+20030401
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2003/03/28 10:11:43
+ [scp.1 sftp.1 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5 sshd_config.5]
+ [ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
+ - killed whitespace
+ - new sentence new line
+ - .Bk for arguments
+ ok markus@
+ - markus@cvs.openbsd.org 2003/04/01 10:10:23
+ [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
+ [readconf.h serverloop.c sshconnect2.c]
+ rekeying bugfixes and automatic rekeying:
+ * both client and server rekey _automatically_
+ (a) after 2^31 packets, because after 2^32 packets
+ the sequence number for packets wraps
+ (b) after 2^(blocksize_in_bits/4) blocks
+ (see: draft-ietf-secsh-newmodes-00.txt)
+ (a) and (b) are _enabled_ by default, and only disabled for known
+ openssh versions, that don't support rekeying properly.
+ * client option 'RekeyLimit'
+ * do not reply to requests during rekeying
+ - markus@cvs.openbsd.org 2003/04/01 10:22:21
+ [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
+ [readconf.h serverloop.c sshconnect2.c]
+ backout rekeying changes (for 3.6.1)
+ - markus@cvs.openbsd.org 2003/04/01 10:31:26
+ [compat.c compat.h kex.c]
+ bugfix causes stalled connections for ssh.com < 3.0; noticed by ho@;
+ tested by ho@ and myself
+ - markus@cvs.openbsd.org 2003/04/01 10:56:46
+ [version.h]
+ 3.6.1
+ - (djm) Crank spec file versions
+ - (djm) Release 3.6.1p1
+
+20030326
+ - (djm) OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2003/03/26 04:02:51
+ [sftp-server.c]
+ one last fix to the tree: race fix broke stuff; pr 3169;
+ srp@srparish.net, help from djm
+
+20030325
+ - (djm) Fix getpeerid support for 64 bit BE systems. From
+ Arnd Bergmann <arndb@de.ibm.com>
+
+20030324
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2003/03/23 19:02:00
+ [monitor.c]
+ unbreak rekeying for privsep; ok millert@
+ - Release 3.6p1
+ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
+ Report from murple@murple.net, diagnosis from dtucker@zip.com.au
+
+20030320
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2003/03/17 10:38:38
+ [progressmeter.c]
+ don't print \n if backgrounded; from ho@
+ - markus@cvs.openbsd.org 2003/03/17 11:43:47
+ [version.h]
+ enter 3.6
+ - (bal) The days of lack of int64_t support are over. Sorry kids.
+ - (bal) scp.c 'limit' conflicts with Cray. Rename to 'limitbw'
+ - (bal) Collection of Cray patches (bsd-cray.h fix for CRAYT3E and improved
+ guessing rules)
+ - (bal) Disable Privsep for Tru64 after pre-authentication due to issues
+ with SIA. Also, clean up of tru64 support patch by Chris Adams
+ <cmadams@hiwaay.net>
+ - (tim) [contrib/caldera/openssh.spec] workaround RPM quirk. Fix %files
+
+20030318
+ - (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
+ add nanosleep(). testing/corrections by Darren Tucker <dtucker@zip.com.au>
+
+20030317
+ - (djm) Fix return value checks for RAND_bytes. Report from
+ Steve G <linux_4ever@yahoo.com>
+
+20030315
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2003/03/13 11:42:19
+ [authfile.c ssh-keysign.c]
+ move RSA_blinding_on to generic key load method
+ - markus@cvs.openbsd.org 2003/03/13 11:44:50
+ [ssh-agent.c]
+ ssh-agent is similar to ssh-keysign (allows other processes to use
+ private rsa keys). however, it gets key over socket and not from
+ a file, so we have to do blinding here as well.
+
+20030310
+- (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2003/03/05 22:33:43
+ [channels.c monitor.c scp.c session.c sftp-client.c sftp-int.c]
+ [sftp-server.c ssh-add.c sshconnect2.c]
+ fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
+ - (djm) One more portable-specific one from dlheine@suif.Stanford.EDU/
+ CLOUSEAU
+ - (djm) Bug #245: TTY problems on Solaris. Fix by stevesk@ and
+ dtucker@zip.com.au
+ - (djm) AIX package builder update from dtucker@zip.com.au
+
+20030225
+ - (djm) Fix some compile errors spotted by dtucker and his fabulous
+ tinderbox
+
+20030224
+ - (djm) Tweak gnome-ssh-askpass2:
+ - Retry kb and mouse grab a couple of times, so passphrase dialog doesn't
+ immediately fail if you are doing something else when it appears (e.g.
+ dragging a window)
+ - Perform server grab after we have the keyboard and/or pointer to avoid
+ races.
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2003/01/27 17:06:31
+ [sshd.c]
+ more specific error message when /var/empty has wrong permissions;
+ bug #46, map@appgate.com; ok henning@, provos@, stevesk@
+ - markus@cvs.openbsd.org 2003/01/28 16:11:52
+ [scp.1]
+ document -l; pekkas@netcore.fi
+ - stevesk@cvs.openbsd.org 2003/01/28 17:24:51
+ [scp.1]
+ remove example not pertinent with -1 addition; ok markus@
+ - jmc@cvs.openbsd.org 2003/01/31 21:54:40
+ [sshd.8]
+ typos; sshd(8): help and ok markus@
+ help and ok millert@
+ - markus@cvs.openbsd.org 2003/02/02 10:51:13
+ [scp.c]
+ call okname() only when using system(3) for remote-remote copy;
+ fixes bugs #483, #472; ok deraadt@, mouring@
+ - markus@cvs.openbsd.org 2003/02/02 10:56:08
+ [kex.c]
+ add support for key exchange guesses; based on work by
+ avraham.fraenkel@commatch.com; fixes bug #148; ok deraadt@
+ - markus@cvs.openbsd.org 2003/02/03 08:56:16
+ [sshpty.c]
+ don't call error() for readonly /dev; from soekris list; ok mcbride,
+ henning, deraadt.
+ - markus@cvs.openbsd.org 2003/02/04 09:32:08
+ [key.c]
+ better debug3 message
+ - markus@cvs.openbsd.org 2003/02/04 09:33:22
+ [monitor.c monitor_wrap.c]
+ skey/bsdauth: use 0 to indicate failure instead of -1, because
+ the buffer API only supports unsigned ints.
+ - markus@cvs.openbsd.org 2003/02/05 09:02:28
+ [readconf.c]
+ simplify ProxyCommand parsing, remove strcat/xrealloc; ok henning@, djm@
+ - markus@cvs.openbsd.org 2003/02/06 09:26:23
+ [session.c]
+ missing call to setproctitle() after authentication; ok provos@
+ - markus@cvs.openbsd.org 2003/02/06 09:27:29
+ [ssh.c ssh_config.5]
+ support 'ProxyCommand none'; bugzilla #433; binder@arago.de; ok djm@
+ - markus@cvs.openbsd.org 2003/02/06 09:29:18
+ [sftp-server.c]
+ fix races in rename/symlink; from Tony Finch; ok djm@
+ - markus@cvs.openbsd.org 2003/02/06 21:22:43
+ [auth1.c auth2.c]
+ undo broken fix for #387, fixes #486
+ - markus@cvs.openbsd.org 2003/02/10 11:51:47
+ [ssh-add.1]
+ xref sshd_config.5 (not sshd.8); mark@summersault.com; bug #490
+ - markus@cvs.openbsd.org 2003/02/12 09:33:04
+ [key.c key.h ssh-dss.c ssh-rsa.c]
+ merge ssh-dss.h ssh-rsa.h into key.h; ok deraadt@
+ - markus@cvs.openbsd.org 2003/02/12 21:39:50
+ [crc32.c crc32.h]
+ replace crc32.c with a BSD licensed version; noted by David Turner
+ - markus@cvs.openbsd.org 2003/02/16 17:09:57
+ [kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c]
+ split kex into client and server code, no need to link
+ server code into the client; ok provos@
+ - markus@cvs.openbsd.org 2003/02/16 17:30:33
+ [monitor.c monitor_wrap.c]
+ fix permitrootlogin forced-commands-only for privsep; bux #387;
+ ok provos@
+ - markus@cvs.openbsd.org 2003/02/21 09:05:53
+ [servconf.c]
+ print sshd_config filename in debug2 mode.
+ - mpech@cvs.openbsd.org 2003/02/21 10:34:48
+ [auth-krb4.c]
+ ...sizeof(&adat.session) is not good here.
+ henning@, deraadt@, millert@
+ - (djm) Add new object files to Makefile and reorder
+ - (djm) Bug #501: gai_strerror should return char*;
+ fix from dtucker@zip.com.au
+ - (djm) Most of Bug #499: Cygwin compile fixes for new progressmeter;
+ From vinschen@redhat.com
+ - (djm) Rest of Bug #499: Import a basename() function from OpenBSD libc
+ - (djm) Bug #494: Allow multiple accounts on Windows 9x/Me;
+ From vinschen@redhat.com
+ - (djm) Bug #456: Support for NEC SX6 with Unicos; from wendyp@cray.com
+
+20030211
+ - (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com
+
+20030206
+ - (djm) Teach fake-getaddrinfo to use getservbyname() when provided a
+ string service name. Suggested by markus@, review by itojun@
+
+20030131
+ - (bal) AIX 4.2.1 lacks nanosleep(). Patch to use nsleep() provided by
+ dtucker@zip.com.au
+
+20030130
+ - (djm) Unbreak root password auth. Spotted by dtucker@zip.com.au
+
+200301028
+ - (djm) Search libposix4 and librt for nanosleep. From dtucker@zip.com.au
+ and openssh-unix-dev@thewrittenword.com
+
+200301027
+ - (bal) Bugzilla 477 patch by wendyp@cray.com. Define TIOCGPGRP for
+ cray. Also removed test for tcgetpgrp in configure.ac since it
+ is no longer used.
+
+20030124
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2003/01/23 08:58:47
+ [sshd_config.5]
+ typos; ok millert@
+ - markus@cvs.openbsd.org 2003/01/23 13:50:27
+ [authfd.c authfd.h readpass.c ssh-add.1 ssh-add.c ssh-agent.c]
+ ssh-add -c, prompt user for confirmation (using ssh-askpass) when
+ private agent key is used; with djm@; test by dugsong@, djm@;
+ ok deraadt@
+ - markus@cvs.openbsd.org 2003/01/23 14:01:53
+ [scp.c]
+ bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
+ - markus@cvs.openbsd.org 2003/01/23 14:06:15
+ [scp.1 scp.c]
+ scp -12; Sam Smith and others; ok provos@, deraadt@
+ - (djm) Add TIMEVAL_TO_TIMESPEC macros
+
+20030123
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2003/01/23 00:03:00
+ [auth1.c]
+ Don't log TIS auth response; "get rid of it" - markus@
+
+20030122
+ - (djm) OpenBSD CVS Sync
+ - marc@cvs.openbsd.org 2003/01/21 18:14:36
+ [ssh-agent.1 ssh-agent.c]
+ Add a -t life option to ssh-agent that set the default lifetime.
+ The default can still be overriden by using -t in ssh-add.
+ OK markus@
+ - (djm) Reorganise PAM & SIA password handling to eliminate some common code
+ - (djm) Sync regress with OpenBSD -current
+
+20030120
+ - (djm) Fix compilation for NetBSD from dtucker@zip.com.au
+ - (tim) [progressmeter.c] make compilers without long long happy.
+ - (tim) [configure.ac] Add -belf to build ELF binaries on OpenServer 5 when
+ using cc. (gcc already did)
+
+20030118
+ - (djm) Revert fix for Bug #442 for now.
+
+20030117
+ - (djm) Bug #470: Detect strnvis, not strvis in configure.
+ From d_wllms@lanl.gov
+
+20030116
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2003/01/16 03:41:55
+ [sftp-int.c]
+ explicitly use first glob result
+
+20030114
+ - (djm) OpenBSD CVS Sync
+ - fgsch@cvs.openbsd.org 2003/01/10 23:23:24
+ [sftp-int.c]
+ typo; from Nils Nordman <nino at nforced dot com>.
+ - markus@cvs.openbsd.org 2003/01/11 18:29:43
+ [log.c]
+ set fatal_cleanups to NULL in fatal_remove_all_cleanups();
+ dtucker@zip.com.au
+ - markus@cvs.openbsd.org 2003/01/12 16:57:02
+ [progressmeter.c]
+ allow WARNINGS=yes; ok djm@
+ - djm@cvs.openbsd.org 2003/01/13 11:04:04
+ [sftp-int.c]
+ make cmds[] array static to avoid conflict with BSDI libc.
+ mindrot bug #466. Fix from mdev@idg.nl; ok markus@
+ - djm@cvs.openbsd.org 2003/01/14 10:58:00
+ [sftp-client.c sftp-int.c]
+ Don't try to upload or download non-regular files. Report from
+ apoloval@pantuflo.escet.urjc.es; ok markus@
+
+20030113
+ - (djm) Rework openbsd-compat/setproctitle.c a bit: move emulation type
+ detection to configure.ac. Prompted by stevesk@
+ - (djm) Bug #467: Add a --disable-strip option to turn off stripping of
+ installed binaries. From mdev@idg.nl
+
+20030110
+ - (djm) Enable new setproctitle emulation for Linux, AIX and HP/UX. More
+ systems may be added later.
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2003/01/08 23:53:26
+ [sftp.1 sftp.c sftp-int.c sftp-int.h]
+ Cleanup error handling for batchmode
+ Allow blank lines and comments in input
+ Ability to suppress abort on error in batchmode ("-put blah")
+ Fixes mindrot bug #452; markus@ ok
+ - fgsch@cvs.openbsd.org 2003/01/10 08:19:07
+ [scp.c sftp.1 sftp.c sftp-client.c sftp-int.c progressmeter.c]
+ [progressmeter.h]
+ sftp progress meter support.
+ original diffs by Nils Nordman <nino at nforced dot com> via
+ markus@, merged to -current by me, djm@ ok.
+ - djm@cvs.openbsd.org 2003/01/10 08:48:15
+ [sftp-client.c]
+ Simplify and avoid redundancy in packet send and receive
+ functions; ok fgs@
+ - djm@cvs.openbsd.org 2003/01/10 10:29:35
+ [scp.c]
+ Don't ftruncate after write error, creating sparse files of
+ incorrect length
+ mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
+ - djm@cvs.openbsd.org 2003/01/10 10:32:54
+ [channels.c]
+ hush socket() errors, except last. Fixes mindrot bug #408; ok markus@
+
+20030108
+ - (djm) Sync openbsd-compat/ with OpenBSD -current
+ - (djm) Avoid redundant xstrdup/xfree in auth2-pam.c. From Solar via markus@
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2003/01/01 18:08:52
+ [channels.c]
+ move big output buffer messages to debug2
+ - djm@cvs.openbsd.org 2003/01/06 23:51:22
+ [sftp-client.c]
+ Fix "get -p" download to not add user-write perm. mindrot bug #426
+ reported by gfernandez@livevault.com; ok markus@
+ - fgsch@cvs.openbsd.org 2003/01/07 23:42:54
+ [sftp.1]
+ add version; from Nils Nordman <nino at nforced dot com> via markus@.
+ markus@ ok
+ - (djm) Update README to reflect AIX's status as a well supported platform.
+ From dtucker@zip.com.au
+ - (tim) [Makefile.in configure.ac] replace fixpath with sed script. Patch
+ by Mo DeJong.
+ - (tim) [auth.c] declare today at top of allowed_user() to keep
+ older compilers happy.
+ - (tim) [scp.c] make compilers without long long happy.
+
+20030107
+ - (djm) Bug #401: Work around Linux breakage with IPv6 mapped addresses.
+ Based on fix from yoshfuji@linux-ipv6.org
+ - (djm) Bug #442: Check for and deny access to accounts with locked
+ passwords. Patch from dtucker@zip.com.au
+ - (djm) Bug #44: Use local mkstemp() rather than glibc's silly one. Fixes
+ Can't pass KRB4 TGT passing. Fix from: jan.iven@cern.ch
+ - (djm) Fix Bug #442 for PAM case
+ - (djm) Bug #110: bogus error messages in lastlog_get_entry(). Fix based
+ on one by peak@argo.troja.mff.cuni.cz
+ - (djm) Bug #111: Run syslog and stderr logging through strnvis to eliminate
+ nasties. Report from peak@argo.troja.mff.cuni.cz
+ - (djm) Bug #178: On AIX /etc/nologin wasnt't shown to users. Fix from
+ Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au
+ - (djm) Fix my fix of the fix for the Bug #442 for PAM case. Spotted by
+ dtucker@zip.com.au. Reorder for clarity too.
+
+20030103
+ - (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from
+ cjwatson@debian.org
+ - (djm) Bug #460: Filling utmp[x]->ut_addr_v6 if present. Patch from
+ cjwatson@debian.org
+ - (djm) Bug #446: Set LOGIN env var to pw_name on AIX. Patch from
+ mii@ornl.gov
+
+20030101
+ - (stevesk) [session.c sshlogin.c sshlogin.h] complete portable
+ parts of pass addrlen with sockaddr * fix.
+ from Hajimu UMEMOTO <ume@FreeBSD.org>
+
+20021222
+ - (bal) OpenBSD CVS Sync
+ - fgsch@cvs.openbsd.org 2002/11/15 10:03:09
+ [authfile.c]
+ lseek(2) may return -1 when getting the public/private key lenght.
+ Simplify the code and check for errors using fstat(2).
+
+ Problem reported by Mauricio Sanchez, markus@ ok.
+ - markus@cvs.openbsd.org 2002/11/18 16:43:44
+ [clientloop.c]
+ don't overwrite SIG{INT,QUIT,TERM} handler if set to SIG_IGN;
+ e.g. if ssh is used for backup; report Joerg Schilling; ok millert@
+ - markus@cvs.openbsd.org 2002/11/21 22:22:50
+ [dh.c]
+ debug->debug2
+ - markus@cvs.openbsd.org 2002/11/21 22:45:31
+ [cipher.c kex.c packet.c sshconnect.c sshconnect2.c]
+ debug->debug2, unify debug messages
+ - deraadt@cvs.openbsd.org 2002/11/21 23:03:51
+ [auth-krb5.c auth1.c hostfile.h monitor_wrap.c sftp-client.c sftp-int.c ssh-add.c ssh-rsa.c
+ sshconnect.c]
+ KNF
+ - markus@cvs.openbsd.org 2002/11/21 23:04:33
+ [ssh.c]
+ debug->debug2
+ - stevesk@cvs.openbsd.org 2002/11/24 21:46:24
+ [ssh-keysign.8]
+ typo: "the the"
+ - wcobb@cvs.openbsd.org 2002/11/26 00:45:03
+ [scp.c ssh-keygen.c]
+ Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default.
+ ok markus@
+ - stevesk@cvs.openbsd.org 2002/11/26 02:35:30
+ [ssh-keygen.1]
+ remove outdated statement; ok markus@ deraadt@
+ - stevesk@cvs.openbsd.org 2002/11/26 02:38:54
+ [canohost.c]
+ KNF, comment and error message repair; ok markus@
+ - markus@cvs.openbsd.org 2002/11/27 17:53:35
+ [scp.c sftp.c ssh.c]
+ allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp;
+ http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
+ - stevesk@cvs.openbsd.org 2002/12/04 04:36:47
+ [session.c]
+ remove xauth entries before add; PR 2994 from janjaap@stack.nl.
+ ok markus@
+ - markus@cvs.openbsd.org 2002/12/05 11:08:35
+ [scp.c]
+ use roundup() similar to rcp/util.c and avoid problems with strange
+ filesystem block sizes, noted by tjr@freebsd.org; ok djm@
+ - djm@cvs.openbsd.org 2002/12/06 05:20:02
+ [sftp.1]
+ Fix cut'n'paste error, spotted by matthias.riese@b-novative.de; ok deraadt@
+ - millert@cvs.openbsd.org 2002/12/09 16:50:30
+ [ssh.c]
+ Avoid setting optind to 0 as GNU getopt treats that like we do optreset.
+ markus@ OK
+ - markus@cvs.openbsd.org 2002/12/10 08:56:00
+ [session.c]
+ Make sure $SHELL points to the shell from the password file, even if shell
+ is overridden from login.conf; bug#453; semen at online.sinor.ru; ok millert@
+ - markus@cvs.openbsd.org 2002/12/10 19:26:50
+ [packet.c]
+ move tos handling to packet_set_tos; ok provos/henning/deraadt
+ - markus@cvs.openbsd.org 2002/12/10 19:47:14
+ [packet.c]
+ static
+ - markus@cvs.openbsd.org 2002/12/13 10:03:15
+ [channels.c misc.c sshconnect2.c]
+ cleanup debug messages, more useful information for the client user.
+ - markus@cvs.openbsd.org 2002/12/13 15:20:52
+ [scp.c]
+ 1) include stalling time in total time
+ 2) truncate filenames to 45 instead of 20 characters
+ 3) print rate instead of progress bar, no more stars
+ 4) scale output to tty width
+ based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
+ - (bal) [msg.c msg.h scp.c ssh-keysign.c sshconnect2.c] Resync CVS IDs since
+ we already did s/msg_send/ssh_msg_send/
+
+20021205
+ - (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org
+
+20021122
+ - (tim) [configure.ac] fix STDPATH test for IRIX. First reported by
+ advax@triumf.ca. This type of solution tested by <herb@sgi.com>
+
+20021113
+ - (tim) [configure.ac] remove unused variables no_libsocket and no_libnsl
+
+20021111
+ - (tim) [contrib/solaris/opensshd.in] add umask 022 so sshd.pid is
+ not world writable.
+
+20021109
+ - (bal) OpenBSD CVS Sync
+ - itojun@cvs.openbsd.org 2002/10/16 14:31:48
+ [sftp-common.c]
+ 64bit pedant. %llu is "unsigned long long". markus ok
+ - markus@cvs.openbsd.org 2002/10/23 10:32:13
+ [packet.c]
+ use %u for u_int
+ - markus@cvs.openbsd.org 2002/10/23 10:40:16
+ [bufaux.c]
+ %u for u_int
+ - markus@cvs.openbsd.org 2002/11/04 10:07:53
+ [auth.c]
+ don't compare against pw_home if realpath fails for pw_home (seen
+ on AFS); ok djm@
+ - markus@cvs.openbsd.org 2002/11/04 10:09:51
+ [packet.c]
+ log before send disconnect; ok djm@
+ - markus@cvs.openbsd.org 2002/11/05 19:45:20
+ [monitor.c]
+ handle overflows for size_t larger than u_int; siw@goneko.de, bug #425
+ - markus@cvs.openbsd.org 2002/11/05 20:10:37
+ [sftp-client.c]
+ typo; GaryF@livevault.com
+ - markus@cvs.openbsd.org 2002/11/07 16:28:47
+ [sshd.c]
+ log to stderr if -ie is given, bug #414, prj@po.cwru.edu
+ - markus@cvs.openbsd.org 2002/11/07 22:08:07
+ [readconf.c readconf.h ssh-keysign.8 ssh-keysign.c]
+ we cannot use HostbasedAuthentication for enabling ssh-keysign(8),
+ because HostbasedAuthentication might be enabled based on the
+ target host and ssh-keysign(8) does not know the remote hostname
+ and not trust ssh(1) about the hostname, so we add a new option
+ EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
+ - markus@cvs.openbsd.org 2002/11/07 22:35:38
+ [scp.c]
+ check exit status from ssh, and exit(1) if ssh fails; bug#369;
+ binder@arago.de
+ - (bal) Update ssh-host-config and minor rewrite of bsd-cygwin_util.c
+ ntsec now default if cygwin version beginning w/ version 56. Patch
+ by Corinna Vinschen <vinschen@redhat.com>
+ - (bal) AIX does not log login attempts for unknown users (bug #432).
+ patch by dtucker@zip.com.au
+
+20021021
+ - (djm) Bug #400: Kill ssh-rand-helper children on timeout, patch from
+ dtucker@zip.com.au
+ - (djm) Bug #317: FreeBSD needs libutil.h for openpty() Report from
+ dirk.meyer@dinoex.sub.org
+
+20021015
+ - (bal) Fix bug id 383 and only call loginrestrict for AIX if not root.
+ - (bal) More advanced strsep test by Darren Tucker <dtucker@zip.com.au>
+
+20021015
+ - (tim) [contrib/caldera/openssh.spec] make ssh-agent setgid nobody
+
+20021004
+ - (bal) Disable post-authentication Privsep for OSF/1. It conflicts with
+ SIA.
+
20021003
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/10/01 20:34:12
[version.h]
OpenSSH 3.5
- (djm) Bump RPM spec version numbers
- - (djm) Bug #406 s/msg_send/ssh_msh_send/ for Mac OS X 1.2
+ - (djm) Bug #406: s/msg_send/ssh_msg_send/ for Mac OS X 1.2
20020930
- (djm) Tidy contrib/, add Makefile for GNOME passphrase dialogs,
RAND_HELPER=$(libexecdir)/ssh-rand-helper
PRIVSEP_PATH=@PRIVSEP_PATH@
SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
+STRIP_OPT=@STRIP_OPT@
PATHS= -DSSHDIR=\"$(sysconfdir)\" \
-D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \
RANLIB=@RANLIB@
INSTALL=@INSTALL@
PERL=@PERL@
+SED=@SED@
ENT=@ENT@
XAUTH_PATH=@XAUTH_PATH@
LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@
-@NO_SFTP@SFTP_PROGS=sftp-server$(EXEEXT) sftp$(EXEEXT)
-
-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} $(SFTP_PROGS)
-
-LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dh.o dispatch.o fatal.o mac.o msg.o hostfile.o key.o kex.o kexdh.o kexgex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o scard.o scard-opensc.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o monitor_wrap.o monitor_fdpass.o
-
-SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o sshtty.o readconf.o clientloop.o
-
-SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-krb5.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o monitor_mm.o monitor.o
+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT)
+
+LIBSSH_OBJS=authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o \
+ cipher.o compat.o compress.o crc32.o deattack.o fatal.o \
+ hostfile.o log.o match.o mpaux.o nchan.o packet.o readpass.o \
+ rsa.o tildexpand.o ttymodes.o xmalloc.o atomicio.o \
+ key.o dispatch.o kex.o mac.o uuencode.o misc.o \
+ rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o kexgex.o \
+ kexdhc.o kexgexc.o scard.o msg.o progressmeter.o \
+ entropy.o
+
+SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
+ sshconnect.o sshconnect1.o sshconnect2.o
+
+SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
+ sshpty.o sshlogin.o servconf.o serverloop.o uidswap.o \
+ auth.o auth1.o auth2.o auth-options.o session.o \
+ auth-chall.o auth2-chall.o groupaccess.o \
+ auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
+ auth2-none.o auth2-passwd.o auth2-pubkey.o \
+ monitor_mm.o monitor.o monitor_wrap.o monitor_fdpass.o \
+ kexdhs.o kexgexs.o \
+ auth-krb5.o auth-krb4.o \
+ loginrec.o auth-pam.o auth2-pam.o auth-sia.o md5crypt.o
MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out
MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5
CONFIGFILES_IN=sshd_config ssh_config moduli
PATHSUBS = \
- -D/etc/ssh/ssh_prng_cmds=$(sysconfdir)/ssh_prng_cmds \
- -D/etc/ssh/ssh_config=$(sysconfdir)/ssh_config \
- -D/etc/ssh/ssh_known_hosts=$(sysconfdir)/ssh_known_hosts \
- -D/etc/ssh/sshd_config=$(sysconfdir)/sshd_config \
- -D/usr/libexec=$(libexecdir) \
- -D/etc/shosts.equiv=$(sysconfdir)/shosts.equiv \
- -D/etc/ssh/ssh_host_key=$(sysconfdir)/ssh_host_key \
- -D/etc/ssh/ssh_host_dsa_key=$(sysconfdir)/ssh_host_dsa_key \
- -D/etc/ssh/ssh_host_rsa_key=$(sysconfdir)/ssh_host_rsa_key \
- -D/var/run/sshd.pid=$(piddir)/sshd.pid \
- -D/etc/ssh/moduli=$(sysconfdir)/moduli \
- -D/etc/ssh/sshrc=$(sysconfdir)/sshrc \
- -D/usr/X11R6/bin/xauth=$(XAUTH_PATH) \
- -D/var/empty=$(PRIVSEP_PATH) \
- -D/usr/bin:/bin:/usr/sbin:/sbin=@user_path@
-
-FIXPATHSCMD = $(PERL) $(srcdir)/fixpaths $(PATHSUBS)
+ -e 's|/etc/ssh/ssh_prng_cmds|$(sysconfdir)/ssh_prng_cmds|g' \
+ -e 's|/etc/ssh/ssh_config|$(sysconfdir)/ssh_config|g' \
+ -e 's|/etc/ssh/ssh_known_hosts|$(sysconfdir)/ssh_known_hosts|g' \
+ -e 's|/etc/ssh/sshd_config|$(sysconfdir)/sshd_config|g' \
+ -e 's|/usr/libexec|$(libexecdir)|g' \
+ -e 's|/etc/shosts.equiv|$(sysconfdir)/shosts.equiv|g' \
+ -e 's|/etc/ssh/ssh_host_key|$(sysconfdir)/ssh_host_key|g' \
+ -e 's|/etc/ssh/ssh_host_dsa_key|$(sysconfdir)/ssh_host_dsa_key|g' \
+ -e 's|/etc/ssh/ssh_host_rsa_key|$(sysconfdir)/ssh_host_rsa_key|g' \
+ -e 's|/var/run/sshd.pid|$(piddir)/sshd.pid|g' \
+ -e 's|/etc/ssh/moduli|$(sysconfdir)/moduli|g' \
+ -e 's|/etc/sshrc|$(sysconfdir)/sshrc|g' \
+ -e 's|/usr/X11R6/bin/xauth|$(XAUTH_PATH)|g' \
+ -e 's|/var/empty|$(PRIVSEP_PATH)|g' \
+ -e 's|/usr/bin:/bin:/usr/sbin:/sbin|@user_path@|g'
+
+FIXPATHSCMD = $(SED) $(PATHSUBS)
all: $(CONFIGFILES) $(MANPAGES) $(TARGETS)
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBS)
-scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o
- $(LD) -o $@ scp.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
+ $(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o
$(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o
$(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-int.o sftp-common.o sftp-glob.o
- $(LD) -o $@ sftp.o sftp-client.o sftp-common.o sftp-int.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-int.o sftp-common.o sftp-glob.o progressmeter.o
+ $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-int.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
ssh-rand-helper${EXEEXT}: $(LIBCOMPAT) libssh.a ssh-rand-helper.o
$(LD) -o $@ ssh-rand-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
$(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
(umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH))
- $(INSTALL) -m 0755 -s ssh $(DESTDIR)$(bindir)/ssh
- $(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp
- $(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add
- $(INSTALL) -m 0755 -s ssh-agent $(DESTDIR)$(bindir)/ssh-agent
- $(INSTALL) -m 0755 -s ssh-keygen $(DESTDIR)$(bindir)/ssh-keygen
- $(INSTALL) -m 0755 -s ssh-keyscan $(DESTDIR)$(bindir)/ssh-keyscan
- $(INSTALL) -m 0755 -s sshd $(DESTDIR)$(sbindir)/sshd
+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh $(DESTDIR)$(bindir)/ssh
+ $(INSTALL) -m 0755 $(STRIP_OPT) scp $(DESTDIR)$(bindir)/scp
+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh-add $(DESTDIR)$(bindir)/ssh-add
+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh-agent $(DESTDIR)$(bindir)/ssh-agent
+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen $(DESTDIR)$(bindir)/ssh-keygen
+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan $(DESTDIR)$(bindir)/ssh-keyscan
+ $(INSTALL) -m 0755 $(STRIP_OPT) sshd $(DESTDIR)$(sbindir)/sshd
if test ! -z "$(INSTALL_SSH_RAND_HELPER)" ; then \
- $(INSTALL) -m 0755 -s ssh-rand-helper $(DESTDIR)$(libexecdir)/ssh-rand-helper ; \
+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh-rand-helper $(DESTDIR)$(libexecdir)/ssh-rand-helper ; \
fi
- $(INSTALL) -m 4711 -s ssh-keysign $(DESTDIR)$(SSH_KEYSIGN)
- @NO_SFTP@$(INSTALL) -m 0755 -s sftp $(DESTDIR)$(bindir)/sftp
- @NO_SFTP@$(INSTALL) -m 0755 -s sftp-server $(DESTDIR)$(SFTP_SERVER)
+ $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign $(DESTDIR)$(SSH_KEYSIGN)
+ $(INSTALL) -m 0755 $(STRIP_OPT) sftp $(DESTDIR)$(bindir)/sftp
+ $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server $(DESTDIR)$(SFTP_SERVER)
$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
$(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
$(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
if [ ! -z "$(INSTALL_SSH_RAND_HELPER)" ]; then \
$(INSTALL) -m 644 ssh-rand-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 ; \
fi
- @NO_SFTP@$(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
- @NO_SFTP@$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
+ $(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
+ $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
$(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
-rm -f $(DESTDIR)$(bindir)/slogin
ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
This port consists of the re-introduction of autoconf support, PAM
support (for Linux and Solaris), EGD[1]/PRNGD[2] support and replacements
for OpenBSD library functions that are (regrettably) absent from other
-unices. This port has been best tested on Linux, Solaris, HP-UX, NetBSD
-and Irix. Support for AIX, SCO, NeXT and other Unices is underway.
+unices. This port has been best tested on Linux, Solaris, HP-UX, NetBSD,
+Irix and AIX. Support for SCO, NeXT and other Unices is underway.
This version actively tracks changes in the OpenBSD CVS repository.
The PAM support is now more functional than the popular packages of
configuration. PAMAuthenticationViaKbdInt does not function with
privsep.
+On Compaq Tru64 Unix, only the pre-authentication part of privsep is
+supported. Post-authentication privsep is disabled automatically (so
+you won't see the additional process mentioned below).
+
Note that for a normal interactive login with a shell, enabling privsep
will require 1 additional process per login session.
- Write a test program that calls stat() to search for EGD/PRNGd socket
rather than use the (non-portable) "test -S".
-- Replacement for setproctitle() - HP-UX support only currently
+- More platforms for for setproctitle() emulation (testing needed)
- Handle changing passwords for the non-PAM expired password case
(vinschen@redhat.com)
- Replace the whole u_intXX_t evilness in acconfig.h with something better???
+ - Do it in configure.ac
- Consider splitting the u_intXX_t test for sys/bitype.h into seperate test
to allow people to (right/wrongfully) link against Bind directly.
/* Define if your platform needs to skip post auth file descriptor passing */
#undef DISABLE_FD_PASSING
+/* Silly mkstemp() */
+#undef HAVE_STRICT_MKSTEMP
+
+/* Setproctitle emulation */
+#undef SETPROCTITLE_STRATEGY
+#undef SETPROCTITLE_PS_PADDING
+
+/* Some systems put this outside of libc */
+#undef HAVE_NANOSLEEP
+
+/* Pushing STREAMS modules incorrectly acquires a controlling TTY */
+#undef STREAMS_PUSH_ACQUIRES_CTTY
+
@BOTTOM@
/* ******************* Shouldn't need to edit below this line ************** */
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-krb4.c,v 1.28 2002/09/26 11:38:43 markus Exp $");
+RCSID("$OpenBSD: auth-krb4.c,v 1.29 2003/02/21 10:34:48 mpech Exp $");
#include "ssh.h"
#include "ssh1.h"
reply->length = r;
/* Clear session key. */
- memset(&adat.session, 0, sizeof(&adat.session));
+ memset(&adat.session, 0, sizeof(adat.session));
return (1);
}
#endif /* KRB4 */
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-krb5.c,v 1.9 2002/09/09 06:48:06 itojun Exp $");
+RCSID("$OpenBSD: auth-krb5.c,v 1.10 2002/11/21 23:03:51 deraadt Exp $");
#include "ssh.h"
#include "ssh1.h"
if (problem)
goto err;
- problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL ,
+ problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL,
KRB5_NT_SRV_HST, &server);
if (problem)
goto err;
do_pam_set_conv(&conv);
- /* deny if no user. */
- if (pw == NULL)
- return 0;
- if (pw->pw_uid == 0 && options.permit_root_login == PERMIT_NO_PASSWD)
- return 0;
- if (*password == '\0' && options.permit_empty_passwd == 0)
- return 0;
-
__pampasswd = password;
pamstate = INITIAL_LOGIN;
int
auth_password(Authctxt *authctxt, const char *password)
{
-#if defined(USE_PAM)
- if (*password == '\0' && options.permit_empty_passwd == 0)
- return 0;
- return auth_pam_password(authctxt, password);
-#elif defined(HAVE_OSF_SIA)
- if (*password == '\0' && options.permit_empty_passwd == 0)
- return 0;
- return auth_sia_password(authctxt, password);
-#else
struct passwd * pw = authctxt->pw;
+#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
char *encrypted_password;
char *pw_password;
char *salt;
-#if defined(__hpux) || defined(HAVE_SECUREWARE)
+# if defined(__hpux) || defined(HAVE_SECUREWARE)
struct pr_passwd *spw;
-#endif /* __hpux || HAVE_SECUREWARE */
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+# endif /* __hpux || HAVE_SECUREWARE */
+# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
struct spwd *spw;
-#endif
-#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
+# endif
+# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
struct passwd_adjunct *spw;
-#endif
-#ifdef WITH_AIXAUTHENTICATE
+# endif
+# ifdef WITH_AIXAUTHENTICATE
char *authmsg;
int authsuccess;
int reenter = 1;
-#endif
+# endif
+#endif /* !defined(USE_PAM) && !defined(HAVE_OSF_SIA) */
/* deny if no user. */
if (pw == NULL)
#endif
if (*password == '\0' && options.permit_empty_passwd == 0)
return 0;
-#ifdef KRB5
+
+#if defined(USE_PAM)
+ return auth_pam_password(authctxt, password);
+#elif defined(HAVE_OSF_SIA)
+ return auth_sia_password(authctxt, password);
+#else
+# ifdef KRB5
if (options.kerberos_authentication == 1) {
int ret = auth_krb5_password(authctxt, password);
if (ret == 1 || ret == 0)
return ret;
/* Fall back to ordinary passwd authentication. */
}
-#endif
-#ifdef HAVE_CYGWIN
+# endif
+# ifdef HAVE_CYGWIN
if (is_winnt) {
HANDLE hToken = cygwin_logon_user(pw, password);
cygwin_set_impersonation_token(hToken);
return 1;
}
-#endif
-#ifdef WITH_AIXAUTHENTICATE
+# endif
+# ifdef WITH_AIXAUTHENTICATE
authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0);
if (authsuccess)
aixloginmsg = NULL;
return(authsuccess);
-#endif
-#ifdef KRB4
+# endif
+# ifdef KRB4
if (options.kerberos_authentication == 1) {
int ret = auth_krb4_password(authctxt, password);
if (ret == 1 || ret == 0)
return ret;
/* Fall back to ordinary passwd authentication. */
}
-#endif
-#ifdef BSD_AUTH
+# endif
+# ifdef BSD_AUTH
if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh",
(char *)password) == 0)
return 0;
else
return 1;
-#endif
+# endif
pw_password = pw->pw_passwd;
/*
* Various interfaces to shadow or protected password data
*/
-#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
+# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
spw = getspnam(pw->pw_name);
if (spw != NULL)
pw_password = spw->sp_pwdp;
-#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
+# endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
-#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
+# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
pw_password = spw->pwa_passwd;
-#endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */
+# endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */
-#ifdef HAVE_SECUREWARE
+# ifdef HAVE_SECUREWARE
if ((spw = getprpwnam(pw->pw_name)) != NULL)
pw_password = spw->ufld.fd_encrypt;
-#endif /* HAVE_SECUREWARE */
+# endif /* HAVE_SECUREWARE */
-#if defined(__hpux) && !defined(HAVE_SECUREWARE)
+# if defined(__hpux) && !defined(HAVE_SECUREWARE)
if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL)
pw_password = spw->ufld.fd_encrypt;
-#endif /* defined(__hpux) && !defined(HAVE_SECUREWARE) */
+# endif /* defined(__hpux) && !defined(HAVE_SECUREWARE) */
/* Check for users with no password. */
if ((password[0] == '\0') && (pw_password[0] == '\0'))
else
salt = "xx";
-#ifdef HAVE_MD5_PASSWORDS
+# ifdef HAVE_MD5_PASSWORDS
if (is_md5_salt(salt))
encrypted_password = md5_crypt(password, salt);
else
encrypted_password = crypt(password, salt);
-#else /* HAVE_MD5_PASSWORDS */
-# if defined(__hpux) && !defined(HAVE_SECUREWARE)
+# else /* HAVE_MD5_PASSWORDS */
+# if defined(__hpux) && !defined(HAVE_SECUREWARE)
if (iscomsec())
encrypted_password = bigcrypt(password, salt);
else
encrypted_password = crypt(password, salt);
-# else
-# ifdef HAVE_SECUREWARE
- encrypted_password = bigcrypt(password, salt);
# else
+# ifdef HAVE_SECUREWARE
+ encrypted_password = bigcrypt(password, salt);
+# else
encrypted_password = crypt(password, salt);
-# endif /* HAVE_SECUREWARE */
-# endif /* __hpux && !defined(HAVE_SECUREWARE) */
-#endif /* HAVE_MD5_PASSWORDS */
+# endif /* HAVE_SECUREWARE */
+# endif /* __hpux && !defined(HAVE_SECUREWARE) */
+# endif /* HAVE_MD5_PASSWORDS */
/* Authentication is accepted if the encrypted passwords are identical. */
return (strcmp(encrypted_password, pw_password) == 0);
extern int saved_argc;
extern char **saved_argv;
-extern int errno;
-
int
auth_sia_password(Authctxt *authctxt, char *pass)
{
int ret;
SIAENTITY *ent = NULL;
const char *host;
- char *user = authctxt->user;
host = get_canonical_hostname(options.verify_reverse_mapping);
- if (!user || !pass || pass[0] == '\0')
+ if (!authctxt->user || !pass || pass[0] == '\0')
return(0);
- if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, NULL, 0,
- NULL) != SIASUCCESS)
+ if (sia_ses_init(&ent, saved_argc, saved_argv, host, authctxt->user,
+ NULL, 0, NULL) != SIASUCCESS)
return(0);
if ((ret = sia_ses_authent(NULL, pass, ent)) != SIASUCCESS) {
- error("Couldn't authenticate %s from %s", user, host);
+ error("Couldn't authenticate %s from %s", authctxt->user,
+ host);
if (ret & SIASTOP)
sia_ses_release(&ent);
return(0);
}
void
-session_setup_sia(char *user, char *tty)
+session_setup_sia(struct passwd *pw, char *tty)
{
- struct passwd *pw;
SIAENTITY *ent = NULL;
const char *host;
- host = get_canonical_hostname (options.verify_reverse_mapping);
+ host = get_canonical_hostname(options.verify_reverse_mapping);
- if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, tty, 0,
- NULL) != SIASUCCESS) {
+ if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name, tty,
+ 0, NULL) != SIASUCCESS)
fatal("sia_ses_init failed");
- }
- if ((pw = getpwnam(user)) == NULL) {
- sia_ses_release(&ent);
- fatal("getpwnam: no user: %s", user);
- }
if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) {
sia_ses_release(&ent);
fatal("sia_make_entity_pwd failed");
}
ent->authtype = SIA_A_NONE;
- if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) {
- fatal("Couldn't establish session for %s from %s", user,
- host);
- }
-
- if (setpriority(PRIO_PROCESS, 0, 0) == -1) {
- sia_ses_release(&ent);
- fatal("setpriority: %s", strerror (errno));
- }
+ if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS)
+ fatal("Couldn't establish session for %s from %s",
+ pw->pw_name, host);
- if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) {
- fatal("Couldn't launch session for %s from %s", user, host);
- }
+ if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS)
+ fatal("Couldn't launch session for %s from %s", pw->pw_name,
+ host);
sia_ses_release(&ent);
- if (setreuid(geteuid(), geteuid()) < 0) {
+ if (setreuid(geteuid(), geteuid()) < 0)
fatal("setreuid: %s", strerror(errno));
- }
}
#endif /* HAVE_OSF_SIA */
#ifdef HAVE_OSF_SIA
int auth_sia_password(Authctxt *authctxt, char *pass);
-void session_setup_sia(char *user, char *tty);
+void session_setup_sia(struct passwd *pw, char *tty);
#endif /* HAVE_OSF_SIA */
*/
#include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.45 2002/09/20 18:41:29 stevesk Exp $");
+RCSID("$OpenBSD: auth.c,v 1.46 2002/11/04 10:07:53 markus Exp $");
#ifdef HAVE_LOGIN_H
#include <login.h>
char *loginmsg;
#endif /* WITH_AIXAUTHENTICATE */
#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
- !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
+ !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
struct spwd *spw;
+ time_t today;
+#endif
/* Shouldn't be called if pw is NULL, but better safe than sorry... */
if (!pw || !pw->pw_name)
return 0;
+#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
+ !defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
#define DAY (24L * 60 * 60) /* 1 day in seconds */
- spw = getspnam(pw->pw_name);
- if (spw != NULL) {
- time_t today = time(NULL) / DAY;
+ if ((spw = getspnam(pw->pw_name)) != NULL) {
+ today = time(NULL) / DAY;
debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
" sp_max %d", (int)today, (int)spw->sp_expire,
(int)spw->sp_lstchg, (int)spw->sp_max);
return 0;
}
}
-#else
- /* Shouldn't be called if pw is NULL, but better safe than sorry... */
- if (!pw || !pw->pw_name)
- return 0;
#endif
/*
}
#ifdef WITH_AIXAUTHENTICATE
- if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) {
+ /*
+ * Don't check loginrestrictions() for root account (use
+ * PermitRootLogin to control logins via ssh), or if running as
+ * non-root user (since loginrestrictions will always fail).
+ */
+ if ((pw->pw_uid != 0) && (geteuid() == 0) &&
+ loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) {
+ int loginrestrict_errno = errno;
+
if (loginmsg && *loginmsg) {
/* Remove embedded newlines (if any) */
char *p;
}
/* Remove trailing newline */
*--p = '\0';
- log("Login restricted for %s: %.100s", pw->pw_name, loginmsg);
+ log("Login restricted for %s: %.100s", pw->pw_name,
+ loginmsg);
}
- return 0;
+ /* Don't fail if /etc/nologin set */
+ if (!(loginrestrict_errno == EPERM &&
+ stat(_PATH_NOLOGIN, &st) == 0))
+ return 0;
}
#endif /* WITH_AIXAUTHENTICATE */
uid_t uid = pw->pw_uid;
char buf[MAXPATHLEN], homedir[MAXPATHLEN];
char *cp;
+ int comparehome = 0;
struct stat st;
if (realpath(file, buf) == NULL) {
strerror(errno));
return -1;
}
- if (realpath(pw->pw_dir, homedir) == NULL) {
- snprintf(err, errlen, "realpath %s failed: %s", pw->pw_dir,
- strerror(errno));
- return -1;
- }
+ if (realpath(pw->pw_dir, homedir) != NULL)
+ comparehome = 1;
/* check the open file to avoid races */
if (fstat(fileno(f), &st) < 0 ||
}
/* If are passed the homedir then we can stop */
- if (strcmp(homedir, buf) == 0) {
+ if (comparehome && strcmp(homedir, buf) == 0) {
debug3("secure_filename: terminating check at '%s'",
buf);
break;
if (pw == NULL) {
log("Illegal user %.100s from %.100s",
user, get_remote_ipaddr());
+#ifdef WITH_AIXAUTHENTICATE
+ loginfailed(user,
+ get_canonical_hostname(options.verify_reverse_mapping),
+ "ssh");
+#endif
return (NULL);
}
if (!allowed_user(pw))
*/
#include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.44 2002/09/26 11:38:43 markus Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.47 2003/02/06 21:22:42 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
snprintf(info, sizeof(info),
" tktuser %.100s",
client_user);
-
+
/* Send response to client */
packet_start(
SSH_SMSG_AUTH_KERBEROS_RESPONSE);
debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
if (options.challenge_response_authentication == 1) {
char *response = packet_get_string(&dlen);
- debug("got response '%s'", response);
packet_check_eom();
authenticated = verify_response(authctxt, response);
memset(response, 'r', dlen);
}
#else
/* Special handling for root */
- if (!use_privsep &&
- authenticated && authctxt->pw->pw_uid == 0 &&
+ if (authenticated && authctxt->pw->pw_uid == 0 &&
!auth_root_allowed(get_authname(type)))
authenticated = 0;
#endif
resp = packet_get_string(&rlen);
context_pam2.responses[j].resp_retcode = PAM_SUCCESS;
- context_pam2.responses[j].resp = xstrdup(resp);
- xfree(resp);
+ context_pam2.responses[j].resp = resp;
context_pam2.num_received++;
}
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.95 2002/08/22 21:33:58 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.96 2003/02/06 21:22:43 markus Exp $");
#include "ssh2.h"
#include "xmalloc.h"
authctxt->user);
/* Special handling for root */
- if (!use_privsep &&
- authenticated && authctxt->pw->pw_uid == 0 &&
+ if (authenticated && authctxt->pw->pw_uid == 0 &&
!auth_root_allowed(method))
authenticated = 0;
*/
#include "includes.h"
-RCSID("$OpenBSD: authfd.c,v 1.57 2002/09/11 18:27:26 stevesk Exp $");
+RCSID("$OpenBSD: authfd.c,v 1.58 2003/01/23 13:50:27 markus Exp $");
#include <openssl/evp.h>
int
ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key,
- const char *comment, u_int life)
+ const char *comment, u_int life, u_int confirm)
{
Buffer msg;
- int type, constrained = (life != 0);
+ int type, constrained = (life || confirm);
buffer_init(&msg);
buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME);
buffer_put_int(&msg, life);
}
+ if (confirm != 0)
+ buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_CONFIRM);
}
if (ssh_request_reply(auth, &msg, &msg) == 0) {
buffer_free(&msg);
int
ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment)
{
- return ssh_add_identity_constrained(auth, key, comment, 0);
+ return ssh_add_identity_constrained(auth, key, comment, 0, 0);
}
/*
-/* $OpenBSD: authfd.h,v 1.31 2002/09/11 18:27:25 stevesk Exp $ */
+/* $OpenBSD: authfd.h,v 1.32 2003/01/23 13:50:27 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
#define SSH2_AGENTC_ADD_ID_CONSTRAINED 25
#define SSH_AGENT_CONSTRAIN_LIFETIME 1
+#define SSH_AGENT_CONSTRAIN_CONFIRM 2
/* extended failure messages */
#define SSH2_AGENT_FAILURE 30
Key *ssh_get_first_identity(AuthenticationConnection *, char **, int);
Key *ssh_get_next_identity(AuthenticationConnection *, char **, int);
int ssh_add_identity(AuthenticationConnection *, Key *, const char *);
-int ssh_add_identity_constrained(AuthenticationConnection *, Key *, const char *, u_int);
+int ssh_add_identity_constrained(AuthenticationConnection *, Key *,
+ const char *, u_int, u_int);
int ssh_remove_identity(AuthenticationConnection *, Key *);
int ssh_remove_all_identities(AuthenticationConnection *, int);
int ssh_lock_agent(AuthenticationConnection *, int, const char *);
*/
#include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.50 2002/06/24 14:55:38 markus Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.52 2003/03/13 11:42:18 markus Exp $");
#include <openssl/err.h>
#include <openssl/evp.h>
{
Buffer buffer;
Key *pub;
+ struct stat st;
char *cp;
int i;
off_t len;
- len = lseek(fd, (off_t) 0, SEEK_END);
- lseek(fd, (off_t) 0, SEEK_SET);
+ if (fstat(fd, &st) < 0) {
+ error("fstat for key file %.200s failed: %.100s",
+ filename, strerror(errno));
+ return NULL;
+ }
+ len = st.st_size;
buffer_init(&buffer);
cp = buffer_append_space(&buffer, len);
CipherContext ciphercontext;
Cipher *cipher;
Key *prv = NULL;
+ struct stat st;
- len = lseek(fd, (off_t) 0, SEEK_END);
- lseek(fd, (off_t) 0, SEEK_SET);
+ if (fstat(fd, &st) < 0) {
+ error("fstat for key file %.200s failed: %.100s",
+ filename, strerror(errno));
+ close(fd);
+ return NULL;
+ }
+ len = st.st_size;
buffer_init(&buffer);
cp = buffer_append_space(&buffer, len);
rsa_generate_additional_parameters(prv->rsa);
buffer_free(&decrypted);
+
+ /* enable blinding */
+ if (RSA_blinding_on(prv->rsa, NULL) != 1) {
+ error("key_load_private_rsa1: RSA_blinding_on failed");
+ goto fail;
+ }
close(fd);
return prv;
#ifdef DEBUG_PK
RSA_print_fp(stderr, prv->rsa, 8);
#endif
+ if (RSA_blinding_on(prv->rsa, NULL) != 1) {
+ error("key_load_private_pem: RSA_blinding_on failed");
+ key_free(prv);
+ prv = NULL;
+ }
} else if (pk->type == EVP_PKEY_DSA &&
(type == KEY_UNSPEC||type==KEY_DSA)) {
prv = key_new(KEY_UNSPEC);
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
--disable-largefile omit support for large files
+ --disable-strip Disable calling strip(1) on install
--disable-lastlog disable use of lastlog even if detected no
--disable-utmp disable use of utmp even if detected no
--disable-utmpx disable use of utmpx even if detected no
test -n "$PERL" && break
done
+# Extract the first word of "sed", so it can be a program name with args.
