summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2003-09-01 02:05:26 +0000
committerColin Watson <cjwatson@debian.org>2003-09-01 02:05:26 +0000
commit6d5a72bc1d98a42ba42f082e50a22e911c1d82d3 (patch)
tree1bf23174bdb6fc71e2846dda0eca195a418484e7
parent2ee26b431f98cf1dc0e4fb9809ad1e0c879b8c08 (diff)
parent58657d96514cd6f16d82add8d6f4adbb36765758 (diff)
Debian release 3.5p1-1.
-rw-r--r--CREDITS3
-rw-r--r--ChangeLog1608
-rw-r--r--INSTALL8
-rw-r--r--Makefile.in28
-rw-r--r--TODO38
-rw-r--r--acconfig.h15
-rw-r--r--auth-bsdauth.c4
-rw-r--r--auth-krb4.c18
-rw-r--r--auth-krb5.c20
-rw-r--r--auth-options.c7
-rw-r--r--auth-options.h3
-rw-r--r--auth-pam.c63
-rw-r--r--auth-pam.h31
-rw-r--r--auth-passwd.c16
-rw-r--r--auth-skey.c4
-rw-r--r--auth.c19
-rw-r--r--auth.h6
-rw-r--r--auth1.c49
-rw-r--r--auth2-chall.c4
-rw-r--r--auth2-none.c4
-rw-r--r--auth2-pam.c11
-rw-r--r--auth2.c28
-rw-r--r--authfd.c20
-rw-r--r--authfd.h3
-rw-r--r--autom4te-2.53.cache/output.0807
-rw-r--r--autom4te-2.53.cache/traces.01048
-rw-r--r--canohost.c26
-rw-r--r--channels.c34
-rw-r--r--channels.h1
-rw-r--r--cipher.c19
-rw-r--r--clientloop.c28
-rw-r--r--compat.c8
-rw-r--r--compat.h3
-rwxr-xr-xconfig.guess141
-rw-r--r--config.h.in30
-rwxr-xr-xconfig.sub272
-rwxr-xr-xconfigure807
-rw-r--r--configure.ac216
-rw-r--r--contrib/Makefile15
-rw-r--r--contrib/README51
-rwxr-xr-xcontrib/aix/buildbff.sh29
-rw-r--r--contrib/caldera/openssh.spec6
-rw-r--r--contrib/cygwin/README24
-rw-r--r--contrib/cygwin/ssh-host-config222
-rw-r--r--contrib/gnome-ssh-askpass1.c (renamed from contrib/gnome-ssh-askpass.c)15
-rw-r--r--contrib/gnome-ssh-askpass2.c204
-rw-r--r--contrib/redhat/openssh.spec39
-rwxr-xr-xcontrib/solaris/buildpkg.sh114
-rwxr-xr-xcontrib/solaris/opensshd.in12
-rw-r--r--contrib/suse/openssh.spec2
-rw-r--r--debian/changelog30
-rw-r--r--debian/gnome-ssh-askpass.151
-rw-r--r--debian/postinst13
-rw-r--r--debian/postrm5
-rwxr-xr-xdebian/rules12
-rw-r--r--debian/ssh-askpass-gnome.postinst6
-rw-r--r--debian/templates.es361
-rw-r--r--debian/templates.fr226
-rw-r--r--debian/templates.pl264
-rw-r--r--defines.h20
-rw-r--r--dh.c4
-rw-r--r--hostfile.c44
-rw-r--r--hostfile.h6
-rw-r--r--includes.h11
-rw-r--r--kex.h4
-rw-r--r--key.c30
-rw-r--r--log.c22
-rw-r--r--log.h3
-rw-r--r--loginrec.c9
-rw-r--r--monitor.c130
-rw-r--r--monitor.h4
-rw-r--r--monitor_fdpass.c15
-rw-r--r--monitor_mm.c64
-rw-r--r--monitor_mm.h5
-rw-r--r--monitor_wrap.c102
-rw-r--r--monitor_wrap.h14
-rw-r--r--msg.c20
-rw-r--r--msg.h4
-rw-r--r--openbsd-compat/Makefile.in4
-rw-r--r--openbsd-compat/base64.c5
-rw-r--r--openbsd-compat/bindresvport.c2
-rw-r--r--openbsd-compat/bsd-cray.c613
-rw-r--r--openbsd-compat/bsd-cray.h17
-rw-r--r--openbsd-compat/bsd-getpeereid.c56
-rw-r--r--openbsd-compat/bsd-getpeereid.h14
-rw-r--r--openbsd-compat/bsd-misc.c6
-rw-r--r--openbsd-compat/dirname.c8
-rw-r--r--openbsd-compat/getcwd.c2
-rw-r--r--openbsd-compat/getopt.c2
-rw-r--r--openbsd-compat/glob.c45
-rw-r--r--openbsd-compat/glob.h18
-rw-r--r--openbsd-compat/inet_ntoa.c6
-rw-r--r--openbsd-compat/inet_ntop.c51
-rw-r--r--openbsd-compat/mktemp.c6
-rw-r--r--openbsd-compat/openbsd-compat.h3
-rw-r--r--openbsd-compat/port-aix.c45
-rw-r--r--openbsd-compat/port-aix.h30
-rw-r--r--openbsd-compat/readpassphrase.c35
-rw-r--r--openbsd-compat/readpassphrase.h5
-rw-r--r--openbsd-compat/realpath.c6
-rw-r--r--openbsd-compat/rresvport.c2
-rw-r--r--openbsd-compat/setenv.c2
-rw-r--r--openbsd-compat/sigact.c2
-rw-r--r--openbsd-compat/strlcat.c2
-rw-r--r--openbsd-compat/strlcpy.c2
-rw-r--r--openbsd-compat/strsep.c2
-rw-r--r--openbsd-compat/sys-queue.h (renamed from openbsd-compat/fake-queue.h)0
-rw-r--r--openbsd-compat/sys-tree.h (renamed from openbsd-compat/tree.h)98
-rw-r--r--openbsd-compat/xmmap.c67
-rw-r--r--openbsd-compat/xmmap.h23
-rw-r--r--packet.c13
-rw-r--r--radix.c9
-rw-r--r--readconf.c2
-rw-r--r--rijndael.c4
-rw-r--r--scard.h6
-rw-r--r--servconf.c16
-rw-r--r--servconf.h3
-rw-r--r--serverloop.c19
-rw-r--r--session.c116
-rw-r--r--session.h4
-rw-r--r--sftp-client.c12
-rw-r--r--sftp-client.h5
-rw-r--r--sftp-common.c64
-rw-r--r--sftp-common.h4
-rw-r--r--sftp-glob.c31
-rw-r--r--sftp-glob.h5
-rw-r--r--sftp-int.c203
-rw-r--r--sftp-server.c46
-rw-r--r--sftp.06
-rw-r--r--sftp.112
-rw-r--r--sftp.c3
-rw-r--r--ssh-add.c6
-rw-r--r--ssh-agent.c60
-rw-r--r--ssh-dss.c22
-rw-r--r--ssh-keygen.c13
-rw-r--r--ssh-keyscan.c50
-rw-r--r--ssh-keysign.017
-rw-r--r--ssh-keysign.817
-rw-r--r--ssh-keysign.c35
-rw-r--r--ssh-rand-helper.c13
-rw-r--r--ssh-rsa.c119
-rw-r--r--ssh.050
-rw-r--r--ssh.157
-rw-r--r--ssh.c60
-rw-r--r--ssh.h4
-rw-r--r--ssh_config3
-rw-r--r--ssh_config.035
-rw-r--r--ssh_config.543
-rw-r--r--ssh_prng_cmds.in4
-rw-r--r--sshconnect.c120
-rw-r--r--sshconnect1.c4
-rw-r--r--sshconnect2.c12
-rw-r--r--sshd.061
-rw-r--r--sshd.840
-rw-r--r--sshd.c93
-rw-r--r--sshd_config7
-rw-r--r--sshd_config.049
-rw-r--r--sshd_config.562
-rw-r--r--sshlogin.c4
-rw-r--r--sshlogin.h4
-rw-r--r--sshpty.c8
-rw-r--r--uidswap.c15
-rw-r--r--uuencode.c5
-rw-r--r--version.h4
164 files changed, 6844 insertions, 3676 deletions
diff --git a/CREDITS b/CREDITS
index ef267530a..0c8668473 100644
--- a/CREDITS
+++ b/CREDITS
@@ -76,6 +76,7 @@ Phill Camp <P.S.S.Camp@ukc.ac.uk> - login code fix
76Rip Loomis <loomisg@cist.saic.com> - Solaris package support, fixes 76Rip Loomis <loomisg@cist.saic.com> - Solaris package support, fixes
77SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp> - Multiple bugfixes 77SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp> - Multiple bugfixes
78Simon Wilkinson <sxw@dcs.ed.ac.uk> - PAM fixes, Compat with MIT KrbV 78Simon Wilkinson <sxw@dcs.ed.ac.uk> - PAM fixes, Compat with MIT KrbV
79Solar Designer <solar@openwall.com> - many patches and technical assistance
79Svante Signell <svante.signell@telia.com> - Bugfixes 80Svante Signell <svante.signell@telia.com> - Bugfixes
80Thomas Neumann <tom@smart.ruhr.de> - Shadow passwords 81Thomas Neumann <tom@smart.ruhr.de> - Shadow passwords
81Tim Rice <tim@multitalents.net> - Portability & SCO fixes 82Tim Rice <tim@multitalents.net> - Portability & SCO fixes
@@ -90,5 +91,5 @@ Apologies to anyone I have missed.
90 91
91Damien Miller <djm@mindrot.org> 92Damien Miller <djm@mindrot.org>
92 93
93$Id: CREDITS,v 1.66 2002/04/13 01:04:40 djm Exp $ 94$Id: CREDITS,v 1.67 2002/07/28 20:31:19 stevesk Exp $
94 95
diff --git a/ChangeLog b/ChangeLog
index 67cd6caba..87604663b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,599 @@
120021003
2 - (djm) OpenBSD CVS Sync
3 - markus@cvs.openbsd.org 2002/10/01 20:34:12
4 [ssh-agent.c]
5 allow root to access the agent, since there is no protection from root.
6 - markus@cvs.openbsd.org 2002/10/01 13:24:50
7 [version.h]
8 OpenSSH 3.5
9 - (djm) Bump RPM spec version numbers
10 - (djm) Bug #406 s/msg_send/ssh_msh_send/ for Mac OS X 1.2
11
1220020930
13 - (djm) Tidy contrib/, add Makefile for GNOME passphrase dialogs,
14 tweak README
15 - (djm) OpenBSD CVS Sync
16 - mickey@cvs.openbsd.org 2002/09/27 10:42:09
17 [compat.c compat.h sshd.c]
18 add a generic match for a prober, such as sie big brother;
19 idea from stevesk@; markus@ ok
20 - stevesk@cvs.openbsd.org 2002/09/27 15:46:21
21 [ssh.1]
22 clarify compression level protocol 1 only; ok markus@ deraadt@
23
2420020927
25 - (djm) OpenBSD CVS Sync
26 - markus@cvs.openbsd.org 2002/09/25 11:17:16
27 [sshd_config]
28 sync LoginGraceTime with default
29 - markus@cvs.openbsd.org 2002/09/25 15:19:02
30 [sshd.c]
31 typo; pilot@monkey.org
32 - markus@cvs.openbsd.org 2002/09/26 11:38:43
33 [auth1.c auth.h auth-krb4.c monitor.c monitor.h monitor_wrap.c]
34 [monitor_wrap.h]
35 krb4 + privsep; ok dugsong@, deraadt@
36
3720020925
38 - (bal) Fix issue where successfull login does not clear failure counts
39 in AIX. Patch by dtucker@zip.com.au ok by djm
40 - (tim) Cray fixes (bug 367) based on patch from Wendy Palm @ cray.
41 This does not include the deattack.c fixes.
42
4320020923
44 - (djm) OpenBSD CVS Sync
45 - stevesk@cvs.openbsd.org 2002/09/23 20:46:27
46 [canohost.c]
47 change get_peer_ipaddr() and get_local_ipaddr() to not return NULL for
48 non-sockets; fixes a problem passing NULL to snprintf(). ok markus@
49 - markus@cvs.openbsd.org 2002/09/23 22:11:05
50 [monitor.c]
51 only call auth_krb5 if kerberos is enabled; ok deraadt@
52 - markus@cvs.openbsd.org 2002/09/24 08:46:04
53 [monitor.c]
54 only call kerberos code for authctxt->valid
55 - todd@cvs.openbsd.org 2002/09/24 20:59:44
56 [sshd.8]
57 tweak the example $HOME/.ssh/rc script to not show on any cmdline the
58 sensitive data it handles. This fixes bug # 402 as reported by
59 kolya@mit.edu (Nickolai Zeldovich).
60 ok markus@ and stevesk@
61
6220020923
63 - (tim) [configure.ac] s/return/exit/ patch by dtucker@zip.com.au
64
6520020922
66 - (djm) OpenBSD CVS Sync
67 - stevesk@cvs.openbsd.org 2002/09/19 14:53:14
68 [compat.c]
69 - markus@cvs.openbsd.org 2002/09/19 15:51:23
70 [ssh-add.c]
71 typo; cd@kalkatraz.de
72 - stevesk@cvs.openbsd.org 2002/09/19 16:03:15
73 [serverloop.c]
74 log IP address also; ok markus@
75 - stevesk@cvs.openbsd.org 2002/09/20 18:41:29
76 [auth.c]
77 log illegal user here for missing privsep case (ssh2).
78 this is executed in the monitor. ok markus@
79
8020020919
81 - (djm) OpenBSD CVS Sync
82 - stevesk@cvs.openbsd.org 2002/09/12 19:11:52
83 [ssh-agent.c]
84 %u for uid print; ok markus@
85 - stevesk@cvs.openbsd.org 2002/09/12 19:50:36
86 [session.c ssh.1]
87 add SSH_CONNECTION and deprecate SSH_CLIENT; bug #384. ok markus@
88 - stevesk@cvs.openbsd.org 2002/09/13 19:23:09
89 [channels.c sshconnect.c sshd.c]
90 remove use of SO_LINGER, it should not be needed. error check
91 SO_REUSEADDR. fixup comments. ok markus@
92 - stevesk@cvs.openbsd.org 2002/09/16 19:55:33
93 [session.c]
94 log when _PATH_NOLOGIN exists; ok markus@
95 - stevesk@cvs.openbsd.org 2002/09/16 20:12:11
96 [sshd_config.5]
97 more details on X11Forwarding security issues and threats; ok markus@
98 - stevesk@cvs.openbsd.org 2002/09/16 22:03:13
99 [sshd.8]
100 reference moduli(5) in FILES /etc/moduli.
101 - itojun@cvs.openbsd.org 2002/09/17 07:47:02
102 [channels.c]
103 don't quit while creating X11 listening socket.
104 http://mail-index.netbsd.org/current-users/2002/09/16/0005.html
105 got from portable. markus ok
106 - djm@cvs.openbsd.org 2002/09/19 01:58:18
107 [ssh.c sshconnect.c]
108 bugzilla.mindrot.org #223 - ProxyCommands don't exit.
109 Patch from dtucker@zip.com.au; ok markus@
110
11120020912
112 - (djm) Made GNOME askpass programs return non-zero if cancel button is
113 pressed.
114 - (djm) Added getpeereid() replacement. Properly implemented for systems
115 with SO_PEERCRED support. Faked for systems which lack it.
116 - (djm) Sync sys/tree.h with OpenBSD -current. Rename tree.h and
117 fake-queue.h to sys-tree.h and sys-queue.h
118 - (djm) OpenBSD CVS Sync
119 - markus@cvs.openbsd.org 2002/09/08 20:24:08
120 [hostfile.h]
121 no comma at end of enumerator list
122 - itojun@cvs.openbsd.org 2002/09/09 06:48:06
123 [auth1.c auth.h auth-krb5.c monitor.c monitor.h]
124 [monitor_wrap.c monitor_wrap.h]
125 kerberos support for privsep. confirmed to work by lha@stacken.kth.se
126 patch from markus
127 - markus@cvs.openbsd.org 2002/09/09 14:54:15
128 [channels.c kex.h key.c monitor.c monitor_wrap.c radix.c uuencode.c]
129 signed vs unsigned from -pedantic; ok henning@
130 - markus@cvs.openbsd.org 2002/09/10 20:24:47
131 [ssh-agent.c]
132 check the euid of the connecting process with getpeereid(2);
133 ok provos deraadt stevesk
134 - stevesk@cvs.openbsd.org 2002/09/11 17:55:03
135 [ssh.1]
136 add agent and X11 forwarding warning text from ssh_config.5; ok markus@
137 - stevesk@cvs.openbsd.org 2002/09/11 18:27:26
138 [authfd.c authfd.h ssh.c]
139 don't connect to agent to test for presence if we've previously
140 connected; ok markus@
141 - djm@cvs.openbsd.org 2002/09/11 22:41:50
142 [sftp.1 sftp-client.c sftp-client.h sftp-common.c sftp-common.h]
143 [sftp-glob.c sftp-glob.h sftp-int.c sftp-server.c]
144 support for short/long listings and globbing in "ls"; ok markus@
145 - djm@cvs.openbsd.org 2002/09/12 00:13:06
146 [sftp-int.c]
147 zap unused var introduced in last commit
148
14920020911
150 - (djm) Sync openbsd-compat with OpenBSD -current
151
15220020910
153 - (djm) Bug #365: Read /.ssh/environment properly under CygWin.
154 Patch from Mark Bradshaw <bradshaw@staff.crosswalk.com>
155 - (djm) Bug #138: Make protocol 1 blowfish work with old OpenSSL.
156 Patch from Robert Halubek <rob@adso.com.pl>
157
15820020905
159 - (djm) OpenBSD CVS Sync
160 - stevesk@cvs.openbsd.org 2002/09/04 18:52:42
161 [servconf.c sshd.8 sshd_config.5]
162 default LoginGraceTime to 2m; 1m may be too short for slow systems.
163 ok markus@
164 - (djm) Merge openssh-TODO.patch from Redhat (null) beta
165 - (djm) Add gnome-ssh-askpass2.c (gtk2) by merge with patch from
166 Nalin Dahyabhai <nalin@redhat.com>
167 - (djm) Add support for building gtk2 password requestor from Redhat beta
168
16920020903
170 - (djm) Patch from itojun@ for Darwin OS: test getaddrinfo, reorder libcrypt
171 - (djm) Fix Redhat RPM build dependancy test
172 - (djm) OpenBSD CVS Sync
173 - markus@cvs.openbsd.org 2002/08/12 10:46:35
174 [ssh-agent.c]
175 make ssh-agent setgid, disallow ptrace.
176 - espie@cvs.openbsd.org 2002/08/21 11:20:59
177 [sshd.8]
178 `RSA' updated to refer to `public key', where it matters.
179 okay markus@
180 - stevesk@cvs.openbsd.org 2002/08/21 19:38:06
181 [servconf.c sshd.8 sshd_config sshd_config.5]
182 change LoginGraceTime default to 1 minute; ok mouring@ markus@
183 - stevesk@cvs.openbsd.org 2002/08/21 20:10:28
184 [ssh-agent.c]
185 raise listen backlog; ok markus@
186 - stevesk@cvs.openbsd.org 2002/08/22 19:27:53
187 [ssh-agent.c]
188 use common close function; ok markus@
189 - stevesk@cvs.openbsd.org 2002/08/22 19:38:42
190 [clientloop.c]
191 format with current EscapeChar; bugzilla #388 from wknox@mitre.org.
192 ok markus@
193 - stevesk@cvs.openbsd.org 2002/08/22 20:57:19
194 [ssh-agent.c]
195 shutdown(SHUT_RDWR) not needed before close here; ok markus@
196 - markus@cvs.openbsd.org 2002/08/22 21:33:58
197 [auth1.c auth2.c]
198 auth_root_allowed() is handled by the monitor in the privsep case,
199 so skip this for use_privsep, ok stevesk@, fixes bugzilla #387/325
200 - markus@cvs.openbsd.org 2002/08/22 21:45:41
201 [session.c]
202 send signal name (not signal number) in "exit-signal" message; noticed
203 by galb@vandyke.com
204 - stevesk@cvs.openbsd.org 2002/08/27 17:13:56
205 [ssh-rsa.c]
206 RSA_public_decrypt() returns -1 on error so len must be signed;
207 ok markus@
208 - stevesk@cvs.openbsd.org 2002/08/27 17:18:40
209 [ssh_config.5]
210 some warning text for ForwardAgent and ForwardX11; ok markus@
211 - stevesk@cvs.openbsd.org 2002/08/29 15:57:25
212 [monitor.c session.c sshlogin.c sshlogin.h]
213 pass addrlen with sockaddr *; from Hajimu UMEMOTO <ume@FreeBSD.org>
214 NOTE: there are also p-specific parts to this patch. ok markus@
215 - stevesk@cvs.openbsd.org 2002/08/29 16:02:54
216 [ssh.1 ssh.c]
217 deprecate -P as UsePrivilegedPort defaults to no now; ok markus@
218 - stevesk@cvs.openbsd.org 2002/08/29 16:09:02
219 [ssh_config.5]
220 more on UsePrivilegedPort and setuid root; ok markus@
221 - stevesk@cvs.openbsd.org 2002/08/29 19:49:42
222 [ssh.c]
223 shrink initial privilege bracket for setuid case; ok markus@
224 - stevesk@cvs.openbsd.org 2002/08/29 22:54:10
225 [ssh_config.5 sshd_config.5]
226 state XAuthLocation is a full pathname
227
22820020820
229 - OpenBSD CVS Sync
230 - millert@cvs.openbsd.org 2002/08/02 14:43:15
231 [monitor.c monitor_mm.c]
232 Change mm_zalloc() sanity checks to be more in line with what
233 we do in calloc() and add a check to monitor_mm.c.
234 OK provos@ and markus@
235 - marc@cvs.openbsd.org 2002/08/02 16:00:07
236 [ssh.1 sshd.8]
237 note that .ssh/environment is only read when
238 allowed (PermitUserEnvironment in sshd_config).
239 OK markus@
240 - markus@cvs.openbsd.org 2002/08/02 21:23:41
241 [ssh-rsa.c]
242 diff is u_int (2x); ok deraadt/provos
243 - markus@cvs.openbsd.org 2002/08/02 22:20:30
244 [ssh-rsa.c]
245 replace RSA_verify with our own version and avoid the OpenSSL ASN.1 parser
246 for authentication; ok deraadt/djm
247 - aaron@cvs.openbsd.org 2002/08/08 13:50:23
248 [sshconnect1.c]
249 Use & to test if bits are set, not &&; markus@ ok.
250 - stevesk@cvs.openbsd.org 2002/08/08 23:54:52
251 [auth.c]
252 typo in comment
253 - stevesk@cvs.openbsd.org 2002/08/09 17:21:42
254 [sshd_config.5]
255 use Op for mdoc conformance; from esr@golux.thyrsus.com
256 ok aaron@
257 - stevesk@cvs.openbsd.org 2002/08/09 17:41:12
258 [sshd_config.5]
259 proxy vs. fake display
260 - stevesk@cvs.openbsd.org 2002/08/12 17:30:35
261 [ssh.1 sshd.8 sshd_config.5]
262 more PermitUserEnvironment; ok markus@
263 - stevesk@cvs.openbsd.org 2002/08/17 23:07:14
264 [ssh.1]
265 ForwardAgent has defaulted to no for over 2 years; be more clear here.
266 - stevesk@cvs.openbsd.org 2002/08/17 23:55:01
267 [ssh_config.5]
268 ordered list here
269 - (bal) [defines.h] Some platforms don't have SIZE_T_MAX. So assign
270 it to ULONG_MAX.
271
27220020813
273 - (tim) [configure.ac] Display OpenSSL header/library version.
274 Patch by dtucker@zip.com.au
275
27620020731
277 - (bal) OpenBSD CVS Sync
278 - markus@cvs.openbsd.org 2002/07/24 16:11:18
279 [hostfile.c hostfile.h sshconnect.c]
280 print out all known keys for a host if we get a unknown host key,
281 see discussion at http://marc.theaimsgroup.com/?t=101069210100016&r=1&w=4
282
283 the ssharp mitm tool attacks users in a similar way, so i'd like to
284 pointed out again:
285 A MITM attack is always possible if the ssh client prints:
286 The authenticity of host 'bla' can't be established.
287 (protocol version 2 with pubkey authentication allows you to detect
288 MITM attacks)
289 - mouring@cvs.openbsd.org 2002/07/25 01:16:59
290 [sftp.c]
291 FallBackToRsh does not exist anywhere else. Remove it from here.
292 OK deraadt.
293 - markus@cvs.openbsd.org 2002/07/29 18:57:30
294 [sshconnect.c]
295 print file:line
296 - markus@cvs.openbsd.org 2002/07/30 17:03:55
297 [auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5]
298 add PermitUserEnvironment (off by default!); from dot@dotat.at;
299 ok provos, deraadt
300
30120020730
302 - (bal) [uidswap.c] SCO compile correction by gert@greenie.muc.de
303
30420020728
305 - (stevesk) [auth-pam.c] should use PAM_MSG_MEMBER(); from solar
306 - (stevesk) [CREDITS] solar
307 - (stevesk) [ssh-rand-helper.c] RAND_bytes() and SHA1_Final() unsigned
308 char arg.
309
31020020725
311 - (djm) Remove some cruft from INSTALL
312 - (djm) Latest config.guess and config.sub from ftp://ftp.gnu.org/gnu/config/
313
31420020723
315 - (bal) [bsd-cray.c bsd-cray.h] Part 2 of Cray merger.
316 - (bal) sync ID w/ ssh-agent.c
317 - (bal) OpenBSD Sync
318 - markus@cvs.openbsd.org 2002/07/19 15:43:33
319 [log.c log.h session.c sshd.c]
320 remove fatal cleanups after fork; based on discussions with and code
321 from solar.
322 - stevesk@cvs.openbsd.org 2002/07/19 17:42:40
323 [ssh.c]
324 display a warning from ssh when XAuthLocation does not exist or xauth
325 returned no authentication data. ok markus@
326 - stevesk@cvs.openbsd.org 2002/07/21 18:32:20
327 [auth-options.c]
328 unneeded includes
329 - stevesk@cvs.openbsd.org 2002/07/21 18:34:43
330 [auth-options.h]
331 remove invalid comment
332 - markus@cvs.openbsd.org 2002/07/22 11:03:06
333 [session.c]
334 fallback to _PATH_STDPATH on setusercontext+LOGIN_SETPATH errors;
335 - stevesk@cvs.openbsd.org 2002/07/22 17:32:56
336 [monitor.c]
337 u_int here; ok provos@
338 - stevesk@cvs.openbsd.org 2002/07/23 16:03:10
339 [sshd.c]
340 utmp_len is unsigned; display error consistent with other options.
341 ok markus@
342 - stevesk@cvs.openbsd.org 2002/07/15 17:15:31
343 [uidswap.c]
344 little more debugging; ok markus@
345
34620020722
347 - (bal) AIX tty data limiting patch fix by leigh@solinno.co.uk
348 - (stevesk) [xmmap.c] missing prototype for fatal()
349 - (bal) [configure.ac defines.h loginrec.c sshd.c sshpty.c] Partial sync
350 with Cray (mostly #ifdef renaming). Patch by wendyp@cray.com.
351 - (bal) [configure.ac] Missing ;; from cray patch.
352 - (bal) [monitor_mm.c openbsd-compat/xmmap.h] Move xmmap() defines
353 into it's own header.
354 - (stevesk) [auth-pam.[ch] session.c] pam_getenvlist() must be
355 freed by the caller; add free_pam_environment() and use it.
356 - (stevesk) [auth-pam.c] typo in comment
357
35820020721
359 - (stevesk) [auth-pam.c] merge cosmetic changes from solar's
360 openssh-3.4p1-owl-password-changing.diff
361 - (stevesk) [auth-pam.c] merge rest of solar's PAM patch;
362 PAM_NEW_AUTHTOK_REQD remains in #if 0 for now.
363 - (stevesk) [auth-pam.c] cast to avoid initialization type mismatch
364 warning on pam_conv struct conversation function.
365 - (stevesk) [auth-pam.h] license
366 - (stevesk) [auth-pam.h] unneeded include
367 - (stevesk) [auth-pam.[ch] ssh.h] move SSHD_PAM_SERVICE to auth-pam.h
368
36920020720
370 - (stevesk) [ssh-keygen.c] bug #231: always init/seed_rng().
371
37220020719
373 - (tim) [contrib/solaris/buildpkg.sh] create privsep user/group if needed.
374 Patch by dtucker@zip.com.au
375 - (tim) [configure.ac] test for libxnet on HP. Patch by dtucker@zip.com.au
376
37720020718
378 - (tim) [defines.h] Bug 313 patch by dirk.meyer@dinoex.sub.org
379 - (tim) [monitor_mm.c] add missing declaration for xmmap(). Reported
380 by ayamura@ayamura.org
381 - (tim) [configure.ac] Bug 267 rework int64_t test.
382 - (tim) [includes.h] Bug 267 add stdint.h
383
38420020717
385 - (bal) aixbff package updated by dtucker@zip.com.au
386 - (tim) [configure.ac] change how we do paths in AC_PATH_PROGS tests
387 for autoconf 2.53. Based on a patch by jrj@purdue.edu
388
38920020716
390 - (tim) [contrib/solaris/opensshd.in] Only kill sshd if .pid file found
391
39220020715
393 - (bal) OpenBSD CVS Sync
394 - itojun@cvs.openbsd.org 2002/07/12 13:29:09
395 [sshconnect.c]
396 print connect failure during debugging mode.
397 - markus@cvs.openbsd.org 2002/07/12 15:50:17
398 [cipher.c]
399 EVP_CIPH_CUSTOM_IV for our own rijndael
400 - (bal) Remove unused tty defined in do_setusercontext() pointed out by
401 dtucker@zip.com.au plus a a more KNF since I am near it.
402 - (bal) Privsep user creation support in Solaris buildpkg.sh by
403 dtucker@zip.com.au
404
40520020714
406 - (tim) [Makefile.in] replace "id sshd" with "sshd -t"
407 - (bal/tim) [acconfig.h configure.ac monitor_mm.c servconf.c
408 openbsd-compat/Makefile.in] support compression on platforms that
409 have no/broken MAP_ANON. Moved code to openbsd-compat/xmmap.c
410 Based on patch from nalin@redhat.com of code extracted from Owl's package
411 - (tim) [ssh_prng_cmds.in] Bug 323 arp -n flag doesn't exist under Solaris.
412 report by chris@by-design.net
413 - (tim) [loginrec.c] Bug 347: Fix typo (WTMPX_FILE) report by rodney@bond.net
414 - (tim) [loginrec.c] Bug 348: add missing found = 1; to wtmpx_islogin()
415 report by rodney@bond.net
416
41720020712
418 - (tim) [Makefile.in] quiet down install-files: and check-user:
419 - (tim) [configure.ac] remove unused filepriv line
420
42120020710
422 - (tim) [contrib/cygwin/ssh-host-config] explicitely sets the permissions
423 on /var/empty to 755 Patch by vinschen@redhat.com
424 - (bal) OpenBSD CVS Sync
425 - itojun@cvs.openbsd.org 2002/07/09 11:56:50
426 [sshconnect.c]
427 silently try next address on connect(2). markus ok
428 - itojun@cvs.openbsd.org 2002/07/09 11:56:27
429 [canohost.c]
430 suppress log on reverse lookup failiure, as there's no real value in
431 doing so.
432 markus ok
433 - itojun@cvs.openbsd.org 2002/07/09 12:04:02
434 [sshconnect.c]
435 ed static function (less warnings)
436 - stevesk@cvs.openbsd.org 2002/07/09 17:46:25
437 [sshd_config.5]
438 clarify no preference ordering in protocol list; ok markus@
439 - itojun@cvs.openbsd.org 2002/07/10 10:28:15
440 [sshconnect.c]
441 bark if all connection attempt fails.
442 - deraadt@cvs.openbsd.org 2002/07/10 17:53:54
443 [rijndael.c]
444 use right sizeof in memcpy; markus ok
445
44620020709
447 - (bal) NO_IPPORT_RESERVED_CONCEPT used instead of CYGWIN so other platforms
448 lacking that concept can share it. Patch by vinschen@redhat.com
449
45020020708
451 - (tim) [openssh/contrib/solaris/buildpkg.sh] add PKG_INSTALL_ROOT to
452 work in a jumpstart environment. patch by kbrint@rufus.net
453 - (tim) [Makefile.in] workaround for broken pakadd on some systems.
454 - (tim) [configure.ac] fix libc89 utimes test. Mention default path for
455 --with-privsep-path=
456
45720020707
458 - (tim) [Makefile.in] use umask instead of chmod on $(PRIVSEP_PATH)
459 - (tim) [acconfig.h configure.ac sshd.c]
460 s/BROKEN_FD_PASSING/DISABLE_FD_PASSING/
461 - (tim) [contrib/cygwin/ssh-host-config] sshd account creation fixes
462 patch from vinschen@redhat.com
463 - (bal) [realpath.c] Updated with OpenBSD tree.
464 - (bal) OpenBSD CVS Sync
465 - deraadt@cvs.openbsd.org 2002/07/04 04:15:33
466 [key.c monitor_wrap.c sftp-glob.c ssh-dss.c ssh-rsa.c]
467 patch memory leaks; grendel@zeitbombe.org
468 - deraadt@cvs.openbsd.org 2002/07/04 08:12:15
469 [channels.c packet.c]
470 blah blah minor nothing as i read and re-read and re-read...
471 - markus@cvs.openbsd.org 2002/07/04 10:41:47
472 [key.c monitor_wrap.c ssh-dss.c ssh-rsa.c]
473 don't allocate, copy, and discard if there is not interested in the data;
474 ok deraadt@
475 - deraadt@cvs.openbsd.org 2002/07/06 01:00:49
476 [log.c]
477 KNF
478 - deraadt@cvs.openbsd.org 2002/07/06 01:01:26
479 [ssh-keyscan.c]
480 KNF, realloc fix, and clean usage
481 - stevesk@cvs.openbsd.org 2002/07/06 17:47:58
482 [ssh-keyscan.c]
483 unused variable
484 - (bal) Minor KNF on ssh-keyscan.c
485
48620020705
487 - (tim) [configure.ac] AIX 4.2.1 has authenticate() in libs.
488 Reported by Darren Tucker <dtucker@zip.com.au>
489 - (tim) [contrib/cygwin/ssh-host-config] double slash corrction
490 from vinschen@redhat.com
491
49220020704
493 - (bal) Limit data to TTY for AIX only (Newer versions can't handle the
494 faster data rate) Bug #124
495 - (bal) glob.c defines TILDE and AIX also defines it. #undef it first.
496 bug #265
497 - (bal) One too many nulls in ports-aix.c
498
49920020703
500 - (bal) Updated contrib/cygwin/ patch by vinschen@redhat.com
501 - (bal) minor correction to utimes() replacement. Patch by
502 onoe@sm.sony.co.jp
503 - OpenBSD CVS Sync
504 - markus@cvs.openbsd.org 2002/06/27 08:49:44
505 [dh.c ssh-keyscan.c sshconnect.c]
506 more checks for NULL pointers; from grendel@zeitbombe.org; ok deraadt@
507 - deraadt@cvs.openbsd.org 2002/06/27 09:08:00
508 [monitor.c]
509 improve mm_zalloc check; markus ok
510 - deraadt@cvs.openbsd.org 2002/06/27 10:35:47
511 [auth2-none.c monitor.c sftp-client.c]
512 use xfree()
513 - stevesk@cvs.openbsd.org 2002/06/27 19:49:08
514 [ssh-keyscan.c]
515 use convtime(); ok markus@
516 - millert@cvs.openbsd.org 2002/06/28 01:49:31
517 [monitor_mm.c]
518 tree(3) wants an int return value for its compare functions and
519 the difference between two pointers is not an int. Just do the
520 safest thing and store the result in a long and then return 0,
521 -1, or 1 based on that result.
522 - deraadt@cvs.openbsd.org 2002/06/28 01:50:37
523 [monitor_wrap.c]
524 use ssize_t
525 - deraadt@cvs.openbsd.org 2002/06/28 10:08:25
526 [sshd.c]
527 range check -u option at invocation
528 - deraadt@cvs.openbsd.org 2002/06/28 23:05:06
529 [sshd.c]
530 gidset[2] -> gidset[1]; markus ok
531 - deraadt@cvs.openbsd.org 2002/06/30 21:54:16
532 [auth2.c session.c sshd.c]
533 lint asks that we use names that do not overlap
534 - deraadt@cvs.openbsd.org 2002/06/30 21:59:45
535 [auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c
536 monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c
537 sshconnect2.c sshd.c]
538 minor KNF
539 - deraadt@cvs.openbsd.org 2002/07/01 16:15:25
540 [msg.c]
541 %u
542 - markus@cvs.openbsd.org 2002/07/01 19:48:46
543 [sshconnect2.c]
544 for compression=yes, we fallback to no-compression if the server does
545 not support compression, vice versa for compression=no. ok mouring@
546 - markus@cvs.openbsd.org 2002/07/03 09:55:38
547 [ssh-keysign.c]
548 use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld)
549 in order to avoid a possible Kocher timing attack pointed out by Charles
550 Hannum; ok provos@
551 - markus@cvs.openbsd.org 2002/07/03 14:21:05
552 [ssh-keysign.8 ssh-keysign.c ssh.c ssh_config]
553 re-enable ssh-keysign's sbit, but make ssh-keysign read
554 /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled
555 globally. based on discussions with deraadt, itojun and sommerfeld;
556 ok itojun@
557 - (bal) Failed password attempts don't increment counter on AIX. Bug #145
558 - (bal) Missed Makefile.in change. keysign needs readconf.o
559 - (bal) Clean up aix_usrinfo(). Ignore TTY= period I guess.
560
56120020702
562 - (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc &
563 friends consistently. Spotted by Solar Designer <solar@openwall.com>
564
56520020629
566 - (bal) fix to auth2-pam.c to swap fatal() arguments, A bit of style
567 clean up while I'm near it.
568
56920020628
570 - (stevesk) [sshd_config] PAMAuthenticationViaKbdInt no; commented
571 options should contain default value. from solar.
572 - (bal) Cygwin uid0 fix by vinschen@redhat.com
573 - (bal) s/config.h/includes.h/ in openbsd-compat/ for *.c. Otherwise wise
574 have issues of our fixes not propogating right (ie bcopy instead of
575 memmove). OK tim
576 - (bal) FreeBSD needs <sys/types.h> to detect if mmap() is supported.
577 Bug #303
578
57920020627
580 - OpenBSD CVS Sync
581 - deraadt@cvs.openbsd.org 2002/06/26 14:49:36
582 [monitor.c]
583 correct %u
584 - deraadt@cvs.openbsd.org 2002/06/26 14:50:04
585 [monitor_fdpass.c]
586 use ssize_t for recvmsg() and sendmsg() return
587 - markus@cvs.openbsd.org 2002/06/26 14:51:33
588 [ssh-add.c]
589 fix exit code for -X/-x
590 - deraadt@cvs.openbsd.org 2002/06/26 15:00:32
591 [monitor_wrap.c]
592 more %u
593 - markus@cvs.openbsd.org 2002/06/26 22:27:32
594 [ssh-keysign.c]
595 bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
596
120020626 59720020626
2 - (stevesk) [monitor.c] remove duplicate proto15 dispatch entry for PAM 598 - (stevesk) [monitor.c] remove duplicate proto15 dispatch entry for PAM
3 - (bal) OpenBSD CVS Sync 599 - (bal) OpenBSD CVS Sync
@@ -68,6 +664,8 @@
68 - (djm) Update spec files for release 664 - (djm) Update spec files for release
69 - (djm) Fix int overflow in auth2-pam.c, similar to one discovered by ISS 665 - (djm) Fix int overflow in auth2-pam.c, similar to one discovered by ISS
70 - (djm) Release 3.4p1 666 - (djm) Release 3.4p1
667 - (tim) [contrib/caldera/openssh.spec] remove 2 configure options I put in
668 by mistake
71 669
7220020625 67020020625
73 - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh 671 - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh
@@ -159,1012 +757,4 @@
159 save auth method before monitor_reset_key_state(); bugzilla bug #284; 757 save auth method before monitor_reset_key_state(); bugzilla bug #284;
160 ok provos@ 758 ok provos@
161 759
16220020622 760$Id: ChangeLog,v 1.2491.2.1 2002/10/03 05:45:53 djm Exp $
163 - (djm) Update README.privsep; spotted by fries@
164 - (djm) Release 3.3p1
165 - (bal) getopt now can be staticly compiled on those platforms missing
166 optreset. Patch by binder@arago.de
167
16820020621
169 - (djm) Sync:
170 - djm@cvs.openbsd.org 2002/06/21 05:50:51
171 [monitor.c]
172 Don't initialise compression buffers when compression=no in sshd_config;
173 ok Niels@
174 - ID sync for auth-passwd.c
175 - (djm) Warn and disable compression on platforms which can't handle both
176 useprivilegeseparation=yes and compression=yes
177 - (djm) contrib/redhat/openssh.spec hacking:
178 - Merge in spec changes from seba@iq.pl (Sebastian Pachuta)
179 - Add new {ssh,sshd}_config.5 manpages
180 - Add new ssh-keysign program and remove setuid from ssh client
181
18220020620
183 - (bal) Fixed AIX environment handling, use setpcred() instead of existing
184 code. (Bugzilla Bug 261)
185 - (bal) OpenBSD CVS Sync
186 - todd@cvs.openbsd.org 2002/06/14 21:35:00
187 [monitor_wrap.c]
188 spelling; from Brian Poole <raj@cerias.purdue.edu>
189 - markus@cvs.openbsd.org 2002/06/15 00:01:36
190 [authfd.c authfd.h ssh-add.c ssh-agent.c]
191 break agent key lifetime protocol and allow other contraints for key
192 usage.
193 - markus@cvs.openbsd.org 2002/06/15 00:07:38
194 [authfd.c authfd.h ssh-add.c ssh-agent.c]
195 fix stupid typo
196 - markus@cvs.openbsd.org 2002/06/15 01:27:48
197 [authfd.c authfd.h ssh-add.c ssh-agent.c]
198 remove the CONSTRAIN_IDENTITY messages and introduce a new
199 ADD_ID message with contraints instead. contraints can be
200 only added together with the private key.
201 - itojun@cvs.openbsd.org 2002/06/16 21:30:58
202 [ssh-keyscan.c]
203 use TAILQ_xx macro. from lukem@netbsd. markus ok
204 - deraadt@cvs.openbsd.org 2002/06/17 06:05:56
205 [scp.c]
206 make usage like man page
207 - deraadt@cvs.openbsd.org 2002/06/19 00:27:55
208 [auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c
209 authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1
210 ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c
211 ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c
212 xmalloc.h]
213 KNF done automatically while reading....
214 - markus@cvs.openbsd.org 2002/06/19 18:01:00
215 [cipher.c monitor.c monitor_wrap.c packet.c packet.h]
216 make the monitor sync the transfer ssh1 session key;
217 transfer keycontext only for RC4 (this is still depends on EVP
218 implementation details and is broken).
219 - stevesk@cvs.openbsd.org 2002/06/20 19:56:07
220 [ssh.1 sshd.8]
221 move configuration file options from ssh.1/sshd.8 to
222 ssh_config.5/sshd_config.5; ok deraadt@ millert@
223 - stevesk@cvs.openbsd.org 2002/06/20 20:00:05
224 [scp.1 sftp.1]
225 ssh_config(5)
226 - stevesk@cvs.openbsd.org 2002/06/20 20:03:34
227 [ssh_config sshd_config]
228 refer to config file man page
229 - markus@cvs.openbsd.org 2002/06/20 23:05:56
230 [servconf.c servconf.h session.c sshd.c]
231 allow Compression=yes/no in sshd_config
232 - markus@cvs.openbsd.org 2002/06/20 23:37:12
233 [sshd_config]
234 add Compression
235 - stevesk@cvs.openbsd.org 2002/05/25 20:40:08
236 [LICENCE]
237 missed Per Allansson (auth2-chall.c)
238 - (bal) Cygwin special handling of empty passwords wrong. Patch by
239 vinschen@redhat.com
240 - (bal) Missed integrating ssh_config.5 and sshd_config.5
241 - (bal) Still more Makefile.in updates for ssh{d}_config.5
242
24320020613
244 - (bal) typo of setgroup for cygwin. Patch by vinschen@redhat.com
245
24620020612
247 - (bal) OpenBSD CVS Sync
248 - markus@cvs.openbsd.org 2002/06/11 23:03:54
249 [ssh.c]
250 remove unused cruft.
251 - markus@cvs.openbsd.org 2002/06/12 01:09:52
252 [ssh.c]
253 ssh_connect returns 0 on success
254 - (bal) Build noop setgroups() for cygwin to clean up code (For other
255 platforms without the setgroups() requirement, you MUST define
256 SETGROUPS_NOOP in the configure.ac) Based on patch by vinschen@redhat.com
257 - (bal) Some platforms don't have ONLCR (Notable Mint)
258
25920020611
260 - (bal) ssh-agent.c RCSD fix (|unexpand already done)
261 - (bal) OpenBSD CVS Sync
262 - stevesk@cvs.openbsd.org 2002/06/09 22:15:15
263 [ssh.1]
264 update for no setuid root and ssh-keysign; ok deraadt@
265 - itojun@cvs.openbsd.org 2002/06/09 22:17:21
266 [sshconnect.c]
267 pass salen to sockaddr_ntop so that we are happy on linux/solaris
268 - stevesk@cvs.openbsd.org 2002/06/10 16:53:06
269 [auth-rsa.c ssh-rsa.c]
270 display minimum RSA modulus in error(); ok markus@
271 - stevesk@cvs.openbsd.org 2002/06/10 16:56:30
272 [ssh-keysign.8]
273 merge in stuff from my man page; ok markus@
274 - stevesk@cvs.openbsd.org 2002/06/10 17:36:23
275 [ssh-add.1 ssh-add.c]
276 use convtime() to parse and validate key lifetime. can now
277 use '-t 2h' etc. ok markus@ provos@
278 - stevesk@cvs.openbsd.org 2002/06/10 17:45:20
279 [readconf.c ssh.1]
280 change RhostsRSAAuthentication and RhostsAuthentication default to no
281 since ssh is no longer setuid root by default; ok markus@
282 - stevesk@cvs.openbsd.org 2002/06/10 21:21:10
283 [ssh_config]
284 update defaults for RhostsRSAAuthentication and RhostsAuthentication
285 here too (all options commented out with default value).
286 - markus@cvs.openbsd.org 2002/06/10 22:28:41
287 [channels.c channels.h session.c]
288 move creation of agent socket to session.c; no need for uidswapping
289 in channel.c.
290 - markus@cvs.openbsd.org 2002/06/11 04:14:26
291 [ssh.c sshconnect.c sshconnect.h]
292 no longer use uidswap.[ch] from the ssh client
293 run less code with euid==0 if ssh is installed setuid root
294 just switch the euid, don't switch the complete set of groups
295 (this is only needed by sshd). ok provos@
296 - mpech@cvs.openbsd.org 2002/06/11 05:46:20
297 [auth-krb4.c monitor.h serverloop.c session.c ssh-agent.c sshd.c]
298 pid_t cleanup. Markus need this now to keep hacking.
299 markus@, millert@ ok
300 - itojun@cvs.openbsd.org 2002/06/11 08:11:45
301 [canohost.c]
302 use "ntop" only after initialized
303 - (bal) Cygwin fix up from swap uid clean up in ssh.c patch by
304 vinschen@redhat.com
305
30620020609
307 - (bal) OpenBSD CVS Sync
308 - markus@cvs.openbsd.org 2002/06/08 05:07:56
309 [ssh.c]
310 nuke ptrace comment
311 - markus@cvs.openbsd.org 2002/06/08 05:07:09
312 [ssh-keysign.c]
313 only accept 20 byte session ids
314 - markus@cvs.openbsd.org 2002/06/08 05:17:01
315 [readconf.c readconf.h ssh.1 ssh.c]
316 deprecate FallBackToRsh and UseRsh; patch from djm@
317 - markus@cvs.openbsd.org 2002/06/08 05:40:01
318 [readconf.c]
319 just warn about Deprecated options for now
320 - markus@cvs.openbsd.org 2002/06/08 05:41:18
321 [ssh_config]
322 remove FallBackToRsh/UseRsh
323 - markus@cvs.openbsd.org 2002/06/08 12:36:53
324 [scp.c]
325 remove FallBackToRsh
326 - markus@cvs.openbsd.org 2002/06/08 12:46:14
327 [readconf.c]
328 silently ignore deprecated options, since FallBackToRsh might be passed
329 by remote scp commands.
330 - itojun@cvs.openbsd.org 2002/06/08 21:15:27
331 [sshconnect.c]
332 always use getnameinfo. (diag message only)
333 - markus@cvs.openbsd.org 2002/06/09 04:33:27
334 [sshconnect.c]
335 abort() - > fatal()
336 - (bal) RCSID tag updates on channels.c, clientloop.c, nchan.c,
337 sftp-client.c, ssh-agenet.c, ssh-keygen.c and connect.h (we did unexpand
338 independant of them)
339
34020020607
341 - (bal) Removed --{enable/disable}-suid-ssh
342 - (bal) Missed __progname in ssh-keysign.c patch by dtucker@zip.com.au
343 - (bal) use 'LOGIN_PROGRAM' not '/usr/bin/login' in session.c patch by
344 Bertrand.Velle@apogee-com.fr
345
34620020606
347 - (bal) OpenBSD CVS Sync
348 - markus@cvs.openbsd.org 2002/05/15 21:56:38
349 [servconf.c sshd.8 sshd_config]
350 re-enable privsep and disable setuid for post-3.2.2
351 - markus@cvs.openbsd.org 2002/05/16 22:02:50
352 [cipher.c kex.h mac.c]
353 fix warnings (openssl 0.9.7 requires const)
354 - stevesk@cvs.openbsd.org 2002/05/16 22:09:59
355 [session.c ssh.c]
356 don't limit xauth pathlen on client side and longer print length on
357 server when debug; ok markus@
358 - deraadt@cvs.openbsd.org 2002/05/19 20:54:52
359 [log.h]
360 extra commas in enum not 100% portable
361 - deraadt@cvs.openbsd.org 2002/05/22 23:18:25
362 [ssh.c sshd.c]
363 spelling; abishoff@arc.nasa.gov
364 - markus@cvs.openbsd.org 2002/05/23 19:24:30
365 [authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h
366 sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in]
367 add /usr/libexec/ssh-keysign: a setuid helper program for hostbased
368 authentication in protocol v2 (needs to access the hostkeys).
369 - markus@cvs.openbsd.org 2002/05/23 19:39:34
370 [ssh.c]
371 add comment about ssh-keysign
372 - markus@cvs.openbsd.org 2002/05/24 08:45:14
373 [sshconnect2.c]
374 stat ssh-keysign first, print error if stat fails;
375 some debug->error; fix comment
376 - markus@cvs.openbsd.org 2002/05/25 08:50:39
377 [sshconnect2.c]
378 execlp->execl; from stevesk
379 - markus@cvs.openbsd.org 2002/05/25 18:51:07
380 [auth.h auth2.c auth2-hostbased.c auth2-kbdint.c auth2-none.c
381 auth2-passwd.c auth2-pubkey.c Makefile.in]
382 split auth2.c into one file per method; ok provos@/deraadt@
383 - stevesk@cvs.openbsd.org 2002/05/26 20:35:10
384 [ssh.1]
385 sort ChallengeResponseAuthentication; ok markus@
386 - stevesk@cvs.openbsd.org 2002/05/28 16:45:27
387 [monitor_mm.c]
388 print strerror(errno) on mmap/munmap error; ok markus@
389 - stevesk@cvs.openbsd.org 2002/05/28 17:28:02
390 [uidswap.c]
391 format spec change/casts and some KNF; ok markus@
392 - stevesk@cvs.openbsd.org 2002/05/28 21:24:00
393 [uidswap.c]
394 use correct function name in fatal()
395 - stevesk@cvs.openbsd.org 2002/05/29 03:06:30
396 [ssh.1 sshd.8]
397 spelling
398 - markus@cvs.openbsd.org 2002/05/29 11:21:57
399 [sshd.c]
400 don't start if privsep is enabled and SSH_PRIVSEP_USER or
401 _PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@
402 - markus@cvs.openbsd.org 2002/05/30 08:07:31
403 [cipher.c]
404 use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of
405 our own implementation. allow use of AES hardware via libcrypto,
406 ok deraadt@
407 - markus@cvs.openbsd.org 2002/05/31 10:30:33
408 [sshconnect2.c]
409 extent ssh-keysign protocol:
410 pass # of socket-fd to ssh-keysign, keysign verfies locally used
411 ip-address using this socket-fd, restricts fake local hostnames
412 to actual local hostnames; ok stevesk@
413 - markus@cvs.openbsd.org 2002/05/31 11:35:15
414 [auth.h auth2.c]
415 move Authmethod definitons to per-method file.
416 - markus@cvs.openbsd.org 2002/05/31 13:16:48
417 [key.c]
418 add comment:
419 key_verify returns 1 for a correct signature, 0 for an incorrect signature
420 and -1 on error.
421 - markus@cvs.openbsd.org 2002/05/31 13:20:50
422 [ssh-rsa.c]
423 pad received signature with leading zeros, because RSA_verify expects
424 a signature of RSA_size. the drafts says the signature is transmitted
425 unpadded (e.g. putty does not pad), reported by anakin@pobox.com
426 - deraadt@cvs.openbsd.org 2002/06/03 12:04:07
427 [ssh.h]
428 compatiblity -> compatibility
429 decriptor -> descriptor
430 authentciated -> authenticated
431 transmition -> transmission
432 - markus@cvs.openbsd.org 2002/06/04 19:42:35
433 [monitor.c]
434 only allow enabled authentication methods; ok provos@
435 - markus@cvs.openbsd.org 2002/06/04 19:53:40
436 [monitor.c]
437 save the session id (hash) for ssh2 (it will be passed with the
438 initial sign request) and verify that this value is used during
439 authentication; ok provos@
440 - markus@cvs.openbsd.org 2002/06/04 23:02:06
441 [packet.c]
442 remove __FUNCTION__
443 - markus@cvs.openbsd.org 2002/06/04 23:05:49
444 [cipher.c monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c]
445 __FUNCTION__ -> __func__
446 - markus@cvs.openbsd.org 2002/06/05 16:08:07
447 [ssh-agent.1 ssh-agent.c]
448 '-a bind_address' binds the agent to user-specified unix-domain
449 socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
450 - markus@cvs.openbsd.org 2002/06/05 16:08:07
451 [ssh-agent.1 ssh-agent.c]
452 '-a bind_address' binds the agent to user-specified unix-domain
453 socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago).
454 - markus@cvs.openbsd.org 2002/06/05 16:48:54
455 [ssh-agent.c]
456 copy current request into an extra buffer and just flush this
457 request on errors, ok provos@
458 - markus@cvs.openbsd.org 2002/06/05 19:57:12
459 [authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
460 ssh-add -x for lock and -X for unlocking the agent.
461 todo: encrypt private keys with locked...
462 - markus@cvs.openbsd.org 2002/06/05 20:56:39
463 [ssh-add.c]
464 add -x/-X to usage
465 - markus@cvs.openbsd.org 2002/06/05 21:55:44
466 [authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c]
467 ssh-add -t life, Set lifetime (in seconds) when adding identities;
468 ok provos@
469 - stevesk@cvs.openbsd.org 2002/06/06 01:09:41
470 [monitor.h]
471 no trailing comma in enum; china@thewrittenword.com
472 - markus@cvs.openbsd.org 2002/06/06 17:12:44
473 [sftp-server.c]
474 discard remaining bytes of current request; ok provos@
475 - markus@cvs.openbsd.org 2002/06/06 17:30:11
476 [sftp-server.c]
477 use get_int() macro (hide iqueue)
478 - (bal) Missed msg.[ch] in merge. Required for ssh-keysign.
479 - (bal) Forgot to add msg.c Makefile.in.
480 - (bal) monitor_mm.c typos.
481 - (bal) Refixed auth2.c. It was never fully commited while spliting out
482 authentication to different files.
483 - (bal) ssh-keysign should build and install correctly now. Phase two
484 would be to clean out any dead wood and disable ssh setuid on install.
485 - (bal) Reverse logic, use __func__ first since it's C99
486
48720020604
488 - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed
489 setsockopt from debug to error for now).
490
49120020527
492 - (tim) [configure.ac.orig monitor_fdpass.c] Enahnce msghdr tests to address
493 build problem on Irix reported by Dave Love <d.love@dl.ac.uk>. Back out
494 last monitor_fdpass.c changes that are no longer needed with new tests.
495 Patch tested on Irix by Jan-Frode Myklebust <janfrode@parallab.uib.no>
496
49720020522
498 - (djm) Fix spelling mistakes, spotted by Solar Designer i
499 <solar@openwall.com>
500 - Sync scard/ (not sure when it drifted)
501 - (djm) OpenBSD CVS Sync:
502 [auth.c]
503 Fix typo/thinko. Pass in as to auth_approval(), not NULL.
504 Closes PR 2659.
505 - Crank version
506 - Crank RPM spec versions
507
50820020521
509 - (stevesk) [sshd.c] bug 245; disable setsid() for now
510 - (stevesk) [sshd.c] #ifndef HAVE_CYGWIN for setgroups()
511
51220020517
513 - (tim) [configure.ac] remove extra MD5_MSG="no" line.
514
51520020515
516 - (bal) CVS ID fix up on auth-passwd.c
517 - (bal) OpenBSD CVS Sync
518 - deraadt@cvs.openbsd.org 2002/05/07 19:54:36
519 [ssh.h]
520 use ssh uid
521 - deraadt@cvs.openbsd.org 2002/05/08 21:06:34
522 [ssh.h]
523 move to sshd.sshd instead
524 - stevesk@cvs.openbsd.org 2002/05/11 20:24:48
525 [ssh.h]
526 typo in comment
527 - itojun@cvs.openbsd.org 2002/05/13 02:37:39
528 [auth-skey.c auth2.c]
529 less warnings. skey_{respond,query} are public (in auth.h)
530 - markus@cvs.openbsd.org 2002/05/13 20:44:58
531 [auth-options.c auth.c auth.h]
532 move the packet_send_debug handling from auth-options.c to auth.c;
533 ok provos@
534 - millert@cvs.openbsd.org 2002/05/13 15:53:19
535 [sshd.c]
536 Call setsid() in the child after sshd accepts the connection and forks.
537 This is needed for privsep which calls setlogin() when it changes uids.
538 Without this, there is a race where the login name of an existing
539 connection, as returned by getlogin(), may be changed to the privsep
540 user (sshd). markus@ OK
541 - markus@cvs.openbsd.org 2002/05/13 21:26:49
542 [auth-rhosts.c]
543 handle debug messages during rhosts-rsa and hostbased authentication;
544 ok provos@
545 - mouring@cvs.openbsd.org 2002/05/15 15:47:49
546 [kex.c monitor.c monitor_wrap.c sshd.c]
547 'monitor' variable clashes with at least one lame platform (NeXT). i
548 Renamed to 'pmonitor'. provos@
549 - deraadt@cvs.openbsd.org 2002/05/04 02:39:35
550 [servconf.c sshd.8 sshd_config]
551 enable privsep by default; provos ok
552 - millert@cvs.openbsd.org 2002/05/06 23:34:33
553 [ssh.1 sshd.8]
554 Kill/adjust r(login|exec)d? references now that those are no longer in
555 the tree.
556 - markus@cvs.openbsd.org 2002/05/15 21:02:53
557 [servconf.c sshd.8 sshd_config]
558 disable privsep and enable setuid for the 3.2.2 release
559 - (bal) Fixed up PAM case. I think.
560 - (bal) Clarified openbsd-compat/*-cray.* Licence provided by Wendy
561 - (bal) OpenBSD CVS Sync
562 - markus@cvs.openbsd.org 2002/05/15 21:05:29
563 [version.h]
564 enter OpenSSH_3.2.2
565 - (bal) Caldara, Suse, and Redhat openssh.specs updated.
566
56720020514
568 - (stevesk) [README.privsep] PAM+privsep works with Solaris 8.
569 - (tim) [sshpty.c] set tty modes when allocating old style bsd ptys to
570 match what newer style ptys have when allocated. Based on a patch by
571 Roger Cornelius <rac@tenzing.org>
572 - (tim) [README.privsep] UnixWare 7 and OpenUNIX 8 work.
573 - (tim) [README.privsep] remove reference to UnixWare 7 and OpenUNIX 8
574 from PAM-enabled pragraph. UnixWare has no PAM.
575 - (tim) [contrib/caldera/openssh.spec] update version.
576
57720020513
578 - (stevesk) add initial README.privsep
579 - (stevesk) [configure.ac] nicer message: --with-privsep-user=user
580 - (djm) Add --with-superuser-path=xxx configure option to specify
581 what $PATH the superuser receives.
582 - (djm) Bug #231: UsePrivilegeSeparation turns off Banner.
583 - (djm) Add --with-privsep-path configure option
584 - (djm) Update RPM spec file: different superuser path, use
585 /var/empty/sshd for privsep
586 - (djm) Bug #234: missing readpassphrase declaration and defines
587 - (djm) Add INSTALL warning about SSH protocol 1 blowfish w/
588 OpenSSL < 0.9.6
589
59020020511
591 - (tim) [configure.ac] applied a rework of djm's OpenSSL search cleanup patch.
592 Now only searches system and /usr/local/ssl (OpenSSL's default install path)
593 Others must use --with-ssl-dir=....
594 - (tim) [monitor_fdpass.c] fix for systems that have both
595 HAVE_ACCRIGHTS_IN_MSGHDR and HAVE_CONTROL_IN_MSGHDR. Ie. sys/socket.h
596 has #define msg_accrights msg_control
597
59820020510
599 - (stevesk) [auth.c] Shadow account and expiration cleanup. Now
600 check for root forced expire. Still don't check for inactive.
601 - (djm) Rework RedHat RPM files. Based on spec from Nalin
602 Dahyabhai <nalin@redhat.com> and patches from
603 Pekka Savola <pekkas@netcore.fi>
604 - (djm) Try to drop supplemental groups at daemon startup. Patch from
605 RedHat
606 - (bal) Back all the way out of auth-passwd.c changes. Breaks too many
607 things that don't set pw->pw_passwd.
608
60920020509
610 - (tim) [Makefile.in] Unbreak make -f Makefile.in distprep
611
61220020508
613 - (tim) [openbsd-compat/bsd-arc4random.c] fix logic on when seed_rng() is
614 called. Report by Chris Maxwell <maxwell@cs.dal.ca>
615 - (tim) [Makefile.in configure.ac] set SHELL variable in Makefile
616 - (djm) Disable PAM kbd-int auth if privsep is turned on (it doesn't work)
617
61820020507
619 - (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
620 Add truncate() emulation to address Bug 208
621
62220020506
623 - (djm) Unbreak auth-passwd.c for PAM and SIA
624 - (djm) Unbreak PAM auth for protocol 1. Report from Pekka Savola
625 <pekkas@netcore.fi>
626 - (djm) Don't reinitialise PAM credentials before we have started PAM.
627 Report from Pekka Savola <pekkas@netcore.fi>
628
62920020506
630 - (bal) Fixed auth-passwd.c to resolve PermitEmptyPassword issue
631
63220020501
633 - (djm) Import OpenBSD regression tests. Requires BSD make to run
634 - (djm) Fix readpassphase compilation for systems which have it
635
63620020429
637 - (tim) [contrib/caldera/openssh.spec] update fixUP to reflect changes in
638 sshd_config.
639 - (tim) [contrib/cygwin/README] remove reference to regex.
640 patch from Corinna Vinschen <vinschen@redhat.com>
641
64220020426
643 - (djm) Bug #137, #209: fix make problems for scard/Ssh.bin, do uudecode
644 during distprep only
645 - (djm) Disable PAM password expiry until a complete fix for bug #188
646 exists
647 - (djm) Bug #180: Set ToS bits on IPv4-in-IPv6 mapped addresses. Based on
648 patch from openssh@misc.tecq.org
649
65020020425
651 - (stevesk) [defines.h] remove USE_TIMEVAL; unused
652 - (stevesk) [acconfig.h auth-passwd.c configure.ac sshd.c] HP-UX 10.26
653 support. bug #184. most from dcole@keysoftsys.com.
654
65520020424
656 - (djm) OpenBSD CVS Sync
657 - markus@cvs.openbsd.org 2002/04/23 12:54:10
658 [version.h]
659 3.2.1
660 - djm@cvs.openbsd.org 2002/04/23 22:16:29
661 [sshd.c]
662 Improve error message; ok markus@ stevesk@
663
66420020423
665 - (stevesk) [acconfig.h configure.ac session.c] LOGIN_NO_ENDOPT for HP-UX
666 - (stevesk) [acconfig.h] NEED_IN_SYSTM_H unused
667 - (markus) OpenBSD CVS Sync
668 - markus@cvs.openbsd.org 2002/04/23 12:58:26
669 [radix.c]
670 send complete ticket; semerad@ss1000.ms.mff.cuni.cz
671 - (djm) Trim ChangeLog to include only post-3.1 changes
672 - (djm) Update RPM spec file versions
673 - (djm) Redhat spec enables KrbV by default
674 - (djm) Applied OpenSC smartcard updates from Markus &
675 Antti Tapaninen <aet@cc.hut.fi>
676 - (djm) Define BROKEN_REALPATH for AIX, patch from
677 Antti Tapaninen <aet@cc.hut.fi>
678 - (djm) Bug #214: Fix utmp for Irix (don't strip "tty"). Patch from
679 Kevin Taylor <no@nowhere.org> (??) via Philipp Grau
680 <phgrau@zedat.fu-berlin.de>
681 - (djm) Bug #213: Simplify CMSG_ALIGN macros to avoid symbol clashes.
682 Reported by Doug Manton <dmanton@emea.att.com>
683 - (djm) Bug #222: Fix tests for getaddrinfo on OSF/1. Spotted by
684 Robert Urban <urban@spielwiese.de>
685 - (djm) Bug #206 - blibpath isn't always needed for AIX ld, avoid
686 sizeof(long long int) == 4 breakage. Patch from Matthew Clarke
687 <Matthew_Clarke@mindlink.bc.ca>
688 - (djm) Make privsep work with PAM (still experimental)
689 - (djm) OpenBSD CVS Sync
690 - deraadt@cvs.openbsd.org 2002/04/20 09:02:03
691 [servconf.c]
692 No, afs requires explicit enabling
693 - markus@cvs.openbsd.org 2002/04/20 09:14:58
694 [bufaux.c bufaux.h]
695 add buffer_{get,put}_short
696 - markus@cvs.openbsd.org 2002/04/20 09:17:19
697 [radix.c]
698 rewrite using the buffer_* API, fixes overflow; ok deraadt@
699 - stevesk@cvs.openbsd.org 2002/04/21 16:19:27
700 [sshd.8 sshd_config]
701 document default AFSTokenPassing no; ok deraadt@
702 - stevesk@cvs.openbsd.org 2002/04/21 16:25:06
703 [sshconnect1.c]
704 spelling in error message; ok markus@
705 - markus@cvs.openbsd.org 2002/04/22 06:15:47
706 [radix.c]
707 fix check for overflow
708 - markus@cvs.openbsd.org 2002/04/22 16:16:53
709 [servconf.c sshd.8 sshd_config]
710 do not auto-enable KerberosAuthentication; ok djm@, provos@, deraadt@
711 - markus@cvs.openbsd.org 2002/04/22 21:04:52
712 [channels.c clientloop.c clientloop.h ssh.c]
713 request reply (success/failure) for -R style fwd in protocol v2,
714 depends on ordered replies.
715 fixes http://bugzilla.mindrot.org/show_bug.cgi?id=215; ok provos@
716
71720020421
718 - (tim) [entropy.c.] Portability fix for SCO Unix 3.2v4.x (SCO OSR 3.0).
719 entropy.c needs seteuid(getuid()) for the setuid(original_uid) to
720 succeed. Patch by gert@greenie.muc.de. This fixes one part of Bug 208
721
72220020418
723 - (djm) Avoid SIGCHLD breakage when run from rsync. Fix from
724 Sturle Sunde <sturle.sunde@usit.uio.no>
725
72620020417
727 - (djm) Tell users to configure /dev/random support into OpenSSL in
728 INSTALL
729 - (djm) Fix .Nm in mdoc2man.pl from pspencer@fields.utoronto.ca
730 - (tim) [configure.ac] Issue warning on --with-default-path=/some_path
731 if LOGIN_CAP is enabled. Report & testing by Tuc <tuc@ttsg.com>
732
73320020415
734 - (djm) Unbreak "make install". Fix from Darren Tucker
735 <dtucker@zip.com.au>
736 - (stevesk) bsd-cygwin_util.[ch] BSD license from Corinna Vinschen
737 - (tim) [configure.ac] add tests for recvmsg and sendmsg.
738 [monitor_fdpass.c] add checks for HAVE_SENDMSG and HAVE_RECVMSG for
739 systems that HAVE_ACCRIGHTS_IN_MSGHDR but no recvmsg or sendmsg.
740
74120020414
742 - (djm) ssh-rand-helper improvements
743 - Add commandline debugging options
744 - Don't write binary data if stdout is a tty (use hex instead)
745 - Give it a manpage
746 - (djm) Random number collection doc fixes from Ben
747
74820020413
749 - (djm) Add KrbV support patch from Simon Wilkinson <simon@sxw.org.uk>
750
75120020412
752 - (stevesk) [auth-sia.[ch]] add BSD license from Chris Adams
753 - (tim) [configure.ac] add <sys/types.h> to msghdr tests. Change -L
754 to -h on testing for /bin being symbolic link
755 - (bal) Mistaken in Cygwin scripts for ssh starting. Patch by
756 Corinna Vinschen <vinschen@redhat.com>
757 - (bal) disable privsep if no MAP_ANON. We can re-enable it
758 after the release when we can do more testing.
759
76020020411
761 - (stevesk) [auth-sia.c] cleanup
762 - (tim) [acconfig.h defines.h includes.h] put includes in includes.h and
763 defines in defines.h [rijndael.c openbsd-compat/fake-socket.h
764 openbsd-compat/inet_aton.c] include "includes.h" instead of "config.h"
765 ok stevesk@
766
76720020410
768 - (stevesk) [configure.ac monitor.c] HAVE_SOCKETPAIR
769 - (stevesk) [auth-sia.c] compile fix Chris Adams <cmadams@hiwaay.net>
770 - (bal) OpenBSD CVS Sync
771 - markus@cvs.openbsd.org 2002/04/10 08:21:47
772 [auth1.c compat.c compat.h]
773 strip '@' from username only for KerbV and known broken clients,
774 bug #204
775 - markus@cvs.openbsd.org 2002/04/10 08:56:01
776 [version.h]
777 OpenSSH_3.2
778 - Added p1 to idenify Portable release version.
779
78020020408
781 - (bal) Minor OpenSC updates. Fix up header locations and update
782 README.smartcard provided by Juha Yrjölä <jyrjola@cc.hut.fi>
783
78420020407
785 - (stevesk) HAVE_CONTROL_IN_MSGHDR; not used right now.
786 Future: we may want to test if fd passing works correctly.
787 - (stevesk) [monitor_fdpass.c] fatal() for UsePrivilegeSeparation=yes
788 and no fd passing support.
789 - (stevesk) HAVE_MMAP and HAVE_SYS_MMAN_H and use them in
790 monitor_mm.c
791 - (stevesk) remove configure support for poll.h; it was removed
792 from sshd.c a long time ago.
793 - (stevesk) --with-privsep-user; default sshd
794 - (stevesk) wrap munmap() with HAVE_MMAP also.
795
79620020406
797 - (djm) Typo in Suse SPEC file. Fix from Carsten Grohmann
798 <carsten.grohmann@dr-baldeweg.de>
799 - (bal) Added MAP_FAILED to allow AIX and Trusted HP to compile.
800 - (bal) OpenBSD CVS Sync
801 - djm@cvs.openbsd.org 2002/04/06 00:30:08
802 [sftp-client.c]
803 Fix occasional corruption on upload due to bad reuse of request
804 id, spotted by chombier@mac.com; ok markus@
805 - mouring@cvs.openbsd.org 2002/04/06 18:24:09
806 [scp.c]
807 Fixes potental double // within path.
808 http://bugzilla.mindrot.org/show_bug.cgi?id=76
809 - (bal) Slight update to OpenSC support. Better version checking. patch
810 by Juha Yrjölä <jyrjola@cc.hut.fi>
811 - (bal) Revered out of runtime IRIX detection of joblimits. Code is
812 incomplete.
813 - (bal) Quiet down configure.ac if /bin/test does not exist.
814 - (bal) We no longer use atexit()/xatexit()/on_exit()
815
81620020405
817 - (bal) Patch for OpenSC SmartCard library; ok markus@; patch by
818 Juha Yrjölä <jyrjola@cc.hut.fi>
819 - (bal) Minor documentation update to reflect smartcard library
820 support changes.
821 - (bal) Too many <sys/queue.h> issues. Remove all workarounds and
822 using internal version only.
823 - (bal) OpenBSD CVS Sync
824 - stevesk@cvs.openbsd.org 2002/04/05 20:56:21
825 [sshd.8]
826 clarify sshrc some and handle X11UseLocalhost=yes; ok markus@
827
82820020404
829 - (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.h
830 auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm.
831 - (bal) OpenBSD CVS Sync
832 - markus@cvs.openbsd.org 2002/04/03 09:26:11
833 [cipher.c myproposal.h]
834 re-add rijndael-cbc@lysator.liu.se for MacSSH; ash@lab.poc.net
835
83620020402
837 - (bal) Hand Sync of scp.c (reverted to upstream code)
838 - deraadt@cvs.openbsd.org 2002/03/30 17:45:46
839 [scp.c]
840 stretch banners
841 - (bal) CVS ID sync of uidswap.c
842 - (bal) OpenBSD CVS Sync (now for the real sync)
843 - markus@cvs.openbsd.org 2002/03/27 22:21:45
844 [ssh-keygen.c]
845 try to import keys with extra trailing === (seen with ssh.com <
846 2.0.12)
847 - markus@cvs.openbsd.org 2002/03/28 15:34:51
848 [session.c]
849 do not call record_login twice (for use_privsep)
850 - markus@cvs.openbsd.org 2002/03/29 18:59:32
851 [session.c session.h]
852 retrieve last login time before the pty is allocated, store per
853 session
854 - stevesk@cvs.openbsd.org 2002/03/29 19:16:22
855 [sshd.8]
856 RSA key modulus size minimum 768; ok markus@
857 - stevesk@cvs.openbsd.org 2002/03/29 19:18:33
858 [auth-rsa.c ssh-rsa.c ssh.h]
859 make RSA modulus minimum #define; ok markus@
860 - markus@cvs.openbsd.org 2002/03/30 18:51:15
861 [monitor.c serverloop.c sftp-int.c sftp.c sshd.c]
862 check waitpid for EINTR; based on patch from peter@ifm.liu.se
863 - markus@cvs.openbsd.org 2002/04/01 22:02:16
864 [sftp-client.c]
865 20480 is an upper limit for older server
866 - markus@cvs.openbsd.org 2002/04/01 22:07:17
867 [sftp-client.c]
868 fallback to stat if server does not support lstat
869 - markus@cvs.openbsd.org 2002/04/02 11:49:39
870 [ssh-agent.c]
871 check $SHELL for -k and -d, too;
872 http://bugzilla.mindrot.org/show_bug.cgi?id=199
873 - markus@cvs.openbsd.org 2002/04/02 17:37:48
874 [sftp.c]
875 always call log_init()
876 - markus@cvs.openbsd.org 2002/04/02 20:11:38
877 [ssh-rsa.c]
878 ignore SSH_BUG_SIGBLOB for ssh-rsa; #187
879 - (bal) mispelling in uidswap.c (portable only)
880
88120020401
882 - (stevesk) [monitor.c] PAM should work again; will *not* work with
883 UsePrivilegeSeparation=yes.
884 - (stevesk) [auth1.c] fix password auth for protocol 1 when
885 !USE_PAM && !HAVE_OSF_SIA; merge issue.
886
88720020331
888 - (tim) [configure.ac] use /bin/test -L to work around broken builtin on
889 Solaris 8
890 - (tim) [sshconnect2.c] change uint32_t to u_int32_t
891
89220020330
893 - (stevesk) [configure.ac] remove header check for sys/ttcompat.h
894 bug 167
895
89620020327
897 - (bal) 'pw' should be 'authctxt->pw' in auth1.c spotted by
898 kent@lysator.liu.se
899 - (bal) OpenBSD CVS Sync
900 - markus@cvs.openbsd.org 2002/03/26 11:34:49
901 [ssh.1 sshd.8]
902 update to recent drafts
903 - markus@cvs.openbsd.org 2002/03/26 11:37:05
904 [ssh.c]
905 update Copyright
906 - markus@cvs.openbsd.org 2002/03/26 15:23:40
907 [bufaux.c]
908 do not talk about packets in bufaux
909 - rees@cvs.openbsd.org 2002/03/26 18:46:59
910 [scard.c]
911 try_AUT0 in read_pubkey too, for those paranoid few who want to
912 acl 'sh'
913 - markus@cvs.openbsd.org 2002/03/26 22:50:39
914 [channels.h]
915 CHANNEL_EFD_OUTPUT_ACTIVE is false for CHAN_CLOSE_RCVD, too
916 - markus@cvs.openbsd.org 2002/03/26 23:13:03
917 [auth-rsa.c]
918 disallow RSA keys < 768 for protocol 1, too (rhosts-rsa and rsa auth)
919 - markus@cvs.openbsd.org 2002/03/26 23:14:51
920 [kex.c]
921 generate a new cookie for each SSH2_MSG_KEXINIT message we send out
922 - mouring@cvs.openbsd.org 2002/03/27 11:45:42
923 [monitor.c]
924 monitor_allowed_key() returns int instead of pointer. ok markus@
925
92620020325
927 - (stevesk) import OpenBSD <sys/tree.h> as "openbsd-compat/tree.h"
928 - (bal) OpenBSD CVS Sync
929 - stevesk@cvs.openbsd.org 2002/03/23 20:57:26
930 [sshd.c]
931 setproctitle() after preauth child; ok markus@
932 - markus@cvs.openbsd.org 2002/03/24 16:00:27
933 [serverloop.c]
934 remove unused debug
935 - markus@cvs.openbsd.org 2002/03/24 16:01:13
936 [packet.c]
937 debug->debug3 for extra padding
938 - stevesk@cvs.openbsd.org 2002/03/24 17:27:03
939 [kexgex.c]
940 typo; ok markus@
941 - stevesk@cvs.openbsd.org 2002/03/24 17:53:16
942 [monitor_fdpass.c]
943 minor cleanup and more error checking; ok markus@
944 - markus@cvs.openbsd.org 2002/03/24 18:05:29
945 [scard.c]
946 we need to figure out AUT0 for sc_private_encrypt, too
947 - stevesk@cvs.openbsd.org 2002/03/24 23:20:00
948 [monitor.c]
949 remove "\n" from fatal()
950 - markus@cvs.openbsd.org 2002/03/25 09:21:13
951 [auth-rsa.c]
952 return 0 (not NULL); tomh@po.crl.go.jp
953 - markus@cvs.openbsd.org 2002/03/25 09:25:06
954 [auth-rh-rsa.c]
955 rm bogus comment
956 - markus@cvs.openbsd.org 2002/03/25 17:34:27
957 [scard.c scard.h ssh-agent.c ssh-keygen.c ssh.c]
958 change sc_get_key to sc_get_keys and hide smartcard details in scard.c
959 - stevesk@cvs.openbsd.org 2002/03/25 20:12:10
960 [monitor_mm.c monitor_wrap.c]
961 ssize_t args use "%ld" and cast to (long)
962 size_t args use "%lu" and cast to (u_long)
963 ok markus@ and thanks millert@
964 - markus@cvs.openbsd.org 2002/03/25 21:04:02
965 [ssh.c]
966 simplify num_identity_files handling
967 - markus@cvs.openbsd.org 2002/03/25 21:13:51
968 [channels.c channels.h compat.c compat.h nchan.c]
969 don't send stderr data after EOF, accept this from older known
970 (broken) sshd servers only, fixes
971 http://bugzilla.mindrot.org/show_bug.cgi?id=179
972 - stevesk@cvs.openbsd.org 2002/03/26 03:24:01
973 [monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h]
974 $OpenBSD$
975
97620020324
977 - (stevesk) [session.c] disable LOGIN_NEEDS_TERM until we are sure
978 it can be removed. only used on solaris. will no longer compile with
979 privsep shuffling.
980
98120020322
982 - (stevesk) HAVE_ACCRIGHTS_IN_MSGHDR configure support
983 - (stevesk) [monitor.c monitor_wrap.c] #ifdef HAVE_PW_CLASS_IN_PASSWD
984 - (stevesk) configure and cpp __FUNCTION__ gymnastics to handle nielsisms
985 - (stevesk) [monitor_fdpass.c] support for access rights style file
986 descriptor passing
987 - (stevesk) [auth2.c] merge cleanup/sync
988 - (stevesk) [defines.h] hp-ux 11 has ancillary data style fd passing, but
989 is missing CMSG_LEN() and CMSG_SPACE() macros.
990 - (stevesk) [defines.h] #define MAP_ANON MAP_ANONYMOUS for HP-UX; other
991 platforms may need this--I'm not sure. mmap() issues will need to be
992 addressed further.
993 - (tim) [cipher.c] fix problem with OpenBSD sync
994 - (stevesk) [LICENCE] OpenBSD sync
995
99620020321
997 - (bal) OpenBSD CVS Sync
998 - itojun@cvs.openbsd.org 2002/03/08 06:10:16
999 [sftp-client.c]
1000 printf type mismatch
1001 - itojun@cvs.openbsd.org 2002/03/11 03:18:49
1002 [sftp-client.c]
1003 correct type mismatches (u_int64_t != unsigned long long)
1004 - itojun@cvs.openbsd.org 2002/03/11 03:19:53
1005 [sftp-client.c]
1006 indent
1007 - markus@cvs.openbsd.org 2002/03/14 15:24:27
1008 [sshconnect1.c]
1009 don't trust size sent by (rogue) server; noted by
1010 s.esser@e-matters.de
1011 - markus@cvs.openbsd.org 2002/03/14 16:38:26
1012 [sshd.c]
1013 split out ssh1 session key decryption; ok provos@
1014 - markus@cvs.openbsd.org 2002/03/14 16:56:33
1015 [auth-rh-rsa.c auth-rsa.c auth.h]
1016 split auth_rsa() for better readability and privsep; ok provos@
1017 - itojun@cvs.openbsd.org 2002/03/15 11:00:38
1018 [auth.c]
1019 fix file type checking (use S_ISREG). ok by markus
1020 - markus@cvs.openbsd.org 2002/03/16 11:24:53
1021 [compress.c]
1022 skip inflateEnd if inflate fails; ok provos@
1023 - markus@cvs.openbsd.org 2002/03/16 17:22:09
1024 [auth-rh-rsa.c auth.h]
1025 split auth_rhosts_rsa(), ok provos@
1026 - stevesk@cvs.openbsd.org 2002/03/16 17:41:25
1027 [auth-krb5.c]
1028 BSD license. from Daniel Kouril via Dug Song. ok markus@
1029 - provos@cvs.openbsd.org 2002/03/17 20:25:56
1030 [auth.c auth.h auth1.c auth2.c]
1031 getpwnamallow returns struct passwd * only if user valid;
1032 okay markus@
1033 - provos@cvs.openbsd.org 2002/03/18 01:12:14
1034 [auth.h auth1.c auth2.c sshd.c]
1035 have the authentication functions return the authentication context
1036 and then do_authenticated; okay millert@
1037 - dugsong@cvs.openbsd.org 2002/03/18 01:30:10
1038 [auth-krb4.c]
1039 set client to NULL after xfree(), from Rolf Braun
1040 <rbraun+ssh@andrew.cmu.edu>
1041 - provos@cvs.openbsd.org 2002/03/18 03:41:08
1042 [auth.c session.c]
1043 move auth_approval into getpwnamallow with help from millert@
1044 - markus@cvs.openbsd.org 2002/03/18 17:13:15
1045 [cipher.c cipher.h]
1046 export/import cipher states; needed by ssh-privsep
1047 - markus@cvs.openbsd.org 2002/03/18 17:16:38
1048 [packet.c packet.h]
1049 export/import cipher state, iv and ssh2 seqnr; needed by ssh-privsep
1050 - markus@cvs.openbsd.org 2002/03/18 17:23:31
1051 [key.c key.h]
1052 add key_demote() for ssh-privsep
1053 - provos@cvs.openbsd.org 2002/03/18 17:25:29
1054 [bufaux.c bufaux.h]
1055 buffer_skip_string and extra sanity checking; needed by ssh-privsep
1056 - provos@cvs.openbsd.org 2002/03/18 17:31:54
1057 [compress.c]
1058 export compression streams for ssh-privsep
1059 - provos@cvs.openbsd.org 2002/03/18 17:50:31
1060 [auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c]
1061 [auth-skey.c auth.h auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c]
1062 [kexgex.c servconf.c]
1063 [session.h servconf.h serverloop.c session.c sshd.c]
1064 integrate privilege separated openssh; its turned off by default
1065 for now. work done by me and markus@
1066 - provos@cvs.openbsd.org 2002/03/18 17:53:08
1067 [sshd.8]
1068 credits for privsep
1069 - provos@cvs.openbsd.org 2002/03/18 17:59:09
1070 [sshd.8]
1071 document UsePrivilegeSeparation
1072 - stevesk@cvs.openbsd.org 2002/03/18 23:52:51
1073 [servconf.c]
1074 UnprivUser/UnprivGroup usable now--specify numeric user/group; ok
1075 provos@
1076 - stevesk@cvs.openbsd.org 2002/03/19 03:03:43
1077 [pathnames.h servconf.c servconf.h sshd.c]
1078 _PATH_PRIVSEP_CHROOT_DIR; ok provos@
1079 - stevesk@cvs.openbsd.org 2002/03/19 05:23:08
1080 [sshd.8]
1081 Banner has no default.
1082 - mpech@cvs.openbsd.org 2002/03/19 06:32:56
1083 [sftp-int.c]
1084 use xfree() after xstrdup().
1085
1086 markus@ ok
1087 - markus@cvs.openbsd.org 2002/03/19 10:35:39
1088 [auth-options.c auth.h session.c session.h sshd.c]
1089 clean up prototypes
1090 - markus@cvs.openbsd.org 2002/03/19 10:49:35
1091 [auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h]
1092 [packet.c session.c sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c]
1093 [sshconnect2.c sshd.c ttymodes.c]
1094 KNF whitespace
1095 - markus@cvs.openbsd.org 2002/03/19 14:27:39
1096 [auth.c auth1.c auth2.c]
1097 make getpwnamallow() allways call pwcopy()
1098 - markus@cvs.openbsd.org 2002/03/19 15:31:47
1099 [auth.c]
1100 check for NULL; from provos@
1101 - stevesk@cvs.openbsd.org 2002/03/20 19:12:25
1102 [servconf.c servconf.h ssh.h sshd.c]
1103 for unprivileged user, group do:
1104 pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw). ok provos@
1105 - stevesk@cvs.openbsd.org 2002/03/20 21:08:08
1106 [sshd.c]
1107 strerror() on chdir() fail; ok provos@
1108 - markus@cvs.openbsd.org 2002/03/21 10:21:20
1109 [ssh-add.c]
1110 ignore errors for nonexisting default keys in ssh-add,
1111 fixes http://bugzilla.mindrot.org/show_bug.cgi?id=158
1112 - jakob@cvs.openbsd.org 2002/03/21 15:17:26
1113 [clientloop.c ssh.1]
1114 add built-in command line for adding new port forwardings on the fly.
1115 based on a patch from brian wellington. ok markus@.
1116 - markus@cvs.openbsd.org 2002/03/21 16:38:06
1117 [scard.c]
1118 make compile w/ openssl 0.9.7
1119 - markus@cvs.openbsd.org 2002/03/21 16:54:53
1120 [scard.c scard.h ssh-keygen.c]
1121 move key upload to scard.[ch]
1122 - markus@cvs.openbsd.org 2002/03/21 16:57:15
1123 [scard.c]
1124 remove const
1125 - markus@cvs.openbsd.org 2002/03/21 16:58:13
1126 [clientloop.c]
1127 remove unused
1128 - rees@cvs.openbsd.org 2002/03/21 18:08:15
1129 [scard.c]
1130 In sc_put_key(), sc_reader_id should be id.
1131 - markus@cvs.openbsd.org 2002/03/21 20:51:12
1132 [sshd_config]
1133 add privsep (off)
1134 - markus@cvs.openbsd.org 2002/03/21 21:23:34
1135 [sshd.c]
1136 add privsep_preauth() and remove 1 goto; ok provos@
1137 - rees@cvs.openbsd.org 2002/03/21 21:54:34
1138 [scard.c scard.h ssh-keygen.c]
1139 Add PIN-protection for secret key.
1140 - rees@cvs.openbsd.org 2002/03/21 22:44:05
1141 [authfd.c authfd.h ssh-add.c ssh-agent.c ssh.c]
1142 Add PIN-protection for secret key.
1143 - markus@cvs.openbsd.org 2002/03/21 23:07:37
1144 [clientloop.c]
1145 remove unused, sync w/ cmdline patch in my tree.
1146
114720020317
1148 - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is
1149 wanted, warn if directory does not exist. Put system directories in
1150 front of PATH for finding entorpy commands.
1151 - (tim) [contrib/aix/buildbff.sh contrib/aix/inventory.sh] AIX package
1152 build fixes. Patch by Darren Tucker <dtucker@zip.com.au>
1153 [contrib/solaris/buildpkg.sh] add missing dirs to SYSTEM_DIR. Have
1154 postinstall check for $piddir and add if necessary.
1155
115620020311
1157 - (tim) [contrib/solaris/buildpkg.sh, contrib/solaris/README] Updated to
1158 build on all platforms that support SVR4 style package tools. Now runs
1159 from build dir. Parts are based on patches from Antonio Navarro, and
1160 Darren Tucker.
1161
116220020308
1163 - (djm) Revert bits of Markus' OpenSSL compat patch which was
1164 accidentally committed.
1165 - (djm) Add Markus' patch for compat wih OpenSSL < 0.9.6.
1166 Known issue: Blowfish for SSH1 does not work
1167 - (stevesk) entropy.c: typo in debug message
1168 - (djm) ssh-keygen -i needs seeded RNG; report from markus@
1169
1170$Id: ChangeLog,v 1.2301 2002/06/26 13:59:10 djm Exp $
diff --git a/INSTALL b/INSTALL
index 07da06b56..f5ab0dbd3 100644
--- a/INSTALL
+++ b/INSTALL
@@ -10,11 +10,7 @@ OpenSSL 0.9.6 or greater:
10http://www.openssl.org/ 10http://www.openssl.org/
11 11
12(OpenSSL 0.9.5a is partially supported, but some ciphers (SSH protocol 1 12(OpenSSL 0.9.5a is partially supported, but some ciphers (SSH protocol 1
13Blowfish included) do not work correctly.) 13Blowfish) do not work correctly.)
14
15RPMs of OpenSSL are available at http://violet.ibs.com.au/openssh/files/support.
16For Red Hat Linux 6.2, they have been released as errata. RHL7 includes
17these.
18 14
19OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system 15OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system
20supports it. PAM is standard on Redhat and Debian Linux, Solaris and 16supports it. PAM is standard on Redhat and Debian Linux, Solaris and
@@ -221,4 +217,4 @@ Please refer to the "reporting bugs" section of the webpage at
221http://www.openssh.com/ 217http://www.openssh.com/
222 218
223 219
224$Id: INSTALL,v 1.54 2002/06/24 16:26:49 stevesk Exp $ 220$Id: INSTALL,v 1.55 2002/07/25 04:36:25 djm Exp $
diff --git a/Makefile.in b/Makefile.in
index e7faa1591..89d02c959 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,4 +1,4 @@
1# $Id: Makefile.in,v 1.217 2002/06/25 23:45:42 tim Exp $ 1# $Id: Makefile.in,v 1.222 2002/07/14 17:02:21 tim Exp $
2 2
3# uncomment if you run a non bourne compatable shell. Ie. csh 3# uncomment if you run a non bourne compatable shell. Ie. csh
4#SHELL = @SH@ 4#SHELL = @SH@
@@ -129,7 +129,7 @@ ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o
129 $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 129 $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
130 130
131ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o 131ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o
132 $(LD) -o $@ ssh-keysign.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 132 $(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
133 133
134ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o 134ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
135 $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) 135 $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
@@ -198,12 +198,11 @@ distprep: catman-do
198 $(AUTORECONF) 198 $(AUTORECONF)
199 (cd scard && $(MAKE) -f Makefile.in distprep) 199 (cd scard && $(MAKE) -f Makefile.in distprep)
200 200
201install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key check-user 201install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key check-config
202install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files 202install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files
203 203
204check-user: 204check-config:
205 id $(SSH_PRIVSEP_USER) || \ 205 -$(DESTDIR)$(sbindir)/sshd -t -f $(DESTDIR)$(sysconfdir)/sshd_config
206 echo "WARNING: Privilege separation user \"$(SSH_PRIVSEP_USER)\" does not exist"
207 206
208scard-install: 207scard-install:
209 (cd scard && $(MAKE) DESTDIR=$(DESTDIR) install) 208 (cd scard && $(MAKE) DESTDIR=$(DESTDIR) install)
@@ -217,8 +216,7 @@ install-files: scard-install
217 $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5 216 $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5
218 $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 217 $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
219 $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) 218 $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
220 $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH) 219 (umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH))
221 chmod 0700 $(DESTDIR)$(PRIVSEP_PATH)
222 $(INSTALL) -m 0755 -s ssh $(DESTDIR)$(bindir)/ssh 220 $(INSTALL) -m 0755 -s ssh $(DESTDIR)$(bindir)/ssh
223 $(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp 221 $(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp
224 $(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add 222 $(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add
@@ -248,23 +246,23 @@ install-files: scard-install
248 @NO_SFTP@$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 246 @NO_SFTP@$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
249 $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 247 $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
250 -rm -f $(DESTDIR)$(bindir)/slogin 248 -rm -f $(DESTDIR)$(bindir)/slogin
251 ln -s ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin 249 ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
252 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 250 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
253 ln -s ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 251 ln -s ./ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
254 if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \ 252 if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \
255 $(srcdir)/mkinstalldirs $(DESTDIR)$(sysconfdir); \ 253 $(srcdir)/mkinstalldirs $(DESTDIR)$(sysconfdir); \
256 fi 254 fi
257 if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_config ]; then \ 255 @if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_config ]; then \
258 $(INSTALL) -m 644 ssh_config.out $(DESTDIR)$(sysconfdir)/ssh_config; \ 256 $(INSTALL) -m 644 ssh_config.out $(DESTDIR)$(sysconfdir)/ssh_config; \
259 else \ 257 else \
260 echo "$(DESTDIR)$(sysconfdir)/ssh_config already exists, install will not overwrite"; \ 258 echo "$(DESTDIR)$(sysconfdir)/ssh_config already exists, install will not overwrite"; \
261 fi 259 fi
262 if [ ! -f $(DESTDIR)$(sysconfdir)/sshd_config ]; then \ 260 @if [ ! -f $(DESTDIR)$(sysconfdir)/sshd_config ]; then \
263 $(INSTALL) -m 644 sshd_config.out $(DESTDIR)$(sysconfdir)/sshd_config; \ 261 $(INSTALL) -m 644 sshd_config.out $(DESTDIR)$(sysconfdir)/sshd_config; \
264 else \ 262 else \
265 echo "$(DESTDIR)$(sysconfdir)/sshd_config already exists, install will not overwrite"; \ 263 echo "$(DESTDIR)$(sysconfdir)/sshd_config already exists, install will not overwrite"; \
266 fi 264 fi
267 if [ -f ssh_prng_cmds -a ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \ 265 @if [ -f ssh_prng_cmds -a ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \
268 $(PERL) $(srcdir)/fixprogs ssh_prng_cmds $(ENT); \ 266 $(PERL) $(srcdir)/fixprogs ssh_prng_cmds $(ENT); \
269 if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds ] ; then \ 267 if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds ] ; then \
270 $(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \ 268 $(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \
@@ -272,7 +270,7 @@ install-files: scard-install
272 echo "$(DESTDIR)$(sysconfdir)/ssh_prng_cmds already exists, install will not overwrite"; \ 270 echo "$(DESTDIR)$(sysconfdir)/ssh_prng_cmds already exists, install will not overwrite"; \
273 fi ; \ 271 fi ; \
274 fi 272 fi
275 if [ ! -f $(DESTDIR)$(sysconfdir)/moduli ]; then \ 273 @if [ ! -f $(DESTDIR)$(sysconfdir)/moduli ]; then \
276 if [ -f $(DESTDIR)$(sysconfdir)/primes ]; then \ 274 if [ -f $(DESTDIR)$(sysconfdir)/primes ]; then \
277 echo "moving $(DESTDIR)$(sysconfdir)/primes to $(DESTDIR)$(sysconfdir)/moduli"; \ 275 echo "moving $(DESTDIR)$(sysconfdir)/primes to $(DESTDIR)$(sysconfdir)/moduli"; \
278 mv "$(DESTDIR)$(sysconfdir)/primes" "$(DESTDIR)$(sysconfdir)/moduli"; \ 276 mv "$(DESTDIR)$(sysconfdir)/primes" "$(DESTDIR)$(sysconfdir)/moduli"; \
@@ -284,7 +282,7 @@ install-files: scard-install
284 fi 282 fi
285 283
286host-key: ssh-keygen$(EXEEXT) 284host-key: ssh-keygen$(EXEEXT)
287 if [ -z "$(DESTDIR)" ] ; then \ 285 @if [ -z "$(DESTDIR)" ] ; then \
288 if [ -f "$(DESTDIR)$(sysconfdir)/ssh_host_key" ] ; then \ 286 if [ -f "$(DESTDIR)$(sysconfdir)/ssh_host_key" ] ; then \
289 echo "$(DESTDIR)$(sysconfdir)/ssh_host_key already exists, skipping." ; \ 287 echo "$(DESTDIR)$(sysconfdir)/ssh_host_key already exists, skipping." ; \
290 else \ 288 else \
diff --git a/TODO b/TODO
index 4331a1364..f667d59d6 100644
--- a/TODO
+++ b/TODO
@@ -18,7 +18,7 @@ Programming:
18- Handle changing passwords for the non-PAM expired password case 18- Handle changing passwords for the non-PAM expired password case
19 19
20- Improve PAM support (a pam_lastlog module will cause sshd to exit) 20- Improve PAM support (a pam_lastlog module will cause sshd to exit)
21 and maybe support alternate forms of authenications like OPIE via 21 and maybe support alternate forms of authentications like OPIE via
22 pam? 22 pam?
23 23
24- Rework PAM ChallengeResponseAuthentication 24- Rework PAM ChallengeResponseAuthentication
@@ -42,8 +42,38 @@ Programming:
42 solutions break scp or leaves processes hanging around after the ssh 42 solutions break scp or leaves processes hanging around after the ssh
43 connection has ended. It seems to be linked to two things. One 43 connection has ended. It seems to be linked to two things. One
44 select() under Linux is not as nice as others, and two the children 44 select() under Linux is not as nice as others, and two the children
45 of the shell are not killed on exiting the shell. Redhat have an excellent 45 of the shell are not killed on exiting the shell.
46 description of this in their RPM package. 46 A short run-down of what happens:
47 - The shell starts up, and starts its own session. As a side-effect, it
48 gets its own process group.
49 - The child forks off sleep, and because it's in the background, puts it
50 into its own process group. The sleep command inherits a copy of the
51 shell's descriptor for the tty as its stdout.
52 - The shell exits, but doesn't SIGHUP all of its child PIDs like it probably
53 should(?)
54 - The sshd server attempts to read from the master side of the pty, and
55 while there are still process with the pty open, no EOF is produced.
56 - The sleep command exits, closes its descriptor, sshd detects the EOF, and
57 the connection gets closed.
58 Ways we've tried fixing this in sshd, and why they didn't work out:
59 - SIGHUP the sshd's process group.
60 - The shell is in its own process group.
61 - Track process group IDs of all children before we reap them (via an extra
62 field in Session structures which holds the pgid for each child pid), and
63 SIGHUP the pgid when we reap.
64 - Background commands are in yet another process group.
65 - Close the connection when the child dies.
66 - Background commands may need to write data to the connection. Also
67 prematurely truncates output from some commands (scp server, the
68 famous "dd if=/dev/zero bs=1000 count=100" case).
69 Known workarounds:
70 - bash: shopt huponexit on
71 - tcsh: none
72 - zsh: setopt HUP (usually the default setting)
73 (taken from email from Jason Stone to openssh-unix-dev, 5 May 2001)
74 - pdksh: ?
75 This appears to affect NetKit rsh under Linux as well: it behaves the same
76 with 'sleep 20 & exit'.
47 77
48- Build an automated test suite 78- Build an automated test suite
49 79
@@ -103,4 +133,4 @@ PrivSep Issues:
103- Cygwin 133- Cygwin
104 + Privsep for Pre-auth only (no fd passing) 134 + Privsep for Pre-auth only (no fd passing)
105 135
106$Id: TODO,v 1.50 2002/06/25 17:12:27 mouring Exp $ 136$Id: TODO,v 1.51 2002/09/05 06:32:03 djm Exp $
diff --git a/acconfig.h b/acconfig.h
index 3e51d6112..3e058f3ea 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -1,4 +1,4 @@
1/* $Id: acconfig.h,v 1.141 2002/06/25 22:35:16 tim Exp $ */ 1/* $Id: acconfig.h,v 1.145 2002/09/26 00:38:48 tim Exp $ */
2 2
3#ifndef _CONFIG_H 3#ifndef _CONFIG_H
4#define _CONFIG_H 4#define _CONFIG_H
@@ -150,6 +150,9 @@
150/* Define if you don't want to use lastlog */ 150/* Define if you don't want to use lastlog */
151#undef DISABLE_LASTLOG 151#undef DISABLE_LASTLOG
152 152
153/* Define if you don't want to use lastlog in session.c */
154#undef NO_SSH_LASTLOG
155
153/* Define if you don't want to use utmp */ 156/* Define if you don't want to use utmp */
154#undef DISABLE_UTMP 157#undef DISABLE_UTMP
155 158
@@ -310,6 +313,9 @@
310/* Define if X11 doesn't support AF_UNIX sockets on that system */ 313/* Define if X11 doesn't support AF_UNIX sockets on that system */
311#undef NO_X11_UNIX_SOCKETS 314#undef NO_X11_UNIX_SOCKETS
312 315
316/* Define if the concept of ports only accessible to superusers isn't known */
317#undef NO_IPPORT_RESERVED_CONCEPT
318
313/* Needed for SCO and NeXT */ 319/* Needed for SCO and NeXT */
314#undef BROKEN_SAVED_UIDS 320#undef BROKEN_SAVED_UIDS
315 321
@@ -355,11 +361,8 @@
355/* Path that unprivileged child will chroot() to in privep mode */ 361/* Path that unprivileged child will chroot() to in privep mode */
356#undef PRIVSEP_PATH 362#undef PRIVSEP_PATH
357 363
358/* Define if you have the `mmap' function that supports MAP_ANON|SHARED */ 364/* Define if your platform needs to skip post auth file descriptor passing */
359#undef HAVE_MMAP_ANON_SHARED 365#undef DISABLE_FD_PASSING
360
361/* Define if sendmsg()/recvmsg() has problems passing file descriptors */
362#undef BROKEN_FD_PASSING
363 366
364@BOTTOM@ 367@BOTTOM@
365 368
diff --git a/auth-bsdauth.c b/auth-bsdauth.c
index 4f1b452b7..2ac27a7a2 100644
--- a/auth-bsdauth.c
+++ b/auth-bsdauth.c
@@ -22,7 +22,7 @@
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */ 23 */
24#include "includes.h" 24#include "includes.h"
25RCSID("$OpenBSD: auth-bsdauth.c,v 1.4 2002/06/19 00:27:55 deraadt Exp $"); 25RCSID("$OpenBSD: auth-bsdauth.c,v 1.5 2002/06/30 21:59:45 deraadt Exp $");
26 26
27#ifdef BSD_AUTH 27#ifdef BSD_AUTH
28#include "xmalloc.h" 28#include "xmalloc.h"
@@ -69,7 +69,7 @@ bsdauth_query(void *ctx, char **name, char **infotxt,
69 *name = xstrdup(""); 69 *name = xstrdup("");
70 *infotxt = xstrdup(""); 70 *infotxt = xstrdup("");
71 *numprompts = 1; 71 *numprompts = 1;
72 *prompts = xmalloc(*numprompts * sizeof(char*)); 72 *prompts = xmalloc(*numprompts * sizeof(char *));
73 *echo_on = xmalloc(*numprompts * sizeof(u_int)); 73 *echo_on = xmalloc(*numprompts * sizeof(u_int));
74 (*echo_on)[0] = 0; 74 (*echo_on)[0] = 0;
75 (*prompts)[0] = xstrdup(challenge); 75 (*prompts)[0] = xstrdup(challenge);
diff --git a/auth-krb4.c b/auth-krb4.c
index 1cc528aa0..b86ce7e49 100644
--- a/auth-krb4.c
+++ b/auth-krb4.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth-krb4.c,v 1.27 2002/06/11 05:46:20 mpech Exp $"); 26RCSID("$OpenBSD: auth-krb4.c,v 1.28 2002/09/26 11:38:43 markus Exp $");
27 27
28#include "ssh.h" 28#include "ssh.h"
29#include "ssh1.h" 29#include "ssh1.h"
@@ -210,10 +210,9 @@ krb4_cleanup_proc(void *context)
210} 210}
211 211
212int 212int
213auth_krb4(Authctxt *authctxt, KTEXT auth, char **client) 213auth_krb4(Authctxt *authctxt, KTEXT auth, char **client, KTEXT reply)
214{ 214{
215 AUTH_DAT adat = {0}; 215 AUTH_DAT adat = {0};
216 KTEXT_ST reply;
217 Key_schedule schedule; 216 Key_schedule schedule;
218 struct sockaddr_in local, foreign; 217 struct sockaddr_in local, foreign;
219 char instance[INST_SZ]; 218 char instance[INST_SZ];
@@ -263,21 +262,16 @@ auth_krb4(Authctxt *authctxt, KTEXT auth, char **client)
263 262
264 /* If we can't successfully encrypt the checksum, we send back an 263 /* If we can't successfully encrypt the checksum, we send back an
265 empty message, admitting our failure. */ 264 empty message, admitting our failure. */
266 if ((r = krb_mk_priv((u_char *) & cksum, reply.dat, sizeof(cksum) + 1, 265 if ((r = krb_mk_priv((u_char *) & cksum, reply->dat, sizeof(cksum) + 1,
267 schedule, &adat.session, &local, &foreign)) < 0) { 266 schedule, &adat.session, &local, &foreign)) < 0) {
268 debug("Kerberos v4 mk_priv: (%d) %s", r, krb_err_txt[r]); 267 debug("Kerberos v4 mk_priv: (%d) %s", r, krb_err_txt[r]);
269 reply.dat[0] = 0; 268 reply->dat[0] = 0;
270 reply.length = 0; 269 reply->length = 0;
271 } else 270 } else
272 reply.length = r; 271 reply->length = r;
273 272
274 /* Clear session key. */ 273 /* Clear session key. */
275 memset(&adat.session, 0, sizeof(&adat.session)); 274 memset(&adat.session, 0, sizeof(&adat.session));
276
277 packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE);
278 packet_put_string((char *) reply.dat, reply.length);
279 packet_send();
280 packet_write_wait();
281 return (1); 275 return (1);
282} 276}
283#endif /* KRB4 */ 277#endif /* KRB4 */
diff --git a/auth-krb5.c b/auth-krb5.c
index 308a6d5f9..512f70b78 100644
--- a/auth-krb5.c
+++ b/auth-krb5.c
@@ -28,7 +28,7 @@
28 */ 28 */
29 29
30#include "includes.h" 30#include "includes.h"
31RCSID("$OpenBSD: auth-krb5.c,v 1.8 2002/03/19 10:49:35 markus Exp $"); 31RCSID("$OpenBSD: auth-krb5.c,v 1.9 2002/09/09 06:48:06 itojun Exp $");
32 32
33#include "ssh.h" 33#include "ssh.h"
34#include "ssh1.h" 34#include "ssh1.h"
@@ -73,18 +73,17 @@ krb5_init(void *context)
73 * from the ticket 73 * from the ticket
74 */ 74 */
75int 75int
76auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client) 76auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *reply)
77{ 77{
78 krb5_error_code problem; 78 krb5_error_code problem;
79 krb5_principal server; 79 krb5_principal server;
80 krb5_data reply;
81 krb5_ticket *ticket; 80 krb5_ticket *ticket;
82 int fd, ret; 81 int fd, ret;
83 82
84 ret = 0; 83 ret = 0;
85 server = NULL; 84 server = NULL;
86 ticket = NULL; 85 ticket = NULL;
87 reply.length = 0; 86 reply->length = 0;
88 87
89 problem = krb5_init(authctxt); 88 problem = krb5_init(authctxt);
90 if (problem) 89 if (problem)
@@ -131,7 +130,7 @@ auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client)
131 130
132 /* if client wants mutual auth */ 131 /* if client wants mutual auth */
133 problem = krb5_mk_rep(authctxt->krb5_ctx, authctxt->krb5_auth_ctx, 132 problem = krb5_mk_rep(authctxt->krb5_ctx, authctxt->krb5_auth_ctx,
134 &reply); 133 reply);
135 if (problem) 134 if (problem)
136 goto err; 135 goto err;
137 136
@@ -144,19 +143,16 @@ auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client)
144 krb5_unparse_name(authctxt->krb5_ctx, authctxt->krb5_user, 143 krb5_unparse_name(authctxt->krb5_ctx, authctxt->krb5_user,
145 client); 144 client);
146 145
147 packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE);
148 packet_put_string((char *) reply.data, reply.length);
149 packet_send();
150 packet_write_wait();
151
152 ret = 1; 146 ret = 1;
153 err: 147 err:
154 if (server) 148 if (server)
155 krb5_free_principal(authctxt->krb5_ctx, server); 149 krb5_free_principal(authctxt->krb5_ctx, server);
156 if (ticket) 150 if (ticket)
157 krb5_free_ticket(authctxt->krb5_ctx, ticket); 151 krb5_free_ticket(authctxt->krb5_ctx, ticket);
158 if (reply.length) 152 if (!ret && reply->length) {
159 xfree(reply.data); 153 xfree(reply->data);
154 memset(reply, 0, sizeof(*reply));
155 }
160 156
161 if (problem) { 157 if (problem) {
162 if (authctxt->krb5_ctx != NULL) 158 if (authctxt->krb5_ctx != NULL)
diff --git a/auth-options.c b/auth-options.c
index 2787d2948..8595fdc14 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -10,9 +10,8 @@
10 */ 10 */
11 11
12#include "includes.h" 12#include "includes.h"
13RCSID("$OpenBSD: auth-options.c,v 1.24 2002/05/13 20:44:58 markus Exp $"); 13RCSID("$OpenBSD: auth-options.c,v 1.26 2002/07/30 17:03:55 markus Exp $");
14 14
15#include "packet.h"
16#include "xmalloc.h" 15#include "xmalloc.h"
17#include "match.h" 16#include "match.h"
18#include "log.h" 17#include "log.h"
@@ -20,7 +19,6 @@ RCSID("$OpenBSD: auth-options.c,v 1.24 2002/05/13 20:44:58 markus Exp $");
20#include "channels.h" 19#include "channels.h"
21#include "auth-options.h" 20#include "auth-options.h"
22#include "servconf.h" 21#include "servconf.h"
23#include "bufaux.h"
24#include "misc.h" 22#include "misc.h"
25#include "monitor_wrap.h" 23#include "monitor_wrap.h"
26#include "auth.h" 24#include "auth.h"
@@ -135,7 +133,8 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
135 goto next_option; 133 goto next_option;
136 } 134 }
137 cp = "environment=\""; 135 cp = "environment=\"";
138 if (strncasecmp(opts, cp, strlen(cp)) == 0) { 136 if (options.permit_user_env &&
137 strncasecmp(opts, cp, strlen(cp)) == 0) {
139 char *s; 138 char *s;
140 struct envstring *new_envstring; 139 struct envstring *new_envstring;
141 140
diff --git a/auth-options.h b/auth-options.h
index aa6270fd6..15fb21255 100644
--- a/auth-options.h
+++ b/auth-options.h
@@ -1,10 +1,9 @@
1/* $OpenBSD: auth-options.h,v 1.11 2002/03/04 17:27:39 stevesk Exp $ */ 1/* $OpenBSD: auth-options.h,v 1.12 2002/07/21 18:34:43 stevesk Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
5 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
6 * All rights reserved 6 * All rights reserved
7 * Functions to interface with the SSH_AUTHENTICATION_FD socket.
