From: jbasney Date: Fri, 10 Nov 2006 22:31:40 +0000 (+0000) Subject: merged OpenSSH 4.5p1 to trunk X-Git-Tag: OPENSSH_4_5p1_GSSAPI_NCSA_GSSAPI_20061110 X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/commitdiff_plain/240debe08a8b143890d868c5d8ca9333e1817fc9 merged OpenSSH 4.5p1 to trunk --- diff --git a/openssh/Makefile.in b/openssh/Makefile.in index f58eb8c..71ab1f2 100644 --- a/openssh/Makefile.in +++ b/openssh/Makefile.in @@ -11,6 +11,7 @@ bindir=@bindir@ sbindir=@sbindir@ libexecdir=@libexecdir@ datadir=@datadir@ +datarootdir=@datarootdir@ mandir=@mandir@ mansubdir=@mansubdir@ sysconfdir=@sysconfdir@ diff --git a/openssh/auth.c b/openssh/auth.c index dbee008..1b060ea 100644 --- a/openssh/auth.c +++ b/openssh/auth.c @@ -571,8 +571,6 @@ fakepw(void) fake.pw_passwd = "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK"; fake.pw_gecos = "NOUSER"; - fake.pw_uid = (uid_t)-1; - fake.pw_gid = (gid_t)-1; fake.pw_uid = privsep_pw->pw_uid; fake.pw_gid = privsep_pw->pw_gid; #ifdef HAVE_PW_CLASS_IN_PASSWD diff --git a/openssh/bufaux.h b/openssh/bufaux.h deleted file mode 100644 index d1af098..0000000 --- a/openssh/bufaux.h +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Author: Tatu Ylonen - * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland - * All rights reserved - * - * As far as I am concerned, the code I have written for this software - * can be used freely for any purpose. Any derived versions of this - * software must be clearly marked as such, and if the derived work is - * incompatible with the protocol description in the RFC file, it must be - * called by a name other than "ssh" or "Secure Shell". - */ - -/* RCSID("$OpenBSD: bufaux.h,v 1.13 2001/06/26 17:27:22 markus Exp $"); */ - -#ifndef BUFAUX_H -#define BUFAUX_H - -#include "buffer.h" -#include - -void buffer_put_bignum(Buffer *, BIGNUM *); -void buffer_put_bignum2(Buffer *, BIGNUM *); - -int buffer_get_bignum(Buffer *, BIGNUM *); -int buffer_get_bignum2(Buffer *, BIGNUM *); - -u_int buffer_get_int(Buffer *); -void buffer_put_int(Buffer *, u_int); - -#ifdef HAVE_U_INT64_T -u_int64_t buffer_get_int64(Buffer *); -void buffer_put_int64(Buffer *, u_int64_t); -#endif - -int buffer_get_char(Buffer *); - -void buffer_put_char(Buffer *, int); - -char *buffer_get_string(Buffer *, u_int *); - -void buffer_put_string(Buffer *, const void *, u_int); -void buffer_put_cstring(Buffer *, const char *); - -#endif /* BUFAUX_H */ diff --git a/openssh/clientloop.c b/openssh/clientloop.c index 4a614d9..2f7ce2b 100644 --- a/openssh/clientloop.c +++ b/openssh/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.175 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: clientloop.c,v 1.176 2006/10/11 12:38:03 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -464,8 +464,10 @@ client_global_request_reply(int type, u_int32_t seq, void *ctxt) static void server_alive_check(void) { - if (++server_alive_timeouts > options.server_alive_count_max) - packet_disconnect("Timeout, server not responding."); + if (++server_alive_timeouts > options.server_alive_count_max) { + logit("Timeout, server not responding."); + cleanup_exit(255); + } packet_start(SSH2_MSG_GLOBAL_REQUEST); packet_put_cstring("keepalive@openssh.com"); packet_put_char(1); /* boolean: want reply */ diff --git a/openssh/config.h.in b/openssh/config.h.in deleted file mode 100644 index 8e58ec2..0000000 --- a/openssh/config.h.in +++ /dev/null @@ -1,1365 +0,0 @@ -/* config.h.in. Generated from configure.ac by autoheader. */ - -/* Define this if you want to use AFS/Kerberos 5 option, which runs aklog. */ -#undef AFS_KRB5 - -/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address - */ -#undef AIX_GETNAMEINFO_HACK - -/* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) */ -#undef AIX_LOGINFAILED_4ARG - -/* Define this if you want to use AFS/Kerberos 5 option, which runs aklog. */ -#undef AKLOG_PATH - -/* Define if your resolver libs need this for getrrsetbyname */ -#undef BIND_8_COMPAT - -/* Define if cmsg_type is not passed correctly */ -#undef BROKEN_CMSG_TYPE - -/* getaddrinfo is broken (if present) */ -#undef BROKEN_GETADDRINFO - -/* getgroups(0,NULL) will return -1 */ -#undef BROKEN_GETGROUPS - -/* Define if you system's inet_ntoa is busted (e.g. Irix gcc issue) */ -#undef BROKEN_INET_NTOA - -/* ia_uinfo routines not supported by OS yet */ -#undef BROKEN_LIBIAF - -/* Ultrix mmap can't map files */ -#undef BROKEN_MMAP - -/* Define if your struct dirent expects you to allocate extra space for d_name - */ -#undef BROKEN_ONE_BYTE_DIRENT_D_NAME - -/* Define if you have a broken realpath. */ -#undef BROKEN_REALPATH - -/* Needed for NeXT */ -#undef BROKEN_SAVED_UIDS - -/* Define if your setregid() is broken */ -#undef BROKEN_SETREGID - -/* Define if your setresgid() is broken */ -#undef BROKEN_SETRESGID - -/* Define if your setresuid() is broken */ -#undef BROKEN_SETRESUID - -/* Define if your setreuid() is broken */ -#undef BROKEN_SETREUID - -/* LynxOS has broken setvbuf() implementation */ -#undef BROKEN_SETVBUF - -/* Define if your snprintf is busted */ -#undef BROKEN_SNPRINTF - -/* updwtmpx is broken (if present) */ -#undef BROKEN_UPDWTMPX - -/* Define if you have BSD auth support */ -#undef BSD_AUTH - -/* Define if you want to specify the path to your lastlog file */ -#undef CONF_LASTLOG_FILE - -/* Define if you want to specify the path to your utmpx file */ -#undef CONF_UTMPX_FILE - -/* Define if you want to specify the path to your utmp file */ -#undef CONF_UTMP_FILE - -/* Define if you want to specify the path to your wtmpx file */ -#undef CONF_WTMPX_FILE - -/* Define if you want to specify the path to your wtmp file */ -#undef CONF_WTMP_FILE - -/* Define if your platform needs to skip post auth file descriptor passing */ -#undef DISABLE_FD_PASSING - -/* Define if you don't want to use lastlog */ -#undef DISABLE_LASTLOG - -/* Define if you don't want to use your system's login() call */ -#undef DISABLE_LOGIN - -/* Define if you don't want to use pututline() etc. to write [uw]tmp */ -#undef DISABLE_PUTUTLINE - -/* Define if you don't want to use pututxline() etc. to write [uw]tmpx */ -#undef DISABLE_PUTUTXLINE - -/* Define if you want to disable shadow passwords */ -#undef DISABLE_SHADOW - -/* Define if you don't want to use utmp */ -#undef DISABLE_UTMP - -/* Define if you don't want to use utmpx */ -#undef DISABLE_UTMPX - -/* Define if you don't want to use wtmp */ -#undef DISABLE_WTMP - -/* Define if you don't want to use wtmpx */ -#undef DISABLE_WTMPX - -/* Workaround more Linux IPv6 quirks */ -#undef DONT_TRY_OTHER_AF - -/* Builtin PRNG command timeout */ -#undef ENTROPY_TIMEOUT_MSEC - -/* Define to 1 if the `getpgrp' function requires zero arguments. */ -#undef GETPGRP_VOID - -/* Conflicting defs for getspnam */ -#undef GETSPNAM_CONFLICTING_DEFS - -/* Define if your system glob() function has the GLOB_ALTDIRFUNC extension */ -#undef GLOB_HAS_ALTDIRFUNC - -/* Define if your system glob() function has gl_matchc options in glob_t */ -#undef GLOB_HAS_GL_MATCHC - -/* Define if you want GSI/Globus authentication support. */ -#undef GSI - -/* Define this if you want GSSAPI support in the version 2 protocol */ -#undef GSSAPI - -/* Define if you want to use shadow password expire field */ -#undef HAS_SHADOW_EXPIRE - -/* Define if your system uses access rights style file descriptor passing */ -#undef HAVE_ACCRIGHTS_IN_MSGHDR - -/* Define if you have ut_addr in utmp.h */ -#undef HAVE_ADDR_IN_UTMP - -/* Define if you have ut_addr in utmpx.h */ -#undef HAVE_ADDR_IN_UTMPX - -/* Define if you have ut_addr_v6 in utmp.h */ -#undef HAVE_ADDR_V6_IN_UTMP - -/* Define if you have ut_addr_v6 in utmpx.h */ -#undef HAVE_ADDR_V6_IN_UTMPX - -/* Define to 1 if you have the `arc4random' function. */ -#undef HAVE_ARC4RANDOM - -/* Define to 1 if you have the `asprintf' function. */ -#undef HAVE_ASPRINTF - -/* OpenBSD's gcc has bounded */ -#undef HAVE_ATTRIBUTE__BOUNDED__ - -/* OpenBSD's gcc has sentinel */ -#undef HAVE_ATTRIBUTE__SENTINEL__ - -/* Define to 1 if you have the `b64_ntop' function. */ -#undef HAVE_B64_NTOP - -/* Define to 1 if you have the `b64_pton' function. */ -#undef HAVE_B64_PTON - -/* Define if you have the basename function. */ -#undef HAVE_BASENAME - -/* Define to 1 if you have the `bcopy' function. */ -#undef HAVE_BCOPY - -/* Define to 1 if you have the `bindresvport_sa' function. */ -#undef HAVE_BINDRESVPORT_SA - -/* Define to 1 if you have the header file. */ -#undef HAVE_BSM_AUDIT_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_BSTRING_H - -/* Define to 1 if you have the `clock' function. */ -#undef HAVE_CLOCK - -/* define if you have clock_t data type */ -#undef HAVE_CLOCK_T - -/* Define to 1 if you have the `closefrom' function. */ -#undef HAVE_CLOSEFROM - -/* Define if gai_strerror() returns const char * */ -#undef HAVE_CONST_GAI_STRERROR_PROTO - -/* Define if your system uses ancillary data style file descriptor passing */ -#undef HAVE_CONTROL_IN_MSGHDR - -/* Define to 1 if you have the header file. */ -#undef HAVE_CRYPTO_SHA2_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_CRYPT_H - -/* Define if you are on Cygwin */ -#undef HAVE_CYGWIN - -/* Define if your libraries define daemon() */ -#undef HAVE_DAEMON - -/* Define to 1 if you have the declaration of `authenticate', and to 0 if you - don't. */ -#undef HAVE_DECL_AUTHENTICATE - -/* Define to 1 if you have the declaration of `GLOB_NOMATCH', and to 0 if you - don't. */ -#undef HAVE_DECL_GLOB_NOMATCH - -/* Define to 1 if you have the declaration of `h_errno', and to 0 if you - don't. */ -#undef HAVE_DECL_H_ERRNO - -/* Define to 1 if you have the declaration of `loginfailed', and to 0 if you - don't. */ -#undef HAVE_DECL_LOGINFAILED - -/* Define to 1 if you have the declaration of `loginrestrictions', and to 0 if - you don't. */ -#undef HAVE_DECL_LOGINRESTRICTIONS - -/* Define to 1 if you have the declaration of `loginsuccess', and to 0 if you - don't. */ -#undef HAVE_DECL_LOGINSUCCESS - -/* Define to 1 if you have the declaration of `O_NONBLOCK', and to 0 if you - don't. */ -#undef HAVE_DECL_O_NONBLOCK - -/* Define to 1 if you have the declaration of `passwdexpired', and to 0 if you - don't. */ -#undef HAVE_DECL_PASSWDEXPIRED - -/* Define to 1 if you have the declaration of `setauthdb', and to 0 if you - don't. */ -#undef HAVE_DECL_SETAUTHDB - -/* Define to 1 if you have the declaration of `SHUT_RD', and to 0 if you - don't. */ -#undef HAVE_DECL_SHUT_RD - -/* Define to 1 if you have the declaration of `writev', and to 0 if you don't. - */ -#undef HAVE_DECL_WRITEV - -/* Define to 1 if you have the declaration of `_getlong', and to 0 if you - don't. */ -#undef HAVE_DECL__GETLONG - -/* Define to 1 if you have the declaration of `_getshort', and to 0 if you - don't. */ -#undef HAVE_DECL__GETSHORT - -/* Define if you have /dev/ptmx */ -#undef HAVE_DEV_PTMX - -/* Define if you have /dev/ptc */ -#undef HAVE_DEV_PTS_AND_PTC - -/* Define to 1 if you have the header file. */ -#undef HAVE_DIRENT_H - -/* Define to 1 if you have the `dirfd' function. */ -#undef HAVE_DIRFD - -/* Define to 1 if you have the `dirname' function. */ -#undef HAVE_DIRNAME - -/* Define to 1 if you have the header file. */ -#undef HAVE_ENDIAN_H - -/* Define to 1 if you have the `endutent' function. */ -#undef HAVE_ENDUTENT - -/* Define to 1 if you have the `endutxent' function. */ -#undef HAVE_ENDUTXENT - -/* Define if your system has /etc/default/login */ -#undef HAVE_ETC_DEFAULT_LOGIN - -/* Define to 1 if you have the `EVP_sha256' function. */ -#undef HAVE_EVP_SHA256 - -/* Define if you have ut_exit in utmp.h */ -#undef HAVE_EXIT_IN_UTMP - -/* Define to 1 if you have the `fchmod' function. */ -#undef HAVE_FCHMOD - -/* Define to 1 if you have the `fchown' function. */ -#undef HAVE_FCHOWN - -/* Use F_CLOSEM fcntl for closefrom */ -#undef HAVE_FCNTL_CLOSEM - -/* Define to 1 if you have the header file. */ -#undef HAVE_FCNTL_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_FEATURES_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_FLOATINGPOINT_H - -/* Define to 1 if you have the `freeaddrinfo' function. */ -#undef HAVE_FREEADDRINFO - -/* Define to 1 if you have the `futimes' function. */ -#undef HAVE_FUTIMES - -/* Define to 1 if you have the `gai_strerror' function. */ -#undef HAVE_GAI_STRERROR - -/* Define to 1 if you have the `getaddrinfo' function. */ -#undef HAVE_GETADDRINFO - -/* Define to 1 if you have the `getaudit' function. */ -#undef HAVE_GETAUDIT - -/* Define to 1 if you have the `getaudit_addr' function. */ -#undef HAVE_GETAUDIT_ADDR - -/* Define to 1 if you have the `getcwd' function. */ -#undef HAVE_GETCWD - -/* Define to 1 if you have the `getgrouplist' function. */ -#undef HAVE_GETGROUPLIST - -/* Define to 1 if you have the `getluid' function. */ -#undef HAVE_GETLUID - -/* Define to 1 if you have the `getnameinfo' function. */ -#undef HAVE_GETNAMEINFO - -/* Define to 1 if you have the `getopt' function. */ -#undef HAVE_GETOPT - -/* Define to 1 if you have the header file. */ -#undef HAVE_GETOPT_H - -/* Define if your getopt(3) defines and uses optreset */ -#undef HAVE_GETOPT_OPTRESET - -/* Define if your libraries define getpagesize() */ -#undef HAVE_GETPAGESIZE - -/* Define to 1 if you have the `getpeereid' function. */ -#undef HAVE_GETPEEREID - -/* Define to 1 if you have the `getpwanam' function. */ -#undef HAVE_GETPWANAM - -/* Define to 1 if you have the `getrlimit' function. */ -#undef HAVE_GETRLIMIT - -/* Define if getrrsetbyname() exists */ -#undef HAVE_GETRRSETBYNAME - -/* Define to 1 if you have the `getrusage' function. */ -#undef HAVE_GETRUSAGE - -/* Define to 1 if you have the `getseuserbyname' function. */ -#undef HAVE_GETSEUSERBYNAME - -/* Define to 1 if you have the `gettimeofday' function. */ -#undef HAVE_GETTIMEOFDAY - -/* Define to 1 if you have the `getttyent' function. */ -#undef HAVE_GETTTYENT - -/* Define to 1 if you have the `getutent' function. */ -#undef HAVE_GETUTENT - -/* Define to 1 if you have the `getutid' function. */ -#undef HAVE_GETUTID - -/* Define to 1 if you have the `getutline' function. */ -#undef HAVE_GETUTLINE - -/* Define to 1 if you have the `getutxent' function. */ -#undef HAVE_GETUTXENT - -/* Define to 1 if you have the `getutxid' function. */ -#undef HAVE_GETUTXID - -/* Define to 1 if you have the `getutxline' function. */ -#undef HAVE_GETUTXLINE - -/* Define to 1 if you have the `get_default_context_with_level' function. */ -#undef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL - -/* Define to 1 if you have the `glob' function. */ -#undef HAVE_GLOB - -/* Define to 1 if you have the `globus_gss_assist_map_and_authorize' function. - */ -#undef HAVE_GLOBUS_GSS_ASSIST_MAP_AND_AUTHORIZE - -/* Define to 1 if you have the header file. */ -#undef HAVE_GLOB_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_GSSAPI_GENERIC_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_GSSAPI_GSSAPI_GENERIC_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_GSSAPI_GSSAPI_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_GSSAPI_GSSAPI_KRB5_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_GSSAPI_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_GSSAPI_KRB5_H - -/* Define if HEADER.ad exists in arpa/nameser.h */ -#undef HAVE_HEADER_AD - -/* Define if you have ut_host in utmp.h */ -#undef HAVE_HOST_IN_UTMP - -/* Define if you have ut_host in utmpx.h */ -#undef HAVE_HOST_IN_UTMPX - -/* Define to 1 if you have the header file. */ -#undef HAVE_IAF_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_IA_H - -/* Define if you have ut_id in utmp.h */ -#undef HAVE_ID_IN_UTMP - -/* Define if you have ut_id in utmpx.h */ -#undef HAVE_ID_IN_UTMPX - -/* Define to 1 if you have the `inet_aton' function. */ -#undef HAVE_INET_ATON - -/* Define to 1 if you have the `inet_ntoa' function. */ -#undef HAVE_INET_NTOA - -/* Define to 1 if you have the `inet_ntop' function. */ -#undef HAVE_INET_NTOP - -/* Define to 1 if you have the `innetgr' function. */ -#undef