diff options
author | Colin Watson <cjwatson@debian.org> | 2003-09-01 02:05:26 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2003-09-01 02:05:26 +0000 |
commit | 6d5a72bc1d98a42ba42f082e50a22e911c1d82d3 (patch) | |
tree | 1bf23174bdb6fc71e2846dda0eca195a418484e7 | |
parent | 2ee26b431f98cf1dc0e4fb9809ad1e0c879b8c08 (diff) | |
parent | 58657d96514cd6f16d82add8d6f4adbb36765758 (diff) |
Debian release 3.5p1-1.
164 files changed, 6844 insertions, 3676 deletions
@@ -76,6 +76,7 @@ Phill Camp <P.S.S.Camp@ukc.ac.uk> - login code fix | |||
76 | Rip Loomis <loomisg@cist.saic.com> - Solaris package support, fixes | 76 | Rip Loomis <loomisg@cist.saic.com> - Solaris package support, fixes |
77 | SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp> - Multiple bugfixes | 77 | SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp> - Multiple bugfixes |
78 | Simon Wilkinson <sxw@dcs.ed.ac.uk> - PAM fixes, Compat with MIT KrbV | 78 | Simon Wilkinson <sxw@dcs.ed.ac.uk> - PAM fixes, Compat with MIT KrbV |
79 | Solar Designer <solar@openwall.com> - many patches and technical assistance | ||
79 | Svante Signell <svante.signell@telia.com> - Bugfixes | 80 | Svante Signell <svante.signell@telia.com> - Bugfixes |
80 | Thomas Neumann <tom@smart.ruhr.de> - Shadow passwords | 81 | Thomas Neumann <tom@smart.ruhr.de> - Shadow passwords |
81 | Tim Rice <tim@multitalents.net> - Portability & SCO fixes | 82 | Tim Rice <tim@multitalents.net> - Portability & SCO fixes |
@@ -90,5 +91,5 @@ Apologies to anyone I have missed. | |||
90 | 91 | ||
91 | Damien Miller <djm@mindrot.org> | 92 | Damien Miller <djm@mindrot.org> |
92 | 93 | ||
93 | $Id: CREDITS,v 1.66 2002/04/13 01:04:40 djm Exp $ | 94 | $Id: CREDITS,v 1.67 2002/07/28 20:31:19 stevesk Exp $ |
94 | 95 | ||
@@ -1,3 +1,599 @@ | |||
1 | 20021003 | ||
2 | - (djm) OpenBSD CVS Sync | ||
3 | - markus@cvs.openbsd.org 2002/10/01 20:34:12 | ||
4 | [ssh-agent.c] | ||
5 | allow root to access the agent, since there is no protection from root. | ||
6 | - markus@cvs.openbsd.org 2002/10/01 13:24:50 | ||
7 | [version.h] | ||
8 | OpenSSH 3.5 | ||
9 | - (djm) Bump RPM spec version numbers | ||
10 | - (djm) Bug #406 s/msg_send/ssh_msh_send/ for Mac OS X 1.2 | ||
11 | |||
12 | 20020930 | ||
13 | - (djm) Tidy contrib/, add Makefile for GNOME passphrase dialogs, | ||
14 | tweak README | ||
15 | - (djm) OpenBSD CVS Sync | ||
16 | - mickey@cvs.openbsd.org 2002/09/27 10:42:09 | ||
17 | [compat.c compat.h sshd.c] | ||
18 | add a generic match for a prober, such as sie big brother; | ||
19 | idea from stevesk@; markus@ ok | ||
20 | - stevesk@cvs.openbsd.org 2002/09/27 15:46:21 | ||
21 | [ssh.1] | ||
22 | clarify compression level protocol 1 only; ok markus@ deraadt@ | ||
23 | |||
24 | 20020927 | ||
25 | - (djm) OpenBSD CVS Sync | ||
26 | - markus@cvs.openbsd.org 2002/09/25 11:17:16 | ||
27 | [sshd_config] | ||
28 | sync LoginGraceTime with default | ||
29 | - markus@cvs.openbsd.org 2002/09/25 15:19:02 | ||
30 | [sshd.c] | ||
31 | typo; pilot@monkey.org | ||
32 | - markus@cvs.openbsd.org 2002/09/26 11:38:43 | ||
33 | [auth1.c auth.h auth-krb4.c monitor.c monitor.h monitor_wrap.c] | ||
34 | [monitor_wrap.h] | ||
35 | krb4 + privsep; ok dugsong@, deraadt@ | ||
36 | |||
37 | 20020925 | ||
38 | - (bal) Fix issue where successfull login does not clear failure counts | ||
39 | in AIX. Patch by dtucker@zip.com.au ok by djm | ||
40 | - (tim) Cray fixes (bug 367) based on patch from Wendy Palm @ cray. | ||
41 | This does not include the deattack.c fixes. | ||
42 | |||
43 | 20020923 | ||
44 | - (djm) OpenBSD CVS Sync | ||
45 | - stevesk@cvs.openbsd.org 2002/09/23 20:46:27 | ||
46 | [canohost.c] | ||
47 | change get_peer_ipaddr() and get_local_ipaddr() to not return NULL for | ||
48 | non-sockets; fixes a problem passing NULL to snprintf(). ok markus@ | ||
49 | - markus@cvs.openbsd.org 2002/09/23 22:11:05 | ||
50 | [monitor.c] | ||
51 | only call auth_krb5 if kerberos is enabled; ok deraadt@ | ||
52 | - markus@cvs.openbsd.org 2002/09/24 08:46:04 | ||
53 | [monitor.c] | ||
54 | only call kerberos code for authctxt->valid | ||
55 | - todd@cvs.openbsd.org 2002/09/24 20:59:44 | ||
56 | [sshd.8] | ||
57 | tweak the example $HOME/.ssh/rc script to not show on any cmdline the | ||
58 | sensitive data it handles. This fixes bug # 402 as reported by | ||
59 | kolya@mit.edu (Nickolai Zeldovich). | ||
60 | ok markus@ and stevesk@ | ||
61 | |||
62 | 20020923 | ||
63 | - (tim) [configure.ac] s/return/exit/ patch by dtucker@zip.com.au | ||
64 | |||
65 | 20020922 | ||
66 | - (djm) OpenBSD CVS Sync | ||
67 | - stevesk@cvs.openbsd.org 2002/09/19 14:53:14 | ||
68 | [compat.c] | ||
69 | - markus@cvs.openbsd.org 2002/09/19 15:51:23 | ||
70 | [ssh-add.c] | ||
71 | typo; cd@kalkatraz.de | ||
72 | - stevesk@cvs.openbsd.org 2002/09/19 16:03:15 | ||
73 | [serverloop.c] | ||
74 | log IP address also; ok markus@ | ||
75 | - stevesk@cvs.openbsd.org 2002/09/20 18:41:29 | ||
76 | [auth.c] | ||
77 | log illegal user here for missing privsep case (ssh2). | ||
78 | this is executed in the monitor. ok markus@ | ||
79 | |||
80 | 20020919 | ||
81 | - (djm) OpenBSD CVS Sync | ||
82 | - stevesk@cvs.openbsd.org 2002/09/12 19:11:52 | ||
83 | [ssh-agent.c] | ||
84 | %u for uid print; ok markus@ | ||
85 | - stevesk@cvs.openbsd.org 2002/09/12 19:50:36 | ||
86 | [session.c ssh.1] | ||
87 | add SSH_CONNECTION and deprecate SSH_CLIENT; bug #384. ok markus@ | ||
88 | - stevesk@cvs.openbsd.org 2002/09/13 19:23:09 | ||
89 | [channels.c sshconnect.c sshd.c] | ||
90 | remove use of SO_LINGER, it should not be needed. error check | ||
91 | SO_REUSEADDR. fixup comments. ok markus@ | ||
92 | - stevesk@cvs.openbsd.org 2002/09/16 19:55:33 | ||
93 | [session.c] | ||
94 | log when _PATH_NOLOGIN exists; ok markus@ | ||
95 | - stevesk@cvs.openbsd.org 2002/09/16 20:12:11 | ||
96 | [sshd_config.5] | ||
97 | more details on X11Forwarding security issues and threats; ok markus@ | ||
98 | - stevesk@cvs.openbsd.org 2002/09/16 22:03:13 | ||
99 | [sshd.8] | ||
100 | reference moduli(5) in FILES /etc/moduli. | ||
101 | - itojun@cvs.openbsd.org 2002/09/17 07:47:02 | ||
102 | [channels.c] | ||
103 | don't quit while creating X11 listening socket. | ||
104 | http://mail-index.netbsd.org/current-users/2002/09/16/0005.html | ||
105 | got from portable. markus ok | ||
106 | - djm@cvs.openbsd.org 2002/09/19 01:58:18 | ||
107 | [ssh.c sshconnect.c] | ||
108 | bugzilla.mindrot.org #223 - ProxyCommands don't exit. | ||
109 | Patch from dtucker@zip.com.au; ok markus@ | ||
110 | |||
111 | 20020912 | ||
112 | - (djm) Made GNOME askpass programs return non-zero if cancel button is | ||
113 | pressed. | ||
114 | - (djm) Added getpeereid() replacement. Properly implemented for systems | ||
115 | with SO_PEERCRED support. Faked for systems which lack it. | ||
116 | - (djm) Sync sys/tree.h with OpenBSD -current. Rename tree.h and | ||
117 | fake-queue.h to sys-tree.h and sys-queue.h | ||
118 | - (djm) OpenBSD CVS Sync | ||
119 | - markus@cvs.openbsd.org 2002/09/08 20:24:08 | ||
120 | [hostfile.h] | ||
121 | no comma at end of enumerator list | ||
122 | - itojun@cvs.openbsd.org 2002/09/09 06:48:06 | ||
123 | [auth1.c auth.h auth-krb5.c monitor.c monitor.h] | ||
124 | [monitor_wrap.c monitor_wrap.h] | ||
125 | kerberos support for privsep. confirmed to work by lha@stacken.kth.se | ||
126 | patch from markus | ||
127 | - markus@cvs.openbsd.org 2002/09/09 14:54:15 | ||
128 | [channels.c kex.h key.c monitor.c monitor_wrap.c radix.c uuencode.c] | ||
129 | signed vs unsigned from -pedantic; ok henning@ | ||
130 | - markus@cvs.openbsd.org 2002/09/10 20:24:47 | ||
131 | [ssh-agent.c] | ||
132 | check the euid of the connecting process with getpeereid(2); | ||
133 | ok provos deraadt stevesk | ||
134 | - stevesk@cvs.openbsd.org 2002/09/11 17:55:03 | ||
135 | [ssh.1] | ||
136 | add agent and X11 forwarding warning text from ssh_config.5; ok markus@ | ||
137 | - stevesk@cvs.openbsd.org 2002/09/11 18:27:26 | ||
138 | [authfd.c authfd.h ssh.c] | ||
139 | don't connect to agent to test for presence if we've previously | ||
140 | connected; ok markus@ | ||
141 | - djm@cvs.openbsd.org 2002/09/11 22:41:50 | ||
142 | [sftp.1 sftp-client.c sftp-client.h sftp-common.c sftp-common.h] | ||
143 | [sftp-glob.c sftp-glob.h sftp-int.c sftp-server.c] | ||
144 | support for short/long listings and globbing in "ls"; ok markus@ | ||
145 | - djm@cvs.openbsd.org 2002/09/12 00:13:06 | ||
146 | [sftp-int.c] | ||
147 | zap unused var introduced in last commit | ||
148 | |||
149 | 20020911 | ||
150 | - (djm) Sync openbsd-compat with OpenBSD -current | ||
151 | |||
152 | 20020910 | ||
153 | - (djm) Bug #365: Read /.ssh/environment properly under CygWin. | ||
154 | Patch from Mark Bradshaw <bradshaw@staff.crosswalk.com> | ||
155 | - (djm) Bug #138: Make protocol 1 blowfish work with old OpenSSL. | ||
156 | Patch from Robert Halubek <rob@adso.com.pl> | ||
157 | |||
158 | 20020905 | ||
159 | - (djm) OpenBSD CVS Sync | ||
160 | - stevesk@cvs.openbsd.org 2002/09/04 18:52:42 | ||
161 | [servconf.c sshd.8 sshd_config.5] | ||
162 | default LoginGraceTime to 2m; 1m may be too short for slow systems. | ||
163 | ok markus@ | ||
164 | - (djm) Merge openssh-TODO.patch from Redhat (null) beta | ||
165 | - (djm) Add gnome-ssh-askpass2.c (gtk2) by merge with patch from | ||
166 | Nalin Dahyabhai <nalin@redhat.com> | ||
167 | - (djm) Add support for building gtk2 password requestor from Redhat beta | ||
168 | |||
169 | 20020903 | ||
170 | - (djm) Patch from itojun@ for Darwin OS: test getaddrinfo, reorder libcrypt | ||
171 | - (djm) Fix Redhat RPM build dependancy test | ||
172 | - (djm) OpenBSD CVS Sync | ||
173 | - markus@cvs.openbsd.org 2002/08/12 10:46:35 | ||
174 | [ssh-agent.c] | ||
175 | make ssh-agent setgid, disallow ptrace. | ||
176 | - espie@cvs.openbsd.org 2002/08/21 11:20:59 | ||
177 | [sshd.8] | ||
178 | `RSA' updated to refer to `public key', where it matters. | ||
179 | okay markus@ | ||
180 | - stevesk@cvs.openbsd.org 2002/08/21 19:38:06 | ||
181 | [servconf.c sshd.8 sshd_config sshd_config.5] | ||
182 | change LoginGraceTime default to 1 minute; ok mouring@ markus@ | ||
183 | - stevesk@cvs.openbsd.org 2002/08/21 20:10:28 | ||
184 | [ssh-agent.c] | ||
185 | raise listen backlog; ok markus@ | ||
186 | - stevesk@cvs.openbsd.org 2002/08/22 19:27:53 | ||
187 | [ssh-agent.c] | ||
188 | use common close function; ok markus@ | ||
189 | - stevesk@cvs.openbsd.org 2002/08/22 19:38:42 | ||
190 | [clientloop.c] | ||
191 | format with current EscapeChar; bugzilla #388 from wknox@mitre.org. | ||
192 | ok markus@ | ||
193 | - stevesk@cvs.openbsd.org 2002/08/22 20:57:19 | ||
194 | [ssh-agent.c] | ||
195 | shutdown(SHUT_RDWR) not needed before close here; ok markus@ | ||
196 | - markus@cvs.openbsd.org 2002/08/22 21:33:58 | ||
197 | [auth1.c auth2.c] | ||
198 | auth_root_allowed() is handled by the monitor in the privsep case, | ||
199 | so skip this for use_privsep, ok stevesk@, fixes bugzilla #387/325 | ||
200 | - markus@cvs.openbsd.org 2002/08/22 21:45:41 | ||
201 | [session.c] | ||
202 | send signal name (not signal number) in "exit-signal" message; noticed | ||
203 | by galb@vandyke.com | ||
204 | - stevesk@cvs.openbsd.org 2002/08/27 17:13:56 | ||
205 | [ssh-rsa.c] | ||
206 | RSA_public_decrypt() returns -1 on error so len must be signed; | ||
207 | ok markus@ | ||
208 | - stevesk@cvs.openbsd.org 2002/08/27 17:18:40 | ||
209 | [ssh_config.5] | ||
210 | some warning text for ForwardAgent and ForwardX11; ok markus@ | ||
211 | - stevesk@cvs.openbsd.org 2002/08/29 15:57:25 | ||
212 | [monitor.c session.c sshlogin.c sshlogin.h] | ||
213 | pass addrlen with sockaddr *; from Hajimu UMEMOTO <ume@FreeBSD.org> | ||
214 | NOTE: there are also p-specific parts to this patch. ok markus@ | ||
215 | - stevesk@cvs.openbsd.org 2002/08/29 16:02:54 | ||
216 | [ssh.1 ssh.c] | ||
217 | deprecate -P as UsePrivilegedPort defaults to no now; ok markus@ | ||
218 | - stevesk@cvs.openbsd.org 2002/08/29 16:09:02 | ||
219 | [ssh_config.5] | ||
220 | more on UsePrivilegedPort and setuid root; ok markus@ | ||
221 | - stevesk@cvs.openbsd.org 2002/08/29 19:49:42 | ||
222 | [ssh.c] | ||
223 | shrink initial privilege bracket for setuid case; ok markus@ | ||
224 | - stevesk@cvs.openbsd.org 2002/08/29 22:54:10 | ||
225 | [ssh_config.5 sshd_config.5] | ||
226 | state XAuthLocation is a full pathname | ||
227 | |||
228 | 20020820 | ||
229 | - OpenBSD CVS Sync | ||
230 | - millert@cvs.openbsd.org 2002/08/02 14:43:15 | ||
231 | [monitor.c monitor_mm.c] | ||
232 | Change mm_zalloc() sanity checks to be more in line with what | ||
233 | we do in calloc() and add a check to monitor_mm.c. | ||
234 | OK provos@ and markus@ | ||
235 | - marc@cvs.openbsd.org 2002/08/02 16:00:07 | ||
236 | [ssh.1 sshd.8] | ||
237 | note that .ssh/environment is only read when | ||
238 | allowed (PermitUserEnvironment in sshd_config). | ||
239 | OK markus@ | ||
240 | - markus@cvs.openbsd.org 2002/08/02 21:23:41 | ||
241 | [ssh-rsa.c] | ||
242 | diff is u_int (2x); ok deraadt/provos | ||
243 | - markus@cvs.openbsd.org 2002/08/02 22:20:30 | ||
244 | [ssh-rsa.c] | ||
245 | replace RSA_verify with our own version and avoid the OpenSSL ASN.1 parser | ||
246 | for authentication; ok deraadt/djm | ||
247 | - aaron@cvs.openbsd.org 2002/08/08 13:50:23 | ||
248 | [sshconnect1.c] | ||
249 | Use & to test if bits are set, not &&; markus@ ok. | ||
250 | - stevesk@cvs.openbsd.org 2002/08/08 23:54:52 | ||
251 | [auth.c] | ||
252 | typo in comment | ||
253 | - stevesk@cvs.openbsd.org 2002/08/09 17:21:42 | ||
254 | [sshd_config.5] | ||
255 | use Op for mdoc conformance; from esr@golux.thyrsus.com | ||
256 | ok aaron@ | ||
257 | - stevesk@cvs.openbsd.org 2002/08/09 17:41:12 | ||
258 | [sshd_config.5] | ||
259 | proxy vs. fake display | ||
260 | - stevesk@cvs.openbsd.org 2002/08/12 17:30:35 | ||
261 | [ssh.1 sshd.8 sshd_config.5] | ||
262 | more PermitUserEnvironment; ok markus@ | ||
263 | - stevesk@cvs.openbsd.org 2002/08/17 23:07:14 | ||
264 | [ssh.1] | ||
265 | ForwardAgent has defaulted to no for over 2 years; be more clear here. | ||
266 | - stevesk@cvs.openbsd.org 2002/08/17 23:55:01 | ||
267 | [ssh_config.5] | ||
268 | ordered list here | ||
269 | - (bal) [defines.h] Some platforms don't have SIZE_T_MAX. So assign | ||
270 | it to ULONG_MAX. | ||
271 | |||
272 | 20020813 | ||
273 | - (tim) [configure.ac] Display OpenSSL header/library version. | ||
274 | Patch by dtucker@zip.com.au | ||
275 | |||
276 | 20020731 | ||
277 | - (bal) OpenBSD CVS Sync | ||
278 | - markus@cvs.openbsd.org 2002/07/24 16:11:18 | ||
279 | [hostfile.c hostfile.h sshconnect.c] | ||
280 | print out all known keys for a host if we get a unknown host key, | ||
281 | see discussion at http://marc.theaimsgroup.com/?t=101069210100016&r=1&w=4 | ||
282 | |||
283 | the ssharp mitm tool attacks users in a similar way, so i'd like to | ||
284 | pointed out again: | ||
285 | A MITM attack is always possible if the ssh client prints: | ||
286 | The authenticity of host 'bla' can't be established. | ||
287 | (protocol version 2 with pubkey authentication allows you to detect | ||
288 | MITM attacks) | ||
289 | - mouring@cvs.openbsd.org 2002/07/25 01:16:59 | ||
290 | [sftp.c] | ||
291 | FallBackToRsh does not exist anywhere else. Remove it from here. | ||
292 | OK deraadt. | ||
293 | - markus@cvs.openbsd.org 2002/07/29 18:57:30 | ||
294 | [sshconnect.c] | ||
295 | print file:line | ||
296 | - markus@cvs.openbsd.org 2002/07/30 17:03:55 | ||
297 | [auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5] | ||
298 | add PermitUserEnvironment (off by default!); from dot@dotat.at; | ||
299 | ok provos, deraadt | ||
300 | |||
301 | 20020730 | ||
302 | - (bal) [uidswap.c] SCO compile correction by gert@greenie.muc.de | ||
303 | |||
304 | 20020728 | ||
305 | - (stevesk) [auth-pam.c] should use PAM_MSG_MEMBER(); from solar | ||
306 | - (stevesk) [CREDITS] solar | ||
307 | - (stevesk) [ssh-rand-helper.c] RAND_bytes() and SHA1_Final() unsigned | ||
308 | char arg. | ||
309 | |||
310 | 20020725 | ||
311 | - (djm) Remove some cruft from INSTALL | ||
312 | - (djm) Latest config.guess and config.sub from ftp://ftp.gnu.org/gnu/config/ | ||
313 | |||
314 | 20020723 | ||
315 | - (bal) [bsd-cray.c bsd-cray.h] Part 2 of Cray merger. | ||
316 | - (bal) sync ID w/ ssh-agent.c | ||
317 | - (bal) OpenBSD Sync | ||
318 | - markus@cvs.openbsd.org 2002/07/19 15:43:33 | ||
319 | [log.c log.h session.c sshd.c] | ||
320 | remove fatal cleanups after fork; based on discussions with and code | ||
321 | from solar. | ||
322 | - stevesk@cvs.openbsd.org 2002/07/19 17:42:40 | ||
323 | [ssh.c] | ||
324 | display a warning from ssh when XAuthLocation does not exist or xauth | ||
325 | returned no authentication data. ok markus@ | ||
326 | - stevesk@cvs.openbsd.org 2002/07/21 18:32:20 | ||
327 | [auth-options.c] | ||
328 | unneeded includes | ||
329 | - stevesk@cvs.openbsd.org 2002/07/21 18:34:43 | ||
330 | [auth-options.h] | ||
331 | remove invalid comment | ||
332 | - markus@cvs.openbsd.org 2002/07/22 11:03:06 | ||
333 | [session.c] | ||
334 | fallback to _PATH_STDPATH on setusercontext+LOGIN_SETPATH errors; | ||
335 | - stevesk@cvs.openbsd.org 2002/07/22 17:32:56 | ||
336 | [monitor.c] | ||
337 | u_int here; ok provos@ | ||
338 | - stevesk@cvs.openbsd.org 2002/07/23 16:03:10 | ||
339 | [sshd.c] | ||
340 | utmp_len is unsigned; display error consistent with other options. | ||
341 | ok markus@ | ||
342 | - stevesk@cvs.openbsd.org 2002/07/15 17:15:31 | ||
343 | [uidswap.c] | ||
344 | little more debugging; ok markus@ | ||
345 | |||
346 | 20020722 | ||
347 | - (bal) AIX tty data limiting patch fix by leigh@solinno.co.uk | ||
348 | - (stevesk) [xmmap.c] missing prototype for fatal() | ||
349 | - (bal) [configure.ac defines.h loginrec.c sshd.c sshpty.c] Partial sync | ||
350 | with Cray (mostly #ifdef renaming). Patch by wendyp@cray.com. | ||
351 | - (bal) [configure.ac] Missing ;; from cray patch. | ||
352 | - (bal) [monitor_mm.c openbsd-compat/xmmap.h] Move xmmap() defines | ||
353 | into it's own header. | ||
354 | - (stevesk) [auth-pam.[ch] session.c] pam_getenvlist() must be | ||
355 | freed by the caller; add free_pam_environment() and use it. | ||
356 | - (stevesk) [auth-pam.c] typo in comment | ||
357 | |||
358 | 20020721 | ||
359 | - (stevesk) [auth-pam.c] merge cosmetic changes from solar's | ||
360 | openssh-3.4p1-owl-password-changing.diff | ||
361 | - (stevesk) [auth-pam.c] merge rest of solar's PAM patch; | ||
362 | PAM_NEW_AUTHTOK_REQD remains in #if 0 for now. | ||
363 | - (stevesk) [auth-pam.c] cast to avoid initialization type mismatch | ||
364 | warning on pam_conv struct conversation function. | ||
365 | - (stevesk) [auth-pam.h] license | ||
366 | - (stevesk) [auth-pam.h] unneeded include | ||
367 | - (stevesk) [auth-pam.[ch] ssh.h] move SSHD_PAM_SERVICE to auth-pam.h | ||
368 | |||
369 | 20020720 | ||
370 | - (stevesk) [ssh-keygen.c] bug #231: always init/seed_rng(). | ||
371 | |||
372 | 20020719 | ||
373 | - (tim) [contrib/solaris/buildpkg.sh] create privsep user/group if needed. | ||
374 | Patch by dtucker@zip.com.au | ||
375 | - (tim) [configure.ac] test for libxnet on HP. Patch by dtucker@zip.com.au | ||
376 | |||
377 | 20020718 | ||
378 | - (tim) [defines.h] Bug 313 patch by dirk.meyer@dinoex.sub.org | ||
379 | - (tim) [monitor_mm.c] add missing declaration for xmmap(). Reported | ||
380 | by ayamura@ayamura.org | ||
381 | - (tim) [configure.ac] Bug 267 rework int64_t test. | ||
382 | - (tim) [includes.h] Bug 267 add stdint.h | ||
383 | |||
384 | 20020717 | ||
385 | - (bal) aixbff package updated by dtucker@zip.com.au | ||
386 | - (tim) [configure.ac] change how we do paths in AC_PATH_PROGS tests | ||
387 | for autoconf 2.53. Based on a patch by jrj@purdue.edu | ||
388 | |||
389 | 20020716 | ||
390 | - (tim) [contrib/solaris/opensshd.in] Only kill sshd if .pid file found | ||
391 | |||
392 | 20020715 | ||
393 | - (bal) OpenBSD CVS Sync | ||
394 | - itojun@cvs.openbsd.org 2002/07/12 13:29:09 | ||
395 | [sshconnect.c] | ||
396 | print connect failure during debugging mode. | ||
397 | - markus@cvs.openbsd.org 2002/07/12 15:50:17 | ||
398 | [cipher.c] | ||
399 | EVP_CIPH_CUSTOM_IV for our own rijndael | ||
400 | - (bal) Remove unused tty defined in do_setusercontext() pointed out by | ||
401 | dtucker@zip.com.au plus a a more KNF since I am near it. | ||
402 | - (bal) Privsep user creation support in Solaris buildpkg.sh by | ||
403 | dtucker@zip.com.au | ||
404 | |||
405 | 20020714 | ||
406 | - (tim) [Makefile.in] replace "id sshd" with "sshd -t" | ||
407 | - (bal/tim) [acconfig.h configure.ac monitor_mm.c servconf.c | ||
408 | openbsd-compat/Makefile.in] support compression on platforms that | ||
409 | have no/broken MAP_ANON. Moved code to openbsd-compat/xmmap.c | ||
410 | Based on patch from nalin@redhat.com of code extracted from Owl's package | ||
411 | - (tim) [ssh_prng_cmds.in] Bug 323 arp -n flag doesn't exist under Solaris. | ||
412 | report by chris@by-design.net | ||
413 | - (tim) [loginrec.c] Bug 347: Fix typo (WTMPX_FILE) report by rodney@bond.net | ||
414 | - (tim) [loginrec.c] Bug 348: add missing found = 1; to wtmpx_islogin() | ||
415 | report by rodney@bond.net | ||
416 | |||
417 | 20020712 | ||
418 | - (tim) [Makefile.in] quiet down install-files: and check-user: | ||
419 | - (tim) [configure.ac] remove unused filepriv line | ||
420 | |||
421 | 20020710 | ||
422 | - (tim) [contrib/cygwin/ssh-host-config] explicitely sets the permissions | ||
423 | on /var/empty to 755 Patch by vinschen@redhat.com | ||
424 | - (bal) OpenBSD CVS Sync | ||
425 | - itojun@cvs.openbsd.org 2002/07/09 11:56:50 | ||
426 | [sshconnect.c] | ||
427 | silently try next address on connect(2). markus ok | ||
428 | - itojun@cvs.openbsd.org 2002/07/09 11:56:27 | ||
429 | [canohost.c] | ||
430 | suppress log on reverse lookup failiure, as there's no real value in | ||
431 | doing so. | ||
432 | markus ok | ||
433 | - itojun@cvs.openbsd.org 2002/07/09 12:04:02 | ||
434 | [sshconnect.c] | ||
435 | ed static function (less warnings) | ||
436 | - stevesk@cvs.openbsd.org 2002/07/09 17:46:25 | ||
437 | [sshd_config.5] | ||
438 | clarify no preference ordering in protocol list; ok markus@ | ||
439 | - itojun@cvs.openbsd.org 2002/07/10 10:28:15 | ||
440 | [sshconnect.c] | ||
441 | bark if all connection attempt fails. | ||
442 | - deraadt@cvs.openbsd.org 2002/07/10 17:53:54 | ||
443 | [rijndael.c] | ||
444 | use right sizeof in memcpy; markus ok | ||
445 | |||
446 | 20020709 | ||
447 | - (bal) NO_IPPORT_RESERVED_CONCEPT used instead of CYGWIN so other platforms | ||
448 | lacking that concept can share it. Patch by vinschen@redhat.com | ||
449 | |||
450 | 20020708 | ||
451 | - (tim) [openssh/contrib/solaris/buildpkg.sh] add PKG_INSTALL_ROOT to | ||
452 | work in a jumpstart environment. patch by kbrint@rufus.net | ||
453 | - (tim) [Makefile.in] workaround for broken pakadd on some systems. | ||
454 | - (tim) [configure.ac] fix libc89 utimes test. Mention default path for | ||
455 | --with-privsep-path= | ||
456 | |||
457 | 20020707 | ||
458 | - (tim) [Makefile.in] use umask instead of chmod on $(PRIVSEP_PATH) | ||
459 | - (tim) [acconfig.h configure.ac sshd.c] | ||
460 | s/BROKEN_FD_PASSING/DISABLE_FD_PASSING/ | ||
461 | - (tim) [contrib/cygwin/ssh-host-config] sshd account creation fixes | ||
462 | patch from vinschen@redhat.com | ||
463 | - (bal) [realpath.c] Updated with OpenBSD tree. | ||
464 | - (bal) OpenBSD CVS Sync | ||
465 | - deraadt@cvs.openbsd.org 2002/07/04 04:15:33 | ||
466 | [key.c monitor_wrap.c sftp-glob.c ssh-dss.c ssh-rsa.c] | ||
467 | patch memory leaks; grendel@zeitbombe.org | ||
468 | - deraadt@cvs.openbsd.org 2002/07/04 08:12:15 | ||
469 | [channels.c packet.c] | ||
470 | blah blah minor nothing as i read and re-read and re-read... | ||
471 | - markus@cvs.openbsd.org 2002/07/04 10:41:47 | ||
472 | [key.c monitor_wrap.c ssh-dss.c ssh-rsa.c] | ||
473 | don't allocate, copy, and discard if there is not interested in the data; | ||
474 | ok deraadt@ | ||
475 | - deraadt@cvs.openbsd.org 2002/07/06 01:00:49 | ||
476 | [log.c] | ||
477 | KNF | ||
478 | - deraadt@cvs.openbsd.org 2002/07/06 01:01:26 | ||
479 | [ssh-keyscan.c] | ||
480 | KNF, realloc fix, and clean usage | ||
481 | - stevesk@cvs.openbsd.org 2002/07/06 17:47:58 | ||
482 | [ssh-keyscan.c] | ||
483 | unused variable | ||
484 | - (bal) Minor KNF on ssh-keyscan.c | ||
485 | |||
486 | 20020705 | ||
487 | - (tim) [configure.ac] AIX 4.2.1 has authenticate() in libs. | ||
488 | Reported by Darren Tucker <dtucker@zip.com.au> | ||
489 | - (tim) [contrib/cygwin/ssh-host-config] double slash corrction | ||
490 | from vinschen@redhat.com | ||
491 | |||
492 | 20020704 | ||
493 | - (bal) Limit data to TTY for AIX only (Newer versions can't handle the | ||
494 | faster data rate) Bug #124 | ||
495 | - (bal) glob.c defines TILDE and AIX also defines it. #undef it first. | ||
496 | bug #265 | ||
497 | - (bal) One too many nulls in ports-aix.c | ||
498 | |||
499 | 20020703 | ||
500 | - (bal) Updated contrib/cygwin/ patch by vinschen@redhat.com | ||
501 | - (bal) minor correction to utimes() replacement. Patch by | ||
502 | onoe@sm.sony.co.jp | ||
503 | - OpenBSD CVS Sync | ||
504 | - markus@cvs.openbsd.org 2002/06/27 08:49:44 | ||
505 | [dh.c ssh-keyscan.c sshconnect.c] | ||
506 | more checks for NULL pointers; from grendel@zeitbombe.org; ok deraadt@ | ||
507 | - deraadt@cvs.openbsd.org 2002/06/27 09:08:00 | ||
508 | [monitor.c] | ||
509 | improve mm_zalloc check; markus ok | ||
510 | - deraadt@cvs.openbsd.org 2002/06/27 10:35:47 | ||
511 | [auth2-none.c monitor.c sftp-client.c] | ||
512 | use xfree() | ||
513 | - stevesk@cvs.openbsd.org 2002/06/27 19:49:08 | ||
514 | [ssh-keyscan.c] | ||
515 | use convtime(); ok markus@ | ||
516 | - millert@cvs.openbsd.org 2002/06/28 01:49:31 | ||
517 | [monitor_mm.c] | ||
518 | tree(3) wants an int return value for its compare functions and | ||
519 | the difference between two pointers is not an int. Just do the | ||
520 | safest thing and store the result in a long and then return 0, | ||
521 | -1, or 1 based on that result. | ||
522 | - deraadt@cvs.openbsd.org 2002/06/28 01:50:37 | ||
523 | [monitor_wrap.c] | ||
524 | use ssize_t | ||
525 | - deraadt@cvs.openbsd.org 2002/06/28 10:08:25 | ||
526 | [sshd.c] | ||
527 | range check -u option at invocation | ||
528 | - deraadt@cvs.openbsd.org 2002/06/28 23:05:06 | ||
529 | [sshd.c] | ||
530 | gidset[2] -> gidset[1]; markus ok | ||
531 | - deraadt@cvs.openbsd.org 2002/06/30 21:54:16 | ||
532 | [auth2.c session.c sshd.c] | ||
533 | lint asks that we use names that do not overlap | ||
534 | - deraadt@cvs.openbsd.org 2002/06/30 21:59:45 | ||
535 | [auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c | ||
536 | monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c | ||
537 | sshconnect2.c sshd.c] | ||
538 | minor KNF | ||
539 | - deraadt@cvs.openbsd.org 2002/07/01 16:15:25 | ||
540 | [msg.c] | ||
541 | %u | ||
542 | - markus@cvs.openbsd.org 2002/07/01 19:48:46 | ||
543 | [sshconnect2.c] | ||
544 | for compression=yes, we fallback to no-compression if the server does | ||
545 | not support compression, vice versa for compression=no. ok mouring@ | ||
546 | - markus@cvs.openbsd.org 2002/07/03 09:55:38 | ||
547 | [ssh-keysign.c] | ||
548 | use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) | ||
549 | in order to avoid a possible Kocher timing attack pointed out by Charles | ||
550 | Hannum; ok provos@ | ||
551 | - markus@cvs.openbsd.org 2002/07/03 14:21:05 | ||
552 | [ssh-keysign.8 ssh-keysign.c ssh.c ssh_config] | ||
553 | re-enable ssh-keysign's sbit, but make ssh-keysign read | ||
554 | /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled | ||
555 | globally. based on discussions with deraadt, itojun and sommerfeld; | ||
556 | ok itojun@ | ||
557 | - (bal) Failed password attempts don't increment counter on AIX. Bug #145 | ||
558 | - (bal) Missed Makefile.in change. keysign needs readconf.o | ||
559 | - (bal) Clean up aix_usrinfo(). Ignore TTY= period I guess. | ||
560 | |||
561 | 20020702 | ||
562 | - (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc & | ||
563 | friends consistently. Spotted by Solar Designer <solar@openwall.com> | ||
564 | |||
565 | 20020629 | ||
566 | - (bal) fix to auth2-pam.c to swap fatal() arguments, A bit of style | ||
567 | clean up while I'm near it. | ||
568 | |||
569 | 20020628 | ||
570 | - (stevesk) [sshd_config] PAMAuthenticationViaKbdInt no; commented | ||
571 | options should contain default value. from solar. | ||
572 | - (bal) Cygwin uid0 fix by vinschen@redhat.com | ||
573 | - (bal) s/config.h/includes.h/ in openbsd-compat/ for *.c. Otherwise wise | ||
574 | have issues of our fixes not propogating right (ie bcopy instead of | ||
575 | memmove). OK tim | ||
576 | - (bal) FreeBSD needs <sys/types.h> to detect if mmap() is supported. | ||
577 | Bug #303 | ||
578 | |||
579 | 20020627 | ||
580 | - OpenBSD CVS Sync | ||
581 | - deraadt@cvs.openbsd.org 2002/06/26 14:49:36 | ||
582 | [monitor.c] | ||
583 | correct %u | ||
584 | - deraadt@cvs.openbsd.org 2002/06/26 14:50:04 | ||
585 | [monitor_fdpass.c] | ||
586 | use ssize_t for recvmsg() and sendmsg() return | ||
587 | - markus@cvs.openbsd.org 2002/06/26 14:51:33 | ||
588 | [ssh-add.c] | ||
589 | fix exit code for -X/-x | ||
590 | - deraadt@cvs.openbsd.org 2002/06/26 15:00:32 | ||
591 | [monitor_wrap.c] | ||
592 | more %u | ||
593 | - markus@cvs.openbsd.org 2002/06/26 22:27:32 | ||
594 | [ssh-keysign.c] | ||
595 | bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu | ||
596 | |||
1 | 20020626 | 597 | 20020626 |
2 | - (stevesk) [monitor.c] remove duplicate proto15 dispatch entry for PAM | 598 | - (stevesk) [monitor.c] remove duplicate proto15 dispatch entry for PAM |
3 | - (bal) OpenBSD CVS Sync | 599 | - (bal) OpenBSD CVS Sync |
@@ -68,6 +664,8 @@ | |||
68 | - (djm) Update spec files for release | 664 | - (djm) Update spec files for release |
69 | - (djm) Fix int overflow in auth2-pam.c, similar to one discovered by ISS | 665 | - (djm) Fix int overflow in auth2-pam.c, similar to one discovered by ISS |
70 | - (djm) Release 3.4p1 | 666 | - (djm) Release 3.4p1 |
667 | - (tim) [contrib/caldera/openssh.spec] remove 2 configure options I put in | ||
668 | by mistake | ||
71 | 669 | ||
72 | 20020625 | 670 | 20020625 |
73 | - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh | 671 | - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh |
@@ -159,1012 +757,4 @@ | |||
159 | save auth method before monitor_reset_key_state(); bugzilla bug #284; | 757 | save auth method before monitor_reset_key_state(); bugzilla bug #284; |
160 | ok provos@ | 758 | ok provos@ |
161 | 759 | ||
162 | 20020622 | 760 | $Id: ChangeLog,v 1.2491.2.1 2002/10/03 05:45:53 djm Exp $ |
163 | - (djm) Update README.privsep; spotted by fries@ | ||
164 | - (djm) Release 3.3p1 | ||
165 | - (bal) getopt now can be staticly compiled on those platforms missing | ||
166 | optreset. Patch by binder@arago.de | ||
167 | |||
168 | 20020621 | ||
169 | - (djm) Sync: | ||
170 | - djm@cvs.openbsd.org 2002/06/21 05:50:51 | ||
171 | [monitor.c] | ||
172 | Don't initialise compression buffers when compression=no in sshd_config; | ||
173 | ok Niels@ | ||
174 | - ID sync for auth-passwd.c | ||
175 | - (djm) Warn and disable compression on platforms which can't handle both | ||
176 | useprivilegeseparation=yes and compression=yes | ||
177 | - (djm) contrib/redhat/openssh.spec hacking: | ||
178 | - Merge in spec changes from seba@iq.pl (Sebastian Pachuta) | ||
179 | - Add new {ssh,sshd}_config.5 manpages | ||
180 | - Add new ssh-keysign program and remove setuid from ssh client | ||
181 | |||
182 | 20020620 | ||
183 | - (bal) Fixed AIX environment handling, use setpcred() instead of existing | ||
184 | code. (Bugzilla Bug 261) | ||
185 | - (bal) OpenBSD CVS Sync | ||
186 | - todd@cvs.openbsd.org 2002/06/14 21:35:00 | ||
187 | [monitor_wrap.c] | ||
188 | spelling; from Brian Poole <raj@cerias.purdue.edu> | ||
189 | - markus@cvs.openbsd.org 2002/06/15 00:01:36 | ||
190 | [authfd.c authfd.h ssh-add.c ssh-agent.c] | ||
191 | break agent key lifetime protocol and allow other contraints for key | ||
192 | usage. | ||
193 | - markus@cvs.openbsd.org 2002/06/15 00:07:38 | ||
194 | [authfd.c authfd.h ssh-add.c ssh-agent.c] | ||
195 | fix stupid typo | ||
196 | - markus@cvs.openbsd.org 2002/06/15 01:27:48 | ||
197 | [authfd.c authfd.h ssh-add.c ssh-agent.c] | ||
198 | remove the CONSTRAIN_IDENTITY messages and introduce a new | ||
199 | ADD_ID message with contraints instead. contraints can be | ||
200 | only added together with the private key. | ||
201 | - itojun@cvs.openbsd.org 2002/06/16 21:30:58 | ||
202 | [ssh-keyscan.c] | ||
203 | use TAILQ_xx macro. from lukem@netbsd. markus ok | ||
204 | - deraadt@cvs.openbsd.org 2002/06/17 06:05:56 | ||
205 | [scp.c] | ||
206 | make usage like man page | ||
207 | - deraadt@cvs.openbsd.org 2002/06/19 00:27:55 | ||
208 | [auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c | ||
209 | authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1 | ||
210 | ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c | ||
211 | ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c | ||
212 | xmalloc.h] | ||
213 | KNF done automatically while reading.... | ||
214 | - markus@cvs.openbsd.org 2002/06/19 18:01:00 | ||
215 | [cipher.c monitor.c monitor_wrap.c packet.c packet.h] | ||
216 | make the monitor sync the transfer ssh1 session key; | ||
217 | transfer keycontext only for RC4 (this is still depends on EVP | ||
218 | implementation details and is broken). | ||
219 | - stevesk@cvs.openbsd.org 2002/06/20 19:56:07 | ||
220 | [ssh.1 sshd.8] | ||
221 | move configuration file options from ssh.1/sshd.8 to | ||
222 | ssh_config.5/sshd_config.5; ok deraadt@ millert@ | ||
223 | - stevesk@cvs.openbsd.org 2002/06/20 20:00:05 | ||
224 | [scp.1 sftp.1] | ||
225 | ssh_config(5) | ||
226 | - stevesk@cvs.openbsd.org 2002/06/20 20:03:34 | ||
227 | [ssh_config sshd_config] | ||
228 | refer to config file man page | ||
229 | - markus@cvs.openbsd.org 2002/06/20 23:05:56 | ||
230 | [servconf.c servconf.h session.c sshd.c] | ||
231 | allow Compression=yes/no in sshd_config | ||
232 | - markus@cvs.openbsd.org 2002/06/20 23:37:12 | ||
233 | [sshd_config] | ||
234 | add Compression | ||
235 | - stevesk@cvs.openbsd.org 2002/05/25 20:40:08 | ||
236 | [LICENCE] | ||
237 | missed Per Allansson (auth2-chall.c) | ||
238 | - (bal) Cygwin special handling of empty passwords wrong. Patch by | ||
239 | vinschen@redhat.com | ||
240 | - (bal) Missed integrating ssh_config.5 and sshd_config.5 | ||
241 | - (bal) Still more Makefile.in updates for ssh{d}_config.5 | ||
242 | |||
243 | 20020613 | ||
244 | - (bal) typo of setgroup for cygwin. Patch by vinschen@redhat.com | ||
245 | |||
246 | 20020612 | ||
247 | - (bal) OpenBSD CVS Sync | ||
248 | - markus@cvs.openbsd.org 2002/06/11 23:03:54 | ||
249 | [ssh.c] | ||
250 | remove unused cruft. | ||
251 | - markus@cvs.openbsd.org 2002/06/12 01:09:52 | ||
252 | [ssh.c] | ||
253 | ssh_connect returns 0 on success | ||
254 | - (bal) Build noop setgroups() for cygwin to clean up code (For other | ||
255 | platforms without the setgroups() requirement, you MUST define | ||
256 | SETGROUPS_NOOP in the configure.ac) Based on patch by vinschen@redhat.com | ||
257 | - (bal) Some platforms don't have ONLCR (Notable Mint) | ||
258 | |||
259 | 20020611 | ||
260 | - (bal) ssh-agent.c RCSD fix (|unexpand already done) | ||
261 | - (bal) OpenBSD CVS Sync | ||
262 | - stevesk@cvs.openbsd.org 2002/06/09 22:15:15 | ||
263 | [ssh.1] | ||
264 | update for no setuid root and ssh-keysign; ok deraadt@ | ||
265 | - itojun@cvs.openbsd.org 2002/06/09 22:17:21 | ||
266 | [sshconnect.c] | ||
267 | pass salen to sockaddr_ntop so that we are happy on linux/solaris | ||
268 | - stevesk@cvs.openbsd.org 2002/06/10 16:53:06 | ||
269 | [auth-rsa.c ssh-rsa.c] | ||
270 | display minimum RSA modulus in error(); ok markus@ | ||
271 | - stevesk@cvs.openbsd.org 2002/06/10 16:56:30 | ||
272 | [ssh-keysign.8] | ||
273 | merge in stuff from my man page; ok markus@ | ||
274 | - stevesk@cvs.openbsd.org 2002/06/10 17:36:23 | ||
275 | [ssh-add.1 ssh-add.c] | ||
276 | use convtime() to parse and validate key lifetime. can now | ||
277 | use '-t 2h' etc. ok markus@ provos@ | ||
278 | - stevesk@cvs.openbsd.org 2002/06/10 17:45:20 | ||
279 | [readconf.c ssh.1] | ||
280 | change RhostsRSAAuthentication and RhostsAuthentication default to no | ||
281 | since ssh is no longer setuid root by default; ok markus@ | ||
282 | - stevesk@cvs.openbsd.org 2002/06/10 21:21:10 | ||
283 | [ssh_config] | ||
284 | update defaults for RhostsRSAAuthentication and RhostsAuthentication | ||
285 | here too (all options commented out with default value). | ||
286 | - markus@cvs.openbsd.org 2002/06/10 22:28:41 | ||
287 | [channels.c channels.h session.c] | ||
288 | move creation of agent socket to session.c; no need for uidswapping | ||
289 | in channel.c. | ||
290 | - markus@cvs.openbsd.org 2002/06/11 04:14:26 | ||
291 | [ssh.c sshconnect.c sshconnect.h] | ||
292 | no longer use uidswap.[ch] from the ssh client | ||
293 | run less code with euid==0 if ssh is installed setuid root | ||
294 | just switch the euid, don't switch the complete set of groups | ||
295 | (this is only needed by sshd). ok provos@ | ||
296 | - mpech@cvs.openbsd.org 2002/06/11 05:46:20 | ||
297 | [auth-krb4.c monitor.h serverloop.c session.c ssh-agent.c sshd.c] | ||
298 | pid_t cleanup. Markus need this now to keep hacking. | ||
299 | markus@, millert@ ok | ||
300 | - itojun@cvs.openbsd.org 2002/06/11 08:11:45 | ||
301 | [canohost.c] | ||
302 | use "ntop" only after initialized | ||
303 | - (bal) Cygwin fix up from swap uid clean up in ssh.c patch by | ||
304 | vinschen@redhat.com | ||
305 | |||
306 | 20020609 | ||
307 | - (bal) OpenBSD CVS Sync | ||
308 | - markus@cvs.openbsd.org 2002/06/08 05:07:56 | ||
309 | [ssh.c] | ||
310 | nuke ptrace comment | ||
311 | - markus@cvs.openbsd.org 2002/06/08 05:07:09 | ||
312 | [ssh-keysign.c] | ||
313 | only accept 20 byte session ids | ||
314 | - markus@cvs.openbsd.org 2002/06/08 05:17:01 | ||
315 | [readconf.c readconf.h ssh.1 ssh.c] | ||
316 | deprecate FallBackToRsh and UseRsh; patch from djm@ | ||
317 | - markus@cvs.openbsd.org 2002/06/08 05:40:01 | ||
318 | [readconf.c] | ||
319 | just warn about Deprecated options for now | ||
320 | - markus@cvs.openbsd.org 2002/06/08 05:41:18 | ||
321 | [ssh_config] | ||
322 | remove FallBackToRsh/UseRsh | ||
323 | - markus@cvs.openbsd.org 2002/06/08 12:36:53 | ||
324 | [scp.c] | ||
325 | remove FallBackToRsh | ||
326 | - markus@cvs.openbsd.org 2002/06/08 12:46:14 | ||
327 | [readconf.c] | ||
328 | silently ignore deprecated options, since FallBackToRsh might be passed | ||
329 | by remote scp commands. | ||
330 | - itojun@cvs.openbsd.org 2002/06/08 21:15:27 | ||
331 | [sshconnect.c] | ||
332 | always use getnameinfo. (diag message only) | ||
333 | - markus@cvs.openbsd.org 2002/06/09 04:33:27 | ||
334 | [sshconnect.c] | ||
335 | abort() - > fatal() | ||
336 | - (bal) RCSID tag updates on channels.c, clientloop.c, nchan.c, | ||
337 | sftp-client.c, ssh-agenet.c, ssh-keygen.c and connect.h (we did unexpand | ||
338 | independant of them) | ||
339 | |||
340 | 20020607 | ||
341 | - (bal) Removed --{enable/disable}-suid-ssh | ||
342 | - (bal) Missed __progname in ssh-keysign.c patch by dtucker@zip.com.au | ||
343 | - (bal) use 'LOGIN_PROGRAM' not '/usr/bin/login' in session.c patch by | ||
344 | Bertrand.Velle@apogee-com.fr | ||
345 | |||
346 | 20020606 | ||
347 | - (bal) OpenBSD CVS Sync | ||
348 | - markus@cvs.openbsd.org 2002/05/15 21:56:38 | ||
349 | [servconf.c sshd.8 sshd_config] | ||
350 | re-enable privsep and disable setuid for post-3.2.2 | ||
351 | - markus@cvs.openbsd.org 2002/05/16 22:02:50 | ||
352 | [cipher.c kex.h mac.c] | ||
353 | fix warnings (openssl 0.9.7 requires const) | ||
354 | - stevesk@cvs.openbsd.org 2002/05/16 22:09:59 | ||
355 | [session.c ssh.c] | ||
356 | don't limit xauth pathlen on client side and longer print length on | ||
357 | server when debug; ok markus@ | ||
358 | - deraadt@cvs.openbsd.org 2002/05/19 20:54:52 | ||
359 | [log.h] | ||
360 | extra commas in enum not 100% portable | ||
361 | - deraadt@cvs.openbsd.org 2002/05/22 23:18:25 | ||
362 | [ssh.c sshd.c] | ||
363 | spelling; abishoff@arc.nasa.gov | ||
364 | - markus@cvs.openbsd.org 2002/05/23 19:24:30 | ||
365 | [authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h | ||
366 | sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in] | ||
367 | add /usr/libexec/ssh-keysign: a setuid helper program for hostbased | ||
368 | authentication in protocol v2 (needs to access the hostkeys). | ||
369 | - markus@cvs.openbsd.org 2002/05/23 19:39:34 | ||
370 | [ssh.c] | ||
371 | add comment about ssh-keysign | ||
372 | - markus@cvs.openbsd.org 2002/05/24 08:45:14 | ||
373 | [sshconnect2.c] | ||
374 | stat ssh-keysign first, print error if stat fails; | ||
375 | some debug->error; fix comment | ||
376 | - markus@cvs.openbsd.org 2002/05/25 08:50:39 | ||
377 | [sshconnect2.c] | ||
378 | execlp->execl; from stevesk | ||
379 | - markus@cvs.openbsd.org 2002/05/25 18:51:07 | ||
380 | [auth.h auth2.c auth2-hostbased.c auth2-kbdint.c auth2-none.c | ||
381 | auth2-passwd.c auth2-pubkey.c Makefile.in] | ||
382 | split auth2.c into one file per method; ok provos@/deraadt@ | ||
383 | - stevesk@cvs.openbsd.org 2002/05/26 20:35:10 | ||
384 | [ssh.1] | ||
385 | sort ChallengeResponseAuthentication; ok markus@ | ||
386 | - stevesk@cvs.openbsd.org 2002/05/28 16:45:27 | ||
387 | [monitor_mm.c] | ||
388 | print strerror(errno) on mmap/munmap error; ok markus@ | ||
389 | - stevesk@cvs.openbsd.org 2002/05/28 17:28:02 | ||
390 | [uidswap.c] | ||
391 | format spec change/casts and some KNF; ok markus@ | ||
392 | - stevesk@cvs.openbsd.org 2002/05/28 21:24:00 | ||
393 | [uidswap.c] | ||
394 | use correct function name in fatal() | ||
395 | - stevesk@cvs.openbsd.org 2002/05/29 03:06:30 | ||
396 | [ssh.1 sshd.8] | ||
397 | spelling | ||
398 | - markus@cvs.openbsd.org 2002/05/29 11:21:57 | ||
399 | [sshd.c] | ||
400 | don't start if privsep is enabled and SSH_PRIVSEP_USER or | ||
401 | _PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@ | ||
402 | - markus@cvs.openbsd.org 2002/05/30 08:07:31 | ||
403 | [cipher.c] | ||
404 | use rijndael/aes from libcrypto (openssl >= 0.9.7) instead of | ||
405 | our own implementation. allow use of AES hardware via libcrypto, | ||
406 | ok deraadt@ | ||
407 | - markus@cvs.openbsd.org 2002/05/31 10:30:33 | ||
408 | [sshconnect2.c] | ||
409 | extent ssh-keysign protocol: | ||
410 | pass # of socket-fd to ssh-keysign, keysign verfies locally used | ||
411 | ip-address using this socket-fd, restricts fake local hostnames | ||
412 | to actual local hostnames; ok stevesk@ | ||
413 | - markus@cvs.openbsd.org 2002/05/31 11:35:15 | ||
414 | [auth.h auth2.c] | ||
415 | move Authmethod definitons to per-method file. | ||
416 | - markus@cvs.openbsd.org 2002/05/31 13:16:48 | ||
417 | [key.c] | ||
418 | add comment: | ||
419 | key_verify returns 1 for a correct signature, 0 for an incorrect signature | ||
420 | and -1 on error. | ||
421 | - markus@cvs.openbsd.org 2002/05/31 13:20:50 | ||
422 | [ssh-rsa.c] | ||
423 | pad received signature with leading zeros, because RSA_verify expects | ||
424 | a signature of RSA_size. the drafts says the signature is transmitted | ||
425 | unpadded (e.g. putty does not pad), reported by anakin@pobox.com | ||
426 | - deraadt@cvs.openbsd.org 2002/06/03 12:04:07 | ||
427 | [ssh.h] | ||
428 | compatiblity -> compatibility | ||
429 | decriptor -> descriptor | ||
430 | authentciated -> authenticated | ||
431 | transmition -> transmission | ||
432 | - markus@cvs.openbsd.org 2002/06/04 19:42:35 | ||
433 | [monitor.c] | ||
434 | only allow enabled authentication methods; ok provos@ | ||
435 | - markus@cvs.openbsd.org 2002/06/04 19:53:40 | ||
436 | [monitor.c] | ||
437 | save the session id (hash) for ssh2 (it will be passed with the | ||
438 | initial sign request) and verify that this value is used during | ||
439 | authentication; ok provos@ | ||
440 | - markus@cvs.openbsd.org 2002/06/04 23:02:06 | ||
441 | [packet.c] | ||
442 | remove __FUNCTION__ | ||
443 | - markus@cvs.openbsd.org 2002/06/04 23:05:49 | ||
444 | [cipher.c monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c] | ||
445 | __FUNCTION__ -> __func__ | ||
446 | - markus@cvs.openbsd.org 2002/06/05 16:08:07 | ||
447 | [ssh-agent.1 ssh-agent.c] | ||
448 | '-a bind_address' binds the agent to user-specified unix-domain | ||
449 | socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago). | ||
450 | - markus@cvs.openbsd.org 2002/06/05 16:08:07 | ||
451 | [ssh-agent.1 ssh-agent.c] | ||
452 | '-a bind_address' binds the agent to user-specified unix-domain | ||
453 | socket instead of /tmp/ssh-XXXXXXXX/agent.<pid>; ok djm@ (some time ago). | ||
454 | - markus@cvs.openbsd.org 2002/06/05 16:48:54 | ||
455 | [ssh-agent.c] | ||
456 | copy current request into an extra buffer and just flush this | ||
457 | request on errors, ok provos@ | ||
458 | - markus@cvs.openbsd.org 2002/06/05 19:57:12 | ||
459 | [authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c] | ||
460 | ssh-add -x for lock and -X for unlocking the agent. | ||
461 | todo: encrypt private keys with locked... | ||
462 | - markus@cvs.openbsd.org 2002/06/05 20:56:39 | ||
463 | [ssh-add.c] | ||
464 | add -x/-X to usage | ||
465 | - markus@cvs.openbsd.org 2002/06/05 21:55:44 | ||
466 | [authfd.c authfd.h ssh-add.1 ssh-add.c ssh-agent.c] | ||
467 | ssh-add -t life, Set lifetime (in seconds) when adding identities; | ||
468 | ok provos@ | ||
469 | - stevesk@cvs.openbsd.org 2002/06/06 01:09:41 | ||
470 | [monitor.h] | ||
471 | no trailing comma in enum; china@thewrittenword.com | ||
472 | - markus@cvs.openbsd.org 2002/06/06 17:12:44 | ||
473 | [sftp-server.c] | ||
474 | discard remaining bytes of current request; ok provos@ | ||
475 | - markus@cvs.openbsd.org 2002/06/06 17:30:11 | ||
476 | [sftp-server.c] | ||
477 | use get_int() macro (hide iqueue) | ||
478 | - (bal) Missed msg.[ch] in merge. Required for ssh-keysign. | ||
479 | - (bal) Forgot to add msg.c Makefile.in. | ||
480 | - (bal) monitor_mm.c typos. | ||
481 | - (bal) Refixed auth2.c. It was never fully commited while spliting out | ||
482 | authentication to different files. | ||
483 | - (bal) ssh-keysign should build and install correctly now. Phase two | ||
484 | would be to clean out any dead wood and disable ssh setuid on install. | ||
485 | - (bal) Reverse logic, use __func__ first since it's C99 | ||
486 | |||
487 | 20020604 | ||
488 | - (stevesk) [channels.c] bug #164 patch from YOSHIFUJI Hideaki (changed | ||
489 | setsockopt from debug to error for now). | ||
490 | |||
491 | 20020527 | ||
492 | - (tim) [configure.ac.orig monitor_fdpass.c] Enahnce msghdr tests to address | ||
493 | build problem on Irix reported by Dave Love <d.love@dl.ac.uk>. Back out | ||
494 | last monitor_fdpass.c changes that are no longer needed with new tests. | ||
495 | Patch tested on Irix by Jan-Frode Myklebust <janfrode@parallab.uib.no> | ||
496 | |||
497 | 20020522 | ||
498 | - (djm) Fix spelling mistakes, spotted by Solar Designer i | ||
499 | <solar@openwall.com> | ||
500 | - Sync scard/ (not sure when it drifted) | ||
501 | - (djm) OpenBSD CVS Sync: | ||
502 | [auth.c] | ||
503 | Fix typo/thinko. Pass in as to auth_approval(), not NULL. | ||
504 | Closes PR 2659. | ||
505 | - Crank version | ||
506 | - Crank RPM spec versions | ||
507 | |||
508 | 20020521 | ||
509 | - (stevesk) [sshd.c] bug 245; disable setsid() for now | ||
510 | - (stevesk) [sshd.c] #ifndef HAVE_CYGWIN for setgroups() | ||
511 | |||
512 | 20020517 | ||
513 | - (tim) [configure.ac] remove extra MD5_MSG="no" line. | ||
514 | |||
515 | 20020515 | ||
516 | - (bal) CVS ID fix up on auth-passwd.c | ||
517 | - (bal) OpenBSD CVS Sync | ||
518 | - deraadt@cvs.openbsd.org 2002/05/07 19:54:36 | ||
519 | [ssh.h] | ||
520 | use ssh uid | ||
521 | - deraadt@cvs.openbsd.org 2002/05/08 21:06:34 | ||
522 | [ssh.h] | ||
523 | move to sshd.sshd instead | ||
524 | - stevesk@cvs.openbsd.org 2002/05/11 20:24:48 | ||
525 | [ssh.h] | ||
526 | typo in comment | ||
527 | - itojun@cvs.openbsd.org 2002/05/13 02:37:39 | ||
528 | [auth-skey.c auth2.c] | ||
529 | less warnings. skey_{respond,query} are public (in auth.h) | ||
530 | - markus@cvs.openbsd.org 2002/05/13 20:44:58 | ||
531 | [auth-options.c auth.c auth.h] | ||
532 | move the packet_send_debug handling from auth-options.c to auth.c; | ||
533 | ok provos@ | ||
534 | - millert@cvs.openbsd.org 2002/05/13 15:53:19 | ||
535 | [sshd.c] | ||
536 | Call setsid() in the child after sshd accepts the connection and forks. | ||
537 | This is needed for privsep which calls setlogin() when it changes uids. | ||
538 | Without this, there is a race where the login name of an existing | ||
539 | connection, as returned by getlogin(), may be changed to the privsep | ||
540 | user (sshd). markus@ OK | ||
541 | - markus@cvs.openbsd.org 2002/05/13 21:26:49 | ||
542 | [auth-rhosts.c] | ||
543 | handle debug messages during rhosts-rsa and hostbased authentication; | ||
544 | ok provos@ | ||
545 | - mouring@cvs.openbsd.org 2002/05/15 15:47:49 | ||
546 | [kex.c monitor.c monitor_wrap.c sshd.c] | ||
547 | 'monitor' variable clashes with at least one lame platform (NeXT). i | ||
548 | Renamed to 'pmonitor'. provos@ | ||
549 | - deraadt@cvs.openbsd.org 2002/05/04 02:39:35 | ||
550 | [servconf.c sshd.8 sshd_config] | ||
551 | enable privsep by default; provos ok | ||
552 | - millert@cvs.openbsd.org 2002/05/06 23:34:33 | ||
553 | [ssh.1 sshd.8] | ||
554 | Kill/adjust r(login|exec)d? references now that those are no longer in | ||
555 | the tree. | ||
556 | - markus@cvs.openbsd.org 2002/05/15 21:02:53 | ||
557 | [servconf.c sshd.8 sshd_config] | ||
558 | disable privsep and enable setuid for the 3.2.2 release | ||
559 | - (bal) Fixed up PAM case. I think. | ||
560 | - (bal) Clarified openbsd-compat/*-cray.* Licence provided by Wendy | ||
561 | - (bal) OpenBSD CVS Sync | ||
562 | - markus@cvs.openbsd.org 2002/05/15 21:05:29 | ||
563 | [version.h] | ||
564 | enter OpenSSH_3.2.2 | ||
565 | - (bal) Caldara, Suse, and Redhat openssh.specs updated. | ||
566 | |||
567 | 20020514 | ||
568 | - (stevesk) [README.privsep] PAM+privsep works with Solaris 8. | ||
569 | - (tim) [sshpty.c] set tty modes when allocating old style bsd ptys to | ||
570 | match what newer style ptys have when allocated. Based on a patch by | ||
571 | Roger Cornelius <rac@tenzing.org> | ||
572 | - (tim) [README.privsep] UnixWare 7 and OpenUNIX 8 work. | ||
573 | - (tim) [README.privsep] remove reference to UnixWare 7 and OpenUNIX 8 | ||
574 | from PAM-enabled pragraph. UnixWare has no PAM. | ||
575 | - (tim) [contrib/caldera/openssh.spec] update version. | ||
576 | |||
577 | 20020513 | ||
578 | - (stevesk) add initial README.privsep | ||
579 | - (stevesk) [configure.ac] nicer message: --with-privsep-user=user | ||
580 | - (djm) Add --with-superuser-path=xxx configure option to specify | ||
581 | what $PATH the superuser receives. | ||
582 | - (djm) Bug #231: UsePrivilegeSeparation turns off Banner. | ||
583 | - (djm) Add --with-privsep-path configure option | ||
584 | - (djm) Update RPM spec file: different superuser path, use | ||
585 | /var/empty/sshd for privsep | ||
586 | - (djm) Bug #234: missing readpassphrase declaration and defines | ||
587 | - (djm) Add INSTALL warning about SSH protocol 1 blowfish w/ | ||
588 | OpenSSL < 0.9.6 | ||
589 | |||
590 | 20020511 | ||
591 | - (tim) [configure.ac] applied a rework of djm's OpenSSL search cleanup patch. | ||
592 | Now only searches system and /usr/local/ssl (OpenSSL's default install path) | ||
593 | Others must use --with-ssl-dir=.... | ||
594 | - (tim) [monitor_fdpass.c] fix for systems that have both | ||
595 | HAVE_ACCRIGHTS_IN_MSGHDR and HAVE_CONTROL_IN_MSGHDR. Ie. sys/socket.h | ||
596 | has #define msg_accrights msg_control | ||
597 | |||
598 | 20020510 | ||
599 | - (stevesk) [auth.c] Shadow account and expiration cleanup. Now | ||
600 | check for root forced expire. Still don't check for inactive. | ||
601 | - (djm) Rework RedHat RPM files. Based on spec from Nalin | ||
602 | Dahyabhai <nalin@redhat.com> and patches from | ||
603 | Pekka Savola <pekkas@netcore.fi> | ||
604 | - (djm) Try to drop supplemental groups at daemon startup. Patch from | ||
605 | RedHat | ||
606 | - (bal) Back all the way out of auth-passwd.c changes. Breaks too many | ||
607 | things that don't set pw->pw_passwd. | ||
608 | |||
609 | 20020509 | ||
610 | - (tim) [Makefile.in] Unbreak make -f Makefile.in distprep | ||
611 | |||
612 | 20020508 | ||
613 | - (tim) [openbsd-compat/bsd-arc4random.c] fix logic on when seed_rng() is | ||
614 | called. Report by Chris Maxwell <maxwell@cs.dal.ca> | ||
615 | - (tim) [Makefile.in configure.ac] set SHELL variable in Makefile | ||
616 | - (djm) Disable PAM kbd-int auth if privsep is turned on (it doesn't work) | ||
617 | |||
618 | 20020507 | ||
619 | - (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] | ||
620 | Add truncate() emulation to address Bug 208 | ||
621 | |||
622 | 20020506 | ||
623 | - (djm) Unbreak auth-passwd.c for PAM and SIA | ||
624 | - (djm) Unbreak PAM auth for protocol 1. Report from Pekka Savola | ||
625 | <pekkas@netcore.fi> | ||
626 | - (djm) Don't reinitialise PAM credentials before we have started PAM. | ||
627 | Report from Pekka Savola <pekkas@netcore.fi> | ||
628 | |||
629 | 20020506 | ||
630 | - (bal) Fixed auth-passwd.c to resolve PermitEmptyPassword issue | ||
631 | |||
632 | 20020501 | ||
633 | - (djm) Import OpenBSD regression tests. Requires BSD make to run | ||
634 | - (djm) Fix readpassphase compilation for systems which have it | ||
635 | |||
636 | 20020429 | ||
637 | - (tim) [contrib/caldera/openssh.spec] update fixUP to reflect changes in | ||
638 | sshd_config. | ||
639 | - (tim) [contrib/cygwin/README] remove reference to regex. | ||
640 | patch from Corinna Vinschen <vinschen@redhat.com> | ||
641 | |||
642 | 20020426 | ||
643 | - (djm) Bug #137, #209: fix make problems for scard/Ssh.bin, do uudecode | ||
644 | during distprep only | ||
645 | - (djm) Disable PAM password expiry until a complete fix for bug #188 | ||
646 | exists | ||
647 | - (djm) Bug #180: Set ToS bits on IPv4-in-IPv6 mapped addresses. Based on | ||
648 | patch from openssh@misc.tecq.org | ||
649 | |||
650 | 20020425 | ||
651 | - (stevesk) [defines.h] remove USE_TIMEVAL; unused | ||
652 | - (stevesk) [acconfig.h auth-passwd.c configure.ac sshd.c] HP-UX 10.26 | ||
653 | support. bug #184. most from dcole@keysoftsys.com. | ||
654 | |||
655 | 20020424 | ||
656 | - (djm) OpenBSD CVS Sync | ||
657 | - markus@cvs.openbsd.org 2002/04/23 12:54:10 | ||
658 | [version.h] | ||
659 | 3.2.1 | ||
660 | - djm@cvs.openbsd.org 2002/04/23 22:16:29 | ||
661 | [sshd.c] | ||
662 | Improve error message; ok markus@ stevesk@ | ||
663 | |||
664 | 20020423 | ||
665 | - (stevesk) [acconfig.h configure.ac session.c] LOGIN_NO_ENDOPT for HP-UX | ||
666 | - (stevesk) [acconfig.h] NEED_IN_SYSTM_H unused | ||
667 | - (markus) OpenBSD CVS Sync | ||
668 | - markus@cvs.openbsd.org 2002/04/23 12:58:26 | ||
669 | [radix.c] | ||
670 | send complete ticket; semerad@ss1000.ms.mff.cuni.cz | ||
671 | - (djm) Trim ChangeLog to include only post-3.1 changes | ||
672 | - (djm) Update RPM spec file versions | ||
673 | - (djm) Redhat spec enables KrbV by default | ||
674 | - (djm) Applied OpenSC smartcard updates from Markus & | ||
675 | Antti Tapaninen <aet@cc.hut.fi> | ||
676 | - (djm) Define BROKEN_REALPATH for AIX, patch from | ||
677 | Antti Tapaninen <aet@cc.hut.fi> | ||
678 | - (djm) Bug #214: Fix utmp for Irix (don't strip "tty"). Patch from | ||
679 | Kevin Taylor <no@nowhere.org> (??) via Philipp Grau | ||
680 | <phgrau@zedat.fu-berlin.de> | ||
681 | - (djm) Bug #213: Simplify CMSG_ALIGN macros to avoid symbol clashes. | ||
682 | Reported by Doug Manton <dmanton@emea.att.com> | ||
683 | - (djm) Bug #222: Fix tests for getaddrinfo on OSF/1. Spotted by | ||
684 | Robert Urban <urban@spielwiese.de> | ||
685 | - (djm) Bug #206 - blibpath isn't always needed for AIX ld, avoid | ||
686 | sizeof(long long int) == 4 breakage. Patch from Matthew Clarke | ||
687 | <Matthew_Clarke@mindlink.bc.ca> | ||
688 | - (djm) Make privsep work with PAM (still experimental) | ||
689 | - (djm) OpenBSD CVS Sync | ||
690 | - deraadt@cvs.openbsd.org 2002/04/20 09:02:03 | ||
691 | [servconf.c] | ||
692 | No, afs requires explicit enabling | ||
693 | - markus@cvs.openbsd.org 2002/04/20 09:14:58 | ||
694 | [bufaux.c bufaux.h] | ||
695 | add buffer_{get,put}_short | ||
696 | - markus@cvs.openbsd.org 2002/04/20 09:17:19 | ||
697 | [radix.c] | ||
698 | rewrite using the buffer_* API, fixes overflow; ok deraadt@ | ||
699 | - stevesk@cvs.openbsd.org 2002/04/21 16:19:27 | ||
700 | [sshd.8 sshd_config] | ||
701 | document default AFSTokenPassing no; ok deraadt@ | ||
702 | - stevesk@cvs.openbsd.org 2002/04/21 16:25:06 | ||
703 | [sshconnect1.c] | ||
704 | spelling in error message; ok markus@ | ||
705 | - markus@cvs.openbsd.org 2002/04/22 06:15:47 | ||
706 | [radix.c] | ||
707 | fix check for overflow | ||
708 | - markus@cvs.openbsd.org 2002/04/22 16:16:53 | ||
709 | [servconf.c sshd.8 sshd_config] | ||
710 | do not auto-enable KerberosAuthentication; ok djm@, provos@, deraadt@ | ||
711 | - markus@cvs.openbsd.org 2002/04/22 21:04:52 | ||
712 | [channels.c clientloop.c clientloop.h ssh.c] | ||
713 | request reply (success/failure) for -R style fwd in protocol v2, | ||
714 | depends on ordered replies. | ||
715 | fixes http://bugzilla.mindrot.org/show_bug.cgi?id=215; ok provos@ | ||
716 | |||
717 | 20020421 | ||
718 | - (tim) [entropy.c.] Portability fix for SCO Unix 3.2v4.x (SCO OSR 3.0). | ||
719 | entropy.c needs seteuid(getuid()) for the setuid(original_uid) to | ||
720 | succeed. Patch by gert@greenie.muc.de. This fixes one part of Bug 208 | ||
721 | |||
722 | 20020418 | ||
723 | - (djm) Avoid SIGCHLD breakage when run from rsync. Fix from | ||
724 | Sturle Sunde <sturle.sunde@usit.uio.no> | ||
725 | |||
726 | 20020417 | ||
727 | - (djm) Tell users to configure /dev/random support into OpenSSL in | ||
728 | INSTALL | ||
729 | - (djm) Fix .Nm in mdoc2man.pl from pspencer@fields.utoronto.ca | ||
730 | - (tim) [configure.ac] Issue warning on --with-default-path=/some_path | ||
731 | if LOGIN_CAP is enabled. Report & testing by Tuc <tuc@ttsg.com> | ||
732 | |||
733 | 20020415 | ||
734 | - (djm) Unbreak "make install". Fix from Darren Tucker | ||
735 | <dtucker@zip.com.au> | ||
736 | - (stevesk) bsd-cygwin_util.[ch] BSD license from Corinna Vinschen | ||
737 | - (tim) [configure.ac] add tests for recvmsg and sendmsg. | ||
738 | [monitor_fdpass.c] add checks for HAVE_SENDMSG and HAVE_RECVMSG for | ||
739 | systems that HAVE_ACCRIGHTS_IN_MSGHDR but no recvmsg or sendmsg. | ||
740 | |||
741 | 20020414 | ||
742 | - (djm) ssh-rand-helper improvements | ||
743 | - Add commandline debugging options | ||
744 | - Don't write binary data if stdout is a tty (use hex instead) | ||
745 | - Give it a manpage | ||
746 | - (djm) Random number collection doc fixes from Ben | ||
747 | |||
748 | 20020413 | ||
749 | - (djm) Add KrbV support patch from Simon Wilkinson <simon@sxw.org.uk> | ||
750 | |||
751 | 20020412 | ||
752 | - (stevesk) [auth-sia.[ch]] add BSD license from Chris Adams | ||
753 | - (tim) [configure.ac] add <sys/types.h> to msghdr tests. Change -L | ||
754 | to -h on testing for /bin being symbolic link | ||
755 | - (bal) Mistaken in Cygwin scripts for ssh starting. Patch by | ||
756 | Corinna Vinschen <vinschen@redhat.com> | ||
757 | - (bal) disable privsep if no MAP_ANON. We can re-enable it | ||
758 | after the release when we can do more testing. | ||
759 | |||
760 | 20020411 | ||
761 | - (stevesk) [auth-sia.c] cleanup | ||
762 | - (tim) [acconfig.h defines.h includes.h] put includes in includes.h and | ||
763 | defines in defines.h [rijndael.c openbsd-compat/fake-socket.h | ||
764 | openbsd-compat/inet_aton.c] include "includes.h" instead of "config.h" | ||
765 | ok stevesk@ | ||
766 | |||
767 | 20020410 | ||
768 | - (stevesk) [configure.ac monitor.c] HAVE_SOCKETPAIR | ||
769 | - (stevesk) [auth-sia.c] compile fix Chris Adams <cmadams@hiwaay.net> | ||
770 | - (bal) OpenBSD CVS Sync | ||
771 | - markus@cvs.openbsd.org 2002/04/10 08:21:47 | ||
772 | [auth1.c compat.c compat.h] | ||
773 | strip '@' from username only for KerbV and known broken clients, | ||
774 | bug #204 | ||
775 | - markus@cvs.openbsd.org 2002/04/10 08:56:01 | ||
776 | [version.h] | ||
777 | OpenSSH_3.2 | ||
778 | - Added p1 to idenify Portable release version. | ||
779 | |||
780 | 20020408 | ||
781 | - (bal) Minor OpenSC updates. Fix up header locations and update | ||
782 | README.smartcard provided by Juha Yrjölä <jyrjola@cc.hut.fi> | ||
783 | |||
784 | 20020407 | ||
785 | - (stevesk) HAVE_CONTROL_IN_MSGHDR; not used right now. | ||
786 | Future: we may want to test if fd passing works correctly. | ||
787 | - (stevesk) [monitor_fdpass.c] fatal() for UsePrivilegeSeparation=yes | ||
788 | and no fd passing support. | ||
789 | - (stevesk) HAVE_MMAP and HAVE_SYS_MMAN_H and use them in | ||
790 | monitor_mm.c | ||
791 | - (stevesk) remove configure support for poll.h; it was removed | ||
792 | from sshd.c a long time ago. | ||
793 | - (stevesk) --with-privsep-user; default sshd | ||
794 | - (stevesk) wrap munmap() with HAVE_MMAP also. | ||
795 | |||
796 | 20020406 | ||
797 | - (djm) Typo in Suse SPEC file. Fix from Carsten Grohmann | ||