+set dummy sed; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_path_SED+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ case $SED in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_SED="$SED" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_path_SED="$as_dir/$ac_word$ac_exec_ext"
+ echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+done
+
+ ;;
+esac
+fi
+SED=$ac_cv_path_SED
+
+if test -n "$SED"; then
+ echo "$as_me:$LINENO: result: $SED" >&5
+echo "${ECHO_T}$SED" >&6
+else
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
# Extract the first word of "ent", so it can be a program name with args.
set dummy ent; ac_word=$2
cat >>confdefs.h <<\_ACEOF
@%:@define LOGIN_NEEDS_UTMPX 1
+_ACEOF
+
+ cat >>confdefs.h <<\_ACEOF
+@%:@define SETPROCTITLE_STRATEGY PS_USE_CLOBBER_ARGV
+_ACEOF
+
+ cat >>confdefs.h <<\_ACEOF
+@%:@define SETPROCTITLE_PS_PADDING '\0'
_ACEOF
;;
*-*-cygwin*)
+ check_for_libcrypt_later=1
LIBS="$LIBS /usr/lib/textmode.o"
cat >>confdefs.h <<\_ACEOF
@%:@define HAVE_CYGWIN 1
_ACEOF
cat >>confdefs.h <<\_ACEOF
-@%:@define SPT_TYPE SPT_PSTAT
+@%:@define SETPROCTITLE_STRATEGY PS_USE_PSTAT
_ACEOF
LIBS="$LIBS -lsec -lsecpw"
_ACEOF
cat >>confdefs.h <<\_ACEOF
-@%:@define SPT_TYPE SPT_PSTAT
+@%:@define SETPROCTITLE_STRATEGY PS_USE_PSTAT
_ACEOF
LIBS="$LIBS -lsec"
_ACEOF
cat >>confdefs.h <<\_ACEOF
-@%:@define SPT_TYPE SPT_PSTAT
+@%:@define SETPROCTITLE_STRATEGY PS_USE_PSTAT
_ACEOF
LIBS="$LIBS -lsec"
cat >>confdefs.h <<\_ACEOF
@%:@define PAM_TTY_KLUDGE 1
+_ACEOF
+
+ cat >>confdefs.h <<\_ACEOF
+@%:@define SETPROCTITLE_STRATEGY PS_USE_CLOBBER_ARGV
+_ACEOF
+
+ cat >>confdefs.h <<\_ACEOF
+@%:@define SETPROCTITLE_PS_PADDING '\0'
_ACEOF
inet6_default_4in6=yes
cat >>confdefs.h <<\_ACEOF
@%:@define PAM_TTY_KLUDGE 1
+_ACEOF
+
+ cat >>confdefs.h <<\_ACEOF
+@%:@define STREAMS_PUSH_ACQUIRES_CTTY 1
_ACEOF
# hardwire lastlog location (can't detect it on some versions)
do_sco3_extra_lib_check=yes
;;
*-*-sco3.2v5*)
+ if test -z "$GCC"; then
+ CFLAGS="$CFLAGS -belf"
+ fi
CPPFLAGS="$CPPFLAGS -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
LIBS="$LIBS -lprot -lx -ltinfo -lm"
MANTYPE=man
;;
*-*-unicosmk*)
- no_libsocket=1
- no_libnsl=1
cat >>confdefs.h <<\_ACEOF
@%:@define USE_PIPES 1
_ACEOF
MANTYPE=cat
;;
*-*-unicos*)
- no_libsocket=1
- no_libnsl=1
cat >>confdefs.h <<\_ACEOF
@%:@define USE_PIPES 1
_ACEOF
cat >>confdefs.h <<\_ACEOF
@%:@define DISABLE_LOGIN 1
+_ACEOF
+
+ cat >>confdefs.h <<\_ACEOF
+@%:@define DISABLE_FD_PASSING 1
_ACEOF
LIBS="$LIBS -lsecurity -ldb -lm -laud"
echo "${ECHO_T}no" >&6
fi
fi
+ cat >>confdefs.h <<\_ACEOF
+@%:@define DISABLE_FD_PASSING 1
+_ACEOF
+
;;
*-*-nto-qnx)
+
+
+
for ac_header in bstring.h crypt.h endian.h floatingpoint.h \
- getopt.h glob.h ia.h lastlog.h limits.h login.h \
+ getopt.h glob.h ia.h lastlog.h libgen.h limits.h login.h \
login_cap.h maillock.h netdb.h netgroup.h \
netinet/in_systm.h paths.h pty.h readpassphrase.h \
rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
- sys/mman.h sys/select.h sys/stat.h \
- sys/stropts.h sys/sysmacros.h sys/time.h \
+ sys/mman.h sys/pstat.h sys/select.h sys/stat.h \
+ sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
sys/un.h time.h tmpdir.h ttyent.h usersec.h \
util.h utime.h utmp.h utmpx.h
do
-for ac_func in arc4random b64_ntop bcopy bindresvport_sa \
- clock fchmod fchown freeaddrinfo futimes gai_strerror \
- getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\
- getrlimit getrusage getttyent glob inet_aton inet_ntoa \
- inet_ntop innetgr login_getcapbool md5_crypt memmove \
- mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \
- realpath recvmsg rresvport_af sendmsg setdtablesize setegid \
- setenv seteuid setgroups setlogin setproctitle setresgid setreuid \
- setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \
- socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \
- truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty
+
+
+
+
+
+for ac_func in \
+ arc4random __b64_ntop b64_ntop __b64_pton b64_pton basename bcopy \
+ bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
+ gai_strerror getaddrinfo getcwd getgrouplist getnameinfo getopt \
+ getpeereid _getpty getrlimit getrusage getttyent glob inet_aton \
+ inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
+ mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openpty pstat \
+ readpassphrase realpath recvmsg rresvport_af sendmsg setdtablesize \
+ setegid setenv seteuid setgroups setlogin setpcred setproctitle \
+ setresgid setreuid setrlimit setsid setvbuf sigaction sigvec \
+ snprintf socketpair strerror strlcat strlcpy strmode strnvis \
+ sysconf tcgetpgrp truncate utimes vhangup vsnprintf waitpid \
+
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+#line $LINENO "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below. */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func ();
+char (*f) ();
+
+#ifdef F77_DUMMY_MAIN
+# ifdef __cplusplus
+ extern "C"
+# endif
+ int F77_DUMMY_MAIN() { return 1; }
+#endif
+int
+main ()
+{
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+f = $ac_func;
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+cat conftest.$ac_ext >&5
+eval "$as_ac_var=no"
+fi
+rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+@%:@define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+echo "$as_me:$LINENO: checking for library containing nanosleep" >&5
+echo $ECHO_N "checking for library containing nanosleep... $ECHO_C" >&6
+if test "${ac_cv_search_nanosleep+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+ac_cv_search_nanosleep=no
+cat >conftest.$ac_ext <<_ACEOF
+#line $LINENO "configure"
+#include "confdefs.h"
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char nanosleep ();
+#ifdef F77_DUMMY_MAIN
+# ifdef __cplusplus
+ extern "C"
+# endif
+ int F77_DUMMY_MAIN() { return 1; }
+#endif
+int
+main ()
+{
+nanosleep ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_search_nanosleep="none required"
+else
+ echo "$as_me: failed program was:" >&5
+cat conftest.$ac_ext >&5
+fi
+rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
+if test "$ac_cv_search_nanosleep" = no; then
+ for ac_lib in rt posix4; do
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ cat >conftest.$ac_ext <<_ACEOF
+#line $LINENO "configure"
+#include "confdefs.h"
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char nanosleep ();
+#ifdef F77_DUMMY_MAIN
+# ifdef __cplusplus
+ extern "C"
+# endif
+ int F77_DUMMY_MAIN() { return 1; }
+#endif
+int
+main ()
+{
+nanosleep ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_search_nanosleep="-l$ac_lib"
+break
+else
+ echo "$as_me: failed program was:" >&5
+cat conftest.$ac_ext >&5
+fi
+rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
+ done
+fi
+LIBS=$ac_func_search_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_search_nanosleep" >&5
+echo "${ECHO_T}$ac_cv_search_nanosleep" >&6
+if test "$ac_cv_search_nanosleep" != no; then
+ test "$ac_cv_search_nanosleep" = "none required" || LIBS="$ac_cv_search_nanosleep $LIBS"
+ cat >>confdefs.h <<\_ACEOF
+@%:@define HAVE_NANOSLEEP 1
+_ACEOF
+
+fi
+
+
+echo "$as_me:$LINENO: checking whether strsep is declared" >&5
+echo $ECHO_N "checking whether strsep is declared... $ECHO_C" >&6
+if test "${ac_cv_have_decl_strsep+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+#line $LINENO "configure"
+#include "confdefs.h"
+$ac_includes_default
+#ifdef F77_DUMMY_MAIN
+# ifdef __cplusplus
+ extern "C"
+# endif
+ int F77_DUMMY_MAIN() { return 1; }
+#endif
+int
+main ()
+{
+#ifndef strsep
+ char *p = (char *) strsep;
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_have_decl_strsep=yes
+else
+ echo "$as_me: failed program was:" >&5
+cat conftest.$ac_ext >&5
+ac_cv_have_decl_strsep=no
+fi
+rm -f conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_have_decl_strsep" >&5
+echo "${ECHO_T}$ac_cv_have_decl_strsep" >&6
+if test $ac_cv_have_decl_strsep = yes; then
+
+for ac_func in strsep
do
as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
echo "$as_me:$LINENO: checking for $ac_func" >&5
fi
done
+fi
+
for ac_func in dirname
echo "$as_me: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&2;}
+fi
+rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+
+if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
+echo "$as_me:$LINENO: checking for (overly) strict mkstemp" >&5
+echo $ECHO_N "checking for (overly) strict mkstemp... $ECHO_C" >&6
+if test "$cross_compiling" = yes; then
+
+ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+ cat >>confdefs.h <<\_ACEOF
+@%:@define HAVE_STRICT_MKSTEMP 1
+_ACEOF
+
+
+
+else
+ cat >conftest.$ac_ext <<_ACEOF
+#line $LINENO "configure"
+#include "confdefs.h"
+
+#include <stdlib.h>
+main() { char template[]="conftest.mkstemp-test";
+if (mkstemp(template) == -1)
+ exit(1);
+unlink(template); exit(0);
+}
+
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+
+ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+
+else
+ echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+cat conftest.$ac_ext >&5
+( exit $ac_status )
+
+ echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+ cat >>confdefs.h <<\_ACEOF
+@%:@define HAVE_STRICT_MKSTEMP 1
+_ACEOF
+
+
fi
rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
fi
have_struct_timeval=1
fi
-# If we don't have int64_t then we can't compile sftp-server. So don't
-# even attempt to do it.
+echo "$as_me:$LINENO: checking for struct timespec" >&5
+echo $ECHO_N "checking for struct timespec... $ECHO_C" >&6
+if test "${ac_cv_type_struct_timespec+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+#line $LINENO "configure"
+#include "confdefs.h"
+$ac_includes_default
+#ifdef F77_DUMMY_MAIN
+# ifdef __cplusplus
+ extern "C"
+# endif
+ int F77_DUMMY_MAIN() { return 1; }
+#endif
+int
+main ()
+{
+if ((struct timespec *) 0)
+ return 0;
+if (sizeof (struct timespec))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -s conftest.$ac_objext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_type_struct_timespec=yes
+else
+ echo "$as_me: failed program was:" >&5
+cat conftest.$ac_ext >&5
+ac_cv_type_struct_timespec=no
+fi
+rm -f conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_struct_timespec" >&5
+echo "${ECHO_T}$ac_cv_type_struct_timespec" >&6
+if test $ac_cv_type_struct_timespec = yes; then
+
+cat >>confdefs.h <<_ACEOF
+@%:@define HAVE_STRUCT_TIMESPEC 1
+_ACEOF
+
+
+fi
+
+
+# We need int64_t or else certian parts of the compile will fail.
if test "x$ac_cv_have_int64_t" = "xno" -a \
"x$ac_cv_sizeof_long_int" != "x8" -a \
"x$ac_cv_sizeof_long_long_int" = "x0" ; then
- NO_SFTP='#'
+ echo "OpenSSH requires int64_t support. Contact your vendor or install"
+ echo "an alternative compiler (I.E., GCC) before continuing."
+ echo ""
+ exit 1;
else
if test "$cross_compiling" = yes; then
{ { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5
fi
-
# look for field 'ut_host' in header 'utmp.h'
ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'`
ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host
fi;
+STRIP_OPT=-s
+# Check whether --enable-strip or --disable-strip was given.
+if test "${enable_strip+set}" = set; then
+ enableval="$enable_strip"
+
+ if test "x$enableval" = "xno" ; then
+ STRIP_OPT=
+ fi
+
+
+fi;
+
+
if test -z "$xauth_path" ; then
XAUTH_PATH="undefined"
# include <paths.h>
#endif
#ifndef _PATH_STDPATH
-# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
+# ifdef _PATH_USERPATH /* Irix */
+# define _PATH_STDPATH _PATH_USERPATH
+# else
+# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
+# endif
#endif
#include <sys/types.h>
#include <sys/stat.h>
s,@INSTALL_DATA@,$INSTALL_DATA,;t t
s,@AR@,$AR,;t t
s,@PERL@,$PERL,;t t
+s,@SED@,$SED,;t t
s,@ENT@,$ENT,;t t
s,@TEST_MINUS_S_SH@,$TEST_MINUS_S_SH,;t t
s,@SH@,$SH,;t t
s,@PROG_IPCS@,$PROG_IPCS,;t t
s,@PROG_TAIL@,$PROG_TAIL,;t t
s,@INSTALL_SSH_PRNG_CMDS@,$INSTALL_SSH_PRNG_CMDS,;t t
-s,@NO_SFTP@,$NO_SFTP,;t t
s,@OPENSC_CONFIG@,$OPENSC_CONFIG,;t t
s,@PRIVSEP_PATH@,$PRIVSEP_PATH,;t t
s,@xauth_path@,$xauth_path,;t t
+s,@STRIP_OPT@,$STRIP_OPT,;t t
s,@XAUTH_PATH@,$XAUTH_PATH,;t t
s,@NROFF@,$NROFF,;t t
s,@MANTYPE@,$MANTYPE,;t t
echo ""
fi
-if test ! -z "$NO_SFTP"; then
- echo "sftp-server will be disabled. Your compiler does not "
- echo "support 64bit integers."
- echo ""
-fi
-
if test ! -z "$RAND_HELPER_CMDHASH" ; then
echo "WARNING: you are using the builtin random number collection "
echo "service. Please read WARNING.RNG and request that your OS "
'0',
1,
[
- '/usr/share/autoconf-2.53'
+ '/usr/share/autoconf'
],
[
- '--reload-state=/usr/share/autoconf-2.53/autoconf/autoconf.m4f',
+ '--reload-state=/usr/share/autoconf/autoconf/autoconf.m4f',
'aclocal.m4',
'configure.ac'
],
{
- 'AC_HEADER_STAT' => 1,
- 'AC_FUNC_STRFTIME' => 1,
- 'AC_PROG_RANLIB' => 1,
- 'AC_FUNC_WAIT3' => 1,
- 'AC_FUNC_SETPGRP' => 1,
+ 'm4_pattern_forbid' => 1,
+ 'AC_TYPE_OFF_T' => 1,
+ 'AC_PROG_LIBTOOL' => 1,
+ 'AC_FUNC_STAT' => 1,
'AC_HEADER_TIME' => 1,
- 'AC_FUNC_SETVBUF_REVERSED' => 1,
- 'AC_HEADER_SYS_WAIT' => 1,
+ 'AC_FUNC_WAIT3' => 1,
+ 'AC_STRUCT_TM' => 1,
+ 'AC_FUNC_LSTAT' => 1,
+ 'AC_TYPE_MODE_T' => 1,
+ 'AC_FUNC_STRTOD' => 1,
+ 'AC_CHECK_HEADERS' => 1,
+ 'AC_PROG_CXX' => 1,
+ 'AC_PATH_X' => 1,
+ 'AC_PROG_AWK' => 1,
+ 'AC_HEADER_STDC' => 1,
+ 'AC_HEADER_MAJOR' => 1,
+ 'AC_FUNC_ERROR_AT_LINE' => 1,
+ 'AC_PROG_GCC_TRADITIONAL' => 1,
+ 'AC_LIBSOURCE' => 1,
+ 'AC_STRUCT_ST_BLOCKS' => 1,
+ 'AC_TYPE_SIGNAL' => 1,
'AC_TYPE_UID_T' => 1,
- 'AM_CONDITIONAL' => 1,
- 'AC_CHECK_LIB' => 1,
- 'AC_PROG_LN_S' => 1,
- 'AC_FUNC_MEMCMP' => 1,
+ 'AC_PROG_MAKE_SET' => 1,
+ 'm4_pattern_allow' => 1,
+ 'AC_DEFINE_TRACE_LITERAL' => 1,
+ 'AM_PROG_LIBTOOL' => 1,
+ 'AC_FUNC_STRERROR_R' => 1,
+ 'AC_PROG_CC' => 1,
+ 'AC_DECL_SYS_SIGLIST' => 1,
'AC_FUNC_FORK' => 1,
- 'AC_FUNC_GETGROUPS' => 1,
- 'AC_HEADER_MAJOR' => 1,
- 'AC_FUNC_STRTOD' => 1,
- 'AC_HEADER_DIRENT' => 1,
- 'AC_FUNC_UTIME_NULL' => 1,
- 'AC_CONFIG_FILES' => 1,
- 'AC_FUNC_ALLOCA' => 1,
- 'AC_C_CONST' => 1,
- 'include' => 1,
- 'AC_FUNC_OBSTACK' => 1,
- 'AC_FUNC_LSTAT' => 1,
+ 'AC_FUNC_VPRINTF' => 1,
+ 'AC_FUNC_STRCOLL' => 1,
+ 'AC_PROG_YACC' => 1,
+ 'AC_INIT' => 1,
'AC_STRUCT_TIMEZONE' => 1,
+ 'AC_FUNC_CHOWN' => 1,
+ 'AC_SUBST' => 1,
+ 'AC_FUNC_ALLOCA' => 1,
'AC_FUNC_GETPGRP' => 1,
- 'AC_DEFINE_TRACE_LITERAL' => 1,
- 'AC_CHECK_HEADERS' => 1,
- 'AC_TYPE_MODE_T' => 1,
+ 'AC_PROG_RANLIB' => 1,
+ 'AC_FUNC_SETPGRP' => 1,
+ 'AC_CONFIG_SUBDIRS' => 1,
+ 'AC_FUNC_MMAP' => 1,
+ 'AC_TYPE_SIZE_T' => 1,
'AC_CHECK_TYPES' => 1,
- 'AC_PROG_YACC' => 1,
+ 'AC_FUNC_UTIME_NULL' => 1,
+ 'AC_FUNC_STRFTIME' => 1,
+ 'AC_HEADER_STAT' => 1,
+ 'AC_C_INLINE' => 1,
+ 'AC_PROG_CPP' => 1,
+ 'AC_C_CONST' => 1,
+ 'AC_PROG_LEX' => 1,
'AC_TYPE_PID_T' => 1,
- 'AC_FUNC_STRERROR_R' => 1,
- 'AC_STRUCT_ST_BLOCKS' => 1,
- 'AC_PROG_GCC_TRADITIONAL' => 1,
- 'AC_TYPE_SIGNAL' => 1,
- 'AM_PROG_LIBTOOL' => 1,
+ 'AC_CONFIG_FILES' => 1,
+ 'include' => 1,
+ 'AC_FUNC_SETVBUF_REVERSED' => 1,
'AC_FUNC_FNMATCH' => 1,
- 'AC_PROG_CPP' => 1,
- 'AC_FUNC_STAT' => 1,
'AC_PROG_INSTALL' => 1,
'AM_GNU_GETTEXT' => 1,
- 'AC_CONFIG_SUBDIRS' => 1,
- 'AC_FUNC_STRCOLL' => 1,
- 'AC_LIBSOURCE' => 1,
- 'AC_C_INLINE' => 1,
- 'AC_FUNC_CHOWN' => 1,
- 'AC_INIT' => 1,
- 'AC_PROG_LEX' => 1,
- 'AH_OUTPUT' => 1,
- 'AC_HEADER_STDC' => 1,
+ 'AC_FUNC_OBSTACK' => 1,
+ 'AC_CHECK_LIB' => 1,
+ 'AC_FUNC_MALLOC' => 1,
+ 'AC_FUNC_GETGROUPS' => 1,
'AC_FUNC_GETLOADAVG' => 1,
- 'AC_CHECK_FUNCS' => 1,
- 'AC_TYPE_SIZE_T' => 1,
- 'AC_DECL_SYS_SIGLIST' => 1,
+ 'AH_OUTPUT' => 1,
+ 'AC_FUNC_FSEEKO' => 1,
'AC_FUNC_MKTIME' => 1,
- 'AC_PROG_MAKE_SET' => 1,
- 'AC_PROG_CXX' => 1,
- 'm4_pattern_allow' => 1,
- 'm4_include' => 1,
- 'm4_pattern_forbid' => 1,
- 'AC_PROG_AWK' => 1,
- 'AC_FUNC_VPRINTF' => 1,
+ 'AM_CONDITIONAL' => 1,
'AC_CONFIG_HEADERS' => 1,
- 'AC_PATH_X' => 1,
- 'AC_TYPE_OFF_T' => 1,
- 'AC_FUNC_MALLOC' => 1,
- 'AC_FUNC_ERROR_AT_LINE' => 1,
- 'AC_FUNC_FSEEKO' => 1,
- 'AC_FUNC_MMAP' => 1,
- 'AC_STRUCT_TM' => 1,
- 'AC_SUBST' => 1,
- 'AC_PROG_LIBTOOL' => 1,
- 'AC_PROG_CC' => 1
+ 'AC_HEADER_SYS_WAIT' => 1,
+ 'AC_PROG_LN_S' => 1,
+ 'AC_FUNC_MEMCMP' => 1,
+ 'm4_include' => 1,
+ 'AC_HEADER_DIRENT' => 1,
+ 'AC_CHECK_FUNCS' => 1
}
], 'Request' )
);
m4trace:configure.ac:14: -1- AC_SUBST([INSTALL_DATA])
m4trace:configure.ac:15: -1- AC_SUBST([AR], [$ac_cv_path_AR])
m4trace:configure.ac:16: -1- AC_SUBST([PERL], [$ac_cv_path_PERL])
-m4trace:configure.ac:17: -1- AC_SUBST([PERL])
-m4trace:configure.ac:18: -1- AC_SUBST([ENT], [$ac_cv_path_ENT])
-m4trace:configure.ac:19: -1- AC_SUBST([ENT])
-m4trace:configure.ac:20: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH])
+m4trace:configure.ac:17: -1- AC_SUBST([SED], [$ac_cv_path_SED])
+m4trace:configure.ac:18: -1- AC_SUBST([PERL])
+m4trace:configure.ac:19: -1- AC_SUBST([ENT], [$ac_cv_path_ENT])
+m4trace:configure.ac:20: -1- AC_SUBST([ENT])
m4trace:configure.ac:21: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH])
m4trace:configure.ac:22: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH])
-m4trace:configure.ac:23: -1- AC_SUBST([SH], [$ac_cv_path_SH])
-m4trace:configure.ac:26: -1- AC_DEFINE_TRACE_LITERAL([_FILE_OFFSET_BITS])
-m4trace:configure.ac:26: -1- AH_OUTPUT([_FILE_OFFSET_BITS], [/* Number of bits in a file offset, on hosts where this is settable. */
+m4trace:configure.ac:23: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH])
+m4trace:configure.ac:24: -1- AC_SUBST([SH], [$ac_cv_path_SH])
+m4trace:configure.ac:27: -1- AC_DEFINE_TRACE_LITERAL([_FILE_OFFSET_BITS])
+m4trace:configure.ac:27: -1- AH_OUTPUT([_FILE_OFFSET_BITS], [/* Number of bits in a file offset, on hosts where this is settable. */
#undef _FILE_OFFSET_BITS])
-m4trace:configure.ac:26: -1- AC_DEFINE_TRACE_LITERAL([_LARGE_FILES])
-m4trace:configure.ac:26: -1- AH_OUTPUT([_LARGE_FILES], [/* Define for large files, on AIX-style hosts. */
+m4trace:configure.ac:27: -1- AC_DEFINE_TRACE_LITERAL([_LARGE_FILES])
+m4trace:configure.ac:27: -1- AH_OUTPUT([_LARGE_FILES], [/* Define for large files, on AIX-style hosts. */
#undef _LARGE_FILES])
-m4trace:configure.ac:34: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_PROGRAM_FALLBACK])
-m4trace:configure.ac:37: -1- AC_SUBST([LOGIN_PROGRAM_FALLBACK], [$ac_cv_path_LOGIN_PROGRAM_FALLBACK])
-m4trace:configure.ac:39: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_PROGRAM_FALLBACK])
-m4trace:configure.ac:46: -1- AC_SUBST([LD])
-m4trace:configure.ac:48: -1- AC_C_INLINE
-m4trace:configure.ac:48: -1- AC_DEFINE_TRACE_LITERAL([inline])
-m4trace:configure.ac:48: -1- AH_OUTPUT([inline], [/* Define as \`__inline' if that's what the C compiler calls it, or to nothing
+m4trace:configure.ac:35: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_PROGRAM_FALLBACK])
+m4trace:configure.ac:38: -1- AC_SUBST([LOGIN_PROGRAM_FALLBACK], [$ac_cv_path_LOGIN_PROGRAM_FALLBACK])
+m4trace:configure.ac:40: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_PROGRAM_FALLBACK])
+m4trace:configure.ac:47: -1- AC_SUBST([LD])
+m4trace:configure.ac:49: -1- AC_C_INLINE
+m4trace:configure.ac:49: -1- AC_DEFINE_TRACE_LITERAL([inline])
+m4trace:configure.ac:49: -1- AH_OUTPUT([inline], [/* Define as \`__inline' if that's what the C compiler calls it, or to nothing
if it is not supported. */
#undef inline])
-m4trace:configure.ac:48: -1- AC_DEFINE_TRACE_LITERAL([inline])
-m4trace:configure.ac:78: -1- AC_DEFINE_TRACE_LITERAL([WITH_AIXAUTHENTICATE])
-m4trace:configure.ac:78: -1- AC_CHECK_LIB([s], [authenticate], [ AC_DEFINE(WITH_AIXAUTHENTICATE)
+m4trace:configure.ac:49: -1- AC_DEFINE_TRACE_LITERAL([inline])
+m4trace:configure.ac:79: -1- AC_DEFINE_TRACE_LITERAL([WITH_AIXAUTHENTICATE])
+m4trace:configure.ac:79: -1- AC_CHECK_LIB([s], [authenticate], [ AC_DEFINE(WITH_AIXAUTHENTICATE)
LIBS="$LIBS -ls"
])
-m4trace:configure.ac:78: -1- AC_DEFINE_TRACE_LITERAL([WITH_AIXAUTHENTICATE])
-m4trace:configure.ac:79: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_GETADDRINFO])
-m4trace:configure.ac:80: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_REALPATH])
-m4trace:configure.ac:82: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG])
-m4trace:configure.ac:83: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
-m4trace:configure.ac:87: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CYGWIN])
-m4trace:configure.ac:88: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:89: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
-m4trace:configure.ac:90: -1- AC_DEFINE_TRACE_LITERAL([IPV4_DEFAULT])
-m4trace:configure.ac:91: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN])
-m4trace:configure.ac:92: -1- AC_DEFINE_TRACE_LITERAL([NO_X11_UNIX_SOCKETS])
-m4trace:configure.ac:93: -1- AC_DEFINE_TRACE_LITERAL([NO_IPPORT_RESERVED_CONCEPT])
-m4trace:configure.ac:94: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING])
-m4trace:configure.ac:95: -1- AC_DEFINE_TRACE_LITERAL([SETGROUPS_NOOP])
-m4trace:configure.ac:98: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN])
-m4trace:configure.ac:110: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_GETADDRINFO])
-m4trace:configure.ac:118: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE])
-m4trace:configure.ac:119: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:120: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT])
-m4trace:configure.ac:121: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
-m4trace:configure.ac:122: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
-m4trace:configure.ac:123: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
-m4trace:configure.ac:124: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE])
-m4trace:configure.ac:126: -1- AC_CHECK_LIB([xnet], [t_error], [], [{ { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5
+m4trace:configure.ac:79: -1- AC_DEFINE_TRACE_LITERAL([WITH_AIXAUTHENTICATE])
+m4trace:configure.ac:80: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_GETADDRINFO])
+m4trace:configure.ac:81: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_REALPATH])
+m4trace:configure.ac:83: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG])
+m4trace:configure.ac:84: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
+m4trace:configure.ac:85: -1- AC_DEFINE_TRACE_LITERAL([SETPROCTITLE_STRATEGY])
+m4trace:configure.ac:86: -1- AC_DEFINE_TRACE_LITERAL([SETPROCTITLE_PS_PADDING])
+m4trace:configure.ac:91: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CYGWIN])
+m4trace:configure.ac:92: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
+m4trace:configure.ac:93: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
+m4trace:configure.ac:94: -1- AC_DEFINE_TRACE_LITERAL([IPV4_DEFAULT])
+m4trace:configure.ac:95: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN])
+m4trace:configure.ac:96: -1- AC_DEFINE_TRACE_LITERAL([NO_X11_UNIX_SOCKETS])
+m4trace:configure.ac:97: -1- AC_DEFINE_TRACE_LITERAL([NO_IPPORT_RESERVED_CONCEPT])
+m4trace:configure.ac:98: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING])
+m4trace:configure.ac:99: -1- AC_DEFINE_TRACE_LITERAL([SETGROUPS_NOOP])
+m4trace:configure.ac:102: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN])
+m4trace:configure.ac:114: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_GETADDRINFO])
+m4trace:configure.ac:122: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE])
+m4trace:configure.ac:123: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
+m4trace:configure.ac:124: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT])
+m4trace:configure.ac:125: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
+m4trace:configure.ac:126: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
+m4trace:configure.ac:127: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
+m4trace:configure.ac:128: -1- AC_DEFINE_TRACE_LITERAL([SETPROCTITLE_STRATEGY])
+m4trace:configure.ac:130: -1- AC_CHECK_LIB([xnet], [t_error], [], [{ { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5
echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;}
{ (exit 1); exit 1; }; }])
-m4trace:configure.ac:126: -1- AH_OUTPUT([HAVE_LIBXNET], [/* Define to 1 if you have the \`xnet' library (-lxnet). */
+m4trace:configure.ac:130: -1- AH_OUTPUT([HAVE_LIBXNET], [/* Define to 1 if you have the \`xnet' library (-lxnet). */
#undef HAVE_LIBXNET])
-m4trace:configure.ac:126: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBXNET])
-m4trace:configure.ac:135: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:136: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT])
-m4trace:configure.ac:137: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
-m4trace:configure.ac:138: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
-m4trace:configure.ac:139: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
-m4trace:configure.ac:140: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE])
-m4trace:configure.ac:142: -1- AC_CHECK_LIB([xnet], [t_error], [], [{ { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5
+m4trace:configure.ac:130: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBXNET])
+m4trace:configure.ac:139: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
+m4trace:configure.ac:140: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT])
+m4trace:configure.ac:141: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
+m4trace:configure.ac:142: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
+m4trace:configure.ac:143: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
+m4trace:configure.ac:144: -1- AC_DEFINE_TRACE_LITERAL([SETPROCTITLE_STRATEGY])
+m4trace:configure.ac:146: -1- AC_CHECK_LIB([xnet], [t_error], [], [{ { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5
echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;}
{ (exit 1); exit 1; }; }])
-m4trace:configure.ac:142: -1- AH_OUTPUT([HAVE_LIBXNET], [/* Define to 1 if you have the \`xnet' library (-lxnet). */
+m4trace:configure.ac:146: -1- AH_OUTPUT([HAVE_LIBXNET], [/* Define to 1 if you have the \`xnet' library (-lxnet). */
#undef HAVE_LIBXNET])
-m4trace:configure.ac:142: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBXNET])
-m4trace:configure.ac:147: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE])
-m4trace:configure.ac:148: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:149: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT])
-m4trace:configure.ac:150: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
-m4trace:configure.ac:151: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
-m4trace:configure.ac:152: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
-m4trace:configure.ac:153: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE])
-m4trace:configure.ac:155: -1- AC_CHECK_LIB([xnet], [t_error], [], [{ { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5
+m4trace:configure.ac:146: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBXNET])
+m4trace:configure.ac:151: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE])
+m4trace:configure.ac:152: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
+m4trace:configure.ac:153: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT])
+m4trace:configure.ac:154: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
+m4trace:configure.ac:155: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
+m4trace:configure.ac:156: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
+m4trace:configure.ac:157: -1- AC_DEFINE_TRACE_LITERAL([SETPROCTITLE_STRATEGY])
+m4trace:configure.ac:159: -1- AC_CHECK_LIB([xnet], [t_error], [], [{ { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5
echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;}
{ (exit 1); exit 1; }; }])
-m4trace:configure.ac:155: -1- AH_OUTPUT([HAVE_LIBXNET], [/* Define to 1 if you have the \`xnet' library (-lxnet). */
+m4trace:configure.ac:159: -1- AH_OUTPUT([HAVE_LIBXNET], [/* Define to 1 if you have the \`xnet' library (-lxnet). */
#undef HAVE_LIBXNET])
-m4trace:configure.ac:155: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBXNET])
-m4trace:configure.ac:161: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_INET_NTOA])
-m4trace:configure.ac:162: -1- AC_DEFINE_TRACE_LITERAL([WITH_ABBREV_NO_TTY])
-m4trace:configure.ac:168: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_ARRAY])
-m4trace:configure.ac:169: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_PROJECT])
-m4trace:configure.ac:170: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_AUDIT])
-m4trace:configure.ac:171: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_JOBS])
-m4trace:configure.ac:172: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_INET_NTOA])
-m4trace:configure.ac:173: -1- AC_DEFINE_TRACE_LITERAL([WITH_ABBREV_NO_TTY])
-m4trace:configure.ac:178: -1- AC_DEFINE_TRACE_LITERAL([DONT_TRY_OTHER_AF])
-m4trace:configure.ac:179: -1- AC_DEFINE_TRACE_LITERAL([PAM_TTY_KLUDGE])
-m4trace:configure.ac:183: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NEWS4])
-m4trace:configure.ac:198: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NEXT])
-m4trace:configure.ac:199: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_REALPATH])
-m4trace:configure.ac:200: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:201: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SAVED_UIDS])
-m4trace:configure.ac:209: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE])
-m4trace:configure.ac:210: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
-m4trace:configure.ac:211: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_TERM])
-m4trace:configure.ac:212: -1- AC_DEFINE_TRACE_LITERAL([PAM_TTY_KLUDGE])
-m4trace:configure.ac:219: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
-m4trace:configure.ac:220: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP])
-m4trace:configure.ac:227: -1- AC_CHECK_FUNCS([getpwanam])
-m4trace:configure.ac:227: -1- AH_OUTPUT([HAVE_GETPWANAM], [/* Define to 1 if you have the \`getpwanam' function. */
+m4trace:configure.ac:159: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBXNET])
+m4trace:configure.ac:165: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_INET_NTOA])
+m4trace:configure.ac:166: -1- AC_DEFINE_TRACE_LITERAL([WITH_ABBREV_NO_TTY])
+m4trace:configure.ac:172: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_ARRAY])
+m4trace:configure.ac:173: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_PROJECT])
+m4trace:configure.ac:174: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_AUDIT])
+m4trace:configure.ac:175: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_JOBS])
+m4trace:configure.ac:176: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_INET_NTOA])
+m4trace:configure.ac:177: -1- AC_DEFINE_TRACE_LITERAL([WITH_ABBREV_NO_TTY])
+m4trace:configure.ac:182: -1- AC_DEFINE_TRACE_LITERAL([DONT_TRY_OTHER_AF])
+m4trace:configure.ac:183: -1- AC_DEFINE_TRACE_LITERAL([PAM_TTY_KLUDGE])
+m4trace:configure.ac:184: -1- AC_DEFINE_TRACE_LITERAL([SETPROCTITLE_STRATEGY])
+m4trace:configure.ac:185: -1- AC_DEFINE_TRACE_LITERAL([SETPROCTITLE_PS_PADDING])
+m4trace:configure.ac:189: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NEWS4])
+m4trace:configure.ac:204: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NEXT])
+m4trace:configure.ac:205: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_REALPATH])
+m4trace:configure.ac:206: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
+m4trace:configure.ac:207: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SAVED_UIDS])
+m4trace:configure.ac:215: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE])
+m4trace:configure.ac:216: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
+m4trace:configure.ac:217: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_TERM])
+m4trace:configure.ac:218: -1- AC_DEFINE_TRACE_LITERAL([PAM_TTY_KLUDGE])
+m4trace:configure.ac:219: -1- AC_DEFINE_TRACE_LITERAL([STREAMS_PUSH_ACQUIRES_CTTY])
+m4trace:configure.ac:226: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
+m4trace:configure.ac:227: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP])
+m4trace:configure.ac:234: -1- AC_CHECK_FUNCS([getpwanam])
+m4trace:configure.ac:234: -1- AH_OUTPUT([HAVE_GETPWANAM], [/* Define to 1 if you have the \`getpwanam' function. */
#undef HAVE_GETPWANAM])
-m4trace:configure.ac:228: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE])
-m4trace:configure.ac:232: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:238: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
+m4trace:configure.ac:235: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE])
+m4trace:configure.ac:239: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
m4trace:configure.ac:245: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:246: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN])
-m4trace:configure.ac:254: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:259: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:271: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SYS_TERMIO_H])
-m4trace:configure.ac:272: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:273: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE])
-m4trace:configure.ac:274: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
-m4trace:configure.ac:275: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SAVED_UIDS])
-m4trace:configure.ac:276: -1- AC_CHECK_FUNCS([getluid setluid])
-m4trace:configure.ac:276: -1- AH_OUTPUT([HAVE_GETLUID], [/* Define to 1 if you have the \`getluid' function. */
+m4trace:configure.ac:252: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
+m4trace:configure.ac:253: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN])
+m4trace:configure.ac:261: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
+m4trace:configure.ac:266: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
+m4trace:configure.ac:278: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SYS_TERMIO_H])
+m4trace:configure.ac:279: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
+m4trace:configure.ac:280: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE])
+m4trace:configure.ac:281: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
+m4trace:configure.ac:282: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SAVED_UIDS])
+m4trace:configure.ac:283: -1- AC_CHECK_FUNCS([getluid setluid])
+m4trace:configure.ac:283: -1- AH_OUTPUT([HAVE_GETLUID], [/* Define to 1 if you have the \`getluid' function. */
#undef HAVE_GETLUID])
-m4trace:configure.ac:276: -1- AH_OUTPUT([HAVE_SETLUID], [/* Define to 1 if you have the \`setluid' function. */
+m4trace:configure.ac:283: -1- AH_OUTPUT([HAVE_SETLUID], [/* Define to 1 if you have the \`setluid' function. */
#undef HAVE_SETLUID])
-m4trace:configure.ac:285: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:286: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE])
-m4trace:configure.ac:287: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
-m4trace:configure.ac:288: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING])
-m4trace:configure.ac:289: -1- AC_CHECK_FUNCS([getluid setluid])
-m4trace:configure.ac:289: -1- AH_OUTPUT([HAVE_GETLUID], [/* Define to 1 if you have the \`getluid' function. */
+m4trace:configure.ac:295: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
+m4trace:configure.ac:296: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE])
+m4trace:configure.ac:297: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
+m4trace:configure.ac:298: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING])
+m4trace:configure.ac:299: -1- AC_CHECK_FUNCS([getluid setluid])
+m4trace:configure.ac:299: -1- AH_OUTPUT([HAVE_GETLUID], [/* Define to 1 if you have the \`getluid' function. */
#undef HAVE_GETLUID])
-m4trace:configure.ac:289: -1- AH_OUTPUT([HAVE_SETLUID], [/* Define to 1 if you have the \`setluid' function. */
+m4trace:configure.ac:299: -1- AH_OUTPUT([HAVE_SETLUID], [/* Define to 1 if you have the \`setluid' function. */
#undef HAVE_SETLUID])
-m4trace:configure.ac:295: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:296: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING])
-m4trace:configure.ac:304: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:305: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING])
-m4trace:configure.ac:306: -1- AC_DEFINE_TRACE_LITERAL([NO_SSH_LASTLOG])
-m4trace:configure.ac:326: -1- AC_DEFINE_TRACE_LITERAL([HAVE_OSF_SIA])
-m4trace:configure.ac:327: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LOGIN])
-m4trace:configure.ac:336: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
-m4trace:configure.ac:337: -1- AC_DEFINE_TRACE_LITERAL([NO_X11_UNIX_SOCKETS])
-m4trace:configure.ac:338: -1- AC_DEFINE_TRACE_LITERAL([MISSING_NFDBITS])
-m4trace:configure.ac:339: -1- AC_DEFINE_TRACE_LITERAL([MISSING_HOWMANY])
-m4trace:configure.ac:340: -1- AC_DEFINE_TRACE_LITERAL([MISSING_FD_MASK])
-m4trace:configure.ac:388: -1- AC_CHECK_HEADERS([bstring.h crypt.h endian.h floatingpoint.h \
- getopt.h glob.h ia.h lastlog.h limits.h login.h \
+m4trace:configure.ac:303: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
+m4trace:configure.ac:304: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING])
+m4trace:configure.ac:310: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
+m4trace:configure.ac:311: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING])
+m4trace:configure.ac:312: -1- AC_DEFINE_TRACE_LITERAL([NO_SSH_LASTLOG])
+m4trace:configure.ac:332: -1- AC_DEFINE_TRACE_LITERAL([HAVE_OSF_SIA])
+m4trace:configure.ac:333: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LOGIN])
+m4trace:configure.ac:334: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING])
+m4trace:configure.ac:340: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING])
+m4trace:configure.ac:344: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
+m4trace:configure.ac:345: -1- AC_DEFINE_TRACE_LITERAL([NO_X11_UNIX_SOCKETS])
+m4trace:configure.ac:346: -1- AC_DEFINE_TRACE_LITERAL([MISSING_NFDBITS])
+m4trace:configure.ac:347: -1- AC_DEFINE_TRACE_LITERAL([MISSING_HOWMANY])
+m4trace:configure.ac:348: -1- AC_DEFINE_TRACE_LITERAL([MISSING_FD_MASK])
+m4trace:configure.ac:396: -1- AC_CHECK_HEADERS([bstring.h crypt.h endian.h floatingpoint.h \
+ getopt.h glob.h ia.h lastlog.h libgen.h limits.h login.h \
login_cap.h maillock.h netdb.h netgroup.h \
netinet/in_systm.h paths.h pty.h readpassphrase.h \
rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
- sys/mman.h sys/select.h sys/stat.h \
- sys/stropts.h sys/sysmacros.h sys/time.h \
+ sys/mman.h sys/pstat.h sys/select.h sys/stat.h \
+ sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
sys/un.h time.h tmpdir.h ttyent.h usersec.h \
util.h utime.h utmp.h utmpx.h])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_BSTRING_H], [/* Define to 1 if you have the <bstring.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_BSTRING_H], [/* Define to 1 if you have the <bstring.h> header file. */
#undef HAVE_BSTRING_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_CRYPT_H], [/* Define to 1 if you have the <crypt.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_CRYPT_H], [/* Define to 1 if you have the <crypt.h> header file. */
#undef HAVE_CRYPT_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_ENDIAN_H], [/* Define to 1 if you have the <endian.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_ENDIAN_H], [/* Define to 1 if you have the <endian.h> header file. */
#undef HAVE_ENDIAN_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_FLOATINGPOINT_H], [/* Define to 1 if you have the <floatingpoint.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_FLOATINGPOINT_H], [/* Define to 1 if you have the <floatingpoint.h> header file. */
#undef HAVE_FLOATINGPOINT_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_GETOPT_H], [/* Define to 1 if you have the <getopt.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_GETOPT_H], [/* Define to 1 if you have the <getopt.h> header file. */
#undef HAVE_GETOPT_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_GLOB_H], [/* Define to 1 if you have the <glob.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_GLOB_H], [/* Define to 1 if you have the <glob.h> header file. */
#undef HAVE_GLOB_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_IA_H], [/* Define to 1 if you have the <ia.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_IA_H], [/* Define to 1 if you have the <ia.h> header file. */
#undef HAVE_IA_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_LASTLOG_H], [/* Define to 1 if you have the <lastlog.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_LASTLOG_H], [/* Define to 1 if you have the <lastlog.h> header file. */
#undef HAVE_LASTLOG_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_LIMITS_H], [/* Define to 1 if you have the <limits.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */
+#undef HAVE_LIBGEN_H])
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_LIMITS_H], [/* Define to 1 if you have the <limits.h> header file. */
#undef HAVE_LIMITS_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_LOGIN_H], [/* Define to 1 if you have the <login.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_LOGIN_H], [/* Define to 1 if you have the <login.h> header file. */
#undef HAVE_LOGIN_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_LOGIN_CAP_H], [/* Define to 1 if you have the <login_cap.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_LOGIN_CAP_H], [/* Define to 1 if you have the <login_cap.h> header file. */
#undef HAVE_LOGIN_CAP_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_MAILLOCK_H], [/* Define to 1 if you have the <maillock.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_MAILLOCK_H], [/* Define to 1 if you have the <maillock.h> header file. */
#undef HAVE_MAILLOCK_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_NETDB_H], [/* Define to 1 if you have the <netdb.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_NETDB_H], [/* Define to 1 if you have the <netdb.h> header file. */
#undef HAVE_NETDB_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_NETGROUP_H], [/* Define to 1 if you have the <netgroup.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_NETGROUP_H], [/* Define to 1 if you have the <netgroup.h> header file. */
#undef HAVE_NETGROUP_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_NETINET_IN_SYSTM_H], [/* Define to 1 if you have the <netinet/in_systm.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_NETINET_IN_SYSTM_H], [/* Define to 1 if you have the <netinet/in_systm.h> header file. */
#undef HAVE_NETINET_IN_SYSTM_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_PATHS_H], [/* Define to 1 if you have the <paths.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_PATHS_H], [/* Define to 1 if you have the <paths.h> header file. */
#undef HAVE_PATHS_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_PTY_H], [/* Define to 1 if you have the <pty.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_PTY_H], [/* Define to 1 if you have the <pty.h> header file. */
#undef HAVE_PTY_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_READPASSPHRASE_H], [/* Define to 1 if you have the <readpassphrase.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_READPASSPHRASE_H], [/* Define to 1 if you have the <readpassphrase.h> header file. */
#undef HAVE_READPASSPHRASE_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_RPC_TYPES_H], [/* Define to 1 if you have the <rpc/types.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_RPC_TYPES_H], [/* Define to 1 if you have the <rpc/types.h> header file. */
#undef HAVE_RPC_TYPES_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SECURITY_PAM_APPL_H], [/* Define to 1 if you have the <security/pam_appl.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SECURITY_PAM_APPL_H], [/* Define to 1 if you have the <security/pam_appl.h> header file. */
#undef HAVE_SECURITY_PAM_APPL_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SHADOW_H], [/* Define to 1 if you have the <shadow.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SHADOW_H], [/* Define to 1 if you have the <shadow.h> header file. */
#undef HAVE_SHADOW_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STDDEF_H], [/* Define to 1 if you have the <stddef.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_STDDEF_H], [/* Define to 1 if you have the <stddef.h> header file. */
#undef HAVE_STDDEF_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */
#undef HAVE_STDINT_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */
#undef HAVE_STRINGS_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_BITYPES_H], [/* Define to 1 if you have the <sys/bitypes.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_BITYPES_H], [/* Define to 1 if you have the <sys/bitypes.h> header file. */
#undef HAVE_SYS_BITYPES_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_BSDTTY_H], [/* Define to 1 if you have the <sys/bsdtty.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_BSDTTY_H], [/* Define to 1 if you have the <sys/bsdtty.h> header file. */
#undef HAVE_SYS_BSDTTY_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_CDEFS_H], [/* Define to 1 if you have the <sys/cdefs.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_CDEFS_H], [/* Define to 1 if you have the <sys/cdefs.h> header file. */
#undef HAVE_SYS_CDEFS_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_MMAN_H], [/* Define to 1 if you have the <sys/mman.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_MMAN_H], [/* Define to 1 if you have the <sys/mman.h> header file. */
#undef HAVE_SYS_MMAN_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_SELECT_H], [/* Define to 1 if you have the <sys/select.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_PSTAT_H], [/* Define to 1 if you have the <sys/pstat.h> header file. */
+#undef HAVE_SYS_PSTAT_H])
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_SELECT_H], [/* Define to 1 if you have the <sys/select.h> header file. */
#undef HAVE_SYS_SELECT_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */
#undef HAVE_SYS_STAT_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_STROPTS_H], [/* Define to 1 if you have the <sys/stropts.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_STROPTS_H], [/* Define to 1 if you have the <sys/stropts.h> header file. */
#undef HAVE_SYS_STROPTS_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_SYSMACROS_H], [/* Define to 1 if you have the <sys/sysmacros.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_SYSMACROS_H], [/* Define to 1 if you have the <sys/sysmacros.h> header file. */
#undef HAVE_SYS_SYSMACROS_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_TIME_H], [/* Define to 1 if you have the <sys/time.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_TIME_H], [/* Define to 1 if you have the <sys/time.h> header file. */
#undef HAVE_SYS_TIME_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_UN_H], [/* Define to 1 if you have the <sys/un.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_TIMERS_H], [/* Define to 1 if you have the <sys/timers.h> header file. */
+#undef HAVE_SYS_TIMERS_H])
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_UN_H], [/* Define to 1 if you have the <sys/un.h> header file. */
#undef HAVE_SYS_UN_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_TIME_H], [/* Define to 1 if you have the <time.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_TIME_H], [/* Define to 1 if you have the <time.h> header file. */
#undef HAVE_TIME_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_TMPDIR_H], [/* Define to 1 if you have the <tmpdir.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_TMPDIR_H], [/* Define to 1 if you have the <tmpdir.h> header file. */
#undef HAVE_TMPDIR_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_TTYENT_H], [/* Define to 1 if you have the <ttyent.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_TTYENT_H], [/* Define to 1 if you have the <ttyent.h> header file. */
#undef HAVE_TTYENT_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_USERSEC_H], [/* Define to 1 if you have the <usersec.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_USERSEC_H], [/* Define to 1 if you have the <usersec.h> header file. */
#undef HAVE_USERSEC_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_UTIL_H], [/* Define to 1 if you have the <util.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_UTIL_H], [/* Define to 1 if you have the <util.h> header file. */
#undef HAVE_UTIL_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_UTIME_H], [/* Define to 1 if you have the <utime.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_UTIME_H], [/* Define to 1 if you have the <utime.h> header file. */
#undef HAVE_UTIME_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_UTMP_H], [/* Define to 1 if you have the <utmp.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_UTMP_H], [/* Define to 1 if you have the <utmp.h> header file. */
#undef HAVE_UTMP_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_UTMPX_H], [/* Define to 1 if you have the <utmpx.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_UTMPX_H], [/* Define to 1 if you have the <utmpx.h> header file. */
#undef HAVE_UTMPX_H])
-m4trace:configure.ac:388: -1- AC_HEADER_STDC
-m4trace:configure.ac:388: -1- AC_DEFINE_TRACE_LITERAL([STDC_HEADERS])
-m4trace:configure.ac:388: -1- AH_OUTPUT([STDC_HEADERS], [/* Define to 1 if you have the ANSI C header files. */
+m4trace:configure.ac:396: -1- AC_HEADER_STDC
+m4trace:configure.ac:396: -1- AC_DEFINE_TRACE_LITERAL([STDC_HEADERS])
+m4trace:configure.ac:396: -1- AH_OUTPUT([STDC_HEADERS], [/* Define to 1 if you have the ANSI C header files. */
#undef STDC_HEADERS])
-m4trace:configure.ac:388: -1- AC_CHECK_HEADERS([sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
+m4trace:configure.ac:396: -1- AC_CHECK_HEADERS([sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
inttypes.h stdint.h unistd.h], [], [], [$ac_includes_default])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_TYPES_H], [/* Define to 1 if you have the <sys/types.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_TYPES_H], [/* Define to 1 if you have the <sys/types.h> header file. */
#undef HAVE_SYS_TYPES_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */
#undef HAVE_SYS_STAT_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
#undef HAVE_STDLIB_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the <string.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the <string.h> header file. */
#undef HAVE_STRING_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_MEMORY_H], [/* Define to 1 if you have the <memory.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_MEMORY_H], [/* Define to 1 if you have the <memory.h> header file. */
#undef HAVE_MEMORY_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */
#undef HAVE_STRINGS_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the <inttypes.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */
#undef HAVE_STDINT_H])
-m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
+m4trace:configure.ac:396: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H])
-m4trace:configure.ac:391: -2- AC_CHECK_LIB([nsl], [yp_match])
-m4trace:configure.ac:391: -2- AH_OUTPUT([HAVE_LIBNSL], [/* Define to 1 if you have the \`nsl' library (-lnsl). */
+m4trace:configure.ac:399: -2- AC_CHECK_LIB([nsl], [yp_match])
+m4trace:configure.ac:399: -2- AH_OUTPUT([HAVE_LIBNSL], [/* Define to 1 if you have the \`nsl' library (-lnsl). */
#undef HAVE_LIBNSL])
-m4trace:configure.ac:391: -2- AC_DEFINE_TRACE_LITERAL([HAVE_LIBNSL])
-m4trace:configure.ac:392: -2- AC_CHECK_LIB([socket], [setsockopt])
-m4trace:configure.ac:392: -2- AH_OUTPUT([HAVE_LIBSOCKET], [/* Define to 1 if you have the \`socket' library (-lsocket). */
+m4trace:configure.ac:399: -2- AC_DEFINE_TRACE_LITERAL([HAVE_LIBNSL])
+m4trace:configure.ac:400: -2- AC_CHECK_LIB([socket], [setsockopt])
+m4trace:configure.ac:400: -2- AH_OUTPUT([HAVE_LIBSOCKET], [/* Define to 1 if you have the \`socket' library (-lsocket). */
#undef HAVE_LIBSOCKET])
-m4trace:configure.ac:392: -2- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSOCKET])
-m4trace:configure.ac:397: -1- AC_CHECK_LIB([rpc], [innetgr], [LIBS="-lrpc -lyp -lrpc $LIBS" ], [], [-lyp -lrpc])
-m4trace:configure.ac:402: -2- AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])
-m4trace:configure.ac:444: -1- AC_CHECK_LIB([z], [deflate], [], [{ { echo "$as_me:$LINENO: error: *** zlib missing - please install first or check config.log ***" >&5
+m4trace:configure.ac:400: -2- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSOCKET])
+m4trace:configure.ac:405: -1- AC_CHECK_LIB([rpc], [innetgr], [LIBS="-lrpc -lyp -lrpc $LIBS" ], [], [-lyp -lrpc])
+m4trace:configure.ac:410: -2- AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])
+m4trace:configure.ac:452: -1- AC_CHECK_LIB([z], [deflate], [], [{ { echo "$as_me:$LINENO: error: *** zlib missing - please install first or check config.log ***" >&5
echo "$as_me: error: *** zlib missing - please install first or check config.log ***" >&2;}
{ (exit 1); exit 1; }; }])
-m4trace:configure.ac:444: -1- AH_OUTPUT([HAVE_LIBZ], [/* Define to 1 if you have the \`z' library (-lz). */
+m4trace:configure.ac:452: -1- AH_OUTPUT([HAVE_LIBZ], [/* Define to 1 if you have the \`z' library (-lz). */
#undef HAVE_LIBZ])
-m4trace:configure.ac:444: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBZ])
-m4trace:configure.ac:449: -1- AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"])
-m4trace:configure.ac:453: -1- AC_CHECK_LIB([c89], [utimes], [AC_DEFINE(HAVE_UTIMES)
+m4trace:configure.ac:452: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBZ])
+m4trace:configure.ac:457: -1- AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"])
+m4trace:configure.ac:461: -1- AC_CHECK_LIB([c89], [utimes], [AC_DEFINE(HAVE_UTIMES)
LIBS="$LIBS -lc89"])
-m4trace:configure.ac:453: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UTIMES])
-m4trace:configure.ac:456: -1- AC_CHECK_HEADERS([libutil.h])
-m4trace:configure.ac:456: -1- AH_OUTPUT([HAVE_LIBUTIL_H], [/* Define to 1 if you have the <libutil.h> header file. */
+m4trace:configure.ac:461: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UTIMES])
+m4trace:configure.ac:464: -1- AC_CHECK_HEADERS([libutil.h])
+m4trace:configure.ac:464: -1- AH_OUTPUT([HAVE_LIBUTIL_H], [/* Define to 1 if you have the <libutil.h> header file. */
#undef HAVE_LIBUTIL_H])
-m4trace:configure.ac:457: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LOGIN])
-m4trace:configure.ac:458: -1- AC_CHECK_FUNCS([logout updwtmp logwtmp])
-m4trace:configure.ac:458: -1- AH_OUTPUT([HAVE_LOGOUT], [/* Define to 1 if you have the \`logout' function. */
+m4trace:configure.ac:465: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LOGIN])
+m4trace:configure.ac:466: -1- AC_CHECK_FUNCS([logout updwtmp logwtmp])
+m4trace:configure.ac:466: -1- AH_OUTPUT([HAVE_LOGOUT], [/* Define to 1 if you have the \`logout' function. */
#undef HAVE_LOGOUT])
-m4trace:configure.ac:458: -1- AH_OUTPUT([HAVE_UPDWTMP], [/* Define to 1 if you have the \`updwtmp' function. */
+m4trace:configure.ac:466: -1- AH_OUTPUT([HAVE_UPDWTMP], [/* Define to 1 if you have the \`updwtmp' function. */
#undef HAVE_UPDWTMP])
-m4trace:configure.ac:458: -1- AH_OUTPUT([HAVE_LOGWTMP], [/* Define to 1 if you have the \`logwtmp' function. */
+m4trace:configure.ac:466: -1- AH_OUTPUT([HAVE_LOGWTMP], [/* Define to 1 if you have the \`logwtmp' function. */
#undef HAVE_LOGWTMP])
-m4trace:configure.ac:460: -1- AC_FUNC_STRFTIME
-m4trace:configure.ac:460: -1- AC_CHECK_FUNCS([strftime], [], [# strftime is in -lintl on SCO UNIX.