HAVE_INNETGR - -/* define if you have int64_t data type */ -#undef HAVE_INT64_T - -/* Define to 1 if you have the header file. */ -#undef HAVE_INTTYPES_H - -/* define if you have intxx_t data type */ -#undef HAVE_INTXX_T - -/* Define to 1 if the system has the type `in_addr_t'. */ -#undef HAVE_IN_ADDR_T - -/* Define to 1 if you have the header file. */ -#undef HAVE_LASTLOG_H - -/* Define to 1 if you have the `bsm' library (-lbsm). */ -#undef HAVE_LIBBSM - -/* Define to 1 if you have the `crypt' library (-lcrypt). */ -#undef HAVE_LIBCRYPT - -/* Define to 1 if you have the `dl' library (-ldl). */ -#undef HAVE_LIBDL - -/* Define to 1 if you have the header file. */ -#undef HAVE_LIBGEN_H - -/* Define to 1 if you have the `iaf' library (-liaf). */ -#undef HAVE_LIBIAF - -/* Define to 1 if you have the `nsl' library (-lnsl). */ -#undef HAVE_LIBNSL - -/* Define to 1 if you have the `pam' library (-lpam). */ -#undef HAVE_LIBPAM - -/* Define to 1 if you have the `sectok' library (-lsectok). */ -#undef HAVE_LIBSECTOK - -/* Define to 1 if you have the `socket' library (-lsocket). */ -#undef HAVE_LIBSOCKET - -/* Define to 1 if you have the header file. */ -#undef HAVE_LIBUTIL_H - -/* Define to 1 if you have the `xnet' library (-lxnet). */ -#undef HAVE_LIBXNET - -/* Define to 1 if you have the `z' library (-lz). */ -#undef HAVE_LIBZ - -/* Define to 1 if you have the header file. */ -#undef HAVE_LIMITS_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_LINUX_IF_TUN_H - -/* Define if your libraries define login() */ -#undef HAVE_LOGIN - -/* Define to 1 if you have the header file. */ -#undef HAVE_LOGIN_CAP_H - -/* Define to 1 if you have the `login_getcapbool' function. */ -#undef HAVE_LOGIN_GETCAPBOOL - -/* Define to 1 if you have the header file. */ -#undef HAVE_LOGIN_H - -/* Define to 1 if you have the `logout' function. */ -#undef HAVE_LOGOUT - -/* Define to 1 if you have the `logwtmp' function. */ -#undef HAVE_LOGWTMP - -/* Define to 1 if the system has the type `long double'. */ -#undef HAVE_LONG_DOUBLE - -/* Define to 1 if the system has the type `long long'. */ -#undef HAVE_LONG_LONG - -/* Define to 1 if you have the header file. */ -#undef HAVE_MAILLOCK_H - -/* Define to 1 if you have the `md5_crypt' function. */ -#undef HAVE_MD5_CRYPT - -/* Define if you want to allow MD5 passwords */ -#undef HAVE_MD5_PASSWORDS - -/* Define to 1 if you have the `memmove' function. */ -#undef HAVE_MEMMOVE - -/* Define to 1 if you have the header file. */ -#undef HAVE_MEMORY_H - -/* Define to 1 if you have the `mkdtemp' function. */ -#undef HAVE_MKDTEMP - -/* Define to 1 if you have the `mmap' function. */ -#undef HAVE_MMAP - -/* define if you have mode_t data type */ -#undef HAVE_MODE_T - -/* Some systems put nanosleep outside of libc */ -#undef HAVE_NANOSLEEP - -/* Define to 1 if you have the header file. */ -#undef HAVE_NDIR_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_NETDB_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_NETGROUP_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_NET_IF_TUN_H - -/* Define if you are on NeXT */ -#undef HAVE_NEXT - -/* Define to 1 if you have the `ngetaddrinfo' function. */ -#undef HAVE_NGETADDRINFO - -/* Define to 1 if you have the `nsleep' function. */ -#undef HAVE_NSLEEP - -/* Define to 1 if you have the `ogetaddrinfo' function. */ -#undef HAVE_OGETADDRINFO - -/* Define if you have an old version of PAM which takes only one argument to - pam_strerror */ -#undef HAVE_OLD_PAM - -/* Define to 1 if you have the `openlog_r' function. */ -#undef HAVE_OPENLOG_R - -/* Define to 1 if you have the `openpty' function. */ -#undef HAVE_OPENPTY - -/* Define if your ssl headers are included with #include */ -#undef HAVE_OPENSSL - -/* Define if you have Digital Unix Security Integration Architecture */ -#undef HAVE_OSF_SIA - -/* Define to 1 if you have the `pam_getenvlist' function. */ -#undef HAVE_PAM_GETENVLIST - -/* Define to 1 if you have the header file. */ -#undef HAVE_PAM_PAM_APPL_H - -/* Define to 1 if you have the `pam_putenv' function. */ -#undef HAVE_PAM_PUTENV - -/* Define to 1 if you have the header file. */ -#undef HAVE_PATHS_H - -/* Define if you have ut_pid in utmp.h */ -#undef HAVE_PID_IN_UTMP - -/* define if you have pid_t data type */ -#undef HAVE_PID_T - -/* Define to 1 if you have the `prctl' function. */ -#undef HAVE_PRCTL - -/* Define if you have /proc/$pid/fd */ -#undef HAVE_PROC_PID - -/* Define to 1 if you have the `pstat' function. */ -#undef HAVE_PSTAT - -/* Define to 1 if you have the header file. */ -#undef HAVE_PTY_H - -/* Define to 1 if you have the `pututline' function. */ -#undef HAVE_PUTUTLINE - -/* Define to 1 if you have the `pututxline' function. */ -#undef HAVE_PUTUTXLINE - -/* Define if your password has a pw_change field */ -#undef HAVE_PW_CHANGE_IN_PASSWD - -/* Define if your password has a pw_class field */ -#undef HAVE_PW_CLASS_IN_PASSWD - -/* Define if your password has a pw_expire field */ -#undef HAVE_PW_EXPIRE_IN_PASSWD - -/* Define to 1 if you have the `readpassphrase' function. */ -#undef HAVE_READPASSPHRASE - -/* Define to 1 if you have the header file. */ -#undef HAVE_READPASSPHRASE_H - -/* Define to 1 if you have the `realpath' function. */ -#undef HAVE_REALPATH - -/* Define to 1 if you have the `recvmsg' function. */ -#undef HAVE_RECVMSG - -/* Define to 1 if you have the header file. */ -#undef HAVE_RPC_TYPES_H - -/* Define to 1 if you have the `rresvport_af' function. */ -#undef HAVE_RRESVPORT_AF - -/* define if you have sa_family_t data type */ -#undef HAVE_SA_FAMILY_T - -/* Define to 1 if you have the header file. */ -#undef HAVE_SECTOK_H - -/* Define if you have SecureWare-based protected password database */ -#undef HAVE_SECUREWARE - -/* Define to 1 if you have the header file. */ -#undef HAVE_SECURITY_PAM_APPL_H - -/* Define to 1 if you have the `sendmsg' function. */ -#undef HAVE_SENDMSG - -/* Define to 1 if you have the `setauthdb' function. */ -#undef HAVE_SETAUTHDB - -/* Define to 1 if you have the `setdtablesize' function. */ -#undef HAVE_SETDTABLESIZE - -/* Define to 1 if you have the `setegid' function. */ -#undef HAVE_SETEGID - -/* Define to 1 if you have the `setenv' function. */ -#undef HAVE_SETENV - -/* Define to 1 if you have the `seteuid' function. */ -#undef HAVE_SETEUID - -/* Define to 1 if you have the `setgroups' function. */ -#undef HAVE_SETGROUPS - -/* Define to 1 if you have the `setlogin' function. */ -#undef HAVE_SETLOGIN - -/* Define to 1 if you have the `setluid' function. */ -#undef HAVE_SETLUID - -/* Define to 1 if you have the `setpcred' function. */ -#undef HAVE_SETPCRED - -/* Define to 1 if you have the `setproctitle' function. */ -#undef HAVE_SETPROCTITLE - -/* Define to 1 if you have the `setregid' function. */ -#undef HAVE_SETREGID - -/* Define to 1 if you have the `setresgid' function. */ -#undef HAVE_SETRESGID - -/* Define to 1 if you have the `setresuid' function. */ -#undef HAVE_SETRESUID - -/* Define to 1 if you have the `setreuid' function. */ -#undef HAVE_SETREUID - -/* Define to 1 if you have the `setrlimit' function. */ -#undef HAVE_SETRLIMIT - -/* Define to 1 if you have the `setsid' function. */ -#undef HAVE_SETSID - -/* Define to 1 if you have the `setutent' function. */ -#undef HAVE_SETUTENT - -/* Define to 1 if you have the `setutxent' function. */ -#undef HAVE_SETUTXENT - -/* Define to 1 if you have the `setvbuf' function. */ -#undef HAVE_SETVBUF - -/* Define to 1 if you have the `SHA256_Update' function. */ -#undef HAVE_SHA256_UPDATE - -/* Define to 1 if you have the header file. */ -#undef HAVE_SHA2_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SHADOW_H - -/* Define to 1 if you have the `sigaction' function. */ -#undef HAVE_SIGACTION - -/* Define to 1 if you have the `sigvec' function. */ -#undef HAVE_SIGVEC - -/* Define to 1 if the system has the type `sig_atomic_t'. */ -#undef HAVE_SIG_ATOMIC_T - -/* define if you have size_t data type */ -#undef HAVE_SIZE_T - -/* Define to 1 if you have the `snprintf' function. */ -#undef HAVE_SNPRINTF - -/* Define to 1 if you have the `socketpair' function. */ -#undef HAVE_SOCKETPAIR - -/* Have PEERCRED socket option */ -#undef HAVE_SO_PEERCRED - -/* define if you have ssize_t data type */ -#undef HAVE_SSIZE_T - -/* Fields in struct sockaddr_storage */ -#undef HAVE_SS_FAMILY_IN_SS - -/* Define to 1 if you have the header file. */ -#undef HAVE_STDDEF_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_STDINT_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_STDLIB_H - -/* Define to 1 if you have the `strdup' function. */ -#undef HAVE_STRDUP - -/* Define to 1 if you have the `strerror' function. */ -#undef HAVE_STRERROR - -/* Define to 1 if you have the `strftime' function. */ -#undef HAVE_STRFTIME - -/* Silly mkstemp() */ -#undef HAVE_STRICT_MKSTEMP - -/* Define to 1 if you have the header file. */ -#undef HAVE_STRINGS_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_STRING_H - -/* Define to 1 if you have the `strlcat' function. */ -#undef HAVE_STRLCAT - -/* Define to 1 if you have the `strlcpy' function. */ -#undef HAVE_STRLCPY - -/* Define to 1 if you have the `strmode' function. */ -#undef HAVE_STRMODE - -/* Define to 1 if you have the `strnvis' function. */ -#undef HAVE_STRNVIS - -/* Define to 1 if you have the `strsep' function. */ -#undef HAVE_STRSEP - -/* Define to 1 if you have the `strtoll' function. */ -#undef HAVE_STRTOLL - -/* Define to 1 if you have the `strtonum' function. */ -#undef HAVE_STRTONUM - -/* Define to 1 if you have the `strtoul' function. */ -#undef HAVE_STRTOUL - -/* define if you have struct addrinfo data type */ -#undef HAVE_STRUCT_ADDRINFO - -/* define if you have struct in6_addr data type */ -#undef HAVE_STRUCT_IN6_ADDR - -/* define if you have struct sockaddr_in6 data type */ -#undef HAVE_STRUCT_SOCKADDR_IN6 - -/* define if you have struct sockaddr_storage data type */ -#undef HAVE_STRUCT_SOCKADDR_STORAGE - -/* Define to 1 if `st_blksize' is member of `struct stat'. */ -#undef HAVE_STRUCT_STAT_ST_BLKSIZE - -/* Define to 1 if the system has the type `struct timespec'. */ -#undef HAVE_STRUCT_TIMESPEC - -/* define if you have struct timeval */ -#undef HAVE_STRUCT_TIMEVAL - -/* Define to 1 if you have the `sysconf' function. */ -#undef HAVE_SYSCONF - -/* Define if you have syslen in utmpx.h */ -#undef HAVE_SYSLEN_IN_UTMPX - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_AUDIT_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_BITYPES_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_BSDTTY_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_CDEFS_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_DIR_H - -/* Define if your system defines sys_errlist[] */ -#undef HAVE_SYS_ERRLIST - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_MMAN_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_NDIR_H - -/* Define if your system defines sys_nerr */ -#undef HAVE_SYS_NERR - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_PRCTL_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_PSTAT_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_PTMS_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_SELECT_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_STAT_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_STREAM_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_STROPTS_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_STRTIO_H - -/* Force use of sys/syslog.h on Ultrix */ -#undef HAVE_SYS_SYSLOG_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_SYSMACROS_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_TIMERS_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_TIME_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_TYPES_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_SYS_UN_H - -/* Define to 1 if you have the `tcgetpgrp' function. */ -#undef HAVE_TCGETPGRP - -/* Define to 1 if you have the `tcsendbreak' function. */ -#undef HAVE_TCSENDBREAK - -/* Define to 1 if you have the `time' function. */ -#undef HAVE_TIME - -/* Define to 1 if you have the header file. */ -#undef HAVE_TIME_H - -/* Define if you have ut_time in utmp.h */ -#undef HAVE_TIME_IN_UTMP - -/* Define if you have ut_time in utmpx.h */ -#undef HAVE_TIME_IN_UTMPX - -/* Define to 1 if you have the header file. */ -#undef HAVE_TMPDIR_H - -/* Define to 1 if you have the `truncate' function. */ -#undef HAVE_TRUNCATE - -/* Define to 1 if you have the header file. */ -#undef HAVE_TTYENT_H - -/* Define if you have ut_tv in utmp.h */ -#undef HAVE_TV_IN_UTMP - -/* Define if you have ut_tv in utmpx.h */ -#undef HAVE_TV_IN_UTMPX - -/* Define if you have ut_type in utmp.h */ -#undef HAVE_TYPE_IN_UTMP - -/* Define if you have ut_type in utmpx.h */ -#undef HAVE_TYPE_IN_UTMPX - -/* define if you have uintxx_t data type */ -#undef HAVE_UINTXX_T - -/* Define to 1 if you have the header file. */ -#undef HAVE_UNISTD_H - -/* Define to 1 if you have the `unsetenv' function. */ -#undef HAVE_UNSETENV - -/* Define to 1 if the system has the type `unsigned long long'. */ -#undef HAVE_UNSIGNED_LONG_LONG - -/* Define to 1 if you have the `updwtmp' function. */ -#undef HAVE_UPDWTMP - -/* Define to 1 if you have the `updwtmpx' function. */ -#undef HAVE_UPDWTMPX - -/* Define to 1 if you have the header file. */ -#undef HAVE_USERSEC_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_UTIL_H - -/* Define to 1 if you have the `utimes' function. */ -#undef HAVE_UTIMES - -/* Define to 1 if you have the header file. */ -#undef HAVE_UTIME_H - -/* Define to 1 if you have the `utmpname' function. */ -#undef HAVE_UTMPNAME - -/* Define to 1 if you have the `utmpxname' function. */ -#undef HAVE_UTMPXNAME - -/* Define to 1 if you have the header file. */ -#undef HAVE_UTMPX_H - -/* Define to 1 if you have the header file. */ -#undef HAVE_UTMP_H - -/* define if you have u_char data type */ -#undef HAVE_U_CHAR - -/* define if you have u_int data type */ -#undef HAVE_U_INT - -/* define if you have u_int64_t data type */ -#undef HAVE_U_INT64_T - -/* define if you have u_intxx_t data type */ -#undef HAVE_U_INTXX_T - -/* Define to 1 if you have the `vasprintf' function. */ -#undef HAVE_VASPRINTF - -/* Define if va_copy exists */ -#undef HAVE_VA_COPY - -/* Define to 1 if you have the `vhangup' function. */ -#undef HAVE_VHANGUP - -/* Define to 1 if you have the header file. */ -#undef HAVE_VIS_H - -/* Define to 1 if you have the `vsnprintf' function. */ -#undef HAVE_VSNPRINTF - -/* Define to 1 if you have the `waitpid' function. */ -#undef HAVE_WAITPID - -/* Define to 1 if you have the `_getlong' function. */ -#undef HAVE__GETLONG - -/* Define to 1 if you have the `_getpty' function. */ -#undef HAVE__GETPTY - -/* Define to 1 if you have the `_getshort' function. */ -#undef HAVE__GETSHORT - -/* Define to 1 if you have the `__b64_ntop' function. */ -#undef HAVE___B64_NTOP - -/* Define to 1 if you have the `__b64_pton' function. */ -#undef HAVE___B64_PTON - -/* Define if compiler implements __FUNCTION__ */ -#undef HAVE___FUNCTION__ - -/* Define if libc defines __progname */ -#undef HAVE___PROGNAME - -/* Fields in struct sockaddr_storage */ -#undef HAVE___SS_FAMILY_IN_SS - -/* Define if __va_copy exists */ -#undef HAVE___VA_COPY - -/* Define if compiler implements __func__ */ -#undef HAVE___func__ - -/* Define this if you are using the Heimdal version of Kerberos V5 */ -#undef HEIMDAL - -/* Define if you need to use IP address instead of hostname in $DISPLAY */ -#undef IPADDR_IN_DISPLAY - -/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */ -#undef IPV4_IN_IPV6 - -/* Define if your system choked on IP TOS setting */ -#undef IP_TOS_IS_BROKEN - -/* Define if you want Kerberos 5 support */ -#undef KRB5 - -/* Define if you want TCP Wrappers support */ -#undef LIBWRAP - -/* Define to whatever link() returns for "not supported" if it doesn't return - EOPNOTSUPP. */ -#undef LINK_OPNOTSUPP_ERRNO - -/* max value of long long calculated by configure */ -#undef LLONG_MAX - -/* min value of long long calculated by