+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE GPTBundleData SYSTEM "gpt_bundle.dtd">
-<GPTBundleData Name="gsi_openssh" >
-<BundleInfo >
-<Description >EMPTY</Description>
-<ContactInfo ContactEmail="EMPTY" ContactName="EMPTY" />
-<BundleDocs BundleDocsDesc="EMPTY" BundleDocsURL="EMPTY" />
-</BundleInfo>
-<BundleReleaseInfo >
-<BundleStability Release="EMPTY" />
-<BundleVersion Age="0" Major="2" Minor="1" />
-<VersionLabel >EMPTY</VersionLabel>
-<TypeOfBundle ContentsType="gpt" />
-</BundleReleaseInfo>
-<PackageList >
-<IncludedPackages >
-<Package PackageFlavor="gcc32" PackageName="globus_gsi_cert_utils" PackageType="pgm_static" PackageVersion="0.5" />
-<Package PackageFlavor="gcc32" PackageName="globus_proxy_utils" PackageType="pgm_static" PackageVersion="0.6" />
-<Package PackageFlavor="noflavor" PackageName="globus_user_env" PackageType="data" PackageVersion="2.2" />
-<Package PackageFlavor="gcc32" PackageName="gsi_openssh" PackageType="pgm_static" PackageVersion="2.1" />
-</IncludedPackages>
-<ExcludedPackages >
-</ExcludedPackages>
-<PackageFlags >
-</PackageFlags>
-</PackageList>
-</GPTBundleData>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE GPTBundleData SYSTEM "gpt_bundle.dtd">
-<GPTBundleData Name="gsi_openssh" >
-<BundleInfo >
-<Description >EMPTY</Description>
-<ContactInfo ContactEmail="EMPTY" ContactName="EMPTY" />
-<BundleDocs BundleDocsDesc="EMPTY" BundleDocsURL="EMPTY" />
-</BundleInfo>
-<BundleReleaseInfo >
-<BundleStability Release="EMPTY" />
-<BundleVersion Age="0" Major="2" Minor="1" />
-<VersionLabel >EMPTY</VersionLabel>
-<TypeOfBundle ContentsType="src" />
-</BundleReleaseInfo>
-<PackageList >
-<IncludedPackages >
-<Package PackageFlavor="ANY" PackageName="globus_user_env" PackageType="src" PackageVersion="2.2" />
-<Package PackageFlavor="ANY" PackageName="globus_proxy_utils" PackageType="src" PackageVersion="0.6" />
-<Package PackageFlavor="ANY" PackageName="gsi_openssh" PackageType="src" PackageVersion="2.1" />
-</IncludedPackages>
-<ExcludedPackages >
-</ExcludedPackages>
-<PackageFlags >
-</PackageFlags>
-</PackageList>
-</GPTBundleData>
+++ /dev/null
-#!/bin/sh
-
-NAME="gsi_openssh_bundle-2.1-i686-pc-linux-gnu.tar.gz"
-
-if [ ! -e $NAME ]; then
- $GPT_LOCATION/sbin/gpt-bundle -output=$NAME -xml=gsi_openssh_bundle-bin.xml
-fi
+++ /dev/null
-#!/bin/sh
-#
-
-NAME="gsi_openssh_bundle-2.1-src.tar.gz"
-
-if [ ! -e $NAME ]; then
- $GPT_LOCATION/sbin/gpt-bundle -srcdir=../s0_srcpkgs -output=$NAME -xml=gsi_openssh_bundle-src.xml
-fi
--- /dev/null
+<Package name="gsi_openssh_bundle">
+ <Depends>
+ <Package name="gsi_openssh">
+ Module openssh
+ Root :pserver:anonymous@cvs.ncsa.uiuc.edu:/CVS/gssapi-openssh
+ Tag OPENSSH_GSI_GPT_2_11
+ Directory ./
+ </Package>
+ <Package name="gsi_openssh_setup">
+ Module setup
+ Root :pserver:anonymous@cvs.ncsa.uiuc.edu:/CVS/gssapi-openssh
+ Tag OPENSSH_GSI_GPT_2_11
+ Directory ./
+ </Package>
+ </Depends>
+
+ <Dist>
+ <Tools>
+ <Tool>gpt-2.2.10</Tool>
+ </Tools>
+
+ <File name="gsi_openssh_bundle-2.11-src.tar.gz" />
+
+ <Steps>
+ <Step>
+ <Description>
+ Collating packages...
+ </Description>
+ <Command>
+ ./scripts/collate-packages
+ </Command>
+ </Step>
+ <Step>
+ <Description>
+ Creating bundle...
+ </Description>
+ <Command>
+ ./scripts/make-src-bundle
+ </Command>
+ </Step>
+ </Steps>
+ </Dist>
+</Package>
--- /dev/null
+#!/bin/sh
+#
+
+source ./scripts/version.sh
+
+if [ ! -e work/sources/ ]; then
+ mkdir -p work/sources/
+fi
+
+cp ../packages-harvest/gsi_openssh-$VERSION-src.tar.gz ./work/sources/
+cp ../packages-harvest/gsi_openssh_setup-$VERSION-src.tar.gz ./work/sources/
--- /dev/null
+#!/bin/sh
+#
+
+source ./scripts/version.sh
+
+NAME="gsi_openssh_bundle-$VERSION-src.tar.gz"
+
+cd work/
+
+#
+# create the bundle
+#
+
+$GPT_LOCATION/sbin/gpt-bundle -nodeps -srcdir=sources/ -output=$NAME gsi_openssh gsi_openssh_setup
+mv sources/gsi_openssh_bundle-$VERSION-src_src.tar.gz $NAME
+
+#
+# remove globus_core from it
+#
+
+mkdir -p temp/
+tar xvzf $NAME -C temp/
+cd temp/
+rm globus_core-99.tar.gz
+cat packaging_list | grep -v 'globus_core' > packaging_list
+
+#
+# create the bundle (redux)
+#
+
+tar cvzf $NAME *
+cd ../
+
+#
+# place the bundle in the parent directory
+#
+
+mv temp/$NAME ../
--- /dev/null
+#!/bin/sh
+#
+
+source ./scripts/version.sh
+
+NAME="gsi_openssh_bundle-$VERSION-src.tar.gz"
+
+#
+# sign the bundle
+#
+
+if [ -f $NAME ]; then
+ echo "Signing bundle..."
+ /usr/bin/gpg --armor --output $NAME.asc --detach-sig $NAME
+ /usr/bin/md5sum $NAME > $NAME.md5
+fi
--- /dev/null
+VERSION="2.11"
--- /dev/null
+bin/scp
+bin/sftp
+bin/slogin
+bin/ssh
+bin/ssh-add
+bin/ssh-agent
+bin/ssh-keygen
+bin/ssh-keyscan
+man/man1/scp.1
+man/man1/sftp.1
+man/man1/slogin.1
+man/man1/ssh-add.1
+man/man1/ssh-agent.1
+man/man1/ssh-keygen.1
+man/man1/ssh-keyscan.1
+man/man1/ssh.1
+man/man5/ssh_config.5
+man/man5/sshd_config.5
+man/man8/sftp-server.8
+man/man8/ssh-keysign.8
+man/man8/ssh-rand-helper.8
+man/man8/sshd.8
+man/cat1/scp.1
+man/cat1/sftp.1
+man/cat1/slogin.1
+man/cat1/ssh-add.1
+man/cat1/ssh-agent.1
+man/cat1/ssh-keygen.1
+man/cat1/ssh-keyscan.1
+man/cat1/ssh.1
+man/cat5/ssh_config.5
+man/cat5/sshd_config.5
+man/cat8/sftp-server.8
+man/cat8/ssh-keysign.8
+man/cat8/ssh-rand-helper.8
+man/cat8/sshd.8
--- /dev/null
+#!/usr/bin/env perl
+#
+# make_gpt_dist - adapted from GPT's make_gpt_dist script
+#
+# Create a GPT source package after deriving the necessary build files.
+#
+
+#
+# You can define the source directory and package names to suit your needs. It's
+# important to remember that GPT needs the source package name to be similar to
+# the name of the package as defined in the package metadata (pkg_data_src.gpt).
+#
+# Failing to do this correctly will not affect bundle-creation, but will affect
+# globus-build's ability to select and untar the correct package corresponding
+# to the name gpt-bundle gives in its 'packaging_list'.
+#
+
+$srcdirname = "gsi_openssh_compat-2.11-src";
+$srcpkgname = "gsi_openssh_compat-2.11-src";
+
+#
+# uncomment when we've got a better place to get the current version from
+#
+# determine gpt version number
+#
+#open (CFG, 'packaging_tools/configure.in');
+#
+#my $version;
+#for (<CFG>) {
+# if (m!AM_INIT_AUTOMAKE\(\w+,([^,\)]+)!) {
+# $version = $1;
+# $version =~ s!\s+!!g;
+# }
+#}
+
+#
+# test to make sure we're okay to
+# o create/use the $srcdirname directories
+# o create the source package
+#
+
+if ( (!defined($srcdirname)) || length($srcdirname) le 0 )
+{
+ printf("\$srcdirname must be defined to a usable value!\n");
+ die;
+}
+
+if ( (!defined($srcpkgname)) || length($srcpkgname) le 0 )
+{
+ printf("\$srcpkgname must be defined to a usable value!\n");
+ die;
+}
+
+if ( -e "../$srcdirname" )
+{
+ printf("found existing '../$srcdirname'... please remove before continuing\n");
+ die;
+}
+
+if ( -e "./$srcdirname" )
+{
+ printf("found existing './$srcdirname'... please remove before continuing\n");
+ die;
+}
+
+if ( -e "./$srcpkgname.tar" )
+{
+ printf("found existing './$srcpkgname.tar'... please remove before continuing\n");
+ die;
+}
+
+if ( -e "./$srcpkgname.tar.gz" )
+{
+ printf("found existing './$srcpkgname.tar.gz'... please remove before continuing\n");
+ die;
+}
+
+#
+# prep the source directory by creating a temp directory containing all of the
+# required files.
+#
+
+printf("copying files into source directory...\n");
+system("mkdir ../$srcdirname")==0 or die "Unable to create ../$srcdirname: $?";
+system("cp -rf * ../$srcdirname")==0 or die "Unable to copy . into ../$srcdirname: $?";
+system("mv ../$srcdirname ./$srcdirname")==0 or die "Unable to move $srcdirname from ../ to ./: $?";
+
+chdir("./$srcdirname");
+
+#
+# remove any 'unnecessary' files from the source directory.
+#
+
+printf("pruning source directory of extraneous files...\n");
+
+system("rm -rf `find . -name CVS -print`")==0 or die "Unable to remove cvs directories: $?";
+system("rm -f ./todo")==0 or die "Unable to remove todo file: $?";
+
+#
+# #
+# # run the standard development tools to get the necessary derived files.
+# #
+#
+# printf("running autoheader...\n");
+# system("autoheader")==0 or die "Could not run autoheader: $?";
+#
+# printf("running autoconf...\n");
+# system("autoconf")==0 or die "Could not run autoheader: $?";
+#
+
+chdir("../");
+
+#
+# create the source package from the source directory.
+#
+
+printf("creating source tarball '$srcpkgname.tar.gz'...\n");
+system("tar -cf ./$srcpkgname.tar ./$srcdirname")==0 or die "Unable to create $srcpkgname.tar: $?";
+system("gzip -f ./$srcpkgname.tar")==0 or die "Unable to gzip $srcpkgname.tar: $?";
+
+printf("cleaning up after myself...\n");
+system("rm -rf ./$srcdirname")==0 or die "Unable to remove ./$srcdirname: $?";
+
+#
+# done.
+#
+
+printf("done.\n");
--- /dev/null
+<Package name="gsi_openssh_compat">
+ <Depends>
+ </Depends>
+
+ <Dist>
+ <File name="gsi_openssh_compat-2.11-src.tar.gz" />
+
+ <Steps>
+ <Step>
+ <Description>
+ Creating package...
+ </Description>
+ <Command>
+ ./make_gpt_dist
+ </Command>
+ </Step>
+ </Steps>
+ </Dist>
+</Package>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE gpt_package_metadata SYSTEM "globus_package.dtd">
+
+<gpt_package_metadata Format_Version="0.02" Name="gsi_openssh_compat" >
+
+ <Aging_Version Major="2" Minor="11" Age="0" />
+ <Description>GSI-Enabled OpenSSH compat package</Description>
+ <Functional_Group >gsi_openssh</Functional_Group>
+ <Version_Stability Release="stable" />
+
+ <src_pkg >
+
+ <Version_Label>GSI-OpenSSH 2.11 / OpenSSH 3.7.1p2</Version_Label>
+
+ <With_Flavors build="no" />
+
+ <Build_Instructions>
+
+ <Build_Step>mkdir -p INSTALLDIR_GPTMACRO/bin/</Build_Step>
+ <Build_Step>ln -s ./ssh.d/scp INSTALLDIR_GPTMACRO/bin/scp</Build_Step>
+ <Build_Step>ln -s ./ssh.d/sftp INSTALLDIR_GPTMACRO/bin/sftp</Build_Step>
+ <Build_Step>ln -s ./ssh.d/slogin INSTALLDIR_GPTMACRO/bin/slogin</Build_Step>
+ <Build_Step>ln -s ./ssh.d/ssh INSTALLDIR_GPTMACRO/bin/ssh</Build_Step>
+ <Build_Step>ln -s ./ssh.d/ssh-add INSTALLDIR_GPTMACRO/bin/ssh-add</Build_Step>
+ <Build_Step>ln -s ./ssh.d/ssh-agent INSTALLDIR_GPTMACRO/bin/ssh-agent</Build_Step>
+ <Build_Step>ln -s ./ssh.d/ssh-keygen INSTALLDIR_GPTMACRO/bin/ssh-keygen</Build_Step>
+ <Build_Step>ln -s ./ssh.d/ssh-keyscan INSTALLDIR_GPTMACRO/bin/ssh-keyscan</Build_Step>
+
+ <Build_Step>mkdir -p INSTALLDIR_GPTMACRO/man/man1/</Build_Step>
+ <Build_Step>ln -s ./ssh.d/scp.1 INSTALLDIR_GPTMACRO/man/man1/scp.1</Build_Step>
+ <Build_Step>ln -s ./ssh.d/sftp.1 INSTALLDIR_GPTMACRO/man/man1/sftp.1</Build_Step>
+ <Build_Step>ln -s ./ssh.d/slogin.1 INSTALLDIR_GPTMACRO/man/man1/slogin.1</Build_Step>
+ <Build_Step>ln -s ./ssh.d/ssh-add.1 INSTALLDIR_GPTMACRO/man/man1/ssh-add.1</Build_Step>
+ <Build_Step>ln -s ./ssh.d/ssh-agent.1 INSTALLDIR_GPTMACRO/man/man1/ssh-agent.1</Build_Step>
+ <Build_Step>ln -s ./ssh.d/ssh-keygen.1 INSTALLDIR_GPTMACRO/man/man1/ssh-keygen.1</Build_Step>
+ <Build_Step>ln -s ./ssh.d/ssh-keyscan.1 INSTALLDIR_GPTMACRO/man/man1/ssh-keyscan.1</Build_Step>
+ <Build_Step>ln -s ./ssh.d/ssh.1 INSTALLDIR_GPTMACRO/man/man1/ssh.1</Build_Step>
+
+ <Build_Step>mkdir -p INSTALLDIR_GPTMACRO/man/man5/</Build_Step>
+ <Build_Step>ln -s ./ssh.d/ssh_config.5 INSTALLDIR_GPTMACRO/man/man5/ssh_config.5</Build_Step>
+ <Build_Step>ln -s ./ssh.d/sshd_config.5 INSTALLDIR_GPTMACRO/man/man5/sshd_config.5</Build_Step>
+
+ <Build_Step>mkdir -p INSTALLDIR_GPTMACRO/man/man8/</Build_Step>
+ <Build_Step>ln -s ./ssh.d/sftp-server.8 INSTALLDIR_GPTMACRO/man/man8/sftp-server.8</Build_Step>
+ <Build_Step>ln -s ./ssh.d/ssh-keysign.8 INSTALLDIR_GPTMACRO/man/man8/ssh-keysign.8</Build_Step>
+ <Build_Step>ln -s ./ssh.d/ssh-rand-helper.8 INSTALLDIR_GPTMACRO/man/man8/ssh-rand-helper.8</Build_Step>
+ <Build_Step>ln -s ./ssh.d/sshd.8 INSTALLDIR_GPTMACRO/man/man8/sshd.8</Build_Step>
+
+ <Build_Step>mkdir -p INSTALLDIR_GPTMACRO/man/cat1/</Build_Step>
+ <Build_Step>ln -s ./ssh.d/scp.1 INSTALLDIR_GPTMACRO/man/cat1/scp.1</Build_Step>
+ <Build_Step>ln -s ./ssh.d/sftp.1 INSTALLDIR_GPTMACRO/man/cat1/sftp.1</Build_Step>
+ <Build_Step>ln -s ./ssh.d/slogin.1 INSTALLDIR_GPTMACRO/man/cat1/slogin.1</Build_Step>
+ <Build_Step>ln -s ./ssh.d/ssh-add.1 INSTALLDIR_GPTMACRO/man/cat1/ssh-add.1</Build_Step>
+ <Build_Step>ln -s ./ssh.d/ssh-agent.1 INSTALLDIR_GPTMACRO/man/cat1/ssh-agent.1</Build_Step>
+ <Build_Step>ln -s ./ssh.d/ssh-keygen.1 INSTALLDIR_GPTMACRO/man/cat1/ssh-keygen.1</Build_Step>
+ <Build_Step>ln -s ./ssh.d/ssh-keyscan.1 INSTALLDIR_GPTMACRO/man/cat1/ssh-keyscan.1</Build_Step>
+ <Build_Step>ln -s ./ssh.d/ssh.1 INSTALLDIR_GPTMACRO/man/cat1/ssh.1</Build_Step>
+
+ <Build_Step>mkdir -p INSTALLDIR_GPTMACRO/man/cat5/</Build_Step>
+ <Build_Step>ln -s ./ssh.d/ssh_config.5 INSTALLDIR_GPTMACRO/man/cat5/ssh_config.5</Build_Step>
+ <Build_Step>ln -s ./ssh.d/sshd_config.5 INSTALLDIR_GPTMACRO/man/cat5/sshd_config.5</Build_Step>
+
+ <Build_Step>mkdir -p INSTALLDIR_GPTMACRO/man/cat8/</Build_Step>
+ <Build_Step>ln -s ./ssh.d/sftp-server.8 INSTALLDIR_GPTMACRO/man/cat8/sftp-server.8</Build_Step>
+ <Build_Step>ln -s ./ssh.d/ssh-keysign.8 INSTALLDIR_GPTMACRO/man/cat8/ssh-keysign.8</Build_Step>
+ <Build_Step>ln -s ./ssh.d/ssh-rand-helper.8 INSTALLDIR_GPTMACRO/man/cat8/ssh-rand-helper.8</Build_Step>
+ <Build_Step>ln -s ./ssh.d/sshd.8 INSTALLDIR_GPTMACRO/man/cat8/sshd.8</Build_Step>
+
+ </Build_Instructions>
+
+ </src_pkg >
+
+</gpt_package_metadata>
RAND_HELPER=$(libexecdir)/ssh-rand-helper
PRIVSEP_PATH=@PRIVSEP_PATH@
SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
+STRIP_OPT=@STRIP_OPT@
PATHS= -DSSHDIR=\"$(sysconfdir)\" \
-D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \
LIBPAM=@LIBPAM@
LIBWRAP=@LIBWRAP@
AR=@AR@
+AWK=@AWK@
RANLIB=@RANLIB@
INSTALL=@INSTALL@
PERL=@PERL@
+SED=@SED@
ENT=@ENT@
XAUTH_PATH=@XAUTH_PATH@
LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@
INSTALL_GSISSH=@INSTALL_GSISSH@
-@NO_SFTP@SFTP_PROGS=sftp-server$(EXEEXT) sftp$(EXEEXT)
-
-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} $(SFTP_PROGS)
-
-LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dh.o dispatch.o fatal.o mac.o msg.o hostfile.o key.o kex.o kexdh.o kexgex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o scard.o scard-opensc.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o monitor_wrap.o monitor_fdpass.o kexgss.o gss-genr.o
-
-SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o sshtty.o readconf.o clientloop.o
-
-SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-krb5.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o monitor_mm.o monitor.o auth2-gss.o gss-serv.o
+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT)
+
+LIBSSH_OBJS=authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o \
+ cipher.o cipher-aes.o cipher-bf1.o cipher-ctr.o cipher-3des1.o \
+ compat.o compress.o crc32.o deattack.o fatal.o \
+ hostfile.o log.o match.o moduli.o mpaux.o nchan.o packet.o \
+ readpass.o rsa.o tildexpand.o ttymodes.o xmalloc.o atomicio.o \
+ key.o dispatch.o kex.o mac.o uuencode.o misc.o \
+ rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o kexgex.o \
+ kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \
+ entropy.o scard-opensc.o kexgssc.o gss-genr.o
+
+SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
+ sshconnect.o sshconnect1.o sshconnect2.o
+
+SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
+ sshpty.o sshlogin.o servconf.o serverloop.o uidswap.o \
+ auth.o auth1.o auth2.o auth-options.o session.o \
+ auth-chall.o auth2-chall.o groupaccess.o \
+ auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
+ auth2-none.o auth2-passwd.o auth2-pubkey.o \
+ monitor_mm.o monitor.o monitor_wrap.o monitor_fdpass.o \
+ kexdhs.o kexgexs.o kexgsss.o \
+ auth-krb5.o \
+ auth2-gss.o gss-serv.o gss-serv-krb5.o gss-serv-gsi.o \
+ loginrec.o auth-pam.o auth-sia.o md5crypt.o
MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out
MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5
CONFIGFILES_IN=sshd_config ssh_config moduli
PATHSUBS = \
- -D/etc/ssh/ssh_prng_cmds=$(sysconfdir)/ssh_prng_cmds \
- -D/etc/ssh/ssh_config=$(sysconfdir)/ssh_config \
- -D/etc/ssh/ssh_known_hosts=$(sysconfdir)/ssh_known_hosts \
- -D/etc/ssh/sshd_config=$(sysconfdir)/sshd_config \
- -D/usr/libexec=$(libexecdir) \
- -D/etc/shosts.equiv=$(sysconfdir)/shosts.equiv \
- -D/etc/ssh/ssh_host_key=$(sysconfdir)/ssh_host_key \
- -D/etc/ssh/ssh_host_dsa_key=$(sysconfdir)/ssh_host_dsa_key \
- -D/etc/ssh/ssh_host_rsa_key=$(sysconfdir)/ssh_host_rsa_key \
- -D/var/run/sshd.pid=$(piddir)/sshd.pid \
- -D/etc/ssh/moduli=$(sysconfdir)/moduli \
- -D/etc/ssh/sshrc=$(sysconfdir)/sshrc \
- -D/usr/X11R6/bin/xauth=$(XAUTH_PATH) \
- -D/var/empty=$(PRIVSEP_PATH) \
- -D/usr/bin:/bin:/usr/sbin:/sbin=@user_path@
-
-FIXPATHSCMD = $(PERL) $(srcdir)/fixpaths $(PATHSUBS)
-
-all: $(CONFIGFILES) $(MANPAGES) $(TARGETS)
-
-$(LIBSSH_OBJS): config.h
-$(SSHOBJS): config.h
-$(SSHDOBJS): config.h
+ -e 's|/etc/ssh/ssh_prng_cmds|$(sysconfdir)/ssh_prng_cmds|g' \
+ -e 's|/etc/ssh/ssh_config|$(sysconfdir)/ssh_config|g' \
+ -e 's|/etc/ssh/ssh_known_hosts|$(sysconfdir)/ssh_known_hosts|g' \
+ -e 's|/etc/ssh/sshd_config|$(sysconfdir)/sshd_config|g' \
+ -e 's|/usr/libexec|$(libexecdir)|g' \
+ -e 's|/etc/shosts.equiv|$(sysconfdir)/shosts.equiv|g' \
+ -e 's|/etc/ssh/ssh_host_key|$(sysconfdir)/ssh_host_key|g' \
+ -e 's|/etc/ssh/ssh_host_dsa_key|$(sysconfdir)/ssh_host_dsa_key|g' \
+ -e 's|/etc/ssh/ssh_host_rsa_key|$(sysconfdir)/ssh_host_rsa_key|g' \
+ -e 's|/var/run/sshd.pid|$(piddir)/sshd.pid|g' \
+ -e 's|/etc/ssh/moduli|$(sysconfdir)/moduli|g' \
+ -e 's|/etc/sshrc|$(sysconfdir)/sshrc|g' \
+ -e 's|/usr/X11R6/bin/xauth|$(XAUTH_PATH)|g' \
+ -e 's|/var/empty|$(PRIVSEP_PATH)|g' \
+ -e 's|/usr/bin:/bin:/usr/sbin:/sbin|@user_path@|g'
+
+FIXPATHSCMD = $(SED) $(PATHSUBS)
+
+all: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS)
+
+$(LIBSSH_OBJS): Makefile.in config.h
+$(SSHOBJS): Makefile.in config.h
+$(SSHDOBJS): Makefile.in config.h
.c.o:
$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBS)
-scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o
- $(LD) -o $@ scp.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
+ $(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o
$(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o
$(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-int.o sftp-common.o sftp-glob.o
- $(LD) -o $@ sftp.o sftp-client.o sftp-common.o sftp-int.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-int.o sftp-common.o sftp-glob.o progressmeter.o
+ $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-int.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
ssh-rand-helper${EXEEXT}: $(LIBCOMPAT) libssh.a ssh-rand-helper.o
$(LD) -o $@ ssh-rand-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
manpage=$(srcdir)/`echo $@ | sed 's/\.out$$//'`; \
fi; \
if test "$(MANTYPE)" = "man"; then \
- $(FIXPATHSCMD) $${manpage} | $(PERL) $(srcdir)/mdoc2man.pl > $@; \
+ $(FIXPATHSCMD) $${manpage} | $(AWK) -f $(srcdir)/mdoc2man.awk > $@; \
else \
$(FIXPATHSCMD) $${manpage} > $@; \
fi
conffile=`echo $@ | sed 's/.out$$//'`; \
$(FIXPATHSCMD) $(srcdir)/$${conffile} > $@
-clean:
+ssh_prng_cmds.out: ssh_prng_cmds
+ if test ! -z "$(INSTALL_SSH_PRNG_CMDS)"; then \
+ $(PERL) $(srcdir)/fixprogs ssh_prng_cmds $(ENT); \
+ fi
+
+# fake rule to stop make trying to compile moduli.o into a binary "modulo"
+moduli:
+ echo
+
+clean: regressclean
rm -f *.o *.a $(TARGETS) logintest config.cache config.log
rm -f *.out core
(cd openbsd-compat && $(MAKE) clean)
-distclean:
+distclean: regressclean
rm -f *.o *.a $(TARGETS) logintest config.cache config.log
rm -f *.out core
rm -f Makefile config.h config.status ssh_prng_cmds *~
(cd openbsd-compat && $(MAKE) distclean)
(cd scard && $(MAKE) distclean)
-veryclean:
+veryclean: distclean
rm -f configure config.h.in *.0
- rm -f *.o *.a $(TARGETS) logintest config.cache config.log
- rm -f *.out core
- rm -f Makefile config.h config.status ssh_prng_cmds *~
- (cd openbsd-compat && $(MAKE) distclean)
- (cd scard && $(MAKE) distclean)
-mrproper: distclean
+mrproper: veryclean
+
+realclean: veryclean
catman-do:
@for f in $(MANPAGES_IN) ; do \
$(AUTORECONF)
(cd scard && $(MAKE) -f Makefile.in distprep)
-install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key check-config
-install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files
+install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files host-key check-config
+install-nokeys: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files
check-config:
-$(DESTDIR)$(sbindir)/sshd -t -f $(DESTDIR)$(sysconfdir)/sshd_config
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
$(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
(umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH))
- $(INSTALL) -m 0755 -s ssh $(DESTDIR)$(bindir)/ssh
- $(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp
- $(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add
- $(INSTALL) -m 0755 -s ssh-agent $(DESTDIR)$(bindir)/ssh-agent
- $(INSTALL) -m 0755 -s ssh-keygen $(DESTDIR)$(bindir)/ssh-keygen
- $(INSTALL) -m 0755 -s ssh-keyscan $(DESTDIR)$(bindir)/ssh-keyscan
- $(INSTALL) -m 0755 -s sshd $(DESTDIR)$(sbindir)/sshd
+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh $(DESTDIR)$(bindir)/ssh
+ $(INSTALL) -m 0755 $(STRIP_OPT) scp $(DESTDIR)$(bindir)/scp
+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh-add $(DESTDIR)$(bindir)/ssh-add
+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh-agent $(DESTDIR)$(bindir)/ssh-agent
+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen $(DESTDIR)$(bindir)/ssh-keygen
+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan $(DESTDIR)$(bindir)/ssh-keyscan
+ $(INSTALL) -m 0755 $(STRIP_OPT) sshd $(DESTDIR)$(sbindir)/sshd
if test ! -z "$(INSTALL_SSH_RAND_HELPER)" ; then \
- $(INSTALL) -m 0755 -s ssh-rand-helper $(DESTDIR)$(libexecdir)/ssh-rand-helper ; \
+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh-rand-helper $(DESTDIR)$(libexecdir)/ssh-rand-helper ; \
fi
- $(INSTALL) -m 4711 -s ssh-keysign $(DESTDIR)$(SSH_KEYSIGN)
- @NO_SFTP@$(INSTALL) -m 0755 -s sftp $(DESTDIR)$(bindir)/sftp
- @NO_SFTP@$(INSTALL) -m 0755 -s sftp-server $(DESTDIR)$(SFTP_SERVER)
+ $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign $(DESTDIR)$(SSH_KEYSIGN)
+ $(INSTALL) -m 0755 $(STRIP_OPT) sftp $(DESTDIR)$(bindir)/sftp
+ $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server $(DESTDIR)$(SFTP_SERVER)
$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
$(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
$(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
if [ ! -z "$(INSTALL_SSH_RAND_HELPER)" ]; then \
$(INSTALL) -m 644 ssh-rand-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 ; \
fi
- @NO_SFTP@$(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
- @NO_SFTP@$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
+ $(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
+ $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
$(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
-rm -f $(DESTDIR)$(bindir)/slogin
ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
ln -s ./scp$(EXEEXT) $(DESTDIR)$(bindir)/gsiscp; \
rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/gsiscp.1; \
ln -s ./scp.1 $(DESTDIR)$(mandir)/$(mansubdir)1/gsiscp.1; \
+ rm -f $(DESTDIR)$(bindir)/gsisftp; \
+ ln -s ./sftp$(EXEEXT) $(DESTDIR)$(bindir)/gsisftp; \
+ rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/gsisftp.1; \
+ ln -s ./sftp.1 $(DESTDIR)$(mandir)/$(mansubdir)1/gsisftp.1; \
fi
if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \
$(srcdir)/mkinstalldirs $(DESTDIR)$(sysconfdir); \
echo "$(DESTDIR)$(sysconfdir)/sshd_config already exists, install will not overwrite"; \
fi
@if [ -f ssh_prng_cmds -a ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \
- $(PERL) $(srcdir)/fixprogs ssh_prng_cmds $(ENT); \
if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds ] ; then \
$(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \
else \
if [ ! -z "$(INSTALL_GSISSH)" ]; then \
rm -f $(DESTDIR)$(bindir)/gsiscp; \
rm -f $(DESTDIR)$(bindir)/gsissh; \
+ rm -f $(DESTDIR)$(bindir)/gsisftp; \
fi
-rm -f $(DESTDIR)$(bindir)/ssh$(EXEEXT)
-rm -f $(DESTDIR)$(bindir)/scp$(EXEEXT)
if [ ! -z "$(INSTALL_GSISSH)" ]; then \
rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/gsissh.1; \
rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/gsiscp.1; \
+ rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/gsisftp.1; \
fi
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
+
+tests: $(TARGETS)
+ BUILDDIR=`pwd`; \
+ [ -d `pwd`/regress ] || mkdir -p `pwd`/regress; \
+ [ -f `pwd`/regress/Makefile ] || \
+ ln -s $(srcdir)/regress/Makefile `pwd`/regress/Makefile ; \
+ TEST_SSH_SSH="$${BUILDDIR}/ssh"; \
+ TEST_SSH_SSHD="$${BUILDDIR}/sshd"; \
+ TEST_SSH_SSHAGENT="$${BUILDDIR}/ssh-agent"; \
+ TEST_SSH_SSHADD="$${BUILDDIR}/ssh-add"; \
+ TEST_SSH_SSHKEYGEN="$${BUILDDIR}/ssh-keygen"; \
+ TEST_SSH_SSHKEYSCAN="$${BUILDDIR}/ssh-keyscan"; \
+ TEST_SSH_SFTP="$${BUILDDIR}/sftp"; \
+ TEST_SSH_SFTPSERVER="$${BUILDDIR}/sftp-server"; \
+ cd $(srcdir)/regress || exit $$?; \
+ $(MAKE) \
+ .OBJDIR="$${BUILDDIR}/regress" \
+ .CURDIR="`pwd`" \
+ BUILDDIR="$${BUILDDIR}" \
+ OBJ="$${BUILDDIR}/regress/" \
+ PATH="$${BUILDDIR}:$${PATH}" \
+ TEST_SSH_SSH="$${TEST_SSH_SSH}" \
+ TEST_SSH_SSHD="$${TEST_SSH_SSHD}" \
+ TEST_SSH_SSHAGENT="$${TEST_SSH_SSHAGENT}" \
+ TEST_SSH_SSHADD="$${TEST_SSH_SSHADD}" \
+ TEST_SSH_SSHKEYGEN="$${TEST_SSH_SSHKEYGEN}" \
+ TEST_SSH_SSHKEYSCAN="$${TEST_SSH_SSHKEYSCAN}" \
+ TEST_SSH_SFTP="$${TEST_SSH_SFTP}" \
+ TEST_SSH_SFTPSERVER="$${TEST_SSH_SFTPSERVER}" \
+ EXEEXT="$(EXEEXT)" \
+ $@
+
+regressclean:
+ if [ -f regress/Makefile -a -r regress/Makefile ]; then \
+ (cd regress && $(MAKE) clean) \
+ fi
--- /dev/null
+How to verify host keys using OpenSSH and DNS
+---------------------------------------------
+
+OpenSSH contains experimental support for verifying host keys using DNS
+as described in draft-ietf-secsh-dns-xx.txt. The document contains
+very brief instructions on how to test this feature. Configuring DNS
+and DNSSEC is out of the scope of this document.
+
+
+(1) Enable DNS fingerprint support in OpenSSH
+
+ configure --with-dns
+
+(2) Generate and publish the DNS RR
+
+To create a DNS resource record (RR) containing a fingerprint of the
+public host key, use the following command:
+
+ ssh-keygen -r hostname -f keyfile -g
+
+where "hostname" is your fully qualified hostname and "keyfile" is the
+file containing the public host key file. If you have multiple keys,
+you should generate one RR for each key.
+
+In the example above, ssh-keygen will print the fingerprint in a
+generic DNS RR format parsable by most modern name server
+implementations. If your nameserver has support for the SSHFP RR, as
+defined by the draft, you can omit the -g flag and ssh-keygen will
+print a standard RR.
+
+To publish the fingerprint using the DNS you must add the generated RR
+to your DNS zone file and sign your zone.
+
+
+(3) Enable the ssh client to verify host keys using DNS
+
+To enable the ssh client to verify host keys using DNS, you have to
+add the following option to the ssh configuration file
+($HOME/.ssh/config or /etc/ssh/ssh_config):
+
+ VerifyHostKeyDNS yes
+
+Upon connection the client will try to look up the fingerprint RR
+using DNS. If the fingerprint received from the DNS server matches
+the remote host key, the user will be notified.
+
+
+ Jakob Schlyter
+ Wesley Griffin
+
+
+$OpenBSD: README.dns,v 1.1 2003/05/14 18:16:20 jakob Exp $
PAM-enabled OpenSSH is known to function with privsep on Linux.
It does not function on HP-UX with a trusted system
-configuration. PAMAuthenticationViaKbdInt does not function with
-privsep.
+configuration.
+
+On Compaq Tru64 Unix, only the pre-authentication part of privsep is
+supported. Post-authentication privsep is disabled automatically (so
+you won't see the additional process mentioned below).
Note that for a normal interactive login with a shell, enabling privsep
will require 1 additional process per login session.
/* $Id$ */
+/*
+ * Copyright (c) 1999-2003 Damien Miller. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
#ifndef _CONFIG_H
#define _CONFIG_H
@TOP@
+/* Define if your platform breaks doing a seteuid before a setuid */
+#undef SETEUID_BREAKS_SETUID
+
+/* Define if your setreuid() is broken */
+#undef BROKEN_SETREUID
+
+/* Define if your setregid() is broken */
+#undef BROKEN_SETREGID
+
/* Define to a Set Process Title type if your system is */
/* supported by bsd-setproctitle.c */
#undef SPT_TYPE
+#undef SPT_PADCHAR
/* setgroups() NOOP allowed */
#undef SETGROUPS_NOOP
/* Define if you want to enable AIX4's authenticate function */
#undef WITH_AIXAUTHENTICATE
+/* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) */
+#undef AIX_LOGINFAILED_4ARG
+
/* Define if you have/want arrays (cluster-wide session managment, not C arrays) */
#undef WITH_IRIX_ARRAY
/* Define this is you want GSSAPI support in the version 2 protocol */
#undef GSSAPI
-/* Define this if GSSAPI supports gss_export_cred() */
-#undef HAVE_GSSAPI_EXT
-
/* Define if you want Kerberos 5 support */
#undef KRB5
/* Define this if you are using the Heimdal version of Kerberos V5 */
#undef HEIMDAL
-/* Define if you want Kerberos 4 support */
-#undef KRB4
-
-/* Define if you want AFS support */
-#undef AFS
-
/* Define this if you want to use AFS/Kerberos 5 option, which runs aklog. */
#undef AFS_KRB5
#undef AKLOG_PATH
/* Define if you want GSI/Globus authentication support */
#undef GSI
+/* Define this if you want support for startup/shutdown hooks */
+#undef SESSION_HOOKS
+
/* Define if you want S/Key support */
#undef SKEY
/* Specify location of ssh.pid */
#undef _PATH_SSH_PIDDIR
-/* Use IPv4 for connection by default, IPv6 can still if explicity asked */
-#undef IPV4_DEFAULT
-
/* getaddrinfo is broken (if present) */
#undef BROKEN_GETADDRINFO
/* Define in your struct dirent expects you to allocate extra space for d_name */
#undef BROKEN_ONE_BYTE_DIRENT_D_NAME
+/* Define if your system has /etc/default/login */
+#undef HAVE_ETC_DEFAULT_LOGIN
+
/* Define if your getopt(3) defines and uses optreset */
#undef HAVE_GETOPT_OPTRESET
/* Define if your platform needs to skip post auth file descriptor passing */
#undef DISABLE_FD_PASSING
+/* Silly mkstemp() */
+#undef HAVE_STRICT_MKSTEMP
+
+/* Some systems put this outside of libc */
+#undef HAVE_NANOSLEEP
+
+/* Define if sshd somehow reacquires a controlling TTY after setsid() */
+#undef SSHD_ACQUIRES_CTTY
+
+/* Define if cmsg_type is not passed correctly */
+#undef BROKEN_CMSG_TYPE
+
+/* Strings used in /etc/passwd to denote locked account */
+#undef LOCKED_PASSWD_STRING
+#undef LOCKED_PASSWD_PREFIX
+#undef LOCKED_PASSWD_SUBSTR
+
+/* Define if DNS support is to be activated */
+#undef DNS
+
+/* Define if getrrsetbyname() exists */
+#undef HAVE_GETRRSETBYNAME
+
+/* Define if HEADER.ad exists in arpa/nameser.h */
+#undef HAVE_HEADER_AD
+
@BOTTOM@
/* ******************* Shouldn't need to edit below this line ************** */
+++ /dev/null
-/*
- * Copyright (c) 1999 Dug Song. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "includes.h"
-RCSID("$OpenBSD: auth-krb4.c,v 1.24 2001/06/26 16:15:22 dugsong Exp $");
-
-#include "ssh.h"
-#include "ssh1.h"
-#include "packet.h"
-#include "xmalloc.h"
-#include "log.h"
-#include "servconf.h"
-#include "uidswap.h"
-#include "auth.h"
-
-#ifdef AFS
-#include "radix.h"
-#endif
-
-#ifdef KRB4
-extern ServerOptions options;
-
-static int
-krb4_init(void *context)
-{
- static int cleanup_registered = 0;
- Authctxt *authctxt = (Authctxt *)context;
- const char *tkt_root = TKT_ROOT;
- struct stat st;
- int fd;
-
- if (!authctxt->krb4_ticket_file) {
- /* Set unique ticket string manually since we're still root. */
- authctxt->krb4_ticket_file = xmalloc(MAXPATHLEN);
-#ifdef AFS
- if (lstat("/ticket", &st) != -1)
- tkt_root = "/ticket/";
-#endif /* AFS */
- snprintf(authctxt->krb4_ticket_file, MAXPATHLEN, "%s%u_%d",
- tkt_root, authctxt->pw->pw_uid, getpid());
- krb_set_tkt_string(authctxt->krb4_ticket_file);
- }
- /* Register ticket cleanup in case of fatal error. */
- if (!cleanup_registered) {
- fatal_add_cleanup(krb4_cleanup_proc, authctxt);
- cleanup_registered = 1;
- }
- /* Try to create our ticket file. */
- if ((fd = mkstemp(authctxt->krb4_ticket_file)) != -1) {
- close(fd);
- return (1);
- }
- /* Ticket file exists - make sure user owns it (just passed ticket). */
- if (lstat(authctxt->krb4_ticket_file, &st) != -1) {
- if (st.st_mode == (S_IFREG | S_IRUSR | S_IWUSR) &&
- st.st_uid == authctxt->pw->pw_uid)
- return (1);
- }
- /* Failure - cancel cleanup function, leaving ticket for inspection. */
- log("WARNING: bad ticket file %s", authctxt->krb4_ticket_file);
-
- fatal_remove_cleanup(krb4_cleanup_proc, authctxt);
- cleanup_registered = 0;
-
- xfree(authctxt->krb4_ticket_file);
- authctxt->krb4_ticket_file = NULL;
-
- return (0);
-}
-
-/*
- * try krb4 authentication,
- * return 1 on success, 0 on failure, -1 if krb4 is not available
- */
-int
-auth_krb4_password(Authctxt *authctxt, const char *password)
-{
- AUTH_DAT adata;
- KTEXT_ST tkt;
- struct hostent *hp;
- struct passwd *pw;
- char localhost[MAXHOSTNAMELEN], phost[INST_SZ], realm[REALM_SZ];
- u_int32_t faddr;
- int r;
-
- if ((pw = authctxt->pw) == NULL)
- return (0);
-
- /*
- * Try Kerberos password authentication only for non-root
- * users and only if Kerberos is installed.
- */
- if (pw->pw_uid != 0 && krb_get_lrealm(realm, 1) == KSUCCESS) {
- /* Set up our ticket file. */
- if (!krb4_init(authctxt)) {
- log("Couldn't initialize Kerberos ticket file for %s!",
- pw->pw_name);
- goto failure;
- }
- /* Try to get TGT using our password. */
- r = krb_get_pw_in_tkt((char *) pw->pw_name, "", realm,
- "krbtgt", realm, DEFAULT_TKT_LIFE, (char *)password);
- if (r != INTK_OK) {
- debug("Kerberos v4 password authentication for %s "
- "failed: %s", pw->pw_name, krb_err_txt[r]);
- goto failure;
- }
- /* Successful authentication. */
- chown(tkt_string(), pw->pw_uid, pw->pw_gid);
-
- /*
- * Now that we have a TGT, try to get a local
- * "rcmd" ticket to ensure that we are not talking
- * to a bogus Kerberos server.
- */
- gethostname(localhost, sizeof(localhost));
- strlcpy(phost, (char *)krb_get_phost(localhost),
- sizeof(phost));
- r = krb_mk_req(&tkt, KRB4_SERVICE_NAME, phost, realm, 33);
-
- if (r == KSUCCESS) {
- if ((hp = gethostbyname(localhost)) == NULL) {
- log("Couldn't get local host address!");
- goto failure;
- }
- memmove((void *)&faddr, (void *)hp->h_addr,
- sizeof(faddr));
-
- /* Verify our "rcmd" ticket. */
- r = krb_rd_req(&tkt, KRB4_SERVICE_NAME, phost,
- faddr, &adata, "");
- if (r == RD_AP_UNDEC) {
- /*
- * Probably didn't have a srvtab on
- * localhost. Disallow login.
- */
- log("Kerberos v4 TGT for %s unverifiable, "
- "no srvtab installed? krb_rd_req: %s",
- pw->pw_name, krb_err_txt[r]);
- goto failure;
- } else if (r != KSUCCESS) {
- log("Kerberos v4 %s ticket unverifiable: %s",
- KRB4_SERVICE_NAME, krb_err_txt[r]);
- goto failure;
- }
- } else if (r == KDC_PR_UNKNOWN) {
- /*
- * Disallow login if no rcmd service exists, and
- * log the error.
- */
- log("Kerberos v4 TGT for %s unverifiable: %s; %s.%s "
- "not registered, or srvtab is wrong?", pw->pw_name,
- krb_err_txt[r], KRB4_SERVICE_NAME, phost);
- goto failure;
- } else {
- /*
- * TGT is bad, forget it. Possibly spoofed!
- */
- debug("WARNING: Kerberos v4 TGT possibly spoofed "
- "for %s: %s", pw->pw_name, krb_err_txt[r]);
- goto failure;
- }
- /* Authentication succeeded. */
- return (1);
- } else
- /* Logging in as root or no local Kerberos realm. */
- debug("Unable to authenticate to Kerberos.");
-
- failure:
- krb4_cleanup_proc(authctxt);
-
- if (!options.kerberos_or_local_passwd)
- return (0);
-
- /* Fall back to ordinary passwd authentication. */
- return (-1);
-}
-
-void
-krb4_cleanup_proc(void *context)
-{
- Authctxt *authctxt = (Authctxt *)context;
- debug("krb4_cleanup_proc called");
- if (authctxt->krb4_ticket_file) {
- (void) dest_tkt();
- xfree(authctxt->krb4_ticket_file);
- authctxt->krb4_ticket_file = NULL;
- }
-}
-
-int
-auth_krb4(Authctxt *authctxt, KTEXT auth, char **client)
-{
- AUTH_DAT adat = {0};
- KTEXT_ST reply;
- Key_schedule schedule;
- struct sockaddr_in local, foreign;
- char instance[INST_SZ];
- socklen_t slen;
- u_int cksum;
- int r, s;
-
- s = packet_get_connection_in();
-
- slen = sizeof(local);
- memset(&local, 0, sizeof(local));
- if (getsockname(s, (struct sockaddr *) & local, &slen) < 0)
- debug("getsockname failed: %.100s", strerror(errno));
- slen = sizeof(foreign);
- memset(&foreign, 0, sizeof(foreign));
- if (getpeername(s, (struct sockaddr *) & foreign, &slen) < 0) {
- debug("getpeername failed: %.100s", strerror(errno));
- fatal_cleanup();
- }
- instance[0] = '*';
- instance[1] = 0;
-
- /* Get the encrypted request, challenge, and session key. */
- if ((r = krb_rd_req(auth, KRB4_SERVICE_NAME, instance,
- 0, &adat, ""))) {
- debug("Kerberos v4 krb_rd_req: %.100s", krb_err_txt[r]);
- return (0);
- }
- des_key_sched((des_cblock *) adat.session, schedule);
-
- *client = xmalloc(MAX_K_NAME_SZ);
- (void) snprintf(*client, MAX_K_NAME_SZ, "%s%s%s@%s", adat.pname,
- *adat.pinst ? "." : "", adat.pinst, adat.prealm);
-
- /* Check ~/.klogin authorization now. */
- if (kuserok(&adat, authctxt->user) != KSUCCESS) {
- log("Kerberos v4 .klogin authorization failed for %s to "
- "account %s", *client, authctxt->user);
- xfree(*client);
- return (0);
- }
- /* Increment the checksum, and return it encrypted with the
- session key. */
- cksum = adat.checksum + 1;
- cksum = htonl(cksum);
-
- /* If we can't successfully encrypt the checksum, we send back an
- empty message, admitting our failure. */
- if ((r = krb_mk_priv((u_char *) & cksum, reply.dat, sizeof(cksum) + 1,
- schedule, &adat.session, &local, &foreign)) < 0) {
- debug("Kerberos v4 mk_priv: (%d) %s", r, krb_err_txt[r]);
- reply.dat[0] = 0;
- reply.length = 0;
- } else
- reply.length = r;
-
- /* Clear session key. */
- memset(&adat.session, 0, sizeof(&adat.session));
-
- packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE);
- packet_put_string((char *) reply.dat, reply.length);
- packet_send();
- packet_write_wait();
- return (1);
-}
-#endif /* KRB4 */
-
-#ifdef AFS
-int
-auth_krb4_tgt(Authctxt *authctxt, const char *string)
-{
- CREDENTIALS creds;
- struct passwd *pw;
-
- if ((pw = authctxt->pw) == NULL)
- goto failure;
-
- temporarily_use_uid(pw);
-
- if (!radix_to_creds(string, &creds)) {
- log("Protocol error decoding Kerberos v4 TGT");
- goto failure;
- }
- if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */
- strlcpy(creds.service, "krbtgt", sizeof creds.service);
-
- if (strcmp(creds.service, "krbtgt")) {
- log("Kerberos v4 TGT (%s%s%s@%s) rejected for %s",
- creds.pname, creds.pinst[0] ? "." : "", creds.pinst,
- creds.realm, pw->pw_name);
- goto failure;
- }
- if (!krb4_init(authctxt))
- goto failure;
-
- if (in_tkt(creds.pname, creds.pinst) != KSUCCESS)
- goto failure;
-
- if (save_credentials(creds.service, creds.instance, creds.realm,
- creds.session, creds.lifetime, creds.kvno, &creds.ticket_st,
- creds.issue_date) != KSUCCESS) {
- debug("Kerberos v4 TGT refused: couldn't save credentials");
- goto failure;
- }
- /* Successful authentication, passed all checks. */
- chown(tkt_string(), pw->pw_uid, pw->pw_gid);
-
- debug("Kerberos v4 TGT accepted (%s%s%s@%s)",
- creds.pname, creds.pinst[0] ? "." : "", creds.pinst, creds.realm);
- memset(&creds, 0, sizeof(creds));
-
- restore_uid();
-
- return (1);
-
- failure:
- krb4_cleanup_proc(authctxt);
- memset(&creds, 0, sizeof(creds));
- restore_uid();
-
- return (0);
-}
-
-int
-auth_afs_token(Authctxt *authctxt, const char *token_string)
-{
- CREDENTIALS creds;
- struct passwd *pw;
- uid_t uid;
-
- if ((pw = authctxt->pw) == NULL)
- return (0);
-
- if (!radix_to_creds(token_string, &creds)) {
- log("Protocol error decoding AFS token");
- return (0);
- }
- if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */
- strlcpy(creds.service, "afs", sizeof creds.service);
-
- if (strncmp(creds.pname, "AFS ID ", 7) == 0)
- uid = atoi(creds.pname + 7);
- else
- uid = pw->pw_uid;
-
- if (kafs_settoken(creds.realm, uid, &creds)) {
- log("AFS token (%s@%s) rejected for %s",
- creds.pname, creds.realm, pw->pw_name);
- memset(&creds, 0, sizeof(creds));
- return (0);
- }
- debug("AFS token accepted (%s@%s)", creds.pname, creds.realm);
- memset(&creds, 0, sizeof(creds));
-
- return (1);
-}
-#endif /* AFS */
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-krb5.c,v 1.9 2002/09/09 06:48:06 itojun Exp $");
+RCSID("$OpenBSD: auth-krb5.c,v 1.12 2003/08/28 12:54:34 markus Exp $");
#include "ssh.h"
#include "ssh1.h"
#include "auth.h"
#ifdef KRB5
+
#include <krb5.h>
-#ifndef HEIMDAL
-#define krb5_get_err_text(context,code) error_message(code)
-#endif /* !HEIMDAL */
extern ServerOptions options;
return (0);
}
-/*
- * Try krb5 authentication. server_user is passed for logging purposes
- * only, in auth is received ticket, in client is returned principal
- * from the ticket
- */
-int
-auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *reply)
-{
- krb5_error_code problem;
- krb5_principal server;
- krb5_ticket *ticket;
- int fd, ret;
-
- ret = 0;
- server = NULL;
- ticket = NULL;
- reply->length = 0;
-
- problem = krb5_init(authctxt);
- if (problem)
- goto err;
-
- problem = krb5_auth_con_init(authctxt->krb5_ctx,
- &authctxt->krb5_auth_ctx);
- if (problem)
- goto err;
-
- fd = packet_get_connection_in();
-#ifdef HEIMDAL
- problem = krb5_auth_con_setaddrs_from_fd(authctxt->krb5_ctx,
- authctxt->krb5_auth_ctx, &fd);
-#else
- problem = krb5_auth_con_genaddrs(authctxt->krb5_ctx,
- authctxt->krb5_auth_ctx,fd,
- KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR |
- KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR);
-#endif
- if (problem)
- goto err;
-
- problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL ,
- KRB5_NT_SRV_HST, &server);
- if (problem)
- goto err;
-
- problem = krb5_rd_req(authctxt->krb5_ctx, &authctxt->krb5_auth_ctx,
- auth, server, NULL, NULL, &ticket);
- if (problem)
- goto err;
-
-#ifdef HEIMDAL
- problem = krb5_copy_principal(authctxt->krb5_ctx, ticket->client,
- &authctxt->krb5_user);
-#else
- problem = krb5_copy_principal(authctxt->krb5_ctx,
- ticket->enc_part2->client,
- &authctxt->krb5_user);
-#endif
- if (problem)
- goto err;
-
- /* if client wants mutual auth */
- problem = krb5_mk_rep(authctxt->krb5_ctx, authctxt->krb5_auth_ctx,
- reply);
- if (problem)
- goto err;
-
- /* Check .k5login authorization now. */
- if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user,
- authctxt->pw->pw_name))
- goto err;
-
- if (client)
- krb5_unparse_name(authctxt->krb5_ctx, authctxt->krb5_user,
- client);
-
- ret = 1;
- err:
- if (server)
- krb5_free_principal(authctxt->krb5_ctx, server);
- if (ticket)
- krb5_free_ticket(authctxt->krb5_ctx, ticket);
- if (!ret && reply->length) {
- xfree(reply->data);
- memset(reply, 0, sizeof(*reply));
- }
-
- if (problem) {
- if (authctxt->krb5_ctx != NULL)
- debug("Kerberos v5 authentication failed: %s",
- krb5_get_err_text(authctxt->krb5_ctx, problem));
- else
- debug("Kerberos v5 authentication failed: %d",
- problem);
- }
-
- return (ret);
-}
-
-int
-auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt)
-{
- krb5_error_code problem;
- krb5_ccache ccache = NULL;
- char *pname;
- krb5_creds **creds;
-
- if (authctxt->pw == NULL || authctxt->krb5_user == NULL)
- return (0);
-
- temporarily_use_uid(authctxt->pw);
-
-#ifdef HEIMDAL
- problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops, &ccache);
-#else
-{
- char ccname[40];
- int tmpfd;
-
- snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid());
-
- if ((tmpfd = mkstemp(ccname+strlen("FILE:")))==-1) {
- log("mkstemp(): %.100s", strerror(errno));
- problem = errno;
- goto fail;
- }
- if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) {
- log("fchmod(): %.100s", strerror(errno));
- close(tmpfd);
- problem = errno;
- goto fail;
- }
- close(tmpfd);
- problem = krb5_cc_resolve(authctxt->krb5_ctx, ccname, &ccache);
-}
-#endif
- if (problem)
- goto fail;
-
- problem = krb5_cc_initialize(authctxt->krb5_ctx, ccache,
- authctxt->krb5_user);
- if (problem)
- goto fail;
-
-#ifdef HEIMDAL
- problem = krb5_rd_cred2(authctxt->krb5_ctx, authctxt->krb5_auth_ctx,
- ccache, tgt);
- if (problem)
- goto fail;
-#else
- problem = krb5_rd_cred(authctxt->krb5_ctx, authctxt->krb5_auth_ctx,
- tgt, &creds, NULL);
- if (problem)
- goto fail;
- problem = krb5_cc_store_cred(authctxt->krb5_ctx, ccache, *creds);
- if (problem)
- goto fail;
-#endif
-
- authctxt->krb5_fwd_ccache = ccache;
- ccache = NULL;
-
- authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache);
-
- problem = krb5_unparse_name(authctxt->krb5_ctx, authctxt->krb5_user,
- &pname);
- if (problem)
- goto fail;
-
- debug("Kerberos v5 TGT accepted (%s)", pname);
-
- restore_uid();
-
- return (1);
-
- fail:
- if (problem)
- debug("Kerberos v5 TGT passing failed: %s",
- krb5_get_err_text(authctxt->krb5_ctx, problem));
- if (ccache)
- krb5_cc_destroy(authctxt->krb5_ctx, ccache);
-
- restore_uid();
-
- return (0);
-}
-
int
auth_krb5_password(Authctxt *authctxt, const char *password)
{
int tmpfd;
#endif
krb5_error_code problem;
+ krb5_ccache ccache = NULL;
if (authctxt->pw == NULL)
return (0);
goto out;
#ifdef HEIMDAL
- problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops,
- &authctxt->krb5_fwd_ccache);
+ problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, &ccache);
if (problem)
goto out;
- problem = krb5_cc_initialize(authctxt->krb5_ctx,
- authctxt->krb5_fwd_ccache, authctxt->krb5_user);
+ problem = krb5_cc_initialize(authctxt->krb5_ctx, ccache,
+ authctxt->krb5_user);
if (problem)
goto out;
restore_uid();
+
problem = krb5_verify_user(authctxt->krb5_ctx, authctxt->krb5_user,
- authctxt->krb5_fwd_ccache, password, 1, NULL);
+ ccache, password, 1, NULL);
+
temporarily_use_uid(authctxt->pw);
if (problem)
goto out;
+ problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops,
+ &authctxt->krb5_fwd_ccache);
+ if (problem)
+ goto out;
+
+ problem = krb5_cc_copy_cache(authctxt->krb5_ctx, ccache,
+ authctxt->krb5_fwd_ccache);
+ krb5_cc_destroy(authctxt->krb5_ctx, ccache);
+ ccache = NULL;
+ if (problem)
+ goto out;
#else
problem = krb5_get_init_creds_password(authctxt->krb5_ctx, &creds,
snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid());
if ((tmpfd = mkstemp(ccname+strlen("FILE:")))==-1) {
- log("mkstemp(): %.100s", strerror(errno));
+ logit("mkstemp(): %.100s", strerror(errno));
problem = errno;
goto out;
}
if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) {
- log("fchmod(): %.100s", strerror(errno));
+ logit("fchmod(): %.100s", strerror(errno));
close(tmpfd);
problem = errno;
goto out;
restore_uid();
if (problem) {
+ if (ccache)
+ krb5_cc_destroy(authctxt->krb5_ctx, ccache);
+
if (authctxt->krb5_ctx != NULL && problem!=-1)
debug("Kerberos password authentication failed: %s",
krb5_get_err_text(authctxt->krb5_ctx, problem));
krb5_free_principal(authctxt->krb5_ctx, authctxt->krb5_user);
authctxt->krb5_user = NULL;
}
- if (authctxt->krb5_auth_ctx) {
- krb5_auth_con_free(authctxt->krb5_ctx,
- authctxt->krb5_auth_ctx);
- authctxt->krb5_auth_ctx = NULL;
- }
if (authctxt->krb5_ctx) {
krb5_free_context(authctxt->krb5_ctx);
authctxt->krb5_ctx = NULL;
-/*
- * Copyright (c) 2000 Damien Miller. All rights reserved.
+/*-
+ * Copyright (c) 2002 Networks Associates Technology, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by ThinkSec AS and
+ * NAI Labs, the Security Research Division of Network Associates, Inc.
+ * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+ * DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
+/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
#include "includes.h"
+RCSID("$Id$");
#ifdef USE_PAM
-#include "xmalloc.h"
-#include "log.h"
+#include <security/pam_appl.h>
+
#include "auth.h"
-#include "auth-options.h"
#include "auth-pam.h"
-#include "servconf.h"
+#include "buffer.h"
+#include "bufaux.h"
#include "canohost.h"
+#include "log.h"
+#include "monitor_wrap.h"
+#include "msg.h"
+#include "packet.h"
#include "readpass.h"
+#include "servconf.h"
+#include "ssh2.h"
+#include "xmalloc.h"
+#include "auth-options.h"
-extern char *__progname;
+extern ServerOptions options;
-extern int use_privsep;
+#define __unused
-RCSID("$Id$");
+#ifdef USE_POSIX_THREADS
+#include <pthread.h>
+/*
+ * Avoid namespace clash when *not* using pthreads for systems *with*
+ * pthreads, which unconditionally define pthread_t via sys/types.h
+ * (e.g. Linux)
+ */
+typedef pthread_t sp_pthread_t;
+#else
+/*
+ * Simulate threads with processes.
+ */
+typedef pid_t sp_pthread_t;
-#define NEW_AUTHTOK_MSG \
- "Warning: Your password has expired, please change it now."
-#define NEW_AUTHTOK_MSG_PRIVSEP \
- "Your password has expired, the session cannot proceed."
+static void
+pthread_exit(void *value __unused)
+{
+ _exit(0);
+}
-static int do_pam_conversation(int num_msg, const struct pam_message **msg,
- struct pam_response **resp, void *appdata_ptr);
+static int
+pthread_create(sp_pthread_t *thread, const void *attr __unused,
+ void *(*thread_start)(void *), void *arg)
+{
+ pid_t pid;
+
+ switch ((pid = fork())) {
+ case -1:
+ error("fork(): %s", strerror(errno));
+ return (-1);
+ case 0:
+ thread_start(arg);
+ _exit(1);
+ default:
+ *thread = pid;
+ return (0);
+ }
+}
-/* module-local variables */
-static struct pam_conv conv = {
- (int (*)())do_pam_conversation,
- NULL
-};
-static char *__pam_msg = NULL;
-static pam_handle_t *__pamh = NULL;
-static const char *__pampasswd = NULL;
-
-/* states for do_pam_conversation() */
-enum { INITIAL_LOGIN, OTHER } pamstate = INITIAL_LOGIN;
-/* remember whether pam_acct_mgmt() returned PAM_NEW_AUTHTOK_REQD */
-static int password_change_required = 0;
-/* remember whether the last pam_authenticate() succeeded or not */
-static int was_authenticated = 0;
-
-/* Remember what has been initialised */
-static int session_opened = 0;
-static int creds_set = 0;
-
-/* accessor which allows us to switch conversation structs according to
- * the authentication method being used */
-void do_pam_set_conv(struct pam_conv *conv)
+static int
+pthread_cancel(sp_pthread_t thread)
{
- pam_set_item(__pamh, PAM_CONV, conv);
+ return (kill(thread, SIGTERM));
}
-/* start an authentication run */
-int do_pam_authenticate(int flags)
+static int
+pthread_join(sp_pthread_t thread, void **value __unused)
{
- int retval = pam_authenticate(__pamh, flags);
- was_authenticated = (retval == PAM_SUCCESS);
- return retval;
+ int status;
+
+ waitpid(thread, &status, 0);
+ return (status);
}
+#endif
+
+
+static pam_handle_t *sshpam_handle = NULL;
+static int sshpam_err = 0;
+static int sshpam_authenticated = 0;
+static int sshpam_new_authtok_reqd = 0;
+static int sshpam_session_open = 0;
+static int sshpam_cred_established = 0;
+
+struct pam_ctxt {
+ sp_pthread_t pam_thread;
+ int pam_psock;
+ int pam_csock;
+ int pam_done;
+};
+
+static void sshpam_free_ctx(void *);
/*
- * PAM conversation function.
- * There are two states this can run in.
- *
- * INITIAL_LOGIN mode simply feeds the password from the client into
- * PAM in response to PAM_PROMPT_ECHO_OFF, and collects output
- * messages with into __pam_msg. This is used during initial
- * authentication to bypass the normal PAM password prompt.
- *
- * OTHER mode handles PAM_PROMPT_ECHO_OFF with read_passphrase()
- * and outputs messages to stderr. This mode is used if pam_chauthtok()
- * is called to update expired passwords.
+ * Conversation function for authentication thread.
*/
-static int do_pam_conversation(int num_msg, const struct pam_message **msg,
- struct pam_response **resp, void *appdata_ptr)
+static int
+sshpam_thread_conv(int n, const struct pam_message **msg,
+ struct pam_response **resp, void *data)
{
+ Buffer buffer;
+ struct pam_ctxt *ctxt;
struct pam_response *reply;
- int count;
- char buf[1024];
-
- /* PAM will free this later */
- reply = xmalloc(num_msg * sizeof(*reply));
-
- for (count = 0; count < num_msg; count++) {
- if (pamstate == INITIAL_LOGIN) {
- /*
- * We can't use stdio yet, queue messages for
- * printing later
- */
- switch(PAM_MSG_MEMBER(msg, count, msg_style)) {
- case PAM_PROMPT_ECHO_ON:
- xfree(reply);
- return PAM_CONV_ERR;
- case PAM_PROMPT_ECHO_OFF:
- if (__pampasswd == NULL) {
- xfree(reply);
- return PAM_CONV_ERR;
- }
- reply[count].resp = xstrdup(__pampasswd);
- reply[count].resp_retcode = PAM_SUCCESS;
- break;
- case PAM_ERROR_MSG:
- case PAM_TEXT_INFO:
- if (PAM_MSG_MEMBER(msg, count, msg) != NULL) {
- message_cat(&__pam_msg,
- PAM_MSG_MEMBER(msg, count, msg));
- }
- reply[count].resp = xstrdup("");
- reply[count].resp_retcode = PAM_SUCCESS;
- break;
- default:
- xfree(reply);
- return PAM_CONV_ERR;
- }
- } else {
- /*
- * stdio is connected, so interact directly
- */
- switch(PAM_MSG_MEMBER(msg, count, msg_style)) {
- case PAM_PROMPT_ECHO_ON:
- fputs(PAM_MSG_MEMBER(msg, count, msg), stderr);
- fgets(buf, sizeof(buf), stdin);
- reply[count].resp = xstrdup(buf);
- reply[count].resp_retcode = PAM_SUCCESS;
- break;
- case PAM_PROMPT_ECHO_OFF:
- reply[count].resp =
- read_passphrase(PAM_MSG_MEMBER(msg, count,
- msg), RP_ALLOW_STDIN);
- reply[count].resp_retcode = PAM_SUCCESS;
- break;
- case PAM_ERROR_MSG:
- case PAM_TEXT_INFO:
- if (PAM_MSG_MEMBER(msg, count, msg) != NULL)
- fprintf(stderr, "%s\n",
- PAM_MSG_MEMBER(msg, count, msg));
- reply[count].resp = xstrdup("");
- reply[count].resp_retcode = PAM_SUCCESS;
- break;
- default:
- xfree(reply);
- return PAM_CONV_ERR;
- }
+ int i;
+
+ *resp = NULL;
+
+ ctxt = data;
+ if (n <= 0 || n > PAM_MAX_NUM_MSG)
+ return (PAM_CONV_ERR);
+
+ if ((reply = malloc(n * sizeof(*reply))) == NULL)
+ return (PAM_CONV_ERR);
+ memset(reply, 0, n * sizeof(*reply));
+
+ buffer_init(&buffer);
+ for (i = 0; i < n; ++i) {
+ switch (PAM_MSG_MEMBER(msg, i, msg_style)) {
+ case PAM_PROMPT_ECHO_OFF:
+ buffer_put_cstring(&buffer,
+ PAM_MSG_MEMBER(msg, i, msg));
+ ssh_msg_send(ctxt->pam_csock,
+ PAM_MSG_MEMBER(msg, i, msg_style), &buffer);
+ ssh_msg_recv(ctxt->pam_csock, &buffer);
+ if (buffer_get_char(&buffer) != PAM_AUTHTOK)
+ goto fail;
+ reply[i].resp = buffer_get_string(&buffer, NULL);
+ break;
+ case PAM_PROMPT_ECHO_ON:
+ buffer_put_cstring(&buffer,
+ PAM_MSG_MEMBER(msg, i, msg));
+ ssh_msg_send(ctxt->pam_csock,
+ PAM_MSG_MEMBER(msg, i, msg_style), &buffer);
+ ssh_msg_recv(ctxt->pam_csock, &buffer);
+ if (buffer_get_char(&buffer) != PAM_AUTHTOK)
+ goto fail;
+ reply[i].resp = buffer_get_string(&buffer, NULL);
+ break;
+ case PAM_ERROR_MSG:
+ buffer_put_cstring(&buffer,
+ PAM_MSG_MEMBER(msg, i, msg));
+ ssh_msg_send(ctxt->pam_csock,
+ PAM_MSG_MEMBER(msg, i, msg_style), &buffer);
+ break;
+ case PAM_TEXT_INFO:
+ buffer_put_cstring(&buffer,
+ PAM_MSG_MEMBER(msg, i, msg));
+ ssh_msg_send(ctxt->pam_csock,
+ PAM_MSG_MEMBER(msg, i, msg_style), &buffer);
+ break;
+ default:
+ goto fail;
}
+ buffer_clear(&buffer);
}
-
+ buffer_free(&buffer);
*resp = reply;
+ return (PAM_SUCCESS);
- return PAM_SUCCESS;
+ fail:
+ for(i = 0; i < n; i++) {
+ if (reply[i].resp != NULL)
+ xfree(reply[i].resp);
+ }
+ xfree(reply);
+ buffer_free(&buffer);
+ return (PAM_CONV_ERR);
}
-/* Called at exit to cleanly shutdown PAM */
-void do_pam_cleanup_proc(void *context)
+/*
+ * Authentication thread.
+ */
+static void *
+sshpam_thread(void *ctxtp)
{
- int pam_retval = PAM_SUCCESS;
+ struct pam_ctxt *ctxt = ctxtp;
+ Buffer buffer;
+ struct pam_conv sshpam_conv;
+#ifndef USE_POSIX_THREADS
+ const char *pam_user;
+
+ pam_get_item(sshpam_handle, PAM_USER, (const void **)&pam_user);
+ setproctitle("%s [pam]", pam_user);
+#endif
- if (__pamh && session_opened) {
- pam_retval = pam_close_session(__pamh, 0);
- if (pam_retval != PAM_SUCCESS)
- log("Cannot close PAM session[%d]: %.200s",
- pam_retval, PAM_STRERROR(__pamh, pam_retval));
- }
+ sshpam_conv.conv = sshpam_thread_conv;
+ sshpam_conv.appdata_ptr = ctxt;
+
+ buffer_init(&buffer);
+ sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
+ (const void *)&sshpam_conv);
+ if (sshpam_err != PAM_SUCCESS)
+ goto auth_fail;
+ sshpam_err = pam_authenticate(sshpam_handle, 0);
+ if (sshpam_err != PAM_SUCCESS)
+ goto auth_fail;
+ buffer_put_cstring(&buffer, "OK");
+ ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer);
+ buffer_free(&buffer);
+ pthread_exit(NULL);
+
+ auth_fail:
+ buffer_put_cstring(&buffer,
+ pam_strerror(sshpam_handle, sshpam_err));
+ ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer);
+ buffer_free(&buffer);
+ pthread_exit(NULL);
+
+ return (NULL); /* Avoid warning for non-pthread case */
+}
- if (__pamh && creds_set) {
- pam_retval = pam_setcred(__pamh, PAM_DELETE_CRED);
- if (pam_retval != PAM_SUCCESS)
- debug("Cannot delete credentials[%d]: %.200s",
- pam_retval, PAM_STRERROR(__pamh, pam_retval));
- }
+static void
+sshpam_thread_cleanup(void *ctxtp)
+{
+ struct pam_ctxt *ctxt = ctxtp;
+
+ pthread_cancel(ctxt->pam_thread);
+ pthread_join(ctxt->pam_thread, NULL);
+ close(ctxt->pam_psock);
+ close(ctxt->pam_csock);
+}
+
+static int
+sshpam_null_conv(int n, const struct pam_message **msg,
+ struct pam_response **resp, void *data)
+{
+ return (PAM_CONV_ERR);
+}
+
+static struct pam_conv null_conv = { sshpam_null_conv, NULL };
- if (__pamh) {
- pam_retval = pam_end(__pamh, pam_retval);
- if (pam_retval != PAM_SUCCESS)
- log("Cannot release PAM authentication[%d]: %.200s",
- pam_retval, PAM_STRERROR(__pamh, pam_retval));
+static void
+sshpam_cleanup(void *arg)
+{
+ (void)arg;
+ debug("PAM: cleanup");
+ if (sshpam_handle == NULL)
+ return;
+ pam_set_item(sshpam_handle, PAM_CONV, (const void *)&null_conv);
+ if (sshpam_cred_established) {
+ pam_setcred(sshpam_handle, PAM_DELETE_CRED);
+ sshpam_cred_established = 0;
}
+ if (sshpam_session_open) {
+ pam_close_session(sshpam_handle, PAM_SILENT);
+ sshpam_session_open = 0;
+ }
+ sshpam_authenticated = sshpam_new_authtok_reqd = 0;
+ pam_end(sshpam_handle, sshpam_err);
+ sshpam_handle = NULL;
}
-/* Attempt password authentation using PAM */
-int auth_pam_password(Authctxt *authctxt, const char *password)
+static int
+sshpam_init(const char *user)
{
- extern ServerOptions options;
- int pam_retval;
- struct passwd *pw = authctxt->pw;
-
- do_pam_set_conv(&conv);
-
- /* deny if no user. */
- if (pw == NULL)
- return 0;
- if (pw->pw_uid == 0 && options.permit_root_login == PERMIT_NO_PASSWD)
- return 0;
- if (*password == '\0' && options.permit_empty_passwd == 0)
- return 0;
-
- __pampasswd = password;
-
- pamstate = INITIAL_LOGIN;
- pam_retval = do_pam_authenticate(
- options.permit_empty_passwd == 0 ? PAM_DISALLOW_NULL_AUTHTOK : 0);
- if (pam_retval == PAM_SUCCESS) {
- debug("PAM Password authentication accepted for "
- "user \"%.100s\"", pw->pw_name);
- return 1;
- } else {
- debug("PAM Password authentication for \"%.100s\" "
- "failed[%d]: %s", pw->pw_name, pam_retval,
- PAM_STRERROR(__pamh, pam_retval));
- return 0;
+ extern u_int utmp_len;
+ extern char *__progname;
+ const char *pam_rhost, *pam_user;
+
+ if (sshpam_handle != NULL) {
+ /* We already have a PAM context; check if the user matches */
+ sshpam_err = pam_get_item(sshpam_handle,
+ PAM_USER, (const void **)&pam_user);
+ if (sshpam_err == PAM_SUCCESS && strcmp(user, pam_user) == 0)
+ return (0);
+ fatal_remove_cleanup(sshpam_cleanup, NULL);
+ pam_end(sshpam_handle, sshpam_err);
+ sshpam_handle = NULL;
+ }
+ debug("PAM: initializing for \"%s\"", user);
+ sshpam_err =
+ pam_start(SSHD_PAM_SERVICE, user, &null_conv, &sshpam_handle);
+ if (sshpam_err != PAM_SUCCESS) {
+ pam_end(sshpam_handle, sshpam_err);
+ sshpam_handle = NULL;
+ return (-1);
+ }
+ pam_rhost = get_remote_name_or_ip(utmp_len, options.use_dns);
+ debug("PAM: setting PAM_RHOST to \"%s\"", pam_rhost);
+ sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST, pam_rhost);
+ if (sshpam_err != PAM_SUCCESS) {
+ pam_end(sshpam_handle, sshpam_err);
+ sshpam_handle = NULL;
+ return (-1);
+ }
+#ifdef PAM_TTY_KLUDGE
+ /*
+ * Some silly PAM modules (e.g. pam_time) require a TTY to operate.
+ * sshd doesn't set the tty until too late in the auth process and
+ * may not even set one (for tty-less connections)
+ */
+ debug("PAM: setting PAM_TTY to \"ssh\"");
+ sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, "ssh");
+ if (sshpam_err != PAM_SUCCESS) {
+ pam_end(sshpam_handle, sshpam_err);
+ sshpam_handle = NULL;
+ return (-1);
}
+#endif
+ fatal_add_cleanup(sshpam_cleanup, NULL);
+ return (0);
}
-/* Do account management using PAM */
-int do_pam_account(char *username, char *remote_user)
+static void *
+sshpam_init_ctx(Authctxt *authctxt)
{
- int pam_retval;
+ struct pam_ctxt *ctxt;
+ int socks[2];
- do_pam_set_conv(&conv);
+ /* Refuse to start if we don't have PAM enabled */
+ if (!options.use_pam)
+ return NULL;
- if (remote_user) {
- debug("PAM setting ruser to \"%.200s\"", remote_user);
- pam_retval = pam_set_item(__pamh, PAM_RUSER, remote_user);
- if (pam_retval != PAM_SUCCESS)
- fatal("PAM set ruser failed[%d]: %.200s", pam_retval,
- PAM_STRERROR(__pamh, pam_retval));
+ /* Initialize PAM */
+ if (sshpam_init(authctxt->user) == -1) {
+ error("PAM: initialization failed");
+ return (NULL);
}
- pam_retval = pam_acct_mgmt(__pamh, 0);
- debug2("pam_acct_mgmt() = %d", pam_retval);
- switch (pam_retval) {
- case PAM_SUCCESS:
- /* This is what we want */
- break;
-#if 0
- case PAM_NEW_AUTHTOK_REQD:
- message_cat(&__pam_msg, use_privsep ?
- NEW_AUTHTOK_MSG_PRIVSEP : NEW_AUTHTOK_MSG);
- /* flag that password change is necessary */
- password_change_required = 1;
- /* disallow other functionality for now */
- no_port_forwarding_flag |= 2;
- no_agent_forwarding_flag |= 2;
- no_x11_forwarding_flag |= 2;
+ ctxt = xmalloc(sizeof *ctxt);
+ ctxt->pam_done = 0;
+
+ /* Start the authentication thread */
+ if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) {
+ error("PAM: failed create sockets: %s", strerror(errno));
+ xfree(ctxt);
+ return (NULL);
+ }
+ ctxt->pam_psock = socks[0];
+ ctxt->pam_csock = socks[1];
+ if (pthread_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt) == -1) {
+ error("PAM: failed to start authentication thread: %s",
+ strerror(errno));
+ close(socks[0]);
+ close(socks[1]);
+ xfree(ctxt);
+ return (NULL);
+ }
+ fatal_add_cleanup(sshpam_thread_cleanup, ctxt);
+ return (ctxt);
+}
+
+static int
+sshpam_query(void *ctx, char **name, char **info,
+ u_int *num, char ***prompts, u_int **echo_on)
+{
+ Buffer buffer;
+ struct pam_ctxt *ctxt = ctx;
+ size_t plen;
+ u_char type;
+ char *msg;
+ size_t len;
+
+ buffer_init(&buffer);
+ *name = xstrdup("");
+ *info = xstrdup("");
+ *prompts = xmalloc(sizeof(char *));
+ **prompts = NULL;
+ plen = 0;
+ *echo_on = xmalloc(sizeof(u_int));
+ while (ssh_msg_recv(ctxt->pam_psock, &buffer) == 0) {
+ type = buffer_get_char(&buffer);
+ msg = buffer_get_string(&buffer, NULL);
+ switch (type) {
+ case PAM_PROMPT_ECHO_ON:
+ case PAM_PROMPT_ECHO_OFF:
+ *num = 1;
+ len = plen + strlen(msg) + 1;
+ **prompts = xrealloc(**prompts, len);
+ plen += snprintf(**prompts + plen, len, "%s", msg);
+ **echo_on = (type == PAM_PROMPT_ECHO_ON);
+ xfree(msg);
+ return (0);
+ case PAM_ERROR_MSG:
+ case PAM_TEXT_INFO:
+ /* accumulate messages */
+ len = plen + strlen(msg) + 1;
+ **prompts = xrealloc(**prompts, len);
+ plen += snprintf(**prompts + plen, len, "%s", msg);
+ xfree(msg);
break;
+ case PAM_SUCCESS:
+ case PAM_AUTH_ERR:
+ if (**prompts != NULL) {
+ /* drain any accumulated messages */
+#if 0 /* XXX - not compatible with privsep */
+ packet_start(SSH2_MSG_USERAUTH_BANNER);
+ packet_put_cstring(**prompts);
+ packet_put_cstring("");
+ packet_send();
+ packet_write_wait();
#endif
+ xfree(**prompts);
+ **prompts = NULL;
+ }
+ if (type == PAM_SUCCESS) {
+ *num = 0;
+ **echo_on = 0;
+ ctxt->pam_done = 1;
+ xfree(msg);
+ return (0);
+ }
+ error("PAM: %s", msg);
default:
- log("PAM rejected by account configuration[%d]: "
- "%.200s", pam_retval, PAM_STRERROR(__pamh,
- pam_retval));
- return(0);
+ *num = 0;
+ **echo_on = 0;
+ xfree(msg);
+ ctxt->pam_done = -1;
+ return (-1);
+ }
}
+ return (-1);
+}
- return(1);
+/* XXX - see also comment in auth-chall.c:verify_response */
+static int
+sshpam_respond(void *ctx, u_int num, char **resp)
+{
+ Buffer buffer;
+ struct pam_ctxt *ctxt = ctx;
+
+ debug2("PAM: %s", __func__);
+ switch (ctxt->pam_done) {
+ case 1:
+ sshpam_authenticated = 1;
+ return (0);
+ case 0:
+ break;
+ default:
+ return (-1);
+ }
+ if (num != 1) {
+ error("PAM: expected one response, got %u", num);
+ return (-1);
+ }
+ buffer_init(&buffer);
+ buffer_put_cstring(&buffer, *resp);
+ ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer);
+ buffer_free(&buffer);
+ return (1);
}
-/* Do PAM-specific session initialisation */
-void do_pam_session(char *username, const char *ttyname)
+static void
+sshpam_free_ctx(void *ctxtp)
{
- int pam_retval;
+ struct pam_ctxt *ctxt = ctxtp;
+
+ fatal_remove_cleanup(sshpam_thread_cleanup, ctxt);
+ sshpam_thread_cleanup(ctxtp);
+ xfree(ctxt);
+ /*
+ * We don't call sshpam_cleanup() here because we may need the PAM
+ * handle at a later stage, e.g. when setting up a session. It's
+ * still on the cleanup list, so pam_end() *will* be called before
+ * the server process terminates.
+ */
+}
- do_pam_set_conv(&conv);
+KbdintDevice sshpam_device = {
+ "pam",
+ sshpam_init_ctx,
+ sshpam_query,
+ sshpam_respond,
+ sshpam_free_ctx
+};
- if (ttyname != NULL) {
- debug("PAM setting tty to \"%.200s\"", ttyname);
- pam_retval = pam_set_item(__pamh, PAM_TTY, ttyname);
- if (pam_retval != PAM_SUCCESS)
- fatal("PAM set tty failed[%d]: %.200s",
- pam_retval, PAM_STRERROR(__pamh, pam_retval));
- }
+KbdintDevice mm_sshpam_device = {
+ "pam",
+ mm_sshpam_init_ctx,
+ mm_sshpam_query,
+ mm_sshpam_respond,
+ mm_sshpam_free_ctx
+};
- pam_retval = pam_open_session(__pamh, 0);
- if (pam_retval != PAM_SUCCESS)
- fatal("PAM session setup failed[%d]: %.200s",
- pam_retval, PAM_STRERROR(__pamh, pam_retval));
+/*
+ * This replaces auth-pam.c
+ */
+void
+start_pam(const char *user)
+{
+ if (!options.use_pam)
+ fatal("PAM: initialisation requested when UsePAM=no");
- session_opened = 1;
+ if (sshpam_init(user) == -1)
+ fatal("PAM: initialisation failed");
}
-/* Set PAM credentials */
-void do_pam_setcred(int init)
+void
+finish_pam(void)
{
- int pam_retval;
+ fatal_remove_cleanup(sshpam_cleanup, NULL);
+ sshpam_cleanup(NULL);
+}
- if (__pamh == NULL)
- return;
+u_int
+do_pam_account(void)
+{
+ sshpam_err = pam_acct_mgmt(sshpam_handle, 0);
+ debug3("%s: pam_acct_mgmt = %d", __func__, sshpam_err);
+
+ if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD)
+ return (0);
+
+ if (sshpam_err == PAM_NEW_AUTHTOK_REQD) {
+ sshpam_new_authtok_reqd = 1;
+
+ /* Prevent forwardings until password changed */
+ no_port_forwarding_flag |= 2;
+ no_agent_forwarding_flag |= 2;
+ no_x11_forwarding_flag |= 2;
+ }
- do_pam_set_conv(&conv);
-
- debug("PAM establishing creds");
- pam_retval = pam_setcred(__pamh,
- init ? PAM_ESTABLISH_CRED : PAM_REINITIALIZE_CRED);
- if (pam_retval != PAM_SUCCESS) {
- if (was_authenticated)
- fatal("PAM setcred failed[%d]: %.200s",
- pam_retval, PAM_STRERROR(__pamh, pam_retval));
- else
- debug("PAM setcred failed[%d]: %.200s",
- pam_retval, PAM_STRERROR(__pamh, pam_retval));
- } else
- creds_set = 1;
+ return (1);
}
-/* accessor function for file scope static variable */
-int is_pam_password_change_required(void)
+void
+do_pam_session(void)
{
- return password_change_required;
+ sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
+ (const void *)&null_conv);
+ if (sshpam_err != PAM_SUCCESS)
+ fatal("PAM: failed to set PAM_CONV: %s",
+ pam_strerror(sshpam_handle, sshpam_err));
+ sshpam_err = pam_open_session(sshpam_handle, 0);
+ if (sshpam_err != PAM_SUCCESS)
+ fatal("PAM: pam_open_session(): %s",
+ pam_strerror(sshpam_handle, sshpam_err));
+ sshpam_session_open = 1;
}
-/*
- * Have user change authentication token if pam_acct_mgmt() indicated
- * it was expired. This needs to be called after an interactive
- * session is established and the user's pty is connected to
- * stdin/stdout/stderr.
- */
-void do_pam_chauthtok(void)
+void
+do_pam_set_tty(const char *tty)
{
- int pam_retval;
-
- do_pam_set_conv(&conv);
-
- if (password_change_required) {
- if (use_privsep)
- fatal("Password changing is currently unsupported"
- " with privilege separation");
- pamstate = OTHER;
- pam_retval = pam_chauthtok(__pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
- if (pam_retval != PAM_SUCCESS)
- fatal("PAM pam_chauthtok failed[%d]: %.200s",
- pam_retval, PAM_STRERROR(__pamh, pam_retval));
-#if 0
- /* XXX: This would need to be done in the parent process,
- * but there's currently no way to pass such request. */
- no_port_forwarding_flag &= ~2;
- no_agent_forwarding_flag &= ~2;
- no_x11_forwarding_flag &= ~2;
- if (!no_port_forwarding_flag && options.allow_tcp_forwarding)
- channel_permit_all_opens();
-#endif
+ if (tty != NULL) {
+ debug("PAM: setting PAM_TTY to \"%s\"", tty);
+ sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, tty);
+ if (sshpam_err != PAM_SUCCESS)
+ fatal("PAM: failed to set PAM_TTY: %s",
+ pam_strerror(sshpam_handle, sshpam_err));
}
}
-/* Cleanly shutdown PAM */
-void finish_pam(void)
+void
+do_pam_setcred(int init)
{
- do_pam_cleanup_proc(NULL);
- fatal_remove_cleanup(&do_pam_cleanup_proc, NULL);
+ sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
+ (const void *)&null_conv);
+ if (sshpam_err != PAM_SUCCESS)
+ fatal("PAM: failed to set PAM_CONV: %s",
+ pam_strerror(sshpam_handle, sshpam_err));
+ if (init) {
+ debug("PAM: establishing credentials");
+ sshpam_err = pam_setcred(sshpam_handle, PAM_ESTABLISH_CRED);
+ } else {
+ debug("PAM: reinitializing credentials");
+ sshpam_err = pam_setcred(sshpam_handle, PAM_REINITIALIZE_CRED);
+ }
+ if (sshpam_err == PAM_SUCCESS) {
+ sshpam_cred_established = 1;
+ return;
+ }
+ if (sshpam_authenticated)
+ fatal("PAM: pam_setcred(): %s",
+ pam_strerror(sshpam_handle, sshpam_err));
+ else
+ debug("PAM: pam_setcred(): %s",
+ pam_strerror(sshpam_handle, sshpam_err));
}
-/* Start PAM authentication for specified account */
-void start_pam(const char *user)
+int
+is_pam_password_change_required(void)
{
- int pam_retval;
- extern ServerOptions options;
- extern u_int utmp_len;
- const char *rhost;
+ return (sshpam_new_authtok_reqd);
+}
- debug("Starting up PAM with username \"%.200s\"", user);
+static int
+pam_chauthtok_conv(int n, const struct pam_message **msg,
+ struct pam_response **resp, void *data)
+{
+ char input[PAM_MAX_MSG_SIZE];
+ struct pam_response *reply;
+ int i;
- pam_retval = pam_start(SSHD_PAM_SERVICE, user, &conv, &__pamh);
+ *resp = NULL;
- if (pam_retval != PAM_SUCCESS)
- fatal("PAM initialisation failed[%d]: %.200s",
- pam_retval, PAM_STRERROR(__pamh, pam_retval));
+ if (n <= 0 || n > PAM_MAX_NUM_MSG)
+ return (PAM_CONV_ERR);
- rhost = get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping);
- debug("PAM setting rhost to \"%.200s\"", rhost);
+ if ((reply = malloc(n * sizeof(*reply))) == NULL)
+ return (PAM_CONV_ERR);
+ memset(reply, 0, n * sizeof(*reply));
- pam_retval = pam_set_item(__pamh, PAM_RHOST, rhost);
- if (pam_retval != PAM_SUCCESS)
- fatal("PAM set rhost failed[%d]: %.200s", pam_retval,
- PAM_STRERROR(__pamh, pam_retval));
-#ifdef PAM_TTY_KLUDGE
- /*
- * Some PAM modules (e.g. pam_time) require a TTY to operate,
- * and will fail in various stupid ways if they don't get one.
- * sshd doesn't set the tty until too late in the auth process and may
- * not even need one (for tty-less connections)
- * Kludge: Set a fake PAM_TTY
- */
- pam_retval = pam_set_item(__pamh, PAM_TTY, "NODEVssh");
- if (pam_retval != PAM_SUCCESS)
- fatal("PAM set tty failed[%d]: %.200s",
- pam_retval, PAM_STRERROR(__pamh, pam_retval));
-#endif /* PAM_TTY_KLUDGE */
+ for (i = 0; i < n; ++i) {
+ switch (PAM_MSG_MEMBER(msg, i, msg_style)) {
+ case PAM_PROMPT_ECHO_OFF:
+ reply[i].resp =
+ read_passphrase(PAM_MSG_MEMBER(msg, i, msg),
+ RP_ALLOW_STDIN);
+ reply[i].resp_retcode = PAM_SUCCESS;
+ break;
+ case PAM_PROMPT_ECHO_ON:
+ fputs(PAM_MSG_MEMBER(msg, i, msg), stderr);
+ fgets(input, sizeof input, stdin);
+ reply[i].resp = xstrdup(input);
+ reply[i].resp_retcode = PAM_SUCCESS;
+ break;
+ case PAM_ERROR_MSG:
+ case PAM_TEXT_INFO:
+ fputs(PAM_MSG_MEMBER(msg, i, msg), stderr);
+ reply[i].resp_retcode = PAM_SUCCESS;
+ break;
+ default:
+ goto fail;
+ }
+ }
+ *resp = reply;
+ return (PAM_SUCCESS);
- fatal_add_cleanup(&do_pam_cleanup_proc, NULL);
+ fail:
+ for(i = 0; i < n; i++) {
+ if (reply[i].resp != NULL)
+ xfree(reply[i].resp);
+ }
+ xfree(reply);
+ return (PAM_CONV_ERR);
}
-/* Return list of PAM environment strings */
-char **fetch_pam_environment(void)
+/*
+ * XXX this should be done in the authentication phase, but ssh1 doesn't
+ * support that
+ */
+void
+do_pam_chauthtok(void)
{
-#ifdef HAVE_PAM_GETENVLIST
- return(pam_getenvlist(__pamh));
-#else /* HAVE_PAM_GETENVLIST */
- return(NULL);
-#endif /* HAVE_PAM_GETENVLIST */
+ struct pam_conv pam_conv;
+
+ pam_conv.conv = pam_chauthtok_conv;
+ pam_conv.appdata_ptr = NULL;
+
+ if (use_privsep)
+ fatal("Password expired (unable to change with privsep)");
+ sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
+ (const void *)&pam_conv);
+ if (sshpam_err != PAM_SUCCESS)
+ fatal("PAM: failed to set PAM_CONV: %s",
+ pam_strerror(sshpam_handle, sshpam_err));
+ debug("PAM: changing password");
+ sshpam_err = pam_chauthtok(sshpam_handle, PAM_CHANGE_EXPIRED_AUTHTOK);
+ if (sshpam_err != PAM_SUCCESS)
+ fatal("PAM: pam_chauthtok(): %s",
+ pam_strerror(sshpam_handle, sshpam_err));
}
-/* Set a PAM environment string. We need to do this so that the session
+/*
+ * Set a PAM environment string. We need to do this so that the session
* modules can handle things like Kerberos/GSI credentials that appear
* during the ssh authentication process.
*/
-int do_pam_putenv(char *name, char *value) {
+int
+do_pam_putenv(char *name, char *value)
+{
+ int ret = 1;
+#ifdef HAVE_PAM_PUTENV
char *compound;
- int ret=1;
+ size_t len;
-#ifdef HAVE_PAM_PUTENV
- compound=xmalloc(strlen(name)+strlen(value)+2);
- if (compound) {
- sprintf(compound,"%s=%s",name,value);
- ret=pam_putenv(__pamh,compound);
- xfree(compound);
- }
+ len = strlen(name) + strlen(value) + 2;
+ compound = xmalloc(len);
+
+ snprintf(compound, len, "%s=%s", name, value);
+ ret = pam_putenv(sshpam_handle, compound);
+ xfree(compound);
#endif
- return(ret);
+
+ return (ret);
}
-void free_pam_environment(char **env)
+void
+print_pam_messages(void)
{
- int i;
-
- if (env != NULL) {
- for (i = 0; env[i] != NULL; i++)
- xfree(env[i]);
- }
+ /* XXX */
}
-/* Print any messages that have been generated during authentication */
-/* or account checking to stderr */
-void print_pam_messages(void)
+char **
+fetch_pam_environment(void)
{
- if (__pam_msg != NULL)
- fputs(__pam_msg, stderr);
+#ifdef HAVE_PAM_GETENVLIST
+ debug("PAM: retrieving environment");
+ return (pam_getenvlist(sshpam_handle));
+#else
+ return (NULL);
+#endif
}
-/* Append a message to buffer */
-void message_cat(char **p, const char *a)
+void
+free_pam_environment(char **env)
{
- char *cp;
- size_t new_len;
-
- new_len = strlen(a);
+ char **envp;
- if (*p) {
- size_t len = strlen(*p);
-
- *p = xrealloc(*p, new_len + len + 2);
- cp = *p + len;
- } else
- *p = cp = xmalloc(new_len + 2);
+ if (env == NULL)
+ return;
- memcpy(cp, a, new_len);
- cp[new_len] = '\n';
- cp[new_len + 1] = '\0';
+ for (envp = env; *envp; envp++)
+ xfree(*envp);
+ xfree(env);
}
#endif /* USE_PAM */
# define SSHD_PAM_SERVICE __progname
#endif
-void start_pam(const char *user);
+void start_pam(const char *);
void finish_pam(void);
-int auth_pam_password(Authctxt *authctxt, const char *password);
-char **fetch_pam_environment(void);
-void free_pam_environment(char **env);
-int do_pam_authenticate(int flags);
-int do_pam_account(char *username, char *remote_user);
-void do_pam_session(char *username, const char *ttyname);
-void do_pam_setcred(int init);
-void print_pam_messages(void);
+u_int do_pam_account(void);
+void do_pam_session(void);
+void do_pam_set_tty(const char *);
+void do_pam_setcred(int );
int is_pam_password_change_required(void);
void do_pam_chauthtok(void);
-void do_pam_set_conv(struct pam_conv *);
int do_pam_putenv(char *, char *);
-void message_cat(char **p, const char *a);
+void print_pam_messages(void);
+char ** fetch_pam_environment(void);
+void free_pam_environment(char **);
#endif /* USE_PAM */
*/
#include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.45 2002/09/20 18:41:29 stevesk Exp $");
+RCSID("$OpenBSD: auth.c,v 1.49 2003/08/26 09:58:43 markus Exp $");
#ifdef HAVE_LOGIN_H
#include <login.h>
/* import */
extern ServerOptions options;
+extern Buffer loginmsg;
/* Debugging messages */
Buffer auth_debug;
allowed_user(struct passwd * pw)
{
struct stat st;
- const char *hostname = NULL, *ipaddr = NULL;
+ const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
char *shell;
int i;
-#ifdef WITH_AIXAUTHENTICATE
- char *loginmsg;
-#endif /* WITH_AIXAUTHENTICATE */
-#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
- !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
- struct spwd *spw;
+#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+ struct spwd *spw = NULL;
+#endif
/* Shouldn't be called if pw is NULL, but better safe than sorry... */
if (!pw || !pw->pw_name)
return 0;
+#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+ if (!options.use_pam)
+ spw = getspnam(pw->pw_name);
+#ifdef HAS_SHADOW_EXPIRE
#define DAY (24L * 60 * 60) /* 1 day in seconds */
- spw = getspnam(pw->pw_name);
- if (spw != NULL) {
- time_t today = time(NULL) / DAY;
+ if (!options.use_pam && spw != NULL) {
+ time_t today;
+
+ today = time(NULL) / DAY;
debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
" sp_max %d", (int)today, (int)spw->sp_expire,
(int)spw->sp_lstchg, (int)spw->sp_max);
* day after the day specified.
*/
if (spw->sp_expire != -1 && today > spw->sp_expire) {
- log("Account %.100s has expired", pw->pw_name);
+ logit("Account %.100s has expired", pw->pw_name);
return 0;
}
if (spw->sp_lstchg == 0) {
- log("User %.100s password has expired (root forced)",
+ logit("User %.100s password has expired (root forced)",
pw->pw_name);
return 0;
}
if (spw->sp_max != -1 &&
today > spw->sp_lstchg + spw->sp_max) {
- log("User %.100s password has expired (password aged)",
+ logit("User %.100s password has expired (password aged)",
pw->pw_name);
return 0;
}
}
+#endif /* HAS_SHADOW_EXPIRE */
+#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
+
+ /* grab passwd field for locked account check */
+#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+ if (spw != NULL)
+ passwd = spw->sp_pwdp;
#else
- /* Shouldn't be called if pw is NULL, but better safe than sorry... */
- if (!pw || !pw->pw_name)
- return 0;
+ passwd = pw->pw_passwd;
+#endif
+
+ /* check for locked account */
+ if (!options.use_pam && passwd && *passwd) {
+ int locked = 0;
+
+#ifdef LOCKED_PASSWD_STRING
+ if (strcmp(passwd, LOCKED_PASSWD_STRING) == 0)
+ locked = 1;
+#endif
+#ifdef LOCKED_PASSWD_PREFIX
+ if (strncmp(passwd, LOCKED_PASSWD_PREFIX,
+ strlen(LOCKED_PASSWD_PREFIX)) == 0)
+ locked = 1;
#endif
+#ifdef LOCKED_PASSWD_SUBSTR
+ if (strstr(passwd, LOCKED_PASSWD_SUBSTR))
+ locked = 1;
+#endif
+ if (locked) {
+ logit("User %.100s not allowed because account is locked",
+ pw->pw_name);
+ return 0;
+ }
+ }
/*
* Get the shell from the password data. An empty shell field is
/* deny if shell does not exists or is not executable */
if (stat(shell, &st) != 0) {
- log("User %.100s not allowed because shell %.100s does not exist",
+ logit("User %.100s not allowed because shell %.100s does not exist",
pw->pw_name, shell);
return 0;
}
if (S_ISREG(st.st_mode) == 0 ||
(st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {
- log("User %.100s not allowed because shell %.100s is not executable",
+ logit("User %.100s not allowed because shell %.100s is not executable",
pw->pw_name, shell);
return 0;
}
if (options.num_deny_users > 0 || options.num_allow_users > 0) {
- hostname = get_canonical_hostname(options.verify_reverse_mapping);
+ hostname = get_canonical_hostname(options.use_dns);
ipaddr = get_remote_ipaddr();
}
for (i = 0; i < options.num_deny_users; i++)
if (match_user(pw->pw_name, hostname, ipaddr,
options.deny_users[i])) {
- log("User %.100s not allowed because listed in DenyUsers",
+ logit("User %.100s not allowed because listed in DenyUsers",
pw->pw_name);
return 0;
}
break;
/* i < options.num_allow_users iff we break for loop */
if (i >= options.num_allow_users) {
- log("User %.100s not allowed because not listed in AllowUsers",
+ logit("User %.100s not allowed because not listed in AllowUsers",
pw->pw_name);
return 0;
}
if (options.num_deny_groups > 0 || options.num_allow_groups > 0) {
/* Get the user's group access list (primary and supplementary) */
if (ga_init(pw->pw_name, pw->pw_gid) == 0) {
- log("User %.100s not allowed because not in any group",
+ logit("User %.100s not allowed because not in any group",
pw->pw_name);
return 0;
}
if (ga_match(options.deny_groups,
options.num_deny_groups)) {
ga_free();
- log("User %.100s not allowed because a group is listed in DenyGroups",
+ logit("User %.100s not allowed because a group is listed in DenyGroups",
pw->pw_name);
return 0;
}
if (!ga_match(options.allow_groups,
options.num_allow_groups)) {
ga_free();
- log("User %.100s not allowed because none of user's groups are listed in AllowGroups",
+ logit("User %.100s not allowed because none of user's groups are listed in AllowGroups",
pw->pw_name);
return 0;
}
}
#ifdef WITH_AIXAUTHENTICATE
- if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) {
- if (loginmsg && *loginmsg) {
- /* Remove embedded newlines (if any) */
- char *p;
- for (p = loginmsg; *p; p++) {
- if (*p == '\n')
- *p = ' ';
+ /*
+ * Don't check loginrestrictions() for root account (use
+ * PermitRootLogin to control logins via ssh), or if running as
+ * non-root user (since loginrestrictions will always fail).
+ */
+ if ((pw->pw_uid != 0) && (geteuid() == 0)) {
+ char *msg;
+
+ if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &msg) != 0) {
+ int loginrestrict_errno = errno;
+
+ if (msg && *msg) {
+ buffer_append(&loginmsg, msg, strlen(msg));
+ aix_remove_embedded_newlines(msg);
+ logit("Login restricted for %s: %.100s",
+ pw->pw_name, msg);
}
- /* Remove trailing newline */
- *--p = '\0';
- log("Login restricted for %s: %.100s", pw->pw_name, loginmsg);
+ /* Don't fail if /etc/nologin set */
+ if (!(loginrestrict_errno == EPERM &&
+ stat(_PATH_NOLOGIN, &st) == 0))
+ return 0;
}
- return 0;
}
#endif /* WITH_AIXAUTHENTICATE */
!authctxt->valid ||
authctxt->failures >= AUTH_FAIL_LOG ||
strcmp(method, "password") == 0)
- authlog = log;
+ authlog = logit;
if (authctxt->postponed)
authmsg = "Postponed";
get_remote_port(),
info);
-#ifdef WITH_AIXAUTHENTICATE
+#ifdef CUSTOM_FAILED_LOGIN
if (authenticated == 0 && strcmp(method, "password") == 0)
- loginfailed(authctxt->user,
- get_canonical_hostname(options.verify_reverse_mapping),
- "ssh");
-#endif /* WITH_AIXAUTHENTICATE */
-
+ record_failed_login(authctxt->user, "ssh");
+#endif
}
/*
break;
case PERMIT_FORCED_ONLY:
if (forced_command) {
- log("Root login accepted for forced command.");
+ logit("Root login accepted for forced command.");
return 1;
}
break;
}
- log("ROOT LOGIN REFUSED FROM %.200s", get_remote_ipaddr());
+ logit("ROOT LOGIN REFUSED FROM %.200s", get_remote_ipaddr());
return 0;
}
(stat(user_hostfile, &st) == 0) &&
((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
(st.st_mode & 022) != 0)) {
- log("Authentication refused for %.100s: "
+ logit("Authentication refused for %.100s: "
"bad owner or modes for %.200s",
pw->pw_name, user_hostfile);
} else {
uid_t uid = pw->pw_uid;
char buf[MAXPATHLEN], homedir[MAXPATHLEN];
char *cp;
+ int comparehome = 0;
struct stat st;
if (realpath(file, buf) == NULL) {
strerror(errno));
return -1;
}
- if (realpath(pw->pw_dir, homedir) == NULL) {
- snprintf(err, errlen, "realpath %s failed: %s", pw->pw_dir,
- strerror(errno));
- return -1;
- }
+ if (realpath(pw->pw_dir, homedir) != NULL)
+ comparehome = 1;
/* check the open file to avoid races */
if (fstat(fileno(f), &st) < 0 ||
}
/* If are passed the homedir then we can stop */
- if (strcmp(homedir, buf) == 0) {
+ if (comparehome && strcmp(homedir, buf) == 0) {
debug3("secure_filename: terminating check at '%s'",
buf);
break;
pw = getpwnam(user);
if (pw == NULL) {
- log("Illegal user %.100s from %.100s",
+ logit("Illegal user %.100s from %.100s",
user, get_remote_ipaddr());
+#ifdef CUSTOM_FAILED_LOGIN
+ record_failed_login(user, "ssh");
+#endif
return (NULL);
}
if (!allowed_user(pw))
auth_debug_init = 1;
}
}
+
+struct passwd *
+fakepw(void)
+{
+ static struct passwd fake;
+
+ memset(&fake, 0, sizeof(fake));
+ fake.pw_name = "NOUSER";
+ fake.pw_passwd =
+ "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
+ fake.pw_gecos = "NOUSER";
+ fake.pw_uid = -1;
+ fake.pw_gid = -1;
+#ifdef HAVE_PW_CLASS_IN_PASSWD
+ fake.pw_class = "";
+#endif
+ fake.pw_dir = "/nonexist";
+ fake.pw_shell = "/nonexist";
+
+ return (&fake);
+}
-/* $OpenBSD: auth.h,v 1.41 2002/09/26 11:38:43 markus Exp $ */
+/* $OpenBSD: auth.h,v 1.46 2003/08/28 12:54:34 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
#ifdef KRB5
#include <krb5.h>
#endif
+#ifdef AFS_KRB5
+#include <krbafs.h>
+#endif
typedef struct Authctxt Authctxt;
typedef struct Authmethod Authmethod;
struct Authctxt {
int success;
- int postponed;
- int valid;
+ int postponed; /* authentication needs another step */
+ int valid; /* user exists and is allowed to login */
int attempt;
int failures;
- char *user;
+ char *user; /* username sent by the client */
char *service;
- struct passwd *pw;
+ struct passwd *pw; /* set if 'valid' */
char *style;
void *kbdintctxt;
#ifdef BSD_AUTH
auth_session_t *as;
#endif
-#ifdef KRB4
- char *krb4_ticket_file;
-#endif
#ifdef KRB5
krb5_context krb5_ctx;
- krb5_auth_context krb5_auth_ctx;
krb5_ccache krb5_fwd_ccache;
krb5_principal krb5_user;
char *krb5_ticket_file;
#endif
- void *methoddata;
+#ifdef SESSION_HOOKS
+ char *session_env_file;
+#endif
+ void *methoddata;
};
+/*
+ * Every authentication method has to handle authentication requests for
+ * non-existing users, or for users that are not allowed to login. In this
+ * case 'valid' is set to 0, but 'user' points to the username requested by
+ * the client.
+ */
struct Authmethod {
char *name;
int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
int user_key_allowed(struct passwd *, Key *);
-#ifdef KRB4
-#include <krb.h>
-int auth_krb4(Authctxt *, KTEXT, char **, KTEXT);
-int auth_krb4_password(Authctxt *, const char *);
-void krb4_cleanup_proc(void *);
-
-#ifdef AFS
-#include <kafs.h>
-int auth_krb4_tgt(Authctxt *, const char *);
-int auth_afs_token(Authctxt *, const char *);
-#endif /* AFS */
-
-#endif /* KRB4 */
-
#ifdef KRB5
int auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *);
int auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt);
#endif /* KRB5 */
#include "auth-pam.h"
-#include "auth2-pam.h"
Authctxt *do_authentication(void);
Authctxt *do_authentication2(void);
char *get_challenge(Authctxt *);
int verify_response(Authctxt *, const char *);
+void abandon_challenge_response(Authctxt *);
struct passwd * auth_get_user(void);
void auth_debug_send(void);
void auth_debug_reset(void);
+struct passwd *fakepw(void);
+
#define AUTH_FAIL_MAX 6
#define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2)
#define AUTH_FAIL_MSG "Too many authentication failures for %.100s"
*/
#include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.44 2002/09/26 11:38:43 markus Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.52 2003/08/28 12:54:34 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
#include "ssh1.h"
-#include "dispatch.h"
#include "packet.h"
#include "buffer.h"
#include "mpaux.h"
/* import */
extern ServerOptions options;
-extern Authmethod method_gssapi;
-
-
-
-#ifdef GSSAPI
-#ifdef GSI
-#include "globus_gss_assist.h"
-#endif
-
-int userauth_gssapi(Authctxt *authctxt);
-
-void
-auth1_gss_protocol_error(int type, u_int32_t plen, void *ctxt)
-{
- Authctxt *authctxt = ctxt;
- /* Other side told us to abort, dont need to tell him */
- /* maybe we can us some other method. */
- if (type == SSH_MSG_AUTH_GSSAPI_ABORT) {
- log("auth1: GSSAPI aborting");
- dispatch_set(SSH_MSG_AUTH_GSSAPI_TOKEN, NULL);
- authctxt->success = 1; /* get out of loop*/
- return;
- }
-
- log("auth1: protocol error: type %d plen %d", type, plen);
- packet_disconnect("Protocol error during GSSAPI authentication: "
- "Unknown packet type %d", type);
-}
-
-#ifdef GSI
-int
-gsi_gridmap(char *subject_name, char **mapped_name)
-{
-#ifdef GLOBUS_GSI_GSS_ASSIST_MODULE
- if (globus_module_activate(GLOBUS_GSI_GSS_ASSIST_MODULE) != 0) {
- return 0;
- }
-#endif
- return(globus_gss_assist_gridmap(subject_name, mapped_name) == 0);
-}
-#endif
-
-/*
- * SSH1 GSSAPI clients may send us a user name of the form:
- *
- * (1) username:x:SSL Subject Name
- * or
- * (2) username:i:SSL Subject Name
- * or
- * (3) username
- *
- * if case 1, then uname is an explicit name (ssh -l uname). Keep this
- * name always, rewrite the user parameter to be just uname. We'll pull
- * the GSSAPI idenity out and deal with (or skip it) later.
- *
- * if case 2, then uname is implicit (user didn't use the -l option), so
- * use the default gridmap mapping and replace uname with whatever
- * the gridmap maps to. If the gridmap mapping fails, drop down
- * to just uname
- *
- * if case 3, then leave it be.
- *
- * This function may return the original pointer to the orginal string,
- * the original pointer to a modified string, or a completely new pointer.
- */
-static char *
-ssh1_gssapi_parse_userstring(char *userstring)
-{
- char name_type = '\0'; /* explicit 'x' or implicit 'i' */
- char *ssl_subject_name = NULL;
- char *delim = NULL;
-
- debug("Looking at username '%s' for gssapi-ssleay type name", userstring);
- if((delim = strchr(userstring, ':')) != NULL) {
- /* Parse and split into components */
- ssl_subject_name = strchr(delim + 1, ':');
-
- if (ssl_subject_name) {
- /* Successful parse, split into components */
- *delim = '\0';
- name_type = *(delim + 1);
- *ssl_subject_name = '\0';
- ssl_subject_name++;
-
- debug("Name parsed. type = '%c'. ssl subject name is \"%s\"",
- name_type, ssl_subject_name);
-
- } else {
-
- debug("Don't understand name format. Letting it pass.");
- }
- }
-
-#ifdef GSI
- if(ssl_subject_name) {
- char *gridmapped_name = NULL;
- switch (name_type) {
- case 'x':
- debug("explicit name given, using %s as username", userstring);
- break;
-
- case 'i':
- /* gridmap check */
- debug("implicit name given. gridmapping '%s'", ssl_subject_name);
-
- PRIVSEP(gsi_gridmap(ssl_subject_name, &gridmapped_name));
- if (gridmapped_name && gridmapped_name[0] != '\0') {
- userstring = gridmapped_name;
- debug("I gridmapped and got %s", userstring);
-
- } else {
- debug("I gridmapped and got null, reverting to %s", userstring);
- }
- break;
-
- default:
- debug("Unknown name type '%c'. Ignoring.", name_type);
- break;
- }
- } else {
- debug("didn't find any :'s so I assume it's just a user name");
- }
-#endif /* GSI */
-
- return userstring;
-}
-#endif
/*
* convert ssh auth msg type into description
case SSH_CMSG_AUTH_TIS:
case SSH_CMSG_AUTH_TIS_RESPONSE:
return "challenge-response";
-#if defined(KRB4) || defined(KRB5)
- case SSH_CMSG_AUTH_KERBEROS:
- return "kerberos";
-#endif
-#if defined(GSSAPI)
- case SSH_CMSG_AUTH_GSSAPI:
- return "gssapi";
-#endif
}
snprintf(buf, sizeof buf, "bad-auth-msg-%d", type);
return buf;
char info[1024];
u_int dlen;
u_int ulen;
- int type = 0;
+ int prev, type = 0;
struct passwd *pw = authctxt->pw;
debug("Attempting authentication for %s%.100s.",
/* If the user has no password, accept authentication immediately. */
if (options.password_authentication &&
-#if defined(KRB4) || defined(KRB5)
+#ifdef KRB5
(!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
#endif
PRIVSEP(auth_password(authctxt, ""))) {
info[0] = '\0';
/* Get a packet from the client. */
+ prev = type;
type = packet_read();
+ /*
+ * If we started challenge-response authentication but the
+ * next packet is not a response to our challenge, release
+ * the resources allocated by get_challenge() (which would
+ * normally have been released by verify_response() had we
+ * received such a response)
+ */
+ if (prev == SSH_CMSG_AUTH_TIS &&
+ type != SSH_CMSG_AUTH_TIS_RESPONSE)
+ abandon_challenge_response(authctxt);
+
/* Process the packet. */
switch (type) {
-
-#if defined(KRB4) || defined(KRB5)
- case SSH_CMSG_AUTH_KERBEROS:
- if (!options.kerberos_authentication) {
- verbose("Kerberos authentication disabled.");
- } else {
- char *kdata = packet_get_string(&dlen);
- packet_check_eom();
-
- if (kdata[0] == 4) { /* KRB_PROT_VERSION */
-#ifdef KRB4
- KTEXT_ST tkt, reply;
- tkt.length = dlen;
- if (tkt.length < MAX_KTXT_LEN)
- memcpy(tkt.dat, kdata, tkt.length);
-
- if (PRIVSEP(auth_krb4(authctxt, &tkt,
- &client_user, &reply))) {
- authenticated = 1;
- snprintf(info, sizeof(info),
- " tktuser %.100s",
- client_user);
-
- packet_start(
- SSH_SMSG_AUTH_KERBEROS_RESPONSE);
- packet_put_string((char *)
- reply.dat, reply.length);
- packet_send();
- packet_write_wait();
- }
-#endif /* KRB4 */
- } else {
-#ifdef KRB5
- krb5_data tkt, reply;
- tkt.length = dlen;
- tkt.data = kdata;
-
- if (PRIVSEP(auth_krb5(authctxt, &tkt,
- &client_user, &reply))) {
- authenticated = 1;
- snprintf(info, sizeof(info),
- " tktuser %.100s",
- client_user);
-
- /* Send response to client */
- packet_start(
- SSH_SMSG_AUTH_KERBEROS_RESPONSE);
- packet_put_string((char *)
- reply.data, reply.length);
- packet_send();
- packet_write_wait();
-
- if (reply.length)
- xfree(reply.data);
- }
-#endif /* KRB5 */
- }
- xfree(kdata);
- }
- break;
-#endif /* KRB4 || KRB5 */
-
-#ifdef GSSAPI
- case SSH_CMSG_AUTH_GSSAPI:
- if (!options.gss_authentication) {
- verbose("GSSAPI authentication disabled.");
- break;
- }
- /*
- * GSSAPI was first added to ssh1 in ssh-1.2.27, and
- * was added to the SecurtCRT product. In order
- * to continue operating with these, we will add
- * the equivelent GSSAPI support to SSH1.
- * Will use the gssapi routines from the ssh2 as
- * they are almost identical. But they use dispatch
- * so we need to setup the dispatch tables here
- * auth1.c for use only by the gssapi code.
- * Since we already have the packet, we will call
- * userauth_gssapi then start the dispatch loop.
- */
- if (!authctxt->valid) {
- packet_disconnect("Authentication rejected for invalid user");
- }
- dispatch_init(&auth1_gss_protocol_error);
- method_gssapi.userauth(authctxt);
- dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
- if (authctxt->postponed) { /* failed, try other methods */
- authctxt->success = 0;
- authctxt->postponed = 0;
- break;
- }
- authenticated = 1;
- break;
-#endif /* GSSAPI */
-
-#if defined(AFS) || defined(KRB5)
- /* XXX - punt on backward compatibility here. */
- case SSH_CMSG_HAVE_KERBEROS_TGT:
- packet_send_debug("Kerberos TGT passing disabled before authentication.");
- break;
-#ifdef AFS
- case SSH_CMSG_HAVE_AFS_TOKEN:
- packet_send_debug("AFS token passing disabled before authentication.");
- break;
-#endif /* AFS */
-#endif /* AFS || KRB5 */
-
- case SSH_CMSG_AUTH_RHOSTS:
- if (!options.rhosts_authentication) {
- verbose("Rhosts authentication disabled.");
- break;
- }
- /*
- * Get client user name. Note that we just have to
- * trust the client; this is one reason why rhosts
- * authentication is insecure. (Another is
- * IP-spoofing on a local network.)
- */
- client_user = packet_get_string(&ulen);
- packet_check_eom();
-
- /* Try to authenticate using /etc/hosts.equiv and .rhosts. */
- authenticated = auth_rhosts(pw, client_user);
-
- snprintf(info, sizeof info, " ruser %.100s", client_user);
- break;
-
case SSH_CMSG_AUTH_RHOSTS_RSA:
if (!options.rhosts_rsa_authentication) {
verbose("Rhosts with RSA authentication disabled.");
debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
if (options.challenge_response_authentication == 1) {
char *response = packet_get_string(&dlen);
- debug("got response '%s'", response);
packet_check_eom();
authenticated = verify_response(authctxt, response);
memset(response, 'r', dlen);
* Any unknown messages will be ignored (and failure
* returned) during authentication.
*/
- log("Unknown message during authentication: type %d", type);
+ logit("Unknown message during authentication: type %d", type);
break;
}
#ifdef BSD_AUTH
authctxt->user);
#ifdef _UNICOS
- if (type == SSH_CMSG_AUTH_PASSWORD && !authenticated)
- cray_login_failure(authctxt->user, IA_UDBERR);
if (authenticated && cray_access_denied(authctxt->user)) {
authenticated = 0;
fatal("Access denied for user %s.",authctxt->user);
}
#else
/* Special handling for root */
- if (!use_privsep &&
- authenticated && authctxt->pw->pw_uid == 0 &&
+ if (authenticated && authctxt->pw->pw_uid == 0 &&
!auth_root_allowed(get_authname(type)))
authenticated = 0;
#endif
+
#ifdef USE_PAM
- if (!use_privsep && authenticated &&
- !do_pam_account(pw->pw_name, client_user))
+ if (options.use_pam && authenticated &&
+ !PRIVSEP(do_pam_account()))
authenticated = 0;
#endif
if (authenticated)
return;
- if (authctxt->failures++ > AUTH_FAIL_MAX) {
+ if (authctxt->failures++ > AUTH_FAIL_MAX)
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
- }
packet_start(SSH_SMSG_FAILURE);
packet_send();
user = packet_get_string(&ulen);
packet_check_eom();
-#ifdef GSSAPI
- /* Parse GSSAPI identity from userstring */
- user = ssh1_gssapi_parse_userstring(user);
-#endif /* GSSAPI */
-
if ((style = strchr(user, ':')) != NULL)
*style++ = '\0';
-#ifdef KRB5
- /* XXX - SSH.com Kerberos v5 braindeath. */
- if ((datafellows & SSH_BUG_K5USER) &&
- options.kerberos_authentication) {
- char *p;
- if ((p = strchr(user, '@')) != NULL)
- *p = '\0';
- }
-#endif
-
authctxt = authctxt_new();
authctxt->user = user;
authctxt->style = style;
/* Verify that the user is a valid user. */
if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
authctxt->valid = 1;
- else
+ else {
debug("do_authentication: illegal user %s", user);
+ authctxt->pw = fakepw();
+ }
setproctitle("%s%s", authctxt->pw ? user : "unknown",
use_privsep ? " [net]" : "");
#ifdef USE_PAM
- PRIVSEP(start_pam(authctxt->pw == NULL ? "NOUSER" : user));
+ if (options.use_pam)
+ PRIVSEP(start_pam(user));
#endif
/*
+/* $OpenBSD: auth2-gss.c,v 1.3 2003/09/01 20:44:54 markus Exp $ */
+
/*
- * Copyright (c) 2001,2002 Simon Wilkinson. All rights reserved.
+ * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
#include "includes.h"
#ifdef GSSAPI
+
#include "auth.h"
#include "ssh2.h"
-#include "ssh1.h"
#include "xmalloc.h"
#include "log.h"
#include "dispatch.h"
#include "ssh-gss.h"
extern ServerOptions options;
-extern unsigned char ssh1_key_digest[16];
static int
userauth_external(Authctxt *authctxt)
return(PRIVSEP(ssh_gssapi_userok(authctxt->user)));
}
+static void ssh_gssapi_userauth_error(Gssctxt *ctxt);
static void input_gssapi_token(int type, u_int32_t plen, void *ctxt);
static void input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt);
+static void input_gssapi_errtok(int, u_int32_t, void *);
-/* We only support those mechanisms that we know about (ie ones that we know
+/*
+ * We only support those mechanisms that we know about (ie ones that we know
* how to check local user kuserok and the like
*/
static int
userauth_gssapi(Authctxt *authctxt)
{
- gss_OID_desc oid= {0,NULL};
- Gssctxt *ctxt = NULL;
- int mechs;
- gss_OID_set supported;
- int present;
- OM_uint32 ms;
- u_int len;
-
- if (!authctxt->valid || authctxt->user == NULL)
- return 0;
-
- if (datafellows & SSH_OLD_GSSAPI) {
- debug("Early drafts of GSSAPI userauth not supported");
- return 0;
- }
-
- mechs=packet_get_int();
- if (mechs==0) {
- debug("Mechanism negotiation is not supported");
- return 0;
- }
-
- ssh_gssapi_supported_oids(&supported);
- do {
- if (oid.elements)
- xfree(oid.elements);
- oid.elements = packet_get_string(&len);
- oid.length = len;
- gss_test_oid_set_member(&ms, &oid, supported, &present);
- mechs--;
- } while (mechs>0 && !present);
-
- if (!present) {
- xfree(oid.elements);
- return(0);
- }
-
- if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt,&oid))))
- return(0);
-
- authctxt->methoddata=(void *)ctxt;
+ gss_OID_desc oid = {0, NULL};
+ Gssctxt *ctxt = NULL;
+ int mechs;
+ gss_OID_set supported;
+ int present;
+ OM_uint32 ms;
+ u_int len;
+ char *doid = NULL;
+
+ if (!authctxt->valid || authctxt->user == NULL)
+ return (0);
+
+ mechs = packet_get_int();
+ if (mechs == 0) {
+ debug("Mechanism negotiation is not supported");
+ return (0);
+ }
+
+ ssh_gssapi_supported_oids(&supported);
+ do {
+ mechs--;
+
+ if (doid)
+ xfree(doid);
+
+ doid = packet_get_string(&len);
+
+ if (doid[0] != SSH_GSS_OIDTYPE || doid[1] != len-2) {
+ logit("Mechanism OID received using the old encoding form");
+ oid.elements = doid;
+ oid.length = len;
+ } else {
+ oid.elements = doid + 2;
+ oid.length = len - 2;
+ }
+ gss_test_oid_set_member(&ms, &oid, supported, &present);
+ } while (mechs > 0 && !present);
+
+ gss_release_oid_set(&ms, &supported);
+
+ if (!present) {
+ xfree(doid);
+ return (0);
+ }
+
+ if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &oid)))) {
+ xfree(doid);
+ return (0);
+ }
- /* Send SSH_MSG_USERAUTH_GSSAPI_RESPONSE */
+ authctxt->methoddata=(void *)ctxt;
- if (!compat20)
- packet_start(SSH_SMSG_AUTH_GSSAPI_RESPONSE);
- else
packet_start(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE);
- packet_put_string(oid.elements,oid.length);
- packet_send();
- packet_write_wait();
- xfree(oid.elements);
-
- if (!compat20)
- dispatch_set(SSH_MSG_AUTH_GSSAPI_TOKEN,
- &input_gssapi_token);
- else
- dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN,
- &input_gssapi_token);
- authctxt->postponed = 1;
-
- return 0;
+
+ /* Return OID in same format as we received it*/
+ packet_put_string(doid, len);
+
+ packet_send();
+ xfree(doid);
+
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
+ authctxt->postponed = 1;
+
+ return (0);
}
static void
input_gssapi_token(int type, u_int32_t plen, void *ctxt)
{
- Authctxt *authctxt = ctxt;
- Gssctxt *gssctxt;
- gss_buffer_desc send_tok,recv_tok;
- OM_uint32 maj_status, min_status;
- int len;
-
- if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
- fatal("No authentication or GSSAPI context");
-
- gssctxt=authctxt->methoddata;
- recv_tok.value=packet_get_string(&len);
- recv_tok.length=len; /* int vs. size_t */
-
- maj_status=PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
- &send_tok, NULL));
- packet_check_eom();
-
- if (send_tok.length != 0) {
- /* Send a packet back to the client */
- if (!compat20)
- packet_start(SSH_MSG_AUTH_GSSAPI_TOKEN);
- else
- packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
- packet_put_string(send_tok.value,send_tok.length);
- packet_send();
- packet_write_wait();
- gss_release_buffer(&min_status, &send_tok);
- }
-
- if (GSS_ERROR(maj_status)) {
- /* Failure <sniff> */
- if (gssctxt) { /* may be NULL under privsep */
- ssh_gssapi_send_error(gssctxt->oid,maj_status,min_status);
- } else {
- ssh_gssapi_send_error(GSS_C_NO_OID,maj_status,min_status);
+ Authctxt *authctxt = ctxt;
+ Gssctxt *gssctxt;
+ gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc recv_tok;
+ OM_uint32 maj_status, min_status;
+ u_int len;
+
+ if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
+ fatal("No authentication or GSSAPI context");
+
+ gssctxt = authctxt->methoddata;
+ recv_tok.value = packet_get_string(&len);
+ recv_tok.length = len; /* u_int vs. size_t */
+
+ packet_check_eom();
+
+ maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
+ &send_tok, NULL));
+
+ xfree(recv_tok.value);
+
+ if (GSS_ERROR(maj_status)) {
+ ssh_gssapi_userauth_error(gssctxt);
+ if (send_tok.length != 0) {
+ packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
+ packet_put_string(send_tok.value, send_tok.length);
+ packet_send();
+ }
+ authctxt->postponed = 0;
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
+ userauth_finish(authctxt, 0, "gssapi");
+ } else {
+ if (send_tok.length != 0) {
+ packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
+ packet_put_string(send_tok.value, send_tok.length);
+ packet_send();
+ }
+ if (maj_status == GSS_S_COMPLETE) {
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE,
+ &input_gssapi_exchange_complete);
}
- authctxt->postponed = 0;
- dispatch_set(SSH_MSG_AUTH_GSSAPI_TOKEN, NULL);
- dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
- userauth_finish(authctxt, 0, "gssapi");
- }
-
- if (maj_status == GSS_S_COMPLETE) {
- dispatch_set(SSH_MSG_AUTH_GSSAPI_TOKEN, NULL);
- dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN,NULL);
- /* ssh1 does not have an extra message here */
- if (!compat20)
- input_gssapi_exchange_complete(0, 0, ctxt);
- else
- dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE,
- &input_gssapi_exchange_complete);
- }
+ }
+
+ gss_release_buffer(&min_status, &send_tok);
}
-/* This is called when the client thinks we've completed authentication.
+static void
+input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
+{
+ Authctxt *authctxt = ctxt;
+ Gssctxt *gssctxt;
+ gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc recv_tok;
+ OM_uint32 maj_status;
+ u_int len;
+
+ if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
+ fatal("No authentication or GSSAPI context");
+
+ gssctxt = authctxt->methoddata;
+ recv_tok.value = packet_get_string(&len);
+ recv_tok.length = len;
+
+ packet_check_eom();
+
+ /* Push the error token into GSSAPI to see what it says */
+ maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
+ &send_tok, NULL));
+
+ xfree(recv_tok.value);
+
+ /* We can't return anything to the client, even if we wanted to */
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
+
+ /* The client will have already moved on to the next auth */
+
+ gss_release_buffer(&maj_status, &send_tok);
+}
+
+/*
+ * This is called when the client thinks we've completed authentication.
* It should only be enabled in the dispatch handler by the function above,
* which only enables it once the GSSAPI exchange is complete.
*/
-
+
static void
input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt)
{
- Authctxt *authctxt = ctxt;
- Gssctxt *gssctxt;
- int authenticated;
-
+ Authctxt *authctxt = ctxt;
+ Gssctxt *gssctxt;
+ int authenticated;
+
if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
- fatal("No authentication or GSSAPI context");
-
+ fatal("No authentication or GSSAPI context");
+
if ((strcmp(authctxt->user, "") == 0) && (authctxt->pw == NULL)) {
char *lname = NULL;
PRIVSEP(ssh_gssapi_localname(&lname));
goto finish;
}
- gssctxt=authctxt->methoddata;
-
- /* ssh1 needs to exchange the hash of the keys */
- if (!compat20) {
-
- OM_uint32 min_status;
- gss_buffer_desc dummy, msg_tok;
-
- /* ssh1 wraps the keys, in the monitor */
-
- dummy.value=malloc(sizeof(ssh1_key_digest));
- memcpy(dummy.value,ssh1_key_digest,sizeof(ssh1_key_digest));
- dummy.length=sizeof(ssh1_key_digest);
- if (GSS_ERROR(PRIVSEP(ssh_gssapi_sign(gssctxt,&dummy,&msg_tok))))
- fatal("Couldn't wrap keys");
-
- packet_start(SSH_SMSG_AUTH_GSSAPI_HASH);
- packet_put_string((char *)msg_tok.value,msg_tok.length);
- packet_send();
- packet_write_wait();
- gss_release_buffer(&min_status,&msg_tok);
- }
+ gssctxt = authctxt->methoddata;
-
- /* We don't need to check the status, because the stored credentials
+ /*
+ * We don't need to check the status, because the stored credentials
* which userok uses are only populated once the context init step
* has returned complete.
*/
- authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
+ packet_check_eom();
+
+ authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
finish:
- authctxt->postponed = 0;
- dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
- dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
- userauth_finish(authctxt, authenticated, "gssapi");
+ authctxt->postponed = 0;
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL);
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL);
+ userauth_finish(authctxt, authenticated, "gssapi");
+}
+
+static void ssh_gssapi_userauth_error(Gssctxt *ctxt) {
+ char *errstr;
+ OM_uint32 maj,min;
+
+ errstr=PRIVSEP(ssh_gssapi_last_error(ctxt,&maj,&min));
+ if (errstr) {
+ packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERROR);
+ packet_put_int(maj);
+ packet_put_int(min);
+ packet_put_cstring(errstr);
+ packet_put_cstring("");
+ packet_send();
+ packet_write_wait();
+ xfree(errstr);
+ }
}
Authmethod method_external = {
};
Authmethod method_gssapi = {
- "gssapi",
- userauth_gssapi,
- &options.gss_authentication
+ "gssapi",
+ userauth_gssapi,
+ &options.gss_authentication
};
#endif /* GSSAPI */
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2-hostbased.c,v 1.2 2002/05/31 11:35:15 markus Exp $");
+RCSID("$OpenBSD: auth2-hostbased.c,v 1.5 2003/06/24 08:23:46 markus Exp $");
#include "ssh2.h"
#include "xmalloc.h"
/* import */
extern ServerOptions options;
extern u_char *session_id2;
-extern int session_id2_len;
+extern u_int session_id2_len;
static int
userauth_hostbased(Authctxt *authctxt)
pktype = key_type_from_name(pkalg);
if (pktype == KEY_UNSPEC) {
/* this is perfectly legal */
- log("userauth_hostbased: unsupported "
+ logit("userauth_hostbased: unsupported "
"public key algorithm: %s", pkalg);
goto done;
}
HostStatus host_status;
int len;
- resolvedname = get_canonical_hostname(options.verify_reverse_mapping);
+ resolvedname = get_canonical_hostname(options.use_dns);
ipaddr = get_remote_ipaddr();
debug2("userauth_hostbased: chost %s resolvedname %s ipaddr %s",
chost[len - 1] = '\0';
}
if (strcasecmp(resolvedname, chost) != 0)
- log("userauth_hostbased mismatch: "
+ logit("userauth_hostbased mismatch: "
"client sends %s, but we resolve %s to %s",
chost, ipaddr, resolvedname);
if (auth_rhosts2(pw, cuser, resolvedname, ipaddr) == 0)
if (options.challenge_response_authentication)
authenticated = auth2_challenge(authctxt, devs);
-#ifdef USE_PAM
- if (authenticated == 0 && options.pam_authentication_via_kbd_int)
- authenticated = auth2_pam(authctxt);
-#endif
xfree(devs);
xfree(lang);
#ifdef HAVE_CYGWIN
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2-none.c,v 1.4 2002/06/27 10:35:47 deraadt Exp $");
+RCSID("$OpenBSD: auth2-none.c,v 1.6 2003/08/26 09:58:43 markus Exp $");
#include "auth.h"
#include "xmalloc.h"
if (check_nt_auth(1, authctxt->pw) == 0)
return(0);
#endif
- return (authctxt->valid ? PRIVSEP(auth_password(authctxt, "")) : 0);
+ if (options.password_authentication)
+ return (PRIVSEP(auth_password(authctxt, "")));
+ return (0);
}
Authmethod method_none = {
+++ /dev/null
-#include "includes.h"
-RCSID("$Id$");
-
-#ifdef USE_PAM
-#include <security/pam_appl.h>
-
-#include "ssh.h"
-#include "ssh2.h"
-#include "auth.h"
-#include "auth-pam.h"
-#include "packet.h"
-#include "xmalloc.h"
-#include "dispatch.h"
-#include "log.h"
-
-static int do_pam_conversation_kbd_int(int num_msg,
- const struct pam_message **msg, struct pam_response **resp,
- void *appdata_ptr);
-void input_userauth_info_response_pam(int type, int plen, void *ctxt);
-
-struct {
- int finished, num_received, num_expected;
- int *prompts;
- struct pam_response *responses;
-} context_pam2 = {0, 0, 0, NULL};
-
-static struct pam_conv conv2 = {
- do_pam_conversation_kbd_int,
- NULL,
-};
-
-int
-auth2_pam(Authctxt *authctxt)
-{
- int retval = -1;
-
- if (authctxt->user == NULL)
- fatal("auth2_pam: internal error: no user");
-
- conv2.appdata_ptr = authctxt;
- do_pam_set_conv(&conv2);
-
- dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE,
- &input_userauth_info_response_pam);
- retval = (do_pam_authenticate(0) == PAM_SUCCESS);
- dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
-
- return retval;
-}
-
-static int
-do_pam_conversation_kbd_int(int num_msg, const struct pam_message **msg,
- struct pam_response **resp, void *appdata_ptr)
-{
- int i, j, done;
- char *text;
-
- context_pam2.finished = 0;
- context_pam2.num_received = 0;
- context_pam2.num_expected = 0;
- context_pam2.prompts = xmalloc(sizeof(int) * num_msg);
- context_pam2.responses = xmalloc(sizeof(struct pam_response) * num_msg);
- memset(context_pam2.responses, 0, sizeof(struct pam_response) * num_msg);
-
- text = NULL;
- for (i = 0, context_pam2.num_expected = 0; i < num_msg; i++) {
- int style = PAM_MSG_MEMBER(msg, i, msg_style);
- switch (style) {
- case PAM_PROMPT_ECHO_ON:
- case PAM_PROMPT_ECHO_OFF:
- context_pam2.num_expected++;
- break;
- case PAM_TEXT_INFO:
- case PAM_ERROR_MSG:
- default:
- /* Capture all these messages to be sent at once */
- message_cat(&text, PAM_MSG_MEMBER(msg, i, msg));
- break;
- }
- }
-
- if (context_pam2.num_expected == 0)
- return PAM_SUCCESS;
-
- packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
- packet_put_cstring(""); /* Name */
- packet_put_cstring(""); /* Instructions */
- packet_put_cstring(""); /* Language */
- packet_put_int(context_pam2.num_expected);
-
- for (i = 0, j = 0; i < num_msg; i++) {
- int style = PAM_MSG_MEMBER(msg, i, msg_style);
-
- /* Skip messages which don't need a reply */
- if (style != PAM_PROMPT_ECHO_ON && style != PAM_PROMPT_ECHO_OFF)
- continue;
-
- context_pam2.prompts[j++] = i;
- if (text) {
- message_cat(&text, PAM_MSG_MEMBER(msg, i, msg));
- packet_put_cstring(text);
- text = NULL;
- } else
- packet_put_cstring(PAM_MSG_MEMBER(msg, i, msg));
- packet_put_char(style == PAM_PROMPT_ECHO_ON);
- }
- packet_send();
- packet_write_wait();
-
- /*
- * Grabbing control of execution and spinning until we get what
- * we want is probably rude, but it seems to work properly, and
- * the client *should* be in lock-step with us, so the loop should
- * only be traversed once.
- */
- while(context_pam2.finished == 0) {
- done = 1;
- dispatch_run(DISPATCH_BLOCK, &done, appdata_ptr);
- if(context_pam2.finished == 0)
- debug("extra packet during conversation");
- }
-
- if(context_pam2.num_received == context_pam2.num_expected) {
- *resp = context_pam2.responses;
- return PAM_SUCCESS;
- } else
- return PAM_CONV_ERR;
-}
-
-void
-input_userauth_info_response_pam(int type, int plen, void *ctxt)
-{
- Authctxt *authctxt = ctxt;
- unsigned int nresp = 0, rlen = 0, i = 0;
- char *resp;
-
- if (authctxt == NULL)
- fatal("input_userauth_info_response_pam: no authentication context");
-
- nresp = packet_get_int(); /* Number of responses. */
- debug("got %d responses", nresp);
-
- for (i = 0; i < nresp; i++) {
- int j = context_pam2.prompts[i];
-
- resp = packet_get_string(&rlen);
- context_pam2.responses[j].resp_retcode = PAM_SUCCESS;
- context_pam2.responses[j].resp = xstrdup(resp);
- xfree(resp);
- context_pam2.num_received++;
- }
-
- context_pam2.finished = 1;
-
- packet_done();
-}
-
-#endif
+++ /dev/null
-/* $Id$ */
-
-#include "includes.h"
-#ifdef USE_PAM
-
-int auth2_pam(Authctxt *authctxt);
-
-#endif /* USE_PAM */
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2-passwd.c,v 1.2 2002/05/31 11:35:15 markus Exp $");
+RCSID("$OpenBSD: auth2-passwd.c,v 1.4 2003/08/26 09:58:43 markus Exp $");
#include "xmalloc.h"
#include "packet.h"
u_int len;
change = packet_get_char();
if (change)
- log("password change not supported");
+ logit("password change not supported");
password = packet_get_string(&len);
packet_check_eom();
- if (authctxt->valid &&
+ if (PRIVSEP(auth_password(authctxt, password)) == 1
#ifdef HAVE_CYGWIN
- check_nt_auth(1, authctxt->pw) &&
+ && check_nt_auth(1, authctxt->pw)
#endif
- PRIVSEP(auth_password(authctxt, password)) == 1)
+ )
authenticated = 1;
memset(password, 0, len);
xfree(password);
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2-pubkey.c,v 1.2 2002/05/31 11:35:15 markus Exp $");
+RCSID("$OpenBSD: auth2-pubkey.c,v 1.4 2003/06/24 08:23:46 markus Exp $");
#include "ssh2.h"
#include "xmalloc.h"
/* import */
extern ServerOptions options;
extern u_char *session_id2;
-extern int session_id2_len;
+extern u_int session_id2_len;
static int
userauth_pubkey(Authctxt *authctxt)
pktype = key_type_from_name(pkalg);
if (pktype == KEY_UNSPEC) {
/* this is perfectly legal */
- log("userauth_pubkey: unsupported public key algorithm: %s",
+ logit("userauth_pubkey: unsupported public key algorithm: %s",
pkalg);
goto done;
}
if (options.strict_modes &&
secure_filename(f, file, pw, line, sizeof(line)) != 0) {
fclose(f);
- log("Authentication refused: %s", line);
+ logit("Authentication refused: %s", line);
restore_uid();
return 0;
}
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.95 2002/08/22 21:33:58 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.102 2003/08/26 09:58:43 markus Exp $");
#include "ssh2.h"
-#include "ssh1.h"
#include "xmalloc.h"
#include "packet.h"
#include "log.h"
/* import */
extern ServerOptions options;
extern u_char *session_id2;
-extern int session_id2_len;
+extern u_int session_id2_len;
Authctxt *x_authctxt = NULL;
/* methods */
extern Authmethod method_none;
-#ifdef GSSAPI
-extern Authmethod method_external;
-extern Authmethod method_gssapi;
-#endif
extern Authmethod method_pubkey;
extern Authmethod method_passwd;
extern Authmethod method_kbdint;
extern Authmethod method_hostbased;
+#ifdef GSSAPI
+extern Authmethod method_external;
+extern Authmethod method_gssapi;
+#endif
Authmethod *authmethods[] = {
&method_none,
&method_gssapi,
#endif
&method_pubkey,
+#ifdef GSSAPI
+ &method_gssapi,
+#endif
&method_passwd,
&method_kbdint,
&method_hostbased,
/* challenge-response is implemented via keyboard interactive */
if (options.challenge_response_authentication)
options.kbd_interactive_authentication = 1;
- if (options.pam_authentication_via_kbd_int)
- options.kbd_interactive_authentication = 1;
- if (use_privsep)
- options.pam_authentication_via_kbd_int = 0;
dispatch_init(&dispatch_protocol_error);
dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
authctxt->valid = 1;
debug2("input_userauth_request: setting up authctxt for %s", user);
#ifdef USE_PAM
- PRIVSEP(start_pam(authctxt->pw->pw_name));
+ if (options.use_pam)
+ PRIVSEP(start_pam(authctxt->pw->pw_name));
#endif
} else {
- authctxt->valid = 0;
- log("input_userauth_request: illegal user %s", user);
+ logit("input_userauth_request: illegal user %s", user);
+ authctxt->pw = fakepw();
#ifdef USE_PAM
- PRIVSEP(start_pam("NOUSER"));
+ if (options.use_pam)
+ PRIVSEP(start_pam(user));
#endif
}
#ifdef GSSAPI
authctxt->style = style ? xstrdup(style) : NULL;
if (use_privsep && (authctxt->attempt == 1))
mm_inform_authserv(service, style);
+ } else if (strcmp(service, authctxt->service) != 0) {
+ packet_disconnect("Change of service not allowed: "
+ "(%s,%s) -> (%s,%s)",
+ authctxt->user, authctxt->service, user, service);
}
/* reset state */
auth2_challenge_stop(authctxt);
debug2("input_userauth_request: try method %s", method);
authenticated = m->userauth(authctxt);
}
-
userauth_finish(authctxt, authenticated, method);
xfree(service);
authctxt->user);
/* Special handling for root */
- if (!use_privsep &&
- authenticated && authctxt->pw->pw_uid == 0 &&
+ if (authenticated && authctxt->pw->pw_uid == 0 &&
!auth_root_allowed(method))
authenticated = 0;
#ifdef USE_PAM
- if (!use_privsep && authenticated && authctxt->user &&
- !do_pam_account(authctxt->user, NULL))
+ if (options.use_pam && authenticated && !PRIVSEP(do_pam_account()))
authenticated = 0;
-#endif /* USE_PAM */
+#endif
#ifdef _UNICOS
if (authenticated && cray_access_denied(authctxt->user)) {
#endif /* _UNICOS */
/* Log before sending the reply */
- if (!compat20)
- auth_log(authctxt, authenticated, method, " ssh1");
- else
auth_log(authctxt, authenticated, method, " ssh2");
if (authctxt->postponed)
if (authenticated == 1) {
/* turn off userauth */
dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore);
- if (compat20) {
packet_start(SSH2_MSG_USERAUTH_SUCCESS);
packet_send();
packet_write_wait();
- }
/* now we can break out */
authctxt->success = 1;
} else {
- if (authctxt->failures++ > AUTH_FAIL_MAX) {
+ if (authctxt->failures++ > AUTH_FAIL_MAX)
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
- }
- if (!compat20) {
- /*
- * Break out of the dispatch loop now and go back to
- * SSH1 code. We need to set the 'success' flag to
- * break out of the loop. Set the 'postponed' flag to
- * tell the SSH1 code that authentication failed. The
- * SSH1 code will handle sending SSH_SMSG_FAILURE.
- */
- authctxt->success = authctxt->postponed = 1;
- } else {
-#ifdef _UNICOS
- if (strcmp(method, "password") == 0)
- cray_login_failure(authctxt->user, IA_UDBERR);
-#endif /* _UNICOS */
methods = authmethods_get();
packet_start(SSH2_MSG_USERAUTH_FAILURE);
packet_put_cstring(methods);
packet_send();
packet_write_wait();
xfree(methods);
- }
}
}
+++ /dev/null
-@%:@! /bin/sh
-@%:@ Guess values for system-dependent variables and create Makefiles.
-@%:@ Generated by GNU Autoconf 2.53.
-@%:@
-@%:@ Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, 2002
-@%:@ Free Software Foundation, Inc.
-@%:@ This configure script is free software; the Free Software Foundation
-@%:@ gives unlimited permission to copy, distribute and modify it.
-
-if expr a : '\(a\)' >/dev/null 2>&1; then
- as_expr=expr
-else
- as_expr=false
-fi
-
-
-## --------------------- ##
-## M4sh Initialization. ##
-## --------------------- ##
-
-# Be Bourne compatible
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
- emulate sh
- NULLCMD=:
-elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
- set -o posix
-fi
-
-# NLS nuisances.
-# Support unset when possible.
-if (FOO=FOO; unset FOO) >/dev/null 2>&1; then
- as_unset=unset
-else
- as_unset=false
-fi
-
-(set +x; test -n "`(LANG=C; export LANG) 2>&1`") &&
- { $as_unset LANG || test "${LANG+set}" != set; } ||
- { LANG=C; export LANG; }
-(set +x; test -n "`(LC_ALL=C; export LC_ALL) 2>&1`") &&
- { $as_unset LC_ALL || test "${LC_ALL+set}" != set; } ||
- { LC_ALL=C; export LC_ALL; }
-(set +x; test -n "`(LC_TIME=C; export LC_TIME) 2>&1`") &&
- { $as_unset LC_TIME || test "${LC_TIME+set}" != set; } ||
- { LC_TIME=C; export LC_TIME; }
-(set +x; test -n "`(LC_CTYPE=C; export LC_CTYPE) 2>&1`") &&
- { $as_unset LC_CTYPE || test "${LC_CTYPE+set}" != set; } ||
- { LC_CTYPE=C; export LC_CTYPE; }
-(set +x; test -n "`(LANGUAGE=C; export LANGUAGE) 2>&1`") &&
- { $as_unset LANGUAGE || test "${LANGUAGE+set}" != set; } ||
- { LANGUAGE=C; export LANGUAGE; }
-(set +x; test -n "`(LC_COLLATE=C; export LC_COLLATE) 2>&1`") &&
- { $as_unset LC_COLLATE || test "${LC_COLLATE+set}" != set; } ||
- { LC_COLLATE=C; export LC_COLLATE; }
-(set +x; test -n "`(LC_NUMERIC=C; export LC_NUMERIC) 2>&1`") &&
- { $as_unset LC_NUMERIC || test "${LC_NUMERIC+set}" != set; } ||
- { LC_NUMERIC=C; export LC_NUMERIC; }
-(set +x; test -n "`(LC_MESSAGES=C; export LC_MESSAGES) 2>&1`") &&
- { $as_unset LC_MESSAGES || test "${LC_MESSAGES+set}" != set; } ||
- { LC_MESSAGES=C; export LC_MESSAGES; }
-
-
-# Name of the executable.
-as_me=`(basename "$0") 2>/dev/null ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
- X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)$' \| \
- . : '\(.\)' 2>/dev/null ||
-echo X/"$0" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; }
- /^X\/\(\/\/\)$/{ s//\1/; q; }
- /^X\/\(\/\).*/{ s//\1/; q; }
- s/.*/./; q'`
-
-# PATH needs CR, and LINENO needs CR and PATH.
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
- echo "#! /bin/sh" >conftest.sh
- echo "exit 0" >>conftest.sh
- chmod +x conftest.sh
- if (PATH=".;."; conftest.sh) >/dev/null 2>&1; then
- PATH_SEPARATOR=';'
- else
- PATH_SEPARATOR=:
- fi
- rm -f conftest.sh
-fi
-
-
- as_lineno_1=$LINENO
- as_lineno_2=$LINENO
- as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
- test "x$as_lineno_1" != "x$as_lineno_2" &&
- test "x$as_lineno_3" = "x$as_lineno_2" || {
- # Find who we are. Look in the path if we contain no path at all
- # relative or not.
- case $0 in
- *[\\/]* ) as_myself=$0 ;;
- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
-done
-
- ;;
- esac
- # We did not find ourselves, most probably we were run as `sh COMMAND'
- # in which case we are not to be found in the path.
- if test "x$as_myself" = x; then
- as_myself=$0
- fi
- if test ! -f "$as_myself"; then
- { echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2
- { (exit 1); exit 1; }; }
- fi
- case $CONFIG_SHELL in
- '')
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for as_base in sh bash ksh sh5; do
- case $as_dir in
- /*)
- if ("$as_dir/$as_base" -c '
- as_lineno_1=$LINENO
- as_lineno_2=$LINENO
- as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
- test "x$as_lineno_1" != "x$as_lineno_2" &&
- test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then
- CONFIG_SHELL=$as_dir/$as_base
- export CONFIG_SHELL
- exec "$CONFIG_SHELL" "$0" ${1+"$@"}
- fi;;
- esac
- done
-done
-;;
- esac
-
- # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
- # uniformly replaced by the line number. The first 'sed' inserts a
- # line-number line before each line; the second 'sed' does the real
- # work. The second script uses 'N' to pair each line-number line
- # with the numbered line, and appends trailing '-' during
- # substitution so that $LINENO is not a special case at line end.
- # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
- # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-)
- sed '=' <$as_myself |
- sed '
- N
- s,$,-,
- : loop
- s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3,
- t loop
- s,-$,,
- s,^['$as_cr_digits']*\n,,
- ' >$as_me.lineno &&
- chmod +x $as_me.lineno ||
- { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
- { (exit 1); exit 1; }; }
-
- # Don't try to exec as it changes $[0], causing all sort of problems
- # (the dirname of $[0] is not the place where we might find the
- # original and so on. Autoconf is especially sensible to this).
- . ./$as_me.lineno
- # Exit status is that of the last command.
- exit
-}
-
-
-case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in
- *c*,-n*) ECHO_N= ECHO_C='
-' ECHO_T=' ' ;;
- *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;;
- *) ECHO_N= ECHO_C='\c' ECHO_T= ;;
-esac
-
-if expr a : '\(a\)' >/dev/null 2>&1; then
- as_expr=expr
-else
- as_expr=false
-fi
-
-rm -f conf$$ conf$$.exe conf$$.file
-echo >conf$$.file
-if ln -s conf$$.file conf$$ 2>/dev/null; then
- # We could just check for DJGPP; but this test a) works b) is more generic
- # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04).
- if test -f conf$$.exe; then
- # Don't use ln at all; we don't have any links
- as_ln_s='cp -p'
- else
- as_ln_s='ln -s'
- fi
-elif ln conf$$.file conf$$ 2>/dev/null; then
- as_ln_s=ln
-else
- as_ln_s='cp -p'
-fi
-rm -f conf$$ conf$$.exe conf$$.file
-
-as_executable_p="test -f"
-
-# Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="sed y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g"
-
-# Sed expression to map a string onto a valid variable name.
-as_tr_sh="sed y%*+%pp%;s%[^_$as_cr_alnum]%_%g"
-
-
-# IFS
-# We need space, tab and new line, in precisely that order.
-as_nl='
-'
-IFS=" $as_nl"
-
-# CDPATH.
-$as_unset CDPATH || test "${CDPATH+set}" != set || { CDPATH=$PATH_SEPARATOR; export CDPATH; }
-
-
-# Name of the host.
-# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
-# so uname gets run too.
-ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
-
-exec 6>&1
-
-#
-# Initializations.
-#
-ac_default_prefix=/usr/local
-cross_compiling=no
-subdirs=
-MFLAGS=
-MAKEFLAGS=
-SHELL=${CONFIG_SHELL-/bin/sh}
-
-# Maximum number of lines to put in a shell here document.
-# This variable seems obsolete. It should probably be removed, and
-# only ac_max_sed_lines should be used.
-: ${ac_max_here_lines=38}
-
-# Identity of this package.
-PACKAGE_NAME=
-PACKAGE_TARNAME=
-PACKAGE_VERSION=
-PACKAGE_STRING=
-PACKAGE_BUGREPORT=
-
-ac_unique_file="ssh.c"
-# Factoring default headers for most tests.
-ac_includes_default="\
-#include <stdio.h>
-#if HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#if HAVE_SYS_STAT_H
-# include <sys/stat.h>
-#endif
-#if STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# if HAVE_STDLIB_H
-# include <stdlib.h>
-# endif
-#endif
-#if HAVE_STRING_H
-# if !STDC_HEADERS && HAVE_MEMORY_H
-# include <memory.h>
-# endif
-# include <string.h>
-#endif
-#if HAVE_STRINGS_H
-# include <strings.h>
-#endif
-#if HAVE_INTTYPES_H
-# include <inttypes.h>
-#else
-# if HAVE_STDINT_H
-# include <stdint.h>
-# endif
-#endif
-#if HAVE_UNISTD_H
-# include <unistd.h>
-#endif"
-
-
-# Initialize some variables set by options.