798 | <carsten.grohmann@dr-baldeweg.de> | ||
799 | - (bal) Added MAP_FAILED to allow AIX and Trusted HP to compile. | ||
800 | - (bal) OpenBSD CVS Sync | ||
801 | - djm@cvs.openbsd.org 2002/04/06 00:30:08 | ||
802 | [sftp-client.c] | ||
803 | Fix occasional corruption on upload due to bad reuse of request | ||
804 | id, spotted by chombier@mac.com; ok markus@ | ||
805 | - mouring@cvs.openbsd.org 2002/04/06 18:24:09 | ||
806 | [scp.c] | ||
807 | Fixes potental double // within path. | ||
808 | http://bugzilla.mindrot.org/show_bug.cgi?id=76 | ||
809 | - (bal) Slight update to OpenSC support. Better version checking. patch | ||
810 | by Juha Yrjölä <jyrjola@cc.hut.fi> | ||
811 | - (bal) Revered out of runtime IRIX detection of joblimits. Code is | ||
812 | incomplete. | ||
813 | - (bal) Quiet down configure.ac if /bin/test does not exist. | ||
814 | - (bal) We no longer use atexit()/xatexit()/on_exit() | ||
815 | |||
816 | 20020405 | ||
817 | - (bal) Patch for OpenSC SmartCard library; ok markus@; patch by | ||
818 | Juha Yrjölä <jyrjola@cc.hut.fi> | ||
819 | - (bal) Minor documentation update to reflect smartcard library | ||
820 | support changes. | ||
821 | - (bal) Too many <sys/queue.h> issues. Remove all workarounds and | ||
822 | using internal version only. | ||
823 | - (bal) OpenBSD CVS Sync | ||
824 | - stevesk@cvs.openbsd.org 2002/04/05 20:56:21 | ||
825 | [sshd.8] | ||
826 | clarify sshrc some and handle X11UseLocalhost=yes; ok markus@ | ||
827 | |||
828 | 20020404 | ||
829 | - (stevesk) [auth-pam.c auth-pam.h auth-passwd.c auth-sia.c auth-sia.h | ||
830 | auth1.c auth2.c] PAM, OSF_SIA password auth cleanup; from djm. | ||
831 | - (bal) OpenBSD CVS Sync | ||
832 | - markus@cvs.openbsd.org 2002/04/03 09:26:11 | ||
833 | [cipher.c myproposal.h] | ||
834 | re-add rijndael-cbc@lysator.liu.se for MacSSH; ash@lab.poc.net | ||
835 | |||
836 | 20020402 | ||
837 | - (bal) Hand Sync of scp.c (reverted to upstream code) | ||
838 | - deraadt@cvs.openbsd.org 2002/03/30 17:45:46 | ||
839 | [scp.c] | ||
840 | stretch banners | ||
841 | - (bal) CVS ID sync of uidswap.c | ||
842 | - (bal) OpenBSD CVS Sync (now for the real sync) | ||
843 | - markus@cvs.openbsd.org 2002/03/27 22:21:45 | ||
844 | [ssh-keygen.c] | ||
845 | try to import keys with extra trailing === (seen with ssh.com < | ||
846 | 2.0.12) | ||
847 | - markus@cvs.openbsd.org 2002/03/28 15:34:51 | ||
848 | [session.c] | ||
849 | do not call record_login twice (for use_privsep) | ||
850 | - markus@cvs.openbsd.org 2002/03/29 18:59:32 | ||
851 | [session.c session.h] | ||
852 | retrieve last login time before the pty is allocated, store per | ||
853 | session | ||
854 | - stevesk@cvs.openbsd.org 2002/03/29 19:16:22 | ||
855 | [sshd.8] | ||
856 | RSA key modulus size minimum 768; ok markus@ | ||
857 | - stevesk@cvs.openbsd.org 2002/03/29 19:18:33 | ||
858 | [auth-rsa.c ssh-rsa.c ssh.h] | ||
859 | make RSA modulus minimum #define; ok markus@ | ||
860 | - markus@cvs.openbsd.org 2002/03/30 18:51:15 | ||
861 | [monitor.c serverloop.c sftp-int.c sftp.c sshd.c] | ||
862 | check waitpid for EINTR; based on patch from peter@ifm.liu.se | ||
863 | - markus@cvs.openbsd.org 2002/04/01 22:02:16 | ||
864 | [sftp-client.c] | ||
865 | 20480 is an upper limit for older server | ||
866 | - markus@cvs.openbsd.org 2002/04/01 22:07:17 | ||
867 | [sftp-client.c] | ||
868 | fallback to stat if server does not support lstat | ||
869 | - markus@cvs.openbsd.org 2002/04/02 11:49:39 | ||
870 | [ssh-agent.c] | ||
871 | check $SHELL for -k and -d, too; | ||
872 | http://bugzilla.mindrot.org/show_bug.cgi?id=199 | ||
873 | - markus@cvs.openbsd.org 2002/04/02 17:37:48 | ||
874 | [sftp.c] | ||
875 | always call log_init() | ||
876 | - markus@cvs.openbsd.org 2002/04/02 20:11:38 | ||
877 | [ssh-rsa.c] | ||
878 | ignore SSH_BUG_SIGBLOB for ssh-rsa; #187 | ||
879 | - (bal) mispelling in uidswap.c (portable only) | ||
880 | |||
881 | 20020401 | ||
882 | - (stevesk) [monitor.c] PAM should work again; will *not* work with | ||
883 | UsePrivilegeSeparation=yes. | ||
884 | - (stevesk) [auth1.c] fix password auth for protocol 1 when | ||
885 | !USE_PAM && !HAVE_OSF_SIA; merge issue. | ||
886 | |||
887 | 20020331 | ||
888 | - (tim) [configure.ac] use /bin/test -L to work around broken builtin on | ||
889 | Solaris 8 | ||
890 | - (tim) [sshconnect2.c] change uint32_t to u_int32_t | ||
891 | |||
892 | 20020330 | ||
893 | - (stevesk) [configure.ac] remove header check for sys/ttcompat.h | ||
894 | bug 167 | ||
895 | |||
896 | 20020327 | ||
897 | - (bal) 'pw' should be 'authctxt->pw' in auth1.c spotted by | ||
898 | kent@lysator.liu.se | ||
899 | - (bal) OpenBSD CVS Sync | ||
900 | - markus@cvs.openbsd.org 2002/03/26 11:34:49 | ||
901 | [ssh.1 sshd.8] | ||
902 | update to recent drafts | ||
903 | - markus@cvs.openbsd.org 2002/03/26 11:37:05 | ||
904 | [ssh.c] | ||
905 | update Copyright | ||
906 | - markus@cvs.openbsd.org 2002/03/26 15:23:40 | ||
907 | [bufaux.c] | ||
908 | do not talk about packets in bufaux | ||
909 | - rees@cvs.openbsd.org 2002/03/26 18:46:59 | ||
910 | [scard.c] | ||
911 | try_AUT0 in read_pubkey too, for those paranoid few who want to | ||
912 | acl 'sh' | ||
913 | - markus@cvs.openbsd.org 2002/03/26 22:50:39 | ||
914 | [channels.h] | ||
915 | CHANNEL_EFD_OUTPUT_ACTIVE is false for CHAN_CLOSE_RCVD, too | ||
916 | - markus@cvs.openbsd.org 2002/03/26 23:13:03 | ||
917 | [auth-rsa.c] | ||
918 | disallow RSA keys < 768 for protocol 1, too (rhosts-rsa and rsa auth) | ||
919 | - markus@cvs.openbsd.org 2002/03/26 23:14:51 | ||
920 | [kex.c] | ||
921 | generate a new cookie for each SSH2_MSG_KEXINIT message we send out | ||
922 | - mouring@cvs.openbsd.org 2002/03/27 11:45:42 | ||
923 | [monitor.c] | ||
924 | monitor_allowed_key() returns int instead of pointer. ok markus@ | ||
925 | |||
926 | 20020325 | ||
927 | - (stevesk) import OpenBSD <sys/tree.h> as "openbsd-compat/tree.h" | ||
928 | - (bal) OpenBSD CVS Sync | ||
929 | - stevesk@cvs.openbsd.org 2002/03/23 20:57:26 | ||
930 | [sshd.c] | ||
931 | setproctitle() after preauth child; ok markus@ | ||
932 | - markus@cvs.openbsd.org 2002/03/24 16:00:27 | ||
933 | [serverloop.c] | ||
934 | remove unused debug | ||
935 | - markus@cvs.openbsd.org 2002/03/24 16:01:13 | ||
936 | [packet.c] | ||
937 | debug->debug3 for extra padding | ||
938 | - stevesk@cvs.openbsd.org 2002/03/24 17:27:03 | ||
939 | [kexgex.c] | ||
940 | typo; ok markus@ | ||
941 | - stevesk@cvs.openbsd.org 2002/03/24 17:53:16 | ||
942 | [monitor_fdpass.c] | ||
943 | minor cleanup and more error checking; ok markus@ | ||
944 | - markus@cvs.openbsd.org 2002/03/24 18:05:29 | ||
945 | [scard.c] | ||
946 | we need to figure out AUT0 for sc_private_encrypt, too | ||
947 | - stevesk@cvs.openbsd.org 2002/03/24 23:20:00 | ||
948 | [monitor.c] | ||
949 | remove "\n" from fatal() | ||
950 | - markus@cvs.openbsd.org 2002/03/25 09:21:13 | ||
951 | [auth-rsa.c] | ||
952 | return 0 (not NULL); tomh@po.crl.go.jp | ||
953 | - markus@cvs.openbsd.org 2002/03/25 09:25:06 | ||
954 | [auth-rh-rsa.c] | ||
955 | rm bogus comment | ||
956 | - markus@cvs.openbsd.org 2002/03/25 17:34:27 | ||
957 | [scard.c scard.h ssh-agent.c ssh-keygen.c ssh.c] | ||
958 | change sc_get_key to sc_get_keys and hide smartcard details in scard.c | ||
959 | - stevesk@cvs.openbsd.org 2002/03/25 20:12:10 | ||
960 | [monitor_mm.c monitor_wrap.c] | ||
961 | ssize_t args use "%ld" and cast to (long) | ||
962 | size_t args use "%lu" and cast to (u_long) | ||
963 | ok markus@ and thanks millert@ | ||
964 | - markus@cvs.openbsd.org 2002/03/25 21:04:02 | ||
965 | [ssh.c] | ||
966 | simplify num_identity_files handling | ||
967 | - markus@cvs.openbsd.org 2002/03/25 21:13:51 | ||
968 | [channels.c channels.h compat.c compat.h nchan.c] | ||
969 | don't send stderr data after EOF, accept this from older known | ||
970 | (broken) sshd servers only, fixes | ||
971 | http://bugzilla.mindrot.org/show_bug.cgi?id=179 | ||
972 | - stevesk@cvs.openbsd.org 2002/03/26 03:24:01 | ||
973 | [monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h] | ||
974 | $OpenBSD$ | ||
975 | |||
976 | 20020324 | ||
977 | - (stevesk) [session.c] disable LOGIN_NEEDS_TERM until we are sure | ||
978 | it can be removed. only used on solaris. will no longer compile with | ||
979 | privsep shuffling. | ||
980 | |||
981 | 20020322 | ||
982 | - (stevesk) HAVE_ACCRIGHTS_IN_MSGHDR configure support | ||
983 | - (stevesk) [monitor.c monitor_wrap.c] #ifdef HAVE_PW_CLASS_IN_PASSWD | ||
984 | - (stevesk) configure and cpp __FUNCTION__ gymnastics to handle nielsisms | ||
985 | - (stevesk) [monitor_fdpass.c] support for access rights style file | ||
986 | descriptor passing | ||
987 | - (stevesk) [auth2.c] merge cleanup/sync | ||
988 | - (stevesk) [defines.h] hp-ux 11 has ancillary data style fd passing, but | ||
989 | is missing CMSG_LEN() and CMSG_SPACE() macros. | ||
990 | - (stevesk) [defines.h] #define MAP_ANON MAP_ANONYMOUS for HP-UX; other | ||
991 | platforms may need this--I'm not sure. mmap() issues will need to be | ||
992 | addressed further. | ||
993 | - (tim) [cipher.c] fix problem with OpenBSD sync | ||
994 | - (stevesk) [LICENCE] OpenBSD sync | ||
995 | |||
996 | 20020321 | ||
997 | - (bal) OpenBSD CVS Sync | ||
998 | - itojun@cvs.openbsd.org 2002/03/08 06:10:16 | ||
999 | [sftp-client.c] | ||
1000 | printf type mismatch | ||
1001 | - itojun@cvs.openbsd.org 2002/03/11 03:18:49 | ||
1002 | [sftp-client.c] | ||
1003 | correct type mismatches (u_int64_t != unsigned long long) | ||
1004 | - itojun@cvs.openbsd.org 2002/03/11 03:19:53 | ||
1005 | [sftp-client.c] | ||
1006 | indent | ||
1007 | - markus@cvs.openbsd.org 2002/03/14 15:24:27 | ||
1008 | [sshconnect1.c] | ||
1009 | don't trust size sent by (rogue) server; noted by | ||
1010 | s.esser@e-matters.de | ||
1011 | - markus@cvs.openbsd.org 2002/03/14 16:38:26 | ||
1012 | [sshd.c] | ||
1013 | split out ssh1 session key decryption; ok provos@ | ||
1014 | - markus@cvs.openbsd.org 2002/03/14 16:56:33 | ||
1015 | [auth-rh-rsa.c auth-rsa.c auth.h] | ||
1016 | split auth_rsa() for better readability and privsep; ok provos@ | ||
1017 | - itojun@cvs.openbsd.org 2002/03/15 11:00:38 | ||
1018 | [auth.c] | ||
1019 | fix file type checking (use S_ISREG). ok by markus | ||
1020 | - markus@cvs.openbsd.org 2002/03/16 11:24:53 | ||
1021 | [compress.c] | ||
1022 | skip inflateEnd if inflate fails; ok provos@ | ||
1023 | - markus@cvs.openbsd.org 2002/03/16 17:22:09 | ||
1024 | [auth-rh-rsa.c auth.h] | ||
1025 | split auth_rhosts_rsa(), ok provos@ | ||
1026 | - stevesk@cvs.openbsd.org 2002/03/16 17:41:25 | ||
1027 | [auth-krb5.c] | ||
1028 | BSD license. from Daniel Kouril via Dug Song. ok markus@ | ||
1029 | - provos@cvs.openbsd.org 2002/03/17 20:25:56 | ||
1030 | [auth.c auth.h auth1.c auth2.c] | ||
1031 | getpwnamallow returns struct passwd * only if user valid; | ||
1032 | okay markus@ | ||
1033 | - provos@cvs.openbsd.org 2002/03/18 01:12:14 | ||
1034 | [auth.h auth1.c auth2.c sshd.c] | ||
1035 | have the authentication functions return the authentication context | ||
1036 | and then do_authenticated; okay millert@ | ||
1037 | - dugsong@cvs.openbsd.org 2002/03/18 01:30:10 | ||
1038 | [auth-krb4.c] | ||
1039 | set client to NULL after xfree(), from Rolf Braun | ||
1040 | <rbraun+ssh@andrew.cmu.edu> | ||
1041 | - provos@cvs.openbsd.org 2002/03/18 03:41:08 | ||
1042 | [auth.c session.c] | ||
1043 | move auth_approval into getpwnamallow with help from millert@ | ||
1044 | - markus@cvs.openbsd.org 2002/03/18 17:13:15 | ||
1045 | [cipher.c cipher.h] | ||
1046 | export/import cipher states; needed by ssh-privsep | ||
1047 | - markus@cvs.openbsd.org 2002/03/18 17:16:38 | ||
1048 | [packet.c packet.h] | ||
1049 | export/import cipher state, iv and ssh2 seqnr; needed by ssh-privsep | ||
1050 | - markus@cvs.openbsd.org 2002/03/18 17:23:31 | ||
1051 | [key.c key.h] | ||
1052 | add key_demote() for ssh-privsep | ||
1053 | - provos@cvs.openbsd.org 2002/03/18 17:25:29 | ||
1054 | [bufaux.c bufaux.h] | ||
1055 | buffer_skip_string and extra sanity checking; needed by ssh-privsep | ||
1056 | - provos@cvs.openbsd.org 2002/03/18 17:31:54 | ||
1057 | [compress.c] | ||
1058 | export compression streams for ssh-privsep | ||
1059 | - provos@cvs.openbsd.org 2002/03/18 17:50:31 | ||
1060 | [auth-bsdauth.c auth-options.c auth-rh-rsa.c auth-rsa.c] | ||
1061 | [auth-skey.c auth.h auth1.c auth2-chall.c auth2.c kex.c kex.h kexdh.c] | ||
1062 | [kexgex.c servconf.c] | ||
1063 | [session.h servconf.h serverloop.c session.c sshd.c] | ||
1064 | integrate privilege separated openssh; its turned off by default | ||
1065 | for now. work done by me and markus@ | ||
1066 | - provos@cvs.openbsd.org 2002/03/18 17:53:08 | ||
1067 | [sshd.8] | ||
1068 | credits for privsep | ||
1069 | - provos@cvs.openbsd.org 2002/03/18 17:59:09 | ||
1070 | [sshd.8] | ||
1071 | document UsePrivilegeSeparation | ||
1072 | - stevesk@cvs.openbsd.org 2002/03/18 23:52:51 | ||
1073 | [servconf.c] | ||
1074 | UnprivUser/UnprivGroup usable now--specify numeric user/group; ok | ||
1075 | provos@ | ||
1076 | - stevesk@cvs.openbsd.org 2002/03/19 03:03:43 | ||
1077 | [pathnames.h servconf.c servconf.h sshd.c] | ||
1078 | _PATH_PRIVSEP_CHROOT_DIR; ok provos@ | ||
1079 | - stevesk@cvs.openbsd.org 2002/03/19 05:23:08 | ||
1080 | [sshd.8] | ||
1081 | Banner has no default. | ||
1082 | - mpech@cvs.openbsd.org 2002/03/19 06:32:56 | ||
1083 | [sftp-int.c] | ||
1084 | use xfree() after xstrdup(). | ||
1085 | |||
1086 | markus@ ok | ||
1087 | - markus@cvs.openbsd.org 2002/03/19 10:35:39 | ||
1088 | [auth-options.c auth.h session.c session.h sshd.c] | ||
1089 | clean up prototypes | ||
1090 | - markus@cvs.openbsd.org 2002/03/19 10:49:35 | ||
1091 | [auth-krb5.c auth-rh-rsa.c auth.c cipher.c key.c misc.h] | ||
1092 | [packet.c session.c sftp-client.c sftp-glob.h sftp.c ssh-add.c ssh.c] | ||
1093 | [sshconnect2.c sshd.c ttymodes.c] | ||
1094 | KNF whitespace | ||
1095 | - markus@cvs.openbsd.org 2002/03/19 14:27:39 | ||
1096 | [auth.c auth1.c auth2.c] | ||
1097 | make getpwnamallow() allways call pwcopy() | ||
1098 | - markus@cvs.openbsd.org 2002/03/19 15:31:47 | ||
1099 | [auth.c] | ||
1100 | check for NULL; from provos@ | ||
1101 | - stevesk@cvs.openbsd.org 2002/03/20 19:12:25 | ||
1102 | [servconf.c servconf.h ssh.h sshd.c] | ||
1103 | for unprivileged user, group do: | ||
1104 | pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw). ok provos@ | ||
1105 | - stevesk@cvs.openbsd.org 2002/03/20 21:08:08 | ||
1106 | [sshd.c] | ||
1107 | strerror() on chdir() fail; ok provos@ | ||
1108 | - markus@cvs.openbsd.org 2002/03/21 10:21:20 | ||
1109 | [ssh-add.c] | ||
1110 | ignore errors for nonexisting default keys in ssh-add, | ||
1111 | fixes http://bugzilla.mindrot.org/show_bug.cgi?id=158 | ||
1112 | - jakob@cvs.openbsd.org 2002/03/21 15:17:26 | ||
1113 | [clientloop.c ssh.1] | ||
1114 | add built-in command line for adding new port forwardings on the fly. | ||
1115 | based on a patch from brian wellington. ok markus@. | ||
1116 | - markus@cvs.openbsd.org 2002/03/21 16:38:06 | ||
1117 | [scard.c] | ||
1118 | make compile w/ openssl 0.9.7 | ||
1119 | - markus@cvs.openbsd.org 2002/03/21 16:54:53 | ||
1120 | [scard.c scard.h ssh-keygen.c] | ||
1121 | move key upload to scard.[ch] | ||
1122 | - markus@cvs.openbsd.org 2002/03/21 16:57:15 | ||
1123 | [scard.c] | ||
1124 | remove const | ||
1125 | - markus@cvs.openbsd.org 2002/03/21 16:58:13 | ||
1126 | [clientloop.c] | ||
1127 | remove unused | ||
1128 | - rees@cvs.openbsd.org 2002/03/21 18:08:15 | ||
1129 | [scard.c] | ||
1130 | In sc_put_key(), sc_reader_id should be id. | ||
1131 | - markus@cvs.openbsd.org 2002/03/21 20:51:12 | ||
1132 | [sshd_config] | ||
1133 | add privsep (off) | ||
1134 | - markus@cvs.openbsd.org 2002/03/21 21:23:34 | ||
1135 | [sshd.c] | ||
1136 | add privsep_preauth() and remove 1 goto; ok provos@ | ||
1137 | - rees@cvs.openbsd.org 2002/03/21 21:54:34 | ||
1138 | [scard.c scard.h ssh-keygen.c] | ||
1139 | Add PIN-protection for secret key. | ||
1140 | - rees@cvs.openbsd.org 2002/03/21 22:44:05 | ||
1141 | [authfd.c authfd.h ssh-add.c ssh-agent.c ssh.c] | ||
1142 | Add PIN-protection for secret key. | ||
1143 | - markus@cvs.openbsd.org 2002/03/21 23:07:37 | ||
1144 | [clientloop.c] | ||
1145 | remove unused, sync w/ cmdline patch in my tree. | ||
1146 | |||
1147 | 20020317 | ||
1148 | - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is | ||
1149 | wanted, warn if directory does not exist. Put system directories in | ||
1150 | front of PATH for finding entorpy commands. | ||
1151 | - (tim) [contrib/aix/buildbff.sh contrib/aix/inventory.sh] AIX package | ||
1152 | build fixes. Patch by Darren Tucker <dtucker@zip.com.au> | ||
1153 | [contrib/solaris/buildpkg.sh] add missing dirs to SYSTEM_DIR. Have | ||
1154 | postinstall check for $piddir and add if necessary. | ||
1155 | |||
1156 | 20020311 | ||
1157 | - (tim) [contrib/solaris/buildpkg.sh, contrib/solaris/README] Updated to | ||
1158 | build on all platforms that support SVR4 style package tools. Now runs | ||
1159 | from build dir. Parts are based on patches from Antonio Navarro, and | ||
1160 | Darren Tucker. | ||
1161 | |||
1162 | 20020308 | ||
1163 | - (djm) Revert bits of Markus' OpenSSL compat patch which was | ||
1164 | accidentally committed. | ||
1165 | - (djm) Add Markus' patch for compat wih OpenSSL < 0.9.6. | ||
1166 | Known issue: Blowfish for SSH1 does not work | ||
1167 | - (stevesk) entropy.c: typo in debug message | ||
1168 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ | ||
1169 | |||
1170 | $Id: ChangeLog,v 1.2301 2002/06/26 13:59:10 djm Exp $ | ||
@@ -10,11 +10,7 @@ OpenSSL 0.9.6 or greater: | |||
10 | http://www.openssl.org/ | 10 | http://www.openssl.org/ |
11 | 11 | ||
12 | (OpenSSL 0.9.5a is partially supported, but some ciphers (SSH protocol 1 | 12 | (OpenSSL 0.9.5a is partially supported, but some ciphers (SSH protocol 1 |
13 | Blowfish included) do not work correctly.) | 13 | Blowfish) do not work correctly.) |
14 | |||
15 | RPMs of OpenSSL are available at http://violet.ibs.com.au/openssh/files/support. | ||
16 | For Red Hat Linux 6.2, they have been released as errata. RHL7 includes | ||
17 | these. | ||
18 | 14 | ||
19 | OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system | 15 | OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system |
20 | supports it. PAM is standard on Redhat and Debian Linux, Solaris and | 16 | supports it. PAM is standard on Redhat and Debian Linux, Solaris and |
@@ -221,4 +217,4 @@ Please refer to the "reporting bugs" section of the webpage at | |||
221 | http://www.openssh.com/ | 217 | http://www.openssh.com/ |
222 | 218 | ||
223 | 219 | ||
224 | $Id: INSTALL,v 1.54 2002/06/24 16:26:49 stevesk Exp $ | 220 | $Id: INSTALL,v 1.55 2002/07/25 04:36:25 djm Exp $ |
diff --git a/Makefile.in b/Makefile.in index e7faa1591..89d02c959 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: Makefile.in,v 1.217 2002/06/25 23:45:42 tim Exp $ | 1 | # $Id: Makefile.in,v 1.222 2002/07/14 17:02:21 tim Exp $ |
2 | 2 | ||
3 | # uncomment if you run a non bourne compatable shell. Ie. csh | 3 | # uncomment if you run a non bourne compatable shell. Ie. csh |
4 | #SHELL = @SH@ | 4 | #SHELL = @SH@ |
@@ -129,7 +129,7 @@ ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o | |||
129 | $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) | 129 | $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) |
130 | 130 | ||
131 | ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o | 131 | ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o |
132 | $(LD) -o $@ ssh-keysign.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) | 132 | $(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) |
133 | 133 | ||
134 | ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o | 134 | ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o |
135 | $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) | 135 | $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) |
@@ -198,12 +198,11 @@ distprep: catman-do | |||
198 | $(AUTORECONF) | 198 | $(AUTORECONF) |
199 | (cd scard && $(MAKE) -f Makefile.in distprep) | 199 | (cd scard && $(MAKE) -f Makefile.in distprep) |
200 | 200 | ||
201 | install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key check-user | 201 | install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key check-config |
202 | install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files | 202 | install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files |
203 | 203 | ||
204 | check-user: | 204 | check-config: |
205 | id $(SSH_PRIVSEP_USER) || \ | 205 | -$(DESTDIR)$(sbindir)/sshd -t -f $(DESTDIR)$(sysconfdir)/sshd_config |
206 | echo "WARNING: Privilege separation user \"$(SSH_PRIVSEP_USER)\" does not exist" | ||
207 | 206 | ||
208 | scard-install: | 207 | scard-install: |
209 | (cd scard && $(MAKE) DESTDIR=$(DESTDIR) install) | 208 | (cd scard && $(MAKE) DESTDIR=$(DESTDIR) install) |
@@ -217,8 +216,7 @@ install-files: scard-install | |||
217 | $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5 | 216 | $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5 |
218 | $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 | 217 | $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 |
219 | $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) | 218 | $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) |
220 | $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH) | 219 | (umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH)) |
221 | chmod 0700 $(DESTDIR)$(PRIVSEP_PATH) | ||
222 | $(INSTALL) -m 0755 -s ssh $(DESTDIR)$(bindir)/ssh | 220 | $(INSTALL) -m 0755 -s ssh $(DESTDIR)$(bindir)/ssh |
223 | $(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp | 221 | $(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp |
224 | $(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add | 222 | $(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add |
@@ -248,23 +246,23 @@ install-files: scard-install | |||
248 | @NO_SFTP@$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 | 246 | @NO_SFTP@$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 |
249 | $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 | 247 | $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 |
250 | -rm -f $(DESTDIR)$(bindir)/slogin | 248 | -rm -f $(DESTDIR)$(bindir)/slogin |
251 | ln -s ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin | 249 | ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin |
252 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 | 250 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 |
253 | ln -s ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 | 251 | ln -s ./ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 |
254 | if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \ | 252 | if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \ |
255 | $(srcdir)/mkinstalldirs $(DESTDIR)$(sysconfdir); \ | 253 | $(srcdir)/mkinstalldirs $(DESTDIR)$(sysconfdir); \ |
256 | fi | 254 | fi |
257 | if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_config ]; then \ | 255 | @if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_config ]; then \ |
258 | $(INSTALL) -m 644 ssh_config.out $(DESTDIR)$(sysconfdir)/ssh_config; \ | 256 | $(INSTALL) -m 644 ssh_config.out $(DESTDIR)$(sysconfdir)/ssh_config; \ |
259 | else \ | 257 | else \ |
260 | echo "$(DESTDIR)$(sysconfdir)/ssh_config already exists, install will not overwrite"; \ | 258 | echo "$(DESTDIR)$(sysconfdir)/ssh_config already exists, install will not overwrite"; \ |
261 | fi | 259 | fi |
262 | if [ ! -f $(DESTDIR)$(sysconfdir)/sshd_config ]; then \ | 260 | @if [ ! -f $(DESTDIR)$(sysconfdir)/sshd_config ]; then \ |
263 | $(INSTALL) -m 644 sshd_config.out $(DESTDIR)$(sysconfdir)/sshd_config; \ | 261 | $(INSTALL) -m 644 sshd_config.out $(DESTDIR)$(sysconfdir)/sshd_config; \ |
264 | else \ | 262 | else \ |
265 | echo "$(DESTDIR)$(sysconfdir)/sshd_config already exists, install will not overwrite"; \ | 263 | echo "$(DESTDIR)$(sysconfdir)/sshd_config already exists, install will not overwrite"; \ |
266 | fi | 264 | fi |
267 | if [ -f ssh_prng_cmds -a ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \ | 265 | @if [ -f ssh_prng_cmds -a ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \ |
268 | $(PERL) $(srcdir)/fixprogs ssh_prng_cmds $(ENT); \ | 266 | $(PERL) $(srcdir)/fixprogs ssh_prng_cmds $(ENT); \ |
269 | if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds ] ; then \ | 267 | if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds ] ; then \ |
270 | $(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \ | 268 | $(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \ |
@@ -272,7 +270,7 @@ install-files: scard-install | |||
272 | echo "$(DESTDIR)$(sysconfdir)/ssh_prng_cmds already exists, install will not overwrite"; \ | 270 | echo "$(DESTDIR)$(sysconfdir)/ssh_prng_cmds already exists, install will not overwrite"; \ |
273 | fi ; \ | 271 | fi ; \ |
274 | fi | 272 | fi |
275 | if [ ! -f $(DESTDIR)$(sysconfdir)/moduli ]; then \ | 273 | @if [ ! -f $(DESTDIR)$(sysconfdir)/moduli ]; then \ |
276 | if [ -f $(DESTDIR)$(sysconfdir)/primes ]; then \ | 274 | if [ -f $(DESTDIR)$(sysconfdir)/primes ]; then \ |
277 | echo "moving $(DESTDIR)$(sysconfdir)/primes to $(DESTDIR)$(sysconfdir)/moduli"; \ | 275 | echo "moving $(DESTDIR)$(sysconfdir)/primes to $(DESTDIR)$(sysconfdir)/moduli"; \ |
278 | mv "$(DESTDIR)$(sysconfdir)/primes" "$(DESTDIR)$(sysconfdir)/moduli"; \ | 276 | mv "$(DESTDIR)$(sysconfdir)/primes" "$(DESTDIR)$(sysconfdir)/moduli"; \ |
@@ -284,7 +282,7 @@ install-files: scard-install | |||
284 | fi | 282 | fi |
285 | 283 | ||
286 | host-key: ssh-keygen$(EXEEXT) | 284 | host-key: ssh-keygen$(EXEEXT) |
287 | if [ -z "$(DESTDIR)" ] ; then \ | 285 | @if [ -z "$(DESTDIR)" ] ; then \ |
288 | if [ -f "$(DESTDIR)$(sysconfdir)/ssh_host_key" ] ; then \ | 286 | if [ -f "$(DESTDIR)$(sysconfdir)/ssh_host_key" ] ; then \ |
289 | echo "$(DESTDIR)$(sysconfdir)/ssh_host_key already exists, skipping." ; \ | 287 | echo "$(DESTDIR)$(sysconfdir)/ssh_host_key already exists, skipping." ; \ |
290 | else \ | 288 | else \ |
@@ -18,7 +18,7 @@ Programming: | |||
18 | - Handle changing passwords for the non-PAM expired password case | 18 | - Handle changing passwords for the non-PAM expired password case |
19 | 19 | ||
20 | - Improve PAM support (a pam_lastlog module will cause sshd to exit) | 20 | - Improve PAM support (a pam_lastlog module will cause sshd to exit) |
21 | and maybe support alternate forms of authenications like OPIE via | 21 | and maybe support alternate forms of authentications like OPIE via |
22 | pam? | 22 | pam? |
23 | 23 | ||
24 | - Rework PAM ChallengeResponseAuthentication | 24 | - Rework PAM ChallengeResponseAuthentication |
@@ -42,8 +42,38 @@ Programming: | |||
42 | solutions break scp or leaves processes hanging around after the ssh | 42 | solutions break scp or leaves processes hanging around after the ssh |
43 | connection has ended. It seems to be linked to two things. One | 43 | connection has ended. It seems to be linked to two things. One |
44 | select() under Linux is not as nice as others, and two the children | 44 | select() under Linux is not as nice as others, and two the children |
45 | of the shell are not killed on exiting the shell. Redhat have an excellent | 45 | of the shell are not killed on exiting the shell. |
46 | description of this in their RPM package. | 46 | A short run-down of what happens: |
47 | - The shell starts up, and starts its own session. As a side-effect, it | ||
48 | gets its own process group. | ||
49 | - The child forks off sleep, and because it's in the background, puts it | ||
50 | into its own process group. The sleep command inherits a copy of the | ||
51 | shell's descriptor for the tty as its stdout. | ||
52 | - The shell exits, but doesn't SIGHUP all of its child PIDs like it probably | ||
53 | should(?) | ||
54 | - The sshd server attempts to read from the master side of the pty, and | ||
55 | while there are still process with the pty open, no EOF is produced. | ||
56 | - The sleep command exits, closes its descriptor, sshd detects the EOF, and | ||
57 | the connection gets closed. | ||
58 | Ways we've tried fixing this in sshd, and why they didn't work out: | ||
59 | - SIGHUP the sshd's process group. | ||
60 | - The shell is in its own process group. | ||
61 | - Track process group IDs of all children before we reap them (via an extra | ||
62 | field in Session structures which holds the pgid for each child pid), and | ||
63 | SIGHUP the pgid when we reap. | ||
64 | - Background commands are in yet another process group. | ||
65 | - Close the connection when the child dies. | ||
66 | - Background commands may need to write data to the connection. Also | ||
67 | prematurely truncates output from some commands (scp server, the | ||
68 | famous "dd if=/dev/zero bs=1000 count=100" case). | ||
69 | Known workarounds: | ||
70 | - bash: shopt huponexit on | ||
71 | - tcsh: none | ||
72 | - zsh: setopt HUP (usually the default setting) | ||
73 | (taken from email from Jason Stone to openssh-unix-dev, 5 May 2001) | ||
74 | - pdksh: ? | ||
75 | This appears to affect NetKit rsh under Linux as well: it behaves the same | ||
76 | with 'sleep 20 & exit'. | ||
47 | 77 | ||
48 | - Build an automated test suite | 78 | - Build an automated test suite |
49 | 79 | ||
@@ -103,4 +133,4 @@ PrivSep Issues: | |||
103 | - Cygwin | 133 | - Cygwin |
104 | + Privsep for Pre-auth only (no fd passing) | 134 | + Privsep for Pre-auth only (no fd passing) |
105 | 135 | ||
106 | $Id: TODO,v 1.50 2002/06/25 17:12:27 mouring Exp $ | 136 | $Id: TODO,v 1.51 2002/09/05 06:32:03 djm Exp $ |
diff --git a/acconfig.h b/acconfig.h index 3e51d6112..3e058f3ea 100644 --- a/acconfig.h +++ b/acconfig.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: acconfig.h,v 1.141 2002/06/25 22:35:16 tim Exp $ */ | 1 | /* $Id: acconfig.h,v 1.145 2002/09/26 00:38:48 tim Exp $ */ |
2 | 2 | ||
3 | #ifndef _CONFIG_H | 3 | #ifndef _CONFIG_H |
4 | #define _CONFIG_H | 4 | #define _CONFIG_H |
@@ -150,6 +150,9 @@ | |||
150 | /* Define if you don't want to use lastlog */ | 150 | /* Define if you don't want to use lastlog */ |
151 | #undef DISABLE_LASTLOG | 151 | #undef DISABLE_LASTLOG |
152 | 152 | ||
153 | /* Define if you don't want to use lastlog in session.c */ | ||
154 | #undef NO_SSH_LASTLOG | ||
155 | |||
153 | /* Define if you don't want to use utmp */ | 156 | /* Define if you don't want to use utmp */ |
154 | #undef DISABLE_UTMP | 157 | #undef DISABLE_UTMP |
155 | 158 | ||
@@ -310,6 +313,9 @@ | |||
310 | /* Define if X11 doesn't support AF_UNIX sockets on that system */ | 313 | /* Define if X11 doesn't support AF_UNIX sockets on that system */ |
311 | #undef NO_X11_UNIX_SOCKETS | 314 | #undef NO_X11_UNIX_SOCKETS |
312 | 315 | ||
316 | /* Define if the concept of ports only accessible to superusers isn't known */ | ||
317 | #undef NO_IPPORT_RESERVED_CONCEPT | ||
318 | |||
313 | /* Needed for SCO and NeXT */ | 319 | /* Needed for SCO and NeXT */ |
314 | #undef BROKEN_SAVED_UIDS | 320 | #undef BROKEN_SAVED_UIDS |
315 | 321 | ||
@@ -355,11 +361,8 @@ | |||
355 | /* Path that unprivileged child will chroot() to in privep mode */ | 361 | /* Path that unprivileged child will chroot() to in privep mode */ |
356 | #undef PRIVSEP_PATH | 362 | #undef PRIVSEP_PATH |
357 | 363 | ||
358 | /* Define if you have the `mmap' function that supports MAP_ANON|SHARED */ | 364 | /* Define if your platform needs to skip post auth file descriptor passing */ |
359 | #undef HAVE_MMAP_ANON_SHARED | 365 | #undef DISABLE_FD_PASSING |
360 | |||
361 | /* Define if sendmsg()/recvmsg() has problems passing file descriptors */ | ||
362 | #undef BROKEN_FD_PASSING | ||
363 | 366 | ||
364 | @BOTTOM@ | 367 | @BOTTOM@ |
365 | 368 | ||
diff --git a/auth-bsdauth.c b/auth-bsdauth.c index 4f1b452b7..2ac27a7a2 100644 --- a/auth-bsdauth.c +++ b/auth-bsdauth.c | |||
@@ -22,7 +22,7 @@ | |||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
23 | */ | 23 | */ |
24 | #include "includes.h" | 24 | #include "includes.h" |
25 | RCSID("$OpenBSD: auth-bsdauth.c,v 1.4 2002/06/19 00:27:55 deraadt Exp $"); | 25 | RCSID("$OpenBSD: auth-bsdauth.c,v 1.5 2002/06/30 21:59:45 deraadt Exp $"); |
26 | 26 | ||
27 | #ifdef BSD_AUTH | 27 | #ifdef BSD_AUTH |
28 | #include "xmalloc.h" | 28 | #include "xmalloc.h" |
@@ -69,7 +69,7 @@ bsdauth_query(void *ctx, char **name, char **infotxt, | |||
69 | *name = xstrdup(""); | 69 | *name = xstrdup(""); |
70 | *infotxt = xstrdup(""); | 70 | *infotxt = xstrdup(""); |
71 | *numprompts = 1; | 71 | *numprompts = 1; |
72 | *prompts = xmalloc(*numprompts * sizeof(char*)); | 72 | *prompts = xmalloc(*numprompts * sizeof(char *)); |
73 | *echo_on = xmalloc(*numprompts * sizeof(u_int)); | 73 | *echo_on = xmalloc(*numprompts * sizeof(u_int)); |
74 | (*echo_on)[0] = 0; | 74 | (*echo_on)[0] = 0; |
75 | (*prompts)[0] = xstrdup(challenge); | 75 | (*prompts)[0] = xstrdup(challenge); |
diff --git a/auth-krb4.c b/auth-krb4.c index 1cc528aa0..b86ce7e49 100644 --- a/auth-krb4.c +++ b/auth-krb4.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth-krb4.c,v 1.27 2002/06/11 05:46:20 mpech Exp $"); | 26 | RCSID("$OpenBSD: auth-krb4.c,v 1.28 2002/09/26 11:38:43 markus Exp $"); |
27 | 27 | ||
28 | #include "ssh.h" | 28 | #include "ssh.h" |
29 | #include "ssh1.h" | 29 | #include "ssh1.h" |
@@ -210,10 +210,9 @@ krb4_cleanup_proc(void *context) | |||
210 | } | 210 | } |
211 | 211 | ||
212 | int | 212 | int |
213 | auth_krb4(Authctxt *authctxt, KTEXT auth, char **client) | 213 | auth_krb4(Authctxt *authctxt, KTEXT auth, char **client, KTEXT reply) |
214 | { | 214 | { |
215 | AUTH_DAT adat = {0}; | 215 | AUTH_DAT adat = {0}; |
216 | KTEXT_ST reply; | ||
217 | Key_schedule schedule; | 216 | Key_schedule schedule; |
218 | struct sockaddr_in local, foreign; | 217 | struct sockaddr_in local, foreign; |
219 | char instance[INST_SZ]; | 218 | char instance[INST_SZ]; |
@@ -263,21 +262,16 @@ auth_krb4(Authctxt *authctxt, KTEXT auth, char **client) | |||
263 | 262 | ||
264 | /* If we can't successfully encrypt the checksum, we send back an | 263 | /* If we can't successfully encrypt the checksum, we send back an |
265 | empty message, admitting our failure. */ | 264 | empty message, admitting our failure. */ |
266 | if ((r = krb_mk_priv((u_char *) & cksum, reply.dat, sizeof(cksum) + 1, | 265 | if ((r = krb_mk_priv((u_char *) & cksum, reply->dat, sizeof(cksum) + 1, |
267 | schedule, &adat.session, &local, &foreign)) < 0) { | 266 | schedule, &adat.session, &local, &foreign)) < 0) { |
268 | debug("Kerberos v4 mk_priv: (%d) %s", r, krb_err_txt[r]); | 267 | debug("Kerberos v4 mk_priv: (%d) %s", r, krb_err_txt[r]); |
269 | reply.dat[0] = 0; | 268 | reply->dat[0] = 0; |
270 | reply.length = 0; | 269 | reply->length = 0; |
271 | } else | 270 | } else |
272 | reply.length = r; | 271 | reply->length = r; |
273 | 272 | ||
274 | /* Clear session key. */ | 273 | /* Clear session key. */ |
275 | memset(&adat.session, 0, sizeof(&adat.session)); | 274 | memset(&adat.session, 0, sizeof(&adat.session)); |
276 | |||
277 | packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE); | ||
278 | packet_put_string((char *) reply.dat, reply.length); | ||
279 | packet_send(); | ||
280 | packet_write_wait(); | ||
281 | return (1); | 275 | return (1); |
282 | } | 276 | } |
283 | #endif /* KRB4 */ | 277 | #endif /* KRB4 */ |
diff --git a/auth-krb5.c b/auth-krb5.c index 308a6d5f9..512f70b78 100644 --- a/auth-krb5.c +++ b/auth-krb5.c | |||
@@ -28,7 +28,7 @@ | |||
28 | */ | 28 | */ |
29 | 29 | ||
30 | #include "includes.h" | 30 | #include "includes.h" |
31 | RCSID("$OpenBSD: auth-krb5.c,v 1.8 2002/03/19 10:49:35 markus Exp $"); | 31 | RCSID("$OpenBSD: auth-krb5.c,v 1.9 2002/09/09 06:48:06 itojun Exp $"); |
32 | 32 | ||
33 | #include "ssh.h" | 33 | #include "ssh.h" |
34 | #include "ssh1.h" | 34 | #include "ssh1.h" |
@@ -73,18 +73,17 @@ krb5_init(void *context) | |||
73 | * from the ticket | 73 | * from the ticket |
74 | */ | 74 | */ |
75 | int | 75 | int |
76 | auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client) | 76 | auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *reply) |
77 | { | 77 | { |
78 | krb5_error_code problem; | 78 | krb5_error_code problem; |
79 | krb5_principal server; | 79 | krb5_principal server; |
80 | krb5_data reply; | ||
81 | krb5_ticket *ticket; | 80 | krb5_ticket *ticket; |
82 | int fd, ret; | 81 | int fd, ret; |
83 | 82 | ||
84 | ret = 0; | 83 | ret = 0; |
85 | server = NULL; | 84 | server = NULL; |
86 | ticket = NULL; | 85 | ticket = NULL; |
87 | reply.length = 0; | 86 | reply->length = 0; |
88 | 87 | ||
89 | problem = krb5_init(authctxt); | 88 | problem = krb5_init(authctxt); |
90 | if (problem) | 89 | if (problem) |
@@ -131,7 +130,7 @@ auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client) | |||
131 | 130 | ||
132 | /* if client wants mutual auth */ | 131 | /* if client wants mutual auth */ |
133 | problem = krb5_mk_rep(authctxt->krb5_ctx, authctxt->krb5_auth_ctx, | 132 | problem = krb5_mk_rep(authctxt->krb5_ctx, authctxt->krb5_auth_ctx, |
134 | &reply); | 133 | reply); |
135 | if (problem) | 134 | if (problem) |
136 | goto err; | 135 | goto err; |
137 | 136 | ||
@@ -144,19 +143,16 @@ auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client) | |||
144 | krb5_unparse_name(authctxt->krb5_ctx, authctxt->krb5_user, | 143 | krb5_unparse_name(authctxt->krb5_ctx, authctxt->krb5_user, |
145 | client); | 144 | client); |
146 | 145 | ||
147 | packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE); | ||
148 | packet_put_string((char *) reply.data, reply.length); | ||
149 | packet_send(); | ||
150 | packet_write_wait(); | ||
151 | |||
152 | ret = 1; | 146 | ret = 1; |
153 | err: | 147 | err: |
154 | if (server) | 148 | if (server) |
155 | krb5_free_principal(authctxt->krb5_ctx, server); | 149 | krb5_free_principal(authctxt->krb5_ctx, server); |
156 | if (ticket) | 150 | if (ticket) |
157 | krb5_free_ticket(authctxt->krb5_ctx, ticket); | 151 | krb5_free_ticket(authctxt->krb5_ctx, ticket); |
158 | if (reply.length) | 152 | if (!ret && reply->length) { |
159 | xfree(reply.data); | 153 | xfree(reply->data); |
154 | memset(reply, 0, sizeof(*reply)); | ||
155 | } | ||
160 | 156 | ||
161 | if (problem) { | 157 | if (problem) { |
162 | if (authctxt->krb5_ctx != NULL) | 158 | if (authctxt->krb5_ctx != NULL) |
diff --git a/auth-options.c b/auth-options.c index 2787d2948..8595fdc14 100644 --- a/auth-options.c +++ b/auth-options.c | |||
@@ -10,9 +10,8 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: auth-options.c,v 1.24 2002/05/13 20:44:58 markus Exp $"); | 13 | RCSID("$OpenBSD: auth-options.c,v 1.26 2002/07/30 17:03:55 markus Exp $"); |
14 | 14 | ||
15 | #include "packet.h" | ||
16 | #include "xmalloc.h" | 15 | #include "xmalloc.h" |
17 | #include "match.h" | 16 | #include "match.h" |
18 | #include "log.h" | 17 | #include "log.h" |
@@ -20,7 +19,6 @@ RCSID("$OpenBSD: auth-options.c,v 1.24 2002/05/13 20:44:58 markus Exp $"); | |||
20 | #include "channels.h" | 19 | #include "channels.h" |
21 | #include "auth-options.h" | 20 | #include "auth-options.h" |
22 | #include "servconf.h" | 21 | #include "servconf.h" |
23 | #include "bufaux.h" | ||
24 | #include "misc.h" | 22 | #include "misc.h" |
25 | #include "monitor_wrap.h" | 23 | #include "monitor_wrap.h" |
26 | #include "auth.h" | 24 | #include "auth.h" |
@@ -135,7 +133,8 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
135 | goto next_option; | 133 | goto next_option; |
136 | } | 134 | } |
137 | cp = "environment=\""; | 135 | cp = "environment=\""; |
138 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 136 | if (options.permit_user_env && |
137 | strncasecmp(opts, cp, strlen(cp)) == 0) { | ||
139 | char *s; | 138 | char *s; |
140 | struct envstring *new_envstring; | 139 | struct envstring *new_envstring; |
141 | 140 | ||
diff --git a/auth-options.h b/auth-options.h index aa6270fd6..15fb21255 100644 --- a/auth-options.h +++ b/auth-options.h | |||
@@ -1,10 +1,9 @@ | |||
1 | /* $OpenBSD: auth-options.h,v 1.11 2002/03/04 17:27:39 stevesk Exp $ */ | 1 | /* $OpenBSD: auth-options.h,v 1.12 2002/07/21 18:34:43 stevesk Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
5 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 5 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
6 | * All rights reserved | 6 | * All rights reserved |
7 | * Functions to interface with the SSH_AUTHENTICATION_FD socket. | ||
8 | * | 7 | * |
9 | * As far as I am concerned, the code I have written for this software | 8 | * As far as I am concerned, the code I have written for this software |
10 | * can be used freely for any purpose. Any derived versions of this | 9 | * can be used freely for any purpose. Any derived versions of this |
diff --git a/auth-pam.c b/auth-pam.c index 490990dec..99b03f45b 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
@@ -25,10 +25,10 @@ | |||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | 26 | ||
27 | #ifdef USE_PAM | 27 | #ifdef USE_PAM |
28 | #include "ssh.h" | ||
29 | #include "xmalloc.h" | 28 | #include "xmalloc.h" |
30 | #include "log.h" | 29 | #include "log.h" |
31 | #include "auth.h" | 30 | #include "auth.h" |
31 | #include "auth-options.h" | ||
32 | #include "auth-pam.h" | 32 | #include "auth-pam.h" |
33 | #include "servconf.h" | 33 | #include "servconf.h" |
34 | #include "canohost.h" | 34 | #include "canohost.h" |
@@ -36,17 +36,21 @@ | |||
36 | 36 | ||
37 | extern char *__progname; | 37 | extern char *__progname; |
38 | 38 | ||
39 | RCSID("$Id: auth-pam.c,v 1.46 2002/05/08 02:27:56 djm Exp $"); | 39 | extern int use_privsep; |
40 | |||
41 | RCSID("$Id: auth-pam.c,v 1.54 2002/07/28 20:24:08 stevesk Exp $"); | ||
40 | 42 | ||
41 | #define NEW_AUTHTOK_MSG \ | 43 | #define NEW_AUTHTOK_MSG \ |
42 | "Warning: Your password has expired, please change it now" | 44 | "Warning: Your password has expired, please change it now." |
45 | #define NEW_AUTHTOK_MSG_PRIVSEP \ | ||
46 | "Your password has expired, the session cannot proceed." | ||
43 | 47 | ||
44 | static int do_pam_conversation(int num_msg, const struct pam_message **msg, | 48 | static int do_pam_conversation(int num_msg, const struct pam_message **msg, |
45 | struct pam_response **resp, void *appdata_ptr); | 49 | struct pam_response **resp, void *appdata_ptr); |
46 | 50 | ||
47 | /* module-local variables */ | 51 | /* module-local variables */ |
48 | static struct pam_conv conv = { | 52 | static struct pam_conv conv = { |
49 | do_pam_conversation, | 53 | (int (*)())do_pam_conversation, |
50 | NULL | 54 | NULL |
51 | }; | 55 | }; |
52 | static char *__pam_msg = NULL; | 56 | static char *__pam_msg = NULL; |
@@ -55,7 +59,7 @@ static const char *__pampasswd = NULL; | |||
55 | 59 | ||
56 | /* states for do_pam_conversation() */ | 60 | /* states for do_pam_conversation() */ |
57 | enum { INITIAL_LOGIN, OTHER } pamstate = INITIAL_LOGIN; | 61 | enum { INITIAL_LOGIN, OTHER } pamstate = INITIAL_LOGIN; |
58 | /* remember whether pam_acct_mgmt() returned PAM_NEWAUTHTOK_REQD */ | 62 | /* remember whether pam_acct_mgmt() returned PAM_NEW_AUTHTOK_REQD */ |
59 | static int password_change_required = 0; | 63 | static int password_change_required = 0; |
60 | /* remember whether the last pam_authenticate() succeeded or not */ | 64 | /* remember whether the last pam_authenticate() succeeded or not */ |
61 | static int was_authenticated = 0; | 65 | static int was_authenticated = 0; |
@@ -100,9 +104,7 @@ static int do_pam_conversation(int num_msg, const struct pam_message **msg, | |||
100 | char buf[1024]; | 104 | char buf[1024]; |
101 | 105 | ||
102 | /* PAM will free this later */ | 106 | /* PAM will free this later */ |
103 | reply = malloc(num_msg * sizeof(*reply)); | 107 | reply = xmalloc(num_msg * sizeof(*reply)); |
104 | if (reply == NULL) | ||
105 | return PAM_CONV_ERR; | ||
106 | 108 | ||
107 | for (count = 0; count < num_msg; count++) { | 109 | for (count = 0; count < num_msg; count++) { |
108 | if (pamstate == INITIAL_LOGIN) { | 110 | if (pamstate == INITIAL_LOGIN) { |
@@ -112,11 +114,11 @@ static int do_pam_conversation(int num_msg, const struct pam_message **msg, | |||
112 | */ | 114 | */ |
113 | switch(PAM_MSG_MEMBER(msg, count, msg_style)) { | 115 | switch(PAM_MSG_MEMBER(msg, count, msg_style)) { |
114 | case PAM_PROMPT_ECHO_ON: | 116 | case PAM_PROMPT_ECHO_ON: |
115 | free(reply); | 117 | xfree(reply); |
116 | return PAM_CONV_ERR; | 118 | return PAM_CONV_ERR; |
117 | case PAM_PROMPT_ECHO_OFF: | 119 | case PAM_PROMPT_ECHO_OFF: |
118 | if (__pampasswd == NULL) { | 120 | if (__pampasswd == NULL) { |
119 | free(reply); | 121 | xfree(reply); |
120 | return PAM_CONV_ERR; | 122 | return PAM_CONV_ERR; |
121 | } | 123 | } |
122 | reply[count].resp = xstrdup(__pampasswd); | 124 | reply[count].resp = xstrdup(__pampasswd); |
@@ -124,7 +126,7 @@ static int do_pam_conversation(int num_msg, const struct pam_message **msg, | |||
124 | break; | 126 | break; |
125 | case PAM_ERROR_MSG: | 127 | case PAM_ERROR_MSG: |
126 | case PAM_TEXT_INFO: | 128 | case PAM_TEXT_INFO: |
127 | if ((*msg)[count].msg != NULL) { | 129 | if (PAM_MSG_MEMBER(msg, count, msg) != NULL) { |
128 | message_cat(&__pam_msg, | 130 | message_cat(&__pam_msg, |
129 | PAM_MSG_MEMBER(msg, count, msg)); | 131 | PAM_MSG_MEMBER(msg, count, msg)); |
130 | } | 132 | } |
@@ -132,7 +134,7 @@ static int do_pam_conversation(int num_msg, const struct pam_message **msg, | |||
132 | reply[count].resp_retcode = PAM_SUCCESS; | 134 | reply[count].resp_retcode = PAM_SUCCESS; |
133 | break; | 135 | break; |
134 | default: | 136 | default: |
135 | free(reply); | 137 | xfree(reply); |
136 | return PAM_CONV_ERR; | 138 | return PAM_CONV_ERR; |
137 | } | 139 | } |
138 | } else { | 140 | } else { |
@@ -154,14 +156,14 @@ static int do_pam_conversation(int num_msg, const struct pam_message **msg, | |||
154 | break; | 156 | break; |
155 | case PAM_ERROR_MSG: | 157 | case PAM_ERROR_MSG: |
156 | case PAM_TEXT_INFO: | 158 | case PAM_TEXT_INFO: |
157 | if ((*msg)[count].msg != NULL) | 159 | if (PAM_MSG_MEMBER(msg, count, msg) != NULL) |
158 | fprintf(stderr, "%s\n", | 160 | fprintf(stderr, "%s\n", |
159 | PAM_MSG_MEMBER(msg, count, msg)); | 161 | PAM_MSG_MEMBER(msg, count, msg)); |
160 | reply[count].resp = xstrdup(""); | 162 | reply[count].resp = xstrdup(""); |
161 | reply[count].resp_retcode = PAM_SUCCESS; | 163 | reply[count].resp_retcode = PAM_SUCCESS; |
162 | break; | 164 | break; |
163 | default: | 165 | default: |
164 | free(reply); | 166 | xfree(reply); |
165 | return PAM_CONV_ERR; | 167 | return PAM_CONV_ERR; |
166 | } | 168 | } |
167 | } | 169 | } |
@@ -256,9 +258,14 @@ int do_pam_account(char *username, char *remote_user) | |||
256 | break; | 258 | break; |
257 | #if 0 | 259 | #if 0 |
258 | case PAM_NEW_AUTHTOK_REQD: | 260 | case PAM_NEW_AUTHTOK_REQD: |
259 | message_cat(&__pam_msg, NEW_AUTHTOK_MSG); | 261 | message_cat(&__pam_msg, use_privsep ? |
262 | NEW_AUTHTOK_MSG_PRIVSEP : NEW_AUTHTOK_MSG); | ||
260 | /* flag that password change is necessary */ | 263 | /* flag that password change is necessary */ |
261 | password_change_required = 1; | 264 | password_change_required = 1; |
265 | /* disallow other functionality for now */ | ||
266 | no_port_forwarding_flag |= 2; | ||
267 | no_agent_forwarding_flag |= 2; | ||
268 | no_x11_forwarding_flag |= 2; | ||
262 | break; | 269 | break; |
263 | #endif | 270 | #endif |
264 | default: | 271 | default: |
@@ -328,7 +335,7 @@ int is_pam_password_change_required(void) | |||
328 | * Have user change authentication token if pam_acct_mgmt() indicated | 335 | * Have user change authentication token if pam_acct_mgmt() indicated |
329 | * it was expired. This needs to be called after an interactive | 336 | * it was expired. This needs to be called after an interactive |
330 | * session is established and the user's pty is connected to | 337 | * session is established and the user's pty is connected to |
331 | * stdin/stout/stderr. | 338 | * stdin/stdout/stderr. |
332 | */ | 339 | */ |
333 | void do_pam_chauthtok(void) | 340 | void do_pam_chauthtok(void) |
334 | { | 341 | { |
@@ -337,11 +344,23 @@ void do_pam_chauthtok(void) | |||
337 | do_pam_set_conv(&conv); | 344 | do_pam_set_conv(&conv); |
338 | 345 | ||
339 | if (password_change_required) { | 346 | if (password_change_required) { |
347 | if (use_privsep) | ||
348 | fatal("Password changing is currently unsupported" | ||
349 | " with privilege separation"); | ||
340 | pamstate = OTHER; | 350 | pamstate = OTHER; |
341 | pam_retval = pam_chauthtok(__pamh, PAM_CHANGE_EXPIRED_AUTHTOK); | 351 | pam_retval = pam_chauthtok(__pamh, PAM_CHANGE_EXPIRED_AUTHTOK); |
342 | if (pam_retval != PAM_SUCCESS) | 352 | if (pam_retval != PAM_SUCCESS) |
343 | fatal("PAM pam_chauthtok failed[%d]: %.200s", | 353 | fatal("PAM pam_chauthtok failed[%d]: %.200s", |
344 | pam_retval, PAM_STRERROR(__pamh, pam_retval)); | 354 | pam_retval, PAM_STRERROR(__pamh, pam_retval)); |
355 | #if 0 | ||
356 | /* XXX: This would need to be done in the parent process, | ||
357 | * but there's currently no way to pass such request. */ | ||
358 | no_port_forwarding_flag &= ~2; | ||
359 | no_agent_forwarding_flag &= ~2; | ||
360 | no_x11_forwarding_flag &= ~2; | ||
361 | if (!no_port_forwarding_flag && options.allow_tcp_forwarding) | ||
362 | channel_permit_all_opens(); | ||
363 | #endif | ||
345 | } | 364 | } |
346 | } | 365 | } |
347 | 366 | ||
@@ -392,7 +411,7 @@ void start_pam(const char *user) | |||
392 | fatal_add_cleanup(&do_pam_cleanup_proc, NULL); | 411 | fatal_add_cleanup(&do_pam_cleanup_proc, NULL); |
393 | } | 412 | } |
394 | 413 | ||
395 | /* Return list of PAM enviornment strings */ | 414 | /* Return list of PAM environment strings */ |
396 | char **fetch_pam_environment(void) | 415 | char **fetch_pam_environment(void) |
397 | { | 416 | { |
398 | #ifdef HAVE_PAM_GETENVLIST | 417 | #ifdef HAVE_PAM_GETENVLIST |
@@ -402,6 +421,16 @@ char **fetch_pam_environment(void) | |||
402 | #endif /* HAVE_PAM_GETENVLIST */ | 421 | #endif /* HAVE_PAM_GETENVLIST */ |
403 | } | 422 | } |
404 | 423 | ||
424 | void free_pam_environment(char **env) | ||
425 | { | ||
426 | int i; | ||
427 | |||
428 | if (env != NULL) { | ||
429 | for (i = 0; env[i] != NULL; i++) | ||
430 | xfree(env[i]); | ||
431 | } | ||
432 | } | ||
433 | |||
405 | /* Print any messages that have been generated during authentication */ | 434 | /* Print any messages that have been generated during authentication */ |
406 | /* or account checking to stderr */ | 435 | /* or account checking to stderr */ |
407 | void print_pam_messages(void) | 436 | void print_pam_messages(void) |
diff --git a/auth-pam.h b/auth-pam.h index 6b1f35add..7881b6b80 100644 --- a/auth-pam.h +++ b/auth-pam.h | |||
@@ -1,14 +1,41 @@ | |||
1 | /* $Id: auth-pam.h,v 1.12 2002/04/04 19:02:28 stevesk Exp $ */ | 1 | /* $Id: auth-pam.h,v 1.16 2002/07/23 00:44:07 stevesk Exp $ */ |
2 | |||
3 | /* | ||
4 | * Copyright (c) 2000 Damien Miller. All rights reserved. | ||
5 | * | ||
6 | * Redistribution and use in source and binary forms, with or without | ||
7 | * modification, are permitted provided that the following conditions | ||
8 | * are met: | ||
9 | * 1. Redistributions of source code must retain the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer. | ||
11 | * 2. Redistributions in binary form must reproduce the above copyright | ||
12 | * notice, this list of conditions and the following disclaimer in the | ||
13 | * documentation and/or other materials provided with the distribution. | ||
14 | * | ||
15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
25 | */ | ||
2 | 26 | ||
3 | #include "includes.h" | 27 | #include "includes.h" |
4 | #ifdef USE_PAM | 28 | #ifdef USE_PAM |
5 | 29 | ||
6 | #include <pwd.h> /* For struct passwd */ | 30 | #if !defined(SSHD_PAM_SERVICE) |
31 | # define SSHD_PAM_SERVICE __progname | ||
32 | #endif | ||
7 | 33 | ||
8 | void start_pam(const char *user); | 34 | void start_pam(const char *user); |
9 | void finish_pam(void); | 35 | void finish_pam(void); |
10 | int auth_pam_password(Authctxt *authctxt, const char *password); | 36 | int auth_pam_password(Authctxt *authctxt, const char *password); |
11 | char **fetch_pam_environment(void); | 37 | char **fetch_pam_environment(void); |
38 | void free_pam_environment(char **env); | ||
12 | int do_pam_authenticate(int flags); | 39 | int do_pam_authenticate(int flags); |
13 | int do_pam_account(char *username, char *remote_user); | 40 | int do_pam_account(char *username, char *remote_user); |
14 | void do_pam_session(char *username, const char *ttyname); | 41 | void do_pam_session(char *username, const char *ttyname); |
diff --git a/auth-passwd.c b/auth-passwd.c index 17bbd2ceb..185db7d6d 100644 --- a/auth-passwd.c +++ b/auth-passwd.c | |||
@@ -81,6 +81,9 @@ RCSID("$OpenBSD: auth-passwd.c,v 1.27 2002/05/24 16:45:16 stevesk Exp $"); | |||
81 | #endif /* !USE_PAM && !HAVE_OSF_SIA */ | 81 | #endif /* !USE_PAM && !HAVE_OSF_SIA */ |
82 | 82 | ||
83 | extern ServerOptions options; | 83 | extern ServerOptions options; |
84 | #ifdef WITH_AIXAUTHENTICATE | ||
85 | extern char *aixloginmsg; | ||
86 | #endif | ||
84 | 87 | ||
85 | /* | 88 | /* |
86 | * Tries to authenticate the user using password. Returns true if | 89 | * Tries to authenticate the user using password. Returns true if |
@@ -113,7 +116,7 @@ auth_password(Authctxt *authctxt, const char *password) | |||
113 | #endif | 116 | #endif |
114 | #ifdef WITH_AIXAUTHENTICATE | 117 | #ifdef WITH_AIXAUTHENTICATE |
115 | char *authmsg; | 118 | char *authmsg; |
116 | char *loginmsg; | 119 | int authsuccess; |
117 | int reenter = 1; | 120 | int reenter = 1; |
118 | #endif | 121 | #endif |
119 | 122 | ||
@@ -145,7 +148,16 @@ auth_password(Authctxt *authctxt, const char *password) | |||
145 | } | 148 | } |
146 | #endif | 149 | #endif |
147 | #ifdef WITH_AIXAUTHENTICATE | 150 | #ifdef WITH_AIXAUTHENTICATE |
148 | return (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); | 151 | authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); |
152 | |||
153 | if (authsuccess) | ||
154 | /* We don't have a pty yet, so just label the line as "ssh" */ | ||
155 | if (loginsuccess(authctxt->user, | ||
156 | get_canonical_hostname(options.verify_reverse_mapping), | ||
157 | "ssh", &aixloginmsg) < 0) | ||
158 | aixloginmsg = NULL; | ||
159 | |||
160 | return(authsuccess); | ||
149 | #endif | 161 | #endif |
150 | #ifdef KRB4 | 162 | #ifdef KRB4 |
151 | if (options.kerberos_authentication == 1) { | 163 | if (options.kerberos_authentication == 1) { |
diff --git a/auth-skey.c b/auth-skey.c index eb13c5cc5..f9ea03fd1 100644 --- a/auth-skey.c +++ b/auth-skey.c | |||
@@ -22,7 +22,7 @@ | |||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
23 | */ | 23 | */ |
24 | #include "includes.h" | 24 | #include "includes.h" |
25 | RCSID("$OpenBSD: auth-skey.c,v 1.19 2002/06/19 00:27:55 deraadt Exp $"); | 25 | RCSID("$OpenBSD: auth-skey.c,v 1.20 2002/06/30 21:59:45 deraadt Exp $"); |
26 | 26 | ||
27 | #ifdef SKEY | 27 | #ifdef SKEY |
28 | 28 | ||
@@ -53,7 +53,7 @@ skey_query(void *ctx, char **name, char **infotxt, | |||
53 | *name = xstrdup(""); | 53 | *name = xstrdup(""); |
54 | *infotxt = xstrdup(""); | 54 | *infotxt = xstrdup(""); |
55 | *numprompts = 1; | 55 | *numprompts = 1; |
56 | *prompts = xmalloc(*numprompts * sizeof(char*)); | 56 | *prompts = xmalloc(*numprompts * sizeof(char *)); |
57 | *echo_on = xmalloc(*numprompts * sizeof(u_int)); | 57 | *echo_on = xmalloc(*numprompts * sizeof(u_int)); |
58 | (*echo_on)[0] = 0; | 58 | (*echo_on)[0] = 0; |
59 | 59 | ||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth.c,v 1.43 2002/05/17 14:27:55 millert Exp $"); | 26 | RCSID("$OpenBSD: auth.c,v 1.45 2002/09/20 18:41:29 stevesk Exp $"); |
27 | 27 | ||
28 | #ifdef HAVE_LOGIN_H | 28 | #ifdef HAVE_LOGIN_H |
29 | #include <login.h> | 29 | #include <login.h> |
@@ -256,6 +256,14 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) | |||
256 | get_remote_ipaddr(), | 256 | get_remote_ipaddr(), |
257 | get_remote_port(), | 257 | get_remote_port(), |
258 | info); | 258 | info); |
259 | |||
260 | #ifdef WITH_AIXAUTHENTICATE | ||
261 | if (authenticated == 0 && strcmp(method, "password") == 0) | ||
262 | loginfailed(authctxt->user, | ||
263 | get_canonical_hostname(options.verify_reverse_mapping), | ||
264 | "ssh"); | ||
265 | #endif /* WITH_AIXAUTHENTICATE */ | ||
266 | |||
259 | } | 267 | } |
260 | 268 | ||
261 | /* | 269 | /* |
@@ -392,7 +400,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, | |||
392 | 400 | ||
393 | /* | 401 | /* |
394 | * Check a given file for security. This is defined as all components | 402 | * Check a given file for security. This is defined as all components |
395 | * of the path to the file must either be owned by either the owner of | 403 | * of the path to the file must be owned by either the owner of |
396 | * of the file or root and no directories must be group or world writable. | 404 | * of the file or root and no directories must be group or world writable. |
397 | * | 405 | * |
398 | * XXX Should any specific check be done for sym links ? | 406 | * XXX Should any specific check be done for sym links ? |
@@ -476,7 +484,12 @@ getpwnamallow(const char *user) | |||
476 | struct passwd *pw; | 484 | struct passwd *pw; |
477 | 485 | ||
478 | pw = getpwnam(user); | 486 | pw = getpwnam(user); |
479 | if (pw == NULL || !allowed_user(pw)) | 487 | if (pw == NULL) { |
488 | log("Illegal user %.100s from %.100s", | ||
489 | user, get_remote_ipaddr()); | ||
490 | return (NULL); | ||
491 | } | ||
492 | if (!allowed_user(pw)) | ||
480 | return (NULL); | 493 | return (NULL); |
481 | #ifdef HAVE_LOGIN_CAP | 494 | #ifdef HAVE_LOGIN_CAP |
482 | if ((lc = login_getclass(pw->pw_class)) == NULL) { | 495 | if ((lc = login_getclass(pw->pw_class)) == NULL) { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth.h,v 1.39 2002/05/31 11:35:15 markus Exp $ */ | 1 | /* $OpenBSD: auth.h,v 1.41 2002/09/26 11:38:43 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
@@ -113,7 +113,7 @@ int user_key_allowed(struct passwd *, Key *); | |||
113 | 113 | ||
114 | #ifdef KRB4 | 114 | #ifdef KRB4 |
115 | #include <krb.h> | 115 | #include <krb.h> |
116 | int auth_krb4(Authctxt *, KTEXT, char **); | 116 | int auth_krb4(Authctxt *, KTEXT, char **, KTEXT); |
117 | int auth_krb4_password(Authctxt *, const char *); | 117 | int auth_krb4_password(Authctxt *, const char *); |
118 | void krb4_cleanup_proc(void *); | 118 | void krb4_cleanup_proc(void *); |
119 | 119 | ||
@@ -126,7 +126,7 @@ int auth_afs_token(Authctxt *, const char *); | |||
126 | #endif /* KRB4 */ | 126 | #endif /* KRB4 */ |
127 | 127 | ||
128 | #ifdef KRB5 | 128 | #ifdef KRB5 |
129 | int auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client); | 129 | int auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *); |
130 | int auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt); | 130 | int auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt); |
131 | int auth_krb5_password(Authctxt *authctxt, const char *password); | 131 | int auth_krb5_password(Authctxt *authctxt, const char *password); |
132 | void krb5_cleanup_proc(void *authctxt); | 132 | void krb5_cleanup_proc(void *authctxt); |
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: auth1.c,v 1.41 2002/06/19 00:27:55 deraadt Exp $"); | 13 | RCSID("$OpenBSD: auth1.c,v 1.44 2002/09/26 11:38:43 markus Exp $"); |
14 | 14 | ||
15 | #include "xmalloc.h" | 15 | #include "xmalloc.h" |
16 | #include "rsa.h" | 16 | #include "rsa.h" |
@@ -118,30 +118,49 @@ do_authloop(Authctxt *authctxt) | |||
118 | 118 | ||
119 | if (kdata[0] == 4) { /* KRB_PROT_VERSION */ | 119 | if (kdata[0] == 4) { /* KRB_PROT_VERSION */ |
120 | #ifdef KRB4 | 120 | #ifdef KRB4 |
121 | KTEXT_ST tkt; | 121 | KTEXT_ST tkt, reply; |
122 | |||
123 | tkt.length = dlen; | 122 | tkt.length = dlen; |
124 | if (tkt.length < MAX_KTXT_LEN) | 123 | if (tkt.length < MAX_KTXT_LEN) |
125 | memcpy(tkt.dat, kdata, tkt.length); | 124 | memcpy(tkt.dat, kdata, tkt.length); |
126 | 125 | ||
127 | if (auth_krb4(authctxt, &tkt, &client_user)) { | 126 | if (PRIVSEP(auth_krb4(authctxt, &tkt, |
127 | &client_user, &reply))) { | ||
128 | authenticated = 1; | 128 | authenticated = 1; |
129 | snprintf(info, sizeof(info), | 129 | snprintf(info, sizeof(info), |
130 | " tktuser %.100s", | 130 | " tktuser %.100s", |
131 | client_user); | 131 | client_user); |
132 | |||
133 | packet_start( | ||
134 | SSH_SMSG_AUTH_KERBEROS_RESPONSE); | ||
135 | packet_put_string((char *) | ||
136 | reply.dat, reply.length); | ||
137 | packet_send(); | ||
138 | packet_write_wait(); | ||
132 | } | 139 | } |
133 | #endif /* KRB4 */ | 140 | #endif /* KRB4 */ |
134 | } else { | 141 | } else { |
135 | #ifdef KRB5 | 142 | #ifdef KRB5 |
136 | krb5_data tkt; | 143 | krb5_data tkt, reply; |
137 | tkt.length = dlen; | 144 | tkt.length = dlen; |
138 | tkt.data = kdata; | 145 | tkt.data = kdata; |
139 | 146 | ||
140 | if (auth_krb5(authctxt, &tkt, &client_user)) { | 147 | if (PRIVSEP(auth_krb5(authctxt, &tkt, |
148 | &client_user, &reply))) { | ||
141 | authenticated = 1; | 149 | authenticated = 1; |
142 | snprintf(info, sizeof(info), | 150 | snprintf(info, sizeof(info), |
143 | " tktuser %.100s", | 151 | " tktuser %.100s", |
144 | client_user); | 152 | client_user); |
153 | |||
154 | /* Send response to client */ | ||
155 | packet_start( | ||
156 | SSH_SMSG_AUTH_KERBEROS_RESPONSE); | ||
157 | packet_put_string((char *) | ||
158 | reply.data, reply.length); | ||
159 | packet_send(); | ||
160 | packet_write_wait(); | ||