configure */ -#undef LLONG_MIN - -/* Account locked with pw(1) */ -#undef LOCKED_PASSWD_PREFIX - -/* String used in /etc/passwd to denote locked account */ -#undef LOCKED_PASSWD_STRING - -/* String used in /etc/passwd to denote locked account */ -#undef LOCKED_PASSWD_SUBSTR - -/* Some versions of /bin/login need the TERM supplied on the commandline */ -#undef LOGIN_NEEDS_TERM - -/* Some systems need a utmpx entry for /bin/login to work */ -#undef LOGIN_NEEDS_UTMPX - -/* Define if your login program cannot handle end of options ("--") */ -#undef LOGIN_NO_ENDOPT - -/* If your header files don't define LOGIN_PROGRAM, then use this (detected) - from environment and PATH */ -#undef LOGIN_PROGRAM_FALLBACK - -/* Set this to your mail directory if you don't have maillock.h */ -#undef MAIL_DIRECTORY - -/* Define this if you're building with GSSAPI MechGlue. */ -#undef MECHGLUE - -/* Define on *nto-qnx systems */ -#undef MISSING_FD_MASK - -/* Define on *nto-qnx systems */ -#undef MISSING_HOWMANY - -/* Define on *nto-qnx systems */ -#undef MISSING_NFDBITS - -/* Need setpgrp to acquire controlling tty */ -#undef NEED_SETPGRP - -/* Define if the concept of ports only accessible to superusers isn't known */ -#undef NO_IPPORT_RESERVED_CONCEPT - -/* Define if you don't want to use lastlog in session.c */ -#undef NO_SSH_LASTLOG - -/* Define if X11 doesn't support AF_UNIX sockets on that system */ -#undef NO_X11_UNIX_SOCKETS - -/* libcrypto is missing AES 192 and 256 bit functions */ -#undef OPENSSL_LOBOTOMISED_AES - -/* Define if you want OpenSSL's internally seeded PRNG only */ -#undef OPENSSL_PRNG_ONLY - -/* Define to the address where bug reports for this package should be sent. */ -#undef PACKAGE_BUGREPORT - -/* Define to the full name of this package. */ -#undef PACKAGE_NAME - -/* Define to the full name and version of this package. */ -#undef PACKAGE_STRING - -/* Define to the one symbol short name of this package. */ -#undef PACKAGE_TARNAME - -/* Define to the version of this package. */ -#undef PACKAGE_VERSION - -/* Define if you are using Solaris-derived PAM which passes pam_messages to - the conversation function with an extra level of indirection */ -#undef PAM_SUN_CODEBASE - -/* Work around problematic Linux PAM modules handling of PAM_TTY */ -#undef PAM_TTY_KLUDGE - -/* must supply username to passwd */ -#undef PASSWD_NEEDS_USERNAME - -/* Port number of PRNGD/EGD random number socket */ -#undef PRNGD_PORT - -/* Location of PRNGD/EGD random number socket */ -#undef PRNGD_SOCKET - -/* read(1) can return 0 for a non-closed fd */ -#undef PTY_ZEROREAD - -/* Define this if you want support for startup/shutdown hooks */ -#undef SESSION_HOOKS - -/* Define if your platform breaks doing a seteuid before a setuid */ -#undef SETEUID_BREAKS_SETUID - -/* The size of a `char', as computed by sizeof. */ -#undef SIZEOF_CHAR - -/* The size of a `int', as computed by sizeof. */ -#undef SIZEOF_INT - -/* The size of a `long int', as computed by sizeof. */ -#undef SIZEOF_LONG_INT - -/* The size of a `long long int', as computed by sizeof. */ -#undef SIZEOF_LONG_LONG_INT - -/* The size of a `short int', as computed by sizeof. */ -#undef SIZEOF_SHORT_INT - -/* Define if you want S/Key support */ -#undef SKEY - -/* Define if your skeychallenge() function takes 4 arguments (NetBSD) */ -#undef SKEYCHALLENGE_4ARG - -/* Define if you want smartcard support */ -#undef SMARTCARD - -/* Define as const if snprintf() can declare const char *fmt */ -#undef SNPRINTF_CONST - -/* Define to a Set Process Title type if your system is supported by - bsd-setproctitle.c */ -#undef SPT_TYPE - -/* Define if sshd somehow reacquires a controlling TTY after setsid() */ -#undef SSHD_ACQUIRES_CTTY - -/* Define if pam_chauthtok wants real uid set to the unpriv'ed user */ -#undef SSHPAM_CHAUTHTOK_NEEDS_RUID - -/* Use audit debugging module */ -#undef SSH_AUDIT_EVENTS - -/* non-privileged user for privilege separation */ -#undef SSH_PRIVSEP_USER - -/* Use tunnel device compatibility to OpenBSD */ -#undef SSH_TUN_COMPAT_AF - -/* Open tunnel devices the FreeBSD way */ -#undef SSH_TUN_FREEBSD - -/* Open tunnel devices the Linux tun/tap way */ -#undef SSH_TUN_LINUX - -/* No layer 2 tunnel support */ -#undef SSH_TUN_NO_L2 - -/* Open tunnel devices the OpenBSD way */ -#undef SSH_TUN_OPENBSD - -/* Prepend the address family to IP tunnel traffic */ -#undef SSH_TUN_PREPEND_AF - -/* Define to 1 if you have the ANSI C header files. */ -#undef STDC_HEADERS - -/* Define if you want a different $PATH for the superuser */ -#undef SUPERUSER_PATH - -/* syslog_r function is safe to use in in a signal handler */ -#undef SYSLOG_R_SAFE_IN_SIGHAND - -/* Support passwords > 8 chars */ -#undef UNIXWARE_LONG_PASSWORDS - -/* Specify default $PATH */ -#undef USER_PATH - -/* Define this if you want to use libkafs' AFS support */ -#undef USE_AFS - -/* Use BSM audit module */ -#undef USE_BSM_AUDIT - -/* Use btmp to log bad logins */ -#undef USE_BTMP - -/* platform uses an in-memory credentials cache */ -#undef USE_CCAPI - -/* Use libedit for sftp */ -#undef USE_LIBEDIT - -/* Define if you want smartcard support using OpenSC */ -#undef USE_OPENSC - -/* Enable OpenSSL engine support */ -#undef USE_OPENSSL_ENGINE - -/* Define if you want to enable PAM support */ -#undef USE_PAM - -/* Use PIPES instead of a socketpair() */ -#undef USE_PIPES - -/* Define if you want smartcard support using sectok */ -#undef USE_SECTOK - -/* platform has the Security Authorization Session API */ -#undef USE_SECURITY_SESSION_API - -/* Define if you have Solaris process contracts */ -#undef USE_SOLARIS_PROCESS_CONTRACTS - -/* Define if you shouldn't strip 'tty' from your ttyname in [uw]tmp */ -#undef WITH_ABBREV_NO_TTY - -/* Define if you want to enable AIX4's authenticate function */ -#undef WITH_AIXAUTHENTICATE - -/* Define if you have/want arrays (cluster-wide session managment, not C - arrays) */ -#undef WITH_IRIX_ARRAY - -/* Define if you want IRIX audit trails */ -#undef WITH_IRIX_AUDIT - -/* Define if you want IRIX kernel jobs */ -#undef WITH_IRIX_JOBS - -/* Define if you want IRIX project management */ -#undef WITH_IRIX_PROJECT - -/* Define if you want SELinux support. */ -#undef WITH_SELINUX - -/* Define to 1 if your processor stores words with the most significant byte - first (like Motorola and SPARC, unlike Intel and VAX). */ -#undef WORDS_BIGENDIAN - -/* Define if xauth is found in your path */ -#undef XAUTH_PATH - -/* Number of bits in a file offset, on hosts where this is settable. */ -#undef _FILE_OFFSET_BITS - -/* Define for large files, on AIX-style hosts. */ -#undef _LARGE_FILES - -/* log for bad login attempts */ -#undef _PATH_BTMP - -/* Full path of your "passwd" program */ -#undef _PATH_PASSWD_PROG - -/* Specify location of ssh.pid */ -#undef _PATH_SSH_PIDDIR - -/* Define if we don't have struct __res_state in resolv.h */ -#undef __res_state - -/* Define to `__inline__' or `__inline' if that's what the C compiler - calls it, or to nothing if 'inline' is not supported under any name. */ -#ifndef __cplusplus -#undef inline -#endif - -/* type to use in place of socklen_t if not defined */ -#undef socklen_t diff --git a/openssh/configure.ac b/openssh/configure.ac index deebb72..1537967 100644 --- a/openssh/configure.ac +++ b/openssh/configure.ac @@ -127,6 +127,136 @@ AC_ARG_WITH(rpath, ] ) +# Allow user to specify flags +AC_ARG_WITH(cflags, + [ --with-cflags Specify additional flags to pass to compiler], + [ + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + CFLAGS="$CFLAGS $withval" + fi + ] +) +AC_ARG_WITH(cppflags, + [ --with-cppflags Specify additional flags to pass to preprocessor] , + [ + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + CPPFLAGS="$CPPFLAGS $withval" + fi + ] +) +AC_ARG_WITH(ldflags, + [ --with-ldflags Specify additional flags to pass to linker], + [ + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + LDFLAGS="$LDFLAGS $withval" + fi + ] +) +AC_ARG_WITH(libs, + [ --with-libs Specify additional