8 * 7 *
9 * As far as I am concerned, the code I have written for this software 8 * As far as I am concerned, the code I have written for this software
10 * can be used freely for any purpose. Any derived versions of this 9 * can be used freely for any purpose. Any derived versions of this
diff --git a/auth-pam.c b/auth-pam.c
index 490990dec..99b03f45b 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -25,10 +25,10 @@
25#include "includes.h" 25#include "includes.h"
26 26
27#ifdef USE_PAM 27#ifdef USE_PAM
28#include "ssh.h"
29#include "xmalloc.h" 28#include "xmalloc.h"
30#include "log.h" 29#include "log.h"
31#include "auth.h" 30#include "auth.h"
31#include "auth-options.h"
32#include "auth-pam.h" 32#include "auth-pam.h"
33#include "servconf.h" 33#include "servconf.h"
34#include "canohost.h" 34#include "canohost.h"
@@ -36,17 +36,21 @@
36 36
37extern char *__progname; 37extern char *__progname;
38 38
39RCSID("$Id: auth-pam.c,v 1.46 2002/05/08 02:27:56 djm Exp $"); 39extern int use_privsep;
40
41RCSID("$Id: auth-pam.c,v 1.54 2002/07/28 20:24:08 stevesk Exp $");
40 42
41#define NEW_AUTHTOK_MSG \ 43#define NEW_AUTHTOK_MSG \
42 "Warning: Your password has expired, please change it now" 44 "Warning: Your password has expired, please change it now."
45#define NEW_AUTHTOK_MSG_PRIVSEP \
46 "Your password has expired, the session cannot proceed."
43 47
44static int do_pam_conversation(int num_msg, const struct pam_message **msg, 48static int do_pam_conversation(int num_msg, const struct pam_message **msg,
45 struct pam_response **resp, void *appdata_ptr); 49 struct pam_response **resp, void *appdata_ptr);
46 50
47/* module-local variables */ 51/* module-local variables */
48static struct pam_conv conv = { 52static struct pam_conv conv = {
49 do_pam_conversation, 53 (int (*)())do_pam_conversation,
50 NULL 54 NULL
51}; 55};
52static char *__pam_msg = NULL; 56static char *__pam_msg = NULL;
@@ -55,7 +59,7 @@ static const char *__pampasswd = NULL;
55 59
56/* states for do_pam_conversation() */ 60/* states for do_pam_conversation() */
57enum { INITIAL_LOGIN, OTHER } pamstate = INITIAL_LOGIN; 61enum { INITIAL_LOGIN, OTHER } pamstate = INITIAL_LOGIN;
58/* remember whether pam_acct_mgmt() returned PAM_NEWAUTHTOK_REQD */ 62/* remember whether pam_acct_mgmt() returned PAM_NEW_AUTHTOK_REQD */
59static int password_change_required = 0; 63static int password_change_required = 0;
60/* remember whether the last pam_authenticate() succeeded or not */ 64/* remember whether the last pam_authenticate() succeeded or not */
61static int was_authenticated = 0; 65static int was_authenticated = 0;
@@ -100,9 +104,7 @@ static int do_pam_conversation(int num_msg, const struct pam_message **msg,
100 char buf[1024]; 104 char buf[1024];
101 105
102 /* PAM will free this later */ 106 /* PAM will free this later */
103 reply = malloc(num_msg * sizeof(*reply)); 107 reply = xmalloc(num_msg * sizeof(*reply));
104 if (reply == NULL)
105 return PAM_CONV_ERR;
106 108
107 for (count = 0; count < num_msg; count++) { 109 for (count = 0; count < num_msg; count++) {
108 if (pamstate == INITIAL_LOGIN) { 110 if (pamstate == INITIAL_LOGIN) {
@@ -112,11 +114,11 @@ static int do_pam_conversation(int num_msg, const struct pam_message **msg,
112 */ 114 */
113 switch(PAM_MSG_MEMBER(msg, count, msg_style)) { 115 switch(PAM_MSG_MEMBER(msg, count, msg_style)) {
114 case PAM_PROMPT_ECHO_ON: 116 case PAM_PROMPT_ECHO_ON:
115 free(reply); 117 xfree(reply);
116 return PAM_CONV_ERR; 118 return PAM_CONV_ERR;
117 case PAM_PROMPT_ECHO_OFF: 119 case PAM_PROMPT_ECHO_OFF:
118 if (__pampasswd == NULL) { 120 if (__pampasswd == NULL) {
119 free(reply); 121 xfree(reply);
120 return PAM_CONV_ERR; 122 return PAM_CONV_ERR;
121 } 123 }
122 reply[count].resp = xstrdup(__pampasswd); 124 reply[count].resp = xstrdup(__pampasswd);
@@ -124,7 +126,7 @@ static int do_pam_conversation(int num_msg, const struct pam_message **msg,
124 break; 126 break;
125 case PAM_ERROR_MSG: 127 case PAM_ERROR_MSG:
126 case PAM_TEXT_INFO: 128 case PAM_TEXT_INFO:
127 if ((*msg)[count].msg != NULL) { 129 if (PAM_MSG_MEMBER(msg, count, msg) != NULL) {
128 message_cat(&__pam_msg, 130 message_cat(&__pam_msg,
129 PAM_MSG_MEMBER(msg, count, msg)); 131 PAM_MSG_MEMBER(msg, count, msg));
130 } 132 }
@@ -132,7 +134,7 @@ static int do_pam_conversation(int num_msg, const struct pam_message **msg,
132 reply[count].resp_retcode = PAM_SUCCESS; 134 reply[count].resp_retcode = PAM_SUCCESS;
133 break; 135 break;
134 default: 136 default:
135 free(reply); 137 xfree(reply);
136 return PAM_CONV_ERR; 138 return PAM_CONV_ERR;
137 } 139 }
138 } else { 140 } else {
@@ -154,14 +156,14 @@ static int do_pam_conversation(int num_msg, const struct pam_message **msg,
154 break; 156 break;
155 case PAM_ERROR_MSG: 157 case PAM_ERROR_MSG:
156 case PAM_TEXT_INFO: 158 case PAM_TEXT_INFO:
157 if ((*msg)[count].msg != NULL) 159 if (PAM_MSG_MEMBER(msg, count, msg) != NULL)
158 fprintf(stderr, "%s\n", 160 fprintf(stderr, "%s\n",
159 PAM_MSG_MEMBER(msg, count, msg)); 161 PAM_MSG_MEMBER(msg, count, msg));
160 reply[count].resp = xstrdup(""); 162 reply[count].resp = xstrdup("");
161 reply[count].resp_retcode = PAM_SUCCESS; 163 reply[count].resp_retcode = PAM_SUCCESS;
162 break; 164 break;
163 default: 165 default:
164 free(reply); 166 xfree(reply);
165 return PAM_CONV_ERR; 167 return PAM_CONV_ERR;
166 } 168 }
167 } 169 }
@@ -256,9 +258,14 @@ int do_pam_account(char *username, char *remote_user)
256 break; 258 break;
257#if 0 259#if 0
258 case PAM_NEW_AUTHTOK_REQD: 260 case PAM_NEW_AUTHTOK_REQD:
259 message_cat(&__pam_msg, NEW_AUTHTOK_MSG); 261 message_cat(&__pam_msg, use_privsep ?
262 NEW_AUTHTOK_MSG_PRIVSEP : NEW_AUTHTOK_MSG);
260 /* flag that password change is necessary */ 263 /* flag that password change is necessary */
261 password_change_required = 1; 264 password_change_required = 1;
265 /* disallow other functionality for now */
266 no_port_forwarding_flag |= 2;
267 no_agent_forwarding_flag |= 2;
268 no_x11_forwarding_flag |= 2;
262 break; 269 break;
263#endif 270#endif
264 default: 271 default:
@@ -328,7 +335,7 @@ int is_pam_password_change_required(void)
328 * Have user change authentication token if pam_acct_mgmt() indicated 335 * Have user change authentication token if pam_acct_mgmt() indicated
329 * it was expired. This needs to be called after an interactive 336 * it was expired. This needs to be called after an interactive
330 * session is established and the user's pty is connected to 337 * session is established and the user's pty is connected to
331 * stdin/stout/stderr. 338 * stdin/stdout/stderr.
332 */ 339 */
333void do_pam_chauthtok(void) 340void do_pam_chauthtok(void)
334{ 341{
@@ -337,11 +344,23 @@ void do_pam_chauthtok(void)
337 do_pam_set_conv(&conv); 344 do_pam_set_conv(&conv);
338 345
339 if (password_change_required) { 346 if (password_change_required) {
347 if (use_privsep)
348 fatal("Password changing is currently unsupported"
349 " with privilege separation");
340 pamstate = OTHER; 350 pamstate = OTHER;
341 pam_retval = pam_chauthtok(__pamh, PAM_CHANGE_EXPIRED_AUTHTOK); 351 pam_retval = pam_chauthtok(__pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
342 if (pam_retval != PAM_SUCCESS) 352 if (pam_retval != PAM_SUCCESS)
343 fatal("PAM pam_chauthtok failed[%d]: %.200s", 353 fatal("PAM pam_chauthtok failed[%d]: %.200s",
344 pam_retval, PAM_STRERROR(__pamh, pam_retval)); 354 pam_retval, PAM_STRERROR(__pamh, pam_retval));
355#if 0
356 /* XXX: This would need to be done in the parent process,
357 * but there's currently no way to pass such request. */
358 no_port_forwarding_flag &= ~2;
359 no_agent_forwarding_flag &= ~2;
360 no_x11_forwarding_flag &= ~2;
361 if (!no_port_forwarding_flag && options.allow_tcp_forwarding)
362 channel_permit_all_opens();
363#endif
345 } 364 }
346} 365}
347 366
@@ -392,7 +411,7 @@ void start_pam(const char *user)
392 fatal_add_cleanup(&do_pam_cleanup_proc, NULL); 411 fatal_add_cleanup(&do_pam_cleanup_proc, NULL);
393} 412}
394 413
395/* Return list of PAM enviornment strings */ 414/* Return list of PAM environment strings */
396char **fetch_pam_environment(void) 415char **fetch_pam_environment(void)
397{ 416{
398#ifdef HAVE_PAM_GETENVLIST 417#ifdef HAVE_PAM_GETENVLIST
@@ -402,6 +421,16 @@ char **fetch_pam_environment(void)
402#endif /* HAVE_PAM_GETENVLIST */ 421#endif /* HAVE_PAM_GETENVLIST */
403} 422}
404 423
424void free_pam_environment(char **env)
425{
426 int i;
427
428 if (env != NULL) {
429 for (i = 0; env[i] != NULL; i++)
430 xfree(env[i]);
431 }
432}
433
405/* Print any messages that have been generated during authentication */ 434/* Print any messages that have been generated during authentication */
406/* or account checking to stderr */ 435/* or account checking to stderr */
407void print_pam_messages(void) 436void print_pam_messages(void)
diff --git a/auth-pam.h b/auth-pam.h
index 6b1f35add..7881b6b80 100644
--- a/auth-pam.h
+++ b/auth-pam.h
@@ -1,14 +1,41 @@
1/* $Id: auth-pam.h,v 1.12 2002/04/04 19:02:28 stevesk Exp $ */ 1/* $Id: auth-pam.h,v 1.16 2002/07/23 00:44:07 stevesk Exp $ */
2
3/*
4 * Copyright (c) 2000 Damien Miller. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
2 26
3#include "includes.h" 27#include "includes.h"
4#ifdef USE_PAM 28#ifdef USE_PAM
5 29
6#include <pwd.h> /* For struct passwd */ 30#if !defined(SSHD_PAM_SERVICE)
31# define SSHD_PAM_SERVICE __progname
32#endif
7 33
8void start_pam(const char *user); 34void start_pam(const char *user);
9void finish_pam(void); 35void finish_pam(void);
10int auth_pam_password(Authctxt *authctxt, const char *password); 36int auth_pam_password(Authctxt *authctxt, const char *password);
11char **fetch_pam_environment(void); 37char **fetch_pam_environment(void);
38void free_pam_environment(char **env);
12int do_pam_authenticate(int flags); 39int do_pam_authenticate(int flags);
13int do_pam_account(char *username, char *remote_user); 40int do_pam_account(char *username, char *remote_user);
14void do_pam_session(char *username, const char *ttyname); 41void do_pam_session(char *username, const char *ttyname);
diff --git a/auth-passwd.c b/auth-passwd.c
index 17bbd2ceb..185db7d6d 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -81,6 +81,9 @@ RCSID("$OpenBSD: auth-passwd.c,v 1.27 2002/05/24 16:45:16 stevesk Exp $");
81#endif /* !USE_PAM && !HAVE_OSF_SIA */ 81#endif /* !USE_PAM && !HAVE_OSF_SIA */
82 82
83extern ServerOptions options; 83extern ServerOptions options;
84#ifdef WITH_AIXAUTHENTICATE
85extern char *aixloginmsg;
86#endif
84 87
85/* 88/*
86 * Tries to authenticate the user using password. Returns true if 89 * Tries to authenticate the user using password. Returns true if
@@ -113,7 +116,7 @@ auth_password(Authctxt *authctxt, const char *password)
113#endif 116#endif
114#ifdef WITH_AIXAUTHENTICATE 117#ifdef WITH_AIXAUTHENTICATE
115 char *authmsg; 118 char *authmsg;
116 char *loginmsg; 119 int authsuccess;
117 int reenter = 1; 120 int reenter = 1;
118#endif 121#endif
119 122
@@ -145,7 +148,16 @@ auth_password(Authctxt *authctxt, const char *password)
145 } 148 }
146#endif 149#endif
147#ifdef WITH_AIXAUTHENTICATE 150#ifdef WITH_AIXAUTHENTICATE
148 return (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); 151 authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0);
152
153 if (authsuccess)
154 /* We don't have a pty yet, so just label the line as "ssh" */
155 if (loginsuccess(authctxt->user,
156 get_canonical_hostname(options.verify_reverse_mapping),
157 "ssh", &aixloginmsg) < 0)
158 aixloginmsg = NULL;
159
160 return(authsuccess);
149#endif 161#endif
150#ifdef KRB4 162#ifdef KRB4
151 if (options.kerberos_authentication == 1) { 163 if (options.kerberos_authentication == 1) {
diff --git a/auth-skey.c b/auth-skey.c
index eb13c5cc5..f9ea03fd1 100644
--- a/auth-skey.c
+++ b/auth-skey.c
@@ -22,7 +22,7 @@
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */ 23 */
24#include "includes.h" 24#include "includes.h"
25RCSID("$OpenBSD: auth-skey.c,v 1.19 2002/06/19 00:27:55 deraadt Exp $"); 25RCSID("$OpenBSD: auth-skey.c,v 1.20 2002/06/30 21:59:45 deraadt Exp $");
26 26
27#ifdef SKEY 27#ifdef SKEY
28 28
@@ -53,7 +53,7 @@ skey_query(void *ctx, char **name, char **infotxt,
53 *name = xstrdup(""); 53 *name = xstrdup("");
54 *infotxt = xstrdup(""); 54 *infotxt = xstrdup("");
55 *numprompts = 1; 55 *numprompts = 1;
56 *prompts = xmalloc(*numprompts * sizeof(char*)); 56 *prompts = xmalloc(*numprompts * sizeof(char *));
57 *echo_on = xmalloc(*numprompts * sizeof(u_int)); 57 *echo_on = xmalloc(*numprompts * sizeof(u_int));
58 (*echo_on)[0] = 0; 58 (*echo_on)[0] = 0;
59 59
diff --git a/auth.c b/auth.c
index 066b50d6b..48720da8f 100644
--- a/auth.c
+++ b/auth.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth.c,v 1.43 2002/05/17 14:27:55 millert Exp $"); 26RCSID("$OpenBSD: auth.c,v 1.45 2002/09/20 18:41:29 stevesk Exp $");
27 27
28#ifdef HAVE_LOGIN_H 28#ifdef HAVE_LOGIN_H
29#include <login.h> 29#include <login.h>
@@ -256,6 +256,14 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
256 get_remote_ipaddr(), 256 get_remote_ipaddr(),
257 get_remote_port(), 257 get_remote_port(),
258 info); 258 info);
259
260#ifdef WITH_AIXAUTHENTICATE
261 if (authenticated == 0 && strcmp(method, "password") == 0)
262 loginfailed(authctxt->user,
263 get_canonical_hostname(options.verify_reverse_mapping),
264 "ssh");
265#endif /* WITH_AIXAUTHENTICATE */
266
259} 267}
260 268
261/* 269/*
@@ -392,7 +400,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
392 400
393/* 401/*
394 * Check a given file for security. This is defined as all components 402 * Check a given file for security. This is defined as all components
395 * of the path to the file must either be owned by either the owner of 403 * of the path to the file must be owned by either the owner of
396 * of the file or root and no directories must be group or world writable. 404 * of the file or root and no directories must be group or world writable.
397 * 405 *
398 * XXX Should any specific check be done for sym links ? 406 * XXX Should any specific check be done for sym links ?
@@ -476,7 +484,12 @@ getpwnamallow(const char *user)
476 struct passwd *pw; 484 struct passwd *pw;
477 485
478 pw = getpwnam(user); 486 pw = getpwnam(user);
479 if (pw == NULL || !allowed_user(pw)) 487 if (pw == NULL) {
488 log("Illegal user %.100s from %.100s",
489 user, get_remote_ipaddr());
490 return (NULL);
491 }
492 if (!allowed_user(pw))
480 return (NULL); 493 return (NULL);
481#ifdef HAVE_LOGIN_CAP 494#ifdef HAVE_LOGIN_CAP
482 if ((lc = login_getclass(pw->pw_class)) == NULL) { 495 if ((lc = login_getclass(pw->pw_class)) == NULL) {
diff --git a/auth.h b/auth.h
index d98547d02..c75d75366 100644
--- a/auth.h
+++ b/auth.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth.h,v 1.39 2002/05/31 11:35:15 markus Exp $ */ 1/* $OpenBSD: auth.h,v 1.41 2002/09/26 11:38:43 markus Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -113,7 +113,7 @@ int user_key_allowed(struct passwd *, Key *);
113 113
114#ifdef KRB4 114#ifdef KRB4
115#include <krb.h> 115#include <krb.h>
116int auth_krb4(Authctxt *, KTEXT, char **); 116int auth_krb4(Authctxt *, KTEXT, char **, KTEXT);
117int auth_krb4_password(Authctxt *, const char *); 117int auth_krb4_password(Authctxt *, const char *);
118void krb4_cleanup_proc(void *); 118void krb4_cleanup_proc(void *);
119 119
@@ -126,7 +126,7 @@ int auth_afs_token(Authctxt *, const char *);
126#endif /* KRB4 */ 126#endif /* KRB4 */
127 127
128#ifdef KRB5 128#ifdef KRB5
129int auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client); 129int auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *);
130int auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt); 130int auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt);
131int auth_krb5_password(Authctxt *authctxt, const char *password); 131int auth_krb5_password(Authctxt *authctxt, const char *password);
132void krb5_cleanup_proc(void *authctxt); 132void krb5_cleanup_proc(void *authctxt);
diff --git a/auth1.c b/auth1.c
index 2ebc8d039..9527ba004 100644
--- a/auth1.c
+++ b/auth1.c
@@ -10,7 +10,7 @@
10 */ 10 */
11 11
12#include "includes.h" 12#include "includes.h"
13RCSID("$OpenBSD: auth1.c,v 1.41 2002/06/19 00:27:55 deraadt Exp $"); 13RCSID("$OpenBSD: auth1.c,v 1.44 2002/09/26 11:38:43 markus Exp $");
14 14
15#include "xmalloc.h" 15#include "xmalloc.h"
16#include "rsa.h" 16#include "rsa.h"
@@ -118,30 +118,49 @@ do_authloop(Authctxt *authctxt)
118 118
119 if (kdata[0] == 4) { /* KRB_PROT_VERSION */ 119 if (kdata[0] == 4) { /* KRB_PROT_VERSION */
120#ifdef KRB4 120#ifdef KRB4
121 KTEXT_ST tkt; 121 KTEXT_ST tkt, reply;
122
123 tkt.length = dlen; 122 tkt.length = dlen;
124 if (tkt.length < MAX_KTXT_LEN) 123 if (tkt.length < MAX_KTXT_LEN)
125 memcpy(tkt.dat, kdata, tkt.length); 124 memcpy(tkt.dat, kdata, tkt.length);
126 125
127 if (auth_krb4(authctxt, &tkt, &client_user)) { 126 if (PRIVSEP(auth_krb4(authctxt, &tkt,
127 &client_user, &reply))) {
128 authenticated = 1; 128 authenticated = 1;
129 snprintf(info, sizeof(info), 129 snprintf(info, sizeof(info),
130 " tktuser %.100s", 130 " tktuser %.100s",
131 client_user); 131 client_user);
132
133 packet_start(
134 SSH_SMSG_AUTH_KERBEROS_RESPONSE);
135 packet_put_string((char *)
136 reply.dat, reply.length);
137 packet_send();
138 packet_write_wait();
132 } 139 }
133#endif /* KRB4 */ 140#endif /* KRB4 */
134 } else { 141 } else {
135#ifdef KRB5 142#ifdef KRB5
136 krb5_data tkt; 143 krb5_data tkt, reply;
137 tkt.length = dlen; 144 tkt.length = dlen;
138 tkt.data = kdata; 145 tkt.data = kdata;
139 146
140 if (auth_krb5(authctxt, &tkt, &client_user)) { 147 if (PRIVSEP(auth_krb5(authctxt, &tkt,
148 &client_user, &reply))) {
141 authenticated = 1; 149 authenticated = 1;
142 snprintf(info, sizeof(info), 150 snprintf(info, sizeof(info),
143 " tktuser %.100s", 151 " tktuser %.100s",
144 client_user); 152 client_user);
153
154 /* Send response to client */
155 packet_start(
156 SSH_SMSG_AUTH_KERBEROS_RESPONSE);
157 packet_put_string((char *)
158 reply.data, reply.length);
159 packet_send();
160 packet_write_wait();
161
162 if (reply.length)
163 xfree(reply.data);
145 } 164 }
146#endif /* KRB5 */ 165#endif /* KRB5 */
147 } 166 }
@@ -292,6 +311,15 @@ do_authloop(Authctxt *authctxt)
292 fatal("INTERNAL ERROR: authenticated invalid user %s", 311 fatal("INTERNAL ERROR: authenticated invalid user %s",
293 authctxt->user); 312 authctxt->user);
294 313
314#ifdef _UNICOS
315 if (type == SSH_CMSG_AUTH_PASSWORD && !authenticated)
316 cray_login_failure(authctxt->user, IA_UDBERR);
317 if (authenticated && cray_access_denied(authctxt->user)) {
318 authenticated = 0;
319 fatal("Access denied for user %s.",authctxt->user);
320 }
321#endif /* _UNICOS */
322
295#ifdef HAVE_CYGWIN 323#ifdef HAVE_CYGWIN
296 if (authenticated && 324 if (authenticated &&
297 !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) { 325 !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) {
@@ -301,7 +329,8 @@ do_authloop(Authctxt *authctxt)
301 } 329 }
302#else 330#else
303 /* Special handling for root */ 331 /* Special handling for root */
304 if (authenticated && authctxt->pw->pw_uid == 0 && 332 if (!use_privsep &&
333 authenticated && authctxt->pw->pw_uid == 0 &&
305 !auth_root_allowed(get_authname(type))) 334 !auth_root_allowed(get_authname(type)))
306 authenticated = 0; 335 authenticated = 0;
307#endif 336#endif
@@ -323,12 +352,6 @@ do_authloop(Authctxt *authctxt)
323 return; 352 return;
324 353
325 if (authctxt->failures++ > AUTH_FAIL_MAX) { 354 if (authctxt->failures++ > AUTH_FAIL_MAX) {
326#ifdef WITH_AIXAUTHENTICATE
327 /* XXX: privsep */
328 loginfailed(authctxt->user,
329 get_canonical_hostname(options.verify_reverse_mapping),
330 "ssh");
331#endif /* WITH_AIXAUTHENTICATE */
332 packet_disconnect(AUTH_FAIL_MSG, authctxt->user); 355 packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
333 } 356 }
334 357
diff --git a/auth2-chall.c b/auth2-chall.c
index e1440f47d..0d1709307 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -23,7 +23,7 @@
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */ 24 */
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth2-chall.c,v 1.19 2002/06/26 13:55:37 markus Exp $"); 26RCSID("$OpenBSD: auth2-chall.c,v 1.20 2002/06/30 21:59:45 deraadt Exp $");
27 27
28#include "ssh2.h" 28#include "ssh2.h"
29#include "auth.h" 29#include "auth.h"
@@ -263,7 +263,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
263 if (nresp > 100) 263 if (nresp > 100)
264 fatal("input_userauth_info_response: too many replies"); 264 fatal("input_userauth_info_response: too many replies");
265 if (nresp > 0) { 265 if (nresp > 0) {
266 response = xmalloc(nresp * sizeof(char*)); 266 response = xmalloc(nresp * sizeof(char *));
267 for (i = 0; i < nresp; i++) 267 for (i = 0; i < nresp; i++)
268 response[i] = packet_get_string(NULL); 268 response[i] = packet_get_string(NULL);
269 } 269 }
diff --git a/auth2-none.c b/auth2-none.c
index 720d3c10f..c07b2dd81 100644
--- a/auth2-none.c
+++ b/auth2-none.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth2-none.c,v 1.3 2002/06/19 00:27:55 deraadt Exp $"); 26RCSID("$OpenBSD: auth2-none.c,v 1.4 2002/06/27 10:35:47 deraadt Exp $");
27 27
28#include "auth.h" 28#include "auth.h"
29#include "xmalloc.h" 29#include "xmalloc.h"
@@ -61,7 +61,7 @@ auth2_read_banner(void)
61 close(fd); 61 close(fd);
62 62
63 if (n != len) { 63 if (n != len) {
64 free(banner); 64 xfree(banner);
65 return (NULL); 65 return (NULL);
66 } 66 }
67 banner[n] = '\0'; 67 banner[n] = '\0';
diff --git a/auth2-pam.c b/auth2-pam.c
index 99aedeaeb..a2daf96b7 100644
--- a/auth2-pam.c
+++ b/auth2-pam.c
@@ -1,5 +1,5 @@
1#include "includes.h" 1#include "includes.h"
2RCSID("$Id: auth2-pam.c,v 1.13 2002/06/26 13:58:00 djm Exp $"); 2RCSID("$Id: auth2-pam.c,v 1.14 2002/06/28 16:48:12 mouring Exp $");
3 3
4#ifdef USE_PAM 4#ifdef USE_PAM
5#include <security/pam_appl.h> 5#include <security/pam_appl.h>
@@ -116,11 +116,11 @@ do_pam_conversation_kbd_int(int num_msg, const struct pam_message **msg,
116 while(context_pam2.finished == 0) { 116 while(context_pam2.finished == 0) {
117 done = 1; 117 done = 1;
118 dispatch_run(DISPATCH_BLOCK, &done, appdata_ptr); 118 dispatch_run(DISPATCH_BLOCK, &done, appdata_ptr);
119 if(context_pam2.finished == 0) 119 if (context_pam2.finished == 0)
120 debug("extra packet during conversation"); 120 debug("extra packet during conversation");
121 } 121 }
122 122
123 if(context_pam2.num_received == context_pam2.num_expected) { 123 if (context_pam2.num_received == context_pam2.num_expected) {
124 *resp = context_pam2.responses; 124 *resp = context_pam2.responses;
125 return PAM_SUCCESS; 125 return PAM_SUCCESS;
126 } else 126 } else
@@ -143,8 +143,8 @@ input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt)
143 143
144 if (nresp != context_pam2.num_expected) 144 if (nresp != context_pam2.num_expected)
145 fatal("%s: Received incorrect number of responses " 145 fatal("%s: Received incorrect number of responses "
146 "(expected %u, received %u)", __func__, nresp, 146 "(expected %d, received %u)", __func__,
147 context_pam2.num_expected); 147 context_pam2.num_expected, nresp);
148 148
149 if (nresp > 100) 149 if (nresp > 100)
150 fatal("%s: too many replies", __func__); 150 fatal("%s: too many replies", __func__);
@@ -163,5 +163,4 @@ input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt)
163 163
164 packet_check_eom(); 164 packet_check_eom();
165} 165}
166
167#endif 166#endif
diff --git a/auth2.c b/auth2.c
index 6dfd91f74..17c58552a 100644
--- a/auth2.c
+++ b/auth2.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth2.c,v 1.93 2002/05/31 11:35:15 markus Exp $"); 26RCSID("$OpenBSD: auth2.c,v 1.95 2002/08/22 21:33:58 markus Exp $");
27 27
28#include "ssh2.h" 28#include "ssh2.h"
29#include "xmalloc.h" 29#include "xmalloc.h"
@@ -102,7 +102,7 @@ input_service_request(int type, u_int32_t seq, void *ctxt)
102{ 102{
103 Authctxt *authctxt = ctxt; 103 Authctxt *authctxt = ctxt;
104 u_int len; 104 u_int len;
105 int accept = 0; 105 int acceptit = 0;
106 char *service = packet_get_string(&len); 106 char *service = packet_get_string(&len);
107 packet_check_eom(); 107 packet_check_eom();
108 108
@@ -111,14 +111,14 @@ input_service_request(int type, u_int32_t seq, void *ctxt)
111 111
112 if (strcmp(service, "ssh-userauth") == 0) { 112 if (strcmp(service, "ssh-userauth") == 0) {
113 if (!authctxt->success) { 113 if (!authctxt->success) {
114 accept = 1; 114 acceptit = 1;
115 /* now we can handle user-auth requests */ 115 /* now we can handle user-auth requests */
116 dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request); 116 dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request);
117 } 117 }
118 } 118 }
119 /* XXX all other service requests are denied */ 119 /* XXX all other service requests are denied */
120 120
121 if (accept) { 121 if (acceptit) {
122 packet_start(SSH2_MSG_SERVICE_ACCEPT); 122 packet_start(SSH2_MSG_SERVICE_ACCEPT);
123 packet_put_cstring(service); 123 packet_put_cstring(service);
124 packet_send(); 124 packet_send();
@@ -205,7 +205,8 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
205 authctxt->user); 205 authctxt->user);
206 206
207 /* Special handling for root */ 207 /* Special handling for root */
208 if (authenticated && authctxt->pw->pw_uid == 0 && 208 if (!use_privsep &&
209 authenticated && authctxt->pw->pw_uid == 0 &&
209 !auth_root_allowed(method)) 210 !auth_root_allowed(method))
210 authenticated = 0; 211 authenticated = 0;
211 212
@@ -215,6 +216,13 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
215 authenticated = 0; 216 authenticated = 0;
216#endif /* USE_PAM */ 217#endif /* USE_PAM */
217 218
219#ifdef _UNICOS
220 if (authenticated && cray_access_denied(authctxt->user)) {
221 authenticated = 0;
222 fatal("Access denied for user %s.",authctxt->user);
223 }
224#endif /* _UNICOS */
225
218 /* Log before sending the reply */ 226 /* Log before sending the reply */
219 auth_log(authctxt, authenticated, method, " ssh2"); 227 auth_log(authctxt, authenticated, method, " ssh2");
220 228
@@ -232,14 +240,12 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
232 authctxt->success = 1; 240 authctxt->success = 1;
233 } else { 241 } else {
234 if (authctxt->failures++ > AUTH_FAIL_MAX) { 242 if (authctxt->failures++ > AUTH_FAIL_MAX) {
235#ifdef WITH_AIXAUTHENTICATE
236 /* XXX: privsep */
237 loginfailed(authctxt->user,
238 get_canonical_hostname(options.verify_reverse_mapping),
239 "ssh");
240#endif /* WITH_AIXAUTHENTICATE */
241 packet_disconnect(AUTH_FAIL_MSG, authctxt->user); 243 packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
242 } 244 }
245#ifdef _UNICOS
246 if (strcmp(method, "password") == 0)
247 cray_login_failure(authctxt->user, IA_UDBERR);
248#endif /* _UNICOS */
243 methods = authmethods_get(); 249 methods = authmethods_get();
244 packet_start(SSH2_MSG_USERAUTH_FAILURE); 250 packet_start(SSH2_MSG_USERAUTH_FAILURE);
245 packet_put_cstring(methods); 251 packet_put_cstring(methods);
diff --git a/authfd.c b/authfd.c
index 4c4552d52..f04e0858b 100644
--- a/authfd.c
+++ b/authfd.c
@@ -35,7 +35,7 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: authfd.c,v 1.56 2002/06/25 16:22:42 markus Exp $"); 38RCSID("$OpenBSD: authfd.c,v 1.57 2002/09/11 18:27:26 stevesk Exp $");
39 39
40#include <openssl/evp.h> 40#include <openssl/evp.h>
41 41
@@ -53,6 +53,8 @@ RCSID("$OpenBSD: authfd.c,v 1.56 2002/06/25 16:22:42 markus Exp $");
53#include "log.h" 53#include "log.h"
54#include "atomicio.h" 54#include "atomicio.h"
55 55
56static int agent_present = 0;
57
56/* helper */ 58/* helper */
57int decode_reply(int type); 59int decode_reply(int type);
58 60
@@ -61,6 +63,21 @@ int decode_reply(int type);
61 ((x == SSH_AGENT_FAILURE) || (x == SSH_COM_AGENT2_FAILURE) || \ 63 ((x == SSH_AGENT_FAILURE) || (x == SSH_COM_AGENT2_FAILURE) || \
62 (x == SSH2_AGENT_FAILURE)) 64 (x == SSH2_AGENT_FAILURE))
63 65
66int
67ssh_agent_present(void)
68{
69 int authfd;
70
71 if (agent_present)
72 return 1;
73 if ((authfd = ssh_get_authentication_socket()) == -1)
74 return 0;
75 else {
76 ssh_close_authentication_socket(authfd);
77 return 1;
78 }
79}
80
64/* Returns the number of the authentication fd, or -1 if there is none. */ 81/* Returns the number of the authentication fd, or -1 if there is none. */
65 82
66int 83int
@@ -90,6 +107,7 @@ ssh_get_authentication_socket(void)
90 close(sock); 107 close(sock);
91 return -1; 108 return -1;
92 } 109 }
110 agent_present = 1;
93 return sock; 111 return sock;
94} 112}
95 113
diff --git a/authfd.h b/authfd.h
index b2767e5c1..38ee49e88 100644
--- a/authfd.h
+++ b/authfd.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: authfd.h,v 1.30 2002/06/19 00:27:55 deraadt Exp $ */ 1/* $OpenBSD: authfd.h,v 1.31 2002/09/11 18:27:25 stevesk Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -66,6 +66,7 @@ typedef struct {
66 int howmany; 66 int howmany;
67} AuthenticationConnection; 67} AuthenticationConnection;
68 68
69int ssh_agent_present(void);
69int ssh_get_authentication_socket(void); 70int ssh_get_authentication_socket(void);
70void ssh_close_authentication_socket(int); 71void ssh_close_authentication_socket(int);
71 72
diff --git a/autom4te-2.53.cache/output.0 b/autom4te-2.53.cache/output.0
index 921978182..97d453542 100644
--- a/autom4te-2.53.cache/output.0
+++ b/autom4te-2.53.cache/output.0
@@ -862,7 +862,7 @@ Optional Packages:
862 --with-kerberos5=PATH Enable Kerberos 5 support 862 --with-kerberos5=PATH Enable Kerberos 5 support
863 --with-kerberos4=PATH Enable Kerberos 4 support 863 --with-kerberos4=PATH Enable Kerberos 4 support
864 --with-afs=PATH Enable AFS support 864 --with-afs=PATH Enable AFS support
865 --with-privsep-path=xxx Path for privilege separation chroot 865 --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)
866 --with-xauth=PATH Specify path to xauth program 866 --with-xauth=PATH Specify path to xauth program
867 --with-mantype=man|cat|doc Set man page type 867 --with-mantype=man|cat|doc Set man page type
868 --with-md5-passwords Enable use of MD5 passwords 868 --with-md5-passwords Enable use of MD5 passwords
@@ -2760,52 +2760,6 @@ echo "${ECHO_T}no" >&6
2760fi 2760fi
2761 2761
2762 2762
2763for ac_prog in filepriv
2764do
2765 # Extract the first word of "$ac_prog", so it can be a program name with args.
2766set dummy $ac_prog; ac_word=$2
2767echo "$as_me:$LINENO: checking for $ac_word" >&5
2768echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
2769if test "${ac_cv_path_FILEPRIV+set}" = set; then
2770 echo $ECHO_N "(cached) $ECHO_C" >&6
2771else
2772 case $FILEPRIV in
2773 [\\/]* | ?:[\\/]*)
2774 ac_cv_path_FILEPRIV="$FILEPRIV" # Let the user override the test with a path.
2775 ;;
2776 *)
2777 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
2778as_dummy="/sbin:/usr/sbin"
2779for as_dir in $as_dummy
2780do
2781 IFS=$as_save_IFS
2782 test -z "$as_dir" && as_dir=.
2783 for ac_exec_ext in '' $ac_executable_extensions; do
2784 if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
2785 ac_cv_path_FILEPRIV="$as_dir/$ac_word$ac_exec_ext"
2786 echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
2787 break 2
2788 fi
2789done
2790done
2791
2792 ;;
2793esac
2794fi
2795FILEPRIV=$ac_cv_path_FILEPRIV
2796
2797if test -n "$FILEPRIV"; then
2798 echo "$as_me:$LINENO: result: $FILEPRIV" >&5
2799echo "${ECHO_T}$FILEPRIV" >&6
2800else
2801 echo "$as_me:$LINENO: result: no" >&5
2802echo "${ECHO_T}no" >&6
2803fi
2804
2805 test -n "$FILEPRIV" && break
2806done
2807test -n "$FILEPRIV" || FILEPRIV="true"
2808
2809# Extract the first word of "bash", so it can be a program name with args. 2763# Extract the first word of "bash", so it can be a program name with args.
2810set dummy bash; ac_word=$2 2764set dummy bash; ac_word=$2
2811echo "$as_me:$LINENO: checking for $ac_word" >&5 2765echo "$as_me:$LINENO: checking for $ac_word" >&5
@@ -3622,6 +3576,72 @@ if test $ac_cv_func_authenticate = yes; then
3622@%:@define WITH_AIXAUTHENTICATE 1 3576@%:@define WITH_AIXAUTHENTICATE 1
3623_ACEOF 3577_ACEOF
3624 3578
3579else
3580 echo "$as_me:$LINENO: checking for authenticate in -ls" >&5
3581echo $ECHO_N "checking for authenticate in -ls... $ECHO_C" >&6
3582if test "${ac_cv_lib_s_authenticate+set}" = set; then
3583 echo $ECHO_N "(cached) $ECHO_C" >&6
3584else
3585 ac_check_lib_save_LIBS=$LIBS
3586LIBS="-ls $LIBS"
3587cat >conftest.$ac_ext <<_ACEOF
3588#line $LINENO "configure"
3589#include "confdefs.h"
3590
3591/* Override any gcc2 internal prototype to avoid an error. */
3592#ifdef __cplusplus
3593extern "C"
3594#endif
3595/* We use char because int might match the return type of a gcc2
3596 builtin and then its argument prototype would still apply. */
3597char authenticate ();
3598#ifdef F77_DUMMY_MAIN
3599# ifdef __cplusplus
3600 extern "C"
3601# endif
3602 int F77_DUMMY_MAIN() { return 1; }
3603#endif
3604int
3605main ()
3606{
3607authenticate ();
3608 ;
3609 return 0;
3610}
3611_ACEOF
3612rm -f conftest.$ac_objext conftest$ac_exeext
3613if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
3614 (eval $ac_link) 2>&5
3615 ac_status=$?
3616 echo "$as_me:$LINENO: \$? = $ac_status" >&5
3617 (exit $ac_status); } &&
3618 { ac_try='test -s conftest$ac_exeext'
3619 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
3620 (eval $ac_try) 2>&5
3621 ac_status=$?
3622 echo "$as_me:$LINENO: \$? = $ac_status" >&5
3623 (exit $ac_status); }; }; then
3624 ac_cv_lib_s_authenticate=yes
3625else
3626 echo "$as_me: failed program was:" >&5
3627cat conftest.$ac_ext >&5
3628ac_cv_lib_s_authenticate=no
3629fi
3630rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
3631LIBS=$ac_check_lib_save_LIBS
3632fi
3633echo "$as_me:$LINENO: result: $ac_cv_lib_s_authenticate" >&5
3634echo "${ECHO_T}$ac_cv_lib_s_authenticate" >&6
3635if test $ac_cv_lib_s_authenticate = yes; then
3636 cat >>confdefs.h <<\_ACEOF
3637@%:@define WITH_AIXAUTHENTICATE 1
3638_ACEOF
3639
3640 LIBS="$LIBS -ls"
3641
3642fi
3643
3644
3625fi 3645fi
3626 3646
3627 cat >>confdefs.h <<\_ACEOF 3647 cat >>confdefs.h <<\_ACEOF
@@ -3668,7 +3688,11 @@ _ACEOF
3668_ACEOF 3688_ACEOF
3669 3689
3670 cat >>confdefs.h <<\_ACEOF 3690 cat >>confdefs.h <<\_ACEOF
3671@%:@define BROKEN_FD_PASSING 1 3691@%:@define NO_IPPORT_RESERVED_CONCEPT 1
3692_ACEOF
3693
3694 cat >>confdefs.h <<\_ACEOF
3695@%:@define DISABLE_FD_PASSING 1
3672_ACEOF 3696_ACEOF
3673 3697
3674 cat >>confdefs.h <<\_ACEOF 3698 cat >>confdefs.h <<\_ACEOF
@@ -3683,10 +3707,49 @@ _ACEOF
3683 3707
3684 ;; 3708 ;;
3685*-*-darwin*) 3709*-*-darwin*)
3710 echo "$as_me:$LINENO: checking if we have working getaddrinfo" >&5
3711echo $ECHO_N "checking if we have working getaddrinfo... $ECHO_C" >&6
3712 if test "$cross_compiling" = yes; then
3713 echo "$as_me:$LINENO: result: assume it is working" >&5
3714echo "${ECHO_T}assume it is working" >&6
3715else
3716 cat >conftest.$ac_ext <<_ACEOF
3717#line $LINENO "configure"
3718#include "confdefs.h"
3719#include <mach-o/dyld.h>
3720main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
3721 exit(0);
3722 else
3723 exit(1);
3724}
3725_ACEOF
3726rm -f conftest$ac_exeext
3727if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
3728 (eval $ac_link) 2>&5
3729 ac_status=$?
3730 echo "$as_me:$LINENO: \$? = $ac_status" >&5
3731 (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
3732 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
3733 (eval $ac_try) 2>&5
3734 ac_status=$?
3735 echo "$as_me:$LINENO: \$? = $ac_status" >&5
3736 (exit $ac_status); }; }; then
3737 echo "$as_me:$LINENO: result: working" >&5
3738echo "${ECHO_T}working" >&6
3739else
3740 echo "$as_me: program exited with status $ac_status" >&5
3741echo "$as_me: failed program was:" >&5
3742cat conftest.$ac_ext >&5
3743( exit $ac_status )
3744echo "$as_me:$LINENO: result: buggy" >&5
3745echo "${ECHO_T}buggy" >&6
3686 cat >>confdefs.h <<\_ACEOF 3746 cat >>confdefs.h <<\_ACEOF
3687@%:@define BROKEN_GETADDRINFO 1 3747@%:@define BROKEN_GETADDRINFO 1
3688_ACEOF 3748_ACEOF
3689 3749
3750fi
3751rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
3752fi
3690 ;; 3753 ;;
3691*-*-hpux10.26) 3754*-*-hpux10.26)
3692 if test -z "$GCC"; then 3755 if test -z "$GCC"; then
@@ -3722,7 +3785,76 @@ _ACEOF
3722@%:@define SPT_TYPE SPT_PSTAT 3785@%:@define SPT_TYPE SPT_PSTAT
3723_ACEOF 3786_ACEOF
3724 3787
3725 LIBS="$LIBS -lxnet -lsec -lsecpw" 3788 LIBS="$LIBS -lsec -lsecpw"
3789
3790echo "$as_me:$LINENO: checking for t_error in -lxnet" >&5
3791echo $ECHO_N "checking for t_error in -lxnet... $ECHO_C" >&6
3792if test "${ac_cv_lib_xnet_t_error+set}" = set; then
3793 echo $ECHO_N "(cached) $ECHO_C" >&6
3794else
3795 ac_check_lib_save_LIBS=$LIBS
3796LIBS="-lxnet $LIBS"
3797cat >conftest.$ac_ext <<_ACEOF
3798#line $LINENO "configure"
3799#include "confdefs.h"
3800
3801/* Override any gcc2 internal prototype to avoid an error. */
3802#ifdef __cplusplus
3803extern "C"
3804#endif
3805/* We use char because int might match the return type of a gcc2
3806 builtin and then its argument prototype would still apply. */
3807char t_error ();
3808#ifdef F77_DUMMY_MAIN
3809# ifdef __cplusplus
3810 extern "C"
3811# endif
3812 int F77_DUMMY_MAIN() { return 1; }
3813#endif
3814int
3815main ()
3816{
3817t_error ();
3818 ;
3819 return 0;
3820}
3821_ACEOF
3822rm -f conftest.$ac_objext conftest$ac_exeext
3823if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
3824 (eval $ac_link) 2>&5
3825 ac_status=$?
3826 echo "$as_me:$LINENO: \$? = $ac_status" >&5
3827 (exit $ac_status); } &&
3828 { ac_try='test -s conftest$ac_exeext'
3829 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
3830 (eval $ac_try) 2>&5
3831 ac_status=$?
3832 echo "$as_me:$LINENO: \$? = $ac_status" >&5
3833 (exit $ac_status); }; }; then
3834 ac_cv_lib_xnet_t_error=yes
3835else
3836 echo "$as_me: failed program was:" >&5
3837cat conftest.$ac_ext >&5
3838ac_cv_lib_xnet_t_error=no
3839fi
3840rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
3841LIBS=$ac_check_lib_save_LIBS
3842fi
3843echo "$as_me:$LINENO: result: $ac_cv_lib_xnet_t_error" >&5
3844echo "${ECHO_T}$ac_cv_lib_xnet_t_error" >&6
3845if test $ac_cv_lib_xnet_t_error = yes; then
3846 cat >>confdefs.h <<_ACEOF
3847@%:@define HAVE_LIBXNET 1
3848_ACEOF
3849
3850 LIBS="-lxnet $LIBS"
3851
3852else
3853 { { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5
3854echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;}
3855 { (exit 1); exit 1; }; }
3856fi
3857
3726 disable_ptmx_check=yes 3858 disable_ptmx_check=yes
3727 ;; 3859 ;;
3728*-*-hpux10*) 3860*-*-hpux10*)
@@ -3755,7 +3887,76 @@ _ACEOF
3755@%:@define SPT_TYPE SPT_PSTAT 3887@%:@define SPT_TYPE SPT_PSTAT
3756_ACEOF 3888_ACEOF
3757 3889
3758 LIBS="$LIBS -lxnet -lsec" 3890 LIBS="$LIBS -lsec"
3891
3892echo "$as_me:$LINENO: checking for t_error in -lxnet" >&5
3893echo $ECHO_N "checking for t_error in -lxnet... $ECHO_C" >&6
3894if test "${ac_cv_lib_xnet_t_error+set}" = set; then
3895 echo $ECHO_N "(cached) $ECHO_C" >&6
3896else
3897 ac_check_lib_save_LIBS=$LIBS
3898LIBS="-lxnet $LIBS"
3899cat >conftest.$ac_ext <<_ACEOF
3900#line $LINENO "configure"
3901#include "confdefs.h"
3902
3903/* Override any gcc2 internal prototype to avoid an error. */
3904#ifdef __cplusplus
3905extern "C"
3906#endif
3907/* We use char because int might match the return type of a gcc2
3908 builtin and then its argument prototype would still apply. */
3909char t_error ();
3910#ifdef F77_DUMMY_MAIN
3911# ifdef __cplusplus
3912 extern "C"
3913# endif
3914 int F77_DUMMY_MAIN() { return 1; }
3915#endif
3916int
3917main ()
3918{
3919t_error ();
3920 ;
3921 return 0;
3922}
3923_ACEOF
3924rm -f conftest.$ac_objext conftest$ac_exeext
3925if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
3926 (eval $ac_link) 2>&5
3927 ac_status=$?
3928 echo "$as_me:$LINENO: \$? = $ac_status" >&5
3929 (exit $ac_status); } &&
3930 { ac_try='test -s conftest$ac_exeext'
3931 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
3932 (eval $ac_try) 2>&5
3933 ac_status=$?
3934 echo "$as_me:$LINENO: \$? = $ac_status" >&5
3935 (exit $ac_status); }; }; then
3936 ac_cv_lib_xnet_t_error=yes
3937else
3938 echo "$as_me: failed program was:" >&5
3939cat conftest.$ac_ext >&5
3940ac_cv_lib_xnet_t_error=no
3941fi
3942rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
3943LIBS=$ac_check_lib_save_LIBS
3944fi
3945echo "$as_me:$LINENO: result: $ac_cv_lib_xnet_t_error" >&5
3946echo "${ECHO_T}$ac_cv_lib_xnet_t_error" >&6
3947if test $ac_cv_lib_xnet_t_error = yes; then
3948 cat >>confdefs.h <<_ACEOF
3949@%:@define HAVE_LIBXNET 1
3950_ACEOF
3951
3952 LIBS="-lxnet $LIBS"
3953
3954else
3955 { { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5
3956echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;}
3957 { (exit 1); exit 1; }; }
3958fi
3959
3759 ;; 3960 ;;
3760*-*-hpux11*) 3961*-*-hpux11*)
3761 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 3962 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
@@ -3788,7 +3989,76 @@ _ACEOF
3788@%:@define SPT_TYPE SPT_PSTAT 3989@%:@define SPT_TYPE SPT_PSTAT
3789_ACEOF 3990_ACEOF
3790 3991
3791 LIBS="$LIBS -lxnet -lsec" 3992 LIBS="$LIBS -lsec"
3993
3994echo "$as_me:$LINENO: checking for t_error in -lxnet" >&5
3995echo $ECHO_N "checking for t_error in -lxnet... $ECHO_C" >&6
3996if test "${ac_cv_lib_xnet_t_error+set}" = set; then
3997 echo $ECHO_N "(cached) $ECHO_C" >&6
3998else
3999 ac_check_lib_save_LIBS=$LIBS
4000LIBS="-lxnet $LIBS"
4001cat >conftest.$ac_ext <<_ACEOF
4002#line $LINENO "configure"
4003#include "confdefs.h"
4004
4005/* Override any gcc2 internal prototype to avoid an error. */
4006#ifdef __cplusplus
4007extern "C"
4008#endif
4009/* We use char because int might match the return type of a gcc2
4010 builtin and then its argument prototype would still apply. */
4011char t_error ();
4012#ifdef F77_DUMMY_MAIN
4013# ifdef __cplusplus
4014 extern "C"
4015# endif
4016 int F77_DUMMY_MAIN() { return 1; }
4017#endif
4018int
4019main ()
4020{
4021t_error ();
4022 ;
4023 return 0;
4024}
4025_ACEOF
4026rm -f conftest.$ac_objext conftest$ac_exeext
4027if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
4028 (eval $ac_link) 2>&5
4029 ac_status=$?
4030 echo "$as_me:$LINENO: \$? = $ac_status" >&5
4031 (exit $ac_status); } &&
4032 { ac_try='test -s conftest$ac_exeext'
4033 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
4034 (eval $ac_try) 2>&5
4035 ac_status=$?
4036 echo "$as_me:$LINENO: \$? = $ac_status" >&5
4037 (exit $ac_status); }; }; then
4038 ac_cv_lib_xnet_t_error=yes
4039else
4040 echo "$as_me: failed program was:" >&5
4041cat conftest.$ac_ext >&5
4042ac_cv_lib_xnet_t_error=no
4043fi
4044rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
4045LIBS=$ac_check_lib_save_LIBS
4046fi
4047echo "$as_me:$LINENO: result: $ac_cv_lib_xnet_t_error" >&5
4048echo "${ECHO_T}$ac_cv_lib_xnet_t_error" >&6
4049if test $ac_cv_lib_xnet_t_error = yes; then
4050 cat >>confdefs.h <<_ACEOF
4051@%:@define HAVE_LIBXNET 1
4052_ACEOF
4053
4054 LIBS="-lxnet $LIBS"
4055
4056else
4057 { { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5
4058echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;}
4059 { (exit 1); exit 1; }; }
4060fi
4061
3792 ;; 4062 ;;
3793*-*-irix5*) 4063*-*-irix5*)
3794 CPPFLAGS="$CPPFLAGS -I/usr/local/include" 4064 CPPFLAGS="$CPPFLAGS -I/usr/local/include"
@@ -3920,6 +4190,7 @@ _ACEOF
3920 SONY=1 4190 SONY=1
3921 ;; 4191 ;;
3922*-*-netbsd*) 4192*-*-netbsd*)
4193 check_for_libcrypt_before=1
3923 need_dash_r=1 4194 need_dash_r=1
3924 ;; 4195 ;;
3925*-*-freebsd*) 4196*-*-freebsd*)
@@ -4250,7 +4521,7 @@ _ACEOF
4250_ACEOF 4521_ACEOF
4251 4522
4252 cat >>confdefs.h <<\_ACEOF 4523 cat >>confdefs.h <<\_ACEOF
4253@%:@define BROKEN_FD_PASSING 1 4524@%:@define DISABLE_FD_PASSING 1
4254_ACEOF 4525_ACEOF
4255 4526
4256 4527
@@ -4332,6 +4603,21 @@ done
4332 4603
4333 MANTYPE=man 4604 MANTYPE=man
4334 ;; 4605 ;;
4606*-*-unicosmk*)
4607 no_libsocket=1
4608 no_libnsl=1
4609 cat >>confdefs.h <<\_ACEOF
4610@%:@define USE_PIPES 1
4611_ACEOF
4612
4613 cat >>confdefs.h <<\_ACEOF
4614@%:@define DISABLE_FD_PASSING 1
4615_ACEOF
4616
4617 LDFLAGS="$LDFLAGS"
4618 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
4619 MANTYPE=cat
4620 ;;
4335*-*-unicos*) 4621*-*-unicos*)
4336 no_libsocket=1 4622 no_libsocket=1
4337 no_libnsl=1 4623 no_libnsl=1
@@ -4340,11 +4626,16 @@ done
4340_ACEOF 4626_ACEOF
4341 4627
4342 cat >>confdefs.h <<\_ACEOF 4628 cat >>confdefs.h <<\_ACEOF
4343@%:@define BROKEN_FD_PASSING 1 4629@%:@define DISABLE_FD_PASSING 1
4630_ACEOF
4631
4632 cat >>confdefs.h <<\_ACEOF
4633@%:@define NO_SSH_LASTLOG 1
4344_ACEOF 4634_ACEOF
4345 4635
4346 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal,-L/usr/local/lib" 4636 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
4347 LIBS="$LIBS -lgen -lrsc" 4637 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
4638 MANTYPE=cat
4348 ;; 4639 ;;
4349*-dec-osf*) 4640*-dec-osf*)
4350 echo "$as_me:$LINENO: checking for Digital Unix SIA" >&5 4641 echo "$as_me:$LINENO: checking for Digital Unix SIA" >&5
@@ -4691,15 +4982,17 @@ done
4691 4982
4692 4983
4693 4984
4985
4986
4694for ac_header in bstring.h crypt.h endian.h floatingpoint.h \ 4987for ac_header in bstring.h crypt.h endian.h floatingpoint.h \
4695 getopt.h glob.h lastlog.h limits.h login.h \ 4988 getopt.h glob.h ia.h lastlog.h limits.h login.h \
4696 login_cap.h maillock.h netdb.h netgroup.h \ 4989 login_cap.h maillock.h netdb.h netgroup.h \
4697 netinet/in_systm.h paths.h pty.h readpassphrase.h \ 4990 netinet/in_systm.h paths.h pty.h readpassphrase.h \
4698 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ 4991 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
4699 strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ 4992 strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
4700 sys/mman.h sys/select.h sys/stat.h \ 4993 sys/mman.h sys/select.h sys/stat.h \
4701 sys/stropts.h sys/sysmacros.h sys/time.h \ 4994 sys/stropts.h sys/sysmacros.h sys/time.h \
4702 sys/un.h time.h ttyent.h usersec.h \ 4995 sys/un.h time.h tmpdir.h ttyent.h usersec.h \
4703 util.h utime.h utmp.h utmpx.h 4996 util.h utime.h utmp.h utmpx.h
4704do 4997do
4705as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` 4998as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
@@ -5646,7 +5939,11 @@ fi
5646echo "$as_me:$LINENO: result: $ac_cv_lib_c89_utimes" >&5 5939echo "$as_me:$LINENO: result: $ac_cv_lib_c89_utimes" >&5
5647echo "${ECHO_T}$ac_cv_lib_c89_utimes" >&6 5940echo "${ECHO_T}$ac_cv_lib_c89_utimes" >&6
5648if test $ac_cv_lib_c89_utimes = yes; then 5941if test $ac_cv_lib_c89_utimes = yes; then
5649 LIBS="$LIBS -lc89" 5942 cat >>confdefs.h <<\_ACEOF
5943@%:@define HAVE_UTIMES 1
5944_ACEOF
5945
5946 LIBS="$LIBS -lc89"
5650fi 5947fi
5651 5948
5652 5949
@@ -6176,7 +6473,7 @@ else
6176 6473
6177#include <sys/types.h> 6474#include <sys/types.h>
6178#include <dirent.h> 6475#include <dirent.h>
6179int main(void){struct dirent d;return(sizeof(d.d_name)<=sizeof(char));} 6476int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
6180 6477
6181_ACEOF 6478_ACEOF
6182rm -f conftest$ac_exeext 6479rm -f conftest$ac_exeext
@@ -6244,7 +6541,7 @@ else
6244 6541
6245#include <stdio.h> 6542#include <stdio.h>
6246#include <skey.h> 6543#include <skey.h>
6247int main() { char *ff = skey_keyinfo(""); ff=""; return 0; } 6544int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
6248 6545
6249_ACEOF 6546_ACEOF
6250rm -f conftest$ac_exeext 6547rm -f conftest$ac_exeext
@@ -6442,9 +6739,10 @@ fi;
6442 6739
6443 6740
6444 6741
6742
6445for ac_func in arc4random b64_ntop bcopy bindresvport_sa \ 6743for ac_func in arc4random b64_ntop bcopy bindresvport_sa \
6446 clock fchmod fchown freeaddrinfo futimes gai_strerror \ 6744 clock fchmod fchown freeaddrinfo futimes gai_strerror \
6447 getaddrinfo getcwd getgrouplist getnameinfo getopt \ 6745 getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\
6448 getrlimit getrusage getttyent glob inet_aton inet_ntoa \ 6746 getrlimit getrusage getttyent glob inet_aton inet_ntoa \
6449 inet_ntop innetgr login_getcapbool md5_crypt memmove \ 6747 inet_ntop innetgr login_getcapbool md5_crypt memmove \
6450 mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \ 6748 mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \
@@ -6528,63 +6826,6 @@ fi
6528done 6826done
6529 6827
6530 6828
6531if test $ac_cv_func_mmap = yes ; then
6532echo "$as_me:$LINENO: checking for mmap anon shared" >&5
6533echo $ECHO_N "checking for mmap anon shared... $ECHO_C" >&6
6534if test "$cross_compiling" = yes; then
6535 { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5
6536echo "$as_me: error: cannot run test program while cross compiling" >&2;}
6537 { (exit 1); exit 1; }; }
6538else
6539 cat >conftest.$ac_ext <<_ACEOF
6540#line $LINENO "configure"
6541#include "confdefs.h"
6542
6543#include <stdio.h>
6544#include <sys/mman.h>
6545#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
6546#define MAP_ANON MAP_ANONYMOUS
6547#endif
6548main() { char *p;
6549p = (char *) mmap(NULL, 10, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0);
6550if (p == (char *)-1)
6551 exit(1);
6552exit(0);
6553}
6554
6555_ACEOF
6556rm -f conftest$ac_exeext
6557if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
6558 (eval $ac_link) 2>&5
6559 ac_status=$?
6560 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6561 (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
6562 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
6563 (eval $ac_try) 2>&5
6564 ac_status=$?
6565 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6566 (exit $ac_status); }; }; then
6567
6568 echo "$as_me:$LINENO: result: yes" >&5
6569echo "${ECHO_T}yes" >&6
6570 cat >>confdefs.h <<\_ACEOF
6571@%:@define HAVE_MMAP_ANON_SHARED 1
6572_ACEOF
6573
6574
6575else
6576 echo "$as_me: program exited with status $ac_status" >&5
6577echo "$as_me: failed program was:" >&5
6578cat conftest.$ac_ext >&5
6579( exit $ac_status )
6580 echo "$as_me:$LINENO: result: no" >&5
6581echo "${ECHO_T}no" >&6
6582
6583fi
6584rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
6585fi
6586fi
6587
6588 6829
6589for ac_func in dirname 6830for ac_func in dirname
6590do 6831do
@@ -7697,7 +7938,7 @@ else
7697#include "confdefs.h" 7938#include "confdefs.h"
7698 7939
7699#include <stdio.h> 7940#include <stdio.h>
7700int main(void){char b[5];snprintf(b,5,"123456789");return(b[4]!='\0');} 7941int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
7701 7942
7702_ACEOF 7943_ACEOF
7703rm -f conftest$ac_exeext 7944rm -f conftest$ac_exeext
@@ -8090,6 +8331,76 @@ fi
8090rm -f conftest.$ac_objext conftest.$ac_ext 8331rm -f conftest.$ac_objext conftest.$ac_ext
8091fi 8332fi
8092 8333
8334# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
8335# because the system crypt() is more featureful.
8336if test "x$check_for_libcrypt_before" = "x1"; then
8337
8338echo "$as_me:$LINENO: checking for crypt in -lcrypt" >&5
8339echo $ECHO_N "checking for crypt in -lcrypt... $ECHO_C" >&6
8340if test "${ac_cv_lib_crypt_crypt+set}" = set; then
8341 echo $ECHO_N "(cached) $ECHO_C" >&6
8342else
8343 ac_check_lib_save_LIBS=$LIBS
8344LIBS="-lcrypt $LIBS"
8345cat >conftest.$ac_ext <<_ACEOF
8346#line $LINENO "configure"
8347#include "confdefs.h"
8348
8349/* Override any gcc2 internal prototype to avoid an error. */
8350#ifdef __cplusplus
8351extern "C"
8352#endif
8353/* We use char because int might match the return type of a gcc2
8354 builtin and then its argument prototype would still apply. */
8355char crypt ();
8356#ifdef F77_DUMMY_MAIN
8357# ifdef __cplusplus
8358 extern "C"
8359# endif
8360 int F77_DUMMY_MAIN() { return 1; }
8361#endif
8362int
8363main ()
8364{
8365crypt ();
8366 ;
8367 return 0;
8368}
8369_ACEOF
8370rm -f conftest.$ac_objext conftest$ac_exeext
8371if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
8372 (eval $ac_link) 2>&5
8373 ac_status=$?
8374 echo "$as_me:$LINENO: \$? = $ac_status" >&5
8375 (exit $ac_status); } &&
8376 { ac_try='test -s conftest$ac_exeext'
8377 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
8378 (eval $ac_try) 2>&5
8379 ac_status=$?
8380 echo "$as_me:$LINENO: \$? = $ac_status" >&5
8381 (exit $ac_status); }; }; then
8382 ac_cv_lib_crypt_crypt=yes
8383else
8384 echo "$as_me: failed program was:" >&5
8385cat conftest.$ac_ext >&5
8386ac_cv_lib_crypt_crypt=no
8387fi
8388rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
8389LIBS=$ac_check_lib_save_LIBS
8390fi
8391echo "$as_me:$LINENO: result: $ac_cv_lib_crypt_crypt" >&5
8392echo "${ECHO_T}$ac_cv_lib_crypt_crypt" >&6
8393if test $ac_cv_lib_crypt_crypt = yes; then
8394 cat >>confdefs.h <<_ACEOF
8395@%:@define HAVE_LIBCRYPT 1
8396_ACEOF
8397
8398 LIBS="-lcrypt $LIBS"
8399
8400fi
8401
8402fi
8403
8093# Search for OpenSSL 8404# Search for OpenSSL
8094saved_CPPFLAGS="$CPPFLAGS" 8405saved_CPPFLAGS="$CPPFLAGS"
8095saved_LDFLAGS="$LDFLAGS" 8406saved_LDFLAGS="$LDFLAGS"
@@ -8230,6 +8541,134 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
8230fi 8541fi
8231rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext 8542rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
8232 8543
8544# Determine OpenSSL header version
8545echo "$as_me:$LINENO: checking OpenSSL header version" >&5
8546echo $ECHO_N "checking OpenSSL header version... $ECHO_C" >&6
8547if test "$cross_compiling" = yes; then
8548 { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5
8549echo "$as_me: error: cannot run test program while cross compiling" >&2;}
8550 { (exit 1); exit 1; }; }
8551else
8552 cat >conftest.$ac_ext <<_ACEOF
8553#line $LINENO "configure"
8554#include "confdefs.h"
8555
8556#include <stdio.h>
8557#include <string.h>
8558#include <openssl/opensslv.h>
8559#define DATA "conftest.sslincver"
8560int main(void) {
8561 FILE *fd;
8562 int rc;
8563
8564 fd = fopen(DATA,"w");
8565 if(fd == NULL)
8566 exit(1);
8567
8568 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
8569 exit(1);
8570
8571 exit(0);
8572}
8573
8574_ACEOF
8575rm -f conftest$ac_exeext
8576if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
8577 (eval $ac_link) 2>&5
8578 ac_status=$?
8579 echo "$as_me:$LINENO: \$? = $ac_status" >&5
8580 (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
8581 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
8582 (eval $ac_try) 2>&5
8583 ac_status=$?
8584 echo "$as_me:$LINENO: \$? = $ac_status" >&5
8585 (exit $ac_status); }; }; then
8586
8587 ssl_header_ver=`cat conftest.sslincver`
8588 echo "$as_me:$LINENO: result: $ssl_header_ver" >&5
8589echo "${ECHO_T}$ssl_header_ver" >&6
8590
8591else
8592 echo "$as_me: program exited with status $ac_status" >&5
8593echo "$as_me: failed program was:" >&5
8594cat conftest.$ac_ext >&5
8595( exit $ac_status )
8596
8597 echo "$as_me:$LINENO: result: not found" >&5
8598echo "${ECHO_T}not found" >&6
8599 { { echo "$as_me:$LINENO: error: OpenSSL version header not found." >&5
8600echo "$as_me: error: OpenSSL version header not found." >&2;}
8601 { (exit 1); exit 1; }; }
8602
8603
8604fi
8605rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
8606fi
8607
8608# Determine OpenSSL library version
8609echo "$as_me:$LINENO: checking OpenSSL library version" >&5
8610echo $ECHO_N "checking OpenSSL library version... $ECHO_C" >&6
8611if test "$cross_compiling" = yes; then
8612 { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5
8613echo "$as_me: error: cannot run test program while cross compiling" >&2;}
8614 { (exit 1); exit 1; }; }
8615else
8616 cat >conftest.$ac_ext <<_ACEOF
8617#line $LINENO "configure"
8618#include "confdefs.h"
8619
8620#include <stdio.h>
8621#include <string.h>
8622#include <openssl/opensslv.h>
8623#include <openssl/crypto.h>
8624#define DATA "conftest.ssllibver"
8625int main(void) {
8626 FILE *fd;
8627 int rc;
8628
8629 fd = fopen(DATA,"w");
8630 if(fd == NULL)
8631 exit(1);
8632
8633 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
8634 exit(1);
8635
8636 exit(0);
8637}
8638
8639_ACEOF
8640rm -f conftest$ac_exeext
8641if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
8642 (eval $ac_link) 2>&5
8643 ac_status=$?
8644 echo "$as_me:$LINENO: \$? = $ac_status" >&5
8645 (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
8646 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
8647 (eval $ac_try) 2>&5
8648 ac_status=$?
8649 echo "$as_me:$LINENO: \$? = $ac_status" >&5
8650 (exit $ac_status); }; }; then
8651
8652 ssl_library_ver=`cat conftest.ssllibver`
8653 echo "$as_me:$LINENO: result: $ssl_library_ver" >&5
8654echo "${ECHO_T}$ssl_library_ver" >&6
8655
8656else
8657 echo "$as_me: program exited with status $ac_status" >&5
8658echo "$as_me: failed program was:" >&5
8659cat conftest.$ac_ext >&5
8660( exit $ac_status )
8661
8662 echo "$as_me:$LINENO: result: not found" >&5
8663echo "${ECHO_T}not found" >&6
8664 { { echo "$as_me:$LINENO: error: OpenSSL library not found." >&5
8665echo "$as_me: error: OpenSSL library not found." >&2;}
8666 { (exit 1); exit 1; }; }
8667
8668
8669fi
8670rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
8671fi
8233 8672
8234# Sanity check OpenSSL headers 8673# Sanity check OpenSSL headers
8235echo "$as_me:$LINENO: checking whether OpenSSL's headers match the library" >&5 8674echo "$as_me:$LINENO: checking whether OpenSSL's headers match the library" >&5
@@ -8245,7 +8684,7 @@ else
8245 8684
8246#include <string.h> 8685#include <string.h>
8247#include <openssl/opensslv.h> 8686#include <openssl/opensslv.h>
8248int main(void) { return(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } 8687int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
8249 8688
8250_ACEOF 8689_ACEOF
8251rm -f conftest$ac_exeext 8690rm -f conftest$ac_exeext
@@ -8361,7 +8800,7 @@ else
8361 8800
8362#include <string.h> 8801#include <string.h>
8363#include <openssl/rand.h> 8802#include <openssl/rand.h>
8364int main(void) { return(RAND_status() == 1 ? 0 : 1); } 8803int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
8365 8804
8366_ACEOF 8805_ACEOF
8367rm -f conftest$ac_exeext 8806rm -f conftest$ac_exeext
@@ -11321,7 +11760,16 @@ else
11321 cat >conftest.$ac_ext <<_ACEOF 11760 cat >conftest.$ac_ext <<_ACEOF
11322#line $LINENO "configure" 11761#line $LINENO "configure"
11323#include "confdefs.h" 11762#include "confdefs.h"
11324 #include <sys/types.h> 11763
11764#include <sys/types.h>
11765#ifdef HAVE_STDINT_H
11766# include <stdint.h>
11767#endif
11768#include <sys/socket.h>
11769#ifdef HAVE_SYS_BITYPES_H
11770# include <sys/bitypes.h>
11771#endif
11772
11325#ifdef F77_DUMMY_MAIN 11773#ifdef F77_DUMMY_MAIN
11326# ifdef __cplusplus 11774# ifdef __cplusplus
11327 extern "C" 11775 extern "C"
@@ -11365,109 +11813,6 @@ if test "x$ac_cv_have_int64_t" = "xyes" ; then
11365@%:@define HAVE_INT64_T 1 11813@%:@define HAVE_INT64_T 1
11366_ACEOF 11814_ACEOF
11367 11815
11368 have_int64_t=1
11369fi
11370
11371if test -z "$have_int64_t" ; then
11372 echo "$as_me:$LINENO: checking for int64_t type in sys/socket.h" >&5
11373echo $ECHO_N "checking for int64_t type in sys/socket.h... $ECHO_C" >&6
11374 cat >conftest.$ac_ext <<_ACEOF
11375#line $LINENO "configure"
11376#include "confdefs.h"
11377 #include <sys/socket.h>
11378#ifdef F77_DUMMY_MAIN
11379# ifdef __cplusplus
11380 extern "C"
11381# endif
11382 int F77_DUMMY_MAIN() { return 1; }
11383#endif
11384int
11385main ()
11386{
11387 int64_t a; a = 1
11388 ;
11389 return 0;
11390}
11391_ACEOF
11392rm -f conftest.$ac_objext
11393if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
11394 (eval $ac_compile) 2>&5
11395 ac_status=$?
11396 echo "$as_me:$LINENO: \$? = $ac_status" >&5
11397 (exit $ac_status); } &&
11398 { ac_try='test -s conftest.$ac_objext'
11399 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
11400 (eval $ac_try) 2>&5
11401 ac_status=$?
11402 echo "$as_me:$LINENO: \$? = $ac_status" >&5
11403 (exit $ac_status); }; }; then
11404
11405 cat >>confdefs.h <<\_ACEOF
11406@%:@define HAVE_INT64_T 1
11407_ACEOF
11408
11409 echo "$as_me:$LINENO: result: yes" >&5
11410echo "${ECHO_T}yes" >&6
11411
11412else
11413 echo "$as_me: failed program was:" >&5
11414cat conftest.$ac_ext >&5
11415 echo "$as_me:$LINENO: result: no" >&5
11416echo "${ECHO_T}no" >&6
11417
11418fi
11419rm -f conftest.$ac_objext conftest.$ac_ext
11420fi
11421
11422if test -z "$have_int64_t" ; then
11423 echo "$as_me:$LINENO: checking for int64_t type in sys/bitypes.h" >&5
11424echo $ECHO_N "checking for int64_t type in sys/bitypes.h... $ECHO_C" >&6
11425 cat >conftest.$ac_ext <<_ACEOF
11426#line $LINENO "configure"
11427#include "confdefs.h"
11428 #include <sys/bitypes.h>
11429#ifdef F77_DUMMY_MAIN
11430# ifdef __cplusplus
11431 extern "C"
11432# endif
11433 int F77_DUMMY_MAIN() { return 1; }
11434#endif
11435int
11436main ()
11437{
11438 int64_t a; a = 1
11439 ;
11440 return 0;
11441}
11442_ACEOF
11443rm -f conftest.$ac_objext
11444if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
11445 (eval $ac_compile) 2>&5
11446 ac_status=$?
11447 echo "$as_me:$LINENO: \$? = $ac_status" >&5
11448 (exit $ac_status); } &&
11449 { ac_try='test -s conftest.$ac_objext'
11450 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
11451 (eval $ac_try) 2>&5
11452 ac_status=$?
11453 echo "$as_me:$LINENO: \$? = $ac_status" >&5
11454 (exit $ac_status); }; }; then
11455
11456 cat >>confdefs.h <<\_ACEOF
11457@%:@define HAVE_INT64_T 1
11458_ACEOF
11459
11460 echo "$as_me:$LINENO: result: yes" >&5
11461echo "${ECHO_T}yes" >&6
11462
11463else
11464 echo "$as_me: failed program was:" >&5
11465cat conftest.$ac_ext >&5
11466 echo "$as_me:$LINENO: result: no" >&5
11467echo "${ECHO_T}no" >&6
11468
11469fi
11470rm -f conftest.$ac_objext conftest.$ac_ext
11471fi 11816fi
11472 11817
11473echo "$as_me:$LINENO: checking for u_intXX_t types" >&5 11818echo "$as_me:$LINENO: checking for u_intXX_t types" >&5
@@ -15334,6 +15679,11 @@ if test "${with_xauth+set}" = set; then
15334 15679
15335else 15680else
15336 15681
15682 TestPath="$PATH"
15683 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
15684 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
15685 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
15686 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
15337 # Extract the first word of "xauth", so it can be a program name with args. 15687 # Extract the first word of "xauth", so it can be a program name with args.
15338set dummy xauth; ac_word=$2 15688set dummy xauth; ac_word=$2
15339echo "$as_me:$LINENO: checking for $ac_word" >&5 15689echo "$as_me:$LINENO: checking for $ac_word" >&5
@@ -15347,7 +15697,7 @@ else
15347 ;; 15697 ;;
15348 *) 15698 *)
15349 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR 15699 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
15350for as_dir in $PATH:/usr/X/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/openwin/bin 15700for as_dir in $TestPath
15351do 15701do
15352 IFS=$as_save_IFS 15702 IFS=$as_save_IFS
15353 test -z "$as_dir" && as_dir=. 15703 test -z "$as_dir" && as_dir=.
@@ -15482,6 +15832,7 @@ echo "$as_me: error: invalid man type: $withval" >&2;}
15482 15832
15483fi; 15833fi;
15484if test -z "$MANTYPE"; then 15834if test -z "$MANTYPE"; then
15835 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
15485 for ac_prog in nroff awf 15836 for ac_prog in nroff awf
15486do 15837do
15487 # Extract the first word of "$ac_prog", so it can be a program name with args. 15838 # Extract the first word of "$ac_prog", so it can be a program name with args.
@@ -15497,8 +15848,7 @@ else
15497 ;; 15848 ;;
15498 *) 15849 *)
15499 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR 15850 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
15500as_dummy="/usr/bin:/usr/ucb" 15851for as_dir in $TestPath
15501for as_dir in $as_dummy
15502do 15852do
15503 IFS=$as_save_IFS 15853 IFS=$as_save_IFS
15504 test -z "$as_dir" && as_dir=. 15854 test -z "$as_dir" && as_dir=.
@@ -16997,7 +17347,6 @@ s,@INSTALL_DATA@,$INSTALL_DATA,;t t
16997s,@AR@,$AR,;t t 17347s,@AR@,$AR,;t t
16998s,@PERL@,$PERL,;t t 17348s,@PERL@,$PERL,;t t
16999s,@ENT@,$ENT,;t t 17349s,@ENT@,$ENT,;t t
17000s,@FILEPRIV@,$FILEPRIV,;t t
17001s,@TEST_MINUS_S_SH@,$TEST_MINUS_S_SH,;t t 17350s,@TEST_MINUS_S_SH@,$TEST_MINUS_S_SH,;t t
17002s,@SH@,$SH,;t t 17351s,@SH@,$SH,;t t
17003s,@LOGIN_PROGRAM_FALLBACK@,$LOGIN_PROGRAM_FALLBACK,;t t 17352s,@LOGIN_PROGRAM_FALLBACK@,$LOGIN_PROGRAM_FALLBACK,;t t
diff --git a/autom4te-2.53.cache/traces.0 b/autom4te-2.53.cache/traces.0
index 6eb0daac7..3fcfab66c 100644
--- a/autom4te-2.53.cache/traces.0
+++ b/autom4te-2.53.cache/traces.0
@@ -94,283 +94,314 @@ m4trace:configure.ac:16: -1- AC_SUBST([PERL], [$ac_cv_path_PERL])
94m4trace:configure.ac:17: -1- AC_SUBST([PERL]) 94m4trace:configure.ac:17: -1- AC_SUBST([PERL])
95m4trace:configure.ac:18: -1- AC_SUBST([ENT], [$ac_cv_path_ENT]) 95m4trace:configure.ac:18: -1- AC_SUBST([ENT], [$ac_cv_path_ENT])
96m4trace:configure.ac:19: -1- AC_SUBST([ENT]) 96m4trace:configure.ac:19: -1- AC_SUBST([ENT])
97m4trace:configure.ac:20: -1- AC_SUBST([FILEPRIV], [$ac_cv_path_FILEPRIV]) 97m4trace:configure.ac:20: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH])
98m4trace:configure.ac:21: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH]) 98m4trace:configure.ac:21: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH])
99m4trace:configure.ac:22: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH]) 99m4trace:configure.ac:22: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH])
100m4trace:configure.ac:23: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH]) 100m4trace:configure.ac:23: -1- AC_SUBST([SH], [$ac_cv_path_SH])
101m4trace:configure.ac:24: -1- AC_SUBST([SH], [$ac_cv_path_SH]) 101m4trace:configure.ac:26: -1- AC_DEFINE_TRACE_LITERAL([_FILE_OFFSET_BITS])
102m4trace:configure.ac:27: -1- AC_DEFINE_TRACE_LITERAL([_FILE_OFFSET_BITS]) 102m4trace:configure.ac:26: -1- AH_OUTPUT([_FILE_OFFSET_BITS], [/* Number of bits in a file offset, on hosts where this is settable. */
103m4trace:configure.ac:27: -1- AH_OUTPUT([_FILE_OFFSET_BITS], [/* Number of bits in a file offset, on hosts where this is settable. */
104#undef _FILE_OFFSET_BITS]) 103#undef _FILE_OFFSET_BITS])
105m4trace:configure.ac:27: -1- AC_DEFINE_TRACE_LITERAL([_LARGE_FILES]) 104m4trace:configure.ac:26: -1- AC_DEFINE_TRACE_LITERAL([_LARGE_FILES])
106m4trace:configure.ac:27: -1- AH_OUTPUT([_LARGE_FILES], [/* Define for large files, on AIX-style hosts. */ 105m4trace:configure.ac:26: -1- AH_OUTPUT([_LARGE_FILES], [/* Define for large files, on AIX-style hosts. */
107#undef _LARGE_FILES]) 106#undef _LARGE_FILES])
108m4trace:configure.ac:35: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_PROGRAM_FALLBACK]) 107m4trace:configure.ac:34: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_PROGRAM_FALLBACK])
109m4trace:configure.ac:38: -1- AC_SUBST([LOGIN_PROGRAM_FALLBACK], [$ac_cv_path_LOGIN_PROGRAM_FALLBACK]) 108m4trace:configure.ac:37: -1- AC_SUBST([LOGIN_PROGRAM_FALLBACK], [$ac_cv_path_LOGIN_PROGRAM_FALLBACK])
110m4trace:configure.ac:40: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_PROGRAM_FALLBACK]) 109m4trace:configure.ac:39: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_PROGRAM_FALLBACK])
111m4trace:configure.ac:47: -1- AC_SUBST([LD]) 110m4trace:configure.ac:46: -1- AC_SUBST([LD])
112m4trace:configure.ac:49: -1- AC_C_INLINE 111m4trace:configure.ac:48: -1- AC_C_INLINE
113m4trace:configure.ac:49: -1- AC_DEFINE_TRACE_LITERAL([inline]) 112m4trace:configure.ac:48: -1- AC_DEFINE_TRACE_LITERAL([inline])
114m4trace:configure.ac:49: -1- AH_OUTPUT([inline], [/* Define as \`__inline' if that's what the C compiler calls it, or to nothing 113m4trace:configure.ac:48: -1- AH_OUTPUT([inline], [/* Define as \`__inline' if that's what the C compiler calls it, or to nothing
115 if it is not supported. */ 114 if it is not supported. */
116#undef inline]) 115#undef inline])
117m4trace:configure.ac:49: -1- AC_DEFINE_TRACE_LITERAL([inline]) 116m4trace:configure.ac:48: -1- AC_DEFINE_TRACE_LITERAL([inline])
118m4trace:configure.ac:74: -1- AC_DEFINE_TRACE_LITERAL([WITH_AIXAUTHENTICATE]) 117m4trace:configure.ac:78: -1- AC_DEFINE_TRACE_LITERAL([WITH_AIXAUTHENTICATE])
119m4trace:configure.ac:75: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_GETADDRINFO]) 118m4trace:configure.ac:78: -1- AC_CHECK_LIB([s], [authenticate], [ AC_DEFINE(WITH_AIXAUTHENTICATE)
120m4trace:configure.ac:76: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_REALPATH]) 119 LIBS="$LIBS -ls"
121m4trace:configure.ac:78: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG]) 120 ])
122m4trace:configure.ac:79: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) 121m4trace:configure.ac:78: -1- AC_DEFINE_TRACE_LITERAL([WITH_AIXAUTHENTICATE])
123m4trace:configure.ac:83: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CYGWIN]) 122m4trace:configure.ac:79: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_GETADDRINFO])
124m4trace:configure.ac:84: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) 123m4trace:configure.ac:80: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_REALPATH])
125m4trace:configure.ac:85: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) 124m4trace:configure.ac:82: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG])
126m4trace:configure.ac:86: -1- AC_DEFINE_TRACE_LITERAL([IPV4_DEFAULT]) 125m4trace:configure.ac:83: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
127m4trace:configure.ac:87: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN]) 126m4trace:configure.ac:87: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CYGWIN])
128m4trace:configure.ac:88: -1- AC_DEFINE_TRACE_LITERAL([NO_X11_UNIX_SOCKETS]) 127m4trace:configure.ac:88: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
129m4trace:configure.ac:89: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_FD_PASSING]) 128m4trace:configure.ac:89: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
130m4trace:configure.ac:90: -1- AC_DEFINE_TRACE_LITERAL([SETGROUPS_NOOP]) 129m4trace:configure.ac:90: -1- AC_DEFINE_TRACE_LITERAL([IPV4_DEFAULT])
131m4trace:configure.ac:93: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN]) 130m4trace:configure.ac:91: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN])
132m4trace:configure.ac:96: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_GETADDRINFO]) 131m4trace:configure.ac:92: -1- AC_DEFINE_TRACE_LITERAL([NO_X11_UNIX_SOCKETS])
133m4trace:configure.ac:104: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE]) 132m4trace:configure.ac:93: -1- AC_DEFINE_TRACE_LITERAL([NO_IPPORT_RESERVED_CONCEPT])
134m4trace:configure.ac:105: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) 133m4trace:configure.ac:94: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING])
135m4trace:configure.ac:106: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT]) 134m4trace:configure.ac:95: -1- AC_DEFINE_TRACE_LITERAL([SETGROUPS_NOOP])
136m4trace:configure.ac:107: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) 135m4trace:configure.ac:98: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN])
137m4trace:configure.ac:108: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) 136m4trace:configure.ac:110: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_GETADDRINFO])
138m4trace:configure.ac:109: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) 137m4trace:configure.ac:118: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE])
139m4trace:configure.ac:110: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE]) 138m4trace:configure.ac:119: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
140m4trace:configure.ac:120: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) 139m4trace:configure.ac:120: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT])
141m4trace:configure.ac:121: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT]) 140m4trace:configure.ac:121: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
142m4trace:configure.ac:122: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) 141m4trace:configure.ac:122: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
143m4trace:configure.ac:123: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) 142m4trace:configure.ac:123: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
144m4trace:configure.ac:124: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) 143m4trace:configure.ac:124: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE])
145m4trace:configure.ac:125: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE]) 144m4trace:configure.ac:126: -1- AC_CHECK_LIB([xnet], [t_error], [], [{ { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5
146m4trace:configure.ac:131: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE]) 145echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;}
147m4trace:configure.ac:132: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) 146 { (exit 1); exit 1; }; }])
148m4trace:configure.ac:133: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT]) 147m4trace:configure.ac:126: -1- AH_OUTPUT([HAVE_LIBXNET], [/* Define to 1 if you have the \`xnet' library (-lxnet). */
149m4trace:configure.ac:134: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) 148#undef HAVE_LIBXNET])
150m4trace:configure.ac:135: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) 149m4trace:configure.ac:126: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBXNET])
151m4trace:configure.ac:136: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) 150m4trace:configure.ac:135: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
152m4trace:configure.ac:137: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE]) 151m4trace:configure.ac:136: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT])
153m4trace:configure.ac:144: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_INET_NTOA]) 152m4trace:configure.ac:137: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
154m4trace:configure.ac:145: -1- AC_DEFINE_TRACE_LITERAL([WITH_ABBREV_NO_TTY]) 153m4trace:configure.ac:138: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
155m4trace:configure.ac:151: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_ARRAY]) 154m4trace:configure.ac:139: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
156m4trace:configure.ac:152: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_PROJECT]) 155m4trace:configure.ac:140: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE])
157m4trace:configure.ac:153: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_AUDIT]) 156m4trace:configure.ac:142: -1- AC_CHECK_LIB([xnet], [t_error], [], [{ { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5
158m4trace:configure.ac:154: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_JOBS]) 157echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;}
159m4trace:configure.ac:155: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_INET_NTOA]) 158 { (exit 1); exit 1; }; }])
160m4trace:configure.ac:156: -1- AC_DEFINE_TRACE_LITERAL([WITH_ABBREV_NO_TTY]) 159m4trace:configure.ac:142: -1- AH_OUTPUT([HAVE_LIBXNET], [/* Define to 1 if you have the \`xnet' library (-lxnet). */
161m4trace:configure.ac:161: -1- AC_DEFINE_TRACE_LITERAL([DONT_TRY_OTHER_AF]) 160#undef HAVE_LIBXNET])
162m4trace:configure.ac:162: -1- AC_DEFINE_TRACE_LITERAL([PAM_TTY_KLUDGE]) 161m4trace:configure.ac:142: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBXNET])
163m4trace:configure.ac:166: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NEWS4]) 162m4trace:configure.ac:147: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE])
164m4trace:configure.ac:180: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NEXT]) 163m4trace:configure.ac:148: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
165m4trace:configure.ac:181: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_REALPATH]) 164m4trace:configure.ac:149: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT])
166m4trace:configure.ac:182: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) 165m4trace:configure.ac:150: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
167m4trace:configure.ac:183: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SAVED_UIDS]) 166m4trace:configure.ac:151: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
168m4trace:configure.ac:191: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE]) 167m4trace:configure.ac:152: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
169m4trace:configure.ac:192: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) 168m4trace:configure.ac:153: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE])
170m4trace:configure.ac:193: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_TERM]) 169m4trace:configure.ac:155: -1- AC_CHECK_LIB([xnet], [t_error], [], [{ { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5
171m4trace:configure.ac:194: -1- AC_DEFINE_TRACE_LITERAL([PAM_TTY_KLUDGE]) 170echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;}
172m4trace:configure.ac:201: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) 171 { (exit 1); exit 1; }; }])
173m4trace:configure.ac:202: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP]) 172m4trace:configure.ac:155: -1- AH_OUTPUT([HAVE_LIBXNET], [/* Define to 1 if you have the \`xnet' library (-lxnet). */
174m4trace:configure.ac:209: -1- AC_CHECK_FUNCS([getpwanam]) 173#undef HAVE_LIBXNET])
175m4trace:configure.ac:209: -1- AH_OUTPUT([HAVE_GETPWANAM], [/* Define to 1 if you have the \`getpwanam' function. */ 174m4trace:configure.ac:155: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBXNET])
175m4trace:configure.ac:161: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_INET_NTOA])
176m4trace:configure.ac:162: -1- AC_DEFINE_TRACE_LITERAL([WITH_ABBREV_NO_TTY])
177m4trace:configure.ac:168: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_ARRAY])
178m4trace:configure.ac:169: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_PROJECT])
179m4trace:configure.ac:170: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_AUDIT])
180m4trace:configure.ac:171: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_JOBS])
181m4trace:configure.ac:172: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_INET_NTOA])
182m4trace:configure.ac:173: -1- AC_DEFINE_TRACE_LITERAL([WITH_ABBREV_NO_TTY])
183m4trace:configure.ac:178: -1- AC_DEFINE_TRACE_LITERAL([DONT_TRY_OTHER_AF])
184m4trace:configure.ac:179: -1- AC_DEFINE_TRACE_LITERAL([PAM_TTY_KLUDGE])
185m4trace:configure.ac:183: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NEWS4])
186m4trace:configure.ac:198: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NEXT])
187m4trace:configure.ac:199: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_REALPATH])
188m4trace:configure.ac:200: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
189m4trace:configure.ac:201: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SAVED_UIDS])
190m4trace:configure.ac:209: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE])
191m4trace:configure.ac:210: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX])
192m4trace:configure.ac:211: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_TERM])
193m4trace:configure.ac:212: -1- AC_DEFINE_TRACE_LITERAL([PAM_TTY_KLUDGE])
194m4trace:configure.ac:219: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
195m4trace:configure.ac:220: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP])
196m4trace:configure.ac:227: -1- AC_CHECK_FUNCS([getpwanam])
197m4trace:configure.ac:227: -1- AH_OUTPUT([HAVE_GETPWANAM], [/* Define to 1 if you have the \`getpwanam' function. */
176#undef HAVE_GETPWANAM]) 198#undef HAVE_GETPWANAM])
177m4trace:configure.ac:210: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE]) 199m4trace:configure.ac:228: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE])
178m4trace:configure.ac:214: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) 200m4trace:configure.ac:232: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
179m4trace:configure.ac:220: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) 201m4trace:configure.ac:238: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
180m4trace:configure.ac:227: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) 202m4trace:configure.ac:245: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
181m4trace:configure.ac:228: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN]) 203m4trace:configure.ac:246: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN])
182m4trace:configure.ac:236: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
183m4trace:configure.ac:241: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
184m4trace:configure.ac:253: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SYS_TERMIO_H])
185m4trace:configure.ac:254: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) 204m4trace:configure.ac:254: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
186m4trace:configure.ac:255: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE]) 205m4trace:configure.ac:259: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
187m4trace:configure.ac:256: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) 206m4trace:configure.ac:271: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SYS_TERMIO_H])
188m4trace:configure.ac:257: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SAVED_UIDS]) 207m4trace:configure.ac:272: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
189m4trace:configure.ac:258: -1- AC_CHECK_FUNCS([getluid setluid]) 208m4trace:configure.ac:273: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE])
190m4trace:configure.ac:258: -1- AH_OUTPUT([HAVE_GETLUID], [/* Define to 1 if you have the \`getluid' function. */ 209m4trace:configure.ac:274: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
210m4trace:configure.ac:275: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SAVED_UIDS])
211m4trace:configure.ac:276: -1- AC_CHECK_FUNCS([getluid setluid])
212m4trace:configure.ac:276: -1- AH_OUTPUT([HAVE_GETLUID], [/* Define to 1 if you have the \`getluid' function. */
191#undef HAVE_GETLUID]) 213#undef HAVE_GETLUID])
192m4trace:configure.ac:258: -1- AH_OUTPUT([HAVE_SETLUID], [/* Define to 1 if you have the \`setluid' function. */ 214m4trace:configure.ac:276: -1- AH_OUTPUT([HAVE_SETLUID], [/* Define to 1 if you have the \`setluid' function. */
193#undef HAVE_SETLUID]) 215#undef HAVE_SETLUID])
194m4trace:configure.ac:267: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) 216m4trace:configure.ac:285: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
195m4trace:configure.ac:268: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE]) 217m4trace:configure.ac:286: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE])
196m4trace:configure.ac:269: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) 218m4trace:configure.ac:287: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
197m4trace:configure.ac:270: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_FD_PASSING]) 219m4trace:configure.ac:288: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING])
198m4trace:configure.ac:271: -1- AC_CHECK_FUNCS([getluid setluid]) 220m4trace:configure.ac:289: -1- AC_CHECK_FUNCS([getluid setluid])
199m4trace:configure.ac:271: -1- AH_OUTPUT([HAVE_GETLUID], [/* Define to 1 if you have the \`getluid' function. */ 221m4trace:configure.ac:289: -1- AH_OUTPUT([HAVE_GETLUID], [/* Define to 1 if you have the \`getluid' function. */
200#undef HAVE_GETLUID]) 222#undef HAVE_GETLUID])
201m4trace:configure.ac:271: -1- AH_OUTPUT([HAVE_SETLUID], [/* Define to 1 if you have the \`setluid' function. */ 223m4trace:configure.ac:289: -1- AH_OUTPUT([HAVE_SETLUID], [/* Define to 1 if you have the \`setluid' function. */
202#undef HAVE_SETLUID]) 224#undef HAVE_SETLUID])
203m4trace:configure.ac:277: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) 225m4trace:configure.ac:295: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
204m4trace:configure.ac:278: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_FD_PASSING]) 226m4trace:configure.ac:296: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING])
205m4trace:configure.ac:297: -1- AC_DEFINE_TRACE_LITERAL([HAVE_OSF_SIA]) 227m4trace:configure.ac:304: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
206m4trace:configure.ac:298: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LOGIN]) 228m4trace:configure.ac:305: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING])
207m4trace:configure.ac:307: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) 229m4trace:configure.ac:306: -1- AC_DEFINE_TRACE_LITERAL([NO_SSH_LASTLOG])
208m4trace:configure.ac:308: -1- AC_DEFINE_TRACE_LITERAL([NO_X11_UNIX_SOCKETS]) 230m4trace:configure.ac:326: -1- AC_DEFINE_TRACE_LITERAL([HAVE_OSF_SIA])
209m4trace:configure.ac:309: -1- AC_DEFINE_TRACE_LITERAL([MISSING_NFDBITS]) 231m4trace:configure.ac:327: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LOGIN])
210m4trace:configure.ac:310: -1- AC_DEFINE_TRACE_LITERAL([MISSING_HOWMANY]) 232m4trace:configure.ac:336: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES])
211m4trace:configure.ac:311: -1- AC_DEFINE_TRACE_LITERAL([MISSING_FD_MASK]) 233m4trace:configure.ac:337: -1- AC_DEFINE_TRACE_LITERAL([NO_X11_UNIX_SOCKETS])
212m4trace:configure.ac:359: -1- AC_CHECK_HEADERS([bstring.h crypt.h endian.h floatingpoint.h \ 234m4trace:configure.ac:338: -1- AC_DEFINE_TRACE_LITERAL([MISSING_NFDBITS])
213 getopt.h glob.h lastlog.h limits.h login.h \ 235m4trace:configure.ac:339: -1- AC_DEFINE_TRACE_LITERAL([MISSING_HOWMANY])
236m4trace:configure.ac:340: -1- AC_DEFINE_TRACE_LITERAL([MISSING_FD_MASK])
237m4trace:configure.ac:388: -1- AC_CHECK_HEADERS([bstring.h crypt.h endian.h floatingpoint.h \
238 getopt.h glob.h ia.h lastlog.h limits.h login.h \
214 login_cap.h maillock.h netdb.h netgroup.h \ 239 login_cap.h maillock.h netdb.h netgroup.h \
215 netinet/in_systm.h paths.h pty.h readpassphrase.h \ 240 netinet/in_systm.h paths.h pty.h readpassphrase.h \
216 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ 241 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
217 strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ 242 strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
218 sys/mman.h sys/select.h sys/stat.h \ 243 sys/mman.h sys/select.h sys/stat.h \
219 sys/stropts.h sys/sysmacros.h sys/time.h \ 244 sys/stropts.h sys/sysmacros.h sys/time.h \
220 sys/un.h time.h ttyent.h usersec.h \ 245 sys/un.h time.h tmpdir.h ttyent.h usersec.h \
221 util.h utime.h utmp.h utmpx.h]) 246 util.h utime.h utmp.h utmpx.h])
222m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_BSTRING_H], [/* Define to 1 if you have the <bstring.h> header file. */ 247m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_BSTRING_H], [/* Define to 1 if you have the <bstring.h> header file. */
223#undef HAVE_BSTRING_H]) 248#undef HAVE_BSTRING_H])
224m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_CRYPT_H], [/* Define to 1 if you have the <crypt.h> header file. */ 249m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_CRYPT_H], [/* Define to 1 if you have the <crypt.h> header file. */
225#undef HAVE_CRYPT_H]) 250#undef HAVE_CRYPT_H])
226m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_ENDIAN_H], [/* Define to 1 if you have the <endian.h> header file. */ 251m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_ENDIAN_H], [/* Define to 1 if you have the <endian.h> header file. */
227#undef HAVE_ENDIAN_H]) 252#undef HAVE_ENDIAN_H])
228m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_FLOATINGPOINT_H], [/* Define to 1 if you have the <floatingpoint.h> header file. */ 253m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_FLOATINGPOINT_H], [/* Define to 1 if you have the <floatingpoint.h> header file. */
229#undef HAVE_FLOATINGPOINT_H]) 254#undef HAVE_FLOATINGPOINT_H])
230m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_GETOPT_H], [/* Define to 1 if you have the <getopt.h> header file. */ 255m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_GETOPT_H], [/* Define to 1 if you have the <getopt.h> header file. */
231#undef HAVE_GETOPT_H]) 256#undef HAVE_GETOPT_H])
232m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_GLOB_H], [/* Define to 1 if you have the <glob.h> header file. */ 257m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_GLOB_H], [/* Define to 1 if you have the <glob.h> header file. */
233#undef HAVE_GLOB_H]) 258#undef HAVE_GLOB_H])
234m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_LASTLOG_H], [/* Define to 1 if you have the <lastlog.h> header file. */ 259m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_IA_H], [/* Define to 1 if you have the <ia.h> header file. */
260#undef HAVE_IA_H])
261m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_LASTLOG_H], [/* Define to 1 if you have the <lastlog.h> header file. */
235#undef HAVE_LASTLOG_H]) 262#undef HAVE_LASTLOG_H])
236m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_LIMITS_H], [/* Define to 1 if you have the <limits.h> header file. */ 263m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_LIMITS_H], [/* Define to 1 if you have the <limits.h> header file. */
237#undef HAVE_LIMITS_H]) 264#undef HAVE_LIMITS_H])
238m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_LOGIN_H], [/* Define to 1 if you have the <login.h> header file. */ 265m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_LOGIN_H], [/* Define to 1 if you have the <login.h> header file. */
239#undef HAVE_LOGIN_H]) 266#undef HAVE_LOGIN_H])
240m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_LOGIN_CAP_H], [/* Define to 1 if you have the <login_cap.h> header file. */ 267m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_LOGIN_CAP_H], [/* Define to 1 if you have the <login_cap.h> header file. */
241#undef HAVE_LOGIN_CAP_H]) 268#undef HAVE_LOGIN_CAP_H])
242m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_MAILLOCK_H], [/* Define to 1 if you have the <maillock.h> header file. */ 269m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_MAILLOCK_H], [/* Define to 1 if you have the <maillock.h> header file. */
243#undef HAVE_MAILLOCK_H]) 270#undef HAVE_MAILLOCK_H])
244m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_NETDB_H], [/* Define to 1 if you have the <netdb.h> header file. */ 271m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_NETDB_H], [/* Define to 1 if you have the <netdb.h> header file. */
245#undef HAVE_NETDB_H]) 272#undef HAVE_NETDB_H])
246m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_NETGROUP_H], [/* Define to 1 if you have the <netgroup.h> header file. */ 273m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_NETGROUP_H], [/* Define to 1 if you have the <netgroup.h> header file. */
247#undef HAVE_NETGROUP_H]) 274#undef HAVE_NETGROUP_H])
248m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_NETINET_IN_SYSTM_H], [/* Define to 1 if you have the <netinet/in_systm.h> header file. */ 275m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_NETINET_IN_SYSTM_H], [/* Define to 1 if you have the <netinet/in_systm.h> header file. */
249#undef HAVE_NETINET_IN_SYSTM_H]) 276#undef HAVE_NETINET_IN_SYSTM_H])
250m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_PATHS_H], [/* Define to 1 if you have the <paths.h> header file. */ 277m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_PATHS_H], [/* Define to 1 if you have the <paths.h> header file. */
251#undef HAVE_PATHS_H]) 278#undef HAVE_PATHS_H])
252m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_PTY_H], [/* Define to 1 if you have the <pty.h> header file. */ 279m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_PTY_H], [/* Define to 1 if you have the <pty.h> header file. */
253#undef HAVE_PTY_H]) 280#undef HAVE_PTY_H])
254m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_READPASSPHRASE_H], [/* Define to 1 if you have the <readpassphrase.h> header file. */ 281m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_READPASSPHRASE_H], [/* Define to 1 if you have the <readpassphrase.h> header file. */
255#undef HAVE_READPASSPHRASE_H]) 282#undef HAVE_READPASSPHRASE_H])
256m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_RPC_TYPES_H], [/* Define to 1 if you have the <rpc/types.h> header file. */ 283m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_RPC_TYPES_H], [/* Define to 1 if you have the <rpc/types.h> header file. */
257#undef HAVE_RPC_TYPES_H]) 284#undef HAVE_RPC_TYPES_H])
258m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SECURITY_PAM_APPL_H], [/* Define to 1 if you have the <security/pam_appl.h> header file. */ 285m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SECURITY_PAM_APPL_H], [/* Define to 1 if you have the <security/pam_appl.h> header file. */
259#undef HAVE_SECURITY_PAM_APPL_H]) 286#undef HAVE_SECURITY_PAM_APPL_H])
260m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SHADOW_H], [/* Define to 1 if you have the <shadow.h> header file. */ 287m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SHADOW_H], [/* Define to 1 if you have the <shadow.h> header file. */
261#undef HAVE_SHADOW_H]) 288#undef HAVE_SHADOW_H])
262m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_STDDEF_H], [/* Define to 1 if you have the <stddef.h> header file. */ 289m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STDDEF_H], [/* Define to 1 if you have the <stddef.h> header file. */
263#undef HAVE_STDDEF_H]) 290#undef HAVE_STDDEF_H])
264m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */ 291m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */
265#undef HAVE_STDINT_H]) 292#undef HAVE_STDINT_H])
266m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */ 293m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */
267#undef HAVE_STRINGS_H]) 294#undef HAVE_STRINGS_H])
268m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_BITYPES_H], [/* Define to 1 if you have the <sys/bitypes.h> header file. */ 295m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_BITYPES_H], [/* Define to 1 if you have the <sys/bitypes.h> header file. */
269#undef HAVE_SYS_BITYPES_H]) 296#undef HAVE_SYS_BITYPES_H])
270m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_BSDTTY_H], [/* Define to 1 if you have the <sys/bsdtty.h> header file. */ 297m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_BSDTTY_H], [/* Define to 1 if you have the <sys/bsdtty.h> header file. */
271#undef HAVE_SYS_BSDTTY_H]) 298#undef HAVE_SYS_BSDTTY_H])
272m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_CDEFS_H], [/* Define to 1 if you have the <sys/cdefs.h> header file. */ 299m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_CDEFS_H], [/* Define to 1 if you have the <sys/cdefs.h> header file. */
273#undef HAVE_SYS_CDEFS_H]) 300#undef HAVE_SYS_CDEFS_H])
274m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_MMAN_H], [/* Define to 1 if you have the <sys/mman.h> header file. */ 301m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_MMAN_H], [/* Define to 1 if you have the <sys/mman.h> header file. */
275#undef HAVE_SYS_MMAN_H]) 302#undef HAVE_SYS_MMAN_H])
276m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_SELECT_H], [/* Define to 1 if you have the <sys/select.h> header file. */ 303m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_SELECT_H], [/* Define to 1 if you have the <sys/select.h> header file. */
277#undef HAVE_SYS_SELECT_H]) 304#undef HAVE_SYS_SELECT_H])
278m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */ 305m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */
279#undef HAVE_SYS_STAT_H]) 306#undef HAVE_SYS_STAT_H])
280m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_STROPTS_H], [/* Define to 1 if you have the <sys/stropts.h> header file. */ 307m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_STROPTS_H], [/* Define to 1 if you have the <sys/stropts.h> header file. */
281#undef HAVE_SYS_STROPTS_H]) 308#undef HAVE_SYS_STROPTS_H])
282m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_SYSMACROS_H], [/* Define to 1 if you have the <sys/sysmacros.h> header file. */ 309m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_SYSMACROS_H], [/* Define to 1 if you have the <sys/sysmacros.h> header file. */
283#undef HAVE_SYS_SYSMACROS_H]) 310#undef HAVE_SYS_SYSMACROS_H])
284m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_TIME_H], [/* Define to 1 if you have the <sys/time.h> header file. */ 311m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_TIME_H], [/* Define to 1 if you have the <sys/time.h> header file. */
285#undef HAVE_SYS_TIME_H]) 312#undef HAVE_SYS_TIME_H])
286m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_UN_H], [/* Define to 1 if you have the <sys/un.h> header file. */ 313m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_UN_H], [/* Define to 1 if you have the <sys/un.h> header file. */
287#undef HAVE_SYS_UN_H]) 314#undef HAVE_SYS_UN_H])
288m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_TIME_H], [/* Define to 1 if you have the <time.h> header file. */ 315m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_TIME_H], [/* Define to 1 if you have the <time.h> header file. */
289#undef HAVE_TIME_H]) 316#undef HAVE_TIME_H])
290m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_TTYENT_H], [/* Define to 1 if you have the <ttyent.h> header file. */ 317m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_TMPDIR_H], [/* Define to 1 if you have the <tmpdir.h> header file. */
318#undef HAVE_TMPDIR_H])
319m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_TTYENT_H], [/* Define to 1 if you have the <ttyent.h> header file. */
291#undef HAVE_TTYENT_H]) 320#undef HAVE_TTYENT_H])
292m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_USERSEC_H], [/* Define to 1 if you have the <usersec.h> header file. */ 321m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_USERSEC_H], [/* Define to 1 if you have the <usersec.h> header file. */
293#undef HAVE_USERSEC_H]) 322#undef HAVE_USERSEC_H])
294m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_UTIL_H], [/* Define to 1 if you have the <util.h> header file. */ 323m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_UTIL_H], [/* Define to 1 if you have the <util.h> header file. */
295#undef HAVE_UTIL_H]) 324#undef HAVE_UTIL_H])
296m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_UTIME_H], [/* Define to 1 if you have the <utime.h> header file. */ 325m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_UTIME_H], [/* Define to 1 if you have the <utime.h> header file. */
297#undef HAVE_UTIME_H]) 326#undef HAVE_UTIME_H])
298m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_UTMP_H], [/* Define to 1 if you have the <utmp.h> header file. */ 327m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_UTMP_H], [/* Define to 1 if you have the <utmp.h> header file. */
299#undef HAVE_UTMP_H]) 328#undef HAVE_UTMP_H])
300m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_UTMPX_H], [/* Define to 1 if you have the <utmpx.h> header file. */ 329m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_UTMPX_H], [/* Define to 1 if you have the <utmpx.h> header file. */
301#undef HAVE_UTMPX_H]) 330#undef HAVE_UTMPX_H])
302m4trace:configure.ac:359: -1- AC_HEADER_STDC 331m4trace:configure.ac:388: -1- AC_HEADER_STDC
303m4trace:configure.ac:359: -1- AC_DEFINE_TRACE_LITERAL([STDC_HEADERS]) 332m4trace:configure.ac:388: -1- AC_DEFINE_TRACE_LITERAL([STDC_HEADERS])
304m4trace:configure.ac:359: -1- AH_OUTPUT([STDC_HEADERS], [/* Define to 1 if you have the ANSI C header files. */ 333m4trace:configure.ac:388: -1- AH_OUTPUT([STDC_HEADERS], [/* Define to 1 if you have the ANSI C header files. */
305#undef STDC_HEADERS]) 334#undef STDC_HEADERS])
306m4trace:configure.ac:359: -1- AC_CHECK_HEADERS([sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ 335m4trace:configure.ac:388: -1- AC_CHECK_HEADERS([sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
307 inttypes.h stdint.h unistd.h], [], [], [$ac_includes_default]) 336 inttypes.h stdint.h unistd.h], [], [], [$ac_includes_default])
308m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_TYPES_H], [/* Define to 1 if you have the <sys/types.h> header file. */ 337m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_TYPES_H], [/* Define to 1 if you have the <sys/types.h> header file. */
309#undef HAVE_SYS_TYPES_H]) 338#undef HAVE_SYS_TYPES_H])
310m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */ 339m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */
311#undef HAVE_SYS_STAT_H]) 340#undef HAVE_SYS_STAT_H])
312m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */ 341m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
313#undef HAVE_STDLIB_H]) 342#undef HAVE_STDLIB_H])
314m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the <string.h> header file. */ 343m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the <string.h> header file. */
315#undef HAVE_STRING_H]) 344#undef HAVE_STRING_H])
316m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_MEMORY_H], [/* Define to 1 if you have the <memory.h> header file. */ 345m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_MEMORY_H], [/* Define to 1 if you have the <memory.h> header file. */
317#undef HAVE_MEMORY_H]) 346#undef HAVE_MEMORY_H])
318m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */ 347m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */
319#undef HAVE_STRINGS_H]) 348#undef HAVE_STRINGS_H])
320m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the <inttypes.h> header file. */ 349m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the <inttypes.h> header file. */
321#undef HAVE_INTTYPES_H]) 350#undef HAVE_INTTYPES_H])
322m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */ 351m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */
323#undef HAVE_STDINT_H]) 352#undef HAVE_STDINT_H])
324m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */ 353m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
325#undef HAVE_UNISTD_H]) 354#undef HAVE_UNISTD_H])
326m4trace:configure.ac:362: -2- AC_CHECK_LIB([nsl], [yp_match]) 355m4trace:configure.ac:391: -2- AC_CHECK_LIB([nsl], [yp_match])
327m4trace:configure.ac:362: -2- AH_OUTPUT([HAVE_LIBNSL], [/* Define to 1 if you have the \`nsl' library (-lnsl). */ 356m4trace:configure.ac:391: -2- AH_OUTPUT([HAVE_LIBNSL], [/* Define to 1 if you have the \`nsl' library (-lnsl). */
328#undef HAVE_LIBNSL]) 357#undef HAVE_LIBNSL])
329m4trace:configure.ac:362: -2- AC_DEFINE_TRACE_LITERAL([HAVE_LIBNSL]) 358m4trace:configure.ac:391: -2- AC_DEFINE_TRACE_LITERAL([HAVE_LIBNSL])
330m4trace:configure.ac:363: -2- AC_CHECK_LIB([socket], [setsockopt]) 359m4trace:configure.ac:392: -2- AC_CHECK_LIB([socket], [setsockopt])
331m4trace:configure.ac:363: -2- AH_OUTPUT([HAVE_LIBSOCKET], [/* Define to 1 if you have the \`socket' library (-lsocket). */ 360m4trace:configure.ac:392: -2- AH_OUTPUT([HAVE_LIBSOCKET], [/* Define to 1 if you have the \`socket' library (-lsocket). */
332#undef HAVE_LIBSOCKET]) 361#undef HAVE_LIBSOCKET])
333m4trace:configure.ac:363: -2- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSOCKET]) 362m4trace:configure.ac:392: -2- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSOCKET])
334m4trace:configure.ac:368: -1- AC_CHECK_LIB([rpc], [innetgr], [LIBS="-lrpc -lyp -lrpc $LIBS" ], [], [-lyp -lrpc]) 363m4trace:configure.ac:397: -1- AC_CHECK_LIB([rpc], [innetgr], [LIBS="-lrpc -lyp -lrpc $LIBS" ], [], [-lyp -lrpc])
335m4trace:configure.ac:373: -2- AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"]) 364m4trace:configure.ac:402: -2- AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"])
336m4trace:configure.ac:415: -1- AC_CHECK_LIB([z], [deflate], [], [{ { echo "$as_me:$LINENO: error: *** zlib missing - please install first or check config.log ***" >&5 365m4trace:configure.ac:444: -1- AC_CHECK_LIB([z], [deflate], [], [{ { echo "$as_me:$LINENO: error: *** zlib missing - please install first or check config.log ***" >&5
337echo "$as_me: error: *** zlib missing - please install first or check config.log ***" >&2;} 366echo "$as_me: error: *** zlib missing - please install first or check config.log ***" >&2;}
338 { (exit 1); exit 1; }; }]) 367 { (exit 1); exit 1; }; }])
339m4trace:configure.ac:415: -1- AH_OUTPUT([HAVE_LIBZ], [/* Define to 1 if you have the \`z' library (-lz). */ 368m4trace:configure.ac:444: -1- AH_OUTPUT([HAVE_LIBZ], [/* Define to 1 if you have the \`z' library (-lz). */
340#undef HAVE_LIBZ]) 369#undef HAVE_LIBZ])
341m4trace:configure.ac:415: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBZ]) 370m4trace:configure.ac:444: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBZ])
342m4trace:configure.ac:420: -1- AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) 371m4trace:configure.ac:449: -1- AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"])
343m4trace:configure.ac:423: -1- AC_CHECK_LIB([c89], [utimes], [LIBS="$LIBS -lc89"]) 372m4trace:configure.ac:453: -1- AC_CHECK_LIB([c89], [utimes], [AC_DEFINE(HAVE_UTIMES)
344m4trace:configure.ac:426: -1- AC_CHECK_HEADERS([libutil.h]) 373 LIBS="$LIBS -lc89"])
345m4trace:configure.ac:426: -1- AH_OUTPUT([HAVE_LIBUTIL_H], [/* Define to 1 if you have the <libutil.h> header file. */ 374m4trace:configure.ac:453: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UTIMES])
375m4trace:configure.ac:456: -1- AC_CHECK_HEADERS([libutil.h])
376m4trace:configure.ac:456: -1- AH_OUTPUT([HAVE_LIBUTIL_H], [/* Define to 1 if you have the <libutil.h> header file. */
346#undef HAVE_LIBUTIL_H]) 377#undef HAVE_LIBUTIL_H])
347m4trace:configure.ac:427: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LOGIN]) 378m4trace:configure.ac:457: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LOGIN])
348m4trace:configure.ac:428: -1- AC_CHECK_FUNCS([logout updwtmp logwtmp]) 379m4trace:configure.ac:458: -1- AC_CHECK_FUNCS([logout updwtmp logwtmp])
349m4trace:configure.ac:428: -1- AH_OUTPUT([HAVE_LOGOUT], [/* Define to 1 if you have the \`logout' function. */ 380m4trace:configure.ac:458: -1- AH_OUTPUT([HAVE_LOGOUT], [/* Define to 1 if you have the \`logout' function. */
350#undef HAVE_LOGOUT]) 381#undef HAVE_LOGOUT])
351m4trace:configure.ac:428: -1- AH_OUTPUT([HAVE_UPDWTMP], [/* Define to 1 if you have the \`updwtmp' function. */ 382m4trace:configure.ac:458: -1- AH_OUTPUT([HAVE_UPDWTMP], [/* Define to 1 if you have the \`updwtmp' function. */
352#undef HAVE_UPDWTMP]) 383#undef HAVE_UPDWTMP])
353m4trace:configure.ac:428: -1- AH_OUTPUT([HAVE_LOGWTMP], [/* Define to 1 if you have the \`logwtmp' function. */ 384m4trace:configure.ac:458: -1- AH_OUTPUT([HAVE_LOGWTMP], [/* Define to 1 if you have the \`logwtmp' function. */
354#undef HAVE_LOGWTMP]) 385#undef HAVE_LOGWTMP])
355m4trace:configure.ac:430: -1- AC_FUNC_STRFTIME 386m4trace:configure.ac:460: -1- AC_FUNC_STRFTIME
356m4trace:configure.ac:430: -1- AC_CHECK_FUNCS([strftime], [], [# strftime is in -lintl on SCO UNIX. 387m4trace:configure.ac:460: -1- AC_CHECK_FUNCS([strftime], [], [# strftime is in -lintl on SCO UNIX.
