6 +5439,12 @@ AC_SUBST([DEPEND], [$(cat $srcdir/.depend)]) | |||
5274 | CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" | 5439 | CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" |
5275 | LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" | 5440 | LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" |
5276 | 5441 | ||
5442 | # Make a copy of CFLAGS/LDFLAGS without PIE options. | ||
5443 | LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` | ||
5444 | CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` | ||
5445 | AC_SUBST([LDFLAGS_NOPIE]) | ||
5446 | AC_SUBST([CFLAGS_NOPIE]) | ||
5447 | |||
5277 | AC_EXEEXT | 5448 | AC_EXEEXT |
5278 | AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ | 5449 | AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ |
5279 | openbsd-compat/Makefile openbsd-compat/regress/Makefile \ | 5450 | openbsd-compat/Makefile openbsd-compat/regress/Makefile \ |
@@ -5334,6 +5505,8 @@ echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" | |||
5334 | echo " BSD Auth support: $BSD_AUTH_MSG" | 5505 | echo " BSD Auth support: $BSD_AUTH_MSG" |
5335 | echo " Random number source: $RAND_MSG" | 5506 | echo " Random number source: $RAND_MSG" |
5336 | echo " Privsep sandbox style: $SANDBOX_STYLE" | 5507 | echo " Privsep sandbox style: $SANDBOX_STYLE" |
5508 | echo " PKCS#11 support: $enable_pkcs11" | ||
5509 | echo " U2F/FIDO support: $enable_sk" | ||
5337 | 5510 | ||
5338 | echo "" | 5511 | echo "" |
5339 | 5512 | ||