libraries to link with], + [ + if test -n "$withval" && test "x$withval" != "xno" && \ + test "x${withval}" != "xyes"; then + LIBS="$LIBS $withval" + fi + ] +) +AC_ARG_WITH(Werror, + [ --with-Werror Build main code with -Werror], + [ + if test -n "$withval" && test "x$withval" != "xno"; then + werror_flags="-Werror" + if test "x${withval}" != "xyes"; then + werror_flags="$withval" + fi + fi + ] +) + +AC_CHECK_HEADERS( \ + bstring.h \ + crypt.h \ + crypto/sha2.h \ + dirent.h \ + endian.h \ + features.h \ + fcntl.h \ + floatingpoint.h \ + getopt.h \ + glob.h \ + ia.h \ + iaf.h \ + limits.h \ + login.h \ + maillock.h \ + ndir.h \ + net/if_tun.h \ + netdb.h \ + netgroup.h \ + pam/pam_appl.h \ + paths.h \ + pty.h \ + readpassphrase.h \ + rpc/types.h \ + security/pam_appl.h \ + sha2.h \ + shadow.h \ + stddef.h \ + stdint.h \ + string.h \ + strings.h \ + sys/audit.h \ + sys/bitypes.h \ + sys/bsdtty.h \ + sys/cdefs.h \ + sys/dir.h \ + sys/mman.h \ + sys/ndir.h \ + sys/prctl.h \ + sys/pstat.h \ + sys/select.h \ + sys/stat.h \ + sys/stream.h \ + sys/stropts.h \ + sys/strtio.h \ + sys/sysmacros.h \ + sys/time.h \ + sys/timers.h \ + sys/un.h \ + time.h \ + tmpdir.h \ + ttyent.h \ + unistd.h \ + usersec.h \ + util.h \ + utime.h \ + utmp.h \ + utmpx.h \ + vis.h \ +) + +# lastlog.h requires sys/time.h to be included first on Solaris +AC_CHECK_HEADERS(lastlog.h, [], [], [ +#ifdef HAVE_SYS_TIME_H +# include +#endif +]) + +# sys/ptms.h requires sys/stream.h to be included first on Solaris +AC_CHECK_HEADERS(sys/ptms.h, [], [], [ +#ifdef HAVE_SYS_STREAM_H +# include +#endif +]) + +# login_cap.h requires sys/types.h on NetBSD +AC_CHECK_HEADERS(login_cap.h, [], [], [ +#include +]) + # Messages for features tested for in target-specific section SIA_MSG="no" SPC_MSG="no" @@ -678,55 +808,6 @@ mips-sony-bsd|mips-sony-newsos4) ;; esac -# Allow user to specify flags -AC_ARG_WITH(cflags, - [ --with-cflags Specify additional flags to pass to compiler], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - CFLAGS="$CFLAGS $withval" - fi - ] -) -AC_ARG_WITH(cppflags, - [ --with-cppflags Specify additional flags to pass to preprocessor] , - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - CPPFLAGS="$CPPFLAGS $withval" - fi - ] -) -AC_ARG_WITH(ldflags, - [ --with-ldflags Specify additional flags to pass to linker], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - LDFLAGS="$LDFLAGS $withval" - fi - ] -) -AC_ARG_WITH(libs, - [ --with-libs Specify additional libraries to link with], - [ - if test -n "$withval" && test "x$withval" != "xno" && \ - test "x${withval}" != "xyes"; then - LIBS="$LIBS $withval" - fi - ] -) -AC_ARG_WITH(Werror, - [ --with-Werror Build main code with -Werror], - [ - if test -n "$withval" && test "x$withval" != "xno"; then - werror_flags="-Werror" - if test "x${withval}" != "xyes"; then - werror_flags="$withval" - fi - fi - ] -) - AC_MSG_CHECKING(compiler and flags for sanity) AC_RUN_IFELSE( [AC_LANG_SOURCE([ @@ -742,87 +823,6 @@ int main(){exit(0);} ) dnl Checks for header files. -AC_CHECK_HEADERS( \ - bstring.h \ - crypt.h \ - crypto/sha2.h \ - dirent.h \ - endian.h \ - features.h \ - fcntl.h \ - floatingpoint.h \ - getopt.h \ - glob.h \ - ia.h \ - iaf.h \ - limits.h \ - login.h \ - maillock.h \ - ndir.h \ - net/if_tun.h \ - netdb.h \ - netgroup.h \ - pam/pam_appl.h \ - paths.h \ - pty.h \ - readpassphrase.h \ - rpc/types.h \ - security/pam_appl.h \ - sha2.h \ - shadow.h \ - stddef.h \ - stdint.h \ - string.h \ - strings.h \ - sys/audit.h \ - sys/bitypes.h \ - sys/bsdtty.h \ - sys/cdefs.h \ - sys/dir.h \ - sys/mman.h \ - sys/ndir.h \ - sys/prctl.h \ - sys/pstat.h \ - sys/select.h \ - sys/stat.h \ - sys/stream.h \ - sys/stropts.h \ - sys/strtio.h \ - sys/sysmacros.h \ - sys/time.h \ - sys/timers.h \ - sys/un.h \ - time.h \ - tmpdir.h \ - ttyent.h \ - unistd.h \ - usersec.h \ - util.h \ - utime.h \ - utmp.h \ - utmpx.h \ - vis.h \ -) - -# lastlog.h requires sys/time.h to be included first on Solaris -AC_CHECK_HEADERS(lastlog.h, [], [], [ -#ifdef HAVE_SYS_TIME_H -# include -#endif -]) - -# sys/ptms.h requires sys/stream.h to be included first on Solaris -AC_CHECK_HEADERS(sys/ptms.h, [], [], [ -#ifdef HAVE_SYS_STREAM_H -# include -#endif -]) - -# login_cap.h requires sys/types.h on NetBSD -AC_CHECK_HEADERS(login_cap.h, [], [], [ -#include -]) - # Checks for libraries. AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match)) AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt)) @@ -2080,7 +2080,7 @@ AC_ARG_WITH(ssl-engine, AC_TRY_COMPILE( [ #include ], [ -int main(void){ENGINE_load_builtin_engines();ENGINE_register_all_complete();} +ENGINE_load_builtin_engines();ENGINE_register_all_complete(); ], [ AC_MSG_RESULT(yes) AC_DEFINE(USE_OPENSSL_ENGINE, 1, @@ -3309,7 +3309,10 @@ AC_ARG_WITH(selinux, AC_MSG_ERROR(SELinux support requires selinux.h header)) AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ], AC_MSG_ERROR(SELinux support requires libselinux library)) + save_LIBS="$LIBS" + LIBS="$LIBS $LIBSELINUX" AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level) + LIBS="$save_LIBS" fi ] ) AC_SUBST(LIBSELINUX) diff --git a/openssh/kexdhc.c b/openssh/kexdhc.c index 64de7af..d384c80 100644 --- a/openssh/kexdhc.c +++ b/openssh/kexdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhc.c,v 1.9 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: kexdhc.c,v 1.11 2006/11/06 21:25:28 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -50,7 +50,8 @@ kexdh_client(Kex *kex) Key *server_host_key; u_char *server_host_key_blob = NULL, *signature = NULL; u_char *kbuf, *hash; - u_int klen, kout, slen, sbloblen, hashlen; + u_int klen, slen, sbloblen, hashlen; + int kout; /* generate and send 'e', client DH public key */ switch (kex->kex_type) { @@ -112,13 +113,15 @@ kexdh_client(Kex *kex) klen = DH_size(dh); kbuf = xmalloc(klen); - kout = DH_compute_key(kbuf, dh_server_pub, dh); + if ((kout = DH_compute_key(kbuf, dh_server_pub, dh)) < 0) + fatal("DH_compute_key: failed"); #ifdef DEBUG_KEXDH dump_digest("shared secret", kbuf, kout); #endif if ((shared_secret = BN_new()) == NULL) fatal("kexdh_client: BN_new failed"); - BN_bin2bn(kbuf, kout, shared_secret); + if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) + fatal("kexdh_client: BN_bin2bn failed"); memset(kbuf, 0, klen); xfree(kbuf); diff --git a/openssh/kexdhs.c b/openssh/kexdhs.c index 93ec97f..8617088 100644 --- a/openssh/kexdhs.c +++ b/openssh/kexdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhs.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: kexdhs.c,v 1.9 2006/11/06 21:25:28 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -52,8 +52,8 @@ kexdh_server(Kex *kex) DH *dh; Key *server_host_key; u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; - u_int sbloblen, klen, kout, hashlen; - u_int slen; + u_int sbloblen, klen, hashlen, slen; + int kout; /* generate server DH public key */ switch (kex->kex_type) { @@ -101,13 +101,15 @@ kexdh_server(Kex *kex) klen = DH_size(dh); kbuf = xmalloc(klen); - kout = DH_compute_key(kbuf, dh_client_pub, dh); + if ((kout = DH_compute_key(kbuf, dh_client_pub, dh)) < 0) + fatal("DH_compute_key: failed"); #ifdef DEBUG_KEXDH dump_digest("shared secret", kbuf, kout); #endif if ((shared_secret = BN_new()) == NULL) fatal("kexdh_server: BN_new failed"); - BN_bin2bn(kbuf, kout, shared_secret); + if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) + fatal("kexdh_server: BN_bin2bn failed"); memset(kbuf, 0, klen); xfree(kbuf); diff --git a/openssh/kexgexc.c b/openssh/kexgexc.c index 2c19713..adb973d 100644 --- a/openssh/kexgexc.c +++ b/openssh/kexgexc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexc.c,v 1.9 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: kexgexc.c,v 1.11 2006/11/06 21:25:28 markus Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -51,7 +51,8 @@ kexgex_client(Kex *kex) BIGNUM *p = NULL, *g = NULL; Key *server_host_key; u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; - u_int klen, kout, slen, sbloblen, hashlen; + u_int