357AC_CHECK_LIB(intl, strftime, 388AC_CHECK_LIB(intl, strftime,
358 [AC_DEFINE(HAVE_STRFTIME) 389 [AC_DEFINE(HAVE_STRFTIME)
359LIBS="-lintl $LIBS"])]) 390LIBS="-lintl $LIBS"])])
360m4trace:configure.ac:430: -1- AH_OUTPUT([HAVE_STRFTIME], [/* Define to 1 if you have the \`strftime' function. */ 391m4trace:configure.ac:460: -1- AH_OUTPUT([HAVE_STRFTIME], [/* Define to 1 if you have the \`strftime' function. */
361#undef HAVE_STRFTIME]) 392#undef HAVE_STRFTIME])
362m4trace:configure.ac:430: -1- AC_CHECK_LIB([intl], [strftime], [AC_DEFINE(HAVE_STRFTIME) 393m4trace:configure.ac:460: -1- AC_CHECK_LIB([intl], [strftime], [AC_DEFINE(HAVE_STRFTIME)
363LIBS="-lintl $LIBS"]) 394LIBS="-lintl $LIBS"])
364m4trace:configure.ac:430: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRFTIME]) 395m4trace:configure.ac:460: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRFTIME])
365m4trace:configure.ac:448: -1- AC_DEFINE_TRACE_LITERAL([GLOB_HAS_ALTDIRFUNC]) 396m4trace:configure.ac:478: -1- AC_DEFINE_TRACE_LITERAL([GLOB_HAS_ALTDIRFUNC])
366m4trace:configure.ac:464: -1- AC_DEFINE_TRACE_LITERAL([GLOB_HAS_GL_MATCHC]) 397m4trace:configure.ac:494: -1- AC_DEFINE_TRACE_LITERAL([GLOB_HAS_GL_MATCHC])
367m4trace:configure.ac:478: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_ONE_BYTE_DIRENT_D_NAME]) 398m4trace:configure.ac:508: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_ONE_BYTE_DIRENT_D_NAME])
368m4trace:configure.ac:511: -1- AC_DEFINE_TRACE_LITERAL([SKEY]) 399m4trace:configure.ac:541: -1- AC_DEFINE_TRACE_LITERAL([SKEY])
369m4trace:configure.ac:565: -1- AC_DEFINE_TRACE_LITERAL([LIBWRAP]) 400m4trace:configure.ac:595: -1- AC_DEFINE_TRACE_LITERAL([LIBWRAP])
370m4trace:configure.ac:565: -1- AC_SUBST([LIBWRAP]) 401m4trace:configure.ac:595: -1- AC_SUBST([LIBWRAP])
371m4trace:configure.ac:578: -1- AC_CHECK_FUNCS([arc4random b64_ntop bcopy bindresvport_sa \ 402m4trace:configure.ac:608: -1- AC_CHECK_FUNCS([arc4random b64_ntop bcopy bindresvport_sa \
372 clock fchmod fchown freeaddrinfo futimes gai_strerror \ 403 clock fchmod fchown freeaddrinfo futimes gai_strerror \
373 getaddrinfo getcwd getgrouplist getnameinfo getopt \ 404 getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\
374 getrlimit getrusage getttyent glob inet_aton inet_ntoa \ 405 getrlimit getrusage getttyent glob inet_aton inet_ntoa \
375 inet_ntop innetgr login_getcapbool md5_crypt memmove \ 406 inet_ntop innetgr login_getcapbool md5_crypt memmove \
376 mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \ 407 mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \
@@ -379,142 +410,143 @@ m4trace:configure.ac:578: -1- AC_CHECK_FUNCS([arc4random b64_ntop bcopy bindresv
379 setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \ 410 setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \
380 socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \ 411 socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \
381 truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty]) 412 truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty])
382m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_ARC4RANDOM], [/* Define to 1 if you have the \`arc4random' function. */ 413m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_ARC4RANDOM], [/* Define to 1 if you have the \`arc4random' function. */
383#undef HAVE_ARC4RANDOM]) 414#undef HAVE_ARC4RANDOM])
384m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_B64_NTOP], [/* Define to 1 if you have the \`b64_ntop' function. */ 415m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_B64_NTOP], [/* Define to 1 if you have the \`b64_ntop' function. */
385#undef HAVE_B64_NTOP]) 416#undef HAVE_B64_NTOP])
386m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_BCOPY], [/* Define to 1 if you have the \`bcopy' function. */ 417m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_BCOPY], [/* Define to 1 if you have the \`bcopy' function. */
387#undef HAVE_BCOPY]) 418#undef HAVE_BCOPY])
388m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_BINDRESVPORT_SA], [/* Define to 1 if you have the \`bindresvport_sa' function. */ 419m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_BINDRESVPORT_SA], [/* Define to 1 if you have the \`bindresvport_sa' function. */
389#undef HAVE_BINDRESVPORT_SA]) 420#undef HAVE_BINDRESVPORT_SA])
390m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_CLOCK], [/* Define to 1 if you have the \`clock' function. */ 421m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_CLOCK], [/* Define to 1 if you have the \`clock' function. */
391#undef HAVE_CLOCK]) 422#undef HAVE_CLOCK])
392m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_FCHMOD], [/* Define to 1 if you have the \`fchmod' function. */ 423m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_FCHMOD], [/* Define to 1 if you have the \`fchmod' function. */
393#undef HAVE_FCHMOD]) 424#undef HAVE_FCHMOD])
394m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_FCHOWN], [/* Define to 1 if you have the \`fchown' function. */ 425m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_FCHOWN], [/* Define to 1 if you have the \`fchown' function. */
395#undef HAVE_FCHOWN]) 426#undef HAVE_FCHOWN])
396m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_FREEADDRINFO], [/* Define to 1 if you have the \`freeaddrinfo' function. */ 427m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_FREEADDRINFO], [/* Define to 1 if you have the \`freeaddrinfo' function. */
397#undef HAVE_FREEADDRINFO]) 428#undef HAVE_FREEADDRINFO])
398m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_FUTIMES], [/* Define to 1 if you have the \`futimes' function. */ 429m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_FUTIMES], [/* Define to 1 if you have the \`futimes' function. */
399#undef HAVE_FUTIMES]) 430#undef HAVE_FUTIMES])
400m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GAI_STRERROR], [/* Define to 1 if you have the \`gai_strerror' function. */ 431m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GAI_STRERROR], [/* Define to 1 if you have the \`gai_strerror' function. */
401#undef HAVE_GAI_STRERROR]) 432#undef HAVE_GAI_STRERROR])
402m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GETADDRINFO], [/* Define to 1 if you have the \`getaddrinfo' function. */ 433m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETADDRINFO], [/* Define to 1 if you have the \`getaddrinfo' function. */
403#undef HAVE_GETADDRINFO]) 434#undef HAVE_GETADDRINFO])
404m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GETCWD], [/* Define to 1 if you have the \`getcwd' function. */ 435m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETCWD], [/* Define to 1 if you have the \`getcwd' function. */
405#undef HAVE_GETCWD]) 436#undef HAVE_GETCWD])
406m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GETGROUPLIST], [/* Define to 1 if you have the \`getgrouplist' function. */ 437m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETGROUPLIST], [/* Define to 1 if you have the \`getgrouplist' function. */
407#undef HAVE_GETGROUPLIST]) 438#undef HAVE_GETGROUPLIST])
408m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GETNAMEINFO], [/* Define to 1 if you have the \`getnameinfo' function. */ 439m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETNAMEINFO], [/* Define to 1 if you have the \`getnameinfo' function. */
409#undef HAVE_GETNAMEINFO]) 440#undef HAVE_GETNAMEINFO])
410m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GETOPT], [/* Define to 1 if you have the \`getopt' function. */ 441m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETOPT], [/* Define to 1 if you have the \`getopt' function. */
411#undef HAVE_GETOPT]) 442#undef HAVE_GETOPT])
412m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GETRLIMIT], [/* Define to 1 if you have the \`getrlimit' function. */ 443m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETPEEREID], [/* Define to 1 if you have the \`getpeereid' function. */
444#undef HAVE_GETPEEREID])
445m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETRLIMIT], [/* Define to 1 if you have the \`getrlimit' function. */
413#undef HAVE_GETRLIMIT]) 446#undef HAVE_GETRLIMIT])
414m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GETRUSAGE], [/* Define to 1 if you have the \`getrusage' function. */ 447m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETRUSAGE], [/* Define to 1 if you have the \`getrusage' function. */
415#undef HAVE_GETRUSAGE]) 448#undef HAVE_GETRUSAGE])
416m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GETTTYENT], [/* Define to 1 if you have the \`getttyent' function. */ 449m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETTTYENT], [/* Define to 1 if you have the \`getttyent' function. */
417#undef HAVE_GETTTYENT]) 450#undef HAVE_GETTTYENT])
418m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GLOB], [/* Define to 1 if you have the \`glob' function. */ 451m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GLOB], [/* Define to 1 if you have the \`glob' function. */
419#undef HAVE_GLOB]) 452#undef HAVE_GLOB])
420m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_INET_ATON], [/* Define to 1 if you have the \`inet_aton' function. */ 453m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_INET_ATON], [/* Define to 1 if you have the \`inet_aton' function. */
421#undef HAVE_INET_ATON]) 454#undef HAVE_INET_ATON])
422m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_INET_NTOA], [/* Define to 1 if you have the \`inet_ntoa' function. */ 455m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_INET_NTOA], [/* Define to 1 if you have the \`inet_ntoa' function. */
423#undef HAVE_INET_NTOA]) 456#undef HAVE_INET_NTOA])
424m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_INET_NTOP], [/* Define to 1 if you have the \`inet_ntop' function. */ 457m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_INET_NTOP], [/* Define to 1 if you have the \`inet_ntop' function. */
425#undef HAVE_INET_NTOP]) 458#undef HAVE_INET_NTOP])
426m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_INNETGR], [/* Define to 1 if you have the \`innetgr' function. */ 459m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_INNETGR], [/* Define to 1 if you have the \`innetgr' function. */
427#undef HAVE_INNETGR]) 460#undef HAVE_INNETGR])
428m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_LOGIN_GETCAPBOOL], [/* Define to 1 if you have the \`login_getcapbool' function. */ 461m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_LOGIN_GETCAPBOOL], [/* Define to 1 if you have the \`login_getcapbool' function. */
429#undef HAVE_LOGIN_GETCAPBOOL]) 462#undef HAVE_LOGIN_GETCAPBOOL])
430m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_MD5_CRYPT], [/* Define to 1 if you have the \`md5_crypt' function. */ 463m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_MD5_CRYPT], [/* Define to 1 if you have the \`md5_crypt' function. */
431#undef HAVE_MD5_CRYPT]) 464#undef HAVE_MD5_CRYPT])
432m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_MEMMOVE], [/* Define to 1 if you have the \`memmove' function. */ 465m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_MEMMOVE], [/* Define to 1 if you have the \`memmove' function. */
433#undef HAVE_MEMMOVE]) 466#undef HAVE_MEMMOVE])
434m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_MKDTEMP], [/* Define to 1 if you have the \`mkdtemp' function. */ 467m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_MKDTEMP], [/* Define to 1 if you have the \`mkdtemp' function. */
435#undef HAVE_MKDTEMP]) 468#undef HAVE_MKDTEMP])
436m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_MMAP], [/* Define to 1 if you have the \`mmap' function. */ 469m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_MMAP], [/* Define to 1 if you have the \`mmap' function. */
437#undef HAVE_MMAP]) 470#undef HAVE_MMAP])
438m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_NGETADDRINFO], [/* Define to 1 if you have the \`ngetaddrinfo' function. */ 471m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_NGETADDRINFO], [/* Define to 1 if you have the \`ngetaddrinfo' function. */
439#undef HAVE_NGETADDRINFO]) 472#undef HAVE_NGETADDRINFO])
440m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_OPENPTY], [/* Define to 1 if you have the \`openpty' function. */ 473m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_OPENPTY], [/* Define to 1 if you have the \`openpty' function. */
441#undef HAVE_OPENPTY]) 474#undef HAVE_OPENPTY])
442m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_OGETADDRINFO], [/* Define to 1 if you have the \`ogetaddrinfo' function. */ 475m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_OGETADDRINFO], [/* Define to 1 if you have the \`ogetaddrinfo' function. */
443#undef HAVE_OGETADDRINFO]) 476#undef HAVE_OGETADDRINFO])
444m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_READPASSPHRASE], [/* Define to 1 if you have the \`readpassphrase' function. */ 477m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_READPASSPHRASE], [/* Define to 1 if you have the \`readpassphrase' function. */
445#undef HAVE_READPASSPHRASE]) 478#undef HAVE_READPASSPHRASE])
446m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_REALPATH], [/* Define to 1 if you have the \`realpath' function. */ 479m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_REALPATH], [/* Define to 1 if you have the \`realpath' function. */
447#undef HAVE_REALPATH]) 480#undef HAVE_REALPATH])
448m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_RECVMSG], [/* Define to 1 if you have the \`recvmsg' function. */ 481m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_RECVMSG], [/* Define to 1 if you have the \`recvmsg' function. */
449#undef HAVE_RECVMSG]) 482#undef HAVE_RECVMSG])
450m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_RRESVPORT_AF], [/* Define to 1 if you have the \`rresvport_af' function. */ 483m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_RRESVPORT_AF], [/* Define to 1 if you have the \`rresvport_af' function. */
451#undef HAVE_RRESVPORT_AF]) 484#undef HAVE_RRESVPORT_AF])
452m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SENDMSG], [/* Define to 1 if you have the \`sendmsg' function. */ 485m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SENDMSG], [/* Define to 1 if you have the \`sendmsg' function. */
453#undef HAVE_SENDMSG]) 486#undef HAVE_SENDMSG])
454m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETDTABLESIZE], [/* Define to 1 if you have the \`setdtablesize' function. */ 487m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETDTABLESIZE], [/* Define to 1 if you have the \`setdtablesize' function. */
455#undef HAVE_SETDTABLESIZE]) 488#undef HAVE_SETDTABLESIZE])
456m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETEGID], [/* Define to 1 if you have the \`setegid' function. */ 489m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETEGID], [/* Define to 1 if you have the \`setegid' function. */
457#undef HAVE_SETEGID]) 490#undef HAVE_SETEGID])
458m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETENV], [/* Define to 1 if you have the \`setenv' function. */ 491m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETENV], [/* Define to 1 if you have the \`setenv' function. */
459#undef HAVE_SETENV]) 492#undef HAVE_SETENV])
460m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETEUID], [/* Define to 1 if you have the \`seteuid' function. */ 493m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETEUID], [/* Define to 1 if you have the \`seteuid' function. */
461#undef HAVE_SETEUID]) 494#undef HAVE_SETEUID])
462m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETGROUPS], [/* Define to 1 if you have the \`setgroups' function. */ 495m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETGROUPS], [/* Define to 1 if you have the \`setgroups' function. */
463#undef HAVE_SETGROUPS]) 496#undef HAVE_SETGROUPS])
464m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETLOGIN], [/* Define to 1 if you have the \`setlogin' function. */ 497m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETLOGIN], [/* Define to 1 if you have the \`setlogin' function. */
465#undef HAVE_SETLOGIN]) 498#undef HAVE_SETLOGIN])
466m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETPROCTITLE], [/* Define to 1 if you have the \`setproctitle' function. */ 499m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETPROCTITLE], [/* Define to 1 if you have the \`setproctitle' function. */
467#undef HAVE_SETPROCTITLE]) 500#undef HAVE_SETPROCTITLE])
468m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETRESGID], [/* Define to 1 if you have the \`setresgid' function. */ 501m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETRESGID], [/* Define to 1 if you have the \`setresgid' function. */
469#undef HAVE_SETRESGID]) 502#undef HAVE_SETRESGID])
470m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETREUID], [/* Define to 1 if you have the \`setreuid' function. */ 503m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETREUID], [/* Define to 1 if you have the \`setreuid' function. */
471#undef HAVE_SETREUID]) 504#undef HAVE_SETREUID])
472m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETRLIMIT], [/* Define to 1 if you have the \`setrlimit' function. */ 505m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETRLIMIT], [/* Define to 1 if you have the \`setrlimit' function. */
473#undef HAVE_SETRLIMIT]) 506#undef HAVE_SETRLIMIT])
474m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETSID], [/* Define to 1 if you have the \`setsid' function. */ 507m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETSID], [/* Define to 1 if you have the \`setsid' function. */
475#undef HAVE_SETSID]) 508#undef HAVE_SETSID])
476m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETPCRED], [/* Define to 1 if you have the \`setpcred' function. */ 509m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETPCRED], [/* Define to 1 if you have the \`setpcred' function. */
477#undef HAVE_SETPCRED]) 510#undef HAVE_SETPCRED])
478m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETVBUF], [/* Define to 1 if you have the \`setvbuf' function. */ 511m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETVBUF], [/* Define to 1 if you have the \`setvbuf' function. */
479#undef HAVE_SETVBUF]) 512#undef HAVE_SETVBUF])
480m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SIGACTION], [/* Define to 1 if you have the \`sigaction' function. */ 513m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SIGACTION], [/* Define to 1 if you have the \`sigaction' function. */
481#undef HAVE_SIGACTION]) 514#undef HAVE_SIGACTION])
482m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SIGVEC], [/* Define to 1 if you have the \`sigvec' function. */ 515m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SIGVEC], [/* Define to 1 if you have the \`sigvec' function. */
483#undef HAVE_SIGVEC]) 516#undef HAVE_SIGVEC])
484m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SNPRINTF], [/* Define to 1 if you have the \`snprintf' function. */ 517m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SNPRINTF], [/* Define to 1 if you have the \`snprintf' function. */
485#undef HAVE_SNPRINTF]) 518#undef HAVE_SNPRINTF])
486m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SOCKETPAIR], [/* Define to 1 if you have the \`socketpair' function. */ 519m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SOCKETPAIR], [/* Define to 1 if you have the \`socketpair' function. */
487#undef HAVE_SOCKETPAIR]) 520#undef HAVE_SOCKETPAIR])
488m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_STRERROR], [/* Define to 1 if you have the \`strerror' function. */ 521m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_STRERROR], [/* Define to 1 if you have the \`strerror' function. */
489#undef HAVE_STRERROR]) 522#undef HAVE_STRERROR])
490m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_STRLCAT], [/* Define to 1 if you have the \`strlcat' function. */ 523m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_STRLCAT], [/* Define to 1 if you have the \`strlcat' function. */
491#undef HAVE_STRLCAT]) 524#undef HAVE_STRLCAT])
492m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_STRLCPY], [/* Define to 1 if you have the \`strlcpy' function. */ 525m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_STRLCPY], [/* Define to 1 if you have the \`strlcpy' function. */
493#undef HAVE_STRLCPY]) 526#undef HAVE_STRLCPY])
494m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_STRMODE], [/* Define to 1 if you have the \`strmode' function. */ 527m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_STRMODE], [/* Define to 1 if you have the \`strmode' function. */
495#undef HAVE_STRMODE]) 528#undef HAVE_STRMODE])
496m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_STRSEP], [/* Define to 1 if you have the \`strsep' function. */ 529m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_STRSEP], [/* Define to 1 if you have the \`strsep' function. */
497#undef HAVE_STRSEP]) 530#undef HAVE_STRSEP])
498m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SYSCONF], [/* Define to 1 if you have the \`sysconf' function. */ 531m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SYSCONF], [/* Define to 1 if you have the \`sysconf' function. */
499#undef HAVE_SYSCONF]) 532#undef HAVE_SYSCONF])
500m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_TCGETPGRP], [/* Define to 1 if you have the \`tcgetpgrp' function. */ 533m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_TCGETPGRP], [/* Define to 1 if you have the \`tcgetpgrp' function. */
501#undef HAVE_TCGETPGRP]) 534#undef HAVE_TCGETPGRP])
502m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_TRUNCATE], [/* Define to 1 if you have the \`truncate' function. */ 535m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_TRUNCATE], [/* Define to 1 if you have the \`truncate' function. */
503#undef HAVE_TRUNCATE]) 536#undef HAVE_TRUNCATE])
504m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_UTIMES], [/* Define to 1 if you have the \`utimes' function. */ 537m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_UTIMES], [/* Define to 1 if you have the \`utimes' function. */
505#undef HAVE_UTIMES]) 538#undef HAVE_UTIMES])
506m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_VHANGUP], [/* Define to 1 if you have the \`vhangup' function. */ 539m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_VHANGUP], [/* Define to 1 if you have the \`vhangup' function. */
507#undef HAVE_VHANGUP]) 540#undef HAVE_VHANGUP])
508m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_VSNPRINTF], [/* Define to 1 if you have the \`vsnprintf' function. */ 541m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_VSNPRINTF], [/* Define to 1 if you have the \`vsnprintf' function. */
509#undef HAVE_VSNPRINTF]) 542#undef HAVE_VSNPRINTF])
510m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_WAITPID], [/* Define to 1 if you have the \`waitpid' function. */ 543m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_WAITPID], [/* Define to 1 if you have the \`waitpid' function. */
511#undef HAVE_WAITPID]) 544#undef HAVE_WAITPID])
512m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE___B64_NTOP], [/* Define to 1 if you have the \`__b64_ntop' function. */ 545m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE___B64_NTOP], [/* Define to 1 if you have the \`__b64_ntop' function. */
513#undef HAVE___B64_NTOP]) 546#undef HAVE___B64_NTOP])
514m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE__GETPTY], [/* Define to 1 if you have the \`_getpty' function. */ 547m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE__GETPTY], [/* Define to 1 if you have the \`_getpty' function. */
515#undef HAVE__GETPTY]) 548#undef HAVE__GETPTY])
516m4trace:configure.ac:601: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MMAP_ANON_SHARED]) 549m4trace:configure.ac:645: -1- AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS(libgen.h) ], [
517m4trace:configure.ac:639: -1- AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS(libgen.h) ], [
518 AC_CHECK_LIB(gen, dirname,[ 550 AC_CHECK_LIB(gen, dirname,[
519 AC_CACHE_CHECK([for broken dirname], 551 AC_CACHE_CHECK([for broken dirname],
520 ac_cv_have_broken_dirname, [ 552 ac_cv_have_broken_dirname, [
@@ -549,12 +581,12 @@ int main(int argc, char **argv) {
549 fi 581 fi
550 ]) 582 ])
551]) 583])
552m4trace:configure.ac:639: -1- AH_OUTPUT([HAVE_DIRNAME], [/* Define to 1 if you have the \`dirname' function. */ 584m4trace:configure.ac:645: -1- AH_OUTPUT([HAVE_DIRNAME], [/* Define to 1 if you have the \`dirname' function. */
553#undef HAVE_DIRNAME]) 585#undef HAVE_DIRNAME])
554m4trace:configure.ac:639: -1- AC_CHECK_HEADERS([libgen.h]) 586m4trace:configure.ac:645: -1- AC_CHECK_HEADERS([libgen.h])
555m4trace:configure.ac:639: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */ 587m4trace:configure.ac:645: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */
556#undef HAVE_LIBGEN_H]) 588#undef HAVE_LIBGEN_H])
557m4trace:configure.ac:639: -1- AC_CHECK_LIB([gen], [dirname], [ 589m4trace:configure.ac:645: -1- AC_CHECK_LIB([gen], [dirname], [
558 AC_CACHE_CHECK([for broken dirname], 590 AC_CACHE_CHECK([for broken dirname],
559 ac_cv_have_broken_dirname, [ 591 ac_cv_have_broken_dirname, [
560 save_LIBS="$LIBS" 592 save_LIBS="$LIBS"
@@ -587,285 +619,287 @@ int main(int argc, char **argv) {
587 AC_CHECK_HEADERS(libgen.h) 619 AC_CHECK_HEADERS(libgen.h)
588 fi 620 fi
589 ]) 621 ])
590m4trace:configure.ac:639: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DIRNAME]) 622m4trace:configure.ac:645: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DIRNAME])
591m4trace:configure.ac:639: -1- AC_CHECK_HEADERS([libgen.h]) 623m4trace:configure.ac:645: -1- AC_CHECK_HEADERS([libgen.h])
592m4trace:configure.ac:639: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */ 624m4trace:configure.ac:645: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */
593#undef HAVE_LIBGEN_H]) 625#undef HAVE_LIBGEN_H])
594m4trace:configure.ac:642: -1- AC_CHECK_FUNCS([gettimeofday time]) 626m4trace:configure.ac:648: -1- AC_CHECK_FUNCS([gettimeofday time])
595m4trace:configure.ac:642: -1- AH_OUTPUT([HAVE_GETTIMEOFDAY], [/* Define to 1 if you have the \`gettimeofday' function. */ 627m4trace:configure.ac:648: -1- AH_OUTPUT([HAVE_GETTIMEOFDAY], [/* Define to 1 if you have the \`gettimeofday' function. */
596#undef HAVE_GETTIMEOFDAY]) 628#undef HAVE_GETTIMEOFDAY])
597m4trace:configure.ac:642: -1- AH_OUTPUT([HAVE_TIME], [/* Define to 1 if you have the \`time' function. */ 629m4trace:configure.ac:648: -1- AH_OUTPUT([HAVE_TIME], [/* Define to 1 if you have the \`time' function. */
598#undef HAVE_TIME]) 630#undef HAVE_TIME])
599m4trace:configure.ac:644: -1- AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) 631m4trace:configure.ac:650: -1- AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent])
600m4trace:configure.ac:644: -1- AH_OUTPUT([HAVE_ENDUTENT], [/* Define to 1 if you have the \`endutent' function. */ 632m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_ENDUTENT], [/* Define to 1 if you have the \`endutent' function. */
601#undef HAVE_ENDUTENT]) 633#undef HAVE_ENDUTENT])
602m4trace:configure.ac:644: -1- AH_OUTPUT([HAVE_GETUTENT], [/* Define to 1 if you have the \`getutent' function. */ 634m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_GETUTENT], [/* Define to 1 if you have the \`getutent' function. */
603#undef HAVE_GETUTENT]) 635#undef HAVE_GETUTENT])
604m4trace:configure.ac:644: -1- AH_OUTPUT([HAVE_GETUTID], [/* Define to 1 if you have the \`getutid' function. */ 636m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_GETUTID], [/* Define to 1 if you have the \`getutid' function. */
605#undef HAVE_GETUTID]) 637#undef HAVE_GETUTID])
606m4trace:configure.ac:644: -1- AH_OUTPUT([HAVE_GETUTLINE], [/* Define to 1 if you have the \`getutline' function. */ 638m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_GETUTLINE], [/* Define to 1 if you have the \`getutline' function. */
607#undef HAVE_GETUTLINE]) 639#undef HAVE_GETUTLINE])
608m4trace:configure.ac:644: -1- AH_OUTPUT([HAVE_PUTUTLINE], [/* Define to 1 if you have the \`pututline' function. */ 640m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_PUTUTLINE], [/* Define to 1 if you have the \`pututline' function. */
609#undef HAVE_PUTUTLINE]) 641#undef HAVE_PUTUTLINE])
610m4trace:configure.ac:644: -1- AH_OUTPUT([HAVE_SETUTENT], [/* Define to 1 if you have the \`setutent' function. */ 642m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_SETUTENT], [/* Define to 1 if you have the \`setutent' function. */
611#undef HAVE_SETUTENT]) 643#undef HAVE_SETUTENT])
612m4trace:configure.ac:645: -1- AC_CHECK_FUNCS([utmpname]) 644m4trace:configure.ac:651: -1- AC_CHECK_FUNCS([utmpname])
613m4trace:configure.ac:645: -1- AH_OUTPUT([HAVE_UTMPNAME], [/* Define to 1 if you have the \`utmpname' function. */ 645m4trace:configure.ac:651: -1- AH_OUTPUT([HAVE_UTMPNAME], [/* Define to 1 if you have the \`utmpname' function. */
614#undef HAVE_UTMPNAME]) 646#undef HAVE_UTMPNAME])
615m4trace:configure.ac:647: -1- AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline pututxline ]) 647m4trace:configure.ac:653: -1- AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline pututxline ])
616m4trace:configure.ac:647: -1- AH_OUTPUT([HAVE_ENDUTXENT], [/* Define to 1 if you have the \`endutxent' function. */ 648m4trace:configure.ac:653: -1- AH_OUTPUT([HAVE_ENDUTXENT], [/* Define to 1 if you have the \`endutxent' function. */
617#undef HAVE_ENDUTXENT]) 649#undef HAVE_ENDUTXENT])
618m4trace:configure.ac:647: -1- AH_OUTPUT([HAVE_GETUTXENT], [/* Define to 1 if you have the \`getutxent' function. */ 650m4trace:configure.ac:653: -1- AH_OUTPUT([HAVE_GETUTXENT], [/* Define to 1 if you have the \`getutxent' function. */
619#undef HAVE_GETUTXENT]) 651#undef HAVE_GETUTXENT])
620m4trace:configure.ac:647: -1- AH_OUTPUT([HAVE_GETUTXID], [/* Define to 1 if you have the \`getutxid' function. */ 652m4trace:configure.ac:653: -1- AH_OUTPUT([HAVE_GETUTXID], [/* Define to 1 if you have the \`getutxid' function. */
621#undef HAVE_GETUTXID]) 653#undef HAVE_GETUTXID])
622m4trace:configure.ac:647: -1- AH_OUTPUT([HAVE_GETUTXLINE], [/* Define to 1 if you have the \`getutxline' function. */ 654m4trace:configure.ac:653: -1- AH_OUTPUT([HAVE_GETUTXLINE], [/* Define to 1 if you have the \`getutxline' function. */
623#undef HAVE_GETUTXLINE]) 655#undef HAVE_GETUTXLINE])
624m4trace:configure.ac:647: -1- AH_OUTPUT([HAVE_PUTUTXLINE], [/* Define to 1 if you have the \`pututxline' function. */ 656m4trace:configure.ac:653: -1- AH_OUTPUT([HAVE_PUTUTXLINE], [/* Define to 1 if you have the \`pututxline' function. */
625#undef HAVE_PUTUTXLINE]) 657#undef HAVE_PUTUTXLINE])
626m4trace:configure.ac:648: -1- AC_CHECK_FUNCS([setutxent utmpxname]) 658m4trace:configure.ac:654: -1- AC_CHECK_FUNCS([setutxent utmpxname])
627m4trace:configure.ac:648: -1- AH_OUTPUT([HAVE_SETUTXENT], [/* Define to 1 if you have the \`setutxent' function. */ 659m4trace:configure.ac:654: -1- AH_OUTPUT([HAVE_SETUTXENT], [/* Define to 1 if you have the \`setutxent' function. */
628#undef HAVE_SETUTXENT]) 660#undef HAVE_SETUTXENT])
629m4trace:configure.ac:648: -1- AH_OUTPUT([HAVE_UTMPXNAME], [/* Define to 1 if you have the \`utmpxname' function. */ 661m4trace:configure.ac:654: -1- AH_OUTPUT([HAVE_UTMPXNAME], [/* Define to 1 if you have the \`utmpxname' function. */
630#undef HAVE_UTMPXNAME]) 662#undef HAVE_UTMPXNAME])
631m4trace:configure.ac:653: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DAEMON]) 663m4trace:configure.ac:659: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DAEMON])
632m4trace:configure.ac:653: -1- AC_CHECK_LIB([bsd], [daemon], [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)]) 664m4trace:configure.ac:659: -1- AC_CHECK_LIB([bsd], [daemon], [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])
633m4trace:configure.ac:653: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DAEMON]) 665m4trace:configure.ac:659: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DAEMON])
634m4trace:configure.ac:658: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETPAGESIZE]) 666m4trace:configure.ac:664: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETPAGESIZE])
635m4trace:configure.ac:658: -1- AC_CHECK_LIB([ucb], [getpagesize], [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)]) 667m4trace:configure.ac:664: -1- AC_CHECK_LIB([ucb], [getpagesize], [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])
636m4trace:configure.ac:658: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETPAGESIZE]) 668m4trace:configure.ac:664: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETPAGESIZE])
637m4trace:configure.ac:674: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SNPRINTF]) 669m4trace:configure.ac:680: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SNPRINTF])
638m4trace:configure.ac:677: -1- AC_FUNC_GETPGRP 670m4trace:configure.ac:683: -1- AC_FUNC_GETPGRP
639m4trace:configure.ac:677: -1- AC_DEFINE_TRACE_LITERAL([GETPGRP_VOID]) 671m4trace:configure.ac:683: -1- AC_DEFINE_TRACE_LITERAL([GETPGRP_VOID])
640m4trace:configure.ac:677: -1- AH_OUTPUT([GETPGRP_VOID], [/* Define to 1 if the \`getpgrp' function requires zero arguments. */ 672m4trace:configure.ac:683: -1- AH_OUTPUT([GETPGRP_VOID], [/* Define to 1 if the \`getpgrp' function requires zero arguments. */
641#undef GETPGRP_VOID]) 673#undef GETPGRP_VOID])
642m4trace:configure.ac:705: -1- AC_CHECK_LIB([dl], [dlopen], [], []) 674m4trace:configure.ac:711: -1- AC_CHECK_LIB([dl], [dlopen], [], [])
643m4trace:configure.ac:705: -1- AH_OUTPUT([HAVE_LIBDL], [/* Define to 1 if you have the \`dl' library (-ldl). */ 675m4trace:configure.ac:711: -1- AH_OUTPUT([HAVE_LIBDL], [/* Define to 1 if you have the \`dl' library (-ldl). */
644#undef HAVE_LIBDL]) 676#undef HAVE_LIBDL])
645m4trace:configure.ac:705: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDL]) 677m4trace:configure.ac:711: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDL])
646m4trace:configure.ac:705: -1- AC_CHECK_LIB([pam], [pam_set_item], [], [{ { echo "$as_me:$LINENO: error: *** libpam missing" >&5 678m4trace:configure.ac:711: -1- AC_CHECK_LIB([pam], [pam_set_item], [], [{ { echo "$as_me:$LINENO: error: *** libpam missing" >&5
647echo "$as_me: error: *** libpam missing" >&2;} 679echo "$as_me: error: *** libpam missing" >&2;}
648 { (exit 1); exit 1; }; }]) 680 { (exit 1); exit 1; }; }])
649m4trace:configure.ac:705: -1- AH_OUTPUT([HAVE_LIBPAM], [/* Define to 1 if you have the \`pam' library (-lpam). */ 681m4trace:configure.ac:711: -1- AH_OUTPUT([HAVE_LIBPAM], [/* Define to 1 if you have the \`pam' library (-lpam). */
650#undef HAVE_LIBPAM]) 682#undef HAVE_LIBPAM])
651m4trace:configure.ac:705: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBPAM]) 683m4trace:configure.ac:711: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBPAM])
652m4trace:configure.ac:705: -1- AC_CHECK_FUNCS([pam_getenvlist]) 684m4trace:configure.ac:711: -1- AC_CHECK_FUNCS([pam_getenvlist])
653m4trace:configure.ac:705: -1- AH_OUTPUT([HAVE_PAM_GETENVLIST], [/* Define to 1 if you have the \`pam_getenvlist' function. */ 685m4trace:configure.ac:711: -1- AH_OUTPUT([HAVE_PAM_GETENVLIST], [/* Define to 1 if you have the \`pam_getenvlist' function. */
654#undef HAVE_PAM_GETENVLIST]) 686#undef HAVE_PAM_GETENVLIST])
655m4trace:configure.ac:705: -1- AC_DEFINE_TRACE_LITERAL([USE_PAM]) 687m4trace:configure.ac:711: -1- AC_DEFINE_TRACE_LITERAL([USE_PAM])
656m4trace:configure.ac:705: -1- AC_SUBST([LIBPAM]) 688m4trace:configure.ac:711: -1- AC_SUBST([LIBPAM])
657m4trace:configure.ac:723: -1- AC_DEFINE_TRACE_LITERAL([HAVE_OLD_PAM]) 689m4trace:configure.ac:729: -1- AC_DEFINE_TRACE_LITERAL([HAVE_OLD_PAM])
658m4trace:configure.ac:755: -2- AC_DEFINE_TRACE_LITERAL([HAVE_OPENSSL]) 690m4trace:configure.ac:735: -1- AC_CHECK_LIB([crypt], [crypt])
659m4trace:configure.ac:770: -2- AC_DEFINE_TRACE_LITERAL([HAVE_OPENSSL]) 691m4trace:configure.ac:735: -1- AH_OUTPUT([HAVE_LIBCRYPT], [/* Define to 1 if you have the \`crypt' library (-lcrypt). */
660m4trace:configure.ac:793: -1- AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) 692#undef HAVE_LIBCRYPT])
661m4trace:configure.ac:841: -1- AC_DEFINE_TRACE_LITERAL([OPENSSL_PRNG_ONLY]) 693m4trace:configure.ac:735: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBCRYPT])
662m4trace:configure.ac:849: -1- AC_SUBST([INSTALL_SSH_RAND_HELPER]) 694m4trace:configure.ac:767: -2- AC_DEFINE_TRACE_LITERAL([HAVE_OPENSSL])
663m4trace:configure.ac:872: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_PORT]) 695m4trace:configure.ac:782: -2- AC_DEFINE_TRACE_LITERAL([HAVE_OPENSSL])
664m4trace:configure.ac:922: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_SOCKET]) 696m4trace:configure.ac:869: -1- AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
665m4trace:configure.ac:922: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_SOCKET]) 697m4trace:configure.ac:917: -1- AC_DEFINE_TRACE_LITERAL([OPENSSL_PRNG_ONLY])
666m4trace:configure.ac:934: -1- AC_DEFINE_TRACE_LITERAL([ENTROPY_TIMEOUT_MSEC]) 698m4trace:configure.ac:925: -1- AC_SUBST([INSTALL_SSH_RAND_HELPER])
667m4trace:configure.ac:945: -1- AC_DEFINE_TRACE_LITERAL([SSH_PRIVSEP_USER]) 699m4trace:configure.ac:948: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_PORT])
668m4trace:configure.ac:946: -1- AC_SUBST([SSH_PRIVSEP_USER]) 700m4trace:configure.ac:998: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_SOCKET])
669m4trace:configure.ac:963: -1- AC_SUBST([PROG_LS], [$ac_cv_path_PROG_LS]) 701m4trace:configure.ac:998: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_SOCKET])
670m4trace:configure.ac:963: -1- AC_SUBST([PROG_LS]) 702m4trace:configure.ac:1010: -1- AC_DEFINE_TRACE_LITERAL([ENTROPY_TIMEOUT_MSEC])
671m4trace:configure.ac:964: -1- AC_SUBST([PROG_NETSTAT], [$ac_cv_path_PROG_NETSTAT]) 703m4trace:configure.ac:1021: -1- AC_DEFINE_TRACE_LITERAL([SSH_PRIVSEP_USER])
672m4trace:configure.ac:964: -1- AC_SUBST([PROG_NETSTAT]) 704m4trace:configure.ac:1022: -1- AC_SUBST([SSH_PRIVSEP_USER])
673m4trace:configure.ac:965: -1- AC_SUBST([PROG_ARP], [$ac_cv_path_PROG_ARP]) 705m4trace:configure.ac:1039: -1- AC_SUBST([PROG_LS], [$ac_cv_path_PROG_LS])
674m4trace:configure.ac:965: -1- AC_SUBST([PROG_ARP]) 706m4trace:configure.ac:1039: -1- AC_SUBST([PROG_LS])
675m4trace:configure.ac:966: -1- AC_SUBST([PROG_IFCONFIG], [$ac_cv_path_PROG_IFCONFIG]) 707m4trace:configure.ac:1040: -1- AC_SUBST([PROG_NETSTAT], [$ac_cv_path_PROG_NETSTAT])
676m4trace:configure.ac:966: -1- AC_SUBST([PROG_IFCONFIG]) 708m4trace:configure.ac:1040: -1- AC_SUBST([PROG_NETSTAT])
677m4trace:configure.ac:967: -1- AC_SUBST([PROG_JSTAT], [$ac_cv_path_PROG_JSTAT]) 709m4trace:configure.ac:1041: -1- AC_SUBST([PROG_ARP], [$ac_cv_path_PROG_ARP])
678m4trace:configure.ac:967: -1- AC_SUBST([PROG_JSTAT]) 710m4trace:configure.ac:1041: -1- AC_SUBST([PROG_ARP])
679m4trace:configure.ac:968: -1- AC_SUBST([PROG_PS], [$ac_cv_path_PROG_PS]) 711m4trace:configure.ac:1042: -1- AC_SUBST([PROG_IFCONFIG], [$ac_cv_path_PROG_IFCONFIG])
680m4trace:configure.ac:968: -1- AC_SUBST([PROG_PS]) 712m4trace:configure.ac:1042: -1- AC_SUBST([PROG_IFCONFIG])
681m4trace:configure.ac:969: -1- AC_SUBST([PROG_SAR], [$ac_cv_path_PROG_SAR]) 713m4trace:configure.ac:1043: -1- AC_SUBST([PROG_JSTAT], [$ac_cv_path_PROG_JSTAT])
682m4trace:configure.ac:969: -1- AC_SUBST([PROG_SAR]) 714m4trace:configure.ac:1043: -1- AC_SUBST([PROG_JSTAT])
683m4trace:configure.ac:970: -1- AC_SUBST([PROG_W], [$ac_cv_path_PROG_W]) 715m4trace:configure.ac:1044: -1- AC_SUBST([PROG_PS], [$ac_cv_path_PROG_PS])
684m4trace:configure.ac:970: -1- AC_SUBST([PROG_W]) 716m4trace:configure.ac:1044: -1- AC_SUBST([PROG_PS])
685m4trace:configure.ac:971: -1- AC_SUBST([PROG_WHO], [$ac_cv_path_PROG_WHO]) 717m4trace:configure.ac:1045: -1- AC_SUBST([PROG_SAR], [$ac_cv_path_PROG_SAR])
686m4trace:configure.ac:971: -1- AC_SUBST([PROG_WHO]) 718m4trace:configure.ac:1045: -1- AC_SUBST([PROG_SAR])
687m4trace:configure.ac:972: -1- AC_SUBST([PROG_LAST], [$ac_cv_path_PROG_LAST]) 719m4trace:configure.ac:1046: -1- AC_SUBST([PROG_W], [$ac_cv_path_PROG_W])
688m4trace:configure.ac:972: -1- AC_SUBST([PROG_LAST]) 720m4trace:configure.ac:1046: -1- AC_SUBST([PROG_W])
689m4trace:configure.ac:973: -1- AC_SUBST([PROG_LASTLOG], [$ac_cv_path_PROG_LASTLOG]) 721m4trace:configure.ac:1047: -1- AC_SUBST([PROG_WHO], [$ac_cv_path_PROG_WHO])
690m4trace:configure.ac:973: -1- AC_SUBST([PROG_LASTLOG]) 722m4trace:configure.ac:1047: -1- AC_SUBST([PROG_WHO])
691m4trace:configure.ac:974: -1- AC_SUBST([PROG_DF], [$ac_cv_path_PROG_DF]) 723m4trace:configure.ac:1048: -1- AC_SUBST([PROG_LAST], [$ac_cv_path_PROG_LAST])
692m4trace:configure.ac:974: -1- AC_SUBST([PROG_DF]) 724m4trace:configure.ac:1048: -1- AC_SUBST([PROG_LAST])
693m4trace:configure.ac:975: -1- AC_SUBST([PROG_VMSTAT], [$ac_cv_path_PROG_VMSTAT]) 725m4trace:configure.ac:1049: -1- AC_SUBST([PROG_LASTLOG], [$ac_cv_path_PROG_LASTLOG])
694m4trace:configure.ac:975: -1- AC_SUBST([PROG_VMSTAT]) 726m4trace:configure.ac:1049: -1- AC_SUBST([PROG_LASTLOG])
695m4trace:configure.ac:976: -1- AC_SUBST([PROG_UPTIME], [$ac_cv_path_PROG_UPTIME]) 727m4trace:configure.ac:1050: -1- AC_SUBST([PROG_DF], [$ac_cv_path_PROG_DF])
696m4trace:configure.ac:976: -1- AC_SUBST([PROG_UPTIME]) 728m4trace:configure.ac:1050: -1- AC_SUBST([PROG_DF])
697m4trace:configure.ac:977: -1- AC_SUBST([PROG_IPCS], [$ac_cv_path_PROG_IPCS]) 729m4trace:configure.ac:1051: -1- AC_SUBST([PROG_VMSTAT], [$ac_cv_path_PROG_VMSTAT])
698m4trace:configure.ac:977: -1- AC_SUBST([PROG_IPCS]) 730m4trace:configure.ac:1051: -1- AC_SUBST([PROG_VMSTAT])
699m4trace:configure.ac:978: -1- AC_SUBST([PROG_TAIL], [$ac_cv_path_PROG_TAIL]) 731m4trace:configure.ac:1052: -1- AC_SUBST([PROG_UPTIME], [$ac_cv_path_PROG_UPTIME])
700m4trace:configure.ac:978: -1- AC_SUBST([PROG_TAIL]) 732m4trace:configure.ac:1052: -1- AC_SUBST([PROG_UPTIME])
701m4trace:configure.ac:995: -1- AC_SUBST([INSTALL_SSH_PRNG_CMDS]) 733m4trace:configure.ac:1053: -1- AC_SUBST([PROG_IPCS], [$ac_cv_path_PROG_IPCS])
702m4trace:configure.ac:1004: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_CHAR]) 734m4trace:configure.ac:1053: -1- AC_SUBST([PROG_IPCS])
703m4trace:configure.ac:1004: -1- AH_OUTPUT([SIZEOF_CHAR], [/* The size of a \`char', as computed by sizeof. */ 735m4trace:configure.ac:1054: -1- AC_SUBST([PROG_TAIL], [$ac_cv_path_PROG_TAIL])
736m4trace:configure.ac:1054: -1- AC_SUBST([PROG_TAIL])
737m4trace:configure.ac:1071: -1- AC_SUBST([INSTALL_SSH_PRNG_CMDS])
738m4trace:configure.ac:1080: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_CHAR])
739m4trace:configure.ac:1080: -1- AH_OUTPUT([SIZEOF_CHAR], [/* The size of a \`char', as computed by sizeof. */
704#undef SIZEOF_CHAR]) 740#undef SIZEOF_CHAR])
705m4trace:configure.ac:1005: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_SHORT_INT]) 741m4trace:configure.ac:1081: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_SHORT_INT])
706m4trace:configure.ac:1005: -1- AH_OUTPUT([SIZEOF_SHORT_INT], [/* The size of a \`short int', as computed by sizeof. */ 742m4trace:configure.ac:1081: -1- AH_OUTPUT([SIZEOF_SHORT_INT], [/* The size of a \`short int', as computed by sizeof. */
707#undef SIZEOF_SHORT_INT]) 743#undef SIZEOF_SHORT_INT])
708m4trace:configure.ac:1006: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_INT]) 744m4trace:configure.ac:1082: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_INT])
709m4trace:configure.ac:1006: -1- AH_OUTPUT([SIZEOF_INT], [/* The size of a \`int', as computed by sizeof. */ 745m4trace:configure.ac:1082: -1- AH_OUTPUT([SIZEOF_INT], [/* The size of a \`int', as computed by sizeof. */
710#undef SIZEOF_INT]) 746#undef SIZEOF_INT])
711m4trace:configure.ac:1007: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_LONG_INT]) 747m4trace:configure.ac:1083: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_LONG_INT])
712m4trace:configure.ac:1007: -1- AH_OUTPUT([SIZEOF_LONG_INT], [/* The size of a \`long int', as computed by sizeof. */ 748m4trace:configure.ac:1083: -1- AH_OUTPUT([SIZEOF_LONG_INT], [/* The size of a \`long int', as computed by sizeof. */
713#undef SIZEOF_LONG_INT]) 749#undef SIZEOF_LONG_INT])
714m4trace:configure.ac:1008: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_LONG_LONG_INT]) 750m4trace:configure.ac:1084: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_LONG_LONG_INT])
715m4trace:configure.ac:1008: -1- AH_OUTPUT([SIZEOF_LONG_LONG_INT], [/* The size of a \`long long int', as computed by sizeof. */ 751m4trace:configure.ac:1084: -1- AH_OUTPUT([SIZEOF_LONG_LONG_INT], [/* The size of a \`long long int', as computed by sizeof. */
716#undef SIZEOF_LONG_LONG_INT]) 752#undef SIZEOF_LONG_LONG_INT])
717m4trace:configure.ac:1025: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT]) 753m4trace:configure.ac:1101: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT])
718m4trace:configure.ac:1038: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T]) 754m4trace:configure.ac:1114: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T])
719m4trace:configure.ac:1054: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T]) 755m4trace:configure.ac:1130: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T])
720m4trace:configure.ac:1066: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT64_T]) 756m4trace:configure.ac:1151: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT64_T])
721m4trace:configure.ac:1080: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT64_T]) 757m4trace:configure.ac:1163: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T])
722m4trace:configure.ac:1093: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT64_T]) 758m4trace:configure.ac:1177: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T])
723m4trace:configure.ac:1105: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T]) 759m4trace:configure.ac:1189: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T])
724m4trace:configure.ac:1119: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T]) 760m4trace:configure.ac:1203: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T])
725m4trace:configure.ac:1131: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T]) 761m4trace:configure.ac:1218: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINTXX_T])
726m4trace:configure.ac:1145: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T]) 762m4trace:configure.ac:1232: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINTXX_T])
727m4trace:configure.ac:1160: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINTXX_T]) 763m4trace:configure.ac:1254: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T])
728m4trace:configure.ac:1174: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINTXX_T]) 764m4trace:configure.ac:1254: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T])
729m4trace:configure.ac:1196: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T]) 765m4trace:configure.ac:1269: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_CHAR])
730m4trace:configure.ac:1196: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T]) 766m4trace:configure.ac:1272: -1- AC_DEFINE_TRACE_LITERAL([socklen_t])
731m4trace:configure.ac:1211: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_CHAR]) 767m4trace:configure.ac:1272: -1- AH_OUTPUT([socklen_t], [/* type to use in place of socklen_t if not defined */
732m4trace:configure.ac:1214: -1- AC_DEFINE_TRACE_LITERAL([socklen_t])
733m4trace:configure.ac:1214: -1- AH_OUTPUT([socklen_t], [/* type to use in place of socklen_t if not defined */
734#undef socklen_t]) 768#undef socklen_t])
735m4trace:configure.ac:1216: -1- AC_CHECK_TYPES([sig_atomic_t], [], [], [#include <signal.h>]) 769m4trace:configure.ac:1274: -1- AC_CHECK_TYPES([sig_atomic_t], [], [], [#include <signal.h>])
736m4trace:configure.ac:1216: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SIG_ATOMIC_T]) 770m4trace:configure.ac:1274: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SIG_ATOMIC_T])
737m4trace:configure.ac:1216: -1- AH_OUTPUT([HAVE_SIG_ATOMIC_T], [/* Define to 1 if the system has the type \`sig_atomic_t'. */ 771m4trace:configure.ac:1274: -1- AH_OUTPUT([HAVE_SIG_ATOMIC_T], [/* Define to 1 if the system has the type \`sig_atomic_t'. */
738#undef HAVE_SIG_ATOMIC_T]) 772#undef HAVE_SIG_ATOMIC_T])
739m4trace:configure.ac:1229: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SIZE_T]) 773m4trace:configure.ac:1287: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SIZE_T])
740m4trace:configure.ac:1243: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SSIZE_T]) 774m4trace:configure.ac:1301: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SSIZE_T])
741m4trace:configure.ac:1257: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CLOCK_T]) 775m4trace:configure.ac:1315: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CLOCK_T])
742m4trace:configure.ac:1282: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SA_FAMILY_T]) 776m4trace:configure.ac:1340: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SA_FAMILY_T])
743m4trace:configure.ac:1296: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PID_T]) 777m4trace:configure.ac:1354: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PID_T])
744m4trace:configure.ac:1310: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MODE_T]) 778m4trace:configure.ac:1368: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MODE_T])
745m4trace:configure.ac:1326: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_SOCKADDR_STORAGE]) 779m4trace:configure.ac:1384: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_SOCKADDR_STORAGE])
746m4trace:configure.ac:1341: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_SOCKADDR_IN6]) 780m4trace:configure.ac:1399: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_SOCKADDR_IN6])
747m4trace:configure.ac:1356: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_IN6_ADDR]) 781m4trace:configure.ac:1414: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_IN6_ADDR])
748m4trace:configure.ac:1372: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_ADDRINFO]) 782m4trace:configure.ac:1430: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_ADDRINFO])
749m4trace:configure.ac:1384: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_TIMEVAL]) 783m4trace:configure.ac:1442: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_TIMEVAL])
750m4trace:configure.ac:1421: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SNPRINTF]) 784m4trace:configure.ac:1479: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SNPRINTF])
751m4trace:configure.ac:1423: -1- AC_SUBST([NO_SFTP]) 785m4trace:configure.ac:1481: -1- AC_SUBST([NO_SFTP])
752m4trace:configure.ac:1426: -1- AC_DEFINE_TRACE_LITERAL([HAVE_HOST_IN_UTMP]) 786m4trace:configure.ac:1484: -1- AC_DEFINE_TRACE_LITERAL([HAVE_HOST_IN_UTMP])
753m4trace:configure.ac:1427: -1- AC_DEFINE_TRACE_LITERAL([HAVE_HOST_IN_UTMPX]) 787m4trace:configure.ac:1485: -1- AC_DEFINE_TRACE_LITERAL([HAVE_HOST_IN_UTMPX])
754m4trace:configure.ac:1428: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYSLEN_IN_UTMPX]) 788m4trace:configure.ac:1486: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYSLEN_IN_UTMPX])
755m4trace:configure.ac:1429: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PID_IN_UTMP]) 789m4trace:configure.ac:1487: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PID_IN_UTMP])
756m4trace:configure.ac:1430: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TYPE_IN_UTMP]) 790m4trace:configure.ac:1488: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TYPE_IN_UTMP])
757m4trace:configure.ac:1431: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TYPE_IN_UTMPX]) 791m4trace:configure.ac:1489: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TYPE_IN_UTMPX])
758m4trace:configure.ac:1432: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TV_IN_UTMP]) 792m4trace:configure.ac:1490: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TV_IN_UTMP])
759m4trace:configure.ac:1433: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ID_IN_UTMP]) 793m4trace:configure.ac:1491: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ID_IN_UTMP])
760m4trace:configure.ac:1434: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ID_IN_UTMPX]) 794m4trace:configure.ac:1492: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ID_IN_UTMPX])
761m4trace:configure.ac:1435: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_IN_UTMP]) 795m4trace:configure.ac:1493: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_IN_UTMP])
762m4trace:configure.ac:1436: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_IN_UTMPX]) 796m4trace:configure.ac:1494: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_IN_UTMPX])
763m4trace:configure.ac:1437: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_V6_IN_UTMP]) 797m4trace:configure.ac:1495: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_V6_IN_UTMP])
764m4trace:configure.ac:1438: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_V6_IN_UTMPX]) 798m4trace:configure.ac:1496: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_V6_IN_UTMPX])
765m4trace:configure.ac:1439: -1- AC_DEFINE_TRACE_LITERAL([HAVE_EXIT_IN_UTMP]) 799m4trace:configure.ac:1497: -1- AC_DEFINE_TRACE_LITERAL([HAVE_EXIT_IN_UTMP])
766m4trace:configure.ac:1440: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TIME_IN_UTMP]) 800m4trace:configure.ac:1498: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TIME_IN_UTMP])
767m4trace:configure.ac:1441: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TIME_IN_UTMPX]) 801m4trace:configure.ac:1499: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TIME_IN_UTMPX])
768m4trace:configure.ac:1442: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TV_IN_UTMPX]) 802m4trace:configure.ac:1500: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TV_IN_UTMPX])
769m4trace:configure.ac:1444: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_STAT_ST_BLKSIZE]) 803m4trace:configure.ac:1502: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_STAT_ST_BLKSIZE])
770m4trace:configure.ac:1444: -1- AH_OUTPUT([HAVE_STRUCT_STAT_ST_BLKSIZE], [/* Define to 1 if \`st_blksize' is member of \`struct stat'. */ 804m4trace:configure.ac:1502: -1- AH_OUTPUT([HAVE_STRUCT_STAT_ST_BLKSIZE], [/* Define to 1 if \`st_blksize' is member of \`struct stat'. */
771#undef HAVE_STRUCT_STAT_ST_BLKSIZE]) 805#undef HAVE_STRUCT_STAT_ST_BLKSIZE])
772m4trace:configure.ac:1459: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SS_FAMILY_IN_SS]) 806m4trace:configure.ac:1517: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SS_FAMILY_IN_SS])
773m4trace:configure.ac:1475: -1- AC_DEFINE_TRACE_LITERAL([HAVE___SS_FAMILY_IN_SS]) 807m4trace:configure.ac:1533: -1- AC_DEFINE_TRACE_LITERAL([HAVE___SS_FAMILY_IN_SS])
774m4trace:configure.ac:1490: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_CLASS_IN_PASSWD]) 808m4trace:configure.ac:1548: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_CLASS_IN_PASSWD])
775m4trace:configure.ac:1505: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_EXPIRE_IN_PASSWD]) 809m4trace:configure.ac:1563: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_EXPIRE_IN_PASSWD])
776m4trace:configure.ac:1520: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_CHANGE_IN_PASSWD]) 810m4trace:configure.ac:1578: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_CHANGE_IN_PASSWD])
777m4trace:configure.ac:1545: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ACCRIGHTS_IN_MSGHDR]) 811m4trace:configure.ac:1603: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ACCRIGHTS_IN_MSGHDR])
778m4trace:configure.ac:1569: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CONTROL_IN_MSGHDR]) 812m4trace:configure.ac:1627: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CONTROL_IN_MSGHDR])
779m4trace:configure.ac:1580: -1- AC_DEFINE_TRACE_LITERAL([HAVE___PROGNAME]) 813m4trace:configure.ac:1638: -1- AC_DEFINE_TRACE_LITERAL([HAVE___PROGNAME])
780m4trace:configure.ac:1593: -1- AC_DEFINE_TRACE_LITERAL([HAVE___FUNCTION__]) 814m4trace:configure.ac:1651: -1- AC_DEFINE_TRACE_LITERAL([HAVE___FUNCTION__])
781m4trace:configure.ac:1606: -1- AC_DEFINE_TRACE_LITERAL([HAVE___func__]) 815m4trace:configure.ac:1664: -1- AC_DEFINE_TRACE_LITERAL([HAVE___func__])
782m4trace:configure.ac:1621: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETOPT_OPTRESET]) 816m4trace:configure.ac:1679: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETOPT_OPTRESET])
783m4trace:configure.ac:1632: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYS_ERRLIST]) 817m4trace:configure.ac:1690: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYS_ERRLIST])
784m4trace:configure.ac:1644: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYS_NERR]) 818m4trace:configure.ac:1702: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYS_NERR])
785m4trace:configure.ac:1677: -1- AC_CHECK_HEADERS([sectok.h]) 819m4trace:configure.ac:1735: -1- AC_CHECK_HEADERS([sectok.h])
786m4trace:configure.ac:1677: -1- AH_OUTPUT([HAVE_SECTOK_H], [/* Define to 1 if you have the <sectok.h> header file. */ 820m4trace:configure.ac:1735: -1- AH_OUTPUT([HAVE_SECTOK_H], [/* Define to 1 if you have the <sectok.h> header file. */
787#undef HAVE_SECTOK_H]) 821#undef HAVE_SECTOK_H])
788m4trace:configure.ac:1677: -1- AC_CHECK_LIB([sectok], [sectok_open]) 822m4trace:configure.ac:1735: -1- AC_CHECK_LIB([sectok], [sectok_open])
789m4trace:configure.ac:1677: -1- AH_OUTPUT([HAVE_LIBSECTOK], [/* Define to 1 if you have the \`sectok' library (-lsectok). */ 823m4trace:configure.ac:1735: -1- AH_OUTPUT([HAVE_LIBSECTOK], [/* Define to 1 if you have the \`sectok' library (-lsectok). */
790#undef HAVE_LIBSECTOK]) 824#undef HAVE_LIBSECTOK])
791m4trace:configure.ac:1677: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSECTOK]) 825m4trace:configure.ac:1735: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSECTOK])
792m4trace:configure.ac:1677: -1- AC_DEFINE_TRACE_LITERAL([SMARTCARD]) 826m4trace:configure.ac:1735: -1- AC_DEFINE_TRACE_LITERAL([SMARTCARD])
793m4trace:configure.ac:1677: -1- AC_DEFINE_TRACE_LITERAL([USE_SECTOK]) 827m4trace:configure.ac:1735: -1- AC_DEFINE_TRACE_LITERAL([USE_SECTOK])
794m4trace:configure.ac:1686: -1- AC_SUBST([OPENSC_CONFIG], [$ac_cv_path_OPENSC_CONFIG]) 828m4trace:configure.ac:1744: -1- AC_SUBST([OPENSC_CONFIG], [$ac_cv_path_OPENSC_CONFIG])
795m4trace:configure.ac:1692: -1- AC_DEFINE_TRACE_LITERAL([SMARTCARD]) 829m4trace:configure.ac:1750: -1- AC_DEFINE_TRACE_LITERAL([SMARTCARD])
796m4trace:configure.ac:1693: -1- AC_DEFINE_TRACE_LITERAL([USE_OPENSC]) 830m4trace:configure.ac:1751: -1- AC_DEFINE_TRACE_LITERAL([USE_OPENSC])
797m4trace:configure.ac:1735: -1- AC_DEFINE_TRACE_LITERAL([KRB5]) 831m4trace:configure.ac:1793: -1- AC_DEFINE_TRACE_LITERAL([KRB5])
798m4trace:configure.ac:1735: -1- AC_DEFINE_TRACE_LITERAL([HEIMDAL]) 832m4trace:configure.ac:1793: -1- AC_DEFINE_TRACE_LITERAL([HEIMDAL])
799m4trace:configure.ac:1735: -1- AC_CHECK_LIB([resolv], [dn_expand], [], []) 833m4trace:configure.ac:1793: -1- AC_CHECK_LIB([resolv], [dn_expand], [], [])
800m4trace:configure.ac:1735: -1- AH_OUTPUT([HAVE_LIBRESOLV], [/* Define to 1 if you have the \`resolv' library (-lresolv). */ 834m4trace:configure.ac:1793: -1- AH_OUTPUT([HAVE_LIBRESOLV], [/* Define to 1 if you have the \`resolv' library (-lresolv). */
801#undef HAVE_LIBRESOLV]) 835#undef HAVE_LIBRESOLV])
802m4trace:configure.ac:1735: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBRESOLV]) 836m4trace:configure.ac:1793: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBRESOLV])
803m4trace:configure.ac:1789: -1- AC_CHECK_HEADERS([krb.h]) 837m4trace:configure.ac:1847: -1- AC_CHECK_HEADERS([krb.h])
804m4trace:configure.ac:1789: -1- AH_OUTPUT([HAVE_KRB_H], [/* Define to 1 if you have the <krb.h> header file. */ 838m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_KRB_H], [/* Define to 1 if you have the <krb.h> header file. */
805#undef HAVE_KRB_H]) 839#undef HAVE_KRB_H])
806m4trace:configure.ac:1789: -1- AC_CHECK_LIB([krb], [main]) 840m4trace:configure.ac:1847: -1- AC_CHECK_LIB([krb], [main])
807m4trace:configure.ac:1789: -1- AH_OUTPUT([HAVE_LIBKRB], [/* Define to 1 if you have the \`krb' library (-lkrb). */ 841m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_LIBKRB], [/* Define to 1 if you have the \`krb' library (-lkrb). */
808#undef HAVE_LIBKRB]) 842#undef HAVE_LIBKRB])
809m4trace:configure.ac:1789: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBKRB]) 843m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBKRB])
810m4trace:configure.ac:1789: -1- AC_CHECK_LIB([krb4], [main]) 844m4trace:configure.ac:1847: -1- AC_CHECK_LIB([krb4], [main])
811m4trace:configure.ac:1789: -1- AH_OUTPUT([HAVE_LIBKRB4], [/* Define to 1 if you have the \`krb4' library (-lkrb4). */ 845m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_LIBKRB4], [/* Define to 1 if you have the \`krb4' library (-lkrb4). */
812#undef HAVE_LIBKRB4]) 846#undef HAVE_LIBKRB4])
813m4trace:configure.ac:1789: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBKRB4]) 847m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBKRB4])
814m4trace:configure.ac:1789: -1- AC_CHECK_LIB([des], [des_cbc_encrypt]) 848m4trace:configure.ac:1847: -1- AC_CHECK_LIB([des], [des_cbc_encrypt])
815m4trace:configure.ac:1789: -1- AH_OUTPUT([HAVE_LIBDES], [/* Define to 1 if you have the \`des' library (-ldes). */ 849m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_LIBDES], [/* Define to 1 if you have the \`des' library (-ldes). */
816#undef HAVE_LIBDES]) 850#undef HAVE_LIBDES])
817m4trace:configure.ac:1789: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDES]) 851m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDES])
818m4trace:configure.ac:1789: -1- AC_CHECK_LIB([des425], [des_cbc_encrypt]) 852m4trace:configure.ac:1847: -1- AC_CHECK_LIB([des425], [des_cbc_encrypt])
819m4trace:configure.ac:1789: -1- AH_OUTPUT([HAVE_LIBDES425], [/* Define to 1 if you have the \`des425' library (-ldes425). */ 853m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_LIBDES425], [/* Define to 1 if you have the \`des425' library (-ldes425). */
820#undef HAVE_LIBDES425]) 854#undef HAVE_LIBDES425])
821m4trace:configure.ac:1789: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDES425]) 855m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDES425])
822m4trace:configure.ac:1789: -1- AC_CHECK_LIB([resolv], [dn_expand], [], []) 856m4trace:configure.ac:1847: -1- AC_CHECK_LIB([resolv], [dn_expand], [], [])
823m4trace:configure.ac:1789: -1- AH_OUTPUT([HAVE_LIBRESOLV], [/* Define to 1 if you have the \`resolv' library (-lresolv). */ 857m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_LIBRESOLV], [/* Define to 1 if you have the \`resolv' library (-lresolv). */
824#undef HAVE_LIBRESOLV]) 858#undef HAVE_LIBRESOLV])
825m4trace:configure.ac:1789: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBRESOLV]) 859m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBRESOLV])
826m4trace:configure.ac:1789: -1- AC_DEFINE_TRACE_LITERAL([KRB4]) 860m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([KRB4])
827m4trace:configure.ac:1815: -1- AC_DEFINE_TRACE_LITERAL([AFS]) 861m4trace:configure.ac:1873: -1- AC_DEFINE_TRACE_LITERAL([AFS])
828m4trace:configure.ac:1829: -1- AC_SUBST([PRIVSEP_PATH]) 862m4trace:configure.ac:1887: -1- AC_SUBST([PRIVSEP_PATH])
829m4trace:configure.ac:1844: -1- AC_SUBST([xauth_path], [$ac_cv_path_xauth_path]) 863m4trace:configure.ac:1907: -1- AC_SUBST([xauth_path], [$ac_cv_path_xauth_path])
830m4trace:configure.ac:1848: -1- AC_SUBST([XAUTH_PATH]) 864m4trace:configure.ac:1911: -1- AC_SUBST([XAUTH_PATH])
831m4trace:configure.ac:1850: -1- AC_DEFINE_TRACE_LITERAL([XAUTH_PATH]) 865m4trace:configure.ac:1913: -1- AC_DEFINE_TRACE_LITERAL([XAUTH_PATH])
832m4trace:configure.ac:1852: -1- AC_SUBST([XAUTH_PATH]) 866m4trace:configure.ac:1915: -1- AC_SUBST([XAUTH_PATH])
833m4trace:configure.ac:1858: -1- AC_DEFINE_TRACE_LITERAL([MAIL_DIRECTORY]) 867m4trace:configure.ac:1921: -1- AC_DEFINE_TRACE_LITERAL([MAIL_DIRECTORY])
834m4trace:configure.ac:1868: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DEV_PTMX]) 868m4trace:configure.ac:1931: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DEV_PTMX])
835m4trace:configure.ac:1876: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DEV_PTS_AND_PTC]) 869m4trace:configure.ac:1939: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DEV_PTS_AND_PTC])
836m4trace:configure.ac:1893: -1- AC_SUBST([NROFF], [$ac_cv_path_NROFF]) 870m4trace:configure.ac:1957: -1- AC_SUBST([NROFF], [$ac_cv_path_NROFF])
837m4trace:configure.ac:1902: -1- AC_SUBST([MANTYPE]) 871m4trace:configure.ac:1966: -1- AC_SUBST([MANTYPE])
838m4trace:configure.ac:1908: -1- AC_SUBST([mansubdir]) 872m4trace:configure.ac:1972: -1- AC_SUBST([mansubdir])
839m4trace:configure.ac:1920: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MD5_PASSWORDS]) 873m4trace:configure.ac:1984: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MD5_PASSWORDS])
840m4trace:configure.ac:1931: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) 874m4trace:configure.ac:1995: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW])
841m4trace:configure.ac:1946: -1- AC_DEFINE_TRACE_LITERAL([HAS_SHADOW_EXPIRE]) 875m4trace:configure.ac:2010: -1- AC_DEFINE_TRACE_LITERAL([HAS_SHADOW_EXPIRE])
842m4trace:configure.ac:1955: -1- AC_DEFINE_TRACE_LITERAL([IPADDR_IN_DISPLAY]) 876m4trace:configure.ac:2019: -1- AC_DEFINE_TRACE_LITERAL([IPADDR_IN_DISPLAY])
843m4trace:configure.ac:1966: -1- AC_DEFINE_TRACE_LITERAL([IPADDR_IN_DISPLAY]) 877m4trace:configure.ac:2030: -1- AC_DEFINE_TRACE_LITERAL([IPADDR_IN_DISPLAY])
844m4trace:configure.ac:2043: -1- AC_DEFINE_TRACE_LITERAL([USER_PATH]) 878m4trace:configure.ac:2107: -1- AC_DEFINE_TRACE_LITERAL([USER_PATH])
845m4trace:configure.ac:2044: -1- AC_SUBST([user_path]) 879m4trace:configure.ac:2108: -1- AC_SUBST([user_path])
846m4trace:configure.ac:2056: -1- AC_DEFINE_TRACE_LITERAL([SUPERUSER_PATH]) 880m4trace:configure.ac:2120: -1- AC_DEFINE_TRACE_LITERAL([SUPERUSER_PATH])
847m4trace:configure.ac:2069: -1- AC_DEFINE_TRACE_LITERAL([IPV4_DEFAULT]) 881m4trace:configure.ac:2133: -1- AC_DEFINE_TRACE_LITERAL([IPV4_DEFAULT])
848m4trace:configure.ac:2092: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6]) 882m4trace:configure.ac:2156: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6])
849m4trace:configure.ac:2092: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6]) 883m4trace:configure.ac:2156: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6])
850m4trace:configure.ac:2104: -1- AC_DEFINE_TRACE_LITERAL([BSD_AUTH]) 884m4trace:configure.ac:2168: -1- AC_DEFINE_TRACE_LITERAL([BSD_AUTH])
851m4trace:configure.ac:2128: -1- AC_DEFINE_TRACE_LITERAL([_PATH_SSH_PIDDIR]) 885m4trace:configure.ac:2192: -1- AC_DEFINE_TRACE_LITERAL([_PATH_SSH_PIDDIR])
852m4trace:configure.ac:2129: -1- AC_SUBST([piddir]) 886m4trace:configure.ac:2193: -1- AC_SUBST([piddir])
853m4trace:configure.ac:2135: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG]) 887m4trace:configure.ac:2199: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG])
854m4trace:configure.ac:2139: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) 888m4trace:configure.ac:2203: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
855m4trace:configure.ac:2143: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX]) 889m4trace:configure.ac:2207: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX])
856m4trace:configure.ac:2147: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP]) 890m4trace:configure.ac:2211: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP])
857m4trace:configure.ac:2151: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX]) 891m4trace:configure.ac:2215: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX])
858m4trace:configure.ac:2155: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LOGIN]) 892m4trace:configure.ac:2219: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LOGIN])
859m4trace:configure.ac:2159: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTLINE]) 893m4trace:configure.ac:2223: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTLINE])
860m4trace:configure.ac:2163: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTXLINE]) 894m4trace:configure.ac:2227: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTXLINE])
861m4trace:configure.ac:2173: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG]) 895m4trace:configure.ac:2237: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG])
862m4trace:configure.ac:2235: -1- AC_DEFINE_TRACE_LITERAL([CONF_LASTLOG_FILE]) 896m4trace:configure.ac:2299: -1- AC_DEFINE_TRACE_LITERAL([CONF_LASTLOG_FILE])
863m4trace:configure.ac:2260: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) 897m4trace:configure.ac:2324: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP])
864m4trace:configure.ac:2265: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMP_FILE]) 898m4trace:configure.ac:2329: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMP_FILE])
865m4trace:configure.ac:2290: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP]) 899m4trace:configure.ac:2354: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP])
866m4trace:configure.ac:2295: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMP_FILE]) 900m4trace:configure.ac:2359: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMP_FILE])
867m4trace:configure.ac:2320: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX]) 901m4trace:configure.ac:2384: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX])
868m4trace:configure.ac:2323: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMPX_FILE]) 902m4trace:configure.ac:2387: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMPX_FILE])
869m4trace:configure.ac:2345: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX]) 903m4trace:configure.ac:2409: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX])
870m4trace:configure.ac:2348: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMPX_FILE]) 904m4trace:configure.ac:2412: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMPX_FILE])
871m4trace:configure.ac:2366: -1- AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds]) 905m4trace:configure.ac:2430: -1- AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds])
diff --git a/canohost.c b/canohost.c
index 00c499ca0..a457d3c52 100644
--- a/canohost.c
+++ b/canohost.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: canohost.c,v 1.32 2002/06/11 08:11:45 itojun Exp $"); 15RCSID("$OpenBSD: canohost.c,v 1.34 2002/09/23 20:46:27 stevesk Exp $");
16 16
17#include "packet.h" 17#include "packet.h"
18#include "xmalloc.h" 18#include "xmalloc.h"
@@ -77,7 +77,9 @@ get_remote_hostname(int socket, int verify_reverse_mapping)
77 if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), 77 if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
78 NULL, 0, NI_NAMEREQD) != 0) { 78 NULL, 0, NI_NAMEREQD) != 0) {
79 /* Host name not found. Use ip address. */ 79 /* Host name not found. Use ip address. */
80#if 0
80 log("Could not reverse map address %.100s.", ntop); 81 log("Could not reverse map address %.100s.", ntop);
82#endif
81 return xstrdup(ntop); 83 return xstrdup(ntop);
82 } 84 }
83 85
@@ -216,18 +218,12 @@ get_socket_address(int socket, int remote, int flags)
216 218
217 if (remote) { 219 if (remote) {
218 if (getpeername(socket, (struct sockaddr *)&addr, &addrlen) 220 if (getpeername(socket, (struct sockaddr *)&addr, &addrlen)
219 < 0) { 221 < 0)
220 debug("get_socket_ipaddr: getpeername failed: %.100s",
221 strerror(errno));
222 return NULL; 222 return NULL;
223 }
224 } else { 223 } else {
225 if (getsockname(socket, (struct sockaddr *)&addr, &addrlen) 224 if (getsockname(socket, (struct sockaddr *)&addr, &addrlen)
226 < 0) { 225 < 0)
227 debug("get_socket_ipaddr: getsockname failed: %.100s",
228 strerror(errno));
229 return NULL; 226 return NULL;
230 }
231 } 227 }
232 /* Get the address in ascii. */ 228 /* Get the address in ascii. */
233 if (getnameinfo((struct sockaddr *)&addr, addrlen, ntop, sizeof(ntop), 229 if (getnameinfo((struct sockaddr *)&addr, addrlen, ntop, sizeof(ntop),
@@ -241,13 +237,21 @@ get_socket_address(int socket, int remote, int flags)
241char * 237char *
242get_peer_ipaddr(int socket) 238get_peer_ipaddr(int socket)
243{ 239{
244 return get_socket_address(socket, 1, NI_NUMERICHOST); 240 char *p;
241
242 if ((p = get_socket_address(socket, 1, NI_NUMERICHOST)) != NULL)
243 return p;
244 return xstrdup("UNKNOWN");
245} 245}
246 246
247char * 247char *
248get_local_ipaddr(int socket) 248get_local_ipaddr(int socket)
249{ 249{
250 return get_socket_address(socket, 0, NI_NUMERICHOST); 250 char *p;
251
252 if ((p = get_socket_address(socket, 0, NI_NUMERICHOST)) != NULL)
253 return p;
254 return xstrdup("UNKNOWN");
251} 255}
252 256
253char * 257char *
diff --git a/channels.c b/channels.c
index 29eaee7c4..6ff9e2583 100644
--- a/channels.c
+++ b/channels.c
@@ -39,7 +39,7 @@
39 */ 39 */
40 40
41#include "includes.h" 41#include "includes.h"
42RCSID("$OpenBSD: channels.c,v 1.179 2002/06/26 08:55:02 markus Exp $"); 42RCSID("$OpenBSD: channels.c,v 1.183 2002/09/17 07:47:02 itojun Exp $");
43 43
44#include "ssh.h" 44#include "ssh.h"
45#include "ssh1.h" 45#include "ssh1.h"
@@ -186,6 +186,7 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
186 } else { 186 } else {
187 c->isatty = 0; 187 c->isatty = 0;
188 } 188 }
189 c->wfd_isatty = isatty(c->wfd);
189 190
190 /* enable nonblocking mode */ 191 /* enable nonblocking mode */
191 if (nonblock) { 192 if (nonblock) {
@@ -572,6 +573,7 @@ void
572channel_send_open(int id) 573channel_send_open(int id)
573{ 574{
574 Channel *c = channel_lookup(id); 575 Channel *c = channel_lookup(id);
576
575 if (c == NULL) { 577 if (c == NULL) {
576 log("channel_send_open: %d: bad id", id); 578 log("channel_send_open: %d: bad id", id);
577 return; 579 return;
@@ -589,6 +591,7 @@ void
589channel_request_start(int local_id, char *service, int wantconfirm) 591channel_request_start(int local_id, char *service, int wantconfirm)
590{ 592{
591 Channel *c = channel_lookup(local_id); 593 Channel *c = channel_lookup(local_id);
594
592 if (c == NULL) { 595 if (c == NULL) {
593 log("channel_request_start: %d: unknown channel id", local_id); 596 log("channel_request_start: %d: unknown channel id", local_id);
594 return; 597 return;
@@ -603,6 +606,7 @@ void
603channel_register_confirm(int id, channel_callback_fn *fn) 606channel_register_confirm(int id, channel_callback_fn *fn)
604{ 607{
605 Channel *c = channel_lookup(id); 608 Channel *c = channel_lookup(id);
609
606 if (c == NULL) { 610 if (c == NULL) {
607 log("channel_register_comfirm: %d: bad id", id); 611 log("channel_register_comfirm: %d: bad id", id);
608 return; 612 return;
@@ -613,6 +617,7 @@ void
613channel_register_cleanup(int id, channel_callback_fn *fn) 617channel_register_cleanup(int id, channel_callback_fn *fn)
614{ 618{
615 Channel *c = channel_lookup(id); 619 Channel *c = channel_lookup(id);
620
616 if (c == NULL) { 621 if (c == NULL) {
617 log("channel_register_cleanup: %d: bad id", id); 622 log("channel_register_cleanup: %d: bad id", id);
618 return; 623 return;
@@ -623,6 +628,7 @@ void
623channel_cancel_cleanup(int id) 628channel_cancel_cleanup(int id)
624{ 629{
625 Channel *c = channel_lookup(id); 630 Channel *c = channel_lookup(id);
631
626 if (c == NULL) { 632 if (c == NULL) {
627 log("channel_cancel_cleanup: %d: bad id", id); 633 log("channel_cancel_cleanup: %d: bad id", id);
628 return; 634 return;
@@ -633,6 +639,7 @@ void
633channel_register_filter(int id, channel_filter_fn *fn) 639channel_register_filter(int id, channel_filter_fn *fn)
634{ 640{
635 Channel *c = channel_lookup(id); 641 Channel *c = channel_lookup(id);
642
636 if (c == NULL) { 643 if (c == NULL) {
637 log("channel_register_filter: %d: bad id", id); 644 log("channel_register_filter: %d: bad id", id);
638 return; 645 return;
@@ -645,6 +652,7 @@ channel_set_fds(int id, int rfd, int wfd, int efd,
645 int extusage, int nonblock, u_int window_max) 652 int extusage, int nonblock, u_int window_max)
646{ 653{
647 Channel *c = channel_lookup(id); 654 Channel *c = channel_lookup(id);
655
648 if (c == NULL || c->type != SSH_CHANNEL_LARVAL) 656 if (c == NULL || c->type != SSH_CHANNEL_LARVAL)
649 fatal("channel_activate for non-larval channel %d.", id); 657 fatal("channel_activate for non-larval channel %d.", id);
650 channel_register_fds(c, rfd, wfd, efd, extusage, nonblock); 658 channel_register_fds(c, rfd, wfd, efd, extusage, nonblock);
@@ -815,6 +823,7 @@ static void
815channel_pre_x11_open_13(Channel *c, fd_set * readset, fd_set * writeset) 823channel_pre_x11_open_13(Channel *c, fd_set * readset, fd_set * writeset)
816{ 824{
817 int ret = x11_open_helper(&c->output); 825 int ret = x11_open_helper(&c->output);
826
818 if (ret == 1) { 827 if (ret == 1) {
819 /* Start normal processing for the channel. */ 828 /* Start normal processing for the channel. */
820 c->type = SSH_CHANNEL_OPEN; 829 c->type = SSH_CHANNEL_OPEN;
@@ -866,7 +875,7 @@ channel_pre_x11_open(Channel *c, fd_set * readset, fd_set * writeset)
866static int 875static int
867channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset) 876channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset)
868{ 877{
869 u_char *p, *host; 878 char *p, *host;
870 int len, have, i, found; 879 int len, have, i, found;
871 char username[256]; 880 char username[256];
872 struct { 881 struct {
@@ -1278,6 +1287,11 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
1278 buffer_len(&c->output) > 0) { 1287 buffer_len(&c->output) > 0) {
1279 data = buffer_ptr(&c->output); 1288 data = buffer_ptr(&c->output);
1280 dlen = buffer_len(&c->output); 1289 dlen = buffer_len(&c->output);
1290#ifdef _AIX
1291 /* XXX: Later AIX versions can't push as much data to tty */
1292 if (compat20 && c->wfd_isatty && dlen > 8*1024)
1293 dlen = 8*1024;
1294#endif
1281 len = write(c->wfd, data, dlen); 1295 len = write(c->wfd, data, dlen);
1282 if (len < 0 && (errno == EINTR || errno == EAGAIN)) 1296 if (len < 0 && (errno == EINTR || errno == EAGAIN))
1283 return 1; 1297 return 1;
@@ -1395,6 +1409,7 @@ static void
1395channel_post_output_drain_13(Channel *c, fd_set * readset, fd_set * writeset) 1409channel_post_output_drain_13(Channel *c, fd_set * readset, fd_set * writeset)
1396{ 1410{
1397 int len; 1411 int len;
1412
1398 /* Send buffered output data to the socket. */ 1413 /* Send buffered output data to the socket. */
1399 if (FD_ISSET(c->sock, writeset) && buffer_len(&c->output) > 0) { 1414 if (FD_ISSET(c->sock, writeset) && buffer_len(&c->output) > 0) {
1400 len = write(c->sock, buffer_ptr(&c->output), 1415 len = write(c->sock, buffer_ptr(&c->output),
@@ -1472,6 +1487,7 @@ static void
1472channel_handler_init(void) 1487channel_handler_init(void)
1473{ 1488{
1474 int i; 1489 int i;
1490
1475 for (i = 0; i < SSH_CHANNEL_MAX_TYPE; i++) { 1491 for (i = 0; i < SSH_CHANNEL_MAX_TYPE; i++) {
1476 channel_pre[i] = NULL; 1492 channel_pre[i] = NULL;
1477 channel_post[i] = NULL; 1493 channel_post[i] = NULL;
@@ -2006,7 +2022,6 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por
2006 struct addrinfo hints, *ai, *aitop; 2022 struct addrinfo hints, *ai, *aitop;
2007 const char *host; 2023 const char *host;
2008 char ntop[NI_MAXHOST], strport[NI_MAXSERV]; 2024 char ntop[NI_MAXHOST], strport[NI_MAXSERV];
2009 struct linger linger;
2010 2025
2011 success = 0; 2026 success = 0;
2012 host = (type == SSH_CHANNEL_RPORT_LISTENER) ? 2027 host = (type == SSH_CHANNEL_RPORT_LISTENER) ?
@@ -2049,13 +2064,13 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por
2049 continue; 2064 continue;
2050 } 2065 }
2051 /* 2066 /*
2052 * Set socket options. We would like the socket to disappear 2067 * Set socket options.
2053 * as soon as it has been closed for whatever reason. 2068 * Allow local port reuse in TIME_WAIT.
2054 */ 2069 */
2055 setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)); 2070 if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on,
2056 linger.l_onoff = 1; 2071 sizeof(on)) == -1)
2057 linger.l_linger = 5; 2072 error("setsockopt SO_REUSEADDR: %s", strerror(errno));
2058 setsockopt(sock, SOL_SOCKET, SO_LINGER, &linger, sizeof(linger)); 2073
2059 debug("Local forwarding listening on %s port %s.", ntop, strport); 2074 debug("Local forwarding listening on %s port %s.", ntop, strport);
2060 2075
2061 /* Bind the socket to the address. */ 2076 /* Bind the socket to the address. */
@@ -2605,6 +2620,7 @@ void
2605deny_input_open(int type, u_int32_t seq, void *ctxt) 2620deny_input_open(int type, u_int32_t seq, void *ctxt)
2606{ 2621{
2607 int rchan = packet_get_int(); 2622 int rchan = packet_get_int();
2623
2608 switch (type) { 2624 switch (type) {
2609 case SSH_SMSG_AGENT_OPEN: 2625 case SSH_SMSG_AGENT_OPEN:
2610 error("Warning: ssh server tried agent forwarding."); 2626 error("Warning: ssh server tried agent forwarding.");
diff --git a/channels.h b/channels.h
index dd54114d6..bd2e92589 100644
--- a/channels.h
+++ b/channels.h
@@ -77,6 +77,7 @@ struct Channel {
77 int efd; /* extended fd */ 77 int efd; /* extended fd */
78 int sock; /* sock fd */ 78 int sock; /* sock fd */
79 int isatty; /* rfd is a tty */ 79 int isatty; /* rfd is a tty */
80 int wfd_isatty; /* wfd is a tty */
80 int force_drain; /* force close on iEOF */ 81 int force_drain; /* force close on iEOF */
81 int delayed; /* fdset hack */ 82 int delayed; /* fdset hack */
82 Buffer input; /* data read from socket, to be sent over 83 Buffer input; /* data read from socket, to be sent over
diff --git a/cipher.c b/cipher.c
index 6db340d7a..1933d3eab 100644
--- a/cipher.c
+++ b/cipher.c
@@ -35,7 +35,7 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: cipher.c,v 1.60 2002/06/23 03:26:52 deraadt Exp $"); 38RCSID("$OpenBSD: cipher.c,v 1.61 2002/07/12 15:50:17 markus Exp $");
39 39
40#include "xmalloc.h" 40#include "xmalloc.h"
41#include "log.h" 41#include "log.h"
@@ -437,6 +437,18 @@ swap_bytes(const u_char *src, u_char *dst, int n)
437 } 437 }
438} 438}
439 439
440#ifdef SSH_OLD_EVP
441static void bf_ssh1_init (EVP_CIPHER_CTX * ctx, const unsigned char *key,
442 const unsigned char *iv, int enc)
443{
444 if (iv != NULL)
445 memcpy (&(ctx->oiv[0]), iv, 8);
446 memcpy (&(ctx->iv[0]), &(ctx->oiv[0]), 8);
447 if (key != NULL)
448 BF_set_key (&(ctx->c.bf_ks), EVP_CIPHER_CTX_key_length (ctx),
449 key);
450}
451#endif
440static int (*orig_bf)(EVP_CIPHER_CTX *, u_char *, const u_char *, u_int) = NULL; 452static int (*orig_bf)(EVP_CIPHER_CTX *, u_char *, const u_char *, u_int) = NULL;
441 453
442static int 454static int
@@ -458,6 +470,9 @@ evp_ssh1_bf(void)
458 memcpy(&ssh1_bf, EVP_bf_cbc(), sizeof(EVP_CIPHER)); 470 memcpy(&ssh1_bf, EVP_bf_cbc(), sizeof(EVP_CIPHER));
459 orig_bf = ssh1_bf.do_cipher; 471 orig_bf = ssh1_bf.do_cipher;
460 ssh1_bf.nid = NID_undef; 472 ssh1_bf.nid = NID_undef;
473#ifdef SSH_OLD_EVP
474 ssh1_bf.init = bf_ssh1_init;
475#endif
461 ssh1_bf.do_cipher = bf_ssh1_cipher; 476 ssh1_bf.do_cipher = bf_ssh1_cipher;
462 ssh1_bf.key_len = 32; 477 ssh1_bf.key_len = 32;
463 return (&ssh1_bf); 478 return (&ssh1_bf);
@@ -567,7 +582,7 @@ evp_rijndael(void)
567 rijndal_cbc.do_cipher = ssh_rijndael_cbc; 582 rijndal_cbc.do_cipher = ssh_rijndael_cbc;
568#ifndef SSH_OLD_EVP 583#ifndef SSH_OLD_EVP
569 rijndal_cbc.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | 584 rijndal_cbc.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
570 EVP_CIPH_ALWAYS_CALL_INIT; 585 EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
571#endif 586#endif
572 return (&rijndal_cbc); 587 return (&rijndal_cbc);
573} 588}
diff --git a/clientloop.c b/clientloop.c
index 6d19b4a25..8b1976171 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -59,7 +59,7 @@
59 */ 59 */
60 60
61#include "includes.h" 61#include "includes.h"
62RCSID("$OpenBSD: clientloop.c,v 1.102 2002/06/24 14:33:27 markus Exp $"); 62RCSID("$OpenBSD: clientloop.c,v 1.104 2002/08/22 19:38:42 stevesk Exp $");
63 63
64#include "ssh.h" 64#include "ssh.h"
65#include "ssh1.h" 65#include "ssh1.h"
@@ -654,16 +654,18 @@ process_escapes(Buffer *bin, Buffer *bout, Buffer *berr, char *buf, int len)
654 snprintf(string, sizeof string, 654 snprintf(string, sizeof string,
655"%c?\r\n\ 655"%c?\r\n\
656Supported escape sequences:\r\n\ 656Supported escape sequences:\r\n\
657~. - terminate connection\r\n\ 657%c. - terminate connection\r\n\
658~C - open a command line\r\n\ 658%cC - open a command line\r\n\
659~R - Request rekey (SSH protocol 2 only)\r\n\ 659%cR - Request rekey (SSH protocol 2 only)\r\n\
660~^Z - suspend ssh\r\n\ 660%c^Z - suspend ssh\r\n\
661~# - list forwarded connections\r\n\ 661%c# - list forwarded connections\r\n\
662~& - background ssh (when waiting for connections to terminate)\r\n\ 662%c& - background ssh (when waiting for connections to terminate)\r\n\
663~? - this message\r\n\ 663%c? - this message\r\n\
664~~ - send the escape character by typing it twice\r\n\ 664%c%c - send the escape character by typing it twice\r\n\
665(Note that escapes are only recognized immediately after newline.)\r\n", 665(Note that escapes are only recognized immediately after newline.)\r\n",
666 escape_char); 666 escape_char, escape_char, escape_char, escape_char,
667 escape_char, escape_char, escape_char, escape_char,
668 escape_char, escape_char);
667 buffer_append(berr, string, strlen(string)); 669 buffer_append(berr, string, strlen(string));
668 continue; 670 continue;
669 671
@@ -1149,7 +1151,7 @@ client_input_exit_status(int type, u_int32_t seq, void *ctxt)
1149static Channel * 1151static Channel *
1150client_request_forwarded_tcpip(const char *request_type, int rchan) 1152client_request_forwarded_tcpip(const char *request_type, int rchan)
1151{ 1153{
1152 Channel* c = NULL; 1154 Channel *c = NULL;
1153 char *listen_address, *originator_address; 1155 char *listen_address, *originator_address;
1154 int listen_port, originator_port; 1156 int listen_port, originator_port;
1155 int sock; 1157 int sock;
@@ -1179,7 +1181,7 @@ client_request_forwarded_tcpip(const char *request_type, int rchan)
1179 return c; 1181 return c;
1180} 1182}
1181 1183
1182static Channel* 1184static Channel *
1183client_request_x11(const char *request_type, int rchan) 1185client_request_x11(const char *request_type, int rchan)
1184{ 1186{
1185 Channel *c = NULL; 1187 Channel *c = NULL;
@@ -1215,7 +1217,7 @@ client_request_x11(const char *request_type, int rchan)
1215 return c; 1217 return c;
1216} 1218}
1217 1219
1218static Channel* 1220static Channel *
1219client_request_agent(const char *request_type, int rchan) 1221client_request_agent(const char *request_type, int rchan)
1220{ 1222{
1221 Channel *c = NULL; 1223 Channel *c = NULL;
diff --git a/compat.c b/compat.c
index 406b47c25..757b0e679 100644
--- a/compat.c
+++ b/compat.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: compat.c,v 1.63 2002/04/10 08:21:47 markus Exp $"); 26RCSID("$OpenBSD: compat.c,v 1.65 2002/09/27 10:42:09 mickey Exp $");
27 27
28#include "buffer.h" 28#include "buffer.h"
29#include "packet.h" 29#include "packet.h"
@@ -39,13 +39,13 @@ int datafellows = 0;
39void 39void
40enable_compat20(void) 40enable_compat20(void)
41{ 41{
42 verbose("Enabling compatibility mode for protocol 2.0"); 42 debug("Enabling compatibility mode for protocol 2.0");
43 compat20 = 1; 43 compat20 = 1;
44} 44}
45void 45void
46enable_compat13(void) 46enable_compat13(void)
47{ 47{
48 verbose("Enabling compatibility mode for protocol 1.3"); 48 debug("Enabling compatibility mode for protocol 1.3");
49 compat13 = 1; 49 compat13 = 1;
50} 50}
51/* datafellows bug compatibility */ 51/* datafellows bug compatibility */
@@ -146,6 +146,8 @@ compat_datafellows(const char *version)
146 "OSU_1.5alpha3*", SSH_BUG_PASSWORDPAD }, 146 "OSU_1.5alpha3*", SSH_BUG_PASSWORDPAD },
147 { "*SSH_Version_Mapper*", 147 { "*SSH_Version_Mapper*",
148 SSH_BUG_SCANNER }, 148 SSH_BUG_SCANNER },
149 { "Probe-*",
150 SSH_BUG_PROBE },
149 { NULL, 0 } 151 { NULL, 0 }
150 }; 152 };
151 153
diff --git a/compat.h b/compat.h
index 7afca0460..9299805af 100644
--- a/compat.h
+++ b/compat.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: compat.h,v 1.32 2002/04/10 08:21:47 markus Exp $ */ 1/* $OpenBSD: compat.h,v 1.33 2002/09/27 10:42:09 mickey Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved.
@@ -54,6 +54,7 @@
54#define SSH_BUG_DUMMYCHAN 0x00100000 54#define SSH_BUG_DUMMYCHAN 0x00100000
55#define SSH_BUG_EXTEOF 0x00200000 55#define SSH_BUG_EXTEOF 0x00200000
56#define SSH_BUG_K5USER 0x00400000 56#define SSH_BUG_K5USER 0x00400000
57#define SSH_BUG_PROBE 0x00800000
57 58
58void enable_compat13(void); 59void enable_compat13(void);
59void enable_compat20(void); 60void enable_compat20(void);
diff --git a/config.guess b/config.guess
index 83c544d97..fd30ab031 100755
--- a/config.guess
+++ b/config.guess
@@ -3,7 +3,7 @@
3# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 3# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
4# 2000, 2001, 2002 Free Software Foundation, Inc. 4# 2000, 2001, 2002 Free Software Foundation, Inc.
5 5
6timestamp='2002-01-30' 6timestamp='2002-07-23'
7 7
8# This file is free software; you can redistribute it and/or modify it 8# This file is free software; you can redistribute it and/or modify it
9# under the terms of the GNU General Public License as published by 9# under the terms of the GNU General Public License as published by
@@ -88,30 +88,40 @@ if test $# != 0; then
88 exit 1 88 exit 1
89fi 89fi
90 90
91trap 'exit 1' 1 2 15
91 92
92dummy=dummy-$$ 93# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
93trap 'rm -f $dummy.c $dummy.o $dummy.rel $dummy; exit 1' 1 2 15 94# compiler to aid in system detection is discouraged as it requires
95# temporary files to be created and, as you can see below, it is a
96# headache to deal with in a portable fashion.
94 97
95# CC_FOR_BUILD -- compiler used by this script.
96# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still 98# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
97# use `HOST_CC' if defined, but it is deprecated. 99# use `HOST_CC' if defined, but it is deprecated.
98 100
99set_cc_for_build='case $CC_FOR_BUILD,$HOST_CC,$CC in 101# This shell variable is my proudest work .. or something. --bje
100 ,,) echo "int dummy(){}" > $dummy.c ; 102
101 for c in cc gcc c89 ; do 103set_cc_for_build='tmpdir=${TMPDIR-/tmp}/config-guess-$$ ;
102 ($c $dummy.c -c -o $dummy.o) >/dev/null 2>&1 ; 104(old=`umask` && umask 077 && mkdir $tmpdir && umask $old && unset old)
103 if test $? = 0 ; then 105 || (echo "$me: cannot create $tmpdir" >&2 && exit 1) ;
106dummy=$tmpdir/dummy ;
107files="$dummy.c $dummy.o $dummy.rel $dummy" ;
108trap '"'"'rm -f $files; rmdir $tmpdir; exit 1'"'"' 1 2 15 ;
109case $CC_FOR_BUILD,$HOST_CC,$CC in
110 ,,) echo "int x;" > $dummy.c ;
111 for c in cc gcc c89 c99 ; do
112 if ($c $dummy.c -c -o $dummy.o) >/dev/null 2>&1 ; then
104 CC_FOR_BUILD="$c"; break ; 113 CC_FOR_BUILD="$c"; break ;
105 fi ; 114 fi ;
106 done ; 115 done ;
107 rm -f $dummy.c $dummy.o $dummy.rel ; 116 rm -f $files ;
108 if test x"$CC_FOR_BUILD" = x ; then 117 if test x"$CC_FOR_BUILD" = x ; then
109 CC_FOR_BUILD=no_compiler_found ; 118 CC_FOR_BUILD=no_compiler_found ;
110 fi 119 fi
111 ;; 120 ;;
112 ,,*) CC_FOR_BUILD=$CC ;; 121 ,,*) CC_FOR_BUILD=$CC ;;
113 ,*,*) CC_FOR_BUILD=$HOST_CC ;; 122 ,*,*) CC_FOR_BUILD=$HOST_CC ;;
114esac' 123esac ;
124unset files'
115 125
116# This is needed to find uname on a Pyramid OSx when run in the BSD universe. 126# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
117# (ghazi@noc.rutgers.edu 1994-08-24) 127# (ghazi@noc.rutgers.edu 1994-08-24)
@@ -138,9 +148,11 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
138 # 148 #
139 # Note: NetBSD doesn't particularly care about the vendor 149 # Note: NetBSD doesn't particularly care about the vendor
140 # portion of the name. We always set it to "unknown". 150 # portion of the name. We always set it to "unknown".
141 UNAME_MACHINE_ARCH=`(uname -p) 2>/dev/null` || \ 151 sysctl="sysctl -n hw.machine_arch"
142 UNAME_MACHINE_ARCH=unknown 152 UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
153 /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
143 case "${UNAME_MACHINE_ARCH}" in 154 case "${UNAME_MACHINE_ARCH}" in
155 armeb) machine=armeb-unknown ;;
144 arm*) machine=arm-unknown ;; 156 arm*) machine=arm-unknown ;;
145 sh3el) machine=shl-unknown ;; 157 sh3el) machine=shl-unknown ;;
146 sh3eb) machine=sh-unknown ;; 158 sh3eb) machine=sh-unknown ;;
@@ -219,6 +231,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
219 # A Tn.n version is a released field test version. 231 # A Tn.n version is a released field test version.
220 # A Xn.n version is an unreleased experimental baselevel. 232 # A Xn.n version is an unreleased experimental baselevel.
221 # 1.2 uses "1.2" for uname -r. 233 # 1.2 uses "1.2" for uname -r.
234 eval $set_cc_for_build
222 cat <<EOF >$dummy.s 235 cat <<EOF >$dummy.s
223 .data 236 .data
224\$Lformat: 237\$Lformat:
@@ -244,10 +257,9 @@ main:
244 jsr \$26,exit 257 jsr \$26,exit
245 .end main 258 .end main
246EOF 259EOF
247 eval $set_cc_for_build
248 $CC_FOR_BUILD $dummy.s -o $dummy 2>/dev/null 260 $CC_FOR_BUILD $dummy.s -o $dummy 2>/dev/null
249 if test "$?" = 0 ; then 261 if test "$?" = 0 ; then
250 case `./$dummy` in 262 case `$dummy` in
251 0-0) 263 0-0)
252 UNAME_MACHINE="alpha" 264 UNAME_MACHINE="alpha"
253 ;; 265 ;;
@@ -269,9 +281,12 @@ EOF
269 2-1307) 281 2-1307)
270 UNAME_MACHINE="alphaev68" 282 UNAME_MACHINE="alphaev68"
271 ;; 283 ;;
284 3-1307)
285 UNAME_MACHINE="alphaev7"
286 ;;
272 esac 287 esac
273 fi 288 fi
274 rm -f $dummy.s $dummy 289 rm -f $dummy.s $dummy && rmdir $tmpdir
275 echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` 290 echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
276 exit 0 ;; 291 exit 0 ;;
277 Alpha\ *:Windows_NT*:*) 292 Alpha\ *:Windows_NT*:*)
@@ -312,6 +327,10 @@ EOF
312 NILE*:*:*:dcosx) 327 NILE*:*:*:dcosx)
313 echo pyramid-pyramid-svr4 328 echo pyramid-pyramid-svr4
314 exit 0 ;; 329 exit 0 ;;
330 DRS?6000:UNIX_SV:4.2*:7*)
331 case `/usr/bin/uname -p` in
332 sparc) echo sparc-icl-nx7 && exit 0 ;;
333 esac ;;
315 sun4H:SunOS:5.*:*) 334 sun4H:SunOS:5.*:*)
316 echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` 335 echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
317 exit 0 ;; 336 exit 0 ;;
@@ -340,7 +359,7 @@ EOF
340 echo m68k-sun-sunos${UNAME_RELEASE} 359 echo m68k-sun-sunos${UNAME_RELEASE}
341 exit 0 ;; 360 exit 0 ;;
342 sun*:*:4.2BSD:*) 361 sun*:*:4.2BSD:*)
343 UNAME_RELEASE=`(head -1 /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` 362 UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
344 test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 363 test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
345 case "`/bin/arch`" in 364 case "`/bin/arch`" in
346 sun3) 365 sun3)
@@ -419,14 +438,17 @@ EOF
419 } 438 }
420EOF 439EOF
421 $CC_FOR_BUILD $dummy.c -o $dummy \ 440 $CC_FOR_BUILD $dummy.c -o $dummy \
422 && ./$dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ 441 && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
423 && rm -f $dummy.c $dummy && exit 0 442 && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
424 rm -f $dummy.c $dummy 443 rm -f $dummy.c $dummy && rmdir $tmpdir
425 echo mips-mips-riscos${UNAME_RELEASE} 444 echo mips-mips-riscos${UNAME_RELEASE}
426 exit 0 ;; 445 exit 0 ;;
427 Motorola:PowerMAX_OS:*:*) 446 Motorola:PowerMAX_OS:*:*)
428 echo powerpc-motorola-powermax 447 echo powerpc-motorola-powermax
429 exit 0 ;; 448 exit 0 ;;
449 Night_Hawk:*:*:PowerMAX_OS)
450 echo powerpc-harris-powermax
451 exit 0 ;;
430 Night_Hawk:Power_UNIX:*:*) 452 Night_Hawk:Power_UNIX:*:*)
431 echo powerpc-harris-powerunix 453 echo powerpc-harris-powerunix
432 exit 0 ;; 454 exit 0 ;;
@@ -499,8 +521,8 @@ EOF
499 exit(0); 521 exit(0);
500 } 522 }
501EOF 523EOF
502 $CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm -f $dummy.c $dummy && exit 0 524 $CC_FOR_BUILD $dummy.c -o $dummy && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
503 rm -f $dummy.c $dummy 525 rm -f $dummy.c $dummy && rmdir $tmpdir
504 echo rs6000-ibm-aix3.2.5 526 echo rs6000-ibm-aix3.2.5
505 elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then 527 elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
506 echo rs6000-ibm-aix3.2.4 528 echo rs6000-ibm-aix3.2.4
@@ -509,7 +531,7 @@ EOF
509 fi 531 fi
510 exit 0 ;; 532 exit 0 ;;
511 *:AIX:*:[45]) 533 *:AIX:*:[45])
512 IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | head -1 | awk '{ print $1 }'` 534 IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
513 if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then 535 if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
514 IBM_ARCH=rs6000 536 IBM_ARCH=rs6000
515 else 537 else
@@ -598,9 +620,9 @@ EOF
598 exit (0); 620 exit (0);
599 } 621 }
600EOF 622EOF
601 (CCOPTS= $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null) && HP_ARCH=`./$dummy` 623 (CCOPTS= $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null) && HP_ARCH=`$dummy`
602 if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi 624 if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi
603 rm -f $dummy.c $dummy 625 rm -f $dummy.c $dummy && rmdir $tmpdir
604 fi ;; 626 fi ;;
605 esac 627 esac
606 echo ${HP_ARCH}-hp-hpux${HPUX_REV} 628 echo ${HP_ARCH}-hp-hpux${HPUX_REV}
@@ -636,8 +658,8 @@ EOF
636 exit (0); 658 exit (0);
637 } 659 }
638EOF 660EOF
639 $CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm -f $dummy.c $dummy && exit 0 661 $CC_FOR_BUILD $dummy.c -o $dummy && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
640 rm -f $dummy.c $dummy 662 rm -f $dummy.c $dummy && rmdir $tmpdir
641 echo unknown-hitachi-hiuxwe2 663 echo unknown-hitachi-hiuxwe2
642 exit 0 ;; 664 exit 0 ;;
643 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) 665 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
@@ -683,9 +705,6 @@ EOF
683 C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) 705 C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
684 echo c4-convex-bsd 706 echo c4-convex-bsd
685 exit 0 ;; 707 exit 0 ;;
686 CRAY*X-MP:*:*:*)
687 echo xmp-cray-unicos
688 exit 0 ;;
689 CRAY*Y-MP:*:*:*) 708 CRAY*Y-MP:*:*:*)
690 echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' 709 echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
691 exit 0 ;; 710 exit 0 ;;
@@ -707,9 +726,6 @@ EOF
707 CRAY*SV1:*:*:*) 726 CRAY*SV1:*:*:*)
708 echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' 727 echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
709 exit 0 ;; 728 exit 0 ;;
710 CRAY-2:*:*:*)
711 echo cray2-cray-unicos
712 exit 0 ;;
713 F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) 729 F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
714 FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` 730 FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
715 FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` 731 FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
@@ -726,7 +742,19 @@ EOF
726 echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} 742 echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
727 exit 0 ;; 743 exit 0 ;;
728 *:FreeBSD:*:*) 744 *:FreeBSD:*:*)
729 echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` 745 # Determine whether the default compiler uses glibc.