+m4trace:configure.ac:468: -1- AC_FUNC_STRFTIME
+m4trace:configure.ac:468: -1- AC_CHECK_FUNCS([strftime], [], [# strftime is in -lintl on SCO UNIX.
AC_CHECK_LIB(intl, strftime,
[AC_DEFINE(HAVE_STRFTIME)
LIBS="-lintl $LIBS"])])
-m4trace:configure.ac:460: -1- AH_OUTPUT([HAVE_STRFTIME], [/* Define to 1 if you have the \`strftime' function. */
+m4trace:configure.ac:468: -1- AH_OUTPUT([HAVE_STRFTIME], [/* Define to 1 if you have the \`strftime' function. */
#undef HAVE_STRFTIME])
-m4trace:configure.ac:460: -1- AC_CHECK_LIB([intl], [strftime], [AC_DEFINE(HAVE_STRFTIME)
+m4trace:configure.ac:468: -1- AC_CHECK_LIB([intl], [strftime], [AC_DEFINE(HAVE_STRFTIME)
LIBS="-lintl $LIBS"])
-m4trace:configure.ac:460: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRFTIME])
-m4trace:configure.ac:478: -1- AC_DEFINE_TRACE_LITERAL([GLOB_HAS_ALTDIRFUNC])
-m4trace:configure.ac:494: -1- AC_DEFINE_TRACE_LITERAL([GLOB_HAS_GL_MATCHC])
-m4trace:configure.ac:508: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_ONE_BYTE_DIRENT_D_NAME])
-m4trace:configure.ac:541: -1- AC_DEFINE_TRACE_LITERAL([SKEY])
-m4trace:configure.ac:595: -1- AC_DEFINE_TRACE_LITERAL([LIBWRAP])
-m4trace:configure.ac:595: -1- AC_SUBST([LIBWRAP])
-m4trace:configure.ac:608: -1- AC_CHECK_FUNCS([arc4random b64_ntop bcopy bindresvport_sa \
- clock fchmod fchown freeaddrinfo futimes gai_strerror \
- getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\
- getrlimit getrusage getttyent glob inet_aton inet_ntoa \
- inet_ntop innetgr login_getcapbool md5_crypt memmove \
- mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \
- realpath recvmsg rresvport_af sendmsg setdtablesize setegid \
- setenv seteuid setgroups setlogin setproctitle setresgid setreuid \
- setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \
- socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \
- truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_ARC4RANDOM], [/* Define to 1 if you have the \`arc4random' function. */
+m4trace:configure.ac:468: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRFTIME])
+m4trace:configure.ac:486: -1- AC_DEFINE_TRACE_LITERAL([GLOB_HAS_ALTDIRFUNC])
+m4trace:configure.ac:502: -1- AC_DEFINE_TRACE_LITERAL([GLOB_HAS_GL_MATCHC])
+m4trace:configure.ac:516: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_ONE_BYTE_DIRENT_D_NAME])
+m4trace:configure.ac:549: -1- AC_DEFINE_TRACE_LITERAL([SKEY])
+m4trace:configure.ac:603: -1- AC_DEFINE_TRACE_LITERAL([LIBWRAP])
+m4trace:configure.ac:603: -1- AC_SUBST([LIBWRAP])
+m4trace:configure.ac:618: -1- AC_CHECK_FUNCS([\
+ arc4random __b64_ntop b64_ntop __b64_pton b64_pton basename bcopy \
+ bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
+ gai_strerror getaddrinfo getcwd getgrouplist getnameinfo getopt \
+ getpeereid _getpty getrlimit getrusage getttyent glob inet_aton \
+ inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
+ mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openpty pstat \
+ readpassphrase realpath recvmsg rresvport_af sendmsg setdtablesize \
+ setegid setenv seteuid setgroups setlogin setpcred setproctitle \
+ setresgid setreuid setrlimit setsid setvbuf sigaction sigvec \
+ snprintf socketpair strerror strlcat strlcpy strmode strnvis \
+ sysconf tcgetpgrp truncate utimes vhangup vsnprintf waitpid \
+])
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_ARC4RANDOM], [/* Define to 1 if you have the \`arc4random' function. */
#undef HAVE_ARC4RANDOM])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_B64_NTOP], [/* Define to 1 if you have the \`b64_ntop' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE___B64_NTOP], [/* Define to 1 if you have the \`__b64_ntop' function. */
+#undef HAVE___B64_NTOP])
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_B64_NTOP], [/* Define to 1 if you have the \`b64_ntop' function. */
#undef HAVE_B64_NTOP])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_BCOPY], [/* Define to 1 if you have the \`bcopy' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE___B64_PTON], [/* Define to 1 if you have the \`__b64_pton' function. */
+#undef HAVE___B64_PTON])
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_B64_PTON], [/* Define to 1 if you have the \`b64_pton' function. */
+#undef HAVE_B64_PTON])
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_BASENAME], [/* Define to 1 if you have the \`basename' function. */
+#undef HAVE_BASENAME])
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_BCOPY], [/* Define to 1 if you have the \`bcopy' function. */
#undef HAVE_BCOPY])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_BINDRESVPORT_SA], [/* Define to 1 if you have the \`bindresvport_sa' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_BINDRESVPORT_SA], [/* Define to 1 if you have the \`bindresvport_sa' function. */
#undef HAVE_BINDRESVPORT_SA])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_CLOCK], [/* Define to 1 if you have the \`clock' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_CLOCK], [/* Define to 1 if you have the \`clock' function. */
#undef HAVE_CLOCK])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_FCHMOD], [/* Define to 1 if you have the \`fchmod' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_FCHMOD], [/* Define to 1 if you have the \`fchmod' function. */
#undef HAVE_FCHMOD])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_FCHOWN], [/* Define to 1 if you have the \`fchown' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_FCHOWN], [/* Define to 1 if you have the \`fchown' function. */
#undef HAVE_FCHOWN])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_FREEADDRINFO], [/* Define to 1 if you have the \`freeaddrinfo' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_FREEADDRINFO], [/* Define to 1 if you have the \`freeaddrinfo' function. */
#undef HAVE_FREEADDRINFO])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_FUTIMES], [/* Define to 1 if you have the \`futimes' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_FUTIMES], [/* Define to 1 if you have the \`futimes' function. */
#undef HAVE_FUTIMES])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GAI_STRERROR], [/* Define to 1 if you have the \`gai_strerror' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GAI_STRERROR], [/* Define to 1 if you have the \`gai_strerror' function. */
#undef HAVE_GAI_STRERROR])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETADDRINFO], [/* Define to 1 if you have the \`getaddrinfo' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETADDRINFO], [/* Define to 1 if you have the \`getaddrinfo' function. */
#undef HAVE_GETADDRINFO])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETCWD], [/* Define to 1 if you have the \`getcwd' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETCWD], [/* Define to 1 if you have the \`getcwd' function. */
#undef HAVE_GETCWD])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETGROUPLIST], [/* Define to 1 if you have the \`getgrouplist' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETGROUPLIST], [/* Define to 1 if you have the \`getgrouplist' function. */
#undef HAVE_GETGROUPLIST])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETNAMEINFO], [/* Define to 1 if you have the \`getnameinfo' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETNAMEINFO], [/* Define to 1 if you have the \`getnameinfo' function. */
#undef HAVE_GETNAMEINFO])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETOPT], [/* Define to 1 if you have the \`getopt' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETOPT], [/* Define to 1 if you have the \`getopt' function. */
#undef HAVE_GETOPT])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETPEEREID], [/* Define to 1 if you have the \`getpeereid' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETPEEREID], [/* Define to 1 if you have the \`getpeereid' function. */
#undef HAVE_GETPEEREID])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETRLIMIT], [/* Define to 1 if you have the \`getrlimit' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE__GETPTY], [/* Define to 1 if you have the \`_getpty' function. */
+#undef HAVE__GETPTY])
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETRLIMIT], [/* Define to 1 if you have the \`getrlimit' function. */
#undef HAVE_GETRLIMIT])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETRUSAGE], [/* Define to 1 if you have the \`getrusage' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETRUSAGE], [/* Define to 1 if you have the \`getrusage' function. */
#undef HAVE_GETRUSAGE])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETTTYENT], [/* Define to 1 if you have the \`getttyent' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GETTTYENT], [/* Define to 1 if you have the \`getttyent' function. */
#undef HAVE_GETTTYENT])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GLOB], [/* Define to 1 if you have the \`glob' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_GLOB], [/* Define to 1 if you have the \`glob' function. */
#undef HAVE_GLOB])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_INET_ATON], [/* Define to 1 if you have the \`inet_aton' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_INET_ATON], [/* Define to 1 if you have the \`inet_aton' function. */
#undef HAVE_INET_ATON])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_INET_NTOA], [/* Define to 1 if you have the \`inet_ntoa' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_INET_NTOA], [/* Define to 1 if you have the \`inet_ntoa' function. */
#undef HAVE_INET_NTOA])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_INET_NTOP], [/* Define to 1 if you have the \`inet_ntop' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_INET_NTOP], [/* Define to 1 if you have the \`inet_ntop' function. */
#undef HAVE_INET_NTOP])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_INNETGR], [/* Define to 1 if you have the \`innetgr' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_INNETGR], [/* Define to 1 if you have the \`innetgr' function. */
#undef HAVE_INNETGR])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_LOGIN_GETCAPBOOL], [/* Define to 1 if you have the \`login_getcapbool' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_LOGIN_GETCAPBOOL], [/* Define to 1 if you have the \`login_getcapbool' function. */
#undef HAVE_LOGIN_GETCAPBOOL])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_MD5_CRYPT], [/* Define to 1 if you have the \`md5_crypt' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_MD5_CRYPT], [/* Define to 1 if you have the \`md5_crypt' function. */
#undef HAVE_MD5_CRYPT])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_MEMMOVE], [/* Define to 1 if you have the \`memmove' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_MEMMOVE], [/* Define to 1 if you have the \`memmove' function. */
#undef HAVE_MEMMOVE])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_MKDTEMP], [/* Define to 1 if you have the \`mkdtemp' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_MKDTEMP], [/* Define to 1 if you have the \`mkdtemp' function. */
#undef HAVE_MKDTEMP])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_MMAP], [/* Define to 1 if you have the \`mmap' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_MMAP], [/* Define to 1 if you have the \`mmap' function. */
#undef HAVE_MMAP])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_NGETADDRINFO], [/* Define to 1 if you have the \`ngetaddrinfo' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_NGETADDRINFO], [/* Define to 1 if you have the \`ngetaddrinfo' function. */
#undef HAVE_NGETADDRINFO])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_OPENPTY], [/* Define to 1 if you have the \`openpty' function. */
-#undef HAVE_OPENPTY])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_OGETADDRINFO], [/* Define to 1 if you have the \`ogetaddrinfo' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_NSLEEP], [/* Define to 1 if you have the \`nsleep' function. */
+#undef HAVE_NSLEEP])
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_OGETADDRINFO], [/* Define to 1 if you have the \`ogetaddrinfo' function. */
#undef HAVE_OGETADDRINFO])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_READPASSPHRASE], [/* Define to 1 if you have the \`readpassphrase' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_OPENPTY], [/* Define to 1 if you have the \`openpty' function. */
+#undef HAVE_OPENPTY])
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_PSTAT], [/* Define to 1 if you have the \`pstat' function. */
+#undef HAVE_PSTAT])
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_READPASSPHRASE], [/* Define to 1 if you have the \`readpassphrase' function. */
#undef HAVE_READPASSPHRASE])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_REALPATH], [/* Define to 1 if you have the \`realpath' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_REALPATH], [/* Define to 1 if you have the \`realpath' function. */
#undef HAVE_REALPATH])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_RECVMSG], [/* Define to 1 if you have the \`recvmsg' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_RECVMSG], [/* Define to 1 if you have the \`recvmsg' function. */
#undef HAVE_RECVMSG])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_RRESVPORT_AF], [/* Define to 1 if you have the \`rresvport_af' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_RRESVPORT_AF], [/* Define to 1 if you have the \`rresvport_af' function. */
#undef HAVE_RRESVPORT_AF])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SENDMSG], [/* Define to 1 if you have the \`sendmsg' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SENDMSG], [/* Define to 1 if you have the \`sendmsg' function. */
#undef HAVE_SENDMSG])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETDTABLESIZE], [/* Define to 1 if you have the \`setdtablesize' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETDTABLESIZE], [/* Define to 1 if you have the \`setdtablesize' function. */
#undef HAVE_SETDTABLESIZE])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETEGID], [/* Define to 1 if you have the \`setegid' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETEGID], [/* Define to 1 if you have the \`setegid' function. */
#undef HAVE_SETEGID])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETENV], [/* Define to 1 if you have the \`setenv' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETENV], [/* Define to 1 if you have the \`setenv' function. */
#undef HAVE_SETENV])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETEUID], [/* Define to 1 if you have the \`seteuid' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETEUID], [/* Define to 1 if you have the \`seteuid' function. */
#undef HAVE_SETEUID])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETGROUPS], [/* Define to 1 if you have the \`setgroups' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETGROUPS], [/* Define to 1 if you have the \`setgroups' function. */
#undef HAVE_SETGROUPS])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETLOGIN], [/* Define to 1 if you have the \`setlogin' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETLOGIN], [/* Define to 1 if you have the \`setlogin' function. */
#undef HAVE_SETLOGIN])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETPROCTITLE], [/* Define to 1 if you have the \`setproctitle' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETPCRED], [/* Define to 1 if you have the \`setpcred' function. */
+#undef HAVE_SETPCRED])
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETPROCTITLE], [/* Define to 1 if you have the \`setproctitle' function. */
#undef HAVE_SETPROCTITLE])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETRESGID], [/* Define to 1 if you have the \`setresgid' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETRESGID], [/* Define to 1 if you have the \`setresgid' function. */
#undef HAVE_SETRESGID])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETREUID], [/* Define to 1 if you have the \`setreuid' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETREUID], [/* Define to 1 if you have the \`setreuid' function. */
#undef HAVE_SETREUID])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETRLIMIT], [/* Define to 1 if you have the \`setrlimit' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETRLIMIT], [/* Define to 1 if you have the \`setrlimit' function. */
#undef HAVE_SETRLIMIT])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETSID], [/* Define to 1 if you have the \`setsid' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETSID], [/* Define to 1 if you have the \`setsid' function. */
#undef HAVE_SETSID])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETPCRED], [/* Define to 1 if you have the \`setpcred' function. */
-#undef HAVE_SETPCRED])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETVBUF], [/* Define to 1 if you have the \`setvbuf' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SETVBUF], [/* Define to 1 if you have the \`setvbuf' function. */
#undef HAVE_SETVBUF])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SIGACTION], [/* Define to 1 if you have the \`sigaction' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SIGACTION], [/* Define to 1 if you have the \`sigaction' function. */
#undef HAVE_SIGACTION])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SIGVEC], [/* Define to 1 if you have the \`sigvec' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SIGVEC], [/* Define to 1 if you have the \`sigvec' function. */
#undef HAVE_SIGVEC])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SNPRINTF], [/* Define to 1 if you have the \`snprintf' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SNPRINTF], [/* Define to 1 if you have the \`snprintf' function. */
#undef HAVE_SNPRINTF])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SOCKETPAIR], [/* Define to 1 if you have the \`socketpair' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SOCKETPAIR], [/* Define to 1 if you have the \`socketpair' function. */
#undef HAVE_SOCKETPAIR])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_STRERROR], [/* Define to 1 if you have the \`strerror' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_STRERROR], [/* Define to 1 if you have the \`strerror' function. */
#undef HAVE_STRERROR])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_STRLCAT], [/* Define to 1 if you have the \`strlcat' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_STRLCAT], [/* Define to 1 if you have the \`strlcat' function. */
#undef HAVE_STRLCAT])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_STRLCPY], [/* Define to 1 if you have the \`strlcpy' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_STRLCPY], [/* Define to 1 if you have the \`strlcpy' function. */
#undef HAVE_STRLCPY])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_STRMODE], [/* Define to 1 if you have the \`strmode' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_STRMODE], [/* Define to 1 if you have the \`strmode' function. */
#undef HAVE_STRMODE])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_STRSEP], [/* Define to 1 if you have the \`strsep' function. */
-#undef HAVE_STRSEP])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SYSCONF], [/* Define to 1 if you have the \`sysconf' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_STRNVIS], [/* Define to 1 if you have the \`strnvis' function. */
+#undef HAVE_STRNVIS])
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_SYSCONF], [/* Define to 1 if you have the \`sysconf' function. */
#undef HAVE_SYSCONF])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_TCGETPGRP], [/* Define to 1 if you have the \`tcgetpgrp' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_TCGETPGRP], [/* Define to 1 if you have the \`tcgetpgrp' function. */
#undef HAVE_TCGETPGRP])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_TRUNCATE], [/* Define to 1 if you have the \`truncate' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_TRUNCATE], [/* Define to 1 if you have the \`truncate' function. */
#undef HAVE_TRUNCATE])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_UTIMES], [/* Define to 1 if you have the \`utimes' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_UTIMES], [/* Define to 1 if you have the \`utimes' function. */
#undef HAVE_UTIMES])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_VHANGUP], [/* Define to 1 if you have the \`vhangup' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_VHANGUP], [/* Define to 1 if you have the \`vhangup' function. */
#undef HAVE_VHANGUP])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_VSNPRINTF], [/* Define to 1 if you have the \`vsnprintf' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_VSNPRINTF], [/* Define to 1 if you have the \`vsnprintf' function. */
#undef HAVE_VSNPRINTF])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_WAITPID], [/* Define to 1 if you have the \`waitpid' function. */
+m4trace:configure.ac:618: -1- AH_OUTPUT([HAVE_WAITPID], [/* Define to 1 if you have the \`waitpid' function. */
#undef HAVE_WAITPID])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE___B64_NTOP], [/* Define to 1 if you have the \`__b64_ntop' function. */
-#undef HAVE___B64_NTOP])
-m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE__GETPTY], [/* Define to 1 if you have the \`_getpty' function. */
-#undef HAVE__GETPTY])
-m4trace:configure.ac:645: -1- AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS(libgen.h) ], [
+m4trace:configure.ac:620: -2- AC_DEFINE_TRACE_LITERAL([HAVE_NANOSLEEP])
+m4trace:configure.ac:623: -1- AC_CHECK_FUNCS([strsep])
+m4trace:configure.ac:623: -1- AH_OUTPUT([HAVE_STRSEP], [/* Define to 1 if you have the \`strsep' function. */
+#undef HAVE_STRSEP])
+m4trace:configure.ac:660: -1- AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS(libgen.h) ], [
AC_CHECK_LIB(gen, dirname,[
AC_CACHE_CHECK([for broken dirname],
ac_cv_have_broken_dirname, [
fi
])
])
-m4trace:configure.ac:645: -1- AH_OUTPUT([HAVE_DIRNAME], [/* Define to 1 if you have the \`dirname' function. */
+m4trace:configure.ac:660: -1- AH_OUTPUT([HAVE_DIRNAME], [/* Define to 1 if you have the \`dirname' function. */
#undef HAVE_DIRNAME])
-m4trace:configure.ac:645: -1- AC_CHECK_HEADERS([libgen.h])
-m4trace:configure.ac:645: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */
+m4trace:configure.ac:660: -1- AC_CHECK_HEADERS([libgen.h])
+m4trace:configure.ac:660: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */
#undef HAVE_LIBGEN_H])
-m4trace:configure.ac:645: -1- AC_CHECK_LIB([gen], [dirname], [
+m4trace:configure.ac:660: -1- AC_CHECK_LIB([gen], [dirname], [
AC_CACHE_CHECK([for broken dirname],
ac_cv_have_broken_dirname, [
save_LIBS="$LIBS"
AC_CHECK_HEADERS(libgen.h)
fi
])
-m4trace:configure.ac:645: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DIRNAME])
-m4trace:configure.ac:645: -1- AC_CHECK_HEADERS([libgen.h])
-m4trace:configure.ac:645: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */
+m4trace:configure.ac:660: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DIRNAME])
+m4trace:configure.ac:660: -1- AC_CHECK_HEADERS([libgen.h])
+m4trace:configure.ac:660: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */
#undef HAVE_LIBGEN_H])
-m4trace:configure.ac:648: -1- AC_CHECK_FUNCS([gettimeofday time])
-m4trace:configure.ac:648: -1- AH_OUTPUT([HAVE_GETTIMEOFDAY], [/* Define to 1 if you have the \`gettimeofday' function. */
+m4trace:configure.ac:663: -1- AC_CHECK_FUNCS([gettimeofday time])
+m4trace:configure.ac:663: -1- AH_OUTPUT([HAVE_GETTIMEOFDAY], [/* Define to 1 if you have the \`gettimeofday' function. */
#undef HAVE_GETTIMEOFDAY])
-m4trace:configure.ac:648: -1- AH_OUTPUT([HAVE_TIME], [/* Define to 1 if you have the \`time' function. */
+m4trace:configure.ac:663: -1- AH_OUTPUT([HAVE_TIME], [/* Define to 1 if you have the \`time' function. */
#undef HAVE_TIME])
-m4trace:configure.ac:650: -1- AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
-m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_ENDUTENT], [/* Define to 1 if you have the \`endutent' function. */
+m4trace:configure.ac:665: -1- AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
+m4trace:configure.ac:665: -1- AH_OUTPUT([HAVE_ENDUTENT], [/* Define to 1 if you have the \`endutent' function. */
#undef HAVE_ENDUTENT])
-m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_GETUTENT], [/* Define to 1 if you have the \`getutent' function. */
+m4trace:configure.ac:665: -1- AH_OUTPUT([HAVE_GETUTENT], [/* Define to 1 if you have the \`getutent' function. */
#undef HAVE_GETUTENT])
-m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_GETUTID], [/* Define to 1 if you have the \`getutid' function. */
+m4trace:configure.ac:665: -1- AH_OUTPUT([HAVE_GETUTID], [/* Define to 1 if you have the \`getutid' function. */
#undef HAVE_GETUTID])
-m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_GETUTLINE], [/* Define to 1 if you have the \`getutline' function. */
+m4trace:configure.ac:665: -1- AH_OUTPUT([HAVE_GETUTLINE], [/* Define to 1 if you have the \`getutline' function. */
#undef HAVE_GETUTLINE])
-m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_PUTUTLINE], [/* Define to 1 if you have the \`pututline' function. */
+m4trace:configure.ac:665: -1- AH_OUTPUT([HAVE_PUTUTLINE], [/* Define to 1 if you have the \`pututline' function. */
#undef HAVE_PUTUTLINE])
-m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_SETUTENT], [/* Define to 1 if you have the \`setutent' function. */
+m4trace:configure.ac:665: -1- AH_OUTPUT([HAVE_SETUTENT], [/* Define to 1 if you have the \`setutent' function. */
#undef HAVE_SETUTENT])
-m4trace:configure.ac:651: -1- AC_CHECK_FUNCS([utmpname])
-m4trace:configure.ac:651: -1- AH_OUTPUT([HAVE_UTMPNAME], [/* Define to 1 if you have the \`utmpname' function. */
+m4trace:configure.ac:666: -1- AC_CHECK_FUNCS([utmpname])
+m4trace:configure.ac:666: -1- AH_OUTPUT([HAVE_UTMPNAME], [/* Define to 1 if you have the \`utmpname' function. */
#undef HAVE_UTMPNAME])
-m4trace:configure.ac:653: -1- AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline pututxline ])
-m4trace:configure.ac:653: -1- AH_OUTPUT([HAVE_ENDUTXENT], [/* Define to 1 if you have the \`endutxent' function. */
+m4trace:configure.ac:668: -1- AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline pututxline ])
+m4trace:configure.ac:668: -1- AH_OUTPUT([HAVE_ENDUTXENT], [/* Define to 1 if you have the \`endutxent' function. */
#undef HAVE_ENDUTXENT])
-m4trace:configure.ac:653: -1- AH_OUTPUT([HAVE_GETUTXENT], [/* Define to 1 if you have the \`getutxent' function. */
+m4trace:configure.ac:668: -1- AH_OUTPUT([HAVE_GETUTXENT], [/* Define to 1 if you have the \`getutxent' function. */
#undef HAVE_GETUTXENT])
-m4trace:configure.ac:653: -1- AH_OUTPUT([HAVE_GETUTXID], [/* Define to 1 if you have the \`getutxid' function. */
+m4trace:configure.ac:668: -1- AH_OUTPUT([HAVE_GETUTXID], [/* Define to 1 if you have the \`getutxid' function. */
#undef HAVE_GETUTXID])
-m4trace:configure.ac:653: -1- AH_OUTPUT([HAVE_GETUTXLINE], [/* Define to 1 if you have the \`getutxline' function. */
+m4trace:configure.ac:668: -1- AH_OUTPUT([HAVE_GETUTXLINE], [/* Define to 1 if you have the \`getutxline' function. */
#undef HAVE_GETUTXLINE])
-m4trace:configure.ac:653: -1- AH_OUTPUT([HAVE_PUTUTXLINE], [/* Define to 1 if you have the \`pututxline' function. */
+m4trace:configure.ac:668: -1- AH_OUTPUT([HAVE_PUTUTXLINE], [/* Define to 1 if you have the \`pututxline' function. */
#undef HAVE_PUTUTXLINE])
-m4trace:configure.ac:654: -1- AC_CHECK_FUNCS([setutxent utmpxname])
-m4trace:configure.ac:654: -1- AH_OUTPUT([HAVE_SETUTXENT], [/* Define to 1 if you have the \`setutxent' function. */
+m4trace:configure.ac:669: -1- AC_CHECK_FUNCS([setutxent utmpxname])
+m4trace:configure.ac:669: -1- AH_OUTPUT([HAVE_SETUTXENT], [/* Define to 1 if you have the \`setutxent' function. */
#undef HAVE_SETUTXENT])
-m4trace:configure.ac:654: -1- AH_OUTPUT([HAVE_UTMPXNAME], [/* Define to 1 if you have the \`utmpxname' function. */
+m4trace:configure.ac:669: -1- AH_OUTPUT([HAVE_UTMPXNAME], [/* Define to 1 if you have the \`utmpxname' function. */
#undef HAVE_UTMPXNAME])
-m4trace:configure.ac:659: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DAEMON])
-m4trace:configure.ac:659: -1- AC_CHECK_LIB([bsd], [daemon], [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])
-m4trace:configure.ac:659: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DAEMON])
-m4trace:configure.ac:664: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETPAGESIZE])
-m4trace:configure.ac:664: -1- AC_CHECK_LIB([ucb], [getpagesize], [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])
-m4trace:configure.ac:664: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETPAGESIZE])
-m4trace:configure.ac:680: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SNPRINTF])
-m4trace:configure.ac:683: -1- AC_FUNC_GETPGRP
-m4trace:configure.ac:683: -1- AC_DEFINE_TRACE_LITERAL([GETPGRP_VOID])
-m4trace:configure.ac:683: -1- AH_OUTPUT([GETPGRP_VOID], [/* Define to 1 if the \`getpgrp' function requires zero arguments. */
+m4trace:configure.ac:674: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DAEMON])
+m4trace:configure.ac:674: -1- AC_CHECK_LIB([bsd], [daemon], [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])
+m4trace:configure.ac:674: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DAEMON])
+m4trace:configure.ac:679: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETPAGESIZE])
+m4trace:configure.ac:679: -1- AC_CHECK_LIB([ucb], [getpagesize], [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])
+m4trace:configure.ac:679: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETPAGESIZE])
+m4trace:configure.ac:695: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SNPRINTF])
+m4trace:configure.ac:721: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRICT_MKSTEMP])
+m4trace:configure.ac:721: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRICT_MKSTEMP])
+m4trace:configure.ac:724: -1- AC_FUNC_GETPGRP
+m4trace:configure.ac:724: -1- AC_DEFINE_TRACE_LITERAL([GETPGRP_VOID])
+m4trace:configure.ac:724: -1- AH_OUTPUT([GETPGRP_VOID], [/* Define to 1 if the \`getpgrp' function requires zero arguments. */
#undef GETPGRP_VOID])
-m4trace:configure.ac:711: -1- AC_CHECK_LIB([dl], [dlopen], [], [])
-m4trace:configure.ac:711: -1- AH_OUTPUT([HAVE_LIBDL], [/* Define to 1 if you have the \`dl' library (-ldl). */
+m4trace:configure.ac:752: -1- AC_CHECK_LIB([dl], [dlopen], [], [])
+m4trace:configure.ac:752: -1- AH_OUTPUT([HAVE_LIBDL], [/* Define to 1 if you have the \`dl' library (-ldl). */
#undef HAVE_LIBDL])
-m4trace:configure.ac:711: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDL])
-m4trace:configure.ac:711: -1- AC_CHECK_LIB([pam], [pam_set_item], [], [{ { echo "$as_me:$LINENO: error: *** libpam missing" >&5
+m4trace:configure.ac:752: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDL])
+m4trace:configure.ac:752: -1- AC_CHECK_LIB([pam], [pam_set_item], [], [{ { echo "$as_me:$LINENO: error: *** libpam missing" >&5
echo "$as_me: error: *** libpam missing" >&2;}
{ (exit 1); exit 1; }; }])
-m4trace:configure.ac:711: -1- AH_OUTPUT([HAVE_LIBPAM], [/* Define to 1 if you have the \`pam' library (-lpam). */
+m4trace:configure.ac:752: -1- AH_OUTPUT([HAVE_LIBPAM], [/* Define to 1 if you have the \`pam' library (-lpam). */
#undef HAVE_LIBPAM])
-m4trace:configure.ac:711: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBPAM])
-m4trace:configure.ac:711: -1- AC_CHECK_FUNCS([pam_getenvlist])
-m4trace:configure.ac:711: -1- AH_OUTPUT([HAVE_PAM_GETENVLIST], [/* Define to 1 if you have the \`pam_getenvlist' function. */
+m4trace:configure.ac:752: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBPAM])
+m4trace:configure.ac:752: -1- AC_CHECK_FUNCS([pam_getenvlist])
+m4trace:configure.ac:752: -1- AH_OUTPUT([HAVE_PAM_GETENVLIST], [/* Define to 1 if you have the \`pam_getenvlist' function. */
#undef HAVE_PAM_GETENVLIST])
-m4trace:configure.ac:711: -1- AC_DEFINE_TRACE_LITERAL([USE_PAM])
-m4trace:configure.ac:711: -1- AC_SUBST([LIBPAM])
-m4trace:configure.ac:729: -1- AC_DEFINE_TRACE_LITERAL([HAVE_OLD_PAM])
-m4trace:configure.ac:735: -1- AC_CHECK_LIB([crypt], [crypt])
-m4trace:configure.ac:735: -1- AH_OUTPUT([HAVE_LIBCRYPT], [/* Define to 1 if you have the \`crypt' library (-lcrypt). */
+m4trace:configure.ac:752: -1- AC_DEFINE_TRACE_LITERAL([USE_PAM])
+m4trace:configure.ac:752: -1- AC_SUBST([LIBPAM])
+m4trace:configure.ac:770: -1- AC_DEFINE_TRACE_LITERAL([HAVE_OLD_PAM])
+m4trace:configure.ac:776: -1- AC_CHECK_LIB([crypt], [crypt])
+m4trace:configure.ac:776: -1- AH_OUTPUT([HAVE_LIBCRYPT], [/* Define to 1 if you have the \`crypt' library (-lcrypt). */
#undef HAVE_LIBCRYPT])
-m4trace:configure.ac:735: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBCRYPT])
-m4trace:configure.ac:767: -2- AC_DEFINE_TRACE_LITERAL([HAVE_OPENSSL])
-m4trace:configure.ac:782: -2- AC_DEFINE_TRACE_LITERAL([HAVE_OPENSSL])
-m4trace:configure.ac:869: -1- AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
-m4trace:configure.ac:917: -1- AC_DEFINE_TRACE_LITERAL([OPENSSL_PRNG_ONLY])
-m4trace:configure.ac:925: -1- AC_SUBST([INSTALL_SSH_RAND_HELPER])
-m4trace:configure.ac:948: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_PORT])
-m4trace:configure.ac:998: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_SOCKET])
-m4trace:configure.ac:998: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_SOCKET])
-m4trace:configure.ac:1010: -1- AC_DEFINE_TRACE_LITERAL([ENTROPY_TIMEOUT_MSEC])
-m4trace:configure.ac:1021: -1- AC_DEFINE_TRACE_LITERAL([SSH_PRIVSEP_USER])
-m4trace:configure.ac:1022: -1- AC_SUBST([SSH_PRIVSEP_USER])
-m4trace:configure.ac:1039: -1- AC_SUBST([PROG_LS], [$ac_cv_path_PROG_LS])
-m4trace:configure.ac:1039: -1- AC_SUBST([PROG_LS])
-m4trace:configure.ac:1040: -1- AC_SUBST([PROG_NETSTAT], [$ac_cv_path_PROG_NETSTAT])
-m4trace:configure.ac:1040: -1- AC_SUBST([PROG_NETSTAT])
-m4trace:configure.ac:1041: -1- AC_SUBST([PROG_ARP], [$ac_cv_path_PROG_ARP])
-m4trace:configure.ac:1041: -1- AC_SUBST([PROG_ARP])
-m4trace:configure.ac:1042: -1- AC_SUBST([PROG_IFCONFIG], [$ac_cv_path_PROG_IFCONFIG])
-m4trace:configure.ac:1042: -1- AC_SUBST([PROG_IFCONFIG])
-m4trace:configure.ac:1043: -1- AC_SUBST([PROG_JSTAT], [$ac_cv_path_PROG_JSTAT])
-m4trace:configure.ac:1043: -1- AC_SUBST([PROG_JSTAT])
-m4trace:configure.ac:1044: -1- AC_SUBST([PROG_PS], [$ac_cv_path_PROG_PS])
-m4trace:configure.ac:1044: -1- AC_SUBST([PROG_PS])
-m4trace:configure.ac:1045: -1- AC_SUBST([PROG_SAR], [$ac_cv_path_PROG_SAR])
-m4trace:configure.ac:1045: -1- AC_SUBST([PROG_SAR])
-m4trace:configure.ac:1046: -1- AC_SUBST([PROG_W], [$ac_cv_path_PROG_W])
-m4trace:configure.ac:1046: -1- AC_SUBST([PROG_W])
-m4trace:configure.ac:1047: -1- AC_SUBST([PROG_WHO], [$ac_cv_path_PROG_WHO])
-m4trace:configure.ac:1047: -1- AC_SUBST([PROG_WHO])
-m4trace:configure.ac:1048: -1- AC_SUBST([PROG_LAST], [$ac_cv_path_PROG_LAST])
-m4trace:configure.ac:1048: -1- AC_SUBST([PROG_LAST])
-m4trace:configure.ac:1049: -1- AC_SUBST([PROG_LASTLOG], [$ac_cv_path_PROG_LASTLOG])
-m4trace:configure.ac:1049: -1- AC_SUBST([PROG_LASTLOG])
-m4trace:configure.ac:1050: -1- AC_SUBST([PROG_DF], [$ac_cv_path_PROG_DF])
-m4trace:configure.ac:1050: -1- AC_SUBST([PROG_DF])
-m4trace:configure.ac:1051: -1- AC_SUBST([PROG_VMSTAT], [$ac_cv_path_PROG_VMSTAT])
-m4trace:configure.ac:1051: -1- AC_SUBST([PROG_VMSTAT])
-m4trace:configure.ac:1052: -1- AC_SUBST([PROG_UPTIME], [$ac_cv_path_PROG_UPTIME])
-m4trace:configure.ac:1052: -1- AC_SUBST([PROG_UPTIME])
-m4trace:configure.ac:1053: -1- AC_SUBST([PROG_IPCS], [$ac_cv_path_PROG_IPCS])
-m4trace:configure.ac:1053: -1- AC_SUBST([PROG_IPCS])
-m4trace:configure.ac:1054: -1- AC_SUBST([PROG_TAIL], [$ac_cv_path_PROG_TAIL])
-m4trace:configure.ac:1054: -1- AC_SUBST([PROG_TAIL])
-m4trace:configure.ac:1071: -1- AC_SUBST([INSTALL_SSH_PRNG_CMDS])
-m4trace:configure.ac:1080: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_CHAR])
-m4trace:configure.ac:1080: -1- AH_OUTPUT([SIZEOF_CHAR], [/* The size of a \`char', as computed by sizeof. */
+m4trace:configure.ac:776: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBCRYPT])
+m4trace:configure.ac:808: -2- AC_DEFINE_TRACE_LITERAL([HAVE_OPENSSL])
+m4trace:configure.ac:823: -2- AC_DEFINE_TRACE_LITERAL([HAVE_OPENSSL])
+m4trace:configure.ac:910: -1- AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
+m4trace:configure.ac:958: -1- AC_DEFINE_TRACE_LITERAL([OPENSSL_PRNG_ONLY])
+m4trace:configure.ac:966: -1- AC_SUBST([INSTALL_SSH_RAND_HELPER])
+m4trace:configure.ac:989: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_PORT])
+m4trace:configure.ac:1039: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_SOCKET])
+m4trace:configure.ac:1039: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_SOCKET])
+m4trace:configure.ac:1051: -1- AC_DEFINE_TRACE_LITERAL([ENTROPY_TIMEOUT_MSEC])
+m4trace:configure.ac:1062: -1- AC_DEFINE_TRACE_LITERAL([SSH_PRIVSEP_USER])
+m4trace:configure.ac:1063: -1- AC_SUBST([SSH_PRIVSEP_USER])
+m4trace:configure.ac:1080: -1- AC_SUBST([PROG_LS], [$ac_cv_path_PROG_LS])
+m4trace:configure.ac:1080: -1- AC_SUBST([PROG_LS])
+m4trace:configure.ac:1081: -1- AC_SUBST([PROG_NETSTAT], [$ac_cv_path_PROG_NETSTAT])
+m4trace:configure.ac:1081: -1- AC_SUBST([PROG_NETSTAT])
+m4trace:configure.ac:1082: -1- AC_SUBST([PROG_ARP], [$ac_cv_path_PROG_ARP])
+m4trace:configure.ac:1082: -1- AC_SUBST([PROG_ARP])
+m4trace:configure.ac:1083: -1- AC_SUBST([PROG_IFCONFIG], [$ac_cv_path_PROG_IFCONFIG])
+m4trace:configure.ac:1083: -1- AC_SUBST([PROG_IFCONFIG])
+m4trace:configure.ac:1084: -1- AC_SUBST([PROG_JSTAT], [$ac_cv_path_PROG_JSTAT])
+m4trace:configure.ac:1084: -1- AC_SUBST([PROG_JSTAT])
+m4trace:configure.ac:1085: -1- AC_SUBST([PROG_PS], [$ac_cv_path_PROG_PS])
+m4trace:configure.ac:1085: -1- AC_SUBST([PROG_PS])
+m4trace:configure.ac:1086: -1- AC_SUBST([PROG_SAR], [$ac_cv_path_PROG_SAR])
+m4trace:configure.ac:1086: -1- AC_SUBST([PROG_SAR])
+m4trace:configure.ac:1087: -1- AC_SUBST([PROG_W], [$ac_cv_path_PROG_W])
+m4trace:configure.ac:1087: -1- AC_SUBST([PROG_W])
+m4trace:configure.ac:1088: -1- AC_SUBST([PROG_WHO], [$ac_cv_path_PROG_WHO])
+m4trace:configure.ac:1088: -1- AC_SUBST([PROG_WHO])
+m4trace:configure.ac:1089: -1- AC_SUBST([PROG_LAST], [$ac_cv_path_PROG_LAST])
+m4trace:configure.ac:1089: -1- AC_SUBST([PROG_LAST])
+m4trace:configure.ac:1090: -1- AC_SUBST([PROG_LASTLOG], [$ac_cv_path_PROG_LASTLOG])
+m4trace:configure.ac:1090: -1- AC_SUBST([PROG_LASTLOG])
+m4trace:configure.ac:1091: -1- AC_SUBST([PROG_DF], [$ac_cv_path_PROG_DF])
+m4trace:configure.ac:1091: -1- AC_SUBST([PROG_DF])
+m4trace:configure.ac:1092: -1- AC_SUBST([PROG_VMSTAT], [$ac_cv_path_PROG_VMSTAT])
+m4trace:configure.ac:1092: -1- AC_SUBST([PROG_VMSTAT])
+m4trace:configure.ac:1093: -1- AC_SUBST([PROG_UPTIME], [$ac_cv_path_PROG_UPTIME])
+m4trace:configure.ac:1093: -1- AC_SUBST([PROG_UPTIME])
+m4trace:configure.ac:1094: -1- AC_SUBST([PROG_IPCS], [$ac_cv_path_PROG_IPCS])
+m4trace:configure.ac:1094: -1- AC_SUBST([PROG_IPCS])
+m4trace:configure.ac:1095: -1- AC_SUBST([PROG_TAIL], [$ac_cv_path_PROG_TAIL])
+m4trace:configure.ac:1095: -1- AC_SUBST([PROG_TAIL])
+m4trace:configure.ac:1112: -1- AC_SUBST([INSTALL_SSH_PRNG_CMDS])
+m4trace:configure.ac:1121: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_CHAR])
+m4trace:configure.ac:1121: -1- AH_OUTPUT([SIZEOF_CHAR], [/* The size of a \`char', as computed by sizeof. */
#undef SIZEOF_CHAR])
-m4trace:configure.ac:1081: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_SHORT_INT])
-m4trace:configure.ac:1081: -1- AH_OUTPUT([SIZEOF_SHORT_INT], [/* The size of a \`short int', as computed by sizeof. */
+m4trace:configure.ac:1122: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_SHORT_INT])
+m4trace:configure.ac:1122: -1- AH_OUTPUT([SIZEOF_SHORT_INT], [/* The size of a \`short int', as computed by sizeof. */
#undef SIZEOF_SHORT_INT])
-m4trace:configure.ac:1082: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_INT])
-m4trace:configure.ac:1082: -1- AH_OUTPUT([SIZEOF_INT], [/* The size of a \`int', as computed by sizeof. */
+m4trace:configure.ac:1123: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_INT])
+m4trace:configure.ac:1123: -1- AH_OUTPUT([SIZEOF_INT], [/* The size of a \`int', as computed by sizeof. */
#undef SIZEOF_INT])
-m4trace:configure.ac:1083: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_LONG_INT])
-m4trace:configure.ac:1083: -1- AH_OUTPUT([SIZEOF_LONG_INT], [/* The size of a \`long int', as computed by sizeof. */
+m4trace:configure.ac:1124: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_LONG_INT])
+m4trace:configure.ac:1124: -1- AH_OUTPUT([SIZEOF_LONG_INT], [/* The size of a \`long int', as computed by sizeof. */
#undef SIZEOF_LONG_INT])
-m4trace:configure.ac:1084: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_LONG_LONG_INT])
-m4trace:configure.ac:1084: -1- AH_OUTPUT([SIZEOF_LONG_LONG_INT], [/* The size of a \`long long int', as computed by sizeof. */
+m4trace:configure.ac:1125: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_LONG_LONG_INT])
+m4trace:configure.ac:1125: -1- AH_OUTPUT([SIZEOF_LONG_LONG_INT], [/* The size of a \`long long int', as computed by sizeof. */
#undef SIZEOF_LONG_LONG_INT])
-m4trace:configure.ac:1101: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT])
-m4trace:configure.ac:1114: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T])
-m4trace:configure.ac:1130: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T])
-m4trace:configure.ac:1151: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT64_T])
-m4trace:configure.ac:1163: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T])
-m4trace:configure.ac:1177: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T])
-m4trace:configure.ac:1189: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T])
-m4trace:configure.ac:1203: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T])
-m4trace:configure.ac:1218: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINTXX_T])
-m4trace:configure.ac:1232: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINTXX_T])
-m4trace:configure.ac:1254: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T])
-m4trace:configure.ac:1254: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T])
-m4trace:configure.ac:1269: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_CHAR])
-m4trace:configure.ac:1272: -1- AC_DEFINE_TRACE_LITERAL([socklen_t])
-m4trace:configure.ac:1272: -1- AH_OUTPUT([socklen_t], [/* type to use in place of socklen_t if not defined */
+m4trace:configure.ac:1142: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT])
+m4trace:configure.ac:1155: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T])
+m4trace:configure.ac:1171: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T])
+m4trace:configure.ac:1192: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT64_T])
+m4trace:configure.ac:1204: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T])
+m4trace:configure.ac:1218: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T])
+m4trace:configure.ac:1230: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T])
+m4trace:configure.ac:1244: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T])
+m4trace:configure.ac:1259: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINTXX_T])
+m4trace:configure.ac:1273: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINTXX_T])
+m4trace:configure.ac:1295: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T])
+m4trace:configure.ac:1295: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T])
+m4trace:configure.ac:1310: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_CHAR])
+m4trace:configure.ac:1313: -1- AC_DEFINE_TRACE_LITERAL([socklen_t])
+m4trace:configure.ac:1313: -1- AH_OUTPUT([socklen_t], [/* type to use in place of socklen_t if not defined */
#undef socklen_t])
-m4trace:configure.ac:1274: -1- AC_CHECK_TYPES([sig_atomic_t], [], [], [#include <signal.h>])
-m4trace:configure.ac:1274: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SIG_ATOMIC_T])
-m4trace:configure.ac:1274: -1- AH_OUTPUT([HAVE_SIG_ATOMIC_T], [/* Define to 1 if the system has the type \`sig_atomic_t'. */
+m4trace:configure.ac:1315: -1- AC_CHECK_TYPES([sig_atomic_t], [], [], [#include <signal.h>])
+m4trace:configure.ac:1315: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SIG_ATOMIC_T])
+m4trace:configure.ac:1315: -1- AH_OUTPUT([HAVE_SIG_ATOMIC_T], [/* Define to 1 if the system has the type \`sig_atomic_t'. */
#undef HAVE_SIG_ATOMIC_T])
-m4trace:configure.ac:1287: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SIZE_T])
-m4trace:configure.ac:1301: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SSIZE_T])
-m4trace:configure.ac:1315: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CLOCK_T])
-m4trace:configure.ac:1340: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SA_FAMILY_T])
-m4trace:configure.ac:1354: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PID_T])
-m4trace:configure.ac:1368: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MODE_T])
-m4trace:configure.ac:1384: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_SOCKADDR_STORAGE])
-m4trace:configure.ac:1399: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_SOCKADDR_IN6])
-m4trace:configure.ac:1414: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_IN6_ADDR])
-m4trace:configure.ac:1430: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_ADDRINFO])
-m4trace:configure.ac:1442: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_TIMEVAL])
-m4trace:configure.ac:1479: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SNPRINTF])
-m4trace:configure.ac:1481: -1- AC_SUBST([NO_SFTP])
-m4trace:configure.ac:1484: -1- AC_DEFINE_TRACE_LITERAL([HAVE_HOST_IN_UTMP])
-m4trace:configure.ac:1485: -1- AC_DEFINE_TRACE_LITERAL([HAVE_HOST_IN_UTMPX])
-m4trace:configure.ac:1486: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYSLEN_IN_UTMPX])
-m4trace:configure.ac:1487: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PID_IN_UTMP])
-m4trace:configure.ac:1488: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TYPE_IN_UTMP])
-m4trace:configure.ac:1489: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TYPE_IN_UTMPX])
-m4trace:configure.ac:1490: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TV_IN_UTMP])
-m4trace:configure.ac:1491: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ID_IN_UTMP])
-m4trace:configure.ac:1492: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ID_IN_UTMPX])
-m4trace:configure.ac:1493: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_IN_UTMP])
-m4trace:configure.ac:1494: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_IN_UTMPX])
-m4trace:configure.ac:1495: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_V6_IN_UTMP])
-m4trace:configure.ac:1496: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_V6_IN_UTMPX])
-m4trace:configure.ac:1497: -1- AC_DEFINE_TRACE_LITERAL([HAVE_EXIT_IN_UTMP])
-m4trace:configure.ac:1498: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TIME_IN_UTMP])
-m4trace:configure.ac:1499: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TIME_IN_UTMPX])
-m4trace:configure.ac:1500: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TV_IN_UTMPX])
-m4trace:configure.ac:1502: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_STAT_ST_BLKSIZE])
-m4trace:configure.ac:1502: -1- AH_OUTPUT([HAVE_STRUCT_STAT_ST_BLKSIZE], [/* Define to 1 if \`st_blksize' is member of \`struct stat'. */
+m4trace:configure.ac:1328: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SIZE_T])
+m4trace:configure.ac:1342: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SSIZE_T])
+m4trace:configure.ac:1356: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CLOCK_T])
+m4trace:configure.ac:1381: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SA_FAMILY_T])
+m4trace:configure.ac:1395: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PID_T])
+m4trace:configure.ac:1409: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MODE_T])
+m4trace:configure.ac:1425: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_SOCKADDR_STORAGE])
+m4trace:configure.ac:1440: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_SOCKADDR_IN6])
+m4trace:configure.ac:1455: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_IN6_ADDR])
+m4trace:configure.ac:1471: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_ADDRINFO])
+m4trace:configure.ac:1483: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_TIMEVAL])
+m4trace:configure.ac:1487: -1- AC_CHECK_TYPES([struct timespec])
+m4trace:configure.ac:1487: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_TIMESPEC])
+m4trace:configure.ac:1487: -1- AH_OUTPUT([HAVE_STRUCT_TIMESPEC], [/* Define to 1 if the system has the type \`struct timespec'. */
+#undef HAVE_STRUCT_TIMESPEC])
+m4trace:configure.ac:1524: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SNPRINTF])
+m4trace:configure.ac:1528: -1- AC_DEFINE_TRACE_LITERAL([HAVE_HOST_IN_UTMP])
+m4trace:configure.ac:1529: -1- AC_DEFINE_TRACE_LITERAL([HAVE_HOST_IN_UTMPX])
+m4trace:configure.ac:1530: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYSLEN_IN_UTMPX])
+m4trace:configure.ac:1531: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PID_IN_UTMP])
+m4trace:configure.ac:1532: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TYPE_IN_UTMP])
+m4trace:configure.ac:1533: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TYPE_IN_UTMPX])
+m4trace:configure.ac:1534: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TV_IN_UTMP])
+m4trace:configure.ac:1535: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ID_IN_UTMP])
+m4trace:configure.ac:1536: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ID_IN_UTMPX])
+m4trace:configure.ac:1537: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_IN_UTMP])
+m4trace:configure.ac:1538: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_IN_UTMPX])
+m4trace:configure.ac:1539: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_V6_IN_UTMP])
+m4trace:configure.ac:1540: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_V6_IN_UTMPX])
+m4trace:configure.ac:1541: -1- AC_DEFINE_TRACE_LITERAL([HAVE_EXIT_IN_UTMP])
+m4trace:configure.ac:1542: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TIME_IN_UTMP])
+m4trace:configure.ac:1543: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TIME_IN_UTMPX])
+m4trace:configure.ac:1544: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TV_IN_UTMPX])
+m4trace:configure.ac:1546: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_STAT_ST_BLKSIZE])
+m4trace:configure.ac:1546: -1- AH_OUTPUT([HAVE_STRUCT_STAT_ST_BLKSIZE], [/* Define to 1 if \`st_blksize' is member of \`struct stat'. */
#undef HAVE_STRUCT_STAT_ST_BLKSIZE])
-m4trace:configure.ac:1517: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SS_FAMILY_IN_SS])
-m4trace:configure.ac:1533: -1- AC_DEFINE_TRACE_LITERAL([HAVE___SS_FAMILY_IN_SS])