-ac_init_help=
-ac_init_version=false
-# The variables have the same names as the options, with
-# dashes changed to underlines.
-cache_file=/dev/null
-exec_prefix=NONE
-no_create=
-no_recursion=
-prefix=NONE
-program_prefix=NONE
-program_suffix=NONE
-program_transform_name=s,x,x,
-silent=
-site=
-srcdir=
-verbose=
-x_includes=NONE
-x_libraries=NONE
-
-# Installation directory options.
-# These are left unexpanded so users can "make install exec_prefix=/foo"
-# and all the variables that are supposed to be based on exec_prefix
-# by default will actually change.
-# Use braces instead of parens because sh, perl, etc. also accept them.
-bindir='${exec_prefix}/bin'
-sbindir='${exec_prefix}/sbin'
-libexecdir='${exec_prefix}/libexec'
-datadir='${prefix}/share'
-sysconfdir='${prefix}/etc'
-sharedstatedir='${prefix}/com'
-localstatedir='${prefix}/var'
-libdir='${exec_prefix}/lib'
-includedir='${prefix}/include'
-oldincludedir='/usr/include'
-infodir='${prefix}/info'
-mandir='${prefix}/man'
-
-ac_prev=
-for ac_option
-do
- # If the previous option needs an argument, assign it.
- if test -n "$ac_prev"; then
- eval "$ac_prev=\$ac_option"
- ac_prev=
- continue
- fi
-
- ac_optarg=`expr "x$ac_option" : 'x[^=]*=\(.*\)'`
-
- # Accept the important Cygnus configure options, so we can diagnose typos.
-
- case $ac_option in
-
- -bindir | --bindir | --bindi | --bind | --bin | --bi)
- ac_prev=bindir ;;
- -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
- bindir=$ac_optarg ;;
-
- -build | --build | --buil | --bui | --bu)
- ac_prev=build_alias ;;
- -build=* | --build=* | --buil=* | --bui=* | --bu=*)
- build_alias=$ac_optarg ;;
-
- -cache-file | --cache-file | --cache-fil | --cache-fi \
- | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
- ac_prev=cache_file ;;
- -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
- | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
- cache_file=$ac_optarg ;;
-
- --config-cache | -C)
- cache_file=config.cache ;;
-
- -datadir | --datadir | --datadi | --datad | --data | --dat | --da)
- ac_prev=datadir ;;
- -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \
- | --da=*)
- datadir=$ac_optarg ;;
-
- -disable-* | --disable-*)
- ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null &&
- { echo "$as_me: error: invalid feature name: $ac_feature" >&2
- { (exit 1); exit 1; }; }
- ac_feature=`echo $ac_feature | sed 's/-/_/g'`
- eval "enable_$ac_feature=no" ;;
-
- -enable-* | --enable-*)
- ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null &&
- { echo "$as_me: error: invalid feature name: $ac_feature" >&2
- { (exit 1); exit 1; }; }
- ac_feature=`echo $ac_feature | sed 's/-/_/g'`
- case $ac_option in
- *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;;
- *) ac_optarg=yes ;;
- esac
- eval "enable_$ac_feature='$ac_optarg'" ;;
-
- -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
- | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
- | --exec | --exe | --ex)
- ac_prev=exec_prefix ;;
- -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
- | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
- | --exec=* | --exe=* | --ex=*)
- exec_prefix=$ac_optarg ;;
-
- -gas | --gas | --ga | --g)
- # Obsolete; use --with-gas.
- with_gas=yes ;;
-
- -help | --help | --hel | --he | -h)
- ac_init_help=long ;;
- -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
- ac_init_help=recursive ;;
- -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
- ac_init_help=short ;;
-
- -host | --host | --hos | --ho)
- ac_prev=host_alias ;;
- -host=* | --host=* | --hos=* | --ho=*)
- host_alias=$ac_optarg ;;
-
- -includedir | --includedir | --includedi | --included | --include \
- | --includ | --inclu | --incl | --inc)
- ac_prev=includedir ;;
- -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
- | --includ=* | --inclu=* | --incl=* | --inc=*)
- includedir=$ac_optarg ;;
-
- -infodir | --infodir | --infodi | --infod | --info | --inf)
- ac_prev=infodir ;;
- -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
- infodir=$ac_optarg ;;
-
- -libdir | --libdir | --libdi | --libd)
- ac_prev=libdir ;;
- -libdir=* | --libdir=* | --libdi=* | --libd=*)
- libdir=$ac_optarg ;;
-
- -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
- | --libexe | --libex | --libe)
- ac_prev=libexecdir ;;
- -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
- | --libexe=* | --libex=* | --libe=*)
- libexecdir=$ac_optarg ;;
-
- -localstatedir | --localstatedir | --localstatedi | --localstated \
- | --localstate | --localstat | --localsta | --localst \
- | --locals | --local | --loca | --loc | --lo)
- ac_prev=localstatedir ;;
- -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
- | --localstate=* | --localstat=* | --localsta=* | --localst=* \
- | --locals=* | --local=* | --loca=* | --loc=* | --lo=*)
- localstatedir=$ac_optarg ;;
-
- -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
- ac_prev=mandir ;;
- -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
- mandir=$ac_optarg ;;
-
- -nfp | --nfp | --nf)
- # Obsolete; use --without-fp.
- with_fp=no ;;
-
- -no-create | --no-create | --no-creat | --no-crea | --no-cre \
- | --no-cr | --no-c | -n)
- no_create=yes ;;
-
- -no-recursion | --no-recursion | --no-recursio | --no-recursi \
- | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
- no_recursion=yes ;;
-
- -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
- | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
- | --oldin | --oldi | --old | --ol | --o)
- ac_prev=oldincludedir ;;
- -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
- | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
- | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
- oldincludedir=$ac_optarg ;;
-
- -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
- ac_prev=prefix ;;
- -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
- prefix=$ac_optarg ;;
-
- -program-prefix | --program-prefix | --program-prefi | --program-pref \
- | --program-pre | --program-pr | --program-p)
- ac_prev=program_prefix ;;
- -program-prefix=* | --program-prefix=* | --program-prefi=* \
- | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
- program_prefix=$ac_optarg ;;
-
- -program-suffix | --program-suffix | --program-suffi | --program-suff \
- | --program-suf | --program-su | --program-s)
- ac_prev=program_suffix ;;
- -program-suffix=* | --program-suffix=* | --program-suffi=* \
- | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
- program_suffix=$ac_optarg ;;
-
- -program-transform-name | --program-transform-name \
- | --program-transform-nam | --program-transform-na \
- | --program-transform-n | --program-transform- \
- | --program-transform | --program-transfor \
- | --program-transfo | --program-transf \
- | --program-trans | --program-tran \
- | --progr-tra | --program-tr | --program-t)
- ac_prev=program_transform_name ;;
- -program-transform-name=* | --program-transform-name=* \
- | --program-transform-nam=* | --program-transform-na=* \
- | --program-transform-n=* | --program-transform-=* \
- | --program-transform=* | --program-transfor=* \
- | --program-transfo=* | --program-transf=* \
- | --program-trans=* | --program-tran=* \
- | --progr-tra=* | --program-tr=* | --program-t=*)
- program_transform_name=$ac_optarg ;;
-
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil)
- silent=yes ;;
-
- -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
- ac_prev=sbindir ;;
- -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
- | --sbi=* | --sb=*)
- sbindir=$ac_optarg ;;
-
- -sharedstatedir | --sharedstatedir | --sharedstatedi \
- | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
- | --sharedst | --shareds | --shared | --share | --shar \
- | --sha | --sh)
- ac_prev=sharedstatedir ;;
- -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
- | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
- | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
- | --sha=* | --sh=*)
- sharedstatedir=$ac_optarg ;;
-
- -site | --site | --sit)
- ac_prev=site ;;
- -site=* | --site=* | --sit=*)
- site=$ac_optarg ;;
-
- -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
- ac_prev=srcdir ;;
- -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
- srcdir=$ac_optarg ;;
-
- -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
- | --syscon | --sysco | --sysc | --sys | --sy)
- ac_prev=sysconfdir ;;
- -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
- | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
- sysconfdir=$ac_optarg ;;
-
- -target | --target | --targe | --targ | --tar | --ta | --t)
- ac_prev=target_alias ;;
- -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
- target_alias=$ac_optarg ;;
-
- -v | -verbose | --verbose | --verbos | --verbo | --verb)
- verbose=yes ;;
-
- -version | --version | --versio | --versi | --vers | -V)
- ac_init_version=: ;;
-
- -with-* | --with-*)
- ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null &&
- { echo "$as_me: error: invalid package name: $ac_package" >&2
- { (exit 1); exit 1; }; }
- ac_package=`echo $ac_package| sed 's/-/_/g'`
- case $ac_option in
- *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;;
- *) ac_optarg=yes ;;
- esac
- eval "with_$ac_package='$ac_optarg'" ;;
-
- -without-* | --without-*)
- ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'`
- # Reject names that are not valid shell variable names.
- expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null &&
- { echo "$as_me: error: invalid package name: $ac_package" >&2
- { (exit 1); exit 1; }; }
- ac_package=`echo $ac_package | sed 's/-/_/g'`
- eval "with_$ac_package=no" ;;
-
- --x)
- # Obsolete; use --with-x.
- with_x=yes ;;
-
- -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
- | --x-incl | --x-inc | --x-in | --x-i)
- ac_prev=x_includes ;;
- -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
- | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
- x_includes=$ac_optarg ;;
-
- -x-libraries | --x-libraries | --x-librarie | --x-librari \
- | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
- ac_prev=x_libraries ;;
- -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
- | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
- x_libraries=$ac_optarg ;;
-
- -*) { echo "$as_me: error: unrecognized option: $ac_option
-Try \`$0 --help' for more information." >&2
- { (exit 1); exit 1; }; }
- ;;
-
- *=*)
- ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
- # Reject names that are not valid shell variable names.
- expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null &&
- { echo "$as_me: error: invalid variable name: $ac_envvar" >&2
- { (exit 1); exit 1; }; }
- ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`
- eval "$ac_envvar='$ac_optarg'"
- export $ac_envvar ;;
-
- *)
- # FIXME: should be removed in autoconf 3.0.
- echo "$as_me: WARNING: you should use --build, --host, --target" >&2
- expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
- echo "$as_me: WARNING: invalid host type: $ac_option" >&2
- : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
- ;;
-
- esac
-done
-
-if test -n "$ac_prev"; then
- ac_option=--`echo $ac_prev | sed 's/_/-/g'`
- { echo "$as_me: error: missing argument to $ac_option" >&2
- { (exit 1); exit 1; }; }
-fi
-
-# Be sure to have absolute paths.
-for ac_var in exec_prefix prefix
-do
- eval ac_val=$`echo $ac_var`
- case $ac_val in
- [\\/$]* | ?:[\\/]* | NONE | '' ) ;;
- *) { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
- { (exit 1); exit 1; }; };;
- esac
-done
-
-# Be sure to have absolute paths.
-for ac_var in bindir sbindir libexecdir datadir sysconfdir sharedstatedir \
- localstatedir libdir includedir oldincludedir infodir mandir
-do
- eval ac_val=$`echo $ac_var`
- case $ac_val in
- [\\/$]* | ?:[\\/]* ) ;;
- *) { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
- { (exit 1); exit 1; }; };;
- esac
-done
-
-# There might be people who depend on the old broken behavior: `$host'
-# used to hold the argument of --host etc.
-# FIXME: To remove some day.
-build=$build_alias
-host=$host_alias
-target=$target_alias
-
-# FIXME: To remove some day.
-if test "x$host_alias" != x; then
- if test "x$build_alias" = x; then
- cross_compiling=maybe
- echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host.
- If a cross compiler is detected then cross compile mode will be used." >&2
- elif test "x$build_alias" != "x$host_alias"; then
- cross_compiling=yes
- fi
-fi
-
-ac_tool_prefix=
-test -n "$host_alias" && ac_tool_prefix=$host_alias-
-
-test "$silent" = yes && exec 6>/dev/null
-
-
-# Find the source files, if location was not specified.
-if test -z "$srcdir"; then
- ac_srcdir_defaulted=yes
- # Try the directory containing this script, then its parent.
- ac_confdir=`(dirname "$0") 2>/dev/null ||
-$as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$0" : 'X\(//\)[^/]' \| \
- X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)' \| \
- . : '\(.\)' 2>/dev/null ||
-echo X"$0" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
- /^X\(\/\/\)[^/].*/{ s//\1/; q; }
- /^X\(\/\/\)$/{ s//\1/; q; }
- /^X\(\/\).*/{ s//\1/; q; }
- s/.*/./; q'`
- srcdir=$ac_confdir
- if test ! -r $srcdir/$ac_unique_file; then
- srcdir=..
- fi
-else
- ac_srcdir_defaulted=no
-fi
-if test ! -r $srcdir/$ac_unique_file; then
- if test "$ac_srcdir_defaulted" = yes; then
- { echo "$as_me: error: cannot find sources ($ac_unique_file) in $ac_confdir or .." >&2
- { (exit 1); exit 1; }; }
- else
- { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2
- { (exit 1); exit 1; }; }
- fi
-fi
-srcdir=`echo "$srcdir" | sed 's%\([^\\/]\)[\\/]*$%\1%'`
-ac_env_build_alias_set=${build_alias+set}
-ac_env_build_alias_value=$build_alias
-ac_cv_env_build_alias_set=${build_alias+set}
-ac_cv_env_build_alias_value=$build_alias
-ac_env_host_alias_set=${host_alias+set}
-ac_env_host_alias_value=$host_alias
-ac_cv_env_host_alias_set=${host_alias+set}
-ac_cv_env_host_alias_value=$host_alias
-ac_env_target_alias_set=${target_alias+set}
-ac_env_target_alias_value=$target_alias
-ac_cv_env_target_alias_set=${target_alias+set}
-ac_cv_env_target_alias_value=$target_alias
-ac_env_CC_set=${CC+set}
-ac_env_CC_value=$CC
-ac_cv_env_CC_set=${CC+set}
-ac_cv_env_CC_value=$CC
-ac_env_CFLAGS_set=${CFLAGS+set}
-ac_env_CFLAGS_value=$CFLAGS
-ac_cv_env_CFLAGS_set=${CFLAGS+set}
-ac_cv_env_CFLAGS_value=$CFLAGS
-ac_env_LDFLAGS_set=${LDFLAGS+set}
-ac_env_LDFLAGS_value=$LDFLAGS
-ac_cv_env_LDFLAGS_set=${LDFLAGS+set}
-ac_cv_env_LDFLAGS_value=$LDFLAGS
-ac_env_CPPFLAGS_set=${CPPFLAGS+set}
-ac_env_CPPFLAGS_value=$CPPFLAGS
-ac_cv_env_CPPFLAGS_set=${CPPFLAGS+set}
-ac_cv_env_CPPFLAGS_value=$CPPFLAGS
-ac_env_CPP_set=${CPP+set}
-ac_env_CPP_value=$CPP
-ac_cv_env_CPP_set=${CPP+set}
-ac_cv_env_CPP_value=$CPP
-
-#
-# Report the --help message.
-#
-if test "$ac_init_help" = "long"; then
- # Omit some internal or obsolete options to make the list less imposing.
- # This message is too long to be a string in the A/UX 3.1 sh.
- cat <<_ACEOF
-\`configure' configures this package to adapt to many kinds of systems.
-
-Usage: $0 [OPTION]... [VAR=VALUE]...
-
-To assign environment variables (e.g., CC, CFLAGS...), specify them as
-VAR=VALUE. See below for descriptions of some of the useful variables.
-
-Defaults for the options are specified in brackets.
-
-Configuration:
- -h, --help display this help and exit
- --help=short display options specific to this package
- --help=recursive display the short help of all the included packages
- -V, --version display version information and exit
- -q, --quiet, --silent do not print \`checking...' messages
- --cache-file=FILE cache test results in FILE [disabled]
- -C, --config-cache alias for \`--cache-file=config.cache'
- -n, --no-create do not create output files
- --srcdir=DIR find the sources in DIR [configure dir or \`..']
-
-_ACEOF
-
- cat <<_ACEOF
-Installation directories:
- --prefix=PREFIX install architecture-independent files in PREFIX
- [$ac_default_prefix]
- --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
- [PREFIX]
-
-By default, \`make install' will install all the files in
-\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
-an installation prefix other than \`$ac_default_prefix' using \`--prefix',
-for instance \`--prefix=\$HOME'.
-
-For better control, use the options below.
-
-Fine tuning of the installation directories:
- --bindir=DIR user executables [EPREFIX/bin]
- --sbindir=DIR system admin executables [EPREFIX/sbin]
- --libexecdir=DIR program executables [EPREFIX/libexec]
- --datadir=DIR read-only architecture-independent data [PREFIX/share]
- --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
- --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
- --localstatedir=DIR modifiable single-machine data [PREFIX/var]
- --libdir=DIR object code libraries [EPREFIX/lib]
- --includedir=DIR C header files [PREFIX/include]
- --oldincludedir=DIR C header files for non-gcc [/usr/include]
- --infodir=DIR info documentation [PREFIX/info]
- --mandir=DIR man documentation [PREFIX/man]
-_ACEOF
-
- cat <<\_ACEOF
-
-System types:
- --build=BUILD configure for building on BUILD [guessed]
- --host=HOST cross-compile to build programs to run on HOST [BUILD]
-_ACEOF
-fi
-
-if test -n "$ac_init_help"; then
-
- cat <<\_ACEOF
-
-Optional Features:
- --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
- --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
- --disable-largefile omit support for large files
- --enable-suid-ssh Install ssh as suid root (default)
- --disable-suid-ssh Install ssh without suid bit
- --disable-lastlog disable use of lastlog even if detected no
- --disable-utmp disable use of utmp even if detected no
- --disable-utmpx disable use of utmpx even if detected no
- --disable-wtmp disable use of wtmp even if detected no
- --disable-wtmpx disable use of wtmpx even if detected no
- --disable-libutil disable use of libutil (login() etc.) no
- --disable-pututline disable use of pututline() etc. (uwtmp) no
- --disable-pututxline disable use of pututxline() etc. (uwtmpx) no
-
-Optional Packages:
- --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
- --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
- --with-osfsia Enable Digital Unix SIA
- --with-cflags Specify additional flags to pass to compiler
- --with-cppflags Specify additional flags to pass to preprocessor
- --with-ldflags Specify additional flags to pass to linker
- --with-libs Specify additional libraries to link with
- --without-rpath Disable auto-added -R linker paths
- --with-zlib=PATH Use zlib in PATH
- --with-skey[=PATH] Enable S/Key support
- (optionally in PATH)
- --with-tcp-wrappers[=PATH] Enable tcpwrappers support
- (optionally in PATH)
- --with-pam Enable PAM support
- --with-ssl-dir=PATH Specify path to OpenSSL installation
- --with-rand-helper Use subprocess to gather strong randomness
- --with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT
- --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)
- --with-entropy-timeout Specify entropy gathering command timeout (msec)
- --with-privsep-user=user Specify non-privileged user for privilege separation
- --with-sectok Enable smartcard support using libsectok
- --with-opensc=PFX Enable smartcard support using OpenSC
- --with-kerberos5=PATH Enable Kerberos 5 support
- --with-kerberos4=PATH Enable Kerberos 4 support
- --with-afs=PATH Enable AFS support
- --with-rsh=PATH Specify path to remote shell program
- --with-privsep-path=xxx Path for privilege seperation chroot
- --with-xauth=PATH Specify path to xauth program
- --with-mantype=man|cat|doc Set man page type
- --with-md5-passwords Enable use of MD5 passwords
- --without-shadow Disable shadow password support
- --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY
- --with-default-path= Specify default \$PATH environment for server
- --with-superuser-path= Specify different path for super-user
- --with-ipv4-default Use IPv4 by connections unless '-6' specified
- --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses
- --with-bsd-auth Enable BSD auth support
- --with-pid-dir=PATH Specify location of ssh.pid file
- --with-lastlog=FILE|DIR specify lastlog location common locations
-
-Some influential environment variables:
- CC C compiler command
- CFLAGS C compiler flags
- LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
- nonstandard directory <lib dir>
- CPPFLAGS C/C++ preprocessor flags, e.g. -I<include dir> if you have
- headers in a nonstandard directory <include dir>
- CPP C preprocessor
-
-Use these variables to override the choices made by `configure' or to help
-it to find libraries and programs with nonstandard names/locations.
-
-_ACEOF
-fi
-
-if test "$ac_init_help" = "recursive"; then
- # If there are subdirs, report their specific --help.
- ac_popdir=`pwd`
- for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
- test -d $ac_dir || continue
- ac_builddir=.
-
-if test "$ac_dir" != .; then
- ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
- # A "../" for each directory in $ac_dir_suffix.
- ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
-else
- ac_dir_suffix= ac_top_builddir=
-fi
-
-case $srcdir in
- .) # No --srcdir option. We are building in place.
- ac_srcdir=.
- if test -z "$ac_top_builddir"; then
- ac_top_srcdir=.
- else
- ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
- fi ;;
- [\\/]* | ?:[\\/]* ) # Absolute path.
- ac_srcdir=$srcdir$ac_dir_suffix;
- ac_top_srcdir=$srcdir ;;
- *) # Relative path.
- ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
- ac_top_srcdir=$ac_top_builddir$srcdir ;;
-esac
-# Don't blindly perform a `cd "$ac_dir"/$ac_foo && pwd` since $ac_foo can be
-# absolute.
-ac_abs_builddir=`cd "$ac_dir" && cd $ac_builddir && pwd`
-ac_abs_top_builddir=`cd "$ac_dir" && cd $ac_top_builddir && pwd`
-ac_abs_srcdir=`cd "$ac_dir" && cd $ac_srcdir && pwd`
-ac_abs_top_srcdir=`cd "$ac_dir" && cd $ac_top_srcdir && pwd`
-
- cd $ac_dir
- # Check for guested configure; otherwise get Cygnus style configure.
- if test -f $ac_srcdir/configure.gnu; then
- echo
- $SHELL $ac_srcdir/configure.gnu --help=recursive
- elif test -f $ac_srcdir/configure; then
- echo
- $SHELL $ac_srcdir/configure --help=recursive
- elif test -f $ac_srcdir/configure.ac ||
- test -f $ac_srcdir/configure.in; then
- echo
- $ac_configure --help
- else
- echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
- fi
- cd $ac_popdir
- done
-fi
-
-test -n "$ac_init_help" && exit 0
-if $ac_init_version; then
- cat <<\_ACEOF
-
-Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, 2002
-Free Software Foundation, Inc.
-This configure script is free software; the Free Software Foundation
-gives unlimited permission to copy, distribute and modify it.
-_ACEOF
- exit 0
-fi
-exec 5>config.log
-cat >&5 <<_ACEOF
-This file contains any messages produced by compilers while
-running configure, to aid debugging if configure makes a mistake.
-
-It was created by $as_me, which was
-generated by GNU Autoconf 2.53. Invocation command line was
-
- $ $0 $@
-
-_ACEOF
-{
-cat <<_ASUNAME
-@%:@@%:@ --------- @%:@@%:@
-@%:@@%:@ Platform. @%:@@%:@
-@%:@@%:@ --------- @%:@@%:@
-
-hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
-uname -m = `(uname -m) 2>/dev/null || echo unknown`
-uname -r = `(uname -r) 2>/dev/null || echo unknown`
-uname -s = `(uname -s) 2>/dev/null || echo unknown`
-uname -v = `(uname -v) 2>/dev/null || echo unknown`
-
-/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
-/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
-
-/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
-/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
-/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
-hostinfo = `(hostinfo) 2>/dev/null || echo unknown`
-/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
-/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
-/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
-
-_ASUNAME
-
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- echo "PATH: $as_dir"
-done
-
-} >&5
-
-cat >&5 <<_ACEOF
-
-
-@%:@@%:@ ----------- @%:@@%:@
-@%:@@%:@ Core tests. @%:@@%:@
-@%:@@%:@ ----------- @%:@@%:@
-
-_ACEOF
-
-
-# Keep a trace of the command line.
-# Strip out --no-create and --no-recursion so they do not pile up.
-# Also quote any args containing shell meta-characters.
-ac_configure_args=
-ac_sep=
-for ac_arg
-do
- case $ac_arg in
- -no-create | --no-create | --no-creat | --no-crea | --no-cre \
- | --no-cr | --no-c | -n ) continue ;;
- -no-recursion | --no-recursion | --no-recursio | --no-recursi \
- | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
- continue ;;
- *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*)
- ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
- esac
- case " $ac_configure_args " in
- *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
- *) ac_configure_args="$ac_configure_args$ac_sep'$ac_arg'"
- ac_sep=" " ;;
- esac
- # Get rid of the leading space.
-done
-
-# When interrupted or exit'd, cleanup temporary files, and complete
-# config.log. We remove comments because anyway the quotes in there
-# would cause problems or look ugly.
-# WARNING: Be sure not to use single quotes in there, as some shells,
-# such as our DU 5.0 friend, will then `close' the trap.
-trap 'exit_status=$?
- # Save into config.log some information that might help in debugging.
- {
- echo
- cat <<\_ASBOX
-@%:@@%:@ ---------------- @%:@@%:@
-@%:@@%:@ Cache variables. @%:@@%:@
-@%:@@%:@ ---------------- @%:@@%:@
-_ASBOX
- echo
- # The following way of writing the cache mishandles newlines in values,
-{
- (set) 2>&1 |
- case `(ac_space='"'"' '"'"'; set | grep ac_space) 2>&1` in
- *ac_space=\ *)
- sed -n \
- "s/'"'"'/'"'"'\\\\'"'"''"'"'/g;
- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='"'"'\\2'"'"'/p"
- ;;
- *)
- sed -n \
- "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p"
- ;;
- esac;
-}
- echo
- if test -s confdefs.h; then
- cat <<\_ASBOX
-@%:@@%:@ ----------- @%:@@%:@
-@%:@@%:@ confdefs.h. @%:@@%:@
-@%:@@%:@ ----------- @%:@@%:@
-_ASBOX
- echo
- sed "/^$/d" confdefs.h
- echo
- fi
- test "$ac_signal" != 0 &&
- echo "$as_me: caught signal $ac_signal"
- echo "$as_me: exit $exit_status"
- } >&5
- rm -f core core.* *.core &&
- rm -rf conftest* confdefs* conf$$* $ac_clean_files &&
- exit $exit_status
- ' 0
-for ac_signal in 1 2 13 15; do
- trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal
-done
-ac_signal=0
-
-# confdefs.h avoids OS command line length limits that DEFS can exceed.
-rm -rf conftest* confdefs.h
-# AIX cpp loses on an empty file, so make sure it contains at least a newline.
-echo >confdefs.h
-
-# Predefined preprocessor variables.
-
-cat >>confdefs.h <<_ACEOF
-@%:@define PACKAGE_NAME "$PACKAGE_NAME"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-@%:@define PACKAGE_TARNAME "$PACKAGE_TARNAME"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-@%:@define PACKAGE_VERSION "$PACKAGE_VERSION"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-@%:@define PACKAGE_STRING "$PACKAGE_STRING"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-@%:@define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
-_ACEOF
-
-
-# Let the site file select an alternate cache file if it wants to.
-# Prefer explicitly selected file to automatically selected ones.
-if test -z "$CONFIG_SITE"; then
- if test "x$prefix" != xNONE; then
- CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site"
- else
- CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site"
- fi
-fi
-for ac_site_file in $CONFIG_SITE; do
- if test -r "$ac_site_file"; then
- { echo "$as_me:$LINENO: loading site script $ac_site_file" >&5
-echo "$as_me: loading site script $ac_site_file" >&6;}
- sed 's/^/| /' "$ac_site_file" >&5
- . "$ac_site_file"
- fi
-done
-
-if test -r "$cache_file"; then
- # Some versions of bash will fail to source /dev/null (special
- # files actually), so we avoid doing that.
- if test -f "$cache_file"; then
- { echo "$as_me:$LINENO: loading cache $cache_file" >&5
-echo "$as_me: loading cache $cache_file" >&6;}
- case $cache_file in
- [\\/]* | ?:[\\/]* ) . $cache_file;;
- *) . ./$cache_file;;
- esac
- fi
-else
- { echo "$as_me:$LINENO: creating cache $cache_file" >&5
-echo "$as_me: creating cache $cache_file" >&6;}
- >$cache_file
-fi
-
-# Check that the precious variables saved in the cache have kept the same
-# value.
-ac_cache_corrupted=false
-for ac_var in `(set) 2>&1 |
- sed -n 's/^ac_env_\([a-zA-Z_0-9]*\)_set=.*/\1/p'`; do
- eval ac_old_set=\$ac_cv_env_${ac_var}_set
- eval ac_new_set=\$ac_env_${ac_var}_set
- eval ac_old_val="\$ac_cv_env_${ac_var}_value"
- eval ac_new_val="\$ac_env_${ac_var}_value"
- case $ac_old_set,$ac_new_set in
- set,)
- { echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
-echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,set)
- { echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5
-echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,);;
- *)
- if test "x$ac_old_val" != "x$ac_new_val"; then
- { echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5
-echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
- { echo "$as_me:$LINENO: former value: $ac_old_val" >&5
-echo "$as_me: former value: $ac_old_val" >&2;}
- { echo "$as_me:$LINENO: current value: $ac_new_val" >&5
-echo "$as_me: current value: $ac_new_val" >&2;}
- ac_cache_corrupted=:
- fi;;
- esac
- # Pass precious variables to config.status.
- if test "$ac_new_set" = set; then
- case $ac_new_val in
- *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*)
- ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
- *) ac_arg=$ac_var=$ac_new_val ;;
- esac
- case " $ac_configure_args " in
- *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
- *) ac_configure_args="$ac_configure_args '$ac_arg'" ;;
- esac
- fi
-done
-if $ac_cache_corrupted; then
- { echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5
-echo "$as_me: error: changes in the environment can compromise the build" >&2;}
- { { echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5
-echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;}
- { (exit 1); exit 1; }; }
-fi
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-ac_config_headers="$ac_config_headers config.h"
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}gcc; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_CC+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="${ac_tool_prefix}gcc"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-fi
-if test -z "$ac_cv_prog_CC"; then
- ac_ct_CC=$CC
- # Extract the first word of "gcc", so it can be a program name with args.
-set dummy gcc; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="gcc"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
-echo "${ECHO_T}$ac_ct_CC" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- CC=$ac_ct_CC
-else
- CC="$ac_cv_prog_CC"
-fi
-
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}cc; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_CC+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="${ac_tool_prefix}cc"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-fi
-if test -z "$ac_cv_prog_CC"; then
- ac_ct_CC=$CC
- # Extract the first word of "cc", so it can be a program name with args.
-set dummy cc; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="cc"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
-echo "${ECHO_T}$ac_ct_CC" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- CC=$ac_ct_CC
-else
- CC="$ac_cv_prog_CC"
-fi
-
-fi
-if test -z "$CC"; then
- # Extract the first word of "cc", so it can be a program name with args.
-set dummy cc; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_CC+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
- ac_prog_rejected=no
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
- ac_prog_rejected=yes
- continue
- fi
- ac_cv_prog_CC="cc"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
-if test $ac_prog_rejected = yes; then
- # We found a bogon in the path, so make sure we never use it.
- set dummy $ac_cv_prog_CC
- shift
- if test $@%:@ != 0; then
- # We chose a different compiler from the bogus one.
- # However, it has the same basename, so the bogon will be chosen
- # first if we set CC to just the basename; use the full file name.
- shift
- set dummy "$as_dir/$ac_word" ${1+"$@"}
- shift
- ac_cv_prog_CC="$@"
- fi
-fi
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-fi
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- for ac_prog in cl
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_CC+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- test -n "$CC" && break
- done
-fi
-if test -z "$CC"; then
- ac_ct_CC=$CC
- for ac_prog in cl
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_CC="$ac_prog"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
-echo "${ECHO_T}$ac_ct_CC" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- test -n "$ac_ct_CC" && break
-done
-
- CC=$ac_ct_CC
-fi
-
-fi
-
-
-test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH" >&5
-echo "$as_me: error: no acceptable C compiler found in \$PATH" >&2;}
- { (exit 1); exit 1; }; }
-
-# Provide some information about the compiler.
-echo "$as_me:$LINENO:" \
- "checking for C compiler version" >&5
-ac_compiler=`set X $ac_compile; echo $2`
-{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5
- (eval $ac_compiler --version </dev/null >&5) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
-{ (eval echo "$as_me:$LINENO: \"$ac_compiler -v </dev/null >&5\"") >&5
- (eval $ac_compiler -v </dev/null >&5) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
-{ (eval echo "$as_me:$LINENO: \"$ac_compiler -V </dev/null >&5\"") >&5
- (eval $ac_compiler -V </dev/null >&5) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
-
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files a.out a.exe"
-# Try to create an executable without -o first, disregard a.out.
-# It will help us diagnose broken compilers, and finding out an intuition
-# of exeext.
-echo "$as_me:$LINENO: checking for C compiler default output" >&5
-echo $ECHO_N "checking for C compiler default output... $ECHO_C" >&6
-ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
-if { (eval echo "$as_me:$LINENO: \"$ac_link_default\"") >&5
- (eval $ac_link_default) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; then
- # Find the output, starting from the most likely. This scheme is
-# not robust to junk in `.', hence go to wildcards (a.*) only as a last
-# resort.
-
-# Be careful to initialize this variable, since it used to be cached.
-# Otherwise an old cache value of `no' led to `EXEEXT = no' in a Makefile.
-ac_cv_exeext=
-for ac_file in `ls a_out.exe a.exe conftest.exe 2>/dev/null;
- ls a.out conftest 2>/dev/null;
- ls a.* conftest.* 2>/dev/null`; do
- case $ac_file in
- *.$ac_ext | *.o | *.obj | *.xcoff | *.tds | *.d | *.pdb | *.xSYM ) ;;
- a.out ) # We found the default executable, but exeext='' is most
- # certainly right.
- break;;
- *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
- # FIXME: I believe we export ac_cv_exeext for Libtool --akim.
- export ac_cv_exeext
- break;;
- * ) break;;
- esac
-done
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-{ { echo "$as_me:$LINENO: error: C compiler cannot create executables" >&5
-echo "$as_me: error: C compiler cannot create executables" >&2;}
- { (exit 77); exit 77; }; }
-fi
-
-ac_exeext=$ac_cv_exeext
-echo "$as_me:$LINENO: result: $ac_file" >&5
-echo "${ECHO_T}$ac_file" >&6
-
-# Check the compiler produces executables we can run. If not, either
-# the compiler is broken, or we cross compile.
-echo "$as_me:$LINENO: checking whether the C compiler works" >&5
-echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6
-# FIXME: These cross compiler hacks should be removed for Autoconf 3.0
-# If not cross compiling, check that we can run a simple program.
-if test "$cross_compiling" != yes; then
- if { ac_try='./$ac_file'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- cross_compiling=no
- else
- if test "$cross_compiling" = maybe; then
- cross_compiling=yes
- else
- { { echo "$as_me:$LINENO: error: cannot run C compiled programs.
-If you meant to cross compile, use \`--host'." >&5
-echo "$as_me: error: cannot run C compiled programs.
-If you meant to cross compile, use \`--host'." >&2;}
- { (exit 1); exit 1; }; }
- fi
- fi
-fi
-echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-
-rm -f a.out a.exe conftest$ac_cv_exeext
-ac_clean_files=$ac_clean_files_save
-# Check the compiler produces executables we can run. If not, either
-# the compiler is broken, or we cross compile.
-echo "$as_me:$LINENO: checking whether we are cross compiling" >&5
-echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6
-echo "$as_me:$LINENO: result: $cross_compiling" >&5
-echo "${ECHO_T}$cross_compiling" >&6
-
-echo "$as_me:$LINENO: checking for suffix of executables" >&5
-echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; then
- # If both `conftest.exe' and `conftest' are `present' (well, observable)
-# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
-# work properly (i.e., refer to `conftest.exe'), while it won't with
-# `rm'.
-for ac_file in `(ls conftest.exe; ls conftest; ls conftest.*) 2>/dev/null`; do
- case $ac_file in
- *.$ac_ext | *.o | *.obj | *.xcoff | *.tds | *.d | *.pdb ) ;;
- *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
- export ac_cv_exeext
- break;;
- * ) break;;
- esac
-done
-else
- { { echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link" >&5
-echo "$as_me: error: cannot compute suffix of executables: cannot compile and link" >&2;}
- { (exit 1); exit 1; }; }
-fi
-
-rm -f conftest$ac_cv_exeext
-echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5
-echo "${ECHO_T}$ac_cv_exeext" >&6
-
-rm -f conftest.$ac_ext
-EXEEXT=$ac_cv_exeext
-ac_exeext=$EXEEXT
-echo "$as_me:$LINENO: checking for suffix of object files" >&5
-echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6
-if test "${ac_cv_objext+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.o conftest.obj
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; then
- for ac_file in `(ls conftest.o conftest.obj; ls conftest.*) 2>/dev/null`; do
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb ) ;;
- *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
- break;;
- esac
-done
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-{ { echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile" >&5
-echo "$as_me: error: cannot compute suffix of object files: cannot compile" >&2;}
- { (exit 1); exit 1; }; }
-fi
-
-rm -f conftest.$ac_cv_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_objext" >&5
-echo "${ECHO_T}$ac_cv_objext" >&6
-OBJEXT=$ac_cv_objext
-ac_objext=$OBJEXT
-echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5
-echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6
-if test "${ac_cv_c_compiler_gnu+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-#ifndef __GNUC__
- choke me
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_compiler_gnu=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_compiler_gnu=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-ac_cv_c_compiler_gnu=$ac_compiler_gnu
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5
-echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6
-GCC=`test $ac_compiler_gnu = yes && echo yes`
-ac_test_CFLAGS=${CFLAGS+set}
-ac_save_CFLAGS=$CFLAGS
-CFLAGS="-g"
-echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5
-echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6
-if test "${ac_cv_prog_cc_g+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_prog_cc_g=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_prog_cc_g=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5
-echo "${ECHO_T}$ac_cv_prog_cc_g" >&6
-if test "$ac_test_CFLAGS" = set; then
- CFLAGS=$ac_save_CFLAGS
-elif test $ac_cv_prog_cc_g = yes; then
- if test "$GCC" = yes; then
- CFLAGS="-g -O2"
- else
- CFLAGS="-g"
- fi
-else
- if test "$GCC" = yes; then
- CFLAGS="-O2"
- else
- CFLAGS=
- fi
-fi
-# Some people use a C++ compiler to compile C. Since we use `exit',
-# in C++ we need to declare it. In case someone uses the same compiler
-# for both compiling C and C++ we need to have the C++ compiler decide
-# the declaration of exit, since it's the most demanding environment.
-cat >conftest.$ac_ext <<_ACEOF
-@%:@ifndef __cplusplus
- choke me
-@%:@endif
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- for ac_declaration in \
- ''\
- '#include <stdlib.h>' \
- 'extern "C" void std::exit (int) throw (); using std::exit;' \
- 'extern "C" void std::exit (int); using std::exit;' \
- 'extern "C" void exit (int) throw ();' \
- 'extern "C" void exit (int);' \
- 'void exit (int);'
-do
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-@%:@include <stdlib.h>
-$ac_declaration
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-exit (42);
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- :
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-continue
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_declaration
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-exit (42);
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- break
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-done
-rm -f conftest*
-if test -n "$ac_declaration"; then
- echo '#ifdef __cplusplus' >>confdefs.h
- echo $ac_declaration >>confdefs.h
- echo '#endif' >>confdefs.h
-fi
-
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-ac_aux_dir=
-for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do
- if test -f $ac_dir/install-sh; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/install-sh -c"
- break
- elif test -f $ac_dir/install.sh; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/install.sh -c"
- break
- elif test -f $ac_dir/shtool; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/shtool install -c"
- break
- fi
-done
-if test -z "$ac_aux_dir"; then
- { { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&5
-echo "$as_me: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&2;}
- { (exit 1); exit 1; }; }
-fi
-ac_config_guess="$SHELL $ac_aux_dir/config.guess"
-ac_config_sub="$SHELL $ac_aux_dir/config.sub"
-ac_configure="$SHELL $ac_aux_dir/configure" # This should be Cygnus configure.
-
-# Make sure we can run config.sub.
-$ac_config_sub sun4 >/dev/null 2>&1 ||
- { { echo "$as_me:$LINENO: error: cannot run $ac_config_sub" >&5
-echo "$as_me: error: cannot run $ac_config_sub" >&2;}
- { (exit 1); exit 1; }; }
-
-echo "$as_me:$LINENO: checking build system type" >&5
-echo $ECHO_N "checking build system type... $ECHO_C" >&6
-if test "${ac_cv_build+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_cv_build_alias=$build_alias
-test -z "$ac_cv_build_alias" &&
- ac_cv_build_alias=`$ac_config_guess`
-test -z "$ac_cv_build_alias" &&
- { { echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5
-echo "$as_me: error: cannot guess build type; you must specify one" >&2;}
- { (exit 1); exit 1; }; }
-ac_cv_build=`$ac_config_sub $ac_cv_build_alias` ||
- { { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_build_alias failed" >&5
-echo "$as_me: error: $ac_config_sub $ac_cv_build_alias failed" >&2;}
- { (exit 1); exit 1; }; }
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_build" >&5
-echo "${ECHO_T}$ac_cv_build" >&6
-build=$ac_cv_build
-build_cpu=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
-build_vendor=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
-build_os=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
-
-
-echo "$as_me:$LINENO: checking host system type" >&5
-echo $ECHO_N "checking host system type... $ECHO_C" >&6
-if test "${ac_cv_host+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_cv_host_alias=$host_alias
-test -z "$ac_cv_host_alias" &&
- ac_cv_host_alias=$ac_cv_build_alias
-ac_cv_host=`$ac_config_sub $ac_cv_host_alias` ||
- { { echo "$as_me:$LINENO: error: $ac_config_sub $ac_cv_host_alias failed" >&5
-echo "$as_me: error: $ac_config_sub $ac_cv_host_alias failed" >&2;}
- { (exit 1); exit 1; }; }
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_host" >&5
-echo "${ECHO_T}$ac_cv_host" >&6
-host=$ac_cv_host
-host_cpu=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
-host_vendor=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
-host_os=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
-
-
-
-echo "$as_me:$LINENO: checking whether byte ordering is bigendian" >&5
-echo $ECHO_N "checking whether byte ordering is bigendian... $ECHO_C" >&6
-if test "${ac_cv_c_bigendian+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- # See if sys/param.h defines the BYTE_ORDER macro.
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#include <sys/param.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-#if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN
- bogus endian macros
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- # It does; now see whether it defined to BIG_ENDIAN or not.
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#include <sys/param.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-#if BYTE_ORDER != BIG_ENDIAN
- not big endian
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_c_bigendian=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_c_bigendian=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-# It does not; compile a test program.
-if test "$cross_compiling" = yes; then
- # try to guess the endianess by grep'ing values into an object file
- ac_cv_c_bigendian=unknown
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-short ascii_mm[] = { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 };
-short ascii_ii[] = { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 };
-void _ascii () { char *s = (char *) ascii_mm; s = (char *) ascii_ii; }
-short ebcdic_ii[] = { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 };
-short ebcdic_mm[] = { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 };
-void _ebcdic () { char *s = (char *) ebcdic_mm; s = (char *) ebcdic_ii; }
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- _ascii (); _ebcdic ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- if fgrep BIGenDianSyS conftest.$ac_objext >/dev/null ; then
- ac_cv_c_bigendian=yes
-fi
-if fgrep LiTTleEnDian conftest.$ac_objext >/dev/null ; then
- if test "$ac_cv_c_bigendian" = unknown; then
- ac_cv_c_bigendian=no
- else
- # finding both strings is unlikely to happen, but who knows?
- ac_cv_c_bigendian=unknown
- fi
-fi
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-int
-main ()
-{
- /* Are we little or big endian? From Harbison&Steele. */
- union
- {
- long l;
- char c[sizeof (long)];
- } u;
- u.l = 1;
- exit (u.c[sizeof (long) - 1] == 1);
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_c_bigendian=no
-else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-ac_cv_c_bigendian=yes
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_c_bigendian" >&5
-echo "${ECHO_T}$ac_cv_c_bigendian" >&6
-case $ac_cv_c_bigendian in
- yes)
-
-cat >>confdefs.h <<\_ACEOF
-@%:@define WORDS_BIGENDIAN 1
-_ACEOF
- ;;
- no)
- ;;
- *)
- { { echo "$as_me:$LINENO: error: unknown endianess
-presetting ac_cv_c_bigendian=no (or yes) will help" >&5
-echo "$as_me: error: unknown endianess
-presetting ac_cv_c_bigendian=no (or yes) will help" >&2;}
- { (exit 1); exit 1; }; } ;;
-esac
-
-
-# Checks for programs.
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5
-echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6
-# On Suns, sometimes $CPP names a directory.
-if test -n "$CPP" && test -d "$CPP"; then
- CPP=
-fi
-if test -z "$CPP"; then
- if test "${ac_cv_prog_CPP+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- # Double quotes because CPP needs to be expanded
- for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
- do
- ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
-do
- # Use a header file that comes with gcc, so configuring glibc
- # with a fresh cross-compiler works.
- # On the NeXT, cc -E runs the code through the compiler's parser,
- # not just through cpp. "Syntax error" is here to catch this case.
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-@%:@include <assert.h>
- Syntax error
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- egrep -v '^ *\+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
- :
-else
- echo "$as_me: failed program was:" >&5
- cat conftest.$ac_ext >&5
- # Broken: fails on valid input.
-continue
-fi
-rm -f conftest.err conftest.$ac_ext
-
- # OK, works on sane cases. Now check whether non-existent headers
- # can be detected and how.
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-@%:@include <ac_nonexistent.h>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- egrep -v '^ *\+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
- # Broken: success on invalid input.
-continue
-else
- echo "$as_me: failed program was:" >&5
- cat conftest.$ac_ext >&5
- # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-rm -f conftest.err conftest.$ac_ext
-
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then
- break
-fi
-
- done
- ac_cv_prog_CPP=$CPP
-
-fi
- CPP=$ac_cv_prog_CPP
-else
- ac_cv_prog_CPP=$CPP
-fi
-echo "$as_me:$LINENO: result: $CPP" >&5
-echo "${ECHO_T}$CPP" >&6
-ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
-do
- # Use a header file that comes with gcc, so configuring glibc
- # with a fresh cross-compiler works.
- # On the NeXT, cc -E runs the code through the compiler's parser,
- # not just through cpp. "Syntax error" is here to catch this case.
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-@%:@include <assert.h>
- Syntax error
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- egrep -v '^ *\+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
- :
-else
- echo "$as_me: failed program was:" >&5
- cat conftest.$ac_ext >&5
- # Broken: fails on valid input.
-continue
-fi
-rm -f conftest.err conftest.$ac_ext
-
- # OK, works on sane cases. Now check whether non-existent headers
- # can be detected and how.
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-@%:@include <ac_nonexistent.h>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- egrep -v '^ *\+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
- # Broken: success on invalid input.
-continue
-else
- echo "$as_me: failed program was:" >&5
- cat conftest.$ac_ext >&5
- # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-rm -f conftest.err conftest.$ac_ext
-
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then
- :
-else
- { { echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check" >&5
-echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check" >&2;}
- { (exit 1); exit 1; }; }
-fi
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
-set dummy ${ac_tool_prefix}ranlib; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_RANLIB+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test -n "$RANLIB"; then
- ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
-fi
-fi
-RANLIB=$ac_cv_prog_RANLIB
-if test -n "$RANLIB"; then
- echo "$as_me:$LINENO: result: $RANLIB" >&5
-echo "${ECHO_T}$RANLIB" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-fi
-if test -z "$ac_cv_prog_RANLIB"; then
- ac_ct_RANLIB=$RANLIB
- # Extract the first word of "ranlib", so it can be a program name with args.
-set dummy ranlib; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test -n "$ac_ct_RANLIB"; then
- ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_ac_ct_RANLIB="ranlib"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- test -z "$ac_cv_prog_ac_ct_RANLIB" && ac_cv_prog_ac_ct_RANLIB=":"
-fi
-fi
-ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
-if test -n "$ac_ct_RANLIB"; then
- echo "$as_me:$LINENO: result: $ac_ct_RANLIB" >&5
-echo "${ECHO_T}$ac_ct_RANLIB" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- RANLIB=$ac_ct_RANLIB
-else
- RANLIB="$ac_cv_prog_RANLIB"
-fi
-
-# Find a good install program. We prefer a C program (faster),
-# so one script is as good as another. But avoid the broken or
-# incompatible versions:
-# SysV /etc/install, /usr/sbin/install
-# SunOS /usr/etc/install
-# IRIX /sbin/install
-# AIX /bin/install
-# AmigaOS /C/install, which installs bootblocks on floppy discs
-# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
-# AFS /usr/afsws/bin/install, which mishandles nonexistent args
-# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
-# ./install, which can be erroneously created by make from ./install.sh.
-echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5
-echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6
-if test -z "$INSTALL"; then
-if test "${ac_cv_path_install+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- # Account for people who put trailing slashes in PATH elements.
-case $as_dir/ in
- ./ | .// | /cC/* | \
- /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
- /usr/ucb/* ) ;;
- *)
- # OSF1 and SCO ODT 3.0 have their own names for install.
- # Don't use installbsd from OSF since it installs stuff as root
- # by default.
- for ac_prog in ginstall scoinst install; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then
- if test $ac_prog = install &&
- grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
- # AIX install. It has an incompatible calling convention.
- :
- elif test $ac_prog = install &&
- grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
- # program-specific install script used by HP pwplus--don't use.
- :
- else
- ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
- break 3
- fi
- fi
- done
- done
- ;;
-esac
-done
-
-
-fi
- if test "${ac_cv_path_install+set}" = set; then
- INSTALL=$ac_cv_path_install
- else
- # As a last resort, use the slow shell script. We don't cache a
- # path for INSTALL within a source directory, because that will
- # break other packages using the cache if that directory is
- # removed, or if the path is relative.
- INSTALL=$ac_install_sh
- fi
-fi
-echo "$as_me:$LINENO: result: $INSTALL" >&5
-echo "${ECHO_T}$INSTALL" >&6
-
-# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
-# It thinks the first close brace ends the variable substitution.
-test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
-
-test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
-
-test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
-
-# Extract the first word of "ar", so it can be a program name with args.
-set dummy ar; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_AR+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $AR in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_AR="$AR" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_AR="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- ;;
-esac
-fi
-AR=$ac_cv_path_AR
-
-if test -n "$AR"; then
- echo "$as_me:$LINENO: result: $AR" >&5
-echo "${ECHO_T}$AR" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-for ac_prog in perl5 perl
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_PERL+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $PERL in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PERL="$PERL" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PERL="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- ;;
-esac
-fi
-PERL=$ac_cv_path_PERL
-
-if test -n "$PERL"; then
- echo "$as_me:$LINENO: result: $PERL" >&5
-echo "${ECHO_T}$PERL" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- test -n "$PERL" && break
-done
-
-
-# Extract the first word of "ent", so it can be a program name with args.
-set dummy ent; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_ENT+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $ENT in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_ENT="$ENT" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_ENT="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- ;;
-esac
-fi
-ENT=$ac_cv_path_ENT
-
-if test -n "$ENT"; then
- echo "$as_me:$LINENO: result: $ENT" >&5
-echo "${ECHO_T}$ENT" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-
-for ac_prog in filepriv
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_FILEPRIV+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $FILEPRIV in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_FILEPRIV="$FILEPRIV" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-as_dummy="/sbin:/usr/sbin"
-for as_dir in $as_dummy
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_FILEPRIV="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- ;;
-esac
-fi
-FILEPRIV=$ac_cv_path_FILEPRIV
-
-if test -n "$FILEPRIV"; then
- echo "$as_me:$LINENO: result: $FILEPRIV" >&5
-echo "${ECHO_T}$FILEPRIV" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- test -n "$FILEPRIV" && break
-done
-test -n "$FILEPRIV" || FILEPRIV="true"
-
-# Extract the first word of "bash", so it can be a program name with args.
-set dummy bash; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_TEST_MINUS_S_SH+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $TEST_MINUS_S_SH in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- ;;
-esac
-fi
-TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH
-
-if test -n "$TEST_MINUS_S_SH"; then
- echo "$as_me:$LINENO: result: $TEST_MINUS_S_SH" >&5
-echo "${ECHO_T}$TEST_MINUS_S_SH" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-# Extract the first word of "ksh", so it can be a program name with args.
-set dummy ksh; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_TEST_MINUS_S_SH+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $TEST_MINUS_S_SH in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- ;;
-esac
-fi
-TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH
-
-if test -n "$TEST_MINUS_S_SH"; then
- echo "$as_me:$LINENO: result: $TEST_MINUS_S_SH" >&5
-echo "${ECHO_T}$TEST_MINUS_S_SH" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-# Extract the first word of "sh", so it can be a program name with args.
-set dummy sh; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_TEST_MINUS_S_SH+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $TEST_MINUS_S_SH in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_TEST_MINUS_S_SH="$TEST_MINUS_S_SH" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_TEST_MINUS_S_SH="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- ;;
-esac
-fi
-TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH
-
-if test -n "$TEST_MINUS_S_SH"; then
- echo "$as_me:$LINENO: result: $TEST_MINUS_S_SH" >&5
-echo "${ECHO_T}$TEST_MINUS_S_SH" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-# Extract the first word of "sh", so it can be a program name with args.
-set dummy sh; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_SH+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $SH in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_SH="$SH" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_SH="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- ;;
-esac
-fi
-SH=$ac_cv_path_SH
-
-if test -n "$SH"; then
- echo "$as_me:$LINENO: result: $SH" >&5
-echo "${ECHO_T}$SH" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-
-# System features
-# Check whether --enable-largefile or --disable-largefile was given.
-if test "${enable_largefile+set}" = set; then
- enableval="$enable_largefile"
-
-fi;
-if test "$enable_largefile" != no; then
-
- echo "$as_me:$LINENO: checking for special C compiler options needed for large files" >&5
-echo $ECHO_N "checking for special C compiler options needed for large files... $ECHO_C" >&6
-if test "${ac_cv_sys_largefile_CC+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_cv_sys_largefile_CC=no
- if test "$GCC" != yes; then
- ac_save_CC=$CC
- while :; do
- # IRIX 6.2 and later do not support large files by default,
- # so use the C compiler's -n32 option if that helps.
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-@%:@include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
- We can't simply define LARGE_OFF_T to be 9223372036854775807,
- since some C++ compilers masquerading as C compilers
- incorrectly reject 9223372036854775807. */
-@%:@define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
- int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
- && LARGE_OFF_T % 2147483647 == 1)
- ? 1 : -1];
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
- rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- break
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext
- CC="$CC -n32"
- rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_sys_largefile_CC=' -n32'; break
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext
- break
- done
- CC=$ac_save_CC
- rm -f conftest.$ac_ext
- fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_sys_largefile_CC" >&5
-echo "${ECHO_T}$ac_cv_sys_largefile_CC" >&6
- if test "$ac_cv_sys_largefile_CC" != no; then
- CC=$CC$ac_cv_sys_largefile_CC
- fi
-
- echo "$as_me:$LINENO: checking for _FILE_OFFSET_BITS value needed for large files" >&5
-echo $ECHO_N "checking for _FILE_OFFSET_BITS value needed for large files... $ECHO_C" >&6
-if test "${ac_cv_sys_file_offset_bits+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- while :; do
- ac_cv_sys_file_offset_bits=no
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-@%:@include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
- We can't simply define LARGE_OFF_T to be 9223372036854775807,
- since some C++ compilers masquerading as C compilers
- incorrectly reject 9223372036854775807. */
-@%:@define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
- int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
- && LARGE_OFF_T % 2147483647 == 1)
- ? 1 : -1];
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- break
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-@%:@define _FILE_OFFSET_BITS 64
-@%:@include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
- We can't simply define LARGE_OFF_T to be 9223372036854775807,
- since some C++ compilers masquerading as C compilers
- incorrectly reject 9223372036854775807. */
-@%:@define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
- int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
- && LARGE_OFF_T % 2147483647 == 1)
- ? 1 : -1];
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_sys_file_offset_bits=64; break
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
- break
-done
-fi
-echo "$as_me:$LINENO: result: $ac_cv_sys_file_offset_bits" >&5
-echo "${ECHO_T}$ac_cv_sys_file_offset_bits" >&6
-if test "$ac_cv_sys_file_offset_bits" != no; then
-
-cat >>confdefs.h <<_ACEOF
-@%:@define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits
-_ACEOF
-
-fi
-rm -f conftest*
- echo "$as_me:$LINENO: checking for _LARGE_FILES value needed for large files" >&5
-echo $ECHO_N "checking for _LARGE_FILES value needed for large files... $ECHO_C" >&6
-if test "${ac_cv_sys_large_files+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- while :; do
- ac_cv_sys_large_files=no
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-@%:@include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
- We can't simply define LARGE_OFF_T to be 9223372036854775807,
- since some C++ compilers masquerading as C compilers
- incorrectly reject 9223372036854775807. */
-@%:@define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
- int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
- && LARGE_OFF_T % 2147483647 == 1)
- ? 1 : -1];
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- break
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-@%:@define _LARGE_FILES 1
-@%:@include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
- We can't simply define LARGE_OFF_T to be 9223372036854775807,
- since some C++ compilers masquerading as C compilers
- incorrectly reject 9223372036854775807. */
-@%:@define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
- int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
- && LARGE_OFF_T % 2147483647 == 1)
- ? 1 : -1];
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_sys_large_files=1; break
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
- break
-done
-fi
-echo "$as_me:$LINENO: result: $ac_cv_sys_large_files" >&5
-echo "${ECHO_T}$ac_cv_sys_large_files" >&6
-if test "$ac_cv_sys_large_files" != no; then
-
-cat >>confdefs.h <<_ACEOF
-@%:@define _LARGE_FILES $ac_cv_sys_large_files
-_ACEOF
-
-fi
-rm -f conftest*
-fi
-
-
-if test -z "$AR" ; then
- { { echo "$as_me:$LINENO: error: *** 'ar' missing, please install or fix your \$PATH ***" >&5
-echo "$as_me: error: *** 'ar' missing, please install or fix your \$PATH ***" >&2;}
- { (exit 1); exit 1; }; }
-fi
-
-# Use LOGIN_PROGRAM from environment if possible
-if test ! -z "$LOGIN_PROGRAM" ; then
- cat >>confdefs.h <<_ACEOF
-@%:@define LOGIN_PROGRAM_FALLBACK "$LOGIN_PROGRAM"
-_ACEOF
-
-else
- # Search for login
- # Extract the first word of "login", so it can be a program name with args.
-set dummy login; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_LOGIN_PROGRAM_FALLBACK+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $LOGIN_PROGRAM_FALLBACK in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_LOGIN_PROGRAM_FALLBACK="$LOGIN_PROGRAM_FALLBACK" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_LOGIN_PROGRAM_FALLBACK="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- ;;
-esac
-fi
-LOGIN_PROGRAM_FALLBACK=$ac_cv_path_LOGIN_PROGRAM_FALLBACK
-
-if test -n "$LOGIN_PROGRAM_FALLBACK"; then
- echo "$as_me:$LINENO: result: $LOGIN_PROGRAM_FALLBACK" >&5
-echo "${ECHO_T}$LOGIN_PROGRAM_FALLBACK" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- if test ! -z "$LOGIN_PROGRAM_FALLBACK" ; then
- cat >>confdefs.h <<_ACEOF
-@%:@define LOGIN_PROGRAM_FALLBACK "$LOGIN_PROGRAM_FALLBACK"
-_ACEOF
-
- fi
-fi
-
-if test -z "$LD" ; then
- LD=$CC
-fi
-
-
-echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5
-echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6
-if test "${ac_cv_prog_cc_stdc+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_cv_prog_cc_stdc=no
-ac_save_CC=$CC
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <stdarg.h>
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
-struct buf { int x; };
-FILE * (*rcsopen) (struct buf *, struct stat *, int);
-static char *e (p, i)
- char **p;
- int i;
-{
- return p[i];
-}
-static char *f (char * (*g) (char **, int), char **p, ...)
-{
- char *s;
- va_list v;
- va_start (v,p);
- s = g (p, va_arg (v,int));
- va_end (v);
- return s;
-}
-int test (int i, double x);
-struct s1 {int (*f) (int a);};
-struct s2 {int (*f) (double a);};
-int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
-int argc;
-char **argv;
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
- ;
- return 0;
-}
-_ACEOF
-# Don't try gcc -ansi; that turns off useful extensions and
-# breaks some systems' header files.
-# AIX -qlanglvl=ansi
-# Ultrix and OSF/1 -std1
-# HP-UX 10.20 and later -Ae
-# HP-UX older versions -Aa -D_HPUX_SOURCE
-# SVR4 -Xc -D__EXTENSIONS__
-for ac_arg in "" -qlanglvl=ansi -std1 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
-do
- CC="$ac_save_CC $ac_arg"
- rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_prog_cc_stdc=$ac_arg
-break
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext
-done
-rm -f conftest.$ac_ext conftest.$ac_objext
-CC=$ac_save_CC
-
-fi
-
-case "x$ac_cv_prog_cc_stdc" in
- x|xno)
- echo "$as_me:$LINENO: result: none needed" >&5
-echo "${ECHO_T}none needed" >&6 ;;
- *)
- echo "$as_me:$LINENO: result: $ac_cv_prog_cc_stdc" >&5
-echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6
- CC="$CC $ac_cv_prog_cc_stdc" ;;
-esac
-
-echo "$as_me:$LINENO: checking for inline" >&5
-echo $ECHO_N "checking for inline... $ECHO_C" >&6
-if test "${ac_cv_c_inline+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_cv_c_inline=no
-for ac_kw in inline __inline__ __inline; do
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#ifndef __cplusplus
-static $ac_kw int static_foo () {return 0; }
-$ac_kw int foo () {return 0; }
-#endif
-
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_c_inline=$ac_kw; break
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-done
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_c_inline" >&5
-echo "${ECHO_T}$ac_cv_c_inline" >&6
-case $ac_cv_c_inline in
- inline | yes) ;;
- no)
-cat >>confdefs.h <<\_ACEOF
-@%:@define inline
-_ACEOF
- ;;
- *) cat >>confdefs.h <<_ACEOF
-@%:@define inline $ac_cv_c_inline
-_ACEOF
- ;;
-esac
-
-if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
- CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
-fi
-
-# Check for some target-specific stuff
-case "$host" in
-*-*-aix*)
- AFS_LIBS="-lld"
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
- if (test "$LD" != "gcc" && test -z "$blibpath"); then
- echo "$as_me:$LINENO: checking if linkage editor ($LD) accepts -blibpath" >&5
-echo $ECHO_N "checking if linkage editor ($LD) accepts -blibpath... $ECHO_C" >&6
- saved_LDFLAGS="$LDFLAGS"
- LDFLAGS="$LDFLAGS -blibpath:/usr/lib:/lib:/usr/local/lib"
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
-
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
- blibpath="/usr/lib:/lib:/usr/local/lib"
-
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
- LDFLAGS="$saved_LDFLAGS"
- fi
- echo "$as_me:$LINENO: checking for authenticate" >&5
-echo $ECHO_N "checking for authenticate... $ECHO_C" >&6
-if test "${ac_cv_func_authenticate+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char authenticate (); below. */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char authenticate ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_authenticate) || defined (__stub___authenticate)
-choke me
-#else
-f = authenticate;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_func_authenticate=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_authenticate=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_authenticate" >&5
-echo "${ECHO_T}$ac_cv_func_authenticate" >&6
-if test $ac_cv_func_authenticate = yes; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define WITH_AIXAUTHENTICATE 1
-_ACEOF
-
-fi
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define BROKEN_GETADDRINFO 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define BROKEN_REALPATH 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define DISABLE_LASTLOG 1
-_ACEOF
-
- ;;
-*-*-cygwin*)
- LIBS="$LIBS /usr/lib/textmode.o"
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_CYGWIN 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define USE_PIPES 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define DISABLE_SHADOW 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define IPV4_DEFAULT 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define IP_TOS_IS_BROKEN 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define NO_X11_UNIX_SOCKETS 1
-_ACEOF
-
- ;;
-*-*-dgux*)
- cat >>confdefs.h <<\_ACEOF
-@%:@define IP_TOS_IS_BROKEN 1
-_ACEOF
-
- ;;
-*-*-darwin*)
- cat >>confdefs.h <<\_ACEOF
-@%:@define BROKEN_GETADDRINFO 1
-_ACEOF
-
- ;;
-*-*-hpux10.26)
- if test -z "$GCC"; then
- CFLAGS="$CFLAGS -Ae"
- fi
- CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
- IPADDR_IN_DISPLAY=yes
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_SECUREWARE 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define USE_PIPES 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define LOGIN_NO_ENDOPT 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define LOGIN_NEEDS_UTMPX 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define DISABLE_SHADOW 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define DISABLE_UTMP 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define SPT_TYPE SPT_PSTAT
-_ACEOF
-
- LIBS="$LIBS -lxnet -lsec -lsecpw"
- disable_ptmx_check=yes
- ;;
-*-*-hpux10*)
- if test -z "$GCC"; then
- CFLAGS="$CFLAGS -Ae"
- fi
- CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
- IPADDR_IN_DISPLAY=yes
- cat >>confdefs.h <<\_ACEOF
-@%:@define USE_PIPES 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define LOGIN_NO_ENDOPT 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define LOGIN_NEEDS_UTMPX 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define DISABLE_SHADOW 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define DISABLE_UTMP 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define SPT_TYPE SPT_PSTAT
-_ACEOF
-
- LIBS="$LIBS -lxnet -lsec"
- ;;
-*-*-hpux11*)
- CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
- IPADDR_IN_DISPLAY=yes
- cat >>confdefs.h <<\_ACEOF
-@%:@define PAM_SUN_CODEBASE 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define USE_PIPES 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define LOGIN_NO_ENDOPT 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define LOGIN_NEEDS_UTMPX 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define DISABLE_SHADOW 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define DISABLE_UTMP 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define SPT_TYPE SPT_PSTAT
-_ACEOF
-
- LIBS="$LIBS -lxnet -lsec"
- ;;
-*-*-irix5*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS"
- PATH="$PATH:/usr/etc"
- cat >>confdefs.h <<\_ACEOF
-@%:@define BROKEN_INET_NTOA 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define WITH_ABBREV_NO_TTY 1
-_ACEOF
-
- ;;
-*-*-irix6*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS"
- PATH="$PATH:/usr/etc"
- cat >>confdefs.h <<\_ACEOF
-@%:@define WITH_IRIX_ARRAY 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define WITH_IRIX_PROJECT 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define WITH_IRIX_AUDIT 1
-_ACEOF
-
- echo "$as_me:$LINENO: checking for jlimit_startjob" >&5
-echo $ECHO_N "checking for jlimit_startjob... $ECHO_C" >&6
-if test "${ac_cv_func_jlimit_startjob+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char jlimit_startjob (); below. */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char jlimit_startjob ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_jlimit_startjob) || defined (__stub___jlimit_startjob)
-choke me
-#else
-f = jlimit_startjob;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_func_jlimit_startjob=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_jlimit_startjob=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_jlimit_startjob" >&5
-echo "${ECHO_T}$ac_cv_func_jlimit_startjob" >&6
-if test $ac_cv_func_jlimit_startjob = yes; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define WITH_IRIX_JOBS 1
-_ACEOF
-
-fi
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define BROKEN_INET_NTOA 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define WITH_ABBREV_NO_TTY 1
-_ACEOF
-
- ;;
-*-*-linux*)
- no_dev_ptmx=1
- check_for_libcrypt_later=1
- cat >>confdefs.h <<\_ACEOF
-@%:@define DONT_TRY_OTHER_AF 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define PAM_TTY_KLUDGE 1
-_ACEOF
-
- inet6_default_4in6=yes
- ;;
-mips-sony-bsd|mips-sony-newsos4)
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_NEWS4 1
-_ACEOF
-
- SONY=1
- ;;
-*-*-netbsd*)
- need_dash_r=1
- ;;
-*-*-freebsd*)
- check_for_libcrypt_later=1
- ;;
-*-next-*)
- conf_lastlog_location="/usr/adm/lastlog"
- conf_utmp_location=/etc/utmp
- conf_wtmp_location=/usr/adm/wtmp
- MAIL=/usr/spool/mail
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_NEXT 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define BROKEN_REALPATH 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define USE_PIPES 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define BROKEN_SAVED_UIDS 1
-_ACEOF
-
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- CFLAGS="$CFLAGS"
- ;;
-*-*-solaris*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib"
- need_dash_r=1
- cat >>confdefs.h <<\_ACEOF
-@%:@define PAM_SUN_CODEBASE 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define LOGIN_NEEDS_UTMPX 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define LOGIN_NEEDS_TERM 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define PAM_TTY_KLUDGE 1
-_ACEOF
-
- # hardwire lastlog location (can't detect it on some versions)
- conf_lastlog_location="/var/adm/lastlog"
- echo "$as_me:$LINENO: checking for obsolete utmp and wtmp in solaris2.x" >&5
-echo $ECHO_N "checking for obsolete utmp and wtmp in solaris2.x... $ECHO_C" >&6
- sol2ver=`echo "$host"| sed -e 's/.*[0-9]\.//'`
- if test "$sol2ver" -ge 8; then
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
- cat >>confdefs.h <<\_ACEOF
-@%:@define DISABLE_UTMP 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define DISABLE_WTMP 1
-_ACEOF
-
- else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- fi
- ;;
-*-*-sunos4*)
- CPPFLAGS="$CPPFLAGS -DSUNOS4"
-
-for ac_func in getpwanam
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func (); below. */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- eval "$as_ac_var=yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define PAM_SUN_CODEBASE 1
-_ACEOF
-
- conf_utmp_location=/etc/utmp
- conf_wtmp_location=/var/adm/wtmp
- conf_lastlog_location=/var/adm/lastlog
- cat >>confdefs.h <<\_ACEOF
-@%:@define USE_PIPES 1
-_ACEOF
-
- ;;
-*-ncr-sysv*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
- LIBS="$LIBS -lc89"
- cat >>confdefs.h <<\_ACEOF
-@%:@define USE_PIPES 1
-_ACEOF
-
- ;;
-*-sni-sysv*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- # /usr/ucblib MUST NOT be searched on ReliantUNIX
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
- IPADDR_IN_DISPLAY=yes
- cat >>confdefs.h <<\_ACEOF
-@%:@define USE_PIPES 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define IP_TOS_IS_BROKEN 1
-_ACEOF
-
- # /usr/ucblib/libucb.a no longer needed on ReliantUNIX
- # Attention: always take care to bind libsocket and libnsl before libc,
- # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
- ;;
-*-*-sysv4.2*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
-# enable_suid_ssh=no
- cat >>confdefs.h <<\_ACEOF
-@%:@define USE_PIPES 1
-_ACEOF
-
- ;;
-*-*-sysv5*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
-# enable_suid_ssh=no
- cat >>confdefs.h <<\_ACEOF
-@%:@define USE_PIPES 1
-_ACEOF
-
- ;;
-*-*-sysv*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
- ;;
-*-*-sco3.2v4*)
- CPPFLAGS="$CPPFLAGS -Dftruncate=chsize -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
- LIBS="$LIBS -los -lprot -lx -ltinfo -lm"
- rsh_path="/usr/bin/rcmd"
- RANLIB=true
- no_dev_ptmx=1
- cat >>confdefs.h <<\_ACEOF
-@%:@define BROKEN_SYS_TERMIO_H 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define USE_PIPES 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_SECUREWARE 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define DISABLE_SHADOW 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define BROKEN_SAVED_UIDS 1
-_ACEOF
-
-
-
-for ac_func in getluid setluid
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func (); below. */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- eval "$as_ac_var=yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
- MANTYPE=man
- do_sco3_extra_lib_check=yes
- ;;
-*-*-sco3.2v5*)
- CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- LDFLAGS="$LDFLAGS -L/usr/local/lib"
- LIBS="$LIBS -lprot -lx -ltinfo -lm"
- no_dev_ptmx=1
- rsh_path="/usr/bin/rcmd"
- cat >>confdefs.h <<\_ACEOF
-@%:@define USE_PIPES 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_SECUREWARE 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define DISABLE_SHADOW 1
-_ACEOF
-
-
-
-for ac_func in getluid setluid
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func (); below. */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- eval "$as_ac_var=yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
- MANTYPE=man
- ;;
-*-*-unicos*)
- no_libsocket=1
- no_libnsl=1
- cat >>confdefs.h <<\_ACEOF
-@%:@define USE_PIPES 1
-_ACEOF
-
- LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal,-L/usr/local/lib"
- LIBS="$LIBS -lgen -lrsc"
- ;;
-*-dec-osf*)
- echo "$as_me:$LINENO: checking for Digital Unix SIA" >&5
-echo $ECHO_N "checking for Digital Unix SIA... $ECHO_C" >&6
- no_osfsia=""
-
-# Check whether --with-osfsia or --without-osfsia was given.
-if test "${with_osfsia+set}" = set; then
- withval="$with_osfsia"
-
- if test "x$withval" = "xno" ; then
- echo "$as_me:$LINENO: result: disabled" >&5
-echo "${ECHO_T}disabled" >&6
- no_osfsia=1
- fi
-
-fi;
- if test -z "$no_osfsia" ; then
- if test -f /etc/sia/matrix.conf; then
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_OSF_SIA 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define DISABLE_LOGIN 1
-_ACEOF
-
- LIBS="$LIBS -lsecurity -ldb -lm -laud"
- else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- fi
- fi
- ;;
-
-*-*-nto-qnx)
- cat >>confdefs.h <<\_ACEOF
-@%:@define USE_PIPES 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define NO_X11_UNIX_SOCKETS 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define MISSING_NFDBITS 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define MISSING_HOWMANY 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define MISSING_FD_MASK 1
-_ACEOF
-
- ;;
-esac
-
-# Allow user to specify flags
-
-# Check whether --with-cflags or --without-cflags was given.
-if test "${with_cflags+set}" = set; then
- withval="$with_cflags"
-
- if test "x$withval" != "xno" ; then
- CFLAGS="$CFLAGS $withval"
- fi
-
-
-fi;
-
-# Check whether --with-cppflags or --without-cppflags was given.
-if test "${with_cppflags+set}" = set; then
- withval="$with_cppflags"
-
- if test "x$withval" != "xno"; then
- CPPFLAGS="$CPPFLAGS $withval"
- fi
-
-
-fi;
-
-# Check whether --with-ldflags or --without-ldflags was given.
-if test "${with_ldflags+set}" = set; then
- withval="$with_ldflags"
-
- if test "x$withval" != "xno" ; then
- LDFLAGS="$LDFLAGS $withval"
- fi
-
-
-fi;
-
-# Check whether --with-libs or --without-libs was given.
-if test "${with_libs+set}" = set; then
- withval="$with_libs"
-
- if test "x$withval" != "xno" ; then
- LIBS="$LIBS $withval"
- fi
-
-
-fi;
-
-# Checks for header files.
-
-echo "$as_me:$LINENO: checking for ANSI C header files" >&5
-echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6
-if test "${ac_cv_header_stdc+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <float.h>
-
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- egrep -v '^ *\+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
- ac_cv_header_stdc=yes
-else
- echo "$as_me: failed program was:" >&5
- cat conftest.$ac_ext >&5
- ac_cv_header_stdc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-
-if test $ac_cv_header_stdc = yes; then
- # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <string.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- egrep "memchr" >/dev/null 2>&1; then
- :
-else
- ac_cv_header_stdc=no
-fi
-rm -f conftest*
-
-fi
-
-if test $ac_cv_header_stdc = yes; then
- # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <stdlib.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- egrep "free" >/dev/null 2>&1; then
- :
-else
- ac_cv_header_stdc=no
-fi
-rm -f conftest*
-
-fi
-
-if test $ac_cv_header_stdc = yes; then
- # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
- if test "$cross_compiling" = yes; then
- :
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <ctype.h>
-#if ((' ' & 0x0FF) == 0x020)
-# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
-# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
-#else
-# define ISLOWER(c) (('a' <= (c) && (c) <= 'i') \
- || ('j' <= (c) && (c) <= 'r') \
- || ('s' <= (c) && (c) <= 'z'))
-# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
-#endif
-
-#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
-int
-main ()
-{
- int i;
- for (i = 0; i < 256; i++)
- if (XOR (islower (i), ISLOWER (i))
- || toupper (i) != TOUPPER (i))
- exit(2);
- exit (0);
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- :
-else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-ac_cv_header_stdc=no
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5
-echo "${ECHO_T}$ac_cv_header_stdc" >&6
-if test $ac_cv_header_stdc = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-@%:@define STDC_HEADERS 1
-_ACEOF
-
-fi
-
-# On IRIX 5.3, sys/types and inttypes.h are conflicting.
-
-
-
-
-
-
-
-
-
-for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
- inttypes.h stdint.h unistd.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-
-@%:@include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- eval "$as_ac_Header=yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_Header=no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-for ac_header in bstring.h crypt.h endian.h floatingpoint.h \
- getopt.h glob.h lastlog.h limits.h login.h \
- login_cap.h maillock.h netdb.h netgroup.h \
- netinet/in_systm.h paths.h pty.h readpassphrase.h \
- rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
- strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
- sys/mman.h sys/select.h sys/stat.h \
- sys/stropts.h sys/sysmacros.h sys/time.h \
- sys/un.h time.h ttyent.h usersec.h \
- util.h utime.h utmp.h utmpx.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
- # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-@%:@include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_header_compiler=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-@%:@include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- egrep -v '^ *\+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
- ac_header_preproc=yes
-else
- echo "$as_me: failed program was:" >&5
- cat conftest.$ac_ext >&5
- ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc in
- yes:no )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
- no:yes )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- eval "$as_ac_Header=$ac_header_preproc"
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-
-# Checks for libraries.
-echo "$as_me:$LINENO: checking for yp_match" >&5
-echo $ECHO_N "checking for yp_match... $ECHO_C" >&6
-if test "${ac_cv_func_yp_match+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char yp_match (); below. */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char yp_match ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_yp_match) || defined (__stub___yp_match)
-choke me
-#else
-f = yp_match;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_func_yp_match=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_yp_match=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_yp_match" >&5
-echo "${ECHO_T}$ac_cv_func_yp_match" >&6
-if test $ac_cv_func_yp_match = yes; then
- :
-else
-
-echo "$as_me:$LINENO: checking for yp_match in -lnsl" >&5
-echo $ECHO_N "checking for yp_match in -lnsl... $ECHO_C" >&6
-if test "${ac_cv_lib_nsl_yp_match+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lnsl $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char yp_match ();
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-yp_match ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_nsl_yp_match=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_nsl_yp_match=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_nsl_yp_match" >&5
-echo "${ECHO_T}$ac_cv_lib_nsl_yp_match" >&6
-if test $ac_cv_lib_nsl_yp_match = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define HAVE_LIBNSL 1
-_ACEOF
-
- LIBS="-lnsl $LIBS"
-
-fi
-
-fi
-
-echo "$as_me:$LINENO: checking for setsockopt" >&5
-echo $ECHO_N "checking for setsockopt... $ECHO_C" >&6
-if test "${ac_cv_func_setsockopt+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char setsockopt (); below. */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char setsockopt ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_setsockopt) || defined (__stub___setsockopt)
-choke me
-#else
-f = setsockopt;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_func_setsockopt=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_setsockopt=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_setsockopt" >&5
-echo "${ECHO_T}$ac_cv_func_setsockopt" >&6
-if test $ac_cv_func_setsockopt = yes; then
- :
-else
-
-echo "$as_me:$LINENO: checking for setsockopt in -lsocket" >&5
-echo $ECHO_N "checking for setsockopt in -lsocket... $ECHO_C" >&6
-if test "${ac_cv_lib_socket_setsockopt+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lsocket $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char setsockopt ();
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-setsockopt ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_socket_setsockopt=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_socket_setsockopt=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_socket_setsockopt" >&5
-echo "${ECHO_T}$ac_cv_lib_socket_setsockopt" >&6
-if test $ac_cv_lib_socket_setsockopt = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define HAVE_LIBSOCKET 1
-_ACEOF
-
- LIBS="-lsocket $LIBS"
-
-fi
-
-fi
-
-
-if test "x$with_tcp_wrappers" != "xno" ; then
- if test "x$do_sco3_extra_lib_check" = "xyes" ; then
- echo "$as_me:$LINENO: checking for innetgr in -lrpc" >&5
-echo $ECHO_N "checking for innetgr in -lrpc... $ECHO_C" >&6
-if test "${ac_cv_lib_rpc_innetgr+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lrpc -lyp -lrpc $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char innetgr ();
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-innetgr ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_rpc_innetgr=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_rpc_innetgr=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_rpc_innetgr" >&5
-echo "${ECHO_T}$ac_cv_lib_rpc_innetgr" >&6
-if test $ac_cv_lib_rpc_innetgr = yes; then
- LIBS="-lrpc -lyp -lrpc $LIBS"
-fi
-
- fi
-fi
-
-echo "$as_me:$LINENO: checking for getspnam" >&5
-echo $ECHO_N "checking for getspnam... $ECHO_C" >&6
-if test "${ac_cv_func_getspnam+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char getspnam (); below. */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char getspnam ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_getspnam) || defined (__stub___getspnam)
-choke me
-#else
-f = getspnam;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_func_getspnam=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_getspnam=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_getspnam" >&5
-echo "${ECHO_T}$ac_cv_func_getspnam" >&6
-if test $ac_cv_func_getspnam = yes; then
- :
-else
- echo "$as_me:$LINENO: checking for getspnam in -lgen" >&5
-echo $ECHO_N "checking for getspnam in -lgen... $ECHO_C" >&6
-if test "${ac_cv_lib_gen_getspnam+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lgen $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char getspnam ();
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-getspnam ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_gen_getspnam=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_gen_getspnam=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_gen_getspnam" >&5
-echo "${ECHO_T}$ac_cv_lib_gen_getspnam" >&6
-if test $ac_cv_lib_gen_getspnam = yes; then
- LIBS="$LIBS -lgen"
-fi
-
-fi
-
-
-
-# Check whether --with-rpath or --without-rpath was given.
-if test "${with_rpath+set}" = set; then
- withval="$with_rpath"
-
- if test "x$withval" = "xno" ; then
- need_dash_r=""
- fi
- if test "x$withval" = "xyes" ; then
- need_dash_r=1
- fi
-
-
-fi;
-
-
-# Check whether --with-zlib or --without-zlib was given.
-if test "${with_zlib+set}" = set; then
- withval="$with_zlib"
-
- if test "x$withval" = "xno" ; then
- { { echo "$as_me:$LINENO: error: *** zlib is required ***" >&5
-echo "$as_me: error: *** zlib is required ***" >&2;}
- { (exit 1); exit 1; }; }
- fi
- if test -d "$withval/lib"; then
- if test -n "${need_dash_r}"; then
- LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
- else
- LDFLAGS="-L${withval}/lib ${LDFLAGS}"
- fi
- else
- if test -n "${need_dash_r}"; then
- LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
- else
- LDFLAGS="-L${withval} ${LDFLAGS}"
- fi
- fi
- if test -d "$withval/include"; then
- CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
- else
- CPPFLAGS="-I${withval} ${CPPFLAGS}"
- fi
-
-
-fi;
-
-
-echo "$as_me:$LINENO: checking for deflate in -lz" >&5
-echo $ECHO_N "checking for deflate in -lz... $ECHO_C" >&6
-if test "${ac_cv_lib_z_deflate+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lz $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char deflate ();
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-deflate ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_z_deflate=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_z_deflate=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_z_deflate" >&5
-echo "${ECHO_T}$ac_cv_lib_z_deflate" >&6
-if test $ac_cv_lib_z_deflate = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define HAVE_LIBZ 1
-_ACEOF
-
- LIBS="-lz $LIBS"
-
-else
- { { echo "$as_me:$LINENO: error: *** zlib missing - please install first or check config.log ***" >&5
-echo "$as_me: error: *** zlib missing - please install first or check config.log ***" >&2;}
- { (exit 1); exit 1; }; }
-fi
-
-
-echo "$as_me:$LINENO: checking for strcasecmp" >&5
-echo $ECHO_N "checking for strcasecmp... $ECHO_C" >&6
-if test "${ac_cv_func_strcasecmp+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char strcasecmp (); below. */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char strcasecmp ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_strcasecmp) || defined (__stub___strcasecmp)
-choke me
-#else
-f = strcasecmp;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_func_strcasecmp=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_strcasecmp=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_strcasecmp" >&5
-echo "${ECHO_T}$ac_cv_func_strcasecmp" >&6
-if test $ac_cv_func_strcasecmp = yes; then
- :
-else
- echo "$as_me:$LINENO: checking for strcasecmp in -lresolv" >&5
-echo $ECHO_N "checking for strcasecmp in -lresolv... $ECHO_C" >&6
-if test "${ac_cv_lib_resolv_strcasecmp+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lresolv $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char strcasecmp ();
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-strcasecmp ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_resolv_strcasecmp=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_resolv_strcasecmp=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_resolv_strcasecmp" >&5
-echo "${ECHO_T}$ac_cv_lib_resolv_strcasecmp" >&6
-if test $ac_cv_lib_resolv_strcasecmp = yes; then
- LIBS="$LIBS -lresolv"
-fi
-
-
-fi
-
-echo "$as_me:$LINENO: checking for utimes" >&5
-echo $ECHO_N "checking for utimes... $ECHO_C" >&6
-if test "${ac_cv_func_utimes+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char utimes (); below. */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char utimes ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_utimes) || defined (__stub___utimes)
-choke me
-#else
-f = utimes;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_func_utimes=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_utimes=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_utimes" >&5
-echo "${ECHO_T}$ac_cv_func_utimes" >&6
-if test $ac_cv_func_utimes = yes; then
- :
-else
- echo "$as_me:$LINENO: checking for utimes in -lc89" >&5
-echo $ECHO_N "checking for utimes in -lc89... $ECHO_C" >&6
-if test "${ac_cv_lib_c89_utimes+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lc89 $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char utimes ();
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-utimes ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_c89_utimes=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_c89_utimes=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_c89_utimes" >&5
-echo "${ECHO_T}$ac_cv_lib_c89_utimes" >&6
-if test $ac_cv_lib_c89_utimes = yes; then
- LIBS="$LIBS -lc89"
-fi
-
-
-fi
-
-
-
-for ac_header in libutil.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
- # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-@%:@include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_header_compiler=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-@%:@include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- egrep -v '^ *\+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
- ac_header_preproc=yes
-else
- echo "$as_me: failed program was:" >&5
- cat conftest.$ac_ext >&5
- ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc in
- yes:no )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
- no:yes )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- eval "$as_ac_Header=$ac_header_preproc"
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-echo "$as_me:$LINENO: checking for library containing login" >&5
-echo $ECHO_N "checking for library containing login... $ECHO_C" >&6
-if test "${ac_cv_search_login+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_func_search_save_LIBS=$LIBS
-ac_cv_search_login=no
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char login ();
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-login ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_search_login="none required"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-if test "$ac_cv_search_login" = no; then
- for ac_lib in util bsd; do
- LIBS="-l$ac_lib $ac_func_search_save_LIBS"
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char login ();
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-login ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_search_login="-l$ac_lib"
-break
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
- done
-fi
-LIBS=$ac_func_search_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_search_login" >&5
-echo "${ECHO_T}$ac_cv_search_login" >&6
-if test "$ac_cv_search_login" != no; then
- test "$ac_cv_search_login" = "none required" || LIBS="$ac_cv_search_login $LIBS"
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_LOGIN 1
-_ACEOF
-
-fi
-
-
-
-
-for ac_func in logout updwtmp logwtmp
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func (); below. */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- eval "$as_ac_var=yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-
-
-for ac_func in strftime
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func (); below. */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- eval "$as_ac_var=yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-else
- # strftime is in -lintl on SCO UNIX.
-echo "$as_me:$LINENO: checking for strftime in -lintl" >&5
-echo $ECHO_N "checking for strftime in -lintl... $ECHO_C" >&6
-if test "${ac_cv_lib_intl_strftime+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lintl $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char strftime ();
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-strftime ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_intl_strftime=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_intl_strftime=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_intl_strftime" >&5
-echo "${ECHO_T}$ac_cv_lib_intl_strftime" >&6
-if test $ac_cv_lib_intl_strftime = yes; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_STRFTIME 1
-_ACEOF
-
-LIBS="-lintl $LIBS"
-fi
-
-fi
-done
-
-
-# Check for ALTDIRFUNC glob() extension
-echo "$as_me:$LINENO: checking for GLOB_ALTDIRFUNC support" >&5
-echo $ECHO_N "checking for GLOB_ALTDIRFUNC support... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
- #include <glob.h>
- #ifdef GLOB_ALTDIRFUNC
- FOUNDIT
- #endif
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- egrep "FOUNDIT" >/dev/null 2>&1; then
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define GLOB_HAS_ALTDIRFUNC 1
-_ACEOF
-
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-
-else
-
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-
-
-fi
-rm -f conftest*
-
-
-# Check for g.gl_matchc glob() extension
-echo "$as_me:$LINENO: checking for gl_matchc field in glob_t" >&5
-echo $ECHO_N "checking for gl_matchc field in glob_t... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
- #include <glob.h>
- int main(void){glob_t g; g.gl_matchc = 1;}
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- egrep "FOUNDIT" >/dev/null 2>&1; then
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define GLOB_HAS_GL_MATCHC 1
-_ACEOF
-
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-
-else
-
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-
-
-fi
-rm -f conftest*
-
-
-echo "$as_me:$LINENO: checking whether struct dirent allocates space for d_name" >&5
-echo $ECHO_N "checking whether struct dirent allocates space for d_name... $ECHO_C" >&6
-if test "$cross_compiling" = yes; then
- { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5
-echo "$as_me: error: cannot run test program while cross compiling" >&2;}
- { (exit 1); exit 1; }; }
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-#include <dirent.h>
-int main(void){struct dirent d;return(sizeof(d.d_name)<=sizeof(char));}
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- cat >>confdefs.h <<\_ACEOF
-@%:@define BROKEN_ONE_BYTE_DIRENT_D_NAME 1
-_ACEOF
-
-
-
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-
-# Check whether user wants S/Key support
-SKEY_MSG="no"
-
-# Check whether --with-skey or --without-skey was given.
-if test "${with_skey+set}" = set; then
- withval="$with_skey"
-
- if test "x$withval" != "xno" ; then
-
- if test "x$withval" != "xyes" ; then
- CPPFLAGS="$CPPFLAGS -I${withval}/include"
- LDFLAGS="$LDFLAGS -L${withval}/lib"
- fi
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define SKEY 1
-_ACEOF
-
- LIBS="-lskey $LIBS"
- SKEY_MSG="yes"
-
- echo "$as_me:$LINENO: checking for s/key support" >&5
-echo $ECHO_N "checking for s/key support... $ECHO_C" >&6
- if test "$cross_compiling" = yes; then
- { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5
-echo "$as_me: error: cannot run test program while cross compiling" >&2;}
- { (exit 1); exit 1; }; }
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <stdio.h>
-#include <skey.h>
-int main() { char *ff = skey_keyinfo(""); ff=""; return 0; }
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- { { echo "$as_me:$LINENO: error: ** Incomplete or missing s/key libraries." >&5
-echo "$as_me: error: ** Incomplete or missing s/key libraries." >&2;}
- { (exit 1); exit 1; }; }
-
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
- fi
-
-
-fi;
-
-# Check whether user wants TCP wrappers support
-TCPW_MSG="no"
-
-# Check whether --with-tcp-wrappers or --without-tcp-wrappers was given.
-if test "${with_tcp_wrappers+set}" = set; then
- withval="$with_tcp_wrappers"
-
- if test "x$withval" != "xno" ; then
- saved_LIBS="$LIBS"
- saved_LDFLAGS="$LDFLAGS"
- saved_CPPFLAGS="$CPPFLAGS"
- if test -n "${withval}" -a "${withval}" != "yes"; then
- if test -d "${withval}/lib"; then
- if test -n "${need_dash_r}"; then
- LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
- else
- LDFLAGS="-L${withval}/lib ${LDFLAGS}"
- fi
- else
- if test -n "${need_dash_r}"; then
- LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
- else
- LDFLAGS="-L${withval} ${LDFLAGS}"
- fi
- fi
- if test -d "${withval}/include"; then
- CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
- else
- CPPFLAGS="-I${withval} ${CPPFLAGS}"
- fi
- fi
- LIBWRAP="-lwrap"
- LIBS="$LIBWRAP $LIBS"
- echo "$as_me:$LINENO: checking for libwrap" >&5
-echo $ECHO_N "checking for libwrap... $ECHO_C" >&6
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <tcpd.h>
- int deny_severity = 0, allow_severity = 0;
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-hosts_access(0);
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
-
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
- cat >>confdefs.h <<\_ACEOF
-@%:@define LIBWRAP 1
-_ACEOF
-
-
- TCPW_MSG="yes"
-
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-
- { { echo "$as_me:$LINENO: error: *** libwrap missing" >&5
-echo "$as_me: error: *** libwrap missing" >&2;}
- { (exit 1); exit 1; }; }
-
-
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
- LIBS="$saved_LIBS"
- fi
-
-
-fi;
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-for ac_func in arc4random b64_ntop bcopy bindresvport_sa \
- clock fchmod fchown freeaddrinfo futimes gai_strerror \
- getaddrinfo getcwd getgrouplist getnameinfo getopt \
- getrlimit getrusage getttyent glob inet_aton inet_ntoa \
- inet_ntop innetgr login_getcapbool md5_crypt memmove \
- mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \
- realpath recvmsg rresvport_af sendmsg setdtablesize setegid \
- setenv seteuid setlogin setproctitle setresgid setreuid setrlimit \
- setsid setvbuf sigaction sigvec snprintf socketpair strerror \
- strlcat strlcpy strmode strsep sysconf tcgetpgrp truncate utimes \
- vhangup vsnprintf waitpid __b64_ntop _getpty
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func (); below. */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- eval "$as_ac_var=yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-
-
-for ac_func in dirname
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func (); below. */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- eval "$as_ac_var=yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-for ac_header in libgen.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
- # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-@%:@include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_header_compiler=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-@%:@include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- egrep -v '^ *\+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
- ac_header_preproc=yes
-else
- echo "$as_me: failed program was:" >&5
- cat conftest.$ac_ext >&5
- ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc in
- yes:no )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
- no:yes )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- eval "$as_ac_Header=$ac_header_preproc"
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
-else
-
- echo "$as_me:$LINENO: checking for dirname in -lgen" >&5
-echo $ECHO_N "checking for dirname in -lgen... $ECHO_C" >&6
-if test "${ac_cv_lib_gen_dirname+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lgen $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char dirname ();
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-dirname ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_gen_dirname=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_gen_dirname=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_gen_dirname" >&5
-echo "${ECHO_T}$ac_cv_lib_gen_dirname" >&6
-if test $ac_cv_lib_gen_dirname = yes; then
-
- echo "$as_me:$LINENO: checking for broken dirname" >&5
-echo $ECHO_N "checking for broken dirname... $ECHO_C" >&6
-if test "${ac_cv_have_broken_dirname+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- save_LIBS="$LIBS"
- LIBS="$LIBS -lgen"
- if test "$cross_compiling" = yes; then
- { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5
-echo "$as_me: error: cannot run test program while cross compiling" >&2;}
- { (exit 1); exit 1; }; }
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <libgen.h>
-#include <string.h>
-
-int main(int argc, char **argv) {
- char *s, buf[32];
-
- strncpy(buf,"/etc", 32);
- s = dirname(buf);
- if (!s || strncmp(s, "/", 32) != 0) {
- exit(1);
- } else {
- exit(0);
- }
-}
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_have_broken_dirname="no"
-else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
- ac_cv_have_broken_dirname="yes"
-
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
- LIBS="$save_LIBS"
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have_broken_dirname" >&5
-echo "${ECHO_T}$ac_cv_have_broken_dirname" >&6
- if test "x$ac_cv_have_broken_dirname" = "xno" ; then
- LIBS="$LIBS -lgen"
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_DIRNAME 1
-_ACEOF
-
-
-for ac_header in libgen.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
- # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-@%:@include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_header_compiler=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-@%:@include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- egrep -v '^ *\+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
- ac_header_preproc=yes
-else
- echo "$as_me: failed program was:" >&5
- cat conftest.$ac_ext >&5
- ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc in
- yes:no )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
- no:yes )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- eval "$as_ac_Header=$ac_header_preproc"
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
- fi
-
-fi
-
-
-fi
-done
-
-
-
-
-for ac_func in gettimeofday time
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func (); below. */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- eval "$as_ac_var=yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-
-
-
-
-
-
-for ac_func in endutent getutent getutid getutline pututline setutent
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func (); below. */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- eval "$as_ac_var=yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-
-for ac_func in utmpname
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func (); below. */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- eval "$as_ac_var=yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-
-
-
-
-
-for ac_func in endutxent getutxent getutxid getutxline pututxline
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func (); below. */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- eval "$as_ac_var=yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-
-
-for ac_func in setutxent utmpxname
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func (); below. */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- eval "$as_ac_var=yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-
-echo "$as_me:$LINENO: checking for getuserattr" >&5
-echo $ECHO_N "checking for getuserattr... $ECHO_C" >&6
-if test "${ac_cv_func_getuserattr+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char getuserattr (); below. */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char getuserattr ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_getuserattr) || defined (__stub___getuserattr)
-choke me
-#else
-f = getuserattr;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_func_getuserattr=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_getuserattr=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_getuserattr" >&5
-echo "${ECHO_T}$ac_cv_func_getuserattr" >&6
-if test $ac_cv_func_getuserattr = yes; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_GETUSERATTR 1
-_ACEOF
-
-else
- echo "$as_me:$LINENO: checking for getuserattr in -ls" >&5
-echo $ECHO_N "checking for getuserattr in -ls... $ECHO_C" >&6
-if test "${ac_cv_lib_s_getuserattr+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ls $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char getuserattr ();
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-getuserattr ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_s_getuserattr=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_s_getuserattr=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_s_getuserattr" >&5
-echo "${ECHO_T}$ac_cv_lib_s_getuserattr" >&6
-if test $ac_cv_lib_s_getuserattr = yes; then
- LIBS="$LIBS -ls"; cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_GETUSERATTR 1
-_ACEOF
-
-fi
-
-
-fi
-
-
-echo "$as_me:$LINENO: checking for daemon" >&5
-echo $ECHO_N "checking for daemon... $ECHO_C" >&6
-if test "${ac_cv_func_daemon+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char daemon (); below. */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char daemon ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_daemon) || defined (__stub___daemon)
-choke me
-#else
-f = daemon;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_func_daemon=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_daemon=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_daemon" >&5
-echo "${ECHO_T}$ac_cv_func_daemon" >&6
-if test $ac_cv_func_daemon = yes; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_DAEMON 1
-_ACEOF
-
-else
- echo "$as_me:$LINENO: checking for daemon in -lbsd" >&5
-echo $ECHO_N "checking for daemon in -lbsd... $ECHO_C" >&6
-if test "${ac_cv_lib_bsd_daemon+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lbsd $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char daemon ();
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-daemon ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_bsd_daemon=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_bsd_daemon=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_bsd_daemon" >&5
-echo "${ECHO_T}$ac_cv_lib_bsd_daemon" >&6
-if test $ac_cv_lib_bsd_daemon = yes; then
- LIBS="$LIBS -lbsd"; cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_DAEMON 1
-_ACEOF
-
-fi
-
-
-fi
-
-
-echo "$as_me:$LINENO: checking for getpagesize" >&5
-echo $ECHO_N "checking for getpagesize... $ECHO_C" >&6
-if test "${ac_cv_func_getpagesize+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char getpagesize (); below. */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char getpagesize ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_getpagesize) || defined (__stub___getpagesize)
-choke me
-#else
-f = getpagesize;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_func_getpagesize=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_getpagesize=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_getpagesize" >&5
-echo "${ECHO_T}$ac_cv_func_getpagesize" >&6
-if test $ac_cv_func_getpagesize = yes; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_GETPAGESIZE 1
-_ACEOF
-
-else
- echo "$as_me:$LINENO: checking for getpagesize in -lucb" >&5
-echo $ECHO_N "checking for getpagesize in -lucb... $ECHO_C" >&6
-if test "${ac_cv_lib_ucb_getpagesize+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lucb $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char getpagesize ();
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-getpagesize ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_ucb_getpagesize=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_ucb_getpagesize=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_ucb_getpagesize" >&5
-echo "${ECHO_T}$ac_cv_lib_ucb_getpagesize" >&6
-if test $ac_cv_lib_ucb_getpagesize = yes; then
- LIBS="$LIBS -lucb"; cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_GETPAGESIZE 1
-_ACEOF
-
-fi
-
-
-fi
-
-
-# Check for broken snprintf
-if test "x$ac_cv_func_snprintf" = "xyes" ; then
- echo "$as_me:$LINENO: checking whether snprintf correctly terminates long strings" >&5
-echo $ECHO_N "checking whether snprintf correctly terminates long strings... $ECHO_C" >&6
- if test "$cross_compiling" = yes; then
- { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5
-echo "$as_me: error: cannot run test program while cross compiling" >&2;}
- { (exit 1); exit 1; }; }
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <stdio.h>
-int main(void){char b[5];snprintf(b,5,"123456789");return(b[4]!='\0');}
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- cat >>confdefs.h <<\_ACEOF
-@%:@define BROKEN_SNPRINTF 1
-_ACEOF
-
- { echo "$as_me:$LINENO: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&5
-echo "$as_me: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&2;}
-
-
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-
-echo "$as_me:$LINENO: checking whether getpgrp requires zero arguments" >&5
-echo $ECHO_N "checking whether getpgrp requires zero arguments... $ECHO_C" >&6
-if test "${ac_cv_func_getpgrp_void+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- # Use it with a single arg.
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-getpgrp (0);
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_func_getpgrp_void=no
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_func_getpgrp_void=yes
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_func_getpgrp_void" >&5
-echo "${ECHO_T}$ac_cv_func_getpgrp_void" >&6
-if test $ac_cv_func_getpgrp_void = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-@%:@define GETPGRP_VOID 1
-_ACEOF
-
-fi
-
-
-# Check for PAM libs
-PAM_MSG="no"
-
-# Check whether --with-pam or --without-pam was given.
-if test "${with_pam+set}" = set; then
- withval="$with_pam"
-
- if test "x$withval" != "xno" ; then
- if test "x$ac_cv_header_security_pam_appl_h" != "xyes" ; then
- { { echo "$as_me:$LINENO: error: PAM headers not found" >&5
-echo "$as_me: error: PAM headers not found" >&2;}
- { (exit 1); exit 1; }; }
- fi
-
-
-echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5
-echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6
-if test "${ac_cv_lib_dl_dlopen+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldl $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char dlopen ();
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-dlopen ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_dl_dlopen=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_dl_dlopen=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5
-echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6
-if test $ac_cv_lib_dl_dlopen = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define HAVE_LIBDL 1
-_ACEOF
-
- LIBS="-ldl $LIBS"
-
-fi
-
-
-echo "$as_me:$LINENO: checking for pam_set_item in -lpam" >&5
-echo $ECHO_N "checking for pam_set_item in -lpam... $ECHO_C" >&6
-if test "${ac_cv_lib_pam_pam_set_item+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lpam $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char pam_set_item ();
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-pam_set_item ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_pam_pam_set_item=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_pam_pam_set_item=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_pam_pam_set_item" >&5
-echo "${ECHO_T}$ac_cv_lib_pam_pam_set_item" >&6
-if test $ac_cv_lib_pam_pam_set_item = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define HAVE_LIBPAM 1
-_ACEOF
-
- LIBS="-lpam $LIBS"
-
-else
- { { echo "$as_me:$LINENO: error: *** libpam missing" >&5
-echo "$as_me: error: *** libpam missing" >&2;}
- { (exit 1); exit 1; }; }
-fi
-
-
-for ac_func in pam_getenvlist
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
-if eval "test \"\${$as_ac_var+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func (); below. */
-#include <assert.h>
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char $ac_func ();
-char (*f) ();
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
-choke me
-#else
-f = $ac_func;
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- eval "$as_ac_var=yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-eval "$as_ac_var=no"
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
-if test `eval echo '${'$as_ac_var'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-done
-
-
- disable_shadow=yes
- PAM_MSG="yes"
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define USE_PAM 1
-_ACEOF
-
- if test $ac_cv_lib_dl_dlopen = yes; then
- LIBPAM="-lpam -ldl"
- else
- LIBPAM="-lpam"
- fi
-
- fi
-
-
-fi;
-
-# Check for older PAM
-if test "x$PAM_MSG" = "xyes" ; then
- # Check PAM strerror arguments (old PAM)
- echo "$as_me:$LINENO: checking whether pam_strerror takes only one argument" >&5
-echo $ECHO_N "checking whether pam_strerror takes only one argument... $ECHO_C" >&6
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <stdlib.h>
-#include <security/pam_appl.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-(void)pam_strerror((pam_handle_t *)NULL, -1);
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_OLD_PAM 1
-_ACEOF
-
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
- PAM_MSG="yes (old library)"
-
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-
-# Search for OpenSSL
-saved_CPPFLAGS="$CPPFLAGS"
-saved_LDFLAGS="$LDFLAGS"
-
-# Check whether --with-ssl-dir or --without-ssl-dir was given.
-if test "${with_ssl_dir+set}" = set; then
- withval="$with_ssl_dir"
-
- if test "x$withval" != "xno" ; then
- if test -d "$withval/lib"; then
- if test -n "${need_dash_r}"; then
- LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
- else
- LDFLAGS="-L${withval}/lib ${LDFLAGS}"
- fi
- else
- if test -n "${need_dash_r}"; then
- LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
- else
- LDFLAGS="-L${withval} ${LDFLAGS}"
- fi
- fi
- if test -d "$withval/include"; then
- CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
- else
- CPPFLAGS="-I${withval} ${CPPFLAGS}"
- fi
- fi
-
-
-fi;
-LIBS="$LIBS -lcrypto"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char RAND_add ();
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-RAND_add ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_OPENSSL 1
-_ACEOF
-
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-
- if test -n "${need_dash_r}"; then
- LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
- else
- LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
- fi
- CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char RAND_add ();
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-RAND_add ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_OPENSSL 1
-_ACEOF
-
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-
- { { echo "$as_me:$LINENO: error: *** Can't find recent OpenSSL libcrypto (see config.log for details) ***" >&5
-echo "$as_me: error: *** Can't find recent OpenSSL libcrypto (see config.log for details) ***" >&2;}
- { (exit 1); exit 1; }; }
-
-
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-
-
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-
-
-# Sanity check OpenSSL headers
-echo "$as_me:$LINENO: checking whether OpenSSL's headers match the library" >&5
-echo $ECHO_N "checking whether OpenSSL's headers match the library... $ECHO_C" >&6
-if test "$cross_compiling" = yes; then
- { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5
-echo "$as_me: error: cannot run test program while cross compiling" >&2;}
- { (exit 1); exit 1; }; }
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <string.h>
-#include <openssl/opensslv.h>
-int main(void) { return(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
-
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-
-else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- { { echo "$as_me:$LINENO: error: Your OpenSSL headers do not match your library" >&5
-echo "$as_me: error: Your OpenSSL headers do not match your library" >&2;}
- { (exit 1); exit 1; }; }
-
-
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-
-# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
-# version in OpenSSL. Skip this for PAM
-if test "x$PAM_MSG" = "xno" -a "x$check_for_libcrypt_later" = "x1"; then
- echo "$as_me:$LINENO: checking for crypt in -lcrypt" >&5
-echo $ECHO_N "checking for crypt in -lcrypt... $ECHO_C" >&6
-if test "${ac_cv_lib_crypt_crypt+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lcrypt $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char crypt ();
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-crypt ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_crypt_crypt=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_crypt_crypt=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_crypt_crypt" >&5
-echo "${ECHO_T}$ac_cv_lib_crypt_crypt" >&6
-if test $ac_cv_lib_crypt_crypt = yes; then
- LIBS="$LIBS -lcrypt"
-fi
-
-fi
-
-
-### Configure cryptographic random number support
-
-# Check wheter OpenSSL seeds itself
-echo "$as_me:$LINENO: checking whether OpenSSL's PRNG is internally seeded" >&5
-echo $ECHO_N "checking whether OpenSSL's PRNG is internally seeded... $ECHO_C" >&6
-if test "$cross_compiling" = yes; then
- { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5
-echo "$as_me: error: cannot run test program while cross compiling" >&2;}
- { (exit 1); exit 1; }; }
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <string.h>
-#include <openssl/rand.h>
-int main(void) { return(RAND_status() == 1 ? 0 : 1); }
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
-
- OPENSSL_SEEDS_ITSELF=yes
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-
-else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- # Default to use of the rand helper if OpenSSL doesn't
- # seed itself
- USE_RAND_HELPER=yes
-
-
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-
-
-# Do we want to force the use of the rand helper?
-
-# Check whether --with-rand-helper or --without-rand-helper was given.
-if test "${with_rand_helper+set}" = set; then
- withval="$with_rand_helper"
-
- if test "x$withval" = "xno" ; then
- # Force use of OpenSSL's internal RNG, even if
- # the previous test showed it to be unseeded.
- if test -z "$OPENSSL_SEEDS_ITSELF" ; then
- { echo "$as_me:$LINENO: WARNING: *** Forcing use of OpenSSL's non-self-seeding PRNG" >&5
-echo "$as_me: WARNING: *** Forcing use of OpenSSL's non-self-seeding PRNG" >&2;}
- OPENSSL_SEEDS_ITSELF=yes
- USE_RAND_HELPER=""
- fi
- else
- USE_RAND_HELPER=yes
- fi
-
-fi;
-
-# Which randomness source do we use?
-if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then
- # OpenSSL only
- cat >>confdefs.h <<\_ACEOF
-@%:@define OPENSSL_PRNG_ONLY 1
-_ACEOF
-
- RAND_MSG="OpenSSL internal ONLY"
- INSTALL_SSH_RAND_HELPER=""
-elif test ! -z "$USE_RAND_HELPER" ; then
- # install rand helper
- RAND_MSG="ssh-rand-helper"
- INSTALL_SSH_RAND_HELPER="yes"
-fi
-
-
-### Configuration of ssh-rand-helper
-
-# PRNGD TCP socket
-
-# Check whether --with-prngd-port or --without-prngd-port was given.
-if test "${with_prngd_port+set}" = set; then
- withval="$with_prngd_port"
-
- case "$withval" in
- no)
- withval=""
- ;;
- [0-9]*)
- ;;
- *)
- { { echo "$as_me:$LINENO: error: You must specify a numeric port number for --with-prngd-port" >&5
-echo "$as_me: error: You must specify a numeric port number for --with-prngd-port" >&2;}
- { (exit 1); exit 1; }; }
- ;;
- esac
- if test ! -z "$withval" ; then
- PRNGD_PORT="$withval"
- cat >>confdefs.h <<_ACEOF
-@%:@define PRNGD_PORT $PRNGD_PORT
-_ACEOF
-
- fi
-
-
-fi;
-
-# PRNGD Unix domain socket
-
-# Check whether --with-prngd-socket or --without-prngd-socket was given.
-if test "${with_prngd_socket+set}" = set; then
- withval="$with_prngd_socket"
-
- case "$withval" in
- yes)
- withval="/var/run/egd-pool"
- ;;
- no)
- withval=""
- ;;
- /*)
- ;;
- *)
- { { echo "$as_me:$LINENO: error: You must specify an absolute path to the entropy socket" >&5
-echo "$as_me: error: You must specify an absolute path to the entropy socket" >&2;}
- { (exit 1); exit 1; }; }
- ;;
- esac
-
- if test ! -z "$withval" ; then
- if test ! -z "$PRNGD_PORT" ; then
- { { echo "$as_me:$LINENO: error: You may not specify both a PRNGD/EGD port and socket" >&5
-echo "$as_me: error: You may not specify both a PRNGD/EGD port and socket" >&2;}
- { (exit 1); exit 1; }; }
- fi
- if test ! -r "$withval" ; then
- { echo "$as_me:$LINENO: WARNING: Entropy socket is not readable" >&5
-echo "$as_me: WARNING: Entropy socket is not readable" >&2;}
- fi
- PRNGD_SOCKET="$withval"
- cat >>confdefs.h <<_ACEOF
-@%:@define PRNGD_SOCKET "$PRNGD_SOCKET"
-_ACEOF
-
- fi
-
-else
-
- # Check for existing socket only if we don't have a random device already
- if test "$USE_RAND_HELPER" = yes ; then
- echo "$as_me:$LINENO: checking for PRNGD/EGD socket" >&5
-echo $ECHO_N "checking for PRNGD/EGD socket... $ECHO_C" >&6
- # Insert other locations here
- for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do
- if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then
- PRNGD_SOCKET="$sock"
- cat >>confdefs.h <<_ACEOF
-@%:@define PRNGD_SOCKET "$PRNGD_SOCKET"
-_ACEOF
-
- break;
- fi
- done
- if test ! -z "$PRNGD_SOCKET" ; then
- echo "$as_me:$LINENO: result: $PRNGD_SOCKET" >&5
-echo "${ECHO_T}$PRNGD_SOCKET" >&6
- else
- echo "$as_me:$LINENO: result: not found" >&5
-echo "${ECHO_T}not found" >&6
- fi
- fi
-
-
-fi;
-
-# Change default command timeout for hashing entropy source
-entropy_timeout=200
-
-# Check whether --with-entropy-timeout or --without-entropy-timeout was given.
-if test "${with_entropy_timeout+set}" = set; then
- withval="$with_entropy_timeout"
-
- if test "x$withval" != "xno" ; then
- entropy_timeout=$withval
- fi
-
-
-fi;
-cat >>confdefs.h <<_ACEOF
-@%:@define ENTROPY_TIMEOUT_MSEC $entropy_timeout
-_ACEOF
-
-
-ssh_privsep_user=sshd
-
-# Check whether --with-privsep-user or --without-privsep-user was given.
-if test "${with_privsep_user+set}" = set; then
- withval="$with_privsep_user"
-
- if test -n "$withval"; then
- ssh_privsep_user=$withval
- fi
-
-
-fi;
-cat >>confdefs.h <<_ACEOF
-@%:@define SSH_PRIVSEP_USER "$ssh_privsep_user"
-_ACEOF
-
-
-# We do this little dance with the search path to insure
-# that programs that we select for use by installed programs
-# (which may be run by the super-user) come from trusted
-# locations before they come from the user's private area.
-# This should help avoid accidentally configuring some
-# random version of a program in someone's personal bin.
-
-OPATH=$PATH
-PATH=/bin:/usr/bin
-test -h /bin 2> /dev/null && PATH=/usr/bin
-test -d /sbin && PATH=$PATH:/sbin
-test -d /usr/sbin && PATH=$PATH:/usr/sbin
-PATH=$PATH:/etc:$OPATH
-
-# These programs are used by the command hashing source to gather entropy
-
- # Extract the first word of "ls", so it can be a program name with args.
-set dummy ls; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_PROG_LS+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $PROG_LS in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PROG_LS="$PROG_LS" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PROG_LS="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- ;;
-esac
-fi
-PROG_LS=$ac_cv_path_PROG_LS
-
-if test -n "$PROG_LS"; then
- echo "$as_me:$LINENO: result: $PROG_LS" >&5
-echo "${ECHO_T}$PROG_LS" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- if test -z "$PROG_LS" ; then
- PROG_LS="undef"
- fi
-
-
-
- # Extract the first word of "netstat", so it can be a program name with args.
-set dummy netstat; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_PROG_NETSTAT+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $PROG_NETSTAT in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PROG_NETSTAT="$PROG_NETSTAT" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PROG_NETSTAT="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- ;;
-esac
-fi
-PROG_NETSTAT=$ac_cv_path_PROG_NETSTAT
-
-if test -n "$PROG_NETSTAT"; then
- echo "$as_me:$LINENO: result: $PROG_NETSTAT" >&5
-echo "${ECHO_T}$PROG_NETSTAT" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- if test -z "$PROG_NETSTAT" ; then
- PROG_NETSTAT="undef"
- fi
-
-
-
- # Extract the first word of "arp", so it can be a program name with args.
-set dummy arp; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_PROG_ARP+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $PROG_ARP in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PROG_ARP="$PROG_ARP" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PROG_ARP="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- ;;
-esac
-fi
-PROG_ARP=$ac_cv_path_PROG_ARP
-
-if test -n "$PROG_ARP"; then
- echo "$as_me:$LINENO: result: $PROG_ARP" >&5
-echo "${ECHO_T}$PROG_ARP" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- if test -z "$PROG_ARP" ; then
- PROG_ARP="undef"
- fi
-
-
-
- # Extract the first word of "ifconfig", so it can be a program name with args.
-set dummy ifconfig; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_PROG_IFCONFIG+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $PROG_IFCONFIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PROG_IFCONFIG="$PROG_IFCONFIG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PROG_IFCONFIG="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- ;;
-esac
-fi
-PROG_IFCONFIG=$ac_cv_path_PROG_IFCONFIG
-
-if test -n "$PROG_IFCONFIG"; then
- echo "$as_me:$LINENO: result: $PROG_IFCONFIG" >&5
-echo "${ECHO_T}$PROG_IFCONFIG" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- if test -z "$PROG_IFCONFIG" ; then
- PROG_IFCONFIG="undef"
- fi
-
-
-
- # Extract the first word of "jstat", so it can be a program name with args.
-set dummy jstat; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_PROG_JSTAT+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $PROG_JSTAT in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PROG_JSTAT="$PROG_JSTAT" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PROG_JSTAT="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- ;;
-esac
-fi
-PROG_JSTAT=$ac_cv_path_PROG_JSTAT
-
-if test -n "$PROG_JSTAT"; then
- echo "$as_me:$LINENO: result: $PROG_JSTAT" >&5
-echo "${ECHO_T}$PROG_JSTAT" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- if test -z "$PROG_JSTAT" ; then
- PROG_JSTAT="undef"
- fi
-
-
-
- # Extract the first word of "ps", so it can be a program name with args.
-set dummy ps; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_PROG_PS+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $PROG_PS in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PROG_PS="$PROG_PS" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PROG_PS="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- ;;
-esac
-fi
-PROG_PS=$ac_cv_path_PROG_PS
-
-if test -n "$PROG_PS"; then
- echo "$as_me:$LINENO: result: $PROG_PS" >&5
-echo "${ECHO_T}$PROG_PS" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- if test -z "$PROG_PS" ; then
- PROG_PS="undef"
- fi
-
-
-
- # Extract the first word of "sar", so it can be a program name with args.
-set dummy sar; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_PROG_SAR+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $PROG_SAR in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PROG_SAR="$PROG_SAR" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PROG_SAR="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- ;;
-esac
-fi
-PROG_SAR=$ac_cv_path_PROG_SAR
-
-if test -n "$PROG_SAR"; then
- echo "$as_me:$LINENO: result: $PROG_SAR" >&5
-echo "${ECHO_T}$PROG_SAR" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- if test -z "$PROG_SAR" ; then
- PROG_SAR="undef"
- fi
-
-
-
- # Extract the first word of "w", so it can be a program name with args.
-set dummy w; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_PROG_W+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $PROG_W in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PROG_W="$PROG_W" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PROG_W="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- ;;
-esac
-fi
-PROG_W=$ac_cv_path_PROG_W
-
-if test -n "$PROG_W"; then
- echo "$as_me:$LINENO: result: $PROG_W" >&5
-echo "${ECHO_T}$PROG_W" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- if test -z "$PROG_W" ; then
- PROG_W="undef"
- fi
-
-
-
- # Extract the first word of "who", so it can be a program name with args.
-set dummy who; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_PROG_WHO+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $PROG_WHO in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PROG_WHO="$PROG_WHO" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PROG_WHO="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- ;;
-esac
-fi
-PROG_WHO=$ac_cv_path_PROG_WHO
-
-if test -n "$PROG_WHO"; then
- echo "$as_me:$LINENO: result: $PROG_WHO" >&5
-echo "${ECHO_T}$PROG_WHO" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- if test -z "$PROG_WHO" ; then
- PROG_WHO="undef"
- fi
-
-
-
- # Extract the first word of "last", so it can be a program name with args.
-set dummy last; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_PROG_LAST+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $PROG_LAST in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PROG_LAST="$PROG_LAST" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PROG_LAST="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- ;;
-esac
-fi
-PROG_LAST=$ac_cv_path_PROG_LAST
-
-if test -n "$PROG_LAST"; then
- echo "$as_me:$LINENO: result: $PROG_LAST" >&5
-echo "${ECHO_T}$PROG_LAST" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- if test -z "$PROG_LAST" ; then
- PROG_LAST="undef"
- fi
-
-
-
- # Extract the first word of "lastlog", so it can be a program name with args.
-set dummy lastlog; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_PROG_LASTLOG+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $PROG_LASTLOG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PROG_LASTLOG="$PROG_LASTLOG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PROG_LASTLOG="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- ;;
-esac
-fi
-PROG_LASTLOG=$ac_cv_path_PROG_LASTLOG
-
-if test -n "$PROG_LASTLOG"; then
- echo "$as_me:$LINENO: result: $PROG_LASTLOG" >&5
-echo "${ECHO_T}$PROG_LASTLOG" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- if test -z "$PROG_LASTLOG" ; then
- PROG_LASTLOG="undef"
- fi
-
-
-
- # Extract the first word of "df", so it can be a program name with args.
-set dummy df; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_PROG_DF+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $PROG_DF in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PROG_DF="$PROG_DF" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PROG_DF="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- ;;
-esac
-fi
-PROG_DF=$ac_cv_path_PROG_DF
-
-if test -n "$PROG_DF"; then
- echo "$as_me:$LINENO: result: $PROG_DF" >&5
-echo "${ECHO_T}$PROG_DF" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- if test -z "$PROG_DF" ; then
- PROG_DF="undef"
- fi
-
-
-
- # Extract the first word of "vmstat", so it can be a program name with args.
-set dummy vmstat; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_PROG_VMSTAT+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $PROG_VMSTAT in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PROG_VMSTAT="$PROG_VMSTAT" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PROG_VMSTAT="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- ;;
-esac
-fi
-PROG_VMSTAT=$ac_cv_path_PROG_VMSTAT
-
-if test -n "$PROG_VMSTAT"; then
- echo "$as_me:$LINENO: result: $PROG_VMSTAT" >&5
-echo "${ECHO_T}$PROG_VMSTAT" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- if test -z "$PROG_VMSTAT" ; then
- PROG_VMSTAT="undef"
- fi
-
-
-
- # Extract the first word of "uptime", so it can be a program name with args.
-set dummy uptime; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_PROG_UPTIME+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $PROG_UPTIME in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PROG_UPTIME="$PROG_UPTIME" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PROG_UPTIME="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- ;;
-esac
-fi
-PROG_UPTIME=$ac_cv_path_PROG_UPTIME
-
-if test -n "$PROG_UPTIME"; then
- echo "$as_me:$LINENO: result: $PROG_UPTIME" >&5
-echo "${ECHO_T}$PROG_UPTIME" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- if test -z "$PROG_UPTIME" ; then
- PROG_UPTIME="undef"
- fi
-
-
-
- # Extract the first word of "ipcs", so it can be a program name with args.
-set dummy ipcs; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_PROG_IPCS+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $PROG_IPCS in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PROG_IPCS="$PROG_IPCS" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PROG_IPCS="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- ;;
-esac
-fi
-PROG_IPCS=$ac_cv_path_PROG_IPCS
-
-if test -n "$PROG_IPCS"; then
- echo "$as_me:$LINENO: result: $PROG_IPCS" >&5
-echo "${ECHO_T}$PROG_IPCS" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- if test -z "$PROG_IPCS" ; then
- PROG_IPCS="undef"
- fi
-
-
-
- # Extract the first word of "tail", so it can be a program name with args.
-set dummy tail; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_PROG_TAIL+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $PROG_TAIL in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_PROG_TAIL="$PROG_TAIL" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PROG_TAIL="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- ;;
-esac
-fi
-PROG_TAIL=$ac_cv_path_PROG_TAIL
-
-if test -n "$PROG_TAIL"; then
- echo "$as_me:$LINENO: result: $PROG_TAIL" >&5
-echo "${ECHO_T}$PROG_TAIL" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- if test -z "$PROG_TAIL" ; then
- PROG_TAIL="undef"
- fi
-
-
-# restore PATH
-PATH=$OPATH
-
-# Where does ssh-rand-helper get its randomness from?
-INSTALL_SSH_PRNG_CMDS=""
-if test ! -z "$INSTALL_SSH_RAND_HELPER" ; then
- if test ! -z "$PRNGD_PORT" ; then
- RAND_HELPER_MSG="TCP localhost:$PRNGD_PORT"
- elif test ! -z "$PRNGD_SOCKET" ; then
- RAND_HELPER_MSG="Unix domain socket \"$PRNGD_SOCKET\""
- else
- RAND_HELPER_MSG="Command hashing (timeout $entropy_timeout)"
- RAND_HELPER_CMDHASH=yes
- INSTALL_SSH_PRNG_CMDS="yes"
- fi
-fi
-
-
-
-# Cheap hack to ensure NEWS-OS libraries are arranged right.
-if test ! -z "$SONY" ; then
- LIBS="$LIBS -liberty";
-fi
-
-# Checks for data types
-echo "$as_me:$LINENO: checking for char" >&5
-echo $ECHO_N "checking for char... $ECHO_C" >&6
-if test "${ac_cv_type_char+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((char *) 0)
- return 0;
-if (sizeof (char))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_type_char=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_char=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_char" >&5
-echo "${ECHO_T}$ac_cv_type_char" >&6
-
-echo "$as_me:$LINENO: checking size of char" >&5
-echo $ECHO_N "checking size of char... $ECHO_C" >&6
-if test "${ac_cv_sizeof_char+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test "$ac_cv_type_char" = yes; then
- # The cast to unsigned long works around a bug in the HP C Compiler
- # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
- # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
- # This bug is HP SR number 8606223364.
- if test "$cross_compiling" = yes; then
- # Depending upon the size, compute the lo and hi bounds.
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-static int test_array @<:@1 - 2 * !(((long) (sizeof (char))) >= 0)@:>@;
-test_array @<:@0@:>@ = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_lo=0 ac_mid=0
- while :; do
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-static int test_array @<:@1 - 2 * !(((long) (sizeof (char))) <= $ac_mid)@:>@;
-test_array @<:@0@:>@ = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_hi=$ac_mid; break
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_lo=`expr $ac_mid + 1`
- if test $ac_lo -le $ac_mid; then
- ac_lo= ac_hi=
- break
- fi
- ac_mid=`expr 2 '*' $ac_mid + 1`
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
- done
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-static int test_array @<:@1 - 2 * !(((long) (sizeof (char))) < 0)@:>@;
-test_array @<:@0@:>@ = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_hi=-1 ac_mid=-1
- while :; do
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-static int test_array @<:@1 - 2 * !(((long) (sizeof (char))) >= $ac_mid)@:>@;
-test_array @<:@0@:>@ = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_lo=$ac_mid; break
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_hi=`expr '(' $ac_mid ')' - 1`
- if test $ac_mid -le $ac_hi; then
- ac_lo= ac_hi=
- break
- fi
- ac_mid=`expr 2 '*' $ac_mid`
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
- done
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_lo= ac_hi=
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-# Binary search between lo and hi bounds.
-while test "x$ac_lo" != "x$ac_hi"; do
- ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo`
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-static int test_array @<:@1 - 2 * !(((long) (sizeof (char))) <= $ac_mid)@:>@;
-test_array @<:@0@:>@ = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_hi=$ac_mid
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_lo=`expr '(' $ac_mid ')' + 1`
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-done
-case $ac_lo in
-?*) ac_cv_sizeof_char=$ac_lo;;
-'') { { echo "$as_me:$LINENO: error: cannot compute sizeof (char), 77" >&5
-echo "$as_me: error: cannot compute sizeof (char), 77" >&2;}
- { (exit 1); exit 1; }; } ;;
-esac
-else
- if test "$cross_compiling" = yes; then
- { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5
-echo "$as_me: error: cannot run test program while cross compiling" >&2;}
- { (exit 1); exit 1; }; }
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-long longval () { return (long) (sizeof (char)); }
-unsigned long ulongval () { return (long) (sizeof (char)); }
-@%:@include <stdio.h>
-@%:@include <stdlib.h>
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
- FILE *f = fopen ("conftest.val", "w");
- if (! f)
- exit (1);
- if (((long) (sizeof (char))) < 0)
- {
- long i = longval ();
- if (i != ((long) (sizeof (char))))
- exit (1);
- fprintf (f, "%ld\n", i);
- }
- else
- {
- unsigned long i = ulongval ();
- if (i != ((long) (sizeof (char))))
- exit (1);
- fprintf (f, "%lu\n", i);
- }
- exit (ferror (f) || fclose (f) != 0);
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_sizeof_char=`cat conftest.val`
-else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-{ { echo "$as_me:$LINENO: error: cannot compute sizeof (char), 77" >&5
-echo "$as_me: error: cannot compute sizeof (char), 77" >&2;}
- { (exit 1); exit 1; }; }
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-rm -f conftest.val
-else
- ac_cv_sizeof_char=0
-fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_sizeof_char" >&5
-echo "${ECHO_T}$ac_cv_sizeof_char" >&6
-cat >>confdefs.h <<_ACEOF
-@%:@define SIZEOF_CHAR $ac_cv_sizeof_char
-_ACEOF
-
-
-echo "$as_me:$LINENO: checking for short int" >&5
-echo $ECHO_N "checking for short int... $ECHO_C" >&6
-if test "${ac_cv_type_short_int+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((short int *) 0)
- return 0;
-if (sizeof (short int))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_type_short_int=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_short_int=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_short_int" >&5
-echo "${ECHO_T}$ac_cv_type_short_int" >&6
-
-echo "$as_me:$LINENO: checking size of short int" >&5
-echo $ECHO_N "checking size of short int... $ECHO_C" >&6
-if test "${ac_cv_sizeof_short_int+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test "$ac_cv_type_short_int" = yes; then
- # The cast to unsigned long works around a bug in the HP C Compiler
- # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
- # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
- # This bug is HP SR number 8606223364.
- if test "$cross_compiling" = yes; then
- # Depending upon the size, compute the lo and hi bounds.
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-static int test_array @<:@1 - 2 * !(((long) (sizeof (short int))) >= 0)@:>@;
-test_array @<:@0@:>@ = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_lo=0 ac_mid=0
- while :; do
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-static int test_array @<:@1 - 2 * !(((long) (sizeof (short int))) <= $ac_mid)@:>@;
-test_array @<:@0@:>@ = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_hi=$ac_mid; break
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_lo=`expr $ac_mid + 1`
- if test $ac_lo -le $ac_mid; then
- ac_lo= ac_hi=
- break
- fi
- ac_mid=`expr 2 '*' $ac_mid + 1`
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
- done
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-static int test_array @<:@1 - 2 * !(((long) (sizeof (short int))) < 0)@:>@;
-test_array @<:@0@:>@ = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_hi=-1 ac_mid=-1
- while :; do
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-static int test_array @<:@1 - 2 * !(((long) (sizeof (short int))) >= $ac_mid)@:>@;
-test_array @<:@0@:>@ = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_lo=$ac_mid; break
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_hi=`expr '(' $ac_mid ')' - 1`
- if test $ac_mid -le $ac_hi; then
- ac_lo= ac_hi=
- break
- fi
- ac_mid=`expr 2 '*' $ac_mid`
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
- done
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_lo= ac_hi=
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-# Binary search between lo and hi bounds.
-while test "x$ac_lo" != "x$ac_hi"; do
- ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo`
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-static int test_array @<:@1 - 2 * !(((long) (sizeof (short int))) <= $ac_mid)@:>@;
-test_array @<:@0@:>@ = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_hi=$ac_mid
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_lo=`expr '(' $ac_mid ')' + 1`
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-done
-case $ac_lo in
-?*) ac_cv_sizeof_short_int=$ac_lo;;
-'') { { echo "$as_me:$LINENO: error: cannot compute sizeof (short int), 77" >&5
-echo "$as_me: error: cannot compute sizeof (short int), 77" >&2;}
- { (exit 1); exit 1; }; } ;;
-esac
-else
- if test "$cross_compiling" = yes; then
- { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5
-echo "$as_me: error: cannot run test program while cross compiling" >&2;}
- { (exit 1); exit 1; }; }
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-long longval () { return (long) (sizeof (short int)); }
-unsigned long ulongval () { return (long) (sizeof (short int)); }
-@%:@include <stdio.h>
-@%:@include <stdlib.h>
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
- FILE *f = fopen ("conftest.val", "w");
- if (! f)
- exit (1);
- if (((long) (sizeof (short int))) < 0)
- {
- long i = longval ();
- if (i != ((long) (sizeof (short int))))
- exit (1);
- fprintf (f, "%ld\n", i);
- }
- else
- {
- unsigned long i = ulongval ();
- if (i != ((long) (sizeof (short int))))
- exit (1);
- fprintf (f, "%lu\n", i);
- }
- exit (ferror (f) || fclose (f) != 0);
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_sizeof_short_int=`cat conftest.val`
-else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-{ { echo "$as_me:$LINENO: error: cannot compute sizeof (short int), 77" >&5
-echo "$as_me: error: cannot compute sizeof (short int), 77" >&2;}
- { (exit 1); exit 1; }; }
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-rm -f conftest.val
-else
- ac_cv_sizeof_short_int=0
-fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_sizeof_short_int" >&5
-echo "${ECHO_T}$ac_cv_sizeof_short_int" >&6
-cat >>confdefs.h <<_ACEOF
-@%:@define SIZEOF_SHORT_INT $ac_cv_sizeof_short_int
-_ACEOF
-
-
-echo "$as_me:$LINENO: checking for int" >&5
-echo $ECHO_N "checking for int... $ECHO_C" >&6
-if test "${ac_cv_type_int+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((int *) 0)
- return 0;
-if (sizeof (int))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_type_int=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_int=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_int" >&5
-echo "${ECHO_T}$ac_cv_type_int" >&6
-
-echo "$as_me:$LINENO: checking size of int" >&5
-echo $ECHO_N "checking size of int... $ECHO_C" >&6
-if test "${ac_cv_sizeof_int+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test "$ac_cv_type_int" = yes; then
- # The cast to unsigned long works around a bug in the HP C Compiler
- # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
- # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
- # This bug is HP SR number 8606223364.
- if test "$cross_compiling" = yes; then
- # Depending upon the size, compute the lo and hi bounds.
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-static int test_array @<:@1 - 2 * !(((long) (sizeof (int))) >= 0)@:>@;
-test_array @<:@0@:>@ = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_lo=0 ac_mid=0
- while :; do
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-static int test_array @<:@1 - 2 * !(((long) (sizeof (int))) <= $ac_mid)@:>@;
-test_array @<:@0@:>@ = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_hi=$ac_mid; break
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_lo=`expr $ac_mid + 1`
- if test $ac_lo -le $ac_mid; then
- ac_lo= ac_hi=
- break
- fi
- ac_mid=`expr 2 '*' $ac_mid + 1`
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
- done
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-static int test_array @<:@1 - 2 * !(((long) (sizeof (int))) < 0)@:>@;
-test_array @<:@0@:>@ = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_hi=-1 ac_mid=-1
- while :; do
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-static int test_array @<:@1 - 2 * !(((long) (sizeof (int))) >= $ac_mid)@:>@;
-test_array @<:@0@:>@ = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_lo=$ac_mid; break
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_hi=`expr '(' $ac_mid ')' - 1`
- if test $ac_mid -le $ac_hi; then
- ac_lo= ac_hi=
- break
- fi
- ac_mid=`expr 2 '*' $ac_mid`
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
- done
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_lo= ac_hi=
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-# Binary search between lo and hi bounds.
-while test "x$ac_lo" != "x$ac_hi"; do
- ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo`
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-static int test_array @<:@1 - 2 * !(((long) (sizeof (int))) <= $ac_mid)@:>@;
-test_array @<:@0@:>@ = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_hi=$ac_mid
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_lo=`expr '(' $ac_mid ')' + 1`
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-done
-case $ac_lo in
-?*) ac_cv_sizeof_int=$ac_lo;;
-'') { { echo "$as_me:$LINENO: error: cannot compute sizeof (int), 77" >&5
-echo "$as_me: error: cannot compute sizeof (int), 77" >&2;}
- { (exit 1); exit 1; }; } ;;
-esac
-else
- if test "$cross_compiling" = yes; then
- { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5
-echo "$as_me: error: cannot run test program while cross compiling" >&2;}
- { (exit 1); exit 1; }; }
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-long longval () { return (long) (sizeof (int)); }
-unsigned long ulongval () { return (long) (sizeof (int)); }
-@%:@include <stdio.h>
-@%:@include <stdlib.h>
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
- FILE *f = fopen ("conftest.val", "w");
- if (! f)
- exit (1);
- if (((long) (sizeof (int))) < 0)
- {
- long i = longval ();
- if (i != ((long) (sizeof (int))))
- exit (1);
- fprintf (f, "%ld\n", i);
- }
- else
- {
- unsigned long i = ulongval ();
- if (i != ((long) (sizeof (int))))
- exit (1);
- fprintf (f, "%lu\n", i);
- }
- exit (ferror (f) || fclose (f) != 0);
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_sizeof_int=`cat conftest.val`
-else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-{ { echo "$as_me:$LINENO: error: cannot compute sizeof (int), 77" >&5
-echo "$as_me: error: cannot compute sizeof (int), 77" >&2;}
- { (exit 1); exit 1; }; }
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-rm -f conftest.val
-else
- ac_cv_sizeof_int=0
-fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_sizeof_int" >&5
-echo "${ECHO_T}$ac_cv_sizeof_int" >&6
-cat >>confdefs.h <<_ACEOF
-@%:@define SIZEOF_INT $ac_cv_sizeof_int
-_ACEOF
-
-
-echo "$as_me:$LINENO: checking for long int" >&5
-echo $ECHO_N "checking for long int... $ECHO_C" >&6
-if test "${ac_cv_type_long_int+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((long int *) 0)
- return 0;
-if (sizeof (long int))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_type_long_int=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_long_int=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_long_int" >&5
-echo "${ECHO_T}$ac_cv_type_long_int" >&6
-
-echo "$as_me:$LINENO: checking size of long int" >&5
-echo $ECHO_N "checking size of long int... $ECHO_C" >&6
-if test "${ac_cv_sizeof_long_int+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test "$ac_cv_type_long_int" = yes; then
- # The cast to unsigned long works around a bug in the HP C Compiler
- # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
- # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
- # This bug is HP SR number 8606223364.
- if test "$cross_compiling" = yes; then
- # Depending upon the size, compute the lo and hi bounds.
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-static int test_array @<:@1 - 2 * !(((long) (sizeof (long int))) >= 0)@:>@;
-test_array @<:@0@:>@ = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_lo=0 ac_mid=0
- while :; do
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-static int test_array @<:@1 - 2 * !(((long) (sizeof (long int))) <= $ac_mid)@:>@;
-test_array @<:@0@:>@ = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_hi=$ac_mid; break
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_lo=`expr $ac_mid + 1`
- if test $ac_lo -le $ac_mid; then
- ac_lo= ac_hi=
- break
- fi
- ac_mid=`expr 2 '*' $ac_mid + 1`
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
- done
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-static int test_array @<:@1 - 2 * !(((long) (sizeof (long int))) < 0)@:>@;
-test_array @<:@0@:>@ = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_hi=-1 ac_mid=-1
- while :; do
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-static int test_array @<:@1 - 2 * !(((long) (sizeof (long int))) >= $ac_mid)@:>@;
-test_array @<:@0@:>@ = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_lo=$ac_mid; break
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_hi=`expr '(' $ac_mid ')' - 1`
- if test $ac_mid -le $ac_hi; then
- ac_lo= ac_hi=
- break
- fi
- ac_mid=`expr 2 '*' $ac_mid`
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
- done
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_lo= ac_hi=
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-# Binary search between lo and hi bounds.
-while test "x$ac_lo" != "x$ac_hi"; do
- ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo`
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-static int test_array @<:@1 - 2 * !(((long) (sizeof (long int))) <= $ac_mid)@:>@;
-test_array @<:@0@:>@ = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_hi=$ac_mid
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_lo=`expr '(' $ac_mid ')' + 1`
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-done
-case $ac_lo in
-?*) ac_cv_sizeof_long_int=$ac_lo;;
-'') { { echo "$as_me:$LINENO: error: cannot compute sizeof (long int), 77" >&5
-echo "$as_me: error: cannot compute sizeof (long int), 77" >&2;}
- { (exit 1); exit 1; }; } ;;
-esac
-else
- if test "$cross_compiling" = yes; then
- { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5
-echo "$as_me: error: cannot run test program while cross compiling" >&2;}
- { (exit 1); exit 1; }; }
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-long longval () { return (long) (sizeof (long int)); }
-unsigned long ulongval () { return (long) (sizeof (long int)); }
-@%:@include <stdio.h>
-@%:@include <stdlib.h>
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
- FILE *f = fopen ("conftest.val", "w");
- if (! f)
- exit (1);
- if (((long) (sizeof (long int))) < 0)
- {
- long i = longval ();
- if (i != ((long) (sizeof (long int))))
- exit (1);
- fprintf (f, "%ld\n", i);
- }
- else
- {
- unsigned long i = ulongval ();
- if (i != ((long) (sizeof (long int))))
- exit (1);
- fprintf (f, "%lu\n", i);
- }
- exit (ferror (f) || fclose (f) != 0);
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_sizeof_long_int=`cat conftest.val`
-else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-{ { echo "$as_me:$LINENO: error: cannot compute sizeof (long int), 77" >&5
-echo "$as_me: error: cannot compute sizeof (long int), 77" >&2;}
- { (exit 1); exit 1; }; }
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-rm -f conftest.val
-else
- ac_cv_sizeof_long_int=0
-fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_sizeof_long_int" >&5
-echo "${ECHO_T}$ac_cv_sizeof_long_int" >&6
-cat >>confdefs.h <<_ACEOF
-@%:@define SIZEOF_LONG_INT $ac_cv_sizeof_long_int
-_ACEOF
-
-
-echo "$as_me:$LINENO: checking for long long int" >&5
-echo $ECHO_N "checking for long long int... $ECHO_C" >&6
-if test "${ac_cv_type_long_long_int+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((long long int *) 0)
- return 0;
-if (sizeof (long long int))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_type_long_long_int=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_long_long_int=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_long_long_int" >&5
-echo "${ECHO_T}$ac_cv_type_long_long_int" >&6
-
-echo "$as_me:$LINENO: checking size of long long int" >&5
-echo $ECHO_N "checking size of long long int... $ECHO_C" >&6
-if test "${ac_cv_sizeof_long_long_int+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test "$ac_cv_type_long_long_int" = yes; then
- # The cast to unsigned long works around a bug in the HP C Compiler
- # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
- # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
- # This bug is HP SR number 8606223364.
- if test "$cross_compiling" = yes; then
- # Depending upon the size, compute the lo and hi bounds.
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-static int test_array @<:@1 - 2 * !(((long) (sizeof (long long int))) >= 0)@:>@;
-test_array @<:@0@:>@ = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_lo=0 ac_mid=0
- while :; do
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-static int test_array @<:@1 - 2 * !(((long) (sizeof (long long int))) <= $ac_mid)@:>@;
-test_array @<:@0@:>@ = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_hi=$ac_mid; break
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_lo=`expr $ac_mid + 1`
- if test $ac_lo -le $ac_mid; then
- ac_lo= ac_hi=
- break
- fi
- ac_mid=`expr 2 '*' $ac_mid + 1`
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
- done
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-static int test_array @<:@1 - 2 * !(((long) (sizeof (long long int))) < 0)@:>@;
-test_array @<:@0@:>@ = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_hi=-1 ac_mid=-1
- while :; do
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-static int test_array @<:@1 - 2 * !(((long) (sizeof (long long int))) >= $ac_mid)@:>@;
-test_array @<:@0@:>@ = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_lo=$ac_mid; break
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_hi=`expr '(' $ac_mid ')' - 1`
- if test $ac_mid -le $ac_hi; then
- ac_lo= ac_hi=
- break
- fi
- ac_mid=`expr 2 '*' $ac_mid`
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
- done
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_lo= ac_hi=
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-# Binary search between lo and hi bounds.
-while test "x$ac_lo" != "x$ac_hi"; do
- ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo`
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-static int test_array @<:@1 - 2 * !(((long) (sizeof (long long int))) <= $ac_mid)@:>@;
-test_array @<:@0@:>@ = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_hi=$ac_mid
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_lo=`expr '(' $ac_mid ')' + 1`
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-done
-case $ac_lo in
-?*) ac_cv_sizeof_long_long_int=$ac_lo;;
-'') { { echo "$as_me:$LINENO: error: cannot compute sizeof (long long int), 77" >&5
-echo "$as_me: error: cannot compute sizeof (long long int), 77" >&2;}
- { (exit 1); exit 1; }; } ;;
-esac
-else
- if test "$cross_compiling" = yes; then
- { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5
-echo "$as_me: error: cannot run test program while cross compiling" >&2;}
- { (exit 1); exit 1; }; }
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-long longval () { return (long) (sizeof (long long int)); }
-unsigned long ulongval () { return (long) (sizeof (long long int)); }
-@%:@include <stdio.h>
-@%:@include <stdlib.h>
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
- FILE *f = fopen ("conftest.val", "w");
- if (! f)
- exit (1);
- if (((long) (sizeof (long long int))) < 0)
- {
- long i = longval ();
- if (i != ((long) (sizeof (long long int))))
- exit (1);
- fprintf (f, "%ld\n", i);
- }
- else
- {
- unsigned long i = ulongval ();
- if (i != ((long) (sizeof (long long int))))
- exit (1);
- fprintf (f, "%lu\n", i);
- }
- exit (ferror (f) || fclose (f) != 0);
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_sizeof_long_long_int=`cat conftest.val`
-else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
-{ { echo "$as_me:$LINENO: error: cannot compute sizeof (long long int), 77" >&5
-echo "$as_me: error: cannot compute sizeof (long long int), 77" >&2;}
- { (exit 1); exit 1; }; }
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-rm -f conftest.val
-else
- ac_cv_sizeof_long_long_int=0
-fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_sizeof_long_long_int" >&5
-echo "${ECHO_T}$ac_cv_sizeof_long_long_int" >&6
-cat >>confdefs.h <<_ACEOF
-@%:@define SIZEOF_LONG_LONG_INT $ac_cv_sizeof_long_long_int
-_ACEOF
-
-
-
-# Sanity check long long for some platforms (AIX)
-if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
- ac_cv_sizeof_long_long_int=0
-fi
-
-# More checks for data types
-echo "$as_me:$LINENO: checking for u_int type" >&5
-echo $ECHO_N "checking for u_int type... $ECHO_C" >&6
-if test "${ac_cv_have_u_int+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
- #include <sys/types.h>
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- u_int a; a = 1;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_have_u_int="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_have_u_int="no"
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have_u_int" >&5
-echo "${ECHO_T}$ac_cv_have_u_int" >&6
-if test "x$ac_cv_have_u_int" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_U_INT 1
-_ACEOF
-
- have_u_int=1
-fi
-
-echo "$as_me:$LINENO: checking for intXX_t types" >&5
-echo $ECHO_N "checking for intXX_t types... $ECHO_C" >&6
-if test "${ac_cv_have_intxx_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
- #include <sys/types.h>
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- int8_t a; int16_t b; int32_t c; a = b = c = 1;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_have_intxx_t="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_have_intxx_t="no"
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have_intxx_t" >&5
-echo "${ECHO_T}$ac_cv_have_intxx_t" >&6
-if test "x$ac_cv_have_intxx_t" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_INTXX_T 1
-_ACEOF
-
- have_intxx_t=1
-fi
-
-if (test -z "$have_intxx_t" && \
- test "x$ac_cv_header_stdint_h" = "xyes")
-then
- echo "$as_me:$LINENO: checking for intXX_t types in stdint.h" >&5
-echo $ECHO_N "checking for intXX_t types in stdint.h... $ECHO_C" >&6
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
- #include <stdint.h>
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- int8_t a; int16_t b; int32_t c; a = b = c = 1;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_INTXX_T 1
-_ACEOF
-
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-
-echo "$as_me:$LINENO: checking for int64_t type" >&5
-echo $ECHO_N "checking for int64_t type... $ECHO_C" >&6
-if test "${ac_cv_have_int64_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
- #include <sys/types.h>
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- int64_t a; a = 1;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_have_int64_t="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_have_int64_t="no"
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have_int64_t" >&5
-echo "${ECHO_T}$ac_cv_have_int64_t" >&6
-if test "x$ac_cv_have_int64_t" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_INT64_T 1
-_ACEOF
-
- have_int64_t=1
-fi
-
-if test -z "$have_int64_t" ; then
- echo "$as_me:$LINENO: checking for int64_t type in sys/socket.h" >&5
-echo $ECHO_N "checking for int64_t type in sys/socket.h... $ECHO_C" >&6
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
- #include <sys/socket.h>
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- int64_t a; a = 1
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_INT64_T 1
-_ACEOF
-
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-
-if test -z "$have_int64_t" ; then
- echo "$as_me:$LINENO: checking for int64_t type in sys/bitypes.h" >&5
-echo $ECHO_N "checking for int64_t type in sys/bitypes.h... $ECHO_C" >&6
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
- #include <sys/bitypes.h>
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- int64_t a; a = 1
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_INT64_T 1
-_ACEOF
-
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-
-echo "$as_me:$LINENO: checking for u_intXX_t types" >&5
-echo $ECHO_N "checking for u_intXX_t types... $ECHO_C" >&6
-if test "${ac_cv_have_u_intxx_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
- #include <sys/types.h>
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_have_u_intxx_t="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_have_u_intxx_t="no"
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have_u_intxx_t" >&5
-echo "${ECHO_T}$ac_cv_have_u_intxx_t" >&6
-if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_U_INTXX_T 1
-_ACEOF
-
- have_u_intxx_t=1
-fi
-
-if test -z "$have_u_intxx_t" ; then
- echo "$as_me:$LINENO: checking for u_intXX_t types in sys/socket.h" >&5
-echo $ECHO_N "checking for u_intXX_t types in sys/socket.h... $ECHO_C" >&6
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
- #include <sys/socket.h>
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_U_INTXX_T 1
-_ACEOF
-
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-
-echo "$as_me:$LINENO: checking for u_int64_t types" >&5
-echo $ECHO_N "checking for u_int64_t types... $ECHO_C" >&6
-if test "${ac_cv_have_u_int64_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
- #include <sys/types.h>
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- u_int64_t a; a = 1;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_have_u_int64_t="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_have_u_int64_t="no"
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have_u_int64_t" >&5
-echo "${ECHO_T}$ac_cv_have_u_int64_t" >&6
-if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_U_INT64_T 1
-_ACEOF
-
- have_u_int64_t=1
-fi
-
-if test -z "$have_u_int64_t" ; then
- echo "$as_me:$LINENO: checking for u_int64_t type in sys/bitypes.h" >&5
-echo $ECHO_N "checking for u_int64_t type in sys/bitypes.h... $ECHO_C" >&6
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
- #include <sys/bitypes.h>
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- u_int64_t a; a = 1
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_U_INT64_T 1
-_ACEOF
-
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-
-if test -z "$have_u_intxx_t" ; then
- echo "$as_me:$LINENO: checking for uintXX_t types" >&5
-echo $ECHO_N "checking for uintXX_t types... $ECHO_C" >&6
-if test "${ac_cv_have_uintxx_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_have_uintxx_t="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_have_uintxx_t="no"
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have_uintxx_t" >&5
-echo "${ECHO_T}$ac_cv_have_uintxx_t" >&6
- if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_UINTXX_T 1
-_ACEOF
-
- fi
-fi
-
-if test -z "$have_uintxx_t" ; then
- echo "$as_me:$LINENO: checking for uintXX_t types in stdint.h" >&5
-echo $ECHO_N "checking for uintXX_t types in stdint.h... $ECHO_C" >&6
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
- #include <stdint.h>
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_UINTXX_T 1
-_ACEOF
-
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-
-if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \
- test "x$ac_cv_header_sys_bitypes_h" = "xyes")
-then
- echo "$as_me:$LINENO: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5
-echo $ECHO_N "checking for intXX_t and u_intXX_t types in sys/bitypes.h... $ECHO_C" >&6
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/bitypes.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
- int8_t a; int16_t b; int32_t c;
- u_int8_t e; u_int16_t f; u_int32_t g;
- a = b = c = e = f = g = 1;
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_U_INTXX_T 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_INTXX_T 1
-_ACEOF
-
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-
-
-echo "$as_me:$LINENO: checking for u_char" >&5
-echo $ECHO_N "checking for u_char... $ECHO_C" >&6
-if test "${ac_cv_have_u_char+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- u_char foo; foo = 125;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_have_u_char="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_have_u_char="no"
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have_u_char" >&5
-echo "${ECHO_T}$ac_cv_have_u_char" >&6
-if test "x$ac_cv_have_u_char" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_U_CHAR 1
-_ACEOF
-
-fi
-
-
- echo "$as_me:$LINENO: checking for socklen_t" >&5
-echo $ECHO_N "checking for socklen_t... $ECHO_C" >&6
-if test "${ac_cv_type_socklen_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <sys/types.h>
-#include <sys/socket.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((socklen_t *) 0)
- return 0;
-if (sizeof (socklen_t))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_type_socklen_t=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_socklen_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_socklen_t" >&5
-echo "${ECHO_T}$ac_cv_type_socklen_t" >&6
-if test $ac_cv_type_socklen_t = yes; then
- :
-else
-
- echo "$as_me:$LINENO: checking for socklen_t equivalent" >&5
-echo $ECHO_N "checking for socklen_t equivalent... $ECHO_C" >&6
- if test "${curl_cv_socklen_t_equiv+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- # Systems have either "struct sockaddr *" or
- # "void *" as the second argument to getpeername
- curl_cv_socklen_t_equiv=
- for arg2 in "struct sockaddr" void; do
- for t in int size_t unsigned long "unsigned long"; do
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
- #include <sys/types.h>
- #include <sys/socket.h>
-
- int getpeername (int, $arg2 *, $t *);
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-
- $t len;
- getpeername(0,0,&len);
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
-
- curl_cv_socklen_t_equiv="$t"
- break
-
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
- done
- done
-
- if test "x$curl_cv_socklen_t_equiv" = x; then
- { { echo "$as_me:$LINENO: error: Cannot find a type to use in place of socklen_t" >&5
-echo "$as_me: error: Cannot find a type to use in place of socklen_t" >&2;}
- { (exit 1); exit 1; }; }
- fi
-
-fi
-
- echo "$as_me:$LINENO: result: $curl_cv_socklen_t_equiv" >&5
-echo "${ECHO_T}$curl_cv_socklen_t_equiv" >&6
-
-cat >>confdefs.h <<_ACEOF
-@%:@define socklen_t $curl_cv_socklen_t_equiv
-_ACEOF
-
-fi
-
-
-
-echo "$as_me:$LINENO: checking for sig_atomic_t" >&5
-echo $ECHO_N "checking for sig_atomic_t... $ECHO_C" >&6
-if test "${ac_cv_type_sig_atomic_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <signal.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-if ((sig_atomic_t *) 0)
- return 0;
-if (sizeof (sig_atomic_t))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_type_sig_atomic_t=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_type_sig_atomic_t=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_type_sig_atomic_t" >&5
-echo "${ECHO_T}$ac_cv_type_sig_atomic_t" >&6
-if test $ac_cv_type_sig_atomic_t = yes; then
-
-cat >>confdefs.h <<_ACEOF
-@%:@define HAVE_SIG_ATOMIC_T 1
-_ACEOF
-
-
-fi
-
-
-echo "$as_me:$LINENO: checking for size_t" >&5
-echo $ECHO_N "checking for size_t... $ECHO_C" >&6
-if test "${ac_cv_have_size_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- size_t foo; foo = 1235;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_have_size_t="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_have_size_t="no"
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have_size_t" >&5
-echo "${ECHO_T}$ac_cv_have_size_t" >&6
-if test "x$ac_cv_have_size_t" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_SIZE_T 1
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking for ssize_t" >&5
-echo $ECHO_N "checking for ssize_t... $ECHO_C" >&6
-if test "${ac_cv_have_ssize_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- ssize_t foo; foo = 1235;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_have_ssize_t="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_have_ssize_t="no"
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have_ssize_t" >&5
-echo "${ECHO_T}$ac_cv_have_ssize_t" >&6
-if test "x$ac_cv_have_ssize_t" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_SSIZE_T 1
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking for clock_t" >&5
-echo $ECHO_N "checking for clock_t... $ECHO_C" >&6
-if test "${ac_cv_have_clock_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <time.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- clock_t foo; foo = 1235;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_have_clock_t="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_have_clock_t="no"
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have_clock_t" >&5
-echo "${ECHO_T}$ac_cv_have_clock_t" >&6
-if test "x$ac_cv_have_clock_t" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_CLOCK_T 1
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking for sa_family_t" >&5
-echo $ECHO_N "checking for sa_family_t... $ECHO_C" >&6
-if test "${ac_cv_have_sa_family_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-#include <sys/socket.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- sa_family_t foo; foo = 1235;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_have_sa_family_t="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- sa_family_t foo; foo = 1235;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_have_sa_family_t="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_have_sa_family_t="no"
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have_sa_family_t" >&5
-echo "${ECHO_T}$ac_cv_have_sa_family_t" >&6
-if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_SA_FAMILY_T 1
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking for pid_t" >&5
-echo $ECHO_N "checking for pid_t... $ECHO_C" >&6
-if test "${ac_cv_have_pid_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- pid_t foo; foo = 1235;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_have_pid_t="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_have_pid_t="no"
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have_pid_t" >&5
-echo "${ECHO_T}$ac_cv_have_pid_t" >&6
-if test "x$ac_cv_have_pid_t" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_PID_T 1
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking for mode_t" >&5
-echo $ECHO_N "checking for mode_t... $ECHO_C" >&6
-if test "${ac_cv_have_mode_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- mode_t foo; foo = 1235;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_have_mode_t="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_have_mode_t="no"
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have_mode_t" >&5
-echo "${ECHO_T}$ac_cv_have_mode_t" >&6
-if test "x$ac_cv_have_mode_t" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_MODE_T 1
-_ACEOF
-
-fi
-
-
-echo "$as_me:$LINENO: checking for struct sockaddr_storage" >&5
-echo $ECHO_N "checking for struct sockaddr_storage... $ECHO_C" >&6
-if test "${ac_cv_have_struct_sockaddr_storage+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-#include <sys/socket.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- struct sockaddr_storage s;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_have_struct_sockaddr_storage="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_have_struct_sockaddr_storage="no"
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have_struct_sockaddr_storage" >&5
-echo "${ECHO_T}$ac_cv_have_struct_sockaddr_storage" >&6
-if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_STRUCT_SOCKADDR_STORAGE 1
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking for struct sockaddr_in6" >&5
-echo $ECHO_N "checking for struct sockaddr_in6... $ECHO_C" >&6
-if test "${ac_cv_have_struct_sockaddr_in6+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-#include <netinet/in.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- struct sockaddr_in6 s; s.sin6_family = 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_have_struct_sockaddr_in6="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_have_struct_sockaddr_in6="no"
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have_struct_sockaddr_in6" >&5
-echo "${ECHO_T}$ac_cv_have_struct_sockaddr_in6" >&6
-if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_STRUCT_SOCKADDR_IN6 1
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking for struct in6_addr" >&5
-echo $ECHO_N "checking for struct in6_addr... $ECHO_C" >&6
-if test "${ac_cv_have_struct_in6_addr+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-#include <netinet/in.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- struct in6_addr s; s.s6_addr[0] = 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_have_struct_in6_addr="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_have_struct_in6_addr="no"
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have_struct_in6_addr" >&5
-echo "${ECHO_T}$ac_cv_have_struct_in6_addr" >&6
-if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_STRUCT_IN6_ADDR 1
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking for struct addrinfo" >&5
-echo $ECHO_N "checking for struct addrinfo... $ECHO_C" >&6
-if test "${ac_cv_have_struct_addrinfo+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netdb.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- struct addrinfo s; s.ai_flags = AI_PASSIVE;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_have_struct_addrinfo="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_have_struct_addrinfo="no"
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have_struct_addrinfo" >&5
-echo "${ECHO_T}$ac_cv_have_struct_addrinfo" >&6
-if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_STRUCT_ADDRINFO 1
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking for struct timeval" >&5
-echo $ECHO_N "checking for struct timeval... $ECHO_C" >&6
-if test "${ac_cv_have_struct_timeval+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
- #include <sys/time.h>
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- struct timeval tv; tv.tv_sec = 1;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_have_struct_timeval="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_have_struct_timeval="no"
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have_struct_timeval" >&5
-echo "${ECHO_T}$ac_cv_have_struct_timeval" >&6
-if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_STRUCT_TIMEVAL 1
-_ACEOF
-
- have_struct_timeval=1
-fi
-
-# If we don't have int64_t then we can't compile sftp-server. So don't
-# even attempt to do it.
