diff options
Diffstat (limited to 'crypto/openssh/configure.ac')
| -rw-r--r-- | crypto/openssh/configure.ac | 145 |
1 files changed, 124 insertions, 21 deletions
diff --git a/crypto/openssh/configure.ac b/crypto/openssh/configure.ac index dbe5b238fb75..320c6ff542b2 100644 --- a/crypto/openssh/configure.ac +++ b/crypto/openssh/configure.ac @@ -114,11 +114,6 @@ AC_C_INLINE AC_CHECK_DECL([LLONG_MAX], [have_llong_max=1], , [#include <limits.h>]) AC_CHECK_DECL([LONG_LONG_MAX], [have_long_long_max=1], , [#include <limits.h>]) -AC_CHECK_DECL([SYSTR_POLICY_KILL], [have_systr_policy_kill=1], , [ - #include <sys/types.h> - #include <sys/param.h> - #include <dev/systrace.h> -]) AC_CHECK_DECL([RLIMIT_NPROC], [AC_DEFINE([HAVE_RLIMIT_NPROC], [], [sys/resource.h has RLIMIT_NPROC])], , [ #include <sys/types.h> @@ -536,6 +531,18 @@ AC_CHECK_HEADERS([ \ wchar.h \ ]) +AC_CHECK_DECLS([le32toh, le64toh, htole64], [], [], [ +#ifdef HAVE_SYS_TYPES_H +# include <sys/types.h> +#endif +#ifdef HAVE_STDINT_H +# include <stdint.h> +#endif +#ifdef HAVE_ENDIAN_H +# include <endian.h> +#endif +]) + # On some platforms (eg SunOS4) sys/audit.h requires sys/[time|types|label.h] # to be included first. AC_CHECK_HEADERS([sys/audit.h], [], [], [ @@ -619,6 +626,9 @@ SPP_MSG="no" # the --with-solaris-privs option and --with-sandbox=solaris). SOLARIS_PRIVS="no" +# Default shared library extension +SHLIBEXT=".so" + # Check for some target-specific stuff case "$host" in *-*-aix*) @@ -630,6 +640,7 @@ case "$host" in AC_MSG_CHECKING([if compiler allows macro redefinitions]) AC_COMPILE_IFELSE( [AC_LANG_PROGRAM([[ +#include <stdlib.h> #define testmacro foo #define testmacro bar]], [[ exit(0); ]])], @@ -737,6 +748,7 @@ case "$host" in # Cygwin defines optargs, optargs as declspec(dllimport) for historical # reasons which cause compile warnings, so we disable those warnings. OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes]) + SHLIBEXT=".dll" ;; *-*-dgux*) AC_DEFINE([IP_TOS_IS_BROKEN], [1], @@ -796,6 +808,7 @@ int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) # cf. Apple bug 3710161 (not public, but searchable) AC_DEFINE([BROKEN_POLL], [1], [System poll(2) implementation is broken]) + SHLIBEXT=".dylib" ;; *-*-dragonfly*) SSHDLIBS="$SSHDLIBS" @@ -915,6 +928,27 @@ int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login attempts]) AC_DEFINE([USE_BTMP]) AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory killer]) + AC_ARG_WITH([linux-memlock-onfault], + [ --with-linux-memlock-onfault Enables memory locking on Linux], + [ + if test "x$withval" != "xno" ; then + AC_MSG_CHECKING([for MCL_ONFAULT]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM( + [[ #include <sys/mman.h> ]], + [[ mlockall(MCL_FUTURE | MCL_ONFAULT); ]], + )], + [ + AC_MSG_RESULT([supported]) + AC_DEFINE([LINUX_MEMLOCK_ONFAULT], [1], + [Lock all memory to protect sshd against Linux kcompactd] )], + [ + AC_MSG_RESULT([not supported]) + AC_MSG_ERROR([MCL_ONFAULT is not available on your system]) + ]) + fi + ], + ) + AC_DEFINE([SYSTEMD_NOTIFY], [1], [Have sshd notify systemd on start/reload]) inet6_default_4in6=yes case `uname -r` in @@ -1828,6 +1862,48 @@ AC_ARG_WITH([libedit], fi ] ) +# Check whether user wants wtmpdb support +WTMPDB_MSG="no" +AC_ARG_WITH([wtmpdb], + [ --with-wtmpdb[[=PATH]] Enable wtmpdb support for sshd], + [ if test "x$withval" != "xno" ; then + if test "x$withval" = "xyes" ; then + if test "x$PKGCONFIG" != "xno"; then + AC_MSG_CHECKING([if $PKGCONFIG knows about wtmpdb]) + if "$PKGCONFIG" libwtmpdb; then + AC_MSG_RESULT([yes]) + use_pkgconfig_for_libwtmpdb=yes + else + AC_MSG_RESULT([no]) + fi + fi + else + CPPFLAGS="$CPPFLAGS -I${withval}/include" + if test -n "${rpath_opt}"; then + LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}" + else + LDFLAGS="-L${withval}/lib ${LDFLAGS}" + fi + fi + if test "x$use_pkgconfig_for_libwtmpdb" = "xyes"; then + LIBWTMPDB=`$PKGCONFIG --libs libwtmpdb` + CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libwtmpdb`" + else + LIBWTMPDB="-lwtmpdb" + fi + OTHERLIBS=`echo $LIBWTMPDB | sed 's/-lwtmpdb//'` + AC_CHECK_LIB([wtmpdb], [wtmpdb_login], + [ AC_DEFINE([USE_WTMPDB], [1], [Use libwtmpdb for sshd]) + WTMPDB_MSG="yes" + AC_SUBST([LIBWTMPDB]) + ], + [ AC_MSG_ERROR([libwtmpdb not found]) ], + [ $OTHERLIBS ] + ) + fi ] +) + + AUDIT_MODULE=none AC_ARG_WITH([audit], [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], @@ -2085,6 +2161,19 @@ AC_CHECK_FUNCS([ \ warn \ ]) +AC_MSG_CHECKING([whether compiler supports __builtin_popcount]) +AC_LINK_IFELSE([AC_LANG_PROGRAM([[ + #include <stdlib.h> + ]], + [[ int x = 123, y; + y = __builtin_popcount(123); + exit(y == 6 ? 