-m4trace:configure.ac:1548: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_CLASS_IN_PASSWD])
-m4trace:configure.ac:1563: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_EXPIRE_IN_PASSWD])
-m4trace:configure.ac:1578: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_CHANGE_IN_PASSWD])
-m4trace:configure.ac:1603: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ACCRIGHTS_IN_MSGHDR])
-m4trace:configure.ac:1627: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CONTROL_IN_MSGHDR])
-m4trace:configure.ac:1638: -1- AC_DEFINE_TRACE_LITERAL([HAVE___PROGNAME])
-m4trace:configure.ac:1651: -1- AC_DEFINE_TRACE_LITERAL([HAVE___FUNCTION__])
-m4trace:configure.ac:1664: -1- AC_DEFINE_TRACE_LITERAL([HAVE___func__])
-m4trace:configure.ac:1679: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETOPT_OPTRESET])
-m4trace:configure.ac:1690: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYS_ERRLIST])
-m4trace:configure.ac:1702: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYS_NERR])
-m4trace:configure.ac:1735: -1- AC_CHECK_HEADERS([sectok.h])
-m4trace:configure.ac:1735: -1- AH_OUTPUT([HAVE_SECTOK_H], [/* Define to 1 if you have the <sectok.h> header file. */
+m4trace:configure.ac:1561: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SS_FAMILY_IN_SS])
+m4trace:configure.ac:1577: -1- AC_DEFINE_TRACE_LITERAL([HAVE___SS_FAMILY_IN_SS])
+m4trace:configure.ac:1592: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_CLASS_IN_PASSWD])
+m4trace:configure.ac:1607: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_EXPIRE_IN_PASSWD])
+m4trace:configure.ac:1622: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_CHANGE_IN_PASSWD])
+m4trace:configure.ac:1647: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ACCRIGHTS_IN_MSGHDR])
+m4trace:configure.ac:1671: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CONTROL_IN_MSGHDR])
+m4trace:configure.ac:1682: -1- AC_DEFINE_TRACE_LITERAL([HAVE___PROGNAME])
+m4trace:configure.ac:1695: -1- AC_DEFINE_TRACE_LITERAL([HAVE___FUNCTION__])
+m4trace:configure.ac:1708: -1- AC_DEFINE_TRACE_LITERAL([HAVE___func__])
+m4trace:configure.ac:1723: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETOPT_OPTRESET])
+m4trace:configure.ac:1734: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYS_ERRLIST])
+m4trace:configure.ac:1746: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYS_NERR])
+m4trace:configure.ac:1779: -1- AC_CHECK_HEADERS([sectok.h])
+m4trace:configure.ac:1779: -1- AH_OUTPUT([HAVE_SECTOK_H], [/* Define to 1 if you have the <sectok.h> header file. */
#undef HAVE_SECTOK_H])
-m4trace:configure.ac:1735: -1- AC_CHECK_LIB([sectok], [sectok_open])
-m4trace:configure.ac:1735: -1- AH_OUTPUT([HAVE_LIBSECTOK], [/* Define to 1 if you have the \`sectok' library (-lsectok). */
+m4trace:configure.ac:1779: -1- AC_CHECK_LIB([sectok], [sectok_open])
+m4trace:configure.ac:1779: -1- AH_OUTPUT([HAVE_LIBSECTOK], [/* Define to 1 if you have the \`sectok' library (-lsectok). */
#undef HAVE_LIBSECTOK])
-m4trace:configure.ac:1735: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSECTOK])
-m4trace:configure.ac:1735: -1- AC_DEFINE_TRACE_LITERAL([SMARTCARD])
-m4trace:configure.ac:1735: -1- AC_DEFINE_TRACE_LITERAL([USE_SECTOK])
-m4trace:configure.ac:1744: -1- AC_SUBST([OPENSC_CONFIG], [$ac_cv_path_OPENSC_CONFIG])
-m4trace:configure.ac:1750: -1- AC_DEFINE_TRACE_LITERAL([SMARTCARD])
-m4trace:configure.ac:1751: -1- AC_DEFINE_TRACE_LITERAL([USE_OPENSC])
-m4trace:configure.ac:1793: -1- AC_DEFINE_TRACE_LITERAL([KRB5])
-m4trace:configure.ac:1793: -1- AC_DEFINE_TRACE_LITERAL([HEIMDAL])
-m4trace:configure.ac:1793: -1- AC_CHECK_LIB([resolv], [dn_expand], [], [])
-m4trace:configure.ac:1793: -1- AH_OUTPUT([HAVE_LIBRESOLV], [/* Define to 1 if you have the \`resolv' library (-lresolv). */
+m4trace:configure.ac:1779: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSECTOK])
+m4trace:configure.ac:1779: -1- AC_DEFINE_TRACE_LITERAL([SMARTCARD])
+m4trace:configure.ac:1779: -1- AC_DEFINE_TRACE_LITERAL([USE_SECTOK])
+m4trace:configure.ac:1788: -1- AC_SUBST([OPENSC_CONFIG], [$ac_cv_path_OPENSC_CONFIG])
+m4trace:configure.ac:1794: -1- AC_DEFINE_TRACE_LITERAL([SMARTCARD])
+m4trace:configure.ac:1795: -1- AC_DEFINE_TRACE_LITERAL([USE_OPENSC])
+m4trace:configure.ac:1837: -1- AC_DEFINE_TRACE_LITERAL([KRB5])
+m4trace:configure.ac:1837: -1- AC_DEFINE_TRACE_LITERAL([HEIMDAL])
+m4trace:configure.ac:1837: -1- AC_CHECK_LIB([resolv], [dn_expand], [], [])
+m4trace:configure.ac:1837: -1- AH_OUTPUT([HAVE_LIBRESOLV], [/* Define to 1 if you have the \`resolv' library (-lresolv). */
#undef HAVE_LIBRESOLV])
-m4trace:configure.ac:1793: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBRESOLV])
-m4trace:configure.ac:1847: -1- AC_CHECK_HEADERS([krb.h])
-m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_KRB_H], [/* Define to 1 if you have the <krb.h> header file. */
+m4trace:configure.ac:1837: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBRESOLV])
+m4trace:configure.ac:1891: -1- AC_CHECK_HEADERS([krb.h])
+m4trace:configure.ac:1891: -1- AH_OUTPUT([HAVE_KRB_H], [/* Define to 1 if you have the <krb.h> header file. */
#undef HAVE_KRB_H])
-m4trace:configure.ac:1847: -1- AC_CHECK_LIB([krb], [main])
-m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_LIBKRB], [/* Define to 1 if you have the \`krb' library (-lkrb). */
+m4trace:configure.ac:1891: -1- AC_CHECK_LIB([krb], [main])
+m4trace:configure.ac:1891: -1- AH_OUTPUT([HAVE_LIBKRB], [/* Define to 1 if you have the \`krb' library (-lkrb). */
#undef HAVE_LIBKRB])
-m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBKRB])
-m4trace:configure.ac:1847: -1- AC_CHECK_LIB([krb4], [main])
-m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_LIBKRB4], [/* Define to 1 if you have the \`krb4' library (-lkrb4). */
+m4trace:configure.ac:1891: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBKRB])
+m4trace:configure.ac:1891: -1- AC_CHECK_LIB([krb4], [main])
+m4trace:configure.ac:1891: -1- AH_OUTPUT([HAVE_LIBKRB4], [/* Define to 1 if you have the \`krb4' library (-lkrb4). */
#undef HAVE_LIBKRB4])
-m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBKRB4])
-m4trace:configure.ac:1847: -1- AC_CHECK_LIB([des], [des_cbc_encrypt])
-m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_LIBDES], [/* Define to 1 if you have the \`des' library (-ldes). */
+m4trace:configure.ac:1891: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBKRB4])
+m4trace:configure.ac:1891: -1- AC_CHECK_LIB([des], [des_cbc_encrypt])
+m4trace:configure.ac:1891: -1- AH_OUTPUT([HAVE_LIBDES], [/* Define to 1 if you have the \`des' library (-ldes). */
#undef HAVE_LIBDES])
-m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDES])
-m4trace:configure.ac:1847: -1- AC_CHECK_LIB([des425], [des_cbc_encrypt])
-m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_LIBDES425], [/* Define to 1 if you have the \`des425' library (-ldes425). */
+m4trace:configure.ac:1891: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDES])
+m4trace:configure.ac:1891: -1- AC_CHECK_LIB([des425], [des_cbc_encrypt])
+m4trace:configure.ac:1891: -1- AH_OUTPUT([HAVE_LIBDES425], [/* Define to 1 if you have the \`des425' library (-ldes425). */
#undef HAVE_LIBDES425])
-m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDES425])
-m4trace:configure.ac:1847: -1- AC_CHECK_LIB([resolv], [dn_expand], [], [])
-m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_LIBRESOLV], [/* Define to 1 if you have the \`resolv' library (-lresolv). */
+m4trace:configure.ac:1891: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDES425])
+m4trace:configure.ac:1891: -1- AC_CHECK_LIB([resolv], [dn_expand], [], [])
+m4trace:configure.ac:1891: -1- AH_OUTPUT([HAVE_LIBRESOLV], [/* Define to 1 if you have the \`resolv' library (-lresolv). */
#undef HAVE_LIBRESOLV])
-m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBRESOLV])
-m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([KRB4])
-m4trace:configure.ac:1873: -1- AC_DEFINE_TRACE_LITERAL([AFS])
-m4trace:configure.ac:1887: -1- AC_SUBST([PRIVSEP_PATH])
-m4trace:configure.ac:1907: -1- AC_SUBST([xauth_path], [$ac_cv_path_xauth_path])
-m4trace:configure.ac:1911: -1- AC_SUBST([XAUTH_PATH])
-m4trace:configure.ac:1913: -1- AC_DEFINE_TRACE_LITERAL([XAUTH_PATH])
-m4trace:configure.ac:1915: -1- AC_SUBST([XAUTH_PATH])
-m4trace:configure.ac:1921: -1- AC_DEFINE_TRACE_LITERAL([MAIL_DIRECTORY])
-m4trace:configure.ac:1931: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DEV_PTMX])
-m4trace:configure.ac:1939: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DEV_PTS_AND_PTC])
-m4trace:configure.ac:1957: -1- AC_SUBST([NROFF], [$ac_cv_path_NROFF])
-m4trace:configure.ac:1966: -1- AC_SUBST([MANTYPE])
-m4trace:configure.ac:1972: -1- AC_SUBST([mansubdir])
-m4trace:configure.ac:1984: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MD5_PASSWORDS])
-m4trace:configure.ac:1995: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
-m4trace:configure.ac:2010: -1- AC_DEFINE_TRACE_LITERAL([HAS_SHADOW_EXPIRE])
-m4trace:configure.ac:2019: -1- AC_DEFINE_TRACE_LITERAL([IPADDR_IN_DISPLAY])
-m4trace:configure.ac:2030: -1- AC_DEFINE_TRACE_LITERAL([IPADDR_IN_DISPLAY])
-m4trace:configure.ac:2107: -1- AC_DEFINE_TRACE_LITERAL([USER_PATH])
-m4trace:configure.ac:2108: -1- AC_SUBST([user_path])
-m4trace:configure.ac:2120: -1- AC_DEFINE_TRACE_LITERAL([SUPERUSER_PATH])
-m4trace:configure.ac:2133: -1- AC_DEFINE_TRACE_LITERAL([IPV4_DEFAULT])
-m4trace:configure.ac:2156: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6])
-m4trace:configure.ac:2156: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6])
-m4trace:configure.ac:2168: -1- AC_DEFINE_TRACE_LITERAL([BSD_AUTH])
-m4trace:configure.ac:2192: -1- AC_DEFINE_TRACE_LITERAL([_PATH_SSH_PIDDIR])
-m4trace:configure.ac:2193: -1- AC_SUBST([piddir])
-m4trace:configure.ac:2199: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG])
-m4trace:configure.ac:2203: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
-m4trace:configure.ac:2207: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX])
-m4trace:configure.ac:2211: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP])
-m4trace:configure.ac:2215: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX])
-m4trace:configure.ac:2219: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LOGIN])
-m4trace:configure.ac:2223: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTLINE])
-m4trace:configure.ac:2227: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTXLINE])
-m4trace:configure.ac:2237: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG])
-m4trace:configure.ac:2299: -1- AC_DEFINE_TRACE_LITERAL([CONF_LASTLOG_FILE])
-m4trace:configure.ac:2324: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
-m4trace:configure.ac:2329: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMP_FILE])
-m4trace:configure.ac:2354: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP])
-m4trace:configure.ac:2359: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMP_FILE])
-m4trace:configure.ac:2384: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX])
-m4trace:configure.ac:2387: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMPX_FILE])
-m4trace:configure.ac:2409: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX])
-m4trace:configure.ac:2412: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMPX_FILE])
-m4trace:configure.ac:2430: -1- AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
+m4trace:configure.ac:1891: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBRESOLV])
+m4trace:configure.ac:1891: -1- AC_DEFINE_TRACE_LITERAL([KRB4])
+m4trace:configure.ac:1917: -1- AC_DEFINE_TRACE_LITERAL([AFS])
+m4trace:configure.ac:1931: -1- AC_SUBST([PRIVSEP_PATH])
+m4trace:configure.ac:1951: -1- AC_SUBST([xauth_path], [$ac_cv_path_xauth_path])
+m4trace:configure.ac:1962: -1- AC_SUBST([STRIP_OPT])
+m4trace:configure.ac:1966: -1- AC_SUBST([XAUTH_PATH])
+m4trace:configure.ac:1968: -1- AC_DEFINE_TRACE_LITERAL([XAUTH_PATH])
+m4trace:configure.ac:1970: -1- AC_SUBST([XAUTH_PATH])
+m4trace:configure.ac:1976: -1- AC_DEFINE_TRACE_LITERAL([MAIL_DIRECTORY])
+m4trace:configure.ac:1986: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DEV_PTMX])
+m4trace:configure.ac:1994: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DEV_PTS_AND_PTC])
+m4trace:configure.ac:2012: -1- AC_SUBST([NROFF], [$ac_cv_path_NROFF])
+m4trace:configure.ac:2021: -1- AC_SUBST([MANTYPE])
+m4trace:configure.ac:2027: -1- AC_SUBST([mansubdir])
+m4trace:configure.ac:2039: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MD5_PASSWORDS])
+m4trace:configure.ac:2050: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
+m4trace:configure.ac:2065: -1- AC_DEFINE_TRACE_LITERAL([HAS_SHADOW_EXPIRE])
+m4trace:configure.ac:2074: -1- AC_DEFINE_TRACE_LITERAL([IPADDR_IN_DISPLAY])
+m4trace:configure.ac:2085: -1- AC_DEFINE_TRACE_LITERAL([IPADDR_IN_DISPLAY])
+m4trace:configure.ac:2166: -1- AC_DEFINE_TRACE_LITERAL([USER_PATH])
+m4trace:configure.ac:2167: -1- AC_SUBST([user_path])
+m4trace:configure.ac:2179: -1- AC_DEFINE_TRACE_LITERAL([SUPERUSER_PATH])
+m4trace:configure.ac:2192: -1- AC_DEFINE_TRACE_LITERAL([IPV4_DEFAULT])
+m4trace:configure.ac:2215: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6])
+m4trace:configure.ac:2215: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6])
+m4trace:configure.ac:2227: -1- AC_DEFINE_TRACE_LITERAL([BSD_AUTH])
+m4trace:configure.ac:2251: -1- AC_DEFINE_TRACE_LITERAL([_PATH_SSH_PIDDIR])
+m4trace:configure.ac:2252: -1- AC_SUBST([piddir])
+m4trace:configure.ac:2258: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG])
+m4trace:configure.ac:2262: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
+m4trace:configure.ac:2266: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX])
+m4trace:configure.ac:2270: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP])
+m4trace:configure.ac:2274: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX])
+m4trace:configure.ac:2278: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LOGIN])
+m4trace:configure.ac:2282: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTLINE])
+m4trace:configure.ac:2286: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTXLINE])
+m4trace:configure.ac:2296: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG])
+m4trace:configure.ac:2358: -1- AC_DEFINE_TRACE_LITERAL([CONF_LASTLOG_FILE])
+m4trace:configure.ac:2383: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
+m4trace:configure.ac:2388: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMP_FILE])
+m4trace:configure.ac:2413: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP])
+m4trace:configure.ac:2418: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMP_FILE])
+m4trace:configure.ac:2443: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX])
+m4trace:configure.ac:2446: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMPX_FILE])
+m4trace:configure.ac:2468: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX])
+m4trace:configure.ac:2471: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMPX_FILE])
+m4trace:configure.ac:2489: -1- AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
*/
#include "includes.h"
-RCSID("$OpenBSD: bufaux.c,v 1.27 2002/06/26 08:53:12 markus Exp $");
+RCSID("$OpenBSD: bufaux.c,v 1.28 2002/10/23 10:40:16 markus Exp $");
#include <openssl/bn.h>
#include "bufaux.h"
/* Get the length. */
len = buffer_get_int(buffer);
if (len > 256 * 1024)
- fatal("buffer_get_string: bad string length %d", len);
+ fatal("buffer_get_string: bad string length %u", len);
/* Allocate space for the string. Add one byte for a null character. */
value = xmalloc(len + 1);
/* Get the string. */
*/
#include "includes.h"
-RCSID("$OpenBSD: canohost.c,v 1.34 2002/09/23 20:46:27 stevesk Exp $");
+RCSID("$OpenBSD: canohost.c,v 1.35 2002/11/26 02:38:54 stevesk Exp $");
#include "packet.h"
#include "xmalloc.h"
/* Get IP address of client. */
fromlen = sizeof(from);
memset(&from, 0, sizeof(from));
- if (getpeername(socket, (struct sockaddr *) &from, &fromlen) < 0) {
+ if (getpeername(socket, (struct sockaddr *)&from, &fromlen) < 0) {
debug("getpeername failed: %.100s", strerror(errno));
fatal_cleanup();
}
memset(&from, 0, sizeof(from));
from4->sin_family = AF_INET;
+ fromlen = sizeof(*from4);
memcpy(&from4->sin_addr, &addr, sizeof(addr));
from4->sin_port = port;
}
}
#endif
+ if (from.ss_family == AF_INET6)
+ fromlen = sizeof(struct sockaddr_in6);
if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop),
NULL, 0, NI_NUMERICHOST) != 0)
}
/*
- * Returns the remote IP-address of socket as a string. The returned
- * string must be freed.
+ * Returns the local/remote IP-address/hostname of socket as a string.
+ * The returned string must be freed.
*/
static char *
get_socket_address(int socket, int remote, int flags)
< 0)
return NULL;
}
+
+ /* Work around Linux IPv6 weirdness */
+ if (addr.ss_family == AF_INET6)
+ addrlen = sizeof(struct sockaddr_in6);
+
/* Get the address in ascii. */
if (getnameinfo((struct sockaddr *)&addr, addrlen, ntop, sizeof(ntop),
NULL, 0, flags) != 0) {
- error("get_socket_ipaddr: getnameinfo %d failed", flags);
+ error("get_socket_address: getnameinfo %d failed", flags);
return NULL;
}
return xstrdup(ntop);
return 0;
}
} else {
- if (getpeername(sock, (struct sockaddr *) & from, &fromlen) < 0) {
+ if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) {
debug("getpeername failed: %.100s", strerror(errno));
fatal_cleanup();
}
}
+
+ /* Work around Linux IPv6 weirdness */
+ if (from.ss_family == AF_INET6)
+ fromlen = sizeof(struct sockaddr_in6);
+
/* Return port number. */
if (getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0,
strport, sizeof(strport), NI_NUMERICSERV) != 0)
*/
#include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.183 2002/09/17 07:47:02 itojun Exp $");
+RCSID("$OpenBSD: channels.c,v 1.187 2003/03/05 22:33:43 markus Exp $");
#include "ssh.h"
#include "ssh1.h"
#if 0
if (!compat20 &&
buffer_len(&c->input) > packet_get_maxsize()) {
- debug("channel %d: big input buffer %d",
+ debug2("channel %d: big input buffer %d",
c->self, buffer_len(&c->input));
return 0;
}
#endif
if (buffer_len(&c->output) > packet_get_maxsize()) {
- debug("channel %d: big output buffer %d > %d",
+ debug2("channel %d: big output buffer %d > %d",
c->self, buffer_len(&c->output),
packet_get_maxsize());
return 0;
log("channel_send_open: %d: bad id", id);
return;
}
- debug("send channel open %d", id);
+ debug2("channel %d: send open", id);
packet_start(SSH2_MSG_CHANNEL_OPEN);
packet_put_cstring(c->ctype);
packet_put_int(c->self);
}
void
-channel_request_start(int local_id, char *service, int wantconfirm)
+channel_request_start(int id, char *service, int wantconfirm)
{
- Channel *c = channel_lookup(local_id);
+ Channel *c = channel_lookup(id);
if (c == NULL) {
- log("channel_request_start: %d: unknown channel id", local_id);
+ log("channel_request_start: %d: unknown channel id", id);
return;
}
- debug("channel request %d: %s", local_id, service) ;
+ debug("channel %d: request %s", id, service) ;
packet_start(SSH2_MSG_CHANNEL_REQUEST);
packet_put_int(c->remote_id);
packet_put_cstring(service);
c->remote_id = remote_id;
}
if (c == NULL) {
+ xfree(originator_string);
packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
packet_put_int(remote_id);
packet_send();
}
sock = socket(ai->ai_family, SOCK_STREAM, 0);
if (sock < 0) {
- error("socket: %.100s", strerror(errno));
+ if (ai->ai_next == NULL)
+ error("socket: %.100s", strerror(errno));
+ else
+ verbose("socket: %.100s", strerror(errno));
continue;
}
if (fcntl(sock, F_SETFL, O_NONBLOCK) < 0)
/* Send refusal to the remote host. */
packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
packet_put_int(remote_id);
+ xfree(remote_host);
} else {
/* Send a confirmation to the remote host. */
packet_start(SSH_MSG_CHANNEL_OPEN_CONFIRMATION);
*/
#include "includes.h"
-RCSID("$OpenBSD: cipher.c,v 1.61 2002/07/12 15:50:17 markus Exp $");
+RCSID("$OpenBSD: cipher.c,v 1.62 2002/11/21 22:45:31 markus Exp $");
#include "xmalloc.h"
#include "log.h"
cipher->name);
klen = EVP_CIPHER_CTX_key_length(&cc->evp);
if (klen > 0 && keylen != klen) {
- debug("cipher_init: set keylen (%d -> %d)", klen, keylen);
+ debug2("cipher_init: set keylen (%d -> %d)", klen, keylen);
if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0)
fatal("cipher_init: set keylen failed (%d -> %d)",
klen, keylen);
*/
#include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.104 2002/08/22 19:38:42 stevesk Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.107 2003/04/01 10:22:21 markus Exp $");
#include "ssh.h"
#include "ssh1.h"
client_init_dispatch();
- /* Set signal handlers to restore non-blocking mode. */
- signal(SIGINT, signal_handler);
- signal(SIGQUIT, signal_handler);
- signal(SIGTERM, signal_handler);
+ /*
+ * Set signal handlers, (e.g. to restore non-blocking mode)
+ * but don't overwrite SIG_IGN, matches behaviour from rsh(1)
+ */
+ if (signal(SIGINT, SIG_IGN) != SIG_IGN)
+ signal(SIGINT, signal_handler);
+ if (signal(SIGQUIT, SIG_IGN) != SIG_IGN)
+ signal(SIGQUIT, signal_handler);
+ if (signal(SIGTERM, SIG_IGN) != SIG_IGN)
+ signal(SIGTERM, signal_handler);
if (have_pty)
signal(SIGWINCH, window_change_handler);
*/
#include "includes.h"
-RCSID("$OpenBSD: compat.c,v 1.65 2002/09/27 10:42:09 mickey Exp $");
+RCSID("$OpenBSD: compat.c,v 1.66 2003/04/01 10:31:26 markus Exp $");
#include "buffer.h"
#include "packet.h"
{ "*MindTerm*", 0 },
{ "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
- SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE },
+ SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE|
+ SSH_BUG_FIRSTKEX },
{ "2.1 *", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
- SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE },
+ SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE|
+ SSH_BUG_FIRSTKEX },
{ "2.0.13*,"
"2.0.14*,"
"2.0.15*,"
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
SSH_BUG_PKOK|SSH_BUG_RSASIGMD5|
SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE|
- SSH_BUG_DUMMYCHAN },
+ SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX },
{ "2.0.11*,"
"2.0.12*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
SSH_BUG_PKAUTH|SSH_BUG_PKOK|
SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE|
- SSH_BUG_DUMMYCHAN },
+ SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX },
{ "2.0.*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
SSH_BUG_PKAUTH|SSH_BUG_PKOK|
SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE|
- SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN },
+ SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN|
+ SSH_BUG_FIRSTKEX },
{ "2.2.0*,"
"2.3.0*", SSH_BUG_HMAC|SSH_BUG_DEBUG|
- SSH_BUG_RSASIGMD5 },
- { "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5 },
+ SSH_BUG_RSASIGMD5|SSH_BUG_FIRSTKEX },
+ { "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5|
+ SSH_BUG_FIRSTKEX },
{ "2.4", SSH_OLD_SESSIONID }, /* Van Dyke */
- { "2.*", SSH_BUG_DEBUG },
+ { "2.*", SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX },
{ "3.0.*", SSH_BUG_DEBUG },
{ "3.0 SecureCRT*", SSH_OLD_SESSIONID },
{ "1.7 SecureFX*", SSH_OLD_SESSIONID },
-/* $OpenBSD: compat.h,v 1.33 2002/09/27 10:42:09 mickey Exp $ */
+/* $OpenBSD: compat.h,v 1.34 2003/04/01 10:31:26 markus Exp $ */
/*
* Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved.
#define SSH_BUG_EXTEOF 0x00200000
#define SSH_BUG_K5USER 0x00400000
#define SSH_BUG_PROBE 0x00800000
+#define SSH_BUG_FIRSTKEX 0x01000000
void enable_compat13(void);
void enable_compat20(void);
CRAY*SV1:*:*:*)
echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
+ *:UNICOS/mp:*:*)
+ echo nv1-cray-unicosmp | sed -e 's/\.[^.]*$/.X/'
+ exit 0 ;;
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
| mipsisa64-* | mipsisa64el-* \
| mipsisa64sb1-* | mipsisa64sb1el-* \
| mipstx39 | mipstx39el \
- | none-* | np1-* | ns16k-* | ns32k-* \
+ | none-* | np1-* | ns16k-* | ns32k-* | nv1-* \
| orion-* \
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
nsr-tandem)
basic_machine=nsr-tandem
;;
+ nv1)
+ basic_machine=nv1-cray
+ ;;
op50n-* | op60c-*)
basic_machine=hppa1.1-oki
os=-proelf
basic_machine=sv1-cray
os=-unicos
;;
+ sx*-nec)
+ basic_machine=sx6-nec
+ os=-sysv
+ ;;
symmetry)
basic_machine=i386-sequent
os=-dynix
AC_PROG_INSTALL
AC_PATH_PROG(AR, ar)
AC_PATH_PROGS(PERL, perl5 perl)
+AC_PATH_PROG(SED, sed)
AC_SUBST(PERL)
AC_PATH_PROG(ENT, ent)
AC_SUBST(ENT)
dnl AIX handles lastlog as part of its login message
AC_DEFINE(DISABLE_LASTLOG)
AC_DEFINE(LOGIN_NEEDS_UTMPX)
+ AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_CLOBBER_ARGV)
+ AC_DEFINE(SETPROCTITLE_PS_PADDING, '\0')
;;
*-*-cygwin*)
+ check_for_libcrypt_later=1
LIBS="$LIBS /usr/lib/textmode.o"
AC_DEFINE(HAVE_CYGWIN)
AC_DEFINE(USE_PIPES)
AC_DEFINE(LOGIN_NEEDS_UTMPX)
AC_DEFINE(DISABLE_SHADOW)
AC_DEFINE(DISABLE_UTMP)
- AC_DEFINE(SPT_TYPE,SPT_PSTAT)
+ AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT)
LIBS="$LIBS -lsec -lsecpw"
AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
disable_ptmx_check=yes
AC_DEFINE(LOGIN_NEEDS_UTMPX)
AC_DEFINE(DISABLE_SHADOW)
AC_DEFINE(DISABLE_UTMP)
- AC_DEFINE(SPT_TYPE,SPT_PSTAT)
+ AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT)
LIBS="$LIBS -lsec"
AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
;;
AC_DEFINE(LOGIN_NEEDS_UTMPX)
AC_DEFINE(DISABLE_SHADOW)
AC_DEFINE(DISABLE_UTMP)
- AC_DEFINE(SPT_TYPE,SPT_PSTAT)
+ AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT)
LIBS="$LIBS -lsec"
AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
;;
check_for_libcrypt_later=1
AC_DEFINE(DONT_TRY_OTHER_AF)
AC_DEFINE(PAM_TTY_KLUDGE)
+ AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_CLOBBER_ARGV)
+ AC_DEFINE(SETPROCTITLE_PS_PADDING, '\0')
inet6_default_4in6=yes
;;
mips-sony-bsd|mips-sony-newsos4)
AC_DEFINE(LOGIN_NEEDS_UTMPX)
AC_DEFINE(LOGIN_NEEDS_TERM)
AC_DEFINE(PAM_TTY_KLUDGE)
+ AC_DEFINE(STREAMS_PUSH_ACQUIRES_CTTY)
# hardwire lastlog location (can't detect it on some versions)
conf_lastlog_location="/var/adm/lastlog"
AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
do_sco3_extra_lib_check=yes
;;
*-*-sco3.2v5*)
+ if test -z "$GCC"; then
+ CFLAGS="$CFLAGS -belf"
+ fi
CPPFLAGS="$CPPFLAGS -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
LIBS="$LIBS -lprot -lx -ltinfo -lm"
MANTYPE=man
;;
*-*-unicosmk*)
- no_libsocket=1
- no_libnsl=1
AC_DEFINE(USE_PIPES)
AC_DEFINE(DISABLE_FD_PASSING)
LDFLAGS="$LDFLAGS"
MANTYPE=cat
;;
*-*-unicos*)
- no_libsocket=1
- no_libnsl=1
AC_DEFINE(USE_PIPES)
AC_DEFINE(DISABLE_FD_PASSING)
AC_DEFINE(NO_SSH_LASTLOG)
AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_OSF_SIA)
AC_DEFINE(DISABLE_LOGIN)
+ AC_DEFINE(DISABLE_FD_PASSING)
LIBS="$LIBS -lsecurity -ldb -lm -laud"
else
AC_MSG_RESULT(no)
fi
fi
+ AC_DEFINE(DISABLE_FD_PASSING)
;;
*-*-nto-qnx)
# Checks for header files.
AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \
- getopt.h glob.h ia.h lastlog.h limits.h login.h \
+ getopt.h glob.h ia.h lastlog.h libgen.h limits.h login.h \
login_cap.h maillock.h netdb.h netgroup.h \
netinet/in_systm.h paths.h pty.h readpassphrase.h \
rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
- sys/mman.h sys/select.h sys/stat.h \
- sys/stropts.h sys/sysmacros.h sys/time.h \
+ sys/mman.h sys/pstat.h sys/select.h sys/stat.h \
+ sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
sys/un.h time.h tmpdir.h ttyent.h usersec.h \
util.h utime.h utmp.h utmpx.h)
]
)
-dnl Checks for library functions.
-AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \
- clock fchmod fchown freeaddrinfo futimes gai_strerror \
- getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\
- getrlimit getrusage getttyent glob inet_aton inet_ntoa \
- inet_ntop innetgr login_getcapbool md5_crypt memmove \
- mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \
- realpath recvmsg rresvport_af sendmsg setdtablesize setegid \
- setenv seteuid setgroups setlogin setproctitle setresgid setreuid \
- setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \
- socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \
- truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty)
+dnl Checks for library functions. Please keep in alphabetical order
+AC_CHECK_FUNCS(\
+ arc4random __b64_ntop b64_ntop __b64_pton b64_pton basename bcopy \
+ bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
+ gai_strerror getaddrinfo getcwd getgrouplist getnameinfo getopt \
+ getpeereid _getpty getrlimit getrusage getttyent glob inet_aton \
+ inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
+ mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openpty pstat \
+ readpassphrase realpath recvmsg rresvport_af sendmsg setdtablesize \
+ setegid setenv seteuid setgroups setlogin setpcred setproctitle \
+ setresgid setreuid setrlimit setsid setvbuf sigaction sigvec \
+ snprintf socketpair strerror strlcat strlcpy strmode strnvis \
+ sysconf tcgetpgrp truncate utimes vhangup vsnprintf waitpid \
+)
+
+AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
+
+dnl Make sure strsep prototype is defined before defining HAVE_STRSEP
+AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
dnl IRIX and Solaris 2.5.1 have dirname() in libgen
AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
)
fi
+dnl see whether mkstemp() requires XXXXXX
+if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
+AC_MSG_CHECKING([for (overly) strict mkstemp])
+AC_TRY_RUN(
+ [
+#include <stdlib.h>
+main() { char template[]="conftest.mkstemp-test";
+if (mkstemp(template) == -1)
+ exit(1);
+unlink(template); exit(0);
+}
+ ],
+ [
+ AC_MSG_RESULT(no)
+ ],
+ [
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE_STRICT_MKSTEMP)
+ ],
+ [
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE_STRICT_MKSTEMP)
+ ]
+)
+fi
+
AC_FUNC_GETPGRP
# Check for PAM libs
have_struct_timeval=1
fi
-# If we don't have int64_t then we can't compile sftp-server. So don't
-# even attempt to do it.
+AC_CHECK_TYPES(struct timespec)
+
+# We need int64_t or else certian parts of the compile will fail.
if test "x$ac_cv_have_int64_t" = "xno" -a \
"x$ac_cv_sizeof_long_int" != "x8" -a \
"x$ac_cv_sizeof_long_long_int" = "x0" ; then
- NO_SFTP='#'
+ echo "OpenSSH requires int64_t support. Contact your vendor or install"
+ echo "an alternative compiler (I.E., GCC) before continuing."
+ echo ""
+ exit 1;
else
dnl test snprintf (broken on SCO w/gcc)
AC_TRY_RUN(
], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ]
)
fi
-AC_SUBST(NO_SFTP)
dnl Checks for structure members
OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
]
)
+STRIP_OPT=-s
+AC_ARG_ENABLE(strip,
+ [ --disable-strip Disable calling strip(1) on install],
+ [
+ if test "x$enableval" = "xno" ; then
+ STRIP_OPT=
+ fi
+ ]
+)
+AC_SUBST(STRIP_OPT)
+
if test -z "$xauth_path" ; then
XAUTH_PATH="undefined"
AC_SUBST(XAUTH_PATH)
# include <paths.h>
#endif
#ifndef _PATH_STDPATH
-# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
+# ifdef _PATH_USERPATH /* Irix */
+# define _PATH_STDPATH _PATH_USERPATH
+# else
+# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
+# endif
#endif
#include <sys/types.h>
#include <sys/stat.h>
echo ""
fi
-if test ! -z "$NO_SFTP"; then
- echo "sftp-server will be disabled. Your compiler does not "
- echo "support 64bit integers."
- echo ""
-fi
-
if test ! -z "$RAND_HELPER_CMDHASH" ; then
echo "WARNING: you are using the builtin random number collection "
echo "service. Please read WARNING.RNG and request that your OS "
Directions:
+(optional) create config.local in your build dir
./configure [options]
-cd contrib/aix; ./buildbff.sh
+contrib/aix/buildbff.sh
+The file config.local or the environment is read to set the following options
+(default first):
+PERMIT_ROOT_LOGIN=[no|yes]
+X11_FORWARDING=[no|yes]
+AIX_SRC=[no|yes]
Acknowledgements:
and for comparison with the output from this script, however no code
from lppbuild is included and it is not required for operation.
+SRC support based on examples provided by Sandor Sklar and Maarten Kreuger.
+
Other notes:
appropriate). It seems to work, though......
If there are any patches to this that have not yet been integrated they
-may be found at http://www.zip.com.au/~dtucker/openssh/ or
-http://home.usf.advantra.com.au/~dtucker/openssh/.
+may be found at http://www.zip.com.au/~dtucker/openssh/.
Disclaimer:
#
# Tunable configuration settings
-# create a "config.local" in your build directory to override these.
+# create a "config.local" in your build directory or set
+# environment variables to override these.
#
-PERMIT_ROOT_LOGIN=no
-X11_FORWARDING=no
+[ -z "$PERMIT_ROOT_LOGIN" ] || PERMIT_ROOT_LOGIN=no
+[ -z "$X11_FORWARDING" ] || X11_FORWARDING=no
+[ -z "$AIX_SRC" ] || AIX_SRC=no
umask 022
For the full text of the license, see /usr/lpp/openssh/LICENCE
EOD
+#
+# openssh.size file allows filesystem expansion as required
+# generate list of directories containing files
+# then calculate disk usage for each directory and store in openssh.size
+#
+files=`find . -type f -print`
+dirs=`for file in $files; do dirname $file; done | sort -u`
+for dir in $dirs
+do
+ du $dir
+done > ../openssh.size
+
#
# Create postinstall script
#
fi
echo
-# Add to system startup if required
-if grep $sbindir/sshd /etc/rc.tcpip >/dev/null
+# Set startup command depending on SRC support
+if [ "$AIX_SRC" = "yes" ]
+then
+ echo Creating SRC sshd subsystem.
+ rmssys -s sshd 2>&1 >/dev/null
+ mkssys -s sshd -p "$sbindir/sshd" -a '-D' -u 0 -S -n 15 -f 9 -R -G tcpip
+ startupcmd="start $sbindir/sshd \\\"\\\$src_running\\\""
+ oldstartcmd="$sbindir/sshd"
+else
+ startupcmd="$sbindir/sshd"
+ oldstartcmd="start $sbindir/sshd \\\"$src_running\\\""
+fi
+
+# If migrating to or from SRC, change previous startup command
+# otherwise add to rc.tcpip
+if egrep "^\$oldstartcmd" /etc/rc.tcpip >/dev/null
then
- echo "sshd found in rc.tcpip, not adding."
+ if sed "s|^\$oldstartcmd|\$startupcmd|g" /etc/rc.tcpip >/etc/rc.tcpip.new
+ then
+ chmod 0755 /etc/rc.tcpip.new
+ mv /etc/rc.tcpip /etc/rc.tcpip.old && \
+ mv /etc/rc.tcpip.new /etc/rc.tcpip
+ else
+ echo "Updating /etc/rc.tcpip failed, please check."
+ fi
else
- echo >>/etc/rc.tcpip
- echo "echo Starting sshd" >>/etc/rc.tcpip
- echo "$sbindir/sshd" >>/etc/rc.tcpip
+ # Add to system startup if required
+ if grep "^\$startupcmd" /etc/rc.tcpip >/dev/null
+ then
+ echo "sshd found in rc.tcpip, not adding."
+ else
+ echo "Adding sshd to rc.tcpip"
+ echo >>/etc/rc.tcpip
+ echo "# Start sshd" >>/etc/rc.tcpip
+ echo "\$startupcmd" >>/etc/rc.tcpip
+ fi
fi
EOF
echo Creating liblpp.a
(
cd ..
- for i in openssh.al openssh.copyright openssh.inventory openssh.post_i LICENCE README*
+ for i in openssh.al openssh.copyright openssh.inventory openssh.post_i openssh.size LICENCE README*
do
ar -r liblpp.a $i
rm $i
#
# inventory.sh
#
-# Originall written by Ben Lindstrom, modified by Darren Tucker to use perl
+# Originally written by Ben Lindstrom, modified by Darren Tucker to use perl
#
-# This will produced and AIX package inventory file, which looks like:
+# This will produce an AIX package inventory file, which looks like:
#
# /usr/local/bin:
# class=apply,inventory,openssh
#old cvs stuff. please update before use. may be deprecated.
%define use_stable 1
%if %{use_stable}
- %define version 3.5p1
+ %define version 3.6.1p1
%define cvs %{nil}
%define release 2
%else
%Install
[ %{buildroot} != "/" ] && rm -rf %{buildroot}
-%makeinstall
+make install DESTDIR=%{buildroot}
%makeinstall -C %{askpass} \
BINDIR=%{_libexecdir} \
MANPATH=%{_mandir} \
%defattr(-,root,root)
%dir %{_sysconfdir}
%config %{_sysconfdir}/ssh_config
-%{_bindir}/*
+%{_bindir}/scp
+%{_bindir}/sftp
+%{_bindir}/ssh
+%{_bindir}/slogin
+%{_bindir}/ssh-add
+%attr(2755,root,nobody) %{_bindir}/ssh-agent
+%{_bindir}/ssh-keygen
+%{_bindir}/ssh-keyscan
%dir %{_libexecdir}
+%attr(4711,root,root) %{_libexecdir}/ssh-keysign
%{_sbindir}/ssh-host-keygen
%dir %{_defaultdocdir}/%{name}-%{version}
%{_defaultdocdir}/%{name}-%{version}/CREDITS
%{_defaultdocdir}/%{name}-%{version}/TODO
%{_defaultdocdir}/%{name}-%{version}/faq.html
%{_mandir}/man1/*
+%{_mandir}/man8/ssh-keysign.8.gz
+%{_mandir}/man5/ssh_config.5.gz
%Files server
%defattr(-,root,root)
-%dir %attr(0700,root,root) %{_var}/empty/sshd
+%dir %{_var}/empty/sshd
%config %{SVIdir}/sshd
%config /etc/pam.d/sshd
%config %{_sysconfdir}/moduli
%config %{SVIcdir}/sshd
%{_libexecdir}/sftp-server
%{_sbindir}/sshd
+%{_mandir}/man5/sshd_config.5.gz
%{_mandir}/man8/sftp-server.8.gz
%{_mandir}/man8/sshd.8.gz
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
#HostKey ${SYSCONFDIR}/ssh_host_rsa_key
#HostKey ${SYSCONFDIR}/ssh_host_dsa_key
-# Lifetime and size of ephemeral version 1 server ke
+# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768
# Authentication:
-#LoginGraceTime 600
+#LoginGraceTime 120
#PermitRootLogin yes
# The following setting overrides permission checks on host key files
# and directories. For security reasons set this to "yes" when running
#RSAAuthentication yes
#PubkeyAuthentication yes
-#AuthorizedKeysFile %h/.ssh/authorized_keys
+#AuthorizedKeysFile .ssh/authorized_keys
# rhosts authentication should not be used
#RhostsAuthentication no
-# Don't read ~/.rhosts and ~/.shosts files
+# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in ${SYSCONFDIR}/ssh_known_hosts
#RhostsRSAAuthentication no
#KeepAlive yes
#UseLogin no
UsePrivilegeSeparation $privsep_used
+#PermitUserEnvironment no
#Compression yes
#MaxStartups 10
* you don't trust your X server. We grab the keyboard always.
*/
+#define GRAB_TRIES 16
+#define GRAB_WAIT 250 /* milliseconds */
+
/*
* Compile with:
*
- * cc `pkg-config --cflags gtk+-2.0` \
+ * cc -Wall `pkg-config --cflags gtk+-2.0` \
* gnome-ssh-askpass2.c -o gnome-ssh-askpass \
* `pkg-config --libs gtk+-2.0`
*
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
+#include <unistd.h>
#include <X11/Xlib.h>
#include <gtk/gtk.h>
#include <gdk/gdkx.h>
{
const char *failed;
char *passphrase, *local;
- char **messages;
- int result, i, grab_server, grab_pointer;
- GtkWidget *dialog, *entry, *label;
+ int result, grab_tries, grab_server, grab_pointer;
+ GtkWidget *dialog, *entry;
GdkGrabStatus status;
grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL);
+ grab_tries = 0;
dialog = gtk_message_dialog_new(NULL, 0,
GTK_MESSAGE_QUESTION,
/* Grab focus */
gtk_widget_show_now(dialog);
- if (grab_server) {
- gdk_x11_grab_server();
- }
if (grab_pointer) {
- status = gdk_pointer_grab((GTK_WIDGET(dialog))->window, TRUE,
- 0, NULL, NULL, GDK_CURRENT_TIME);
- if (status != GDK_GRAB_SUCCESS) {
- failed = "mouse";
- goto nograb;
+ for(;;) {
+ status = gdk_pointer_grab(
+ (GTK_WIDGET(dialog))->window, TRUE, 0, NULL,
+ NULL, GDK_CURRENT_TIME);
+ if (status == GDK_GRAB_SUCCESS)
+ break;
+ usleep(GRAB_WAIT * 1000);
+ if (++grab_tries > GRAB_TRIES) {
+ failed = "mouse";
+ goto nograb;
+ }
}
}
- status = gdk_keyboard_grab((GTK_WIDGET(dialog))->window, FALSE,
- GDK_CURRENT_TIME);
- if (status != GDK_GRAB_SUCCESS) {
- failed = "keyboard";
- goto nograbkb;
+ for(;;) {
+ status = gdk_keyboard_grab((GTK_WIDGET(dialog))->window,
+ FALSE, GDK_CURRENT_TIME);
+ if (status == GDK_GRAB_SUCCESS)
+ break;
+ usleep(GRAB_WAIT * 1000);
+ if (++grab_tries > GRAB_TRIES) {
+ failed = "keyboard";
+ goto nograbkb;
+ }
}
+ if (grab_server) {
+ gdk_x11_grab_server();
+ }
+
result = gtk_dialog_run(GTK_DIALOG(dialog));
/* Ungrab */
-%define ver 3.5p1
+%define ver 3.6.1p1
%define rel 1
# OpenSSH privilege separation requires a user & group ID
%define scard 0
# Use GTK2 instead of GNOME in gnome-ssh-askpass
-%define gtk2 0
+%define gtk2 1
# Is this build for RHL 6.x?
%define build6x 0
#
# Stripped PRNGd out of it for the time being.
+umask 022
+
CAT=/usr/bin/cat
KILL=/usr/bin/kill
fi
if [ -z "`eval $GET_ID`" ]; then
- echo "$0: ERROR: No identities found"
+ echo "$0: ERROR: No identities found" >&2
+ exit 1
+fi
+
+if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
+ echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2
exit 1
fi
Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
Name: openssh
-Version: 3.5p1
+Version: 3.6.1p1
URL: http://www.openssh.com/
Release: 1
Source0: openssh-%{version}.tar.gz
+/* $OpenBSD: crc32.c,v 1.9 2003/02/12 21:39:50 markus Exp $ */
+
/*
- * COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or
- * code or tables extracted from it, as desired without restriction.
- *
- * First, the polynomial itself and its table of feedback terms. The
- * polynomial is
- * X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0
- *
- * Note that we take it "backwards" and put the highest-order term in
- * the lowest-order bit. The X^32 term is "implied"; the LSB is the
- * X^31 term, etc. The X^0 term (usually shown as "+1") results in
- * the MSB being 1
- *
- * Note that the usual hardware shift register implementation, which
- * is what we're using (we're merely optimizing it by doing eight-bit
- * chunks at a time) shifts bits into the lowest-order term. In our
- * implementation, that means shifting towards the right. Why do we
- * do it this way? Because the calculated CRC must be transmitted in
- * order from highest-order term to lowest-order term. UARTs transmit
- * characters in order from LSB to MSB. By storing the CRC this way
- * we hand it to the UART in the order low-byte to high-byte; the UART
- * sends each low-bit to hight-bit; and the result is transmission bit
- * by bit from highest- to lowest-order term without requiring any bit
- * shuffling on our part. Reception works similarly
- *
- * The feedback terms table consists of 256, 32-bit entries. Notes
+ * Copyright (c) 2003 Markus Friedl. All rights reserved.
*
- * The table can be generated at runtime if desired; code to do so
- * is shown later. It might not be obvious, but the feedback
- * terms simply represent the results of eight shift/xor opera
- * tions for all combinations of data and CRC register values
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
*
- * The values must be right-shifted by eight bits by the "updcrc
- * logic; the shift must be u_(bring in zeroes). On some
- * hardware you could probably optimize the shift in assembler by
- * using byte-swap instructions
- * polynomial $edb88320
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-
-
#include "includes.h"
-RCSID("$OpenBSD: crc32.c,v 1.8 2000/12/19 23:17:56 markus Exp $");
-
#include "crc32.h"
-static u_int crc32_tab[] = {
- 0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, 0x076dc419L,
- 0x706af48fL, 0xe963a535L, 0x9e6495a3L, 0x0edb8832L, 0x79dcb8a4L,
- 0xe0d5e91eL, 0x97d2d988L, 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L,
- 0x90bf1d91L, 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL,
- 0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L, 0x136c9856L,
- 0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL, 0x14015c4fL, 0x63066cd9L,
- 0xfa0f3d63L, 0x8d080df5L, 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L,
- 0xa2677172L, 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL,
- 0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L, 0x32d86ce3L,
- 0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L, 0x26d930acL, 0x51de003aL,
- 0xc8d75180L, 0xbfd06116L, 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L,
- 0xb8bda50fL, 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L,
- 0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL, 0x76dc4190L,
- 0x01db7106L, 0x98d220bcL, 0xefd5102aL, 0x71b18589L, 0x06b6b51fL,
- 0x9fbfe4a5L, 0xe8b8d433L, 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL,
- 0xe10e9818L, 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L,
- 0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL, 0x6c0695edL,
- 0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L, 0x65b0d9c6L, 0x12b7e950L,
- 0x8bbeb8eaL, 0xfcb9887cL, 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L,
- 0xfbd44c65L, 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L,
- 0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL, 0x4369e96aL,
- 0x346ed9fcL, 0xad678846L, 0xda60b8d0L, 0x44042d73L, 0x33031de5L,
- 0xaa0a4c5fL, 0xdd0d7cc9L, 0x5005713cL, 0x270241aaL, 0xbe0b1010L,
- 0xc90c2086L, 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL,
- 0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L, 0x59b33d17L,
- 0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL, 0xedb88320L, 0x9abfb3b6L,
- 0x03b6e20cL, 0x74b1d29aL, 0xead54739L, 0x9dd277afL, 0x04db2615L,
- 0x73dc1683L, 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L,
- 0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L, 0xf00f9344L,
- 0x8708a3d2L, 0x1e01f268L, 0x6906c2feL, 0xf762575dL, 0x806567cbL,
- 0x196c3671L, 0x6e6b06e7L, 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL,
- 0x67dd4accL, 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L,
- 0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L, 0xd1bb67f1L,
- 0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL, 0xd80d2bdaL, 0xaf0a1b4cL,
- 0x36034af6L, 0x41047a60L, 0xdf60efc3L, 0xa867df55L, 0x316e8eefL,
- 0x4669be79L, 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L,
- 0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL, 0xc5ba3bbeL,
- 0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L, 0xc2d7ffa7L, 0xb5d0cf31L,
- 0x2cd99e8bL, 0x5bdeae1dL, 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL,
- 0x026d930aL, 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L,
- 0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L, 0x92d28e9bL,
- 0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L, 0x86d3d2d4L, 0xf1d4e242L,
- 0x68ddb3f8L, 0x1fda836eL, 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L,
- 0x18b74777L, 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL,
- 0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L, 0xa00ae278L,
- 0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L, 0xa7672661L, 0xd06016f7L,
- 0x4969474dL, 0x3e6e77dbL, 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L,
- 0x37d83bf0L, 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L,
- 0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L, 0xbad03605L,
- 0xcdd70693L, 0x54de5729L, 0x23d967bfL, 0xb3667a2eL, 0xc4614ab8L,
- 0x5d681b02L, 0x2a6f2b94L, 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL,
- 0x2d02ef8dL
+static const u_int32_t crc32tab[] = {
+ 0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL,
+ 0x076dc419L, 0x706af48fL, 0xe963a535L, 0x9e6495a3L,
+ 0x0edb8832L, 0x79dcb8a4L, 0xe0d5e91eL, 0x97d2d988L,
+ 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L, 0x90bf1d91L,
+ 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL,
+ 0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L,
+ 0x136c9856L, 0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL,
+ 0x14015c4fL, 0x63066cd9L, 0xfa0f3d63L, 0x8d080df5L,
+ 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L, 0xa2677172L,
+ 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL,
+ 0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L,
+ 0x32d86ce3L, 0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L,
+ 0x26d930acL, 0x51de003aL, 0xc8d75180L, 0xbfd06116L,
+ 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L, 0xb8bda50fL,
+ 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L,
+ 0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL,
+ 0x76dc4190L, 0x01db7106L, 0x98d220bcL, 0xefd5102aL,
+ 0x71b18589L, 0x06b6b51fL, 0x9fbfe4a5L, 0xe8b8d433L,
+ 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL, 0xe10e9818L,
+ 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L,
+ 0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL,
+ 0x6c0695edL, 0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L,
+ 0x65b0d9c6L, 0x12b7e950L, 0x8bbeb8eaL, 0xfcb9887cL,
+ 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L, 0xfbd44c65L,
+ 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L,
+ 0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL,
+ 0x4369e96aL, 0x346ed9fcL, 0xad678846L, 0xda60b8d0L,
+ 0x44042d73L, 0x33031de5L, 0xaa0a4c5fL, 0xdd0d7cc9L,
+ 0x5005713cL, 0x270241aaL, 0xbe0b1010L, 0xc90c2086L,
+ 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL,
+ 0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L,
+ 0x59b33d17L, 0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL,
+ 0xedb88320L, 0x9abfb3b6L, 0x03b6e20cL, 0x74b1d29aL,
+ 0xead54739L, 0x9dd277afL, 0x04db2615L, 0x73dc1683L,
+ 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L,
+ 0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L,
+ 0xf00f9344L, 0x8708a3d2L, 0x1e01f268L, 0x6906c2feL,
+ 0xf762575dL, 0x806567cbL, 0x196c3671L, 0x6e6b06e7L,
+ 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL, 0x67dd4accL,
+ 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L,
+ 0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L,
+ 0xd1bb67f1L, 0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL,
+ 0xd80d2bdaL, 0xaf0a1b4cL, 0x36034af6L, 0x41047a60L,
+ 0xdf60efc3L, 0xa867df55L, 0x316e8eefL, 0x4669be79L,
+ 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L,
+ 0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL,
+ 0xc5ba3bbeL, 0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L,
+ 0xc2d7ffa7L, 0xb5d0cf31L, 0x2cd99e8bL, 0x5bdeae1dL,
+ 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL, 0x026d930aL,
+ 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L,
+ 0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L,
+ 0x92d28e9bL, 0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L,
+ 0x86d3d2d4L, 0xf1d4e242L, 0x68ddb3f8L, 0x1fda836eL,
+ 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L, 0x18b74777L,
+ 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL,
+ 0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L,
+ 0xa00ae278L, 0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L,
+ 0xa7672661L, 0xd06016f7L, 0x4969474dL, 0x3e6e77dbL,
+ 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L, 0x37d83bf0L,
+ 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L,
+ 0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L,
+ 0xbad03605L, 0xcdd70693L, 0x54de5729L, 0x23d967bfL,
+ 0xb3667a2eL, 0xc4614ab8L, 0x5d681b02L, 0x2a6f2b94L,
+ 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL, 0x2d02ef8dL
};
-/* Return a 32-bit CRC of the contents of the buffer. */
-
-u_int
-ssh_crc32(const u_char *s, u_int len)
+u_int32_t
+ssh_crc32(const u_char *buf, u_int32_t size)
{
- u_int i;
- u_int crc32val;
+ u_int32_t i, crc;
- crc32val = 0;
- for (i = 0; i < len; i ++) {
- crc32val = crc32_tab[(crc32val ^ s[i]) & 0xff] ^ (crc32val >> 8);
- }
- return crc32val;
+ crc = 0;
+ for (i = 0; i < size; i++)
+ crc = crc32tab[(crc ^ buf[i]) & 0xff] ^ (crc >> 8);
+ return crc;
}
-/* $OpenBSD: crc32.h,v 1.13 2002/03/04 17:27:39 stevesk Exp $ */
+/* $OpenBSD: crc32.h,v 1.14 2003/02/12 21:39:50 markus Exp $ */
/*
- * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * Copyright (c) 1992 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
- * All rights reserved
- * Functions for computing 32-bit CRC.