-if test "x$ac_cv_have_int64_t" = "xno" -a \
- "x$ac_cv_sizeof_long_int" != "x8" -a \
- "x$ac_cv_sizeof_long_long_int" = "x0" ; then
- NO_SFTP='#'
-else
- if test "$cross_compiling" = yes; then
- { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5
-echo "$as_me: error: cannot run test program while cross compiling" >&2;}
- { (exit 1); exit 1; }; }
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <stdio.h>
-#include <string.h>
-#ifdef HAVE_SNPRINTF
-main()
-{
- char buf[50];
- char expected_out[50];
- int mazsize = 50 ;
-#if (SIZEOF_LONG_INT == 8)
- long int num = 0x7fffffffffffffff;
-#else
- long long num = 0x7fffffffffffffffll;
-#endif
- strcpy(expected_out, "9223372036854775807");
- snprintf(buf, mazsize, "%lld", num);
- if(strcmp(buf, expected_out) != 0)
- exit(1);
- exit(0);
-}
-#else
-main() { exit(0); }
-#endif
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- true
-else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
- cat >>confdefs.h <<\_ACEOF
-@%:@define BROKEN_SNPRINTF 1
-_ACEOF
-
-
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-fi
-
-
-
-# look for field 'ut_host' in header 'utmp.h'
- ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
- ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host
- echo "$as_me:$LINENO: checking for ut_host field in utmp.h" >&5
-echo $ECHO_N "checking for ut_host field in utmp.h... $ECHO_C" >&6
- if eval "test \"\${$ossh_varname+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <utmp.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- egrep "ut_host" >/dev/null 2>&1; then
- eval "$ossh_varname=yes"
-else
- eval "$ossh_varname=no"
-fi
-rm -f conftest*
-
-fi
-
- ossh_result=`eval 'echo $'"$ossh_varname"`
- if test -n "`echo $ossh_varname`"; then
- echo "$as_me:$LINENO: result: $ossh_result" >&5
-echo "${ECHO_T}$ossh_result" >&6
- if test "x$ossh_result" = "xyes"; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_HOST_IN_UTMP 1
-_ACEOF
-
- fi
- else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- fi
-
-
-# look for field 'ut_host' in header 'utmpx.h'
- ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
- ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host
- echo "$as_me:$LINENO: checking for ut_host field in utmpx.h" >&5
-echo $ECHO_N "checking for ut_host field in utmpx.h... $ECHO_C" >&6
- if eval "test \"\${$ossh_varname+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <utmpx.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- egrep "ut_host" >/dev/null 2>&1; then
- eval "$ossh_varname=yes"
-else
- eval "$ossh_varname=no"
-fi
-rm -f conftest*
-
-fi
-
- ossh_result=`eval 'echo $'"$ossh_varname"`
- if test -n "`echo $ossh_varname`"; then
- echo "$as_me:$LINENO: result: $ossh_result" >&5
-echo "${ECHO_T}$ossh_result" >&6
- if test "x$ossh_result" = "xyes"; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_HOST_IN_UTMPX 1
-_ACEOF
-
- fi
- else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- fi
-
-
-# look for field 'syslen' in header 'utmpx.h'
- ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
- ossh_varname="ossh_cv_$ossh_safe""_has_"syslen
- echo "$as_me:$LINENO: checking for syslen field in utmpx.h" >&5
-echo $ECHO_N "checking for syslen field in utmpx.h... $ECHO_C" >&6
- if eval "test \"\${$ossh_varname+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <utmpx.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- egrep "syslen" >/dev/null 2>&1; then
- eval "$ossh_varname=yes"
-else
- eval "$ossh_varname=no"
-fi
-rm -f conftest*
-
-fi
-
- ossh_result=`eval 'echo $'"$ossh_varname"`
- if test -n "`echo $ossh_varname`"; then
- echo "$as_me:$LINENO: result: $ossh_result" >&5
-echo "${ECHO_T}$ossh_result" >&6
- if test "x$ossh_result" = "xyes"; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_SYSLEN_IN_UTMPX 1
-_ACEOF
-
- fi
- else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- fi
-
-
-# look for field 'ut_pid' in header 'utmp.h'
- ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
- ossh_varname="ossh_cv_$ossh_safe""_has_"ut_pid
- echo "$as_me:$LINENO: checking for ut_pid field in utmp.h" >&5
-echo $ECHO_N "checking for ut_pid field in utmp.h... $ECHO_C" >&6
- if eval "test \"\${$ossh_varname+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <utmp.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- egrep "ut_pid" >/dev/null 2>&1; then
- eval "$ossh_varname=yes"
-else
- eval "$ossh_varname=no"
-fi
-rm -f conftest*
-
-fi
-
- ossh_result=`eval 'echo $'"$ossh_varname"`
- if test -n "`echo $ossh_varname`"; then
- echo "$as_me:$LINENO: result: $ossh_result" >&5
-echo "${ECHO_T}$ossh_result" >&6
- if test "x$ossh_result" = "xyes"; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_PID_IN_UTMP 1
-_ACEOF
-
- fi
- else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- fi
-
-
-# look for field 'ut_type' in header 'utmp.h'
- ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
- ossh_varname="ossh_cv_$ossh_safe""_has_"ut_type
- echo "$as_me:$LINENO: checking for ut_type field in utmp.h" >&5
-echo $ECHO_N "checking for ut_type field in utmp.h... $ECHO_C" >&6
- if eval "test \"\${$ossh_varname+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <utmp.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- egrep "ut_type" >/dev/null 2>&1; then
- eval "$ossh_varname=yes"
-else
- eval "$ossh_varname=no"
-fi
-rm -f conftest*
-
-fi
-
- ossh_result=`eval 'echo $'"$ossh_varname"`
- if test -n "`echo $ossh_varname`"; then
- echo "$as_me:$LINENO: result: $ossh_result" >&5
-echo "${ECHO_T}$ossh_result" >&6
- if test "x$ossh_result" = "xyes"; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_TYPE_IN_UTMP 1
-_ACEOF
-
- fi
- else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- fi
-
-
-# look for field 'ut_type' in header 'utmpx.h'
- ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
- ossh_varname="ossh_cv_$ossh_safe""_has_"ut_type
- echo "$as_me:$LINENO: checking for ut_type field in utmpx.h" >&5
-echo $ECHO_N "checking for ut_type field in utmpx.h... $ECHO_C" >&6
- if eval "test \"\${$ossh_varname+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <utmpx.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- egrep "ut_type" >/dev/null 2>&1; then
- eval "$ossh_varname=yes"
-else
- eval "$ossh_varname=no"
-fi
-rm -f conftest*
-
-fi
-
- ossh_result=`eval 'echo $'"$ossh_varname"`
- if test -n "`echo $ossh_varname`"; then
- echo "$as_me:$LINENO: result: $ossh_result" >&5
-echo "${ECHO_T}$ossh_result" >&6
- if test "x$ossh_result" = "xyes"; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_TYPE_IN_UTMPX 1
-_ACEOF
-
- fi
- else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- fi
-
-
-# look for field 'ut_tv' in header 'utmp.h'
- ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
- ossh_varname="ossh_cv_$ossh_safe""_has_"ut_tv
- echo "$as_me:$LINENO: checking for ut_tv field in utmp.h" >&5
-echo $ECHO_N "checking for ut_tv field in utmp.h... $ECHO_C" >&6
- if eval "test \"\${$ossh_varname+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <utmp.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- egrep "ut_tv" >/dev/null 2>&1; then
- eval "$ossh_varname=yes"
-else
- eval "$ossh_varname=no"
-fi
-rm -f conftest*
-
-fi
-
- ossh_result=`eval 'echo $'"$ossh_varname"`
- if test -n "`echo $ossh_varname`"; then
- echo "$as_me:$LINENO: result: $ossh_result" >&5
-echo "${ECHO_T}$ossh_result" >&6
- if test "x$ossh_result" = "xyes"; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_TV_IN_UTMP 1
-_ACEOF
-
- fi
- else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- fi
-
-
-# look for field 'ut_id' in header 'utmp.h'
- ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
- ossh_varname="ossh_cv_$ossh_safe""_has_"ut_id
- echo "$as_me:$LINENO: checking for ut_id field in utmp.h" >&5
-echo $ECHO_N "checking for ut_id field in utmp.h... $ECHO_C" >&6
- if eval "test \"\${$ossh_varname+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <utmp.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- egrep "ut_id" >/dev/null 2>&1; then
- eval "$ossh_varname=yes"
-else
- eval "$ossh_varname=no"
-fi
-rm -f conftest*
-
-fi
-
- ossh_result=`eval 'echo $'"$ossh_varname"`
- if test -n "`echo $ossh_varname`"; then
- echo "$as_me:$LINENO: result: $ossh_result" >&5
-echo "${ECHO_T}$ossh_result" >&6
- if test "x$ossh_result" = "xyes"; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_ID_IN_UTMP 1
-_ACEOF
-
- fi
- else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- fi
-
-
-# look for field 'ut_id' in header 'utmpx.h'
- ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
- ossh_varname="ossh_cv_$ossh_safe""_has_"ut_id
- echo "$as_me:$LINENO: checking for ut_id field in utmpx.h" >&5
-echo $ECHO_N "checking for ut_id field in utmpx.h... $ECHO_C" >&6
- if eval "test \"\${$ossh_varname+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <utmpx.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- egrep "ut_id" >/dev/null 2>&1; then
- eval "$ossh_varname=yes"
-else
- eval "$ossh_varname=no"
-fi
-rm -f conftest*
-
-fi
-
- ossh_result=`eval 'echo $'"$ossh_varname"`
- if test -n "`echo $ossh_varname`"; then
- echo "$as_me:$LINENO: result: $ossh_result" >&5
-echo "${ECHO_T}$ossh_result" >&6
- if test "x$ossh_result" = "xyes"; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_ID_IN_UTMPX 1
-_ACEOF
-
- fi
- else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- fi
-
-
-# look for field 'ut_addr' in header 'utmp.h'
- ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
- ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr
- echo "$as_me:$LINENO: checking for ut_addr field in utmp.h" >&5
-echo $ECHO_N "checking for ut_addr field in utmp.h... $ECHO_C" >&6
- if eval "test \"\${$ossh_varname+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <utmp.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- egrep "ut_addr" >/dev/null 2>&1; then
- eval "$ossh_varname=yes"
-else
- eval "$ossh_varname=no"
-fi
-rm -f conftest*
-
-fi
-
- ossh_result=`eval 'echo $'"$ossh_varname"`
- if test -n "`echo $ossh_varname`"; then
- echo "$as_me:$LINENO: result: $ossh_result" >&5
-echo "${ECHO_T}$ossh_result" >&6
- if test "x$ossh_result" = "xyes"; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_ADDR_IN_UTMP 1
-_ACEOF
-
- fi
- else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- fi
-
-
-# look for field 'ut_addr' in header 'utmpx.h'
- ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
- ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr
- echo "$as_me:$LINENO: checking for ut_addr field in utmpx.h" >&5
-echo $ECHO_N "checking for ut_addr field in utmpx.h... $ECHO_C" >&6
- if eval "test \"\${$ossh_varname+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <utmpx.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- egrep "ut_addr" >/dev/null 2>&1; then
- eval "$ossh_varname=yes"
-else
- eval "$ossh_varname=no"
-fi
-rm -f conftest*
-
-fi
-
- ossh_result=`eval 'echo $'"$ossh_varname"`
- if test -n "`echo $ossh_varname`"; then
- echo "$as_me:$LINENO: result: $ossh_result" >&5
-echo "${ECHO_T}$ossh_result" >&6
- if test "x$ossh_result" = "xyes"; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_ADDR_IN_UTMPX 1
-_ACEOF
-
- fi
- else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- fi
-
-
-# look for field 'ut_addr_v6' in header 'utmp.h'
- ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
- ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr_v6
- echo "$as_me:$LINENO: checking for ut_addr_v6 field in utmp.h" >&5
-echo $ECHO_N "checking for ut_addr_v6 field in utmp.h... $ECHO_C" >&6
- if eval "test \"\${$ossh_varname+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <utmp.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- egrep "ut_addr_v6" >/dev/null 2>&1; then
- eval "$ossh_varname=yes"
-else
- eval "$ossh_varname=no"
-fi
-rm -f conftest*
-
-fi
-
- ossh_result=`eval 'echo $'"$ossh_varname"`
- if test -n "`echo $ossh_varname`"; then
- echo "$as_me:$LINENO: result: $ossh_result" >&5
-echo "${ECHO_T}$ossh_result" >&6
- if test "x$ossh_result" = "xyes"; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_ADDR_V6_IN_UTMP 1
-_ACEOF
-
- fi
- else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- fi
-
-
-# look for field 'ut_addr_v6' in header 'utmpx.h'
- ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
- ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr_v6
- echo "$as_me:$LINENO: checking for ut_addr_v6 field in utmpx.h" >&5
-echo $ECHO_N "checking for ut_addr_v6 field in utmpx.h... $ECHO_C" >&6
- if eval "test \"\${$ossh_varname+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <utmpx.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- egrep "ut_addr_v6" >/dev/null 2>&1; then
- eval "$ossh_varname=yes"
-else
- eval "$ossh_varname=no"
-fi
-rm -f conftest*
-
-fi
-
- ossh_result=`eval 'echo $'"$ossh_varname"`
- if test -n "`echo $ossh_varname`"; then
- echo "$as_me:$LINENO: result: $ossh_result" >&5
-echo "${ECHO_T}$ossh_result" >&6
- if test "x$ossh_result" = "xyes"; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_ADDR_V6_IN_UTMPX 1
-_ACEOF
-
- fi
- else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- fi
-
-
-# look for field 'ut_exit' in header 'utmp.h'
- ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
- ossh_varname="ossh_cv_$ossh_safe""_has_"ut_exit
- echo "$as_me:$LINENO: checking for ut_exit field in utmp.h" >&5
-echo $ECHO_N "checking for ut_exit field in utmp.h... $ECHO_C" >&6
- if eval "test \"\${$ossh_varname+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <utmp.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- egrep "ut_exit" >/dev/null 2>&1; then
- eval "$ossh_varname=yes"
-else
- eval "$ossh_varname=no"
-fi
-rm -f conftest*
-
-fi
-
- ossh_result=`eval 'echo $'"$ossh_varname"`
- if test -n "`echo $ossh_varname`"; then
- echo "$as_me:$LINENO: result: $ossh_result" >&5
-echo "${ECHO_T}$ossh_result" >&6
- if test "x$ossh_result" = "xyes"; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_EXIT_IN_UTMP 1
-_ACEOF
-
- fi
- else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- fi
-
-
-# look for field 'ut_time' in header 'utmp.h'
- ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
- ossh_varname="ossh_cv_$ossh_safe""_has_"ut_time
- echo "$as_me:$LINENO: checking for ut_time field in utmp.h" >&5
-echo $ECHO_N "checking for ut_time field in utmp.h... $ECHO_C" >&6
- if eval "test \"\${$ossh_varname+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <utmp.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- egrep "ut_time" >/dev/null 2>&1; then
- eval "$ossh_varname=yes"
-else
- eval "$ossh_varname=no"
-fi
-rm -f conftest*
-
-fi
-
- ossh_result=`eval 'echo $'"$ossh_varname"`
- if test -n "`echo $ossh_varname`"; then
- echo "$as_me:$LINENO: result: $ossh_result" >&5
-echo "${ECHO_T}$ossh_result" >&6
- if test "x$ossh_result" = "xyes"; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_TIME_IN_UTMP 1
-_ACEOF
-
- fi
- else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- fi
-
-
-# look for field 'ut_time' in header 'utmpx.h'
- ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
- ossh_varname="ossh_cv_$ossh_safe""_has_"ut_time
- echo "$as_me:$LINENO: checking for ut_time field in utmpx.h" >&5
-echo $ECHO_N "checking for ut_time field in utmpx.h... $ECHO_C" >&6
- if eval "test \"\${$ossh_varname+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <utmpx.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- egrep "ut_time" >/dev/null 2>&1; then
- eval "$ossh_varname=yes"
-else
- eval "$ossh_varname=no"
-fi
-rm -f conftest*
-
-fi
-
- ossh_result=`eval 'echo $'"$ossh_varname"`
- if test -n "`echo $ossh_varname`"; then
- echo "$as_me:$LINENO: result: $ossh_result" >&5
-echo "${ECHO_T}$ossh_result" >&6
- if test "x$ossh_result" = "xyes"; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_TIME_IN_UTMPX 1
-_ACEOF
-
- fi
- else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- fi
-
-
-# look for field 'ut_tv' in header 'utmpx.h'
- ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'`
- ossh_varname="ossh_cv_$ossh_safe""_has_"ut_tv
- echo "$as_me:$LINENO: checking for ut_tv field in utmpx.h" >&5
-echo $ECHO_N "checking for ut_tv field in utmpx.h... $ECHO_C" >&6
- if eval "test \"\${$ossh_varname+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-#include <utmpx.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- egrep "ut_tv" >/dev/null 2>&1; then
- eval "$ossh_varname=yes"
-else
- eval "$ossh_varname=no"
-fi
-rm -f conftest*
-
-fi
-
- ossh_result=`eval 'echo $'"$ossh_varname"`
- if test -n "`echo $ossh_varname`"; then
- echo "$as_me:$LINENO: result: $ossh_result" >&5
-echo "${ECHO_T}$ossh_result" >&6
- if test "x$ossh_result" = "xyes"; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_TV_IN_UTMPX 1
-_ACEOF
-
- fi
- else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- fi
-
-
-echo "$as_me:$LINENO: checking for struct stat.st_blksize" >&5
-echo $ECHO_N "checking for struct stat.st_blksize... $ECHO_C" >&6
-if test "${ac_cv_member_struct_stat_st_blksize+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-static struct stat ac_aggr;
-if (ac_aggr.st_blksize)
-return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_member_struct_stat_st_blksize=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_member_struct_stat_st_blksize=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-fi
-echo "$as_me:$LINENO: result: $ac_cv_member_struct_stat_st_blksize" >&5
-echo "${ECHO_T}$ac_cv_member_struct_stat_st_blksize" >&6
-if test $ac_cv_member_struct_stat_st_blksize = yes; then
-
-cat >>confdefs.h <<_ACEOF
-@%:@define HAVE_STRUCT_STAT_ST_BLKSIZE 1
-_ACEOF
-
-
-fi
-
-
-echo "$as_me:$LINENO: checking for ss_family field in struct sockaddr_storage" >&5
-echo $ECHO_N "checking for ss_family field in struct sockaddr_storage... $ECHO_C" >&6
-if test "${ac_cv_have_ss_family_in_struct_ss+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-#include <sys/socket.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- struct sockaddr_storage s; s.ss_family = 1;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_have_ss_family_in_struct_ss="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_have_ss_family_in_struct_ss="no"
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have_ss_family_in_struct_ss" >&5
-echo "${ECHO_T}$ac_cv_have_ss_family_in_struct_ss" >&6
-if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_SS_FAMILY_IN_SS 1
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking for __ss_family field in struct sockaddr_storage" >&5
-echo $ECHO_N "checking for __ss_family field in struct sockaddr_storage... $ECHO_C" >&6
-if test "${ac_cv_have___ss_family_in_struct_ss+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-#include <sys/socket.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- struct sockaddr_storage s; s.__ss_family = 1;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_have___ss_family_in_struct_ss="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_have___ss_family_in_struct_ss="no"
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have___ss_family_in_struct_ss" >&5
-echo "${ECHO_T}$ac_cv_have___ss_family_in_struct_ss" >&6
-if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE___SS_FAMILY_IN_SS 1
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking for pw_class field in struct passwd" >&5
-echo $ECHO_N "checking for pw_class field in struct passwd... $ECHO_C" >&6
-if test "${ac_cv_have_pw_class_in_struct_passwd+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <pwd.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- struct passwd p; p.pw_class = 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_have_pw_class_in_struct_passwd="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_have_pw_class_in_struct_passwd="no"
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have_pw_class_in_struct_passwd" >&5
-echo "${ECHO_T}$ac_cv_have_pw_class_in_struct_passwd" >&6
-if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_PW_CLASS_IN_PASSWD 1
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking for pw_expire field in struct passwd" >&5
-echo $ECHO_N "checking for pw_expire field in struct passwd... $ECHO_C" >&6
-if test "${ac_cv_have_pw_expire_in_struct_passwd+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <pwd.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- struct passwd p; p.pw_expire = 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_have_pw_expire_in_struct_passwd="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_have_pw_expire_in_struct_passwd="no"
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have_pw_expire_in_struct_passwd" >&5
-echo "${ECHO_T}$ac_cv_have_pw_expire_in_struct_passwd" >&6
-if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_PW_EXPIRE_IN_PASSWD 1
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking for pw_change field in struct passwd" >&5
-echo $ECHO_N "checking for pw_change field in struct passwd... $ECHO_C" >&6
-if test "${ac_cv_have_pw_change_in_struct_passwd+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <pwd.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- struct passwd p; p.pw_change = 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_have_pw_change_in_struct_passwd="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_have_pw_change_in_struct_passwd="no"
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have_pw_change_in_struct_passwd" >&5
-echo "${ECHO_T}$ac_cv_have_pw_change_in_struct_passwd" >&6
-if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_PW_CHANGE_IN_PASSWD 1
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking for msg_accrights field in struct msghdr" >&5
-echo $ECHO_N "checking for msg_accrights field in struct msghdr... $ECHO_C" >&6
-if test "${ac_cv_have_accrights_in_msghdr+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/uio.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- struct msghdr m; m.msg_accrights = 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_have_accrights_in_msghdr="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_have_accrights_in_msghdr="no"
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have_accrights_in_msghdr" >&5
-echo "${ECHO_T}$ac_cv_have_accrights_in_msghdr" >&6
-if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_ACCRIGHTS_IN_MSGHDR 1
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking for msg_control field in struct msghdr" >&5
-echo $ECHO_N "checking for msg_control field in struct msghdr... $ECHO_C" >&6
-if test "${ac_cv_have_control_in_msghdr+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/uio.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- struct msghdr m; m.msg_control = 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_have_control_in_msghdr="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_have_control_in_msghdr="no"
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have_control_in_msghdr" >&5
-echo "${ECHO_T}$ac_cv_have_control_in_msghdr" >&6
-if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_CONTROL_IN_MSGHDR 1
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking if libc defines __progname" >&5
-echo $ECHO_N "checking if libc defines __progname... $ECHO_C" >&6
-if test "${ac_cv_libc_defines___progname+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- extern char *__progname; printf("%s", __progname);
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_libc_defines___progname="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_libc_defines___progname="no"
-
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_libc_defines___progname" >&5
-echo "${ECHO_T}$ac_cv_libc_defines___progname" >&6
-if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE___PROGNAME 1
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking whether $CC implements __FUNCTION__" >&5
-echo $ECHO_N "checking whether $CC implements __FUNCTION__... $ECHO_C" >&6
-if test "${ac_cv_cc_implements___FUNCTION__+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <stdio.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- printf("%s", __FUNCTION__);
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_cc_implements___FUNCTION__="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_cc_implements___FUNCTION__="no"
-
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_cc_implements___FUNCTION__" >&5
-echo "${ECHO_T}$ac_cv_cc_implements___FUNCTION__" >&6
-if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE___FUNCTION__ 1
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking whether $CC implements __func__" >&5
-echo $ECHO_N "checking whether $CC implements __func__... $ECHO_C" >&6
-if test "${ac_cv_cc_implements___func__+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <stdio.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- printf("%s", __func__);
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_cc_implements___func__="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_cc_implements___func__="no"
-
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_cc_implements___func__" >&5
-echo "${ECHO_T}$ac_cv_cc_implements___func__" >&6
-if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE___func__ 1
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking whether getopt has optreset support" >&5
-echo $ECHO_N "checking whether getopt has optreset support... $ECHO_C" >&6
-if test "${ac_cv_have_getopt_optreset+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <getopt.h>
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- extern int optreset; optreset = 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_have_getopt_optreset="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_have_getopt_optreset="no"
-
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_have_getopt_optreset" >&5
-echo "${ECHO_T}$ac_cv_have_getopt_optreset" >&6
-if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_GETOPT_OPTRESET 1
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking if libc defines sys_errlist" >&5
-echo $ECHO_N "checking if libc defines sys_errlist... $ECHO_C" >&6
-if test "${ac_cv_libc_defines_sys_errlist+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_libc_defines_sys_errlist="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_libc_defines_sys_errlist="no"
-
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_libc_defines_sys_errlist" >&5
-echo "${ECHO_T}$ac_cv_libc_defines_sys_errlist" >&6
-if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_SYS_ERRLIST 1
-_ACEOF
-
-fi
-
-
-echo "$as_me:$LINENO: checking if libc defines sys_nerr" >&5
-echo $ECHO_N "checking if libc defines sys_nerr... $ECHO_C" >&6
-if test "${ac_cv_libc_defines_sys_nerr+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
-
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- extern int sys_nerr; printf("%i", sys_nerr);
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_libc_defines_sys_nerr="yes"
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- ac_cv_libc_defines_sys_nerr="no"
-
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-
-fi
-echo "$as_me:$LINENO: result: $ac_cv_libc_defines_sys_nerr" >&5
-echo "${ECHO_T}$ac_cv_libc_defines_sys_nerr" >&6
-if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_SYS_NERR 1
-_ACEOF
-
-fi
-
-SCARD_MSG="no"
-
-# Check whether user wants sectok support
-
-# Check whether --with-sectok or --without-sectok was given.
-if test "${with_sectok+set}" = set; then
- withval="$with_sectok"
-
- if test "x$withval" != "xno" ; then
- if test "x$withval" != "xyes" ; then
- CPPFLAGS="$CPPFLAGS -I${withval}"
- LDFLAGS="$LDFLAGS -L${withval}"
- if test ! -z "$need_dash_r" ; then
- LDFLAGS="$LDFLAGS -R${withval}"
- fi
- if test ! -z "$blibpath" ; then
- blibpath="$blibpath:${withval}"
- fi
- fi
-
-for ac_header in sectok.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
- # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-@%:@include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_header_compiler=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-@%:@include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- egrep -v '^ *\+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
- ac_header_preproc=yes
-else
- echo "$as_me: failed program was:" >&5
- cat conftest.$ac_ext >&5
- ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc in
- yes:no )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
- no:yes )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- eval "$as_ac_Header=$ac_header_preproc"
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
- if test "$ac_cv_header_sectok_h" != yes; then
- { { echo "$as_me:$LINENO: error: Can't find sectok.h" >&5
-echo "$as_me: error: Can't find sectok.h" >&2;}
- { (exit 1); exit 1; }; }
- fi
-
-echo "$as_me:$LINENO: checking for sectok_open in -lsectok" >&5
-echo $ECHO_N "checking for sectok_open in -lsectok... $ECHO_C" >&6
-if test "${ac_cv_lib_sectok_sectok_open+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lsectok $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char sectok_open ();
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-sectok_open ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_sectok_sectok_open=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_sectok_sectok_open=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_sectok_sectok_open" >&5
-echo "${ECHO_T}$ac_cv_lib_sectok_sectok_open" >&6
-if test $ac_cv_lib_sectok_sectok_open = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define HAVE_LIBSECTOK 1
-_ACEOF
-
- LIBS="-lsectok $LIBS"
-
-fi
-
- if test "$ac_cv_lib_sectok_sectok_open" != yes; then
- { { echo "$as_me:$LINENO: error: Can't find libsectok" >&5
-echo "$as_me: error: Can't find libsectok" >&2;}
- { (exit 1); exit 1; }; }
- fi
- cat >>confdefs.h <<\_ACEOF
-@%:@define SMARTCARD 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define USE_SECTOK 1
-_ACEOF
-
- SCARD_MSG="yes, using sectok"
- fi
-
-
-fi;
-
-# Check whether user wants OpenSC support
-
-# Check whether --with-opensc or --without-opensc was given.
-if test "${with_opensc+set}" = set; then
- withval="$with_opensc"
- opensc_config_prefix="$withval"
-else
- opensc_config_prefix=""
-fi;
-if test x$opensc_config_prefix != x ; then
- OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config
- # Extract the first word of "opensc-config", so it can be a program name with args.
-set dummy opensc-config; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_OPENSC_CONFIG+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $OPENSC_CONFIG in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_OPENSC_CONFIG="$OPENSC_CONFIG" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_OPENSC_CONFIG="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- test -z "$ac_cv_path_OPENSC_CONFIG" && ac_cv_path_OPENSC_CONFIG="no"
- ;;
-esac
-fi
-OPENSC_CONFIG=$ac_cv_path_OPENSC_CONFIG
-
-if test -n "$OPENSC_CONFIG"; then
- echo "$as_me:$LINENO: result: $OPENSC_CONFIG" >&5
-echo "${ECHO_T}$OPENSC_CONFIG" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- if test "$OPENSC_CONFIG" != "no"; then
- LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
- LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
- CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
- LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
- cat >>confdefs.h <<\_ACEOF
-@%:@define SMARTCARD 1
-_ACEOF
-
- cat >>confdefs.h <<\_ACEOF
-@%:@define USE_OPENSC 1
-_ACEOF
-
- SCARD_MSG="yes, using OpenSC"
- fi
-fi
-
-# Check whether user wants Kerberos 5 support
-KRB5_MSG="no"
-
-# Check whether --with-kerberos5 or --without-kerberos5 was given.
-if test "${with_kerberos5+set}" = set; then
- withval="$with_kerberos5"
-
- if test "x$withval" != "xno" ; then
- if test "x$withval" = "xyes" ; then
- KRB5ROOT="/usr/local"
- else
- KRB5ROOT=${withval}
- fi
- CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
- LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
- cat >>confdefs.h <<\_ACEOF
-@%:@define KRB5 1
-_ACEOF
-
- KRB5_MSG="yes"
- echo "$as_me:$LINENO: checking whether we are using Heimdal" >&5
-echo $ECHO_N "checking whether we are using Heimdal... $ECHO_C" >&6
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
- #include <krb5.h>
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- char *tmp = heimdal_version;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
- cat >>confdefs.h <<\_ACEOF
-@%:@define HEIMDAL 1
-_ACEOF
-
- K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken"
-
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- K5LIBS="-lkrb5 -lk5crypto -lcom_err"
-
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
- if test ! -z "$need_dash_r" ; then
- LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
- fi
- if test ! -z "$blibpath" ; then
- blibpath="$blibpath:${KRB5ROOT}/lib"
- fi
-
-echo "$as_me:$LINENO: checking for dn_expand in -lresolv" >&5
-echo $ECHO_N "checking for dn_expand in -lresolv... $ECHO_C" >&6
-if test "${ac_cv_lib_resolv_dn_expand+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lresolv $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char dn_expand ();
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-dn_expand ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_resolv_dn_expand=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_resolv_dn_expand=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_resolv_dn_expand" >&5
-echo "${ECHO_T}$ac_cv_lib_resolv_dn_expand" >&6
-if test $ac_cv_lib_resolv_dn_expand = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define HAVE_LIBRESOLV 1
-_ACEOF
-
- LIBS="-lresolv $LIBS"
-
-fi
-
-
- KRB5=yes
- fi
-
-
-fi;
-# Check whether user wants Kerberos 4 support
-KRB4_MSG="no"
-
-# Check whether --with-kerberos4 or --without-kerberos4 was given.
-if test "${with_kerberos4+set}" = set; then
- withval="$with_kerberos4"
-
- if test "x$withval" != "xno" ; then
- if test "x$withval" != "xyes" ; then
- CPPFLAGS="$CPPFLAGS -I${withval}/include"
- LDFLAGS="$LDFLAGS -L${withval}/lib"
- if test ! -z "$need_dash_r" ; then
- LDFLAGS="$LDFLAGS -R${withval}/lib"
- fi
- if test ! -z "$blibpath" ; then
- blibpath="$blibpath:${withval}/lib"
- fi
- else
- if test -d /usr/include/kerberosIV ; then
- CPPFLAGS="$CPPFLAGS -I/usr/include/kerberosIV"
- fi
- fi
-
-
-for ac_header in krb.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-else
- # Is the header compilable?
-echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-$ac_includes_default
-@%:@include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_header_compiler=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_header_compiler=no
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6
-
-# Is the header present?
-echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-@%:@include <$ac_header>
-_ACEOF
-if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
- (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
- ac_status=$?
- egrep -v '^ *\+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null; then
- if test -s conftest.err; then
- ac_cpp_err=$ac_c_preproc_warn_flag
- else
- ac_cpp_err=
- fi
-else
- ac_cpp_err=yes
-fi
-if test -z "$ac_cpp_err"; then
- ac_header_preproc=yes
-else
- echo "$as_me: failed program was:" >&5
- cat conftest.$ac_ext >&5
- ac_header_preproc=no
-fi
-rm -f conftest.err conftest.$ac_ext
-echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6
-
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc in
- yes:no )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
- no:yes )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;};;
-esac
-echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
-if eval "test \"\${$as_ac_Header+set}\" = set"; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- eval "$as_ac_Header=$ac_header_preproc"
-fi
-echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
-echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
-
-fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
-fi
-
-done
-
- if test "$ac_cv_header_krb_h" != yes; then
- { echo "$as_me:$LINENO: WARNING: Cannot find krb.h, build may fail" >&5
-echo "$as_me: WARNING: Cannot find krb.h, build may fail" >&2;}
- fi
-
-echo "$as_me:$LINENO: checking for main in -lkrb" >&5
-echo $ECHO_N "checking for main in -lkrb... $ECHO_C" >&6
-if test "${ac_cv_lib_krb_main+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lkrb $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-main ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_krb_main=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_krb_main=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_krb_main" >&5
-echo "${ECHO_T}$ac_cv_lib_krb_main" >&6
-if test $ac_cv_lib_krb_main = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define HAVE_LIBKRB 1
-_ACEOF
-
- LIBS="-lkrb $LIBS"
-
-fi
-
- if test "$ac_cv_lib_krb_main" != yes; then
-
-echo "$as_me:$LINENO: checking for main in -lkrb4" >&5
-echo $ECHO_N "checking for main in -lkrb4... $ECHO_C" >&6
-if test "${ac_cv_lib_krb4_main+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lkrb4 $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-main ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_krb4_main=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_krb4_main=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_krb4_main" >&5
-echo "${ECHO_T}$ac_cv_lib_krb4_main" >&6
-if test $ac_cv_lib_krb4_main = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define HAVE_LIBKRB4 1
-_ACEOF
-
- LIBS="-lkrb4 $LIBS"
-
-fi
-
- if test "$ac_cv_lib_krb4_main" != yes; then
- { echo "$as_me:$LINENO: WARNING: Cannot find libkrb nor libkrb4, build may fail" >&5
-echo "$as_me: WARNING: Cannot find libkrb nor libkrb4, build may fail" >&2;}
- else
- KLIBS="-lkrb4"
- fi
- else
- KLIBS="-lkrb"
- fi
-
-echo "$as_me:$LINENO: checking for des_cbc_encrypt in -ldes" >&5
-echo $ECHO_N "checking for des_cbc_encrypt in -ldes... $ECHO_C" >&6
-if test "${ac_cv_lib_des_des_cbc_encrypt+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldes $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char des_cbc_encrypt ();
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-des_cbc_encrypt ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_des_des_cbc_encrypt=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_des_des_cbc_encrypt=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_des_des_cbc_encrypt" >&5
-echo "${ECHO_T}$ac_cv_lib_des_des_cbc_encrypt" >&6
-if test $ac_cv_lib_des_des_cbc_encrypt = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define HAVE_LIBDES 1
-_ACEOF
-
- LIBS="-ldes $LIBS"
-
-fi
-
- if test "$ac_cv_lib_des_des_cbc_encrypt" != yes; then
-
-echo "$as_me:$LINENO: checking for des_cbc_encrypt in -ldes425" >&5
-echo $ECHO_N "checking for des_cbc_encrypt in -ldes425... $ECHO_C" >&6
-if test "${ac_cv_lib_des425_des_cbc_encrypt+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldes425 $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char des_cbc_encrypt ();
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-des_cbc_encrypt ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_des425_des_cbc_encrypt=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_des425_des_cbc_encrypt=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_des425_des_cbc_encrypt" >&5
-echo "${ECHO_T}$ac_cv_lib_des425_des_cbc_encrypt" >&6
-if test $ac_cv_lib_des425_des_cbc_encrypt = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define HAVE_LIBDES425 1
-_ACEOF
-
- LIBS="-ldes425 $LIBS"
-
-fi
-
- if test "$ac_cv_lib_des425_des_cbc_encrypt" != yes; then
- { echo "$as_me:$LINENO: WARNING: Cannot find libdes nor libdes425, build may fail" >&5
-echo "$as_me: WARNING: Cannot find libdes nor libdes425, build may fail" >&2;}
- else
- KLIBS="-ldes425"
- fi
- else
- KLIBS="-ldes"
- fi
-
-echo "$as_me:$LINENO: checking for dn_expand in -lresolv" >&5
-echo $ECHO_N "checking for dn_expand in -lresolv... $ECHO_C" >&6
-if test "${ac_cv_lib_resolv_dn_expand+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lresolv $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* Override any gcc2 internal prototype to avoid an error. */
-#ifdef __cplusplus
-extern "C"
-#endif
-/* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
-char dn_expand ();
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
-dn_expand ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_lib_resolv_dn_expand=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-ac_cv_lib_resolv_dn_expand=no
-fi
-rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-echo "$as_me:$LINENO: result: $ac_cv_lib_resolv_dn_expand" >&5
-echo "${ECHO_T}$ac_cv_lib_resolv_dn_expand" >&6
-if test $ac_cv_lib_resolv_dn_expand = yes; then
- cat >>confdefs.h <<_ACEOF
-@%:@define HAVE_LIBRESOLV 1
-_ACEOF
-
- LIBS="-lresolv $LIBS"
-
-fi
-
- KRB4=yes
- KRB4_MSG="yes"
- cat >>confdefs.h <<\_ACEOF
-@%:@define KRB4 1
-_ACEOF
-
- fi
-
-
-fi;
-
-# Check whether user wants AFS support
-AFS_MSG="no"
-
-# Check whether --with-afs or --without-afs was given.
-if test "${with_afs+set}" = set; then
- withval="$with_afs"
-
- if test "x$withval" != "xno" ; then
-
- if test "x$withval" != "xyes" ; then
- CPPFLAGS="$CPPFLAGS -I${withval}/include"
- LDFLAGS="$LDFLAGS -L${withval}/lib"
- fi
-
- if test -z "$KRB4" ; then
- { echo "$as_me:$LINENO: WARNING: AFS requires Kerberos IV support, build may fail" >&5
-echo "$as_me: WARNING: AFS requires Kerberos IV support, build may fail" >&2;}
- fi
-
- LIBS="-lkafs $LIBS"
- if test ! -z "$AFS_LIBS" ; then
- LIBS="$LIBS $AFS_LIBS"
- fi
- cat >>confdefs.h <<\_ACEOF
-@%:@define AFS 1
-_ACEOF
-
- AFS_MSG="yes"
- fi
-
-
-fi;
-LIBS="$LIBS $KLIBS $K5LIBS"
-
-# Looking for programs, paths and files
-
-# Check whether --with-rsh or --without-rsh was given.
-if test "${with_rsh+set}" = set; then
- withval="$with_rsh"
-
- if test "x$withval" != "$no" ; then
- rsh_path=$withval
- fi
-
-else
-
- # Extract the first word of "rsh", so it can be a program name with args.
-set dummy rsh; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_rsh_path+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $rsh_path in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_rsh_path="$rsh_path" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_rsh_path="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- ;;
-esac
-fi
-rsh_path=$ac_cv_path_rsh_path
-
-if test -n "$rsh_path"; then
- echo "$as_me:$LINENO: result: $rsh_path" >&5
-echo "${ECHO_T}$rsh_path" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
-
-
-fi;
-
-PRIVSEP_PATH=/var/empty
-
-# Check whether --with-privsep-path or --without-privsep-path was given.
-if test "${with_privsep_path+set}" = set; then
- withval="$with_privsep_path"
-
- if test "x$withval" != "$no" ; then
- PRIVSEP_PATH=$withval
- fi
-
-
-fi;
-
-
-
-# Check whether --with-xauth or --without-xauth was given.
-if test "${with_xauth+set}" = set; then
- withval="$with_xauth"
-
- if test "x$withval" != "xno" ; then
- xauth_path=$withval
- fi
-
-else
-
- # Extract the first word of "xauth", so it can be a program name with args.
-set dummy xauth; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_xauth_path+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $xauth_path in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_xauth_path="$xauth_path" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH:/usr/X/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/openwin/bin
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_xauth_path="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- ;;
-esac
-fi
-xauth_path=$ac_cv_path_xauth_path
-
-if test -n "$xauth_path"; then
- echo "$as_me:$LINENO: result: $xauth_path" >&5
-echo "${ECHO_T}$xauth_path" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
- xauth_path="/usr/openwin/bin/xauth"
- fi
-
-
-fi;
-
-if test -z "$xauth_path" ; then
- XAUTH_PATH="undefined"
-
-else
- cat >>confdefs.h <<_ACEOF
-@%:@define XAUTH_PATH "$xauth_path"
-_ACEOF
-
- XAUTH_PATH=$xauth_path
-
-fi
-if test ! -z "$rsh_path" ; then
- cat >>confdefs.h <<_ACEOF
-@%:@define RSH_PATH "$rsh_path"
-_ACEOF
-
-fi
-
-# Check for mail directory (last resort if we cannot get it from headers)
-if test ! -z "$MAIL" ; then
- maildir=`dirname $MAIL`
- cat >>confdefs.h <<_ACEOF
-@%:@define MAIL_DIRECTORY "$maildir"
-_ACEOF
-
-fi
-
-if test -z "$no_dev_ptmx" ; then
- if test "x$disable_ptmx_check" != "xyes" ; then
- echo "$as_me:$LINENO: checking for \"/dev/ptmx\"" >&5
-echo $ECHO_N "checking for \"/dev/ptmx\"... $ECHO_C" >&6
-if test "${ac_cv_file___dev_ptmx_+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- test "$cross_compiling" = yes &&
- { { echo "$as_me:$LINENO: error: cannot check for file existence when cross compiling" >&5
-echo "$as_me: error: cannot check for file existence when cross compiling" >&2;}
- { (exit 1); exit 1; }; }
-if test -r ""/dev/ptmx""; then
- ac_cv_file___dev_ptmx_=yes
-else
- ac_cv_file___dev_ptmx_=no
-fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_file___dev_ptmx_" >&5
-echo "${ECHO_T}$ac_cv_file___dev_ptmx_" >&6
-if test $ac_cv_file___dev_ptmx_ = yes; then
-
- cat >>confdefs.h <<_ACEOF
-@%:@define HAVE_DEV_PTMX 1
-_ACEOF
-
- have_dev_ptmx=1
-
-
-fi
-
- fi
-fi
-echo "$as_me:$LINENO: checking for \"/dev/ptc\"" >&5
-echo $ECHO_N "checking for \"/dev/ptc\"... $ECHO_C" >&6
-if test "${ac_cv_file___dev_ptc_+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- test "$cross_compiling" = yes &&
- { { echo "$as_me:$LINENO: error: cannot check for file existence when cross compiling" >&5
-echo "$as_me: error: cannot check for file existence when cross compiling" >&2;}
- { (exit 1); exit 1; }; }
-if test -r ""/dev/ptc""; then
- ac_cv_file___dev_ptc_=yes
-else
- ac_cv_file___dev_ptc_=no
-fi
-fi
-echo "$as_me:$LINENO: result: $ac_cv_file___dev_ptc_" >&5
-echo "${ECHO_T}$ac_cv_file___dev_ptc_" >&6
-if test $ac_cv_file___dev_ptc_ = yes; then
-
- cat >>confdefs.h <<_ACEOF
-@%:@define HAVE_DEV_PTS_AND_PTC 1
-_ACEOF
-
- have_dev_ptc=1
-
-
-fi
-
-
-# Options from here on. Some of these are preset by platform above
-
-# Check whether --with-mantype or --without-mantype was given.
-if test "${with_mantype+set}" = set; then
- withval="$with_mantype"
-
- case "$withval" in
- man|cat|doc)
- MANTYPE=$withval
- ;;
- *)
- { { echo "$as_me:$LINENO: error: invalid man type: $withval" >&5
-echo "$as_me: error: invalid man type: $withval" >&2;}
- { (exit 1); exit 1; }; }
- ;;
- esac
-
-
-fi;
-if test -z "$MANTYPE"; then
- for ac_prog in nroff awf
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
-if test "${ac_cv_path_NROFF+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- case $NROFF in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_NROFF="$NROFF" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-as_dummy="/usr/bin:/usr/ucb"
-for as_dir in $as_dummy
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_NROFF="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-
- ;;
-esac
-fi
-NROFF=$ac_cv_path_NROFF
-
-if test -n "$NROFF"; then
- echo "$as_me:$LINENO: result: $NROFF" >&5
-echo "${ECHO_T}$NROFF" >&6
-else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
-fi
-
- test -n "$NROFF" && break
-done
-test -n "$NROFF" || NROFF="/bin/false"
-
- if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
- MANTYPE=doc
- elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
- MANTYPE=man
- else
- MANTYPE=cat
- fi
-fi
-
-if test "$MANTYPE" = "doc"; then
- mansubdir=man;
-else
- mansubdir=$MANTYPE;
-fi
-
-
-# Check whether to enable MD5 passwords
-MD5_MSG="no"
-
-# Check whether --with-md5-passwords or --without-md5-passwords was given.
-if test "${with_md5_passwords+set}" = set; then
- withval="$with_md5_passwords"
-
- if test "x$withval" != "xno" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAVE_MD5_PASSWORDS 1
-_ACEOF
-
- MD5_MSG="yes"
- fi
-
-
-fi;
-
-# Whether to disable shadow password support
-
-# Check whether --with-shadow or --without-shadow was given.
-if test "${with_shadow+set}" = set; then
- withval="$with_shadow"
-
- if test "x$withval" = "xno" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define DISABLE_SHADOW 1
-_ACEOF
-
- disable_shadow=yes
- fi
-
-
-fi;
-
-if test -z "$disable_shadow" ; then
- echo "$as_me:$LINENO: checking if the systems has expire shadow information" >&5
-echo $ECHO_N "checking if the systems has expire shadow information... $ECHO_C" >&6
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-#include <shadow.h>
- struct spwd sp;
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- sp_expire_available=yes
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
- if test "x$sp_expire_available" = "xyes" ; then
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
- cat >>confdefs.h <<\_ACEOF
-@%:@define HAS_SHADOW_EXPIRE 1
-_ACEOF
-
- else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- fi
-fi
-
-# Use ip address instead of hostname in $DISPLAY
-if test ! -z "$IPADDR_IN_DISPLAY" ; then
- DISPLAY_HACK_MSG="yes"
- cat >>confdefs.h <<\_ACEOF
-@%:@define IPADDR_IN_DISPLAY 1
-_ACEOF
-
-else
- DISPLAY_HACK_MSG="no"
-
-# Check whether --with-ipaddr-display or --without-ipaddr-display was given.
-if test "${with_ipaddr_display+set}" = set; then
- withval="$with_ipaddr_display"
-
- if test "x$withval" != "xno" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define IPADDR_IN_DISPLAY 1
-_ACEOF
-
- DISPLAY_HACK_MSG="yes"
- fi
-
-
-fi;
-fi
-
-if test $ac_cv_func_login_getcapbool = "yes" -a \
- $ac_cv_header_login_cap_h = "yes" ; then
- USES_LOGIN_CONF=yes
-fi
-# Whether to mess with the default path
-SERVER_PATH_MSG="(default)"
-
-# Check whether --with-default-path or --without-default-path was given.
-if test "${with_default_path+set}" = set; then
- withval="$with_default_path"
-
- if test "$USES_LOGIN_CONF" = "yes" ; then
- { echo "$as_me:$LINENO: WARNING:
---with-default-path=PATH has no effect on this system.
-Edit /etc/login.conf instead." >&5
-echo "$as_me: WARNING:
---with-default-path=PATH has no effect on this system.
-Edit /etc/login.conf instead." >&2;}
- elif test "x$withval" != "xno" ; then
- user_path="$withval"
- SERVER_PATH_MSG="$withval"
- fi
-
-else
- if test "$USES_LOGIN_CONF" = "yes" ; then
- { echo "$as_me:$LINENO: WARNING: Make sure the path to scp is in /etc/login.conf" >&5
-echo "$as_me: WARNING: Make sure the path to scp is in /etc/login.conf" >&2;}
- else
- if test "$cross_compiling" = yes; then
- user_path="/usr/bin:/bin:/usr/sbin:/sbin"
-
-else
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-/* find out what STDPATH is */
-#include <stdio.h>
-#ifdef HAVE_PATHS_H
-# include <paths.h>
-#endif
-#ifndef _PATH_STDPATH
-# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
-#endif
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#define DATA "conftest.stdpath"
-
-main()
-{
- FILE *fd;
- int rc;
-
- fd = fopen(DATA,"w");
- if(fd == NULL)
- exit(1);
-
- if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
- exit(1);
-
- exit(0);
-}
-
-_ACEOF
-rm -f conftest$ac_exeext
-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
- (eval $ac_link) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- user_path=`cat conftest.stdpath`
-else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-( exit $ac_status )
- user_path="/usr/bin:/bin:/usr/sbin:/sbin"
-fi
-rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-# make sure $bindir is in USER_PATH so scp will work
- t_bindir=`eval echo ${bindir}`
- case $t_bindir in
- NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;;
- esac
- case $t_bindir in
- NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;;
- esac
- echo $user_path | grep ":$t_bindir" > /dev/null 2>&1
- if test $? -ne 0 ; then
- echo $user_path | grep "^$t_bindir" > /dev/null 2>&1
- if test $? -ne 0 ; then
- user_path=$user_path:$t_bindir
- echo "$as_me:$LINENO: result: Adding $t_bindir to USER_PATH so scp will work" >&5
-echo "${ECHO_T}Adding $t_bindir to USER_PATH so scp will work" >&6
- fi
- fi
- fi
-
-fi;
-if test "$USES_LOGIN_CONF" != "yes" ; then
- cat >>confdefs.h <<_ACEOF
-@%:@define USER_PATH "$user_path"
-_ACEOF
-
-
-fi
-
-# Set superuser path separately to user path
-MD5_MSG="no"
-
-# Check whether --with-superuser-path or --without-superuser-path was given.
-if test "${with_superuser_path+set}" = set; then
- withval="$with_superuser_path"
-
- if test "x$withval" != "xno" ; then
- cat >>confdefs.h <<_ACEOF
-@%:@define SUPERUSER_PATH "$withval"
-_ACEOF
-
- superuser_path=$withval
- fi
-
-
-fi;
-
-
-# Whether to force IPv4 by default (needed on broken glibc Linux)
-IPV4_HACK_MSG="no"
-
-# Check whether --with-ipv4-default or --without-ipv4-default was given.
-if test "${with_ipv4_default+set}" = set; then
- withval="$with_ipv4_default"
-
- if test "x$withval" != "xno" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define IPV4_DEFAULT 1
-_ACEOF
-
- IPV4_HACK_MSG="yes"
- fi
-
-
-fi;
-
-echo "$as_me:$LINENO: checking if we need to convert IPv4 in IPv6-mapped addresses" >&5
-echo $ECHO_N "checking if we need to convert IPv4 in IPv6-mapped addresses... $ECHO_C" >&6
-IPV4_IN6_HACK_MSG="no"
-
-# Check whether --with-4in6 or --without-4in6 was given.
-if test "${with_4in6+set}" = set; then
- withval="$with_4in6"
-
- if test "x$withval" != "xno" ; then
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
- cat >>confdefs.h <<\_ACEOF
-@%:@define IPV4_IN_IPV6 1
-_ACEOF
-
- IPV4_IN6_HACK_MSG="yes"
- else
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- fi
-
-else
-
- if test "x$inet6_default_4in6" = "xyes"; then
- echo "$as_me:$LINENO: result: yes (default)" >&5
-echo "${ECHO_T}yes (default)" >&6
- cat >>confdefs.h <<\_ACEOF
-@%:@define IPV4_IN_IPV6 1
-_ACEOF
-
- IPV4_IN6_HACK_MSG="yes"
- else
- echo "$as_me:$LINENO: result: no (default)" >&5
-echo "${ECHO_T}no (default)" >&6
- fi
-
-
-fi;
-
-# Whether to enable BSD auth support
-BSD_AUTH_MSG=no
-
-# Check whether --with-bsd-auth or --without-bsd-auth was given.
-if test "${with_bsd_auth+set}" = set; then
- withval="$with_bsd_auth"
-
- if test "x$withval" != "xno" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define BSD_AUTH 1
-_ACEOF
-
- BSD_AUTH_MSG=yes
- fi
-
-
-fi;
-
-echo "$as_me:$LINENO: checking whether to install ssh as suid root" >&5
-echo $ECHO_N "checking whether to install ssh as suid root... $ECHO_C" >&6
-# Check whether --enable-suid-ssh or --disable-suid-ssh was given.
-if test "${enable_suid_ssh+set}" = set; then
- enableval="$enable_suid_ssh"
- case "$enableval" in
- no)
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- SSHMODE=0711
- ;;
- *) echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
- SSHMODE=4711
- ;;
- esac
-else
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
- SSHMODE=4711
-
-fi;
-
-
-
-# Where to place sshd.pid
-piddir=/var/run
-# make sure the directory exists
-if test ! -d $piddir ; then
- piddir=`eval echo ${sysconfdir}`
- case $piddir in
- NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
- esac
-fi
-
-
-# Check whether --with-pid-dir or --without-pid-dir was given.
-if test "${with_pid_dir+set}" = set; then
- withval="$with_pid_dir"
-
- if test "x$withval" != "xno" ; then
- piddir=$withval
- if test ! -d $piddir ; then
- { echo "$as_me:$LINENO: WARNING: ** no $piddir directory on this system **" >&5
-echo "$as_me: WARNING: ** no $piddir directory on this system **" >&2;}
- fi
- fi
-
-
-fi;
-
-cat >>confdefs.h <<_ACEOF
-@%:@define _PATH_SSH_PIDDIR "$piddir"
-_ACEOF
-
-
-
-# Check whether --enable-lastlog or --disable-lastlog was given.
-if test "${enable_lastlog+set}" = set; then
- enableval="$enable_lastlog"
- cat >>confdefs.h <<\_ACEOF
-@%:@define DISABLE_LASTLOG 1
-_ACEOF
-
-
-fi;
-# Check whether --enable-utmp or --disable-utmp was given.
-if test "${enable_utmp+set}" = set; then
- enableval="$enable_utmp"
- cat >>confdefs.h <<\_ACEOF
-@%:@define DISABLE_UTMP 1
-_ACEOF
-
-
-fi;
-# Check whether --enable-utmpx or --disable-utmpx was given.
-if test "${enable_utmpx+set}" = set; then
- enableval="$enable_utmpx"
- cat >>confdefs.h <<\_ACEOF
-@%:@define DISABLE_UTMPX 1
-_ACEOF
-
-
-fi;
-# Check whether --enable-wtmp or --disable-wtmp was given.
-if test "${enable_wtmp+set}" = set; then
- enableval="$enable_wtmp"
- cat >>confdefs.h <<\_ACEOF
-@%:@define DISABLE_WTMP 1
-_ACEOF
-
-
-fi;
-# Check whether --enable-wtmpx or --disable-wtmpx was given.
-if test "${enable_wtmpx+set}" = set; then
- enableval="$enable_wtmpx"
- cat >>confdefs.h <<\_ACEOF
-@%:@define DISABLE_WTMPX 1
-_ACEOF
-
-
-fi;
-# Check whether --enable-libutil or --disable-libutil was given.
-if test "${enable_libutil+set}" = set; then
- enableval="$enable_libutil"
- cat >>confdefs.h <<\_ACEOF
-@%:@define DISABLE_LOGIN 1
-_ACEOF
-
-
-fi;
-# Check whether --enable-pututline or --disable-pututline was given.
-if test "${enable_pututline+set}" = set; then
- enableval="$enable_pututline"
- cat >>confdefs.h <<\_ACEOF
-@%:@define DISABLE_PUTUTLINE 1
-_ACEOF
-
-
-fi;
-# Check whether --enable-pututxline or --disable-pututxline was given.
-if test "${enable_pututxline+set}" = set; then
- enableval="$enable_pututxline"
- cat >>confdefs.h <<\_ACEOF
-@%:@define DISABLE_PUTUTXLINE 1
-_ACEOF
-
-
-fi;
-
-# Check whether --with-lastlog or --without-lastlog was given.
-if test "${with_lastlog+set}" = set; then
- withval="$with_lastlog"
-
- if test "x$withval" = "xno" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define DISABLE_LASTLOG 1
-_ACEOF
-
- else
- conf_lastlog_location=$withval
- fi
-
-
-fi;
-
-
-echo "$as_me:$LINENO: checking if your system defines LASTLOG_FILE" >&5
-echo $ECHO_N "checking if your system defines LASTLOG_FILE... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-#include <utmp.h>
-#ifdef HAVE_LASTLOG_H
-# include <lastlog.h>
-#endif
-#ifdef HAVE_PATHS_H
-# include <paths.h>
-#endif
-#ifdef HAVE_LOGIN_H
-# include <login.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- char *lastlog = LASTLOG_FILE;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- echo "$as_me:$LINENO: checking if your system defines _PATH_LASTLOG" >&5
-echo $ECHO_N "checking if your system defines _PATH_LASTLOG... $ECHO_C" >&6
- cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-#include <utmp.h>
-#ifdef HAVE_LASTLOG_H
-# include <lastlog.h>
-#endif
-#ifdef HAVE_PATHS_H
-# include <paths.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- char *lastlog = _PATH_LASTLOG;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
-
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- system_lastlog_path=no
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-
-if test -z "$conf_lastlog_location"; then
- if test x"$system_lastlog_path" = x"no" ; then
- for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
- if (test -d "$f" || test -f "$f") ; then
- conf_lastlog_location=$f
- fi
- done
- if test -z "$conf_lastlog_location"; then
- { echo "$as_me:$LINENO: WARNING: ** Cannot find lastlog **" >&5
-echo "$as_me: WARNING: ** Cannot find lastlog **" >&2;}
- fi
- fi
-fi
-
-if test -n "$conf_lastlog_location"; then
- cat >>confdefs.h <<_ACEOF
-@%:@define CONF_LASTLOG_FILE "$conf_lastlog_location"
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking if your system defines UTMP_FILE" >&5
-echo $ECHO_N "checking if your system defines UTMP_FILE... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-#include <utmp.h>
-#ifdef HAVE_PATHS_H
-# include <paths.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- char *utmp = UTMP_FILE;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- system_utmp_path=no
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-if test -z "$conf_utmp_location"; then
- if test x"$system_utmp_path" = x"no" ; then
- for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
- if test -f $f ; then
- conf_utmp_location=$f
- fi
- done
- if test -z "$conf_utmp_location"; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define DISABLE_UTMP 1
-_ACEOF
-
- fi
- fi
-fi
-if test -n "$conf_utmp_location"; then
- cat >>confdefs.h <<_ACEOF
-@%:@define CONF_UTMP_FILE "$conf_utmp_location"
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking if your system defines WTMP_FILE" >&5
-echo $ECHO_N "checking if your system defines WTMP_FILE... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-#include <utmp.h>
-#ifdef HAVE_PATHS_H
-# include <paths.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- char *wtmp = WTMP_FILE;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- system_wtmp_path=no
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-if test -z "$conf_wtmp_location"; then
- if test x"$system_wtmp_path" = x"no" ; then
- for f in /usr/adm/wtmp /var/log/wtmp; do
- if test -f $f ; then
- conf_wtmp_location=$f
- fi
- done
- if test -z "$conf_wtmp_location"; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define DISABLE_WTMP 1
-_ACEOF
-
- fi
- fi
-fi
-if test -n "$conf_wtmp_location"; then
- cat >>confdefs.h <<_ACEOF
-@%:@define CONF_WTMP_FILE "$conf_wtmp_location"
-_ACEOF
-
-fi
-
-
-echo "$as_me:$LINENO: checking if your system defines UTMPX_FILE" >&5
-echo $ECHO_N "checking if your system defines UTMPX_FILE... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-#include <utmp.h>
-#ifdef HAVE_UTMPX_H
-#include <utmpx.h>
-#endif
-#ifdef HAVE_PATHS_H
-# include <paths.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- char *utmpx = UTMPX_FILE;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- system_utmpx_path=no
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-if test -z "$conf_utmpx_location"; then
- if test x"$system_utmpx_path" = x"no" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define DISABLE_UTMPX 1
-_ACEOF
-
- fi
-else
- cat >>confdefs.h <<_ACEOF
-@%:@define CONF_UTMPX_FILE "$conf_utmpx_location"
-_ACEOF
-
-fi
-
-echo "$as_me:$LINENO: checking if your system defines WTMPX_FILE" >&5
-echo $ECHO_N "checking if your system defines WTMPX_FILE... $ECHO_C" >&6
-cat >conftest.$ac_ext <<_ACEOF
-#line $LINENO "configure"
-#include "confdefs.h"
-
-#include <sys/types.h>
-#include <utmp.h>
-#ifdef HAVE_UTMPX_H
-#include <utmpx.h>
-#endif
-#ifdef HAVE_PATHS_H
-# include <paths.h>
-#endif
-
-#ifdef F77_DUMMY_MAIN
-# ifdef __cplusplus
- extern "C"
-# endif
- int F77_DUMMY_MAIN() { return 1; }
-#endif
-int
-main ()
-{
- char *wtmpx = WTMPX_FILE;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
- (eval $ac_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } &&
- { ac_try='test -s conftest.$ac_objext'
- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
- (eval $ac_try) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6
-else
- echo "$as_me: failed program was:" >&5
-cat conftest.$ac_ext >&5
- echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6
- system_wtmpx_path=no
-
-fi
-rm -f conftest.$ac_objext conftest.$ac_ext
-if test -z "$conf_wtmpx_location"; then
- if test x"$system_wtmpx_path" = x"no" ; then
- cat >>confdefs.h <<\_ACEOF
-@%:@define DISABLE_WTMPX 1
-_ACEOF
-
- fi
-else
- cat >>confdefs.h <<_ACEOF
-@%:@define CONF_WTMPX_FILE "$conf_wtmpx_location"
-_ACEOF
-
-fi
-
-
-if test ! -z "$blibpath" ; then
- LDFLAGS="$LDFLAGS -blibpath:$blibpath"
- { echo "$as_me:$LINENO: WARNING: Please check and edit -blibpath in LDFLAGS in Makefile" >&5
-echo "$as_me: WARNING: Please check and edit -blibpath in LDFLAGS in Makefile" >&2;}
-fi
-
-if test "$PAM_MSG" = yes ; then
- LIBS=`echo $LIBS | sed 's/-lpam //'`
-fi
-if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
- LIBS=`echo $LIBS | sed 's/-ldl //'`
-fi
-
-
-ac_config_files="$ac_config_files Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds"
-
-cat >confcache <<\_ACEOF
-# This file is a shell script that caches the results of configure
-# tests run on this system so they can be shared between configure
-# scripts and configure runs, see configure's option --config-cache.
-# It is not useful on other systems. If it contains results you don't
-# want to keep, you may remove or edit it.
-#
-# config.status only pays attention to the cache file if you give it
-# the --recheck option to rerun configure.
-#
-# `ac_cv_env_foo' variables (set or unset) will be overriden when
-# loading this file, other *unset* `ac_cv_foo' will be assigned the
-# following values.
-
-_ACEOF
-
-# The following way of writing the cache mishandles newlines in values,
-# but we know of no workaround that is simple, portable, and efficient.
-# So, don't put newlines in cache variables' values.
-# Ultrix sh set writes to stderr and can't be redirected directly,
-# and sets the high bit in the cache file unless we assign to the vars.
-{
- (set) 2>&1 |
- case `(ac_space=' '; set | grep ac_space) 2>&1` in
- *ac_space=\ *)
- # `set' does not quote correctly, so add quotes (double-quote
- # substitution turns \\\\ into \\, and sed turns \\ into \).
- sed -n \
- "s/'/'\\\\''/g;
- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
- ;;
- *)
- # `set' quotes correctly as required by POSIX, so do not add quotes.
- sed -n \
- "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p"
- ;;
- esac;
-} |
- sed '
- t clear
- : clear
- s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
- t end
- /^ac_cv_env/!s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
- : end' >>confcache
-if cmp -s $cache_file confcache; then :; else
- if test -w $cache_file; then
- test "x$cache_file" != "x/dev/null" && echo "updating cache $cache_file"
- cat confcache >$cache_file
- else
- echo "not updating unwritable cache $cache_file"
- fi
-fi
-rm -f confcache
-
-test "x$prefix" = xNONE && prefix=$ac_default_prefix
-# Let make expand exec_prefix.
-test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
-
-# VPATH may cause trouble with some makes, so we remove $(srcdir),
-# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and
-# trailing colons and then remove the whole line if VPATH becomes empty
-# (actually we leave an empty line to preserve line numbers).
-if test "x$srcdir" = x.; then
- ac_vpsub='/^[ ]*VPATH[ ]*=/{
-s/:*\$(srcdir):*/:/;
-s/:*\${srcdir}:*/:/;
-s/:*@srcdir@:*/:/;
-s/^\([^=]*=[ ]*\):*/\1/;
-s/:*$//;
-s/^[^=]*=[ ]*$//;
-}'
-fi
-
-DEFS=-DHAVE_CONFIG_H
-
-
-: ${CONFIG_STATUS=./config.status}
-ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files $CONFIG_STATUS"
-{ echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5
-echo "$as_me: creating $CONFIG_STATUS" >&6;}
-cat >$CONFIG_STATUS <<_ACEOF
-#! $SHELL
-# Generated by $as_me.
-# Run this file to recreate the current configuration.
-# Compiler output produced by configure, useful for debugging
-# configure, is in config.log if it exists.
-
-debug=false
-SHELL=\${CONFIG_SHELL-$SHELL}
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF
-
-## --------------------- ##
-## M4sh Initialization. ##
-## --------------------- ##
-
-# Be Bourne compatible
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
- emulate sh
- NULLCMD=:
-elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
- set -o posix
-fi
-
-# NLS nuisances.
-# Support unset when possible.
-if (FOO=FOO; unset FOO) >/dev/null 2>&1; then
- as_unset=unset
-else
- as_unset=false
-fi
-
-(set +x; test -n "`(LANG=C; export LANG) 2>&1`") &&
- { $as_unset LANG || test "${LANG+set}" != set; } ||
- { LANG=C; export LANG; }
-(set +x; test -n "`(LC_ALL=C; export LC_ALL) 2>&1`") &&
- { $as_unset LC_ALL || test "${LC_ALL+set}" != set; } ||
- { LC_ALL=C; export LC_ALL; }
-(set +x; test -n "`(LC_TIME=C; export LC_TIME) 2>&1`") &&
- { $as_unset LC_TIME || test "${LC_TIME+set}" != set; } ||
- { LC_TIME=C; export LC_TIME; }
-(set +x; test -n "`(LC_CTYPE=C; export LC_CTYPE) 2>&1`") &&
- { $as_unset LC_CTYPE || test "${LC_CTYPE+set}" != set; } ||
- { LC_CTYPE=C; export LC_CTYPE; }
-(set +x; test -n "`(LANGUAGE=C; export LANGUAGE) 2>&1`") &&
- { $as_unset LANGUAGE || test "${LANGUAGE+set}" != set; } ||
- { LANGUAGE=C; export LANGUAGE; }
-(set +x; test -n "`(LC_COLLATE=C; export LC_COLLATE) 2>&1`") &&
- { $as_unset LC_COLLATE || test "${LC_COLLATE+set}" != set; } ||
- { LC_COLLATE=C; export LC_COLLATE; }
-(set +x; test -n "`(LC_NUMERIC=C; export LC_NUMERIC) 2>&1`") &&
- { $as_unset LC_NUMERIC || test "${LC_NUMERIC+set}" != set; } ||
- { LC_NUMERIC=C; export LC_NUMERIC; }
-(set +x; test -n "`(LC_MESSAGES=C; export LC_MESSAGES) 2>&1`") &&
- { $as_unset LC_MESSAGES || test "${LC_MESSAGES+set}" != set; } ||
- { LC_MESSAGES=C; export LC_MESSAGES; }
-
-
-# Name of the executable.
-as_me=`(basename "$0") 2>/dev/null ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
- X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)$' \| \
- . : '\(.\)' 2>/dev/null ||
-echo X/"$0" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; }
- /^X\/\(\/\/\)$/{ s//\1/; q; }
- /^X\/\(\/\).*/{ s//\1/; q; }
- s/.*/./; q'`
-
-# PATH needs CR, and LINENO needs CR and PATH.
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
- echo "#! /bin/sh" >conftest.sh
- echo "exit 0" >>conftest.sh
- chmod +x conftest.sh
- if (PATH=".;."; conftest.sh) >/dev/null 2>&1; then
- PATH_SEPARATOR=';'
- else
- PATH_SEPARATOR=:
- fi
- rm -f conftest.sh
-fi
-
-
- as_lineno_1=$LINENO
- as_lineno_2=$LINENO
- as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
- test "x$as_lineno_1" != "x$as_lineno_2" &&
- test "x$as_lineno_3" = "x$as_lineno_2" || {
- # Find who we are. Look in the path if we contain no path at all
- # relative or not.
- case $0 in
- *[\\/]* ) as_myself=$0 ;;
- *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
-done
-
- ;;
- esac
- # We did not find ourselves, most probably we were run as `sh COMMAND'
- # in which case we are not to be found in the path.
- if test "x$as_myself" = x; then
- as_myself=$0
- fi
- if test ! -f "$as_myself"; then
- { { echo "$as_me:$LINENO: error: cannot find myself; rerun with an absolute path" >&5
-echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2;}
- { (exit 1); exit 1; }; }
- fi
- case $CONFIG_SHELL in
- '')
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for as_base in sh bash ksh sh5; do
- case $as_dir in
- /*)
- if ("$as_dir/$as_base" -c '
- as_lineno_1=$LINENO
- as_lineno_2=$LINENO
- as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
- test "x$as_lineno_1" != "x$as_lineno_2" &&
- test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then
- CONFIG_SHELL=$as_dir/$as_base
- export CONFIG_SHELL
- exec "$CONFIG_SHELL" "$0" ${1+"$@"}
- fi;;
- esac
- done
-done
-;;
- esac
-
- # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
- # uniformly replaced by the line number. The first 'sed' inserts a
- # line-number line before each line; the second 'sed' does the real
- # work. The second script uses 'N' to pair each line-number line
- # with the numbered line, and appends trailing '-' during
- # substitution so that $LINENO is not a special case at line end.
- # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
- # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-)
- sed '=' <$as_myself |
- sed '
- N
- s,$,-,
- : loop
- s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3,
- t loop
- s,-$,,
- s,^['$as_cr_digits']*\n,,
- ' >$as_me.lineno &&
- chmod +x $as_me.lineno ||
- { { echo "$as_me:$LINENO: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&5
-echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2;}
- { (exit 1); exit 1; }; }
-
- # Don't try to exec as it changes $[0], causing all sort of problems
- # (the dirname of $[0] is not the place where we might find the
- # original and so on. Autoconf is especially sensible to this).
- . ./$as_me.lineno
- # Exit status is that of the last command.
- exit
-}
-
-
-case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in
- *c*,-n*) ECHO_N= ECHO_C='
-' ECHO_T=' ' ;;
- *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;;
- *) ECHO_N= ECHO_C='\c' ECHO_T= ;;
-esac
-
-if expr a : '\(a\)' >/dev/null 2>&1; then
- as_expr=expr
-else
- as_expr=false
-fi
-
-rm -f conf$$ conf$$.exe conf$$.file
-echo >conf$$.file
-if ln -s conf$$.file conf$$ 2>/dev/null; then
- # We could just check for DJGPP; but this test a) works b) is more generic
- # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04).
- if test -f conf$$.exe; then
- # Don't use ln at all; we don't have any links
- as_ln_s='cp -p'
- else
- as_ln_s='ln -s'
- fi
-elif ln conf$$.file conf$$ 2>/dev/null; then
- as_ln_s=ln
-else
- as_ln_s='cp -p'
-fi
-rm -f conf$$ conf$$.exe conf$$.file
-
-as_executable_p="test -f"
-
-# Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="sed y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g"
-
-# Sed expression to map a string onto a valid variable name.
-as_tr_sh="sed y%*+%pp%;s%[^_$as_cr_alnum]%_%g"
-
-
-# IFS
-# We need space, tab and new line, in precisely that order.
-as_nl='
-'
-IFS=" $as_nl"
-
-# CDPATH.
-$as_unset CDPATH || test "${CDPATH+set}" != set || { CDPATH=$PATH_SEPARATOR; export CDPATH; }
-
-exec 6>&1
-
-# Open the log real soon, to keep \$[0] and so on meaningful, and to
-# report actual input values of CONFIG_FILES etc. instead of their
-# values after options handling. Logging --version etc. is OK.
-exec 5>>config.log
-{
- echo
- sed 'h;s/./-/g;s/^.../@%:@@%:@ /;s/...$/ @%:@@%:@/;p;x;p;x' <<_ASBOX
-@%:@@%:@ Running $as_me. @%:@@%:@
-_ASBOX
-} >&5
-cat >&5 <<_CSEOF
-
-This file was extended by $as_me, which was
-generated by GNU Autoconf 2.53. Invocation command line was
-
- CONFIG_FILES = $CONFIG_FILES
- CONFIG_HEADERS = $CONFIG_HEADERS
- CONFIG_LINKS = $CONFIG_LINKS
- CONFIG_COMMANDS = $CONFIG_COMMANDS
- $ $0 $@
-
-_CSEOF
-echo "on `(hostname || uname -n) 2>/dev/null | sed 1q`" >&5
-echo >&5
-_ACEOF
-
-# Files that config.status was made for.
-if test -n "$ac_config_files"; then
- echo "config_files=\"$ac_config_files\"" >>$CONFIG_STATUS
-fi
-
-if test -n "$ac_config_headers"; then
- echo "config_headers=\"$ac_config_headers\"" >>$CONFIG_STATUS
-fi
-
-if test -n "$ac_config_links"; then
- echo "config_links=\"$ac_config_links\"" >>$CONFIG_STATUS
-fi
-
-if test -n "$ac_config_commands"; then
- echo "config_commands=\"$ac_config_commands\"" >>$CONFIG_STATUS
-fi
-
-cat >>$CONFIG_STATUS <<\_ACEOF
-
-ac_cs_usage="\
-\`$as_me' instantiates files from templates according to the
-current configuration.
-
-Usage: $0 [OPTIONS] [FILE]...
-
- -h, --help print this help, then exit
- -V, --version print version number, then exit
- -d, --debug don't remove temporary files
- --recheck update $as_me by reconfiguring in the same conditions
- --file=FILE[:TEMPLATE]
- instantiate the configuration file FILE
- --header=FILE[:TEMPLATE]
- instantiate the configuration header FILE
-
-Configuration files:
-$config_files
-
-Configuration headers:
-$config_headers
-
-Report bugs to <bug-autoconf@gnu.org>."
-_ACEOF
-
-cat >>$CONFIG_STATUS <<_ACEOF
-ac_cs_version="\\
-config.status
-configured by $0, generated by GNU Autoconf 2.53,
- with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
-
-Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001
-Free Software Foundation, Inc.
-This config.status script is free software; the Free Software Foundation
-gives unlimited permission to copy, distribute and modify it."
-srcdir=$srcdir
-INSTALL="$INSTALL"
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF
-# If no file are specified by the user, then we need to provide default
-# value. By we need to know if files were specified by the user.
-ac_need_defaults=:
-while test $# != 0
-do
- case $1 in
- --*=*)
- ac_option=`expr "x$1" : 'x\([^=]*\)='`
- ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'`
- shift
- set dummy "$ac_option" "$ac_optarg" ${1+"$@"}
- shift
- ;;
- -*);;
- *) # This is not an option, so the user has probably given explicit
- # arguments.
- ac_need_defaults=false;;
- esac
-
- case $1 in
- # Handling of the options.
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF
- -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
- echo "running $SHELL $0 " $ac_configure_args " --no-create --no-recursion"
- exec $SHELL $0 $ac_configure_args --no-create --no-recursion ;;
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
- --version | --vers* | -V )
- echo "$ac_cs_version"; exit 0 ;;
- --he | --h)
- # Conflict between --help and --header
- { { echo "$as_me:$LINENO: error: ambiguous option: $1
-Try \`$0 --help' for more information." >&5
-echo "$as_me: error: ambiguous option: $1
-Try \`$0 --help' for more information." >&2;}
- { (exit 1); exit 1; }; };;
- --help | --hel | -h )
- echo "$ac_cs_usage"; exit 0 ;;
- --debug | --d* | -d )
- debug=: ;;
- --file | --fil | --fi | --f )
- shift
- CONFIG_FILES="$CONFIG_FILES $1"
- ac_need_defaults=false;;
- --header | --heade | --head | --hea )
- shift
- CONFIG_HEADERS="$CONFIG_HEADERS $1"
- ac_need_defaults=false;;
-
- # This is an error.
- -*) { { echo "$as_me:$LINENO: error: unrecognized option: $1
-Try \`$0 --help' for more information." >&5
-echo "$as_me: error: unrecognized option: $1
-Try \`$0 --help' for more information." >&2;}
- { (exit 1); exit 1; }; } ;;
-
- *) ac_config_targets="$ac_config_targets $1" ;;
-
- esac
- shift
-done
-
-_ACEOF
-
-
-
-
-
-cat >>$CONFIG_STATUS <<\_ACEOF
-for ac_config_target in $ac_config_targets
-do
- case "$ac_config_target" in
- # Handling of arguments.
- "Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile" ;;
- "openbsd-compat/Makefile" ) CONFIG_FILES="$CONFIG_FILES openbsd-compat/Makefile" ;;
- "scard/Makefile" ) CONFIG_FILES="$CONFIG_FILES scard/Makefile" ;;
- "ssh_prng_cmds" ) CONFIG_FILES="$CONFIG_FILES ssh_prng_cmds" ;;
- "config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
- *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
-echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
- { (exit 1); exit 1; }; };;
- esac
-done
-
-# If the user did not use the arguments to specify the items to instantiate,
-# then the envvar interface is used. Set only those that are not.
-# We use the long form for the default assignment because of an extremely
-# bizarre bug on SunOS 4.1.3.
-if $ac_need_defaults; then
- test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
- test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
-fi
-
-# Create a temporary directory, and hook for its removal unless debugging.
-$debug ||
-{
- trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0
- trap '{ (exit 1); exit 1; }' 1 2 13 15
-}
-
-# Create a (secure) tmp directory for tmp files.
-: ${TMPDIR=/tmp}
-{
- tmp=`(umask 077 && mktemp -d -q "$TMPDIR/csXXXXXX") 2>/dev/null` &&
- test -n "$tmp" && test -d "$tmp"
-} ||
-{
- tmp=$TMPDIR/cs$$-$RANDOM
- (umask 077 && mkdir $tmp)
-} ||
-{
- echo "$me: cannot create a temporary directory in $TMPDIR" >&2
- { (exit 1); exit 1; }
-}
-
-_ACEOF
-
-cat >>$CONFIG_STATUS <<_ACEOF
-
-#
-# CONFIG_FILES section.
-#
-
-# No need to generate the scripts if there are no CONFIG_FILES.
-# This happens for instance when ./config.status config.h
-if test -n "\$CONFIG_FILES"; then
- # Protect against being on the right side of a sed subst in config.status.
- sed 's/,@/@@/; s/@,/@@/; s/,;t t\$/@;t t/; /@;t t\$/s/[\\\\&,]/\\\\&/g;
- s/@@/,@/; s/@@/@,/; s/@;t t\$/,;t t/' >\$tmp/subs.sed <<\\CEOF
-s,@SHELL@,$SHELL,;t t
-s,@PATH_SEPARATOR@,$PATH_SEPARATOR,;t t
-s,@PACKAGE_NAME@,$PACKAGE_NAME,;t t
-s,@PACKAGE_TARNAME@,$PACKAGE_TARNAME,;t t
-s,@PACKAGE_VERSION@,$PACKAGE_VERSION,;t t
-s,@PACKAGE_STRING@,$PACKAGE_STRING,;t t
-s,@PACKAGE_BUGREPORT@,$PACKAGE_BUGREPORT,;t t
-s,@exec_prefix@,$exec_prefix,;t t
-s,@prefix@,$prefix,;t t
-s,@program_transform_name@,$program_transform_name,;t t
-s,@bindir@,$bindir,;t t
-s,@sbindir@,$sbindir,;t t
-s,@libexecdir@,$libexecdir,;t t
-s,@datadir@,$datadir,;t t
-s,@sysconfdir@,$sysconfdir,;t t
-s,@sharedstatedir@,$sharedstatedir,;t t
-s,@localstatedir@,$localstatedir,;t t
-s,@libdir@,$libdir,;t t
-s,@includedir@,$includedir,;t t
-s,@oldincludedir@,$oldincludedir,;t t
-s,@infodir@,$infodir,;t t
-s,@mandir@,$mandir,;t t
-s,@build_alias@,$build_alias,;t t
-s,@host_alias@,$host_alias,;t t
-s,@target_alias@,$target_alias,;t t
-s,@DEFS@,$DEFS,;t t
-s,@ECHO_C@,$ECHO_C,;t t
-s,@ECHO_N@,$ECHO_N,;t t
-s,@ECHO_T@,$ECHO_T,;t t
-s,@LIBS@,$LIBS,;t t
-s,@CC@,$CC,;t t
-s,@CFLAGS@,$CFLAGS,;t t
-s,@LDFLAGS@,$LDFLAGS,;t t
-s,@CPPFLAGS@,$CPPFLAGS,;t t
-s,@ac_ct_CC@,$ac_ct_CC,;t t
-s,@EXEEXT@,$EXEEXT,;t t
-s,@OBJEXT@,$OBJEXT,;t t
-s,@build@,$build,;t t
-s,@build_cpu@,$build_cpu,;t t
-s,@build_vendor@,$build_vendor,;t t
-s,@build_os@,$build_os,;t t
-s,@host@,$host,;t t
-s,@host_cpu@,$host_cpu,;t t
-s,@host_vendor@,$host_vendor,;t t
-s,@host_os@,$host_os,;t t
-s,@CPP@,$CPP,;t t
-s,@RANLIB@,$RANLIB,;t t
-s,@ac_ct_RANLIB@,$ac_ct_RANLIB,;t t
-s,@INSTALL_PROGRAM@,$INSTALL_PROGRAM,;t t
-s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t
-s,@INSTALL_DATA@,$INSTALL_DATA,;t t
-s,@AR@,$AR,;t t
-s,@PERL@,$PERL,;t t
-s,@ENT@,$ENT,;t t
-s,@FILEPRIV@,$FILEPRIV,;t t
-s,@TEST_MINUS_S_SH@,$TEST_MINUS_S_SH,;t t
-s,@SH@,$SH,;t t
-s,@LOGIN_PROGRAM_FALLBACK@,$LOGIN_PROGRAM_FALLBACK,;t t
-s,@LD@,$LD,;t t
-s,@LIBWRAP@,$LIBWRAP,;t t
-s,@LIBPAM@,$LIBPAM,;t t
-s,@INSTALL_SSH_RAND_HELPER@,$INSTALL_SSH_RAND_HELPER,;t t
-s,@PROG_LS@,$PROG_LS,;t t
-s,@PROG_NETSTAT@,$PROG_NETSTAT,;t t
-s,@PROG_ARP@,$PROG_ARP,;t t
-s,@PROG_IFCONFIG@,$PROG_IFCONFIG,;t t
-s,@PROG_JSTAT@,$PROG_JSTAT,;t t
-s,@PROG_PS@,$PROG_PS,;t t
-s,@PROG_SAR@,$PROG_SAR,;t t
-s,@PROG_W@,$PROG_W,;t t
-s,@PROG_WHO@,$PROG_WHO,;t t
-s,@PROG_LAST@,$PROG_LAST,;t t
-s,@PROG_LASTLOG@,$PROG_LASTLOG,;t t
-s,@PROG_DF@,$PROG_DF,;t t
-s,@PROG_VMSTAT@,$PROG_VMSTAT,;t t
-s,@PROG_UPTIME@,$PROG_UPTIME,;t t
-s,@PROG_IPCS@,$PROG_IPCS,;t t
-s,@PROG_TAIL@,$PROG_TAIL,;t t
-s,@INSTALL_SSH_PRNG_CMDS@,$INSTALL_SSH_PRNG_CMDS,;t t
-s,@NO_SFTP@,$NO_SFTP,;t t
-s,@OPENSC_CONFIG@,$OPENSC_CONFIG,;t t
-s,@rsh_path@,$rsh_path,;t t
-s,@PRIVSEP_PATH@,$PRIVSEP_PATH,;t t
-s,@xauth_path@,$xauth_path,;t t
-s,@XAUTH_PATH@,$XAUTH_PATH,;t t
-s,@NROFF@,$NROFF,;t t
-s,@MANTYPE@,$MANTYPE,;t t
-s,@mansubdir@,$mansubdir,;t t
-s,@user_path@,$user_path,;t t
-s,@SSHMODE@,$SSHMODE,;t t
-s,@piddir@,$piddir,;t t
-CEOF
-
-_ACEOF
-
- cat >>$CONFIG_STATUS <<\_ACEOF
- # Split the substitutions into bite-sized pieces for seds with
- # small command number limits, like on Digital OSF/1 and HP-UX.
- ac_max_sed_lines=48
- ac_sed_frag=1 # Number of current file.
- ac_beg=1 # First line for current file.
- ac_end=$ac_max_sed_lines # Line after last line for current file.
- ac_more_lines=:
- ac_sed_cmds=
- while $ac_more_lines; do
- if test $ac_beg -gt 1; then
- sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag
- else
- sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag
- fi
- if test ! -s $tmp/subs.frag; then
- ac_more_lines=false
- else
- # The purpose of the label and of the branching condition is to
- # speed up the sed processing (if there are no `@' at all, there
- # is no need to browse any of the substitutions).
- # These are the two extra sed commands mentioned above.
- (echo ':t
- /@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed
- if test -z "$ac_sed_cmds"; then
- ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed"
- else
- ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed"
- fi
- ac_sed_frag=`expr $ac_sed_frag + 1`
- ac_beg=$ac_end
- ac_end=`expr $ac_end + $ac_max_sed_lines`
- fi
- done
- if test -z "$ac_sed_cmds"; then
- ac_sed_cmds=cat
- fi
-fi # test -n "$CONFIG_FILES"
-
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
-for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue
- # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
- case $ac_file in
- - | *:- | *:-:* ) # input from stdin
- cat >$tmp/stdin
- ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
- ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
- *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
- ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
- * ) ac_file_in=$ac_file.in ;;
- esac
-
- # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories.
- ac_dir=`(dirname "$ac_file") 2>/dev/null ||
-$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$ac_file" : 'X\(//\)[^/]' \| \
- X"$ac_file" : 'X\(//\)$' \| \
- X"$ac_file" : 'X\(/\)' \| \
- . : '\(.\)' 2>/dev/null ||
-echo X"$ac_file" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
- /^X\(\/\/\)[^/].*/{ s//\1/; q; }
- /^X\(\/\/\)$/{ s//\1/; q; }
- /^X\(\/\).*/{ s//\1/; q; }
- s/.*/./; q'`
- { case "$ac_dir" in
- [\\/]* | ?:[\\/]* ) as_incr_dir=;;
- *) as_incr_dir=.;;
-esac
-as_dummy="$ac_dir"
-for as_mkdir_dir in `IFS='/\\'; set X $as_dummy; shift; echo "$@"`; do
- case $as_mkdir_dir in
- # Skip DOS drivespec
- ?:) as_incr_dir=$as_mkdir_dir ;;
- *)
- as_incr_dir=$as_incr_dir/$as_mkdir_dir
- test -d "$as_incr_dir" ||
- mkdir "$as_incr_dir" ||
- { { echo "$as_me:$LINENO: error: cannot create \"$ac_dir\"" >&5
-echo "$as_me: error: cannot create \"$ac_dir\"" >&2;}
- { (exit 1); exit 1; }; }
- ;;
- esac
-done; }
-
- ac_builddir=.
-
-if test "$ac_dir" != .; then
- ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
- # A "../" for each directory in $ac_dir_suffix.
- ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
-else
- ac_dir_suffix= ac_top_builddir=
-fi
-
-case $srcdir in
- .) # No --srcdir option. We are building in place.
- ac_srcdir=.
- if test -z "$ac_top_builddir"; then
- ac_top_srcdir=.
- else
- ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
- fi ;;
- [\\/]* | ?:[\\/]* ) # Absolute path.
- ac_srcdir=$srcdir$ac_dir_suffix;
- ac_top_srcdir=$srcdir ;;
- *) # Relative path.
- ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
- ac_top_srcdir=$ac_top_builddir$srcdir ;;
-esac
-# Don't blindly perform a `cd "$ac_dir"/$ac_foo && pwd` since $ac_foo can be
-# absolute.
-ac_abs_builddir=`cd "$ac_dir" && cd $ac_builddir && pwd`
-ac_abs_top_builddir=`cd "$ac_dir" && cd $ac_top_builddir && pwd`
-ac_abs_srcdir=`cd "$ac_dir" && cd $ac_srcdir && pwd`
-ac_abs_top_srcdir=`cd "$ac_dir" && cd $ac_top_srcdir && pwd`
-
-
- case $INSTALL in
- [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
- *) ac_INSTALL=$ac_top_builddir$INSTALL ;;
- esac
-
- if test x"$ac_file" != x-; then
- { echo "$as_me:$LINENO: creating $ac_file" >&5
-echo "$as_me: creating $ac_file" >&6;}
- rm -f "$ac_file"
- fi
- # Let's still pretend it is `configure' which instantiates (i.e., don't
- # use $as_me), people would be surprised to read:
- # /* config.h. Generated by config.status. */
- if test x"$ac_file" = x-; then
- configure_input=
- else
- configure_input="$ac_file. "
- fi
- configure_input=$configure_input"Generated from `echo $ac_file_in |
- sed 's,.*/,,'` by configure."
-
- # First look for the input files in the build tree, otherwise in the
- # src tree.
- ac_file_inputs=`IFS=:
- for f in $ac_file_in; do
- case $f in
- -) echo $tmp/stdin ;;
- [\\/$]*)
- # Absolute (can't be DOS-style, as IFS=:)
- test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
-echo "$as_me: error: cannot find input file: $f" >&2;}
- { (exit 1); exit 1; }; }
- echo $f;;
- *) # Relative
- if test -f "$f"; then
- # Build tree
- echo $f
- elif test -f "$srcdir/$f"; then
- # Source tree
- echo $srcdir/$f
- else
- # /dev/null tree
- { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
-echo "$as_me: error: cannot find input file: $f" >&2;}
- { (exit 1); exit 1; }; }
- fi;;
- esac
- done` || { (exit 1); exit 1; }
-_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF
- sed "$ac_vpsub
-$extrasub
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
-:t
-/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
-s,@configure_input@,$configure_input,;t t
-s,@srcdir@,$ac_srcdir,;t t
-s,@abs_srcdir@,$ac_abs_srcdir,;t t
-s,@top_srcdir@,$ac_top_srcdir,;t t
-s,@abs_top_srcdir@,$ac_abs_top_srcdir,;t t
-s,@builddir@,$ac_builddir,;t t
-s,@abs_builddir@,$ac_abs_builddir,;t t
-s,@top_builddir@,$ac_top_builddir,;t t
-s,@abs_top_builddir@,$ac_abs_top_builddir,;t t
-s,@INSTALL@,$ac_INSTALL,;t t
-" $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out
- rm -f $tmp/stdin
- if test x"$ac_file" != x-; then
- mv $tmp/out $ac_file
- else
- cat $tmp/out
- rm -f $tmp/out
- fi
-
-done
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
-
-#
-# CONFIG_HEADER section.
-#
-
-# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where
-# NAME is the cpp macro being defined and VALUE is the value it is being given.
-#
-# ac_d sets the value in "#define NAME VALUE" lines.
-ac_dA='s,^\([ ]*\)#\([ ]*define[ ][ ]*\)'
-ac_dB='[ ].*$,\1#\2'
-ac_dC=' '
-ac_dD=',;t'
-# ac_u turns "#undef NAME" without trailing blanks into "#define NAME VALUE".
-ac_uA='s,^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)'
-ac_uB='$,\1#\2define\3'
-ac_uC=' '
-ac_uD=',;t'
-
-for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue
- # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
- case $ac_file in
- - | *:- | *:-:* ) # input from stdin
- cat >$tmp/stdin
- ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
- ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
- *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
- ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
- * ) ac_file_in=$ac_file.in ;;
- esac
-
- test x"$ac_file" != x- && { echo "$as_me:$LINENO: creating $ac_file" >&5
-echo "$as_me: creating $ac_file" >&6;}
-
- # First look for the input files in the build tree, otherwise in the
- # src tree.
- ac_file_inputs=`IFS=:
- for f in $ac_file_in; do
- case $f in
- -) echo $tmp/stdin ;;
- [\\/$]*)
- # Absolute (can't be DOS-style, as IFS=:)
- test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
-echo "$as_me: error: cannot find input file: $f" >&2;}
- { (exit 1); exit 1; }; }
- echo $f;;
- *) # Relative
- if test -f "$f"; then
- # Build tree
- echo $f
- elif test -f "$srcdir/$f"; then
- # Source tree
- echo $srcdir/$f
- else
- # /dev/null tree
- { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
-echo "$as_me: error: cannot find input file: $f" >&2;}
- { (exit 1); exit 1; }; }
- fi;;
- esac
- done` || { (exit 1); exit 1; }
- # Remove the trailing spaces.
- sed 's/[ ]*$//' $ac_file_inputs >$tmp/in
-
-_ACEOF
-
-# Transform confdefs.h into two sed scripts, `conftest.defines' and
-# `conftest.undefs', that substitutes the proper values into
-# config.h.in to produce config.h. The first handles `#define'
-# templates, and the second `#undef' templates.
-# And first: Protect against being on the right side of a sed subst in
-# config.status. Protect against being in an unquoted here document
-# in config.status.
-rm -f conftest.defines conftest.undefs
-# Using a here document instead of a string reduces the quoting nightmare.
-# Putting comments in sed scripts is not portable.
-#
-# `end' is used to avoid that the second main sed command (meant for
-# 0-ary CPP macros) applies to n-ary macro definitions.
-# See the Autoconf documentation for `clear'.
-cat >confdef2sed.sed <<\_ACEOF
-s/[\\&,]/\\&/g
-s,[\\$`],\\&,g
-t clear
-: clear
-s,^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*\)\(([^)]*)\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1\2${ac_dC}\3${ac_dD},gp
-t end
-s,^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD},gp
-: end
-_ACEOF
-# If some macros were called several times there might be several times
-# the same #defines, which is useless. Nevertheless, we may not want to
-# sort them, since we want the *last* AC-DEFINE to be honored.
-uniq confdefs.h | sed -n -f confdef2sed.sed >conftest.defines
-sed 's/ac_d/ac_u/g' conftest.defines >conftest.undefs
-rm -f confdef2sed.sed
-
-# This sed command replaces #undef with comments. This is necessary, for
-# example, in the case of _POSIX_SOURCE, which is predefined and required
-# on some systems where configure will not decide to define it.
-cat >>conftest.undefs <<\_ACEOF
-s,^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*,/* & */,
-_ACEOF
-
-# Break up conftest.defines because some shells have a limit on the size
-# of here documents, and old seds have small limits too (100 cmds).
-echo ' # Handle all the #define templates only if necessary.' >>$CONFIG_STATUS
-echo ' if egrep "^[ ]*#[ ]*define" $tmp/in >/dev/null; then' >>$CONFIG_STATUS
-echo ' # If there are no defines, we may have an empty if/fi' >>$CONFIG_STATUS
-echo ' :' >>$CONFIG_STATUS
-rm -f conftest.tail
-while grep . conftest.defines >/dev/null
-do
- # Write a limited-size here document to $tmp/defines.sed.
- echo ' cat >$tmp/defines.sed <<CEOF' >>$CONFIG_STATUS
- # Speed up: don't consider the non `#define' lines.
- echo '/^[ ]*#[ ]*define/!b' >>$CONFIG_STATUS
- # Work around the forget-to-reset-the-flag bug.
- echo 't clr' >>$CONFIG_STATUS
- echo ': clr' >>$CONFIG_STATUS
- sed ${ac_max_here_lines}q conftest.defines >>$CONFIG_STATUS
- echo 'CEOF
- sed -f $tmp/defines.sed $tmp/in >$tmp/out
- rm -f $tmp/in
- mv $tmp/out $tmp/in
-' >>$CONFIG_STATUS
- sed 1,${ac_max_here_lines}d conftest.defines >conftest.tail
- rm -f conftest.defines
- mv conftest.tail conftest.defines
-done
-rm -f conftest.defines
-echo ' fi # egrep' >>$CONFIG_STATUS
-echo >>$CONFIG_STATUS
-
-# Break up conftest.undefs because some shells have a limit on the size
-# of here documents, and old seds have small limits too (100 cmds).
-echo ' # Handle all the #undef templates' >>$CONFIG_STATUS
-rm -f conftest.tail
-while grep . conftest.undefs >/dev/null
-do
- # Write a limited-size here document to $tmp/undefs.sed.
- echo ' cat >$tmp/undefs.sed <<CEOF' >>$CONFIG_STATUS
- # Speed up: don't consider the non `#undef'
- echo '/^[ ]*#[ ]*undef/!b' >>$CONFIG_STATUS
- # Work around the forget-to-reset-the-flag bug.
- echo 't clr' >>$CONFIG_STATUS
- echo ': clr' >>$CONFIG_STATUS
- sed ${ac_max_here_lines}q conftest.undefs >>$CONFIG_STATUS
- echo 'CEOF
- sed -f $tmp/undefs.sed $tmp/in >$tmp/out
- rm -f $tmp/in
- mv $tmp/out $tmp/in
-' >>$CONFIG_STATUS
- sed 1,${ac_max_here_lines}d conftest.undefs >conftest.tail
- rm -f conftest.undefs
- mv conftest.tail conftest.undefs
-done
-rm -f conftest.undefs
-
-cat >>$CONFIG_STATUS <<\_ACEOF
- # Let's still pretend it is `configure' which instantiates (i.e., don't
- # use $as_me), people would be surprised to read:
- # /* config.h. Generated by config.status. */
- if test x"$ac_file" = x-; then
- echo "/* Generated by configure. */" >$tmp/config.h
- else
- echo "/* $ac_file. Generated by configure. */" >$tmp/config.h
- fi
- cat $tmp/in >>$tmp/config.h
- rm -f $tmp/in
- if test x"$ac_file" != x-; then
- if cmp -s $ac_file $tmp/config.h 2>/dev/null; then
- { echo "$as_me:$LINENO: $ac_file is unchanged" >&5
-echo "$as_me: $ac_file is unchanged" >&6;}
- else
- ac_dir=`(dirname "$ac_file") 2>/dev/null ||
-$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$ac_file" : 'X\(//\)[^/]' \| \
- X"$ac_file" : 'X\(//\)$' \| \
- X"$ac_file" : 'X\(/\)' \| \
- . : '\(.\)' 2>/dev/null ||
-echo X"$ac_file" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
- /^X\(\/\/\)[^/].*/{ s//\1/; q; }
- /^X\(\/\/\)$/{ s//\1/; q; }
- /^X\(\/\).*/{ s//\1/; q; }
- s/.*/./; q'`
- { case "$ac_dir" in
- [\\/]* | ?:[\\/]* ) as_incr_dir=;;
- *) as_incr_dir=.;;
-esac
-as_dummy="$ac_dir"
-for as_mkdir_dir in `IFS='/\\'; set X $as_dummy; shift; echo "$@"`; do
- case $as_mkdir_dir in
- # Skip DOS drivespec
- ?:) as_incr_dir=$as_mkdir_dir ;;
- *)
- as_incr_dir=$as_incr_dir/$as_mkdir_dir
- test -d "$as_incr_dir" ||
- mkdir "$as_incr_dir" ||
- { { echo "$as_me:$LINENO: error: cannot create \"$ac_dir\"" >&5
-echo "$as_me: error: cannot create \"$ac_dir\"" >&2;}
- { (exit 1); exit 1; }; }
- ;;
- esac
-done; }
-
- rm -f $ac_file
- mv $tmp/config.h $ac_file
- fi
- else
- cat $tmp/config.h
- rm -f $tmp/config.h
- fi
-done
-_ACEOF
-
-cat >>$CONFIG_STATUS <<\_ACEOF
-
-{ (exit 0); exit 0; }
-_ACEOF
-chmod +x $CONFIG_STATUS
-ac_clean_files=$ac_clean_files_save
-
-
-# configure is writing to config.log, and then calls config.status.
-# config.status does its own redirection, appending to config.log.
-# Unfortunately, on DOS this fails, as config.log is still kept open
-# by configure, so config.status won't be able to write to it; its
-# output is simply discarded. So we exec the FD to /dev/null,
-# effectively closing config.log, so it can be properly (re)opened and
-# appended to by config.status. When coming back to configure, we
-# need to make the FD available again.
-if test "$no_create" != yes; then
- ac_cs_success=:
- exec 5>/dev/null
- $SHELL $CONFIG_STATUS || ac_cs_success=false
- exec 5>>config.log
- # Use ||, not &&, to avoid exiting from the if with $? = 1, which
- # would make configure fail if this is the last instruction.
- $ac_cs_success || { (exit 1); exit 1; }
-fi
-
-
-# Print summary of options
-
-# Someone please show me a better way :)
-A=`eval echo ${prefix}` ; A=`eval echo ${A}`
-B=`eval echo ${bindir}` ; B=`eval echo ${B}`
-C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
-D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
-E=`eval echo ${libexecdir}/ssh-askpass` ; E=`eval echo ${E}`
-F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
-G=`eval echo ${piddir}` ; G=`eval echo ${G}`
-H=`eval echo ${PRIVSEP_PATH}` ; H=`eval echo ${H}`
-I=`eval echo ${user_path}` ; I=`eval echo ${I}`
-J=`eval echo ${superuser_path}` ; J=`eval echo ${J}`
-
-echo ""
-echo "OpenSSH has been configured with the following options:"
-echo " User binaries: $B"
-echo " System binaries: $C"
-echo " Configuration files: $D"
-echo " Askpass program: $E"
-echo " Manual pages: $F"
-echo " PID file: $G"
-echo " Privilege separation chroot path: $H"
-if test "$USES_LOGIN_CONF" = "yes" ; then
-echo " At runtime, sshd will use the path defined in /etc/login.conf"
-else
-echo " sshd default user PATH: $I"
-fi
-if test ! -z "$superuser_path" ; then
-echo " sshd superuser user PATH: $J"
-fi
-echo " Manpage format: $MANTYPE"
-echo " PAM support: ${PAM_MSG}"
-echo " KerberosIV support: $KRB4_MSG"
-echo " KerberosV support: $KRB5_MSG"
-echo " Smartcard support: $SCARD_MSG"
-echo " AFS support: $AFS_MSG"
-echo " S/KEY support: $SKEY_MSG"
-echo " TCP Wrappers support: $TCPW_MSG"
-echo " MD5 password support: $MD5_MSG"
-echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
-echo " Use IPv4 by default hack: $IPV4_HACK_MSG"
-echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
-echo " BSD Auth support: $BSD_AUTH_MSG"
-echo " Random number source: $RAND_MSG"
-if test ! -z "$USE_RAND_HELPER" ; then
-echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
-fi
-
-echo ""
-
-echo " Host: ${host}"
-echo " Compiler: ${CC}"
-echo " Compiler flags: ${CFLAGS}"
-echo "Preprocessor flags: ${CPPFLAGS}"
-echo " Linker flags: ${LDFLAGS}"
-echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}"
-
-echo ""
-
-if test "x$PAM_MSG" = "xyes" ; then
- echo "PAM is enabled. You may need to install a PAM control file "
- echo "for sshd, otherwise password authentication may fail. "
- echo "Example PAM control files can be found in the contrib/ "
- echo "subdirectory"
- echo ""
-fi
-
-if test ! -z "$NO_SFTP"; then
- echo "sftp-server will be disabled. Your compiler does not "
- echo "support 64bit integers."
- echo ""
-fi
-
-if test ! -z "$RAND_HELPER_CMDHASH" ; then
- echo "WARNING: you are using the builtin random number collection "
- echo "service. Please read WARNING.RNG and request that your OS "
- echo "vendor includes kernel-based random number collection in "
- echo "future versions of your OS."
- echo ""
-fi
-
+++ /dev/null
-# This file was created by autom4te-2.53.
-# It contains the lists of macros which have been traced.
-# It can be safely removed.
-
-@request = (
- bless( [
- '0',
- 1,
- [
- '/usr/share/autoconf-2.53'
- ],
- [
- '--reload-state=/usr/share/autoconf-2.53/autoconf/autoconf.m4f',
- 'aclocal.m4',
- 'configure.ac'
- ],
- {
- 'AC_HEADER_STAT' => 1,
- 'AC_FUNC_STRFTIME' => 1,
- 'AC_PROG_RANLIB' => 1,
- 'AC_FUNC_WAIT3' => 1,
- 'AC_FUNC_SETPGRP' => 1,
- 'AC_HEADER_TIME' => 1,
- 'AC_FUNC_SETVBUF_REVERSED' => 1,
- 'AC_HEADER_SYS_WAIT' => 1,
- 'AC_TYPE_UID_T' => 1,
- 'AM_CONDITIONAL' => 1,
- 'AC_CHECK_LIB' => 1,
- 'AC_PROG_LN_S' => 1,
- 'AC_FUNC_MEMCMP' => 1,
- 'AC_FUNC_FORK' => 1,
- 'AC_FUNC_GETGROUPS' => 1,
- 'AC_HEADER_MAJOR' => 1,
- 'AC_FUNC_STRTOD' => 1,
- 'AC_HEADER_DIRENT' => 1,
- 'AC_FUNC_UTIME_NULL' => 1,
- 'AC_CONFIG_FILES' => 1,
- 'AC_FUNC_ALLOCA' => 1,
- 'AC_C_CONST' => 1,
- 'include' => 1,
- 'AC_FUNC_OBSTACK' => 1,
- 'AC_FUNC_LSTAT' => 1,
- 'AC_STRUCT_TIMEZONE' => 1,
- 'AC_FUNC_GETPGRP' => 1,
- 'AC_DEFINE_TRACE_LITERAL' => 1,
- 'AC_CHECK_HEADERS' => 1,
- 'AC_TYPE_MODE_T' => 1,
- 'AC_CHECK_TYPES' => 1,
- 'AC_PROG_YACC' => 1,
- 'AC_TYPE_PID_T' => 1,
- 'AC_FUNC_STRERROR_R' => 1,
- 'AC_STRUCT_ST_BLOCKS' => 1,
- 'AC_PROG_GCC_TRADITIONAL' => 1,
- 'AC_TYPE_SIGNAL' => 1,
- 'AM_PROG_LIBTOOL' => 1,
- 'AC_FUNC_FNMATCH' => 1,
- 'AC_PROG_CPP' => 1,
- 'AC_FUNC_STAT' => 1,
- 'AC_PROG_INSTALL' => 1,
- 'AM_GNU_GETTEXT' => 1,
- 'AC_CONFIG_SUBDIRS' => 1,
- 'AC_FUNC_STRCOLL' => 1,
- 'AC_LIBSOURCE' => 1,
- 'AC_C_INLINE' => 1,
- 'AC_FUNC_CHOWN' => 1,
- 'AC_INIT' => 1,
- 'AC_PROG_LEX' => 1,
- 'AH_OUTPUT' => 1,
- 'AC_HEADER_STDC' => 1,
- 'AC_FUNC_GETLOADAVG' => 1,
- 'AC_CHECK_FUNCS' => 1,
- 'AC_TYPE_SIZE_T' => 1,
- 'AC_DECL_SYS_SIGLIST' => 1,
- 'AC_FUNC_MKTIME' => 1,
- 'AC_PROG_MAKE_SET' => 1,
- 'AC_PROG_CXX' => 1,
- 'm4_pattern_allow' => 1,
- 'm4_include' => 1,
- 'm4_pattern_forbid' => 1,
- 'AC_PROG_AWK' => 1,
- 'AC_FUNC_VPRINTF' => 1,
- 'AC_CONFIG_HEADERS' => 1,
- 'AC_PATH_X' => 1,
- 'AC_TYPE_OFF_T' => 1,
- 'AC_FUNC_MALLOC' => 1,
- 'AC_FUNC_ERROR_AT_LINE' => 1,
- 'AC_FUNC_FSEEKO' => 1,
- 'AC_FUNC_MMAP' => 1,
- 'AC_STRUCT_TM' => 1,
- 'AC_SUBST' => 1,
- 'AC_PROG_LIBTOOL' => 1,
- 'AC_PROG_CC' => 1
- }
- ], 'Request' )
- );
-
+++ /dev/null
-m4trace:configure.ac:3: -1- AC_INIT
-m4trace:configure.ac:3: -1- m4_pattern_forbid([^_?A[CHUM]_])
-m4trace:configure.ac:3: -1- m4_pattern_forbid([_AC_])
-m4trace:configure.ac:3: -1- m4_pattern_forbid([^LIBOBJS$], [do not use LIBOBJS directly, use AC_LIBOBJ (see section `AC_LIBOBJ vs. LIBOBJS'])
-m4trace:configure.ac:3: -1- m4_pattern_allow([^AS_FLAGS$])
-m4trace:configure.ac:3: -1- m4_pattern_forbid([^_?m4_])
-m4trace:configure.ac:3: -1- m4_pattern_forbid([^dnl$])
-m4trace:configure.ac:3: -1- m4_pattern_forbid([^_?AS_])
-m4trace:configure.ac:3: -1- AC_SUBST([SHELL], [${CONFIG_SHELL-/bin/sh}])
-m4trace:configure.ac:3: -1- AC_SUBST([PATH_SEPARATOR])
-m4trace:configure.ac:3: -1- AC_SUBST([PACKAGE_NAME], [m4_ifdef([AC_PACKAGE_NAME], ['AC_PACKAGE_NAME'])])
-m4trace:configure.ac:3: -1- AC_SUBST([PACKAGE_TARNAME], [m4_ifdef([AC_PACKAGE_TARNAME], ['AC_PACKAGE_TARNAME'])])
-m4trace:configure.ac:3: -1- AC_SUBST([PACKAGE_VERSION], [m4_ifdef([AC_PACKAGE_VERSION], ['AC_PACKAGE_VERSION'])])
-m4trace:configure.ac:3: -1- AC_SUBST([PACKAGE_STRING], [m4_ifdef([AC_PACKAGE_STRING], ['AC_PACKAGE_STRING'])])
-m4trace:configure.ac:3: -1- AC_SUBST([PACKAGE_BUGREPORT], [m4_ifdef([AC_PACKAGE_BUGREPORT], ['AC_PACKAGE_BUGREPORT'])])
-m4trace:configure.ac:3: -1- AC_SUBST([exec_prefix], [NONE])
-m4trace:configure.ac:3: -1- AC_SUBST([prefix], [NONE])
-m4trace:configure.ac:3: -1- AC_SUBST([program_transform_name], [s,x,x,])
-m4trace:configure.ac:3: -1- AC_SUBST([bindir], ['${exec_prefix}/bin'])
-m4trace:configure.ac:3: -1- AC_SUBST([sbindir], ['${exec_prefix}/sbin'])
-m4trace:configure.ac:3: -1- AC_SUBST([libexecdir], ['${exec_prefix}/libexec'])
-m4trace:configure.ac:3: -1- AC_SUBST([datadir], ['${prefix}/share'])
-m4trace:configure.ac:3: -1- AC_SUBST([sysconfdir], ['${prefix}/etc'])
-m4trace:configure.ac:3: -1- AC_SUBST([sharedstatedir], ['${prefix}/com'])
-m4trace:configure.ac:3: -1- AC_SUBST([localstatedir], ['${prefix}/var'])
-m4trace:configure.ac:3: -1- AC_SUBST([libdir], ['${exec_prefix}/lib'])
-m4trace:configure.ac:3: -1- AC_SUBST([includedir], ['${prefix}/include'])
-m4trace:configure.ac:3: -1- AC_SUBST([oldincludedir], ['/usr/include'])
-m4trace:configure.ac:3: -1- AC_SUBST([infodir], ['${prefix}/info'])
-m4trace:configure.ac:3: -1- AC_SUBST([mandir], ['${prefix}/man'])
-m4trace:configure.ac:3: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_NAME])
-m4trace:configure.ac:3: -1- AH_OUTPUT([PACKAGE_NAME], [/* Define to the full name of this package. */
-#undef PACKAGE_NAME])
-m4trace:configure.ac:3: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_TARNAME])
-m4trace:configure.ac:3: -1- AH_OUTPUT([PACKAGE_TARNAME], [/* Define to the one symbol short name of this package. */
-#undef PACKAGE_TARNAME])
-m4trace:configure.ac:3: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_VERSION])
-m4trace:configure.ac:3: -1- AH_OUTPUT([PACKAGE_VERSION], [/* Define to the version of this package. */
-#undef PACKAGE_VERSION])
-m4trace:configure.ac:3: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_STRING])
-m4trace:configure.ac:3: -1- AH_OUTPUT([PACKAGE_STRING], [/* Define to the full name and version of this package. */
-#undef PACKAGE_STRING])
-m4trace:configure.ac:3: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_BUGREPORT])
-m4trace:configure.ac:3: -1- AH_OUTPUT([PACKAGE_BUGREPORT], [/* Define to the address where bug reports for this package should be sent. */
-#undef PACKAGE_BUGREPORT])
-m4trace:configure.ac:3: -1- AC_SUBST([build_alias])
-m4trace:configure.ac:3: -1- AC_SUBST([host_alias])
-m4trace:configure.ac:3: -1- AC_SUBST([target_alias])
-m4trace:configure.ac:3: -1- AC_SUBST([DEFS])
-m4trace:configure.ac:3: -1- AC_SUBST([ECHO_C])
-m4trace:configure.ac:3: -1- AC_SUBST([ECHO_N])
-m4trace:configure.ac:3: -1- AC_SUBST([ECHO_T])
-m4trace:configure.ac:3: -1- AC_SUBST([LIBS])
-m4trace:configure.ac:6: -1- AC_CONFIG_HEADERS([config.h])
-m4trace:configure.ac:7: -1- AC_PROG_CC
-m4trace:configure.ac:7: -1- AC_SUBST([CC])
-m4trace:configure.ac:7: -1- AC_SUBST([CFLAGS])
-m4trace:configure.ac:7: -1- AC_SUBST([LDFLAGS])
-m4trace:configure.ac:7: -1- AC_SUBST([CPPFLAGS])
-m4trace:configure.ac:7: -1- AC_SUBST([CC])
-m4trace:configure.ac:7: -1- AC_SUBST([ac_ct_CC])
-m4trace:configure.ac:7: -1- AC_SUBST([CC])
-m4trace:configure.ac:7: -1- AC_SUBST([ac_ct_CC])
-m4trace:configure.ac:7: -1- AC_SUBST([CC])
-m4trace:configure.ac:7: -1- AC_SUBST([CC])
-m4trace:configure.ac:7: -1- AC_SUBST([ac_ct_CC])
-m4trace:configure.ac:7: -1- AC_SUBST([EXEEXT], [$ac_cv_exeext])
-m4trace:configure.ac:7: -1- AC_SUBST([OBJEXT], [$ac_cv_objext])
-m4trace:configure.ac:8: -1- AC_SUBST([build], [$ac_cv_build])
-m4trace:configure.ac:8: -1- AC_SUBST([build_cpu], [`echo $ac_cv_build | sed 's/^\([[^-]]*\)-\([[^-]]*\)-\(.*\)$/\1/'`])
-m4trace:configure.ac:8: -1- AC_SUBST([build_vendor], [`echo $ac_cv_build | sed 's/^\([[^-]]*\)-\([[^-]]*\)-\(.*\)$/\2/'`])
-m4trace:configure.ac:8: -1- AC_SUBST([build_os], [`echo $ac_cv_build | sed 's/^\([[^-]]*\)-\([[^-]]*\)-\(.*\)$/\3/'`])
-m4trace:configure.ac:8: -1- AC_SUBST([host], [$ac_cv_host])
-m4trace:configure.ac:8: -1- AC_SUBST([host_cpu], [`echo $ac_cv_host | sed 's/^\([[^-]]*\)-\([[^-]]*\)-\(.*\)$/\1/'`])
-m4trace:configure.ac:8: -1- AC_SUBST([host_vendor], [`echo $ac_cv_host | sed 's/^\([[^-]]*\)-\([[^-]]*\)-\(.*\)$/\2/'`])
-m4trace:configure.ac:8: -1- AC_SUBST([host_os], [`echo $ac_cv_host | sed 's/^\([[^-]]*\)-\([[^-]]*\)-\(.*\)$/\3/'`])
-m4trace:configure.ac:9: -1- AC_DEFINE_TRACE_LITERAL([WORDS_BIGENDIAN])
-m4trace:configure.ac:9: -1- AH_OUTPUT([WORDS_BIGENDIAN], [/* Define to 1 if your processor stores words with the most significant byte
- first (like Motorola and SPARC, unlike Intel and VAX). */
-#undef WORDS_BIGENDIAN])
-m4trace:configure.ac:12: -1- AC_PROG_CPP
-m4trace:configure.ac:12: -1- AC_SUBST([CPP])
-m4trace:configure.ac:12: -1- AC_SUBST([CPPFLAGS])
-m4trace:configure.ac:12: -1- AC_SUBST([CPP])
-m4trace:configure.ac:13: -1- AC_PROG_RANLIB
-m4trace:configure.ac:13: -1- AC_SUBST([RANLIB])
-m4trace:configure.ac:13: -1- AC_SUBST([ac_ct_RANLIB])
-m4trace:configure.ac:14: -1- AC_PROG_INSTALL
-m4trace:configure.ac:14: -1- AC_SUBST([INSTALL_PROGRAM])
-m4trace:configure.ac:14: -1- AC_SUBST([INSTALL_SCRIPT])
-m4trace:configure.ac:14: -1- AC_SUBST([INSTALL_DATA])
-m4trace:configure.ac:15: -1- AC_SUBST([AR], [$ac_cv_path_AR])
-m4trace:configure.ac:16: -1- AC_SUBST([PERL], [$ac_cv_path_PERL])
-m4trace:configure.ac:17: -1- AC_SUBST([PERL])
-m4trace:configure.ac:18: -1- AC_SUBST([ENT], [$ac_cv_path_ENT])
-m4trace:configure.ac:19: -1- AC_SUBST([ENT])
-m4trace:configure.ac:20: -1- AC_SUBST([FILEPRIV], [$ac_cv_path_FILEPRIV])
-m4trace:configure.ac:21: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH])
-m4trace:configure.ac:22: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH])
-m4trace:configure.ac:23: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH])
-m4trace:configure.ac:24: -1- AC_SUBST([SH], [$ac_cv_path_SH])
-m4trace:configure.ac:27: -1- AC_DEFINE_TRACE_LITERAL([_FILE_OFFSET_BITS])
-m4trace:configure.ac:27: -1- AH_OUTPUT([_FILE_OFFSET_BITS], [/* Number of bits in a file offset, on hosts where this is settable. */
-#undef _FILE_OFFSET_BITS])
-m4trace:configure.ac:27: -1- AC_DEFINE_TRACE_LITERAL([_LARGE_FILES])
-m4trace:configure.ac:27: -1- AH_OUTPUT([_LARGE_FILES], [/* Define for large files, on AIX-style hosts. */
-#undef _LARGE_FILES])
-m4trace:configure.ac:35: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_PROGRAM_FALLBACK])
-m4trace:configure.ac:38: -1- AC_SUBST([LOGIN_PROGRAM_FALLBACK], [$ac_cv_path_LOGIN_PROGRAM_FALLBACK])
-m4trace:configure.ac:40: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_PROGRAM_FALLBACK])
-m4trace:configure.ac:47: -1- AC_SUBST([LD])
-m4trace:configure.ac:49: -1- AC_C_INLINE
-m4trace:configure.ac:49: -1- AC_DEFINE_TRACE_LITERAL([inline])
-m4trace:configure.ac:49: -1- AH_OUTPUT([inline], [/* Define as \`__inline' if that's what the C compiler calls it, or to nothing
- if it is not supported. */
-#undef inline])
-m4trace:configure.ac:49: -1- AC_DEFINE_TRACE_LITERAL([inline])
-m4trace:configure.ac:74: -1- AC_DEFINE_TRACE_LITERAL([WITH_AIXAUTHENTICATE])
-m4trace:configure.ac:75: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_GETADDRINFO])
-m4trace:configure.ac:76: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_REALPATH])
-m4trace:configure.ac:78: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG])
-m4trace:configure.ac:82: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CYGWIN])
-m4trace:configure.ac:83: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:84: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
-m4trace:configure.ac:85: -1- AC_DEFINE_TRACE_LITERAL([IPV4_DEFAULT])
-m4trace:configure.ac:86: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN])
-m4trace:configure.ac:87: -1- AC_DEFINE_TRACE_LITERAL([NO_X11_UNIX_SOCKETS])
-m4trace:configure.ac:90: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN])
-m4trace:configure.ac:93: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_GETADDRINFO])
-m4trace:configure.ac:101: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE])
-m4trace:configure.ac:102: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:103: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT])
-m4trace:configure.ac:104: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
-m4trace:configure.ac:105: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
-m4trace:configure.ac:106: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
-m4trace:configure.ac:107: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE])
-m4trace:configure.ac:117: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:118: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT])
-m4trace:configure.ac:119: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
-m4trace:configure.ac:120: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
-m4trace:configure.ac:121: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
-m4trace:configure.ac:122: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE])
-m4trace:configure.ac:128: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE])
-m4trace:configure.ac:129: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:130: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT])
-m4trace:configure.ac:131: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
-m4trace:configure.ac:132: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
-m4trace:configure.ac:133: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
-m4trace:configure.ac:134: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE])
-m4trace:configure.ac:141: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_INET_NTOA])
-m4trace:configure.ac:142: -1- AC_DEFINE_TRACE_LITERAL([WITH_ABBREV_NO_TTY])
-m4trace:configure.ac:148: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_ARRAY])
-m4trace:configure.ac:149: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_PROJECT])
-m4trace:configure.ac:150: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_AUDIT])
-m4trace:configure.ac:151: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_JOBS])
-m4trace:configure.ac:152: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_INET_NTOA])
-m4trace:configure.ac:153: -1- AC_DEFINE_TRACE_LITERAL([WITH_ABBREV_NO_TTY])
-m4trace:configure.ac:158: -1- AC_DEFINE_TRACE_LITERAL([DONT_TRY_OTHER_AF])
-m4trace:configure.ac:159: -1- AC_DEFINE_TRACE_LITERAL([PAM_TTY_KLUDGE])
-m4trace:configure.ac:163: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NEWS4])
-m4trace:configure.ac:177: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NEXT])
-m4trace:configure.ac:178: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_REALPATH])
-m4trace:configure.ac:179: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:180: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SAVED_UIDS])
-m4trace:configure.ac:188: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE])
-m4trace:configure.ac:189: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
-m4trace:configure.ac:190: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_TERM])
-m4trace:configure.ac:191: -1- AC_DEFINE_TRACE_LITERAL([PAM_TTY_KLUDGE])
-m4trace:configure.ac:198: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
-m4trace:configure.ac:199: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP])
-m4trace:configure.ac:206: -1- AC_CHECK_FUNCS([getpwanam])
-m4trace:configure.ac:206: -1- AH_OUTPUT([HAVE_GETPWANAM], [/* Define to 1 if you have the \`getpwanam' function. */
-#undef HAVE_GETPWANAM])
-m4trace:configure.ac:207: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE])
-m4trace:configure.ac:211: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:217: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:224: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:225: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN])
-m4trace:configure.ac:234: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:240: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:253: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SYS_TERMIO_H])
-m4trace:configure.ac:254: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:255: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE])
-m4trace:configure.ac:256: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
-m4trace:configure.ac:257: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SAVED_UIDS])
-m4trace:configure.ac:258: -1- AC_CHECK_FUNCS([getluid setluid])
-m4trace:configure.ac:258: -1- AH_OUTPUT([HAVE_GETLUID], [/* Define to 1 if you have the \`getluid' function. */
-#undef HAVE_GETLUID])
-m4trace:configure.ac:258: -1- AH_OUTPUT([HAVE_SETLUID], [/* Define to 1 if you have the \`setluid' function. */
-#undef HAVE_SETLUID])
-m4trace:configure.ac:268: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:269: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE])
-m4trace:configure.ac:270: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
-m4trace:configure.ac:271: -1- AC_CHECK_FUNCS([getluid setluid])
-m4trace:configure.ac:271: -1- AH_OUTPUT([HAVE_GETLUID], [/* Define to 1 if you have the \`getluid' function. */
-#undef HAVE_GETLUID])
-m4trace:configure.ac:271: -1- AH_OUTPUT([HAVE_SETLUID], [/* Define to 1 if you have the \`setluid' function. */
-#undef HAVE_SETLUID])
-m4trace:configure.ac:277: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:296: -1- AC_DEFINE_TRACE_LITERAL([HAVE_OSF_SIA])
-m4trace:configure.ac:297: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LOGIN])
-m4trace:configure.ac:306: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:307: -1- AC_DEFINE_TRACE_LITERAL([NO_X11_UNIX_SOCKETS])
-m4trace:configure.ac:308: -1- AC_DEFINE_TRACE_LITERAL([MISSING_NFDBITS])
-m4trace:configure.ac:309: -1- AC_DEFINE_TRACE_LITERAL([MISSING_HOWMANY])
-m4trace:configure.ac:310: -1- AC_DEFINE_TRACE_LITERAL([MISSING_FD_MASK])
-m4trace:configure.ac:358: -1- AC_CHECK_HEADERS([bstring.h crypt.h endian.h floatingpoint.h \
- getopt.h glob.h lastlog.h limits.h login.h \
- login_cap.h maillock.h netdb.h netgroup.h \
- netinet/in_systm.h paths.h pty.h readpassphrase.h \
- rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
- strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
- sys/mman.h sys/select.h sys/stat.h \
- sys/stropts.h sys/sysmacros.h sys/time.h \
- sys/un.h time.h ttyent.h usersec.h \
- util.h utime.h utmp.h utmpx.h])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_BSTRING_H], [/* Define to 1 if you have the <bstring.h> header file. */
-#undef HAVE_BSTRING_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_CRYPT_H], [/* Define to 1 if you have the <crypt.h> header file. */
-#undef HAVE_CRYPT_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_ENDIAN_H], [/* Define to 1 if you have the <endian.h> header file. */
-#undef HAVE_ENDIAN_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_FLOATINGPOINT_H], [/* Define to 1 if you have the <floatingpoint.h> header file. */
-#undef HAVE_FLOATINGPOINT_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_GETOPT_H], [/* Define to 1 if you have the <getopt.h> header file. */
-#undef HAVE_GETOPT_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_GLOB_H], [/* Define to 1 if you have the <glob.h> header file. */
-#undef HAVE_GLOB_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_LASTLOG_H], [/* Define to 1 if you have the <lastlog.h> header file. */
-#undef HAVE_LASTLOG_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_LIMITS_H], [/* Define to 1 if you have the <limits.h> header file. */
-#undef HAVE_LIMITS_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_LOGIN_H], [/* Define to 1 if you have the <login.h> header file. */
-#undef HAVE_LOGIN_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_LOGIN_CAP_H], [/* Define to 1 if you have the <login_cap.h> header file. */
-#undef HAVE_LOGIN_CAP_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_MAILLOCK_H], [/* Define to 1 if you have the <maillock.h> header file. */
-#undef HAVE_MAILLOCK_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_NETDB_H], [/* Define to 1 if you have the <netdb.h> header file. */
-#undef HAVE_NETDB_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_NETGROUP_H], [/* Define to 1 if you have the <netgroup.h> header file. */
-#undef HAVE_NETGROUP_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_NETINET_IN_SYSTM_H], [/* Define to 1 if you have the <netinet/in_systm.h> header file. */
-#undef HAVE_NETINET_IN_SYSTM_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_PATHS_H], [/* Define to 1 if you have the <paths.h> header file. */
-#undef HAVE_PATHS_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_PTY_H], [/* Define to 1 if you have the <pty.h> header file. */
-#undef HAVE_PTY_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_READPASSPHRASE_H], [/* Define to 1 if you have the <readpassphrase.h> header file. */
-#undef HAVE_READPASSPHRASE_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_RPC_TYPES_H], [/* Define to 1 if you have the <rpc/types.h> header file. */
-#undef HAVE_RPC_TYPES_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_SECURITY_PAM_APPL_H], [/* Define to 1 if you have the <security/pam_appl.h> header file. */
-#undef HAVE_SECURITY_PAM_APPL_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_SHADOW_H], [/* Define to 1 if you have the <shadow.h> header file. */
-#undef HAVE_SHADOW_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_STDDEF_H], [/* Define to 1 if you have the <stddef.h> header file. */
-#undef HAVE_STDDEF_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */
-#undef HAVE_STDINT_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */
-#undef HAVE_STRINGS_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_SYS_BITYPES_H], [/* Define to 1 if you have the <sys/bitypes.h> header file. */
-#undef HAVE_SYS_BITYPES_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_SYS_BSDTTY_H], [/* Define to 1 if you have the <sys/bsdtty.h> header file. */
-#undef HAVE_SYS_BSDTTY_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_SYS_CDEFS_H], [/* Define to 1 if you have the <sys/cdefs.h> header file. */
-#undef HAVE_SYS_CDEFS_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_SYS_MMAN_H], [/* Define to 1 if you have the <sys/mman.h> header file. */
-#undef HAVE_SYS_MMAN_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_SYS_SELECT_H], [/* Define to 1 if you have the <sys/select.h> header file. */
-#undef HAVE_SYS_SELECT_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */
-#undef HAVE_SYS_STAT_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_SYS_STROPTS_H], [/* Define to 1 if you have the <sys/stropts.h> header file. */
-#undef HAVE_SYS_STROPTS_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_SYS_SYSMACROS_H], [/* Define to 1 if you have the <sys/sysmacros.h> header file. */
-#undef HAVE_SYS_SYSMACROS_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_SYS_TIME_H], [/* Define to 1 if you have the <sys/time.h> header file. */
-#undef HAVE_SYS_TIME_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_SYS_UN_H], [/* Define to 1 if you have the <sys/un.h> header file. */
-#undef HAVE_SYS_UN_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_TIME_H], [/* Define to 1 if you have the <time.h> header file. */
-#undef HAVE_TIME_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_TTYENT_H], [/* Define to 1 if you have the <ttyent.h> header file. */
-#undef HAVE_TTYENT_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_USERSEC_H], [/* Define to 1 if you have the <usersec.h> header file. */
-#undef HAVE_USERSEC_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_UTIL_H], [/* Define to 1 if you have the <util.h> header file. */
-#undef HAVE_UTIL_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_UTIME_H], [/* Define to 1 if you have the <utime.h> header file. */
-#undef HAVE_UTIME_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_UTMP_H], [/* Define to 1 if you have the <utmp.h> header file. */
-#undef HAVE_UTMP_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_UTMPX_H], [/* Define to 1 if you have the <utmpx.h> header file. */
-#undef HAVE_UTMPX_H])
-m4trace:configure.ac:358: -1- AC_HEADER_STDC
-m4trace:configure.ac:358: -1- AC_DEFINE_TRACE_LITERAL([STDC_HEADERS])
-m4trace:configure.ac:358: -1- AH_OUTPUT([STDC_HEADERS], [/* Define to 1 if you have the ANSI C header files. */
-#undef STDC_HEADERS])
-m4trace:configure.ac:358: -1- AC_CHECK_HEADERS([sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
- inttypes.h stdint.h unistd.h], [], [], [$ac_includes_default])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_SYS_TYPES_H], [/* Define to 1 if you have the <sys/types.h> header file. */
-#undef HAVE_SYS_TYPES_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */
-#undef HAVE_SYS_STAT_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
-#undef HAVE_STDLIB_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the <string.h> header file. */
-#undef HAVE_STRING_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_MEMORY_H], [/* Define to 1 if you have the <memory.h> header file. */
-#undef HAVE_MEMORY_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */
-#undef HAVE_STRINGS_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the <inttypes.h> header file. */
-#undef HAVE_INTTYPES_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */
-#undef HAVE_STDINT_H])
-m4trace:configure.ac:358: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
-#undef HAVE_UNISTD_H])
-m4trace:configure.ac:361: -2- AC_CHECK_LIB([nsl], [yp_match])
-m4trace:configure.ac:361: -2- AH_OUTPUT([HAVE_LIBNSL], [/* Define to 1 if you have the \`nsl' library (-lnsl). */
-#undef HAVE_LIBNSL])
-m4trace:configure.ac:361: -2- AC_DEFINE_TRACE_LITERAL([HAVE_LIBNSL])
-m4trace:configure.ac:362: -2- AC_CHECK_LIB([socket], [setsockopt])
-m4trace:configure.ac:362: -2- AH_OUTPUT([HAVE_LIBSOCKET], [/* Define to 1 if you have the \`socket' library (-lsocket). */
-#undef HAVE_LIBSOCKET])
-m4trace:configure.ac:362: -2- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSOCKET])
-m4trace:configure.ac:367: -1- AC_CHECK_LIB([rpc], [innetgr], [LIBS="-lrpc -lyp -lrpc $LIBS" ], [], [-lyp -lrpc])
-m4trace:configure.ac:372: -2- AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])
-m4trace:configure.ac:414: -1- AC_CHECK_LIB([z], [deflate], [], [{ { echo "$as_me:$LINENO: error: *** zlib missing - please install first or check config.log ***" >&5
-echo "$as_me: error: *** zlib missing - please install first or check config.log ***" >&2;}
- { (exit 1); exit 1; }; }])
-m4trace:configure.ac:414: -1- AH_OUTPUT([HAVE_LIBZ], [/* Define to 1 if you have the \`z' library (-lz). */
-#undef HAVE_LIBZ])
-m4trace:configure.ac:414: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBZ])
-m4trace:configure.ac:419: -1- AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"])
-m4trace:configure.ac:422: -1- AC_CHECK_LIB([c89], [utimes], [LIBS="$LIBS -lc89"])
-m4trace:configure.ac:425: -1- AC_CHECK_HEADERS([libutil.h])
-m4trace:configure.ac:425: -1- AH_OUTPUT([HAVE_LIBUTIL_H], [/* Define to 1 if you have the <libutil.h> header file. */
-#undef HAVE_LIBUTIL_H])
-m4trace:configure.ac:426: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LOGIN])
-m4trace:configure.ac:427: -1- AC_CHECK_FUNCS([logout updwtmp logwtmp])
-m4trace:configure.ac:427: -1- AH_OUTPUT([HAVE_LOGOUT], [/* Define to 1 if you have the \`logout' function. */
-#undef HAVE_LOGOUT])
-m4trace:configure.ac:427: -1- AH_OUTPUT([HAVE_UPDWTMP], [/* Define to 1 if you have the \`updwtmp' function. */
-#undef HAVE_UPDWTMP])
-m4trace:configure.ac:427: -1- AH_OUTPUT([HAVE_LOGWTMP], [/* Define to 1 if you have the \`logwtmp' function. */
-#undef HAVE_LOGWTMP])
-m4trace:configure.ac:429: -1- AC_FUNC_STRFTIME
-m4trace:configure.ac:429: -1- AC_CHECK_FUNCS([strftime], [], [# strftime is in -lintl on SCO UNIX.