746 eval $set_cc_for_build
747 sed 's/^ //' << EOF >$dummy.c
748 #include <features.h>
749 #if __GLIBC__ >= 2
750 LIBC=gnu
751 #else
752 LIBC=
753 #endif
754EOF
755 eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
756 rm -f $dummy.c && rmdir $tmpdir
757 echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC}
730 exit 0 ;; 758 exit 0 ;;
731 i*:CYGWIN*:*) 759 i*:CYGWIN*:*)
732 echo ${UNAME_MACHINE}-pc-cygwin 760 echo ${UNAME_MACHINE}-pc-cygwin
@@ -765,7 +793,7 @@ EOF
765 echo ${UNAME_MACHINE}-unknown-linux-gnu 793 echo ${UNAME_MACHINE}-unknown-linux-gnu
766 exit 0 ;; 794 exit 0 ;;
767 ia64:Linux:*:*) 795 ia64:Linux:*:*)
768 echo ${UNAME_MACHINE}-unknown-linux 796 echo ${UNAME_MACHINE}-unknown-linux-gnu
769 exit 0 ;; 797 exit 0 ;;
770 m68*:Linux:*:*) 798 m68*:Linux:*:*)
771 echo ${UNAME_MACHINE}-unknown-linux-gnu 799 echo ${UNAME_MACHINE}-unknown-linux-gnu
@@ -776,18 +804,18 @@ EOF
776 #undef CPU 804 #undef CPU
777 #undef mips 805 #undef mips
778 #undef mipsel 806 #undef mipsel
779 #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) 807 #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
780 CPU=mipsel 808 CPU=mipsel
781 #else 809 #else
782 #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) 810 #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
783 CPU=mips 811 CPU=mips
784 #else 812 #else
785 CPU= 813 CPU=
786 #endif 814 #endif
787 #endif 815 #endif
788EOF 816EOF
789 eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` 817 eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
790 rm -f $dummy.c 818 rm -f $dummy.c && rmdir $tmpdir
791 test x"${CPU}" != x && echo "${CPU}-pc-linux-gnu" && exit 0 819 test x"${CPU}" != x && echo "${CPU}-pc-linux-gnu" && exit 0
792 ;; 820 ;;
793 ppc:Linux:*:*) 821 ppc:Linux:*:*)
@@ -837,9 +865,8 @@ EOF
837 # The BFD linker knows what the default object file format is, so 865 # The BFD linker knows what the default object file format is, so
838 # first see if it will tell us. cd to the root directory to prevent 866 # first see if it will tell us. cd to the root directory to prevent
839 # problems with other programs or directories called `ld' in the path. 867 # problems with other programs or directories called `ld' in the path.
840 # Export LANG=C to prevent ld from outputting information in other 868 # Set LC_ALL=C to ensure ld outputs messages in English.
841 # languages. 869 ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
842 ld_supported_targets=`LANG=C; export LANG; cd /; ld --help 2>&1 \
843 | sed -ne '/supported targets:/!d 870 | sed -ne '/supported targets:/!d
844 s/[ ][ ]*/ /g 871 s/[ ][ ]*/ /g
845 s/.*supported targets: *// 872 s/.*supported targets: *//
@@ -851,7 +878,7 @@ EOF
851 ;; 878 ;;
852 a.out-i386-linux) 879 a.out-i386-linux)
853 echo "${UNAME_MACHINE}-pc-linux-gnuaout" 880 echo "${UNAME_MACHINE}-pc-linux-gnuaout"
854 exit 0 ;; 881 exit 0 ;;
855 coff-i386) 882 coff-i386)
856 echo "${UNAME_MACHINE}-pc-linux-gnucoff" 883 echo "${UNAME_MACHINE}-pc-linux-gnucoff"
857 exit 0 ;; 884 exit 0 ;;
@@ -884,7 +911,7 @@ EOF
884 #endif 911 #endif
885EOF 912EOF
886 eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` 913 eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
887 rm -f $dummy.c 914 rm -f $dummy.c && rmdir $tmpdir
888 test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0 915 test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0
889 test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0 916 test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0
890 ;; 917 ;;
@@ -923,13 +950,13 @@ EOF
923 UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name` 950 UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
924 echo ${UNAME_MACHINE}-pc-isc$UNAME_REL 951 echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
925 elif /bin/uname -X 2>/dev/null >/dev/null ; then 952 elif /bin/uname -X 2>/dev/null >/dev/null ; then
926 UNAME_REL=`(/bin/uname -X|egrep Release|sed -e 's/.*= //')` 953 UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
927 (/bin/uname -X|egrep i80486 >/dev/null) && UNAME_MACHINE=i486 954 (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
928 (/bin/uname -X|egrep '^Machine.*Pentium' >/dev/null) \ 955 (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
929 && UNAME_MACHINE=i586 956 && UNAME_MACHINE=i586
930 (/bin/uname -X|egrep '^Machine.*Pent ?II' >/dev/null) \ 957 (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
931 && UNAME_MACHINE=i686 958 && UNAME_MACHINE=i686
932 (/bin/uname -X|egrep '^Machine.*Pentium Pro' >/dev/null) \ 959 (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
933 && UNAME_MACHINE=i686 960 && UNAME_MACHINE=i686
934 echo ${UNAME_MACHINE}-pc-sco$UNAME_REL 961 echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
935 else 962 else
@@ -964,7 +991,7 @@ EOF
964 exit 0 ;; 991 exit 0 ;;
965 M68*:*:R3V[567]*:*) 992 M68*:*:R3V[567]*:*)
966 test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; 993 test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;;
967 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0) 994 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0)
968 OS_REL='' 995 OS_REL=''
969 test -r /etc/.relid \ 996 test -r /etc/.relid \
970 && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` 997 && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
@@ -1065,12 +1092,12 @@ EOF
1065 echo `uname -p`-apple-darwin${UNAME_RELEASE} 1092 echo `uname -p`-apple-darwin${UNAME_RELEASE}
1066 exit 0 ;; 1093 exit 0 ;;
1067 *:procnto*:*:* | *:QNX:[0123456789]*:*) 1094 *:procnto*:*:* | *:QNX:[0123456789]*:*)
1068 if test "${UNAME_MACHINE}" = "x86pc"; then 1095 UNAME_PROCESSOR=`uname -p`
1096 if test "$UNAME_PROCESSOR" = "x86"; then
1097 UNAME_PROCESSOR=i386
1069 UNAME_MACHINE=pc 1098 UNAME_MACHINE=pc
1070 echo i386-${UNAME_MACHINE}-nto-qnx
1071 else
1072 echo `uname -p`-${UNAME_MACHINE}-nto-qnx
1073 fi 1099 fi
1100 echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
1074 exit 0 ;; 1101 exit 0 ;;
1075 *:QNX:*:4*) 1102 *:QNX:*:4*)
1076 echo i386-pc-qnx 1103 echo i386-pc-qnx
@@ -1247,8 +1274,8 @@ main ()
1247} 1274}
1248EOF 1275EOF
1249 1276
1250$CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy && rm -f $dummy.c $dummy && exit 0 1277$CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
1251rm -f $dummy.c $dummy 1278rm -f $dummy.c $dummy && rmdir $tmpdir
1252 1279
1253# Apollos put the system type in the environment. 1280# Apollos put the system type in the environment.
1254 1281
diff --git a/config.h.in b/config.h.in
index d42ad8e55..e87309415 100644
--- a/config.h.in
+++ b/config.h.in
@@ -1,5 +1,5 @@
1/* config.h.in. Generated from configure.ac by autoheader. */ 1/* config.h.in. Generated from configure.ac by autoheader. */
2/* $Id: acconfig.h,v 1.141 2002/06/25 22:35:16 tim Exp $ */ 2/* $Id: acconfig.h,v 1.145 2002/09/26 00:38:48 tim Exp $ */
3 3
4#ifndef _CONFIG_H 4#ifndef _CONFIG_H
5#define _CONFIG_H 5#define _CONFIG_H
@@ -150,6 +150,9 @@
150/* Define if you don't want to use lastlog */ 150/* Define if you don't want to use lastlog */
151#undef DISABLE_LASTLOG 151#undef DISABLE_LASTLOG
152 152
153/* Define if you don't want to use lastlog in session.c */
154#undef NO_SSH_LASTLOG
155
153/* Define if you don't want to use utmp */ 156/* Define if you don't want to use utmp */
154#undef DISABLE_UTMP 157#undef DISABLE_UTMP
155 158
@@ -310,6 +313,9 @@
310/* Define if X11 doesn't support AF_UNIX sockets on that system */ 313/* Define if X11 doesn't support AF_UNIX sockets on that system */
311#undef NO_X11_UNIX_SOCKETS 314#undef NO_X11_UNIX_SOCKETS
312 315
316/* Define if the concept of ports only accessible to superusers isn't known */
317#undef NO_IPPORT_RESERVED_CONCEPT
318
313/* Needed for SCO and NeXT */ 319/* Needed for SCO and NeXT */
314#undef BROKEN_SAVED_UIDS 320#undef BROKEN_SAVED_UIDS
315 321
@@ -355,11 +361,8 @@
355/* Path that unprivileged child will chroot() to in privep mode */ 361/* Path that unprivileged child will chroot() to in privep mode */
356#undef PRIVSEP_PATH 362#undef PRIVSEP_PATH
357 363
358/* Define if you have the `mmap' function that supports MAP_ANON|SHARED */ 364/* Define if your platform needs to skip post auth file descriptor passing */
359#undef HAVE_MMAP_ANON_SHARED 365#undef DISABLE_FD_PASSING
360
361/* Define if sendmsg()/recvmsg() has problems passing file descriptors */
362#undef BROKEN_FD_PASSING
363 366
364 367
365/* Define to 1 if the `getpgrp' function requires zero arguments. */ 368/* Define to 1 if the `getpgrp' function requires zero arguments. */
@@ -437,6 +440,9 @@
437/* Define to 1 if you have the <getopt.h> header file. */ 440/* Define to 1 if you have the <getopt.h> header file. */
438#undef HAVE_GETOPT_H 441#undef HAVE_GETOPT_H
439 442
443/* Define to 1 if you have the `getpeereid' function. */
444#undef HAVE_GETPEEREID
445
440/* Define to 1 if you have the `getpwanam' function. */ 446/* Define to 1 if you have the `getpwanam' function. */
441#undef HAVE_GETPWANAM 447#undef HAVE_GETPWANAM
442 448
@@ -476,6 +482,9 @@
476/* Define to 1 if you have the <glob.h> header file. */ 482/* Define to 1 if you have the <glob.h> header file. */
477#undef HAVE_GLOB_H 483#undef HAVE_GLOB_H
478 484
485/* Define to 1 if you have the <ia.h> header file. */
486#undef HAVE_IA_H
487
479/* Define to 1 if you have the `inet_aton' function. */ 488/* Define to 1 if you have the `inet_aton' function. */
480#undef HAVE_INET_ATON 489#undef HAVE_INET_ATON
481 490
@@ -497,6 +506,9 @@
497/* Define to 1 if you have the <lastlog.h> header file. */ 506/* Define to 1 if you have the <lastlog.h> header file. */
498#undef HAVE_LASTLOG_H 507#undef HAVE_LASTLOG_H
499 508
509/* Define to 1 if you have the `crypt' library (-lcrypt). */
510#undef HAVE_LIBCRYPT
511
500/* Define to 1 if you have the `des' library (-ldes). */ 512/* Define to 1 if you have the `des' library (-ldes). */
501#undef HAVE_LIBDES 513#undef HAVE_LIBDES
502 514
@@ -533,6 +545,9 @@
533/* Define to 1 if you have the <libutil.h> header file. */ 545/* Define to 1 if you have the <libutil.h> header file. */
534#undef HAVE_LIBUTIL_H 546#undef HAVE_LIBUTIL_H
535 547
548/* Define to 1 if you have the `xnet' library (-lxnet). */
549#undef HAVE_LIBXNET
550
536/* Define to 1 if you have the `z' library (-lz). */ 551/* Define to 1 if you have the `z' library (-lz). */
537#undef HAVE_LIBZ 552#undef HAVE_LIBZ
538 553
@@ -779,6 +794,9 @@
779/* Define to 1 if you have the <time.h> header file. */ 794/* Define to 1 if you have the <time.h> header file. */
780#undef HAVE_TIME_H 795#undef HAVE_TIME_H
781 796
797/* Define to 1 if you have the <tmpdir.h> header file. */
798#undef HAVE_TMPDIR_H
799
782/* Define to 1 if you have the `truncate' function. */ 800/* Define to 1 if you have the `truncate' function. */
783#undef HAVE_TRUNCATE 801#undef HAVE_TRUNCATE
784 802
diff --git a/config.sub b/config.sub
index a06a480ad..9ff085efa 100755
--- a/config.sub
+++ b/config.sub
@@ -1,9 +1,9 @@
1#! /bin/sh 1#! /bin/sh
2# Configuration validation subroutine script. 2# Configuration validation subroutine script.
3# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 3# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
4# Free Software Foundation, Inc. 4# 2000, 2001, 2002 Free Software Foundation, Inc.
5 5
6timestamp='2001-04-20' 6timestamp='2002-07-03'
7 7
8# This file is (in principle) common to ALL GNU software. 8# This file is (in principle) common to ALL GNU software.
9# The presence of a machine in this file suggests that SOME GNU software 9# The presence of a machine in this file suggests that SOME GNU software
@@ -29,7 +29,8 @@ timestamp='2001-04-20'
29# configuration script generated by Autoconf, you may include it under 29# configuration script generated by Autoconf, you may include it under
30# the same distribution terms that you use for the rest of that program. 30# the same distribution terms that you use for the rest of that program.
31 31
32# Please send patches to <config-patches@gnu.org>. 32# Please send patches to <config-patches@gnu.org>. Submit a context
33# diff and a properly formatted ChangeLog entry.
33# 34#
34# Configuration subroutine to validate and canonicalize a configuration type. 35# Configuration subroutine to validate and canonicalize a configuration type.
35# Supply the specified configuration type as an argument. 36# Supply the specified configuration type as an argument.
@@ -117,7 +118,7 @@ esac
117# Here we must recognize all the valid KERNEL-OS combinations. 118# Here we must recognize all the valid KERNEL-OS combinations.
118maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` 119maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
119case $maybe_os in 120case $maybe_os in
120 nto-qnx* | linux-gnu* | storm-chaos* | os2-emx*) 121 nto-qnx* | linux-gnu* | freebsd*-gnu* | storm-chaos* | os2-emx* | windows32-* | rtmk-nova*)
121 os=-$maybe_os 122 os=-$maybe_os
122 basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` 123 basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
123 ;; 124 ;;
@@ -157,6 +158,14 @@ case $os in
157 os=-vxworks 158 os=-vxworks
158 basic_machine=$1 159 basic_machine=$1
159 ;; 160 ;;
161 -chorusos*)
162 os=-chorusos
163 basic_machine=$1
164 ;;
165 -chorusrdb)
166 os=-chorusrdb
167 basic_machine=$1
168 ;;
160 -hiux*) 169 -hiux*)
161 os=-hiuxwe2 170 os=-hiuxwe2
162 ;; 171 ;;
@@ -215,26 +224,44 @@ esac
215case $basic_machine in 224case $basic_machine in
216 # Recognize the basic CPU types without company name. 225 # Recognize the basic CPU types without company name.
217 # Some are omitted here because they have special meanings below. 226 # Some are omitted here because they have special meanings below.
218 tahoe | i860 | ia64 | m32r | m68k | m68000 | m88k | ns32k | arc \ 227 1750a | 580 \
219 | arm | arme[lb] | arm[bl]e | armv[2345] | armv[345][lb] | strongarm | xscale \ 228 | a29k \
220 | pyramid | mn10200 | mn10300 | tron | a29k \ 229 | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
221 | 580 | i960 | h8300 \ 230 | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
222 | x86 | ppcbe | mipsbe | mipsle | shbe | shle \ 231 | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
223 | hppa | hppa1.0 | hppa1.1 | hppa2.0 | hppa2.0w | hppa2.0n \ 232 | c4x | clipper \
224 | hppa64 \ 233 | d10v | d30v | dlx | dsp16xx \
225 | alpha | alphaev[4-8] | alphaev56 | alphapca5[67] \ 234 | fr30 | frv \
226 | alphaev6[78] \ 235 | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
227 | we32k | ns16k | clipper | i370 | sh | sh[34] \ 236 | i370 | i860 | i960 | ia64 \
228 | powerpc | powerpcle \ 237 | ip2k \
229 | 1750a | dsp16xx | pdp10 | pdp11 \ 238 | m32r | m68000 | m68k | m88k | mcore \
230 | mips16 | mips64 | mipsel | mips64el \ 239 | mips | mipsbe | mipseb | mipsel | mipsle \
231 | mips64orion | mips64orionel | mipstx39 | mipstx39el \ 240 | mips16 \
232 | mips64vr4300 | mips64vr4300el | mips64vr4100 | mips64vr4100el \ 241 | mips64 | mips64el \
233 | mips64vr5000 | miprs64vr5000el | mcore | s390 | s390x \ 242 | mips64orion | mips64orionel \
234 | sparc | sparclet | sparclite | sparc64 | sparcv9 | sparcv9b \ 243 | mips64vr4100 | mips64vr4100el \
235 | v850 | c4x \ 244 | mips64vr4300 | mips64vr4300el \
236 | thumb | d10v | d30v | fr30 | avr | openrisc | tic80 \ 245 | mips64vr5000 | mips64vr5000el \
237 | pj | pjl | h8500) 246 | mipsisa32 | mipsisa32el \
247 | mipsisa64 | mipsisa64el \
248 | mipsisa64sb1 | mipsisa64sb1el \
249 | mipstx39 | mipstx39el \
250 | mn10200 | mn10300 \
251 | ns16k | ns32k \
252 | openrisc | or32 \
253 | pdp10 | pdp11 | pj | pjl \
254 | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
255 | pyramid \
256 | sh | sh[1234] | sh3e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
257 | sh64 | sh64le \
258 | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \
259 | strongarm \
260 | tahoe | thumb | tic80 | tron \
261 | v850 | v850e \
262 | we32k \
263 | x86 | xscale | xstormy16 | xtensa \
264 | z8k)
238 basic_machine=$basic_machine-unknown 265 basic_machine=$basic_machine-unknown
239 ;; 266 ;;
240 m6811 | m68hc11 | m6812 | m68hc12) 267 m6811 | m68hc11 | m6812 | m68hc12)
@@ -242,7 +269,7 @@ case $basic_machine in
242 basic_machine=$basic_machine-unknown 269 basic_machine=$basic_machine-unknown
243 os=-none 270 os=-none
244 ;; 271 ;;
245 m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | z8k | v70 | w65) 272 m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
246 ;; 273 ;;
247 274
248 # We use `pc' rather than `unknown' 275 # We use `pc' rather than `unknown'
@@ -257,31 +284,54 @@ case $basic_machine in
257 exit 1 284 exit 1
258 ;; 285 ;;
259 # Recognize the basic CPU types with company name. 286 # Recognize the basic CPU types with company name.
260 # FIXME: clean up the formatting here. 287 580-* \
261 vax-* | tahoe-* | i*86-* | i860-* | ia64-* | m32r-* | m68k-* | m68000-* \ 288 | a29k-* \
262 | m88k-* | sparc-* | ns32k-* | fx80-* | arc-* | c[123]* \ 289 | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
263 | arm-* | armbe-* | armle-* | armv*-* | strongarm-* | xscale-* \ 290 | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
264 | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* \ 291 | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
265 | power-* | none-* | 580-* | cray2-* | h8300-* | h8500-* | i960-* \ 292 | arm-* | armbe-* | armle-* | armeb-* | armv*-* \
266 | xmp-* | ymp-* \ 293 | avr-* \
267 | x86-* | ppcbe-* | mipsbe-* | mipsle-* | shbe-* | shle-* \ 294 | bs2000-* \
268 | hppa-* | hppa1.0-* | hppa1.1-* | hppa2.0-* | hppa2.0w-* \ 295 | c[123]* | c30-* | [cjt]90-* | c54x-* \
269 | hppa2.0n-* | hppa64-* \ 296 | clipper-* | cydra-* \
270 | alpha-* | alphaev[4-8]-* | alphaev56-* | alphapca5[67]-* \ 297 | d10v-* | d30v-* | dlx-* \
271 | alphaev6[78]-* \ 298 | elxsi-* \
272 | we32k-* | cydra-* | ns16k-* | pn-* | np1-* | xps100-* \ 299 | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
273 | clipper-* | orion-* \ 300 | h8300-* | h8500-* \
274 | sparclite-* | pdp10-* | pdp11-* | sh-* | powerpc-* | powerpcle-* \ 301 | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
275 | sparc64-* | sparcv9-* | sparcv9b-* | sparc86x-* \ 302 | i*86-* | i860-* | i960-* | ia64-* \
276 | mips16-* | mips64-* | mipsel-* \ 303 | ip2k-* \
277 | mips64el-* | mips64orion-* | mips64orionel-* \ 304 | m32r-* \
278 | mips64vr4100-* | mips64vr4100el-* | mips64vr4300-* | mips64vr4300el-* \ 305 | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
279 | mipstx39-* | mipstx39el-* | mcore-* \ 306 | m88110-* | m88k-* | mcore-* \
280 | f30[01]-* | f700-* | s390-* | s390x-* | sv1-* | t3e-* \ 307 | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
281 | [cjt]90-* \ 308 | mips16-* \
282 | m88110-* | m680[01234]0-* | m683?2-* | m68360-* | z8k-* | d10v-* \ 309 | mips64-* | mips64el-* \
283 | thumb-* | v850-* | d30v-* | tic30-* | tic80-* | c30-* | fr30-* \ 310 | mips64orion-* | mips64orionel-* \
284 | bs2000-* | tic54x-* | c54x-* | x86_64-* | pj-* | pjl-*) 311 | mips64vr4100-* | mips64vr4100el-* \
312 | mips64vr4300-* | mips64vr4300el-* \
313 | mips64vr5000-* | mips64vr5000el-* \
314 | mipsisa32-* | mipsisa32el-* \
315 | mipsisa64-* | mipsisa64el-* \
316 | mipsisa64sb1-* | mipsisa64sb1el-* \
317 | mipstx39 | mipstx39el \
318 | none-* | np1-* | ns16k-* | ns32k-* \
319 | orion-* \
320 | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
321 | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
322 | pyramid-* \
323 | romp-* | rs6000-* \
324 | sh-* | sh[1234]-* | sh3e-* | sh[34]eb-* | shbe-* \
325 | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
326 | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \
327 | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
328 | tahoe-* | thumb-* | tic30-* | tic54x-* | tic80-* | tron-* \
329 | v850-* | v850e-* | vax-* \
330 | we32k-* \
331 | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \
332 | xtensa-* \
333 | ymp-* \
334 | z8k-*)
285 ;; 335 ;;
286 # Recognize the various machine names and aliases which stand 336 # Recognize the various machine names and aliases which stand
287 # for a CPU type and a company and sometimes even an OS. 337 # for a CPU type and a company and sometimes even an OS.
@@ -344,6 +394,10 @@ case $basic_machine in
344 basic_machine=ns32k-sequent 394 basic_machine=ns32k-sequent
345 os=-dynix 395 os=-dynix
346 ;; 396 ;;
397 c90)
398 basic_machine=c90-cray
399 os=-unicos
400 ;;
347 convex-c1) 401 convex-c1)
348 basic_machine=c1-convex 402 basic_machine=c1-convex
349 os=-bsd 403 os=-bsd
@@ -364,16 +418,8 @@ case $basic_machine in
364 basic_machine=c38-convex 418 basic_machine=c38-convex
365 os=-bsd 419 os=-bsd
366 ;; 420 ;;
367 cray | ymp) 421 cray | j90)
368 basic_machine=ymp-cray 422 basic_machine=j90-cray
369 os=-unicos
370 ;;
371 cray2)
372 basic_machine=cray2-cray
373 os=-unicos
374 ;;
375 [cjt]90)
376 basic_machine=${basic_machine}-cray
377 os=-unicos 423 os=-unicos
378 ;; 424 ;;
379 crds | unos) 425 crds | unos)
@@ -388,6 +434,14 @@ case $basic_machine in
388 decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) 434 decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
389 basic_machine=mips-dec 435 basic_machine=mips-dec
390 ;; 436 ;;
437 decsystem10* | dec10*)
438 basic_machine=pdp10-dec
439 os=-tops10
440 ;;
441 decsystem20* | dec20*)
442 basic_machine=pdp10-dec
443 os=-tops20
444 ;;
391 delta | 3300 | motorola-3300 | motorola-delta \ 445 delta | 3300 | motorola-3300 | motorola-delta \
392 | 3300-motorola | delta-motorola) 446 | 3300-motorola | delta-motorola)
393 basic_machine=m68k-motorola 447 basic_machine=m68k-motorola
@@ -568,14 +622,6 @@ case $basic_machine in
568 basic_machine=m68k-atari 622 basic_machine=m68k-atari
569 os=-mint 623 os=-mint
570 ;; 624 ;;
571 mipsel*-linux*)
572 basic_machine=mipsel-unknown
573 os=-linux-gnu
574 ;;
575 mips*-linux*)
576 basic_machine=mips-unknown
577 os=-linux-gnu
578 ;;
579 mips3*-*) 625 mips3*-*)
580 basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` 626 basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
581 ;; 627 ;;
@@ -590,6 +636,10 @@ case $basic_machine in
590 basic_machine=m68k-rom68k 636 basic_machine=m68k-rom68k
591 os=-coff 637 os=-coff
592 ;; 638 ;;
639 morphos)
640 basic_machine=powerpc-unknown
641 os=-morphos
642 ;;
593 msdos) 643 msdos)
594 basic_machine=i386-pc 644 basic_machine=i386-pc
595 os=-msdos 645 os=-msdos
@@ -669,6 +719,10 @@ case $basic_machine in
669 basic_machine=hppa1.1-oki 719 basic_machine=hppa1.1-oki
670 os=-proelf 720 os=-proelf
671 ;; 721 ;;
722 or32 | or32-*)
723 basic_machine=or32-unknown
724 os=-coff
725 ;;
672 OSE68000 | ose68000) 726 OSE68000 | ose68000)
673 basic_machine=m68000-ericsson 727 basic_machine=m68000-ericsson
674 os=-ose 728 os=-ose
@@ -694,7 +748,7 @@ case $basic_machine in
694 pc532 | pc532-*) 748 pc532 | pc532-*)
695 basic_machine=ns32k-pc532 749 basic_machine=ns32k-pc532
696 ;; 750 ;;
697 pentium | p5 | k5 | k6 | nexgen) 751 pentium | p5 | k5 | k6 | nexgen | viac3)
698 basic_machine=i586-pc 752 basic_machine=i586-pc
699 ;; 753 ;;
700 pentiumpro | p6 | 6x86 | athlon) 754 pentiumpro | p6 | 6x86 | athlon)
@@ -703,7 +757,7 @@ case $basic_machine in
703 pentiumii | pentium2) 757 pentiumii | pentium2)
704 basic_machine=i686-pc 758 basic_machine=i686-pc
705 ;; 759 ;;
706 pentium-* | p5-* | k5-* | k6-* | nexgen-*) 760 pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
707 basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` 761 basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
708 ;; 762 ;;
709 pentiumpro-* | p6-* | 6x86-* | athlon-*) 763 pentiumpro-* | p6-* | 6x86-* | athlon-*)
@@ -727,6 +781,16 @@ case $basic_machine in
727 ppcle-* | powerpclittle-*) 781 ppcle-* | powerpclittle-*)
728 basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` 782 basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
729 ;; 783 ;;
784 ppc64) basic_machine=powerpc64-unknown
785 ;;
786 ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
787 ;;
788 ppc64le | powerpc64little | ppc64-le | powerpc64-little)
789 basic_machine=powerpc64le-unknown
790 ;;
791 ppc64le-* | powerpc64little-*)
792 basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
793 ;;
730 ps2) 794 ps2)
731 basic_machine=i386-ibm 795 basic_machine=i386-ibm
732 ;; 796 ;;
@@ -744,6 +808,12 @@ case $basic_machine in
744 rtpc | rtpc-*) 808 rtpc | rtpc-*)
745 basic_machine=romp-ibm 809 basic_machine=romp-ibm
746 ;; 810 ;;
811 s390 | s390-*)
812 basic_machine=s390-ibm
813 ;;
814 s390x | s390x-*)
815 basic_machine=s390x-ibm
816 ;;
747 sa29200) 817 sa29200)
748 basic_machine=a29k-amd 818 basic_machine=a29k-amd
749 os=-udi 819 os=-udi
@@ -755,7 +825,7 @@ case $basic_machine in
755 basic_machine=sh-hitachi 825 basic_machine=sh-hitachi
756 os=-hms 826 os=-hms
757 ;; 827 ;;
758 sparclite-wrs) 828 sparclite-wrs | simso-wrs)
759 basic_machine=sparclite-wrs 829 basic_machine=sparclite-wrs
760 os=-vxworks 830 os=-vxworks
761 ;; 831 ;;
@@ -813,7 +883,7 @@ case $basic_machine in
813 sun386 | sun386i | roadrunner) 883 sun386 | sun386i | roadrunner)
814 basic_machine=i386-sun 884 basic_machine=i386-sun
815 ;; 885 ;;
816 sv1) 886 sv1)
817 basic_machine=sv1-cray 887 basic_machine=sv1-cray
818 os=-unicos 888 os=-unicos
819 ;; 889 ;;
@@ -821,8 +891,16 @@ case $basic_machine in
821 basic_machine=i386-sequent 891 basic_machine=i386-sequent
822 os=-dynix 892 os=-dynix
823 ;; 893 ;;
894 t3d)
895 basic_machine=alpha-cray
896 os=-unicos
897 ;;
824 t3e) 898 t3e)
825 basic_machine=t3e-cray 899 basic_machine=alphaev5-cray
900 os=-unicos
901 ;;
902 t90)
903 basic_machine=t90-cray
826 os=-unicos 904 os=-unicos
827 ;; 905 ;;
828 tic54x | c54x*) 906 tic54x | c54x*)
@@ -835,6 +913,10 @@ case $basic_machine in
835 tx39el) 913 tx39el)
836 basic_machine=mipstx39el-unknown 914 basic_machine=mipstx39el-unknown
837 ;; 915 ;;
916 toad1)
917 basic_machine=pdp10-xkl
918 os=-tops20
919 ;;
838 tower | tower-32) 920 tower | tower-32)
839 basic_machine=m68k-ncr 921 basic_machine=m68k-ncr
840 ;; 922 ;;
@@ -881,13 +963,17 @@ case $basic_machine in
881 basic_machine=hppa1.1-winbond 963 basic_machine=hppa1.1-winbond
882 os=-proelf 964 os=-proelf
883 ;; 965 ;;
884 xmp) 966 windows32)
885 basic_machine=xmp-cray 967 basic_machine=i386-pc
886 os=-unicos 968 os=-windows32-msvcrt
887 ;; 969 ;;
888 xps | xps100) 970 xps | xps100)
889 basic_machine=xps100-honeywell 971 basic_machine=xps100-honeywell
890 ;; 972 ;;
973 ymp)
974 basic_machine=ymp-cray
975 os=-unicos
976 ;;
891 z8k-*-coff) 977 z8k-*-coff)
892 basic_machine=z8k-unknown 978 basic_machine=z8k-unknown
893 os=-sim 979 os=-sim
@@ -908,13 +994,6 @@ case $basic_machine in
908 op60c) 994 op60c)
909 basic_machine=hppa1.1-oki 995 basic_machine=hppa1.1-oki
910 ;; 996 ;;
911 mips)
912 if [ x$os = x-linux-gnu ]; then
913 basic_machine=mips-unknown
914 else
915 basic_machine=mips-mips
916 fi
917 ;;
918 romp) 997 romp)
919 basic_machine=romp-ibm 998 basic_machine=romp-ibm
920 ;; 999 ;;
@@ -934,9 +1013,12 @@ case $basic_machine in
934 we32k) 1013 we32k)
935 basic_machine=we32k-att 1014 basic_machine=we32k-att
936 ;; 1015 ;;
937 sh3 | sh4) 1016 sh3 | sh4 | sh3eb | sh4eb | sh[1234]le | sh3ele)
938 basic_machine=sh-unknown 1017 basic_machine=sh-unknown
939 ;; 1018 ;;
1019 sh64)
1020 basic_machine=sh64-unknown
1021 ;;
940 sparc | sparcv9 | sparcv9b) 1022 sparc | sparcv9 | sparcv9b)
941 basic_machine=sparc-sun 1023 basic_machine=sparc-sun
942 ;; 1024 ;;
@@ -1018,11 +1100,14 @@ case $os in
1018 | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ 1100 | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
1019 | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ 1101 | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
1020 | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ 1102 | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
1103 | -chorusos* | -chorusrdb* \
1021 | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ 1104 | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
1022 | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \ 1105 | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
1023 | -interix* | -uwin* | -rhapsody* | -darwin* | -opened* \ 1106 | -interix* | -uwin* | -rhapsody* | -darwin* | -opened* \
1024 | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ 1107 | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
1025 | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* | -os2*) 1108 | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
1109 | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
1110 | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* | -powermax*)
1026 # Remember, each alternative MUST END IN *, to match a version number. 1111 # Remember, each alternative MUST END IN *, to match a version number.
1027 ;; 1112 ;;
1028 -qnx*) 1113 -qnx*)
@@ -1074,12 +1159,18 @@ case $os in
1074 -acis*) 1159 -acis*)
1075 os=-aos 1160 os=-aos
1076 ;; 1161 ;;
1162 -atheos*)
1163 os=-atheos
1164 ;;
1077 -386bsd) 1165 -386bsd)
1078 os=-bsd 1166 os=-bsd
1079 ;; 1167 ;;
1080 -ctix* | -uts*) 1168 -ctix* | -uts*)
1081 os=-sysv 1169 os=-sysv
1082 ;; 1170 ;;
1171 -nova*)
1172 os=-rtmk-nova
1173 ;;
1083 -ns2 ) 1174 -ns2 )
1084 os=-nextstep2 1175 os=-nextstep2
1085 ;; 1176 ;;
@@ -1154,6 +1245,7 @@ case $basic_machine in
1154 arm*-semi) 1245 arm*-semi)
1155 os=-aout 1246 os=-aout
1156 ;; 1247 ;;
1248 # This must come before the *-dec entry.
1157 pdp10-*) 1249 pdp10-*)
1158 os=-tops20 1250 os=-tops20
1159 ;; 1251 ;;
@@ -1184,6 +1276,9 @@ case $basic_machine in
1184 mips*-*) 1276 mips*-*)
1185 os=-elf 1277 os=-elf
1186 ;; 1278 ;;
1279 or32-*)
1280 os=-coff
1281 ;;
1187 *-tti) # must be before sparc entry or we get the wrong os. 1282 *-tti) # must be before sparc entry or we get the wrong os.
1188 os=-sysv3 1283 os=-sysv3
1189 ;; 1284 ;;
@@ -1331,7 +1426,7 @@ case $basic_machine in
1331 -ptx*) 1426 -ptx*)
1332 vendor=sequent 1427 vendor=sequent
1333 ;; 1428 ;;
1334 -vxsim* | -vxworks*) 1429 -vxsim* | -vxworks* | -windiss*)
1335 vendor=wrs 1430 vendor=wrs
1336 ;; 1431 ;;
1337 -aux*) 1432 -aux*)
@@ -1346,6 +1441,9 @@ case $basic_machine in
1346 -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) 1441 -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
1347 vendor=atari 1442 vendor=atari
1348 ;; 1443 ;;
1444 -vos*)
1445 vendor=stratus
1446 ;;
1349 esac 1447 esac
1350 basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` 1448 basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
1351 ;; 1449 ;;
diff --git a/configure b/configure
index ad13a1610..565e9ee79 100755
--- a/configure
+++ b/configure
@@ -862,7 +862,7 @@ Optional Packages:
862 --with-kerberos5=PATH Enable Kerberos 5 support 862 --with-kerberos5=PATH Enable Kerberos 5 support
863 --with-kerberos4=PATH Enable Kerberos 4 support 863 --with-kerberos4=PATH Enable Kerberos 4 support
864 --with-afs=PATH Enable AFS support 864 --with-afs=PATH Enable AFS support
865 --with-privsep-path=xxx Path for privilege separation chroot 865 --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)
866 --with-xauth=PATH Specify path to xauth program 866 --with-xauth=PATH Specify path to xauth program
867 --with-mantype=man|cat|doc Set man page type 867 --with-mantype=man|cat|doc Set man page type
868 --with-md5-passwords Enable use of MD5 passwords 868 --with-md5-passwords Enable use of MD5 passwords
@@ -2760,52 +2760,6 @@ echo "${ECHO_T}no" >&6
2760fi 2760fi
2761 2761
2762 2762
2763for ac_prog in filepriv
2764do
2765 # Extract the first word of "$ac_prog", so it can be a program name with args.
2766set dummy $ac_prog; ac_word=$2
2767echo "$as_me:$LINENO: checking for $ac_word" >&5
2768echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
2769if test "${ac_cv_path_FILEPRIV+set}" = set; then
2770 echo $ECHO_N "(cached) $ECHO_C" >&6
2771else
2772 case $FILEPRIV in
2773 [\\/]* | ?:[\\/]*)
2774 ac_cv_path_FILEPRIV="$FILEPRIV" # Let the user override the test with a path.
2775 ;;
2776 *)
2777 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
2778as_dummy="/sbin:/usr/sbin"
2779for as_dir in $as_dummy
2780do
2781 IFS=$as_save_IFS
2782 test -z "$as_dir" && as_dir=.
2783 for ac_exec_ext in '' $ac_executable_extensions; do
2784 if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
2785 ac_cv_path_FILEPRIV="$as_dir/$ac_word$ac_exec_ext"
2786 echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
2787 break 2
2788 fi
2789done
2790done
2791
2792 ;;
2793esac
2794fi
2795FILEPRIV=$ac_cv_path_FILEPRIV
2796
2797if test -n "$FILEPRIV"; then
2798 echo "$as_me:$LINENO: result: $FILEPRIV" >&5
2799echo "${ECHO_T}$FILEPRIV" >&6
2800else
2801 echo "$as_me:$LINENO: result: no" >&5
2802echo "${ECHO_T}no" >&6
2803fi
2804
2805 test -n "$FILEPRIV" && break
2806done
2807test -n "$FILEPRIV" || FILEPRIV="true"
2808
2809# Extract the first word of "bash", so it can be a program name with args. 2763# Extract the first word of "bash", so it can be a program name with args.
2810set dummy bash; ac_word=$2 2764set dummy bash; ac_word=$2
2811echo "$as_me:$LINENO: checking for $ac_word" >&5 2765echo "$as_me:$LINENO: checking for $ac_word" >&5
@@ -3622,6 +3576,72 @@ if test $ac_cv_func_authenticate = yes; then
3622#define WITH_AIXAUTHENTICATE 1 3576#define WITH_AIXAUTHENTICATE 1
3623_ACEOF 3577_ACEOF
3624 3578
3579else
3580 echo "$as_me:$LINENO: checking for authenticate in -ls" >&5
3581echo $ECHO_N "checking for authenticate in -ls... $ECHO_C" >&6
3582if test "${ac_cv_lib_s_authenticate+set}" = set; then
3583 echo $ECHO_N "(cached) $ECHO_C" >&6
3584else
3585 ac_check_lib_save_LIBS=$LIBS
3586LIBS="-ls $LIBS"
3587cat >conftest.$ac_ext <<_ACEOF
3588#line $LINENO "configure"
3589#include "confdefs.h"
3590
3591/* Override any gcc2 internal prototype to avoid an error. */
3592#ifdef __cplusplus
3593extern "C"
3594#endif
3595/* We use char because int might match the return type of a gcc2
3596 builtin and then its argument prototype would still apply. */
3597char authenticate ();
3598#ifdef F77_DUMMY_MAIN
3599# ifdef __cplusplus
3600 extern "C"
3601# endif
3602 int F77_DUMMY_MAIN() { return 1; }
3603#endif
3604int
3605main ()
3606{
3607authenticate ();
3608 ;
3609 return 0;
3610}
3611_ACEOF
3612rm -f conftest.$ac_objext conftest$ac_exeext
3613if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
3614 (eval $ac_link) 2>&5
3615 ac_status=$?
3616 echo "$as_me:$LINENO: \$? = $ac_status" >&5
3617 (exit $ac_status); } &&
3618 { ac_try='test -s conftest$ac_exeext'
3619 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
3620 (eval $ac_try) 2>&5
3621 ac_status=$?
3622 echo "$as_me:$LINENO: \$? = $ac_status" >&5
3623 (exit $ac_status); }; }; then
3624 ac_cv_lib_s_authenticate=yes
3625else
3626 echo "$as_me: failed program was:" >&5
3627cat conftest.$ac_ext >&5
3628ac_cv_lib_s_authenticate=no
3629fi
3630rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
3631LIBS=$ac_check_lib_save_LIBS
3632fi
3633echo "$as_me:$LINENO: result: $ac_cv_lib_s_authenticate" >&5
3634echo "${ECHO_T}$ac_cv_lib_s_authenticate" >&6
3635if test $ac_cv_lib_s_authenticate = yes; then
3636 cat >>confdefs.h <<\_ACEOF
3637#define WITH_AIXAUTHENTICATE 1
3638_ACEOF
3639
3640 LIBS="$LIBS -ls"
3641
3642fi
3643
3644
3625fi 3645fi
3626 3646
3627 cat >>confdefs.h <<\_ACEOF 3647 cat >>confdefs.h <<\_ACEOF
@@ -3668,7 +3688,11 @@ _ACEOF
3668_ACEOF 3688_ACEOF
3669 3689
3670 cat >>confdefs.h <<\_ACEOF 3690 cat >>confdefs.h <<\_ACEOF
3671#define BROKEN_FD_PASSING 1 3691#define NO_IPPORT_RESERVED_CONCEPT 1
3692_ACEOF
3693
3694 cat >>confdefs.h <<\_ACEOF
3695#define DISABLE_FD_PASSING 1
3672_ACEOF 3696_ACEOF
3673 3697
3674 cat >>confdefs.h <<\_ACEOF 3698 cat >>confdefs.h <<\_ACEOF
@@ -3683,10 +3707,49 @@ _ACEOF
3683 3707
3684 ;; 3708 ;;
3685*-*-darwin*) 3709*-*-darwin*)
3710 echo "$as_me:$LINENO: checking if we have working getaddrinfo" >&5
3711echo $ECHO_N "checking if we have working getaddrinfo... $ECHO_C" >&6
3712 if test "$cross_compiling" = yes; then
3713 echo "$as_me:$LINENO: result: assume it is working" >&5
3714echo "${ECHO_T}assume it is working" >&6
3715else
3716 cat >conftest.$ac_ext <<_ACEOF
3717#line $LINENO "configure"
3718#include "confdefs.h"
3719#include <mach-o/dyld.h>
3720main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
3721 exit(0);
3722 else
3723 exit(1);
3724}
3725_ACEOF
3726rm -f conftest$ac_exeext
3727if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
3728 (eval $ac_link) 2>&5
3729 ac_status=$?
3730 echo "$as_me:$LINENO: \$? = $ac_status" >&5
3731 (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
3732 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
3733 (eval $ac_try) 2>&5
3734 ac_status=$?
3735 echo "$as_me:$LINENO: \$? = $ac_status" >&5
3736 (exit $ac_status); }; }; then
3737 echo "$as_me:$LINENO: result: working" >&5
3738echo "${ECHO_T}working" >&6
3739else
3740 echo "$as_me: program exited with status $ac_status" >&5
3741echo "$as_me: failed program was:" >&5
3742cat conftest.$ac_ext >&5
3743( exit $ac_status )
3744echo "$as_me:$LINENO: result: buggy" >&5
3745echo "${ECHO_T}buggy" >&6
3686 cat >>confdefs.h <<\_ACEOF 3746 cat >>confdefs.h <<\_ACEOF
3687#define BROKEN_GETADDRINFO 1 3747#define BROKEN_GETADDRINFO 1
3688_ACEOF 3748_ACEOF
3689 3749
3750fi
3751rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
3752fi
3690 ;; 3753 ;;
3691*-*-hpux10.26) 3754*-*-hpux10.26)
3692 if test -z "$GCC"; then 3755 if test -z "$GCC"; then
@@ -3722,7 +3785,76 @@ _ACEOF
3722#define SPT_TYPE SPT_PSTAT 3785#define SPT_TYPE SPT_PSTAT
3723_ACEOF 3786_ACEOF
3724 3787
3725 LIBS="$LIBS -lxnet -lsec -lsecpw" 3788 LIBS="$LIBS -lsec -lsecpw"
3789
3790echo "$as_me:$LINENO: checking for t_error in -lxnet" >&5
3791echo $ECHO_N "checking for t_error in -lxnet... $ECHO_C" >&6
3792if test "${ac_cv_lib_xnet_t_error+set}" = set; then
3793 echo $ECHO_N "(cached) $ECHO_C" >&6
3794else
3795 ac_check_lib_save_LIBS=$LIBS
3796LIBS="-lxnet $LIBS"
3797cat >conftest.$ac_ext <<_ACEOF
3798#line $LINENO "configure"
3799#include "confdefs.h"
3800
3801/* Override any gcc2 internal prototype to avoid an error. */
3802#ifdef __cplusplus
3803extern "C"
3804#endif
3805/* We use char because int might match the return type of a gcc2
3806 builtin and then its argument prototype would still apply. */
3807char t_error ();
3808#ifdef F77_DUMMY_MAIN
3809# ifdef __cplusplus
3810 extern "C"
3811# endif
3812 int F77_DUMMY_MAIN() { return 1; }
3813#endif
3814int
3815main ()
3816{
3817t_error ();
3818 ;
3819 return 0;
3820}
3821_ACEOF
3822rm -f conftest.$ac_objext conftest$ac_exeext
3823if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
3824 (eval $ac_link) 2>&5
3825 ac_status=$?
3826 echo "$as_me:$LINENO: \$? = $ac_status" >&5
3827 (exit $ac_status); } &&
3828 { ac_try='test -s conftest$ac_exeext'
3829 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
3830 (eval $ac_try) 2>&5
3831 ac_status=$?
3832 echo "$as_me:$LINENO: \$? = $ac_status" >&5
3833 (exit $ac_status); }; }; then
3834 ac_cv_lib_xnet_t_error=yes
3835else
3836 echo "$as_me: failed program was:" >&5
3837cat conftest.$ac_ext >&5
3838ac_cv_lib_xnet_t_error=no
3839fi
3840rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
3841LIBS=$ac_check_lib_save_LIBS
3842fi
3843echo "$as_me:$LINENO: result: $ac_cv_lib_xnet_t_error" >&5
3844echo "${ECHO_T}$ac_cv_lib_xnet_t_error" >&6
3845if test $ac_cv_lib_xnet_t_error = yes; then
3846 cat >>confdefs.h <<_ACEOF
3847#define HAVE_LIBXNET 1
3848_ACEOF
3849
3850 LIBS="-lxnet $LIBS"
3851
3852else
3853 { { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5
3854echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;}
3855 { (exit 1); exit 1; }; }
3856fi
3857
3726 disable_ptmx_check=yes 3858 disable_ptmx_check=yes
3727 ;; 3859 ;;
3728*-*-hpux10*) 3860*-*-hpux10*)
@@ -3755,7 +3887,76 @@ _ACEOF
3755#define SPT_TYPE SPT_PSTAT 3887#define SPT_TYPE SPT_PSTAT
3756_ACEOF 3888_ACEOF
3757 3889
3758 LIBS="$LIBS -lxnet -lsec" 3890 LIBS="$LIBS -lsec"
3891
3892echo "$as_me:$LINENO: checking for t_error in -lxnet" >&5
3893echo $ECHO_N "checking for t_error in -lxnet... $ECHO_C" >&6
3894if test "${ac_cv_lib_xnet_t_error+set}" = set; then
3895 echo $ECHO_N "(cached) $ECHO_C" >&6
3896else
3897 ac_check_lib_save_LIBS=$LIBS
3898LIBS="-lxnet $LIBS"
3899cat >conftest.$ac_ext <<_ACEOF
3900#line $LINENO "configure"
3901#include "confdefs.h"
3902
3903/* Override any gcc2 internal prototype to avoid an error. */
3904#ifdef __cplusplus
3905extern "C"
3906#endif
3907/* We use char because int might match the return type of a gcc2
3908 builtin and then its argument prototype would still apply. */
3909char t_error ();
3910#ifdef F77_DUMMY_MAIN
3911# ifdef __cplusplus
3912 extern "C"
3913# endif
3914 int F77_DUMMY_MAIN() { return 1; }
3915#endif
3916int
3917main ()
3918{
3919t_error ();
3920 ;
3921 return 0;
3922}
3923_ACEOF
3924rm -f conftest.$ac_objext conftest$ac_exeext
3925if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
3926 (eval $ac_link) 2>&5
3927 ac_status=$?
3928 echo "$as_me:$LINENO: \$? = $ac_status" >&5
3929 (exit $ac_status); } &&
3930 { ac_try='test -s conftest$ac_exeext'
3931 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
3932 (eval $ac_try) 2>&5
3933 ac_status=$?
3934 echo "$as_me:$LINENO: \$? = $ac_status" >&5
3935 (exit $ac_status); }; }; then
3936 ac_cv_lib_xnet_t_error=yes
3937else
3938 echo "$as_me: failed program was:" >&5
3939cat conftest.$ac_ext >&5
3940ac_cv_lib_xnet_t_error=no
3941fi
3942rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
3943LIBS=$ac_check_lib_save_LIBS
3944fi
3945echo "$as_me:$LINENO: result: $ac_cv_lib_xnet_t_error" >&5
3946echo "${ECHO_T}$ac_cv_lib_xnet_t_error" >&6
3947if test $ac_cv_lib_xnet_t_error = yes; then
3948 cat >>confdefs.h <<_ACEOF
3949#define HAVE_LIBXNET 1
3950_ACEOF
3951
3952 LIBS="-lxnet $LIBS"
3953
3954else
3955 { { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5
3956echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;}
3957 { (exit 1); exit 1; }; }
3958fi
3959
3759 ;; 3960 ;;
3760*-*-hpux11*) 3961*-*-hpux11*)
3761 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 3962 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
@@ -3788,7 +3989,76 @@ _ACEOF
3788#define SPT_TYPE SPT_PSTAT 3989#define SPT_TYPE SPT_PSTAT
3789_ACEOF 3990_ACEOF
3790 3991
3791 LIBS="$LIBS -lxnet -lsec" 3992 LIBS="$LIBS -lsec"
3993
3994echo "$as_me:$LINENO: checking for t_error in -lxnet" >&5
3995echo $ECHO_N "checking for t_error in -lxnet... $ECHO_C" >&6
3996if test "${ac_cv_lib_xnet_t_error+set}" = set; then
3997 echo $ECHO_N "(cached) $ECHO_C" >&6
3998else
3999 ac_check_lib_save_LIBS=$LIBS
4000LIBS="-lxnet $LIBS"
4001cat >conftest.$ac_ext <<_ACEOF
4002#line $LINENO "configure"
4003#include "confdefs.h"
4004
4005/* Override any gcc2 internal prototype to avoid an error. */
4006#ifdef __cplusplus
4007extern "C"
4008#endif
4009/* We use char because int might match the return type of a gcc2
4010 builtin and then its argument prototype would still apply. */
4011char t_error ();
4012#ifdef F77_DUMMY_MAIN
4013# ifdef __cplusplus
4014 extern "C"
4015# endif
4016 int F77_DUMMY_MAIN() { return 1; }
4017#endif
4018int
4019main ()
4020{
4021t_error ();
4022 ;
4023 return 0;
4024}
4025_ACEOF
4026rm -f conftest.$ac_objext conftest$ac_exeext
4027if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
4028 (eval $ac_link) 2>&5
4029 ac_status=$?
4030 echo "$as_me:$LINENO: \$? = $ac_status" >&5
4031 (exit $ac_status); } &&
4032 { ac_try='test -s conftest$ac_exeext'
4033 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
4034 (eval $ac_try) 2>&5
4035 ac_status=$?
4036 echo "$as_me:$LINENO: \$? = $ac_status" >&5
4037 (exit $ac_status); }; }; then
4038 ac_cv_lib_xnet_t_error=yes
4039else
4040 echo "$as_me: failed program was:" >&5
4041cat conftest.$ac_ext >&5
4042ac_cv_lib_xnet_t_error=no
4043fi
4044rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
4045LIBS=$ac_check_lib_save_LIBS
4046fi
4047echo "$as_me:$LINENO: result: $ac_cv_lib_xnet_t_error" >&5
4048echo "${ECHO_T}$ac_cv_lib_xnet_t_error" >&6
4049if test $ac_cv_lib_xnet_t_error = yes; then
4050 cat >>confdefs.h <<_ACEOF
4051#define HAVE_LIBXNET 1
4052_ACEOF
4053
4054 LIBS="-lxnet $LIBS"
4055
4056else
4057 { { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5
4058echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;}
4059 { (exit 1); exit 1; }; }
4060fi
4061
3792 ;; 4062 ;;
3793*-*-irix5*) 4063*-*-irix5*)
3794 CPPFLAGS="$CPPFLAGS -I/usr/local/include" 4064 CPPFLAGS="$CPPFLAGS -I/usr/local/include"
@@ -3920,6 +4190,7 @@ _ACEOF
3920 SONY=1 4190 SONY=1
3921 ;; 4191 ;;
3922*-*-netbsd*) 4192*-*-netbsd*)
4193 check_for_libcrypt_before=1
3923 need_dash_r=1 4194 need_dash_r=1
3924 ;; 4195 ;;
3925*-*-freebsd*) 4196*-*-freebsd*)
@@ -4250,7 +4521,7 @@ _ACEOF
4250_ACEOF 4521_ACEOF
4251 4522
4252 cat >>confdefs.h <<\_ACEOF 4523 cat >>confdefs.h <<\_ACEOF
4253#define BROKEN_FD_PASSING 1 4524#define DISABLE_FD_PASSING 1
4254_ACEOF 4525_ACEOF
4255 4526
4256 4527
@@ -4332,6 +4603,21 @@ done
4332 4603
4333 MANTYPE=man 4604 MANTYPE=man
4334 ;; 4605 ;;
4606*-*-unicosmk*)
4607 no_libsocket=1
4608 no_libnsl=1
4609 cat >>confdefs.h <<\_ACEOF
4610#define USE_PIPES 1
4611_ACEOF
4612
4613 cat >>confdefs.h <<\_ACEOF
4614#define DISABLE_FD_PASSING 1
4615_ACEOF
4616
4617 LDFLAGS="$LDFLAGS"
4618 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
4619 MANTYPE=cat
4620 ;;
4335*-*-unicos*) 4621*-*-unicos*)
4336 no_libsocket=1 4622 no_libsocket=1
4337 no_libnsl=1 4623 no_libnsl=1
@@ -4340,11 +4626,16 @@ done
4340_ACEOF 4626_ACEOF
4341 4627
4342 cat >>confdefs.h <<\_ACEOF 4628 cat >>confdefs.h <<\_ACEOF
4343#define BROKEN_FD_PASSING 1 4629#define DISABLE_FD_PASSING 1
4630_ACEOF
4631
4632 cat >>confdefs.h <<\_ACEOF
4633#define NO_SSH_LASTLOG 1
4344_ACEOF 4634_ACEOF
4345 4635
4346 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal,-L/usr/local/lib" 4636 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
4347 LIBS="$LIBS -lgen -lrsc" 4637 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
4638 MANTYPE=cat
4348 ;; 4639 ;;
4349*-dec-osf*) 4640*-dec-osf*)
4350 echo "$as_me:$LINENO: checking for Digital Unix SIA" >&5 4641 echo "$as_me:$LINENO: checking for Digital Unix SIA" >&5
@@ -4691,15 +4982,17 @@ done
4691 4982
4692 4983
4693 4984
4985
4986
4694for ac_header in bstring.h crypt.h endian.h floatingpoint.h \ 4987for ac_header in bstring.h crypt.h endian.h floatingpoint.h \
4695 getopt.h glob.h lastlog.h limits.h login.h \ 4988 getopt.h glob.h ia.h lastlog.h limits.h login.h \
4696 login_cap.h maillock.h netdb.h netgroup.h \ 4989 login_cap.h maillock.h netdb.h netgroup.h \
4697 netinet/in_systm.h paths.h pty.h readpassphrase.h \ 4990 netinet/in_systm.h paths.h pty.h readpassphrase.h \
4698 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ 4991 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
4699 strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ 4992 strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
4700 sys/mman.h sys/select.h sys/stat.h \ 4993 sys/mman.h sys/select.h sys/stat.h \
4701 sys/stropts.h sys/sysmacros.h sys/time.h \ 4994 sys/stropts.h sys/sysmacros.h sys/time.h \
4702 sys/un.h time.h ttyent.h usersec.h \ 4995 sys/un.h time.h tmpdir.h ttyent.h usersec.h \
4703 util.h utime.h utmp.h utmpx.h 4996 util.h utime.h utmp.h utmpx.h
4704do 4997do
4705as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` 4998as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
@@ -5646,7 +5939,11 @@ fi
5646echo "$as_me:$LINENO: result: $ac_cv_lib_c89_utimes" >&5 5939echo "$as_me:$LINENO: result: $ac_cv_lib_c89_utimes" >&5
5647echo "${ECHO_T}$ac_cv_lib_c89_utimes" >&6 5940echo "${ECHO_T}$ac_cv_lib_c89_utimes" >&6
5648if test $ac_cv_lib_c89_utimes = yes; then 5941if test $ac_cv_lib_c89_utimes = yes; then
5649 LIBS="$LIBS -lc89" 5942 cat >>confdefs.h <<\_ACEOF
5943#define HAVE_UTIMES 1
5944_ACEOF
5945
5946 LIBS="$LIBS -lc89"
5650fi 5947fi
5651 5948
5652 5949
@@ -6176,7 +6473,7 @@ else
6176 6473
6177#include <sys/types.h> 6474#include <sys/types.h>
6178#include <dirent.h> 6475#include <dirent.h>
6179int main(void){struct dirent d;return(sizeof(d.d_name)<=sizeof(char));} 6476int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
6180 6477
6181_ACEOF 6478_ACEOF
6182rm -f conftest$ac_exeext 6479rm -f conftest$ac_exeext
@@ -6244,7 +6541,7 @@ else
6244 6541
6245#include <stdio.h> 6542#include <stdio.h>
6246#include <skey.h> 6543#include <skey.h>
6247int main() { char *ff = skey_keyinfo(""); ff=""; return 0; } 6544int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
6248 6545
6249_ACEOF 6546_ACEOF
6250rm -f conftest$ac_exeext 6547rm -f conftest$ac_exeext
@@ -6442,9 +6739,10 @@ fi;
6442 6739
6443 6740
6444 6741
6742
6445for ac_func in arc4random b64_ntop bcopy bindresvport_sa \ 6743for ac_func in arc4random b64_ntop bcopy bindresvport_sa \
6446 clock fchmod fchown freeaddrinfo futimes gai_strerror \ 6744 clock fchmod fchown freeaddrinfo futimes gai_strerror \
6447 getaddrinfo getcwd getgrouplist getnameinfo getopt \ 6745 getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\
6448 getrlimit getrusage getttyent glob inet_aton inet_ntoa \ 6746 getrlimit getrusage getttyent glob inet_aton inet_ntoa \
6449 inet_ntop innetgr login_getcapbool md5_crypt memmove \ 6747 inet_ntop innetgr login_getcapbool md5_crypt memmove \
6450 mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \ 6748 mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \
@@ -6528,63 +6826,6 @@ fi
6528done 6826done
6529 6827
6530 6828
6531if test $ac_cv_func_mmap = yes ; then
6532echo "$as_me:$LINENO: checking for mmap anon shared" >&5
6533echo $ECHO_N "checking for mmap anon shared... $ECHO_C" >&6
6534if test "$cross_compiling" = yes; then
6535 { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5
6536echo "$as_me: error: cannot run test program while cross compiling" >&2;}
6537 { (exit 1); exit 1; }; }
6538else
6539 cat >conftest.$ac_ext <<_ACEOF
6540#line $LINENO "configure"
6541#include "confdefs.h"
6542
6543#include <stdio.h>
6544#include <sys/mman.h>
6545#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
6546#define MAP_ANON MAP_ANONYMOUS
6547#endif
6548main() { char *p;
6549p = (char *) mmap(NULL, 10, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0);
6550if (p == (char *)-1)
6551 exit(1);
6552exit(0);
6553}
6554
6555_ACEOF
6556rm -f conftest$ac_exeext
6557if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
6558 (eval $ac_link) 2>&5
6559 ac_status=$?
6560 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6561 (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
6562 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
6563 (eval $ac_try) 2>&5
6564 ac_status=$?
6565 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6566 (exit $ac_status); }; }; then
6567
6568 echo "$as_me:$LINENO: result: yes" >&5
6569echo "${ECHO_T}yes" >&6
6570 cat >>confdefs.h <<\_ACEOF
6571#define HAVE_MMAP_ANON_SHARED 1
6572_ACEOF
6573
6574
6575else
6576 echo "$as_me: program exited with status $ac_status" >&5
6577echo "$as_me: failed program was:" >&5
6578cat conftest.$ac_ext >&5
6579( exit $ac_status )
6580 echo "$as_me:$LINENO: result: no" >&5
6581echo "${ECHO_T}no" >&6
6582
6583fi
6584rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
6585fi
6586fi
6587
6588 6829
6589for ac_func in dirname 6830for ac_func in dirname
6590do 6831do
@@ -7697,7 +7938,7 @@ else
7697#include "confdefs.h" 7938#include "confdefs.h"
7698 7939
7699#include <stdio.h> 7940#include <stdio.h>
7700int main(void){char b[5];snprintf(b,5,"123456789");return(b[4]!='\0');} 7941int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
7701 7942
7702_ACEOF 7943_ACEOF
7703rm -f conftest$ac_exeext 7944rm -f conftest$ac_exeext
@@ -8090,6 +8331,76 @@ fi
8090rm -f conftest.$ac_objext conftest.$ac_ext 8331rm -f conftest.$ac_objext conftest.$ac_ext
8091fi 8332fi
8092 8333
8334# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
8335# because the system crypt() is more featureful.
8336if test "x$check_for_libcrypt_before" = "x1"; then
8337
8338echo "$as_me:$LINENO: checking for crypt in -lcrypt" >&5
8339echo $ECHO_N "checking for crypt in -lcrypt... $ECHO_C" >&6
8340if test "${ac_cv_lib_crypt_crypt+set}" = set; then
8341 echo $ECHO_N "(cached) $ECHO_C" >&6
8342else
8343 ac_check_lib_save_LIBS=$LIBS
8344LIBS="-lcrypt $LIBS"
8345cat >conftest.$ac_ext <<_ACEOF
8346#line $LINENO "configure"
8347#include "confdefs.h"
8348
8349/* Override any gcc2 internal prototype to avoid an error. */
8350#ifdef __cplusplus
8351extern "C"
8352#endif
8353/* We use char because int might match the return type of a gcc2
8354 builtin and then its argument prototype would still apply. */
8355char crypt ();
8356#ifdef F77_DUMMY_MAIN
8357# ifdef __cplusplus
8358 extern "C"
8359# endif
8360 int F77_DUMMY_MAIN() { return 1; }
8361#endif
8362int
8363main ()
8364{
8365crypt ();
8366 ;
8367 return 0;
8368}
8369_ACEOF
8370rm -f conftest.$ac_objext conftest$ac_exeext
8371if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
8372 (eval $ac_link) 2>&5
8373 ac_status=$?
8374 echo "$as_me:$LINENO: \$? = $ac_status" >&5
8375 (exit $ac_status); } &&
8376 { ac_try='test -s conftest$ac_exeext'
8377 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
8378 (eval $ac_try) 2>&5
8379 ac_status=$?
8380 echo "$as_me:$LINENO: \$? = $ac_status" >&5
8381 (exit $ac_status); }; }; then
8382 ac_cv_lib_crypt_crypt=yes
8383else
8384 echo "$as_me: failed program was:" >&5
8385cat conftest.$ac_ext >&5
8386ac_cv_lib_crypt_crypt=no
8387fi
8388rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
8389LIBS=$ac_check_lib_save_LIBS
8390fi
8391echo "$as_me:$LINENO: result: $ac_cv_lib_crypt_crypt" >&5
8392echo "${ECHO_T}$ac_cv_lib_crypt_crypt" >&6
8393if test $ac_cv_lib_crypt_crypt = yes; then
8394 cat >>confdefs.h <<_ACEOF
8395#define HAVE_LIBCRYPT 1
8396_ACEOF
8397
8398 LIBS="-lcrypt $LIBS"
8399
8400fi
8401
8402fi
8403
8093# Search for OpenSSL 8404# Search for OpenSSL
8094saved_CPPFLAGS="$CPPFLAGS" 8405saved_CPPFLAGS="$CPPFLAGS"
8095saved_LDFLAGS="$LDFLAGS" 8406saved_LDFLAGS="$LDFLAGS"
@@ -8230,6 +8541,134 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
8230fi 8541fi
8231rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext 8542rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
8232 8543
8544# Determine OpenSSL header version
8545echo "$as_me:$LINENO: checking OpenSSL header version" >&5
8546echo $ECHO_N "checking OpenSSL header version... $ECHO_C" >&6
8547if test "$cross_compiling" = yes; then
8548 { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5
8549echo "$as_me: error: cannot run test program while cross compiling" >&2;}
8550 { (exit 1); exit 1; }; }
8551else
8552 cat >conftest.$ac_ext <<_ACEOF
8553#line $LINENO "configure"
8554#include "confdefs.h"
8555
8556#include <stdio.h>
8557#include <string.h>
8558#include <openssl/opensslv.h>
8559#define DATA "conftest.sslincver"
8560int main(void) {
8561 FILE *fd;
8562 int rc;
8563
8564 fd = fopen(DATA,"w");
8565 if(fd == NULL)
8566 exit(1);
8567
8568 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
8569 exit(1);
8570
8571 exit(0);
8572}
8573
8574_ACEOF
8575rm -f conftest$ac_exeext
8576if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
8577 (eval $ac_link) 2>&5
8578 ac_status=$?
8579 echo "$as_me:$LINENO: \$? = $ac_status" >&5
8580 (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
8581 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
8582 (eval $ac_try) 2>&5
8583 ac_status=$?
8584 echo "$as_me:$LINENO: \$? = $ac_status" >&5
8585 (exit $ac_status); }; }; then
8586
8587 ssl_header_ver=`cat conftest.sslincver`
8588 echo "$as_me:$LINENO: result: $ssl_header_ver" >&5
8589echo "${ECHO_T}$ssl_header_ver" >&6
8590
8591else
8592 echo "$as_me: program exited with status $ac_status" >&5
8593echo "$as_me: failed program was:" >&5
8594cat conftest.$ac_ext >&5
8595( exit $ac_status )
8596
8597 echo "$as_me:$LINENO: result: not found" >&5
8598echo "${ECHO_T}not found" >&6
8599 { { echo "$as_me:$LINENO: error: OpenSSL version header not found." >&5
8600echo "$as_me: error: OpenSSL version header not found." >&2;}
8601 { (exit 1); exit 1; }; }
8602
8603
8604fi
8605rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
8606fi
8607
8608# Determine OpenSSL library version
8609echo "$as_me:$LINENO: checking OpenSSL library version" >&5
8610echo $ECHO_N "checking OpenSSL library version... $ECHO_C" >&6
8611if test "$cross_compiling" = yes; then
8612 { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5
8613echo "$as_me: error: cannot run test program while cross compiling" >&2;}
8614 { (exit 1); exit 1; }; }
8615else
8616 cat >conftest.$ac_ext <<_ACEOF
8617#line $LINENO "configure"
8618#include "confdefs.h"
8619
8620#include <stdio.h>
8621#include <string.h>
8622#include <openssl/opensslv.h>
8623#include <openssl/crypto.h>
8624#define DATA "conftest.ssllibver"
8625int main(void) {
8626 FILE *fd;
8627 int rc;
8628
8629 fd = fopen(DATA,"w");
8630 if(fd == NULL)
8631 exit(1);
8632
8633 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
8634 exit(1);
8635
8636 exit(0);
8637}
8638
8639_ACEOF
8640rm -f conftest$ac_exeext
8641if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
8642 (eval $ac_link) 2>&5
8643 ac_status=$?
8644 echo "$as_me:$LINENO: \$? = $ac_status" >&5
8645 (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
8646 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
8647 (eval $ac_try) 2>&5
8648 ac_status=$?
8649 echo "$as_me:$LINENO: \$? = $ac_status" >&5
8650 (exit $ac_status); }; }; then
8651
8652 ssl_library_ver=`cat conftest.ssllibver`
8653 echo "$as_me:$LINENO: result: $ssl_library_ver" >&5
8654echo "${ECHO_T}$ssl_library_ver" >&6
8655
8656else
8657 echo "$as_me: program exited with status $ac_status" >&5
8658echo "$as_me: failed program was:" >&5
8659cat conftest.$ac_ext >&5
8660( exit $ac_status )
8661
8662 echo "$as_me:$LINENO: result: not found" >&5
8663echo "${ECHO_T}not found" >&6
8664 { { echo "$as_me:$LINENO: error: OpenSSL library not found." >&5
8665echo "$as_me: error: OpenSSL library not found." >&2;}
8666 { (exit 1); exit 1; }; }
8667
8668
8669fi
8670rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
8671fi
8233 8672
8234# Sanity check OpenSSL headers 8673# Sanity check OpenSSL headers
8235echo "$as_me:$LINENO: checking whether OpenSSL's headers match the library" >&5 8674echo "$as_me:$LINENO: checking whether OpenSSL's headers match the library" >&5
@@ -8245,7 +8684,7 @@ else
8245 8684
8246#include <string.h> 8685#include <string.h>
8247#include <openssl/opensslv.h> 8686#include <openssl/opensslv.h>
8248int main(void) { return(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } 8687int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
8249 8688
8250_ACEOF 8689_ACEOF
8251rm -f conftest$ac_exeext 8690rm -f conftest$ac_exeext
@@ -8361,7 +8800,7 @@ else
8361 8800
8362#include <string.h> 8801#include <string.h>
8363#include <openssl/rand.h> 8802#include <openssl/rand.h>
8364int main(void) { return(RAND_status() == 1 ? 0 : 1); } 8803int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
8365 8804
8366_ACEOF 8805_ACEOF
8367rm -f conftest$ac_exeext 8806rm -f conftest$ac_exeext
@@ -11321,7 +11760,16 @@ else
11321 cat >conftest.$ac_ext <<_ACEOF 11760 cat >conftest.$ac_ext <<_ACEOF
11322#line $LINENO "configure" 11761#line $LINENO "configure"
11323#include "confdefs.h" 11762#include "confdefs.h"
11324 #include <sys/types.h> 11763
11764#include <sys/types.h>
11765#ifdef HAVE_STDINT_H
11766# include <stdint.h>
11767#endif
11768#include <sys/socket.h>
11769#ifdef HAVE_SYS_BITYPES_H
11770# include <sys/bitypes.h>
11771#endif
11772
11325#ifdef F77_DUMMY_MAIN 11773#ifdef F77_DUMMY_MAIN
11326# ifdef __cplusplus 11774# ifdef __cplusplus
11327 extern "C" 11775 extern "C"
@@ -11365,109 +11813,6 @@ if test "x$ac_cv_have_int64_t" = "xyes" ; then
11365#define HAVE_INT64_T 1 11813#define HAVE_INT64_T 1
11366_ACEOF 11814_ACEOF
11367 11815
11368 have_int64_t=1
11369fi
11370
11371if test -z "$have_int64_t" ; then
11372 echo "$as_me:$LINENO: checking for int64_t type in sys/socket.h" >&5
11373echo $ECHO_N "checking for int64_t type in sys/socket.h... $ECHO_C" >&6
11374 cat >conftest.$ac_ext <<_ACEOF
11375#line $LINENO "configure"
11376#include "confdefs.h"
11377 #include <sys/socket.h>
11378#ifdef F77_DUMMY_MAIN
11379# ifdef __cplusplus
11380 extern "C"
11381# endif
11382 int F77_DUMMY_MAIN() { return 1; }
11383#endif
11384int
11385main ()
11386{
11387 int64_t a; a = 1
11388 ;
11389 return 0;
11390}
11391_ACEOF
11392rm -f conftest.$ac_objext
11393if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
11394 (eval $ac_compile) 2>&5
11395 ac_status=$?
11396 echo "$as_me:$LINENO: \$? = $ac_status" >&5
11397 (exit $ac_status); } &&
11398 { ac_try='test -s conftest.$ac_objext'
11399 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
11400 (eval $ac_try) 2>&5
11401 ac_status=$?
11402 echo "$as_me:$LINENO: \$? = $ac_status" >&5
11403 (exit $ac_status); }; }; then
11404
11405 cat >>confdefs.h <<\_ACEOF
11406#define HAVE_INT64_T 1
11407_ACEOF
11408
11409 echo "$as_me:$LINENO: result: yes" >&5
11410echo "${ECHO_T}yes" >&6
11411
11412else
11413 echo "$as_me: failed program was:" >&5
11414cat conftest.$ac_ext >&5
11415 echo "$as_me:$LINENO: result: no" >&5
11416echo "${ECHO_T}no" >&6
11417
11418fi
11419rm -f conftest.$ac_objext conftest.$ac_ext
11420fi
11421
11422if test -z "$have_int64_t" ; then
11423 echo "$as_me:$LINENO: checking for int64_t type in sys/bitypes.h" >&5
11424echo $ECHO_N "checking for int64_t type in sys/bitypes.h... $ECHO_C" >&6
11425 cat >conftest.$ac_ext <<_ACEOF
11426#line $LINENO "configure"
11427#include "confdefs.h"
11428 #include <sys/bitypes.h>
11429#ifdef F77_DUMMY_MAIN
11430# ifdef __cplusplus
11431 extern "C"
11432# endif
11433 int F77_DUMMY_MAIN() { return 1; }
11434#endif
11435int
11436main ()
11437{
11438 int64_t a; a = 1
11439 ;
11440 return 0;
11441}
11442_ACEOF
11443rm -f conftest.$ac_objext
11444if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
11445 (eval $ac_compile) 2>&5
11446 ac_status=$?
11447 echo "$as_me:$LINENO: \$? = $ac_status" >&5
11448 (exit $ac_status); } &&
11449 { ac_try='test -s conftest.$ac_objext'
11450 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
11451 (eval $ac_try) 2>&5
11452 ac_status=$?
11453 echo "$as_me:$LINENO: \$? = $ac_status" >&5
11454 (exit $ac_status); }; }; then
11455
11456 cat >>confdefs.h <<\_ACEOF
11457#define HAVE_INT64_T 1
11458_ACEOF
11459
11460 echo "$as_me:$LINENO: result: yes" >&5
11461echo "${ECHO_T}yes" >&6
11462
11463else
11464 echo "$as_me: failed program was:" >&5
11465cat conftest.$ac_ext >&5
11466 echo "$as_me:$LINENO: result: no" >&5
11467echo "${ECHO_T}no" >&6
11468
11469fi
11470rm -f conftest.$ac_objext conftest.$ac_ext
11471fi 11816fi
11472 11817
11473echo "$as_me:$LINENO: checking for u_intXX_t types" >&5 11818echo "$as_me:$LINENO: checking for u_intXX_t types" >&5
@@ -15334,6 +15679,11 @@ if test "${with_xauth+set}" = set; then
15334 15679
15335else 15680else
15336 15681
15682 TestPath="$PATH"
15683 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
15684 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
15685 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
15686 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
15337 # Extract the first word of "xauth", so it can be a program name with args. 15687 # Extract the first word of "xauth", so it can be a program name with args.
15338set dummy xauth; ac_word=$2 15688set dummy xauth; ac_word=$2
15339echo "$as_me:$LINENO: checking for $ac_word" >&5 15689echo "$as_me:$LINENO: checking for $ac_word" >&5
@@ -15347,7 +15697,7 @@ else
15347 ;; 15697 ;;
15348 *) 15698 *)
15349 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR 15699 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
15350for as_dir in $PATH:/usr/X/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/openwin/bin 15700for as_dir in $TestPath
15351do 15701do
15352 IFS=$as_save_IFS 15702 IFS=$as_save_IFS
15353 test -z "$as_dir" && as_dir=. 15703 test -z "$as_dir" && as_dir=.
@@ -15482,6 +15832,7 @@ echo "$as_me: error: invalid man type: $withval" >&2;}
15482 15832
15483fi; 15833fi;
15484if test -z "$MANTYPE"; then 15834if test -z "$MANTYPE"; then
15835 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
15485 for ac_prog in nroff awf 15836 for ac_prog in nroff awf
15486do 15837do
15487 # Extract the first word of "$ac_prog", so it can be a program name with args. 15838 # Extract the first word of "$ac_prog", so it can be a program name with args.
@@ -15497,8 +15848,7 @@ else
15497 ;; 15848 ;;
15498 *) 15849 *)
15499 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR 15850 as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
15500as_dummy="/usr/bin:/usr/ucb" 15851for as_dir in $TestPath
15501for as_dir in $as_dummy
15502do 15852do
15503 IFS=$as_save_IFS 15853 IFS=$as_save_IFS
15504 test -z "$as_dir" && as_dir=. 15854 test -z "$as_dir" && as_dir=.
@@ -16997,7 +17347,6 @@ s,@INSTALL_DATA@,$INSTALL_DATA,;t t
16997s,@AR@,$AR,;t t 17347s,@AR@,$AR,;t t
16998s,@PERL@,$PERL,;t t 17348s,@PERL@,$PERL,;t t
16999s,@ENT@,$ENT,;t t 17349s,@ENT@,$ENT,;t t
17000s,@FILEPRIV@,$FILEPRIV,;t t
17001s,@TEST_MINUS_S_SH@,$TEST_MINUS_S_SH,;t t 17350s,@TEST_MINUS_S_SH@,$TEST_MINUS_S_SH,;t t
17002s,@SH@,$SH,;t t 17351s,@SH@,$SH,;t t
17003s,@LOGIN_PROGRAM_FALLBACK@,$LOGIN_PROGRAM_FALLBACK,;t t 17352s,@LOGIN_PROGRAM_FALLBACK@,$LOGIN_PROGRAM_FALLBACK,;t t
diff --git a/configure.ac b/configure.ac
index ad5d5cde9..5fe50e56b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
1# $Id: configure.ac,v 1.72 2002/06/25 22:35:16 tim Exp $ 1# $Id: configure.ac,v 1.89 2002/09/26 00:38:47 tim Exp $
2 2
3AC_INIT 3AC_INIT
4AC_CONFIG_SRCDIR([ssh.c]) 4AC_CONFIG_SRCDIR([ssh.c])
@@ -17,7 +17,6 @@ AC_PATH_PROGS(PERL, perl5 perl)
17AC_SUBST(PERL) 17AC_SUBST(PERL)
18AC_PATH_PROG(ENT, ent) 18AC_PATH_PROG(ENT, ent)
19AC_SUBST(ENT) 19AC_SUBST(ENT)
20AC_PATH_PROGS(FILEPRIV, filepriv, true, /sbin:/usr/sbin)
21AC_PATH_PROG(TEST_MINUS_S_SH, bash) 20AC_PATH_PROG(TEST_MINUS_S_SH, bash)
22AC_PATH_PROG(TEST_MINUS_S_SH, ksh) 21AC_PATH_PROG(TEST_MINUS_S_SH, ksh)
23AC_PATH_PROG(TEST_MINUS_S_SH, sh) 22AC_PATH_PROG(TEST_MINUS_S_SH, sh)
@@ -71,7 +70,12 @@ case "$host" in
71 ) 70 )
72 LDFLAGS="$saved_LDFLAGS" 71 LDFLAGS="$saved_LDFLAGS"
73 fi 72 fi
74 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)]) 73 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
74 [AC_CHECK_LIB(s,authenticate,
75 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
76 LIBS="$LIBS -ls"
77 ])
78 ])
75 AC_DEFINE(BROKEN_GETADDRINFO) 79 AC_DEFINE(BROKEN_GETADDRINFO)
76 AC_DEFINE(BROKEN_REALPATH) 80 AC_DEFINE(BROKEN_REALPATH)
77 dnl AIX handles lastlog as part of its login message 81 dnl AIX handles lastlog as part of its login message
@@ -86,14 +90,24 @@ case "$host" in
86 AC_DEFINE(IPV4_DEFAULT) 90 AC_DEFINE(IPV4_DEFAULT)
87 AC_DEFINE(IP_TOS_IS_BROKEN) 91 AC_DEFINE(IP_TOS_IS_BROKEN)
88 AC_DEFINE(NO_X11_UNIX_SOCKETS) 92 AC_DEFINE(NO_X11_UNIX_SOCKETS)
89 AC_DEFINE(BROKEN_FD_PASSING) 93 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT)
94 AC_DEFINE(DISABLE_FD_PASSING)
90 AC_DEFINE(SETGROUPS_NOOP) 95 AC_DEFINE(SETGROUPS_NOOP)
91 ;; 96 ;;
92*-*-dgux*) 97*-*-dgux*)
93 AC_DEFINE(IP_TOS_IS_BROKEN) 98 AC_DEFINE(IP_TOS_IS_BROKEN)
94 ;; 99 ;;
95*-*-darwin*) 100*-*-darwin*)
96 AC_DEFINE(BROKEN_GETADDRINFO) 101 AC_MSG_CHECKING(if we have working getaddrinfo)
102 AC_TRY_RUN([#include <mach-o/dyld.h>
103main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
104 exit(0);
105 else
106 exit(1);
107}], [AC_MSG_RESULT(working)],
108 [AC_MSG_RESULT(buggy)
109 AC_DEFINE(BROKEN_GETADDRINFO)],
110 [AC_MSG_RESULT(assume it is working)])
97 ;; 111 ;;
98*-*-hpux10.26) 112*-*-hpux10.26)
99 if test -z "$GCC"; then 113 if test -z "$GCC"; then
@@ -108,7 +122,8 @@ case "$host" in
108 AC_DEFINE(DISABLE_SHADOW) 122 AC_DEFINE(DISABLE_SHADOW)
109 AC_DEFINE(DISABLE_UTMP) 123 AC_DEFINE(DISABLE_UTMP)
110 AC_DEFINE(SPT_TYPE,SPT_PSTAT) 124 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
111 LIBS="$LIBS -lxnet -lsec -lsecpw" 125 LIBS="$LIBS -lsec -lsecpw"
126 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
112 disable_ptmx_check=yes 127 disable_ptmx_check=yes
113 ;; 128 ;;
114*-*-hpux10*) 129*-*-hpux10*)
@@ -123,7 +138,8 @@ case "$host" in
123 AC_DEFINE(DISABLE_SHADOW) 138 AC_DEFINE(DISABLE_SHADOW)
124 AC_DEFINE(DISABLE_UTMP) 139 AC_DEFINE(DISABLE_UTMP)
125 AC_DEFINE(SPT_TYPE,SPT_PSTAT) 140 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
126 LIBS="$LIBS -lxnet -lsec" 141 LIBS="$LIBS -lsec"
142 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
127 ;; 143 ;;
128*-*-hpux11*) 144*-*-hpux11*)
129 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 145 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
@@ -135,7 +151,8 @@ case "$host" in
135 AC_DEFINE(DISABLE_SHADOW) 151 AC_DEFINE(DISABLE_SHADOW)
136 AC_DEFINE(DISABLE_UTMP) 152 AC_DEFINE(DISABLE_UTMP)
137 AC_DEFINE(SPT_TYPE,SPT_PSTAT) 153 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
138 LIBS="$LIBS -lxnet -lsec" 154 LIBS="$LIBS -lsec"
155 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
139 ;; 156 ;;
140*-*-irix5*) 157*-*-irix5*)
141 CPPFLAGS="$CPPFLAGS -I/usr/local/include" 158 CPPFLAGS="$CPPFLAGS -I/usr/local/include"
@@ -167,6 +184,7 @@ mips-sony-bsd|mips-sony-newsos4)
167 SONY=1 184 SONY=1
168 ;; 185 ;;
169*-*-netbsd*) 186*-*-netbsd*)
187 check_for_libcrypt_before=1
170 need_dash_r=1 188 need_dash_r=1
171 ;; 189 ;;
172*-*-freebsd*) 190*-*-freebsd*)
@@ -267,17 +285,28 @@ mips-sony-bsd|mips-sony-newsos4)
267 AC_DEFINE(USE_PIPES) 285 AC_DEFINE(USE_PIPES)
268 AC_DEFINE(HAVE_SECUREWARE) 286 AC_DEFINE(HAVE_SECUREWARE)
269 AC_DEFINE(DISABLE_SHADOW) 287 AC_DEFINE(DISABLE_SHADOW)
270 AC_DEFINE(BROKEN_FD_PASSING) 288 AC_DEFINE(DISABLE_FD_PASSING)
271 AC_CHECK_FUNCS(getluid setluid) 289 AC_CHECK_FUNCS(getluid setluid)
272 MANTYPE=man 290 MANTYPE=man
273 ;; 291 ;;
292*-*-unicosmk*)
293 no_libsocket=1
294 no_libnsl=1
295 AC_DEFINE(USE_PIPES)
296 AC_DEFINE(DISABLE_FD_PASSING)
297 LDFLAGS="$LDFLAGS"
298 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
299 MANTYPE=cat
300 ;;
274*-*-unicos*) 301*-*-unicos*)
275 no_libsocket=1 302 no_libsocket=1
276 no_libnsl=1 303 no_libnsl=1
277 AC_DEFINE(USE_PIPES) 304 AC_DEFINE(USE_PIPES)
278 AC_DEFINE(BROKEN_FD_PASSING) 305 AC_DEFINE(DISABLE_FD_PASSING)
279 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal,-L/usr/local/lib" 306 AC_DEFINE(NO_SSH_LASTLOG)
280 LIBS="$LIBS -lgen -lrsc" 307 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
308 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
309 MANTYPE=cat
281 ;; 310 ;;
282*-dec-osf*) 311*-dec-osf*)
283 AC_MSG_CHECKING(for Digital Unix SIA) 312 AC_MSG_CHECKING(for Digital Unix SIA)
@@ -348,14 +377,14 @@ AC_ARG_WITH(libs,
348 377
349# Checks for header files. 378# Checks for header files.
350AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \ 379AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \
351 getopt.h glob.h lastlog.h limits.h login.h \ 380 getopt.h glob.h ia.h lastlog.h limits.h login.h \
352 login_cap.h maillock.h netdb.h netgroup.h \ 381 login_cap.h maillock.h netdb.h netgroup.h \
353 netinet/in_systm.h paths.h pty.h readpassphrase.h \ 382 netinet/in_systm.h paths.h pty.h readpassphrase.h \
354 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ 383 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
355 strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ 384 strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
356 sys/mman.h sys/select.h sys/stat.h \ 385 sys/mman.h sys/select.h sys/stat.h \
357 sys/stropts.h sys/sysmacros.h sys/time.h \ 386 sys/stropts.h sys/sysmacros.h sys/time.h \
358 sys/un.h time.h ttyent.h usersec.h \ 387 sys/un.h time.h tmpdir.h ttyent.h usersec.h \
359 util.h utime.h utmp.h utmpx.h) 388 util.h utime.h utmp.h utmpx.h)
360 389
361# Checks for libraries. 390# Checks for libraries.
@@ -419,7 +448,8 @@ AC_CHECK_FUNC(strcasecmp,
419 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ] 448 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
420) 449)
421AC_CHECK_FUNC(utimes, 450AC_CHECK_FUNC(utimes,
422 [], [ AC_CHECK_LIB(c89, utimes, LIBS="$LIBS -lc89") ] 451 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
452 LIBS="$LIBS -lc89"]) ]
423) 453)
424 454
425dnl Checks for libutil functions 455dnl Checks for libutil functions
@@ -468,7 +498,7 @@ AC_TRY_RUN(
468 [ 498 [
469#include <sys/types.h> 499#include <sys/types.h>
470#include <dirent.h> 500#include <dirent.h>
471int main(void){struct dirent d;return(sizeof(d.d_name)<=sizeof(char));} 501int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
472 ], 502 ],
473 [AC_MSG_RESULT(yes)], 503 [AC_MSG_RESULT(yes)],
474 [ 504 [
@@ -499,7 +529,7 @@ AC_ARG_WITH(skey,
499 [ 529 [
500#include <stdio.h> 530#include <stdio.h>
501#include <skey.h> 531#include <skey.h>
502int main() { char *ff = skey_keyinfo(""); ff=""; return 0; } 532int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
503 ], 533 ],
504 [AC_MSG_RESULT(yes)], 534 [AC_MSG_RESULT(yes)],
505 [ 535 [
@@ -567,7 +597,7 @@ AC_ARG_WITH(tcp-wrappers,
567dnl Checks for library functions. 597dnl Checks for library functions.
568AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \ 598AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \
569 clock fchmod fchown freeaddrinfo futimes gai_strerror \ 599 clock fchmod fchown freeaddrinfo futimes gai_strerror \
570 getaddrinfo getcwd getgrouplist getnameinfo getopt \ 600 getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\
571 getrlimit getrusage getttyent glob inet_aton inet_ntoa \ 601 getrlimit getrusage getttyent glob inet_aton inet_ntoa \
572 inet_ntop innetgr login_getcapbool md5_crypt memmove \ 602 inet_ntop innetgr login_getcapbool md5_crypt memmove \
573 mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \ 603 mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \
@@ -577,30 +607,6 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \
577 socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \ 607 socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \
578 truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty) 608 truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty)
579 609
580if test $ac_cv_func_mmap = yes ; then
581AC_MSG_CHECKING([for mmap anon shared])
582AC_TRY_RUN(
583 [
584#include <stdio.h>
585#include <sys/mman.h>
586#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
587#define MAP_ANON MAP_ANONYMOUS
588#endif
589main() { char *p;
590p = (char *) mmap(NULL, 10, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0);
591if (p == (char *)-1)
592 exit(1);
593exit(0);
594}
595 ],
596 [
597 AC_MSG_RESULT(yes)
598 AC_DEFINE(HAVE_MMAP_ANON_SHARED)
599 ],
600 [ AC_MSG_RESULT(no) ]
601)
602fi
603
604dnl IRIX and Solaris 2.5.1 have dirname() in libgen 610dnl IRIX and Solaris 2.5.1 have dirname() in libgen
605AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[ 611AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
606 AC_CHECK_LIB(gen, dirname,[ 612 AC_CHECK_LIB(gen, dirname,[
@@ -663,7 +669,7 @@ if test "x$ac_cv_func_snprintf" = "xyes" ; then
663 AC_TRY_RUN( 669 AC_TRY_RUN(
664 [ 670 [
665#include <stdio.h> 671#include <stdio.h>
666int main(void){char b[5];snprintf(b,5,"123456789");return(b[4]!='\0');} 672int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
667 ], 673 ],
668 [AC_MSG_RESULT(yes)], 674 [AC_MSG_RESULT(yes)],
669 [ 675 [
@@ -723,6 +729,12 @@ if test "x$PAM_MSG" = "xyes" ; then
723 ) 729 )
724fi 730fi
725 731
732# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
733# because the system crypt() is more featureful.
734if test "x$check_for_libcrypt_before" = "x1"; then
735 AC_CHECK_LIB(crypt, crypt)
736fi
737
726# Search for OpenSSL 738# Search for OpenSSL
727saved_CPPFLAGS="$CPPFLAGS" 739saved_CPPFLAGS="$CPPFLAGS"
728saved_LDFLAGS="$LDFLAGS" 740saved_LDFLAGS="$LDFLAGS"
@@ -769,6 +781,70 @@ AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
769 ] 781 ]
770) 782)
771 783
784# Determine OpenSSL header version
785AC_MSG_CHECKING([OpenSSL header version])
786AC_TRY_RUN(
787 [
788#include <stdio.h>
789#include <string.h>
790#include <openssl/opensslv.h>
791#define DATA "conftest.sslincver"
792int main(void) {
793 FILE *fd;
794 int rc;
795
796 fd = fopen(DATA,"w");
797 if(fd == NULL)
798 exit(1);
799
800 if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0)
801 exit(1);
802
803 exit(0);
804}
805 ],
806 [
807 ssl_header_ver=`cat conftest.sslincver`
808 AC_MSG_RESULT($ssl_header_ver)
809 ],
810 [
811 AC_MSG_RESULT(not found)
812 AC_MSG_ERROR(OpenSSL version header not found.)
813 ]
814)
815
816# Determine OpenSSL library version
817AC_MSG_CHECKING([OpenSSL library version])
818AC_TRY_RUN(
819 [
820#include <stdio.h>
821#include <string.h>
822#include <openssl/opensslv.h>
823#include <openssl/crypto.h>
824#define DATA "conftest.ssllibver"
825int main(void) {
826 FILE *fd;
827 int rc;
828
829 fd = fopen(DATA,"w");
830 if(fd == NULL)
831 exit(1);
832
833 if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
834 exit(1);
835
836 exit(0);
837}
838 ],
839 [
840 ssl_library_ver=`cat conftest.ssllibver`
841 AC_MSG_RESULT($ssl_library_ver)
842 ],
843 [
844 AC_MSG_RESULT(not found)
845 AC_MSG_ERROR(OpenSSL library not found.)
846 ]
847)
772 848
773# Sanity check OpenSSL headers 849# Sanity check OpenSSL headers
774AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 850AC_MSG_CHECKING([whether OpenSSL's headers match the library])
@@ -776,7 +852,7 @@ AC_TRY_RUN(
776 [ 852 [
777#include <string.h> 853#include <string.h>
778#include <openssl/opensslv.h> 854#include <openssl/opensslv.h>
779int main(void) { return(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } 855int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
780 ], 856 ],
781 [ 857 [
782 AC_MSG_RESULT(yes) 858 AC_MSG_RESULT(yes)
@@ -802,7 +878,7 @@ AC_TRY_RUN(
802 [ 878 [
803#include <string.h> 879#include <string.h>
804#include <openssl/rand.h> 880#include <openssl/rand.h>
805int main(void) { return(RAND_status() == 1 ? 0 : 1); } 881int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
806 ], 882 ],
807 [ 883 [
808 OPENSSL_SEEDS_ITSELF=yes 884 OPENSSL_SEEDS_ITSELF=yes
@@ -1056,7 +1132,16 @@ fi
1056 1132
1057AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ 1133AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1058 AC_TRY_COMPILE( 1134 AC_TRY_COMPILE(
1059 [ #include <sys/types.h> ], 1135 [
1136#include <sys/types.h>
1137#ifdef HAVE_STDINT_H
1138# include <stdint.h>
1139#endif
1140#include <sys/socket.h>
1141#ifdef HAVE_SYS_BITYPES_H
1142# include <sys/bitypes.h>
1143#endif
1144 ],
1060 [ int64_t a; a = 1;], 1145 [ int64_t a; a = 1;],
1061 [ ac_cv_have_int64_t="yes" ], 1146 [ ac_cv_have_int64_t="yes" ],
1062 [ ac_cv_have_int64_t="no" ] 1147 [ ac_cv_have_int64_t="no" ]
@@ -1064,33 +1149,6 @@ AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
1064]) 1149])
1065if test "x$ac_cv_have_int64_t" = "xyes" ; then 1150if test "x$ac_cv_have_int64_t" = "xyes" ; then
1066 AC_DEFINE(HAVE_INT64_T) 1151 AC_DEFINE(HAVE_INT64_T)
1067 have_int64_t=1
1068fi
1069
1070if test -z "$have_int64_t" ; then
1071 AC_MSG_CHECKING([for int64_t type in sys/socket.h])
1072 AC_TRY_COMPILE(
1073 [ #include <sys/socket.h> ],
1074 [ int64_t a; a = 1],
1075 [
1076 AC_DEFINE(HAVE_INT64_T)
1077 AC_MSG_RESULT(yes)
1078 ],
1079 [ AC_MSG_RESULT(no) ]
1080 )
1081fi
1082
1083if test -z "$have_int64_t" ; then
1084 AC_MSG_CHECKING([for int64_t type in sys/bitypes.h])
1085 AC_TRY_COMPILE(
1086 [ #include <sys/bitypes.h> ],
1087 [ int64_t a; a = 1],
1088 [
1089 AC_DEFINE(HAVE_INT64_T)
1090 AC_MSG_RESULT(yes)
1091 ],
1092 [ AC_MSG_RESULT(no) ]
1093 )
1094fi 1152fi
1095 1153
1096AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 1154AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
@@ -1819,7 +1877,7 @@ LIBS="$LIBS $KLIBS $K5LIBS"
1819 1877
1820PRIVSEP_PATH=/var/empty 1878PRIVSEP_PATH=/var/empty
1821AC_ARG_WITH(privsep-path, 1879AC_ARG_WITH(privsep-path,
1822 [ --with-privsep-path=xxx Path for privilege separation chroot ], 1880 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
1823 [ 1881 [
1824 if test "x$withval" != "$no" ; then 1882 if test "x$withval" != "$no" ; then
1825 PRIVSEP_PATH=$withval 1883 PRIVSEP_PATH=$withval
@@ -1836,7 +1894,12 @@ AC_ARG_WITH(xauth,
1836 fi 1894 fi
1837 ], 1895 ],
1838 [ 1896 [
1839 AC_PATH_PROG(xauth_path, xauth,,$PATH:/usr/X/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/openwin/bin) 1897 TestPath="$PATH"
1898 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin"
1899 TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11"
1900 TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin"
1901 TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin"
1902 AC_PATH_PROG(xauth_path, xauth, , $TestPath)
1840 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then 1903 if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
1841 xauth_path="/usr/openwin/bin/xauth" 1904 xauth_path="/usr/openwin/bin/xauth"
1842 fi 1905 fi
@@ -1890,7 +1953,8 @@ AC_ARG_WITH(mantype,
1890 ] 1953 ]
1891) 1954)
1892if test -z "$MANTYPE"; then 1955if test -z "$MANTYPE"; then
1893 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, /usr/bin:/usr/ucb) 1956 TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
1957 AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath)
1894 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then 1958 if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
1895 MANTYPE=doc 1959 MANTYPE=doc
1896 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then 1960 elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
diff --git a/contrib/Makefile b/contrib/Makefile
new file mode 100644
index 000000000..2cef46f6c
--- /dev/null
+++ b/contrib/Makefile
@@ -0,0 +1,15 @@
1all:
2 @echo "Valid targets: gnome-ssh-askpass1 gnome-ssh-askpass2"
3
4gnome-ssh-askpass1: gnome-ssh-askpass1.c
5 $(CC) `gnome-config --cflags gnome gnomeui` \
6 gnome-ssh-askpass1.c -o gnome-ssh-askpass1 \
7 `gnome-config --libs gnome gnomeui`
8
9gnome-ssh-askpass2: gnome-ssh-askpass2.c
10 $(CC) `pkg-config --cflags gtk+-2.0` \
11 gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \
12 `pkg-config --libs gtk+-2.0`
13
14clean:
15 rm -f *.o gnome-ssh-askpass1 gnome-ssh-askpass2 gnome-ssh-askpass
diff --git a/contrib/README b/contrib/README
index 648bb2f3a..67dbbd277 100644
--- a/contrib/README
+++ b/contrib/README
@@ -1,30 +1,39 @@
1Other patches and addons for OpenSSH. Please send submissions to 1Other patches and addons for OpenSSH. Please send submissions to
2djm@ibs.com.au 2djm@mindrot.org
3 3
4Elsewhere 4Externally maintained
5--------- 5---------------------
6 6
7http://www.imasy.or.jp/~gotoh/connect.c is a Unix and Windows 7SSH Proxy Command -- connect.c
8ProxyCommand which allows OpenSSH to make connections through a SOCKS5
9or http proxy which supports the CONNECT method (eg. Squid).
10 8
11In this directory 9Shun-ichi GOTO <gotoh@imasy.or.jp> has written a very useful ProxyCommand
12----------------- 10which allows the use of outbound SSH from behind a SOCKS4, SOCKS5 or
11https CONNECT style proxy server. His page for connect.c has extensive
12documentation on its use as well as compiled versions for Win32.
13 13
14chroot.diff: 14http://www.taiyo.co.jp/~gotoh/ssh/connect.html
15 15
16Due to the fact the patch is never in sync with the rest of the tree. It was 16
17removed. 17X11 SSH Askpass:
18
19Jim Knoble <jmknoble@pobox.com> has written an excellent X11
20passphrase requester. This is highly recommended:
21
22http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/index.html
23
24
25In this directory
26-----------------
18 27
19ssh-copy-id: 28ssh-copy-id:
20 29
21Phil Hands' <phil@hands.com> shell script to automate the process of adding 30Phil Hands' <phil@hands.com> shell script to automate the process of adding
22your public key to a remote machine's ~/.ssh/authorized_keys file. 31your public key to a remote machine's ~/.ssh/authorized_keys file.
23 32
24gnome-ssh-askpass: 33gnome-ssh-askpass[12]:
25 34
26A GNOME passphrase requester of my own creation. Compilation instructions 35A GNOME and Gtk2 passphrase requesters. Use "make gnome-ssh-askpass1" or
27are in the top of the file. 36"make gnome-ssh-askpass2" to build.
28 37
29sshd.pam.generic: 38sshd.pam.generic:
30 39
@@ -43,19 +52,9 @@ Contributed by Mark D. Roth <roth@feep.net>
43 52
44redhat: 53redhat:
45 54
46RPM spec file an scripts for building Redhat packages 55RPM spec file and scripts for building Redhat packages
47 56
48suse: 57suse:
49 58
50RPM spec file an scripts for building SuSE packages 59RPM spec file and scripts for building SuSE packages
51
52
53Externally maintained
54---------------------
55
56X11 SSH Askpass:
57
58Jim Knoble <jmknoble@pobox.com> has written an excellent X11
59passphrase requester. This is highly recommended:
60 60
61http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/index.html
diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh
index d531e53f4..5c09c6b75 100755
--- a/contrib/aix/buildbff.sh
+++ b/contrib/aix/buildbff.sh
@@ -18,6 +18,16 @@ X11_FORWARDING=no
18 18
19umask 022 19umask 022
20 20
21startdir=`pwd`
22
23# Path to inventory.sh: same place as buildbff.sh
24if echo $0 | egrep '^/'
25then
26 inventory=`dirname $0`/inventory.sh # absolute path
27else
28 inventory=`pwd`/`dirname $0`/inventory.sh # relative path
29fi
30
21# 31#
22# We still support running from contrib/aix, but this is depreciated 32# We still support running from contrib/aix, but this is depreciated
23# 33#
@@ -45,14 +55,6 @@ objdir=`pwd`
45PKGNAME=openssh 55PKGNAME=openssh
46PKGDIR=package 56PKGDIR=package
47 57
48# Path to inventory.sh: same place as buildbff.sh
49if echo $0 | egrep '^/'
50then
51 inventory=`dirname $0`/inventory.sh # absolute path
52else
53 inventory=`pwd`/`dirname $0`/inventory.sh # relative path
54fi
55
56# 58#
57# Collect local configuration settings to override defaults 59# Collect local configuration settings to override defaults
58# 60#
@@ -328,15 +330,10 @@ rm -f $PKGNAME-$VERSION.bff
328) | backup -i -q -f ../$PKGNAME-$VERSION.bff $filelist 330) | backup -i -q -f ../$PKGNAME-$VERSION.bff $filelist
329 331
330# 332#
331# Move package into final location 333# Move package into final location and clean up
332# 334#
333if [ "$contribaix" = "1" ] 335mv ../$PKGNAME-$VERSION.bff $startdir
334then 336cd $startdir
335 mv ../$PKGNAME-$VERSION.bff $objdir/contrib/aix
336else
337 mv ../$PKGNAME-$VERSION.bff $objdir
338fi
339
340rm -rf $objdir/$PKGDIR 337rm -rf $objdir/$PKGDIR
341 338
342echo $0: done. 339echo $0: done.
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec
index e7473947e..b7de22e8b 100644
--- a/contrib/caldera/openssh.spec
+++ b/contrib/caldera/openssh.spec
@@ -17,7 +17,7 @@
17#old cvs stuff. please update before use. may be deprecated. 17#old cvs stuff. please update before use. may be deprecated.
18%define use_stable 1 18%define use_stable 1
19%if %{use_stable} 19%if %{use_stable}
20 %define version 3.4p1 20 %define version 3.5p1
21 %define cvs %{nil} 21 %define cvs %{nil}
22 %define release 2 22 %define release 2
23%else 23%else
@@ -181,8 +181,6 @@ CFLAGS="$RPM_OPT_FLAGS" \
181 --with-pam \ 181 --with-pam \
182 --with-tcp-wrappers \ 182 --with-tcp-wrappers \
183 --with-ipv4-default \ 183 --with-ipv4-default \
184 --sysconfdir=%{_sysconfdir}/ssh \
185 --libexecdir=%{_libexecdir}/openssh \
186 --with-privsep-path=%{_var}/empty/sshd \ 184 --with-privsep-path=%{_var}/empty/sshd \
187 #leave this line for easy edits. 185 #leave this line for easy edits.
188 186
@@ -355,4 +353,4 @@ fi
355* Mon Jan 01 1998 ... 353* Mon Jan 01 1998 ...
356Template Version: 1.31 354Template Version: 1.31
357 355
358$Id: openssh.spec,v 1.36 2002/06/26 13:57:13 djm Exp $ 356$Id: openssh.spec,v 1.38 2002/10/03 01:56:59 djm Exp $
diff --git a/contrib/cygwin/README b/contrib/cygwin/README
index 9021ba2b0..71ea3455f 100644
--- a/contrib/cygwin/README
+++ b/contrib/cygwin/README
@@ -1,6 +1,30 @@
1This package is the actual port of OpenSSH to Cygwin 1.3. 1This package is the actual port of OpenSSH to Cygwin 1.3.
2 2
3=========================================================================== 3===========================================================================
4Important change since 3.4p1-2:
5
6This version adds privilege separation as default setting, see
7/usr/doc/openssh/README.privsep. According to that document the
8privsep feature requires a non-privileged account called 'sshd'.
9
10The new ssh-host-config file which is part of this version asks
11to create 'sshd' as local user if you want to use privilege
12separation. If you confirm, it creates that NT user and adds
13the necessary entry to /etc/passwd.
14
15On 9x/Me systems the script just sets UsePrivilegeSeparation to "no"
16since that feature doesn't make any sense on a system which doesn't
17differ between privileged and unprivileged users.
18
19The new ssh-host-config script also adds the /var/empty directory
20needed by privilege separation. When creating the /var/empty directory
21by yourself, please note that in contrast to the README.privsep document
22the owner sshould not be "root" but the user which is running sshd. So,
23in the standard configuration this is SYSTEM. The ssh-host-config script
24chowns /var/empty accordingly.
25===========================================================================
26
27===========================================================================
4Important change since 3.0.1p1-2: 28Important change since 3.0.1p1-2:
5 29
6This version introduces the ability to register sshd as service on 30This version introduces the ability to register sshd as service on
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config
index da6011267..4df5aa969 100644
--- a/contrib/cygwin/ssh-host-config
+++ b/contrib/cygwin/ssh-host-config
@@ -18,6 +18,11 @@ progname=$0
18auto_answer="" 18auto_answer=""
19port_number=22 19port_number=22
20 20
21privsep_configured=no
22privsep_used=yes
23sshd_in_passwd=no
24sshd_in_sam=no
25
21request() 26request()
22{ 27{
23 if [ "${auto_answer}" = "yes" ] 28 if [ "${auto_answer}" = "yes" ]
@@ -90,6 +95,10 @@ do
90 esac 95 esac
91done 96done
92 97
98# Check if running on NT
99_sys="`uname -a`"
100_nt=`expr "$_sys" : "CYGWIN_NT"`
101
93# Check for running ssh/sshd processes first. Refuse to do anything while 102# Check for running ssh/sshd processes first. Refuse to do anything while
94# some ssh processes are still running 103# some ssh processes are still running
95 104
@@ -98,7 +107,7 @@ then
98 echo 107 echo
99 echo "There are still ssh processes running. Please shut them down first." 108 echo "There are still ssh processes running. Please shut them down first."
100 echo 109 echo
101 #exit 1 110 exit 1
102fi 111fi
103 112
104# Check for ${SYSCONFDIR} directory 113# Check for ${SYSCONFDIR} directory
@@ -126,6 +135,39 @@ then
126 fi 135 fi
127fi 136fi
128 137
138# Create /var/log and /var/log/lastlog if not already existing
139
140if [ -f /var/log ]
141then
142 echo "Creating /var/log failed\!"
143else
144 if [ ! -d /var/log ]
145 then
146 mkdir -p /var/log
147 fi
148 if [ -d /var/log/lastlog ]
149 then
150 echo "Creating /var/log/lastlog failed\!"
151 elif [ ! -f /var/log/lastlog ]
152 then
153 cat /dev/null > /var/log/lastlog
154 fi
155fi
156
157# Create /var/empty file used as chroot jail for privilege separation
158if [ -f /var/empty ]
159then
160 echo "Creating /var/empty failed\!"
161else
162 mkdir -p /var/empty
163 # On NT change ownership of that dir to user "system"
164 if [ $_nt -gt 0 ]
165 then
166 chmod 755 /var/empty
167 chown system.system /var/empty
168 fi
169fi
170
129# Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't 171# Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't
130# the same as ${PREFIX} 172# the same as ${PREFIX}
131 173
@@ -219,9 +261,10 @@ if [ ! -f "${SYSCONFDIR}/ssh_config" ]
219then 261then
220 echo "Generating ${SYSCONFDIR}/ssh_config file" 262 echo "Generating ${SYSCONFDIR}/ssh_config file"
221 cat > ${SYSCONFDIR}/ssh_config << EOF 263 cat > ${SYSCONFDIR}/ssh_config << EOF
222# This is ssh client systemwide configuration file. This file provides 264# This is the ssh client system-wide configuration file. See
223# defaults for users, and the values can be changed in per-user configuration 265# ssh_config(5) for more information. This file provides defaults for
224# files or on the command line. 266# users, and the values can be changed in per-user configuration files
267# or on the command line.
225 268
226# Configuration data is parsed as follows: 269# Configuration data is parsed as follows:
227# 1. command line options 270# 1. command line options
@@ -237,20 +280,19 @@ then
237# ForwardAgent no 280# ForwardAgent no
238# ForwardX11 no 281# ForwardX11 no
239# RhostsAuthentication no 282# RhostsAuthentication no
240# RhostsRSAAuthentication yes 283# RhostsRSAAuthentication no
241# RSAAuthentication yes 284# RSAAuthentication yes
242# PasswordAuthentication yes 285# PasswordAuthentication yes
243# FallBackToRsh no
244# UseRsh no
245# BatchMode no 286# BatchMode no
246# CheckHostIP yes 287# CheckHostIP yes
247# StrictHostKeyChecking yes 288# StrictHostKeyChecking ask
248# IdentityFile ~/.ssh/identity 289# IdentityFile ~/.ssh/identity
249# IdentityFile ~/.ssh/id_dsa 290# IdentityFile ~/.ssh/id_dsa
250# IdentityFile ~/.ssh/id_rsa 291# IdentityFile ~/.ssh/id_rsa
251# Port 22 292# Port 22
252# Protocol 2,1 293# Protocol 2,1
253# Cipher blowfish 294# Cipher 3des
295# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
254# EscapeChar ~ 296# EscapeChar ~
255EOF 297EOF
256 if [ "$port_number" != "22" ] 298 if [ "$port_number" != "22" ]
@@ -271,17 +313,75 @@ then
271 then 313 then
272 echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected." 314 echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected."