161 | |||
162 | if (reply.length) | ||
163 | xfree(reply.data); | ||
145 | } | 164 | } |
146 | #endif /* KRB5 */ | 165 | #endif /* KRB5 */ |
147 | } | 166 | } |
@@ -292,6 +311,15 @@ do_authloop(Authctxt *authctxt) | |||
292 | fatal("INTERNAL ERROR: authenticated invalid user %s", | 311 | fatal("INTERNAL ERROR: authenticated invalid user %s", |
293 | authctxt->user); | 312 | authctxt->user); |
294 | 313 | ||
314 | #ifdef _UNICOS | ||
315 | if (type == SSH_CMSG_AUTH_PASSWORD && !authenticated) | ||
316 | cray_login_failure(authctxt->user, IA_UDBERR); | ||
317 | if (authenticated && cray_access_denied(authctxt->user)) { | ||
318 | authenticated = 0; | ||
319 | fatal("Access denied for user %s.",authctxt->user); | ||
320 | } | ||
321 | #endif /* _UNICOS */ | ||
322 | |||
295 | #ifdef HAVE_CYGWIN | 323 | #ifdef HAVE_CYGWIN |
296 | if (authenticated && | 324 | if (authenticated && |
297 | !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) { | 325 | !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) { |
@@ -301,7 +329,8 @@ do_authloop(Authctxt *authctxt) | |||
301 | } | 329 | } |
302 | #else | 330 | #else |
303 | /* Special handling for root */ | 331 | /* Special handling for root */ |
304 | if (authenticated && authctxt->pw->pw_uid == 0 && | 332 | if (!use_privsep && |
333 | authenticated && authctxt->pw->pw_uid == 0 && | ||
305 | !auth_root_allowed(get_authname(type))) | 334 | !auth_root_allowed(get_authname(type))) |
306 | authenticated = 0; | 335 | authenticated = 0; |
307 | #endif | 336 | #endif |
@@ -323,12 +352,6 @@ do_authloop(Authctxt *authctxt) | |||
323 | return; | 352 | return; |
324 | 353 | ||
325 | if (authctxt->failures++ > AUTH_FAIL_MAX) { | 354 | if (authctxt->failures++ > AUTH_FAIL_MAX) { |
326 | #ifdef WITH_AIXAUTHENTICATE | ||
327 | /* XXX: privsep */ | ||
328 | loginfailed(authctxt->user, | ||
329 | get_canonical_hostname(options.verify_reverse_mapping), | ||
330 | "ssh"); | ||
331 | #endif /* WITH_AIXAUTHENTICATE */ | ||
332 | packet_disconnect(AUTH_FAIL_MSG, authctxt->user); | 355 | packet_disconnect(AUTH_FAIL_MSG, authctxt->user); |
333 | } | 356 | } |
334 | 357 | ||
diff --git a/auth2-chall.c b/auth2-chall.c index e1440f47d..0d1709307 100644 --- a/auth2-chall.c +++ b/auth2-chall.c | |||
@@ -23,7 +23,7 @@ | |||
23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
24 | */ | 24 | */ |
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth2-chall.c,v 1.19 2002/06/26 13:55:37 markus Exp $"); | 26 | RCSID("$OpenBSD: auth2-chall.c,v 1.20 2002/06/30 21:59:45 deraadt Exp $"); |
27 | 27 | ||
28 | #include "ssh2.h" | 28 | #include "ssh2.h" |
29 | #include "auth.h" | 29 | #include "auth.h" |
@@ -263,7 +263,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) | |||
263 | if (nresp > 100) | 263 | if (nresp > 100) |
264 | fatal("input_userauth_info_response: too many replies"); | 264 | fatal("input_userauth_info_response: too many replies"); |
265 | if (nresp > 0) { | 265 | if (nresp > 0) { |
266 | response = xmalloc(nresp * sizeof(char*)); | 266 | response = xmalloc(nresp * sizeof(char *)); |
267 | for (i = 0; i < nresp; i++) | 267 | for (i = 0; i < nresp; i++) |
268 | response[i] = packet_get_string(NULL); | 268 | response[i] = packet_get_string(NULL); |
269 | } | 269 | } |
diff --git a/auth2-none.c b/auth2-none.c index 720d3c10f..c07b2dd81 100644 --- a/auth2-none.c +++ b/auth2-none.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth2-none.c,v 1.3 2002/06/19 00:27:55 deraadt Exp $"); | 26 | RCSID("$OpenBSD: auth2-none.c,v 1.4 2002/06/27 10:35:47 deraadt Exp $"); |
27 | 27 | ||
28 | #include "auth.h" | 28 | #include "auth.h" |
29 | #include "xmalloc.h" | 29 | #include "xmalloc.h" |
@@ -61,7 +61,7 @@ auth2_read_banner(void) | |||
61 | close(fd); | 61 | close(fd); |
62 | 62 | ||
63 | if (n != len) { | 63 | if (n != len) { |
64 | free(banner); | 64 | xfree(banner); |
65 | return (NULL); | 65 | return (NULL); |
66 | } | 66 | } |
67 | banner[n] = '\0'; | 67 | banner[n] = '\0'; |
diff --git a/auth2-pam.c b/auth2-pam.c index 99aedeaeb..a2daf96b7 100644 --- a/auth2-pam.c +++ b/auth2-pam.c | |||
@@ -1,5 +1,5 @@ | |||
1 | #include "includes.h" | 1 | #include "includes.h" |
2 | RCSID("$Id: auth2-pam.c,v 1.13 2002/06/26 13:58:00 djm Exp $"); | 2 | RCSID("$Id: auth2-pam.c,v 1.14 2002/06/28 16:48:12 mouring Exp $"); |
3 | 3 | ||
4 | #ifdef USE_PAM | 4 | #ifdef USE_PAM |
5 | #include <security/pam_appl.h> | 5 | #include <security/pam_appl.h> |
@@ -116,11 +116,11 @@ do_pam_conversation_kbd_int(int num_msg, const struct pam_message **msg, | |||
116 | while(context_pam2.finished == 0) { | 116 | while(context_pam2.finished == 0) { |
117 | done = 1; | 117 | done = 1; |
118 | dispatch_run(DISPATCH_BLOCK, &done, appdata_ptr); | 118 | dispatch_run(DISPATCH_BLOCK, &done, appdata_ptr); |
119 | if(context_pam2.finished == 0) | 119 | if (context_pam2.finished == 0) |
120 | debug("extra packet during conversation"); | 120 | debug("extra packet during conversation"); |
121 | } | 121 | } |
122 | 122 | ||
123 | if(context_pam2.num_received == context_pam2.num_expected) { | 123 | if (context_pam2.num_received == context_pam2.num_expected) { |
124 | *resp = context_pam2.responses; | 124 | *resp = context_pam2.responses; |
125 | return PAM_SUCCESS; | 125 | return PAM_SUCCESS; |
126 | } else | 126 | } else |
@@ -143,8 +143,8 @@ input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt) | |||
143 | 143 | ||
144 | if (nresp != context_pam2.num_expected) | 144 | if (nresp != context_pam2.num_expected) |
145 | fatal("%s: Received incorrect number of responses " | 145 | fatal("%s: Received incorrect number of responses " |
146 | "(expected %u, received %u)", __func__, nresp, | 146 | "(expected %d, received %u)", __func__, |
147 | context_pam2.num_expected); | 147 | context_pam2.num_expected, nresp); |
148 | 148 | ||
149 | if (nresp > 100) | 149 | if (nresp > 100) |
150 | fatal("%s: too many replies", __func__); | 150 | fatal("%s: too many replies", __func__); |
@@ -163,5 +163,4 @@ input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt) | |||
163 | 163 | ||
164 | packet_check_eom(); | 164 | packet_check_eom(); |
165 | } | 165 | } |
166 | |||
167 | #endif | 166 | #endif |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth2.c,v 1.93 2002/05/31 11:35:15 markus Exp $"); | 26 | RCSID("$OpenBSD: auth2.c,v 1.95 2002/08/22 21:33:58 markus Exp $"); |
27 | 27 | ||
28 | #include "ssh2.h" | 28 | #include "ssh2.h" |
29 | #include "xmalloc.h" | 29 | #include "xmalloc.h" |
@@ -102,7 +102,7 @@ input_service_request(int type, u_int32_t seq, void *ctxt) | |||
102 | { | 102 | { |
103 | Authctxt *authctxt = ctxt; | 103 | Authctxt *authctxt = ctxt; |
104 | u_int len; | 104 | u_int len; |
105 | int accept = 0; | 105 | int acceptit = 0; |
106 | char *service = packet_get_string(&len); | 106 | char *service = packet_get_string(&len); |
107 | packet_check_eom(); | 107 | packet_check_eom(); |
108 | 108 | ||
@@ -111,14 +111,14 @@ input_service_request(int type, u_int32_t seq, void *ctxt) | |||
111 | 111 | ||
112 | if (strcmp(service, "ssh-userauth") == 0) { | 112 | if (strcmp(service, "ssh-userauth") == 0) { |
113 | if (!authctxt->success) { | 113 | if (!authctxt->success) { |
114 | accept = 1; | 114 | acceptit = 1; |
115 | /* now we can handle user-auth requests */ | 115 | /* now we can handle user-auth requests */ |
116 | dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request); | 116 | dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request); |
117 | } | 117 | } |
118 | } | 118 | } |
119 | /* XXX all other service requests are denied */ | 119 | /* XXX all other service requests are denied */ |
120 | 120 | ||
121 | if (accept) { | 121 | if (acceptit) { |
122 | packet_start(SSH2_MSG_SERVICE_ACCEPT); | 122 | packet_start(SSH2_MSG_SERVICE_ACCEPT); |
123 | packet_put_cstring(service); | 123 | packet_put_cstring(service); |
124 | packet_send(); | 124 | packet_send(); |
@@ -205,7 +205,8 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) | |||
205 | authctxt->user); | 205 | authctxt->user); |
206 | 206 | ||
207 | /* Special handling for root */ | 207 | /* Special handling for root */ |
208 | if (authenticated && authctxt->pw->pw_uid == 0 && | 208 | if (!use_privsep && |
209 | authenticated && authctxt->pw->pw_uid == 0 && | ||
209 | !auth_root_allowed(method)) | 210 | !auth_root_allowed(method)) |
210 | authenticated = 0; | 211 | authenticated = 0; |
211 | 212 | ||
@@ -215,6 +216,13 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) | |||
215 | authenticated = 0; | 216 | authenticated = 0; |
216 | #endif /* USE_PAM */ | 217 | #endif /* USE_PAM */ |
217 | 218 | ||
219 | #ifdef _UNICOS | ||
220 | if (authenticated && cray_access_denied(authctxt->user)) { | ||
221 | authenticated = 0; | ||
222 | fatal("Access denied for user %s.",authctxt->user); | ||
223 | } | ||
224 | #endif /* _UNICOS */ | ||
225 | |||
218 | /* Log before sending the reply */ | 226 | /* Log before sending the reply */ |
219 | auth_log(authctxt, authenticated, method, " ssh2"); | 227 | auth_log(authctxt, authenticated, method, " ssh2"); |
220 | 228 | ||
@@ -232,14 +240,12 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) | |||
232 | authctxt->success = 1; | 240 | authctxt->success = 1; |
233 | } else { | 241 | } else { |
234 | if (authctxt->failures++ > AUTH_FAIL_MAX) { | 242 | if (authctxt->failures++ > AUTH_FAIL_MAX) { |
235 | #ifdef WITH_AIXAUTHENTICATE | ||
236 | /* XXX: privsep */ | ||
237 | loginfailed(authctxt->user, | ||
238 | get_canonical_hostname(options.verify_reverse_mapping), | ||
239 | "ssh"); | ||
240 | #endif /* WITH_AIXAUTHENTICATE */ | ||
241 | packet_disconnect(AUTH_FAIL_MSG, authctxt->user); | 243 | packet_disconnect(AUTH_FAIL_MSG, authctxt->user); |
242 | } | 244 | } |
245 | #ifdef _UNICOS | ||
246 | if (strcmp(method, "password") == 0) | ||
247 | cray_login_failure(authctxt->user, IA_UDBERR); | ||
248 | #endif /* _UNICOS */ | ||
243 | methods = authmethods_get(); | 249 | methods = authmethods_get(); |
244 | packet_start(SSH2_MSG_USERAUTH_FAILURE); | 250 | packet_start(SSH2_MSG_USERAUTH_FAILURE); |
245 | packet_put_cstring(methods); | 251 | packet_put_cstring(methods); |
@@ -35,7 +35,7 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: authfd.c,v 1.56 2002/06/25 16:22:42 markus Exp $"); | 38 | RCSID("$OpenBSD: authfd.c,v 1.57 2002/09/11 18:27:26 stevesk Exp $"); |
39 | 39 | ||
40 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
41 | 41 | ||
@@ -53,6 +53,8 @@ RCSID("$OpenBSD: authfd.c,v 1.56 2002/06/25 16:22:42 markus Exp $"); | |||
53 | #include "log.h" | 53 | #include "log.h" |
54 | #include "atomicio.h" | 54 | #include "atomicio.h" |
55 | 55 | ||
56 | static int agent_present = 0; | ||
57 | |||
56 | /* helper */ | 58 | /* helper */ |
57 | int decode_reply(int type); | 59 | int decode_reply(int type); |
58 | 60 | ||
@@ -61,6 +63,21 @@ int decode_reply(int type); | |||
61 | ((x == SSH_AGENT_FAILURE) || (x == SSH_COM_AGENT2_FAILURE) || \ | 63 | ((x == SSH_AGENT_FAILURE) || (x == SSH_COM_AGENT2_FAILURE) || \ |
62 | (x == SSH2_AGENT_FAILURE)) | 64 | (x == SSH2_AGENT_FAILURE)) |
63 | 65 | ||
66 | int | ||
67 | ssh_agent_present(void) | ||
68 | { | ||
69 | int authfd; | ||
70 | |||
71 | if (agent_present) | ||
72 | return 1; | ||
73 | if ((authfd = ssh_get_authentication_socket()) == -1) | ||
74 | return 0; | ||
75 | else { | ||
76 | ssh_close_authentication_socket(authfd); | ||
77 | return 1; | ||
78 | } | ||
79 | } | ||
80 | |||
64 | /* Returns the number of the authentication fd, or -1 if there is none. */ | 81 | /* Returns the number of the authentication fd, or -1 if there is none. */ |
65 | 82 | ||
66 | int | 83 | int |
@@ -90,6 +107,7 @@ ssh_get_authentication_socket(void) | |||
90 | close(sock); | 107 | close(sock); |
91 | return -1; | 108 | return -1; |
92 | } | 109 | } |
110 | agent_present = 1; | ||
93 | return sock; | 111 | return sock; |
94 | } | 112 | } |
95 | 113 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfd.h,v 1.30 2002/06/19 00:27:55 deraadt Exp $ */ | 1 | /* $OpenBSD: authfd.h,v 1.31 2002/09/11 18:27:25 stevesk Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -66,6 +66,7 @@ typedef struct { | |||
66 | int howmany; | 66 | int howmany; |
67 | } AuthenticationConnection; | 67 | } AuthenticationConnection; |
68 | 68 | ||
69 | int ssh_agent_present(void); | ||
69 | int ssh_get_authentication_socket(void); | 70 | int ssh_get_authentication_socket(void); |
70 | void ssh_close_authentication_socket(int); | 71 | void ssh_close_authentication_socket(int); |
71 | 72 | ||
diff --git a/autom4te-2.53.cache/output.0 b/autom4te-2.53.cache/output.0 index 921978182..97d453542 100644 --- a/autom4te-2.53.cache/output.0 +++ b/autom4te-2.53.cache/output.0 | |||
@@ -862,7 +862,7 @@ Optional Packages: | |||
862 | --with-kerberos5=PATH Enable Kerberos 5 support | 862 | --with-kerberos5=PATH Enable Kerberos 5 support |
863 | --with-kerberos4=PATH Enable Kerberos 4 support | 863 | --with-kerberos4=PATH Enable Kerberos 4 support |
864 | --with-afs=PATH Enable AFS support | 864 | --with-afs=PATH Enable AFS support |
865 | --with-privsep-path=xxx Path for privilege separation chroot | 865 | --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty) |
866 | --with-xauth=PATH Specify path to xauth program | 866 | --with-xauth=PATH Specify path to xauth program |
867 | --with-mantype=man|cat|doc Set man page type | 867 | --with-mantype=man|cat|doc Set man page type |
868 | --with-md5-passwords Enable use of MD5 passwords | 868 | --with-md5-passwords Enable use of MD5 passwords |
@@ -2760,52 +2760,6 @@ echo "${ECHO_T}no" >&6 | |||
2760 | fi | 2760 | fi |
2761 | 2761 | ||
2762 | 2762 | ||
2763 | for ac_prog in filepriv | ||
2764 | do | ||
2765 | # Extract the first word of "$ac_prog", so it can be a program name with args. | ||
2766 | set dummy $ac_prog; ac_word=$2 | ||
2767 | echo "$as_me:$LINENO: checking for $ac_word" >&5 | ||
2768 | echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 | ||
2769 | if test "${ac_cv_path_FILEPRIV+set}" = set; then | ||
2770 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
2771 | else | ||
2772 | case $FILEPRIV in | ||
2773 | [\\/]* | ?:[\\/]*) | ||
2774 | ac_cv_path_FILEPRIV="$FILEPRIV" # Let the user override the test with a path. | ||
2775 | ;; | ||
2776 | *) | ||
2777 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
2778 | as_dummy="/sbin:/usr/sbin" | ||
2779 | for as_dir in $as_dummy | ||
2780 | do | ||
2781 | IFS=$as_save_IFS | ||
2782 | test -z "$as_dir" && as_dir=. | ||
2783 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
2784 | if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
2785 | ac_cv_path_FILEPRIV="$as_dir/$ac_word$ac_exec_ext" | ||
2786 | echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
2787 | break 2 | ||
2788 | fi | ||
2789 | done | ||
2790 | done | ||
2791 | |||
2792 | ;; | ||
2793 | esac | ||
2794 | fi | ||
2795 | FILEPRIV=$ac_cv_path_FILEPRIV | ||
2796 | |||
2797 | if test -n "$FILEPRIV"; then | ||
2798 | echo "$as_me:$LINENO: result: $FILEPRIV" >&5 | ||
2799 | echo "${ECHO_T}$FILEPRIV" >&6 | ||
2800 | else | ||
2801 | echo "$as_me:$LINENO: result: no" >&5 | ||
2802 | echo "${ECHO_T}no" >&6 | ||
2803 | fi | ||
2804 | |||
2805 | test -n "$FILEPRIV" && break | ||
2806 | done | ||
2807 | test -n "$FILEPRIV" || FILEPRIV="true" | ||
2808 | |||
2809 | # Extract the first word of "bash", so it can be a program name with args. | 2763 | # Extract the first word of "bash", so it can be a program name with args. |
2810 | set dummy bash; ac_word=$2 | 2764 | set dummy bash; ac_word=$2 |
2811 | echo "$as_me:$LINENO: checking for $ac_word" >&5 | 2765 | echo "$as_me:$LINENO: checking for $ac_word" >&5 |
@@ -3622,6 +3576,72 @@ if test $ac_cv_func_authenticate = yes; then | |||
3622 | @%:@define WITH_AIXAUTHENTICATE 1 | 3576 | @%:@define WITH_AIXAUTHENTICATE 1 |
3623 | _ACEOF | 3577 | _ACEOF |
3624 | 3578 | ||
3579 | else | ||
3580 | echo "$as_me:$LINENO: checking for authenticate in -ls" >&5 | ||
3581 | echo $ECHO_N "checking for authenticate in -ls... $ECHO_C" >&6 | ||
3582 | if test "${ac_cv_lib_s_authenticate+set}" = set; then | ||
3583 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
3584 | else | ||
3585 | ac_check_lib_save_LIBS=$LIBS | ||
3586 | LIBS="-ls $LIBS" | ||
3587 | cat >conftest.$ac_ext <<_ACEOF | ||
3588 | #line $LINENO "configure" | ||
3589 | #include "confdefs.h" | ||
3590 | |||
3591 | /* Override any gcc2 internal prototype to avoid an error. */ | ||
3592 | #ifdef __cplusplus | ||
3593 | extern "C" | ||
3594 | #endif | ||
3595 | /* We use char because int might match the return type of a gcc2 | ||
3596 | builtin and then its argument prototype would still apply. */ | ||
3597 | char authenticate (); | ||
3598 | #ifdef F77_DUMMY_MAIN | ||
3599 | # ifdef __cplusplus | ||
3600 | extern "C" | ||
3601 | # endif | ||
3602 | int F77_DUMMY_MAIN() { return 1; } | ||
3603 | #endif | ||
3604 | int | ||
3605 | main () | ||
3606 | { | ||
3607 | authenticate (); | ||
3608 | ; | ||
3609 | return 0; | ||
3610 | } | ||
3611 | _ACEOF | ||
3612 | rm -f conftest.$ac_objext conftest$ac_exeext | ||
3613 | if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 | ||
3614 | (eval $ac_link) 2>&5 | ||
3615 | ac_status=$? | ||
3616 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
3617 | (exit $ac_status); } && | ||
3618 | { ac_try='test -s conftest$ac_exeext' | ||
3619 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
3620 | (eval $ac_try) 2>&5 | ||
3621 | ac_status=$? | ||
3622 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
3623 | (exit $ac_status); }; }; then | ||
3624 | ac_cv_lib_s_authenticate=yes | ||
3625 | else | ||
3626 | echo "$as_me: failed program was:" >&5 | ||
3627 | cat conftest.$ac_ext >&5 | ||
3628 | ac_cv_lib_s_authenticate=no | ||
3629 | fi | ||
3630 | rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext | ||
3631 | LIBS=$ac_check_lib_save_LIBS | ||
3632 | fi | ||
3633 | echo "$as_me:$LINENO: result: $ac_cv_lib_s_authenticate" >&5 | ||
3634 | echo "${ECHO_T}$ac_cv_lib_s_authenticate" >&6 | ||
3635 | if test $ac_cv_lib_s_authenticate = yes; then | ||
3636 | cat >>confdefs.h <<\_ACEOF | ||
3637 | @%:@define WITH_AIXAUTHENTICATE 1 | ||
3638 | _ACEOF | ||
3639 | |||
3640 | LIBS="$LIBS -ls" | ||
3641 | |||
3642 | fi | ||
3643 | |||
3644 | |||
3625 | fi | 3645 | fi |
3626 | 3646 | ||
3627 | cat >>confdefs.h <<\_ACEOF | 3647 | cat >>confdefs.h <<\_ACEOF |
@@ -3668,7 +3688,11 @@ _ACEOF | |||
3668 | _ACEOF | 3688 | _ACEOF |
3669 | 3689 | ||
3670 | cat >>confdefs.h <<\_ACEOF | 3690 | cat >>confdefs.h <<\_ACEOF |
3671 | @%:@define BROKEN_FD_PASSING 1 | 3691 | @%:@define NO_IPPORT_RESERVED_CONCEPT 1 |
3692 | _ACEOF | ||
3693 | |||
3694 | cat >>confdefs.h <<\_ACEOF | ||
3695 | @%:@define DISABLE_FD_PASSING 1 | ||
3672 | _ACEOF | 3696 | _ACEOF |
3673 | 3697 | ||
3674 | cat >>confdefs.h <<\_ACEOF | 3698 | cat >>confdefs.h <<\_ACEOF |
@@ -3683,10 +3707,49 @@ _ACEOF | |||
3683 | 3707 | ||
3684 | ;; | 3708 | ;; |
3685 | *-*-darwin*) | 3709 | *-*-darwin*) |
3710 | echo "$as_me:$LINENO: checking if we have working getaddrinfo" >&5 | ||
3711 | echo $ECHO_N "checking if we have working getaddrinfo... $ECHO_C" >&6 | ||
3712 | if test "$cross_compiling" = yes; then | ||
3713 | echo "$as_me:$LINENO: result: assume it is working" >&5 | ||
3714 | echo "${ECHO_T}assume it is working" >&6 | ||
3715 | else | ||
3716 | cat >conftest.$ac_ext <<_ACEOF | ||
3717 | #line $LINENO "configure" | ||
3718 | #include "confdefs.h" | ||
3719 | #include <mach-o/dyld.h> | ||
3720 | main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | ||
3721 | exit(0); | ||
3722 | else | ||
3723 | exit(1); | ||
3724 | } | ||
3725 | _ACEOF | ||
3726 | rm -f conftest$ac_exeext | ||
3727 | if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 | ||
3728 | (eval $ac_link) 2>&5 | ||
3729 | ac_status=$? | ||
3730 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
3731 | (exit $ac_status); } && { ac_try='./conftest$ac_exeext' | ||
3732 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
3733 | (eval $ac_try) 2>&5 | ||
3734 | ac_status=$? | ||
3735 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
3736 | (exit $ac_status); }; }; then | ||
3737 | echo "$as_me:$LINENO: result: working" >&5 | ||
3738 | echo "${ECHO_T}working" >&6 | ||
3739 | else | ||
3740 | echo "$as_me: program exited with status $ac_status" >&5 | ||
3741 | echo "$as_me: failed program was:" >&5 | ||
3742 | cat conftest.$ac_ext >&5 | ||
3743 | ( exit $ac_status ) | ||
3744 | echo "$as_me:$LINENO: result: buggy" >&5 | ||
3745 | echo "${ECHO_T}buggy" >&6 | ||
3686 | cat >>confdefs.h <<\_ACEOF | 3746 | cat >>confdefs.h <<\_ACEOF |
3687 | @%:@define BROKEN_GETADDRINFO 1 | 3747 | @%:@define BROKEN_GETADDRINFO 1 |
3688 | _ACEOF | 3748 | _ACEOF |
3689 | 3749 | ||
3750 | fi | ||
3751 | rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext | ||
3752 | fi | ||
3690 | ;; | 3753 | ;; |
3691 | *-*-hpux10.26) | 3754 | *-*-hpux10.26) |
3692 | if test -z "$GCC"; then | 3755 | if test -z "$GCC"; then |
@@ -3722,7 +3785,76 @@ _ACEOF | |||
3722 | @%:@define SPT_TYPE SPT_PSTAT | 3785 | @%:@define SPT_TYPE SPT_PSTAT |
3723 | _ACEOF | 3786 | _ACEOF |
3724 | 3787 | ||
3725 | LIBS="$LIBS -lxnet -lsec -lsecpw" | 3788 | LIBS="$LIBS -lsec -lsecpw" |
3789 | |||
3790 | echo "$as_me:$LINENO: checking for t_error in -lxnet" >&5 | ||
3791 | echo $ECHO_N "checking for t_error in -lxnet... $ECHO_C" >&6 | ||
3792 | if test "${ac_cv_lib_xnet_t_error+set}" = set; then | ||
3793 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
3794 | else | ||
3795 | ac_check_lib_save_LIBS=$LIBS | ||
3796 | LIBS="-lxnet $LIBS" | ||
3797 | cat >conftest.$ac_ext <<_ACEOF | ||
3798 | #line $LINENO "configure" | ||
3799 | #include "confdefs.h" | ||
3800 | |||
3801 | /* Override any gcc2 internal prototype to avoid an error. */ | ||
3802 | #ifdef __cplusplus | ||
3803 | extern "C" | ||
3804 | #endif | ||
3805 | /* We use char because int might match the return type of a gcc2 | ||
3806 | builtin and then its argument prototype would still apply. */ | ||
3807 | char t_error (); | ||
3808 | #ifdef F77_DUMMY_MAIN | ||
3809 | # ifdef __cplusplus | ||
3810 | extern "C" | ||
3811 | # endif | ||
3812 | int F77_DUMMY_MAIN() { return 1; } | ||
3813 | #endif | ||
3814 | int | ||
3815 | main () | ||
3816 | { | ||
3817 | t_error (); | ||
3818 | ; | ||
3819 | return 0; | ||
3820 | } | ||
3821 | _ACEOF | ||
3822 | rm -f conftest.$ac_objext conftest$ac_exeext | ||
3823 | if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 | ||
3824 | (eval $ac_link) 2>&5 | ||
3825 | ac_status=$? | ||
3826 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
3827 | (exit $ac_status); } && | ||
3828 | { ac_try='test -s conftest$ac_exeext' | ||
3829 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
3830 | (eval $ac_try) 2>&5 | ||
3831 | ac_status=$? | ||
3832 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
3833 | (exit $ac_status); }; }; then | ||
3834 | ac_cv_lib_xnet_t_error=yes | ||
3835 | else | ||
3836 | echo "$as_me: failed program was:" >&5 | ||
3837 | cat conftest.$ac_ext >&5 | ||
3838 | ac_cv_lib_xnet_t_error=no | ||
3839 | fi | ||
3840 | rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext | ||
3841 | LIBS=$ac_check_lib_save_LIBS | ||
3842 | fi | ||
3843 | echo "$as_me:$LINENO: result: $ac_cv_lib_xnet_t_error" >&5 | ||
3844 | echo "${ECHO_T}$ac_cv_lib_xnet_t_error" >&6 | ||
3845 | if test $ac_cv_lib_xnet_t_error = yes; then | ||
3846 | cat >>confdefs.h <<_ACEOF | ||
3847 | @%:@define HAVE_LIBXNET 1 | ||
3848 | _ACEOF | ||
3849 | |||
3850 | LIBS="-lxnet $LIBS" | ||
3851 | |||
3852 | else | ||
3853 | { { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5 | ||
3854 | echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;} | ||
3855 | { (exit 1); exit 1; }; } | ||
3856 | fi | ||
3857 | |||
3726 | disable_ptmx_check=yes | 3858 | disable_ptmx_check=yes |
3727 | ;; | 3859 | ;; |
3728 | *-*-hpux10*) | 3860 | *-*-hpux10*) |
@@ -3755,7 +3887,76 @@ _ACEOF | |||
3755 | @%:@define SPT_TYPE SPT_PSTAT | 3887 | @%:@define SPT_TYPE SPT_PSTAT |
3756 | _ACEOF | 3888 | _ACEOF |
3757 | 3889 | ||
3758 | LIBS="$LIBS -lxnet -lsec" | 3890 | LIBS="$LIBS -lsec" |
3891 | |||
3892 | echo "$as_me:$LINENO: checking for t_error in -lxnet" >&5 | ||
3893 | echo $ECHO_N "checking for t_error in -lxnet... $ECHO_C" >&6 | ||
3894 | if test "${ac_cv_lib_xnet_t_error+set}" = set; then | ||
3895 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
3896 | else | ||
3897 | ac_check_lib_save_LIBS=$LIBS | ||
3898 | LIBS="-lxnet $LIBS" | ||
3899 | cat >conftest.$ac_ext <<_ACEOF | ||
3900 | #line $LINENO "configure" | ||
3901 | #include "confdefs.h" | ||
3902 | |||
3903 | /* Override any gcc2 internal prototype to avoid an error. */ | ||
3904 | #ifdef __cplusplus | ||
3905 | extern "C" | ||
3906 | #endif | ||
3907 | /* We use char because int might match the return type of a gcc2 | ||
3908 | builtin and then its argument prototype would still apply. */ | ||
3909 | char t_error (); | ||
3910 | #ifdef F77_DUMMY_MAIN | ||
3911 | # ifdef __cplusplus | ||
3912 | extern "C" | ||
3913 | # endif | ||
3914 | int F77_DUMMY_MAIN() { return 1; } | ||
3915 | #endif | ||
3916 | int | ||
3917 | main () | ||
3918 | { | ||
3919 | t_error (); | ||
3920 | ; | ||
3921 | return 0; | ||
3922 | } | ||
3923 | _ACEOF | ||
3924 | rm -f conftest.$ac_objext conftest$ac_exeext | ||
3925 | if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 | ||
3926 | (eval $ac_link) 2>&5 | ||
3927 | ac_status=$? | ||
3928 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
3929 | (exit $ac_status); } && | ||
3930 | { ac_try='test -s conftest$ac_exeext' | ||
3931 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
3932 | (eval $ac_try) 2>&5 | ||
3933 | ac_status=$? | ||
3934 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
3935 | (exit $ac_status); }; }; then | ||
3936 | ac_cv_lib_xnet_t_error=yes | ||
3937 | else | ||
3938 | echo "$as_me: failed program was:" >&5 | ||
3939 | cat conftest.$ac_ext >&5 | ||
3940 | ac_cv_lib_xnet_t_error=no | ||
3941 | fi | ||
3942 | rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext | ||
3943 | LIBS=$ac_check_lib_save_LIBS | ||
3944 | fi | ||
3945 | echo "$as_me:$LINENO: result: $ac_cv_lib_xnet_t_error" >&5 | ||
3946 | echo "${ECHO_T}$ac_cv_lib_xnet_t_error" >&6 | ||
3947 | if test $ac_cv_lib_xnet_t_error = yes; then | ||
3948 | cat >>confdefs.h <<_ACEOF | ||
3949 | @%:@define HAVE_LIBXNET 1 | ||
3950 | _ACEOF | ||
3951 | |||
3952 | LIBS="-lxnet $LIBS" | ||
3953 | |||
3954 | else | ||
3955 | { { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5 | ||
3956 | echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;} | ||
3957 | { (exit 1); exit 1; }; } | ||
3958 | fi | ||
3959 | |||
3759 | ;; | 3960 | ;; |
3760 | *-*-hpux11*) | 3961 | *-*-hpux11*) |
3761 | CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" | 3962 | CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" |
@@ -3788,7 +3989,76 @@ _ACEOF | |||
3788 | @%:@define SPT_TYPE SPT_PSTAT | 3989 | @%:@define SPT_TYPE SPT_PSTAT |
3789 | _ACEOF | 3990 | _ACEOF |
3790 | 3991 | ||
3791 | LIBS="$LIBS -lxnet -lsec" | 3992 | LIBS="$LIBS -lsec" |
3993 | |||
3994 | echo "$as_me:$LINENO: checking for t_error in -lxnet" >&5 | ||
3995 | echo $ECHO_N "checking for t_error in -lxnet... $ECHO_C" >&6 | ||
3996 | if test "${ac_cv_lib_xnet_t_error+set}" = set; then | ||
3997 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
3998 | else | ||
3999 | ac_check_lib_save_LIBS=$LIBS | ||
4000 | LIBS="-lxnet $LIBS" | ||
4001 | cat >conftest.$ac_ext <<_ACEOF | ||
4002 | #line $LINENO "configure" | ||
4003 | #include "confdefs.h" | ||
4004 | |||
4005 | /* Override any gcc2 internal prototype to avoid an error. */ | ||
4006 | #ifdef __cplusplus | ||
4007 | extern "C" | ||
4008 | #endif | ||
4009 | /* We use char because int might match the return type of a gcc2 | ||
4010 | builtin and then its argument prototype would still apply. */ | ||
4011 | char t_error (); | ||
4012 | #ifdef F77_DUMMY_MAIN | ||
4013 | # ifdef __cplusplus | ||
4014 | extern "C" | ||
4015 | # endif | ||
4016 | int F77_DUMMY_MAIN() { return 1; } | ||
4017 | #endif | ||
4018 | int | ||
4019 | main () | ||
4020 | { | ||
4021 | t_error (); | ||
4022 | ; | ||
4023 | return 0; | ||
4024 | } | ||
4025 | _ACEOF | ||
4026 | rm -f conftest.$ac_objext conftest$ac_exeext | ||
4027 | if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 | ||
4028 | (eval $ac_link) 2>&5 | ||
4029 | ac_status=$? | ||
4030 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
4031 | (exit $ac_status); } && | ||
4032 | { ac_try='test -s conftest$ac_exeext' | ||
4033 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
4034 | (eval $ac_try) 2>&5 | ||
4035 | ac_status=$? | ||
4036 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
4037 | (exit $ac_status); }; }; then | ||
4038 | ac_cv_lib_xnet_t_error=yes | ||
4039 | else | ||
4040 | echo "$as_me: failed program was:" >&5 | ||
4041 | cat conftest.$ac_ext >&5 | ||
4042 | ac_cv_lib_xnet_t_error=no | ||
4043 | fi | ||
4044 | rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext | ||
4045 | LIBS=$ac_check_lib_save_LIBS | ||
4046 | fi | ||
4047 | echo "$as_me:$LINENO: result: $ac_cv_lib_xnet_t_error" >&5 | ||
4048 | echo "${ECHO_T}$ac_cv_lib_xnet_t_error" >&6 | ||
4049 | if test $ac_cv_lib_xnet_t_error = yes; then | ||
4050 | cat >>confdefs.h <<_ACEOF | ||
4051 | @%:@define HAVE_LIBXNET 1 | ||
4052 | _ACEOF | ||
4053 | |||
4054 | LIBS="-lxnet $LIBS" | ||
4055 | |||
4056 | else | ||
4057 | { { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5 | ||
4058 | echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;} | ||
4059 | { (exit 1); exit 1; }; } | ||
4060 | fi | ||
4061 | |||
3792 | ;; | 4062 | ;; |
3793 | *-*-irix5*) | 4063 | *-*-irix5*) |
3794 | CPPFLAGS="$CPPFLAGS -I/usr/local/include" | 4064 | CPPFLAGS="$CPPFLAGS -I/usr/local/include" |
@@ -3920,6 +4190,7 @@ _ACEOF | |||
3920 | SONY=1 | 4190 | SONY=1 |
3921 | ;; | 4191 | ;; |
3922 | *-*-netbsd*) | 4192 | *-*-netbsd*) |
4193 | check_for_libcrypt_before=1 | ||
3923 | need_dash_r=1 | 4194 | need_dash_r=1 |
3924 | ;; | 4195 | ;; |
3925 | *-*-freebsd*) | 4196 | *-*-freebsd*) |
@@ -4250,7 +4521,7 @@ _ACEOF | |||
4250 | _ACEOF | 4521 | _ACEOF |
4251 | 4522 | ||
4252 | cat >>confdefs.h <<\_ACEOF | 4523 | cat >>confdefs.h <<\_ACEOF |
4253 | @%:@define BROKEN_FD_PASSING 1 | 4524 | @%:@define DISABLE_FD_PASSING 1 |
4254 | _ACEOF | 4525 | _ACEOF |
4255 | 4526 | ||
4256 | 4527 | ||
@@ -4332,6 +4603,21 @@ done | |||
4332 | 4603 | ||
4333 | MANTYPE=man | 4604 | MANTYPE=man |
4334 | ;; | 4605 | ;; |
4606 | *-*-unicosmk*) | ||
4607 | no_libsocket=1 | ||
4608 | no_libnsl=1 | ||
4609 | cat >>confdefs.h <<\_ACEOF | ||
4610 | @%:@define USE_PIPES 1 | ||
4611 | _ACEOF | ||
4612 | |||
4613 | cat >>confdefs.h <<\_ACEOF | ||
4614 | @%:@define DISABLE_FD_PASSING 1 | ||
4615 | _ACEOF | ||
4616 | |||
4617 | LDFLAGS="$LDFLAGS" | ||
4618 | LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" | ||
4619 | MANTYPE=cat | ||
4620 | ;; | ||
4335 | *-*-unicos*) | 4621 | *-*-unicos*) |
4336 | no_libsocket=1 | 4622 | no_libsocket=1 |
4337 | no_libnsl=1 | 4623 | no_libnsl=1 |
@@ -4340,11 +4626,16 @@ done | |||
4340 | _ACEOF | 4626 | _ACEOF |
4341 | 4627 | ||
4342 | cat >>confdefs.h <<\_ACEOF | 4628 | cat >>confdefs.h <<\_ACEOF |
4343 | @%:@define BROKEN_FD_PASSING 1 | 4629 | @%:@define DISABLE_FD_PASSING 1 |
4630 | _ACEOF | ||
4631 | |||
4632 | cat >>confdefs.h <<\_ACEOF | ||
4633 | @%:@define NO_SSH_LASTLOG 1 | ||
4344 | _ACEOF | 4634 | _ACEOF |
4345 | 4635 | ||
4346 | LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal,-L/usr/local/lib" | 4636 | LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" |
4347 | LIBS="$LIBS -lgen -lrsc" | 4637 | LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" |
4638 | MANTYPE=cat | ||
4348 | ;; | 4639 | ;; |
4349 | *-dec-osf*) | 4640 | *-dec-osf*) |
4350 | echo "$as_me:$LINENO: checking for Digital Unix SIA" >&5 | 4641 | echo "$as_me:$LINENO: checking for Digital Unix SIA" >&5 |
@@ -4691,15 +4982,17 @@ done | |||
4691 | 4982 | ||
4692 | 4983 | ||
4693 | 4984 | ||
4985 | |||
4986 | |||
4694 | for ac_header in bstring.h crypt.h endian.h floatingpoint.h \ | 4987 | for ac_header in bstring.h crypt.h endian.h floatingpoint.h \ |
4695 | getopt.h glob.h lastlog.h limits.h login.h \ | 4988 | getopt.h glob.h ia.h lastlog.h limits.h login.h \ |
4696 | login_cap.h maillock.h netdb.h netgroup.h \ | 4989 | login_cap.h maillock.h netdb.h netgroup.h \ |
4697 | netinet/in_systm.h paths.h pty.h readpassphrase.h \ | 4990 | netinet/in_systm.h paths.h pty.h readpassphrase.h \ |
4698 | rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ | 4991 | rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ |
4699 | strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ | 4992 | strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ |
4700 | sys/mman.h sys/select.h sys/stat.h \ | 4993 | sys/mman.h sys/select.h sys/stat.h \ |
4701 | sys/stropts.h sys/sysmacros.h sys/time.h \ | 4994 | sys/stropts.h sys/sysmacros.h sys/time.h \ |
4702 | sys/un.h time.h ttyent.h usersec.h \ | 4995 | sys/un.h time.h tmpdir.h ttyent.h usersec.h \ |
4703 | util.h utime.h utmp.h utmpx.h | 4996 | util.h utime.h utmp.h utmpx.h |
4704 | do | 4997 | do |
4705 | as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` | 4998 | as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` |
@@ -5646,7 +5939,11 @@ fi | |||
5646 | echo "$as_me:$LINENO: result: $ac_cv_lib_c89_utimes" >&5 | 5939 | echo "$as_me:$LINENO: result: $ac_cv_lib_c89_utimes" >&5 |
5647 | echo "${ECHO_T}$ac_cv_lib_c89_utimes" >&6 | 5940 | echo "${ECHO_T}$ac_cv_lib_c89_utimes" >&6 |
5648 | if test $ac_cv_lib_c89_utimes = yes; then | 5941 | if test $ac_cv_lib_c89_utimes = yes; then |
5649 | LIBS="$LIBS -lc89" | 5942 | cat >>confdefs.h <<\_ACEOF |
5943 | @%:@define HAVE_UTIMES 1 | ||
5944 | _ACEOF | ||
5945 | |||
5946 | LIBS="$LIBS -lc89" | ||
5650 | fi | 5947 | fi |
5651 | 5948 | ||
5652 | 5949 | ||
@@ -6176,7 +6473,7 @@ else | |||
6176 | 6473 | ||
6177 | #include <sys/types.h> | 6474 | #include <sys/types.h> |
6178 | #include <dirent.h> | 6475 | #include <dirent.h> |
6179 | int main(void){struct dirent d;return(sizeof(d.d_name)<=sizeof(char));} | 6476 | int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));} |
6180 | 6477 | ||
6181 | _ACEOF | 6478 | _ACEOF |
6182 | rm -f conftest$ac_exeext | 6479 | rm -f conftest$ac_exeext |
@@ -6244,7 +6541,7 @@ else | |||
6244 | 6541 | ||
6245 | #include <stdio.h> | 6542 | #include <stdio.h> |
6246 | #include <skey.h> | 6543 | #include <skey.h> |
6247 | int main() { char *ff = skey_keyinfo(""); ff=""; return 0; } | 6544 | int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); } |
6248 | 6545 | ||
6249 | _ACEOF | 6546 | _ACEOF |
6250 | rm -f conftest$ac_exeext | 6547 | rm -f conftest$ac_exeext |
@@ -6442,9 +6739,10 @@ fi; | |||
6442 | 6739 | ||
6443 | 6740 | ||
6444 | 6741 | ||
6742 | |||
6445 | for ac_func in arc4random b64_ntop bcopy bindresvport_sa \ | 6743 | for ac_func in arc4random b64_ntop bcopy bindresvport_sa \ |
6446 | clock fchmod fchown freeaddrinfo futimes gai_strerror \ | 6744 | clock fchmod fchown freeaddrinfo futimes gai_strerror \ |
6447 | getaddrinfo getcwd getgrouplist getnameinfo getopt \ | 6745 | getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\ |
6448 | getrlimit getrusage getttyent glob inet_aton inet_ntoa \ | 6746 | getrlimit getrusage getttyent glob inet_aton inet_ntoa \ |
6449 | inet_ntop innetgr login_getcapbool md5_crypt memmove \ | 6747 | inet_ntop innetgr login_getcapbool md5_crypt memmove \ |
6450 | mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \ | 6748 | mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \ |
@@ -6528,63 +6826,6 @@ fi | |||
6528 | done | 6826 | done |
6529 | 6827 | ||
6530 | 6828 | ||
6531 | if test $ac_cv_func_mmap = yes ; then | ||
6532 | echo "$as_me:$LINENO: checking for mmap anon shared" >&5 | ||
6533 | echo $ECHO_N "checking for mmap anon shared... $ECHO_C" >&6 | ||
6534 | if test "$cross_compiling" = yes; then | ||
6535 | { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5 | ||
6536 | echo "$as_me: error: cannot run test program while cross compiling" >&2;} | ||
6537 | { (exit 1); exit 1; }; } | ||
6538 | else | ||
6539 | cat >conftest.$ac_ext <<_ACEOF | ||
6540 | #line $LINENO "configure" | ||
6541 | #include "confdefs.h" | ||
6542 | |||
6543 | #include <stdio.h> | ||
6544 | #include <sys/mman.h> | ||
6545 | #if !defined(MAP_ANON) && defined(MAP_ANONYMOUS) | ||
6546 | #define MAP_ANON MAP_ANONYMOUS | ||
6547 | #endif | ||
6548 | main() { char *p; | ||
6549 | p = (char *) mmap(NULL, 10, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0); | ||
6550 | if (p == (char *)-1) | ||
6551 | exit(1); | ||
6552 | exit(0); | ||
6553 | } | ||
6554 | |||
6555 | _ACEOF | ||
6556 | rm -f conftest$ac_exeext | ||
6557 | if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 | ||
6558 | (eval $ac_link) 2>&5 | ||
6559 | ac_status=$? | ||
6560 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
6561 | (exit $ac_status); } && { ac_try='./conftest$ac_exeext' | ||
6562 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
6563 | (eval $ac_try) 2>&5 | ||
6564 | ac_status=$? | ||
6565 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
6566 | (exit $ac_status); }; }; then | ||
6567 | |||
6568 | echo "$as_me:$LINENO: result: yes" >&5 | ||
6569 | echo "${ECHO_T}yes" >&6 | ||
6570 | cat >>confdefs.h <<\_ACEOF | ||
6571 | @%:@define HAVE_MMAP_ANON_SHARED 1 | ||
6572 | _ACEOF | ||
6573 | |||
6574 | |||
6575 | else | ||
6576 | echo "$as_me: program exited with status $ac_status" >&5 | ||
6577 | echo "$as_me: failed program was:" >&5 | ||
6578 | cat conftest.$ac_ext >&5 | ||
6579 | ( exit $ac_status ) | ||
6580 | echo "$as_me:$LINENO: result: no" >&5 | ||
6581 | echo "${ECHO_T}no" >&6 | ||
6582 | |||
6583 | fi | ||
6584 | rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext | ||
6585 | fi | ||
6586 | fi | ||
6587 | |||
6588 | 6829 | ||
6589 | for ac_func in dirname | 6830 | for ac_func in dirname |
6590 | do | 6831 | do |
@@ -7697,7 +7938,7 @@ else | |||
7697 | #include "confdefs.h" | 7938 | #include "confdefs.h" |
7698 | 7939 | ||
7699 | #include <stdio.h> | 7940 | #include <stdio.h> |
7700 | int main(void){char b[5];snprintf(b,5,"123456789");return(b[4]!='\0');} | 7941 | int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');} |
7701 | 7942 | ||
7702 | _ACEOF | 7943 | _ACEOF |
7703 | rm -f conftest$ac_exeext | 7944 | rm -f conftest$ac_exeext |
@@ -8090,6 +8331,76 @@ fi | |||
8090 | rm -f conftest.$ac_objext conftest.$ac_ext | 8331 | rm -f conftest.$ac_objext conftest.$ac_ext |
8091 | fi | 8332 | fi |
8092 | 8333 | ||
8334 | # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, | ||
8335 | # because the system crypt() is more featureful. | ||
8336 | if test "x$check_for_libcrypt_before" = "x1"; then | ||
8337 | |||
8338 | echo "$as_me:$LINENO: checking for crypt in -lcrypt" >&5 | ||
8339 | echo $ECHO_N "checking for crypt in -lcrypt... $ECHO_C" >&6 | ||
8340 | if test "${ac_cv_lib_crypt_crypt+set}" = set; then | ||
8341 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
8342 | else | ||
8343 | ac_check_lib_save_LIBS=$LIBS | ||
8344 | LIBS="-lcrypt $LIBS" | ||
8345 | cat >conftest.$ac_ext <<_ACEOF | ||
8346 | #line $LINENO "configure" | ||
8347 | #include "confdefs.h" | ||
8348 | |||
8349 | /* Override any gcc2 internal prototype to avoid an error. */ | ||
8350 | #ifdef __cplusplus | ||
8351 | extern "C" | ||
8352 | #endif | ||
8353 | /* We use char because int might match the return type of a gcc2 | ||
8354 | builtin and then its argument prototype would still apply. */ | ||
8355 | char crypt (); | ||
8356 | #ifdef F77_DUMMY_MAIN | ||
8357 | # ifdef __cplusplus | ||
8358 | extern "C" | ||
8359 | # endif | ||
8360 | int F77_DUMMY_MAIN() { return 1; } | ||
8361 | #endif | ||
8362 | int | ||
8363 | main () | ||
8364 | { | ||
8365 | crypt (); | ||
8366 | ; | ||
8367 | return 0; | ||
8368 | } | ||
8369 | _ACEOF | ||
8370 | rm -f conftest.$ac_objext conftest$ac_exeext | ||
8371 | if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 | ||
8372 | (eval $ac_link) 2>&5 | ||
8373 | ac_status=$? | ||
8374 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
8375 | (exit $ac_status); } && | ||
8376 | { ac_try='test -s conftest$ac_exeext' | ||
8377 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
8378 | (eval $ac_try) 2>&5 | ||
8379 | ac_status=$? | ||
8380 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
8381 | (exit $ac_status); }; }; then | ||
8382 | ac_cv_lib_crypt_crypt=yes | ||
8383 | else | ||
8384 | echo "$as_me: failed program was:" >&5 | ||
8385 | cat conftest.$ac_ext >&5 | ||
8386 | ac_cv_lib_crypt_crypt=no | ||
8387 | fi | ||
8388 | rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext | ||
8389 | LIBS=$ac_check_lib_save_LIBS | ||
8390 | fi | ||
8391 | echo "$as_me:$LINENO: result: $ac_cv_lib_crypt_crypt" >&5 | ||
8392 | echo "${ECHO_T}$ac_cv_lib_crypt_crypt" >&6 | ||
8393 | if test $ac_cv_lib_crypt_crypt = yes; then | ||
8394 | cat >>confdefs.h <<_ACEOF | ||
8395 | @%:@define HAVE_LIBCRYPT 1 | ||
8396 | _ACEOF | ||
8397 | |||
8398 | LIBS="-lcrypt $LIBS" | ||
8399 | |||
8400 | fi | ||
8401 | |||
8402 | fi | ||
8403 | |||
8093 | # Search for OpenSSL | 8404 | # Search for OpenSSL |
8094 | saved_CPPFLAGS="$CPPFLAGS" | 8405 | saved_CPPFLAGS="$CPPFLAGS" |
8095 | saved_LDFLAGS="$LDFLAGS" | 8406 | saved_LDFLAGS="$LDFLAGS" |
@@ -8230,6 +8541,134 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext | |||
8230 | fi | 8541 | fi |
8231 | rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext | 8542 | rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext |
8232 | 8543 | ||
8544 | # Determine OpenSSL header version | ||
8545 | echo "$as_me:$LINENO: checking OpenSSL header version" >&5 | ||
8546 | echo $ECHO_N "checking OpenSSL header version... $ECHO_C" >&6 | ||
8547 | if test "$cross_compiling" = yes; then | ||
8548 | { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5 | ||
8549 | echo "$as_me: error: cannot run test program while cross compiling" >&2;} | ||
8550 | { (exit 1); exit 1; }; } | ||
8551 | else | ||
8552 | cat >conftest.$ac_ext <<_ACEOF | ||
8553 | #line $LINENO "configure" | ||
8554 | #include "confdefs.h" | ||
8555 | |||
8556 | #include <stdio.h> | ||
8557 | #include <string.h> | ||
8558 | #include <openssl/opensslv.h> | ||
8559 | #define DATA "conftest.sslincver" | ||
8560 | int main(void) { | ||
8561 | FILE *fd; | ||
8562 | int rc; | ||
8563 | |||
8564 | fd = fopen(DATA,"w"); | ||
8565 | if(fd == NULL) | ||
8566 | exit(1); | ||
8567 | |||
8568 | if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) | ||
8569 | exit(1); | ||
8570 | |||
8571 | exit(0); | ||
8572 | } | ||
8573 | |||
8574 | _ACEOF | ||
8575 | rm -f conftest$ac_exeext | ||
8576 | if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 | ||
8577 | (eval $ac_link) 2>&5 | ||
8578 | ac_status=$? | ||
8579 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
8580 | (exit $ac_status); } && { ac_try='./conftest$ac_exeext' | ||
8581 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
8582 | (eval $ac_try) 2>&5 | ||
8583 | ac_status=$? | ||
8584 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
8585 | (exit $ac_status); }; }; then | ||
8586 | |||
8587 | ssl_header_ver=`cat conftest.sslincver` | ||
8588 | echo "$as_me:$LINENO: result: $ssl_header_ver" >&5 | ||
8589 | echo "${ECHO_T}$ssl_header_ver" >&6 | ||
8590 | |||
8591 | else | ||
8592 | echo "$as_me: program exited with status $ac_status" >&5 | ||
8593 | echo "$as_me: failed program was:" >&5 | ||
8594 | cat conftest.$ac_ext >&5 | ||
8595 | ( exit $ac_status ) | ||
8596 | |||
8597 | echo "$as_me:$LINENO: result: not found" >&5 | ||
8598 | echo "${ECHO_T}not found" >&6 | ||
8599 | { { echo "$as_me:$LINENO: error: OpenSSL version header not found." >&5 | ||
8600 | echo "$as_me: error: OpenSSL version header not found." >&2;} | ||
8601 | { (exit 1); exit 1; }; } | ||
8602 | |||
8603 | |||
8604 | fi | ||
8605 | rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext | ||
8606 | fi | ||
8607 | |||
8608 | # Determine OpenSSL library version | ||
8609 | echo "$as_me:$LINENO: checking OpenSSL library version" >&5 | ||
8610 | echo $ECHO_N "checking OpenSSL library version... $ECHO_C" >&6 | ||
8611 | if test "$cross_compiling" = yes; then | ||
8612 | { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5 | ||
8613 | echo "$as_me: error: cannot run test program while cross compiling" >&2;} | ||
8614 | { (exit 1); exit 1; }; } | ||
8615 | else | ||
8616 | cat >conftest.$ac_ext <<_ACEOF | ||
8617 | #line $LINENO "configure" | ||
8618 | #include "confdefs.h" | ||
8619 | |||
8620 | #include <stdio.h> | ||
8621 | #include <string.h> | ||
8622 | #include <openssl/opensslv.h> | ||
8623 | #include <openssl/crypto.h> | ||
8624 | #define DATA "conftest.ssllibver" | ||
8625 | int main(void) { | ||
8626 | FILE *fd; | ||
8627 | int rc; | ||
8628 | |||
8629 | fd = fopen(DATA,"w"); | ||
8630 | if(fd == NULL) | ||
8631 | exit(1); | ||
8632 | |||
8633 | if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0) | ||
8634 | exit(1); | ||
8635 | |||
8636 | exit(0); | ||
8637 | } | ||
8638 | |||
8639 | _ACEOF | ||
8640 | rm -f conftest$ac_exeext | ||
8641 | if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 | ||
8642 | (eval $ac_link) 2>&5 | ||
8643 | ac_status=$? | ||
8644 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
8645 | (exit $ac_status); } && { ac_try='./conftest$ac_exeext' | ||
8646 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
8647 | (eval $ac_try) 2>&5 | ||
8648 | ac_status=$? | ||
8649 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
8650 | (exit $ac_status); }; }; then | ||
8651 | |||
8652 | ssl_library_ver=`cat conftest.ssllibver` | ||
8653 | echo "$as_me:$LINENO: result: $ssl_library_ver" >&5 | ||
8654 | echo "${ECHO_T}$ssl_library_ver" >&6 | ||
8655 | |||
8656 | else | ||
8657 | echo "$as_me: program exited with status $ac_status" >&5 | ||
8658 | echo "$as_me: failed program was:" >&5 | ||
8659 | cat conftest.$ac_ext >&5 | ||
8660 | ( exit $ac_status ) | ||
8661 | |||
8662 | echo "$as_me:$LINENO: result: not found" >&5 | ||
8663 | echo "${ECHO_T}not found" >&6 | ||
8664 | { { echo "$as_me:$LINENO: error: OpenSSL library not found." >&5 | ||
8665 | echo "$as_me: error: OpenSSL library not found." >&2;} | ||
8666 | { (exit 1); exit 1; }; } | ||
8667 | |||
8668 | |||
8669 | fi | ||
8670 | rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext | ||
8671 | fi | ||
8233 | 8672 | ||
8234 | # Sanity check OpenSSL headers | 8673 | # Sanity check OpenSSL headers |
8235 | echo "$as_me:$LINENO: checking whether OpenSSL's headers match the library" >&5 | 8674 | echo "$as_me:$LINENO: checking whether OpenSSL's headers match the library" >&5 |
@@ -8245,7 +8684,7 @@ else | |||
8245 | 8684 | ||
8246 | #include <string.h> | 8685 | #include <string.h> |
8247 | #include <openssl/opensslv.h> | 8686 | #include <openssl/opensslv.h> |
8248 | int main(void) { return(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } | 8687 | int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } |
8249 | 8688 | ||
8250 | _ACEOF | 8689 | _ACEOF |
8251 | rm -f conftest$ac_exeext | 8690 | rm -f conftest$ac_exeext |
@@ -8361,7 +8800,7 @@ else | |||
8361 | 8800 | ||
8362 | #include <string.h> | 8801 | #include <string.h> |
8363 | #include <openssl/rand.h> | 8802 | #include <openssl/rand.h> |
8364 | int main(void) { return(RAND_status() == 1 ? 0 : 1); } | 8803 | int main(void) { exit(RAND_status() == 1 ? 0 : 1); } |
8365 | 8804 | ||
8366 | _ACEOF | 8805 | _ACEOF |
8367 | rm -f conftest$ac_exeext | 8806 | rm -f conftest$ac_exeext |
@@ -11321,7 +11760,16 @@ else | |||
11321 | cat >conftest.$ac_ext <<_ACEOF | 11760 | cat >conftest.$ac_ext <<_ACEOF |
11322 | #line $LINENO "configure" | 11761 | #line $LINENO "configure" |
11323 | #include "confdefs.h" | 11762 | #include "confdefs.h" |
11324 | #include <sys/types.h> | 11763 | |
11764 | #include <sys/types.h> | ||
11765 | #ifdef HAVE_STDINT_H | ||
11766 | # include <stdint.h> | ||
11767 | #endif | ||
11768 | #include <sys/socket.h> | ||
11769 | #ifdef HAVE_SYS_BITYPES_H | ||
11770 | # include <sys/bitypes.h> | ||
11771 | #endif | ||
11772 | |||
11325 | #ifdef F77_DUMMY_MAIN | 11773 | #ifdef F77_DUMMY_MAIN |
11326 | # ifdef __cplusplus | 11774 | # ifdef __cplusplus |
11327 | extern "C" | 11775 | extern "C" |
@@ -11365,109 +11813,6 @@ if test "x$ac_cv_have_int64_t" = "xyes" ; then | |||
11365 | @%:@define HAVE_INT64_T 1 | 11813 | @%:@define HAVE_INT64_T 1 |
11366 | _ACEOF | 11814 | _ACEOF |
11367 | 11815 | ||
11368 | have_int64_t=1 | ||
11369 | fi | ||
11370 | |||
11371 | if test -z "$have_int64_t" ; then | ||
11372 | echo "$as_me:$LINENO: checking for int64_t type in sys/socket.h" >&5 | ||
11373 | echo $ECHO_N "checking for int64_t type in sys/socket.h... $ECHO_C" >&6 | ||
11374 | cat >conftest.$ac_ext <<_ACEOF | ||
11375 | #line $LINENO "configure" | ||
11376 | #include "confdefs.h" | ||
11377 | #include <sys/socket.h> | ||
11378 | #ifdef F77_DUMMY_MAIN | ||
11379 | # ifdef __cplusplus | ||
11380 | extern "C" | ||
11381 | # endif | ||
11382 | int F77_DUMMY_MAIN() { return 1; } | ||
11383 | #endif | ||
11384 | int | ||
11385 | main () | ||
11386 | { | ||
11387 | int64_t a; a = 1 | ||
11388 | ; | ||
11389 | return 0; | ||
11390 | } | ||
11391 | _ACEOF | ||
11392 | rm -f conftest.$ac_objext | ||
11393 | if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 | ||
11394 | (eval $ac_compile) 2>&5 | ||
11395 | ac_status=$? | ||
11396 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
11397 | (exit $ac_status); } && | ||
11398 | { ac_try='test -s conftest.$ac_objext' | ||
11399 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
11400 | (eval $ac_try) 2>&5 | ||
11401 | ac_status=$? | ||
11402 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
11403 | (exit $ac_status); }; }; then | ||
11404 | |||
11405 | cat >>confdefs.h <<\_ACEOF | ||
11406 | @%:@define HAVE_INT64_T 1 | ||
11407 | _ACEOF | ||
11408 | |||
11409 | echo "$as_me:$LINENO: result: yes" >&5 | ||
11410 | echo "${ECHO_T}yes" >&6 | ||
11411 | |||
11412 | else | ||
11413 | echo "$as_me: failed program was:" >&5 | ||
11414 | cat conftest.$ac_ext >&5 | ||
11415 | echo "$as_me:$LINENO: result: no" >&5 | ||
11416 | echo "${ECHO_T}no" >&6 | ||
11417 | |||
11418 | fi | ||
11419 | rm -f conftest.$ac_objext conftest.$ac_ext | ||
11420 | fi | ||
11421 | |||
11422 | if test -z "$have_int64_t" ; then | ||
11423 | echo "$as_me:$LINENO: checking for int64_t type in sys/bitypes.h" >&5 | ||
11424 | echo $ECHO_N "checking for int64_t type in sys/bitypes.h... $ECHO_C" >&6 | ||
11425 | cat >conftest.$ac_ext <<_ACEOF | ||
11426 | #line $LINENO "configure" | ||
11427 | #include "confdefs.h" | ||
11428 | #include <sys/bitypes.h> | ||
11429 | #ifdef F77_DUMMY_MAIN | ||
11430 | # ifdef __cplusplus | ||
11431 | extern "C" | ||
11432 | # endif | ||
11433 | int F77_DUMMY_MAIN() { return 1; } | ||
11434 | #endif | ||
11435 | int | ||
11436 | main () | ||
11437 | { | ||
11438 | int64_t a; a = 1 | ||
11439 | ; | ||
11440 | return 0; | ||
11441 | } | ||
11442 | _ACEOF | ||
11443 | rm -f conftest.$ac_objext | ||
11444 | if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 | ||
11445 | (eval $ac_compile) 2>&5 | ||
11446 | ac_status=$? | ||
11447 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
11448 | (exit $ac_status); } && | ||
11449 | { ac_try='test -s conftest.$ac_objext' | ||
11450 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
11451 | (eval $ac_try) 2>&5 | ||
11452 | ac_status=$? | ||
11453 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
11454 | (exit $ac_status); }; }; then | ||
11455 | |||
11456 | cat >>confdefs.h <<\_ACEOF | ||
11457 | @%:@define HAVE_INT64_T 1 | ||
11458 | _ACEOF | ||
11459 | |||
11460 | echo "$as_me:$LINENO: result: yes" >&5 | ||
11461 | echo "${ECHO_T}yes" >&6 | ||
11462 | |||
11463 | else | ||
11464 | echo "$as_me: failed program was:" >&5 | ||
11465 | cat conftest.$ac_ext >&5 | ||
11466 | echo "$as_me:$LINENO: result: no" >&5 | ||
11467 | echo "${ECHO_T}no" >&6 | ||
11468 | |||
11469 | fi | ||
11470 | rm -f conftest.$ac_objext conftest.$ac_ext | ||
11471 | fi | 11816 | fi |
11472 | 11817 | ||
11473 | echo "$as_me:$LINENO: checking for u_intXX_t types" >&5 | 11818 | echo "$as_me:$LINENO: checking for u_intXX_t types" >&5 |
@@ -15334,6 +15679,11 @@ if test "${with_xauth+set}" = set; then | |||
15334 | 15679 | ||
15335 | else | 15680 | else |
15336 | 15681 | ||
15682 | TestPath="$PATH" | ||
15683 | TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" | ||
15684 | TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" | ||
15685 | TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" | ||
15686 | TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" | ||
15337 | # Extract the first word of "xauth", so it can be a program name with args. | 15687 | # Extract the first word of "xauth", so it can be a program name with args. |
15338 | set dummy xauth; ac_word=$2 | 15688 | set dummy xauth; ac_word=$2 |
15339 | echo "$as_me:$LINENO: checking for $ac_word" >&5 | 15689 | echo "$as_me:$LINENO: checking for $ac_word" >&5 |
@@ -15347,7 +15697,7 @@ else | |||
15347 | ;; | 15697 | ;; |
15348 | *) | 15698 | *) |
15349 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | 15699 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR |
15350 | for as_dir in $PATH:/usr/X/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/openwin/bin | 15700 | for as_dir in $TestPath |
15351 | do | 15701 | do |
15352 | IFS=$as_save_IFS | 15702 | IFS=$as_save_IFS |
15353 | test -z "$as_dir" && as_dir=. | 15703 | test -z "$as_dir" && as_dir=. |
@@ -15482,6 +15832,7 @@ echo "$as_me: error: invalid man type: $withval" >&2;} | |||
15482 | 15832 | ||
15483 | fi; | 15833 | fi; |
15484 | if test -z "$MANTYPE"; then | 15834 | if test -z "$MANTYPE"; then |
15835 | TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" | ||
15485 | for ac_prog in nroff awf | 15836 | for ac_prog in nroff awf |
15486 | do | 15837 | do |
15487 | # Extract the first word of "$ac_prog", so it can be a program name with args. | 15838 | # Extract the first word of "$ac_prog", so it can be a program name with args. |
@@ -15497,8 +15848,7 @@ else | |||
15497 | ;; | 15848 | ;; |
15498 | *) | 15849 | *) |
15499 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | 15850 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR |
15500 | as_dummy="/usr/bin:/usr/ucb" | 15851 | for as_dir in $TestPath |
15501 | for as_dir in $as_dummy | ||
15502 | do | 15852 | do |
15503 | IFS=$as_save_IFS | 15853 | IFS=$as_save_IFS |
15504 | test -z "$as_dir" && as_dir=. | 15854 | test -z "$as_dir" && as_dir=. |
@@ -16997,7 +17347,6 @@ s,@INSTALL_DATA@,$INSTALL_DATA,;t t | |||
16997 | s,@AR@,$AR,;t t | 17347 | s,@AR@,$AR,;t t |
16998 | s,@PERL@,$PERL,;t t | 17348 | s,@PERL@,$PERL,;t t |
16999 | s,@ENT@,$ENT,;t t | 17349 | s,@ENT@,$ENT,;t t |
17000 | s,@FILEPRIV@,$FILEPRIV,;t t | ||
17001 | s,@TEST_MINUS_S_SH@,$TEST_MINUS_S_SH,;t t | 17350 | s,@TEST_MINUS_S_SH@,$TEST_MINUS_S_SH,;t t |
17002 | s,@SH@,$SH,;t t | 17351 | s,@SH@,$SH,;t t |
17003 | s,@LOGIN_PROGRAM_FALLBACK@,$LOGIN_PROGRAM_FALLBACK,;t t | 17352 | s,@LOGIN_PROGRAM_FALLBACK@,$LOGIN_PROGRAM_FALLBACK,;t t |
diff --git a/autom4te-2.53.cache/traces.0 b/autom4te-2.53.cache/traces.0 index 6eb0daac7..3fcfab66c 100644 --- a/autom4te-2.53.cache/traces.0 +++ b/autom4te-2.53.cache/traces.0 | |||
@@ -94,283 +94,314 @@ m4trace:configure.ac:16: -1- AC_SUBST([PERL], [$ac_cv_path_PERL]) | |||
94 | m4trace:configure.ac:17: -1- AC_SUBST([PERL]) | 94 | m4trace:configure.ac:17: -1- AC_SUBST([PERL]) |
95 | m4trace:configure.ac:18: -1- AC_SUBST([ENT], [$ac_cv_path_ENT]) | 95 | m4trace:configure.ac:18: -1- AC_SUBST([ENT], [$ac_cv_path_ENT]) |
96 | m4trace:configure.ac:19: -1- AC_SUBST([ENT]) | 96 | m4trace:configure.ac:19: -1- AC_SUBST([ENT]) |
97 | m4trace:configure.ac:20: -1- AC_SUBST([FILEPRIV], [$ac_cv_path_FILEPRIV]) | 97 | m4trace:configure.ac:20: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH]) |
98 | m4trace:configure.ac:21: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH]) | 98 | m4trace:configure.ac:21: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH]) |
99 | m4trace:configure.ac:22: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH]) | 99 | m4trace:configure.ac:22: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH]) |
100 | m4trace:configure.ac:23: -1- AC_SUBST([TEST_MINUS_S_SH], [$ac_cv_path_TEST_MINUS_S_SH]) | 100 | m4trace:configure.ac:23: -1- AC_SUBST([SH], [$ac_cv_path_SH]) |
101 | m4trace:configure.ac:24: -1- AC_SUBST([SH], [$ac_cv_path_SH]) | 101 | m4trace:configure.ac:26: -1- AC_DEFINE_TRACE_LITERAL([_FILE_OFFSET_BITS]) |
102 | m4trace:configure.ac:27: -1- AC_DEFINE_TRACE_LITERAL([_FILE_OFFSET_BITS]) | 102 | m4trace:configure.ac:26: -1- AH_OUTPUT([_FILE_OFFSET_BITS], [/* Number of bits in a file offset, on hosts where this is settable. */ |
103 | m4trace:configure.ac:27: -1- AH_OUTPUT([_FILE_OFFSET_BITS], [/* Number of bits in a file offset, on hosts where this is settable. */ | ||
104 | #undef _FILE_OFFSET_BITS]) | 103 | #undef _FILE_OFFSET_BITS]) |
105 | m4trace:configure.ac:27: -1- AC_DEFINE_TRACE_LITERAL([_LARGE_FILES]) | 104 | m4trace:configure.ac:26: -1- AC_DEFINE_TRACE_LITERAL([_LARGE_FILES]) |
106 | m4trace:configure.ac:27: -1- AH_OUTPUT([_LARGE_FILES], [/* Define for large files, on AIX-style hosts. */ | 105 | m4trace:configure.ac:26: -1- AH_OUTPUT([_LARGE_FILES], [/* Define for large files, on AIX-style hosts. */ |
107 | #undef _LARGE_FILES]) | 106 | #undef _LARGE_FILES]) |
108 | m4trace:configure.ac:35: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_PROGRAM_FALLBACK]) | 107 | m4trace:configure.ac:34: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_PROGRAM_FALLBACK]) |
109 | m4trace:configure.ac:38: -1- AC_SUBST([LOGIN_PROGRAM_FALLBACK], [$ac_cv_path_LOGIN_PROGRAM_FALLBACK]) | 108 | m4trace:configure.ac:37: -1- AC_SUBST([LOGIN_PROGRAM_FALLBACK], [$ac_cv_path_LOGIN_PROGRAM_FALLBACK]) |
110 | m4trace:configure.ac:40: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_PROGRAM_FALLBACK]) | 109 | m4trace:configure.ac:39: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_PROGRAM_FALLBACK]) |
111 | m4trace:configure.ac:47: -1- AC_SUBST([LD]) | 110 | m4trace:configure.ac:46: -1- AC_SUBST([LD]) |
112 | m4trace:configure.ac:49: -1- AC_C_INLINE | 111 | m4trace:configure.ac:48: -1- AC_C_INLINE |
113 | m4trace:configure.ac:49: -1- AC_DEFINE_TRACE_LITERAL([inline]) | 112 | m4trace:configure.ac:48: -1- AC_DEFINE_TRACE_LITERAL([inline]) |
114 | m4trace:configure.ac:49: -1- AH_OUTPUT([inline], [/* Define as \`__inline' if that's what the C compiler calls it, or to nothing | 113 | m4trace:configure.ac:48: -1- AH_OUTPUT([inline], [/* Define as \`__inline' if that's what the C compiler calls it, or to nothing |
115 | if it is not supported. */ | 114 | if it is not supported. */ |
116 | #undef inline]) | 115 | #undef inline]) |
117 | m4trace:configure.ac:49: -1- AC_DEFINE_TRACE_LITERAL([inline]) | 116 | m4trace:configure.ac:48: -1- AC_DEFINE_TRACE_LITERAL([inline]) |
118 | m4trace:configure.ac:74: -1- AC_DEFINE_TRACE_LITERAL([WITH_AIXAUTHENTICATE]) | 117 | m4trace:configure.ac:78: -1- AC_DEFINE_TRACE_LITERAL([WITH_AIXAUTHENTICATE]) |
119 | m4trace:configure.ac:75: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_GETADDRINFO]) | 118 | m4trace:configure.ac:78: -1- AC_CHECK_LIB([s], [authenticate], [ AC_DEFINE(WITH_AIXAUTHENTICATE) |
120 | m4trace:configure.ac:76: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_REALPATH]) | 119 | LIBS="$LIBS -ls" |
121 | m4trace:configure.ac:78: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG]) | 120 | ]) |
122 | m4trace:configure.ac:79: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) | 121 | m4trace:configure.ac:78: -1- AC_DEFINE_TRACE_LITERAL([WITH_AIXAUTHENTICATE]) |
123 | m4trace:configure.ac:83: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CYGWIN]) | 122 | m4trace:configure.ac:79: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_GETADDRINFO]) |
124 | m4trace:configure.ac:84: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | 123 | m4trace:configure.ac:80: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_REALPATH]) |
125 | m4trace:configure.ac:85: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) | 124 | m4trace:configure.ac:82: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG]) |
126 | m4trace:configure.ac:86: -1- AC_DEFINE_TRACE_LITERAL([IPV4_DEFAULT]) | 125 | m4trace:configure.ac:83: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) |
127 | m4trace:configure.ac:87: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN]) | 126 | m4trace:configure.ac:87: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CYGWIN]) |
128 | m4trace:configure.ac:88: -1- AC_DEFINE_TRACE_LITERAL([NO_X11_UNIX_SOCKETS]) | 127 | m4trace:configure.ac:88: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
129 | m4trace:configure.ac:89: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_FD_PASSING]) | 128 | m4trace:configure.ac:89: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) |
130 | m4trace:configure.ac:90: -1- AC_DEFINE_TRACE_LITERAL([SETGROUPS_NOOP]) | 129 | m4trace:configure.ac:90: -1- AC_DEFINE_TRACE_LITERAL([IPV4_DEFAULT]) |
131 | m4trace:configure.ac:93: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN]) | 130 | m4trace:configure.ac:91: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN]) |
132 | m4trace:configure.ac:96: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_GETADDRINFO]) | 131 | m4trace:configure.ac:92: -1- AC_DEFINE_TRACE_LITERAL([NO_X11_UNIX_SOCKETS]) |