-AC_CHECK_LIB(intl, strftime,
- [AC_DEFINE(HAVE_STRFTIME)
-LIBS="-lintl $LIBS"])])
-m4trace:configure.ac:429: -1- AH_OUTPUT([HAVE_STRFTIME], [/* Define to 1 if you have the \`strftime' function. */
-#undef HAVE_STRFTIME])
-m4trace:configure.ac:429: -1- AC_CHECK_LIB([intl], [strftime], [AC_DEFINE(HAVE_STRFTIME)
-LIBS="-lintl $LIBS"])
-m4trace:configure.ac:429: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRFTIME])
-m4trace:configure.ac:447: -1- AC_DEFINE_TRACE_LITERAL([GLOB_HAS_ALTDIRFUNC])
-m4trace:configure.ac:463: -1- AC_DEFINE_TRACE_LITERAL([GLOB_HAS_GL_MATCHC])
-m4trace:configure.ac:477: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_ONE_BYTE_DIRENT_D_NAME])
-m4trace:configure.ac:510: -1- AC_DEFINE_TRACE_LITERAL([SKEY])
-m4trace:configure.ac:564: -1- AC_DEFINE_TRACE_LITERAL([LIBWRAP])
-m4trace:configure.ac:564: -1- AC_SUBST([LIBWRAP])
-m4trace:configure.ac:577: -1- AC_CHECK_FUNCS([arc4random b64_ntop bcopy bindresvport_sa \
- clock fchmod fchown freeaddrinfo futimes gai_strerror \
- getaddrinfo getcwd getgrouplist getnameinfo getopt \
- getrlimit getrusage getttyent glob inet_aton inet_ntoa \
- inet_ntop innetgr login_getcapbool md5_crypt memmove \
- mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \
- realpath recvmsg rresvport_af sendmsg setdtablesize setegid \
- setenv seteuid setlogin setproctitle setresgid setreuid setrlimit \
- setsid setvbuf sigaction sigvec snprintf socketpair strerror \
- strlcat strlcpy strmode strsep sysconf tcgetpgrp truncate utimes \
- vhangup vsnprintf waitpid __b64_ntop _getpty])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_ARC4RANDOM], [/* Define to 1 if you have the \`arc4random' function. */
-#undef HAVE_ARC4RANDOM])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_B64_NTOP], [/* Define to 1 if you have the \`b64_ntop' function. */
-#undef HAVE_B64_NTOP])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_BCOPY], [/* Define to 1 if you have the \`bcopy' function. */
-#undef HAVE_BCOPY])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_BINDRESVPORT_SA], [/* Define to 1 if you have the \`bindresvport_sa' function. */
-#undef HAVE_BINDRESVPORT_SA])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_CLOCK], [/* Define to 1 if you have the \`clock' function. */
-#undef HAVE_CLOCK])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_FCHMOD], [/* Define to 1 if you have the \`fchmod' function. */
-#undef HAVE_FCHMOD])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_FCHOWN], [/* Define to 1 if you have the \`fchown' function. */
-#undef HAVE_FCHOWN])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_FREEADDRINFO], [/* Define to 1 if you have the \`freeaddrinfo' function. */
-#undef HAVE_FREEADDRINFO])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_FUTIMES], [/* Define to 1 if you have the \`futimes' function. */
-#undef HAVE_FUTIMES])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_GAI_STRERROR], [/* Define to 1 if you have the \`gai_strerror' function. */
-#undef HAVE_GAI_STRERROR])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_GETADDRINFO], [/* Define to 1 if you have the \`getaddrinfo' function. */
-#undef HAVE_GETADDRINFO])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_GETCWD], [/* Define to 1 if you have the \`getcwd' function. */
-#undef HAVE_GETCWD])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_GETGROUPLIST], [/* Define to 1 if you have the \`getgrouplist' function. */
-#undef HAVE_GETGROUPLIST])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_GETNAMEINFO], [/* Define to 1 if you have the \`getnameinfo' function. */
-#undef HAVE_GETNAMEINFO])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_GETOPT], [/* Define to 1 if you have the \`getopt' function. */
-#undef HAVE_GETOPT])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_GETRLIMIT], [/* Define to 1 if you have the \`getrlimit' function. */
-#undef HAVE_GETRLIMIT])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_GETRUSAGE], [/* Define to 1 if you have the \`getrusage' function. */
-#undef HAVE_GETRUSAGE])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_GETTTYENT], [/* Define to 1 if you have the \`getttyent' function. */
-#undef HAVE_GETTTYENT])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_GLOB], [/* Define to 1 if you have the \`glob' function. */
-#undef HAVE_GLOB])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_INET_ATON], [/* Define to 1 if you have the \`inet_aton' function. */
-#undef HAVE_INET_ATON])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_INET_NTOA], [/* Define to 1 if you have the \`inet_ntoa' function. */
-#undef HAVE_INET_NTOA])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_INET_NTOP], [/* Define to 1 if you have the \`inet_ntop' function. */
-#undef HAVE_INET_NTOP])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_INNETGR], [/* Define to 1 if you have the \`innetgr' function. */
-#undef HAVE_INNETGR])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_LOGIN_GETCAPBOOL], [/* Define to 1 if you have the \`login_getcapbool' function. */
-#undef HAVE_LOGIN_GETCAPBOOL])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_MD5_CRYPT], [/* Define to 1 if you have the \`md5_crypt' function. */
-#undef HAVE_MD5_CRYPT])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_MEMMOVE], [/* Define to 1 if you have the \`memmove' function. */
-#undef HAVE_MEMMOVE])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_MKDTEMP], [/* Define to 1 if you have the \`mkdtemp' function. */
-#undef HAVE_MKDTEMP])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_MMAP], [/* Define to 1 if you have the \`mmap' function. */
-#undef HAVE_MMAP])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_NGETADDRINFO], [/* Define to 1 if you have the \`ngetaddrinfo' function. */
-#undef HAVE_NGETADDRINFO])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_OPENPTY], [/* Define to 1 if you have the \`openpty' function. */
-#undef HAVE_OPENPTY])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_OGETADDRINFO], [/* Define to 1 if you have the \`ogetaddrinfo' function. */
-#undef HAVE_OGETADDRINFO])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_READPASSPHRASE], [/* Define to 1 if you have the \`readpassphrase' function. */
-#undef HAVE_READPASSPHRASE])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_REALPATH], [/* Define to 1 if you have the \`realpath' function. */
-#undef HAVE_REALPATH])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_RECVMSG], [/* Define to 1 if you have the \`recvmsg' function. */
-#undef HAVE_RECVMSG])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_RRESVPORT_AF], [/* Define to 1 if you have the \`rresvport_af' function. */
-#undef HAVE_RRESVPORT_AF])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_SENDMSG], [/* Define to 1 if you have the \`sendmsg' function. */
-#undef HAVE_SENDMSG])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_SETDTABLESIZE], [/* Define to 1 if you have the \`setdtablesize' function. */
-#undef HAVE_SETDTABLESIZE])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_SETEGID], [/* Define to 1 if you have the \`setegid' function. */
-#undef HAVE_SETEGID])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_SETENV], [/* Define to 1 if you have the \`setenv' function. */
-#undef HAVE_SETENV])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_SETEUID], [/* Define to 1 if you have the \`seteuid' function. */
-#undef HAVE_SETEUID])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_SETLOGIN], [/* Define to 1 if you have the \`setlogin' function. */
-#undef HAVE_SETLOGIN])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_SETPROCTITLE], [/* Define to 1 if you have the \`setproctitle' function. */
-#undef HAVE_SETPROCTITLE])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_SETRESGID], [/* Define to 1 if you have the \`setresgid' function. */
-#undef HAVE_SETRESGID])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_SETREUID], [/* Define to 1 if you have the \`setreuid' function. */
-#undef HAVE_SETREUID])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_SETRLIMIT], [/* Define to 1 if you have the \`setrlimit' function. */
-#undef HAVE_SETRLIMIT])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_SETSID], [/* Define to 1 if you have the \`setsid' function. */
-#undef HAVE_SETSID])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_SETVBUF], [/* Define to 1 if you have the \`setvbuf' function. */
-#undef HAVE_SETVBUF])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_SIGACTION], [/* Define to 1 if you have the \`sigaction' function. */
-#undef HAVE_SIGACTION])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_SIGVEC], [/* Define to 1 if you have the \`sigvec' function. */
-#undef HAVE_SIGVEC])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_SNPRINTF], [/* Define to 1 if you have the \`snprintf' function. */
-#undef HAVE_SNPRINTF])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_SOCKETPAIR], [/* Define to 1 if you have the \`socketpair' function. */
-#undef HAVE_SOCKETPAIR])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_STRERROR], [/* Define to 1 if you have the \`strerror' function. */
-#undef HAVE_STRERROR])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_STRLCAT], [/* Define to 1 if you have the \`strlcat' function. */
-#undef HAVE_STRLCAT])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_STRLCPY], [/* Define to 1 if you have the \`strlcpy' function. */
-#undef HAVE_STRLCPY])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_STRMODE], [/* Define to 1 if you have the \`strmode' function. */
-#undef HAVE_STRMODE])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_STRSEP], [/* Define to 1 if you have the \`strsep' function. */
-#undef HAVE_STRSEP])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_SYSCONF], [/* Define to 1 if you have the \`sysconf' function. */
-#undef HAVE_SYSCONF])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_TCGETPGRP], [/* Define to 1 if you have the \`tcgetpgrp' function. */
-#undef HAVE_TCGETPGRP])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_TRUNCATE], [/* Define to 1 if you have the \`truncate' function. */
-#undef HAVE_TRUNCATE])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_UTIMES], [/* Define to 1 if you have the \`utimes' function. */
-#undef HAVE_UTIMES])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_VHANGUP], [/* Define to 1 if you have the \`vhangup' function. */
-#undef HAVE_VHANGUP])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_VSNPRINTF], [/* Define to 1 if you have the \`vsnprintf' function. */
-#undef HAVE_VSNPRINTF])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE_WAITPID], [/* Define to 1 if you have the \`waitpid' function. */
-#undef HAVE_WAITPID])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE___B64_NTOP], [/* Define to 1 if you have the \`__b64_ntop' function. */
-#undef HAVE___B64_NTOP])
-m4trace:configure.ac:577: -1- AH_OUTPUT([HAVE__GETPTY], [/* Define to 1 if you have the \`_getpty' function. */
-#undef HAVE__GETPTY])
-m4trace:configure.ac:614: -1- AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS(libgen.h) ], [
- AC_CHECK_LIB(gen, dirname,[
- AC_CACHE_CHECK([for broken dirname],
- ac_cv_have_broken_dirname, [
- save_LIBS="$LIBS"
- LIBS="$LIBS -lgen"
- AC_TRY_RUN(
- [
-#include <libgen.h>
-#include <string.h>
-
-int main(int argc, char **argv) {
- char *s, buf[32];
-
- strncpy(buf,"/etc", 32);
- s = dirname(buf);
- if (!s || strncmp(s, "/", 32) != 0) {
- exit(1);
- } else {
- exit(0);
- }
-}
- ],
- [ ac_cv_have_broken_dirname="no" ],
- [ ac_cv_have_broken_dirname="yes" ]
- )
- LIBS="$save_LIBS"
- ])
- if test "x$ac_cv_have_broken_dirname" = "xno" ; then
- LIBS="$LIBS -lgen"
- AC_DEFINE(HAVE_DIRNAME)
- AC_CHECK_HEADERS(libgen.h)
- fi
- ])
-])
-m4trace:configure.ac:614: -1- AH_OUTPUT([HAVE_DIRNAME], [/* Define to 1 if you have the \`dirname' function. */
-#undef HAVE_DIRNAME])
-m4trace:configure.ac:614: -1- AC_CHECK_HEADERS([libgen.h])
-m4trace:configure.ac:614: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */
-#undef HAVE_LIBGEN_H])
-m4trace:configure.ac:614: -1- AC_CHECK_LIB([gen], [dirname], [
- AC_CACHE_CHECK([for broken dirname],
- ac_cv_have_broken_dirname, [
- save_LIBS="$LIBS"
- LIBS="$LIBS -lgen"
- AC_TRY_RUN(
- [
-#include <libgen.h>
-#include <string.h>
-
-int main(int argc, char **argv) {
- char *s, buf[32];
-
- strncpy(buf,"/etc", 32);
- s = dirname(buf);
- if (!s || strncmp(s, "/", 32) != 0) {
- exit(1);
- } else {
- exit(0);
- }
-}
- ],
- [ ac_cv_have_broken_dirname="no" ],
- [ ac_cv_have_broken_dirname="yes" ]
- )
- LIBS="$save_LIBS"
- ])
- if test "x$ac_cv_have_broken_dirname" = "xno" ; then
- LIBS="$LIBS -lgen"
- AC_DEFINE(HAVE_DIRNAME)
- AC_CHECK_HEADERS(libgen.h)
- fi
- ])
-m4trace:configure.ac:614: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DIRNAME])
-m4trace:configure.ac:614: -1- AC_CHECK_HEADERS([libgen.h])
-m4trace:configure.ac:614: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */
-#undef HAVE_LIBGEN_H])
-m4trace:configure.ac:617: -1- AC_CHECK_FUNCS([gettimeofday time])
-m4trace:configure.ac:617: -1- AH_OUTPUT([HAVE_GETTIMEOFDAY], [/* Define to 1 if you have the \`gettimeofday' function. */
-#undef HAVE_GETTIMEOFDAY])
-m4trace:configure.ac:617: -1- AH_OUTPUT([HAVE_TIME], [/* Define to 1 if you have the \`time' function. */
-#undef HAVE_TIME])
-m4trace:configure.ac:619: -1- AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
-m4trace:configure.ac:619: -1- AH_OUTPUT([HAVE_ENDUTENT], [/* Define to 1 if you have the \`endutent' function. */
-#undef HAVE_ENDUTENT])
-m4trace:configure.ac:619: -1- AH_OUTPUT([HAVE_GETUTENT], [/* Define to 1 if you have the \`getutent' function. */
-#undef HAVE_GETUTENT])
-m4trace:configure.ac:619: -1- AH_OUTPUT([HAVE_GETUTID], [/* Define to 1 if you have the \`getutid' function. */
-#undef HAVE_GETUTID])
-m4trace:configure.ac:619: -1- AH_OUTPUT([HAVE_GETUTLINE], [/* Define to 1 if you have the \`getutline' function. */
-#undef HAVE_GETUTLINE])
-m4trace:configure.ac:619: -1- AH_OUTPUT([HAVE_PUTUTLINE], [/* Define to 1 if you have the \`pututline' function. */
-#undef HAVE_PUTUTLINE])
-m4trace:configure.ac:619: -1- AH_OUTPUT([HAVE_SETUTENT], [/* Define to 1 if you have the \`setutent' function. */
-#undef HAVE_SETUTENT])
-m4trace:configure.ac:620: -1- AC_CHECK_FUNCS([utmpname])
-m4trace:configure.ac:620: -1- AH_OUTPUT([HAVE_UTMPNAME], [/* Define to 1 if you have the \`utmpname' function. */
-#undef HAVE_UTMPNAME])
-m4trace:configure.ac:622: -1- AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline pututxline ])
-m4trace:configure.ac:622: -1- AH_OUTPUT([HAVE_ENDUTXENT], [/* Define to 1 if you have the \`endutxent' function. */
-#undef HAVE_ENDUTXENT])
-m4trace:configure.ac:622: -1- AH_OUTPUT([HAVE_GETUTXENT], [/* Define to 1 if you have the \`getutxent' function. */
-#undef HAVE_GETUTXENT])
-m4trace:configure.ac:622: -1- AH_OUTPUT([HAVE_GETUTXID], [/* Define to 1 if you have the \`getutxid' function. */
-#undef HAVE_GETUTXID])
-m4trace:configure.ac:622: -1- AH_OUTPUT([HAVE_GETUTXLINE], [/* Define to 1 if you have the \`getutxline' function. */
-#undef HAVE_GETUTXLINE])
-m4trace:configure.ac:622: -1- AH_OUTPUT([HAVE_PUTUTXLINE], [/* Define to 1 if you have the \`pututxline' function. */
-#undef HAVE_PUTUTXLINE])
-m4trace:configure.ac:623: -1- AC_CHECK_FUNCS([setutxent utmpxname])
-m4trace:configure.ac:623: -1- AH_OUTPUT([HAVE_SETUTXENT], [/* Define to 1 if you have the \`setutxent' function. */
-#undef HAVE_SETUTXENT])
-m4trace:configure.ac:623: -1- AH_OUTPUT([HAVE_UTMPXNAME], [/* Define to 1 if you have the \`utmpxname' function. */
-#undef HAVE_UTMPXNAME])
-m4trace:configure.ac:628: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETUSERATTR])
-m4trace:configure.ac:628: -1- AC_CHECK_LIB([s], [getuserattr], [LIBS="$LIBS -ls"; AC_DEFINE(HAVE_GETUSERATTR)])
-m4trace:configure.ac:628: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETUSERATTR])
-m4trace:configure.ac:633: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DAEMON])
-m4trace:configure.ac:633: -1- AC_CHECK_LIB([bsd], [daemon], [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])
-m4trace:configure.ac:633: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DAEMON])
-m4trace:configure.ac:638: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETPAGESIZE])
-m4trace:configure.ac:638: -1- AC_CHECK_LIB([ucb], [getpagesize], [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])
-m4trace:configure.ac:638: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETPAGESIZE])
-m4trace:configure.ac:654: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SNPRINTF])
-m4trace:configure.ac:657: -1- AC_FUNC_GETPGRP
-m4trace:configure.ac:657: -1- AC_DEFINE_TRACE_LITERAL([GETPGRP_VOID])
-m4trace:configure.ac:657: -1- AH_OUTPUT([GETPGRP_VOID], [/* Define to 1 if the \`getpgrp' function requires zero arguments. */
-#undef GETPGRP_VOID])
-m4trace:configure.ac:685: -1- AC_CHECK_LIB([dl], [dlopen], [], [])
-m4trace:configure.ac:685: -1- AH_OUTPUT([HAVE_LIBDL], [/* Define to 1 if you have the \`dl' library (-ldl). */
-#undef HAVE_LIBDL])
-m4trace:configure.ac:685: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDL])
-m4trace:configure.ac:685: -1- AC_CHECK_LIB([pam], [pam_set_item], [], [{ { echo "$as_me:$LINENO: error: *** libpam missing" >&5
-echo "$as_me: error: *** libpam missing" >&2;}
- { (exit 1); exit 1; }; }])
-m4trace:configure.ac:685: -1- AH_OUTPUT([HAVE_LIBPAM], [/* Define to 1 if you have the \`pam' library (-lpam). */
-#undef HAVE_LIBPAM])
-m4trace:configure.ac:685: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBPAM])
-m4trace:configure.ac:685: -1- AC_CHECK_FUNCS([pam_getenvlist])
-m4trace:configure.ac:685: -1- AH_OUTPUT([HAVE_PAM_GETENVLIST], [/* Define to 1 if you have the \`pam_getenvlist' function. */
-#undef HAVE_PAM_GETENVLIST])
-m4trace:configure.ac:685: -1- AC_DEFINE_TRACE_LITERAL([USE_PAM])
-m4trace:configure.ac:685: -1- AC_SUBST([LIBPAM])
-m4trace:configure.ac:703: -1- AC_DEFINE_TRACE_LITERAL([HAVE_OLD_PAM])
-m4trace:configure.ac:735: -2- AC_DEFINE_TRACE_LITERAL([HAVE_OPENSSL])
-m4trace:configure.ac:750: -2- AC_DEFINE_TRACE_LITERAL([HAVE_OPENSSL])
-m4trace:configure.ac:773: -1- AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
-m4trace:configure.ac:821: -1- AC_DEFINE_TRACE_LITERAL([OPENSSL_PRNG_ONLY])
-m4trace:configure.ac:829: -1- AC_SUBST([INSTALL_SSH_RAND_HELPER])
-m4trace:configure.ac:852: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_PORT])
-m4trace:configure.ac:902: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_SOCKET])
-m4trace:configure.ac:902: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_SOCKET])
-m4trace:configure.ac:914: -1- AC_DEFINE_TRACE_LITERAL([ENTROPY_TIMEOUT_MSEC])
-m4trace:configure.ac:925: -1- AC_DEFINE_TRACE_LITERAL([SSH_PRIVSEP_USER])
-m4trace:configure.ac:942: -1- AC_SUBST([PROG_LS], [$ac_cv_path_PROG_LS])
-m4trace:configure.ac:942: -1- AC_SUBST([PROG_LS])
-m4trace:configure.ac:943: -1- AC_SUBST([PROG_NETSTAT], [$ac_cv_path_PROG_NETSTAT])
-m4trace:configure.ac:943: -1- AC_SUBST([PROG_NETSTAT])
-m4trace:configure.ac:944: -1- AC_SUBST([PROG_ARP], [$ac_cv_path_PROG_ARP])
-m4trace:configure.ac:944: -1- AC_SUBST([PROG_ARP])
-m4trace:configure.ac:945: -1- AC_SUBST([PROG_IFCONFIG], [$ac_cv_path_PROG_IFCONFIG])
-m4trace:configure.ac:945: -1- AC_SUBST([PROG_IFCONFIG])
-m4trace:configure.ac:946: -1- AC_SUBST([PROG_JSTAT], [$ac_cv_path_PROG_JSTAT])
-m4trace:configure.ac:946: -1- AC_SUBST([PROG_JSTAT])
-m4trace:configure.ac:947: -1- AC_SUBST([PROG_PS], [$ac_cv_path_PROG_PS])
-m4trace:configure.ac:947: -1- AC_SUBST([PROG_PS])
-m4trace:configure.ac:948: -1- AC_SUBST([PROG_SAR], [$ac_cv_path_PROG_SAR])
-m4trace:configure.ac:948: -1- AC_SUBST([PROG_SAR])
-m4trace:configure.ac:949: -1- AC_SUBST([PROG_W], [$ac_cv_path_PROG_W])
-m4trace:configure.ac:949: -1- AC_SUBST([PROG_W])
-m4trace:configure.ac:950: -1- AC_SUBST([PROG_WHO], [$ac_cv_path_PROG_WHO])
-m4trace:configure.ac:950: -1- AC_SUBST([PROG_WHO])
-m4trace:configure.ac:951: -1- AC_SUBST([PROG_LAST], [$ac_cv_path_PROG_LAST])
-m4trace:configure.ac:951: -1- AC_SUBST([PROG_LAST])
-m4trace:configure.ac:952: -1- AC_SUBST([PROG_LASTLOG], [$ac_cv_path_PROG_LASTLOG])
-m4trace:configure.ac:952: -1- AC_SUBST([PROG_LASTLOG])
-m4trace:configure.ac:953: -1- AC_SUBST([PROG_DF], [$ac_cv_path_PROG_DF])
-m4trace:configure.ac:953: -1- AC_SUBST([PROG_DF])
-m4trace:configure.ac:954: -1- AC_SUBST([PROG_VMSTAT], [$ac_cv_path_PROG_VMSTAT])
-m4trace:configure.ac:954: -1- AC_SUBST([PROG_VMSTAT])
-m4trace:configure.ac:955: -1- AC_SUBST([PROG_UPTIME], [$ac_cv_path_PROG_UPTIME])
-m4trace:configure.ac:955: -1- AC_SUBST([PROG_UPTIME])
-m4trace:configure.ac:956: -1- AC_SUBST([PROG_IPCS], [$ac_cv_path_PROG_IPCS])
-m4trace:configure.ac:956: -1- AC_SUBST([PROG_IPCS])
-m4trace:configure.ac:957: -1- AC_SUBST([PROG_TAIL], [$ac_cv_path_PROG_TAIL])
-m4trace:configure.ac:957: -1- AC_SUBST([PROG_TAIL])
-m4trace:configure.ac:974: -1- AC_SUBST([INSTALL_SSH_PRNG_CMDS])
-m4trace:configure.ac:983: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_CHAR])
-m4trace:configure.ac:983: -1- AH_OUTPUT([SIZEOF_CHAR], [/* The size of a \`char', as computed by sizeof. */
-#undef SIZEOF_CHAR])
-m4trace:configure.ac:984: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_SHORT_INT])
-m4trace:configure.ac:984: -1- AH_OUTPUT([SIZEOF_SHORT_INT], [/* The size of a \`short int', as computed by sizeof. */
-#undef SIZEOF_SHORT_INT])
-m4trace:configure.ac:985: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_INT])
-m4trace:configure.ac:985: -1- AH_OUTPUT([SIZEOF_INT], [/* The size of a \`int', as computed by sizeof. */
-#undef SIZEOF_INT])
-m4trace:configure.ac:986: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_LONG_INT])
-m4trace:configure.ac:986: -1- AH_OUTPUT([SIZEOF_LONG_INT], [/* The size of a \`long int', as computed by sizeof. */
-#undef SIZEOF_LONG_INT])
-m4trace:configure.ac:987: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_LONG_LONG_INT])
-m4trace:configure.ac:987: -1- AH_OUTPUT([SIZEOF_LONG_LONG_INT], [/* The size of a \`long long int', as computed by sizeof. */
-#undef SIZEOF_LONG_LONG_INT])
-m4trace:configure.ac:1004: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT])
-m4trace:configure.ac:1017: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T])
-m4trace:configure.ac:1033: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T])
-m4trace:configure.ac:1045: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT64_T])
-m4trace:configure.ac:1059: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT64_T])
-m4trace:configure.ac:1072: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT64_T])
-m4trace:configure.ac:1084: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T])
-m4trace:configure.ac:1098: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T])
-m4trace:configure.ac:1110: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T])
-m4trace:configure.ac:1124: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T])
-m4trace:configure.ac:1139: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINTXX_T])
-m4trace:configure.ac:1153: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINTXX_T])
-m4trace:configure.ac:1175: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T])
-m4trace:configure.ac:1175: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T])
-m4trace:configure.ac:1190: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_CHAR])
-m4trace:configure.ac:1193: -1- AC_DEFINE_TRACE_LITERAL([socklen_t])
-m4trace:configure.ac:1193: -1- AH_OUTPUT([socklen_t], [/* type to use in place of socklen_t if not defined */
-#undef socklen_t])
-m4trace:configure.ac:1195: -1- AC_CHECK_TYPES([sig_atomic_t], [], [], [#include <signal.h>])
-m4trace:configure.ac:1195: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SIG_ATOMIC_T])
-m4trace:configure.ac:1195: -1- AH_OUTPUT([HAVE_SIG_ATOMIC_T], [/* Define to 1 if the system has the type \`sig_atomic_t'. */
-#undef HAVE_SIG_ATOMIC_T])
-m4trace:configure.ac:1208: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SIZE_T])
-m4trace:configure.ac:1222: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SSIZE_T])
-m4trace:configure.ac:1236: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CLOCK_T])
-m4trace:configure.ac:1261: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SA_FAMILY_T])
-m4trace:configure.ac:1275: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PID_T])
-m4trace:configure.ac:1289: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MODE_T])
-m4trace:configure.ac:1305: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_SOCKADDR_STORAGE])
-m4trace:configure.ac:1320: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_SOCKADDR_IN6])
-m4trace:configure.ac:1335: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_IN6_ADDR])
-m4trace:configure.ac:1351: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_ADDRINFO])
-m4trace:configure.ac:1363: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_TIMEVAL])
-m4trace:configure.ac:1400: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SNPRINTF])
-m4trace:configure.ac:1402: -1- AC_SUBST([NO_SFTP])
-m4trace:configure.ac:1405: -1- AC_DEFINE_TRACE_LITERAL([HAVE_HOST_IN_UTMP])
-m4trace:configure.ac:1406: -1- AC_DEFINE_TRACE_LITERAL([HAVE_HOST_IN_UTMPX])
-m4trace:configure.ac:1407: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYSLEN_IN_UTMPX])
-m4trace:configure.ac:1408: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PID_IN_UTMP])
-m4trace:configure.ac:1409: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TYPE_IN_UTMP])
-m4trace:configure.ac:1410: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TYPE_IN_UTMPX])
-m4trace:configure.ac:1411: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TV_IN_UTMP])
-m4trace:configure.ac:1412: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ID_IN_UTMP])
-m4trace:configure.ac:1413: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ID_IN_UTMPX])
-m4trace:configure.ac:1414: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_IN_UTMP])
-m4trace:configure.ac:1415: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_IN_UTMPX])
-m4trace:configure.ac:1416: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_V6_IN_UTMP])
-m4trace:configure.ac:1417: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_V6_IN_UTMPX])
-m4trace:configure.ac:1418: -1- AC_DEFINE_TRACE_LITERAL([HAVE_EXIT_IN_UTMP])
-m4trace:configure.ac:1419: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TIME_IN_UTMP])
-m4trace:configure.ac:1420: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TIME_IN_UTMPX])
-m4trace:configure.ac:1421: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TV_IN_UTMPX])
-m4trace:configure.ac:1423: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_STAT_ST_BLKSIZE])
-m4trace:configure.ac:1423: -1- AH_OUTPUT([HAVE_STRUCT_STAT_ST_BLKSIZE], [/* Define to 1 if \`st_blksize' is member of \`struct stat'. */
-#undef HAVE_STRUCT_STAT_ST_BLKSIZE])
-m4trace:configure.ac:1438: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SS_FAMILY_IN_SS])
-m4trace:configure.ac:1454: -1- AC_DEFINE_TRACE_LITERAL([HAVE___SS_FAMILY_IN_SS])
-m4trace:configure.ac:1469: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_CLASS_IN_PASSWD])
-m4trace:configure.ac:1484: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_EXPIRE_IN_PASSWD])
-m4trace:configure.ac:1499: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_CHANGE_IN_PASSWD])
-m4trace:configure.ac:1516: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ACCRIGHTS_IN_MSGHDR])
-m4trace:configure.ac:1533: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CONTROL_IN_MSGHDR])
-m4trace:configure.ac:1544: -1- AC_DEFINE_TRACE_LITERAL([HAVE___PROGNAME])
-m4trace:configure.ac:1557: -1- AC_DEFINE_TRACE_LITERAL([HAVE___FUNCTION__])
-m4trace:configure.ac:1570: -1- AC_DEFINE_TRACE_LITERAL([HAVE___func__])
-m4trace:configure.ac:1585: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETOPT_OPTRESET])
-m4trace:configure.ac:1596: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYS_ERRLIST])
-m4trace:configure.ac:1608: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYS_NERR])
-m4trace:configure.ac:1641: -1- AC_CHECK_HEADERS([sectok.h])
-m4trace:configure.ac:1641: -1- AH_OUTPUT([HAVE_SECTOK_H], [/* Define to 1 if you have the <sectok.h> header file. */
-#undef HAVE_SECTOK_H])
-m4trace:configure.ac:1641: -1- AC_CHECK_LIB([sectok], [sectok_open])
-m4trace:configure.ac:1641: -1- AH_OUTPUT([HAVE_LIBSECTOK], [/* Define to 1 if you have the \`sectok' library (-lsectok). */
-#undef HAVE_LIBSECTOK])
-m4trace:configure.ac:1641: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSECTOK])
-m4trace:configure.ac:1641: -1- AC_DEFINE_TRACE_LITERAL([SMARTCARD])
-m4trace:configure.ac:1641: -1- AC_DEFINE_TRACE_LITERAL([USE_SECTOK])
-m4trace:configure.ac:1650: -1- AC_SUBST([OPENSC_CONFIG], [$ac_cv_path_OPENSC_CONFIG])
-m4trace:configure.ac:1656: -1- AC_DEFINE_TRACE_LITERAL([SMARTCARD])
-m4trace:configure.ac:1657: -1- AC_DEFINE_TRACE_LITERAL([USE_OPENSC])
-m4trace:configure.ac:1699: -1- AC_DEFINE_TRACE_LITERAL([KRB5])
-m4trace:configure.ac:1699: -1- AC_DEFINE_TRACE_LITERAL([HEIMDAL])
-m4trace:configure.ac:1699: -1- AC_CHECK_LIB([resolv], [dn_expand], [], [])
-m4trace:configure.ac:1699: -1- AH_OUTPUT([HAVE_LIBRESOLV], [/* Define to 1 if you have the \`resolv' library (-lresolv). */
-#undef HAVE_LIBRESOLV])
-m4trace:configure.ac:1699: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBRESOLV])
-m4trace:configure.ac:1753: -1- AC_CHECK_HEADERS([krb.h])
-m4trace:configure.ac:1753: -1- AH_OUTPUT([HAVE_KRB_H], [/* Define to 1 if you have the <krb.h> header file. */
-#undef HAVE_KRB_H])
-m4trace:configure.ac:1753: -1- AC_CHECK_LIB([krb], [main])
-m4trace:configure.ac:1753: -1- AH_OUTPUT([HAVE_LIBKRB], [/* Define to 1 if you have the \`krb' library (-lkrb). */
-#undef HAVE_LIBKRB])
-m4trace:configure.ac:1753: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBKRB])
-m4trace:configure.ac:1753: -1- AC_CHECK_LIB([krb4], [main])
-m4trace:configure.ac:1753: -1- AH_OUTPUT([HAVE_LIBKRB4], [/* Define to 1 if you have the \`krb4' library (-lkrb4). */
-#undef HAVE_LIBKRB4])
-m4trace:configure.ac:1753: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBKRB4])
-m4trace:configure.ac:1753: -1- AC_CHECK_LIB([des], [des_cbc_encrypt])
-m4trace:configure.ac:1753: -1- AH_OUTPUT([HAVE_LIBDES], [/* Define to 1 if you have the \`des' library (-ldes). */
-#undef HAVE_LIBDES])
-m4trace:configure.ac:1753: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDES])
-m4trace:configure.ac:1753: -1- AC_CHECK_LIB([des425], [des_cbc_encrypt])
-m4trace:configure.ac:1753: -1- AH_OUTPUT([HAVE_LIBDES425], [/* Define to 1 if you have the \`des425' library (-ldes425). */
-#undef HAVE_LIBDES425])
-m4trace:configure.ac:1753: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDES425])
-m4trace:configure.ac:1753: -1- AC_CHECK_LIB([resolv], [dn_expand], [], [])
-m4trace:configure.ac:1753: -1- AH_OUTPUT([HAVE_LIBRESOLV], [/* Define to 1 if you have the \`resolv' library (-lresolv). */
-#undef HAVE_LIBRESOLV])
-m4trace:configure.ac:1753: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBRESOLV])
-m4trace:configure.ac:1753: -1- AC_DEFINE_TRACE_LITERAL([KRB4])
-m4trace:configure.ac:1779: -1- AC_DEFINE_TRACE_LITERAL([AFS])
-m4trace:configure.ac:1793: -1- AC_SUBST([rsh_path], [$ac_cv_path_rsh_path])
-m4trace:configure.ac:1804: -1- AC_SUBST([PRIVSEP_PATH])
-m4trace:configure.ac:1819: -1- AC_SUBST([xauth_path], [$ac_cv_path_xauth_path])
-m4trace:configure.ac:1823: -1- AC_SUBST([XAUTH_PATH])
-m4trace:configure.ac:1825: -1- AC_DEFINE_TRACE_LITERAL([XAUTH_PATH])
-m4trace:configure.ac:1827: -1- AC_SUBST([XAUTH_PATH])
-m4trace:configure.ac:1830: -1- AC_DEFINE_TRACE_LITERAL([RSH_PATH])
-m4trace:configure.ac:1836: -1- AC_DEFINE_TRACE_LITERAL([MAIL_DIRECTORY])
-m4trace:configure.ac:1846: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DEV_PTMX])
-m4trace:configure.ac:1854: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DEV_PTS_AND_PTC])
-m4trace:configure.ac:1871: -1- AC_SUBST([NROFF], [$ac_cv_path_NROFF])
-m4trace:configure.ac:1880: -1- AC_SUBST([MANTYPE])
-m4trace:configure.ac:1886: -1- AC_SUBST([mansubdir])
-m4trace:configure.ac:1898: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MD5_PASSWORDS])
-m4trace:configure.ac:1909: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
-m4trace:configure.ac:1924: -1- AC_DEFINE_TRACE_LITERAL([HAS_SHADOW_EXPIRE])
-m4trace:configure.ac:1933: -1- AC_DEFINE_TRACE_LITERAL([IPADDR_IN_DISPLAY])
-m4trace:configure.ac:1944: -1- AC_DEFINE_TRACE_LITERAL([IPADDR_IN_DISPLAY])
-m4trace:configure.ac:2021: -1- AC_DEFINE_TRACE_LITERAL([USER_PATH])
-m4trace:configure.ac:2022: -1- AC_SUBST([user_path])
-m4trace:configure.ac:2035: -1- AC_DEFINE_TRACE_LITERAL([SUPERUSER_PATH])
-m4trace:configure.ac:2048: -1- AC_DEFINE_TRACE_LITERAL([IPV4_DEFAULT])
-m4trace:configure.ac:2071: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6])
-m4trace:configure.ac:2071: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6])
-m4trace:configure.ac:2083: -1- AC_DEFINE_TRACE_LITERAL([BSD_AUTH])
-m4trace:configure.ac:2101: -1- AC_SUBST([SSHMODE])
-m4trace:configure.ac:2126: -1- AC_DEFINE_TRACE_LITERAL([_PATH_SSH_PIDDIR])
-m4trace:configure.ac:2127: -1- AC_SUBST([piddir])
-m4trace:configure.ac:2133: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG])
-m4trace:configure.ac:2137: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
-m4trace:configure.ac:2141: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX])
-m4trace:configure.ac:2145: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP])
-m4trace:configure.ac:2149: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX])
-m4trace:configure.ac:2153: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LOGIN])
-m4trace:configure.ac:2157: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTLINE])
-m4trace:configure.ac:2161: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTXLINE])
-m4trace:configure.ac:2171: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG])
-m4trace:configure.ac:2233: -1- AC_DEFINE_TRACE_LITERAL([CONF_LASTLOG_FILE])
-m4trace:configure.ac:2258: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
-m4trace:configure.ac:2263: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMP_FILE])
-m4trace:configure.ac:2288: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP])
-m4trace:configure.ac:2293: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMP_FILE])
-m4trace:configure.ac:2318: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX])
-m4trace:configure.ac:2321: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMPX_FILE])
-m4trace:configure.ac:2343: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX])
-m4trace:configure.ac:2346: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMPX_FILE])
-m4trace:configure.ac:2364: -1- AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
*/
#include "includes.h"
-RCSID("$OpenBSD: canohost.c,v 1.34 2002/09/23 20:46:27 stevesk Exp $");
+RCSID("$OpenBSD: canohost.c,v 1.37 2003/06/02 09:17:34 markus Exp $");
#include "packet.h"
#include "xmalloc.h"
*/
static char *
-get_remote_hostname(int socket, int verify_reverse_mapping)
+get_remote_hostname(int socket, int use_dns)
{
struct sockaddr_storage from;
int i;
/* Get IP address of client. */
fromlen = sizeof(from);
memset(&from, 0, sizeof(from));
- if (getpeername(socket, (struct sockaddr *) &from, &fromlen) < 0) {
+ if (getpeername(socket, (struct sockaddr *)&from, &fromlen) < 0) {
debug("getpeername failed: %.100s", strerror(errno));
fatal_cleanup();
}
memset(&from, 0, sizeof(from));
from4->sin_family = AF_INET;
+ fromlen = sizeof(*from4);
memcpy(&from4->sin_addr, &addr, sizeof(addr));
from4->sin_port = port;
}
}
#endif
+ if (from.ss_family == AF_INET6)
+ fromlen = sizeof(struct sockaddr_in6);
if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop),
NULL, 0, NI_NUMERICHOST) != 0)
fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed");
+ if (!use_dns)
+ return xstrdup(ntop);
+
if (from.ss_family == AF_INET)
check_ip_options(socket, ntop);
if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
NULL, 0, NI_NAMEREQD) != 0) {
/* Host name not found. Use ip address. */
-#if 0
- log("Could not reverse map address %.100s.", ntop);
-#endif
return xstrdup(ntop);
}
- /* Got host name. */
- name[sizeof(name) - 1] = '\0';
+ /*
+ * if reverse lookup result looks like a numeric hostname,
+ * someone is trying to trick us by PTR record like following:
+ * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5
+ */
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_socktype = SOCK_DGRAM; /*dummy*/
+ hints.ai_flags = AI_NUMERICHOST;
+ if (getaddrinfo(name, "0", &hints, &ai) == 0) {
+ logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
+ name, ntop);
+ freeaddrinfo(ai);
+ return xstrdup(ntop);
+ }
+
/*
* Convert it to all lowercase (which is expected by the rest
* of this software).
for (i = 0; name[i]; i++)
if (isupper(name[i]))
name[i] = tolower(name[i]);
-
- if (!verify_reverse_mapping)
- return xstrdup(name);
/*
* Map it back to an IP address and check that the given
* address actually is an address of this host. This is
hints.ai_family = from.ss_family;
hints.ai_socktype = SOCK_STREAM;
if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
- log("reverse mapping checking getaddrinfo for %.700s "
+ logit("reverse mapping checking getaddrinfo for %.700s "
"failed - POSSIBLE BREAKIN ATTEMPT!", name);
return xstrdup(ntop);
}
/* If we reached the end of the list, the address was not there. */
if (!ai) {
/* Address not found for the host name. */
- log("Address %.100s maps to %.600s, but this does not "
+ logit("Address %.100s maps to %.600s, but this does not "
"map back to the address - POSSIBLE BREAKIN ATTEMPT!",
ntop, name);
return xstrdup(ntop);
static void
check_ip_options(int socket, char *ipaddr)
{
+#ifdef IP_OPTIONS
u_char options[200];
char text[sizeof(options) * 3 + 1];
socklen_t option_size;
for (i = 0; i < option_size; i++)
snprintf(text + i*3, sizeof(text) - i*3,
" %2.2x", options[i]);
- log("Connection from %.100s with IP options:%.800s",
+ logit("Connection from %.100s with IP options:%.800s",
ipaddr, text);
packet_disconnect("Connection from %.100s with IP options:%.800s",
ipaddr, text);
}
+#endif /* IP_OPTIONS */
}
/*
*/
const char *
-get_canonical_hostname(int verify_reverse_mapping)
+get_canonical_hostname(int use_dns)
{
static char *canonical_host_name = NULL;
- static int verify_reverse_mapping_done = 0;
+ static int use_dns_done = 0;
/* Check if we have previously retrieved name with same option. */
if (canonical_host_name != NULL) {
- if (verify_reverse_mapping_done != verify_reverse_mapping)
+ if (use_dns_done != use_dns)
xfree(canonical_host_name);
else
return canonical_host_name;
/* Get the real hostname if socket; otherwise return UNKNOWN. */
if (packet_connection_is_on_socket())
canonical_host_name = get_remote_hostname(
- packet_get_connection_in(), verify_reverse_mapping);
+ packet_get_connection_in(), use_dns);
else
canonical_host_name = xstrdup("UNKNOWN");
- verify_reverse_mapping_done = verify_reverse_mapping;
+ use_dns_done = use_dns;
return canonical_host_name;
}
/*
- * Returns the remote IP-address of socket as a string. The returned
- * string must be freed.
+ * Returns the local/remote IP-address/hostname of socket as a string.
+ * The returned string must be freed.
*/
static char *
get_socket_address(int socket, int remote, int flags)
< 0)
return NULL;
}
+
+ /* Work around Linux IPv6 weirdness */
+ if (addr.ss_family == AF_INET6)
+ addrlen = sizeof(struct sockaddr_in6);
+
/* Get the address in ascii. */
if (getnameinfo((struct sockaddr *)&addr, addrlen, ntop, sizeof(ntop),
NULL, 0, flags) != 0) {
- error("get_socket_ipaddr: getnameinfo %d failed", flags);
+ error("get_socket_address: getnameinfo %d failed", flags);
return NULL;
}
return xstrdup(ntop);
}
const char *
-get_remote_name_or_ip(u_int utmp_len, int verify_reverse_mapping)
+get_remote_name_or_ip(u_int utmp_len, int use_dns)
{
static const char *remote = "";
if (utmp_len > 0)
- remote = get_canonical_hostname(verify_reverse_mapping);
+ remote = get_canonical_hostname(use_dns);
if (utmp_len == 0 || strlen(remote) > utmp_len)
remote = get_remote_ipaddr();
return remote;
return 0;
}
} else {
- if (getpeername(sock, (struct sockaddr *) & from, &fromlen) < 0) {
+ if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) {
debug("getpeername failed: %.100s", strerror(errno));
fatal_cleanup();
}
}
+
+ /* Work around Linux IPv6 weirdness */
+ if (from.ss_family == AF_INET6)
+ fromlen = sizeof(struct sockaddr_in6);
+
/* Return port number. */
if (getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0,
strport, sizeof(strport), NI_NUMERICSERV) != 0)
--- /dev/null
+/*
+ * Copyright (c) 2003 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+RCSID("$OpenBSD: cipher-3des1.c,v 1.1 2003/05/15 03:08:29 markus Exp $");
+
+#include <openssl/evp.h>
+#include "xmalloc.h"
+#include "log.h"
+
+/*
+ * This is used by SSH1:
+ *
+ * What kind of triple DES are these 2 routines?
+ *
+ * Why is there a redundant initialization vector?
+ *
+ * If only iv3 was used, then, this would till effect have been
+ * outer-cbc. However, there is also a private iv1 == iv2 which
+ * perhaps makes differential analysis easier. On the other hand, the
+ * private iv1 probably makes the CRC-32 attack ineffective. This is a
+ * result of that there is no longer any known iv1 to use when
+ * choosing the X block.
+ */
+struct ssh1_3des_ctx
+{
+ EVP_CIPHER_CTX k1, k2, k3;
+};
+
+const EVP_CIPHER * evp_ssh1_3des(void);
+void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
+
+static int
+ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
+ int enc)
+{
+ struct ssh1_3des_ctx *c;
+ u_char *k1, *k2, *k3;
+
+ if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
+ c = xmalloc(sizeof(*c));
+ EVP_CIPHER_CTX_set_app_data(ctx, c);
+ }
+ if (key == NULL)
+ return (1);
+ if (enc == -1)
+ enc = ctx->encrypt;
+ k1 = k2 = k3 = (u_char *) key;
+ k2 += 8;
+ if (EVP_CIPHER_CTX_key_length(ctx) >= 16+8) {
+ if (enc)
+ k3 += 16;
+ else
+ k1 += 16;
+ }
+ EVP_CIPHER_CTX_init(&c->k1);
+ EVP_CIPHER_CTX_init(&c->k2);
+ EVP_CIPHER_CTX_init(&c->k3);
+#ifdef SSH_OLD_EVP
+ EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc);
+ EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc);
+ EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc);
+#else
+ if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 ||
+ EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 ||
+ EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) {
+ memset(c, 0, sizeof(*c));
+ xfree(c);
+ EVP_CIPHER_CTX_set_app_data(ctx, NULL);
+ return (0);
+ }
+#endif
+ return (1);
+}
+
+static int
+ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len)
+{
+ struct ssh1_3des_ctx *c;
+
+ if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
+ error("ssh1_3des_cbc: no context");
+ return (0);
+ }
+#ifdef SSH_OLD_EVP
+ EVP_Cipher(&c->k1, dest, (u_char *)src, len);
+ EVP_Cipher(&c->k2, dest, dest, len);
+ EVP_Cipher(&c->k3, dest, dest, len);
+#else
+ if (EVP_Cipher(&c->k1, dest, (u_char *)src, len) == 0 ||
+ EVP_Cipher(&c->k2, dest, dest, len) == 0 ||
+ EVP_Cipher(&c->k3, dest, dest, len) == 0)
+ return (0);
+#endif
+ return (1);
+}
+
+static int
+ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx)
+{
+ struct ssh1_3des_ctx *c;
+
+ if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
+ memset(c, 0, sizeof(*c));
+ xfree(c);
+ EVP_CIPHER_CTX_set_app_data(ctx, NULL);
+ }
+ return (1);
+}
+
+void
+ssh1_3des_iv(EVP_CIPHER_CTX *evp, int doset, u_char *iv, int len)
+{
+ struct ssh1_3des_ctx *c;
+
+ if (len != 24)
+ fatal("%s: bad 3des iv length: %d", __func__, len);
+ if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL)
+ fatal("%s: no 3des context", __func__);
+ if (doset) {
+ debug3("%s: Installed 3DES IV", __func__);
+ memcpy(c->k1.iv, iv, 8);
+ memcpy(c->k2.iv, iv + 8, 8);
+ memcpy(c->k3.iv, iv + 16, 8);
+ } else {
+ debug3("%s: Copying 3DES IV", __func__);
+ memcpy(iv, c->k1.iv, 8);
+ memcpy(iv + 8, c->k2.iv, 8);
+ memcpy(iv + 16, c->k3.iv, 8);
+ }
+}
+
+const EVP_CIPHER *
+evp_ssh1_3des(void)
+{
+ static EVP_CIPHER ssh1_3des;
+
+ memset(&ssh1_3des, 0, sizeof(EVP_CIPHER));
+ ssh1_3des.nid = NID_undef;
+ ssh1_3des.block_size = 8;
+ ssh1_3des.iv_len = 0;
+ ssh1_3des.key_len = 16;
+ ssh1_3des.init = ssh1_3des_init;
+ ssh1_3des.cleanup = ssh1_3des_cleanup;
+ ssh1_3des.do_cipher = ssh1_3des_cbc;
+#ifndef SSH_OLD_EVP
+ ssh1_3des.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH;
+#endif
+ return (&ssh1_3des);
+}
--- /dev/null
+/*
+ * Copyright (c) 2003 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+#if OPENSSL_VERSION_NUMBER < 0x00907000L
+RCSID("$OpenBSD: cipher-aes.c,v 1.1 2003/05/15 03:08:29 markus Exp $");
+
+#include <openssl/evp.h>
+#include "rijndael.h"
+#include "xmalloc.h"
+#include "log.h"
+
+#define RIJNDAEL_BLOCKSIZE 16
+struct ssh_rijndael_ctx
+{
+ rijndael_ctx r_ctx;
+ u_char r_iv[RIJNDAEL_BLOCKSIZE];
+};
+
+const EVP_CIPHER * evp_rijndael(void);
+void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
+
+static int
+ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
+ int enc)
+{
+ struct ssh_rijndael_ctx *c;
+
+ if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
+ c = xmalloc(sizeof(*c));
+ EVP_CIPHER_CTX_set_app_data(ctx, c);
+ }
+ if (key != NULL) {
+ if (enc == -1)
+ enc = ctx->encrypt;
+ rijndael_set_key(&c->r_ctx, (u_char *)key,
+ 8*EVP_CIPHER_CTX_key_length(ctx), enc);
+ }
+ if (iv != NULL)
+ memcpy(c->r_iv, iv, RIJNDAEL_BLOCKSIZE);
+ return (1);
+}
+
+static int
+ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
+ u_int len)
+{
+ struct ssh_rijndael_ctx *c;
+ u_char buf[RIJNDAEL_BLOCKSIZE];
+ u_char *cprev, *cnow, *plain, *ivp;
+ int i, j, blocks = len / RIJNDAEL_BLOCKSIZE;
+
+ if (len == 0)
+ return (1);
+ if (len % RIJNDAEL_BLOCKSIZE)
+ fatal("ssh_rijndael_cbc: bad len %d", len);
+ if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
+ error("ssh_rijndael_cbc: no context");
+ return (0);
+ }
+ if (ctx->encrypt) {
+ cnow = dest;
+ plain = (u_char *)src;
+ cprev = c->r_iv;
+ for (i = 0; i < blocks; i++, plain+=RIJNDAEL_BLOCKSIZE,
+ cnow+=RIJNDAEL_BLOCKSIZE) {
+ for (j = 0; j < RIJNDAEL_BLOCKSIZE; j++)
+ buf[j] = plain[j] ^ cprev[j];
+ rijndael_encrypt(&c->r_ctx, buf, cnow);
+ cprev = cnow;
+ }
+ memcpy(c->r_iv, cprev, RIJNDAEL_BLOCKSIZE);
+ } else {
+ cnow = (u_char *) (src+len-RIJNDAEL_BLOCKSIZE);
+ plain = dest+len-RIJNDAEL_BLOCKSIZE;
+
+ memcpy(buf, cnow, RIJNDAEL_BLOCKSIZE);
+ for (i = blocks; i > 0; i--, cnow-=RIJNDAEL_BLOCKSIZE,
+ plain-=RIJNDAEL_BLOCKSIZE) {
+ rijndael_decrypt(&c->r_ctx, cnow, plain);
+ ivp = (i == 1) ? c->r_iv : cnow-RIJNDAEL_BLOCKSIZE;
+ for (j = 0; j < RIJNDAEL_BLOCKSIZE; j++)
+ plain[j] ^= ivp[j];
+ }
+ memcpy(c->r_iv, buf, RIJNDAEL_BLOCKSIZE);
+ }
+ return (1);
+}
+
+static int
+ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx)
+{
+ struct ssh_rijndael_ctx *c;
+
+ if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
+ memset(c, 0, sizeof(*c));
+ xfree(c);
+ EVP_CIPHER_CTX_set_app_data(ctx, NULL);
+ }
+ return (1);
+}
+
+void
+ssh_rijndael_iv(EVP_CIPHER_CTX *evp, int doset, u_char * iv, u_int len)
+{
+ struct ssh_rijndael_ctx *c;
+
+ if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL)
+ fatal("ssh_rijndael_iv: no context");
+ if (doset)
+ memcpy(c->r_iv, iv, len);
+ else
+ memcpy(iv, c->r_iv, len);
+}
+
+const EVP_CIPHER *
+evp_rijndael(void)
+{
+ static EVP_CIPHER rijndal_cbc;
+
+ memset(&rijndal_cbc, 0, sizeof(EVP_CIPHER));
+ rijndal_cbc.nid = NID_undef;
+ rijndal_cbc.block_size = RIJNDAEL_BLOCKSIZE;
+ rijndal_cbc.iv_len = RIJNDAEL_BLOCKSIZE;
+ rijndal_cbc.key_len = 16;
+ rijndal_cbc.init = ssh_rijndael_init;
+ rijndal_cbc.cleanup = ssh_rijndael_cleanup;
+ rijndal_cbc.do_cipher = ssh_rijndael_cbc;
+#ifndef SSH_OLD_EVP
+ rijndal_cbc.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
+ EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
+#endif
+ return (&rijndal_cbc);
+}
+#endif /* OPENSSL_VERSION_NUMBER */
--- /dev/null
+/*
+ * Copyright (c) 2003 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+RCSID("$OpenBSD: cipher-bf1.c,v 1.1 2003/05/15 03:08:29 markus Exp $");
+
+#include <openssl/evp.h>
+#include "xmalloc.h"
+#include "log.h"
+/*
+ * SSH1 uses a variation on Blowfish, all bytes must be swapped before
+ * and after encryption/decryption. Thus the swap_bytes stuff (yuk).
+ */
+
+const EVP_CIPHER * evp_ssh1_bf(void);
+
+static void
+swap_bytes(const u_char *src, u_char *dst, int n)
+{
+ u_char c[4];
+
+ /* Process 4 bytes every lap. */
+ for (n = n / 4; n > 0; n--) {
+ c[3] = *src++;
+ c[2] = *src++;
+ c[1] = *src++;
+ c[0] = *src++;
+
+ *dst++ = c[0];
+ *dst++ = c[1];
+ *dst++ = c[2];
+ *dst++ = c[3];
+ }
+}
+
+#ifdef SSH_OLD_EVP
+static void bf_ssh1_init (EVP_CIPHER_CTX * ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ if (iv != NULL)
+ memcpy (&(ctx->oiv[0]), iv, 8);
+ memcpy (&(ctx->iv[0]), &(ctx->oiv[0]), 8);
+ if (key != NULL)
+ BF_set_key (&(ctx->c.bf_ks), EVP_CIPHER_CTX_key_length (ctx),
+ key);
+}
+#endif
+
+static int (*orig_bf)(EVP_CIPHER_CTX *, u_char *, const u_char *, u_int) = NULL;
+
+static int
+bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, u_int len)
+{
+ int ret;
+
+ swap_bytes(in, out, len);
+ ret = (*orig_bf)(ctx, out, out, len);
+ swap_bytes(out, out, len);
+ return (ret);
+}
+
+const EVP_CIPHER *
+evp_ssh1_bf(void)
+{
+ static EVP_CIPHER ssh1_bf;
+
+ memcpy(&ssh1_bf, EVP_bf_cbc(), sizeof(EVP_CIPHER));
+ orig_bf = ssh1_bf.do_cipher;
+ ssh1_bf.nid = NID_undef;
+#ifdef SSH_OLD_EVP
+ ssh1_bf.init = bf_ssh1_init;
+#endif
+ ssh1_bf.do_cipher = bf_ssh1_cipher;
+ ssh1_bf.key_len = 32;
+ return (&ssh1_bf);
+}
--- /dev/null
+/*
+ * Copyright (c) 2003 Markus Friedl <markus@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include "includes.h"
+RCSID("$OpenBSD: cipher-ctr.c,v 1.2 2003/06/17 18:14:23 markus Exp $");
+
+#include <openssl/evp.h>
+
+#include "log.h"
+#include "xmalloc.h"
+
+#if OPENSSL_VERSION_NUMBER < 0x00907000L
+#include "rijndael.h"
+#define AES_KEY rijndael_ctx
+#define AES_BLOCK_SIZE 16
+#define AES_encrypt(a, b, c) rijndael_encrypt(c, a, b)
+#define AES_set_encrypt_key(a, b, c) rijndael_set_key(c, (char *)a, b, 1)
+#else
+#include <openssl/aes.h>
+#endif
+
+const EVP_CIPHER *evp_aes_128_ctr(void);
+void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
+
+struct ssh_aes_ctr_ctx
+{
+ AES_KEY aes_ctx;
+ u_char aes_counter[AES_BLOCK_SIZE];
+};
+
+/*
+ * increment counter 'ctr',
+ * the counter is of size 'len' bytes and stored in network-byte-order.
+ * (LSB at ctr[len-1], MSB at ctr[0])
+ */
+static void
+ssh_ctr_inc(u_char *ctr, u_int len)
+{
+ int i;
+
+ for (i = len - 1; i >= 0; i--)
+ if (++ctr[i]) /* continue on overflow */
+ return;
+}
+
+static int
+ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
+ u_int len)
+{
+ struct ssh_aes_ctr_ctx *c;
+ u_int n = 0;
+ u_char buf[AES_BLOCK_SIZE];
+
+ if (len == 0)
+ return (1);
+ if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL)
+ return (0);
+
+ while ((len--) > 0) {
+ if (n == 0) {
+ AES_encrypt(c->aes_counter, buf, &c->aes_ctx);
+ ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE);
+ }
+ *(dest++) = *(src++) ^ buf[n];
+ n = (n + 1) % AES_BLOCK_SIZE;
+ }
+ return (1);
+}
+
+static int
+ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
+ int enc)
+{
+ struct ssh_aes_ctr_ctx *c;
+
+ if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
+ c = xmalloc(sizeof(*c));
+ EVP_CIPHER_CTX_set_app_data(ctx, c);
+ }
+ if (key != NULL)
+ AES_set_encrypt_key(key, ctx->key_len * 8, &c->aes_ctx);
+ if (iv != NULL)
+ memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
+ return (1);
+}
+
+static int
+ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx)
+{
+ struct ssh_aes_ctr_ctx *c;
+
+ if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
+ memset(c, 0, sizeof(*c));
+ xfree(c);
+ EVP_CIPHER_CTX_set_app_data(ctx, NULL);
+ }
+ return (1);
+}
+
+void
+ssh_aes_ctr_iv(EVP_CIPHER_CTX *evp, int doset, u_char * iv, u_int len)
+{
+ struct ssh_aes_ctr_ctx *c;
+
+ if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL)
+ fatal("ssh_aes_ctr_iv: no context");
+ if (doset)
+ memcpy(c->aes_counter, iv, len);
+ else
+ memcpy(iv, c->aes_counter, len);
+}
+
+const EVP_CIPHER *
+evp_aes_128_ctr(void)
+{
+ static EVP_CIPHER aes_ctr;
+
+ memset(&aes_ctr, 0, sizeof(EVP_CIPHER));
+ aes_ctr.nid = NID_undef;
+ aes_ctr.block_size = AES_BLOCK_SIZE;
+ aes_ctr.iv_len = AES_BLOCK_SIZE;
+ aes_ctr.key_len = 16;
+ aes_ctr.init = ssh_aes_ctr_init;
+ aes_ctr.cleanup = ssh_aes_ctr_cleanup;
+ aes_ctr.do_cipher = ssh_aes_ctr;
+ aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
+ EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
+ return (&aes_ctr);
+}
*/
#include "includes.h"
-RCSID("$OpenBSD: cipher.c,v 1.61 2002/07/12 15:50:17 markus Exp $");
+RCSID("$OpenBSD: cipher.c,v 1.65 2003/05/17 04:27:52 markus Exp $");
#include "xmalloc.h"
#include "log.h"
#endif
#if OPENSSL_VERSION_NUMBER < 0x00907000L
-#include "rijndael.h"
-static const EVP_CIPHER *evp_rijndael(void);
+extern const EVP_CIPHER *evp_rijndael(void);
+extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
#endif
-static const EVP_CIPHER *evp_ssh1_3des(void);
-static const EVP_CIPHER *evp_ssh1_bf(void);
+extern const EVP_CIPHER *evp_ssh1_bf(void);
+extern const EVP_CIPHER *evp_ssh1_3des(void);
+extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
+extern const EVP_CIPHER *evp_aes_128_ctr(void);
+extern void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
struct Cipher {
char *name;
{ "rijndael-cbc@lysator.liu.se",
SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc },
#endif
+#if OPENSSL_VERSION_NUMBER >= 0x00906000L
+ { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, evp_aes_128_ctr },
+ { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr },
+ { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr },
+#endif
{ NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL }
};
cipher->name);
klen = EVP_CIPHER_CTX_key_length(&cc->evp);
if (klen > 0 && keylen != klen) {
- debug("cipher_init: set keylen (%d -> %d)", klen, keylen);
+ debug2("cipher_init: set keylen (%d -> %d)", klen, keylen);
if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0)
fatal("cipher_init: set keylen failed (%d -> %d)",
klen, keylen);
memset(&md, 0, sizeof(md));
}
-/* Implementations for other non-EVP ciphers */
-
-/*
- * This is used by SSH1:
- *
- * What kind of triple DES are these 2 routines?
- *
- * Why is there a redundant initialization vector?
- *
- * If only iv3 was used, then, this would till effect have been
- * outer-cbc. However, there is also a private iv1 == iv2 which
- * perhaps makes differential analysis easier. On the other hand, the
- * private iv1 probably makes the CRC-32 attack ineffective. This is a
- * result of that there is no longer any known iv1 to use when
- * choosing the X block.
- */
-struct ssh1_3des_ctx
-{
- EVP_CIPHER_CTX k1, k2, k3;
-};
-
-static int
-ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
- int enc)
-{
- struct ssh1_3des_ctx *c;
- u_char *k1, *k2, *k3;
-
- if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
- c = xmalloc(sizeof(*c));
- EVP_CIPHER_CTX_set_app_data(ctx, c);
- }
- if (key == NULL)
- return (1);
- if (enc == -1)
- enc = ctx->encrypt;
- k1 = k2 = k3 = (u_char *) key;
- k2 += 8;
- if (EVP_CIPHER_CTX_key_length(ctx) >= 16+8) {
- if (enc)
- k3 += 16;
- else
- k1 += 16;
- }
- EVP_CIPHER_CTX_init(&c->k1);
- EVP_CIPHER_CTX_init(&c->k2);
- EVP_CIPHER_CTX_init(&c->k3);
-#ifdef SSH_OLD_EVP
- EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc);
- EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc);
- EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc);
-#else
- if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 ||
- EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 ||
- EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) {
- memset(c, 0, sizeof(*c));
- xfree(c);
- EVP_CIPHER_CTX_set_app_data(ctx, NULL);
- return (0);
- }
-#endif
- return (1);
-}
-
-static int
-ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len)
-{
- struct ssh1_3des_ctx *c;
-
- if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
- error("ssh1_3des_cbc: no context");
- return (0);
- }
-#ifdef SSH_OLD_EVP
- EVP_Cipher(&c->k1, dest, (u_char *)src, len);
- EVP_Cipher(&c->k2, dest, dest, len);
- EVP_Cipher(&c->k3, dest, dest, len);
-#else
- if (EVP_Cipher(&c->k1, dest, (u_char *)src, len) == 0 ||
- EVP_Cipher(&c->k2, dest, dest, len) == 0 ||
- EVP_Cipher(&c->k3, dest, dest, len) == 0)
- return (0);
-#endif
- return (1);
-}
-
-static int
-ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx)
-{
- struct ssh1_3des_ctx *c;
-
- if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
- memset(c, 0, sizeof(*c));
- xfree(c);
- EVP_CIPHER_CTX_set_app_data(ctx, NULL);
- }
- return (1);
-}
-
-static const EVP_CIPHER *
-evp_ssh1_3des(void)
-{
- static EVP_CIPHER ssh1_3des;
-
- memset(&ssh1_3des, 0, sizeof(EVP_CIPHER));
- ssh1_3des.nid = NID_undef;
- ssh1_3des.block_size = 8;
- ssh1_3des.iv_len = 0;
- ssh1_3des.key_len = 16;
- ssh1_3des.init = ssh1_3des_init;
- ssh1_3des.cleanup = ssh1_3des_cleanup;
- ssh1_3des.do_cipher = ssh1_3des_cbc;
-#ifndef SSH_OLD_EVP
- ssh1_3des.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH;
-#endif
- return (&ssh1_3des);
-}
-
-/*
- * SSH1 uses a variation on Blowfish, all bytes must be swapped before
- * and after encryption/decryption. Thus the swap_bytes stuff (yuk).
- */
-static void
-swap_bytes(const u_char *src, u_char *dst, int n)
-{
- u_char c[4];
-
- /* Process 4 bytes every lap. */
- for (n = n / 4; n > 0; n--) {
- c[3] = *src++;
- c[2] = *src++;
- c[1] = *src++;
- c[0] = *src++;
-
- *dst++ = c[0];
- *dst++ = c[1];
- *dst++ = c[2];
- *dst++ = c[3];
- }
-}
-
-#ifdef SSH_OLD_EVP
-static void bf_ssh1_init (EVP_CIPHER_CTX * ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
-{
- if (iv != NULL)
- memcpy (&(ctx->oiv[0]), iv, 8);
- memcpy (&(ctx->iv[0]), &(ctx->oiv[0]), 8);
- if (key != NULL)
- BF_set_key (&(ctx->c.bf_ks), EVP_CIPHER_CTX_key_length (ctx),
- key);
-}
-#endif
-static int (*orig_bf)(EVP_CIPHER_CTX *, u_char *, const u_char *, u_int) = NULL;
-
-static int
-bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, u_int len)
-{
- int ret;
-
- swap_bytes(in, out, len);
- ret = (*orig_bf)(ctx, out, out, len);
- swap_bytes(out, out, len);
- return (ret);
-}
-
-static const EVP_CIPHER *
-evp_ssh1_bf(void)
-{
- static EVP_CIPHER ssh1_bf;
-
- memcpy(&ssh1_bf, EVP_bf_cbc(), sizeof(EVP_CIPHER));
- orig_bf = ssh1_bf.do_cipher;
- ssh1_bf.nid = NID_undef;
-#ifdef SSH_OLD_EVP
- ssh1_bf.init = bf_ssh1_init;
-#endif
- ssh1_bf.do_cipher = bf_ssh1_cipher;
- ssh1_bf.key_len = 32;
- return (&ssh1_bf);
-}
-
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
-/* RIJNDAEL */
-#define RIJNDAEL_BLOCKSIZE 16
-struct ssh_rijndael_ctx
-{
- rijndael_ctx r_ctx;
- u_char r_iv[RIJNDAEL_BLOCKSIZE];
-};
-
-static int
-ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
- int enc)
-{
- struct ssh_rijndael_ctx *c;
-
- if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
- c = xmalloc(sizeof(*c));
- EVP_CIPHER_CTX_set_app_data(ctx, c);
- }
- if (key != NULL) {
- if (enc == -1)
- enc = ctx->encrypt;
- rijndael_set_key(&c->r_ctx, (u_char *)key,
- 8*EVP_CIPHER_CTX_key_length(ctx), enc);
- }
- if (iv != NULL)
- memcpy(c->r_iv, iv, RIJNDAEL_BLOCKSIZE);
- return (1);
-}
-
-static int
-ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
- u_int len)
-{
- struct ssh_rijndael_ctx *c;
- u_char buf[RIJNDAEL_BLOCKSIZE];
- u_char *cprev, *cnow, *plain, *ivp;
- int i, j, blocks = len / RIJNDAEL_BLOCKSIZE;
-
- if (len == 0)
- return (1);
- if (len % RIJNDAEL_BLOCKSIZE)
- fatal("ssh_rijndael_cbc: bad len %d", len);
- if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) {
- error("ssh_rijndael_cbc: no context");
- return (0);
- }
- if (ctx->encrypt) {
- cnow = dest;
- plain = (u_char *)src;
- cprev = c->r_iv;
- for (i = 0; i < blocks; i++, plain+=RIJNDAEL_BLOCKSIZE,
- cnow+=RIJNDAEL_BLOCKSIZE) {
- for (j = 0; j < RIJNDAEL_BLOCKSIZE; j++)
- buf[j] = plain[j] ^ cprev[j];
- rijndael_encrypt(&c->r_ctx, buf, cnow);
- cprev = cnow;
- }
- memcpy(c->r_iv, cprev, RIJNDAEL_BLOCKSIZE);
- } else {
- cnow = (u_char *) (src+len-RIJNDAEL_BLOCKSIZE);
- plain = dest+len-RIJNDAEL_BLOCKSIZE;
-
- memcpy(buf, cnow, RIJNDAEL_BLOCKSIZE);
- for (i = blocks; i > 0; i--, cnow-=RIJNDAEL_BLOCKSIZE,
- plain-=RIJNDAEL_BLOCKSIZE) {
- rijndael_decrypt(&c->r_ctx, cnow, plain);
- ivp = (i == 1) ? c->r_iv : cnow-RIJNDAEL_BLOCKSIZE;
- for (j = 0; j < RIJNDAEL_BLOCKSIZE; j++)
- plain[j] ^= ivp[j];
- }
- memcpy(c->r_iv, buf, RIJNDAEL_BLOCKSIZE);
- }
- return (1);
-}
-
-static int
-ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx)
-{
- struct ssh_rijndael_ctx *c;
-
- if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
- memset(c, 0, sizeof(*c));
- xfree(c);
- EVP_CIPHER_CTX_set_app_data(ctx, NULL);
- }
- return (1);
-}
-
-static const EVP_CIPHER *
-evp_rijndael(void)
-{
- static EVP_CIPHER rijndal_cbc;
-
- memset(&rijndal_cbc, 0, sizeof(EVP_CIPHER));
- rijndal_cbc.nid = NID_undef;
- rijndal_cbc.block_size = RIJNDAEL_BLOCKSIZE;
- rijndal_cbc.iv_len = RIJNDAEL_BLOCKSIZE;
- rijndal_cbc.key_len = 16;
- rijndal_cbc.init = ssh_rijndael_init;
- rijndal_cbc.cleanup = ssh_rijndael_cleanup;
- rijndal_cbc.do_cipher = ssh_rijndael_cbc;
-#ifndef SSH_OLD_EVP
- rijndal_cbc.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
- EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
-#endif
- return (&rijndal_cbc);
-}
-#endif
-
/*
* Exports an IV from the CipherContext required to export the key
* state back from the unprivileged child to the privileged parent
cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
{
Cipher *c = cc->cipher;
- u_char *civ = NULL;
int evplen;
switch (c->number) {
if (evplen != len)
fatal("%s: wrong iv length %d != %d", __func__,
evplen, len);
-
#if OPENSSL_VERSION_NUMBER < 0x00907000L
- if (c->evptype == evp_rijndael) {
- struct ssh_rijndael_ctx *aesc;
-
- aesc = EVP_CIPHER_CTX_get_app_data(&cc->evp);
- if (aesc == NULL)
- fatal("%s: no rijndael context", __func__);
- civ = aesc->r_iv;
- } else
+ if (c->evptype == evp_rijndael)
+ ssh_rijndael_iv(&cc->evp, 0, iv, len);
+ else
#endif
- {
- civ = cc->evp.iv;
- }
+ if (c->evptype == evp_aes_128_ctr)
+ ssh_aes_ctr_iv(&cc->evp, 0, iv, len);
+ else
+ memcpy(iv, cc->evp.iv, len);
+ break;
+ case SSH_CIPHER_3DES:
+ ssh1_3des_iv(&cc->evp, 0, iv, 24);
break;
- case SSH_CIPHER_3DES: {
- struct ssh1_3des_ctx *desc;
- if (len != 24)
- fatal("%s: bad 3des iv length: %d", __func__, len);
- desc = EVP_CIPHER_CTX_get_app_data(&cc->evp);
- if (desc == NULL)
- fatal("%s: no 3des context", __func__);
- debug3("%s: Copying 3DES IV", __func__);
- memcpy(iv, desc->k1.iv, 8);
- memcpy(iv + 8, desc->k2.iv, 8);
- memcpy(iv + 16, desc->k3.iv, 8);
- return;
- }
default:
fatal("%s: bad cipher %d", __func__, c->number);
}
- memcpy(iv, civ, len);
}
void
cipher_set_keyiv(CipherContext *cc, u_char *iv)
{
Cipher *c = cc->cipher;
- u_char *div = NULL;
int evplen = 0;
switch (c->number) {
evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
if (evplen == 0)
return;
-
#if OPENSSL_VERSION_NUMBER < 0x00907000L
- if (c->evptype == evp_rijndael) {
- struct ssh_rijndael_ctx *aesc;
-
- aesc = EVP_CIPHER_CTX_get_app_data(&cc->evp);
- if (aesc == NULL)
- fatal("%s: no rijndael context", __func__);
- div = aesc->r_iv;
- } else
+ if (c->evptype == evp_rijndael)
+ ssh_rijndael_iv(&cc->evp, 1, iv, evplen);
+ else
#endif
- {
- div = cc->evp.iv;
- }
+ if (c->evptype == evp_aes_128_ctr)
+ ssh_aes_ctr_iv(&cc->evp, 1, iv, evplen);
+ else
+ memcpy(cc->evp.iv, iv, evplen);
+ break;
+ case SSH_CIPHER_3DES:
+ ssh1_3des_iv(&cc->evp, 1, iv, 24);
break;
- case SSH_CIPHER_3DES: {
- struct ssh1_3des_ctx *desc;
- desc = EVP_CIPHER_CTX_get_app_data(&cc->evp);
- if (desc == NULL)
- fatal("%s: no 3des context", __func__);
- debug3("%s: Installed 3DES IV", __func__);
- memcpy(desc->k1.iv, iv, 8);
- memcpy(desc->k2.iv, iv + 8, 8);
- memcpy(desc->k3.iv, iv + 16, 8);
- return;
- }
default:
fatal("%s: bad cipher %d", __func__, c->number);
}
- memcpy(div, iv, evplen);
}
#if OPENSSL_VERSION_NUMBER < 0x00907000L
--- /dev/null
+/*
+ * Copyright (c) 2003 Markus Friedl <markus@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include "includes.h"
+RCSID("$OpenBSD: cleanup.c,v 1.1 2003/09/23 20:17:11 markus Exp $");
+
+#include "log.h"
+
+/* default implementation */
+void
+cleanup_exit(int i)
+{
+ _exit(i);
+}
*/
#include "includes.h"
-RCSID("$OpenBSD: compat.c,v 1.65 2002/09/27 10:42:09 mickey Exp $");
+RCSID("$OpenBSD: compat.c,v 1.69 2003/08/29 10:03:15 markus Exp $");
#include "buffer.h"
#include "packet.h"
{ "OpenSSH_2.9p*", SSH_OLD_GSSAPI },
{ "OpenSSH_2.*,"
"OpenSSH_3.0*,"
- "OpenSSH_3.1*", SSH_BUG_EXTEOF|SSH_BUG_GSS_EMPTYUSER},
+ "OpenSSH_3.1*", SSH_BUG_EXTEOF|SSH_BUG_GSS_EMPTYUSER|
+ SSH_BUG_GSSAPI_BER},
+ { "OpenSSH_3.2*,"
+ "OpenSSH_3.3*,"
+ "OpenSSH_3.4*,"
+ "OpenSSH_3.5*,"
+ "OpenSSH_3.6.1*", SSH_BUG_GSSAPI_BER},
{ "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
{ "OpenSSH*", 0 },
{ "*MindTerm*", 0 },
{ "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
- SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE },
+ SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE|
+ SSH_BUG_FIRSTKEX },
{ "2.1 *", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
- SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE },
+ SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE|
+ SSH_BUG_FIRSTKEX },
{ "2.0.13*,"
"2.0.14*,"
"2.0.15*,"
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
SSH_BUG_PKOK|SSH_BUG_RSASIGMD5|
SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE|
- SSH_BUG_DUMMYCHAN },
+ SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX },
{ "2.0.11*,"
"2.0.12*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
SSH_BUG_PKAUTH|SSH_BUG_PKOK|
SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE|
- SSH_BUG_DUMMYCHAN },
+ SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX },
{ "2.0.*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
SSH_BUG_PKAUTH|SSH_BUG_PKOK|
SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE|
- SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN },
+ SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN|
+ SSH_BUG_FIRSTKEX },
{ "2.2.0*,"
"2.3.0*", SSH_BUG_HMAC|SSH_BUG_DEBUG|
- SSH_BUG_RSASIGMD5 },
- { "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5 },
+ SSH_BUG_RSASIGMD5|SSH_BUG_FIRSTKEX },
+ { "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5|
+ SSH_BUG_FIRSTKEX },
{ "2.4", SSH_OLD_SESSIONID }, /* Van Dyke */
- { "2.*", SSH_BUG_DEBUG },
+ { "2.*", SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX },
{ "3.0.*", SSH_BUG_DEBUG },
{ "3.0 SecureCRT*", SSH_OLD_SESSIONID },
{ "1.7 SecureFX*", SSH_OLD_SESSIONID },
"1.2.19*,"
"1.2.20*,"
"1.2.21*,"
- "1.2.22*", SSH_BUG_IGNOREMSG|SSH_BUG_K5USER },
+ "1.2.22*", SSH_BUG_IGNOREMSG },
{ "1.3.2*", /* F-Secure */
- SSH_BUG_IGNOREMSG|SSH_BUG_K5USER },
- { "1.2.1*,"
- "1.2.2*,"
- "1.2.3*", SSH_BUG_K5USER },
+ SSH_BUG_IGNOREMSG },
{ "*SSH Compatible Server*", /* Netscreen */
SSH_BUG_PASSWORDPAD },
{ "*OSU_0*,"
ret |= SSH_PROTO_2;
break;
default:
- log("ignoring bad proto spec: '%s'.", p);
+ logit("ignoring bad proto spec: '%s'.", p);
break;
}
}
-/* $OpenBSD: compat.h,v 1.33 2002/09/27 10:42:09 mickey Exp $ */
+/* $OpenBSD: compat.h,v 1.36 2003/08/29 10:03:15 markus Exp $ */
/*
* Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved.
#define SSH_BUG_DERIVEKEY 0x00040000
#define SSH_BUG_DUMMYCHAN 0x00100000
#define SSH_BUG_EXTEOF 0x00200000
-#define SSH_BUG_K5USER 0x00400000
-#define SSH_BUG_PROBE 0x00800000
-#define SSH_OLD_GSSAPI 0x10000000
-#define SSH_BUG_GSS_EMPTYUSER 0x20000000
+#define SSH_BUG_PROBE 0x00400000
+#define SSH_BUG_FIRSTKEX 0x00800000
+#define SSH_BUG_GSSAPI_BER 0x01000000
+#define SSH_OLD_GSSAPI 0x02000000
+#define SSH_BUG_GSS_EMPTYUSER 0x10000000
void enable_compat13(void);
void enable_compat20(void);
AC_C_BIGENDIAN
# Checks for programs.
+AC_PROG_AWK
AC_PROG_CPP
AC_PROG_RANLIB
AC_PROG_INSTALL
AC_PATH_PROG(AR, ar)
AC_PATH_PROGS(PERL, perl5 perl)
+AC_PATH_PROG(SED, sed)
AC_SUBST(PERL)
AC_PATH_PROG(ENT, ent)
AC_SUBST(ENT)
# Check for some target-specific stuff
case "$host" in
*-*-aix*)
- AFS_LIBS="-lld"
CPPFLAGS="$CPPFLAGS -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
- if (test "$LD" != "gcc" && test -z "$blibpath"); then
- AC_MSG_CHECKING([if linkage editor ($LD) accepts -blibpath])
- saved_LDFLAGS="$LDFLAGS"
- LDFLAGS="$LDFLAGS -blibpath:/usr/lib:/lib:/usr/local/lib"
- AC_TRY_LINK([],
- [],
- [
- AC_MSG_RESULT(yes)
- blibpath="/usr/lib:/lib:/usr/local/lib"
- ],
- [ AC_MSG_RESULT(no) ]
- )
- LDFLAGS="$saved_LDFLAGS"
+ AC_MSG_CHECKING([how to specify blibpath for linker ($LD)])
+ if (test -z "$blibpath"); then
+ blibpath="/usr/lib:/lib:/usr/local/lib"
+ fi
+ saved_LDFLAGS="$LDFLAGS"
+ for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do
+ if (test -z "$blibflags"); then
+ LDFLAGS="$saved_LDFLAGS $tryflags$blibpath"
+ AC_TRY_LINK([], [], [blibflags=$tryflags])
+ fi
+ done
+ if (test -z "$blibflags"); then
+ AC_MSG_RESULT(not found)
+ AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log])
+ else
+ AC_MSG_RESULT($blibflags)
fi
+ LDFLAGS="$saved_LDFLAGS"
+ dnl Check for authenticate. Might be in libs.a on older AIXes
AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
[AC_CHECK_LIB(s,authenticate,
[ AC_DEFINE(WITH_AIXAUTHENTICATE)
LIBS="$LIBS -ls"
])
])
+ dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
+ AC_CHECK_DECL(loginfailed,
+ [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
+ AC_TRY_COMPILE(
+ [#include <usersec.h>],
+ [(void)loginfailed("user","host","tty",0);],
+ [AC_MSG_RESULT(yes)
+ AC_DEFINE(AIX_LOGINFAILED_4ARG)],
+ [AC_MSG_RESULT(no)]
+ )],
+ [],
+ [#include <usersec.h>]
+ )
+ AC_CHECK_FUNCS(setauthdb)
AC_DEFINE(BROKEN_GETADDRINFO)
AC_DEFINE(BROKEN_REALPATH)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
dnl AIX handles lastlog as part of its login message
AC_DEFINE(DISABLE_LASTLOG)
AC_DEFINE(LOGIN_NEEDS_UTMPX)
+ AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
;;
*-*-cygwin*)
+ check_for_libcrypt_later=1
LIBS="$LIBS /usr/lib/textmode.o"
AC_DEFINE(HAVE_CYGWIN)
AC_DEFINE(USE_PIPES)
AC_DEFINE(DISABLE_SHADOW)
- AC_DEFINE(IPV4_DEFAULT)
AC_DEFINE(IP_TOS_IS_BROKEN)
AC_DEFINE(NO_X11_UNIX_SOCKETS)
AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
[AC_MSG_RESULT(buggy)
AC_DEFINE(BROKEN_GETADDRINFO)],
[AC_MSG_RESULT(assume it is working)])
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
;;
*-*-hpux10.26)
if test -z "$GCC"; then
AC_DEFINE(LOGIN_NEEDS_UTMPX)
AC_DEFINE(DISABLE_SHADOW)
AC_DEFINE(DISABLE_UTMP)
+ AC_DEFINE(LOCKED_PASSWD_STRING, "*")
AC_DEFINE(SPT_TYPE,SPT_PSTAT)
LIBS="$LIBS -lsec -lsecpw"
AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
AC_DEFINE(LOGIN_NEEDS_UTMPX)
AC_DEFINE(DISABLE_SHADOW)
AC_DEFINE(DISABLE_UTMP)
+ AC_DEFINE(LOCKED_PASSWD_STRING, "*")
AC_DEFINE(SPT_TYPE,SPT_PSTAT)
LIBS="$LIBS -lsec"
AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
AC_DEFINE(LOGIN_NEEDS_UTMPX)
AC_DEFINE(DISABLE_SHADOW)
AC_DEFINE(DISABLE_UTMP)
+ AC_DEFINE(LOCKED_PASSWD_STRING, "*")
AC_DEFINE(SPT_TYPE,SPT_PSTAT)
LIBS="$LIBS -lsec"
AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
PATH="$PATH:/usr/etc"
AC_DEFINE(BROKEN_INET_NTOA)
AC_DEFINE(WITH_ABBREV_NO_TTY)
+ AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
;;
*-*-irix6*)
CPPFLAGS="$CPPFLAGS -I/usr/local/include"
AC_DEFINE(WITH_IRIX_AUDIT)
AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)])
AC_DEFINE(BROKEN_INET_NTOA)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
AC_DEFINE(WITH_ABBREV_NO_TTY)
+ AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
;;
*-*-linux*)
no_dev_ptmx=1
check_for_libcrypt_later=1
+ check_for_openpty_ctty_bug=1
AC_DEFINE(DONT_TRY_OTHER_AF)
AC_DEFINE(PAM_TTY_KLUDGE)
+ AC_DEFINE(LOCKED_PASSWD_PREFIX, "!!")
+ AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
inet6_default_4in6=yes
+ case `uname -r` in
+ 1.*|2.0.*)
+ AC_DEFINE(BROKEN_CMSG_TYPE)
+ ;;
+ esac
;;
mips-sony-bsd|mips-sony-newsos4)
AC_DEFINE(HAVE_NEWS4)
*-*-freebsd*)
check_for_libcrypt_later=1
;;
+*-*-bsdi*)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
+ ;;
*-next-*)
conf_lastlog_location="/usr/adm/lastlog"
conf_utmp_location=/etc/utmp
AC_DEFINE(LOGIN_NEEDS_UTMPX)
AC_DEFINE(LOGIN_NEEDS_TERM)
AC_DEFINE(PAM_TTY_KLUDGE)
+ AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
+ # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
+ AC_DEFINE(SSHD_ACQUIRES_CTTY)
+ external_path_file=/etc/default/login
# hardwire lastlog location (can't detect it on some versions)
conf_lastlog_location="/var/adm/lastlog"
AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
LDFLAGS="$LDFLAGS -L/usr/local/lib"
LIBS="$LIBS -lc89"
AC_DEFINE(USE_PIPES)
+ AC_DEFINE(SSHD_ACQUIRES_CTTY)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
;;
*-sni-sysv*)
CPPFLAGS="$CPPFLAGS -I/usr/local/include"
IPADDR_IN_DISPLAY=yes
AC_DEFINE(USE_PIPES)
AC_DEFINE(IP_TOS_IS_BROKEN)
+ AC_DEFINE(SSHD_ACQUIRES_CTTY)
+ external_path_file=/etc/default/login
# /usr/ucblib/libucb.a no longer needed on ReliantUNIX
# Attention: always take care to bind libsocket and libnsl before libc,
# otherwise you will find lots of "SIOCGPGRP errno 22" on syslog
CPPFLAGS="$CPPFLAGS -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
AC_DEFINE(USE_PIPES)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
;;
*-*-sysv5*)
CPPFLAGS="$CPPFLAGS -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
AC_DEFINE(USE_PIPES)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
;;
*-*-sysv*)
CPPFLAGS="$CPPFLAGS -I/usr/local/include"
AC_DEFINE(HAVE_SECUREWARE)
AC_DEFINE(DISABLE_SHADOW)
AC_DEFINE(BROKEN_SAVED_UIDS)
+ AC_DEFINE(WITH_ABBREV_NO_TTY)
AC_CHECK_FUNCS(getluid setluid)
MANTYPE=man
do_sco3_extra_lib_check=yes
;;
*-*-sco3.2v5*)
+ if test -z "$GCC"; then
+ CFLAGS="$CFLAGS -belf"
+ fi
CPPFLAGS="$CPPFLAGS -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
LIBS="$LIBS -lprot -lx -ltinfo -lm"
AC_DEFINE(HAVE_SECUREWARE)
AC_DEFINE(DISABLE_SHADOW)
AC_DEFINE(DISABLE_FD_PASSING)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE(WITH_ABBREV_NO_TTY)
AC_CHECK_FUNCS(getluid setluid)
MANTYPE=man
;;
*-*-unicosmk*)
- no_libsocket=1
- no_libnsl=1
AC_DEFINE(USE_PIPES)
AC_DEFINE(DISABLE_FD_PASSING)
LDFLAGS="$LDFLAGS"
LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
MANTYPE=cat
;;
+*-*-unicosmp*)
+ AC_DEFINE(WITH_ABBREV_NO_TTY)
+ AC_DEFINE(USE_PIPES)
+ AC_DEFINE(DISABLE_FD_PASSING)
+ LDFLAGS="$LDFLAGS"
+ LIBS="$LIBS -lgen -lacid"
+ MANTYPE=cat
+ ;;
*-*-unicos*)
- no_libsocket=1
- no_libnsl=1
AC_DEFINE(USE_PIPES)
AC_DEFINE(DISABLE_FD_PASSING)
AC_DEFINE(NO_SSH_LASTLOG)
AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_OSF_SIA)
AC_DEFINE(DISABLE_LOGIN)
+ AC_DEFINE(DISABLE_FD_PASSING)
LIBS="$LIBS -lsecurity -ldb -lm -laud"
else
AC_MSG_RESULT(no)
fi
fi
+ AC_DEFINE(DISABLE_FD_PASSING)
+ AC_DEFINE(BROKEN_GETADDRINFO)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
+ AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
;;
*-*-nto-qnx)
]
)
+AC_MSG_CHECKING(compiler and flags for sanity)
+AC_TRY_RUN([
+#include <stdio.h>
+int main(){exit(0);}
+ ],
+ [ AC_MSG_RESULT(yes) ],
+ [
+ AC_MSG_RESULT(no)
+ AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***])
+ ]
+)
+
# Checks for header files.
-AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \
+AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \
getopt.h glob.h ia.h lastlog.h limits.h login.h \
login_cap.h maillock.h netdb.h netgroup.h \
netinet/in_systm.h paths.h pty.h readpassphrase.h \
rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
- strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
- sys/mman.h sys/select.h sys/stat.h \
- sys/stropts.h sys/sysmacros.h sys/time.h \
+ strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
+ sys/cdefs.h sys/mman.h sys/pstat.h sys/select.h sys/stat.h \
+ sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
sys/un.h time.h tmpdir.h ttyent.h usersec.h \
- util.h utime.h utmp.h utmpx.h)
+ util.h utime.h utmp.h utmpx.h vis.h)
# Checks for libraries.
AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
fi
fi
+dnl IRIX and Solaris 2.5.1 have dirname() in libgen
+AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
+ AC_CHECK_LIB(gen, dirname,[
+ AC_CACHE_CHECK([for broken dirname],
+ ac_cv_have_broken_dirname, [
+ save_LIBS="$LIBS"
+ LIBS="$LIBS -lgen"
+ AC_TRY_RUN(
+ [
+#include <libgen.h>
+#include <string.h>
+
+int main(int argc, char **argv) {
+ char *s, buf[32];
+
+ strncpy(buf,"/etc", 32);
+ s = dirname(buf);
+ if (!s || strncmp(s, "/", 32) != 0) {
+ exit(1);
+ } else {
+ exit(0);
+ }
+}
+ ],
+ [ ac_cv_have_broken_dirname="no" ],
+ [ ac_cv_have_broken_dirname="yes" ]
+ )
+ LIBS="$save_LIBS"
+ ])
+ if test "x$ac_cv_have_broken_dirname" = "xno" ; then
+ LIBS="$LIBS -lgen"
+ AC_DEFINE(HAVE_DIRNAME)
+ AC_CHECK_HEADERS(libgen.h)
+ fi
+ ])
+])
+
AC_CHECK_FUNC(getspnam, ,
AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
+AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
AC_ARG_WITH(rpath,
[ --without-rpath Disable auto-added -R linker paths],
LIBS="$LIBS ${mechglue_lib}"
AC_MSG_RESULT(${mechglue_lib})
-# if test -e ${withval}/gssapi.h ; then
-# CPPFLAGS="$CPPFLAGS -I${withval}"
-# elif test -e ${withval}/include/gssapi.h ; then
-# CPPFLAGS="$CPPFLAGS -I${withval}/include"
-# else
-# AC_MSG_ERROR("Can't find gssapi.h in ${withval}");
-# fi
-
AC_CHECK_LIB(dl, dlopen, , )
if test $ac_cv_lib_dl_dlopen = yes; then
LDFLAGS="$LDFLAGS -ldl -Wl,-Bsymbolic"
AC_DEFINE(GSSAPI)
AC_DEFINE(MECHGLUE)
- AC_DEFINE(HAVE_GSSAPI_EXT)
GSSAPI="mechglue"
]
# Check whether the user wants GSI (Globus) support
gsi_path="no"
AC_ARG_WITH(gsi,
- [ --with-gsi=PATH Enable GSI/Globus authentication support],
+ [ --with-gsi Enable Globus GSI authentication support],
[
gsi_path="$withval"
]
)
AC_ARG_WITH(globus,
- [ --with-globus=PATH Enable GSI/Globus authentication support],
+ [ --with-globus Enable Globus GSI authentication support],
[
gsi_path="$withval"
]
)
+AC_ARG_WITH(globus-static,
+ [ --with-globus-static Link statically with Globus GSI libraries],
+ [
+ gsi_static="-static"
+ if test "x$gsi_path" == "xno" ; then
+ gsi_path="$withval"
+ fi
+ ]
+)
+
# Check whether the user has a Globus flavor type
globus_flavor_type="no"
AC_ARG_WITH(globus-flavor,
- [ --with-globus-flavor=TYPE Describe Globus flavor type (ex: gcc32dbg, etc.)],
+ [ --with-globus-flavor=TYPE Specify Globus flavor type (ex: gcc32dbg)],
[
globus_flavor_type="$withval"
+ if test "x$gsi_path" == "xno" ; then
+ gsi_path="yes"
+ fi
]
)
if test "x$gsi_path" != "xno" ; then
# Globus GSSAPI configuration
+ AC_MSG_CHECKING(for Globus GSI)
AC_DEFINE(GSI)
if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
- AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus/GSI.])
+ AC_MSG_ERROR([Previously configured GSSAPI library conflicts with Globus GSI.])
fi
if test -z "$GSSAPI"; then
AC_DEFINE(GSSAPI)
GSSAPI="GSI"
fi
- # Find GLOBUS/GSI installation Directory
- AC_MSG_CHECKING(for Globus/GSI installation directory)
-
- globus_install_dir=$gsi_path
-
- if test "x$globus_install_dir" = "xyes" ; then
- AC_MSG_ERROR(Cannot find Globus/GSI installation directory -- a path must be specified!)
+ if test "x$gsi_path" = "xyes" ; then
+ if test -z "$GLOBUS_LOCATION" ; then
+ AC_MSG_ERROR(GLOBUS_LOCATION environment variable must be set.)
+ else
+ gsi_path="$GLOBUS_LOCATION"
+ fi
+ fi
+ GLOBUS_LOCATION="$gsi_path"
+ export GLOBUS_LOCATION
+ if test ! -d "$GLOBUS_LOCATION" ; then
+ AC_MSG_ERROR(Cannot find Globus installation. Set GLOBUS_LOCATION environment variable.)
fi
- AC_MSG_RESULT($globus_install_dir)
-
- # Find GLOBUS/GSI development directory
- AC_MSG_CHECKING(for Globus/GSI development directory)
- if test -d ${globus_install_dir}/lib ; then
- # Looks like a flat directory structure from configure/make
- # and not globus-install or gsi-install
- globus_dev_dir=$globus_install_dir
+ if test "x$globus_flavor_type" = "xno" ; then
+ AC_MSG_ERROR(--with-globus-flavor=TYPE must be specified)
+ fi
+ if test "x$globus_flavor_type" = "xyes" ; then
+ AC_MSG_ERROR(--with-globus-flavor=TYPE must specify a flavor type)
+ fi
+ GLOBUS_INCLUDE="${gsi_path}/include/${globus_flavor_type}"
+ if test ! -d "$GLOBUS_INCLUDE" ; then
+ AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_INCLUDE})
+ fi
+ GSI_CPPFLAGS="-I${GLOBUS_INCLUDE}"
+
+ if test -x ${gsi_path}/bin/globus-makefile-header ; then
+ GSI_LIBS=`${gsi_path}/bin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
+ elif test -x ${gsi_path}/sbin/globus-makefile-header ; then
+ GSI_LIBS=`${gsi_path}/sbin/globus-makefile-header --flavor=${globus_flavor_type} ${gsi_static} globus_gss_assist | perl -n -e 'if (/GLOBUS_PKG_LIBS = (.*)/){print $1;}'`
else
- # Assume a true globus installation with architecture
- # directories and run globus-development-path to find
- # the development directory
-
- # Set GLOBUS_INSTALL_PATH
- GLOBUS_INSTALL_PATH=$globus_install_dir
- export GLOBUS_INSTALL_PATH
-
- dev_path_program=${globus_install_dir}/bin/globus-development-path
-
- if test ! -x ${dev_path_program} ; then
- AC_MSG_ERROR(Cannot find Globus/GSI installation directory: program ${dev_path_program} does not exist or is not executable)
- fi
-
- globus_dev_dir=`${dev_path_program}`
-
- if test -z "$globus_dev_dir" -o "X$globus_dev_dir" = "X<not found>" ; then
- AC_MSG_ERROR(Cannot find Globus/GSI development directory)
- fi
-
- if test ! -d "$globus_dev_dir" ; then
- AC_MSG_ERROR(Cannot find Globus/GSI development directory: $globus_dev_dir does not exist)
- fi
+ AC_MSG_ERROR(Cannot find globus-makefile-header: Globus installation is incomplete)
fi
- AC_MSG_RESULT($globus_dev_dir)
-
- # Find GLOBUS/GSI flavor Directory
- AC_MSG_CHECKING(for Globus flavor type)
-
- if test "x$globus_flavor_type" = "xno" ; then
- if test "$GSSAPI" = "mechglue"; then
- GSI_LIBS="-lglobus_gss_assist -lglobus_gaa"
- else
- GSI_LIBS="-lglobus_gss_assist -lglobus_gss -lglobus_gaa"
- fi
- GSI_LDFLAGS="-L${globus_dev_dir}/lib"
- GSI_CPPFLAGS="-I${globus_dev_dir}/include"
- AC_MSG_RESULT(none)
+ if test -n "${need_dash_r}"; then
+ GSI_LDFLAGS="-L${gsi_path}/lib -R{gsi_path}/lib"
else
- AC_DEFINE(HAVE_GSSAPI_EXT)
- GLOBUS_FLAVOR_TYPE_INCL_DIR="${globus_dev_dir}/include/${globus_flavor_type}"
-
- if test ! -d "$GLOBUS_FLAVOR_TYPE_INCL_DIR" ; then
- AC_MSG_ERROR(Cannot find Globus flavor-specific include directory: ${GLOBUS_FLAVOR_TYPE_INCL_DIR})
- fi
-
- AC_MSG_RESULT($globus_flavor_type)
- GSI_LIBS="${gsi_path}/lib/libglobus_gss_assist_${globus_flavor_type}.a ${gsi_path}/lib/libglobus_gssapi_gsi_${globus_flavor_type}.a"
- GSI_CPPFLAGS="-I${GLOBUS_FLAVOR_TYPE_INCL_DIR}"
+ GSI_LDFLAGS="-L${gsi_path}/lib"
+ fi
+ if test -z "$GSI_LIBS" ; then
+ AC_MSG_ERROR(globus-makefile-header failed)
fi
LIBS="$LIBS $GSI_LIBS"
LDFLAGS="$LDFLAGS $GSI_LDFLAGS"
CPPFLAGS="$CPPFLAGS $GSI_CPPFLAGS"
+
+ # test that we got the libraries OK
+ AC_TRY_LINK(
+ [],
+ [],
+ [
+ AC_MSG_RESULT(yes)
+ ],
+ [
+ AC_MSG_ERROR(link with Globus libraries failed)
+ ]
+ )
INSTALL_GSISSH="yes"
else
INSTALL_GSISSH=""
]
)
-dnl Checks for library functions.
-AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \
- clock fchmod fchown freeaddrinfo futimes gai_strerror \
- getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\
- getrlimit getrusage getttyent glob inet_aton inet_ntoa \
- inet_ntop innetgr login_getcapbool md5_crypt memmove \
- mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \
- realpath recvmsg rresvport_af sendmsg setdtablesize setegid \
- setenv seteuid setgroups setlogin setproctitle setresgid setreuid \
- setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \
- socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \
- truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty)
+dnl Checks for library functions. Please keep in alphabetical order
+AC_CHECK_FUNCS(\
+ arc4random __b64_ntop b64_ntop __b64_pton b64_pton basename \
+ bcopy bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
+ getaddrinfo getcwd getgrouplist getnameinfo getopt \
+ getpeereid _getpty getrlimit getttyent glob inet_aton \
+ inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
+ mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \
+ pstat readpassphrase realpath recvmsg rresvport_af sendmsg \
+ setdtablesize setegid setenv seteuid setgroups setlogin setpcred \
+ setproctitle setregid setresgid setresuid setreuid setrlimit \
+ setsid setvbuf sigaction sigvec snprintf socketpair strerror \
+ strlcat strlcpy strmode strnvis sysconf tcgetpgrp \
+ truncate utimes vhangup vsnprintf waitpid \
+)
-dnl IRIX and Solaris 2.5.1 have dirname() in libgen
-AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
- AC_CHECK_LIB(gen, dirname,[
- AC_CACHE_CHECK([for broken dirname],
- ac_cv_have_broken_dirname, [
- save_LIBS="$LIBS"
- LIBS="$LIBS -lgen"
- AC_TRY_RUN(
- [
-#include <libgen.h>
-#include <string.h>
+# IRIX has a const char return value for gai_strerror()
+AC_CHECK_FUNCS(gai_strerror,[
+ AC_DEFINE(HAVE_GAI_STRERROR)
+ AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
-int main(int argc, char **argv) {
- char *s, buf[32];
+const char *gai_strerror(int);],[
+char *str;
- strncpy(buf,"/etc", 32);
- s = dirname(buf);
- if (!s || strncmp(s, "/", 32) != 0) {
- exit(1);
- } else {
- exit(0);
- }
-}
- ],
- [ ac_cv_have_broken_dirname="no" ],
- [ ac_cv_have_broken_dirname="yes" ]
- )
- LIBS="$save_LIBS"
- ])
- if test "x$ac_cv_have_broken_dirname" = "xno" ; then
- LIBS="$LIBS -lgen"
- AC_DEFINE(HAVE_DIRNAME)
- AC_CHECK_HEADERS(libgen.h)
- fi
- ])
-])
+str = gai_strerror(0);],[
+ AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
+ [Define if gai_strerror() returns const char *])])])
+
+AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
+
+dnl Make sure prototypes are defined for these before using them.
+AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
+AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
+
+dnl tcsendbreak might be a macro
+AC_CHECK_DECL(tcsendbreak,
+ [AC_DEFINE(HAVE_TCSENDBREAK)],
+ [AC_CHECK_FUNCS(tcsendbreak)],
+ [#include <termios.h>]
+)
dnl Checks for time functions
AC_CHECK_FUNCS(gettimeofday time)
)
fi
+dnl see whether mkstemp() requires XXXXXX
+if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
+AC_MSG_CHECKING([for (overly) strict mkstemp])
+AC_TRY_RUN(
+ [
+#include <stdlib.h>
+main() { char template[]="conftest.mkstemp-test";
+if (mkstemp(template) == -1)
+ exit(1);
+unlink(template); exit(0);
+}
+ ],
+ [
+ AC_MSG_RESULT(no)
+ ],
+ [
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE_STRICT_MKSTEMP)
+ ],
+ [
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE_STRICT_MKSTEMP)
+ ]
+)
+fi
+
+dnl make sure that openpty does not reacquire controlling terminal
+if test ! -z "$check_for_openpty_ctty_bug"; then
+ AC_MSG_CHECKING(if openpty correctly handles controlling tty)
+ AC_TRY_RUN(
+ [
+#include <stdio.h>
+#include <sys/fcntl.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+
+int
+main()
+{
+ pid_t pid;
+ int fd, ptyfd, ttyfd, status;
+
+ pid = fork();
+ if (pid < 0) { /* failed */
+ exit(1);
+ } else if (pid > 0) { /* parent */
+ waitpid(pid, &status, 0);
+ if (WIFEXITED(status))
+ exit(WEXITSTATUS(status));
+ else
+ exit(2);
+ } else { /* child */
+ close(0); close(1); close(2);
+ setsid();
+ openpty(&ptyfd, &ttyfd, NULL, NULL, NULL);
+ fd = open("/dev/tty", O_RDWR | O_NOCTTY);
+ if (fd >= 0)
+ exit(3); /* Acquired ctty: broken */
+ else
+ exit(0); /* Did not acquire ctty: OK */
+ }
+}
+ ],
+ [
+ AC_MSG_RESULT(yes)
+ ],
+ [
+ AC_MSG_RESULT(no)
+ AC_DEFINE(SSHD_ACQUIRES_CTTY)
+ ]
+ )
+fi
+
AC_FUNC_GETPGRP
# Check for PAM libs
fi
]
)
-
-# Patch up SSL libraries for GSI authentication as needed
-if test "x$globus_flavor_type" != "xno" ; then
- #
- # For Globus 2, always link with the static libraries
- #
-
- libssl_utils="${gsi_path}/lib/libglobus_ssl_utils_${globus_flavor_type}.a"
-
- #
- # Trouble arrives at GT 2.1.3+ with the reorg of globus_ssl_utils. Compensating for
- # the new library linking required here through file tests to see which libraries to
- # link against.
- #
-
- libgsi_proxy_core="${gsi_path}/lib/libglobus_gsi_proxy_core_${globus_flavor_type}.a"
- libgsi_credential="${gsi_path}/lib/libglobus_gsi_credential_${globus_flavor_type}.a"
- libgsi_callback="${gsi_path}/lib/libglobus_gsi_callback_${globus_flavor_type}.a"
- liboldgaa="${gsi_path}/lib/libglobus_oldgaa_${globus_flavor_type}.a"
- libgsi_sysconfig="${gsi_path}/lib/libglobus_gsi_sysconfig_${globus_flavor_type}.a"
- libproxy_ssl="${gsi_path}/lib/libglobus_proxy_ssl_${globus_flavor_type}.a"
- libgsi_cert_utils="${gsi_path}/lib/libglobus_gsi_cert_utils_${globus_flavor_type}.a"
- libopenssl_error="${gsi_path}/lib/libglobus_openssl_error_${globus_flavor_type}.a"
- libopenssl="${gsi_path}/lib/libglobus_openssl_${globus_flavor_type}.a"
-
- if test -r ${libgsi_proxy_core} \
- -a -r ${libgsi_credential} \
- -a -r ${libgsi_callback} \
- -a -r ${liboldgaa} \
- -a -r ${libgsi_sysconfig} \
- -a -r ${libproxy_ssl} \
- -a -r ${libgsi_cert_utils} \
- -a -r ${libopenssl_error} \
- -a -r ${libopenssl} ; then
- LIBS="$LIBS ${libgsi_proxy_core}"
- LIBS="$LIBS ${libgsi_credential}"
- LIBS="$LIBS ${libgsi_callback}"
- LIBS="$LIBS ${liboldgaa}"
- LIBS="$LIBS ${libgsi_sysconfig}"
- LIBS="$LIBS ${libproxy_ssl}"
- LIBS="$LIBS ${libgsi_cert_utils}"
- LIBS="$LIBS ${libopenssl_error}"
- LIBS="$LIBS ${libopenssl}"
- elif test -r ${libssl_utils}; then
- LIBS="$LIBS ${libssl_utils}"
- else
- AC_MSG_ERROR(All of the required Globus Toolkit libraries are not present/configured correctly)
- fi
-
- #
- # Standard openssl libraries. They need to appear near the end of the link line.
- #
-
- LIBS="$LIBS ${gsi_path}/lib/libssl_${globus_flavor_type}.a"
- LIBS="$LIBS ${gsi_path}/lib/libcrypto_${globus_flavor_type}.a"
-
- #
- # Another "GT 2.1.3+"ism.
- #
-
- libcommon_path="${gsi_path}/lib/libglobus_common_${globus_flavor_type}.a"
- if test -r ${libcommon_path}; then
- LIBS="$LIBS ${libcommon_path}"
- fi
-else
- if test "x$gsi_path" != "xno" ; then
- # Older GSI needs -lssl too
- LIBS="$LIBS -lssl -lcrypto"
- else # if no GSI authentication (i.e., OpenSSL default)
- LIBS="$LIBS -lcrypto"
- fi
-fi # globus_flavor_type
-
+if test -z "$GSI_LIBS" ; then
+LIBS="$LIBS -lcrypto"
+fi
AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
[
dnl Check default openssl install dir
],
[
AC_MSG_RESULT(no)
- AC_MSG_ERROR(Your OpenSSL headers do not match your library)
+ AC_MSG_ERROR([Your OpenSSL headers do not match your library.
+Check config.log for details.
+Also see contrib/findssl.sh for help identifying header/library mismatches.])
]
)
# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the
# version in OpenSSL. Skip this for PAM
-if test "x$PAM_MSG" = "xno" -a "x$check_for_libcrypt_later" = "x1"; then
+if test "x$check_for_libcrypt_later" = "x1"; then
AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
fi
have_struct_timeval=1
fi
-# If we don't have int64_t then we can't compile sftp-server. So don't
-# even attempt to do it.
+AC_CHECK_TYPES(struct timespec)
+
+# We need int64_t or else certian parts of the compile will fail.
if test "x$ac_cv_have_int64_t" = "xno" -a \
"x$ac_cv_sizeof_long_int" != "x8" -a \
"x$ac_cv_sizeof_long_long_int" = "x0" ; then
- NO_SFTP='#'
+ echo "OpenSSH requires int64_t support. Contact your vendor or install"
+ echo "an alternative compiler (I.E., GCC) before continuing."
+ echo ""
+ exit 1;
else
dnl test snprintf (broken on SCO w/gcc)
AC_TRY_RUN(
], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ]
)
fi
-AC_SUBST(NO_SFTP)
dnl Checks for structure members
OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
fi
SCARD_MSG="no"
-
# Check whether user wants sectok support
AC_ARG_WITH(sectok,
[ --with-sectok Enable smartcard support using libsectok],
fi
fi
+# Check whether user wants DNS support
+DNS_MSG="no"
+AC_ARG_WITH(dns,
+ [ --with-dns Support for fetching keys from DNS (experimental)],
+ [
+ if test "x$withval" != "xno" ; then
+ DNS_MSG="yes"
+ AC_DEFINE(DNS)
+ AC_SEARCH_LIBS(getrrsetbyname, resolv,
+ [AC_DEFINE(HAVE_GETRRSETBYNAME)],
+ [
+ # Needed by our getrrsetbyname()
+ AC_SEARCH_LIBS(res_query, resolv)
+ AC_SEARCH_LIBS(dn_expand, resolv)
+ AC_CHECK_FUNCS(_getshort _getlong)
+ AC_CHECK_MEMBER(HEADER.ad,
+ [AC_DEFINE(HAVE_HEADER_AD)],,
+ [#include <arpa/nameser.h>])
+ ])
+ fi
+ ]
+)
+
# Check whether user wants Kerberos 5 support
KRB5_MSG="no"
AC_ARG_WITH(kerberos5,
if test ! -z "$blibpath" ; then
blibpath="$blibpath:${KRB5ROOT}/lib"
fi
- AC_CHECK_LIB(resolv, dn_expand, , )
+ AC_SEARCH_LIBS(dn_expand, resolv)
+
+ AC_CHECK_LIB(gssapi,gss_init_sec_context,
+ [ AC_DEFINE(GSSAPI)
+ K5LIBS="-lgssapi $K5LIBS" ],
+ [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
+ [ AC_DEFINE(GSSAPI)
+ K5LIBS="-lgssapi_krb5 $K5LIBS" ],
+ AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
+ $K5LIBS)
+ ],
+ $K5LIBS)
+
+ AC_CHECK_HEADER(gssapi.h, ,
+ [ unset ac_cv_header_gssapi_h
+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
+ AC_CHECK_HEADERS(gssapi.h, ,
+ AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
+ )
+ ]
+ )
+
+ oldCPP="$CPPFLAGS"
+ CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
+ AC_CHECK_HEADER(gssapi_krb5.h, ,
+ [ CPPFLAGS="$oldCPP" ])
# If we're using some other GSSAPI
if test "$GSSAPI" -a "$GSSAPI" != "mechglue"; then
fi
]
)
-# Check whether user wants Kerberos 4 support
-KRB4_MSG="no"
-AC_ARG_WITH(kerberos4,
- [ --with-kerberos4=PATH Enable Kerberos 4 support],
- [
- if test "x$withval" != "xno" ; then
- if test "x$withval" != "xyes" ; then
- CPPFLAGS="$CPPFLAGS -I${withval}/include"
- LDFLAGS="$LDFLAGS -L${withval}/lib"
- if test ! -z "$need_dash_r" ; then
- LDFLAGS="$LDFLAGS -R${withval}/lib"
- fi
- if test ! -z "$blibpath" ; then
- blibpath="$blibpath:${withval}/lib"
- fi
- else
- if test -d /usr/include/kerberosIV ; then
- CPPFLAGS="$CPPFLAGS -I/usr/include/kerberosIV"
- fi
- fi
-
- AC_CHECK_HEADERS(krb.h)
- if test "$ac_cv_header_krb_h" != yes; then
- AC_MSG_WARN([Cannot find krb.h, build may fail])
- fi
- AC_CHECK_LIB(krb, main)
- if test "$ac_cv_lib_krb_main" != yes; then
- AC_CHECK_LIB(krb4, main)
- if test "$ac_cv_lib_krb4_main" != yes; then
- AC_MSG_WARN([Cannot find libkrb nor libkrb4, build may fail])
- else
- KLIBS="-lkrb4"
- fi
- else
- KLIBS="-lkrb"
- fi
- AC_CHECK_LIB(des, des_cbc_encrypt)
- if test "$ac_cv_lib_des_des_cbc_encrypt" != yes; then
- AC_CHECK_LIB(des425, des_cbc_encrypt)
- if test "$ac_cv_lib_des425_des_cbc_encrypt" != yes; then
- AC_MSG_WARN([Cannot find libdes nor libdes425, build may fail])
- else
- KLIBS="-ldes425"
- fi
- else
- KLIBS="-ldes"
- fi
- AC_CHECK_LIB(resolv, dn_expand, , )
- KRB4=yes
- KRB4_MSG="yes"
- AC_DEFINE(KRB4)
- fi
- ]
-)
# Check whether user wants AFS_KRB5 support
AFS_KRB5_MSG="no"
fi
]
)
+LIBS="$LIBS $K5LIBS"
-# Check whether user wants AFS support
-AFS_MSG="no"
-AC_ARG_WITH(afs,
- [ --with-afs=PATH Enable AFS support],
- [
- if test "x$withval" != "xno" ; then
-
- if test "x$withval" != "xyes" ; then
- CPPFLAGS="$CPPFLAGS -I${withval}/include"
- LDFLAGS="$LDFLAGS -L${withval}/lib"
- fi
-
- if test -z "$KRB4" ; then
- AC_MSG_WARN([AFS requires Kerberos IV support, build may fail])
- fi
-
- LIBS="-lkafs $LIBS"
- if test ! -z "$AFS_LIBS" ; then
- LIBS="$LIBS $AFS_LIBS"
- fi
- AC_DEFINE(AFS)
- AFS_MSG="yes"
- fi
- ]
+AC_ARG_WITH(session-hooks,
+ [ --with-session-hooks Enable hooks for executing external commands before/after a session],
+ [ AC_DEFINE(SESSION_HOOKS) ]
)
-LIBS="$LIBS $KLIBS $K5LIBS"
# Looking for programs, paths and files
]
)
+STRIP_OPT=-s
+AC_ARG_ENABLE(strip,
+ [ --disable-strip Disable calling strip(1) on install],
+ [
+ if test "x$enableval" = "xno" ; then
+ STRIP_OPT=
+ fi
+ ]
+)
+AC_SUBST(STRIP_OPT)
+
if test -z "$xauth_path" ; then
XAUTH_PATH="undefined"
AC_SUBST(XAUTH_PATH)
)
fi
+# check for /etc/default/login and use it if present.
+AC_ARG_ENABLE(etc-default-login,
+ [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],,
+[
+AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ])
+
+if test "x$external_path_file" = "x/etc/default/login"; then
+ AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
+fi
+])
+
dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
if test $ac_cv_func_login_getcapbool = "yes" -a \
$ac_cv_header_login_cap_h = "yes" ; then
- USES_LOGIN_CONF=yes
+ external_path_file=/etc/login.conf
fi
+
# Whether to mess with the default path
SERVER_PATH_MSG="(default)"
AC_ARG_WITH(default-path,
[ --with-default-path= Specify default \$PATH environment for server],
[
- if test "$USES_LOGIN_CONF" = "yes" ; then
+ if test "x$external_path_file" = "x/etc/login.conf" ; then
AC_MSG_WARN([
--with-default-path=PATH has no effect on this system.
Edit /etc/login.conf instead.])
elif test "x$withval" != "xno" ; then
+ if test ! -z "$external_path_file" ; then
+ AC_MSG_WARN([
+--with-default-path=PATH will only be used if PATH is not defined in
+$external_path_file .])
+ fi
user_path="$withval"
SERVER_PATH_MSG="$withval"
fi
],
- [ if test "$USES_LOGIN_CONF" = "yes" ; then
- AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
+ [ if test "x$external_path_file" = "x/etc/login.conf" ; then
+ AC_MSG_WARN([Make sure the path to scp is in /etc/login.conf])
else
- AC_TRY_RUN(
- [
+ if test ! -z "$external_path_file" ; then
+ AC_MSG_WARN([
+If PATH is defined in $external_path_file, ensure the path to scp is included,
+otherwise scp will not work.])
+ fi
+ AC_TRY_RUN(
+ [
/* find out what STDPATH is */
#include <stdio.h>
#ifdef HAVE_PATHS_H
# include <paths.h>
#endif
#ifndef _PATH_STDPATH
-# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
+# ifdef _PATH_USERPATH /* Irix */
+# define _PATH_STDPATH _PATH_USERPATH
+# else
+# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
+# endif
#endif
#include <sys/types.h>
#include <sys/stat.h>
fi
fi ]
)
-if test "$USES_LOGIN_CONF" != "yes" ; then
+if test "x$external_path_file" != "x/etc/login.conf" ; then
AC_DEFINE_UNQUOTED(USER_PATH, "$user_path")
AC_SUBST(user_path)
fi
)
-# Whether to force IPv4 by default (needed on broken glibc Linux)
-IPV4_HACK_MSG="no"
-AC_ARG_WITH(ipv4-default,
- [ --with-ipv4-default Use IPv4 by connections unless '-6' specified],
- [
- if test "x$withval" != "xno" ; then
- AC_DEFINE(IPV4_DEFAULT)
- IPV4_HACK_MSG="yes"
- fi
- ]
-)
-
AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
IPV4_IN6_HACK_MSG="no"
AC_ARG_WITH(4in6,
dnl allow user to disable some login recording features
AC_ARG_ENABLE(lastlog,
[ --disable-lastlog disable use of lastlog even if detected [no]],
- [ AC_DEFINE(DISABLE_LASTLOG) ]
+ [
+ if test "x$enableval" = "xno" ; then
+ AC_DEFINE(DISABLE_LASTLOG)
+ fi
+ ]
)
AC_ARG_ENABLE(utmp,
[ --disable-utmp disable use of utmp even if detected [no]],
- [ AC_DEFINE(DISABLE_UTMP) ]
+ [
+ if test "x$enableval" = "xno" ; then
+ AC_DEFINE(DISABLE_UTMP)
+ fi
+ ]
)
AC_ARG_ENABLE(utmpx,
[ --disable-utmpx disable use of utmpx even if detected [no]],
- [ AC_DEFINE(DISABLE_UTMPX) ]
+ [
+ if test "x$enableval" = "xno" ; then
+ AC_DEFINE(DISABLE_UTMPX)
+ fi
+ ]
)
AC_ARG_ENABLE(wtmp,
[ --disable-wtmp disable use of wtmp even if detected [no]],
- [ AC_DEFINE(DISABLE_WTMP) ]
+ [
+ if test "x$enableval" = "xno" ; then
+ AC_DEFINE(DISABLE_WTMP)
+ fi
+ ]
)
AC_ARG_ENABLE(wtmpx,
[ --disable-wtmpx disable use of wtmpx even if detected [no]],
- [ AC_DEFINE(DISABLE_WTMPX) ]
+ [
+ if test "x$enableval" = "xno" ; then
+ AC_DEFINE(DISABLE_WTMPX)
+ fi
+ ]
)
AC_ARG_ENABLE(libutil,
[ --disable-libutil disable use of libutil (login() etc.) [no]],
- [ AC_DEFINE(DISABLE_LOGIN) ]
+ [
+ if test "x$enableval" = "xno" ; then
+ AC_DEFINE(DISABLE_LOGIN)
+ fi
+ ]
)
AC_ARG_ENABLE(pututline,
[ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
- [ AC_DEFINE(DISABLE_PUTUTLINE) ]
+ [
+ if test "x$enableval" = "xno" ; then
+ AC_DEFINE(DISABLE_PUTUTLINE)
+ fi
+ ]
)
AC_ARG_ENABLE(pututxline,
[ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
- [ AC_DEFINE(DISABLE_PUTUTXLINE) ]
+ [
+ if test "x$enableval" = "xno" ; then
+ AC_DEFINE(DISABLE_PUTUTXLINE)
+ fi
+ ]
)
AC_ARG_WITH(lastlog,
[ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
if test ! -z "$blibpath" ; then
- LDFLAGS="$LDFLAGS -blibpath:$blibpath"
- AC_MSG_WARN([Please check and edit -blibpath in LDFLAGS in Makefile])
+ LDFLAGS="$LDFLAGS $blibflags$blibpath"
+ AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile])
fi
dnl remove pam and dl because they are in $LIBPAM
echo " Manual pages: $F"
echo " PID file: $G"
echo " Privilege separation chroot path: $H"
-if test "$USES_LOGIN_CONF" = "yes" ; then
-echo " At runtime, sshd will use the path defined in /etc/login.conf"
+if test "x$external_path_file" = "x/etc/login.conf" ; then
+echo " At runtime, sshd will use the path defined in $external_path_file"
+echo " Make sure the path to scp is present, otherwise scp will not work"
else
echo " sshd default user PATH: $I"
+ if test ! -z "$external_path_file"; then
+echo " (If PATH is set in $external_path_file it will be used instead. If"
+echo " used, ensure the path to scp is present, otherwise scp will not work.)"
+ fi
fi
if test ! -z "$superuser_path" ; then
echo " sshd superuser user PATH: $J"
fi
echo " Manpage format: $MANTYPE"
-echo " PAM support: ${PAM_MSG}"
-echo " KerberosIV support: $KRB4_MSG"
+echo " DNS support: $DNS_MSG"
+echo " PAM support: $PAM_MSG"
echo " KerberosV support: $KRB5_MSG"
echo " Smartcard support: $SCARD_MSG"
-echo " AFS support: $AFS_MSG"
echo " S/KEY support: $SKEY_MSG"
echo " TCP Wrappers support: $TCPW_MSG"
echo " MD5 password support: $MD5_MSG"
echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
-echo " Use IPv4 by default hack: $IPV4_HACK_MSG"
echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
echo " BSD Auth support: $BSD_AUTH_MSG"
echo " Random number source: $RAND_MSG"
echo ""
fi
-if test ! -z "$NO_SFTP"; then
- echo "sftp-server will be disabled. Your compiler does not "
- echo "support 64bit integers."
- echo ""
-fi
-
if test ! -z "$RAND_HELPER_CMDHASH" ; then
echo "WARNING: you are using the builtin random number collection "
echo "service. Please read WARNING.RNG and request that your OS "
Directions:
+(optional) create config.local in your build dir
./configure [options]
-cd contrib/aix; ./buildbff.sh
+contrib/aix/buildbff.sh
+The file config.local or the environment is read to set the following options
+(default first):
+PERMIT_ROOT_LOGIN=[no|yes]
+X11_FORWARDING=[no|yes]
+AIX_SRC=[no|yes]
Acknowledgements:
and for comparison with the output from this script, however no code
from lppbuild is included and it is not required for operation.
+SRC support based on examples provided by Sandor Sklar and Maarten Kreuger.
+PrivSep account handling fixes contributed by W. Earl Allen.
+
Other notes:
appropriate). It seems to work, though......
If there are any patches to this that have not yet been integrated they
-may be found at http://www.zip.com.au/~dtucker/openssh/ or
-http://home.usf.advantra.com.au/~dtucker/openssh/.
+may be found at http://www.zip.com.au/~dtucker/openssh/.
Disclaimer:
- Darren Tucker (dtucker at zip dot com dot au)
2002/03/01
+
+$Id$
#!/bin/sh
#
# buildbff.sh: Create AIX SMIT-installable OpenSSH packages
+# $Id$
#
# Author: Darren Tucker (dtucker at zip dot com dot au)
# This file is placed in the public domain and comes with absolutely
#
# Tunable configuration settings
-# create a "config.local" in your build directory to override these.
+# create a "config.local" in your build directory or set
+# environment variables to override these.
#
-PERMIT_ROOT_LOGIN=no
-X11_FORWARDING=no
+[ -z "$PERMIT_ROOT_LOGIN" ] && PERMIT_ROOT_LOGIN=no
+[ -z "$X11_FORWARDING" ] && X11_FORWARDING=no
+[ -z "$AIX_SRC" ] && AIX_SRC=no
umask 022
fi
#
-# We still support running from contrib/aix, but this is depreciated
+# We still support running from contrib/aix, but this is deprecated
#
if pwd | egrep 'contrib/aix$'
then
# Extract common info requires for the 'info' part of the package.
# AIX requires 4-part version numbers
#
-VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//' | cut -f 2 -d _`
+VERSION=`./ssh -V 2>&1 | cut -f 1 -d , | cut -f 2 -d _`
MAJOR=`echo $VERSION | cut -f 1 -d p | cut -f 1 -d .`
MINOR=`echo $VERSION | cut -f 1 -d p | cut -f 2 -d .`
PATCH=`echo $VERSION | cut -f 1 -d p | cut -f 3 -d .`
For the full text of the license, see /usr/lpp/openssh/LICENCE
EOD
+#
+# openssh.size file allows filesystem expansion as required
+# generate list of directories containing files
+# then calculate disk usage for each directory and store in openssh.size
+#
+files=`find . -type f -print`
+dirs=`for file in $files; do dirname $file; done | sort -u`
+for dir in $dirs
+do
+ du $dir
+done > ../openssh.size
+
#
# Create postinstall script
#
fi
# Create user if required
- if cut -f1 -d: /etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
+ if lsuser ALL | cut -f1 -d: | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
then
echo "PrivSep user $SSH_PRIVSEP_USER already exists."
else
fi
echo
-# Add to system startup if required
-if grep $sbindir/sshd /etc/rc.tcpip >/dev/null
+# Set startup command depending on SRC support
+if [ "$AIX_SRC" = "yes" ]
+then
+ echo Creating SRC sshd subsystem.
+ rmssys -s sshd 2>&1 >/dev/null
+ mkssys -s sshd -p "$sbindir/sshd" -a '-D' -u 0 -S -n 15 -f 9 -R -G tcpip
+ startupcmd="start $sbindir/sshd \\\"\\\$src_running\\\""
+ oldstartcmd="$sbindir/sshd"
+else
+ startupcmd="$sbindir/sshd"
+ oldstartcmd="start $sbindir/sshd \\\"$src_running\\\""
+fi
+
+# If migrating to or from SRC, change previous startup command
+# otherwise add to rc.tcpip
+if egrep "^\$oldstartcmd" /etc/rc.tcpip >/dev/null
then
- echo "sshd found in rc.tcpip, not adding."
+ if sed "s|^\$oldstartcmd|\$startupcmd|g" /etc/rc.tcpip >/etc/rc.tcpip.new
+ then
+ chmod 0755 /etc/rc.tcpip.new
+ mv /etc/rc.tcpip /etc/rc.tcpip.old && \
+ mv /etc/rc.tcpip.new /etc/rc.tcpip
+ else
+ echo "Updating /etc/rc.tcpip failed, please check."
+ fi
else
- echo >>/etc/rc.tcpip
- echo "echo Starting sshd" >>/etc/rc.tcpip
- echo "$sbindir/sshd" >>/etc/rc.tcpip
+ # Add to system startup if required
+ if grep "^\$startupcmd" /etc/rc.tcpip >/dev/null
+ then
+ echo "sshd found in rc.tcpip, not adding."
+ else
+ echo "Adding sshd to rc.tcpip"
+ echo >>/etc/rc.tcpip
+ echo "# Start sshd" >>/etc/rc.tcpip
+ echo "\$startupcmd" >>/etc/rc.tcpip
+ fi
fi
EOF
echo Creating liblpp.a
(
cd ..
- for i in openssh.al openssh.copyright openssh.inventory openssh.post_i LICENCE README*
+ for i in openssh.al openssh.copyright openssh.inventory openssh.post_i openssh.size LICENCE README*
do
ar -r liblpp.a $i
rm $i
#!/bin/sh
#
# inventory.sh
+# $Id$
#
-# Originall written by Ben Lindstrom, modified by Darren Tucker to use perl
+# Originally written by Ben Lindstrom, modified by Darren Tucker to use perl
+# This file is placed into the public domain.
#
-# This will produced and AIX package inventory file, which looks like:
+# This will produce an AIX package inventory file, which looks like:
#
# /usr/local/bin:
# class=apply,inventory,openssh
--- /dev/null
+#
+# PAM configuration file /etc/pam.conf
+# Example for OpenSSH on AIX 5.2
+#
+
+# Authentication Management
+sshd auth required /usr/lib/security/pam_aix
+OTHER auth required /usr/lib/security/pam_aix
+
+# Account Management
+sshd account required /usr/lib/security/pam_aix
+OTHER account required /usr/lib/security/pam_aix
+
+# Session Management
+sshd password required /usr/lib/security/pam_aix
+OTHER password required /usr/lib/security/pam_aix
+
+# Password Management
+sshd session required /usr/lib/security/pam_aix
+OTHER session required /usr/lib/security/pam_aix
--- /dev/null
+srcdir=../..
+prefix=/usr
+exec_prefix=$(prefix)
+bindir=$(prefix)/bin
+datadir=$(prefix)/share
+docdir=$(datadir)/doc
+sshdocdir=$(docdir)/openssh
+cygdocdir=$(docdir)/Cygwin
+sysconfdir=/etc
+defaultsdir=$(sysconfdir)/defaults/etc
+PRIVSEP_PATH=/var/empty
+INSTALL=/usr/bin/install -c
+
+DESTDIR=
+
+all:
+ @echo
+ @echo "Use \`make cygwin-postinstall DESTDIR=[package directory]'"
+ @echo "Be sure having DESTDIR set correctly!"
+ @echo
+
+move-config-files: $(DESTDIR)$(sysconfdir)/ssh_config $(DESTDIR)$(sysconfdir)/sshd_config
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(defaultsdir)
+ mv $(DESTDIR)$(sysconfdir)/ssh_config $(DESTDIR)$(defaultsdir)
+ mv $(DESTDIR)$(sysconfdir)/sshd_config $(DESTDIR)$(defaultsdir)
+
+remove-empty-dir:
+ rm -rf $(DESTDIR)$(PRIVSEP_PATH)
+
+install-sshdoc:
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(sshdocdir)
+ $(INSTALL) -m 644 $(srcdir)/CREDITS $(DESTDIR)$(sshdocdir)/CREDITS
+ $(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(sshdocdir)/ChangeLog
+ $(INSTALL) -m 644 $(srcdir)/LICENCE $(DESTDIR)$(sshdocdir)/LICENCE
+ $(INSTALL) -m 644 $(srcdir)/OVERVIEW $(DESTDIR)$(sshdocdir)/OVERVIEW
+ $(INSTALL) -m 644 $(srcdir)/README $(DESTDIR)$(sshdocdir)/README
+ $(INSTALL) -m 644 $(srcdir)/README.dns $(DESTDIR)$(sshdocdir)/README.dns
+ $(INSTALL) -m 644 $(srcdir)/README.privsep $(DESTDIR)$(sshdocdir)/README.privsep
+ $(INSTALL) -m 644 $(srcdir)/README.smartcard $(DESTDIR)$(sshdocdir)/README.smartcard
+ $(INSTALL) -m 644 $(srcdir)/RFC.nroff $(DESTDIR)$(sshdocdir)/RFC.nroff
+ $(INSTALL) -m 644 $(srcdir)/TODO $(DESTDIR)$(sshdocdir)/TODO
+ $(INSTALL) -m 644 $(srcdir)/WARNING.RNG $(DESTDIR)$(sshdocdir)/WARNING.RNG
+
+install-cygwindoc: README
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(cygdocdir)
+ $(INSTALL) -m 644 README $(DESTDIR)$(cygdocdir)/openssh.README
+
+install-doc: install-sshdoc install-cygwindoc
+
+install-scripts: ssh-host-config ssh-user-config
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)
+ $(INSTALL) -m 755 ssh-host-config $(DESTDIR)$(bindir)/ssh-host-config
+ $(INSTALL) -m 755 ssh-user-config $(DESTDIR)$(bindir)/ssh-user-config
+
+cygwin-postinstall: move-config-files remove-empty-dir install-doc install-scripts
+ @echo "Cygwin specific configuration finished."
--- /dev/null
+#!/bin/sh
+#
+# findssl.sh
+# Search for all instances of OpenSSL headers and libraries
+# and print their versions.
+# Intended to help diagnose OpenSSH's "OpenSSL headers do not
+# match your library" errors.
+#
+# Written by Darren Tucker (dtucker at zip dot com dot au)
+# This file is placed in the public domain.
+#
+# $Id$
+# 2002-07-27: Initial release.
+# 2002-08-04: Added public domain notice.
+# 2003-06-24: Incorporated readme, set library paths. First cvs version.
+#
+# "OpenSSL headers do not match your library" are usually caused by
+# OpenSSH's configure picking up an older version of OpenSSL headers
+# or libraries. You can use the following # procedure to help identify
+# the cause.
+#
+# The output of configure will tell you the versions of the OpenSSL
+# headers and libraries that were picked up, for example:
+#
+# checking OpenSSL header version... 90604f (OpenSSL 0.9.6d 9 May 2002)
+# checking OpenSSL library version... 90602f (OpenSSL 0.9.6b [engine] 9 Jul 2001)
+# checking whether OpenSSL's headers match the library... no
+# configure: error: Your OpenSSL headers do not match your library
+#
+# Now run findssl.sh. This should identify the headers and libraries
+# present and their versions. You should be able to identify the
+# libraries and headers used and adjust your CFLAGS or remove incorrect
+# versions. The output will show OpenSSL's internal version identifier
+# and should look something like:
+
+# $ ./findssl.sh
+# Searching for OpenSSL header files.
+# 0x0090604fL /usr/include/openssl/opensslv.h
+# 0x0090604fL /usr/local/ssl/include/openssl/opensslv.h
+#
+# Searching for OpenSSL shared library files.
+# 0x0090602fL /lib/libcrypto.so.0.9.6b
+# 0x0090602fL /lib/libcrypto.so.2
+# 0x0090581fL /usr/lib/libcrypto.so.0
+# 0x0090602fL /usr/lib/libcrypto.so
+# 0x0090581fL /usr/lib/libcrypto.so.0.9.5a
+# 0x0090600fL /usr/lib/libcrypto.so.0.9.6
+# 0x0090600fL /usr/lib/libcrypto.so.1
+#
+# Searching for OpenSSL static library files.
+# 0x0090602fL /usr/lib/libcrypto.a
+# 0x0090604fL /usr/local/ssl/lib/libcrypto.a
+#
+# In this example, I gave configure no extra flags, so it's picking up
+# the OpenSSL header from /usr/include/openssl (90604f) and the library
+# from /usr/lib/ (90602f).
+
+#
+# Adjust these to suit your compiler.
+# You may also need to set the *LIB*PATH environment variables if
+# DEFAULT_LIBPATH is not correct for your system.
+#
+CC=gcc
+STATIC=-static
+
+#
+# Set up conftest C source
+#
+rm -f findssl.log
+cat >conftest.c <<EOD
+#include <stdio.h>
+int main(){printf("0x%08xL\n", SSLeay());}
+EOD
+
+#
+# Set default library paths if not already set
+#
+DEFAULT_LIBPATH=/usr/lib:/usr/local/lib
+LIBPATH=${LIBPATH:=$DEFAULT_LIBPATH}
+LD_LIBRARY_PATH=${LD_LIBRARY_PATH:=$DEFAULT_LIBPATH}
+LIBRARY_PATH=${LIBRARY_PATH:=$DEFAULT_LIBPATH}
+export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH
+
+#
+# Search for OpenSSL headers and print versions
+#
+echo Searching for OpenSSL header files.
+if [ -x "`which locate`" ]
+then
+ headers=`locate opensslv.h`
+else
+ headers=`find / -name opensslv.h -print 2>/dev/null`
+fi
+
+for header in $headers
+do
+ ver=`awk '/OPENSSL_VERSION_NUMBER/{printf \$3}' $header`
+ echo "$ver $header"
+done
+echo
+
+#
+# Search for shared libraries.
+# Relies on shared libraries looking like "libcrypto.s*"
+#
+echo Searching for OpenSSL shared library files.
+if [ -x "`which locate`" ]
+then
+ libraries=`locate libcrypto.s`
+else
+ libraries=`find / -name 'libcrypto.s*' -print 2>/dev/null`
+fi
+
+for lib in $libraries
+do
+ (echo "Trying libcrypto $lib" >>findssl.log
+ dir=`dirname $lib`
+ LIBPATH="$dir:$LIBPATH"
+ LD_LIBRARY_PATH="$dir:$LIBPATH"
+ LIBRARY_PATH="$dir:$LIBPATH"
+ export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH
+ ${CC} -o conftest conftest.c $lib 2>>findssl.log
+ if [ -x ./conftest ]
+ then
+ ver=`./conftest 2>/dev/null`
+ rm -f ./conftest
+ echo "$ver $lib"
+ fi)
+done
+echo
+
+#
+# Search for static OpenSSL libraries and print versions
+#
+echo Searching for OpenSSL static library files.
+if [ -x "`which locate`" ]
+then
+ libraries=`locate libcrypto.a`
+else
+ libraries=`find / -name libcrypto.a -print 2>/dev/null`
+fi
+
+for lib in $libraries
+do
+ libdir=`dirname $lib`
+ echo "Trying libcrypto $lib" >>findssl.log
+ ${CC} ${STATIC} -o conftest conftest.c -L${libdir} -lcrypto 2>>findssl.log
+ if [ -x ./conftest ]
+ then
+ ver=`./conftest 2>/dev/null`
+ rm -f ./conftest
+ echo "$ver $lib"
+ fi
+done
+
+#
+# Clean up
+#
+rm -f conftest.c
* you don't trust your X server. We grab the keyboard always.
*/
+#define GRAB_TRIES 16
+#define GRAB_WAIT 250 /* milliseconds */
+
/*
* Compile with:
*
- * cc `pkg-config --cflags gtk+-2.0` \
+ * cc -Wall `pkg-config --cflags gtk+-2.0` \
* gnome-ssh-askpass2.c -o gnome-ssh-askpass \
* `pkg-config --libs gtk+-2.0`
*
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
+#include <unistd.h>
#include <X11/Xlib.h>
#include <gtk/gtk.h>
#include <gdk/gdkx.h>
{
const char *failed;
char *passphrase, *local;
- char **messages;
- int result, i, grab_server, grab_pointer;
- GtkWidget *dialog, *entry, *label;
+ int result, grab_tries, grab_server, grab_pointer;
+ GtkWidget *dialog, *entry;
GdkGrabStatus status;
grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL);
+ grab_tries = 0;
dialog = gtk_message_dialog_new(NULL, 0,
GTK_MESSAGE_QUESTION,
/* Grab focus */
gtk_widget_show_now(dialog);
- if (grab_server) {
- gdk_x11_grab_server();
- }
if (grab_pointer) {
- status = gdk_pointer_grab((GTK_WIDGET(dialog))->window, TRUE,
- 0, NULL, NULL, GDK_CURRENT_TIME);
- if (status != GDK_GRAB_SUCCESS) {
- failed = "mouse";
- goto nograb;
+ for(;;) {
+ status = gdk_pointer_grab(
+ (GTK_WIDGET(dialog))->window, TRUE, 0, NULL,
+ NULL, GDK_CURRENT_TIME);
+ if (status == GDK_GRAB_SUCCESS)
+ break;
+ usleep(GRAB_WAIT * 1000);
+ if (++grab_tries > GRAB_TRIES) {
+ failed = "mouse";
+ goto nograb;
+ }
}
}
- status = gdk_keyboard_grab((GTK_WIDGET(dialog))->window, FALSE,
- GDK_CURRENT_TIME);
- if (status != GDK_GRAB_SUCCESS) {
- failed = "keyboard";
- goto nograbkb;
+ for(;;) {
+ status = gdk_keyboard_grab((GTK_WIDGET(dialog))->window,
+ FALSE, GDK_CURRENT_TIME);
+ if (status == GDK_GRAB_SUCCESS)
+ break;
+ usleep(GRAB_WAIT * 1000);
+ if (++grab_tries > GRAB_TRIES) {
+ failed = "keyboard";
+ goto nograbkb;
+ }
}
+ if (grab_server) {
+ gdk_x11_grab_server();
+ }
+
result = gtk_dialog_run(GTK_DIALOG(dialog));
/* Ungrab */
+/*
+ * Copyright (c) 1999-2003 Damien Miller. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
#ifndef _DEFINES_H
#define _DEFINES_H
#ifndef HAVE_INT64_T
# if (SIZEOF_LONG_INT == 8)
typedef long int int64_t;
-# define HAVE_INT64_T 1
# else
# if (SIZEOF_LONG_LONG_INT == 8)
typedef long long int int64_t;
-# define HAVE_INT64_T 1
# endif
# endif
#endif
#ifndef HAVE_U_INT64_T
# if (SIZEOF_LONG_INT == 8)
typedef unsigned long int u_int64_t;
-# define HAVE_U_INT64_T 1
# else
# if (SIZEOF_LONG_LONG_INT == 8)
typedef unsigned long long int u_int64_t;
-# define HAVE_U_INT64_T 1
# endif
# endif
#endif
-#if !defined(HAVE_LONG_LONG_INT) && (SIZEOF_LONG_LONG_INT == 8)
-# define HAVE_LONG_LONG_INT 1
-#endif
#ifndef HAVE_U_CHAR
typedef unsigned char u_char;
# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
#endif
+#ifndef SUPERUSER_PATH
+# define SUPERUSER_PATH _PATH_STDPATH
+#endif
+
#ifndef _PATH_DEVNULL
# define _PATH_DEVNULL "/dev/null"
#endif
} while (0)
#endif
+#ifndef TIMEVAL_TO_TIMESPEC
+#define TIMEVAL_TO_TIMESPEC(tv, ts) { \
+ (ts)->tv_sec = (tv)->tv_sec; \
+ (ts)->tv_nsec = (tv)->tv_usec * 1000; \
+}
+#endif
+
+#ifndef TIMESPEC_TO_TIMEVAL
+#define TIMESPEC_TO_TIMEVAL(tv, ts) { \
+ (tv)->tv_sec = (ts)->tv_sec; \
+ (tv)->tv_usec = (ts)->tv_nsec / 1000; \
+}
+#endif
+
#ifndef __P
# define __P(x) x
#endif
#define CMSG_SPACE(len) (__CMSG_ALIGN(sizeof(struct cmsghdr)) + __CMSG_ALIGN(len))
#endif
+/* given pointer to struct cmsghdr, return pointer to data */
+#ifndef CMSG_DATA
+#define CMSG_DATA(cmsg) ((u_char *)(cmsg) + __CMSG_ALIGN(sizeof(struct cmsghdr)))
+#endif /* CMSG_DATA */
+
+/*
+ * RFC 2292 requires to check msg_controllen, in case that the kernel returns
+ * an empty list for some reasons.
+ */
+#ifndef CMSG_FIRSTHDR
+#define CMSG_FIRSTHDR(mhdr) \
+ ((mhdr)->msg_controllen >= sizeof(struct cmsghdr) ? \
+ (struct cmsghdr *)(mhdr)->msg_control : \
+ (struct cmsghdr *)NULL)
+#endif /* CMSG_FIRSTHDR */
+
+
/* Function replacement / compatibility hacks */
#if !defined(HAVE_GETADDRINFO) && (defined(HAVE_OGETADDRINFO) || defined(HAVE_NGETADDRINFO))
# define __func__ ""
#endif
+#if defined(KRB5) && !defined(HEIMDAL)
+# define krb5_get_err_text(context,code) error_message(code)
+#endif
+
/*
* Define this to use pipes instead of socketpairs for communicating with the
* client program. Socketpairs do not seem to work on all systems.
--- /dev/null
+/* $OpenBSD: dns.c,v 1.6 2003/06/11 10:18:47 jakob Exp $ */
+
+/*
+ * Copyright (c) 2003 Wesley Griffin. All rights reserved.
+ * Copyright (c) 2003 Jakob Schlyter. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+
+#include "includes.h"
+
+#ifdef DNS
+#include <openssl/bn.h>
+#ifdef LWRES
+#include <lwres/netdb.h>
+#include <dns/result.h>
+#else /* LWRES */
+#include <netdb.h>
+#endif /* LWRES */
+
+#include "xmalloc.h"
+#include "key.h"
+#include "dns.h"
+#include "log.h"
+#include "uuencode.h"
+
+extern char *__progname;
+RCSID("$OpenBSD: dns.c,v 1.6 2003/06/11 10:18:47 jakob Exp $");
+
+#ifndef LWRES
+static const char *errset_text[] = {
+ "success", /* 0 ERRSET_SUCCESS */
+ "out of memory", /* 1 ERRSET_NOMEMORY */
+ "general failure", /* 2 ERRSET_FAIL */
+ "invalid parameter", /* 3 ERRSET_INVAL */
+ "name does not exist", /* 4 ERRSET_NONAME */
+ "data does not exist", /* 5 ERRSET_NODATA */
+};
+
+static const char *
+dns_result_totext(unsigned int error)
+{
+ switch (error) {
+ case ERRSET_SUCCESS:
+ return errset_text[ERRSET_SUCCESS];
+ case ERRSET_NOMEMORY:
+ return errset_text[ERRSET_NOMEMORY];
+ case ERRSET_FAIL:
+ return errset_text[ERRSET_FAIL];
+ case ERRSET_INVAL:
+ return errset_text[ERRSET_INVAL];
+ case ERRSET_NONAME:
+ return errset_text[ERRSET_NONAME];
+ case ERRSET_NODATA:
+ return errset_text[ERRSET_NODATA];
+ default:
+ return "unknown error";
+ }
+}
+#endif /* LWRES */
+
+
+/*
+ * Read SSHFP parameters from key buffer.
+ */
+static int
+dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type,
+ u_char **digest, u_int *digest_len, Key *key)
+{
+ int success = 0;
+
+ switch (key->type) {
+ case KEY_RSA:
+ *algorithm = SSHFP_KEY_RSA;
+ break;
+ case KEY_DSA:
+ *algorithm = SSHFP_KEY_DSA;
+ break;
+ default:
+ *algorithm = SSHFP_KEY_RESERVED;
+ }
+
+ if (*algorithm) {
+ *digest_type = SSHFP_HASH_SHA1;
+ *digest = key_fingerprint_raw(key, SSH_FP_SHA1, digest_len);
+ success = 1;
+ } else {
+ *digest_type = SSHFP_HASH_RESERVED;
+ *digest = NULL;
+ *digest_len = 0;
+ success = 0;
+ }
+
+ return success;
+}
+
+/*
+ * Read SSHFP parameters from rdata buffer.
+ */
+static int
+dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type,
+ u_char **digest, u_int *digest_len, u_char *rdata, int rdata_len)
+{
+ int success = 0;
+
+ *algorithm = SSHFP_KEY_RESERVED;
+ *digest_type = SSHFP_HASH_RESERVED;
+
+ if (rdata_len >= 2) {
+ *algorithm = rdata[0];
+ *digest_type = rdata[1];
+ *digest_len = rdata_len - 2;
+
+ if (*digest_len > 0) {
+ *digest = (u_char *) xmalloc(*digest_len);
+ memcpy(*digest, rdata + 2, *digest_len);
+ } else {
+ *digest = NULL;
+ }
+
+ success = 1;
+ }
+
+ return success;
+}
+
+
+/*
+ * Verify the given hostname, address and host key using DNS.
+ * Returns 0 if key verifies or -1 if key does NOT verify
+ */
+int
+verify_host_key_dns(const char *hostname, struct sockaddr *address,
+ Key *hostkey)
+{
+ int counter;
+ int result;
+ struct rrsetinfo *fingerprints = NULL;
+ int failures = 0;
+
+ u_int8_t hostkey_algorithm;
+ u_int8_t hostkey_digest_type;
+ u_char *hostkey_digest;
+ u_int hostkey_digest_len;
+
+ u_int8_t dnskey_algorithm;
+ u_int8_t dnskey_digest_type;
+ u_char *dnskey_digest;
+ u_int dnskey_digest_len;
+
+
+ debug3("verify_hostkey_dns");
+ if (hostkey == NULL)
+ fatal("No key to look up!");
+
+ result = getrrsetbyname(hostname, DNS_RDATACLASS_IN,
+ DNS_RDATATYPE_SSHFP, 0, &fingerprints);
+ if (result) {
+ verbose("DNS lookup error: %s", dns_result_totext(result));
+ return DNS_VERIFY_ERROR;
+ }
+
+#ifdef DNSSEC
+ /* Only accept validated answers */
+ if (!fingerprints->rri_flags & RRSET_VALIDATED) {
+ error("Ignored unvalidated fingerprint from DNS.");
+ freerrset(fingerprints);
+ return DNS_VERIFY_ERROR;
+ }
+#endif
+
+ debug("found %d fingerprints in DNS", fingerprints->rri_nrdatas);
+
+ /* Initialize host key parameters */
+ if (!dns_read_key(&hostkey_algorithm, &hostkey_digest_type,
+ &hostkey_digest, &hostkey_digest_len, hostkey)) {
+ error("Error calculating host key fingerprint.");
+ freerrset(fingerprints);
+ return DNS_VERIFY_ERROR;
+ }
+
+ for (counter = 0 ; counter < fingerprints->rri_nrdatas ; counter++) {
+ /*
+ * Extract the key from the answer. Ignore any badly
+ * formatted fingerprints.
+ */
+ if (!dns_read_rdata(&dnskey_algorithm, &dnskey_digest_type,
+ &dnskey_digest, &dnskey_digest_len,
+ fingerprints->rri_rdatas[counter].rdi_data,
+ fingerprints->rri_rdatas[counter].rdi_length)) {
+ verbose("Error parsing fingerprint from DNS.");
+ continue;
+ }
+
+ /* Check if the current key is the same as the given key */
+ if (hostkey_algorithm == dnskey_algorithm &&
+ hostkey_digest_type == dnskey_digest_type) {
+
+ if (hostkey_digest_len == dnskey_digest_len &&
+ memcmp(hostkey_digest, dnskey_digest,
+ hostkey_digest_len) == 0) {
+
+ /* Matching algoritm and digest. */
+ freerrset(fingerprints);
+ debug("matching host key fingerprint found in DNS");
+ return DNS_VERIFY_OK;
+ } else {
+ /* Correct algorithm but bad digest */
+ debug("verify_hostkey_dns: failed");
+ failures++;
+ }
+ }
+ }
+
+ freerrset(fingerprints);
+
+ if (failures) {
+ error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
+ error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @");
+ error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
+ error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
+ error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
+ error("It is also possible that the %s host key has just been changed.",
+ key_type(hostkey));
+ error("Please contact your system administrator.");
+ return DNS_VERIFY_FAILED;
+ }
+
+ debug("fingerprints found in DNS, but none of them matched");
+
+ return DNS_VERIFY_ERROR;
+}
+
+
+/*
+ * Export the fingerprint of a key as a DNS resource record
+ */
+int
+export_dns_rr(const char *hostname, Key *key, FILE *f, int generic)
+{
+ u_int8_t rdata_pubkey_algorithm = 0;
+ u_int8_t rdata_digest_type = SSHFP_HASH_SHA1;
+ u_char *rdata_digest;
+ u_int rdata_digest_len;
+
+ int i;
+ int success = 0;
+
+ if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type,
+ &rdata_digest, &rdata_digest_len, key)) {
+
+ if (generic)
+ fprintf(f, "%s IN TYPE%d \\# %d %02x %02x ", hostname,
+ DNS_RDATATYPE_SSHFP, 2 + rdata_digest_len,
+ rdata_pubkey_algorithm, rdata_digest_type);
+ else
+ fprintf(f, "%s IN SSHFP %d %d ", hostname,
+ rdata_pubkey_algorithm, rdata_digest_type);
+
+ for (i = 0; i < rdata_digest_len; i++)
+ fprintf(f, "%02x", rdata_digest[i]);
+ fprintf(f, "\n");
+ success = 1;
+ } else {
+ error("dns_export_rr: unsupported algorithm");
+ }
+
+ return success;
+}
+
+#endif /* DNS */
+/* $OpenBSD: dns.h,v 1.3 2003/05/14 22:56:51 jakob Exp $ */
+
/*
- * Copyright (c) 1999-2000 Damien Miller. All rights reserved.
+ * Copyright (c) 2003 Wesley Griffin. All rights reserved.
+ * Copyright (c) 2003 Jakob Schlyter. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* $Id$ */
-#ifndef _BSD_ARC4RANDOM_H
-#define _BSD_ARC4RANDOM_H
+#include "includes.h"
+
+#ifdef DNS
+#ifndef DNS_H
+#define DNS_H
+
+enum sshfp_types {
+ SSHFP_KEY_RESERVED,
+ SSHFP_KEY_RSA,
+ SSHFP_KEY_DSA
+};
+
+enum sshfp_hashes {
+ SSHFP_HASH_RESERVED,
+ SSHFP_HASH_SHA1
+};
+
+#define DNS_RDATACLASS_IN 1
+#define DNS_RDATATYPE_SSHFP 44
-#include "config.h"
+#define DNS_VERIFY_FAILED -1
+#define DNS_VERIFY_OK 0
+#define DNS_VERIFY_ERROR 1
-#ifndef HAVE_ARC4RANDOM
-unsigned int arc4random(void);
-void arc4random_stir(void);
-#endif /* !HAVE_ARC4RANDOM */
+int verify_host_key_dns(const char *, struct sockaddr *, Key *);
+int export_dns_rr(const char *, Key *, FILE *, int);
-#endif /* _BSD_ARC4RANDOM_H */
+#endif /* DNS_H */
+#endif /* DNS */
+/* $OpenBSD: gss-genr.c,v 1.1 2003/08/22 10:56:09 markus Exp $ */
+
/*
- * Copyright (c) 2001,2002 Simon Wilkinson. All rights reserved. *
+ * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
#include "ssh-gss.h"
-/* Assorted globals for tracking the clients identity once they've
- * authenticated */
-
-gss_buffer_desc gssapi_client_name = {0,NULL}; /* Name of our client */
-gss_cred_id_t gssapi_client_creds = GSS_C_NO_CREDENTIAL; /* Their credentials */
-enum ssh_gss_id gssapi_client_type = GSS_LAST_ENTRY;
-
-unsigned char ssh1_key_digest[16]; /* used for ssh1 gssapi */
-
-/* The mechanism name used in the list below is defined in the internet
- * draft as the Base 64 encoding of the MD5 hash of the ASN.1 DER encoding
- * of the underlying GSSAPI mechanism's OID.
- *
- * Also from the draft, before considering adding SPNEGO, bear in mind that
- * "mechanisms ... MUST NOT use SPNEGO as the underlying GSSAPI mechanism"
- */
-
-/* These must be in the same order as ssh_gss_id, in ssh-gss.h */
-
-ssh_gssapi_mech supported_mechs[]= {
-#ifdef KRB5
- /* Official OID - 1.2.850.113554.1.2.2 */
- {"Se3H81ismmOC3OE+FwYCiQ==","Kerberos",
- {9, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"}},
-#endif
-#ifdef GSI
- /* gssapi_ssleay 1.3.6.1.4.1.3536.1.1 */
- {"N3+k7/4wGxHyuP8Yxi4RhA==",
- "GSI",
- {9, "\x2B\x06\x01\x04\x01\x9B\x50\x01\x01"}
- },
-#endif /* GSI */
- {NULL,NULL,{0,0}}
-};
-
-char gssprefix[]=KEX_GSS_SHA1;
+typedef struct {
+ char *encoded;
+ gss_OID oid;
+} ssh_gss_kex_mapping;
+
+static ssh_gss_kex_mapping *gss_enc2oid;
/* Return a list of the gss-group1-sha1-x mechanisms supported by this
* program.
*
- * We only support the mechanisms that we've indicated in the list above,
- * but we check that they're supported by the GSSAPI mechanism on the
- * machine. We also check, before including them in the list, that
- * we have the necesary information in order to carry out the key exchange
- * (that is, that the user has credentials, the server's creds are accessible,
- * etc)
+ * On the client side, we don't need to worry about whether we 'know'
+ * about the mechanism or not - we assume that any mechanism that we've been
+ * linked against is suitable for inclusion.
*
- * The way that this is done is fairly nasty, as we do a lot of work that
- * is then thrown away. This should possibly be implemented with a cache
- * that stores the results (in an expanded Gssctxt structure), which are
- * then used by the first calls if that key exchange mechanism is chosen.
+ * XXX - We might want to make this configurable in the future, so as to
+ * XXX - allow the user control over which mechanisms to use.
*/
char *
-ssh_gssapi_mechanisms(int server,char *host) {
+ssh_gssapi_client_mechanisms(char *host) {
gss_OID_set supported;
- OM_uint32 maj_status, min_status;
+ OM_uint32 min_status;
Buffer buf;
int i = 0;
- int present;
- int mech_count=0;
- char * mechs;
- Gssctxt * ctx = NULL;
-
+ char *mechs;
+ char *encoded;
+ int enclen;
+ char digest[EVP_MAX_MD_SIZE];
+ char deroid[2];
+ const EVP_MD *evp_md = EVP_md5();
+ EVP_MD_CTX md;
+ int oidpos=0;
+
if (datafellows & SSH_OLD_GSSAPI) return NULL;
- PRIVSEP(gss_indicate_mechs(&min_status, &supported));
+ gss_indicate_mechs(&min_status,&supported);
+ if (datafellows & SSH_BUG_GSSAPI_BER) {
+ gss_enc2oid=xmalloc(sizeof(ssh_gss_kex_mapping)
+ *((supported->count*2)+1));
+ } else {
+ gss_enc2oid=xmalloc(sizeof(ssh_gss_kex_mapping)
+ *(supported->count+1));
+ }
- buffer_init(&buf);
+ buffer_init(&buf);
- do {
- if ((maj_status=gss_test_oid_set_member(&min_status,
- &supported_mechs[i].oid,
- supported,
- &present))) {
- present=0;
- }
- if (present) {
- if ((server &&
- !GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctx,
- &supported_mechs[i].oid))))
- || (!server &&
- !GSS_ERROR(ssh_gssapi_client_ctx(&ctx,
- &supported_mechs[i].oid,
- host)))) {
- /* Append gss_group1_sha1_x to our list */
- if (++mech_count > 1) {
- buffer_append(&buf, ",", 1);
+
+ for (i=0;i<supported->count;i++) {
+
+ gss_enc2oid[oidpos].encoded=NULL;
+
+ if (supported->elements[i].length<128 &&
+ ssh_gssapi_check_mechanism(&(supported->elements[i]),host)) {
+
+ /* Earlier versions of this code interpreted the
+ * spec incorrectly with regard to OID encoding. They
+ * also mis-encoded the krb5 OID. The following
+ * _temporary_ code interfaces with these broken
+ * servers */
+
+ if (datafellows & SSH_BUG_GSSAPI_BER) {
+ char *bodge=NULL;
+ gss_OID_desc krb5oid={9, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"};
+ gss_OID_desc gsioid={9, "\x2B\x06\x01\x04\x01\x9B\x50\x01\x01"};
+
+ if (supported->elements[i].length==krb5oid.length &&
+ memcmp(supported->elements[i].elements,
+ krb5oid.elements, krb5oid.length)==0) {
+ bodge="Se3H81ismmOC3OE+FwYCiQ==";
+ }
+
+ if (supported->elements[i].length==gsioid.length &&
+ memcmp(supported->elements[i].elements,
+ gsioid.elements, gsioid.length)==0) {
+ bodge="N3+k7/4wGxHyuP8Yxi4RhA==";
+ }
+
+ if (bodge) {
+ if (oidpos!=0) {
+ buffer_put_char(&buf,',');
+ }
+
+ buffer_append(&buf, KEX_GSS_SHA1, sizeof(KEX_GSS_SHA1)-1);
+ buffer_append(&buf, bodge, strlen(bodge));
+
+ gss_enc2oid[oidpos].oid=&(supported->elements[i]);
+ gss_enc2oid[oidpos].encoded=bodge;
+
+ oidpos++;
}
- buffer_append(&buf, gssprefix,
- strlen(gssprefix));
- buffer_append(&buf,
- supported_mechs[i].enc_name,
- strlen(supported_mechs[i].enc_name));
- debug("GSSAPI mechanism %s (%s%s) supported",
- supported_mechs[i].name, gssprefix,
- supported_mechs[i].enc_name);
- } else {
- debug("no credentials for GSSAPI mechanism %s",
- supported_mechs[i].name);
}
- } else {
- debug("GSSAPI mechanism %s not supported",
- supported_mechs[i].name);
+
+ /* Add the required DER encoding octets and MD5 hash */
+ deroid[0]=0x06; /* Object Identifier */
+ deroid[1]=supported->elements[i].length;
+
+ EVP_DigestInit(&md, evp_md);
+ EVP_DigestUpdate(&md,deroid,2);
+ EVP_DigestUpdate(&md,
+ supported->elements[i].elements,
+ supported->elements[i].length);
+ EVP_DigestFinal(&md, digest, NULL);
+
+ /* Base64 encode it */
+ encoded=xmalloc(EVP_MD_size(evp_md)*2);
+ enclen=__b64_ntop(digest, EVP_MD_size(evp_md),
+ encoded,EVP_MD_size(evp_md)*2);
+ if (oidpos!=0) {
+ buffer_put_char(&buf,',');
+ }
+ buffer_append(&buf, KEX_GSS_SHA1, sizeof(KEX_GSS_SHA1)-1);
+ buffer_append(&buf, encoded, enclen);
+
+ debug("Mechanism encoded as %s",encoded);
+
+ gss_enc2oid[oidpos].oid=&(supported->elements[i]);
+ gss_enc2oid[oidpos].encoded=encoded;
+ oidpos++;
}
- } while (supported_mechs[++i].name != NULL);
+ }
+ gss_enc2oid[oidpos].oid=NULL;
+ gss_enc2oid[oidpos].encoded=NULL;
buffer_put_char(&buf,'\0');
buffer_get(&buf,mechs,buffer_len(&buf));
buffer_free(&buf);
if (strlen(mechs)==0)
- return(NULL);
+ return(NULL);
else
- return(mechs);
+ return(mechs);
}
-void ssh_gssapi_supported_oids(gss_OID_set *oidset) {
- enum ssh_gss_id i =0;
- OM_uint32 maj_status,min_status;
- int present;
- gss_OID_set supported;
+gss_OID
+ssh_gssapi_client_id_kex(Gssctxt *ctx, char *name) {
+ int i=0;
- gss_create_empty_oid_set(&min_status,oidset);
- PRIVSEP(gss_indicate_mechs(&min_status, &supported));
-
- while (supported_mechs[i].name!=NULL) {
- if ((maj_status=gss_test_oid_set_member(&min_status,
- &supported_mechs[i].oid,
- supported,
- &present))) {
- present=0;
- }
- if (present) {
- gss_add_oid_set_member(&min_status,
- &supported_mechs[i].oid,
- oidset);
- }
- i++;
+ if (strncmp(name, KEX_GSS_SHA1, sizeof(KEX_GSS_SHA1)-1) !=0) {
+ return(NULL);
+ }
+
+ name+=sizeof(KEX_GSS_SHA1)-1; /* Move to the start of the ID string */
+
+ while (gss_enc2oid[i].encoded!=NULL &&
+ strcmp(name,gss_enc2oid[i].encoded)!=0) {
+ i++;
+ }
+
+ if (gss_enc2oid[i].oid!=NULL) {
+ ssh_gssapi_set_oid(ctx,gss_enc2oid[i].oid);
}
-}
-/* Set the contexts OID from a data stream */
-void ssh_gssapi_set_oid_data(Gssctxt *ctx, void *data, size_t len) {
- if (ctx->oid != GSS_C_NO_OID) {
- xfree(ctx->oid->elements);
- xfree(ctx->oid);
- }
- ctx->oid=xmalloc(sizeof(gss_OID_desc));
- ctx->oid->length=len;
- ctx->oid->elements=xmalloc(len);
- memcpy(ctx->oid->elements,data,len);
+ return gss_enc2oid[i].oid;
}
-/* Set the contexts OID */
-void ssh_gssapi_set_oid(Gssctxt *ctx, gss_OID oid) {
- ssh_gssapi_set_oid_data(ctx,oid->elements,oid->length);
+/* Check that the OID in a data stream matches that in the context */
+int
+ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len)
+{
+ return (ctx != NULL && ctx->oid != GSS_C_NO_OID &&
+ ctx->oid->length == len &&
+ memcmp(ctx->oid->elements, data, len) == 0);
}
-/* Find out which GSS type (out of the list we define in ssh-gss.h) a
- * particular connection is using
- */
-enum ssh_gss_id ssh_gssapi_get_ctype(Gssctxt *ctxt) {
- enum ssh_gss_id i=0;
-
- while(supported_mechs[i].name!=NULL) {
- if (supported_mechs[i].oid.length == ctxt->oid->length &&
- (memcmp(supported_mechs[i].oid.elements,
- ctxt->oid->elements,ctxt->oid->length) == 0))
- return i;
- i++;
+/* Set the contexts OID from a data stream */
+void
+ssh_gssapi_set_oid_data(Gssctxt *ctx, void *data, size_t len)
+{
+ if (ctx->oid != GSS_C_NO_OID) {
+ xfree(ctx->oid->elements);
+ xfree(ctx->oid);
}
- return(GSS_LAST_ENTRY);
+ ctx->oid = xmalloc(sizeof(gss_OID_desc));
+ ctx->oid->length = len;
+ ctx->oid->elements = xmalloc(len);
+ memcpy(ctx->oid->elements, data, len);
}
-/* Set the GSS context's OID to the oid indicated by the given key exchange
- * name. */
-gss_OID ssh_gssapi_id_kex(Gssctxt *ctx, char *name) {
- enum ssh_gss_id i=0;
-
- if (strncmp(name, gssprefix, strlen(gssprefix)-1) !=0) {
- return(NULL);
- }
-
- name+=strlen(gssprefix); /* Move to the start of the MIME string */
-
- while (supported_mechs[i].name!=NULL &&
- strcmp(name,supported_mechs[i].enc_name)!=0) {
- i++;
- }
-
- if (supported_mechs[i].name==NULL)
- return (NULL);
-
- if (ctx) ssh_gssapi_set_oid(ctx,&supported_mechs[i].oid);
-
- debug("using GSSAPI mechanism %s (%s%s)", supported_mechs[i].name,
- gssprefix, supported_mechs[i].enc_name);
-
- return &supported_mechs[i].oid;
+/* Set the contexts OID */
+void
+ssh_gssapi_set_oid(Gssctxt *ctx, gss_OID oid)
+{
+ ssh_gssapi_set_oid_data(ctx, oid->elements, oid->length);
}
-
/* All this effort to report an error ... */
-static void
-ssh_gssapi_error_ex(gss_OID mech, OM_uint32 major_status,
- OM_uint32 minor_status,
- int send_packet) {
- OM_uint32 lmaj, lmin;
- gss_buffer_desc msg = {0,NULL};
- OM_uint32 ctx;
-
- ctx = 0;
- /* The GSSAPI error */
- do {
- lmaj = PRIVSEP(gss_display_status(&lmin, major_status,
- GSS_C_GSS_CODE,
- mech,
- &ctx, &msg));
- if (lmaj == GSS_S_COMPLETE) {
- debug((char *)msg.value);
- if (send_packet) packet_send_debug((char *)msg.value);
- (void) gss_release_buffer(&lmin, &msg);
- }
- } while (ctx!=0);
-
- /* The mechanism specific error */
- do {
- lmaj = PRIVSEP(gss_display_status(&lmin, minor_status,
- GSS_C_MECH_CODE,
- mech,
- &ctx, &msg));
- if (lmaj == GSS_S_COMPLETE) {
- debug((char *)msg.value);
- if (send_packet) packet_send_debug((char *)msg.value);
- (void) gss_release_buffer(&lmin, &msg);
- }
- } while (ctx!=0);
-}
-
void
-ssh_gssapi_error(gss_OID mech,OM_uint32 major_status,OM_uint32 minor_status) {
- ssh_gssapi_error_ex(mech, major_status, minor_status, 0);
+ssh_gssapi_error(Gssctxt *ctxt)
+{
+ debug("%s", ssh_gssapi_last_error(ctxt, NULL, NULL));
}
-void
-ssh_gssapi_send_error(gss_OID mech,
- OM_uint32 major_status,OM_uint32 minor_status) {
- ssh_gssapi_error_ex(mech, major_status, minor_status, 1);
-}
+char *
+ssh_gssapi_last_error(Gssctxt *ctxt,
+ OM_uint32 *major_status, OM_uint32 *minor_status)
+{
+ OM_uint32 lmin;
+ gss_buffer_desc msg = GSS_C_EMPTY_BUFFER;
+ OM_uint32 ctx;
+ Buffer b;
+ char *ret;
+
+ buffer_init(&b);
+
+ if (major_status != NULL)
+ *major_status = ctxt->major;
+ if (minor_status != NULL)
+ *minor_status = ctxt->minor;
+
+ ctx = 0;
+ /* The GSSAPI error */
+ do {
+ gss_display_status(&lmin, ctxt->major,
+ GSS_C_GSS_CODE, ctxt->oid, &ctx, &msg);
+
+ buffer_append(&b, msg.value, msg.length);
+ buffer_put_char(&b, '\n');
+ gss_release_buffer(&lmin, &msg);
+ } while (ctx != 0);
+ /* The mechanism specific error */
+ do {
+ gss_display_status(&lmin, ctxt->minor,
+ GSS_C_MECH_CODE, ctxt->oid, &ctx, &msg);
+
+ buffer_append(&b, msg.value, msg.length);
+ buffer_put_char(&b, '\n');
+ gss_release_buffer(&lmin, &msg);
+ } while (ctx != 0);
+
+ buffer_put_char(&b, '\0');
+ ret = xmalloc(buffer_len(&b));
+ buffer_get(&b, ret, buffer_len(&b));
+ buffer_free(&b);
+ return (ret);
+}
-/* Initialise our GSSAPI context. We use this opaque structure to contain all
+/*
+ * Initialise our GSSAPI context. We use this opaque structure to contain all
* of the data which both the client and server need to persist across
* {accept,init}_sec_context calls, so that when we do it from the userauth
* stuff life is a little easier
void
ssh_gssapi_build_ctx(Gssctxt **ctx)
{
- *ctx=xmalloc(sizeof (Gssctxt));
- (*ctx)->context=GSS_C_NO_CONTEXT;
- (*ctx)->name=GSS_C_NO_NAME;
- (*ctx)->oid=GSS_C_NO_OID;
- (*ctx)->creds=GSS_C_NO_CREDENTIAL;
- (*ctx)->client=GSS_C_NO_NAME;
- (*ctx)->client_creds=GSS_C_NO_CREDENTIAL;
+ *ctx = xmalloc(sizeof (Gssctxt));
+ (*ctx)->major = 0;
+ (*ctx)->minor = 0;
+ (*ctx)->context = GSS_C_NO_CONTEXT;
+ (*ctx)->name = GSS_C_NO_NAME;
+ (*ctx)->oid = GSS_C_NO_OID;
+ (*ctx)->creds = GSS_C_NO_CREDENTIAL;
+ (*ctx)->client = GSS_C_NO_NAME;
+ (*ctx)->client_creds = GSS_C_NO_CREDENTIAL;
}
/* Delete our context, providing it has been built correctly */
#if !defined(MECHGLUE)
OM_uint32 ms;
#endif
-
- /* Return if there's no context */
- if ((*ctx)==NULL)
+
+ if ((*ctx) == NULL)
return;
-
#if !defined(MECHGLUE) /* mechglue has some memory management issues */
- if ((*ctx)->context != GSS_C_NO_CONTEXT)
- gss_delete_sec_context(&ms,&(*ctx)->context,GSS_C_NO_BUFFER);
+ if ((*ctx)->context != GSS_C_NO_CONTEXT)
+ gss_delete_sec_context(&ms, &(*ctx)->context, GSS_C_NO_BUFFER);
if ((*ctx)->name != GSS_C_NO_NAME)
- gss_release_name(&ms,&(*ctx)->name);
+ gss_release_name(&ms, &(*ctx)->name);
if ((*ctx)->oid != GSS_C_NO_OID) {
xfree((*ctx)->oid->elements);
xfree((*ctx)->oid);
(*ctx)->oid = GSS_C_NO_OID;
}
if ((*ctx)->creds != GSS_C_NO_CREDENTIAL)
- gss_release_cred(&ms,&(*ctx)->creds);
+ gss_release_cred(&ms, &(*ctx)->creds);
if ((*ctx)->client != GSS_C_NO_NAME)
- gss_release_name(&ms,&(*ctx)->client);
+ gss_release_name(&ms, &(*ctx)->client);
if ((*ctx)->client_creds != GSS_C_NO_CREDENTIAL)
- gss_release_cred(&ms,&(*ctx)->client_creds);
+ gss_release_cred(&ms, &(*ctx)->client_creds);
#endif
-
+
xfree(*ctx);
- *ctx=NULL;
+ *ctx = NULL;
}
-/* Wrapper to init_sec_context
+/*
+ * Wrapper to init_sec_context
* Requires that the context contains:
* oid
- * server name (from ssh_gssapi_import_name)
+ * server name (from ssh_gssapi_import_name)
*/
-OM_uint32
+OM_uint32
ssh_gssapi_init_ctx(Gssctxt *ctx, int deleg_creds, gss_buffer_desc *recv_tok,
- gss_buffer_desc* send_tok, OM_uint32 *flags)
+ gss_buffer_desc* send_tok, OM_uint32 *flags)
{
- OM_uint32 maj_status, min_status;
int deleg_flag = 0;
-
+
if (deleg_creds) {
- deleg_flag=GSS_C_DELEG_FLAG;
+ deleg_flag = GSS_C_DELEG_FLAG;
debug("Delegating credentials");
}
-
- maj_status=gss_init_sec_context(&min_status,
- GSS_C_NO_CREDENTIAL, /* def. cred */
- &ctx->context,
- ctx->name,
- ctx->oid,
- GSS_C_MUTUAL_FLAG |
- GSS_C_INTEG_FLAG |
- deleg_flag,
- 0, /* default lifetime */
- NULL, /* no channel bindings */
- recv_tok,
- NULL,
- send_tok,
- flags,
- NULL);
- ctx->status=maj_status;
- if (GSS_ERROR(maj_status)) {
- ssh_gssapi_error(ctx->oid,maj_status,min_status);
- }
- return(maj_status);
-}
-
-/* Wrapper arround accept_sec_context
- * Requires that the context contains:
- * oid
- * credentials (from ssh_gssapi_acquire_cred)
- */
-OM_uint32 ssh_gssapi_accept_ctx(Gssctxt *ctx,gss_buffer_desc *recv_tok,
- gss_buffer_desc *send_tok, OM_uint32 *flags)
-{
- OM_uint32 maj_status, min_status;
- gss_OID mech;
-
- maj_status=gss_accept_sec_context(&min_status,
- &ctx->context,
- ctx->creds,
- recv_tok,
- GSS_C_NO_CHANNEL_BINDINGS,
- &ctx->client,
- &mech, /* read-only pointer */
- send_tok,
- flags,
- NULL,
- &ctx->client_creds);
- if (GSS_ERROR(maj_status)) {
- ssh_gssapi_send_error(ctx->oid,maj_status,min_status);
- }
-
- if (ctx->client_creds) {
- debug("Received some client credentials");
- } else {
- debug("Got no client credentials");
- }
- /* FIXME: We should check that the me
- * the one that we asked for (in ctx->oid) */
+ ctx->major = gss_init_sec_context(&ctx->minor,
+ GSS_C_NO_CREDENTIAL, &ctx->context, ctx->name, ctx->oid,
+ GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag,
+ 0, NULL, recv_tok, NULL, send_tok, flags, NULL);
- ctx->status=maj_status;
-
- /* Now, if we're complete and we have the right flags, then
- * we flag the user as also having been authenticated
- */
-
- if (((flags==NULL) || ((*flags & GSS_C_MUTUAL_FLAG) &&
- (*flags & GSS_C_INTEG_FLAG))) &&
- (maj_status == GSS_S_COMPLETE)) {
- if (ssh_gssapi_getclient(ctx,&gssapi_client_type,
- &gssapi_client_name,
- &gssapi_client_creds))
- fatal("Couldn't convert client name");
- }
+ if (GSS_ERROR(ctx->major))
+ ssh_gssapi_error(ctx);
- return(maj_status);
+ return (ctx->major);
}
/* Create a service name for the given host */
OM_uint32
-ssh_gssapi_import_name(Gssctxt *ctx, const char *host) {
- gss_buffer_desc gssbuf = {0,NULL};
- OM_uint32 maj_status, min_status;
+ssh_gssapi_import_name(Gssctxt *ctx, const char *host)
+{
+ gss_buffer_desc gssbuf;
char *xhost;
-
+
/* Make a copy of the host name, in case it was returned by a
* previous call to gethostbyname(). */
xhost = xstrdup(host);
- /* Make sure we have the FQHN. Some GSSAPI implementations don't do
+ /* Make sure we have the FQDN. Some GSSAPI implementations don't do
* this for us themselves */
resolve_localhost(&xhost);
-
- gssbuf.length = sizeof("host@")+strlen(xhost);
-
- gssbuf.value = xmalloc(gssbuf.length);
- if (gssbuf.value == NULL) {
- xfree(xhost);
- return(-1);
- }
- snprintf(gssbuf.value,gssbuf.length,"host@%s",xhost);
- if ((maj_status=gss_import_name(&min_status,
- &gssbuf,
- GSS_C_NT_HOSTBASED_SERVICE,
- &ctx->name))) {
- ssh_gssapi_error(ctx->oid, maj_status,min_status);
- }
+ gssbuf.length = sizeof("host@") + strlen(xhost);
+ gssbuf.value = xmalloc(gssbuf.length);
+ snprintf(gssbuf.value, gssbuf.length, "host@%s", host);
+
+ if ((ctx->major = gss_import_name(&ctx->minor,
+ &gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name)))
+ ssh_gssapi_error(ctx);
+
xfree(xhost);
xfree(gssbuf.value);
- return(maj_status);
+ return (ctx->major);
}
/* Acquire credentials for a server running on the current host.