0 : -1); ]])], + [ AC_MSG_RESULT([yes]) ], [ + AC_MSG_RESULT([no]) + AC_DEFINE([MISSING_BUILTIN_POPCOUNT], [1], [Define if your compiler lacks __builtin_popcount]) + ] +) + AC_CHECK_DECLS([bzero, memmem]) dnl Wide character support. @@ -2140,6 +2229,12 @@ AC_ARG_WITH([security-key-builtin], [ enable_sk_internal=$withval ] ) +enable_sk_standalone= +AC_ARG_WITH([security-key-standalone], + [ --with-security-key-standalone build standalone sk-libfido2 SecurityKeyProvider], + [ enable_sk_standalone=$withval ] +) + AC_SEARCH_LIBS([dlopen], [dl]) AC_CHECK_FUNCS([dlopen]) AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) @@ -3253,6 +3348,12 @@ fi # PKCS11/U2F depend on OpenSSL and dlopen(). enable_pkcs11=yes enable_sk=yes + +AC_CHECK_DECL([OPENSSL_IS_AWSLC], + [enable_pkcs11="disabled; PKCS#11 not supported with AWS-LC"], + [], + [#include <openssl/base.h>] +) if test "x$openssl" != "xyes" ; then enable_pkcs11="disabled; missing libcrypto" fi @@ -3347,6 +3448,16 @@ if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" != "xno" ; then fi fi +# Check for standalone SecurityKeyProvider +AC_MSG_CHECKING([whether to build standalone sk-libfido2]) +if test "x$enable_sk_standalone" = "xyes" ; then + AC_MSG_RESULT([yes]) + AC_SUBST([SK_STANDALONE], [sk-libfido2$SHLIBEXT]) +else + AC_MSG_RESULT([no]) + AC_SUBST([SK_STANDALONE], [""]) +fi + AC_CHECK_FUNCS([ \ arc4random \ arc4random_buf \ @@ -3639,7 +3750,7 @@ AC_CHECK_TYPES([nfds_t], , , [ # Decide which sandbox style to use sandbox_arg="" AC_ARG_WITH([sandbox], - [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)], + [ --with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter)], [ if test "x$withval" = "xyes" ; then sandbox_arg="" @@ -3756,19 +3867,7 @@ if test "x$sandbox_arg" != "xno"; then ) fi -if test "x$sandbox_arg" = "xpledge" || \ - ( test -z "$sandbox_arg" && test "x$ac_cv_func_pledge" = "xyes" ) ; then - test "x$ac_cv_func_pledge" != "xyes" && \ - AC_MSG_ERROR([pledge sandbox requires pledge(2) support]) - SANDBOX_STYLE="pledge" - AC_DEFINE([SANDBOX_PLEDGE], [1], [Sandbox using pledge(2)]) -elif test "x$sandbox_arg" = "xsystrace" || \ - ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then - test "x$have_systr_policy_kill" != "x1" && \ - AC_MSG_ERROR([systrace sandbox requires systrace headers and SYSTR_POLICY_KILL support]) - SANDBOX_STYLE="systrace" - AC_DEFINE([SANDBOX_SYSTRACE], [1], [Sandbox using systrace(4)]) -elif test "x$sandbox_arg" = "xdarwin" || \ +if test "x$sandbox_arg" = "xdarwin" || \ ( test -z "$sandbox_arg" && test "x$ac_cv_func_sandbox_init" = "xyes" && \ test "x$ac_cv_header_sandbox_h" = "xyes") ; then test "x$ac_cv_func_sandbox_init" != "xyes" -o \ @@ -4387,7 +4486,11 @@ int main(void) long long num = 0x7fffffffffffffffll; #endif strcpy(expected_out, "9223372036854775807"); +#if (SIZEOF_LONG_INT == 8) + snprintf(buf, mazsize, "%ld", num); +#else snprintf(buf, mazsize, "%lld", num); +#endif if(strcmp(buf, expected_out) != 0) exit(1); exit(0); @@ -5683,8 +5786,8 @@ CFLAGS="${CFLAGS} ${CFLAGS_AFTER}" LDFLAGS="${LDFLAGS} ${LDFLAGS_AFTER}" # Make a copy of CFLAGS/LDFLAGS without PIE options. -LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/ -pie//'` -CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/ -fPIE//'` +LDFLAGS_NOPIE=`echo "$LDFLAGS" | sed 's/^-pie //;s/ -pie//g'` +CFLAGS_NOPIE=`echo "$CFLAGS" | sed 's/^-fPIE //;s/ -fPIE//g'` AC_SUBST([LDFLAGS_NOPIE]) AC_SUBST([CFLAGS_NOPIE]) |