133 | m4trace:configure.ac:104: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE]) | 132 | m4trace:configure.ac:93: -1- AC_DEFINE_TRACE_LITERAL([NO_IPPORT_RESERVED_CONCEPT]) |
134 | m4trace:configure.ac:105: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | 133 | m4trace:configure.ac:94: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING]) |
135 | m4trace:configure.ac:106: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT]) | 134 | m4trace:configure.ac:95: -1- AC_DEFINE_TRACE_LITERAL([SETGROUPS_NOOP]) |
136 | m4trace:configure.ac:107: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) | 135 | m4trace:configure.ac:98: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN]) |
137 | m4trace:configure.ac:108: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) | 136 | m4trace:configure.ac:110: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_GETADDRINFO]) |
138 | m4trace:configure.ac:109: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) | 137 | m4trace:configure.ac:118: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE]) |
139 | m4trace:configure.ac:110: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE]) | 138 | m4trace:configure.ac:119: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
140 | m4trace:configure.ac:120: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | 139 | m4trace:configure.ac:120: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT]) |
141 | m4trace:configure.ac:121: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT]) | 140 | m4trace:configure.ac:121: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) |
142 | m4trace:configure.ac:122: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) | 141 | m4trace:configure.ac:122: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) |
143 | m4trace:configure.ac:123: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) | 142 | m4trace:configure.ac:123: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) |
144 | m4trace:configure.ac:124: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) | 143 | m4trace:configure.ac:124: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE]) |
145 | m4trace:configure.ac:125: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE]) | 144 | m4trace:configure.ac:126: -1- AC_CHECK_LIB([xnet], [t_error], [], [{ { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5 |
146 | m4trace:configure.ac:131: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE]) | 145 | echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;} |
147 | m4trace:configure.ac:132: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | 146 | { (exit 1); exit 1; }; }]) |
148 | m4trace:configure.ac:133: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT]) | 147 | m4trace:configure.ac:126: -1- AH_OUTPUT([HAVE_LIBXNET], [/* Define to 1 if you have the \`xnet' library (-lxnet). */ |
149 | m4trace:configure.ac:134: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) | 148 | #undef HAVE_LIBXNET]) |
150 | m4trace:configure.ac:135: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) | 149 | m4trace:configure.ac:126: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBXNET]) |
151 | m4trace:configure.ac:136: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) | 150 | m4trace:configure.ac:135: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
152 | m4trace:configure.ac:137: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE]) | 151 | m4trace:configure.ac:136: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT]) |
153 | m4trace:configure.ac:144: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_INET_NTOA]) | 152 | m4trace:configure.ac:137: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) |
154 | m4trace:configure.ac:145: -1- AC_DEFINE_TRACE_LITERAL([WITH_ABBREV_NO_TTY]) | 153 | m4trace:configure.ac:138: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) |
155 | m4trace:configure.ac:151: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_ARRAY]) | 154 | m4trace:configure.ac:139: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) |
156 | m4trace:configure.ac:152: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_PROJECT]) | 155 | m4trace:configure.ac:140: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE]) |
157 | m4trace:configure.ac:153: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_AUDIT]) | 156 | m4trace:configure.ac:142: -1- AC_CHECK_LIB([xnet], [t_error], [], [{ { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5 |
158 | m4trace:configure.ac:154: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_JOBS]) | 157 | echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;} |
159 | m4trace:configure.ac:155: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_INET_NTOA]) | 158 | { (exit 1); exit 1; }; }]) |
160 | m4trace:configure.ac:156: -1- AC_DEFINE_TRACE_LITERAL([WITH_ABBREV_NO_TTY]) | 159 | m4trace:configure.ac:142: -1- AH_OUTPUT([HAVE_LIBXNET], [/* Define to 1 if you have the \`xnet' library (-lxnet). */ |
161 | m4trace:configure.ac:161: -1- AC_DEFINE_TRACE_LITERAL([DONT_TRY_OTHER_AF]) | 160 | #undef HAVE_LIBXNET]) |
162 | m4trace:configure.ac:162: -1- AC_DEFINE_TRACE_LITERAL([PAM_TTY_KLUDGE]) | 161 | m4trace:configure.ac:142: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBXNET]) |
163 | m4trace:configure.ac:166: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NEWS4]) | 162 | m4trace:configure.ac:147: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE]) |
164 | m4trace:configure.ac:180: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NEXT]) | 163 | m4trace:configure.ac:148: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
165 | m4trace:configure.ac:181: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_REALPATH]) | 164 | m4trace:configure.ac:149: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NO_ENDOPT]) |
166 | m4trace:configure.ac:182: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | 165 | m4trace:configure.ac:150: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) |
167 | m4trace:configure.ac:183: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SAVED_UIDS]) | 166 | m4trace:configure.ac:151: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) |
168 | m4trace:configure.ac:191: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE]) | 167 | m4trace:configure.ac:152: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) |
169 | m4trace:configure.ac:192: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) | 168 | m4trace:configure.ac:153: -1- AC_DEFINE_TRACE_LITERAL([SPT_TYPE]) |
170 | m4trace:configure.ac:193: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_TERM]) | 169 | m4trace:configure.ac:155: -1- AC_CHECK_LIB([xnet], [t_error], [], [{ { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5 |
171 | m4trace:configure.ac:194: -1- AC_DEFINE_TRACE_LITERAL([PAM_TTY_KLUDGE]) | 170 | echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;} |
172 | m4trace:configure.ac:201: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) | 171 | { (exit 1); exit 1; }; }]) |
173 | m4trace:configure.ac:202: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP]) | 172 | m4trace:configure.ac:155: -1- AH_OUTPUT([HAVE_LIBXNET], [/* Define to 1 if you have the \`xnet' library (-lxnet). */ |
174 | m4trace:configure.ac:209: -1- AC_CHECK_FUNCS([getpwanam]) | 173 | #undef HAVE_LIBXNET]) |
175 | m4trace:configure.ac:209: -1- AH_OUTPUT([HAVE_GETPWANAM], [/* Define to 1 if you have the \`getpwanam' function. */ | 174 | m4trace:configure.ac:155: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBXNET]) |
175 | m4trace:configure.ac:161: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_INET_NTOA]) | ||
176 | m4trace:configure.ac:162: -1- AC_DEFINE_TRACE_LITERAL([WITH_ABBREV_NO_TTY]) | ||
177 | m4trace:configure.ac:168: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_ARRAY]) | ||
178 | m4trace:configure.ac:169: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_PROJECT]) | ||
179 | m4trace:configure.ac:170: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_AUDIT]) | ||
180 | m4trace:configure.ac:171: -1- AC_DEFINE_TRACE_LITERAL([WITH_IRIX_JOBS]) | ||
181 | m4trace:configure.ac:172: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_INET_NTOA]) | ||
182 | m4trace:configure.ac:173: -1- AC_DEFINE_TRACE_LITERAL([WITH_ABBREV_NO_TTY]) | ||
183 | m4trace:configure.ac:178: -1- AC_DEFINE_TRACE_LITERAL([DONT_TRY_OTHER_AF]) | ||
184 | m4trace:configure.ac:179: -1- AC_DEFINE_TRACE_LITERAL([PAM_TTY_KLUDGE]) | ||
185 | m4trace:configure.ac:183: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NEWS4]) | ||
186 | m4trace:configure.ac:198: -1- AC_DEFINE_TRACE_LITERAL([HAVE_NEXT]) | ||
187 | m4trace:configure.ac:199: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_REALPATH]) | ||
188 | m4trace:configure.ac:200: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | ||
189 | m4trace:configure.ac:201: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SAVED_UIDS]) | ||
190 | m4trace:configure.ac:209: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE]) | ||
191 | m4trace:configure.ac:210: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_UTMPX]) | ||
192 | m4trace:configure.ac:211: -1- AC_DEFINE_TRACE_LITERAL([LOGIN_NEEDS_TERM]) | ||
193 | m4trace:configure.ac:212: -1- AC_DEFINE_TRACE_LITERAL([PAM_TTY_KLUDGE]) | ||
194 | m4trace:configure.ac:219: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) | ||
195 | m4trace:configure.ac:220: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP]) | ||
196 | m4trace:configure.ac:227: -1- AC_CHECK_FUNCS([getpwanam]) | ||
197 | m4trace:configure.ac:227: -1- AH_OUTPUT([HAVE_GETPWANAM], [/* Define to 1 if you have the \`getpwanam' function. */ | ||
176 | #undef HAVE_GETPWANAM]) | 198 | #undef HAVE_GETPWANAM]) |
177 | m4trace:configure.ac:210: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE]) | 199 | m4trace:configure.ac:228: -1- AC_DEFINE_TRACE_LITERAL([PAM_SUN_CODEBASE]) |
178 | m4trace:configure.ac:214: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | 200 | m4trace:configure.ac:232: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
179 | m4trace:configure.ac:220: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | 201 | m4trace:configure.ac:238: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
180 | m4trace:configure.ac:227: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | 202 | m4trace:configure.ac:245: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
181 | m4trace:configure.ac:228: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN]) | 203 | m4trace:configure.ac:246: -1- AC_DEFINE_TRACE_LITERAL([IP_TOS_IS_BROKEN]) |
182 | m4trace:configure.ac:236: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | ||
183 | m4trace:configure.ac:241: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | ||
184 | m4trace:configure.ac:253: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SYS_TERMIO_H]) | ||
185 | m4trace:configure.ac:254: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | 204 | m4trace:configure.ac:254: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
186 | m4trace:configure.ac:255: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE]) | 205 | m4trace:configure.ac:259: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
187 | m4trace:configure.ac:256: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) | 206 | m4trace:configure.ac:271: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SYS_TERMIO_H]) |
188 | m4trace:configure.ac:257: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SAVED_UIDS]) | 207 | m4trace:configure.ac:272: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
189 | m4trace:configure.ac:258: -1- AC_CHECK_FUNCS([getluid setluid]) | 208 | m4trace:configure.ac:273: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE]) |
190 | m4trace:configure.ac:258: -1- AH_OUTPUT([HAVE_GETLUID], [/* Define to 1 if you have the \`getluid' function. */ | 209 | m4trace:configure.ac:274: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) |
210 | m4trace:configure.ac:275: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SAVED_UIDS]) | ||
211 | m4trace:configure.ac:276: -1- AC_CHECK_FUNCS([getluid setluid]) | ||
212 | m4trace:configure.ac:276: -1- AH_OUTPUT([HAVE_GETLUID], [/* Define to 1 if you have the \`getluid' function. */ | ||
191 | #undef HAVE_GETLUID]) | 213 | #undef HAVE_GETLUID]) |
192 | m4trace:configure.ac:258: -1- AH_OUTPUT([HAVE_SETLUID], [/* Define to 1 if you have the \`setluid' function. */ | 214 | m4trace:configure.ac:276: -1- AH_OUTPUT([HAVE_SETLUID], [/* Define to 1 if you have the \`setluid' function. */ |
193 | #undef HAVE_SETLUID]) | 215 | #undef HAVE_SETLUID]) |
194 | m4trace:configure.ac:267: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | 216 | m4trace:configure.ac:285: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
195 | m4trace:configure.ac:268: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE]) | 217 | m4trace:configure.ac:286: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECUREWARE]) |
196 | m4trace:configure.ac:269: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) | 218 | m4trace:configure.ac:287: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) |
197 | m4trace:configure.ac:270: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_FD_PASSING]) | 219 | m4trace:configure.ac:288: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING]) |
198 | m4trace:configure.ac:271: -1- AC_CHECK_FUNCS([getluid setluid]) | 220 | m4trace:configure.ac:289: -1- AC_CHECK_FUNCS([getluid setluid]) |
199 | m4trace:configure.ac:271: -1- AH_OUTPUT([HAVE_GETLUID], [/* Define to 1 if you have the \`getluid' function. */ | 221 | m4trace:configure.ac:289: -1- AH_OUTPUT([HAVE_GETLUID], [/* Define to 1 if you have the \`getluid' function. */ |
200 | #undef HAVE_GETLUID]) | 222 | #undef HAVE_GETLUID]) |
201 | m4trace:configure.ac:271: -1- AH_OUTPUT([HAVE_SETLUID], [/* Define to 1 if you have the \`setluid' function. */ | 223 | m4trace:configure.ac:289: -1- AH_OUTPUT([HAVE_SETLUID], [/* Define to 1 if you have the \`setluid' function. */ |
202 | #undef HAVE_SETLUID]) | 224 | #undef HAVE_SETLUID]) |
203 | m4trace:configure.ac:277: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | 225 | m4trace:configure.ac:295: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
204 | m4trace:configure.ac:278: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_FD_PASSING]) | 226 | m4trace:configure.ac:296: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING]) |
205 | m4trace:configure.ac:297: -1- AC_DEFINE_TRACE_LITERAL([HAVE_OSF_SIA]) | 227 | m4trace:configure.ac:304: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
206 | m4trace:configure.ac:298: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LOGIN]) | 228 | m4trace:configure.ac:305: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_FD_PASSING]) |
207 | m4trace:configure.ac:307: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) | 229 | m4trace:configure.ac:306: -1- AC_DEFINE_TRACE_LITERAL([NO_SSH_LASTLOG]) |
208 | m4trace:configure.ac:308: -1- AC_DEFINE_TRACE_LITERAL([NO_X11_UNIX_SOCKETS]) | 230 | m4trace:configure.ac:326: -1- AC_DEFINE_TRACE_LITERAL([HAVE_OSF_SIA]) |
209 | m4trace:configure.ac:309: -1- AC_DEFINE_TRACE_LITERAL([MISSING_NFDBITS]) | 231 | m4trace:configure.ac:327: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LOGIN]) |
210 | m4trace:configure.ac:310: -1- AC_DEFINE_TRACE_LITERAL([MISSING_HOWMANY]) | 232 | m4trace:configure.ac:336: -1- AC_DEFINE_TRACE_LITERAL([USE_PIPES]) |
211 | m4trace:configure.ac:311: -1- AC_DEFINE_TRACE_LITERAL([MISSING_FD_MASK]) | 233 | m4trace:configure.ac:337: -1- AC_DEFINE_TRACE_LITERAL([NO_X11_UNIX_SOCKETS]) |
212 | m4trace:configure.ac:359: -1- AC_CHECK_HEADERS([bstring.h crypt.h endian.h floatingpoint.h \ | 234 | m4trace:configure.ac:338: -1- AC_DEFINE_TRACE_LITERAL([MISSING_NFDBITS]) |
213 | getopt.h glob.h lastlog.h limits.h login.h \ | 235 | m4trace:configure.ac:339: -1- AC_DEFINE_TRACE_LITERAL([MISSING_HOWMANY]) |
236 | m4trace:configure.ac:340: -1- AC_DEFINE_TRACE_LITERAL([MISSING_FD_MASK]) | ||
237 | m4trace:configure.ac:388: -1- AC_CHECK_HEADERS([bstring.h crypt.h endian.h floatingpoint.h \ | ||
238 | getopt.h glob.h ia.h lastlog.h limits.h login.h \ | ||
214 | login_cap.h maillock.h netdb.h netgroup.h \ | 239 | login_cap.h maillock.h netdb.h netgroup.h \ |
215 | netinet/in_systm.h paths.h pty.h readpassphrase.h \ | 240 | netinet/in_systm.h paths.h pty.h readpassphrase.h \ |
216 | rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ | 241 | rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ |
217 | strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ | 242 | strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ |
218 | sys/mman.h sys/select.h sys/stat.h \ | 243 | sys/mman.h sys/select.h sys/stat.h \ |
219 | sys/stropts.h sys/sysmacros.h sys/time.h \ | 244 | sys/stropts.h sys/sysmacros.h sys/time.h \ |
220 | sys/un.h time.h ttyent.h usersec.h \ | 245 | sys/un.h time.h tmpdir.h ttyent.h usersec.h \ |
221 | util.h utime.h utmp.h utmpx.h]) | 246 | util.h utime.h utmp.h utmpx.h]) |
222 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_BSTRING_H], [/* Define to 1 if you have the <bstring.h> header file. */ | 247 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_BSTRING_H], [/* Define to 1 if you have the <bstring.h> header file. */ |
223 | #undef HAVE_BSTRING_H]) | 248 | #undef HAVE_BSTRING_H]) |
224 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_CRYPT_H], [/* Define to 1 if you have the <crypt.h> header file. */ | 249 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_CRYPT_H], [/* Define to 1 if you have the <crypt.h> header file. */ |
225 | #undef HAVE_CRYPT_H]) | 250 | #undef HAVE_CRYPT_H]) |
226 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_ENDIAN_H], [/* Define to 1 if you have the <endian.h> header file. */ | 251 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_ENDIAN_H], [/* Define to 1 if you have the <endian.h> header file. */ |
227 | #undef HAVE_ENDIAN_H]) | 252 | #undef HAVE_ENDIAN_H]) |
228 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_FLOATINGPOINT_H], [/* Define to 1 if you have the <floatingpoint.h> header file. */ | 253 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_FLOATINGPOINT_H], [/* Define to 1 if you have the <floatingpoint.h> header file. */ |
229 | #undef HAVE_FLOATINGPOINT_H]) | 254 | #undef HAVE_FLOATINGPOINT_H]) |
230 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_GETOPT_H], [/* Define to 1 if you have the <getopt.h> header file. */ | 255 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_GETOPT_H], [/* Define to 1 if you have the <getopt.h> header file. */ |
231 | #undef HAVE_GETOPT_H]) | 256 | #undef HAVE_GETOPT_H]) |
232 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_GLOB_H], [/* Define to 1 if you have the <glob.h> header file. */ | 257 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_GLOB_H], [/* Define to 1 if you have the <glob.h> header file. */ |
233 | #undef HAVE_GLOB_H]) | 258 | #undef HAVE_GLOB_H]) |
234 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_LASTLOG_H], [/* Define to 1 if you have the <lastlog.h> header file. */ | 259 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_IA_H], [/* Define to 1 if you have the <ia.h> header file. */ |
260 | #undef HAVE_IA_H]) | ||
261 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_LASTLOG_H], [/* Define to 1 if you have the <lastlog.h> header file. */ | ||
235 | #undef HAVE_LASTLOG_H]) | 262 | #undef HAVE_LASTLOG_H]) |
236 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_LIMITS_H], [/* Define to 1 if you have the <limits.h> header file. */ | 263 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_LIMITS_H], [/* Define to 1 if you have the <limits.h> header file. */ |
237 | #undef HAVE_LIMITS_H]) | 264 | #undef HAVE_LIMITS_H]) |
238 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_LOGIN_H], [/* Define to 1 if you have the <login.h> header file. */ | 265 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_LOGIN_H], [/* Define to 1 if you have the <login.h> header file. */ |
239 | #undef HAVE_LOGIN_H]) | 266 | #undef HAVE_LOGIN_H]) |
240 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_LOGIN_CAP_H], [/* Define to 1 if you have the <login_cap.h> header file. */ | 267 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_LOGIN_CAP_H], [/* Define to 1 if you have the <login_cap.h> header file. */ |
241 | #undef HAVE_LOGIN_CAP_H]) | 268 | #undef HAVE_LOGIN_CAP_H]) |
242 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_MAILLOCK_H], [/* Define to 1 if you have the <maillock.h> header file. */ | 269 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_MAILLOCK_H], [/* Define to 1 if you have the <maillock.h> header file. */ |
243 | #undef HAVE_MAILLOCK_H]) | 270 | #undef HAVE_MAILLOCK_H]) |
244 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_NETDB_H], [/* Define to 1 if you have the <netdb.h> header file. */ | 271 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_NETDB_H], [/* Define to 1 if you have the <netdb.h> header file. */ |
245 | #undef HAVE_NETDB_H]) | 272 | #undef HAVE_NETDB_H]) |
246 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_NETGROUP_H], [/* Define to 1 if you have the <netgroup.h> header file. */ | 273 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_NETGROUP_H], [/* Define to 1 if you have the <netgroup.h> header file. */ |
247 | #undef HAVE_NETGROUP_H]) | 274 | #undef HAVE_NETGROUP_H]) |
248 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_NETINET_IN_SYSTM_H], [/* Define to 1 if you have the <netinet/in_systm.h> header file. */ | 275 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_NETINET_IN_SYSTM_H], [/* Define to 1 if you have the <netinet/in_systm.h> header file. */ |
249 | #undef HAVE_NETINET_IN_SYSTM_H]) | 276 | #undef HAVE_NETINET_IN_SYSTM_H]) |
250 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_PATHS_H], [/* Define to 1 if you have the <paths.h> header file. */ | 277 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_PATHS_H], [/* Define to 1 if you have the <paths.h> header file. */ |
251 | #undef HAVE_PATHS_H]) | 278 | #undef HAVE_PATHS_H]) |
252 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_PTY_H], [/* Define to 1 if you have the <pty.h> header file. */ | 279 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_PTY_H], [/* Define to 1 if you have the <pty.h> header file. */ |
253 | #undef HAVE_PTY_H]) | 280 | #undef HAVE_PTY_H]) |
254 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_READPASSPHRASE_H], [/* Define to 1 if you have the <readpassphrase.h> header file. */ | 281 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_READPASSPHRASE_H], [/* Define to 1 if you have the <readpassphrase.h> header file. */ |
255 | #undef HAVE_READPASSPHRASE_H]) | 282 | #undef HAVE_READPASSPHRASE_H]) |
256 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_RPC_TYPES_H], [/* Define to 1 if you have the <rpc/types.h> header file. */ | 283 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_RPC_TYPES_H], [/* Define to 1 if you have the <rpc/types.h> header file. */ |
257 | #undef HAVE_RPC_TYPES_H]) | 284 | #undef HAVE_RPC_TYPES_H]) |
258 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SECURITY_PAM_APPL_H], [/* Define to 1 if you have the <security/pam_appl.h> header file. */ | 285 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SECURITY_PAM_APPL_H], [/* Define to 1 if you have the <security/pam_appl.h> header file. */ |
259 | #undef HAVE_SECURITY_PAM_APPL_H]) | 286 | #undef HAVE_SECURITY_PAM_APPL_H]) |
260 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SHADOW_H], [/* Define to 1 if you have the <shadow.h> header file. */ | 287 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SHADOW_H], [/* Define to 1 if you have the <shadow.h> header file. */ |
261 | #undef HAVE_SHADOW_H]) | 288 | #undef HAVE_SHADOW_H]) |
262 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_STDDEF_H], [/* Define to 1 if you have the <stddef.h> header file. */ | 289 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STDDEF_H], [/* Define to 1 if you have the <stddef.h> header file. */ |
263 | #undef HAVE_STDDEF_H]) | 290 | #undef HAVE_STDDEF_H]) |
264 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */ | 291 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */ |
265 | #undef HAVE_STDINT_H]) | 292 | #undef HAVE_STDINT_H]) |
266 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */ | 293 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */ |
267 | #undef HAVE_STRINGS_H]) | 294 | #undef HAVE_STRINGS_H]) |
268 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_BITYPES_H], [/* Define to 1 if you have the <sys/bitypes.h> header file. */ | 295 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_BITYPES_H], [/* Define to 1 if you have the <sys/bitypes.h> header file. */ |
269 | #undef HAVE_SYS_BITYPES_H]) | 296 | #undef HAVE_SYS_BITYPES_H]) |
270 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_BSDTTY_H], [/* Define to 1 if you have the <sys/bsdtty.h> header file. */ | 297 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_BSDTTY_H], [/* Define to 1 if you have the <sys/bsdtty.h> header file. */ |
271 | #undef HAVE_SYS_BSDTTY_H]) | 298 | #undef HAVE_SYS_BSDTTY_H]) |
272 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_CDEFS_H], [/* Define to 1 if you have the <sys/cdefs.h> header file. */ | 299 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_CDEFS_H], [/* Define to 1 if you have the <sys/cdefs.h> header file. */ |
273 | #undef HAVE_SYS_CDEFS_H]) | 300 | #undef HAVE_SYS_CDEFS_H]) |
274 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_MMAN_H], [/* Define to 1 if you have the <sys/mman.h> header file. */ | 301 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_MMAN_H], [/* Define to 1 if you have the <sys/mman.h> header file. */ |
275 | #undef HAVE_SYS_MMAN_H]) | 302 | #undef HAVE_SYS_MMAN_H]) |
276 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_SELECT_H], [/* Define to 1 if you have the <sys/select.h> header file. */ | 303 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_SELECT_H], [/* Define to 1 if you have the <sys/select.h> header file. */ |
277 | #undef HAVE_SYS_SELECT_H]) | 304 | #undef HAVE_SYS_SELECT_H]) |
278 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */ | 305 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */ |
279 | #undef HAVE_SYS_STAT_H]) | 306 | #undef HAVE_SYS_STAT_H]) |
280 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_STROPTS_H], [/* Define to 1 if you have the <sys/stropts.h> header file. */ | 307 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_STROPTS_H], [/* Define to 1 if you have the <sys/stropts.h> header file. */ |
281 | #undef HAVE_SYS_STROPTS_H]) | 308 | #undef HAVE_SYS_STROPTS_H]) |
282 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_SYSMACROS_H], [/* Define to 1 if you have the <sys/sysmacros.h> header file. */ | 309 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_SYSMACROS_H], [/* Define to 1 if you have the <sys/sysmacros.h> header file. */ |
283 | #undef HAVE_SYS_SYSMACROS_H]) | 310 | #undef HAVE_SYS_SYSMACROS_H]) |
284 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_TIME_H], [/* Define to 1 if you have the <sys/time.h> header file. */ | 311 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_TIME_H], [/* Define to 1 if you have the <sys/time.h> header file. */ |
285 | #undef HAVE_SYS_TIME_H]) | 312 | #undef HAVE_SYS_TIME_H]) |
286 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_UN_H], [/* Define to 1 if you have the <sys/un.h> header file. */ | 313 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_UN_H], [/* Define to 1 if you have the <sys/un.h> header file. */ |
287 | #undef HAVE_SYS_UN_H]) | 314 | #undef HAVE_SYS_UN_H]) |
288 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_TIME_H], [/* Define to 1 if you have the <time.h> header file. */ | 315 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_TIME_H], [/* Define to 1 if you have the <time.h> header file. */ |
289 | #undef HAVE_TIME_H]) | 316 | #undef HAVE_TIME_H]) |
290 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_TTYENT_H], [/* Define to 1 if you have the <ttyent.h> header file. */ | 317 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_TMPDIR_H], [/* Define to 1 if you have the <tmpdir.h> header file. */ |
318 | #undef HAVE_TMPDIR_H]) | ||
319 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_TTYENT_H], [/* Define to 1 if you have the <ttyent.h> header file. */ | ||
291 | #undef HAVE_TTYENT_H]) | 320 | #undef HAVE_TTYENT_H]) |
292 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_USERSEC_H], [/* Define to 1 if you have the <usersec.h> header file. */ | 321 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_USERSEC_H], [/* Define to 1 if you have the <usersec.h> header file. */ |
293 | #undef HAVE_USERSEC_H]) | 322 | #undef HAVE_USERSEC_H]) |
294 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_UTIL_H], [/* Define to 1 if you have the <util.h> header file. */ | 323 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_UTIL_H], [/* Define to 1 if you have the <util.h> header file. */ |
295 | #undef HAVE_UTIL_H]) | 324 | #undef HAVE_UTIL_H]) |
296 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_UTIME_H], [/* Define to 1 if you have the <utime.h> header file. */ | 325 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_UTIME_H], [/* Define to 1 if you have the <utime.h> header file. */ |
297 | #undef HAVE_UTIME_H]) | 326 | #undef HAVE_UTIME_H]) |
298 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_UTMP_H], [/* Define to 1 if you have the <utmp.h> header file. */ | 327 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_UTMP_H], [/* Define to 1 if you have the <utmp.h> header file. */ |
299 | #undef HAVE_UTMP_H]) | 328 | #undef HAVE_UTMP_H]) |
300 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_UTMPX_H], [/* Define to 1 if you have the <utmpx.h> header file. */ | 329 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_UTMPX_H], [/* Define to 1 if you have the <utmpx.h> header file. */ |
301 | #undef HAVE_UTMPX_H]) | 330 | #undef HAVE_UTMPX_H]) |
302 | m4trace:configure.ac:359: -1- AC_HEADER_STDC | 331 | m4trace:configure.ac:388: -1- AC_HEADER_STDC |
303 | m4trace:configure.ac:359: -1- AC_DEFINE_TRACE_LITERAL([STDC_HEADERS]) | 332 | m4trace:configure.ac:388: -1- AC_DEFINE_TRACE_LITERAL([STDC_HEADERS]) |
304 | m4trace:configure.ac:359: -1- AH_OUTPUT([STDC_HEADERS], [/* Define to 1 if you have the ANSI C header files. */ | 333 | m4trace:configure.ac:388: -1- AH_OUTPUT([STDC_HEADERS], [/* Define to 1 if you have the ANSI C header files. */ |
305 | #undef STDC_HEADERS]) | 334 | #undef STDC_HEADERS]) |
306 | m4trace:configure.ac:359: -1- AC_CHECK_HEADERS([sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ | 335 | m4trace:configure.ac:388: -1- AC_CHECK_HEADERS([sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ |
307 | inttypes.h stdint.h unistd.h], [], [], [$ac_includes_default]) | 336 | inttypes.h stdint.h unistd.h], [], [], [$ac_includes_default]) |
308 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_TYPES_H], [/* Define to 1 if you have the <sys/types.h> header file. */ | 337 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_TYPES_H], [/* Define to 1 if you have the <sys/types.h> header file. */ |
309 | #undef HAVE_SYS_TYPES_H]) | 338 | #undef HAVE_SYS_TYPES_H]) |
310 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */ | 339 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */ |
311 | #undef HAVE_SYS_STAT_H]) | 340 | #undef HAVE_SYS_STAT_H]) |
312 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */ | 341 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */ |
313 | #undef HAVE_STDLIB_H]) | 342 | #undef HAVE_STDLIB_H]) |
314 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the <string.h> header file. */ | 343 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the <string.h> header file. */ |
315 | #undef HAVE_STRING_H]) | 344 | #undef HAVE_STRING_H]) |
316 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_MEMORY_H], [/* Define to 1 if you have the <memory.h> header file. */ | 345 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_MEMORY_H], [/* Define to 1 if you have the <memory.h> header file. */ |
317 | #undef HAVE_MEMORY_H]) | 346 | #undef HAVE_MEMORY_H]) |
318 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */ | 347 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */ |
319 | #undef HAVE_STRINGS_H]) | 348 | #undef HAVE_STRINGS_H]) |
320 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the <inttypes.h> header file. */ | 349 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the <inttypes.h> header file. */ |
321 | #undef HAVE_INTTYPES_H]) | 350 | #undef HAVE_INTTYPES_H]) |
322 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */ | 351 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */ |
323 | #undef HAVE_STDINT_H]) | 352 | #undef HAVE_STDINT_H]) |
324 | m4trace:configure.ac:359: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */ | 353 | m4trace:configure.ac:388: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */ |
325 | #undef HAVE_UNISTD_H]) | 354 | #undef HAVE_UNISTD_H]) |
326 | m4trace:configure.ac:362: -2- AC_CHECK_LIB([nsl], [yp_match]) | 355 | m4trace:configure.ac:391: -2- AC_CHECK_LIB([nsl], [yp_match]) |
327 | m4trace:configure.ac:362: -2- AH_OUTPUT([HAVE_LIBNSL], [/* Define to 1 if you have the \`nsl' library (-lnsl). */ | 356 | m4trace:configure.ac:391: -2- AH_OUTPUT([HAVE_LIBNSL], [/* Define to 1 if you have the \`nsl' library (-lnsl). */ |
328 | #undef HAVE_LIBNSL]) | 357 | #undef HAVE_LIBNSL]) |
329 | m4trace:configure.ac:362: -2- AC_DEFINE_TRACE_LITERAL([HAVE_LIBNSL]) | 358 | m4trace:configure.ac:391: -2- AC_DEFINE_TRACE_LITERAL([HAVE_LIBNSL]) |
330 | m4trace:configure.ac:363: -2- AC_CHECK_LIB([socket], [setsockopt]) | 359 | m4trace:configure.ac:392: -2- AC_CHECK_LIB([socket], [setsockopt]) |
331 | m4trace:configure.ac:363: -2- AH_OUTPUT([HAVE_LIBSOCKET], [/* Define to 1 if you have the \`socket' library (-lsocket). */ | 360 | m4trace:configure.ac:392: -2- AH_OUTPUT([HAVE_LIBSOCKET], [/* Define to 1 if you have the \`socket' library (-lsocket). */ |
332 | #undef HAVE_LIBSOCKET]) | 361 | #undef HAVE_LIBSOCKET]) |
333 | m4trace:configure.ac:363: -2- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSOCKET]) | 362 | m4trace:configure.ac:392: -2- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSOCKET]) |
334 | m4trace:configure.ac:368: -1- AC_CHECK_LIB([rpc], [innetgr], [LIBS="-lrpc -lyp -lrpc $LIBS" ], [], [-lyp -lrpc]) | 363 | m4trace:configure.ac:397: -1- AC_CHECK_LIB([rpc], [innetgr], [LIBS="-lrpc -lyp -lrpc $LIBS" ], [], [-lyp -lrpc]) |
335 | m4trace:configure.ac:373: -2- AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"]) | 364 | m4trace:configure.ac:402: -2- AC_CHECK_LIB([gen], [getspnam], [LIBS="$LIBS -lgen"]) |
336 | m4trace:configure.ac:415: -1- AC_CHECK_LIB([z], [deflate], [], [{ { echo "$as_me:$LINENO: error: *** zlib missing - please install first or check config.log ***" >&5 | 365 | m4trace:configure.ac:444: -1- AC_CHECK_LIB([z], [deflate], [], [{ { echo "$as_me:$LINENO: error: *** zlib missing - please install first or check config.log ***" >&5 |
337 | echo "$as_me: error: *** zlib missing - please install first or check config.log ***" >&2;} | 366 | echo "$as_me: error: *** zlib missing - please install first or check config.log ***" >&2;} |
338 | { (exit 1); exit 1; }; }]) | 367 | { (exit 1); exit 1; }; }]) |
339 | m4trace:configure.ac:415: -1- AH_OUTPUT([HAVE_LIBZ], [/* Define to 1 if you have the \`z' library (-lz). */ | 368 | m4trace:configure.ac:444: -1- AH_OUTPUT([HAVE_LIBZ], [/* Define to 1 if you have the \`z' library (-lz). */ |
340 | #undef HAVE_LIBZ]) | 369 | #undef HAVE_LIBZ]) |
341 | m4trace:configure.ac:415: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBZ]) | 370 | m4trace:configure.ac:444: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBZ]) |
342 | m4trace:configure.ac:420: -1- AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) | 371 | m4trace:configure.ac:449: -1- AC_CHECK_LIB([resolv], [strcasecmp], [LIBS="$LIBS -lresolv"]) |
343 | m4trace:configure.ac:423: -1- AC_CHECK_LIB([c89], [utimes], [LIBS="$LIBS -lc89"]) | 372 | m4trace:configure.ac:453: -1- AC_CHECK_LIB([c89], [utimes], [AC_DEFINE(HAVE_UTIMES) |
344 | m4trace:configure.ac:426: -1- AC_CHECK_HEADERS([libutil.h]) | 373 | LIBS="$LIBS -lc89"]) |
345 | m4trace:configure.ac:426: -1- AH_OUTPUT([HAVE_LIBUTIL_H], [/* Define to 1 if you have the <libutil.h> header file. */ | 374 | m4trace:configure.ac:453: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UTIMES]) |
375 | m4trace:configure.ac:456: -1- AC_CHECK_HEADERS([libutil.h]) | ||
376 | m4trace:configure.ac:456: -1- AH_OUTPUT([HAVE_LIBUTIL_H], [/* Define to 1 if you have the <libutil.h> header file. */ | ||
346 | #undef HAVE_LIBUTIL_H]) | 377 | #undef HAVE_LIBUTIL_H]) |
347 | m4trace:configure.ac:427: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LOGIN]) | 378 | m4trace:configure.ac:457: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LOGIN]) |
348 | m4trace:configure.ac:428: -1- AC_CHECK_FUNCS([logout updwtmp logwtmp]) | 379 | m4trace:configure.ac:458: -1- AC_CHECK_FUNCS([logout updwtmp logwtmp]) |
349 | m4trace:configure.ac:428: -1- AH_OUTPUT([HAVE_LOGOUT], [/* Define to 1 if you have the \`logout' function. */ | 380 | m4trace:configure.ac:458: -1- AH_OUTPUT([HAVE_LOGOUT], [/* Define to 1 if you have the \`logout' function. */ |
350 | #undef HAVE_LOGOUT]) | 381 | #undef HAVE_LOGOUT]) |
351 | m4trace:configure.ac:428: -1- AH_OUTPUT([HAVE_UPDWTMP], [/* Define to 1 if you have the \`updwtmp' function. */ | 382 | m4trace:configure.ac:458: -1- AH_OUTPUT([HAVE_UPDWTMP], [/* Define to 1 if you have the \`updwtmp' function. */ |
352 | #undef HAVE_UPDWTMP]) | 383 | #undef HAVE_UPDWTMP]) |
353 | m4trace:configure.ac:428: -1- AH_OUTPUT([HAVE_LOGWTMP], [/* Define to 1 if you have the \`logwtmp' function. */ | 384 | m4trace:configure.ac:458: -1- AH_OUTPUT([HAVE_LOGWTMP], [/* Define to 1 if you have the \`logwtmp' function. */ |
354 | #undef HAVE_LOGWTMP]) | 385 | #undef HAVE_LOGWTMP]) |
355 | m4trace:configure.ac:430: -1- AC_FUNC_STRFTIME | 386 | m4trace:configure.ac:460: -1- AC_FUNC_STRFTIME |
356 | m4trace:configure.ac:430: -1- AC_CHECK_FUNCS([strftime], [], [# strftime is in -lintl on SCO UNIX. | 387 | m4trace:configure.ac:460: -1- AC_CHECK_FUNCS([strftime], [], [# strftime is in -lintl on SCO UNIX. |
357 | AC_CHECK_LIB(intl, strftime, | 388 | AC_CHECK_LIB(intl, strftime, |
358 | [AC_DEFINE(HAVE_STRFTIME) | 389 | [AC_DEFINE(HAVE_STRFTIME) |
359 | LIBS="-lintl $LIBS"])]) | 390 | LIBS="-lintl $LIBS"])]) |
360 | m4trace:configure.ac:430: -1- AH_OUTPUT([HAVE_STRFTIME], [/* Define to 1 if you have the \`strftime' function. */ | 391 | m4trace:configure.ac:460: -1- AH_OUTPUT([HAVE_STRFTIME], [/* Define to 1 if you have the \`strftime' function. */ |
361 | #undef HAVE_STRFTIME]) | 392 | #undef HAVE_STRFTIME]) |
362 | m4trace:configure.ac:430: -1- AC_CHECK_LIB([intl], [strftime], [AC_DEFINE(HAVE_STRFTIME) | 393 | m4trace:configure.ac:460: -1- AC_CHECK_LIB([intl], [strftime], [AC_DEFINE(HAVE_STRFTIME) |
363 | LIBS="-lintl $LIBS"]) | 394 | LIBS="-lintl $LIBS"]) |
364 | m4trace:configure.ac:430: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRFTIME]) | 395 | m4trace:configure.ac:460: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRFTIME]) |
365 | m4trace:configure.ac:448: -1- AC_DEFINE_TRACE_LITERAL([GLOB_HAS_ALTDIRFUNC]) | 396 | m4trace:configure.ac:478: -1- AC_DEFINE_TRACE_LITERAL([GLOB_HAS_ALTDIRFUNC]) |
366 | m4trace:configure.ac:464: -1- AC_DEFINE_TRACE_LITERAL([GLOB_HAS_GL_MATCHC]) | 397 | m4trace:configure.ac:494: -1- AC_DEFINE_TRACE_LITERAL([GLOB_HAS_GL_MATCHC]) |
367 | m4trace:configure.ac:478: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_ONE_BYTE_DIRENT_D_NAME]) | 398 | m4trace:configure.ac:508: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_ONE_BYTE_DIRENT_D_NAME]) |
368 | m4trace:configure.ac:511: -1- AC_DEFINE_TRACE_LITERAL([SKEY]) | 399 | m4trace:configure.ac:541: -1- AC_DEFINE_TRACE_LITERAL([SKEY]) |
369 | m4trace:configure.ac:565: -1- AC_DEFINE_TRACE_LITERAL([LIBWRAP]) | 400 | m4trace:configure.ac:595: -1- AC_DEFINE_TRACE_LITERAL([LIBWRAP]) |
370 | m4trace:configure.ac:565: -1- AC_SUBST([LIBWRAP]) | 401 | m4trace:configure.ac:595: -1- AC_SUBST([LIBWRAP]) |
371 | m4trace:configure.ac:578: -1- AC_CHECK_FUNCS([arc4random b64_ntop bcopy bindresvport_sa \ | 402 | m4trace:configure.ac:608: -1- AC_CHECK_FUNCS([arc4random b64_ntop bcopy bindresvport_sa \ |
372 | clock fchmod fchown freeaddrinfo futimes gai_strerror \ | 403 | clock fchmod fchown freeaddrinfo futimes gai_strerror \ |
373 | getaddrinfo getcwd getgrouplist getnameinfo getopt \ | 404 | getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\ |
374 | getrlimit getrusage getttyent glob inet_aton inet_ntoa \ | 405 | getrlimit getrusage getttyent glob inet_aton inet_ntoa \ |
375 | inet_ntop innetgr login_getcapbool md5_crypt memmove \ | 406 | inet_ntop innetgr login_getcapbool md5_crypt memmove \ |
376 | mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \ | 407 | mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \ |
@@ -379,142 +410,143 @@ m4trace:configure.ac:578: -1- AC_CHECK_FUNCS([arc4random b64_ntop bcopy bindresv | |||
379 | setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \ | 410 | setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \ |
380 | socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \ | 411 | socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \ |
381 | truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty]) | 412 | truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty]) |
382 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_ARC4RANDOM], [/* Define to 1 if you have the \`arc4random' function. */ | 413 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_ARC4RANDOM], [/* Define to 1 if you have the \`arc4random' function. */ |
383 | #undef HAVE_ARC4RANDOM]) | 414 | #undef HAVE_ARC4RANDOM]) |
384 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_B64_NTOP], [/* Define to 1 if you have the \`b64_ntop' function. */ | 415 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_B64_NTOP], [/* Define to 1 if you have the \`b64_ntop' function. */ |
385 | #undef HAVE_B64_NTOP]) | 416 | #undef HAVE_B64_NTOP]) |
386 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_BCOPY], [/* Define to 1 if you have the \`bcopy' function. */ | 417 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_BCOPY], [/* Define to 1 if you have the \`bcopy' function. */ |
387 | #undef HAVE_BCOPY]) | 418 | #undef HAVE_BCOPY]) |
388 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_BINDRESVPORT_SA], [/* Define to 1 if you have the \`bindresvport_sa' function. */ | 419 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_BINDRESVPORT_SA], [/* Define to 1 if you have the \`bindresvport_sa' function. */ |
389 | #undef HAVE_BINDRESVPORT_SA]) | 420 | #undef HAVE_BINDRESVPORT_SA]) |
390 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_CLOCK], [/* Define to 1 if you have the \`clock' function. */ | 421 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_CLOCK], [/* Define to 1 if you have the \`clock' function. */ |
391 | #undef HAVE_CLOCK]) | 422 | #undef HAVE_CLOCK]) |
392 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_FCHMOD], [/* Define to 1 if you have the \`fchmod' function. */ | 423 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_FCHMOD], [/* Define to 1 if you have the \`fchmod' function. */ |
393 | #undef HAVE_FCHMOD]) | 424 | #undef HAVE_FCHMOD]) |
394 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_FCHOWN], [/* Define to 1 if you have the \`fchown' function. */ | 425 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_FCHOWN], [/* Define to 1 if you have the \`fchown' function. */ |
395 | #undef HAVE_FCHOWN]) | 426 | #undef HAVE_FCHOWN]) |
396 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_FREEADDRINFO], [/* Define to 1 if you have the \`freeaddrinfo' function. */ | 427 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_FREEADDRINFO], [/* Define to 1 if you have the \`freeaddrinfo' function. */ |
397 | #undef HAVE_FREEADDRINFO]) | 428 | #undef HAVE_FREEADDRINFO]) |
398 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_FUTIMES], [/* Define to 1 if you have the \`futimes' function. */ | 429 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_FUTIMES], [/* Define to 1 if you have the \`futimes' function. */ |
399 | #undef HAVE_FUTIMES]) | 430 | #undef HAVE_FUTIMES]) |
400 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GAI_STRERROR], [/* Define to 1 if you have the \`gai_strerror' function. */ | 431 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GAI_STRERROR], [/* Define to 1 if you have the \`gai_strerror' function. */ |
401 | #undef HAVE_GAI_STRERROR]) | 432 | #undef HAVE_GAI_STRERROR]) |
402 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GETADDRINFO], [/* Define to 1 if you have the \`getaddrinfo' function. */ | 433 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETADDRINFO], [/* Define to 1 if you have the \`getaddrinfo' function. */ |
403 | #undef HAVE_GETADDRINFO]) | 434 | #undef HAVE_GETADDRINFO]) |
404 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GETCWD], [/* Define to 1 if you have the \`getcwd' function. */ | 435 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETCWD], [/* Define to 1 if you have the \`getcwd' function. */ |
405 | #undef HAVE_GETCWD]) | 436 | #undef HAVE_GETCWD]) |
406 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GETGROUPLIST], [/* Define to 1 if you have the \`getgrouplist' function. */ | 437 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETGROUPLIST], [/* Define to 1 if you have the \`getgrouplist' function. */ |
407 | #undef HAVE_GETGROUPLIST]) | 438 | #undef HAVE_GETGROUPLIST]) |
408 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GETNAMEINFO], [/* Define to 1 if you have the \`getnameinfo' function. */ | 439 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETNAMEINFO], [/* Define to 1 if you have the \`getnameinfo' function. */ |
409 | #undef HAVE_GETNAMEINFO]) | 440 | #undef HAVE_GETNAMEINFO]) |
410 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GETOPT], [/* Define to 1 if you have the \`getopt' function. */ | 441 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETOPT], [/* Define to 1 if you have the \`getopt' function. */ |
411 | #undef HAVE_GETOPT]) | 442 | #undef HAVE_GETOPT]) |
412 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GETRLIMIT], [/* Define to 1 if you have the \`getrlimit' function. */ | 443 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETPEEREID], [/* Define to 1 if you have the \`getpeereid' function. */ |
444 | #undef HAVE_GETPEEREID]) | ||
445 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETRLIMIT], [/* Define to 1 if you have the \`getrlimit' function. */ | ||
413 | #undef HAVE_GETRLIMIT]) | 446 | #undef HAVE_GETRLIMIT]) |
414 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GETRUSAGE], [/* Define to 1 if you have the \`getrusage' function. */ | 447 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETRUSAGE], [/* Define to 1 if you have the \`getrusage' function. */ |
415 | #undef HAVE_GETRUSAGE]) | 448 | #undef HAVE_GETRUSAGE]) |
416 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GETTTYENT], [/* Define to 1 if you have the \`getttyent' function. */ | 449 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GETTTYENT], [/* Define to 1 if you have the \`getttyent' function. */ |
417 | #undef HAVE_GETTTYENT]) | 450 | #undef HAVE_GETTTYENT]) |
418 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_GLOB], [/* Define to 1 if you have the \`glob' function. */ | 451 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_GLOB], [/* Define to 1 if you have the \`glob' function. */ |
419 | #undef HAVE_GLOB]) | 452 | #undef HAVE_GLOB]) |
420 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_INET_ATON], [/* Define to 1 if you have the \`inet_aton' function. */ | 453 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_INET_ATON], [/* Define to 1 if you have the \`inet_aton' function. */ |
421 | #undef HAVE_INET_ATON]) | 454 | #undef HAVE_INET_ATON]) |
422 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_INET_NTOA], [/* Define to 1 if you have the \`inet_ntoa' function. */ | 455 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_INET_NTOA], [/* Define to 1 if you have the \`inet_ntoa' function. */ |
423 | #undef HAVE_INET_NTOA]) | 456 | #undef HAVE_INET_NTOA]) |
424 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_INET_NTOP], [/* Define to 1 if you have the \`inet_ntop' function. */ | 457 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_INET_NTOP], [/* Define to 1 if you have the \`inet_ntop' function. */ |
425 | #undef HAVE_INET_NTOP]) | 458 | #undef HAVE_INET_NTOP]) |
426 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_INNETGR], [/* Define to 1 if you have the \`innetgr' function. */ | 459 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_INNETGR], [/* Define to 1 if you have the \`innetgr' function. */ |
427 | #undef HAVE_INNETGR]) | 460 | #undef HAVE_INNETGR]) |
428 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_LOGIN_GETCAPBOOL], [/* Define to 1 if you have the \`login_getcapbool' function. */ | 461 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_LOGIN_GETCAPBOOL], [/* Define to 1 if you have the \`login_getcapbool' function. */ |
429 | #undef HAVE_LOGIN_GETCAPBOOL]) | 462 | #undef HAVE_LOGIN_GETCAPBOOL]) |
430 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_MD5_CRYPT], [/* Define to 1 if you have the \`md5_crypt' function. */ | 463 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_MD5_CRYPT], [/* Define to 1 if you have the \`md5_crypt' function. */ |
431 | #undef HAVE_MD5_CRYPT]) | 464 | #undef HAVE_MD5_CRYPT]) |
432 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_MEMMOVE], [/* Define to 1 if you have the \`memmove' function. */ | 465 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_MEMMOVE], [/* Define to 1 if you have the \`memmove' function. */ |
433 | #undef HAVE_MEMMOVE]) | 466 | #undef HAVE_MEMMOVE]) |
434 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_MKDTEMP], [/* Define to 1 if you have the \`mkdtemp' function. */ | 467 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_MKDTEMP], [/* Define to 1 if you have the \`mkdtemp' function. */ |
435 | #undef HAVE_MKDTEMP]) | 468 | #undef HAVE_MKDTEMP]) |
436 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_MMAP], [/* Define to 1 if you have the \`mmap' function. */ | 469 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_MMAP], [/* Define to 1 if you have the \`mmap' function. */ |
437 | #undef HAVE_MMAP]) | 470 | #undef HAVE_MMAP]) |
438 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_NGETADDRINFO], [/* Define to 1 if you have the \`ngetaddrinfo' function. */ | 471 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_NGETADDRINFO], [/* Define to 1 if you have the \`ngetaddrinfo' function. */ |
439 | #undef HAVE_NGETADDRINFO]) | 472 | #undef HAVE_NGETADDRINFO]) |
440 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_OPENPTY], [/* Define to 1 if you have the \`openpty' function. */ | 473 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_OPENPTY], [/* Define to 1 if you have the \`openpty' function. */ |
441 | #undef HAVE_OPENPTY]) | 474 | #undef HAVE_OPENPTY]) |
442 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_OGETADDRINFO], [/* Define to 1 if you have the \`ogetaddrinfo' function. */ | 475 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_OGETADDRINFO], [/* Define to 1 if you have the \`ogetaddrinfo' function. */ |
443 | #undef HAVE_OGETADDRINFO]) | 476 | #undef HAVE_OGETADDRINFO]) |
444 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_READPASSPHRASE], [/* Define to 1 if you have the \`readpassphrase' function. */ | 477 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_READPASSPHRASE], [/* Define to 1 if you have the \`readpassphrase' function. */ |
445 | #undef HAVE_READPASSPHRASE]) | 478 | #undef HAVE_READPASSPHRASE]) |
446 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_REALPATH], [/* Define to 1 if you have the \`realpath' function. */ | 479 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_REALPATH], [/* Define to 1 if you have the \`realpath' function. */ |
447 | #undef HAVE_REALPATH]) | 480 | #undef HAVE_REALPATH]) |
448 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_RECVMSG], [/* Define to 1 if you have the \`recvmsg' function. */ | 481 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_RECVMSG], [/* Define to 1 if you have the \`recvmsg' function. */ |
449 | #undef HAVE_RECVMSG]) | 482 | #undef HAVE_RECVMSG]) |
450 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_RRESVPORT_AF], [/* Define to 1 if you have the \`rresvport_af' function. */ | 483 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_RRESVPORT_AF], [/* Define to 1 if you have the \`rresvport_af' function. */ |
451 | #undef HAVE_RRESVPORT_AF]) | 484 | #undef HAVE_RRESVPORT_AF]) |
452 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SENDMSG], [/* Define to 1 if you have the \`sendmsg' function. */ | 485 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SENDMSG], [/* Define to 1 if you have the \`sendmsg' function. */ |
453 | #undef HAVE_SENDMSG]) | 486 | #undef HAVE_SENDMSG]) |
454 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETDTABLESIZE], [/* Define to 1 if you have the \`setdtablesize' function. */ | 487 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETDTABLESIZE], [/* Define to 1 if you have the \`setdtablesize' function. */ |
455 | #undef HAVE_SETDTABLESIZE]) | 488 | #undef HAVE_SETDTABLESIZE]) |
456 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETEGID], [/* Define to 1 if you have the \`setegid' function. */ | 489 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETEGID], [/* Define to 1 if you have the \`setegid' function. */ |
457 | #undef HAVE_SETEGID]) | 490 | #undef HAVE_SETEGID]) |
458 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETENV], [/* Define to 1 if you have the \`setenv' function. */ | 491 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETENV], [/* Define to 1 if you have the \`setenv' function. */ |
459 | #undef HAVE_SETENV]) | 492 | #undef HAVE_SETENV]) |
460 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETEUID], [/* Define to 1 if you have the \`seteuid' function. */ | 493 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETEUID], [/* Define to 1 if you have the \`seteuid' function. */ |
461 | #undef HAVE_SETEUID]) | 494 | #undef HAVE_SETEUID]) |
462 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETGROUPS], [/* Define to 1 if you have the \`setgroups' function. */ | 495 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETGROUPS], [/* Define to 1 if you have the \`setgroups' function. */ |
463 | #undef HAVE_SETGROUPS]) | 496 | #undef HAVE_SETGROUPS]) |
464 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETLOGIN], [/* Define to 1 if you have the \`setlogin' function. */ | 497 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETLOGIN], [/* Define to 1 if you have the \`setlogin' function. */ |
465 | #undef HAVE_SETLOGIN]) | 498 | #undef HAVE_SETLOGIN]) |
466 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETPROCTITLE], [/* Define to 1 if you have the \`setproctitle' function. */ | 499 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETPROCTITLE], [/* Define to 1 if you have the \`setproctitle' function. */ |
467 | #undef HAVE_SETPROCTITLE]) | 500 | #undef HAVE_SETPROCTITLE]) |
468 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETRESGID], [/* Define to 1 if you have the \`setresgid' function. */ | 501 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETRESGID], [/* Define to 1 if you have the \`setresgid' function. */ |
469 | #undef HAVE_SETRESGID]) | 502 | #undef HAVE_SETRESGID]) |
470 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETREUID], [/* Define to 1 if you have the \`setreuid' function. */ | 503 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETREUID], [/* Define to 1 if you have the \`setreuid' function. */ |
471 | #undef HAVE_SETREUID]) | 504 | #undef HAVE_SETREUID]) |
472 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETRLIMIT], [/* Define to 1 if you have the \`setrlimit' function. */ | 505 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETRLIMIT], [/* Define to 1 if you have the \`setrlimit' function. */ |
473 | #undef HAVE_SETRLIMIT]) | 506 | #undef HAVE_SETRLIMIT]) |
474 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETSID], [/* Define to 1 if you have the \`setsid' function. */ | 507 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETSID], [/* Define to 1 if you have the \`setsid' function. */ |
475 | #undef HAVE_SETSID]) | 508 | #undef HAVE_SETSID]) |
476 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETPCRED], [/* Define to 1 if you have the \`setpcred' function. */ | 509 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETPCRED], [/* Define to 1 if you have the \`setpcred' function. */ |
477 | #undef HAVE_SETPCRED]) | 510 | #undef HAVE_SETPCRED]) |
478 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SETVBUF], [/* Define to 1 if you have the \`setvbuf' function. */ | 511 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SETVBUF], [/* Define to 1 if you have the \`setvbuf' function. */ |
479 | #undef HAVE_SETVBUF]) | 512 | #undef HAVE_SETVBUF]) |
480 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SIGACTION], [/* Define to 1 if you have the \`sigaction' function. */ | 513 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SIGACTION], [/* Define to 1 if you have the \`sigaction' function. */ |
481 | #undef HAVE_SIGACTION]) | 514 | #undef HAVE_SIGACTION]) |
482 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SIGVEC], [/* Define to 1 if you have the \`sigvec' function. */ | 515 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SIGVEC], [/* Define to 1 if you have the \`sigvec' function. */ |
483 | #undef HAVE_SIGVEC]) | 516 | #undef HAVE_SIGVEC]) |
484 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SNPRINTF], [/* Define to 1 if you have the \`snprintf' function. */ | 517 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SNPRINTF], [/* Define to 1 if you have the \`snprintf' function. */ |
485 | #undef HAVE_SNPRINTF]) | 518 | #undef HAVE_SNPRINTF]) |
486 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SOCKETPAIR], [/* Define to 1 if you have the \`socketpair' function. */ | 519 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SOCKETPAIR], [/* Define to 1 if you have the \`socketpair' function. */ |
487 | #undef HAVE_SOCKETPAIR]) | 520 | #undef HAVE_SOCKETPAIR]) |
488 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_STRERROR], [/* Define to 1 if you have the \`strerror' function. */ | 521 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_STRERROR], [/* Define to 1 if you have the \`strerror' function. */ |
489 | #undef HAVE_STRERROR]) | 522 | #undef HAVE_STRERROR]) |
490 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_STRLCAT], [/* Define to 1 if you have the \`strlcat' function. */ | 523 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_STRLCAT], [/* Define to 1 if you have the \`strlcat' function. */ |
491 | #undef HAVE_STRLCAT]) | 524 | #undef HAVE_STRLCAT]) |
492 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_STRLCPY], [/* Define to 1 if you have the \`strlcpy' function. */ | 525 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_STRLCPY], [/* Define to 1 if you have the \`strlcpy' function. */ |
493 | #undef HAVE_STRLCPY]) | 526 | #undef HAVE_STRLCPY]) |
494 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_STRMODE], [/* Define to 1 if you have the \`strmode' function. */ | 527 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_STRMODE], [/* Define to 1 if you have the \`strmode' function. */ |
495 | #undef HAVE_STRMODE]) | 528 | #undef HAVE_STRMODE]) |
496 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_STRSEP], [/* Define to 1 if you have the \`strsep' function. */ | 529 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_STRSEP], [/* Define to 1 if you have the \`strsep' function. */ |
497 | #undef HAVE_STRSEP]) | 530 | #undef HAVE_STRSEP]) |
498 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_SYSCONF], [/* Define to 1 if you have the \`sysconf' function. */ | 531 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_SYSCONF], [/* Define to 1 if you have the \`sysconf' function. */ |
499 | #undef HAVE_SYSCONF]) | 532 | #undef HAVE_SYSCONF]) |
500 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_TCGETPGRP], [/* Define to 1 if you have the \`tcgetpgrp' function. */ | 533 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_TCGETPGRP], [/* Define to 1 if you have the \`tcgetpgrp' function. */ |
501 | #undef HAVE_TCGETPGRP]) | 534 | #undef HAVE_TCGETPGRP]) |
502 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_TRUNCATE], [/* Define to 1 if you have the \`truncate' function. */ | 535 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_TRUNCATE], [/* Define to 1 if you have the \`truncate' function. */ |
503 | #undef HAVE_TRUNCATE]) | 536 | #undef HAVE_TRUNCATE]) |
504 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_UTIMES], [/* Define to 1 if you have the \`utimes' function. */ | 537 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_UTIMES], [/* Define to 1 if you have the \`utimes' function. */ |