+ * Copyright (c) 2003 Markus Friedl. All rights reserved.
*
- * As far as I am concerned, the code I have written for this software
- * can be used freely for any purpose. Any derived versions of this
- * software must be clearly marked as such, and if the derived work is
- * incompatible with the protocol description in the RFC file, it must be
- * called by a name other than "ssh" or "Secure Shell".
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-#ifndef CRC32_H
-#define CRC32_H
-
-u_int ssh_crc32(const u_char *, u_int);
-
-#endif /* CRC32_H */
+#ifndef SSH_CRC32_H
+#define SSH_CRC32_H
+u_int32_t ssh_crc32(const u_char *, u_int32_t);
+#endif
} while (0)
#endif
+#ifndef TIMEVAL_TO_TIMESPEC
+#define TIMEVAL_TO_TIMESPEC(tv, ts) { \
+ (ts)->tv_sec = (tv)->tv_sec; \
+ (ts)->tv_nsec = (tv)->tv_usec * 1000; \
+}
+#endif
+
+#ifndef TIMESPEC_TO_TIMEVAL
+#define TIMESPEC_TO_TIMEVAL(tv, ts) { \
+ (tv)->tv_sec = (ts)->tv_sec; \
+ (tv)->tv_usec = (ts)->tv_nsec / 1000; \
+}
+#endif
+
#ifndef __P
# define __P(x) x
#endif
*/
#include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.22 2002/06/27 08:49:44 markus Exp $");
+RCSID("$OpenBSD: dh.c,v 1.23 2002/11/21 22:22:50 markus Exp $");
#include "xmalloc.h"
for (i = 0; i <= n; i++)
if (BN_is_bit_set(dh_pub, i))
bits_set++;
- debug("bits set: %d/%d", bits_set, BN_num_bits(dh->p));
+ debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p));
/* if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */
if (bits_set > 1 && (BN_cmp(dh_pub, dh->p) == -1))
for (i = 0; i <= BN_num_bits(dh->priv_key); i++)
if (BN_is_bit_set(dh->priv_key, i))
bits_set++;
- debug("dh_gen_key: priv key bits set: %d/%d",
+ debug2("dh_gen_key: priv key bits set: %d/%d",
bits_set, BN_num_bits(dh->priv_key));
if (tries++ > 10)
fatal("dh_gen_key: too many bad keys: giving up");
-#!/usr/bin/perl -w
+#!/bin/sh
#
# fixpaths - substitute makefile variables into text files
+# Usage: fixpaths -Dsomething=somethingelse ...
-
-$usage = "Usage: $0 [-Dstring=replacement] [[infile] ...]\n";
-
-if (!defined(@ARGV)) { die ("$usage"); }
-
-# read in the command line and get some definitions
-while ($_=$ARGV[0], /^-/) {
- if (/^-D/) {
- # definition
- shift(@ARGV);
- if ( /-D(.*)=(.*)/ ) {
- $def{"$1"}=$2;
- } else {
- die ("$usage$0: error in command line arguments.\n");
- }
- } else {
- @cmd = split(//, $ARGV[0]); $opt = $cmd[1];
- die ("$usage$0: unknown option '-$opt'\n");
- }
-} # while parsing arguments
-
-if (!defined(%def)) {
- die ("$0: nothing to do - no substitutions listed!\n");
+die() {
+ echo $*
+ exit -1
}
-for $f (@ARGV) {
+test -n "`echo $1|grep -- -D`" || \
+ die $0: nothing to do - no substitutions listed!
+
+test -n "`echo $1|grep -- '-D[^=]\+=[^ ]\+'`" || \
+ die $0: error in command line arguments.
- $f =~ /(.*\/)*(.*)$/;
+test -n "`echo $*|grep -- ' [^-]'`" || \
+ die Usage: $0 '[-Dstring=replacement] [[infile] ...]'
- open(IN, "<$f") || die ("$0: input file $f missing!\n");
- while (<IN>) {
- for $s (keys(%def)) {
- s#$s#$def{$s}#;
- } # for $s
- print;
- } # while <IN>
-} # for $f
+sed `echo $*|sed -e 's/-D\([^=]\+\)=\([^ ]*\)/-e s=\1=\2=g/g'`
-exit 0;
+exit 0
-/* $OpenBSD: hostfile.h,v 1.12 2002/09/08 20:24:08 markus Exp $ */
+/* $OpenBSD: hostfile.h,v 1.13 2002/11/21 23:03:51 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
} HostStatus;
int hostfile_read_key(char **, u_int *, Key *);
-HostStatus
-check_host_in_hostfile(const char *, const char *, Key *, Key *, int *);
-int add_host_to_hostfile(const char *, const char *, Key *);
-int
-lookup_key_in_hostfile_by_type(const char *, const char *, int , Key *, int *);
+HostStatus check_host_in_hostfile(const char *, const char *,
+ Key *, Key *, int *);
+int add_host_to_hostfile(const char *, const char *, Key *);
+int lookup_key_in_hostfile_by_type(const char *, const char *,
+ int, Key *, int *);
#endif
# include <tmpdir.h>
#endif
+#ifdef HAVE_LIBUTIL_H
+# include <libutil.h> /* Openpty on FreeBSD at least */
+#endif
+
#include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER */
#include "defines.h"
*/
#include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.51 2002/06/24 14:55:38 markus Exp $");
+RCSID("$OpenBSD: kex.c,v 1.55 2003/04/01 10:31:26 markus Exp $");
#include <openssl/crypto.h>
#define KEX_COOKIE_LEN 16
-/* Use privilege separation for sshd */
-int use_privsep;
-struct monitor *pmonitor;
-
-
/* prototype */
static void kex_kexinit_finish(Kex *);
static void kex_choose_conf(Kex *);
/* parse buffer and return algorithm proposal */
static char **
-kex_buf2prop(Buffer *raw)
+kex_buf2prop(Buffer *raw, int *first_kex_follows)
{
Buffer b;
int i;
}
/* first kex follows / reserved */
i = buffer_get_char(&b);
+ if (first_kex_follows != NULL)
+ *first_kex_follows = i;
debug2("kex_parse_kexinit: first_kex_follows %d ", i);
i = buffer_get_int(&b);
debug2("kex_parse_kexinit: reserved %d ", i);
/* packet_write_wait(); */
debug("SSH2_MSG_NEWKEYS sent");
- debug("waiting for SSH2_MSG_NEWKEYS");
+ debug("expecting SSH2_MSG_NEWKEYS");
packet_read_expect(SSH2_MSG_NEWKEYS);
packet_check_eom();
debug("SSH2_MSG_NEWKEYS received");
kex_choose_conf(kex);
- switch (kex->kex_type) {
- case DH_GRP1_SHA1:
- kexdh(kex);
- break;
- case DH_GEX_SHA1:
- kexgex(kex);
- break;
- default:
+ if (kex->kex_type >= 0 && kex->kex_type < KEX_MAX &&
+ kex->kex[kex->kex_type] != NULL) {
+ (kex->kex[kex->kex_type])(kex);
+ } else {
fatal("Unsupported key exchange %d", kex->kex_type);
}
}
if (k->name == NULL)
fatal("no kex alg");
if (strcmp(k->name, KEX_DH1) == 0) {
- k->kex_type = DH_GRP1_SHA1;
+ k->kex_type = KEX_DH_GRP1_SHA1;
} else if (strcmp(k->name, KEX_DHGEX) == 0) {
- k->kex_type = DH_GEX_SHA1;
+ k->kex_type = KEX_DH_GEX_SHA1;
} else
fatal("bad kex alg %s", k->name);
}
xfree(hostkeyalg);
}
+static int
+proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX])
+{
+ static int check[] = {
+ PROPOSAL_KEX_ALGS, PROPOSAL_SERVER_HOST_KEY_ALGS, -1
+ };
+ int *idx;
+ char *p;
+
+ for (idx = &check[0]; *idx != -1; idx++) {
+ if ((p = strchr(my[*idx], ',')) != NULL)
+ *p = '\0';
+ if ((p = strchr(peer[*idx], ',')) != NULL)
+ *p = '\0';
+ if (strcmp(my[*idx], peer[*idx]) != 0) {
+ debug2("proposal mismatch: my %s peer %s",
+ my[*idx], peer[*idx]);
+ return (0);
+ }
+ }
+ debug2("proposals match");
+ return (1);
+}
+
static void
kex_choose_conf(Kex *kex)
{
int mode;
int ctos; /* direction: if true client-to-server */
int need;
+ int first_kex_follows, type;
- my = kex_buf2prop(&kex->my);
- peer = kex_buf2prop(&kex->peer);
+ my = kex_buf2prop(&kex->my, NULL);
+ peer = kex_buf2prop(&kex->peer, &first_kex_follows);
if (kex->server) {
cprop=peer;
/* XXX need runden? */
kex->we_need = need;
+ /* ignore the next message if the proposals do not match */
+ if (first_kex_follows && !proposals_match(my, peer) &&
+ !(datafellows & SSH_BUG_FIRSTKEX)) {
+ type = packet_read();
+ debug2("skipping next packet (type %u)", type);
+ }
+
kex_prop_free(my);
kex_prop_free(peer);
}
for (i = 0; i < NKEYS; i++)
keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret);
- debug("kex_derive_keys");
+ debug2("kex_derive_keys");
for (mode = 0; mode < MODE_MAX; mode++) {
current_keys[mode] = kex->newkeys[mode];
kex->newkeys[mode] = NULL;
-/* $OpenBSD: kex.h,v 1.32 2002/09/09 14:54:14 markus Exp $ */
+/* $OpenBSD: kex.h,v 1.33 2003/02/16 17:09:57 markus Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
};
enum kex_exchange {
- DH_GRP1_SHA1,
- DH_GEX_SHA1
+ KEX_DH_GRP1_SHA1,
+ KEX_DH_GEX_SHA1,
+ KEX_MAX
};
#define KEX_INIT_SENT 0x0001
int (*verify_host_key)(Key *);
Key *(*load_host_key)(int);
int (*host_key_index)(Key *);
+ void (*kex[KEX_MAX])(Kex *);
};
Kex *kex_setup(char *[PROPOSAL_MAX]);
void kex_input_kexinit(int, u_int32_t, void *);
void kex_derive_keys(Kex *, u_char *, BIGNUM *);
-void kexdh(Kex *);
-void kexgex(Kex *);
-
Newkeys *kex_get_newkeys(int);
+void kexdh_client(Kex *);
+void kexdh_server(Kex *);
+void kexgex_client(Kex *);
+void kexgex_server(Kex *);
+
+u_char *
+kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
+ BIGNUM *, BIGNUM *, BIGNUM *);
+u_char *
+kexgex_hash(char *, char *, char *, int, char *, int, u_char *, int,
+ int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *);
+
#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH)
void dump_digest(char *, u_char *, int);
#endif
*/
#include "includes.h"
-RCSID("$OpenBSD: kexdh.c,v 1.18 2002/03/18 17:50:31 provos Exp $");
+RCSID("$OpenBSD: kexdh.c,v 1.19 2003/02/16 17:09:57 markus Exp $");
-#include <openssl/crypto.h>
-#include <openssl/bn.h>
+#include <openssl/evp.h>
-#include "xmalloc.h"
#include "buffer.h"
#include "bufaux.h"
-#include "key.h"
-#include "kex.h"
-#include "log.h"
-#include "packet.h"
-#include "dh.h"
#include "ssh2.h"
-#include "monitor_wrap.h"
+#include "kex.h"
-static u_char *
+u_char *
kex_dh_hash(
char *client_version_string,
char *server_version_string,
#endif
return digest;
}
-
-/* client */
-
-static void
-kexdh_client(Kex *kex)
-{
- BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
- DH *dh;
- Key *server_host_key;
- u_char *server_host_key_blob = NULL, *signature = NULL;
- u_char *kbuf, *hash;
- u_int klen, kout, slen, sbloblen;
-
- /* generate and send 'e', client DH public key */
- dh = dh_new_group1();
- dh_gen_key(dh, kex->we_need * 8);
- packet_start(SSH2_MSG_KEXDH_INIT);
- packet_put_bignum2(dh->pub_key);
- packet_send();
-
- debug("sending SSH2_MSG_KEXDH_INIT");
-#ifdef DEBUG_KEXDH
- DHparams_print_fp(stderr, dh);
- fprintf(stderr, "pub= ");
- BN_print_fp(stderr, dh->pub_key);
- fprintf(stderr, "\n");
-#endif
-
- debug("expecting SSH2_MSG_KEXDH_REPLY");
- packet_read_expect(SSH2_MSG_KEXDH_REPLY);
-
- /* key, cert */
- server_host_key_blob = packet_get_string(&sbloblen);
- server_host_key = key_from_blob(server_host_key_blob, sbloblen);
- if (server_host_key == NULL)
- fatal("cannot decode server_host_key_blob");
- if (server_host_key->type != kex->hostkey_type)
- fatal("type mismatch for decoded server_host_key_blob");
- if (kex->verify_host_key == NULL)
- fatal("cannot verify server_host_key");
- if (kex->verify_host_key(server_host_key) == -1)
- fatal("server_host_key verification failed");
-
- /* DH paramter f, server public DH key */
- if ((dh_server_pub = BN_new()) == NULL)
- fatal("dh_server_pub == NULL");
- packet_get_bignum2(dh_server_pub);
-
-#ifdef DEBUG_KEXDH
- fprintf(stderr, "dh_server_pub= ");
- BN_print_fp(stderr, dh_server_pub);
- fprintf(stderr, "\n");
- debug("bits %d", BN_num_bits(dh_server_pub));
-#endif
-
- /* signed H */
- signature = packet_get_string(&slen);
- packet_check_eom();
-
- if (!dh_pub_is_valid(dh, dh_server_pub))
- packet_disconnect("bad server public DH value");
-
- klen = DH_size(dh);
- kbuf = xmalloc(klen);
- kout = DH_compute_key(kbuf, dh_server_pub, dh);
-#ifdef DEBUG_KEXDH
- dump_digest("shared secret", kbuf, kout);
-#endif
- if ((shared_secret = BN_new()) == NULL)
- fatal("kexdh_client: BN_new failed");
- BN_bin2bn(kbuf, kout, shared_secret);
- memset(kbuf, 0, klen);
- xfree(kbuf);
-
- /* calc and verify H */
- hash = kex_dh_hash(
- kex->client_version_string,
- kex->server_version_string,
- buffer_ptr(&kex->my), buffer_len(&kex->my),
- buffer_ptr(&kex->peer), buffer_len(&kex->peer),
- server_host_key_blob, sbloblen,
- dh->pub_key,
- dh_server_pub,
- shared_secret
- );
- xfree(server_host_key_blob);
- BN_clear_free(dh_server_pub);
- DH_free(dh);
-
- if (key_verify(server_host_key, signature, slen, hash, 20) != 1)
- fatal("key_verify failed for server_host_key");
- key_free(server_host_key);
- xfree(signature);
-
- /* save session id */
- if (kex->session_id == NULL) {
- kex->session_id_len = 20;
- kex->session_id = xmalloc(kex->session_id_len);
- memcpy(kex->session_id, hash, kex->session_id_len);
- }
-
- kex_derive_keys(kex, hash, shared_secret);
- BN_clear_free(shared_secret);
- kex_finish(kex);
-}
-
-/* server */
-
-static void
-kexdh_server(Kex *kex)
-{
- BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
- DH *dh;
- Key *server_host_key;
- u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
- u_int sbloblen, klen, kout;
- u_int slen;
-
- /* generate server DH public key */
- dh = dh_new_group1();
- dh_gen_key(dh, kex->we_need * 8);
-
- debug("expecting SSH2_MSG_KEXDH_INIT");
- packet_read_expect(SSH2_MSG_KEXDH_INIT);
-
- if (kex->load_host_key == NULL)
- fatal("Cannot load hostkey");
- server_host_key = kex->load_host_key(kex->hostkey_type);
- if (server_host_key == NULL)
- fatal("Unsupported hostkey type %d", kex->hostkey_type);
-
- /* key, cert */
- if ((dh_client_pub = BN_new()) == NULL)
- fatal("dh_client_pub == NULL");
- packet_get_bignum2(dh_client_pub);
- packet_check_eom();
-
-#ifdef DEBUG_KEXDH
- fprintf(stderr, "dh_client_pub= ");
- BN_print_fp(stderr, dh_client_pub);
- fprintf(stderr, "\n");
- debug("bits %d", BN_num_bits(dh_client_pub));
-#endif
-
-#ifdef DEBUG_KEXDH
- DHparams_print_fp(stderr, dh);
- fprintf(stderr, "pub= ");
- BN_print_fp(stderr, dh->pub_key);
- fprintf(stderr, "\n");
-#endif
- if (!dh_pub_is_valid(dh, dh_client_pub))
- packet_disconnect("bad client public DH value");
-
- klen = DH_size(dh);
- kbuf = xmalloc(klen);
- kout = DH_compute_key(kbuf, dh_client_pub, dh);
-#ifdef DEBUG_KEXDH
- dump_digest("shared secret", kbuf, kout);
-#endif
- if ((shared_secret = BN_new()) == NULL)
- fatal("kexdh_server: BN_new failed");
- BN_bin2bn(kbuf, kout, shared_secret);
- memset(kbuf, 0, klen);
- xfree(kbuf);
-
- key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);
-
- /* calc H */
- hash = kex_dh_hash(
- kex->client_version_string,
- kex->server_version_string,
- buffer_ptr(&kex->peer), buffer_len(&kex->peer),
- buffer_ptr(&kex->my), buffer_len(&kex->my),
- server_host_key_blob, sbloblen,
- dh_client_pub,
- dh->pub_key,
- shared_secret
- );
- BN_clear_free(dh_client_pub);
-
- /* save session id := H */
- /* XXX hashlen depends on KEX */
- if (kex->session_id == NULL) {
- kex->session_id_len = 20;
- kex->session_id = xmalloc(kex->session_id_len);
- memcpy(kex->session_id, hash, kex->session_id_len);
- }
-
- /* sign H */
- /* XXX hashlen depends on KEX */
- PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20));
-
- /* destroy_sensitive_data(); */
-
- /* send server hostkey, DH pubkey 'f' and singed H */
- packet_start(SSH2_MSG_KEXDH_REPLY);
- packet_put_string(server_host_key_blob, sbloblen);
- packet_put_bignum2(dh->pub_key); /* f */
- packet_put_string(signature, slen);
- packet_send();
-
- xfree(signature);
- xfree(server_host_key_blob);
- /* have keys, free DH */
- DH_free(dh);
-
- kex_derive_keys(kex, hash, shared_secret);
- BN_clear_free(shared_secret);
- kex_finish(kex);
-}
-
-void
-kexdh(Kex *kex)
-{
- if (kex->server)
- kexdh_server(kex);
- else
- kexdh_client(kex);
-}
--- /dev/null
+/*
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+RCSID("$OpenBSD: kexdhc.c,v 1.1 2003/02/16 17:09:57 markus Exp $");
+
+#include "xmalloc.h"
+#include "key.h"
+#include "kex.h"
+#include "log.h"
+#include "packet.h"
+#include "dh.h"
+#include "ssh2.h"
+
+void
+kexdh_client(Kex *kex)
+{
+ BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
+ DH *dh;
+ Key *server_host_key;
+ u_char *server_host_key_blob = NULL, *signature = NULL;
+ u_char *kbuf, *hash;
+ u_int klen, kout, slen, sbloblen;
+
+ /* generate and send 'e', client DH public key */
+ dh = dh_new_group1();
+ dh_gen_key(dh, kex->we_need * 8);
+ packet_start(SSH2_MSG_KEXDH_INIT);
+ packet_put_bignum2(dh->pub_key);
+ packet_send();
+
+ debug("sending SSH2_MSG_KEXDH_INIT");
+#ifdef DEBUG_KEXDH
+ DHparams_print_fp(stderr, dh);
+ fprintf(stderr, "pub= ");
+ BN_print_fp(stderr, dh->pub_key);
+ fprintf(stderr, "\n");
+#endif
+
+ debug("expecting SSH2_MSG_KEXDH_REPLY");
+ packet_read_expect(SSH2_MSG_KEXDH_REPLY);
+
+ /* key, cert */
+ server_host_key_blob = packet_get_string(&sbloblen);
+ server_host_key = key_from_blob(server_host_key_blob, sbloblen);
+ if (server_host_key == NULL)
+ fatal("cannot decode server_host_key_blob");
+ if (server_host_key->type != kex->hostkey_type)
+ fatal("type mismatch for decoded server_host_key_blob");
+ if (kex->verify_host_key == NULL)
+ fatal("cannot verify server_host_key");
+ if (kex->verify_host_key(server_host_key) == -1)
+ fatal("server_host_key verification failed");
+
+ /* DH paramter f, server public DH key */
+ if ((dh_server_pub = BN_new()) == NULL)
+ fatal("dh_server_pub == NULL");
+ packet_get_bignum2(dh_server_pub);
+
+#ifdef DEBUG_KEXDH
+ fprintf(stderr, "dh_server_pub= ");
+ BN_print_fp(stderr, dh_server_pub);
+ fprintf(stderr, "\n");
+ debug("bits %d", BN_num_bits(dh_server_pub));
+#endif
+
+ /* signed H */
+ signature = packet_get_string(&slen);
+ packet_check_eom();
+
+ if (!dh_pub_is_valid(dh, dh_server_pub))
+ packet_disconnect("bad server public DH value");
+
+ klen = DH_size(dh);
+ kbuf = xmalloc(klen);
+ kout = DH_compute_key(kbuf, dh_server_pub, dh);
+#ifdef DEBUG_KEXDH
+ dump_digest("shared secret", kbuf, kout);
+#endif
+ if ((shared_secret = BN_new()) == NULL)
+ fatal("kexdh_client: BN_new failed");
+ BN_bin2bn(kbuf, kout, shared_secret);
+ memset(kbuf, 0, klen);
+ xfree(kbuf);
+
+ /* calc and verify H */
+ hash = kex_dh_hash(
+ kex->client_version_string,
+ kex->server_version_string,
+ buffer_ptr(&kex->my), buffer_len(&kex->my),
+ buffer_ptr(&kex->peer), buffer_len(&kex->peer),
+ server_host_key_blob, sbloblen,
+ dh->pub_key,
+ dh_server_pub,
+ shared_secret
+ );
+ xfree(server_host_key_blob);
+ BN_clear_free(dh_server_pub);
+ DH_free(dh);
+
+ if (key_verify(server_host_key, signature, slen, hash, 20) != 1)
+ fatal("key_verify failed for server_host_key");
+ key_free(server_host_key);
+ xfree(signature);
+
+ /* save session id */
+ if (kex->session_id == NULL) {
+ kex->session_id_len = 20;
+ kex->session_id = xmalloc(kex->session_id_len);
+ memcpy(kex->session_id, hash, kex->session_id_len);
+ }
+
+ kex_derive_keys(kex, hash, shared_secret);
+ BN_clear_free(shared_secret);
+ kex_finish(kex);
+}
--- /dev/null
+/*
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+RCSID("$OpenBSD: kexdhs.c,v 1.1 2003/02/16 17:09:57 markus Exp $");
+
+#include "xmalloc.h"
+#include "key.h"
+#include "kex.h"
+#include "log.h"
+#include "packet.h"
+#include "dh.h"
+#include "ssh2.h"
+#include "monitor_wrap.h"
+
+void
+kexdh_server(Kex *kex)
+{
+ BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
+ DH *dh;
+ Key *server_host_key;
+ u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
+ u_int sbloblen, klen, kout;
+ u_int slen;
+
+ /* generate server DH public key */
+ dh = dh_new_group1();
+ dh_gen_key(dh, kex->we_need * 8);
+
+ debug("expecting SSH2_MSG_KEXDH_INIT");
+ packet_read_expect(SSH2_MSG_KEXDH_INIT);
+
+ if (kex->load_host_key == NULL)
+ fatal("Cannot load hostkey");
+ server_host_key = kex->load_host_key(kex->hostkey_type);
+ if (server_host_key == NULL)
+ fatal("Unsupported hostkey type %d", kex->hostkey_type);
+
+ /* key, cert */
+ if ((dh_client_pub = BN_new()) == NULL)
+ fatal("dh_client_pub == NULL");
+ packet_get_bignum2(dh_client_pub);
+ packet_check_eom();
+
+#ifdef DEBUG_KEXDH
+ fprintf(stderr, "dh_client_pub= ");
+ BN_print_fp(stderr, dh_client_pub);
+ fprintf(stderr, "\n");
+ debug("bits %d", BN_num_bits(dh_client_pub));
+#endif
+
+#ifdef DEBUG_KEXDH
+ DHparams_print_fp(stderr, dh);
+ fprintf(stderr, "pub= ");
+ BN_print_fp(stderr, dh->pub_key);
+ fprintf(stderr, "\n");
+#endif
+ if (!dh_pub_is_valid(dh, dh_client_pub))
+ packet_disconnect("bad client public DH value");
+
+ klen = DH_size(dh);
+ kbuf = xmalloc(klen);
+ kout = DH_compute_key(kbuf, dh_client_pub, dh);
+#ifdef DEBUG_KEXDH
+ dump_digest("shared secret", kbuf, kout);
+#endif
+ if ((shared_secret = BN_new()) == NULL)
+ fatal("kexdh_server: BN_new failed");
+ BN_bin2bn(kbuf, kout, shared_secret);
+ memset(kbuf, 0, klen);
+ xfree(kbuf);
+
+ key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);
+
+ /* calc H */
+ hash = kex_dh_hash(
+ kex->client_version_string,
+ kex->server_version_string,
+ buffer_ptr(&kex->peer), buffer_len(&kex->peer),
+ buffer_ptr(&kex->my), buffer_len(&kex->my),
+ server_host_key_blob, sbloblen,
+ dh_client_pub,
+ dh->pub_key,
+ shared_secret
+ );
+ BN_clear_free(dh_client_pub);
+
+ /* save session id := H */
+ /* XXX hashlen depends on KEX */
+ if (kex->session_id == NULL) {
+ kex->session_id_len = 20;
+ kex->session_id = xmalloc(kex->session_id_len);
+ memcpy(kex->session_id, hash, kex->session_id_len);
+ }
+
+ /* sign H */
+ /* XXX hashlen depends on KEX */
+ PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20));
+
+ /* destroy_sensitive_data(); */
+
+ /* send server hostkey, DH pubkey 'f' and singed H */
+ packet_start(SSH2_MSG_KEXDH_REPLY);
+ packet_put_string(server_host_key_blob, sbloblen);
+ packet_put_bignum2(dh->pub_key); /* f */
+ packet_put_string(signature, slen);
+ packet_send();
+
+ xfree(signature);
+ xfree(server_host_key_blob);
+ /* have keys, free DH */
+ DH_free(dh);
+
+ kex_derive_keys(kex, hash, shared_secret);
+ BN_clear_free(shared_secret);
+ kex_finish(kex);
+}
*/
#include "includes.h"
-RCSID("$OpenBSD: kexgex.c,v 1.22 2002/03/24 17:27:03 stevesk Exp $");
+RCSID("$OpenBSD: kexgex.c,v 1.23 2003/02/16 17:09:57 markus Exp $");
-#include <openssl/bn.h>
+#include <openssl/evp.h>
-#include "xmalloc.h"
#include "buffer.h"
#include "bufaux.h"
-#include "key.h"
#include "kex.h"
-#include "log.h"
-#include "packet.h"
-#include "dh.h"
#include "ssh2.h"
-#include "compat.h"
-#include "monitor_wrap.h"
-static u_char *
+u_char *
kexgex_hash(
char *client_version_string,
char *server_version_string,
#endif
return digest;
}
-
-/* client */
-
-static void
-kexgex_client(Kex *kex)
-{
- BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
- BIGNUM *p = NULL, *g = NULL;
- Key *server_host_key;
- u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
- u_int klen, kout, slen, sbloblen;
- int min, max, nbits;
- DH *dh;
-
- nbits = dh_estimate(kex->we_need * 8);
-
- if (datafellows & SSH_OLD_DHGEX) {
- debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD sent");
-
- /* Old GEX request */
- packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST_OLD);
- packet_put_int(nbits);
- min = DH_GRP_MIN;
- max = DH_GRP_MAX;
- } else {
- debug("SSH2_MSG_KEX_DH_GEX_REQUEST sent");
-
- /* New GEX request */
- min = DH_GRP_MIN;
- max = DH_GRP_MAX;
- packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST);
- packet_put_int(min);
- packet_put_int(nbits);
- packet_put_int(max);
- }
-#ifdef DEBUG_KEXDH
- fprintf(stderr, "\nmin = %d, nbits = %d, max = %d\n",
- min, nbits, max);
-#endif
- packet_send();
-
- debug("expecting SSH2_MSG_KEX_DH_GEX_GROUP");
- packet_read_expect(SSH2_MSG_KEX_DH_GEX_GROUP);
-
- if ((p = BN_new()) == NULL)
- fatal("BN_new");
- packet_get_bignum2(p);
- if ((g = BN_new()) == NULL)
- fatal("BN_new");
- packet_get_bignum2(g);
- packet_check_eom();
-
- if (BN_num_bits(p) < min || BN_num_bits(p) > max)
- fatal("DH_GEX group out of range: %d !< %d !< %d",
- min, BN_num_bits(p), max);
-
- dh = dh_new_group(g, p);
- dh_gen_key(dh, kex->we_need * 8);
-
-#ifdef DEBUG_KEXDH
- DHparams_print_fp(stderr, dh);
- fprintf(stderr, "pub= ");
- BN_print_fp(stderr, dh->pub_key);
- fprintf(stderr, "\n");
-#endif
-
- debug("SSH2_MSG_KEX_DH_GEX_INIT sent");
- /* generate and send 'e', client DH public key */
- packet_start(SSH2_MSG_KEX_DH_GEX_INIT);
- packet_put_bignum2(dh->pub_key);
- packet_send();
-
- debug("expecting SSH2_MSG_KEX_DH_GEX_REPLY");
- packet_read_expect(SSH2_MSG_KEX_DH_GEX_REPLY);
-
- /* key, cert */
- server_host_key_blob = packet_get_string(&sbloblen);
- server_host_key = key_from_blob(server_host_key_blob, sbloblen);
- if (server_host_key == NULL)
- fatal("cannot decode server_host_key_blob");
- if (server_host_key->type != kex->hostkey_type)
- fatal("type mismatch for decoded server_host_key_blob");
- if (kex->verify_host_key == NULL)
- fatal("cannot verify server_host_key");
- if (kex->verify_host_key(server_host_key) == -1)
- fatal("server_host_key verification failed");
-
- /* DH paramter f, server public DH key */
- if ((dh_server_pub = BN_new()) == NULL)
- fatal("dh_server_pub == NULL");
- packet_get_bignum2(dh_server_pub);
-
-#ifdef DEBUG_KEXDH
- fprintf(stderr, "dh_server_pub= ");
- BN_print_fp(stderr, dh_server_pub);
- fprintf(stderr, "\n");
- debug("bits %d", BN_num_bits(dh_server_pub));
-#endif
-
- /* signed H */
- signature = packet_get_string(&slen);
- packet_check_eom();
-
- if (!dh_pub_is_valid(dh, dh_server_pub))
- packet_disconnect("bad server public DH value");
-
- klen = DH_size(dh);
- kbuf = xmalloc(klen);
- kout = DH_compute_key(kbuf, dh_server_pub, dh);
-#ifdef DEBUG_KEXDH
- dump_digest("shared secret", kbuf, kout);
-#endif
- if ((shared_secret = BN_new()) == NULL)
- fatal("kexgex_client: BN_new failed");
- BN_bin2bn(kbuf, kout, shared_secret);
- memset(kbuf, 0, klen);
- xfree(kbuf);
-
- if (datafellows & SSH_OLD_DHGEX)
- min = max = -1;
-
- /* calc and verify H */
- hash = kexgex_hash(
- kex->client_version_string,
- kex->server_version_string,
- buffer_ptr(&kex->my), buffer_len(&kex->my),
- buffer_ptr(&kex->peer), buffer_len(&kex->peer),
- server_host_key_blob, sbloblen,
- min, nbits, max,
- dh->p, dh->g,
- dh->pub_key,
- dh_server_pub,
- shared_secret
- );
- /* have keys, free DH */
- DH_free(dh);
- xfree(server_host_key_blob);
- BN_clear_free(dh_server_pub);
-
- if (key_verify(server_host_key, signature, slen, hash, 20) != 1)
- fatal("key_verify failed for server_host_key");
- key_free(server_host_key);
- xfree(signature);
-
- /* save session id */
- if (kex->session_id == NULL) {
- kex->session_id_len = 20;
- kex->session_id = xmalloc(kex->session_id_len);
- memcpy(kex->session_id, hash, kex->session_id_len);
- }
- kex_derive_keys(kex, hash, shared_secret);
- BN_clear_free(shared_secret);
-
- kex_finish(kex);
-}
-
-/* server */
-
-static void
-kexgex_server(Kex *kex)
-{
- BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
- Key *server_host_key;
- DH *dh;
- u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
- u_int sbloblen, klen, kout, slen;
- int min = -1, max = -1, nbits = -1, type;
-
- if (kex->load_host_key == NULL)
- fatal("Cannot load hostkey");
- server_host_key = kex->load_host_key(kex->hostkey_type);
- if (server_host_key == NULL)
- fatal("Unsupported hostkey type %d", kex->hostkey_type);
-
- type = packet_read();
- switch (type) {
- case SSH2_MSG_KEX_DH_GEX_REQUEST:
- debug("SSH2_MSG_KEX_DH_GEX_REQUEST received");
- min = packet_get_int();
- nbits = packet_get_int();
- max = packet_get_int();
- min = MAX(DH_GRP_MIN, min);
- max = MIN(DH_GRP_MAX, max);
- break;
- case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD:
- debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received");
- nbits = packet_get_int();
- min = DH_GRP_MIN;
- max = DH_GRP_MAX;
- /* unused for old GEX */
- break;
- default:
- fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type);
- }
- packet_check_eom();
-
- if (max < min || nbits < min || max < nbits)
- fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d",
- min, nbits, max);
-
- /* Contact privileged parent */
- dh = PRIVSEP(choose_dh(min, nbits, max));
- if (dh == NULL)
- packet_disconnect("Protocol error: no matching DH grp found");
-
- debug("SSH2_MSG_KEX_DH_GEX_GROUP sent");
- packet_start(SSH2_MSG_KEX_DH_GEX_GROUP);
- packet_put_bignum2(dh->p);
- packet_put_bignum2(dh->g);
- packet_send();
-
- /* flush */
- packet_write_wait();
-
- /* Compute our exchange value in parallel with the client */
- dh_gen_key(dh, kex->we_need * 8);
-
- debug("expecting SSH2_MSG_KEX_DH_GEX_INIT");
- packet_read_expect(SSH2_MSG_KEX_DH_GEX_INIT);
-
- /* key, cert */
- if ((dh_client_pub = BN_new()) == NULL)
- fatal("dh_client_pub == NULL");
- packet_get_bignum2(dh_client_pub);
- packet_check_eom();
-
-#ifdef DEBUG_KEXDH
- fprintf(stderr, "dh_client_pub= ");
- BN_print_fp(stderr, dh_client_pub);
- fprintf(stderr, "\n");
- debug("bits %d", BN_num_bits(dh_client_pub));
-#endif
-
-#ifdef DEBUG_KEXDH
- DHparams_print_fp(stderr, dh);
- fprintf(stderr, "pub= ");
- BN_print_fp(stderr, dh->pub_key);
- fprintf(stderr, "\n");
-#endif
- if (!dh_pub_is_valid(dh, dh_client_pub))
- packet_disconnect("bad client public DH value");
-
- klen = DH_size(dh);
- kbuf = xmalloc(klen);
- kout = DH_compute_key(kbuf, dh_client_pub, dh);
-#ifdef DEBUG_KEXDH
- dump_digest("shared secret", kbuf, kout);
-#endif
- if ((shared_secret = BN_new()) == NULL)
- fatal("kexgex_server: BN_new failed");
- BN_bin2bn(kbuf, kout, shared_secret);
- memset(kbuf, 0, klen);
- xfree(kbuf);
-
- key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);
-
- if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD)
- min = max = -1;
-
- /* calc H */ /* XXX depends on 'kex' */
- hash = kexgex_hash(
- kex->client_version_string,
- kex->server_version_string,
- buffer_ptr(&kex->peer), buffer_len(&kex->peer),
- buffer_ptr(&kex->my), buffer_len(&kex->my),
- server_host_key_blob, sbloblen,
- min, nbits, max,
- dh->p, dh->g,
- dh_client_pub,
- dh->pub_key,
- shared_secret
- );
- BN_clear_free(dh_client_pub);
-
- /* save session id := H */
- /* XXX hashlen depends on KEX */
- if (kex->session_id == NULL) {
- kex->session_id_len = 20;
- kex->session_id = xmalloc(kex->session_id_len);
- memcpy(kex->session_id, hash, kex->session_id_len);
- }
-
- /* sign H */
- /* XXX hashlen depends on KEX */
- PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20));
-
- /* destroy_sensitive_data(); */
-
- /* send server hostkey, DH pubkey 'f' and singed H */
- debug("SSH2_MSG_KEX_DH_GEX_REPLY sent");
- packet_start(SSH2_MSG_KEX_DH_GEX_REPLY);
- packet_put_string(server_host_key_blob, sbloblen);
- packet_put_bignum2(dh->pub_key); /* f */
- packet_put_string(signature, slen);
- packet_send();
-
- xfree(signature);
- xfree(server_host_key_blob);
- /* have keys, free DH */
- DH_free(dh);
-
- kex_derive_keys(kex, hash, shared_secret);
- BN_clear_free(shared_secret);
-
- kex_finish(kex);
-}
-
-void
-kexgex(Kex *kex)
-{
- if (kex->server)
- kexgex_server(kex);
- else
- kexgex_client(kex);
-}
--- /dev/null
+/*
+ * Copyright (c) 2000 Niels Provos. All rights reserved.
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+RCSID("$OpenBSD: kexgexc.c,v 1.1 2003/02/16 17:09:57 markus Exp $");
+
+#include "xmalloc.h"
+#include "key.h"
+#include "kex.h"
+#include "log.h"
+#include "packet.h"
+#include "dh.h"
+#include "ssh2.h"
+#include "compat.h"
+
+void
+kexgex_client(Kex *kex)
+{
+ BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
+ BIGNUM *p = NULL, *g = NULL;
+ Key *server_host_key;
+ u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
+ u_int klen, kout, slen, sbloblen;
+ int min, max, nbits;
+ DH *dh;
+
+ nbits = dh_estimate(kex->we_need * 8);
+
+ if (datafellows & SSH_OLD_DHGEX) {
+ debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD sent");
+
+ /* Old GEX request */
+ packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST_OLD);
+ packet_put_int(nbits);
+ min = DH_GRP_MIN;
+ max = DH_GRP_MAX;
+ } else {
+ debug("SSH2_MSG_KEX_DH_GEX_REQUEST sent");
+
+ /* New GEX request */
+ min = DH_GRP_MIN;
+ max = DH_GRP_MAX;
+ packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST);
+ packet_put_int(min);
+ packet_put_int(nbits);
+ packet_put_int(max);
+ }
+#ifdef DEBUG_KEXDH
+ fprintf(stderr, "\nmin = %d, nbits = %d, max = %d\n",
+ min, nbits, max);
+#endif
+ packet_send();
+
+ debug("expecting SSH2_MSG_KEX_DH_GEX_GROUP");
+ packet_read_expect(SSH2_MSG_KEX_DH_GEX_GROUP);
+
+ if ((p = BN_new()) == NULL)
+ fatal("BN_new");
+ packet_get_bignum2(p);
+ if ((g = BN_new()) == NULL)
+ fatal("BN_new");
+ packet_get_bignum2(g);
+ packet_check_eom();
+
+ if (BN_num_bits(p) < min || BN_num_bits(p) > max)
+ fatal("DH_GEX group out of range: %d !< %d !< %d",
+ min, BN_num_bits(p), max);
+
+ dh = dh_new_group(g, p);
+ dh_gen_key(dh, kex->we_need * 8);
+
+#ifdef DEBUG_KEXDH
+ DHparams_print_fp(stderr, dh);
+ fprintf(stderr, "pub= ");
+ BN_print_fp(stderr, dh->pub_key);
+ fprintf(stderr, "\n");
+#endif
+
+ debug("SSH2_MSG_KEX_DH_GEX_INIT sent");
+ /* generate and send 'e', client DH public key */
+ packet_start(SSH2_MSG_KEX_DH_GEX_INIT);
+ packet_put_bignum2(dh->pub_key);
+ packet_send();
+
+ debug("expecting SSH2_MSG_KEX_DH_GEX_REPLY");
+ packet_read_expect(SSH2_MSG_KEX_DH_GEX_REPLY);
+
+ /* key, cert */
+ server_host_key_blob = packet_get_string(&sbloblen);
+ server_host_key = key_from_blob(server_host_key_blob, sbloblen);
+ if (server_host_key == NULL)
+ fatal("cannot decode server_host_key_blob");
+ if (server_host_key->type != kex->hostkey_type)
+ fatal("type mismatch for decoded server_host_key_blob");
+ if (kex->verify_host_key == NULL)
+ fatal("cannot verify server_host_key");
+ if (kex->verify_host_key(server_host_key) == -1)
+ fatal("server_host_key verification failed");
+
+ /* DH paramter f, server public DH key */
+ if ((dh_server_pub = BN_new()) == NULL)
+ fatal("dh_server_pub == NULL");
+ packet_get_bignum2(dh_server_pub);
+
+#ifdef DEBUG_KEXDH
+ fprintf(stderr, "dh_server_pub= ");
+ BN_print_fp(stderr, dh_server_pub);
+ fprintf(stderr, "\n");
+ debug("bits %d", BN_num_bits(dh_server_pub));
+#endif
+
+ /* signed H */
+ signature = packet_get_string(&slen);
+ packet_check_eom();
+
+ if (!dh_pub_is_valid(dh, dh_server_pub))
+ packet_disconnect("bad server public DH value");
+
+ klen = DH_size(dh);
+ kbuf = xmalloc(klen);
+ kout = DH_compute_key(kbuf, dh_server_pub, dh);
+#ifdef DEBUG_KEXDH
+ dump_digest("shared secret", kbuf, kout);
+#endif
+ if ((shared_secret = BN_new()) == NULL)
+ fatal("kexgex_client: BN_new failed");
+ BN_bin2bn(kbuf, kout, shared_secret);
+ memset(kbuf, 0, klen);
+ xfree(kbuf);
+
+ if (datafellows & SSH_OLD_DHGEX)
+ min = max = -1;
+
+ /* calc and verify H */
+ hash = kexgex_hash(
+ kex->client_version_string,
+ kex->server_version_string,
+ buffer_ptr(&kex->my), buffer_len(&kex->my),
+ buffer_ptr(&kex->peer), buffer_len(&kex->peer),
+ server_host_key_blob, sbloblen,
+ min, nbits, max,
+ dh->p, dh->g,
+ dh->pub_key,
+ dh_server_pub,
+ shared_secret
+ );
+ /* have keys, free DH */
+ DH_free(dh);
+ xfree(server_host_key_blob);
+ BN_clear_free(dh_server_pub);
+
+ if (key_verify(server_host_key, signature, slen, hash, 20) != 1)
+ fatal("key_verify failed for server_host_key");
+ key_free(server_host_key);
+ xfree(signature);
+
+ /* save session id */
+ if (kex->session_id == NULL) {
+ kex->session_id_len = 20;
+ kex->session_id = xmalloc(kex->session_id_len);
+ memcpy(kex->session_id, hash, kex->session_id_len);
+ }
+ kex_derive_keys(kex, hash, shared_secret);
+ BN_clear_free(shared_secret);
+
+ kex_finish(kex);
+}
--- /dev/null
+/*
+ * Copyright (c) 2000 Niels Provos. All rights reserved.