273 fi 315 fi
316 else
317 grep -q UsePrivilegeSeparation ${SYSCONFDIR}/sshd_config && privsep_configured=yes
274 fi 318 fi
275fi 319fi
276 320
277# Create default sshd_config from here script 321# Prior to creating or modifying sshd_config, care for privilege separation
322
323if [ "$privsep_configured" != "yes" ]
324then
325 if [ $_nt -gt 0 ]
326 then
327 echo "Privilege separation is set to yes by default since OpenSSH 3.3."
328 echo "However, this requires a non-privileged account called 'sshd'."
329 echo "For more info on privilege separation read /usr/doc/openssh/README.privsep."
330 echo
331 if request "Shall privilege separation be used?"
332 then
333 privsep_used=yes
334 grep -q '^sshd:' ${SYSCONFDIR}/passwd && sshd_in_passwd=yes
335 net user sshd >/dev/null 2>&1 && sshd_in_sam=yes
336 if [ "$sshd_in_passwd" != "yes" ]
337 then
338 if [ "$sshd_in_sam" != "yes" ]
339 then
340 echo "Warning: The following function requires administrator privileges!"
341 if request "Shall this script create a local user 'sshd' on this machine?"
342 then
343 dos_var_empty=`cygpath -w /var/empty`
344 net user sshd /add /fullname:"sshd privsep" "/homedir:$dos_var_empty" /active:no > /dev/null 2>&1 && sshd_in_sam=yes
345 if [ "$sshd_in_sam" != "yes" ]
346 then
347 echo "Warning: Creating the user 'sshd' failed!"
348 fi
349 fi
350 fi
351 if [ "$sshd_in_sam" != "yes" ]
352 then
353 echo "Warning: Can't create user 'sshd' in ${SYSCONFDIR}/passwd!"
354 echo " Privilege separation set to 'no' again!"
355 echo " Check your ${SYSCONFDIR}/sshd_config file!"
356 privsep_used=no
357 else
358 mkpasswd -l -u sshd | sed -e 's/bash$/false/' >> ${SYSCONFDIR}/passwd
359 fi
360 fi
361 else
362 privsep_used=no
363 fi
364 else
365 # On 9x don't use privilege separation. Since security isn't
366 # available it just adds useless addtional processes.
367 privsep_used=no
368 fi
369fi
370
371# Create default sshd_config from here script or modify to add the
372# missing privsep configuration option
278 373
279if [ ! -f "${SYSCONFDIR}/sshd_config" ] 374if [ ! -f "${SYSCONFDIR}/sshd_config" ]
280then 375then
281 echo "Generating ${SYSCONFDIR}/sshd_config file" 376 echo "Generating ${SYSCONFDIR}/sshd_config file"
282 cat > ${SYSCONFDIR}/sshd_config << EOF 377 cat > ${SYSCONFDIR}/sshd_config << EOF
283# This is the sshd server system-wide configuration file. See sshd(8) 378# This is the sshd server system-wide configuration file. See
284# for more information. 379# sshd_config(5) for more information.
380
381# The strategy used for options in the default sshd_config shipped with
382# OpenSSH is to specify options with their default value where
383# possible, but leave them commented. Uncommented options change a
384# default value.
285 385
286Port $port_number 386Port $port_number
287#Protocol 2,1 387#Protocol 2,1
@@ -289,66 +389,77 @@ Port $port_number
289#ListenAddress :: 389#ListenAddress ::
290 390
291# HostKey for protocol version 1 391# HostKey for protocol version 1
292HostKey /etc/ssh_host_key 392#HostKey ${SYSCONFDIR}/ssh_host_key
293# HostKeys for protocol version 2 393# HostKeys for protocol version 2
294HostKey /etc/ssh_host_rsa_key 394#HostKey ${SYSCONFDIR}/ssh_host_rsa_key
295HostKey /etc/ssh_host_dsa_key 395#HostKey ${SYSCONFDIR}/ssh_host_dsa_key
296 396
297# Lifetime and size of ephemeral version 1 server ke 397# Lifetime and size of ephemeral version 1 server ke
298KeyRegenerationInterval 3600 398#KeyRegenerationInterval 3600
299ServerKeyBits 768 399#ServerKeyBits 768
300 400
301# Logging 401# Logging
302SyslogFacility AUTH
303LogLevel INFO
304#obsoletes QuietMode and FascistLogging 402#obsoletes QuietMode and FascistLogging
403#SyslogFacility AUTH
404#LogLevel INFO
305 405
306# Authentication: 406# Authentication:
307 407
308LoginGraceTime 600 408#LoginGraceTime 600
309PermitRootLogin yes 409#PermitRootLogin yes
310# The following setting overrides permission checks on host key files 410# The following setting overrides permission checks on host key files
311# and directories. For security reasons set this to "yes" when running 411# and directories. For security reasons set this to "yes" when running
312# NT/W2K, NTFS and CYGWIN=ntsec. 412# NT/W2K, NTFS and CYGWIN=ntsec.
313StrictModes no 413StrictModes no
314 414
315RSAAuthentication yes 415#RSAAuthentication yes
316PubkeyAuthentication yes 416#PubkeyAuthentication yes
317#AuthorizedKeysFile %h/.ssh/authorized_keys 417#AuthorizedKeysFile %h/.ssh/authorized_keys
318 418
319# rhosts authentication should not be used 419# rhosts authentication should not be used
320RhostsAuthentication no 420#RhostsAuthentication no
321# Don't read ~/.rhosts and ~/.shosts files 421# Don't read ~/.rhosts and ~/.shosts files
322IgnoreRhosts yes 422#IgnoreRhosts yes
323# For this to work you will also need host keys in /etc/ssh_known_hosts 423# For this to work you will also need host keys in ${SYSCONFDIR}/ssh_known_hosts
324RhostsRSAAuthentication no 424#RhostsRSAAuthentication no
325# similar for protocol version 2 425# similar for protocol version 2
326HostbasedAuthentication no 426#HostbasedAuthentication no
327# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication 427# Change to yes if you don't trust ~/.ssh/known_hosts for
328#IgnoreUserKnownHosts yes 428# RhostsRSAAuthentication and HostbasedAuthentication
429#IgnoreUserKnownHosts no
329 430
330# To disable tunneled clear text passwords, change to no here! 431# To disable tunneled clear text passwords, change to no here!
331PasswordAuthentication yes 432#PasswordAuthentication yes
332PermitEmptyPasswords no 433#PermitEmptyPasswords no
333 434
334X11Forwarding no 435# Change to no to disable s/key passwords
335X11DisplayOffset 10 436#ChallengeResponseAuthentication yes
336PrintMotd yes 437
337#PrintLastLog no 438#X11Forwarding no
338KeepAlive yes 439#X11DisplayOffset 10
440#X11UseLocalhost yes
441#PrintMotd yes
442#PrintLastLog yes
443#KeepAlive yes
339#UseLogin no 444#UseLogin no
445UsePrivilegeSeparation $privsep_used
446#Compression yes
340 447
341#MaxStartups 10:30:60 448#MaxStartups 10
342#Banner /etc/issue.net 449# no default banner path
343#ReverseMappingCheck yes 450#Banner /some/path
451#VerifyReverseMapping no
344 452
453# override default of no subsystems
345Subsystem sftp /usr/sbin/sftp-server 454Subsystem sftp /usr/sbin/sftp-server
346EOF 455EOF
456elif [ "$privsep_configured" != "yes" ]
457then
458 echo >> ${SYSCONFDIR}/sshd_config
459 echo "UsePrivilegeSeparation $privsep_used" >> ${SYSCONFDIR}/sshd_config
347fi 460fi
348 461
349# Care for services file 462# Care for services file
350_sys="`uname -a`"
351_nt=`expr "$_sys" : "CYGWIN_NT"`
352if [ $_nt -gt 0 ] 463if [ $_nt -gt 0 ]
353then 464then
354 _wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services" 465 _wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services"
@@ -403,8 +514,8 @@ umount "${_services}"
403umount "${_serv_tmp}" 514umount "${_serv_tmp}"
404 515
405# Care for inetd.conf file 516# Care for inetd.conf file
406_inetcnf="/etc/inetd.conf" 517_inetcnf="${SYSCONFDIR}/inetd.conf"
407_inetcnf_tmp="/etc/inetd.conf.$$" 518_inetcnf_tmp="${SYSCONFDIR}/inetd.conf.$$"
408 519
409if [ -f "${_inetcnf}" ] 520if [ -f "${_inetcnf}" ]
410then 521then
@@ -442,25 +553,6 @@ then
442 fi 553 fi
443fi 554fi
444 555
445# Create /var/log and /var/log/lastlog if not already existing
446
447if [ -f /var/log ]
448then
449 echo "Creating /var/log failed\!"
450else
451 if [ ! -d /var/log ]
452 then
453 mkdir /var/log
454 fi
455 if [ -d /var/log/lastlog ]
456 then
457 echo "Creating /var/log/lastlog failed\!"
458 elif [ ! -f /var/log/lastlog ]
459 then
460 cat /dev/null > /var/log/lastlog
461 fi
462fi
463
464# On NT ask if sshd should be installed as service 556# On NT ask if sshd should be installed as service
465if [ $_nt -gt 0 ] 557if [ $_nt -gt 0 ]
466then 558then
@@ -477,7 +569,7 @@ then
477 [ -z "${_cygwin}" ] && _cygwin="binmode ntsec tty" 569 [ -z "${_cygwin}" ] && _cygwin="binmode ntsec tty"
478 if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}" 570 if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}"
479 then 571 then
480 chown system /etc/ssh* 572 chown system ${SYSCONFDIR}/ssh*
481 echo 573 echo
482 echo "The service has been installed under LocalSystem account." 574 echo "The service has been installed under LocalSystem account."
483 fi 575 fi
diff --git a/contrib/gnome-ssh-askpass.c b/contrib/gnome-ssh-askpass1.c
index 7cece5620..b6b342b84 100644
--- a/contrib/gnome-ssh-askpass.c
+++ b/contrib/gnome-ssh-askpass1.c
@@ -38,7 +38,7 @@
38 * Compile with: 38 * Compile with:
39 * 39 *
40 * cc `gnome-config --cflags gnome gnomeui` \ 40 * cc `gnome-config --cflags gnome gnomeui` \
41 * gnome-ssh-askpass.c -o gnome-ssh-askpass \ 41 * gnome-ssh-askpass1.c -o gnome-ssh-askpass \
42 * `gnome-config --libs gnome gnomeui` 42 * `gnome-config --libs gnome gnomeui`
43 * 43 *
44 */ 44 */
@@ -64,7 +64,7 @@ report_failed_grab (void)
64 gnome_dialog_run_and_close(GNOME_DIALOG(err)); 64 gnome_dialog_run_and_close(GNOME_DIALOG(err));
65} 65}
66 66
67void 67int
68passphrase_dialog(char *message) 68passphrase_dialog(char *message)
69{ 69{
70 char *passphrase; 70 char *passphrase;
@@ -135,7 +135,7 @@ passphrase_dialog(char *message)
135 gtk_entry_set_text(GTK_ENTRY(entry), passphrase); 135 gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
136 136
137 gnome_dialog_close(GNOME_DIALOG(dialog)); 137 gnome_dialog_close(GNOME_DIALOG(dialog));
138 return; 138 return (result == 0 ? 0 : -1);
139 139
140 /* At least one grab failed - ungrab what we got, and report 140 /* At least one grab failed - ungrab what we got, and report
141 the failure to the user. Note that XGrabServer() cannot 141 the failure to the user. Note that XGrabServer() cannot
@@ -148,13 +148,15 @@ passphrase_dialog(char *message)
148 gnome_dialog_close(GNOME_DIALOG(dialog)); 148 gnome_dialog_close(GNOME_DIALOG(dialog));
149 149
150 report_failed_grab(); 150 report_failed_grab();
151 return (-1);
151} 152}
152 153
153int 154int
154main(int argc, char **argv) 155main(int argc, char **argv)
155{ 156{
156 char *message; 157 char *message;
157 158 int result;
159
158 gnome_init("GNOME ssh-askpass", "0.1", argc, argv); 160 gnome_init("GNOME ssh-askpass", "0.1", argc, argv);
159 161
160 if (argc == 2) 162 if (argc == 2)
@@ -163,6 +165,7 @@ main(int argc, char **argv)
163 message = "Enter your OpenSSH passphrase:"; 165 message = "Enter your OpenSSH passphrase:";
164 166
165 setvbuf(stdout, 0, _IONBF, 0); 167 setvbuf(stdout, 0, _IONBF, 0);
166 passphrase_dialog(message); 168 result = passphrase_dialog(message);
167 return 0; 169
170 return (result);
168} 171}
diff --git a/contrib/gnome-ssh-askpass2.c b/contrib/gnome-ssh-askpass2.c
new file mode 100644
index 000000000..89a412aa8
--- /dev/null
+++ b/contrib/gnome-ssh-askpass2.c
@@ -0,0 +1,204 @@
1/*
2 * Copyright (c) 2000-2002 Damien Miller. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */
24
25/* GTK2 support by Nalin Dahyabhai <nalin@redhat.com> */
26
27/*
28 * This is a simple GNOME SSH passphrase grabber. To use it, set the
29 * environment variable SSH_ASKPASS to point to the location of
30 * gnome-ssh-askpass before calling "ssh-add < /dev/null".
31 *
32 * There is only two run-time options: if you set the environment variable
33 * "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab
34 * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the
35 * pointer will be grabbed too. These may have some benefit to security if
36 * you don't trust your X server. We grab the keyboard always.
37 */
38
39/*
40 * Compile with:
41 *
42 * cc `pkg-config --cflags gtk+-2.0` \
43 * gnome-ssh-askpass2.c -o gnome-ssh-askpass \
44 * `pkg-config --libs gtk+-2.0`
45 *
46 */
47
48#include <stdlib.h>
49#include <stdio.h>
50#include <string.h>
51#include <X11/Xlib.h>
52#include <gtk/gtk.h>
53#include <gdk/gdkx.h>
54
55static void
56report_failed_grab (const char *what)
57{
58 GtkWidget *err;
59
60 err = gtk_message_dialog_new(NULL, 0,
61 GTK_MESSAGE_ERROR,
62 GTK_BUTTONS_CLOSE,
63 "Could not grab %s. "
64 "A malicious client may be eavesdropping "
65 "on your session.", what);
66 gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER);
67 gtk_label_set_line_wrap(GTK_LABEL((GTK_MESSAGE_DIALOG(err))->label),
68 TRUE);
69
70 gtk_dialog_run(GTK_DIALOG(err));
71
72 gtk_widget_destroy(err);
73}
74
75static void
76ok_dialog(GtkWidget *entry, gpointer dialog)
77{
78 g_return_if_fail(GTK_IS_DIALOG(dialog));
79 gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
80}
81
82static int
83passphrase_dialog(char *message)
84{
85 const char *failed;
86 char *passphrase, *local;
87 char **messages;
88 int result, i, grab_server, grab_pointer;
89 GtkWidget *dialog, *entry, *label;
90 GdkGrabStatus status;
91
92 grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
93 grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL);
94
95 dialog = gtk_message_dialog_new(NULL, 0,
96 GTK_MESSAGE_QUESTION,
97 GTK_BUTTONS_OK_CANCEL,
98 "%s",
99 message);
100
101 entry = gtk_entry_new();
102 gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), entry, FALSE,
103 FALSE, 0);
104 gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
105 gtk_widget_grab_focus(entry);
106 gtk_widget_show(entry);
107
108 gtk_window_set_title(GTK_WINDOW(dialog), "OpenSSH");
109 gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
110 gtk_label_set_line_wrap(GTK_LABEL((GTK_MESSAGE_DIALOG(dialog))->label),
111 TRUE);
112
113 /* Make <enter> close dialog */
114 gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
115 g_signal_connect(G_OBJECT(entry), "activate",
116 G_CALLBACK(ok_dialog), dialog);
117
118 /* Grab focus */
119 gtk_widget_show_now(dialog);
120 if (grab_server) {
121 gdk_x11_grab_server();
122 }
123 if (grab_pointer) {
124 status = gdk_pointer_grab((GTK_WIDGET(dialog))->window, TRUE,
125 0, NULL, NULL, GDK_CURRENT_TIME);
126 if (status != GDK_GRAB_SUCCESS) {
127 failed = "mouse";
128 goto nograb;
129 }
130 }
131 status = gdk_keyboard_grab((GTK_WIDGET(dialog))->window, FALSE,
132 GDK_CURRENT_TIME);
133 if (status != GDK_GRAB_SUCCESS) {
134 failed = "keyboard";
135 goto nograbkb;
136 }
137 result = gtk_dialog_run(GTK_DIALOG(dialog));
138
139 /* Ungrab */
140 if (grab_server)
141 XUngrabServer(GDK_DISPLAY());
142 if (grab_pointer)
143 gdk_pointer_ungrab(GDK_CURRENT_TIME);
144 gdk_keyboard_ungrab(GDK_CURRENT_TIME);
145 gdk_flush();
146
147 /* Report passphrase if user selected OK */
148 passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry)));
149 if (result == GTK_RESPONSE_OK) {
150 local = g_locale_from_utf8(passphrase, strlen(passphrase),
151 NULL, NULL, NULL);
152 if (local != NULL) {
153 puts(local);
154 memset(local, '\0', strlen(local));
155 g_free(local);
156 } else {
157 puts(passphrase);
158 }
159 }
160
161 /* Zero passphrase in memory */
162 memset(passphrase, '\b', strlen(passphrase));
163 gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
164 memset(passphrase, '\0', strlen(passphrase));
165 g_free(passphrase);
166
167 gtk_widget_destroy(dialog);
168 return (result == GTK_RESPONSE_OK ? 0 : -1);
169
170 /* At least one grab failed - ungrab what we got, and report
171 the failure to the user. Note that XGrabServer() cannot
172 fail. */
173 nograbkb:
174 gdk_pointer_ungrab(GDK_CURRENT_TIME);
175 nograb:
176 if (grab_server)
177 XUngrabServer(GDK_DISPLAY());
178 gtk_widget_destroy(dialog);
179
180 report_failed_grab(failed);
181
182 return (-1);
183}
184
185int
186main(int argc, char **argv)
187{
188 char *message;
189 int result;
190
191 gtk_init(&argc, &argv);
192
193 if (argc > 1) {
194 message = g_strjoinv(" ", argv + 1);
195 } else {
196 message = g_strdup("Enter your OpenSSH passphrase:");
197 }
198
199 setvbuf(stdout, 0, _IONBF, 0);
200 result = passphrase_dialog(message);
201 g_free(message);
202
203 return (result);
204}
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index b73fb929f..e7005064d 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
1%define ver 3.4p1 1%define ver 3.5p1
2%define rel 1 2%define rel 1
3 3
4# OpenSSH privilege separation requires a user & group ID 4# OpenSSH privilege separation requires a user & group ID
@@ -20,6 +20,9 @@
20# Do we want smartcard support (1=yes 0=no) 20# Do we want smartcard support (1=yes 0=no)
21%define scard 0 21%define scard 0
22 22
23# Use GTK2 instead of GNOME in gnome-ssh-askpass
24%define gtk2 0
25
23# Is this build for RHL 6.x? 26# Is this build for RHL 6.x?
24%define build6x 0 27%define build6x 0
25 28
@@ -86,7 +89,7 @@ PreReq: initscripts >= 5.20
86%endif 89%endif
87BuildPreReq: perl, openssl-devel, sharutils, tcp_wrappers 90BuildPreReq: perl, openssl-devel, sharutils, tcp_wrappers
88BuildPreReq: /bin/login 91BuildPreReq: /bin/login
89%if %{build6x} 92%if ! %{build6x}
90BuildPreReq: glibc-devel, pam 93BuildPreReq: glibc-devel, pam
91%else 94%else
92BuildPreReq: db1-devel, /usr/include/security/pam_appl.h 95BuildPreReq: db1-devel, /usr/include/security/pam_appl.h
@@ -95,7 +98,7 @@ BuildPreReq: db1-devel, /usr/include/security/pam_appl.h
95BuildPreReq: XFree86-devel 98BuildPreReq: XFree86-devel
96%endif 99%endif
97%if ! %{no_gnome_askpass} 100%if ! %{no_gnome_askpass}
98BuildPreReq: gnome-libs-devel 101BuildPreReq: pkgconfig
99%endif 102%endif
100%if %{kerberos5} 103%if %{kerberos5}
101BuildPreReq: krb5-devel 104BuildPreReq: krb5-devel
@@ -220,11 +223,23 @@ make
220popd 223popd
221%endif 224%endif
222 225
226# Define a variable to toggle gnome1/gtk2 building. This is necessary
227# because RPM doesn't handle nested %if statements.
228%if %{gtk2}
229 gtk2=yes
230%else
231 gtk2=no
232%endif
233
223%if ! %{no_gnome_askpass} 234%if ! %{no_gnome_askpass}
224pushd contrib 235pushd contrib
225gcc $RPM_OPT_FLAGS `gnome-config --cflags gnome gnomeui` \ 236if [ $gtk2 = yes ] ; then
226 gnome-ssh-askpass.c -o gnome-ssh-askpass \ 237 make gnome-ssh-askpass2
227 `gnome-config --libs gnome gnomeui` 238 mv gnome-ssh-askpass2 gnome-ssh-askpass
239else
240 make gnome-ssh-askpass1
241 mv gnome-ssh-askpass1 gnome-ssh-askpass
242fi
228popd 243popd
229%endif 244%endif
230 245
@@ -255,6 +270,10 @@ ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass
255install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass 270install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
256%endif 271%endif
257 272
273%if ! %{scard}
274 rm -f $RPM_BUILD_ROOT/usr/share/openssh/Ssh.bin
275%endif
276
258install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ 277install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
259install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ 278install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
260install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ 279install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
@@ -338,7 +357,7 @@ fi
338%attr(-,root,root) %{_bindir}/slogin 357%attr(-,root,root) %{_bindir}/slogin
339%attr(-,root,root) %{_mandir}/man1/slogin.1* 358%attr(-,root,root) %{_mandir}/man1/slogin.1*
340%if ! %{rescue} 359%if ! %{rescue}
341%attr(0755,root,root) %{_bindir}/ssh-agent 360%attr(2755,root,nobody) %{_bindir}/ssh-agent
342%attr(0755,root,root) %{_bindir}/ssh-add 361%attr(0755,root,root) %{_bindir}/ssh-add
343%attr(0755,root,root) %{_bindir}/ssh-keyscan 362%attr(0755,root,root) %{_bindir}/ssh-keyscan
344%attr(0755,root,root) %{_bindir}/sftp 363%attr(0755,root,root) %{_bindir}/sftp
@@ -381,6 +400,12 @@ fi
381%endif 400%endif
382 401
383%changelog 402%changelog
403* Wed Oct 01 2002 Damien Miller <djm@mindrot.org>
404- Install ssh-agent setgid nobody to prevent ptrace() key theft attacks
405
406* Mon Sep 30 2002 Damien Miller <djm@mindrot.org>
407- Use contrib/ Makefile for building askpass programs
408
384* Fri Jun 21 2002 Damien Miller <djm@mindrot.org> 409* Fri Jun 21 2002 Damien Miller <djm@mindrot.org>
385- Merge in spec changes from seba@iq.pl (Sebastian Pachuta) 410- Merge in spec changes from seba@iq.pl (Sebastian Pachuta)
386- Add new {ssh,sshd}_config.5 manpages 411- Add new {ssh,sshd}_config.5 manpages
diff --git a/contrib/solaris/buildpkg.sh b/contrib/solaris/buildpkg.sh
index 1be6ed8d1..c41b3f963 100755
--- a/contrib/solaris/buildpkg.sh
+++ b/contrib/solaris/buildpkg.sh
@@ -11,13 +11,18 @@ umask 022
11# Options for building the package 11# Options for building the package
12# You can create a config.local with your customized options 12# You can create a config.local with your customized options
13# 13#
14# uncommenting TEST_DIR and using configure--prefix=/var/tmp and 14# uncommenting TEST_DIR and using
15# configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty
16# and
15# PKGNAME=tOpenSSH should allow testing a package without interfering 17# PKGNAME=tOpenSSH should allow testing a package without interfering
16# with a real OpenSSH package on a system. 18# with a real OpenSSH package on a system. This is not needed on systems
19# that support the -R option to pkgadd.
17#TEST_DIR=/var/tmp # leave commented out for production build 20#TEST_DIR=/var/tmp # leave commented out for production build
18PKGNAME=OpenSSH 21PKGNAME=OpenSSH
19SYSVINIT_NAME=opensshd 22SYSVINIT_NAME=opensshd
20MAKE=${MAKE:="make"} 23MAKE=${MAKE:="make"}
24SSHDUID=67 # Default privsep uid
25SSHDGID=67 # Default privsep gid
21# uncomment these next two as needed 26# uncomment these next two as needed
22#PERMIT_ROOT_LOGIN=no 27#PERMIT_ROOT_LOGIN=no
23#X11_FORWARDING=yes 28#X11_FORWARDING=yes
@@ -55,7 +60,7 @@ SYSTEM_DIR="/etc \
55/var/tmp \ 60/var/tmp \
56/tmp" 61/tmp"
57 62
58# We may need to buiild as root so we make sure PATH is set up 63# We may need to build as root so we make sure PATH is set up
59# only set the path if it's not set already 64# only set the path if it's not set already
60[ -d /usr/local/bin ] && { 65[ -d /usr/local/bin ] && {
61 echo $PATH | grep ":/usr/local/bin" > /dev/null 2>&1 66 echo $PATH | grep ":/usr/local/bin" > /dev/null 2>&1
@@ -96,6 +101,19 @@ do
96 eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2` 101 eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2`
97done 102done
98 103
104
105## Collect value of privsep user
106for confvar in SSH_PRIVSEP_USER
107do
108 eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h`
109done
110
111## Set privsep defaults if not defined
112if [ -z "$SSH_PRIVSEP_USER" ]
113then
114 SSH_PRIVSEP_USER=sshd
115fi
116
99## Extract common info requires for the 'info' part of the package. 117## Extract common info requires for the 'info' part of the package.
100VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'` 118VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'`
101 119
@@ -106,7 +124,8 @@ case ${UNAME_S} in
106 RCS_D=yes 124 RCS_D=yes
107 DEF_MSG="(default: n)" 125 DEF_MSG="(default: n)"
108 ;; 126 ;;
109 *) ARCH=`uname -m` ;; 127 *) ARCH=`uname -m`
128 DEF_MSG="\n" ;;
110esac 129esac
111 130
112## Setup our run level stuff while we are at it. 131## Setup our run level stuff while we are at it.
@@ -171,13 +190,16 @@ echo "Building postinstall file..."
171cat > postinstall << _EOF 190cat > postinstall << _EOF
172#! /sbin/sh 191#! /sbin/sh
173# 192#
174[ -f ${sysconfdir}/ssh_config ] || \\ 193[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] || \\
175 cp -p ${sysconfdir}/ssh_config.default ${sysconfdir}/ssh_config 194 cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\
176[ -f ${sysconfdir}/sshd_config ] || \\ 195 \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config
177 cp -p ${sysconfdir}/sshd_config.default ${sysconfdir}/sshd_config 196[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ] || \\
178[ -f ${sysconfdir}/ssh_prng_cmds.default ] && { 197 cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\
179 [ -f ${sysconfdir}/ssh_prng_cmds ] || \\ 198 \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config
180 cp -p ${sysconfdir}/ssh_prng_cmds.default ${sysconfdir}/ssh_prng_cmds 199[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ] && {
200 [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ] || \\
201 cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\
202 \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds
181} 203}
182 204
183# make rc?.d dirs only if we are doing a test install 205# make rc?.d dirs only if we are doing a test install
@@ -191,23 +213,75 @@ cat > postinstall << _EOF
191if [ "\${USE_SYM_LINKS}" = yes ] 213if [ "\${USE_SYM_LINKS}" = yes ]
192then 214then
193 [ "$RCS_D" = yes ] && \ 215 [ "$RCS_D" = yes ] && \
194installf ${PKGNAME} $TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s 216installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
195 installf ${PKGNAME} $TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s 217 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
196 installf ${PKGNAME} $TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s 218 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
197 installf ${PKGNAME} $TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s 219 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
198else 220else
199 [ "$RCS_D" = yes ] && \ 221 [ "$RCS_D" = yes ] && \
200installf ${PKGNAME} $TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l 222installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
201 installf ${PKGNAME} $TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l 223 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
202 installf ${PKGNAME} $TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l 224 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
203 installf ${PKGNAME} $TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l 225 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
204fi 226fi
205 227
206# If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh) 228# If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh)
207[ -d $piddir ] || installf ${PKGNAME} $TEST_DIR$piddir d 755 root sys 229[ -d $piddir ] || installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR$piddir d 755 root sys
208 230
209installf -f ${PKGNAME} 231installf -f ${PKGNAME}
210 232
233# Use chroot to handle PKG_INSTALL_ROOT
234if [ ! -z "\${PKG_INSTALL_ROOT}" ]
235then
236 chroot="chroot \${PKG_INSTALL_ROOT}"
237fi
238# If this is a test build, we will skip the groupadd/useradd/passwd commands
239if [ ! -z "${TEST_DIR}" ]
240then
241 chroot=echo
242fi
243
244if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null
245then
246 echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user"
247 echo "or group."
248else
249 echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
250
251 # create group if required
252 if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
253 then
254 echo "PrivSep group $SSH_PRIVSEP_USER already exists."
255 else
256 # Use gid of 67 if possible
257 if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null
258 then
259 :
260 else
261 sshdgid="-g $SSHDGID"
262 fi
263 echo "Creating PrivSep group $SSH_PRIVSEP_USER."
264 \$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER
265 fi
266
267 # Create user if required
268 if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
269 then
270 echo "PrivSep user $SSH_PRIVSEP_USER already exists."
271 else
272 # Use uid of 67 if possible
273 if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null
274 then
275 :
276 else
277 sshduid="-u $SSHDUID"
278 fi
279 echo "Creating PrivSep user $SSH_PRIVSEP_USER."
280 \$chroot /usr/sbin/useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER
281 \$chroot /usr/bin/passwd -l $SSH_PRIVSEP_USER
282 fi
283fi
284
211[ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start 285[ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
212exit 0 286exit 0
213_EOF 287_EOF
diff --git a/contrib/solaris/opensshd.in b/contrib/solaris/opensshd.in
index 212254dc8..e7ca2489f 100755
--- a/contrib/solaris/opensshd.in
+++ b/contrib/solaris/opensshd.in
@@ -3,11 +3,8 @@
3# 3#
4# Stripped PRNGd out of it for the time being. 4# Stripped PRNGd out of it for the time being.
5 5
6AWK=/usr/bin/awk
7CAT=/usr/bin/cat 6CAT=/usr/bin/cat
8KILL=/usr/bin/kill 7KILL=/usr/bin/kill
9PS=/usr/bin/ps
10XARGS=/usr/bin/xargs
11 8
12prefix=%%openSSHDir%% 9prefix=%%openSSHDir%%
13etcdir=%%configDir%% 10etcdir=%%configDir%%
@@ -20,12 +17,6 @@ HOST_KEY_RSA1=$etcdir/ssh_host_key
20HOST_KEY_DSA=$etcdir/ssh_host_dsa_key 17HOST_KEY_DSA=$etcdir/ssh_host_dsa_key
21HOST_KEY_RSA=$etcdir/ssh_host_rsa_key 18HOST_KEY_RSA=$etcdir/ssh_host_rsa_key
22 19
23killproc() {
24 _procname=$1
25 _signal=$2
26 ${PS} -u root | ${AWK} '/'"$_procname"'$/ {print $1}' | ${XARGS} ${KILL}
27}
28
29 20
30checkkeys() { 21checkkeys() {
31 if [ ! -f $HOST_KEY_RSA1 ]; then 22 if [ ! -f $HOST_KEY_RSA1 ]; then
@@ -46,8 +37,7 @@ stop_service() {
46 if [ ${PID:=0} -gt 1 -a ! "X$PID" = "X " ]; then 37 if [ ${PID:=0} -gt 1 -a ! "X$PID" = "X " ]; then
47 ${KILL} ${PID} 38 ${KILL} ${PID}
48 else 39 else
49 echo "Unable to read PID file, killing using alternate method" 40 echo "Unable to read PID file"
50 killproc sshd TERM
51 fi 41 fi
52} 42}
53 43
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index 126dac335..3ae1dfc80 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -1,6 +1,6 @@
1Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation 1Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
2Name: openssh 2Name: openssh
3Version: 3.4p1 3Version: 3.5p1
4URL: http://www.openssh.com/ 4URL: http://www.openssh.com/
5Release: 1 5Release: 1
6Source0: openssh-%{version}.tar.gz 6Source0: openssh-%{version}.tar.gz
diff --git a/debian/changelog b/debian/changelog
index e5651eb28..6a6a6eb0c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,33 @@
1openssh (1:3.5p1-1) unstable; urgency=low
2
3 * New upstream release.
4 - Fixes typo in ssh-add usage (closes: #152239).
5 - Fixes 'PermitRootLogin forced-commands-only' (closes: #166184).
6 - ~/.ssh/environment and environment= options in ~/.ssh/authorized_keys
7 are deprecated for security reasons and will eventually go away. For
8 now they can be re-enabled by setting 'PermitUserEnvironment yes' in
9 sshd_config.
10 - ssh-agent is installed setgid to prevent ptrace() attacks. The group
11 actually doesn't matter, as it drops privileges immediately, but to
12 avoid confusion the postinst creates a new 'ssh' group for it.
13 * Obsolete patches:
14 - Solar Designer's privsep+compression patch for Linux 2.2 (see
15 1:3.3p1-0.0woody1).
16 - Hostbased auth ssh-keysign backport (see 1:3.4p1-4).
17
18 * Remove duplicated phrase in ssh_config(5) (closes: #152404).
19 * Source the debconf confmodule at the top of the postrm rather than at
20 the bottom, to avoid making future non-idempotency problems worse (see
21 #151035).
22 * Debconf templates:
23 - Add Polish (thanks, Grzegorz Kusnierz).
24 - Update French (thanks, Denis Barbier; closes: #132509).
25 - Update Spanish (thanks, Carlos Valdivia Yagüe; closes: #164716).
26 * Write a man page for gnome-ssh-askpass, and link it to ssh-askpass.1 if
27 this is the selected ssh-askpass alternative (closes: #67775).
28
29 -- Colin Watson <cjwatson@debian.org> Sat, 26 Oct 2002 19:41:51 +0100
30
1openssh (1:3.4p1-4) unstable; urgency=low 31openssh (1:3.4p1-4) unstable; urgency=low
2 32
3 * Allow ssh-krb5 in ssh-askpass-gnome's dependencies (closes: #129532). 33 * Allow ssh-krb5 in ssh-askpass-gnome's dependencies (closes: #129532).
diff --git a/debian/gnome-ssh-askpass.1 b/debian/gnome-ssh-askpass.1
new file mode 100644
index 000000000..b74c410a8
--- /dev/null
+++ b/debian/gnome-ssh-askpass.1
@@ -0,0 +1,51 @@
1.TH GNOME-SSH-ASKPASS 1
2.SH NAME
3gnome\-ssh\-askpass \- prompts a user for a passphrase using GNOME
4.SH SYNOPSIS
5.B gnome\-ssh\-askpass
6.SH DESCRIPTION
7.B gnome\-ssh\-askpass
8is a GNOME-based passphrase dialog for use with OpenSSH.
9It is intended to be called by the
10.BR ssh\-add (1)
11program and not invoked directly.
12It allows
13.BR ssh\-add (1)
14to obtain a passphrase from a user, even if not connected to a terminal
15(assuming that an X display is available).
16This happens automatically in the case where
17.B ssh\-add
18is invoked from one's
19.B ~/.xsession
20or as one of the GNOME startup programs, for example.
21.PP
22In order to be called automatically by
23.BR ssh\-add ,
24.B gnome\-ssh\-askpass
25should be installed as
26.IR /usr/bin/ssh\-askpass .
27.SH "ENVIRONMENT VARIABLES"
28The following environment variables are recognized:
29.TP
30.I GNOME_SSH_ASKPASS_GRAB_SERVER
31Causes
32.B gnome\-ssh\-askpass
33to grab the X server before asking for a passphrase.
34.TP
35.I GNOME_SSH_ASKPASS_GRAB_POINTER
36Causes
37.B gnome\-ssh\-askpass
38to grab the mouse pointer using
39.IR gdk_pointer_grab ()
40before asking for a passphrase.
41.PP
42Regardless of whether either of these environment variables is set,
43.B gnome\-ssh\-askpass
44will grab the keyboard using
45.IR gdk_keyboard_grab ().
46.SH AUTHOR
47This manual page was written by Colin Watson <cjwatson@debian.org>
48for the Debian system (but may be used by others).
49It was based on that for
50.B x11\-ssh\-askpass
51by Philip Hands.
diff --git a/debian/postinst b/debian/postinst
index 10d61d86e..1b741c203 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -280,6 +280,18 @@ set_sshd_permissions() {
280} 280}
281 281
282 282
283set_ssh_agent_permissions() {
284 if ! getent group | grep -q '^ssh:'; then
285 addgroup --quiet ssh
286 fi
287 if ! [ -x /usr/sbin/dpkg-statoverride ] || \
288 ! dpkg-statoverride --list /usr/bin/ssh-agent >/dev/null ; then
289 chgrp ssh /usr/bin/ssh-agent
290 chmod 2755 /usr/bin/ssh-agent
291 fi
292}
293
294
283setup_startup() { 295setup_startup() {
284 start=yes 296 start=yes
285 [ -e /usr/share/debconf/confmodule ] && { 297 [ -e /usr/share/debconf/confmodule ] && {
@@ -311,6 +323,7 @@ fix_statoverride
311create_alternatives 323create_alternatives
312setup_sshd_user 324setup_sshd_user
313set_sshd_permissions 325set_sshd_permissions
326set_ssh_agent_permissions
314setup_startup 327setup_startup
315setup_init 328setup_init
316 329
diff --git a/debian/postrm b/debian/postrm
index bd0bbee38..c76f662df 100644
--- a/debian/postrm
+++ b/debian/postrm
@@ -1,5 +1,7 @@
1#!/bin/sh -e 1#!/bin/sh -e
2 2
3#DEBHELPER#
4
3if [ "$1" = "purge" ] 5if [ "$1" = "purge" ]
4then 6then
5 rm -rf /etc/ssh 7 rm -rf /etc/ssh
@@ -11,6 +13,7 @@ fi
11 13
12if [ "$1" = "purge" ] ; then 14if [ "$1" = "purge" ] ; then
13 deluser --quiet sshd > /dev/null || true 15 deluser --quiet sshd > /dev/null || true
16 delgroup --quiet ssh > /dev/null || true
14fi 17fi
15 18
16#DEBHELPER# 19exit 0
diff --git a/debian/rules b/debian/rules
index 7615c8708..fb60b2270 100755
--- a/debian/rules
+++ b/debian/rules
@@ -23,9 +23,7 @@ build-stamp:
23 --with-privsep-path=/var/run/sshd --without-rand-helper 23 --with-privsep-path=/var/run/sshd --without-rand-helper
24 $(MAKE) -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' CFLAGS='-O2 -g -Wall -DLOGIN_PROGRAM=\"/bin/login\" -DSSHD_PAM_SERVICE=\"ssh\" -D__FILE_OFFSET_BITS=64 -DHAVE_MMAP_ANON_SHARED' \ 24 $(MAKE) -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' CFLAGS='-O2 -g -Wall -DLOGIN_PROGRAM=\"/bin/login\" -DSSHD_PAM_SERVICE=\"ssh\" -D__FILE_OFFSET_BITS=64 -DHAVE_MMAP_ANON_SHARED' \
25 SSH_KEYSIGN='/usr/lib/ssh-keysign' 25 SSH_KEYSIGN='/usr/lib/ssh-keysign'
26 gcc -O2 `gnome-config --cflags gnome gnomeui` \ 26 $(MAKE) -C contrib gnome-ssh-askpass1 CC='gcc -O2'
27 contrib/gnome-ssh-askpass.c -o contrib/gnome-ssh-askpass \
28 `gnome-config --libs gnome gnomeui`
29 27
30 touch build-stamp 28 touch build-stamp
31 29
@@ -33,7 +31,8 @@ clean:
33 dh_testdir 31 dh_testdir
34 rm -f build-stamp 32 rm -f build-stamp
35 -$(MAKE) -i distclean 33 -$(MAKE) -i distclean
36 rm -f contrib/gnome-ssh-askpass config.log 34 -$(MAKE) -C contrib clean
35 rm -f config.log
37 if [ -f version.h.upstream ]; then mv version.h.upstream version.h; \ 36 if [ -f version.h.upstream ]; then mv version.h.upstream version.h; \
38 fi 37 fi
39 dh_clean 38 dh_clean
@@ -54,9 +53,10 @@ install: build
54 rm -f debian/tmp/usr/share/Ssh.bin 53 rm -f debian/tmp/usr/share/Ssh.bin
55 54
56 install -m 755 contrib/ssh-copy-id debian/tmp/usr/bin/ssh-copy-id 55 install -m 755 contrib/ssh-copy-id debian/tmp/usr/bin/ssh-copy-id
57 install -m644 -c contrib/ssh-copy-id.1 debian/tmp/usr/share/man/man1/ssh-copy-id.1 56 install -m 644 -c contrib/ssh-copy-id.1 debian/tmp/usr/share/man/man1/ssh-copy-id.1
57 install -m 644 debian/gnome-ssh-askpass.1 debian/tmp/usr/share/man/man1/gnome-ssh-askpass.1
58 58
59 install -s -o root -g root -m 755 contrib/gnome-ssh-askpass debian/ssh-askpass-gnome/usr/lib/ssh/gnome-ssh-askpass 59 install -s -o root -g root -m 755 contrib/gnome-ssh-askpass1 debian/ssh-askpass-gnome/usr/lib/ssh/gnome-ssh-askpass
60 60
61 install -o root -g root debian/init debian/tmp/etc/init.d/ssh 61 install -o root -g root debian/init debian/tmp/etc/init.d/ssh
62 62
diff --git a/debian/ssh-askpass-gnome.postinst b/debian/ssh-askpass-gnome.postinst
index 3a52d3005..7441cca29 100644
--- a/debian/ssh-askpass-gnome.postinst
+++ b/debian/ssh-askpass-gnome.postinst
@@ -24,7 +24,11 @@ set -e
24 24
25case "$1" in 25case "$1" in
26 configure) 26 configure)
27 update-alternatives --quiet --install /usr/bin/ssh-askpass ssh-askpass /usr/lib/ssh/gnome-ssh-askpass 30 27 update-alternatives --quiet \
28 --install /usr/bin/ssh-askpass ssh-askpass \
29 /usr/lib/ssh/gnome-ssh-askpass 30 \
30 --slave /usr/share/man/man1/ssh-askpass.1.gz \
31 ssh-askpass.1.gz /usr/share/man/man1/gnome-ssh-askpass.1.gz
28 32
29 33
30 ;; 34 ;;
diff --git a/debian/templates.es b/debian/templates.es
index c3cc971ca..8d7b25a34 100644
--- a/debian/templates.es
+++ b/debian/templates.es
@@ -1,78 +1,24 @@
1Template: ssh/new_config 1Template: ssh/run_sshd
2Type: boolean
3Default: true
4Description: Generate new configuration file
5 This version of OpenSSH has a considerably changed configuration file from
6 the version shipped in Debian 'Potato', which you appear to be upgrading
7 from. I can now generate you a new configuration file
8 (/etc/ssh/sshd.config), which will work with the new server version, but
9 will not contain any customisations you made with the old version.
10 .
11 Please note that this new configuration file will set the value of
12 'PermitRootLogin' to yes (meaning that anyone knowing the root password
13 can ssh directly in as root). It is the opinion of the maintainer that
14 this is the correct default (see README.Debian for more details), but you
15 can always edit sshd_config and set it to no if you wish.
16 .
17 It is strongly recommended that you let me generate a new configuration
18 file for you
19Description-es: Generar un fichero de configuración nuevo
20 Esta versión de OpenSSH tiene un fichero de configuración muy distinto del
21 que incluía la versión de 'Potato'. Parece que está actualizando desde esa
22 versión, por lo que puede generar un nuevo fichero de configuración
23 (/etc/ssh/sshd.config), que funcionará con la nueva versión del servidor,
24 pero no tendrá ninguno de los cambios que hubiera hecho a la versión
25 antigua.
26 .
27 Debe saber que este nuevo fichero de configuración pondrá el valor de
28 'PermitRootLogin' a "yes" (por lo que root podrá entrar directamente por
29 ssh). El mantenedor opina que ésta es la opción por defecto más adecuada
30 (consulte README.Debian para conocer más detalles), pero recuerde que
31 siempre puede editar sshd_config y cambiarlo.
32 .
33 Es muy recomendable generar ahora automáticamente un nuevo fichero de
34 configuración.
35
36Template: ssh/protocol2_only
37Type: boolean 2Type: boolean
38Default: true 3Default: true
39Description: Allow SSH protocol 2 only 4Description: Do you want to run the sshd server ?
40 This version of OpenSSH supports version 2 of the ssh protocol, which is 5 This package contains both the ssh client, and the sshd server.
41 much more secure. Disabling ssh 1 is encouraged, however this will slow
42 things down on low end machines and might prevent older clients from
43 connecting (the ssh client shipped with "potato" is affected).
44 . 6 .
45 Also please note that keys used for protocol 1 are different so you will 7 Normally the sshd Secure Shell Server will be run to allow remote logins
46 not be able to use them if you only allow protocol 2 connections. 8 via ssh.
47 . 9 .
48 If you later change your mind about this setting, README.Debian has 10 If you are only interested in using the ssh client for outbound
49 instructions on what to do to your sshd_config file. 11 connections on this machine, and don't want to log into it at all using
50Description-es: Permitir sólo la versión 2 del protocolo SSH 12 ssh, then you can disable sshd here.
51 Esta versión de OpenSSH soporta la versión 2 del protocolo ssh, que es 13Description-es: ¿Quiere ejecutar el servidor sshd?
52 mucho más segura que la anterior. Se recomienda no usar ssh versión 1, 14 Este paquete contiene el cliente ssh y el servidor sshd.
53 aunque irá más lento en máquinas modestas y puede impedir que se conecten
54 clientes antiguos, como por ejemplo el cliente de ssh incluido en
55 "potato".
56 . 15 .
57 También tenga en cuenta que las claves utilizadas para el protocolo 1 son 16 Generalmente, el servidor de ssh (Secure Shell Server) se ejecuta para
58 diferentes, por lo que no podrá usarlas si únicamente permite conexiones 17 permitir el acceso remoto mediante ssh.
59 mediante el protocolo 2.
60 . 18 .
61 Si cambia de opinión más tarde, el fichero README.Debian contiene 19 Si sólo está interesado en usar el cliente ssh en conexiones salientes del
62 instrucciones sobre qué ha de cambiar en el fichero sshd_config. 20 sistema y no quiere acceder a él mediante ssh, entonces puede desactivar
63 21 sshd.
64Template: ssh/ssh2_keys_merged
65Type: note
66Description: ssh2 keys merged in configuration files
67 As of version 3 OpenSSH no longer uses separate files for ssh1 and ssh2
68 keys. This means the authorized_keys2 and known_hosts2 files are no longer
69 needed. They will still be read in order to maintain backwards
70 compatibility
71Description-es: Las claves ssh2 ya se incluyen en los ficheros de configuración
72 A partir de la versión 3, OpenSSH ya no utiliza ficheros diferentes para
73 las claves ssh1 y ssh2. Esto quiere decir que ya no son necesarios los
74 ficheros authorized_keys2 y known_hosts2, aunque aún se seguirán leyendo
75 para mantener compatibilidad hacia atrás.
76 22
77Template: ssh/use_old_init_script 23Template: ssh/use_old_init_script
78Type: boolean 24Type: boolean
@@ -84,13 +30,63 @@ Description: Do you want to continue (and risk killing active ssh sessions) ?
84 . 30 .
85 You can fix this by adding "--pidfile /var/run/sshd.pid" to the 31 You can fix this by adding "--pidfile /var/run/sshd.pid" to the
86 start-stop-daemon line in the stop section of the file. 32 start-stop-daemon line in the stop section of the file.
87Description-es: ¿Desea continuar, aún a riesgo de matar todas las sesiones ssh? 33Description-es: ¿Desea continuar, aún a riesgo de matar las sesiones ssh activas?
88 La versión de /etc/init.d/ssh que tiene instalada, es muy probable que 34 La versión de /etc/init.d/ssh que tiene instalada es muy probable que
89 mate el demonio ssh. Si está actualizando mediante una sesión ssh, puede 35 mate el demonio ssh. Si está actualizando a través de una sesión ssh,
90 no ser muy buena idea. 36 puede que no sea muy buena idea.
91 . 37 .
92 Puede arreglarlo añadiendo "--pidfile /var/run/sshd.pid" a la línea 38 Puede arreglarlo añadiendo "--pidfile /var/run/sshd.pid" a la línea
93 'start-stop-daemon' en la sección 'stop' del fichero. 39 'start-stop-daemon', en la sección 'stop' del fichero.
40
41Template: ssh/SUID_client
42Type: boolean
43Default: true
44Description: Do you want /usr/lib/ssh-keysign to be installed SUID root?
45 You have the option of installing the ssh-keysign helper with the SUID bit
46 set.
47 .
48 If you make ssh-keysign SUID, you will be able to use SSH's Protocol 2
49 host-based authentication.
50 .
51 If in doubt, I suggest you install it with SUID. If it causes problems
52 you can change your mind later by running: dpkg-reconfigure ssh
53Description-es: ¿Quiere instalar /usr/lib/ssh-keysign SUID root?
54 Puede instalar ssh-keysign con el bit SUID (se ejecutará con privilegios
55 de root).
56 .
57 Si hace ssh-keysign SUID, podrá usar la autentificiación basada en
58 servidor de la versión 2 del protocolo SSH.
59 .
60 Si duda, se recomienda que lo instale SUID. Si surgen problemas puede
61 cambiar de opinión posteriormente ejecutando «dpkg-reconfigure ssh».
62
63Template: ssh/encrypted_host_key_but_no_keygen
64Type: note
65Description: Warning: you must create a new host key
66 There is an old /etc/ssh/ssh_host_key, which is IDEA encrypted. OpenSSH
67 can not handle this host key file, and I can't find the ssh-keygen utility
68 from the old (non-free) SSH installation.
69 .
70 You will need to generate a new host key.
71Description-es: Aviso: debe crear una nueva clave para su servidor
72 Su sistema tiene un /etc/ssh/ssh_host_key antiguo, que usa cifrado IDEA.
73 OpenSSH no puede manejar este fichero de claves y tampoco se encuentra la
74 utilidad ssh-keygen incluida en el paquete ssh no libre.
75 .
76 Necesitará generar una nueva clave para su servidor.
77
78Template: ssh/insecure_telnetd
79Type: note
80Description: Warning: telnetd is installed --- probably not a good idea
81 I'd advise you to either remove the telnetd package (if you don't actually
82 need to offer telnet access) or install telnetd-ssl so that there is at
83 least some chance that telnet sessions will not be sending unencrypted
84 login/password and session information over the network.
85Description-es: Aviso: tiene telnetd instalado
86 Es muy aconsejable que borre el paquete telnetd si no necesita realmente
87 ofrecer acceso mediante telnet o instalar telnetd-ssl para que las
88 contraseñas, nombres de usuario y demás información de las sesiones telnet
89 no viajen sin cifrar por la red.
94 90
95Template: ssh/forward_warning 91Template: ssh/forward_warning
96Type: note 92Type: note
@@ -104,104 +100,167 @@ Description: NOTE: Forwarding of X11 and Authorization disabled by default.
104 More details can be found in /usr/share/doc/ssh/README.Debian 100 More details can be found in /usr/share/doc/ssh/README.Debian
105Description-es: NOTA: Reenvío de X11 y Autorización desactivadas por defecto. 101Description-es: NOTA: Reenvío de X11 y Autorización desactivadas por defecto.
106 Por razones de seguridad, la versión de ssh de Debian tiene por defecto 102 Por razones de seguridad, la versión de ssh de Debian tiene por defecto
107 ForwardX11 y ForwardAgent puestas a ``off''. 103 ForwardX11 y ForwardAgent desactivadas.
108 . 104 .
109 Puede activar estas opciones para los servidores en los que confíe, en 105 Puede activar estas opciones para los servidores en los que confíe, en los
110 los ficheros de configuración o con la opción -X en línea de comandos. 106 ficheros de configuración o con la opción -X en línea de comandos.
111 . 107 .
112 Puede encontrar más detalles en /usr/share/doc/ssh/README.Debian. 108 Puede encontrar más detalles en /usr/share/doc/ssh/README.Debian.
113 109
110Template: ssh/privsep_tell
111Type: note
112Description: Privilege separation
113 This version of OpenSSH contains the new privilege separation option. This
114 significantly reduces the quantity of code that runs as root, and
115 therefore reduces the impact of security holes in sshd.
116 .
117 Unfortunately, privilege separation interacts badly with PAM. Any PAM
118 session modules that need to run as root (pam_mkhomedir, for example) will
119 fail, and PAM keyboard-interactive authentication won't work.
120 .
121 Privilege separation is turned on by default, so if you decide you want it
122 turned off, you need to add "UsePrivilegeSeparation no" to
123 /etc/ssh/sshd_config.
124 .
125 NB! If you are running a 2.0 series Linux kernel, then privilege
126 separation will not work at all, and your sshd will fail to start unless
127 you explicitly turn privilege separation off.
128Description-es: Separación de privilegios
129 Esta versión de OpenSSH incluye una nueva opción de separación de
130 privilegios que reduce significativamente la cantidad de código que se
131 ejecuta como root, por lo que reduce el impacto de posibles agujeros de
132 seguridad en sshd.
133 .
134 Desafortunadamente, la separación de privilegios no interactúa
135 correctamente con PAM. Cualquier módulo PAM que necesite ejecutarse como
136 root (como, por ejemplo, pam_mkhomedir) y la autentificación interactiva
137 PAM con teclado no funcionarán.
138 .
139 La separación de privilegios está activa por defecto, por lo que si decide
140 desactivarla, tiene que añadir "UsePrivilegeSeparation no" al fichero
141 /etc/ssh/sshd_config.
142 .
143 Nota: Si utiliza un núcleo Linux de la serie 2.0, la separación de
144 privilegios fallará estrepitosamente y sshd no funcionará a no ser que la
145 desactive.
146
147Template: ssh/ssh2_keys_merged
148Type: note
149Description: ssh2 keys merged in configuration files
150 As of version 3 OpenSSH no longer uses separate files for ssh1 and ssh2
151 keys. This means the authorized_keys2 and known_hosts2 files are no longer
152 needed. They will still be read in order to maintain backwards
153 compatibility
154Description-es: Las claves ssh2 ya se incluyen en los ficheros de configuración
155 A partir de la versión 3, OpenSSH ya no utiliza ficheros diferentes para
156 las claves ssh1 y ssh2. Esto quiere decir que ya no son necesarios los
157 ficheros authorized_keys2 y known_hosts2, aunque aún se seguirán leyendo
158 para mantener compatibilidad hacia atrás.
159
160Template: ssh/protocol2_only
161Type: boolean
162Default: true
163Description: Allow SSH protocol 2 only
164 This version of OpenSSH supports version 2 of the ssh protocol, which is
165 much more secure. Disabling ssh 1 is encouraged, however this will slow
166 things down on low end machines and might prevent older clients from
167 connecting (the ssh client shipped with "potato" is affected).
168 .
169 Also please note that keys used for protocol 1 are different so you will
170 not be able to use them if you only allow protocol 2 connections.
171 .
172 If you later change your mind about this setting, README.Debian has
173 instructions on what to do to your sshd_config file.
174Description-es: Permitir sólo la versión 2 del protocolo SSH
175 Esta versión de OpenSSH soporta la versión 2 del protocolo ssh, que es
176 mucho más segura que la anterior. Se recomienda desactivar la versión 1,
177 aunque funcionará más lento en máquinas modestas y puede impedir que se
178 conecten clientes antiguos, como, por ejemplo, el incluido en "potato".
179 .
180 También tenga en cuenta que las claves utilizadas para el protocolo 1 son
181 diferentes, por lo que no podrá usarlas si únicamente permite conexiones
182 mediante la versión 2 del protocolo.
183 .
184 Si más tarde cambia de opinión, el fichero README.Debian contiene
185 instrucciones sobre cómo modificar en el fichero sshd_config.
186
114Template: ssh/insecure_rshd 187Template: ssh/insecure_rshd
115Type: note 188Type: note
116Description: Warning: rsh-server is installed --- probably not a good idea 189Description: Warning: rsh-server is installed --- probably not a good idea
117 having rsh-server installed undermines the security that you were probably 190 having rsh-server installed undermines the security that you were probably
118 wanting to obtain by installing ssh. I'd advise you to remove that 191 wanting to obtain by installing ssh. I'd advise you to remove that
119 package. 192 package.
120Description-es: Aviso: tiene rsh-server instalado (no es una buena idea) 193Description-es: Aviso: tiene rsh-server instalado
121 Tener rsh-server instalado representa un menoscabo de la seguridad que 194 Tener rsh-server instalado representa un menoscabo de la seguridad que
122 probablemente desea obtener instalando ssh. Le aconsejaría borrar ese 195 probablemente desea obtener instalando ssh. Es muy aconsejable que borre
123 paquete. 196 ese paquete.
124 197
125Template: ssh/insecure_telnetd 198Template: ssh/privsep_ask
126Type: note
127Description: Warning: telnetd is installed --- probably not a good idea
128 I'd advise you to either remove the telnetd package (if you don't actually
129 need to offer telnet access) or install telnetd-ssl so that there is at
130 least some chance that telnet sessions will not be sending unencrypted
131 login/password and session information over the network.
132Description-es: Aviso: tiene telnetd instalado (no es una buena idea)
133 Le aconsejaría borrar el paquete telnetd si no necesita realmente
134 ofrecer acceso mediante telnet o instalar telnetd-ssl para que las
135 contraseñas, login y demás información de las sesiones telnet no viajen
136 sin cifrar por la red.
137
138Template: ssh/encrypted_host_key_but_no_keygen
139Type: note
140Description: Warning: you must create a new host key
141 There is an old /etc/ssh/ssh_host_key, which is IDEA encrypted. OpenSSH
142 can not handle this host key file, and I can't find the ssh-keygen utility
143 from the old (non-free) SSH installation.
144 .
145 You will need to generate a new host key.
146Description-es: Aviso: debe crear una nueva clave para su servidor
147 Su sistema tiene un /etc/ssh/ssh_host_key antiguo, que usa cifrado IDEA.
148 OpenSSH no puede manejar este fichero de claves y tampoco se encuentra la
149 utilidad ssh-keygen incluida en el paquete ssh no libre.
150 .
151 Necesitará generar una nueva clave para su servidor.
152
153Template: ssh/SUID_client
154Type: boolean 199Type: boolean
155Default: true 200Default: true
156Description: Do you want /usr/bin/ssh to be installed SUID root? 201Description: Enable Privilege separation
157 You have the option of installing the ssh client with the SUID bit set. 202 This version of OpenSSH contains the new privilege separation option. This
203 significantly reduces the quantity of code that runs as root, and
204 therefore reduces the impact of security holes in sshd.
158 . 205 .
159 If you make ssh SUID, you will be able to use Rhosts/RhostsRSA 206 Unfortunately, privilege separation interacts badly with PAM. Any PAM
160 authentication, but will not be able to use socks via the LD_PRELOAD 207 session modules that need to run as root (pam_mkhomedir, for example) will
161 trick. This is the traditional approach. 208 fail, and PAM keyboard-interactive authentication won't work.
162 . 209 .
163 If you do not make ssh SUID, you will be able to use socks, but 210 Since you've opted to have me generate an sshd_config file for you, you
164 Rhosts/RhostsRSA authentication will stop working, which may stop you 211 can choose whether or not to have Privilege Separation turned on or not.
165 logging in to remote systems. It will also mean that the source port will 212 Unless you are running 2.0 (in which case you *must* say no here or your
166 be above 1024, which may confound firewall rules you've set up. 213 sshd won't start at all) or know you need to use PAM features that won't
214 work with this option, you should say yes here.
215Description-es: Activar separación de privilegios
216 Esta versión de OpenSSH incluye una nueva opción de separación de
217 privilegios que reduce significativamente la cantidad de código que se
218 ejecuta como root, por lo que reduce el impacto de posibles agujeros de
219 seguridad en sshd.
167 . 220 .
168 If in doubt, I suggest you install it with SUID. If it causes problems 221 Desafortunadamente, la separación de privilegios no interactúa
169 you can change your mind later by running: dpkg-reconfigure ssh 222 correctamente con PAM. Cualquier módulo PAM que necesite ejecutarse como
170Description-es: ¿Desea hacer que /usr/bin/ssh se ejecute con permisos de root? 223 root (como, por ejemplo, pam_mkhomedir) y la autentificación PAM mediante
171 Tiene la posibilidad de instalar el cliente ssh setuid root. 224 teclado no funcionarán.
172 . 225 .
173 Instalarlo setuid root le permitirá usar la autentificación 226 Puesto que ha elegido crear automáticamente el fichero sshd_config, puede
174 Rhosts/RhostsRSA, pero no podrá usar socks mediante el truco de 227 decidir ahora si quiere activar la opción de separación de privilegios. A
175 LD_PRELOAD. Tradicionalmente, este ha sido el enfoque más habitual. 228 menos que utilice la versión 2.0 (en cuyo caso debe responer no aquí o
176 . 229 sshd no arrancará) o sepa que necesita usar ciertas características de PAM
177 Si no hace ssh setuid, podrá usar socks pero la autentificación 230 que funcionan con esta opción, debería responder sí a esta pregunta.
178 Rhosts/RhostsRSA dejará de funcionar, lo cual le puede impedir el acceso
179 a sistemas remotos. También significará que el puerto de origen se
180 encontrará por encima del 1024, lo cual puede confundir a las reglas del
181 cortafuegos que haya configurado.
182 .
183 Si tiene dudas, le sugiero que lo instale sin setuid. Si esto le causa
184 algún problema puede cambiar posteriormente la configuración ejecutando:
185 dpkg-reconfigure ssh
186 231
187Template: ssh/run_sshd 232Template: ssh/new_config
188Type: boolean 233Type: boolean
189Default: true 234Default: true
190Description: Do you want to run the sshd server ? 235Description: Generate new configuration file
191 This package contains both the ssh client, and the sshd server. 236 This version of OpenSSH has a considerably changed configuration file from
237 the version shipped in Debian 'Potato', which you appear to be upgrading
238 from. I can now generate you a new configuration file
239 (/etc/ssh/sshd.config), which will work with the new server version, but
240 will not contain any customisations you made with the old version.
192 . 241 .
193 Normally the sshd Secure Shell Server will be run to allow remote logins 242 Please note that this new configuration file will set the value of
194 via ssh. 243 'PermitRootLogin' to yes (meaning that anyone knowing the root password
244 can ssh directly in as root). It is the opinion of the maintainer that
245 this is the correct default (see README.Debian for more details), but you
246 can always edit sshd_config and set it to no if you wish.
195 . 247 .
196 If you are only interested in using the ssh client for outbound 248 It is strongly recommended that you let me generate a new configuration
197 connections on this machine, and don't want to log into it at all using 249 file for you.
198 ssh, then you can disable sshd here. 250Description-es: Generar un nuevo fichero de configuración
199Description-es: ¿Quiere ejecutar el servidor sshd? 251 Esta versión de OpenSSH tiene un fichero de configuración
200 Este paquete contiene el cliente ssh y el servidor sshd. 252 considerablemente diferente del incluido en Debian Potato, que es la
253 versión desde la que parece estar actualizando. Puede crear
254 automáticamente un nuevo fichero de configuración (/etc/ssh/sshd_config),
255 que funcionará con la nueva versión del servidor, pero no incuirá las
256 modificaciones que hiciera en la versión antigua.
201 . 257 .
202 Generalmente, el servidor de ssh se ejecuta para permitir el acceso 258 Además, recuerde que este nuevo fichero de configuración dirá sí en la
203 mediante ssh. 259 opción 'PermitRootLogin', por lo que cualquiera que conozca la contraseña
260 de root podrá entrar mediante ssh directamente como root. En opinión del
261 mantenedor ésta es la opción predeterminada más adecuada (puede leer
262 README.Debian si quiere conocer más detalles), pero siempre puede editar
263 sshd_config y poner no si lo desea.
204 . 264 .
205 Si sólo está interesado en usar el cliente ssh en conexiones salientes de 265 Es muy recomendable que permita que se genere un nuevo fichero de
206 esta máquina, y no quiere acceder a ella mediante ssh, entonces puede 266 configuración ahora.
207 desactivar sshd.
diff --git a/debian/templates.fr b/debian/templates.fr
index f23a83ae1..5eee0f92a 100644
--- a/debian/templates.fr
+++ b/debian/templates.fr
@@ -12,30 +12,29 @@ Description: Privilege separation
12 . 12 .
13 Privilege separation is turned on by default, so if you decide you 13 Privilege separation is turned on by default, so if you decide you
14 want it turned off, you need to add "UsePrivilegeSeparation no" to 14 want it turned off, you need to add "UsePrivilegeSeparation no" to
15 /etc/ssh/sshd_config 15 /etc/ssh/sshd_config.
16 . 16 .
17 NB! If you are running a 2.0 series Linux kernel, then privilege 17 NB! If you are running a 2.0 series Linux kernel, then privilege
18 separation will not work at all, and your sshd will fail to start 18 separation will not work at all, and your sshd will fail to start
19 unless you explicity turn privilege separation off. 19 unless you explicitly turn privilege separation off.
20Description-fr: La séparation des privilèges 20Description-fr: Séparation des privilèges
21 Cette version d'OpenSSH est livrée avec la nouvelle option de 21 Cette version d'OpenSSH est livrée avec la nouvelle option de
22 séparation des privilèges. Celà réduit de manière signifiante la 22 séparation des privilèges. Cela réduit de manière significative la
23 quantité de code s'exéctutant en tant que root, et donc réduit 23 quantité de code s'exécutant en tant que super-utilisateur, et donc
24 l'impact des trous de sécurité dans sshd. 24 réduit l'impact des trous de sécurité dans sshd.
25 . 25 .
26 Malheureusement, la séparation des privilèges intéragit mal avec PAM. 26 Malheureusement, la séparation des privilèges interagit mal avec PAM.
27 Tous les modules de session PAM ayant besoin d'être exécuté en tant que 27 Tous les modules de session PAM qui doivent être exécutés en tant
28 root (pam_mkhomedir, par exemple) ne s'exécutera pas, et 28 que super-utilisateur (pam_mkhomedir, par exemple) ne s'exécuteront
29 l'authentification intéractive au clavier ne fonctionnera pas. 29 pas, et l'authentification interactive au clavier ne fonctionnera pas.
30 . 30 .
31 La séparation des privilèges est activée par défaut, donc si vous 31 La séparation des privilèges est activée par défaut ; si vous
32 souhaitez la désactiver, vous devez ajouter «UsePrivilegeSeparation no» 32 souhaitez la désactiver, vous devez ajouter « UsePrivilegeSeparation
33 dans /etc/ssh/sshd_config 33 no » dans /etc/ssh/sshd_config.
34 . 34 .
35 NB! Si vous avez un noyau Linux de la série des 2.0, alors la 35 NB ! Si vous avez un noyau Linux de la série des 2.0, la séparation
36 séparation des privilèges ne fonctionnera pas, et votre démon sshd ne 36 des privilèges ne fonctionne pas, et votre démon sshd ne se lancera
37 se lancera pas jusqu'à ce que vous désactiviez explicitement la 37 que si vous avez explicitement désactivé la séparation des privilèges.
38 séparation des privilèges.
39 38
40Template: ssh/privsep_ask 39Template: ssh/privsep_ask
41Type: boolean 40Type: boolean
@@ -55,23 +54,24 @@ Description: Enable Privilege separation
55 or not. Unless you are running 2.0 (in which case you *must* say no 54 or not. Unless you are running 2.0 (in which case you *must* say no
56 here or your sshd won't start at all) or know you need to use PAM 55 here or your sshd won't start at all) or know you need to use PAM
57 features that won't work with this option, you should say yes here. 56 features that won't work with this option, you should say yes here.
58Description-fr: Activation de la séparation des privilèges 57Description-fr: Activer la séparation des privilèges
59 Cette version d'OpenSSH est livrée avec la nouvelle option de 58 Cette version d'OpenSSH est livrée avec la nouvelle option de
60 séparation des privilèges. Celà réduit de manière signifiante la 59 séparation des privilèges. Cela réduit de manière significative la
61 quantité de code s'exéctutant en tant que root, et donc réduit 60 quantité de code s'exécutant en tant que super-utilisateur, et donc
62 l'impact des trous de sécurité dans sshd. 61 réduit l'impact des trous de sécurité dans sshd.
63 . 62 .
64 Malheureusement, la séparation des privilèges intéragit mal avec PAM. 63 Malheureusement, la séparation des privilèges interagit mal avec PAM.
65 Tous les modules de session PAM ayant besoin d'être exécuté en tant que 64 Tous les modules de session PAM qui doivent être exécutés en tant
66 root (pam_mkhomedir, par exemple) ne s'exécutera pas, et 65 que super-utilisateur (pam_mkhomedir, par exemple) ne s'exécuteront
67 l'authentification intéractive au clavier ne fonctionnera pas. 66 pas, et l'authentification interactive au clavier ne fonctionnera pas.
68 . 67 .
69 Comme vous souhaitez que je génère le fichier de configuration à votre 68 Comme vous souhaitez que je génère le fichier de configuration
70 place, vous pouvez choisir d'activer ou non l'option de séparation des 69 sshd_config à votre place, vous pouvez choisir d'activer ou non
71 privilèges. Si vous utilisez un noyau 2.0 (dans ce cas vous *devez* 70 l'option de séparation des privilèges. Si vous utilisez un noyau 2.0
72 répondre non ici ou bien sshd ne se lancera pas) ou bien si vous avez 71 (dans ce cas vous *devez* désactiver cette option ou alors sshd ne se
73 besoin de fonctionnalités PAM, cela ne fonctionnera pas avec cette 72 lancera pas) ou bien si vous avez besoin de fonctionnalités PAM, cela
74 option d'activée, dans le cas contraire vous pouvez dire oui. 73 ne fonctionnera pas si cette option est activée, dans le cas contraire
74 vous devriez l'activer.
75 75
76Template: ssh/new_config 76Template: ssh/new_config
77Type: boolean 77Type: boolean
@@ -90,26 +90,26 @@ Description: Generate new configuration file
90 edit sshd_config and set it to no if you wish. 90 edit sshd_config and set it to no if you wish.
91 . 91 .
92 It is strongly recommended that you let me generate a new configuration file 92 It is strongly recommended that you let me generate a new configuration file
93 for you 93 for you.
94Description-fr: Gération du fichier de configuration 94Description-fr: Créer un nouveau fichier de configuration
95 Cette version d'OpenSSH possède un fichier de configuration 95 Cette version d'OpenSSH utilise un fichier de configuration qui a
96 considérablement différent de celui fournit avec la Debian 'Potato', 96 énormément chan depuis la version contenue dans la distribution
97 qui apparement est la version à partir de laquelle vous effectuez la 97 Debian « Potato », depuis laquelle vous semblez faire une mise à jour.
98 mise à jour. Je peux générer pour vous un nouveau fichier de 98 Je peux générer maintenant pour vous un nouveau fichier de
99 configuration (/etc/ssh/sshd_config), lequel fonctionnera avec la 99 configuration (/etc/ssh/sshd.config) qui marchera avec la nouvelle
100 nouvelle version du serveur, mais ne contiendra aucuns des paramétrages 100 version du serveur, mais ne contiendra aucun des réglages que vous avez
101 personnels que vous avaient déjà fait. 101 faits sur l'ancienne version.
102 . 102 .
103 Notez que le nouveau fichier de configuration mettre l'option 103 Veuillez noter que ce nouveau fichier de configuration positionnera la
104 'PermitRootLogin' à yes (signifiant que toute personne connaissant le 104 valeur de « PermitRootLogin » à « yes » (ce qui signifie que quiconque
105 mot de passe root pourra directement se connecter en tant que root). 105 connaissant le mot de passe du super-utilisateur peut se connecter
106 C'est ce que considère comme option par défaut le mainteneur (voir le 106 en tant que tel sur la machine). Le responsable du paquet
107 fichier README.Debian pour plus de détails), mais vous pouvez toujours 107 pense que c'est là un comportement parfaut normal (lisez
108 éditer le fichier sshd_config et mettre la valeur à no si vous le 108 README.Debian pour plus d'informations), mais vous pouvez toujours
109 souhaitez. 109 éditer le fichier sshd_config et changer cela.
110 . 110 .
111 Il est fortement conseillé de me laisser générer le nouveau fichier de 111 Il est fortement recommandé que vous me laissiez générer le nouveau
112 configuration à votre place. 112 fichier de configuration.
113 113
114Template: ssh/protocol2_only 114Template: ssh/protocol2_only
115Type: boolean 115Type: boolean
@@ -126,20 +126,19 @@ Description: Allow SSH protocol 2 only
126 If you later change your mind about this setting, README.Debian has 126 If you later change your mind about this setting, README.Debian has
127 instructions on what to do to your sshd_config file. 127 instructions on what to do to your sshd_config file.
128Description-fr: Permettre seulement la version 2 du protocole SSH 128Description-fr: Permettre seulement la version 2 du protocole SSH
129 Cette version d'OpenSSH supporte la version 2 du protocole ssh, lequel 129 Cette version d'OpenSSH connaît la version 2 du protocole ssh, qui est
130 étant beaucoup plus sécurisé. Désactiver ssh 1 est conseillé, sinon 130 bien plus sûre. Désactiver ssh 1 est une bonne chose, cependant cela
131 cela risque de ralentir les transactions et les machines et cela peut 131 peut ralentir les machines peu puissantes et pourrait empêcher ceux qui
132 prévenir de la connexion d'anciens client (le client ssh fournit dans 132 utilisent des vieilles versions de la partie cliente de se connecter
133 la «potato» est affecté). 133 (le client ssh de la distribution Debian « Potato » en fait partie).
134 . 134 .
135 De plus, les clés utilisés par la version 1 du protocol sont 135 De plus, les clés utilisées par la version 1 du protocole sont
136 différentes et vous ne serez donc plus capable de les utiliser si vous 136 différentes et vous ne pourrez pas les utiliser si vous
137 n'autoriser seulement que les connexions utilisant la version 2 du 137 n'autorisez que les connexions utilisant la version 2 du protocole.
138 protocole. 138 .
139 . 139 Si vous changez d'avis ultérieurement et décidez de modifier ce
140 Si vous changez d'avis ultérieurement par rapport à ce point de 140 réglage, les instructions fournies dans le fichier README.Debian vous
141 configuration, les instructions sur ce que vous devez modifier dans le 141 indiquent comment modifier le fichier sshd_config.
142 fichier sshd_config sont fournies dans le README.Debian.
143 142
144Template: ssh/ssh2_keys_merged 143Template: ssh/ssh2_keys_merged
145Type: note 144Type: note
@@ -148,11 +147,11 @@ Description: ssh2 keys merged in configuration files
148 ssh2 keys. This means the authorized_keys2 and known_hosts2 files 147 ssh2 keys. This means the authorized_keys2 and known_hosts2 files
149 are no longer needed. They will still be read in order to maintain 148 are no longer needed. They will still be read in order to maintain
150 backwards compatibility 149 backwards compatibility
151Description-fr: Agrégation des clés ssh2 dans le fichier de configuration 150Description-fr: Clés pour ssh2 fusionnées dans les fichiers de configuration
152 Étant donné que la version 3 d'OpenSSH n'utilise plus de fichiers 151 OpenSSH, depuis sa version 3, n'utilise plus de fichiers distincts pour
153 séparé pour les clés ssh1 et ssh2. Cela signifie que les fichier 152 les clés ssh1 et ssh2. Cela signifie que les fichiers authorized_keys2
154 authorized_key2 et known_hosts2 ne sont plus nécessaires. Ils sont 153 et known_hosts2 ne sont plus utiles. Ils seront néanmoins lus afin de
155 quand même lus afin de concerver une compatibilité ascendante. 154 préserver la compatibilité descendante.
156 155
157Template: ssh/use_old_init_script 156Template: ssh/use_old_init_script
158Type: boolean 157Type: boolean
@@ -164,13 +163,14 @@ Description: Do you want to continue (and risk killing active ssh sessions) ?
164 . 163 .
165 You can fix this by adding "--pidfile /var/run/sshd.pid" to the 164 You can fix this by adding "--pidfile /var/run/sshd.pid" to the
166 start-stop-daemon line in the stop section of the file. 165 start-stop-daemon line in the stop section of the file.
167Description-fr: Voulez vous continuer (et risquer de rompre les sessions ssh actives) ? 166Description-fr: Voulez-vous continuer (et risquer de rompre les sessions ssh actives) ?
168 Il est probable que la version de /etc/init.d/ssh installée en ce moment 167 Il est probable que la version de /etc/init.d/ssh installée en ce moment
169 tue toutes les instances de sshd lancées en ce moment. Si vous faite une 168 tue toutes les instances de sshd en cours. En cas de mise à jour par ssh,
170 mise à jour via ssh, ca serait une Mauvaise Chose(tm). 169 ça serait une mauvaise idée.
171 . 170 .
172 Vous pouvez corriger /etc/init.d/ssh en ajoutant '--pidfile /var/run/sshd.pid' 171 Vous pouvez corriger cela en ajoutant dans /etc/init.d/ssh « --pidfile
173 a la ligne 'start-stop-daemon' dans la section 'stop' du fichier. 172 /var/run/sshd.pid » à la ligne « start-stop-daemon » dans la section
173 « stop » du fichier.
174 174
175Template: ssh/forward_warning 175Template: ssh/forward_warning
176Type: note 176Type: note
@@ -182,11 +182,11 @@ Description: NOTE: Forwarding of X11 and Authorization disabled by default.
182 in one of the configuration files, or with the -X command line option. 182 in one of the configuration files, or with the -X command line option.
183 . 183 .
184 More details can be found in /usr/share/doc/ssh/README.Debian 184 More details can be found in /usr/share/doc/ssh/README.Debian
185Description-fr: NOTE: Suivi de session X11 et d'agent d'autorisation désactivés par défaut. 185Description-fr: NOTE : suivi de session X11 et d'agent d'autorisation désactivés par défaut.
186 Pour des raisons de sécurité, la version Debian de ssh positionne les 186 Pour des raisons de sécurité, la version Debian de ssh positionne les
187 options ForwardX11 et ForwardAgent a ``Off'' par défaut. 187 options ForwardX11 et ForwardAgent à « Off » par défaut.
188 . 188 .
189 Vous pouvez activer ces options pour les serveurs en lesquels vous avez 189 Vous pouvez activer ces options pour les serveurs en qui vous avez
190 confiance, soit dans un des fichiers de configuration, soit avec l'option 190 confiance, soit dans un des fichiers de configuration, soit avec l'option
191 -X de la ligne de commande. 191 -X de la ligne de commande.
192 . 192 .
@@ -197,10 +197,10 @@ Type: note
197Description: Warning: rsh-server is installed --- probably not a good idea 197Description: Warning: rsh-server is installed --- probably not a good idea
198 having rsh-server installed undermines the security that you were probably 198 having rsh-server installed undermines the security that you were probably
199 wanting to obtain by installing ssh. I'd advise you to remove that package. 199 wanting to obtain by installing ssh. I'd advise you to remove that package.
200Description-fr: Attention: le paquet rsh-server est installé --- ce n'est probablement pas une bonne idée 200Description-fr: Attention : rsh-server est installé -- ce n'est probablement pas une bonne idée
201 Avoir un serveur rsh installé affaibli la sécurité que vous vouliez 201 Avoir un serveur rsh installé affaiblit la sécurité que vous vouliez
202 probablement obtenir en installant ssh. Je vous conseillerais de 202 probablement obtenir en installant ssh. Je vous conseille de
203 déinstaller ce paquet. 203 supprimer ce paquet.
204 204
205Template: ssh/insecure_telnetd 205Template: ssh/insecure_telnetd
206Type: note 206Type: note
@@ -209,12 +209,12 @@ Description: Warning: telnetd is installed --- probably not a good idea
209 need to offer telnet access) or install telnetd-ssl so that there is at 209 need to offer telnet access) or install telnetd-ssl so that there is at
210 least some chance that telnet sessions will not be sending unencrypted 210 least some chance that telnet sessions will not be sending unencrypted
211 login/password and session information over the network. 211 login/password and session information over the network.
212Description-fr: Attention: le paquet telnetd est installé --- ce n'est probablement pas une bonne idée 212Description-fr: Attention : telnetd est installé -- ce n'est probablement pas une bonne idée
213 Je vous conseillerais de, soit enlever le paquet telnetd (si ce service 213 Je vous conseille soit d'enlever le paquet telnetd (si ce service
214 n'est pas nécessaire), soit de le remplacer par le paquet telnetd-ssl 214 n'est pas nécessaire), soit de le remplacer par le paquet telnetd-ssl pour
215 pour qu'il y ait au moins une chance que les sessions telnet soient 215 qu'il y ait au moins une chance que les sessions telnet soient chiffrées
216 encryptées et que les mot de passes et logins ne passent pas en clair sur 216 et que les mots de passe et noms d'utilisateurs ne passent pas en clair
217 le réseau. 217 sur le réseau.
218 218
219Template: ssh/encrypted_host_key_but_no_keygen 219Template: ssh/encrypted_host_key_but_no_keygen
220Type: note 220Type: note
@@ -224,10 +224,12 @@ Description: Warning: you must create a new host key
224 ssh-keygen utility from the old (non-free) SSH installation. 224 ssh-keygen utility from the old (non-free) SSH installation.
225 . 225 .
226 You will need to generate a new host key. 226 You will need to generate a new host key.
227Description-fr: Attention: vous devez créer une nouvelle clé d'hôte 227Description-fr: Attention : vous devez créer une nouvelle clé d'hôte
228 Il existe un vieux /etc/ssh/ssh_host_key qui est encrypté avec IDEA. 228 Il existe un vieux /etc/ssh/ssh_host_key qui est chiffré avec IDEA.
229 OpenSSH ne peut utiliser ce fichier de clé, et je ne peux trouver 229 OpenSSH ne peut utiliser ce fichier de clé, et je ne peux trouver
230 l'utilitaire ssh-keygen de l'installation précédente (non libre) de SSH. 230 l'utilitaire ssh-keygen de l'installation précédente (non libre) de SSH.
231 .
232 Vous aurez besoin de générer une nouvelle clé d'hôte.
231 233
232Template: ssh/SUID_client 234Template: ssh/SUID_client
233Type: boolean 235Type: boolean
@@ -241,16 +243,17 @@ Description: Do you want /usr/lib/ssh-keysign to be installed SUID root?
241 . 243 .
242 If in doubt, I suggest you install it with SUID. If it causes 244 If in doubt, I suggest you install it with SUID. If it causes
243 problems you can change your mind later by running: dpkg-reconfigure ssh 245 problems you can change your mind later by running: dpkg-reconfigure ssh
244Description-fr: Souhaitez-vous que /usr/lib/ssh-keysign soit installé avec le bit SETUID root d'activé ? 246Description-fr: Voulez-vous que /usr/lib/ssh-keysign soit installé avec le bit SETUID activé ?
245 Vous avez la possibilité d'installer ssh-keysign avec le bit SETIUD 247 Vous avez la possibilité d'installer ssh-keysign avec le bit SETUID
246 d'activé. 248 activé.
247 . 249 .
248 Si vous mettez sshèkeysign avec le bit SETUID, vous permettrez 250 Si vous mettez ssh-keysign avec le bit SETUID, vous permettrez
249 l'authentification basé sur les hôtes de la version 2 du protocole ssh. 251 l'authentification basée sur les hôtes, disponible dans la version 2 du
252 protocole SSH.
250 . 253 .
251 Dans le doute, je vous suggère de l'installer avec le bit SETUID 254 Dans le doute, je vous suggère de l'installer avec le bit SETUID
252 d'activé. Si cela vous cause des problèmes vous pourrez revenir sur 255 activé. Si cela vous cause des problèmes, vous pourrez revenir sur
253 votre désicion: dpkg-reconfigure ssh 256 votre décision avec « dpkg-reconfigure ssh ».
254 257
255Template: ssh/run_sshd 258Template: ssh/run_sshd
256Type: boolean 259Type: boolean
@@ -264,13 +267,12 @@ Description: Do you want to run the sshd server ?
264 If you are only interested in using the ssh client for outbound 267 If you are only interested in using the ssh client for outbound
265 connections on this machine, and don't want to log into it at all 268 connections on this machine, and don't want to log into it at all
266 using ssh, then you can disable sshd here. 269 using ssh, then you can disable sshd here.
267Description-fr: Voulez vous utiliser le serveur sshd ? 270Description-fr: Voulez-vous utiliser le serveur sshd ?
268 Ce paquet contient a la fois le client ssh et le serveur sshd. 271 Ce paquet contient à la fois le client ssh et le serveur sshd.
269 . 272 .
270 Normalement le serveur sshd sera lancé pour permettre les logins distants 273 Normalement le serveur sshd est lancé pour permettre les connexions
271 via ssh. 274 distantes via ssh.
272 . 275 .
273 Si vous désirez seulement utiliser le client ssh pour vous connecter a 276 Si vous désirez seulement utiliser le client ssh pour des connexions vers
274 distance sur d'autres machines a partir de celle-ci, et que vous ne 277 l'extérieur, ou si vous ne voulez pas vous connecter sur cette machine
275 voulez pas vous logguer sur cette machine a distance via ssh, alors vous 278 via ssh, vous pouvez désactiver sshd maintenant.
276 pouvez désactiver sshd maintenant.
diff --git a/debian/templates.pl b/debian/templates.pl
new file mode 100644
index 000000000..d4b8fda6d
--- /dev/null
+++ b/debian/templates.pl
@@ -0,0 +1,264 @@
1Template: ssh/privsep_tell
2Type: note
3Description: Privilege separation
4 This version of OpenSSH contains the new privilege separation
5 option. This significantly reduces the quantity of code that runs as
6 root, and therefore reduces the impact of security holes in sshd.
7 .
8 Unfortunately, privilege separation interacts badly with PAM. Any
9 PAM session modules that need to run as root (pam_mkhomedir, for
10 example) will fail, and PAM keyboard-interactive authentication
11 won't work.
12 .
13 Privilege separation is turned on by default, so if you decide you
14 want it turned off, you need to add "UsePrivilegeSeparation no" to
15 /etc/ssh/sshd_config.
16 .
17 NB! If you are running a 2.0 series Linux kernel, then privilege
18 separation will not work at all, and your sshd will fail to start
19 unless you explicitly turn privilege separation off.
20Description-pl: Separacja uprawnieñ
21 Ta wersja OpenSSH zawiera now± opcjê separacji uprawnieñ. Znacz±co
22 zmniejsza ona ilo¶æ kodu, który jest uruchamiany jako root i co
23 za tym idzie redukuje efekty luk bezpieczeñstwa w sshd.
24 .
25 Niestety separacja uprawnieñ ¼le reaguje z PAMem. Jakikolwiek modu³
26 sesji PAM, który musi byæ uruchamiany jako root (pam_mkhomedir, na
27 przyk³ad) zawiedzie. Nie bêdzie dzia³aæ równie¿ interaktywna
28 autentykacja z klawiatury (keyboard-interactive authentication).
29 .
30 Separacja uprawnieñ jest domy¶lnie w³±czona, wiêc je¶li zdecydujesz
31 siê j± wy³±czyæ, musisz dodaæ "UsePrivilegeSeparation no" do pliku
32 /etc/ssh/sshd_config.
33 .
34 UWAGA! Je¿eli u¿ywasz j±dra Linux'a z serii 2.0, to separacja uprawnieñ
35 w ogóle nie bêdzie dzia³aæ i sshd nie wystartuje dopóki w³asnorêcznie
36 nie wy³±czysz separacji uprawnieñ w /etc/ssh/sshd_config.
37
38Template: ssh/privsep_ask
39Type: boolean
40Default: true
41Description: Enable Privilege separation
42 This version of OpenSSH contains the new privilege separation
43 option. This significantly reduces the quantity of code that runs as
44 root, and therefore reduces the impact of security holes in sshd.
45 .
46 Unfortunately, privilege separation interacts badly with PAM. Any
47 PAM session modules that need to run as root (pam_mkhomedir, for
48 example) will fail, and PAM keyboard-interactive authentication
49 won't work.
50 .
51 Since you've opted to have me generate an sshd_config file for you,
52 you can choose whether or not to have Privilege Separation turned on
53 or not. Unless you are running 2.0 (in which case you *must* say no
54 here or your sshd won't start at all) or know you need to use PAM
55 features that won't work with this option, you should say yes here.
56Description-pl: W³±czenie separacji uprawnieñ
57 Ta wersja OpenSSH zawiera now± opcjê separacji uprawnieñ. Znacz±co
58 zmniejsza ona ilo¶æ kodu, który jest uruchamiany jako root i co
59 za tym idzie redukuje efekty luk bezpieczeñstwa w sshd.
60 .
61 Niestety separacja uprawnieñ ¼le reaguje z PAMem. Jakikolwiek modu³
62 sesji PAM, który musi byæ uruchamiany jako root (pam_mkhomedir, na
63 przyk³ad) zawiedzie. Nie bêdzie dzia³aæ równie¿ interaktywna
64 autentykacja z klawiatury (keyboard-interactive authentication).
65 .
66 Zdecydowa³e¶ siê na to abym wygenerowa³ dla ciebie plik sshd_config,
67 i mo¿esz wybraæ czy chcesz w³±czyæ Separacjê Uprawnieñ, czy te¿ nie.
68 Je¶li nie u¿ywasz j±dra z serii 2.0 (w którym to przypadku *musisz*
69 odpowiedzieæ tutaj 'nie' albo sshd w ogóle nie ruszy) i je¶li nie
70 musisz korzystaæ z mo¿liwo¶ci PAMa, które nie bêd± dzia³a³y z t± opcj±,
71 powiniene¶ odpowiedzieæ tutaj 'tak'.
72
73Template: ssh/new_config
74Type: boolean
75Default: true
76Description: Generate new configuration file
77 This version of OpenSSH has a considerably changed configuration file from
78 the version shipped in Debian 'Potato', which you appear to be upgrading from.
79 I can now generate you a new configuration file (/etc/ssh/sshd.config), which
80 will work with the new server version, but will not contain any customisations
81 you made with the old version.
82 .
83 Please note that this new configuration file will set the value of
84 'PermitRootLogin' to yes (meaning that anyone knowing the root password can
85 ssh directly in as root). It is the opinion of the maintainer that this is
86 the correct default (see README.Debian for more details), but you can always
87 edit sshd_config and set it to no if you wish.
88 .
89 It is strongly recommended that you let me generate a new configuration file
90 for you.
91Description-pl: Wygeneruj nowy plik konfiguracyjny
92 W tej wersji OpenSSH zmieni³ siê plik konfiguracyjny w stosunku do wersji
93 dostarczanej z Debianem 'Potato', któr± zdajesz siê aktualizowaæ. Mogê teraz
94 wygenerowaæ nowy plik konfiguracyjny (/etc/ssh/sshd.config), który bêdzie
95 dzia³a³ z now± wersj± serwera, ale nie bêdzie zawiera³ ¿adnych dokonanych
96 przez ciebie w starej wersji zmian.
97 .
98 Zauwa¿ proszê, ¿e nowy plik konfiguracyjny bêdzie ustawia³ warto¶æ opcji
99 'PermitRootLogin' na 'tak' (co oznacza, ¿e ka¿dy kto zna has³o root'a mo¿e
100 zdalnie zalogowaæ siê przez ssh jako root). W opinii opiekuna pakietu to
101 jest poprawna warto¶æ domy¶lna (szczegó³y w README.Debian), ale mo¿esz sobie
102 wyedytowaæ sshd_config i ustawiæ tê opcjê na 'nie' je¶li siê z t± opini± nie
103 zgadzasz.
104 .
105 Jest bardzo wskazane aby¶ pozwoli³ mi wygenerowaæ nowy plik konfiguracyjny.
106
107Template: ssh/protocol2_only
108Type: boolean
109Default: true
110Description: Allow SSH protocol 2 only
111 This version of OpenSSH supports version 2 of the ssh protocol, which
112 is much more secure. Disabling ssh 1 is encouraged, however this
113 will slow things down on low end machines and might prevent older
114 clients from connecting (the ssh client shipped with "potato" is affected).
115 .
116 Also please note that keys used for protocol 1 are different so you will
117 not be able to use them if you only allow protocol 2 connections.
118 .
119 If you later change your mind about this setting, README.Debian has
120 instructions on what to do to your sshd_config file.
121Description-pl: Zezwalaj wy³±cznie na wersjê 2 protoko³u SSH
122 Ta wersja OpenSSH wspiera drug± wersjê protoko³u ssh, która jest znacznie
123 bardziej bezpieczna. Wy³±czenie ssh 1 jest zalecane, choæ spowalnia to
124 dzia³anie na starych maszynach i mo¿e uniemo¿liwiæ po³±czenie starszym
125 wersjom klientów (dotyczy to np. klienta ssh do³±czanego do "potato").
126 .
127 Ponadto, zauwa¿ proszê, ¿e klucze u¿ywane przez protokó³ 1 s± inne, wiêc
128 nie bêdziesz móg³ ich u¿ywaæ je¶li zezwolisz na korzystanie wy³±cznie z
129 wersji 2 protoko³u.
130 .
131 Je¶li pó¼niej zmienisz zdanie co do tego ustawienia, to instrukcje co
132 zmieniæ w sshd_config znajduj± siê w README.Debian.
133
134Template: ssh/ssh2_keys_merged
135Type: note
136Description: ssh2 keys merged in configuration files
137 As of version 3 OpenSSH no longer uses separate files for ssh1 and
138 ssh2 keys. This means the authorized_keys2 and known_hosts2 files
139 are no longer needed. They will still be read in order to maintain
140 backwards compatibility
141Description-pl: klucze ssh2 w³±czone do plików konfiguracyjnych
142 Pocz±wszy od wersji 3 OpenSSH nie u¿ywa ju¿ osobnych plików dla kluczy
143 ssh1 i ssh2. Oznacza to, ¿e pliki authorized_keys2 i known_hosts2 nie
144 s± ju¿ potrzebne. Bêd± one jednak odczytywane aby zachowaæ wsteczn±
145 kompatybilno¶æ.
146
147Template: ssh/use_old_init_script
148Type: boolean
149Default: false
150Description: Do you want to continue (and risk killing active ssh sessions) ?
151 The version of /etc/init.d/ssh that you have installed, is likely to kill
152 all running sshd instances. If you are doing this upgrade via an ssh
153 session, that would be a Bad Thing(tm).
154 .
155 You can fix this by adding "--pidfile /var/run/sshd.pid" to the
156 start-stop-daemon line in the stop section of the file.
157Description-pl: Czy chcesz kontynuowaæ (i ryzykowaæ zabicie aktywnych sesji ssh) ?
158 Zainstalowana w³a¶nie wersja /etc/init.d/ssh mo¿e zabiæ wszystkie dzia³aj±ce
159 obecnie kopie sshd. Je¶li robisz ten upgrade via ssh, to by³aby Z³a Rzecz(tm).
160 .
161 Mo¿esz to naprawiæ dodaj±c "--pidfile /var/run/sshd.pid" do linijki
162 start-stop-daemon w sekcji stop tego pliku.
163
164Template: ssh/forward_warning
165Type: note
166Description: NOTE: Forwarding of X11 and Authorization disabled by default.
167 For security reasons, the Debian version of ssh has ForwardX11 and
168 ForwardAgent set to ``off'' by default.
169 .
170 You can enable it for servers you trust, either
171 in one of the configuration files, or with the -X command line option.
172 .
173 More details can be found in /usr/share/doc/ssh/README.Debian
174Description-pl: UWAGA: Przekazywanie (forwarding) X11 i Autoryzacji jest domy¶lnie wy³±czone.
175 Ze wzglêdów bezpieczeñstwa Debianowa wersja ssh ma ForwardX11 i ForwardAgent
176 ustawione domy¶lnie na 'off'.
177 .
178 Dla zaufanych serwerów mo¿esz w³±czyæ te opcje w pliku konfiguracyjnym lub
179 przy pomocy opcji -X z linii komend.
180 .
181 Wiêcej szczegó³ów znajdziesz w /usr/share/doc/ssh/README.Debian.
182
183Template: ssh/insecure_rshd
184Type: note
185Description: Warning: rsh-server is installed --- probably not a good idea
186 having rsh-server installed undermines the security that you were probably
187 wanting to obtain by installing ssh. I'd advise you to remove that package.
188Description-pl: Uwaga: serwer rsh jest zainstalowany --- prawdopodobnie nienajlepszy pomys³
189 Posiadanie zainstalowanego serwera rsh podminowuje zabezpieczenia, które
190 prawdopodobnie starasz siê uzyskaæ instaluj±c ssh. Radzi³bym usun±æ ten
191 pakiet.
192
193Template: ssh/insecure_telnetd
194Type: note
195Description: Warning: telnetd is installed --- probably not a good idea
196 I'd advise you to either remove the telnetd package (if you don't actually
197 need to offer telnet access) or install telnetd-ssl so that there is at
198 least some chance that telnet sessions will not be sending unencrypted
199 login/password and session information over the network.
200Description-pl: Uwaga: telnetd jest zainstalowany --- prawdopodobnie nienajlepszy pomys³
201 Radzi³bym albo usun±æ pakiet telnetd (je¶li nie potrzebujesz koniecznie
202 udostêpniaæ telnet'a) albo zainstalowaæ telnetd-ssl aby by³a choæ szansza,
203 ¿e sesje telnet nie bêd± przesy³aæ niezaszyfrowanego loginu/has³a oraz
204 danych sesji przez sieæ.
205
206Template: ssh/encrypted_host_key_but_no_keygen
207Type: note
208Description: Warning: you must create a new host key
209 There is an old /etc/ssh/ssh_host_key, which is IDEA encrypted.
210 OpenSSH can not handle this host key file, and I can't find the
211 ssh-keygen utility from the old (non-free) SSH installation.
212 .
213 You will need to generate a new host key.
214Description-pl: Uwaga: musisz utworzyæ nowy klucz hosta
215 Istnieje stary /etc/ssh/ssh_host_key, który jest zaszyfrowany przez
216 IDEA. OpenSSH nie umie korzystaæ z tak zaszyfrowanego klucza, a nie
217 mo¿e znale¼æ polecenia ssh-keygen ze starego SSH (non-free).
218 .
219 Bêdziesz musia³ wygenerowaæ nowy klucz hosta.
220
221Template: ssh/SUID_client
222Type: boolean
223Default: true
224Description: Do you want /usr/lib/ssh-keysign to be installed SUID root?
225 You have the option of installing the ssh-keysign helper with the SUID
226 bit set.
227 .
228 If you make ssh-keysign SUID, you will be able to use SSH's Protocol 2
229 host-based authentication.
230 .
231 If in doubt, I suggest you install it with SUID. If it causes
232 problems you can change your mind later by running: dpkg-reconfigure ssh
233Description-pl: Czy chcesz aby /usr/lib/ssh-keysign by³ zainstalowany jako SUID root?
234 Masz mo¿liwo¶æ zainstalowania pomocniczego programu ssh-keysign z w³±czonym
235 bitem SETUID.
236 .
237 Je¶li uczynisz ssh-keysign SUIDowym, bêdziesz móg³ u¿ywaæ opartej na hostach
238 autentykacji drugiej wersji protoko³u SSH.
239 .
240 Je¶li masz w±tpliwo¶ci, radzê zainstalowaæ go z SUIDem. Je¶li to sprawia
241 problemy, mo¿esz zmieniæ swoje zdanie uruchamiaj±c pó¼niej polecenie:
242 dpkg-reconfigure ssh
243
244Template: ssh/run_sshd
245Type: boolean
246Default: true
247Description: Do you want to run the sshd server ?
248 This package contains both the ssh client, and the sshd server.
249 .
250 Normally the sshd Secure Shell Server will be run to allow remote
251 logins via ssh.
252 .
253 If you are only interested in using the ssh client for outbound
254 connections on this machine, and don't want to log into it at all
255 using ssh, then you can disable sshd here.
256Description-pl: Czy chcesz uruchamiaæ serwer sshd ?
257 Ten pakiet zawiera zarówno klienta ssh, jak i serwer sshd.
258 .
259 Normalnie serwer sshd (Secure Shell Server) bêdzie uruchomiony aby
260 umo¿liwiæ zdalny dostêp przez ssh.
261 .
262 Je¶li jeste¶ zainteresowny u¿ywaniem wy³±cznie klienta ssh dla po³±czeñ
263 wychodz±cych z tej maszyny, i nie chcesz siê na ni± logowaæ przy pomocy
264 ssh, to mo¿esz teraz wy³±czyæ serwer sshd.
diff --git a/defines.h b/defines.h
index b87dbc51e..ab19a077c 100644
--- a/defines.h
+++ b/defines.h
@@ -1,7 +1,7 @@
1#ifndef _DEFINES_H 1#ifndef _DEFINES_H
2#define _DEFINES_H 2#define _DEFINES_H
3 3
4/* $Id: defines.h,v 1.92 2002/06/24 16:26:49 stevesk Exp $ */ 4/* $Id: defines.h,v 1.96 2002/09/26 00:38:48 tim Exp $ */
5 5
6 6
7/* Constants */ 7/* Constants */
@@ -102,7 +102,7 @@ SCO Open Server 3 has INADDR_LOOPBACK defined in rpc/rpc.h but
102including rpc/rpc.h breaks Solaris 6 102including rpc/rpc.h breaks Solaris 6
103*/ 103*/
104#ifndef INADDR_LOOPBACK 104#ifndef INADDR_LOOPBACK
105#define INADDR_LOOPBACK ((ulong)0x7f000001) 105#define INADDR_LOOPBACK ((u_long)0x7f000001)
106#endif 106#endif
107 107
108/* Types */ 108/* Types */
@@ -124,7 +124,7 @@ typedef char int8_t;
124# if (SIZEOF_SHORT_INT == 2) 124# if (SIZEOF_SHORT_INT == 2)
125typedef short int int16_t; 125typedef short int int16_t;
126# else 126# else
127# ifdef _CRAY 127# ifdef _UNICOS
128# if (SIZEOF_SHORT_INT == 4) 128# if (SIZEOF_SHORT_INT == 4)
129typedef short int16_t; 129typedef short int16_t;
130# else 130# else
@@ -132,16 +132,16 @@ typedef long int16_t;
132# endif 132# endif
133# else 133# else
134# error "16 bit int type not found." 134# error "16 bit int type not found."
135# endif /* _CRAY */ 135# endif /* _UNICOS */
136# endif 136# endif
137# if (SIZEOF_INT == 4) 137# if (SIZEOF_INT == 4)
138typedef int int32_t; 138typedef int int32_t;
139# else 139# else
140# ifdef _CRAY 140# ifdef _UNICOS
141typedef long int32_t; 141typedef long int32_t;
142# else 142# else
143# error "32 bit int type not found." 143# error "32 bit int type not found."
144# endif /* _CRAY */ 144# endif /* _UNICOS */
145# endif 145# endif
146#endif 146#endif
147 147
@@ -161,7 +161,7 @@ typedef unsigned char u_int8_t;
161# if (SIZEOF_SHORT_INT == 2) 161# if (SIZEOF_SHORT_INT == 2)
162typedef unsigned short int u_int16_t; 162typedef unsigned short int u_int16_t;
163# else 163# else
164# ifdef _CRAY 164# ifdef _UNICOS
165# if (SIZEOF_SHORT_INT == 4) 165# if (SIZEOF_SHORT_INT == 4)
166typedef unsigned short u_int16_t; 166typedef unsigned short u_int16_t;
167# else 167# else
@@ -174,7 +174,7 @@ typedef unsigned long u_int16_t;
174# if (SIZEOF_INT == 4) 174# if (SIZEOF_INT == 4)
175typedef unsigned int u_int32_t; 175typedef unsigned int u_int32_t;
176# else 176# else
177# ifdef _CRAY 177# ifdef _UNICOS
178typedef unsigned long u_int32_t; 178typedef unsigned long u_int32_t;
179# else 179# else
180# error "32 bit int type not found." 180# error "32 bit int type not found."
@@ -216,6 +216,10 @@ typedef unsigned char u_char;
216# define HAVE_U_CHAR 216# define HAVE_U_CHAR
217#endif /* HAVE_U_CHAR */ 217#endif /* HAVE_U_CHAR */
218 218
219#ifndef SIZE_T_MAX
220#define SIZE_T_MAX ULONG_MAX
221#endif /* SIZE_T_MAX */
222
219#ifndef HAVE_SIZE_T 223#ifndef HAVE_SIZE_T
220typedef unsigned int size_t; 224typedef unsigned int size_t;
221# define HAVE_SIZE_T 225# define HAVE_SIZE_T
diff --git a/dh.c b/dh.c
index 33187e028..6ec37867a 100644
--- a/dh.c
+++ b/dh.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: dh.c,v 1.21 2002/03/06 00:23:27 markus Exp $"); 26RCSID("$OpenBSD: dh.c,v 1.22 2002/06/27 08:49:44 markus Exp $");
27 27
28#include "xmalloc.h" 28#include "xmalloc.h"
29 29
@@ -50,7 +50,7 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
50 /* Ignore leading whitespace */ 50 /* Ignore leading whitespace */
51 if (*arg == '\0') 51 if (*arg == '\0')
52 arg = strdelim(&cp); 52 arg = strdelim(&cp);
53 if (!*arg || *arg == '#') 53 if (!arg || !*arg || *arg == '#')
54 return 0; 54 return 0;
55 55
56 /* time */ 56 /* time */
diff --git a/hostfile.c b/hostfile.c
index cefff8d62..dcee03448 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -36,7 +36,7 @@
36 */ 36 */
37 37
38#include "includes.h" 38#include "includes.h"
39RCSID("$OpenBSD: hostfile.c,v 1.29 2001/12/18 10:04:21 jakob Exp $"); 39RCSID("$OpenBSD: hostfile.c,v 1.30 2002/07/24 16:11:18 markus Exp $");
40 40
41#include "packet.h" 41#include "packet.h"
42#include "match.h" 42#include "match.h"
@@ -91,11 +91,14 @@ hostfile_check_key(int bits, Key *key, const char *host, const char *filename, i
91 * in the list of our known hosts. Returns HOST_OK if the host is known and 91 * in the list of our known hosts. Returns HOST_OK if the host is known and
92 * has the specified key, HOST_NEW if the host is not known, and HOST_CHANGED 92 * has the specified key, HOST_NEW if the host is not known, and HOST_CHANGED
93 * if the host is known but used to have a different host key. 93 * if the host is known but used to have a different host key.
94 *
95 * If no 'key' has been specified and a key of type 'keytype' is known
96 * for the specified host, then HOST_FOUND is returned.