505 | #undef HAVE_UTIMES]) | 538 | #undef HAVE_UTIMES]) |
506 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_VHANGUP], [/* Define to 1 if you have the \`vhangup' function. */ | 539 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_VHANGUP], [/* Define to 1 if you have the \`vhangup' function. */ |
507 | #undef HAVE_VHANGUP]) | 540 | #undef HAVE_VHANGUP]) |
508 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_VSNPRINTF], [/* Define to 1 if you have the \`vsnprintf' function. */ | 541 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_VSNPRINTF], [/* Define to 1 if you have the \`vsnprintf' function. */ |
509 | #undef HAVE_VSNPRINTF]) | 542 | #undef HAVE_VSNPRINTF]) |
510 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE_WAITPID], [/* Define to 1 if you have the \`waitpid' function. */ | 543 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE_WAITPID], [/* Define to 1 if you have the \`waitpid' function. */ |
511 | #undef HAVE_WAITPID]) | 544 | #undef HAVE_WAITPID]) |
512 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE___B64_NTOP], [/* Define to 1 if you have the \`__b64_ntop' function. */ | 545 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE___B64_NTOP], [/* Define to 1 if you have the \`__b64_ntop' function. */ |
513 | #undef HAVE___B64_NTOP]) | 546 | #undef HAVE___B64_NTOP]) |
514 | m4trace:configure.ac:578: -1- AH_OUTPUT([HAVE__GETPTY], [/* Define to 1 if you have the \`_getpty' function. */ | 547 | m4trace:configure.ac:608: -1- AH_OUTPUT([HAVE__GETPTY], [/* Define to 1 if you have the \`_getpty' function. */ |
515 | #undef HAVE__GETPTY]) | 548 | #undef HAVE__GETPTY]) |
516 | m4trace:configure.ac:601: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MMAP_ANON_SHARED]) | 549 | m4trace:configure.ac:645: -1- AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS(libgen.h) ], [ |
517 | m4trace:configure.ac:639: -1- AC_CHECK_FUNCS([dirname], [AC_CHECK_HEADERS(libgen.h) ], [ | ||
518 | AC_CHECK_LIB(gen, dirname,[ | 550 | AC_CHECK_LIB(gen, dirname,[ |
519 | AC_CACHE_CHECK([for broken dirname], | 551 | AC_CACHE_CHECK([for broken dirname], |
520 | ac_cv_have_broken_dirname, [ | 552 | ac_cv_have_broken_dirname, [ |
@@ -549,12 +581,12 @@ int main(int argc, char **argv) { | |||
549 | fi | 581 | fi |
550 | ]) | 582 | ]) |
551 | ]) | 583 | ]) |
552 | m4trace:configure.ac:639: -1- AH_OUTPUT([HAVE_DIRNAME], [/* Define to 1 if you have the \`dirname' function. */ | 584 | m4trace:configure.ac:645: -1- AH_OUTPUT([HAVE_DIRNAME], [/* Define to 1 if you have the \`dirname' function. */ |
553 | #undef HAVE_DIRNAME]) | 585 | #undef HAVE_DIRNAME]) |
554 | m4trace:configure.ac:639: -1- AC_CHECK_HEADERS([libgen.h]) | 586 | m4trace:configure.ac:645: -1- AC_CHECK_HEADERS([libgen.h]) |
555 | m4trace:configure.ac:639: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */ | 587 | m4trace:configure.ac:645: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */ |
556 | #undef HAVE_LIBGEN_H]) | 588 | #undef HAVE_LIBGEN_H]) |
557 | m4trace:configure.ac:639: -1- AC_CHECK_LIB([gen], [dirname], [ | 589 | m4trace:configure.ac:645: -1- AC_CHECK_LIB([gen], [dirname], [ |
558 | AC_CACHE_CHECK([for broken dirname], | 590 | AC_CACHE_CHECK([for broken dirname], |
559 | ac_cv_have_broken_dirname, [ | 591 | ac_cv_have_broken_dirname, [ |
560 | save_LIBS="$LIBS" | 592 | save_LIBS="$LIBS" |
@@ -587,285 +619,287 @@ int main(int argc, char **argv) { | |||
587 | AC_CHECK_HEADERS(libgen.h) | 619 | AC_CHECK_HEADERS(libgen.h) |
588 | fi | 620 | fi |
589 | ]) | 621 | ]) |
590 | m4trace:configure.ac:639: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DIRNAME]) | 622 | m4trace:configure.ac:645: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DIRNAME]) |
591 | m4trace:configure.ac:639: -1- AC_CHECK_HEADERS([libgen.h]) | 623 | m4trace:configure.ac:645: -1- AC_CHECK_HEADERS([libgen.h]) |
592 | m4trace:configure.ac:639: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */ | 624 | m4trace:configure.ac:645: -1- AH_OUTPUT([HAVE_LIBGEN_H], [/* Define to 1 if you have the <libgen.h> header file. */ |
593 | #undef HAVE_LIBGEN_H]) | 625 | #undef HAVE_LIBGEN_H]) |
594 | m4trace:configure.ac:642: -1- AC_CHECK_FUNCS([gettimeofday time]) | 626 | m4trace:configure.ac:648: -1- AC_CHECK_FUNCS([gettimeofday time]) |
595 | m4trace:configure.ac:642: -1- AH_OUTPUT([HAVE_GETTIMEOFDAY], [/* Define to 1 if you have the \`gettimeofday' function. */ | 627 | m4trace:configure.ac:648: -1- AH_OUTPUT([HAVE_GETTIMEOFDAY], [/* Define to 1 if you have the \`gettimeofday' function. */ |
596 | #undef HAVE_GETTIMEOFDAY]) | 628 | #undef HAVE_GETTIMEOFDAY]) |
597 | m4trace:configure.ac:642: -1- AH_OUTPUT([HAVE_TIME], [/* Define to 1 if you have the \`time' function. */ | 629 | m4trace:configure.ac:648: -1- AH_OUTPUT([HAVE_TIME], [/* Define to 1 if you have the \`time' function. */ |
598 | #undef HAVE_TIME]) | 630 | #undef HAVE_TIME]) |
599 | m4trace:configure.ac:644: -1- AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) | 631 | m4trace:configure.ac:650: -1- AC_CHECK_FUNCS([endutent getutent getutid getutline pututline setutent]) |
600 | m4trace:configure.ac:644: -1- AH_OUTPUT([HAVE_ENDUTENT], [/* Define to 1 if you have the \`endutent' function. */ | 632 | m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_ENDUTENT], [/* Define to 1 if you have the \`endutent' function. */ |
601 | #undef HAVE_ENDUTENT]) | 633 | #undef HAVE_ENDUTENT]) |
602 | m4trace:configure.ac:644: -1- AH_OUTPUT([HAVE_GETUTENT], [/* Define to 1 if you have the \`getutent' function. */ | 634 | m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_GETUTENT], [/* Define to 1 if you have the \`getutent' function. */ |
603 | #undef HAVE_GETUTENT]) | 635 | #undef HAVE_GETUTENT]) |
604 | m4trace:configure.ac:644: -1- AH_OUTPUT([HAVE_GETUTID], [/* Define to 1 if you have the \`getutid' function. */ | 636 | m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_GETUTID], [/* Define to 1 if you have the \`getutid' function. */ |
605 | #undef HAVE_GETUTID]) | 637 | #undef HAVE_GETUTID]) |
606 | m4trace:configure.ac:644: -1- AH_OUTPUT([HAVE_GETUTLINE], [/* Define to 1 if you have the \`getutline' function. */ | 638 | m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_GETUTLINE], [/* Define to 1 if you have the \`getutline' function. */ |
607 | #undef HAVE_GETUTLINE]) | 639 | #undef HAVE_GETUTLINE]) |
608 | m4trace:configure.ac:644: -1- AH_OUTPUT([HAVE_PUTUTLINE], [/* Define to 1 if you have the \`pututline' function. */ | 640 | m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_PUTUTLINE], [/* Define to 1 if you have the \`pututline' function. */ |
609 | #undef HAVE_PUTUTLINE]) | 641 | #undef HAVE_PUTUTLINE]) |
610 | m4trace:configure.ac:644: -1- AH_OUTPUT([HAVE_SETUTENT], [/* Define to 1 if you have the \`setutent' function. */ | 642 | m4trace:configure.ac:650: -1- AH_OUTPUT([HAVE_SETUTENT], [/* Define to 1 if you have the \`setutent' function. */ |
611 | #undef HAVE_SETUTENT]) | 643 | #undef HAVE_SETUTENT]) |
612 | m4trace:configure.ac:645: -1- AC_CHECK_FUNCS([utmpname]) | 644 | m4trace:configure.ac:651: -1- AC_CHECK_FUNCS([utmpname]) |
613 | m4trace:configure.ac:645: -1- AH_OUTPUT([HAVE_UTMPNAME], [/* Define to 1 if you have the \`utmpname' function. */ | 645 | m4trace:configure.ac:651: -1- AH_OUTPUT([HAVE_UTMPNAME], [/* Define to 1 if you have the \`utmpname' function. */ |
614 | #undef HAVE_UTMPNAME]) | 646 | #undef HAVE_UTMPNAME]) |
615 | m4trace:configure.ac:647: -1- AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline pututxline ]) | 647 | m4trace:configure.ac:653: -1- AC_CHECK_FUNCS([endutxent getutxent getutxid getutxline pututxline ]) |
616 | m4trace:configure.ac:647: -1- AH_OUTPUT([HAVE_ENDUTXENT], [/* Define to 1 if you have the \`endutxent' function. */ | 648 | m4trace:configure.ac:653: -1- AH_OUTPUT([HAVE_ENDUTXENT], [/* Define to 1 if you have the \`endutxent' function. */ |
617 | #undef HAVE_ENDUTXENT]) | 649 | #undef HAVE_ENDUTXENT]) |
618 | m4trace:configure.ac:647: -1- AH_OUTPUT([HAVE_GETUTXENT], [/* Define to 1 if you have the \`getutxent' function. */ | 650 | m4trace:configure.ac:653: -1- AH_OUTPUT([HAVE_GETUTXENT], [/* Define to 1 if you have the \`getutxent' function. */ |
619 | #undef HAVE_GETUTXENT]) | 651 | #undef HAVE_GETUTXENT]) |
620 | m4trace:configure.ac:647: -1- AH_OUTPUT([HAVE_GETUTXID], [/* Define to 1 if you have the \`getutxid' function. */ | 652 | m4trace:configure.ac:653: -1- AH_OUTPUT([HAVE_GETUTXID], [/* Define to 1 if you have the \`getutxid' function. */ |
621 | #undef HAVE_GETUTXID]) | 653 | #undef HAVE_GETUTXID]) |
622 | m4trace:configure.ac:647: -1- AH_OUTPUT([HAVE_GETUTXLINE], [/* Define to 1 if you have the \`getutxline' function. */ | 654 | m4trace:configure.ac:653: -1- AH_OUTPUT([HAVE_GETUTXLINE], [/* Define to 1 if you have the \`getutxline' function. */ |
623 | #undef HAVE_GETUTXLINE]) | 655 | #undef HAVE_GETUTXLINE]) |
624 | m4trace:configure.ac:647: -1- AH_OUTPUT([HAVE_PUTUTXLINE], [/* Define to 1 if you have the \`pututxline' function. */ | 656 | m4trace:configure.ac:653: -1- AH_OUTPUT([HAVE_PUTUTXLINE], [/* Define to 1 if you have the \`pututxline' function. */ |
625 | #undef HAVE_PUTUTXLINE]) | 657 | #undef HAVE_PUTUTXLINE]) |
626 | m4trace:configure.ac:648: -1- AC_CHECK_FUNCS([setutxent utmpxname]) | 658 | m4trace:configure.ac:654: -1- AC_CHECK_FUNCS([setutxent utmpxname]) |
627 | m4trace:configure.ac:648: -1- AH_OUTPUT([HAVE_SETUTXENT], [/* Define to 1 if you have the \`setutxent' function. */ | 659 | m4trace:configure.ac:654: -1- AH_OUTPUT([HAVE_SETUTXENT], [/* Define to 1 if you have the \`setutxent' function. */ |
628 | #undef HAVE_SETUTXENT]) | 660 | #undef HAVE_SETUTXENT]) |
629 | m4trace:configure.ac:648: -1- AH_OUTPUT([HAVE_UTMPXNAME], [/* Define to 1 if you have the \`utmpxname' function. */ | 661 | m4trace:configure.ac:654: -1- AH_OUTPUT([HAVE_UTMPXNAME], [/* Define to 1 if you have the \`utmpxname' function. */ |
630 | #undef HAVE_UTMPXNAME]) | 662 | #undef HAVE_UTMPXNAME]) |
631 | m4trace:configure.ac:653: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DAEMON]) | 663 | m4trace:configure.ac:659: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DAEMON]) |
632 | m4trace:configure.ac:653: -1- AC_CHECK_LIB([bsd], [daemon], [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)]) | 664 | m4trace:configure.ac:659: -1- AC_CHECK_LIB([bsd], [daemon], [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)]) |
633 | m4trace:configure.ac:653: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DAEMON]) | 665 | m4trace:configure.ac:659: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DAEMON]) |
634 | m4trace:configure.ac:658: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETPAGESIZE]) | 666 | m4trace:configure.ac:664: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETPAGESIZE]) |
635 | m4trace:configure.ac:658: -1- AC_CHECK_LIB([ucb], [getpagesize], [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)]) | 667 | m4trace:configure.ac:664: -1- AC_CHECK_LIB([ucb], [getpagesize], [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)]) |
636 | m4trace:configure.ac:658: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETPAGESIZE]) | 668 | m4trace:configure.ac:664: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETPAGESIZE]) |
637 | m4trace:configure.ac:674: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SNPRINTF]) | 669 | m4trace:configure.ac:680: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SNPRINTF]) |
638 | m4trace:configure.ac:677: -1- AC_FUNC_GETPGRP | 670 | m4trace:configure.ac:683: -1- AC_FUNC_GETPGRP |
639 | m4trace:configure.ac:677: -1- AC_DEFINE_TRACE_LITERAL([GETPGRP_VOID]) | 671 | m4trace:configure.ac:683: -1- AC_DEFINE_TRACE_LITERAL([GETPGRP_VOID]) |
640 | m4trace:configure.ac:677: -1- AH_OUTPUT([GETPGRP_VOID], [/* Define to 1 if the \`getpgrp' function requires zero arguments. */ | 672 | m4trace:configure.ac:683: -1- AH_OUTPUT([GETPGRP_VOID], [/* Define to 1 if the \`getpgrp' function requires zero arguments. */ |
641 | #undef GETPGRP_VOID]) | 673 | #undef GETPGRP_VOID]) |
642 | m4trace:configure.ac:705: -1- AC_CHECK_LIB([dl], [dlopen], [], []) | 674 | m4trace:configure.ac:711: -1- AC_CHECK_LIB([dl], [dlopen], [], []) |
643 | m4trace:configure.ac:705: -1- AH_OUTPUT([HAVE_LIBDL], [/* Define to 1 if you have the \`dl' library (-ldl). */ | 675 | m4trace:configure.ac:711: -1- AH_OUTPUT([HAVE_LIBDL], [/* Define to 1 if you have the \`dl' library (-ldl). */ |
644 | #undef HAVE_LIBDL]) | 676 | #undef HAVE_LIBDL]) |
645 | m4trace:configure.ac:705: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDL]) | 677 | m4trace:configure.ac:711: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDL]) |
646 | m4trace:configure.ac:705: -1- AC_CHECK_LIB([pam], [pam_set_item], [], [{ { echo "$as_me:$LINENO: error: *** libpam missing" >&5 | 678 | m4trace:configure.ac:711: -1- AC_CHECK_LIB([pam], [pam_set_item], [], [{ { echo "$as_me:$LINENO: error: *** libpam missing" >&5 |
647 | echo "$as_me: error: *** libpam missing" >&2;} | 679 | echo "$as_me: error: *** libpam missing" >&2;} |
648 | { (exit 1); exit 1; }; }]) | 680 | { (exit 1); exit 1; }; }]) |
649 | m4trace:configure.ac:705: -1- AH_OUTPUT([HAVE_LIBPAM], [/* Define to 1 if you have the \`pam' library (-lpam). */ | 681 | m4trace:configure.ac:711: -1- AH_OUTPUT([HAVE_LIBPAM], [/* Define to 1 if you have the \`pam' library (-lpam). */ |
650 | #undef HAVE_LIBPAM]) | 682 | #undef HAVE_LIBPAM]) |
651 | m4trace:configure.ac:705: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBPAM]) | 683 | m4trace:configure.ac:711: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBPAM]) |
652 | m4trace:configure.ac:705: -1- AC_CHECK_FUNCS([pam_getenvlist]) | 684 | m4trace:configure.ac:711: -1- AC_CHECK_FUNCS([pam_getenvlist]) |
653 | m4trace:configure.ac:705: -1- AH_OUTPUT([HAVE_PAM_GETENVLIST], [/* Define to 1 if you have the \`pam_getenvlist' function. */ | 685 | m4trace:configure.ac:711: -1- AH_OUTPUT([HAVE_PAM_GETENVLIST], [/* Define to 1 if you have the \`pam_getenvlist' function. */ |
654 | #undef HAVE_PAM_GETENVLIST]) | 686 | #undef HAVE_PAM_GETENVLIST]) |
655 | m4trace:configure.ac:705: -1- AC_DEFINE_TRACE_LITERAL([USE_PAM]) | 687 | m4trace:configure.ac:711: -1- AC_DEFINE_TRACE_LITERAL([USE_PAM]) |
656 | m4trace:configure.ac:705: -1- AC_SUBST([LIBPAM]) | 688 | m4trace:configure.ac:711: -1- AC_SUBST([LIBPAM]) |
657 | m4trace:configure.ac:723: -1- AC_DEFINE_TRACE_LITERAL([HAVE_OLD_PAM]) | 689 | m4trace:configure.ac:729: -1- AC_DEFINE_TRACE_LITERAL([HAVE_OLD_PAM]) |
658 | m4trace:configure.ac:755: -2- AC_DEFINE_TRACE_LITERAL([HAVE_OPENSSL]) | 690 | m4trace:configure.ac:735: -1- AC_CHECK_LIB([crypt], [crypt]) |
659 | m4trace:configure.ac:770: -2- AC_DEFINE_TRACE_LITERAL([HAVE_OPENSSL]) | 691 | m4trace:configure.ac:735: -1- AH_OUTPUT([HAVE_LIBCRYPT], [/* Define to 1 if you have the \`crypt' library (-lcrypt). */ |
660 | m4trace:configure.ac:793: -1- AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) | 692 | #undef HAVE_LIBCRYPT]) |
661 | m4trace:configure.ac:841: -1- AC_DEFINE_TRACE_LITERAL([OPENSSL_PRNG_ONLY]) | 693 | m4trace:configure.ac:735: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBCRYPT]) |
662 | m4trace:configure.ac:849: -1- AC_SUBST([INSTALL_SSH_RAND_HELPER]) | 694 | m4trace:configure.ac:767: -2- AC_DEFINE_TRACE_LITERAL([HAVE_OPENSSL]) |
663 | m4trace:configure.ac:872: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_PORT]) | 695 | m4trace:configure.ac:782: -2- AC_DEFINE_TRACE_LITERAL([HAVE_OPENSSL]) |
664 | m4trace:configure.ac:922: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_SOCKET]) | 696 | m4trace:configure.ac:869: -1- AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) |
665 | m4trace:configure.ac:922: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_SOCKET]) | 697 | m4trace:configure.ac:917: -1- AC_DEFINE_TRACE_LITERAL([OPENSSL_PRNG_ONLY]) |
666 | m4trace:configure.ac:934: -1- AC_DEFINE_TRACE_LITERAL([ENTROPY_TIMEOUT_MSEC]) | 698 | m4trace:configure.ac:925: -1- AC_SUBST([INSTALL_SSH_RAND_HELPER]) |
667 | m4trace:configure.ac:945: -1- AC_DEFINE_TRACE_LITERAL([SSH_PRIVSEP_USER]) | 699 | m4trace:configure.ac:948: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_PORT]) |
668 | m4trace:configure.ac:946: -1- AC_SUBST([SSH_PRIVSEP_USER]) | 700 | m4trace:configure.ac:998: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_SOCKET]) |
669 | m4trace:configure.ac:963: -1- AC_SUBST([PROG_LS], [$ac_cv_path_PROG_LS]) | 701 | m4trace:configure.ac:998: -1- AC_DEFINE_TRACE_LITERAL([PRNGD_SOCKET]) |
670 | m4trace:configure.ac:963: -1- AC_SUBST([PROG_LS]) | 702 | m4trace:configure.ac:1010: -1- AC_DEFINE_TRACE_LITERAL([ENTROPY_TIMEOUT_MSEC]) |
671 | m4trace:configure.ac:964: -1- AC_SUBST([PROG_NETSTAT], [$ac_cv_path_PROG_NETSTAT]) | 703 | m4trace:configure.ac:1021: -1- AC_DEFINE_TRACE_LITERAL([SSH_PRIVSEP_USER]) |
672 | m4trace:configure.ac:964: -1- AC_SUBST([PROG_NETSTAT]) | 704 | m4trace:configure.ac:1022: -1- AC_SUBST([SSH_PRIVSEP_USER]) |
673 | m4trace:configure.ac:965: -1- AC_SUBST([PROG_ARP], [$ac_cv_path_PROG_ARP]) | 705 | m4trace:configure.ac:1039: -1- AC_SUBST([PROG_LS], [$ac_cv_path_PROG_LS]) |
674 | m4trace:configure.ac:965: -1- AC_SUBST([PROG_ARP]) | 706 | m4trace:configure.ac:1039: -1- AC_SUBST([PROG_LS]) |
675 | m4trace:configure.ac:966: -1- AC_SUBST([PROG_IFCONFIG], [$ac_cv_path_PROG_IFCONFIG]) | 707 | m4trace:configure.ac:1040: -1- AC_SUBST([PROG_NETSTAT], [$ac_cv_path_PROG_NETSTAT]) |
676 | m4trace:configure.ac:966: -1- AC_SUBST([PROG_IFCONFIG]) | 708 | m4trace:configure.ac:1040: -1- AC_SUBST([PROG_NETSTAT]) |
677 | m4trace:configure.ac:967: -1- AC_SUBST([PROG_JSTAT], [$ac_cv_path_PROG_JSTAT]) | 709 | m4trace:configure.ac:1041: -1- AC_SUBST([PROG_ARP], [$ac_cv_path_PROG_ARP]) |
678 | m4trace:configure.ac:967: -1- AC_SUBST([PROG_JSTAT]) | 710 | m4trace:configure.ac:1041: -1- AC_SUBST([PROG_ARP]) |
679 | m4trace:configure.ac:968: -1- AC_SUBST([PROG_PS], [$ac_cv_path_PROG_PS]) | 711 | m4trace:configure.ac:1042: -1- AC_SUBST([PROG_IFCONFIG], [$ac_cv_path_PROG_IFCONFIG]) |
680 | m4trace:configure.ac:968: -1- AC_SUBST([PROG_PS]) | 712 | m4trace:configure.ac:1042: -1- AC_SUBST([PROG_IFCONFIG]) |
681 | m4trace:configure.ac:969: -1- AC_SUBST([PROG_SAR], [$ac_cv_path_PROG_SAR]) | 713 | m4trace:configure.ac:1043: -1- AC_SUBST([PROG_JSTAT], [$ac_cv_path_PROG_JSTAT]) |
682 | m4trace:configure.ac:969: -1- AC_SUBST([PROG_SAR]) | 714 | m4trace:configure.ac:1043: -1- AC_SUBST([PROG_JSTAT]) |
683 | m4trace:configure.ac:970: -1- AC_SUBST([PROG_W], [$ac_cv_path_PROG_W]) | 715 | m4trace:configure.ac:1044: -1- AC_SUBST([PROG_PS], [$ac_cv_path_PROG_PS]) |
684 | m4trace:configure.ac:970: -1- AC_SUBST([PROG_W]) | 716 | m4trace:configure.ac:1044: -1- AC_SUBST([PROG_PS]) |
685 | m4trace:configure.ac:971: -1- AC_SUBST([PROG_WHO], [$ac_cv_path_PROG_WHO]) | 717 | m4trace:configure.ac:1045: -1- AC_SUBST([PROG_SAR], [$ac_cv_path_PROG_SAR]) |
686 | m4trace:configure.ac:971: -1- AC_SUBST([PROG_WHO]) | 718 | m4trace:configure.ac:1045: -1- AC_SUBST([PROG_SAR]) |
687 | m4trace:configure.ac:972: -1- AC_SUBST([PROG_LAST], [$ac_cv_path_PROG_LAST]) | 719 | m4trace:configure.ac:1046: -1- AC_SUBST([PROG_W], [$ac_cv_path_PROG_W]) |
688 | m4trace:configure.ac:972: -1- AC_SUBST([PROG_LAST]) | 720 | m4trace:configure.ac:1046: -1- AC_SUBST([PROG_W]) |
689 | m4trace:configure.ac:973: -1- AC_SUBST([PROG_LASTLOG], [$ac_cv_path_PROG_LASTLOG]) | 721 | m4trace:configure.ac:1047: -1- AC_SUBST([PROG_WHO], [$ac_cv_path_PROG_WHO]) |
690 | m4trace:configure.ac:973: -1- AC_SUBST([PROG_LASTLOG]) | 722 | m4trace:configure.ac:1047: -1- AC_SUBST([PROG_WHO]) |
691 | m4trace:configure.ac:974: -1- AC_SUBST([PROG_DF], [$ac_cv_path_PROG_DF]) | 723 | m4trace:configure.ac:1048: -1- AC_SUBST([PROG_LAST], [$ac_cv_path_PROG_LAST]) |
692 | m4trace:configure.ac:974: -1- AC_SUBST([PROG_DF]) | 724 | m4trace:configure.ac:1048: -1- AC_SUBST([PROG_LAST]) |
693 | m4trace:configure.ac:975: -1- AC_SUBST([PROG_VMSTAT], [$ac_cv_path_PROG_VMSTAT]) | 725 | m4trace:configure.ac:1049: -1- AC_SUBST([PROG_LASTLOG], [$ac_cv_path_PROG_LASTLOG]) |
694 | m4trace:configure.ac:975: -1- AC_SUBST([PROG_VMSTAT]) | 726 | m4trace:configure.ac:1049: -1- AC_SUBST([PROG_LASTLOG]) |
695 | m4trace:configure.ac:976: -1- AC_SUBST([PROG_UPTIME], [$ac_cv_path_PROG_UPTIME]) | 727 | m4trace:configure.ac:1050: -1- AC_SUBST([PROG_DF], [$ac_cv_path_PROG_DF]) |
696 | m4trace:configure.ac:976: -1- AC_SUBST([PROG_UPTIME]) | 728 | m4trace:configure.ac:1050: -1- AC_SUBST([PROG_DF]) |
697 | m4trace:configure.ac:977: -1- AC_SUBST([PROG_IPCS], [$ac_cv_path_PROG_IPCS]) | 729 | m4trace:configure.ac:1051: -1- AC_SUBST([PROG_VMSTAT], [$ac_cv_path_PROG_VMSTAT]) |
698 | m4trace:configure.ac:977: -1- AC_SUBST([PROG_IPCS]) | 730 | m4trace:configure.ac:1051: -1- AC_SUBST([PROG_VMSTAT]) |
699 | m4trace:configure.ac:978: -1- AC_SUBST([PROG_TAIL], [$ac_cv_path_PROG_TAIL]) | 731 | m4trace:configure.ac:1052: -1- AC_SUBST([PROG_UPTIME], [$ac_cv_path_PROG_UPTIME]) |
700 | m4trace:configure.ac:978: -1- AC_SUBST([PROG_TAIL]) | 732 | m4trace:configure.ac:1052: -1- AC_SUBST([PROG_UPTIME]) |
701 | m4trace:configure.ac:995: -1- AC_SUBST([INSTALL_SSH_PRNG_CMDS]) | 733 | m4trace:configure.ac:1053: -1- AC_SUBST([PROG_IPCS], [$ac_cv_path_PROG_IPCS]) |
702 | m4trace:configure.ac:1004: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_CHAR]) | 734 | m4trace:configure.ac:1053: -1- AC_SUBST([PROG_IPCS]) |
703 | m4trace:configure.ac:1004: -1- AH_OUTPUT([SIZEOF_CHAR], [/* The size of a \`char', as computed by sizeof. */ | 735 | m4trace:configure.ac:1054: -1- AC_SUBST([PROG_TAIL], [$ac_cv_path_PROG_TAIL]) |
736 | m4trace:configure.ac:1054: -1- AC_SUBST([PROG_TAIL]) | ||
737 | m4trace:configure.ac:1071: -1- AC_SUBST([INSTALL_SSH_PRNG_CMDS]) | ||
738 | m4trace:configure.ac:1080: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_CHAR]) | ||
739 | m4trace:configure.ac:1080: -1- AH_OUTPUT([SIZEOF_CHAR], [/* The size of a \`char', as computed by sizeof. */ | ||
704 | #undef SIZEOF_CHAR]) | 740 | #undef SIZEOF_CHAR]) |
705 | m4trace:configure.ac:1005: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_SHORT_INT]) | 741 | m4trace:configure.ac:1081: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_SHORT_INT]) |
706 | m4trace:configure.ac:1005: -1- AH_OUTPUT([SIZEOF_SHORT_INT], [/* The size of a \`short int', as computed by sizeof. */ | 742 | m4trace:configure.ac:1081: -1- AH_OUTPUT([SIZEOF_SHORT_INT], [/* The size of a \`short int', as computed by sizeof. */ |
707 | #undef SIZEOF_SHORT_INT]) | 743 | #undef SIZEOF_SHORT_INT]) |
708 | m4trace:configure.ac:1006: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_INT]) | 744 | m4trace:configure.ac:1082: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_INT]) |
709 | m4trace:configure.ac:1006: -1- AH_OUTPUT([SIZEOF_INT], [/* The size of a \`int', as computed by sizeof. */ | 745 | m4trace:configure.ac:1082: -1- AH_OUTPUT([SIZEOF_INT], [/* The size of a \`int', as computed by sizeof. */ |
710 | #undef SIZEOF_INT]) | 746 | #undef SIZEOF_INT]) |
711 | m4trace:configure.ac:1007: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_LONG_INT]) | 747 | m4trace:configure.ac:1083: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_LONG_INT]) |
712 | m4trace:configure.ac:1007: -1- AH_OUTPUT([SIZEOF_LONG_INT], [/* The size of a \`long int', as computed by sizeof. */ | 748 | m4trace:configure.ac:1083: -1- AH_OUTPUT([SIZEOF_LONG_INT], [/* The size of a \`long int', as computed by sizeof. */ |
713 | #undef SIZEOF_LONG_INT]) | 749 | #undef SIZEOF_LONG_INT]) |
714 | m4trace:configure.ac:1008: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_LONG_LONG_INT]) | 750 | m4trace:configure.ac:1084: -1- AC_DEFINE_TRACE_LITERAL([SIZEOF_LONG_LONG_INT]) |
715 | m4trace:configure.ac:1008: -1- AH_OUTPUT([SIZEOF_LONG_LONG_INT], [/* The size of a \`long long int', as computed by sizeof. */ | 751 | m4trace:configure.ac:1084: -1- AH_OUTPUT([SIZEOF_LONG_LONG_INT], [/* The size of a \`long long int', as computed by sizeof. */ |
716 | #undef SIZEOF_LONG_LONG_INT]) | 752 | #undef SIZEOF_LONG_LONG_INT]) |
717 | m4trace:configure.ac:1025: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT]) | 753 | m4trace:configure.ac:1101: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT]) |
718 | m4trace:configure.ac:1038: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T]) | 754 | m4trace:configure.ac:1114: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T]) |
719 | m4trace:configure.ac:1054: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T]) | 755 | m4trace:configure.ac:1130: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T]) |
720 | m4trace:configure.ac:1066: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT64_T]) | 756 | m4trace:configure.ac:1151: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT64_T]) |
721 | m4trace:configure.ac:1080: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT64_T]) | 757 | m4trace:configure.ac:1163: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T]) |
722 | m4trace:configure.ac:1093: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INT64_T]) | 758 | m4trace:configure.ac:1177: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T]) |
723 | m4trace:configure.ac:1105: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T]) | 759 | m4trace:configure.ac:1189: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T]) |
724 | m4trace:configure.ac:1119: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T]) | 760 | m4trace:configure.ac:1203: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T]) |
725 | m4trace:configure.ac:1131: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T]) | 761 | m4trace:configure.ac:1218: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINTXX_T]) |
726 | m4trace:configure.ac:1145: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INT64_T]) | 762 | m4trace:configure.ac:1232: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINTXX_T]) |
727 | m4trace:configure.ac:1160: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINTXX_T]) | 763 | m4trace:configure.ac:1254: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T]) |
728 | m4trace:configure.ac:1174: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UINTXX_T]) | 764 | m4trace:configure.ac:1254: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T]) |
729 | m4trace:configure.ac:1196: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_INTXX_T]) | 765 | m4trace:configure.ac:1269: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_CHAR]) |
730 | m4trace:configure.ac:1196: -1- AC_DEFINE_TRACE_LITERAL([HAVE_INTXX_T]) | 766 | m4trace:configure.ac:1272: -1- AC_DEFINE_TRACE_LITERAL([socklen_t]) |
731 | m4trace:configure.ac:1211: -1- AC_DEFINE_TRACE_LITERAL([HAVE_U_CHAR]) | 767 | m4trace:configure.ac:1272: -1- AH_OUTPUT([socklen_t], [/* type to use in place of socklen_t if not defined */ |
732 | m4trace:configure.ac:1214: -1- AC_DEFINE_TRACE_LITERAL([socklen_t]) | ||
733 | m4trace:configure.ac:1214: -1- AH_OUTPUT([socklen_t], [/* type to use in place of socklen_t if not defined */ | ||
734 | #undef socklen_t]) | 768 | #undef socklen_t]) |
735 | m4trace:configure.ac:1216: -1- AC_CHECK_TYPES([sig_atomic_t], [], [], [#include <signal.h>]) | 769 | m4trace:configure.ac:1274: -1- AC_CHECK_TYPES([sig_atomic_t], [], [], [#include <signal.h>]) |
736 | m4trace:configure.ac:1216: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SIG_ATOMIC_T]) | 770 | m4trace:configure.ac:1274: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SIG_ATOMIC_T]) |
737 | m4trace:configure.ac:1216: -1- AH_OUTPUT([HAVE_SIG_ATOMIC_T], [/* Define to 1 if the system has the type \`sig_atomic_t'. */ | 771 | m4trace:configure.ac:1274: -1- AH_OUTPUT([HAVE_SIG_ATOMIC_T], [/* Define to 1 if the system has the type \`sig_atomic_t'. */ |
738 | #undef HAVE_SIG_ATOMIC_T]) | 772 | #undef HAVE_SIG_ATOMIC_T]) |
739 | m4trace:configure.ac:1229: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SIZE_T]) | 773 | m4trace:configure.ac:1287: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SIZE_T]) |
740 | m4trace:configure.ac:1243: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SSIZE_T]) | 774 | m4trace:configure.ac:1301: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SSIZE_T]) |
741 | m4trace:configure.ac:1257: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CLOCK_T]) | 775 | m4trace:configure.ac:1315: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CLOCK_T]) |
742 | m4trace:configure.ac:1282: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SA_FAMILY_T]) | 776 | m4trace:configure.ac:1340: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SA_FAMILY_T]) |
743 | m4trace:configure.ac:1296: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PID_T]) | 777 | m4trace:configure.ac:1354: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PID_T]) |
744 | m4trace:configure.ac:1310: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MODE_T]) | 778 | m4trace:configure.ac:1368: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MODE_T]) |
745 | m4trace:configure.ac:1326: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_SOCKADDR_STORAGE]) | 779 | m4trace:configure.ac:1384: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_SOCKADDR_STORAGE]) |
746 | m4trace:configure.ac:1341: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_SOCKADDR_IN6]) | 780 | m4trace:configure.ac:1399: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_SOCKADDR_IN6]) |
747 | m4trace:configure.ac:1356: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_IN6_ADDR]) | 781 | m4trace:configure.ac:1414: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_IN6_ADDR]) |
748 | m4trace:configure.ac:1372: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_ADDRINFO]) | 782 | m4trace:configure.ac:1430: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_ADDRINFO]) |
749 | m4trace:configure.ac:1384: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_TIMEVAL]) | 783 | m4trace:configure.ac:1442: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_TIMEVAL]) |
750 | m4trace:configure.ac:1421: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SNPRINTF]) | 784 | m4trace:configure.ac:1479: -1- AC_DEFINE_TRACE_LITERAL([BROKEN_SNPRINTF]) |
751 | m4trace:configure.ac:1423: -1- AC_SUBST([NO_SFTP]) | 785 | m4trace:configure.ac:1481: -1- AC_SUBST([NO_SFTP]) |
752 | m4trace:configure.ac:1426: -1- AC_DEFINE_TRACE_LITERAL([HAVE_HOST_IN_UTMP]) | 786 | m4trace:configure.ac:1484: -1- AC_DEFINE_TRACE_LITERAL([HAVE_HOST_IN_UTMP]) |
753 | m4trace:configure.ac:1427: -1- AC_DEFINE_TRACE_LITERAL([HAVE_HOST_IN_UTMPX]) | 787 | m4trace:configure.ac:1485: -1- AC_DEFINE_TRACE_LITERAL([HAVE_HOST_IN_UTMPX]) |
754 | m4trace:configure.ac:1428: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYSLEN_IN_UTMPX]) | 788 | m4trace:configure.ac:1486: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYSLEN_IN_UTMPX]) |
755 | m4trace:configure.ac:1429: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PID_IN_UTMP]) | 789 | m4trace:configure.ac:1487: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PID_IN_UTMP]) |
756 | m4trace:configure.ac:1430: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TYPE_IN_UTMP]) | 790 | m4trace:configure.ac:1488: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TYPE_IN_UTMP]) |
757 | m4trace:configure.ac:1431: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TYPE_IN_UTMPX]) | 791 | m4trace:configure.ac:1489: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TYPE_IN_UTMPX]) |
758 | m4trace:configure.ac:1432: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TV_IN_UTMP]) | 792 | m4trace:configure.ac:1490: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TV_IN_UTMP]) |
759 | m4trace:configure.ac:1433: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ID_IN_UTMP]) | 793 | m4trace:configure.ac:1491: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ID_IN_UTMP]) |
760 | m4trace:configure.ac:1434: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ID_IN_UTMPX]) | 794 | m4trace:configure.ac:1492: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ID_IN_UTMPX]) |
761 | m4trace:configure.ac:1435: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_IN_UTMP]) | 795 | m4trace:configure.ac:1493: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_IN_UTMP]) |
762 | m4trace:configure.ac:1436: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_IN_UTMPX]) | 796 | m4trace:configure.ac:1494: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_IN_UTMPX]) |
763 | m4trace:configure.ac:1437: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_V6_IN_UTMP]) | 797 | m4trace:configure.ac:1495: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_V6_IN_UTMP]) |
764 | m4trace:configure.ac:1438: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_V6_IN_UTMPX]) | 798 | m4trace:configure.ac:1496: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ADDR_V6_IN_UTMPX]) |
765 | m4trace:configure.ac:1439: -1- AC_DEFINE_TRACE_LITERAL([HAVE_EXIT_IN_UTMP]) | 799 | m4trace:configure.ac:1497: -1- AC_DEFINE_TRACE_LITERAL([HAVE_EXIT_IN_UTMP]) |
766 | m4trace:configure.ac:1440: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TIME_IN_UTMP]) | 800 | m4trace:configure.ac:1498: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TIME_IN_UTMP]) |
767 | m4trace:configure.ac:1441: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TIME_IN_UTMPX]) | 801 | m4trace:configure.ac:1499: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TIME_IN_UTMPX]) |
768 | m4trace:configure.ac:1442: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TV_IN_UTMPX]) | 802 | m4trace:configure.ac:1500: -1- AC_DEFINE_TRACE_LITERAL([HAVE_TV_IN_UTMPX]) |
769 | m4trace:configure.ac:1444: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_STAT_ST_BLKSIZE]) | 803 | m4trace:configure.ac:1502: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STRUCT_STAT_ST_BLKSIZE]) |
770 | m4trace:configure.ac:1444: -1- AH_OUTPUT([HAVE_STRUCT_STAT_ST_BLKSIZE], [/* Define to 1 if \`st_blksize' is member of \`struct stat'. */ | 804 | m4trace:configure.ac:1502: -1- AH_OUTPUT([HAVE_STRUCT_STAT_ST_BLKSIZE], [/* Define to 1 if \`st_blksize' is member of \`struct stat'. */ |
771 | #undef HAVE_STRUCT_STAT_ST_BLKSIZE]) | 805 | #undef HAVE_STRUCT_STAT_ST_BLKSIZE]) |
772 | m4trace:configure.ac:1459: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SS_FAMILY_IN_SS]) | 806 | m4trace:configure.ac:1517: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SS_FAMILY_IN_SS]) |
773 | m4trace:configure.ac:1475: -1- AC_DEFINE_TRACE_LITERAL([HAVE___SS_FAMILY_IN_SS]) | 807 | m4trace:configure.ac:1533: -1- AC_DEFINE_TRACE_LITERAL([HAVE___SS_FAMILY_IN_SS]) |
774 | m4trace:configure.ac:1490: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_CLASS_IN_PASSWD]) | 808 | m4trace:configure.ac:1548: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_CLASS_IN_PASSWD]) |
775 | m4trace:configure.ac:1505: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_EXPIRE_IN_PASSWD]) | 809 | m4trace:configure.ac:1563: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_EXPIRE_IN_PASSWD]) |
776 | m4trace:configure.ac:1520: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_CHANGE_IN_PASSWD]) | 810 | m4trace:configure.ac:1578: -1- AC_DEFINE_TRACE_LITERAL([HAVE_PW_CHANGE_IN_PASSWD]) |
777 | m4trace:configure.ac:1545: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ACCRIGHTS_IN_MSGHDR]) | 811 | m4trace:configure.ac:1603: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ACCRIGHTS_IN_MSGHDR]) |
778 | m4trace:configure.ac:1569: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CONTROL_IN_MSGHDR]) | 812 | m4trace:configure.ac:1627: -1- AC_DEFINE_TRACE_LITERAL([HAVE_CONTROL_IN_MSGHDR]) |
779 | m4trace:configure.ac:1580: -1- AC_DEFINE_TRACE_LITERAL([HAVE___PROGNAME]) | 813 | m4trace:configure.ac:1638: -1- AC_DEFINE_TRACE_LITERAL([HAVE___PROGNAME]) |
780 | m4trace:configure.ac:1593: -1- AC_DEFINE_TRACE_LITERAL([HAVE___FUNCTION__]) | 814 | m4trace:configure.ac:1651: -1- AC_DEFINE_TRACE_LITERAL([HAVE___FUNCTION__]) |
781 | m4trace:configure.ac:1606: -1- AC_DEFINE_TRACE_LITERAL([HAVE___func__]) | 815 | m4trace:configure.ac:1664: -1- AC_DEFINE_TRACE_LITERAL([HAVE___func__]) |
782 | m4trace:configure.ac:1621: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETOPT_OPTRESET]) | 816 | m4trace:configure.ac:1679: -1- AC_DEFINE_TRACE_LITERAL([HAVE_GETOPT_OPTRESET]) |
783 | m4trace:configure.ac:1632: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYS_ERRLIST]) | 817 | m4trace:configure.ac:1690: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYS_ERRLIST]) |
784 | m4trace:configure.ac:1644: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYS_NERR]) | 818 | m4trace:configure.ac:1702: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYS_NERR]) |
785 | m4trace:configure.ac:1677: -1- AC_CHECK_HEADERS([sectok.h]) | 819 | m4trace:configure.ac:1735: -1- AC_CHECK_HEADERS([sectok.h]) |
786 | m4trace:configure.ac:1677: -1- AH_OUTPUT([HAVE_SECTOK_H], [/* Define to 1 if you have the <sectok.h> header file. */ | 820 | m4trace:configure.ac:1735: -1- AH_OUTPUT([HAVE_SECTOK_H], [/* Define to 1 if you have the <sectok.h> header file. */ |
787 | #undef HAVE_SECTOK_H]) | 821 | #undef HAVE_SECTOK_H]) |
788 | m4trace:configure.ac:1677: -1- AC_CHECK_LIB([sectok], [sectok_open]) | 822 | m4trace:configure.ac:1735: -1- AC_CHECK_LIB([sectok], [sectok_open]) |
789 | m4trace:configure.ac:1677: -1- AH_OUTPUT([HAVE_LIBSECTOK], [/* Define to 1 if you have the \`sectok' library (-lsectok). */ | 823 | m4trace:configure.ac:1735: -1- AH_OUTPUT([HAVE_LIBSECTOK], [/* Define to 1 if you have the \`sectok' library (-lsectok). */ |
790 | #undef HAVE_LIBSECTOK]) | 824 | #undef HAVE_LIBSECTOK]) |
791 | m4trace:configure.ac:1677: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSECTOK]) | 825 | m4trace:configure.ac:1735: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBSECTOK]) |
792 | m4trace:configure.ac:1677: -1- AC_DEFINE_TRACE_LITERAL([SMARTCARD]) | 826 | m4trace:configure.ac:1735: -1- AC_DEFINE_TRACE_LITERAL([SMARTCARD]) |
793 | m4trace:configure.ac:1677: -1- AC_DEFINE_TRACE_LITERAL([USE_SECTOK]) | 827 | m4trace:configure.ac:1735: -1- AC_DEFINE_TRACE_LITERAL([USE_SECTOK]) |
794 | m4trace:configure.ac:1686: -1- AC_SUBST([OPENSC_CONFIG], [$ac_cv_path_OPENSC_CONFIG]) | 828 | m4trace:configure.ac:1744: -1- AC_SUBST([OPENSC_CONFIG], [$ac_cv_path_OPENSC_CONFIG]) |
795 | m4trace:configure.ac:1692: -1- AC_DEFINE_TRACE_LITERAL([SMARTCARD]) | 829 | m4trace:configure.ac:1750: -1- AC_DEFINE_TRACE_LITERAL([SMARTCARD]) |
796 | m4trace:configure.ac:1693: -1- AC_DEFINE_TRACE_LITERAL([USE_OPENSC]) | 830 | m4trace:configure.ac:1751: -1- AC_DEFINE_TRACE_LITERAL([USE_OPENSC]) |
797 | m4trace:configure.ac:1735: -1- AC_DEFINE_TRACE_LITERAL([KRB5]) | 831 | m4trace:configure.ac:1793: -1- AC_DEFINE_TRACE_LITERAL([KRB5]) |
798 | m4trace:configure.ac:1735: -1- AC_DEFINE_TRACE_LITERAL([HEIMDAL]) | 832 | m4trace:configure.ac:1793: -1- AC_DEFINE_TRACE_LITERAL([HEIMDAL]) |
799 | m4trace:configure.ac:1735: -1- AC_CHECK_LIB([resolv], [dn_expand], [], []) | 833 | m4trace:configure.ac:1793: -1- AC_CHECK_LIB([resolv], [dn_expand], [], []) |
800 | m4trace:configure.ac:1735: -1- AH_OUTPUT([HAVE_LIBRESOLV], [/* Define to 1 if you have the \`resolv' library (-lresolv). */ | 834 | m4trace:configure.ac:1793: -1- AH_OUTPUT([HAVE_LIBRESOLV], [/* Define to 1 if you have the \`resolv' library (-lresolv). */ |
801 | #undef HAVE_LIBRESOLV]) | 835 | #undef HAVE_LIBRESOLV]) |
802 | m4trace:configure.ac:1735: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBRESOLV]) | 836 | m4trace:configure.ac:1793: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBRESOLV]) |
803 | m4trace:configure.ac:1789: -1- AC_CHECK_HEADERS([krb.h]) | 837 | m4trace:configure.ac:1847: -1- AC_CHECK_HEADERS([krb.h]) |
804 | m4trace:configure.ac:1789: -1- AH_OUTPUT([HAVE_KRB_H], [/* Define to 1 if you have the <krb.h> header file. */ | 838 | m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_KRB_H], [/* Define to 1 if you have the <krb.h> header file. */ |
805 | #undef HAVE_KRB_H]) | 839 | #undef HAVE_KRB_H]) |
806 | m4trace:configure.ac:1789: -1- AC_CHECK_LIB([krb], [main]) | 840 | m4trace:configure.ac:1847: -1- AC_CHECK_LIB([krb], [main]) |
807 | m4trace:configure.ac:1789: -1- AH_OUTPUT([HAVE_LIBKRB], [/* Define to 1 if you have the \`krb' library (-lkrb). */ | 841 | m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_LIBKRB], [/* Define to 1 if you have the \`krb' library (-lkrb). */ |
808 | #undef HAVE_LIBKRB]) | 842 | #undef HAVE_LIBKRB]) |
809 | m4trace:configure.ac:1789: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBKRB]) | 843 | m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBKRB]) |
810 | m4trace:configure.ac:1789: -1- AC_CHECK_LIB([krb4], [main]) | 844 | m4trace:configure.ac:1847: -1- AC_CHECK_LIB([krb4], [main]) |
811 | m4trace:configure.ac:1789: -1- AH_OUTPUT([HAVE_LIBKRB4], [/* Define to 1 if you have the \`krb4' library (-lkrb4). */ | 845 | m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_LIBKRB4], [/* Define to 1 if you have the \`krb4' library (-lkrb4). */ |
812 | #undef HAVE_LIBKRB4]) | 846 | #undef HAVE_LIBKRB4]) |
813 | m4trace:configure.ac:1789: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBKRB4]) | 847 | m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBKRB4]) |
814 | m4trace:configure.ac:1789: -1- AC_CHECK_LIB([des], [des_cbc_encrypt]) | 848 | m4trace:configure.ac:1847: -1- AC_CHECK_LIB([des], [des_cbc_encrypt]) |
815 | m4trace:configure.ac:1789: -1- AH_OUTPUT([HAVE_LIBDES], [/* Define to 1 if you have the \`des' library (-ldes). */ | 849 | m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_LIBDES], [/* Define to 1 if you have the \`des' library (-ldes). */ |
816 | #undef HAVE_LIBDES]) | 850 | #undef HAVE_LIBDES]) |
817 | m4trace:configure.ac:1789: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDES]) | 851 | m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDES]) |
818 | m4trace:configure.ac:1789: -1- AC_CHECK_LIB([des425], [des_cbc_encrypt]) | 852 | m4trace:configure.ac:1847: -1- AC_CHECK_LIB([des425], [des_cbc_encrypt]) |
819 | m4trace:configure.ac:1789: -1- AH_OUTPUT([HAVE_LIBDES425], [/* Define to 1 if you have the \`des425' library (-ldes425). */ | 853 | m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_LIBDES425], [/* Define to 1 if you have the \`des425' library (-ldes425). */ |
820 | #undef HAVE_LIBDES425]) | 854 | #undef HAVE_LIBDES425]) |
821 | m4trace:configure.ac:1789: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDES425]) | 855 | m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBDES425]) |
822 | m4trace:configure.ac:1789: -1- AC_CHECK_LIB([resolv], [dn_expand], [], []) | 856 | m4trace:configure.ac:1847: -1- AC_CHECK_LIB([resolv], [dn_expand], [], []) |
823 | m4trace:configure.ac:1789: -1- AH_OUTPUT([HAVE_LIBRESOLV], [/* Define to 1 if you have the \`resolv' library (-lresolv). */ | 857 | m4trace:configure.ac:1847: -1- AH_OUTPUT([HAVE_LIBRESOLV], [/* Define to 1 if you have the \`resolv' library (-lresolv). */ |
824 | #undef HAVE_LIBRESOLV]) | 858 | #undef HAVE_LIBRESOLV]) |
825 | m4trace:configure.ac:1789: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBRESOLV]) | 859 | m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([HAVE_LIBRESOLV]) |
826 | m4trace:configure.ac:1789: -1- AC_DEFINE_TRACE_LITERAL([KRB4]) | 860 | m4trace:configure.ac:1847: -1- AC_DEFINE_TRACE_LITERAL([KRB4]) |
827 | m4trace:configure.ac:1815: -1- AC_DEFINE_TRACE_LITERAL([AFS]) | 861 | m4trace:configure.ac:1873: -1- AC_DEFINE_TRACE_LITERAL([AFS]) |
828 | m4trace:configure.ac:1829: -1- AC_SUBST([PRIVSEP_PATH]) | 862 | m4trace:configure.ac:1887: -1- AC_SUBST([PRIVSEP_PATH]) |
829 | m4trace:configure.ac:1844: -1- AC_SUBST([xauth_path], [$ac_cv_path_xauth_path]) | 863 | m4trace:configure.ac:1907: -1- AC_SUBST([xauth_path], [$ac_cv_path_xauth_path]) |
830 | m4trace:configure.ac:1848: -1- AC_SUBST([XAUTH_PATH]) | 864 | m4trace:configure.ac:1911: -1- AC_SUBST([XAUTH_PATH]) |
831 | m4trace:configure.ac:1850: -1- AC_DEFINE_TRACE_LITERAL([XAUTH_PATH]) | 865 | m4trace:configure.ac:1913: -1- AC_DEFINE_TRACE_LITERAL([XAUTH_PATH]) |
832 | m4trace:configure.ac:1852: -1- AC_SUBST([XAUTH_PATH]) | 866 | m4trace:configure.ac:1915: -1- AC_SUBST([XAUTH_PATH]) |
833 | m4trace:configure.ac:1858: -1- AC_DEFINE_TRACE_LITERAL([MAIL_DIRECTORY]) | 867 | m4trace:configure.ac:1921: -1- AC_DEFINE_TRACE_LITERAL([MAIL_DIRECTORY]) |
834 | m4trace:configure.ac:1868: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DEV_PTMX]) | 868 | m4trace:configure.ac:1931: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DEV_PTMX]) |
835 | m4trace:configure.ac:1876: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DEV_PTS_AND_PTC]) | 869 | m4trace:configure.ac:1939: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DEV_PTS_AND_PTC]) |
836 | m4trace:configure.ac:1893: -1- AC_SUBST([NROFF], [$ac_cv_path_NROFF]) | 870 | m4trace:configure.ac:1957: -1- AC_SUBST([NROFF], [$ac_cv_path_NROFF]) |
837 | m4trace:configure.ac:1902: -1- AC_SUBST([MANTYPE]) | 871 | m4trace:configure.ac:1966: -1- AC_SUBST([MANTYPE]) |
838 | m4trace:configure.ac:1908: -1- AC_SUBST([mansubdir]) | 872 | m4trace:configure.ac:1972: -1- AC_SUBST([mansubdir]) |
839 | m4trace:configure.ac:1920: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MD5_PASSWORDS]) | 873 | m4trace:configure.ac:1984: -1- AC_DEFINE_TRACE_LITERAL([HAVE_MD5_PASSWORDS]) |
840 | m4trace:configure.ac:1931: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) | 874 | m4trace:configure.ac:1995: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_SHADOW]) |
841 | m4trace:configure.ac:1946: -1- AC_DEFINE_TRACE_LITERAL([HAS_SHADOW_EXPIRE]) | 875 | m4trace:configure.ac:2010: -1- AC_DEFINE_TRACE_LITERAL([HAS_SHADOW_EXPIRE]) |
842 | m4trace:configure.ac:1955: -1- AC_DEFINE_TRACE_LITERAL([IPADDR_IN_DISPLAY]) | 876 | m4trace:configure.ac:2019: -1- AC_DEFINE_TRACE_LITERAL([IPADDR_IN_DISPLAY]) |
843 | m4trace:configure.ac:1966: -1- AC_DEFINE_TRACE_LITERAL([IPADDR_IN_DISPLAY]) | 877 | m4trace:configure.ac:2030: -1- AC_DEFINE_TRACE_LITERAL([IPADDR_IN_DISPLAY]) |
844 | m4trace:configure.ac:2043: -1- AC_DEFINE_TRACE_LITERAL([USER_PATH]) | 878 | m4trace:configure.ac:2107: -1- AC_DEFINE_TRACE_LITERAL([USER_PATH]) |
845 | m4trace:configure.ac:2044: -1- AC_SUBST([user_path]) | 879 | m4trace:configure.ac:2108: -1- AC_SUBST([user_path]) |
846 | m4trace:configure.ac:2056: -1- AC_DEFINE_TRACE_LITERAL([SUPERUSER_PATH]) | 880 | m4trace:configure.ac:2120: -1- AC_DEFINE_TRACE_LITERAL([SUPERUSER_PATH]) |
847 | m4trace:configure.ac:2069: -1- AC_DEFINE_TRACE_LITERAL([IPV4_DEFAULT]) | 881 | m4trace:configure.ac:2133: -1- AC_DEFINE_TRACE_LITERAL([IPV4_DEFAULT]) |
848 | m4trace:configure.ac:2092: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6]) | 882 | m4trace:configure.ac:2156: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6]) |
849 | m4trace:configure.ac:2092: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6]) | 883 | m4trace:configure.ac:2156: -1- AC_DEFINE_TRACE_LITERAL([IPV4_IN_IPV6]) |
850 | m4trace:configure.ac:2104: -1- AC_DEFINE_TRACE_LITERAL([BSD_AUTH]) | 884 | m4trace:configure.ac:2168: -1- AC_DEFINE_TRACE_LITERAL([BSD_AUTH]) |
851 | m4trace:configure.ac:2128: -1- AC_DEFINE_TRACE_LITERAL([_PATH_SSH_PIDDIR]) | 885 | m4trace:configure.ac:2192: -1- AC_DEFINE_TRACE_LITERAL([_PATH_SSH_PIDDIR]) |
852 | m4trace:configure.ac:2129: -1- AC_SUBST([piddir]) | 886 | m4trace:configure.ac:2193: -1- AC_SUBST([piddir]) |
853 | m4trace:configure.ac:2135: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG]) | 887 | m4trace:configure.ac:2199: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG]) |
854 | m4trace:configure.ac:2139: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) | 888 | m4trace:configure.ac:2203: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) |
855 | m4trace:configure.ac:2143: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX]) | 889 | m4trace:configure.ac:2207: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX]) |
856 | m4trace:configure.ac:2147: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP]) | 890 | m4trace:configure.ac:2211: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP]) |
857 | m4trace:configure.ac:2151: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX]) | 891 | m4trace:configure.ac:2215: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX]) |
858 | m4trace:configure.ac:2155: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LOGIN]) | 892 | m4trace:configure.ac:2219: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LOGIN]) |
859 | m4trace:configure.ac:2159: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTLINE]) | 893 | m4trace:configure.ac:2223: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTLINE]) |
860 | m4trace:configure.ac:2163: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTXLINE]) | 894 | m4trace:configure.ac:2227: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_PUTUTXLINE]) |
861 | m4trace:configure.ac:2173: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG]) | 895 | m4trace:configure.ac:2237: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_LASTLOG]) |
862 | m4trace:configure.ac:2235: -1- AC_DEFINE_TRACE_LITERAL([CONF_LASTLOG_FILE]) | 896 | m4trace:configure.ac:2299: -1- AC_DEFINE_TRACE_LITERAL([CONF_LASTLOG_FILE]) |
863 | m4trace:configure.ac:2260: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) | 897 | m4trace:configure.ac:2324: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMP]) |
864 | m4trace:configure.ac:2265: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMP_FILE]) | 898 | m4trace:configure.ac:2329: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMP_FILE]) |
865 | m4trace:configure.ac:2290: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP]) | 899 | m4trace:configure.ac:2354: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMP]) |
866 | m4trace:configure.ac:2295: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMP_FILE]) | 900 | m4trace:configure.ac:2359: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMP_FILE]) |
867 | m4trace:configure.ac:2320: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX]) | 901 | m4trace:configure.ac:2384: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_UTMPX]) |
868 | m4trace:configure.ac:2323: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMPX_FILE]) | 902 | m4trace:configure.ac:2387: -1- AC_DEFINE_TRACE_LITERAL([CONF_UTMPX_FILE]) |
869 | m4trace:configure.ac:2345: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX]) | 903 | m4trace:configure.ac:2409: -1- AC_DEFINE_TRACE_LITERAL([DISABLE_WTMPX]) |
870 | m4trace:configure.ac:2348: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMPX_FILE]) | 904 | m4trace:configure.ac:2412: -1- AC_DEFINE_TRACE_LITERAL([CONF_WTMPX_FILE]) |
871 | m4trace:configure.ac:2366: -1- AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds]) | 905 | m4trace:configure.ac:2430: -1- AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds]) |
diff --git a/canohost.c b/canohost.c index 00c499ca0..a457d3c52 100644 --- a/canohost.c +++ b/canohost.c | |||
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: canohost.c,v 1.32 2002/06/11 08:11:45 itojun Exp $"); | 15 | RCSID("$OpenBSD: canohost.c,v 1.34 2002/09/23 20:46:27 stevesk Exp $"); |
16 | 16 | ||
17 | #include "packet.h" | 17 | #include "packet.h" |
18 | #include "xmalloc.h" | 18 | #include "xmalloc.h" |
@@ -77,7 +77,9 @@ get_remote_hostname(int socket, int verify_reverse_mapping) | |||
77 | if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), | 77 | if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), |
78 | NULL, 0, NI_NAMEREQD) != 0) { | 78 | NULL, 0, NI_NAMEREQD) != 0) { |
79 | /* Host name not found. Use ip address. */ | 79 | /* Host name not found. Use ip address. */ |
80 | #if 0 | ||
80 | log("Could not reverse map address %.100s.", ntop); | 81 | log("Could not reverse map address %.100s.", ntop); |
82 | #endif | ||
81 | return xstrdup(ntop); | 83 | return xstrdup(ntop); |
82 | } | 84 | } |
83 | 85 | ||
@@ -216,18 +218,12 @@ get_socket_address(int socket, int remote, int flags) | |||
216 | 218 | ||
217 | if (remote) { | 219 | if (remote) { |
218 | if (getpeername(socket, (struct sockaddr *)&addr, &addrlen) | 220 | if (getpeername(socket, (struct sockaddr *)&addr, &addrlen) |
219 | < 0) { | 221 | < 0) |
220 | debug("get_socket_ipaddr: getpeername failed: %.100s", | ||
221 | strerror(errno)); | ||
222 | return NULL; | 222 | return NULL; |
223 | } | ||
224 | } else { | 223 | } else { |
225 | if (getsockname(socket, (struct sockaddr *)&addr, &addrlen) | 224 | if (getsockname(socket, (struct sockaddr *)&addr, &addrlen) |
226 | < 0) { | 225 | < 0) |
227 | debug("get_socket_ipaddr: getsockname failed: %.100s", | ||
228 | strerror(errno)); | ||
229 | return NULL; | 226 | return NULL; |
230 | } | ||
231 | } | 227 | } |
232 | /* Get the address in ascii. */ | 228 | /* Get the address in ascii. */ |
233 | if (getnameinfo((struct sockaddr *)&addr, addrlen, ntop, sizeof(ntop), | 229 | if (getnameinfo((struct sockaddr *)&addr, addrlen, ntop, sizeof(ntop), |
@@ -241,13 +237,21 @@ get_socket_address(int socket, int remote, int flags) | |||
241 | char * | 237 | char * |
242 | get_peer_ipaddr(int socket) | 238 | get_peer_ipaddr(int socket) |
243 | { | 239 | { |
244 | return get_socket_address(socket, 1, NI_NUMERICHOST); | 240 | char *p; |
241 | |||
242 | if ((p = get_socket_address(socket, 1, NI_NUMERICHOST)) != NULL) | ||
243 | return p; | ||
244 | return xstrdup("UNKNOWN"); | ||
245 | } | 245 | } |
246 | 246 | ||
247 | char * | 247 | char * |
248 | get_local_ipaddr(int socket) | 248 | get_local_ipaddr(int socket) |
249 | { | 249 | { |
250 | return get_socket_address(socket, 0, NI_NUMERICHOST); | 250 | char *p; |
251 | |||
252 | if ((p = get_socket_address(socket, 0, NI_NUMERICHOST)) != NULL) | ||
253 | return p; | ||
254 | return xstrdup("UNKNOWN"); | ||
251 | } | 255 | } |
252 | 256 | ||
253 | char * | 257 | char * |
diff --git a/channels.c b/channels.c index 29eaee7c4..6ff9e2583 100644 --- a/channels.c +++ b/channels.c | |||
@@ -39,7 +39,7 @@ | |||
39 | */ | 39 | */ |
40 | 40 | ||
41 | #include "includes.h" | 41 | #include "includes.h" |
42 | RCSID("$OpenBSD: channels.c,v 1.179 2002/06/26 08:55:02 markus Exp $"); | 42 | RCSID("$OpenBSD: channels.c,v 1.183 2002/09/17 07:47:02 itojun Exp $"); |
43 | 43 | ||
44 | #include "ssh.h" | 44 | #include "ssh.h" |
45 | #include "ssh1.h" | 45 | #include "ssh1.h" |
@@ -186,6 +186,7 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, | |||
186 | } else { | 186 | } else { |
187 | c->isatty = 0; | 187 | c->isatty = 0; |
188 | } | 188 | } |
189 | c->wfd_isatty = isatty(c->wfd); | ||
189 | 190 | ||
190 | /* enable nonblocking mode */ | 191 | /* enable nonblocking mode */ |
191 | if (nonblock) { | 192 | if (nonblock) { |
@@ -572,6 +573,7 @@ void | |||
572 | channel_send_open(int id) | 573 | channel_send_open(int id) |
573 | { | 574 | { |
574 | Channel *c = channel_lookup(id); | 575 | Channel *c = channel_lookup(id); |
576 | |||
575 | if (c == NULL) { | 577 | if (c == NULL) { |
576 | log("channel_send_open: %d: bad id", id); | 578 | log("channel_send_open: %d: bad id", id); |
577 | return; | 579 | return; |
@@ -589,6 +591,7 @@ void | |||
589 | channel_request_start(int local_id, char *service, int wantconfirm) | 591 | channel_request_start(int local_id, char *service, int wantconfirm) |
590 | { | 592 | { |
591 | Channel *c = channel_lookup(local_id); | 593 | Channel *c = channel_lookup(local_id); |
594 | |||
592 | if (c == NULL) { | 595 | if (c == NULL) { |
593 | log("channel_request_start: %d: unknown channel id", local_id); | 596 | log("channel_request_start: %d: unknown channel id", local_id); |
594 | return; | 597 | return; |
@@ -603,6 +606,7 @@ void | |||
603 | channel_register_confirm(int id, channel_callback_fn *fn) | 606 | channel_register_confirm(int id, channel_callback_fn *fn) |
604 | { | 607 | { |
605 | Channel *c = channel_lookup(id); | 608 | Channel *c = channel_lookup(id); |
609 | |||
606 | if (c == NULL) { | 610 | if (c == NULL) { |
607 | log("channel_register_comfirm: %d: bad id", id); | 611 | log("channel_register_comfirm: %d: bad id", id); |
608 | return; | 612 | return; |
@@ -613,6 +617,7 @@ void | |||
613 | channel_register_cleanup(int id, channel_callback_fn *fn) | 617 | channel_register_cleanup(int id, channel_callback_fn *fn) |
614 | { | 618 | { |
615 | Channel *c = channel_lookup(id); | 619 | Channel *c = channel_lookup(id); |
620 | |||
616 | if (c == NULL) { | 621 | if (c == NULL) { |
617 | log("channel_register_cleanup: %d: bad id", id); | 622 | log("channel_register_cleanup: %d: bad id", id); |
618 | return; | 623 | return; |
@@ -623,6 +628,7 @@ void | |||
623 | channel_cancel_cleanup(int id) | 628 | channel_cancel_cleanup(int id) |
624 | { | 629 | { |
625 | Channel *c = channel_lookup(id); | 630 | Channel *c = channel_lookup(id); |
631 | |||
626 | if (c == NULL) { | 632 | if (c == NULL) { |
627 | log("channel_cancel_cleanup: %d: bad id", id); | 633 | log("channel_cancel_cleanup: %d: bad id", id); |
628 | return; | 634 | return; |
@@ -633,6 +639,7 @@ void | |||
633 | channel_register_filter(int id, channel_filter_fn *fn) | 639 | channel_register_filter(int id, channel_filter_fn *fn) |
634 | { | 640 | { |
635 | Channel *c = channel_lookup(id); | 641 | Channel *c = channel_lookup(id); |
642 | |||
636 | if (c == NULL) { | 643 | if (c == NULL) { |
637 | log("channel_register_filter: %d: bad id", id); | 644 | log("channel_register_filter: %d: bad id", id); |
638 | return; | 645 | return; |
@@ -645,6 +652,7 @@ channel_set_fds(int id, int rfd, int wfd, int efd, | |||
645 | int extusage, int nonblock, u_int window_max) | 652 | int extusage, int nonblock, u_int window_max) |
646 | { | 653 | { |
647 | Channel *c = channel_lookup(id); | 654 | Channel *c = channel_lookup(id); |
655 | |||
648 | if (c == NULL || c->type != SSH_CHANNEL_LARVAL) | 656 | if (c == NULL || c->type != SSH_CHANNEL_LARVAL) |
649 | fatal("channel_activate for non-larval channel %d.", id); | 657 | fatal("channel_activate for non-larval channel %d.", id); |
650 | channel_register_fds(c, rfd, wfd, efd, extusage, nonblock); | 658 | channel_register_fds(c, rfd, wfd, efd, extusage, nonblock); |
@@ -815,6 +823,7 @@ static void | |||
815 | channel_pre_x11_open_13(Channel *c, fd_set * readset, fd_set * writeset) | 823 | channel_pre_x11_open_13(Channel *c, fd_set * readset, fd_set * writeset) |
816 | { | 824 | { |
817 | int ret = x11_open_helper(&c->output); | 825 | int ret = x11_open_helper(&c->output); |
826 | |||
818 | if (ret == 1) { | 827 | if (ret == 1) { |
819 | /* Start normal processing for the channel. */ | 828 | /* Start normal processing for the channel. */ |
820 | c->type = SSH_CHANNEL_OPEN; | 829 | c->type = SSH_CHANNEL_OPEN; |
@@ -866,7 +875,7 @@ channel_pre_x11_open(Channel *c, fd_set * readset, fd_set * writeset) | |||
866 | static int | 875 | static int |
867 | channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset) | 876 | channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset) |
868 | { | 877 | { |
869 | u_char *p, *host; | 878 | char *p, *host; |
870 | int len, have, i, found; | 879 | int len, have, i, found; |
871 | char username[256]; | 880 | char username[256]; |
872 | struct { | 881 | struct { |
@@ -1278,6 +1287,11 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset) | |||
1278 | buffer_len(&c->output) > 0) { | 1287 | buffer_len(&c->output) > 0) { |
1279 | data = buffer_ptr(&c->output); | 1288 | data = buffer_ptr(&c->output); |
1280 | dlen = buffer_len(&c->output); | 1289 | dlen = buffer_len(&c->output); |
1290 | #ifdef _AIX | ||
1291 | /* XXX: Later AIX versions can't push as much data to tty */ | ||
1292 | if (compat20 && c->wfd_isatty && dlen > 8*1024) | ||
1293 | dlen = 8*1024; | ||
1294 | #endif | ||
1281 | len = write(c->wfd, data, dlen); | 1295 | len = write(c->wfd, data, dlen); |
1282 | if (len < 0 && (errno == EINTR || errno == EAGAIN)) | 1296 | if (len < 0 && (errno == EINTR || errno == EAGAIN)) |
1283 | return 1; | 1297 | return 1; |
@@ -1395,6 +1409,7 @@ static void | |||
1395 | channel_post_output_drain_13(Channel *c, fd_set * readset, fd_set * writeset) | 1409 | channel_post_output_drain_13(Channel *c, fd_set * readset, fd_set * writeset) |
1396 | { | 1410 | { |
1397 | int len; | 1411 | int len; |
1412 | |||
1398 | /* Send buffered output data to the socket. */ | 1413 | /* Send buffered output data to the socket. */ |
1399 | if (FD_ISSET(c->sock, writeset) && buffer_len(&c->output) > 0) { | 1414 | if (FD_ISSET(c->sock, writeset) && buffer_len(&c->output) > 0) { |
1400 | len = write(c->sock, buffer_ptr(&c->output), | 1415 | len = write(c->sock, buffer_ptr(&c->output), |
@@ -1472,6 +1487,7 @@ static void | |||
1472 | channel_handler_init(void) | 1487 | channel_handler_init(void) |
1473 | { | 1488 | { |
1474 | int i; | 1489 | int i; |
1490 | |||
1475 | for (i = 0; i < SSH_CHANNEL_MAX_TYPE; i++) { | 1491 | for (i = 0; i < SSH_CHANNEL_MAX_TYPE; i++) { |
1476 | channel_pre[i] = NULL; | 1492 | channel_pre[i] = NULL; |
1477 | channel_post[i] = NULL; | 1493 | channel_post[i] = NULL; |
@@ -2006,7 +2022,6 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por | |||
2006 | struct addrinfo hints, *ai, *aitop; | 2022 | struct addrinfo hints, *ai, *aitop; |
2007 | const char *host; | 2023 | const char *host; |
2008 | char ntop[NI_MAXHOST], strport[NI_MAXSERV]; | 2024 | char ntop[NI_MAXHOST], strport[NI_MAXSERV]; |
2009 | struct linger linger; | ||
2010 | 2025 | ||
2011 | success = 0; | 2026 | success = 0; |