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+RCSID("$OpenBSD: kexgexs.c,v 1.1 2003/02/16 17:09:57 markus Exp $");
+
+#include "xmalloc.h"
+#include "key.h"
+#include "kex.h"
+#include "log.h"
+#include "packet.h"
+#include "dh.h"
+#include "ssh2.h"
+#include "compat.h"
+#include "monitor_wrap.h"
+
+void
+kexgex_server(Kex *kex)
+{
+ BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
+ Key *server_host_key;
+ DH *dh;
+ u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
+ u_int sbloblen, klen, kout, slen;
+ int min = -1, max = -1, nbits = -1, type;
+
+ if (kex->load_host_key == NULL)
+ fatal("Cannot load hostkey");
+ server_host_key = kex->load_host_key(kex->hostkey_type);
+ if (server_host_key == NULL)
+ fatal("Unsupported hostkey type %d", kex->hostkey_type);
+
+ type = packet_read();
+ switch (type) {
+ case SSH2_MSG_KEX_DH_GEX_REQUEST:
+ debug("SSH2_MSG_KEX_DH_GEX_REQUEST received");
+ min = packet_get_int();
+ nbits = packet_get_int();
+ max = packet_get_int();
+ min = MAX(DH_GRP_MIN, min);
+ max = MIN(DH_GRP_MAX, max);
+ break;
+ case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD:
+ debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received");
+ nbits = packet_get_int();
+ min = DH_GRP_MIN;
+ max = DH_GRP_MAX;
+ /* unused for old GEX */
+ break;
+ default:
+ fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type);
+ }
+ packet_check_eom();
+
+ if (max < min || nbits < min || max < nbits)
+ fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d",
+ min, nbits, max);
+
+ /* Contact privileged parent */
+ dh = PRIVSEP(choose_dh(min, nbits, max));
+ if (dh == NULL)
+ packet_disconnect("Protocol error: no matching DH grp found");
+
+ debug("SSH2_MSG_KEX_DH_GEX_GROUP sent");
+ packet_start(SSH2_MSG_KEX_DH_GEX_GROUP);
+ packet_put_bignum2(dh->p);
+ packet_put_bignum2(dh->g);
+ packet_send();
+
+ /* flush */
+ packet_write_wait();
+
+ /* Compute our exchange value in parallel with the client */
+ dh_gen_key(dh, kex->we_need * 8);
+
+ debug("expecting SSH2_MSG_KEX_DH_GEX_INIT");
+ packet_read_expect(SSH2_MSG_KEX_DH_GEX_INIT);
+
+ /* key, cert */
+ if ((dh_client_pub = BN_new()) == NULL)
+ fatal("dh_client_pub == NULL");
+ packet_get_bignum2(dh_client_pub);
+ packet_check_eom();
+
+#ifdef DEBUG_KEXDH
+ fprintf(stderr, "dh_client_pub= ");
+ BN_print_fp(stderr, dh_client_pub);
+ fprintf(stderr, "\n");
+ debug("bits %d", BN_num_bits(dh_client_pub));
+#endif
+
+#ifdef DEBUG_KEXDH
+ DHparams_print_fp(stderr, dh);
+ fprintf(stderr, "pub= ");
+ BN_print_fp(stderr, dh->pub_key);
+ fprintf(stderr, "\n");
+#endif
+ if (!dh_pub_is_valid(dh, dh_client_pub))
+ packet_disconnect("bad client public DH value");
+
+ klen = DH_size(dh);
+ kbuf = xmalloc(klen);
+ kout = DH_compute_key(kbuf, dh_client_pub, dh);
+#ifdef DEBUG_KEXDH
+ dump_digest("shared secret", kbuf, kout);
+#endif
+ if ((shared_secret = BN_new()) == NULL)
+ fatal("kexgex_server: BN_new failed");
+ BN_bin2bn(kbuf, kout, shared_secret);
+ memset(kbuf, 0, klen);
+ xfree(kbuf);
+
+ key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);
+
+ if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD)
+ min = max = -1;
+
+ /* calc H */ /* XXX depends on 'kex' */
+ hash = kexgex_hash(
+ kex->client_version_string,
+ kex->server_version_string,
+ buffer_ptr(&kex->peer), buffer_len(&kex->peer),
+ buffer_ptr(&kex->my), buffer_len(&kex->my),
+ server_host_key_blob, sbloblen,
+ min, nbits, max,
+ dh->p, dh->g,
+ dh_client_pub,
+ dh->pub_key,
+ shared_secret
+ );
+ BN_clear_free(dh_client_pub);
+
+ /* save session id := H */
+ /* XXX hashlen depends on KEX */
+ if (kex->session_id == NULL) {
+ kex->session_id_len = 20;
+ kex->session_id = xmalloc(kex->session_id_len);
+ memcpy(kex->session_id, hash, kex->session_id_len);
+ }
+
+ /* sign H */
+ /* XXX hashlen depends on KEX */
+ PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20));
+
+ /* destroy_sensitive_data(); */
+
+ /* send server hostkey, DH pubkey 'f' and singed H */
+ debug("SSH2_MSG_KEX_DH_GEX_REPLY sent");
+ packet_start(SSH2_MSG_KEX_DH_GEX_REPLY);
+ packet_put_string(server_host_key_blob, sbloblen);
+ packet_put_bignum2(dh->pub_key); /* f */
+ packet_put_string(signature, slen);
+ packet_send();
+
+ xfree(signature);
+ xfree(server_host_key_blob);
+ /* have keys, free DH */
+ DH_free(dh);
+
+ kex_derive_keys(kex, hash, shared_secret);
+ BN_clear_free(shared_secret);
+
+ kex_finish(kex);
+}
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: key.c,v 1.49 2002/09/09 14:54:14 markus Exp $");
+RCSID("$OpenBSD: key.c,v 1.51 2003/02/12 09:33:04 markus Exp $");
#include <openssl/evp.h>
#include "xmalloc.h"
#include "key.h"
#include "rsa.h"
-#include "ssh-dss.h"
-#include "ssh-rsa.h"
#include "uuencode.h"
#include "buffer.h"
#include "bufaux.h"
case KEY_DSA:
space = strchr(cp, ' ');
if (space == NULL) {
- debug3("key_read: no space");
+ debug3("key_read: missing whitespace");
return -1;
}
*space = '\0';
type = key_type_from_name(cp);
*space = ' ';
if (type == KEY_UNSPEC) {
- debug3("key_read: no key found");
+ debug3("key_read: missing keytype");
return -1;
}
cp = space+1;
-/* $OpenBSD: key.h,v 1.19 2002/03/18 17:23:31 markus Exp $ */
+/* $OpenBSD: key.h,v 1.20 2003/02/12 09:33:04 markus Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
int key_sign(Key *, u_char **, u_int *, u_char *, u_int);
int key_verify(Key *, u_char *, u_int, u_char *, u_int);
+int ssh_dss_sign(Key *, u_char **, u_int *, u_char *, u_int);
+int ssh_dss_verify(Key *, u_char *, u_int, u_char *, u_int);
+int ssh_rsa_sign(Key *, u_char **, u_int *, u_char *, u_int);
+int ssh_rsa_verify(Key *, u_char *, u_int, u_char *, u_int);
+
#endif
*/
#include "includes.h"
-RCSID("$OpenBSD: log.c,v 1.24 2002/07/19 15:43:33 markus Exp $");
+RCSID("$OpenBSD: log.c,v 1.25 2003/01/11 18:29:43 markus Exp $");
#include "log.h"
#include "xmalloc.h"
next_cu = cu->next;
xfree(cu);
}
+ fatal_cleanups = NULL;
}
/* Cleanup and exit */
} else {
vsnprintf(msgbuf, sizeof(msgbuf), fmt, args);
}
+ /* Escape magic chars in output. */
+ strnvis(fmtbuf, msgbuf, sizeof(fmtbuf), VIS_OCTAL);
+
if (log_on_stderr) {
- fprintf(stderr, "%s\r\n", msgbuf);
+ fprintf(stderr, "%s\r\n", fmtbuf);
} else {
openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility);
- syslog(pri, "%.500s", msgbuf);
+ syslog(pri, "%.500s", fmtbuf);
closelog();
}
}
construct_utmp(struct logininfo *li,
struct utmp *ut)
{
+# ifdef HAVE_ADDR_V6_IN_UTMP
+ struct sockaddr_in6 *sa6;
+# endif
memset(ut, '\0', sizeof(*ut));
/* First fill out fields used for both logins and logouts */
if (li->hostaddr.sa.sa_family == AF_INET)
ut->ut_addr = li->hostaddr.sa_in.sin_addr.s_addr;
# endif
+# ifdef HAVE_ADDR_V6_IN_UTMP
+ /* this is just a 128-bit IPv6 address */
+ if (li->hostaddr.sa.sa_family == AF_INET6) {
+ sa6 = ((struct sockaddr_in6 *)&li->hostaddr.sa);
+ memcpy(ut->ut_addr_v6, sa6->sin6_addr.s6_addr, 16);
+ if (IN6_IS_ADDR_V4MAPPED(&sa6->sin6_addr)) {
+ ut->ut_addr_v6[0] = ut->ut_addr_v6[3];
+ ut->ut_addr_v6[1] = 0;
+ ut->ut_addr_v6[2] = 0;
+ ut->ut_addr_v6[3] = 0;
+ }
+ }
+# endif
}
#endif /* USE_UTMP || USE_WTMP || USE_LOGIN */
void
construct_utmpx(struct logininfo *li, struct utmpx *utx)
{
+# ifdef HAVE_ADDR_V6_IN_UTMP
+ struct sockaddr_in6 *sa6;
+# endif
memset(utx, '\0', sizeof(*utx));
# ifdef HAVE_ID_IN_UTMPX
line_abbrevname(utx->ut_id, li->line, sizeof(utx->ut_id));
if (li->hostaddr.sa.sa_family == AF_INET)
utx->ut_addr = li->hostaddr.sa_in.sin_addr.s_addr;
# endif
+# ifdef HAVE_ADDR_V6_IN_UTMP
+ /* this is just a 128-bit IPv6 address */
+ if (li->hostaddr.sa.sa_family == AF_INET6) {
+ sa6 = ((struct sockaddr_in6 *)&li->hostaddr.sa);
+ memcpy(ut->ut_addr_v6, sa6->sin6_addr.s6_addr, 16);
+ if (IN6_IS_ADDR_V4MAPPED(&sa6->sin6_addr)) {
+ ut->ut_addr_v6[0] = ut->ut_addr_v6[3];
+ ut->ut_addr_v6[1] = 0;
+ ut->ut_addr_v6[2] = 0;
+ ut->ut_addr_v6[3] = 0;
+ }
+ }
+# endif
# ifdef HAVE_SYSLEN_IN_UTMPX
/* ut_syslen is the length of the utx_host string */
utx->ut_syslen = MIN(strlen(li->hostname), sizeof(utx->ut_host));
}
construct_utmp(li, ut);
login(ut);
+ free(ut);
return 1;
}
lastlog_get_entry(struct logininfo *li)
{
struct lastlog last;
- int fd;
+ int fd, ret;
if (!lastlog_openseek(li, &fd, O_RDONLY))
- return 0;
-
- if (atomicio(read, fd, &last, sizeof(last)) != sizeof(last)) {
- close(fd);
- log("lastlog_get_entry: Error reading from %s: %s",
- LASTLOG_FILE, strerror(errno));
- return 0;
- }
+ return (0);
+ ret = atomicio(read, fd, &last, sizeof(last));
close(fd);
- lastlog_populate_entry(li, &last);
+ switch (ret) {
+ case 0:
+ memset(&last, '\0', sizeof(last));
+ /* FALLTHRU */
+ case sizeof(last):
+ lastlog_populate_entry(li, &last);
+ return (1);
+ case -1:
+ error("%s: Error reading from %s: %s", __func__,
+ LASTLOG_FILE, strerror(errno));
+ return (0);
+ default:
+ error("%s: Error reading from %s: Expecting %d, got %d",
+ __func__, LASTLOG_FILE, sizeof(last), ret);
+ return (0);
+ }
- return 1;
+ /* NOTREACHED */
+ return (0);
}
#endif /* USE_LASTLOG */
*/
#include "includes.h"
-RCSID("$OpenBSD: misc.c,v 1.19 2002/03/04 17:27:39 stevesk Exp $");
+RCSID("$OpenBSD: misc.c,v 1.20 2002/12/13 10:03:15 markus Exp $");
#include "misc.h"
#include "log.h"
return;
}
opt = 1;
- debug("fd %d setting TCP_NODELAY", fd);
+ debug2("fd %d setting TCP_NODELAY", fd);
if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof opt) == -1)
error("setsockopt TCP_NODELAY: %.100s", strerror(errno));
}
*/
#include "includes.h"
-RCSID("$OpenBSD: monitor.c,v 1.29 2002/09/26 11:38:43 markus Exp $");
+RCSID("$OpenBSD: monitor.c,v 1.36 2003/04/01 10:22:21 markus Exp $");
#include <openssl/dh.h>
u_int numprompts;
u_int *echo_on;
char **prompts;
- int res;
+ u_int success;
- res = bsdauth_query(authctxt, &name, &infotxt, &numprompts,
- &prompts, &echo_on);
+ success = bsdauth_query(authctxt, &name, &infotxt, &numprompts,
+ &prompts, &echo_on) < 0 ? 0 : 1;
buffer_clear(m);
- buffer_put_int(m, res);
- if (res != -1)
+ buffer_put_int(m, success);
+ if (success)
buffer_put_cstring(m, prompts[0]);
- debug3("%s: sending challenge res: %d", __func__, res);
+ debug3("%s: sending challenge success: %u", __func__, success);
mm_request_send(socket, MONITOR_ANS_BSDAUTHQUERY, m);
- if (res != -1) {
+ if (success) {
xfree(name);
xfree(infotxt);
xfree(prompts);
{
struct skey skey;
char challenge[1024];
- int res;
+ u_int success;
- res = skeychallenge(&skey, authctxt->user, challenge);
+ success = skeychallenge(&skey, authctxt->user, challenge) < 0 ? 0 : 1;
buffer_clear(m);
- buffer_put_int(m, res);
- if (res != -1)
+ buffer_put_int(m, success);
+ if (success)
buffer_put_cstring(m, challenge);
- debug3("%s: sending challenge res: %d", __func__, res);
+ debug3("%s: sending challenge success: %u", __func__, success);
mm_request_send(socket, MONITOR_ANS_SKEYQUERY, m);
return (0);
fatal("%s: unknown key type %d", __func__, type);
break;
}
- key_free(key);
}
+ if (key != NULL)
+ key_free(key);
/* clear temporarily storage (used by verify) */
monitor_reset_key_state();
buffer_clear(m);
buffer_put_int(m, allowed);
+ buffer_put_int(m, forced_command != NULL);
mm_append_debug(m);
}
buffer_clear(m);
buffer_put_int(m, allowed);
+ buffer_put_int(m, forced_command != NULL);
/* clear temporarily storage (used by generate challenge) */
monitor_reset_key_state();
key_blob = blob;
key_bloblen = blen;
key_blobtype = MM_RSAUSERKEY;
- key_free(key);
}
+ if (key != NULL)
+ key_free(key);
mm_append_debug(m);
mm_request_send(socket, MONITOR_ANS_RSACHALLENGE, m);
monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1);
+
+ xfree(blob);
+ key_free(key);
return (0);
}
fatal("%s: received bad response to challenge", __func__);
success = auth_rsa_verify_response(key, ssh1_challenge, response);
+ xfree(blob);
key_free(key);
xfree(response);
(memcmp(kex->session_id, session_id2, session_id2_len) != 0))
fatal("mm_get_get: internal error: bad session id");
kex->we_need = buffer_get_int(m);
+ kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
+ kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
kex->server = 1;
kex->hostkey_type = buffer_get_int(m);
kex->kex_type = buffer_get_int(m);
void *
mm_zalloc(struct mm_master *mm, u_int ncount, u_int size)
{
- size_t len = size * ncount;
+ size_t len = (size_t) size * ncount;
void *address;
if (len == 0 || ncount > SIZE_T_MAX / size)
*/
#include "includes.h"
-RCSID("$OpenBSD: monitor_wrap.c,v 1.19 2002/09/26 11:38:43 markus Exp $");
+RCSID("$OpenBSD: monitor_wrap.c,v 1.24 2003/04/01 10:22:21 markus Exp $");
#include <openssl/bn.h>
#include <openssl/dh.h>
#include "dh.h"
#include "kex.h"
#include "auth.h"
+#include "auth-options.h"
#include "buffer.h"
#include "bufaux.h"
#include "packet.h"
Buffer m;
u_char *blob;
u_int len;
- int allowed = 0;
+ int allowed = 0, have_forced = 0;
debug3("%s entering", __func__);
allowed = buffer_get_int(&m);
+ /* fake forced command */
+ auth_clear_options();
+ have_forced = buffer_get_int(&m);
+ forced_command = have_forced ? xstrdup("true") : NULL;
+
/* Send potential debug messages */
mm_send_debug(&m);
u_int *numprompts, char ***prompts, u_int **echo_on)
{
Buffer m;
- int res;
+ u_int success;
char *challenge;
debug3("%s: entering", __func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY,
&m);
- res = buffer_get_int(&m);
- if (res == -1) {
+ success = buffer_get_int(&m);
+ if (success == 0) {
debug3("%s: no challenge", __func__);
buffer_free(&m);
return (-1);
u_int *numprompts, char ***prompts, u_int **echo_on)
{
Buffer m;
- int len, res;
+ int len;
+ u_int success;
char *p, *challenge;
debug3("%s: entering", __func__);
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY,
&m);
- res = buffer_get_int(&m);
- if (res == -1) {
+ success = buffer_get_int(&m);
+ if (success == 0) {
debug3("%s: no challenge", __func__);
buffer_free(&m);
return (-1);
Key *key;
u_char *blob;
u_int blen;
- int allowed = 0;
+ int allowed = 0, have_forced = 0;
debug3("%s entering", __func__);
allowed = buffer_get_int(&m);
+ /* fake forced command */
+ auth_clear_options();
+ have_forced = buffer_get_int(&m);
+ forced_command = have_forced ? xstrdup("true") : NULL;
+
if (allowed && rkey != NULL) {
blob = buffer_get_string(&m, &blen);
if ((key = key_from_blob(blob, blen)) == NULL)
xfree(p);
}
buffer_free(&m);
- return (success);
+ return (success);
}
#endif
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: msg.c,v 1.4 2002/07/01 16:15:25 deraadt Exp $");
+RCSID("$OpenBSD: msg.c,v 1.5 2002/12/19 00:07:02 djm Exp $");
#include "buffer.h"
#include "getput.h"
-/* $OpenBSD: msg.h,v 1.1 2002/05/23 19:24:30 markus Exp $ */
+/* $OpenBSD: msg.h,v 1.2 2002/12/19 00:07:02 djm Exp $ */
/*
* Copyright (c) 2002 Markus Friedl. All rights reserved.
*
INSTALL=@INSTALL@
LDFLAGS=-L. @LDFLAGS@
-OPENBSD=base64.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o
+OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o vis.o
COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-snprintf.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o xmmap.o
#include "includes.h"
-#if !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP)
+#if (!defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP)) || (!defined(HAVE_B64_PTON) && !defined(HAVE___B64_PTON))
#include <sys/types.h>
#include <sys/param.h>
characters followed by one "=" padding character.
*/
+#if !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP)
int
b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize)
{
target[datalength] = '\0'; /* Returned value doesn't count \0. */
return (datalength);
}
+#endif /* !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP) */
+
+#if !defined(HAVE_B64_PTON) && !defined(HAVE___B64_PTON)
/* skips all whitespace anywhere.
converts characters, four at a time, starting at (or after)
return (tarindex);
}
-#endif /* !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP) */
+#endif /* !defined(HAVE_B64_PTON) && !defined(HAVE___B64_PTON) */
+#endif
# ifndef HAVE_B64_NTOP
int b64_ntop(u_char const *src, size_t srclength, char *target,
size_t targsize);
-int b64_pton(char const *src, u_char *target, size_t targsize);
# endif /* !HAVE_B64_NTOP */
# define __b64_ntop b64_ntop
-# define __b64_pton b64_pton
#endif /* HAVE___B64_NTOP */
+#ifndef HAVE___B64_PTON
+# ifndef HAVE_B64_PTON
+int b64_pton(char const *src, u_char *target, size_t targsize);
+# endif /* !HAVE_B64_PTON */
+# define __b64_pton b64_pton
+#endif /* HAVE___B64_PTON */
+
#endif /* _BSD_BASE64_H */
--- /dev/null
+/* $OpenBSD: basename.c,v 1.8 2002/06/09 05:03:59 deraadt Exp $ */
+
+/*
+ * Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+ * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include "includes.h"
+
+#if !defined(HAVE_BASENAME)
+
+#ifndef lint
+static char rcsid[] = "$OpenBSD: basename.c,v 1.8 2002/06/09 05:03:59 deraadt Exp $";
+#endif /* not lint */
+
+char *
+basename(const char *path)
+{
+ static char bname[MAXPATHLEN];
+ register const char *endp, *startp;
+
+ /* Empty or NULL string gets treated as "." */
+ if (path == NULL || *path == '\0') {
+ (void)strlcpy(bname, ".", sizeof bname);
+ return(bname);
+ }
+
+ /* Strip trailing slashes */
+ endp = path + strlen(path) - 1;
+ while (endp > path && *endp == '/')
+ endp--;
+
+ /* All slashes become "/" */
+ if (endp == path && *endp == '/') {
+ (void)strlcpy(bname, "/", sizeof bname);
+ return(bname);
+ }
+
+ /* Find the start of the base */
+ startp = endp;
+ while (startp > path && *(startp - 1) != '/')
+ startp--;
+
+ if (endp - startp + 2 > sizeof(bname)) {
+ errno = ENAMETOOLONG;
+ return(NULL);
+ }
+ strlcpy(bname, startp, endp - startp + 2);
+ return(bname);
+}
+
+#endif /* !defined(HAVE_BASENAME) */
--- /dev/null
+/* $Id$ */
+
+#ifndef _BASENAME_H
+#define _BASENAME_H
+#include "config.h"
+
+#if !defined(HAVE_BASENAME)
+
+char *basename(const char *path);
+
+#endif /* !defined(HAVE_BASENAME) */
+#endif /* _BASENAME_H */
unsigned char rand_buf[SEED_SIZE];
memset(&rc4, 0, sizeof(rc4));
- if (!RAND_bytes(rand_buf, sizeof(rand_buf)))
+ if (RAND_bytes(rand_buf, sizeof(rand_buf)) <= 0)
fatal("Couldn't obtain random bytes (error %ld)",
ERR_get_error());
RC4_set_key(&rc4, sizeof(rand_buf), rand_buf);
#ifndef MAXHOSTNAMELEN
#define MAXHOSTNAMELEN 64
#endif
+#ifndef _CRAYT3E
+#include <sys/ttold.h>
+#define TIOCGPGRP (tIOC|20)
+#endif
#endif
#endif /* _BSD_CRAY_H */
#define is_winnt (GetVersion() < 0x80000000)
#define ntsec_on(c) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec"))
+#define ntsec_off(c) ((c) && strstr((c),"nontsec"))
#define ntea_on(c) ((c) && strstr((c),"ntea") && !strstr((c),"nontea"))
#if defined(open) && open == binary_open
return ret;
}
+#define HAS_CREATE_TOKEN 1
+#define HAS_NTSEC_BY_DEFAULT 2
+
+static int has_capability(int what)
+{
+ /* has_capability() basically calls uname() and checks if
+ specific capabilities of Cygwin can be evaluated from that.
+ This simplifies the calling functions which only have to ask
+ for a capability using has_capability() instead of having
+ to figure that out by themselves. */
+ static int inited;
+ static int has_create_token;
+ static int has_ntsec_by_default;
+
+ if (!inited) {
+ struct utsname uts;
+ char *c;
+
+ if (!uname(&uts)) {
+ int major_high = 0;
+ int major_low = 0;
+ int minor = 0;
+ int api_major_version = 0;
+ int api_minor_version = 0;
+ char *c;
+
+ sscanf(uts.release, "%d.%d.%d", &major_high,
+ &major_low, &minor);
+ c = strchr(uts.release, '(');
+ if (c)
+ sscanf(c + 1, "%d.%d", &api_major_version,
+ &api_minor_version);
+ if (major_high > 1 ||
+ (major_high == 1 && (major_low > 3 ||
+ (major_low == 3 && minor >= 2))))
+ has_create_token = 1;
+ if (api_major_version > 0 || api_minor_version >= 56)
+ has_ntsec_by_default = 1;
+ inited = 1;
+ }
+ }
+ switch (what) {
+ case HAS_CREATE_TOKEN:
+ return has_create_token;
+ case HAS_NTSEC_BY_DEFAULT:
+ return has_ntsec_by_default;
+ }
+ return 0;
+}
+
int check_nt_auth(int pwd_authenticated, struct passwd *pw)
{
/*
return 0;
if (is_winnt) {
if (has_create_token < 0) {
- struct utsname uts;
- int major_high = 0, major_low = 0, minor = 0;
char *cygwin = getenv("CYGWIN");
has_create_token = 0;
- if (ntsec_on(cygwin) && !uname(&uts)) {
- sscanf(uts.release, "%d.%d.%d",
- &major_high, &major_low, &minor);
- if (major_high > 1 ||
- (major_high == 1 && (major_low > 3 ||
- (major_low == 3 && minor >= 2))))
- has_create_token = 1;
- }
+ if (has_capability(HAS_CREATE_TOKEN) &&
+ (ntsec_on(cygwin) ||
+ (has_capability(HAS_NTSEC_BY_DEFAULT) &&
+ !ntsec_off(cygwin))))
+ has_create_token = 1;
}
if (has_create_token < 1 &&
!pwd_authenticated && geteuid() != pw->pw_uid)
/* Evaluate current CYGWIN settings. */
cygwin = getenv("CYGWIN");
allow_ntea = ntea_on(cygwin);
- allow_ntsec = ntsec_on(cygwin);
+ allow_ntsec = ntsec_on(cygwin) ||
+ (has_capability(HAS_NTSEC_BY_DEFAULT) &&
+ !ntsec_off(cygwin));
/*
* `ntea' is an emulation of POSIX attributes. It doesn't support
getpeereid(int s, uid_t *euid, gid_t *gid)
{
struct ucred cred;
- size_t len = sizeof(cred);
+ socklen_t len = sizeof(cred);
if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, &cred, &len) < 0)
return (-1);
*/
#include "includes.h"
+#include "xmalloc.h"
RCSID("$Id$");
+/*
+ * NB. duplicate __progname in case it is an alias for argv[0]
+ * Otherwise it may get clobbered by setproctitle()
+ */
char *get_progname(char *argv0)
{
#ifdef HAVE___PROGNAME
extern char *__progname;
- return __progname;
+ return xstrdup(__progname);
#else
char *p;
p = argv0;
else
p++;
- return p;
+
+ return xstrdup(p);
#endif
}
}
#endif
+#if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP)
+int nanosleep(const struct timespec *req, struct timespec *rem)
+{
+ int rc, saverrno;
+ extern int errno;
+ struct timeval tstart, tstop, tremain, time2wait;
+
+ TIMESPEC_TO_TIMEVAL(&time2wait, req)
+ (void) gettimeofday(&tstart, NULL);
+ rc = select(0, NULL, NULL, NULL, &time2wait);
+ if (rc == -1) {
+ saverrno = errno;
+ (void) gettimeofday (&tstop, NULL);
+ errno = saverrno;
+ tremain.tv_sec = time2wait.tv_sec -
+ (tstop.tv_sec - tstart.tv_sec);
+ tremain.tv_usec = time2wait.tv_usec -
+ (tstop.tv_usec - tstart.tv_usec);
+ tremain.tv_sec += tremain.tv_usec / 1000000L;
+ tremain.tv_usec %= 1000000L;
+ } else {
+ tremain.tv_sec = 0;
+ tremain.tv_usec = 0;
+ }
+ TIMEVAL_TO_TIMESPEC(&tremain, rem)
+
+ return(rc);
+}
+
+#endif
+
int setgroups(size_t size, const gid_t *list);
#endif
+#if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP)
+#ifndef HAVE_STRUCT_TIMESPEC
+struct timespec {
+ time_t tv_sec;
+ long tv_nsec;
+};
+#endif
+int nanosleep(const struct timespec *req, struct timespec *rem);
+#endif
#endif /* _BSD_MISC_H */
+/*
+ * Copyright Patrick Powell 1995
+ * This code is based on code written by Patrick Powell (papowell@astart.com)
+ * It may be used for any purpose as long as this notice remains intact
+ * on all source code distributions
+ */
+
/**************************************************************
* Original:
* Patrick Powell Tue Apr 11 09:48:21 PDT 1995
{
struct addrinfo *cur, *prev = NULL;
struct hostent *hp;
+ struct servent *sp;
struct in_addr in;
- int i, port;
+ int i;
+ long int port;
+ u_long addr;
- if (servname)
- port = htons(atoi(servname));
- else
- port = 0;
+ port = 0;
+ if (servname != NULL) {
+ char *cp;
+
+ port = strtol(servname, &cp, 10);
+ if (port > 0 && port <= 65535 && *cp == '\0')
+ port = htons(port);
+ else if ((sp = getservbyname(servname, NULL)) != NULL)
+ port = sp->s_port;
+ else
+ port = 0;
+ }
if (hints && hints->ai_flags & AI_PASSIVE) {
- if (NULL != (*res = malloc_ai(port, htonl(0x00000000))))
+ addr = htonl(0x00000000);
+ if (hostname && inet_aton(hostname, &in) != 0)
+ addr = in.s_addr;
+ if (NULL != (*res = malloc_ai(port, addr)))
return 0;
else
return EAI_MEMORY;
#if !defined(HAVE_GETCWD)
#if defined(LIBC_SCCS) && !defined(lint)
-static char rcsid[] = "$OpenBSD: getcwd.c,v 1.6 2000/07/19 15:25:13 deraadt Exp $";
+static char rcsid[] = "$OpenBSD: getcwd.c,v 1.7 2002/11/24 01:52:27 cloder Exp $";
#endif /* LIBC_SCCS and not lint */
#include <sys/param.h>
/*
* Build pointer to the parent directory, allocating memory
* as necessary. Max length is 3 for "../", the largest
- * possible component name, plus a trailing NULL.
+ * possible component name, plus a trailing NUL.
*/
if (bup + 3 + MAXNAMLEN + 1 >= eup) {
char *nup;
#if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET)
#if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$OpenBSD: getopt.c,v 1.2 1996/08/19 08:33:32 tholo Exp $";
+static char *rcsid = "$OpenBSD: getopt.c,v 1.4 2002/12/08 22:57:14 millert Exp $";
#endif /* LIBC_SCCS and not lint */
#include <stdio.h>
static char *place = EMSG; /* option letter processing */
char *oli; /* option letter list index */
+ if (ostr == NULL)
+ return (-1);
+
if (BSDoptreset || !*place) { /* update scanning pointer */
BSDoptreset = 0;
if (BSDoptind >= nargc || *(place = nargv[BSDoptind]) != '-') {
#include "includes.h"
-#ifndef HAVE_MKDTEMP
+#if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP)
#if defined(LIBC_SCCS) && !defined(lint)
static char rcsid[] = "$OpenBSD: mktemp.c,v 1.16 2002/05/27 18:20:45 millert Exp $";
/*NOTREACHED*/
}
-#endif /* !HAVE_MKDTEMP */
+#endif /* !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) */
#define _BSD_MKTEMP_H
#include "config.h"
-#ifndef HAVE_MKDTEMP
+#if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP)
int mkstemps(char *path, int slen);
int mkstemp(char *path);
char *mkdtemp(char *path);
-#endif /* !HAVE_MKDTEMP */
+#endif /* !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) */
#endif /* _BSD_MKTEMP_H */
#include "config.h"
/* OpenBSD function replacements */
+#include "basename.h"
#include "bindresvport.h"
#include "getcwd.h"
#include "realpath.h"
#include "glob.h"
#include "readpassphrase.h"
#include "getopt.h"
+#include "vis.h"
/* Home grown routines */
#include "bsd-arc4random.h"
*/
#ifdef _AIX
+
+/* AIX 4.2.x doesn't have nanosleep but does have nsleep which is equivalent */
+#if !defined(HAVE_NANOSLEEP) && defined(HAVE_NSLEEP)
+# define nanosleep(a,b) nsleep(a,b)
+#endif
+
+/* For struct timespec on AIX 4.2.x */
+#ifdef HAVE_SYS_TIMERS_H
+# include <sys/timers.h>
+#endif
+
void aix_usrinfo(struct passwd *pw);
#endif /* _AIX */
#ifndef HAVE_SETENV
#if defined(LIBC_SCCS) && !defined(lint)
-static char *rcsid = "$OpenBSD: setenv.c,v 1.4 2001/07/09 06:57:45 deraadt Exp $";
+static char *rcsid = "$OpenBSD: setenv.c,v 1.5 2002/12/10 22:44:13 mickey Exp $";
#endif /* LIBC_SCCS and not lint */
#include <stdlib.h>
#include <string.h>
+char *__findenv(const char *name, int *offset);
+
/*
* __findenv --
* Returns pointer to value associated with name, if any, else NULL.
static int alloced; /* if allocated space before */
register char *C;
int l_value, offset;
- char *__findenv();
if (*value == '=') /* no `=' in value */
++value;
/*
- * Modified for OpenSSH by Kevin Steves
- * October 2000
+ * Based on src/backend/utils/misc/pg_status.c from
+ * PostgreSQL Database Management System
+ *
+ * Portions Copyright (c) 1996-2001, The PostgreSQL Global Development Group
+ *
+ * Portions Copyright (c) 1994, The Regents of the University of California
+ *
+ * Permission to use, copy, modify, and distribute this software and its
+ * documentation for any purpose, without fee, and without a written agreement
+ * is hereby granted, provided that the above copyright notice and this
+ * paragraph and the following two paragraphs appear in all copies.
+ *
+ * IN NO EVENT SHALL THE UNIVERSITY OF CALIFORNIA BE LIABLE TO ANY PARTY FOR
+ * DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING
+ * LOST PROFITS, ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS
+ * DOCUMENTATION, EVEN IF THE UNIVERSITY OF CALIFORNIA HAS BEEN ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ * THE UNIVERSITY OF CALIFORNIA SPECIFICALLY DISCLAIMS ANY WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS
+ * ON AN "AS IS" BASIS, AND THE UNIVERSITY OF CALIFORNIA HAS NO OBLIGATIONS TO
+ * PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
*/
-/*
- * Copyright (c) 1994, 1995 Christopher G. Demetriou
- * All rights reserved.
+/*--------------------------------------------------------------------
+ * ps_status.c
+ *
+ * Routines to support changing the ps display of PostgreSQL backends
+ * to contain some useful information. Mechanism differs wildly across
+ * platforms.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by Christopher G. Demetriou
- * for the NetBSD Project.
- * 4. The name of the author may not be used to endorse or promote products
- * derived from this software without specific prior written permission
+ * $Header$
*
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * Copyright 2000 by PostgreSQL Global Development Group
+ * various details abducted from various places
+ *--------------------------------------------------------------------
*/
-#if defined(LIBC_SCCS) && !defined(lint)
-static char rcsid[] = "$OpenBSD: setproctitle.c,v 1.8 2001/11/06 19:21:40 art Exp $";
-#endif /* LIBC_SCCS and not lint */
-
#include "includes.h"
#ifndef HAVE_SETPROCTITLE
-#define SPT_NONE 0
-#define SPT_PSTAT 1
+#include <unistd.h>
+#ifdef HAVE_SYS_PSTAT_H
+#include <sys/pstat.h> /* for HP-UX */
+#endif
+#ifdef HAVE_PS_STRINGS
+#include <machine/vmparam.h> /* for old BSD */
+#include <sys/exec.h>
+#endif
+
+/*------
+ * Alternative ways of updating ps display:
+ *
+ * SETPROCTITLE_STRATEGY == PS_USE_PSTAT
+ * use the pstat(PSTAT_SETCMD, )
+ * (HPUX)
+ * SETPROCTITLE_STRATEGY == PS_USE_PS_STRINGS
+ * assign PS_STRINGS->ps_argvstr = "string"
+ * (some BSD systems)
+ * SETPROCTITLE_STRATEGY == PS_USE_CHANGE_ARGV
+ * assign argv[0] = "string"
+ * (some other BSD systems)
+ * SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV
+ * write over the argv and environment area
+ * (most SysV-like systems)
+ * SETPROCTITLE_STRATEGY == PS_USE_NONE
+ * don't update ps display
+ * (This is the default, as it is safest.)
+ */
+
+#define PS_USE_NONE 0
+#define PS_USE_PSTAT 1
+#define PS_USE_PS_STRINGS 2
+#define PS_USE_CHANGE_ARGV 3
+#define PS_USE_CLOBBER_ARGV 4
-#ifndef SPT_TYPE
-#define SPT_TYPE SPT_NONE
+#ifndef SETPROCTITLE_STRATEGY
+# define SETPROCTITLE_STRATEGY PS_USE_NONE
#endif
-#if SPT_TYPE == SPT_PSTAT
-#include <sys/param.h>
-#include <sys/pstat.h>
-#endif /* SPT_TYPE == SPT_PSTAT */
+#ifndef SETPROCTITLE_PS_PADDING
+# define SETPROCTITLE_PS_PADDING ' '
+#endif
+#endif /* HAVE_SETPROCTITLE */
-#define MAX_PROCTITLE 2048
+extern char **environ;
+
+/*
+ * argv clobbering uses existing argv space, all other methods need a buffer
+ */
+#if SETPROCTITLE_STRATEGY != PS_USE_CLOBBER_ARGV
+static char ps_buffer[256];
+static const size_t ps_buffer_size = sizeof(ps_buffer);
+#else
+static char *ps_buffer; /* will point to argv area */
+static size_t ps_buffer_size; /* space determined at run time */
+#endif
+
+/* save the original argv[] location here */
+static int save_argc;
+static char **save_argv;
extern char *__progname;
+#ifndef HAVE_SETPROCTITLE
/*
- * Set Process Title (SPT) defines. Modeled after sendmail's
- * SPT type definition strategy.
- *
- * SPT_TYPE:
- *
- * SPT_NONE: Don't set the process title. Default.
- * SPT_PSTAT: Use pstat(PSTAT_SETCMD). HP-UX specific.
+ * Call this to update the ps status display to a fixed prefix plus an
+ * indication of what you're currently doing passed in the argument.
*/
-
void
setproctitle(const char *fmt, ...)
{
-#if SPT_TYPE != SPT_NONE
+#if SETPROCTITLE_STRATEGY == PS_USE_PSTAT
+ union pstun pst;
+#endif
+#if SETPROCTITLE_STRATEGY != PS_USE_NONE
+ ssize_t used;
va_list ap;
-
- char buf[MAX_PROCTITLE];
- size_t used;
-#if SPT_TYPE == SPT_PSTAT
- union pstun pst;
-#endif /* SPT_TYPE == SPT_PSTAT */
+ /* no ps display if you didn't call save_ps_display_args() */
+ if (save_argv == NULL)
+ return;
+#if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV
+ /* If ps_buffer is a pointer, it might still be null */
+ if (ps_buffer == NULL)
+ return;
+#endif /* PS_USE_CLOBBER_ARGV */
+
+ /*
+ * Overwrite argv[] to point at appropriate space, if needed
+ */
+#if SETPROCTITLE_STRATEGY == PS_USE_CHANGE_ARGV
+ save_argv[0] = ps_buffer;
+ save_argv[1] = NULL;
+#endif /* PS_USE_CHANGE_ARGV */
+
+#if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV
+ save_argv[1] = NULL;
+#endif /* PS_USE_CLOBBER_ARGV */
+
+ /*
+ * Make fixed prefix of ps display.
+ */
va_start(ap, fmt);
- if (fmt != NULL) {
- used = snprintf(buf, MAX_PROCTITLE, "%s: ", __progname);
- if (used >= MAX_PROCTITLE)
- used = MAX_PROCTITLE - 1;
- (void)vsnprintf(buf + used, MAX_PROCTITLE - used, fmt, ap);
- } else
- (void)snprintf(buf, MAX_PROCTITLE, "%s", __progname);
+ if (fmt == NULL)
+ snprintf(ps_buffer, ps_buffer_size, "%s", __progname);
+ else {
+ used = snprintf(ps_buffer, ps_buffer_size, "%s: ", __progname);
+ if (used == -1 || used >= ps_buffer_size)
+ used = ps_buffer_size;
+ vsnprintf(ps_buffer + used, ps_buffer_size - used, fmt, ap);
+ }
va_end(ap);
- used = strlen(buf);
-#if SPT_TYPE == SPT_PSTAT
- pst.pst_command = buf;
- pstat(PSTAT_SETCMD, pst, used, 0, 0);
-#endif /* SPT_TYPE == SPT_PSTAT */
+#if SETPROCTITLE_STRATEGY == PS_USE_PSTAT
+ pst.pst_command = ps_buffer;
+ pstat(PSTAT_SETCMD, pst, strlen(ps_buffer), 0, 0);
+#endif /* PS_USE_PSTAT */
-#endif /* SPT_TYPE != SPT_NONE */
+#if SETPROCTITLE_STRATEGY == PS_USE_PS_STRINGS
+ PS_STRINGS->ps_nargvstr = 1;
+ PS_STRINGS->ps_argvstr = ps_buffer;
+#endif /* PS_USE_PS_STRINGS */
+
+#if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV
+ /* pad unused memory */
+ used = strlen(ps_buffer);
+ memset(ps_buffer + used, SETPROCTITLE_PS_PADDING,
+ ps_buffer_size - used);
+#endif /* PS_USE_CLOBBER_ARGV */
+
+#endif /* PS_USE_NONE */
}
+
#endif /* HAVE_SETPROCTITLE */
+
+/*
+ * Call this early in startup to save the original argc/argv values.
+ *
+ * argv[] will not be overwritten by this routine, but may be overwritten
+ * during setproctitle. Also, the physical location of the environment
+ * strings may be moved, so this should be called before any code that
+ * might try to hang onto a getenv() result.
+ */
+void
+compat_init_setproctitle(int argc, char *argv[])
+{
+#if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV
+ char *end_of_area = NULL;
+ char **new_environ;
+ int i;
+#endif
+
+ save_argc = argc;
+ save_argv = argv;
+
+#if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV
+ /*
+ * If we're going to overwrite the argv area, count the available
+ * space. Also move the environment to make additional room.
+ */
+
+ /*
+ * check for contiguous argv strings
+ */
+ for (i = 0; i < argc; i++) {
+ if (i == 0 || end_of_area + 1 == argv[i])
+ end_of_area = argv[i] + strlen(argv[i]);
+ }
+
+ /* probably can't happen? */
+ if (end_of_area == NULL) {
+ ps_buffer = NULL;
+ ps_buffer_size = 0;
+ return;
+ }
+
+ /*
+ * check for contiguous environ strings following argv
+ */
+ for (i = 0; environ[i] != NULL; i++) {
+ if (end_of_area + 1 == environ[i])
+ end_of_area = environ[i] + strlen(environ[i]);
+ }
+
+ ps_buffer = argv[0];
+ ps_buffer_size = end_of_area - argv[0] - 1;
+
+ /*
+ * Duplicate and move the environment out of the way
+ */
+ new_environ = malloc(sizeof(char *) * (i + 1));
+ for (i = 0; environ[i] != NULL; i++)
+ new_environ[i] = strdup(environ[i]);
+ new_environ[i] = NULL;
+ environ = new_environ;
+#endif /* PS_USE_CLOBBER_ARGV */
+}
+
#ifndef HAVE_SETPROCTITLE
void setproctitle(const char *fmt, ...);
+void compat_init_setproctitle(int argc, char *argv[]);
#endif
#endif /* _BSD_SETPROCTITLE_H */
-/* $OpenBSD: tree.h,v 1.6 2002/06/11 22:09:52 provos Exp $ */
+/* $OpenBSD: tree.h,v 1.7 2002/10/17 21:51:54 art Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* All rights reserved.
RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \
else \
RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \
- RB_AUGMENT(RB_PARENT(elm, field)); \
} else \
(head)->rbh_root = (tmp); \
RB_LEFT(tmp, field) = (elm); \
RB_PARENT(elm, field) = (tmp); \
RB_AUGMENT(tmp); \
+ if ((RB_PARENT(tmp, field))) \
+ RB_AUGMENT(RB_PARENT(tmp, field)); \
} while (0)
#define RB_ROTATE_RIGHT(head, elm, tmp, field) do { \
RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \
else \
RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \
- RB_AUGMENT(RB_PARENT(elm, field)); \
} else \
(head)->rbh_root = (tmp); \
RB_RIGHT(tmp, field) = (elm); \
RB_PARENT(elm, field) = (tmp); \
RB_AUGMENT(tmp); \
+ if ((RB_PARENT(tmp, field))) \
+ RB_AUGMENT(RB_PARENT(tmp, field)); \
} while (0)
/* Generates prototypes and inline functions */
--- /dev/null
+/*-
+ * Copyright (c) 1989, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#include "config.h"
+#if !defined(HAVE_STRNVIS)
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: vis.c,v 1.8 2002/02/19 19:39:36 millert Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <ctype.h>
+
+#include "vis.h"
+
+#define isoctal(c) (((u_char)(c)) >= '0' && ((u_char)(c)) <= '7')
+#define isvisible(c) (((u_int)(c) <= UCHAR_MAX && isascii((u_char)(c)) && \
+ isgraph((u_char)(c))) || \
+ ((flag & VIS_SP) == 0 && (c) == ' ') || \
+ ((flag & VIS_TAB) == 0 && (c) == '\t') || \
+ ((flag & VIS_NL) == 0 && (c) == '\n') || \
+ ((flag & VIS_SAFE) && \
+ ((c) == '\b' || (c) == '\007' || (c) == '\r')))
+
+/*
+ * vis - visually encode characters
+ */
+char *
+vis(dst, c, flag, nextc)
+ register char *dst;
+ int c, nextc;
+ register int flag;
+{
+ if (isvisible(c)) {
+ *dst++ = c;
+ if (c == '\\' && (flag & VIS_NOSLASH) == 0)
+ *dst++ = '\\';
+ *dst = '\0';
+ return (dst);
+ }
+
+ if (flag & VIS_CSTYLE) {
+ switch(c) {
+ case '\n':
+ *dst++ = '\\';
+ *dst++ = 'n';
+ goto done;
+ case '\r':
+ *dst++ = '\\';
+ *dst++ = 'r';
+ goto done;
+ case '\b':
+ *dst++ = '\\';
+ *dst++ = 'b';
+ goto done;
+ case '\a':
+ *dst++ = '\\';
+ *dst++ = 'a';
+ goto done;
+ case '\v':
+ *dst++ = '\\';
+ *dst++ = 'v';
+ goto done;
+ case '\t':
+ *dst++ = '\\';
+ *dst++ = 't';
+ goto done;
+ case '\f':
+ *dst++ = '\\';
+ *dst++ = 'f';
+ goto done;
+ case ' ':
+ *dst++ = '\\';
+ *dst++ = 's';
+ goto done;
+ case '\0':
+ *dst++ = '\\';
+ *dst++ = '0';
+ if (isoctal(nextc)) {
+ *dst++ = '0';
+ *dst++ = '0';
+ }
+ goto done;
+ }
+ }
+ if (((c & 0177) == ' ') || (flag & VIS_OCTAL)) {
+ *dst++ = '\\';
+ *dst++ = ((u_char)c >> 6 & 07) + '0';
+ *dst++ = ((u_char)c >> 3 & 07) + '0';
+ *dst++ = ((u_char)c & 07) + '0';
+ goto done;
+ }
+ if ((flag & VIS_NOSLASH) == 0)
+ *dst++ = '\\';
+ if (c & 0200) {
+ c &= 0177;
+ *dst++ = 'M';
+ }
+ if (iscntrl(c)) {
+ *dst++ = '^';
+ if (c == 0177)
+ *dst++ = '?';
+ else
+ *dst++ = c + '@';
+ } else {
+ *dst++ = '-';
+ *dst++ = c;
+ }
+done:
+ *dst = '\0';
+ return (dst);
+}
+
+/*
+ * strvis, strnvis, strvisx - visually encode characters from src into dst
+ *
+ * Dst must be 4 times the size of src to account for possible
+ * expansion. The length of dst, not including the trailing NULL,
+ * is returned.
+ *
+ * Strnvis will write no more than siz-1 bytes (and will NULL terminate).
+ * The number of bytes needed to fully encode the string is returned.
+ *
+ * Strvisx encodes exactly len bytes from src into dst.
+ * This is useful for encoding a block of data.
+ */
+int
+strvis(dst, src, flag)
+ register char *dst;
+ register const char *src;
+ int flag;
+{
+ register char c;
+ char *start;
+
+ for (start = dst; (c = *src);)
+ dst = vis(dst, c, flag, *++src);
+ *dst = '\0';
+ return (dst - start);
+}
+
+int
+strnvis(dst, src, siz, flag)
+ register char *dst;
+ register const char *src;
+ size_t siz;
+ int flag;
+{
+ register char c;
+ char *start, *end;
+
+ for (start = dst, end = start + siz - 1; (c = *src) && dst < end; ) {
+ if (isvisible(c)) {
+ *dst++ = c;
+ if (c == '\\' && (flag & VIS_NOSLASH) == 0) {
+ /* need space for the extra '\\' */
+ if (dst < end)
+ *dst++ = '\\';
+ else {
+ dst--;
+ break;
+ }
+ }
+ src++;
+ } else {
+ /* vis(3) requires up to 4 chars */
+ if (dst + 3 < end)
+ dst = vis(dst, c, flag, *++src);
+ else
+ break;
+ }
+ }
+ *dst = '\0';
+ if (dst >= end) {
+ char tbuf[5];
+
+ /* adjust return value for truncation */
+ while ((c = *src))
+ dst += vis(tbuf, c, flag, *++src) - tbuf;
+ }
+ return (dst - start);
+}
+
+int
+strvisx(dst, src, len, flag)
+ register char *dst;
+ register const char *src;
+ register size_t len;
+ int flag;
+{
+ register char c;
+ char *start;
+
+ for (start = dst; len > 1; len--) {
+ c = *src;
+ dst = vis(dst, c, flag, *++src);
+ }
+ if (len)
+ dst = vis(dst, *src, flag, '\0');
+ *dst = '\0';
+ return (dst - start);
+}
+
+#endif
--- /dev/null
+/* $OpenBSD: vis.h,v 1.5 2002/02/16 21:27:17 millert Exp $ */
+/* $NetBSD: vis.h,v 1.4 1994/10/26 00:56:41 cgd Exp $ */
+
+/*-
+ * Copyright (c) 1990 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @(#)vis.h 5.9 (Berkeley) 4/3/91
+ */
+#include "config.h"
+#if !defined(HAVE_STRNVIS)
+
+#ifndef _VIS_H_
+#define _VIS_H_
+
+#include <sys/types.h>
+#include <limits.h>
+
+/*
+ * to select alternate encoding format
+ */
+#define VIS_OCTAL 0x01 /* use octal \ddd format */
+#define VIS_CSTYLE 0x02 /* use \[nrft0..] where appropriate */
+
+/*
+ * to alter set of characters encoded (default is to encode all
+ * non-graphic except space, tab, and newline).
+ */
+#define VIS_SP 0x04 /* also encode space */
+#define VIS_TAB 0x08 /* also encode tab */
+#define VIS_NL 0x10 /* also encode newline */
+#define VIS_WHITE (VIS_SP | VIS_TAB | VIS_NL)
+#define VIS_SAFE 0x20 /* only encode "unsafe" characters */
+
+/*
+ * other
+ */
+#define VIS_NOSLASH 0x40 /* inhibit printing '\' */
+
+/*
+ * unvis return codes
+ */
+#define UNVIS_VALID 1 /* character valid */
+#define UNVIS_VALIDPUSH 2 /* character valid, push back passed char */
+#define UNVIS_NOCHAR 3 /* valid sequence, no character produced */
+#define UNVIS_SYNBAD -1 /* unrecognized escape sequence */
+#define UNVIS_ERROR -2 /* decoder in unknown state (unrecoverable) */
+
+/*
+ * unvis flags
+ */
+#define UNVIS_END 1 /* no more characters */
+
+char *vis(char *, int, int, int);
+int strvis(char *, const char *, int);
+int strnvis(char *, const char *, size_t, int);
+int strvisx(char *, const char *, size_t, int);
+int strunvis(char *, const char *);
+int unvis(char *, char, int *, int);
+
+#endif /* !_VIS_H_ */
+
+#endif /* !HAVE_STRNVIS */
*/
#include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.97 2002/07/04 08:12:15 deraadt Exp $");
+RCSID("$OpenBSD: packet.c,v 1.104 2003/04/01 10:22:21 markus Exp $");
#include "xmalloc.h"
#include "buffer.h"
CipherContext *cc;
int encrypt;
- debug("newkeys: mode %d", mode);
+ debug2("set_newkeys: mode %d", mode);
if (mode == MODE_OUT) {
cc = &send_context;
encrypt = CIPHER_DECRYPT;
}
if (newkeys[mode] != NULL) {
- debug("newkeys: rekeying");
+ debug("set_newkeys: rekeying");
cipher_cleanup(cc);
enc = &newkeys[mode]->enc;
mac = &newkeys[mode]->mac;
cp = buffer_ptr(&input);
len = GET_32BIT(cp);
if (len < 1 + 2 + 2 || len > 256 * 1024)
- packet_disconnect("Bad packet length %d.", len);
+ packet_disconnect("Bad packet length %u.", len);
padded_len = (len + 8) & ~7;
/* Check if the packet has been entirely received. */
packet_length = GET_32BIT(cp);
if (packet_length < 1 + 4 || packet_length > 256 * 1024) {
buffer_dump(&incoming_packet);
- packet_disconnect("Bad packet length %d.", packet_length);
+ packet_disconnect("Bad packet length %u.", packet_length);
}
- DBG(debug("input: packet len %d", packet_length+4));
+ DBG(debug("input: packet len %u", packet_length+4));
buffer_consume(&input, block_size);
}
/* we have a partial packet of block_size bytes */
vsnprintf(buf, sizeof(buf), fmt, args);
va_end(args);
+ /* Display the error locally */
+ log("Disconnecting: %.100s", buf);
+
/* Send the disconnect message to the other side, and wait for it to get sent. */
if (compat20) {
packet_start(SSH2_MSG_DISCONNECT);
/* Close the connection. */
packet_close();
- /* Display the error locally and exit. */
- log("Disconnecting: %.100s", buf);
fatal_cleanup();
}
return buffer_len(&output) < 128 * 1024;
}
+static void
+packet_set_tos(int interactive)
+{
+ int tos = interactive ? IPTOS_LOWDELAY : IPTOS_THROUGHPUT;
+
+ if (!packet_connection_is_on_socket() ||
+ !packet_connection_is_ipv4())
+ return;
+ if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, &tos,
+ sizeof(tos)) < 0)
+ error("setsockopt IP_TOS %d: %.100s:",
+ tos, strerror(errno));
+}
+
/* Informs that the current session is interactive. Sets IP flags for that. */
void
packet_set_interactive(int interactive)
{
static int called = 0;
-#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
- int lowdelay = IPTOS_LOWDELAY;
- int throughput = IPTOS_THROUGHPUT;
-#endif
if (called)
return;
/* Only set socket options if using a socket. */
if (!packet_connection_is_on_socket())
- return;
- /*
- * IPTOS_LOWDELAY and IPTOS_THROUGHPUT are IPv4 only
- */
- if (interactive) {
- /*
- * Set IP options for an interactive connection. Use
- * IPTOS_LOWDELAY and TCP_NODELAY.
- */
-#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
- if (packet_connection_is_ipv4()) {
- if (setsockopt(connection_in, IPPROTO_IP, IP_TOS,
- &lowdelay, sizeof(lowdelay)) < 0)
- error("setsockopt IPTOS_LOWDELAY: %.100s",
- strerror(errno));
- }
-#endif
+ if (interactive)
set_nodelay(connection_in);
- } else if (packet_connection_is_ipv4()) {
- /*
- * Set IP options for a non-interactive connection. Use
- * IPTOS_THROUGHPUT.
- */
#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
- if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, &throughput,
- sizeof(throughput)) < 0)
- error("setsockopt IPTOS_THROUGHPUT: %.100s", strerror(errno));
+ packet_set_tos(interactive);
#endif
- }
+
}
/* Returns true if the current connection is interactive. */
-/* $OpenBSD: packet.h,v 1.35 2002/06/19 18:01:00 markus Exp $ */
+/* $OpenBSD: packet.h,v 1.37 2003/04/01 10:22:21 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
--- /dev/null
+/*
+ * Copyright (c) 1999 Theo de Raadt. All rights reserved.
+ * Copyright (c) 1999 Aaron Campbell. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Parts from:
+ *
+ * Copyright (c) 1983, 1990, 1992, 1993, 1995
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+
+#include "includes.h"
+RCSID("$OpenBSD: progressmeter.c,v 1.3 2003/03/17 10:38:38 markus Exp $");
+
+#ifdef HAVE_LIBGEN_H
+#include <libgen.h>
+#endif
+
+#include "atomicio.h"
+#include "progressmeter.h"
+
+/* Number of seconds before xfer considered "stalled". */
+#define STALLTIME 5
+/* alarm() interval for updating progress meter. */
+#define PROGRESSTIME 1
+
+/* Signal handler used for updating the progress meter. */
+static void update_progress_meter(int);
+
+/* Returns non-zero if we are the foreground process. */
+static int foregroundproc(void);
+
+/* Returns width of the terminal (for progress meter calculations). */
+static int get_tty_width(void);
+
+/* Visual statistics about files as they are transferred. */
+static void draw_progress_meter(void);
+
+/* Time a transfer started. */
+static struct timeval start;
+
+/* Number of bytes of current file transferred so far. */
+static volatile off_t *statbytes;
+
+/* Total size of current file. */
+static off_t totalbytes;
+
+/* Name of current file being transferred. */
+static char *curfile;
+
+/* Time of last update. */
+static struct timeval lastupdate;
+
+/* Size at the time of the last update. */
+static off_t lastsize;
+
+void
+start_progress_meter(char *file, off_t filesize, off_t *counter)
+{
+ if ((curfile = basename(file)) == NULL)
+ curfile = file;
+
+ totalbytes = filesize;
+ statbytes = counter;
+ (void) gettimeofday(&start, (struct timezone *) 0);
+ lastupdate = start;
+ lastsize = 0;
+
+ draw_progress_meter();
+ signal(SIGALRM, update_progress_meter);
+ alarm(PROGRESSTIME);
+}
+
+void
+stop_progress_meter()
+{
+ alarm(0);
+ draw_progress_meter();
+ if (foregroundproc() != 0)
+ atomicio(write, fileno(stdout), "\n", 1);
+}
+
+static void
+update_progress_meter(int ignore)
+{
+ int save_errno = errno;
+
+ draw_progress_meter();
+ signal(SIGALRM, update_progress_meter);
+ alarm(PROGRESSTIME);
+ errno = save_errno;
+}
+
+static int
+foregroundproc(void)
+{
+ static pid_t pgrp = -1;
+ int ctty_pgrp;
+
+ if (pgrp == -1)
+ pgrp = getpgrp();
+
+#ifdef HAVE_TCGETPGRP
+ return ((ctty_pgrp = tcgetpgrp(STDOUT_FILENO)) != -1 &&
+ ctty_pgrp == pgrp);
+#else
+ return ((ioctl(STDOUT_FILENO, TIOCGPGRP, &ctty_pgrp) != -1 &&
+ ctty_pgrp == pgrp));
+#endif
+}
+
+static void
+draw_progress_meter()
+{
+ static const char spaces[] = " "
+ " "
+ " "
+ " "
+ " "
+ " ";
+ static const char prefixes[] = " KMGTP";
+ struct timeval now, td, wait;
+ off_t cursize, abbrevsize, bytespersec;
+ double elapsed;
+ int ratio, remaining, i, ai, bi, nspaces;
+ char buf[512];
+
+ if (foregroundproc() == 0)
+ return;
+
+ (void) gettimeofday(&now, (struct timezone *) 0);
+ cursize = *statbytes;
+ if (totalbytes != 0) {
+ ratio = 100.0 * cursize / totalbytes;
+ ratio = MAX(ratio, 0);
+ ratio = MIN(ratio, 100);
+ } else
+ ratio = 100;
+
+ abbrevsize = cursize;
+ for (ai = 0; abbrevsize >= 10000 && ai < sizeof(prefixes); ai++)
+ abbrevsize >>= 10;
+
+ timersub(&now, &lastupdate, &wait);
+ if (cursize > lastsize) {
+ lastupdate = now;
+ lastsize = cursize;
+ wait.tv_sec = 0;
+ }
+ timersub(&now, &start, &td);
+ elapsed = td.tv_sec + (td.tv_usec / 1000000.0);
+
+ bytespersec = 0;
+ if (cursize > 0) {
+ bytespersec = cursize;
+ if (elapsed > 0.0)
+ bytespersec /= elapsed;
+ }
+ for (bi = 1; bytespersec >= 1024000 && bi < sizeof(prefixes); bi++)
+ bytespersec >>= 10;
+
+ nspaces = MIN(get_tty_width() - 79, sizeof(spaces) - 1);
+
+#ifdef HAVE_LONG_LONG_INT
+ snprintf(buf, sizeof(buf),
+ "\r%-45.45s%.*s%3d%% %4lld%c%c %3lld.%01d%cB/s",
+ curfile,
+ nspaces,
+ spaces,
+ ratio,
+ (long long)abbrevsize,
+ prefixes[ai],
+ ai == 0 ? ' ' : 'B',
+ (long long)(bytespersec / 1024),
+ (int)((bytespersec % 1024) * 10 / 1024),
+ prefixes[bi]
+ );
+#else
+ /* XXX: Handle integer overflow? */
+ snprintf(buf, sizeof(buf),
+ "\r%-45.45s%.*s%3d%% %4lu%c%c %3lu.%01d%cB/s",
+ curfile,
+ nspaces,
+ spaces,
+ ratio,
+ (u_long)abbrevsize,
+ prefixes[ai],
+ ai == 0 ? ' ' : 'B',
+ (u_long)(bytespersec / 1024),
+ (int)((bytespersec % 1024) * 10 / 1024),
+ prefixes[bi]
+ );
+#endif
+
+ if (cursize <= 0 || elapsed <= 0.0 || cursize > totalbytes) {
+ snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
+ " --:-- ETA");
+ } else if (wait.tv_sec >= STALLTIME) {
+ snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
+ " - stalled -");
+ } else {
+ if (cursize != totalbytes)
+ remaining = (int)(totalbytes / (cursize / elapsed) -
+ elapsed);
+ else
+ remaining = elapsed;
+
+ i = remaining / 3600;
+ if (i)
+ snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
+ "%2d:", i);
+ else
+ snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
+ " ");
+ i = remaining % 3600;
+ snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
+ "%02d:%02d%s", i / 60, i % 60,
+ (cursize != totalbytes) ? " ETA" : " ");
+ }
+ atomicio(write, fileno(stdout), buf, strlen(buf));
+}
+
+static int
+get_tty_width(void)
+{
+ struct winsize winsize;
+
+ if (ioctl(fileno(stdout), TIOCGWINSZ, &winsize) != -1)
+ return (winsize.ws_col ? winsize.ws_col : 80);
+ else
+ return (80);
+}
--- /dev/null
+/* $OpenBSD: progressmeter.h,v 1.1 2003/01/10 08:19:07 fgsch Exp $ */
+/*
+ * Copyright (c) 2002 Nils Nordman. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+void start_progress_meter(char *, off_t, off_t *);
+void stop_progress_meter(void);
*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.100 2002/06/19 00:27:55 deraadt Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.104 2003/04/01 10:22:21 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
+ oEnableSSHKeysign,
oDeprecated
} OpCodes;
{ "bindaddress", oBindAddress },
{ "smartcarddevice", oSmartcardDevice },
{ "clearallforwardings", oClearAllForwardings },
+ { "enablesshkeysign", oEnableSSHKeysign },
{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
{ NULL, oBadOption }
};
* Processes a single option line as used in the configuration files. This
* only sets those values that have not already been set.