94 */ 97 */
95 98
96HostStatus 99static HostStatus
97check_host_in_hostfile(const char *filename, const char *host, Key *key, 100check_host_in_hostfile_by_key_or_type(const char *filename,
98 Key *found, int *numret) 101 const char *host, Key *key, int keytype, Key *found, int *numret)
99{ 102{
100 FILE *f; 103 FILE *f;
101 char line[8192]; 104 char line[8192];
@@ -105,8 +108,7 @@ check_host_in_hostfile(const char *filename, const char *host, Key *key,
105 HostStatus end_return; 108 HostStatus end_return;
106 109
107 debug3("check_host_in_hostfile: filename %s", filename); 110 debug3("check_host_in_hostfile: filename %s", filename);
108 if (key == NULL) 111
109 fatal("no key to look up");
110 /* Open the file containing the list of known hosts. */ 112 /* Open the file containing the list of known hosts. */
111 f = fopen(filename, "r"); 113 f = fopen(filename, "r");
112 if (!f) 114 if (!f)
@@ -147,12 +149,20 @@ check_host_in_hostfile(const char *filename, const char *host, Key *key,
147 */ 149 */
148 if (!hostfile_read_key(&cp, &kbits, found)) 150 if (!hostfile_read_key(&cp, &kbits, found))
149 continue; 151 continue;
150 if (!hostfile_check_key(kbits, found, host, filename, linenum))
151 continue;
152 152
153 if (numret != NULL) 153 if (numret != NULL)
154 *numret = linenum; 154 *numret = linenum;
155 155
156 if (key == NULL) {
157 /* we found a key of the requested type */
158 if (found->type == keytype)
159 return HOST_FOUND;
160 continue;
161 }
162
163 if (!hostfile_check_key(kbits, found, host, filename, linenum))
164 continue;
165
156 /* Check if the current key is the same as the given key. */ 166 /* Check if the current key is the same as the given key. */
157 if (key_equal(key, found)) { 167 if (key_equal(key, found)) {
158 /* Ok, they match. */ 168 /* Ok, they match. */
@@ -177,6 +187,24 @@ check_host_in_hostfile(const char *filename, const char *host, Key *key,
177 return end_return; 187 return end_return;
178} 188}
179 189
190HostStatus
191check_host_in_hostfile(const char *filename, const char *host, Key *key,
192 Key *found, int *numret)
193{
194 if (key == NULL)
195 fatal("no key to look up");
196 return (check_host_in_hostfile_by_key_or_type(filename, host, key, 0,
197 found, numret));
198}
199
200int
201lookup_key_in_hostfile_by_type(const char *filename, const char *host,
202 int keytype, Key *found, int *numret)
203{
204 return (check_host_in_hostfile_by_key_or_type(filename, host, NULL,
205 keytype, found, numret) == HOST_FOUND);
206}
207
180/* 208/*
181 * Appends an entry to the host file. Returns false if the entry could not 209 * Appends an entry to the host file. Returns false if the entry could not
182 * be appended. 210 * be appended.
diff --git a/hostfile.h b/hostfile.h
index 0244fdb53..1df7a22f2 100644
--- a/hostfile.h
+++ b/hostfile.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: hostfile.h,v 1.10 2001/12/18 10:04:21 jakob Exp $ */ 1/* $OpenBSD: hostfile.h,v 1.12 2002/09/08 20:24:08 markus Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -15,12 +15,14 @@
15#define HOSTFILE_H 15#define HOSTFILE_H
16 16
17typedef enum { 17typedef enum {
18 HOST_OK, HOST_NEW, HOST_CHANGED 18 HOST_OK, HOST_NEW, HOST_CHANGED, HOST_FOUND
19} HostStatus; 19} HostStatus;
20 20
21int hostfile_read_key(char **, u_int *, Key *); 21int hostfile_read_key(char **, u_int *, Key *);
22HostStatus 22HostStatus
23check_host_in_hostfile(const char *, const char *, Key *, Key *, int *); 23check_host_in_hostfile(const char *, const char *, Key *, Key *, int *);
24int add_host_to_hostfile(const char *, const char *, Key *); 24int add_host_to_hostfile(const char *, const char *, Key *);
25int
26lookup_key_in_hostfile_by_type(const char *, const char *, int , Key *, int *);
25 27
26#endif 28#endif
diff --git a/includes.h b/includes.h
index e20d7a519..d7b875c52 100644
--- a/includes.h
+++ b/includes.h
@@ -115,6 +115,9 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
115#ifdef HAVE_SYS_UN_H 115#ifdef HAVE_SYS_UN_H
116# include <sys/un.h> /* For sockaddr_un */ 116# include <sys/un.h> /* For sockaddr_un */
117#endif 117#endif
118#ifdef HAVE_STDINT_H
119# include <stdint.h>
120#endif
118#ifdef HAVE_SYS_BITYPES_H 121#ifdef HAVE_SYS_BITYPES_H
119# include <sys/bitypes.h> /* For u_intXX_t */ 122# include <sys/bitypes.h> /* For u_intXX_t */
120#endif 123#endif
@@ -146,6 +149,14 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
146# include <readpassphrase.h> 149# include <readpassphrase.h>
147#endif 150#endif
148 151
152#ifdef HAVE_IA_H
153# include <ia.h>
154#endif
155
156#ifdef HAVE_TMPDIR_H
157# include <tmpdir.h>
158#endif
159
149#include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER */ 160#include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER */
150 161
151#include "defines.h" 162#include "defines.h"
diff --git a/kex.h b/kex.h
index 12edcdc63..93a529e12 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.h,v 1.31 2002/05/16 22:02:50 markus Exp $ */ 1/* $OpenBSD: kex.h,v 1.32 2002/09/09 14:54:14 markus Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -96,7 +96,7 @@ struct Newkeys {
96}; 96};
97struct Kex { 97struct Kex {
98 u_char *session_id; 98 u_char *session_id;
99 int session_id_len; 99 u_int session_id_len;
100 Newkeys *newkeys[MODE_MAX]; 100 Newkeys *newkeys[MODE_MAX];
101 int we_need; 101 int we_need;
102 int server; 102 int server;
diff --git a/key.c b/key.c
index fb1f8410a..9806a729a 100644
--- a/key.c
+++ b/key.c
@@ -32,7 +32,7 @@
32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 */ 33 */
34#include "includes.h" 34#include "includes.h"
35RCSID("$OpenBSD: key.c,v 1.45 2002/06/23 03:26:19 deraadt Exp $"); 35RCSID("$OpenBSD: key.c,v 1.49 2002/09/09 14:54:14 markus Exp $");
36 36
37#include <openssl/evp.h> 37#include <openssl/evp.h>
38 38
@@ -171,7 +171,7 @@ key_equal(Key *a, Key *b)
171 return 0; 171 return 0;
172} 172}
173 173
174static u_char* 174static u_char *
175key_fingerprint_raw(Key *k, enum fp_type dgst_type, u_int *dgst_raw_length) 175key_fingerprint_raw(Key *k, enum fp_type dgst_type, u_int *dgst_raw_length)
176{ 176{
177 const EVP_MD *md = NULL; 177 const EVP_MD *md = NULL;
@@ -227,8 +227,8 @@ key_fingerprint_raw(Key *k, enum fp_type dgst_type, u_int *dgst_raw_length)
227 return retval; 227 return retval;
228} 228}
229 229
230static char* 230static char *
231key_fingerprint_hex(u_char* dgst_raw, u_int dgst_raw_len) 231key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len)
232{ 232{
233 char *retval; 233 char *retval;
234 int i; 234 int i;
@@ -244,8 +244,8 @@ key_fingerprint_hex(u_char* dgst_raw, u_int dgst_raw_len)
244 return retval; 244 return retval;
245} 245}
246 246
247static char* 247static char *
248key_fingerprint_bubblebabble(u_char* dgst_raw, u_int dgst_raw_len) 248key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len)
249{ 249{
250 char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' }; 250 char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' };
251 char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm', 251 char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm',
@@ -291,7 +291,7 @@ key_fingerprint_bubblebabble(u_char* dgst_raw, u_int dgst_raw_len)
291 return retval; 291 return retval;
292} 292}
293 293
294char* 294char *
295key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) 295key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
296{ 296{
297 char *retval = NULL; 297 char *retval = NULL;
@@ -494,7 +494,8 @@ key_write(Key *key, FILE *f)
494{ 494{
495 int n, success = 0; 495 int n, success = 0;
496 u_int len, bits = 0; 496 u_int len, bits = 0;
497 u_char *blob, *uu; 497 u_char *blob;
498 char *uu;
498 499
499 if (key->type == KEY_RSA1 && key->rsa != NULL) { 500 if (key->type == KEY_RSA1 && key->rsa != NULL) {
500 /* size of modulus 'n' */ 501 /* size of modulus 'n' */
@@ -729,7 +730,6 @@ key_to_blob(Key *key, u_char **blobp, u_int *lenp)
729{ 730{
730 Buffer b; 731 Buffer b;
731 int len; 732 int len;
732 u_char *buf;
733 733
734 if (key == NULL) { 734 if (key == NULL) {
735 error("key_to_blob: key == NULL"); 735 error("key_to_blob: key == NULL");
@@ -755,14 +755,14 @@ key_to_blob(Key *key, u_char **blobp, u_int *lenp)
755 return 0; 755 return 0;
756 } 756 }
757 len = buffer_len(&b); 757 len = buffer_len(&b);
758 buf = xmalloc(len);
759 memcpy(buf, buffer_ptr(&b), len);
760 memset(buffer_ptr(&b), 0, len);
761 buffer_free(&b);
762 if (lenp != NULL) 758 if (lenp != NULL)
763 *lenp = len; 759 *lenp = len;
764 if (blobp != NULL) 760 if (blobp != NULL) {
765 *blobp = buf; 761 *blobp = xmalloc(len);
762 memcpy(*blobp, buffer_ptr(&b), len);
763 }
764 memset(buffer_ptr(&b), 0, len);
765 buffer_free(&b);
766 return len; 766 return len;
767} 767}
768 768
diff --git a/log.c b/log.c
index be0868fde..12ac11df7 100644
--- a/log.c
+++ b/log.c
@@ -34,7 +34,7 @@
34 */ 34 */
35 35
36#include "includes.h" 36#include "includes.h"
37RCSID("$OpenBSD: log.c,v 1.22 2002/02/22 12:20:34 markus Exp $"); 37RCSID("$OpenBSD: log.c,v 1.24 2002/07/19 15:43:33 markus Exp $");
38 38
39#include "log.h" 39#include "log.h"
40#include "xmalloc.h" 40#include "xmalloc.h"
@@ -93,6 +93,7 @@ SyslogFacility
93log_facility_number(char *name) 93log_facility_number(char *name)
94{ 94{
95 int i; 95 int i;
96
96 if (name != NULL) 97 if (name != NULL)
97 for (i = 0; log_facilities[i].name; i++) 98 for (i = 0; log_facilities[i].name; i++)
98 if (strcasecmp(log_facilities[i].name, name) == 0) 99 if (strcasecmp(log_facilities[i].name, name) == 0)
@@ -104,6 +105,7 @@ LogLevel
104log_level_number(char *name) 105log_level_number(char *name)
105{ 106{
106 int i; 107 int i;
108
107 if (name != NULL) 109 if (name != NULL)
108 for (i = 0; log_levels[i].name; i++) 110 for (i = 0; log_levels[i].name; i++)
109 if (strcasecmp(log_levels[i].name, name) == 0) 111 if (strcasecmp(log_levels[i].name, name) == 0)
@@ -117,6 +119,7 @@ void
117error(const char *fmt,...) 119error(const char *fmt,...)
118{ 120{
119 va_list args; 121 va_list args;
122
120 va_start(args, fmt); 123 va_start(args, fmt);
121 do_log(SYSLOG_LEVEL_ERROR, fmt, args); 124 do_log(SYSLOG_LEVEL_ERROR, fmt, args);
122 va_end(args); 125 va_end(args);
@@ -128,6 +131,7 @@ void
128log(const char *fmt,...) 131log(const char *fmt,...)
129{ 132{
130 va_list args; 133 va_list args;
134
131 va_start(args, fmt); 135 va_start(args, fmt);
132 do_log(SYSLOG_LEVEL_INFO, fmt, args); 136 do_log(SYSLOG_LEVEL_INFO, fmt, args);
133 va_end(args); 137 va_end(args);
@@ -139,6 +143,7 @@ void
139verbose(const char *fmt,...) 143verbose(const char *fmt,...)
140{ 144{
141 va_list args; 145 va_list args;
146
142 va_start(args, fmt); 147 va_start(args, fmt);
143 do_log(SYSLOG_LEVEL_VERBOSE, fmt, args); 148 do_log(SYSLOG_LEVEL_VERBOSE, fmt, args);
144 va_end(args); 149 va_end(args);
@@ -150,6 +155,7 @@ void
150debug(const char *fmt,...) 155debug(const char *fmt,...)
151{ 156{
152 va_list args; 157 va_list args;
158
153 va_start(args, fmt); 159 va_start(args, fmt);
154 do_log(SYSLOG_LEVEL_DEBUG1, fmt, args); 160 do_log(SYSLOG_LEVEL_DEBUG1, fmt, args);
155 va_end(args); 161 va_end(args);
@@ -159,6 +165,7 @@ void
159debug2(const char *fmt,...) 165debug2(const char *fmt,...)
160{ 166{
161 va_list args; 167 va_list args;
168
162 va_start(args, fmt); 169 va_start(args, fmt);
163 do_log(SYSLOG_LEVEL_DEBUG2, fmt, args); 170 do_log(SYSLOG_LEVEL_DEBUG2, fmt, args);
164 va_end(args); 171 va_end(args);
@@ -168,6 +175,7 @@ void
168debug3(const char *fmt,...) 175debug3(const char *fmt,...)
169{ 176{
170 va_list args; 177 va_list args;
178
171 va_start(args, fmt); 179 va_start(args, fmt);
172 do_log(SYSLOG_LEVEL_DEBUG3, fmt, args); 180 do_log(SYSLOG_LEVEL_DEBUG3, fmt, args);
173 va_end(args); 181 va_end(args);
@@ -216,6 +224,18 @@ fatal_remove_cleanup(void (*proc) (void *context), void *context)
216 (u_long) proc, (u_long) context); 224 (u_long) proc, (u_long) context);
217} 225}
218 226
227/* Remove all cleanups, to be called after fork() */
228void
229fatal_remove_all_cleanups(void)
230{
231 struct fatal_cleanup *cu, *next_cu;
232
233 for (cu = fatal_cleanups; cu; cu = next_cu) {
234 next_cu = cu->next;
235 xfree(cu);
236 }
237}
238
219/* Cleanup and exit */ 239/* Cleanup and exit */
220void 240void
221fatal_cleanup(void) 241fatal_cleanup(void)
diff --git a/log.h b/log.h
index 0aa7932b4..9819eceaa 100644
--- a/log.h
+++ b/log.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: log.h,v 1.7 2002/05/19 20:54:52 deraadt Exp $ */ 1/* $OpenBSD: log.h,v 1.8 2002/07/19 15:43:33 markus Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -65,6 +65,7 @@ void debug3(const char *, ...) __attribute__((format(printf, 1, 2)));
65void fatal_cleanup(void); 65void fatal_cleanup(void);
66void fatal_add_cleanup(void (*) (void *), void *); 66void fatal_add_cleanup(void (*) (void *), void *);
67void fatal_remove_cleanup(void (*) (void *), void *); 67void fatal_remove_cleanup(void (*) (void *), void *);
68void fatal_remove_all_cleanups(void);
68 69
69void do_log(LogLevel, const char *, va_list); 70void do_log(LogLevel, const char *, va_list);
70 71
diff --git a/loginrec.c b/loginrec.c
index 609e84768..02c3106a3 100644
--- a/loginrec.c
+++ b/loginrec.c
@@ -163,7 +163,7 @@
163#include "log.h" 163#include "log.h"
164#include "atomicio.h" 164#include "atomicio.h"
165 165
166RCSID("$Id: loginrec.c,v 1.40 2002/04/23 13:09:19 djm Exp $"); 166RCSID("$Id: loginrec.c,v 1.44 2002/09/26 00:38:49 tim Exp $");
167 167
168#ifdef HAVE_UTIL_H 168#ifdef HAVE_UTIL_H
169# include <util.h> 169# include <util.h>
@@ -622,13 +622,13 @@ construct_utmp(struct logininfo *li,
622 switch (li->type) { 622 switch (li->type) {
623 case LTYPE_LOGIN: 623 case LTYPE_LOGIN:
624 ut->ut_type = USER_PROCESS; 624 ut->ut_type = USER_PROCESS;
625#ifdef _CRAY 625#ifdef _UNICOS
626 cray_set_tmpdir(ut); 626 cray_set_tmpdir(ut);
627#endif 627#endif
628 break; 628 break;
629 case LTYPE_LOGOUT: 629 case LTYPE_LOGOUT:
630 ut->ut_type = DEAD_PROCESS; 630 ut->ut_type = DEAD_PROCESS;
631#ifdef _CRAY 631#ifdef _UNICOS
632 cray_retain_utmp(ut, li->pid); 632 cray_retain_utmp(ut, li->pid);
633#endif 633#endif
634 break; 634 break;
@@ -1249,7 +1249,7 @@ wtmpx_get_entry(struct logininfo *li)
1249 } 1249 }
1250 if (fstat(fd, &st) != 0) { 1250 if (fstat(fd, &st) != 0) {
1251 log("wtmpx_get_entry: couldn't stat %s: %s", 1251 log("wtmpx_get_entry: couldn't stat %s: %s",
1252 WTMP_FILE, strerror(errno)); 1252 WTMPX_FILE, strerror(errno));
1253 close(fd); 1253 close(fd);
1254 return 0; 1254 return 0;
1255 } 1255 }
@@ -1271,6 +1271,7 @@ wtmpx_get_entry(struct logininfo *li)
1271 /* Logouts are recorded as a blank username on a particular line. 1271 /* Logouts are recorded as a blank username on a particular line.
1272 * So, we just need to find the username in struct utmpx */ 1272 * So, we just need to find the username in struct utmpx */
1273 if ( wtmpx_islogin(li, &utx) ) { 1273 if ( wtmpx_islogin(li, &utx) ) {
1274 found = 1;
1274# ifdef HAVE_TV_IN_UTMPX 1275# ifdef HAVE_TV_IN_UTMPX
1275 li->tv_sec = utx.ut_tv.tv_sec; 1276 li->tv_sec = utx.ut_tv.tv_sec;
1276# else 1277# else
diff --git a/monitor.c b/monitor.c
index 89b712f2d..4ad3f3d21 100644
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
25 */ 25 */
26 26
27#include "includes.h" 27#include "includes.h"
28RCSID("$OpenBSD: monitor.c,v 1.18 2002/06/26 13:20:57 deraadt Exp $"); 28RCSID("$OpenBSD: monitor.c,v 1.29 2002/09/26 11:38:43 markus Exp $");
29 29
30#include <openssl/dh.h> 30#include <openssl/dh.h>
31 31
@@ -120,6 +120,13 @@ int mm_answer_sessid(int, Buffer *);
120int mm_answer_pam_start(int, Buffer *); 120int mm_answer_pam_start(int, Buffer *);
121#endif 121#endif
122 122
123#ifdef KRB4
124int mm_answer_krb4(int, Buffer *);
125#endif
126#ifdef KRB5
127int mm_answer_krb5(int, Buffer *);
128#endif
129
123static Authctxt *authctxt; 130static Authctxt *authctxt;
124static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ 131static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */
125 132
@@ -127,8 +134,8 @@ static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */
127static u_char *key_blob = NULL; 134static u_char *key_blob = NULL;
128static u_int key_bloblen = 0; 135static u_int key_bloblen = 0;
129static int key_blobtype = MM_NOKEY; 136static int key_blobtype = MM_NOKEY;
130static u_char *hostbased_cuser = NULL; 137static char *hostbased_cuser = NULL;
131static u_char *hostbased_chost = NULL; 138static char *hostbased_chost = NULL;
132static char *auth_method = "unknown"; 139static char *auth_method = "unknown";
133static int session_id2_len = 0; 140static int session_id2_len = 0;
134static u_char *session_id2 = NULL; 141static u_char *session_id2 = NULL;
@@ -199,6 +206,12 @@ struct mon_table mon_dispatch_proto15[] = {
199#ifdef USE_PAM 206#ifdef USE_PAM
200 {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, 207 {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},
201#endif 208#endif
209#ifdef KRB4
210 {MONITOR_REQ_KRB4, MON_ONCE|MON_AUTH, mm_answer_krb4},
211#endif
212#ifdef KRB5
213 {MONITOR_REQ_KRB5, MON_ONCE|MON_AUTH, mm_answer_krb5},
214#endif
202 {0, 0, NULL} 215 {0, 0, NULL}
203}; 216};
204 217
@@ -455,7 +468,7 @@ mm_answer_sign(int socket, Buffer *m)
455 p = buffer_get_string(m, &datlen); 468 p = buffer_get_string(m, &datlen);
456 469
457 if (datlen != 20) 470 if (datlen != 20)
458 fatal("%s: data length incorrect: %d", __func__, datlen); 471 fatal("%s: data length incorrect: %u", __func__, datlen);
459 472
460 /* save session id, it will be passed on the first call */ 473 /* save session id, it will be passed on the first call */
461 if (session_id2_len == 0) { 474 if (session_id2_len == 0) {
@@ -469,7 +482,7 @@ mm_answer_sign(int socket, Buffer *m)
469 if (key_sign(key, &signature, &siglen, p, datlen) < 0) 482 if (key_sign(key, &signature, &siglen, p, datlen) < 0)
470 fatal("%s: key_sign failed", __func__); 483 fatal("%s: key_sign failed", __func__);
471 484
472 debug3("%s: signature %p(%d)", __func__, signature, siglen); 485 debug3("%s: signature %p(%u)", __func__, signature, siglen);
473 486
474 buffer_clear(m); 487 buffer_clear(m);
475 buffer_put_string(m, signature, siglen); 488 buffer_put_string(m, signature, siglen);
@@ -559,7 +572,7 @@ int mm_answer_auth2_read_banner(int socket, Buffer *m)
559 mm_request_send(socket, MONITOR_ANS_AUTH2_READ_BANNER, m); 572 mm_request_send(socket, MONITOR_ANS_AUTH2_READ_BANNER, m);
560 573
561 if (banner != NULL) 574 if (banner != NULL)
562 free(banner); 575 xfree(banner);
563 576
564 return (0); 577 return (0);
565} 578}
@@ -587,7 +600,8 @@ mm_answer_authpassword(int socket, Buffer *m)
587{ 600{
588 static int call_count; 601 static int call_count;
589 char *passwd; 602 char *passwd;
590 int authenticated, plen; 603 int authenticated;
604 u_int plen;
591 605
592 passwd = buffer_get_string(m, &plen); 606 passwd = buffer_get_string(m, &plen);
593 /* Only authenticate if the context is valid */ 607 /* Only authenticate if the context is valid */
@@ -750,7 +764,8 @@ int
750mm_answer_keyallowed(int socket, Buffer *m) 764mm_answer_keyallowed(int socket, Buffer *m)
751{ 765{
752 Key *key; 766 Key *key;
753 u_char *cuser, *chost, *blob; 767 char *cuser, *chost;
768 u_char *blob;
754 u_int bloblen; 769 u_int bloblen;
755 enum mm_keytype type = 0; 770 enum mm_keytype type = 0;
756 int allowed = 0; 771 int allowed = 0;
@@ -826,7 +841,7 @@ static int
826monitor_valid_userblob(u_char *data, u_int datalen) 841monitor_valid_userblob(u_char *data, u_int datalen)
827{ 842{
828 Buffer b; 843 Buffer b;
829 u_char *p; 844 char *p;
830 u_int len; 845 u_int len;
831 int fail = 0; 846 int fail = 0;
832 847
@@ -879,11 +894,11 @@ monitor_valid_userblob(u_char *data, u_int datalen)
879} 894}
880 895
881static int 896static int
882monitor_valid_hostbasedblob(u_char *data, u_int datalen, u_char *cuser, 897monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
883 u_char *chost) 898 char *chost)
884{ 899{
885 Buffer b; 900 Buffer b;
886 u_char *p; 901 char *p;
887 u_int len; 902 u_int len;
888 int fail = 0; 903 int fail = 0;
889 904
@@ -1001,8 +1016,8 @@ mm_record_login(Session *s, struct passwd *pw)
1001 * the address be 0.0.0.0. 1016 * the address be 0.0.0.0.
1002 */ 1017 */
1003 memset(&from, 0, sizeof(from)); 1018 memset(&from, 0, sizeof(from));
1019 fromlen = sizeof(from);
1004 if (packet_connection_is_on_socket()) { 1020 if (packet_connection_is_on_socket()) {
1005 fromlen = sizeof(from);
1006 if (getpeername(packet_get_connection_in(), 1021 if (getpeername(packet_get_connection_in(),
1007 (struct sockaddr *) & from, &fromlen) < 0) { 1022 (struct sockaddr *) & from, &fromlen) < 0) {
1008 debug("getpeername: %.100s", strerror(errno)); 1023 debug("getpeername: %.100s", strerror(errno));
@@ -1012,7 +1027,7 @@ mm_record_login(Session *s, struct passwd *pw)
1012 /* Record that there was a login on that tty from the remote host. */ 1027 /* Record that there was a login on that tty from the remote host. */
1013 record_login(s->pid, s->tty, pw->pw_name, pw->pw_uid, 1028 record_login(s->pid, s->tty, pw->pw_name, pw->pw_uid,
1014 get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping), 1029 get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping),
1015 (struct sockaddr *)&from); 1030 (struct sockaddr *)&from, fromlen);
1016} 1031}
1017 1032
1018static void 1033static void
@@ -1276,6 +1291,89 @@ mm_answer_rsa_response(int socket, Buffer *m)
1276 return (success); 1291 return (success);
1277} 1292}
1278 1293
1294#ifdef KRB4
1295int
1296mm_answer_krb4(int socket, Buffer *m)
1297{
1298 KTEXT_ST auth, reply;
1299 char *client, *p;
1300 int success;
1301 u_int alen;
1302
1303 reply.length = auth.length = 0;
1304
1305 p = buffer_get_string(m, &alen);
1306 if (alen >= MAX_KTXT_LEN)
1307 fatal("%s: auth too large", __func__);
1308 memcpy(auth.dat, p, alen);
1309 auth.length = alen;
1310 memset(p, 0, alen);
1311 xfree(p);
1312
1313 success = options.kerberos_authentication &&
1314 authctxt->valid &&
1315 auth_krb4(authctxt, &auth, &client, &reply);
1316
1317 memset(auth.dat, 0, alen);
1318 buffer_clear(m);
1319 buffer_put_int(m, success);
1320
1321 if (success) {
1322 buffer_put_cstring(m, client);
1323 buffer_put_string(m, reply.dat, reply.length);
1324 if (client)
1325 xfree(client);
1326 if (reply.length)
1327 memset(reply.dat, 0, reply.length);
1328 }
1329
1330 debug3("%s: sending result %d", __func__, success);
1331 mm_request_send(socket, MONITOR_ANS_KRB4, m);
1332
1333 auth_method = "kerberos";
1334
1335 /* Causes monitor loop to terminate if authenticated */
1336 return (success);
1337}
1338#endif
1339
1340#ifdef KRB5
1341int
1342mm_answer_krb5(int socket, Buffer *m)
1343{
1344 krb5_data tkt, reply;
1345 char *client_user;
1346 u_int len;
1347 int success;
1348
1349 /* use temporary var to avoid size issues on 64bit arch */
1350 tkt.data = buffer_get_string(m, &len);
1351 tkt.length = len;
1352
1353 success = options.kerberos_authentication &&
1354 authctxt->valid &&
1355 auth_krb5(authctxt, &tkt, &client_user, &reply);
1356
1357 if (tkt.length)
1358 xfree(tkt.data);
1359
1360 buffer_clear(m);
1361 buffer_put_int(m, success);
1362
1363 if (success) {
1364 buffer_put_cstring(m, client_user);
1365 buffer_put_string(m, reply.data, reply.length);
1366 if (client_user)
1367 xfree(client_user);
1368 if (reply.length)
1369 xfree(reply.data);
1370 }
1371 mm_request_send(socket, MONITOR_ANS_KRB5, m);
1372
1373 return success;
1374}
1375#endif
1376
1279int 1377int
1280mm_answer_term(int socket, Buffer *req) 1378mm_answer_term(int socket, Buffer *req)
1281{ 1379{
@@ -1453,10 +1551,10 @@ mm_get_keystate(struct monitor *pmonitor)
1453void * 1551void *
1454mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) 1552mm_zalloc(struct mm_master *mm, u_int ncount, u_int size)
1455{ 1553{
1456 int len = size * ncount; 1554 size_t len = size * ncount;
1457 void *address; 1555 void *address;
1458 1556
1459 if (len <= 0) 1557 if (len == 0 || ncount > SIZE_T_MAX / size)
1460 fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size); 1558 fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size);
1461 1559
1462 address = mm_malloc(mm, len); 1560 address = mm_malloc(mm, len);
diff --git a/monitor.h b/monitor.h
index 69114b532..668ac9897 100644
--- a/monitor.h
+++ b/monitor.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor.h,v 1.6 2002/06/11 05:46:20 mpech Exp $ */ 1/* $OpenBSD: monitor.h,v 1.8 2002/09/26 11:38:43 markus Exp $ */
2 2
3/* 3/*
4 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 4 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
@@ -49,6 +49,8 @@ enum monitor_reqtype {
49 MONITOR_REQ_RSAKEYALLOWED, MONITOR_ANS_RSAKEYALLOWED, 49 MONITOR_REQ_RSAKEYALLOWED, MONITOR_ANS_RSAKEYALLOWED,
50 MONITOR_REQ_RSACHALLENGE, MONITOR_ANS_RSACHALLENGE, 50 MONITOR_REQ_RSACHALLENGE, MONITOR_ANS_RSACHALLENGE,
51 MONITOR_REQ_RSARESPONSE, MONITOR_ANS_RSARESPONSE, 51 MONITOR_REQ_RSARESPONSE, MONITOR_ANS_RSARESPONSE,
52 MONITOR_REQ_KRB4, MONITOR_ANS_KRB4,
53 MONITOR_REQ_KRB5, MONITOR_ANS_KRB5,
52 MONITOR_REQ_PAM_START, 54 MONITOR_REQ_PAM_START,
53 MONITOR_REQ_TERM 55 MONITOR_REQ_TERM
54}; 56};
diff --git a/monitor_fdpass.c b/monitor_fdpass.c
index 0d7628fa2..641ce721e 100644
--- a/monitor_fdpass.c
+++ b/monitor_fdpass.c
@@ -24,7 +24,7 @@
24 */ 24 */
25 25
26#include "includes.h" 26#include "includes.h"
27RCSID("$OpenBSD: monitor_fdpass.c,v 1.3 2002/06/04 23:05:49 markus Exp $"); 27RCSID("$OpenBSD: monitor_fdpass.c,v 1.4 2002/06/26 14:50:04 deraadt Exp $");
28 28
29#include <sys/uio.h> 29#include <sys/uio.h>
30 30
@@ -38,7 +38,7 @@ mm_send_fd(int socket, int fd)
38 struct msghdr msg; 38 struct msghdr msg;
39 struct iovec vec; 39 struct iovec vec;
40 char ch = '\0'; 40 char ch = '\0';
41 int n; 41 ssize_t n;
42#ifndef HAVE_ACCRIGHTS_IN_MSGHDR 42#ifndef HAVE_ACCRIGHTS_IN_MSGHDR
43 char tmp[CMSG_SPACE(sizeof(int))]; 43 char tmp[CMSG_SPACE(sizeof(int))];
44 struct cmsghdr *cmsg; 44 struct cmsghdr *cmsg;
@@ -67,8 +67,8 @@ mm_send_fd(int socket, int fd)
67 fatal("%s: sendmsg(%d): %s", __func__, fd, 67 fatal("%s: sendmsg(%d): %s", __func__, fd,
68 strerror(errno)); 68 strerror(errno));
69 if (n != 1) 69 if (n != 1)
70 fatal("%s: sendmsg: expected sent 1 got %d", 70 fatal("%s: sendmsg: expected sent 1 got %ld",
71 __func__, n); 71 __func__, (long)n);
72#else 72#else
73 fatal("%s: UsePrivilegeSeparation=yes not supported", 73 fatal("%s: UsePrivilegeSeparation=yes not supported",
74 __func__); 74 __func__);
@@ -81,8 +81,9 @@ mm_receive_fd(int socket)
81#if defined(HAVE_RECVMSG) && (defined(HAVE_ACCRIGHTS_IN_MSGHDR) || defined(HAVE_CONTROL_IN_MSGHDR)) 81#if defined(HAVE_RECVMSG) && (defined(HAVE_ACCRIGHTS_IN_MSGHDR) || defined(HAVE_CONTROL_IN_MSGHDR))
82 struct msghdr msg; 82 struct msghdr msg;
83 struct iovec vec; 83 struct iovec vec;
84 ssize_t n;
84 char ch; 85 char ch;
85 int fd, n; 86 int fd;
86#ifndef HAVE_ACCRIGHTS_IN_MSGHDR 87#ifndef HAVE_ACCRIGHTS_IN_MSGHDR
87 char tmp[CMSG_SPACE(sizeof(int))]; 88 char tmp[CMSG_SPACE(sizeof(int))];
88 struct cmsghdr *cmsg; 89 struct cmsghdr *cmsg;
@@ -104,8 +105,8 @@ mm_receive_fd(int socket)
104 if ((n = recvmsg(socket, &msg, 0)) == -1) 105 if ((n = recvmsg(socket, &msg, 0)) == -1)
105 fatal("%s: recvmsg: %s", __func__, strerror(errno)); 106 fatal("%s: recvmsg: %s", __func__, strerror(errno));
106 if (n != 1) 107 if (n != 1)
107 fatal("%s: recvmsg: expected received 1 got %d", 108 fatal("%s: recvmsg: expected received 1 got %ld",
108 __func__, n); 109 __func__, (long)n);
109 110
110#ifdef HAVE_ACCRIGHTS_IN_MSGHDR 111#ifdef HAVE_ACCRIGHTS_IN_MSGHDR
111 if (msg.msg_accrightslen != sizeof(fd)) 112 if (msg.msg_accrightslen != sizeof(fd))
diff --git a/monitor_mm.c b/monitor_mm.c
index 55d1e8e52..b4a6e40c9 100644
--- a/monitor_mm.c
+++ b/monitor_mm.c
@@ -24,13 +24,13 @@
24 */ 24 */
25 25
26#include "includes.h" 26#include "includes.h"
27RCSID("$OpenBSD: monitor_mm.c,v 1.6 2002/06/04 23:05:49 markus Exp $"); 27RCSID("$OpenBSD: monitor_mm.c,v 1.8 2002/08/02 14:43:15 millert Exp $");
28 28
29#ifdef HAVE_SYS_MMAN_H 29#ifdef HAVE_SYS_MMAN_H
30#include <sys/mman.h> 30#include <sys/mman.h>
31#endif 31#endif
32#include <sys/shm.h>
33 32
33#include "openbsd-compat/xmmap.h"
34#include "ssh.h" 34#include "ssh.h"
35#include "xmalloc.h" 35#include "xmalloc.h"
36#include "log.h" 36#include "log.h"
@@ -39,7 +39,14 @@ RCSID("$OpenBSD: monitor_mm.c,v 1.6 2002/06/04 23:05:49 markus Exp $");
39static int 39static int
40mm_compare(struct mm_share *a, struct mm_share *b) 40mm_compare(struct mm_share *a, struct mm_share *b)
41{ 41{
42 return ((char *)a->address - (char *)b->address); 42 long diff = (char *)a->address - (char *)b->address;
43
44 if (diff == 0)
45 return (0);
46 else if (diff < 0)
47 return (-1);
48 else
49 return (1);
43} 50}
44 51
45RB_GENERATE(mmtree, mm_share, next, mm_compare) 52RB_GENERATE(mmtree, mm_share, next, mm_compare)
@@ -85,48 +92,9 @@ mm_create(struct mm_master *mmalloc, size_t size)
85 */ 92 */
86 mm->mmalloc = mmalloc; 93 mm->mmalloc = mmalloc;
87 94
88#ifdef HAVE_MMAP_ANON_SHARED 95 address = xmmap(size);
89 mm->shm_not_mmap = 0;
90
91 address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED,
92 -1, 0);
93
94 if (address == MAP_FAILED) {
95 int shmid;
96
97 shmid = shmget(IPC_PRIVATE, size, IPC_CREAT|S_IRUSR|S_IWUSR);
98 if (shmid != -1) {
99 address = shmat(shmid, NULL, 0);
100 shmctl(shmid, IPC_RMID, NULL);
101 if (address != MAP_FAILED)
102 mm->shm_not_mmap = 1;
103 }
104 }
105
106 if (address == MAP_FAILED) {
107 char tmpname[sizeof(MM_SWAP_TEMPLATE)] = MM_SWAP_TEMPLATE;
108 int tmpfd;
109 int save_errno;
110
111 tmpfd = mkstemp(tmpname);
112 if (tmpfd == -1)
113 fatal("mkstemp(\"%s\"): %s",
114 MM_SWAP_TEMPLATE, strerror(errno));
115 unlink(tmpname);
116 ftruncate(tmpfd, size);
117 address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_SHARED,
118 tmpfd, 0);
119 save_errno = errno;
120 close(tmpfd);
121 errno = save_errno;
122 }
123
124 if (address == MAP_FAILED) 96 if (address == MAP_FAILED)
125 fatal("mmap(%lu): %s", (u_long)size, strerror(errno)); 97 fatal("mmap(%lu): %s", (u_long)size, strerror(errno));
126#else
127 fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported",
128 __func__);
129#endif
130 98
131 mm->address = address; 99 mm->address = address;
132 mm->size = size; 100 mm->size = size;
@@ -164,11 +132,7 @@ mm_destroy(struct mm_master *mm)
164 mm_freelist(mm->mmalloc, &mm->rb_free); 132 mm_freelist(mm->mmalloc, &mm->rb_free);
165 mm_freelist(mm->mmalloc, &mm->rb_allocated); 133 mm_freelist(mm->mmalloc, &mm->rb_allocated);
166 134
167#ifdef HAVE_MMAP_ANON_SHARED 135#ifdef HAVE_MMAP
168 if (mm->shm_not_mmap) {
169 if (shmdt(mm->address) == -1)
170 fatal("shmdt(%p): %s", mm->address, strerror(errno));
171 } else
172 if (munmap(mm->address, mm->size) == -1) 136 if (munmap(mm->address, mm->size) == -1)
173 fatal("munmap(%p, %lu): %s", mm->address, (u_long)mm->size, 137 fatal("munmap(%p, %lu): %s", mm->address, (u_long)mm->size,
174 strerror(errno)); 138 strerror(errno));
@@ -203,8 +167,10 @@ mm_malloc(struct mm_master *mm, size_t size)
203 167
204 if (size == 0) 168 if (size == 0)
205 fatal("mm_malloc: try to allocate 0 space"); 169 fatal("mm_malloc: try to allocate 0 space");
170 if (size > SIZE_T_MAX - MM_MINSIZE + 1)
171 fatal("mm_malloc: size too big");
206 172
207 size = ((size + MM_MINSIZE - 1) / MM_MINSIZE) * MM_MINSIZE; 173 size = ((size + (MM_MINSIZE - 1)) / MM_MINSIZE) * MM_MINSIZE;
208 174
209 RB_FOREACH(mms, mmtree, &mm->rb_free) { 175 RB_FOREACH(mms, mmtree, &mm->rb_free) {
210 if (mms->size >= size) 176 if (mms->size >= size)
diff --git a/monitor_mm.h b/monitor_mm.h
index b0e6d5f22..a1323b9a8 100644
--- a/monitor_mm.h
+++ b/monitor_mm.h
@@ -27,7 +27,7 @@
27 27
28#ifndef _MM_H_ 28#ifndef _MM_H_
29#define _MM_H_ 29#define _MM_H_
30#include "openbsd-compat/tree.h" 30#include "openbsd-compat/sys-tree.h"
31 31
32struct mm_share { 32struct mm_share {
33 RB_ENTRY(mm_share) next; 33 RB_ENTRY(mm_share) next;
@@ -40,7 +40,6 @@ struct mm_master {
40 struct mmtree rb_allocated; 40 struct mmtree rb_allocated;
41 void *address; 41 void *address;
42 size_t size; 42 size_t size;
43 int shm_not_mmap;
44 43
45 struct mm_master *mmalloc; /* Used to completely share */ 44 struct mm_master *mmalloc; /* Used to completely share */
46 45
@@ -54,8 +53,6 @@ RB_PROTOTYPE(mmtree, mm_share, next, mm_compare)
54 53
55#define MM_ADDRESS_END(x) (void *)((u_char *)(x)->address + (x)->size) 54#define MM_ADDRESS_END(x) (void *)((u_char *)(x)->address + (x)->size)
56 55
57#define MM_SWAP_TEMPLATE "/var/run/sshd.mm.XXXXXXXX"
58
59struct mm_master *mm_create(struct mm_master *, size_t); 56struct mm_master *mm_create(struct mm_master *, size_t);
60void mm_destroy(struct mm_master *); 57void mm_destroy(struct mm_master *);
61 58
diff --git a/monitor_wrap.c b/monitor_wrap.c
index f7e332d8e..4c53bfd13 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -25,7 +25,7 @@
25 */ 25 */
26 26
27#include "includes.h" 27#include "includes.h"
28RCSID("$OpenBSD: monitor_wrap.c,v 1.11 2002/06/19 18:01:00 markus Exp $"); 28RCSID("$OpenBSD: monitor_wrap.c,v 1.19 2002/09/26 11:38:43 markus Exp $");
29 29
30#include <openssl/bn.h> 30#include <openssl/bn.h>
31#include <openssl/dh.h> 31#include <openssl/dh.h>
@@ -62,8 +62,8 @@ extern Buffer input, output;
62void 62void
63mm_request_send(int socket, enum monitor_reqtype type, Buffer *m) 63mm_request_send(int socket, enum monitor_reqtype type, Buffer *m)
64{ 64{
65 u_char buf[5];
66 u_int mlen = buffer_len(m); 65 u_int mlen = buffer_len(m);
66 u_char buf[5];
67 67
68 debug3("%s entering: type %d", __func__, type); 68 debug3("%s entering: type %d", __func__, type);
69 69
@@ -79,8 +79,8 @@ void
79mm_request_receive(int socket, Buffer *m) 79mm_request_receive(int socket, Buffer *m)
80{ 80{
81 u_char buf[4]; 81 u_char buf[4];
82 ssize_t res;
83 u_int msg_len; 82 u_int msg_len;
83 ssize_t res;
84 84
85 debug3("%s entering", __func__); 85 debug3("%s entering", __func__);
86 86
@@ -207,7 +207,7 @@ mm_getpwnamallow(const char *login)
207 return (pw); 207 return (pw);
208} 208}
209 209
210char* mm_auth2_read_banner(void) 210char *mm_auth2_read_banner(void)
211{ 211{
212 Buffer m; 212 Buffer m;
213 char *banner; 213 char *banner;
@@ -411,7 +411,7 @@ mm_newkeys_from_blob(u_char *blob, int blen)
411 enc->key = buffer_get_string(&b, &enc->key_len); 411 enc->key = buffer_get_string(&b, &enc->key_len);
412 enc->iv = buffer_get_string(&b, &len); 412 enc->iv = buffer_get_string(&b, &len);
413 if (len != enc->block_size) 413 if (len != enc->block_size)
414 fatal("%s: bad ivlen: expected %d != %d", __func__, 414 fatal("%s: bad ivlen: expected %u != %u", __func__,
415 enc->block_size, len); 415 enc->block_size, len);
416 416
417 if (enc->name == NULL || cipher_by_name(enc->name) != enc->cipher) 417 if (enc->name == NULL || cipher_by_name(enc->name) != enc->cipher)
@@ -425,7 +425,7 @@ mm_newkeys_from_blob(u_char *blob, int blen)
425 mac->enabled = buffer_get_int(&b); 425 mac->enabled = buffer_get_int(&b);
426 mac->key = buffer_get_string(&b, &len); 426 mac->key = buffer_get_string(&b, &len);
427 if (len > mac->key_len) 427 if (len > mac->key_len)
428 fatal("%s: bad mac key length: %d > %d", __func__, len, 428 fatal("%s: bad mac key length: %u > %d", __func__, len,
429 mac->key_len); 429 mac->key_len);
430 mac->key_len = len; 430 mac->key_len = len;
431 431
@@ -436,7 +436,7 @@ mm_newkeys_from_blob(u_char *blob, int blen)
436 436
437 len = buffer_len(&b); 437 len = buffer_len(&b);
438 if (len != 0) 438 if (len != 0)
439 error("newkeys_from_blob: remaining bytes in blob %d", len); 439 error("newkeys_from_blob: remaining bytes in blob %u", len);
440 buffer_free(&b); 440 buffer_free(&b);
441 return (newkey); 441 return (newkey);
442} 442}
@@ -446,7 +446,6 @@ mm_newkeys_to_blob(int mode, u_char **blobp, u_int *lenp)
446{ 446{
447 Buffer b; 447 Buffer b;
448 int len; 448 int len;
449 u_char *buf;
450 Enc *enc; 449 Enc *enc;
451 Mac *mac; 450 Mac *mac;
452 Comp *comp; 451 Comp *comp;
@@ -484,14 +483,14 @@ mm_newkeys_to_blob(int mode, u_char **blobp, u_int *lenp)
484 buffer_put_cstring(&b, comp->name); 483 buffer_put_cstring(&b, comp->name);
485 484
486 len = buffer_len(&b); 485 len = buffer_len(&b);
487 buf = xmalloc(len);
488 memcpy(buf, buffer_ptr(&b), len);
489 memset(buffer_ptr(&b), 0, len);
490 buffer_free(&b);
491 if (lenp != NULL) 486 if (lenp != NULL)
492 *lenp = len; 487 *lenp = len;
493 if (blobp != NULL) 488 if (blobp != NULL) {
494 *blobp = buf; 489 *blobp = xmalloc(len);
490 memcpy(*blobp, buffer_ptr(&b), len);
491 }
492 memset(buffer_ptr(&b), 0, len);
493 buffer_free(&b);
495 return len; 494 return len;
496} 495}
497 496
@@ -600,7 +599,7 @@ int
600mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) 599mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
601{ 600{
602 Buffer m; 601 Buffer m;
603 u_char *p; 602 char *p;
604 int success = 0; 603 int success = 0;
605 604
606 buffer_init(&m); 605 buffer_init(&m);
@@ -705,7 +704,7 @@ mm_chall_setup(char **name, char **infotxt, u_int *numprompts,
705 *name = xstrdup(""); 704 *name = xstrdup("");
706 *infotxt = xstrdup(""); 705 *infotxt = xstrdup("");
707 *numprompts = 1; 706 *numprompts = 1;
708 *prompts = xmalloc(*numprompts * sizeof(char*)); 707 *prompts = xmalloc(*numprompts * sizeof(char *));
709 *echo_on = xmalloc(*numprompts * sizeof(u_int)); 708 *echo_on = xmalloc(*numprompts * sizeof(u_int));
710 (*echo_on)[0] = 0; 709 (*echo_on)[0] = 0;
711} 710}
@@ -937,3 +936,74 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16])
937 936
938 return (success); 937 return (success);
939} 938}
939
940#ifdef KRB4
941int
942mm_auth_krb4(Authctxt *authctxt, void *_auth, char **client, void *_reply)
943{
944 KTEXT auth, reply;
945 Buffer m;
946 u_int rlen;
947 int success = 0;
948 char *p;
949
950 debug3("%s entering", __func__);
951 auth = _auth;
952 reply = _reply;
953
954 buffer_init(&m);
955 buffer_put_string(&m, auth->dat, auth->length);
956
957 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB4, &m);
958 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB4, &m);
959
960 success = buffer_get_int(&m);
961 if (success) {
962 *client = buffer_get_string(&m, NULL);
963 p = buffer_get_string(&m, &rlen);
964 if (rlen >= MAX_KTXT_LEN)
965 fatal("%s: reply from monitor too large", __func__);
966 reply->length = rlen;
967 memcpy(reply->dat, p, rlen);
968 memset(p, 0, rlen);
969 xfree(p);
970 }
971 buffer_free(&m);
972 return (success);
973}
974#endif
975
976#ifdef KRB5
977int
978mm_auth_krb5(void *ctx, void *argp, char **userp, void *resp)
979{
980 krb5_data *tkt, *reply;
981 Buffer m;
982 int success;
983
984 debug3("%s entering", __func__);
985 tkt = (krb5_data *) argp;
986 reply = (krb5_data *) resp;
987
988 buffer_init(&m);
989 buffer_put_string(&m, tkt->data, tkt->length);
990
991 mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB5, &m);
992 mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB5, &m);
993
994 success = buffer_get_int(&m);
995 if (success) {
996 u_int len;
997
998 *userp = buffer_get_string(&m, NULL);
999 reply->data = buffer_get_string(&m, &len);
1000 reply->length = len;
1001 } else {
1002 memset(reply, 0, sizeof(*reply));
1003 *userp = NULL;
1004 }
1005
1006 buffer_free(&m);
1007 return (success);
1008}
1009#endif
diff --git a/monitor_wrap.h b/monitor_wrap.h
index ce721247b..d960a3d0b 100644
--- a/monitor_wrap.h
+++ b/monitor_wrap.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: monitor_wrap.h,v 1.5 2002/05/12 23:53:45 djm Exp $ */ 1/* $OpenBSD: monitor_wrap.h,v 1.8 2002/09/26 11:38:43 markus Exp $ */
2 2
3/* 3/*
4 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 4 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
@@ -44,7 +44,7 @@ DH *mm_choose_dh(int, int, int);
44int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int); 44int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int);
45void mm_inform_authserv(char *, char *); 45void mm_inform_authserv(char *, char *);
46struct passwd *mm_getpwnamallow(const char *); 46struct passwd *mm_getpwnamallow(const char *);
47char* mm_auth2_read_banner(void); 47char *mm_auth2_read_banner(void);
48int mm_auth_password(struct Authctxt *, char *); 48int mm_auth_password(struct Authctxt *, char *);
49int mm_key_allowed(enum mm_keytype, char *, char *, Key *); 49int mm_key_allowed(enum mm_keytype, char *, char *, Key *);
50int mm_user_key_allowed(struct passwd *, Key *); 50int mm_user_key_allowed(struct passwd *, Key *);
@@ -83,6 +83,16 @@ int mm_bsdauth_respond(void *, u_int, char **);
83int mm_skey_query(void *, char **, char **, u_int *, char ***, u_int **); 83int mm_skey_query(void *, char **, char **, u_int *, char ***, u_int **);
84int mm_skey_respond(void *, u_int, char **); 84int mm_skey_respond(void *, u_int, char **);
85 85
86/* auth_krb */
87#ifdef KRB4
88int mm_auth_krb4(struct Authctxt *, void *, char **, void *);
89#endif
90#ifdef KRB5
91/* auth and reply are really krb5_data objects, but we don't want to
92 * include all of the krb5 headers here */
93int mm_auth_krb5(void *authctxt, void *auth, char **client, void *reply);
94#endif
95
86/* zlib allocation hooks */ 96/* zlib allocation hooks */
87 97
88void *mm_zalloc(struct mm_master *, u_int, u_int); 98void *mm_zalloc(struct mm_master *, u_int, u_int);
diff --git a/msg.c b/msg.c
index 7275c847d..107a37691 100644
--- a/msg.c
+++ b/msg.c
@@ -22,7 +22,7 @@
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */ 23 */
24#include "includes.h" 24#include "includes.h"
25RCSID("$OpenBSD: msg.c,v 1.3 2002/06/24 15:49:22 itojun Exp $"); 25RCSID("$OpenBSD: msg.c,v 1.4 2002/07/01 16:15:25 deraadt Exp $");
26 26
27#include "buffer.h" 27#include "buffer.h"
28#include "getput.h" 28#include "getput.h"
@@ -31,43 +31,43 @@ RCSID("$OpenBSD: msg.c,v 1.3 2002/06/24 15:49:22 itojun Exp $");
31#include "msg.h" 31#include "msg.h"
32 32
33void 33void
34msg_send(int fd, u_char type, Buffer *m) 34ssh_msg_send(int fd, u_char type, Buffer *m)
35{ 35{
36 u_char buf[5]; 36 u_char buf[5];
37 u_int mlen = buffer_len(m); 37 u_int mlen = buffer_len(m);
38 38
39 debug3("msg_send: type %u", (unsigned int)type & 0xff); 39 debug3("ssh_msg_send: type %u", (unsigned int)type & 0xff);
40 40
41 PUT_32BIT(buf, mlen + 1); 41 PUT_32BIT(buf, mlen + 1);
42 buf[4] = type; /* 1st byte of payload is mesg-type */ 42 buf[4] = type; /* 1st byte of payload is mesg-type */
43 if (atomicio(write, fd, buf, sizeof(buf)) != sizeof(buf)) 43 if (atomicio(write, fd, buf, sizeof(buf)) != sizeof(buf))
44 fatal("msg_send: write"); 44 fatal("ssh_msg_send: write");
45 if (atomicio(write, fd, buffer_ptr(m), mlen) != mlen) 45 if (atomicio(write, fd, buffer_ptr(m), mlen) != mlen)
46 fatal("msg_send: write"); 46 fatal("ssh_msg_send: write");
47} 47}
48 48
49int 49int
50msg_recv(int fd, Buffer *m) 50ssh_msg_recv(int fd, Buffer *m)
51{ 51{
52 u_char buf[4]; 52 u_char buf[4];
53 ssize_t res; 53 ssize_t res;
54 u_int msg_len; 54 u_int msg_len;
55 55
56 debug3("msg_recv entering"); 56 debug3("ssh_msg_recv entering");
57 57
58 res = atomicio(read, fd, buf, sizeof(buf)); 58 res = atomicio(read, fd, buf, sizeof(buf));
59 if (res != sizeof(buf)) { 59 if (res != sizeof(buf)) {
60 if (res == 0) 60 if (res == 0)
61 return -1; 61 return -1;
62 fatal("msg_recv: read: header %ld", (long)res); 62 fatal("ssh_msg_recv: read: header %ld", (long)res);
63 } 63 }
64 msg_len = GET_32BIT(buf); 64 msg_len = GET_32BIT(buf);
65 if (msg_len > 256 * 1024) 65 if (msg_len > 256 * 1024)
66 fatal("msg_recv: read: bad msg_len %d", msg_len); 66 fatal("ssh_msg_recv: read: bad msg_len %u", msg_len);
67 buffer_clear(m); 67 buffer_clear(m);
68 buffer_append_space(m, msg_len); 68 buffer_append_space(m, msg_len);
69 res = atomicio(read, fd, buffer_ptr(m), msg_len); 69 res = atomicio(read, fd, buffer_ptr(m), msg_len);
70 if (res != msg_len) 70 if (res != msg_len)
71 fatal("msg_recv: read: %ld != msg_len", (long)res); 71 fatal("ssh_msg_recv: read: %ld != msg_len", (long)res);
72 return 0; 72 return 0;
73} 73}
diff --git a/msg.h b/msg.h
index 13fa95b27..8980e254e 100644
--- a/msg.h
+++ b/msg.h
@@ -25,7 +25,7 @@
25#ifndef SSH_MSG_H 25#ifndef SSH_MSG_H
26#define SSH_MSG_H 26#define SSH_MSG_H
27 27
28void msg_send(int, u_char, Buffer *); 28void ssh_msg_send(int, u_char, Buffer *);
29int msg_recv(int, Buffer *); 29int ssh_msg_recv(int, Buffer *);
30 30
31#endif 31#endif
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
index 3e09cfefe..5229e7e20 100644
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@@ -1,4 +1,4 @@
1# $Id: Makefile.in,v 1.21 2002/02/19 20:27:57 mouring Exp $ 1# $Id: Makefile.in,v 1.23 2002/09/12 00:33:02 djm Exp $
2 2
3sysconfdir=@sysconfdir@ 3sysconfdir=@sysconfdir@
4piddir=@piddir@ 4piddir=@piddir@
@@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@
18 18
19OPENBSD=base64.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o 19OPENBSD=base64.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o
20 20
21COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-misc.o bsd-nextstep.o bsd-snprintf.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o 21COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-snprintf.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o xmmap.o
22 22
23PORTS=port-irix.o port-aix.o 23PORTS=port-irix.o port-aix.o
24 24
diff --git a/openbsd-compat/base64.c b/openbsd-compat/base64.c
index d12b993b7..005170b80 100644
--- a/openbsd-compat/base64.c
+++ b/openbsd-compat/base64.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: base64.c,v 1.3 1997/11/08 20:46:55 deraadt Exp $ */ 1/* $OpenBSD: base64.c,v 1.4 2002/01/02 23:00:10 deraadt Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 1996 by Internet Software Consortium. 4 * Copyright (c) 1996 by Internet Software Consortium.
@@ -42,7 +42,7 @@
42 * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. 42 * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
43 */ 43 */
44 44
45#include "config.h" 45#include "includes.h"
46 46
47#if !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP) 47#if !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP)
48 48
@@ -60,6 +60,7 @@
60 60
61#include "base64.h" 61#include "base64.h"
62 62
63/* XXX abort illegal in library */
63#define Assert(Cond) if (!(Cond)) abort() 64#define Assert(Cond) if (!(Cond)) abort()
64 65
65static const char Base64[] = 66static const char Base64[] =
diff --git a/openbsd-compat/bindresvport.c b/openbsd-compat/bindresvport.c
index 332bcb016..620f980ed 100644
--- a/openbsd-compat/bindresvport.c
+++ b/openbsd-compat/bindresvport.c
@@ -29,7 +29,7 @@
29 * Mountain View, California 94043 29 * Mountain View, California 94043
30 */ 30 */
31 31
32#include "config.h" 32#include "includes.h"
33 33
34#ifndef HAVE_BINDRESVPORT_SA 34#ifndef HAVE_BINDRESVPORT_SA
35 35
diff --git a/openbsd-compat/bsd-cray.c b/openbsd-compat/bsd-cray.c
index 9bab75b41..edb3112b3 100644
--- a/openbsd-compat/bsd-cray.c
+++ b/openbsd-compat/bsd-cray.c
@@ -1,5 +1,5 @@
1/* 1/*
2 * $Id: bsd-cray.c,v 1.6 2002/05/15 16:39:51 mouring Exp $ 2 * $Id: bsd-cray.c,v 1.8 2002/09/26 00:38:51 tim Exp $
3 * 3 *
4 * bsd-cray.c 4 * bsd-cray.c
5 * 5 *
@@ -34,8 +34,8 @@
34 * on UNICOS systems. 34 * on UNICOS systems.
35 * 35 *
36 */ 36 */
37#ifdef _UNICOS
37 38
38#ifdef _CRAY
39#include <udb.h> 39#include <udb.h>
40#include <tmpdir.h> 40#include <tmpdir.h>
41#include <unistd.h> 41#include <unistd.h>
@@ -45,19 +45,33 @@
45#include <signal.h> 45#include <signal.h>
46#include <sys/priv.h> 46#include <sys/priv.h>
47#include <sys/secparm.h> 47#include <sys/secparm.h>
48#include <sys/tfm.h>
48#include <sys/usrv.h> 49#include <sys/usrv.h>
49#include <sys/sysv.h> 50#include <sys/sysv.h>
50#include <sys/sectab.h> 51#include <sys/sectab.h>
52#include <sys/secstat.h>
51#include <sys/stat.h> 53#include <sys/stat.h>
54#include <sys/session.h>
52#include <stdlib.h> 55#include <stdlib.h>
53#include <pwd.h> 56#include <pwd.h>
54#include <fcntl.h> 57#include <fcntl.h>
55#include <errno.h> 58#include <errno.h>
56 59#include <ia.h>
60#include <urm.h>
61#include "ssh.h"
62#include "log.h"
63#include "servconf.h"
57#include "bsd-cray.h" 64#include "bsd-cray.h"
58 65
66#define MAXACID 80
67
68extern ServerOptions options;
69
59char cray_tmpdir[TPATHSIZ+1]; /* job TMPDIR path */ 70char cray_tmpdir[TPATHSIZ+1]; /* job TMPDIR path */
60 71
72struct sysv sysv; /* system security structure */
73struct usrv usrv; /* user security structure */
74
61/* 75/*
62 * Functions. 76 * Functions.
63 */ 77 */
@@ -65,68 +79,538 @@ void cray_retain_utmp(struct utmp *, int);
65void cray_delete_tmpdir(char *, int, uid_t); 79void cray_delete_tmpdir(char *, int, uid_t);
66void cray_init_job(struct passwd *); 80void cray_init_job(struct passwd *);
67void cray_set_tmpdir(struct utmp *); 81void cray_set_tmpdir(struct utmp *);
82void cray_login_failure(char *, int);
83int cray_setup(uid_t, char *, const char *);
84int cray_access_denied(char *);
85
86void
87cray_login_failure(char *username, int errcode)
88{
89 struct udb *ueptr; /* UDB pointer for username */
90 ia_failure_t fsent; /* ia_failure structure */
91 ia_failure_ret_t fret; /* ia_failure return stuff */
92 struct jtab jtab; /* job table structure */
93 int jid = 0; /* job id */
94
95 if ((jid = getjtab(&jtab)) < 0) {
96 debug("cray_login_failure(): getjtab error");
97 }
98 getsysudb();
99 if ((ueptr = getudbnam(username)) == UDB_NULL) {
100 debug("cray_login_failure(): getudbname() returned NULL");
101 }
102 endudb();
103 fsent.revision = 0;
104 fsent.uname = username;
105 fsent.host = (char *)get_canonical_hostname(options.verify_reverse_mapping);
106 fsent.ttyn = "sshd";
107 fsent.caller = IA_SSHD;
108 fsent.flags = IA_INTERACTIVE;
109 fsent.ueptr = ueptr;
110 fsent.jid = jid;
111 fsent.errcode = errcode;
112 fsent.pwdp = NULL;
113 fsent.exitcode = 0; /* dont exit in ia_failure() */
114
115 fret.revision = 0;
116 fret.normal = 0;
68 117
118 /*
119 * Call ia_failure because of an login failure.
120 */
121 ia_failure(&fsent,&fret);
122}
69 123
70/* 124/*
71 * Orignal written by: 125 * Cray access denied
72 * Wayne Schroeder 126 */
73 * San Diego Supercomputer Center 127int
74 * schroeder@sdsc.edu 128cray_access_denied(char *username)
75*/
76void
77cray_setup(uid_t uid, char *username)
78{ 129{
79 struct udb *p; 130 struct udb *ueptr; /* UDB pointer for username */
131 int errcode; /* IA errorcode */
132
133 errcode = 0;
134 getsysudb();
135 if ((ueptr = getudbnam(username)) == UDB_NULL) {
136 debug("cray_login_failure(): getudbname() returned NULL");
137 }
138 endudb();
139 if (ueptr && ueptr->ue_disabled)
140 errcode = IA_DISABLED;
141 if (errcode)
142 cray_login_failure(username, errcode);
143 return (errcode);
144}
145
146int
147cray_setup (uid_t uid, char *username, const char *command)
148{
149 extern struct udb *getudb();
80 extern char *setlimits(); 150 extern char *setlimits();
81 int i, j;
82 int accts[MAXVIDS];
83 int naccts;
84 int err;
85 char *sr;
86 int pid;
87 struct jtab jbuf;
88 int jid;
89 151
90 if ((jid = getjtab(&jbuf)) < 0) 152 int err; /* error return */
91 fatal("getjtab: no jid"); 153 time_t system_time; /* current system clock */
92 154 time_t expiration_time; /* password expiration time */
93 err = setudb(); /* open and rewind the Cray User DataBase */ 155 int maxattempts; /* maximum no. of failed login attempts */
94 if (err != 0) 156 int SecureSys; /* unicos security flag */
95 fatal("UDB open failure"); 157 int minslevel = 0; /* system minimum security level */
96 naccts = 0; 158 int i, j;
97 p = getudbnam(username); 159 int valid_acct = -1; /* flag for reading valid acct */
98 if (p == NULL) 160 char acct_name[MAXACID] = { "" }; /* used to read acct name */
99 fatal("No UDB entry for %.100s", username); 161 struct jtab jtab; /* Job table struct */
100 if (uid != p->ue_uid) 162 struct udb ue; /* udb entry for logging-in user */
101 fatal("UDB entry %.100s uid(%d) does not match uid %d", 163 struct udb *up; /* pointer to UDB entry */
102 username, (int) p->ue_uid, (int) uid); 164 struct secstat secinfo; /* file security attributes */
103 for (j = 0; p->ue_acids[j] != -1 && j < MAXVIDS; j++) { 165 struct servprov init_info; /* used for sesscntl() call */
104 accts[naccts] = p->ue_acids[j]; 166 int jid; /* job ID */
105 naccts++; 167 int pid; /* process ID */
168 char *sr; /* status return from setlimits() */
169 char *ttyn = NULL; /* ttyname or command name*/
170 char hostname[MAXHOSTNAMELEN];
171 passwd_t pwdacm,
172 pwddialup,
173 pwdudb,
174 pwdwal,
175 pwddce; /* passwd stuff for ia_user */
176 ia_user_ret_t uret; /* stuff returned from ia_user */
177 ia_user_t usent; /* ia_user main structure */
178 int ia_rcode; /* ia_user return code */
179 ia_failure_t fsent; /* ia_failure structure */
180 ia_failure_ret_t fret; /* ia_failure return stuff */
181 ia_success_t ssent; /* ia_success structure */
182 ia_success_ret_t sret; /* ia_success return stuff */
183 int ia_mlsrcode; /* ia_mlsuser return code */
184 int secstatrc; /* [f]secstat return code */
185
186 if (SecureSys = (int)sysconf(_SC_CRAY_SECURE_SYS)) {
187 getsysv(&sysv, sizeof(struct sysv));
188 minslevel = sysv.sy_minlvl;
189 if (getusrv(&usrv) < 0) {
190 debug("getusrv() failed, errno = %d",errno);
191 exit(1);
192 }
106 } 193 }
107 endudb(); /* close the udb */ 194 hostname[0] = '\0';
108 195 strncpy(hostname,
109 if (naccts != 0) { 196 (char *)get_canonical_hostname(options.verify_reverse_mapping),
110 /* Perhaps someday we'll prompt users who have multiple accounts 197 MAXHOSTNAMELEN);
111 to let them pick one (like CRI's login does), but for now just set 198 /*
112 the account to the first entry. */ 199 * Fetch user's UDB entry.
113 if (acctid(0, accts[0]) < 0) 200 */
114 fatal("System call acctid failed, accts[0]=%d", accts[0]); 201 getsysudb();
202 if ((up = getudbnam(username)) == UDB_NULL) {
203 debug("cannot fetch user's UDB entry");
204 exit(1);
205 }
206
207 /*
208 * Prevent any possible fudging so perform a data
209 * safety check and compare the supplied uid against
210 * the udb's uid.
211 */
212 if (up->ue_uid != uid) {
213 debug("IA uid missmatch");
214 exit(1);
215 }
216 endudb();
217
218 if ((jid = getjtab (&jtab)) < 0) {
219 debug("getjtab");
220 return -1;
221 }
222 pid = getpid();
223 ttyn = ttyname(0);
224 if (SecureSys) {
225 if (ttyn) {
226 secstatrc = secstat(ttyn, &secinfo);
227 } else {
228 secstatrc = fsecstat(1, &secinfo);
229 }
230 if (secstatrc == 0) {
231 debug("[f]secstat() successful");
232 } else {
233 debug("[f]secstat() error, rc = %d", secstatrc);
234 exit(1);
235 }
236 }
237 if ((ttyn == NULL) && ((char *)command != NULL))
238 ttyn = (char *)command;
239 /*
240 * Initialize all structures to call ia_user
241 */
242 usent.revision = 0;
243 usent.uname = username;
244 usent.host = hostname;
245 usent.ttyn = ttyn;
246 usent.caller = IA_SSHD;
247 usent.pswdlist = &pwdacm;
248 usent.ueptr = &ue;
249 usent.flags = IA_INTERACTIVE | IA_FFLAG;
250 pwdacm.atype = IA_SECURID;
251 pwdacm.pwdp = NULL;
252 pwdacm.next = &pwdudb;
253
254 pwdudb.atype = IA_UDB;
255 pwdudb.pwdp = NULL;
256 pwdudb.next = &pwddce;
257
258 pwddce.atype = IA_DCE;
259 pwddce.pwdp = NULL;
260 pwddce.next = &pwddialup;
261
262 pwddialup.atype = IA_DIALUP;
263 pwddialup.pwdp = NULL;
264 /* pwddialup.next = &pwdwal; */
265 pwddialup.next = NULL;
266
267 pwdwal.atype = IA_WAL;
268 pwdwal.pwdp = NULL;
269 pwdwal.next = NULL;
270
271 uret.revision = 0;
272 uret.pswd = NULL;
273 uret.normal = 0;
274
275 ia_rcode = ia_user(&usent, &uret);
276
277 switch (ia_rcode) {
278 /*
279 * These are acceptable return codes from ia_user()
280 */
281 case IA_UDBWEEK: /* Password Expires in 1 week */
282 expiration_time = ue.ue_pwage.time + ue.ue_pwage.maxage;
283 printf ("WARNING - your current password will expire %s\n",
284 ctime((const time_t *)&expiration_time));
285 break;
286 case IA_UDBEXPIRED:
287 if (ttyname(0) != NULL) {
288 /* Force a password change */
289 printf("Your password has expired; Choose a new one.\n");
290 execl("/bin/passwd", "passwd", username, 0);
291 exit(9);
292 }
293
294 break;
295 case IA_NORMAL: /* Normal Return Code */
296 break;
297 case IA_BACKDOOR:
298 strcpy(ue.ue_name, "root");
299 strcpy(ue.ue_passwd, "");
300 strcpy(ue.ue_dir, "/");
301 strcpy(ue.ue_shell, "/bin/sh");
302 strcpy(ue.ue_age, "");
303 strcpy(ue.ue_comment, "");
304 strcpy(ue.ue_loghost, "");
305 strcpy(ue.ue_logline, "");
306 ue.ue_uid=-1;
307 ue.ue_nice[UDBRC_INTER]=0;
308 for (i=0;i<MAXVIDS;i++)
309 ue.ue_gids[i]=0;
310 ue.ue_logfails=0;
311 ue.ue_minlvl=minslevel;
312 ue.ue_maxlvl=minslevel;
313 ue.ue_deflvl=minslevel;
314 ue.ue_defcomps=0;
315 ue.ue_comparts=0;
316 ue.ue_permits=0;
317 ue.ue_trap=0;
318 ue.ue_disabled=0;
319 ue.ue_logtime=0;
320 break;
321 case IA_CONSOLE: /* Superuser not from Console */
322 case IA_TRUSTED: /* Trusted user */
323 if (options.permit_root_login > PERMIT_NO)
324 break; /* Accept root login */
325 default:
326 /*
327 * These are failed return codes from ia_user()
328 */
329 switch (ia_rcode)
330 {
331 case IA_BADAUTH:
332 printf ("Bad authorization, access denied.\n");
333 break;
334 case IA_DIALUPERR:
335 break;
336 case IA_DISABLED:
337 printf ("Your login has been disabled. Contact the system ");
338 printf ("administrator for assistance.\n");
339 break;
340 case IA_GETSYSV:
341 printf ("getsysv() failed - errno = %d\n", errno);
342 break;
343 case IA_LOCALHOST:
344 break;
345 case IA_MAXLOGS:
346 printf ("Maximum number of failed login attempts exceeded.\n");
347 printf ("Access denied.\n");
348 break;
349 case IA_NOPASS:
350 break;
351 case IA_PUBLIC:
352 break;
353 case IA_SECURIDERR:
354 break;
355 case IA_CONSOLE:
356 break;
357 case IA_TRUSTED:
358 break;
359 case IA_UDBERR:
360 break;
361 case IA_UDBPWDNULL:
362 /*
363 * NULL password not allowed on MLS systems
364 */
365 if (SecureSys) {
366 printf("NULL Password not allowed on MLS systems.\n");
367 }
368 break;
369 case IA_UNKNOWN:
370 break;
371 case IA_UNKNOWNYP:
372 break;
373 case IA_WALERR:
374 break;
375 default:
376 /* nothing special */
377 ;
378 } /* 2. switch (ia_rcode) */
379 /*
380 * Authentication failed.
381 */
382 printf("sshd: Login incorrect, (0%o)\n",
383 ia_rcode-IA_ERRORCODE);
384
385 /*
386 * Initialize structure for ia_failure
387 * which will exit.
388 */
389 fsent.revision = 0;
390 fsent.uname = username;
391 fsent.host = hostname;
392 fsent.ttyn = ttyn;
393 fsent.caller = IA_SSHD;
394 fsent.flags = IA_INTERACTIVE;
395 fsent.ueptr = &ue;
396 fsent.jid = jid;
397 fsent.errcode = ia_rcode;
398 fsent.pwdp = uret.pswd;
399 fsent.exitcode = 1;
400
401 fret.revision = 0;
402 fret.normal = 0;
403
404 /*
405 * Call ia_failure because of an IA failure.
406 * There is no return because ia_failure exits.
407 */
408
409 ia_failure(&fsent,&fret);
410
411 exit(1);
412 } /* 1. switch (ia_rcode) */
413 ia_mlsrcode = IA_NORMAL;
414 if (SecureSys) {
415 debug("calling ia_mlsuser()");
416 ia_mlsrcode = ia_mlsuser (&ue, &secinfo, &usrv, NULL, 0);
417 }
418 if (ia_mlsrcode != IA_NORMAL) {
419 printf("sshd: Login incorrect, (0%o)\n",
420 ia_mlsrcode-IA_ERRORCODE);
421 /*
422 * Initialize structure for ia_failure
423 * which will exit.
424 */
425 fsent.revision = 0;
426 fsent.uname = username;
427 fsent.host = hostname;
428 fsent.ttyn = ttyn;
429 fsent.caller = IA_SSHD;
430 fsent.flags = IA_INTERACTIVE;
431 fsent.ueptr = &ue;
432 fsent.jid = jid;
433 fsent.errcode = ia_mlsrcode;
434 fsent.pwdp = uret.pswd;
435 fsent.exitcode = 1;
436 fret.revision = 0;
437 fret.normal = 0;
438
439 /*
440 * Call ia_failure because of an IA failure.
441 * There is no return because ia_failure exits.
442 */
443 ia_failure(&fsent,&fret);
444 exit(1);
115 } 445 }
116 446
117 /* Now set limits, including CPU time for the (interactive) job and process, 447 /* Provide login status information */
118 and set up permissions (for chown etc), etc. This is via an internal CRI 448 if (options.print_lastlog && ue.ue_logtime != 0) {
119 routine, setlimits, used by CRI's login. */ 449 printf("Last successful login was : %.*s ",
450 19, (char *)ctime(&ue.ue_logtime));
451
452 if (*ue.ue_loghost != '\0')
453 printf("from %.*s\n", sizeof(ue.ue_loghost), ue.ue_loghost);
454
455 else printf("on %.*s\n", sizeof(ue.ue_logline), ue.ue_logline);
456
457 if ( SecureSys && (ue.ue_logfails != 0))
458 printf(" followed by %d failed attempts\n", ue.ue_logfails);
459 }
460
461
462 /*
463 * Call ia_success to process successful I/A.
464 */
465 ssent.revision = 0;
466 ssent.uname = username;
467 ssent.host = hostname;
468 ssent.ttyn = ttyn;
469 ssent.caller = IA_SSHD;
470 ssent.flags = IA_INTERACTIVE;
471 ssent.ueptr = &ue;
472 ssent.jid = jid;
473 ssent.errcode = ia_rcode;
474 ssent.us = NULL;
475 ssent.time = 1; /* Set ue_logtime */
476
477 sret.revision = 0;
478 sret.normal = 0;
479
480 ia_success(&ssent,&sret);
481
482 /*
483 * Query for account, iff > 1 valid acid & askacid permbit
484 */
485 if (((ue.ue_permbits & PERMBITS_ACCTID) ||
486 (ue.ue_acids[0] >= 0) && (ue.ue_acids[1] >= 0)) &&
487 ue.ue_permbits & PERMBITS_ASKACID) {
488 if (ttyname(0) != NULL) {
489 debug("cray_setup: ttyname true case, %.100s", ttyname);
490 while (valid_acct == -1) {
491 printf("Account (? for available accounts)"
492 " [%s]: ", acid2nam(ue.ue_acids[0]));
493 gets(acct_name);
494 switch (acct_name[0]) {
495 case EOF:
496 exit(0);
497 break;
498 case '\0':
499 valid_acct = ue.ue_acids[0];
500 strcpy(acct_name, acid2nam(valid_acct));
501 break;
502 case '?':
503 /* Print the list 3 wide */
504 for (i = 0, j = 0; i < MAXVIDS; i++) {
505 if (ue.ue_acids[i] == -1) {
506 printf("\n");
507 break;
508 }
509 if (++j == 4) {
510 j = 1;
511 printf("\n");
512 }
513 printf(" %s",
514 acid2nam(ue.ue_acids[i]));
515 }
516 if (ue.ue_permbits & PERMBITS_ACCTID)
517 printf("\"acctid\" permbit also allows"
518 " you to select any valid "
519 "account name.\n");
520 printf("\n");
521 break;
522 default:
523 if ((valid_acct = nam2acid(acct_name)) == -1) printf("Account id not found for"
524 " account name \"%s\"\n\n",
525 acct_name);
526 break;
527 }
528 /*
529 * If an account was given, search the user's
530 * acids array to verify they can use this account.
531 */
532 if ((valid_acct != -1) &&
533 !(ue.ue_permbits & PERMBITS_ACCTID)) {
534 for (i = 0; i < MAXVIDS; i++) {
535 if (ue.ue_acids[i] == -1)
536 break;
537 if (valid_acct == ue.ue_acids[i])
538 break;
539 }
540 if (i == MAXVIDS ||
541 ue.ue_acids[i] == -1) {
542 fprintf(stderr, "Cannot set"
543 " account name to "
544 "\"%s\", permission "
545 "denied\n\n", acct_name);
546 valid_acct = -1;
547 }
548 }
549 }
550 } else {
551 /*
552 * The client isn't connected to a terminal and can't
553 * respond to an acid prompt. Use default acid.
554 */
555 debug("cray_setup: ttyname false case, %.100s", ttyname);
556 valid_acct = ue.ue_acids[0];
557 }
558 } else {
559 /*
560 * The user doesn't have the askacid permbit set or
561 * only has one valid account to use.
562 */
563 valid_acct = ue.ue_acids[0];
564 }
565 if (acctid(0, valid_acct) < 0) {
566 printf ("Bad account id: %d\n", valid_acct);
567 exit(1);
568 }
569
570/* set up shares and quotas */
571/* Now set shares, quotas, limits, including CPU time for the (interactive)
572 * job and process, and set up permissions (for chown etc), etc.
573 */
574 if (setshares(ue.ue_uid, valid_acct, printf, 0, 0)) {
575 printf("Unable to give %d shares to <%s>(%d/%d)\n", ue.ue_shares, ue.ue_name, ue.ue_uid, valid_acct);
576 exit(1);
577 }
120 578
121 pid = getpid();
122 sr = setlimits(username, C_PROC, pid, UDBRC_INTER); 579 sr = setlimits(username, C_PROC, pid, UDBRC_INTER);
123 if (sr != NULL) 580 if (sr != NULL) {
124 fatal("%.200s", sr); 581 debug("%.200s", sr);
125 582 exit(1);
583 }
126 sr = setlimits(username, C_JOB, jid, UDBRC_INTER); 584 sr = setlimits(username, C_JOB, jid, UDBRC_INTER);
127 if (sr != NULL) 585 if (sr != NULL) {
128 fatal("%.200s", sr); 586 debug("%.200s", sr);
587 exit(1);
588 }
589 /*
590 * Place the service provider information into
591 * the session table (Unicos) or job table (Unicos/mk).
592 * There exist double defines for the job/session table in
593 * unicos/mk (jtab.h) so no need for a compile time switch.
594 */
595 bzero((char *)&init_info, sizeof(struct servprov));
596 init_info.s_sessinit.si_id = URM_SPT_LOGIN;
597 init_info.s_sessinit.si_pid = getpid();
598 init_info.s_sessinit.si_sid = jid;
599 init_info.s_routing.seqno = 0;
600 init_info.s_routing.iadrs = 0;
601 sesscntl(0, S_SETSERVPO, (int)&init_info);
129 602
603 /*
604 * Set user and controlling tty security attributes.
605 */
606 if (SecureSys) {
607 if (setusrv(&usrv) == -1) {
608 debug("setusrv() failed, errno = %d",errno);
609 exit(1);
610 }
611 }
612
613 return(0);
130} 614}
131 615
132/* 616/*
@@ -143,7 +627,6 @@ drop_cray_privs()
143 int result; 627 int result;
144 extern int priv_set_proc(); 628 extern int priv_set_proc();
145 extern priv_proc_t* priv_init_proc(); 629 extern priv_proc_t* priv_init_proc();
146 struct usrv usrv;
147 630
148 /* 631 /*
149 * If ether of theses two flags are not set 632 * If ether of theses two flags are not set
@@ -154,9 +637,23 @@ drop_cray_privs()
154 if (!sysconf(_SC_CRAY_POSIX_PRIV)) 637 if (!sysconf(_SC_CRAY_POSIX_PRIV))
155 fatal("Not POSIX_PRIV."); 638 fatal("Not POSIX_PRIV.");
156 639
157 debug("Dropping privileges."); 640 debug("Setting MLS labels.");;
641
642 if (sysconf(_SC_CRAY_SECURE_MAC)) {
643 usrv.sv_minlvl = SYSLOW;
644 usrv.sv_actlvl = SYSHIGH;
645 usrv.sv_maxlvl = SYSHIGH;
646 } else {
647 usrv.sv_minlvl = sysv.sy_minlvl;
648 usrv.sv_actlvl = sysv.sy_minlvl;
649 usrv.sv_maxlvl = sysv.sy_maxlvl;
650 }
651 usrv.sv_actcmp = 0;
652 usrv.sv_valcmp = sysv.sy_valcmp;
653
654 usrv.sv_intcat = TFM_SYSTEM;
655 usrv.sv_valcat |= (TFM_SYSTEM | TFM_SYSFILE);
158 656
159 memset(&usrv, 0, sizeof(usrv));
160 if (setusrv(&usrv) < 0) 657 if (setusrv(&usrv) < 0)
161 fatal("%s(%d): setusrv(): %s", __FILE__, __LINE__, 658 fatal("%s(%d): setusrv(): %s", __FILE__, __LINE__,
162 strerror(errno)); 659 strerror(errno));
@@ -189,7 +686,6 @@ cray_retain_utmp(struct utmp *ut, int pid)
189 while (read(fd, (char *)&utmp, sizeof(utmp)) == sizeof(utmp)) { 686 while (read(fd, (char *)&utmp, sizeof(utmp)) == sizeof(utmp)) {
190 if (pid == utmp.ut_pid) { 687 if (pid == utmp.ut_pid) {
191 ut->ut_jid = utmp.ut_jid; 688 ut->ut_jid = utmp.ut_jid;
192 /* XXX: MIN_SIZEOF here? can this go in loginrec? */
193 strncpy(ut->ut_tpath, utmp.ut_tpath, sizeof(utmp.ut_tpath)); 689 strncpy(ut->ut_tpath, utmp.ut_tpath, sizeof(utmp.ut_tpath));
194 strncpy(ut->ut_host, utmp.ut_host, sizeof(utmp.ut_host)); 690 strncpy(ut->ut_host, utmp.ut_host, sizeof(utmp.ut_host));
195 strncpy(ut->ut_name, utmp.ut_name, sizeof(utmp.ut_name)); 691 strncpy(ut->ut_name, utmp.ut_name, sizeof(utmp.ut_name));
@@ -198,7 +694,8 @@ cray_retain_utmp(struct utmp *ut, int pid)
198 } 694 }
199 close(fd); 695 close(fd);
200 } 696 }
201 /* XXX: error message? */ 697 else
698 fatal("Unable to open utmp file");
202} 699}
203 700
204/* 701/*
@@ -245,7 +742,7 @@ cray_job_termination_handler(int sig)
245 char *login = NULL; 742 char *login = NULL;
246 struct jtab jtab; 743 struct jtab jtab;
247 744
248 debug("Received SIG JOB."); 745 debug("received signal %d",sig);
249 746
250 if ((jid = waitjob(&jtab)) == -1 || 747 if ((jid = waitjob(&jtab)) == -1 ||
251 (login = uid2nam(jtab.j_uid)) == NULL) 748 (login = uid2nam(jtab.j_uid)) == NULL)
diff --git a/openbsd-compat/bsd-cray.h b/openbsd-compat/bsd-cray.h
index 9067a389a..8868b4364 100644
--- a/openbsd-compat/bsd-cray.h
+++ b/openbsd-compat/bsd-cray.h
@@ -1,5 +1,5 @@
1/* 1/*
2 * $Id: bsd-cray.h,v 1.3 2002/05/15 16:39:52 mouring Exp $ 2 * $Id: bsd-cray.h,v 1.5 2002/09/26 00:38:51 tim Exp $
3 * 3 *
4 * bsd-cray.h 4 * bsd-cray.h
5 * 5 *
@@ -37,11 +37,18 @@
37#ifndef _BSD_CRAY_H 37#ifndef _BSD_CRAY_H
38#define _BSD_CRAY_H 38#define _BSD_CRAY_H
39 39
40#ifdef _CRAY 40#ifdef _UNICOS
41void cray_init_job(struct passwd *); /* init cray job */ 41void cray_init_job(struct passwd *); /* init cray job */
42void cray_job_termination_handler(int); /* process end of job signal */ 42void cray_job_termination_handler(int); /* process end of job signal */
43void cray_setup(uid_t, char *); /* set cray limits */ 43void cray_login_failure(char *username, int errcode);
44int cray_access_denied(char *username);
44extern char cray_tmpdir[]; /* cray tmpdir */ 45extern char cray_tmpdir[]; /* cray tmpdir */
46#ifndef IA_SSHD
47#define IA_SSHD IA_LOGIN
48#endif
49#ifndef MAXHOSTNAMELEN
50#define MAXHOSTNAMELEN 64
51#endif
45#endif 52#endif
46 53
47#endif /* _BSD_CRAY_H */ 54#endif /* _BSD_CRAY_H */
diff --git a/openbsd-compat/bsd-getpeereid.c b/openbsd-compat/bsd-getpeereid.c
new file mode 100644
index 000000000..c7876823d
--- /dev/null
+++ b/openbsd-compat/bsd-getpeereid.c
@@ -0,0 +1,56 @@
1/*
2 * Copyright (c) 2002 Damien Miller. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */
24
25#include "includes.h"
26
27RCSID("$Id: bsd-getpeereid.c,v 1.1 2002/09/12 00:33:02 djm Exp $");
28
29#if !defined(HAVE_GETPEEREID)
30
31#if defined(SO_PEERCRED)
32int
33getpeereid(int s, uid_t *euid, gid_t *gid)
34{
35 struct ucred cred;
36 size_t len = sizeof(cred);
37
38 if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, &cred, &len) < 0)
39 return (-1);
40 *euid = cred.uid;
41 *gid = cred.gid;
42
43 return (0);
44}
45#else
46int
47getpeereid(int s, uid_t *euid, gid_t *gid)
48{
49 *euid = geteuid();
50 *gid = getgid();
51
52 return (0);
53}
54#endif /* defined(SO_PEERCRED) */
55
56#endif /* !defined(HAVE_GETPEEREID) */
diff --git a/openbsd-compat/bsd-getpeereid.h b/openbsd-compat/bsd-getpeereid.h
new file mode 100644
index 000000000..2e9f077f9
--- /dev/null
+++ b/openbsd-compat/bsd-getpeereid.h
@@ -0,0 +1,14 @@
1/* $Id: bsd-getpeereid.h,v 1.1 2002/09/12 00:33:02 djm Exp $ */
2
3#ifndef _BSD_GETPEEREID_H
4#define _BSD_GETPEEREID_H
5
6#include "config.h"
7
8#include <sys/types.h> /* For uid_t, gid_t */
9
10#ifndef HAVE_GETPEEREID
11int getpeereid(int , uid_t *, gid_t *);
12#endif /* HAVE_GETPEEREID */
13
14#endif /* _BSD_GETPEEREID_H */
diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c
index fa48afea9..1c1e43a52 100644
--- a/openbsd-compat/bsd-misc.c
+++ b/openbsd-compat/bsd-misc.c
@@ -24,7 +24,7 @@
24 24
25#include "includes.h" 25#include "includes.h"
26 26
27RCSID("$Id: bsd-misc.c,v 1.8 2002/06/13 21:34:58 mouring Exp $"); 27RCSID("$Id: bsd-misc.c,v 1.10 2002/07/08 21:09:41 mouring Exp $");
28 28
29char *get_progname(char *argv0) 29char *get_progname(char *argv0)
30{ 30{
@@ -93,8 +93,8 @@ int utimes(char *filename, struct timeval *tvp)
93{ 93{
94 struct utimbuf ub; 94 struct utimbuf ub;
95 95
96 ub.actime = tvp->tv_sec; 96 ub.actime = tvp[0].tv_sec;
97 ub.modtime = tvp->tv_usec; 97 ub.modtime = tvp[1].tv_sec;
98 98
99 return(utime(filename, &ub)); 99 return(utime(filename, &ub));
100} 100}
diff --git a/openbsd-compat/dirname.c b/openbsd-compat/dirname.c
index 391b2dd81..35c7d8ec7 100644
--- a/openbsd-compat/dirname.c
+++ b/openbsd-compat/dirname.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dirname.c,v 1.6 2001/06/28 04:27:19 pjanzen Exp $ */ 1/* $OpenBSD: dirname.c,v 1.7 2002/05/24 21:22:37 deraadt Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com> 4 * Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -31,7 +31,7 @@
31#ifndef HAVE_DIRNAME 31#ifndef HAVE_DIRNAME
32 32
33#if defined(LIBC_SCCS) && !defined(lint) 33#if defined(LIBC_SCCS) && !defined(lint)
34static char rcsid[] = "$OpenBSD: dirname.c,v 1.6 2001/06/28 04:27:19 pjanzen Exp $"; 34static char rcsid[] = "$OpenBSD: dirname.c,v 1.7 2002/05/24 21:22:37 deraadt Exp $";
35#endif /* LIBC_SCCS and not lint */ 35#endif /* LIBC_SCCS and not lint */
36 36
37#include <errno.h> 37#include <errno.h>
@@ -47,7 +47,7 @@ dirname(path)
47 47
48 /* Empty or NULL string gets treated as "." */ 48 /* Empty or NULL string gets treated as "." */
49 if (path == NULL || *path == '\0') { 49 if (path == NULL || *path == '\0') {
50 (void)strcpy(bname, "."); 50 (void)strlcpy(bname, ".", sizeof bname);
51 return(bname); 51 return(bname);
52 } 52 }
53 53
@@ -62,7 +62,7 @@ dirname(path)
62 62
63 /* Either the dir is "/" or there are no slashes */ 63 /* Either the dir is "/" or there are no slashes */
64 if (endp == path) { 64 if (endp == path) {
65 (void)strcpy(bname, *endp == '/' ? "/" : "."); 65 (void)strlcpy(bname, *endp == '/' ? "/" : ".", sizeof bname);
66 return(bname); 66 return(bname);
67 } else { 67 } else {
68 do { 68 do {
diff --git a/openbsd-compat/getcwd.c b/openbsd-compat/getcwd.c
index de3baccbb..6fd8543a5 100644
--- a/openbsd-compat/getcwd.c
+++ b/openbsd-compat/getcwd.c
@@ -24,7 +24,7 @@
24 * SUCH DAMAGE. 24 * SUCH DAMAGE.
25 */ 25 */
26 26
27#include "config.h" 27#include "includes.h"
28 28
29#if !defined(HAVE_GETCWD) 29#if !defined(HAVE_GETCWD)
30 30
diff --git a/openbsd-compat/getopt.c b/openbsd-compat/getopt.c
index f4fbc9bac..4a5cfe5f0 100644
--- a/openbsd-compat/getopt.c
+++ b/openbsd-compat/getopt.c
@@ -31,7 +31,7 @@
31 * SUCH DAMAGE. 31 * SUCH DAMAGE.
32 */ 32 */
33 33
34#include "config.h" 34#include "includes.h"
35#if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET) 35#if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET)
36 36
37#if defined(LIBC_SCCS) && !defined(lint) 37#if defined(LIBC_SCCS) && !defined(lint)
diff --git a/openbsd-compat/glob.c b/openbsd-compat/glob.c
index 365d4334f..e928a2272 100644
--- a/openbsd-compat/glob.c
+++ b/openbsd-compat/glob.c
@@ -56,7 +56,7 @@ get_arg_max(void)
56#if 0 56#if 0
57static char sccsid[] = "@(#)glob.c 8.3 (Berkeley) 10/13/93"; 57static char sccsid[] = "@(#)glob.c 8.3 (Berkeley) 10/13/93";
58#else 58#else
59static char rcsid[] = "$OpenBSD: glob.c,v 1.16 2001/04/05 18:36:12 deraadt Exp $"; 59static char rcsid[] = "$OpenBSD: glob.c,v 1.20 2002/06/14 21:34:58 todd Exp $";
60#endif 60#endif
61#endif /* LIBC_SCCS and not lint */ 61#endif /* LIBC_SCCS and not lint */
62 62
@@ -97,6 +97,7 @@ static char rcsid[] = "$OpenBSD: glob.c,v 1.16 2001/04/05 18:36:12 deraadt Exp $
97#define RBRACKET ']' 97#define RBRACKET ']'
98#define SEP '/' 98#define SEP '/'
99#define STAR '*' 99#define STAR '*'
100#undef TILDE /* Some platforms may already define it */
100#define TILDE '~' 101#define TILDE '~'
101#define UNDERSCORE '_' 102#define UNDERSCORE '_'
102#define LBRACE '{' 103#define LBRACE '{'
@@ -136,32 +137,32 @@ typedef char Char;
136#define ismeta(c) (((c)&M_QUOTE) != 0) 137#define ismeta(c) (((c)&M_QUOTE) != 0)
137 138
138 139
139static int compare __P((const void *, const void *)); 140static int compare(const void *, const void *);
140static int g_Ctoc __P((const Char *, char *, u_int)); 141static int g_Ctoc(const Char *, char *, u_int);
141static int g_lstat __P((Char *, struct stat *, glob_t *)); 142static int g_lstat(Char *, struct stat *, glob_t *);
142static DIR *g_opendir __P((Char *, glob_t *)); 143static DIR *g_opendir(Char *, glob_t *);
143static Char *g_strchr __P((Char *, int)); 144static Char *g_strchr(Char *, int);
144static int g_stat __P((Char *, struct stat *, glob_t *)); 145static int g_stat(Char *, struct stat *, glob_t *);
145static int glob0 __P((const Char *, glob_t *)); 146static int glob0(const Char *, glob_t *);
146static int glob1 __P((Char *, Char *, glob_t *, size_t *)); 147static int glob1(Char *, Char *, glob_t *, size_t *);
147static int glob2 __P((Char *, Char *, Char *, Char *, Char *, Char *, 148static int glob2(Char *, Char *, Char *, Char *, Char *, Char *,
148 glob_t *, size_t *)); 149 glob_t *, size_t *);
149static int glob3 __P((Char *, Char *, Char *, Char *, Char *, Char *, 150static int glob3(Char *, Char *, Char *, Char *, Char *, Char *,
150 Char *, Char *, glob_t *, size_t *)); 151 Char *, Char *, glob_t *, size_t *);
151static int globextend __P((const Char *, glob_t *, size_t *)); 152static int globextend(const Char *, glob_t *, size_t *);
152static const Char * 153static const Char *
153 globtilde __P((const Char *, Char *, size_t, glob_t *)); 154 globtilde(const Char *, Char *, size_t, glob_t *);
154static int globexp1 __P((const Char *, glob_t *)); 155static int globexp1(const Char *, glob_t *);
155static int globexp2 __P((const Char *, const Char *, glob_t *, int *)); 156static int globexp2(const Char *, const Char *, glob_t *, int *);
156static int match __P((Char *, Char *, Char *)); 157static int match(Char *, Char *, Char *);
157#ifdef DEBUG 158#ifdef DEBUG
158static void qprintf __P((const char *, Char *)); 159static void qprintf(const char *, Char *);
159#endif 160#endif
160 161
161int 162int
162glob(pattern, flags, errfunc, pglob) 163glob(pattern, flags, errfunc, pglob)
163 const char *pattern; 164 const char *pattern;
164 int flags, (*errfunc) __P((const char *, int)); 165 int flags, (*errfunc)(const char *, int);
165 glob_t *pglob; 166 glob_t *pglob;
166{ 167{
167 const u_char *patnext; 168 const u_char *patnext;
@@ -676,7 +677,7 @@ glob3(pathbuf, pathbuf_last, pathend, pathend_last, pattern, pattern_last,
676 677
677 678
678/* 679/*
679 * Extend the gl_pathv member of a glob_t structure to accomodate a new item, 680 * Extend the gl_pathv member of a glob_t structure to accommodate a new item,
680 * add the new item, and update gl_pathc. 681 * add the new item, and update gl_pathc.
681 * 682 *
682 * This assumes the BSD realloc, which only copies the block when its size 683 * This assumes the BSD realloc, which only copies the block when its size
@@ -821,7 +822,7 @@ g_opendir(str, pglob)
821 char buf[MAXPATHLEN]; 822 char buf[MAXPATHLEN];
822 823
823 if (!*str) 824 if (!*str)
824 strcpy(buf, "."); 825 strlcpy(buf, ".", sizeof buf);
825 else { 826 else {
826 if (g_Ctoc(str, buf, sizeof(buf))) 827 if (g_Ctoc(str, buf, sizeof(buf)))
827 return(NULL); 828 return(NULL);
diff --git a/openbsd-compat/glob.h b/openbsd-compat/glob.h
index b4c8f7aaa..6421f7049 100644
--- a/openbsd-compat/glob.h
+++ b/openbsd-compat/glob.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: glob.h,v 1.5 2001/03/18 17:18:58 deraadt Exp $ */ 1/* $OpenBSD: glob.h,v 1.7 2002/02/17 19:42:21 millert Exp $ */
2/* $NetBSD: glob.h,v 1.5 1994/10/26 00:55:56 cgd Exp $ */ 2/* $NetBSD: glob.h,v 1.5 1994/10/26 00:55:56 cgd Exp $ */
3 3
4/* 4/*
@@ -53,18 +53,18 @@ typedef struct {
53 int gl_flags; /* Copy of flags parameter to glob. */ 53 int gl_flags; /* Copy of flags parameter to glob. */
54 char **gl_pathv; /* List of paths matching pattern. */ 54 char **gl_pathv; /* List of paths matching pattern. */
55 /* Copy of errfunc parameter to glob. */ 55 /* Copy of errfunc parameter to glob. */
56 int (*gl_errfunc) __P((const char *, int)); 56 int (*gl_errfunc)(const char *, int);
57 57
58 /* 58 /*
59 * Alternate filesystem access methods for glob; replacement 59 * Alternate filesystem access methods for glob; replacement
60 * versions of closedir(3), readdir(3), opendir(3), stat(2) 60 * versions of closedir(3), readdir(3), opendir(3), stat(2)
61 * and lstat(2). 61 * and lstat(2).
62 */ 62 */
63 void (*gl_closedir) __P((void *)); 63 void (*gl_closedir)(void *);
64 struct dirent *(*gl_readdir) __P((void *)); 64 struct dirent *(*gl_readdir)(void *);
65 void *(*gl_opendir) __P((const char *)); 65 void *(*gl_opendir)(const char *);
66 int (*gl_lstat) __P((const char *, struct stat *)); 66 int (*gl_lstat)(const char *, struct stat *);
67 int (*gl_stat) __P((const char *, struct stat *)); 67 int (*gl_stat)(const char *, struct stat *);
68} glob_t; 68} glob_t;
69 69
70/* Flags */ 70/* Flags */
@@ -91,8 +91,8 @@ typedef struct {
91#define GLOB_NOSYS (-4) /* Function not supported. */ 91#define GLOB_NOSYS (-4) /* Function not supported. */
92#define GLOB_ABEND GLOB_ABORTED 92#define GLOB_ABEND GLOB_ABORTED
93 93
94int glob __P((const char *, int, int (*)(const char *, int), glob_t *)); 94int glob(const char *, int, int (*)(const char *, int), glob_t *);
95void globfree __P((glob_t *)); 95void globfree(glob_t *);
96 96
97#endif /* !_GLOB_H_ */ 97#endif /* !_GLOB_H_ */
98 98
diff --git a/openbsd-compat/inet_ntoa.c b/openbsd-compat/inet_ntoa.c
index 8a8b3c846..ac5f56708 100644
--- a/openbsd-compat/inet_ntoa.c
+++ b/openbsd-compat/inet_ntoa.c
@@ -31,12 +31,12 @@
31 * SUCH DAMAGE. 31 * SUCH DAMAGE.
32 */ 32 */
33 33
34#include "config.h" 34#include "includes.h"
35 35
36#if defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA) 36#if defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA)
37 37
38#if defined(LIBC_SCCS) && !defined(lint) 38#if defined(LIBC_SCCS) && !defined(lint)
39static char rcsid[] = "$OpenBSD: inet_ntoa.c,v 1.2 1996/08/19 08:29:16 tholo Exp $"; 39static char rcsid[] = "$OpenBSD: inet_ntoa.c,v 1.3 2002/06/27 10:14:01 itojun Exp $";
40#endif /* LIBC_SCCS and not lint */ 40#endif /* LIBC_SCCS and not lint */
41 41
42/* 42/*
@@ -57,7 +57,7 @@ char *inet_ntoa(struct in_addr in)
57 p = (char *)&in; 57 p = (char *)&in;
58#define UC(b) (((int)b)&0xff) 58#define UC(b) (((int)b)&0xff)
59 (void)snprintf(b, sizeof(b), 59 (void)snprintf(b, sizeof(b),
60 "%d.%d.%d.%d", UC(p[0]), UC(p[1]), UC(p[2]), UC(p[3])); 60 "%u.%u.%u.%u", UC(p[0]), UC(p[1]), UC(p[2]), UC(p[3]));
61 return (b); 61 return (b);
62} 62}
63 63
diff --git a/openbsd-compat/inet_ntop.c b/openbsd-compat/inet_ntop.c
index 2b8d31f8d..3bea519af 100644
--- a/openbsd-compat/inet_ntop.c
+++ b/openbsd-compat/inet_ntop.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: inet_ntop.c,v 1.1 1997/03/13 19:07:32 downsj Exp $ */ 1/* $OpenBSD: inet_ntop.c,v 1.5 2002/08/23 16:27:31 itojun Exp $ */
2 2
3/* Copyright (c) 1996 by Internet Software Consortium. 3/* Copyright (c) 1996 by Internet Software Consortium.
4 * 4 *
@@ -16,7 +16,7 @@
16 * SOFTWARE. 16 * SOFTWARE.
17 */ 17 */
18 18
19#include "config.h" 19#include "includes.h"
20 20
21#ifndef HAVE_INET_NTOP 21#ifndef HAVE_INET_NTOP
22 22
@@ -24,7 +24,7 @@
24#if 0 24#if 0
25static char rcsid[] = "$From: inet_ntop.c,v 8.7 1996/08/05 08:41:18 vixie Exp $"; 25static char rcsid[] = "$From: inet_ntop.c,v 8.7 1996/08/05 08:41:18 vixie Exp $";
26#else 26#else
27static char rcsid[] = "$OpenBSD: inet_ntop.c,v 1.1 1997/03/13 19:07:32 downsj Exp $"; 27static char rcsid[] = "$OpenBSD: inet_ntop.c,v 1.5 2002/08/23 16:27:31 itojun Exp $";
28#endif 28#endif
29#endif /* LIBC_SCCS and not lint */ 29#endif /* LIBC_SCCS and not lint */
30 30
@@ -54,8 +54,8 @@ static char rcsid[] = "$OpenBSD: inet_ntop.c,v 1.1 1997/03/13 19:07:32 downsj Ex
54 * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX. 54 * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX.
55 */ 55 */
56 56
57static const char *inet_ntop4 __P((const u_char *src, char *dst, size_t size)); 57static const char *inet_ntop4(const u_char *src, char *dst, size_t size);
58static const char *inet_ntop6 __P((const u_char *src, char *dst, size_t size)); 58static const char *inet_ntop6(const u_char *src, char *dst, size_t size);
59 59
60/* char * 60/* char *
61 * inet_ntop(af, src, dst, size) 61 * inet_ntop(af, src, dst, size)
@@ -103,13 +103,14 @@ inet_ntop4(src, dst, size)
103{ 103{
104 static const char fmt[] = "%u.%u.%u.%u"; 104 static const char fmt[] = "%u.%u.%u.%u";
105 char tmp[sizeof "255.255.255.255"]; 105 char tmp[sizeof "255.255.255.255"];
106 int l;
106 107
107 if (snprintf(tmp, sizeof(tmp), fmt, src[0], src[1], src[2], 108 l = snprintf(tmp, size, fmt, src[0], src[1], src[2], src[3]);
108 src[3]) > size) { 109 if (l <= 0 || l >= size) {
109 errno = ENOSPC; 110 errno = ENOSPC;
110 return (NULL); 111 return (NULL);
111 } 112 }
112 strcpy(dst, tmp); 113 strlcpy(dst, tmp, size);
113 return (dst); 114 return (dst);
114} 115}
115 116
@@ -132,10 +133,12 @@ inet_ntop6(src, dst, size)
132 * Keep this in mind if you think this function should have been coded 133 * Keep this in mind if you think this function should have been coded
133 * to use pointer overlays. All the world's not a VAX. 134 * to use pointer overlays. All the world's not a VAX.
134 */ 135 */
135 char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"], *tp; 136 char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"];
137 char *tp, *ep;
136 struct { int base, len; } best, cur; 138 struct { int base, len; } best, cur;
137 u_int words[IN6ADDRSZ / INT16SZ]; 139 u_int words[IN6ADDRSZ / INT16SZ];
138 int i; 140 int i;
141 int advance;
139 142
140 /* 143 /*
141 * Preprocess: 144 * Preprocess:
@@ -172,31 +175,45 @@ inet_ntop6(src, dst, size)
172 * Format the result. 175 * Format the result.
173 */ 176 */
174 tp = tmp; 177 tp = tmp;
175 for (i = 0; i < (IN6ADDRSZ / INT16SZ); i++) { 178 ep = tmp + sizeof(tmp);
179 for (i = 0; i < (IN6ADDRSZ / INT16SZ) && tp < ep; i++) {
176 /* Are we inside the best run of 0x00's? */ 180 /* Are we inside the best run of 0x00's? */
177 if (best.base != -1 && i >= best.base && 181 if (best.base != -1 && i >= best.base &&
178 i < (best.base + best.len)) { 182 i < (best.base + best.len)) {
179 if (i == best.base) 183 if (i == best.base) {
184 if (tp + 1 >= ep)
185 return (NULL);
180 *tp++ = ':'; 186 *tp++ = ':';
187 }
181 continue; 188 continue;
182 } 189 }
183 /* Are we following an initial run of 0x00s or any real hex? */ 190 /* Are we following an initial run of 0x00s or any real hex? */
184 if (i != 0) 191 if (i != 0) {
192 if (tp + 1 >= ep)
193 return (NULL);
185 *tp++ = ':'; 194 *tp++ = ':';
195 }
186 /* Is this address an encapsulated IPv4? */ 196 /* Is this address an encapsulated IPv4? */
187 if (i == 6 && best.base == 0 && 197 if (i == 6 && best.base == 0 &&
188 (best.len == 6 || (best.len == 5 && words[5] == 0xffff))) { 198 (best.len == 6 || (best.len == 5 && words[5] == 0xffff))) {
189 if (!inet_ntop4(src+12, tp, sizeof tmp - (tp - tmp))) 199 if (!inet_ntop4(src+12, tp, (size_t)(ep - tp)))
190 return (NULL); 200 return (NULL);
191 tp += strlen(tp); 201 tp += strlen(tp);
192 break; 202 break;
193 } 203 }
194 snprintf(tp, sizeof(tmp - (tp - tmp)), "%x", words[i]); 204 advance = snprintf(tp, ep - tp, "%x", words[i]);
195 tp += strlen(tp); 205 if (advance <= 0 || advance >= ep - tp)
206 return (NULL);
207 tp += advance;
196 } 208 }
197 /* Was it a trailing run of 0x00's? */ 209 /* Was it a trailing run of 0x00's? */
198 if (best.base != -1 && (best.base + best.len) == (IN6ADDRSZ / INT16SZ)) 210 if (best.base != -1 && (best.base + best.len) == (IN6ADDRSZ / INT16SZ)) {
211 if (tp + 1 >= ep)
212 return (NULL);
199 *tp++ = ':'; 213 *tp++ = ':';
214 }
215 if (tp + 1 >= ep)
216 return (NULL);
200 *tp++ = '\0'; 217 *tp++ = '\0';
201 218
202 /* 219 /*
@@ -206,7 +223,7 @@ inet_ntop6(src, dst, size)
206 errno = ENOSPC; 223 errno = ENOSPC;
207 return (NULL); 224 return (NULL);
208 } 225 }
209 strcpy(dst, tmp); 226 strlcpy(dst, tmp, size);
210 return (dst); 227 return (dst);
211} 228}
212 229
diff --git a/openbsd-compat/mktemp.c b/openbsd-compat/mktemp.c
index d69dc5c24..d256ee448 100644
--- a/openbsd-compat/mktemp.c
+++ b/openbsd-compat/mktemp.c
@@ -39,7 +39,7 @@
39#ifndef HAVE_MKDTEMP 39#ifndef HAVE_MKDTEMP
40 40
41#if defined(LIBC_SCCS) && !defined(lint) 41#if defined(LIBC_SCCS) && !defined(lint)
42static char rcsid[] = "$OpenBSD: mktemp.c,v 1.14 2002/01/02 20:18:32 deraadt Exp $"; 42static char rcsid[] = "$OpenBSD: mktemp.c,v 1.16 2002/05/27 18:20:45 millert Exp $";
43#endif /* LIBC_SCCS and not lint */ 43#endif /* LIBC_SCCS and not lint */
44 44
45#ifdef HAVE_CYGWIN 45#ifdef HAVE_CYGWIN
@@ -102,11 +102,11 @@ _gettemp(path, doopen, domkdir, slen)
102 return (0); 102 return (0);
103 } 103 }
104 pid = getpid(); 104 pid = getpid();
105 while (*trv == 'X' && pid != 0) { 105 while (trv >= path && *trv == 'X' && pid != 0) {
106 *trv-- = (pid % 10) + '0'; 106 *trv-- = (pid % 10) + '0';
107 pid /= 10; 107 pid /= 10;
108 } 108 }
109 while (*trv == 'X') { 109 while (trv >= path && *trv == 'X') {
110 char c; 110 char c;
111 111
112 pid = (arc4random() & 0xffff) % (26+26); 112 pid = (arc4random() & 0xffff) % (26+26);
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h
index 11918443d..ae18afd34 100644
--- a/openbsd-compat/openbsd-compat.h
+++ b/openbsd-compat/openbsd-compat.h
@@ -1,4 +1,4 @@
1/* $Id: openbsd-compat.h,v 1.16 2002/02/19 20:27:57 mouring Exp $ */ 1/* $Id: openbsd-compat.h,v 1.17 2002/09/12 00:33:02 djm Exp $ */
2 2
3#ifndef _OPENBSD_H 3#ifndef _OPENBSD_H
4#define _OPENBSD_H 4#define _OPENBSD_H
@@ -29,6 +29,7 @@
29 29
30/* Home grown routines */ 30/* Home grown routines */
31#include "bsd-arc4random.h" 31#include "bsd-arc4random.h"
32#include "bsd-getpeereid.h"
32#include "bsd-misc.h" 33#include "bsd-misc.h"
33#include "bsd-snprintf.h" 34#include "bsd-snprintf.h"
34#include "bsd-waitpid.h" 35#include "bsd-waitpid.h"
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c
index ca0a88e69..4c96a3171 100644
--- a/openbsd-compat/port-aix.c
+++ b/openbsd-compat/port-aix.c
@@ -1,3 +1,28 @@
1/*
2 *
3 * Copyright (c) 2001 Gert Doering. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 *
25 */
1#include "includes.h" 26#include "includes.h"
2 27
3#ifdef _AIX 28#ifdef _AIX
@@ -6,21 +31,21 @@
6#include <../xmalloc.h> 31#include <../xmalloc.h>
7 32
8/* 33/*
9 * AIX has a "usrinfo" area where logname and 34 * AIX has a "usrinfo" area where logname and other stuff is stored -
10 * other stuff is stored - a few applications 35 * a few applications actually use this and die if it's not set
11 * actually use this and die if it's not set 36 *
37 * NOTE: TTY= should be set, but since no one uses it and it's hard to
38 * acquire due to privsep code. We will just drop support.
12 */ 39 */
13void 40void
14aix_usrinfo(struct passwd *pw, char *tty, int ttyfd) 41aix_usrinfo(struct passwd *pw)
15{ 42{
16 u_int i; 43 u_int i;
17 char *cp=NULL; 44 char *cp;
18 45
19 if (ttyfd == -1) 46 cp = xmalloc(16 + 2 * strlen(pw->pw_name));
20 tty[0] = '\0'; 47 i = sprintf(cp, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, 0,
21 cp = xmalloc(22 + strlen(tty) + 2 * strlen(pw->pw_name)); 48 pw->pw_name, 0);
22 i = sprintf(cp, "LOGNAME=%s%cNAME=%s%cTTY=%s%c%c", pw->pw_name, 0,
23 pw->pw_name, 0, tty, 0, 0);
24 if (usrinfo(SETUINFO, cp, i) == -1) 49 if (usrinfo(SETUINFO, cp, i) == -1)
25 fatal("Couldn't set usrinfo: %s", strerror(errno)); 50 fatal("Couldn't set usrinfo: %s", strerror(errno));
26 debug3("AIX/UsrInfo: set len %d", i); 51 debug3("AIX/UsrInfo: set len %d", i);
diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h
index e4d14f4ae..79570a206 100644
--- a/openbsd-compat/port-aix.h
+++ b/openbsd-compat/port-aix.h
@@ -1,5 +1,29 @@
1#ifdef _AIX 1/*
2 2 *
3void aix_usrinfo(struct passwd *pw, char *tty, int ttyfd); 3 * Copyright (c) 2001 Gert Doering. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 *
25 */
4 26
27#ifdef _AIX
28void aix_usrinfo(struct passwd *pw);
5#endif /* _AIX */ 29#endif /* _AIX */
diff --git a/openbsd-compat/readpassphrase.c b/openbsd-compat/readpassphrase.c
index 8c2f5f841..4e549b62b 100644
--- a/openbsd-compat/readpassphrase.c
+++ b/openbsd-compat/readpassphrase.c
@@ -1,7 +1,7 @@
1/* $OpenBSD: readpassphrase.c,v 1.12 2001/12/15 05:41:00 millert Exp $ */ 1/* $OpenBSD: readpassphrase.c,v 1.14 2002/06/28 01:43:58 millert Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Todd C. Miller <Todd.Miller@courtesan.com> 4 * Copyright (c) 2000-2002 Todd C. Miller <Todd.Miller@courtesan.com>
5 * All rights reserved. 5 * All rights reserved.
6 * 6 *
7 * Redistribution and use in source and binary forms, with or without 7 * Redistribution and use in source and binary forms, with or without
@@ -28,7 +28,7 @@
28 */ 28 */
29 29
30#if defined(LIBC_SCCS) && !defined(lint) 30#if defined(LIBC_SCCS) && !defined(lint)
31static const char rcsid[] = "$OpenBSD: readpassphrase.c,v 1.12 2001/12/15 05:41:00 millert Exp $"; 31static const char rcsid[] = "$OpenBSD: readpassphrase.c,v 1.14 2002/06/28 01:43:58 millert Exp $";
32#endif /* LIBC_SCCS and not lint */ 32#endif /* LIBC_SCCS and not lint */
33 33
34#include "includes.h" 34#include "includes.h"
@@ -60,8 +60,8 @@ readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
60 int input, output, save_errno; 60 int input, output, save_errno;
61 char ch, *p, *end; 61 char ch, *p, *end;
62 struct termios term, oterm; 62 struct termios term, oterm;
63 struct sigaction sa, saveint, savehup, savequit, saveterm; 63 struct sigaction sa, savealrm, saveint, savehup, savequit, saveterm;
64 struct sigaction savetstp, savettin, savettou; 64 struct sigaction savetstp, savettin, savettou, savepipe;
65 65
66 /* I suppose we could alloc on demand in this case (XXX). */ 66 /* I suppose we could alloc on demand in this case (XXX). */
67 if (bufsiz == 0) { 67 if (bufsiz == 0) {
@@ -70,11 +70,13 @@ readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
70 } 70 }
71 71
72restart: 72restart:
73 signo = 0;
73 /* 74 /*
74 * Read and write to /dev/tty if available. If not, read from 75 * Read and write to /dev/tty if available. If not, read from
75 * stdin and write to stderr unless a tty is required. 76 * stdin and write to stderr unless a tty is required.