* Requires that the context structure contains a valid OID
*/
-
+
/* Returns a GSSAPI error code */
OM_uint32
-ssh_gssapi_acquire_cred(Gssctxt *ctx) {
- OM_uint32 maj_status, min_status;
+ssh_gssapi_acquire_cred(Gssctxt *ctx)
+{
+ OM_uint32 status;
char lname[MAXHOSTNAMELEN];
gss_OID_set oidset;
-
- gss_create_empty_oid_set(&min_status,&oidset);
- gss_add_oid_set_member(&min_status,ctx->oid,&oidset);
-
- if (gethostname(lname, MAXHOSTNAMELEN)) {
- return(-1);
- }
- if ((maj_status=ssh_gssapi_import_name(ctx,lname))) {
- return(maj_status);
- }
- if ((maj_status=gss_acquire_cred(&min_status,
- ctx->name,
- 0,
- oidset,
- GSS_C_ACCEPT,
- &ctx->creds,
- NULL,
- NULL))) {
- ssh_gssapi_error(ctx->oid,maj_status,min_status);
- }
-
- gss_release_oid_set(&min_status, &oidset);
- return(maj_status);
-}
+ gss_create_empty_oid_set(&status, &oidset);
+ gss_add_oid_set_member(&status, ctx->oid, &oidset);
-/* Extract the client details from a given context. This can only reliably
- * be called once for a context */
+ if (gethostname(lname, MAXHOSTNAMELEN))
+ return (-1);
-OM_uint32
-ssh_gssapi_getclient(Gssctxt *ctx, enum ssh_gss_id *type,
- gss_buffer_desc *name, gss_cred_id_t *creds) {
+ if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname)))
+ return (ctx->major);
- OM_uint32 maj_status,min_status;
-
- *type=ssh_gssapi_get_ctype(ctx);
- if ((maj_status=gss_display_name(&min_status,ctx->client,name,NULL))) {
- ssh_gssapi_error(ctx->oid,maj_status,min_status);
- }
-
- /* This is icky. There appears to be no way to copy this structure,
- * rather than the pointer to it, so we simply copy the pointer and
- * mark the originator as empty so we don't destroy it.
- */
- *creds=ctx->client_creds;
- ctx->client_creds=GSS_C_NO_CREDENTIAL;
- return(maj_status);
+ if ((ctx->major = gss_acquire_cred(&ctx->minor,
+ ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
+ ssh_gssapi_error(ctx);
+
+ gss_release_oid_set(&status, &oidset);
+ return (ctx->major);
+}
+
+OM_uint32
+ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) {
+ if (*ctx)
+ ssh_gssapi_delete_ctx(ctx);
+ ssh_gssapi_build_ctx(ctx);
+ ssh_gssapi_set_oid(*ctx, oid);
+ return (ssh_gssapi_acquire_cred(*ctx));
}
OM_uint32
ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *buffer, gss_buffer_desc *hash) {
- OM_uint32 maj_status,min_status;
- /* ssh1 needs to exchange the hash of the keys */
- /* will us this hash to return it */
- if (!compat20) {
- if ((maj_status=gss_wrap(&min_status,ctx->context,
- 0,
- GSS_C_QOP_DEFAULT,
- buffer,
- NULL,
- hash)))
- ssh_gssapi_error(ctx->oid,maj_status,min_status);
- }
- else
-
- if ((maj_status=gss_get_mic(&min_status,ctx->context,
+ if ((ctx->major=gss_get_mic(&ctx->minor,ctx->context,
GSS_C_QOP_DEFAULT, buffer, hash))) {
- ssh_gssapi_error(ctx->oid,maj_status,min_status);
+ ssh_gssapi_error(ctx);
}
- return(maj_status);
+ return(ctx->major);
}
-OM_uint32
-ssh_gssapi_server_ctx(Gssctxt **ctx,gss_OID oid) {
- if (*ctx) ssh_gssapi_delete_ctx(ctx);
- ssh_gssapi_build_ctx(ctx);
- ssh_gssapi_set_oid(*ctx,oid);
- return(ssh_gssapi_acquire_cred(*ctx));
-}
-
-OM_uint32
-ssh_gssapi_client_ctx(Gssctxt **ctx,gss_OID oid, char *host) {
- gss_buffer_desc token = {0,NULL};
+int
+ssh_gssapi_check_mechanism(gss_OID oid, char *host) {
+ Gssctxt * ctx = NULL;
+ gss_buffer_desc token;
OM_uint32 major,minor;
- if (*ctx) ssh_gssapi_delete_ctx(ctx);
- ssh_gssapi_build_ctx(ctx);
- ssh_gssapi_set_oid(*ctx,oid);
- ssh_gssapi_import_name(*ctx,host);
- major=ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token, NULL);
+ ssh_gssapi_build_ctx(&ctx);
+ ssh_gssapi_set_oid(ctx,oid);
+ ssh_gssapi_import_name(ctx,host);
+ major=ssh_gssapi_init_ctx(ctx,0, GSS_C_NO_BUFFER, &token, NULL);
gss_release_buffer(&minor,&token);
- return(major);
+ ssh_gssapi_delete_ctx(&ctx);
+ return(!GSS_ERROR(major));
}
-
+
#endif /* GSSAPI */
--- /dev/null
+/*
+ * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#ifdef GSSAPI
+#ifdef GSI
+
+#include "auth.h"
+#include "auth-pam.h"
+#include "xmalloc.h"
+#include "log.h"
+#include "servconf.h"
+
+#include "ssh-gss.h"
+
+#include <globus_gss_assist.h>
+
+static int ssh_gssapi_gsi_userok(ssh_gssapi_client *client, char *name);
+static int ssh_gssapi_gsi_localname(ssh_gssapi_client *client, char **user);
+static void ssh_gssapi_gsi_storecreds(ssh_gssapi_client *client);
+
+ssh_gssapi_mech gssapi_gsi_mech_old = {
+ "N3+k7/4wGxHyuP8Yxi4RhA==",
+ "GSI",
+ {9, "\x2B\x06\x01\x04\x01\x9B\x50\x01\x01"},
+ NULL,
+ &ssh_gssapi_gsi_userok,
+ &ssh_gssapi_gsi_localname,
+ &ssh_gssapi_gsi_storecreds
+};
+
+ssh_gssapi_mech gssapi_gsi_mech = {
+ "dZuIebMjgUqaxvbF7hDbAw==",
+ "GSI",
+ {9, "\x2B\x06\x01\x04\x01\x9B\x50\x01\x01"},
+ NULL,
+ &ssh_gssapi_gsi_userok,
+ &ssh_gssapi_gsi_localname,
+ &ssh_gssapi_gsi_storecreds
+};
+
+/*
+ * Check if this user is OK to login under GSI. User has been authenticated
+ * as identity in global 'client_name.value' and is trying to log in as passed
+ * username in 'name'.
+ *
+ * Returns non-zero if user is authorized, 0 otherwise.
+ */
+static int
+ssh_gssapi_gsi_userok(ssh_gssapi_client *client, char *name)
+{
+ int authorized = 0;
+
+#ifdef GLOBUS_GSI_GSS_ASSIST_MODULE
+ if (globus_module_activate(GLOBUS_GSI_GSS_ASSIST_MODULE) != 0) {
+ return 0;
+ }
+#endif
+
+ /* This returns 0 on success */
+ authorized = (globus_gss_assist_userok(client->displayname.value,
+ name) == 0);
+
+ logit("GSI user %s is%s authorized as target user %s",
+ (char *) client->displayname.value, (authorized ? "" : " not"), name);
+
+ return authorized;
+}
+
+/*
+ * Return the local username associated with the GSI credentials.
+ */
+int
+ssh_gssapi_gsi_localname(ssh_gssapi_client *client, char **user)
+{
+#ifdef GLOBUS_GSI_GSS_ASSIST_MODULE
+ if (globus_module_activate(GLOBUS_GSI_GSS_ASSIST_MODULE) != 0) {
+ return 0;
+ }
+#endif
+ return(globus_gss_assist_gridmap(client->displayname.value, user) == 0);
+}
+
+/*
+ * Export GSI credentials to disk.
+ */
+static void
+ssh_gssapi_gsi_storecreds(ssh_gssapi_client *client)
+{
+ OM_uint32 major_status;
+ OM_uint32 minor_status;
+ gss_buffer_desc export_cred = GSS_C_EMPTY_BUFFER;
+ char * p;
+
+ if (!client || !client->creds) {
+ return;
+ }
+
+ major_status = gss_export_cred(&minor_status,
+ client->creds,
+ GSS_C_NO_OID,
+ 1,
+ &export_cred);
+ if (GSS_ERROR(major_status) && major_status != GSS_S_UNAVAILABLE) {
+ Gssctxt *ctx;
+ ssh_gssapi_build_ctx(&ctx);
+ ctx->major = major_status;
+ ctx->minor = minor_status;
+ ssh_gssapi_set_oid(ctx, &gssapi_gsi_mech.oid);
+ ssh_gssapi_error(ctx);
+ ssh_gssapi_delete_ctx(&ctx);
+ return;
+ }
+
+ p = strchr((char *) export_cred.value, '=');
+ if (p == NULL) {
+ logit("Failed to parse exported credentials string '%.100s'",
+ (char *)export_cred.value);
+ gss_release_buffer(&minor_status, &export_cred);
+ return;
+ }
+ *p++ = '\0';
+ if (strcmp((char *)export_cred.value,"X509_USER_DELEG_PROXY") == 0) {
+ client->store.envvar = strdup("X509_USER_PROXY");
+ } else {
+ client->store.envvar = strdup((char *)export_cred.value);
+ }
+ client->store.envval = strdup(p);
+#ifdef USE_PAM
+ do_pam_putenv(client->store.envvar, client->store.envval);
+#endif
+ if (strncmp(p, "FILE:", 5) == 0) {
+ p += 5;
+ }
+ if (access(p, R_OK) == 0) {
+ client->store.filename = strdup(p);
+ }
+ gss_release_buffer(&minor_status, &export_cred);
+}
+
+#endif /* GSI */
+#endif /* GSSAPI */
--- /dev/null
+/* $OpenBSD: gss-serv-krb5.c,v 1.1 2003/08/22 10:56:09 markus Exp $ */
+
+/*
+ * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#ifdef GSSAPI
+#ifdef KRB5
+
+#include "auth.h"
+#include "xmalloc.h"
+#include "log.h"
+#include "servconf.h"
+
+#include "ssh-gss.h"
+
+extern ServerOptions options;
+
+#ifdef HEIMDAL
+#include <krb5.h>
+#else
+#include <gssapi_krb5.h>
+#endif
+
+static krb5_context krb_context = NULL;
+
+/* Initialise the krb5 library, for the stuff that GSSAPI won't do */
+
+static int
+ssh_gssapi_krb5_init()
+{
+ krb5_error_code problem;
+
+ if (krb_context != NULL)
+ return 1;
+
+ problem = krb5_init_context(&krb_context);
+ if (problem) {
+ logit("Cannot initialize krb5 context");
+ return 0;
+ }
+ krb5_init_ets(krb_context);
+
+ return 1;
+}
+
+/* Check if this user is OK to login. This only works with krb5 - other
+ * GSSAPI mechanisms will need their own.
+ * Returns true if the user is OK to log in, otherwise returns 0
+ */
+
+static int
+ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name)
+{
+ krb5_principal princ;
+ int retval;
+
+ if (ssh_gssapi_krb5_init() == 0)
+ return 0;
+
+ if ((retval = krb5_parse_name(krb_context, client->exportedname.value,
+ &princ))) {
+ logit("krb5_parse_name(): %.100s",
+ krb5_get_err_text(krb_context, retval));
+ return 0;
+ }
+ if (krb5_kuserok(krb_context, princ, name)) {
+ retval = 1;
+ logit("Authorized to %s, krb5 principal %s (krb5_kuserok)",
+ name, (char *)client->displayname.value);
+ } else
+ retval = 0;
+
+ krb5_free_principal(krb_context, princ);
+ return retval;
+}
+
+
+/* Retrieve the local username associated with a set of Kerberos
+ * credentials. Hopefully we can use this for the 'empty' username
+ * logins discussed in the draft */
+static int
+ssh_gssapi_krb5_localname(ssh_gssapi_client *client, char **user) {
+ krb5_principal princ;
+ int retval;
+
+ if (ssh_gssapi_krb5_init() == 0)
+ return 0;
+
+ if ((retval=krb5_parse_name(krb_context, client->displayname.value,
+ &princ))) {
+ logit("krb5_parse_name(): %.100s",
+ krb5_get_err_text(krb_context,retval));
+ return 0;
+ }
+
+ /* We've got to return a malloc'd string */
+ *user = (char *)xmalloc(256);
+ if (krb5_aname_to_localname(krb_context, princ, 256, *user)) {
+ xfree(*user);
+ *user = NULL;
+ return(0);
+ }
+
+ return(1);
+}
+
+/* This writes out any forwarded credentials from the structure populated
+ * during userauth. Called after we have setuid to the user */
+
+static void
+ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
+{
+ krb5_ccache ccache;
+ krb5_error_code problem;
+ krb5_principal princ;
+ OM_uint32 maj_status, min_status;
+ gss_cred_id_t krb5_cred_handle;
+
+
+ if (client->creds == NULL) {
+ debug("No credentials stored");
+ return;
+ }
+
+ if (ssh_gssapi_krb5_init() == 0)
+ return;
+
+#ifdef HEIMDAL
+ if ((problem = krb5_cc_gen_new(krb_context, &krb5_fcc_ops, &ccache))) {
+ logit("krb5_cc_gen_new(): %.100s",
+ krb5_get_err_text(krb_context, problem));
+ return;
+ }
+#else
+ {
+ int tmpfd;
+ char ccname[40];
+
+ snprintf(ccname, sizeof(ccname),
+ "FILE:/tmp/krb5cc_%d_XXXXXX", geteuid());
+
+ if ((tmpfd = mkstemp(ccname + strlen("FILE:"))) == -1) {
+ logit("mkstemp(): %.100s", strerror(errno));
+ problem = errno;
+ return;
+ }
+ if (fchmod(tmpfd, S_IRUSR | S_IWUSR) == -1) {
+ logit("fchmod(): %.100s", strerror(errno));
+ close(tmpfd);
+ problem = errno;
+ return;
+ }
+ close(tmpfd);
+ if ((problem = krb5_cc_resolve(krb_context, ccname, &ccache))) {
+ logit("krb5_cc_resolve(): %.100s",
+ krb5_get_err_text(krb_context, problem));
+ return;
+ }
+ }
+#endif /* #ifdef HEIMDAL */
+
+ if ((problem = krb5_parse_name(krb_context,
+ client->exportedname.value, &princ))) {
+ logit("krb5_parse_name(): %.100s",
+ krb5_get_err_text(krb_context, problem));
+ krb5_cc_destroy(krb_context, ccache);
+ return;
+ }
+
+ if ((problem = krb5_cc_initialize(krb_context, ccache, princ))) {
+ logit("krb5_cc_initialize(): %.100s",
+ krb5_get_err_text(krb_context, problem));
+ krb5_free_principal(krb_context, princ);
+ krb5_cc_destroy(krb_context, ccache);
+ return;
+ }
+
+ krb5_free_principal(krb_context, princ);
+
+#ifdef MECHGLUE
+ krb5_cred_handle =
+ __gss_get_mechanism_cred(client->creds,
+ &(gssapi_kerberos_mech.oid));
+#else
+ krb5_cred_handle = client->creds;
+#endif
+
+ if ((maj_status = gss_krb5_copy_ccache(&min_status,
+ krb5_cred_handle, ccache))) {
+ logit("gss_krb5_copy_ccache() failed");
+ krb5_cc_destroy(krb_context, ccache);
+ return;
+ }
+
+ client->store.filename = xstrdup(krb5_cc_get_name(krb_context, ccache));
+ client->store.envvar = "KRB5CCNAME";
+ client->store.envval = xstrdup(client->store.filename);
+
+#ifdef USE_PAM
+ if (options.use_pam)
+ do_pam_putenv(client->store.envvar,client->store.envval);
+#endif
+
+ krb5_cc_close(krb_context, ccache);
+
+ return;
+}
+
+ssh_gssapi_mech gssapi_kerberos_mech = {
+ "toWM5Slw5Ew8Mqkay+al2g==",
+ "Kerberos",
+ {9, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"},
+ NULL,
+ &ssh_gssapi_krb5_userok,
+ &ssh_gssapi_krb5_localname,
+ &ssh_gssapi_krb5_storecreds
+};
+
+ssh_gssapi_mech gssapi_kerberos_mech_old = {
+ "Se3H81ismmOC3OE+FwYCiQ==",
+ "Kerberos",
+ {9, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"},
+ &ssh_gssapi_krb5_init,
+ &ssh_gssapi_krb5_userok,
+ &ssh_gssapi_krb5_localname,
+ &ssh_gssapi_krb5_storecreds
+};
+
+#endif /* KRB5 */
+
+#endif /* GSSAPI */
+/* $OpenBSD: gss-serv.c,v 1.3 2003/08/31 13:31:57 markus Exp $ */
+
/*
- * Copyright (c) 2001,2002 Simon Wilkinson. All rights reserved.
+ * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
#ifdef GSSAPI
#include "ssh.h"
-#include "ssh1.h"
#include "ssh2.h"
-#include "xmalloc.h"
#include "buffer.h"
#include "bufaux.h"
#include "packet.h"
#include "dispatch.h"
#include "servconf.h"
#include "compat.h"
-#include "misc.h"
#include "monitor_wrap.h"
+#include "xmalloc.h"
+#include "getput.h"
#include "ssh-gss.h"
extern u_char *session_id2;
extern int session_id2_len;
-typedef struct ssh_gssapi_cred_cache {
- char *filename;
- char *envvar;
- char *envval;
- void *data;
-} ssh_gssapi_cred_cache;
+static ssh_gssapi_client gssapi_client =
+ { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
+ GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}};
-static struct ssh_gssapi_cred_cache gssapi_cred_store = {NULL,NULL,NULL};
-
-/*
- * Environment variables pointing to delegated credentials
- */
-static char *delegation_env[] = {
- "X509_USER_PROXY", /* GSSAPI/SSLeay */
- "KRB5CCNAME", /* Krb5 and possibly SSLeay */
- NULL
-};
-
-static void gssapi_unsetenv(const char *var);
+ssh_gssapi_mech gssapi_null_mech =
+ { NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL};
#ifdef KRB5
-
-#ifdef HEIMDAL
-#include <krb5.h>
-#else
-#include <gssapi_krb5.h>
-#define krb5_get_err_text(context,code) error_message(code)
+extern ssh_gssapi_mech gssapi_kerberos_mech;
+extern ssh_gssapi_mech gssapi_kerberos_mech_old;
+#endif
+#ifdef GSI
+extern ssh_gssapi_mech gssapi_gsi_mech;
+extern ssh_gssapi_mech gssapi_gsi_mech_old;
#endif
-static krb5_context krb_context = NULL;
-
-/* Initialise the krb5 library, so we can use it for those bits that
- * GSSAPI won't do */
+ssh_gssapi_mech* supported_mechs[]= {
+#ifdef KRB5
+ &gssapi_kerberos_mech,
+ &gssapi_kerberos_mech_old, /* Support for legacy clients */
+#endif
+#ifdef GSI
+ &gssapi_gsi_mech,
+ &gssapi_gsi_mech_old, /* Support for legacy clients */
+#endif
+ &gssapi_null_mech,
+};
-int ssh_gssapi_krb5_init() {
- krb5_error_code problem;
-
- if (krb_context !=NULL)
- return 1;
-
- problem = krb5_init_context(&krb_context);
- if (problem) {
- log("Cannot initialize krb5 context");
- return 0;
+/* Unpriviledged */
+void
+ssh_gssapi_supported_oids(gss_OID_set *oidset)
+{
+ int i = 0;
+ OM_uint32 min_status;
+ int present;
+ gss_OID_set supported;
+
+ gss_create_empty_oid_set(&min_status, oidset);
+ gss_indicate_mechs(&min_status, &supported);
+
+ while (supported_mechs[i]->name != NULL) {
+ if (GSS_ERROR(gss_test_oid_set_member(&min_status,
+ &supported_mechs[i]->oid, supported, &present)))
+ present = 0;
+ if (present)
+ gss_add_oid_set_member(&min_status,
+ &supported_mechs[i]->oid, oidset);
+ i++;
}
- krb5_init_ets(krb_context);
+}
- return 1;
-}
-/* Check if this user is OK to login. This only works with krb5 - other
- * GSSAPI mechanisms will need their own.
- * Returns true if the user is OK to log in, otherwise returns 0
+/* Wrapper around accept_sec_context
+ * Requires that the context contains:
+ * oid
+ * credentials (from ssh_gssapi_acquire_cred)
*/
+/* Priviledged */
+OM_uint32
+ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok,
+ gss_buffer_desc *send_tok, OM_uint32 *flags)
+{
+ OM_uint32 status;
+ gss_OID mech;
-int
-ssh_gssapi_krb5_userok(char *name) {
- krb5_principal princ;
- int retval;
+ ctx->major = gss_accept_sec_context(&ctx->minor,
+ &ctx->context, ctx->creds, recv_tok,
+ GSS_C_NO_CHANNEL_BINDINGS, &ctx->client, &mech,
+ send_tok, flags, NULL, &ctx->client_creds);
- if (ssh_gssapi_krb5_init() == 0)
- return 0;
-
- if ((retval=krb5_parse_name(krb_context, gssapi_client_name.value,
- &princ))) {
- log("krb5_parse_name(): %.100s",
- krb5_get_err_text(krb_context,retval));
- return 0;
- }
- if (krb5_kuserok(krb_context, princ, name)) {
- retval = 1;
- log("Authorized to %s, krb5 principal %s (krb5_kuserok)",name,
- (char *)gssapi_client_name.value);
- }
+ if (GSS_ERROR(ctx->major))
+ ssh_gssapi_error(ctx);
+
+ if (ctx->client_creds)
+ debug("Received some client credentials");
else
- retval = 0;
-
- krb5_free_principal(krb_context, princ);
- return retval;
-}
+ debug("Got no client credentials");
-int
-ssh_gssapi_krb5_localname(char **user)
-{
- krb5_principal princ;
+ status = ctx->major;
- if (ssh_gssapi_krb5_init() == 0)
- return 0;
+ /* Now, if we're complete and we have the right flags, then
+ * we flag the user as also having been authenticated
+ */
- if (krb5_parse_name(krb_context, gssapi_client_name.value, &princ)) {
- return(0);
- }
- *user = (char *)xmalloc(256);
- if (krb5_aname_to_localname(krb_context, princ, 256, *user)) {
- xfree(*user);
- *user = NULL;
- return(0);
- }
- return(1);
+ if (((flags == NULL) || ((*flags & GSS_C_MUTUAL_FLAG) &&
+ (*flags & GSS_C_INTEG_FLAG))) && (ctx->major == GSS_S_COMPLETE)) {
+ if (ssh_gssapi_getclient(ctx, &gssapi_client))
+ fatal("Couldn't convert client name");
+ }
+
+ return (status);
}
-
-/* Make sure that this is called _after_ we've setuid to the user */
-/* This writes out any forwarded credentials. Its specific to the Kerberos
- * GSSAPI mechanism
- *
- * We assume that our caller has made sure that the user has selected
- * delegated credentials, and that the client_creds structure is correctly
- * populated.
+/*
+ * This parses an exported name, extracting the mechanism specific portion
+ * to use for ACL checking. It verifies that the name belongs the mechanism
+ * originally selected.
*/
-
-OM_uint32
-ssh_gssapi_krb5_storecreds(gss_buffer_t export_buffer) {
- krb5_ccache ccache;
- krb5_error_code problem;
- krb5_principal princ;
- char ccname[35];
- static char name[40];
- int tmpfd;
- OM_uint32 maj_status,min_status;
- gss_cred_id_t krb5_cred_handle;
-
-
- if (gssapi_client_creds==NULL) {
- debug("No credentials stored");
- return GSS_S_NO_CRED;
+static OM_uint32
+ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
+{
+ char *tok;
+ OM_uint32 offset;
+ OM_uint32 oidl;
+
+ tok=ename->value;
+
+#ifdef GSI /* GSI gss_export_name() is broken. */
+ if ((ctx->oid->length == gssapi_gsi_mech.oid.length) &&
+ (memcmp(ctx->oid->elements, gssapi_gsi_mech.oid.elements,
+ gssapi_gsi_mech.oid.length) == 0)) {
+ name->length = ename->length;
+ name->value = xmalloc(ename->length+1);
+ memcpy(name->value, ename->value, ename->length);
+ return GSS_S_COMPLETE;
}
-
- if (ssh_gssapi_krb5_init() == 0)
- return GSS_S_FAILURE;
+#endif
- if (options.gss_use_session_ccache) {
- snprintf(ccname,sizeof(ccname),"/tmp/krb5cc_%d_XXXXXX",geteuid());
-
- if ((tmpfd = mkstemp(ccname))==-1) {
- log("mkstemp(): %.100s", strerror(errno));
- return GSS_S_FAILURE;
- }
- if (fchmod(tmpfd, S_IRUSR | S_IWUSR) == -1) {
- log("fchmod(): %.100s", strerror(errno));
- close(tmpfd);
- return GSS_S_FAILURE;
- }
- } else {
- snprintf(ccname,sizeof(ccname),"/tmp/krb5cc_%d",geteuid());
- tmpfd = open(ccname, O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR);
- if (tmpfd == -1) {
- log("open(): %.100s", strerror(errno));
- return GSS_S_FAILURE;
- }
- }
-
- close(tmpfd);
- snprintf(name, sizeof(name), "FILE:%s",ccname);
-
- if ((problem = krb5_cc_resolve(krb_context, name, &ccache))) {
- log("krb5_cc_default(): %.100s",
- krb5_get_err_text(krb_context,problem));
- return GSS_S_FAILURE;
- }
-
- if ((problem = krb5_parse_name(krb_context, gssapi_client_name.value,
- &princ))) {
- log("krb5_parse_name(): %.100s",
- krb5_get_err_text(krb_context,problem));
- krb5_cc_destroy(krb_context,ccache);
- return GSS_S_FAILURE;
- }
-
- if ((problem = krb5_cc_initialize(krb_context, ccache, princ))) {
- log("krb5_cc_initialize(): %.100s",
- krb5_get_err_text(krb_context,problem));
- krb5_free_principal(krb_context,princ);
- krb5_cc_destroy(krb_context,ccache);
+ /*
+ * Check that ename is long enough for all of the fixed length
+ * header, and that the initial ID bytes are correct
+ */
+
+ if (ename->length<6 || memcmp(tok,"\x04\x01", 2)!=0)
return GSS_S_FAILURE;
- }
-
- krb5_free_principal(krb_context,princ);
-
-#ifdef MECHGLUE
- krb5_cred_handle =
- __gss_get_mechanism_cred(gssapi_client_creds,
- &(supported_mechs[GSS_KERBEROS].oid));
-#else
- krb5_cred_handle = gssapi_client_creds;
-#endif
- if ((maj_status = gss_krb5_copy_ccache(&min_status,
- krb5_cred_handle,
- ccache))) {
- log("gss_krb5_copy_ccache() failed");
- ssh_gssapi_error(&supported_mechs[GSS_KERBEROS].oid,
- maj_status,min_status);
- krb5_cc_destroy(krb_context,ccache);
+ /*
+ * Extract the OID, and check it. Here GSSAPI breaks with tradition
+ * and does use the OID type and length bytes. To confuse things
+ * there are two lengths - the first including these, and the
+ * second without.
+ */
+
+ oidl = GET_16BIT(tok+2); /* length including next two bytes */
+ oidl = oidl-2; /* turn it into the _real_ length of the variable OID */
+
+ /*
+ * Check the BER encoding for correct type and length, that the
+ * string is long enough and that the OID matches that in our context
+ */
+ if (tok[4] != 0x06 || tok[5] != oidl ||
+ ename->length < oidl+6 ||
+ !ssh_gssapi_check_oid(ctx,tok+6,oidl))
return GSS_S_FAILURE;
- }
-
- krb5_cc_close(krb_context,ccache);
- export_buffer->length = strlen("KRB5CCNAME")+strlen(name)+1;
- export_buffer->value = xmalloc(export_buffer->length+1);
- sprintf(export_buffer->value, "%s=%s", "KRB5CCNAME", name);
+ offset = oidl+6;
- return GSS_S_COMPLETE;
-}
+ if (ename->length < offset+4)
+ return GSS_S_FAILURE;
-#endif /* KRB5 */
+ name->length = GET_32BIT(tok+offset);
+ offset += 4;
-#ifdef GSI
-#include <globus_gss_assist.h>
+ if (ename->length < offset+name->length)
+ return GSS_S_FAILURE;
-/*
- * Check if this user is OK to login under GSI. User has been authenticated
- * as identity in global 'client_name.value' and is trying to log in as passed
- * username in 'name'.
- *
- * Returns non-zero if user is authorized, 0 otherwise.
- */
-int
-ssh_gssapi_gsi_userok(char *name)
-{
- int authorized = 0;
-
-#ifdef GLOBUS_GSI_GSS_ASSIST_MODULE
- if (globus_module_activate(GLOBUS_GSI_GSS_ASSIST_MODULE) != 0) {
- return 0;
- }
-#endif
+ name->value = xmalloc(name->length+1);
+ memcpy(name->value,tok+offset,name->length);
+ ((char *)name->value)[name->length] = 0;
- /* globus_gss_assist_userok() returns 0 on success */
- authorized = (globus_gss_assist_userok(gssapi_client_name.value,
- name) == 0);
-
- log("GSI user %s is%s authorized as target user %s",
- (char *) gssapi_client_name.value, (authorized ? "" : " not"), name);
-
- return authorized;
+ return GSS_S_COMPLETE;
}
-/*
- * Return the local username associated with the GSI credentials.
- */
-int
-ssh_gssapi_gsi_localname(char **user)
-{
-#ifdef GLOBUS_GSI_GSS_ASSIST_MODULE
- if (globus_module_activate(GLOBUS_GSI_GSS_ASSIST_MODULE) != 0) {
- return 0;
- }
-#endif
- return(globus_gss_assist_gridmap(gssapi_client_name.value, user) == 0);
-}
+/* Extract the client details from a given context. This can only reliably
+ * be called once for a context */
-/*
- * Handle setting up child environment for GSI.
- *
- * Make sure that this is called _after_ we've setuid to the user.
- */
+/* Priviledged (called from accept_secure_ctx) */
OM_uint32
-ssh_gssapi_gsi_storecreds(gss_buffer_t export_buffer)
+ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client)
{
- OM_uint32 major_status;
- OM_uint32 minor_status;
-
- if (gssapi_client_creds != NULL)
- {
- char *creds_env = NULL;
-
- /*
- * This is the current hack with the GSI gssapi library to
- * export credentials to disk.
- */
-
- debug("Exporting delegated credentials");
-
- minor_status = 0xdee0; /* Magic value */
- major_status =
- gss_inquire_cred(&minor_status,
- gssapi_client_creds,
- (gss_name_t *) &creds_env,
- NULL,
- NULL,
- NULL);
-
- if ((major_status == GSS_S_COMPLETE) &&
- (minor_status == 0xdee1) &&
- (creds_env != NULL))
- {
- char *value;
-
- /*
- * String is of the form:
- * X509_USER_DELEG_PROXY=filename
- * so we parse out the filename
- * and then set X509_USER_PROXY
- * to point at it.
- */
- value = strchr(creds_env, '=');
-
- if (value != NULL)
- {
- *value = '\0';
- value++;
- export_buffer->length=
- strlen("X509_USER_PROXY")+strlen(value)+1;
- export_buffer->value =
- xmalloc(export_buffer->length+1);
- sprintf(export_buffer->value, "%s=%s",
- "X509_USER_PROXY", value);
-
- return GSS_S_COMPLETE;
- }
- else
- {
- log("Failed to parse delegated credentials string '%s'",
- creds_env);
- }
- }
- else
- {
- log("Failed to export delegated credentials (error %d)",
- major_status);
- }
- }
- return 0;
-}
+ int i = 0;
-#endif /* GSI */
+ gss_buffer_desc ename;
-void
-ssh_gssapi_cleanup_creds(void *ignored)
-{
- /* OM_uint32 min_stat; */
+ client->mech = NULL;
- if (gssapi_cred_store.filename!=NULL) {
- /* Unlink probably isn't sufficient */
- debug("removing gssapi cred file \"%s\"",gssapi_cred_store.filename);
- unlink(gssapi_cred_store.filename);
+ while (supported_mechs[i]->name != NULL) {
+ if (supported_mechs[i]->oid.length == ctx->oid->length &&
+ (memcmp(supported_mechs[i]->oid.elements,
+ ctx->oid->elements, ctx->oid->length) == 0))
+ client->mech = supported_mechs[i];
+ i++;
}
- /* DK ??
- if (gssapi_client_creds != GSS_C_NO_CREDENTIAL)
- gss_release_cred(&min_stat, &gssapi_client_creds);
- */
-}
-OM_uint32
-ssh_gssapi_export_cred(OM_uint32 * minor_status,
- const gss_cred_id_t cred_handle,
- const gss_OID desired_mech,
- OM_uint32 option_req,
- gss_buffer_t export_buffer)
-{
- OM_uint32 maj_stat = GSS_S_FAILURE;
-
- if (option_req != 1) return GSS_S_UNAVAILABLE;
- if (desired_mech != NULL) return GSS_S_BAD_MECH;
+ if (client->mech == NULL)
+ return GSS_S_FAILURE;
- switch (gssapi_client_type) {
-#ifdef KRB5
- case GSS_KERBEROS:
- maj_stat = ssh_gssapi_krb5_storecreds(export_buffer);
- break;
-#endif
-#ifdef GSI
- case GSS_GSI:
- maj_stat = ssh_gssapi_gsi_storecreds(export_buffer);
- break;
-#endif /* GSI */
- case GSS_LAST_ENTRY:
- /* GSSAPI not used in this authentication */
- debug("No GSSAPI credentials stored");
- break;
- default:
- log("ssh_gssapi_do_child: Unknown mechanism");
-
+ if ((ctx->major = gss_display_name(&ctx->minor, ctx->client,
+ &client->displayname, NULL))) {
+ ssh_gssapi_error(ctx);
+ return (ctx->major);
}
- if (GSS_ERROR(maj_stat)) {
- *minor_status = GSS_S_FAILURE;
+ if ((ctx->major = gss_export_name(&ctx->minor, ctx->client,
+ &ename))) {
+ ssh_gssapi_error(ctx);
+ return (ctx->major);
}
- return maj_stat;
-}
-void
-ssh_gssapi_storecreds()
-{
- OM_uint32 maj_stat, min_stat;
- gss_buffer_desc export_cred = GSS_C_EMPTY_BUFFER;
- char *p;
-
- if (gssapi_client_creds == GSS_C_NO_CREDENTIAL)
- return;
-
-#ifdef HAVE_GSSAPI_EXT
- maj_stat = gss_export_cred(&min_stat, gssapi_client_creds,
- GSS_C_NO_OID, 1, &export_cred);
- if (GSS_ERROR(maj_stat) && maj_stat != GSS_S_UNAVAILABLE) {
- ssh_gssapi_error(GSS_C_NO_OID, maj_stat, min_stat);
- return;
+ if ((ctx->major = ssh_gssapi_parse_ename(ctx,&ename,
+ &client->exportedname))) {
+ return (ctx->major);
}
-#endif
- /* If gss_export_cred() is not available, use old methods */
- if (export_cred.length == 0) {
- ssh_gssapi_export_cred(&min_stat, gssapi_client_creds,
- GSS_C_NO_OID, 1, &export_cred);
- if (GSS_ERROR(maj_stat)) {
- ssh_gssapi_error(GSS_C_NO_OID, maj_stat, min_stat);
- }
- }
+ /* We can't copy this structure, so we just move the pointer to it */
+ client->creds = ctx->client_creds;
+ ctx->client_creds = GSS_C_NO_CREDENTIAL;
+ return (ctx->major);
+}
- p = strchr((char *) export_cred.value, '=');
- if (p == NULL) {
- log("Failed to parse exported credentials string '%.100s'",
- (char *)export_cred.value);
- gss_release_buffer(&min_stat, &export_cred);
- return;
- }
- *p++ = '\0';
-#ifdef GSI
- if (strcmp((char *)export_cred.value,"X509_USER_DELEG_PROXY") == 0)
- gssapi_cred_store.envvar = strdup("X509_USER_PROXY");
- else
-#endif
- gssapi_cred_store.envvar = strdup((char *)export_cred.value);
- gssapi_cred_store.envval = strdup(p);
-#ifdef USE_PAM
- do_pam_putenv(gssapi_cred_store.envvar, gssapi_cred_store.envval);
-#endif
- if (strncmp(p, "FILE:", 5) == 0) {
- p += 5;
- }
- if (access(p, R_OK) == 0) {
- gssapi_cred_store.filename = strdup(p);
+/* As user - called through fatal cleanup hook */
+void
+ssh_gssapi_cleanup_creds(void *ignored)
+{
+ if (gssapi_client.store.filename != NULL) {
+ /* Unlink probably isn't sufficient */
+ debug("removing gssapi cred file\"%s\"", gssapi_client.store.filename);
+ unlink(gssapi_client.store.filename);
}
- gss_release_buffer(&min_stat, &export_cred);
+}
- if (options.gss_cleanup_creds) {
- fatal_add_cleanup(ssh_gssapi_cleanup_creds, NULL);
- }
+/* As user */
+void
+ssh_gssapi_storecreds(void)
+{
+ if (gssapi_client.mech && gssapi_client.mech->storecreds) {
+ (*gssapi_client.mech->storecreds)(&gssapi_client);
+ if (options.gss_cleanup_creds)
+ fatal_add_cleanup(ssh_gssapi_cleanup_creds, NULL);
+ } else
+ debug("ssh_gssapi_storecreds: Not a GSSAPI mechanism");
}
/* This allows GSSAPI methods to do things to the childs environment based
* on the passed authentication process and credentials.
- *
- * Question: If we didn't use userauth_external for some reason, should we
- * still delegate credentials?
*/
-void
-ssh_gssapi_do_child(char ***envp, u_int *envsizep)
+/* As user */
+void
+ssh_gssapi_do_child(char ***envp, u_int *envsizep)
{
- if (gssapi_cred_store.envvar!=NULL &&
- gssapi_cred_store.envval!=NULL) {
-
- debug("Setting %s to %s", gssapi_cred_store.envvar,
- gssapi_cred_store.envval);
- child_set_env(envp, envsizep, gssapi_cred_store.envvar,
- gssapi_cred_store.envval);
- }
+ if (gssapi_client.store.envvar != NULL &&
+ gssapi_client.store.envval != NULL) {
- switch(gssapi_client_type) {
-#ifdef KRB5
- case GSS_KERBEROS: break;
-#endif
-#ifdef GSI
- case GSS_GSI: break;
-#endif
- case GSS_LAST_ENTRY:
- debug("No GSSAPI credentials stored");
- break;
- default:
- log("ssh_gssapi_do_child: Unknown mechanism");
+ debug("Setting %s to %s", gssapi_client.store.envvar,
+ gssapi_client.store.envval);
+ child_set_env(envp, envsizep, gssapi_client.store.envvar,
+ gssapi_client.store.envval);
}
}
+/* Priviledged */
int
ssh_gssapi_userok(char *user)
{
- if (gssapi_client_name.length==0 ||
- gssapi_client_name.value==NULL) {
+ if (gssapi_client.exportedname.length == 0 ||
+ gssapi_client.exportedname.value == NULL) {
debug("No suitable client data");
return 0;
}
- switch (gssapi_client_type) {
-#ifdef KRB5
- case GSS_KERBEROS:
- return(ssh_gssapi_krb5_userok(user));
- break; /* Not reached */
-#endif
-#ifdef GSI
- case GSS_GSI:
- return(ssh_gssapi_gsi_userok(user));
- break; /* Not reached */
-#endif /* GSI */
- case GSS_LAST_ENTRY:
- debug("Client not GSSAPI");
- break;
- default:
- debug("Unknown client authentication type");
+ if (gssapi_client.mech && gssapi_client.mech->userok)
+ return ((*gssapi_client.mech->userok)(&gssapi_client, user));
+ else
+ debug("ssh_gssapi_userok: Unknown GSSAPI mechanism");
+ return (0);
+}
+
+/* Return a list of the gss-group1-sha1-x mechanisms supported by this
+ * program.
+ *
+ * We only support the mechanisms that we've indicated in the list above,
+ * but we check that they're supported by the GSSAPI mechanism on the
+ * machine. We also check, before including them in the list, that
+ * we have the necesary information in order to carry out the key exchange
+ * (that is, that the user has credentials, the server's creds are accessible,
+ * etc)
+ *
+ * The way that this is done is fairly nasty, as we do a lot of work that
+ * is then thrown away. This should possibly be implemented with a cache
+ * that stores the results (in an expanded Gssctxt structure), which are
+ * then used by the first calls if that key exchange mechanism is chosen.
+ */
+
+/* Unpriviledged */
+char *
+ssh_gssapi_server_mechanisms() {
+ gss_OID_set supported;
+ Gssctxt *ctx = NULL;
+ OM_uint32 maj_status, min_status;
+ Buffer buf;
+ int i = 0;
+ int first = 0;
+ int present;
+ char * mechs;
+
+ if (datafellows & SSH_OLD_GSSAPI) return NULL;
+
+ ssh_gssapi_supported_oids(&supported);
+
+ buffer_init(&buf);
+
+ while(supported_mechs[i]->name != NULL) {
+ if ((maj_status=gss_test_oid_set_member(&min_status,
+ &supported_mechs[i]->oid,
+ supported,
+ &present))) {
+ present=0;
+ }
+
+ if (present) {
+ if (!GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctx,
+ &supported_mechs[i]->oid)))) {
+ /* Append gss_group1_sha1_x to our list */
+ if (first++!=0)
+ buffer_put_char(&buf,',');
+ buffer_append(&buf, KEX_GSS_SHA1,
+ sizeof(KEX_GSS_SHA1)-1);
+ buffer_append(&buf,
+ supported_mechs[i]->enc_name,
+ strlen(supported_mechs[i]->enc_name));
+ debug("GSSAPI mechanism %s (%s%s) supported",
+ supported_mechs[i]->name, KEX_GSS_SHA1,
+ supported_mechs[i]->enc_name);
+ } else {
+ debug("no credentials for GSSAPI mechanism %s",
+ supported_mechs[i]->name);
+ }
+ } else {
+ debug("GSSAPI mechanism %s not supported",
+ supported_mechs[i]->name);
+ }
+ ssh_gssapi_delete_ctx(&ctx);
+ i++;
}
- return(0);
+
+ buffer_put_char(&buf,'\0');
+
+ mechs=xmalloc(buffer_len(&buf));
+ buffer_get(&buf,mechs,buffer_len(&buf));
+ buffer_free(&buf);
+ if (strlen(mechs)==0)
+ return(NULL);
+ else
+ return(mechs);
}
+/* Return the OID that corresponds to the given context name */
+
+/* Unpriviledged */
+gss_OID
+ssh_gssapi_server_id_kex(char *name) {
+ int i=0;
+
+ if (strncmp(name, KEX_GSS_SHA1, sizeof(KEX_GSS_SHA1)-1) !=0) {
+ return(NULL);
+ }
+
+ name+=sizeof(KEX_GSS_SHA1)-1; /* Move to the start of the MIME string */
+
+ while (supported_mechs[i]->name!=NULL &&
+ strcmp(name,supported_mechs[i]->enc_name)!=0) {
+ i++;
+ }
+
+ if (supported_mechs[i]->name==NULL)
+ return (NULL);
+
+ debug("using GSSAPI mechanism %s (%s%s)", supported_mechs[i]->name,
+ KEX_GSS_SHA1, supported_mechs[i]->enc_name);
+
+ return &supported_mechs[i]->oid;
+}
+
+/* Priviledged */
int
ssh_gssapi_localname(char **user)
{
*user = NULL;
- if (gssapi_client_name.length==0 ||
- gssapi_client_name.value==NULL) {
+ if (gssapi_client.displayname.length==0 ||
+ gssapi_client.displayname.value==NULL) {
debug("No suitable client data");
return(0);;
}
- switch (gssapi_client_type) {
-#ifdef KRB5
- case GSS_KERBEROS:
- return(ssh_gssapi_krb5_localname(user));
- break; /* Not reached */
-#endif
-#ifdef GSI
- case GSS_GSI:
- return(ssh_gssapi_gsi_localname(user));
- break; /* Not reached */
-#endif /* GSI */
- case GSS_LAST_ENTRY:
- debug("Client not GSSAPI");
- break;
- default:
+ if (gssapi_client.mech && gssapi_client.mech->localname) {
+ return((*gssapi_client.mech->localname)(&gssapi_client,user));
+ } else {
debug("Unknown client authentication type");
}
return(0);
}
-
-/*
- * Clean our environment on startup. This means removing any environment
- * strings that might inadvertantly been in root's environment and
- * could cause serious security problems if we think we set them.
- */
-void
-ssh_gssapi_clean_env(void)
-{
- char *envstr;
- int envstr_index;
-
-
- for (envstr_index = 0;
- (envstr = delegation_env[envstr_index]) != NULL;
- envstr_index++) {
-
- if (getenv(envstr)) {
- debug("Clearing environment variable %s", envstr);
- gssapi_unsetenv(envstr);
- }
- }
-}
-
-/*
- * Wrapper around unsetenv.
- */
-static void
-gssapi_unsetenv(const char *var)
-{
-#ifdef HAVE_UNSETENV
- unsetenv(var);
-
-#else /* !HAVE_UNSETENV */
- extern char **environ;
- char **p1 = environ; /* New array list */
- char **p2 = environ; /* Current array list */
- int len = strlen(var);
-
- /*
- * Walk through current environ array (p2) copying each pointer
- * to new environ array (p1) unless the pointer is to the item
- * we want to delete. Copy happens in place.
- */
- while (*p2) {
- if ((strncmp(*p2, var, len) == 0) &&
- ((*p2)[len] == '=')) {
- /*
- * *p2 points at item to be deleted, just skip over it
- */
- p2++;
- } else {
- /*
- * *p2 points at item we want to save, so copy it
- */
- *p1 = *p2;
- p1++;
- p2++;
- }
- }
-
- /* And make sure new array is NULL terminated */
- *p1 = NULL;
-#endif /* HAVE_UNSETENV */
-}
-
-#endif /* GSSAPI */
+#endif
#ifdef HAVE_NETGROUP_H
# include <netgroup.h>
#endif
-#if defined(HAVE_NETDB_H)
-# include <netdb.h>
-#endif
#ifdef HAVE_ENDIAN_H
# include <endian.h>
#endif
#ifdef HAVE_NEXT
# include <libc.h>
#endif
+#define __USE_GNU /* before unistd.h, activate extra prototypes for glibc */
#include <unistd.h> /* For STDIN_FILENO, etc */
#include <termios.h> /* Struct winsize */
#ifdef HAVE_SYS_MMAN_H
#include <sys/mman.h> /* for MAP_ANONYMOUS */
#endif
+#ifdef HAVE_SYS_STRTIO_H
+#include <sys/strtio.h> /* for TIOCCBRK on HP-UX */
+#endif
#include <netinet/in_systm.h> /* For typedefs */
#include <netinet/in.h> /* For IPv6 macros */
#include <netinet/ip.h> /* For IPTOS macros */
#include <netinet/tcp.h>
#include <arpa/inet.h>
+#if defined(HAVE_NETDB_H)
+# include <netdb.h>
+#endif
#ifdef HAVE_RPC_TYPES_H
# include <rpc/types.h> /* For INADDR_LOOPBACK */
#endif
# include <tmpdir.h>
#endif
+#ifdef HAVE_LIBUTIL_H
+# include <libutil.h> /* Openpty on FreeBSD at least */
+#endif
+
#include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER */
#include "defines.h"
#include "version.h"
#include "openbsd-compat/openbsd-compat.h"
-#include "openbsd-compat/bsd-cygwin_util.h"
#include "openbsd-compat/bsd-nextstep.h"
#include "entropy.h"
*/
#include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.51 2002/06/24 14:55:38 markus Exp $");
+RCSID("$OpenBSD: kex.c,v 1.55 2003/04/01 10:31:26 markus Exp $");
#include <openssl/crypto.h>
#define KEX_COOKIE_LEN 16
-/* Use privilege separation for sshd */
-int use_privsep;
-struct monitor *pmonitor;
-
-
/* prototype */
static void kex_kexinit_finish(Kex *);
static void kex_choose_conf(Kex *);
/* parse buffer and return algorithm proposal */
static char **
-kex_buf2prop(Buffer *raw)
+kex_buf2prop(Buffer *raw, int *first_kex_follows)
{
Buffer b;
int i;
}
/* first kex follows / reserved */
i = buffer_get_char(&b);
+ if (first_kex_follows != NULL)
+ *first_kex_follows = i;
debug2("kex_parse_kexinit: first_kex_follows %d ", i);
i = buffer_get_int(&b);
debug2("kex_parse_kexinit: reserved %d ", i);
/* packet_write_wait(); */
debug("SSH2_MSG_NEWKEYS sent");
- debug("waiting for SSH2_MSG_NEWKEYS");
+ debug("expecting SSH2_MSG_NEWKEYS");
packet_read_expect(SSH2_MSG_NEWKEYS);
packet_check_eom();
debug("SSH2_MSG_NEWKEYS received");
kex_choose_conf(kex);
- switch (kex->kex_type) {
- case DH_GRP1_SHA1:
- kexdh(kex);
- break;
- case DH_GEX_SHA1:
- kexgex(kex);
- break;
-#ifdef GSSAPI
- case GSS_GRP1_SHA1:
- kexgss(kex);
- break;
-#endif
- default:
+ if (kex->kex_type >= 0 && kex->kex_type < KEX_MAX &&
+ kex->kex[kex->kex_type] != NULL) {
+ (kex->kex[kex->kex_type])(kex);
+ } else {
fatal("Unsupported key exchange %d", kex->kex_type);
}
}
{
k->name = match_list(client, server, NULL);
if (k->name == NULL)
- fatal("No key exchange algorithm");
+ fatal("no kex alg");
if (strcmp(k->name, KEX_DH1) == 0) {
- k->kex_type = DH_GRP1_SHA1;
+ k->kex_type = KEX_DH_GRP1_SHA1;
} else if (strcmp(k->name, KEX_DHGEX) == 0) {
- k->kex_type = DH_GEX_SHA1;
+ k->kex_type = KEX_DH_GEX_SHA1;
#ifdef GSSAPI
} else if (strncmp(k->name, KEX_GSS_SHA1, sizeof(KEX_GSS_SHA1)-1) == 0) {
- k->kex_type = GSS_GRP1_SHA1;
+ k->kex_type = KEX_GSS_GRP1_SHA1;
#endif
} else
fatal("bad kex alg %s", k->name);
xfree(hostkeyalg);
}
+static int
+proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX])
+{
+ static int check[] = {
+ PROPOSAL_KEX_ALGS, PROPOSAL_SERVER_HOST_KEY_ALGS, -1
+ };
+ int *idx;
+ char *p;
+
+ for (idx = &check[0]; *idx != -1; idx++) {
+ if ((p = strchr(my[*idx], ',')) != NULL)
+ *p = '\0';
+ if ((p = strchr(peer[*idx], ',')) != NULL)
+ *p = '\0';
+ if (strcmp(my[*idx], peer[*idx]) != 0) {
+ debug2("proposal mismatch: my %s peer %s",
+ my[*idx], peer[*idx]);
+ return (0);
+ }
+ }
+ debug2("proposals match");
+ return (1);
+}
+
static void
kex_choose_conf(Kex *kex)
{
int mode;
int ctos; /* direction: if true client-to-server */
int need;
+ int first_kex_follows, type;
- my = kex_buf2prop(&kex->my);
- peer = kex_buf2prop(&kex->peer);
+ my = kex_buf2prop(&kex->my, NULL);
+ peer = kex_buf2prop(&kex->peer, &first_kex_follows);
if (kex->server) {
cprop=peer;
/* XXX need runden? */
kex->we_need = need;
+ /* ignore the next message if the proposals do not match */
+ if (first_kex_follows && !proposals_match(my, peer) &&
+ !(datafellows & SSH_BUG_FIRSTKEX)) {
+ type = packet_read();
+ debug2("skipping next packet (type %u)", type);
+ }
+
kex_prop_free(my);
kex_prop_free(peer);
}
for (i = 0; i < NKEYS; i++)
keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret);
- debug("kex_derive_keys");
+ debug2("kex_derive_keys");
for (mode = 0; mode < MODE_MAX; mode++) {
current_keys[mode] = kex->newkeys[mode];
kex->newkeys[mode] = NULL;
-/* $OpenBSD: kex.h,v 1.32 2002/09/09 14:54:14 markus Exp $ */
+/* $OpenBSD: kex.h,v 1.33 2003/02/16 17:09:57 markus Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
};
enum kex_exchange {
- DH_GRP1_SHA1,
- DH_GEX_SHA1,
- GSS_GRP1_SHA1
+ KEX_DH_GRP1_SHA1,
+ KEX_DH_GEX_SHA1,
+ KEX_GSS_GRP1_SHA1,
+ KEX_MAX
};
#define KEX_INIT_SENT 0x0001
Buffer peer;
int done;
int flags;
- char *host;
char *client_version_string;
char *server_version_string;
+ struct KexOptions options;
int (*verify_host_key)(Key *);
Key *(*load_host_key)(int);
int (*host_key_index)(Key *);
- struct KexOptions options;
+ void (*kex[KEX_MAX])(Kex *);
};
Kex *kex_setup(char *[PROPOSAL_MAX]);
void kex_input_kexinit(int, u_int32_t, void *);
void kex_derive_keys(Kex *, u_char *, BIGNUM *);
-void kexdh(Kex *);
-void kexgex(Kex *);
+Newkeys *kex_get_newkeys(int);
+
+void kexdh_client(Kex *);
+void kexdh_server(Kex *);
+void kexgex_client(Kex *);
+void kexgex_server(Kex *);
#ifdef GSSAPI
-void kexgss(Kex *);
+void kexgss_client(Kex *);
+void kexgss_server(Kex *);
#endif
-Newkeys *kex_get_newkeys(int);
+u_char *
+kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
+ BIGNUM *, BIGNUM *, BIGNUM *);
+u_char *
+kexgex_hash(char *, char *, char *, int, char *, int, u_char *, int,
+ int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *);
#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH)
void dump_digest(char *, u_char *, int);
--- /dev/null
+/*
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+RCSID("$OpenBSD: kexdhc.c,v 1.1 2003/02/16 17:09:57 markus Exp $");
+
+#include "xmalloc.h"
+#include "key.h"
+#include "kex.h"
+#include "log.h"
+#include "packet.h"
+#include "dh.h"
+#include "ssh2.h"
+
+void
+kexdh_client(Kex *kex)
+{
+ BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
+ DH *dh;
+ Key *server_host_key;
+ u_char *server_host_key_blob = NULL, *signature = NULL;
+ u_char *kbuf, *hash;
+ u_int klen, kout, slen, sbloblen;
+
+ /* generate and send 'e', client DH public key */
+ dh = dh_new_group1();
+ dh_gen_key(dh, kex->we_need * 8);
+ packet_start(SSH2_MSG_KEXDH_INIT);
+ packet_put_bignum2(dh->pub_key);
+ packet_send();
+
+ debug("sending SSH2_MSG_KEXDH_INIT");
+#ifdef DEBUG_KEXDH
+ DHparams_print_fp(stderr, dh);
+ fprintf(stderr, "pub= ");
+ BN_print_fp(stderr, dh->pub_key);
+ fprintf(stderr, "\n");
+#endif
+
+ debug("expecting SSH2_MSG_KEXDH_REPLY");
+ packet_read_expect(SSH2_MSG_KEXDH_REPLY);
+
+ /* key, cert */
+ server_host_key_blob = packet_get_string(&sbloblen);
+ server_host_key = key_from_blob(server_host_key_blob, sbloblen);
+ if (server_host_key == NULL)
+ fatal("cannot decode server_host_key_blob");
+ if (server_host_key->type != kex->hostkey_type)
+ fatal("type mismatch for decoded server_host_key_blob");
+ if (kex->verify_host_key == NULL)
+ fatal("cannot verify server_host_key");
+ if (kex->verify_host_key(server_host_key) == -1)
+ fatal("server_host_key verification failed");
+
+ /* DH paramter f, server public DH key */
+ if ((dh_server_pub = BN_new()) == NULL)
+ fatal("dh_server_pub == NULL");
+ packet_get_bignum2(dh_server_pub);
+
+#ifdef DEBUG_KEXDH
+ fprintf(stderr, "dh_server_pub= ");
+ BN_print_fp(stderr, dh_server_pub);
+ fprintf(stderr, "\n");
+ debug("bits %d", BN_num_bits(dh_server_pub));
+#endif
+
+ /* signed H */
+ signature = packet_get_string(&slen);
+ packet_check_eom();
+
+ if (!dh_pub_is_valid(dh, dh_server_pub))
+ packet_disconnect("bad server public DH value");
+
+ klen = DH_size(dh);
+ kbuf = xmalloc(klen);
+ kout = DH_compute_key(kbuf, dh_server_pub, dh);
+#ifdef DEBUG_KEXDH
+ dump_digest("shared secret", kbuf, kout);
+#endif
+ if ((shared_secret = BN_new()) == NULL)
+ fatal("kexdh_client: BN_new failed");
+ BN_bin2bn(kbuf, kout, shared_secret);
+ memset(kbuf, 0, klen);
+ xfree(kbuf);
+
+ /* calc and verify H */
+ hash = kex_dh_hash(
+ kex->client_version_string,
+ kex->server_version_string,
+ buffer_ptr(&kex->my), buffer_len(&kex->my),
+ buffer_ptr(&kex->peer), buffer_len(&kex->peer),
+ server_host_key_blob, sbloblen,
+ dh->pub_key,
+ dh_server_pub,
+ shared_secret
+ );
+ xfree(server_host_key_blob);
+ BN_clear_free(dh_server_pub);
+ DH_free(dh);
+
+ if (key_verify(server_host_key, signature, slen, hash, 20) != 1)
+ fatal("key_verify failed for server_host_key");
+ key_free(server_host_key);
+ xfree(signature);
+
+ /* save session id */
+ if (kex->session_id == NULL) {
+ kex->session_id_len = 20;
+ kex->session_id = xmalloc(kex->session_id_len);
+ memcpy(kex->session_id, hash, kex->session_id_len);
+ }
+
+ kex_derive_keys(kex, hash, shared_secret);
+ BN_clear_free(shared_secret);
+ kex_finish(kex);
+}
--- /dev/null
+/*
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+RCSID("$OpenBSD: kexdhs.c,v 1.1 2003/02/16 17:09:57 markus Exp $");
+
+#include "xmalloc.h"
+#include "key.h"
+#include "kex.h"
+#include "log.h"
+#include "packet.h"
+#include "dh.h"
+#include "ssh2.h"
+#include "monitor_wrap.h"
+
+void
+kexdh_server(Kex *kex)
+{
+ BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
+ DH *dh;
+ Key *server_host_key;
+ u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
+ u_int sbloblen, klen, kout;
+ u_int slen;
+
+ /* generate server DH public key */
+ dh = dh_new_group1();
+ dh_gen_key(dh, kex->we_need * 8);
+
+ debug("expecting SSH2_MSG_KEXDH_INIT");
+ packet_read_expect(SSH2_MSG_KEXDH_INIT);
+
+ if (kex->load_host_key == NULL)
+ fatal("Cannot load hostkey");
+ server_host_key = kex->load_host_key(kex->hostkey_type);
+ if (server_host_key == NULL)
+ fatal("Unsupported hostkey type %d", kex->hostkey_type);
+
+ /* key, cert */
+ if ((dh_client_pub = BN_new()) == NULL)
+ fatal("dh_client_pub == NULL");
+ packet_get_bignum2(dh_client_pub);
+ packet_check_eom();
+
+#ifdef DEBUG_KEXDH
+ fprintf(stderr, "dh_client_pub= ");
+ BN_print_fp(stderr, dh_client_pub);
+ fprintf(stderr, "\n");
+ debug("bits %d", BN_num_bits(dh_client_pub));
+#endif
+
+#ifdef DEBUG_KEXDH
+ DHparams_print_fp(stderr, dh);
+ fprintf(stderr, "pub= ");
+ BN_print_fp(stderr, dh->pub_key);
+ fprintf(stderr, "\n");
+#endif
+ if (!dh_pub_is_valid(dh, dh_client_pub))
+ packet_disconnect("bad client public DH value");
+
+ klen = DH_size(dh);
+ kbuf = xmalloc(klen);
+ kout = DH_compute_key(kbuf, dh_client_pub, dh);
+#ifdef DEBUG_KEXDH
+ dump_digest("shared secret", kbuf, kout);
+#endif
+ if ((shared_secret = BN_new()) == NULL)
+ fatal("kexdh_server: BN_new failed");
+ BN_bin2bn(kbuf, kout, shared_secret);
+ memset(kbuf, 0, klen);
+ xfree(kbuf);
+
+ key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);
+
+ /* calc H */
+ hash = kex_dh_hash(
+ kex->client_version_string,
+ kex->server_version_string,
+ buffer_ptr(&kex->peer), buffer_len(&kex->peer),
+ buffer_ptr(&kex->my), buffer_len(&kex->my),
+ server_host_key_blob, sbloblen,
+ dh_client_pub,
+ dh->pub_key,
+ shared_secret
+ );
+ BN_clear_free(dh_client_pub);
+
+ /* save session id := H */
+ /* XXX hashlen depends on KEX */
+ if (kex->session_id == NULL) {
+ kex->session_id_len = 20;
+ kex->session_id = xmalloc(kex->session_id_len);
+ memcpy(kex->session_id, hash, kex->session_id_len);
+ }
+
+ /* sign H */
+ /* XXX hashlen depends on KEX */
+ PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20));
+
+ /* destroy_sensitive_data(); */
+
+ /* send server hostkey, DH pubkey 'f' and singed H */
+ packet_start(SSH2_MSG_KEXDH_REPLY);
+ packet_put_string(server_host_key_blob, sbloblen);
+ packet_put_bignum2(dh->pub_key); /* f */
+ packet_put_string(signature, slen);
+ packet_send();
+
+ xfree(signature);
+ xfree(server_host_key_blob);
+ /* have keys, free DH */
+ DH_free(dh);
+
+ kex_derive_keys(kex, hash, shared_secret);
+ BN_clear_free(shared_secret);
+ kex_finish(kex);
+}
--- /dev/null
+/*
+ * Copyright (c) 2000 Niels Provos. All rights reserved.
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+RCSID("$OpenBSD: kexgexc.c,v 1.1 2003/02/16 17:09:57 markus Exp $");
+
+#include "xmalloc.h"
+#include "key.h"
+#include "kex.h"
+#include "log.h"
+#include "packet.h"
+#include "dh.h"
+#include "ssh2.h"
+#include "compat.h"
+
+void
+kexgex_client(Kex *kex)
+{
+ BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
+ BIGNUM *p = NULL, *g = NULL;
+ Key *server_host_key;
+ u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
+ u_int klen, kout, slen, sbloblen;
+ int min, max, nbits;
+ DH *dh;
+
+ nbits = dh_estimate(kex->we_need * 8);
+
+ if (datafellows & SSH_OLD_DHGEX) {
+ debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD sent");
+
+ /* Old GEX request */
+ packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST_OLD);
+ packet_put_int(nbits);
+ min = DH_GRP_MIN;
+ max = DH_GRP_MAX;
+ } else {
+ debug("SSH2_MSG_KEX_DH_GEX_REQUEST sent");
+
+ /* New GEX request */
+ min = DH_GRP_MIN;
+ max = DH_GRP_MAX;
+ packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST);
+ packet_put_int(min);
+ packet_put_int(nbits);
+ packet_put_int(max);
+ }
+#ifdef DEBUG_KEXDH
+ fprintf(stderr, "\nmin = %d, nbits = %d, max = %d\n",
+ min, nbits, max);
+#endif
+ packet_send();
+
+ debug("expecting SSH2_MSG_KEX_DH_GEX_GROUP");
+ packet_read_expect(SSH2_MSG_KEX_DH_GEX_GROUP);
+
+ if ((p = BN_new()) == NULL)
+ fatal("BN_new");
+ packet_get_bignum2(p);
+ if ((g = BN_new()) == NULL)
+ fatal("BN_new");
+ packet_get_bignum2(g);
+ packet_check_eom();
+
+ if (BN_num_bits(p) < min || BN_num_bits(p) > max)
+ fatal("DH_GEX group out of range: %d !< %d !< %d",
+ min, BN_num_bits(p), max);
+
+ dh = dh_new_group(g, p);
+ dh_gen_key(dh, kex->we_need * 8);
+
+#ifdef DEBUG_KEXDH
+ DHparams_print_fp(stderr, dh);
+ fprintf(stderr, "pub= ");
+ BN_print_fp(stderr, dh->pub_key);
+ fprintf(stderr, "\n");
+#endif
+
+ debug("SSH2_MSG_KEX_DH_GEX_INIT sent");
+ /* generate and send 'e', client DH public key */
+ packet_start(SSH2_MSG_KEX_DH_GEX_INIT);
+ packet_put_bignum2(dh->pub_key);
+ packet_send();
+
+ debug("expecting SSH2_MSG_KEX_DH_GEX_REPLY");
+ packet_read_expect(SSH2_MSG_KEX_DH_GEX_REPLY);
+
+ /* key, cert */
+ server_host_key_blob = packet_get_string(&sbloblen);
+ server_host_key = key_from_blob(server_host_key_blob, sbloblen);
+ if (server_host_key == NULL)
+ fatal("cannot decode server_host_key_blob");
+ if (server_host_key->type != kex->hostkey_type)
+ fatal("type mismatch for decoded server_host_key_blob");
+ if (kex->verify_host_key == NULL)
+ fatal("cannot verify server_host_key");
+ if (kex->verify_host_key(server_host_key) == -1)
+ fatal("server_host_key verification failed");
+
+ /* DH paramter f, server public DH key */
+ if ((dh_server_pub = BN_new()) == NULL)
+ fatal("dh_server_pub == NULL");
+ packet_get_bignum2(dh_server_pub);
+
+#ifdef DEBUG_KEXDH
+ fprintf(stderr, "dh_server_pub= ");
+ BN_print_fp(stderr, dh_server_pub);
+ fprintf(stderr, "\n");
+ debug("bits %d", BN_num_bits(dh_server_pub));
+#endif
+
+ /* signed H */
+ signature = packet_get_string(&slen);
+ packet_check_eom();
+
+ if (!dh_pub_is_valid(dh, dh_server_pub))
+ packet_disconnect("bad server public DH value");
+
+ klen = DH_size(dh);
+ kbuf = xmalloc(klen);
+ kout = DH_compute_key(kbuf, dh_server_pub, dh);
+#ifdef DEBUG_KEXDH
+ dump_digest("shared secret", kbuf, kout);
+#endif
+ if ((shared_secret = BN_new()) == NULL)
+ fatal("kexgex_client: BN_new failed");
+ BN_bin2bn(kbuf, kout, shared_secret);
+ memset(kbuf, 0, klen);
+ xfree(kbuf);
+
+ if (datafellows & SSH_OLD_DHGEX)
+ min = max = -1;
+
+ /* calc and verify H */
+ hash = kexgex_hash(
+ kex->client_version_string,
+ kex->server_version_string,
+ buffer_ptr(&kex->my), buffer_len(&kex->my),
+ buffer_ptr(&kex->peer), buffer_len(&kex->peer),
+ server_host_key_blob, sbloblen,
+ min, nbits, max,
+ dh->p, dh->g,
+ dh->pub_key,
+ dh_server_pub,
+ shared_secret
+ );
+ /* have keys, free DH */
+ DH_free(dh);
+ xfree(server_host_key_blob);
+ BN_clear_free(dh_server_pub);
+
+ if (key_verify(server_host_key, signature, slen, hash, 20) != 1)
+ fatal("key_verify failed for server_host_key");
+ key_free(server_host_key);
+ xfree(signature);
+
+ /* save session id */
+ if (kex->session_id == NULL) {
+ kex->session_id_len = 20;
+ kex->session_id = xmalloc(kex->session_id_len);
+ memcpy(kex->session_id, hash, kex->session_id_len);
+ }
+ kex_derive_keys(kex, hash, shared_secret);
+ BN_clear_free(shared_secret);
+
+ kex_finish(kex);
+}
--- /dev/null
+/*
+ * Copyright (c) 2000 Niels Provos. All rights reserved.
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+RCSID("$OpenBSD: kexgexs.c,v 1.1 2003/02/16 17:09:57 markus Exp $");
+
+#include "xmalloc.h"
+#include "key.h"
+#include "kex.h"
+#include "log.h"
+#include "packet.h"
+#include "dh.h"
+#include "ssh2.h"
+#include "compat.h"
+#include "monitor_wrap.h"
+
+void
+kexgex_server(Kex *kex)
+{
+ BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
+ Key *server_host_key;
+ DH *dh;
+ u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
+ u_int sbloblen, klen, kout, slen;
+ int min = -1, max = -1, nbits = -1, type;
+
+ if (kex->load_host_key == NULL)
+ fatal("Cannot load hostkey");
+ server_host_key = kex->load_host_key(kex->hostkey_type);
+ if (server_host_key == NULL)
+ fatal("Unsupported hostkey type %d", kex->hostkey_type);
+
+ type = packet_read();
+ switch (type) {
+ case SSH2_MSG_KEX_DH_GEX_REQUEST:
+ debug("SSH2_MSG_KEX_DH_GEX_REQUEST received");
+ min = packet_get_int();
+ nbits = packet_get_int();
+ max = packet_get_int();
+ min = MAX(DH_GRP_MIN, min);
+ max = MIN(DH_GRP_MAX, max);
+ break;
+ case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD:
+ debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received");
+ nbits = packet_get_int();
+ min = DH_GRP_MIN;
+ max = DH_GRP_MAX;
+ /* unused for old GEX */
+ break;
+ default:
+ fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type);
+ }
+ packet_check_eom();
+
+ if (max < min || nbits < min || max < nbits)
+ fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d",
+ min, nbits, max);
+
+ /* Contact privileged parent */
+ dh = PRIVSEP(choose_dh(min, nbits, max));
+ if (dh == NULL)
+ packet_disconnect("Protocol error: no matching DH grp found");
+
+ debug("SSH2_MSG_KEX_DH_GEX_GROUP sent");
+ packet_start(SSH2_MSG_KEX_DH_GEX_GROUP);
+ packet_put_bignum2(dh->p);
+ packet_put_bignum2(dh->g);
+ packet_send();
+
+ /* flush */
+ packet_write_wait();
+
+ /* Compute our exchange value in parallel with the client */
+ dh_gen_key(dh, kex->we_need * 8);
+
+ debug("expecting SSH2_MSG_KEX_DH_GEX_INIT");
+ packet_read_expect(SSH2_MSG_KEX_DH_GEX_INIT);
+
+ /* key, cert */
+ if ((dh_client_pub = BN_new()) == NULL)
+ fatal("dh_client_pub == NULL");
+ packet_get_bignum2(dh_client_pub);
+ packet_check_eom();
+
+#ifdef DEBUG_KEXDH
+ fprintf(stderr, "dh_client_pub= ");
+ BN_print_fp(stderr, dh_client_pub);
+ fprintf(stderr, "\n");
+ debug("bits %d", BN_num_bits(dh_client_pub));
+#endif
+
+#ifdef DEBUG_KEXDH
+ DHparams_print_fp(stderr, dh);
+ fprintf(stderr, "pub= ");
+ BN_print_fp(stderr, dh->pub_key);
+ fprintf(stderr, "\n");
+#endif
+ if (!dh_pub_is_valid(dh, dh_client_pub))
+ packet_disconnect("bad client public DH value");
+
+ klen = DH_size(dh);
+ kbuf = xmalloc(klen);
+ kout = DH_compute_key(kbuf, dh_client_pub, dh);
+#ifdef DEBUG_KEXDH
+ dump_digest("shared secret", kbuf, kout);
+#endif
+ if ((shared_secret = BN_new()) == NULL)
+ fatal("kexgex_server: BN_new failed");
+ BN_bin2bn(kbuf, kout, shared_secret);
+ memset(kbuf, 0, klen);
+ xfree(kbuf);
+
+ key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);
+
+ if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD)
+ min = max = -1;
+
+ /* calc H */ /* XXX depends on 'kex' */
+ hash = kexgex_hash(
+ kex->client_version_string,
+ kex->server_version_string,
+ buffer_ptr(&kex->peer), buffer_len(&kex->peer),
+ buffer_ptr(&kex->my), buffer_len(&kex->my),
+ server_host_key_blob, sbloblen,
+ min, nbits, max,
+ dh->p, dh->g,
+ dh_client_pub,
+ dh->pub_key,
+ shared_secret
+ );
+ BN_clear_free(dh_client_pub);
+
+ /* save session id := H */
+ /* XXX hashlen depends on KEX */
+ if (kex->session_id == NULL) {
+ kex->session_id_len = 20;
+ kex->session_id = xmalloc(kex->session_id_len);
+ memcpy(kex->session_id, hash, kex->session_id_len);
+ }
+
+ /* sign H */
+ /* XXX hashlen depends on KEX */
+ PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20));
+
+ /* destroy_sensitive_data(); */
+
+ /* send server hostkey, DH pubkey 'f' and singed H */
+ debug("SSH2_MSG_KEX_DH_GEX_REPLY sent");
+ packet_start(SSH2_MSG_KEX_DH_GEX_REPLY);
+ packet_put_string(server_host_key_blob, sbloblen);
+ packet_put_bignum2(dh->pub_key); /* f */
+ packet_put_string(signature, slen);
+ packet_send();
+
+ xfree(signature);
+ xfree(server_host_key_blob);
+ /* have keys, free DH */
+ DH_free(dh);
+
+ kex_derive_keys(kex, hash, shared_secret);
+ BN_clear_free(shared_secret);
+
+ kex_finish(kex);
+}
+++ /dev/null
-/*
- * Copyright (c) 2001,2002 Simon Wilkinson. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "includes.h"
-
-#ifdef GSSAPI
-
-#include <openssl/crypto.h>
-#include <openssl/bn.h>
-
-#include "xmalloc.h"
-#include "buffer.h"
-#include "bufaux.h"
-#include "kex.h"
-#include "log.h"
-#include "packet.h"
-#include "dh.h"
-#include "ssh2.h"
-#include "ssh-gss.h"
-#include "monitor_wrap.h"
-#include "canohost.h"
-
-/* This is now the same as the DH hash ... */
-
-u_char *
-kex_gssapi_hash(
- char *client_version_string,
- char *server_version_string,
- char *ckexinit, int ckexinitlen,
- char *skexinit, int skexinitlen,
- u_char *serverhostkeyblob, int sbloblen,
- BIGNUM *client_dh_pub,
- BIGNUM *server_dh_pub,
- BIGNUM *shared_secret)
-{
- Buffer b;
- static u_char digest[EVP_MAX_MD_SIZE];
- EVP_MD *evp_md = EVP_sha1();
- EVP_MD_CTX md;
-
- buffer_init(&b);
- buffer_put_string(&b, client_version_string, strlen(client_version_string));
- buffer_put_string(&b, server_version_string, strlen(server_version_string));
-
- /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */
- buffer_put_int(&b, ckexinitlen+1);
- buffer_put_char(&b, SSH2_MSG_KEXINIT);
- buffer_append(&b, ckexinit, ckexinitlen);
- buffer_put_int(&b, skexinitlen+1);
- buffer_put_char(&b, SSH2_MSG_KEXINIT);
- buffer_append(&b, skexinit, skexinitlen);
-
- buffer_put_string(&b, serverhostkeyblob, sbloblen);
- buffer_put_bignum2(&b, client_dh_pub);
- buffer_put_bignum2(&b, server_dh_pub);
- buffer_put_bignum2(&b, shared_secret);
-
-#ifdef DEBUG_KEX
- buffer_dump(&b);
-#endif
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
- EVP_DigestFinal(&md, digest, NULL);
-
- buffer_free(&b);
-
-#ifdef DEBUG_KEX
- dump_digest("hash", digest, evp_md->md_size);
-#endif
- return digest;
-}
-
-void
-kexgss_client(Kex *kex)
-{
- gss_buffer_desc gssbuf,send_tok,recv_tok, msg_tok, *token_ptr;
- Gssctxt *ctxt;
- OM_uint32 maj_status, min_status, ret_flags;
- unsigned int klen, kout;
- DH *dh;
- BIGNUM *dh_server_pub = 0;
- BIGNUM *shared_secret = 0;
- unsigned char *kbuf;
- unsigned char *hash;
- unsigned char *serverhostkey;
- int type = 0;
- int first = 1;
- int slen = 0;
-
- /* Initialise our GSSAPI world */
- ssh_gssapi_build_ctx(&ctxt);
- if (ssh_gssapi_id_kex(ctxt,kex->name)==NULL) {
- fatal("Couldn't identify host exchange");
- }
- if (ssh_gssapi_import_name(ctxt,get_canonical_hostname(1))) {
- fatal("Couldn't import hostname ");
- }
-
- /* This code should match that in ssh_dh1_client */
-
- /* Step 1 - e is dh->pub_key */
- dh = dh_new_group1();
- dh_gen_key(dh, kex->we_need * 8);
-
- /* This is f, we initialise it now to make life easier */
- dh_server_pub = BN_new();
- if (dh_server_pub == NULL) {
- fatal("dh_server_pub == NULL");
- }
-
- token_ptr = GSS_C_NO_BUFFER;
-
- do {
- debug("Calling gss_init_sec_context");
-
- maj_status=ssh_gssapi_init_ctx(ctxt,
- kex->options.gss_deleg_creds,
- token_ptr,&send_tok,
- &ret_flags);
-
- if (GSS_ERROR(maj_status)) {
- fatal("gss_init_context failed");
- }
-
- /* If we've got an old receive buffer get rid of it */
- if (token_ptr != GSS_C_NO_BUFFER)
- (void) gss_release_buffer(&min_status, &recv_tok);
-
-
- if (maj_status == GSS_S_COMPLETE) {
- /* If mutual state flag is not true, kex fails */
- if (!(ret_flags & GSS_C_MUTUAL_FLAG)) {
- fatal("Mutual authentication failed");
- }
- /* If integ avail flag is not true kex fails */
- if (!(ret_flags & GSS_C_INTEG_FLAG)) {
- fatal("Integrity check failed");
- }
- }
-
- /* If we have data to send, then the last message that we
- * received cannot have been a 'complete'. */
- if (send_tok.length !=0) {
- if (first) {
- packet_start(SSH2_MSG_KEXGSS_INIT);
- packet_put_string(send_tok.value,
- send_tok.length);
- packet_put_bignum2(dh->pub_key);
- first=0;
- } else {
- packet_start(SSH2_MSG_KEXGSS_CONTINUE);
- packet_put_string(send_tok.value,
- send_tok.length);
- }
- packet_send();
- packet_write_wait();
-
-
- /* If we've sent them data, they'd better be polite
- * and reply. */
-
- type = packet_read();
- switch (type) {
- case SSH2_MSG_KEXGSS_HOSTKEY:
- debug("Received KEXGSS_HOSTKEY");
- serverhostkey=packet_get_string(&slen);
- break;
- case SSH2_MSG_KEXGSS_CONTINUE:
- debug("Received GSSAPI_CONTINUE");
- if (maj_status == GSS_S_COMPLETE)
- fatal("GSSAPI Continue received from server when complete");
- recv_tok.value=packet_get_string(&slen);
- recv_tok.length=slen; /* int vs. size_t */
- break;
- case SSH2_MSG_KEXGSS_COMPLETE:
- debug("Received GSSAPI_COMPLETE");
- packet_get_bignum2(dh_server_pub);
- msg_tok.value=packet_get_string(&slen);
- msg_tok.length=slen; /* int vs. size_t */
-
- /* Is there a token included? */
- if (packet_get_char()) {
- recv_tok.value=
- packet_get_string(&slen);
- recv_tok.length=slen; /* int/size_t */
- /* If we're already complete - protocol error */
- if (maj_status == GSS_S_COMPLETE)
- packet_disconnect("Protocol error: received token when complete");
- } else {
- /* No token included */
- if (maj_status != GSS_S_COMPLETE)
- packet_disconnect("Protocol error: did not receive final token");
- }
- break;
- default:
- packet_disconnect("Protocol error: didn't expect packet type %d",
- type);
- }
- token_ptr=&recv_tok;
- }
-
- } while (maj_status & GSS_S_CONTINUE_NEEDED);
-
- /* We _must_ have received a COMPLETE message in reply from the
- * server, which will have set dh_server_pub and msg_tok */
-
- if (type!=SSH2_MSG_KEXGSS_COMPLETE)
- fatal("Didn't receive a SSH2_MSG_KEXGSS_COMPLETE when I expected it");
-
- /* Check f in range [1, p-1] */
- if (!dh_pub_is_valid(dh, dh_server_pub))
- packet_disconnect("bad server public DH value");
-
- /* compute K=f^x mod p */
- klen = DH_size(dh);
- kbuf = xmalloc(klen);
- kout = DH_compute_key(kbuf, dh_server_pub, dh);
-
- shared_secret = BN_new();
- BN_bin2bn(kbuf,kout, shared_secret);
- memset(kbuf, 0, klen);
- xfree(kbuf);
-
- slen=0;
- hash = kex_gssapi_hash(
- kex->client_version_string,
- kex->server_version_string,
- buffer_ptr(&kex->my), buffer_len(&kex->my),
- buffer_ptr(&kex->peer), buffer_len(&kex->peer),
- serverhostkey, slen, /* server host key */
- dh->pub_key, /* e */
- dh_server_pub, /* f */
- shared_secret /* K */
- );
-
- gssbuf.value=hash;
- gssbuf.length=20;
-
- /* Verify that H matches the token we just got. */
- if ((maj_status = gss_verify_mic(&min_status,
- ctxt->context,
- &gssbuf,
- &msg_tok,
- NULL))) {
-
- packet_disconnect("Hash's MIC didn't verify");
- }
-
- DH_free(dh);
- ssh_gssapi_delete_ctx(&ctxt);
- /* save session id */
- if (kex->session_id == NULL) {
- kex->session_id_len = 20;
- kex->session_id = xmalloc(kex->session_id_len);
- memcpy(kex->session_id, hash, kex->session_id_len);
- }
-
- kex_derive_keys(kex, hash, shared_secret);
- BN_clear_free(shared_secret);
- kex_finish(kex);
-}
-
-
-
-
-void
-kexgss_server(Kex *kex)
-{
-
- OM_uint32 maj_status, min_status;
-
- /* Some GSSAPI implementations use the input value of ret_flags (an
- * output variable) as a means of triggering mechanism specific
- * features. Initializing it to zero avoids inadvertently
- * activating this non-standard behaviour.*/
-
- OM_uint32 ret_flags = 0;
- gss_buffer_desc gssbuf,send_tok,recv_tok,msg_tok;
- Gssctxt *ctxt = NULL;
- unsigned int klen, kout;
- unsigned char *kbuf;
- unsigned char *hash;
- DH *dh;
- BIGNUM *shared_secret = NULL;
- BIGNUM *dh_client_pub = NULL;
- int type =0;
- gss_OID oid;
- u_int slen;
-
- /* Initialise GSSAPI */
-
- debug2("%s: Identifying %s",__func__,kex->name);
- oid=ssh_gssapi_id_kex(ctxt,kex->name);
- if (oid==NULL) {
- packet_disconnect("Unknown gssapi mechanism");
- }
-
- debug2("%s: Acquiring credentials",__func__);
-
- if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt,oid))))
- packet_disconnect("Unable to acquire credentials for the server");
-
- do {
- debug("Wait SSH2_MSG_GSSAPI_INIT");
- type = packet_read();
- switch(type) {
- case SSH2_MSG_KEXGSS_INIT:
- if (dh_client_pub!=NULL)
- packet_disconnect("Received KEXGSS_INIT after initialising");
- recv_tok.value=packet_get_string(&slen);
- recv_tok.length=slen; /* int vs. size_t */
-
- dh_client_pub = BN_new();
-
- if (dh_client_pub == NULL)
- fatal("dh_client_pub == NULL");
- packet_get_bignum2(dh_client_pub);
-
- /* Send SSH_MSG_KEXGSS_HOSTKEY here, if we want */
- break;
- case SSH2_MSG_KEXGSS_CONTINUE:
- if (dh_client_pub == NULL)
- packet_disconnect("Received KEXGSS_CONTINUE without initialising");
- recv_tok.value=packet_get_string(&slen);
- recv_tok.length=slen; /* int vs. size_t */
- break;
- default:
- packet_disconnect("Protocol error: didn't expect packet type %d",
- type);
- }
-
- maj_status=PRIVSEP(ssh_gssapi_accept_ctx(ctxt,&recv_tok,
- &send_tok, &ret_flags));
-
- gss_release_buffer(&min_status,&recv_tok);
-
-#ifdef GSS_C_GLOBUS_LIMITED_PROXY_FLAG
- if (ret_flags & GSS_C_GLOBUS_LIMITED_PROXY_FLAG) {
- packet_disconnect("Limited proxy is not allowed in gssapi key exchange.");
- }
-#endif
-
- if (maj_status & GSS_S_CONTINUE_NEEDED) {
- debug("Sending GSSAPI_CONTINUE");
- packet_start(SSH2_MSG_KEXGSS_CONTINUE);
- packet_put_string(send_tok.value,send_tok.length);
- packet_send();
- packet_write_wait();
- gss_release_buffer(&min_status, &send_tok);
- }
- } while (maj_status & GSS_S_CONTINUE_NEEDED);
-
- if (GSS_ERROR(maj_status)) {
- ssh_gssapi_send_error(oid,maj_status,min_status);
- packet_disconnect("gssapi key exchange handshake failed");
- }
-
- debug("gss_complete");
- if (!(ret_flags & GSS_C_MUTUAL_FLAG)) {
- ssh_gssapi_send_error(oid,maj_status,min_status);
- packet_disconnect("gssapi mutual authentication failed");
- }
-
- if (!(ret_flags & GSS_C_INTEG_FLAG)) {
- ssh_gssapi_send_error(oid,maj_status,min_status);
- packet_disconnect("gssapi channel integrity not established");
- }
-
- dh = dh_new_group1();
- dh_gen_key(dh, kex->we_need * 8);
-
- if (!dh_pub_is_valid(dh, dh_client_pub))
- packet_disconnect("bad client public DH value");
-
- klen = DH_size(dh);
- kbuf = xmalloc(klen);
- kout = DH_compute_key(kbuf, dh_client_pub, dh);
-
- shared_secret = BN_new();
- BN_bin2bn(kbuf, kout, shared_secret);
- memset(kbuf, 0, klen);
- xfree(kbuf);
-
- hash = kex_gssapi_hash(
- kex->client_version_string,
- kex->server_version_string,
- buffer_ptr(&kex->peer), buffer_len(&kex->peer),
- buffer_ptr(&kex->my), buffer_len(&kex->my),
- NULL, 0, /* Change this if we start sending host keys */
- dh_client_pub,
- dh->pub_key,
- shared_secret
- );
- BN_free(dh_client_pub);
-
- if (kex->session_id == NULL) {
- kex->session_id_len = 20;
- kex->session_id = xmalloc(kex->session_id_len);
- memcpy(kex->session_id, hash, kex->session_id_len);
- }
-
- gssbuf.value = hash;
- gssbuf.length = 20; /* Hashlen appears to always be 20 */
-
- if (GSS_ERROR(PRIVSEP(ssh_gssapi_sign(ctxt,&gssbuf,&msg_tok)))) {
- if (ctxt) { /* may be NULL under privsep */
- ssh_gssapi_send_error(ctxt->oid,maj_status,min_status);
- } else {
- ssh_gssapi_send_error(GSS_C_NO_OID,maj_status,min_status);
- }
- packet_disconnect("Couldn't get MIC");
- }
-
- packet_start(SSH2_MSG_KEXGSS_COMPLETE);
- packet_put_bignum2(dh->pub_key);
- packet_put_string((char *)msg_tok.value,msg_tok.length);
-
- if (send_tok.length!=0) {
- packet_put_char(1); /* true */
- packet_put_string((char *)send_tok.value,send_tok.length);
- } else {
- packet_put_char(0); /* false */
- }
- packet_send();
- packet_write_wait();
-
- /* We used to store the client name and credentials here for later
- * use. With privsep, its easier to do this as a by product of the
- * call to accept_context, which stores delegated information when
- * the context is complete */
-
- gss_release_buffer(&min_status, &send_tok);
-
- /* If we've got a context, delete it. It may be NULL if we've been
- * using privsep */
- ssh_gssapi_delete_ctx(&ctxt);
-
- DH_free(dh);
-
- kex_derive_keys(kex, hash, shared_secret);
- BN_clear_free(shared_secret);
- kex_finish(kex);
-}
-
-void
-kexgss(Kex *kex)
-{
- if (kex->server)
- kexgss_server(kex);
- else
- kexgss_client(kex);
-}
-
-#endif /* GSSAPI */
--- /dev/null
+/*
+ * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#ifdef GSSAPI
+
+#include <openssl/crypto.h>
+#include <openssl/bn.h>
+
+#include "xmalloc.h"
+#include "buffer.h"
+#include "bufaux.h"
+#include "kex.h"
+#include "log.h"
+#include "packet.h"
+#include "dh.h"
+#include "canohost.h"
+#include "ssh2.h"
+#include "ssh-gss.h"
+
+void
+kexgss_client(Kex *kex)
+{
+ gss_buffer_desc gssbuf,send_tok,recv_tok, msg_tok, *token_ptr;
+ Gssctxt *ctxt;
+ OM_uint32 maj_status, min_status, ret_flags;
+ unsigned int klen, kout;
+ DH *dh;
+ BIGNUM *dh_server_pub = 0;
+ BIGNUM *shared_secret = 0;
+ unsigned char *kbuf;
+ unsigned char *hash;
+ unsigned char *serverhostkey;
+ char *msg;
+ char *lang;
+ int type = 0;
+ int first = 1;
+ int slen = 0;
+ u_int strlen;
+
+ /* Initialise our GSSAPI world */
+ ssh_gssapi_build_ctx(&ctxt);
+ if (ssh_gssapi_client_id_kex(ctxt,kex->name)==NULL) {
+ fatal("Couldn't identify host exchange");
+ }
+
+ if (ssh_gssapi_import_name(ctxt,get_canonical_hostname(1))) {
+ fatal("Couldn't import hostname ");
+ }
+
+ /* This code should match that in ssh_dh1_client */
+
+ /* Step 1 - e is dh->pub_key */
+ dh = dh_new_group1();
+ dh_gen_key(dh, kex->we_need * 8);
+
+ /* This is f, we initialise it now to make life easier */
+ dh_server_pub = BN_new();
+ if (dh_server_pub == NULL) {
+ fatal("dh_server_pub == NULL");
+ }
+
+ token_ptr = GSS_C_NO_BUFFER;
+
+ do {
+ debug("Calling gss_init_sec_context");
+
+ maj_status=ssh_gssapi_init_ctx(ctxt,
+ kex->options.gss_deleg_creds,
+ token_ptr,&send_tok,
+ &ret_flags);
+
+ if (GSS_ERROR(maj_status)) {
+ if (send_tok.length!=0) {
+ packet_start(SSH2_MSG_KEXGSS_CONTINUE);
+ packet_put_string(send_tok.value,
+ send_tok.length);
+ }
+ fatal("gss_init_context failed");
+ }
+
+ /* If we've got an old receive buffer get rid of it */
+ if (token_ptr != GSS_C_NO_BUFFER)
+ (void) gss_release_buffer(&min_status, &recv_tok);
+
+
+ if (maj_status == GSS_S_COMPLETE) {
+ /* If mutual state flag is not true, kex fails */
+ if (!(ret_flags & GSS_C_MUTUAL_FLAG)) {
+ fatal("Mutual authentication failed");
+ }
+ /* If integ avail flag is not true kex fails */
+ if (!(ret_flags & GSS_C_INTEG_FLAG)) {
+ fatal("Integrity check failed");
+ }
+ }
+
+ /* If we have data to send, then the last message that we
+ * received cannot have been a 'complete'. */
+ if (send_tok.length !=0) {
+ if (first) {
+ packet_start(SSH2_MSG_KEXGSS_INIT);
+ packet_put_string(send_tok.value,
+ send_tok.length);
+ packet_put_bignum2(dh->pub_key);
+ first=0;
+ } else {
+ packet_start(SSH2_MSG_KEXGSS_CONTINUE);
+ packet_put_string(send_tok.value,
+ send_tok.length);
+ }
+ packet_send();
+ packet_write_wait();
+
+
+ /* If we've sent them data, they'd better be polite
+ * and reply. */
+
+ type = packet_read();
+ switch (type) {
+ case SSH2_MSG_KEXGSS_HOSTKEY:
+ debug("Received KEXGSS_HOSTKEY");
+ serverhostkey=packet_get_string(&slen);
+ break;
+ case SSH2_MSG_KEXGSS_CONTINUE:
+ debug("Received GSSAPI_CONTINUE");
+ if (maj_status == GSS_S_COMPLETE)
+ fatal("GSSAPI Continue received from server when complete");
+ recv_tok.value=packet_get_string(&strlen);
+ recv_tok.length=strlen; /* u_int vs. size_t */
+ break;
+ case SSH2_MSG_KEXGSS_COMPLETE:
+ debug("Received GSSAPI_COMPLETE");
+ packet_get_bignum2(dh_server_pub);
+ msg_tok.value=packet_get_string(&strlen);
+ msg_tok.length=strlen; /* u_int vs. size_t */
+
+ /* Is there a token included? */
+ if (packet_get_char()) {
+ recv_tok.value=
+ packet_get_string(&strlen);
+ recv_tok.length=strlen; /*u_int/size_t*/
+ /* If we're already complete - protocol error */
+ if (maj_status == GSS_S_COMPLETE)
+ packet_disconnect("Protocol error: received token when complete");
+ } else {
+ /* No token included */
+ if (maj_status != GSS_S_COMPLETE)
+ packet_disconnect("Protocol error: did not receive final token");
+ }
+ break;
+ case SSH2_MSG_KEXGSS_ERROR:
+ debug("Received Error");
+ maj_status=packet_get_int();
+ min_status=packet_get_int();
+ msg=packet_get_string(NULL);
+ lang=packet_get_string(NULL);
+ fatal("GSSAPI Key Exchange Error: \n%s",msg);
+ default:
+ packet_disconnect("Protocol error: didn't expect packet type %d",
+ type);
+ }
+ token_ptr=&recv_tok;
+ } else {
+ /* No data, and not complete */
+ if (maj_status!=GSS_S_COMPLETE) {
+ fatal("Not complete, and no token output");
+ }
+ }
+ } while (maj_status & GSS_S_CONTINUE_NEEDED);
+
+ /* We _must_ have received a COMPLETE message in reply from the
+ * server, which will have set dh_server_pub and msg_tok */
+
+ if (type!=SSH2_MSG_KEXGSS_COMPLETE)
+ fatal("Didn't receive a SSH2_MSG_KEXGSS_COMPLETE when I expected it");
+
+ /* Check f in range [1, p-1] */
+ if (!dh_pub_is_valid(dh, dh_server_pub))
+ packet_disconnect("bad server public DH value");
+
+ /* compute K=f^x mod p */
+ klen = DH_size(dh);
+ kbuf = xmalloc(klen);
+ kout = DH_compute_key(kbuf, dh_server_pub, dh);
+
+ shared_secret = BN_new();
+ BN_bin2bn(kbuf,kout, shared_secret);
+ memset(kbuf, 0, klen);
+ xfree(kbuf);
+
+ /* The GSS hash is identical to the DH one */
+ hash = kex_dh_hash(
+ kex->client_version_string,
+ kex->server_version_string,
+ buffer_ptr(&kex->my), buffer_len(&kex->my),
+ buffer_ptr(&kex->peer), buffer_len(&kex->peer),
+ serverhostkey, slen, /* server host key */
+ dh->pub_key, /* e */
+ dh_server_pub, /* f */
+ shared_secret /* K */
+ );
+
+ gssbuf.value=hash;
+ gssbuf.length=20;
+
+ /* Verify that H matches the token we just got. */
+ if ((maj_status = gss_verify_mic(&min_status,
+ ctxt->context,
+ &gssbuf,
+ &msg_tok,
+ NULL))) {
+
+ packet_disconnect("Hash's MIC didn't verify");
+ }
+
+ DH_free(dh);
+ ssh_gssapi_delete_ctx(&ctxt);
+ /* save session id */
+ if (kex->session_id == NULL) {
+ kex->session_id_len = 20;
+ kex->session_id = xmalloc(kex->session_id_len);
+ memcpy(kex->session_id, hash, kex->session_id_len);
+ }
+
+ kex_derive_keys(kex, hash, shared_secret);
+ BN_clear_free(shared_secret);
+ kex_finish(kex);
+}
+
+#endif /* GSSAPI */
--- /dev/null
+/*
+ * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#ifdef GSSAPI
+
+#include <openssl/crypto.h>
+#include <openssl/bn.h>
+
+#include "xmalloc.h"
+#include "buffer.h"
+#include "bufaux.h"
+#include "kex.h"
+#include "log.h"
+#include "packet.h"
+#include "dh.h"
+#include "ssh2.h"
+#include "ssh-gss.h"
+#include "monitor_wrap.h"
+
+static void kex_gss_send_error(Gssctxt *ctxt);
+
+void
+kexgss_server(Kex *kex)
+{
+ OM_uint32 maj_status, min_status;
+
+ /* Some GSSAPI implementations use the input value of ret_flags (an
+ * output variable) as a means of triggering mechanism specific
+ * features. Initializing it to zero avoids inadvertently
+ * activating this non-standard behaviour.*/
+
+ OM_uint32 ret_flags = 0;
+ gss_buffer_desc gssbuf,send_tok,recv_tok,msg_tok;
+ Gssctxt *ctxt = NULL;
+ unsigned int klen, kout;
+ unsigned char *kbuf;
+ unsigned char *hash;
+ DH *dh;
+ BIGNUM *shared_secret = NULL;
+ BIGNUM *dh_client_pub = NULL;
+ int type =0;
+ u_int slen;
+ gss_OID oid;
+
+ /* Initialise GSSAPI */
+
+ debug2("%s: Identifying %s",__func__,kex->name);
+ oid=ssh_gssapi_server_id_kex(kex->name);
+ if (oid==NULL) {
+ packet_disconnect("Unknown gssapi mechanism");
+ }
+
+ debug2("%s: Acquiring credentials",__func__);
+
+ if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt,oid)))) {
+ kex_gss_send_error(ctxt);
+ packet_disconnect("Unable to acquire credentials for the server");
+ }
+
+ do {
+ debug("Wait SSH2_MSG_GSSAPI_INIT");
+ type = packet_read();
+ switch(type) {
+ case SSH2_MSG_KEXGSS_INIT:
+ if (dh_client_pub!=NULL)
+ packet_disconnect("Received KEXGSS_INIT after initialising");
+ recv_tok.value=packet_get_string(&slen);
+ recv_tok.length=slen; /* int vs. size_t */
+
+ dh_client_pub = BN_new();
+
+ if (dh_client_pub == NULL)
+ packet_disconnect("dh_client_pub == NULL");
+ packet_get_bignum2(dh_client_pub);
+
+ /* Send SSH_MSG_KEXGSS_HOSTKEY here, if we want */
+ break;
+ case SSH2_MSG_KEXGSS_CONTINUE:
+ recv_tok.value=packet_get_string(&slen);
+ recv_tok.length=slen; /* int vs. size_t */
+ break;
+ default:
+ packet_disconnect("Protocol error: didn't expect packet type %d",
+ type);
+ }
+
+ maj_status=PRIVSEP(ssh_gssapi_accept_ctx(ctxt,&recv_tok,
+ &send_tok, &ret_flags));
+
+ gss_release_buffer(&min_status,&recv_tok);
+
+#ifdef GSS_C_GLOBUS_LIMITED_PROXY_FLAG
+ if (ret_flags & GSS_C_GLOBUS_LIMITED_PROXY_FLAG) {
+ packet_disconnect("Limited proxy is not allowed in gssapi key exchange.");
+ }
+#endif
+
+ if (maj_status!=GSS_S_COMPLETE && send_tok.length==0) {
+ fatal("Zero length token output when incomplete");
+ }
+
+ if (dh_client_pub == NULL)
+ fatal("No client public key");
+
+ if (maj_status & GSS_S_CONTINUE_NEEDED) {
+ debug("Sending GSSAPI_CONTINUE");
+ packet_start(SSH2_MSG_KEXGSS_CONTINUE);
+ packet_put_string(send_tok.value,send_tok.length);
+ packet_send();
+ packet_write_wait();
+ gss_release_buffer(&min_status, &send_tok);
+ }
+ } while (maj_status & GSS_S_CONTINUE_NEEDED);
+
+ if (GSS_ERROR(maj_status)) {
+ kex_gss_send_error(ctxt);
+ if (send_tok.length>0) {
+ packet_start(SSH2_MSG_KEXGSS_CONTINUE);
+ packet_put_string(send_tok.value,send_tok.length);
+ packet_send();
+ packet_write_wait();
+ }
+ packet_disconnect("gssapi key exchange handshake failed");
+ }
+
+ debug("gss_complete");
+ if (!(ret_flags & GSS_C_MUTUAL_FLAG))
+ packet_disconnect("gssapi_mutual authentication failed");
+
+ if (!(ret_flags & GSS_C_INTEG_FLAG))
+ packet_disconnect("gssapi channel integrity not established");
+
+ dh = dh_new_group1();
+ dh_gen_key(dh, kex->we_need * 8);
+
+ if (!dh_pub_is_valid(dh, dh_client_pub))
+ packet_disconnect("bad client public DH value");
+
+ klen = DH_size(dh);
+ kbuf = xmalloc(klen);
+ kout = DH_compute_key(kbuf, dh_client_pub, dh);
+
+ shared_secret = BN_new();
+ BN_bin2bn(kbuf, kout, shared_secret);
+ memset(kbuf, 0, klen);
+ xfree(kbuf);
+
+ /* The GSSAPI hash is identical to the Diffie Helman one */
+ hash = kex_dh_hash(
+ kex->client_version_string,
+ kex->server_version_string,
+ buffer_ptr(&kex->peer), buffer_len(&kex->peer),
+ buffer_ptr(&kex->my), buffer_len(&kex->my),
+ NULL, 0, /* Change this if we start sending host keys */
+ dh_client_pub,
+ dh->pub_key,
+ shared_secret
+ );
+ BN_free(dh_client_pub);
+
+ if (kex->session_id == NULL) {
+ kex->session_id_len = 20;
+ kex->session_id = xmalloc(kex->session_id_len);
+ memcpy(kex->session_id, hash, kex->session_id_len);
+ }
+
+ gssbuf.value = hash;
+ gssbuf.length = 20; /* Hashlen appears to always be 20 */
+
+ if (GSS_ERROR(PRIVSEP(ssh_gssapi_sign(ctxt,&gssbuf,&msg_tok)))) {
+ kex_gss_send_error(ctxt);
+ fatal("Couldn't get MIC");
+ }
+
+ packet_start(SSH2_MSG_KEXGSS_COMPLETE);
+ packet_put_bignum2(dh->pub_key);
+ packet_put_string((char *)msg_tok.value,msg_tok.length);
+
+ if (send_tok.length!=0) {
+ packet_put_char(1); /* true */
+ packet_put_string((char *)send_tok.value,send_tok.length);
+ } else {
+ packet_put_char(0); /* false */
+ }
+ packet_send();
+ packet_write_wait();
+
+ /* We used to store the client name and credentials here for later
+ * use. With privsep, its easier to do this as a by product of the
+ * call to accept_context, which stores delegated information when
+ * the context is complete */
+
+ gss_release_buffer(&min_status, &send_tok);
+
+ /* If we've got a context, delete it. It may be NULL if we've been
+ * using privsep */
+ ssh_gssapi_delete_ctx(&ctxt);
+
+ DH_free(dh);
+
+ kex_derive_keys(kex, hash, shared_secret);
+ BN_clear_free(shared_secret);
+ kex_finish(kex);
+}
+
+static void
+kex_gss_send_error(Gssctxt *ctxt) {
+ char *errstr;
+ OM_uint32 maj,min;
+
+ errstr=PRIVSEP(ssh_gssapi_last_error(ctxt,&maj,&min));
+ if (errstr) {
+ packet_start(SSH2_MSG_KEXGSS_ERROR);
+ packet_put_int(maj);
+ packet_put_int(min);
+ packet_put_cstring(errstr);
+ packet_put_cstring("");
+ packet_send();
+ packet_write_wait();
+ /* XXX - We should probably log the error locally here */
+ xfree(errstr);
+ }
+}
+#endif /* GSSAPI */
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: key.c,v 1.49 2002/09/09 14:54:14 markus Exp $");
+RCSID("$OpenBSD: key.c,v 1.54 2003/07/09 13:58:19 avsm Exp $");
#include <openssl/evp.h>
#include "xmalloc.h"
#include "key.h"
#include "rsa.h"
-#include "ssh-dss.h"
-#include "ssh-rsa.h"
#include "uuencode.h"
#include "buffer.h"
#include "bufaux.h"
return 0;
}
-static u_char *
+u_char*
key_fingerprint_raw(Key *k, enum fp_type dgst_type, u_int *dgst_raw_length)
{
const EVP_MD *md = NULL;
for (i = 0; i < dgst_raw_len; i++) {
char hex[4];
snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]);
- strlcat(retval, hex, dgst_raw_len * 3);
+ strlcat(retval, hex, dgst_raw_len * 3 + 1);
}
+
+ /* Remove the trailing ':' character */
retval[(dgst_raw_len * 3) - 1] = '\0';
return retval;
}
case KEY_DSA:
space = strchr(cp, ' ');
if (space == NULL) {
- debug3("key_read: no space");
+ debug3("key_read: missing whitespace");
return -1;
}
*space = '\0';
type = key_type_from_name(cp);
*space = ' ';
if (type == KEY_UNSPEC) {
- debug3("key_read: no key found");
+ debug3("key_read: missing keytype");
return -1;
}
cp = space+1;
xfree(blob);
return -1;
}
- k = key_from_blob(blob, n);
+ k = key_from_blob(blob, (u_int)n);
xfree(blob);
if (k == NULL) {
error("key_read: key_from_blob %s failed", cp);
}
Key *
-key_from_blob(u_char *blob, int blen)
+key_from_blob(u_char *blob, u_int blen)
{
Buffer b;
char *ktype;
-/* $OpenBSD: key.h,v 1.19 2002/03/18 17:23:31 markus Exp $ */
+/* $OpenBSD: key.h,v 1.22 2003/06/24 08:23:46 markus Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
Key *key_demote(Key *);
int key_equal(Key *, Key *);
char *key_fingerprint(Key *, enum fp_type, enum fp_rep);
+u_char *key_fingerprint_raw(Key *, enum fp_type, u_int *);
char *key_type(Key *);
int key_write(Key *, FILE *);
int key_read(Key *, char **);
Key *key_from_private(Key *);
int key_type_from_name(char *);
-Key *key_from_blob(u_char *, int);
+Key *key_from_blob(u_char *, u_int);
int key_to_blob(Key *, u_char **, u_int *);
char *key_ssh_name(Key *);
int key_names_valid2(const char *);
int key_sign(Key *, u_char **, u_int *, u_char *, u_int);
int key_verify(Key *, u_char *, u_int, u_char *, u_int);
+int ssh_dss_sign(Key *, u_char **, u_int *, u_char *, u_int);
+int ssh_dss_verify(Key *, u_char *, u_int, u_char *, u_int);
+int ssh_rsa_sign(Key *, u_char **, u_int *, u_char *, u_int);
+int ssh_rsa_verify(Key *, u_char *, u_int, u_char *, u_int);
+
#endif
*/
#include "includes.h"
-RCSID("$OpenBSD: log.c,v 1.24 2002/07/19 15:43:33 markus Exp $");
+RCSID("$OpenBSD: log.c,v 1.28 2003/05/24 09:02:22 djm Exp $");
#include "log.h"
#include "xmalloc.h"
#include <syslog.h>
+#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H)
+# include <vis.h>
+#endif
static LogLevel log_level = SYSLOG_LEVEL_INFO;
static int log_on_stderr = 1;
/* Log this message (information that usually should go to the log). */
void
-log(const char *fmt,...)
+logit(const char *fmt,...)
{
va_list args;
next_cu = cu->next;
xfree(cu);
}
+ fatal_cleanups = NULL;
}
/* Cleanup and exit */
void
do_log(LogLevel level, const char *fmt, va_list args)
{
+#ifdef OPENLOG_R
+ struct syslog_data sdata = SYSLOG_DATA_INIT;
+#endif
char msgbuf[MSGBUFSIZ];
char fmtbuf[MSGBUFSIZ];
char *txt = NULL;
} else {
vsnprintf(msgbuf, sizeof(msgbuf), fmt, args);
}
+ strnvis(fmtbuf, msgbuf, sizeof(fmtbuf), VIS_SAFE|VIS_OCTAL);
if (log_on_stderr) {
- fprintf(stderr, "%d: %s\r\n", getpid(), msgbuf);
+ snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf);
+ write(STDERR_FILENO, msgbuf, strlen(msgbuf));
} else {
+#ifdef OPENLOG_R
+ openlog_r(argv0 ? argv0 : __progname, LOG_PID, log_facility, &sdata);
+ syslog_r(pri, &sdata, "%.500s", fmtbuf);
+ closelog_r(&sdata);
+#else
openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility);
- syslog(pri, "%.500s", msgbuf);
+ syslog(pri, "%.500s", fmtbuf);
closelog();
+#endif
}
}
use Convert::ASN1 qw(:tag);
use Digest::MD5 qw(md5);
use MIME::Base64;
+use Data::Dumper;
$oid=shift;
-$encoded=encode_object_id($oid);
+my $asn=Convert::ASN1->new;
+$asn->prepare("oid OBJECT IDENTIFIER");
+$encoded=$asn->encode(oid => $oid);
+Convert::ASN1::asn_dump($encoded);
+print Dumper($asn->decode($encoded));
@entries=unpack("C*",$encoded);
-shift @entries; # Get rid of the NULL
print "DER representation: ";
foreach $entry (@entries) {
--- /dev/null
+#!/usr/bin/awk
+#
+# Version history:
+# v3, I put the program under a proper license
+# Dan Nelson <dnelson@allantgroup.com> added .An, .Aq and fixed a typo
+# v2, fixed to work on GNU awk --posix and MacOS X
+# v1, first attempt, didn't work on MacOS X
+#
+# Copyright (c) 2003 Peter Stuge <stuge-mdoc2man@cdy.org>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+
+BEGIN {
+ optlist=0
+ oldoptlist=0
+ nospace=0
+ synopsis=0
+ reference=0
+ block=0
+ ext=0
+ extopt=0
+ literal=0
+ prenl=0
+ line=""
+}
+
+function wtail() {
+ retval=""
+ while(w<nwords) {
+ if(length(retval))
+ retval=retval OFS
+ retval=retval words[++w]
+ }
+ return retval
+}
+
+function add(str) {
+ for(;prenl;prenl--)
+ line=line "\n"
+ line=line str
+}
+
+! /^\./ {
+ for(;prenl;prenl--)
+ print ""
+ print
+ if(literal)
+ print ".br"
+ next
+}
+
+/^\.\\"/ { next }
+
+{
+ option=0
+ parens=0
+ angles=0
+ sub("^\\.","")
+ nwords=split($0,words)
+ for(w=1;w<=nwords;w++) {
+ skip=0
+ if(match(words[w],"^Li|Pf$")) {
+ skip=1
+ } else if(match(words[w],"^Xo$")) {
+ skip=1
+ ext=1
+ if(length(line)&&!(match(line," $")||prenl))
+ add(OFS)
+ } else if(match(words[w],"^Xc$")) {
+ skip=1
+ ext=0
+ if(!extopt)
+ prenl++
+ w=nwords
+ } else if(match(words[w],"^Bd$")) {
+ skip=1
+ if(match(words[w+1],"-literal")) {
+ literal=1
+ prenl++
+ w=nwords
+ }
+ } else if(match(words[w],"^Ed$")) {
+ skip=1
+ literal=0
+ } else if(match(words[w],"^Ns$")) {
+ skip=1
+ if(!nospace)
+ nospace=1
+ sub(" $","",line)
+ } else if(match(words[w],"^No$")) {
+ skip=1
+ sub(" $","",line)
+ add(words[++w])
+ } else if(match(words[w],"^Dq$")) {
+ skip=1
+ add("``")
+ add(words[++w])
+ while(w<nwords&&!match(words[w+1],"^[\\.,]"))
+ add(OFS words[++w])
+ add("''")
+ if(!nospace&&match(words[w+1],"^[\\.,]"))
+ nospace=1
+ } else if(match(words[w],"^Sq|Ql$")) {
+ skip=1
+ add("`" words[++w] "'")
+ if(!nospace&&match(words[w+1],"^[\\.,]"))
+ nospace=1
+ } else if(match(words[w],"^Oo$")) {
+ skip=1
+ extopt=1
+ if(!nospace)
+ nospace=1
+ add("[")
+ } else if(match(words[w],"^Oc$")) {
+ skip=1
+ extopt=0
+ add("]")
+ }
+ if(!skip) {
+ if(!nospace&&length(line)&&!(match(line," $")||prenl))
+ add(OFS)
+ if(nospace==1)
+ nospace=0
+ }
+ if(match(words[w],"^Dd$")) {
+ date=wtail()
+ next
+ } else if(match(words[w],"^Dt$")) {
+ id=wtail()
+ next
+ } else if(match(words[w],"^Os$")) {
+ add(".TH " id " \"" date "\" \"" wtail() "\"")
+ } else if(match(words[w],"^Sh$")) {
+ add(".SH")
+ synopsis=match(words[w+1],"SYNOPSIS")
+ } else if(match(words[w],"^Xr$")) {
+ add("\\fB" words[++w] "\\fP(" words[++w] ")" words[++w])
+ } else if(match(words[w],"^Rs$")) {
+ split("",refauthors)
+ nrefauthors=0
+ reftitle=""
+ refissue=""
+ refdate=""
+ refopt=""
+ reference=1
+ next
+ } else if(match(words[w],"^Re$")) {
+ prenl++
+ for(i=nrefauthors-1;i>0;i--) {
+ add(refauthors[i])
+ if(i>1)
+ add(", ")
+ }
+ if(nrefauthors>1)
+ add(" and ")
+ add(refauthors[0] ", \\fI" reftitle "\\fP")
+ if(length(refissue))
+ add(", " refissue)
+ if(length(refdate))
+ add(", " refdate)
+ if(length(refopt))
+ add(", " refopt)
+ add(".")
+ reference=0
+ } else if(reference) {
+ if(match(words[w],"^%A$")) { refauthors[nrefauthors++]=wtail() }
+ if(match(words[w],"^%T$")) {
+ reftitle=wtail()
+ sub("^\"","",reftitle)
+ sub("\"$","",reftitle)
+ }
+ if(match(words[w],"^%N$")) { refissue=wtail() }
+ if(match(words[w],"^%D$")) { refdate=wtail() }
+ if(match(words[w],"^%O$")) { refopt=wtail() }
+ } else if(match(words[w],"^Nm$")) {
+ if(synopsis) {
+ add(".br")
+ prenl++
+ }
+ n=words[++w]
+ if(!length(name))
+ name=n
+ if(!length(n))
+ n=name
+ add("\\fB" n "\\fP")
+ if(!nospace&&match(words[w+1],"^[\\.,]"))
+ nospace=1
+ } else if(match(words[w],"^Nd$")) {
+ add("\\- " wtail())
+ } else if(match(words[w],"^Fl$")) {
+ add("\\fB\\-" words[++w] "\\fP")
+ if(!nospace&&match(words[w+1],"^[\\.,]"))
+ nospace=1
+ } else if(match(words[w],"^Ar$")) {
+ add("\\fI")
+ if(w==nwords)
+ add("file ...\\fP")
+ else {
+ add(words[++w] "\\fP")
+ while(match(words[w+1],"^\\|$"))
+ add(OFS words[++w] " \\fI" words[++w] "\\fP")
+ }
+ if(!nospace&&match(words[w+1],"^[\\.,]"))
+ nospace=1
+ } else if(match(words[w],"^Cm$")) {
+ add("\\fB" words[++w] "\\fP")
+ while(w<nwords&&match(words[w+1],"^[\\.,:;)]"))
+ add(words[++w])
+ } else if(match(words[w],"^Op$")) {
+ option=1
+ if(!nospace)
+ nospace=1
+ add("[")
+ } else if(match(words[w],"^Pp$")) {
+ prenl++
+ } else if(match(words[w],"^An$")) {
+ prenl++
+ } else if(match(words[w],"^Ss$")) {
+ add(".SS")
+ } else if(match(words[w],"^Pa$")&&!option) {
+ add("\\fI")
+ w++
+ if(match(words[w],"^\\."))
+ add("\\&")
+ add(words[w] "\\fP")
+ while(w<nwords&&match(words[w+1],"^[\\.,:;)]"))
+ add(words[++w])
+ } else if(match(words[w],"^Dv$")) {
+ add(".BR")
+ } else if(match(words[w],"^Em|Ev$")) {
+ add(".IR")
+ } else if(match(words[w],"^Pq$")) {
+ add("(")
+ nospace=1
+ parens=1
+ } else if(match(words[w],"^Aq$")) {
+ add("<")
+ nospace=1
+ angles=1
+ } else if(match(words[w],"^S[xy]$")) {
+ add(".B " wtail())
+ } else if(match(words[w],"^Ic$")) {
+ plain=1
+ add("\\fB")
+ while(w<nwords) {
+ w++
+ if(match(words[w],"^Op$")) {
+ w++
+ add("[")
+ words[nwords]=words[nwords] "]"
+ }
+ if(match(words[w],"^Ar$")) {
+ add("\\fI" words[++w] "\\fP")
+ } else if(match(words[w],"^[\\.,]")) {
+ sub(" $","",line)
+ if(plain) {
+ add("\\fP")
+ plain=0
+ }
+ add(words[w])
+ } else {
+ if(!plain) {
+ add("\\fB")
+ plain=1
+ }
+ add(words[w])
+ }
+ if(!nospace)
+ add(OFS)
+ }
+ sub(" $","",line)
+ if(plain)
+ add("\\fP")
+ } else if(match(words[w],"^Bl$")) {
+ oldoptlist=optlist
+ if(match(words[w+1],"-bullet"))
+ optlist=1
+ else if(match(words[w+1],"-enum")) {
+ optlist=2
+ enum=0
+ } else if(match(words[w+1],"-tag"))
+ optlist=3
+ else if(match(words[w+1],"-item"))
+ optlist=4
+ else if(match(words[w+1],"-bullet"))
+ optlist=1
+ w=nwords
+ } else if(match(words[w],"^El$")) {
+ optlist=oldoptlist
+ } else if(match(words[w],"^It$")&&optlist) {
+ if(optlist==1)
+ add(".IP \\(bu")
+ else if(optlist==2)
+ add(".IP " ++enum ".")
+ else if(optlist==3) {
+ add(".TP")
+ prenl++
+ if(match(words[w+1],"^Pa|Ev$")) {
+ add(".B")
+ w++
+ }
+ } else if(optlist==4)
+ add(".IP")
+ } else if(match(words[w],"^Sm$")) {
+ if(match(words[w+1],"off"))
+ nospace=2
+ else if(match(words[w+1],"on"))
+ nospace=0
+ w++
+ } else if(!skip) {
+ add(words[w])
+ }
+ }
+ if(match(line,"^\\.[^a-zA-Z]"))
+ sub("^\\.","",line)
+ if(parens)
+ add(")")
+ if(angles)
+ add(">")
+ if(option)
+ add("]")
+ if(ext&&!extopt&&!match(line," $"))
+ add(OFS)
+ if(!ext&&!extopt&&length(line)) {
+ print line
+ prenl=0
+ line=""
+ }
+}
+++ /dev/null
-#!/usr/bin/perl
-###
-### Quick usage: mdoc2man.pl < mdoc_manpage.8 > man_manpage.8
-###
-###
-### Copyright (c) 2001 University of Illinois Board of Trustees
-### Copyright (c) 2001 Mark D. Roth
-### All rights reserved.
-###
-### Redistribution and use in source and binary forms, with or without
-### modification, are permitted provided that the following conditions
-### are met:
-### 1. Redistributions of source code must retain the above copyright
-### notice, this list of conditions and the following disclaimer.
-### 2. Redistributions in binary form must reproduce the above copyright
-### notice, this list of conditions and the following disclaimer in the
-### documentation and/or other materials provided with the distribution.
-### 3. All advertising materials mentioning features or use of this software
-### must display the following acknowledgement:
-### This product includes software developed by the University of
-### Illinois at Urbana, and their contributors.
-### 4. The University nor the names of their
-### contributors may be used to endorse or promote products derived from
-### this software without specific prior written permission.
-###
-### THIS SOFTWARE IS PROVIDED BY THE TRUSTEES AND CONTRIBUTORS ``AS IS'' AND
-### ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-### IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-### ARE DISCLAIMED. IN NO EVENT SHALL THE TRUSTEES OR CONTRIBUTORS BE LIABLE
-### FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-### DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-### OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-### HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-### LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-### OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-### SUCH DAMAGE.
-###
-
-use strict;
-
-my ($name, $date, $id);
-my ($line);
-my ($optlist, $oldoptlist, $nospace, $enum, $synopsis);
-my ($reference, $block, $ext, $extopt, $literal);
-my (@refauthors, $reftitle, $refissue, $refdate, $refopt);
-
-
-$optlist = 0; ### 1 = bullet, 2 = enum, 3 = tag, 4 = item
-$oldoptlist = 0;
-$nospace = 0;
-$synopsis = 0;
-$reference = 0;
-$block = 0;
-$ext = 0;
-$extopt = 0;
-$literal = 0;
-
-while ($line = <STDIN>)
-{
- if ($line !~ /^\./)
- {
- print $line;
- print ".br\n"
- if ($literal);
- next;
- }
-
- $line =~ s/^\.//;
-
- next
- if ($line =~ m/\\"/);
-
- $line = ParseMacro($line);
- print($line)
- if (defined $line);
-}
-
-
-
-sub ParseMacro # ($line)
-{
- my ($line) = @_;
- my (@words, $retval, $option, $parens);
-
- @words = split(/\s+/, $line);
- $retval = '';
- $option = 0;
- $parens = 0;
-
-# print('@words = ', scalar(@words), ': ', join(' ', @words), "\n");
-
- while ($_ = shift @words)
- {
-# print "WORD: $_\n";
-
- next
- if (/^(Li|Pf)$/);
-
- if (/^Xo$/)
- {
- $ext = 1;
- $retval .= ' '
- if ($retval ne '' && $retval !~ m/[\n ]$/);
- next;
- }
-
- if (/^Xc$/)
- {
- $ext = 0;
- $retval .= "\n"
- if (! $extopt);
- last;
- }
-
- if (/^Bd$/)
- {
- $literal = 1
- if ($words[0] eq '-literal');
- $retval .= "\n";
- last;
- }
-
- if (/^Ed$/)
- {
- $literal = 0;
- last;
- }
-
- if (/^Ns$/)
- {
- $nospace = 1
- if (! $nospace);
- $retval =~ s/ $//;
- next;
- }
-
- if (/^No$/)
- {
- $retval =~ s/ $//;
- $retval .= shift @words;
- next;
- }
-
- if (/^Dq$/)
- {
- $retval .= '``';
- do
- {
- $retval .= (shift @words) . ' ';
- }
- while (@words > 0 && $words[0] !~ m/^[\.,]/);
- $retval =~ s/ $//;
- $retval .= '\'\'';
- $nospace = 1
- if (! $nospace && $words[0] =~ m/^[\.,]/);
- next;
- }
-
- if (/^(Sq|Ql)$/)
- {
- $retval .= '`' . (shift @words) . '\'';
- $nospace = 1
- if (! $nospace && $words[0] =~ m/^[\.,]/);
- next;
- }
-
-# if (/^Ic$/)
-# {
-# $retval .= '\\fB' . shift(@words) . '\\fP';
-# next;
-# }
-
- if (/^Oo$/)
- {
-# $retval .= "[\\c\n";
- $extopt = 1;
- $nospace = 1
- if (! $nospace);
- $retval .= '[';
- next;
- }
-
- if (/^Oc$/)
- {
- $extopt = 0;
- $retval .= ']';
- next;
- }
-
- $retval .= ' '
- if (! $nospace && $retval ne '' && $retval !~ m/[\n ]$/);
- $nospace = 0
- if ($nospace == 1);
-
- if (/^Dd$/)
- {
- $date = join(' ', @words);
- return undef;
- }
-
- if (/^Dt$/)
- {
- $id = join(' ', @words);
- return undef;
- }
-
- if (/^Os$/)
- {
- $retval .= '.TH '
- . $id
- . " \"$date\" \""
- . join(' ', @words)
- . "\"";
- last;
- }
-
- if (/^Sh$/)
- {
- $retval .= '.SH';
- if ($words[0] eq 'SYNOPSIS')
- {
- $synopsis = 1;
- }
- else
- {
- $synopsis = 0;
- }
- next;
- }
-
- if (/^Xr$/)
- {
- $retval .= '\\fB' . (shift @words) .
- '\\fP(' . (shift @words) . ')'
- . (shift @words);
- last;
- }
-
- if (/^Rs/)
- {
- @refauthors = ();
- $reftitle = '';
- $refissue = '';
- $refdate = '';
- $refopt = '';
- $reference = 1;
- last;
- }
-
- if (/^Re/)
- {
- $retval .= "\n";
-
- # authors
- while (scalar(@refauthors) > 1)
- {
- $retval .= shift(@refauthors) . ', ';
- }
- $retval .= 'and '
- if ($retval ne '');
- $retval .= shift(@refauthors);
-
- # title
- $retval .= ', \\fI' . $reftitle . '\\fP';
-
- # issue
- $retval .= ', ' . $refissue
- if ($refissue ne '');
-
- # date
- $retval .= ', ' . $refdate
- if ($refdate ne '');
-
- # optional info
- $retval .= ', ' . $refopt
- if ($refopt ne '');
-
- $retval .= ".\n";
-
- $reference = 0;
- last;
- }
-
- if ($reference)
- {
- if (/^%A$/)
- {
- unshift(@refauthors, join(' ', @words));
- last;
- }
-
- if (/^%T$/)
- {
- $reftitle = join(' ', @words);
- $reftitle =~ s/^"//;
- $reftitle =~ s/"$//;
- last;
- }
-
- if (/^%N$/)
- {
- $refissue = join(' ', @words);
- last;
- }
-
- if (/^%D$/)
- {
- $refdate = join(' ', @words);
- last;
- }
-
- if (/^%O$/)
- {
- $refopt = join(' ', @words);
- last;
- }
- }
-
- if (/^Nm$/)
- {
- $name = shift @words
- if (@words > 0);
- $retval .= ".br\n"
- if ($synopsis);
- $retval .= "\\fB$name\\fP";
- $nospace = 1
- if (! $nospace && $words[0] =~ m/^[\.,]/);
- next;
- }
-
- if (/^Nd$/)
- {
- $retval .= '\\-';
- next;
- }
-
- if (/^Fl$/)
- {
- $retval .= '\\fB\\-' . (shift @words) . '\\fP';
- $nospace = 1
- if (! $nospace && $words[0] =~ m/^[\.,]/);
- next;
- }
-
- if (/^Ar$/)
- {
- $retval .= '\\fI';
- if (! defined $words[0])
- {
- $retval .= 'file ...\\fP';
- }
- else
- {
- $retval .= shift(@words) . '\\fP';
- while ($words[0] eq '|')
- {
- $retval .= ' ' . shift(@words);
- $retval .= ' \\fI' . shift(@words);
- $retval .= '\\fP';
- }
- }
- $nospace = 1
- if (! $nospace && $words[0] =~ m/^[\.,]/);
- next;
- }
-
- if (/^Cm$/)
- {
- $retval .= '\\fB' . (shift @words) . '\\fP';
- while ($words[0] =~ m/^[\.,:)]$/)
- {
- $retval .= shift(@words);
- }
- next;
- }
-
- if (/^Op$/)
- {
- $option = 1;
- $nospace = 1
- if (! $nospace);
- $retval .= '[';
-# my $tmp = pop(@words);
-# $tmp .= ']';
-# push(@words, $tmp);
- next;
- }
-
- if (/^Pp$/)
- {
- $retval .= "\n";
- next;
- }
-
- if (/^Ss$/)
- {
- $retval .= '.SS';
- next;
- }
-
- if (/^Pa$/ && ! $option)
- {
- $retval .= '\\fI';
- $retval .= '\\&'
- if ($words[0] =~ m/^\./);
- $retval .= (shift @words) . '\\fP';
- while ($words[0] =~ m/^[\.,:;)]$/)
- {
- $retval .= shift(@words);
- }
-# $nospace = 1
-# if (! $nospace && $words[0] =~ m/^[\.,:)]/);
- next;
- }
-
- if (/^Dv$/)
- {
- $retval .= '.BR';
- next;
- }
-
- if (/^(Em|Ev)$/)
- {
- $retval .= '.IR';
- next;
- }
-
- if (/^Pq$/)
- {
- $retval .= '(';
- $nospace = 1;
- $parens = 1;
- next;
- }
-
- if (/^(S[xy])$/)
- {
- $retval .= '.B ' . join(' ', @words);
- last;
- }
-
- if (/^Ic$/)
- {
- $retval .= '\\fB';
- while (defined $words[0]
- && $words[0] !~ m/^[\.,]/)
- {
- if ($words[0] eq 'Op')
- {
- shift(@words);
- $retval .= '[';
- my $tmp = pop(@words);
- $tmp .= ']';
- push(@words, $tmp);
- next;
- }
- if ($words[0] eq 'Ar')
- {
- shift @words;
- $retval .= '\\fI';
- $retval .= shift @words;
- $retval .= '\\fP';
- }
- else
- {
- $retval .= shift @words;
- }
- $retval .= ' '
- if (! $nospace);
- }
- $retval =~ s/ $//;
- $retval .= '\\fP';
- $retval .= shift @words
- if (defined $words[0]);
- last;
- }
-
- if (/^Bl$/)
- {
- $oldoptlist = $optlist;
- if ($words[0] eq '-bullet')
- {
- $optlist = 1;
- }
- elsif ($words[0] eq '-enum')
- {
- $optlist = 2;
- $enum = 0;
- }
- elsif ($words[0] eq '-tag')
- {
- $optlist = 3;
- }
- elsif ($words[0] eq '-item')
- {
- $optlist = 4;
- }
- last;
- }
-
- if (/^El$/)
- {
- $optlist = $oldoptlist;
- next;
- }
-
- if ($optlist && /^It$/)
- {
- if ($optlist == 1)
- {
- # bullets
- $retval .= '.IP \\(bu';
- next;
- }
-
- if ($optlist == 2)
- {
- # enum
- $retval .= '.IP ' . (++$enum) . '.';
- next;
- }
-
- if ($optlist == 3)
- {
- # tags
- $retval .= ".TP\n";
- if ($words[0] =~ m/^(Pa|Ev)$/)
- {
- shift @words;
- $retval .= '.B';
- }
- next;
- }
-
- if ($optlist == 4)
- {
- # item
- $retval .= ".IP\n";
- next;
- }
-
- next;
- }
-
- if (/^Sm$/)
- {
- if ($words[0] eq 'off')
- {
- $nospace = 2;
- }
- elsif ($words[0] eq 'on')
- {
-# $retval .= "\n";
- $nospace = 0;
- }
- shift @words;
- next;
- }
-
- $retval .= "$_";
- }
-
- return undef
- if ($retval eq '.');
-
- $retval =~ s/^\.([^a-zA-Z])/$1/;
-# $retval =~ s/ $//;
-
- $retval .= ')'
- if ($parens == 1);
-
- $retval .= ']'
- if ($option == 1);
-
-# $retval .= ' '
-# if ($nospace && $retval ne '' && $retval !~ m/\n$/);
-
-# $retval .= ' '
-# if ($extended && $retval !~ m/ $/);
-
- $retval .= ' '
- if ($ext && ! $extopt && $retval !~ m/ $/);
-
- $retval .= "\n"
- if (! $ext && ! $extopt && $retval ne '' && $retval !~ m/\n$/);
-
- return $retval;
-}
-
-
-/* $OpenBSD: misc.c,v 1.12 2001/06/26 17:27:24 markus Exp $ */
-
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
*/
#include "includes.h"
-RCSID("$OpenBSD: misc.c,v 1.12 2001/06/26 17:27:24 markus Exp $");
+RCSID("$OpenBSD: misc.c,v 1.22 2003/09/18 08:49:45 markus Exp $");
#include "misc.h"
#include "log.h"
{
char *t = s;
while (*t) {
- if(*t == '\n' || *t == '\r') {
+ if (*t == '\n' || *t == '\r') {
*t = '\0';
return s;
}
debug2("fd %d is O_NONBLOCK", fd);
return;
}
- debug("fd %d setting O_NONBLOCK", fd);
+ debug2("fd %d setting O_NONBLOCK", fd);
val |= O_NONBLOCK;
if (fcntl(fd, F_SETFL, val) == -1)
- if (errno != ENODEV)
- error("fcntl(%d, F_SETFL, O_NONBLOCK): %s",
- fd, strerror(errno));
+ debug("fcntl(%d, F_SETFL, O_NONBLOCK): %s",
+ fd, strerror(errno));
}
void
debug("fd %d clearing O_NONBLOCK", fd);
val &= ~O_NONBLOCK;
if (fcntl(fd, F_SETFL, val) == -1)
- if (errno != ENODEV)
- error("fcntl(%d, F_SETFL, O_NONBLOCK): %s",
- fd, strerror(errno));
+ debug("fcntl(%d, F_SETFL, O_NONBLOCK): %s",
+ fd, strerror(errno));
+}
+
+/* disable nagle on socket */
+void
+set_nodelay(int fd)
+{
+ int opt;
+ socklen_t optlen;
+
+ optlen = sizeof opt;
+ if (getsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, &optlen) == -1) {
+ error("getsockopt TCP_NODELAY: %.100s", strerror(errno));
+ return;
+ }
+ if (opt == 1) {
+ debug2("fd %d is TCP_NODELAY", fd);
+ return;
+ }
+ opt = 1;
+ debug2("fd %d setting TCP_NODELAY", fd);
+ if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof opt) == -1)
+ error("setsockopt TCP_NODELAY: %.100s", strerror(errno));
}
/* Characters considered whitespace in strsep calls. */
#define WHITESPACE " \t\r\n"
+/* Characters considered as quotations. */
+#define QUOTES "'\""
+
/* return next token in configuration line */
char *
strdelim(char **s)
{
- char *old;
+ char *old, *p, *q;
int wspace = 0;
if (*s == NULL)
old = *s;
- *s = strpbrk(*s, WHITESPACE "=");
+ if ((q=strchr(QUOTES, (int) *old)) && *q)
+ {
+ /* find next quote character, point old to start of quoted
+ * string */
+ for (p = ++old;*p && *p!=*q; p++)
+ ;
+
+ /* find start of next token */
+ *s = (*p) ? p + strspn(p + 1, WHITESPACE) + 1 : NULL;
+
+ /* terminate 'old' token */
+ *p = '\0';
+ return (old);
+ }
+
+ *s = strpbrk(*s, WHITESPACE "=");
if (*s == NULL)
return (old);
{
va_list ap;
char buf[1024];
+ int nalloc;
va_start(ap, fmt);
vsnprintf(buf, sizeof(buf), fmt, ap);
va_end(ap);
+ nalloc = args->nalloc;
if (args->list == NULL) {
- args->nalloc = 32;
+ nalloc = 32;
args->num = 0;
- } else if (args->num+2 >= args->nalloc)
- args->nalloc *= 2;
+ } else if (args->num+2 >= nalloc)
+ nalloc *= 2;
- args->list = xrealloc(args->list, args->nalloc * sizeof(char *));
+ args->list = xrealloc(args->list, nalloc * sizeof(char *));
+ args->nalloc = nalloc;
args->list[args->num++] = xstrdup(buf);
args->list[args->num] = NULL;
}
-
-mysig_t
-mysignal(int sig, mysig_t act)
-{
-#ifdef HAVE_SIGACTION
- struct sigaction sa, osa;
-
- if (sigaction(sig, NULL, &osa) == -1)
- return (mysig_t) -1;
- if (osa.sa_handler != act) {
- memset(&sa, 0, sizeof(sa));
- sigemptyset(&sa.sa_mask);
- sa.sa_flags = 0;
-#if defined(SA_INTERRUPT)
- if (sig == SIGALRM)
- sa.sa_flags |= SA_INTERRUPT;
-#endif
- sa.sa_handler = act;
- if (sigaction(sig, &sa, NULL) == -1)
- return (mysig_t) -1;
- }
- return (osa.sa_handler);
-#else
- return (signal(sig, act));
-#endif
-}
--- /dev/null
+/* $OpenBSD: moduli.c,v 1.1 2003/07/28 09:49:56 djm Exp $ */
+/*
+ * Copyright 1994 Phil Karn <karn@qualcomm.com>
+ * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
+ * Copyright 2000 Niels Provos <provos@citi.umich.edu>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Two-step process to generate safe primes for DHGEX
+ *
+ * Sieve candidates for "safe" primes,
+ * suitable for use as Diffie-Hellman moduli;
+ * that is, where q = (p-1)/2 is also prime.
+ *
+ * First step: generate candidate primes (memory intensive)
+ * Second step: test primes' safety (processor intensive)
+ */
+
+#include "includes.h"
+#include "moduli.h"
+#include "xmalloc.h"
+#include "log.h"
+
+#include <openssl/bn.h>
+
+
+/*
+ * Debugging defines
+ */
+
+/* define DEBUG_LARGE 1 */
+/* define DEBUG_SMALL 1 */
+/* define DEBUG_TEST 1 */
+
+/*
+ * File output defines
+ */
+
+/* need line long enough for largest moduli plus headers */
+#define QLINESIZE (100+8192)
+
+/* Type: decimal.
+ * Specifies the internal structure of the prime modulus.
+ */
+#define QTYPE_UNKNOWN (0)
+#define QTYPE_UNSTRUCTURED (1)
+#define QTYPE_SAFE (2)
+#define QTYPE_SCHNOOR (3)
+#define QTYPE_SOPHIE_GERMAINE (4)
+#define QTYPE_STRONG (5)
+
+/* Tests: decimal (bit field).
+ * Specifies the methods used in checking for primality.
+ * Usually, more than one test is used.
+ */
+#define QTEST_UNTESTED (0x00)
+#define QTEST_COMPOSITE (0x01)
+#define QTEST_SIEVE (0x02)
+#define QTEST_MILLER_RABIN (0x04)
+#define QTEST_JACOBI (0x08)
+#define QTEST_ELLIPTIC (0x10)
+
+/* Size: decimal.
+ * Specifies the number of the most significant bit (0 to M).
+ ** WARNING: internally, usually 1 to N.
+ */
+#define QSIZE_MINIMUM (511)
+
+/*
+ * Prime sieving defines
+ */
+
+/* Constant: assuming 8 bit bytes and 32 bit words */
+#define SHIFT_BIT (3)
+#define SHIFT_BYTE (2)
+#define SHIFT_WORD (SHIFT_BIT+SHIFT_BYTE)
+#define SHIFT_MEGABYTE (20)
+#define SHIFT_MEGAWORD (SHIFT_MEGABYTE-SHIFT_BYTE)
+
+/*
+ * Constant: when used with 32-bit integers, the largest sieve prime
+ * has to be less than 2**32.
+ */
+#define SMALL_MAXIMUM (0xffffffffUL)
+
+/* Constant: can sieve all primes less than 2**32, as 65537**2 > 2**32-1. */
+#define TINY_NUMBER (1UL<<16)
+
+/* Ensure enough bit space for testing 2*q. */
+#define TEST_MAXIMUM (1UL<<16)
+#define TEST_MINIMUM (QSIZE_MINIMUM + 1)
+/* real TEST_MINIMUM (1UL << (SHIFT_WORD - TEST_POWER)) */
+#define TEST_POWER (3) /* 2**n, n < SHIFT_WORD */
+
+/* bit operations on 32-bit words */
+#define BIT_CLEAR(a,n) ((a)[(n)>>SHIFT_WORD] &= ~(1L << ((n) & 31)))
+#define BIT_SET(a,n) ((a)[(n)>>SHIFT_WORD] |= (1L << ((n) & 31)))
+#define BIT_TEST(a,n) ((a)[(n)>>SHIFT_WORD] & (1L << ((n) & 31)))
+
+/*
+ * Prime testing defines
+ */
+
+/*
+ * Sieving data (XXX - move to struct)
+ */
+
+/* sieve 2**16 */
+static u_int32_t *TinySieve, tinybits;
+
+/* sieve 2**30 in 2**16 parts */
+static u_int32_t *SmallSieve, smallbits, smallbase;
+
+/* sieve relative to the initial value */
+static u_int32_t *LargeSieve, largewords, largetries, largenumbers;
+static u_int32_t largebits, largememory; /* megabytes */
+static BIGNUM *largebase;
+
+
+/*
+ * print moduli out in consistent form,
+ */
+static int
+qfileout(FILE * ofile, u_int32_t otype, u_int32_t otests, u_int32_t otries,
+ u_int32_t osize, u_int32_t ogenerator, BIGNUM * omodulus)
+{
+ struct tm *gtm;
+ time_t time_now;
+ int res;
+
+ time(&time_now);
+ gtm = gmtime(&time_now);
+
+ res = fprintf(ofile, "%04d%02d%02d%02d%02d%02d %u %u %u %u %x ",
+ gtm->tm_year + 1900, gtm->tm_mon + 1, gtm->tm_mday,
+ gtm->tm_hour, gtm->tm_min, gtm->tm_sec,
+ otype, otests, otries, osize, ogenerator);
+
+ if (res < 0)
+ return (-1);
+
+ if (BN_print_fp(ofile, omodulus) < 1)
+ return (-1);
+
+ res = fprintf(ofile, "\n");
+ fflush(ofile);
+
+ return (res > 0 ? 0 : -1);
+}
+
+
+/*
+ ** Sieve p's and q's with small factors
+ */
+static void
+sieve_large(u_int32_t s)
+{
+ u_int32_t r, u;
+
+ debug2("sieve_large %u", s);
+ largetries++;
+ /* r = largebase mod s */
+ r = BN_mod_word(largebase, s);
+ if (r == 0)
+ u = 0; /* s divides into largebase exactly */
+ else
+ u = s - r; /* largebase+u is first entry divisible by s */
+
+ if (u < largebits * 2) {
+ /*
+ * The sieve omits p's and q's divisible by 2, so ensure that
+ * largebase+u is odd. Then, step through the sieve in
+ * increments of 2*s
+ */
+ if (u & 0x1)
+ u += s; /* Make largebase+u odd, and u even */
+
+ /* Mark all multiples of 2*s */
+ for (u /= 2; u < largebits; u += s)
+ BIT_SET(LargeSieve, u);
+ }
+
+ /* r = p mod s */
+ r = (2 * r + 1) % s;
+ if (r == 0)
+ u = 0; /* s divides p exactly */
+ else
+ u = s - r; /* p+u is first entry divisible by s */
+
+ if (u < largebits * 4) {
+ /*
+ * The sieve omits p's divisible by 4, so ensure that
+ * largebase+u is not. Then, step through the sieve in
+ * increments of 4*s
+ */
+ while (u & 0x3) {
+ if (SMALL_MAXIMUM - u < s)
+ return;
+ u += s;
+ }
+
+ /* Mark all multiples of 4*s */
+ for (u /= 4; u < largebits; u += s)
+ BIT_SET(LargeSieve, u);
+ }
+}
+
+/*
+ * list candidates for Sophie-Germaine primes (where q = (p-1)/2)
+ * to standard output.
+ * The list is checked against small known primes (less than 2**30).
+ */
+int
+gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
+{
+ BIGNUM *q;
+ u_int32_t j, r, s, t;
+ u_int32_t smallwords = TINY_NUMBER >> 6;
+ u_int32_t tinywords = TINY_NUMBER >> 6;
+ time_t time_start, time_stop;
+ int i, ret = 0;
+
+ largememory = memory;
+
+ /*
+ * Set power to the length in bits of the prime to be generated.
+ * This is changed to 1 less than the desired safe prime moduli p.
+ */
+ if (power > TEST_MAXIMUM) {
+ error("Too many bits: %u > %lu", power, TEST_MAXIMUM);
+ return (-1);
+ } else if (power < TEST_MINIMUM) {
+ error("Too few bits: %u < %u", power, TEST_MINIMUM);
+ return (-1);
+ }
+ power--; /* decrement before squaring */
+
+ /*
+ * The density of ordinary primes is on the order of 1/bits, so the
+ * density of safe primes should be about (1/bits)**2. Set test range
+ * to something well above bits**2 to be reasonably sure (but not
+ * guaranteed) of catching at least one safe prime.
+ */
+ largewords = ((power * power) >> (SHIFT_WORD - TEST_POWER));
+
+ /*
+ * Need idea of how much memory is available. We don't have to use all
+ * of it.