*/
+#define WHITESPACE " \t\r\n"
int
process_config_line(Options *options, const char *host,
char *line, const char *filename, int linenum,
int *activep)
{
- char buf[256], *s, *string, **charptr, *endofnumber, *keyword, *arg;
+ char buf[256], *s, **charptr, *endofnumber, *keyword, *arg;
int opcode, *intptr, value;
+ size_t len;
u_short fwd_port, fwd_host_port;
char sfwd_host_port[6];
case oProxyCommand:
charptr = &options->proxy_command;
- string = xstrdup("");
- while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
- string = xrealloc(string, strlen(string) + strlen(arg) + 2);
- strcat(string, " ");
- strcat(string, arg);
- }
+ len = strspn(s, WHITESPACE "=");
if (*activep && *charptr == NULL)
- *charptr = string;
- else
- xfree(string);
+ *charptr = xstrdup(s + len);
return 0;
case oPort:
*intptr = value;
break;
+ case oEnableSSHKeysign:
+ intptr = &options->enable_ssh_keysign;
+ goto parse_flag;
+
case oDeprecated:
debug("%s line %d: Deprecated option \"%s\"",
filename, linenum, keyword);
options->preferred_authentications = NULL;
options->bind_address = NULL;
options->smartcard_device = NULL;
+ options->enable_ssh_keysign = - 1;
options->no_host_authentication_for_localhost = - 1;
}
clear_forwardings(options);
if (options->no_host_authentication_for_localhost == - 1)
options->no_host_authentication_for_localhost = 0;
+ if (options->enable_ssh_keysign == -1)
+ options->enable_ssh_keysign = 0;
/* options->proxy_command should not be set by default */
/* options->user will be set in the main program if appropriate */
/* options->hostname will be set in the main program if appropriate */
-/* $OpenBSD: readconf.h,v 1.43 2002/06/08 05:17:01 markus Exp $ */
+/* $OpenBSD: readconf.h,v 1.46 2003/04/01 10:22:21 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
int num_remote_forwards;
Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION];
int clear_forwardings;
+
+ int enable_ssh_keysign;
int no_host_authentication_for_localhost;
} Options;
*/
#include "includes.h"
-RCSID("$OpenBSD: readpass.c,v 1.27 2002/03/26 15:58:46 markus Exp $");
+RCSID("$OpenBSD: readpass.c,v 1.28 2003/01/23 13:50:27 markus Exp $");
#include "xmalloc.h"
#include "readpass.h"
fatal("internal error: askpass undefined");
if (pipe(p) < 0) {
error("ssh_askpass: pipe: %s", strerror(errno));
- return xstrdup("");
+ return NULL;
}
if ((pid = fork()) < 0) {
error("ssh_askpass: fork: %s", strerror(errno));
- return xstrdup("");
+ return NULL;
}
if (pid == 0) {
seteuid(getuid());
if (errno != EINTR)
break;
+ if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
+ memset(buf, 0, sizeof(buf));
+ return NULL;
+ }
+
buf[strcspn(buf, "\r\n")] = '\0';
pass = xstrdup(buf);
memset(buf, 0, sizeof(buf));
askpass = getenv(SSH_ASKPASS_ENV);
else
askpass = _PATH_SSH_ASKPASS_DEFAULT;
- return ssh_askpass(askpass, prompt);
+ if ((ret = ssh_askpass(askpass, prompt)) == NULL)
+ if (!(flags & RP_ALLOW_EOF))
+ return xstrdup("");
+ return ret;
}
if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL) {
-# $OpenBSD: Makefile,v 1.13 2002/04/01 22:15:08 markus Exp $
+# $OpenBSD: Makefile,v 1.20 2003/01/08 23:54:22 djm Exp $
-REGRESSTARGETS= t1 t2 t3 t4 t5 t6 t7
+REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7
-CLEANFILES+= t2.out t6.out1 t6.out2 t7.out t7.out.pub
+CLEANFILES+= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2
LTESTS= connect \
proxy-connect \
try-ciphers \
yes-head \
agent \
+ agent-getpeereid \
+ agent-timeout \
+ agent-ptrace \
keyscan \
+ keygen-change \
sftp \
+ sftp-cmds \
+ sftp-batch \
forwarding
USER!= id -un
ssh-keygen -Bf t7.out > /dev/null
.for t in ${LTESTS}
-REGRESSTARGETS+=t-${t}
+REGRESS_TARGETS+=t-${t}
t-${t}:
sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/${t}.sh
.endfor
--- /dev/null
+# $OpenBSD: agent-getpeereid.sh,v 1.1 2002/12/09 16:05:02 markus Exp $
+# Placed in the Public Domain.
+
+tid="disallow agent attach from other uid"
+
+UNPRIV=nobody
+ASOCK=${OBJ}/agent
+SSH_AUTH_SOCK=/nonexistant
+
+trace "start agent"
+eval `${SSHAGENT} -s -a ${ASOCK}` > /dev/null
+r=$?
+if [ $r -ne 0 ]; then
+ fail "could not start ssh-agent: exit code $r"
+else
+ chmod 644 ${SSH_AUTH_SOCK}
+
+ ssh-add -l > /dev/null 2>&1
+ r=$?
+ if [ $r -ne 1 ]; then
+ fail "ssh-add failed with $r != 1"
+ fi
+
+ < /dev/null sudo -S -u ${UNPRIV} ssh-add -l > /dev/null 2>&1
+ r=$?
+ if [ $r -lt 2 ]; then
+ fail "ssh-add did not fail for ${UNPRIV}: $r < 2"
+ fi
+
+ trace "kill agent"
+ ${SSHAGENT} -k > /dev/null
+fi
+
+rm -f ${OBJ}/agent
--- /dev/null
+# $OpenBSD: agent-ptrace.sh,v 1.1 2002/12/09 15:38:30 markus Exp $
+# Placed in the Public Domain.
+
+tid="disallow agent ptrace attach"
+
+trace "start agent"
+eval `${SSHAGENT} -s` > /dev/null
+r=$?
+if [ $r -ne 0 ]; then
+ fail "could not start ssh-agent: exit code $r"
+else
+ # ls -l ${SSH_AUTH_SOCK}
+ gdb ${SSHAGENT} ${SSH_AGENT_PID} > ${OBJ}/gdb.out 2>&1 << EOF
+ quit
+EOF
+ if [ $? -ne 0 ]; then
+ fail "gdb failed: exit code $?"
+ fi
+ grep -q 'ptrace: Operation not permitted.' ${OBJ}/gdb.out
+ r=$?
+ rm -f ${OBJ}/gdb.out
+ if [ $r -ne 0 ]; then
+ fail "ptrace succeeded?: exit code $r"
+ fi
+
+ trace "kill agent"
+ ${SSHAGENT} -k > /dev/null
+fi
--- /dev/null
+# $OpenBSD: agent-timeout.sh,v 1.1 2002/06/06 00:38:40 markus Exp $
+# Placed in the Public Domain.
+
+tid="agent timeout test"
+
+TIMEOUT=5
+
+trace "start agent"
+eval `${SSHAGENT} -s` > /dev/null
+r=$?
+if [ $r -ne 0 ]; then
+ fail "could not start ssh-agent: exit code $r"
+else
+ trace "add keys with timeout"
+ for t in rsa rsa1; do
+ ${SSHADD} -t ${TIMEOUT} $OBJ/$t > /dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ fail "ssh-add did succeed exit code 0"
+ fi
+ done
+ n=`${SSHADD} -l 2> /dev/null | wc -l`
+ trace "agent has $n keys"
+ if [ $n -ne 2 ]; then
+ fail "ssh-add -l did not return 2 keys: $n"
+ fi
+ trace "sleeping 2*${TIMEOUT} seconds"
+ sleep ${TIMEOUT}
+ sleep ${TIMEOUT}
+ ${SSHADD} -l 2> /dev/null | grep -q 'The agent has no identities.'
+ if [ $? -ne 0 ]; then
+ fail "ssh-add -l still returns keys after timeout"
+ fi
+
+ trace "kill agent"
+ ${SSHAGENT} -k > /dev/null
+fi
--- /dev/null
+# $OpenBSD: keygen-change.sh,v 1.2 2002/07/16 09:15:55 markus Exp $
+# Placed in the Public Domain.
+
+tid="change passphrase for key"
+
+S1="secret1"
+S2="2secret"
+
+for t in rsa dsa rsa1; do
+ # generate user key for agent
+ trace "generating $t key"
+ rm -f $OBJ/$t-key
+ ${SSHKEYGEN} -q -N ${S1} -t $t -f $OBJ/$t-key
+ if [ $? -eq 0 ]; then
+ ${SSHKEYGEN} -p -P ${S1} -N ${S2} -f $OBJ/$t-key > /dev/null
+ if [ $? -ne 0 ]; then
+ fail "ssh-keygen -p failed for $t-key"
+ fi
+ else
+ fail "ssh-keygen for $t-key failed"
+ fi
+ rm -f $OBJ/$t-key $OBJ/$t-key.pub
+done
-# $OpenBSD: proxy-connect.sh,v 1.4 2002/03/15 13:08:56 markus Exp $
+# $OpenBSD: proxy-connect.sh,v 1.5 2002/12/09 15:28:46 markus Exp $
# Placed in the Public Domain.
tid="proxy connect"
if [ $? -ne 0 ]; then
fail "ssh proxyconnect protocol $p failed"
fi
+ SSH_CONNECTION=`${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 'echo $SSH_CONNECTION'`
+ if [ $? -ne 0 ]; then
+ fail "ssh proxyconnect protocol $p failed"
+ fi
+ if [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then
+ fail "bad SSH_CONNECTION"
+ fi
done
--- /dev/null
+# $OpenBSD: sftp-batch.sh,v 1.2 2003/01/10 07:52:41 djm Exp $
+# Placed in the Public Domain.
+
+tid="sftp batchfile"
+
+DATA=/bin/ls
+COPY=${OBJ}/copy
+BATCH=${OBJ}/sftp-batch
+
+rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.*
+
+cat << EOF > ${BATCH}.pass.1
+ get $DATA $COPY
+ put ${COPY} ${COPY}.1
+ rm ${COPY}
+ -put ${COPY} ${COPY}.2
+EOF
+
+cat << EOF > ${BATCH}.pass.2
+ # This is a comment
+
+ # That was a blank line
+ ls
+EOF
+
+cat << EOF > ${BATCH}.fail.1
+ get $DATA $COPY
+ put ${COPY} ${COPY}.3
+ rm ${COPY}.*
+ # The next command should fail
+ put ${COPY}.3 ${COPY}.4
+EOF
+
+cat << EOF > ${BATCH}.fail.2
+ # The next command should fail
+ jajajajaja
+EOF
+
+verbose "$tid: good commands"
+${SFTP} -b ${BATCH}.pass.1 -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "good commands failed"
+
+verbose "$tid: bad commands"
+${SFTP} -b ${BATCH}.fail.1 -P ${SFTPSERVER} >/dev/null 2>&1 \
+ && fail "bad commands succeeded"
+
+verbose "$tid: comments and blanks"
+${SFTP} -b ${BATCH}.pass.2 -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "comments & blanks failed"
+
+verbose "$tid: junk command"
+${SFTP} -b ${BATCH}.fail.2 -P ${SFTPSERVER} >/dev/null 2>&1 \
+ && fail "junk command succeeded"
+
+rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.*
+
+
--- /dev/null
+# $OpenBSD: sftp-cmds.sh,v 1.2 2003/01/10 07:52:41 djm Exp $
+# Placed in the Public Domain.
+
+# XXX - TODO:
+# - globbed operations
+# - chmod / chown / chgrp
+# - -p flag for get & put
+
+tid="sftp commands"
+
+DATA=/bin/ls
+COPY=${OBJ}/copy
+
+rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.*
+
+verbose "$tid: lls"
+echo "lls ${OBJ}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "lls failed"
+# XXX always successful
+
+verbose "$tid: ls"
+echo "ls ${OBJ}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "ls failed"
+# XXX always successful
+
+verbose "$tid: shell"
+echo "!echo hi there" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "shell failed"
+# XXX always successful
+
+verbose "$tid: pwd"
+echo "pwd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "pwd failed"
+# XXX always successful
+
+verbose "$tid: lpwd"
+echo "lpwd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "lpwd failed"
+# XXX always successful
+
+verbose "$tid: quit"
+echo "quit" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "quit failed"
+# XXX always successful
+
+verbose "$tid: help"
+echo "help" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "help failed"
+# XXX always successful
+
+rm -f ${COPY}
+verbose "$tid: get"
+echo "get $DATA $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "get failed"
+cmp $DATA ${COPY} || fail "corrupted copy after get"
+
+rm -f ${COPY}
+verbose "$tid: put"
+echo "put $DATA $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "put failed"
+cmp $DATA ${COPY} || fail "corrupted copy after put"
+
+verbose "$tid: rename"
+echo "rename $COPY ${COPY}.1" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "rename failed"
+test -f ${COPY}.1 || fail "missing file after rename"
+cmp $DATA ${COPY}.1 >/dev/null 2>&1 || fail "corrupted copy after rename"
+
+verbose "$tid: ln"
+echo "ln ${COPY}.1 ${COPY}.2" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 || fail "ln failed"
+test -L ${COPY}.2 || fail "missing file after ln"
+
+verbose "$tid: mkdir"
+echo "mkdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "mkdir failed"
+test -d ${COPY}.dd || fail "missing directory after mkdir"
+
+# XXX do more here
+verbose "$tid: chdir"
+echo "chdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "chdir failed"
+
+verbose "$tid: rmdir"
+echo "rmdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "rmdir failed"
+test -d ${COPY}.1 && fail "present directory after rmdir"
+
+verbose "$tid: lmkdir"
+echo "lmkdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "lmkdir failed"
+test -d ${COPY}.dd || fail "missing directory after lmkdir"
+
+# XXX do more here
+verbose "$tid: lchdir"
+echo "lchdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
+ || fail "lchdir failed"
+
+rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.*
+
+
-# $OpenBSD: ssh-com-client.sh,v 1.3 2002/04/10 08:45:30 markus Exp $
+# $OpenBSD: ssh-com-client.sh,v 1.4 2002/07/16 08:58:16 markus Exp $
# Placed in the Public Domain.
tid="connect with ssh.com client"
2.3.1
2.4.0
3.0.0
- 3.1.0"
+ 3.1.0
+ 3.2.0
+ 3.3.0"
# 2.0.10 2.0.12 2.0.13 don't like the test setup
-# $OpenBSD: ssh-com-keygen.sh,v 1.1 2002/03/27 22:40:27 markus Exp $
+# $OpenBSD: ssh-com-keygen.sh,v 1.2 2002/07/16 08:58:16 markus Exp $
# Placed in the Public Domain.
tid="ssh.com key import"
2.3.1
2.4.0
3.0.0
- 3.1.0"
+ 3.1.0
+ 3.2.0
+ 3.3.0"
COMPRV=${OBJ}/comkey
COMPUB=${COMPRV}.pub
-# $OpenBSD: ssh-com-sftp.sh,v 1.2 2002/04/10 08:45:30 markus Exp $
+# $OpenBSD: ssh-com-sftp.sh,v 1.3 2002/07/16 08:58:16 markus Exp $
# Placed in the Public Domain.
tid="basic sftp put/get with ssh.com server"
2.3.1
2.4.0
3.0.0
- 3.1.0"
+ 3.1.0
+ 3.2.0
+ 3.3.0"
# go for it
for v in ${VERSIONS}; do
-# $OpenBSD: ssh-com.sh,v 1.3 2002/03/15 13:08:56 markus Exp $
+# $OpenBSD: ssh-com.sh,v 1.4 2002/07/16 08:58:16 markus Exp $
# Placed in the Public Domain.
tid="connect to ssh.com server"
2.1.0
2.2.0
2.3.0
- 2.3.1
2.4.0
3.0.0
- 3.1.0"
+ 3.1.0
+ 3.2.0
+ 3.3.0"
# 2.0.10 does not support UserConfigDirectory
+# 2.3.1 requires a config in $HOME/.ssh2
SRC=`dirname ${SCRIPT}`
# ssh.com
cat << EOF > $OBJ/sshd2_config
-*:
+#*:
# Port and ListenAdress are not used.
QuietMode yes
Port 4343
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
-.\" $OpenBSD: scp.1,v 1.23 2002/06/22 16:41:57 stevesk Exp $
+.\" $OpenBSD: scp.1,v 1.27 2003/03/28 10:11:43 jmc Exp $
.\"
.Dd September 25, 1999
.Dt SCP 1
.Nd secure copy (remote file copy program)
.Sh SYNOPSIS
.Nm scp
-.Op Fl pqrvBC46
+.Bk -words
+.Op Fl pqrvBC1246
.Op Fl F Ar ssh_config
.Op Fl S Ar program
.Op Fl P Ar port
.Op Fl c Ar cipher
.Op Fl i Ar identity_file
+.Op Fl l Ar limit
.Op Fl o Ar ssh_option
.Sm off
.Oo
.Ar host2 No :
.Oc Ar file2
.Sm on
+.Ek
.Sh DESCRIPTION
.Nm
copies files between hosts on a network.
authentication is read.
This option is directly passed to
.Xr ssh 1 .
+.It Fl l Ar limit
+Limits the used bandwidth, specified in Kbit/s.
.It Fl p
Preserves modification times, access times, and modes from the
original file.
This is useful for specifying options
for which there is no separate
.Nm scp
-command-line flag. For example, forcing the use of protocol
-version 1 is specified using
-.Ic scp -oProtocol=1 .
+command-line flag.
+.It Fl 1
+Forces
+.Nm
+to use protocol 1.
+.It Fl 2
+Forces
+.Nm
+to use protocol 2.
.It Fl 4
Forces
.Nm
*/
#include "includes.h"
-RCSID("$OpenBSD: scp.c,v 1.91 2002/06/19 00:27:55 deraadt Exp $");
+RCSID("$OpenBSD: scp.c,v 1.102 2003/03/05 22:33:43 markus Exp $");
#include "xmalloc.h"
#include "atomicio.h"
#include "pathnames.h"
#include "log.h"
#include "misc.h"
+#include "progressmeter.h"
#ifdef HAVE___PROGNAME
extern char *__progname;
char *__progname;
#endif
-/* For progressmeter() -- number of seconds before xfer considered "stalled" */
-#define STALLTIME 5
-/* alarm() interval for updating progress meter */
-#define PROGRESSTIME 1
-
-/* Visual statistics about files as they are transferred. */
-void progressmeter(int);
-
-/* Returns width of the terminal (for progress meter calculations). */
-int getttywidth(void);
-int do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc);
+void bwlimit(int);
/* Struct for addargs */
arglist args;
-/* Time a transfer started. */
-static struct timeval start;
-
-/* Number of bytes of current file transferred so far. */
-volatile off_t statbytes;
-
-/* Total size of current file. */
-off_t totalbytes = 0;
+/* Bandwidth limit */
+off_t limitbw = 0;
/* Name of current file being transferred. */
char *curfile;
/* This is the program to execute for the secured connection. ("ssh" or -S) */
char *ssh_program = _PATH_SSH_PROGRAM;
+/* This is used to store the pid of ssh_program */
+pid_t do_cmd_pid;
+
/*
* This function executes the given command as the specified user on the
* given host. This returns < 0 if execution fails, and >= 0 otherwise. This
close(reserved[1]);
/* For a child to execute the command on the remote host using ssh. */
- if (fork() == 0) {
+ do_cmd_pid = fork();
+ if (do_cmd_pid == 0) {
/* Child. */
close(pin[1]);
close(pout[0]);
execvp(ssh_program, args.list);
perror(ssh_program);
exit(1);
+ } else if (do_cmd_pid == -1) {
+ fatal("fork: %s", strerror(errno));
}
/* Parent. Close the other side, and return the local side. */
close(pin[0]);
int argc;
char *argv[];
{
- int ch, fflag, tflag;
- char *targ;
+ int ch, fflag, tflag, status;
+ double speed;
+ char *targ, *endp;
extern char *optarg;
extern int optind;
addargs(&args, "-oClearAllForwardings yes");
fflag = tflag = 0;
- while ((ch = getopt(argc, argv, "dfprtvBCc:i:P:q46S:o:F:")) != -1)
+ while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q1246S:o:F:")) != -1)
switch (ch) {
/* User-visible flags. */
+ case '1':
+ case '2':
case '4':
case '6':
case 'C':
case 'B':
addargs(&args, "-oBatchmode yes");
break;
+ case 'l':
+ speed = strtod(optarg, &endp);
+ if (speed <= 0 || *endp != '\0')
+ usage();
+ limitbw = speed * 1024;
+ break;
case 'p':
pflag = 1;
break;
targetshouldbedirectory = 1;
remin = remout = -1;
+ do_cmd_pid = -1;
/* Command to be executed on remote system using "ssh". */
(void) snprintf(cmd, sizeof cmd, "scp%s%s%s%s",
verbose_mode ? " -v" : "",
if (targetshouldbedirectory)
verifydir(argv[argc - 1]);
}
+ /*
+ * Finally check the exit status of the ssh process, if one was forked
+ * and no error has occured yet
+ */
+ if (do_cmd_pid != -1 && errs == 0) {
+ if (remin != -1)
+ (void) close(remin);
+ if (remout != -1)
+ (void) close(remout);
+ if (waitpid(do_cmd_pid, &status, 0) == -1)
+ errs = 1;
+ else {
+ if (!WIFEXITED(status) || WEXITSTATUS(status) != 0)
+ errs = 1;
+ }
+ }
exit(errs != 0);
}
if (*targ == 0)
targ = ".";
- if ((thost = strchr(argv[argc - 1], '@'))) {
+ if ((thost = strrchr(argv[argc - 1], '@'))) {
/* user@host */
*thost++ = 0;
tuser = argv[argc - 1];
if (*tuser == '\0')
tuser = NULL;
- else if (!okname(tuser))
- exit(1);
} else {
thost = argv[argc - 1];
tuser = NULL;
*src++ = 0;
if (*src == 0)
src = ".";
- host = strchr(argv[i], '@');
+ host = strrchr(argv[i], '@');
len = strlen(ssh_program) + strlen(argv[i]) +
strlen(src) + (tuser ? strlen(tuser) : 0) +
strlen(thost) + strlen(targ) +
suser = argv[i];
if (*suser == '\0')
suser = pwd->pw_name;
- else if (!okname(suser))
+ else if (!okname(suser)) {
+ xfree(bp);
continue;
+ }
+ if (tuser && !okname(tuser)) {
+ xfree(bp);
+ continue;
+ }
snprintf(bp, len,
"%s%s %s -n "
"-l %s %s %s %s '%s%s%s:%s'",
*src++ = 0;
if (*src == 0)
src = ".";
- if ((host = strchr(argv[i], '@')) == NULL) {
+ if ((host = strrchr(argv[i], '@')) == NULL) {
host = argv[i];
suser = NULL;
} else {
suser = argv[i];
if (*suser == '\0')
suser = pwd->pw_name;
- else if (!okname(suser))
- continue;
}
host = cleanhostname(host);
len = strlen(src) + CMDNEEDS + 20;
struct stat stb;
static BUF buffer;
BUF *bp;
- off_t i, amt, result;
+ off_t i, amt, result, statbytes;
int fd, haderr, indx;
char *last, *name, buf[2048];
int len;
#endif
if (verbose_mode) {
fprintf(stderr, "Sending file modes: %s", buf);
- fflush(stderr);
}
(void) atomicio(write, remout, buf, strlen(buf));
if (response() < 0)
next: (void) close(fd);
continue;
}
- if (showprogress) {
- totalbytes = stb.st_size;
- progressmeter(-1);
- }
+ if (showprogress)
+ start_progress_meter(curfile, stb.st_size, &statbytes);
/* Keep writing after an error so that we stay sync'd up. */
for (haderr = i = 0; i < stb.st_size; i += bp->cnt) {
amt = bp->cnt;
haderr = result >= 0 ? EIO : errno;
statbytes += result;
}
+ if (limitbw)
+ bwlimit(amt);
}
if (showprogress)
- progressmeter(1);
+ stop_progress_meter();
if (close(fd) < 0 && !haderr)
haderr = errno;
(void) response();
}
+void
+bwlimit(int amount)
+{
+ static struct timeval bwstart, bwend;
+ static int lamt, thresh = 16384;
+ u_int64_t wait;
+ struct timespec ts, rm;
+
+ if (!timerisset(&bwstart)) {
+ gettimeofday(&bwstart, NULL);
+ return;
+ }
+
+ lamt += amount;
+ if (lamt < thresh)
+ return;
+
+ gettimeofday(&bwend, NULL);
+ timersub(&bwend, &bwstart, &bwend);
+ if (!timerisset(&bwend))
+ return;
+
+ lamt *= 8;
+ wait = (double)1000000L * lamt / limitbw;
+
+ bwstart.tv_sec = wait / 1000000L;
+ bwstart.tv_usec = wait % 1000000L;
+
+ if (timercmp(&bwstart, &bwend, >)) {
+ timersub(&bwstart, &bwend, &bwend);
+
+ /* Adjust the wait time */
+ if (bwend.tv_sec) {
+ thresh /= 2;
+ if (thresh < 2048)
+ thresh = 2048;
+ } else if (bwend.tv_usec < 100) {
+ thresh *= 2;
+ if (thresh > 32768)
+ thresh = 32768;
+ }
+
+ TIMEVAL_TO_TIMESPEC(&bwend, &ts);
+ while (nanosleep(&ts, &rm) == -1) {
+ if (errno != EINTR)
+ break;
+ ts = rm;
+ }
+ }
+
+ lamt = 0;
+ gettimeofday(&bwstart, NULL);
+}
+
void
sink(argc, argv)
int argc;
BUF *bp;
off_t i, j;
int amt, count, exists, first, mask, mode, ofd, omode;
- off_t size;
+ off_t size, statbytes;
int setimes, targisdir, wrerrno = 0;
char ch, *cp, *np, *targ, *why, *vect[1], buf[2048];
struct timeval tv[2];
cp = bp->buf;
wrerr = NO;
- if (showprogress) {
- totalbytes = size;
- progressmeter(-1);
- }
statbytes = 0;
+ if (showprogress)
+ start_progress_meter(curfile, size, &statbytes);
for (count = i = 0; i < size; i += 4096) {
amt = 4096;
if (i + amt > size)
cp += j;
statbytes += j;
} while (amt > 0);
+
+ if (limitbw)
+ bwlimit(4096);
+
if (count == bp->cnt) {
/* Keep reading so we stay sync'd up. */
if (wrerr == NO) {
}
}
if (showprogress)
- progressmeter(1);
+ stop_progress_meter();
if (count != 0 && wrerr == NO &&
(j = atomicio(write, ofd, bp->buf, count)) != count) {
wrerr = YES;
wrerrno = j >= 0 ? EIO : errno;
}
- if (ftruncate(ofd, size)) {
+ if (wrerr == NO && ftruncate(ofd, size) != 0) {
run_err("%s: truncate: %s", np, strerror(errno));
wrerr = DISPLAYED;
}
usage(void)
{
(void) fprintf(stderr,
- "usage: scp [-pqrvBC46] [-F config] [-S program] [-P port]\n"
- " [-c cipher] [-i identity] [-o option]\n"
+ "usage: scp [-pqrvBC1246] [-F config] [-S program] [-P port]\n"
+ " [-c cipher] [-i identity] [-l limit] [-o option]\n"
" [[user@]host1:]file1 [...] [[user@]host2:]file2\n");
exit(1);
}
c = (int)*cp;
if (c & 0200)
goto bad;
- if (!isalpha(c) && !isdigit(c) &&
- c != '_' && c != '-' && c != '.' && c != '+')
- goto bad;
+ if (!isalpha(c) && !isdigit(c)) {
+ switch (c) {
+ case '\'':
+ case '"':
+ case '`':
+ case ' ':
+ case '#':
+ goto bad;
+ default:
+ break;
+ }
+ }
} while (*++cp);
return (1);
run_err("fstat: %s", strerror(errno));
return (0);
}
- if (stb.st_blksize == 0)
+ size = roundup(stb.st_blksize, blksize);
+ if (size == 0)
size = blksize;
- else
- size = blksize + (stb.st_blksize - blksize % stb.st_blksize) %
- stb.st_blksize;
#else /* HAVE_STRUCT_STAT_ST_BLKSIZE */
size = blksize;
#endif /* HAVE_STRUCT_STAT_ST_BLKSIZE */
else
exit(1);
}
-
-static void
-updateprogressmeter(int ignore)
-{
- int save_errno = errno;
-
- progressmeter(0);
- signal(SIGALRM, updateprogressmeter);
- alarm(PROGRESSTIME);
- errno = save_errno;
-}
-
-static int
-foregroundproc(void)
-{
- static pid_t pgrp = -1;
- int ctty_pgrp;
-
- if (pgrp == -1)
- pgrp = getpgrp();
-
-#ifdef HAVE_TCGETPGRP
- return ((ctty_pgrp = tcgetpgrp(STDOUT_FILENO)) != -1 &&
- ctty_pgrp == pgrp);
-#else
- return ((ioctl(STDOUT_FILENO, TIOCGPGRP, &ctty_pgrp) != -1 &&
- ctty_pgrp == pgrp));
-#endif
-}
-
-void
-progressmeter(int flag)
-{
- static const char prefixes[] = " KMGTP";
- static struct timeval lastupdate;
- static off_t lastsize;
- struct timeval now, td, wait;
- off_t cursize, abbrevsize;
- double elapsed;
- int ratio, barlength, i, remaining;
- char buf[512];
-
- if (flag == -1) {
- (void) gettimeofday(&start, (struct timezone *) 0);
- lastupdate = start;
- lastsize = 0;
- }
- if (foregroundproc() == 0)
- return;
-
- (void) gettimeofday(&now, (struct timezone *) 0);
- cursize = statbytes;
- if (totalbytes != 0) {
- ratio = 100.0 * cursize / totalbytes;
- ratio = MAX(ratio, 0);
- ratio = MIN(ratio, 100);
- } else
- ratio = 100;
-
- snprintf(buf, sizeof(buf), "\r%-20.20s %3d%% ", curfile, ratio);
-
- barlength = getttywidth() - 51;
- if (barlength > 0) {
- i = barlength * ratio / 100;
- snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
- "|%.*s%*s|", i,
- "*******************************************************"
- "*******************************************************"
- "*******************************************************"
- "*******************************************************"
- "*******************************************************"
- "*******************************************************"
- "*******************************************************",
- barlength - i, "");
- }
- i = 0;
- abbrevsize = cursize;
- while (abbrevsize >= 100000 && i < sizeof(prefixes)) {
- i++;
- abbrevsize >>= 10;
- }
- snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), " %5lu %c%c ",
- (unsigned long) abbrevsize, prefixes[i],
- prefixes[i] == ' ' ? ' ' : 'B');
-
- timersub(&now, &lastupdate, &wait);
- if (cursize > lastsize) {
- lastupdate = now;
- lastsize = cursize;
- if (wait.tv_sec >= STALLTIME) {
- start.tv_sec += wait.tv_sec;
- start.tv_usec += wait.tv_usec;
- }
- wait.tv_sec = 0;
- }
- timersub(&now, &start, &td);
- elapsed = td.tv_sec + (td.tv_usec / 1000000.0);
-
- if (flag != 1 &&
- (statbytes <= 0 || elapsed <= 0.0 || cursize > totalbytes)) {
- snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
- " --:-- ETA");
- } else if (wait.tv_sec >= STALLTIME) {
- snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
- " - stalled -");
- } else {
- if (flag != 1)
- remaining = (int)(totalbytes / (statbytes / elapsed) -
- elapsed);
- else
- remaining = elapsed;
-
- i = remaining / 3600;
- if (i)
- snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
- "%2d:", i);
- else
- snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
- " ");
- i = remaining % 3600;
- snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
- "%02d:%02d%s", i / 60, i % 60,
- (flag != 1) ? " ETA" : " ");
- }
- atomicio(write, fileno(stdout), buf, strlen(buf));
-
- if (flag == -1) {
- mysignal(SIGALRM, updateprogressmeter);
- alarm(PROGRESSTIME);
- } else if (flag == 1) {
- alarm(0);
- atomicio(write, fileno(stdout), "\n", 1);
- statbytes = 0;
- }
-}
-
-int
-getttywidth(void)
-{
- struct winsize winsize;
-
- if (ioctl(fileno(stdout), TIOCGWINSZ, &winsize) != -1)
- return (winsize.ws_col ? winsize.ws_col : 80);
- else
- return (80);
-}
*/
#include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.115 2002/09/04 18:52:42 stevesk Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.116 2003/02/21 09:05:53 markus Exp $");
#if defined(KRB4)
#include <krb.h>
char line[1024];
FILE *f;
+ debug2("read_server_config: filename %s", filename);
f = fopen(filename, "r");
if (!f) {
perror(filename);
*/
#include "includes.h"
-RCSID("$OpenBSD: serverloop.c,v 1.104 2002/09/19 16:03:15 stevesk Exp $");
+RCSID("$OpenBSD: serverloop.c,v 1.106 2003/04/01 10:22:21 markus Exp $");
#include "xmalloc.h"
#include "packet.h"
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.150 2002/09/16 19:55:33 stevesk Exp $");
+RCSID("$OpenBSD: session.c,v 1.154 2003/03/05 22:33:43 markus Exp $");
#include "ssh.h"
#include "ssh1.h"
void
do_authenticated(Authctxt *authctxt)
{
+ setproctitle("%s", authctxt->pw->pw_name);
+
/*
* Cancel the alarm we set to limit the time taken for
* authentication.
record_utmp_only(pid, s->tty, s->pw->pw_name,
get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping),
- (struct sockaddr *)&from);
+ (struct sockaddr *)&from, fromlen);
}
#endif
* the address be 0.0.0.0.
*/
memset(&from, 0, sizeof(from));
+ fromlen = sizeof(from);
if (packet_connection_is_on_socket()) {
- fromlen = sizeof(from);
if (getpeername(packet_get_connection_in(),
(struct sockaddr *) & from, &fromlen) < 0) {
debug("getpeername: %.100s", strerror(errno));
{
char buf[256];
u_int i, envsize;
- char **env;
+ char **env, *laddr;
struct passwd *pw = s->pw;
/* Initialize the environment. */
/* Set basic environment. */
child_set_env(&env, &envsize, "USER", pw->pw_name);
child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
+#ifdef _AIX
+ child_set_env(&env, &envsize, "LOGIN", pw->pw_name);
+#endif
child_set_env(&env, &envsize, "HOME", pw->pw_dir);
#ifdef HAVE_LOGIN_CAP
if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0)
get_remote_ipaddr(), get_remote_port(), get_local_port());
child_set_env(&env, &envsize, "SSH_CLIENT", buf);
+ laddr = get_local_ipaddr(packet_get_connection_in());
snprintf(buf, sizeof buf, "%.50s %d %.50s %d",
- get_remote_ipaddr(), get_remote_port(),
- get_local_ipaddr(packet_get_connection_in()), get_local_port());
+ get_remote_ipaddr(), get_remote_port(), laddr, get_local_port());
+ xfree(laddr);
child_set_env(&env, &envsize, "SSH_CONNECTION", buf);
if (s->ttyfd != -1)
/* Add authority data to .Xauthority if appropriate. */
if (debug_flag) {
fprintf(stderr,
- "Running %.500s add "
- "%.100s %.100s %.100s\n",
+ "Running %.500s remove %.100s\n",
+ options.xauth_location, s->auth_display);
+ fprintf(stderr,
+ "%.500s add %.100s %.100s %.100s\n",
options.xauth_location, s->auth_display,
s->auth_proto, s->auth_data);
}
options.xauth_location);
f = popen(cmd, "w");
if (f) {
+ fprintf(f, "remove %s\n",
+ s->auth_display);
fprintf(f, "add %s %s %s\n",
s->auth_display, s->auth_proto,
s->auth_data);
while (fgets(buf, sizeof(buf), f))
fputs(buf, stderr);
fclose(f);
+ fflush(NULL);
exit(254);
}
}
void
do_setusercontext(struct passwd *pw)
{
-#ifdef HAVE_CYGWIN
- if (is_winnt) {
-#else /* HAVE_CYGWIN */
- if (getuid() == 0 || geteuid() == 0) {
+#ifndef HAVE_CYGWIN
+ if (getuid() == 0 || geteuid() == 0)
#endif /* HAVE_CYGWIN */
+ {
+
#ifdef HAVE_SETPCRED
setpcred(pw->pw_name);
#endif /* HAVE_SETPCRED */
permanently_set_uid(pw);
#endif
}
+
+#ifdef HAVE_CYGWIN
+ if (is_winnt)
+#endif
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
}
*/
if (!options.use_login) {
#ifdef HAVE_OSF_SIA
- session_setup_sia(pw->pw_name, s->ttyfd == -1 ? NULL : s->tty);
+ session_setup_sia(pw, s->ttyfd == -1 ? NULL : s->tty);
if (!check_quietlogin(s, command))
do_motd();
#else /* HAVE_OSF_SIA */
* legal, and means /bin/sh.
*/
shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
+
+ /*
+ * Make sure $SHELL points to the shell from the password file,
+ * even if shell is overridden from login.conf
+ */
+ env = do_setup_env(s, shell);
+
#ifdef HAVE_LOGIN_CAP
shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
#endif
- env = do_setup_env(s, shell);
-
/* we have to stash the hostname before we close our socket. */
if (options.use_login)
hostname = get_remote_name_or_ip(utmp_len,
{
static char buf[1024];
int i;
+ char *cp;
+
buf[0] = '\0';
for (i = 0; i < MAX_SESSIONS; i++) {
Session *s = &sessions[i];
if (s->used && s->ttyfd != -1) {
+
+ if (strncmp(s->tty, "/dev/", 5) != 0) {
+ cp = strrchr(s->tty, '/');
+ cp = (cp == NULL) ? s->tty : cp + 1;
+ } else
+ cp = s->tty + 5;
+
if (buf[0] != '\0')
strlcat(buf, ",", sizeof buf);
- strlcat(buf, strrchr(s->tty, '/') + 1, sizeof buf);
+ strlcat(buf, cp, sizeof buf);
}
}
if (buf[0] == '\0')
/*
- * Copyright (c) 2001,2002 Damien Miller. All rights reserved.
+ * Copyright (c) 2001-2003 Damien Miller. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
/* XXX: copy between two remote sites */
#include "includes.h"
-RCSID("$OpenBSD: sftp-client.c,v 1.35 2002/09/11 22:41:49 djm Exp $");
+RCSID("$OpenBSD: sftp-client.c,v 1.42 2003/03/05 22:33:43 markus Exp $");
#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "log.h"
#include "atomicio.h"
+#include "progressmeter.h"
#include "sftp.h"
#include "sftp-common.h"
#include "sftp-client.h"
+extern int showprogress;
+
/* Minimum amount of data to read at at time */
#define MIN_READ_SIZE 512
+/* Maximum packet size */
+#define MAX_MSG_LENGTH (256 * 1024)
+
struct sftp_conn {
int fd_in;
int fd_out;
static void
send_msg(int fd, Buffer *m)
{
- int mlen = buffer_len(m);
- int len;
- Buffer oqueue;
+ u_char mlen[4];
+
+ if (buffer_len(m) > MAX_MSG_LENGTH)
+ fatal("Outbound message too long %u", buffer_len(m));
- buffer_init(&oqueue);
- buffer_put_int(&oqueue, mlen);
- buffer_append(&oqueue, buffer_ptr(m), mlen);
- buffer_consume(m, mlen);
+ /* Send length first */
+ PUT_32BIT(mlen, buffer_len(m));
+ if (atomicio(write, fd, mlen, sizeof(mlen)) <= 0)
+ fatal("Couldn't send packet: %s", strerror(errno));
- len = atomicio(write, fd, buffer_ptr(&oqueue), buffer_len(&oqueue));
- if (len <= 0)
+ if (atomicio(write, fd, buffer_ptr(m), buffer_len(m)) <= 0)
fatal("Couldn't send packet: %s", strerror(errno));
- buffer_free(&oqueue);
+ buffer_clear(m);
}
static void
get_msg(int fd, Buffer *m)
{
- u_int len, msg_len;
- unsigned char buf[4096];
+ ssize_t len;
+ u_int msg_len;
- len = atomicio(read, fd, buf, 4);
+ buffer_append_space(m, 4);
+ len = atomicio(read, fd, buffer_ptr(m), 4);
if (len == 0)
fatal("Connection closed");
else if (len == -1)
fatal("Couldn't read packet: %s", strerror(errno));
- msg_len = GET_32BIT(buf);
- if (msg_len > 256 * 1024)
+ msg_len = buffer_get_int(m);
+ if (msg_len > MAX_MSG_LENGTH)
fatal("Received message too long %u", msg_len);
- while (msg_len) {
- len = atomicio(read, fd, buf, MIN(msg_len, sizeof(buf)));
- if (len == 0)
- fatal("Connection closed");
- else if (len == -1)
- fatal("Couldn't read packet: %s", strerror(errno));
-
- msg_len -= len;
- buffer_append(m, buf, len);
- }
+ buffer_append_space(m, msg_len);
+ len = atomicio(read, fd, buffer_ptr(m), msg_len);
+ if (len == 0)
+ fatal("Connection closed");
+ else if (len == -1)
+ fatal("Read packet: %s", strerror(errno));
}
static void
error("Couldn't read directory: %s",
fx2txt(status));
do_close(conn, handle, handle_len);
+ xfree(handle);
return(status);
}
} else if (type != SSH2_FXP_NAME)
status = get_status(conn->fd_in, id);
if (status != SSH2_FX_OK)
- error("Couldn't rename file \"%s\" to \"%s\": %s", oldpath,
+ error("Couldn't symlink file \"%s\" to \"%s\": %s", oldpath,
newpath, fx2txt(status));
return(status);
int read_error, write_errno;
u_int64_t offset, size;
u_int handle_len, mode, type, id, buflen;
+ off_t progress_counter;
struct request {
u_int id;
u_int len;
/* XXX: should we preserve set[ug]id? */
if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)
- mode = S_IWRITE | (a->perm & 0777);
+ mode = a->perm & 0777;
else
mode = 0666;
if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) &&
- (a->perm & S_IFDIR)) {
- error("Cannot download a directory: %s", remote_path);
+ (!S_ISREG(a->perm))) {
+ error("Cannot download non-regular file: %s", remote_path);
return(-1);
}
return(-1);
}
- local_fd = open(local_path, O_WRONLY | O_CREAT | O_TRUNC, mode);
+ local_fd = open(local_path, O_WRONLY | O_CREAT | O_TRUNC,
+ mode | S_IWRITE);
if (local_fd == -1) {
error("Couldn't open local file \"%s\" for writing: %s",
local_path, strerror(errno));
/* Read from remote and write to local */
write_error = read_error = write_errno = num_req = offset = 0;
max_req = 1;
+ progress_counter = 0;
+
+ if (showprogress) {
+ if (size)
+ start_progress_meter(remote_path, size,
+ &progress_counter);
+ else
+ printf("Fetching %s to %s\n", remote_path, local_path);
+ }
+
while (num_req > 0 || max_req > 0) {
char *data;
u_int len;
(unsigned long long)req->offset + len - 1);
if (len > req->len)
fatal("Received more data than asked for "
- "%u > %u", len, req->len);
+ "%u > %u", len, req->len);
if ((lseek(local_fd, req->offset, SEEK_SET) == -1 ||
- atomicio(write, local_fd, data, len) != len) &&
+ atomicio(write, local_fd, data, len) != len) &&
!write_error) {
write_errno = errno;
write_error = 1;
max_req = 0;
}
+ progress_counter += len;
xfree(data);
if (len == req->len) {
}
}
+ if (showprogress && size)
+ stop_progress_meter();
+
/* Sanity check */
if (TAILQ_FIRST(&requests) != NULL)
fatal("Transfer complete, but requests still in queue");
if (pflag && chmod(local_path, mode) == -1)
#endif /* HAVE_FCHMOD */
error("Couldn't set mode on \"%s\": %s", local_path,
- strerror(errno));
+ strerror(errno));
if (pflag && (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME)) {
struct timeval tv[2];
tv[0].tv_sec = a->atime;
tv[0].tv_usec = tv[1].tv_usec = 0;
if (utimes(local_path, tv) == -1)
error("Can't set times on \"%s\": %s",
- local_path, strerror(errno));
+ local_path, strerror(errno));
}
}
close(local_fd);
close(local_fd);
return(-1);
}
+ if (!S_ISREG(sb.st_mode)) {
+ error("%s is not a regular file", local_path);
+ close(local_fd);
+ return(-1);
+ }
stat_to_attrib(&sb, &a);
a.flags &= ~SSH2_FILEXFER_ATTR_SIZE;
/* Read from local and write to remote */
offset = 0;
+ if (showprogress)
+ start_progress_meter(local_path, sb.st_size, &offset);
+ else
+ printf("Uploading %s to %s\n", local_path, remote_path);
+
for (;;) {
int len;
buffer_put_string(&msg, data, len);
send_msg(conn->fd_out, &msg);
debug3("Sent message SSH2_FXP_WRITE I:%u O:%llu S:%u",
- id, (unsigned long long)offset, len);
+ id, (unsigned long long)offset, len);
} else if (TAILQ_FIRST(&acks) == NULL)
break;
if (status != SSH2_FX_OK) {
error("Couldn't write to remote file \"%s\": %s",
- remote_path, fx2txt(status));
+ remote_path, fx2txt(status));
do_close(conn, handle, handle_len);
close(local_fd);
+ xfree(data);
+ xfree(ack);
goto done;
}
debug3("In write loop, ack for %u %u bytes at %llu",
}
offset += len;
}
+ if (showprogress)
+ stop_progress_meter();
xfree(data);
if (close(local_fd) == -1) {
*/
#include "includes.h"
-RCSID("$OpenBSD: sftp-common.c,v 1.7 2002/09/11 22:41:50 djm Exp $");
+RCSID("$OpenBSD: sftp-common.c,v 1.8 2002/10/16 14:31:48 itojun Exp $");
#include "buffer.h"
#include "bufaux.h"
glen = MAX(strlen(group), 8);
snprintf(buf, sizeof buf, "%s %3d %-*s %-*s %8llu %s %s", mode,
st->st_nlink, ulen, user, glen, group,
- (u_int64_t)st->st_size, tbuf, name);
+ (unsigned long long)st->st_size, tbuf, name);
return xstrdup(buf);
}
/* XXX: recursive operations */
#include "includes.h"
-RCSID("$OpenBSD: sftp-int.c,v 1.49 2002/09/12 00:13:06 djm Exp $");
+RCSID("$OpenBSD: sftp-int.c,v 1.57 2003/03/05 22:33:43 markus Exp $");
#include "buffer.h"
#include "xmalloc.h"
/* Number of concurrent outstanding requests */
extern int num_requests;
+/* This is set to 0 if the progressmeter is not desired. */
+int showprogress = 1;
+
/* Seperators for interactive commands */
#define WHITESPACE " \t\r\n"
#define I_SHELL 20
#define I_SYMLINK 21
#define I_VERSION 22
+#define I_PROGRESS 23
struct CMD {
const char *c;
const int n;
};
-const struct CMD cmds[] = {
+static const struct CMD cmds[] = {
{ "bye", I_QUIT },
{ "cd", I_CHDIR },
{ "chdir", I_CHDIR },
{ "ls", I_LS },
{ "lumask", I_LUMASK },
{ "mkdir", I_MKDIR },
+ { "progress", I_PROGRESS },
{ "put", I_PUT },
{ "mput", I_PUT },
{ "pwd", I_PWD },
printf("ls [path] Display remote directory listing\n");
printf("lumask umask Set local umask to 'umask'\n");
printf("mkdir path Create remote directory\n");
+ printf("progress Toggle display of progress meter\n");
printf("put local-path [remote-path] Upload file\n");
printf("pwd Display remote working directory\n");
printf("exit Quit sftp\n");
return(sb.st_mode & S_IFDIR);
}
+static int
+is_reg(char *path)
+{
+ struct stat sb;
+
+ if (stat(path, &sb) == -1)
+ fatal("stat %s: %s", path, strerror(errno));
+
+ return(S_ISREG(sb.st_mode));
+}
+
static int
remote_is_dir(struct sftp_conn *conn, char *path)
{
err = -1;
goto out;
}
- printf("Fetching %s to %s\n", g.gl_pathv[0], abs_dst);
err = do_download(conn, g.gl_pathv[0], abs_dst, pflag);
goto out;
}
/* Only one match, dst may be file, directory or unspecified */
if (g.gl_pathv[0] && g.gl_matchc == 1) {
+ if (!is_reg(g.gl_pathv[0])) {
+ error("Can't upload %s: not a regular file",
+ g.gl_pathv[0]);
+ err = 1;
+ goto out;
+ }
if (tmp_dst) {
/* If directory specified, append filename */
if (remote_is_dir(conn, tmp_dst)) {
}
abs_dst = make_absolute(abs_dst, pwd);
}
- printf("Uploading %s to %s\n", g.gl_pathv[0], abs_dst);
err = do_upload(conn, g.gl_pathv[0], abs_dst, pflag);
goto out;
}
}
for (i = 0; g.gl_pathv[i]; i++) {
+ if (!is_reg(g.gl_pathv[i])) {
+ error("skipping non-regular file %s",
+ g.gl_pathv[i]);
+ continue;
+ }
if (infer_path(g.gl_pathv[i], &tmp)) {
err = -1;
goto out;
SFTP_DIRENT *a = *(SFTP_DIRENT **)aa;
SFTP_DIRENT *b = *(SFTP_DIRENT **)bb;
- return (strcmp(a->filename, b->filename));
+ return (strcmp(a->filename, b->filename));
}
/* sftp ls.1 replacement for directories */
if ((n = do_readdir(conn, path, &d)) != 0)
return (n);
- /* Count entries for sort */
+ /* Count entries for sort */
for (n = 0; d[n] != NULL; n++)
;
for (n = 0; d[n] != NULL; n++) {
char *tmp, *fname;
-
+
tmp = path_append(path, d[n]->filename);
fname = path_strip(tmp, strip_path);
xfree(tmp);
/* XXX - multicolumn display would be nice here */
printf("%s\n", fname);
}
-
+
xfree(fname);
}
/* sftp ls.1 replacement which handles path globs */
static int
-do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
+do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
int lflag)
{
glob_t g;
memset(&g, 0, sizeof(g));
- if (remote_glob(conn, path, GLOB_MARK|GLOB_NOCHECK|GLOB_BRACE,
+ if (remote_glob(conn, path, GLOB_MARK|GLOB_NOCHECK|GLOB_BRACE,
NULL, &g)) {
error("Can't ls: \"%s\" not found", path);
return (-1);
}
/*
- * If the glob returns a single match, which is the same as the
+ * If the glob returns a single match, which is the same as the
* input glob, and it is a directory, then just list its contents
*/
- if (g.gl_pathc == 1 &&
+ if (g.gl_pathc == 1 &&
strncmp(path, g.gl_pathv[0], strlen(g.gl_pathv[0]) - 1) == 0) {
if ((a = do_lstat(conn, path, 1)) == NULL) {
globfree(&g);
return (-1);
}
- if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) &&
+ if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) &&
S_ISDIR(a->perm)) {
globfree(&g);
return (do_ls_dir(conn, path, strip_path, lflag));
if (lflag) {
/*
* XXX: this is slow - 1 roundtrip per path
- * A solution to this is to fork glob() and
- * build a sftp specific version which keeps the
+ * A solution to this is to fork glob() and
+ * build a sftp specific version which keeps the
* attribs (which currently get thrown away)
* that the server returns as well as the filenames.