2012 | host = (type == SSH_CHANNEL_RPORT_LISTENER) ? | 2027 | host = (type == SSH_CHANNEL_RPORT_LISTENER) ? |
@@ -2049,13 +2064,13 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por | |||
2049 | continue; | 2064 | continue; |
2050 | } | 2065 | } |
2051 | /* | 2066 | /* |
2052 | * Set socket options. We would like the socket to disappear | 2067 | * Set socket options. |
2053 | * as soon as it has been closed for whatever reason. | 2068 | * Allow local port reuse in TIME_WAIT. |
2054 | */ | 2069 | */ |
2055 | setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)); | 2070 | if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, |
2056 | linger.l_onoff = 1; | 2071 | sizeof(on)) == -1) |
2057 | linger.l_linger = 5; | 2072 | error("setsockopt SO_REUSEADDR: %s", strerror(errno)); |
2058 | setsockopt(sock, SOL_SOCKET, SO_LINGER, &linger, sizeof(linger)); | 2073 | |
2059 | debug("Local forwarding listening on %s port %s.", ntop, strport); | 2074 | debug("Local forwarding listening on %s port %s.", ntop, strport); |
2060 | 2075 | ||
2061 | /* Bind the socket to the address. */ | 2076 | /* Bind the socket to the address. */ |
@@ -2605,6 +2620,7 @@ void | |||
2605 | deny_input_open(int type, u_int32_t seq, void *ctxt) | 2620 | deny_input_open(int type, u_int32_t seq, void *ctxt) |
2606 | { | 2621 | { |
2607 | int rchan = packet_get_int(); | 2622 | int rchan = packet_get_int(); |
2623 | |||
2608 | switch (type) { | 2624 | switch (type) { |
2609 | case SSH_SMSG_AGENT_OPEN: | 2625 | case SSH_SMSG_AGENT_OPEN: |
2610 | error("Warning: ssh server tried agent forwarding."); | 2626 | error("Warning: ssh server tried agent forwarding."); |
diff --git a/channels.h b/channels.h index dd54114d6..bd2e92589 100644 --- a/channels.h +++ b/channels.h | |||
@@ -77,6 +77,7 @@ struct Channel { | |||
77 | int efd; /* extended fd */ | 77 | int efd; /* extended fd */ |
78 | int sock; /* sock fd */ | 78 | int sock; /* sock fd */ |
79 | int isatty; /* rfd is a tty */ | 79 | int isatty; /* rfd is a tty */ |
80 | int wfd_isatty; /* wfd is a tty */ | ||
80 | int force_drain; /* force close on iEOF */ | 81 | int force_drain; /* force close on iEOF */ |
81 | int delayed; /* fdset hack */ | 82 | int delayed; /* fdset hack */ |
82 | Buffer input; /* data read from socket, to be sent over | 83 | Buffer input; /* data read from socket, to be sent over |
@@ -35,7 +35,7 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: cipher.c,v 1.60 2002/06/23 03:26:52 deraadt Exp $"); | 38 | RCSID("$OpenBSD: cipher.c,v 1.61 2002/07/12 15:50:17 markus Exp $"); |
39 | 39 | ||
40 | #include "xmalloc.h" | 40 | #include "xmalloc.h" |
41 | #include "log.h" | 41 | #include "log.h" |
@@ -437,6 +437,18 @@ swap_bytes(const u_char *src, u_char *dst, int n) | |||
437 | } | 437 | } |
438 | } | 438 | } |
439 | 439 | ||
440 | #ifdef SSH_OLD_EVP | ||
441 | static void bf_ssh1_init (EVP_CIPHER_CTX * ctx, const unsigned char *key, | ||
442 | const unsigned char *iv, int enc) | ||
443 | { | ||
444 | if (iv != NULL) | ||
445 | memcpy (&(ctx->oiv[0]), iv, 8); | ||
446 | memcpy (&(ctx->iv[0]), &(ctx->oiv[0]), 8); | ||
447 | if (key != NULL) | ||
448 | BF_set_key (&(ctx->c.bf_ks), EVP_CIPHER_CTX_key_length (ctx), | ||
449 | key); | ||
450 | } | ||
451 | #endif | ||
440 | static int (*orig_bf)(EVP_CIPHER_CTX *, u_char *, const u_char *, u_int) = NULL; | 452 | static int (*orig_bf)(EVP_CIPHER_CTX *, u_char *, const u_char *, u_int) = NULL; |
441 | 453 | ||
442 | static int | 454 | static int |
@@ -458,6 +470,9 @@ evp_ssh1_bf(void) | |||
458 | memcpy(&ssh1_bf, EVP_bf_cbc(), sizeof(EVP_CIPHER)); | 470 | memcpy(&ssh1_bf, EVP_bf_cbc(), sizeof(EVP_CIPHER)); |
459 | orig_bf = ssh1_bf.do_cipher; | 471 | orig_bf = ssh1_bf.do_cipher; |
460 | ssh1_bf.nid = NID_undef; | 472 | ssh1_bf.nid = NID_undef; |
473 | #ifdef SSH_OLD_EVP | ||
474 | ssh1_bf.init = bf_ssh1_init; | ||
475 | #endif | ||
461 | ssh1_bf.do_cipher = bf_ssh1_cipher; | 476 | ssh1_bf.do_cipher = bf_ssh1_cipher; |
462 | ssh1_bf.key_len = 32; | 477 | ssh1_bf.key_len = 32; |
463 | return (&ssh1_bf); | 478 | return (&ssh1_bf); |
@@ -567,7 +582,7 @@ evp_rijndael(void) | |||
567 | rijndal_cbc.do_cipher = ssh_rijndael_cbc; | 582 | rijndal_cbc.do_cipher = ssh_rijndael_cbc; |
568 | #ifndef SSH_OLD_EVP | 583 | #ifndef SSH_OLD_EVP |
569 | rijndal_cbc.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | | 584 | rijndal_cbc.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | |
570 | EVP_CIPH_ALWAYS_CALL_INIT; | 585 | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV; |
571 | #endif | 586 | #endif |
572 | return (&rijndal_cbc); | 587 | return (&rijndal_cbc); |
573 | } | 588 | } |
diff --git a/clientloop.c b/clientloop.c index 6d19b4a25..8b1976171 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -59,7 +59,7 @@ | |||
59 | */ | 59 | */ |
60 | 60 | ||
61 | #include "includes.h" | 61 | #include "includes.h" |
62 | RCSID("$OpenBSD: clientloop.c,v 1.102 2002/06/24 14:33:27 markus Exp $"); | 62 | RCSID("$OpenBSD: clientloop.c,v 1.104 2002/08/22 19:38:42 stevesk Exp $"); |
63 | 63 | ||
64 | #include "ssh.h" | 64 | #include "ssh.h" |
65 | #include "ssh1.h" | 65 | #include "ssh1.h" |
@@ -654,16 +654,18 @@ process_escapes(Buffer *bin, Buffer *bout, Buffer *berr, char *buf, int len) | |||
654 | snprintf(string, sizeof string, | 654 | snprintf(string, sizeof string, |
655 | "%c?\r\n\ | 655 | "%c?\r\n\ |
656 | Supported escape sequences:\r\n\ | 656 | Supported escape sequences:\r\n\ |
657 | ~. - terminate connection\r\n\ | 657 | %c. - terminate connection\r\n\ |
658 | ~C - open a command line\r\n\ | 658 | %cC - open a command line\r\n\ |
659 | ~R - Request rekey (SSH protocol 2 only)\r\n\ | 659 | %cR - Request rekey (SSH protocol 2 only)\r\n\ |
660 | ~^Z - suspend ssh\r\n\ | 660 | %c^Z - suspend ssh\r\n\ |
661 | ~# - list forwarded connections\r\n\ | 661 | %c# - list forwarded connections\r\n\ |
662 | ~& - background ssh (when waiting for connections to terminate)\r\n\ | 662 | %c& - background ssh (when waiting for connections to terminate)\r\n\ |
663 | ~? - this message\r\n\ | 663 | %c? - this message\r\n\ |
664 | ~~ - send the escape character by typing it twice\r\n\ | 664 | %c%c - send the escape character by typing it twice\r\n\ |
665 | (Note that escapes are only recognized immediately after newline.)\r\n", | 665 | (Note that escapes are only recognized immediately after newline.)\r\n", |
666 | escape_char); | 666 | escape_char, escape_char, escape_char, escape_char, |
667 | escape_char, escape_char, escape_char, escape_char, | ||
668 | escape_char, escape_char); | ||
667 | buffer_append(berr, string, strlen(string)); | 669 | buffer_append(berr, string, strlen(string)); |
668 | continue; | 670 | continue; |
669 | 671 | ||
@@ -1149,7 +1151,7 @@ client_input_exit_status(int type, u_int32_t seq, void *ctxt) | |||
1149 | static Channel * | 1151 | static Channel * |
1150 | client_request_forwarded_tcpip(const char *request_type, int rchan) | 1152 | client_request_forwarded_tcpip(const char *request_type, int rchan) |
1151 | { | 1153 | { |
1152 | Channel* c = NULL; | 1154 | Channel *c = NULL; |
1153 | char *listen_address, *originator_address; | 1155 | char *listen_address, *originator_address; |
1154 | int listen_port, originator_port; | 1156 | int listen_port, originator_port; |
1155 | int sock; | 1157 | int sock; |
@@ -1179,7 +1181,7 @@ client_request_forwarded_tcpip(const char *request_type, int rchan) | |||
1179 | return c; | 1181 | return c; |
1180 | } | 1182 | } |
1181 | 1183 | ||
1182 | static Channel* | 1184 | static Channel * |
1183 | client_request_x11(const char *request_type, int rchan) | 1185 | client_request_x11(const char *request_type, int rchan) |
1184 | { | 1186 | { |
1185 | Channel *c = NULL; | 1187 | Channel *c = NULL; |
@@ -1215,7 +1217,7 @@ client_request_x11(const char *request_type, int rchan) | |||
1215 | return c; | 1217 | return c; |
1216 | } | 1218 | } |
1217 | 1219 | ||
1218 | static Channel* | 1220 | static Channel * |
1219 | client_request_agent(const char *request_type, int rchan) | 1221 | client_request_agent(const char *request_type, int rchan) |
1220 | { | 1222 | { |
1221 | Channel *c = NULL; | 1223 | Channel *c = NULL; |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: compat.c,v 1.63 2002/04/10 08:21:47 markus Exp $"); | 26 | RCSID("$OpenBSD: compat.c,v 1.65 2002/09/27 10:42:09 mickey Exp $"); |
27 | 27 | ||
28 | #include "buffer.h" | 28 | #include "buffer.h" |
29 | #include "packet.h" | 29 | #include "packet.h" |
@@ -39,13 +39,13 @@ int datafellows = 0; | |||
39 | void | 39 | void |
40 | enable_compat20(void) | 40 | enable_compat20(void) |
41 | { | 41 | { |
42 | verbose("Enabling compatibility mode for protocol 2.0"); | 42 | debug("Enabling compatibility mode for protocol 2.0"); |
43 | compat20 = 1; | 43 | compat20 = 1; |
44 | } | 44 | } |
45 | void | 45 | void |
46 | enable_compat13(void) | 46 | enable_compat13(void) |
47 | { | 47 | { |
48 | verbose("Enabling compatibility mode for protocol 1.3"); | 48 | debug("Enabling compatibility mode for protocol 1.3"); |
49 | compat13 = 1; | 49 | compat13 = 1; |
50 | } | 50 | } |
51 | /* datafellows bug compatibility */ | 51 | /* datafellows bug compatibility */ |
@@ -146,6 +146,8 @@ compat_datafellows(const char *version) | |||
146 | "OSU_1.5alpha3*", SSH_BUG_PASSWORDPAD }, | 146 | "OSU_1.5alpha3*", SSH_BUG_PASSWORDPAD }, |
147 | { "*SSH_Version_Mapper*", | 147 | { "*SSH_Version_Mapper*", |
148 | SSH_BUG_SCANNER }, | 148 | SSH_BUG_SCANNER }, |
149 | { "Probe-*", | ||
150 | SSH_BUG_PROBE }, | ||
149 | { NULL, 0 } | 151 | { NULL, 0 } |
150 | }; | 152 | }; |
151 | 153 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: compat.h,v 1.32 2002/04/10 08:21:47 markus Exp $ */ | 1 | /* $OpenBSD: compat.h,v 1.33 2002/09/27 10:42:09 mickey Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. |
@@ -54,6 +54,7 @@ | |||
54 | #define SSH_BUG_DUMMYCHAN 0x00100000 | 54 | #define SSH_BUG_DUMMYCHAN 0x00100000 |
55 | #define SSH_BUG_EXTEOF 0x00200000 | 55 | #define SSH_BUG_EXTEOF 0x00200000 |
56 | #define SSH_BUG_K5USER 0x00400000 | 56 | #define SSH_BUG_K5USER 0x00400000 |
57 | #define SSH_BUG_PROBE 0x00800000 | ||
57 | 58 | ||
58 | void enable_compat13(void); | 59 | void enable_compat13(void); |
59 | void enable_compat20(void); | 60 | void enable_compat20(void); |
diff --git a/config.guess b/config.guess index 83c544d97..fd30ab031 100755 --- a/config.guess +++ b/config.guess | |||
@@ -3,7 +3,7 @@ | |||
3 | # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, | 3 | # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, |
4 | # 2000, 2001, 2002 Free Software Foundation, Inc. | 4 | # 2000, 2001, 2002 Free Software Foundation, Inc. |
5 | 5 | ||
6 | timestamp='2002-01-30' | 6 | timestamp='2002-07-23' |
7 | 7 | ||
8 | # This file is free software; you can redistribute it and/or modify it | 8 | # This file is free software; you can redistribute it and/or modify it |
9 | # under the terms of the GNU General Public License as published by | 9 | # under the terms of the GNU General Public License as published by |
@@ -88,30 +88,40 @@ if test $# != 0; then | |||
88 | exit 1 | 88 | exit 1 |
89 | fi | 89 | fi |
90 | 90 | ||
91 | trap 'exit 1' 1 2 15 | ||
91 | 92 | ||
92 | dummy=dummy-$$ | 93 | # CC_FOR_BUILD -- compiler used by this script. Note that the use of a |
93 | trap 'rm -f $dummy.c $dummy.o $dummy.rel $dummy; exit 1' 1 2 15 | 94 | # compiler to aid in system detection is discouraged as it requires |
95 | # temporary files to be created and, as you can see below, it is a | ||
96 | # headache to deal with in a portable fashion. | ||
94 | 97 | ||
95 | # CC_FOR_BUILD -- compiler used by this script. | ||
96 | # Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still | 98 | # Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still |
97 | # use `HOST_CC' if defined, but it is deprecated. | 99 | # use `HOST_CC' if defined, but it is deprecated. |
98 | 100 | ||
99 | set_cc_for_build='case $CC_FOR_BUILD,$HOST_CC,$CC in | 101 | # This shell variable is my proudest work .. or something. --bje |
100 | ,,) echo "int dummy(){}" > $dummy.c ; | 102 | |
101 | for c in cc gcc c89 ; do | 103 | set_cc_for_build='tmpdir=${TMPDIR-/tmp}/config-guess-$$ ; |
102 | ($c $dummy.c -c -o $dummy.o) >/dev/null 2>&1 ; | 104 | (old=`umask` && umask 077 && mkdir $tmpdir && umask $old && unset old) |
103 | if test $? = 0 ; then | 105 | || (echo "$me: cannot create $tmpdir" >&2 && exit 1) ; |
106 | dummy=$tmpdir/dummy ; | ||
107 | files="$dummy.c $dummy.o $dummy.rel $dummy" ; | ||
108 | trap '"'"'rm -f $files; rmdir $tmpdir; exit 1'"'"' 1 2 15 ; | ||
109 | case $CC_FOR_BUILD,$HOST_CC,$CC in | ||
110 | ,,) echo "int x;" > $dummy.c ; | ||
111 | for c in cc gcc c89 c99 ; do | ||
112 | if ($c $dummy.c -c -o $dummy.o) >/dev/null 2>&1 ; then | ||
104 | CC_FOR_BUILD="$c"; break ; | 113 | CC_FOR_BUILD="$c"; break ; |
105 | fi ; | 114 | fi ; |
106 | done ; | 115 | done ; |
107 | rm -f $dummy.c $dummy.o $dummy.rel ; | 116 | rm -f $files ; |
108 | if test x"$CC_FOR_BUILD" = x ; then | 117 | if test x"$CC_FOR_BUILD" = x ; then |
109 | CC_FOR_BUILD=no_compiler_found ; | 118 | CC_FOR_BUILD=no_compiler_found ; |
110 | fi | 119 | fi |
111 | ;; | 120 | ;; |
112 | ,,*) CC_FOR_BUILD=$CC ;; | 121 | ,,*) CC_FOR_BUILD=$CC ;; |
113 | ,*,*) CC_FOR_BUILD=$HOST_CC ;; | 122 | ,*,*) CC_FOR_BUILD=$HOST_CC ;; |
114 | esac' | 123 | esac ; |
124 | unset files' | ||
115 | 125 | ||
116 | # This is needed to find uname on a Pyramid OSx when run in the BSD universe. | 126 | # This is needed to find uname on a Pyramid OSx when run in the BSD universe. |
117 | # (ghazi@noc.rutgers.edu 1994-08-24) | 127 | # (ghazi@noc.rutgers.edu 1994-08-24) |
@@ -138,9 +148,11 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in | |||
138 | # | 148 | # |
139 | # Note: NetBSD doesn't particularly care about the vendor | 149 | # Note: NetBSD doesn't particularly care about the vendor |
140 | # portion of the name. We always set it to "unknown". | 150 | # portion of the name. We always set it to "unknown". |
141 | UNAME_MACHINE_ARCH=`(uname -p) 2>/dev/null` || \ | 151 | sysctl="sysctl -n hw.machine_arch" |
142 | UNAME_MACHINE_ARCH=unknown | 152 | UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ |
153 | /usr/sbin/$sysctl 2>/dev/null || echo unknown)` | ||
143 | case "${UNAME_MACHINE_ARCH}" in | 154 | case "${UNAME_MACHINE_ARCH}" in |
155 | armeb) machine=armeb-unknown ;; | ||
144 | arm*) machine=arm-unknown ;; | 156 | arm*) machine=arm-unknown ;; |
145 | sh3el) machine=shl-unknown ;; | 157 | sh3el) machine=shl-unknown ;; |
146 | sh3eb) machine=sh-unknown ;; | 158 | sh3eb) machine=sh-unknown ;; |
@@ -219,6 +231,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in | |||
219 | # A Tn.n version is a released field test version. | 231 | # A Tn.n version is a released field test version. |
220 | # A Xn.n version is an unreleased experimental baselevel. | 232 | # A Xn.n version is an unreleased experimental baselevel. |
221 | # 1.2 uses "1.2" for uname -r. | 233 | # 1.2 uses "1.2" for uname -r. |
234 | eval $set_cc_for_build | ||
222 | cat <<EOF >$dummy.s | 235 | cat <<EOF >$dummy.s |
223 | .data | 236 | .data |
224 | \$Lformat: | 237 | \$Lformat: |
@@ -244,10 +257,9 @@ main: | |||
244 | jsr \$26,exit | 257 | jsr \$26,exit |
245 | .end main | 258 | .end main |
246 | EOF | 259 | EOF |
247 | eval $set_cc_for_build | ||
248 | $CC_FOR_BUILD $dummy.s -o $dummy 2>/dev/null | 260 | $CC_FOR_BUILD $dummy.s -o $dummy 2>/dev/null |
249 | if test "$?" = 0 ; then | 261 | if test "$?" = 0 ; then |
250 | case `./$dummy` in | 262 | case `$dummy` in |
251 | 0-0) | 263 | 0-0) |
252 | UNAME_MACHINE="alpha" | 264 | UNAME_MACHINE="alpha" |
253 | ;; | 265 | ;; |
@@ -269,9 +281,12 @@ EOF | |||
269 | 2-1307) | 281 | 2-1307) |
270 | UNAME_MACHINE="alphaev68" | 282 | UNAME_MACHINE="alphaev68" |
271 | ;; | 283 | ;; |
284 | 3-1307) | ||
285 | UNAME_MACHINE="alphaev7" | ||
286 | ;; | ||
272 | esac | 287 | esac |
273 | fi | 288 | fi |
274 | rm -f $dummy.s $dummy | 289 | rm -f $dummy.s $dummy && rmdir $tmpdir |
275 | echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` | 290 | echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` |
276 | exit 0 ;; | 291 | exit 0 ;; |
277 | Alpha\ *:Windows_NT*:*) | 292 | Alpha\ *:Windows_NT*:*) |
@@ -312,6 +327,10 @@ EOF | |||
312 | NILE*:*:*:dcosx) | 327 | NILE*:*:*:dcosx) |
313 | echo pyramid-pyramid-svr4 | 328 | echo pyramid-pyramid-svr4 |
314 | exit 0 ;; | 329 | exit 0 ;; |
330 | DRS?6000:UNIX_SV:4.2*:7*) | ||
331 | case `/usr/bin/uname -p` in | ||
332 | sparc) echo sparc-icl-nx7 && exit 0 ;; | ||
333 | esac ;; | ||
315 | sun4H:SunOS:5.*:*) | 334 | sun4H:SunOS:5.*:*) |
316 | echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` | 335 | echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` |
317 | exit 0 ;; | 336 | exit 0 ;; |
@@ -340,7 +359,7 @@ EOF | |||
340 | echo m68k-sun-sunos${UNAME_RELEASE} | 359 | echo m68k-sun-sunos${UNAME_RELEASE} |
341 | exit 0 ;; | 360 | exit 0 ;; |
342 | sun*:*:4.2BSD:*) | 361 | sun*:*:4.2BSD:*) |
343 | UNAME_RELEASE=`(head -1 /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` | 362 | UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` |
344 | test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 | 363 | test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 |
345 | case "`/bin/arch`" in | 364 | case "`/bin/arch`" in |
346 | sun3) | 365 | sun3) |
@@ -419,14 +438,17 @@ EOF | |||
419 | } | 438 | } |
420 | EOF | 439 | EOF |
421 | $CC_FOR_BUILD $dummy.c -o $dummy \ | 440 | $CC_FOR_BUILD $dummy.c -o $dummy \ |
422 | && ./$dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ | 441 | && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ |
423 | && rm -f $dummy.c $dummy && exit 0 | 442 | && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0 |
424 | rm -f $dummy.c $dummy | 443 | rm -f $dummy.c $dummy && rmdir $tmpdir |
425 | echo mips-mips-riscos${UNAME_RELEASE} | 444 | echo mips-mips-riscos${UNAME_RELEASE} |
426 | exit 0 ;; | 445 | exit 0 ;; |
427 | Motorola:PowerMAX_OS:*:*) | 446 | Motorola:PowerMAX_OS:*:*) |
428 | echo powerpc-motorola-powermax | 447 | echo powerpc-motorola-powermax |
429 | exit 0 ;; | 448 | exit 0 ;; |
449 | Night_Hawk:*:*:PowerMAX_OS) | ||
450 | echo powerpc-harris-powermax | ||
451 | exit 0 ;; | ||
430 | Night_Hawk:Power_UNIX:*:*) | 452 | Night_Hawk:Power_UNIX:*:*) |
431 | echo powerpc-harris-powerunix | 453 | echo powerpc-harris-powerunix |
432 | exit 0 ;; | 454 | exit 0 ;; |
@@ -499,8 +521,8 @@ EOF | |||
499 | exit(0); | 521 | exit(0); |
500 | } | 522 | } |
501 | EOF | 523 | EOF |
502 | $CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm -f $dummy.c $dummy && exit 0 | 524 | $CC_FOR_BUILD $dummy.c -o $dummy && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0 |
503 | rm -f $dummy.c $dummy | 525 | rm -f $dummy.c $dummy && rmdir $tmpdir |
504 | echo rs6000-ibm-aix3.2.5 | 526 | echo rs6000-ibm-aix3.2.5 |
505 | elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then | 527 | elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then |
506 | echo rs6000-ibm-aix3.2.4 | 528 | echo rs6000-ibm-aix3.2.4 |
@@ -509,7 +531,7 @@ EOF | |||
509 | fi | 531 | fi |
510 | exit 0 ;; | 532 | exit 0 ;; |
511 | *:AIX:*:[45]) | 533 | *:AIX:*:[45]) |
512 | IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | head -1 | awk '{ print $1 }'` | 534 | IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` |
513 | if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then | 535 | if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then |
514 | IBM_ARCH=rs6000 | 536 | IBM_ARCH=rs6000 |
515 | else | 537 | else |
@@ -598,9 +620,9 @@ EOF | |||
598 | exit (0); | 620 | exit (0); |
599 | } | 621 | } |
600 | EOF | 622 | EOF |
601 | (CCOPTS= $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null) && HP_ARCH=`./$dummy` | 623 | (CCOPTS= $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null) && HP_ARCH=`$dummy` |
602 | if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi | 624 | if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi |
603 | rm -f $dummy.c $dummy | 625 | rm -f $dummy.c $dummy && rmdir $tmpdir |
604 | fi ;; | 626 | fi ;; |
605 | esac | 627 | esac |
606 | echo ${HP_ARCH}-hp-hpux${HPUX_REV} | 628 | echo ${HP_ARCH}-hp-hpux${HPUX_REV} |
@@ -636,8 +658,8 @@ EOF | |||
636 | exit (0); | 658 | exit (0); |
637 | } | 659 | } |
638 | EOF | 660 | EOF |
639 | $CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm -f $dummy.c $dummy && exit 0 | 661 | $CC_FOR_BUILD $dummy.c -o $dummy && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0 |
640 | rm -f $dummy.c $dummy | 662 | rm -f $dummy.c $dummy && rmdir $tmpdir |
641 | echo unknown-hitachi-hiuxwe2 | 663 | echo unknown-hitachi-hiuxwe2 |
642 | exit 0 ;; | 664 | exit 0 ;; |
643 | 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) | 665 | 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) |
@@ -683,9 +705,6 @@ EOF | |||
683 | C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) | 705 | C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) |
684 | echo c4-convex-bsd | 706 | echo c4-convex-bsd |
685 | exit 0 ;; | 707 | exit 0 ;; |
686 | CRAY*X-MP:*:*:*) | ||
687 | echo xmp-cray-unicos | ||
688 | exit 0 ;; | ||
689 | CRAY*Y-MP:*:*:*) | 708 | CRAY*Y-MP:*:*:*) |
690 | echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' | 709 | echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' |
691 | exit 0 ;; | 710 | exit 0 ;; |
@@ -707,9 +726,6 @@ EOF | |||
707 | CRAY*SV1:*:*:*) | 726 | CRAY*SV1:*:*:*) |
708 | echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' | 727 | echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' |
709 | exit 0 ;; | 728 | exit 0 ;; |
710 | CRAY-2:*:*:*) | ||
711 | echo cray2-cray-unicos | ||
712 | exit 0 ;; | ||
713 | F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) | 729 | F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) |
714 | FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` | 730 | FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` |
715 | FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` | 731 | FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` |
@@ -726,7 +742,19 @@ EOF | |||
726 | echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} | 742 | echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} |
727 | exit 0 ;; | 743 | exit 0 ;; |
728 | *:FreeBSD:*:*) | 744 | *:FreeBSD:*:*) |
729 | echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` | 745 | # Determine whether the default compiler uses glibc. |
746 | eval $set_cc_for_build | ||
747 | sed 's/^ //' << EOF >$dummy.c | ||
748 | #include <features.h> | ||
749 | #if __GLIBC__ >= 2 | ||
750 | LIBC=gnu | ||
751 | #else | ||
752 | LIBC= | ||
753 | #endif | ||
754 | EOF | ||
755 | eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` | ||
756 | rm -f $dummy.c && rmdir $tmpdir | ||
757 | echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC} | ||
730 | exit 0 ;; | 758 | exit 0 ;; |
731 | i*:CYGWIN*:*) | 759 | i*:CYGWIN*:*) |
732 | echo ${UNAME_MACHINE}-pc-cygwin | 760 | echo ${UNAME_MACHINE}-pc-cygwin |
@@ -765,7 +793,7 @@ EOF | |||
765 | echo ${UNAME_MACHINE}-unknown-linux-gnu | 793 | echo ${UNAME_MACHINE}-unknown-linux-gnu |
766 | exit 0 ;; | 794 | exit 0 ;; |
767 | ia64:Linux:*:*) | 795 | ia64:Linux:*:*) |
768 | echo ${UNAME_MACHINE}-unknown-linux | 796 | echo ${UNAME_MACHINE}-unknown-linux-gnu |
769 | exit 0 ;; | 797 | exit 0 ;; |
770 | m68*:Linux:*:*) | 798 | m68*:Linux:*:*) |
771 | echo ${UNAME_MACHINE}-unknown-linux-gnu | 799 | echo ${UNAME_MACHINE}-unknown-linux-gnu |
@@ -776,18 +804,18 @@ EOF | |||
776 | #undef CPU | 804 | #undef CPU |
777 | #undef mips | 805 | #undef mips |
778 | #undef mipsel | 806 | #undef mipsel |
779 | #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) | 807 | #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) |
780 | CPU=mipsel | 808 | CPU=mipsel |
781 | #else | 809 | #else |
782 | #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) | 810 | #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) |
783 | CPU=mips | 811 | CPU=mips |
784 | #else | 812 | #else |
785 | CPU= | 813 | CPU= |
786 | #endif | 814 | #endif |
787 | #endif | 815 | #endif |
788 | EOF | 816 | EOF |
789 | eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` | 817 | eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` |
790 | rm -f $dummy.c | 818 | rm -f $dummy.c && rmdir $tmpdir |
791 | test x"${CPU}" != x && echo "${CPU}-pc-linux-gnu" && exit 0 | 819 | test x"${CPU}" != x && echo "${CPU}-pc-linux-gnu" && exit 0 |
792 | ;; | 820 | ;; |
793 | ppc:Linux:*:*) | 821 | ppc:Linux:*:*) |
@@ -837,9 +865,8 @@ EOF | |||
837 | # The BFD linker knows what the default object file format is, so | 865 | # The BFD linker knows what the default object file format is, so |
838 | # first see if it will tell us. cd to the root directory to prevent | 866 | # first see if it will tell us. cd to the root directory to prevent |
839 | # problems with other programs or directories called `ld' in the path. | 867 | # problems with other programs or directories called `ld' in the path. |
840 | # Export LANG=C to prevent ld from outputting information in other | 868 | # Set LC_ALL=C to ensure ld outputs messages in English. |
841 | # languages. | 869 | ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \ |
842 | ld_supported_targets=`LANG=C; export LANG; cd /; ld --help 2>&1 \ | ||
843 | | sed -ne '/supported targets:/!d | 870 | | sed -ne '/supported targets:/!d |
844 | s/[ ][ ]*/ /g | 871 | s/[ ][ ]*/ /g |
845 | s/.*supported targets: *// | 872 | s/.*supported targets: *// |
@@ -851,7 +878,7 @@ EOF | |||
851 | ;; | 878 | ;; |
852 | a.out-i386-linux) | 879 | a.out-i386-linux) |
853 | echo "${UNAME_MACHINE}-pc-linux-gnuaout" | 880 | echo "${UNAME_MACHINE}-pc-linux-gnuaout" |
854 | exit 0 ;; | 881 | exit 0 ;; |
855 | coff-i386) | 882 | coff-i386) |
856 | echo "${UNAME_MACHINE}-pc-linux-gnucoff" | 883 | echo "${UNAME_MACHINE}-pc-linux-gnucoff" |
857 | exit 0 ;; | 884 | exit 0 ;; |
@@ -884,7 +911,7 @@ EOF | |||
884 | #endif | 911 | #endif |
885 | EOF | 912 | EOF |
886 | eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` | 913 | eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` |
887 | rm -f $dummy.c | 914 | rm -f $dummy.c && rmdir $tmpdir |
888 | test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0 | 915 | test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0 |
889 | test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0 | 916 | test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0 |
890 | ;; | 917 | ;; |
@@ -923,13 +950,13 @@ EOF | |||
923 | UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name` | 950 | UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name` |
924 | echo ${UNAME_MACHINE}-pc-isc$UNAME_REL | 951 | echo ${UNAME_MACHINE}-pc-isc$UNAME_REL |
925 | elif /bin/uname -X 2>/dev/null >/dev/null ; then | 952 | elif /bin/uname -X 2>/dev/null >/dev/null ; then |
926 | UNAME_REL=`(/bin/uname -X|egrep Release|sed -e 's/.*= //')` | 953 | UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` |
927 | (/bin/uname -X|egrep i80486 >/dev/null) && UNAME_MACHINE=i486 | 954 | (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 |
928 | (/bin/uname -X|egrep '^Machine.*Pentium' >/dev/null) \ | 955 | (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ |
929 | && UNAME_MACHINE=i586 | 956 | && UNAME_MACHINE=i586 |
930 | (/bin/uname -X|egrep '^Machine.*Pent ?II' >/dev/null) \ | 957 | (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ |
931 | && UNAME_MACHINE=i686 | 958 | && UNAME_MACHINE=i686 |
932 | (/bin/uname -X|egrep '^Machine.*Pentium Pro' >/dev/null) \ | 959 | (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ |
933 | && UNAME_MACHINE=i686 | 960 | && UNAME_MACHINE=i686 |
934 | echo ${UNAME_MACHINE}-pc-sco$UNAME_REL | 961 | echo ${UNAME_MACHINE}-pc-sco$UNAME_REL |
935 | else | 962 | else |
@@ -964,7 +991,7 @@ EOF | |||
964 | exit 0 ;; | 991 | exit 0 ;; |
965 | M68*:*:R3V[567]*:*) | 992 | M68*:*:R3V[567]*:*) |
966 | test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; | 993 | test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; |
967 | 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0) | 994 | 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0) |
968 | OS_REL='' | 995 | OS_REL='' |
969 | test -r /etc/.relid \ | 996 | test -r /etc/.relid \ |
970 | && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` | 997 | && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` |
@@ -1065,12 +1092,12 @@ EOF | |||
1065 | echo `uname -p`-apple-darwin${UNAME_RELEASE} | 1092 | echo `uname -p`-apple-darwin${UNAME_RELEASE} |
1066 | exit 0 ;; | 1093 | exit 0 ;; |
1067 | *:procnto*:*:* | *:QNX:[0123456789]*:*) | 1094 | *:procnto*:*:* | *:QNX:[0123456789]*:*) |
1068 | if test "${UNAME_MACHINE}" = "x86pc"; then | 1095 | UNAME_PROCESSOR=`uname -p` |
1096 | if test "$UNAME_PROCESSOR" = "x86"; then | ||
1097 | UNAME_PROCESSOR=i386 | ||
1069 | UNAME_MACHINE=pc | 1098 | UNAME_MACHINE=pc |
1070 | echo i386-${UNAME_MACHINE}-nto-qnx | ||
1071 | else | ||
1072 | echo `uname -p`-${UNAME_MACHINE}-nto-qnx | ||
1073 | fi | 1099 | fi |
1100 | echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} | ||
1074 | exit 0 ;; | 1101 | exit 0 ;; |
1075 | *:QNX:*:4*) | 1102 | *:QNX:*:4*) |
1076 | echo i386-pc-qnx | 1103 | echo i386-pc-qnx |
@@ -1247,8 +1274,8 @@ main () | |||
1247 | } | 1274 | } |
1248 | EOF | 1275 | EOF |
1249 | 1276 | ||
1250 | $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy && rm -f $dummy.c $dummy && exit 0 | 1277 | $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0 |
1251 | rm -f $dummy.c $dummy | 1278 | rm -f $dummy.c $dummy && rmdir $tmpdir |
1252 | 1279 | ||
1253 | # Apollos put the system type in the environment. | 1280 | # Apollos put the system type in the environment. |
1254 | 1281 | ||
diff --git a/config.h.in b/config.h.in index d42ad8e55..e87309415 100644 --- a/config.h.in +++ b/config.h.in | |||
@@ -1,5 +1,5 @@ | |||
1 | /* config.h.in. Generated from configure.ac by autoheader. */ | 1 | /* config.h.in. Generated from configure.ac by autoheader. */ |
2 | /* $Id: acconfig.h,v 1.141 2002/06/25 22:35:16 tim Exp $ */ | 2 | /* $Id: acconfig.h,v 1.145 2002/09/26 00:38:48 tim Exp $ */ |
3 | 3 | ||
4 | #ifndef _CONFIG_H | 4 | #ifndef _CONFIG_H |
5 | #define _CONFIG_H | 5 | #define _CONFIG_H |
@@ -150,6 +150,9 @@ | |||
150 | /* Define if you don't want to use lastlog */ | 150 | /* Define if you don't want to use lastlog */ |
151 | #undef DISABLE_LASTLOG | 151 | #undef DISABLE_LASTLOG |
152 | 152 | ||
153 | /* Define if you don't want to use lastlog in session.c */ | ||
154 | #undef NO_SSH_LASTLOG | ||
155 | |||
153 | /* Define if you don't want to use utmp */ | 156 | /* Define if you don't want to use utmp */ |
154 | #undef DISABLE_UTMP | 157 | #undef DISABLE_UTMP |
155 | 158 | ||
@@ -310,6 +313,9 @@ | |||
310 | /* Define if X11 doesn't support AF_UNIX sockets on that system */ | 313 | /* Define if X11 doesn't support AF_UNIX sockets on that system */ |
311 | #undef NO_X11_UNIX_SOCKETS | 314 | #undef NO_X11_UNIX_SOCKETS |
312 | 315 | ||
316 | /* Define if the concept of ports only accessible to superusers isn't known */ | ||
317 | #undef NO_IPPORT_RESERVED_CONCEPT | ||
318 | |||
313 | /* Needed for SCO and NeXT */ | 319 | /* Needed for SCO and NeXT */ |
314 | #undef BROKEN_SAVED_UIDS | 320 | #undef BROKEN_SAVED_UIDS |
315 | 321 | ||
@@ -355,11 +361,8 @@ | |||
355 | /* Path that unprivileged child will chroot() to in privep mode */ | 361 | /* Path that unprivileged child will chroot() to in privep mode */ |
356 | #undef PRIVSEP_PATH | 362 | #undef PRIVSEP_PATH |
357 | 363 | ||
358 | /* Define if you have the `mmap' function that supports MAP_ANON|SHARED */ | 364 | /* Define if your platform needs to skip post auth file descriptor passing */ |
359 | #undef HAVE_MMAP_ANON_SHARED | 365 | #undef DISABLE_FD_PASSING |
360 | |||
361 | /* Define if sendmsg()/recvmsg() has problems passing file descriptors */ | ||
362 | #undef BROKEN_FD_PASSING | ||
363 | 366 | ||
364 | 367 | ||
365 | /* Define to 1 if the `getpgrp' function requires zero arguments. */ | 368 | /* Define to 1 if the `getpgrp' function requires zero arguments. */ |
@@ -437,6 +440,9 @@ | |||
437 | /* Define to 1 if you have the <getopt.h> header file. */ | 440 | /* Define to 1 if you have the <getopt.h> header file. */ |
438 | #undef HAVE_GETOPT_H | 441 | #undef HAVE_GETOPT_H |
439 | 442 | ||
443 | /* Define to 1 if you have the `getpeereid' function. */ | ||
444 | #undef HAVE_GETPEEREID | ||
445 | |||
440 | /* Define to 1 if you have the `getpwanam' function. */ | 446 | /* Define to 1 if you have the `getpwanam' function. */ |
441 | #undef HAVE_GETPWANAM | 447 | #undef HAVE_GETPWANAM |
442 | 448 | ||
@@ -476,6 +482,9 @@ | |||
476 | /* Define to 1 if you have the <glob.h> header file. */ | 482 | /* Define to 1 if you have the <glob.h> header file. */ |
477 | #undef HAVE_GLOB_H | 483 | #undef HAVE_GLOB_H |
478 | 484 | ||
485 | /* Define to 1 if you have the <ia.h> header file. */ | ||
486 | #undef HAVE_IA_H | ||
487 | |||
479 | /* Define to 1 if you have the `inet_aton' function. */ | 488 | /* Define to 1 if you have the `inet_aton' function. */ |
480 | #undef HAVE_INET_ATON | 489 | #undef HAVE_INET_ATON |
481 | 490 | ||
@@ -497,6 +506,9 @@ | |||
497 | /* Define to 1 if you have the <lastlog.h> header file. */ | 506 | /* Define to 1 if you have the <lastlog.h> header file. */ |
498 | #undef HAVE_LASTLOG_H | 507 | #undef HAVE_LASTLOG_H |
499 | 508 | ||
509 | /* Define to 1 if you have the `crypt' library (-lcrypt). */ | ||
510 | #undef HAVE_LIBCRYPT | ||
511 | |||
500 | /* Define to 1 if you have the `des' library (-ldes). */ | 512 | /* Define to 1 if you have the `des' library (-ldes). */ |
501 | #undef HAVE_LIBDES | 513 | #undef HAVE_LIBDES |
502 | 514 | ||
@@ -533,6 +545,9 @@ | |||
533 | /* Define to 1 if you have the <libutil.h> header file. */ | 545 | /* Define to 1 if you have the <libutil.h> header file. */ |
534 | #undef HAVE_LIBUTIL_H | 546 | #undef HAVE_LIBUTIL_H |
535 | 547 | ||
548 | /* Define to 1 if you have the `xnet' library (-lxnet). */ | ||
549 | #undef HAVE_LIBXNET | ||
550 | |||
536 | /* Define to 1 if you have the `z' library (-lz). */ | 551 | /* Define to 1 if you have the `z' library (-lz). */ |
537 | #undef HAVE_LIBZ | 552 | #undef HAVE_LIBZ |
538 | 553 | ||
@@ -779,6 +794,9 @@ | |||
779 | /* Define to 1 if you have the <time.h> header file. */ | 794 | /* Define to 1 if you have the <time.h> header file. */ |
780 | #undef HAVE_TIME_H | 795 | #undef HAVE_TIME_H |
781 | 796 | ||
797 | /* Define to 1 if you have the <tmpdir.h> header file. */ | ||
798 | #undef HAVE_TMPDIR_H | ||
799 | |||
782 | /* Define to 1 if you have the `truncate' function. */ | 800 | /* Define to 1 if you have the `truncate' function. */ |
783 | #undef HAVE_TRUNCATE | 801 | #undef HAVE_TRUNCATE |
784 | 802 | ||
diff --git a/config.sub b/config.sub index a06a480ad..9ff085efa 100755 --- a/config.sub +++ b/config.sub | |||
@@ -1,9 +1,9 @@ | |||
1 | #! /bin/sh | 1 | #! /bin/sh |
2 | # Configuration validation subroutine script. | 2 | # Configuration validation subroutine script. |
3 | # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 | 3 | # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, |
4 | # Free Software Foundation, Inc. | 4 | # 2000, 2001, 2002 Free Software Foundation, Inc. |
5 | 5 | ||
6 | timestamp='2001-04-20' | 6 | timestamp='2002-07-03' |
7 | 7 | ||
8 | # This file is (in principle) common to ALL GNU software. | 8 | # This file is (in principle) common to ALL GNU software. |
9 | # The presence of a machine in this file suggests that SOME GNU software | 9 | # The presence of a machine in this file suggests that SOME GNU software |
@@ -29,7 +29,8 @@ timestamp='2001-04-20' | |||
29 | # configuration script generated by Autoconf, you may include it under | 29 | # configuration script generated by Autoconf, you may include it under |
30 | # the same distribution terms that you use for the rest of that program. | 30 | # the same distribution terms that you use for the rest of that program. |
31 | 31 | ||
32 | # Please send patches to <config-patches@gnu.org>. | 32 | # Please send patches to <config-patches@gnu.org>. Submit a context |
33 | # diff and a properly formatted ChangeLog entry. | ||
33 | # | 34 | # |
34 | # Configuration subroutine to validate and canonicalize a configuration type. | 35 | # Configuration subroutine to validate and canonicalize a configuration type. |
35 | # Supply the specified configuration type as an argument. | 36 | # Supply the specified configuration type as an argument. |
@@ -117,7 +118,7 @@ esac | |||
117 | # Here we must recognize all the valid KERNEL-OS combinations. | 118 | # Here we must recognize all the valid KERNEL-OS combinations. |
118 | maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` | 119 | maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` |
119 | case $maybe_os in | 120 | case $maybe_os in |
120 | nto-qnx* | linux-gnu* | storm-chaos* | os2-emx*) | 121 | nto-qnx* | linux-gnu* | freebsd*-gnu* | storm-chaos* | os2-emx* | windows32-* | rtmk-nova*) |
121 | os=-$maybe_os | 122 | os=-$maybe_os |
122 | basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` | 123 | basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` |
123 | ;; | 124 | ;; |
@@ -157,6 +158,14 @@ case $os in | |||
157 | os=-vxworks | 158 | os=-vxworks |
158 | basic_machine=$1 | 159 | basic_machine=$1 |
159 | ;; | 160 | ;; |
161 | -chorusos*) | ||
162 | os=-chorusos | ||
163 | basic_machine=$1 | ||
164 | ;; | ||
165 | -chorusrdb) | ||
166 | os=-chorusrdb | ||
167 | basic_machine=$1 | ||
168 | ;; | ||
160 | -hiux*) | 169 | -hiux*) |
161 | os=-hiuxwe2 | 170 | os=-hiuxwe2 |
162 | ;; | 171 | ;; |
@@ -215,26 +224,44 @@ esac | |||
215 | case $basic_machine in | 224 | case $basic_machine in |
216 | # Recognize the basic CPU types without company name. | 225 | # Recognize the basic CPU types without company name. |
217 | # Some are omitted here because they have special meanings below. | 226 | # Some are omitted here because they have special meanings below. |
218 | tahoe | i860 | ia64 | m32r | m68k | m68000 | m88k | ns32k | arc \ | 227 | 1750a | 580 \ |
219 | | arm | arme[lb] | arm[bl]e | armv[2345] | armv[345][lb] | strongarm | xscale \ | 228 | | a29k \ |
220 | | pyramid | mn10200 | mn10300 | tron | a29k \ | 229 | | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ |
221 | | 580 | i960 | h8300 \ | 230 | | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ |
222 | | x86 | ppcbe | mipsbe | mipsle | shbe | shle \ | 231 | | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \ |
223 | | hppa | hppa1.0 | hppa1.1 | hppa2.0 | hppa2.0w | hppa2.0n \ | 232 | | c4x | clipper \ |
224 | | hppa64 \ | 233 | | d10v | d30v | dlx | dsp16xx \ |
225 | | alpha | alphaev[4-8] | alphaev56 | alphapca5[67] \ | 234 | | fr30 | frv \ |
226 | | alphaev6[78] \ | 235 | | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ |
227 | | we32k | ns16k | clipper | i370 | sh | sh[34] \ | 236 | | i370 | i860 | i960 | ia64 \ |
228 | | powerpc | powerpcle \ | 237 | | ip2k \ |
229 | | 1750a | dsp16xx | pdp10 | pdp11 \ | 238 | | m32r | m68000 | m68k | m88k | mcore \ |
230 | | mips16 | mips64 | mipsel | mips64el \ | 239 | | mips | mipsbe | mipseb | mipsel | mipsle \ |
231 | | mips64orion | mips64orionel | mipstx39 | mipstx39el \ | 240 | | mips16 \ |
232 | | mips64vr4300 | mips64vr4300el | mips64vr4100 | mips64vr4100el \ | 241 | | mips64 | mips64el \ |
233 | | mips64vr5000 | miprs64vr5000el | mcore | s390 | s390x \ | 242 | | mips64orion | mips64orionel \ |
234 | | sparc | sparclet | sparclite | sparc64 | sparcv9 | sparcv9b \ | 243 | | mips64vr4100 | mips64vr4100el \ |
235 | | v850 | c4x \ | 244 | | mips64vr4300 | mips64vr4300el \ |
236 | | thumb | d10v | d30v | fr30 | avr | openrisc | tic80 \ | 245 | | mips64vr5000 | mips64vr5000el \ |
237 | | pj | pjl | h8500) | 246 | | mipsisa32 | mipsisa32el \ |
247 | | mipsisa64 | mipsisa64el \ | ||
248 | | mipsisa64sb1 | mipsisa64sb1el \ | ||
249 | | mipstx39 | mipstx39el \ | ||
250 | | mn10200 | mn10300 \ | ||
251 | | ns16k | ns32k \ | ||
252 | | openrisc | or32 \ | ||
253 | | pdp10 | pdp11 | pj | pjl \ | ||
254 | | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ | ||
255 | | pyramid \ | ||
256 | | sh | sh[1234] | sh3e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ | ||
257 | | sh64 | sh64le \ | ||
258 | | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \ | ||
259 | | strongarm \ | ||
260 | | tahoe | thumb | tic80 | tron \ | ||
261 | | v850 | v850e \ | ||
262 | | we32k \ | ||
263 | | x86 | xscale | xstormy16 | xtensa \ | ||
264 | | z8k) | ||
238 | basic_machine=$basic_machine-unknown | 265 | basic_machine=$basic_machine-unknown |
239 | ;; | 266 | ;; |
240 | m6811 | m68hc11 | m6812 | m68hc12) | 267 | m6811 | m68hc11 | m6812 | m68hc12) |
@@ -242,7 +269,7 @@ case $basic_machine in | |||
242 | basic_machine=$basic_machine-unknown | 269 | basic_machine=$basic_machine-unknown |
243 | os=-none | 270 | os=-none |
244 | ;; | 271 | ;; |
245 | m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | z8k | v70 | w65) | 272 | m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) |
246 | ;; | 273 | ;; |
247 | 274 | ||
248 | # We use `pc' rather than `unknown' | 275 | # We use `pc' rather than `unknown' |
@@ -257,31 +284,54 @@ case $basic_machine in | |||
257 | exit 1 | 284 | exit 1 |
258 | ;; | 285 | ;; |
259 | # Recognize the basic CPU types with company name. | 286 | # Recognize the basic CPU types with company name. |
260 | # FIXME: clean up the formatting here. | 287 | 580-* \ |
261 | vax-* | tahoe-* | i*86-* | i860-* | ia64-* | m32r-* | m68k-* | m68000-* \ | 288 | | a29k-* \ |
262 | | m88k-* | sparc-* | ns32k-* | fx80-* | arc-* | c[123]* \ | 289 | | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ |
263 | | arm-* | armbe-* | armle-* | armv*-* | strongarm-* | xscale-* \ | 290 | | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ |
264 | | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* \ | 291 | | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ |
265 | | power-* | none-* | 580-* | cray2-* | h8300-* | h8500-* | i960-* \ | 292 | | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ |
266 | | xmp-* | ymp-* \ | 293 | | avr-* \ |
267 | | x86-* | ppcbe-* | mipsbe-* | mipsle-* | shbe-* | shle-* \ | 294 | | bs2000-* \ |
268 | | hppa-* | hppa1.0-* | hppa1.1-* | hppa2.0-* | hppa2.0w-* \ | 295 | | c[123]* | c30-* | [cjt]90-* | c54x-* \ |
269 | | hppa2.0n-* | hppa64-* \ | 296 | | clipper-* | cydra-* \ |
270 | | alpha-* | alphaev[4-8]-* | alphaev56-* | alphapca5[67]-* \ | 297 | | d10v-* | d30v-* | dlx-* \ |
271 | | alphaev6[78]-* \ | 298 | | elxsi-* \ |
272 | | we32k-* | cydra-* | ns16k-* | pn-* | np1-* | xps100-* \ | 299 | | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ |
273 | | clipper-* | orion-* \ | 300 | | h8300-* | h8500-* \ |
274 | | sparclite-* | pdp10-* | pdp11-* | sh-* | powerpc-* | powerpcle-* \ | 301 | | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ |
275 | | sparc64-* | sparcv9-* | sparcv9b-* | sparc86x-* \ | 302 | | i*86-* | i860-* | i960-* | ia64-* \ |
276 | | mips16-* | mips64-* | mipsel-* \ | 303 | | ip2k-* \ |
277 | | mips64el-* | mips64orion-* | mips64orionel-* \ | 304 | | m32r-* \ |
278 | | mips64vr4100-* | mips64vr4100el-* | mips64vr4300-* | mips64vr4300el-* \ | 305 | | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ |
279 | | mipstx39-* | mipstx39el-* | mcore-* \ | 306 | | m88110-* | m88k-* | mcore-* \ |
280 | | f30[01]-* | f700-* | s390-* | s390x-* | sv1-* | t3e-* \ | 307 | | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ |
281 | | [cjt]90-* \ | 308 | | mips16-* \ |
282 | | m88110-* | m680[01234]0-* | m683?2-* | m68360-* | z8k-* | d10v-* \ | 309 | | mips64-* | mips64el-* \ |
283 | | thumb-* | v850-* | d30v-* | tic30-* | tic80-* | c30-* | fr30-* \ | 310 | | mips64orion-* | mips64orionel-* \ |
284 | | bs2000-* | tic54x-* | c54x-* | x86_64-* | pj-* | pjl-*) | 311 | | mips64vr4100-* | mips64vr4100el-* \ |
312 | | mips64vr4300-* | mips64vr4300el-* \ | ||
313 | | mips64vr5000-* | mips64vr5000el-* \ | ||
314 | | mipsisa32-* | mipsisa32el-* \ | ||
315 | | mipsisa64-* | mipsisa64el-* \ | ||
316 | | mipsisa64sb1-* | mipsisa64sb1el-* \ | ||
317 | | mipstx39 | mipstx39el \ | ||
318 | | none-* | np1-* | ns16k-* | ns32k-* \ | ||
319 | | orion-* \ | ||
320 | | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | ||
321 | | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | ||
322 | | pyramid-* \ | ||
323 | | romp-* | rs6000-* \ | ||
324 | | sh-* | sh[1234]-* | sh3e-* | sh[34]eb-* | shbe-* \ | ||
325 | | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | ||
326 | | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \ | ||
327 | | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ | ||
328 | | tahoe-* | thumb-* | tic30-* | tic54x-* | tic80-* | tron-* \ | ||
329 | | v850-* | v850e-* | vax-* \ | ||
330 | | we32k-* \ | ||
331 | | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \ | ||
332 | | xtensa-* \ | ||
333 | | ymp-* \ | ||
334 | | z8k-*) | ||
285 | ;; | 335 | ;; |
286 | # Recognize the various machine names and aliases which stand | 336 | # Recognize the various machine names and aliases which stand |
287 | # for a CPU type and a company and sometimes even an OS. | 337 | # for a CPU type and a company and sometimes even an OS. |
@@ -344,6 +394,10 @@ case $basic_machine in | |||
344 | basic_machine=ns32k-sequent | 394 | basic_machine=ns32k-sequent |
345 | os=-dynix | 395 | os=-dynix |
346 | ;; | 396 | ;; |
397 | c90) | ||
398 | basic_machine=c90-cray | ||
399 | os=-unicos | ||
400 | ;; | ||
347 | convex-c1) | 401 | convex-c1) |
348 | basic_machine=c1-convex | 402 | basic_machine=c1-convex |
349 | os=-bsd | 403 | os=-bsd |
@@ -364,16 +418,8 @@ case $basic_machine in | |||
364 | basic_machine=c38-convex | 418 | basic_machine=c38-convex |
365 | os=-bsd | 419 | os=-bsd |
366 | ;; | 420 | ;; |
367 | cray | ymp) | 421 | cray | j90) |
368 | basic_machine=ymp-cray | 422 | basic_machine=j90-cray |
369 | os=-unicos | ||
370 | ;; | ||
371 | cray2) | ||
372 | basic_machine=cray2-cray | ||
373 | os=-unicos | ||
374 | ;; | ||
375 | [cjt]90) | ||
376 | basic_machine=${basic_machine}-cray | ||
377 | os=-unicos | 423 | os=-unicos |
378 | ;; | 424 | ;; |
379 | crds | unos) | 425 | crds | unos) |
@@ -388,6 +434,14 @@ case $basic_machine in | |||
388 | decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) | 434 | decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) |
389 | basic_machine=mips-dec | 435 | basic_machine=mips-dec |
390 | ;; | 436 | ;; |
437 | decsystem10* | dec10*) | ||
438 | basic_machine=pdp10-dec | ||
439 | os=-tops10 | ||
440 | ;; | ||
441 | decsystem20* | dec20*) | ||
442 | basic_machine=pdp10-dec | ||
443 | os=-tops20 | ||
444 | ;; | ||
391 | delta | 3300 | motorola-3300 | motorola-delta \ | 445 | delta | 3300 | motorola-3300 | motorola-delta \ |
392 | | 3300-motorola | delta-motorola) | 446 | | 3300-motorola | delta-motorola) |
393 | basic_machine=m68k-motorola | 447 | basic_machine=m68k-motorola |
@@ -568,14 +622,6 @@ case $basic_machine in | |||
568 | basic_machine=m68k-atari | 622 | basic_machine=m68k-atari |
569 | os=-mint | 623 | os=-mint |
570 | ;; | 624 | ;; |
571 | mipsel*-linux*) | ||
572 | basic_machine=mipsel-unknown | ||
573 | os=-linux-gnu | ||
574 | ;; | ||
575 | mips*-linux*) | ||
576 | basic_machine=mips-unknown | ||
577 | os=-linux-gnu | ||
578 | ;; | ||
579 | mips3*-*) | 625 | mips3*-*) |
580 | basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` | 626 | basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` |
581 | ;; | 627 | ;; |
@@ -590,6 +636,10 @@ case $basic_machine in | |||
590 | basic_machine=m68k-rom68k | 636 | basic_machine=m68k-rom68k |
591 | os=-coff | 637 | os=-coff |
592 | ;; | 638 | ;; |
639 | morphos) | ||
640 | basic_machine=powerpc-unknown | ||
641 | os=-morphos | ||
642 | ;; | ||
593 | msdos) | 643 | msdos) |
594 | basic_machine=i386-pc | 644 | basic_machine=i386-pc |
595 | os=-msdos | 645 | os=-msdos |
@@ -669,6 +719,10 @@ case $basic_machine in | |||
669 | basic_machine=hppa1.1-oki | 719 | basic_machine=hppa1.1-oki |
670 | os=-proelf | 720 | os=-proelf |
671 | ;; | 721 | ;; |
722 | or32 | or32-*) | ||
723 | basic_machine=or32-unknown | ||
724 | os=-coff | ||
725 | ;; | ||
672 | OSE68000 | ose68000) | 726 | OSE68000 | ose68000) |
673 | basic_machine=m68000-ericsson | 727 | basic_machine=m68000-ericsson |
674 | os=-ose | 728 | os=-ose |
@@ -694,7 +748,7 @@ case $basic_machine in | |||
694 | pc532 | pc532-*) | 748 | pc532 | pc532-*) |
695 | basic_machine=ns32k-pc532 | 749 | basic_machine=ns32k-pc532 |
696 | ;; | 750 | ;; |
697 | pentium | p5 | k5 | k6 | nexgen) | 751 | pentium | p5 | k5 | k6 | nexgen | viac3) |
698 | basic_machine=i586-pc | 752 | basic_machine=i586-pc |
699 | ;; | 753 | ;; |
700 | pentiumpro | p6 | 6x86 | athlon) | 754 | pentiumpro | p6 | 6x86 | athlon) |
@@ -703,7 +757,7 @@ case $basic_machine in | |||
703 | pentiumii | pentium2) | 757 | pentiumii | pentium2) |
704 | basic_machine=i686-pc | 758 | basic_machine=i686-pc |
705 | ;; | 759 | ;; |
706 | pentium-* | p5-* | k5-* | k6-* | nexgen-*) | 760 | pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) |
707 | basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` | 761 | basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` |
708 | ;; | 762 | ;; |
709 | pentiumpro-* | p6-* | 6x86-* | athlon-*) | 763 | pentiumpro-* | p6-* | 6x86-* | athlon-*) |
@@ -727,6 +781,16 @@ case $basic_machine in | |||
727 | ppcle-* | powerpclittle-*) | 781 | ppcle-* | powerpclittle-*) |
728 | basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` | 782 | basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` |
729 | ;; | 783 | ;; |
784 | ppc64) basic_machine=powerpc64-unknown | ||
785 | ;; | ||
786 | ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` | ||
787 | ;; | ||
788 | ppc64le | powerpc64little | ppc64-le | powerpc64-little) | ||
789 | basic_machine=powerpc64le-unknown | ||
790 | ;; | ||
791 | ppc64le-* | powerpc64little-*) | ||
792 | basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` | ||
793 | ;; | ||
730 | ps2) | 794 | ps2) |
731 | basic_machine=i386-ibm | 795 | basic_machine=i386-ibm |
732 | ;; | 796 | ;; |
@@ -744,6 +808,12 @@ case $basic_machine in | |||
744 | rtpc | rtpc-*) | 808 | rtpc | rtpc-*) |
745 | basic_machine=romp-ibm | 809 | basic_machine=romp-ibm |
746 | ;; | 810 | ;; |
811 | s390 | s390-*) | ||
812 | basic_machine=s390-ibm | ||
813 | ;; | ||
814 | s390x | s390x-*) | ||
815 | basic_machine=s390x-ibm | ||
816 | ;; | ||
747 | sa29200) | 817 | sa29200) |
748 | basic_machine=a29k-amd | 818 | basic_machine=a29k-amd |
749 | os=-udi | 819 | os=-udi |
@@ -755,7 +825,7 @@ case $basic_machine in | |||
755 | basic_machine=sh-hitachi | 825 | basic_machine=sh-hitachi |
756 | os=-hms | 826 | os=-hms |
757 | ;; | 827 | ;; |
758 | sparclite-wrs) | 828 | sparclite-wrs | simso-wrs) |
759 | basic_machine=sparclite-wrs | 829 | basic_machine=sparclite-wrs |
760 | os=-vxworks | 830 | os=-vxworks |
761 | ;; | 831 | ;; |
@@ -813,7 +883,7 @@ case $basic_machine in | |||
813 | sun386 | sun386i | roadrunner) | 883 | sun386 | sun386i | roadrunner) |
814 | basic_machine=i386-sun | 884 | basic_machine=i386-sun |
815 | ;; | 885 | ;; |
816 | sv1) | 886 | sv1) |
817 | basic_machine=sv1-cray | 887 | basic_machine=sv1-cray |
818 | os=-unicos | 888 | os=-unicos |
819 | ;; | 889 | ;; |
@@ -821,8 +891,16 @@ case $basic_machine in | |||
821 | basic_machine=i386-sequent | 891 | basic_machine=i386-sequent |
822 | os=-dynix | 892 | os=-dynix |
823 | ;; | 893 | ;; |
894 | t3d) | ||
895 | basic_machine=alpha-cray | ||
896 | os=-unicos | ||
897 | ;; | ||
824 | t3e) | 898 | t3e) |
825 | basic_machine=t3e-cray | 899 | basic_machine=alphaev5-cray |
900 | os=-unicos | ||
901 | ;; | ||
902 | t90) | ||
903 | basic_machine=t90-cray | ||
826 | os=-unicos | 904 | os=-unicos |
827 | ;; | 905 | ;; |
828 | tic54x | c54x*) | 906 | tic54x | c54x*) |
@@ -835,6 +913,10 @@ case $basic_machine in | |||
835 | tx39el) | 913 | tx39el) |
836 | basic_machine=mipstx39el-unknown | 914 | basic_machine=mipstx39el-unknown |
837 | ;; | 915 | ;; |
916 | toad1) | ||
917 | basic_machine=pdp10-xkl | ||
918 | os=-tops20 | ||
919 | ;; | ||
838 | tower | tower-32) | 920 | tower | tower-32) |
839 | basic_machine=m68k-ncr | 921 | basic_machine=m68k-ncr |
840 | ;; | 922 | ;; |
@@ -881,13 +963,17 @@ case $basic_machine in | |||
881 | basic_machine=hppa1.1-winbond | 963 | basic_machine=hppa1.1-winbond |
882 | os=-proelf | 964 | os=-proelf |
883 | ;; | 965 | ;; |
884 | xmp) | 966 | windows32) |
885 | basic_machine=xmp-cray | 967 | basic_machine=i386-pc |
886 | os=-unicos | 968 | os=-windows32-msvcrt |
887 | ;; | 969 | ;; |
888 | xps | xps100) | 970 | xps | xps100) |
889 | basic_machine=xps100-honeywell | 971 | basic_machine=xps100-honeywell |
890 | ;; | 972 | ;; |
973 | ymp) | ||
974 | basic_machine=ymp-cray | ||
975 | os=-unicos | ||
976 | ;; | ||
891 | z8k-*-coff) | 977 | z8k-*-coff) |
892 | basic_machine=z8k-unknown | 978 | basic_machine=z8k-unknown |
893 | os=-sim | 979 | os=-sim |
@@ -908,13 +994,6 @@ case $basic_machine in | |||
908 | op60c) | 994 | op60c) |
909 | basic_machine=hppa1.1-oki | 995 | basic_machine=hppa1.1-oki |
910 | ;; | 996 | ;; |
911 | mips) | ||
912 | if [ x$os = x-linux-gnu ]; then | ||
913 | basic_machine=mips-unknown | ||
914 | else | ||
915 | basic_machine=mips-mips | ||
916 | fi | ||
917 | ;; | ||
918 | romp) | 997 | romp) |
919 | basic_machine=romp-ibm | 998 | basic_machine=romp-ibm |
920 | ;; | 999 | ;; |
@@ -934,9 +1013,12 @@ case $basic_machine in | |||
934 | we32k) | 1013 | we32k) |
935 | basic_machine=we32k-att | 1014 | basic_machine=we32k-att |
936 | ;; | 1015 | ;; |
937 | sh3 | sh4) | 1016 | sh3 | sh4 | sh3eb | sh4eb | sh[1234]le | sh3ele) |
938 | basic_machine=sh-unknown | 1017 | basic_machine=sh-unknown |
939 | ;; | 1018 | ;; |
1019 | sh64) | ||
1020 | basic_machine=sh64-unknown | ||
1021 | ;; | ||
940 | sparc | sparcv9 | sparcv9b) | 1022 | sparc | sparcv9 | sparcv9b) |
941 | basic_machine=sparc-sun | 1023 | basic_machine=sparc-sun |
942 | ;; | 1024 | ;; |
@@ -1018,11 +1100,14 @@ case $os in | |||
1018 | | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | 1100 | | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ |
1019 | | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | 1101 | | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ |
1020 | | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | 1102 | | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ |
1103 | | -chorusos* | -chorusrdb* \ | ||
1021 | | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | 1104 | | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ |
1022 | | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \ | 1105 | | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \ |
1023 | | -interix* | -uwin* | -rhapsody* | -darwin* | -opened* \ | 1106 | | -interix* | -uwin* | -rhapsody* | -darwin* | -opened* \ |
1024 | | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | 1107 | | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ |
1025 | | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* | -os2*) | 1108 | | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ |
1109 | | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | ||
1110 | | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* | -powermax*) | ||
1026 | # Remember, each alternative MUST END IN *, to match a version number. | 1111 | # Remember, each alternative MUST END IN *, to match a version number. |
1027 | ;; | 1112 | ;; |
1028 | -qnx*) | 1113 | -qnx*) |
@@ -1074,12 +1159,18 @@ case $os in | |||
1074 | -acis*) | 1159 | -acis*) |
1075 | os=-aos | 1160 | os=-aos |
1076 | ;; | 1161 | ;; |
1162 | -atheos*) | ||
1163 | os=-atheos | ||
1164 | ;; | ||
1077 | -386bsd) | 1165 | -386bsd) |
1078 | os=-bsd | 1166 | os=-bsd |
1079 | ;; | 1167 | ;; |
1080 | -ctix* | -uts*) | 1168 | -ctix* | -uts*) |
1081 | os=-sysv | 1169 | os=-sysv |
1082 | ;; | 1170 | ;; |
1171 | -nova*) | ||
1172 | os=-rtmk-nova | ||
1173 | ;; | ||
1083 | -ns2 ) | 1174 | -ns2 ) |
1084 | os=-nextstep2 | 1175 | os=-nextstep2 |
1085 | ;; | 1176 | ;; |
@@ -1154,6 +1245,7 @@ case $basic_machine in | |||
1154 | arm*-semi) | 1245 | arm*-semi) |
1155 | os=-aout | 1246 | os=-aout |
1156 | ;; | 1247 | ;; |
1248 | # This must come before the *-dec entry. | ||
1157 | pdp10-*) | 1249 | pdp10-*) |
1158 | os=-tops20 | 1250 | os=-tops20 |
1159 | ;; | 1251 | ;; |
@@ -1184,6 +1276,9 @@ case $basic_machine in | |||
1184 | mips*-*) | 1276 | mips*-*) |
1185 | os=-elf | 1277 | os=-elf |
1186 | ;; | 1278 | ;; |
1279 | or32-*) | ||
1280 | os=-coff | ||
1281 | ;; | ||
1187 | *-tti) # must be before sparc entry or we get the wrong os. | 1282 | *-tti) # must be before sparc entry or we get the wrong os. |
1188 | os=-sysv3 | 1283 | os=-sysv3 |
1189 | ;; | 1284 | ;; |
@@ -1331,7 +1426,7 @@ case $basic_machine in | |||
1331 | -ptx*) | 1426 | -ptx*) |
1332 | vendor=sequent | 1427 | vendor=sequent |
1333 | ;; | 1428 | ;; |
1334 | -vxsim* | -vxworks*) | 1429 | -vxsim* | -vxworks* | -windiss*) |
1335 | vendor=wrs | 1430 | vendor=wrs |
1336 | ;; | 1431 | ;; |
1337 | -aux*) | 1432 | -aux*) |
@@ -1346,6 +1441,9 @@ case $basic_machine in | |||
1346 | -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) | 1441 | -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) |
1347 | vendor=atari | 1442 | vendor=atari |
1348 | ;; | 1443 | ;; |
1444 | -vos*) | ||
1445 | vendor=stratus | ||
1446 | ;; | ||
1349 | esac | 1447 | esac |
1350 | basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` | 1448 | basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` |
1351 | ;; | 1449 | ;; |
@@ -862,7 +862,7 @@ Optional Packages: | |||
862 | --with-kerberos5=PATH Enable Kerberos 5 support | 862 | --with-kerberos5=PATH Enable Kerberos 5 support |
863 | --with-kerberos4=PATH Enable Kerberos 4 support | 863 | --with-kerberos4=PATH Enable Kerberos 4 support |
864 | --with-afs=PATH Enable AFS support | 864 | --with-afs=PATH Enable AFS support |
865 | --with-privsep-path=xxx Path for privilege separation chroot | 865 | --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty) |
866 | --with-xauth=PATH Specify path to xauth program | 866 | --with-xauth=PATH Specify path to xauth program |
867 | --with-mantype=man|cat|doc Set man page type | 867 | --with-mantype=man|cat|doc Set man page type |
868 | --with-md5-passwords Enable use of MD5 passwords | 868 | --with-md5-passwords Enable use of MD5 passwords |
@@ -2760,52 +2760,6 @@ echo "${ECHO_T}no" >&6 | |||
2760 | fi | 2760 | fi |
2761 | 2761 | ||
2762 | 2762 | ||
2763 | for ac_prog in filepriv | ||
2764 | do | ||
2765 | # Extract the first word of "$ac_prog", so it can be a program name with args. | ||
2766 | set dummy $ac_prog; ac_word=$2 | ||
2767 | echo "$as_me:$LINENO: checking for $ac_word" >&5 | ||
2768 | echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 | ||
2769 | if test "${ac_cv_path_FILEPRIV+set}" = set; then | ||
2770 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
2771 | else | ||
2772 | case $FILEPRIV in | ||
2773 | [\\/]* | ?:[\\/]*) | ||
2774 | ac_cv_path_FILEPRIV="$FILEPRIV" # Let the user override the test with a path. | ||
2775 | ;; | ||
2776 | *) | ||
2777 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | ||
2778 | as_dummy="/sbin:/usr/sbin" | ||
2779 | for as_dir in $as_dummy | ||
2780 | do | ||
2781 | IFS=$as_save_IFS | ||
2782 | test -z "$as_dir" && as_dir=. | ||
2783 | for ac_exec_ext in '' $ac_executable_extensions; do | ||
2784 | if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then | ||
2785 | ac_cv_path_FILEPRIV="$as_dir/$ac_word$ac_exec_ext" | ||
2786 | echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 | ||
2787 | break 2 | ||
2788 | fi | ||
2789 | done | ||
2790 | done | ||
2791 | |||
2792 | ;; | ||
2793 | esac | ||
2794 | fi | ||
2795 | FILEPRIV=$ac_cv_path_FILEPRIV | ||
2796 | |||
2797 | if test -n "$FILEPRIV"; then | ||
2798 | echo "$as_me:$LINENO: result: $FILEPRIV" >&5 | ||
2799 | echo "${ECHO_T}$FILEPRIV" >&6 | ||
2800 | else | ||
2801 | echo "$as_me:$LINENO: result: no" >&5 | ||
2802 | echo "${ECHO_T}no" >&6 | ||
2803 | fi | ||
2804 | |||
2805 | test -n "$FILEPRIV" && break | ||
2806 | done | ||
2807 | test -n "$FILEPRIV" || FILEPRIV="true" | ||
2808 | |||
2809 | # Extract the first word of "bash", so it can be a program name with args. | 2763 | # Extract the first word of "bash", so it can be a program name with args. |
2810 | set dummy bash; ac_word=$2 | 2764 | set dummy bash; ac_word=$2 |
2811 | echo "$as_me:$LINENO: checking for $ac_word" >&5 | 2765 | echo "$as_me:$LINENO: checking for $ac_word" >&5 |
@@ -3622,6 +3576,72 @@ if test $ac_cv_func_authenticate = yes; then | |||
3622 | #define WITH_AIXAUTHENTICATE 1 | 3576 | #define WITH_AIXAUTHENTICATE 1 |
3623 | _ACEOF | 3577 | _ACEOF |
3624 | 3578 | ||
3579 | else | ||
3580 | echo "$as_me:$LINENO: checking for authenticate in -ls" >&5 | ||
3581 | echo $ECHO_N "checking for authenticate in -ls... $ECHO_C" >&6 | ||
3582 | if test "${ac_cv_lib_s_authenticate+set}" = set; then | ||
3583 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
3584 | else | ||
3585 | ac_check_lib_save_LIBS=$LIBS | ||
3586 | LIBS="-ls $LIBS" | ||
3587 | cat >conftest.$ac_ext <<_ACEOF | ||
3588 | #line $LINENO "configure" | ||
3589 | #include "confdefs.h" | ||
3590 | |||
3591 | /* Override any gcc2 internal prototype to avoid an error. */ | ||
3592 | #ifdef __cplusplus | ||
3593 | extern "C" | ||
3594 | #endif | ||
3595 | /* We use char because int might match the return type of a gcc2 | ||