76 */ 77 */
77 if ((input = output = open(_PATH_TTY, O_RDWR)) == -1) { 78 if ((flags & RPP_STDIN) ||
79 (input = output = open(_PATH_TTY, O_RDWR)) == -1) {
78 if (flags & RPP_REQUIRE_TTY) { 80 if (flags & RPP_REQUIRE_TTY) {
79 errno = ENOTTY; 81 errno = ENOTTY;
80 return(NULL); 82 return(NULL);
@@ -86,13 +88,15 @@ restart:
86 /* 88 /*
87 * Catch signals that would otherwise cause the user to end 89 * Catch signals that would otherwise cause the user to end
88 * up with echo turned off in the shell. Don't worry about 90 * up with echo turned off in the shell. Don't worry about
89 * things like SIGALRM and SIGPIPE for now. 91 * things like SIGXCPU and SIGVTALRM for now.
90 */ 92 */
91 sigemptyset(&sa.sa_mask); 93 sigemptyset(&sa.sa_mask);
92 sa.sa_flags = 0; /* don't restart system calls */ 94 sa.sa_flags = 0; /* don't restart system calls */
93 sa.sa_handler = handler; 95 sa.sa_handler = handler;
94 (void)sigaction(SIGINT, &sa, &saveint); 96 (void)sigaction(SIGALRM, &sa, &savealrm);
95 (void)sigaction(SIGHUP, &sa, &savehup); 97 (void)sigaction(SIGHUP, &sa, &savehup);
98 (void)sigaction(SIGINT, &sa, &saveint);
99 (void)sigaction(SIGPIPE, &sa, &savepipe);
96 (void)sigaction(SIGQUIT, &sa, &savequit); 100 (void)sigaction(SIGQUIT, &sa, &savequit);
97 (void)sigaction(SIGTERM, &sa, &saveterm); 101 (void)sigaction(SIGTERM, &sa, &saveterm);
98 (void)sigaction(SIGTSTP, &sa, &savetstp); 102 (void)sigaction(SIGTSTP, &sa, &savetstp);
@@ -100,7 +104,7 @@ restart:
100 (void)sigaction(SIGTTOU, &sa, &savettou); 104 (void)sigaction(SIGTTOU, &sa, &savettou);
101 105
102 /* Turn off echo if possible. */ 106 /* Turn off echo if possible. */
103 if (tcgetattr(input, &oterm) == 0) { 107 if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) {
104 memcpy(&term, &oterm, sizeof(term)); 108 memcpy(&term, &oterm, sizeof(term));
105 if (!(flags & RPP_ECHO_ON)) 109 if (!(flags & RPP_ECHO_ON))
106 term.c_lflag &= ~(ECHO | ECHONL); 110 term.c_lflag &= ~(ECHO | ECHONL);
@@ -111,10 +115,13 @@ restart:
111 (void)tcsetattr(input, _T_FLUSH, &term); 115 (void)tcsetattr(input, _T_FLUSH, &term);
112 } else { 116 } else {
113 memset(&term, 0, sizeof(term)); 117 memset(&term, 0, sizeof(term));
118 term.c_lflag |= ECHO;
114 memset(&oterm, 0, sizeof(oterm)); 119 memset(&oterm, 0, sizeof(oterm));
120 oterm.c_lflag |= ECHO;
115 } 121 }
116 122
117 (void)write(output, prompt, strlen(prompt)); 123 if (!(flags & RPP_STDIN))
124 (void)write(output, prompt, strlen(prompt));
118 end = buf + bufsiz - 1; 125 end = buf + bufsiz - 1;
119 for (p = buf; (nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r';) { 126 for (p = buf; (nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r';) {
120 if (p < end) { 127 if (p < end) {
@@ -137,13 +144,14 @@ restart:
137 /* Restore old terminal settings and signals. */ 144 /* Restore old terminal settings and signals. */
138 if (memcmp(&term, &oterm, sizeof(term)) != 0) 145 if (memcmp(&term, &oterm, sizeof(term)) != 0)
139 (void)tcsetattr(input, _T_FLUSH, &oterm); 146 (void)tcsetattr(input, _T_FLUSH, &oterm);
140 (void)sigaction(SIGINT, &saveint, NULL); 147 (void)sigaction(SIGALRM, &savealrm, NULL);
141 (void)sigaction(SIGHUP, &savehup, NULL); 148 (void)sigaction(SIGHUP, &savehup, NULL);
149 (void)sigaction(SIGINT, &saveint, NULL);
142 (void)sigaction(SIGQUIT, &savequit, NULL); 150 (void)sigaction(SIGQUIT, &savequit, NULL);
151 (void)sigaction(SIGPIPE, &savepipe, NULL);
143 (void)sigaction(SIGTERM, &saveterm, NULL); 152 (void)sigaction(SIGTERM, &saveterm, NULL);
144 (void)sigaction(SIGTSTP, &savetstp, NULL); 153 (void)sigaction(SIGTSTP, &savetstp, NULL);
145 (void)sigaction(SIGTTIN, &savettin, NULL); 154 (void)sigaction(SIGTTIN, &savettin, NULL);
146 (void)sigaction(SIGTTOU, &savettou, NULL);
147 if (input != STDIN_FILENO) 155 if (input != STDIN_FILENO)
148 (void)close(input); 156 (void)close(input);
149 157
@@ -152,12 +160,11 @@ restart:
152 * now that we have restored the signal handlers. 160 * now that we have restored the signal handlers.
153 */ 161 */
154 if (signo) { 162 if (signo) {
155 kill(getpid(), signo); 163 kill(getpid(), signo);
156 switch (signo) { 164 switch (signo) {
157 case SIGTSTP: 165 case SIGTSTP:
158 case SIGTTIN: 166 case SIGTTIN:
159 case SIGTTOU: 167 case SIGTTOU:
160 signo = 0;
161 goto restart; 168 goto restart;
162 } 169 }
163 } 170 }
diff --git a/openbsd-compat/readpassphrase.h b/openbsd-compat/readpassphrase.h
index 9077b6e08..92908a489 100644
--- a/openbsd-compat/readpassphrase.h
+++ b/openbsd-compat/readpassphrase.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: readpassphrase.h,v 1.1 2000/11/21 00:48:38 millert Exp $ */ 1/* $OpenBSD: readpassphrase.h,v 1.3 2002/06/28 12:32:22 millert Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Todd C. Miller <Todd.Miller@courtesan.com> 4 * Copyright (c) 2000 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -40,8 +40,9 @@
40#define RPP_FORCELOWER 0x04 /* Force input to lower case. */ 40#define RPP_FORCELOWER 0x04 /* Force input to lower case. */
41#define RPP_FORCEUPPER 0x08 /* Force input to upper case. */ 41#define RPP_FORCEUPPER 0x08 /* Force input to upper case. */
42#define RPP_SEVENBIT 0x10 /* Strip the high bit from input. */ 42#define RPP_SEVENBIT 0x10 /* Strip the high bit from input. */
43#define RPP_STDIN 0x20 /* Read from stdin, not /dev/tty */
43 44
44char *readpassphrase(const char *, char *, size_t, int); 45char * readpassphrase(const char *, char *, size_t, int);
45 46
46#endif /* HAVE_READPASSPHRASE */ 47#endif /* HAVE_READPASSPHRASE */
47 48
diff --git a/openbsd-compat/realpath.c b/openbsd-compat/realpath.c
index b4a05db95..b9035ca22 100644
--- a/openbsd-compat/realpath.c
+++ b/openbsd-compat/realpath.c
@@ -32,7 +32,7 @@
32#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) 32#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH)
33 33
34#if defined(LIBC_SCCS) && !defined(lint) 34#if defined(LIBC_SCCS) && !defined(lint)
35static char *rcsid = "$OpenBSD: realpath.c,v 1.6 2002/01/12 16:24:35 millert Exp $"; 35static char *rcsid = "$OpenBSD: realpath.c,v 1.7 2002/05/24 21:22:37 deraadt Exp $";
36#endif /* LIBC_SCCS and not lint */ 36#endif /* LIBC_SCCS and not lint */
37 37
38#include <sys/param.h> 38#include <sys/param.h>
@@ -69,7 +69,7 @@ realpath(const char *path, char *resolved)
69 /* Save the starting point. */ 69 /* Save the starting point. */
70 getcwd(start,MAXPATHLEN); 70 getcwd(start,MAXPATHLEN);
71 if ((fd = open(".", O_RDONLY)) < 0) { 71 if ((fd = open(".", O_RDONLY)) < 0) {
72 (void)strcpy(resolved, "."); 72 (void)strlcpy(resolved, ".", MAXPATHLEN);
73 return (NULL); 73 return (NULL);
74 } 74 }
75 close(fd); 75 close(fd);
@@ -129,7 +129,7 @@ loop:
129 * Save the last component name and get the full pathname of 129 * Save the last component name and get the full pathname of
130 * the current directory. 130 * the current directory.
131 */ 131 */
132 (void)strcpy(wbuf, p); 132 (void)strlcpy(wbuf, p, sizeof wbuf);
133 if (getcwd(resolved, MAXPATHLEN) == 0) 133 if (getcwd(resolved, MAXPATHLEN) == 0)
134 goto err1; 134 goto err1;
135 135
diff --git a/openbsd-compat/rresvport.c b/openbsd-compat/rresvport.c
index 44eac2036..9f058961d 100644
--- a/openbsd-compat/rresvport.c
+++ b/openbsd-compat/rresvport.c
@@ -33,7 +33,7 @@
33 * SUCH DAMAGE. 33 * SUCH DAMAGE.
34 */ 34 */
35 35
36#include "config.h" 36#include "includes.h"
37 37
38#ifndef HAVE_RRESVPORT_AF 38#ifndef HAVE_RRESVPORT_AF
39 39
diff --git a/openbsd-compat/setenv.c b/openbsd-compat/setenv.c
index 6c2d5cd31..1dff15c73 100644
--- a/openbsd-compat/setenv.c
+++ b/openbsd-compat/setenv.c
@@ -31,7 +31,7 @@
31 * SUCH DAMAGE. 31 * SUCH DAMAGE.
32 */ 32 */
33 33
34#include "config.h" 34#include "includes.h"
35#ifndef HAVE_SETENV 35#ifndef HAVE_SETENV
36 36
37#if defined(LIBC_SCCS) && !defined(lint) 37#if defined(LIBC_SCCS) && !defined(lint)
diff --git a/openbsd-compat/sigact.c b/openbsd-compat/sigact.c
index 806eb02b6..35fbab0eb 100644
--- a/openbsd-compat/sigact.c
+++ b/openbsd-compat/sigact.c
@@ -33,7 +33,7 @@
33 * and: Eric S. Raymond <esr@snark.thyrsus.com> * 33 * and: Eric S. Raymond <esr@snark.thyrsus.com> *
34 ****************************************************************************/ 34 ****************************************************************************/
35 35
36#include "config.h" 36#include "includes.h"
37#include <signal.h> 37#include <signal.h>
38#include "sigact.h" 38#include "sigact.h"
39 39
diff --git a/openbsd-compat/strlcat.c b/openbsd-compat/strlcat.c
index 6ff65c19b..3a9b5d1a7 100644
--- a/openbsd-compat/strlcat.c
+++ b/openbsd-compat/strlcat.c
@@ -27,7 +27,7 @@
27 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */ 28 */
29 29
30#include "config.h" 30#include "includes.h"
31#ifndef HAVE_STRLCAT 31#ifndef HAVE_STRLCAT
32 32
33#if defined(LIBC_SCCS) && !defined(lint) 33#if defined(LIBC_SCCS) && !defined(lint)
diff --git a/openbsd-compat/strlcpy.c b/openbsd-compat/strlcpy.c
index b5e5a552e..2f87eca44 100644
--- a/openbsd-compat/strlcpy.c
+++ b/openbsd-compat/strlcpy.c
@@ -27,7 +27,7 @@
27 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */ 28 */
29 29
30#include "config.h" 30#include "includes.h"
31#ifndef HAVE_STRLCPY 31#ifndef HAVE_STRLCPY
32 32
33#if defined(LIBC_SCCS) && !defined(lint) 33#if defined(LIBC_SCCS) && !defined(lint)
diff --git a/openbsd-compat/strsep.c b/openbsd-compat/strsep.c
index c03649cff..d0afc44ae 100644
--- a/openbsd-compat/strsep.c
+++ b/openbsd-compat/strsep.c
@@ -33,7 +33,7 @@
33 * SUCH DAMAGE. 33 * SUCH DAMAGE.
34 */ 34 */
35 35
36#include "config.h" 36#include "includes.h"
37 37
38#if !defined(HAVE_STRSEP) 38#if !defined(HAVE_STRSEP)
39 39
diff --git a/openbsd-compat/fake-queue.h b/openbsd-compat/sys-queue.h
index 176fe3174..176fe3174 100644
--- a/openbsd-compat/fake-queue.h
+++ b/openbsd-compat/sys-queue.h
diff --git a/openbsd-compat/tree.h b/openbsd-compat/sys-tree.h
index 30b4a8561..0a58710c9 100644
--- a/openbsd-compat/tree.h
+++ b/openbsd-compat/sys-tree.h
@@ -1,3 +1,4 @@
1/* $OpenBSD: tree.h,v 1.6 2002/06/11 22:09:52 provos Exp $ */
1/* 2/*
2 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
3 * All rights reserved. 4 * All rights reserved.
@@ -113,8 +114,47 @@ struct { \
113#define SPLAY_PROTOTYPE(name, type, field, cmp) \ 114#define SPLAY_PROTOTYPE(name, type, field, cmp) \
114void name##_SPLAY(struct name *, struct type *); \ 115void name##_SPLAY(struct name *, struct type *); \
115void name##_SPLAY_MINMAX(struct name *, int); \ 116void name##_SPLAY_MINMAX(struct name *, int); \
117struct type *name##_SPLAY_INSERT(struct name *, struct type *); \
118struct type *name##_SPLAY_REMOVE(struct name *, struct type *); \
116 \ 119 \
117static __inline void \ 120/* Finds the node with the same key as elm */ \
121static __inline struct type * \
122name##_SPLAY_FIND(struct name *head, struct type *elm) \
123{ \
124 if (SPLAY_EMPTY(head)) \
125 return(NULL); \
126 name##_SPLAY(head, elm); \
127 if ((cmp)(elm, (head)->sph_root) == 0) \
128 return (head->sph_root); \
129 return (NULL); \
130} \
131 \
132static __inline struct type * \
133name##_SPLAY_NEXT(struct name *head, struct type *elm) \
134{ \
135 name##_SPLAY(head, elm); \
136 if (SPLAY_RIGHT(elm, field) != NULL) { \
137 elm = SPLAY_RIGHT(elm, field); \
138 while (SPLAY_LEFT(elm, field) != NULL) { \
139 elm = SPLAY_LEFT(elm, field); \
140 } \
141 } else \
142 elm = NULL; \
143 return (elm); \
144} \
145 \
146static __inline struct type * \
147name##_SPLAY_MIN_MAX(struct name *head, int val) \
148{ \
149 name##_SPLAY_MINMAX(head, val); \
150 return (SPLAY_ROOT(head)); \
151}
152
153/* Main splay operation.
154 * Moves node close to the key of elm to top
155 */
156#define SPLAY_GENERATE(name, type, field, cmp) \
157struct type * \
118name##_SPLAY_INSERT(struct name *head, struct type *elm) \ 158name##_SPLAY_INSERT(struct name *head, struct type *elm) \
119{ \ 159{ \
120 if (SPLAY_EMPTY(head)) { \ 160 if (SPLAY_EMPTY(head)) { \
@@ -132,17 +172,18 @@ name##_SPLAY_INSERT(struct name *head, struct type *elm) \
132 SPLAY_LEFT(elm, field) = (head)->sph_root; \ 172 SPLAY_LEFT(elm, field) = (head)->sph_root; \
133 SPLAY_RIGHT((head)->sph_root, field) = NULL; \ 173 SPLAY_RIGHT((head)->sph_root, field) = NULL; \
134 } else \ 174 } else \
135 return; \ 175 return ((head)->sph_root); \
136 } \ 176 } \
137 (head)->sph_root = (elm); \ 177 (head)->sph_root = (elm); \
178 return (NULL); \
138} \ 179} \
139 \ 180 \
140static __inline void \ 181struct type * \
141name##_SPLAY_REMOVE(struct name *head, struct type *elm) \ 182name##_SPLAY_REMOVE(struct name *head, struct type *elm) \
142{ \ 183{ \
143 struct type *__tmp; \ 184 struct type *__tmp; \
144 if (SPLAY_EMPTY(head)) \ 185 if (SPLAY_EMPTY(head)) \
145 return; \ 186 return (NULL); \
146 name##_SPLAY(head, elm); \ 187 name##_SPLAY(head, elm); \
147 if ((cmp)(elm, (head)->sph_root) == 0) { \ 188 if ((cmp)(elm, (head)->sph_root) == 0) { \
148 if (SPLAY_LEFT((head)->sph_root, field) == NULL) { \ 189 if (SPLAY_LEFT((head)->sph_root, field) == NULL) { \
@@ -153,47 +194,13 @@ name##_SPLAY_REMOVE(struct name *head, struct type *elm) \
153 name##_SPLAY(head, elm); \ 194 name##_SPLAY(head, elm); \
154 SPLAY_RIGHT((head)->sph_root, field) = __tmp; \ 195 SPLAY_RIGHT((head)->sph_root, field) = __tmp; \
155 } \ 196 } \
197 return (elm); \
156 } \ 198 } \
157} \
158 \
159/* Finds the node with the same key as elm */ \
160static __inline struct type * \
161name##_SPLAY_FIND(struct name *head, struct type *elm) \
162{ \
163 if (SPLAY_EMPTY(head)) \
164 return(NULL); \
165 name##_SPLAY(head, elm); \
166 if ((cmp)(elm, (head)->sph_root) == 0) \
167 return (head->sph_root); \
168 return (NULL); \ 199 return (NULL); \
169} \ 200} \
170 \ 201 \
171static __inline struct type * \ 202void \
172name##_SPLAY_NEXT(struct name *head, struct type *elm) \ 203name##_SPLAY(struct name *head, struct type *elm) \
173{ \
174 name##_SPLAY(head, elm); \
175 if (SPLAY_RIGHT(elm, field) != NULL) { \
176 elm = SPLAY_RIGHT(elm, field); \
177 while (SPLAY_LEFT(elm, field) != NULL) { \
178 elm = SPLAY_LEFT(elm, field); \
179 } \
180 } else \
181 elm = NULL; \
182 return (elm); \
183} \
184 \
185static __inline struct type * \
186name##_SPLAY_MIN_MAX(struct name *head, int val) \
187{ \
188 name##_SPLAY_MINMAX(head, val); \
189 return (SPLAY_ROOT(head)); \
190}
191
192/* Main splay operation.
193 * Moves node close to the key of elm to top
194 */
195#define SPLAY_GENERATE(name, type, field, cmp) \
196void name##_SPLAY(struct name *head, struct type *elm) \
197{ \ 204{ \
198 struct type __node, *__left, *__right, *__tmp; \ 205 struct type __node, *__left, *__right, *__tmp; \
199 int __comp; \ 206 int __comp; \
@@ -367,7 +374,7 @@ struct { \
367#define RB_PROTOTYPE(name, type, field, cmp) \ 374#define RB_PROTOTYPE(name, type, field, cmp) \
368void name##_RB_INSERT_COLOR(struct name *, struct type *); \ 375void name##_RB_INSERT_COLOR(struct name *, struct type *); \
369void name##_RB_REMOVE_COLOR(struct name *, struct type *, struct type *);\ 376void name##_RB_REMOVE_COLOR(struct name *, struct type *, struct type *);\
370void name##_RB_REMOVE(struct name *, struct type *); \ 377struct type *name##_RB_REMOVE(struct name *, struct type *); \
371struct type *name##_RB_INSERT(struct name *, struct type *); \ 378struct type *name##_RB_INSERT(struct name *, struct type *); \
372struct type *name##_RB_FIND(struct name *, struct type *); \ 379struct type *name##_RB_FIND(struct name *, struct type *); \
373struct type *name##_RB_NEXT(struct name *, struct type *); \ 380struct type *name##_RB_NEXT(struct name *, struct type *); \
@@ -498,17 +505,17 @@ name##_RB_REMOVE_COLOR(struct name *head, struct type *parent, struct type *elm)
498 RB_COLOR(elm, field) = RB_BLACK; \ 505 RB_COLOR(elm, field) = RB_BLACK; \
499} \ 506} \
500 \ 507 \
501void \ 508struct type * \
502name##_RB_REMOVE(struct name *head, struct type *elm) \ 509name##_RB_REMOVE(struct name *head, struct type *elm) \
503{ \ 510{ \
504 struct type *child, *parent; \ 511 struct type *child, *parent, *old = elm; \
505 int color; \ 512 int color; \
506 if (RB_LEFT(elm, field) == NULL) \ 513 if (RB_LEFT(elm, field) == NULL) \
507 child = RB_RIGHT(elm, field); \ 514 child = RB_RIGHT(elm, field); \
508 else if (RB_RIGHT(elm, field) == NULL) \ 515 else if (RB_RIGHT(elm, field) == NULL) \
509 child = RB_LEFT(elm, field); \ 516 child = RB_LEFT(elm, field); \
510 else { \ 517 else { \
511 struct type *old = elm, *left; \ 518 struct type *left; \
512 elm = RB_RIGHT(elm, field); \ 519 elm = RB_RIGHT(elm, field); \
513 while ((left = RB_LEFT(elm, field))) \ 520 while ((left = RB_LEFT(elm, field))) \
514 elm = left; \ 521 elm = left; \
@@ -562,6 +569,7 @@ name##_RB_REMOVE(struct name *head, struct type *elm) \
562color: \ 569color: \
563 if (color == RB_BLACK) \ 570 if (color == RB_BLACK) \
564 name##_RB_REMOVE_COLOR(head, parent, child); \ 571 name##_RB_REMOVE_COLOR(head, parent, child); \
572 return (old); \
565} \ 573} \
566 \ 574 \
567/* Inserts a node into the RB tree */ \ 575/* Inserts a node into the RB tree */ \
diff --git a/openbsd-compat/xmmap.c b/openbsd-compat/xmmap.c
new file mode 100644
index 000000000..8f1d2022c
--- /dev/null
+++ b/openbsd-compat/xmmap.c
@@ -0,0 +1,67 @@
1/*
2 * Redistribution and use in source and binary forms, with or without
3 * modification, are permitted provided that the following conditions
4 * are met:
5 * 1. Redistributions of source code must retain the above copyright
6 * notice, this list of conditions and the following disclaimer.
7 * 2. Redistributions in binary form must reproduce the above copyright
8 * notice, this list of conditions and the following disclaimer in the
9 * documentation and/or other materials provided with the distribution.
10 *
11 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
12 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
13 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
14 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
15 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
16 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
17 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
18 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
19 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
20 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
21 */
22
23#include "includes.h"
24
25#ifdef HAVE_SYS_MMAN_H
26#include <sys/mman.h>
27#endif
28
29#include "log.h"
30
31void *xmmap(size_t size)
32{
33 void *address;
34
35#ifdef HAVE_MMAP
36# ifdef MAP_ANON
37 address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED,
38 -1, 0);
39# else
40 address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_SHARED,
41 open("/dev/zero", O_RDWR), 0);
42# endif
43
44#define MM_SWAP_TEMPLATE "/var/run/sshd.mm.XXXXXXXX"
45 if (address == MAP_FAILED) {
46 char tmpname[sizeof(MM_SWAP_TEMPLATE)] = MM_SWAP_TEMPLATE;
47 int tmpfd;
48
49 tmpfd = mkstemp(tmpname);
50 if (tmpfd == -1)
51 fatal("mkstemp(\"%s\"): %s",
52 MM_SWAP_TEMPLATE, strerror(errno));
53 unlink(tmpname);
54 ftruncate(tmpfd, size);
55 address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_SHARED,
56 tmpfd, 0);
57 close(tmpfd);
58 }
59
60 return (address);
61#else
62 fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported",
63 __func__);
64#endif /* HAVE_MMAP */
65
66}
67
diff --git a/openbsd-compat/xmmap.h b/openbsd-compat/xmmap.h
new file mode 100644
index 000000000..c0fa04aca
--- /dev/null
+++ b/openbsd-compat/xmmap.h
@@ -0,0 +1,23 @@
1/*
2 * Redistribution and use in source and binary forms, with or without
3 * modification, are permitted provided that the following conditions
4 * are met:
5 * 1. Redistributions of source code must retain the above copyright
6 * notice, this list of conditions and the following disclaimer.
7 * 2. Redistributions in binary form must reproduce the above copyright
8 * notice, this list of conditions and the following disclaimer in the
9 * documentation and/or other materials provided with the distribution.
10 *
11 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
12 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
13 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
14 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
15 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
16 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
17 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
18 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
19 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
20 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
21 */
22
23void *xmmap(size_t size);
diff --git a/packet.c b/packet.c
index 273ffea58..dbd3791d2 100644
--- a/packet.c
+++ b/packet.c
@@ -37,7 +37,7 @@
37 */ 37 */
38 38
39#include "includes.h" 39#include "includes.h"
40RCSID("$OpenBSD: packet.c,v 1.96 2002/06/23 21:10:02 deraadt Exp $"); 40RCSID("$OpenBSD: packet.c,v 1.97 2002/07/04 08:12:15 deraadt Exp $");
41 41
42#include "xmalloc.h" 42#include "xmalloc.h"
43#include "buffer.h" 43#include "buffer.h"
@@ -136,6 +136,7 @@ void
136packet_set_connection(int fd_in, int fd_out, int new_setup_timeout) 136packet_set_connection(int fd_in, int fd_out, int new_setup_timeout)
137{ 137{
138 Cipher *none = cipher_by_name("none"); 138 Cipher *none = cipher_by_name("none");
139
139 if (none == NULL) 140 if (none == NULL)
140 fatal("packet_set_connection: cannot load cipher 'none'"); 141 fatal("packet_set_connection: cannot load cipher 'none'");
141 connection_in = fd_in; 142 connection_in = fd_in;
@@ -405,6 +406,7 @@ packet_set_encryption_key(const u_char *key, u_int keylen,
405 int number) 406 int number)
406{ 407{
407 Cipher *cipher = cipher_by_number(number); 408 Cipher *cipher = cipher_by_number(number);
409
408 if (cipher == NULL) 410 if (cipher == NULL)
409 fatal("packet_set_encryption_key: unknown cipher number %d", number); 411 fatal("packet_set_encryption_key: unknown cipher number %d", number);
410 if (keylen < 20) 412 if (keylen < 20)
@@ -446,6 +448,7 @@ void
446packet_put_char(int value) 448packet_put_char(int value)
447{ 449{
448 char ch = value; 450 char ch = value;
451
449 buffer_append(&outgoing_packet, &ch, 1); 452 buffer_append(&outgoing_packet, &ch, 1);
450} 453}
451void 454void
@@ -1008,7 +1011,8 @@ packet_read_poll2(u_int32_t *seqnr_p)
1008 buffer_clear(&incoming_packet); 1011 buffer_clear(&incoming_packet);
1009 buffer_append(&incoming_packet, buffer_ptr(&compression_buffer), 1012 buffer_append(&incoming_packet, buffer_ptr(&compression_buffer),
1010 buffer_len(&compression_buffer)); 1013 buffer_len(&compression_buffer));
1011 DBG(debug("input: len after de-compress %d", buffer_len(&incoming_packet))); 1014 DBG(debug("input: len after de-compress %d",
1015 buffer_len(&incoming_packet)));
1012 } 1016 }
1013 /* 1017 /*
1014 * get packet type, implies consume. 1018 * get packet type, implies consume.
@@ -1116,6 +1120,7 @@ u_int
1116packet_get_char(void) 1120packet_get_char(void)
1117{ 1121{
1118 char ch; 1122 char ch;
1123
1119 buffer_get(&incoming_packet, &ch, 1); 1124 buffer_get(&incoming_packet, &ch, 1);
1120 return (u_char) ch; 1125 return (u_char) ch;
1121} 1126}
@@ -1149,6 +1154,7 @@ void *
1149packet_get_raw(int *length_ptr) 1154packet_get_raw(int *length_ptr)
1150{ 1155{
1151 int bytes = buffer_len(&incoming_packet); 1156 int bytes = buffer_len(&incoming_packet);
1157
1152 if (length_ptr != NULL) 1158 if (length_ptr != NULL)
1153 *length_ptr = bytes; 1159 *length_ptr = bytes;
1154 return buffer_ptr(&incoming_packet); 1160 return buffer_ptr(&incoming_packet);
@@ -1221,6 +1227,7 @@ packet_disconnect(const char *fmt,...)
1221 char buf[1024]; 1227 char buf[1024];
1222 va_list args; 1228 va_list args;
1223 static int disconnecting = 0; 1229 static int disconnecting = 0;
1230
1224 if (disconnecting) /* Guard against recursive invocations. */ 1231 if (disconnecting) /* Guard against recursive invocations. */
1225 fatal("packet_disconnect called recursively."); 1232 fatal("packet_disconnect called recursively.");
1226 disconnecting = 1; 1233 disconnecting = 1;
@@ -1263,6 +1270,7 @@ void
1263packet_write_poll(void) 1270packet_write_poll(void)
1264{ 1271{
1265 int len = buffer_len(&output); 1272 int len = buffer_len(&output);
1273
1266 if (len > 0) { 1274 if (len > 0) {
1267 len = write(connection_out, buffer_ptr(&output), len); 1275 len = write(connection_out, buffer_ptr(&output), len);
1268 if (len <= 0) { 1276 if (len <= 0) {
@@ -1382,6 +1390,7 @@ int
1382packet_set_maxsize(int s) 1390packet_set_maxsize(int s)
1383{ 1391{
1384 static int called = 0; 1392 static int called = 0;
1393
1385 if (called) { 1394 if (called) {
1386 log("packet_set_maxsize: called twice: old %d new %d", 1395 log("packet_set_maxsize: called twice: old %d new %d",
1387 max_packet_size, s); 1396 max_packet_size, s);
diff --git a/radix.c b/radix.c
index 580e7e07f..c680d6bf3 100644
--- a/radix.c
+++ b/radix.c
@@ -26,7 +26,7 @@
26#include "includes.h" 26#include "includes.h"
27#include "uuencode.h" 27#include "uuencode.h"
28 28
29RCSID("$OpenBSD: radix.c,v 1.21 2002/06/19 00:27:55 deraadt Exp $"); 29RCSID("$OpenBSD: radix.c,v 1.22 2002/09/09 14:54:15 markus Exp $");
30 30
31#ifdef AFS 31#ifdef AFS
32#include <krb.h> 32#include <krb.h>
@@ -93,9 +93,10 @@ int
93radix_to_creds(const char *buf, CREDENTIALS *creds) 93radix_to_creds(const char *buf, CREDENTIALS *creds)
94{ 94{
95 Buffer b; 95 Buffer b;
96 char c, version, *space, *p; 96 u_char *space;
97 u_int endTime; 97 char c, version, *p;
98 int len, blen, ret; 98 u_int endTime, len;
99 int blen, ret;
99 100
100 ret = 0; 101 ret = 0;
101 blen = strlen(buf); 102 blen = strlen(buf);
diff --git a/readconf.c b/readconf.c
index 399855bd4..097d4082d 100644
--- a/readconf.c
+++ b/readconf.c
@@ -204,7 +204,7 @@ add_local_forward(Options *options, u_short port, const char *host,
204 u_short host_port) 204 u_short host_port)
205{ 205{
206 Forward *fwd; 206 Forward *fwd;
207#ifndef HAVE_CYGWIN 207#ifndef NO_IPPORT_RESERVED_CONCEPT
208 extern uid_t original_real_uid; 208 extern uid_t original_real_uid;
209 if (port < IPPORT_RESERVED && original_real_uid != 0) 209 if (port < IPPORT_RESERVED && original_real_uid != 0)
210 fatal("Privileged ports can only be forwarded by root."); 210 fatal("Privileged ports can only be forwarded by root.");
diff --git a/rijndael.c b/rijndael.c
index 448048ea6..6965ca3b0 100644
--- a/rijndael.c
+++ b/rijndael.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rijndael.c,v 1.13 2001/12/19 07:18:56 deraadt Exp $ */ 1/* $OpenBSD: rijndael.c,v 1.14 2002/07/10 17:53:54 deraadt Exp $ */
2 2
3/** 3/**
4 * rijndael-alg-fst.c 4 * rijndael-alg-fst.c
@@ -1226,7 +1226,7 @@ rijndael_set_key(rijndael_ctx *ctx, u_char *key, int bits, int encrypt)
1226 memset(ctx->dk, 0, sizeof(ctx->dk)); 1226 memset(ctx->dk, 0, sizeof(ctx->dk));
1227 } else { 1227 } else {
1228 ctx->decrypt = 1; 1228 ctx->decrypt = 1;
1229 memcpy(ctx->dk, ctx->ek, sizeof(ctx->ek)); 1229 memcpy(ctx->dk, ctx->ek, sizeof(ctx->dk));
1230 rijndaelKeySetupDec(ctx->dk, key, bits, ctx->Nr); 1230 rijndaelKeySetupDec(ctx->dk, key, bits, ctx->Nr);
1231 } 1231 }
1232} 1232}
diff --git a/scard.h b/scard.h
index c0aa9ed30..00999cb09 100644
--- a/scard.h
+++ b/scard.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: scard.h,v 1.10 2002/03/25 17:34:27 markus Exp $ */ 1/* $OpenBSD: scard.h,v 1.11 2002/06/30 21:59:45 deraadt Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -33,8 +33,8 @@
33#define SCARD_ERROR_NOCARD -2 33#define SCARD_ERROR_NOCARD -2
34#define SCARD_ERROR_APPLET -3 34#define SCARD_ERROR_APPLET -3
35 35
36Key **sc_get_keys(const char*, const char*); 36Key **sc_get_keys(const char *, const char *);
37void sc_close(void); 37void sc_close(void);
38int sc_put_key(Key *, const char*); 38int sc_put_key(Key *, const char *);
39 39
40#endif 40#endif
diff --git a/servconf.c b/servconf.c
index f311ae48d..e3939df40 100644
--- a/servconf.c
+++ b/servconf.c
@@ -10,7 +10,7 @@
10 */ 10 */
11 11
12#include "includes.h" 12#include "includes.h"
13RCSID("$OpenBSD: servconf.c,v 1.112 2002/06/23 09:46:51 deraadt Exp $"); 13RCSID("$OpenBSD: servconf.c,v 1.115 2002/09/04 18:52:42 stevesk Exp $");
14 14
15#if defined(KRB4) 15#if defined(KRB4)
16#include <krb.h> 16#include <krb.h>
@@ -101,6 +101,7 @@ initialize_server_options(ServerOptions *options)
101 options->kbd_interactive_authentication = -1; 101 options->kbd_interactive_authentication = -1;
102 options->challenge_response_authentication = -1; 102 options->challenge_response_authentication = -1;
103 options->permit_empty_passwd = -1; 103 options->permit_empty_passwd = -1;
104 options->permit_user_env = -1;
104 options->use_login = -1; 105 options->use_login = -1;
105 options->compression = -1; 106 options->compression = -1;
106 options->allow_tcp_forwarding = -1; 107 options->allow_tcp_forwarding = -1;
@@ -158,7 +159,7 @@ fill_default_server_options(ServerOptions *options)
158 if (options->server_key_bits == -1) 159 if (options->server_key_bits == -1)
159 options->server_key_bits = 768; 160 options->server_key_bits = 768;
160 if (options->login_grace_time == -1) 161 if (options->login_grace_time == -1)
161 options->login_grace_time = 600; 162 options->login_grace_time = 120;
162 if (options->key_regeneration_time == -1) 163 if (options->key_regeneration_time == -1)
163 options->key_regeneration_time = 3600; 164 options->key_regeneration_time = 3600;
164 if (options->permit_root_login == PERMIT_NOT_SET) 165 if (options->permit_root_login == PERMIT_NOT_SET)
@@ -223,6 +224,8 @@ fill_default_server_options(ServerOptions *options)
223 options->challenge_response_authentication = 1; 224 options->challenge_response_authentication = 1;
224 if (options->permit_empty_passwd == -1) 225 if (options->permit_empty_passwd == -1)
225 options->permit_empty_passwd = 0; 226 options->permit_empty_passwd = 0;
227 if (options->permit_user_env == -1)
228 options->permit_user_env = 0;
226 if (options->use_login == -1) 229 if (options->use_login == -1)
227 options->use_login = 0; 230 options->use_login = 0;
228 if (options->compression == -1) 231 if (options->compression == -1)
@@ -257,7 +260,7 @@ fill_default_server_options(ServerOptions *options)
257 if (use_privsep == -1) 260 if (use_privsep == -1)
258 use_privsep = 1; 261 use_privsep = 1;
259 262
260#if !defined(HAVE_MMAP_ANON_SHARED) 263#ifndef HAVE_MMAP
261 if (use_privsep && options->compression == 1) { 264 if (use_privsep && options->compression == 1) {
262 error("This platform does not support both privilege " 265 error("This platform does not support both privilege "
263 "separation and compression"); 266 "separation and compression");
@@ -291,7 +294,7 @@ typedef enum {
291 sPrintMotd, sPrintLastLog, sIgnoreRhosts, 294 sPrintMotd, sPrintLastLog, sIgnoreRhosts,
292 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, 295 sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
293 sStrictModes, sEmptyPasswd, sKeepAlives, 296 sStrictModes, sEmptyPasswd, sKeepAlives,
294 sUseLogin, sAllowTcpForwarding, sCompression, 297 sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
295 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, 298 sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
296 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, 299 sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
297 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, 300 sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
@@ -354,6 +357,7 @@ static struct {
354 { "xauthlocation", sXAuthLocation }, 357 { "xauthlocation", sXAuthLocation },
355 { "strictmodes", sStrictModes }, 358 { "strictmodes", sStrictModes },
356 { "permitemptypasswords", sEmptyPasswd }, 359 { "permitemptypasswords", sEmptyPasswd },
360 { "permituserenvironment", sPermitUserEnvironment },
357 { "uselogin", sUseLogin }, 361 { "uselogin", sUseLogin },
358 { "compression", sCompression }, 362 { "compression", sCompression },
359 { "keepalive", sKeepAlives }, 363 { "keepalive", sKeepAlives },
@@ -713,6 +717,10 @@ parse_flag:
713 intptr = &options->permit_empty_passwd; 717 intptr = &options->permit_empty_passwd;
714 goto parse_flag; 718 goto parse_flag;
715 719
720 case sPermitUserEnvironment:
721 intptr = &options->permit_user_env;
722 goto parse_flag;
723
716 case sUseLogin: 724 case sUseLogin:
717 intptr = &options->use_login; 725 intptr = &options->use_login;
718 goto parse_flag; 726 goto parse_flag;
diff --git a/servconf.h b/servconf.h
index c94f541d0..024987dd6 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: servconf.h,v 1.58 2002/06/20 23:05:55 markus Exp $ */ 1/* $OpenBSD: servconf.h,v 1.59 2002/07/30 17:03:55 markus Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -97,6 +97,7 @@ typedef struct {
97 int challenge_response_authentication; 97 int challenge_response_authentication;
98 int permit_empty_passwd; /* If false, do not permit empty 98 int permit_empty_passwd; /* If false, do not permit empty
99 * passwords. */ 99 * passwords. */
100 int permit_user_env; /* If true, read ~/.ssh/environment */
100 int use_login; /* If true, login(1) is used */ 101 int use_login; /* If true, login(1) is used */
101 int compression; /* If true, compression is allowed */ 102 int compression; /* If true, compression is allowed */
102 int allow_tcp_forwarding; 103 int allow_tcp_forwarding;
diff --git a/serverloop.c b/serverloop.c
index d327ff702..e66d529e9 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -35,13 +35,14 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: serverloop.c,v 1.103 2002/06/24 14:33:27 markus Exp $"); 38RCSID("$OpenBSD: serverloop.c,v 1.104 2002/09/19 16:03:15 stevesk Exp $");
39 39
40#include "xmalloc.h" 40#include "xmalloc.h"
41#include "packet.h" 41#include "packet.h"
42#include "buffer.h" 42#include "buffer.h"
43#include "log.h" 43#include "log.h"
44#include "servconf.h" 44#include "servconf.h"
45#include "canohost.h"
45#include "sshpty.h" 46#include "sshpty.h"
46#include "channels.h" 47#include "channels.h"
47#include "compat.h" 48#include "compat.h"
@@ -143,7 +144,9 @@ sigchld_handler(int sig)
143 int save_errno = errno; 144 int save_errno = errno;
144 debug("Received SIGCHLD."); 145 debug("Received SIGCHLD.");
145 child_terminated = 1; 146 child_terminated = 1;
147#ifndef _UNICOS
146 mysignal(SIGCHLD, sigchld_handler); 148 mysignal(SIGCHLD, sigchld_handler);
149#endif
147 notify_parent(); 150 notify_parent();
148 errno = save_errno; 151 errno = save_errno;
149} 152}
@@ -347,14 +350,17 @@ process_input(fd_set * readset)
347 if (FD_ISSET(connection_in, readset)) { 350 if (FD_ISSET(connection_in, readset)) {
348 len = read(connection_in, buf, sizeof(buf)); 351 len = read(connection_in, buf, sizeof(buf));
349 if (len == 0) { 352 if (len == 0) {
350 verbose("Connection closed by remote host."); 353 verbose("Connection closed by %.100s",
354 get_remote_ipaddr());
351 connection_closed = 1; 355 connection_closed = 1;
352 if (compat20) 356 if (compat20)
353 return; 357 return;
354 fatal_cleanup(); 358 fatal_cleanup();
355 } else if (len < 0) { 359 } else if (len < 0) {
356 if (errno != EINTR && errno != EAGAIN) { 360 if (errno != EINTR && errno != EAGAIN) {
357 verbose("Read error from remote host: %.100s", strerror(errno)); 361 verbose("Read error from remote host "
362 "%.100s: %.100s",
363 get_remote_ipaddr(), strerror(errno));
358 fatal_cleanup(); 364 fatal_cleanup();
359 } 365 }
360 } else { 366 } else {
@@ -972,8 +978,11 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
972 978
973 /* check permissions */ 979 /* check permissions */
974 if (!options.allow_tcp_forwarding || 980 if (!options.allow_tcp_forwarding ||
975 no_port_forwarding_flag || 981 no_port_forwarding_flag
976 (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)) { 982#ifndef NO_IPPORT_RESERVED_CONCEPT
983 || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)
984#endif
985 ) {
977 success = 0; 986 success = 0;
978 packet_send_debug("Server has disabled port forwarding."); 987 packet_send_debug("Server has disabled port forwarding.");
979 } else { 988 } else {
diff --git a/session.c b/session.c
index 747a00afa..9074525a4 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
33 */ 33 */
34 34
35#include "includes.h" 35#include "includes.h"
36RCSID("$OpenBSD: session.c,v 1.142 2002/06/26 13:49:26 deraadt Exp $"); 36RCSID("$OpenBSD: session.c,v 1.150 2002/09/16 19:55:33 stevesk Exp $");
37 37
38#include "ssh.h" 38#include "ssh.h"
39#include "ssh1.h" 39#include "ssh1.h"
@@ -210,13 +210,6 @@ do_authenticated(Authctxt *authctxt)
210 close(startup_pipe); 210 close(startup_pipe);
211 startup_pipe = -1; 211 startup_pipe = -1;
212 } 212 }
213#ifdef WITH_AIXAUTHENTICATE
214 /* We don't have a pty yet, so just label the line as "ssh" */
215 if (loginsuccess(authctxt->user,
216 get_canonical_hostname(options.verify_reverse_mapping),
217 "ssh", &aixloginmsg) < 0)
218 aixloginmsg = NULL;
219#endif /* WITH_AIXAUTHENTICATE */
220 213
221 /* setup the channel layer */ 214 /* setup the channel layer */
222 if (!no_port_forwarding_flag && options.allow_tcp_forwarding) 215 if (!no_port_forwarding_flag && options.allow_tcp_forwarding)
@@ -470,6 +463,8 @@ do_exec_no_pty(Session *s, const char *command)
470 463
471 /* Fork the child. */ 464 /* Fork the child. */
472 if ((pid = fork()) == 0) { 465 if ((pid = fork()) == 0) {
466 fatal_remove_all_cleanups();
467
473 /* Child. Reinitialize the log since the pid has changed. */ 468 /* Child. Reinitialize the log since the pid has changed. */
474 log_init(__progname, options.log_level, options.log_facility, log_stderr); 469 log_init(__progname, options.log_level, options.log_facility, log_stderr);
475 470
@@ -517,10 +512,17 @@ do_exec_no_pty(Session *s, const char *command)
517 perror("dup2 stderr"); 512 perror("dup2 stderr");
518#endif /* USE_PIPES */ 513#endif /* USE_PIPES */
519 514
515#ifdef _UNICOS
516 cray_init_job(s->pw); /* set up cray jid and tmpdir */
517#endif
518
520 /* Do processing for the child (exec command etc). */ 519 /* Do processing for the child (exec command etc). */
521 do_child(s, command); 520 do_child(s, command);
522 /* NOTREACHED */ 521 /* NOTREACHED */
523 } 522 }
523#ifdef _UNICOS
524 signal(WJSIGNAL, cray_job_termination_handler);
525#endif /* _UNICOS */
524#ifdef HAVE_CYGWIN 526#ifdef HAVE_CYGWIN
525 if (is_winnt) 527 if (is_winnt)
526 cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); 528 cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
@@ -585,6 +587,7 @@ do_exec_pty(Session *s, const char *command)
585 587
586 /* Fork the child. */ 588 /* Fork the child. */
587 if ((pid = fork()) == 0) { 589 if ((pid = fork()) == 0) {
590 fatal_remove_all_cleanups();
588 591
589 /* Child. Reinitialize the log because the pid has changed. */ 592 /* Child. Reinitialize the log because the pid has changed. */
590 log_init(__progname, options.log_level, options.log_facility, log_stderr); 593 log_init(__progname, options.log_level, options.log_facility, log_stderr);
@@ -607,8 +610,12 @@ do_exec_pty(Session *s, const char *command)
607 610
608 /* record login, etc. similar to login(1) */ 611 /* record login, etc. similar to login(1) */
609#ifndef HAVE_OSF_SIA 612#ifndef HAVE_OSF_SIA
610 if (!(options.use_login && command == NULL)) 613 if (!(options.use_login && command == NULL)) {
614#ifdef _UNICOS
615 cray_init_job(s->pw); /* set up cray jid and tmpdir */
616#endif /* _UNICOS */
611 do_login(s, command); 617 do_login(s, command);
618 }
612# ifdef LOGIN_NEEDS_UTMPX 619# ifdef LOGIN_NEEDS_UTMPX
613 else 620 else
614 do_pre_login(s); 621 do_pre_login(s);
@@ -619,6 +626,9 @@ do_exec_pty(Session *s, const char *command)
619 do_child(s, command); 626 do_child(s, command);
620 /* NOTREACHED */ 627 /* NOTREACHED */
621 } 628 }
629#ifdef _UNICOS
630 signal(WJSIGNAL, cray_job_termination_handler);
631#endif /* _UNICOS */
622#ifdef HAVE_CYGWIN 632#ifdef HAVE_CYGWIN
623 if (is_winnt) 633 if (is_winnt)
624 cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); 634 cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
@@ -668,8 +678,8 @@ do_pre_login(Session *s)
668 * the address be 0.0.0.0. 678 * the address be 0.0.0.0.
669 */ 679 */
670 memset(&from, 0, sizeof(from)); 680 memset(&from, 0, sizeof(from));
681 fromlen = sizeof(from);
671 if (packet_connection_is_on_socket()) { 682 if (packet_connection_is_on_socket()) {
672 fromlen = sizeof(from);
673 if (getpeername(packet_get_connection_in(), 683 if (getpeername(packet_get_connection_in(),
674 (struct sockaddr *) & from, &fromlen) < 0) { 684 (struct sockaddr *) & from, &fromlen) < 0) {
675 debug("getpeername: %.100s", strerror(errno)); 685 debug("getpeername: %.100s", strerror(errno));
@@ -734,7 +744,7 @@ do_login(Session *s, const char *command)
734 record_login(pid, s->tty, pw->pw_name, pw->pw_uid, 744 record_login(pid, s->tty, pw->pw_name, pw->pw_uid,
735 get_remote_name_or_ip(utmp_len, 745 get_remote_name_or_ip(utmp_len,
736 options.verify_reverse_mapping), 746 options.verify_reverse_mapping),
737 (struct sockaddr *)&from); 747 (struct sockaddr *)&from, fromlen);
738 748
739#ifdef USE_PAM 749#ifdef USE_PAM
740 /* 750 /*
@@ -759,6 +769,7 @@ do_login(Session *s, const char *command)
759 printf("%s\n", aixloginmsg); 769 printf("%s\n", aixloginmsg);
760#endif /* WITH_AIXAUTHENTICATE */ 770#endif /* WITH_AIXAUTHENTICATE */
761 771
772#ifndef NO_SSH_LASTLOG
762 if (options.print_lastlog && s->last_login_time != 0) { 773 if (options.print_lastlog && s->last_login_time != 0) {
763 time_string = ctime(&s->last_login_time); 774 time_string = ctime(&s->last_login_time);
764 if (strchr(time_string, '\n')) 775 if (strchr(time_string, '\n'))
@@ -769,6 +780,7 @@ do_login(Session *s, const char *command)
769 printf("Last login: %s from %s\r\n", time_string, 780 printf("Last login: %s from %s\r\n", time_string,
770 s->hostname); 781 s->hostname);
771 } 782 }
783#endif /* NO_SSH_LASTLOG */
772 784
773 do_motd(); 785 do_motd();
774} 786}
@@ -959,8 +971,10 @@ do_setup_env(Session *s, const char *shell)
959 child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); 971 child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
960 child_set_env(&env, &envsize, "HOME", pw->pw_dir); 972 child_set_env(&env, &envsize, "HOME", pw->pw_dir);
961#ifdef HAVE_LOGIN_CAP 973#ifdef HAVE_LOGIN_CAP
962 (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH); 974 if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0)
963 child_set_env(&env, &envsize, "PATH", getenv("PATH")); 975 child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
976 else
977 child_set_env(&env, &envsize, "PATH", getenv("PATH"));
964#else /* HAVE_LOGIN_CAP */ 978#else /* HAVE_LOGIN_CAP */
965# ifndef HAVE_CYGWIN 979# ifndef HAVE_CYGWIN
966 /* 980 /*
@@ -992,13 +1006,13 @@ do_setup_env(Session *s, const char *shell)
992 if (!options.use_login) { 1006 if (!options.use_login) {
993 while (custom_environment) { 1007 while (custom_environment) {
994 struct envstring *ce = custom_environment; 1008 struct envstring *ce = custom_environment;
995 char *s = ce->s; 1009 char *str = ce->s;
996 1010
997 for (i = 0; s[i] != '=' && s[i]; i++) 1011 for (i = 0; str[i] != '=' && str[i]; i++)
998 ; 1012 ;
999 if (s[i] == '=') { 1013 if (str[i] == '=') {
1000 s[i] = 0; 1014 str[i] = 0;
1001 child_set_env(&env, &envsize, s, s + i + 1); 1015 child_set_env(&env, &envsize, str, str + i + 1);
1002 } 1016 }
1003 custom_environment = ce->next; 1017 custom_environment = ce->next;
1004 xfree(ce->s); 1018 xfree(ce->s);
@@ -1006,10 +1020,16 @@ do_setup_env(Session *s, const char *shell)
1006 } 1020 }
1007 } 1021 }
1008 1022
1023 /* SSH_CLIENT deprecated */
1009 snprintf(buf, sizeof buf, "%.50s %d %d", 1024 snprintf(buf, sizeof buf, "%.50s %d %d",
1010 get_remote_ipaddr(), get_remote_port(), get_local_port()); 1025 get_remote_ipaddr(), get_remote_port(), get_local_port());
1011 child_set_env(&env, &envsize, "SSH_CLIENT", buf); 1026 child_set_env(&env, &envsize, "SSH_CLIENT", buf);
1012 1027
1028 snprintf(buf, sizeof buf, "%.50s %d %.50s %d",
1029 get_remote_ipaddr(), get_remote_port(),
1030 get_local_ipaddr(packet_get_connection_in()), get_local_port());
1031 child_set_env(&env, &envsize, "SSH_CONNECTION", buf);
1032
1013 if (s->ttyfd != -1) 1033 if (s->ttyfd != -1)
1014 child_set_env(&env, &envsize, "SSH_TTY", s->tty); 1034 child_set_env(&env, &envsize, "SSH_TTY", s->tty);
1015 if (s->term) 1035 if (s->term)
@@ -1020,6 +1040,11 @@ do_setup_env(Session *s, const char *shell)
1020 child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", 1040 child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
1021 original_command); 1041 original_command);
1022 1042
1043#ifdef _UNICOS
1044 if (cray_tmpdir[0] != '\0')
1045 child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir);
1046#endif /* _UNICOS */
1047
1023#ifdef _AIX 1048#ifdef _AIX
1024 { 1049 {
1025 char *cp; 1050 char *cp;
@@ -1042,8 +1067,17 @@ do_setup_env(Session *s, const char *shell)
1042 s->authctxt->krb5_ticket_file); 1067 s->authctxt->krb5_ticket_file);
1043#endif 1068#endif
1044#ifdef USE_PAM 1069#ifdef USE_PAM
1045 /* Pull in any environment variables that may have been set by PAM. */ 1070 /*
1046 copy_environment(fetch_pam_environment(), &env, &envsize); 1071 * Pull in any environment variables that may have
1072 * been set by PAM.
1073 */
1074 {
1075 char **p;
1076
1077 p = fetch_pam_environment();
1078 copy_environment(p, &env, &envsize);
1079 free_pam_environment(p);
1080 }
1047#endif /* USE_PAM */ 1081#endif /* USE_PAM */
1048 1082
1049 if (auth_sock_name != NULL) 1083 if (auth_sock_name != NULL)
@@ -1051,9 +1085,9 @@ do_setup_env(Session *s, const char *shell)
1051 auth_sock_name); 1085 auth_sock_name);
1052 1086
1053 /* read $HOME/.ssh/environment. */ 1087 /* read $HOME/.ssh/environment. */
1054 if (!options.use_login) { 1088 if (options.permit_user_env && !options.use_login) {
1055 snprintf(buf, sizeof buf, "%.200s/.ssh/environment", 1089 snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
1056 pw->pw_dir); 1090 strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
1057 read_environment_file(&env, &envsize, buf); 1091 read_environment_file(&env, &envsize, buf);
1058 } 1092 }
1059 if (debug_flag) { 1093 if (debug_flag) {
@@ -1148,6 +1182,8 @@ do_nologin(struct passwd *pw)
1148#endif 1182#endif
1149 if (f) { 1183 if (f) {
1150 /* /etc/nologin exists. Print its contents and exit. */ 1184 /* /etc/nologin exists. Print its contents and exit. */
1185 log("User %.100s not allowed because %s exists",
1186 pw->pw_name, _PATH_NOLOGIN);
1151 while (fgets(buf, sizeof(buf), f)) 1187 while (fgets(buf, sizeof(buf), f))
1152 fputs(buf, stderr); 1188 fputs(buf, stderr);
1153 fclose(f); 1189 fclose(f);
@@ -1159,8 +1195,6 @@ do_nologin(struct passwd *pw)
1159void 1195void
1160do_setusercontext(struct passwd *pw) 1196do_setusercontext(struct passwd *pw)
1161{ 1197{
1162 char tty='\0';
1163
1164#ifdef HAVE_CYGWIN 1198#ifdef HAVE_CYGWIN
1165 if (is_winnt) { 1199 if (is_winnt) {
1166#else /* HAVE_CYGWIN */ 1200#else /* HAVE_CYGWIN */
@@ -1170,9 +1204,9 @@ do_setusercontext(struct passwd *pw)
1170 setpcred(pw->pw_name); 1204 setpcred(pw->pw_name);
1171#endif /* HAVE_SETPCRED */ 1205#endif /* HAVE_SETPCRED */
1172#ifdef HAVE_LOGIN_CAP 1206#ifdef HAVE_LOGIN_CAP
1173#ifdef __bsdi__ 1207# ifdef __bsdi__
1174 setpgid(0, 0); 1208 setpgid(0, 0);
1175#endif 1209# endif
1176 if (setusercontext(lc, pw, pw->pw_uid, 1210 if (setusercontext(lc, pw, pw->pw_uid,
1177 (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) { 1211 (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
1178 perror("unable to set user context"); 1212 perror("unable to set user context");
@@ -1209,8 +1243,7 @@ do_setusercontext(struct passwd *pw)
1209 irix_setusercontext(pw); 1243 irix_setusercontext(pw);
1210# endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */ 1244# endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */
1211# ifdef _AIX 1245# ifdef _AIX
1212 /* XXX: Disable tty setting. Enabled if required later */ 1246 aix_usrinfo(pw);
1213 aix_usrinfo(pw, &tty, -1);
1214# endif /* _AIX */ 1247# endif /* _AIX */
1215 /* Permanently switch to the desired uid. */ 1248 /* Permanently switch to the desired uid. */
1216 permanently_set_uid(pw); 1249 permanently_set_uid(pw);
@@ -1263,6 +1296,10 @@ do_child(Session *s, const char *command)
1263 if (options.use_login && command != NULL) 1296 if (options.use_login && command != NULL)
1264 options.use_login = 0; 1297 options.use_login = 0;
1265 1298
1299#ifdef _UNICOS
1300 cray_setup(pw->pw_uid, pw->pw_name, command);
1301#endif /* _UNICOS */
1302
1266 /* 1303 /*
1267 * Login(1) does this as well, and it needs uid 0 for the "-h" 1304 * Login(1) does this as well, and it needs uid 0 for the "-h"
1268 * switch, so we let login(1) to this for us. 1305 * switch, so we let login(1) to this for us.
@@ -1798,6 +1835,27 @@ session_pty_cleanup(void *session)
1798 PRIVSEP(session_pty_cleanup2(session)); 1835 PRIVSEP(session_pty_cleanup2(session));
1799} 1836}
1800 1837
1838static char *
1839sig2name(int sig)
1840{
1841#define SSH_SIG(x) if (sig == SIG ## x) return #x
1842 SSH_SIG(ABRT);
1843 SSH_SIG(ALRM);
1844 SSH_SIG(FPE);
1845 SSH_SIG(HUP);
1846 SSH_SIG(ILL);
1847 SSH_SIG(INT);
1848 SSH_SIG(KILL);
1849 SSH_SIG(PIPE);
1850 SSH_SIG(QUIT);
1851 SSH_SIG(SEGV);
1852 SSH_SIG(TERM);
1853 SSH_SIG(USR1);
1854 SSH_SIG(USR2);
1855#undef SSH_SIG
1856 return "SIG@openssh.com";
1857}
1858
1801static void 1859static void
1802session_exit_message(Session *s, int status) 1860session_exit_message(Session *s, int status)
1803{ 1861{
@@ -1815,7 +1873,7 @@ session_exit_message(Session *s, int status)
1815 packet_send(); 1873 packet_send();
1816 } else if (WIFSIGNALED(status)) { 1874 } else if (WIFSIGNALED(status)) {
1817 channel_request_start(s->chanid, "exit-signal", 0); 1875 channel_request_start(s->chanid, "exit-signal", 0);
1818 packet_put_int(WTERMSIG(status)); 1876 packet_put_cstring(sig2name(WTERMSIG(status)));
1819#ifdef WCOREDUMP 1877#ifdef WCOREDUMP
1820 packet_put_char(WCOREDUMP(status)); 1878 packet_put_char(WCOREDUMP(status));
1821#else /* WCOREDUMP */ 1879#else /* WCOREDUMP */
diff --git a/session.h b/session.h
index 3bce97891..d3ddfab75 100644
--- a/session.h
+++ b/session.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: session.h,v 1.18 2002/06/23 21:06:41 deraadt Exp $ */ 1/* $OpenBSD: session.h,v 1.19 2002/06/30 21:59:45 deraadt Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -57,7 +57,7 @@ struct Session {
57 57
58void do_authenticated(Authctxt *); 58void do_authenticated(Authctxt *);
59 59
60int session_open(Authctxt*, int); 60int session_open(Authctxt *, int);
61int session_input_channel_req(Channel *, const char *); 61int session_input_channel_req(Channel *, const char *);
62void session_close_by_pid(pid_t, int); 62void session_close_by_pid(pid_t, int);
63void session_close_by_channel(int, void *); 63void session_close_by_channel(int, void *);
diff --git a/sftp-client.c b/sftp-client.c
index 10b7992d0..f6a73f379 100644
--- a/sftp-client.c
+++ b/sftp-client.c
@@ -28,9 +28,9 @@
28/* XXX: copy between two remote sites */ 28/* XXX: copy between two remote sites */
29 29
30#include "includes.h" 30#include "includes.h"
31RCSID("$OpenBSD: sftp-client.c,v 1.33 2002/06/23 09:30:14 deraadt Exp $"); 31RCSID("$OpenBSD: sftp-client.c,v 1.35 2002/09/11 22:41:49 djm Exp $");
32 32
33#include "openbsd-compat/fake-queue.h" 33#include "openbsd-compat/sys-queue.h"
34 34
35#include "buffer.h" 35#include "buffer.h"
36#include "bufaux.h" 36#include "bufaux.h"
@@ -415,12 +415,6 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
415} 415}
416 416
417int 417int
418do_ls(struct sftp_conn *conn, char *path)
419{
420 return(do_lsreaddir(conn, path, 1, NULL));
421}
422
423int
424do_readdir(struct sftp_conn *conn, char *path, SFTP_DIRENT ***dir) 418do_readdir(struct sftp_conn *conn, char *path, SFTP_DIRENT ***dir)
425{ 419{
426 return(do_lsreaddir(conn, path, 0, dir)); 420 return(do_lsreaddir(conn, path, 0, dir));
@@ -1095,7 +1089,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
1095 debug3("In write loop, ack for %u %u bytes at %llu", 1089 debug3("In write loop, ack for %u %u bytes at %llu",
1096 ack->id, ack->len, (unsigned long long)ack->offset); 1090 ack->id, ack->len, (unsigned long long)ack->offset);
1097 ++ackid; 1091 ++ackid;
1098 free(ack); 1092 xfree(ack);
1099 } 1093 }
1100 offset += len; 1094 offset += len;
1101 } 1095 }
diff --git a/sftp-client.h b/sftp-client.h
index b06171168..98e08ffa7 100644
--- a/sftp-client.h
+++ b/sftp-client.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: sftp-client.h,v 1.10 2002/06/23 09:30:14 deraadt Exp $ */ 1/* $OpenBSD: sftp-client.h,v 1.11 2002/09/11 22:41:50 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2001,2002 Damien Miller. All rights reserved. 4 * Copyright (c) 2001,2002 Damien Miller. All rights reserved.
@@ -48,9 +48,6 @@ u_int sftp_proto_version(struct sftp_conn *);
48/* Close file referred to by 'handle' */ 48/* Close file referred to by 'handle' */
49int do_close(struct sftp_conn *, char *, u_int); 49int do_close(struct sftp_conn *, char *, u_int);
50 50
51/* List contents of directory 'path' to stdout */
52int do_ls(struct sftp_conn *, char *);
53
54/* Read contents of 'path' to NULL-terminated array 'dir' */ 51/* Read contents of 'path' to NULL-terminated array 'dir' */
55int do_readdir(struct sftp_conn *, char *, SFTP_DIRENT ***); 52int do_readdir(struct sftp_conn *, char *, SFTP_DIRENT ***);
56 53
diff --git a/sftp-common.c b/sftp-common.c
index 6bed0ab8a..082345486 100644
--- a/sftp-common.c
+++ b/sftp-common.c
@@ -24,7 +24,7 @@
24 */ 24 */
25 25
26#include "includes.h" 26#include "includes.h"
27RCSID("$OpenBSD: sftp-common.c,v 1.6 2002/06/23 09:30:14 deraadt Exp $"); 27RCSID("$OpenBSD: sftp-common.c,v 1.7 2002/09/11 22:41:50 djm Exp $");
28 28
29#include "buffer.h" 29#include "buffer.h"
30#include "bufaux.h" 30#include "bufaux.h"
@@ -65,6 +65,26 @@ stat_to_attrib(struct stat *st, Attrib *a)
65 a->mtime = st->st_mtime; 65 a->mtime = st->st_mtime;
66} 66}
67 67
68/* Convert from filexfer attribs to struct stat */
69void
70attrib_to_stat(Attrib *a, struct stat *st)
71{
72 memset(st, 0, sizeof(*st));
73
74 if (a->flags & SSH2_FILEXFER_ATTR_SIZE)
75 st->st_size = a->size;
76 if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
77 st->st_uid = a->uid;
78 st->st_gid = a->gid;
79 }
80 if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)
81 st->st_mode = a->perm;
82 if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
83 st->st_atime = a->atime;
84 st->st_mtime = a->mtime;
85 }
86}
87
68/* Decode attributes in buffer */ 88/* Decode attributes in buffer */
69Attrib * 89Attrib *
70decode_attrib(Buffer *b) 90decode_attrib(Buffer *b)
@@ -149,3 +169,45 @@ fx2txt(int status)
149 } 169 }
150 /* NOTREACHED */ 170 /* NOTREACHED */
151} 171}
172
173/*
174 * drwxr-xr-x 5 markus markus 1024 Jan 13 18:39 .ssh
175 */
176char *
177ls_file(char *name, struct stat *st, int remote)
178{
179 int ulen, glen, sz = 0;
180 struct passwd *pw;
181 struct group *gr;
182 struct tm *ltime = localtime(&st->st_mtime);
183 char *user, *group;
184 char buf[1024], mode[11+1], tbuf[12+1], ubuf[11+1], gbuf[11+1];
185
186 strmode(st->st_mode, mode);
187 if (!remote && (pw = getpwuid(st->st_uid)) != NULL) {
188 user = pw->pw_name;
189 } else {
190 snprintf(ubuf, sizeof ubuf, "%u", (u_int)st->st_uid);
191 user = ubuf;
192 }
193 if (!remote && (gr = getgrgid(st->st_gid)) != NULL) {
194 group = gr->gr_name;
195 } else {
196 snprintf(gbuf, sizeof gbuf, "%u", (u_int)st->st_gid);
197 group = gbuf;
198 }
199 if (ltime != NULL) {
200 if (time(NULL) - st->st_mtime < (365*24*60*60)/2)
201 sz = strftime(tbuf, sizeof tbuf, "%b %e %H:%M", ltime);
202 else
203 sz = strftime(tbuf, sizeof tbuf, "%b %e %Y", ltime);
204 }
205 if (sz == 0)
206 tbuf[0] = '\0';
207 ulen = MAX(strlen(user), 8);
208 glen = MAX(strlen(group), 8);
209 snprintf(buf, sizeof buf, "%s %3d %-*s %-*s %8llu %s %s", mode,
210 st->st_nlink, ulen, user, glen, group,
211 (u_int64_t)st->st_size, tbuf, name);
212 return xstrdup(buf);
213}
diff --git a/sftp-common.h b/sftp-common.h
index 4c126bf10..201611cc4 100644
--- a/sftp-common.h
+++ b/sftp-common.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: sftp-common.h,v 1.3 2001/06/26 17:27:24 markus Exp $ */ 1/* $OpenBSD: sftp-common.h,v 1.4 2002/09/11 22:41:50 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -40,7 +40,9 @@ struct Attrib {
40 40
41void attrib_clear(Attrib *); 41void attrib_clear(Attrib *);
42void stat_to_attrib(struct stat *, Attrib *); 42void stat_to_attrib(struct stat *, Attrib *);
43void attrib_to_stat(Attrib *, struct stat *);
43Attrib *decode_attrib(Buffer *); 44Attrib *decode_attrib(Buffer *);
44void encode_attrib(Buffer *, Attrib *); 45void encode_attrib(Buffer *, Attrib *);
46char *ls_file(char *, struct stat *, int);
45 47
46const char *fx2txt(int); 48const char *fx2txt(int);
diff --git a/sftp-glob.c b/sftp-glob.c
index 1234074c4..ee122a2cd 100644
--- a/sftp-glob.c
+++ b/sftp-glob.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: sftp-glob.c,v 1.10 2002/02/13 00:59:23 djm Exp $"); 26RCSID("$OpenBSD: sftp-glob.c,v 1.13 2002/09/11 22:41:50 djm Exp $");
27 27
28#include "buffer.h" 28#include "buffer.h"
29#include "bufaux.h" 29#include "bufaux.h"
@@ -51,12 +51,14 @@ fudge_opendir(const char *path)
51 51
52 r = xmalloc(sizeof(*r)); 52 r = xmalloc(sizeof(*r));
53 53
54 if (do_readdir(cur.conn, (char*)path, &r->dir)) 54 if (do_readdir(cur.conn, (char *)path, &r->dir)) {
55 xfree(r);
55 return(NULL); 56 return(NULL);
57 }
56 58
57 r->offset = 0; 59 r->offset = 0;
58 60
59 return((void*)r); 61 return((void *)r);
60} 62}
61 63
62static struct dirent * 64static struct dirent *
@@ -105,31 +107,12 @@ fudge_closedir(struct SFTP_OPENDIR *od)
105 xfree(od); 107 xfree(od);
106} 108}
107 109
108static void
109attrib_to_stat(Attrib *a, struct stat *st)
110{
111 memset(st, 0, sizeof(*st));
112
113 if (a->flags & SSH2_FILEXFER_ATTR_SIZE)
114 st->st_size = a->size;
115 if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
116 st->st_uid = a->uid;
117 st->st_gid = a->gid;
118 }
119 if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)
120 st->st_mode = a->perm;
121 if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
122 st->st_atime = a->atime;
123 st->st_mtime = a->mtime;
124 }
125}
126
127static int 110static int
128fudge_lstat(const char *path, struct stat *st) 111fudge_lstat(const char *path, struct stat *st)
129{ 112{
130 Attrib *a; 113 Attrib *a;
131 114
132 if (!(a = do_lstat(cur.conn, (char*)path, 0))) 115 if (!(a = do_lstat(cur.conn, (char *)path, 0)))
133 return(-1); 116 return(-1);
134 117
135 attrib_to_stat(a, st); 118 attrib_to_stat(a, st);
@@ -142,7 +125,7 @@ fudge_stat(const char *path, struct stat *st)
142{ 125{
143 Attrib *a; 126 Attrib *a;
144 127
145 if (!(a = do_stat(cur.conn, (char*)path, 0))) 128 if (!(a = do_stat(cur.conn, (char *)path, 0)))
146 return(-1); 129 return(-1);
147 130
148 attrib_to_stat(a, st); 131 attrib_to_stat(a, st);
diff --git a/sftp-glob.h b/sftp-glob.h
index 9c754912c..f879e8719 100644
--- a/sftp-glob.h
+++ b/sftp-glob.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: sftp-glob.h,v 1.7 2002/03/19 10:49:35 markus Exp $ */ 1/* $OpenBSD: sftp-glob.h,v 1.8 2002/09/11 22:41:50 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2001,2002 Damien Miller. All rights reserved. 4 * Copyright (c) 2001,2002 Damien Miller. All rights reserved.
@@ -31,8 +31,7 @@
31 31
32#include "sftp-client.h" 32#include "sftp-client.h"
33 33
34int 34int remote_glob(struct sftp_conn *, const char *, int,
35remote_glob(struct sftp_conn *, const char *, int,
36 int (*)(const char *, int), glob_t *); 35 int (*)(const char *, int), glob_t *);
37 36
38#endif 37#endif
diff --git a/sftp-int.c b/sftp-int.c
index b13e5da5d..6a2012910 100644
--- a/sftp-int.c
+++ b/sftp-int.c
@@ -22,11 +22,10 @@
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */ 23 */
24 24
25/* XXX: globbed ls */
26/* XXX: recursive operations */ 25/* XXX: recursive operations */
27 26
28#include "includes.h" 27#include "includes.h"
29RCSID("$OpenBSD: sftp-int.c,v 1.47 2002/06/23 09:30:14 deraadt Exp $"); 28RCSID("$OpenBSD: sftp-int.c,v 1.49 2002/09/12 00:13:06 djm Exp $");
30 29
31#include "buffer.h" 30#include "buffer.h"
32#include "xmalloc.h" 31#include "xmalloc.h"
@@ -201,6 +200,25 @@ local_do_ls(const char *args)
201 } 200 }
202} 201}
203 202
203/* Strip one path (usually the pwd) from the start of another */
204static char *
205path_strip(char *path, char *strip)
206{
207 size_t len;
208
209 if (strip == NULL)
210 return (xstrdup(path));
211
212 len = strlen(strip);
213 if (strip != NULL && strncmp(path, strip, len) == 0) {
214 if (strip[len - 1] != '/' && path[len] == '/')
215 len++;
216 return (xstrdup(path + len));
217 }
218
219 return (xstrdup(path));
220}
221
204static char * 222static char *
205path_append(char *p1, char *p2) 223path_append(char *p1, char *p2)
206{ 224{
@@ -209,7 +227,7 @@ path_append(char *p1, char *p2)
209 227
210 ret = xmalloc(len); 228 ret = xmalloc(len);
211 strlcpy(ret, p1, len); 229 strlcpy(ret, p1, len);
212 if (strcmp(p1, "/") != 0) 230 if (p1[strlen(p1) - 1] != '/')
213 strlcat(ret, "/", len); 231 strlcat(ret, "/", len);
214 strlcat(ret, p2, len); 232 strlcat(ret, p2, len);
215 233
@@ -274,6 +292,29 @@ parse_getput_flags(const char **cpp, int *pflag)
274} 292}
275 293
276static int 294static int
295parse_ls_flags(const char **cpp, int *lflag)
296{
297 const char *cp = *cpp;
298
299 /* Check for flags */
300 if (cp++[0] == '-') {
301 for(; strchr(WHITESPACE, *cp) == NULL; cp++) {
302 switch (*cp) {
303 case 'l':
304 *lflag = 1;
305 break;
306 default:
307 error("Invalid flag -%c", *cp);
308 return(-1);
309 }
310 }
311 *cpp = cp + strspn(cp, WHITESPACE);
312 }
313
314 return(0);
315}
316
317static int
277get_pathname(const char **cpp, char **path) 318get_pathname(const char **cpp, char **path)
278{ 319{
279 const char *cp = *cpp, *end; 320 const char *cp = *cpp, *end;
@@ -504,8 +545,129 @@ out:
504} 545}
505 546
506static int 547static int
507parse_args(const char **cpp, int *pflag, unsigned long *n_arg, 548sdirent_comp(const void *aa, const void *bb)
508 char **path1, char **path2) 549{
550 SFTP_DIRENT *a = *(SFTP_DIRENT **)aa;
551 SFTP_DIRENT *b = *(SFTP_DIRENT **)bb;
552
553 return (strcmp(a->filename, b->filename));
554}
555
556/* sftp ls.1 replacement for directories */
557static int
558do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
559{
560 int n;
561 SFTP_DIRENT **d;
562
563 if ((n = do_readdir(conn, path, &d)) != 0)
564 return (n);
565
566 /* Count entries for sort */
567 for (n = 0; d[n] != NULL; n++)
568 ;
569
570 qsort(d, n, sizeof(*d), sdirent_comp);
571
572 for (n = 0; d[n] != NULL; n++) {
573 char *tmp, *fname;
574
575 tmp = path_append(path, d[n]->filename);
576 fname = path_strip(tmp, strip_path);
577 xfree(tmp);
578
579 if (lflag) {
580 char *lname;
581 struct stat sb;
582
583 memset(&sb, 0, sizeof(sb));
584 attrib_to_stat(&d[n]->a, &sb);
585 lname = ls_file(fname, &sb, 1);
586 printf("%s\n", lname);
587 xfree(lname);
588 } else {
589 /* XXX - multicolumn display would be nice here */
590 printf("%s\n", fname);
591 }
592
593 xfree(fname);
594 }
595
596 free_sftp_dirents(d);
597 return (0);
598}
599
600/* sftp ls.1 replacement which handles path globs */
601static int
602do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
603 int lflag)
604{
605 glob_t g;
606 int i;
607 Attrib *a;
608 struct stat sb;
609
610 memset(&g, 0, sizeof(g));
611
612 if (remote_glob(conn, path, GLOB_MARK|GLOB_NOCHECK|GLOB_BRACE,
613 NULL, &g)) {
614 error("Can't ls: \"%s\" not found", path);
615 return (-1);
616 }
617
618 /*
619 * If the glob returns a single match, which is the same as the
620 * input glob, and it is a directory, then just list its contents
621 */
622 if (g.gl_pathc == 1 &&
623 strncmp(path, g.gl_pathv[0], strlen(g.gl_pathv[0]) - 1) == 0) {
624 if ((a = do_lstat(conn, path, 1)) == NULL) {
625 globfree(&g);
626 return (-1);
627 }
628 if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) &&
629 S_ISDIR(a->perm)) {
630 globfree(&g);
631 return (do_ls_dir(conn, path, strip_path, lflag));
632 }
633 }
634
635 for (i = 0; g.gl_pathv[i]; i++) {
636 char *fname, *lname;
637
638 fname = path_strip(g.gl_pathv[i], strip_path);
639
640 if (lflag) {
641 /*
642 * XXX: this is slow - 1 roundtrip per path
643 * A solution to this is to fork glob() and
644 * build a sftp specific version which keeps the
645 * attribs (which currently get thrown away)
646 * that the server returns as well as the filenames.
647 */
648 memset(&sb, 0, sizeof(sb));
649 a = do_lstat(conn, g.gl_pathv[i], 1);
650 if (a != NULL)
651 attrib_to_stat(a, &sb);
652 lname = ls_file(fname, &sb, 1);
653 printf("%s\n", lname);
654 xfree(lname);
655 } else {
656 /* XXX - multicolumn display would be nice here */
657 printf("%s\n", fname);
658 }
659 xfree(fname);
660 }
661
662 if (g.gl_pathc)
663 globfree(&g);
664
665 return (0);
666}
667
668static int
669parse_args(const char **cpp, int *pflag, int *lflag,
670 unsigned long *n_arg, char **path1, char **path2)
509{ 671{
510 const char *cmd, *cp = *cpp; 672 const char *cmd, *cp = *cpp;
511 char *cp2; 673 char *cp2;
@@ -545,7 +707,7 @@ parse_args(const char **cpp, int *pflag, unsigned long *n_arg,
545 } 707 }
546 708
547 /* Get arguments and parse flags */ 709 /* Get arguments and parse flags */
548 *pflag = *n_arg = 0; 710 *lflag = *pflag = *n_arg = 0;
549 *path1 = *path2 = NULL; 711 *path1 = *path2 = NULL;
550 switch (cmdnum) { 712 switch (cmdnum) {
551 case I_GET: 713 case I_GET:
@@ -592,6 +754,8 @@ parse_args(const char **cpp, int *pflag, unsigned long *n_arg,
592 } 754 }
593 break; 755 break;
594 case I_LS: 756 case I_LS:
757 if (parse_ls_flags(&cp, lflag))
758 return(-1);
595 /* Path is optional */ 759 /* Path is optional */
596 if (get_pathname(&cp, path1)) 760 if (get_pathname(&cp, path1))
597 return(-1); 761 return(-1);
@@ -652,7 +816,7 @@ static int
652parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd) 816parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd)
653{ 817{
654 char *path1, *path2, *tmp; 818 char *path1, *path2, *tmp;
655 int pflag, cmdnum, i; 819 int pflag, lflag, cmdnum, i;
656 unsigned long n_arg; 820 unsigned long n_arg;
657 Attrib a, *aa; 821 Attrib a, *aa;
658 char path_buf[MAXPATHLEN]; 822 char path_buf[MAXPATHLEN];
@@ -660,7 +824,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd)
660 glob_t g; 824 glob_t g;
661 825
662 path1 = path2 = NULL; 826 path1 = path2 = NULL;
663 cmdnum = parse_args(&cmd, &pflag, &n_arg, &path1, &path2); 827 cmdnum = parse_args(&cmd, &pflag, &lflag, &n_arg,
828 &path1, &path2);
664 829
665 memset(&g, 0, sizeof(g)); 830 memset(&g, 0, sizeof(g));
666 831
@@ -732,22 +897,18 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd)
732 break; 897 break;
733 case I_LS: 898 case I_LS:
734 if (!path1) { 899 if (!path1) {
735 do_ls(conn, *pwd); 900 do_globbed_ls(conn, *pwd, *pwd, lflag);
736 break; 901 break;
737 } 902 }
903
904 /* Strip pwd off beginning of non-absolute paths */
905 tmp = NULL;
906 if (*path1 != '/')
907 tmp = *pwd;
908
738 path1 = make_absolute(path1, *pwd); 909 path1 = make_absolute(path1, *pwd);
739 if ((tmp = do_realpath(conn, path1)) == NULL) 910
740 break; 911 do_globbed_ls(conn, path1, tmp, lflag);
741 xfree(path1);
742 path1 = tmp;
743 if ((aa = do_stat(conn, path1, 0)) == NULL)
744 break;
745 if ((aa->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) &&
746 !S_ISDIR(aa->perm)) {
747 error("Can't ls: \"%s\" is not a directory", path1);
748 break;
749 }
750 do_ls(conn, path1);
751 break; 912 break;
752 case I_LCHDIR: 913 case I_LCHDIR:
753 if (chdir(path1) == -1) { 914 if (chdir(path1) == -1) {
diff --git a/sftp-server.c b/sftp-server.c
index a5c325561..84264693d 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -22,7 +22,7 @@
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */ 23 */
24#include "includes.h" 24#include "includes.h"
25RCSID("$OpenBSD: sftp-server.c,v 1.37 2002/06/24 17:57:20 deraadt Exp $"); 25RCSID("$OpenBSD: sftp-server.c,v 1.38 2002/09/11 22:41:50 djm Exp $");
26 26
27#include "buffer.h" 27#include "buffer.h"
28#include "bufaux.h" 28#include "bufaux.h"
@@ -695,48 +695,6 @@ process_opendir(void)
695 xfree(path); 695 xfree(path);
696} 696}
697 697
698/*
699 * drwxr-xr-x 5 markus markus 1024 Jan 13 18:39 .ssh
700 */
701static char *
702ls_file(char *name, struct stat *st)
703{
704 int ulen, glen, sz = 0;
705 struct passwd *pw;
706 struct group *gr;
707 struct tm *ltime = localtime(&st->st_mtime);
708 char *user, *group;
709 char buf[1024], mode[11+1], tbuf[12+1], ubuf[11+1], gbuf[11+1];
710
711 strmode(st->st_mode, mode);
712 if ((pw = getpwuid(st->st_uid)) != NULL) {
713 user = pw->pw_name;
714 } else {
715 snprintf(ubuf, sizeof ubuf, "%u", (u_int)st->st_uid);
716 user = ubuf;
717 }
718 if ((gr = getgrgid(st->st_gid)) != NULL) {
719 group = gr->gr_name;
720 } else {
721 snprintf(gbuf, sizeof gbuf, "%u", (u_int)st->st_gid);
722 group = gbuf;
723 }
724 if (ltime != NULL) {
725 if (time(NULL) - st->st_mtime < (365*24*60*60)/2)
726 sz = strftime(tbuf, sizeof tbuf, "%b %e %H:%M", ltime);
727 else
728 sz = strftime(tbuf, sizeof tbuf, "%b %e %Y", ltime);
729 }
730 if (sz == 0)
731 tbuf[0] = '\0';
732 ulen = MAX(strlen(user), 8);
733 glen = MAX(strlen(group), 8);
734 snprintf(buf, sizeof buf, "%s %3d %-*s %-*s %8llu %s %s", mode,
735 st->st_nlink, ulen, user, glen, group,
736 (u_int64_t)st->st_size, tbuf, name);
737 return xstrdup(buf);
738}
739
740static void 698static void
741process_readdir(void) 699process_readdir(void)
742{ 700{
@@ -772,7 +730,7 @@ process_readdir(void)
772 continue; 730 continue;
773 stat_to_attrib(&st, &(stats[count].attrib)); 731 stat_to_attrib(&st, &(stats[count].attrib));
774 stats[count].name = xstrdup(dp->d_name); 732 stats[count].name = xstrdup(dp->d_name);
775 stats[count].long_name = ls_file(dp->d_name, &st); 733 stats[count].long_name = ls_file(dp->d_name, &st, 0);
776 count++; 734 count++;
777 /* send up to 100 entries in one message */ 735 /* send up to 100 entries in one message */
778 /* XXX check packet size instead */ 736 /* XXX check packet size instead */
diff --git a/sftp.0 b/sftp.0
index 562b685e4..d0c6086ba 100644
--- a/sftp.0
+++ b/sftp.0
@@ -117,9 +117,11 @@ INTERACTIVE COMMANDS
117 117
118 lpwd Print local working directory. 118 lpwd Print local working directory.
119 119
120 ls [path] 120 ls [flags] [path]
121 Display remote directory listing of either path or current direcM-- 121 Display remote directory listing of either path or current direcM--
122 tory if path is not specified. 122 tory if path is not specified. If the -l flag is specified, then
123 display additional details including permissions and ownership
124 information.
123 125
124 lumask umask 126 lumask umask
125 Set local umask to umask. 127 Set local umask to umask.
diff --git a/sftp.1 b/sftp.1
index 0e6d741a9..33ceb6596 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: sftp.1,v 1.35 2002/06/20 20:00:05 stevesk Exp $ 1.\" $OpenBSD: sftp.1,v 1.36 2002/09/11 22:41:50 djm Exp $
2.\" 2.\"
3.\" Copyright (c) 2001 Damien Miller. All rights reserved. 3.\" Copyright (c) 2001 Damien Miller. All rights reserved.
4.\" 4.\"
@@ -203,12 +203,18 @@ to
203.Ar newpath . 203.Ar newpath .
204.It Ic lpwd 204.It Ic lpwd
205Print local working directory. 205Print local working directory.
206.It Ic ls Op Ar path 206.It Xo Ic ls
207.Op Ar flags
208.Op Ar path
209.Xc
207Display remote directory listing of either 210Display remote directory listing of either
208.Ar path 211.Ar path
209or current directory if 212or current directory if
210.Ar path 213.Ar path
211is not specified. 214is not specified. If the
215.Fl l
216flag is specified, then display additional details including permissions
217and ownership information.
212.It Ic lumask Ar umask 218.It Ic lumask Ar umask
213Set local umask to 219Set local umask to
214.Ar umask . 220.Ar umask .
diff --git a/sftp.c b/sftp.c
index fac2564de..c4055b91e 100644
--- a/sftp.c
+++ b/sftp.c
@@ -24,7 +24,7 @@
24 24
25#include "includes.h" 25#include "includes.h"
26 26
27RCSID("$OpenBSD: sftp.c,v 1.30 2002/06/23 09:30:14 deraadt Exp $"); 27RCSID("$OpenBSD: sftp.c,v 1.31 2002/07/25 01:16:59 mouring Exp $");
28 28
29/* XXX: short-form remote directory listings (like 'ls -C') */ 29/* XXX: short-form remote directory listings (like 'ls -C') */
30 30
@@ -122,7 +122,6 @@ main(int argc, char **argv)
122 __progname = get_progname(argv[0]); 122 __progname = get_progname(argv[0]);
123 args.list = NULL; 123 args.list = NULL;
124 addargs(&args, "ssh"); /* overwritten with ssh_program */ 124 addargs(&args, "ssh"); /* overwritten with ssh_program */
125 addargs(&args, "-oFallBackToRsh no");
126 addargs(&args, "-oForwardX11 no"); 125 addargs(&args, "-oForwardX11 no");
127 addargs(&args, "-oForwardAgent no"); 126 addargs(&args, "-oForwardAgent no");
128 addargs(&args, "-oClearAllForwardings yes"); 127 addargs(&args, "-oClearAllForwardings yes");
diff --git a/ssh-add.c b/ssh-add.c
index 176fd85c8..9c729752a 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -35,7 +35,7 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: ssh-add.c,v 1.61 2002/06/19 00:27:55 deraadt Exp $"); 38RCSID("$OpenBSD: ssh-add.c,v 1.63 2002/09/19 15:51:23 markus Exp $");
39 39
40#include <openssl/evp.h> 40#include <openssl/evp.h>
41 41
@@ -264,7 +264,7 @@ lock_agent(AuthenticationConnection *ac, int lock)
264 fprintf(stderr, "Failed to %slock agent.\n", lock ? "" : "un"); 264 fprintf(stderr, "Failed to %slock agent.\n", lock ? "" : "un");
265 memset(p1, 0, strlen(p1)); 265 memset(p1, 0, strlen(p1));
266 xfree(p1); 266 xfree(p1);
267 return -1; 267 return (ret);
268} 268}
269 269
270static int 270static int
@@ -290,7 +290,7 @@ usage(void)
290 fprintf(stderr, " -d Delete identity.\n"); 290 fprintf(stderr, " -d Delete identity.\n");
291 fprintf(stderr, " -D Delete all identities.\n"); 291 fprintf(stderr, " -D Delete all identities.\n");
292 fprintf(stderr, " -x Lock agent.\n"); 292 fprintf(stderr, " -x Lock agent.\n");
293 fprintf(stderr, " -x Unlock agent.\n"); 293 fprintf(stderr, " -X Unlock agent.\n");
294 fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); 294 fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n");
295#ifdef SMARTCARD 295#ifdef SMARTCARD
296 fprintf(stderr, " -s reader Add key in smartcard reader.\n"); 296 fprintf(stderr, " -s reader Add key in smartcard reader.\n");
diff --git a/ssh-agent.c b/ssh-agent.c
index ac16bae40..cca720ee2 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -34,8 +34,8 @@
34 */ 34 */
35 35
36#include "includes.h" 36#include "includes.h"
37#include "openbsd-compat/fake-queue.h" 37#include "openbsd-compat/sys-queue.h"
38RCSID("$OpenBSD: ssh-agent.c,v 1.97 2002/06/24 14:55:38 markus Exp $"); 38RCSID("$OpenBSD: ssh-agent.c,v 1.105 2002/10/01 20:34:12 markus Exp $");
39 39
40#include <openssl/evp.h> 40#include <openssl/evp.h>
41#include <openssl/md5.h> 41#include <openssl/md5.h>
@@ -107,6 +107,17 @@ char *__progname;
107#endif 107#endif
108 108
109static void 109static void
110close_socket(SocketEntry *e)
111{
112 close(e->fd);
113 e->fd = -1;
114 e->type = AUTH_UNUSED;
115 buffer_free(&e->input);
116 buffer_free(&e->output);
117 buffer_free(&e->request);
118}
119
120static void
110idtab_init(void) 121idtab_init(void)
111{ 122{
112 int i; 123 int i;
@@ -617,13 +628,7 @@ process_message(SocketEntry *e)
617 cp = buffer_ptr(&e->input); 628 cp = buffer_ptr(&e->input);
618 msg_len = GET_32BIT(cp); 629 msg_len = GET_32BIT(cp);
619 if (msg_len > 256 * 1024) { 630 if (msg_len > 256 * 1024) {
620 shutdown(e->fd, SHUT_RDWR); 631 close_socket(e);
621 close(e->fd);
622 e->fd = -1;
623 e->type = AUTH_UNUSED;
624 buffer_free(&e->input);
625 buffer_free(&e->output);
626 buffer_free(&e->request);
627 return; 632 return;
628 } 633 }
629 if (buffer_len(&e->input) < msg_len + 4) 634 if (buffer_len(&e->input) < msg_len + 4)
@@ -805,6 +810,8 @@ after_select(fd_set *readset, fd_set *writeset)
805 char buf[1024]; 810 char buf[1024];
806 int len, sock; 811 int len, sock;
807 u_int i; 812 u_int i;
813 uid_t euid;
814 gid_t egid;
808 815
809 for (i = 0; i < sockets_alloc; i++) 816 for (i = 0; i < sockets_alloc; i++)
810 switch (sockets[i].type) { 817 switch (sockets[i].type) {
@@ -820,6 +827,19 @@ after_select(fd_set *readset, fd_set *writeset)
820 strerror(errno)); 827 strerror(errno));
821 break; 828 break;
822 } 829 }
830 if (getpeereid(sock, &euid, &egid) < 0) {
831 error("getpeereid %d failed: %s",
832 sock, strerror(errno));
833 close(sock);
834 break;
835 }
836 if ((euid != 0) && (getuid() != euid)) {
837 error("uid mismatch: "
838 "peer euid %u != uid %u",
839 (u_int) euid, (u_int) getuid());
840 close(sock);
841 break;
842 }
823 new_socket(AUTH_CONNECTION, sock); 843 new_socket(AUTH_CONNECTION, sock);
824 } 844 }
825 break; 845 break;
@@ -836,13 +856,7 @@ after_select(fd_set *readset, fd_set *writeset)
836 break; 856 break;
837 } while (1); 857 } while (1);
838 if (len <= 0) { 858 if (len <= 0) {
839 shutdown(sockets[i].fd, SHUT_RDWR); 859 close_socket(&sockets[i]);
840 close(sockets[i].fd);
841 sockets[i].fd = -1;
842 sockets[i].type = AUTH_UNUSED;
843 buffer_free(&sockets[i].input);
844 buffer_free(&sockets[i].output);
845 buffer_free(&sockets[i].request);
846 break; 860 break;
847 } 861 }
848 buffer_consume(&sockets[i].output, len); 862 buffer_consume(&sockets[i].output, len);
@@ -856,13 +870,7 @@ after_select(fd_set *readset, fd_set *writeset)
856 break; 870 break;
857 } while (1); 871 } while (1);
858 if (len <= 0) { 872 if (len <= 0) {
859 shutdown(sockets[i].fd, SHUT_RDWR); 873 close_socket(&sockets[i]);
860 close(sockets[i].fd);
861 sockets[i].fd = -1;
862 sockets[i].type = AUTH_UNUSED;
863 buffer_free(&sockets[i].input);
864 buffer_free(&sockets[i].output);
865 buffer_free(&sockets[i].request);
866 break; 874 break;
867 } 875 }
868 buffer_append(&sockets[i].input, buf, len); 876 buffer_append(&sockets[i].input, buf, len);
@@ -943,6 +951,10 @@ main(int ac, char **av)
943 pid_t pid; 951 pid_t pid;
944 char pidstrbuf[1 + 3 * sizeof pid]; 952 char pidstrbuf[1 + 3 * sizeof pid];
945 953
954 /* drop */
955 setegid(getgid());
956 setgid(getgid());
957
946 SSLeay_add_all_algorithms(); 958 SSLeay_add_all_algorithms();
947 959
948 __progname = get_progname(av[0]); 960 __progname = get_progname(av[0]);
@@ -1052,7 +1064,7 @@ main(int ac, char **av)
1052#ifdef HAVE_CYGWIN 1064#ifdef HAVE_CYGWIN
1053 umask(prev_mask); 1065 umask(prev_mask);
1054#endif 1066#endif
1055 if (listen(sock, 5) < 0) { 1067 if (listen(sock, 128) < 0) {
1056 perror("listen"); 1068 perror("listen");
1057 cleanup_exit(1); 1069 cleanup_exit(1);
1058 } 1070 }
diff --git a/ssh-dss.c b/ssh-dss.c
index dbf8465ba..9ba2584dd 100644
--- a/ssh-dss.c
+++ b/ssh-dss.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: ssh-dss.c,v 1.15 2002/06/23 03:30:17 deraadt Exp $"); 26RCSID("$OpenBSD: ssh-dss.c,v 1.17 2002/07/04 10:41:47 markus Exp $");
27 27
28#include <openssl/bn.h> 28#include <openssl/bn.h>
29#include <openssl/evp.h> 29#include <openssl/evp.h>
@@ -46,7 +46,7 @@ ssh_dss_sign(Key *key, u_char **sigp, u_int *lenp,
46 DSA_SIG *sig; 46 DSA_SIG *sig;
47 const EVP_MD *evp_md = EVP_sha1(); 47 const EVP_MD *evp_md = EVP_sha1();
48 EVP_MD_CTX md; 48 EVP_MD_CTX md;
49 u_char *ret, digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN]; 49 u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];
50 u_int rlen, slen, len, dlen; 50 u_int rlen, slen, len, dlen;
51 Buffer b; 51 Buffer b;
52 52
@@ -79,25 +79,25 @@ ssh_dss_sign(Key *key, u_char **sigp, u_int *lenp,
79 DSA_SIG_free(sig); 79 DSA_SIG_free(sig);
80 80
81 if (datafellows & SSH_BUG_SIGBLOB) { 81 if (datafellows & SSH_BUG_SIGBLOB) {
82 ret = xmalloc(SIGBLOB_LEN);
83 memcpy(ret, sigblob, SIGBLOB_LEN);
84 if (lenp != NULL) 82 if (lenp != NULL)
85 *lenp = SIGBLOB_LEN; 83 *lenp = SIGBLOB_LEN;
86 if (sigp != NULL) 84 if (sigp != NULL) {
87 *sigp = ret; 85 *sigp = xmalloc(SIGBLOB_LEN);
86 memcpy(*sigp, sigblob, SIGBLOB_LEN);
87 }
88 } else { 88 } else {
89 /* ietf-drafts */ 89 /* ietf-drafts */
90 buffer_init(&b); 90 buffer_init(&b);
91 buffer_put_cstring(&b, "ssh-dss"); 91 buffer_put_cstring(&b, "ssh-dss");
92 buffer_put_string(&b, sigblob, SIGBLOB_LEN); 92 buffer_put_string(&b, sigblob, SIGBLOB_LEN);
93 len = buffer_len(&b); 93 len = buffer_len(&b);
94 ret = xmalloc(len);
95 memcpy(ret, buffer_ptr(&b), len);
96 buffer_free(&b);
97 if (lenp != NULL) 94 if (lenp != NULL)
98 *lenp = len; 95 *lenp = len;
99 if (sigp != NULL) 96 if (sigp != NULL) {
100 *sigp = ret; 97 *sigp = xmalloc(len);
98 memcpy(*sigp, buffer_ptr(&b), len);
99 }
100 buffer_free(&b);
101 } 101 }
102 return 0; 102 return 0;
103} 103}
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 4273c1132..3478e3723 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -761,6 +761,8 @@ main(int ac, char **av)
761 __progname = get_progname(av[0]); 761 __progname = get_progname(av[0]);
762 762
763 SSLeay_add_all_algorithms(); 763 SSLeay_add_all_algorithms();
764 init_rng();
765 seed_rng();
764 766
765 /* we need this for the home * directory. */ 767 /* we need this for the home * directory. */
766 pw = getpwuid(getuid()); 768 pw = getpwuid(getuid());
@@ -855,10 +857,12 @@ main(int ac, char **av)
855 do_fingerprint(pw); 857 do_fingerprint(pw);
856 if (change_passphrase) 858 if (change_passphrase)
857 do_change_passphrase(pw); 859 do_change_passphrase(pw);
858 if (convert_to_ssh2)
859 do_convert_to_ssh2(pw);
860 if (change_comment) 860 if (change_comment)
861 do_change_comment(pw); 861 do_change_comment(pw);
862 if (convert_to_ssh2)
863 do_convert_to_ssh2(pw);
864 if (convert_from_ssh2)
865 do_convert_from_ssh2(pw);
862 if (print_public) 866 if (print_public)
863 do_print_public(pw); 867 do_print_public(pw);
864 if (reader_id != NULL) { 868 if (reader_id != NULL) {
@@ -872,13 +876,8 @@ main(int ac, char **av)
872#endif /* SMARTCARD */ 876#endif /* SMARTCARD */
873 } 877 }
874 878
875 init_rng();
876 seed_rng();
877 arc4random_stir(); 879 arc4random_stir();
878 880
879 if (convert_from_ssh2)
880 do_convert_from_ssh2(pw);
881
882 if (key_type_name == NULL) { 881 if (key_type_name == NULL) {
883 printf("You must specify a key type (-t).\n"); 882 printf("You must specify a key type (-t).\n");
884 usage(); 883 usage();
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 1fd011282..788953705 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -7,9 +7,9 @@
7 */ 7 */
8 8
9#include "includes.h" 9#include "includes.h"
10RCSID("$OpenBSD: ssh-keyscan.c,v 1.36 2002/06/16 21:30:58 itojun Exp $"); 10RCSID("$OpenBSD: ssh-keyscan.c,v 1.40 2002/07/06 17:47:58 stevesk Exp $");
11 11
12#include "openbsd-compat/fake-queue.h" 12#include "openbsd-compat/sys-queue.h"
13 13
14#include <openssl/bn.h> 14#include <openssl/bn.h>
15 15
@@ -116,7 +116,8 @@ Linebuf_alloc(const char *filename, void (*errfun) (const char *,...))
116 116
117 if (!(lb = malloc(sizeof(*lb)))) { 117 if (!(lb = malloc(sizeof(*lb)))) {
118 if (errfun) 118 if (errfun)
119 (*errfun) ("linebuf (%s): malloc failed\n", lb->filename); 119 (*errfun) ("linebuf (%s): malloc failed\n",
120 filename ? filename : "(stdin)");
120 return (NULL); 121 return (NULL);
121 } 122 }
122 if (filename) { 123 if (filename) {
@@ -171,13 +172,14 @@ static char *
171Linebuf_getline(Linebuf * lb) 172Linebuf_getline(Linebuf * lb)
172{ 173{
173 int n = 0; 174 int n = 0;
175 void *p;
174 176
175 lb->lineno++; 177 lb->lineno++;
176 for (;;) { 178 for (;;) {
177 /* Read a line */ 179 /* Read a line */
178 if (!fgets(&lb->buf[n], lb->size - n, lb->stream)) { 180 if (!fgets(&lb->buf[n], lb->size - n, lb->stream)) {
179 if (ferror(lb->stream) && lb->errfun) 181 if (ferror(lb->stream) && lb->errfun)
180 (*lb->errfun) ("%s: %s\n", lb->filename, 182 (*lb->errfun)("%s: %s\n", lb->filename,
181 strerror(errno)); 183 strerror(errno));
182 return (NULL); 184 return (NULL);
183 } 185 }
@@ -190,17 +192,20 @@ Linebuf_getline(Linebuf * lb)
190 } 192 }
191 if (n != lb->size - 1) { 193 if (n != lb->size - 1) {
192 if (lb->errfun) 194 if (lb->errfun)
193 (*lb->errfun) ("%s: skipping incomplete last line\n", 195 (*lb->errfun)("%s: skipping incomplete last line\n",
194 lb->filename); 196 lb->filename);
195 return (NULL); 197 return (NULL);
196 } 198 }
197 /* Double the buffer if we need more space */ 199 /* Double the buffer if we need more space */
198 if (!(lb->buf = realloc(lb->buf, (lb->size *= 2)))) { 200 lb->size *= 2;
201 if ((p = realloc(lb->buf, lb->size)) == NULL) {
202 lb->size /= 2;
199 if (lb->errfun) 203 if (lb->errfun)
200 (*lb->errfun) ("linebuf (%s): realloc failed\n", 204 (*lb->errfun)("linebuf (%s): realloc failed\n",
201 lb->filename); 205 lb->filename);
202 return (NULL); 206 return (NULL);
203 } 207 }
208 lb->buf = p;
204 } 209 }
205} 210}
206 211
@@ -229,6 +234,7 @@ fdlim_set(int lim)
229#if defined(HAVE_SETRLIMIT) && defined(RLIMIT_NOFILE) 234#if defined(HAVE_SETRLIMIT) && defined(RLIMIT_NOFILE)
230 struct rlimit rlfd; 235 struct rlimit rlfd;
231#endif 236#endif
237
232 if (lim <= 0) 238 if (lim <= 0)
233 return (-1); 239 return (-1);
234#if defined(HAVE_SETRLIMIT) && defined(RLIMIT_NOFILE) 240#if defined(HAVE_SETRLIMIT) && defined(RLIMIT_NOFILE)
@@ -411,8 +417,8 @@ tcpconnect(char *host)
411static int 417static int
412conalloc(char *iname, char *oname, int keytype) 418conalloc(char *iname, char *oname, int keytype)
413{ 419{
414 int s;
415 char *namebase, *name, *namelist; 420 char *namebase, *name, *namelist;
421 int s;
416 422
417 namebase = namelist = xstrdup(iname); 423 namebase = namelist = xstrdup(iname);
418 424
@@ -476,8 +482,8 @@ contouch(int s)
476static int 482static int
477conrecycle(int s) 483conrecycle(int s)
478{ 484{
479 int ret;
480 con *c = &fdcon[s]; 485 con *c = &fdcon[s];
486 int ret;
481 487
482 ret = conalloc(c->c_namelist, c->c_output_name, c->c_keytype); 488 ret = conalloc(c->c_namelist, c->c_output_name, c->c_keytype);
483 confree(s); 489 confree(s);
@@ -487,10 +493,10 @@ conrecycle(int s)
487static void 493static void
488congreet(int s) 494congreet(int s)
489{ 495{
496 int remote_major, remote_minor, n = 0;
490 char buf[256], *cp; 497 char buf[256], *cp;
491 char remote_version[sizeof buf]; 498 char remote_version[sizeof buf];
492 size_t bufsiz; 499 size_t bufsiz;
493 int remote_major, remote_minor, n = 0;
494 con *c = &fdcon[s]; 500 con *c = &fdcon[s];
495 501
496 bufsiz = sizeof(buf); 502 bufsiz = sizeof(buf);
@@ -554,8 +560,8 @@ congreet(int s)
554static void 560static void
555conread(int s) 561conread(int s)
556{ 562{
557 int n;
558 con *c = &fdcon[s]; 563 con *c = &fdcon[s];
564 int n;
559 565
560 if (c->c_status == CS_CON) { 566 if (c->c_status == CS_CON) {
561 congreet(s); 567 congreet(s);
@@ -594,10 +600,10 @@ conread(int s)
594static void 600static void
595conloop(void) 601conloop(void)
596{ 602{
597 fd_set *r, *e;
598 struct timeval seltime, now; 603 struct timeval seltime, now;
599 int i; 604 fd_set *r, *e;
600 con *c; 605 con *c;
606 int i;
601 607
602 gettimeofday(&now, NULL); 608 gettimeofday(&now, NULL);
603 c = TAILQ_FIRST(&tq); 609 c = TAILQ_FIRST(&tq);
@@ -664,6 +670,7 @@ void
664fatal(const char *fmt,...) 670fatal(const char *fmt,...)
665{ 671{
666 va_list args; 672 va_list args;
673
667 va_start(args, fmt); 674 va_start(args, fmt);
668 do_log(SYSLOG_LEVEL_FATAL, fmt, args); 675 do_log(SYSLOG_LEVEL_FATAL, fmt, args);
669 va_end(args); 676 va_end(args);
@@ -676,16 +683,9 @@ fatal(const char *fmt,...)
676static void 683static void
677usage(void) 684usage(void)
678{ 685{
679 fprintf(stderr, "Usage: %s [options] host ...\n", 686 fprintf(stderr, "usage: %s [-v46] [-p port] [-T timeout] [-f file]\n"
687 "\t\t [host | addrlist namelist] [...]\n",
680 __progname); 688 __progname);
681 fprintf(stderr, "Options:\n");
682 fprintf(stderr, " -f file Read hosts or addresses from file.\n");
683 fprintf(stderr, " -p port Connect to the specified port.\n");
684 fprintf(stderr, " -t keytype Specify the host key type.\n");
685 fprintf(stderr, " -T timeout Set connection timeout.\n");
686 fprintf(stderr, " -v Verbose; display verbose debugging messages.\n");
687 fprintf(stderr, " -4 Use IPv4 only.\n");
688 fprintf(stderr, " -6 Use IPv6 only.\n");
689 exit(1); 689 exit(1);
690} 690}
691 691
@@ -717,9 +717,11 @@ main(int argc, char **argv)
717 } 717 }
718 break; 718 break;
719 case 'T': 719 case 'T':
720 timeout = atoi(optarg); 720 timeout = convtime(optarg);
721 if (timeout <= 0) 721 if (timeout == -1 || timeout == 0) {
722 fprintf(stderr, "Bad timeout '%s'\n", optarg);
722 usage(); 723 usage();
724 }
723 break; 725 break;
724 case 'v': 726 case 'v':
725 if (!debug_flag) { 727 if (!debug_flag) {
diff --git a/ssh-keysign.0 b/ssh-keysign.0
index d6a59c068..b5ad6627a 100644
--- a/ssh-keysign.0
+++ b/ssh-keysign.0
@@ -9,11 +9,20 @@ SYNOPSIS
9DESCRIPTION 9DESCRIPTION
10 ssh-keysign is used by ssh(1) to access the local host keys and generate 10 ssh-keysign is used by ssh(1) to access the local host keys and generate
11 the digital signature required during hostbased authentication with SSH 11 the digital signature required during hostbased authentication with SSH
12 protocol version 2. ssh-keysign is not intended to be invoked by the 12 protocol version 2.
13 user, but from ssh(1). See ssh(1) and sshd(8) for more information about 13
14 hostbased authentication. 14 ssh-keysign is disabled by default and can only be enabled in the the
15 global client configuration file /etc/ssh/ssh_config by setting
16 HostbasedAuthentication to ``yes''.
17
18 ssh-keysign is not intended to be invoked by the user, but from ssh(1).
19 See ssh(1) and sshd(8) for more information about hostbased authenticaM--
20 tion.
15 21
16FILES 22FILES
23 /etc/ssh/ssh_config
24 Controls whether ssh-keysign is enabled.
25
17 /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key 26 /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
18 These files contain the private parts of the host keys used to 27 These files contain the private parts of the host keys used to
19 generate the digital signature. They should be owned by root, 28 generate the digital signature. They should be owned by root,
@@ -22,7 +31,7 @@ FILES
22 hostbased authentication is used. 31 hostbased authentication is used.
23 32
24SEE ALSO 33SEE ALSO
25 ssh(1), ssh-keygen(1), sshd(8) 34 ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)
26 35
27AUTHORS 36AUTHORS
28 Markus Friedl <markus@openbsd.org> 37 Markus Friedl <markus@openbsd.org>
diff --git a/ssh-keysign.8 b/ssh-keysign.8
index ab2cf21ba..cea4a8244 100644
--- a/ssh-keysign.8
+++ b/ssh-keysign.8
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keysign.8,v 1.2 2002/06/10 16:56:30 stevesk Exp $ 1.\" $OpenBSD: ssh-keysign.8,v 1.3 2002/07/03 14:21:05 markus Exp $
2.\" 2.\"
3.\" Copyright (c) 2002 Markus Friedl. All rights reserved. 3.\" Copyright (c) 2002 Markus Friedl. All rights reserved.
4.\" 4.\"
@@ -36,6 +36,16 @@ is used by
36.Xr ssh 1 36.Xr ssh 1
37to access the local host keys and generate the digital signature 37to access the local host keys and generate the digital signature
38required during hostbased authentication with SSH protocol version 2. 38required during hostbased authentication with SSH protocol version 2.
39.Pp
40.Nm
41is disabled by default and can only be enabled in the
42the global client configuration file
43.Pa /etc/ssh/ssh_config
44by setting
45.Cm HostbasedAuthentication
46to
47.Dq yes .
48.Pp
39.Nm 49.Nm
40is not intended to be invoked by the user, but from 50is not intended to be invoked by the user, but from
41.Xr ssh 1 . 51.Xr ssh 1 .
@@ -46,6 +56,10 @@ and
46for more information about hostbased authentication. 56for more information about hostbased authentication.
47.Sh FILES 57.Sh FILES
48.Bl -tag -width Ds 58.Bl -tag -width Ds
59.It Pa /etc/ssh/ssh_config
60Controls whether
61.Nm
62is enabled.
49.It Pa /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key 63.It Pa /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
50These files contain the private parts of the host keys used to 64These files contain the private parts of the host keys used to
51generate the digital signature. They 65generate the digital signature. They
@@ -58,6 +72,7 @@ must be set-uid root if hostbased authentication is used.