*/
}
static int
-parse_args(const char **cpp, int *pflag, int *lflag,
+parse_args(const char **cpp, int *pflag, int *lflag, int *iflag,
unsigned long *n_arg, char **path1, char **path2)
{
const char *cmd, *cp = *cpp;
/* Skip leading whitespace */
cp = cp + strspn(cp, WHITESPACE);
- /* Ignore blank lines */
- if (!*cp)
- return(-1);
+ /* Ignore blank lines and lines which begin with comment '#' char */
+ if (*cp == '\0' || *cp == '#')
+ return (0);
+ /* Check for leading '-' (disable error processing) */
+ *iflag = 0;
+ if (*cp == '-') {
+ *iflag = 1;
+ cp++;
+ }
+
/* Figure out which command we have */
for (i = 0; cmds[i].c; i++) {
int cmdlen = strlen(cmds[i].c);
cmdnum = I_SHELL;
} else if (cmdnum == -1) {
error("Invalid command.");
- return(-1);
+ return (-1);
}
/* Get arguments and parse flags */
case I_LPWD:
case I_HELP:
case I_VERSION:
+ case I_PROGRESS:
break;
default:
fatal("Command not implemented");
}
static int
-parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd)
+parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
+ int err_abort)
{
char *path1, *path2, *tmp;
- int pflag, lflag, cmdnum, i;
+ int pflag, lflag, iflag, cmdnum, i;
unsigned long n_arg;
Attrib a, *aa;
char path_buf[MAXPATHLEN];
glob_t g;
path1 = path2 = NULL;
- cmdnum = parse_args(&cmd, &pflag, &lflag, &n_arg,
+ cmdnum = parse_args(&cmd, &pflag, &lflag, &iflag, &n_arg,
&path1, &path2);
+ if (iflag != 0)
+ err_abort = 0;
+
memset(&g, 0, sizeof(g));
/* Perform command */
switch (cmdnum) {
+ case 0:
+ /* Blank line */
+ break;
case -1:
+ /* Unrecognized command */
+ err = -1;
break;
case I_GET:
err = process_get(conn, path1, path2, *pwd, pflag);
remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
for (i = 0; g.gl_pathv[i]; i++) {
printf("Removing %s\n", g.gl_pathv[i]);
- if (do_rm(conn, g.gl_pathv[i]) == -1)
- err = -1;
+ err = do_rm(conn, g.gl_pathv[i]);
+ if (err != 0 && err_abort)
+ break;
}
break;
case I_MKDIR:
do_globbed_ls(conn, *pwd, *pwd, lflag);
break;
}
-
+
/* Strip pwd off beginning of non-absolute paths */
tmp = NULL;
if (*path1 != '/')
tmp = *pwd;
path1 = make_absolute(path1, *pwd);
-
- do_globbed_ls(conn, path1, tmp, lflag);
+ err = do_globbed_ls(conn, path1, tmp, lflag);
break;
case I_LCHDIR:
if (chdir(path1) == -1) {
remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
for (i = 0; g.gl_pathv[i]; i++) {
printf("Changing mode on %s\n", g.gl_pathv[i]);
- do_setstat(conn, g.gl_pathv[i], &a);
+ err = do_setstat(conn, g.gl_pathv[i], &a);
+ if (err != 0 && err_abort)
+ break;
}
break;
case I_CHOWN:
- path1 = make_absolute(path1, *pwd);
- remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
- for (i = 0; g.gl_pathv[i]; i++) {
- if (!(aa = do_stat(conn, g.gl_pathv[i], 0)))
- continue;
- if (!(aa->flags & SSH2_FILEXFER_ATTR_UIDGID)) {
- error("Can't get current ownership of "
- "remote file \"%s\"", g.gl_pathv[i]);
- continue;
- }
- printf("Changing owner on %s\n", g.gl_pathv[i]);
- aa->flags &= SSH2_FILEXFER_ATTR_UIDGID;
- aa->uid = n_arg;
- do_setstat(conn, g.gl_pathv[i], aa);
- }
- break;
case I_CHGRP:
path1 = make_absolute(path1, *pwd);
remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
for (i = 0; g.gl_pathv[i]; i++) {
- if (!(aa = do_stat(conn, g.gl_pathv[i], 0)))
- continue;
+ if (!(aa = do_stat(conn, g.gl_pathv[i], 0))) {
+ if (err != 0 && err_abort)
+ break;
+ else
+ continue;
+ }
if (!(aa->flags & SSH2_FILEXFER_ATTR_UIDGID)) {
error("Can't get current ownership of "
"remote file \"%s\"", g.gl_pathv[i]);
- continue;
+ if (err != 0 && err_abort)
+ break;
+ else
+ continue;
}
- printf("Changing group on %s\n", g.gl_pathv[i]);
aa->flags &= SSH2_FILEXFER_ATTR_UIDGID;
- aa->gid = n_arg;
- do_setstat(conn, g.gl_pathv[i], aa);
+ if (cmdnum == I_CHOWN) {
+ printf("Changing owner on %s\n", g.gl_pathv[i]);
+ aa->uid = n_arg;
+ } else {
+ printf("Changing group on %s\n", g.gl_pathv[i]);
+ aa->gid = n_arg;
+ }
+ err = do_setstat(conn, g.gl_pathv[i], aa);
+ if (err != 0 && err_abort)
+ break;
}
break;
case I_PWD:
printf("Remote working directory: %s\n", *pwd);
break;
case I_LPWD:
- if (!getcwd(path_buf, sizeof(path_buf)))
- error("Couldn't get local cwd: %s",
- strerror(errno));
- else
- printf("Local working directory: %s\n",
- path_buf);
+ if (!getcwd(path_buf, sizeof(path_buf))) {
+ error("Couldn't get local cwd: %s", strerror(errno));
+ err = -1;
+ break;
+ }
+ printf("Local working directory: %s\n", path_buf);
break;
case I_QUIT:
- return(-1);
+ /* Processed below */
+ break;
case I_HELP:
help();
break;
case I_VERSION:
printf("SFTP protocol version %u\n", sftp_proto_version(conn));
break;
+ case I_PROGRESS:
+ showprogress = !showprogress;
+ if (showprogress)
+ printf("Progress meter enabled\n");
+ else
+ printf("Progress meter disabled\n");
+ break;
default:
fatal("%d is not implemented", cmdnum);
}
if (path2)
xfree(path2);
- /* If an error occurs in batch mode we should abort. */
- if (infile != stdin && err > 0)
- return -1;
+ /* If an unignored error occurs in batch mode we should abort. */
+ if (err_abort && err != 0)
+ return (-1);
+ else if (cmdnum == I_QUIT)
+ return (1);
- return(0);
+ return (0);
}
-void
+int
interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
{
char *pwd;
char *dir = NULL;
char cmd[2048];
struct sftp_conn *conn;
+ int err;
conn = do_init(fd_in, fd_out, copy_buffer_len, num_requests);
if (conn == NULL)
if (remote_is_dir(conn, dir) && file2 == NULL) {
printf("Changing to: %s\n", dir);
snprintf(cmd, sizeof cmd, "cd \"%s\"", dir);
- parse_dispatch_command(conn, cmd, &pwd);
+ if (parse_dispatch_command(conn, cmd, &pwd, 1) != 0)
+ return (-1);
} else {
if (file2 == NULL)
snprintf(cmd, sizeof cmd, "get %s", dir);
snprintf(cmd, sizeof cmd, "get %s %s", dir,
file2);
- parse_dispatch_command(conn, cmd, &pwd);
+ err = parse_dispatch_command(conn, cmd, &pwd, 1);
xfree(dir);
- return;
+ xfree(pwd);
+ return (err);
}
xfree(dir);
}
+
#if HAVE_SETVBUF
setvbuf(stdout, NULL, _IOLBF, 0);
setvbuf(infile, NULL, _IOLBF, 0);
setlinebuf(infile);
#endif
+ err = 0;
for (;;) {
char *cp;
if (cp)
*cp = '\0';
- if (parse_dispatch_command(conn, cmd, &pwd))
+ err = parse_dispatch_command(conn, cmd, &pwd, infile != stdin);
+ if (err != 0)
break;
}
xfree(pwd);
+
+ /* err == 1 signifies normal "quit" exit */
+ return (err >= 0 ? 0 : -1);
}
+
-/* $OpenBSD: sftp-int.h,v 1.5 2002/02/13 00:59:23 djm Exp $ */
+/* $OpenBSD: sftp-int.h,v 1.6 2003/01/08 23:53:26 djm Exp $ */
/*
* Copyright (c) 2001,2002 Damien Miller. All rights reserved.
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-void interactive_loop(int, int, char *, char *);
+int interactive_loop(int, int, char *, char *);
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: sftp-server.c,v 1.38 2002/09/11 22:41:50 djm Exp $");
+RCSID("$OpenBSD: sftp-server.c,v 1.41 2003/03/26 04:02:51 deraadt Exp $");
#include "buffer.h"
#include "bufaux.h"
handles[i].use = use;
handles[i].dirp = dirp;
handles[i].fd = fd;
- handles[i].name = name;
+ handles[i].name = xstrdup(name);
return i;
}
}
if (handle_is_ok(handle, HANDLE_FILE)) {
ret = close(handles[handle].fd);
handles[handle].use = HANDLE_UNUSED;
+ xfree(handles[handle].name);
} else if (handle_is_ok(handle, HANDLE_DIR)) {
ret = closedir(handles[handle].dirp);
handles[handle].use = HANDLE_UNUSED;
+ xfree(handles[handle].name);
} else {
errno = ENOENT;
}
if (fd < 0) {
status = errno_to_portable(errno);
} else {
- handle = handle_new(HANDLE_FILE, xstrdup(name), fd, NULL);
+ handle = handle_new(HANDLE_FILE, name, fd, NULL);
if (handle < 0) {
close(fd);
} else {
if (dirp == NULL) {
status = errno_to_portable(errno);
} else {
- handle = handle_new(HANDLE_DIR, xstrdup(path), 0, dirp);
+ handle = handle_new(HANDLE_DIR, path, 0, dirp);
if (handle < 0) {
closedir(dirp);
} else {
process_rename(void)
{
u_int32_t id;
- struct stat st;
char *oldpath, *newpath;
- int ret, status = SSH2_FX_FAILURE;
+ int status;
+ struct stat sb;
id = get_int();
oldpath = get_string(NULL);
newpath = get_string(NULL);
TRACE("rename id %u old %s new %s", id, oldpath, newpath);
- /* fail if 'newpath' exists */
- if (stat(newpath, &st) == -1) {
- ret = rename(oldpath, newpath);
- status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
+ status = SSH2_FX_FAILURE;
+ if (lstat(oldpath, &sb) == -1)
+ status = errno_to_portable(errno);
+ else if (S_ISREG(sb.st_mode)) {
+ /* Race-free rename of regular files */
+ if (link(oldpath, newpath) == -1)
+ status = errno_to_portable(errno);
+ else if (unlink(oldpath) == -1) {
+ status = errno_to_portable(errno);
+ /* clean spare link */
+ unlink(newpath);
+ } else
+ status = SSH2_FX_OK;
+ } else if (stat(newpath, &sb) == -1) {
+ if (rename(oldpath, newpath) == -1)
+ status = errno_to_portable(errno);
+ else
+ status = SSH2_FX_OK;
}
send_status(id, status);
xfree(oldpath);
process_symlink(void)
{
u_int32_t id;
- struct stat st;
char *oldpath, *newpath;
- int ret, status = SSH2_FX_FAILURE;
+ int ret, status;
id = get_int();
oldpath = get_string(NULL);
newpath = get_string(NULL);
TRACE("symlink id %u old %s new %s", id, oldpath, newpath);
- /* fail if 'newpath' exists */
- if (stat(newpath, &st) == -1) {
- ret = symlink(oldpath, newpath);
- status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
- }
+ /* this will fail if 'newpath' exists */
+ ret = symlink(oldpath, newpath);
+ status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
send_status(id, status);
xfree(oldpath);
xfree(newpath);
-.\" $OpenBSD: sftp.1,v 1.36 2002/09/11 22:41:50 djm Exp $
+.\" $OpenBSD: sftp.1,v 1.41 2003/03/28 10:11:43 jmc Exp $
.\"
.\" Copyright (c) 2001 Damien Miller. All rights reserved.
.\"
.Nd Secure file transfer program
.Sh SYNOPSIS
.Nm sftp
+.Bk -words
.Op Fl vC1
.Op Fl b Ar batchfile
.Op Fl o Ar ssh_option
.Op Fl R Ar num_requests
.Op Fl S Ar program
.Ar host
+.Ek
.Nm sftp
-.Op [\fIuser\fR@]\fIhost\fR[:\fIfile\fR [\fIfile\fR]]
+.Oo Oo Ar user Ns No @ Oc Ns
+.Ar host Ns Oo : Ns Ar file Oo
+.Ar file Oc Oc Oc
.Nm sftp
-.Op [\fIuser\fR@]\fIhost\fR[:\fIdir\fR[\fI/\fR]]
+.Oo Oo Ar user Ns No @ Oc Ns
+.Ar host Ns Oo : Ns Ar dir Ns
+.Oo Ar / Oc Oc Oc
.Sh DESCRIPTION
.Nm
is an interactive file transfer program, similar to
will abort if any of the following
commands fail:
.Ic get , put , rename , ln ,
-.Ic rm , mkdir , chdir , lchdir
+.Ic rm , mkdir , chdir , ls ,
+.Ic lchdir , chmod , chown , chgrp , lpwd
and
.Ic lmkdir .
+Termination on error can be suppressed on a command by command basis by
+prefixing the command with a
+.Ic '-'
+character (For example,
+.Ic -rm /tmp/blah*
+).
.It Fl o Ar ssh_option
Can be used to pass options to
.Nm ssh
This is useful for specifying options
for which there is no separate
.Nm sftp
-command-line flag. For example, to specify an alternate
+command-line flag. For example, to specify an alternate
port use:
.Ic sftp -oPort=24 .
.It Fl s Ar subsystem | sftp_server
Specifies the SSH2 subsystem or the path for an sftp server
-on the remote host. A path is useful for using sftp over
+on the remote host. A path is useful for using sftp over
protocol version 1, or when the remote
.Nm sshd
does not have an sftp subsystem configured.
.It Fl v
Raise logging level. This option is also passed to ssh.
.It Fl B Ar buffer_size
-Specify the size of the buffer that
+Specify the size of the buffer that
.Nm
uses when transferring files. Larger buffers require fewer round trips at
the cost of higher memory consumption. The default is 32768 bytes.
.It Ic mkdir Ar path
Create remote directory specified by
.Ar path .
+.It Ic progress
+Toggle display of progress meter.
.It Xo Ic put
.Op Ar flags
.Ar local-path
-.Op Ar local-path
+.Op Ar remote-path
.Xc
Upload
.Ar local-path
.Ar oldpath
to
.Ar newpath .
+.It Ic version
+Display the
+.Nm
+protocol version.
.It Ic ! Ar command
Execute
.Ar command
#include "includes.h"
-RCSID("$OpenBSD: sftp.c,v 1.31 2002/07/25 01:16:59 mouring Exp $");
+RCSID("$OpenBSD: sftp.c,v 1.34 2003/01/10 08:19:07 fgsch Exp $");
/* XXX: short-form remote directory listings (like 'ls -C') */
size_t copy_buffer_len = 32768;
size_t num_requests = 16;
+extern int showprogress;
+
static void
connect_to_server(char *path, char **args, int *in, int *out, pid_t *sshpid)
{
int
main(int argc, char **argv)
{
- int in, out, ch;
+ int in, out, ch, err;
pid_t sshpid;
char *host, *userhost, *cp, *file2;
int debug_level = 0, sshver = 2;
fatal("%s (%s).", strerror(errno), optarg);
} else
fatal("Filename already specified.");
+ showprogress = 0;
break;
case 'P':
sftp_direct = optarg;
file1 = cp;
}
- if ((host = strchr(userhost, '@')) == NULL)
+ if ((host = strrchr(userhost, '@')) == NULL)
host = userhost;
else {
*host++ = '\0';
&sshpid);
}
- interactive_loop(in, out, file1, file2);
+ err = interactive_loop(in, out, file1, file2);
#if !defined(USE_PIPES)
shutdown(in, SHUT_RDWR);
fatal("Couldn't wait for ssh process: %s",
strerror(errno));
- exit(0);
+ exit(err == 0 ? 0 : 1);
}
-.\" $OpenBSD: ssh-add.1,v 1.35 2002/06/19 00:27:55 deraadt Exp $
+.\" $OpenBSD: ssh-add.1,v 1.38 2003/03/28 10:11:43 jmc Exp $
.\"
.\" -*- nroff -*-
.\"
.Nd adds RSA or DSA identities to the authentication agent
.Sh SYNOPSIS
.Nm ssh-add
-.Op Fl lLdDxX
+.Op Fl lLdDxXc
.Op Fl t Ar life
.Op Ar
.Nm ssh-add
Set a maximum lifetime when adding identities to an agent.
The lifetime may be specified in seconds or in a time format
specified in
-.Xr sshd 8 .
+.Xr sshd_config 5 .
+.It Fl c
+Indicates that added identities should be subject to confirmation before
+being used for authentication.
+Confirmation is performed by the
+.Ev SSH_ASKPASS
+program mentioned below.
+Successful confirmation is signaled by a zero exit status from the
+.Ev SSH_ASKPASS
+program, rather than text entered into the requester.
.It Fl s Ar reader
Add key in smartcard
.Ar reader .
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.63 2002/09/19 15:51:23 markus Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.66 2003/03/05 22:33:43 markus Exp $");
#include <openssl/evp.h>
/* Default lifetime (0 == forever) */
static int lifetime = 0;
+/* User has to confirm key use */
+static int confirm = 0;
+
/* we keep a cache of one passphrases */
static char *pass = NULL;
static void
}
}
- if (ssh_add_identity_constrained(ac, private, comment, lifetime)) {
+ if (ssh_add_identity_constrained(ac, private, comment, lifetime,
+ confirm)) {
fprintf(stderr, "Identity added: %s (%s)\n", filename, comment);
ret = 0;
if (lifetime != 0)
- fprintf(stderr,
+ fprintf(stderr,
"Lifetime set to %d seconds\n", lifetime);
+ if (confirm != 0)
+ fprintf(stderr,
+ "The user has to confirm each use of the key\n");
} else if (ssh_add_identity(ac, private, comment)) {
fprintf(stderr, "Identity added: %s (%s)\n", filename, comment);
ret = 0;
update_card(AuthenticationConnection *ac, int add, const char *id)
{
char *pin;
+ int ret = -1;
pin = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN);
if (pin == NULL)
if (ssh_update_card(ac, add, id, pin)) {
fprintf(stderr, "Card %s: %s\n",
add ? "added" : "removed", id);
- return 0;
+ ret = 0;
} else {
fprintf(stderr, "Could not %s card: %s\n",
add ? "add" : "remove", id);
- return -1;
+ ret = -1;
}
+ xfree(pin);
+ return ret;
}
static int
fprintf(stderr, " -x Lock agent.\n");
fprintf(stderr, " -X Unlock agent.\n");
fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n");
+ fprintf(stderr, " -c Require confirmation to sign using identities\n");
#ifdef SMARTCARD
fprintf(stderr, " -s reader Add key in smartcard reader.\n");
fprintf(stderr, " -e reader Remove key in smartcard reader.\n");
fprintf(stderr, "Could not open a connection to your authentication agent.\n");
exit(2);
}
- while ((ch = getopt(argc, argv, "lLdDxXe:s:t:")) != -1) {
+ while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) {
switch (ch) {
case 'l':
case 'L':
ret = 1;
goto done;
break;
+ case 'c':
+ confirm = 1;
+ break;
case 'd':
deleting = 1;
break;
-.\" $OpenBSD: ssh-agent.1,v 1.35 2002/06/24 13:12:23 markus Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.37 2003/03/28 10:11:43 jmc Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
.Nm ssh-agent
.Op Fl a Ar bind_address
.Op Fl c Li | Fl s
+.Op Fl t Ar life
.Op Fl d
.Op Ar command Op Ar args ...
.Nm ssh-agent
Kill the current agent (given by the
.Ev SSH_AGENT_PID
environment variable).
+.It Fl t Ar life
+Set a default value for the maximum lifetime of identities added to the agent.
+The lifetime may be specified in seconds or in a time format specified in
+.Xr sshd 8 .
+A lifetime specified for an identity with
+.Xr ssh-add 1
+overrides this value.
+Without this option the default maximum lifetime is forever.
.It Fl d
-Debug mode. When this option is specified
+Debug mode.
+When this option is specified
.Nm
will not fork.
.El
#include "includes.h"
#include "openbsd-compat/sys-queue.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.105 2002/10/01 20:34:12 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.108 2003/03/13 11:44:50 markus Exp $");
#include <openssl/evp.h>
#include <openssl/md5.h>
#include "authfd.h"
#include "compat.h"
#include "log.h"
+#include "readpass.h"
+#include "misc.h"
#ifdef SMARTCARD
#include "scard.h"
Key *key;
char *comment;
u_int death;
+ u_int confirm;
} Identity;
typedef struct {
char *__progname;
#endif
+/* Default lifetime (0 == forever) */
+static int lifetime = 0;
+
static void
close_socket(SocketEntry *e)
{
return (NULL);
}
+/* Check confirmation of keysign request */
+static int
+confirm_key(Identity *id)
+{
+ char *p, prompt[1024];
+ int ret = -1;
+
+ p = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX);
+ snprintf(prompt, sizeof(prompt), "Allow use of key %s?\n"
+ "Key fingerprint %s.", id->comment, p);
+ xfree(p);
+ p = read_passphrase(prompt, RP_ALLOW_EOF);
+ if (p != NULL) {
+ /*
+ * Accept empty responses and responses consisting
+ * of the word "yes" as affirmative.
+ */
+ if (*p == '\0' || *p == '\n' || strcasecmp(p, "yes") == 0)
+ ret = 0;
+ xfree(p);
+ }
+ return (ret);
+}
+
/* send list of supported public keys to 'client' */
static void
process_request_identities(SocketEntry *e, int version)
goto failure;
id = lookup_identity(key, 1);
- if (id != NULL) {
+ if (id != NULL && (!id->confirm || confirm_key(id) == 0)) {
Key *private = id->key;
/* Decrypt the challenge using the private key. */
if (rsa_private_decrypt(challenge, challenge, private->rsa) <= 0)
key = key_from_blob(blob, blen);
if (key != NULL) {
Identity *id = lookup_identity(key, 2);
- if (id != NULL)
+ if (id != NULL && (!id->confirm || confirm_key(id) == 0))
ok = key_sign(id->key, &signature, &slen, data, dlen);
}
key_free(key);
process_add_identity(SocketEntry *e, int version)
{
Idtab *tab = idtab_lookup(version);
- int type, success = 0, death = 0;
+ int type, success = 0, death = 0, confirm = 0;
char *type_name, *comment;
Key *k = NULL;
}
break;
}
+ /* enable blinding */
+ switch (k->type) {
+ case KEY_RSA:
+ case KEY_RSA1:
+ if (RSA_blinding_on(k->rsa, NULL) != 1) {
+ error("process_add_identity: RSA_blinding_on failed");
+ key_free(k);
+ goto send;
+ }
+ break;
+ }
comment = buffer_get_string(&e->request, NULL);
if (k == NULL) {
xfree(comment);
case SSH_AGENT_CONSTRAIN_LIFETIME:
death = time(NULL) + buffer_get_int(&e->request);
break;
+ case SSH_AGENT_CONSTRAIN_CONFIRM:
+ confirm = 1;
+ break;
default:
break;
}
}
+ if (lifetime && !death)
+ death = time(NULL) + lifetime;
if (lookup_identity(k, version) == NULL) {
Identity *id = xmalloc(sizeof(Identity));
id->key = k;
id->comment = comment;
id->death = death;
+ id->confirm = confirm;
TAILQ_INSERT_TAIL(&tab->idlist, id, next);
/* Increment the number of identities. */
tab->nentries++;
id->key = k;
id->comment = xstrdup("smartcard key");
id->death = 0;
+ id->confirm = 0;
TAILQ_INSERT_TAIL(&tab->idlist, id, next);
tab->nentries++;
success = 1;
fprintf(stderr, " -k Kill the current agent.\n");
fprintf(stderr, " -d Debug mode.\n");
fprintf(stderr, " -a socket Bind agent socket to given name.\n");
+ fprintf(stderr, " -t life Default identity lifetime (seconds).\n");
exit(1);
}
int
main(int ac, char **av)
{
- int sock, c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0, ch, nalloc;
+ int c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0;
+ int sock, fd, ch, nalloc;
char *shell, *format, *pidstr, *agentsocket = NULL;
fd_set *readsetp = NULL, *writesetp = NULL;
struct sockaddr_un sunaddr;
init_rng();
seed_rng();
- while ((ch = getopt(ac, av, "cdksa:")) != -1) {
+ while ((ch = getopt(ac, av, "cdksa:t:")) != -1) {
switch (ch) {
case 'c':
if (s_flag)
case 'a':
agentsocket = optarg;
break;
+ case 't':
+ if ((lifetime = convtime(optarg)) == -1) {
+ fprintf(stderr, "Invalid lifetime\n");
+ usage();
+ }
+ break;
default:
usage();
}
}
(void)chdir("/");
- close(0);
- close(1);
- close(2);
+ if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
+ /* XXX might close listen socket */
+ (void)dup2(fd, STDIN_FILENO);
+ (void)dup2(fd, STDOUT_FILENO);
+ (void)dup2(fd, STDERR_FILENO);
+ if (fd > 2)
+ close(fd);
+ }
#ifdef HAVE_SETRLIMIT
/* deny core dumps, since memory contains unencrypted private keys */
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-dss.c,v 1.17 2002/07/04 10:41:47 markus Exp $");
+RCSID("$OpenBSD: ssh-dss.c,v 1.18 2003/02/12 09:33:04 markus Exp $");
#include <openssl/bn.h>
#include <openssl/evp.h>
#include "compat.h"
#include "log.h"
#include "key.h"
-#include "ssh-dss.h"
#define INTBLOB_LEN 20
#define SIGBLOB_LEN (2*INTBLOB_LEN)
-.\" $OpenBSD: ssh-keygen.1,v 1.54 2002/06/19 00:27:55 deraadt Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.56 2003/03/28 10:11:43 jmc Exp $
.\"
.\" -*- nroff -*-
.\"
.Nd authentication key generation, management and conversion
.Sh SYNOPSIS
.Nm ssh-keygen
+.Bk -words
.Op Fl q
.Op Fl b Ar bits
.Fl t Ar type
.Op Fl N Ar new_passphrase
.Op Fl C Ar comment
.Op Fl f Ar output_keyfile
+.Ek
.Nm ssh-keygen
.Fl p
.Op Fl P Ar old_passphrase
.It Fl b Ar bits
Specifies the number of bits in the key to create.
Minimum is 512 bits.
-Generally 1024 bits is considered sufficient, and key sizes
-above that no longer improve security but make things slower.
+Generally, 1024 bits is considered sufficient.
The default is 1024 bits.
.It Fl c
Requests changing the comment in the private and public key files.
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.101 2002/06/23 09:39:55 deraadt Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.102 2002/11/26 00:45:03 wcobb Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
snprintf(identity_file, sizeof(identity_file), "%s/%s", pw->pw_dir, name);
fprintf(stderr, "%s (%s): ", prompt, identity_file);
- fflush(stderr);
if (fgets(buf, sizeof(buf), stdin) == NULL)
exit(1);
if (strchr(buf, '\n'))
-.\" $OpenBSD: ssh-keyscan.1,v 1.14 2002/02/13 08:33:47 mpech Exp $
+.\" $OpenBSD: ssh-keyscan.1,v 1.15 2003/03/28 10:11:43 jmc Exp $
.\"
.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
.\"
.Nd gather ssh public keys
.Sh SYNOPSIS
.Nm ssh-keyscan
+.Bk -words
.Op Fl v46
.Op Fl p Ar port
.Op Fl T Ar timeout
.Op Fl f Ar file
.Op Ar host | addrlist namelist
.Op Ar ...
+.Ek
.Sh DESCRIPTION
.Nm
is a utility for gathering the public ssh host keys of a number of
-hosts. It was designed to aid in building and verifying
+hosts.
+It was designed to aid in building and verifying
.Pa ssh_known_hosts
files.
.Nm
.Pp
.Nm
uses non-blocking socket I/O to contact as many hosts as possible in
-parallel, so it is very efficient. The keys from a domain of 1,000
+parallel, so it is very efficient.
+The keys from a domain of 1,000
hosts can be collected in tens of seconds, even when some of those
-hosts are down or do not run ssh. For scanning, one does not need
+hosts are down or do not run ssh.
+For scanning, one does not need
login access to the machines that are being scanned, nor does the
scanning process involve any encryption.
.Pp
.It Fl p Ar port
Port to connect to on the remote host.
.It Fl T Ar timeout
-Set the timeout for connection attempts. If
+Set the timeout for connection attempts.
+If
.Pa timeout
seconds have elapsed since a connection was initiated to a host or since the
last time anything was read from that host, then the connection is
-closed and the host in question considered unavailable. Default is 5
-seconds.
+closed and the host in question considered unavailable.
+Default is 5 seconds.
.It Fl t Ar type
Specifies the type of the key to fetch from the scanned hosts.
The possible values are
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keyscan.c,v 1.40 2002/07/06 17:47:58 stevesk Exp $");
+RCSID("$OpenBSD: ssh-keyscan.c,v 1.41 2003/02/16 17:09:57 markus Exp $");
#include "openbsd-compat/sys-queue.h"
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = c->c_keytype == KT_DSA?
"ssh-dss": "ssh-rsa";
c->c_kex = kex_setup(myproposal);
+ c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
+ c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
c->c_kex->verify_host_key = hostjump;
if (!(j = setjmp(kexjmp))) {
-.\" $OpenBSD: ssh-keysign.8,v 1.3 2002/07/03 14:21:05 markus Exp $
+.\" $OpenBSD: ssh-keysign.8,v 1.6 2003/03/28 10:11:43 jmc Exp $
.\"
.\" Copyright (c) 2002 Markus Friedl. All rights reserved.
.\"
.Pp
.Nm
is disabled by default and can only be enabled in the
-the global client configuration file
+global client configuration file
.Pa /etc/ssh/ssh_config
by setting
-.Cm HostbasedAuthentication
+.Cm EnableSSHKeysign
to
.Dq yes .
.Pp
is enabled.
.It Pa /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys used to
-generate the digital signature. They
-should be owned by root, readable only by root, and not
+generate the digital signature.
+They should be owned by root, readable only by root, and not
accessible to others.
Since they are readable only by root,
.Nm
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keysign.c,v 1.7 2002/07/03 14:21:05 markus Exp $");
+RCSID("$OpenBSD: ssh-keysign.c,v 1.10 2003/03/13 11:42:19 markus Exp $");
#include <openssl/evp.h>
#include <openssl/rand.h>
initialize_options(&options);
(void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options);
fill_default_options(&options);
- if (options.hostbased_authentication != 1)
- fatal("Hostbased authentication not enabled in %s",
+ if (options.enable_ssh_keysign != 1)
+ fatal("ssh-keysign not enabled in %s",
_PATH_HOST_CONFIG_FILE);
if (key_fd[0] == -1 && key_fd[1] == -1)
keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC,
NULL, NULL);
close(key_fd[i]);
- if (keys[i] != NULL && keys[i]->type == KEY_RSA) {
- if (RSA_blinding_on(keys[i]->rsa, NULL) != 1) {
- error("RSA_blinding_on failed");
- key_free(keys[i]);
- keys[i] = NULL;
- }
- }
if (keys[i] != NULL)
found = 1;
}
case 0:
/* timer expired */
error_abort = 1;
+ kill(pid, SIGINT);
break;
case 1:
/* command input */
debug("writing PRNG seed to file %.100s", filename);
- RAND_bytes(seed, sizeof(seed));
+ if (RAND_bytes(seed, sizeof(seed)) <= 0)
+ fatal("PRNG seed extration failed");
/* Don't care if the seed doesn't exist */
prng_check_seedfile(filename);
if (!RAND_status())
fatal("Not enough entropy in RNG");
- RAND_bytes(buf, bytes);
+ if (RAND_bytes(buf, bytes) <= 0)
+ fatal("Couldn't extract entropy from PRNG");
if (output_hex) {
for(ret = 0; ret < bytes; ret++)
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-rsa.c,v 1.26 2002/08/27 17:13:56 stevesk Exp $");
+RCSID("$OpenBSD: ssh-rsa.c,v 1.28 2003/02/12 09:33:04 markus Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
#include "buffer.h"
#include "bufaux.h"
#include "key.h"
-#include "ssh-rsa.h"
#include "compat.h"
#include "ssh.h"
-static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int , RSA *);
+static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int, RSA *);
/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
int
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.167 2002/09/27 15:46:21 stevesk Exp $
+.\" $OpenBSD: ssh.1,v 1.168 2003/03/28 10:11:43 jmc Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
.Op Ar command
.Pp
.Nm ssh
+.Bk -words
.Op Fl afgknqstvxACNTX1246
.Op Fl b Ar bind_address
.Op Fl c Ar cipher_spec
.Sm on
.Xc
.Oc
+.Ek
+.Bk -words
.Oo Fl R Xo
.Sm off
.Ar port :
.Op Fl D Ar port
.Ar hostname | user@hostname
.Op Ar command
+.Ek
.Sh DESCRIPTION
.Nm
(SSH client) is a program for logging into a remote machine and for
.Fl A
and
.Fl a
-options described later) and
+options described later) and
the user is using an authentication agent, the connection to the agent
is automatically forwarded to the remote side.
.Pp
Enables forwarding of the authentication agent connection.
This can also be specified on a per-host basis in a configuration file.
.Pp
-Agent forwarding should be enabled with caution. Users with the
-ability to bypass file permissions on the remote host (for the agent's
-Unix-domain socket) can access the local agent through the forwarded
-connection. An attacker cannot obtain key material from the agent,
+Agent forwarding should be enabled with caution.
+Users with the ability to bypass file permissions on the remote host
+(for the agent's Unix-domain socket)
+can access the local agent through the forwarded connection.
+An attacker cannot obtain key material from the agent,
however they can perform operations on the keys that enable them to
authenticate using the identities loaded into the agent.
.It Fl b Ar bind_address
client for interoperability with legacy protocol 1 implementations
that do not support the
.Ar 3des
-cipher. Its use is strongly discouraged due to cryptographic
-weaknesses.
+cipher.
+Its use is strongly discouraged due to cryptographic weaknesses.
.It Fl c Ar cipher_spec
Additionally, for protocol version 2 a comma-separated list of ciphers can
be specified in order of preference.
Enables X11 forwarding.
This can also be specified on a per-host basis in a configuration file.
.Pp
-X11 forwarding should be enabled with caution. Users with the ability
-to bypass file permissions on the remote host (for the user's X
-authorization database) can access the local X11 display through the
-forwarded connection. An attacker may then be able to perform
-activities such as keystroke monitoring.
+X11 forwarding should be enabled with caution.
+Users with the ability to bypass file permissions on the remote host
+(for the user's X authorization database)
+can access the local X11 display through the forwarded connection.
+An attacker may then be able to perform activities such as keystroke monitoring.
.It Fl C
Requests compression of all data (including stdin, stdout, stderr, and
data for forwarded X11 and TCP/IP connections).
on the local side, and whenever a connection is made to this port, the
connection is forwarded over the secure channel, and the application
protocol is then used to determine where to connect to from the
-remote machine. Currently the SOCKS4 protocol is supported, and
+remote machine.
+Currently the SOCKS4 protocol is supported, and
.Nm
will act as a SOCKS4 server.
Only root can forward privileged ports.
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.186 2002/09/19 01:58:18 djm Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.190 2003/02/06 09:27:29 markus Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
av += optind;
if (ac > 0 && !host && **av != '-') {
- if (strchr(*av, '@')) {
+ if (strrchr(*av, '@')) {
p = xstrdup(*av);
- cp = strchr(p, '@');
+ cp = strrchr(p, '@');
if (cp == NULL || cp == p)
usage();
options.user = p;
host = ++cp;
} else
host = *av;
- ac--, av++;
- if (ac > 0) {
- optind = 0;
- optreset = 1;
+ if (ac > 1) {
+ optind = optreset = 1;
goto again;
}
+ ac--, av++;
}
/* Check that we got a host name. */
if (options.hostname != NULL)
host = options.hostname;
+ if (options.proxy_command != NULL &&
+ strcmp(options.proxy_command, "none") == 0)
+ options.proxy_command = NULL;
+
/* Disable rhosts authentication if not running as root. */
#ifdef HAVE_CYGWIN
/* Ignore uid if running under Windows */
int interactive = 0;
struct termios tio;
- debug("ssh_session2_setup: id %d", id);
+ debug2("ssh_session2_setup: id %d", id);
if (tty_flag) {
struct winsize ws;
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.5 2002/08/29 22:54:10 stevesk Exp $
+.\" $OpenBSD: ssh_config.5,v 1.7 2003/03/28 10:11:43 jmc Exp $
.Dd September 25, 1999
.Dt SSH_CONFIG 5
.Os
client for interoperability with legacy protocol 1 implementations
that do not support the
.Ar 3des
-cipher. Its use is strongly discouraged due to cryptographic
-weaknesses.
+cipher.
+Its use is strongly discouraged due to cryptographic weaknesses.
The default is
.Dq 3des .
.It Cm Ciphers
.It Cm ClearAllForwardings
Specifies that all local, remote and dynamic port forwardings
specified in the configuration files or on the command line be
-cleared. This option is primarily useful when used from the
+cleared.
+This option is primarily useful when used from the
.Nm ssh
command line to clear port forwardings set in
configuration files, and is automatically set by
Specifies that a TCP/IP port on the local machine be forwarded
over the secure channel, and the application
protocol is then used to determine where to connect to from the
-remote machine. The argument must be a port number.
+remote machine.
+The argument must be a port number.
Currently the SOCKS4 protocol is supported, and
.Nm ssh
will act as a SOCKS4 server.
Multiple forwardings may be specified, and
-additional forwardings can be given on the command line. Only
-the superuser can forward privileged ports.
+additional forwardings can be given on the command line.
+Only the superuser can forward privileged ports.
.It Cm EscapeChar
Sets the escape character (default:
.Ql ~ ) .
The default is
.Dq no .
.Pp
-Agent forwarding should be enabled with caution. Users with the
-ability to bypass file permissions on the remote host (for the agent's
-Unix-domain socket) can access the local agent through the forwarded
-connection. An attacker cannot obtain key material from the agent,
+Agent forwarding should be enabled with caution.
+Users with the ability to bypass file permissions on the remote host
+(for the agent's Unix-domain socket)
+can access the local agent through the forwarded connection.
+An attacker cannot obtain key material from the agent,
however they can perform operations on the keys that enable them to
authenticate using the identities loaded into the agent.
.It Cm ForwardX11
The default is
.Dq no .
.Pp
-X11 forwarding should be enabled with caution. Users with the ability
-to bypass file permissions on the remote host (for the user's X
-authorization database) can access the local X11 display through the
-forwarded connection. An attacker may then be able to perform
-activities such as keystroke monitoring.
+X11 forwarding should be enabled with caution.
+Users with the ability to bypass file permissions on the remote host
+(for the user's X authorization database)
+can access the local X11 display through the forwarded connection.
+An attacker may then be able to perform activities such as keystroke monitoring.
.It Cm GatewayPorts
Specifies whether remote hosts are allowed to connect to local
forwarded ports.
By default,
.Nm ssh
-binds local port forwardings to the loopback address. This
-prevents other remote hosts from connecting to forwarded ports.
+binds local port forwardings to the loopback address.
+This prevents other remote hosts from connecting to forwarded ports.
.Cm GatewayPorts
can be used to specify that
.Nm ssh
.Nm ssh .
The possible values are:
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
-The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2
-and DEBUG3 each specify higher levels of verbose output.
+The default is INFO.
+DEBUG and DEBUG1 are equivalent.
+DEBUG2 and DEBUG3 each specify higher levels of verbose output.
.It Cm MACs
Specifies the MAC (message authentication code) algorithms
in order of preference.
Host key management will be done using the
HostName of the host being connected (defaulting to the name typed by
the user).
+Setting the command to
+.Dq none
+disables this option entirely.
Note that
.Cm CheckHostIP
is not available for connects with a proxy command.
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.135 2002/09/19 01:58:18 djm Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.137 2002/11/21 23:03:51 deraadt Exp $");
#include <openssl/bn.h>
*/
int full_failure = 1;
- debug("ssh_connect: needpriv %d", needpriv);
+ debug2("ssh_connect: needpriv %d", needpriv);
/* Get default port if port has not been set. */
if (port == 0) {
"%s key fingerprint is %s.\n"
"Are you sure you want to continue connecting "
"(yes/no)? ",
- host, ip,
- has_keys ? ",\nbut keys of different type are already "
- "known for this host." : ".",
- type, fp);
+ host, ip,
+ has_keys ? ",\nbut keys of different type are already "
+ "known for this host." : ".",
+ type, fp);
xfree(fp);
if (!confirm(msg))
goto fail;
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.107 2002/07/01 19:48:46 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.114 2003/04/01 10:22:21 markus Exp $");
#include "ssh.h"
#include "ssh2.h"
/* start key exchange */
kex = kex_setup(myproposal);
+ kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
+ kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
kex->client_version_string=client_version_string;
kex->server_version_string=server_version_string;
kex->verify_host_key=&verify_host_key_callback;
packet_send();
packet_write_wait();
#endif
- debug("done: ssh_kex2.");
}
/*
if (options.challenge_response_authentication)
options.kbd_interactive_authentication = 1;
- debug("send SSH2_MSG_SERVICE_REQUEST");
packet_start(SSH2_MSG_SERVICE_REQUEST);
packet_put_cstring("ssh-userauth");
packet_send();
+ debug("SSH2_MSG_SERVICE_REQUEST sent");
packet_write_wait();
type = packet_read();
- if (type != SSH2_MSG_SERVICE_ACCEPT) {
- fatal("denied SSH2_MSG_SERVICE_ACCEPT: %d", type);
- }
+ if (type != SSH2_MSG_SERVICE_ACCEPT)
+ fatal("Server denied authentication request: %d", type);
if (packet_remaining() > 0) {
char *reply = packet_get_string(NULL);
- debug("service_accept: %s", reply);
+ debug2("service_accept: %s", reply);
xfree(reply);
} else {
- debug("buggy server: service_accept w/o service");
+ debug2("buggy server: service_accept w/o service");
}
packet_check_eom();
- debug("got SSH2_MSG_SERVICE_ACCEPT");
+ debug("SSH2_MSG_SERVICE_ACCEPT received");
if (options.preferred_authentications == NULL)
options.preferred_authentications = authmethods_get();
if (authctxt.agent != NULL)
ssh_close_authentication_connection(authctxt.agent);
- debug("ssh-userauth2 successful: method %s", authctxt.method->name);
+ debug("Authentication succeeded (%s).", authctxt.method->name);
}
void
userauth(Authctxt *authctxt, char *authlist)
if (partial != 0)
log("Authenticated with partial success.");
- debug("authentications that can continue: %s", authlist);
+ debug("Authentications that can continue: %s", authlist);
clear_auth_state(authctxt);
userauth(authctxt, authlist);
}
packet_check_eom();
- debug("input_userauth_pk_ok: pkalg %s blen %u lastkey %p hint %d",
+ debug("Server accepts key: pkalg %s blen %u lastkey %p hint %d",
pkalg, blen, authctxt->last_key, authctxt->last_key_hint);
do {
if (k == NULL) {
debug2("userauth_pubkey_agent: no more keys");
} else {
- debug("userauth_pubkey_agent: testing agent key %s", comment);
+ debug("Offering agent key: %s", comment);
xfree(comment);
ret = send_pubkey_test(authctxt, k, agent_sign_cb, -1);
if (ret == 0)
key = options.identity_keys[idx];
filename = options.identity_files[idx];
if (key == NULL) {
- debug("try privkey: %s", filename);
+ debug("Trying private key: %s", filename);
key = load_identity_file(filename);
if (key != NULL) {
sent = sign_and_send_pubkey(authctxt, key,
key_free(key);
}
} else if (key->type != KEY_RSA1) {
- debug("try pubkey: %s", filename);
+ debug("Offering public key: %s", filename);
sent = send_pubkey_test(authctxt, key,
identity_sign_cb, idx);
}
pid_t pid;
int to[2], from[2], status, version = 2;
- debug("ssh_keysign called");
+ debug2("ssh_keysign called");
if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
error("ssh_keysign: no installed: %s", strerror(errno));
}
}
if (!found) {
- debug("userauth_hostbased: no more client hostkeys");
+ debug("No more client hostkeys for hostbased authentication.");
return 0;
}
if (key_to_blob(private, &blob, &blen) == 0) {
strlcpy(chost, p, len);
strlcat(chost, ".", len);
debug2("userauth_hostbased: chost %s", chost);
+ xfree(p);
service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" :
authctxt->service;
static Authmethod *
authmethod_get(char *authlist)
{
-
char *name = NULL;
u_int next;
for (;;) {
if ((name = match_list(preferred, supported, &next)) == NULL) {
- debug("no more auth methods to try");
+ debug("No more authentication methods to try.");
current = NULL;
return NULL;
}
if ((current = authmethod_lookup(name)) != NULL &&
authmethod_is_enabled(current)) {
debug3("authmethod_is_enabled %s", name);
- debug("next auth method to try is %s", name);
+ debug("Next authentication method: %s", name);
return current;
}
}
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.193 2002/09/24 20:59:44 todd Exp $
+.\" $OpenBSD: sshd.8,v 1.194 2003/01/31 21:54:40 jmc Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
.Nd OpenSSH SSH daemon
.Sh SYNOPSIS
.Nm sshd
+.Bk -words
.Op Fl deiqtD46
.Op Fl b Ar bits
.Op Fl f Ar config_file
.Op Fl o Ar option
.Op Fl p Ar port
.Op Fl u Ar len
+.Ek
.Sh DESCRIPTION
.Nm
(SSH Daemon) is the daemon program for
.Nm
supports both SSH protocol version 1 and 2 simultaneously.
.Nm
-works as follows.
+works as follows:
.Pp
.Ss SSH protocol version 1
.Pp
This key is normally regenerated every hour if it has been used, and
is never stored on disk.
.Pp
-Whenever a client connects the daemon responds with its public
+Whenever a client connects, the daemon responds with its public
host and server keys.
The client compares the
RSA host key against its own database to verify that it has not changed.
.Nm rshd ,
.Nm rlogind ,
and
-.Xr rexecd
+.Nm rexecd
are disabled (thus completely disabling
.Xr rlogin
and
log, and does not put itself in the background.
The server also will not fork and will only process one connection.
This option is only intended for debugging for the server.
-Multiple -d options increase the debugging level.
+Multiple
+.Fl d
+options increase the debugging level.
Maximum is 3.
.It Fl e
When this option is specified,
.It Fl i
Specifies that
.Nm
-is being run from inetd.
+is being run from
+.Xr inetd 8 .
.Nm
is normally not run
from inetd because it needs to generate the server key before it can
.Pa utmp
file.
.Fl u0
-is also be used to prevent
+may also be used to prevent
.Nm
from making DNS requests unless the authentication
mechanism or configuration requires it.
The command supplied by the user (if any) is ignored.
The command is run on a pty if the client requests a pty;
otherwise it is run without a tty.
-If a 8-bit clean channel is required,
+If an 8-bit clean channel is required,
one must not request a pty or should specify
.Cm no-pty .
A quote may be included in the command by quoting it with a backslash.
permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323
.Sh SSH_KNOWN_HOSTS FILE FORMAT
The
-.Pa /etc/ssh/ssh_known_hosts ,
+.Pa /etc/ssh/ssh_known_hosts
and
.Pa $HOME/.ssh/known_hosts
files contain host public keys for all known hosts.
.Pa /etc/ssh/ssh_known_hosts
should be world-readable, and
.Pa $HOME/.ssh/known_hosts
-can but need not be world-readable.
+can, but need not be, world-readable.
.It Pa /etc/nologin
If this file exists,
.Nm
This file contains host-username pairs, separated by a space, one per
line.
The given user on the corresponding host is permitted to log in
-without password.
+without a password.
The same file is used by rlogind and rshd.
The file must
be writable only by the user; it is recommended that it not be
.Cm PermitUserEnvironment
option.
.It Pa $HOME/.ssh/rc
-If this file exists, it is run with /bin/sh after reading the
+If this file exists, it is run with
+.Pa /bin/sh
+after reading the
environment files but before starting the user's shell or command.
It must not produce any output on stdout; stderr must be used
instead.
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.260 2002/09/27 10:42:09 mickey Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.263 2003/02/16 17:09:57 markus Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
int startup_pipe; /* in child */
/* variables used for privilege separation */
-extern struct monitor *pmonitor;
-extern int use_privsep;
+int use_privsep;
+struct monitor *pmonitor;
/* Prototypes for various functions defined later in this file. */
void destroy_sensitive_data(void);
__progname = get_progname(av[0]);
init_rng();
- /* Save argv. */
+ /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
saved_argc = ac;
saved_argv = av;
+ saved_argv = xmalloc(sizeof(*saved_argv) * ac);
+ for (i = 0; i < ac; i++)
+ saved_argv[i] = xstrdup(av[i]);
+
+#ifndef HAVE_SETPROCTITLE
+ /* Prepare for later setproctitle emulation */
+ compat_init_setproctitle(ac, av);
+#endif
/* Initialize configuration options to their default values. */
initialize_server_options(&options);
SYSLOG_LEVEL_INFO : options.log_level,
options.log_facility == SYSLOG_FACILITY_NOT_SET ?
SYSLOG_FACILITY_AUTH : options.log_facility,
- !inetd_flag);
+ log_stderr || !inetd_flag);
#ifdef _UNICOS
/* Cray can define user privs drop all prives now!
#else
if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
#endif
- fatal("Bad owner or mode for %s",
- _PATH_PRIVSEP_CHROOT_DIR);
+ fatal("%s must be owned by root and not group or "
+ "world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
}
/* Configuration looks good, so exit if in test mode. */
* setlogin() affects the entire process group. We don't
* want the child to be able to affect the parent.
*/
-#if 0
- /* XXX: this breaks Solaris */
+#if !defined(STREAMS_PUSH_ACQUIRES_CTTY)
+ /*
+ * If setsid is called on Solaris, sshd will acquire the controlling
+ * terminal while pushing STREAMS modules. This will prevent the
+ * shell from acquiring it later.
+ */
if (!debug_flag && !inetd_flag && setsid() < 0)
error("setsid: %.100s", strerror(errno));
#endif
/* start key exchange */
kex = kex_setup(myproposal);
+ kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
+ kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
kex->server = 1;
kex->client_version_string=client_version_string;
kex->server_version_string=server_version_string;
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.13 2002/09/16 20:12:11 stevesk Exp $
+.\" $OpenBSD: sshd_config.5,v 1.15 2003/03/28 10:11:43 jmc Exp $
.Dd September 25, 1999
.Dt SSHD_CONFIG 5
.Os
.It Cm AllowUsers
This keyword can be followed by a list of user name patterns, separated
by spaces.
-If specified, login is allowed only for users names that
+If specified, login is allowed only for user names that
match one of the patterns.
.Ql \&*
and
forwarded for the client.
By default,
.Nm sshd
-binds remote port forwardings to the loopback address. This
-prevents other remote hosts from connecting to forwarded ports.
+binds remote port forwardings to the loopback address.
+This prevents other remote hosts from connecting to forwarded ports.
.Cm GatewayPorts
can be used to specify that
.Nm sshd
will listen on the address and all prior
.Cm Port
options specified. The default is to listen on all local
-addresses. Multiple
+addresses.
+Multiple
.Cm ListenAddress
options are permitted. Additionally, any
.Cm Port
.Nm sshd .
The possible values are:
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
-The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2
-and DEBUG3 each specify higher levels of debugging output.
-Logging with a DEBUG level violates the privacy of users
-and is not recommended.
+The default is INFO.
+DEBUG and DEBUG1 are equivalent.
+DEBUG2 and DEBUG3 each specify higher levels of debugging output.
+Logging with a DEBUG level violates the privacy of users and is not recommended.
.It Cm MACs
Specifies the available MAC (message authentication code) algorithms.
The MAC algorithm is used in protocol version 2
.Xr login 1
does not know how to handle
.Xr xauth 1
-cookies. If
+cookies.
+If
.Cm UsePrivilegeSeparation
is specified, it will be disabled after authentication.
.It Cm UsePrivilegeSeparation
Specifies whether
.Nm sshd
separates privileges by creating an unprivileged child process
-to deal with incoming network traffic. After successful authentication,
-another process will be created that has the privilege of the authenticated
-user. The goal of privilege separation is to prevent privilege
+to deal with incoming network traffic.
+After successful authentication, another process will be created that has
+the privilege of the authenticated user.
+The goal of privilege separation is to prevent privilege
escalation by containing any corruption within the unprivileged processes.
The default is
.Dq yes .
Specifies whether
.Nm sshd
should bind the X11 forwarding server to the loopback address or to
-the wildcard address. By default,
+the wildcard address.
+By default,
.Nm sshd
binds the forwarding server to the loopback address and sets the
hostname part of the
struct logininfo *li;
li = login_alloc_entry(pid, user, host, ttyname);
- login_set_addr(li, addr, sizeof(struct sockaddr));
+ login_set_addr(li, addr, addrlen);
login_login(li);
login_free_entry(li);
}
#ifdef LOGIN_NEEDS_UTMPX
void
record_utmp_only(pid_t pid, const char *ttyname, const char *user,
- const char *host, struct sockaddr * addr)
+ const char *host, struct sockaddr * addr, socklen_t addrlen)
{
struct logininfo *li;
li = login_alloc_entry(pid, user, host, ttyname);
- login_set_addr(li, addr, sizeof(struct sockaddr));
+ login_set_addr(li, addr, addrlen);
login_utmp_only(li);
login_free_entry(li);
}
#ifdef LOGIN_NEEDS_UTMPX
void record_utmp_only(pid_t, const char *, const char *, const char *,
- struct sockaddr *);
+ struct sockaddr *, socklen_t);
#endif
#endif
*/
#include "includes.h"
-RCSID("$OpenBSD: sshpty.c,v 1.7 2002/06/24 17:57:20 deraadt Exp $");
+RCSID("$OpenBSD: sshpty.c,v 1.8 2003/02/03 08:56:16 markus Exp $");
#ifdef HAVE_UTIL_H
# include <util.h>
if (chown(ttyname, pw->pw_uid, gid) < 0) {
if (errno == EROFS &&
(st.st_uid == pw->pw_uid || st.st_uid == 0))
- error("chown(%.100s, %u, %u) failed: %.100s",
+ debug("chown(%.100s, %u, %u) failed: %.100s",
ttyname, (u_int)pw->pw_uid, (u_int)gid,
strerror(errno));
else
if (chmod(ttyname, mode) < 0) {
if (errno == EROFS &&
(st.st_mode & (S_IRGRP | S_IROTH)) == 0)
- error("chmod(%.100s, 0%o) failed: %.100s",
+ debug("chmod(%.100s, 0%o) failed: %.100s",
ttyname, mode, strerror(errno));
else
fatal("chmod(%.100s, 0%o) failed: %.100s",
-/* $OpenBSD: version.h,v 1.35 2002/10/01 13:24:50 markus Exp $ */
-
-#define SSH_VERSION "OpenSSH_3.5p1"
+/* $OpenBSD: version.h,v 1.37 2003/04/01 10:56:46 markus Exp $ */
+#define SSH_VERSION "OpenSSH_3.6.1p1"