+ */
+ if (largememory > LARGE_MAXIMUM) {
+ logit("Limited memory: %u MB; limit %lu MB",
+ largememory, LARGE_MAXIMUM);
+ largememory = LARGE_MAXIMUM;
+ }
+
+ if (largewords <= (largememory << SHIFT_MEGAWORD)) {
+ logit("Increased memory: %u MB; need %u bytes",
+ largememory, (largewords << SHIFT_BYTE));
+ largewords = (largememory << SHIFT_MEGAWORD);
+ } else if (largememory > 0) {
+ logit("Decreased memory: %u MB; want %u bytes",
+ largememory, (largewords << SHIFT_BYTE));
+ largewords = (largememory << SHIFT_MEGAWORD);
+ }
+
+ TinySieve = calloc(tinywords, sizeof(u_int32_t));
+ if (TinySieve == NULL) {
+ error("Insufficient memory for tiny sieve: need %u bytes",
+ tinywords << SHIFT_BYTE);
+ exit(1);
+ }
+ tinybits = tinywords << SHIFT_WORD;
+
+ SmallSieve = calloc(smallwords, sizeof(u_int32_t));
+ if (SmallSieve == NULL) {
+ error("Insufficient memory for small sieve: need %u bytes",
+ smallwords << SHIFT_BYTE);
+ xfree(TinySieve);
+ exit(1);
+ }
+ smallbits = smallwords << SHIFT_WORD;
+
+ /*
+ * dynamically determine available memory
+ */
+ while ((LargeSieve = calloc(largewords, sizeof(u_int32_t))) == NULL)
+ largewords -= (1L << (SHIFT_MEGAWORD - 2)); /* 1/4 MB chunks */
+
+ largebits = largewords << SHIFT_WORD;
+ largenumbers = largebits * 2; /* even numbers excluded */
+
+ /* validation check: count the number of primes tried */
+ largetries = 0;
+ q = BN_new();
+
+ /*
+ * Generate random starting point for subprime search, or use
+ * specified parameter.
+ */
+ largebase = BN_new();
+ if (start == NULL)
+ BN_rand(largebase, power, 1, 1);
+ else
+ BN_copy(largebase, start);
+
+ /* ensure odd */
+ BN_set_bit(largebase, 0);
+
+ time(&time_start);
+
+ logit("%.24s Sieve next %u plus %u-bit", ctime(&time_start),
+ largenumbers, power);
+ debug2("start point: 0x%s", BN_bn2hex(largebase));
+
+ /*
+ * TinySieve
+ */
+ for (i = 0; i < tinybits; i++) {
+ if (BIT_TEST(TinySieve, i))
+ continue; /* 2*i+3 is composite */
+
+ /* The next tiny prime */
+ t = 2 * i + 3;
+
+ /* Mark all multiples of t */
+ for (j = i + t; j < tinybits; j += t)
+ BIT_SET(TinySieve, j);
+
+ sieve_large(t);
+ }
+
+ /*
+ * Start the small block search at the next possible prime. To avoid
+ * fencepost errors, the last pass is skipped.
+ */
+ for (smallbase = TINY_NUMBER + 3;
+ smallbase < (SMALL_MAXIMUM - TINY_NUMBER);
+ smallbase += TINY_NUMBER) {
+ for (i = 0; i < tinybits; i++) {
+ if (BIT_TEST(TinySieve, i))
+ continue; /* 2*i+3 is composite */
+
+ /* The next tiny prime */
+ t = 2 * i + 3;
+ r = smallbase % t;
+
+ if (r == 0) {
+ s = 0; /* t divides into smallbase exactly */
+ } else {
+ /* smallbase+s is first entry divisible by t */
+ s = t - r;
+ }
+
+ /*
+ * The sieve omits even numbers, so ensure that
+ * smallbase+s is odd. Then, step through the sieve
+ * in increments of 2*t
+ */
+ if (s & 1)
+ s += t; /* Make smallbase+s odd, and s even */
+
+ /* Mark all multiples of 2*t */
+ for (s /= 2; s < smallbits; s += t)
+ BIT_SET(SmallSieve, s);
+ }
+
+ /*
+ * SmallSieve
+ */
+ for (i = 0; i < smallbits; i++) {
+ if (BIT_TEST(SmallSieve, i))
+ continue; /* 2*i+smallbase is composite */
+
+ /* The next small prime */
+ sieve_large((2 * i) + smallbase);
+ }
+
+ memset(SmallSieve, 0, smallwords << SHIFT_BYTE);
+ }
+
+ time(&time_stop);
+
+ logit("%.24s Sieved with %u small primes in %ld seconds",
+ ctime(&time_stop), largetries, (long) (time_stop - time_start));
+
+ for (j = r = 0; j < largebits; j++) {
+ if (BIT_TEST(LargeSieve, j))
+ continue; /* Definitely composite, skip */
+
+ debug2("test q = largebase+%u", 2 * j);
+ BN_set_word(q, 2 * j);
+ BN_add(q, q, largebase);
+ if (qfileout(out, QTYPE_SOPHIE_GERMAINE, QTEST_SIEVE,
+ largetries, (power - 1) /* MSB */, (0), q) == -1) {
+ ret = -1;
+ break;
+ }
+
+ r++; /* count q */
+ }
+
+ time(&time_stop);
+
+ xfree(LargeSieve);
+ xfree(SmallSieve);
+ xfree(TinySieve);
+
+ logit("%.24s Found %u candidates", ctime(&time_stop), r);
+
+ return (ret);
+}
+
+/*
+ * perform a Miller-Rabin primality test
+ * on the list of candidates
+ * (checking both q and p)
+ * The result is a list of so-call "safe" primes
+ */
+int
+prime_test(FILE *in, FILE *out, u_int32_t trials,
+ u_int32_t generator_wanted)
+{
+ BIGNUM *q, *p, *a;
+ BN_CTX *ctx;
+ char *cp, *lp;
+ u_int32_t count_in = 0, count_out = 0, count_possible = 0;
+ u_int32_t generator_known, in_tests, in_tries, in_type, in_size;
+ time_t time_start, time_stop;
+ int res;
+
+ time(&time_start);
+
+ p = BN_new();
+ q = BN_new();
+ ctx = BN_CTX_new();
+
+ debug2("%.24s Final %u Miller-Rabin trials (%x generator)",
+ ctime(&time_start), trials, generator_wanted);
+
+ res = 0;
+ lp = xmalloc(QLINESIZE + 1);
+ while (fgets(lp, QLINESIZE, in) != NULL) {
+ int ll = strlen(lp);
+
+ count_in++;
+ if (ll < 14 || *lp == '!' || *lp == '#') {
+ debug2("%10u: comment or short line", count_in);
+ continue;
+ }
+
+ /* XXX - fragile parser */
+ /* time */
+ cp = &lp[14]; /* (skip) */
+
+ /* type */
+ in_type = strtoul(cp, &cp, 10);
+
+ /* tests */
+ in_tests = strtoul(cp, &cp, 10);
+
+ if (in_tests & QTEST_COMPOSITE) {
+ debug2("%10u: known composite", count_in);
+ continue;
+ }
+ /* tries */
+ in_tries = strtoul(cp, &cp, 10);
+
+ /* size (most significant bit) */
+ in_size = strtoul(cp, &cp, 10);
+
+ /* generator (hex) */
+ generator_known = strtoul(cp, &cp, 16);
+
+ /* Skip white space */
+ cp += strspn(cp, " ");
+
+ /* modulus (hex) */
+ switch (in_type) {
+ case QTYPE_SOPHIE_GERMAINE:
+ debug2("%10u: (%u) Sophie-Germaine", count_in, in_type);
+ a = q;
+ BN_hex2bn(&a, cp);
+ /* p = 2*q + 1 */
+ BN_lshift(p, q, 1);
+ BN_add_word(p, 1);
+ in_size += 1;
+ generator_known = 0;
+ break;
+ default:
+ debug2("%10u: (%u)", count_in, in_type);
+ a = p;
+ BN_hex2bn(&a, cp);
+ /* q = (p-1) / 2 */
+ BN_rshift(q, p, 1);
+ break;
+ }
+
+ /*
+ * due to earlier inconsistencies in interpretation, check
+ * the proposed bit size.
+ */
+ if (BN_num_bits(p) != (in_size + 1)) {
+ debug2("%10u: bit size %u mismatch", count_in, in_size);
+ continue;
+ }
+ if (in_size < QSIZE_MINIMUM) {
+ debug2("%10u: bit size %u too short", count_in, in_size);
+ continue;
+ }
+
+ if (in_tests & QTEST_MILLER_RABIN)
+ in_tries += trials;
+ else
+ in_tries = trials;
+ /*
+ * guess unknown generator
+ */
+ if (generator_known == 0) {
+ if (BN_mod_word(p, 24) == 11)
+ generator_known = 2;
+ else if (BN_mod_word(p, 12) == 5)
+ generator_known = 3;
+ else {
+ u_int32_t r = BN_mod_word(p, 10);
+
+ if (r == 3 || r == 7) {
+ generator_known = 5;
+ }
+ }
+ }
+ /*
+ * skip tests when desired generator doesn't match
+ */
+ if (generator_wanted > 0 &&
+ generator_wanted != generator_known) {
+ debug2("%10u: generator %d != %d",
+ count_in, generator_known, generator_wanted);
+ continue;
+ }
+
+ count_possible++;
+
+ /*
+ * The (1/4)^N performance bound on Miller-Rabin is
+ * extremely pessimistic, so don't spend a lot of time
+ * really verifying that q is prime until after we know
+ * that p is also prime. A single pass will weed out the
+ * vast majority of composite q's.
+ */
+ if (BN_is_prime(q, 1, NULL, ctx, NULL) <= 0) {
+ debug2("%10u: q failed first possible prime test",
+ count_in);
+ continue;
+ }
+
+ /*
+ * q is possibly prime, so go ahead and really make sure
+ * that p is prime. If it is, then we can go back and do
+ * the same for q. If p is composite, chances are that
+ * will show up on the first Rabin-Miller iteration so it
+ * doesn't hurt to specify a high iteration count.
+ */
+ if (!BN_is_prime(p, trials, NULL, ctx, NULL)) {
+ debug2("%10u: p is not prime", count_in);
+ continue;
+ }
+ debug("%10u: p is almost certainly prime", count_in);
+
+ /* recheck q more rigorously */
+ if (!BN_is_prime(q, trials - 1, NULL, ctx, NULL)) {
+ debug("%10u: q is not prime", count_in);
+ continue;
+ }
+ debug("%10u: q is almost certainly prime", count_in);
+
+ if (qfileout(out, QTYPE_SAFE, (in_tests | QTEST_MILLER_RABIN),
+ in_tries, in_size, generator_known, p)) {
+ res = -1;
+ break;
+ }
+
+ count_out++;
+ }
+
+ time(&time_stop);
+ xfree(lp);
+ BN_free(p);
+ BN_free(q);
+ BN_CTX_free(ctx);
+
+ logit("%.24s Found %u safe primes of %u candidates in %ld seconds",
+ ctime(&time_stop), count_out, count_possible,
+ (long) (time_stop - time_start));
+
+ return (res);
+}
--- /dev/null
+/* $OpenBSD: moduli.h,v 1.1 2003/07/28 09:49:56 djm Exp $ */
+
+#include <sys/types.h>
+#include <openssl/bn.h>
+
+/*
+ * Using virtual memory can cause thrashing. This should be the largest
+ * number that is supported without a large amount of disk activity --
+ * that would increase the run time from hours to days or weeks!
+ */
+#define LARGE_MINIMUM (8UL) /* megabytes */
+
+/*
+ * Do not increase this number beyond the unsigned integer bit size.
+ * Due to a multiple of 4, it must be LESS than 128 (yielding 2**30 bits).
+ */
+#define LARGE_MAXIMUM (127UL) /* megabytes */
+
+/* Minimum number of primality tests to perform */
+#define TRIAL_MINIMUM (4)
+
+int gen_candidates(FILE *, int, int, BIGNUM *);
+int prime_test(FILE *, FILE *, u_int32_t, u_int32_t);
*/
#include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.29 2002/09/26 11:38:43 markus Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.49 2003/08/28 12:54:34 markus Exp $");
#include <openssl/dh.h>
u_int olen;
} child_state;
-/* Functions on the montior that answer unprivileged requests */
+/* Functions on the monitor that answer unprivileged requests */
int mm_answer_moduli(int, Buffer *);
int mm_answer_sign(int, Buffer *);
#ifdef USE_PAM
int mm_answer_pam_start(int, Buffer *);
+int mm_answer_pam_account(int, Buffer *);
+int mm_answer_pam_init_ctx(int, Buffer *);
+int mm_answer_pam_query(int, Buffer *);
+int mm_answer_pam_respond(int, Buffer *);
+int mm_answer_pam_free_ctx(int, Buffer *);
#endif
#ifdef GSSAPI
int mm_answer_gss_setup_ctx(int, Buffer *);
int mm_answer_gss_accept_ctx(int, Buffer *);
int mm_answer_gss_userok(int, Buffer *);
-int mm_answer_gss_localname(int, Buffer *);
-int mm_answer_gss_sign(int, Buffer *);
-int mm_answer_gss_indicate_mechs(int, Buffer *);
-int mm_answer_gss_display_status(int, Buffer *);
-#endif
-
-#ifdef GSI
-int mm_answer_gsi_gridmap(int, Buffer *);
#endif
-#ifdef KRB4
-int mm_answer_krb4(int, Buffer *);
-#endif
-#ifdef KRB5
-int mm_answer_krb5(int, Buffer *);
+#ifdef GSSAPI
+int mm_answer_gss_setup_ctx(int, Buffer *);
+int mm_answer_gss_accept_ctx(int, Buffer *);
+int mm_answer_gss_userok(int, Buffer *);
+int mm_answer_gss_sign(int, Buffer *);
+int mm_answer_gss_error(int, Buffer *);
+int mm_answer_gss_indicate_mechs(int, Buffer *);
+int mm_answer_gss_localname(int, Buffer *);
#endif
static Authctxt *authctxt;
static char *hostbased_cuser = NULL;
static char *hostbased_chost = NULL;
static char *auth_method = "unknown";
-static int session_id2_len = 0;
+static u_int session_id2_len = 0;
static u_char *session_id2 = NULL;
+static pid_t monitor_child_pid;
struct mon_table {
enum monitor_reqtype type;
{MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
#ifdef USE_PAM
{MONITOR_REQ_PAM_START, MON_ISAUTH, mm_answer_pam_start},
+ {MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account},
+ {MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx},
+ {MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query},
+ {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},
+ {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
#endif
#ifdef BSD_AUTH
{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
{MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery},
{MONITOR_REQ_SKEYRESPOND, MON_AUTH, mm_answer_skeyrespond},
#endif
+ {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},
+ {MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify},
#ifdef GSSAPI
{MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx},
{MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
+ {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
{MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign},
+ {MONITOR_REQ_GSSERR, MON_ISAUTH | MON_ONCE, mm_answer_gss_error},
{MONITOR_REQ_GSSMECHS, MON_ISAUTH, mm_answer_gss_indicate_mechs},
- {MONITOR_REQ_GSSSTAT, MON_ISAUTH, mm_answer_gss_display_status},
- {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
- {MONITOR_REQ_GSSLOCALNAME, MON_AUTH, mm_answer_gss_localname},
+ {MONITOR_REQ_GSSLOCALNAME, MON_ISAUTH, mm_answer_gss_localname},
#endif
- {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},
- {MONITOR_REQ_KEYVERIFY, MON_AUTH, mm_answer_keyverify},
{0, 0, NULL}
};
{MONITOR_REQ_GSSSETUP, 0, mm_answer_gss_setup_ctx},
{MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx},
{MONITOR_REQ_GSSSIGN, 0, mm_answer_gss_sign},
+ {MONITOR_REQ_GSSERR, 0, mm_answer_gss_error},
{MONITOR_REQ_GSSMECHS, 0, mm_answer_gss_indicate_mechs},
- {MONITOR_REQ_GSSSTAT, 0, mm_answer_gss_display_status},
#endif
{MONITOR_REQ_MODULI, 0, mm_answer_moduli},
{MONITOR_REQ_SIGN, 0, mm_answer_sign},
{MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign},
{MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
{MONITOR_REQ_GSSMECHS, MON_ISAUTH, mm_answer_gss_indicate_mechs},
- {MONITOR_REQ_GSSSTAT, MON_ISAUTH, mm_answer_gss_display_status},
-#endif
-#ifdef GSI
- {MONITOR_REQ_GSIGRIDMAP, MON_PERMIT, mm_answer_gsi_gridmap},
#endif
#ifdef USE_PAM
{MONITOR_REQ_PAM_START, MON_ISAUTH, mm_answer_pam_start},
-#endif
-#ifdef KRB4
- {MONITOR_REQ_KRB4, MON_ONCE|MON_AUTH, mm_answer_krb4},
-#endif
-#ifdef KRB5
- {MONITOR_REQ_KRB5, MON_ONCE|MON_AUTH, mm_answer_krb5},
+ {MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account},
+ {MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx},
+ {MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query},
+ {MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},
+ {MONITOR_REQ_PAM_FREE_CTX, MON_ONCE|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
#endif
{0, 0, NULL}
};
struct mon_table mon_dispatch_postauth15[] = {
-#ifdef GSSAPI
- {MONITOR_REQ_GSSSETUP, 0, mm_answer_gss_setup_ctx},
- {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx},
- {MONITOR_REQ_GSSSIGN, 0, mm_answer_gss_sign},
- {MONITOR_REQ_GSSMECHS, 0, mm_answer_gss_indicate_mechs},
- {MONITOR_REQ_GSSSTAT, 0, mm_answer_gss_display_status},
-#endif
{MONITOR_REQ_PTY, MON_ONCE, mm_answer_pty},
{MONITOR_REQ_PTYCLEANUP, MON_ONCE, mm_answer_pty_cleanup},
{MONITOR_REQ_TERM, 0, mm_answer_term},
#ifdef GSSAPI
/* and for the GSSAPI key exchange */
monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1);
- monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 1);
- monitor_permit(mon_dispatch, MONITOR_REQ_GSSSIGN, 1);
+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSERR, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_GSSMECHS, 1);
- monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTAT, 1);
#endif
} else {
mon_dispatch = mon_dispatch_proto15;
monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1);
-#ifdef GSSAPI
- monitor_permit(mon_dispatch, MONITOR_REQ_GSSSIGN, 1);
- monitor_permit(mon_dispatch, MONITOR_REQ_GSSMECHS, 1);
- monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTAT, 1);
-#endif
-#ifdef GSI
- monitor_permit(mon_dispatch, MONITOR_REQ_GSIGRIDMAP, 1);
-#endif
}
authctxt = authctxt_new();
!auth_root_allowed(auth_method))
authenticated = 0;
#ifdef USE_PAM
- if (!do_pam_account(authctxt->pw->pw_name, NULL))
- authenticated = 0;
+ /* PAM needs to perform account checks after auth */
+ if (options.use_pam) {
+ Buffer m;
+
+ buffer_init(&m);
+ mm_request_receive_expect(pmonitor->m_sendfd,
+ MONITOR_REQ_PAM_ACCOUNT, &m);
+ authenticated = mm_answer_pam_account(pmonitor->m_sendfd, &m);
+ buffer_free(&m);
+ }
#endif
}
return (authctxt);
}
+static void
+monitor_set_child_handler(pid_t pid)
+{
+ monitor_child_pid = pid;
+}
+
+static void
+monitor_child_handler(int signal)
+{
+ kill(monitor_child_pid, signal);
+}
+
void
monitor_child_postauth(struct monitor *pmonitor)
{
+ monitor_set_child_handler(pmonitor->m_pid);
+ signal(SIGHUP, &monitor_child_handler);
+ signal(SIGTERM, &monitor_child_handler);
+
if (compat20) {
mon_dispatch = mon_dispatch_postauth20;
monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
+#ifdef GSSAPI
+ /* and for the GSSAPI key exchange */
+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSMECHS,1);
+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP,1);
+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSERR,1);
+#endif
+
} else {
mon_dispatch = mon_dispatch_postauth15;
monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
}
#ifdef GSSAPI
- monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTAT, 1);
+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSERR, 1);
#endif
if (!no_pty_flag) {
monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
}
#ifdef USE_PAM
- monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1);
+ if (options.use_pam)
+ monitor_permit(mon_dispatch, MONITOR_REQ_PAM_START, 1);
#endif
return (0);
passwd = buffer_get_string(m, &plen);
/* Only authenticate if the context is valid */
authenticated = options.password_authentication &&
- authctxt->valid && auth_password(authctxt, passwd);
+ auth_password(authctxt, passwd);
memset(passwd, 0, strlen(passwd));
xfree(passwd);
u_int numprompts;
u_int *echo_on;
char **prompts;
- int res;
+ u_int success;
- res = bsdauth_query(authctxt, &name, &infotxt, &numprompts,
- &prompts, &echo_on);
+ success = bsdauth_query(authctxt, &name, &infotxt, &numprompts,
+ &prompts, &echo_on) < 0 ? 0 : 1;
buffer_clear(m);
- buffer_put_int(m, res);
- if (res != -1)
+ buffer_put_int(m, success);
+ if (success)
buffer_put_cstring(m, prompts[0]);
- debug3("%s: sending challenge res: %d", __func__, res);
+ debug3("%s: sending challenge success: %u", __func__, success);
mm_request_send(socket, MONITOR_ANS_BSDAUTHQUERY, m);
- if (res != -1) {
+ if (success) {
xfree(name);
xfree(infotxt);
xfree(prompts);
{
struct skey skey;
char challenge[1024];
- int res;
+ u_int success;
- res = skeychallenge(&skey, authctxt->user, challenge);
+ success = skeychallenge(&skey, authctxt->user, challenge) < 0 ? 0 : 1;
buffer_clear(m);
- buffer_put_int(m, res);
- if (res != -1)
+ buffer_put_int(m, success);
+ if (success)
buffer_put_cstring(m, challenge);
- debug3("%s: sending challenge res: %d", __func__, res);
+ debug3("%s: sending challenge success: %u", __func__, success);
mm_request_send(socket, MONITOR_ANS_SKEYQUERY, m);
return (0);
{
char *user;
+ if (!options.use_pam)
+ fatal("UsePAM not set, but ended up in %s anyway", __func__);
+
user = buffer_get_string(m, NULL);
start_pam(user);
xfree(user);
+ monitor_permit(mon_dispatch, MONITOR_REQ_PAM_ACCOUNT, 1);
+
return (0);
}
+
+int
+mm_answer_pam_account(int socket, Buffer *m)
+{
+ u_int ret;
+
+ if (!options.use_pam)
+ fatal("UsePAM not set, but ended up in %s anyway", __func__);
+
+ ret = do_pam_account();
+
+ buffer_put_int(m, ret);
+
+ mm_request_send(socket, MONITOR_ANS_PAM_ACCOUNT, m);
+
+ return (ret);
+}
+
+static void *sshpam_ctxt, *sshpam_authok;
+extern KbdintDevice sshpam_device;
+
+int
+mm_answer_pam_init_ctx(int socket, Buffer *m)
+{
+
+ debug3("%s", __func__);
+ authctxt->user = buffer_get_string(m, NULL);
+ sshpam_ctxt = (sshpam_device.init_ctx)(authctxt);
+ sshpam_authok = NULL;
+ buffer_clear(m);
+ if (sshpam_ctxt != NULL) {
+ monitor_permit(mon_dispatch, MONITOR_REQ_PAM_FREE_CTX, 1);
+ buffer_put_int(m, 1);
+ } else {
+ buffer_put_int(m, 0);
+ }
+ mm_request_send(socket, MONITOR_ANS_PAM_INIT_CTX, m);
+ return (0);
+}
+
+int
+mm_answer_pam_query(int socket, Buffer *m)
+{
+ char *name, *info, **prompts;
+ u_int num, *echo_on;
+ int i, ret;
+
+ debug3("%s", __func__);
+ sshpam_authok = NULL;
+ ret = (sshpam_device.query)(sshpam_ctxt, &name, &info, &num, &prompts, &echo_on);
+ if (ret == 0 && num == 0)
+ sshpam_authok = sshpam_ctxt;
+ if (num > 1 || name == NULL || info == NULL)
+ ret = -1;
+ buffer_clear(m);
+ buffer_put_int(m, ret);
+ buffer_put_cstring(m, name);
+ xfree(name);
+ buffer_put_cstring(m, info);
+ xfree(info);
+ buffer_put_int(m, num);
+ for (i = 0; i < num; ++i) {
+ buffer_put_cstring(m, prompts[i]);
+ xfree(prompts[i]);
+ buffer_put_int(m, echo_on[i]);
+ }
+ if (prompts != NULL)
+ xfree(prompts);
+ if (echo_on != NULL)
+ xfree(echo_on);
+ mm_request_send(socket, MONITOR_ANS_PAM_QUERY, m);
+ return (0);
+}
+
+int
+mm_answer_pam_respond(int socket, Buffer *m)
+{
+ char **resp;
+ u_int num;
+ int i, ret;
+
+ debug3("%s", __func__);
+ sshpam_authok = NULL;
+ num = buffer_get_int(m);
+ if (num > 0) {
+ resp = xmalloc(num * sizeof(char *));
+ for (i = 0; i < num; ++i)
+ resp[i] = buffer_get_string(m, NULL);
+ ret = (sshpam_device.respond)(sshpam_ctxt, num, resp);
+ for (i = 0; i < num; ++i)
+ xfree(resp[i]);
+ xfree(resp);
+ } else {
+ ret = (sshpam_device.respond)(sshpam_ctxt, num, NULL);
+ }
+ buffer_clear(m);
+ buffer_put_int(m, ret);
+ mm_request_send(socket, MONITOR_ANS_PAM_RESPOND, m);
+ auth_method = "keyboard-interactive/pam";
+ if (ret == 0)
+ sshpam_authok = sshpam_ctxt;
+ return (0);
+}
+
+int
+mm_answer_pam_free_ctx(int socket, Buffer *m)
+{
+
+ debug3("%s", __func__);
+ (sshpam_device.free_ctx)(sshpam_ctxt);
+ buffer_clear(m);
+ mm_request_send(socket, MONITOR_ANS_PAM_FREE_CTX, m);
+ return (sshpam_authok == sshpam_ctxt);
+}
#endif
static void
fatal("%s: unknown key type %d", __func__, type);
break;
}
- key_free(key);
}
+ if (key != NULL)
+ key_free(key);
/* clear temporarily storage (used by verify) */
monitor_reset_key_state();
buffer_clear(m);
buffer_put_int(m, allowed);
+ buffer_put_int(m, forced_command != NULL);
mm_append_debug(m);
fail++;
p = buffer_get_string(&b, NULL);
if (strcmp(authctxt->user, p) != 0) {
- log("wrong user name passed to monitor: expected %s != %.100s",
+ logit("wrong user name passed to monitor: expected %s != %.100s",
authctxt->user, p);
fail++;
}
fail++;
p = buffer_get_string(&b, NULL);
if (strcmp(authctxt->user, p) != 0) {
- log("wrong user name passed to monitor: expected %s != %.100s",
+ logit("wrong user name passed to monitor: expected %s != %.100s",
authctxt->user, p);
fail++;
}
}
/* Record that there was a login on that tty from the remote host. */
record_login(s->pid, s->tty, pw->pw_name, pw->pw_uid,
- get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping),
+ get_remote_name_or_ip(utmp_len, options.use_dns),
(struct sockaddr *)&from, fromlen);
}
static void
mm_session_close(Session *s)
{
- debug3("%s: session %d pid %d", __func__, s->self, s->pid);
+ debug3("%s: session %d pid %ld", __func__, s->self, (long)s->pid);
if (s->ttyfd != -1) {
debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);
fatal_remove_cleanup(session_pty_cleanup2, (void *)s);
}
buffer_clear(m);
buffer_put_int(m, allowed);
+ buffer_put_int(m, forced_command != NULL);
/* clear temporarily storage (used by generate challenge) */
monitor_reset_key_state();
key_blob = blob;
key_bloblen = blen;
key_blobtype = MM_RSAUSERKEY;
- key_free(key);
}
+ if (key != NULL)
+ key_free(key);
mm_append_debug(m);
mm_request_send(socket, MONITOR_ANS_RSACHALLENGE, m);
monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1);
+
+ xfree(blob);
+ key_free(key);
return (0);
}
fatal("%s: received bad response to challenge", __func__);
success = auth_rsa_verify_response(key, ssh1_challenge, response);
+ xfree(blob);
key_free(key);
xfree(response);
return (success);
}
-#ifdef KRB4
-int
-mm_answer_krb4(int socket, Buffer *m)
-{
- KTEXT_ST auth, reply;
- char *client, *p;
- int success;
- u_int alen;
-
- reply.length = auth.length = 0;
-
- p = buffer_get_string(m, &alen);
- if (alen >= MAX_KTXT_LEN)
- fatal("%s: auth too large", __func__);
- memcpy(auth.dat, p, alen);
- auth.length = alen;
- memset(p, 0, alen);
- xfree(p);
-
- success = options.kerberos_authentication &&
- authctxt->valid &&
- auth_krb4(authctxt, &auth, &client, &reply);
-
- memset(auth.dat, 0, alen);
- buffer_clear(m);
- buffer_put_int(m, success);
-
- if (success) {
- buffer_put_cstring(m, client);
- buffer_put_string(m, reply.dat, reply.length);
- if (client)
- xfree(client);
- if (reply.length)
- memset(reply.dat, 0, reply.length);
- }
-
- debug3("%s: sending result %d", __func__, success);
- mm_request_send(socket, MONITOR_ANS_KRB4, m);
-
- auth_method = "kerberos";
-
- /* Causes monitor loop to terminate if authenticated */
- return (success);
-}
-#endif
-
-#ifdef KRB5
-int
-mm_answer_krb5(int socket, Buffer *m)
-{
- krb5_data tkt, reply;
- char *client_user;
- u_int len;
- int success;
-
- /* use temporary var to avoid size issues on 64bit arch */
- tkt.data = buffer_get_string(m, &len);
- tkt.length = len;
-
- success = options.kerberos_authentication &&
- authctxt->valid &&
- auth_krb5(authctxt, &tkt, &client_user, &reply);
-
- if (tkt.length)
- xfree(tkt.data);
-
- buffer_clear(m);
- buffer_put_int(m, success);
-
- if (success) {
- buffer_put_cstring(m, client_user);
- buffer_put_string(m, reply.data, reply.length);
- if (client_user)
- xfree(client_user);
- if (reply.length)
- xfree(reply.data);
- }
- mm_request_send(socket, MONITOR_ANS_KRB5, m);
-
- return success;
-}
-#endif
-
int
mm_answer_term(int socket, Buffer *req)
{
(memcmp(kex->session_id, session_id2, session_id2_len) != 0))
fatal("mm_get_get: internal error: bad session id");
kex->we_need = buffer_get_int(m);
+ kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
+ kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
+#ifdef GSSAPI
+ kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
+#endif
kex->server = 1;
kex->hostkey_type = buffer_get_int(m);
kex->kex_type = buffer_get_int(m);
Buffer m;
u_char *blob, *p;
u_int bloblen, plen;
+ u_int32_t seqnr, packets;
+ u_int64_t blocks;
debug3("%s: Waiting for new keys", __func__);
xfree(blob);
/* Now get sequence numbers for the packets */
- packet_set_seqnr(MODE_OUT, buffer_get_int(&m));
- packet_set_seqnr(MODE_IN, buffer_get_int(&m));
+ seqnr = buffer_get_int(&m);
+ blocks = buffer_get_int64(&m);
+ packets = buffer_get_int(&m);
+ packet_set_state(MODE_OUT, seqnr, blocks, packets);
+ seqnr = buffer_get_int(&m);
+ blocks = buffer_get_int64(&m);
+ packets = buffer_get_int(&m);
+ packet_set_state(MODE_IN, seqnr, blocks, packets);
skip:
/* Get the key context */
void *
mm_zalloc(struct mm_master *mm, u_int ncount, u_int size)
{
- size_t len = size * ncount;
+ size_t len = (size_t) size * ncount;
void *address;
if (len == 0 || ncount > SIZE_T_MAX / size)
}
#ifdef GSSAPI
-
int
-mm_answer_gss_setup_ctx(int socket, Buffer *m) {
- gss_OID_desc oid;
- OM_uint32 major;
- int len;
+mm_answer_gss_setup_ctx(int socket, Buffer *m)
+{
+ gss_OID_desc oid;
+ OM_uint32 major;
+ u_int len;
- oid.elements=buffer_get_string(m,&len);
- oid.length=len;
-
- major=ssh_gssapi_server_ctx(&gsscontext,&oid);
+ oid.elements = buffer_get_string(m, &len);
+ oid.length = len;
- xfree(oid.elements);
+ major = ssh_gssapi_server_ctx(&gsscontext, &oid);
- buffer_clear(m);
- buffer_put_int(m,major);
+ xfree(oid.elements);
+
+ buffer_clear(m);
+ buffer_put_int(m, major);
- mm_request_send(socket,MONITOR_ANS_GSSSETUP,m);
+ mm_request_send(socket,MONITOR_ANS_GSSSETUP, m);
- return(0);
+ /* Now we have a context, enable the step */
+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 1);
+
+ return (0);
}
int
-mm_answer_gss_accept_ctx(int socket, Buffer *m) {
- gss_buffer_desc in,out;
- OM_uint32 major,minor;
- OM_uint32 flags = 0; /* GSI needs this */
+mm_answer_gss_accept_ctx(int socket, Buffer *m)
+{
+ gss_buffer_desc in;
+ gss_buffer_desc out = GSS_C_EMPTY_BUFFER;
+ OM_uint32 major,minor;
+ OM_uint32 flags = 0; /* GSI needs this */
+ u_int len;
- in.value = buffer_get_string(m,&in.length);
- major=ssh_gssapi_accept_ctx(gsscontext,&in,&out,&flags);
- xfree(in.value);
+ in.value = buffer_get_string(m, &len);
+ in.length = len;
+ major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
+ xfree(in.value);
- buffer_clear(m);
- buffer_put_int(m, major);
- buffer_put_string(m, out.value, out.length);
- buffer_put_int(m, flags);
- mm_request_send(socket,MONITOR_ANS_GSSSTEP,m);
+ buffer_clear(m);
+ buffer_put_int(m, major);
+ buffer_put_string(m, out.value, out.length);
+ buffer_put_int(m, flags);
+ mm_request_send(socket, MONITOR_ANS_GSSSTEP, m);
- gss_release_buffer(&minor, &out);
+ gss_release_buffer(&minor, &out);
- return(0);
+ /* Complete - now we can do signing */
+ if (major==GSS_S_COMPLETE) {
+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSIGN, 1);
+ }
+ return (0);
}
+
int
-mm_answer_gss_userok(int socket, Buffer *m) {
+mm_answer_gss_userok(int socket, Buffer *m)
+{
int authenticated;
- authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user);
+ authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user);
- buffer_clear(m);
- buffer_put_int(m, authenticated);
+ buffer_clear(m);
+ buffer_put_int(m, authenticated);
- debug3("%s: sending result %d", __func__, authenticated);
- mm_request_send(socket, MONITOR_ANS_GSSUSEROK, m);
+ debug3("%s: sending result %d", __func__, authenticated);
+ mm_request_send(socket, MONITOR_ANS_GSSUSEROK, m);
auth_method="gssapi";
-
- /* Monitor loop will terminate if authenticated */
- return(authenticated);
-}
-int
-mm_answer_gss_localname(int socket, Buffer *m) {
- char *name;
-
- ssh_gssapi_localname(&name);
-
- buffer_clear(m);
- if (name) {
- buffer_put_cstring(m, name);
- debug3("%s: sending result %s", __func__, name);
- xfree(name);
- } else {
- buffer_put_cstring(m, "");
- debug3("%s: sending result \"\"", __func__);
- }
-
- mm_request_send(socket, MONITOR_ANS_GSSLOCALNAME, m);
- return(0);
+ /* Monitor loop will terminate if authenticated */
+ return (authenticated);
}
int
return(0);
}
+int
+mm_answer_gss_error(int socket, Buffer *m) {
+ OM_uint32 major,minor;
+ char *msg;
+
+ msg=ssh_gssapi_last_error(gsscontext,&major,&minor);
+ buffer_clear(m);
+ buffer_put_int(m,major);
+ buffer_put_int(m,minor);
+ buffer_put_cstring(m,msg);
+
+ mm_request_send(socket,MONITOR_ANS_GSSERR,m);
+
+ xfree(msg);
+
+ return(0);
+}
+
int
mm_answer_gss_indicate_mechs(int socket, Buffer *m) {
OM_uint32 major,minor;
mech_set->elements[i].length);
}
+#if !defined(MECHGLUE) /* mechglue memory management bug ??? */
+ gss_release_oid_set(&minor,&mech_set);
+#endif
+
mm_request_send(socket,MONITOR_ANS_GSSMECHS,m);
return(0);
}
int
-mm_answer_gss_display_status(int socket, Buffer *m) {
- OM_uint32 major,minor,status_value,message_context;
- int status_type;
- gss_OID_desc mech_type_desc;
- gss_OID mech_type;
- gss_buffer_desc status_string;
- u_int length;
-
- status_value = buffer_get_int(m);
- status_type = buffer_get_int(m);
- mech_type_desc.elements = buffer_get_string(m, &length);
- mech_type_desc.length = length;
- if (length != 0) {
- mech_type = &mech_type_desc;
- } else if (gsscontext) {
- mech_type = gsscontext->oid;
- } else {
- mech_type = GSS_C_NO_OID;
- }
- message_context = buffer_get_int(m);
-
- major=gss_display_status(&minor, status_value, status_type, mech_type,
- &message_context, &status_string);
-
- buffer_clear(m);
- buffer_put_int(m, message_context);
- buffer_put_string(m, status_string.value, status_string.length);
+mm_answer_gss_localname(int socket, Buffer *m) {
+ char *name;
- mm_request_send(socket,MONITOR_ANS_GSSSTAT,m);
+ ssh_gssapi_localname(&name);
- if (mech_type_desc.elements) {
- xfree(mech_type_desc.elements);
+ buffer_clear(m);
+ if (name) {
+ buffer_put_cstring(m, name);
+ debug3("%s: sending result %s", __func__, name);
+ xfree(name);
+ } else {
+ buffer_put_cstring(m, "");
+ debug3("%s: sending result \"\"", __func__);
}
- return 0;
-}
-
-#endif /* GSSAPI */
-
-#ifdef GSI
-
-int
-mm_answer_gsi_gridmap(int socket, Buffer *m) {
- char *subject, *name;
-
- subject = buffer_get_string(m, NULL);
-
- gsi_gridmap(subject, &name);
-
- buffer_clear(m);
- if (name) {
- buffer_put_cstring(m, name);
- debug3("%s: sending result %s", __func__, name);
- xfree(name);
- } else {
- buffer_put_cstring(m, "");
- debug3("%s: sending result \"\"", __func__);
- }
-
- mm_request_send(socket, MONITOR_ANS_GSIGRIDMAP, m);
+ mm_request_send(socket, MONITOR_ANS_GSSLOCALNAME, m);
- return(0);
+ return(0);
}
-
-#endif /* GSI */
+#endif /* GSSAPI */
-/* $OpenBSD: monitor.h,v 1.8 2002/09/26 11:38:43 markus Exp $ */
+/* $OpenBSD: monitor.h,v 1.11 2003/08/28 12:54:34 markus Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
MONITOR_REQ_BSDAUTHRESPOND, MONITOR_ANS_BSDAUTHRESPOND,
MONITOR_REQ_SKEYQUERY, MONITOR_ANS_SKEYQUERY,
MONITOR_REQ_SKEYRESPOND, MONITOR_ANS_SKEYRESPOND,
- MONITOR_REQ_GSSSETUP,MONITOR_ANS_GSSSETUP,
- MONITOR_REQ_GSSSTEP,MONITOR_ANS_GSSSTEP,
- MONITOR_REQ_GSSSIGN,MONITOR_ANS_GSSSIGN,
- MONITOR_REQ_GSSMECHS,MONITOR_ANS_GSSMECHS,
- MONITOR_REQ_GSSSTAT,MONITOR_ANS_GSSSTAT,
- MONITOR_REQ_GSSUSEROK,MONITOR_ANS_GSSUSEROK,
- MONITOR_REQ_GSSLOCALNAME,MONITOR_ANS_GSSLOCALNAME,
- MONITOR_REQ_GSIGRIDMAP,MONITOR_ANS_GSIGRIDMAP,
MONITOR_REQ_KEYALLOWED, MONITOR_ANS_KEYALLOWED,
MONITOR_REQ_KEYVERIFY, MONITOR_ANS_KEYVERIFY,
MONITOR_REQ_KEYEXPORT,
MONITOR_REQ_RSAKEYALLOWED, MONITOR_ANS_RSAKEYALLOWED,
MONITOR_REQ_RSACHALLENGE, MONITOR_ANS_RSACHALLENGE,
MONITOR_REQ_RSARESPONSE, MONITOR_ANS_RSARESPONSE,
- MONITOR_REQ_KRB4, MONITOR_ANS_KRB4,
- MONITOR_REQ_KRB5, MONITOR_ANS_KRB5,
+ MONITOR_REQ_GSSSETUP, MONITOR_ANS_GSSSETUP,
+ MONITOR_REQ_GSSSTEP, MONITOR_ANS_GSSSTEP,
+ MONITOR_REQ_GSSUSEROK, MONITOR_ANS_GSSUSEROK,
+ MONITOR_REQ_GSSSIGN, MONITOR_ANS_GSSSIGN,
+ MONITOR_REQ_GSSMECHS, MONITOR_ANS_GSSMECHS,
+ MONITOR_REQ_GSSLOCALNAME, MONITOR_ANS_GSSLOCALNAME,
+ MONITOR_REQ_GSSERR, MONITOR_ANS_GSSERR,
MONITOR_REQ_PAM_START,
+ MONITOR_REQ_PAM_ACCOUNT, MONITOR_ANS_PAM_ACCOUNT,
+ MONITOR_REQ_PAM_INIT_CTX, MONITOR_ANS_PAM_INIT_CTX,
+ MONITOR_REQ_PAM_QUERY, MONITOR_ANS_PAM_QUERY,
+ MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,
+ MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
MONITOR_REQ_TERM
};
fatal("%s: no fd", __func__);
#else
cmsg = CMSG_FIRSTHDR(&msg);
+#ifndef BROKEN_CMSG_TYPE
if (cmsg->cmsg_type != SCM_RIGHTS)
fatal("%s: expected type %d got %d", __func__,
SCM_RIGHTS, cmsg->cmsg_type);
+#endif
fd = (*(int *)CMSG_DATA(cmsg));
#endif
return fd;
#include <sys/mman.h>
#endif
-#include "openbsd-compat/xmmap.h"
#include "ssh.h"
#include "xmalloc.h"
#include "log.h"
*/
#include "includes.h"
-RCSID("$OpenBSD: monitor_wrap.c,v 1.19 2002/09/26 11:38:43 markus Exp $");
+RCSID("$OpenBSD: monitor_wrap.c,v 1.31 2003/08/28 12:54:34 markus Exp $");
#include <openssl/bn.h>
#include <openssl/dh.h>
#include "dh.h"
#include "kex.h"
#include "auth.h"
+#include "auth-options.h"
#include "buffer.h"
#include "bufaux.h"
#include "packet.h"
#include "atomicio.h"
#include "monitor_fdpass.h"
#include "getput.h"
+#include "servconf.h"
#include "auth.h"
#include "channels.h"
extern z_stream outgoing_stream;
extern struct monitor *pmonitor;
extern Buffer input, output;
+extern ServerOptions options;
void
mm_request_send(int socket, enum monitor_reqtype type, Buffer *m)
PUT_32BIT(buf, mlen + 1);
buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */
- if (atomicio(write, socket, buf, sizeof(buf)) != sizeof(buf))
+ if (atomicio(vwrite, socket, buf, sizeof(buf)) != sizeof(buf))
fatal("%s: write", __func__);
- if (atomicio(write, socket, buffer_ptr(m), mlen) != mlen)
+ if (atomicio(vwrite, socket, buffer_ptr(m), mlen) != mlen)
fatal("%s: write", __func__);
}
Buffer m;
u_char *blob;
u_int len;
- int allowed = 0;
+ int allowed = 0, have_forced = 0;
debug3("%s entering", __func__);
allowed = buffer_get_int(&m);
+ /* fake forced command */
+ auth_clear_options();
+ have_forced = buffer_get_int(&m);
+ forced_command = have_forced ? xstrdup("true") : NULL;
+
/* Send potential debug messages */
mm_send_debug(&m);
Buffer m;
u_char *blob, *p;
u_int bloblen, plen;
+ u_int32_t seqnr, packets;
+ u_int64_t blocks;
buffer_init(&m);
buffer_put_string(&m, blob, bloblen);
xfree(blob);
- buffer_put_int(&m, packet_get_seqnr(MODE_OUT));
- buffer_put_int(&m, packet_get_seqnr(MODE_IN));
+ packet_get_state(MODE_OUT, &seqnr, &blocks, &packets);
+ buffer_put_int(&m, seqnr);
+ buffer_put_int64(&m, blocks);
+ buffer_put_int(&m, packets);
+ packet_get_state(MODE_IN, &seqnr, &blocks, &packets);
+ buffer_put_int(&m, seqnr);
+ buffer_put_int64(&m, blocks);
+ buffer_put_int(&m, packets);
debug3("%s: New keys have been sent", __func__);
skip:
Buffer m;
debug3("%s entering", __func__);
+ if (!options.use_pam)
+ fatal("UsePAM=no, but ended up in %s anyway", __func__);
buffer_init(&m);
buffer_put_cstring(&m, user);
buffer_free(&m);
}
+
+u_int
+mm_do_pam_account(void)
+{
+ Buffer m;
+ u_int ret;
+
+ debug3("%s entering", __func__);
+ if (!options.use_pam)
+ fatal("UsePAM=no, but ended up in %s anyway", __func__);
+
+ buffer_init(&m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_ACCOUNT, &m);
+
+ mm_request_receive_expect(pmonitor->m_recvfd,
+ MONITOR_ANS_PAM_ACCOUNT, &m);
+ ret = buffer_get_int(&m);
+
+ buffer_free(&m);
+
+ debug3("%s returning %d", __func__, ret);
+
+ return (ret);
+}
+
+void *
+mm_sshpam_init_ctx(Authctxt *authctxt)
+{
+ Buffer m;
+ int success;
+
+ debug3("%s", __func__);
+ buffer_init(&m);
+ buffer_put_cstring(&m, authctxt->user);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m);
+ debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m);
+ success = buffer_get_int(&m);
+ if (success == 0) {
+ debug3("%s: pam_init_ctx failed", __func__);
+ buffer_free(&m);
+ return (NULL);
+ }
+ buffer_free(&m);
+ return (authctxt);
+}
+
+int
+mm_sshpam_query(void *ctx, char **name, char **info,
+ u_int *num, char ***prompts, u_int **echo_on)
+{
+ Buffer m;
+ int i, ret;
+
+ debug3("%s", __func__);
+ buffer_init(&m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_QUERY, &m);
+ debug3("%s: waiting for MONITOR_ANS_PAM_QUERY", __func__);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_QUERY, &m);
+ ret = buffer_get_int(&m);
+ debug3("%s: pam_query returned %d", __func__, ret);
+ *name = buffer_get_string(&m, NULL);
+ *info = buffer_get_string(&m, NULL);
+ *num = buffer_get_int(&m);
+ *prompts = xmalloc((*num + 1) * sizeof(char *));
+ *echo_on = xmalloc((*num + 1) * sizeof(u_int));
+ for (i = 0; i < *num; ++i) {
+ (*prompts)[i] = buffer_get_string(&m, NULL);
+ (*echo_on)[i] = buffer_get_int(&m);
+ }
+ buffer_free(&m);
+ return (ret);
+}
+
+int
+mm_sshpam_respond(void *ctx, u_int num, char **resp)
+{
+ Buffer m;
+ int i, ret;
+
+ debug3("%s", __func__);
+ buffer_init(&m);
+ buffer_put_int(&m, num);
+ for (i = 0; i < num; ++i)
+ buffer_put_cstring(&m, resp[i]);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_RESPOND, &m);
+ debug3("%s: waiting for MONITOR_ANS_PAM_RESPOND", __func__);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_RESPOND, &m);
+ ret = buffer_get_int(&m);
+ debug3("%s: pam_respond returned %d", __func__, ret);
+ buffer_free(&m);
+ return (ret);
+}
+
+void
+mm_sshpam_free_ctx(void *ctxtp)
+{
+ Buffer m;
+
+ debug3("%s", __func__);
+ buffer_init(&m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_FREE_CTX, &m);
+ debug3("%s: waiting for MONITOR_ANS_PAM_FREE_CTX", __func__);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_FREE_CTX, &m);
+ buffer_free(&m);
+}
#endif /* USE_PAM */
/* Request process termination */
u_int *numprompts, char ***prompts, u_int **echo_on)
{
Buffer m;
- int res;
+ u_int success;
char *challenge;
debug3("%s: entering", __func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY,
&m);
- res = buffer_get_int(&m);
- if (res == -1) {
+ success = buffer_get_int(&m);
+ if (success == 0) {
debug3("%s: no challenge", __func__);
buffer_free(&m);
return (-1);
u_int *numprompts, char ***prompts, u_int **echo_on)
{
Buffer m;
- int len, res;
+ int len;
+ u_int success;
char *p, *challenge;
debug3("%s: entering", __func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY,
&m);
- res = buffer_get_int(&m);
- if (res == -1) {
+ success = buffer_get_int(&m);
+ if (success == 0) {
debug3("%s: no challenge", __func__);
buffer_free(&m);
return (-1);
Key *key;
u_char *blob;
u_int blen;
- int allowed = 0;
+ int allowed = 0, have_forced = 0;
debug3("%s entering", __func__);
allowed = buffer_get_int(&m);
+ /* fake forced command */
+ auth_clear_options();
+ have_forced = buffer_get_int(&m);
+ forced_command = have_forced ? xstrdup("true") : NULL;
+
if (allowed && rkey != NULL) {
blob = buffer_get_string(&m, &blen);
if ((key = key_from_blob(blob, blen)) == NULL)
return (success);
}
+
#ifdef GSSAPI
OM_uint32
-mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) {
- Buffer m;
- OM_uint32 major;
-
- /* Client doesn't get to see the context */
- *ctx=NULL;
+mm_ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)
+{
+ Buffer m;
+ OM_uint32 major;
- buffer_init(&m);
- buffer_put_string(&m,oid->elements,oid->length);
+ /* Client doesn't get to see the context */
+ *ctx = NULL;
- mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, &m);
+ buffer_init(&m);
+ buffer_put_string(&m, oid->elements, oid->length);
- debug3("%s: waiting for MONITOR_ANS_GSSSETUP",__func__);
- mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, &m);
- major=buffer_get_int(&m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, &m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, &m);
- return(major);
+ major = buffer_get_int(&m);
+
+ buffer_free(&m);
+ return (major);
}
OM_uint32
mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in,
- gss_buffer_desc *out, OM_uint32 *flags) {
-
- Buffer m;
- OM_uint32 major;
-
- buffer_init(&m);
- buffer_put_string(&m, in->value, in->length);
- mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, &m);
-
- debug3("%s: waiting for MONITOR_ANS_GSSSTEP", __func__);
- mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, &m);
-
- major=buffer_get_int(&m);
- out->value=buffer_get_string(&m,&out->length);
- if (flags) *flags=buffer_get_int(&m);
-
- return(major);
-}
+ gss_buffer_desc *out, OM_uint32 *flags)
+{
+ Buffer m;
+ OM_uint32 major;
+ u_int len;
-int
-mm_ssh_gssapi_userok(char *user) {
- Buffer m;
- int authenticated = 0;
+ buffer_init(&m);
+ buffer_put_string(&m, in->value, in->length);
- buffer_init(&m);
- mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, &m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, &m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, &m);
- debug3("%s: waiting for MONITOR_ANS_GSSUSEROK", __func__);
- mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUSEROK,
- &m);
+ major = buffer_get_int(&m);
+ out->value = buffer_get_string(&m, &len);
+ out->length = len;
+ if (flags)
+ *flags = buffer_get_int(&m);
- authenticated = buffer_get_int(&m);
+ buffer_free(&m);
- buffer_free(&m);
- debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
- return(authenticated);
+ return (major);
}
int
-mm_ssh_gssapi_localname(char **lname)
+mm_ssh_gssapi_userok(char *user)
{
- Buffer m;
+ Buffer m;
+ int authenticated = 0;
buffer_init(&m);
- mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSLOCALNAME, &m);
- debug3("%s: waiting for MONITOR_ANS_GSSLOCALNAME", __func__);
- mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSLOCALNAME,
- &m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, &m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSUSEROK,
+ &m);
- *lname = buffer_get_string(&m, NULL);
+ authenticated = buffer_get_int(&m);
- buffer_free(&m);
- if (lname[0] == '\0') {
- debug3("%s: gssapi identity mapping failed", __func__);
- } else {
- debug3("%s: gssapi identity mapped to %s", __func__, *lname);
- }
-
- return(0);
+ buffer_free(&m);
+ debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
+ return (authenticated);
}
OM_uint32
buffer_put_string(&m, data->value, data->length);
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSIGN, &m);
-
- debug3("%s: waiting for MONITOR_ANS_GSSSIGN",__func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSIGN, &m);
+
major=buffer_get_int(&m);
hash->value = buffer_get_string(&m, &hash->length);
+ buffer_free(&m);
+
return(major);
}
-OM_uint32
-mm_gss_indicate_mechs(OM_uint32 *minor_status, gss_OID_set *mech_set)
-{
- Buffer m;
- OM_uint32 major;
- int i=0;
-
+char *
+mm_ssh_gssapi_last_error(Gssctxt *ctx, OM_uint32 *major, OM_uint32 *minor) {
+ Buffer m;
+ OM_uint32 maj,min;
+ char *errstr;
+
buffer_init(&m);
- mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSMECHS, &m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSERR, &m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSERR, &m);
- debug3("%s: waiting for MONITOR_ANS_GSSMECHS",__func__);
- mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSMECHS,
- &m);
- major=buffer_get_int(&m);
- *mech_set = xmalloc(sizeof(gss_OID_set_desc));
- (*mech_set)->count=buffer_get_int(&m);
- (*mech_set)->elements=xmalloc(sizeof(gss_OID_desc)*(*mech_set)->count);
- for (i=0; i < (*mech_set)->count; i++) {
- u_int length;
- (*mech_set)->elements[i].elements=buffer_get_string(&m, &length);
- (*mech_set)->elements[i].length = length;
- }
+ maj = buffer_get_int(&m);
+ min = buffer_get_int(&m);
- return(major);
-}
+ if (major) *major=maj;
+ if (minor) *minor=min;
+
+ errstr=buffer_get_string(&m,NULL);
+
+ buffer_free(&m);
+
+ return(errstr);
+}
OM_uint32
-mm_gss_display_status(OM_uint32 *minor_status, OM_uint32 status_value,
- int status_type, const gss_OID mech_type,
- OM_uint32 *message_context, gss_buffer_t status_string)
+mm_gss_indicate_mechs(OM_uint32 *minor_status, gss_OID_set *mech_set)
{
Buffer m;
- OM_uint32 major;
+ OM_uint32 major,minor;
+ int count;
+ gss_OID_desc oid;
+ u_int length;
buffer_init(&m);
- buffer_put_int(&m, status_value);
- buffer_put_int(&m, status_type);
- if (mech_type) {
- buffer_put_string(&m, mech_type->elements, mech_type->length);
- } else {
- buffer_put_string(&m, "", 0);
- }
- if (message_context) {
- buffer_put_int(&m, *message_context);
- } else {
- buffer_put_int(&m, 0);
- }
-
- mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTAT, &m);
-
- debug3("%s: waiting for MONITOR_ANS_GSSMECHS",__func__);
- mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTAT,
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSMECHS, &m);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSMECHS,
&m);
+ major=buffer_get_int(&m);
+ count=buffer_get_int(&m);
- if (message_context) {
- *message_context = buffer_get_int(&m);
- } else {
- buffer_get_int(&m);
+ gss_create_empty_oid_set(&minor,mech_set);
+ while(count-->0) {
+ oid.elements=buffer_get_string(&m,&length);
+ oid.length=length;
+ gss_add_oid_set_member(&minor,&oid,mech_set);
}
- status_string->value = buffer_get_string(&m, &status_string->length);
- return major;
+ buffer_free(&m);
+
+ return(major);
}
-#endif /* GSSAPI */
-
-#ifdef GSI
-int mm_gsi_gridmap(char *subject_name, char **lname)
+int
+mm_ssh_gssapi_localname(char **lname)
{
Buffer m;
buffer_init(&m);
- buffer_put_cstring(&m, subject_name);
- mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSIGRIDMAP, &m);
+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSLOCALNAME, &m);
- debug3("%s: waiting for MONITOR_ANS_GSIGRIDMAP", __func__);
- mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSIGRIDMAP,
+ debug3("%s: waiting for MONITOR_ANS_GSSLOCALNAME", __func__);
+ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSLOCALNAME,
&m);
*lname = buffer_get_string(&m, NULL);
buffer_free(&m);
if (lname[0] == '\0') {
- debug3("%s: gssapi identity %s mapping failed", __func__,
- subject_name);
+ debug3("%s: gssapi identity mapping failed", __func__);
} else {
- debug3("%s: gssapi identity %s mapped to %s", __func__,
- subject_name, *lname);
+ debug3("%s: gssapi identity mapped to %s", __func__, *lname);
}
return(0);
-
-}
-
-#endif /* GSI */
-
-#ifdef KRB4
-int
-mm_auth_krb4(Authctxt *authctxt, void *_auth, char **client, void *_reply)
-{
- KTEXT auth, reply;
- Buffer m;
- u_int rlen;
- int success = 0;
- char *p;
-
- debug3("%s entering", __func__);
- auth = _auth;
- reply = _reply;
-
- buffer_init(&m);
- buffer_put_string(&m, auth->dat, auth->length);
-
- mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB4, &m);
- mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB4, &m);
-
- success = buffer_get_int(&m);
- if (success) {
- *client = buffer_get_string(&m, NULL);
- p = buffer_get_string(&m, &rlen);
- if (rlen >= MAX_KTXT_LEN)
- fatal("%s: reply from monitor too large", __func__);
- reply->length = rlen;
- memcpy(reply->dat, p, rlen);
- memset(p, 0, rlen);
- xfree(p);
- }
- buffer_free(&m);
- return (success);
-}
-#endif
-
-#ifdef KRB5
-int
-mm_auth_krb5(void *ctx, void *argp, char **userp, void *resp)
-{
- krb5_data *tkt, *reply;
- Buffer m;
- int success;
-
- debug3("%s entering", __func__);
- tkt = (krb5_data *) argp;
- reply = (krb5_data *) resp;
-
- buffer_init(&m);
- buffer_put_string(&m, tkt->data, tkt->length);
-
- mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB5, &m);
- mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB5, &m);
-
- success = buffer_get_int(&m);
- if (success) {
- u_int len;
-
- *userp = buffer_get_string(&m, NULL);
- reply->data = buffer_get_string(&m, &len);
- reply->length = len;
- } else {
- memset(reply, 0, sizeof(*reply));
- *userp = NULL;
- }
-
- buffer_free(&m);
- return (success);
-}
-#endif
+}
+#endif /* GSSAPI */
-/* $OpenBSD: monitor_wrap.h,v 1.8 2002/09/26 11:38:43 markus Exp $ */
+/* $OpenBSD: monitor_wrap.h,v 1.11 2003/08/28 12:54:34 markus Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
int mm_auth_rsa_verify_response(Key *, BIGNUM *, u_char *);
BIGNUM *mm_auth_rsa_generate_challenge(Key *);
+#ifdef GSSAPI
+#include "ssh-gss.h"
+OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **ctxt, gss_OID oid);
+OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *ctxt,
+ gss_buffer_desc *recv, gss_buffer_desc *send, OM_uint32 *flags);
+int mm_ssh_gssapi_userok(char *user);
+#endif
+
#ifdef USE_PAM
void mm_start_pam(char *);
+u_int mm_do_pam_account(void);
+void *mm_sshpam_init_ctx(struct Authctxt *);
+int mm_sshpam_query(void *, char **, char **, u_int *, char ***, u_int **);
+int mm_sshpam_respond(void *, u_int, char **);
+void mm_sshpam_free_ctx(void *);
#endif
#ifdef GSSAPI
int mm_ssh_gssapi_localname(char **user);
OM_uint32 mm_gss_indicate_mechs(OM_uint32 *minor_status,
gss_OID_set *mech_set);
-OM_uint32 mm_gss_display_status(OM_uint32 *minor_status,
- OM_uint32 status_value,
- int status_type, const gss_OID mech_type,
- OM_uint32 *message_context,
- gss_buffer_t status_string);
-#endif
+char *mm_ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *maj, OM_uint32 *min);
-#ifdef GSI
-int mm_gsi_gridmap(char *subject_name, char **mapped_name);
#endif
void mm_terminate(void);
int mm_skey_query(void *, char **, char **, u_int *, char ***, u_int **);
int mm_skey_respond(void *, u_int, char **);
-/* auth_krb */
-#ifdef KRB4
-int mm_auth_krb4(struct Authctxt *, void *, char **, void *);
-#endif
-#ifdef KRB5
-/* auth and reply are really krb5_data objects, but we don't want to
- * include all of the krb5 headers here */
-int mm_auth_krb5(void *authctxt, void *auth, char **client, void *reply);
-#endif
-
/* zlib allocation hooks */
void *mm_zalloc(struct mm_master *, u_int, u_int);
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: msg.c,v 1.4 2002/07/01 16:15:25 deraadt Exp $");
+RCSID("$OpenBSD: msg.c,v 1.6 2003/06/28 16:23:06 deraadt Exp $");
#include "buffer.h"
#include "getput.h"
PUT_32BIT(buf, mlen + 1);
buf[4] = type; /* 1st byte of payload is mesg-type */
- if (atomicio(write, fd, buf, sizeof(buf)) != sizeof(buf))
+ if (atomicio(vwrite, fd, buf, sizeof(buf)) != sizeof(buf))
fatal("ssh_msg_send: write");
- if (atomicio(write, fd, buffer_ptr(m), mlen) != mlen)
+ if (atomicio(vwrite, fd, buffer_ptr(m), mlen) != mlen)
fatal("ssh_msg_send: write");
}
-/* $OpenBSD: msg.h,v 1.1 2002/05/23 19:24:30 markus Exp $ */
+/* $OpenBSD: msg.h,v 1.2 2002/12/19 00:07:02 djm Exp $ */
/*
* Copyright (c) 2002 Markus Friedl. All rights reserved.
*
--- /dev/null
+/* $OpenBSD: basename.c,v 1.11 2003/06/17 21:56:23 millert Exp $ */
+
+/*
+ * Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+#ifndef HAVE_BASENAME
+
+#ifndef lint
+static char rcsid[] = "$OpenBSD: basename.c,v 1.11 2003/06/17 21:56:23 millert Exp $";
+#endif /* not lint */
+
+char *
+basename(const char *path)
+{
+ static char bname[MAXPATHLEN];
+ register const char *endp, *startp;
+
+ /* Empty or NULL string gets treated as "." */
+ if (path == NULL || *path == '\0') {
+ (void)strlcpy(bname, ".", sizeof bname);
+ return(bname);
+ }
+
+ /* Strip trailing slashes */
+ endp = path + strlen(path) - 1;
+ while (endp > path && *endp == '/')
+ endp--;
+
+ /* All slashes become "/" */
+ if (endp == path && *endp == '/') {
+ (void)strlcpy(bname, "/", sizeof bname);
+ return(bname);
+ }
+
+ /* Find the start of the base */
+ startp = endp;
+ while (startp > path && *(startp - 1) != '/')
+ startp--;
+
+ if (endp - startp + 2 > sizeof(bname)) {
+ errno = ENAMETOOLONG;
+ return(NULL);
+ }
+ strlcpy(bname, startp, endp - startp + 2);
+ return(bname);
+}
+
+#endif /* !defined(HAVE_BASENAME) */
+++ /dev/null
-/* $Id$ */
-
-#ifndef _BSD_BINDRESVPORT_H
-#define _BSD_BINDRESVPORT_H
-
-#include "config.h"
-
-#ifndef HAVE_BINDRESVPORT_SA
-int bindresvport_sa(int sd, struct sockaddr *sa);
-#endif /* !HAVE_BINDRESVPORT_SA */
-
-#endif /* _BSD_BINDRESVPORT_H */
getpeereid(int s, uid_t *euid, gid_t *gid)
{
struct ucred cred;
- size_t len = sizeof(cred);
+ socklen_t len = sizeof(cred);
if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, &cred, &len) < 0)
return (-1);
+++ /dev/null
-/* $Id$ */
-
-#ifndef _BSD_GETPEEREID_H
-#define _BSD_GETPEEREID_H
-
-#include "config.h"
-
-#include <sys/types.h> /* For uid_t, gid_t */
-
-#ifndef HAVE_GETPEEREID
-int getpeereid(int , uid_t *, gid_t *);
-#endif /* HAVE_GETPEEREID */
-
-#endif /* _BSD_GETPEEREID_H */
+/* $Id$ */
+
/*
- * Copyright (c) 1999-2000 Damien Miller. All rights reserved.
+ * Copyright (c) 1999-2003 Damien Miller. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* $Id$ */
-
#ifndef _BSD_MISC_H
#define _BSD_MISC_H
-#include "config.h"
+#include "includes.h"
-#define get_progname bsd_get_progname
-char *get_progname(char *argv0);
+char *ssh_get_progname(char *);
#ifndef HAVE_SETSID
#define setsid() setpgrp(0, getpid())
#endif /* !HAVE_SETSID */
#ifndef HAVE_SETENV
-int setenv(const char *name, const char *value, int overwrite);
+int setenv(const char *, const char *, int);
#endif /* !HAVE_SETENV */
#ifndef HAVE_SETLOGIN
-int setlogin(const char *name);
+int setlogin(const char *);
#endif /* !HAVE_SETLOGIN */
#ifndef HAVE_INNETGR
-int innetgr(const char *netgroup, const char *host,
- const char *user, const char *domain);
+int innetgr(const char *, const char *, const char *, const char *);
#endif /* HAVE_INNETGR */
#if !defined(HAVE_SETEUID) && defined(HAVE_SETREUID)
-int seteuid(uid_t euid);
+int seteuid(uid_t);
#endif /* !defined(HAVE_SETEUID) && defined(HAVE_SETREUID) */
#if !defined(HAVE_SETEGID) && defined(HAVE_SETRESGID)
-int setegid(uid_t egid);
+int setegid(uid_t);
#endif /* !defined(HAVE_SETEGID) && defined(HAVE_SETRESGID) */
#if !defined(HAVE_STRERROR) && defined(HAVE_SYS_ERRLIST) && defined(HAVE_SYS_NERR)
-const char *strerror(int e);
+const char *strerror(int);
#endif
}
#endif /* HAVE_STRUCT_TIMEVAL */
-int utimes(char *filename, struct timeval *tvp);
+int utimes(char *, struct timeval *);
#endif /* HAVE_UTIMES */
#ifndef HAVE_TRUNCATE
-int truncate (const char *path, off_t length);
+int truncate (const char *, off_t);
#endif /* HAVE_TRUNCATE */
#if !defined(HAVE_SETGROUPS) && defined(SETGROUPS_NOOP)
-int setgroups(size_t size, const gid_t *list);
+int setgroups(size_t, const gid_t *);
+#endif
+
+#if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP)
+#ifndef HAVE_STRUCT_TIMESPEC
+struct timespec {
+ time_t tv_sec;
+ long tv_nsec;
+};
#endif
+int nanosleep(const struct timespec *, struct timespec *);
+#endif
+
+#ifndef HAVE_TCGETPGRP
+pid_t tcgetpgrp(int);
+#endif
+
+#ifndef HAVE_TCSENDBREAK
+int tcsendbreak(int, int);
+#endif
+
+/* wrapper for signal interface */
+typedef void (*mysig_t)(int);
+mysig_t mysignal(int sig, mysig_t act);
+#define signal(a,b) mysignal(a,b)
#endif /* _BSD_MISC_H */
+++ /dev/null
-/* $Id$ */
-
-#ifndef _BSD_SNPRINTF_H
-#define _BSD_SNPRINTF_H
-
-#include "config.h"
-
-#include <sys/types.h> /* For size_t */
-
-#ifndef HAVE_SNPRINTF
-int snprintf(char *str, size_t count, const char *fmt, ...);
-#endif /* !HAVE_SNPRINTF */
-
-#ifndef HAVE_VSNPRINTF
-int vsnprintf(char *str, size_t count, const char *fmt, va_list args);
-#endif /* !HAVE_SNPRINTF */
-
-
-#endif /* _BSD_SNPRINTF_H */
+++ /dev/null
-/* $Id$ */
-
-#ifndef _BSD_DAEMON_H
-#define _BSD_DAEMON_H
-
-#include "config.h"
-#ifndef HAVE_DAEMON
-int daemon(int nochdir, int noclose);
-#endif /* !HAVE_DAEMON */
-
-#endif /* _BSD_DAEMON_H */
+++ /dev/null
-#ifndef HAVE_DIRNAME
-
-char *dirname(const char *path);
-
-#endif
+++ /dev/null
-/*
- * fake library for ssh
- *
- * This file is included in getaddrinfo.c and getnameinfo.c.
- * See getaddrinfo.c and getnameinfo.c.
- */
-
-/* $Id$ */
-
-/* for old netdb.h */
-#ifndef EAI_NODATA
-#define EAI_NODATA 1
-#define EAI_MEMORY 2
-#endif
+++ /dev/null
-/*
- * fake library for ssh
- *
- * This file includes getaddrinfo(), freeaddrinfo() and gai_strerror().
- * These funtions are defined in rfc2133.
- *
- * But these functions are not implemented correctly. The minimum subset
- * is implemented for ssh use only. For exapmle, this routine assumes
- * that ai_family is AF_INET. Don't use it for another purpose.
- */
-
-#include "includes.h"
-#include "ssh.h"
-
-RCSID("$Id$");
-
-#ifndef HAVE_GAI_STRERROR
-char *gai_strerror(int ecode)
-{
- switch (ecode) {
- case EAI_NODATA:
- return "no address associated with hostname.";
- case EAI_MEMORY:
- return "memory allocation failure.";
- default:
- return "unknown error.";
- }
-}
-#endif /* !HAVE_GAI_STRERROR */
-
-#ifndef HAVE_FREEADDRINFO
-void freeaddrinfo(struct addrinfo *ai)
-{
- struct addrinfo *next;
-
- do {
- next = ai->ai_next;
- free(ai);
- } while (NULL != (ai = next));
-}
-#endif /* !HAVE_FREEADDRINFO */
-
-#ifndef HAVE_GETADDRINFO
-static struct addrinfo *malloc_ai(int port, u_long addr)
-{
- struct addrinfo *ai;
-
- ai = malloc(sizeof(struct addrinfo) + sizeof(struct sockaddr_in));
- if (ai == NULL)
- return(NULL);
-
- memset(ai, 0, sizeof(struct addrinfo) + sizeof(struct sockaddr_in));
-
- ai->ai_addr = (struct sockaddr *)(ai + 1);
- /* XXX -- ssh doesn't use sa_len */
- ai->ai_addrlen = sizeof(struct sockaddr_in);
- ai->ai_addr->sa_family = ai->ai_family = AF_INET;
-
- ((struct sockaddr_in *)(ai)->ai_addr)->sin_port = port;
- ((struct sockaddr_in *)(ai)->ai_addr)->sin_addr.s_addr = addr;
-
- return(ai);
-}
-
-int getaddrinfo(const char *hostname, const char *servname,
- const struct addrinfo *hints, struct addrinfo **res)
-{
- struct addrinfo *cur, *prev = NULL;
- struct hostent *hp;
- struct in_addr in;
- int i, port;
-
- if (servname)
- port = htons(atoi(servname));
- else
- port = 0;
-
- if (hints && hints->ai_flags & AI_PASSIVE) {
- if (NULL != (*res = malloc_ai(port, htonl(0x00000000))))
- return 0;
- else
- return EAI_MEMORY;
- }
-
- if (!hostname) {
- if (NULL != (*res = malloc_ai(port, htonl(0x7f000001))))
- return 0;
- else
- return EAI_MEMORY;
- }
-
- if (inet_aton(hostname, &in)) {
- if (NULL != (*res = malloc_ai(port, in.s_addr)))
- return 0;
- else
- return EAI_MEMORY;
- }
-
- hp = gethostbyname(hostname);
- if (hp && hp->h_name && hp->h_name[0] && hp->h_addr_list[0]) {
- for (i = 0; hp->h_addr_list[i]; i++) {
- cur = malloc_ai(port, ((struct in_addr *)hp->h_addr_list[i])->s_addr);
- if (cur == NULL) {
- if (*res)
- freeaddrinfo(*res);
- return EAI_MEMORY;
- }
-
- if (prev)
- prev->ai_next = cur;
- else
- *res = cur;
-
- prev = cur;
- }
- return 0;
- }
-
- return EAI_NODATA;
-}
-#endif /* !HAVE_GETADDRINFO */
+++ /dev/null
-/* $Id$ */
-
-#ifndef _FAKE_GETADDRINFO_H
-#define _FAKE_GETADDRINFO_H
-
-#include "config.h"
-
-#include "fake-gai-errnos.h"
-
-#ifndef AI_PASSIVE
-# define AI_PASSIVE 1
-# define AI_CANONNAME 2
-#endif
-
-#ifndef NI_NUMERICHOST
-# define NI_NUMERICHOST 2
-# define NI_NAMEREQD 4
-# define NI_NUMERICSERV 8
-#endif
-
-#ifndef HAVE_STRUCT_ADDRINFO
-struct addrinfo {
- int ai_flags; /* AI_PASSIVE, AI_CANONNAME */
- int ai_family; /* PF_xxx */
- int ai_socktype; /* SOCK_xxx */
- int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */
- size_t ai_addrlen; /* length of ai_addr */
- char *ai_canonname; /* canonical name for hostname */
- struct sockaddr *ai_addr; /* binary address */
- struct addrinfo *ai_next; /* next structure in linked list */
-};
-#endif /* !HAVE_STRUCT_ADDRINFO */
-
-#ifndef HAVE_GETADDRINFO
-int getaddrinfo(const char *hostname, const char *servname,
- const struct addrinfo *hints, struct addrinfo **res);
-#endif /* !HAVE_GETADDRINFO */
-
-#ifndef HAVE_GAI_STRERROR
-char *gai_strerror(int ecode);
-#endif /* !HAVE_GAI_STRERROR */
-
-#ifndef HAVE_FREEADDRINFO
-void freeaddrinfo(struct addrinfo *ai);
-#endif /* !HAVE_FREEADDRINFO */
-
-#endif /* _FAKE_GETADDRINFO_H */
+++ /dev/null
-/*
- * fake library for ssh
- *
- * This file includes getnameinfo().
- * These funtions are defined in rfc2133.
- *
- * But these functions are not implemented correctly. The minimum subset
- * is implemented for ssh use only. For exapmle, this routine assumes
- * that ai_family is AF_INET. Don't use it for another purpose.
- */
-
-#include "includes.h"
-#include "ssh.h"
-
-RCSID("$Id$");
-
-#ifndef HAVE_GETNAMEINFO
-int getnameinfo(const struct sockaddr *sa, size_t salen, char *host,
- size_t hostlen, char *serv, size_t servlen, int flags)
-{
- struct sockaddr_in *sin = (struct sockaddr_in *)sa;
- struct hostent *hp;
- char tmpserv[16];
-
- if (serv) {
- snprintf(tmpserv, sizeof(tmpserv), "%d", ntohs(sin->sin_port));
- if (strlen(tmpserv) >= servlen)
- return EAI_MEMORY;
- else
- strcpy(serv, tmpserv);
- }
-
- if (host) {
- if (flags & NI_NUMERICHOST) {
- if (strlen(inet_ntoa(sin->sin_addr)) >= hostlen)
- return EAI_MEMORY;
-
- strcpy(host, inet_ntoa(sin->sin_addr));
- return 0;
- } else {
- hp = gethostbyaddr((char *)&sin->sin_addr,
- sizeof(struct in_addr), AF_INET);
- if (hp == NULL)
- return EAI_NODATA;
-
- if (strlen(hp->h_name) >= hostlen)
- return EAI_MEMORY;
-
- strcpy(host, hp->h_name);
- return 0;
- }
- }
- return 0;
-}
-#endif /* !HAVE_GETNAMEINFO */
+++ /dev/null
-/* $Id$ */
-
-#ifndef _FAKE_GETNAMEINFO_H
-#define _FAKE_GETNAMEINFO_H
-
-#include "config.h"
-
-#ifndef HAVE_GETNAMEINFO
-int getnameinfo(const struct sockaddr *sa, size_t salen, char *host,
- size_t hostlen, char *serv, size_t servlen, int flags);
-#endif /* !HAVE_GETNAMEINFO */
-
-#ifndef NI_MAXSERV
-# define NI_MAXSERV 32
-#endif /* !NI_MAXSERV */
-#ifndef NI_MAXHOST
-# define NI_MAXHOST 1025
-#endif /* !NI_MAXHOST */
-
-#endif /* _FAKE_GETNAMEINFO_H */
--- /dev/null
+/*
+ * Copyright (C) 2000-2003 Damien Miller. All rights reserved.
+ * Copyright (C) 1999 WIDE Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Pseudo-implementation of RFC2553 name / address resolution functions
+ *
+ * But these functions are not implemented correctly. The minimum subset
+ * is implemented for ssh use only. For example, this routine assumes
+ * that ai_family is AF_INET. Don't use it for another purpose.
+ */
+
+#include "includes.h"
+
+RCSID("$Id$");
+
+#ifndef HAVE_GETNAMEINFO
+int getnameinfo(const struct sockaddr *sa, size_t salen, char *host,
+ size_t hostlen, char *serv, size_t servlen, int flags)
+{
+ struct sockaddr_in *sin = (struct sockaddr_in *)sa;
+ struct hostent *hp;
+ char tmpserv[16];
+
+ if (serv != NULL) {
+ snprintf(tmpserv, sizeof(tmpserv), "%d", ntohs(sin->sin_port));
+ if (strlcpy(serv, tmpserv, servlen) >= servlen)
+ return (EAI_MEMORY);
+ }
+
+ if (host != NULL) {
+ if (flags & NI_NUMERICHOST) {
+ if (strlcpy(host, inet_ntoa(sin->sin_addr),
+ hostlen) >= hostlen)
+ return (EAI_MEMORY);
+ else
+ return (0);
+ } else {
+ hp = gethostbyaddr((char *)&sin->sin_addr,
+ sizeof(struct in_addr), AF_INET);
+ if (hp == NULL)
+ return (EAI_NODATA);
+
+ if (strlcpy(host, hp->h_name, hostlen) >= hostlen)
+ return (EAI_MEMORY);
+ else
+ return (0);
+ }
+ }
+ return (0);
+}
+#endif /* !HAVE_GETNAMEINFO */
+
+#ifndef HAVE_GAI_STRERROR
+char *
+gai_strerror(int err)
+{
+ switch (err) {
+ case EAI_NODATA:
+ return ("no address associated with name");
+ case EAI_MEMORY:
+ return ("memory allocation failure.");
+ case EAI_NONAME:
+ return ("nodename nor servname provided, or not known");
+ default:
+ return ("unknown/invalid error.");
+ }
+}
+#endif /* !HAVE_GAI_STRERROR */
+
+#ifndef HAVE_FREEADDRINFO
+void
+freeaddrinfo(struct addrinfo *ai)
+{
+ struct addrinfo *next;
+
+ for(; ai != NULL;) {
+ next = ai->ai_next;
+ free(ai);
+ ai = next;
+ }
+}
+#endif /* !HAVE_FREEADDRINFO */
+
+#ifndef HAVE_GETADDRINFO
+static struct
+addrinfo *malloc_ai(int port, u_long addr, const struct addrinfo *hints)
+{
+ struct addrinfo *ai;
+
+ ai = malloc(sizeof(*ai) + sizeof(struct sockaddr_in));
+ if (ai == NULL)
+ return (NULL);
+
+ memset(ai, '\0', sizeof(*ai) + sizeof(struct sockaddr_in));
+
+ ai->ai_addr = (struct sockaddr *)(ai + 1);
+ /* XXX -- ssh doesn't use sa_len */
+ ai->ai_addrlen = sizeof(struct sockaddr_in);
+ ai->ai_addr->sa_family = ai->ai_family = AF_INET;
+
+ ((struct sockaddr_in *)(ai)->ai_addr)->sin_port = port;
+ ((struct sockaddr_in *)(ai)->ai_addr)->sin_addr.s_addr = addr;
+
+ /* XXX: the following is not generally correct, but does what we want */
+ if (hints->ai_socktype)
+ ai->ai_socktype = hints->ai_socktype;
+ else
+ ai->ai_socktype = SOCK_STREAM;
+
+ if (hints->ai_protocol)
+ ai->ai_protocol = hints->ai_protocol;
+
+ return (ai);
+}
+
+int
+getaddrinfo(const char *hostname, const char *servname,
+ const struct addrinfo *hints, struct addrinfo **res)
+{
+ struct hostent *hp;
+ struct servent *sp;
+ struct in_addr in;
+ int i;
+ long int port;
+ u_long addr;
+
+ port = 0;
+ if (servname != NULL) {
+ char *cp;
+
+ port = strtol(servname, &cp, 10);
+ if (port > 0 && port <= 65535 && *cp == '\0')
+ port = htons(port);
+ else if ((sp = getservbyname(servname, NULL)) != NULL)
+ port = sp->s_port;
+ else
+ port = 0;
+ }
+
+ if (hints && hints->ai_flags & AI_PASSIVE) {
+ addr = htonl(0x00000000);
+ if (hostname && inet_aton(hostname, &in) != 0)
+ addr = in.s_addr;
+ *res = malloc_ai(port, addr, hints);
+ if (*res == NULL)
+ return (EAI_MEMORY);
+ return (0);
+ }
+
+ if (!hostname) {
+ *res = malloc_ai(port, htonl(0x7f000001), hints);
+ if (*res == NULL)
+ return (EAI_MEMORY);
+ return (0);
+ }
+
+ if (inet_aton(hostname, &in)) {
+ *res = malloc_ai(port, in.s_addr, hints);
+ if (*res == NULL)
+ return (EAI_MEMORY);
+ return (0);
+ }
+
+ /* Don't try DNS if AI_NUMERICHOST is set */
+ if (hints && hints->ai_flags & AI_NUMERICHOST)
+ return (EAI_NONAME);
+
+ hp = gethostbyname(hostname);
+ if (hp && hp->h_name && hp->h_name[0] && hp->h_addr_list[0]) {
+ struct addrinfo *cur, *prev;
+
+ cur = prev = *res = NULL;
+ for (i = 0; hp->h_addr_list[i]; i++) {
+ struct in_addr *in = (struct in_addr *)hp->h_addr_list[i];
+
+ cur = malloc_ai(port, in->s_addr, hints);
+ if (cur == NULL) {
+ if (*res != NULL)
+ freeaddrinfo(*res);
+ return (EAI_MEMORY);
+ }
+ if (prev)
+ prev->ai_next = cur;
+ else
+ *res = cur;
+
+ prev = cur;
+ }
+ return (0);
+ }
+
+ return (EAI_NODATA);
+}
+#endif /* !HAVE_GETADDRINFO */
--- /dev/null
+/* $Id$ */
+
+/*
+ * Copyright (C) 2000-2003 Damien Miller. All rights reserved.
+ * Copyright (C) 1999 WIDE Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * Pseudo-implementation of RFC2553 name / address resolution functions
+ *
+ * But these functions are not implemented correctly. The minimum subset
+ * is implemented for ssh use only. For example, this routine assumes
+ * that ai_family is AF_INET. Don't use it for another purpose.
+ */
+
+#ifndef _FAKE_RFC2553_H
+#define _FAKE_RFC2553_H
+
+#include "includes.h"
+#include "sys/types.h"
+
+/*
+ * First, socket and INET6 related definitions
+ */
+#ifndef HAVE_STRUCT_SOCKADDR_STORAGE
+# define _SS_MAXSIZE 128 /* Implementation specific max size */
+# define _SS_PADSIZE (_SS_MAXSIZE - sizeof (struct sockaddr))
+struct sockaddr_storage {
+ struct sockaddr ss_sa;
+ char __ss_pad2[_SS_PADSIZE];
+};
+# define ss_family ss_sa.sa_family
+#endif /* !HAVE_STRUCT_SOCKADDR_STORAGE */
+
+#ifndef IN6_IS_ADDR_LOOPBACK
+# define IN6_IS_ADDR_LOOPBACK(a) \
+ (((u_int32_t *)(a))[0] == 0 && ((u_int32_t *)(a))[1] == 0 && \
+ ((u_int32_t *)(a))[2] == 0 && ((u_int32_t *)(a))[3] == htonl(1))
+#endif /* !IN6_IS_ADDR_LOOPBACK */
+
+#ifndef HAVE_STRUCT_IN6_ADDR
+struct in6_addr {
+ u_int8_t s6_addr[16];
+};
+#endif /* !HAVE_STRUCT_IN6_ADDR */
+
+#ifndef HAVE_STRUCT_SOCKADDR_IN6
+struct sockaddr_in6 {
+ unsigned short sin6_family;
+ u_int16_t sin6_port;
+ u_int32_t sin6_flowinfo;
+ struct in6_addr sin6_addr;
+};
+#endif /* !HAVE_STRUCT_SOCKADDR_IN6 */
+
+#ifndef AF_INET6
+/* Define it to something that should never appear */
+#define AF_INET6 AF_MAX
+#endif
+
+/*
+ * Next, RFC2553 name / address resolution API
+ */
+
+#ifndef NI_NUMERICHOST
+# define NI_NUMERICHOST (1)
+#endif
+#ifndef NI_NAMEREQD
+# define NI_NAMEREQD (1<<1)
+#endif
+#ifndef NI_NUMERICSERV
+# define NI_NUMERICSERV (1<<2)
+#endif
+
+#ifndef AI_PASSIVE
+# define AI_PASSIVE (1)
+#endif
+#ifndef AI_CANONNAME
+# define AI_CANONNAME (1<<1)
+#endif
+#ifndef AI_NUMERICHOST
+# define AI_NUMERICHOST (1<<2)
+#endif
+
+#ifndef NI_MAXSERV
+# define NI_MAXSERV 32
+#endif /* !NI_MAXSERV */
+#ifndef NI_MAXHOST
+# define NI_MAXHOST 1025
+#endif /* !NI_MAXHOST */
+
+#ifndef EAI_NODATA
+# define EAI_NODATA 1
+# define EAI_MEMORY 2
+# define EAI_NONAME 3
+#endif
+
+#ifndef HAVE_STRUCT_ADDRINFO
+struct addrinfo {
+ int ai_flags; /* AI_PASSIVE, AI_CANONNAME */
+ int ai_family; /* PF_xxx */
+ int ai_socktype; /* SOCK_xxx */
+ int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */
+ size_t ai_addrlen; /* length of ai_addr */
+ char *ai_canonname; /* canonical name for hostname */
+ struct sockaddr *ai_addr; /* binary address */
+ struct addrinfo *ai_next; /* next structure in linked list */
+};
+#endif /* !HAVE_STRUCT_ADDRINFO */
+
+#ifndef HAVE_GETADDRINFO
+int getaddrinfo(const char *, const char *,
+ const struct addrinfo *, struct addrinfo **);
+#endif /* !HAVE_GETADDRINFO */
+
+#ifndef HAVE_GAI_STRERROR
+char *gai_strerror(int);
+#endif /* !HAVE_GAI_STRERROR */
+
+#ifndef HAVE_FREEADDRINFO
+void freeaddrinfo(struct addrinfo *);
+#endif /* !HAVE_FREEADDRINFO */
+
+#ifndef HAVE_GETNAMEINFO
+int getnameinfo(const struct sockaddr *, size_t, char *, size_t,
+ char *, size_t, int);
+#endif /* !HAVE_GETNAMEINFO */
+
+#endif /* !_FAKE_RFC2553_H */
+
+++ /dev/null
-/* $Id$ */
-
-#ifndef _FAKE_SOCKET_H
-#define _FAKE_SOCKET_H
-
-#include "config.h"
-#include "sys/types.h"
-
-#ifndef HAVE_STRUCT_SOCKADDR_STORAGE
-# define _SS_MAXSIZE 128 /* Implementation specific max size */
-# define _SS_PADSIZE (_SS_MAXSIZE - sizeof (struct sockaddr))
-
-struct sockaddr_storage {
- struct sockaddr ss_sa;
- char __ss_pad2[_SS_PADSIZE];
-};
-# define ss_family ss_sa.sa_family
-#endif /* !HAVE_STRUCT_SOCKADDR_STORAGE */
-
-#ifndef IN6_IS_ADDR_LOOPBACK
-# define IN6_IS_ADDR_LOOPBACK(a) \
- (((u_int32_t *) (a))[0] == 0 && ((u_int32_t *) (a))[1] == 0 && \
- ((u_int32_t *) (a))[2] == 0 && ((u_int32_t *) (a))[3] == htonl (1))
-#endif /* !IN6_IS_ADDR_LOOPBACK */
-
-#ifndef HAVE_STRUCT_IN6_ADDR
-struct in6_addr {
- u_int8_t s6_addr[16];
-};
-#endif /* !HAVE_STRUCT_IN6_ADDR */
-
-#ifndef HAVE_STRUCT_SOCKADDR_IN6
-struct sockaddr_in6 {
- unsigned short sin6_family;
- u_int16_t sin6_port;
- u_int32_t sin6_flowinfo;
- struct in6_addr sin6_addr;
-};
-#endif /* !HAVE_STRUCT_SOCKADDR_IN6 */
-
-#ifndef AF_INET6
-/* Define it to something that should never appear */
-#define AF_INET6 AF_MAX
-#endif
-
-#endif /* !_FAKE_SOCKET_H */
-
+++ /dev/null
-/* $Id$ */
-
-#ifndef _BSD_GETCWD_H
-#define _BSD_GETCWD_H
-#include "config.h"
-
-#if !defined(HAVE_GETCWD)
-
-char *getcwd(char *pt, size_t size);
-
-#endif /* !defined(HAVE_GETCWD) */
-#endif /* _BSD_GETCWD_H */
+++ /dev/null
-/* $Id$ */
-
-#ifndef _BSD_GETGROUPLIST_H
-#define _BSD_GETGROUPLIST_H
-
-#include "config.h"
-
-#ifndef HAVE_GETGROUPLIST
-
-#include <grp.h>
-
-int getgrouplist(const char *, gid_t, gid_t *, int *);
-
-#endif
-
-#endif
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
+ * 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
#if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET)
#if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$OpenBSD: getopt.c,v 1.2 1996/08/19 08:33:32 tholo Exp $";
+static char *rcsid = "$OpenBSD: getopt.c,v 1.5 2003/06/02 20:18:37 millert Exp $";
#endif /* LIBC_SCCS and not lint */
#include <stdio.h>
static char *place = EMSG; /* option letter processing */
char *oli; /* option letter list index */
+ if (ostr == NULL)
+ return (-1);
+
if (BSDoptreset || !*place) { /* update scanning pointer */
BSDoptreset = 0;
if (BSDoptind >= nargc || *(place = nargv[BSDoptind]) != '-') {
+++ /dev/null
-/* $Id$ */
-
-#ifndef _BSDGETOPT_H
-#define _BSDGETOPT_H
-
-#include "config.h"
-
-#if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET)
-
-int BSDgetopt(int argc, char * const *argv, const char *opts);
-
-#endif
-
-#endif /* _BSDGETOPT_H */
--- /dev/null
+/* $OpenBSD: getrrsetbyname.c,v 1.7 2003/03/07 07:34:14 itojun Exp $ */
+
+/*
+ * Copyright (c) 2001 Jakob Schlyter. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Portions Copyright (c) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+ * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+
+#if defined(DNS) && !defined(HAVE_GETRRSETBYNAME)
+
+#include "getrrsetbyname.h"
+
+/* #include "thread_private.h" */
+
+#define ANSWER_BUFFER_SIZE 1024*64
+
+struct dns_query {
+ char *name;
+ u_int16_t type;
+ u_int16_t class;
+ struct dns_query *next;
+};
+
+struct dns_rr {
+ char *name;
+ u_int16_t type;
+ u_int16_t class;
+ u_int16_t ttl;
+ u_int16_t size;
+ void *rdata;
+ struct dns_rr *next;
+};
+
+struct dns_response {
+ HEADER header;
+ struct dns_query *query;
+ struct dns_rr *answer;
+ struct dns_rr *authority;
+ struct dns_rr *additional;
+};
+
+static struct dns_response *parse_dns_response(const u_char *, int);
+static struct dns_query *parse_dns_qsection(const u_char *, int,
+ const u_char **, int);
+static struct dns_rr *parse_dns_rrsection(const u_char *, int, const u_char **,
+ int);
+
+static void free_dns_query(struct dns_query *);
+static void free_dns_rr(struct dns_rr *);
+static void free_dns_response(struct dns_response *);
+
+static int count_dns_rr(struct dns_rr *, u_int16_t, u_int16_t);
+
+/*
+ * Inline versions of get/put short/long. Pointer is advanced.
+ *
+ * These macros demonstrate the property of C whereby it can be
+ * portable or it can be elegant but rarely both.
+ */
+
+#ifndef INT32SZ
+# define INT32SZ 4
+#endif
+#ifndef INT16SZ
+# define INT16SZ 2
+#endif
+
+#ifndef GETSHORT
+#define GETSHORT(s, cp) { \
+ register u_char *t_cp = (u_char *)(cp); \
+ (s) = ((u_int16_t)t_cp[0] << 8) \
+ | ((u_int16_t)t_cp[1]) \
+ ; \
+ (cp) += INT16SZ; \
+}
+#endif
+
+#ifndef GETLONG
+#define GETLONG(l, cp) { \
+ register u_char *t_cp = (u_char *)(cp); \
+ (l) = ((u_int32_t)t_cp[0] << 24) \
+ | ((u_int32_t)t_cp[1] << 16) \
+ | ((u_int32_t)t_cp[2] << 8) \
+ | ((u_int32_t)t_cp[3]) \
+ ; \
+ (cp) += INT32SZ; \
+}
+#endif
+
+/*
+ * Routines to insert/extract short/long's.
+ */
+
+#ifndef HAVE__GETSHORT
+static u_int16_t
+_getshort(msgp)
+ register const u_char *msgp;
+{
+ register u_int16_t u;
+
+ GETSHORT(u, msgp);
+ return (u);
+}
+#endif
+
+#ifndef HAVE__GETLONG
+static u_int32_t
+_getlong(msgp)
+ register const u_char *msgp;
+{
+ register u_int32_t u;
+
+ GETLONG(u, msgp);
+ return (u);
+}
+#endif
+
+int
+getrrsetbyname(const char *hostname, unsigned int rdclass,
+ unsigned int rdtype, unsigned int flags,
+ struct rrsetinfo **res)
+{
+ struct __res_state *_resp = &_res;
+ int result;
+ struct rrsetinfo *rrset = NULL;
+ struct dns_response *response;
+ struct dns_rr *rr;
+ struct rdatainfo *rdata;
+ int length;
+ unsigned int index_ans, index_sig;
+ u_char answer[ANSWER_BUFFER_SIZE];
+
+ /* check for invalid class and type */
+ if (rdclass > 0xffff || rdtype > 0xffff) {
+ result = ERRSET_INVAL;
+ goto fail;
+ }
+
+ /* don't allow queries of class or type ANY */
+ if (rdclass == 0xff || rdtype == 0xff) {
+ result = ERRSET_INVAL;
+ goto fail;
+ }
+
+ /* don't allow flags yet, unimplemented */
+ if (flags) {
+ result = ERRSET_INVAL;
+ goto fail;
+ }
+
+ /* initialize resolver */
+ if ((_resp->options & RES_INIT) == 0 && res_init() == -1) {
+ result = ERRSET_FAIL;
+ goto fail;
+ }
+
+#ifdef DEBUG
+ _resp->options |= RES_DEBUG;
+#endif /* DEBUG */
+
+#ifdef RES_USE_DNSSEC
+ /* turn on DNSSEC if EDNS0 is configured */
+ if (_resp->options & RES_USE_EDNS0)
+ _resp->options |= RES_USE_DNSSEC;
+#endif /* RES_USE_DNSEC */
+
+ /* make query */
+ length = res_query(hostname, (signed int) rdclass, (signed int) rdtype,
+ answer, sizeof(answer));
+ if (length < 0) {
+ switch(h_errno) {
+ case HOST_NOT_FOUND:
+ result = ERRSET_NONAME;
+ goto fail;
+ case NO_DATA:
+ result = ERRSET_NODATA;
+ goto fail;
+ default:
+ result = ERRSET_FAIL;
+ goto fail;
+ }
+ }
+
+ /* parse result */
+ response = parse_dns_response(answer, length);
+ if (response == NULL) {
+ result = ERRSET_FAIL;
+ goto fail;
+ }
+
+ if (response->header.qdcount != 1) {
+ result = ERRSET_FAIL;
+ goto fail;
+ }
+
+ /* initialize rrset */
+ rrset = calloc(1, sizeof(struct rrsetinfo));
+ if (rrset == NULL) {
+ result = ERRSET_NOMEMORY;
+ goto fail;
+ }
+ rrset->rri_rdclass = response->query->class;
+ rrset->rri_rdtype = response->query->type;
+ rrset->rri_ttl = response->answer->ttl;
+ rrset->rri_nrdatas = response->header.ancount;
+
+#ifdef HAVE_HEADER_AD
+ /* check for authenticated data */
+ if (response->header.ad == 1)
+ rrset->rri_flags |= RRSET_VALIDATED;
+#endif
+
+ /* copy name from answer section */
+ length = strlen(response->answer->name);
+ rrset->rri_name = malloc(length + 1);
+ if (rrset->rri_name == NULL) {
+ result = ERRSET_NOMEMORY;
+ goto fail;
+ }
+ strlcpy(rrset->rri_name, response->answer->name, length + 1);
+
+ /* count answers */
+ rrset->rri_nrdatas = count_dns_rr(response->answer, rrset->rri_rdclass,
+ rrset->rri_rdtype);
+ rrset->rri_nsigs = count_dns_rr(response->answer, rrset->rri_rdclass,
+ T_SIG);
+
+ /* allocate memory for answers */
+ rrset->rri_rdatas = calloc(rrset->rri_nrdatas,
+ sizeof(struct rdatainfo));
+ if (rrset->rri_rdatas == NULL) {
+ result = ERRSET_NOMEMORY;
+ goto fail;
+ }
+
+ /* allocate memory for signatures */
+ rrset->rri_sigs = calloc(rrset->rri_nsigs, sizeof(struct rdatainfo));
+ if (rrset->rri_sigs == NULL) {
+ result = ERRSET_NOMEMORY;
+ goto fail;
+ }
+
+ /* copy answers & signatures */
+ for (rr = response->answer, index_ans = 0, index_sig = 0;
+ rr; rr = rr->next) {
+
+ rdata = NULL;
+
+ if (rr->class == rrset->rri_rdclass &&
+ rr->type == rrset->rri_rdtype)
+ rdata = &rrset->rri_rdatas[index_ans++];
+
+ if (rr->class == rrset->rri_rdclass &&
+ rr->type == T_SIG)
+ rdata = &rrset->rri_sigs[index_sig++];
+
+ if (rdata) {
+ rdata->rdi_length = rr->size;
+ rdata->rdi_data = malloc(rr->size);
+
+ if (rdata->rdi_data == NULL) {
+ result = ERRSET_NOMEMORY;
+ goto fail;
+ }
+ memcpy(rdata->rdi_data, rr->rdata, rr->size);
+ }
+ }
+
+ *res = rrset;
+ return (ERRSET_SUCCESS);
+
+fail:
+ if (rrset != NULL)
+ freerrset(rrset);
+ return (result);
+}
+
+void
+freerrset(struct rrsetinfo *rrset)
+{
+ u_int16_t i;
+
+ if (rrset == NULL)
+ return;
+
+ if (rrset->rri_rdatas) {
+ for (i = 0; i < rrset->rri_nrdatas; i++) {
+ if (rrset->rri_rdatas[i].rdi_data == NULL)
+ break;
+ free(rrset->rri_rdatas[i].rdi_data);
+ }
+ free(rrset->rri_rdatas);
+ }
+
+ if (rrset->rri_sigs) {
+ for (i = 0; i < rrset->rri_nsigs; i++) {
+ if (rrset->rri_sigs[i].rdi_data == NULL)
+ break;
+ free(rrset->rri_sigs[i].rdi_data);
+ }
+ free(rrset->rri_sigs);
+ }
+
+ if (rrset->rri_name)
+ free(rrset->rri_name);
+ free(rrset);
+}
+
+/*
+ * DNS response parsing routines
+ */
+static struct dns_response *
+parse_dns_response(const u_char *answer, int size)
+{
+ struct dns_response *resp;
+ const u_char *cp;
+
+ /* allocate memory for the response */
+ resp = calloc(1, sizeof(*resp));
+ if (resp == NULL)
+ return (NULL);
+
+ /* initialize current pointer */
+ cp = answer;
+
+ /* copy header */
+ memcpy(&resp->header, cp, HFIXEDSZ);
+ cp += HFIXEDSZ;
+
+ /* fix header byte order */
+ resp->header.qdcount = ntohs(resp->header.qdcount);
+ resp->header.ancount = ntohs(resp->header.ancount);
+ resp->header.nscount = ntohs(resp->header.nscount);
+ resp->header.arcount = ntohs(resp->header.arcount);
+
+ /* there must be at least one query */
+ if (resp->header.qdcount < 1) {
+ free_dns_response(resp);
+ return (NULL);
+ }
+
+ /* parse query section */
+ resp->query = parse_dns_qsection(answer, size, &cp,
+ resp->header.qdcount);
+ if (resp->header.qdcount && resp->query == NULL) {
+ free_dns_response(resp);
+ return (NULL);
+ }
+
+ /* parse answer section */
+ resp->answer = parse_dns_rrsection(answer, size, &cp,
+ resp->header.ancount);
+ if (resp->header.ancount && resp->answer == NULL) {
+ free_dns_response(resp);
+ return (NULL);
+ }
+
+ /* parse authority section */
+ resp->authority = parse_dns_rrsection(answer, size, &cp,
+ resp->header.nscount);
+ if (resp->header.nscount && resp->authority == NULL) {
+ free_dns_response(resp);
+ return (NULL);
+ }
+
+ /* parse additional section */
+ resp->additional = parse_dns_rrsection(answer, size, &cp,
+ resp->header.arcount);
+ if (resp->header.arcount && resp->additional == NULL) {
+ free_dns_response(resp);
+ return (NULL);
+ }
+
+ return (resp);
+}
+
+static struct dns_query *
+parse_dns_qsection(const u_char *answer, int size, const u_char **cp, int count)
+{
+ struct dns_query *head, *curr, *prev;
+ int i, length;
+ char name[MAXDNAME];
+
+ for (i = 1, head = NULL, prev = NULL; i <= count; i++, prev = curr) {
+
+ /* allocate and initialize struct */
+ curr = calloc(1, sizeof(struct dns_query));
+ if (curr == NULL) {
+ free_dns_query(head);
+ return (NULL);
+ }
+ if (head == NULL)
+ head = curr;
+ if (prev != NULL)
+ prev->next = curr;
+
+ /* name */
+ length = dn_expand(answer, answer + size, *cp, name,
+ sizeof(name));
+ if (length < 0) {
+ free_dns_query(head);
+ return (NULL);
+ }
+ curr->name = strdup(name);
+ if (curr->name == NULL) {
+ free_dns_query(head);
+ return (NULL);
+ }
+ *cp += length;
+
+ /* type */
+ curr->type = _getshort(*cp);
+ *cp += INT16SZ;
+
+ /* class */
+ curr->class = _getshort(*cp);
+ *cp += INT16SZ;
+ }
+
+ return (head);
+}
+
+static struct dns_rr *
+parse_dns_rrsection(const u_char *answer, int size, const u_char **cp, int count)
+{
+ struct dns_rr *head, *curr, *prev;
+ int i, length;
+ char name[MAXDNAME];
+
+ for (i = 1, head = NULL, prev = NULL; i <= count; i++, prev = curr) {
+
+ /* allocate and initialize struct */
+ curr = calloc(1, sizeof(struct dns_rr));
+ if (curr == NULL) {
+ free_dns_rr(head);
+ return (NULL);
+ }
+ if (head == NULL)
+ head = curr;
+ if (prev != NULL)
+ prev->next = curr;
+
+ /* name */
+ length = dn_expand(answer, answer + size, *cp, name,
+ sizeof(name));
+ if (length < 0) {
+ free_dns_rr(head);
+ return (NULL);
+ }
+ curr->name = strdup(name);
+ if (curr->name == NULL) {
+ free_dns_rr(head);
+ return (NULL);
+ }
+ *cp += length;
+
+ /* type */
+ curr->type = _getshort(*cp);
+ *cp += INT16SZ;
+
+ /* class */
+ curr->class = _getshort(*cp);
+ *cp += INT16SZ;
+
+ /* ttl */
+ curr->ttl = _getlong(*cp);
+ *cp += INT32SZ;
+
+ /* rdata size */
+ curr->size = _getshort(*cp);
+ *cp += INT16SZ;
+
+ /* rdata itself */
+ curr->rdata = malloc(curr->size);
+ if (curr->rdata == NULL) {
+ free_dns_rr(head);
+ return (NULL);
+ }
+ memcpy(curr->rdata, *cp, curr->size);
+ *cp += curr->size;
+ }
+
+ return (head);
+}
+
+static void
+free_dns_query(struct dns_query *p)
+{
+ if (p == NULL)
+ return;
+
+ if (p->name)
+ free(p->name);
+ free_dns_query(p->next);
+ free(p);
+}
+
+static void
+free_dns_rr(struct dns_rr *p)
+{
+ if (p == NULL)
+ return;
+
+ if (p->name)
+ free(p->name);
+ if (p->rdata)
+ free(p->rdata);
+ free_dns_rr(p->next);
+ free(p);
+}
+
+static void
+free_dns_response(struct dns_response *p)
+{
+ if (p == NULL)
+ return;
+
+ free_dns_query(p->query);
+ free_dns_rr(p->answer);
+ free_dns_rr(p->authority);
+ free_dns_rr(p->additional);
+ free(p);
+}
+
+static int
+count_dns_rr(struct dns_rr *p, u_int16_t class, u_int16_t type)
+{
+ int n = 0;
+
+ while(p) {
+ if (p->class == class && p->type == type)
+ n++;
+ p = p->next;
+ }
+
+ return (n);
+}
+
+#endif /* defined(DNS) && !defined(HAVE_GETRRSETBYNAME) */
--- /dev/null
+/* $OpenBSD: getrrsetbyname.c,v 1.4 2001/08/16 18:16:43 ho Exp $ */
+
+/*
+ * Copyright (c) 2001 Jakob Schlyter. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Portions Copyright (c) 1999-2001 Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+ * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _GETRRSETBYNAME_H
+#define _GETRRSETBYNAME_H
+
+#include "includes.h"
+
+#if defined(DNS) && !defined(HAVE_GETRRSETBYNAME)
+
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <netdb.h>
+#include <resolv.h>
+
+/*
+ * Flags for getrrsetbyname()
+ */
+#ifndef RRSET_VALIDATED
+# define RRSET_VALIDATED 1
+#endif
+
+/*
+ * Return codes for getrrsetbyname()
+ */
+#ifndef ERRSET_SUCCESS
+# define ERRSET_SUCCESS 0
+# define ERRSET_NOMEMORY 1
+# define ERRSET_FAIL 2
+# define ERRSET_INVAL 3
+# define ERRSET_NONAME 4
+# define ERRSET_NODATA 5
+#endif
+
+struct rdatainfo {
+ unsigned int rdi_length; /* length of data */
+ unsigned char *rdi_data; /* record data */
+};
+
+struct rrsetinfo {
+ unsigned int rri_flags; /* RRSET_VALIDATED ... */
+ unsigned int rri_rdclass; /* class number */
+ unsigned int rri_rdtype; /* RR type number */
+ unsigned int rri_ttl; /* time to live */
+ unsigned int rri_nrdatas; /* size of rdatas array */
+ unsigned int rri_nsigs; /* size of sigs array */
+ char *rri_name; /* canonical name */
+ struct rdatainfo *rri_rdatas; /* individual records */
+ struct rdatainfo *rri_sigs; /* individual signatures */
+};
+
+int getrrsetbyname(const char *, unsigned int, unsigned int, unsigned int, struct rrsetinfo **);
+void freerrset(struct rrsetinfo *);
+
+#endif /* defined(DNS) && !defined(HAVE_GETRRSETBYNAME) */
+
+#endif /* _GETRRSETBYNAME_H */
+++ /dev/null
-/* $Id$ */
-
-#ifndef _BSD_INET_ATON_H
-#define _BSD_INET_ATON_H
-
-#include "config.h"
-
-#ifndef HAVE_INET_ATON
-int inet_aton(const char *cp, struct in_addr *addr);
-#endif /* HAVE_INET_ATON */
-
-#endif /* _BSD_INET_ATON_H */
+++ /dev/null
-/* $Id$ */
-
-#ifndef _BSD_INET_NTOA_H
-#define _BSD_INET_NTOA_H
-
-#include "config.h"
-
-#if defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA)
-char *inet_ntoa(struct in_addr in);
-#endif /* defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA) */
-
-#endif /* _BSD_INET_NTOA_H */
+++ /dev/null
-/* $Id$ */
-
-#ifndef _BSD_INET_NTOP_H
-#define _BSD_INET_NTOP_H
-
-#include "config.h"
-
-#ifndef HAVE_INET_NTOP
-const char *
-inet_ntop(int af, const void *src, char *dst, size_t size);
-#endif /* !HAVE_INET_NTOP */
-
-#endif /* _BSD_INET_NTOP_H */
+++ /dev/null
-/* $Id$ */
-
-#ifndef _BSD_MKTEMP_H
-#define _BSD_MKTEMP_H
-
-#include "config.h"
-#ifndef HAVE_MKDTEMP
-int mkstemps(char *path, int slen);
-int mkstemp(char *path);
-char *mkdtemp(char *path);
-#endif /* !HAVE_MKDTEMP */
-
-#endif /* _BSD_MKTEMP_H */
*
*/
#include "includes.h"
+#include "ssh.h"
+#include "log.h"
+#include "servconf.h"
+#include "canohost.h"
+#include "xmalloc.h"
#ifdef _AIX
#include <uinfo.h>
-#include <../xmalloc.h>
+#include "port-aix.h"
+
+extern ServerOptions options;
/*
* AIX has a "usrinfo" area where logname and other stuff is stored -
aix_usrinfo(struct passwd *pw)
{
u_int i;
+ size_t len;
char *cp;
- cp = xmalloc(16 + 2 * strlen(pw->pw_name));
- i = sprintf(cp, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, 0,
- pw->pw_name, 0);
+ len = sizeof("LOGNAME= NAME= ") + (2 * strlen(pw->pw_name));
+ cp = xmalloc(len);
+
+ i = snprintf(cp, len, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, '\0',
+ pw->pw_name, '\0');
if (usrinfo(SETUINFO, cp, i) == -1)
fatal("Couldn't set usrinfo: %s", strerror(errno));
debug3("AIX/UsrInfo: set len %d", i);
+
xfree(cp);
}
+#ifdef WITH_AIXAUTHENTICATE
+/*
+ * Remove embedded newlines in string (if any).
+ * Used before logging messages returned by AIX authentication functions
+ * so the message is logged on one line.
+ */
+void
+aix_remove_embedded_newlines(char *p)
+{
+ if (p == NULL)
+ return;
+
+ for (; *p; p++) {
+ if (*p == '\n')
+ *p = ' ';
+ }
+ /* Remove trailing whitespace */
+ if (*--p == ' ')
+ *p = '\0';
+}
+#endif /* WITH_AIXAUTHENTICATE */
+
+# ifdef CUSTOM_FAILED_LOGIN
+/*
+ * record_failed_login: generic "login failed" interface function
+ */
+void
+record_failed_login(const char *user, const char *ttyname)
+{
+ char *hostname = get_canonical_hostname(options.use_dns);
+
+ if (geteuid() != 0)
+ return;
+
+ aix_setauthdb(user);
+# ifdef AIX_LOGINFAILED_4ARG
+ loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH);
+# else
+ loginfailed((char *)user, hostname, (char *)ttyname);
+# endif
+}
+
+/*
+ * If we have setauthdb, retrieve the password registry for the user's
+ * account then feed it to setauthdb. This may load registry-specific method
+ * code. If we don't have setauthdb or have already called it this is a no-op.
+ */
+void
+aix_setauthdb(const char *user)
+{
+# ifdef HAVE_SETAUTHDB
+ static char *registry = NULL;
+
+ if (registry != NULL) /* have already done setauthdb */
+ return;
+
+ if (setuserdb(S_READ) == -1) {
+ debug3("%s: Could not open userdb to read", __func__);
+ return;
+ }
+
+ if (getuserattr((char *)user, S_REGISTRY, ®istry, SEC_CHAR) == 0) {
+ if (setauthdb(registry, NULL) == 0)
+ debug3("%s: AIX/setauthdb set registry %s", __func__,
+ registry);
+ else
+ debug3("%s: AIX/setauthdb set registry %s failed: %s",
+ __func__, registry, strerror(errno));
+ } else
+ debug3("%s: Could not read S_REGISTRY for user: %s", __func__,
+ strerror(errno));
+ enduserdb();
+# endif
+}
+# endif /* CUSTOM_FAILED_LOGIN */
#endif /* _AIX */
+/* $Id$ */
+
/*
*
* Copyright (c) 2001 Gert Doering. All rights reserved.
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
*/
#ifdef _AIX
-void aix_usrinfo(struct passwd *pw);
+
+#ifdef WITH_AIXAUTHENTICATE
+# include <login.h>
+# include <userpw.h>
+# if defined(HAVE_SYS_AUDIT_H) && defined(AIX_LOGINFAILED_4ARG)
+# include <sys/audit.h>
+# endif
+# include <usersec.h>
+#endif
+
+/* Some versions define r_type in the above headers, which causes a conflict */
+#ifdef r_type
+# undef r_type
+#endif
+
+/* AIX 4.2.x doesn't have nanosleep but does have nsleep which is equivalent */
+#if !defined(HAVE_NANOSLEEP) && defined(HAVE_NSLEEP)
+# define nanosleep(a,b) nsleep(a,b)
+#endif
+
+/* For struct timespec on AIX 4.2.x */
+#ifdef HAVE_SYS_TIMERS_H
+# include <sys/timers.h>
+#endif
+
+#ifdef WITH_AIXAUTHENTICATE
+# define CUSTOM_FAILED_LOGIN 1
+void record_failed_login(const char *, const char *);
+void aix_setauthdb(const char *);
+#endif
+
+void aix_usrinfo(struct passwd *);
+void aix_remove_embedded_newlines(char *);
#endif /* _AIX */
+/*
+ * Copyright (c) 2000 Denis Parker. All rights reserved.
+ * Copyright (c) 2000 Michael Stone. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
#include "includes.h"
-#if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
+#if defined(WITH_IRIX_PROJECT) || \
+ defined(WITH_IRIX_JOBS) || \
+ defined(WITH_IRIX_ARRAY)
#ifdef WITH_IRIX_PROJECT
-#include <proj.h>
#endif /* WITH_IRIX_PROJECT */
#ifdef WITH_IRIX_JOBS
-#include <sys/resource.h>
+# include <sys/resource.h>
#endif
#ifdef WITH_IRIX_AUDIT
-#include <sat.h>
+# include <sat.h>
#endif /* WITH_IRIX_AUDIT */
void
{
#ifdef WITH_IRIX_PROJECT
prid_t projid;
-#endif /* WITH_IRIX_PROJECT */
+#endif
#ifdef WITH_IRIX_JOBS
jid_t jid = 0;
-#else
-# ifdef WITH_IRIX_ARRAY
+#elif defined(WITH_IRIX_ARRAY)
int jid = 0;
-# endif /* WITH_IRIX_ARRAY */
-#endif /* WITH_IRIX_JOBS */
+#endif
#ifdef WITH_IRIX_JOBS
jid = jlimit_startjob(pw->pw_name, pw->pw_uid, "interactive");
-#if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
+/* $Id$ */
+
+/*
+ * Copyright (c) 2000 Denis Parker. All rights reserved.
+ * Copyright (c) 2000 Michael Stone. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _PORT_IRIX_H
+#define _PORT_IRIX_H
+
+#if defined(WITH_IRIX_PROJECT) || \
+ defined(WITH_IRIX_JOBS) || \
+ defined(WITH_IRIX_ARRAY)
void irix_setusercontext(struct passwd *pw);
#endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */
+
+#endif /* ! _PORT_IRIX_H */
+++ /dev/null
-/* $Id$ */
-
-#ifndef _BSD_REALPATH_H
-#define _BSD_REALPATH_H
-
-#include "config.h"
-
-#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH)
-
-char *realpath(const char *path, char *resolved);
-
-#endif /* !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) */
-#endif /* _BSD_REALPATH_H */
+++ /dev/null
-/* $Id$ */
-
-#ifndef _BSD_RRESVPORT_H
-#define _BSD_RRESVPORT_H
-
-#include "config.h"
-
-#ifndef HAVE_RRESVPORT_AF
-int rresvport_af(int *alport, sa_family_t af);
-#endif /* !HAVE_RRESVPORT_AF */
-
-#endif /* _BSD_RRESVPORT_H */
+++ /dev/null
-/* $Id$ */
-
-#ifndef _BSD_SETENV_H
-#define _BSD_SETENV_H
-
-#include "config.h"
-
-#ifndef HAVE_SETENV
-
-int setenv(register const char *name, register const char *value, int rewrite);
-
-#endif /* !HAVE_SETENV */
-
-#endif /* _BSD_SETENV_H */
+++ /dev/null
-/* $Id$ */
-
-#ifndef _BSD_SETPROCTITLE_H
-#define _BSD_SETPROCTITLE_H
-
-#include "config.h"
-
-#ifndef HAVE_SETPROCTITLE
-void setproctitle(const char *fmt, ...);
-#endif
-
-#endif /* _BSD_SETPROCTITLE_H */
+++ /dev/null
-/* $Id$ */
-
-#ifndef _BSD_STRLCAT_H
-#define _BSD_STRLCAT_H
-
-#include "config.h"
-#ifndef HAVE_STRLCAT
-#include <sys/types.h>
-size_t strlcat(char *dst, const char *src, size_t siz);
-#endif /* !HAVE_STRLCAT */
-
-#endif /* _BSD_STRLCAT_H */
+++ /dev/null
-/* $Id$ */
-
-#ifndef _BSD_STRLCPY_H
-#define _BSD_STRLCPY_H
-
-#include "config.h"
-#ifndef HAVE_STRLCPY
-#include <sys/types.h>
-size_t strlcpy(char *dst, const char *src, size_t siz);
-#endif /* !HAVE_STRLCPY */
-
-#endif /* _BSD_STRLCPY_H */
+++ /dev/null
-/* $Id$ */
-
-#ifndef HAVE_STRMODE
-
-void strmode(register mode_t mode, register char *p);
-
-#endif
+++ /dev/null
-/* $Id$ */
-
-#ifndef _BSD_STRSEP_H
-#define _BSD_STRSEP_H
-
-#include "config.h"
-
-#ifndef HAVE_STRSEP
-char *strsep(char **stringp, const char *delim);
-#endif /* HAVE_STRSEP */
-
-#endif /* _BSD_STRSEP_H */
--- /dev/null
+/* OPENBSD ORIGINAL: lib/libc/stdlib/strtoul.c */
+
+/*
+ * Copyright (c) 1990 Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "includes.h"
+#ifndef HAVE_STRTOUL
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char *rcsid = "$OpenBSD: strtoul.c,v 1.5 2003/06/02 20:18:38 millert Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <ctype.h>
+#include <errno.h>
+#include <limits.h>
+#include <stdlib.h>
+
+/*
+ * Convert a string to an unsigned long integer.
+ *
+ * Ignores `locale' stuff. Assumes that the upper and lower case
+ * alphabets and digits are each contiguous.
+ */
+unsigned long
+strtoul(nptr, endptr, base)
+ const char *nptr;
+ char **endptr;
+ register int base;
+{
+ register const char *s;
+ register unsigned long acc, cutoff;
+ register int c;
+ register int neg, any, cutlim;
+
+ /*
+ * See strtol for comments as to the logic used.
+ */
+ s = nptr;
+ do {
+ c = (unsigned char) *s++;
+ } while (isspace(c));
+ if (c == '-') {
+ neg = 1;
+ c = *s++;
+ } else {
+ neg = 0;
+ if (c == '+')
+ c = *s++;
+ }
+ if ((base == 0 || base == 16) &&
+ c == '0' && (*s == 'x' || *s == 'X')) {
+ c = s[1];
+ s += 2;
+ base = 16;
+ }
+ if (base == 0)
+ base = c == '0' ? 8 : 10;
+
+ cutoff = ULONG_MAX / (unsigned long)base;
+ cutlim = ULONG_MAX % (unsigned long)base;
+ for (acc = 0, any = 0;; c = (unsigned char) *s++) {
+ if (isdigit(c))
+ c -= '0';
+ else if (isalpha(c))
+ c -= isupper(c) ? 'A' - 10 : 'a' - 10;
+ else
+ break;
+ if (c >= base)
+ break;
+ if (any < 0)
+ continue;
+ if (acc > cutoff || acc == cutoff && c > cutlim) {
+ any = -1;
+ acc = ULONG_MAX;
+ errno = ERANGE;
+ } else {
+ any = 1;
+ acc *= (unsigned long)base;
+ acc += c;
+ }
+ }
+ if (neg && any > 0)
+ acc = -acc;
+ if (endptr != 0)
+ *endptr = (char *) (any ? s - 1 : nptr);
+ return (acc);
+}
+#endif /* !HAVE_STRTOUL */
-/* $OpenBSD: queue.h,v 1.22 2001/06/23 04:39:35 angelos Exp $ */
+/* $OpenBSD: queue.h,v 1.23 2003/06/02 23:28:21 millert Exp $ */
/* $NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $ */
/*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
+ * 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
-/* $OpenBSD: tree.h,v 1.6 2002/06/11 22:09:52 provos Exp $ */
+/* $OpenBSD: tree.h,v 1.7 2002/10/17 21:51:54 art Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* All rights reserved.
RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \
else \
RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \
- RB_AUGMENT(RB_PARENT(elm, field)); \
} else \
(head)->rbh_root = (tmp); \
RB_LEFT(tmp, field) = (elm); \
RB_PARENT(elm, field) = (tmp); \
RB_AUGMENT(tmp); \
+ if ((RB_PARENT(tmp, field))) \
+ RB_AUGMENT(RB_PARENT(tmp, field)); \
} while (0)
#define RB_ROTATE_RIGHT(head, elm, tmp, field) do { \
RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \
else \
RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \
- RB_AUGMENT(RB_PARENT(elm, field)); \
} else \
(head)->rbh_root = (tmp); \
RB_RIGHT(tmp, field) = (elm); \
RB_PARENT(elm, field) = (tmp); \
RB_AUGMENT(tmp); \
+ if ((RB_PARENT(tmp, field))) \
+ RB_AUGMENT(RB_PARENT(tmp, field)); \
} while (0)
/* Generates prototypes and inline functions */
--- /dev/null
+/*-
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#include "includes.h"
+#if !defined(HAVE_STRNVIS)
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: vis.c,v 1.12 2003/06/02 20:18:35 millert Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <ctype.h>
+#include <string.h>
+
+#include "vis.h"
+
+#define isoctal(c) (((u_char)(c)) >= '0' && ((u_char)(c)) <= '7')
+#define isvisible(c) (((u_int)(c) <= UCHAR_MAX && isascii((u_char)(c)) && \
+ isgraph((u_char)(c))) || \
+ ((flag & VIS_SP) == 0 && (c) == ' ') || \
+ ((flag & VIS_TAB) == 0 && (c) == '\t') || \
+ ((flag & VIS_NL) == 0 && (c) == '\n') || \
+ ((flag & VIS_SAFE) && ((c) == '\b' || \
+ (c) == '\007' || (c) == '\r' || \
+ isgraph((u_char)(c)))))
+
+/*
+ * vis - visually encode characters
+ */
+char *
+vis(dst, c, flag, nextc)
+ register char *dst;
+ int c, nextc;
+ register int flag;
+{
+ if (isvisible(c)) {
+ *dst++ = c;
+ if (c == '\\' && (flag & VIS_NOSLASH) == 0)
+ *dst++ = '\\';
+ *dst = '\0';
+ return (dst);
+ }
+
+ if (flag & VIS_CSTYLE) {
+ switch(c) {
+ case '\n':
+ *dst++ = '\\';
+ *dst++ = 'n';
+ goto done;
+ case '\r':
+ *dst++ = '\\';
+ *dst++ = 'r';
+ goto done;
+ case '\b':
+ *dst++ = '\\';
+ *dst++ = 'b';
+ goto done;
+ case '\a':
+ *dst++ = '\\';
+ *dst++ = 'a';
+ goto done;
+ case '\v':
+ *dst++ = '\\';
+ *dst++ = 'v';
+ goto done;
+ case '\t':
+ *dst++ = '\\';
+ *dst++ = 't';
+ goto done;
+ case '\f':
+ *dst++ = '\\';
+ *dst++ = 'f';
+ goto done;
+ case ' ':
+ *dst++ = '\\';
+ *dst++ = 's';
+ goto done;
+ case '\0':
+ *dst++ = '\\';
+ *dst++ = '0';
+ if (isoctal(nextc)) {
+ *dst++ = '0';
+ *dst++ = '0';
+ }
+ goto done;
+ }
+ }
+ if (((c & 0177) == ' ') || (flag & VIS_OCTAL)) {
+ *dst++ = '\\';
+ *dst++ = ((u_char)c >> 6 & 07) + '0';
+ *dst++ = ((u_char)c >> 3 & 07) + '0';
+ *dst++ = ((u_char)c & 07) + '0';
+ goto done;
+ }
+ if ((flag & VIS_NOSLASH) == 0)
+ *dst++ = '\\';
+ if (c & 0200) {
+ c &= 0177;
+ *dst++ = 'M';
+ }
+ if (iscntrl(c)) {
+ *dst++ = '^';
+ if (c == 0177)
+ *dst++ = '?';
+ else
+ *dst++ = c + '@';
+ } else {
+ *dst++ = '-';
+ *dst++ = c;
+ }
+done:
+ *dst = '\0';
+ return (dst);
+}
+
+/*
+ * strvis, strnvis, strvisx - visually encode characters from src into dst
+ *
+ * Dst must be 4 times the size of src to account for possible
+ * expansion. The length of dst, not including the trailing NULL,
+ * is returned.
+ *
+ * Strnvis will write no more than siz-1 bytes (and will NULL terminate).
+ * The number of bytes needed to fully encode the string is returned.
+ *
+ * Strvisx encodes exactly len bytes from src into dst.
+ * This is useful for encoding a block of data.
+ */
+int
+strvis(dst, src, flag)
+ register char *dst;
+ register const char *src;
+ int flag;
+{
+ register char c;
+ char *start;
+
+ for (start = dst; (c = *src);)
+ dst = vis(dst, c, flag, *++src);
+ *dst = '\0';
+ return (dst - start);
+}
+
+int
+strnvis(dst, src, siz, flag)
+ char *dst;
+ const char *src;
+ size_t siz;
+ int flag;
+{
+ char c;
+ char *start, *end;
+ char tbuf[5];
+ int i;
+
+ i = 0;
+ for (start = dst, end = start + siz - 1; (c = *src) && dst < end; ) {
+ if (isvisible(c)) {
+ i = 1;
+ *dst++ = c;
+ if (c == '\\' && (flag & VIS_NOSLASH) == 0) {
+ /* need space for the extra '\\' */
+ if (dst < end)
+ *dst++ = '\\';
+ else {
+ dst--;
+ i = 2;
+ break;
+ }
+ }
+ src++;
+ } else {
+ i = vis(tbuf, c, flag, *++src) - tbuf;
+ if (dst + i <= end) {
+ memcpy(dst, tbuf, i);
+ dst += i;
+ } else {
+ src--;
+ break;
+ }
+ }
+ }
+ if (siz > 0)
+ *dst = '\0';
+ if (dst + i > end) {
+ /* adjust return value for truncation */
+ while ((c = *src))
+ dst += vis(tbuf, c, flag, *++src) - tbuf;
+ }
+ return (dst - start);
+}
+
+int
+strvisx(dst, src, len, flag)
+ register char *dst;
+ register const char *src;
+ register size_t len;
+ int flag;
+{
+ register char c;
+ char *start;
+
+ for (start = dst; len > 1; len--) {
+ c = *src;
+ dst = vis(dst, c, flag, *++src);
+ }
+ if (len)
+ dst = vis(dst, *src, flag, '\0');
+ *dst = '\0';
+ return (dst - start);
+}
+
+#endif
--- /dev/null
+/* $OpenBSD: vis.h,v 1.6 2003/06/02 19:34:12 millert Exp $ */
+/* $NetBSD: vis.h,v 1.4 1994/10/26 00:56:41 cgd Exp $ */
+
+/*-
+ * Copyright (c) 1990 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)vis.h 5.9 (Berkeley) 4/3/91
+ */
+
+#include "includes.h"
+#if !defined(HAVE_STRNVIS)
+
+#ifndef _VIS_H_
+#define _VIS_H_
+
+#include <sys/types.h>
+#include <limits.h>
+
+/*
+ * to select alternate encoding format
+ */
+#define VIS_OCTAL 0x01 /* use octal \ddd format */
+#define VIS_CSTYLE 0x02 /* use \[nrft0..] where appropriate */
+
+/*
+ * to alter set of characters encoded (default is to encode all
+ * non-graphic except space, tab, and newline).
+ */
+#define VIS_SP 0x04 /* also encode space */
+#define VIS_TAB 0x08 /* also encode tab */
+#define VIS_NL 0x10 /* also encode newline */
+#define VIS_WHITE (VIS_SP | VIS_TAB | VIS_NL)
+#define VIS_SAFE 0x20 /* only encode "unsafe" characters */
+
+/*
+ * other
+ */
+#define VIS_NOSLASH 0x40 /* inhibit printing '\' */
+
+/*
+ * unvis return codes
+ */
+#define UNVIS_VALID 1 /* character valid */
+#define UNVIS_VALIDPUSH 2 /* character valid, push back passed char */
+#define UNVIS_NOCHAR 3 /* valid sequence, no character produced */
+#define UNVIS_SYNBAD -1 /* unrecognized escape sequence */
+#define UNVIS_ERROR -2 /* decoder in unknown state (unrecoverable) */
+
+/*
+ * unvis flags
+ */
+#define UNVIS_END 1 /* no more characters */
+
+char *vis(char *, int, int, int);
+int strvis(char *, const char *, int);
+int strnvis(char *, const char *, size_t, int);
+int strvisx(char *, const char *, size_t, int);
+int strunvis(char *, const char *);
+int unvis(char *, char, int *, int);
+
+#endif /* !_VIS_H_ */
+
+#endif /* !HAVE_STRNVIS */
--- /dev/null
+/*
+ * Copyright (c) 2003 Ben Lindstrom. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#if !defined(HAVE_OSF_SIA)
+
+# ifdef HAVE_CRYPT_H
+# include <crypt.h>
+# endif
+
+# ifdef __hpux
+# include <hpsecurity.h>
+# include <prot.h>
+# endif
+
+# ifdef HAVE_SECUREWARE
+# include <sys/security.h>
+# include <sys/audit.h>
+# include <prot.h>
+# endif
+
+# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+# include <shadow.h>
+# endif
+
+# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
+# include <sys/label.h>
+# include <sys/audit.h>
+# include <pwdadj.h>
+# endif
+
+# if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
+# include "md5crypt.h"
+# endif
+
+char *
+xcrypt(const char *password, const char *salt)
+{
+ char *crypted;
+
+# ifdef HAVE_MD5_PASSWORDS
+ if (is_md5_salt(salt))
+ crypted = md5_crypt(password, salt);
+ else
+ crypted = crypt(password, salt);
+# elif defined(__hpux) && !defined(HAVE_SECUREWARE)
+ if (iscomsec())
+ crypted = bigcrypt(password, salt);
+ else
+ crypted = crypt(password, salt);
+# elif defined(HAVE_SECUREWARE)
+ crypted = bigcrypt(password, salt);
+# else
+ crypted = crypt(password, salt);
+# endif
+
+ return crypted;
+}
+
+/*
+ * Handle shadowed password systems in a cleaner way for portable
+ * version.
+ */
+
+char *
+shadow_pw(struct passwd *pw)
+{
+ char *pw_password = pw->pw_passwd;
+
+# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+ struct spwd *spw = getspnam(pw->pw_name);
+
+ if (spw != NULL)
+ pw_password = spw->sp_pwdp;
+# endif
+# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
+ struct passwd_adjunct *spw;
+ if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
+ pw_password = spw->pwa_passwd;
+# elif defined(HAVE_SECUREWARE)
+ struct pr_passwd *spw = getprpwnam(pw->pw_name);
+
+ if (spw != NULL)
+ pw_password = spw->ufld.fd_encrypt;
+# elif defined(__hpux) && !defined(HAVE_SECUREWARE)
+ struct pr_passwd *spw;
+ if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL)
+ pw_password = spw->ufld.fd_encrypt;
+# endif
+
+ return pw_password;
+}
+
+#endif /* !defined(HAVE_OSF_SIA) */
/*
+ * Copyright (c) 2002 Tim Rice. All rights reserved.
+ * MAP_FAILED code by Solar Designer.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+/* $Id$ */
+
#include "includes.h"
#ifdef HAVE_SYS_MMAN_H
*/
#include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.97 2002/07/04 08:12:15 deraadt Exp $");
+RCSID("$OpenBSD: packet.c,v 1.110 2003/09/19 09:02:02 markus Exp $");
+
+#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "buffer.h"
static int packet_compression = 0;
/* default maximum packet size */
-int max_packet_size = 32768;
+u_int max_packet_size = 32768;
/* Flag indicating whether this module has been initialized. */
static int initialized = 0;
/* Session key information for Encryption and MAC */
Newkeys *newkeys[MODE_MAX];
-static u_int32_t read_seqnr = 0;
-static u_int32_t send_seqnr = 0;
+static struct packet_state {
+ u_int32_t seqnr;
+ u_int32_t packets;
+ u_int64_t blocks;
+} p_read, p_send;
+
+static u_int64_t max_blocks_in, max_blocks_out;
+static u_int32_t rekey_limit;
/* Session key for protocol v1 */
static u_char ssh1_key[SSH_SESSION_KEY_LENGTH];
/* roundup current message to extra_pad bytes */
static u_char extra_pad = 0;
+struct packet {
+ TAILQ_ENTRY(packet) next;
+ u_char type;
+ Buffer payload;
+};
+TAILQ_HEAD(, packet) outgoing;
+
/*
* Sets the descriptors used for communication. Disables encryption until
* packet_set_encryption_key is called.
buffer_init(&output);
buffer_init(&outgoing_packet);
buffer_init(&incoming_packet);
+ TAILQ_INIT(&outgoing);
}
/* Kludge: arrange the close function to be called from fatal(). */
fatal_add_cleanup((void (*) (void *)) packet_close, NULL);
cipher_set_keyiv(cc, dat);
}
int
-packet_get_ssh1_cipher()
+packet_get_ssh1_cipher(void)
{
return (cipher_get_number(receive_context.cipher));
}
-
-u_int32_t
-packet_get_seqnr(int mode)
+void
+packet_get_state(int mode, u_int32_t *seqnr, u_int64_t *blocks, u_int32_t *packets)
{
- return (mode == MODE_IN ? read_seqnr : send_seqnr);
+ struct packet_state *state;
+
+ state = (mode == MODE_IN) ? &p_read : &p_send;
+ *seqnr = state->seqnr;
+ *blocks = state->blocks;
+ *packets = state->packets;
}
void
-packet_set_seqnr(int mode, u_int32_t seqnr)
+packet_set_state(int mode, u_int32_t seqnr, u_int64_t blocks, u_int32_t packets)
{
- if (mode == MODE_IN)
- read_seqnr = seqnr;
- else if (mode == MODE_OUT)
- send_seqnr = seqnr;
- else
- fatal("packet_set_seqnr: bad mode %d", mode);
+ struct packet_state *state;
+
+ state = (mode == MODE_IN) ? &p_read : &p_send;
+ state->seqnr = seqnr;
+ state->blocks = blocks;
+ state->packets = packets;
}
/* returns 1 if connection is via ipv4 */
Mac *mac;
Comp *comp;
CipherContext *cc;
+ u_int64_t *max_blocks;
int encrypt;
- debug("newkeys: mode %d", mode);
+ debug2("set_newkeys: mode %d", mode);
if (mode == MODE_OUT) {
cc = &send_context;
encrypt = CIPHER_ENCRYPT;
+ p_send.packets = p_send.blocks = 0;
+ max_blocks = &max_blocks_out;
} else {
cc = &receive_context;
encrypt = CIPHER_DECRYPT;
+ p_read.packets = p_read.blocks = 0;
+ max_blocks = &max_blocks_in;
}
if (newkeys[mode] != NULL) {
- debug("newkeys: rekeying");
+ debug("set_newkeys: rekeying");
cipher_cleanup(cc);
enc = &newkeys[mode]->enc;
mac = &newkeys[mode]->mac;
buffer_compress_init_recv();
comp->enabled = 1;
}
+ /*
+ * The 2^(blocksize*2) limit is too expensive for 3DES,
+ * blowfish, etc, so enforce a 1GB limit for small blocksizes.
+ */
+ if (enc->block_size >= 16)
+ *max_blocks = (u_int64_t)1 << (enc->block_size*2);
+ else
+ *max_blocks = ((u_int64_t)1 << 30) / enc->block_size;
+ if (rekey_limit)
+ *max_blocks = MIN(*max_blocks, rekey_limit / enc->block_size);
}
/*
* Finalize packet in SSH2 format (compress, mac, encrypt, enqueue)
*/
static void
-packet_send2(void)
+packet_send2_wrapped(void)
{
u_char type, *cp, *macbuf = NULL;
u_char padlen, pad;
/* compute MAC over seqnr and packet(length fields, payload, padding) */
if (mac && mac->enabled) {
- macbuf = mac_compute(mac, send_seqnr,
+ macbuf = mac_compute(mac, p_send.seqnr,
buffer_ptr(&outgoing_packet),
buffer_len(&outgoing_packet));
- DBG(debug("done calc MAC out #%d", send_seqnr));
+ DBG(debug("done calc MAC out #%d", p_send.seqnr));
}
/* encrypt packet and append to output buffer. */
cp = buffer_append_space(&output, buffer_len(&outgoing_packet));
buffer_dump(&output);
#endif
/* increment sequence number for outgoing packets */
- if (++send_seqnr == 0)
- log("outgoing seqnr wraps around");
+ if (++p_send.seqnr == 0)
+ logit("outgoing seqnr wraps around");
+ if (++p_send.packets == 0)
+ if (!(datafellows & SSH_BUG_NOREKEY))
+ fatal("XXX too many packets with same key");
+ p_send.blocks += (packet_length + 4) / block_size;
buffer_clear(&outgoing_packet);
if (type == SSH2_MSG_NEWKEYS)
set_newkeys(MODE_OUT);
}
+static void
+packet_send2(void)
+{
+ static int rekeying = 0;
+ struct packet *p;
+ u_char type, *cp;
+
+ cp = buffer_ptr(&outgoing_packet);
+ type = cp[5];
+
+ /* during rekeying we can only send key exchange messages */
+ if (rekeying) {
+ if (!((type >= SSH2_MSG_TRANSPORT_MIN) &&
+ (type <= SSH2_MSG_TRANSPORT_MAX))) {
+ debug("enqueue packet: %u", type);
+ p = xmalloc(sizeof(*p));
+ p->type = type;
+ memcpy(&p->payload, &outgoing_packet, sizeof(Buffer));
+ buffer_init(&outgoing_packet);
+ TAILQ_INSERT_TAIL(&outgoing, p, next);
+ return;
+ }
+ }
+
+ /* rekeying starts with sending KEXINIT */
+ if (type == SSH2_MSG_KEXINIT)
+ rekeying = 1;
+
+ packet_send2_wrapped();
+
+ /* after a NEWKEYS message we can send the complete queue */
+ if (type == SSH2_MSG_NEWKEYS) {
+ rekeying = 0;
+ while ((p = TAILQ_FIRST(&outgoing))) {
+ type = p->type;
+ debug("dequeue packet: %u", type);
+ buffer_free(&outgoing_packet);
+ memcpy(&outgoing_packet, &p->payload,
+ sizeof(Buffer));
+ TAILQ_REMOVE(&outgoing, p, next);
+ xfree(p);
+ packet_send2_wrapped();
+ }
+ }
+}
+
void
packet_send(void)
{
/* Read data from the socket. */
len = read(connection_in, buf, sizeof(buf));
if (len == 0) {
- log("Connection closed by %.200s", get_remote_ipaddr());
+ logit("Connection closed by %.200s", get_remote_ipaddr());
fatal_cleanup();
}
if (len < 0)
cp = buffer_ptr(&input);
len = GET_32BIT(cp);
if (len < 1 + 2 + 2 || len > 256 * 1024)
- packet_disconnect("Bad packet length %d.", len);
+ packet_disconnect("Bad packet length %u.", len);
padded_len = (len + 8) & ~7;
/* Check if the packet has been entirely received. */
cp = buffer_ptr(&incoming_packet);
packet_length = GET_32BIT(cp);
if (packet_length < 1 + 4 || packet_length > 256 * 1024) {
+#ifdef PACKET_DEBUG
buffer_dump(&incoming_packet);
- packet_disconnect("Bad packet length %d.", packet_length);
+#endif
+ packet_disconnect("Bad packet length %u.", packet_length);
}
- DBG(debug("input: packet len %d", packet_length+4));
+ DBG(debug("input: packet len %u", packet_length+4));
buffer_consume(&input, block_size);
}
/* we have a partial packet of block_size bytes */
* increment sequence number for incoming packet
*/
if (mac && mac->enabled) {
- macbuf = mac_compute(mac, read_seqnr,
+ macbuf = mac_compute(mac, p_read.seqnr,
buffer_ptr(&incoming_packet),
buffer_len(&incoming_packet));
if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0)
packet_disconnect("Corrupted MAC on input.");
- DBG(debug("MAC #%d ok", read_seqnr));
+ DBG(debug("MAC #%d ok", p_read.seqnr));
buffer_consume(&input, mac->mac_len);
}
if (seqnr_p != NULL)
- *seqnr_p = read_seqnr;
- if (++read_seqnr == 0)
- log("incoming seqnr wraps around");
+ *seqnr_p = p_read.seqnr;
+ if (++p_read.seqnr == 0)
+ logit("incoming seqnr wraps around");
+ if (++p_read.packets == 0)
+ if (!(datafellows & SSH_BUG_NOREKEY))
+ fatal("XXX too many packets with same key");
+ p_read.blocks += (packet_length + 4) / block_size;
/* get padlen */
cp = buffer_ptr(&incoming_packet);
case SSH2_MSG_DISCONNECT:
reason = packet_get_int();
msg = packet_get_string(NULL);
- log("Received disconnect from %s: %u: %.400s",
+ logit("Received disconnect from %s: %u: %.400s",
get_remote_ipaddr(), reason, msg);
xfree(msg);
fatal_cleanup();
break;
case SSH_MSG_DISCONNECT:
msg = packet_get_string(NULL);
- log("Received disconnect from %s: %.400s",
+ logit("Received disconnect from %s: %.400s",
get_remote_ipaddr(), msg);
fatal_cleanup();
xfree(msg);
return buffer_get_string(&incoming_packet, length_ptr);
}
-/* Clears incoming data buffer */
-
-void packet_get_all(void)
-{
- buffer_clear(&incoming_packet);
-}
-
/*
* Sends a diagnostic message from the server to the client. This message
* can be sent at any time (but not while constructing another message). The
vsnprintf(buf, sizeof(buf), fmt, args);
va_end(args);
+ /* Display the error locally */
+ logit("Disconnecting: %.100s", buf);
+
/* Send the disconnect message to the other side, and wait for it to get sent. */
if (compat20) {
packet_start(SSH2_MSG_DISCONNECT);
/* Close the connection. */
packet_close();
- /* Display the error locally and exit. */
- log("Disconnecting: %.100s", buf);
fatal_cleanup();
}
return buffer_len(&output) < 128 * 1024;
}
+
+#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
+static void
+packet_set_tos(int interactive)
+{
+ int tos = interactive ? IPTOS_LOWDELAY : IPTOS_THROUGHPUT;
+
+ if (!packet_connection_is_on_socket() ||
+ !packet_connection_is_ipv4())
+ return;
+ if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, &tos,
+ sizeof(tos)) < 0)
+ error("setsockopt IP_TOS %d: %.100s:",
+ tos, strerror(errno));
+}
+#endif
+
/* Informs that the current session is interactive. Sets IP flags for that. */
void
packet_set_interactive(int interactive)
{
static int called = 0;
-#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
- int lowdelay = IPTOS_LOWDELAY;
- int throughput = IPTOS_THROUGHPUT;
-#endif
if (called)
return;
/* Only set socket options if using a socket. */
if (!packet_connection_is_on_socket())
return;
- /*
- * IPTOS_LOWDELAY and IPTOS_THROUGHPUT are IPv4 only
- */
- if (interactive) {
- /*
- * Set IP options for an interactive connection. Use
- * IPTOS_LOWDELAY and TCP_NODELAY.
- */
-#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
- if (packet_connection_is_ipv4()) {
- if (setsockopt(connection_in, IPPROTO_IP, IP_TOS,
- &lowdelay, sizeof(lowdelay)) < 0)
- error("setsockopt IPTOS_LOWDELAY: %.100s",
- strerror(errno));
- }
-#endif
+ if (interactive)
set_nodelay(connection_in);
- } else if (packet_connection_is_ipv4()) {
- /*
- * Set IP options for a non-interactive connection. Use
- * IPTOS_THROUGHPUT.