klen, slen, sbloblen, hashlen; + int kout; int min, max, nbits; DH *dh; @@ -150,13 +151,15 @@ kexgex_client(Kex *kex) klen = DH_size(dh); kbuf = xmalloc(klen); - kout = DH_compute_key(kbuf, dh_server_pub, dh); + if ((kout = DH_compute_key(kbuf, dh_server_pub, dh)) < 0) + fatal("DH_compute_key: failed"); #ifdef DEBUG_KEXDH dump_digest("shared secret", kbuf, kout); #endif if ((shared_secret = BN_new()) == NULL) fatal("kexgex_client: BN_new failed"); - BN_bin2bn(kbuf, kout, shared_secret); + if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) + fatal("kexgex_client: BN_bin2bn failed"); memset(kbuf, 0, klen); xfree(kbuf); diff --git a/openssh/kexgexs.c b/openssh/kexgexs.c index 5373a63..a037f57 100644 --- a/openssh/kexgexs.c +++ b/openssh/kexgexs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.8 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.10 2006/11/06 21:25:28 markus Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -55,8 +55,8 @@ kexgex_server(Kex *kex) Key *server_host_key; DH *dh; u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; - u_int sbloblen, klen, kout, slen, hashlen; - int min = -1, max = -1, nbits = -1, type; + u_int sbloblen, klen, slen, hashlen; + int min = -1, max = -1, nbits = -1, type, kout; if (kex->load_host_key == NULL) fatal("Cannot load hostkey"); @@ -134,13 +134,15 @@ kexgex_server(Kex *kex) klen = DH_size(dh); kbuf = xmalloc(klen); - kout = DH_compute_key(kbuf, dh_client_pub, dh); + if ((kout = DH_compute_key(kbuf, dh_client_pub, dh)) < 0) + fatal("DH_compute_key: failed"); #ifdef DEBUG_KEXDH dump_digest("shared secret", kbuf, kout); #endif if ((shared_secret = BN_new()) == NULL) fatal("kexgex_server: BN_new failed"); - BN_bin2bn(kbuf, kout, shared_secret); + if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) + fatal("kexgex_server: BN_bin2bn failed"); memset(kbuf, 0, klen); xfree(kbuf); diff --git a/openssh/key.c b/openssh/key.c index d077962..5563608 100644 --- a/openssh/key.c +++ b/openssh/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.67 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: key.c,v 1.68 2006/11/06 21:25:28 markus Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -617,16 +617,18 @@ key_from_private(const Key *k) switch (k->type) { case KEY_DSA: n = key_new(k->type); - BN_copy(n->dsa->p, k->dsa->p); - BN_copy(n->dsa->q, k->dsa->q); - BN_copy(n->dsa->g, k->dsa->g); - BN_copy(n->dsa->pub_key, k->dsa->pub_key); + if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || + (BN_copy(n->dsa->q, k->dsa->q) == NULL) || + (BN_copy(n->dsa->g, k->dsa->g) == NULL) || + (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL)) + fatal("key_from_private: BN_copy failed"); break; case KEY_RSA: case KEY_RSA1: n = key_new(k->type); - BN_copy(n->rsa->n, k->rsa->n); - BN_copy(n->rsa->e, k->rsa->e); + if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || + (BN_copy(n->rsa->e, k->rsa->e) == NULL)) + fatal("key_from_private: BN_copy failed"); break; default: fatal("key_from_private: unknown type %d", k->type); diff --git a/openssh/moduli.c b/openssh/moduli.c index e18929b..44e5ddf 100644 --- a/openssh/moduli.c +++ b/openssh/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.18 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: moduli.c,v 1.19 2006/11/06 21:25:28 markus Exp $ */ /* * Copyright 1994 Phil Karn * Copyright 1996-1998, 2003 William Allen Simpson @@ -327,20 +327,26 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start) /* validation check: count the number of primes tried */ largetries = 0; - q = BN_new(); + if ((q = BN_new()) == NULL) + fatal("BN_new failed"); /* * Generate random starting point for subprime search, or use * specified parameter. */ - largebase = BN_new(); - if (start == NULL) - BN_rand(largebase, power, 1, 1); - else - BN_copy(largebase, start); + if ((largebase = BN_new()) == NULL) + fatal("BN_new failed"); + if (start == NULL) { + if (BN_rand(largebase, power, 1, 1) == 0) + fatal("BN_rand failed"); + } else { + if (BN_copy(largebase, start) == NULL) + fatal("BN_copy: failed"); + } /* ensure odd */ - BN_set_bit(largebase, 0); + if (BN_set_bit(largebase, 0) == 0) + fatal("BN_set_bit: failed"); time(&time_start); @@ -424,8 +430,10 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start) continue; /* Definitely composite, skip */ debug2("test q = largebase+%u", 2 * j); - BN_set_word(q, 2 * j); - BN_add(q, q, largebase); + if (BN_set_word(q, 2 * j) == 0) + fatal("BN_set_word failed"); + if (BN_add(q, q, largebase) == 0) + fatal("BN_add failed"); if (qfileout(out, QTYPE_SOPHIE_GERMAIN, QTEST_SIEVE, largetries, (power - 1) /* MSB */, (0), q) == -1) { ret = -1; @@ -470,9 +478,12 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) time(&time_start); - p = BN_new(); - q = BN_new(); - ctx = BN_CTX_new(); + if ((p = BN_new()) == NULL) + fatal("BN_new failed"); + if ((q = BN_new()) == NULL) + fatal("BN_new failed"); + if ((ctx = BN_CTX_new()) == NULL) + fatal("BN_CTX_new failed"); debug2("%.24s Final %u Miller-Rabin trials (%x generator)", ctime(&time_start), trials, generator_wanted); @@ -520,10 +531,13 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) case QTYPE_SOPHIE_GERMAIN: debug2("%10u: (%u) Sophie-Germain", count_in, in_type); a = q; - BN_hex2bn(&a, cp); + if (BN_hex2bn(&a, cp) == 0) + fatal("BN_hex2bn failed"); /* p = 2*q + 1 */ - BN_lshift(p, q, 1); - BN_add_word(p, 1); + if (BN_lshift(p, q, 1) == 0) + fatal("BN_lshift failed"); + if (BN_add_word(p, 1) == 0) + fatal("BN_add_word failed"); in_size += 1; generator_known = 0; break; @@ -534,9 +548,11 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) case QTYPE_UNKNOWN: debug2("%10u: (%u)", count_in, in_type); a = p; - BN_hex2bn(&a, cp); + if (BN_hex2bn(&a, cp) == 0) + fatal("BN_hex2bn failed"); /* q = (p-1) / 2 */ - BN_rshift(q, p, 1); + if (BN_rshift(q, p, 1) == 0) + fatal("BN_rshift failed"); break; default: debug2("Unknown prime type"); diff --git a/openssh/monitor.c b/openssh/monitor.c index 0514f36..4daf215 100644 --- a/openssh/monitor.c +++ b/openssh/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.88 2006/08/12 20:46:46 miod Exp $ */ +/* $OpenBSD: monitor.c,v 1.89 2006/11/07 10:31:31 markus Exp $ */ /* * Copyright 2002 Niels Provos * Copyright 2002 Markus Friedl @@ -378,7 +378,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) /* The first few requests do not require asynchronous access */ while (!authenticated) { auth_method = "unknown"; - authenticated = monitor_read(pmonitor, mon_dispatch, &ent); + authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); if (authenticated) { if (!(ent->flags & MON_AUTHDECIDE)) fatal("%s: unexpected authentication from %d", @@ -1254,7 +1254,7 @@ mm_answer_keyverify(int sock, Buffer *m) verified = key_verify(key, signature, signaturelen, data, datalen); debug3("%s: key %p signature %s", - __func__, key, verified ? "verified" : "unverified"); + __func__, key, (verified == 1) ? "verified" : "unverified"); key_free(key); xfree(blob); @@ -1269,7 +1269,7 @@ mm_answer_keyverify(int sock, Buffer *m) buffer_put_int(m, verified); mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m); - return (verified); + return (verified == 1); } static void diff --git a/openssh/monitor_fdpass.c b/openssh/monitor_fdpass.c index c5fc4c3..9f8e9cd 100644 --- a/openssh/monitor_fdpass.c +++ b/openssh/monitor_fdpass.c @@ -29,6 +29,9 @@ #include #include #include +#ifdef HAVE_SYS_UN_H +#include +#endif #include #include diff --git a/openssh/serverloop.c b/openssh/serverloop.c index 731950e..b175471 100644 --- a/openssh/serverloop.c +++ b/openssh/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.144 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: serverloop.c,v 1.145 2006/10/11 12:38:03 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -248,8 +248,10 @@ client_alive_check(void) int channel_id; /* timeout, check to see how many we have had */ - if (++client_alive_timeouts > options.client_alive_count_max) - packet_disconnect("Timeout, your