3596 | builtin and then its argument prototype would still apply. */ | ||
3597 | char authenticate (); | ||
3598 | #ifdef F77_DUMMY_MAIN | ||
3599 | # ifdef __cplusplus | ||
3600 | extern "C" | ||
3601 | # endif | ||
3602 | int F77_DUMMY_MAIN() { return 1; } | ||
3603 | #endif | ||
3604 | int | ||
3605 | main () | ||
3606 | { | ||
3607 | authenticate (); | ||
3608 | ; | ||
3609 | return 0; | ||
3610 | } | ||
3611 | _ACEOF | ||
3612 | rm -f conftest.$ac_objext conftest$ac_exeext | ||
3613 | if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 | ||
3614 | (eval $ac_link) 2>&5 | ||
3615 | ac_status=$? | ||
3616 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
3617 | (exit $ac_status); } && | ||
3618 | { ac_try='test -s conftest$ac_exeext' | ||
3619 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
3620 | (eval $ac_try) 2>&5 | ||
3621 | ac_status=$? | ||
3622 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
3623 | (exit $ac_status); }; }; then | ||
3624 | ac_cv_lib_s_authenticate=yes | ||
3625 | else | ||
3626 | echo "$as_me: failed program was:" >&5 | ||
3627 | cat conftest.$ac_ext >&5 | ||
3628 | ac_cv_lib_s_authenticate=no | ||
3629 | fi | ||
3630 | rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext | ||
3631 | LIBS=$ac_check_lib_save_LIBS | ||
3632 | fi | ||
3633 | echo "$as_me:$LINENO: result: $ac_cv_lib_s_authenticate" >&5 | ||
3634 | echo "${ECHO_T}$ac_cv_lib_s_authenticate" >&6 | ||
3635 | if test $ac_cv_lib_s_authenticate = yes; then | ||
3636 | cat >>confdefs.h <<\_ACEOF | ||
3637 | #define WITH_AIXAUTHENTICATE 1 | ||
3638 | _ACEOF | ||
3639 | |||
3640 | LIBS="$LIBS -ls" | ||
3641 | |||
3642 | fi | ||
3643 | |||
3644 | |||
3625 | fi | 3645 | fi |
3626 | 3646 | ||
3627 | cat >>confdefs.h <<\_ACEOF | 3647 | cat >>confdefs.h <<\_ACEOF |
@@ -3668,7 +3688,11 @@ _ACEOF | |||
3668 | _ACEOF | 3688 | _ACEOF |
3669 | 3689 | ||
3670 | cat >>confdefs.h <<\_ACEOF | 3690 | cat >>confdefs.h <<\_ACEOF |
3671 | #define BROKEN_FD_PASSING 1 | 3691 | #define NO_IPPORT_RESERVED_CONCEPT 1 |
3692 | _ACEOF | ||
3693 | |||
3694 | cat >>confdefs.h <<\_ACEOF | ||
3695 | #define DISABLE_FD_PASSING 1 | ||
3672 | _ACEOF | 3696 | _ACEOF |
3673 | 3697 | ||
3674 | cat >>confdefs.h <<\_ACEOF | 3698 | cat >>confdefs.h <<\_ACEOF |
@@ -3683,10 +3707,49 @@ _ACEOF | |||
3683 | 3707 | ||
3684 | ;; | 3708 | ;; |
3685 | *-*-darwin*) | 3709 | *-*-darwin*) |
3710 | echo "$as_me:$LINENO: checking if we have working getaddrinfo" >&5 | ||
3711 | echo $ECHO_N "checking if we have working getaddrinfo... $ECHO_C" >&6 | ||
3712 | if test "$cross_compiling" = yes; then | ||
3713 | echo "$as_me:$LINENO: result: assume it is working" >&5 | ||
3714 | echo "${ECHO_T}assume it is working" >&6 | ||
3715 | else | ||
3716 | cat >conftest.$ac_ext <<_ACEOF | ||
3717 | #line $LINENO "configure" | ||
3718 | #include "confdefs.h" | ||
3719 | #include <mach-o/dyld.h> | ||
3720 | main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | ||
3721 | exit(0); | ||
3722 | else | ||
3723 | exit(1); | ||
3724 | } | ||
3725 | _ACEOF | ||
3726 | rm -f conftest$ac_exeext | ||
3727 | if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 | ||
3728 | (eval $ac_link) 2>&5 | ||
3729 | ac_status=$? | ||
3730 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
3731 | (exit $ac_status); } && { ac_try='./conftest$ac_exeext' | ||
3732 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
3733 | (eval $ac_try) 2>&5 | ||
3734 | ac_status=$? | ||
3735 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
3736 | (exit $ac_status); }; }; then | ||
3737 | echo "$as_me:$LINENO: result: working" >&5 | ||
3738 | echo "${ECHO_T}working" >&6 | ||
3739 | else | ||
3740 | echo "$as_me: program exited with status $ac_status" >&5 | ||
3741 | echo "$as_me: failed program was:" >&5 | ||
3742 | cat conftest.$ac_ext >&5 | ||
3743 | ( exit $ac_status ) | ||
3744 | echo "$as_me:$LINENO: result: buggy" >&5 | ||
3745 | echo "${ECHO_T}buggy" >&6 | ||
3686 | cat >>confdefs.h <<\_ACEOF | 3746 | cat >>confdefs.h <<\_ACEOF |
3687 | #define BROKEN_GETADDRINFO 1 | 3747 | #define BROKEN_GETADDRINFO 1 |
3688 | _ACEOF | 3748 | _ACEOF |
3689 | 3749 | ||
3750 | fi | ||
3751 | rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext | ||
3752 | fi | ||
3690 | ;; | 3753 | ;; |
3691 | *-*-hpux10.26) | 3754 | *-*-hpux10.26) |
3692 | if test -z "$GCC"; then | 3755 | if test -z "$GCC"; then |
@@ -3722,7 +3785,76 @@ _ACEOF | |||
3722 | #define SPT_TYPE SPT_PSTAT | 3785 | #define SPT_TYPE SPT_PSTAT |
3723 | _ACEOF | 3786 | _ACEOF |
3724 | 3787 | ||
3725 | LIBS="$LIBS -lxnet -lsec -lsecpw" | 3788 | LIBS="$LIBS -lsec -lsecpw" |
3789 | |||
3790 | echo "$as_me:$LINENO: checking for t_error in -lxnet" >&5 | ||
3791 | echo $ECHO_N "checking for t_error in -lxnet... $ECHO_C" >&6 | ||
3792 | if test "${ac_cv_lib_xnet_t_error+set}" = set; then | ||
3793 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
3794 | else | ||
3795 | ac_check_lib_save_LIBS=$LIBS | ||
3796 | LIBS="-lxnet $LIBS" | ||
3797 | cat >conftest.$ac_ext <<_ACEOF | ||
3798 | #line $LINENO "configure" | ||
3799 | #include "confdefs.h" | ||
3800 | |||
3801 | /* Override any gcc2 internal prototype to avoid an error. */ | ||
3802 | #ifdef __cplusplus | ||
3803 | extern "C" | ||
3804 | #endif | ||
3805 | /* We use char because int might match the return type of a gcc2 | ||
3806 | builtin and then its argument prototype would still apply. */ | ||
3807 | char t_error (); | ||
3808 | #ifdef F77_DUMMY_MAIN | ||
3809 | # ifdef __cplusplus | ||
3810 | extern "C" | ||
3811 | # endif | ||
3812 | int F77_DUMMY_MAIN() { return 1; } | ||
3813 | #endif | ||
3814 | int | ||
3815 | main () | ||
3816 | { | ||
3817 | t_error (); | ||
3818 | ; | ||
3819 | return 0; | ||
3820 | } | ||
3821 | _ACEOF | ||
3822 | rm -f conftest.$ac_objext conftest$ac_exeext | ||
3823 | if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 | ||
3824 | (eval $ac_link) 2>&5 | ||
3825 | ac_status=$? | ||
3826 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
3827 | (exit $ac_status); } && | ||
3828 | { ac_try='test -s conftest$ac_exeext' | ||
3829 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
3830 | (eval $ac_try) 2>&5 | ||
3831 | ac_status=$? | ||
3832 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
3833 | (exit $ac_status); }; }; then | ||
3834 | ac_cv_lib_xnet_t_error=yes | ||
3835 | else | ||
3836 | echo "$as_me: failed program was:" >&5 | ||
3837 | cat conftest.$ac_ext >&5 | ||
3838 | ac_cv_lib_xnet_t_error=no | ||
3839 | fi | ||
3840 | rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext | ||
3841 | LIBS=$ac_check_lib_save_LIBS | ||
3842 | fi | ||
3843 | echo "$as_me:$LINENO: result: $ac_cv_lib_xnet_t_error" >&5 | ||
3844 | echo "${ECHO_T}$ac_cv_lib_xnet_t_error" >&6 | ||
3845 | if test $ac_cv_lib_xnet_t_error = yes; then | ||
3846 | cat >>confdefs.h <<_ACEOF | ||
3847 | #define HAVE_LIBXNET 1 | ||
3848 | _ACEOF | ||
3849 | |||
3850 | LIBS="-lxnet $LIBS" | ||
3851 | |||
3852 | else | ||
3853 | { { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5 | ||
3854 | echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;} | ||
3855 | { (exit 1); exit 1; }; } | ||
3856 | fi | ||
3857 | |||
3726 | disable_ptmx_check=yes | 3858 | disable_ptmx_check=yes |
3727 | ;; | 3859 | ;; |
3728 | *-*-hpux10*) | 3860 | *-*-hpux10*) |
@@ -3755,7 +3887,76 @@ _ACEOF | |||
3755 | #define SPT_TYPE SPT_PSTAT | 3887 | #define SPT_TYPE SPT_PSTAT |
3756 | _ACEOF | 3888 | _ACEOF |
3757 | 3889 | ||
3758 | LIBS="$LIBS -lxnet -lsec" | 3890 | LIBS="$LIBS -lsec" |
3891 | |||
3892 | echo "$as_me:$LINENO: checking for t_error in -lxnet" >&5 | ||
3893 | echo $ECHO_N "checking for t_error in -lxnet... $ECHO_C" >&6 | ||
3894 | if test "${ac_cv_lib_xnet_t_error+set}" = set; then | ||
3895 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
3896 | else | ||
3897 | ac_check_lib_save_LIBS=$LIBS | ||
3898 | LIBS="-lxnet $LIBS" | ||
3899 | cat >conftest.$ac_ext <<_ACEOF | ||
3900 | #line $LINENO "configure" | ||
3901 | #include "confdefs.h" | ||
3902 | |||
3903 | /* Override any gcc2 internal prototype to avoid an error. */ | ||
3904 | #ifdef __cplusplus | ||
3905 | extern "C" | ||
3906 | #endif | ||
3907 | /* We use char because int might match the return type of a gcc2 | ||
3908 | builtin and then its argument prototype would still apply. */ | ||
3909 | char t_error (); | ||
3910 | #ifdef F77_DUMMY_MAIN | ||
3911 | # ifdef __cplusplus | ||
3912 | extern "C" | ||
3913 | # endif | ||
3914 | int F77_DUMMY_MAIN() { return 1; } | ||
3915 | #endif | ||
3916 | int | ||
3917 | main () | ||
3918 | { | ||
3919 | t_error (); | ||
3920 | ; | ||
3921 | return 0; | ||
3922 | } | ||
3923 | _ACEOF | ||
3924 | rm -f conftest.$ac_objext conftest$ac_exeext | ||
3925 | if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 | ||
3926 | (eval $ac_link) 2>&5 | ||
3927 | ac_status=$? | ||
3928 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
3929 | (exit $ac_status); } && | ||
3930 | { ac_try='test -s conftest$ac_exeext' | ||
3931 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
3932 | (eval $ac_try) 2>&5 | ||
3933 | ac_status=$? | ||
3934 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
3935 | (exit $ac_status); }; }; then | ||
3936 | ac_cv_lib_xnet_t_error=yes | ||
3937 | else | ||
3938 | echo "$as_me: failed program was:" >&5 | ||
3939 | cat conftest.$ac_ext >&5 | ||
3940 | ac_cv_lib_xnet_t_error=no | ||
3941 | fi | ||
3942 | rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext | ||
3943 | LIBS=$ac_check_lib_save_LIBS | ||
3944 | fi | ||
3945 | echo "$as_me:$LINENO: result: $ac_cv_lib_xnet_t_error" >&5 | ||
3946 | echo "${ECHO_T}$ac_cv_lib_xnet_t_error" >&6 | ||
3947 | if test $ac_cv_lib_xnet_t_error = yes; then | ||
3948 | cat >>confdefs.h <<_ACEOF | ||
3949 | #define HAVE_LIBXNET 1 | ||
3950 | _ACEOF | ||
3951 | |||
3952 | LIBS="-lxnet $LIBS" | ||
3953 | |||
3954 | else | ||
3955 | { { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5 | ||
3956 | echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;} | ||
3957 | { (exit 1); exit 1; }; } | ||
3958 | fi | ||
3959 | |||
3759 | ;; | 3960 | ;; |
3760 | *-*-hpux11*) | 3961 | *-*-hpux11*) |
3761 | CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" | 3962 | CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" |
@@ -3788,7 +3989,76 @@ _ACEOF | |||
3788 | #define SPT_TYPE SPT_PSTAT | 3989 | #define SPT_TYPE SPT_PSTAT |
3789 | _ACEOF | 3990 | _ACEOF |
3790 | 3991 | ||
3791 | LIBS="$LIBS -lxnet -lsec" | 3992 | LIBS="$LIBS -lsec" |
3993 | |||
3994 | echo "$as_me:$LINENO: checking for t_error in -lxnet" >&5 | ||
3995 | echo $ECHO_N "checking for t_error in -lxnet... $ECHO_C" >&6 | ||
3996 | if test "${ac_cv_lib_xnet_t_error+set}" = set; then | ||
3997 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
3998 | else | ||
3999 | ac_check_lib_save_LIBS=$LIBS | ||
4000 | LIBS="-lxnet $LIBS" | ||
4001 | cat >conftest.$ac_ext <<_ACEOF | ||
4002 | #line $LINENO "configure" | ||
4003 | #include "confdefs.h" | ||
4004 | |||
4005 | /* Override any gcc2 internal prototype to avoid an error. */ | ||
4006 | #ifdef __cplusplus | ||
4007 | extern "C" | ||
4008 | #endif | ||
4009 | /* We use char because int might match the return type of a gcc2 | ||
4010 | builtin and then its argument prototype would still apply. */ | ||
4011 | char t_error (); | ||
4012 | #ifdef F77_DUMMY_MAIN | ||
4013 | # ifdef __cplusplus | ||
4014 | extern "C" | ||
4015 | # endif | ||
4016 | int F77_DUMMY_MAIN() { return 1; } | ||
4017 | #endif | ||
4018 | int | ||
4019 | main () | ||
4020 | { | ||
4021 | t_error (); | ||
4022 | ; | ||
4023 | return 0; | ||
4024 | } | ||
4025 | _ACEOF | ||
4026 | rm -f conftest.$ac_objext conftest$ac_exeext | ||
4027 | if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 | ||
4028 | (eval $ac_link) 2>&5 | ||
4029 | ac_status=$? | ||
4030 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
4031 | (exit $ac_status); } && | ||
4032 | { ac_try='test -s conftest$ac_exeext' | ||
4033 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
4034 | (eval $ac_try) 2>&5 | ||
4035 | ac_status=$? | ||
4036 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
4037 | (exit $ac_status); }; }; then | ||
4038 | ac_cv_lib_xnet_t_error=yes | ||
4039 | else | ||
4040 | echo "$as_me: failed program was:" >&5 | ||
4041 | cat conftest.$ac_ext >&5 | ||
4042 | ac_cv_lib_xnet_t_error=no | ||
4043 | fi | ||
4044 | rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext | ||
4045 | LIBS=$ac_check_lib_save_LIBS | ||
4046 | fi | ||
4047 | echo "$as_me:$LINENO: result: $ac_cv_lib_xnet_t_error" >&5 | ||
4048 | echo "${ECHO_T}$ac_cv_lib_xnet_t_error" >&6 | ||
4049 | if test $ac_cv_lib_xnet_t_error = yes; then | ||
4050 | cat >>confdefs.h <<_ACEOF | ||
4051 | #define HAVE_LIBXNET 1 | ||
4052 | _ACEOF | ||
4053 | |||
4054 | LIBS="-lxnet $LIBS" | ||
4055 | |||
4056 | else | ||
4057 | { { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5 | ||
4058 | echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;} | ||
4059 | { (exit 1); exit 1; }; } | ||
4060 | fi | ||
4061 | |||
3792 | ;; | 4062 | ;; |
3793 | *-*-irix5*) | 4063 | *-*-irix5*) |
3794 | CPPFLAGS="$CPPFLAGS -I/usr/local/include" | 4064 | CPPFLAGS="$CPPFLAGS -I/usr/local/include" |
@@ -3920,6 +4190,7 @@ _ACEOF | |||
3920 | SONY=1 | 4190 | SONY=1 |
3921 | ;; | 4191 | ;; |
3922 | *-*-netbsd*) | 4192 | *-*-netbsd*) |
4193 | check_for_libcrypt_before=1 | ||
3923 | need_dash_r=1 | 4194 | need_dash_r=1 |
3924 | ;; | 4195 | ;; |
3925 | *-*-freebsd*) | 4196 | *-*-freebsd*) |
@@ -4250,7 +4521,7 @@ _ACEOF | |||
4250 | _ACEOF | 4521 | _ACEOF |
4251 | 4522 | ||
4252 | cat >>confdefs.h <<\_ACEOF | 4523 | cat >>confdefs.h <<\_ACEOF |
4253 | #define BROKEN_FD_PASSING 1 | 4524 | #define DISABLE_FD_PASSING 1 |
4254 | _ACEOF | 4525 | _ACEOF |
4255 | 4526 | ||
4256 | 4527 | ||
@@ -4332,6 +4603,21 @@ done | |||
4332 | 4603 | ||
4333 | MANTYPE=man | 4604 | MANTYPE=man |
4334 | ;; | 4605 | ;; |
4606 | *-*-unicosmk*) | ||
4607 | no_libsocket=1 | ||
4608 | no_libnsl=1 | ||
4609 | cat >>confdefs.h <<\_ACEOF | ||
4610 | #define USE_PIPES 1 | ||
4611 | _ACEOF | ||
4612 | |||
4613 | cat >>confdefs.h <<\_ACEOF | ||
4614 | #define DISABLE_FD_PASSING 1 | ||
4615 | _ACEOF | ||
4616 | |||
4617 | LDFLAGS="$LDFLAGS" | ||
4618 | LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" | ||
4619 | MANTYPE=cat | ||
4620 | ;; | ||
4335 | *-*-unicos*) | 4621 | *-*-unicos*) |
4336 | no_libsocket=1 | 4622 | no_libsocket=1 |
4337 | no_libnsl=1 | 4623 | no_libnsl=1 |
@@ -4340,11 +4626,16 @@ done | |||
4340 | _ACEOF | 4626 | _ACEOF |
4341 | 4627 | ||
4342 | cat >>confdefs.h <<\_ACEOF | 4628 | cat >>confdefs.h <<\_ACEOF |
4343 | #define BROKEN_FD_PASSING 1 | 4629 | #define DISABLE_FD_PASSING 1 |
4630 | _ACEOF | ||
4631 | |||
4632 | cat >>confdefs.h <<\_ACEOF | ||
4633 | #define NO_SSH_LASTLOG 1 | ||
4344 | _ACEOF | 4634 | _ACEOF |
4345 | 4635 | ||
4346 | LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal,-L/usr/local/lib" | 4636 | LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" |
4347 | LIBS="$LIBS -lgen -lrsc" | 4637 | LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" |
4638 | MANTYPE=cat | ||
4348 | ;; | 4639 | ;; |
4349 | *-dec-osf*) | 4640 | *-dec-osf*) |
4350 | echo "$as_me:$LINENO: checking for Digital Unix SIA" >&5 | 4641 | echo "$as_me:$LINENO: checking for Digital Unix SIA" >&5 |
@@ -4691,15 +4982,17 @@ done | |||
4691 | 4982 | ||
4692 | 4983 | ||
4693 | 4984 | ||
4985 | |||
4986 | |||
4694 | for ac_header in bstring.h crypt.h endian.h floatingpoint.h \ | 4987 | for ac_header in bstring.h crypt.h endian.h floatingpoint.h \ |
4695 | getopt.h glob.h lastlog.h limits.h login.h \ | 4988 | getopt.h glob.h ia.h lastlog.h limits.h login.h \ |
4696 | login_cap.h maillock.h netdb.h netgroup.h \ | 4989 | login_cap.h maillock.h netdb.h netgroup.h \ |
4697 | netinet/in_systm.h paths.h pty.h readpassphrase.h \ | 4990 | netinet/in_systm.h paths.h pty.h readpassphrase.h \ |
4698 | rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ | 4991 | rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ |
4699 | strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ | 4992 | strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ |
4700 | sys/mman.h sys/select.h sys/stat.h \ | 4993 | sys/mman.h sys/select.h sys/stat.h \ |
4701 | sys/stropts.h sys/sysmacros.h sys/time.h \ | 4994 | sys/stropts.h sys/sysmacros.h sys/time.h \ |
4702 | sys/un.h time.h ttyent.h usersec.h \ | 4995 | sys/un.h time.h tmpdir.h ttyent.h usersec.h \ |
4703 | util.h utime.h utmp.h utmpx.h | 4996 | util.h utime.h utmp.h utmpx.h |
4704 | do | 4997 | do |
4705 | as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` | 4998 | as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` |
@@ -5646,7 +5939,11 @@ fi | |||
5646 | echo "$as_me:$LINENO: result: $ac_cv_lib_c89_utimes" >&5 | 5939 | echo "$as_me:$LINENO: result: $ac_cv_lib_c89_utimes" >&5 |
5647 | echo "${ECHO_T}$ac_cv_lib_c89_utimes" >&6 | 5940 | echo "${ECHO_T}$ac_cv_lib_c89_utimes" >&6 |
5648 | if test $ac_cv_lib_c89_utimes = yes; then | 5941 | if test $ac_cv_lib_c89_utimes = yes; then |
5649 | LIBS="$LIBS -lc89" | 5942 | cat >>confdefs.h <<\_ACEOF |
5943 | #define HAVE_UTIMES 1 | ||
5944 | _ACEOF | ||
5945 | |||
5946 | LIBS="$LIBS -lc89" | ||
5650 | fi | 5947 | fi |
5651 | 5948 | ||
5652 | 5949 | ||
@@ -6176,7 +6473,7 @@ else | |||
6176 | 6473 | ||
6177 | #include <sys/types.h> | 6474 | #include <sys/types.h> |
6178 | #include <dirent.h> | 6475 | #include <dirent.h> |
6179 | int main(void){struct dirent d;return(sizeof(d.d_name)<=sizeof(char));} | 6476 | int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));} |
6180 | 6477 | ||
6181 | _ACEOF | 6478 | _ACEOF |
6182 | rm -f conftest$ac_exeext | 6479 | rm -f conftest$ac_exeext |
@@ -6244,7 +6541,7 @@ else | |||
6244 | 6541 | ||
6245 | #include <stdio.h> | 6542 | #include <stdio.h> |
6246 | #include <skey.h> | 6543 | #include <skey.h> |
6247 | int main() { char *ff = skey_keyinfo(""); ff=""; return 0; } | 6544 | int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); } |
6248 | 6545 | ||
6249 | _ACEOF | 6546 | _ACEOF |
6250 | rm -f conftest$ac_exeext | 6547 | rm -f conftest$ac_exeext |
@@ -6442,9 +6739,10 @@ fi; | |||
6442 | 6739 | ||
6443 | 6740 | ||
6444 | 6741 | ||
6742 | |||
6445 | for ac_func in arc4random b64_ntop bcopy bindresvport_sa \ | 6743 | for ac_func in arc4random b64_ntop bcopy bindresvport_sa \ |
6446 | clock fchmod fchown freeaddrinfo futimes gai_strerror \ | 6744 | clock fchmod fchown freeaddrinfo futimes gai_strerror \ |
6447 | getaddrinfo getcwd getgrouplist getnameinfo getopt \ | 6745 | getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\ |
6448 | getrlimit getrusage getttyent glob inet_aton inet_ntoa \ | 6746 | getrlimit getrusage getttyent glob inet_aton inet_ntoa \ |
6449 | inet_ntop innetgr login_getcapbool md5_crypt memmove \ | 6747 | inet_ntop innetgr login_getcapbool md5_crypt memmove \ |
6450 | mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \ | 6748 | mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \ |
@@ -6528,63 +6826,6 @@ fi | |||
6528 | done | 6826 | done |
6529 | 6827 | ||
6530 | 6828 | ||
6531 | if test $ac_cv_func_mmap = yes ; then | ||
6532 | echo "$as_me:$LINENO: checking for mmap anon shared" >&5 | ||
6533 | echo $ECHO_N "checking for mmap anon shared... $ECHO_C" >&6 | ||
6534 | if test "$cross_compiling" = yes; then | ||
6535 | { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5 | ||
6536 | echo "$as_me: error: cannot run test program while cross compiling" >&2;} | ||
6537 | { (exit 1); exit 1; }; } | ||
6538 | else | ||
6539 | cat >conftest.$ac_ext <<_ACEOF | ||
6540 | #line $LINENO "configure" | ||
6541 | #include "confdefs.h" | ||
6542 | |||
6543 | #include <stdio.h> | ||
6544 | #include <sys/mman.h> | ||
6545 | #if !defined(MAP_ANON) && defined(MAP_ANONYMOUS) | ||
6546 | #define MAP_ANON MAP_ANONYMOUS | ||
6547 | #endif | ||
6548 | main() { char *p; | ||
6549 | p = (char *) mmap(NULL, 10, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0); | ||
6550 | if (p == (char *)-1) | ||
6551 | exit(1); | ||
6552 | exit(0); | ||
6553 | } | ||
6554 | |||
6555 | _ACEOF | ||
6556 | rm -f conftest$ac_exeext | ||
6557 | if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 | ||
6558 | (eval $ac_link) 2>&5 | ||
6559 | ac_status=$? | ||
6560 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
6561 | (exit $ac_status); } && { ac_try='./conftest$ac_exeext' | ||
6562 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
6563 | (eval $ac_try) 2>&5 | ||
6564 | ac_status=$? | ||
6565 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
6566 | (exit $ac_status); }; }; then | ||
6567 | |||
6568 | echo "$as_me:$LINENO: result: yes" >&5 | ||
6569 | echo "${ECHO_T}yes" >&6 | ||
6570 | cat >>confdefs.h <<\_ACEOF | ||
6571 | #define HAVE_MMAP_ANON_SHARED 1 | ||
6572 | _ACEOF | ||
6573 | |||
6574 | |||
6575 | else | ||
6576 | echo "$as_me: program exited with status $ac_status" >&5 | ||
6577 | echo "$as_me: failed program was:" >&5 | ||
6578 | cat conftest.$ac_ext >&5 | ||
6579 | ( exit $ac_status ) | ||
6580 | echo "$as_me:$LINENO: result: no" >&5 | ||
6581 | echo "${ECHO_T}no" >&6 | ||
6582 | |||
6583 | fi | ||
6584 | rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext | ||
6585 | fi | ||
6586 | fi | ||
6587 | |||
6588 | 6829 | ||
6589 | for ac_func in dirname | 6830 | for ac_func in dirname |
6590 | do | 6831 | do |
@@ -7697,7 +7938,7 @@ else | |||
7697 | #include "confdefs.h" | 7938 | #include "confdefs.h" |
7698 | 7939 | ||
7699 | #include <stdio.h> | 7940 | #include <stdio.h> |
7700 | int main(void){char b[5];snprintf(b,5,"123456789");return(b[4]!='\0');} | 7941 | int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');} |
7701 | 7942 | ||
7702 | _ACEOF | 7943 | _ACEOF |
7703 | rm -f conftest$ac_exeext | 7944 | rm -f conftest$ac_exeext |
@@ -8090,6 +8331,76 @@ fi | |||
8090 | rm -f conftest.$ac_objext conftest.$ac_ext | 8331 | rm -f conftest.$ac_objext conftest.$ac_ext |
8091 | fi | 8332 | fi |
8092 | 8333 | ||
8334 | # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, | ||
8335 | # because the system crypt() is more featureful. | ||
8336 | if test "x$check_for_libcrypt_before" = "x1"; then | ||
8337 | |||
8338 | echo "$as_me:$LINENO: checking for crypt in -lcrypt" >&5 | ||
8339 | echo $ECHO_N "checking for crypt in -lcrypt... $ECHO_C" >&6 | ||
8340 | if test "${ac_cv_lib_crypt_crypt+set}" = set; then | ||
8341 | echo $ECHO_N "(cached) $ECHO_C" >&6 | ||
8342 | else | ||
8343 | ac_check_lib_save_LIBS=$LIBS | ||
8344 | LIBS="-lcrypt $LIBS" | ||
8345 | cat >conftest.$ac_ext <<_ACEOF | ||
8346 | #line $LINENO "configure" | ||
8347 | #include "confdefs.h" | ||
8348 | |||
8349 | /* Override any gcc2 internal prototype to avoid an error. */ | ||
8350 | #ifdef __cplusplus | ||
8351 | extern "C" | ||
8352 | #endif | ||
8353 | /* We use char because int might match the return type of a gcc2 | ||
8354 | builtin and then its argument prototype would still apply. */ | ||
8355 | char crypt (); | ||
8356 | #ifdef F77_DUMMY_MAIN | ||
8357 | # ifdef __cplusplus | ||
8358 | extern "C" | ||
8359 | # endif | ||
8360 | int F77_DUMMY_MAIN() { return 1; } | ||
8361 | #endif | ||
8362 | int | ||
8363 | main () | ||
8364 | { | ||
8365 | crypt (); | ||
8366 | ; | ||
8367 | return 0; | ||
8368 | } | ||
8369 | _ACEOF | ||
8370 | rm -f conftest.$ac_objext conftest$ac_exeext | ||
8371 | if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 | ||
8372 | (eval $ac_link) 2>&5 | ||
8373 | ac_status=$? | ||
8374 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
8375 | (exit $ac_status); } && | ||
8376 | { ac_try='test -s conftest$ac_exeext' | ||
8377 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
8378 | (eval $ac_try) 2>&5 | ||
8379 | ac_status=$? | ||
8380 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
8381 | (exit $ac_status); }; }; then | ||
8382 | ac_cv_lib_crypt_crypt=yes | ||
8383 | else | ||
8384 | echo "$as_me: failed program was:" >&5 | ||
8385 | cat conftest.$ac_ext >&5 | ||
8386 | ac_cv_lib_crypt_crypt=no | ||
8387 | fi | ||
8388 | rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext | ||
8389 | LIBS=$ac_check_lib_save_LIBS | ||
8390 | fi | ||
8391 | echo "$as_me:$LINENO: result: $ac_cv_lib_crypt_crypt" >&5 | ||
8392 | echo "${ECHO_T}$ac_cv_lib_crypt_crypt" >&6 | ||
8393 | if test $ac_cv_lib_crypt_crypt = yes; then | ||
8394 | cat >>confdefs.h <<_ACEOF | ||
8395 | #define HAVE_LIBCRYPT 1 | ||
8396 | _ACEOF | ||
8397 | |||
8398 | LIBS="-lcrypt $LIBS" | ||
8399 | |||
8400 | fi | ||
8401 | |||
8402 | fi | ||
8403 | |||
8093 | # Search for OpenSSL | 8404 | # Search for OpenSSL |
8094 | saved_CPPFLAGS="$CPPFLAGS" | 8405 | saved_CPPFLAGS="$CPPFLAGS" |
8095 | saved_LDFLAGS="$LDFLAGS" | 8406 | saved_LDFLAGS="$LDFLAGS" |
@@ -8230,6 +8541,134 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext | |||
8230 | fi | 8541 | fi |
8231 | rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext | 8542 | rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext |
8232 | 8543 | ||
8544 | # Determine OpenSSL header version | ||
8545 | echo "$as_me:$LINENO: checking OpenSSL header version" >&5 | ||
8546 | echo $ECHO_N "checking OpenSSL header version... $ECHO_C" >&6 | ||
8547 | if test "$cross_compiling" = yes; then | ||
8548 | { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5 | ||
8549 | echo "$as_me: error: cannot run test program while cross compiling" >&2;} | ||
8550 | { (exit 1); exit 1; }; } | ||
8551 | else | ||
8552 | cat >conftest.$ac_ext <<_ACEOF | ||
8553 | #line $LINENO "configure" | ||
8554 | #include "confdefs.h" | ||
8555 | |||
8556 | #include <stdio.h> | ||
8557 | #include <string.h> | ||
8558 | #include <openssl/opensslv.h> | ||
8559 | #define DATA "conftest.sslincver" | ||
8560 | int main(void) { | ||
8561 | FILE *fd; | ||
8562 | int rc; | ||
8563 | |||
8564 | fd = fopen(DATA,"w"); | ||
8565 | if(fd == NULL) | ||
8566 | exit(1); | ||
8567 | |||
8568 | if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) | ||
8569 | exit(1); | ||
8570 | |||
8571 | exit(0); | ||
8572 | } | ||
8573 | |||
8574 | _ACEOF | ||
8575 | rm -f conftest$ac_exeext | ||
8576 | if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 | ||
8577 | (eval $ac_link) 2>&5 | ||
8578 | ac_status=$? | ||
8579 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
8580 | (exit $ac_status); } && { ac_try='./conftest$ac_exeext' | ||
8581 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
8582 | (eval $ac_try) 2>&5 | ||
8583 | ac_status=$? | ||
8584 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
8585 | (exit $ac_status); }; }; then | ||
8586 | |||
8587 | ssl_header_ver=`cat conftest.sslincver` | ||
8588 | echo "$as_me:$LINENO: result: $ssl_header_ver" >&5 | ||
8589 | echo "${ECHO_T}$ssl_header_ver" >&6 | ||
8590 | |||
8591 | else | ||
8592 | echo "$as_me: program exited with status $ac_status" >&5 | ||
8593 | echo "$as_me: failed program was:" >&5 | ||
8594 | cat conftest.$ac_ext >&5 | ||
8595 | ( exit $ac_status ) | ||
8596 | |||
8597 | echo "$as_me:$LINENO: result: not found" >&5 | ||
8598 | echo "${ECHO_T}not found" >&6 | ||
8599 | { { echo "$as_me:$LINENO: error: OpenSSL version header not found." >&5 | ||
8600 | echo "$as_me: error: OpenSSL version header not found." >&2;} | ||
8601 | { (exit 1); exit 1; }; } | ||
8602 | |||
8603 | |||
8604 | fi | ||
8605 | rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext | ||
8606 | fi | ||
8607 | |||
8608 | # Determine OpenSSL library version | ||
8609 | echo "$as_me:$LINENO: checking OpenSSL library version" >&5 | ||
8610 | echo $ECHO_N "checking OpenSSL library version... $ECHO_C" >&6 | ||
8611 | if test "$cross_compiling" = yes; then | ||
8612 | { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling" >&5 | ||
8613 | echo "$as_me: error: cannot run test program while cross compiling" >&2;} | ||
8614 | { (exit 1); exit 1; }; } | ||
8615 | else | ||
8616 | cat >conftest.$ac_ext <<_ACEOF | ||
8617 | #line $LINENO "configure" | ||
8618 | #include "confdefs.h" | ||
8619 | |||
8620 | #include <stdio.h> | ||
8621 | #include <string.h> | ||
8622 | #include <openssl/opensslv.h> | ||
8623 | #include <openssl/crypto.h> | ||
8624 | #define DATA "conftest.ssllibver" | ||
8625 | int main(void) { | ||
8626 | FILE *fd; | ||
8627 | int rc; | ||
8628 | |||
8629 | fd = fopen(DATA,"w"); | ||
8630 | if(fd == NULL) | ||
8631 | exit(1); | ||
8632 | |||
8633 | if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0) | ||
8634 | exit(1); | ||
8635 | |||
8636 | exit(0); | ||
8637 | } | ||
8638 | |||
8639 | _ACEOF | ||
8640 | rm -f conftest$ac_exeext | ||
8641 | if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 | ||
8642 | (eval $ac_link) 2>&5 | ||
8643 | ac_status=$? | ||
8644 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
8645 | (exit $ac_status); } && { ac_try='./conftest$ac_exeext' | ||
8646 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
8647 | (eval $ac_try) 2>&5 | ||
8648 | ac_status=$? | ||
8649 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
8650 | (exit $ac_status); }; }; then | ||
8651 | |||
8652 | ssl_library_ver=`cat conftest.ssllibver` | ||
8653 | echo "$as_me:$LINENO: result: $ssl_library_ver" >&5 | ||
8654 | echo "${ECHO_T}$ssl_library_ver" >&6 | ||
8655 | |||
8656 | else | ||
8657 | echo "$as_me: program exited with status $ac_status" >&5 | ||
8658 | echo "$as_me: failed program was:" >&5 | ||
8659 | cat conftest.$ac_ext >&5 | ||
8660 | ( exit $ac_status ) | ||
8661 | |||
8662 | echo "$as_me:$LINENO: result: not found" >&5 | ||
8663 | echo "${ECHO_T}not found" >&6 | ||
8664 | { { echo "$as_me:$LINENO: error: OpenSSL library not found." >&5 | ||
8665 | echo "$as_me: error: OpenSSL library not found." >&2;} | ||
8666 | { (exit 1); exit 1; }; } | ||
8667 | |||
8668 | |||
8669 | fi | ||
8670 | rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext | ||
8671 | fi | ||
8233 | 8672 | ||
8234 | # Sanity check OpenSSL headers | 8673 | # Sanity check OpenSSL headers |
8235 | echo "$as_me:$LINENO: checking whether OpenSSL's headers match the library" >&5 | 8674 | echo "$as_me:$LINENO: checking whether OpenSSL's headers match the library" >&5 |
@@ -8245,7 +8684,7 @@ else | |||
8245 | 8684 | ||
8246 | #include <string.h> | 8685 | #include <string.h> |
8247 | #include <openssl/opensslv.h> | 8686 | #include <openssl/opensslv.h> |
8248 | int main(void) { return(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } | 8687 | int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } |
8249 | 8688 | ||
8250 | _ACEOF | 8689 | _ACEOF |
8251 | rm -f conftest$ac_exeext | 8690 | rm -f conftest$ac_exeext |
@@ -8361,7 +8800,7 @@ else | |||
8361 | 8800 | ||
8362 | #include <string.h> | 8801 | #include <string.h> |
8363 | #include <openssl/rand.h> | 8802 | #include <openssl/rand.h> |
8364 | int main(void) { return(RAND_status() == 1 ? 0 : 1); } | 8803 | int main(void) { exit(RAND_status() == 1 ? 0 : 1); } |
8365 | 8804 | ||
8366 | _ACEOF | 8805 | _ACEOF |
8367 | rm -f conftest$ac_exeext | 8806 | rm -f conftest$ac_exeext |
@@ -11321,7 +11760,16 @@ else | |||
11321 | cat >conftest.$ac_ext <<_ACEOF | 11760 | cat >conftest.$ac_ext <<_ACEOF |
11322 | #line $LINENO "configure" | 11761 | #line $LINENO "configure" |
11323 | #include "confdefs.h" | 11762 | #include "confdefs.h" |
11324 | #include <sys/types.h> | 11763 | |
11764 | #include <sys/types.h> | ||
11765 | #ifdef HAVE_STDINT_H | ||
11766 | # include <stdint.h> | ||
11767 | #endif | ||
11768 | #include <sys/socket.h> | ||
11769 | #ifdef HAVE_SYS_BITYPES_H | ||
11770 | # include <sys/bitypes.h> | ||
11771 | #endif | ||
11772 | |||
11325 | #ifdef F77_DUMMY_MAIN | 11773 | #ifdef F77_DUMMY_MAIN |
11326 | # ifdef __cplusplus | 11774 | # ifdef __cplusplus |
11327 | extern "C" | 11775 | extern "C" |
@@ -11365,109 +11813,6 @@ if test "x$ac_cv_have_int64_t" = "xyes" ; then | |||
11365 | #define HAVE_INT64_T 1 | 11813 | #define HAVE_INT64_T 1 |
11366 | _ACEOF | 11814 | _ACEOF |
11367 | 11815 | ||
11368 | have_int64_t=1 | ||
11369 | fi | ||
11370 | |||
11371 | if test -z "$have_int64_t" ; then | ||
11372 | echo "$as_me:$LINENO: checking for int64_t type in sys/socket.h" >&5 | ||
11373 | echo $ECHO_N "checking for int64_t type in sys/socket.h... $ECHO_C" >&6 | ||
11374 | cat >conftest.$ac_ext <<_ACEOF | ||
11375 | #line $LINENO "configure" | ||
11376 | #include "confdefs.h" | ||
11377 | #include <sys/socket.h> | ||
11378 | #ifdef F77_DUMMY_MAIN | ||
11379 | # ifdef __cplusplus | ||
11380 | extern "C" | ||
11381 | # endif | ||
11382 | int F77_DUMMY_MAIN() { return 1; } | ||
11383 | #endif | ||
11384 | int | ||
11385 | main () | ||
11386 | { | ||
11387 | int64_t a; a = 1 | ||
11388 | ; | ||
11389 | return 0; | ||
11390 | } | ||
11391 | _ACEOF | ||
11392 | rm -f conftest.$ac_objext | ||
11393 | if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 | ||
11394 | (eval $ac_compile) 2>&5 | ||
11395 | ac_status=$? | ||
11396 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
11397 | (exit $ac_status); } && | ||
11398 | { ac_try='test -s conftest.$ac_objext' | ||
11399 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
11400 | (eval $ac_try) 2>&5 | ||
11401 | ac_status=$? | ||
11402 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
11403 | (exit $ac_status); }; }; then | ||
11404 | |||
11405 | cat >>confdefs.h <<\_ACEOF | ||
11406 | #define HAVE_INT64_T 1 | ||
11407 | _ACEOF | ||
11408 | |||
11409 | echo "$as_me:$LINENO: result: yes" >&5 | ||
11410 | echo "${ECHO_T}yes" >&6 | ||
11411 | |||
11412 | else | ||
11413 | echo "$as_me: failed program was:" >&5 | ||
11414 | cat conftest.$ac_ext >&5 | ||
11415 | echo "$as_me:$LINENO: result: no" >&5 | ||
11416 | echo "${ECHO_T}no" >&6 | ||
11417 | |||
11418 | fi | ||
11419 | rm -f conftest.$ac_objext conftest.$ac_ext | ||
11420 | fi | ||
11421 | |||
11422 | if test -z "$have_int64_t" ; then | ||
11423 | echo "$as_me:$LINENO: checking for int64_t type in sys/bitypes.h" >&5 | ||
11424 | echo $ECHO_N "checking for int64_t type in sys/bitypes.h... $ECHO_C" >&6 | ||
11425 | cat >conftest.$ac_ext <<_ACEOF | ||
11426 | #line $LINENO "configure" | ||
11427 | #include "confdefs.h" | ||
11428 | #include <sys/bitypes.h> | ||
11429 | #ifdef F77_DUMMY_MAIN | ||
11430 | # ifdef __cplusplus | ||
11431 | extern "C" | ||
11432 | # endif | ||
11433 | int F77_DUMMY_MAIN() { return 1; } | ||
11434 | #endif | ||
11435 | int | ||
11436 | main () | ||
11437 | { | ||
11438 | int64_t a; a = 1 | ||
11439 | ; | ||
11440 | return 0; | ||
11441 | } | ||
11442 | _ACEOF | ||
11443 | rm -f conftest.$ac_objext | ||
11444 | if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 | ||
11445 | (eval $ac_compile) 2>&5 | ||
11446 | ac_status=$? | ||
11447 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
11448 | (exit $ac_status); } && | ||
11449 | { ac_try='test -s conftest.$ac_objext' | ||
11450 | { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 | ||
11451 | (eval $ac_try) 2>&5 | ||
11452 | ac_status=$? | ||
11453 | echo "$as_me:$LINENO: \$? = $ac_status" >&5 | ||
11454 | (exit $ac_status); }; }; then | ||
11455 | |||
11456 | cat >>confdefs.h <<\_ACEOF | ||
11457 | #define HAVE_INT64_T 1 | ||
11458 | _ACEOF | ||
11459 | |||
11460 | echo "$as_me:$LINENO: result: yes" >&5 | ||
11461 | echo "${ECHO_T}yes" >&6 | ||
11462 | |||
11463 | else | ||
11464 | echo "$as_me: failed program was:" >&5 | ||
11465 | cat conftest.$ac_ext >&5 | ||
11466 | echo "$as_me:$LINENO: result: no" >&5 | ||
11467 | echo "${ECHO_T}no" >&6 | ||
11468 | |||
11469 | fi | ||
11470 | rm -f conftest.$ac_objext conftest.$ac_ext | ||
11471 | fi | 11816 | fi |
11472 | 11817 | ||
11473 | echo "$as_me:$LINENO: checking for u_intXX_t types" >&5 | 11818 | echo "$as_me:$LINENO: checking for u_intXX_t types" >&5 |
@@ -15334,6 +15679,11 @@ if test "${with_xauth+set}" = set; then | |||
15334 | 15679 | ||
15335 | else | 15680 | else |
15336 | 15681 | ||
15682 | TestPath="$PATH" | ||
15683 | TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" | ||
15684 | TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" | ||
15685 | TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" | ||
15686 | TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" | ||
15337 | # Extract the first word of "xauth", so it can be a program name with args. | 15687 | # Extract the first word of "xauth", so it can be a program name with args. |
15338 | set dummy xauth; ac_word=$2 | 15688 | set dummy xauth; ac_word=$2 |
15339 | echo "$as_me:$LINENO: checking for $ac_word" >&5 | 15689 | echo "$as_me:$LINENO: checking for $ac_word" >&5 |
@@ -15347,7 +15697,7 @@ else | |||
15347 | ;; | 15697 | ;; |
15348 | *) | 15698 | *) |
15349 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | 15699 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR |
15350 | for as_dir in $PATH:/usr/X/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/openwin/bin | 15700 | for as_dir in $TestPath |
15351 | do | 15701 | do |
15352 | IFS=$as_save_IFS | 15702 | IFS=$as_save_IFS |
15353 | test -z "$as_dir" && as_dir=. | 15703 | test -z "$as_dir" && as_dir=. |
@@ -15482,6 +15832,7 @@ echo "$as_me: error: invalid man type: $withval" >&2;} | |||
15482 | 15832 | ||
15483 | fi; | 15833 | fi; |
15484 | if test -z "$MANTYPE"; then | 15834 | if test -z "$MANTYPE"; then |
15835 | TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" | ||
15485 | for ac_prog in nroff awf | 15836 | for ac_prog in nroff awf |
15486 | do | 15837 | do |
15487 | # Extract the first word of "$ac_prog", so it can be a program name with args. | 15838 | # Extract the first word of "$ac_prog", so it can be a program name with args. |
@@ -15497,8 +15848,7 @@ else | |||
15497 | ;; | 15848 | ;; |
15498 | *) | 15849 | *) |
15499 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR | 15850 | as_save_IFS=$IFS; IFS=$PATH_SEPARATOR |
15500 | as_dummy="/usr/bin:/usr/ucb" | 15851 | for as_dir in $TestPath |
15501 | for as_dir in $as_dummy | ||
15502 | do | 15852 | do |
15503 | IFS=$as_save_IFS | 15853 | IFS=$as_save_IFS |
15504 | test -z "$as_dir" && as_dir=. | 15854 | test -z "$as_dir" && as_dir=. |
@@ -16997,7 +17347,6 @@ s,@INSTALL_DATA@,$INSTALL_DATA,;t t | |||
16997 | s,@AR@,$AR,;t t | 17347 | s,@AR@,$AR,;t t |
16998 | s,@PERL@,$PERL,;t t | 17348 | s,@PERL@,$PERL,;t t |
16999 | s,@ENT@,$ENT,;t t | 17349 | s,@ENT@,$ENT,;t t |
17000 | s,@FILEPRIV@,$FILEPRIV,;t t | ||
17001 | s,@TEST_MINUS_S_SH@,$TEST_MINUS_S_SH,;t t | 17350 | s,@TEST_MINUS_S_SH@,$TEST_MINUS_S_SH,;t t |
17002 | s,@SH@,$SH,;t t | 17351 | s,@SH@,$SH,;t t |
17003 | s,@LOGIN_PROGRAM_FALLBACK@,$LOGIN_PROGRAM_FALLBACK,;t t | 17352 | s,@LOGIN_PROGRAM_FALLBACK@,$LOGIN_PROGRAM_FALLBACK,;t t |
diff --git a/configure.ac b/configure.ac index ad5d5cde9..5fe50e56b 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: configure.ac,v 1.72 2002/06/25 22:35:16 tim Exp $ | 1 | # $Id: configure.ac,v 1.89 2002/09/26 00:38:47 tim Exp $ |
2 | 2 | ||
3 | AC_INIT | 3 | AC_INIT |
4 | AC_CONFIG_SRCDIR([ssh.c]) | 4 | AC_CONFIG_SRCDIR([ssh.c]) |
@@ -17,7 +17,6 @@ AC_PATH_PROGS(PERL, perl5 perl) | |||
17 | AC_SUBST(PERL) | 17 | AC_SUBST(PERL) |
18 | AC_PATH_PROG(ENT, ent) | 18 | AC_PATH_PROG(ENT, ent) |
19 | AC_SUBST(ENT) | 19 | AC_SUBST(ENT) |
20 | AC_PATH_PROGS(FILEPRIV, filepriv, true, /sbin:/usr/sbin) | ||
21 | AC_PATH_PROG(TEST_MINUS_S_SH, bash) | 20 | AC_PATH_PROG(TEST_MINUS_S_SH, bash) |
22 | AC_PATH_PROG(TEST_MINUS_S_SH, ksh) | 21 | AC_PATH_PROG(TEST_MINUS_S_SH, ksh) |
23 | AC_PATH_PROG(TEST_MINUS_S_SH, sh) | 22 | AC_PATH_PROG(TEST_MINUS_S_SH, sh) |
@@ -71,7 +70,12 @@ case "$host" in | |||
71 | ) | 70 | ) |
72 | LDFLAGS="$saved_LDFLAGS" | 71 | LDFLAGS="$saved_LDFLAGS" |
73 | fi | 72 | fi |
74 | AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)]) | 73 | AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)], |
74 | [AC_CHECK_LIB(s,authenticate, | ||
75 | [ AC_DEFINE(WITH_AIXAUTHENTICATE) | ||
76 | LIBS="$LIBS -ls" | ||
77 | ]) | ||
78 | ]) | ||
75 | AC_DEFINE(BROKEN_GETADDRINFO) | 79 | AC_DEFINE(BROKEN_GETADDRINFO) |
76 | AC_DEFINE(BROKEN_REALPATH) | 80 | AC_DEFINE(BROKEN_REALPATH) |
77 | dnl AIX handles lastlog as part of its login message | 81 | dnl AIX handles lastlog as part of its login message |
@@ -86,14 +90,24 @@ case "$host" in | |||
86 | AC_DEFINE(IPV4_DEFAULT) | 90 | AC_DEFINE(IPV4_DEFAULT) |
87 | AC_DEFINE(IP_TOS_IS_BROKEN) | 91 | AC_DEFINE(IP_TOS_IS_BROKEN) |
88 | AC_DEFINE(NO_X11_UNIX_SOCKETS) | 92 | AC_DEFINE(NO_X11_UNIX_SOCKETS) |
89 | AC_DEFINE(BROKEN_FD_PASSING) | 93 | AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT) |
94 | AC_DEFINE(DISABLE_FD_PASSING) | ||
90 | AC_DEFINE(SETGROUPS_NOOP) | 95 | AC_DEFINE(SETGROUPS_NOOP) |
91 | ;; | 96 | ;; |
92 | *-*-dgux*) | 97 | *-*-dgux*) |
93 | AC_DEFINE(IP_TOS_IS_BROKEN) | 98 | AC_DEFINE(IP_TOS_IS_BROKEN) |
94 | ;; | 99 | ;; |
95 | *-*-darwin*) | 100 | *-*-darwin*) |
96 | AC_DEFINE(BROKEN_GETADDRINFO) | 101 | AC_MSG_CHECKING(if we have working getaddrinfo) |
102 | AC_TRY_RUN([#include <mach-o/dyld.h> | ||
103 | main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | ||
104 | exit(0); | ||
105 | else | ||
106 | exit(1); | ||
107 | }], [AC_MSG_RESULT(working)], | ||
108 | [AC_MSG_RESULT(buggy) | ||
109 | AC_DEFINE(BROKEN_GETADDRINFO)], | ||
110 | [AC_MSG_RESULT(assume it is working)]) | ||
97 | ;; | 111 | ;; |
98 | *-*-hpux10.26) | 112 | *-*-hpux10.26) |
99 | if test -z "$GCC"; then | 113 | if test -z "$GCC"; then |
@@ -108,7 +122,8 @@ case "$host" in | |||
108 | AC_DEFINE(DISABLE_SHADOW) | 122 | AC_DEFINE(DISABLE_SHADOW) |
109 | AC_DEFINE(DISABLE_UTMP) | 123 | AC_DEFINE(DISABLE_UTMP) |
110 | AC_DEFINE(SPT_TYPE,SPT_PSTAT) | 124 | AC_DEFINE(SPT_TYPE,SPT_PSTAT) |
111 | LIBS="$LIBS -lxnet -lsec -lsecpw" | 125 | LIBS="$LIBS -lsec -lsecpw" |
126 | AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) | ||
112 | disable_ptmx_check=yes | 127 | disable_ptmx_check=yes |
113 | ;; | 128 | ;; |
114 | *-*-hpux10*) | 129 | *-*-hpux10*) |
@@ -123,7 +138,8 @@ case "$host" in | |||
123 | AC_DEFINE(DISABLE_SHADOW) | 138 | AC_DEFINE(DISABLE_SHADOW) |
124 | AC_DEFINE(DISABLE_UTMP) | 139 | AC_DEFINE(DISABLE_UTMP) |
125 | AC_DEFINE(SPT_TYPE,SPT_PSTAT) | 140 | AC_DEFINE(SPT_TYPE,SPT_PSTAT) |
126 | LIBS="$LIBS -lxnet -lsec" | 141 | LIBS="$LIBS -lsec" |
142 | AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) | ||
127 | ;; | 143 | ;; |
128 | *-*-hpux11*) | 144 | *-*-hpux11*) |
129 | CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" | 145 | CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" |
@@ -135,7 +151,8 @@ case "$host" in | |||
135 | AC_DEFINE(DISABLE_SHADOW) | 151 | AC_DEFINE(DISABLE_SHADOW) |
136 | AC_DEFINE(DISABLE_UTMP) | 152 | AC_DEFINE(DISABLE_UTMP) |
137 | AC_DEFINE(SPT_TYPE,SPT_PSTAT) | 153 | AC_DEFINE(SPT_TYPE,SPT_PSTAT) |
138 | LIBS="$LIBS -lxnet -lsec" | 154 | LIBS="$LIBS -lsec" |
155 | AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) | ||
139 | ;; | 156 | ;; |
140 | *-*-irix5*) | 157 | *-*-irix5*) |
141 | CPPFLAGS="$CPPFLAGS -I/usr/local/include" | 158 | CPPFLAGS="$CPPFLAGS -I/usr/local/include" |
@@ -167,6 +184,7 @@ mips-sony-bsd|mips-sony-newsos4) | |||
167 | SONY=1 | 184 | SONY=1 |
168 | ;; | 185 | ;; |
169 | *-*-netbsd*) | 186 | *-*-netbsd*) |
187 | check_for_libcrypt_before=1 | ||
170 | need_dash_r=1 | 188 | need_dash_r=1 |
171 | ;; | 189 | ;; |
172 | *-*-freebsd*) | 190 | *-*-freebsd*) |
@@ -267,17 +285,28 @@ mips-sony-bsd|mips-sony-newsos4) | |||
267 | AC_DEFINE(USE_PIPES) | 285 | AC_DEFINE(USE_PIPES) |
268 | AC_DEFINE(HAVE_SECUREWARE) | 286 | AC_DEFINE(HAVE_SECUREWARE) |
269 | AC_DEFINE(DISABLE_SHADOW) | 287 | AC_DEFINE(DISABLE_SHADOW) |
270 | AC_DEFINE(BROKEN_FD_PASSING) | 288 | AC_DEFINE(DISABLE_FD_PASSING) |
271 | AC_CHECK_FUNCS(getluid setluid) | 289 | AC_CHECK_FUNCS(getluid setluid) |
272 | MANTYPE=man | 290 | MANTYPE=man |
273 | ;; | 291 | ;; |
292 | *-*-unicosmk*) | ||
293 | no_libsocket=1 | ||
294 | no_libnsl=1 | ||
295 | AC_DEFINE(USE_PIPES) | ||
296 | AC_DEFINE(DISABLE_FD_PASSING) | ||
297 | LDFLAGS="$LDFLAGS" | ||
298 | LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" | ||
299 | MANTYPE=cat | ||
300 | ;; | ||
274 | *-*-unicos*) | 301 | *-*-unicos*) |
275 | no_libsocket=1 | 302 | no_libsocket=1 |
276 | no_libnsl=1 | 303 | no_libnsl=1 |
277 | AC_DEFINE(USE_PIPES) | 304 | AC_DEFINE(USE_PIPES) |
278 | AC_DEFINE(BROKEN_FD_PASSING) | 305 | AC_DEFINE(DISABLE_FD_PASSING) |
279 | LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal,-L/usr/local/lib" | 306 | AC_DEFINE(NO_SSH_LASTLOG) |
280 | LIBS="$LIBS -lgen -lrsc" | 307 | LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" |
308 | LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" | ||
309 | MANTYPE=cat | ||
281 | ;; | 310 | ;; |
282 | *-dec-osf*) | 311 | *-dec-osf*) |
283 | AC_MSG_CHECKING(for Digital Unix SIA) | 312 | AC_MSG_CHECKING(for Digital Unix SIA) |
@@ -348,14 +377,14 @@ AC_ARG_WITH(libs, | |||
348 | 377 | ||
349 | # Checks for header files. | 378 | # Checks for header files. |
350 | AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \ | 379 | AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \ |
351 | getopt.h glob.h lastlog.h limits.h login.h \ | 380 | getopt.h glob.h ia.h lastlog.h limits.h login.h \ |
352 | login_cap.h maillock.h netdb.h netgroup.h \ | 381 | login_cap.h maillock.h netdb.h netgroup.h \ |
353 | netinet/in_systm.h paths.h pty.h readpassphrase.h \ | 382 | netinet/in_systm.h paths.h pty.h readpassphrase.h \ |
354 | rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ | 383 | rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ |
355 | strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ | 384 | strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ |
356 | sys/mman.h sys/select.h sys/stat.h \ | 385 | sys/mman.h sys/select.h sys/stat.h \ |
357 | sys/stropts.h sys/sysmacros.h sys/time.h \ | 386 | sys/stropts.h sys/sysmacros.h sys/time.h \ |
358 | sys/un.h time.h ttyent.h usersec.h \ | 387 | sys/un.h time.h tmpdir.h ttyent.h usersec.h \ |
359 | util.h utime.h utmp.h utmpx.h) | 388 | util.h utime.h utmp.h utmpx.h) |
360 | 389 | ||
361 | # Checks for libraries. | 390 | # Checks for libraries. |
@@ -419,7 +448,8 @@ AC_CHECK_FUNC(strcasecmp, | |||
419 | [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ] | 448 | [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ] |
420 | ) | 449 | ) |
421 | AC_CHECK_FUNC(utimes, | 450 | AC_CHECK_FUNC(utimes, |
422 | [], [ AC_CHECK_LIB(c89, utimes, LIBS="$LIBS -lc89") ] | 451 | [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES) |
452 | LIBS="$LIBS -lc89"]) ] | ||
423 | ) | 453 | ) |
424 | 454 | ||
425 | dnl Checks for libutil functions | 455 | dnl Checks for libutil functions |
@@ -468,7 +498,7 @@ AC_TRY_RUN( | |||
468 | [ | 498 | [ |
469 | #include <sys/types.h> | 499 | #include <sys/types.h> |
470 | #include <dirent.h> | 500 | #include <dirent.h> |
471 | int main(void){struct dirent d;return(sizeof(d.d_name)<=sizeof(char));} | 501 | int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));} |
472 | ], | 502 | ], |
473 | [AC_MSG_RESULT(yes)], | 503 | [AC_MSG_RESULT(yes)], |
474 | [ | 504 | [ |
@@ -499,7 +529,7 @@ AC_ARG_WITH(skey, | |||
499 | [ | 529 | [ |
500 | #include <stdio.h> | 530 | #include <stdio.h> |
501 | #include <skey.h> | 531 | #include <skey.h> |
502 | int main() { char *ff = skey_keyinfo(""); ff=""; return 0; } | 532 | int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); } |
503 | ], | 533 | ], |
504 | [AC_MSG_RESULT(yes)], | 534 | [AC_MSG_RESULT(yes)], |
505 | [ | 535 | [ |
@@ -567,7 +597,7 @@ AC_ARG_WITH(tcp-wrappers, | |||
567 | dnl Checks for library functions. | 597 | dnl Checks for library functions. |
568 | AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \ | 598 | AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \ |
569 | clock fchmod fchown freeaddrinfo futimes gai_strerror \ | 599 | clock fchmod fchown freeaddrinfo futimes gai_strerror \ |
570 | getaddrinfo getcwd getgrouplist getnameinfo getopt \ | 600 | getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\ |
571 | getrlimit getrusage getttyent glob inet_aton inet_ntoa \ | 601 | getrlimit getrusage getttyent glob inet_aton inet_ntoa \ |
572 | inet_ntop innetgr login_getcapbool md5_crypt memmove \ | 602 | inet_ntop innetgr login_getcapbool md5_crypt memmove \ |
573 | mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \ | 603 | mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \ |
@@ -577,30 +607,6 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \ | |||
577 | socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \ | 607 | socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \ |
578 | truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty) | 608 | truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty) |
579 | 609 | ||
580 | if test $ac_cv_func_mmap = yes ; then | ||
581 | AC_MSG_CHECKING([for mmap anon shared]) | ||
582 | AC_TRY_RUN( | ||
583 | [ | ||
584 | #include <stdio.h> | ||
585 | #include <sys/mman.h> | ||
586 | #if !defined(MAP_ANON) && defined(MAP_ANONYMOUS) | ||
587 | #define MAP_ANON MAP_ANONYMOUS | ||
588 | #endif | ||
589 | main() { char *p; | ||
590 | p = (char *) mmap(NULL, 10, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0); | ||
591 | if (p == (char *)-1) | ||
592 | exit(1); | ||
593 | exit(0); | ||
594 | } | ||
595 | ], | ||
596 | [ | ||
597 | AC_MSG_RESULT(yes) | ||
598 | AC_DEFINE(HAVE_MMAP_ANON_SHARED) | ||
599 | ], | ||
600 | [ AC_MSG_RESULT(no) ] | ||
601 | ) | ||
602 | fi | ||
603 | |||
604 | dnl IRIX and Solaris 2.5.1 have dirname() in libgen | 610 | dnl IRIX and Solaris 2.5.1 have dirname() in libgen |
605 | AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[ | 611 | AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[ |
606 | AC_CHECK_LIB(gen, dirname,[ | 612 | AC_CHECK_LIB(gen, dirname,[ |
@@ -663,7 +669,7 @@ if test "x$ac_cv_func_snprintf" = "xyes" ; then | |||
663 | AC_TRY_RUN( | 669 | AC_TRY_RUN( |
664 | [ | 670 | [ |
665 | #include <stdio.h> | 671 | #include <stdio.h> |
666 | int main(void){char b[5];snprintf(b,5,"123456789");return(b[4]!='\0');} | 672 | int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');} |
667 | ], | 673 | ], |
668 | [AC_MSG_RESULT(yes)], | 674 | [AC_MSG_RESULT(yes)], |
669 | [ | 675 | [ |
@@ -723,6 +729,12 @@ if test "x$PAM_MSG" = "xyes" ; then | |||
723 | ) | 729 | ) |
724 | fi | 730 | fi |
725 | 731 | ||
732 | # Some systems want crypt() from libcrypt, *not* the version in OpenSSL, | ||
733 | # because the system crypt() is more featureful. | ||
734 | if test "x$check_for_libcrypt_before" = "x1"; then | ||
735 | AC_CHECK_LIB(crypt, crypt) | ||
736 | fi | ||
737 | |||
726 | # Search for OpenSSL | 738 | # Search for OpenSSL |
727 | saved_CPPFLAGS="$CPPFLAGS" | 739 | saved_CPPFLAGS="$CPPFLAGS" |
728 | saved_LDFLAGS="$LDFLAGS" | 740 | saved_LDFLAGS="$LDFLAGS" |
@@ -769,6 +781,70 @@ AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL), | |||
769 | ] | 781 | ] |
770 | ) | 782 | ) |
771 | 783 | ||
784 | # Determine OpenSSL header version | ||
785 | AC_MSG_CHECKING([OpenSSL header version]) | ||
786 | AC_TRY_RUN( | ||
787 | [ | ||
788 | #include <stdio.h> | ||
789 | #include <string.h> | ||
790 | #include <openssl/opensslv.h> | ||
791 | #define DATA "conftest.sslincver" | ||
792 | int main(void) { | ||
793 | FILE *fd; | ||
794 | int rc; | ||
795 | |||
796 | fd = fopen(DATA,"w"); | ||
797 | if(fd == NULL) | ||
798 | exit(1); | ||
799 | |||
800 | if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) | ||
801 | exit(1); | ||
802 | |||
803 | exit(0); | ||
804 | } | ||
805 | ], | ||
806 | [ | ||
807 | ssl_header_ver=`cat conftest.sslincver` | ||
808 | AC_MSG_RESULT($ssl_header_ver) | ||
809 | ], | ||
810 | [ | ||
811 | AC_MSG_RESULT(not found) | ||
812 | AC_MSG_ERROR(OpenSSL version header not found.) | ||
813 | ] | ||
814 | ) | ||
815 | |||
816 | # Determine OpenSSL library version | ||
817 | AC_MSG_CHECKING([OpenSSL library version]) | ||
818 | AC_TRY_RUN( | ||
819 | [ | ||
820 | #include <stdio.h> | ||
821 | #include <string.h> | ||
822 | #include <openssl/opensslv.h> | ||
823 | #include <openssl/crypto.h> | ||
824 | #define DATA "conftest.ssllibver" | ||
825 | int main(void) { | ||
826 | FILE *fd; | ||
827 | int rc; | ||
828 | |||
829 | fd = fopen(DATA,"w"); | ||
830 | if(fd == NULL) | ||
831 | exit(1); | ||
832 | |||
833 | if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0) | ||
834 | exit(1); | ||
835 | |||
836 | exit(0); | ||
837 | } | ||
838 | ], | ||
839 | [ | ||
840 | ssl_library_ver=`cat conftest.ssllibver` | ||
841 | AC_MSG_RESULT($ssl_library_ver) | ||
842 | ], | ||
843 | [ | ||
844 | AC_MSG_RESULT(not found) | ||
845 | AC_MSG_ERROR(OpenSSL library not found.) | ||
846 | ] | ||
847 | ) | ||
772 | 848 | ||
773 | # Sanity check OpenSSL headers | 849 | # Sanity check OpenSSL headers |
774 | AC_MSG_CHECKING([whether OpenSSL's headers match the library]) | 850 | AC_MSG_CHECKING([whether OpenSSL's headers match the library]) |
@@ -776,7 +852,7 @@ AC_TRY_RUN( | |||
776 | [ | 852 | [ |
777 | #include <string.h> | 853 | #include <string.h> |
778 | #include <openssl/opensslv.h> | 854 | #include <openssl/opensslv.h> |
779 | int main(void) { return(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } | 855 | int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } |
780 | ], | 856 | ], |
781 | [ | 857 | [ |
782 | AC_MSG_RESULT(yes) | 858 | AC_MSG_RESULT(yes) |
@@ -802,7 +878,7 @@ AC_TRY_RUN( | |||
802 | [ | 878 | [ |
803 | #include <string.h> | 879 | #include <string.h> |
804 | #include <openssl/rand.h> | 880 | #include <openssl/rand.h> |
805 | int main(void) { return(RAND_status() == 1 ? 0 : 1); } | 881 | int main(void) { exit(RAND_status() == 1 ? 0 : 1); } |
806 | ], | 882 | ], |
807 | [ | 883 | [ |
808 | OPENSSL_SEEDS_ITSELF=yes | 884 | OPENSSL_SEEDS_ITSELF=yes |
@@ -1056,7 +1132,16 @@ fi | |||
1056 | 1132 | ||
1057 | AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ | 1133 | AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ |
1058 | AC_TRY_COMPILE( | 1134 | AC_TRY_COMPILE( |
1059 | [ #include <sys/types.h> ], | 1135 | [ |
1136 | #include <sys/types.h> | ||
1137 | #ifdef HAVE_STDINT_H | ||
1138 | # include <stdint.h> | ||
1139 | #endif | ||
1140 | #include <sys/socket.h> | ||
1141 | #ifdef HAVE_SYS_BITYPES_H | ||
1142 | # include <sys/bitypes.h> | ||
1143 | #endif | ||
1144 | ], | ||
1060 | [ int64_t a; a = 1;], | 1145 | [ int64_t a; a = 1;], |
1061 | [ ac_cv_have_int64_t="yes" ], | 1146 | [ ac_cv_have_int64_t="yes" ], |
1062 | [ ac_cv_have_int64_t="no" ] | 1147 | [ ac_cv_have_int64_t="no" ] |
@@ -1064,33 +1149,6 @@ AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ | |||
1064 | ]) | 1149 | ]) |
1065 | if test "x$ac_cv_have_int64_t" = "xyes" ; then | 1150 | if test "x$ac_cv_have_int64_t" = "xyes" ; then |
1066 | AC_DEFINE(HAVE_INT64_T) | 1151 | AC_DEFINE(HAVE_INT64_T) |
1067 | have_int64_t=1 | ||
1068 | fi | ||
1069 | |||
1070 | if test -z "$have_int64_t" ; then | ||
1071 | AC_MSG_CHECKING([for int64_t type in sys/socket.h]) | ||
1072 | AC_TRY_COMPILE( | ||
1073 | [ #include <sys/socket.h> ], | ||
1074 | [ int64_t a; a = 1], | ||
1075 | [ | ||
1076 | AC_DEFINE(HAVE_INT64_T) | ||
1077 | AC_MSG_RESULT(yes) | ||
1078 | ], | ||
1079 | [ AC_MSG_RESULT(no) ] | ||
1080 | ) | ||
1081 | fi | ||
1082 | |||
1083 | if test -z "$have_int64_t" ; then | ||
1084 | AC_MSG_CHECKING([for int64_t type in sys/bitypes.h]) | ||
1085 | AC_TRY_COMPILE( | ||
1086 | [ #include <sys/bitypes.h> ], | ||
1087 | [ int64_t a; a = 1], | ||
1088 | [ | ||
1089 | AC_DEFINE(HAVE_INT64_T) | ||
1090 | AC_MSG_RESULT(yes) | ||
1091 | ], | ||
1092 | [ AC_MSG_RESULT(no) ] | ||
1093 | ) | ||
1094 | fi | 1152 | fi |
1095 | 1153 | ||
1096 | AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ | 1154 | AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ |
@@ -1819,7 +1877,7 @@ LIBS="$LIBS $KLIBS $K5LIBS" | |||
1819 | 1877 | ||
1820 | PRIVSEP_PATH=/var/empty | 1878 | PRIVSEP_PATH=/var/empty |
1821 | AC_ARG_WITH(privsep-path, | 1879 | AC_ARG_WITH(privsep-path, |
1822 | [ --with-privsep-path=xxx Path for privilege separation chroot ], | 1880 | [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], |
1823 | [ | 1881 | [ |
1824 | if test "x$withval" != "$no" ; then | 1882 | if test "x$withval" != "$no" ; then |
1825 | PRIVSEP_PATH=$withval | 1883 | PRIVSEP_PATH=$withval |
@@ -1836,7 +1894,12 @@ AC_ARG_WITH(xauth, | |||
1836 | fi | 1894 | fi |
1837 | ], | 1895 | ], |
1838 | [ | 1896 | [ |
1839 | AC_PATH_PROG(xauth_path, xauth,,$PATH:/usr/X/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/openwin/bin) | 1897 | TestPath="$PATH" |
1898 | TestPath="${TestPath}${PATH_SEPARATOR}/usr/X/bin" | ||
1899 | TestPath="${TestPath}${PATH_SEPARATOR}/usr/bin/X11" | ||
1900 | TestPath="${TestPath}${PATH_SEPARATOR}/usr/X11R6/bin" | ||
1901 | TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" | ||
1902 | AC_PATH_PROG(xauth_path, xauth, , $TestPath) | ||
1840 | if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then | 1903 | if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then |
1841 | xauth_path="/usr/openwin/bin/xauth" | 1904 | xauth_path="/usr/openwin/bin/xauth" |
1842 | fi | 1905 | fi |
@@ -1890,7 +1953,8 @@ AC_ARG_WITH(mantype, | |||
1890 | ] | 1953 | ] |
1891 | ) | 1954 | ) |
1892 | if test -z "$MANTYPE"; then | 1955 | if test -z "$MANTYPE"; then |
1893 | AC_PATH_PROGS(NROFF, nroff awf, /bin/false, /usr/bin:/usr/ucb) | 1956 | TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb" |
1957 | AC_PATH_PROGS(NROFF, nroff awf, /bin/false, $TestPath) | ||
1894 | if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then | 1958 | if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then |
1895 | MANTYPE=doc | 1959 | MANTYPE=doc |
1896 | elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then | 1960 | elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then |
diff --git a/contrib/Makefile b/contrib/Makefile new file mode 100644 index 000000000..2cef46f6c --- /dev/null +++ b/contrib/Makefile | |||
@@ -0,0 +1,15 @@ | |||
1 | all: | ||
2 | @echo "Valid targets: gnome-ssh-askpass1 gnome-ssh-askpass2" | ||
3 | |||
4 | gnome-ssh-askpass1: gnome-ssh-askpass1.c | ||
5 | $(CC) `gnome-config --cflags gnome gnomeui` \ | ||
6 | gnome-ssh-askpass1.c -o gnome-ssh-askpass1 \ | ||
7 | `gnome-config --libs gnome gnomeui` | ||
8 | |||
9 | gnome-ssh-askpass2: gnome-ssh-askpass2.c | ||
10 | $(CC) `pkg-config --cflags gtk+-2.0` \ | ||
11 | gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \ | ||
12 | `pkg-config --libs gtk+-2.0` | ||
13 | |||
14 | clean: | ||
15 | rm -f *.o gnome-ssh-askpass1 gnome-ssh-askpass2 gnome-ssh-askpass | ||
diff --git a/contrib/README b/contrib/README index 648bb2f3a..67dbbd277 100644 --- a/contrib/README +++ b/contrib/README | |||
@@ -1,30 +1,39 @@ | |||
1 | Other patches and addons for OpenSSH. Please send submissions to | 1 | Other patches and addons for OpenSSH. Please send submissions to |
2 | djm@ibs.com.au | 2 | djm@mindrot.org |
3 | 3 | ||
4 | Elsewhere | 4 | Externally maintained |
5 | --------- | 5 | --------------------- |
6 | 6 | ||
7 | http://www.imasy.or.jp/~gotoh/connect.c is a Unix and Windows | 7 | SSH Proxy Command -- connect.c |
8 | ProxyCommand which allows OpenSSH to make connections through a SOCKS5 | ||
9 | or http proxy which supports the CONNECT method (eg. Squid). | ||
10 | 8 | ||
11 | In this directory | 9 | Shun-ichi GOTO <gotoh@imasy.or.jp> has written a very useful ProxyCommand |
12 | ----------------- | 10 | which allows the use of outbound SSH from behind a SOCKS4, SOCKS5 or |
11 | https CONNECT style proxy server. His page for connect.c has extensive | ||
12 | documentation on its use as well as compiled versions for Win32. | ||
13 | 13 | ||
14 | chroot.diff: | 14 | http://www.taiyo.co.jp/~gotoh/ssh/connect.html |
15 | 15 | ||
16 | Due to the fact the patch is never in sync with the rest of the tree. It was | 16 | |
17 | removed. | 17 | X11 SSH Askpass: |
18 | |||
19 | Jim Knoble <jmknoble@pobox.com> has written an excellent X11 | ||
20 | passphrase requester. This is highly recommended: | ||
21 | |||
22 | http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/index.html | ||
23 | |||
24 | |||
25 | In this directory | ||
26 | ----------------- | ||
18 | 27 | ||
19 | ssh-copy-id: | 28 | ssh-copy-id: |
20 | 29 | ||
21 | Phil Hands' <phil@hands.com> shell script to automate the process of adding | 30 | Phil Hands' <phil@hands.com> shell script to automate the process of adding |
22 | your public key to a remote machine's ~/.ssh/authorized_keys file. | 31 | your public key to a remote machine's ~/.ssh/authorized_keys file. |
23 | 32 | ||
24 | gnome-ssh-askpass: | 33 | gnome-ssh-askpass[12]: |
25 | 34 | ||
26 | A GNOME passphrase requester of my own creation. Compilation instructions | 35 | A GNOME and Gtk2 passphrase requesters. Use "make gnome-ssh-askpass1" or |
27 | are in the top of the file. | 36 | "make gnome-ssh-askpass2" to build. |
28 | 37 | ||
29 | sshd.pam.generic: | 38 | sshd.pam.generic: |
30 | 39 | ||
@@ -43,19 +52,9 @@ Contributed by Mark D. Roth <roth@feep.net> | |||
43 | 52 | ||
44 | redhat: | 53 | redhat: |
45 | 54 | ||
46 | RPM spec file an scripts for building Redhat packages | 55 | RPM spec file and scripts for building Redhat packages |
47 | 56 | ||
48 | suse: | 57 | suse: |
49 | 58 | ||
50 | RPM spec file an scripts for building SuSE packages | 59 | RPM spec file and scripts for building SuSE packages |
51 | |||
52 | |||
53 | Externally maintained | ||
54 | --------------------- | ||
55 | |||
56 | X11 SSH Askpass: | ||
57 | |||
58 | Jim Knoble <jmknoble@pobox.com> has written an excellent X11 | ||
59 | passphrase requester. This is highly recommended: | ||
60 | 60 | ||