- */
#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
- if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, &throughput,
- sizeof(throughput)) < 0)
- error("setsockopt IPTOS_THROUGHPUT: %.100s", strerror(errno));
+ packet_set_tos(interactive);
#endif
- }
+
}
/* Returns true if the current connection is interactive. */
return interactive_mode;
}
-int
-packet_set_maxsize(int s)
+u_int
+packet_set_maxsize(u_int s)
{
static int called = 0;
if (called) {
- log("packet_set_maxsize: called twice: old %d new %d",
+ logit("packet_set_maxsize: called twice: old %d new %d",
max_packet_size, s);
return -1;
}
if (s < 4 * 1024 || s > 1024 * 1024) {
- log("packet_set_maxsize: bad size %d", s);
+ logit("packet_set_maxsize: bad size %d", s);
return -1;
}
called = 1;
rand >>= 8;
}
}
+
+#define MAX_PACKETS (1<<31)
+int
+packet_need_rekeying(void)
+{
+ if (datafellows & SSH_BUG_NOREKEY)
+ return 0;
+ return
+ (p_send.packets > MAX_PACKETS) ||
+ (p_read.packets > MAX_PACKETS) ||
+ (max_blocks_out && (p_send.blocks > max_blocks_out)) ||
+ (max_blocks_in && (p_read.blocks > max_blocks_in));
+}
+
+void
+packet_set_rekey_limit(u_int32_t bytes)
+{
+ rekey_limit = bytes;
+}
-/* $OpenBSD: packet.h,v 1.35 2002/06/19 18:01:00 markus Exp $ */
+/* $OpenBSD: packet.h,v 1.40 2003/06/24 08:23:46 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
void packet_get_bignum2(BIGNUM * value);
void *packet_get_raw(int *length_ptr);
void *packet_get_string(u_int *length_ptr);
-void packet_get_all(void);
void packet_disconnect(const char *fmt,...) __attribute__((format(printf, 1, 2)));
void packet_send_debug(const char *fmt,...) __attribute__((format(printf, 1, 2)));
void packet_get_keyiv(int, u_char *, u_int);
int packet_get_keycontext(int, u_char *);
void packet_set_keycontext(int, u_char *);
-u_int32_t packet_get_seqnr(int);
-void packet_set_seqnr(int, u_int32_t);
+void packet_get_state(int, u_int32_t *, u_int64_t *, u_int32_t *);
+void packet_set_state(int, u_int32_t, u_int64_t, u_int32_t);
int packet_get_ssh1_cipher(void);
void packet_set_iv(int, u_char *);
void tty_make_modes(int, struct termios *);
void tty_parse_modes(int, int *);
-extern int max_packet_size;
-int packet_set_maxsize(int);
+extern u_int max_packet_size;
+u_int packet_set_maxsize(u_int);
#define packet_get_maxsize() max_packet_size
/* don't allow remaining bytes after the end of the message */
do { \
int _len = packet_remaining(); \
if (_len > 0) { \
- log("Packet integrity error (%d bytes remaining) at %s:%d", \
+ logit("Packet integrity error (%d bytes remaining) at %s:%d", \
_len ,__FILE__, __LINE__); \
packet_disconnect("Packet integrity error."); \
} \
} while (0)
+int packet_need_rekeying(void);
+void packet_set_rekey_limit(u_int32_t);
+
#endif /* PACKET_H */
--- /dev/null
+/*
+ * Copyright (c) 2003 Nils Nordman. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+RCSID("$OpenBSD: progressmeter.c,v 1.15 2003/08/31 12:14:22 markus Exp $");
+
+#include "progressmeter.h"
+#include "atomicio.h"
+#include "misc.h"
+
+#define DEFAULT_WINSIZE 80
+#define MAX_WINSIZE 512
+#define PADDING 1 /* padding between the progress indicators */
+#define UPDATE_INTERVAL 1 /* update the progress meter every second */
+#define STALL_TIME 5 /* we're stalled after this many seconds */
+
+/* determines whether we can output to the terminal */
+static int can_output(void);
+
+/* formats and inserts the specified size into the given buffer */
+static void format_size(char *, int, off_t);
+static void format_rate(char *, int, off_t);
+
+/* updates the progressmeter to reflect the current state of the transfer */
+void refresh_progress_meter(void);
+
+/* signal handler for updating the progress meter */
+static void update_progress_meter(int);
+
+static time_t start; /* start progress */
+static time_t last_update; /* last progress update */
+static char *file; /* name of the file being transferred */
+static off_t end_pos; /* ending position of transfer */
+static off_t cur_pos; /* transfer position as of last refresh */
+static volatile off_t *counter; /* progress counter */
+static long stalled; /* how long we have been stalled */
+static int bytes_per_second; /* current speed in bytes per second */
+static int win_size; /* terminal window size */
+
+/* units for format_size */
+static const char unit[] = " KMGT";
+
+static int
+can_output(void)
+{
+ return (getpgrp() == tcgetpgrp(STDOUT_FILENO));
+}
+
+static void
+format_rate(char *buf, int size, off_t bytes)
+{
+ int i;
+
+ bytes *= 100;
+ for (i = 0; bytes >= 100*1000 && unit[i] != 'T'; i++)
+ bytes = (bytes + 512) / 1024;
+ if (i == 0) {
+ i++;
+ bytes = (bytes + 512) / 1024;
+ }
+ snprintf(buf, size, "%3lld.%1lld%c%s",
+ (int64_t) bytes / 100,
+ (int64_t) (bytes + 5) / 10 % 10,
+ unit[i],
+ i ? "B" : " ");
+}
+
+static void
+format_size(char *buf, int size, off_t bytes)
+{
+ int i;
+
+ for (i = 0; bytes >= 10000 && unit[i] != 'T'; i++)
+ bytes = (bytes + 512) / 1024;
+ snprintf(buf, size, "%4lld%c%s",
+ (int64_t) bytes,
+ unit[i],
+ i ? "B" : " ");
+}
+
+void
+refresh_progress_meter(void)
+{
+ char buf[MAX_WINSIZE + 1];
+ time_t now;
+ off_t transferred;
+ double elapsed;
+ int percent;
+ int bytes_left;
+ int cur_speed;
+ int hours, minutes, seconds;
+ int i, len;
+ int file_len;
+
+ transferred = *counter - cur_pos;
+ cur_pos = *counter;
+ now = time(NULL);
+ bytes_left = end_pos - cur_pos;
+
+ if (bytes_left > 0)
+ elapsed = now - last_update;
+ else
+ elapsed = now - start;
+
+ /* calculate speed */
+ if (elapsed != 0)
+ cur_speed = (transferred / elapsed);
+ else
+ cur_speed = 0;
+
+#define AGE_FACTOR 0.9
+ if (bytes_per_second != 0) {
+ bytes_per_second = (bytes_per_second * AGE_FACTOR) +
+ (cur_speed * (1.0 - AGE_FACTOR));
+ } else
+ bytes_per_second = cur_speed;
+
+ /* filename */
+ buf[0] = '\0';
+ file_len = win_size - 35;
+ if (file_len > 0) {
+ len = snprintf(buf, file_len + 1, "\r%s", file);
+ if (len < 0)
+ len = 0;
+ for (i = len; i < file_len; i++ )
+ buf[i] = ' ';
+ buf[file_len] = '\0';
+ }
+
+ /* percent of transfer done */
+ if (end_pos != 0)
+ percent = ((float)cur_pos / end_pos) * 100;
+ else
+ percent = 100;
+ snprintf(buf + strlen(buf), win_size - strlen(buf),
+ " %3d%% ", percent);
+
+ /* amount transferred */
+ format_size(buf + strlen(buf), win_size - strlen(buf),
+ cur_pos);
+ strlcat(buf, " ", win_size);
+
+ /* bandwidth usage */
+ format_rate(buf + strlen(buf), win_size - strlen(buf),
+ bytes_per_second);
+ strlcat(buf, "/s ", win_size);
+
+ /* ETA */
+ if (!transferred)
+ stalled += elapsed;
+ else
+ stalled = 0;
+
+ if (stalled >= STALL_TIME)
+ strlcat(buf, "- stalled -", win_size);
+ else if (bytes_per_second == 0 && bytes_left)
+ strlcat(buf, " --:-- ETA", win_size);
+ else {
+ if (bytes_left > 0)
+ seconds = bytes_left / bytes_per_second;
+ else
+ seconds = elapsed;
+
+ hours = seconds / 3600;
+ seconds -= hours * 3600;
+ minutes = seconds / 60;
+ seconds -= minutes * 60;
+
+ if (hours != 0)
+ snprintf(buf + strlen(buf), win_size - strlen(buf),
+ "%d:%02d:%02d", hours, minutes, seconds);
+ else
+ snprintf(buf + strlen(buf), win_size - strlen(buf),
+ " %02d:%02d", minutes, seconds);
+
+ if (bytes_left > 0)
+ strlcat(buf, " ETA", win_size);
+ else
+ strlcat(buf, " ", win_size);
+ }
+
+ atomicio(vwrite, STDOUT_FILENO, buf, win_size);
+ last_update = now;
+}
+
+static void
+update_progress_meter(int ignore)
+{
+ int save_errno;
+
+ save_errno = errno;
+
+ if (can_output())
+ refresh_progress_meter();
+
+ signal(SIGALRM, update_progress_meter);
+ alarm(UPDATE_INTERVAL);
+ errno = save_errno;
+}
+
+void
+start_progress_meter(char *f, off_t filesize, off_t *stat)
+{
+ struct winsize winsize;
+
+ start = last_update = time(NULL);
+ file = f;
+ end_pos = filesize;
+ cur_pos = 0;
+ counter = stat;
+ stalled = 0;
+ bytes_per_second = 0;
+
+ if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &winsize) != -1 &&
+ winsize.ws_col != 0) {
+ if (winsize.ws_col > MAX_WINSIZE)
+ win_size = MAX_WINSIZE;
+ else
+ win_size = winsize.ws_col;
+ } else
+ win_size = DEFAULT_WINSIZE;
+ win_size += 1; /* trailing \0 */
+
+ if (can_output())
+ refresh_progress_meter();
+
+ signal(SIGALRM, update_progress_meter);
+ alarm(UPDATE_INTERVAL);
+}
+
+void
+stop_progress_meter(void)
+{
+ alarm(0);
+
+ if (!can_output())
+ return;
+
+ /* Ensure we complete the progress */
+ if (cur_pos != end_pos)
+ refresh_progress_meter();
+
+ atomicio(vwrite, STDOUT_FILENO, "\n", 1);
+}
+/* $OpenBSD: progressmeter.h,v 1.1 2003/01/10 08:19:07 fgsch Exp $ */
/*
+ * Copyright (c) 2002 Nils Nordman. All rights reserved.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-void *xmmap(size_t size);
+void start_progress_meter(char *, off_t, off_t *);
+void stop_progress_meter(void);
+++ /dev/null
-/*
- * Copyright (c) 1999 Dug Song. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "includes.h"
-#include "uuencode.h"
-
-RCSID("$OpenBSD: radix.c,v 1.16 2001/06/23 15:12:19 itojun Exp $");
-
-#ifdef AFS
-#include <krb.h>
-
-#include <radix.h>
-
-typedef u_char my_u_char;
-typedef u_int my_u_int32_t;
-typedef u_short my_u_short;
-
-/* Nasty macros from BIND-4.9.2 */
-
-#define GETSHORT(s, cp) { \
- register my_u_char *t_cp = (my_u_char *)(cp); \
- (s) = (((my_u_short)t_cp[0]) << 8) \
- | (((my_u_short)t_cp[1])) \
- ; \
- (cp) += 2; \
-}
-
-#define GETLONG(l, cp) { \
- register my_u_char *t_cp = (my_u_char *)(cp); \
- (l) = (((my_u_int32_t)t_cp[0]) << 24) \
- | (((my_u_int32_t)t_cp[1]) << 16) \
- | (((my_u_int32_t)t_cp[2]) << 8) \
- | (((my_u_int32_t)t_cp[3])) \
- ; \
- (cp) += 4; \
-}
-
-#define PUTSHORT(s, cp) { \
- register my_u_short t_s = (my_u_short)(s); \
- register my_u_char *t_cp = (my_u_char *)(cp); \
- *t_cp++ = t_s >> 8; \
- *t_cp = t_s; \
- (cp) += 2; \
-}
-
-#define PUTLONG(l, cp) { \
- register my_u_int32_t t_l = (my_u_int32_t)(l); \
- register my_u_char *t_cp = (my_u_char *)(cp); \
- *t_cp++ = t_l >> 24; \
- *t_cp++ = t_l >> 16; \
- *t_cp++ = t_l >> 8; \
- *t_cp = t_l; \
- (cp) += 4; \
-}
-
-#define GETSTRING(s, p, p_l) { \
- register char *p_targ = (p) + p_l; \
- register char *s_c = (s); \
- register char *p_c = (p); \
- while (*p_c && (p_c < p_targ)) { \
- *s_c++ = *p_c++; \
- } \
- if (p_c == p_targ) { \
- return 1; \
- } \
- *s_c = *p_c++; \
- (p_l) = (p_l) - (p_c - (p)); \
- (p) = p_c; \
-}
-
-
-int
-creds_to_radix(CREDENTIALS *creds, u_char *buf, size_t buflen)
-{
- char *p, *s;
- int len;
- char temp[2048];
-
- p = temp;
- *p++ = 1; /* version */
- s = creds->service;
- while (*s)
- *p++ = *s++;
- *p++ = *s;
- s = creds->instance;
- while (*s)
- *p++ = *s++;
- *p++ = *s;
- s = creds->realm;
- while (*s)
- *p++ = *s++;
- *p++ = *s;
-
- s = creds->pname;
- while (*s)
- *p++ = *s++;
- *p++ = *s;
- s = creds->pinst;
- while (*s)
- *p++ = *s++;
- *p++ = *s;
- /* Null string to repeat the realm. */
- *p++ = '\0';
-
- PUTLONG(creds->issue_date, p);
- {
- u_int endTime;
- endTime = (u_int) krb_life_to_time(creds->issue_date,
- creds->lifetime);
- PUTLONG(endTime, p);
- }
-
- memcpy(p, &creds->session, sizeof(creds->session));
- p += sizeof(creds->session);
-
- PUTSHORT(creds->kvno, p);
- PUTLONG(creds->ticket_st.length, p);
-
- memcpy(p, creds->ticket_st.dat, creds->ticket_st.length);
- p += creds->ticket_st.length;
- len = p - temp;
-
- return (uuencode((u_char *)temp, len, (char *)buf, buflen));
-}
-
-int
-radix_to_creds(const char *buf, CREDENTIALS *creds)
-{
-
- char *p;
- int len, tl;
- char version;
- char temp[2048];
-
- len = uudecode(buf, (u_char *)temp, sizeof(temp));
- if (len < 0)
- return 0;
-
- p = temp;
-
- /* check version and length! */
- if (len < 1)
- return 0;
- version = *p;
- p++;
- len--;
-
- GETSTRING(creds->service, p, len);
- GETSTRING(creds->instance, p, len);
- GETSTRING(creds->realm, p, len);
-
- GETSTRING(creds->pname, p, len);
- GETSTRING(creds->pinst, p, len);
- /* Ignore possibly different realm. */
- while (*p && len)
- p++, len--;
- if (len == 0)
- return 0;
- p++, len--;
-
- /* Enough space for remaining fixed-length parts? */
- if (len < (4 + 4 + sizeof(creds->session) + 2 + 4))
- return 0;
-
- GETLONG(creds->issue_date, p);
- len -= 4;
- {
- u_int endTime;
- GETLONG(endTime, p);
- len -= 4;
- creds->lifetime = krb_time_to_life(creds->issue_date, endTime);
- }
-
- memcpy(&creds->session, p, sizeof(creds->session));
- p += sizeof(creds->session);
- len -= sizeof(creds->session);
-
- GETSHORT(creds->kvno, p);
- len -= 2;
- GETLONG(creds->ticket_st.length, p);
- len -= 4;
-
- tl = creds->ticket_st.length;
- if (tl < 0 || tl > len || tl > sizeof(creds->ticket_st.dat))
- return 0;
-
- memcpy(creds->ticket_st.dat, p, tl);
- p += tl;
- len -= tl;
-
- return 1;
-}
-#endif /* AFS */
+++ /dev/null
-/* $OpenBSD: radix.h,v 1.4 2001/06/26 17:27:24 markus Exp $ */
-
-/*
- * Copyright (c) 1999 Dug Song. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-int creds_to_radix(CREDENTIALS *, u_char *, size_t);
-int radix_to_creds(const char *, CREDENTIALS *);
*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.100 2002/06/19 00:27:55 deraadt Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.121 2003/09/01 18:15:50 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
Host fascist.blob.com
Port 23123
User tylonen
- RhostsAuthentication no
PasswordAuthentication no
Host puukko.hut.fi
Host *
ForwardAgent no
ForwardX11 no
- RhostsAuthentication yes
PasswordAuthentication yes
RSAAuthentication yes
RhostsRSAAuthentication yes
typedef enum {
oBadOption,
- oForwardAgent, oForwardX11, oGatewayPorts, oRhostsAuthentication,
+ oForwardAgent, oForwardX11, oGatewayPorts,
oPasswordAuthentication, oRSAAuthentication,
oChallengeResponseAuthentication, oXAuthLocation,
-#if defined(KRB4) || defined(KRB5)
- oKerberosAuthentication,
-#endif
-#ifdef GSSAPI
- oGssAuthentication, oGssKeyEx, oGssDelegateCreds,
-#ifdef GSI
- oGssGlobusDelegateLimitedCreds,
-#endif /* GSI */
-#endif /* GSSAPI */
-#if defined(AFS) || defined(KRB5)
- oKerberosTgtPassing,
-#endif
-#ifdef AFS
- oAFSTokenPassing,
-#endif
oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
- oDeprecated
+ oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
+ oAddressFamily, oGssAuthentication, oGssKeyEx, oGssDelegateCreds,
+ oDeprecated, oUnsupported
} OpCodes;
/* Textual representations of the tokens. */
{ "xauthlocation", oXAuthLocation },
{ "gatewayports", oGatewayPorts },
{ "useprivilegedport", oUsePrivilegedPort },
- { "rhostsauthentication", oRhostsAuthentication },
+ { "rhostsauthentication", oDeprecated },
{ "passwordauthentication", oPasswordAuthentication },
{ "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
{ "kbdinteractivedevices", oKbdInteractiveDevices },
{ "challengeresponseauthentication", oChallengeResponseAuthentication },
{ "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
{ "tisauthentication", oChallengeResponseAuthentication }, /* alias */
-#if defined(KRB4) || defined(KRB5)
- { "kerberosauthentication", oKerberosAuthentication },
-#endif
-#ifdef GSSAPI
+ { "kerberosauthentication", oUnsupported },
+ { "kerberostgtpassing", oUnsupported },
+ { "afstokenpassing", oUnsupported },
+#if defined(GSSAPI)
{ "gssapiauthentication", oGssAuthentication },
{ "gssapikeyexchange", oGssKeyEx },
{ "gssapidelegatecredentials", oGssDelegateCreds },
-#ifdef GSI
- /* For backwards compatability with old 1.2.27 client code */
- { "forwardgssapiglobusproxy", oGssDelegateCreds }, /* alias */
- { "forwardgssapiglobuslimitedproxy", oGssGlobusDelegateLimitedCreds },
-#endif /* GSI */
-#endif /* GSSAPI */
-#if defined(AFS) || defined(KRB5)
- { "kerberostgtpassing", oKerberosTgtPassing },
-#endif
-#ifdef AFS
- { "afstokenpassing", oAFSTokenPassing },
+#else
+ { "gssapiauthentication", oUnsupported },
+ { "gssapikeyexchange", oUnsupported },
+ { "gssapidelegatecredentials", oUnsupported },
#endif
{ "fallbacktorsh", oDeprecated },
{ "usersh", oDeprecated },
{ "preferredauthentications", oPreferredAuthentications },
{ "hostkeyalgorithms", oHostKeyAlgorithms },
{ "bindaddress", oBindAddress },
+#ifdef SMARTCARD
{ "smartcarddevice", oSmartcardDevice },
+#else
+ { "smartcarddevice", oUnsupported },
+#endif
{ "clearallforwardings", oClearAllForwardings },
+ { "enablesshkeysign", oEnableSSHKeysign },
+#ifdef DNS
+ { "verifyhostkeydns", oVerifyHostKeyDNS },
+#else
+ { "verifyhostkeydns", oUnsupported },
+#endif
{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
+ { "rekeylimit", oRekeyLimit },
+ { "connecttimeout", oConnectTimeout },
+ { "addressfamily", oAddressFamily },
{ NULL, oBadOption }
};
* Processes a single option line as used in the configuration files. This
* only sets those values that have not already been set.
*/
+#define WHITESPACE " \t\r\n"
int
process_config_line(Options *options, const char *host,
char *line, const char *filename, int linenum,
int *activep)
{
- char buf[256], *s, *string, **charptr, *endofnumber, *keyword, *arg;
+ char buf[256], *s, **charptr, *endofnumber, *keyword, *arg;
int opcode, *intptr, value;
+ size_t len;
u_short fwd_port, fwd_host_port;
char sfwd_host_port[6];
+ /* Strip trailing whitespace */
+ for(len = strlen(line) - 1; len > 0; len--) {
+ if (strchr(WHITESPACE, line[len]) == NULL)
+ break;
+ line[len] = '\0';
+ }
+
s = line;
/* Get the keyword. (Each line is supposed to begin with a keyword). */
keyword = strdelim(&s);
/* don't panic, but count bad options */
return -1;
/* NOTREACHED */
+ case oConnectTimeout:
+ intptr = &options->connection_timeout;
+/* parse_time: */
+ arg = strdelim(&s);
+ if (!arg || *arg == '\0')
+ fatal("%s line %d: missing time value.",
+ filename, linenum);
+ if ((value = convtime(arg)) == -1)
+ fatal("%s line %d: invalid time value.",
+ filename, linenum);
+ if (*intptr == -1)
+ *intptr = value;
+ break;
+
case oForwardAgent:
intptr = &options->forward_agent;
parse_flag:
intptr = &options->use_privileged_port;
goto parse_flag;
- case oRhostsAuthentication:
- intptr = &options->rhosts_authentication;
- goto parse_flag;
-
case oPasswordAuthentication:
intptr = &options->password_authentication;
goto parse_flag;
case oChallengeResponseAuthentication:
intptr = &options->challenge_response_authentication;
goto parse_flag;
-#if defined(KRB4) || defined(KRB5)
- case oKerberosAuthentication:
- intptr = &options->kerberos_authentication;
- goto parse_flag;
-#endif
-#ifdef GSSAPI
+
case oGssAuthentication:
intptr = &options->gss_authentication;
goto parse_flag;
-
+
case oGssKeyEx:
intptr = &options->gss_keyex;
goto parse_flag;
case oGssDelegateCreds:
intptr = &options->gss_deleg_creds;
goto parse_flag;
-
-#ifdef GSI
- case oGssGlobusDelegateLimitedCreds:
- intptr = &options->gss_globus_deleg_limited_proxy;
- goto parse_flag;
-#endif /* GSI */
-
-#endif /* GSSAPI */
-#if defined(AFS) || defined(KRB5)
- case oKerberosTgtPassing:
- intptr = &options->kerberos_tgt_passing;
- goto parse_flag;
-#endif
-#ifdef AFS
- case oAFSTokenPassing:
- intptr = &options->afs_token_passing;
- goto parse_flag;
-#endif
case oBatchMode:
intptr = &options->batch_mode;
goto parse_flag;
intptr = &options->check_host_ip;
goto parse_flag;
+ case oVerifyHostKeyDNS:
+ intptr = &options->verify_host_key_dns;
+ goto parse_flag;
+
case oStrictHostKeyChecking:
intptr = &options->strict_host_key_checking;
arg = strdelim(&s);
intptr = &options->compression_level;
goto parse_int;
+ case oRekeyLimit:
+ intptr = &options->rekey_limit;
+ arg = strdelim(&s);
+ if (!arg || *arg == '\0')
+ fatal("%.200s line %d: Missing argument.", filename, linenum);
+ if (arg[0] < '0' || arg[0] > '9')
+ fatal("%.200s line %d: Bad number.", filename, linenum);
+ value = strtol(arg, &endofnumber, 10);
+ if (arg == endofnumber)
+ fatal("%.200s line %d: Bad number.", filename, linenum);
+ switch (toupper(*endofnumber)) {
+ case 'K':
+ value *= 1<<10;
+ break;
+ case 'M':
+ value *= 1<<20;
+ break;
+ case 'G':
+ value *= 1<<30;
+ break;
+ }
+ if (*activep && *intptr == -1)
+ *intptr = value;
+ break;
+
case oIdentityFile:
arg = strdelim(&s);
if (!arg || *arg == '\0')
goto parse_string;
case oProxyCommand:
+ if (s == NULL)
+ fatal("%.200s line %d: Missing argument.", filename, linenum);
charptr = &options->proxy_command;
- string = xstrdup("");
- while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
- string = xrealloc(string, strlen(string) + strlen(arg) + 2);
- strcat(string, " ");
- strcat(string, arg);
- }
+ len = strspn(s, WHITESPACE "=");
if (*activep && *charptr == NULL)
- *charptr = string;
- else
- xfree(string);
+ *charptr = xstrdup(s + len);
return 0;
case oPort:
fatal("%.200s line %d: Badly formatted port number.",
filename, linenum);
if (*activep)
- add_local_forward(options, fwd_port, "socks4", 0);
+ add_local_forward(options, fwd_port, "socks", 0);
break;
case oClearAllForwardings:
*intptr = value;
break;
+ case oAddressFamily:
+ arg = strdelim(&s);
+ intptr = &options->address_family;
+ if (strcasecmp(arg, "inet") == 0)
+ value = AF_INET;
+ else if (strcasecmp(arg, "inet6") == 0)
+ value = AF_INET6;
+ else if (strcasecmp(arg, "any") == 0)
+ value = AF_UNSPEC;
+ else
+ fatal("Unsupported AddressFamily \"%s\"", arg);
+ if (*activep && *intptr == -1)
+ *intptr = value;
+ break;
+
+ case oEnableSSHKeysign:
+ intptr = &options->enable_ssh_keysign;
+ goto parse_flag;
+
case oDeprecated:
debug("%s line %d: Deprecated option \"%s\"",
filename, linenum, keyword);
return 0;
+ case oUnsupported:
+ error("%s line %d: Unsupported option \"%s\"",
+ filename, linenum, keyword);
+ return 0;
+
default:
fatal("process_config_line: Unimplemented opcode %d", opcode);
}
options->xauth_location = NULL;
options->gateway_ports = -1;
options->use_privileged_port = -1;
- options->rhosts_authentication = -1;
options->rsa_authentication = -1;
options->pubkey_authentication = -1;
options->challenge_response_authentication = -1;
-#ifdef GSSAPI
- options->gss_authentication = -1;
+ options->gss_authentication = -1;
options->gss_keyex = -1;
- options->gss_deleg_creds = -1;
-#ifdef GSI
- options->gss_globus_deleg_limited_proxy = -1;
-#endif /* GSI */
-#endif /* GSSAPI */
-
-#if defined(KRB4) || defined(KRB5)
- options->kerberos_authentication = -1;
-#endif
-#if defined(AFS) || defined(KRB5)
- options->kerberos_tgt_passing = -1;
-#endif
-#ifdef AFS
- options->afs_token_passing = -1;
-#endif
+ options->gss_deleg_creds = -1;
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->kbd_interactive_devices = NULL;
options->keepalives = -1;
options->compression_level = -1;
options->port = -1;
+ options->address_family = -1;
options->connection_attempts = -1;
+ options->connection_timeout = -1;
options->number_of_password_prompts = -1;
options->cipher = -1;
options->ciphers = NULL;
options->preferred_authentications = NULL;
options->bind_address = NULL;
options->smartcard_device = NULL;
+ options->enable_ssh_keysign = - 1;
options->no_host_authentication_for_localhost = - 1;
+ options->rekey_limit = - 1;
+ options->verify_host_key_dns = -1;
}
/*
options->gateway_ports = 0;
if (options->use_privileged_port == -1)
options->use_privileged_port = 0;
- if (options->rhosts_authentication == -1)
- options->rhosts_authentication = 0;
if (options->rsa_authentication == -1)
options->rsa_authentication = 1;
if (options->pubkey_authentication == -1)
options->pubkey_authentication = 1;
if (options->challenge_response_authentication == -1)
options->challenge_response_authentication = 1;
-#ifdef GSSAPI
if (options->gss_authentication == -1)
options->gss_authentication = 1;
if (options->gss_keyex == -1)
options->gss_keyex = 1;
if (options->gss_deleg_creds == -1)
options->gss_deleg_creds = 1;
-#ifdef GSI
- if (options->gss_globus_deleg_limited_proxy == -1)
- options->gss_globus_deleg_limited_proxy = 0;
-#endif /* GSI */
-#endif /* GSSAPI */
-#if defined(KRB4) || defined(KRB5)
- if (options->kerberos_authentication == -1)
- options->kerberos_authentication = 1;
-#endif
-#if defined(AFS) || defined(KRB5)
- if (options->kerberos_tgt_passing == -1)
- options->kerberos_tgt_passing = 1;
-#endif
-#ifdef AFS
- if (options->afs_token_passing == -1)
- options->afs_token_passing = 1;
-#endif
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1)
options->compression_level = 6;
if (options->port == -1)
options->port = 0; /* Filled in ssh_connect. */
+ if (options->address_family == -1)
+ options->address_family = AF_UNSPEC;
if (options->connection_attempts == -1)
options->connection_attempts = 1;
if (options->number_of_password_prompts == -1)
clear_forwardings(options);
if (options->no_host_authentication_for_localhost == - 1)
options->no_host_authentication_for_localhost = 0;
+ if (options->enable_ssh_keysign == -1)
+ options->enable_ssh_keysign = 0;
+ if (options->rekey_limit == -1)
+ options->rekey_limit = 0;
+ if (options->verify_host_key_dns == -1)
+ options->verify_host_key_dns = 0;
/* options->proxy_command should not be set by default */
/* options->user will be set in the main program if appropriate */
/* options->hostname will be set in the main program if appropriate */
-/* $OpenBSD: readconf.h,v 1.43 2002/06/08 05:17:01 markus Exp $ */
+/* $OpenBSD: readconf.h,v 1.55 2003/09/01 18:15:50 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
char *xauth_location; /* Location for xauth program */
int gateway_ports; /* Allow remote connects to forwarded ports. */
int use_privileged_port; /* Don't use privileged port if false. */
- int rhosts_authentication; /* Try rhosts authentication. */
int rhosts_rsa_authentication; /* Try rhosts with RSA
* authentication. */
int rsa_authentication; /* Try RSA authentication. */
int hostbased_authentication; /* ssh2's rhosts_rsa */
int challenge_response_authentication;
/* Try S/Key or TIS, authentication. */
-#if defined(KRB4) || defined(KRB5)
- int kerberos_authentication; /* Try Kerberos authentication. */
-#endif
-#if defined(AFS) || defined(KRB5)
- int kerberos_tgt_passing; /* Try Kerberos TGT passing. */
-#endif
-
-#ifdef GSSAPI
- int gss_authentication;
+ int gss_authentication; /* Try GSS authentication */
int gss_keyex;
- int gss_deleg_creds;
-#ifdef GSI
- int gss_globus_deleg_limited_proxy;
-#endif /* GSI */
-#endif /* GSSAPI */
-
-#ifdef AFS
- int afs_token_passing; /* Try AFS token passing. */
-#endif
+ int gss_deleg_creds; /* Delegate GSS credentials */
int password_authentication; /* Try password
* authentication. */
int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
LogLevel log_level; /* Level for logging. */
int port; /* Port to connect. */
+ int address_family;
int connection_attempts; /* Max attempts (seconds) before
* giving up */
+ int connection_timeout; /* Max time (seconds) before
+ * aborting connection attempt */
int number_of_password_prompts; /* Max number of password
* prompts. */
int cipher; /* Cipher to use. */
char *preferred_authentications;
char *bind_address; /* local socket address for connection to sshd */
char *smartcard_device; /* Smartcard reader device */
+ int verify_host_key_dns; /* Verify host key using DNS */
int num_identity_files; /* Number of files for RSA/DSA identities. */
char *identity_files[SSH_MAX_IDENTITY_FILES];
int num_remote_forwards;
Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION];
int clear_forwardings;
+
+ int enable_ssh_keysign;
+ int rekey_limit;
int no_host_authentication_for_localhost;
} Options;
--- /dev/null
+Overview.
+
+$ ./configure && make tests
+
+You'll see some progress info. A failure will cause either the make to
+abort or the driver script to report a "FATAL" failure.
+
+The test consists of 2 parts. The first is the file-based tests which is
+driven by the Makefile, and the second is a set of network or proxycommand
+based tests, which are driven by a driver script (test-exec.sh) which is
+called multiple times by the Makefile.
+
+Failures in the first part will cause the Makefile to return an error.
+Failures in the second part will print a "FATAL" message for the failed
+test and continue.
+
+OpenBSD has a system-wide regression test suite. OpenSSH Portable's test
+suite is based on OpenBSD's with modifications.
+
+
+Environment variables.
+
+SUDO: path to sudo command, if desired. Note that some systems (notably
+ systems using PAM) require sudo to execute some tests.
+TEST_SSH_TRACE: set yo "yes" for verbose output from tests
+TEST_SSH_QUIET: set to "yes" to suppress non-fatal output.
+TEST_SSH_x: path to "ssh" command under test, where x=SSH,SSHD,SSHAGENT,SSHADD
+ SSHKEYGEN,SSHKEYSCAN,SFTP,SFTPSERVER
+OBJ: used by test scripts to access build dir.
+
+
+Individual tests.
+
+You can invoke test-exec.sh directly if you set up the path to find the
+binaries under test and the test scripts themselves, for example:
+
+$ cd regress
+$ PATH=`pwd`/..:$PATH:. sh test-exec.sh `pwd` agent-timeout.sh
+ok agent timeout test
+
+
+Files.
+
+test-exec.sh: the main test driver. Sets environment, creates config files
+and keys and runs the specified test.
+
+At the time of writing, the individual tests are:
+agent-timeout.sh: agent timeout test
+agent.sh: simple agent test
+broken-pipe.sh: broken pipe test
+connect-privsep.sh: proxy connect with privsep
+connect.sh: simple connect
+exit-status.sh: remote exit status
+forwarding.sh: local and remote forwarding
+keygen-change.sh: change passphrase for key
+keyscan.sh: keyscan
+proto-mismatch.sh: protocol version mismatch
+proto-version.sh: sshd version with different protocol combinations
+proxy-connect.sh: proxy connect
+sftp.sh: basic sftp put/get
+ssh-com-client.sh: connect with ssh.com client
+ssh-com-keygen.sh: ssh.com key import
+ssh-com-sftp.sh: basic sftp put/get with ssh.com server
+ssh-com.sh: connect to ssh.com server
+stderr-after-eof.sh: stderr data after eof
+stderr-data.sh: stderr data transfer
+transfer.sh: transfer data
+try-ciphers.sh: try ciphers
+yes-head.sh: yes pipe head
+
+
+Problems?
+
+Run the failing test with shell tracing (-x) turned on:
+$ PATH=`pwd`/..:$PATH:. sh -x test-exec.sh `pwd` agent-timeout.sh
+
+Failed tests can be difficult to diagnose. Suggestions:
+- run the individual test via ./test-exec.sh `pwd` [testname]
+- set LogLevel to VERBOSE in test-exec.sh and enable syslogging of
+ auth.debug (eg to /var/log/authlog).
+
+
+Known Issues.
+
+
+$Id$
--- /dev/null
+# $OpenBSD: agent-getpeereid.sh,v 1.1 2002/12/09 16:05:02 markus Exp $
+# Placed in the Public Domain.
+
+tid="disallow agent attach from other uid"
+
+UNPRIV=nobody
+ASOCK=${OBJ}/agent
+SSH_AUTH_SOCK=/nonexistant
+
+trace "start agent"
+eval `${SSHAGENT} -s -a ${ASOCK}` > /dev/null
+r=$?
+if [ $r -ne 0 ]; then
+ fail "could not start ssh-agent: exit code $r"
+else
+ chmod 644 ${SSH_AUTH_SOCK}
+
+ ssh-add -l > /dev/null 2>&1
+ r=$?
+ if [ $r -ne 1 ]; then
+ fail "ssh-add failed with $r != 1"
+ fi
+
+ < /dev/null sudo -S -u ${UNPRIV} ssh-add -l > /dev/null 2>&1
+ r=$?
+ if [ $r -lt 2 ]; then
+ fail "ssh-add did not fail for ${UNPRIV}: $r < 2"
+ fi
+
+ trace "kill agent"
+ ${SSHAGENT} -k > /dev/null
+fi
+
+rm -f ${OBJ}/agent
--- /dev/null
+# $OpenBSD: agent-ptrace.sh,v 1.1 2002/12/09 15:38:30 markus Exp $
+# Placed in the Public Domain.
+
+tid="disallow agent ptrace attach"
+
+trace "start agent"
+eval `${SSHAGENT} -s` > /dev/null
+r=$?
+if [ $r -ne 0 ]; then
+ fail "could not start ssh-agent: exit code $r"
+else
+ # ls -l ${SSH_AUTH_SOCK}
+ gdb ${SSHAGENT} ${SSH_AGENT_PID} > ${OBJ}/gdb.out 2>&1 << EOF
+ quit
+EOF
+ if [ $? -ne 0 ]; then
+ fail "gdb failed: exit code $?"
+ fi
+ grep -q 'ptrace: Operation not permitted.' ${OBJ}/gdb.out
+ r=$?
+ rm -f ${OBJ}/gdb.out
+ if [ $r -ne 0 ]; then
+ fail "ptrace succeeded?: exit code $r"
+ fi
+
+ trace "kill agent"
+ ${SSHAGENT} -k > /dev/null
+fi
--- /dev/null
+# $OpenBSD: agent-timeout.sh,v 1.1 2002/06/06 00:38:40 markus Exp $
+# Placed in the Public Domain.
+
+tid="agent timeout test"
+
+TIMEOUT=5
+
+trace "start agent"
+eval `${SSHAGENT} -s` > /dev/null
+r=$?
+if [ $r -ne 0 ]; then
+ fail "could not start ssh-agent: exit code $r"
+else
+ trace "add keys with timeout"
+ for t in rsa rsa1; do
+ ${SSHADD} -t ${TIMEOUT} $OBJ/$t > /dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ fail "ssh-add did succeed exit code 0"
+ fi
+ done
+ n=`${SSHADD} -l 2> /dev/null | wc -l`
+ trace "agent has $n keys"
+ if [ $n -ne 2 ]; then
+ fail "ssh-add -l did not return 2 keys: $n"
+ fi
+ trace "sleeping 2*${TIMEOUT} seconds"
+ sleep ${TIMEOUT}
+ sleep ${TIMEOUT}
+ ${SSHADD} -l 2> /dev/null | grep -q 'The agent has no identities.'
+ if [ $? -ne 0 ]; then
+ fail "ssh-add -l still returns keys after timeout"
+ fi
+
+ trace "kill agent"
+ ${SSHAGENT} -k > /dev/null
+fi
+++ /dev/null
-ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAt6ttBacbgvLPsF1VWWfT51t55/5Mj62Xp8EaoH5SNSaLiGIgrrja077lKEept75U4uKFUYU5JJX9GPE9A7Y43LXv+/A6Jm4rEj/U0s4H8tf0UmzVC3t6xh0sRK0hYVNILyoHnIAgdY8CmOiybw7p6DxJY8MRAehD3n9+kFcachU= root@xenon
-1024 35 132789427207755621599908461558918671787816692978751485815532032934821830960131244604702969298486352138126114080367609979552547448841583955126231410604842765726397407176910594168641969541792069550006878863592030567875913190224374005367884774859544943329148178663694126456638431428703289837638970464685771819219 root@xenon
--- /dev/null
+# $OpenBSD: banner.sh,v 1.1 2003/10/07 01:52:13 dtucker Exp $
+# Placed in the Public Domain.
+
+tid="banner"
+echo "Banner $OBJ/banner.in" >> $OBJ/sshd_proxy
+
+for s in 0 10 100 1000 10000 100000 ; do
+ if [ "$s" = "0" ]; then
+ # create empty banner
+ rm -f $OBJ/banner.in
+ touch $OBJ/banner.in
+ elif [ "$s" = "10" ]; then
+ # create 10-byte banner file
+ echo "abcdefghi" >$OBJ/banner.in
+ else
+ # increase size 10x
+ cp $OBJ/banner.in $OBJ/banner.out
+ for i in 0 1 2 3 4 5 6 7 8 ; do
+ cat $OBJ/banner.out >> $OBJ/banner.in
+ done
+ fi
+
+ trace "test banner size $s"
+ verbose "test $tid: size $s"
+ ${SSH} -2 -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out
+ cmp $OBJ/banner.in $OBJ/banner.out || fail "banner size $s mismatch"
+done
+
+rm -f $OBJ/banner.out $OBJ/banner.in
--- /dev/null
+# $OpenBSD: dynamic-forward.sh,v 1.2 2003/07/03 08:21:46 markus Exp $
+# Placed in the Public Domain.
+
+tid="dynamic forwarding"
+
+PORT=4242
+FWDPORT=4243
+DATA=/bin/ls${EXEEXT}
+
+if have_prog nc && nc -h 2>&1 | grep "x proxy address" >/dev/null; then
+ proxycmd="nc -x 127.0.0.1:$FWDPORT -X"
+elif have_prog connect; then
+ proxycmd="connect -S 127.0.0.1:$FWDPORT -"
+else
+ echo "skipped (no suitable ProxyCommand found)"
+ exit 0
+fi
+trace "will use ProxyCommand $proxycmd"
+
+start_sshd
+
+for p in 1 2; do
+ trace "start dynamic forwarding, fork to background"
+ ${SSH} -$p -F $OBJ/ssh_config -f -D $FWDPORT -q somehost \
+ exec sh -c \'"echo \$\$ > $OBJ/remote_pid; exec sleep 444"\'
+
+ for s in 4 5; do
+ for h in 127.0.0.1 localhost; do
+ trace "testing ssh protocol $p socks version $s host $h"
+ ${SSH} -F $OBJ/ssh_config \
+ -o "ProxyCommand ${proxycmd}${s} $h $PORT" \
+ somehost cat $DATA > $OBJ/ls.copy
+ test -f $OBJ/ls.copy || fail "failed copy $DATA"
+ cmp $DATA $OBJ/ls.copy || fail "corrupted copy of $DATA"
+ done
+ done
+
+ if [ -f $OBJ/remote_pid ]; then
+ remote=`cat $OBJ/remote_pid`
+ trace "terminate remote shell, pid $remote"
+ if [ $remote -gt 1 ]; then
+ kill -HUP $remote
+ fi
+ else
+ fail "no pid file: $OBJ/remote_pid"
+ fi
+done
--- /dev/null
+# $OpenBSD: keygen-change.sh,v 1.2 2002/07/16 09:15:55 markus Exp $
+# Placed in the Public Domain.
+
+tid="change passphrase for key"
+
+S1="secret1"
+S2="2secret"
+
+for t in rsa dsa rsa1; do
+ # generate user key for agent
+ trace "generating $t key"
+ rm -f $OBJ/$t-key
+ ${SSHKEYGEN} -q -N ${S1} -t $t -f $OBJ/$t-key
+ if [ $? -eq 0 ]; then
+ ${SSHKEYGEN} -p -P ${S1} -N ${S2} -f $OBJ/$t-key > /dev/null
+ if [ $? -ne 0 ]; then
+ fail "ssh-keygen -p failed for $t-key"
+ fi
+ else
+ fail "ssh-keygen for $t-key failed"
+ fi
+ rm -f $OBJ/$t-key $OBJ/$t-key.pub
+done
--- /dev/null
+# $OpenBSD: reconfigure.sh,v 1.2 2003/06/21 09:14:05 markus Exp $
+# Placed in the Public Domain.
+
+tid="simple connect after reconfigure"
+
+# we need the full path to sshd for -HUP
+case $SSHD in
+/*)
+ # full path is OK
+ ;;
+*)
+ # otherwise make fully qualified
+ SSHD=$OBJ/$SSHD
+esac
+
+start_sshd
+
+$SUDO kill -HUP `cat $PIDFILE`
+sleep 1
+
+trace "wait for sshd to restart"
+i=0;
+while [ ! -f $PIDFILE -a $i -lt 10 ]; do
+ i=`expr $i + 1`
+ sleep $i
+done
+
+test -f $PIDFILE || fatal "sshd did not restart"
+
+for p in 1 2; do
+ ${SSH} -o "Protocol=$p" -F $OBJ/ssh_config somehost true
+ if [ $? -ne 0 ]; then
+ fail "ssh connect with protocol $p failed after reconfigure"
+ fi
+done
--- /dev/null
+# $OpenBSD: rekey.sh,v 1.1 2003/03/28 13:58:28 markus Exp $
+# Placed in the Public Domain.
+
+tid="rekey during transfer data"
+
+DATA=${OBJ}/data
+COPY=${OBJ}/copy
+LOG=${OBJ}/log
+
+rm -f ${COPY} ${LOG} ${DATA}
+dd if=/bin/ls${EXEEXT} of=${DATA} bs=1k seek=511 count=1 > /dev/null 2>&1
+
+for s in 16 1k 128k 256k; do
+ trace "rekeylimit ${s}"
+ rm -f ${COPY}
+ cat $DATA | \
+ ${SSH} -oCompression=no -oRekeyLimit=$s \
+ -v -F $OBJ/ssh_proxy somehost "cat > ${COPY}" \
+ 2> ${LOG}
+ if [ $? -ne 0 ]; then
+ fail "ssh failed"
+ fi
+ cmp $DATA ${COPY} || fail "corrupted copy"
+ n=`grep 'NEWKEYS sent' ${LOG} | wc -l`
+ n=`expr $n - 1`
+ trace "$n rekeying(s)"
+ if [ $n -lt 1 ]; then
+ fail "no rekeying occured"
+ fi
+done
+rm -f ${COPY} ${LOG} ${DATA}
--- /dev/null
+# $OpenBSD: sftp-badcmds.sh,v 1.2 2003/05/15 04:07:12 mouring Exp $
+# Placed in the Public Domain.
+
+tid="sftp invalid commands"
+
+DATA=/bin/ls${EXEEXT}
+DATA2=/bin/cat${EXEEXT}
+NONEXIST=/NONEXIST.$$
+COPY=${OBJ}/copy
+GLOBFILES=`(cd /bin;echo l*)`
+
+rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd
+
+rm -f ${COPY}
+verbose "$tid: get nonexistent"
+echo "get $NONEXIST $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "get nonexistent failed"
+test -f ${COPY} && fail "existing copy after get nonexistent"
+
+rm -f ${COPY}.dd/*
+verbose "$tid: glob get to nonexistent directory"
+echo "get /bin/l* $NONEXIST" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "get nonexistent failed"
+for x in $GLOBFILES; do
+ test -f ${COPY}.dd/$x && fail "existing copy after get nonexistent"
+done
+
+rm -f ${COPY}
+verbose "$tid: put nonexistent"
+echo "put $NONEXIST $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "put nonexistent failed"
+test -f ${COPY} && fail "existing copy after put nonexistent"
+
+rm -f ${COPY}.dd/*
+verbose "$tid: glob put to nonexistent directory"
+echo "put /bin/l* ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "put nonexistent failed"
+for x in $GLOBFILES; do
+ test -f ${COPY}.dd/$x && fail "existing copy after nonexistent"
+done
+
+rm -f ${COPY}
+verbose "$tid: rename nonexistent"
+echo "rename $NONEXIST ${COPY}.1" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "rename nonexist failed"
+test -f ${COPY}.1 && fail "file exists after rename nonexistent"
+
+rm -f ${COPY} ${COPY}.1
+cp $DATA $COPY
+cp $DATA2 ${COPY}.1
+verbose "$tid: rename target exists"
+echo "rename $COPY ${COPY}.1" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "rename target exists failed"
+test -f ${COPY} || fail "oldname missing after rename target exists"
+test -f ${COPY}.1 || fail "newname missing after rename target exists"
+cmp $DATA ${COPY} >/dev/null 2>&1 || fail "corrupted oldname after rename target exists"
+cmp $DATA2 ${COPY}.1 >/dev/null 2>&1 || fail "corrupted newname after rename target exists"
+
+rm -rf ${COPY} ${COPY}.dd
+cp $DATA $COPY
+mkdir ${COPY}.dd
+verbose "$tid: rename target exists (directory)"
+echo "rename $COPY ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "rename target exists (directory) failed"
+test -f ${COPY} || fail "oldname missing after rename target exists (directory)"
+test -d ${COPY}.dd || fail "newname missing after rename target exists (directory)"
+cmp $DATA ${COPY} >/dev/null 2>&1 || fail "corrupted oldname after rename target exists (directory)"
+
+rm -f ${COPY}.dd/*
+rm -rf ${COPY}
+cp ${DATA2} ${COPY}
+verbose "$tid: glob put files to local file"
+echo "put /bin/l* $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1
+cmp ${DATA2} ${COPY} || fail "put successed when it should have failed"
+
+rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd
+
+
--- /dev/null
+# $OpenBSD: sftp-batch.sh,v 1.2 2003/01/10 07:52:41 djm Exp $
+# Placed in the Public Domain.
+
+tid="sftp batchfile"
+
+DATA=/bin/ls
+COPY=${OBJ}/copy
+BATCH=${OBJ}/sftp-batch
+
+rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.*
+
+cat << EOF > ${BATCH}.pass.1
+ get $DATA $COPY
+ put ${COPY} ${COPY}.1
+ rm ${COPY}
+ -put ${COPY} ${COPY}.2
+EOF
+
+cat << EOF > ${BATCH}.pass.2
+ # This is a comment
+
+ # That was a blank line
+ ls
+EOF
+
+cat << EOF > ${BATCH}.fail.1
+ get $DATA $COPY
+ put ${COPY} ${COPY}.3
+ rm ${COPY}.*
+ # The next command should fail
+ put ${COPY}.3 ${COPY}.4
+EOF
+
+cat << EOF > ${BATCH}.fail.2
+ # The next command should fail
+ jajajajaja
+EOF
+
+verbose "$tid: good commands"
+${SFTP} -b ${BATCH}.pass.1 -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "good commands failed"
+
+verbose "$tid: bad commands"
+${SFTP} -b ${BATCH}.fail.1 -P ${SFTPSERVER} >/dev/null 2>&1 \
+ && fail "bad commands succeeded"
+
+verbose "$tid: comments and blanks"
+${SFTP} -b ${BATCH}.pass.2 -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "comments & blanks failed"
+
+verbose "$tid: junk command"
+${SFTP} -b ${BATCH}.fail.2 -P ${SFTPSERVER} >/dev/null 2>&1 \
+ && fail "junk command succeeded"
+
+rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.*
+
+
--- /dev/null
+# $OpenBSD: sftp-cmds.sh,v 1.2 2003/01/10 07:52:41 djm Exp $
+# Placed in the Public Domain.
+
+# XXX - TODO:
+# - globbed operations
+# - chmod / chown / chgrp
+# - -p flag for get & put
+
+tid="sftp commands"
+
+DATA=/bin/ls
+COPY=${OBJ}/copy
+
+rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.*
+
+verbose "$tid: lls"
+echo "lls ${OBJ}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "lls failed"
+# XXX always successful
+
+verbose "$tid: ls"
+echo "ls ${OBJ}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "ls failed"
+# XXX always successful
+
+verbose "$tid: shell"
+echo "!echo hi there" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "shell failed"
+# XXX always successful
+
+verbose "$tid: pwd"
+echo "pwd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "pwd failed"
+# XXX always successful
+
+verbose "$tid: lpwd"
+echo "lpwd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "lpwd failed"
+# XXX always successful
+
+verbose "$tid: quit"
+echo "quit" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "quit failed"
+# XXX always successful
+
+verbose "$tid: help"
+echo "help" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "help failed"
+# XXX always successful
+
+rm -f ${COPY}
+verbose "$tid: get"
+echo "get $DATA $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "get failed"
+cmp $DATA ${COPY} || fail "corrupted copy after get"
+
+rm -f ${COPY}
+verbose "$tid: put"
+echo "put $DATA $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "put failed"
+cmp $DATA ${COPY} || fail "corrupted copy after put"
+
+verbose "$tid: rename"
+echo "rename $COPY ${COPY}.1" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "rename failed"
+test -f ${COPY}.1 || fail "missing file after rename"
+cmp $DATA ${COPY}.1 >/dev/null 2>&1 || fail "corrupted copy after rename"
+
+verbose "$tid: ln"
+echo "ln ${COPY}.1 ${COPY}.2" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 || fail "ln failed"
+test -L ${COPY}.2 || fail "missing file after ln"
+
+verbose "$tid: mkdir"
+echo "mkdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "mkdir failed"
+test -d ${COPY}.dd || fail "missing directory after mkdir"
+
+# XXX do more here
+verbose "$tid: chdir"
+echo "chdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "chdir failed"
+
+verbose "$tid: rmdir"
+echo "rmdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "rmdir failed"
+test -d ${COPY}.1 && fail "present directory after rmdir"
+
+verbose "$tid: lmkdir"
+echo "lmkdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "lmkdir failed"
+test -d ${COPY}.dd || fail "missing directory after lmkdir"
+
+# XXX do more here
+verbose "$tid: lchdir"
+echo "lchdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "lchdir failed"
+
+rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.*
+
+
r = sc_establish_context(&ctx, "openssh");
if (r)
goto err;
+ if (sc_reader_id >= ctx->reader_count) {
+ r = SC_ERROR_NO_READERS_FOUND;
+ error("Illegal reader number %d (max %d)", sc_reader_id,
+ ctx->reader_count -1);
+ goto err;
+ }
r = sc_connect_card(ctx->reader[sc_reader_id], 0, &card);
if (r)
goto err;
/* private key operations */
static int
-sc_prkey_op_init(RSA *rsa, struct sc_pkcs15_object **key_obj_out)
+sc_prkey_op_init(RSA *rsa, struct sc_pkcs15_object **key_obj_out,
+ unsigned int usage)
{
int r;
struct sc_priv_data *priv;
goto err;
}
}
- r = sc_pkcs15_find_prkey_by_id(p15card, &priv->cert_id, &key_obj);
+ r = sc_pkcs15_find_prkey_by_id_usage(p15card, &priv->cert_id,
+ usage, &key_obj);
if (r) {
error("Unable to find private key from SmartCard: %s",
sc_strerror(r));
key = key_obj->data;
r = sc_pkcs15_find_pin_by_auth_id(p15card, &key_obj->auth_id,
&pin_obj);
- if (r) {
+ if (r == SC_ERROR_OBJECT_NOT_FOUND) {
+ /* no pin required */
+ r = sc_lock(card);
+ if (r) {
+ error("Unable to lock smartcard: %s", sc_strerror(r));
+ goto err;
+ }
+ *key_obj_out = key_obj;
+ return 0;
+ } else if (r) {
error("Unable to find PIN object from SmartCard: %s",
sc_strerror(r));
goto err;
return -1;
}
+#define SC_USAGE_DECRYPT SC_PKCS15_PRKEY_USAGE_DECRYPT | \
+ SC_PKCS15_PRKEY_USAGE_UNWRAP
+
static int
sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa,
int padding)
if (padding != RSA_PKCS1_PADDING)
return -1;
- r = sc_prkey_op_init(rsa, &key_obj);
+ r = sc_prkey_op_init(rsa, &key_obj, SC_USAGE_DECRYPT);
if (r)
return -1;
- r = sc_pkcs15_decipher(p15card, key_obj, 0, from, flen, to, flen);
+ r = sc_pkcs15_decipher(p15card, key_obj, SC_ALGORITHM_RSA_PAD_PKCS1,
+ from, flen, to, flen);
sc_unlock(card);
if (r < 0) {
error("sc_pkcs15_decipher() failed: %s", sc_strerror(r));
return -1;
}
+#define SC_USAGE_SIGN SC_PKCS15_PRKEY_USAGE_SIGN | \
+ SC_PKCS15_PRKEY_USAGE_SIGNRECOVER
+
static int
sc_sign(int type, u_char *m, unsigned int m_len,
unsigned char *sigret, unsigned int *siglen, RSA *rsa)
int r;
unsigned long flags = 0;
- r = sc_prkey_op_init(rsa, &key_obj);
+ /* XXX: sc_prkey_op_init will search for a pkcs15 private
+ * key object with the sign or signrecover usage flag set.
+ * If the signing key has only the non-repudiation flag set
+ * the key will be rejected as using a non-repudiation key
+ * for authentication is not recommended. Note: This does not
+ * prevent the use of a non-repudiation key for authentication
+ * if the sign or signrecover flag is set as well.
+ */
+ r = sc_prkey_op_init(rsa, &key_obj, SC_USAGE_SIGN);
if (r)
return -1;
/* FIXME: length of sigret correct? */
debug("sc_read_pubkey() with cert id %02X", cinfo->id.value[0]);
r = sc_pkcs15_read_certificate(p15card, cinfo, &cert);
if (r) {
- log("Certificate read failed: %s", sc_strerror(r));
+ logit("Certificate read failed: %s", sc_strerror(r));
goto err;
}
x509 = X509_new();
}
p = cert->data;
if (!d2i_X509(&x509, &p, cert->data_len)) {
- log("Unable to parse X.509 certificate");
+ logit("Unable to parse X.509 certificate");
r = -1;
goto err;
}
X509_free(x509);
x509 = NULL;
if (pubkey->type != EVP_PKEY_RSA) {
- log("Public key is of unknown type");
+ logit("Public key is of unknown type");
r = -1;
goto err;
}
r = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_CERT_X509,
certs, 32);
if (r == 0) {
- log("No certificates found on smartcard");
+ logit("No certificates found on smartcard");
r = -1;
goto err;
} else if (r < 0) {
}
key_count = r;
}
- /* FIXME: only keep entries with a corresponding private key */
keys = xmalloc(sizeof(Key *) * (key_count*2+1));
for (i = 0; i < key_count; i++) {
+ sc_pkcs15_object_t *tmp_obj = NULL;
+ cert_id = ((sc_pkcs15_cert_info_t *)(certs[i]->data))->id;
+ if (sc_pkcs15_find_prkey_by_id(p15card, &cert_id, &tmp_obj))
+ /* skip the public key (certificate) if no
+ * corresponding private key is present */
+ continue;
k = key_new(KEY_RSA);
if (k == NULL)
break;
return -1;
}
+char *
+sc_get_key_label(Key *key)
+{
+ int r;
+ const struct sc_priv_data *priv;
+ struct sc_pkcs15_object *key_obj;
+
+ priv = (const struct sc_priv_data *) RSA_get_app_data(key->rsa);
+ if (priv == NULL || p15card == NULL) {
+ logit("SmartCard key not loaded");
+ /* internal error => return default label */
+ return xstrdup("smartcard key");
+ }
+ r = sc_pkcs15_find_prkey_by_id(p15card, &priv->cert_id, &key_obj);
+ if (r) {
+ logit("Unable to find private key from SmartCard: %s",
+ sc_strerror(r));
+ return xstrdup("smartcard key");
+ }
+ if (key_obj == NULL || key_obj->label == NULL)
+ /* the optional PKCS#15 label does not exists
+ * => return the default label */
+ return xstrdup("smartcard key");
+ return xstrdup(key_obj->label);
+}
+
#endif /* SMARTCARD */
*/
#include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.115 2002/09/04 18:52:42 stevesk Exp $");
-
-#if defined(KRB4)
-#include <krb.h>
-#endif
-#if defined(KRB5)
-#ifdef HEIMDAL
-#else
-/* Bodge - but then, so is using the kerberos IV KEYFILE to get a Kerberos V
- * keytab */
-#define KEYFILE "/etc/krb5.keytab"
-#endif
-#endif
-#ifdef AFS
-#include <kafs.h>
-#endif
+RCSID("$OpenBSD: servconf.c,v 1.127 2003/09/01 18:15:50 markus Exp $");
#include "ssh.h"
#include "log.h"
memset(options, 0, sizeof(*options));
/* Portable-specific options */
- options->pam_authentication_via_kbd_int = -1;
+ options->use_pam = -1;
/* Standard Options */
options->num_ports = 0;
options->keepalives = -1;
options->log_facility = SYSLOG_FACILITY_NOT_SET;
options->log_level = SYSLOG_LEVEL_NOT_SET;
- options->rhosts_authentication = -1;
options->rhosts_rsa_authentication = -1;
options->hostbased_authentication = -1;
options->hostbased_uses_name_from_packet_only = -1;
options->rsa_authentication = -1;
options->pubkey_authentication = -1;
-#ifdef GSSAPI
- options->gss_authentication=-1;
- options->gss_keyex=-1;
- options->gss_use_session_ccache = -1;
- options->gss_cleanup_creds = -1;
-#endif
-#if defined(KRB4) || defined(KRB5)
options->kerberos_authentication = -1;
options->kerberos_or_local_passwd = -1;
options->kerberos_ticket_cleanup = -1;
+#ifdef SESSION_HOOKS
+ options->session_hooks_allow = -1;
+ options->session_hooks_startup_cmd = NULL;
+ options->session_hooks_shutdown_cmd = NULL;
#endif
-#if defined(AFS) || defined(KRB5)
- options->kerberos_tgt_passing = -1;
-#endif
-#ifdef AFS
- options->afs_token_passing = -1;
-#endif
+ options->gss_authentication=-1;
+ options->gss_keyex=-1;
+ options->gss_use_session_ccache = -1;
+ options->gss_cleanup_creds = -1;
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->challenge_response_authentication = -1;
options->max_startups_rate = -1;
options->max_startups = -1;
options->banner = NULL;
- options->verify_reverse_mapping = -1;
+ options->use_dns = -1;
options->client_alive_interval = -1;
options->client_alive_count_max = -1;
options->authorized_keys_file = NULL;
fill_default_server_options(ServerOptions *options)
{
/* Portable-specific options */
- if (options->pam_authentication_via_kbd_int == -1)
- options->pam_authentication_via_kbd_int = 0;
+ if (options->use_pam == -1)
+ options->use_pam = 0;
/* Standard Options */
if (options->protocol == SSH_PROTO_UNKNOWN)
options->log_facility = SYSLOG_FACILITY_AUTH;
if (options->log_level == SYSLOG_LEVEL_NOT_SET)
options->log_level = SYSLOG_LEVEL_INFO;
- if (options->rhosts_authentication == -1)
- options->rhosts_authentication = 0;
if (options->rhosts_rsa_authentication == -1)
options->rhosts_rsa_authentication = 0;
if (options->hostbased_authentication == -1)
options->rsa_authentication = 1;
if (options->pubkey_authentication == -1)
options->pubkey_authentication = 1;
-#ifdef GSSAPI
+ if (options->kerberos_authentication == -1)
+ options->kerberos_authentication = 0;
+ if (options->kerberos_or_local_passwd == -1)
+ options->kerberos_or_local_passwd = 1;
+ if (options->kerberos_ticket_cleanup == -1)
+ options->kerberos_ticket_cleanup = 1;
if (options->gss_authentication == -1)
options->gss_authentication = 1;
if (options->gss_keyex == -1)
- options->gss_keyex =1;
+ options->gss_keyex = 1;
if (options->gss_use_session_ccache == -1)
options->gss_use_session_ccache = 1;
if (options->gss_cleanup_creds == -1)
options->gss_cleanup_creds = 1;
-#endif
-#if defined(KRB4) || defined(KRB5)
- if (options->kerberos_authentication == -1)
- options->kerberos_authentication = 0;
- if (options->kerberos_or_local_passwd == -1)
- options->kerberos_or_local_passwd = 1;
- if (options->kerberos_ticket_cleanup == -1)
- options->kerberos_ticket_cleanup = 1;
-#endif
-#if defined(AFS) || defined(KRB5)
- if (options->kerberos_tgt_passing == -1)
- options->kerberos_tgt_passing = 0;
-#endif
-#ifdef AFS
- if (options->afs_token_passing == -1)
- options->afs_token_passing = 0;
-#endif
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1)
options->max_startups_rate = 100; /* 100% */
if (options->max_startups_begin == -1)
options->max_startups_begin = options->max_startups;
- if (options->verify_reverse_mapping == -1)
- options->verify_reverse_mapping = 0;
+ if (options->use_dns == -1)
+ options->use_dns = 1;
if (options->client_alive_interval == -1)
options->client_alive_interval = 0;
if (options->client_alive_count_max == -1)
typedef enum {
sBadOption, /* == unknown option */
/* Portable-specific options */
- sPAMAuthenticationViaKbdInt,
+ sUsePAM,
/* Standard Options */
sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
sPermitRootLogin, sLogFacility, sLogLevel,
- sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
-#ifdef GSSAPI
- sGssAuthentication, sGssKeyEx, sGssUseSessionCredCache, sGssCleanupCreds,
-#endif
-#if defined(KRB4) || defined(KRB5)
+ sRhostsRSAAuthentication, sRSAAuthentication,
sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
+ sKerberosTgtPassing, sChallengeResponseAuthentication,
+#ifdef SESSION_HOOKS
+ sAllowSessionHooks, sSessionHookStartupCmd, sSessionHookShutdownCmd,
#endif
-#if defined(AFS) || defined(KRB5)
- sKerberosTgtPassing,
-#endif
-#ifdef AFS
- sAFSTokenPassing,
-#endif
- sChallengeResponseAuthentication,
sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
sPrintMotd, sPrintLastLog, sIgnoreRhosts,
sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
- sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
+ sBanner, sUseDNS, sHostbasedAuthentication,
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
+ sGssAuthentication, sGssKeyEx, sGssUseSessionCredCache, sGssCleanupCreds,
sUsePrivilegeSeparation,
- sDeprecated
+ sDeprecated, sUnsupported
} ServerOpCodes;
/* Textual representation of the tokens. */
ServerOpCodes opcode;
} keywords[] = {
/* Portable-specific options */
- { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
+#ifdef USE_PAM
+ { "usepam", sUsePAM },
+#else
+ { "usepam", sUnsupported },
+#endif
+ { "pamauthenticationviakbdint", sDeprecated },
/* Standard Options */
{ "port", sPort },
{ "hostkey", sHostKeyFile },
{ "permitrootlogin", sPermitRootLogin },
{ "syslogfacility", sLogFacility },
{ "loglevel", sLogLevel },
- { "rhostsauthentication", sRhostsAuthentication },
+ { "rhostsauthentication", sDeprecated },
{ "rhostsrsaauthentication", sRhostsRSAAuthentication },
{ "hostbasedauthentication", sHostbasedAuthentication },
{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly },
{ "rsaauthentication", sRSAAuthentication },
{ "pubkeyauthentication", sPubkeyAuthentication },
{ "dsaauthentication", sPubkeyAuthentication }, /* alias */
+#ifdef KRB5
+ { "kerberosauthentication", sKerberosAuthentication },
+ { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
+ { "kerberosticketcleanup", sKerberosTicketCleanup },
+#else
+ { "kerberosauthentication", sUnsupported },
+ { "kerberosorlocalpasswd", sUnsupported },
+ { "kerberosticketcleanup", sUnsupported },
+#endif
+ { "kerberostgtpassing", sUnsupported },
+ { "afstokenpassing", sUnsupported },
#ifdef GSSAPI
{ "gssapiauthentication", sGssAuthentication },
{ "gssapikeyexchange", sGssKeyEx },
{ "gssusesessionccache", sGssUseSessionCredCache },
{ "gssapiusesessioncredcache", sGssUseSessionCredCache },
{ "gssapicleanupcreds", sGssCleanupCreds },
+#else
+ { "gssapiauthentication", sUnsupported },
+ { "gssapikeyexchange", sUnsupported },
+ { "gssusesessionccache", sUnsupported },
+ { "gssapiusesessioncredcache", sUnsupported },
+ { "gssapicleanupcreds", sUnsupported },
#endif
-#if defined(KRB4) || defined(KRB5)
- { "kerberosauthentication", sKerberosAuthentication },
- { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
- { "kerberosticketcleanup", sKerberosTicketCleanup },
-#endif
-#if defined(AFS) || defined(KRB5)
- { "kerberostgtpassing", sKerberosTgtPassing },
-#endif
-#ifdef AFS
- { "afstokenpassing", sAFSTokenPassing },
-#endif
+#ifdef SESSION_HOOKS
+ { "allowsessionhooks", sAllowSessionHooks },
+ { "sessionhookstartupcmd", sSessionHookStartupCmd },
+ { "sessionhookshutdowncmd", sSessionHookShutdownCmd },
+#endif
{ "passwordauthentication", sPasswordAuthentication },
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
{ "challengeresponseauthentication", sChallengeResponseAuthentication },
{ "subsystem", sSubsystem },
{ "maxstartups", sMaxStartups },
{ "banner", sBanner },
- { "verifyreversemapping", sVerifyReverseMapping },
- { "reversemappingcheck", sVerifyReverseMapping },
+ { "usedns", sUseDNS },
+ { "verifyreversemapping", sDeprecated },
+ { "reversemappingcheck", sDeprecated },
{ "clientaliveinterval", sClientAliveInterval },
{ "clientalivecountmax", sClientAliveCountMax },
{ "authorizedkeysfile", sAuthorizedKeysFile },
opcode = parse_token(arg, filename, linenum);
switch (opcode) {
/* Portable-specific options */
- case sPAMAuthenticationViaKbdInt:
- intptr = &options->pam_authentication_via_kbd_int;
+ case sUsePAM:
+ intptr = &options->use_pam;
goto parse_flag;
/* Standard Options */
intptr = &options->ignore_user_known_hosts;
goto parse_flag;
- case sRhostsAuthentication:
- intptr = &options->rhosts_authentication;
- goto parse_flag;
-
case sRhostsRSAAuthentication:
intptr = &options->rhosts_rsa_authentication;
goto parse_flag;
case sPubkeyAuthentication:
intptr = &options->pubkey_authentication;
goto parse_flag;
-#ifdef GSSAPI
- case sGssAuthentication:
- intptr = &options->gss_authentication;
- goto parse_flag;
- case sGssKeyEx:
- intptr = &options->gss_keyex;
- goto parse_flag;
- case sGssUseSessionCredCache:
- intptr = &options->gss_use_session_ccache;
- goto parse_flag;
- case sGssCleanupCreds:
- intptr = &options->gss_cleanup_creds;
- goto parse_flag;
-#endif
-#if defined(KRB4) || defined(KRB5)
+
case sKerberosAuthentication:
intptr = &options->kerberos_authentication;
goto parse_flag;
case sKerberosTicketCleanup:
intptr = &options->kerberos_ticket_cleanup;
goto parse_flag;
-#endif
-#if defined(AFS) || defined(KRB5)
- case sKerberosTgtPassing:
- intptr = &options->kerberos_tgt_passing;
+
+ case sGssAuthentication:
+ intptr = &options->gss_authentication;
goto parse_flag;
-#endif
-#ifdef AFS
- case sAFSTokenPassing:
- intptr = &options->afs_token_passing;
+
+ case sGssKeyEx:
+ intptr = &options->gss_keyex;
goto parse_flag;
-#endif
+
+ case sGssUseSessionCredCache:
+ intptr = &options->gss_use_session_ccache;
+ goto parse_flag;
+
+ case sGssCleanupCreds:
+ intptr = &options->gss_cleanup_creds;
+ goto parse_flag;
+
+#ifdef SESSION_HOOKS
+ case sAllowSessionHooks:
+ intptr = &options->session_hooks_allow;
+ goto parse_flag;
+ case sSessionHookStartupCmd:
+ case sSessionHookShutdownCmd:
+ arg = strdelim(&cp);
+ if (!arg || *arg == '\0')
+ fatal("%s line %d: empty session hook command",
+ filename, linenum);
+ if (opcode==sSessionHookStartupCmd)
+ options->session_hooks_startup_cmd = strdup(arg);
+ else
+ options->session_hooks_shutdown_cmd = strdup(arg);
+ break;
+#endif
case sPasswordAuthentication:
intptr = &options->password_authentication;
intptr = &options->gateway_ports;
goto parse_flag;
- case sVerifyReverseMapping:
- intptr = &options->verify_reverse_mapping;
+ case sUseDNS:
+ intptr = &options->use_dns;
goto parse_flag;
case sLogFacility:
goto parse_int;
case sDeprecated:
- log("%s line %d: Deprecated option %s",
+ logit("%s line %d: Deprecated option %s",
+ filename, linenum, arg);
+ while (arg)
+ arg = strdelim(&cp);
+ break;
+
+ case sUnsupported:
+ logit("%s line %d: Unsupported option %s",
filename, linenum, arg);
while (arg)
arg = strdelim(&cp);
char line[1024];
FILE *f;
+ debug2("read_server_config: filename %s", filename);
f = fopen(filename, "r");
if (!f) {
perror(filename);
-/* $OpenBSD: servconf.h,v 1.59 2002/07/30 17:03:55 markus Exp $ */
+/* $OpenBSD: servconf.h,v 1.65 2003/09/01 18:15:50 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
int gateway_ports; /* If true, allow remote connects to forwarded ports. */
SyslogFacility log_facility; /* Facility for system logging. */
LogLevel log_level; /* Level for system logging. */
- int rhosts_authentication; /* If true, permit rhosts
- * authentication. */
int rhosts_rsa_authentication; /* If true, permit rhosts RSA
* authentication. */
int hostbased_authentication; /* If true, permit ssh2 hostbased auth */
int hostbased_uses_name_from_packet_only; /* experimental */
int rsa_authentication; /* If true, permit RSA authentication. */
int pubkey_authentication; /* If true, permit ssh2 pubkey authentication. */
- #ifdef GSSAPI
- int gss_authentication;
- int gss_keyex;
- int gss_use_session_ccache; /* If true, delegated credentials are
- * stored in a session specific cache */
- int gss_cleanup_creds; /* If true, destroy cred cache on logout */
-#endif
-#if defined(KRB4) || defined(KRB5)
int kerberos_authentication; /* If true, permit Kerberos
* authentication. */
int kerberos_or_local_passwd; /* If true, permit kerberos
* /etc/passwd */
int kerberos_ticket_cleanup; /* If true, destroy ticket
* file on logout. */
+#ifdef SESSION_HOOKS
+ int session_hooks_allow; /* If true, permit user hooks */
+ char* session_hooks_startup_cmd; /* cmd to be executed before */
+ char* session_hooks_shutdown_cmd; /* cmd to be executed after */
#endif
-#if defined(AFS) || defined(KRB5)
- int kerberos_tgt_passing; /* If true, permit Kerberos TGT
- * passing. */
-#endif
-#ifdef AFS
- int afs_token_passing; /* If true, permit AFS token passing. */
-#endif
+ int gss_authentication; /* If true, permit GSSAPI authentication */
+ int gss_keyex;
+ int gss_use_session_ccache; /* If true, delegated credentials are
+ * stored in a session specific cache */
+ int gss_cleanup_creds; /* If true, destroy cred cache on logout */
int password_authentication; /* If true, permit password
* authentication. */
int kbd_interactive_authentication; /* If true, permit */
int max_startups_rate;
int max_startups;
char *banner; /* SSH-2 banner message */
- int verify_reverse_mapping; /* cross-check ip and dns */
+ int use_dns;
int client_alive_interval; /*
* poke the client this often to
* see if it's still there
char *authorized_keys_file; /* File containing public keys */
char *authorized_keys_file2;
- int pam_authentication_via_kbd_int;
+ int use_pam; /* Enable auth via PAM */
} ServerOptions;
void initialize_server_options(ServerOptions *);
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.150 2002/09/16 19:55:33 stevesk Exp $");
+RCSID("$OpenBSD: session.c,v 1.164 2003/09/18 08:49:45 markus Exp $");
#include "ssh.h"
#include "ssh1.h"
#include "ssh-gss.h"
#endif
-#ifdef HAVE_CYGWIN
-#include <windows.h>
-#include <sys/cygwin.h>
-#define is_winnt (GetVersion() < 0x80000000)
-#endif
-
/* func */
Session *session_new(void);
static int session_pty_req(Session *);
+#ifdef SESSION_HOOKS
+static void execute_session_hook(char* prog, Authctxt *authctxt,
+ int startup, int save);
+#endif
+
/* import */
extern ServerOptions options;
extern char *__progname;
extern u_int utmp_len;
extern int startup_pipe;
extern void destroy_sensitive_data(void);
+extern Buffer loginmsg;
/* original command from peer. */
const char *original_command = NULL;
#define MAX_SESSIONS 10
Session sessions[MAX_SESSIONS];
-#ifdef WITH_AIXAUTHENTICATE
-char *aixloginmsg;
-#endif /* WITH_AIXAUTHENTICATE */
-
#ifdef HAVE_LOGIN_CAP
login_cap_t *lc;
#endif
nc = channel_new("auth socket",
SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,
CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
- 0, xstrdup("auth socket"), 1);
+ 0, "auth socket", 1);
strlcpy(nc->path, auth_sock_name, sizeof(nc->path));
return 1;
}
void
do_authenticated(Authctxt *authctxt)
{
+ setproctitle("%s", authctxt->pw->pw_name);
+
/*
* Cancel the alarm we set to limit the time taken for
* authentication.
/* remove agent socket */
if (auth_sock_name != NULL)
auth_sock_cleanup_proc(authctxt->pw);
-#ifdef KRB4
- if (options.kerberos_ticket_cleanup)
- krb4_cleanup_proc(authctxt);
+#ifdef SESSION_HOOKS
+ if (options.session_hooks_allow &&
+ options.session_hooks_shutdown_cmd)
+ {
+ execute_session_hook(options.session_hooks_shutdown_cmd,
+ authctxt,
+ /* startup = */ 0, /* save = */ 0);
+
+ if (authctxt->session_env_file)
+ {
+ free(authctxt->session_env_file);
+ }
+ }
#endif
#ifdef KRB5
if (options.kerberos_ticket_cleanup)
success = 1;
break;
-#if defined(AFS) || defined(KRB5)
- case SSH_CMSG_HAVE_KERBEROS_TGT:
- if (!options.kerberos_tgt_passing) {
- verbose("Kerberos TGT passing disabled.");
- } else {
- char *kdata = packet_get_string(&dlen);
- packet_check_eom();
-
- /* XXX - 0x41, see creds_to_radix version */
- if (kdata[0] != 0x41) {
-#ifdef KRB5
- krb5_data tgt;
- tgt.data = kdata;
- tgt.length = dlen;
-
- if (auth_krb5_tgt(s->authctxt, &tgt))
- success = 1;
- else
- verbose("Kerberos v5 TGT refused for %.100s", s->authctxt->user);
-#endif /* KRB5 */
- } else {
-#ifdef AFS
- if (auth_krb4_tgt(s->authctxt, kdata))
- success = 1;
- else
- verbose("Kerberos v4 TGT refused for %.100s", s->authctxt->user);
-#endif /* AFS */
- }
- xfree(kdata);
- }
- break;
-#endif /* AFS || KRB5 */
-
-#ifdef AFS
- case SSH_CMSG_HAVE_AFS_TOKEN:
- if (!options.afs_token_passing || !k_hasafs()) {
- verbose("AFS token passing disabled.");
- } else {
- /* Accept AFS token. */
- char *token = packet_get_string(&dlen);
- packet_check_eom();
-
- if (auth_afs_token(s->authctxt, token))
- success = 1;
- else
- verbose("AFS token refused for %.100s",
- s->authctxt->user);
- xfree(token);
- }
- break;
-#endif /* AFS */
-
case SSH_CMSG_EXEC_SHELL:
case SSH_CMSG_EXEC_CMD:
if (type == SSH_CMSG_EXEC_CMD) {
}
packet_check_eom();
session_close(s);
+#if defined(GSSAPI)
+ if (options.gss_cleanup_creds)
+ ssh_gssapi_cleanup_creds(NULL);
+#endif
return;
default:
* Any unknown messages in this phase are ignored,
* and a failure message is returned.
*/
- log("Unknown packet type received after authentication: %d", type);
+ logit("Unknown packet type received after authentication: %d", type);
}
packet_start(success ? SSH_SMSG_SUCCESS : SSH_SMSG_FAILURE);
packet_send();
session_proctitle(s);
-#if defined(GSSAPI)
- temporarily_use_uid(s->pw);
- ssh_gssapi_storecreds();
- restore_uid();
-#endif
-
#if defined(USE_PAM)
- do_pam_session(s->pw->pw_name, NULL);
- do_pam_setcred(1);
- if (is_pam_password_change_required())
- packet_disconnect("Password change required but no "
- "TTY available");
+ if (options.use_pam) {
+ do_pam_setcred(1);
+ if (is_pam_password_change_required())
+ packet_disconnect("Password change required but no "
+ "TTY available");
+ }
#endif /* USE_PAM */
/* Fork the child. */
ptyfd = s->ptyfd;
ttyfd = s->ttyfd;
-#if defined(GSSAPI)
- temporarily_use_uid(s->pw);
- ssh_gssapi_storecreds();
- restore_uid();
-#endif
-
#if defined(USE_PAM)
- do_pam_session(s->pw->pw_name, s->tty);
- do_pam_setcred(1);
+ if (options.use_pam) {
+ do_pam_set_tty(s->tty);
+ do_pam_setcred(1);
+ }
#endif
/* Fork the child. */
}
record_utmp_only(pid, s->tty, s->pw->pw_name,
- get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping),
- (struct sockaddr *)&from);
+ get_remote_name_or_ip(utmp_len, options.use_dns),
+ (struct sockaddr *)&from, fromlen);
}
#endif
debug("Forced command '%.900s'", command);
}
+#if defined(SESSION_HOOKS)
+ if (options.session_hooks_allow &&
+ (options.session_hooks_startup_cmd ||
+ options.session_hooks_shutdown_cmd))
+ {
+ char env_file[1000];
+ struct stat st;
+ do
+ {
+ snprintf(env_file,
+ sizeof(env_file),
+ "/tmp/ssh_env_%d%d%d",
+ getuid(),
+ getpid(),
+ rand());
+ } while (stat(env_file, &st)==0);
+ s->authctxt->session_env_file = strdup(env_file);
+ }
+#endif
+
+#ifdef GSSAPI
+ if (options.gss_authentication) {
+ temporarily_use_uid(s->pw);
+ ssh_gssapi_storecreds();
+ restore_uid();
+ }
+#endif
+
if (s->ttyfd != -1)
do_exec_pty(s, command);
else
* the address be 0.0.0.0.
*/
memset(&from, 0, sizeof(from));
+ fromlen = sizeof(from);
if (packet_connection_is_on_socket()) {
- fromlen = sizeof(from);
if (getpeername(packet_get_connection_in(),
(struct sockaddr *) & from, &fromlen) < 0) {
debug("getpeername: %.100s", strerror(errno));
if (!use_privsep)
record_login(pid, s->tty, pw->pw_name, pw->pw_uid,
get_remote_name_or_ip(utmp_len,
- options.verify_reverse_mapping),
+ options.use_dns),
(struct sockaddr *)&from, fromlen);
#ifdef USE_PAM
* If password change is needed, do it now.
* This needs to occur before the ~/.hushlogin check.
*/
- if (is_pam_password_change_required()) {
+ if (options.use_pam && is_pam_password_change_required()) {
print_pam_messages();
do_pam_chauthtok();
+ /* XXX - signal [net] parent to enable forwardings */
}
#endif
return;
#ifdef USE_PAM
- if (!is_pam_password_change_required())
+ if (options.use_pam && !is_pam_password_change_required())
print_pam_messages();
#endif /* USE_PAM */
-#ifdef WITH_AIXAUTHENTICATE
- if (aixloginmsg && *aixloginmsg)
- printf("%s\n", aixloginmsg);
-#endif /* WITH_AIXAUTHENTICATE */
+
+ /* display post-login message */
+ if (buffer_len(&loginmsg) > 0) {
+ buffer_append(&loginmsg, "\0", 1);
+ printf("%s\n", (char *)buffer_ptr(&loginmsg));
+ }
+ buffer_free(&loginmsg);
#ifndef NO_SSH_LASTLOG
if (options.print_lastlog && s->last_login_time != 0) {
child_set_env(char ***envp, u_int *envsizep, const char *name,
const char *value)
{
- u_int i, namelen;
char **env;
+ u_int envsize;
+ u_int i, namelen;
+
+ /*
+ * If we're passed an uninitialized list, allocate a single null
+ * entry before continuing.
+ */
+ if (*envp == NULL && *envsizep == 0) {
+ *envp = xmalloc(sizeof(char *));
+ *envp[0] = NULL;
+ *envsizep = 1;
+ }
/*
* Find the slot where the value should be stored. If the variable
xfree(env[i]);
} else {
/* New variable. Expand if necessary. */
- if (i >= (*envsizep) - 1) {
- if (*envsizep >= 1000)
- fatal("child_set_env: too many env vars,"
- " skipping: %.100s", name);
- (*envsizep) += 50;
- env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *));
+ envsize = *envsizep;
+ if (i >= envsize - 1) {
+ if (envsize >= 1000)
+ fatal("child_set_env: too many env vars");
+ envsize += 50;
+ env = (*envp) = xrealloc(env, envsize * sizeof(char *));
+ *envsizep = envsize;
}
/* Need to set the NULL pointer at end of array beyond the new slot. */
env[i + 1] = NULL;
fclose(f);
}
+#ifdef SESSION_HOOKS
+#define SSH_SESSION_ENV_FILE "SSH_SESSION_ENV_FILE"
+
+typedef enum { no_op, execute, clear_env, restore_env,
+ read_env, save_or_rm_env } session_action_t;
+
+static session_action_t action_order[2][5] = {
+ { clear_env, read_env, execute, save_or_rm_env, restore_env }, /*shutdown*/
+ { execute, read_env, save_or_rm_env, no_op, no_op } /*startup */
+};
+
+static
+void execute_session_hook(char* prog, Authctxt *authctxt,
+ int startup, int save)
+{
+ extern char **environ;
+
+ struct stat st;
+ char **saved_env, **tmpenv;
+ char *env_file = authctxt->session_env_file;
+ int i, status = 0;
+
+ for (i=0; i<5; i++)
+ {
+ switch (action_order[startup][i])
+ {
+ case no_op:
+ break;
+
+ case execute:
+ {
+ FILE* fp;
+ char buf[1000];
+
+ snprintf(buf,
+ sizeof(buf),
+ "%s -c '%s'",
+ authctxt->pw->pw_shell,
+ prog);
+
+ debug("executing session hook: [%s]", buf);
+ setenv(SSH_SESSION_ENV_FILE, env_file, /* overwrite = */ 1);
+
+ /* flusing is recommended in the popen(3) man page, to avoid
+ intermingling of output */
+ fflush(stdout);
+ fflush(stderr);
+ if ((fp=popen(buf, "w")) == NULL)
+ {
+ perror("Unable to run session hook");
+ return;
+ }
+ status = pclose(fp);
+ debug2("session hook executed, status=%d", status);
+ unsetenv(SSH_SESSION_ENV_FILE);
+ }
+ break;
+
+ case clear_env:
+ saved_env = environ;
+ tmpenv = (char**) malloc(sizeof(char*));
+ tmpenv[0] = NULL;
+ environ = tmpenv;
+ break;
+
+ case restore_env:
+ environ = saved_env;
+ free(tmpenv);
+ break;
+
+ case read_env:
+ if (status==0 && stat(env_file, &st)==0)
+ {
+ int envsize = 0;
+
+ debug("reading environment from %s", env_file);
+ while (environ[envsize++]) ;
+ read_environment_file(&environ, &envsize, env_file);
+ }
+ break;
+
+ case save_or_rm_env:
+ if (status==0 && save)
+ {
+ FILE* fp;
+ int envcount=0;
+
+ debug2("saving environment to %s", env_file);
+ if ((fp = fopen(env_file, "w")) == NULL) /* hmm: file perms? */
+ {
+ perror("Unable to save session hook info");
+ }
+ while (environ[envcount])
+ {
+ fprintf(fp, "%s\n", environ[envcount++]);
+ }
+ fflush(fp);
+ fclose(fp);
+ }
+ else if (stat(env_file, &st)==0)
+ {
+ debug2("removing environment file %s", env_file);
+ remove(env_file);
+ }
+ break;
+ }
+ }
+
+}
+#endif
+
+#ifdef HAVE_ETC_DEFAULT_LOGIN
+/*
+ * Return named variable from specified environment, or NULL if not present.
+ */
+static char *
+child_get_env(char **env, const char *name)
+{
+ int i;
+ size_t len;
+
+ len = strlen(name);
+ for (i=0; env[i] != NULL; i++)
+ if (strncmp(name, env[i], len) == 0 && env[i][len] == '=')
+ return(env[i] + len + 1);
+ return NULL;
+}
+
+/*
+ * Read /etc/default/login.
+ * We pick up the PATH (or SUPATH for root) and UMASK.
+ */
+static void
+read_etc_default_login(char ***env, u_int *envsize, uid_t uid)
+{
+ char **tmpenv = NULL, *var;
+ u_int i, tmpenvsize = 0;
+ mode_t mask;
+
+ /*
+ * We don't want to copy the whole file to the child's environment,
+ * so we use a temporary environment and copy the variables we're
+ * interested in.
+ */
+ read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login");
+
+ if (tmpenv == NULL)
+ return;
+
+ if (uid == 0)
+ var = child_get_env(tmpenv, "SUPATH");
+ else
+ var = child_get_env(tmpenv, "PATH");
+ if (var != NULL)
+ child_set_env(env, envsize, "PATH", var);
+
+ if ((var = child_get_env(tmpenv, "UMASK")) != NULL)
+ if (sscanf(var, "%5lo", &mask) == 1)
+ umask(mask);
+
+ for (i = 0; tmpenv[i] != NULL; i++)
+ xfree(tmpenv[i]);
+ xfree(tmpenv);
+}
+#endif /* HAVE_ETC_DEFAULT_LOGIN */
+
void copy_environment(char **source, char ***env, u_int *envsize)
{
char *var_name, *var_val;
{
char buf[256];
u_int i, envsize;
- char **env;
+ char **env, *laddr, *path = NULL;
struct passwd *pw = s->pw;
/* Initialize the environment. */
/* Allow any GSSAPI methods that we've used to alter
* the childs environment as they see fit
*/
- ssh_gssapi_do_child(&env,&envsize);
+ ssh_gssapi_do_child(&env, &envsize);
#endif
if (!options.use_login) {
/* Set basic environment. */
child_set_env(&env, &envsize, "USER", pw->pw_name);
child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
+#ifdef _AIX
+ child_set_env(&env, &envsize, "LOGIN", pw->pw_name);
+#endif
child_set_env(&env, &envsize, "HOME", pw->pw_dir);
#ifdef HAVE_LOGIN_CAP
if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0)
* needed for loading shared libraries. So the path better
* remains intact here.
*/
-# ifdef SUPERUSER_PATH
- child_set_env(&env, &envsize, "PATH",
- s->pw->pw_uid == 0 ? SUPERUSER_PATH : _PATH_STDPATH);
-# else
- child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
-# endif /* SUPERUSER_PATH */
+ if (getenv("LD_LIBRARY_PATH"))
+ child_set_env(&env, &envsize, "LD_LIBRARY_PATH",
+ getenv("LD_LIBRARY_PATH"));
+# ifdef HAVE_ETC_DEFAULT_LOGIN
+ read_etc_default_login(&env, &envsize, pw->pw_uid);
+ path = child_get_env(env, "PATH");
+# endif /* HAVE_ETC_DEFAULT_LOGIN */
+ if (path == NULL || *path == '\0') {
+ child_set_env(&env, &envsize, "PATH",
+ s->pw->pw_uid == 0 ?
+ SUPERUSER_PATH : _PATH_STDPATH);
+ }
# endif /* HAVE_CYGWIN */
#endif /* HAVE_LOGIN_CAP */
get_remote_ipaddr(), get_remote_port(), get_local_port());
child_set_env(&env, &envsize, "SSH_CLIENT", buf);
+ laddr = get_local_ipaddr(packet_get_connection_in());
snprintf(buf, sizeof buf, "%.50s %d %.50s %d",
- get_remote_ipaddr(), get_remote_port(),
- get_local_ipaddr(packet_get_connection_in()), get_local_port());
+ get_remote_ipaddr(), get_remote_port(), laddr, get_local_port());
+ xfree(laddr);
child_set_env(&env, &envsize, "SSH_CONNECTION", buf);
if (s->ttyfd != -1)
read_environment_file(&env, &envsize, "/etc/environment");
}
#endif
-#ifdef KRB4
- if (s->authctxt->krb4_ticket_file)
- child_set_env(&env, &envsize, "KRBTKFILE",
- s->authctxt->krb4_ticket_file);
-#endif
#ifdef KRB5
if (s->authctxt->krb5_ticket_file)
child_set_env(&env, &envsize, "KRB5CCNAME",
* Pull in any environment variables that may have
* been set by PAM.
*/
- {
- char **p;
+ if (options.use_pam) {
+ char **p = fetch_pam_environment();
- p = fetch_pam_environment();
copy_environment(p, &env, &envsize);
free_pam_environment(p);
}
/* Add authority data to .Xauthority if appropriate. */
if (debug_flag) {
fprintf(stderr,
- "Running %.500s add "
- "%.100s %.100s %.100s\n",
+ "Running %.500s remove %.100s\n",
+ options.xauth_location, s->auth_display);
+ fprintf(stderr,
+ "%.500s add %.100s %.100s %.100s\n",
options.xauth_location, s->auth_display,
s->auth_proto, s->auth_data);
}
options.xauth_location);
f = popen(cmd, "w");
if (f) {
+ fprintf(f, "remove %s\n",
+ s->auth_display);
fprintf(f, "add %s %s %s\n",
s->auth_display, s->auth_proto,
s->auth_data);
#endif
if (f) {
/* /etc/nologin exists. Print its contents and exit. */
- log("User %.100s not allowed because %s exists",
+ logit("User %.100s not allowed because %s exists",
pw->pw_name, _PATH_NOLOGIN);
while (fgets(buf, sizeof(buf), f))
fputs(buf, stderr);
fclose(f);
+ fflush(NULL);
exit(254);
}
}
void
do_setusercontext(struct passwd *pw)
{
-#ifdef HAVE_CYGWIN
- if (is_winnt) {
-#else /* HAVE_CYGWIN */
- if (getuid() == 0 || geteuid() == 0) {
+#ifndef HAVE_CYGWIN
+ if (getuid() == 0 || geteuid() == 0)
#endif /* HAVE_CYGWIN */
+ {
+
#ifdef HAVE_SETPCRED
- setpcred(pw->pw_name);
+ if (setpcred(pw->pw_name, (char **)NULL) == -1)
+ fatal("Failed to set process credentials");
#endif /* HAVE_SETPCRED */
#ifdef HAVE_LOGIN_CAP
# ifdef __bsdi__
* These will have been wiped by the above initgroups() call.
* Reestablish them here.
*/
- do_pam_setcred(0);
+ if (options.use_pam) {
+ do_pam_session();
+ do_pam_setcred(0);
+ }
# endif /* USE_PAM */
# if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
irix_setusercontext(pw);
permanently_set_uid(pw);
#endif
}
+
+#ifdef HAVE_CYGWIN
+ if (is_winnt)
+#endif
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
}
*/
if (!options.use_login) {
#ifdef HAVE_OSF_SIA
- session_setup_sia(pw->pw_name, s->ttyfd == -1 ? NULL : s->tty);
+ session_setup_sia(pw, s->ttyfd == -1 ? NULL : s->tty);
if (!check_quietlogin(s, command))
do_motd();
#else /* HAVE_OSF_SIA */
* legal, and means /bin/sh.
*/
shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
+
+ /*
+ * Make sure $SHELL points to the shell from the password file,
+ * even if shell is overridden from login.conf
+ */
+ env = do_setup_env(s, shell);
+
#ifdef HAVE_LOGIN_CAP
shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
#endif
- env = do_setup_env(s, shell);
-
/* we have to stash the hostname before we close our socket. */
if (options.use_login)
hostname = get_remote_name_or_ip(utmp_len,
- options.verify_reverse_mapping);
+ options.use_dns);
/*
* Close the connection descriptors; note that this is the child, and
* the server will still have the socket open, and it is important
}
#endif /* AFS_KRB5 */
-#ifdef AFS
- /* Try to get AFS tokens for the local cell. */
- if (k_hasafs()) {
- char cell[64];
-
- if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0)
- krb_afslog(cell, 0);
-
- krb_afslog(0, 0);
- }
-#endif /* AFS */
+#ifdef SESSION_HOOKS
+ if (options.session_hooks_allow &&
+ options.session_hooks_startup_cmd)
+ {
+ execute_session_hook(options.session_hooks_startup_cmd,
+ s->authctxt,
+ /* startup = */ 1,
+ options.session_hooks_shutdown_cmd != NULL);
+ }
+#endif
/* Change current directory to the user\'s home directory. */
if (chdir(pw->pw_dir) < 0) {
/* Execute the shell. */
argv[0] = argv0;
argv[1] = NULL;
- execve(shell, argv, env);
+ execve(shell, argv, environ);
/* Executing the shell failed. */
perror(shell);
argv[1] = "-c";
argv[2] = (char *) command;
argv[3] = NULL;
- execve(shell, argv, env);
+ execve(shell, argv, environ);
perror(shell);
exit(1);
}
int i;
packet_check_eom();
- log("subsystem request for %.100s", subsys);
+ logit("subsystem request for %.100s", subsys);
for (i = 0; i < options.num_subsystems; i++) {
if (strcmp(subsys, options.subsystem_name[i]) == 0) {
}
if (!success)
- log("subsystem request for %.100s failed, subsystem not found",
+ logit("subsystem request for %.100s failed, subsystem not found",
subsys);
xfree(subsys);
return 1;
}
+static int
+session_break_req(Session *s)
+{
+ u_int break_length;
+
+ break_length = packet_get_int(); /* ignored */
+ packet_check_eom();
+
+ if (s->ttyfd == -1 ||
+ tcsendbreak(s->ttyfd, 0) < 0)
+ return 0;
+ return 1;
+}
+
static int
session_auth_agent_req(Session *s)
{
Session *s;
if ((s = session_by_channel(c->self)) == NULL) {
- log("session_input_channel_req: no session %d req %.100s",
+ logit("session_input_channel_req: no session %d req %.100s",
c->self, rtype);
return 0;
}
success = session_auth_agent_req(s);
} else if (strcmp(rtype, "subsystem") == 0) {
success = session_subsystem_req(s);
+ } else if (strcmp(rtype, "break") == 0) {
+ success = session_break_req(s);
}
}
if (strcmp(rtype, "window-change") == 0) {
{
static char buf[1024];
int i;
+ char *cp;
+
buf[0] = '\0';
for (i = 0; i < MAX_SESSIONS; i++) {
Session *s = &sessions[i];
if (s->used && s->ttyfd != -1) {
+
+ if (strncmp(s->tty, "/dev/", 5) != 0) {
+ cp = strrchr(s->tty, '/');
+ cp = (cp == NULL) ? s->tty : cp + 1;
+ } else
+ cp = s->tty + 5;
+
if (buf[0] != '\0')
strlcat(buf, ",", sizeof buf);
- strlcat(buf, strrchr(s->tty, '/') + 1, sizeof buf);
+ strlcat(buf, cp, sizeof buf);
}
}
if (buf[0] == '\0')
{
server_loop2(authctxt);
#if defined(GSSAPI)
- ssh_gssapi_cleanup_creds(NULL);
+ if (options.gss_cleanup_creds)
+ ssh_gssapi_cleanup_creds(NULL);
#endif
}
-/* $OpenBSD: session.h,v 1.19 2002/06/30 21:59:45 deraadt Exp $ */
+/* $OpenBSD: session.h,v 1.20 2003/08/22 10:56:09 markus Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
Session *session_by_tty(char *);
void session_close(Session *);
void do_setusercontext(struct passwd *);
-
void child_set_env(char ***envp, u_int *envsizep, const char *name,
const char *value);
+
#endif
#include "includes.h"
#include "openbsd-compat/sys-queue.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.105 2002/10/01 20:34:12 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.112 2003/09/18 08:49:45 markus Exp $");
#include <openssl/evp.h>
#include <openssl/md5.h>
#include "authfd.h"
#include "compat.h"
#include "log.h"
+#include "readpass.h"
+#include "misc.h"
#ifdef SMARTCARD
#include "scard.h"
Key *key;
char *comment;
u_int death;
+ u_int confirm;
} Identity;
typedef struct {
char *__progname;
#endif
+/* Default lifetime (0 == forever) */
+static int lifetime = 0;
+
static void
close_socket(SocketEntry *e)
{
return (NULL);
}
+/* Check confirmation of keysign request */
+static int
+confirm_key(Identity *id)
+{
+ char *p, prompt[1024];
+ int ret = -1;
+
+ p = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX);
+ snprintf(prompt, sizeof(prompt), "Allow use of key %s?\n"
+ "Key fingerprint %s.", id->comment, p);
+ xfree(p);
+ p = read_passphrase(prompt, RP_ALLOW_EOF);
+ if (p != NULL) {
+ /*
+ * Accept empty responses and responses consisting
+ * of the word "yes" as affirmative.
+ */
+ if (*p == '\0' || *p == '\n' || strcasecmp(p, "yes") == 0)
+ ret = 0;
+ xfree(p);
+ }
+ return (ret);
+}
+
/* send list of supported public keys to 'client' */
static void
process_request_identities(SocketEntry *e, int version)
goto failure;
id = lookup_identity(key, 1);
- if (id != NULL) {
+ if (id != NULL && (!id->confirm || confirm_key(id) == 0)) {
Key *private = id->key;
/* Decrypt the challenge using the private key. */
if (rsa_private_decrypt(challenge, challenge, private->rsa) <= 0)
/* The response is MD5 of decrypted challenge plus session id. */
len = BN_num_bytes(challenge);
if (len <= 0 || len > 32) {
- log("process_authentication_challenge: bad challenge length %d", len);
+ logit("process_authentication_challenge: bad challenge length %d", len);
goto failure;
}
memset(buf, 0, 32);
key = key_from_blob(blob, blen);
if (key != NULL) {
Identity *id = lookup_identity(key, 2);
- if (id != NULL)
+ if (id != NULL && (!id->confirm || confirm_key(id) == 0))
ok = key_sign(id->key, &signature, &slen, data, dlen);
}
key_free(key);
buffer_get_bignum(&e->request, key->rsa->n);
if (bits != key_size(key))
- log("Warning: identity keysize mismatch: actual %u, announced %u",
+ logit("Warning: identity keysize mismatch: actual %u, announced %u",
key_size(key), bits);
break;
case 2:
process_add_identity(SocketEntry *e, int version)
{
Idtab *tab = idtab_lookup(version);
- int type, success = 0, death = 0;
+ int type, success = 0, death = 0, confirm = 0;
char *type_name, *comment;
Key *k = NULL;
}
break;
}
+ /* enable blinding */
+ switch (k->type) {
+ case KEY_RSA:
+ case KEY_RSA1:
+ if (RSA_blinding_on(k->rsa, NULL) != 1) {
+ error("process_add_identity: RSA_blinding_on failed");
+ key_free(k);
+ goto send;
+ }
+ break;
+ }
comment = buffer_get_string(&e->request, NULL);
if (k == NULL) {
xfree(comment);
case SSH_AGENT_CONSTRAIN_LIFETIME:
death = time(NULL) + buffer_get_int(&e->request);
break;
+ case SSH_AGENT_CONSTRAIN_CONFIRM:
+ confirm = 1;
+ break;
default:
break;
}
}
+ if (lifetime && !death)
+ death = time(NULL) + lifetime;
if (lookup_identity(k, version) == NULL) {
Identity *id = xmalloc(sizeof(Identity));
id->key = k;
id->comment = comment;
id->death = death;
+ id->confirm = confirm;
TAILQ_INSERT_TAIL(&tab->idlist, id, next);
/* Increment the number of identities. */
tab->nentries++;
process_add_smartcard_key (SocketEntry *e)
{
char *sc_reader_id = NULL, *pin;
- int i, version, success = 0;
+ int i, version, success = 0, death = 0, confirm = 0;
Key **keys, *k;
Identity *id;
Idtab *tab;
sc_reader_id = buffer_get_string(&e->request, NULL);
pin = buffer_get_string(&e->request, NULL);
+
+ while (buffer_len(&e->request)) {
+ switch (buffer_get_char(&e->request)) {
+ case SSH_AGENT_CONSTRAIN_LIFETIME:
+ death = time(NULL) + buffer_get_int(&e->request);
+ break;
+ case SSH_AGENT_CONSTRAIN_CONFIRM:
+ confirm = 1;
+ break;
+ default:
+ break;
+ }
+ }
+ if (lifetime && !death)
+ death = time(NULL) + lifetime;
+
keys = sc_get_keys(sc_reader_id, pin);
xfree(sc_reader_id);
xfree(pin);
if (lookup_identity(k, version) == NULL) {
id = xmalloc(sizeof(Identity));
id->key = k;
- id->comment = xstrdup("smartcard key");
- id->death = 0;
+ id->comment = sc_get_key_label(k);
+ id->death = death;
+ id->confirm = confirm;
TAILQ_INSERT_TAIL(&tab->idlist, id, next);
tab->nentries++;
success = 1;
break;
#ifdef SMARTCARD
case SSH_AGENTC_ADD_SMARTCARD_KEY:
+ case SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED:
process_add_smartcard_key(e);
break;
case SSH_AGENTC_REMOVE_SMARTCARD_KEY:
static void
new_socket(sock_type type, int fd)
{
- u_int i, old_alloc;
+ u_int i, old_alloc, new_alloc;
if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0)
error("fcntl O_NONBLOCK: %s", strerror(errno));
for (i = 0; i < sockets_alloc; i++)
if (sockets[i].type == AUTH_UNUSED) {
sockets[i].fd = fd;
- sockets[i].type = type;
buffer_init(&sockets[i].input);
buffer_init(&sockets[i].output);
buffer_init(&sockets[i].request);
+ sockets[i].type = type;
return;
}
old_alloc = sockets_alloc;
- sockets_alloc += 10;
+ new_alloc = sockets_alloc + 10;
if (sockets)
- sockets = xrealloc(sockets, sockets_alloc * sizeof(sockets[0]));
+ sockets = xrealloc(sockets, new_alloc * sizeof(sockets[0]));
else
- sockets = xmalloc(sockets_alloc * sizeof(sockets[0]));
- for (i = old_alloc; i < sockets_alloc; i++)
+ sockets = xmalloc(new_alloc * sizeof(sockets[0]));
+ for (i = old_alloc; i < new_alloc; i++)
sockets[i].type = AUTH_UNUSED;
- sockets[old_alloc].type = type;
+ sockets_alloc = new_alloc;
sockets[old_alloc].fd = fd;
buffer_init(&sockets[old_alloc].input);
buffer_init(&sockets[old_alloc].output);
buffer_init(&sockets[old_alloc].request);
+ sockets[old_alloc].type = type;
}
static int
/* printf("Parent has died - Authentication agent exiting.\n"); */
cleanup_handler(sig); /* safe */
}
- signal(SIGALRM, check_parent_exists);
+ mysignal(SIGALRM, check_parent_exists);
alarm(10);
errno = save_errno;
}
fprintf(stderr, " -k Kill the current agent.\n");
fprintf(stderr, " -d Debug mode.\n");
fprintf(stderr, " -a socket Bind agent socket to given name.\n");
+ fprintf(stderr, " -t life Default identity lifetime (seconds).\n");
exit(1);
}
int
main(int ac, char **av)
{
- int sock, c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0, ch, nalloc;
+ int c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0;
+ int sock, fd, ch, nalloc;
char *shell, *format, *pidstr, *agentsocket = NULL;
fd_set *readsetp = NULL, *writesetp = NULL;
struct sockaddr_un sunaddr;
SSLeay_add_all_algorithms();
- __progname = get_progname(av[0]);
+ __progname = ssh_get_progname(av[0]);
init_rng();
seed_rng();
- while ((ch = getopt(ac, av, "cdksa:")) != -1) {
+ while ((ch = getopt(ac, av, "cdksa:t:")) != -1) {
switch (ch) {
case 'c':
if (s_flag)
case 'a':
agentsocket = optarg;
break;
+ case 't':
+ if ((lifetime = convtime(optarg)) == -1) {
+ fprintf(stderr, "Invalid lifetime\n");
+ usage();
+ }
+ break;
default:
usage();
}
}
(void)chdir("/");
- close(0);
- close(1);
- close(2);
+ if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
+ /* XXX might close listen socket */
+ (void)dup2(fd, STDIN_FILENO);
+ (void)dup2(fd, STDOUT_FILENO);
+ (void)dup2(fd, STDERR_FILENO);
+ if (fd > 2)
+ close(fd);
+ }
#ifdef HAVE_SETRLIMIT
/* deny core dumps, since memory contains unencrypted private keys */
fatal_add_cleanup(cleanup_socket, NULL);
new_socket(AUTH_SOCKET, sock);
if (ac > 0) {
- signal(SIGALRM, check_parent_exists);
+ mysignal(SIGALRM, check_parent_exists);
alarm(10);
}
idtab_init();
+++ /dev/null
-/* $OpenBSD: ssh-dss.h,v 1.5 2001/06/26 17:27:25 markus Exp $ */
-
-/*
- * Copyright (c) 2000 Markus Friedl. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-#ifndef DSA_H
-#define DSA_H
-
-int ssh_dss_sign(Key *, u_char **, int *, u_char *, int);
-int ssh_dss_verify(Key *, u_char *, int, u_char *, int);
-
-#endif
/*
- * Copyright (c) 2001,2002 Simon Wilkinson. All rights reserved.
+ * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
#endif /* KRB5 */
#endif /* !MECHGLUE */
-/* draft-ietf-secsh-gsskeyex-03 */
+/* draft-ietf-secsh-gsskeyex-06 */
#define SSH2_MSG_KEXGSS_INIT 30
#define SSH2_MSG_KEXGSS_CONTINUE 31
#define SSH2_MSG_KEXGSS_COMPLETE 32
#define SSH2_MSG_KEXGSS_HOSTKEY 33
#define SSH2_MSG_KEXGSS_ERROR 34
-#define SSH2_MSG_USERAUTH_GSSAPI_RESPONSE 60
-#define SSH2_MSG_USERAUTH_GSSAPI_TOKEN 61
-#define SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE 63
-#define SSH2_MSG_USERAUTH_GSSAPI_ERROR 64
+#define SSH2_MSG_USERAUTH_GSSAPI_RESPONSE 60
+#define SSH2_MSG_USERAUTH_GSSAPI_TOKEN 61
+#define SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE 63
+#define SSH2_MSG_USERAUTH_GSSAPI_ERROR 64
+#define SSH2_MSG_USERAUTH_GSSAPI_ERRTOK 65
+
+#define SSH_GSS_OIDTYPE 0x06
#define KEX_GSS_SHA1 "gss-group1-sha1-"
-enum ssh_gss_id {
-#ifdef KRB5
- GSS_KERBEROS,
-#endif
-#ifdef GSI
- GSS_GSI,
-#endif /* GSI */
- GSS_LAST_ENTRY
-};
-
-typedef struct ssh_gss_mech_struct {
- char *enc_name;
- char *name;
- gss_OID_desc oid;
+typedef struct {
+ char *filename;
+ char *envvar;
+ char *envval;
+ void *data;
+} ssh_gssapi_ccache;
+
+typedef struct {
+ gss_buffer_desc displayname;
+ gss_buffer_desc exportedname;
+ gss_cred_id_t creds;
+ struct ssh_gssapi_mech_struct *mech;
+ ssh_gssapi_ccache store;
+} ssh_gssapi_client;
+
+typedef struct ssh_gssapi_mech_struct {
+ char *enc_name;
+ char *name;
+ gss_OID_desc oid;
+ int (*dochild) (ssh_gssapi_client *);
+ int (*userok) (ssh_gssapi_client *, char *);
+ int (*localname) (ssh_gssapi_client *, char **);
+ void (*storecreds) (ssh_gssapi_client *);
} ssh_gssapi_mech;
typedef struct {
- OM_uint32 status; /* both */
+ OM_uint32 major; /* both */
+ OM_uint32 minor; /* both */
gss_ctx_id_t context; /* both */
gss_name_t name; /* both */
gss_OID oid; /* both */
gss_cred_id_t client_creds; /* server */
} Gssctxt;
-extern ssh_gssapi_mech supported_mechs[];
-extern gss_buffer_desc gssapi_client_name;
-extern gss_cred_id_t gssapi_client_creds;
-extern enum ssh_gss_id gssapi_client_type;
+extern ssh_gssapi_mech *supported_mechs[];
-char *ssh_gssapi_mechanisms(int server, char *host);
-gss_OID ssh_gssapi_id_kex(Gssctxt *ctx, char *name);
+char *ssh_gssapi_mechanisms(char *host);
+char *ssh_gssapi_client_mechanisms(char *host);
+gss_OID ssh_gssapi_client_id_kex(Gssctxt *ctx, char *name);
+int ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len);
void ssh_gssapi_set_oid_data(Gssctxt *ctx, void *data, size_t len);
void ssh_gssapi_set_oid(Gssctxt *ctx, gss_OID oid);
void ssh_gssapi_supported_oids(gss_OID_set *oidset);
-enum ssh_gss_id ssh_gssapi_get_ctype(Gssctxt *ctxt);
+ssh_gssapi_mech *ssh_gssapi_get_ctype(Gssctxt *ctxt);
OM_uint32 ssh_gssapi_import_name(Gssctxt *ctx, const char *host);
OM_uint32 ssh_gssapi_acquire_cred(Gssctxt *ctx);
OM_uint32 ssh_gssapi_init_ctx(Gssctxt *ctx, int deleg_creds,
- gss_buffer_desc *recv_tok,
- gss_buffer_desc *send_tok, OM_uint32 *flags);
+ gss_buffer_desc *recv_tok, gss_buffer_desc *send_tok, OM_uint32 *flags);
OM_uint32 ssh_gssapi_accept_ctx(Gssctxt *ctx,
- gss_buffer_desc *recv_tok,
- gss_buffer_desc *send_tok,
- OM_uint32 *flags);
-OM_uint32 ssh_gssapi_getclient(Gssctxt *ctx,
- enum ssh_gss_id *type,
- gss_buffer_desc *name,
- gss_cred_id_t *creds);
-void ssh_gssapi_error(gss_OID mech,
- OM_uint32 major_status, OM_uint32 minor_status);
-void ssh_gssapi_send_error(gss_OID mech,
- OM_uint32 major_status,OM_uint32 minor_status);
+ gss_buffer_desc *recv_tok, gss_buffer_desc *send_tok, OM_uint32 *flags);
+OM_uint32 ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *);
+void ssh_gssapi_error(Gssctxt *ctx);
+char *ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *maj, OM_uint32 *min);
void ssh_gssapi_build_ctx(Gssctxt **ctx);
void ssh_gssapi_delete_ctx(Gssctxt **ctx);
-OM_uint32 ssh_gssapi_client_ctx(Gssctxt **ctx,gss_OID oid,char *host);
-OM_uint32 ssh_gssapi_server_ctx(Gssctxt **ctx,gss_OID oid);
+OM_uint32 ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid);
+
+int ssh_gssapi_check_mechanism(gss_OID oid, char *host);
/* In the server */
+gss_OID ssh_gssapi_server_id_kex(char *name);
int ssh_gssapi_userok(char *name);
-int ssh_gssapi_localname(char **lname);
+int ssh_gssapi_localname(char **name);
void ssh_gssapi_server(Kex *kex, Buffer *client_kexinit,
Buffer *server_kexinit);
OM_uint32 ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *buffer,
gss_buffer_desc *hash);
-void ssh_gssapi_do_child(char ***envp, u_int *envsizep);
+void ssh_gssapi_do_child(char ***envp, u_int *envsizep);
void ssh_gssapi_cleanup_creds(void *ignored);
-void ssh_gssapi_storecreds();
-void ssh_gssapi_clean_env();
-
-#ifdef GSI
-int gsi_gridmap(char *subject_name, char **mapped_name);
-#endif
+void ssh_gssapi_storecreds(void);
+char *ssh_gssapi_server_mechanisms();
#ifdef MECHGLUE
gss_cred_id_t __gss_get_mechanism_cred
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keyscan.c,v 1.30 2001/10/08 19:05:05 markus Exp $");
+RCSID("$OpenBSD: ssh-keyscan.c,v 1.44 2003/06/28 16:23:06 deraadt Exp $");
-#if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H)
-#include <sys/queue.h>
-#else
-#include "openbsd-compat/fake-queue.h"
-#endif
-#include <errno.h>
+#include "openbsd-compat/sys-queue.h"
#include <openssl/bn.h>
/* Flag indicating whether IPv4 or IPv6. This can be set on the command line.
Default value is AF_UNSPEC means both IPv4 and IPv6. */
-#ifdef IPV4_DEFAULT
-int IPv4or6 = AF_INET;
-#else
int IPv4or6 = AF_UNSPEC;
-#endif
int ssh_port = SSH_DEFAULT_PORT;
if (!(lb = malloc(sizeof(*lb)))) {
if (errfun)
- (*errfun) ("linebuf (%s): malloc failed\n", lb->filename);
+ (*errfun) ("linebuf (%s): malloc failed\n",
+ filename ? filename : "(stdin)");
return (NULL);
}
if (filename) {
Linebuf_getline(Linebuf * lb)
{
int n = 0;
+ void *p;
lb->lineno++;
for (;;) {
/* Read a line */
if (!fgets(&lb->buf[n], lb->size - n, lb->stream)) {
if (ferror(lb->stream) && lb->errfun)
- (*lb->errfun) ("%s: %s\n", lb->filename,
+ (*lb->errfun)("%s: %s\n", lb->filename,
strerror(errno));
return (NULL);
}
}
if (n != lb->size - 1) {
if (lb->errfun)
- (*lb->errfun) ("%s: skipping incomplete last line\n",
+ (*lb->errfun)("%s: skipping incomplete last line\n",
lb->filename);
return (NULL);
}
/* Double the buffer if we need more space */
- if (!(lb->buf = realloc(lb->buf, (lb->size *= 2)))) {
+ lb->size *= 2;
+ if ((p = realloc(lb->buf, lb->size)) == NULL) {
+ lb->size /= 2;
if (lb->errfun)
- (*lb->errfun) ("linebuf (%s): realloc failed\n",
+ (*lb->errfun)("linebuf (%s): realloc failed\n",
lb->filename);
return (NULL);
}
+ lb->buf = p;
}
}
#if defined(HAVE_SETRLIMIT) && defined(RLIMIT_NOFILE)
struct rlimit rlfd;
#endif
+
if (lim <= 0)
return (-1);
#if defined(HAVE_SETRLIMIT) && defined(RLIMIT_NOFILE)
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = c->c_keytype == KT_DSA?
"ssh-dss": "ssh-rsa";
c->c_kex = kex_setup(myproposal);
+ c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
+ c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
c->c_kex->verify_host_key = hostjump;
if (!(j = setjmp(kexjmp))) {
if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
fatal("getaddrinfo %s: %s", host, gai_strerror(gaierr));
for (ai = aitop; ai; ai = ai->ai_next) {
- s = socket(ai->ai_family, SOCK_STREAM, 0);
+ s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
if (s < 0) {
error("socket: %s", strerror(errno));
continue;
static int
conalloc(char *iname, char *oname, int keytype)
{
- int s;
char *namebase, *name, *namelist;
+ int s;
namebase = namelist = xstrdup(iname);
static int
conrecycle(int s)
{
- int ret;
con *c = &fdcon[s];
+ int ret;
ret = conalloc(c->c_namelist, c->c_output_name, c->c_keytype);
confree(s);
static void
congreet(int s)
{
+ int remote_major, remote_minor, n = 0;
char buf[256], *cp;
+ char remote_version[sizeof buf];
size_t bufsiz;
- int n = 0;
con *c = &fdcon[s];
bufsiz = sizeof(buf);
conrecycle(s);
return;
}
+ if (n == 0) {
+ error("%s: Connection closed by remote host", c->c_name);
+ conrecycle(s);
+ return;
+ }
if (*cp != '\n' && *cp != '\r') {
error("%s: bad greeting", c->c_name);
confree(s);
return;
}
*cp = '\0';
+ if (sscanf(buf, "SSH-%d.%d-%[^\n]\n",
+ &remote_major, &remote_minor, remote_version) == 3)
+ compat_datafellows(remote_version);
+ else
+ datafellows = 0;
if (c->c_keytype != KT_RSA1) {
- int remote_major, remote_minor;
- char remote_version[sizeof buf];
-
- if (sscanf(buf, "SSH-%d.%d-%[^\n]\n",
- &remote_major, &remote_minor, remote_version) == 3)
- compat_datafellows(remote_version);
- else
- datafellows = 0;
if (!ssh2_capable(remote_major, remote_minor)) {
debug("%s doesn't support ssh2", c->c_name);
confree(s);
return;
}
+ } else if (remote_major != 1) {
+ debug("%s doesn't support ssh1", c->c_name);
+ confree(s);
+ return;
}
fprintf(stderr, "# %s %s\n", c->c_name, chop(buf));
n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n",
c->c_keytype == KT_RSA1? PROTOCOL_MAJOR_1 : PROTOCOL_MAJOR_2,
c->c_keytype == KT_RSA1? PROTOCOL_MINOR_1 : PROTOCOL_MINOR_2);
- if (atomicio(write, s, buf, n) != n) {
+ if (atomicio(vwrite, s, buf, n) != n) {
error("write (%s): %s", c->c_name, strerror(errno));
confree(s);
return;
static void
conread(int s)
{
- int n;
con *c = &fdcon[s];
+ int n;
if (c->c_status == CS_CON) {
congreet(s);
static void
conloop(void)
{
- fd_set *r, *e;
struct timeval seltime, now;
- int i;
+ fd_set *r, *e;
con *c;
+ int i;
gettimeofday(&now, NULL);
- c = tq.tqh_first;
+ c = TAILQ_FIRST(&tq);
if (c && (c->c_tv.tv_sec > now.tv_sec ||
(c->c_tv.tv_sec == now.tv_sec && c->c_tv.tv_usec > now.tv_usec))) {
xfree(r);
xfree(e);
- c = tq.tqh_first;
+ c = TAILQ_FIRST(&tq);
while (c && (c->c_tv.tv_sec < now.tv_sec ||
(c->c_tv.tv_sec == now.tv_sec && c->c_tv.tv_usec < now.tv_usec))) {
int s = c->c_fd;
- c = c->c_link.tqe_next;
+ c = TAILQ_NEXT(c, c_link);
conrecycle(s);
}
}
char *name = strnnsep(&host, " \t\n");
int j;
+ if (name == NULL)
+ return;
for (j = KT_RSA1; j <= KT_RSA; j *= 2) {
if (get_keytypes & j) {
while (ncon >= MAXCON)
}
}
-static void
-fatal_callback(void *arg)
+void
+fatal(const char *fmt,...)
{
+ va_list args;
+
+ va_start(args, fmt);
+ do_log(SYSLOG_LEVEL_FATAL, fmt, args);
+ va_end(args);
if (nonfatal_fatal)
longjmp(kexjmp, -1);
+ else
+ fatal_cleanup();
}
static void
usage(void)
{
- fprintf(stderr, "Usage: %s [options] host ...\n",
+ fprintf(stderr, "usage: %s [-v46] [-p port] [-T timeout] [-t type] [-f file]\n"
+ "\t\t [host | addrlist namelist] [...]\n",
__progname);
- fprintf(stderr, "Options:\n");
- fprintf(stderr, " -f file Read hosts or addresses from file.\n");
- fprintf(stderr, " -p port Connect to the specified port.\n");
- fprintf(stderr, " -t keytype Specify the host key type.\n");
- fprintf(stderr, " -T timeout Set connection timeout.\n");
- fprintf(stderr, " -v Verbose; display verbose debugging messages.\n");
- fprintf(stderr, " -4 Use IPv4 only.\n");
- fprintf(stderr, " -6 Use IPv6 only.\n");
exit(1);
}
extern int optind;
extern char *optarg;
- __progname = get_progname(argv[0]);
+ __progname = ssh_get_progname(argv[0]);
init_rng();
seed_rng();
TAILQ_INIT(&tq);
}
break;
case 'T':
- timeout = atoi(optarg);
- if (timeout <= 0)
+ timeout = convtime(optarg);
+ if (timeout == -1 || timeout == 0) {
+ fprintf(stderr, "Bad timeout '%s'\n", optarg);
usage();
+ }
break;
case 'v':
if (!debug_flag) {
get_keytypes |= KT_RSA;
break;
case KEY_UNSPEC:
- fatal("unknown key type %s\n", tname);
+ fatal("unknown key type %s", tname);
}
tname = strtok(NULL, ",");
}
usage();
log_init("ssh-keyscan", log_level, SYSLOG_FACILITY_USER, 1);
- fatal_add_cleanup(fatal_callback, NULL);
maxfd = fdlim_get(1);
if (maxfd < 0)
-.\" $OpenBSD: ssh-keysign.8,v 1.3 2002/07/03 14:21:05 markus Exp $
+.\" $OpenBSD: ssh-keysign.8,v 1.7 2003/06/10 09:12:11 jmc Exp $
.\"
.\" Copyright (c) 2002 Markus Friedl. All rights reserved.
.\"
.Pp
.Nm
is disabled by default and can only be enabled in the
-the global client configuration file
+global client configuration file
.Pa /etc/ssh/ssh_config
by setting
-.Cm HostbasedAuthentication
+.Cm EnableSSHKeysign
to
.Dq yes .
.Pp
is enabled.
.It Pa /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys used to
-generate the digital signature. They
-should be owned by root, readable only by root, and not
+generate the digital signature.
+They should be owned by root, readable only by root, and not
accessible to others.
Since they are readable only by root,
.Nm
.Xr ssh-keygen 1 ,
.Xr ssh_config 5 ,
.Xr sshd 8
-.Sh AUTHORS
-Markus Friedl <markus@openbsd.org>
.Sh HISTORY
.Nm
first appeared in
.Ox 3.2 .
+.Sh AUTHORS
+.An Markus Friedl Aq markus@openbsd.org
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keysign.c,v 1.7 2002/07/03 14:21:05 markus Exp $");
+RCSID("$OpenBSD: ssh-keysign.c,v 1.13 2003/07/03 08:09:06 djm Exp $");
#include <openssl/evp.h>
#include <openssl/rand.h>
#include "pathnames.h"
#include "readconf.h"
-uid_t original_real_uid; /* XXX readconf.c needs this */
+/* XXX readconf.c needs these */
+uid_t original_real_uid;
#ifdef HAVE___PROGNAME
extern char *__progname;
u_int datalen)
{
Buffer b;
- Key *key;
+ Key *key = NULL;
u_char *pkblob;
u_int blen, len;
char *pkalg, *p;
initialize_options(&options);
(void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options);
fill_default_options(&options);
- if (options.hostbased_authentication != 1)
- fatal("Hostbased authentication not enabled in %s",
+ if (options.enable_ssh_keysign != 1)
+ fatal("ssh-keysign not enabled in %s",
_PATH_HOST_CONFIG_FILE);
if (key_fd[0] == -1 && key_fd[1] == -1)
keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC,
NULL, NULL);
close(key_fd[i]);
- if (keys[i] != NULL && keys[i]->type == KEY_RSA) {
- if (RSA_blinding_on(keys[i]->rsa, NULL) != 1) {
- error("RSA_blinding_on failed");
- key_free(keys[i]);
- keys[i] = NULL;
- }
- }
if (keys[i] != NULL)
found = 1;
}
msg[0] = 0x02;
msg[1] = len;
- if (atomicio(write, fd, msg, sizeof(msg)) != sizeof(msg)) {
+ if (atomicio(vwrite, fd, msg, sizeof(msg)) != sizeof(msg)) {
if (errno == EPIPE && errors < 10) {
close(fd);
errors++;
case 0:
/* timer expired */
error_abort = 1;
+ kill(pid, SIGINT);
break;
case 1:
/* command input */
/* mode 0600, owned by root or the current user? */
if (((st.st_mode & 0177) != 0) || !(st.st_uid == getuid())) {
debug("WARNING: PRNG seedfile %.100s must be mode 0600, "
- "owned by uid %d", filename, getuid());
+ "owned by uid %li", filename, (long int)getuid());
return 0;
}
pw = getpwuid(getuid());
if (pw == NULL)
fatal("Couldn't get password entry for current user "
- "(%i): %s", getuid(), strerror(errno));
+ "(%li): %s", (long int)getuid(), strerror(errno));
/* Try to ensure that the parent directory is there */
snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
debug("writing PRNG seed to file %.100s", filename);
- RAND_bytes(seed, sizeof(seed));
+ if (RAND_bytes(seed, sizeof(seed)) <= 0)
+ fatal("PRNG seed extration failed");
/* Don't care if the seed doesn't exist */
prng_check_seedfile(filename);
debug("WARNING: couldn't access PRNG seedfile %.100s "
"(%.100s)", filename, strerror(errno));
} else {
- if (atomicio(write, fd, &seed, sizeof(seed)) < sizeof(seed))
+ if (atomicio(vwrite, fd, &seed, sizeof(seed)) < sizeof(seed))
fatal("problem writing PRNG seedfile %.100s "
"(%.100s)", filename, strerror(errno));
close(fd);
pw = getpwuid(getuid());
if (pw == NULL)
fatal("Couldn't get password entry for current user "
- "(%i): %s", getuid(), strerror(errno));
+ "(%li): %s", (long int)getuid(), strerror(errno));
snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
SSH_PRNG_SEED_FILE);
extern char *optarg;
LogLevel ll;
- __progname = get_progname(argv[0]);
+ __progname = ssh_get_progname(argv[0]);
log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
ll = SYSLOG_LEVEL_INFO;
if (!RAND_status())
fatal("Not enough entropy in RNG");
- RAND_bytes(buf, bytes);
+ if (RAND_bytes(buf, bytes) <= 0)
+ fatal("Couldn't extract entropy from PRNG");
if (output_hex) {
for(ret = 0; ret < bytes; ret++)
printf("%02x", (unsigned char)(buf[ret]));
printf("\n");
} else
- ret = atomicio(write, STDOUT_FILENO, buf, bytes);
+ ret = atomicio(vwrite, STDOUT_FILENO, buf, bytes);
memset(buf, '\0', bytes);
xfree(buf);
+++ /dev/null
-/* $OpenBSD: ssh-rsa.h,v 1.5 2001/06/26 17:27:25 markus Exp $ */
-
-/*
- * Copyright (c) 2000 Markus Friedl. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-#ifndef SSH_RSA_H
-#define SSH_RSA_H
-
-int ssh_rsa_sign(Key *, u_char **, int *, u_char *, int);
-int ssh_rsa_verify(Key *, u_char *, int, u_char *, int);
-
-#endif
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.167 2002/09/27 15:46:21 stevesk Exp $
+.\" $OpenBSD: ssh.1,v 1.175 2003/07/22 13:35:22 markus Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
.Op Ar command
.Pp
.Nm ssh
-.Op Fl afgknqstvxACNTX1246
+.Bk -words
+.Op Fl afgknqstvxACNTVX1246
.Op Fl b Ar bind_address
.Op Fl c Ar cipher_spec
.Op Fl e Ar escape_char
.Sm on
.Xc
.Oc
+.Ek
+.Bk -words
.Oo Fl R Xo
.Sm off
.Ar port :
.Op Fl D Ar port
.Ar hostname | user@hostname
.Op Ar command
+.Ek
.Sh DESCRIPTION
.Nm
(SSH client) is a program for logging into a remote machine and for
to terminate
.It Cm ~?
Display a list of escape characters
+.It Cm ~B
+Send a BREAK to the remote system (only useful for SSH protocol version 2
+and if the peer supports it)
.It Cm ~C
Open command line (only useful for adding port forwardings using the
.Fl L
.Fl A
and
.Fl a
-options described later) and
+options described later) and
the user is using an authentication agent, the connection to the agent
is automatically forwarded to the remote side.
.Pp
Enables forwarding of the authentication agent connection.
This can also be specified on a per-host basis in a configuration file.
.Pp
-Agent forwarding should be enabled with caution. Users with the
-ability to bypass file permissions on the remote host (for the agent's
-Unix-domain socket) can access the local agent through the forwarded
-connection. An attacker cannot obtain key material from the agent,
+Agent forwarding should be enabled with caution.
+Users with the ability to bypass file permissions on the remote host
+(for the agent's Unix-domain socket)
+can access the local agent through the forwarded connection.
+An attacker cannot obtain key material from the agent,
however they can perform operations on the keys that enable them to
authenticate using the identities loaded into the agent.
.It Fl b Ar bind_address
client for interoperability with legacy protocol 1 implementations
that do not support the
.Ar 3des
-cipher. Its use is strongly discouraged due to cryptographic
-weaknesses.
+cipher.
+Its use is strongly discouraged due to cryptographic weaknesses.
.It Fl c Ar cipher_spec
Additionally, for protocol version 2 a comma-separated list of ciphers can
be specified in order of preference.
options (and multiple identities specified in
configuration files).
.It Fl I Ar smartcard_device
-Specifies which smartcard device to use. The argument is
-the device
+Specifies which smartcard device to use.
+The argument is the device
.Nm
should use to communicate with a smartcard used for storing the user's
private RSA key.
.It Fl k
-Disables forwarding of Kerberos tickets and AFS tokens.
+Disables forwarding of Kerberos tickets.
This may also be specified on a per-host basis in the configuration file.
.It Fl l Ar login_name
Specifies the user to log in as on the remote machine.
Quiet mode.
Causes all warning and diagnostic messages to be suppressed.
.It Fl s
-May be used to request invocation of a subsystem on the remote system. Subsystems are a feature of the SSH2 protocol which facilitate the use
-of SSH as a secure transport for other applications (eg. sftp). The
-subsystem is specified as the remote command.
+May be used to request invocation of a subsystem on the remote system.
+Subsystems are a feature of the SSH2 protocol which facilitate the use
+of SSH as a secure transport for other applications (eg. sftp).
+The subsystem is specified as the remote command.
.It Fl t
Force pseudo-tty allocation.
This can be used to execute arbitrary
debugging connection, authentication, and configuration problems.
Multiple
.Fl v
-options increases the verbosity.
-Maximum is 3.
+options increase the verbosity.
+The maximum is 3.
+.It Fl V
+Display the version number and exit.
.It Fl x
Disables X11 forwarding.
.It Fl X
Enables X11 forwarding.
This can also be specified on a per-host basis in a configuration file.
.Pp
-X11 forwarding should be enabled with caution. Users with the ability
-to bypass file permissions on the remote host (for the user's X
-authorization database) can access the local X11 display through the
-forwarded connection. An attacker may then be able to perform
-activities such as keystroke monitoring.
+X11 forwarding should be enabled with caution.
+Users with the ability to bypass file permissions on the remote host
+(for the user's X authorization database)
+can access the local X11 display through the forwarded connection.
+An attacker may then be able to perform activities such as keystroke monitoring.
.It Fl C
Requests compression of all data (including stdin, stdout, stderr, and
data for forwarded X11 and TCP/IP connections).
on the local side, and whenever a connection is made to this port, the
connection is forwarded over the secure channel, and the application
protocol is then used to determine where to connect to from the
-remote machine. Currently the SOCKS4 protocol is supported, and
+remote machine.
+Currently the SOCKS4 and SOCKS5 protocols are supported, and
.Nm
-will act as a SOCKS4 server.
+will act as a SOCKS server.
Only root can forward privileged ports.
Dynamic port forwardings can also be specified in the configuration file.
.It Fl 1
.Xr rsh 1 .
.It Pa /etc/hosts.equiv
This file is used during
-.Pa \&.rhosts authentication.
+.Pa \&.rhosts
+authentication.
It contains
canonical hosts names, one per line (the full format is described on
the
.Nm
exits with the exit status of the remote command or with 255
if an error occurred.
-.Sh AUTHORS
-OpenSSH is a derivative of the original and free
-ssh 1.2.12 release by Tatu Ylonen.
-Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
-Theo de Raadt and Dug Song
-removed many bugs, re-added newer features and
-created OpenSSH.
-Markus Friedl contributed the support for SSH
-protocol versions 1.5 and 2.0.
.Sh SEE ALSO
.Xr rsh 1 ,
.Xr scp 1 ,
.%D January 2002
.%O work in progress material
.Re
+.Sh AUTHORS
+OpenSSH is a derivative of the original and free
+ssh 1.2.12 release by Tatu Ylonen.
+Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
+Theo de Raadt and Dug Song
+removed many bugs, re-added newer features and
+created OpenSSH.
+Markus Friedl contributed the support for SSH
+protocol versions 1.5 and 2.0.
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.186 2002/09/19 01:58:18 djm Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.201 2003/09/01 18:15:50 markus Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
char *__progname;
#endif
-/* Flag indicating whether IPv4 or IPv6. This can be set on the command line.
- Default value is AF_UNSPEC means both IPv4 and IPv6. */
-#ifdef IPV4_DEFAULT
-int IPv4or6 = AF_INET;
-#else
-int IPv4or6 = AF_UNSPEC;
-#endif
-
/* Flag indicating whether debug mode is on. This can be set on the command line. */
int debug_flag = 0;
_PATH_SSH_USER_CONFFILE);
fprintf(stderr, " -A Enable authentication agent forwarding.\n");
fprintf(stderr, " -a Disable authentication agent forwarding (default).\n");
-#ifdef AFS
- fprintf(stderr, " -k Disable Kerberos ticket and AFS token forwarding.\n");
-#endif /* AFS */
fprintf(stderr, " -X Enable X11 connection forwarding.\n");
fprintf(stderr, " -x Disable X11 connection forwarding (default).\n");
fprintf(stderr, " -i file Identity for public key authentication "
extern int optind, optreset;
extern char *optarg;
- __progname = get_progname(av[0]);
+ __progname = ssh_get_progname(av[0]);
init_rng();
/*
/* Get user data. */
pw = getpwuid(original_real_uid);
if (!pw) {
- log("You don't exist, go away!");
+ logit("You don't exist, go away!");
exit(1);
}
/* Take a copy of the returned structure. */
options.protocol = SSH_PROTO_2;
break;
case '4':
- IPv4or6 = AF_INET;
+ options.address_family = AF_INET;
break;
case '6':
- IPv4or6 = AF_INET6;
+ options.address_family = AF_INET6;
break;
case 'n':
stdin_null_flag = 1;
case 'A':
options.forward_agent = 1;
break;
-#ifdef AFS
case 'k':
- options.kerberos_tgt_passing = 0;
- options.afs_token_passing = 0;
+ /* ignored for backward compatibility */
break;
-#endif
case 'i':
if (stat(optarg, &st) < 0) {
fprintf(stderr, "Warning: Identity file %s "
tty_flag = 1;
break;
case 'v':
- if (0 == debug_flag) {
+ if (debug_flag == 0) {
debug_flag = 1;
options.log_level = SYSLOG_LEVEL_DEBUG1;
- } else if (options.log_level < SYSLOG_LEVEL_DEBUG3) {
- options.log_level++;
+ } else {
+ if (options.log_level < SYSLOG_LEVEL_DEBUG3)
+ options.log_level++;
break;
- } else
- fatal("Too high debugging level.");
+ }
/* fallthrough */
case 'V':
fprintf(stderr,
- "%s, SSH protocols %d.%d/%d.%d, OpenSSL 0x%8.8lx\n",
+ "%s, SSH protocols %d.%d/%d.%d, %s\n",
SSH_VERSION,
PROTOCOL_MAJOR_1, PROTOCOL_MINOR_1,
PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2,
- SSLeay());
+ SSLeay_version(SSLEAY_VERSION));
if (opt == 'V')
exit(0);
break;
case 'L':
case 'R':
- if (sscanf(optarg, "%5[0-9]:%255[^:]:%5[0-9]",
+ if (sscanf(optarg, "%5[0123456789]:%255[^:]:%5[0123456789]",
sfwd_port, buf, sfwd_host_port) != 3 &&
- sscanf(optarg, "%5[0-9]/%255[^/]/%5[0-9]",
+ sscanf(optarg, "%5[0123456789]/%255[^/]/%5[0123456789]",
sfwd_port, buf, sfwd_host_port) != 3) {
fprintf(stderr,
"Bad forwarding specification '%s'\n",
optarg);
exit(1);
}
- add_local_forward(&options, fwd_port, "socks4", 0);
+ add_local_forward(&options, fwd_port, "socks", 0);
break;
case 'C':
av += optind;
if (ac > 0 && !host && **av != '-') {
- if (strchr(*av, '@')) {
+ if (strrchr(*av, '@')) {
p = xstrdup(*av);
- cp = strchr(p, '@');
+ cp = strrchr(p, '@');
if (cp == NULL || cp == p)
usage();
options.user = p;
host = ++cp;
} else
host = *av;
- ac--, av++;
- if (ac > 0) {
- optind = 0;
- optreset = 1;
+ if (ac > 1) {
+ optind = optreset = 1;
goto again;
}
+ ac--, av++;
}
/* Check that we got a host name. */
SSLeay_add_all_algorithms();
ERR_load_crypto_strings();
- channel_set_af(IPv4or6);
/* Initialize the command to execute on remote host. */
buffer_init(&command);
/* Do not allocate a tty if stdin is not a tty. */
if (!isatty(fileno(stdin)) && !force_tty_flag) {
if (tty_flag)
- log("Pseudo-terminal will not be allocated because stdin is not a terminal.");
+ logit("Pseudo-terminal will not be allocated because stdin is not a terminal.");
tty_flag = 0;
}
_PATH_SSH_USER_CONFFILE);
(void)read_config_file(buf, host, &options);
#endif
-#if defined(KRB4) || defined(KRB5)
+#if defined(KRB5)
snprintf(buf, sizeof buf, "%.100s/%.100s.krb", pw->pw_dir,
_PATH_SSH_USER_CONFFILE);
(void)read_config_file(buf, host, &options);
#endif
-#ifdef AFS
- snprintf(buf, sizeof buf, "%.100s/%.100s.afs", pw->pw_dir,
- _PATH_SSH_USER_CONFFILE);
- (void)read_config_file(buf, host, &options);
-#endif
#endif
snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir,
_PATH_SSH_USER_CONFFILE);
/* Fill configuration defaults. */
fill_default_options(&options);
+ channel_set_af(options.address_family);
+
/* reinit */
log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 1);
seed_rng();
- if (options.user == NULL) {
- options.user = xstrdup(pw->pw_name);
- options.implicit = 1;
- }
+ if (options.user == NULL) {
+ options.user = xstrdup(pw->pw_name);
+ options.implicit = 1;
+ }
else options.implicit = 0;
if (options.hostname != NULL)
host = options.hostname;
- /* Disable rhosts authentication if not running as root. */
-#ifdef HAVE_CYGWIN
- /* Ignore uid if running under Windows */
- if (!options.use_privileged_port) {
-#else
- if (original_effective_uid != 0 || !options.use_privileged_port) {
-#endif
- debug("Rhosts Authentication disabled, "
- "originating port will not be trusted.");
- options.rhosts_authentication = 0;
+ /* force lowercase for hostkey matching */
+ if (options.host_key_alias != NULL) {
+ for (p = options.host_key_alias; *p; p++)
+ if (isupper(*p))
+ *p = tolower(*p);
}
- /* Open a connection to the remote host. */
- if (ssh_connect(host, &hostaddr, options.port, IPv4or6,
- options.connection_attempts,
+ if (options.proxy_command != NULL &&
+ strcmp(options.proxy_command, "none") == 0)
+ options.proxy_command = NULL;
+
+ /* Open a connection to the remote host. */
+ if (ssh_connect(host, &hostaddr, options.port,
+ options.address_family, options.connection_attempts,
#ifdef HAVE_CYGWIN
options.use_privileged_port,
#else
if (!got_data) {
u_int32_t rand = 0;
- log("Warning: No xauth data; using fake authentication data for X11 forwarding.");
+ logit("Warning: No xauth data; using fake authentication data for X11 forwarding.");
strlcpy(proto, "MIT-MAGIC-COOKIE-1", sizeof proto);
for (i = 0; i < 16; i++) {
if (i % 4 == 0)
if (type == SSH_SMSG_SUCCESS)
packet_start_compression(options.compression_level);
else if (type == SSH_SMSG_FAILURE)
- log("Warning: Remote host refused compression.");
+ logit("Warning: Remote host refused compression.");
else
packet_disconnect("Protocol error waiting for compression response.");
}
interactive = 1;
have_tty = 1;
} else if (type == SSH_SMSG_FAILURE)
- log("Warning: Remote host failed or refused to allocate a pseudo tty.");
+ logit("Warning: Remote host failed or refused to allocate a pseudo tty.");
else
packet_disconnect("Protocol error waiting for pty request response.");
}
if (type == SSH_SMSG_SUCCESS) {
interactive = 1;
} else if (type == SSH_SMSG_FAILURE) {
- log("Warning: Remote host denied X11 forwarding.");
+ logit("Warning: Remote host denied X11 forwarding.");
} else {
packet_disconnect("Protocol error waiting for X11 forwarding");
}
type = packet_read();
packet_check_eom();
if (type != SSH_SMSG_SUCCESS)
- log("Warning: Remote host denied authentication agent forwarding.");
+ logit("Warning: Remote host denied authentication agent forwarding.");
}
/* Initiate port forwardings. */
options.remote_forwards[i].host,
options.remote_forwards[i].host_port);
if (type == SSH2_MSG_REQUEST_FAILURE)
- log("Warning: remote port forwarding failed for listen port %d",
+ logit("Warning: remote port forwarding failed for listen port %d",
options.remote_forwards[i].port);
}
int interactive = 0;
struct termios tio;
- debug("ssh_session2_setup: id %d", id);
+ debug2("ssh_session2_setup: id %d", id);
if (tty_flag) {
struct winsize ws;
c = channel_new(
"session", SSH_CHANNEL_OPENING, in, out, err,
window, packetmax, CHAN_EXTENDED_WRITE,
- xstrdup("client-session"), /*nonblock*/0);
+ "client-session", /*nonblock*/0);
debug3("ssh_session2_open: channel_new: %d", c->self);
sizeof(Key *) * (SSH_MAX_IDENTITY_FILES - 1));
options.num_identity_files++;
options.identity_keys[0] = keys[i];
- options.identity_files[0] = xstrdup("smartcard key");;
+ options.identity_files[0] = sc_get_key_label(keys[i]);
}
if (options.num_identity_files > SSH_MAX_IDENTITY_FILES)
options.num_identity_files = SSH_MAX_IDENTITY_FILES;
#define SSH_MSG_CHANNEL_INPUT_EOF SSH_MSG_CHANNEL_CLOSE
#define SSH_MSG_CHANNEL_OUTPUT_CLOSE SSH_MSG_CHANNEL_CLOSE_CONFIRMATION
-/* GSS-API authentication */
-#define SSH_CMSG_AUTH_GSSAPI 88 /* int, strings... */
-#define SSH_SMSG_AUTH_GSSAPI_RESPONSE 89 /* string */
-#define SSH_MSG_AUTH_GSSAPI_TOKEN 90 /* string */
-#define SSH_SMSG_AUTH_GSSAPI_HASH 91 /* string */
-#define SSH_MSG_AUTH_GSSAPI_ABORT 92 /* */
-
/*
* Authentication methods. New types can be added, but old types should not
* be removed for compatibility. The maximum allowed value is 31.
/* 8 to 15 are reserved */
#define SSH_PASS_AFS_TOKEN 21
-#define SSH_AUTH_GSSAPI 24
-
/* Protocol flags. These are bit masks. */
#define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes screen */
#define SSH_PROTOFLAG_HOST_IN_FWD_OPEN 2 /* forwarding opens contain host */
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.5 2002/08/29 22:54:10 stevesk Exp $
+.\" $OpenBSD: ssh_config.5,v 1.20 2003/09/02 18:50:06 jmc Exp $
.Dd September 25, 1999
.Dt SSH_CONFIG 5
.Os
Kerberos configuration file
.Pq Pa $HOME/.ssh/config.krb
.It
-AFS configuration file
-.Pq Pa $HOME/.ssh/config.afs
-.It
system-wide configuration file
.Pq Pa /etc/ssh/ssh_config
.El
given after the keyword.
.Ql \&*
and
-.Ql ?
+.Ql \&?
can be used as wildcards in the
patterns.
A single
.Ar hostname
argument given on the command line (i.e., the name is not converted to
a canonicalized host name before matching).
-.It Cm AFSTokenPassing
-Specifies whether to pass AFS tokens to remote host.
-The argument to this keyword must be
-.Dq yes
-or
-.Dq no .
-This option applies to protocol version 1 only.
+.It Cm AddressFamily
+Specifies which address family to use when connecting.
+Valid arguments are
+.Dq any ,
+.Dq inet
+(Use IPv4 only) or
+.Dq inet6
+(Use IPv6 only.)
.It Cm BatchMode
If set to
.Dq yes ,
client for interoperability with legacy protocol 1 implementations
that do not support the
.Ar 3des
-cipher. Its use is strongly discouraged due to cryptographic
-weaknesses.
+cipher.
+Its use is strongly discouraged due to cryptographic weaknesses.
The default is
.Dq 3des .
.It Cm Ciphers
.It Cm ClearAllForwardings
Specifies that all local, remote and dynamic port forwardings
specified in the configuration files or on the command line be
-cleared. This option is primarily useful when used from the
+cleared.
+This option is primarily useful when used from the
.Nm ssh
command line to clear port forwardings set in
configuration files, and is automatically set by
The argument must be an integer.
This may be useful in scripts if the connection sometimes fails.
The default is 1.
+.It Cm ConnectTimeout
+Specifies the timeout (in seconds) used when connecting to the ssh
+server, instead of using the default system TCP timeout.
+This value is used only when the target is down or really unreachable,
+not when it refuses the connection.
.It Cm DynamicForward
Specifies that a TCP/IP port on the local machine be forwarded
over the secure channel, and the application
protocol is then used to determine where to connect to from the
-remote machine. The argument must be a port number.
-Currently the SOCKS4 protocol is supported, and
+remote machine.
+The argument must be a port number.
+Currently the SOCKS4 and SOCKS5 protocols are supported, and
.Nm ssh
-will act as a SOCKS4 server.
+will act as a SOCKS server.
Multiple forwardings may be specified, and
-additional forwardings can be given on the command line. Only
-the superuser can forward privileged ports.
+additional forwardings can be given on the command line.
+Only the superuser can forward privileged ports.
+.It Cm EnableSSHKeysign
+Setting this option to
+.Dq yes
+in the global client configuration file
+.Pa /etc/ssh/ssh_config
+enables the use of the helper program
+.Xr ssh-keysign 8
+during
+.Cm HostbasedAuthentication .
+The argument must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq no .
+See
+.Xr ssh-keysign 8
+for more information.
.It Cm EscapeChar
Sets the escape character (default:
.Ql ~ ) .
The default is
.Dq no .
.Pp
-Agent forwarding should be enabled with caution. Users with the
-ability to bypass file permissions on the remote host (for the agent's
-Unix-domain socket) can access the local agent through the forwarded
-connection. An attacker cannot obtain key material from the agent,
+Agent forwarding should be enabled with caution.
+Users with the ability to bypass file permissions on the remote host
+(for the agent's Unix-domain socket)
+can access the local agent through the forwarded connection.
+An attacker cannot obtain key material from the agent,
however they can perform operations on the keys that enable them to
authenticate using the identities loaded into the agent.
.It Cm ForwardX11
The default is
.Dq no .
.Pp
-X11 forwarding should be enabled with caution. Users with the ability
-to bypass file permissions on the remote host (for the user's X
-authorization database) can access the local X11 display through the
-forwarded connection. An attacker may then be able to perform
-activities such as keystroke monitoring.
+X11 forwarding should be enabled with caution.
+Users with the ability to bypass file permissions on the remote host
+(for the user's X authorization database)
+can access the local X11 display through the forwarded connection.
+An attacker may then be able to perform activities such as keystroke monitoring.
.It Cm GatewayPorts
Specifies whether remote hosts are allowed to connect to local
forwarded ports.
By default,
.Nm ssh
-binds local port forwardings to the loopback address. This
-prevents other remote hosts from connecting to forwarded ports.
+binds local port forwardings to the loopback address.
+This prevents other remote hosts from connecting to forwarded ports.
.Cm GatewayPorts
can be used to specify that
.Nm ssh
Specifies a file to use for the global
host key database instead of
.Pa /etc/ssh/ssh_known_hosts .
-.It Cm GssapiAuthentication
+.It Cm GSSAPIAuthentication
Specifies whether authentication based on GSSAPI may be used, either using
the result of a successful key exchange, or using GSSAPI user
authentication.
The default is
.Dq yes .
-.It Cm GssapiKeyExchange
+Note that this option applies to protocol version 2 only.
+.It Cm GSSAPIKeyExchange
Specifies whether key exchange based on GSSAPI may be used. When using
GSSAPI key exchange the server need not have a host key.
The default is
.Dq yes .
-.It Cm GssapiDelegateCredentials
-Specifies whether GSSAPI credentials will be delegated (forwarded) to
-the server.
+Note that this option applies to protocol version 2 only.
+.It Cm GSSAPIDelegateCredentials
+Forward (delegate) credentials to the server.
The default is
.Dq yes .
+Note that this option applies to protocol version 2 only.
.It Cm HostbasedAuthentication
Specifies whether to try rhosts based authentication with public key
authentication.
specifications).
.It Cm IdentityFile
Specifies a file from which the user's RSA or DSA authentication identity
-is read. The default is
+is read.
+The default is
.Pa $HOME/.ssh/identity
for protocol version 1, and
.Pa $HOME/.ssh/id_rsa
.Pp
To disable keepalives, the value should be set to
.Dq no .
-.It Cm KerberosAuthentication
-Specifies whether Kerberos authentication will be used.
-The argument to this keyword must be
-.Dq yes
-or
-.Dq no .
-.It Cm KerberosTgtPassing
-Specifies whether a Kerberos TGT will be forwarded to the server.
-This will only work if the Kerberos server is actually an AFS kaserver.
-The argument to this keyword must be
-.Dq yes
-or
-.Dq no .
.It Cm LocalForward
Specifies that a TCP/IP port on the local machine be forwarded over
the secure channel to the specified host and port from the remote machine.
.Nm ssh .
The possible values are:
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
-The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2
-and DEBUG3 each specify higher levels of verbose output.
+The default is INFO.
+DEBUG and DEBUG1 are equivalent.
+DEBUG2 and DEBUG3 each specify higher levels of verbose output.
.It Cm MACs
Specifies the MAC (message authentication code) algorithms
in order of preference.
Default is 22.
.It Cm PreferredAuthentications
Specifies the order in which the client should try protocol 2
-authentication methods. This allows a client to prefer one method (e.g.
+authentication methods.
+This allows a client to prefer one method (e.g.
.Cm keyboard-interactive )
over another method (e.g.
.Cm password )
Host key management will be done using the
HostName of the host being connected (defaulting to the name typed by
the user).
+Setting the command to
+.Dq none
+disables this option entirely.
Note that
.Cm CheckHostIP
is not available for connects with a proxy command.
Multiple forwardings may be specified, and additional
forwardings can be given on the command line.
Only the superuser can forward privileged ports.
-.It Cm RhostsAuthentication
-Specifies whether to try rhosts based authentication.
-Note that this
-declaration only affects the client side and has no effect whatsoever
-on security.
-Most servers do not permit RhostsAuthentication because it
-is not secure (see
-.Cm RhostsRSAAuthentication ) .
-The argument to this keyword must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
-This option applies to protocol version 1 only and requires
-.Nm ssh
-to be setuid root and
-.Cm UsePrivilegedPort
-to be set to
-.Dq yes .
.It Cm RhostsRSAAuthentication
Specifies whether to try rhosts based authentication with RSA host
authentication.
.Dq yes .
Note that this option applies to protocol version 1 only.
.It Cm SmartcardDevice
-Specifies which smartcard device to use. The argument to this keyword is
-the device
+Specifies which smartcard device to use.
+The argument to this keyword is the device
.Nm ssh
should use to communicate with a smartcard used for storing the user's
-private RSA key. By default, no device is specified and smartcard support
-is not activated.
+private RSA key.
+By default, no device is specified and smartcard support is not activated.
.It Cm StrictHostKeyChecking
If this flag is set to
.Dq yes ,
must be setuid root.
Note that this option must be set to
.Dq yes
-if
-.Cm RhostsAuthentication
-and
+for
.Cm RhostsRSAAuthentication
-authentications are needed with older servers.
+with older servers.
.It Cm User
Specifies the user to log in as.
This can be useful when a different user name is used on different machines.
Specifies a file to use for the user
host key database instead of
.Pa $HOME/.ssh/known_hosts .
+.It Cm VerifyHostKeyDNS
+Specifies whether to verify the remote key using DNS and SSHFP resource
+records.
+The default is
+.Dq no .
+Note that this option applies to protocol version 2 only.
.It Cm XAuthLocation
Specifies the full pathname of the
.Xr xauth 1
for those users who do not have a configuration file.
This file must be world-readable.
.El
+.Sh SEE ALSO
+.Xr ssh 1
.Sh AUTHORS
OpenSSH is a derivative of the original and free
ssh 1.2.12 release by Tatu Ylonen.
created OpenSSH.
Markus Friedl contributed the support for SSH
protocol versions 1.5 and 2.0.
-.Sh SEE ALSO
-.Xr ssh 1
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.52 2002/08/08 13:50:23 aaron Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.56 2003/08/28 12:54:34 markus Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
-#ifdef KRB4
-#include <krb.h>
-#endif
-#ifdef KRB5
-#include <krb5.h>
-#ifndef HEIMDAL
-#define krb5_get_err_text(context,code) error_message(code)
-#endif /* !HEIMDAL */
-#endif
-#ifdef AFS
-#include <kafs.h>
-#include "radix.h"
-#endif
-
#include "ssh.h"
#include "ssh1.h"
#include "xmalloc.h"
#include "canohost.h"
#include "auth.h"
-#ifdef GSSAPI
-#include "ssh-gss.h"
-#include "bufaux.h"
-
-/*
- * MD5 hash of host and session keys for verification. This is filled
- * in in ssh_login() and then checked in try_gssapi_authentication().
- */
-unsigned char ssh_key_digest[16];
-#endif /* GSSAPI */
-
/* Session id for the current session. */
u_char session_id[16];
u_int supported_authentications = 0;
* although it advertised it supports this. Just
* return a wrong value.
*/
- log("Authentication agent failed to decrypt challenge.");
+ logit("Authentication agent failed to decrypt challenge.");
memset(response, 0, sizeof(response));
}
key_free(key);
return 0;
}
-#ifdef KRB4
-static int
-try_krb4_authentication(void)
-{
- KTEXT_ST auth; /* Kerberos data */
- char *reply;
- char inst[INST_SZ];
- char *realm;
- CREDENTIALS cred;
- int r, type;
- socklen_t slen;
- Key_schedule schedule;
- u_long checksum, cksum;
- MSG_DAT msg_data;
- struct sockaddr_in local, foreign;
- struct stat st;
-
- /* Don't do anything if we don't have any tickets. */
- if (stat(tkt_string(), &st) < 0)
- return 0;
-
- strlcpy(inst, (char *)krb_get_phost(get_canonical_hostname(1)),
- INST_SZ);
-
- realm = (char *)krb_realmofhost(get_canonical_hostname(1));
- if (!realm) {
- debug("Kerberos v4: no realm for %s", get_canonical_hostname(1));
- return 0;
- }
- /* This can really be anything. */
- checksum = (u_long)getpid();
-
- r = krb_mk_req(&auth, KRB4_SERVICE_NAME, inst, realm, checksum);
- if (r != KSUCCESS) {
- debug("Kerberos v4 krb_mk_req failed: %s", krb_err_txt[r]);
- return 0;
- }
- /* Get session key to decrypt the server's reply with. */
- r = krb_get_cred(KRB4_SERVICE_NAME, inst, realm, &cred);
- if (r != KSUCCESS) {
- debug("get_cred failed: %s", krb_err_txt[r]);
- return 0;
- }
- des_key_sched((des_cblock *) cred.session, schedule);
-
- /* Send authentication info to server. */
- packet_start(SSH_CMSG_AUTH_KERBEROS);
- packet_put_string((char *) auth.dat, auth.length);
- packet_send();
- packet_write_wait();
-
- /* Zero the buffer. */
- (void) memset(auth.dat, 0, MAX_KTXT_LEN);
-
- slen = sizeof(local);
- memset(&local, 0, sizeof(local));
- if (getsockname(packet_get_connection_in(),
- (struct sockaddr *)&local, &slen) < 0)
- debug("getsockname failed: %s", strerror(errno));
-
- slen = sizeof(foreign);
- memset(&foreign, 0, sizeof(foreign));
- if (getpeername(packet_get_connection_in(),
- (struct sockaddr *)&foreign, &slen) < 0) {
- debug("getpeername failed: %s", strerror(errno));
- fatal_cleanup();
- }
- /* Get server reply. */
- type = packet_read();
- switch (type) {
- case SSH_SMSG_FAILURE:
- /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */
- debug("Kerberos v4 authentication failed.");
- return 0;
- break;
-
- case SSH_SMSG_AUTH_KERBEROS_RESPONSE:
- /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */
- debug("Kerberos v4 authentication accepted.");
-
- /* Get server's response. */
- reply = packet_get_string((u_int *) &auth.length);
- if (auth.length >= MAX_KTXT_LEN)
- fatal("Kerberos v4: Malformed response from server");
- memcpy(auth.dat, reply, auth.length);
- xfree(reply);
-
- packet_check_eom();
-
- /*
- * If his response isn't properly encrypted with the session
- * key, and the decrypted checksum fails to match, he's
- * bogus. Bail out.