58.Sh SEE ALSO 72.Sh SEE ALSO
59.Xr ssh 1 , 73.Xr ssh 1 ,
60.Xr ssh-keygen 1 , 74.Xr ssh-keygen 1 ,
75.Xr ssh_config 5 ,
61.Xr sshd 8 76.Xr sshd 8
62.Sh AUTHORS 77.Sh AUTHORS
63Markus Friedl <markus@openbsd.org> 78Markus Friedl <markus@openbsd.org>
diff --git a/ssh-keysign.c b/ssh-keysign.c
index fffa7bbdc..79aee17c0 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -22,12 +22,15 @@
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */ 23 */
24#include "includes.h" 24#include "includes.h"
25RCSID("$OpenBSD: ssh-keysign.c,v 1.4 2002/06/19 00:27:55 deraadt Exp $"); 25RCSID("$OpenBSD: ssh-keysign.c,v 1.7 2002/07/03 14:21:05 markus Exp $");
26 26
27#include <openssl/evp.h> 27#include <openssl/evp.h>
28#include <openssl/rand.h>
29#include <openssl/rsa.h>
28 30
29#include "log.h" 31#include "log.h"
30#include "key.h" 32#include "key.h"
33#include "ssh.h"
31#include "ssh2.h" 34#include "ssh2.h"
32#include "misc.h" 35#include "misc.h"
33#include "xmalloc.h" 36#include "xmalloc.h"
@@ -37,6 +40,9 @@ RCSID("$OpenBSD: ssh-keysign.c,v 1.4 2002/06/19 00:27:55 deraadt Exp $");
37#include "msg.h" 40#include "msg.h"
38#include "canohost.h" 41#include "canohost.h"
39#include "pathnames.h" 42#include "pathnames.h"
43#include "readconf.h"
44
45uid_t original_real_uid; /* XXX readconf.c needs this */
40 46
41#ifdef HAVE___PROGNAME 47#ifdef HAVE___PROGNAME
42extern char *__progname; 48extern char *__progname;
@@ -134,12 +140,14 @@ int
134main(int argc, char **argv) 140main(int argc, char **argv)
135{ 141{
136 Buffer b; 142 Buffer b;
143 Options options;
137 Key *keys[2], *key; 144 Key *keys[2], *key;
138 struct passwd *pw; 145 struct passwd *pw;
139 int key_fd[2], i, found, version = 2, fd; 146 int key_fd[2], i, found, version = 2, fd;
140 u_char *signature, *data; 147 u_char *signature, *data;
141 char *host; 148 char *host;
142 u_int slen, dlen; 149 u_int slen, dlen;
150 u_int32_t rnd[256];
143 151
144 key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); 152 key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
145 key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); 153 key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
@@ -155,6 +163,15 @@ main(int argc, char **argv)
155 log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0); 163 log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0);
156#endif 164#endif
157 165
166 /* verify that ssh-keysign is enabled by the admin */
167 original_real_uid = getuid(); /* XXX readconf.c needs this */
168 initialize_options(&options);
169 (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options);
170 fill_default_options(&options);
171 if (options.hostbased_authentication != 1)
172 fatal("Hostbased authentication not enabled in %s",
173 _PATH_HOST_CONFIG_FILE);
174
158 if (key_fd[0] == -1 && key_fd[1] == -1) 175 if (key_fd[0] == -1 && key_fd[1] == -1)
159 fatal("could not open any host key"); 176 fatal("could not open any host key");
160 177
@@ -163,6 +180,9 @@ main(int argc, char **argv)
163 pw = pwcopy(pw); 180 pw = pwcopy(pw);
164 181
165 SSLeay_add_all_algorithms(); 182 SSLeay_add_all_algorithms();
183 for (i = 0; i < 256; i++)
184 rnd[i] = arc4random();
185 RAND_seed(rnd, sizeof(rnd));
166 186
167 found = 0; 187 found = 0;
168 for (i = 0; i < 2; i++) { 188 for (i = 0; i < 2; i++) {
@@ -172,6 +192,13 @@ main(int argc, char **argv)
172 keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC, 192 keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC,
173 NULL, NULL); 193 NULL, NULL);
174 close(key_fd[i]); 194 close(key_fd[i]);
195 if (keys[i] != NULL && keys[i]->type == KEY_RSA) {
196 if (RSA_blinding_on(keys[i]->rsa, NULL) != 1) {
197 error("RSA_blinding_on failed");
198 key_free(keys[i]);
199 keys[i] = NULL;
200 }
201 }
175 if (keys[i] != NULL) 202 if (keys[i] != NULL)
176 found = 1; 203 found = 1;
177 } 204 }
@@ -179,8 +206,8 @@ main(int argc, char **argv)
179 fatal("no hostkey found"); 206 fatal("no hostkey found");
180 207
181 buffer_init(&b); 208 buffer_init(&b);
182 if (msg_recv(STDIN_FILENO, &b) < 0) 209 if (ssh_msg_recv(STDIN_FILENO, &b) < 0)
183 fatal("msg_recv failed"); 210 fatal("ssh_msg_recv failed");
184 if (buffer_get_char(&b) != version) 211 if (buffer_get_char(&b) != version)
185 fatal("bad version"); 212 fatal("bad version");
186 fd = buffer_get_int(&b); 213 fd = buffer_get_int(&b);
@@ -212,7 +239,7 @@ main(int argc, char **argv)
212 /* send reply */ 239 /* send reply */
213 buffer_clear(&b); 240 buffer_clear(&b);
214 buffer_put_string(&b, signature, slen); 241 buffer_put_string(&b, signature, slen);
215 msg_send(STDOUT_FILENO, version, &b); 242 ssh_msg_send(STDOUT_FILENO, version, &b);
216 243
217 return (0); 244 return (0);
218} 245}
diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c
index 364d5d270..e6c52b546 100644
--- a/ssh-rand-helper.c
+++ b/ssh-rand-helper.c
@@ -39,7 +39,7 @@
39#include "pathnames.h" 39#include "pathnames.h"
40#include "log.h" 40#include "log.h"
41 41
42RCSID("$Id: ssh-rand-helper.c,v 1.7 2002/06/09 19:41:49 mouring Exp $"); 42RCSID("$Id: ssh-rand-helper.c,v 1.8 2002/07/28 20:42:24 stevesk Exp $");
43 43
44/* Number of bytes we write out */ 44/* Number of bytes we write out */
45#define OUTPUT_SEED_SIZE 48 45#define OUTPUT_SEED_SIZE 48
@@ -63,7 +63,6 @@ RCSID("$Id: ssh-rand-helper.c,v 1.7 2002/06/09 19:41:49 mouring Exp $");
63# define SSH_PRNG_COMMAND_FILE SSHDIR "/ssh_prng_cmds" 63# define SSH_PRNG_COMMAND_FILE SSHDIR "/ssh_prng_cmds"
64#endif 64#endif
65 65
66
67#ifdef HAVE___PROGNAME 66#ifdef HAVE___PROGNAME
68extern char *__progname; 67extern char *__progname;
69#else 68#else
@@ -115,7 +114,7 @@ double stir_from_programs(void);
115double stir_gettimeofday(double entropy_estimate); 114double stir_gettimeofday(double entropy_estimate);
116double stir_clock(double entropy_estimate); 115double stir_clock(double entropy_estimate);
117double stir_rusage(int who, double entropy_estimate); 116double stir_rusage(int who, double entropy_estimate);
118double hash_command_output(entropy_cmd_t *src, char *hash); 117double hash_command_output(entropy_cmd_t *src, unsigned char *hash);
119int get_random_bytes_prngd(unsigned char *buf, int len, 118int get_random_bytes_prngd(unsigned char *buf, int len,
120 unsigned short tcp_port, char *socket_path); 119 unsigned short tcp_port, char *socket_path);
121 120
@@ -274,7 +273,7 @@ timeval_diff(struct timeval *t1, struct timeval *t2)
274} 273}
275 274
276double 275double
277hash_command_output(entropy_cmd_t *src, char *hash) 276hash_command_output(entropy_cmd_t *src, unsigned char *hash)
278{ 277{
279 char buf[8192]; 278 char buf[8192];
280 fd_set rdset; 279 fd_set rdset;
@@ -460,7 +459,7 @@ stir_from_programs(void)
460{ 459{
461 int c; 460 int c;
462 double entropy, total_entropy; 461 double entropy, total_entropy;
463 char hash[SHA_DIGEST_LENGTH]; 462 unsigned char hash[SHA_DIGEST_LENGTH];
464 463
465 total_entropy = 0; 464 total_entropy = 0;
466 for(c = 0; entropy_cmds[c].path != NULL; c++) { 465 for(c = 0; entropy_cmds[c].path != NULL; c++) {
@@ -543,7 +542,8 @@ void
543prng_write_seedfile(void) 542prng_write_seedfile(void)
544{ 543{
545 int fd; 544 int fd;
546 char seed[SEED_FILE_SIZE], filename[MAXPATHLEN]; 545 unsigned char seed[SEED_FILE_SIZE];
546 char filename[MAXPATHLEN];
547 struct passwd *pw; 547 struct passwd *pw;
548 548
549 pw = getpwuid(getuid()); 549 pw = getpwuid(getuid());
@@ -862,4 +862,3 @@ main(int argc, char **argv)
862 862
863 return ret == bytes ? 0 : 1; 863 return ret == bytes ? 0 : 1;
864} 864}
865
diff --git a/ssh-rsa.c b/ssh-rsa.c
index 782279bad..d7b2918f9 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: ssh-rsa.c,v 1.21 2002/06/23 03:30:17 deraadt Exp $"); 26RCSID("$OpenBSD: ssh-rsa.c,v 1.26 2002/08/27 17:13:56 stevesk Exp $");
27 27
28#include <openssl/evp.h> 28#include <openssl/evp.h>
29#include <openssl/err.h> 29#include <openssl/err.h>
@@ -37,6 +37,8 @@ RCSID("$OpenBSD: ssh-rsa.c,v 1.21 2002/06/23 03:30:17 deraadt Exp $");
37#include "compat.h" 37#include "compat.h"
38#include "ssh.h" 38#include "ssh.h"
39 39
40static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int , RSA *);
41
40/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ 42/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
41int 43int
42ssh_rsa_sign(Key *key, u_char **sigp, u_int *lenp, 44ssh_rsa_sign(Key *key, u_char **sigp, u_int *lenp,
@@ -44,7 +46,7 @@ ssh_rsa_sign(Key *key, u_char **sigp, u_int *lenp,
44{ 46{
45 const EVP_MD *evp_md; 47 const EVP_MD *evp_md;
46 EVP_MD_CTX md; 48 EVP_MD_CTX md;
47 u_char digest[EVP_MAX_MD_SIZE], *sig, *ret; 49 u_char digest[EVP_MAX_MD_SIZE], *sig;
48 u_int slen, dlen, len; 50 u_int slen, dlen, len;
49 int ok, nid; 51 int ok, nid;
50 Buffer b; 52 Buffer b;
@@ -76,7 +78,7 @@ ssh_rsa_sign(Key *key, u_char **sigp, u_int *lenp,
76 return -1; 78 return -1;
77 } 79 }
78 if (len < slen) { 80 if (len < slen) {
79 int diff = slen - len; 81 u_int diff = slen - len;
80 debug("slen %u > len %u", slen, len); 82 debug("slen %u > len %u", slen, len);
81 memmove(sig + diff, sig, len); 83 memmove(sig + diff, sig, len);
82 memset(sig, 0, diff); 84 memset(sig, 0, diff);
@@ -90,16 +92,16 @@ ssh_rsa_sign(Key *key, u_char **sigp, u_int *lenp,
90 buffer_put_cstring(&b, "ssh-rsa"); 92 buffer_put_cstring(&b, "ssh-rsa");
91 buffer_put_string(&b, sig, slen); 93 buffer_put_string(&b, sig, slen);
92 len = buffer_len(&b); 94 len = buffer_len(&b);
93 ret = xmalloc(len); 95 if (lenp != NULL)
94 memcpy(ret, buffer_ptr(&b), len); 96 *lenp = len;
97 if (sigp != NULL) {
98 *sigp = xmalloc(len);
99 memcpy(*sigp, buffer_ptr(&b), len);
100 }
95 buffer_free(&b); 101 buffer_free(&b);
96 memset(sig, 's', slen); 102 memset(sig, 's', slen);
97 xfree(sig); 103 xfree(sig);
98 104
99 if (lenp != NULL)
100 *lenp = len;
101 if (sigp != NULL)
102 *sigp = ret;
103 return 0; 105 return 0;
104} 106}
105 107
@@ -149,7 +151,7 @@ ssh_rsa_verify(Key *key, u_char *signature, u_int signaturelen,
149 xfree(sigblob); 151 xfree(sigblob);
150 return -1; 152 return -1;
151 } else if (len < modlen) { 153 } else if (len < modlen) {
152 int diff = modlen - len; 154 u_int diff = modlen - len;
153 debug("ssh_rsa_verify: add padding: modlen %u > len %u", 155 debug("ssh_rsa_verify: add padding: modlen %u > len %u",
154 modlen, len); 156 modlen, len);
155 sigblob = xrealloc(sigblob, modlen); 157 sigblob = xrealloc(sigblob, modlen);
@@ -167,15 +169,100 @@ ssh_rsa_verify(Key *key, u_char *signature, u_int signaturelen,
167 EVP_DigestUpdate(&md, data, datalen); 169 EVP_DigestUpdate(&md, data, datalen);
168 EVP_DigestFinal(&md, digest, &dlen); 170 EVP_DigestFinal(&md, digest, &dlen);
169 171
170 ret = RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); 172 ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key->rsa);
171 memset(digest, 'd', sizeof(digest)); 173 memset(digest, 'd', sizeof(digest));
172 memset(sigblob, 's', len); 174 memset(sigblob, 's', len);
173 xfree(sigblob); 175 xfree(sigblob);
174 if (ret == 0) {
175 int ecode = ERR_get_error();
176 error("ssh_rsa_verify: RSA_verify failed: %s",
177 ERR_error_string(ecode, NULL));
178 }
179 debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : ""); 176 debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : "");
180 return ret; 177 return ret;
181} 178}
179
180/*
181 * See:
182 * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/
183 * ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.asn
184 */
185/*
186 * id-sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
187 * oiw(14) secsig(3) algorithms(2) 26 }
188 */
189static const u_char id_sha1[] = {
190 0x30, 0x21, /* type Sequence, length 0x21 (33) */
191 0x30, 0x09, /* type Sequence, length 0x09 */
192 0x06, 0x05, /* type OID, length 0x05 */
193 0x2b, 0x0e, 0x03, 0x02, 0x1a, /* id-sha1 OID */
194 0x05, 0x00, /* NULL */
195 0x04, 0x14 /* Octet string, length 0x14 (20), followed by sha1 hash */
196};
197/*
198 * id-md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
199 * rsadsi(113549) digestAlgorithm(2) 5 }
200 */
201static const u_char id_md5[] = {
202 0x30, 0x20, /* type Sequence, length 0x20 (32) */
203 0x30, 0x0c, /* type Sequence, length 0x09 */
204 0x06, 0x08, /* type OID, length 0x05 */
205 0x2a, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, /* id-md5 */
206 0x05, 0x00, /* NULL */
207 0x04, 0x10 /* Octet string, length 0x10 (16), followed by md5 hash */
208};
209
210static int
211openssh_RSA_verify(int type, u_char *hash, u_int hashlen,
212 u_char *sigbuf, u_int siglen, RSA *rsa)
213{
214 u_int ret, rsasize, oidlen = 0, hlen = 0;
215 int len;
216 const u_char *oid = NULL;
217 u_char *decrypted = NULL;
218
219 ret = 0;
220 switch (type) {
221 case NID_sha1:
222 oid = id_sha1;
223 oidlen = sizeof(id_sha1);
224 hlen = 20;
225 break;
226 case NID_md5:
227 oid = id_md5;
228 oidlen = sizeof(id_md5);
229 hlen = 16;
230 break;
231 default:
232 goto done;
233 break;
234 }
235 if (hashlen != hlen) {
236 error("bad hashlen");
237 goto done;
238 }
239 rsasize = RSA_size(rsa);
240 if (siglen == 0 || siglen > rsasize) {
241 error("bad siglen");
242 goto done;
243 }
244 decrypted = xmalloc(rsasize);
245 if ((len = RSA_public_decrypt(siglen, sigbuf, decrypted, rsa,
246 RSA_PKCS1_PADDING)) < 0) {
247 error("RSA_public_decrypt failed: %s",
248 ERR_error_string(ERR_get_error(), NULL));
249 goto done;
250 }
251 if (len != hlen + oidlen) {
252 error("bad decrypted len: %d != %d + %d", len, hlen, oidlen);
253 goto done;
254 }
255 if (memcmp(decrypted, oid, oidlen) != 0) {
256 error("oid mismatch");
257 goto done;
258 }
259 if (memcmp(decrypted + oidlen, hash, hlen) != 0) {
260 error("hash mismatch");
261 goto done;
262 }
263 ret = 1;
264done:
265 if (decrypted)
266 xfree(decrypted);
267 return ret;
268}
diff --git a/ssh.0 b/ssh.0
index 175f9c424..18136aef4 100644
--- a/ssh.0
+++ b/ssh.0
@@ -6,7 +6,7 @@ NAME
6SYNOPSIS 6SYNOPSIS
7 ssh [-l login_name] hostname | user@hostname [command] 7 ssh [-l login_name] hostname | user@hostname [command]
8 8
9 ssh [-afgknqstvxACNPTX1246] [-b bind_address] [-c cipher_spec] 9 ssh [-afgknqstvxACNTX1246] [-b bind_address] [-c cipher_spec]
10 [-e escape_char] [-i identity_file] [-l login_name] [-m mac_spec] 10 [-e escape_char] [-i identity_file] [-l login_name] [-m mac_spec]
11 [-o option] [-p port] [-F configfile] [-L port:host:hostport] [-R 11 [-o option] [-p port] [-F configfile] [-L port:host:hostport] [-R
12 port:host:hostport] [-D port] hostname | user@hostname [command] 12 port:host:hostport] [-D port] hostname | user@hostname [command]
@@ -183,9 +183,10 @@ DESCRIPTION
183 is opened. The real authentication cookie is never sent to the server 183 is opened. The real authentication cookie is never sent to the server
184 machine (and no cookies are sent in the plain). 184 machine (and no cookies are sent in the plain).
185 185
186 If the user is using an authentication agent, the connection to the agent 186 If the ForwardAgent variable is set to ``yes'' (or, see the description
187 is automatically forwarded to the remote side unless disabled on the comM-- 187 of the -A and -a options described later) and the user is using an
188 mand line or in a configuration file. 188 authentication agent, the connection to the agent is automatically forM--
189 warded to the remote side.
189 190
190 Forwarding of arbitrary TCP/IP connections over the secure channel can be 191 Forwarding of arbitrary TCP/IP connections over the secure channel can be
191 specified either on the command line or in a configuration file. One 192 specified either on the command line or in a configuration file. One
@@ -214,6 +215,14 @@ DESCRIPTION
214 can also be specified on a per-host basis in a configuration 215 can also be specified on a per-host basis in a configuration
215 file. 216 file.
216 217
218 Agent forwarding should be enabled with caution. Users with the
219 ability to bypass file permissions on the remote host (for the
220 agent's Unix-domain socket) can access the local agent through
221 the forwarded connection. An attacker cannot obtain key material
222 from the agent, however they can perform operations on the keys
223 that enable them to authenticate using the identities loaded into
224 the agent.
225
217 -b bind_address 226 -b bind_address
218 Specify the interface to transmit from on machines with multiple 227 Specify the interface to transmit from on machines with multiple
219 interfaces or aliased addresses. 228 interfaces or aliased addresses.
@@ -298,11 +307,6 @@ DESCRIPTION
298 Port to connect to on the remote host. This can be specified on 307 Port to connect to on the remote host. This can be specified on
299 a per-host basis in the configuration file. 308 a per-host basis in the configuration file.
300 309
301 -P Use a non-privileged port for outgoing connections. This can be
302 used if a firewall does not permit connections from privileged
303 ports. Note that this option turns off RhostsAuthentication and
304 RhostsRSAAuthentication for older servers.
305
306 -q Quiet mode. Causes all warning and diagnostic messages to be 310 -q Quiet mode. Causes all warning and diagnostic messages to be
307 suppressed. 311 suppressed.
308 312
@@ -329,14 +333,20 @@ DESCRIPTION
329 -X Enables X11 forwarding. This can also be specified on a per-host 333 -X Enables X11 forwarding. This can also be specified on a per-host
330 basis in a configuration file. 334 basis in a configuration file.
331 335
336 X11 forwarding should be enabled with caution. Users with the
337 ability to bypass file permissions on the remote host (for the
338 user's X authorization database) can access the local X11 display
339 through the forwarded connection. An attacker may then be able
340 to perform activities such as keystroke monitoring.
341
332 -C Requests compression of all data (including stdin, stdout, 342 -C Requests compression of all data (including stdin, stdout,
333 stderr, and data for forwarded X11 and TCP/IP connections). The 343 stderr, and data for forwarded X11 and TCP/IP connections). The
334 compression algorithm is the same used by gzip(1), and the 344 compression algorithm is the same used by gzip(1), and the
335 ``level'' can be controlled by the CompressionLevel option. ComM-- 345 ``level'' can be controlled by the CompressionLevel option for
336 pression is desirable on modem lines and other slow connections, 346 protocol version 1. Compression is desirable on modem lines and
337 but will only slow down things on fast networks. The default 347 other slow connections, but will only slow down things on fast
338 value can be set on a host-by-host basis in the configuration 348 networks. The default value can be set on a host-by-host basis
339 files; see the Compression option. 349 in the configuration files; see the Compression option.
340 350
341 -F configfile 351 -F configfile
342 Specifies an alternative per-user configuration file. If a conM-- 352 Specifies an alternative per-user configuration file. If a conM--
@@ -428,10 +438,10 @@ ENVIRONMENT
428 Identifies the path of a unix-domain socket used to communicate 438 Identifies the path of a unix-domain socket used to communicate
429 with the agent. 439 with the agent.
430 440
431 SSH_CLIENT 441 SSH_CONNECTION
432 Identifies the client end of the connection. The variable conM-- 442 Identifies the client and server ends of the connection. The
433 tains three space-separated values: client ip-address, client 443 variable contains four space-separated values: client ip-address,
434 port number, and server port number. 444 client port number, server ip-address and server port number.
435 445
436 SSH_ORIGINAL_COMMAND 446 SSH_ORIGINAL_COMMAND
437 The variable contains the original command line if a forced comM-- 447 The variable contains the original command line if a forced comM--
@@ -450,7 +460,9 @@ ENVIRONMENT
450 USER Set to the name of the user logging in. 460 USER Set to the name of the user logging in.
451 461
452 Additionally, ssh reads $HOME/.ssh/environment, and adds lines of the 462 Additionally, ssh reads $HOME/.ssh/environment, and adds lines of the
453 format ``VARNAME=value'' to the environment. 463 format ``VARNAME=value'' to the environment if the file exists and if
464 users are allowed to change their environment. See the
465 PermitUserEnvironment option in sshd_config(5).
454 466
455FILES 467FILES
456 $HOME/.ssh/known_hosts 468 $HOME/.ssh/known_hosts
diff --git a/ssh.1 b/ssh.1
index 1c407c5bd..d8999da48 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: ssh.1,v 1.160 2002/06/22 11:51:39 naddy Exp $ 37.\" $OpenBSD: ssh.1,v 1.167 2002/09/27 15:46:21 stevesk Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSH 1 39.Dt SSH 1
40.Os 40.Os
@@ -48,7 +48,7 @@
48.Op Ar command 48.Op Ar command
49.Pp 49.Pp
50.Nm ssh 50.Nm ssh
51.Op Fl afgknqstvxACNPTX1246 51.Op Fl afgknqstvxACNTX1246
52.Op Fl b Ar bind_address 52.Op Fl b Ar bind_address
53.Op Fl c Ar cipher_spec 53.Op Fl c Ar cipher_spec
54.Op Fl e Ar escape_char 54.Op Fl e Ar escape_char
@@ -353,9 +353,17 @@ the connection is opened.
353The real authentication cookie is never 353The real authentication cookie is never
354sent to the server machine (and no cookies are sent in the plain). 354sent to the server machine (and no cookies are sent in the plain).
355.Pp 355.Pp
356If the user is using an authentication agent, the connection to the agent 356If the
357is automatically forwarded to the remote side unless disabled on 357.Cm ForwardAgent
358the command line or in a configuration file. 358variable is set to
359.Dq yes
360(or, see the description of the
361.Fl A
362and
363.Fl a
364options described later) and
365the user is using an authentication agent, the connection to the agent
366is automatically forwarded to the remote side.
359.Pp 367.Pp
360Forwarding of arbitrary TCP/IP connections over the secure channel can 368Forwarding of arbitrary TCP/IP connections over the secure channel can
361be specified either on the command line or in a configuration file. 369be specified either on the command line or in a configuration file.
@@ -394,6 +402,13 @@ Disables forwarding of the authentication agent connection.
394.It Fl A 402.It Fl A
395Enables forwarding of the authentication agent connection. 403Enables forwarding of the authentication agent connection.
396This can also be specified on a per-host basis in a configuration file. 404This can also be specified on a per-host basis in a configuration file.
405.Pp
406Agent forwarding should be enabled with caution. Users with the
407ability to bypass file permissions on the remote host (for the agent's
408Unix-domain socket) can access the local agent through the forwarded
409connection. An attacker cannot obtain key material from the agent,
410however they can perform operations on the keys that enable them to
411authenticate using the identities loaded into the agent.
397.It Fl b Ar bind_address 412.It Fl b Ar bind_address
398Specify the interface to transmit from on machines with multiple 413Specify the interface to transmit from on machines with multiple
399interfaces or aliased addresses. 414interfaces or aliased addresses.
@@ -515,15 +530,6 @@ command-line flag.
515Port to connect to on the remote host. 530Port to connect to on the remote host.
516This can be specified on a 531This can be specified on a
517per-host basis in the configuration file. 532per-host basis in the configuration file.
518.It Fl P
519Use a non-privileged port for outgoing connections.
520This can be used if a firewall does
521not permit connections from privileged ports.
522Note that this option turns off
523.Cm RhostsAuthentication
524and
525.Cm RhostsRSAAuthentication
526for older servers.
527.It Fl q 533.It Fl q
528Quiet mode. 534Quiet mode.
529Causes all warning and diagnostic messages to be suppressed. 535Causes all warning and diagnostic messages to be suppressed.
@@ -563,6 +569,12 @@ Disables X11 forwarding.
563.It Fl X 569.It Fl X
564Enables X11 forwarding. 570Enables X11 forwarding.
565This can also be specified on a per-host basis in a configuration file. 571This can also be specified on a per-host basis in a configuration file.
572.Pp
573X11 forwarding should be enabled with caution. Users with the ability
574to bypass file permissions on the remote host (for the user's X
575authorization database) can access the local X11 display through the
576forwarded connection. An attacker may then be able to perform
577activities such as keystroke monitoring.
566.It Fl C 578.It Fl C
567Requests compression of all data (including stdin, stdout, stderr, and 579Requests compression of all data (including stdin, stdout, stderr, and
568data for forwarded X11 and TCP/IP connections). 580data for forwarded X11 and TCP/IP connections).
@@ -572,7 +584,7 @@ and the
572.Dq level 584.Dq level
573can be controlled by the 585can be controlled by the
574.Cm CompressionLevel 586.Cm CompressionLevel
575option. 587option for protocol version 1.
576Compression is desirable on modem lines and other 588Compression is desirable on modem lines and other
577slow connections, but will only slow down things on fast networks. 589slow connections, but will only slow down things on fast networks.
578The default value can be set on a host-by-host basis in the 590The default value can be set on a host-by-host basis in the
@@ -718,11 +730,11 @@ to make this work.)
718.It Ev SSH_AUTH_SOCK 730.It Ev SSH_AUTH_SOCK
719Identifies the path of a unix-domain socket used to communicate with the 731Identifies the path of a unix-domain socket used to communicate with the
720agent. 732agent.
721.It Ev SSH_CLIENT 733.It Ev SSH_CONNECTION
722Identifies the client end of the connection. 734Identifies the client and server ends of the connection.
723The variable contains 735The variable contains
724three space-separated values: client ip-address, client port number, 736four space-separated values: client ip-address, client port number,
725and server port number. 737server ip-address and server port number.
726.It Ev SSH_ORIGINAL_COMMAND 738.It Ev SSH_ORIGINAL_COMMAND
727The variable contains the original command line if a forced command 739The variable contains the original command line if a forced command
728is executed. 740is executed.
@@ -746,7 +758,12 @@ reads
746.Pa $HOME/.ssh/environment , 758.Pa $HOME/.ssh/environment ,
747and adds lines of the format 759and adds lines of the format
748.Dq VARNAME=value 760.Dq VARNAME=value
749to the environment. 761to the environment if the file exists and if users are allowed to
762change their environment.
763See the
764.Cm PermitUserEnvironment
765option in
766.Xr sshd_config 5 .
750.Sh FILES 767.Sh FILES
751.Bl -tag -width Ds 768.Bl -tag -width Ds
752.It Pa $HOME/.ssh/known_hosts 769.It Pa $HOME/.ssh/known_hosts
diff --git a/ssh.c b/ssh.c
index 25d51c31f..24e541bc6 100644
--- a/ssh.c
+++ b/ssh.c
@@ -40,7 +40,7 @@
40 */ 40 */
41 41
42#include "includes.h" 42#include "includes.h"
43RCSID("$OpenBSD: ssh.c,v 1.179 2002/06/12 01:09:52 markus Exp $"); 43RCSID("$OpenBSD: ssh.c,v 1.186 2002/09/19 01:58:18 djm Exp $");
44 44
45#include <openssl/evp.h> 45#include <openssl/evp.h>
46#include <openssl/err.h> 46#include <openssl/err.h>
@@ -146,6 +146,9 @@ int subsystem_flag = 0;
146/* # of replies received for global requests */ 146/* # of replies received for global requests */
147static int client_global_request_id = 0; 147static int client_global_request_id = 0;
148 148
149/* pid of proxycommand child process */
150pid_t proxy_command_pid = 0;
151
149/* Prints a help message to the user. This function never returns. */ 152/* Prints a help message to the user. This function never returns. */
150 153
151static void 154static void
@@ -174,7 +177,6 @@ usage(void)
174 fprintf(stderr, " -v Verbose; display verbose debugging messages.\n"); 177 fprintf(stderr, " -v Verbose; display verbose debugging messages.\n");
175 fprintf(stderr, " Multiple -v increases verbosity.\n"); 178 fprintf(stderr, " Multiple -v increases verbosity.\n");
176 fprintf(stderr, " -V Display version number only.\n"); 179 fprintf(stderr, " -V Display version number only.\n");
177 fprintf(stderr, " -P Don't allocate a privileged port.\n");
178 fprintf(stderr, " -q Quiet; don't display any warning messages.\n"); 180 fprintf(stderr, " -q Quiet; don't display any warning messages.\n");
179 fprintf(stderr, " -f Fork into background after authentication.\n"); 181 fprintf(stderr, " -f Fork into background after authentication.\n");
180 fprintf(stderr, " -e char Set escape character; ``none'' = disable (default: ~).\n"); 182 fprintf(stderr, " -e char Set escape character; ``none'' = disable (default: ~).\n");
@@ -229,6 +231,15 @@ main(int ac, char **av)
229 */ 231 */
230 original_real_uid = getuid(); 232 original_real_uid = getuid();
231 original_effective_uid = geteuid(); 233 original_effective_uid = geteuid();
234
235 /*
236 * Use uid-swapping to give up root privileges for the duration of
237 * option processing. We will re-instantiate the rights when we are
238 * ready to create the privileged port, and will permanently drop
239 * them when the port has been created (actually, when the connection
240 * has been made, as we may need to create the port several times).
241 */
242 PRIV_END;
232 243
233#ifdef HAVE_SETRLIMIT 244#ifdef HAVE_SETRLIMIT
234 /* If we are installed setuid root be careful to not drop core. */ 245 /* If we are installed setuid root be careful to not drop core. */
@@ -249,15 +260,6 @@ main(int ac, char **av)
249 pw = pwcopy(pw); 260 pw = pwcopy(pw);
250 261
251 /* 262 /*
252 * Use uid-swapping to give up root privileges for the duration of
253 * option processing. We will re-instantiate the rights when we are
254 * ready to create the privileged port, and will permanently drop
255 * them when the port has been created (actually, when the connection
256 * has been made, as we may need to create the port several times).
257 */
258 PRIV_END;
259
260 /*
261 * Set our umask to something reasonable, as some files are created 263 * Set our umask to something reasonable, as some files are created
262 * with the default umask. This will make them world-readable but 264 * with the default umask. This will make them world-readable but
263 * writable only by the owner, which is ok for all files for which we 265 * writable only by the owner, which is ok for all files for which we
@@ -303,7 +305,7 @@ again:
303 case 'g': 305 case 'g':
304 options.gateway_ports = 1; 306 options.gateway_ports = 1;
305 break; 307 break;
306 case 'P': 308 case 'P': /* deprecated */
307 options.use_privileged_port = 0; 309 options.use_privileged_port = 0;
308 break; 310 break;
309 case 'a': 311 case 'a':
@@ -557,7 +559,7 @@ again:
557 if (buffer_len(&command) == 0) 559 if (buffer_len(&command) == 0)
558 tty_flag = 1; 560 tty_flag = 1;
559 561
560 /* Force no tty*/ 562 /* Force no tty */
561 if (no_tty_flag) 563 if (no_tty_flag)
562 tty_flag = 0; 564 tty_flag = 0;
563 /* Do not allocate a tty if stdin is not a tty. */ 565 /* Do not allocate a tty if stdin is not a tty. */
@@ -642,7 +644,8 @@ again:
642 if (options.rhosts_rsa_authentication || 644 if (options.rhosts_rsa_authentication ||
643 options.hostbased_authentication) { 645 options.hostbased_authentication) {
644 sensitive_data.nkeys = 3; 646 sensitive_data.nkeys = 3;
645 sensitive_data.keys = xmalloc(sensitive_data.nkeys*sizeof(Key)); 647 sensitive_data.keys = xmalloc(sensitive_data.nkeys *
648 sizeof(Key));
646 649
647 PRIV_START; 650 PRIV_START;
648 sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, 651 sensitive_data.keys[0] = key_load_private_type(KEY_RSA1,
@@ -653,7 +656,8 @@ again:
653 _PATH_HOST_RSA_KEY_FILE, "", NULL); 656 _PATH_HOST_RSA_KEY_FILE, "", NULL);
654 PRIV_END; 657 PRIV_END;
655 658
656 if (sensitive_data.keys[0] == NULL && 659 if (options.hostbased_authentication == 1 &&
660 sensitive_data.keys[0] == NULL &&
657 sensitive_data.keys[1] == NULL && 661 sensitive_data.keys[1] == NULL &&
658 sensitive_data.keys[2] == NULL) { 662 sensitive_data.keys[2] == NULL) {
659 sensitive_data.keys[1] = key_load_public( 663 sensitive_data.keys[1] = key_load_public(
@@ -726,6 +730,14 @@ again:
726 730
727 exit_status = compat20 ? ssh_session2() : ssh_session(); 731 exit_status = compat20 ? ssh_session2() : ssh_session();
728 packet_close(); 732 packet_close();
733
734 /*
735 * Send SIGHUP to proxy command if used. We don't wait() in
736 * case it hangs and instead rely on init to reap the child
737 */
738 if (proxy_command_pid > 1)
739 kill(proxy_command_pid, SIGHUP);
740
729 return exit_status; 741 return exit_status;
730} 742}
731 743
@@ -737,11 +749,19 @@ x11_get_proto(char **_proto, char **_data)
737 FILE *f; 749 FILE *f;
738 int got_data = 0, i; 750 int got_data = 0, i;
739 char *display; 751 char *display;
752 struct stat st;
740 753
741 *_proto = proto; 754 *_proto = proto;
742 *_data = data; 755 *_data = data;
743 proto[0] = data[0] = '\0'; 756 proto[0] = data[0] = '\0';
744 if (options.xauth_location && (display = getenv("DISPLAY"))) { 757 if (!options.xauth_location ||
758 (stat(options.xauth_location, &st) == -1)) {
759 debug("No xauth program.");
760 } else {
761 if ((display = getenv("DISPLAY")) == NULL) {
762 debug("x11_get_proto: DISPLAY not set");
763 return;
764 }
745 /* Try to get Xauthority information for the display. */ 765 /* Try to get Xauthority information for the display. */
746 if (strncmp(display, "localhost:", 10) == 0) 766 if (strncmp(display, "localhost:", 10) == 0)
747 /* 767 /*
@@ -756,7 +776,7 @@ x11_get_proto(char **_proto, char **_data)
756 else 776 else
757 snprintf(line, sizeof line, "%s list %.200s 2>" 777 snprintf(line, sizeof line, "%s list %.200s 2>"
758 _PATH_DEVNULL, options.xauth_location, display); 778 _PATH_DEVNULL, options.xauth_location, display);
759 debug2("x11_get_proto %s", line); 779 debug2("x11_get_proto: %s", line);
760 f = popen(line, "r"); 780 f = popen(line, "r");
761 if (f && fgets(line, sizeof(line), f) && 781 if (f && fgets(line, sizeof(line), f) &&
762 sscanf(line, "%*s %511s %511s", proto, data) == 2) 782 sscanf(line, "%*s %511s %511s", proto, data) == 2)
@@ -775,6 +795,7 @@ x11_get_proto(char **_proto, char **_data)
775 if (!got_data) { 795 if (!got_data) {
776 u_int32_t rand = 0; 796 u_int32_t rand = 0;
777 797
798 log("Warning: No xauth data; using fake authentication data for X11 forwarding.");
778 strlcpy(proto, "MIT-MAGIC-COOKIE-1", sizeof proto); 799 strlcpy(proto, "MIT-MAGIC-COOKIE-1", sizeof proto);
779 for (i = 0; i < 16; i++) { 800 for (i = 0; i < 16; i++) {
780 if (i % 4 == 0) 801 if (i % 4 == 0)
@@ -824,11 +845,8 @@ check_agent_present(void)
824{ 845{
825 if (options.forward_agent) { 846 if (options.forward_agent) {
826 /* Clear agent forwarding if we don\'t have an agent. */ 847 /* Clear agent forwarding if we don\'t have an agent. */
827 int authfd = ssh_get_authentication_socket(); 848 if (!ssh_agent_present())
828 if (authfd < 0)
829 options.forward_agent = 0; 849 options.forward_agent = 0;
830 else
831 ssh_close_authentication_socket(authfd);
832 } 850 }
833} 851}
834 852
diff --git a/ssh.h b/ssh.h
index 07eee78b6..0a6ad1317 100644
--- a/ssh.h
+++ b/ssh.h
@@ -60,10 +60,6 @@
60 */ 60 */
61#define SSH_SERVICE_NAME "ssh" 61#define SSH_SERVICE_NAME "ssh"
62 62
63#if defined(USE_PAM) && !defined(SSHD_PAM_SERVICE)
64# define SSHD_PAM_SERVICE __progname
65#endif
66
67/* 63/*
68 * Name of the environment variable containing the process ID of the 64 * Name of the environment variable containing the process ID of the
69 * authentication agent. 65 * authentication agent.
diff --git a/ssh_config b/ssh_config
index ef31d4336..94cffbf39 100644
--- a/ssh_config
+++ b/ssh_config
@@ -1,4 +1,4 @@
1# $OpenBSD: ssh_config,v 1.15 2002/06/20 20:03:34 stevesk Exp $ 1# $OpenBSD: ssh_config,v 1.16 2002/07/03 14:21:05 markus Exp $
2 2
3# This is the ssh client system-wide configuration file. See 3# This is the ssh client system-wide configuration file. See
4# ssh_config(5) for more information. This file provides defaults for 4# ssh_config(5) for more information. This file provides defaults for
@@ -22,6 +22,7 @@
22# RhostsRSAAuthentication no 22# RhostsRSAAuthentication no
23# RSAAuthentication yes 23# RSAAuthentication yes
24# PasswordAuthentication yes 24# PasswordAuthentication yes
25# HostbasedAuthentication no
25# BatchMode no 26# BatchMode no
26# CheckHostIP yes 27# CheckHostIP yes
27# StrictHostKeyChecking ask 28# StrictHostKeyChecking ask
diff --git a/ssh_config.0 b/ssh_config.0
index 9822ce8d2..a5a44da14 100644
--- a/ssh_config.0
+++ b/ssh_config.0
@@ -9,9 +9,10 @@ SYNOPSIS
9 9
10DESCRIPTION 10DESCRIPTION
11 ssh obtains configuration data from the following sources in the followM-- 11 ssh obtains configuration data from the following sources in the followM--
12 ing order: command line options, user's configuration file 12 ing order:
13 ($HOME/.ssh/config), and system-wide configuration file 13 1. command-line options
14 (/etc/ssh/ssh_config). 14 2. user's configuration file ($HOME/.ssh/config)
15 3. system-wide configuration file (/etc/ssh/ssh_config)
15 16
16 For each parameter, the first obtained value will be used. The configuM-- 17 For each parameter, the first obtained value will be used. The configuM--
17 ration files contain sections bracketed by ``Host'' specifications, and 18 ration files contain sections bracketed by ``Host'' specifications, and
@@ -133,11 +134,25 @@ DESCRIPTION
133 any) will be forwarded to the remote machine. The argument must 134 any) will be forwarded to the remote machine. The argument must
134 be ``yes'' or ``no''. The default is ``no''. 135 be ``yes'' or ``no''. The default is ``no''.
135 136
137 Agent forwarding should be enabled with caution. Users with the
138 ability to bypass file permissions on the remote host (for the
139 agent's Unix-domain socket) can access the local agent through
140 the forwarded connection. An attacker cannot obtain key material
141 from the agent, however they can perform operations on the keys
142 that enable them to authenticate using the identities loaded into
143 the agent.
144
136 ForwardX11 145 ForwardX11
137 Specifies whether X11 connections will be automatically rediM-- 146 Specifies whether X11 connections will be automatically rediM--
138 rected over the secure channel and DISPLAY set. The argument 147 rected over the secure channel and DISPLAY set. The argument
139 must be ``yes'' or ``no''. The default is ``no''. 148 must be ``yes'' or ``no''. The default is ``no''.
140 149
150 X11 forwarding should be enabled with caution. Users with the
151 ability to bypass file permissions on the remote host (for the
152 user's X authorization database) can access the local X11 display
153 through the forwarded connection. An attacker may then be able
154 to perform activities such as keystroke monitoring.
155
141 GatewayPorts 156 GatewayPorts
142 Specifies whether remote hosts are allowed to connect to local 157 Specifies whether remote hosts are allowed to connect to local
143 forwarded ports. By default, ssh binds local port forwardings to 158 forwarded ports. By default, ssh binds local port forwardings to
@@ -301,7 +316,8 @@ DESCRIPTION
301 tication because it is not secure (see RhostsRSAAuthentication). 316 tication because it is not secure (see RhostsRSAAuthentication).
302 The argument to this keyword must be ``yes'' or ``no''. The 317 The argument to this keyword must be ``yes'' or ``no''. The
303 default is ``no''. This option applies to protocol version 1 318 default is ``no''. This option applies to protocol version 1
304 only. 319 only and requires ssh to be setuid root and UsePrivilegedPort to
320 be set to ``yes''.
305 321
306 RhostsRSAAuthentication 322 RhostsRSAAuthentication
307 Specifies whether to try rhosts based authentication with RSA 323 Specifies whether to try rhosts based authentication with RSA
@@ -342,9 +358,10 @@ DESCRIPTION
342 UsePrivilegedPort 358 UsePrivilegedPort
343 Specifies whether to use a privileged port for outgoing connecM-- 359 Specifies whether to use a privileged port for outgoing connecM--
344 tions. The argument must be ``yes'' or ``no''. The default is 360 tions. The argument must be ``yes'' or ``no''. The default is
345 ``no''. Note that this option must be set to ``yes'' if 361 ``no''. If set to ``yes'' ssh must be setuid root. Note that
346 RhostsAuthentication and RhostsRSAAuthentication authentications 362 this option must be set to ``yes'' if RhostsAuthentication and
347 are needed with older servers. 363 RhostsRSAAuthentication authentications are needed with older
364 servers.
348 365
349 User Specifies the user to log in as. This can be useful when a difM-- 366 User Specifies the user to log in as. This can be useful when a difM--
350 ferent user name is used on different machines. This saves the 367 ferent user name is used on different machines. This saves the
@@ -356,8 +373,8 @@ DESCRIPTION
356 $HOME/.ssh/known_hosts. 373 $HOME/.ssh/known_hosts.
357 374
358 XAuthLocation 375 XAuthLocation
359 Specifies the location of the xauth(1) program. The default is 376 Specifies the full pathname of the xauth(1) program. The default
360 /usr/X11R6/bin/xauth. 377 is /usr/X11R6/bin/xauth.
361 378
362FILES 379FILES
363 $HOME/.ssh/config 380 $HOME/.ssh/config
diff --git a/ssh_config.5 b/ssh_config.5
index 6d94220b0..67fa0845c 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: ssh_config.5,v 1.1 2002/06/20 19:56:07 stevesk Exp $ 37.\" $OpenBSD: ssh_config.5,v 1.5 2002/08/29 22:54:10 stevesk Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSH_CONFIG 5 39.Dt SSH_CONFIG 5
40.Os 40.Os
@@ -50,10 +50,16 @@
50.Nm ssh 50.Nm ssh
51obtains configuration data from the following sources in 51obtains configuration data from the following sources in
52the following order: 52the following order:
53command line options, user's configuration file 53.Bl -enum -offset indent -compact
54.Pq Pa $HOME/.ssh/config , 54.It
55and system-wide configuration file 55command-line options
56.Pq Pa /etc/ssh/ssh_config . 56.It
57user's configuration file
58.Pq Pa $HOME/.ssh/config
59.It
60system-wide configuration file
61.Pq Pa /etc/ssh/ssh_config
62.El
57.Pp 63.Pp
58For each parameter, the first obtained value 64For each parameter, the first obtained value
59will be used. 65will be used.
@@ -259,6 +265,13 @@ or
259.Dq no . 265.Dq no .
260The default is 266The default is
261.Dq no . 267.Dq no .
268.Pp
269Agent forwarding should be enabled with caution. Users with the
270ability to bypass file permissions on the remote host (for the agent's
271Unix-domain socket) can access the local agent through the forwarded
272connection. An attacker cannot obtain key material from the agent,
273however they can perform operations on the keys that enable them to
274authenticate using the identities loaded into the agent.
262.It Cm ForwardX11 275.It Cm ForwardX11
263Specifies whether X11 connections will be automatically redirected 276Specifies whether X11 connections will be automatically redirected
264over the secure channel and 277over the secure channel and
@@ -270,6 +283,12 @@ or
270.Dq no . 283.Dq no .
271The default is 284The default is
272.Dq no . 285.Dq no .
286.Pp
287X11 forwarding should be enabled with caution. Users with the ability
288to bypass file permissions on the remote host (for the user's X
289authorization database) can access the local X11 display through the
290forwarded connection. An attacker may then be able to perform
291activities such as keystroke monitoring.
273.It Cm GatewayPorts 292.It Cm GatewayPorts
274Specifies whether remote hosts are allowed to connect to local 293Specifies whether remote hosts are allowed to connect to local
275forwarded ports. 294forwarded ports.
@@ -342,7 +361,6 @@ identities will be tried in sequence.
342Specifies whether the system should send TCP keepalive messages to the 361Specifies whether the system should send TCP keepalive messages to the
343other side. 362other side.
344If they are sent, death of the connection or crash of one 363If they are sent, death of the connection or crash of one
345of the machines will be properly noticed.
346of the machines will be properly noticed. This option only uses TCP 364of the machines will be properly noticed. This option only uses TCP
347keepalives (as opposed to using ssh level keepalives), so takes a long 365keepalives (as opposed to using ssh level keepalives), so takes a long
348time to notice when the connection dies. As such, you probably want 366time to notice when the connection dies. As such, you probably want
@@ -512,7 +530,12 @@ or
512.Dq no . 530.Dq no .
513The default is 531The default is
514.Dq no . 532.Dq no .
515This option applies to protocol version 1 only. 533This option applies to protocol version 1 only and requires
534.Nm ssh
535to be setuid root and
536.Cm UsePrivilegedPort
537to be set to
538.Dq yes .
516.It Cm RhostsRSAAuthentication 539.It Cm RhostsRSAAuthentication
517Specifies whether to try rhosts based authentication with RSA host 540Specifies whether to try rhosts based authentication with RSA host
518authentication. 541authentication.
@@ -600,6 +623,10 @@ or
600.Dq no . 623.Dq no .
601The default is 624The default is
602.Dq no . 625.Dq no .
626If set to
627.Dq yes
628.Nm ssh
629must be setuid root.
603Note that this option must be set to 630Note that this option must be set to
604.Dq yes 631.Dq yes
605if 632if
@@ -617,7 +644,7 @@ Specifies a file to use for the user
617host key database instead of 644host key database instead of
618.Pa $HOME/.ssh/known_hosts . 645.Pa $HOME/.ssh/known_hosts .
619.It Cm XAuthLocation 646.It Cm XAuthLocation
620Specifies the location of the 647Specifies the full pathname of the
621.Xr xauth 1 648.Xr xauth 1
622program. 649program.
623The default is 650The default is
diff --git a/ssh_prng_cmds.in b/ssh_prng_cmds.in
index 03fa5408e..50e7771f9 100644
--- a/ssh_prng_cmds.in
+++ b/ssh_prng_cmds.in
@@ -5,7 +5,7 @@
5# The "rate" represents the number of bits of usuable entropy per 5# The "rate" represents the number of bits of usuable entropy per
6# byte of command output. Be conservative. 6# byte of command output. Be conservative.
7# 7#
8# $Id: ssh_prng_cmds.in,v 1.7 2001/07/22 19:32:01 mouring Exp $ 8# $Id: ssh_prng_cmds.in,v 1.8 2002/07/14 21:43:58 tim Exp $
9 9
10"ls -alni /var/log" @PROG_LS@ 0.02 10"ls -alni /var/log" @PROG_LS@ 0.02
11"ls -alni /var/adm" @PROG_LS@ 0.02 11"ls -alni /var/adm" @PROG_LS@ 0.02
@@ -37,7 +37,7 @@
37"netstat -s" @PROG_NETSTAT@ 0.02 37"netstat -s" @PROG_NETSTAT@ 0.02
38"netstat -is" @PROG_NETSTAT@ 0.07 38"netstat -is" @PROG_NETSTAT@ 0.07
39 39
40"arp -a -n" @PROG_ARP@ 0.02 40"arp -n -a" @PROG_ARP@ 0.02
41 41
42"ifconfig -a" @PROG_IFCONFIG@ 0.02 42"ifconfig -a" @PROG_IFCONFIG@ 0.02
43 43
diff --git a/sshconnect.c b/sshconnect.c
index 8eb5fda7d..95e0f6d77 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
13 */ 13 */
14 14
15#include "includes.h" 15#include "includes.h"
16RCSID("$OpenBSD: sshconnect.c,v 1.126 2002/06/23 03:30:17 deraadt Exp $"); 16RCSID("$OpenBSD: sshconnect.c,v 1.135 2002/09/19 01:58:18 djm Exp $");
17 17
18#include <openssl/bn.h> 18#include <openssl/bn.h>
19 19
@@ -41,6 +41,7 @@ extern Options options;
41extern char *__progname; 41extern char *__progname;
42extern uid_t original_real_uid; 42extern uid_t original_real_uid;
43extern uid_t original_effective_uid; 43extern uid_t original_effective_uid;
44extern pid_t proxy_command_pid;
44 45
45#ifndef INET6_ADDRSTRLEN /* for non IPv6 machines */ 46#ifndef INET6_ADDRSTRLEN /* for non IPv6 machines */
46#define INET6_ADDRSTRLEN 46 47#define INET6_ADDRSTRLEN 46
@@ -48,22 +49,13 @@ extern uid_t original_effective_uid;
48 49
49static sig_atomic_t banner_timedout; 50static sig_atomic_t banner_timedout;
50 51
51static const char *
52sockaddr_ntop(struct sockaddr *sa, socklen_t salen)
53{
54 static char addrbuf[NI_MAXHOST];
55
56 if (getnameinfo(sa, salen, addrbuf, sizeof(addrbuf), NULL, 0,
57 NI_NUMERICHOST) != 0)
58 fatal("sockaddr_ntop: getnameinfo NI_NUMERICHOST failed");
59 return addrbuf;
60}
61
62static void banner_alarm_catch (int signum) 52static void banner_alarm_catch (int signum)
63{ 53{
64 banner_timedout = 1; 54 banner_timedout = 1;
65} 55}
66 56
57static int show_other_keys(const char *, Key *);
58
67/* 59/*
68 * Connect to the given ssh server using a proxy command. 60 * Connect to the given ssh server using a proxy command.
69 */ 61 */
@@ -80,9 +72,16 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
80 /* Convert the port number into a string. */ 72 /* Convert the port number into a string. */
81 snprintf(strport, sizeof strport, "%hu", port); 73 snprintf(strport, sizeof strport, "%hu", port);
82 74
83 /* Build the final command string in the buffer by making the 75 /*
84 appropriate substitutions to the given proxy command. */ 76 * Build the final command string in the buffer by making the
77 * appropriate substitutions to the given proxy command.
78 *
79 * Use "exec" to avoid "sh -c" processes on some platforms
80 * (e.g. Solaris)
81 */
85 buffer_init(&command); 82 buffer_init(&command);
83 buffer_append(&command, "exec ", 5);
84
86 for (cp = proxy_command; *cp; cp++) { 85 for (cp = proxy_command; *cp; cp++) {
87 if (cp[0] == '%' && cp[1] == '%') { 86 if (cp[0] == '%' && cp[1] == '%') {
88 buffer_append(&command, "%", 1); 87 buffer_append(&command, "%", 1);
@@ -150,6 +149,8 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
150 /* Parent. */ 149 /* Parent. */
151 if (pid < 0) 150 if (pid < 0)
152 fatal("fork failed: %.100s", strerror(errno)); 151 fatal("fork failed: %.100s", strerror(errno));
152 else
153 proxy_command_pid = pid; /* save pid to clean up later */
153 154
154 /* Close child side of the descriptors. */ 155 /* Close child side of the descriptors. */
155 close(pin[0]); 156 close(pin[0]);
@@ -245,7 +246,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
245 int sock = -1, attempt; 246 int sock = -1, attempt;
246 char ntop[NI_MAXHOST], strport[NI_MAXSERV]; 247 char ntop[NI_MAXHOST], strport[NI_MAXSERV];
247 struct addrinfo hints, *ai, *aitop; 248 struct addrinfo hints, *ai, *aitop;
248 struct linger linger;
249 struct servent *sp; 249 struct servent *sp;
250 /* 250 /*
251 * Did we get only other errors than "Connection refused" (which 251 * Did we get only other errors than "Connection refused" (which
@@ -314,9 +314,8 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
314 } else { 314 } else {
315 if (errno == ECONNREFUSED) 315 if (errno == ECONNREFUSED)
316 full_failure = 0; 316 full_failure = 0;
317 log("ssh: connect to address %s port %s: %s", 317 debug("connect to address %s port %s: %s",
318 sockaddr_ntop(ai->ai_addr, ai->ai_addrlen), 318 ntop, strport, strerror(errno));
319 strport, strerror(errno));
320 /* 319 /*
321 * Close the failed socket; there appear to 320 * Close the failed socket; there appear to
322 * be some problems when reusing a socket for 321 * be some problems when reusing a socket for
@@ -339,20 +338,14 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
339 freeaddrinfo(aitop); 338 freeaddrinfo(aitop);
340 339
341 /* Return failure if we didn't get a successful connection. */ 340 /* Return failure if we didn't get a successful connection. */
342 if (attempt >= connection_attempts) 341 if (attempt >= connection_attempts) {
342 log("ssh: connect to host %s port %s: %s",
343 host, strport, strerror(errno));
343 return full_failure ? ECONNABORTED : ECONNREFUSED; 344 return full_failure ? ECONNABORTED : ECONNREFUSED;
345 }
344 346
345 debug("Connection established."); 347 debug("Connection established.");
346 348
347 /*
348 * Set socket options. We would like the socket to disappear as soon
349 * as it has been closed for whatever reason.
350 */
351 /* setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */
352 linger.l_onoff = 1;
353 linger.l_linger = 5;
354 setsockopt(sock, SOL_SOCKET, SO_LINGER, (void *)&linger, sizeof(linger));
355
356 /* Set keepalives if requested. */ 349 /* Set keepalives if requested. */
357 if (options.keepalives && 350 if (options.keepalives &&
358 setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, 351 setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
@@ -508,7 +501,7 @@ confirm(const char *prompt)
508 (p[0] == '\0') || (p[0] == '\n') || 501 (p[0] == '\0') || (p[0] == '\n') ||
509 strncasecmp(p, "no", 2) == 0) 502 strncasecmp(p, "no", 2) == 0)
510 ret = 0; 503 ret = 0;
511 if (strncasecmp(p, "yes", 3) == 0) 504 if (p && strncasecmp(p, "yes", 3) == 0)
512 ret = 1; 505 ret = 1;
513 if (p) 506 if (p)
514 xfree(p); 507 xfree(p);
@@ -535,7 +528,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
535 int salen; 528 int salen;
536 char ntop[NI_MAXHOST]; 529 char ntop[NI_MAXHOST];
537 char msg[1024]; 530 char msg[1024];
538 int len, host_line, ip_line; 531 int len, host_line, ip_line, has_keys;
539 const char *host_file = NULL, *ip_file = NULL; 532 const char *host_file = NULL, *ip_file = NULL;
540 533
541 /* 534 /*
@@ -679,14 +672,19 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
679 "have requested strict checking.", type, host); 672 "have requested strict checking.", type, host);
680 goto fail; 673 goto fail;
681 } else if (options.strict_host_key_checking == 2) { 674 } else if (options.strict_host_key_checking == 2) {
675 has_keys = show_other_keys(host, host_key);
682 /* The default */ 676 /* The default */
683 fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); 677 fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
684 snprintf(msg, sizeof(msg), 678 snprintf(msg, sizeof(msg),
685 "The authenticity of host '%.200s (%s)' can't be " 679 "The authenticity of host '%.200s (%s)' can't be "
686 "established.\n" 680 "established%s\n"
687 "%s key fingerprint is %s.\n" 681 "%s key fingerprint is %s.\n"
688 "Are you sure you want to continue connecting " 682 "Are you sure you want to continue connecting "
689 "(yes/no)? ", host, ip, type, fp); 683 "(yes/no)? ",
684 host, ip,
685 has_keys ? ",\nbut keys of different type are already "
686 "known for this host." : ".",
687 type, fp);
690 xfree(fp); 688 xfree(fp);
691 if (!confirm(msg)) 689 if (!confirm(msg))
692 goto fail; 690 goto fail;
@@ -789,6 +787,9 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
789 * accept the authentication. 787 * accept the authentication.
790 */ 788 */
791 break; 789 break;
790 case HOST_FOUND:
791 fatal("internal error");
792 break;
792 } 793 }
793 794
794 if (options.check_host_ip && host_status != HOST_CHANGED && 795 if (options.check_host_ip && host_status != HOST_CHANGED &&
@@ -900,3 +901,58 @@ ssh_put_password(char *password)
900 memset(padded, 0, size); 901 memset(padded, 0, size);
901 xfree(padded); 902 xfree(padded);
902} 903}
904
905static int
906show_key_from_file(const char *file, const char *host, int keytype)
907{
908 Key *found;
909 char *fp;
910 int line, ret;
911
912 found = key_new(keytype);
913 if ((ret = lookup_key_in_hostfile_by_type(file, host,
914 keytype, found, &line))) {
915 fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
916 log("WARNING: %s key found for host %s\n"
917 "in %s:%d\n"
918 "%s key fingerprint %s.",
919 key_type(found), host, file, line,
920 key_type(found), fp);
921 xfree(fp);
922 }
923 key_free(found);
924 return (ret);
925}
926
927/* print all known host keys for a given host, but skip keys of given type */
928static int
929show_other_keys(const char *host, Key *key)
930{
931 int type[] = { KEY_RSA1, KEY_RSA, KEY_DSA, -1};
932 int i, found = 0;
933
934 for (i = 0; type[i] != -1; i++) {
935 if (type[i] == key->type)
936 continue;
937 if (type[i] != KEY_RSA1 &&
938 show_key_from_file(options.user_hostfile2, host, type[i])) {
939 found = 1;
940 continue;
941 }
942 if (type[i] != KEY_RSA1 &&
943 show_key_from_file(options.system_hostfile2, host, type[i])) {
944 found = 1;
945 continue;
946 }
947 if (show_key_from_file(options.user_hostfile, host, type[i])) {
948 found = 1;
949 continue;
950 }
951 if (show_key_from_file(options.system_hostfile, host, type[i])) {
952 found = 1;
953 continue;
954 }
955 debug2("no key of type %d for host %s", type[i], host);
956 }
957 return (found);
958}
diff --git a/sshconnect1.c b/sshconnect1.c
index e28b7fc72..2fc9a981a 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -13,7 +13,7 @@
13 */ 13 */
14 14
15#include "includes.h" 15#include "includes.h"
16RCSID("$OpenBSD: sshconnect1.c,v 1.51 2002/05/23 19:24:30 markus Exp $"); 16RCSID("$OpenBSD: sshconnect1.c,v 1.52 2002/08/08 13:50:23 aaron Exp $");
17 17
18#include <openssl/bn.h> 18#include <openssl/bn.h>
19#include <openssl/md5.h> 19#include <openssl/md5.h>
@@ -254,7 +254,7 @@ try_rsa_authentication(int idx)
254 * load the private key. Try first with empty passphrase; if it 254 * load the private key. Try first with empty passphrase; if it
255 * fails, ask for a passphrase. 255 * fails, ask for a passphrase.
256 */ 256 */
257 if (public->flags && KEY_FLAG_EXT) 257 if (public->flags & KEY_FLAG_EXT)
258 private = public; 258 private = public;
259 else 259 else
260 private = key_load_private_type(KEY_RSA1, authfile, "", NULL); 260 private = key_load_private_type(KEY_RSA1, authfile, "", NULL);
diff --git a/sshconnect2.c b/sshconnect2.c
index 215f76ca2..703d0721f 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: sshconnect2.c,v 1.105 2002/06/23 03:30:17 deraadt Exp $"); 26RCSID("$OpenBSD: sshconnect2.c,v 1.107 2002/07/01 19:48:46 markus Exp $");
27 27
28#include "ssh.h" 28#include "ssh.h"
29#include "ssh2.h" 29#include "ssh2.h"
@@ -95,10 +95,10 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
95 compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]); 95 compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
96 if (options.compression) { 96 if (options.compression) {
97 myproposal[PROPOSAL_COMP_ALGS_CTOS] = 97 myproposal[PROPOSAL_COMP_ALGS_CTOS] =
98 myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib"; 98 myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib,none";
99 } else { 99 } else {
100 myproposal[PROPOSAL_COMP_ALGS_CTOS] = 100 myproposal[PROPOSAL_COMP_ALGS_CTOS] =
101 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; 101 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib";
102 } 102 }
103 if (options.macs != NULL) { 103 if (options.macs != NULL) {
104 myproposal[PROPOSAL_MAC_ALGS_CTOS] = 104 myproposal[PROPOSAL_MAC_ALGS_CTOS] =
@@ -422,7 +422,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
422 clear_auth_state(authctxt); 422 clear_auth_state(authctxt);
423 dispatch_set(SSH2_MSG_USERAUTH_PK_OK, NULL); 423 dispatch_set(SSH2_MSG_USERAUTH_PK_OK, NULL);
424 424
425 /* try another method if we did not send a packet*/ 425 /* try another method if we did not send a packet */
426 if (sent == 0) 426 if (sent == 0)
427 userauth(authctxt, NULL); 427 userauth(authctxt, NULL);
428 428
@@ -947,9 +947,9 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp,
947 buffer_init(&b); 947 buffer_init(&b);
948 buffer_put_int(&b, packet_get_connection_in()); /* send # of socket */ 948 buffer_put_int(&b, packet_get_connection_in()); /* send # of socket */
949 buffer_put_string(&b, data, datalen); 949 buffer_put_string(&b, data, datalen);
950 msg_send(to[1], version, &b); 950 ssh_msg_send(to[1], version, &b);
951 951
952 if (msg_recv(from[0], &b) < 0) { 952 if (ssh_msg_recv(from[0], &b) < 0) {
953 error("ssh_keysign: no reply"); 953 error("ssh_keysign: no reply");
954 buffer_clear(&b); 954 buffer_clear(&b);
955 return -1; 955 return -1;
diff --git a/sshd.0 b/sshd.0
index cf9fc8ae6..7c88c953f 100644
--- a/sshd.0
+++ b/sshd.0
@@ -115,7 +115,7 @@ DESCRIPTION
115 115
116 -g login_grace_time 116 -g login_grace_time
117 Gives the grace time for clients to authenticate themselves 117 Gives the grace time for clients to authenticate themselves
118 (default 600 seconds). If the client fails to authenticate the 118 (default 120 seconds). If the client fails to authenticate the
119 user within this many seconds, the server disconnects and exits. 119 user within this many seconds, the server disconnects and exits.
120 A value of zero indicates no limit. 120 A value of zero indicates no limit.
121 121
@@ -206,7 +206,9 @@ LOGIN PROCESS
206 206
207 5. Sets up basic environment. 207 5. Sets up basic environment.
208 208
209 6. Reads $HOME/.ssh/environment if it exists. 209 6. Reads $HOME/.ssh/environment if it exists and users are
210 allowed to change their environment. See the
211 PermitUserEnvironment option in sshd_config(5).
210 212
211 7. Changes to user's home directory. 213 7. Changes to user's home directory.
212 214
@@ -227,16 +229,16 @@ AUTHORIZED_KEYS FILE FORMAT
227 with a `#' are ignored as comments). Each RSA public key consists of the 229 with a `#' are ignored as comments). Each RSA public key consists of the
228 following fields, separated by spaces: options, bits, exponent, modulus, 230 following fields, separated by spaces: options, bits, exponent, modulus,
229 comment. Each protocol version 2 public key consists of: options, keyM-- 231 comment. Each protocol version 2 public key consists of: options, keyM--
230 type, base64 encoded key, comment. The options fields are optional; its 232 type, base64 encoded key, comment. The options field is optional; its
231 presence is determined by whether the line starts with a number or not 233 presence is determined by whether the line starts with a number or not
232 (the option field never starts with a number). The bits, exponent, moduM-- 234 (the options field never starts with a number). The bits, exponent, modM--
233 lus and comment fields give the RSA key for protocol version 1; the comM-- 235 ulus and comment fields give the RSA key for protocol version 1; the comM--
234 ment field is not used for anything (but may be convenient for the user 236 ment field is not used for anything (but may be convenient for the user
235 to identify the key). For protocol version 2 the keytype is ``ssh-dss'' 237 to identify the key). For protocol version 2 the keytype is ``ssh-dss''
236 or ``ssh-rsa''. 238 or ``ssh-rsa''.
237 239
238 Note that lines in this file are usually several hundred bytes long 240 Note that lines in this file are usually several hundred bytes long
239 (because of the size of the RSA key modulus). You don't want to type 241 (because of the size of the public key encoding). You don't want to type
240 them in; instead, copy the identity.pub, id_dsa.pub or the id_rsa.pub 242 them in; instead, copy the identity.pub, id_dsa.pub or the id_rsa.pub
241 file and edit it. 243 file and edit it.
242 244
@@ -249,18 +251,19 @@ AUTHORIZED_KEYS FILE FORMAT
249 case-insensitive): 251 case-insensitive):
250 252
251 from="pattern-list" 253 from="pattern-list"
252 Specifies that in addition to RSA authentication, the canonical 254 Specifies that in addition to public key authentication, the
253 name of the remote host must be present in the comma-separated 255 canonical name of the remote host must be present in the comma-
254 list of patterns (`*' and `'? serve as wildcards). The list may 256 separated list of patterns (`*' and `'? serve as wildcards).
255 also contain patterns negated by prefixing them with `'!; if the 257 The list may also contain patterns negated by prefixing them with
256 canonical host name matches a negated pattern, the key is not 258 `'!; if the canonical host name matches a negated pattern, the
257 accepted. The purpose of this option is to optionally increase 259 key is not accepted. The purpose of this option is to optionally
258 security: RSA authentication by itself does not trust the network 260 increase security: public key authentication by itself does not
259 or name servers or anything (but the key); however, if somebody 261 trust the network or name servers or anything (but the key); howM--
260 somehow steals the key, the key permits an intruder to log in 262 ever, if somebody somehow steals the key, the key permits an
261 from anywhere in the world. This additional option makes using a 263 intruder to log in from anywhere in the world. This additional
262 stolen key more difficult (name servers and/or routers would have 264 option makes using a stolen key more difficult (name servers
263 to be compromised in addition to just the key). 265 and/or routers would have to be compromised in addition to just
266 the key).
264 267
265 command="command" 268 command="command"
266 Specifies that the command is executed whenever this key is used 269 Specifies that the command is executed whenever this key is used
@@ -269,9 +272,9 @@ AUTHORIZED_KEYS FILE FORMAT
269 pty; otherwise it is run without a tty. If a 8-bit clean channel 272 pty; otherwise it is run without a tty. If a 8-bit clean channel
270 is required, one must not request a pty or should specify no-pty. 273 is required, one must not request a pty or should specify no-pty.
271 A quote may be included in the command by quoting it with a backM-- 274 A quote may be included in the command by quoting it with a backM--
272 slash. This option might be useful to restrict certain RSA keys 275 slash. This option might be useful to restrict certain public
273 to perform just a specific operation. An example might be a key 276 keys to perform just a specific operation. An example might be a
274 that permits remote backups but nothing else. Note that the 277 key that permits remote backups but nothing else. Note that the
275 client may specify TCP/IP and/or X11 forwarding unless they are 278 client may specify TCP/IP and/or X11 forwarding unless they are
276 explicitly prohibited. Note that this option applies to shell, 279 explicitly prohibited. Note that this option applies to shell,
277 command or subsystem execution. 280 command or subsystem execution.
@@ -280,8 +283,9 @@ AUTHORIZED_KEYS FILE FORMAT
280 Specifies that the string is to be added to the environment when 283 Specifies that the string is to be added to the environment when
281 logging in using this key. Environment variables set this way 284 logging in using this key. Environment variables set this way
282 override other default environment values. Multiple options of 285 override other default environment values. Multiple options of
283 this type are permitted. This option is automatically disabled 286 this type are permitted. Environment processing is disabled by
284 if UseLogin is enabled. 287 default and is controlled via the PermitUserEnvironment option.
288 This option is automatically disabled if UseLogin is enabled.
285 289
286 no-port-forwarding 290 no-port-forwarding
287 Forbids TCP/IP forwarding when this key is used for authenticaM-- 291 Forbids TCP/IP forwarding when this key is used for authenticaM--
@@ -381,7 +385,7 @@ FILES
381 385
382 /etc/moduli 386 /etc/moduli
383 Contains Diffie-Hellman groups used for the "Diffie-Hellman Group 387 Contains Diffie-Hellman groups used for the "Diffie-Hellman Group
384 Exchange". 388 Exchange". The file format is described in moduli(5).
385 389
386 /var/empty 390 /var/empty
387 chroot(2) directory used by sshd during privilege separation in 391 chroot(2) directory used by sshd during privilege separation in
@@ -478,7 +482,8 @@ FILES
478 It can only contain empty lines, comment lines (that start with 482 It can only contain empty lines, comment lines (that start with
479 `#'), and assignment lines of the form name=value. The file 483 `#'), and assignment lines of the form name=value. The file
480 should be writable only by the user; it need not be readable by 484 should be writable only by the user; it need not be readable by
481 anyone else. 485 anyone else. Environment processing is disabled by default and
486 is controlled via the PermitUserEnvironment option.
482 487
483 $HOME/.ssh/rc 488 $HOME/.ssh/rc
484 If this file exists, it is run with /bin/sh after reading the 489 If this file exists, it is run with /bin/sh after reading the
@@ -500,12 +505,12 @@ FILES
500 if read proto cookie && [ -n "$DISPLAY" ]; then 505 if read proto cookie && [ -n "$DISPLAY" ]; then
501 if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then 506 if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
502 # X11UseLocalhost=yes 507 # X11UseLocalhost=yes
503 xauth add unix:`echo $DISPLAY | 508 echo add unix:`echo $DISPLAY |
504 cut -c11-` $proto $cookie 509 cut -c11-` $proto $cookie
505 else 510 else
506 # X11UseLocalhost=no 511 # X11UseLocalhost=no
507 xauth add $DISPLAY $proto $cookie 512 echo add $DISPLAY $proto $cookie
508 fi 513 fi | xauth -q -
509 fi 514 fi
510 515
511 If this file does not exist, /etc/ssh/sshrc is run, and if that 516 If this file does not exist, /etc/ssh/sshrc is run, and if that
diff --git a/sshd.8 b/sshd.8
index 99fd6a131..1605922fb 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd.8,v 1.186 2002/06/22 16:45:29 stevesk Exp $ 37.\" $OpenBSD: sshd.8,v 1.193 2002/09/24 20:59:44 todd Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSHD 8 39.Dt SSHD 8
40.Os 40.Os
@@ -203,7 +203,7 @@ The default is
203refuses to start if there is no configuration file. 203refuses to start if there is no configuration file.
204.It Fl g Ar login_grace_time 204.It Fl g Ar login_grace_time
205Gives the grace time for clients to authenticate themselves (default 205Gives the grace time for clients to authenticate themselves (default
206600 seconds). 206120 seconds).
207If the client fails to authenticate the user within 207If the client fails to authenticate the user within
208this many seconds, the server disconnects and exits. 208this many seconds, the server disconnects and exits.
209A value of zero indicates no limit. 209A value of zero indicates no limit.
@@ -353,7 +353,11 @@ Sets up basic environment.
353.It 353.It
354Reads 354Reads
355.Pa $HOME/.ssh/environment 355.Pa $HOME/.ssh/environment
356if it exists. 356if it exists and users are allowed to change their environment.
357See the
358.Cm PermitUserEnvironment
359option in
360.Xr sshd_config 5 .
357.It 361.It
358Changes to user's home directory. 362Changes to user's home directory.
359.It 363.It
@@ -388,9 +392,9 @@ Each RSA public key consists of the following fields, separated by
388spaces: options, bits, exponent, modulus, comment. 392spaces: options, bits, exponent, modulus, comment.
389Each protocol version 2 public key consists of: 393Each protocol version 2 public key consists of:
390options, keytype, base64 encoded key, comment. 394options, keytype, base64 encoded key, comment.
391The options fields 395The options field
392are optional; its presence is determined by whether the line starts 396is optional; its presence is determined by whether the line starts
393with a number or not (the option field never starts with a number). 397with a number or not (the options field never starts with a number).
394The bits, exponent, modulus and comment fields give the RSA key for 398The bits, exponent, modulus and comment fields give the RSA key for
395protocol version 1; the 399protocol version 1; the
396comment field is not used for anything (but may be convenient for the 400comment field is not used for anything (but may be convenient for the
@@ -401,7 +405,7 @@ or
401.Dq ssh-rsa . 405.Dq ssh-rsa .
402.Pp 406.Pp
403Note that lines in this file are usually several hundred bytes long 407Note that lines in this file are usually several hundred bytes long
404(because of the size of the RSA key modulus). 408(because of the size of the public key encoding).
405You don't want to type them in; instead, copy the 409You don't want to type them in; instead, copy the
406.Pa identity.pub , 410.Pa identity.pub ,
407.Pa id_dsa.pub 411.Pa id_dsa.pub
@@ -420,7 +424,7 @@ The following option specifications are supported (note
420that option keywords are case-insensitive): 424that option keywords are case-insensitive):
421.Bl -tag -width Ds 425.Bl -tag -width Ds
422.It Cm from="pattern-list" 426.It Cm from="pattern-list"
423Specifies that in addition to RSA authentication, the canonical name 427Specifies that in addition to public key authentication, the canonical name
424of the remote host must be present in the comma-separated list of 428of the remote host must be present in the comma-separated list of
425patterns 429patterns
426.Pf ( Ql * 430.Pf ( Ql *
@@ -432,7 +436,7 @@ patterns negated by prefixing them with
432.Ql ! ; 436.Ql ! ;
433if the canonical host name matches a negated pattern, the key is not accepted. 437if the canonical host name matches a negated pattern, the key is not accepted.
434The purpose 438The purpose
435of this option is to optionally increase security: RSA authentication 439of this option is to optionally increase security: public key authentication
436by itself does not trust the network or name servers or anything (but 440by itself does not trust the network or name servers or anything (but
437the key); however, if somebody somehow steals the key, the key 441the key); however, if somebody somehow steals the key, the key
438permits an intruder to log in from anywhere in the world. 442permits an intruder to log in from anywhere in the world.
@@ -450,7 +454,7 @@ one must not request a pty or should specify
450.Cm no-pty . 454.Cm no-pty .
451A quote may be included in the command by quoting it with a backslash. 455A quote may be included in the command by quoting it with a backslash.
452This option might be useful 456This option might be useful
453to restrict certain RSA keys to perform just a specific operation. 457to restrict certain public keys to perform just a specific operation.
454An example might be a key that permits remote backups but nothing else. 458An example might be a key that permits remote backups but nothing else.
455Note that the client may specify TCP/IP and/or X11 459Note that the client may specify TCP/IP and/or X11
456forwarding unless they are explicitly prohibited. 460forwarding unless they are explicitly prohibited.
@@ -461,6 +465,10 @@ logging in using this key.
461Environment variables set this way 465Environment variables set this way
462override other default environment values. 466override other default environment values.
463Multiple options of this type are permitted. 467Multiple options of this type are permitted.
468Environment processing is disabled by default and is
469controlled via the
470.Cm PermitUserEnvironment
471option.
464This option is automatically disabled if 472This option is automatically disabled if
465.Cm UseLogin 473.Cm UseLogin
466is enabled. 474is enabled.
@@ -581,6 +589,8 @@ These files are created using
581.Xr ssh-keygen 1 . 589.Xr ssh-keygen 1 .
582.It Pa /etc/moduli 590.It Pa /etc/moduli
583Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". 591Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
592The file format is described in
593.Xr moduli 5 .
584.It Pa /var/empty 594.It Pa /var/empty
585.Xr chroot 2 595.Xr chroot 2
586directory used by 596directory used by
@@ -701,6 +711,10 @@ It can only contain empty lines, comment lines (that start with
701and assignment lines of the form name=value. 711and assignment lines of the form name=value.
702The file should be writable 712The file should be writable
703only by the user; it need not be readable by anyone else. 713only by the user; it need not be readable by anyone else.
714Environment processing is disabled by default and is
715controlled via the
716.Cm PermitUserEnvironment
717option.
704.It Pa $HOME/.ssh/rc 718.It Pa $HOME/.ssh/rc
705If this file exists, it is run with /bin/sh after reading the 719If this file exists, it is run with /bin/sh after reading the
706environment files but before starting the user's shell or command. 720environment files but before starting the user's shell or command.
@@ -726,12 +740,12 @@ something similar to:
726if read proto cookie && [ -n "$DISPLAY" ]; then 740if read proto cookie && [ -n "$DISPLAY" ]; then
727 if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then 741 if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
728 # X11UseLocalhost=yes 742 # X11UseLocalhost=yes
729 xauth add unix:`echo $DISPLAY | 743 echo add unix:`echo $DISPLAY |
730 cut -c11-` $proto $cookie 744 cut -c11-` $proto $cookie
731 else 745 else
732 # X11UseLocalhost=no 746 # X11UseLocalhost=no
733 xauth add $DISPLAY $proto $cookie 747 echo add $DISPLAY $proto $cookie
734 fi 748 fi | xauth -q -
735fi 749fi
736.Ed 750.Ed
737.Pp 751.Pp
diff --git a/sshd.c b/sshd.c
index 904629e95..35685643f 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
42 */ 42 */
43 43
44#include "includes.h" 44#include "includes.h"
45RCSID("$OpenBSD: sshd.c,v 1.251 2002/06/25 18:51:04 markus Exp $"); 45RCSID("$OpenBSD: sshd.c,v 1.260 2002/09/27 10:42:09 mickey Exp $");
46 46
47#include <openssl/dh.h> 47#include <openssl/dh.h>
48#include <openssl/bn.h> 48#include <openssl/bn.h>
@@ -303,11 +303,8 @@ grace_alarm_handler(int sig)
303{ 303{
304 /* XXX no idea how fix this signal handler */ 304 /* XXX no idea how fix this signal handler */
305 305
306 /* Close the connection. */
307 packet_close();
308
309 /* Log error and exit. */ 306 /* Log error and exit. */
310 fatal("Timeout before authentication for %s.", get_remote_ipaddr()); 307 fatal("Timeout before authentication for %s", get_remote_ipaddr());
311} 308}
312 309
313/* 310/*
@@ -320,7 +317,7 @@ grace_alarm_handler(int sig)
320static void 317static void
321generate_ephemeral_server_key(void) 318generate_ephemeral_server_key(void)
322{ 319{
323 u_int32_t rand = 0; 320 u_int32_t rnd = 0;
324 int i; 321 int i;
325 322
326 verbose("Generating %s%d bit RSA key.", 323 verbose("Generating %s%d bit RSA key.",
@@ -333,9 +330,9 @@ generate_ephemeral_server_key(void)
333 330
334 for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { 331 for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) {
335 if (i % 4 == 0) 332 if (i % 4 == 0)
336 rand = arc4random(); 333 rnd = arc4random();
337 sensitive_data.ssh1_cookie[i] = rand & 0xff; 334 sensitive_data.ssh1_cookie[i] = rnd & 0xff;
338 rand >>= 8; 335 rnd >>= 8;
339 } 336 }
340 arc4random_stir(); 337 arc4random_stir();
341} 338}
@@ -427,6 +424,12 @@ sshd_exchange_identification(int sock_in, int sock_out)
427 424
428 compat_datafellows(remote_version); 425 compat_datafellows(remote_version);
429 426
427 if (datafellows & SSH_BUG_PROBE) {
428 log("probed from %s with %s. Don't panic.",
429 get_remote_ipaddr(), client_version_string);
430 fatal_cleanup();
431 }
432
430 if (datafellows & SSH_BUG_SCANNER) { 433 if (datafellows & SSH_BUG_SCANNER) {
431 log("scanned from %s with %s. Don't panic.", 434 log("scanned from %s with %s. Don't panic.",
432 get_remote_ipaddr(), client_version_string); 435 get_remote_ipaddr(), client_version_string);
@@ -529,8 +532,8 @@ demote_sensitive_data(void)
529static void 532static void
530privsep_preauth_child(void) 533privsep_preauth_child(void)
531{ 534{
532 u_int32_t rand[256]; 535 u_int32_t rnd[256];
533 gid_t gidset[2]; 536 gid_t gidset[1];
534 struct passwd *pw; 537 struct passwd *pw;
535 int i; 538 int i;
536 539
@@ -538,8 +541,8 @@ privsep_preauth_child(void)
538 privsep_challenge_enable(); 541 privsep_challenge_enable();
539 542
540 for (i = 0; i < 256; i++) 543 for (i = 0; i < 256; i++)
541 rand[i] = arc4random(); 544 rnd[i] = arc4random();
542 RAND_seed(rand, sizeof(rand)); 545 RAND_seed(rnd, sizeof(rnd));
543 546
544 /* Demote the private keys to public keys. */ 547 /* Demote the private keys to public keys. */
545 demote_sensitive_data(); 548 demote_sensitive_data();
@@ -550,7 +553,7 @@ privsep_preauth_child(void)
550 memset(pw->pw_passwd, 0, strlen(pw->pw_passwd)); 553 memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
551 endpwent(); 554 endpwent();
552 555
553 /* Change our root directory*/ 556 /* Change our root directory */
554 if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) 557 if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
555 fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, 558 fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
556 strerror(errno)); 559 strerror(errno));
@@ -573,7 +576,7 @@ privsep_preauth_child(void)
573#endif 576#endif
574} 577}
575 578
576static Authctxt* 579static Authctxt *
577privsep_preauth(void) 580privsep_preauth(void)
578{ 581{
579 Authctxt *authctxt = NULL; 582 Authctxt *authctxt = NULL;
@@ -589,6 +592,8 @@ privsep_preauth(void)
589 if (pid == -1) { 592 if (pid == -1) {
590 fatal("fork of unprivileged child failed"); 593 fatal("fork of unprivileged child failed");
591 } else if (pid != 0) { 594 } else if (pid != 0) {
595 fatal_remove_cleanup((void (*) (void *)) packet_close, NULL);
596
592 debug2("Network child is on pid %ld", (long)pid); 597 debug2("Network child is on pid %ld", (long)pid);
593 598
594 close(pmonitor->m_recvfd); 599 close(pmonitor->m_recvfd);
@@ -602,6 +607,10 @@ privsep_preauth(void)
602 while (waitpid(pid, &status, 0) < 0) 607 while (waitpid(pid, &status, 0) < 0)
603 if (errno != EINTR) 608 if (errno != EINTR)
604 break; 609 break;
610
611 /* Reinstall, since the child has finished */
612 fatal_add_cleanup((void (*) (void *)) packet_close, NULL);
613
605 return (authctxt); 614 return (authctxt);
606 } else { 615 } else {
607 /* child */ 616 /* child */
@@ -624,7 +633,7 @@ privsep_postauth(Authctxt *authctxt)
624 /* XXX - Remote port forwarding */ 633 /* XXX - Remote port forwarding */
625 x_authctxt = authctxt; 634 x_authctxt = authctxt;
626 635
627#ifdef BROKEN_FD_PASSING 636#ifdef DISABLE_FD_PASSING
628 if (1) { 637 if (1) {
629#else 638#else
630 if (authctxt->pw->pw_uid == 0 || options.use_login) { 639 if (authctxt->pw->pw_uid == 0 || options.use_login) {
@@ -649,6 +658,8 @@ privsep_postauth(Authctxt *authctxt)
649 if (pmonitor->m_pid == -1) 658 if (pmonitor->m_pid == -1)
650 fatal("fork of unprivileged child failed"); 659 fatal("fork of unprivileged child failed");
651 else if (pmonitor->m_pid != 0) { 660 else if (pmonitor->m_pid != 0) {
661 fatal_remove_cleanup((void (*) (void *)) packet_close, NULL);
662
652 debug2("User child is on pid %ld", (long)pmonitor->m_pid); 663 debug2("User child is on pid %ld", (long)pmonitor->m_pid);
653 close(pmonitor->m_recvfd); 664 close(pmonitor->m_recvfd);
654 monitor_child_postauth(pmonitor); 665 monitor_child_postauth(pmonitor);
@@ -801,7 +812,6 @@ main(int ac, char **av)
801 const char *remote_ip; 812 const char *remote_ip;
802 int remote_port; 813 int remote_port;
803 FILE *f; 814 FILE *f;
804 struct linger linger;
805 struct addrinfo *ai; 815 struct addrinfo *ai;
806 char ntop[NI_MAXHOST], strport[NI_MAXSERV]; 816 char ntop[NI_MAXHOST], strport[NI_MAXSERV];
807 int listen_sock, maxfd; 817 int listen_sock, maxfd;
@@ -911,6 +921,10 @@ main(int ac, char **av)
911 break; 921 break;
912 case 'u': 922 case 'u':
913 utmp_len = atoi(optarg); 923 utmp_len = atoi(optarg);
924 if (utmp_len > MAXHOSTNAMELEN) {
925 fprintf(stderr, "Invalid utmp length.\n");
926 exit(1);
927 }
914 break; 928 break;
915 case 'o': 929 case 'o':
916 if (process_server_config_line(&options, optarg, 930 if (process_server_config_line(&options, optarg,
@@ -937,7 +951,7 @@ main(int ac, char **av)
937 SYSLOG_FACILITY_AUTH : options.log_facility, 951 SYSLOG_FACILITY_AUTH : options.log_facility,
938 !inetd_flag); 952 !inetd_flag);
939 953
940#ifdef _CRAY 954#ifdef _UNICOS
941 /* Cray can define user privs drop all prives now! 955 /* Cray can define user privs drop all prives now!
942 * Not needed on PRIV_SU systems! 956 * Not needed on PRIV_SU systems!
943 */ 957 */
@@ -961,7 +975,8 @@ main(int ac, char **av)
961 debug("sshd version %.100s", SSH_VERSION); 975 debug("sshd version %.100s", SSH_VERSION);
962 976
963 /* load private host keys */ 977 /* load private host keys */
964 sensitive_data.host_keys = xmalloc(options.num_host_key_files*sizeof(Key*)); 978 sensitive_data.host_keys = xmalloc(options.num_host_key_files *
979 sizeof(Key *));
965 for (i = 0; i < options.num_host_key_files; i++) 980 for (i = 0; i < options.num_host_key_files; i++)
966 sensitive_data.host_keys[i] = NULL; 981 sensitive_data.host_keys[i] = NULL;
967 sensitive_data.server_key = NULL; 982 sensitive_data.server_key = NULL;
@@ -1040,7 +1055,14 @@ main(int ac, char **av)
1040 (S_ISDIR(st.st_mode) == 0)) 1055 (S_ISDIR(st.st_mode) == 0))
1041 fatal("Missing privilege separation directory: %s", 1056 fatal("Missing privilege separation directory: %s",
1042 _PATH_PRIVSEP_CHROOT_DIR); 1057 _PATH_PRIVSEP_CHROOT_DIR);
1058
1059#ifdef HAVE_CYGWIN
1060 if (check_ntsec(_PATH_PRIVSEP_CHROOT_DIR) &&
1061 (st.st_uid != getuid () ||
1062 (st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
1063#else
1043 if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) 1064 if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
1065#endif
1044 fatal("Bad owner or mode for %s", 1066 fatal("Bad owner or mode for %s",
1045 _PATH_PRIVSEP_CHROOT_DIR); 1067 _PATH_PRIVSEP_CHROOT_DIR);
1046 } 1068 }
@@ -1140,17 +1162,12 @@ main(int ac, char **av)
1140 continue; 1162 continue;
1141 } 1163 }
1142 /* 1164 /*
1143 * Set socket options. We try to make the port 1165 * Set socket options.
1144 * reusable and have it close as fast as possible 1166 * Allow local port reuse in TIME_WAIT.
1145 * without waiting in unnecessary wait states on
1146 * close.
1147 */ 1167 */
1148 setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, 1168 if (setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR,
1149 &on, sizeof(on)); 1169 &on, sizeof(on)) == -1)
1150 linger.l_onoff = 1; 1170 error("setsockopt SO_REUSEADDR: %s", strerror(errno));
1151 linger.l_linger = 5;
1152 setsockopt(listen_sock, SOL_SOCKET, SO_LINGER,
1153 &linger, sizeof(linger));
1154 1171
1155 debug("Bind to port %s on %s.", strport, ntop); 1172 debug("Bind to port %s on %s.", strport, ntop);
1156 1173
@@ -1399,16 +1416,6 @@ main(int ac, char **av)
1399 signal(SIGCHLD, SIG_DFL); 1416 signal(SIGCHLD, SIG_DFL);
1400 signal(SIGINT, SIG_DFL); 1417 signal(SIGINT, SIG_DFL);
1401 1418
1402 /*
1403 * Set socket options for the connection. We want the socket to
1404 * close as fast as possible without waiting for anything. If the
1405 * connection is not a socket, these will do nothing.
1406 */
1407 /* setsockopt(sock_in, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */
1408 linger.l_onoff = 1;
1409 linger.l_linger = 5;
1410 setsockopt(sock_in, SOL_SOCKET, SO_LINGER, &linger, sizeof(linger));
1411
1412 /* Set keepalives if requested. */ 1419 /* Set keepalives if requested. */
1413 if (options.keepalives && 1420 if (options.keepalives &&
1414 setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, 1421 setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on,
@@ -1596,7 +1603,7 @@ do_ssh1_kex(void)
1596 u_char session_key[SSH_SESSION_KEY_LENGTH]; 1603 u_char session_key[SSH_SESSION_KEY_LENGTH];
1597 u_char cookie[8]; 1604 u_char cookie[8];
1598 u_int cipher_type, auth_mask, protocol_flags; 1605 u_int cipher_type, auth_mask, protocol_flags;
1599 u_int32_t rand = 0; 1606 u_int32_t rnd = 0;
1600 1607
1601 /* 1608 /*
1602 * Generate check bytes that the client must send back in the user 1609 * Generate check bytes that the client must send back in the user
@@ -1609,9 +1616,9 @@ do_ssh1_kex(void)
1609 */ 1616 */
1610 for (i = 0; i < 8; i++) { 1617 for (i = 0; i < 8; i++) {
1611 if (i % 4 == 0) 1618 if (i % 4 == 0)
1612 rand = arc4random(); 1619 rnd = arc4random();
1613 cookie[i] = rand & 0xff; 1620 cookie[i] = rnd & 0xff;
1614 rand >>= 8; 1621 rnd >>= 8;
1615 } 1622 }
1616 1623
1617 /* 1624 /*
diff --git a/sshd_config b/sshd_config
index d57346bef..36429c9d0 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
1# $OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $ 1# $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $
2 2
3# This is the sshd server system-wide configuration file. See 3# This is the sshd server system-wide configuration file. See
4# sshd_config(5) for more information. 4# sshd_config(5) for more information.
@@ -32,7 +32,7 @@
32 32
33# Authentication: 33# Authentication:
34 34
35#LoginGraceTime 600 35#LoginGraceTime 120
36#PermitRootLogin yes 36#PermitRootLogin yes
37#StrictModes yes 37#StrictModes yes
38 38
@@ -71,7 +71,7 @@
71 71
72# Set this to 'yes' to enable PAM keyboard-interactive authentication 72# Set this to 'yes' to enable PAM keyboard-interactive authentication
73# Warning: enabling this may bypass the setting of 'PasswordAuthentication' 73# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
74#PAMAuthenticationViaKbdInt yes 74#PAMAuthenticationViaKbdInt no
75 75
76#X11Forwarding no 76#X11Forwarding no
77#X11DisplayOffset 10 77#X11DisplayOffset 10
@@ -81,6 +81,7 @@
81#KeepAlive yes 81#KeepAlive yes
82#UseLogin no 82#UseLogin no
83#UsePrivilegeSeparation yes 83#UsePrivilegeSeparation yes
84#PermitUserEnvironment no
84#Compression yes 85#Compression yes
85 86
86#MaxStartups 10 87#MaxStartups 10
diff --git a/sshd_config.0 b/sshd_config.0
index 720cc3f80..a4e31be0f 100644
--- a/sshd_config.0
+++ b/sshd_config.0
@@ -219,7 +219,7 @@ DESCRIPTION
219 LoginGraceTime 219 LoginGraceTime
220 The server disconnects after this time if the user has not sucM-- 220 The server disconnects after this time if the user has not sucM--
221 cessfully logged in. If the value is 0, there is no time limit. 221 cessfully logged in. If the value is 0, there is no time limit.
222 The default is 600 (seconds). 222 The default is 120 seconds.
223 223
224 LogLevel 224 LogLevel
225 Gives the verbosity level that is used when logging messages from 225 Gives the verbosity level that is used when logging messages from
@@ -280,6 +280,13 @@ DESCRIPTION
280 280
281 If this option is set to ``no'' root is not allowed to login. 281 If this option is set to ``no'' root is not allowed to login.
282 282
283 PermitUserEnvironment
284 Specifies whether ~/.ssh/environment and environment= options in
285 ~/.ssh/authorized_keys are processed by sshd. The default is
286 ``no''. Enabling environment processing may enable users to
287 bypass access restrictions in some configurations using mechaM--
288 nisms such as LD_PRELOAD.
289
283 PidFile 290 PidFile
284 Specifies the file that contains the process ID of the sshd daeM-- 291 Specifies the file that contains the process ID of the sshd daeM--
285 mon. The default is /var/run/sshd.pid. 292 mon. The default is /var/run/sshd.pid.
@@ -298,9 +305,12 @@ DESCRIPTION
298 /etc/profile, or equivalent.) The default is ``yes''. 305 /etc/profile, or equivalent.) The default is ``yes''.
299 306
300 Protocol 307 Protocol
301 Specifies the protocol versions sshd should support. The possiM-- 308 Specifies the protocol versions sshd supports. The possible valM--
302 ble values are ``1'' and ``2''. Multiple versions must be comma- 309 ues are ``1'' and ``2''. Multiple versions must be comma-sepaM--
303 separated. The default is ``2,1''. 310 rated. The default is ``2,1''. Note that the order of the proM--
311 tocol list does not indicate preference, because the client
312 selects among multiple protocol versions offered by the server.
313 Specifying ``2,1'' is identical to ``1,2''.
304 314
305 PubkeyAuthentication 315 PubkeyAuthentication
306 Specifies whether public key authentication is allowed. The 316 Specifies whether public key authentication is allowed. The
@@ -380,11 +390,26 @@ DESCRIPTION
380 servers. The default is 10. 390 servers. The default is 10.
381 391
382 X11Forwarding 392 X11Forwarding
383 Specifies whether X11 forwarding is permitted. The default is 393 Specifies whether X11 forwarding is permitted. The argument must
384 ``no''. Note that disabling X11 forwarding does not improve 394 be ``yes'' or ``no''. The default is ``no''.
385 security in any way, as users can always install their own forM-- 395
386 warders. X11 forwarding is automatically disabled if UseLogin is 396 When X11 forwarding is enabled, there may be additional exposure
387 enabled. 397 to the server and to client displays if the sshd proxy display is
398 configured to listen on the wildcard address (see X11UseLocalhost
399 below), however this is not the default. Additionally, the
400 authentication spoofing and authentication data verification and
401 substitution occur on the client side. The security risk of
402 using X11 forwarding is that the client's X11 display server may
403 be exposed to attack when the ssh client requests forwarding (see
404 the warnings for ForwardX11 in ssh_config(5) ). A system adminisM--
405 trator may have a stance in which they want to protect clients
406 that may expose themselves to attack by unwittingly requesting
407 X11 forwarding, which can warrant a ``no'' setting.
408
409 Note that disabling X11 forwarding does not prevent users from
410 forwarding X11 traffic, as users can always install their own
411 forwarders. X11 forwarding is automatically disabled if UseLogin
412 is enabled.
388 413
389 X11UseLocalhost 414 X11UseLocalhost
390 Specifies whether sshd should bind the X11 forwarding server to 415 Specifies whether sshd should bind the X11 forwarding server to
@@ -392,15 +417,15 @@ DESCRIPTION
392 sshd binds the forwarding server to the loopback address and sets 417 sshd binds the forwarding server to the loopback address and sets
393 the hostname part of the DISPLAY environment variable to 418 the hostname part of the DISPLAY environment variable to
394 ``localhost''. This prevents remote hosts from connecting to the 419 ``localhost''. This prevents remote hosts from connecting to the
395 fake display. However, some older X11 clients may not function 420 proxy display. However, some older X11 clients may not function
396 with this configuration. X11UseLocalhost may be set to ``no'' to 421 with this configuration. X11UseLocalhost may be set to ``no'' to
397 specify that the forwarding server should be bound to the wildM-- 422 specify that the forwarding server should be bound to the wildM--
398 card address. The argument must be ``yes'' or ``no''. The 423 card address. The argument must be ``yes'' or ``no''. The
399 default is ``yes''. 424 default is ``yes''.
400 425
401 XAuthLocation 426 XAuthLocation
402 Specifies the location of the xauth(1) program. The default is 427 Specifies the full pathname of the xauth(1) program. The default
403 /usr/X11R6/bin/xauth. 428 is /usr/X11R6/bin/xauth.
404 429
405 Time Formats 430 Time Formats
406 431
diff --git a/sshd_config.5 b/sshd_config.5
index aa7b7c7d4..0944ba076 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd_config.5,v 1.4 2002/06/22 16:45:29 stevesk Exp $ 37.\" $OpenBSD: sshd_config.5,v 1.13 2002/09/16 20:12:11 stevesk Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSHD_CONFIG 5 39.Dt SSHD_CONFIG 5
40.Os 40.Os
@@ -379,7 +379,7 @@ options must precede this option for non port qualified addresses.
379The server disconnects after this time if the user has not 379The server disconnects after this time if the user has not
380successfully logged in. 380successfully logged in.
381If the value is 0, there is no time limit. 381If the value is 0, there is no time limit.
382The default is 600 (seconds). 382The default is 120 seconds.
383.It Cm LogLevel 383.It Cm LogLevel
384Gives the verbosity level that is used when logging messages from 384Gives the verbosity level that is used when logging messages from
385.Nm sshd . 385.Nm sshd .
@@ -465,6 +465,20 @@ for root.
465If this option is set to 465If this option is set to
466.Dq no 466.Dq no
467root is not allowed to login. 467root is not allowed to login.
468.It Cm PermitUserEnvironment
469Specifies whether
470.Pa ~/.ssh/environment
471and
472.Cm environment=
473options in
474.Pa ~/.ssh/authorized_keys
475are processed by
476.Nm sshd .
477The default is
478.Dq no .
479Enabling environment processing may enable users to bypass access
480restrictions in some configurations using mechanisms such as
481.Ev LD_PRELOAD .
468.It Cm PidFile 482.It Cm PidFile
469Specifies the file that contains the process ID of the 483Specifies the file that contains the process ID of the
470.Nm sshd 484.Nm sshd
@@ -499,7 +513,7 @@ The default is
499.It Cm Protocol 513.It Cm Protocol
500Specifies the protocol versions 514Specifies the protocol versions
501.Nm sshd 515.Nm sshd
502should support. 516supports.
503The possible values are 517The possible values are
504.Dq 1 518.Dq 1
505and 519and
@@ -507,6 +521,13 @@ and
507Multiple versions must be comma-separated. 521Multiple versions must be comma-separated.
508The default is 522The default is
509.Dq 2,1 . 523.Dq 2,1 .
524Note that the order of the protocol list does not indicate preference,
525because the client selects among multiple protocol versions offered
526by the server.
527Specifying
528.Dq 2,1
529is identical to
530.Dq 1,2 .
510.It Cm PubkeyAuthentication 531.It Cm PubkeyAuthentication
511Specifies whether public key authentication is allowed. 532Specifies whether public key authentication is allowed.
512The default is 533The default is
@@ -609,10 +630,35 @@ from interfering with real X11 servers.
609The default is 10. 630The default is 10.
610.It Cm X11Forwarding 631.It Cm X11Forwarding
611Specifies whether X11 forwarding is permitted. 632Specifies whether X11 forwarding is permitted.
633The argument must be
634.Dq yes
635or
636.Dq no .
612The default is 637The default is
613.Dq no . 638.Dq no .
614Note that disabling X11 forwarding does not improve security in any 639.Pp
615way, as users can always install their own forwarders. 640When X11 forwarding is enabled, there may be additional exposure to
641the server and to client displays if the
642.Nm sshd
643proxy display is configured to listen on the wildcard address (see
644.Cm X11UseLocalhost
645below), however this is not the default.
646Additionally, the authentication spoofing and authentication data
647verification and substitution occur on the client side.
648The security risk of using X11 forwarding is that the client's X11
649display server may be exposed to attack when the ssh client requests
650forwarding (see the warnings for
651.Cm ForwardX11
652in
653.Xr ssh_config 5 ).
654A system administrator may have a stance in which they want to
655protect clients that may expose themselves to attack by unwittingly
656requesting X11 forwarding, which can warrant a
657.Dq no
658setting.
659.Pp
660Note that disabling X11 forwarding does not prevent users from
661forwarding X11 traffic, as users can always install their own forwarders.
616X11 forwarding is automatically disabled if 662X11 forwarding is automatically disabled if
617.Cm UseLogin 663.Cm UseLogin
618is enabled. 664is enabled.
@@ -627,7 +673,7 @@ hostname part of the
627.Ev DISPLAY 673.Ev DISPLAY
628environment variable to 674environment variable to
629.Dq localhost . 675.Dq localhost .
630This prevents remote hosts from connecting to the fake display. 676This prevents remote hosts from connecting to the proxy display.
631However, some older X11 clients may not function with this 677However, some older X11 clients may not function with this
632configuration. 678configuration.
633.Cm X11UseLocalhost 679.Cm X11UseLocalhost
@@ -642,7 +688,7 @@ or
642The default is 688The default is
643.Dq yes . 689.Dq yes .
644.It Cm XAuthLocation 690.It Cm XAuthLocation
645Specifies the location of the 691Specifies the full pathname of the
646.Xr xauth 1 692.Xr xauth 1
647program. 693program.
648The default is 694The default is
@@ -654,7 +700,7 @@ The default is
654command-line arguments and configuration file options that specify time 700command-line arguments and configuration file options that specify time
655may be expressed using a sequence of the form: 701may be expressed using a sequence of the form:
656.Sm off 702.Sm off
657.Ar time Oo Ar qualifier Oc , 703.Ar time Op Ar qualifier ,
658.Sm on 704.Sm on
659where 705where
660.Ar time 706.Ar time
diff --git a/sshlogin.c b/sshlogin.c
index e76f94534..4cd1c0059 100644
--- a/sshlogin.c
+++ b/sshlogin.c
@@ -39,7 +39,7 @@
39 */ 39 */
40 40
41#include "includes.h" 41#include "includes.h"
42RCSID("$OpenBSD: sshlogin.c,v 1.4 2002/06/23 03:30:17 deraadt Exp $"); 42RCSID("$OpenBSD: sshlogin.c,v 1.5 2002/08/29 15:57:25 stevesk Exp $");
43 43
44#include "loginrec.h" 44#include "loginrec.h"
45 45
@@ -65,7 +65,7 @@ get_last_login_time(uid_t uid, const char *logname,
65 */ 65 */
66void 66void
67record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid, 67record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid,
68 const char *host, struct sockaddr * addr) 68 const char *host, struct sockaddr * addr, socklen_t addrlen)
69{ 69{
70 struct logininfo *li; 70 struct logininfo *li;
71 71
diff --git a/sshlogin.h b/sshlogin.h
index bd30278e0..287c0d9f6 100644
--- a/sshlogin.h
+++ b/sshlogin.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshlogin.h,v 1.3 2001/06/26 17:27:25 markus Exp $ */ 1/* $OpenBSD: sshlogin.h,v 1.4 2002/08/29 15:57:25 stevesk Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -16,7 +16,7 @@
16 16
17void 17void
18record_login(pid_t, const char *, const char *, uid_t, 18record_login(pid_t, const char *, const char *, uid_t,
19 const char *, struct sockaddr *); 19 const char *, struct sockaddr *, socklen_t);
20void record_logout(pid_t, const char *, const char *); 20void record_logout(pid_t, const char *, const char *);
21u_long get_last_login_time(uid_t, const char *, char *, u_int); 21u_long get_last_login_time(uid_t, const char *, char *, u_int);
22 22
diff --git a/sshpty.c b/sshpty.c
index 64ac4e599..28d0e310c 100644
--- a/sshpty.c
+++ b/sshpty.c
@@ -162,7 +162,7 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
162 } 162 }
163 return 1; 163 return 1;
164#else /* HAVE_DEV_PTS_AND_PTC */ 164#else /* HAVE_DEV_PTS_AND_PTC */
165#ifdef _CRAY 165#ifdef _UNICOS
166 char buf[64]; 166 char buf[64];
167 int i; 167 int i;
168 int highpty; 168 int highpty;
@@ -268,7 +268,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname)
268 void *old; 268 void *old;
269#endif /* USE_VHANGUP */ 269#endif /* USE_VHANGUP */
270 270
271#ifdef _CRAY 271#ifdef _UNICOS
272 if (setsid() < 0) 272 if (setsid() < 0)
273 error("setsid: %.100s", strerror(errno)); 273 error("setsid: %.100s", strerror(errno));
274 274
@@ -290,7 +290,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname)
290 error("%.100s: %.100s", ttyname, strerror(errno)); 290 error("%.100s: %.100s", ttyname, strerror(errno));
291 close(*ttyfd); 291 close(*ttyfd);
292 *ttyfd = fd; 292 *ttyfd = fd;
293#else /* _CRAY */ 293#else /* _UNICOS */
294 294
295 /* First disconnect from the old controlling tty. */ 295 /* First disconnect from the old controlling tty. */
296#ifdef TIOCNOTTY 296#ifdef TIOCNOTTY
@@ -345,7 +345,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname)
345 strerror(errno)); 345 strerror(errno));
346 else 346 else
347 close(fd); 347 close(fd);
348#endif /* _CRAY */ 348#endif /* _UNICOS */
349} 349}
350 350
351/* Changes the window size associated with the pty. */ 351/* Changes the window size associated with the pty. */
diff --git a/uidswap.c b/uidswap.c
index 0a772c7b3..86c61a4b0 100644
--- a/uidswap.c
+++ b/uidswap.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: uidswap.c,v 1.22 2002/05/28 21:24:00 stevesk Exp $"); 15RCSID("$OpenBSD: uidswap.c,v 1.23 2002/07/15 17:15:31 stevesk Exp $");
16 16
17#include "log.h" 17#include "log.h"
18#include "uidswap.h" 18#include "uidswap.h"
@@ -52,8 +52,9 @@ temporarily_use_uid(struct passwd *pw)
52#ifdef SAVED_IDS_WORK_WITH_SETEUID 52#ifdef SAVED_IDS_WORK_WITH_SETEUID
53 saved_euid = geteuid(); 53 saved_euid = geteuid();
54 saved_egid = getegid(); 54 saved_egid = getegid();
55 debug("temporarily_use_uid: %u/%u (e=%u)", 55 debug("temporarily_use_uid: %u/%u (e=%u/%u)",
56 (u_int)pw->pw_uid, (u_int)pw->pw_gid, (u_int)saved_euid); 56 (u_int)pw->pw_uid, (u_int)pw->pw_gid,
57 (u_int)saved_euid, (u_int)saved_egid);
57 if (saved_euid != 0) { 58 if (saved_euid != 0) {
58 privileged = 0; 59 privileged = 0;
59 return; 60 return;
@@ -105,14 +106,16 @@ temporarily_use_uid(struct passwd *pw)
105void 106void
106restore_uid(void) 107restore_uid(void)
107{ 108{
108 debug("restore_uid");
109 /* it's a no-op unless privileged */ 109 /* it's a no-op unless privileged */
110 if (!privileged) 110 if (!privileged) {
111 debug("restore_uid: (unprivileged)");
111 return; 112 return;
113 }
112 if (!temporarily_use_uid_effective) 114 if (!temporarily_use_uid_effective)
113 fatal("restore_uid: temporarily_use_uid not effective"); 115 fatal("restore_uid: temporarily_use_uid not effective");
114 116
115#ifdef SAVED_IDS_WORK_WITH_SETEUID 117#ifdef SAVED_IDS_WORK_WITH_SETEUID
118 debug("restore_uid: %u/%u", (u_int)saved_euid, (u_int)saved_egid);
116 /* Set the effective uid back to the saved privileged uid. */ 119 /* Set the effective uid back to the saved privileged uid. */
117 if (seteuid(saved_euid) < 0) 120 if (seteuid(saved_euid) < 0)
118 fatal("seteuid %u: %.100s", (u_int)saved_euid, strerror(errno)); 121 fatal("seteuid %u: %.100s", (u_int)saved_euid, strerror(errno));
@@ -142,6 +145,8 @@ permanently_set_uid(struct passwd *pw)
142{ 145{
143 if (temporarily_use_uid_effective) 146 if (temporarily_use_uid_effective)
144 fatal("permanently_set_uid: temporarily_use_uid effective"); 147 fatal("permanently_set_uid: temporarily_use_uid effective");
148 debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,
149 (u_int)pw->pw_gid);
145 if (setgid(pw->pw_gid) < 0) 150 if (setgid(pw->pw_gid) < 0)
146 fatal("setgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); 151 fatal("setgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
147 if (setuid(pw->pw_uid) < 0) 152 if (setuid(pw->pw_uid) < 0)
diff --git a/uuencode.c b/uuencode.c
index 89fcb0815..21eaf4d3f 100644
--- a/uuencode.c
+++ b/uuencode.c
@@ -23,9 +23,10 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: uuencode.c,v 1.16 2002/09/09 14:54:15 markus Exp $");
27
26#include "xmalloc.h" 28#include "xmalloc.h"
27#include "uuencode.h" 29#include "uuencode.h"
28RCSID("$OpenBSD: uuencode.c,v 1.15 2002/03/04 17:27:39 stevesk Exp $");
29 30
30int 31int
31uuencode(u_char *src, u_int srclength, 32uuencode(u_char *src, u_int srclength,
@@ -57,7 +58,7 @@ uudecode(const char *src, u_char *target, size_t targsize)
57void 58void
58dump_base64(FILE *fp, u_char *data, u_int len) 59dump_base64(FILE *fp, u_char *data, u_int len)
59{ 60{
60 u_char *buf = xmalloc(2*len); 61 char *buf = xmalloc(2*len);
61 int i, n; 62 int i, n;
62 63
63 n = uuencode(data, len, buf, 2*len); 64 n = uuencode(data, len, buf, 2*len);
diff --git a/version.h b/version.h
index 1e9b43128..1f1129924 100644
--- a/version.h
+++ b/version.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: version.h,v 1.34 2002/06/26 13:56:27 markus Exp $ */ 1/* $OpenBSD: version.h,v 1.35 2002/10/01 13:24:50 markus Exp $ */
2 2
3#define SSH_VERSION "OpenSSH_3.4p1" 3#define SSH_VERSION "OpenSSH_3.5p1"
4 4