session not responding."); + if (++client_alive_timeouts > options.client_alive_count_max) { + logit("Timeout, client not responding."); + cleanup_exit(255); + } /* * send a bogus global/channel request with "wantreply", diff --git a/openssh/session.c b/openssh/session.c index cc76f07..6d0c40d 100644 --- a/openssh/session.c +++ b/openssh/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.219 2006/08/29 10:40:19 djm Exp $ */ +/* $OpenBSD: session.c,v 1.220 2006/10/09 23:36:11 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved diff --git a/openssh/sftp.c b/openssh/sftp.c index c018615..a39c782 100644 --- a/openssh/sftp.c +++ b/openssh/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.92 2006/09/19 05:52:23 otto Exp $ */ +/* $OpenBSD: sftp.c,v 1.93 2006/09/30 17:48:22 ray Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -977,6 +977,7 @@ parse_args(const char **cpp, int *pflag, int *lflag, int *iflag, case I_CHOWN: case I_CHGRP: /* Get numeric arg (mandatory) */ + errno = 0; l = strtol(cp, &cp2, base); if (cp2 == cp || ((l == LONG_MIN || l == LONG_MAX) && errno == ERANGE) || l < 0) { diff --git a/openssh/ssh-agent.c b/openssh/ssh-agent.c index 08b0721..ef95eb8 100644 --- a/openssh/ssh-agent.c +++ b/openssh/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.152 2006/08/04 20:46:05 stevesk Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.153 2006/10/06 02:29:19 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/openssh/ssh-keyscan.c b/openssh/ssh-keyscan.c index 416d3f5..b198640 100644 --- a/openssh/ssh-keyscan.c +++ b/openssh/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.73 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.74 2006/10/06 02:29:19 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres . * diff --git a/openssh/ssh.1 b/openssh/ssh.1 index 6e41bcd..93be52f 100644 --- a/openssh/ssh.1 +++ b/openssh/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.263 2006/07/11 18:50:48 markus Exp $ +.\" $OpenBSD: ssh.1,v 1.265 2006/10/28 18:08:10 otto Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1077,12 +1077,22 @@ controls whether the server supports this, and at what level (layer 2 or 3 traffic). .Pp The following example would connect client network 10.0.50.0/24 -with remote network 10.0.99.0/24, provided that the SSH server -running on the gateway to the remote network, -at 192.168.1.15, allows it: +with remote network 10.0.99.0/24 using a point-to-point connection +from 10.1.1.1 to 10.1.1.2, +provided that the SSH server running on the gateway to the remote network, +at 192.168.1.15, allows it. +.Pp +On the client: .Bd -literal -offset indent # ssh -f -w 0:1 192.168.1.15 true -# ifconfig tun0 10.0.50.1 10.0.99.1 netmask 255.255.255.252 +# ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252 +# route add 10.0.99.0/24 10.1.1.2 +.Ed +.Pp +On the server: +.Bd -literal -offset indent +# ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252 +# route add 10.0.50.0/24 10.1.1.1 .Ed .Pp Client access may be more finely tuned via the @@ -1105,7 +1115,7 @@ tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john .Ed .Pp -Since a SSH-based setup entails a fair amount of overhead, +Since an SSH-based setup entails a fair amount of overhead, it may be more suited to temporary setups, such as for wireless VPNs. More permanent VPNs are better provided by tools such as diff --git a/openssh/ssh.c b/openssh/ssh.c index a7866d5..dd44efb 100644 --- a/openssh/ssh.c +++ b/openssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.293 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: ssh.c,v 1.294 2006/10/06 02:29:19 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland diff --git a/openssh/sshconnect.c b/openssh/sshconnect.c index e96f026..e016e19 100644 --- a/openssh/sshconnect.c +++ b/openssh/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.199 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.200 2006/10/10 10:12:45 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -355,9 +355,11 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, gai_strerror(gaierr)); for (attempt = 0; attempt < connection_attempts; attempt++) { - if (attempt > 0) + if (attempt > 0) { + /* Sleep a moment before retrying. */ + sleep(1); debug("Trying again..."); - + } /* * Loop through addresses for this host, and try each one in * sequence until the connection succeeds. @@ -394,9 +396,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, } if (sock != -1) break; /* Successful connection. */ - - /* Sleep a moment before retrying. */ - sleep(1); } freeaddrinfo(aitop); diff --git a/openssh/sshconnect1.c b/openssh/sshconnect1.c index 90fcb34..fd07bbf 100644 --- a/openssh/sshconnect1.c +++ b/openssh/sshconnect1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect1.c,v 1.69 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: sshconnect1.c,v 1.70 2006/11/06 21:25:28 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -563,14 +563,20 @@ ssh_kex(char *host, struct sockaddr *hostaddr) * the first 16 bytes of the session id. */ if ((key = BN_new()) == NULL) - fatal("respond_to_rsa_challenge: BN_new failed"); - BN_set_word(key, 0); + fatal("ssh_kex: BN_new failed"); + if (BN_set_word(key, 0) == 0) + fatal("ssh_kex: BN_set_word failed"); for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { - BN_lshift(key, key, 8); - if (i < 16) - BN_add_word(key, session_key[i] ^ session_id[i]); - else - BN_add_word(key, session_key[i]); + if (BN_lshift(key, key, 8) == 0) + fatal("ssh_kex: BN_lshift failed"); + if (i < 16) { + if (BN_add_word(key, session_key[i] ^ session_id[i]) + == 0) + fatal("ssh_kex: BN_add_word failed"); + } else { + if (BN_add_word(key, session_key[i]) == 0) + fatal("ssh_kex: BN_add_word failed"); + } } /* diff --git a/openssh/sshd.c b/openssh/sshd.c index f10adb8..0ffef9f 100644 --- a/openssh/sshd.c +++ b/openssh/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.347 2006/08/18 09:15:20 markus Exp $ */ +/* $OpenBSD: sshd.c,v 1.348 2006/11/06 21:25:28 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1435,13 +1435,17 @@ main(int ac, char **av) debug("sshd version %.100s", SSH_RELEASE); - /* Store privilege separation user for later use */ - if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) - fatal("Privilege separation user %s does not exist", - SSH_PRIVSEP_USER); - memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd)); - privsep_pw->pw_passwd = "*"; - privsep_pw = pwcopy(privsep_pw); + /* Store privilege separation user for later use if required. */ + if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) { + if (use_privsep || options.kerberos_authentication) + fatal("Privilege separation user %s does not exist", + SSH_PRIVSEP_USER); + } else { + memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd)); + privsep_pw = pwcopy(privsep_pw); + xfree(privsep_pw->pw_passwd); + privsep_pw->pw_passwd = xstrdup("*"); + } endpwent(); /* load private host keys */ @@ -2077,10 +2081,10 @@ do_ssh1_kex(void) * key is in the highest bits. */ if (!rsafail) { - BN_mask_bits(session_key_int, sizeof(session_key) * 8); + (void) BN_mask_bits(session_key_int, sizeof(session_key) * 8); len = BN_num_bytes(session_key_int); if (len < 0 || (u_int)len > sizeof(session_key)) { - error("do_connection: bad session key len from %s: " + error("do_ssh1_kex: bad session key len from %s: " "session_key_int %d > sizeof(session_key) %lu", get_remote_ipaddr(), len, (u_long)sizeof(session_key)); rsafail++; diff --git a/openssh/version.h b/openssh/version.h index eed06fa..047c214 100644 --- a/openssh/version.h +++ b/openssh/version.h @@ -1,4 +1,4 @@ -/* $OpenBSD: version.h,v 1.47 2006/08/30 00:14:37 djm Exp $ */ +/* $OpenBSD: version.h,v 1.48 2006/11/07 10:31:31 markus Exp $ */ #ifdef GSI #define GSI_VERSION " GSI" @@ -20,7 +20,7 @@ #define NCSA_VERSION " NCSA_GSSAPI_20061110" -#define SSH_VERSION "OpenSSH_4.4" +#define SSH_VERSION "OpenSSH_4.5" #define SSH_PORTABLE "p1" #define SSH_HPN "-hpn12v12"