- */
- r = krb_rd_priv(auth.dat, auth.length, schedule, &cred.session,
- &foreign, &local, &msg_data);
- if (r != KSUCCESS) {
- debug("Kerberos v4 krb_rd_priv failed: %s",
- krb_err_txt[r]);
- packet_disconnect("Kerberos v4 challenge failed!");
- }
- /* Fetch the (incremented) checksum that we supplied in the request. */
- memcpy((char *)&cksum, (char *)msg_data.app_data,
- sizeof(cksum));
- cksum = ntohl(cksum);
-
- /* If it matches, we're golden. */
- if (cksum == checksum + 1) {
- debug("Kerberos v4 challenge successful.");
- return 1;
- } else
- packet_disconnect("Kerberos v4 challenge failed!");
- break;
-
- default:
- packet_disconnect("Protocol error on Kerberos v4 response: %d", type);
- }
- return 0;
-}
-
-#endif /* KRB4 */
-
-#ifdef KRB5
-static int
-try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context)
-{
- krb5_error_code problem;
- const char *tkfile;
- struct stat buf;
- krb5_ccache ccache = NULL;
- const char *remotehost;
- krb5_data ap;
- int type;
- krb5_ap_rep_enc_part *reply = NULL;
- int ret;
-
- memset(&ap, 0, sizeof(ap));
-
- problem = krb5_init_context(context);
- if (problem) {
- debug("Kerberos v5: krb5_init_context failed");
- ret = 0;
- goto out;
- }
-
- problem = krb5_auth_con_init(*context, auth_context);
- if (problem) {
- debug("Kerberos v5: krb5_auth_con_init failed");
- ret = 0;
- goto out;
- }
-
-#ifndef HEIMDAL
- problem = krb5_auth_con_setflags(*context, *auth_context,
- KRB5_AUTH_CONTEXT_RET_TIME);
- if (problem) {
- debug("Keberos v5: krb5_auth_con_setflags failed");
- ret = 0;
- goto out;
- }
-#endif
-
- tkfile = krb5_cc_default_name(*context);
- if (strncmp(tkfile, "FILE:", 5) == 0)
- tkfile += 5;
-
- if (stat(tkfile, &buf) == 0 && getuid() != buf.st_uid) {
- debug("Kerberos v5: could not get default ccache (permission denied).");
- ret = 0;
- goto out;
- }
-
- problem = krb5_cc_default(*context, &ccache);
- if (problem) {
- debug("Kerberos v5: krb5_cc_default failed: %s",
- krb5_get_err_text(*context, problem));
- ret = 0;
- goto out;
- }
-
- remotehost = get_canonical_hostname(1);
-
- problem = krb5_mk_req(*context, auth_context, AP_OPTS_MUTUAL_REQUIRED,
- "host", remotehost, NULL, ccache, &ap);
- if (problem) {
- debug("Kerberos v5: krb5_mk_req failed: %s",
- krb5_get_err_text(*context, problem));
- ret = 0;
- goto out;
- }
-
- packet_start(SSH_CMSG_AUTH_KERBEROS);
- packet_put_string((char *) ap.data, ap.length);
- packet_send();
- packet_write_wait();
-
- xfree(ap.data);
- ap.length = 0;
-
- type = packet_read();
- switch (type) {
- case SSH_SMSG_FAILURE:
- /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */
- debug("Kerberos v5 authentication failed.");
- ret = 0;
- break;
-
- case SSH_SMSG_AUTH_KERBEROS_RESPONSE:
- /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */
- debug("Kerberos v5 authentication accepted.");
-
- /* Get server's response. */
- ap.data = packet_get_string((unsigned int *) &ap.length);
- packet_check_eom();
- /* XXX je to dobre? */
-
- problem = krb5_rd_rep(*context, *auth_context, &ap, &reply);
- if (problem) {
- ret = 0;
- }
- ret = 1;
- break;
-
- default:
- packet_disconnect("Protocol error on Kerberos v5 response: %d",
- type);
- ret = 0;
- break;
-
- }
-
- out:
- if (ccache != NULL)
- krb5_cc_close(*context, ccache);
- if (reply != NULL)
- krb5_free_ap_rep_enc_part(*context, reply);
- if (ap.length > 0)
-#ifdef HEIMDAL
- krb5_data_free(&ap);
-#else
- krb5_free_data_contents(*context, &ap);
-#endif
-
- return (ret);
-}
-
-static void
-send_krb5_tgt(krb5_context context, krb5_auth_context auth_context)
-{
- int fd, type;
- krb5_error_code problem;
- krb5_data outbuf;
- krb5_ccache ccache = NULL;
- krb5_creds creds;
-#ifdef HEIMDAL
- krb5_kdc_flags flags;
-#else
- int forwardable;
-#endif
- const char *remotehost;
-
- memset(&creds, 0, sizeof(creds));
- memset(&outbuf, 0, sizeof(outbuf));
-
- fd = packet_get_connection_in();
-
-#ifdef HEIMDAL
- problem = krb5_auth_con_setaddrs_from_fd(context, auth_context, &fd);
-#else
- problem = krb5_auth_con_genaddrs(context, auth_context, fd,
- KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR |
- KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR);
-#endif
- if (problem)
- goto out;
-
- problem = krb5_cc_default(context, &ccache);
- if (problem)
- goto out;
-
- problem = krb5_cc_get_principal(context, ccache, &creds.client);
- if (problem)
- goto out;
-
- remotehost = get_canonical_hostname(1);
-
-#ifdef HEIMDAL
- problem = krb5_build_principal(context, &creds.server,
- strlen(creds.client->realm), creds.client->realm,
- "krbtgt", creds.client->realm, NULL);
-#else
- problem = krb5_build_principal(context, &creds.server,
- creds.client->realm.length, creds.client->realm.data,
- "host", remotehost, NULL);
-#endif
- if (problem)
- goto out;
-
- creds.times.endtime = 0;
-
-#ifdef HEIMDAL
- flags.i = 0;
- flags.b.forwarded = 1;
- flags.b.forwardable = krb5_config_get_bool(context, NULL,
- "libdefaults", "forwardable", NULL);
- problem = krb5_get_forwarded_creds(context, auth_context,
- ccache, flags.i, remotehost, &creds, &outbuf);
-#else
- forwardable = 1;
- problem = krb5_fwd_tgt_creds(context, auth_context, remotehost,
- creds.client, creds.server, ccache, forwardable, &outbuf);
-#endif
-
- if (problem)
- goto out;
-
- packet_start(SSH_CMSG_HAVE_KERBEROS_TGT);
- packet_put_string((char *)outbuf.data, outbuf.length);
- packet_send();
- packet_write_wait();
-
- type = packet_read();
-
- if (type == SSH_SMSG_SUCCESS) {
- char *pname;
-
- krb5_unparse_name(context, creds.client, &pname);
- debug("Kerberos v5 TGT forwarded (%s).", pname);
- xfree(pname);
- } else
- debug("Kerberos v5 TGT forwarding failed.");
-
- return;
-
- out:
- if (problem)
- debug("Kerberos v5 TGT forwarding failed: %s",
- krb5_get_err_text(context, problem));
- if (creds.client)
- krb5_free_principal(context, creds.client);
- if (creds.server)
- krb5_free_principal(context, creds.server);
- if (ccache)
- krb5_cc_close(context, ccache);
- if (outbuf.data)
- xfree(outbuf.data);
-}
-#endif /* KRB5 */
-
-#ifdef AFS
-static void
-send_krb4_tgt(void)
-{
- CREDENTIALS *creds;
- struct stat st;
- char buffer[4096], pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
- int problem, type;
-
- /* Don't do anything if we don't have any tickets. */
- if (stat(tkt_string(), &st) < 0)
- return;
-
- creds = xmalloc(sizeof(*creds));
-
- problem = krb_get_tf_fullname(TKT_FILE, pname, pinst, prealm);
- if (problem)
- goto out;
-
- problem = krb_get_cred("krbtgt", prealm, prealm, creds);
- if (problem)
- goto out;
-
- if (time(0) > krb_life_to_time(creds->issue_date, creds->lifetime)) {
- problem = RD_AP_EXP;
- goto out;
- }
- creds_to_radix(creds, (u_char *)buffer, sizeof(buffer));
-
- packet_start(SSH_CMSG_HAVE_KERBEROS_TGT);
- packet_put_cstring(buffer);
- packet_send();
- packet_write_wait();
-
- type = packet_read();
-
- if (type == SSH_SMSG_SUCCESS)
- debug("Kerberos v4 TGT forwarded (%s%s%s@%s).",
- creds->pname, creds->pinst[0] ? "." : "",
- creds->pinst, creds->realm);
- else
- debug("Kerberos v4 TGT rejected.");
-
- xfree(creds);
- return;
-
- out:
- debug("Kerberos v4 TGT passing failed: %s", krb_err_txt[problem]);
- xfree(creds);
-}
-
-static void
-send_afs_tokens(void)
-{
- CREDENTIALS creds;
- struct ViceIoctl parms;
- struct ClearToken ct;
- int i, type, len;
- char buf[2048], *p, *server_cell;
- char buffer[8192];
-
- /* Move over ktc_GetToken, here's something leaner. */
- for (i = 0; i < 100; i++) { /* just in case */
- parms.in = (char *) &i;
- parms.in_size = sizeof(i);
- parms.out = buf;
- parms.out_size = sizeof(buf);
- if (k_pioctl(0, VIOCGETTOK, &parms, 0) != 0)
- break;
- p = buf;
-
- /* Get secret token. */
- memcpy(&creds.ticket_st.length, p, sizeof(u_int));
- if (creds.ticket_st.length > MAX_KTXT_LEN)
- break;
- p += sizeof(u_int);
- memcpy(creds.ticket_st.dat, p, creds.ticket_st.length);
- p += creds.ticket_st.length;
-
- /* Get clear token. */
- memcpy(&len, p, sizeof(len));
- if (len != sizeof(struct ClearToken))
- break;
- p += sizeof(len);
- memcpy(&ct, p, len);
- p += len;
- p += sizeof(len); /* primary flag */
- server_cell = p;
-
- /* Flesh out our credentials. */
- strlcpy(creds.service, "afs", sizeof(creds.service));
- creds.instance[0] = '\0';
- strlcpy(creds.realm, server_cell, REALM_SZ);
- memcpy(creds.session, ct.HandShakeKey, DES_KEY_SZ);
- creds.issue_date = ct.BeginTimestamp;
- creds.lifetime = krb_time_to_life(creds.issue_date,
- ct.EndTimestamp);
- creds.kvno = ct.AuthHandle;
- snprintf(creds.pname, sizeof(creds.pname), "AFS ID %d", ct.ViceId);
- creds.pinst[0] = '\0';
-
- /* Encode token, ship it off. */
- if (creds_to_radix(&creds, (u_char *)buffer,
- sizeof(buffer)) <= 0)
- break;
- packet_start(SSH_CMSG_HAVE_AFS_TOKEN);
- packet_put_cstring(buffer);
- packet_send();
- packet_write_wait();
-
- /* Roger, Roger. Clearance, Clarence. What's your vector,
- Victor? */
- type = packet_read();
-
- if (type == SSH_SMSG_FAILURE)
- debug("AFS token for cell %s rejected.", server_cell);
- else if (type != SSH_SMSG_SUCCESS)
- packet_disconnect("Protocol error on AFS token response: %d", type);
- }
-}
-
-#endif /* AFS */
-
/*
* Tries to authenticate with any string-based challenge/response system.
* Note that the client code is not tied to s/key or TIS.
if (i != 0)
error("Permission denied, please try again.");
if (options.cipher == SSH_CIPHER_NONE)
- log("WARNING: Encryption is disabled! "
+ logit("WARNING: Encryption is disabled! "
"Response will be transmitted in clear text.");
response = read_passphrase(prompt, 0);
if (strcmp(response, "") == 0) {
debug("Doing password authentication.");
if (options.cipher == SSH_CIPHER_NONE)
- log("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
+ logit("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
for (i = 0; i < options.number_of_password_prompts; i++) {
if (i != 0)
error("Permission denied, please try again.");
return 0;
}
-#ifdef GSSAPI
-#ifdef GSI
-char * get_gsi_name()
-{
- OM_uint32 maj_stat;
- OM_uint32 min_stat;
- gss_name_t pname = GSS_C_NO_NAME;
- gss_buffer_desc tmpname;
- gss_buffer_t tmpnamed = &tmpname;
- char *retname;
- gss_OID_set oidset;
- gss_cred_id_t gss_cred = GSS_C_NO_CREDENTIAL;
-
- gss_create_empty_oid_set(&min_stat,&oidset);
- gss_add_oid_set_member(&min_stat,&supported_mechs[GSS_GSI].oid,&oidset);
- maj_stat = gss_acquire_cred(&min_stat,
- GSS_C_NO_NAME,
- GSS_C_INDEFINITE,
- oidset,
- GSS_C_INITIATE,
- &gss_cred,
- NULL,
- NULL);
-
- if (maj_stat != GSS_S_COMPLETE) {
- goto error;
- }
-
- debug("calling gss_inquire_cred");
- maj_stat = gss_inquire_cred(&min_stat,
- gss_cred,
- &pname,
- NULL,
- NULL,
- NULL);
- if (maj_stat != GSS_S_COMPLETE) {
- goto error;
- }
-
- maj_stat = gss_display_name(&min_stat,
- pname,
- tmpnamed,
- NULL);
- if (maj_stat != GSS_S_COMPLETE) {
- goto error;
- }
- debug("gss_display_name finsished");
- retname = (char *)malloc(tmpname.length + 1);
- if (!retname) {
- goto error;
- }
- memcpy(retname, tmpname.value, tmpname.length);
- retname[tmpname.length] = '\0';
-
- gss_release_name(&min_stat, &pname);
- gss_release_buffer(&min_stat, tmpnamed);
-
- return retname;
-
- error:
- debug("Failed to set GSI username from credentials");
- ssh_gssapi_error(&supported_mechs[GSS_GSI].oid, maj_stat, min_stat);
- return NULL;
-}
-#endif /* GSI */
-
-int try_gssapi_authentication(char *host, Options *options)
-{
- char *service_name = NULL;
- gss_buffer_desc name_tok;
- gss_buffer_desc send_tok;
- gss_buffer_desc recv_tok;
- gss_buffer_desc *token_ptr;
- gss_name_t target_name = NULL;
- gss_ctx_id_t gss_context;
- gss_OID_desc mech_oid;
- gss_OID name_type;
- gss_OID_set gss_mechs, my_mechs;
- int my_mech_num, i, present;
- OM_uint32 maj_stat;
- OM_uint32 min_stat;
- int ret_stat = 0; /* 1 == success */
- OM_uint32 req_flags = 0;
- OM_uint32 ret_flags;
- int type;
- char *xhost;
- unsigned int slen;
- Gssctxt *ctx = NULL;
-
- xhost = xstrdup(get_canonical_hostname(1));
- resolve_localhost(&xhost);
-
- /*
- * Default flags
- */
- req_flags |= GSS_C_REPLAY_FLAG;
-
- /* Do mutual authentication */
- req_flags |= GSS_C_MUTUAL_FLAG;
-
- service_name = (char *) xmalloc(strlen("host") +
- strlen(xhost) +
- 2 /* 1 for '@', 1 for NUL */);
-
- sprintf(service_name, "host@%s", xhost);
-
- xfree(xhost);
- xhost = NULL;
-
- name_type = GSS_C_NT_HOSTBASED_SERVICE;
-
- debug("Service name is %s", service_name);
-
- /* Forward credentials? */
-
-#ifdef GSSAPI
- if(options->gss_deleg_creds) {
- debug("Delegating GSSAPI credentials");
- req_flags |= GSS_C_DELEG_FLAG;
- }
-#endif /* GSSAPI */
-
- debug("req_flags = %u", (unsigned int)req_flags);
-
- name_tok.value = service_name;
- name_tok.length = strlen(service_name) + 1;
- maj_stat = gss_import_name(&min_stat, &name_tok,
- name_type, &target_name);
-
- free(service_name);
- service_name = NULL;
-
- if (maj_stat != GSS_S_COMPLETE) {
- ssh_gssapi_error(GSS_C_NO_OID, maj_stat, min_stat);
- goto cleanup;
- }
-
- maj_stat = gss_indicate_mechs(&min_stat, &gss_mechs);
-
- if (maj_stat != GSS_S_COMPLETE) {
- ssh_gssapi_error(GSS_C_NO_OID, maj_stat, min_stat);
- goto cleanup;
- }
-
- /* The GSSAPI supports the mechs in gss_mechs, but which ones do
- we have credentials for? We only get one try, so we don't want
- to propose a mechanism we know is going to fail. */
- maj_stat = gss_create_empty_oid_set(&min_stat, &my_mechs);
- for (i=0; supported_mechs[i].name != NULL; i++) {
- maj_stat = gss_test_oid_set_member(&min_stat, &supported_mechs[i].oid,
- gss_mechs, &present);
- if (present) {
- if (!GSS_ERROR(ssh_gssapi_client_ctx(&ctx, &supported_mechs[i].oid,
- host))) {
- maj_stat = gss_add_oid_set_member(&min_stat,
- &supported_mechs[i].oid,
- &my_mechs);
- debug("GSSAPI mechanism %s supported", supported_mechs[i].name);
- } else {
- debug("no credentials for GSSAPI mechanism %s",
- supported_mechs[i].name);
- }
- } else {
- debug("GSSAPI mechanism %s not supported", supported_mechs[i].name);
- }
- }
-
- /*
- * Send over a packet to the daemon, letting it know we're doing
- * GSSAPI and our mech_oid(s).
- */
- debug("Sending mech oid(s) to server");
- packet_start(SSH_CMSG_AUTH_GSSAPI);
- packet_put_int(my_mechs->count); /* Number of mechs we're sending */
-#ifdef GSI
- /* Send GSI before Kerberos, because if GSI fails, we can always fall
- back and try regular Kerberos authentication with our Kerberos cred. */
- maj_stat = gss_test_oid_set_member(&min_stat, &supported_mechs[GSS_GSI].oid,
- my_mechs, &present);
- if (present) {
- packet_put_string(supported_mechs[GSS_GSI].oid.elements,
- supported_mechs[GSS_GSI].oid.length);
- }
-#endif
- for (my_mech_num = 0; my_mech_num < my_mechs->count; my_mech_num++) {
-#ifdef GSI
- /* Skip GSI. We already sent it above. */
- if ((my_mechs->elements[my_mech_num].length ==
- supported_mechs[GSS_GSI].oid.length) &&
- memcmp(my_mechs->elements[my_mech_num].elements,
- supported_mechs[GSS_GSI].oid.elements,
- my_mechs->elements[my_mech_num].length) == 0) {
- continue;
- }
-#endif
- packet_put_string(my_mechs->elements[my_mech_num].elements,
- my_mechs->elements[my_mech_num].length);
- }
- packet_send();
- packet_write_wait();
-
- /*
- * Get reply from the daemon to see if our mech was acceptable
- */
- type = packet_read();
-
- switch (type) {
- case SSH_SMSG_AUTH_GSSAPI_RESPONSE:
- debug("Server accepted mechanism");
- /* Successful negotiation */
- break;
-
- case SSH_MSG_AUTH_GSSAPI_ABORT:
- debug("Unable to negotiate GSSAPI mechanism type with server");
- packet_get_all();
- goto cleanup;
-
- default:
- packet_disconnect("Protocol error during GSSAPI authentication:"
- " packet type %d received",
- type);
- /* Does not return */
- }
-
- /* Read the mechanism the server returned */
- mech_oid.elements = packet_get_string(&slen);
- mech_oid.length = slen; /* safe typecast */
- packet_get_all();
-
- /*
- * Perform the context-establishement loop.
- *
- * On each pass through the loop, token_ptr points to the token
- * to send to the server (or GSS_C_NO_BUFFER on the first pass).
- * Every generated token is stored in send_tok which is then
- * transmitted to the server; every received token is stored in
- * recv_tok, which token_ptr is then set to, to be processed by
- * the next call to gss_init_sec_context.
- *
- * GSS-API guarantees that send_tok's length will be non-zero
- * if and only if the server is expecting another token from us,
- * and that gss_init_sec_context returns GSS_S_CONTINUE_NEEDED if
- * and only if the server has another token to send us.
- */
-
- token_ptr = GSS_C_NO_BUFFER;
- gss_context = GSS_C_NO_CONTEXT;
-
- do {
- maj_stat =
- gss_init_sec_context(&min_stat,
- GSS_C_NO_CREDENTIAL,
- &gss_context,
- target_name,
- &mech_oid,
- req_flags,
- 0,
- NULL, /* no channel bindings */
- token_ptr,
- NULL, /* ignore mech type */
- &send_tok,
- &ret_flags,
- NULL); /* ignore time_rec */
-
- if (token_ptr != GSS_C_NO_BUFFER)
- (void) gss_release_buffer(&min_stat, &recv_tok);
-
- if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED) {
- ssh_gssapi_error(&mech_oid, maj_stat, min_stat);
-
- /* Send an abort message */
- packet_start(SSH_MSG_AUTH_GSSAPI_ABORT);
- packet_send();
- packet_write_wait();
-
- goto cleanup;
- }
-
- if (send_tok.length != 0) {
- debug("Sending authenticaton token...");
- packet_start(SSH_MSG_AUTH_GSSAPI_TOKEN);
- packet_put_string((char *) send_tok.value, send_tok.length);
- packet_send();
- packet_write_wait();
-
- (void) gss_release_buffer(&min_stat, &send_tok);
- }
-
- if (maj_stat == GSS_S_CONTINUE_NEEDED) {
-
- debug("Continue needed. Reading response...");
-
- type = packet_read();
-
- switch(type) {
-
- case SSH_MSG_AUTH_GSSAPI_TOKEN:
- /* This is what we expected */
- break;
-
- case SSH_MSG_AUTH_GSSAPI_ABORT:
- debug("Server aborted GSSAPI authentication.");
- packet_get_all();
- goto cleanup;
-
- default:
- packet_disconnect("Protocol error during GSSAPI authentication:"
- " packet type %d received",
- type);
- /* Does not return */
- }
-
- recv_tok.value = packet_get_string(&slen);
- recv_tok.length=slen; /* safe typecast */
- packet_get_all();
- token_ptr = &recv_tok;
- }
- } while (maj_stat == GSS_S_CONTINUE_NEEDED);
-
- /* Success */
- ret_stat = 1;
-
- debug("GSSAPI authentication successful");
-
- /*
- * Read hash of host and server keys and make sure it
- * matches what we got earlier.
- */
- debug("Reading hash of server and host keys...");
- type = packet_read();
-
- if (type == SSH_MSG_AUTH_GSSAPI_ABORT) {
- debug("Server aborted GSSAPI authentication.");
- packet_get_all();
- ret_stat = 0;
- goto cleanup;
-
- } else if (type == SSH_SMSG_AUTH_GSSAPI_HASH) {
- gss_buffer_desc wrapped_buf;
- gss_buffer_desc unwrapped_buf;
- int conf_state;
- gss_qop_t qop_state;
-
-
- wrapped_buf.value = packet_get_string(&slen);
- wrapped_buf.length=slen; /* safe typecast */
- packet_get_all();
-
- maj_stat = gss_unwrap(&min_stat,
- gss_context,
- &wrapped_buf,
- &unwrapped_buf,
- &conf_state,
- &qop_state);
-
- if (maj_stat != GSS_S_COMPLETE) {
- ssh_gssapi_error(&mech_oid, maj_stat, min_stat);
- packet_disconnect("Verification of SSHD keys through GSSAPI-secured channel failed: "
- "Unwrapping of hash failed.");
- }
-
- if (unwrapped_buf.length != sizeof(ssh_key_digest)) {
- packet_disconnect("Verification of SSHD keys through GSSAPI-secured channel failed: "
- "Size of key hashes do not match (%d != %d)!",
- (int)unwrapped_buf.length,
- (int)sizeof(ssh_key_digest));
- }
-
- if (memcmp(ssh_key_digest, unwrapped_buf.value, sizeof(ssh_key_digest)) != 0) {
- packet_disconnect("Verification of SSHD keys through GSSAPI-secured channel failed: "
- "Hashes don't match!");
- }
-
- debug("Verified SSHD keys through GSSAPI-secured channel.");
-
- gss_release_buffer(&min_stat, &unwrapped_buf);
-
- } else {
- packet_disconnect("Protocol error during GSSAPI authentication:"
- "packet type %d received", type);
- /* Does not return */
- }
-
-
- cleanup:
- if (target_name != NULL)
- (void) gss_release_name(&min_stat, &target_name);
-
- return ret_stat;
-}
-
-#endif /* GSSAPI */
-
-
/*
* SSH1 key exchange
*/
rbits = BN_num_bits(server_key->rsa->n);
if (bits != rbits) {
- log("Warning: Server lies about size of server public key: "
+ logit("Warning: Server lies about size of server public key: "
"actual size is %d bits vs. announced %d.", rbits, bits);
- log("Warning: This may be due to an old implementation of ssh.");
+ logit("Warning: This may be due to an old implementation of ssh.");
}
/* Get the host key. */
host_key = key_new(KEY_RSA1);
rbits = BN_num_bits(host_key->rsa->n);
if (bits != rbits) {
- log("Warning: Server lies about size of server host key: "
+ logit("Warning: Server lies about size of server host key: "
"actual size is %d bits vs. announced %d.", rbits, bits);
- log("Warning: This may be due to an old implementation of ssh.");
+ logit("Warning: This may be due to an old implementation of ssh.");
}
-#ifdef GSSAPI
- {
- MD5_CTX md5context;
- Buffer buf;
- unsigned char *data;
- unsigned int data_len;
-
- /*
- * Hash the server and host keys. Later we will check them against
- * a hash sent over a secure channel to make sure they are legit.
- */
- debug("Calculating MD5 hash of server and host keys...");
-
- /* Write all the keys to a temporary buffer */
- buffer_init(&buf);
-
- /* Server key */
- buffer_put_bignum(&buf, server_key->rsa->e);
- buffer_put_bignum(&buf, server_key->rsa->n);
-
- /* Host key */
- buffer_put_bignum(&buf, host_key->rsa->e);
- buffer_put_bignum(&buf, host_key->rsa->n);
-
- /* Get the resulting data */
- data = (unsigned char *) buffer_ptr(&buf);
- data_len = buffer_len(&buf);
-
- /* And hash it */
- MD5_Init(&md5context);
- MD5_Update(&md5context, data, data_len);
- MD5_Final(ssh_key_digest, &md5context);
-
- /* Clean up */
- buffer_clear(&buf);
- buffer_free(&buf);
- }
-#endif /* GSSAPI */
-
/* Get protocol flags. */
server_flags = packet_get_int();
packet_set_protocol_flags(server_flags);
options.cipher = ssh_cipher_default;
} else if (options.cipher == SSH_CIPHER_ILLEGAL ||
!(cipher_mask_ssh1(1) & (1 << options.cipher))) {
- log("No valid SSH1 cipher, using %.100s instead.",
+ logit("No valid SSH1 cipher, using %.100s instead.",
cipher_name(ssh_cipher_default));
options.cipher = ssh_cipher_default;
}
ssh_userauth1(const char *local_user, const char *server_user, char *host,
Sensitive *sensitive)
{
-#ifdef GSSAPI
-#ifdef GSI
- const char *save_server_user = NULL;
-#endif /* GSI */
-#endif /* GSSAPI */
-
-#ifdef KRB5
- krb5_context context = NULL;
- krb5_auth_context auth_context = NULL;
-#endif
int i, type;
if (supported_authentications == 0)
fatal("ssh_userauth1: server supports no auth methods");
-#ifdef GSSAPI
-#ifdef GSI
- /* if no user given, tack on the subject name after the server_user.
- * This will allow us to run gridmap early to get real user
- * This name will start with /C=
- */
- if ((supported_authentications & (1 << SSH_AUTH_GSSAPI)) &&
- options.gss_authentication) {
- char * retname;
- char * newname;
-
-
- save_server_user = server_user;
-
- retname = get_gsi_name();
-
- if (retname) {
- debug("passing gssapi name '%s'", retname);
- if (server_user) {
- newname = (char *) malloc(strlen(retname) + strlen(server_user) + 4);
- if (newname) {
- strcpy(newname, server_user);
- if(options.implicit) {
- strcat(newname,":i:");
- } else {
- strcat(newname,":x:");
- }
- strcat(newname, retname);
- server_user = newname;
- free(retname);
- }
- }
- }
- debug("server_user %s", server_user);
- }
-#endif /* GSI */
-#endif /* GSSAPI */
-
/* Send the name of the user to log in as on the server. */
packet_start(SSH_CMSG_USER);
packet_put_cstring(server_user);
packet_send();
packet_write_wait();
-#if defined(GSI)
- if(save_server_user)
- {
- server_user = save_server_user;
- }
-#endif
/*
* The server should respond with success if no authentication is
* needed (the user has no password). Otherwise the server responds
if (type != SSH_SMSG_FAILURE)
packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER", type);
-#ifdef GSSAPI
- /* Try GSSAPI authentication */
- if ((supported_authentications & (1 << SSH_AUTH_GSSAPI)) &&
- options.gss_authentication)
- {
- char *canonhost;
- debug("Trying GSSAPI authentication...");
- canonhost = xstrdup(get_canonical_hostname(1));
- resolve_localhost(&canonhost);
- try_gssapi_authentication(canonhost, &options);
- xfree(canonhost);
- canonhost=NULL;
-
- /*
- * XXX Hmmm. Kerberos authentication only reads a packet if it thinks
- * the authentication went OK, but the server seems to always send
- * a packet back. So I'm not sure if I'm missing something or
- * the Kerberos code is broken. - vwelch 1/27/99
- */
-
- type = packet_read();
- if (type == SSH_SMSG_SUCCESS)
- return; /* Successful connection. */
- if (type != SSH_SMSG_FAILURE)
- packet_disconnect("Protocol error: got %d in response to Kerberos auth", type);
-
- debug("GSSAPI authentication failed");
- }
-#endif /* GSSAPI */
-
-#ifdef KRB5
- if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) &&
- options.kerberos_authentication) {
- debug("Trying Kerberos v5 authentication.");
-
- if (try_krb5_authentication(&context, &auth_context)) {
- type = packet_read();
- if (type == SSH_SMSG_SUCCESS)
- goto success;
- if (type != SSH_SMSG_FAILURE)
- packet_disconnect("Protocol error: got %d in response to Kerberos v5 auth", type);
- }
- }
-#endif /* KRB5 */
-
-#ifdef KRB4
- if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) &&
- options.kerberos_authentication) {
- debug("Trying Kerberos v4 authentication.");
-
- if (try_krb4_authentication()) {
- type = packet_read();
- if (type == SSH_SMSG_SUCCESS)
- goto success;
- if (type != SSH_SMSG_FAILURE)
- packet_disconnect("Protocol error: got %d in response to Kerberos v4 auth", type);
- }
- }
-#endif /* KRB4 */
-
- /*
- * Use rhosts authentication if running in privileged socket and we
- * do not wish to remain anonymous.
- */
- if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) &&
- options.rhosts_authentication) {
- debug("Trying rhosts authentication.");
- packet_start(SSH_CMSG_AUTH_RHOSTS);
- packet_put_cstring(local_user);
- packet_send();
- packet_write_wait();
-
- /* The server should respond with success or failure. */
- type = packet_read();
- if (type == SSH_SMSG_SUCCESS)
- goto success;
- if (type != SSH_SMSG_FAILURE)
- packet_disconnect("Protocol error: got %d in response to rhosts auth",
- type);
- }
/*
* Try .rhosts or /etc/hosts.equiv authentication with RSA host
* authentication.
/* NOTREACHED */
success:
-#ifdef KRB5
- /* Try Kerberos v5 TGT passing. */
- if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) &&
- options.kerberos_tgt_passing && context && auth_context) {
- if (options.cipher == SSH_CIPHER_NONE)
- log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!");
- send_krb5_tgt(context, auth_context);
- }
- if (auth_context)
- krb5_auth_con_free(context, auth_context);
- if (context)
- krb5_free_context(context);
-#endif
-
-#ifdef AFS
- /* Try Kerberos v4 TGT passing if the server supports it. */
- if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) &&
- options.kerberos_tgt_passing) {
- if (options.cipher == SSH_CIPHER_NONE)
- log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!");
- send_krb4_tgt();
- }
- /* Try AFS token passing if the server supports it. */
- if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) &&
- options.afs_token_passing && k_hasafs()) {
- if (options.cipher == SSH_CIPHER_NONE)
- log("WARNING: Encryption is disabled! Token will be transmitted in the clear!");
- send_afs_tokens();
- }
-#endif /* AFS */
-
return; /* need statement after label */
}
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.107 2002/07/01 19:48:46 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.124 2003/08/25 10:33:33 djm Exp $");
+
+#include "openbsd-compat/sys-queue.h"
#include "ssh.h"
#include "ssh2.h"
*/
u_char *session_id2 = NULL;
-int session_id2_len = 0;
+u_int session_id2_len = 0;
char *xxx_host;
struct sockaddr *xxx_hostaddr;
orig = myproposal[PROPOSAL_KEX_ALGS];
canonhost = xstrdup(get_canonical_hostname(1));
resolve_localhost(&canonhost);
- gss = ssh_gssapi_mechanisms(0,canonhost);
+ gss = ssh_gssapi_client_mechanisms(canonhost);
xfree(canonhost);
canonhost=NULL;
if (gss) {
#endif
if (options.ciphers == (char *)-1) {
- log("No valid ciphers for protocol version 2 given, using defaults.");
+ logit("No valid ciphers for protocol version 2 given, using defaults.");
options.ciphers = NULL;
}
if (options.ciphers != NULL) {
/* If we've got GSSAPI algorithms, then we also support the
* 'null' hostkey, as a last resort */
if (options.gss_keyex && gss) {
- orig=myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];
- len = strlen(orig)+sizeof(",null");
- myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]=xmalloc(len);
- snprintf(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS],len,"%s,null",orig);
+ orig=myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];
+ len = strlen(orig)+sizeof(",null");
+ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]=xmalloc(len);
+ snprintf(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS],len,"%s,null",orig);
}
#endif
+ if (options.rekey_limit)
+ packet_set_rekey_limit(options.rekey_limit);
+
/* start key exchange */
kex = kex_setup(myproposal);
+ kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
+ kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
+#ifdef GSSAPI
+ kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client;
+#endif
kex->client_version_string=client_version_string;
kex->server_version_string=server_version_string;
kex->verify_host_key=&verify_host_key_callback;
- kex->host=host;
-
#ifdef GSSAPI
kex->options.gss_deleg_creds=options.gss_deleg_creds;
#endif
packet_send();
packet_write_wait();
#endif
- debug("done: ssh_kex2.");
}
/*
typedef struct Authctxt Authctxt;
typedef struct Authmethod Authmethod;
-
-typedef int sign_cb_fn(
- Authctxt *authctxt, Key *key,
- u_char **sigp, u_int *lenp, u_char *data, u_int datalen);
+typedef struct identity Identity;
+typedef struct idlist Idlist;
+
+struct identity {
+ TAILQ_ENTRY(identity) next;
+ AuthenticationConnection *ac; /* set if agent supports key */
+ Key *key; /* public/private key */
+ char *filename; /* comment for agent-only keys */
+ int tried;
+ int isprivate; /* key points to the private key */
+};
+TAILQ_HEAD(idlist, identity);
struct Authctxt {
const char *server_user;
int success;
char *authlist;
/* pubkey */
- Key *last_key;
- sign_cb_fn *last_key_sign;
- int last_key_hint;
+ Idlist keys;
AuthenticationConnection *agent;
/* hostbased */
Sensitive *sensitive;
int userauth_passwd(Authctxt *);
int userauth_kbdint(Authctxt *);
int userauth_hostbased(Authctxt *);
+int userauth_kerberos(Authctxt *);
+
+#ifdef GSSAPI
+int userauth_gssapi(Authctxt *authctxt);
+void input_gssapi_response(int type, u_int32_t, void *);
+void input_gssapi_token(int type, u_int32_t, void *);
+void input_gssapi_hash(int type, u_int32_t, void *);
+void input_gssapi_error(int, u_int32_t, void *);
+void input_gssapi_errtok(int, u_int32_t, void *);
+#endif
#ifdef GSSAPI
int userauth_external(Authctxt *authctxt);
int userauth_gssapi(Authctxt *authctxt);
-void input_gssapi_response(int type, u_int32_t plen, void *ctxt);
-void input_gssapi_token(int type, u_int32_t plen, void *ctxt);
-void input_gssapi_hash(int type, u_int32_t plen, void *ctxt);
+void input_gssapi_response(int type, u_int32_t, void *);
+void input_gssapi_token(int type, u_int32_t, void *);
+void input_gssapi_hash(int type, u_int32_t, void *);
+void input_gssapi_error(int, u_int32_t, void *);
+void input_gssapi_errtok(int, u_int32_t, void *);
#endif
void userauth(Authctxt *, char *);
-static int sign_and_send_pubkey(Authctxt *, Key *, sign_cb_fn *);
-static void clear_auth_state(Authctxt *);
+static int sign_and_send_pubkey(Authctxt *, Identity *);
+static void pubkey_prepare(Authctxt *);
+static void pubkey_cleanup(Authctxt *);
+static Key *load_identity_file(char *);
static Authmethod *authmethod_get(char *authlist);
static Authmethod *authmethod_lookup(const char *name);
if (options.challenge_response_authentication)
options.kbd_interactive_authentication = 1;
- debug("send SSH2_MSG_SERVICE_REQUEST");
packet_start(SSH2_MSG_SERVICE_REQUEST);
packet_put_cstring("ssh-userauth");
packet_send();
+ debug("SSH2_MSG_SERVICE_REQUEST sent");
packet_write_wait();
type = packet_read();
- if (type != SSH2_MSG_SERVICE_ACCEPT) {
- fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type);
- }
+ if (type != SSH2_MSG_SERVICE_ACCEPT)
+ fatal("Server denied authentication request: %d", type);
if (packet_remaining() > 0) {
char *reply = packet_get_string(NULL);
- debug("service_accept: %s", reply);
+ debug2("service_accept: %s", reply);
xfree(reply);
} else {
- debug("buggy server: service_accept w/o service");
+ debug2("buggy server: service_accept w/o service");
}
packet_check_eom();
- debug("got SSH2_MSG_SERVICE_ACCEPT");
+ debug("SSH2_MSG_SERVICE_ACCEPT received");
if (options.preferred_authentications == NULL)
options.preferred_authentications = authmethods_get();
/* setup authentication context */
memset(&authctxt, 0, sizeof(authctxt));
- authctxt.agent = ssh_get_authentication_connection();
+ pubkey_prepare(&authctxt);
authctxt.server_user = server_user;
authctxt.local_user = local_user;
authctxt.host = host;
dispatch_set(SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner);
dispatch_run(DISPATCH_BLOCK, &authctxt.success, &authctxt); /* loop until success */
- if (authctxt.agent != NULL)
- ssh_close_authentication_connection(authctxt.agent);
+ pubkey_cleanup(&authctxt);
+ dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
- debug("ssh-userauth2 successful: method %s", authctxt.method->name);
+ debug("Authentication succeeded (%s).", authctxt.method->name);
}
+
void
userauth(Authctxt *authctxt, char *authlist)
{
- if (authctxt->methoddata!=NULL) {
+ if (authctxt->methoddata) {
xfree(authctxt->methoddata);
- authctxt->methoddata=NULL;
+ authctxt->methoddata = NULL;
}
-
if (authlist == NULL) {
authlist = authctxt->authlist;
} else {
if (method == NULL)
fatal("Permission denied (%s).", authlist);
authctxt->method = method;
+
+ /* reset the per method handler */
+ dispatch_range(SSH2_MSG_USERAUTH_PER_METHOD_MIN,
+ SSH2_MSG_USERAUTH_PER_METHOD_MAX, NULL);
+
+ /* and try new method */
if (method->userauth(authctxt) != 0) {
debug2("we sent a %s packet, wait for reply", method->name);
break;
debug3("input_userauth_banner");
msg = packet_get_string(NULL);
lang = packet_get_string(NULL);
- fprintf(stderr, "%s", msg);
+ logit("%s", msg);
xfree(msg);
xfree(lang);
}
xfree(authctxt->authlist);
if (authctxt->methoddata)
xfree(authctxt->methoddata);
- clear_auth_state(authctxt);
authctxt->success = 1; /* break out */
}
packet_check_eom();
if (partial != 0)
- log("Authenticated with partial success.");
- debug("authentications that can continue: %s", authlist);
+ logit("Authenticated with partial success.");
+ debug("Authentications that can continue: %s", authlist);
- clear_auth_state(authctxt);
userauth(authctxt, authlist);
}
void
{
Authctxt *authctxt = ctxt;
Key *key = NULL;
+ Identity *id = NULL;
Buffer b;
int pktype, sent = 0;
u_int alen, blen;
}
packet_check_eom();
- debug("input_userauth_pk_ok: pkalg %s blen %u lastkey %p hint %d",
- pkalg, blen, authctxt->last_key, authctxt->last_key_hint);
+ debug("Server accepts key: pkalg %s blen %u", pkalg, blen);
- do {
- if (authctxt->last_key == NULL ||
- authctxt->last_key_sign == NULL) {
- debug("no last key or no sign cb");
- break;
- }
- if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) {
- debug("unknown pkalg %s", pkalg);
- break;
- }
- if ((key = key_from_blob(pkblob, blen)) == NULL) {
- debug("no key from blob. pkalg %s", pkalg);
- break;
- }
- if (key->type != pktype) {
- error("input_userauth_pk_ok: type mismatch "
- "for decoded key (received %d, expected %d)",
- key->type, pktype);
- break;
- }
- fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
- debug2("input_userauth_pk_ok: fp %s", fp);
- xfree(fp);
- if (!key_equal(key, authctxt->last_key)) {
- debug("key != last_key");
+ if ((pktype = key_type_from_name(pkalg)) == KEY_UNSPEC) {
+ debug("unknown pkalg %s", pkalg);
+ goto done;
+ }
+ if ((key = key_from_blob(pkblob, blen)) == NULL) {
+ debug("no key from blob. pkalg %s", pkalg);
+ goto done;
+ }
+ if (key->type != pktype) {
+ error("input_userauth_pk_ok: type mismatch "
+ "for decoded key (received %d, expected %d)",
+ key->type, pktype);
+ goto done;
+ }
+ fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+ debug2("input_userauth_pk_ok: fp %s", fp);
+ xfree(fp);
+
+ TAILQ_FOREACH(id, &authctxt->keys, next) {
+ if (key_equal(key, id->key)) {
+ sent = sign_and_send_pubkey(authctxt, id);
break;
}
- sent = sign_and_send_pubkey(authctxt, key,
- authctxt->last_key_sign);
- } while (0);
-
+ }
+done:
if (key != NULL)
key_free(key);
xfree(pkalg);
xfree(pkblob);
- /* unregister */
- clear_auth_state(authctxt);
- dispatch_set(SSH2_MSG_USERAUTH_PK_OK, NULL);
-
/* try another method if we did not send a packet */
if (sent == 0)
userauth(authctxt, NULL);
-
}
#ifdef GSSAPI
int
userauth_gssapi(Authctxt *authctxt)
{
- Gssctxt *gssctxt;
- static int mech=0;
+ Gssctxt *gssctxt = NULL;
+ static gss_OID_set supported = NULL;
+ static int mech = 0;
+ OM_uint32 min;
+ int ok = 0;
+
+ if (!options.gss_authentication) {
+ verbose("GSSAPI authentication disabled.");
+ return 0;
+ }
- if (datafellows & SSH_OLD_GSSAPI) return 0;
-
- /* Try each mechanism in turn. Give up if we've tried all
- supported mechanisms.
- */
- if (mech==GSS_LAST_ENTRY) return 0;
-
- /* Initialise as much of our context as we can, so failures can be
- * trapped before sending any packets.
- */
- ssh_gssapi_build_ctx(&gssctxt);
+ /* Try one GSSAPI method at a time, rather than sending them all at
+ * once. */
+
+ if (supported == NULL)
+ gss_indicate_mechs(&min, &supported);
- if (ssh_gssapi_import_name(gssctxt,get_canonical_hostname(1))) {
- return(0);
+ /* Check to see if the mechanism is usable before we offer it */
+ while (mech<supported->count && !ok) {
+ if (gssctxt)
+ ssh_gssapi_delete_ctx(&gssctxt);
+ ssh_gssapi_build_ctx(&gssctxt);
+ ssh_gssapi_set_oid(gssctxt, &supported->elements[mech]);
+
+ /* My DER encoding requires length<128 */
+ if (supported->elements[mech].length < 128 &&
+ !GSS_ERROR(ssh_gssapi_import_name(gssctxt,
+ authctxt->host))) {
+ ok = 1; /* Mechanism works */
+ } else {
+ mech++;
+ }
}
-
+
+ if (!ok) return 0;
+
authctxt->methoddata=(void *)gssctxt;
-
+
packet_start(SSH2_MSG_USERAUTH_REQUEST);
-#ifdef GSI
- if(options.implicit && !(datafellows & SSH_BUG_GSS_EMPTYUSER)) {
- packet_put_cstring("");
+ packet_put_cstring(authctxt->server_user);
+ packet_put_cstring(authctxt->service);
+ packet_put_cstring(authctxt->method->name);
+
+ packet_put_int(1);
+
+ /* Some servers encode the OID incorrectly (as we used to) */
+ if (datafellows & SSH_BUG_GSSAPI_BER) {
+ packet_put_string(supported->elements[mech].elements,
+ supported->elements[mech].length);
} else {
-#endif
- packet_put_cstring(authctxt->server_user);
-#ifdef GSI
+ packet_put_int((supported->elements[mech].length)+2);
+ packet_put_char(SSH_GSS_OIDTYPE);
+ packet_put_char(supported->elements[mech].length);
+ packet_put_raw(supported->elements[mech].elements,
+ supported->elements[mech].length);
}
-#endif
- packet_put_cstring(authctxt->service);
- packet_put_cstring(authctxt->method->name);
- /* FIXME: This assumes that our current GSSAPI implementation
- * supports all of the mechanisms listed in supported_mechs.
- * This may not be the case - we should use something along
- * the lines of the code in gss_genr to remove the ones that
- * aren't supported */
+ packet_send();
- /* Try one GSSAPI mechanism at a time. */
- packet_put_int(1);
- packet_put_string(supported_mechs[mech].oid.elements,
- supported_mechs[mech].oid.length);
- packet_send();
- packet_write_wait();
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE, &input_gssapi_response);
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERROR, &input_gssapi_error);
+ dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
- dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE,&input_gssapi_response);
- dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN,&input_gssapi_token);
-
- mech++; /* Move to next mechanism for next time. */
+ mech++; /* Move along to next candidate */
- return 1;
+ return 1;
}
void
-input_gssapi_response(int type, u_int32_t plen, void *ctxt)
+input_gssapi_response(int type, u_int32_t plen, void *ctxt)
{
Authctxt *authctxt = ctxt;
Gssctxt *gssctxt;
- OM_uint32 status,ms;
+ OM_uint32 status, ms;
int oidlen;
char *oidv;
- gss_buffer_desc send_tok;
-
+ gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
+
if (authctxt == NULL)
fatal("input_gssapi_response: no authentication context");
gssctxt = authctxt->methoddata;
-
+
/* Setup our OID */
- oidv=packet_get_string(&oidlen);
- ssh_gssapi_set_oid_data(gssctxt,oidv,oidlen);
-
+ oidv = packet_get_string(&oidlen);
+
+ if (datafellows & SSH_BUG_GSSAPI_BER) {
+ if (!ssh_gssapi_check_oid(gssctxt, oidv, oidlen))
+ fatal("Server returned different OID than expected");
+ } else {
+ if(oidv[0] != SSH_GSS_OIDTYPE || oidv[1] != oidlen-2) {
+ debug("Badly encoded mechanism OID received");
+ userauth(authctxt, NULL);
+ xfree(oidv);
+ return;
+ }
+ if (!ssh_gssapi_check_oid(gssctxt, oidv+2, oidlen-2))
+ fatal("Server returned different OID than expected");
+ }
+
packet_check_eom();
-
+
+ xfree(oidv);
+
status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
- GSS_C_NO_BUFFER, &send_tok,
- NULL);
+ GSS_C_NO_BUFFER, &send_tok, NULL);
if (GSS_ERROR(status)) {
+ if (send_tok.length > 0) {
+ packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
+ packet_put_string(send_tok.value, send_tok.length);
+ packet_send();
+ gss_release_buffer(&ms, &send_tok);
+ }
/* Start again with next method on list */
debug("Trying to start again");
- userauth(authctxt,NULL);
+ userauth(authctxt, NULL);
return;
}
- /* We must have data to send */
+ /* We must have data to send */
packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
- packet_put_string(send_tok.value,send_tok.length);
+ packet_put_string(send_tok.value, send_tok.length);
packet_send();
- packet_write_wait();
gss_release_buffer(&ms, &send_tok);
}
{
Authctxt *authctxt = ctxt;
Gssctxt *gssctxt;
- gss_buffer_desc send_tok,recv_tok;
- OM_uint32 status;
+ gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc recv_tok;
+ OM_uint32 status, ms;
u_int slen;
-
+
if (authctxt == NULL)
- fatal("input_gssapi_token: no authentication context");
+ fatal("input_gssapi_response: no authentication context");
gssctxt = authctxt->methoddata;
-
- recv_tok.value=packet_get_string(&slen);
- recv_tok.length=slen; /* safe typecast */
- status=ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
- &recv_tok, &send_tok, NULL);
+ recv_tok.value = packet_get_string(&slen);
+ recv_tok.length = slen; /* safe typecast */
packet_check_eom();
-
+
+ status=ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
+ &recv_tok, &send_tok, NULL);
+
+ xfree(recv_tok.value);
+
if (GSS_ERROR(status)) {
+ if (send_tok.length > 0) {
+ packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK);
+ packet_put_string(send_tok.value, send_tok.length);
+ packet_send();
+ gss_release_buffer(&ms, &send_tok);
+ }
/* Start again with the next method in the list */
- userauth(authctxt,NULL);
+ userauth(authctxt, NULL);
return;
}
-
- if (send_tok.length>0) {
+
+ if (send_tok.length > 0) {
packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
- packet_put_string(send_tok.value,send_tok.length);
+ packet_put_string(send_tok.value, send_tok.length);
packet_send();
- packet_write_wait();
+ gss_release_buffer(&ms, &send_tok);
}
-
+
if (status == GSS_S_COMPLETE) {
/* If that succeeded, send a exchange complete message */
packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE);
packet_send();
- packet_write_wait();
}
}
+void
+input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
+{
+ Authctxt *authctxt = ctxt;
+ Gssctxt *gssctxt;
+ gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc recv_tok;
+ OM_uint32 status, ms;
+ u_int len;
+
+ if (authctxt == NULL)
+ fatal("input_gssapi_response: no authentication context");
+ gssctxt = authctxt->methoddata;
+
+ recv_tok.value = packet_get_string(&len);
+ recv_tok.length = len;
+
+ packet_check_eom();
+
+ /* Stick it into GSSAPI and see what it says */
+ status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
+ &recv_tok, &send_tok, NULL);
+
+ xfree(recv_tok.value);
+ gss_release_buffer(&ms, &send_tok);
+
+ /* Server will be returning a failed packet after this one */
+}
+
+void
+input_gssapi_error(int type, u_int32_t plen, void *ctxt)
+{
+ OM_uint32 maj, min;
+ char *msg;
+ char *lang;
+
+ maj=packet_get_int();
+ min=packet_get_int();
+ msg=packet_get_string(NULL);
+ lang=packet_get_string(NULL);
+
+ packet_check_eom();
+
+ debug("Server GSSAPI Error:\n%s\n", msg);
+ xfree(msg);
+ xfree(lang);
+}
+
int
userauth_external(Authctxt *authctxt)
{
- static int attempt =0;
+ static int attempt = 0;
if (attempt++ >= 1)
return 0;
+ /* The client MUST NOT try this method if initial key exchange
+ was not performed using a GSSAPI-based key exchange
+ method. */
+ if (xxx_kex->kex_type != KEX_GSS_GRP1_SHA1) {
+ debug2("gsskex not performed, skipping external-keyx");
+ return 0;
+ }
+
debug2("userauth_external");
packet_start(SSH2_MSG_USERAUTH_REQUEST);
#ifdef GSI
packet_put_cstring(authctxt->method->name);
packet_send();
return 1;
-
}
int
info = packet_get_string(NULL);
lang = packet_get_string(NULL);
if (strlen(info) > 0)
- log("%s", info);
+ logit("%s", info);
xfree(info);
xfree(lang);
packet_start(SSH2_MSG_USERAUTH_REQUEST);
if (strcmp(password, retype) != 0) {
memset(password, 0, strlen(password));
xfree(password);
- log("Mismatch; try again, EOF to quit.");
+ logit("Mismatch; try again, EOF to quit.");
password = NULL;
}
memset(retype, 0, strlen(retype));
&input_userauth_passwd_changereq);
}
-static void
-clear_auth_state(Authctxt *authctxt)
+static int
+identity_sign(Identity *id, u_char **sigp, u_int *lenp,
+ u_char *data, u_int datalen)
{
- /* XXX clear authentication state */
- dispatch_set(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, NULL);
+ Key *prv;
+ int ret;
- if (authctxt->last_key != NULL && authctxt->last_key_hint == -1) {
- debug3("clear_auth_state: key_free %p", authctxt->last_key);
- key_free(authctxt->last_key);
- }
- authctxt->last_key = NULL;
- authctxt->last_key_hint = -2;
- authctxt->last_key_sign = NULL;
+ /* the agent supports this key */
+ if (id->ac)
+ return (ssh_agent_sign(id->ac, id->key, sigp, lenp,
+ data, datalen));
+ /*
+ * we have already loaded the private key or
+ * the private key is stored in external hardware
+ */
+ if (id->isprivate || (id->key->flags & KEY_FLAG_EXT))
+ return (key_sign(id->key, sigp, lenp, data, datalen));
+ /* load the private key from the file */
+ if ((prv = load_identity_file(id->filename)) == NULL)
+ return (-1);
+ ret = key_sign(prv, sigp, lenp, data, datalen);
+ key_free(prv);
+ return (ret);
}
static int
-sign_and_send_pubkey(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback)
+sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
{
Buffer b;
u_char *blob, *signature;
u_int bloblen, slen;
- int skip = 0;
+ u_int skip = 0;
int ret = -1;
int have_sig = 1;
debug3("sign_and_send_pubkey");
- if (key_to_blob(k, &blob, &bloblen) == 0) {
+ if (key_to_blob(id->key, &blob, &bloblen) == 0) {
/* we cannot handle this key */
debug3("sign_and_send_pubkey: cannot handle key");
return 0;
} else {
buffer_put_cstring(&b, authctxt->method->name);
buffer_put_char(&b, have_sig);
- buffer_put_cstring(&b, key_ssh_name(k));
+ buffer_put_cstring(&b, key_ssh_name(id->key));
}
buffer_put_string(&b, blob, bloblen);
/* generate signature */
- ret = (*sign_callback)(authctxt, k, &signature, &slen,
+ ret = identity_sign(id, &signature, &slen,
buffer_ptr(&b), buffer_len(&b));
if (ret == -1) {
xfree(blob);
buffer_put_cstring(&b, authctxt->method->name);
buffer_put_char(&b, have_sig);
if (!(datafellows & SSH_BUG_PKAUTH))
- buffer_put_cstring(&b, key_ssh_name(k));
+ buffer_put_cstring(&b, key_ssh_name(id->key));
buffer_put_string(&b, blob, bloblen);
}
xfree(blob);
}
static int
-send_pubkey_test(Authctxt *authctxt, Key *k, sign_cb_fn *sign_callback,
- int hint)
+send_pubkey_test(Authctxt *authctxt, Identity *id)
{
u_char *blob;
u_int bloblen, have_sig = 0;
debug3("send_pubkey_test");
- if (key_to_blob(k, &blob, &bloblen) == 0) {
+ if (key_to_blob(id->key, &blob, &bloblen) == 0) {
/* we cannot handle this key */
debug3("send_pubkey_test: cannot handle key");
return 0;
}
/* register callback for USERAUTH_PK_OK message */
- authctxt->last_key_sign = sign_callback;
- authctxt->last_key_hint = hint;
- authctxt->last_key = k;
dispatch_set(SSH2_MSG_USERAUTH_PK_OK, &input_userauth_pk_ok);
packet_start(SSH2_MSG_USERAUTH_REQUEST);
packet_put_cstring(authctxt->method->name);
packet_put_char(have_sig);
if (!(datafellows & SSH_BUG_PKAUTH))
- packet_put_cstring(key_ssh_name(k));
+ packet_put_cstring(key_ssh_name(id->key));
packet_put_string(blob, bloblen);
xfree(blob);
packet_send();
return private;
}
-static int
-identity_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, u_int *lenp,
- u_char *data, u_int datalen)
-{
- Key *private;
- int idx, ret;
-
- idx = authctxt->last_key_hint;
- if (idx < 0)
- return -1;
-
- /* private key is stored in external hardware */
- if (options.identity_keys[idx]->flags & KEY_FLAG_EXT)
- return key_sign(options.identity_keys[idx], sigp, lenp, data, datalen);
-
- private = load_identity_file(options.identity_files[idx]);
- if (private == NULL)
- return -1;
- ret = key_sign(private, sigp, lenp, data, datalen);
- key_free(private);
- return ret;
-}
-
-static int
-agent_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, u_int *lenp,
- u_char *data, u_int datalen)
-{
- return ssh_agent_sign(authctxt->agent, key, sigp, lenp, data, datalen);
-}
-
-static int
-key_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, u_int *lenp,
- u_char *data, u_int datalen)
+/*
+ * try keys in the following order:
+ * 1. agent keys that are found in the config file
+ * 2. other agent keys
+ * 3. keys that are only listed in the config file
+ */
+static void
+pubkey_prepare(Authctxt *authctxt)
{
- return key_sign(key, sigp, lenp, data, datalen);
+ Identity *id;
+ Idlist agent, files, *preferred;
+ Key *key;
+ AuthenticationConnection *ac;
+ char *comment;
+ int i, found;
+
+ TAILQ_INIT(&agent); /* keys from the agent */
+ TAILQ_INIT(&files); /* keys from the config file */
+ preferred = &authctxt->keys;
+ TAILQ_INIT(preferred); /* preferred order of keys */
+
+ /* list of keys stored in the filesystem */
+ for (i = 0; i < options.num_identity_files; i++) {
+ key = options.identity_keys[i];
+ if (key && key->type == KEY_RSA1)
+ continue;
+ options.identity_keys[i] = NULL;
+ id = xmalloc(sizeof(*id));
+ memset(id, 0, sizeof(*id));
+ id->key = key;
+ id->filename = xstrdup(options.identity_files[i]);
+ TAILQ_INSERT_TAIL(&files, id, next);
+ }
+ /* list of keys supported by the agent */
+ if ((ac = ssh_get_authentication_connection())) {
+ for (key = ssh_get_first_identity(ac, &comment, 2);
+ key != NULL;
+ key = ssh_get_next_identity(ac, &comment, 2)) {
+ found = 0;
+ TAILQ_FOREACH(id, &files, next) {
+ /* agent keys from the config file are preferred */
+ if (key_equal(key, id->key)) {
+ key_free(key);
+ xfree(comment);
+ TAILQ_REMOVE(&files, id, next);
+ TAILQ_INSERT_TAIL(preferred, id, next);
+ id->ac = ac;
+ found = 1;
+ break;
+ }
+ }
+ if (!found) {
+ id = xmalloc(sizeof(*id));
+ memset(id, 0, sizeof(*id));
+ id->key = key;
+ id->filename = comment;
+ id->ac = ac;
+ TAILQ_INSERT_TAIL(&agent, id, next);
+ }
+ }
+ /* append remaining agent keys */
+ for (id = TAILQ_FIRST(&agent); id; id = TAILQ_FIRST(&agent)) {
+ TAILQ_REMOVE(&agent, id, next);
+ TAILQ_INSERT_TAIL(preferred, id, next);
+ }
+ authctxt->agent = ac;
+ }
+ /* append remaining keys from the config file */
+ for (id = TAILQ_FIRST(&files); id; id = TAILQ_FIRST(&files)) {
+ TAILQ_REMOVE(&files, id, next);
+ TAILQ_INSERT_TAIL(preferred, id, next);
+ }
+ TAILQ_FOREACH(id, preferred, next) {
+ debug2("key: %s (%p)", id->filename, id->key);
+ }
}
-static int
-userauth_pubkey_agent(Authctxt *authctxt)
+static void
+pubkey_cleanup(Authctxt *authctxt)
{
- static int called = 0;
- int ret = 0;
- char *comment;
- Key *k;
-
- if (called == 0) {
- if (ssh_get_num_identities(authctxt->agent, 2) == 0)
- debug2("userauth_pubkey_agent: no keys at all");
- called = 1;
+ Identity *id;
+
+ if (authctxt->agent != NULL)
+ ssh_close_authentication_connection(authctxt->agent);
+ for (id = TAILQ_FIRST(&authctxt->keys); id;
+ id = TAILQ_FIRST(&authctxt->keys)) {
+ TAILQ_REMOVE(&authctxt->keys, id, next);
+ if (id->key)
+ key_free(id->key);
+ if (id->filename)
+ xfree(id->filename);
+ xfree(id);
}
- k = ssh_get_next_identity(authctxt->agent, &comment, 2);
- if (k == NULL) {
- debug2("userauth_pubkey_agent: no more keys");
- } else {
- debug("userauth_pubkey_agent: testing agent key %s", comment);
- xfree(comment);
- ret = send_pubkey_test(authctxt, k, agent_sign_cb, -1);
- if (ret == 0)
- key_free(k);
- }
- if (ret == 0)
- debug2("userauth_pubkey_agent: no message sent");
- return ret;
}
int
userauth_pubkey(Authctxt *authctxt)
{
- static int idx = 0;
+ Identity *id;
int sent = 0;
- Key *key;
- char *filename;
- if (authctxt->agent != NULL) {
- do {
- sent = userauth_pubkey_agent(authctxt);
- } while (!sent && authctxt->agent->howmany > 0);
- }
- while (!sent && idx < options.num_identity_files) {
- key = options.identity_keys[idx];
- filename = options.identity_files[idx];
- if (key == NULL) {
- debug("try privkey: %s", filename);
- key = load_identity_file(filename);
- if (key != NULL) {
- sent = sign_and_send_pubkey(authctxt, key,
- key_sign_cb);
- key_free(key);
+ while ((id = TAILQ_FIRST(&authctxt->keys))) {
+ if (id->tried++)
+ return (0);
+ TAILQ_REMOVE(&authctxt->keys, id, next);
+ TAILQ_INSERT_TAIL(&authctxt->keys, id, next);
+ /*
+ * send a test message if we have the public key. for
+ * encrypted keys we cannot do this and have to load the
+ * private key instead
+ */
+ if (id->key && id->key->type != KEY_RSA1) {
+ debug("Offering public key: %s", id->filename);
+ sent = send_pubkey_test(authctxt, id);
+ } else if (id->key == NULL) {
+ debug("Trying private key: %s", id->filename);
+ id->key = load_identity_file(id->filename);
+ if (id->key != NULL) {
+ id->isprivate = 1;
+ sent = sign_and_send_pubkey(authctxt, id);
+ key_free(id->key);
+ id->key = NULL;
}
- } else if (key->type != KEY_RSA1) {
- debug("try pubkey: %s", filename);
- sent = send_pubkey_test(authctxt, key,
- identity_sign_cb, idx);
}
- idx++;
+ if (sent)
+ return (sent);
}
- return sent;
+ return (0);
}
/*
inst = packet_get_string(NULL);
lang = packet_get_string(NULL);
if (strlen(name) > 0)
- log("%s", name);
+ logit("%s", name);
if (strlen(inst) > 0)
- log("%s", inst);
+ logit("%s", inst);
xfree(name);
xfree(inst);
xfree(lang);
pid_t pid;
int to[2], from[2], status, version = 2;
- debug("ssh_keysign called");
+ debug2("ssh_keysign called");
if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
error("ssh_keysign: no installed: %s", strerror(errno));
}
}
if (!found) {
- debug("userauth_hostbased: no more client hostkeys");
+ debug("No more client hostkeys for hostbased authentication.");
return 0;
}
if (key_to_blob(private, &blob, &blen) == 0) {
strlcpy(chost, p, len);
strlcat(chost, ".", len);
debug2("userauth_hostbased: chost %s", chost);
+ xfree(p);
service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
authctxt->service;
static Authmethod *
authmethod_get(char *authlist)
{
-
char *name = NULL;
u_int next;
for (;;) {
if ((name = match_list(preferred, supported, &next)) == NULL) {
- debug("no more auth methods to try");
+ debug("No more authentication methods to try.");
current = NULL;
return NULL;
}
if ((current = authmethod_lookup(name)) != NULL &&
authmethod_is_enabled(current)) {
debug3("authmethod_is_enabled %s", name);
- debug("next auth method to try is %s", name);
+ debug("Next authentication method: %s", name);
return current;
}
}
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.193 2002/09/24 20:59:44 todd Exp $
+.\" $OpenBSD: sshd.8,v 1.199 2003/08/13 08:46:31 markus Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
.Nd OpenSSH SSH daemon
.Sh SYNOPSIS
.Nm sshd
+.Bk -words
.Op Fl deiqtD46
.Op Fl b Ar bits
.Op Fl f Ar config_file
.Op Fl o Ar option
.Op Fl p Ar port
.Op Fl u Ar len
+.Ek
.Sh DESCRIPTION
.Nm
(SSH Daemon) is the daemon program for
.Nm
supports both SSH protocol version 1 and 2 simultaneously.
.Nm
-works as follows.
+works as follows:
.Pp
.Ss SSH protocol version 1
.Pp
This key is normally regenerated every hour if it has been used, and
is never stored on disk.
.Pp
-Whenever a client connects the daemon responds with its public
+Whenever a client connects, the daemon responds with its public
host and server keys.
The client compares the
RSA host key against its own database to verify that it has not changed.
authentication, RSA challenge-response authentication, or password
based authentication.
.Pp
+Regardless of the authentication type, the account is checked to
+ensure that it is accessible. An account is not accessible if it is
+locked, listed in
+.Cm DenyUsers
+or its group is listed in
+.Cm DenyGroups
+\&. The definition of a locked account is system dependant. Some platforms
+have their own account database (eg AIX) and some modify the passwd field (
+.Ql \&*LK\&*
+on Solaris,
+.Ql \&*
+on HP-UX, containing
+.Ql Nologin
+on Tru64 and a leading
+.Ql \&!!
+on Linux). If there is a requirement to disable password authentication
+for the account while allowing still public-key, then the passwd field
+should be set to something other than these values (eg
+.Ql NP
+or
+.Ql \&*NP\&*
+).
+.Pp
Rhosts authentication is normally disabled
because it is fundamentally insecure, but can be enabled in the server
configuration file if desired.
.Nm rshd ,
.Nm rlogind ,
and
-.Xr rexecd
+.Nm rexecd
are disabled (thus completely disabling
.Xr rlogin
and
log, and does not put itself in the background.
The server also will not fork and will only process one connection.
This option is only intended for debugging for the server.
-Multiple -d options increase the debugging level.
+Multiple
+.Fl d
+options increase the debugging level.
Maximum is 3.
.It Fl e
When this option is specified,
.It Fl i
Specifies that
.Nm
-is being run from inetd.
+is being run from
+.Xr inetd 8 .
.Nm
is normally not run
from inetd because it needs to generate the server key before it can
.Pa utmp
file.
.Fl u0
-is also be used to prevent
+may also be used to prevent
.Nm
from making DNS requests unless the authentication
mechanism or configuration requires it.
Authentication mechanisms that may require DNS include
-.Cm RhostsAuthentication ,
.Cm RhostsRSAAuthentication ,
.Cm HostbasedAuthentication
and using a
Specifies that in addition to public key authentication, the canonical name
of the remote host must be present in the comma-separated list of
patterns
-.Pf ( Ql *
+.Pf ( Ql \&*
and
-.Ql ?
+.Ql \&?
serve as wildcards).
The list may also contain
patterns negated by prefixing them with
-.Ql ! ;
+.Ql \&! ;
if the canonical host name matches a negated pattern, the key is not accepted.
The purpose
of this option is to optionally increase security: public key authentication
The command supplied by the user (if any) is ignored.
The command is run on a pty if the client requests a pty;
otherwise it is run without a tty.
-If a 8-bit clean channel is required,
+If an 8-bit clean channel is required,
one must not request a pty or should specify
.Cm no-pty .
A quote may be included in the command by quoting it with a backslash.
.Ar host/port .
Multiple
.Cm permitopen
-options may be applied separated by commas. No pattern matching is
-performed on the specified hostnames, they must be literal domains or
-addresses.
+options may be applied separated by commas.
+No pattern matching is performed on the specified hostnames,
+they must be literal domains or addresses.
.El
.Ss Examples
1024 33 12121.\|.\|.\|312314325 ylo@foo.bar
permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323
.Sh SSH_KNOWN_HOSTS FILE FORMAT
The
-.Pa /etc/ssh/ssh_known_hosts ,
+.Pa /etc/ssh/ssh_known_hosts
and
.Pa $HOME/.ssh/known_hosts
files contain host public keys for all known hosts.
bits, exponent, modulus, comment.
The fields are separated by spaces.
.Pp
-Hostnames is a comma-separated list of patterns ('*' and '?' act as
+Hostnames is a comma-separated list of patterns
+.Pf ( Ql \&*
+and
+.Ql \&?
+act as
wildcards); each pattern in turn is matched against the canonical host
name (when authenticating a client) or against the user-supplied
name (when authenticating a server).
A pattern may also be preceded by
-.Ql !
+.Ql \&!
to indicate negation: if the host name matches a negated
pattern, it is not accepted (by that line) even if it matched another
pattern on the line.
.Pa /etc/ssh/ssh_known_hosts
should be world-readable, and
.Pa $HOME/.ssh/known_hosts
-can but need not be world-readable.
+can, but need not be, world-readable.
.It Pa /etc/nologin
If this file exists,
.Nm
This file contains host-username pairs, separated by a space, one per
line.
The given user on the corresponding host is permitted to log in
-without password.
+without a password.
The same file is used by rlogind and rshd.
The file must
be writable only by the user; it is recommended that it not be
.Cm PermitUserEnvironment
option.
.It Pa $HOME/.ssh/rc
-If this file exists, it is run with /bin/sh after reading the
+If this file exists, it is run with
+.Pa /bin/sh
+after reading the
environment files but before starting the user's shell or command.
It must not produce any output on stdout; stderr must be used
instead.
machine-specific login-time initializations globally.
This file should be writable only by root, and should be world-readable.
.El
-.Sh AUTHORS
-OpenSSH is a derivative of the original and free
-ssh 1.2.12 release by Tatu Ylonen.
-Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
-Theo de Raadt and Dug Song
-removed many bugs, re-added newer features and
-created OpenSSH.
-Markus Friedl contributed the support for SSH
-protocol versions 1.5 and 2.0.
-Niels Provos and Markus Friedl contributed support
-for privilege separation.
.Sh SEE ALSO
.Xr scp 1 ,
.Xr sftp 1 ,
.%D January 2002
.%O work in progress material
.Re
+.Sh AUTHORS
+OpenSSH is a derivative of the original and free
+ssh 1.2.12 release by Tatu Ylonen.
+Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
+Theo de Raadt and Dug Song
+removed many bugs, re-added newer features and
+created OpenSSH.
+Markus Friedl contributed the support for SSH
+protocol versions 1.5 and 2.0.
+Niels Provos and Markus Friedl contributed support
+for privilege separation.
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.260 2002/09/27 10:42:09 mickey Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.276 2003/08/28 12:54:34 markus Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
* Flag indicating whether IPv4 or IPv6. This can be set on the command line.
* Default value is AF_UNSPEC means both IPv4 and IPv6.
*/
-#ifdef IPV4_DEFAULT
-int IPv4or6 = AF_INET;
-#else
int IPv4or6 = AF_UNSPEC;
-#endif
/*
* Debug mode flag. This can be set on the command line. If debug
/* same for ssh2 */
u_char *session_id2 = NULL;
-int session_id2_len = 0;
+u_int session_id2_len = 0;
/* record remote hostname or ip */
u_int utmp_len = MAXHOSTNAMELEN;
int startup_pipe; /* in child */
/* variables used for privilege separation */
-extern struct monitor *pmonitor;
-extern int use_privsep;
+int use_privsep;
+struct monitor *pmonitor;
+
+/* message to be displayed after login */
+Buffer loginmsg;
/* Prototypes for various functions defined later in this file. */
void destroy_sensitive_data(void);
static void
sighup_restart(void)
{
- log("Received SIGHUP; restarting.");
+ logit("Received SIGHUP; restarting.");
close_listen_socks();
close_startup_pipes();
execv(saved_argv[0], saved_argv);
- log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
+ logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
strerror(errno));
exit(1);
}
snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_VERSION);
server_version_string = xstrdup(buf);
- if (client_version_string == NULL) {
- /* Send our protocol version identification. */
- if (atomicio(write, sock_out, server_version_string,
- strlen(server_version_string))
- != strlen(server_version_string)) {
- log("Could not write ident string to %s", get_remote_ipaddr());
+ /* Send our protocol version identification. */
+ if (atomicio(vwrite, sock_out, server_version_string,
+ strlen(server_version_string))
+ != strlen(server_version_string)) {
+ logit("Could not write ident string to %s", get_remote_ipaddr());
+ fatal_cleanup();
+ }
+
+ /* Read other sides version identification. */
+ memset(buf, 0, sizeof(buf));
+ for (i = 0; i < sizeof(buf) - 1; i++) {
+ if (atomicio(read, sock_in, &buf[i], 1) != 1) {
+ logit("Did not receive identification string from %s",
+ get_remote_ipaddr());
fatal_cleanup();
}
-
- /* Read other sides version identification. */
- memset(buf, 0, sizeof(buf));
- for (i = 0; i < sizeof(buf) - 1; i++) {
- if (atomicio(read, sock_in, &buf[i], 1) != 1) {
- log("Did not receive identification string from %s",
- get_remote_ipaddr());
- fatal_cleanup();
- }
- if (buf[i] == '\r') {
- buf[i] = 0;
- /* Kludge for F-Secure Macintosh < 1.0.2 */
- if (i == 12 &&
- strncmp(buf, "SSH-1.5-W1.0", 12) == 0)
- break;
- continue;
- }
- if (buf[i] == '\n') {
- buf[i] = 0;
+ if (buf[i] == '\r') {
+ buf[i] = 0;
+ /* Kludge for F-Secure Macintosh < 1.0.2 */
+ if (i == 12 &&
+ strncmp(buf, "SSH-1.5-W1.0", 12) == 0)
break;
- }
+ continue;
+ }
+ if (buf[i] == '\n') {
+ buf[i] = 0;
+ break;
}
- buf[sizeof(buf) - 1] = 0;
- client_version_string = xstrdup(buf);
}
+ buf[sizeof(buf) - 1] = 0;
+ client_version_string = xstrdup(buf);
/*
* Check that the versions match. In future this might accept
if (sscanf(client_version_string, "SSH-%d.%d-%[^\n]\n",
&remote_major, &remote_minor, remote_version) != 3) {
s = "Protocol mismatch.\n";
- (void) atomicio(write, sock_out, s, strlen(s));
+ (void) atomicio(vwrite, sock_out, s, strlen(s));
close(sock_in);
close(sock_out);
- log("Bad protocol version identification '%.100s' from %s",
+ logit("Bad protocol version identification '%.100s' from %s",
client_version_string, get_remote_ipaddr());
fatal_cleanup();
}
compat_datafellows(remote_version);
if (datafellows & SSH_BUG_PROBE) {
- log("probed from %s with %s. Don't panic.",
+ logit("probed from %s with %s. Don't panic.",
get_remote_ipaddr(), client_version_string);
fatal_cleanup();
}
if (datafellows & SSH_BUG_SCANNER) {
- log("scanned from %s with %s. Don't panic.",
+ logit("scanned from %s with %s. Don't panic.",
get_remote_ipaddr(), client_version_string);
fatal_cleanup();
}
if (mismatch) {
s = "Protocol major versions differ.\n";
- (void) atomicio(write, sock_out, s, strlen(s));
+ (void) atomicio(vwrite, sock_out, s, strlen(s));
close(sock_in);
close(sock_out);
- log("Protocol major versions differ for %s: %.200s vs. %.200s",
+ logit("Protocol major versions differ for %s: %.200s vs. %.200s",
get_remote_ipaddr(),
server_version_string, client_version_string);
fatal_cleanup();
do_setusercontext(pw);
#else
gidset[0] = pw->pw_gid;
- if (setgid(pw->pw_gid) < 0)
- fatal("setgid failed for %u", pw->pw_gid );
if (setgroups(1, gidset) < 0)
fatal("setgroups: %.100s", strerror(errno));
permanently_set_uid(pw);
#ifdef HAVE_SECUREWARE
(void)set_auth_parameters(ac, av);
#endif
- __progname = get_progname(av[0]);
+ __progname = ssh_get_progname(av[0]);
init_rng();
- /* Save argv. */
+ /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
saved_argc = ac;
- saved_argv = av;
+ saved_argv = xmalloc(sizeof(*saved_argv) * (ac + 1));
+ for (i = 0; i < ac; i++)
+ saved_argv[i] = xstrdup(av[i]);
+ saved_argv[i] = NULL;
+
+#ifndef HAVE_SETPROCTITLE
+ /* Prepare for later setproctitle emulation */
+ compat_init_setproctitle(ac, av);
+ av = saved_argv;
+#endif
/* Initialize configuration options to their default values. */
initialize_server_options(&options);
/* Parse command-line arguments. */
- while ((opt = getopt(ac, av, "f:p:b:k:h:g:V:u:o:dDeiqtQ46")) != -1) {
+ while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:dDeiqtQ46")) != -1) {
switch (opt) {
case '4':
IPv4or6 = AF_INET;
config_file_name = optarg;
break;
case 'd':
- if (0 == debug_flag) {
+ if (debug_flag == 0) {
debug_flag = 1;
options.log_level = SYSLOG_LEVEL_DEBUG1;
- } else if (options.log_level < SYSLOG_LEVEL_DEBUG3) {
+ } else if (options.log_level < SYSLOG_LEVEL_DEBUG3)
options.log_level++;
- } else {
- fprintf(stderr, "Too high debugging level.\n");
- exit(1);
- }
break;
case 'D':
no_daemon_flag = 1;
}
options.host_key_files[options.num_host_key_files++] = optarg;
break;
- case 'V':
- client_version_string = optarg;
- /* only makes sense with inetd_flag, i.e. no listen() */
- inetd_flag = 1;
- break;
case 't':
test_flag = 1;
break;
SYSLOG_LEVEL_INFO : options.log_level,
options.log_facility == SYSLOG_FACILITY_NOT_SET ?
SYSLOG_FACILITY_AUTH : options.log_facility,
- !inetd_flag);
+ log_stderr || !inetd_flag);
#ifdef _UNICOS
/* Cray can define user privs drop all prives now!
key_type(key));
}
if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
- log("Disabling protocol version 1. Could not load host key");
+ logit("Disabling protocol version 1. Could not load host key");
options.protocol &= ~SSH_PROTO_1;
}
#ifndef GSSAPI
/* The GSSAPI key exchange can run without a host key */
if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
- log("Disabling protocol version 2. Could not load host key");
+ logit("Disabling protocol version 2. Could not load host key");
options.protocol &= ~SSH_PROTO_2;
}
#endif
if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
- log("sshd: no hostkeys available -- exiting.");
+ logit("sshd: no hostkeys available -- exiting.");
exit(1);
}
#else
if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
#endif
- fatal("Bad owner or mode for %s",
- _PATH_PRIVSEP_CHROOT_DIR);
+ fatal("%s must be owned by root and not group or "
+ "world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
}
/* Configuration looks good, so exit if in test mode. */
if (test_flag)
exit(0);
-#ifdef GSSAPI
- ssh_gssapi_clean_env();
-#endif /* GSSAPI */
-
/*
* Clear out any supplemental groups we may have inherited. This
* prevents inadvertent creation of files with bad modes (in the
continue;
}
/* Create socket for listening. */
- listen_sock = socket(ai->ai_family, SOCK_STREAM, 0);
+ listen_sock = socket(ai->ai_family, ai->ai_socktype,
+ ai->ai_protocol);
if (listen_sock < 0) {
/* kernel may not support ipv6 */
verbose("socket: %.100s", strerror(errno));
num_listen_socks++;
/* Start listening on the port. */
- log("Server listening on %s port %s.", ntop, strport);
+ logit("Server listening on %s port %s.", ntop, strport);
if (listen(listen_sock, 5) < 0)
fatal("listen: %.100s", strerror(errno));
* overwrite any old pid in the file.
*/
f = fopen(options.pid_file, "wb");
- if (f) {
+ if (f == NULL) {
+ error("Couldn't create pid file \"%s\": %s",
+ options.pid_file, strerror(errno));
+ } else {
fprintf(f, "%ld\n", (long) getpid());
fclose(f);
}
if (ret < 0 && errno != EINTR)
error("select: %.100s", strerror(errno));
if (received_sigterm) {
- log("Received signal %d; terminating.",
+ logit("Received signal %d; terminating.",
(int) received_sigterm);
close_listen_socks();
unlink(options.pid_file);
* setlogin() affects the entire process group. We don't
* want the child to be able to affect the parent.
*/
-#if 0
- /* XXX: this breaks Solaris */
+#if !defined(SSHD_ACQUIRES_CTTY)
+ /*
+ * If setsid is called, on some platforms sshd will later acquire a
+ * controlling terminal which will result in "could not set
+ * controlling tty" errors.
+ */
if (!debug_flag && !inetd_flag && setsid() < 0)
error("setsid: %.100s", strerror(errno));
#endif
alarm(options.login_grace_time);
sshd_exchange_identification(sock_in, sock_out);
- /*
- * Check that the connection comes from a privileged port.
- * Rhosts-Authentication only makes sense from privileged
- * programs. Of course, if the intruder has root access on his local
- * machine, he can connect from any port. So do not use these
- * authentication methods from machines that you do not trust.
- */
- if (options.rhosts_authentication &&
- (remote_port >= IPPORT_RESERVED ||
- remote_port < IPPORT_RESERVED / 2)) {
- debug("Rhosts Authentication disabled, "
- "originating port %d not trusted.", remote_port);
- options.rhosts_authentication = 0;
- }
-#if defined(KRB4) && !defined(KRB5)
- if (!packet_connection_is_ipv4() &&
- options.kerberos_authentication) {
- debug("Kerberos Authentication disabled, only available for IPv4.");
- options.kerberos_authentication = 0;
- }
-#endif /* KRB4 && !KRB5 */
-#if defined(AFS) || defined(AFS_KRB5)
+#if defined(AFS_KRB5)
/* If machine has AFS, set process authentication group. */
if (k_hasafs()) {
k_setpag();
packet_set_nonblocking();
+ /* prepare buffers to collect authentication messages */
+ buffer_init(&loginmsg);
+
if (use_privsep)
if ((authctxt = privsep_preauth()) != NULL)
goto authenticated;
verbose("Closing connection to %.100s", remote_ip);
#ifdef USE_PAM
- finish_pam();
+ if (options.use_pam)
+ finish_pam();
#endif /* USE_PAM */
packet_close();
/* Declare supported authentication types. */
auth_mask = 0;
- if (options.rhosts_authentication)
- auth_mask |= 1 << SSH_AUTH_RHOSTS;
if (options.rhosts_rsa_authentication)
auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA;
if (options.rsa_authentication)
auth_mask |= 1 << SSH_AUTH_RSA;
-#if defined(KRB4) || defined(KRB5)
- if (options.kerberos_authentication)
- auth_mask |= 1 << SSH_AUTH_KERBEROS;
-#endif
-#if defined(AFS) || defined(KRB5)
- if (options.kerberos_tgt_passing)
- auth_mask |= 1 << SSH_PASS_KERBEROS_TGT;
-#endif
-#ifdef AFS
- if (options.afs_token_passing)
- auth_mask |= 1 << SSH_PASS_AFS_TOKEN;
-#endif
-#ifdef GSSAPI
- if (options.gss_authentication)
- auth_mask |= 1 << SSH_AUTH_GSSAPI;
-#endif
if (options.challenge_response_authentication == 1)
auth_mask |= 1 << SSH_AUTH_TIS;
if (options.password_authentication)
u_char *buf = xmalloc(bytes);
MD5_CTX md;
- log("do_connection: generating a fake encryption key");
+ logit("do_connection: generating a fake encryption key");
BN_bn2bin(session_key_int, buf);
MD5_Init(&md);
MD5_Update(&md, buf, bytes);
for (i = 0; i < 16; i++)
session_id[i] = session_key[i] ^ session_key[i + 16];
}
-
-#ifdef GSSAPI
- /*
- * Before we destroy the host and server keys, hash them so we can
- * send the hash over to the client via a secure channel so that it
- * can verify them.
- */
- {
- MD5_CTX md5context;
- Buffer buf;
- unsigned char *data;
- unsigned int data_len;
- extern unsigned char ssh1_key_digest[16]; /* in gss-genr.c */
-
-
- debug("Calculating MD5 hash of server and host keys...");
-
- /* Write all the keys to a temporary buffer */
- buffer_init(&buf);
-
- /* Server key */
- buffer_put_bignum(&buf, sensitive_data.server_key->rsa->e);
- buffer_put_bignum(&buf, sensitive_data.server_key->rsa->n);
-
- /* Host key */
- buffer_put_bignum(&buf, sensitive_data.ssh1_host_key->rsa->e);
- buffer_put_bignum(&buf, sensitive_data.ssh1_host_key->rsa->n);
-
- /* Get the resulting data */
- data = (unsigned char *) buffer_ptr(&buf);
- data_len = buffer_len(&buf);
-
- /* And hash it */
- MD5_Init(&md5context);
- MD5_Update(&md5context, data, data_len);
- MD5_Final(ssh1_key_digest, &md5context);
-
- /* Clean up */
- buffer_clear(&buf);
- buffer_free(&buf);
- }
-#endif /* GSSAPI */
-
/* Destroy the private and public keys. No longer. */
destroy_sensitive_data();
orig= NULL;
if (options.gss_keyex)
- gss = ssh_gssapi_mechanisms(1,NULL);
+ gss = ssh_gssapi_server_mechanisms();
else
gss = NULL;
/* start key exchange */
kex = kex_setup(myproposal);
+ kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
+ kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
+#ifdef GSSAPI
+ kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
+#endif
kex->server = 1;
kex->client_version_string=client_version_string;
kex->server_version_string=server_version_string;
-# $OpenBSD: sshd_config,v 1.42 2001/09/20 20:57:51 mouring Exp $
+# $OpenBSD: sshd_config,v 1.65 2003/08/28 12:54:34 markus Exp $
+
+# This is the sshd server system-wide configuration file. See
+# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
-# This is the sshd server system-wide configuration file. See sshd(8)
-# for more information.
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented. Uncommented options change a
+# default value.
-Port 22
+#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
-HostKey /etc/ssh_host_key
+#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
-HostKey /etc/ssh_host_rsa_key
-HostKey /etc/ssh_host_dsa_key
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
-KeyRegenerationInterval 3600
-ServerKeyBits 768
+#KeyRegenerationInterval 1h
+#ServerKeyBits 768
# Logging
-SyslogFacility AUTH
-LogLevel INFO
#obsoletes QuietMode and FascistLogging
+#SyslogFacility AUTH
+#LogLevel INFO
# Authentication:
-LoginGraceTime 600
-PermitRootLogin yes
-StrictModes yes
+#LoginGraceTime 2m
+#PermitRootLogin yes
+#StrictModes yes
-RSAAuthentication yes
-PubkeyAuthentication yes
-#AuthorizedKeysFile %h/.ssh/authorized_keys
+#RSAAuthentication yes
+#PubkeyAuthentication yes
+#AuthorizedKeysFile .ssh/authorized_keys
-# rhosts authentication should not be used
-RhostsAuthentication no
-# Don't read the user's ~/.rhosts and ~/.shosts files
-IgnoreRhosts yes
-# For this to work you will also need host keys in /etc/ssh_known_hosts
-RhostsRSAAuthentication no
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#RhostsRSAAuthentication no
# similar for protocol version 2
-HostbasedAuthentication no
-# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
-#IgnoreUserKnownHosts yes
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# RhostsRSAAuthentication and HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
-PasswordAuthentication yes
-PermitEmptyPasswords no
-
-# Uncomment to disable s/key passwords
-#ChallengeResponseAuthentication no
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
-# Uncomment to enable PAM keyboard-interactive authentication
-# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
-#PAMAuthenticationViaKbdInt yes
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
-# To change Kerberos options
+# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
-#AFSTokenPassing no
-#KerberosTicketCleanup no
-
-# Kerberos TGT Passing does only work with the AFS kaserver
-#KerberosTgtPassing yes
-
-X11Forwarding no
-X11DisplayOffset 10
-PrintMotd yes
-#PrintLastLog no
-KeepAlive yes
+#KerberosTicketCleanup yes
+
+# Session hooks: if allowed, specify the commands to execute
+#AllowSessionHooks yes
+#SessionHookStartupCmd /bin/true
+#SessionHookShutdownCmd /bin/true
+
+# GSSAPI options
+#GSSAPIAuthentication yes
+#GSSAPICleanupCreds yes
+
+# Set this to 'yes' to enable PAM authentication (via challenge-response)
+# and session processing. Depending on your PAM configuration, this may
+# bypass the setting of 'PasswordAuthentication'
+#UsePAM yes
+
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PrintMotd yes
+#PrintLastLog yes
+#KeepAlive yes
#UseLogin no
-
-#MaxStartups 10:30:60
-#Banner /etc/issue.net
-#ReverseMappingCheck yes
-
+#UsePrivilegeSeparation yes
+#PermitUserEnvironment no
+#Compression yes
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS yes
+#PidFile /var/run/sshd.pid
+#MaxStartups 10
+
+# no default banner path
+#Banner /some/path
+
+# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.13 2002/09/16 20:12:11 stevesk Exp $
+.\" $OpenBSD: sshd_config.5,v 1.25 2003/09/01 09:50:04 markus Exp $
.Dd September 25, 1999
.Dt SSHD_CONFIG 5
.Os
keywords and their meanings are as follows (note that
keywords are case-insensitive and arguments are case-sensitive):
.Bl -tag -width Ds
-.It Cm AFSTokenPassing
-Specifies whether an AFS token may be forwarded to the server.
-Default is
-.Dq no .
.It Cm AllowGroups
This keyword can be followed by a list of group name patterns, separated
by spaces.
group or supplementary group list matches one of the patterns.
.Ql \&*
and
-.Ql ?
+.Ql \&?
can be used as
wildcards in the patterns.
Only group names are valid; a numerical group ID is not recognized.
.It Cm AllowUsers
This keyword can be followed by a list of user name patterns, separated
by spaces.
-If specified, login is allowed only for users names that
+If specified, login is allowed only for user names that
match one of the patterns.
.Ql \&*
and
-.Ql ?
+.Ql \&?
can be used as
wildcards in the patterns.
Only user names are valid; a numerical user ID is not recognized.
for user authentication.
.Cm AuthorizedKeysFile
may contain tokens of the form %T which are substituted during connection
-set-up. The following tokens are defined: %% is replaced by a literal '%',
+set-up.
+The following tokens are defined: %% is replaced by a literal '%',
%h is replaced by the home directory of the user being authenticated and
%u is replaced by the username of that user.
After expansion,
.Pp
.Bd -literal
``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
- aes192-cbc,aes256-cbc''
+ aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr''
.Ed
.It Cm ClientAliveInterval
Sets a timeout interval in seconds after which if no data has been received
Sets the number of client alive messages (see above) which may be
sent without
.Nm sshd
-receiving any messages back from the client. If this threshold is
-reached while client alive messages are being sent,
+receiving any messages back from the client.
+If this threshold is reached while client alive messages are being sent,
.Nm sshd
-will disconnect the client, terminating the session. It is important
-to note that the use of client alive messages is very different from
+will disconnect the client, terminating the session.
+It is important to note that the use of client alive messages is very
+different from
.Cm KeepAlive
-(below). The client alive messages are sent through the
-encrypted channel and therefore will not be spoofable. The TCP keepalive
-option enabled by
+(below).
+The client alive messages are sent through the encrypted channel
+and therefore will not be spoofable.
+The TCP keepalive option enabled by
.Cm KeepAlive
-is spoofable. The client alive mechanism is valuable when the client or
+is spoofable.
+The client alive mechanism is valuable when the client or
server depend on knowing when a connection has become inactive.
.Pp
-The default value is 3. If
+The default value is 3.
+If
.Cm ClientAliveInterval
(above) is set to 15, and
.Cm ClientAliveCountMax
group list matches one of the patterns.
.Ql \&*
and
-.Ql ?
+.Ql \&?
can be used as
wildcards in the patterns.
Only group names are valid; a numerical group ID is not recognized.
Login is disallowed for user names that match one of the patterns.
.Ql \&*
and
-.Ql ?
+.Ql \&?
can be used as wildcards in the patterns.
Only user names are valid; a numerical user ID is not recognized.
By default, login is allowed for all users.
forwarded for the client.
By default,
.Nm sshd
-binds remote port forwardings to the loopback address. This
-prevents other remote hosts from connecting to forwarded ports.
+binds remote port forwardings to the loopback address.
+This prevents other remote hosts from connecting to forwarded ports.
.Cm GatewayPorts
can be used to specify that
.Nm sshd
.Dq no .
The default is
.Dq no .
-.It Cm HostbasedAuthentication
-Specifies whether rhosts or /etc/hosts.equiv authentication together
-with successful public key client host authentication is allowed
-(hostbased authentication).
-This option is similar to
-.Cm RhostsRSAAuthentication
-and applies to protocol version 2 only.
-The default is
-.Dq no .
-.It Cm GssapiAuthentication
-Specifies whether authentication based on GSSAPI may be used, either using
-the result of a successful key exchange, or using GSSAPI user
-authentication.
+.It Cm GSSAPIAuthentication
+Specifies whether user authentication based on GSSAPI is allowed.
The default is
.Dq yes .
-.It Cm GssapiKeyExchange
+Note that this option applies to protocol version 2 only.
+.It Cm GSSAPICleanupCreds
+Specifies whether to automatically destroy the user's credentials cache
+on logout.
+The default is
+.Dq yes .
+Note that this option applies to protocol version 2 only.
+.It Cm GSSAPIKeyExchange
Specifies whether key exchange based on GSSAPI may be used. When using
GSSAPI key exchange the server need not have a host key.
The default is
.Dq yes .
-.It Cm GssapiUseSessionCredCache
+Note that this option applies to protocol version 2 only.
+.It Cm GSSAPIUseSessionCredCache
Specifies whether a unique credentials cache name should be generated per
session for storing delegated credentials.
The default is
.Dq yes .
-.It Cm GssapiCleanupCreds
-Specifies whether the credentials cache should be removed at the end
-of the session.
+Note that this option applies to protocol version 2 only.
+.It Cm HostbasedAuthentication
+Specifies whether rhosts or /etc/hosts.equiv authentication together
+with successful public key client host authentication is allowed
+(hostbased authentication).
+This option is similar to
+.Cm RhostsRSAAuthentication
+and applies to protocol version 2 only.
The default is
-.Dq yes .
+.Dq no .
.It Cm HostKey
Specifies a file containing a private host key
used by SSH.
and
.Pa .shosts
files will not be used in
-.Cm RhostsAuthentication ,
.Cm RhostsRSAAuthentication
or
.Cm HostbasedAuthentication .
To disable keepalives, the value should be set to
.Dq no .
.It Cm KerberosAuthentication
-Specifies whether Kerberos authentication is allowed.
-This can be in the form of a Kerberos ticket, or if
+Specifies whether the password provided by the user for
.Cm PasswordAuthentication
-is yes, the password provided by the user will be validated through
-the Kerberos KDC.
+will be validated through the Kerberos KDC.
To use this option, the server needs a
Kerberos servtab which allows the verification of the KDC's identity.
Default is
.Pa /etc/passwd .
Default is
.Dq yes .
-.It Cm KerberosTgtPassing
-Specifies whether a Kerberos TGT may be forwarded to the server.
-Default is
-.Dq no ,
-as this only works when the Kerberos KDC is actually an AFS kaserver.
.It Cm KerberosTicketCleanup
Specifies whether to automatically destroy the user's ticket cache
file on logout.
.Nm sshd
will listen on the address and all prior
.Cm Port
-options specified. The default is to listen on all local
-addresses. Multiple
+options specified.
+The default is to listen on all local addresses.
+Multiple
.Cm ListenAddress
-options are permitted. Additionally, any
+options are permitted.
+Additionally, any
.Cm Port
options must precede this option for non port qualified addresses.
.It Cm LoginGraceTime
.Nm sshd .
The possible values are:
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
-The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2
-and DEBUG3 each specify higher levels of debugging output.
-Logging with a DEBUG level violates the privacy of users
-and is not recommended.
+The default is INFO.
+DEBUG and DEBUG1 are equivalent.
+DEBUG2 and DEBUG3 each specify higher levels of debugging output.
+Logging with a DEBUG level violates the privacy of users and is not recommended.
.It Cm MACs
Specifies the available MAC (message authentication code) algorithms.
The MAC algorithm is used in protocol version 2
are refused if the number of unauthenticated connections reaches
.Dq full
(60).
-.It Cm PAMAuthenticationViaKbdInt
-Specifies whether PAM challenge response authentication is allowed. This
-allows the use of most PAM challenge response authentication modules, but
-it will allow password authentication regardless of whether
-.Cm PasswordAuthentication
-is enabled.
.It Cm PasswordAuthentication
Specifies whether password authentication is allowed.
The default is
.Ar command
option has been specified
(which may be useful for taking remote backups even if root login is
-normally not allowed). All other authentication methods are disabled
-for root.
+normally not allowed).
+All other authentication methods are disabled for root.
.Pp
If this option is set to
.Dq no
The default is
.Dq yes .
Note that this option applies to protocol version 2 only.
-.It Cm RhostsAuthentication
-Specifies whether authentication using rhosts or /etc/hosts.equiv
-files is sufficient.
-Normally, this method should not be permitted because it is insecure.
.Cm RhostsRSAAuthentication
should be used
instead, because it performs RSA-based host authentication in addition
The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
The default is AUTH.
+.It Cm UseDNS
+Specifies whether
+.Nm sshd
+should lookup the remote host name and check that
+the resolved host name for the remote IP address maps back to the
+very same IP address.
+The default is
+.Dq yes .
.It Cm UseLogin
Specifies whether
.Xr login 1
.Xr login 1
does not know how to handle
.Xr xauth 1
-cookies. If
+cookies.
+If
.Cm UsePrivilegeSeparation
is specified, it will be disabled after authentication.
+.It Cm UsePAM
+Enables PAM authentication (via challenge-response) and session set up.
+If you enable this, you should probably disable
+.Cm PasswordAuthentication .
+If you enable
+.CM UsePAM
+then you will not be able to run sshd as a non-root user.
.It Cm UsePrivilegeSeparation
Specifies whether
.Nm sshd
separates privileges by creating an unprivileged child process
-to deal with incoming network traffic. After successful authentication,
-another process will be created that has the privilege of the authenticated
-user. The goal of privilege separation is to prevent privilege
+to deal with incoming network traffic.
+After successful authentication, another process will be created that has
+the privilege of the authenticated user.
+The goal of privilege separation is to prevent privilege
escalation by containing any corruption within the unprivileged processes.
The default is
.Dq yes .
-.It Cm VerifyReverseMapping
-Specifies whether
-.Nm sshd
-should try to verify the remote host name and check that
-the resolved host name for the remote IP address maps back to the
-very same IP address.
-The default is
-.Dq no .
.It Cm X11DisplayOffset
Specifies the first display number available for
.Nm sshd Ns 's
forwarding (see the warnings for
.Cm ForwardX11
in
-.Xr ssh_config 5 ).
+.Xr ssh_config 5 ) .
A system administrator may have a stance in which they want to
protect clients that may expose themselves to attack by unwittingly
requesting X11 forwarding, which can warrant a
Specifies whether
.Nm sshd
should bind the X11 forwarding server to the loopback address or to
-the wildcard address. By default,
+the wildcard address.
+By default,
.Nm sshd
binds the forwarding server to the loopback address and sets the
hostname part of the
.Pa /usr/X11R6/bin/xauth .
.El
.Ss Time Formats
-.Pp
.Nm sshd
command-line arguments and configuration file options that specify time
may be expressed using a sequence of the form:
This file should be writable by root only, but it is recommended
(though not necessary) that it be world-readable.
.El
+.Sh SEE ALSO
+.Xr sshd 8
.Sh AUTHORS
OpenSSH is a derivative of the original and free
ssh 1.2.12 release by Tatu Ylonen.
protocol versions 1.5 and 2.0.
Niels Provos and Markus Friedl contributed support
for privilege separation.
-.Sh SEE ALSO
-.Xr sshd 8
-/* $OpenBSD: version.h,v 1.25 2001/10/15 16:10:50 deraadt Exp $ */
+/* $OpenBSD: version.h,v 1.39 2003/09/16 21:02:40 markus Exp $ */
-#define SSH_VERSION "OpenSSH_3.0.2p1"
+#ifdef GSI
+#define GSI_VERSION " GSI"
+#else
+#define GSI_VERSION ""
+#endif
+
+#ifdef KRB5
+#define KRB5_VERSION " KRB5"
+#else
+#define KRB5_VERSION ""
+#endif
+
+#ifdef MECHGLUE
+#define MGLUE_VERSION " MECHGLUE"
+#else
+#define MGLUE_VERSION ""
+#endif
+
+#define SSH_VERSION "OpenSSH_3.7.1p2" \
+ " NCSA_GSSAPI_20040119" \
+ GSI_VERSION KRB5_VERSION MGLUE_VERSION
setup/gsi_openssh_setup/ssh_prng_cmds.in
setup/gsi_openssh_setup/sshd_config.in
setup/gsi_openssh_setup/SXXsshd.in
-man/man5/ssh_config.5
-man/man5/sshd_config.5
# to the name gpt-bundle gives in its 'packaging_list'.
#
-$srcdirname = "gsi_openssh_setup-2.1-src";
-$srcpkgname = "gsi_openssh_setup-2.1-src";
+$srcdirname = "gsi_openssh_setup-2.11-src";
+$srcpkgname = "gsi_openssh_setup-2.11-src";
#
# uncomment when we've got a better place to get the current version from
--- /dev/null
+<Package name="gsi_openssh_setup">
+ <Depends>
+ </Depends>
+
+ <Dist>
+ <File name="gsi_openssh_setup-2.11-src.tar.gz" />
+
+ <Steps>
+ <Step>
+ <Description>
+ Creating package...
+ </Description>
+ <Command>
+ ./make_gpt_dist
+ </Command>
+ </Step>
+ </Steps>
+ </Dist>
+</Package>
<gpt_package_metadata Format_Version="0.02" Name="gsi_openssh_setup" >
- <Aging_Version Major="2" Minor="1" Age="1" />
+ <Aging_Version Major="2" Minor="11" Age="0" />
<Description>GSI-Enabled OpenSSH setup package</Description>
<Functional_Group >gsi_openssh</Functional_Group>
<Version_Stability Release="stable" />
<src_pkg >
- <Version_Label>3.5p1</Version_Label>
+ <Version_Label>GSI-OpenSSH 2.11 / OpenSSH 3.7.1p2</Version_Label>
<With_Flavors build="no" />
<Build_Step>cp ./sshd_config.in INSTALLDIR_GPTMACRO/setup/gsi_openssh_setup/sshd_config.in</Build_Step>
<Build_Step>cp ./moduli INSTALLDIR_GPTMACRO/setup/gsi_openssh_setup/moduli</Build_Step>
- <Build_Step>mkdir -p INSTALLDIR_GPTMACRO/man/man5/</Build_Step>
- <Build_Step>cp ./ssh_config.5 INSTALLDIR_GPTMACRO/man/man5/ssh_config.5</Build_Step>
- <Build_Step>cp ./sshd_config.5 INSTALLDIR_GPTMACRO/man/man5/sshd_config.5</Build_Step>
-
</Build_Instructions>
<Post_Install_Program >
</Post_Install_Message>
<Setup Name="gsi_openssh_setup">
- <Aging_Version Major="2" Minor="1" Age="1" />
+ <Aging_Version Major="2" Minor="11" Age="0" />
</Setup>
</src_pkg >
$gpath = $ENV{GLOBUS_LOCATION};
if (!defined($gpath))
{
- die "GLOBUS_LOCATION needs to be set before running this script"
+ exitDie("ERROR: GLOBUS_LOCATION needs to be set before running this script!\n");
}
#
$prefix = ${globusdir};
$exec_prefix = "${prefix}";
-$bindir = "${exec_prefix}/bin";
+$bindir = "${exec_prefix}/bin/ssh.d";
$sbindir = "${exec_prefix}/sbin";
$sysconfdir = "$prefix/etc/ssh";
$localsshdir = "/etc/ssh";
my($prompt, $force, $verbose);
$prompt = 1;
+$verbose = 0;
GetOptions(
'prompt!' => \$prompt,
# point.
#
-print "$myname: Configuring package 'gsi_openssh'...\n";
-print "---------------------------------------------------------------------\n";
-print "Hi, I'm the setup script for the gsi_openssh package! I will create\n";
-print "a number of configuration files based on your local system setup. I\n";
-print "will also attempt to copy or create a number of SSH key pairs for\n";
-print "this machine. (Loosely, if I find a pair of host keys in /etc/ssh,\n";
-print "I will copy them into \$GLOBUS_LOCATION/etc/ssh. Otherwise, I will\n";
-print "generate them for you.)\n";
-print "\n";
-
-if ( isForced() )
-{
- print "WARNING:\n";
- print "\n";
- print " Using the '-force' flag will cause all gsi_openssh_setup files to\n";
- print " be removed and replaced by new versions! Backup any critical\n";
- print " SSH configuration files before you choose to continue!\n";
- print "\n";
-}
-
-$response = query_boolean("Do you wish to continue with the setup package?","y");
-if ($response eq "n")
-{
- print "\n";
- print "Exiting gsi_openssh setup.\n";
-
- exit 0;
-}
-
-print "\n";
+debug0("Configuring gsi_openssh\n");
+debug0("------------------------------------------------------------\n");
+debug0("Executing...\n");
makeConfDir();
copyPRNGFile();
$keyhash = determineKeys();
runKeyGen($keyhash->{gen});
-copyKeyFiles($keyhash->{copy});
+linkKeyFiles($keyhash->{link});
copyConfigFiles();
my $metadata = new Grid::GPT::Setup(package_name => "gsi_openssh_setup");
$metadata->finish();
-print "\n";
-print "Additional Notes:\n";
-print "\n";
-print " o I see that you have your GLOBUS_LOCATION environmental variable\n";
-print " set to:\n";
-print "\n";
-print " \"$gpath\"\n";
-print "\n";
-print " Remember to keep this variable set (correctly) when you want to\n";
-print " use the executables that came with this package.\n";
-print "\n";
-print " After that you may execute, for example:\n";
-print "\n";
-print " \$ . \$GLOBUS_LOCATION/etc/globus-user-env.sh\n";
-print "\n";
-print " to prepare your environment for running the gsi_openssh\n";
-print " executables.\n";
-print "\n";
-print " o I recommend you review and customize to your liking the contents of\n";
-print "\n";
-print " \$GLOBUS_LOCATION/etc/ssh\n";
-print "\n";
-print " \"I can only show you the door. You have to walk through it.\"\n";
-
-if ( !getPrivilegeSeparation() )
+debug0("\n");
+debug0("Notes:\n\n");
+
+if ( getPrivilegeSeparation() )
{
- print "\n";
- print " o For System Administrators:\n";
- print "\n";
- print " If you are going to run the GSI-OpenSSH server, we recommend\n";
- print " enabling privilege separation. Although this package supports\n";
- print " this feature, your system appears to require some additional\n";
- print " configuration.\n";
- print "\n";
- print " From the file README.privsep, included as a part of the OpenSSH\n";
- print " distribution:\n";
- print "\n";
- print " When privsep is enabled, during the pre-authentication\n";
- print " phase sshd will chroot(2) to \"/var/empty\" and change its\n";
- print " privileges to the \"sshd\" user and its primary group. sshd\n";
- print " is a pseudo-account that should not be used by other\n";
- print " daemons, and must be locked and should contain a \"nologin\"\n";
- print " or invalid shell.\n";
- print "\n";
- print " You should do something like the following to prepare the\n";
- print " privsep preauth environment:\n";
- print "\n";
- print " \# mkdir /var/empty\n";
- print " \# chown root:sys /var/empty\n";
- print " \# chmod 755 /var/empty\n";
- print " \# groupadd sshd\n";
- print " \# useradd -g sshd -c 'sshd privsep' -d /var/empty \\\n";
- print " -s /bin/false sshd\n";
- print "\n";
- print " /var/empty should not contain any files.\n";
+ debug0(" o Privilege separation is on.\n");
}
-
-print "\n";
-print " o For more information about GSI-Enabled OpenSSH, visit:\n";
-print " <http://www.ncsa.uiuc.edu/Divisions/NSM/GST/GSI/openssh/>\n";
-
-#
-# give the user a chance to read all of this output
-#
-
-if ( $prompt )
+elsif ( !getPrivilegeSeparation() )
{
- print "\n";
- print "Press <return> to continue... ";
- $trash = <STDIN>;
+ debug0(" o Privilege separation is off.\n");
}
-print "---------------------------------------------------------------------\n";
-print "$myname: Finished configuring package 'gsi_openssh'.\n";
+debug0(" o GSI-OpenSSH website is <http://grid.ncsa.uiuc.edu/ssh/>.\n");
+debug0("------------------------------------------------------------\n");
+debug0("Finished configuring gsi_openssh.\n");
exit;
addPRNGCommand("\@PROG_IPCS\@", "ipcs");
addPRNGCommand("\@PROG_TAIL\@", "tail");
- print "Determining paths for PRNG commands...\n";
+ debug1("Determining paths for PRNG commands...\n");
$paths = determinePRNGPaths();
if ( isPresent("$sysconfdir/ssh_prng_cmds") && !isForced() )
{
- printf("ssh_prng_cmds found and not forced. Not installing ssh_prng_cmds...\n");
+ debug1("ssh_prng_cmds found and not forced. Not installing ssh_prng_cmds...\n");
return;
}
initPRNGHash();
- print "Fixing paths in ssh_prng_cmds...\n";
+ debug1("Fixing paths in ssh_prng_cmds...\n");
$fileInput = "$setupdir/ssh_prng_cmds.in";
$fileOutput = "$sysconfdir/ssh_prng_cmds";
if ( !isReadable($fileInput) )
{
- printf("Cannot read $fileInput... skipping.\n");
+ debug1("Cannot read $fileInput... skipping.\n");
return;
}
return "undef";
}
-### copyKeyFiles( $copylist )
+### linkKeyFiles( $linklist )
#
-# given an array of keys to copy, copy both the key and its public variant into
+# given an array of keys to link, link both the key and its public variant into
# the gsi-openssh configuration directory.
#
-sub copyKeyFiles
+sub linkKeyFiles
{
- my($copylist) = @_;
+ my($linklist) = @_;
my($regex, $basename);
- if (@$copylist)
+ if (@$linklist)
{
- print "Copying ssh host keys...\n";
+ debug1("Linking ssh host keys...\n");
- for my $f (@$copylist)
+ for my $f (@$linklist)
{
$f =~ s:/+:/:g;
$keyfile = "$f";
$pubkeyfile = "$f.pub";
- copyFile("$localsshdir/$keyfile", "$sysconfdir/$keyfile");
- copyFile("$localsshdir/$pubkeyfile", "$sysconfdir/$pubkeyfile");
+ linkFile("$localsshdir/$keyfile", "$sysconfdir/$keyfile");
+ linkFile("$localsshdir/$pubkeyfile", "$sysconfdir/$pubkeyfile");
}
}
}
return;
}
- die("${sysconfdir} already exists and is not a directory!\n");
+ debug1("${sysconfdir} already exists and is not a directory!\n");
+ exit;
}
- print "Could not find ${sysconfdir} directory... creating.\n";
+ debug1("Could not find ${sysconfdir} directory... creating.\n");
action("mkdir -p $sysconfdir");
return;
$keyhash = {};
$keyhash->{gen} = []; # a list of keytypes to generate
- $keyhash->{copy} = []; # a list of files to copy from the
+ $keyhash->{link} = []; # a list of files to link
$genlist = $keyhash->{gen};
- $copylist = $keyhash->{copy};
+ $linklist = $keyhash->{link};
#
# loop over our keytypes and determine what we need to do for each of them
}
#
- # if we can find a copy of the keys in /etc/ssh, we'll copy them to the user's
+ # if we can find a copy of the keys in /etc/ssh, we'll link them to the user's
# globus location
#
$mainkeyfile = "$localsshdir/$basekeyfile";
$mainpubkeyfile = "$localsshdir/$basekeyfile.pub";
- if ( isReadable($mainkeyfile) && isReadable($mainpubkeyfile) )
+ if ( isPresent($mainkeyfile) && isPresent($mainpubkeyfile) )
{
- push(@$copylist, $basekeyfile);
+ push(@$linklist, $basekeyfile);
$count++;
next;
}
if (@$gen_keys && -x $keygen)
{
- print "Generating ssh host keys...\n";
+ debug1("Generating ssh host keys...\n");
for my $k (@$gen_keys)
{
my($line, $newline);
my($privsep_enabled);
- print "Fixing paths in sshd_config...\n";
+ debug1("Fixing paths in sshd_config...\n");
$fileInput = "$setupdir/sshd_config.in";
$fileOutput = "$sysconfdir/sshd_config";
if ( !isReadable($fileInput) )
{
- printf("Cannot read $fileInput... skipping.\n");
+ debug1("Cannot read $fileInput... skipping.\n");
return;
}
$data = readFile($fileInput);
- #
- # alter the PidFile config
- #
-
- $text = "PidFile\t$gpath/var/sshd.pid";
- $data =~ s:^[\s|#]*PidFile.*$:$text:gm;
+ # #
+ # # alter the PidFile config
+ # #
+ #
+ # $text = "PidFile\t$gpath/var/sshd.pid";
+ # $data =~ s:^[\s|#]*PidFile.*$:$text:gm;
#
# set the sftp directive
if ( isPresent($file) )
{
- printf("$file already exists... ");
+ debug1("$file already exists... ");
if ( isForced() )
{
if ( isWritable($file) )
{
- printf("removing.\n");
+ debug1("removing.\n");
action("rm $file");
return 1;
}
else
{
- printf("not writable -- skipping.\n");
+ debug1("not writable -- skipping.\n");
return 0;
}
}
else
{
- printf("skipping.\n");
+ debug1("skipping.\n");
return 0;
}
}
# do straight copies of the ssh_config and moduli files.
#
- printf("Copying ssh_config and moduli to their proper location...\n");
+ debug1("Copying ssh_config and moduli to their proper location...\n");
copyFile("$setupdir/ssh_config", "$sysconfdir/ssh_config");
copyFile("$setupdir/moduli", "$sysconfdir/moduli");
copySXXScript("$setupdir/SXXsshd.in", "$sbindir/SXXsshd");
}
+### linkFile( $src, $dest )
+#
+# create a symbolic link from $src to $dest.
+#
+
+sub linkFile
+{
+ my($src, $dest) = @_;
+
+ if ( !isPresent($src) )
+ {
+ debug1("$src is not readable... not creating $dest.\n");
+ return;
+ }
+
+ if ( !prepareFileWrite($dest) )
+ {
+ return;
+ }
+
+ action("ln -s $src $dest");
+}
+
### copyFile( $src, $dest )
#
# copy the file pointed to by $src to the location specified by $dest. in the
if ( !isReadable($src) )
{
- printf("$src is not readable... not creating $dest.\n");
+ debug1("$src is not readable... not creating $dest.\n");
return;
}
if ( !isReadable($in) )
{
- printf("$in is not readable... not creating $out.\n");
+ debug1("$in is not readable... not creating $out.\n");
return;
}
my($filename) = @_;
my($data);
- open(IN, "$filename") || die "Can't open '$filename': $!";
+ open(IN, "$filename") || exitDie("ERROR: Can't open '$filename': $!\n");
$/ = undef;
$data = <IN>;
$/ = "\n";
if ( !defined($filename) || (length($filename) lt 1) )
{
- die "Filename is undefined";
+ exitDie("ERROR: Filename is undefined!\n");
}
#
close(OUT);
}
+### debug1( $arg1, $arg2 )
+#
+# Print out a debugging message at level 1.
+#
+
+sub debug1
+{
+ debug(string => \@_, level => 1);
+}
+
+### debug0( $arg1, $arg2 )
+#
+# Print out a debugging message at level 0.
+#
+
+sub debug0
+{
+ debug(string => \@_, level => 0);
+}
+
+### debug( string => $string, level => $level )
+#
+# Print out debugging messages at various levels. Feel free to use debugN() directly
+# which in turn calls this subroutine.
+#
+
+sub debug
+{
+ my %args = @_;
+
+ if (!defined($args{'level'}))
+ {
+ $args{'level'} = 0;
+ }
+
+ if ($verbose >= $args{'level'})
+ {
+ printf(@{$args{'string'}});
+ }
+}
+
### action( $command )
#
# run $command within a proper system() command.
{
my($command) = @_;
- printf "$command\n";
+ debug1("$command\n");
- my $result = system("LD_LIBRARY_PATH=\"$gpath/lib:\$LD_LIBRARY_PATH\"; $command 2>&1");
+ my $result = system("LD_LIBRARY_PATH=\"$gpath/lib:\$LD_LIBRARY_PATH\"; $command >/dev/null 2>&1");
if (($result or $?) and $command !~ m!patch!)
{
- die "ERROR: Unable to execute command: $!\n";
+ exitDie("ERROR: Unable to execute command: $!\n");
}
}
+### exitDie( $error )
+#
+# a horribly named method meant to look like die but only exit, thereby not causing
+# gpt-postinstall to croak.
+#
+
+sub exitDie
+{
+ my($error) = @_;
+
+ print $error;
+ exit;
+}
+
### query_boolean( $query_text, $default )
#
# query the user with a string, and expect a response. If the user hits
$bar = $default;
}
+ elsif ($bar eq '')
+ {
+ $bar = $default;
+ }
elsif ($bar ne $default)
{
# everything else means 'nondefault'.
-# $OpenBSD: ssh_config,v 1.16 2002/07/03 14:21:05 markus Exp $
+# $OpenBSD: ssh_config,v 1.19 2003/08/13 08:46:31 markus Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# Host *
# ForwardAgent no
# ForwardX11 no
-# RhostsAuthentication no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# BatchMode no
# CheckHostIP yes
+# AddressFamily any
+# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
+++ /dev/null
-.\" -*- nroff -*-
-.\"
-.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
-.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
-.\" All rights reserved
-.\"
-.\" As far as I am concerned, the code I have written for this software
-.\" can be used freely for any purpose. Any derived versions of this
-.\" software must be clearly marked as such, and if the derived work is
-.\" incompatible with the protocol description in the RFC file, it must be
-.\" called by a name other than "ssh" or "Secure Shell".
-.\"
-.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
-.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
-.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
-.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.\" $OpenBSD: ssh_config.5,v 1.1 2002/06/20 19:56:07 stevesk Exp $
-.Dd September 25, 1999
-.Dt SSH_CONFIG 5
-.Os
-.Sh NAME
-.Nm ssh_config
-.Nd OpenSSH SSH client configuration files
-.Sh SYNOPSIS
-.Bl -tag -width Ds -compact
-.It Pa $HOME/.ssh/config
-.It Pa $GLOBUS_LOCATION/etc/ssh/ssh_config
-.El
-.Sh DESCRIPTION
-.Nm ssh
-obtains configuration data from the following sources in
-the following order:
-command line options,
-feature-specific user configuration file(s) (see below),
-user's configuration file
-.Pq Pa $HOME/.ssh/config ,
-and system-wide configuration file
-.Pq Pa $GLOBUS_LOCATION/etc/ssh/ssh_config .
-For compatibility with other
-.Nm
-versions, the following feature-specific user configuration files
-will be processed after the command line options but before the user's
-main configuration file, so options that other
-.Nm
-versions may not support don't need to go in the main configuration file:
-.Bl -tag -width Ds
-.It Pa $HOME/.ssh/config.gssapi
-Read if GSSAPI authentication is supported. This is a good place for
-the GssapiAuthentication and GssapiDelegateCredentials options.
-.It Pa $HOME/.ssh/config.krb
-Read if Kerberos authentication is supported. This is a good place
-for the KerberosAuthentication and KerberosTgtPassing options.
-.It Pa $HOME/.ssh/config.afs
-Read if AFS token passing is supported. This is a good place for the
-AfsTokenPassing option.
-.El
-.Pp
-For each parameter, the first obtained value
-will be used.
-The configuration files contain sections bracketed by
-.Dq Host
-specifications, and that section is only applied for hosts that
-match one of the patterns given in the specification.
-The matched host name is the one given on the command line.
-.Pp
-Since the first obtained value for each parameter is used, more
-host-specific declarations should be given near the beginning of the
-file, and general defaults at the end.
-.Pp
-The configuration file has the following format:
-.Pp
-Empty lines and lines starting with
-.Ql #
-are comments.
-.Pp
-Otherwise a line is of the format
-.Dq keyword arguments .
-Configuration options may be separated by whitespace or
-optional whitespace and exactly one
-.Ql = ;
-the latter format is useful to avoid the need to quote whitespace
-when specifying configuration options using the
-.Nm ssh ,
-.Nm scp
-and
-.Nm sftp
-.Fl o
-option.
-.Pp
-The possible
-keywords and their meanings are as follows (note that
-keywords are case-insensitive and arguments are case-sensitive):
-.Bl -tag -width Ds
-.It Cm Host
-Restricts the following declarations (up to the next
-.Cm Host
-keyword) to be only for those hosts that match one of the patterns
-given after the keyword.
-.Ql \&*
-and
-.Ql ?
-can be used as wildcards in the
-patterns.
-A single
-.Ql \&*
-as a pattern can be used to provide global
-defaults for all hosts.
-The host is the
-.Ar hostname
-argument given on the command line (i.e., the name is not converted to
-a canonicalized host name before matching).
-.It Cm AFSTokenPassing
-Specifies whether to pass AFS tokens to remote host.
-The argument to this keyword must be
-.Dq yes
-or
-.Dq no .
-This option applies to protocol version 1 only.
-.It Cm BatchMode
-If set to
-.Dq yes ,
-passphrase/password querying will be disabled.
-This option is useful in scripts and other batch jobs where no user
-is present to supply the password.
-The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
-.It Cm BindAddress
-Specify the interface to transmit from on machines with multiple
-interfaces or aliased addresses.
-Note that this option does not work if
-.Cm UsePrivilegedPort
-is set to
-.Dq yes .
-.It Cm ChallengeResponseAuthentication
-Specifies whether to use challenge response authentication.
-The argument to this keyword must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq yes .
-.It Cm CheckHostIP
-If this flag is set to
-.Dq yes ,
-ssh will additionally check the host IP address in the
-.Pa known_hosts
-file.
-This allows ssh to detect if a host key changed due to DNS spoofing.
-If the option is set to
-.Dq no ,
-the check will not be executed.
-The default is
-.Dq yes .
-.It Cm Cipher
-Specifies the cipher to use for encrypting the session
-in protocol version 1.
-Currently,
-.Dq blowfish ,
-.Dq 3des ,
-and
-.Dq des
-are supported.
-.Ar des
-is only supported in the
-.Nm ssh
-client for interoperability with legacy protocol 1 implementations
-that do not support the
-.Ar 3des
-cipher. Its use is strongly discouraged due to cryptographic
-weaknesses.
-The default is
-.Dq 3des .
-.It Cm Ciphers
-Specifies the ciphers allowed for protocol version 2
-in order of preference.
-Multiple ciphers must be comma-separated.
-The default is
-.Pp
-.Bd -literal
- ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
- aes192-cbc,aes256-cbc''
-.Ed
-.It Cm ClearAllForwardings
-Specifies that all local, remote and dynamic port forwardings
-specified in the configuration files or on the command line be
-cleared. This option is primarily useful when used from the
-.Nm ssh
-command line to clear port forwardings set in
-configuration files, and is automatically set by
-.Xr scp 1
-and
-.Xr sftp 1 .
-The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
-.It Cm Compression
-Specifies whether to use compression.
-The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
-.It Cm CompressionLevel
-Specifies the compression level to use if compression is enabled.
-The argument must be an integer from 1 (fast) to 9 (slow, best).
-The default level is 6, which is good for most applications.
-The meaning of the values is the same as in
-.Xr gzip 1 .
-Note that this option applies to protocol version 1 only.
-.It Cm ConnectionAttempts
-Specifies the number of tries (one per second) to make before exiting.
-The argument must be an integer.
-This may be useful in scripts if the connection sometimes fails.
-The default is 1.
-.It Cm DynamicForward
-Specifies that a TCP/IP port on the local machine be forwarded
-over the secure channel, and the application
-protocol is then used to determine where to connect to from the
-remote machine. The argument must be a port number.
-Currently the SOCKS4 protocol is supported, and
-.Nm ssh
-will act as a SOCKS4 server.
-Multiple forwardings may be specified, and
-additional forwardings can be given on the command line. Only
-the superuser can forward privileged ports.
-.It Cm EscapeChar
-Sets the escape character (default:
-.Ql ~ ) .
-The escape character can also
-be set on the command line.
-The argument should be a single character,
-.Ql ^
-followed by a letter, or
-.Dq none
-to disable the escape
-character entirely (making the connection transparent for binary
-data).
-.It Cm ForwardAgent
-Specifies whether the connection to the authentication agent (if any)
-will be forwarded to the remote machine.
-The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
-.It Cm ForwardX11
-Specifies whether X11 connections will be automatically redirected
-over the secure channel and
-.Ev DISPLAY
-set.
-The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
-.It Cm GatewayPorts
-Specifies whether remote hosts are allowed to connect to local
-forwarded ports.
-By default,
-.Nm ssh
-binds local port forwardings to the loopback address. This
-prevents other remote hosts from connecting to forwarded ports.
-.Cm GatewayPorts
-can be used to specify that
-.Nm ssh
-should bind local port forwardings to the wildcard address,
-thus allowing remote hosts to connect to forwarded ports.
-The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
-.It Cm GlobalKnownHostsFile
-Specifies a file to use for the global
-host key database instead of
-.Pa $GLOBUS_LOCATION/etc/ssh/ssh_known_hosts .
-.It Cm GssapiAuthentication
-Specifies whether authentication based on GSSAPI may be used, either using
-the result of a successful key exchange, or using GSSAPI user
-authentication.
-The default is
-.Dq yes .
-.It Cm GssapiDelegateCredentials
-Specifies whether GSSAPI credentials will be delegated (forwarded) to
-the server.
-The default is
-.Dq yes .
-.It Cm HostbasedAuthentication
-Specifies whether to try rhosts based authentication with public key
-authentication.
-The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
-This option applies to protocol version 2 only and
-is similar to
-.Cm RhostsRSAAuthentication .
-.It Cm HostKeyAlgorithms
-Specifies the protocol version 2 host key algorithms
-that the client wants to use in order of preference.
-The default for this option is:
-.Dq ssh-rsa,ssh-dss .
-.It Cm HostKeyAlias
-Specifies an alias that should be used instead of the
-real host name when looking up or saving the host key
-in the host key database files.
-This option is useful for tunneling ssh connections
-or for multiple servers running on a single host.
-.It Cm HostName
-Specifies the real host name to log into.
-This can be used to specify nicknames or abbreviations for hosts.
-Default is the name given on the command line.
-Numeric IP addresses are also permitted (both on the command line and in
-.Cm HostName
-specifications).
-.It Cm IdentityFile
-Specifies a file from which the user's RSA or DSA authentication identity
-is read. The default is
-.Pa $HOME/.ssh/identity
-for protocol version 1, and
-.Pa $HOME/.ssh/id_rsa
-and
-.Pa $HOME/.ssh/id_dsa
-for protocol version 2.
-Additionally, any identities represented by the authentication agent
-will be used for authentication.
-The file name may use the tilde
-syntax to refer to a user's home directory.
-It is possible to have
-multiple identity files specified in configuration files; all these
-identities will be tried in sequence.
-.It Cm KeepAlive
-Specifies whether the system should send TCP keepalive messages to the
-other side.
-If they are sent, death of the connection or crash of one
-of the machines will be properly noticed.
-However, this means that
-connections will die if the route is down temporarily, and some people
-find it annoying.
-.Pp
-The default is
-.Dq yes
-(to send keepalives), and the client will notice
-if the network goes down or the remote host dies.
-This is important in scripts, and many users want it too.
-.Pp
-To disable keepalives, the value should be set to
-.Dq no .
-.It Cm KerberosAuthentication
-Specifies whether Kerberos authentication will be used.
-The argument to this keyword must be
-.Dq yes
-or
-.Dq no .
-.It Cm KerberosTgtPassing
-Specifies whether a Kerberos TGT will be forwarded to the server.
-This will only work if the Kerberos server is actually an AFS kaserver.
-The argument to this keyword must be
-.Dq yes
-or
-.Dq no .
-.It Cm LocalForward
-Specifies that a TCP/IP port on the local machine be forwarded over
-the secure channel to the specified host and port from the remote machine.
-The first argument must be a port number, and the second must be
-.Ar host:port .
-IPv6 addresses can be specified with an alternative syntax:
-.Ar host/port .
-Multiple forwardings may be specified, and additional
-forwardings can be given on the command line.
-Only the superuser can forward privileged ports.
-.It Cm LogLevel
-Gives the verbosity level that is used when logging messages from
-.Nm ssh .
-The possible values are:
-QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
-The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2
-and DEBUG3 each specify higher levels of verbose output.
-.It Cm MACs
-Specifies the MAC (message authentication code) algorithms
-in order of preference.
-The MAC algorithm is used in protocol version 2
-for data integrity protection.
-Multiple algorithms must be comma-separated.
-The default is
-.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
-.It Cm NoHostAuthenticationForLocalhost
-This option can be used if the home directory is shared across machines.
-In this case localhost will refer to a different machine on each of
-the machines and the user will get many warnings about changed host keys.
-However, this option disables host authentication for localhost.
-The argument to this keyword must be
-.Dq yes
-or
-.Dq no .
-The default is to check the host key for localhost.
-.It Cm NumberOfPasswordPrompts
-Specifies the number of password prompts before giving up.
-The argument to this keyword must be an integer.
-Default is 3.
-.It Cm PasswordAuthentication
-Specifies whether to use password authentication.
-The argument to this keyword must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq yes .
-.It Cm Port
-Specifies the port number to connect on the remote host.
-Default is 22.
-.It Cm PreferredAuthentications
-Specifies the order in which the client should try protocol 2
-authentication methods. This allows a client to prefer one method (e.g.
-.Cm keyboard-interactive )
-over another method (e.g.
-.Cm password )
-The default for this option is:
-.Dq hostbased,external-keyx,gssapi,publickey,keyboard-interactive,password .
-.It Cm Protocol
-Specifies the protocol versions
-.Nm ssh
-should support in order of preference.
-The possible values are
-.Dq 1
-and
-.Dq 2 .
-Multiple versions must be comma-separated.
-The default is
-.Dq 2,1 .
-This means that
-.Nm ssh
-tries version 2 and falls back to version 1
-if version 2 is not available.
-.It Cm ProxyCommand
-Specifies the command to use to connect to the server.
-The command
-string extends to the end of the line, and is executed with
-.Pa /bin/sh .
-In the command string,
-.Ql %h
-will be substituted by the host name to
-connect and
-.Ql %p
-by the port.
-The command can be basically anything,
-and should read from its standard input and write to its standard output.
-It should eventually connect an
-.Xr sshd 8
-server running on some machine, or execute
-.Ic sshd -i
-somewhere.
-Host key management will be done using the
-HostName of the host being connected (defaulting to the name typed by
-the user).
-Note that
-.Cm CheckHostIP
-is not available for connects with a proxy command.
-.Pp
-.It Cm PubkeyAuthentication
-Specifies whether to try public key authentication.
-The argument to this keyword must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq yes .
-This option applies to protocol version 2 only.
-.It Cm RemoteForward
-Specifies that a TCP/IP port on the remote machine be forwarded over
-the secure channel to the specified host and port from the local machine.
-The first argument must be a port number, and the second must be
-.Ar host:port .
-IPv6 addresses can be specified with an alternative syntax:
-.Ar host/port .
-Multiple forwardings may be specified, and additional
-forwardings can be given on the command line.
-Only the superuser can forward privileged ports.
-.It Cm RhostsAuthentication
-Specifies whether to try rhosts based authentication.
-Note that this
-declaration only affects the client side and has no effect whatsoever
-on security.
-Most servers do not permit RhostsAuthentication because it
-is not secure (see
-.Cm RhostsRSAAuthentication ) .
-The argument to this keyword must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
-This option applies to protocol version 1 only.
-.It Cm RhostsRSAAuthentication
-Specifies whether to try rhosts based authentication with RSA host
-authentication.
-The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
-This option applies to protocol version 1 only and requires
-.Nm ssh
-to be setuid root.
-.It Cm RSAAuthentication
-Specifies whether to try RSA authentication.
-The argument to this keyword must be
-.Dq yes
-or
-.Dq no .
-RSA authentication will only be
-attempted if the identity file exists, or an authentication agent is
-running.
-The default is
-.Dq yes .
-Note that this option applies to protocol version 1 only.
-.It Cm SmartcardDevice
-Specifies which smartcard device to use. The argument to this keyword is
-the device
-.Nm ssh
-should use to communicate with a smartcard used for storing the user's
-private RSA key. By default, no device is specified and smartcard support
-is not activated.
-.It Cm StrictHostKeyChecking
-If this flag is set to
-.Dq yes ,
-.Nm ssh
-will never automatically add host keys to the
-.Pa $HOME/.ssh/known_hosts
-file, and refuses to connect to hosts whose host key has changed.
-This provides maximum protection against trojan horse attacks,
-however, can be annoying when the
-.Pa $GLOBUS_LOCATION/etc/ssh/ssh_known_hosts
-file is poorly maintained, or connections to new hosts are
-frequently made.
-This option forces the user to manually
-add all new hosts.
-If this flag is set to
-.Dq no ,
-.Nm ssh
-will automatically add new host keys to the
-user known hosts files.
-If this flag is set to
-.Dq ask ,
-new host keys
-will be added to the user known host files only after the user
-has confirmed that is what they really want to do, and
-.Nm ssh
-will refuse to connect to hosts whose host key has changed.
-The host keys of
-known hosts will be verified automatically in all cases.
-The argument must be
-.Dq yes ,
-.Dq no
-or
-.Dq ask .
-The default is
-.Dq ask .
-.It Cm UsePrivilegedPort
-Specifies whether to use a privileged port for outgoing connections.
-The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
-Note that this option must be set to
-.Dq yes
-if
-.Cm RhostsAuthentication
-and
-.Cm RhostsRSAAuthentication
-authentications are needed with older servers.
-.It Cm User
-Specifies the user to log in as.
-This can be useful when a different user name is used on different machines.
-This saves the trouble of
-having to remember to give the user name on the command line.
-.It Cm UserKnownHostsFile
-Specifies a file to use for the user
-host key database instead of
-.Pa $HOME/.ssh/known_hosts .
-.It Cm XAuthLocation
-Specifies the location of the
-.Xr xauth 1
-program.
-The default is
-.Pa /usr/X11R6/bin/xauth .
-.El
-.Sh FILES
-.Bl -tag -width Ds
-.It Pa $HOME/.ssh/config
-This is the per-user configuration file.
-The format of this file is described above.
-This file is used by the
-.Nm ssh
-client.
-This file does not usually contain any sensitive information,
-but the recommended permissions are read/write for the user, and not
-accessible by others.
-.It Pa $GLOBUS_LOCATION/etc/ssh/ssh_config
-Systemwide configuration file.
-This file provides defaults for those
-values that are not specified in the user's configuration file, and
-for those users who do not have a configuration file.
-This file must be world-readable.
-.El
-.Sh AUTHORS
-OpenSSH is a derivative of the original and free
-ssh 1.2.12 release by Tatu Ylonen.
-Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
-Theo de Raadt and Dug Song
-removed many bugs, re-added newer features and
-created OpenSSH.
-Markus Friedl contributed the support for SSH
-protocol versions 1.5 and 2.0.
-.Sh SEE ALSO
-.Xr ssh 1
"tail -200 /var/log/maillog" @PROG_TAIL@ 0.01
"tail -200 /var/adm/maillog" @PROG_TAIL@ 0.01
"tail -200 /var/adm/syslog/mail.log" @PROG_TAIL@ 0.01
+
+++ /dev/null
-.\" -*- nroff -*-
-.\"
-.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
-.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
-.\" All rights reserved
-.\"
-.\" As far as I am concerned, the code I have written for this software
-.\" can be used freely for any purpose. Any derived versions of this
-.\" software must be clearly marked as such, and if the derived work is
-.\" incompatible with the protocol description in the RFC file, it must be
-.\" called by a name other than "ssh" or "Secure Shell".
-.\"
-.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
-.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
-.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
-.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.\" $OpenBSD: sshd_config.5,v 1.4 2002/06/22 16:45:29 stevesk Exp $
-.Dd September 25, 1999
-.Dt SSHD_CONFIG 5
-.Os
-.Sh NAME
-.Nm sshd_config
-.Nd OpenSSH SSH daemon configuration file
-.Sh SYNOPSIS
-.Bl -tag -width Ds -compact
-.It Pa $GLOBUS_LOCATION/etc/ssh/sshd_config
-.El
-.Sh DESCRIPTION
-.Nm sshd
-reads configuration data from
-.Pa $GLOBUS_LOCATION/etc/ssh/sshd_config
-(or the file specified with
-.Fl f
-on the command line).
-The file contains keyword-argument pairs, one per line.
-Lines starting with
-.Ql #
-and empty lines are interpreted as comments.
-.Pp
-The possible
-keywords and their meanings are as follows (note that
-keywords are case-insensitive and arguments are case-sensitive):
-.Bl -tag -width Ds
-.It Cm AFSTokenPassing
-Specifies whether an AFS token may be forwarded to the server.
-Default is
-.Dq no .
-.It Cm AllowGroups
-This keyword can be followed by a list of group name patterns, separated
-by spaces.
-If specified, login is allowed only for users whose primary
-group or supplementary group list matches one of the patterns.
-.Ql \&*
-and
-.Ql ?
-can be used as
-wildcards in the patterns.
-Only group names are valid; a numerical group ID is not recognized.
-By default, login is allowed for all groups.
-.Pp
-.It Cm AllowTcpForwarding
-Specifies whether TCP forwarding is permitted.
-The default is
-.Dq yes .
-Note that disabling TCP forwarding does not improve security unless
-users are also denied shell access, as they can always install their
-own forwarders.
-.Pp
-.It Cm AllowUsers
-This keyword can be followed by a list of user name patterns, separated
-by spaces.
-If specified, login is allowed only for users names that
-match one of the patterns.
-.Ql \&*
-and
-.Ql ?
-can be used as
-wildcards in the patterns.
-Only user names are valid; a numerical user ID is not recognized.
-By default, login is allowed for all users.
-If the pattern takes the form USER@HOST then USER and HOST
-are separately checked, restricting logins to particular
-users from particular hosts.
-.Pp
-.It Cm AuthorizedKeysFile
-Specifies the file that contains the public keys that can be used
-for user authentication.
-.Cm AuthorizedKeysFile
-may contain tokens of the form %T which are substituted during connection
-set-up. The following tokens are defined: %% is replaced by a literal '%',
-%h is replaced by the home directory of the user being authenticated and
-%u is replaced by the username of that user.
-After expansion,
-.Cm AuthorizedKeysFile
-is taken to be an absolute path or one relative to the user's home
-directory.
-The default is
-.Dq .ssh/authorized_keys .
-.It Cm Banner
-In some jurisdictions, sending a warning message before authentication
-may be relevant for getting legal protection.
-The contents of the specified file are sent to the remote user before
-authentication is allowed.
-This option is only available for protocol version 2.
-By default, no banner is displayed.
-.Pp
-.It Cm ChallengeResponseAuthentication
-Specifies whether challenge response authentication is allowed.
-All authentication styles from
-.Xr login.conf 5
-are supported.
-The default is
-.Dq yes .
-.It Cm Ciphers
-Specifies the ciphers allowed for protocol version 2.
-Multiple ciphers must be comma-separated.
-The default is
-.Pp
-.Bd -literal
- ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
- aes192-cbc,aes256-cbc''
-.Ed
-.It Cm ClientAliveInterval
-Sets a timeout interval in seconds after which if no data has been received
-from the client,
-.Nm sshd
-will send a message through the encrypted
-channel to request a response from the client.
-The default
-is 0, indicating that these messages will not be sent to the client.
-This option applies to protocol version 2 only.
-.It Cm ClientAliveCountMax
-Sets the number of client alive messages (see above) which may be
-sent without
-.Nm sshd
-receiving any messages back from the client. If this threshold is
-reached while client alive messages are being sent,
-.Nm sshd
-will disconnect the client, terminating the session. It is important
-to note that the use of client alive messages is very different from
-.Cm KeepAlive
-(below). The client alive messages are sent through the
-encrypted channel and therefore will not be spoofable. The TCP keepalive
-option enabled by
-.Cm KeepAlive
-is spoofable. The client alive mechanism is valuable when the client or
-server depend on knowing when a connection has become inactive.
-.Pp
-The default value is 3. If
-.Cm ClientAliveInterval
-(above) is set to 15, and
-.Cm ClientAliveCountMax
-is left at the default, unresponsive ssh clients
-will be disconnected after approximately 45 seconds.
-.It Cm Compression
-Specifies whether compression is allowed.
-The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq yes .
-.It Cm DenyGroups
-This keyword can be followed by a list of group name patterns, separated
-by spaces.
-Login is disallowed for users whose primary group or supplementary
-group list matches one of the patterns.
-.Ql \&*
-and
-.Ql ?
-can be used as
-wildcards in the patterns.
-Only group names are valid; a numerical group ID is not recognized.
-By default, login is allowed for all groups.
-.Pp
-.It Cm DenyUsers
-This keyword can be followed by a list of user name patterns, separated
-by spaces.
-Login is disallowed for user names that match one of the patterns.
-.Ql \&*
-and
-.Ql ?
-can be used as wildcards in the patterns.
-Only user names are valid; a numerical user ID is not recognized.
-By default, login is allowed for all users.
-If the pattern takes the form USER@HOST then USER and HOST
-are separately checked, restricting logins to particular
-users from particular hosts.
-.It Cm GatewayPorts
-Specifies whether remote hosts are allowed to connect to ports
-forwarded for the client.
-By default,
-.Nm sshd
-binds remote port forwardings to the loopback address. This
-prevents other remote hosts from connecting to forwarded ports.
-.Cm GatewayPorts
-can be used to specify that
-.Nm sshd
-should bind remote port forwardings to the wildcard address,
-thus allowing remote hosts to connect to forwarded ports.
-The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
-.It Cm HostbasedAuthentication
-Specifies whether rhosts or /etc/hosts.equiv authentication together
-with successful public key client host authentication is allowed
-(hostbased authentication).
-This option is similar to
-.Cm RhostsRSAAuthentication
-and applies to protocol version 2 only.
-The default is
-.Dq no .
-.It Cm GssapiAuthentication
-Specifies whether authentication based on GSSAPI may be used, either using
-the result of a successful key exchange, or using GSSAPI user
-authentication.
-The default is
-.Dq yes .
-.It Cm GssapiKeyExchange
-Specifies whether key exchange based on GSSAPI may be used. When using
-GSSAPI key exchange the server need not have a host key.
-The default is
-.Dq yes .
-.It Cm GssapiUseSessionCredCache
-Specifies whether a unique credentials cache name should be generated per
-session for storing delegated credentials.
-The default is
-.Dq yes .
-.It Cm HostKey
-Specifies a file containing a private host key
-used by SSH.
-The default is
-.Pa $GLOBUS_LOCATION/etc/ssh/ssh_host_key
-for protocol version 1, and
-.Pa $GLOBUS_LOCATION/etc/ssh/ssh_host_rsa_key
-and
-.Pa $GLOBUS_LOCATION/etc/ssh/ssh_host_dsa_key
-for protocol version 2.
-Note that
-.Nm sshd
-will refuse to use a file if it is group/world-accessible.
-It is possible to have multiple host key files.
-.Dq rsa1
-keys are used for version 1 and
-.Dq dsa
-or
-.Dq rsa
-are used for version 2 of the SSH protocol.
-.It Cm IgnoreRhosts
-Specifies that
-.Pa .rhosts
-and
-.Pa .shosts
-files will not be used in
-.Cm RhostsAuthentication ,
-.Cm RhostsRSAAuthentication
-or
-.Cm HostbasedAuthentication .
-.Pp
-.Pa /etc/hosts.equiv
-and
-.Pa $GLOBUS_LOCATION/etc/ssh/shosts.equiv
-are still used.
-The default is
-.Dq yes .
-.It Cm IgnoreUserKnownHosts
-Specifies whether
-.Nm sshd
-should ignore the user's
-.Pa $HOME/.ssh/known_hosts
-during
-.Cm RhostsRSAAuthentication
-or
-.Cm HostbasedAuthentication .
-The default is
-.Dq no .
-.It Cm KeepAlive
-Specifies whether the system should send TCP keepalive messages to the
-other side.
-If they are sent, death of the connection or crash of one
-of the machines will be properly noticed.
-However, this means that
-connections will die if the route is down temporarily, and some people
-find it annoying.
-On the other hand, if keepalives are not sent,
-sessions may hang indefinitely on the server, leaving
-.Dq ghost
-users and consuming server resources.
-.Pp
-The default is
-.Dq yes
-(to send keepalives), and the server will notice
-if the network goes down or the client host crashes.
-This avoids infinitely hanging sessions.
-.Pp
-To disable keepalives, the value should be set to
-.Dq no .
-.It Cm KerberosAuthentication
-Specifies whether Kerberos authentication is allowed.
-This can be in the form of a Kerberos ticket, or if
-.Cm PasswordAuthentication
-is yes, the password provided by the user will be validated through
-the Kerberos KDC.
-To use this option, the server needs a
-Kerberos servtab which allows the verification of the KDC's identity.
-Default is
-.Dq no .
-.It Cm KerberosOrLocalPasswd
-If set then if password authentication through Kerberos fails then
-the password will be validated via any additional local mechanism
-such as
-.Pa /etc/passwd .
-Default is
-.Dq yes .
-.It Cm KerberosTgtPassing
-Specifies whether a Kerberos TGT may be forwarded to the server.
-Default is
-.Dq no ,
-as this only works when the Kerberos KDC is actually an AFS kaserver.
-.It Cm KerberosTicketCleanup
-Specifies whether to automatically destroy the user's ticket cache
-file on logout.
-Default is
-.Dq yes .
-.It Cm KeyRegenerationInterval
-In protocol version 1, the ephemeral server key is automatically regenerated
-after this many seconds (if it has been used).
-The purpose of regeneration is to prevent
-decrypting captured sessions by later breaking into the machine and
-stealing the keys.
-The key is never stored anywhere.
-If the value is 0, the key is never regenerated.
-The default is 3600 (seconds).
-.It Cm ListenAddress
-Specifies the local addresses
-.Nm sshd
-should listen on.
-The following forms may be used:
-.Pp
-.Bl -item -offset indent -compact
-.It
-.Cm ListenAddress
-.Sm off
-.Ar host No | Ar IPv4_addr No | Ar IPv6_addr
-.Sm on
-.It
-.Cm ListenAddress
-.Sm off
-.Ar host No | Ar IPv4_addr No : Ar port
-.Sm on
-.It
-.Cm ListenAddress
-.Sm off
-.Oo
-.Ar host No | Ar IPv6_addr Oc : Ar port
-.Sm on
-.El
-.Pp
-If
-.Ar port
-is not specified,
-.Nm sshd
-will listen on the address and all prior
-.Cm Port
-options specified. The default is to listen on all local
-addresses. Multiple
-.Cm ListenAddress
-options are permitted. Additionally, any
-.Cm Port
-options must precede this option for non port qualified addresses.
-.It Cm LoginGraceTime
-The server disconnects after this time if the user has not
-successfully logged in.
-If the value is 0, there is no time limit.
-The default is 600 (seconds).
-.It Cm LogLevel
-Gives the verbosity level that is used when logging messages from
-.Nm sshd .
-The possible values are:
-QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
-The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2
-and DEBUG3 each specify higher levels of debugging output.
-Logging with a DEBUG level violates the privacy of users
-and is not recommended.
-.It Cm MACs
-Specifies the available MAC (message authentication code) algorithms.
-The MAC algorithm is used in protocol version 2
-for data integrity protection.
-Multiple algorithms must be comma-separated.
-The default is
-.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
-.It Cm MaxStartups
-Specifies the maximum number of concurrent unauthenticated connections to the
-.Nm sshd
-daemon.
-Additional connections will be dropped until authentication succeeds or the
-.Cm LoginGraceTime
-expires for a connection.
-The default is 10.
-.Pp
-Alternatively, random early drop can be enabled by specifying
-the three colon separated values
-.Dq start:rate:full
-(e.g., "10:30:60").
-.Nm sshd
-will refuse connection attempts with a probability of
-.Dq rate/100
-(30%)
-if there are currently
-.Dq start
-(10)
-unauthenticated connections.
-The probability increases linearly and all connection attempts
-are refused if the number of unauthenticated connections reaches
-.Dq full
-(60).
-.It Cm PAMAuthenticationViaKbdInt
-Specifies whether PAM challenge response authentication is allowed. This
-allows the use of most PAM challenge response authentication modules, but
-it will allow password authentication regardless of whether
-.Cm PasswordAuthentication
-is enabled.
-.It Cm PasswordAuthentication
-Specifies whether password authentication is allowed.
-The default is
-.Dq yes .
-.It Cm PermitEmptyPasswords
-When password authentication is allowed, it specifies whether the
-server allows login to accounts with empty password strings.
-The default is
-.Dq no .
-.It Cm PermitRootLogin
-Specifies whether root can login using
-.Xr ssh 1 .
-The argument must be
-.Dq yes ,
-.Dq without-password ,
-.Dq forced-commands-only
-or
-.Dq no .
-The default is
-.Dq yes .
-.Pp
-If this option is set to
-.Dq without-password
-password authentication is disabled for root.
-.Pp
-If this option is set to
-.Dq forced-commands-only
-root login with public key authentication will be allowed,
-but only if the
-.Ar command
-option has been specified
-(which may be useful for taking remote backups even if root login is
-normally not allowed). All other authentication methods are disabled
-for root.
-.Pp
-If this option is set to
-.Dq no
-root is not allowed to login.
-.It Cm PidFile
-Specifies the file that contains the process ID of the
-.Nm sshd
-daemon.
-The default is
-.Pa /var/run/sshd.pid .
-.It Cm Port
-Specifies the port number that
-.Nm sshd
-listens on.
-The default is 22.
-Multiple options of this type are permitted.
-See also
-.Cm ListenAddress .
-.It Cm PrintLastLog
-Specifies whether
-.Nm sshd
-should print the date and time when the user last logged in.
-The default is
-.Dq yes .
-.It Cm PrintMotd
-Specifies whether
-.Nm sshd
-should print
-.Pa /etc/motd
-when a user logs in interactively.
-(On some systems it is also printed by the shell,
-.Pa /etc/profile ,
-or equivalent.)
-The default is
-.Dq yes .
-.It Cm Protocol
-Specifies the protocol versions
-.Nm sshd
-should support.
-The possible values are
-.Dq 1
-and
-.Dq 2 .
-Multiple versions must be comma-separated.
-The default is
-.Dq 2,1 .
-.It Cm PubkeyAuthentication
-Specifies whether public key authentication is allowed.
-The default is
-.Dq yes .
-Note that this option applies to protocol version 2 only.
-.It Cm RhostsAuthentication
-Specifies whether authentication using rhosts or /etc/hosts.equiv
-files is sufficient.
-Normally, this method should not be permitted because it is insecure.
-.Cm RhostsRSAAuthentication
-should be used
-instead, because it performs RSA-based host authentication in addition
-to normal rhosts or /etc/hosts.equiv authentication.
-The default is
-.Dq no .
-This option applies to protocol version 1 only.
-.It Cm RhostsRSAAuthentication
-Specifies whether rhosts or /etc/hosts.equiv authentication together
-with successful RSA host authentication is allowed.
-The default is
-.Dq no .
-This option applies to protocol version 1 only.
-.It Cm RSAAuthentication
-Specifies whether pure RSA authentication is allowed.
-The default is
-.Dq yes .
-This option applies to protocol version 1 only.
-.It Cm ServerKeyBits
-Defines the number of bits in the ephemeral protocol version 1 server key.
-The minimum value is 512, and the default is 768.
-.It Cm StrictModes
-Specifies whether
-.Nm sshd
-should check file modes and ownership of the
-user's files and home directory before accepting login.
-This is normally desirable because novices sometimes accidentally leave their
-directory or files world-writable.
-The default is
-.Dq yes .
-.It Cm Subsystem
-Configures an external subsystem (e.g., file transfer daemon).
-Arguments should be a subsystem name and a command to execute upon subsystem
-request.
-The command
-.Xr sftp-server 8
-implements the
-.Dq sftp
-file transfer subsystem.
-By default no subsystems are defined.
-Note that this option applies to protocol version 2 only.
-.It Cm SyslogFacility
-Gives the facility code that is used when logging messages from
-.Nm sshd .
-The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
-LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
-The default is AUTH.
-.It Cm UseLogin
-Specifies whether
-.Xr login 1
-is used for interactive login sessions.
-The default is
-.Dq no .
-Note that
-.Xr login 1
-is never used for remote command execution.
-Note also, that if this is enabled,
-.Cm X11Forwarding
-will be disabled because
-.Xr login 1
-does not know how to handle
-.Xr xauth 1
-cookies. If
-.Cm UsePrivilegeSeparation
-is specified, it will be disabled after authentication.
-.It Cm UsePrivilegeSeparation
-Specifies whether
-.Nm sshd
-separates privileges by creating an unprivileged child process
-to deal with incoming network traffic. After successful authentication,
-another process will be created that has the privilege of the authenticated
-user. The goal of privilege separation is to prevent privilege
-escalation by containing any corruption within the unprivileged processes.
-The default is
-.Dq yes .
-.It Cm VerifyReverseMapping
-Specifies whether
-.Nm sshd
-should try to verify the remote host name and check that
-the resolved host name for the remote IP address maps back to the
-very same IP address.
-The default is
-.Dq no .
-.It Cm X11DisplayOffset
-Specifies the first display number available for
-.Nm sshd Ns 's
-X11 forwarding.
-This prevents
-.Nm sshd
-from interfering with real X11 servers.
-The default is 10.
-.It Cm X11Forwarding
-Specifies whether X11 forwarding is permitted.
-The default is
-.Dq no .
-Note that disabling X11 forwarding does not improve security in any
-way, as users can always install their own forwarders.
-X11 forwarding is automatically disabled if
-.Cm UseLogin
-is enabled.
-.It Cm X11UseLocalhost
-Specifies whether
-.Nm sshd
-should bind the X11 forwarding server to the loopback address or to
-the wildcard address. By default,
-.Nm sshd
-binds the forwarding server to the loopback address and sets the
-hostname part of the
-.Ev DISPLAY
-environment variable to
-.Dq localhost .
-This prevents remote hosts from connecting to the fake display.
-However, some older X11 clients may not function with this
-configuration.
-.Cm X11UseLocalhost
-may be set to
-.Dq no
-to specify that the forwarding server should be bound to the wildcard
-address.
-The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq yes .
-.It Cm XAuthLocation
-Specifies the location of the
-.Xr xauth 1
-program.
-The default is
-.Pa /usr/X11R6/bin/xauth .
-.El
-.Ss Time Formats
-.Pp
-.Nm sshd
-command-line arguments and configuration file options that specify time
-may be expressed using a sequence of the form:
-.Sm off
-.Ar time Oo Ar qualifier Oc ,
-.Sm on
-where
-.Ar time
-is a positive integer value and
-.Ar qualifier
-is one of the following:
-.Pp
-.Bl -tag -width Ds -compact -offset indent
-.It Cm <none>
-seconds
-.It Cm s | Cm S
-seconds
-.It Cm m | Cm M
-minutes
-.It Cm h | Cm H
-hours
-.It Cm d | Cm D
-days
-.It Cm w | Cm W
-weeks
-.El
-.Pp
-Each member of the sequence is added together to calculate
-the total time value.
-.Pp
-Time format examples:
-.Pp
-.Bl -tag -width Ds -compact -offset indent
-.It 600
-600 seconds (10 minutes)
-.It 10m
-10 minutes
-.It 1h30m
-1 hour 30 minutes (90 minutes)
-.El
-.Sh FILES
-.Bl -tag -width Ds
-.It Pa $GLOBUS_LOCATION/etc/ssh/sshd_config
-Contains configuration data for
-.Nm sshd .
-This file should be writable by root only, but it is recommended
-(though not necessary) that it be world-readable.
-.El
-.Sh AUTHORS
-OpenSSH is a derivative of the original and free
-ssh 1.2.12 release by Tatu Ylonen.
-Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
-Theo de Raadt and Dug Song
-removed many bugs, re-added newer features and
-created OpenSSH.
-Markus Friedl contributed the support for SSH
-protocol versions 1.5 and 2.0.
-Niels Provos and Markus Friedl contributed support
-for privilege separation.
-.Sh SEE ALSO
-.Xr sshd 8
-# $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $
+# $OpenBSD: sshd_config,v 1.65 2003/08/28 12:54:34 markus Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
-#KeyRegenerationInterval 3600
+#KeyRegenerationInterval 1h
#ServerKeyBits 768
# Logging
# Authentication:
-#LoginGraceTime 120
+#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
-# rhosts authentication should not be used
-#RhostsAuthentication no
-# Don't read the user's ~/.rhosts and ~/.shosts files
-#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
-#AFSTokenPassing no
+# Session hooks: if allowed, specify the commands to execute
+#AllowSessionHooks yes
+#SessionHookStartupCmd /bin/true
+#SessionHookShutdownCmd /bin/true
-# Kerberos TGT Passing only works with the AFS kaserver
-#KerberosTgtPassing no
+# GSSAPI options
+#GSSAPIAuthentication yes
+#GSSAPICleanupCreds yes
-# Set this to 'yes' to enable PAM keyboard-interactive authentication
-# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
-#PAMAuthenticationViaKbdInt no
+# Set this to 'yes' to enable PAM authentication (via challenge-response)
+# and session processing. Depending on your PAM configuration, this may
+# bypass the setting of 'PasswordAuthentication'
+#UsePAM yes
+#AllowTcpForwarding yes
+#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes
-
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS yes
+#PidFile /var/run/sshd.pid
#MaxStartups 10
+
# no default banner path
#Banner /some/path
-#VerifyReverseMapping no
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
-
-# where to store the pid of sshd process
-PidFile /var/run/sshd.pid
andersk / gssapi-openssh.git / commitdiff