61 | http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/index.html | ||
diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh index d531e53f4..5c09c6b75 100755 --- a/contrib/aix/buildbff.sh +++ b/contrib/aix/buildbff.sh | |||
@@ -18,6 +18,16 @@ X11_FORWARDING=no | |||
18 | 18 | ||
19 | umask 022 | 19 | umask 022 |
20 | 20 | ||
21 | startdir=`pwd` | ||
22 | |||
23 | # Path to inventory.sh: same place as buildbff.sh | ||
24 | if echo $0 | egrep '^/' | ||
25 | then | ||
26 | inventory=`dirname $0`/inventory.sh # absolute path | ||
27 | else | ||
28 | inventory=`pwd`/`dirname $0`/inventory.sh # relative path | ||
29 | fi | ||
30 | |||
21 | # | 31 | # |
22 | # We still support running from contrib/aix, but this is depreciated | 32 | # We still support running from contrib/aix, but this is depreciated |
23 | # | 33 | # |
@@ -45,14 +55,6 @@ objdir=`pwd` | |||
45 | PKGNAME=openssh | 55 | PKGNAME=openssh |
46 | PKGDIR=package | 56 | PKGDIR=package |
47 | 57 | ||
48 | # Path to inventory.sh: same place as buildbff.sh | ||
49 | if echo $0 | egrep '^/' | ||
50 | then | ||
51 | inventory=`dirname $0`/inventory.sh # absolute path | ||
52 | else | ||
53 | inventory=`pwd`/`dirname $0`/inventory.sh # relative path | ||
54 | fi | ||
55 | |||
56 | # | 58 | # |
57 | # Collect local configuration settings to override defaults | 59 | # Collect local configuration settings to override defaults |
58 | # | 60 | # |
@@ -328,15 +330,10 @@ rm -f $PKGNAME-$VERSION.bff | |||
328 | ) | backup -i -q -f ../$PKGNAME-$VERSION.bff $filelist | 330 | ) | backup -i -q -f ../$PKGNAME-$VERSION.bff $filelist |
329 | 331 | ||
330 | # | 332 | # |
331 | # Move package into final location | 333 | # Move package into final location and clean up |
332 | # | 334 | # |
333 | if [ "$contribaix" = "1" ] | 335 | mv ../$PKGNAME-$VERSION.bff $startdir |
334 | then | 336 | cd $startdir |
335 | mv ../$PKGNAME-$VERSION.bff $objdir/contrib/aix | ||
336 | else | ||
337 | mv ../$PKGNAME-$VERSION.bff $objdir | ||
338 | fi | ||
339 | |||
340 | rm -rf $objdir/$PKGDIR | 337 | rm -rf $objdir/$PKGDIR |
341 | 338 | ||
342 | echo $0: done. | 339 | echo $0: done. |
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index e7473947e..b7de22e8b 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec | |||
@@ -17,7 +17,7 @@ | |||
17 | #old cvs stuff. please update before use. may be deprecated. | 17 | #old cvs stuff. please update before use. may be deprecated. |
18 | %define use_stable 1 | 18 | %define use_stable 1 |
19 | %if %{use_stable} | 19 | %if %{use_stable} |
20 | %define version 3.4p1 | 20 | %define version 3.5p1 |
21 | %define cvs %{nil} | 21 | %define cvs %{nil} |
22 | %define release 2 | 22 | %define release 2 |
23 | %else | 23 | %else |
@@ -181,8 +181,6 @@ CFLAGS="$RPM_OPT_FLAGS" \ | |||
181 | --with-pam \ | 181 | --with-pam \ |
182 | --with-tcp-wrappers \ | 182 | --with-tcp-wrappers \ |
183 | --with-ipv4-default \ | 183 | --with-ipv4-default \ |
184 | --sysconfdir=%{_sysconfdir}/ssh \ | ||
185 | --libexecdir=%{_libexecdir}/openssh \ | ||
186 | --with-privsep-path=%{_var}/empty/sshd \ | 184 | --with-privsep-path=%{_var}/empty/sshd \ |
187 | #leave this line for easy edits. | 185 | #leave this line for easy edits. |
188 | 186 | ||
@@ -355,4 +353,4 @@ fi | |||
355 | * Mon Jan 01 1998 ... | 353 | * Mon Jan 01 1998 ... |
356 | Template Version: 1.31 | 354 | Template Version: 1.31 |
357 | 355 | ||
358 | $Id: openssh.spec,v 1.36 2002/06/26 13:57:13 djm Exp $ | 356 | $Id: openssh.spec,v 1.38 2002/10/03 01:56:59 djm Exp $ |
diff --git a/contrib/cygwin/README b/contrib/cygwin/README index 9021ba2b0..71ea3455f 100644 --- a/contrib/cygwin/README +++ b/contrib/cygwin/README | |||
@@ -1,6 +1,30 @@ | |||
1 | This package is the actual port of OpenSSH to Cygwin 1.3. | 1 | This package is the actual port of OpenSSH to Cygwin 1.3. |
2 | 2 | ||
3 | =========================================================================== | 3 | =========================================================================== |
4 | Important change since 3.4p1-2: | ||
5 | |||
6 | This version adds privilege separation as default setting, see | ||
7 | /usr/doc/openssh/README.privsep. According to that document the | ||
8 | privsep feature requires a non-privileged account called 'sshd'. | ||
9 | |||
10 | The new ssh-host-config file which is part of this version asks | ||
11 | to create 'sshd' as local user if you want to use privilege | ||
12 | separation. If you confirm, it creates that NT user and adds | ||
13 | the necessary entry to /etc/passwd. | ||
14 | |||
15 | On 9x/Me systems the script just sets UsePrivilegeSeparation to "no" | ||
16 | since that feature doesn't make any sense on a system which doesn't | ||
17 | differ between privileged and unprivileged users. | ||
18 | |||
19 | The new ssh-host-config script also adds the /var/empty directory | ||
20 | needed by privilege separation. When creating the /var/empty directory | ||
21 | by yourself, please note that in contrast to the README.privsep document | ||
22 | the owner sshould not be "root" but the user which is running sshd. So, | ||
23 | in the standard configuration this is SYSTEM. The ssh-host-config script | ||
24 | chowns /var/empty accordingly. | ||
25 | =========================================================================== | ||
26 | |||
27 | =========================================================================== | ||
4 | Important change since 3.0.1p1-2: | 28 | Important change since 3.0.1p1-2: |
5 | 29 | ||
6 | This version introduces the ability to register sshd as service on | 30 | This version introduces the ability to register sshd as service on |
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index da6011267..4df5aa969 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config | |||
@@ -18,6 +18,11 @@ progname=$0 | |||
18 | auto_answer="" | 18 | auto_answer="" |
19 | port_number=22 | 19 | port_number=22 |
20 | 20 | ||
21 | privsep_configured=no | ||
22 | privsep_used=yes | ||
23 | sshd_in_passwd=no | ||
24 | sshd_in_sam=no | ||
25 | |||
21 | request() | 26 | request() |
22 | { | 27 | { |
23 | if [ "${auto_answer}" = "yes" ] | 28 | if [ "${auto_answer}" = "yes" ] |
@@ -90,6 +95,10 @@ do | |||
90 | esac | 95 | esac |
91 | done | 96 | done |
92 | 97 | ||
98 | # Check if running on NT | ||
99 | _sys="`uname -a`" | ||
100 | _nt=`expr "$_sys" : "CYGWIN_NT"` | ||
101 | |||
93 | # Check for running ssh/sshd processes first. Refuse to do anything while | 102 | # Check for running ssh/sshd processes first. Refuse to do anything while |
94 | # some ssh processes are still running | 103 | # some ssh processes are still running |
95 | 104 | ||
@@ -98,7 +107,7 @@ then | |||
98 | echo | 107 | echo |
99 | echo "There are still ssh processes running. Please shut them down first." | 108 | echo "There are still ssh processes running. Please shut them down first." |
100 | echo | 109 | echo |
101 | #exit 1 | 110 | exit 1 |
102 | fi | 111 | fi |
103 | 112 | ||
104 | # Check for ${SYSCONFDIR} directory | 113 | # Check for ${SYSCONFDIR} directory |
@@ -126,6 +135,39 @@ then | |||
126 | fi | 135 | fi |
127 | fi | 136 | fi |
128 | 137 | ||
138 | # Create /var/log and /var/log/lastlog if not already existing | ||
139 | |||
140 | if [ -f /var/log ] | ||
141 | then | ||
142 | echo "Creating /var/log failed\!" | ||
143 | else | ||
144 | if [ ! -d /var/log ] | ||
145 | then | ||
146 | mkdir -p /var/log | ||
147 | fi | ||
148 | if [ -d /var/log/lastlog ] | ||
149 | then | ||
150 | echo "Creating /var/log/lastlog failed\!" | ||
151 | elif [ ! -f /var/log/lastlog ] | ||
152 | then | ||
153 | cat /dev/null > /var/log/lastlog | ||
154 | fi | ||
155 | fi | ||
156 | |||
157 | # Create /var/empty file used as chroot jail for privilege separation | ||
158 | if [ -f /var/empty ] | ||
159 | then | ||
160 | echo "Creating /var/empty failed\!" | ||
161 | else | ||
162 | mkdir -p /var/empty | ||
163 | # On NT change ownership of that dir to user "system" | ||
164 | if [ $_nt -gt 0 ] | ||
165 | then | ||
166 | chmod 755 /var/empty | ||
167 | chown system.system /var/empty | ||
168 | fi | ||
169 | fi | ||
170 | |||
129 | # Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't | 171 | # Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't |
130 | # the same as ${PREFIX} | 172 | # the same as ${PREFIX} |
131 | 173 | ||
@@ -219,9 +261,10 @@ if [ ! -f "${SYSCONFDIR}/ssh_config" ] | |||
219 | then | 261 | then |
220 | echo "Generating ${SYSCONFDIR}/ssh_config file" | 262 | echo "Generating ${SYSCONFDIR}/ssh_config file" |
221 | cat > ${SYSCONFDIR}/ssh_config << EOF | 263 | cat > ${SYSCONFDIR}/ssh_config << EOF |
222 | # This is ssh client systemwide configuration file. This file provides | 264 | # This is the ssh client system-wide configuration file. See |
223 | # defaults for users, and the values can be changed in per-user configuration | 265 | # ssh_config(5) for more information. This file provides defaults for |
224 | # files or on the command line. | 266 | # users, and the values can be changed in per-user configuration files |
267 | # or on the command line. | ||
225 | 268 | ||
226 | # Configuration data is parsed as follows: | 269 | # Configuration data is parsed as follows: |
227 | # 1. command line options | 270 | # 1. command line options |
@@ -237,20 +280,19 @@ then | |||
237 | # ForwardAgent no | 280 | # ForwardAgent no |
238 | # ForwardX11 no | 281 | # ForwardX11 no |
239 | # RhostsAuthentication no | 282 | # RhostsAuthentication no |
240 | # RhostsRSAAuthentication yes | 283 | # RhostsRSAAuthentication no |
241 | # RSAAuthentication yes | 284 | # RSAAuthentication yes |
242 | # PasswordAuthentication yes | 285 | # PasswordAuthentication yes |
243 | # FallBackToRsh no | ||
244 | # UseRsh no | ||
245 | # BatchMode no | 286 | # BatchMode no |
246 | # CheckHostIP yes | 287 | # CheckHostIP yes |
247 | # StrictHostKeyChecking yes | 288 | # StrictHostKeyChecking ask |
248 | # IdentityFile ~/.ssh/identity | 289 | # IdentityFile ~/.ssh/identity |
249 | # IdentityFile ~/.ssh/id_dsa | 290 | # IdentityFile ~/.ssh/id_dsa |
250 | # IdentityFile ~/.ssh/id_rsa | 291 | # IdentityFile ~/.ssh/id_rsa |
251 | # Port 22 | 292 | # Port 22 |
252 | # Protocol 2,1 | 293 | # Protocol 2,1 |
253 | # Cipher blowfish | 294 | # Cipher 3des |
295 | # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc | ||
254 | # EscapeChar ~ | 296 | # EscapeChar ~ |
255 | EOF | 297 | EOF |
256 | if [ "$port_number" != "22" ] | 298 | if [ "$port_number" != "22" ] |
@@ -271,17 +313,75 @@ then | |||
271 | then | 313 | then |
272 | echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected." | 314 | echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected." |
273 | fi | 315 | fi |
316 | else | ||
317 | grep -q UsePrivilegeSeparation ${SYSCONFDIR}/sshd_config && privsep_configured=yes | ||
274 | fi | 318 | fi |
275 | fi | 319 | fi |
276 | 320 | ||
277 | # Create default sshd_config from here script | 321 | # Prior to creating or modifying sshd_config, care for privilege separation |
322 | |||
323 | if [ "$privsep_configured" != "yes" ] | ||
324 | then | ||
325 | if [ $_nt -gt 0 ] | ||
326 | then | ||
327 | echo "Privilege separation is set to yes by default since OpenSSH 3.3." | ||
328 | echo "However, this requires a non-privileged account called 'sshd'." | ||
329 | echo "For more info on privilege separation read /usr/doc/openssh/README.privsep." | ||
330 | echo | ||
331 | if request "Shall privilege separation be used?" | ||
332 | then | ||
333 | privsep_used=yes | ||
334 | grep -q '^sshd:' ${SYSCONFDIR}/passwd && sshd_in_passwd=yes | ||
335 | net user sshd >/dev/null 2>&1 && sshd_in_sam=yes | ||
336 | if [ "$sshd_in_passwd" != "yes" ] | ||
337 | then | ||
338 | if [ "$sshd_in_sam" != "yes" ] | ||
339 | then | ||
340 | echo "Warning: The following function requires administrator privileges!" | ||
341 | if request "Shall this script create a local user 'sshd' on this machine?" | ||
342 | then | ||
343 | dos_var_empty=`cygpath -w /var/empty` | ||
344 | net user sshd /add /fullname:"sshd privsep" "/homedir:$dos_var_empty" /active:no > /dev/null 2>&1 && sshd_in_sam=yes | ||
345 | if [ "$sshd_in_sam" != "yes" ] | ||
346 | then | ||
347 | echo "Warning: Creating the user 'sshd' failed!" | ||
348 | fi | ||
349 | fi | ||
350 | fi | ||
351 | if [ "$sshd_in_sam" != "yes" ] | ||
352 | then | ||
353 | echo "Warning: Can't create user 'sshd' in ${SYSCONFDIR}/passwd!" | ||
354 | echo " Privilege separation set to 'no' again!" | ||
355 | echo " Check your ${SYSCONFDIR}/sshd_config file!" | ||
356 | privsep_used=no | ||
357 | else | ||
358 | mkpasswd -l -u sshd | sed -e 's/bash$/false/' >> ${SYSCONFDIR}/passwd | ||
359 | fi | ||
360 | fi | ||
361 | else | ||
362 | privsep_used=no | ||
363 | fi | ||
364 | else | ||
365 | # On 9x don't use privilege separation. Since security isn't | ||
366 | # available it just adds useless addtional processes. | ||
367 | privsep_used=no | ||
368 | fi | ||
369 | fi | ||
370 | |||
371 | # Create default sshd_config from here script or modify to add the | ||
372 | # missing privsep configuration option | ||
278 | 373 | ||
279 | if [ ! -f "${SYSCONFDIR}/sshd_config" ] | 374 | if [ ! -f "${SYSCONFDIR}/sshd_config" ] |
280 | then | 375 | then |
281 | echo "Generating ${SYSCONFDIR}/sshd_config file" | 376 | echo "Generating ${SYSCONFDIR}/sshd_config file" |
282 | cat > ${SYSCONFDIR}/sshd_config << EOF | 377 | cat > ${SYSCONFDIR}/sshd_config << EOF |
283 | # This is the sshd server system-wide configuration file. See sshd(8) | 378 | # This is the sshd server system-wide configuration file. See |
284 | # for more information. | 379 | # sshd_config(5) for more information. |
380 | |||
381 | # The strategy used for options in the default sshd_config shipped with | ||
382 | # OpenSSH is to specify options with their default value where | ||
383 | # possible, but leave them commented. Uncommented options change a | ||
384 | # default value. | ||
285 | 385 | ||
286 | Port $port_number | 386 | Port $port_number |
287 | #Protocol 2,1 | 387 | #Protocol 2,1 |
@@ -289,66 +389,77 @@ Port $port_number | |||
289 | #ListenAddress :: | 389 | #ListenAddress :: |
290 | 390 | ||
291 | # HostKey for protocol version 1 | 391 | # HostKey for protocol version 1 |
292 | HostKey /etc/ssh_host_key | 392 | #HostKey ${SYSCONFDIR}/ssh_host_key |
293 | # HostKeys for protocol version 2 | 393 | # HostKeys for protocol version 2 |
294 | HostKey /etc/ssh_host_rsa_key | 394 | #HostKey ${SYSCONFDIR}/ssh_host_rsa_key |
295 | HostKey /etc/ssh_host_dsa_key | 395 | #HostKey ${SYSCONFDIR}/ssh_host_dsa_key |
296 | 396 | ||
297 | # Lifetime and size of ephemeral version 1 server ke | 397 | # Lifetime and size of ephemeral version 1 server ke |
298 | KeyRegenerationInterval 3600 | 398 | #KeyRegenerationInterval 3600 |
299 | ServerKeyBits 768 | 399 | #ServerKeyBits 768 |
300 | 400 | ||
301 | # Logging | 401 | # Logging |
302 | SyslogFacility AUTH | ||
303 | LogLevel INFO | ||
304 | #obsoletes QuietMode and FascistLogging | 402 | #obsoletes QuietMode and FascistLogging |
403 | #SyslogFacility AUTH | ||
404 | #LogLevel INFO | ||
305 | 405 | ||
306 | # Authentication: | 406 | # Authentication: |
307 | 407 | ||
308 | LoginGraceTime 600 | 408 | #LoginGraceTime 600 |
309 | PermitRootLogin yes | 409 | #PermitRootLogin yes |
310 | # The following setting overrides permission checks on host key files | 410 | # The following setting overrides permission checks on host key files |
311 | # and directories. For security reasons set this to "yes" when running | 411 | # and directories. For security reasons set this to "yes" when running |
312 | # NT/W2K, NTFS and CYGWIN=ntsec. | 412 | # NT/W2K, NTFS and CYGWIN=ntsec. |
313 | StrictModes no | 413 | StrictModes no |
314 | 414 | ||
315 | RSAAuthentication yes | 415 | #RSAAuthentication yes |
316 | PubkeyAuthentication yes | 416 | #PubkeyAuthentication yes |
317 | #AuthorizedKeysFile %h/.ssh/authorized_keys | 417 | #AuthorizedKeysFile %h/.ssh/authorized_keys |
318 | 418 | ||
319 | # rhosts authentication should not be used | 419 | # rhosts authentication should not be used |
320 | RhostsAuthentication no | 420 | #RhostsAuthentication no |
321 | # Don't read ~/.rhosts and ~/.shosts files | 421 | # Don't read ~/.rhosts and ~/.shosts files |
322 | IgnoreRhosts yes | 422 | #IgnoreRhosts yes |
323 | # For this to work you will also need host keys in /etc/ssh_known_hosts | 423 | # For this to work you will also need host keys in ${SYSCONFDIR}/ssh_known_hosts |
324 | RhostsRSAAuthentication no | 424 | #RhostsRSAAuthentication no |
325 | # similar for protocol version 2 | 425 | # similar for protocol version 2 |
326 | HostbasedAuthentication no | 426 | #HostbasedAuthentication no |
327 | # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication | 427 | # Change to yes if you don't trust ~/.ssh/known_hosts for |
328 | #IgnoreUserKnownHosts yes | 428 | # RhostsRSAAuthentication and HostbasedAuthentication |
429 | #IgnoreUserKnownHosts no | ||
329 | 430 | ||
330 | # To disable tunneled clear text passwords, change to no here! | 431 | # To disable tunneled clear text passwords, change to no here! |
331 | PasswordAuthentication yes | 432 | #PasswordAuthentication yes |
332 | PermitEmptyPasswords no | 433 | #PermitEmptyPasswords no |
333 | 434 | ||
334 | X11Forwarding no | 435 | # Change to no to disable s/key passwords |
335 | X11DisplayOffset 10 | 436 | #ChallengeResponseAuthentication yes |
336 | PrintMotd yes | 437 | |
337 | #PrintLastLog no | 438 | #X11Forwarding no |
338 | KeepAlive yes | 439 | #X11DisplayOffset 10 |
440 | #X11UseLocalhost yes | ||
441 | #PrintMotd yes | ||
442 | #PrintLastLog yes | ||
443 | #KeepAlive yes | ||
339 | #UseLogin no | 444 | #UseLogin no |
445 | UsePrivilegeSeparation $privsep_used | ||
446 | #Compression yes | ||
340 | 447 | ||
341 | #MaxStartups 10:30:60 | 448 | #MaxStartups 10 |
342 | #Banner /etc/issue.net | 449 | # no default banner path |
343 | #ReverseMappingCheck yes | 450 | #Banner /some/path |
451 | #VerifyReverseMapping no | ||
344 | 452 | ||
453 | # override default of no subsystems | ||
345 | Subsystem sftp /usr/sbin/sftp-server | 454 | Subsystem sftp /usr/sbin/sftp-server |
346 | EOF | 455 | EOF |
456 | elif [ "$privsep_configured" != "yes" ] | ||
457 | then | ||
458 | echo >> ${SYSCONFDIR}/sshd_config | ||
459 | echo "UsePrivilegeSeparation $privsep_used" >> ${SYSCONFDIR}/sshd_config | ||
347 | fi | 460 | fi |
348 | 461 | ||
349 | # Care for services file | 462 | # Care for services file |
350 | _sys="`uname -a`" | ||
351 | _nt=`expr "$_sys" : "CYGWIN_NT"` | ||
352 | if [ $_nt -gt 0 ] | 463 | if [ $_nt -gt 0 ] |
353 | then | 464 | then |
354 | _wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services" | 465 | _wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services" |
@@ -403,8 +514,8 @@ umount "${_services}" | |||
403 | umount "${_serv_tmp}" | 514 | umount "${_serv_tmp}" |
404 | 515 | ||
405 | # Care for inetd.conf file | 516 | # Care for inetd.conf file |
406 | _inetcnf="/etc/inetd.conf" | 517 | _inetcnf="${SYSCONFDIR}/inetd.conf" |
407 | _inetcnf_tmp="/etc/inetd.conf.$$" | 518 | _inetcnf_tmp="${SYSCONFDIR}/inetd.conf.$$" |
408 | 519 | ||
409 | if [ -f "${_inetcnf}" ] | 520 | if [ -f "${_inetcnf}" ] |
410 | then | 521 | then |
@@ -442,25 +553,6 @@ then | |||
442 | fi | 553 | fi |
443 | fi | 554 | fi |
444 | 555 | ||
445 | # Create /var/log and /var/log/lastlog if not already existing | ||
446 | |||
447 | if [ -f /var/log ] | ||
448 | then | ||
449 | echo "Creating /var/log failed\!" | ||
450 | else | ||
451 | if [ ! -d /var/log ] | ||
452 | then | ||
453 | mkdir /var/log | ||
454 | fi | ||
455 | if [ -d /var/log/lastlog ] | ||
456 | then | ||
457 | echo "Creating /var/log/lastlog failed\!" | ||
458 | elif [ ! -f /var/log/lastlog ] | ||
459 | then | ||
460 | cat /dev/null > /var/log/lastlog | ||
461 | fi | ||
462 | fi | ||
463 | |||
464 | # On NT ask if sshd should be installed as service | 556 | # On NT ask if sshd should be installed as service |
465 | if [ $_nt -gt 0 ] | 557 | if [ $_nt -gt 0 ] |
466 | then | 558 | then |
@@ -477,7 +569,7 @@ then | |||
477 | [ -z "${_cygwin}" ] && _cygwin="binmode ntsec tty" | 569 | [ -z "${_cygwin}" ] && _cygwin="binmode ntsec tty" |
478 | if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}" | 570 | if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}" |
479 | then | 571 | then |
480 | chown system /etc/ssh* | 572 | chown system ${SYSCONFDIR}/ssh* |
481 | echo | 573 | echo |
482 | echo "The service has been installed under LocalSystem account." | 574 | echo "The service has been installed under LocalSystem account." |
483 | fi | 575 | fi |
diff --git a/contrib/gnome-ssh-askpass.c b/contrib/gnome-ssh-askpass1.c index 7cece5620..b6b342b84 100644 --- a/contrib/gnome-ssh-askpass.c +++ b/contrib/gnome-ssh-askpass1.c | |||
@@ -38,7 +38,7 @@ | |||
38 | * Compile with: | 38 | * Compile with: |
39 | * | 39 | * |
40 | * cc `gnome-config --cflags gnome gnomeui` \ | 40 | * cc `gnome-config --cflags gnome gnomeui` \ |
41 | * gnome-ssh-askpass.c -o gnome-ssh-askpass \ | 41 | * gnome-ssh-askpass1.c -o gnome-ssh-askpass \ |
42 | * `gnome-config --libs gnome gnomeui` | 42 | * `gnome-config --libs gnome gnomeui` |
43 | * | 43 | * |
44 | */ | 44 | */ |
@@ -64,7 +64,7 @@ report_failed_grab (void) | |||
64 | gnome_dialog_run_and_close(GNOME_DIALOG(err)); | 64 | gnome_dialog_run_and_close(GNOME_DIALOG(err)); |
65 | } | 65 | } |
66 | 66 | ||
67 | void | 67 | int |
68 | passphrase_dialog(char *message) | 68 | passphrase_dialog(char *message) |
69 | { | 69 | { |
70 | char *passphrase; | 70 | char *passphrase; |
@@ -135,7 +135,7 @@ passphrase_dialog(char *message) | |||
135 | gtk_entry_set_text(GTK_ENTRY(entry), passphrase); | 135 | gtk_entry_set_text(GTK_ENTRY(entry), passphrase); |
136 | 136 | ||
137 | gnome_dialog_close(GNOME_DIALOG(dialog)); | 137 | gnome_dialog_close(GNOME_DIALOG(dialog)); |
138 | return; | 138 | return (result == 0 ? 0 : -1); |
139 | 139 | ||
140 | /* At least one grab failed - ungrab what we got, and report | 140 | /* At least one grab failed - ungrab what we got, and report |
141 | the failure to the user. Note that XGrabServer() cannot | 141 | the failure to the user. Note that XGrabServer() cannot |
@@ -148,13 +148,15 @@ passphrase_dialog(char *message) | |||
148 | gnome_dialog_close(GNOME_DIALOG(dialog)); | 148 | gnome_dialog_close(GNOME_DIALOG(dialog)); |
149 | 149 | ||
150 | report_failed_grab(); | 150 | report_failed_grab(); |
151 | return (-1); | ||
151 | } | 152 | } |
152 | 153 | ||
153 | int | 154 | int |
154 | main(int argc, char **argv) | 155 | main(int argc, char **argv) |
155 | { | 156 | { |
156 | char *message; | 157 | char *message; |
157 | 158 | int result; | |
159 | |||
158 | gnome_init("GNOME ssh-askpass", "0.1", argc, argv); | 160 | gnome_init("GNOME ssh-askpass", "0.1", argc, argv); |
159 | 161 | ||
160 | if (argc == 2) | 162 | if (argc == 2) |
@@ -163,6 +165,7 @@ main(int argc, char **argv) | |||
163 | message = "Enter your OpenSSH passphrase:"; | 165 | message = "Enter your OpenSSH passphrase:"; |
164 | 166 | ||
165 | setvbuf(stdout, 0, _IONBF, 0); | 167 | setvbuf(stdout, 0, _IONBF, 0); |
166 | passphrase_dialog(message); | 168 | result = passphrase_dialog(message); |
167 | return 0; | 169 | |
170 | return (result); | ||
168 | } | 171 | } |
diff --git a/contrib/gnome-ssh-askpass2.c b/contrib/gnome-ssh-askpass2.c new file mode 100644 index 000000000..89a412aa8 --- /dev/null +++ b/contrib/gnome-ssh-askpass2.c | |||
@@ -0,0 +1,204 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2000-2002 Damien Miller. All rights reserved. | ||
3 | * | ||
4 | * Redistribution and use in source and binary forms, with or without | ||
5 | * modification, are permitted provided that the following conditions | ||
6 | * are met: | ||
7 | * 1. Redistributions of source code must retain the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer. | ||
9 | * 2. Redistributions in binary form must reproduce the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer in the | ||
11 | * documentation and/or other materials provided with the distribution. | ||
12 | * | ||
13 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
14 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
15 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
16 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
17 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
18 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
19 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
20 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
23 | */ | ||
24 | |||
25 | /* GTK2 support by Nalin Dahyabhai <nalin@redhat.com> */ | ||
26 | |||
27 | /* | ||
28 | * This is a simple GNOME SSH passphrase grabber. To use it, set the | ||
29 | * environment variable SSH_ASKPASS to point to the location of | ||
30 | * gnome-ssh-askpass before calling "ssh-add < /dev/null". | ||
31 | * | ||
32 | * There is only two run-time options: if you set the environment variable | ||
33 | * "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab | ||
34 | * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the | ||
35 | * pointer will be grabbed too. These may have some benefit to security if | ||
36 | * you don't trust your X server. We grab the keyboard always. | ||
37 | */ | ||
38 | |||
39 | /* | ||
40 | * Compile with: | ||
41 | * | ||
42 | * cc `pkg-config --cflags gtk+-2.0` \ | ||
43 | * gnome-ssh-askpass2.c -o gnome-ssh-askpass \ | ||
44 | * `pkg-config --libs gtk+-2.0` | ||
45 | * | ||
46 | */ | ||
47 | |||
48 | #include <stdlib.h> | ||
49 | #include <stdio.h> | ||
50 | #include <string.h> | ||
51 | #include <X11/Xlib.h> | ||
52 | #include <gtk/gtk.h> | ||
53 | #include <gdk/gdkx.h> | ||
54 | |||
55 | static void | ||
56 | report_failed_grab (const char *what) | ||
57 | { | ||
58 | GtkWidget *err; | ||
59 | |||
60 | err = gtk_message_dialog_new(NULL, 0, | ||
61 | GTK_MESSAGE_ERROR, | ||
62 | GTK_BUTTONS_CLOSE, | ||
63 | "Could not grab %s. " | ||
64 | "A malicious client may be eavesdropping " | ||
65 | "on your session.", what); | ||
66 | gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER); | ||
67 | gtk_label_set_line_wrap(GTK_LABEL((GTK_MESSAGE_DIALOG(err))->label), | ||
68 | TRUE); | ||
69 | |||
70 | gtk_dialog_run(GTK_DIALOG(err)); | ||
71 | |||
72 | gtk_widget_destroy(err); | ||
73 | } | ||
74 | |||
75 | static void | ||
76 | ok_dialog(GtkWidget *entry, gpointer dialog) | ||
77 | { | ||
78 | g_return_if_fail(GTK_IS_DIALOG(dialog)); | ||
79 | gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK); | ||
80 | } | ||
81 | |||
82 | static int | ||
83 | passphrase_dialog(char *message) | ||
84 | { | ||
85 | const char *failed; | ||
86 | char *passphrase, *local; | ||
87 | char **messages; | ||
88 | int result, i, grab_server, grab_pointer; | ||
89 | GtkWidget *dialog, *entry, *label; | ||
90 | GdkGrabStatus status; | ||
91 | |||
92 | grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL); | ||
93 | grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL); | ||
94 | |||
95 | dialog = gtk_message_dialog_new(NULL, 0, | ||
96 | GTK_MESSAGE_QUESTION, | ||
97 | GTK_BUTTONS_OK_CANCEL, | ||
98 | "%s", | ||
99 | message); | ||
100 | |||
101 | entry = gtk_entry_new(); | ||
102 | gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), entry, FALSE, | ||
103 | FALSE, 0); | ||
104 | gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE); | ||
105 | gtk_widget_grab_focus(entry); | ||
106 | gtk_widget_show(entry); | ||
107 | |||
108 | gtk_window_set_title(GTK_WINDOW(dialog), "OpenSSH"); | ||
109 | gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER); | ||
110 | gtk_label_set_line_wrap(GTK_LABEL((GTK_MESSAGE_DIALOG(dialog))->label), | ||
111 | TRUE); | ||
112 | |||
113 | /* Make <enter> close dialog */ | ||
114 | gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK); | ||
115 | g_signal_connect(G_OBJECT(entry), "activate", | ||
116 | G_CALLBACK(ok_dialog), dialog); | ||
117 | |||
118 | /* Grab focus */ | ||
119 | gtk_widget_show_now(dialog); | ||
120 | if (grab_server) { | ||
121 | gdk_x11_grab_server(); | ||
122 | } | ||
123 | if (grab_pointer) { | ||
124 | status = gdk_pointer_grab((GTK_WIDGET(dialog))->window, TRUE, | ||
125 | 0, NULL, NULL, GDK_CURRENT_TIME); | ||
126 | if (status != GDK_GRAB_SUCCESS) { | ||
127 | failed = "mouse"; | ||
128 | goto nograb; | ||
129 | } | ||
130 | } | ||
131 | status = gdk_keyboard_grab((GTK_WIDGET(dialog))->window, FALSE, | ||
132 | GDK_CURRENT_TIME); | ||
133 | if (status != GDK_GRAB_SUCCESS) { | ||
134 | failed = "keyboard"; | ||
135 | goto nograbkb; | ||
136 | } | ||
137 | result = gtk_dialog_run(GTK_DIALOG(dialog)); | ||
138 | |||
139 | /* Ungrab */ | ||
140 | if (grab_server) | ||
141 | XUngrabServer(GDK_DISPLAY()); | ||
142 | if (grab_pointer) | ||
143 | gdk_pointer_ungrab(GDK_CURRENT_TIME); | ||
144 | gdk_keyboard_ungrab(GDK_CURRENT_TIME); | ||
145 | gdk_flush(); | ||
146 | |||
147 | /* Report passphrase if user selected OK */ | ||
148 | passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry))); | ||
149 | if (result == GTK_RESPONSE_OK) { | ||
150 | local = g_locale_from_utf8(passphrase, strlen(passphrase), | ||
151 | NULL, NULL, NULL); | ||
152 | if (local != NULL) { | ||
153 | puts(local); | ||
154 | memset(local, '\0', strlen(local)); | ||
155 | g_free(local); | ||
156 | } else { | ||
157 | puts(passphrase); | ||
158 | } | ||
159 | } | ||
160 | |||
161 | /* Zero passphrase in memory */ | ||
162 | memset(passphrase, '\b', strlen(passphrase)); | ||
163 | gtk_entry_set_text(GTK_ENTRY(entry), passphrase); | ||
164 | memset(passphrase, '\0', strlen(passphrase)); | ||
165 | g_free(passphrase); | ||
166 | |||
167 | gtk_widget_destroy(dialog); | ||
168 | return (result == GTK_RESPONSE_OK ? 0 : -1); | ||
169 | |||
170 | /* At least one grab failed - ungrab what we got, and report | ||
171 | the failure to the user. Note that XGrabServer() cannot | ||
172 | fail. */ | ||
173 | nograbkb: | ||
174 | gdk_pointer_ungrab(GDK_CURRENT_TIME); | ||
175 | nograb: | ||
176 | if (grab_server) | ||
177 | XUngrabServer(GDK_DISPLAY()); | ||
178 | gtk_widget_destroy(dialog); | ||
179 | |||
180 | report_failed_grab(failed); | ||
181 | |||
182 | return (-1); | ||
183 | } | ||
184 | |||
185 | int | ||
186 | main(int argc, char **argv) | ||
187 | { | ||
188 | char *message; | ||
189 | int result; | ||
190 | |||
191 | gtk_init(&argc, &argv); | ||
192 | |||
193 | if (argc > 1) { | ||
194 | message = g_strjoinv(" ", argv + 1); | ||
195 | } else { | ||
196 | message = g_strdup("Enter your OpenSSH passphrase:"); | ||
197 | } | ||
198 | |||
199 | setvbuf(stdout, 0, _IONBF, 0); | ||
200 | result = passphrase_dialog(message); | ||
201 | g_free(message); | ||
202 | |||
203 | return (result); | ||
204 | } | ||
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index b73fb929f..e7005064d 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec | |||
@@ -1,4 +1,4 @@ | |||
1 | %define ver 3.4p1 | 1 | %define ver 3.5p1 |
2 | %define rel 1 | 2 | %define rel 1 |
3 | 3 | ||
4 | # OpenSSH privilege separation requires a user & group ID | 4 | # OpenSSH privilege separation requires a user & group ID |
@@ -20,6 +20,9 @@ | |||
20 | # Do we want smartcard support (1=yes 0=no) | 20 | # Do we want smartcard support (1=yes 0=no) |
21 | %define scard 0 | 21 | %define scard 0 |
22 | 22 | ||
23 | # Use GTK2 instead of GNOME in gnome-ssh-askpass | ||
24 | %define gtk2 0 | ||
25 | |||
23 | # Is this build for RHL 6.x? | 26 | # Is this build for RHL 6.x? |
24 | %define build6x 0 | 27 | %define build6x 0 |
25 | 28 | ||
@@ -86,7 +89,7 @@ PreReq: initscripts >= 5.20 | |||
86 | %endif | 89 | %endif |
87 | BuildPreReq: perl, openssl-devel, sharutils, tcp_wrappers | 90 | BuildPreReq: perl, openssl-devel, sharutils, tcp_wrappers |
88 | BuildPreReq: /bin/login | 91 | BuildPreReq: /bin/login |
89 | %if %{build6x} | 92 | %if ! %{build6x} |
90 | BuildPreReq: glibc-devel, pam | 93 | BuildPreReq: glibc-devel, pam |
91 | %else | 94 | %else |
92 | BuildPreReq: db1-devel, /usr/include/security/pam_appl.h | 95 | BuildPreReq: db1-devel, /usr/include/security/pam_appl.h |
@@ -95,7 +98,7 @@ BuildPreReq: db1-devel, /usr/include/security/pam_appl.h | |||
95 | BuildPreReq: XFree86-devel | 98 | BuildPreReq: XFree86-devel |
96 | %endif | 99 | %endif |
97 | %if ! %{no_gnome_askpass} | 100 | %if ! %{no_gnome_askpass} |
98 | BuildPreReq: gnome-libs-devel | 101 | BuildPreReq: pkgconfig |
99 | %endif | 102 | %endif |
100 | %if %{kerberos5} | 103 | %if %{kerberos5} |
101 | BuildPreReq: krb5-devel | 104 | BuildPreReq: krb5-devel |
@@ -220,11 +223,23 @@ make | |||
220 | popd | 223 | popd |
221 | %endif | 224 | %endif |
222 | 225 | ||
226 | # Define a variable to toggle gnome1/gtk2 building. This is necessary | ||
227 | # because RPM doesn't handle nested %if statements. | ||
228 | %if %{gtk2} | ||
229 | gtk2=yes | ||
230 | %else | ||
231 | gtk2=no | ||
232 | %endif | ||
233 | |||
223 | %if ! %{no_gnome_askpass} | 234 | %if ! %{no_gnome_askpass} |
224 | pushd contrib | 235 | pushd contrib |
225 | gcc $RPM_OPT_FLAGS `gnome-config --cflags gnome gnomeui` \ | 236 | if [ $gtk2 = yes ] ; then |
226 | gnome-ssh-askpass.c -o gnome-ssh-askpass \ | 237 | make gnome-ssh-askpass2 |
227 | `gnome-config --libs gnome gnomeui` | 238 | mv gnome-ssh-askpass2 gnome-ssh-askpass |
239 | else | ||
240 | make gnome-ssh-askpass1 | ||
241 | mv gnome-ssh-askpass1 gnome-ssh-askpass | ||
242 | fi | ||
228 | popd | 243 | popd |
229 | %endif | 244 | %endif |
230 | 245 | ||
@@ -255,6 +270,10 @@ ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass | |||
255 | install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass | 270 | install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass |
256 | %endif | 271 | %endif |
257 | 272 | ||
273 | %if ! %{scard} | ||
274 | rm -f $RPM_BUILD_ROOT/usr/share/openssh/Ssh.bin | ||
275 | %endif | ||
276 | |||
258 | install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ | 277 | install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ |
259 | install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ | 278 | install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ |
260 | install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ | 279 | install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ |
@@ -338,7 +357,7 @@ fi | |||
338 | %attr(-,root,root) %{_bindir}/slogin | 357 | %attr(-,root,root) %{_bindir}/slogin |
339 | %attr(-,root,root) %{_mandir}/man1/slogin.1* | 358 | %attr(-,root,root) %{_mandir}/man1/slogin.1* |
340 | %if ! %{rescue} | 359 | %if ! %{rescue} |
341 | %attr(0755,root,root) %{_bindir}/ssh-agent | 360 | %attr(2755,root,nobody) %{_bindir}/ssh-agent |
342 | %attr(0755,root,root) %{_bindir}/ssh-add | 361 | %attr(0755,root,root) %{_bindir}/ssh-add |
343 | %attr(0755,root,root) %{_bindir}/ssh-keyscan | 362 | %attr(0755,root,root) %{_bindir}/ssh-keyscan |
344 | %attr(0755,root,root) %{_bindir}/sftp | 363 | %attr(0755,root,root) %{_bindir}/sftp |
@@ -381,6 +400,12 @@ fi | |||
381 | %endif | 400 | %endif |
382 | 401 | ||
383 | %changelog | 402 | %changelog |
403 | * Wed Oct 01 2002 Damien Miller <djm@mindrot.org> | ||
404 | - Install ssh-agent setgid nobody to prevent ptrace() key theft attacks | ||
405 | |||
406 | * Mon Sep 30 2002 Damien Miller <djm@mindrot.org> | ||
407 | - Use contrib/ Makefile for building askpass programs | ||
408 | |||
384 | * Fri Jun 21 2002 Damien Miller <djm@mindrot.org> | 409 | * Fri Jun 21 2002 Damien Miller <djm@mindrot.org> |
385 | - Merge in spec changes from seba@iq.pl (Sebastian Pachuta) | 410 | - Merge in spec changes from seba@iq.pl (Sebastian Pachuta) |
386 | - Add new {ssh,sshd}_config.5 manpages | 411 | - Add new {ssh,sshd}_config.5 manpages |
diff --git a/contrib/solaris/buildpkg.sh b/contrib/solaris/buildpkg.sh index 1be6ed8d1..c41b3f963 100755 --- a/contrib/solaris/buildpkg.sh +++ b/contrib/solaris/buildpkg.sh | |||
@@ -11,13 +11,18 @@ umask 022 | |||
11 | # Options for building the package | 11 | # Options for building the package |
12 | # You can create a config.local with your customized options | 12 | # You can create a config.local with your customized options |
13 | # | 13 | # |
14 | # uncommenting TEST_DIR and using configure--prefix=/var/tmp and | 14 | # uncommenting TEST_DIR and using |
15 | # configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty | ||
16 | # and | ||
15 | # PKGNAME=tOpenSSH should allow testing a package without interfering | 17 | # PKGNAME=tOpenSSH should allow testing a package without interfering |
16 | # with a real OpenSSH package on a system. | 18 | # with a real OpenSSH package on a system. This is not needed on systems |
19 | # that support the -R option to pkgadd. | ||
17 | #TEST_DIR=/var/tmp # leave commented out for production build | 20 | #TEST_DIR=/var/tmp # leave commented out for production build |
18 | PKGNAME=OpenSSH | 21 | PKGNAME=OpenSSH |
19 | SYSVINIT_NAME=opensshd | 22 | SYSVINIT_NAME=opensshd |
20 | MAKE=${MAKE:="make"} | 23 | MAKE=${MAKE:="make"} |
24 | SSHDUID=67 # Default privsep uid | ||
25 | SSHDGID=67 # Default privsep gid | ||
21 | # uncomment these next two as needed | 26 | # uncomment these next two as needed |
22 | #PERMIT_ROOT_LOGIN=no | 27 | #PERMIT_ROOT_LOGIN=no |
23 | #X11_FORWARDING=yes | 28 | #X11_FORWARDING=yes |
@@ -55,7 +60,7 @@ SYSTEM_DIR="/etc \ | |||
55 | /var/tmp \ | 60 | /var/tmp \ |
56 | /tmp" | 61 | /tmp" |
57 | 62 | ||
58 | # We may need to buiild as root so we make sure PATH is set up | 63 | # We may need to build as root so we make sure PATH is set up |
59 | # only set the path if it's not set already | 64 | # only set the path if it's not set already |
60 | [ -d /usr/local/bin ] && { | 65 | [ -d /usr/local/bin ] && { |
61 | echo $PATH | grep ":/usr/local/bin" > /dev/null 2>&1 | 66 | echo $PATH | grep ":/usr/local/bin" > /dev/null 2>&1 |
@@ -96,6 +101,19 @@ do | |||
96 | eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2` | 101 | eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2` |
97 | done | 102 | done |
98 | 103 | ||
104 | |||
105 | ## Collect value of privsep user | ||
106 | for confvar in SSH_PRIVSEP_USER | ||
107 | do | ||
108 | eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h` | ||
109 | done | ||
110 | |||
111 | ## Set privsep defaults if not defined | ||
112 | if [ -z "$SSH_PRIVSEP_USER" ] | ||
113 | then | ||
114 | SSH_PRIVSEP_USER=sshd | ||
115 | fi | ||
116 | |||
99 | ## Extract common info requires for the 'info' part of the package. | 117 | ## Extract common info requires for the 'info' part of the package. |
100 | VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'` | 118 | VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'` |
101 | 119 | ||
@@ -106,7 +124,8 @@ case ${UNAME_S} in | |||
106 | RCS_D=yes | 124 | RCS_D=yes |
107 | DEF_MSG="(default: n)" | 125 | DEF_MSG="(default: n)" |
108 | ;; | 126 | ;; |
109 | *) ARCH=`uname -m` ;; | 127 | *) ARCH=`uname -m` |
128 | DEF_MSG="\n" ;; | ||
110 | esac | 129 | esac |
111 | 130 | ||
112 | ## Setup our run level stuff while we are at it. | 131 | ## Setup our run level stuff while we are at it. |
@@ -171,13 +190,16 @@ echo "Building postinstall file..." | |||
171 | cat > postinstall << _EOF | 190 | cat > postinstall << _EOF |
172 | #! /sbin/sh | 191 | #! /sbin/sh |
173 | # | 192 | # |
174 | [ -f ${sysconfdir}/ssh_config ] || \\ | 193 | [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] || \\ |
175 | cp -p ${sysconfdir}/ssh_config.default ${sysconfdir}/ssh_config | 194 | cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\ |
176 | [ -f ${sysconfdir}/sshd_config ] || \\ | 195 | \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config |
177 | cp -p ${sysconfdir}/sshd_config.default ${sysconfdir}/sshd_config | 196 | [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ] || \\ |
178 | [ -f ${sysconfdir}/ssh_prng_cmds.default ] && { | 197 | cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\ |
179 | [ -f ${sysconfdir}/ssh_prng_cmds ] || \\ | 198 | \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config |
180 | cp -p ${sysconfdir}/ssh_prng_cmds.default ${sysconfdir}/ssh_prng_cmds | 199 | [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ] && { |
200 | [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ] || \\ | ||
201 | cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\ | ||
202 | \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds | ||
181 | } | 203 | } |
182 | 204 | ||
183 | # make rc?.d dirs only if we are doing a test install | 205 | # make rc?.d dirs only if we are doing a test install |
@@ -191,23 +213,75 @@ cat > postinstall << _EOF | |||
191 | if [ "\${USE_SYM_LINKS}" = yes ] | 213 | if [ "\${USE_SYM_LINKS}" = yes ] |
192 | then | 214 | then |
193 | [ "$RCS_D" = yes ] && \ | 215 | [ "$RCS_D" = yes ] && \ |
194 | installf ${PKGNAME} $TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s | 216 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s |
195 | installf ${PKGNAME} $TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s | 217 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s |
196 | installf ${PKGNAME} $TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s | 218 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s |
197 | installf ${PKGNAME} $TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s | 219 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s |
198 | else | 220 | else |
199 | [ "$RCS_D" = yes ] && \ | 221 | [ "$RCS_D" = yes ] && \ |
200 | installf ${PKGNAME} $TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l | 222 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l |
201 | installf ${PKGNAME} $TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l | 223 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l |
202 | installf ${PKGNAME} $TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l | 224 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l |
203 | installf ${PKGNAME} $TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l | 225 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l |
204 | fi | 226 | fi |
205 | 227 | ||
206 | # If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh) | 228 | # If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh) |
207 | [ -d $piddir ] || installf ${PKGNAME} $TEST_DIR$piddir d 755 root sys | 229 | [ -d $piddir ] || installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR$piddir d 755 root sys |
208 | 230 | ||
209 | installf -f ${PKGNAME} | 231 | installf -f ${PKGNAME} |
210 | 232 | ||
233 | # Use chroot to handle PKG_INSTALL_ROOT | ||
234 | if [ ! -z "\${PKG_INSTALL_ROOT}" ] | ||
235 | then | ||
236 | chroot="chroot \${PKG_INSTALL_ROOT}" | ||
237 | fi | ||
238 | # If this is a test build, we will skip the groupadd/useradd/passwd commands | ||
239 | if [ ! -z "${TEST_DIR}" ] | ||
240 | then | ||
241 | chroot=echo | ||
242 | fi | ||
243 | |||
244 | if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null | ||
245 | then | ||
246 | echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user" | ||
247 | echo "or group." | ||
248 | else | ||
249 | echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." | ||
250 | |||
251 | # create group if required | ||
252 | if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null | ||
253 | then | ||
254 | echo "PrivSep group $SSH_PRIVSEP_USER already exists." | ||
255 | else | ||
256 | # Use gid of 67 if possible | ||
257 | if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null | ||
258 | then | ||
259 | : | ||
260 | else | ||
261 | sshdgid="-g $SSHDGID" | ||
262 | fi | ||
263 | echo "Creating PrivSep group $SSH_PRIVSEP_USER." | ||
264 | \$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER | ||
265 | fi | ||
266 | |||
267 | # Create user if required | ||
268 | if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null | ||
269 | then | ||
270 | echo "PrivSep user $SSH_PRIVSEP_USER already exists." | ||
271 | else | ||
272 | # Use uid of 67 if possible | ||
273 | if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null | ||
274 | then | ||
275 | : | ||
276 | else | ||
277 | sshduid="-u $SSHDUID" | ||
278 | fi | ||
279 | echo "Creating PrivSep user $SSH_PRIVSEP_USER." | ||
280 | \$chroot /usr/sbin/useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER | ||
281 | \$chroot /usr/bin/passwd -l $SSH_PRIVSEP_USER | ||
282 | fi | ||
283 | fi | ||
284 | |||
211 | [ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start | 285 | [ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start |
212 | exit 0 | 286 | exit 0 |
213 | _EOF | 287 | _EOF |
diff --git a/contrib/solaris/opensshd.in b/contrib/solaris/opensshd.in index 212254dc8..e7ca2489f 100755 --- a/contrib/solaris/opensshd.in +++ b/contrib/solaris/opensshd.in | |||
@@ -3,11 +3,8 @@ | |||
3 | # | 3 | # |
4 | # Stripped PRNGd out of it for the time being. | 4 | # Stripped PRNGd out of it for the time being. |
5 | 5 | ||
6 | AWK=/usr/bin/awk | ||
7 | CAT=/usr/bin/cat | 6 | CAT=/usr/bin/cat |
8 | KILL=/usr/bin/kill | 7 | KILL=/usr/bin/kill |
9 | PS=/usr/bin/ps | ||
10 | XARGS=/usr/bin/xargs | ||
11 | 8 | ||
12 | prefix=%%openSSHDir%% | 9 | prefix=%%openSSHDir%% |
13 | etcdir=%%configDir%% | 10 | etcdir=%%configDir%% |
@@ -20,12 +17,6 @@ HOST_KEY_RSA1=$etcdir/ssh_host_key | |||
20 | HOST_KEY_DSA=$etcdir/ssh_host_dsa_key | 17 | HOST_KEY_DSA=$etcdir/ssh_host_dsa_key |
21 | HOST_KEY_RSA=$etcdir/ssh_host_rsa_key | 18 | HOST_KEY_RSA=$etcdir/ssh_host_rsa_key |
22 | 19 | ||
23 | killproc() { | ||
24 | _procname=$1 | ||
25 | _signal=$2 | ||
26 | ${PS} -u root | ${AWK} '/'"$_procname"'$/ {print $1}' | ${XARGS} ${KILL} | ||
27 | } | ||
28 | |||
29 | 20 | ||
30 | checkkeys() { | 21 | checkkeys() { |
31 | if [ ! -f $HOST_KEY_RSA1 ]; then | 22 | if [ ! -f $HOST_KEY_RSA1 ]; then |
@@ -46,8 +37,7 @@ stop_service() { | |||
46 | if [ ${PID:=0} -gt 1 -a ! "X$PID" = "X " ]; then | 37 | if [ ${PID:=0} -gt 1 -a ! "X$PID" = "X " ]; then |
47 | ${KILL} ${PID} | 38 | ${KILL} ${PID} |
48 | else | 39 | else |
49 | echo "Unable to read PID file, killing using alternate method" | 40 | echo "Unable to read PID file" |
50 | killproc sshd TERM | ||
51 | fi | 41 | fi |
52 | } | 42 | } |
53 | 43 | ||
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index 126dac335..3ae1dfc80 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec | |||
@@ -1,6 +1,6 @@ | |||
1 | Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation | 1 | Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation |
2 | Name: openssh | 2 | Name: openssh |
3 | Version: 3.4p1 | 3 | Version: 3.5p1 |
4 | URL: http://www.openssh.com/ | 4 | URL: http://www.openssh.com/ |
5 | Release: 1 | 5 | Release: 1 |
6 | Source0: openssh-%{version}.tar.gz | 6 | Source0: openssh-%{version}.tar.gz |
diff --git a/debian/changelog b/debian/changelog index e5651eb28..6a6a6eb0c 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -1,3 +1,33 @@ | |||
1 | openssh (1:3.5p1-1) unstable; urgency=low | ||
2 | |||
3 | * New upstream release. | ||
4 | - Fixes typo in ssh-add usage (closes: #152239). | ||
5 | - Fixes 'PermitRootLogin forced-commands-only' (closes: #166184). | ||
6 | - ~/.ssh/environment and environment= options in ~/.ssh/authorized_keys | ||
7 | are deprecated for security reasons and will eventually go away. For | ||
8 | now they can be re-enabled by setting 'PermitUserEnvironment yes' in | ||
9 | sshd_config. | ||
10 | - ssh-agent is installed setgid to prevent ptrace() attacks. The group | ||
11 | actually doesn't matter, as it drops privileges immediately, but to | ||
12 | avoid confusion the postinst creates a new 'ssh' group for it. | ||
13 | * Obsolete patches: | ||
14 | - Solar Designer's privsep+compression patch for Linux 2.2 (see | ||
15 | 1:3.3p1-0.0woody1). | ||
16 | - Hostbased auth ssh-keysign backport (see 1:3.4p1-4). | ||
17 | |||
18 | * Remove duplicated phrase in ssh_config(5) (closes: #152404). | ||
19 | * Source the debconf confmodule at the top of the postrm rather than at | ||
20 | the bottom, to avoid making future non-idempotency problems worse (see | ||
21 | #151035). | ||
22 | * Debconf templates: | ||
23 | - Add Polish (thanks, Grzegorz Kusnierz). | ||
24 | - Update French (thanks, Denis Barbier; closes: #132509). | ||
25 | - Update Spanish (thanks, Carlos Valdivia Yagüe; closes: #164716). | ||
26 | * Write a man page for gnome-ssh-askpass, and link it to ssh-askpass.1 if | ||
27 | this is the selected ssh-askpass alternative (closes: #67775). | ||
28 | |||
29 | -- Colin Watson <cjwatson@debian.org> Sat, 26 Oct 2002 19:41:51 +0100 | ||
30 | |||
1 | openssh (1:3.4p1-4) unstable; urgency=low | 31 | openssh (1:3.4p1-4) unstable; urgency=low |
2 | 32 | ||
3 | * Allow ssh-krb5 in ssh-askpass-gnome's dependencies (closes: #129532). | 33 | * Allow ssh-krb5 in ssh-askpass-gnome's dependencies (closes: #129532). |
diff --git a/debian/gnome-ssh-askpass.1 b/debian/gnome-ssh-askpass.1 new file mode 100644 index 000000000..b74c410a8 --- /dev/null +++ b/debian/gnome-ssh-askpass.1 | |||
@@ -0,0 +1,51 @@ | |||
1 | .TH GNOME-SSH-ASKPASS 1 | ||
2 | .SH NAME | ||
3 | gnome\-ssh\-askpass \- prompts a user for a passphrase using GNOME | ||
4 | .SH SYNOPSIS | ||
5 | .B gnome\-ssh\-askpass | ||
6 | .SH DESCRIPTION | ||
7 | .B gnome\-ssh\-askpass | ||
8 | is a GNOME-based passphrase dialog for use with OpenSSH. | ||
9 | It is intended to be called by the | ||
10 | .BR ssh\-add (1) | ||
11 | program and not invoked directly. | ||
12 | It allows | ||
13 | .BR ssh\-add (1) | ||
14 | to obtain a passphrase from a user, even if not connected to a terminal | ||
15 | (assuming that an X display is available). | ||
16 | This happens automatically in the case where | ||
17 | .B ssh\-add | ||
18 | is invoked from one's | ||
19 | .B ~/.xsession | ||
20 | or as one of the GNOME startup programs, for example. | ||
21 | .PP | ||
22 | In order to be called automatically by | ||
23 | .BR ssh\-add , | ||
24 | .B gnome\-ssh\-askpass | ||
25 | should be installed as | ||
26 | .IR /usr/bin/ssh\-askpass . | ||
27 | .SH "ENVIRONMENT VARIABLES" | ||
28 | The following environment variables are recognized: | ||
29 | .TP | ||
30 | .I GNOME_SSH_ASKPASS_GRAB_SERVER | ||
31 | Causes | ||
32 | .B gnome\-ssh\-askpass | ||
33 | to grab the X server before asking for a passphrase. | ||
34 | .TP | ||
35 | .I GNOME_SSH_ASKPASS_GRAB_POINTER | ||
36 | Causes | ||
37 | .B gnome\-ssh\-askpass | ||
38 | to grab the mouse pointer using | ||
39 | .IR gdk_pointer_grab () | ||
40 | before asking for a passphrase. | ||
41 | .PP | ||
42 | Regardless of whether either of these environment variables is set, | ||
43 | .B gnome\-ssh\-askpass | ||
44 | will grab the keyboard using | ||
45 | .IR gdk_keyboard_grab (). | ||
46 | .SH AUTHOR | ||
47 | This manual page was written by Colin Watson <cjwatson@debian.org> | ||
48 | for the Debian system (but may be used by others). | ||
49 | It was based on that for | ||
50 | .B x11\-ssh\-askpass | ||
51 | by Philip Hands. | ||
diff --git a/debian/postinst b/debian/postinst index 10d61d86e..1b741c203 100644 --- a/debian/postinst +++ b/debian/postinst | |||
@@ -280,6 +280,18 @@ set_sshd_permissions() { | |||
280 | } | 280 | } |
281 | 281 | ||
282 | 282 | ||
283 | set_ssh_agent_permissions() { | ||
284 | if ! getent group | grep -q '^ssh:'; then | ||
285 | addgroup --quiet ssh | ||
286 | fi | ||
287 | if ! [ -x /usr/sbin/dpkg-statoverride ] || \ | ||
288 | ! dpkg-statoverride --list /usr/bin/ssh-agent >/dev/null ; then | ||
289 | chgrp ssh /usr/bin/ssh-agent | ||
290 | chmod 2755 /usr/bin/ssh-agent | ||
291 | fi | ||
292 | } | ||
293 | |||
294 | |||
283 | setup_startup() { | 295 | setup_startup() { |
284 | start=yes | 296 | start=yes |
285 | [ -e /usr/share/debconf/confmodule ] && { | 297 | [ -e /usr/share/debconf/confmodule ] && { |
@@ -311,6 +323,7 @@ fix_statoverride | |||
311 | create_alternatives | 323 | create_alternatives |
312 | setup_sshd_user | 324 | setup_sshd_user |
313 | set_sshd_permissions | 325 | set_sshd_permissions |
326 | set_ssh_agent_permissions | ||
314 | setup_startup | 327 | setup_startup |
315 | setup_init | 328 | setup_init |
316 | 329 | ||
diff --git a/debian/postrm b/debian/postrm index bd0bbee38..c76f662df 100644 --- a/debian/postrm +++ b/debian/postrm | |||
@@ -1,5 +1,7 @@ | |||
1 | #!/bin/sh -e | 1 | #!/bin/sh -e |
2 | 2 | ||
3 | #DEBHELPER# | ||
4 | |||
3 | if [ "$1" = "purge" ] | 5 | if [ "$1" = "purge" ] |
4 | then | 6 | then |
5 | rm -rf /etc/ssh | 7 | rm -rf /etc/ssh |
@@ -11,6 +13,7 @@ fi | |||
11 | 13 | ||
12 | if [ "$1" = "purge" ] ; then | 14 | if [ "$1" = "purge" ] ; then |
13 | deluser --quiet sshd > /dev/null || true | 15 | deluser --quiet sshd > /dev/null || true |
16 | delgroup --quiet ssh > /dev/null || true | ||
14 | fi | 17 | fi |
15 | 18 | ||
16 | #DEBHELPER# | 19 | exit 0 |
diff --git a/debian/rules b/debian/rules index 7615c8708..fb60b2270 100755 --- a/debian/rules +++ b/debian/rules | |||
@@ -23,9 +23,7 @@ build-stamp: | |||
23 | --with-privsep-path=/var/run/sshd --without-rand-helper | 23 | --with-privsep-path=/var/run/sshd --without-rand-helper |
24 | $(MAKE) -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' CFLAGS='-O2 -g -Wall -DLOGIN_PROGRAM=\"/bin/login\" -DSSHD_PAM_SERVICE=\"ssh\" -D__FILE_OFFSET_BITS=64 -DHAVE_MMAP_ANON_SHARED' \ | 24 | $(MAKE) -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' CFLAGS='-O2 -g -Wall -DLOGIN_PROGRAM=\"/bin/login\" -DSSHD_PAM_SERVICE=\"ssh\" -D__FILE_OFFSET_BITS=64 -DHAVE_MMAP_ANON_SHARED' \ |
25 | SSH_KEYSIGN='/usr/lib/ssh-keysign' | 25 | SSH_KEYSIGN='/usr/lib/ssh-keysign' |
26 | gcc -O2 `gnome-config --cflags gnome gnomeui` \ | 26 | $(MAKE) -C contrib gnome-ssh-askpass1 CC='gcc -O2' |
27 | contrib/gnome-ssh-askpass.c -o contrib/gnome-ssh-askpass \ | ||
28 | `gnome-config --libs gnome gnomeui` | ||
29 | 27 | ||
30 | touch build-stamp | 28 | touch build-stamp |
31 | 29 | ||
@@ -33,7 +31,8 @@ clean: | |||
33 | dh_testdir | 31 | dh_testdir |
34 | rm -f build-stamp | 32 | rm -f build-stamp |
35 | -$(MAKE) -i distclean | 33 | -$(MAKE) -i distclean |
36 | rm -f contrib/gnome-ssh-askpass config.log | 34 | -$(MAKE) -C contrib clean |
35 | rm -f config.log | ||
37 | if [ -f version.h.upstream ]; then mv version.h.upstream version.h; \ | 36 | if [ -f version.h.upstream ]; then mv version.h.upstream version.h; \ |
38 | fi | 37 | fi |
39 | dh_clean | 38 | dh_clean |
@@ -54,9 +53,10 @@ install: build | |||
54 | rm -f debian/tmp/usr/share/Ssh.bin | 53 | rm -f debian/tmp/usr/share/Ssh.bin |
55 | 54 | ||
56 | install -m 755 contrib/ssh-copy-id debian/tmp/usr/bin/ssh-copy-id | 55 | install -m 755 contrib/ssh-copy-id debian/tmp/usr/bin/ssh-copy-id |
57 | install -m644 -c contrib/ssh-copy-id.1 debian/tmp/usr/share/man/man1/ssh-copy-id.1 | 56 | install -m 644 -c contrib/ssh-copy-id.1 debian/tmp/usr/share/man/man1/ssh-copy-id.1 |
57 | install -m 644 debian/gnome-ssh-askpass.1 debian/tmp/usr/share/man/man1/gnome-ssh-askpass.1 | ||
58 | 58 | ||
59 | install -s -o root -g root -m 755 contrib/gnome-ssh-askpass debian/ssh-askpass-gnome/usr/lib/ssh/gnome-ssh-askpass | 59 | install -s -o root -g root -m 755 contrib/gnome-ssh-askpass1 debian/ssh-askpass-gnome/usr/lib/ssh/gnome-ssh-askpass |
60 | 60 | ||
61 | install -o root -g root debian/init debian/tmp/etc/init.d/ssh | 61 | install -o root -g root debian/init debian/tmp/etc/init.d/ssh |
62 | 62 | ||
diff --git a/debian/ssh-askpass-gnome.postinst b/debian/ssh-askpass-gnome.postinst index 3a52d3005..7441cca29 100644 --- a/debian/ssh-askpass-gnome.postinst +++ b/debian/ssh-askpass-gnome.postinst | |||
@@ -24,7 +24,11 @@ set -e | |||
24 | 24 | ||
25 | case "$1" in | 25 | case "$1" in |
26 | configure) | 26 | configure) |
27 | update-alternatives --quiet --install /usr/bin/ssh-askpass ssh-askpass /usr/lib/ssh/gnome-ssh-askpass 30 | 27 | update-alternatives --quiet \ |
28 | --install /usr/bin/ssh-askpass ssh-askpass \ | ||
29 | /usr/lib/ssh/gnome-ssh-askpass 30 \ | ||
30 | --slave /usr/share/man/man1/ssh-askpass.1.gz \ | ||
31 | ssh-askpass.1.gz /usr/share/man/man1/gnome-ssh-askpass.1.gz | ||
28 | 32 | ||
29 | 33 | ||
30 | ;; | 34 | ;; |
diff --git a/debian/templates.es b/debian/templates.es index c3cc971ca..8d7b25a34 100644 --- a/debian/templates.es +++ b/debian/templates.es | |||
@@ -1,78 +1,24 @@ | |||
1 | Template: ssh/new_config | 1 | Template: ssh/run_sshd |
2 | Type: boolean | ||
3 | Default: true | ||
4 | Description: Generate new configuration file | ||
5 | This version of OpenSSH has a considerably changed configuration file from | ||
6 | the version shipped in Debian 'Potato', which you appear to be upgrading | ||
7 | from. I can now generate you a new configuration file | ||
8 | (/etc/ssh/sshd.config), which will work with the new server version, but | ||
9 | will not contain any customisations you made with the old version. | ||
10 | . | ||
11 | Please note that this new configuration file will set the value of | ||
12 | 'PermitRootLogin' to yes (meaning that anyone knowing the root password | ||
13 | can ssh directly in as root). It is the opinion of the maintainer that | ||
14 | this is the correct default (see README.Debian for more details), but you | ||
15 | can always edit sshd_config and set it to no if you wish. | ||
16 | . | ||
17 | It is strongly recommended that you let me generate a new configuration | ||
18 | file for you | ||
19 | Description-es: Generar un fichero de configuración nuevo | ||
20 | Esta versión de OpenSSH tiene un fichero de configuración muy distinto del | ||
21 | que incluía la versión de 'Potato'. Parece que está actualizando desde esa | ||
22 | versión, por lo que puede generar un nuevo fichero de configuración | ||
23 | (/etc/ssh/sshd.config), que funcionará con la nueva versión del servidor, | ||
24 | pero no tendrá ninguno de los cambios que hubiera hecho a la versión | ||
25 | antigua. | ||
26 | . | ||
27 | Debe saber que este nuevo fichero de configuración pondrá el valor de | ||
28 | 'PermitRootLogin' a "yes" (por lo que root podrá entrar directamente por | ||
29 | ssh). El mantenedor opina que ésta es la opción por defecto más adecuada | ||
30 | (consulte README.Debian para conocer más detalles), pero recuerde que | ||
31 | siempre puede editar sshd_config y cambiarlo. | ||
32 | . | ||
33 | Es muy recomendable generar ahora automáticamente un nuevo fichero de | ||
34 | configuración. | ||
35 | |||
36 | Template: ssh/protocol2_only | ||
37 | Type: boolean | 2 | Type: boolean |
38 | Default: true | 3 | Default: true |
39 | Description: Allow SSH protocol 2 only | 4 | Description: Do you want to run the sshd server ? |
40 | This version of OpenSSH supports version 2 of the ssh protocol, which is | 5 | This package contains both the ssh client, and the sshd server. |
41 | much more secure. Disabling ssh 1 is encouraged, however this will slow | ||
42 | things down on low end machines and might prevent older clients from | ||
43 | connecting (the ssh client shipped with "potato" is affected). | ||
44 | . | 6 | . |
45 | Also please note that keys used for protocol 1 are different so you will | 7 | Normally the sshd Secure Shell Server will be run to allow remote logins |
46 | not be able to use them if you only allow protocol 2 connections. | 8 | via ssh. |
47 | . | 9 | . |
48 | If you later change your mind about this setting, README.Debian has | 10 | If you are only interested in using the ssh client for outbound |
49 | instructions on what to do to your sshd_config file. | 11 | connections on this machine, and don't want to log into it at all using |
50 | Description-es: Permitir sólo la versión 2 del protocolo SSH | 12 | ssh, then you can disable sshd here. |
51 | Esta versión de OpenSSH soporta la versión 2 del protocolo ssh, que es | 13 | Description-es: ¿Quiere ejecutar el servidor sshd? |
52 | mucho más segura que la anterior. Se recomienda no usar ssh versión 1, | 14 | Este paquete contiene el cliente ssh y el servidor sshd. |
53 | aunque irá más lento en máquinas modestas y puede impedir que se conecten | ||
54 | clientes antiguos, como por ejemplo el cliente de ssh incluido en | ||
55 | "potato". | ||
56 | . | 15 | . |
57 | También tenga en cuenta que las claves utilizadas para el protocolo 1 son | 16 | Generalmente, el servidor de ssh (Secure Shell Server) se ejecuta para |
58 | diferentes, por lo que no podrá usarlas si únicamente permite conexiones | 17 | permitir el acceso remoto mediante ssh. |
59 | mediante el protocolo 2. | ||
60 | . | 18 | . |
61 | Si cambia de opinión más tarde, el fichero README.Debian contiene | 19 | Si sólo está interesado en usar el cliente ssh en conexiones salientes del |
62 | instrucciones sobre qué ha de cambiar en el fichero sshd_config. | 20 | sistema y no quiere acceder a él mediante ssh, entonces puede desactivar |
63 | 21 | sshd. | |
64 | Template: ssh/ssh2_keys_merged | ||
65 | Type: note | ||
66 | Description: ssh2 keys merged in configuration files | ||
67 | As of version 3 OpenSSH no longer uses separate files for ssh1 and ssh2 | ||
68 | keys. This means the authorized_keys2 and known_hosts2 files are no longer | ||
69 | needed. They will still be read in order to maintain backwards | ||
70 | compatibility | ||
71 | Description-es: Las claves ssh2 ya se incluyen en los ficheros de configuración | ||
72 | A partir de la versión 3, OpenSSH ya no utiliza ficheros diferentes para | ||
73 | las claves ssh1 y ssh2. Esto quiere decir que ya no son necesarios los | ||
74 | ficheros authorized_keys2 y known_hosts2, aunque aún se seguirán leyendo | ||
75 | para mantener compatibilidad hacia atrás. | ||
76 | 22 | ||
77 | Template: ssh/use_old_init_script | 23 | Template: ssh/use_old_init_script |
78 | Type: boolean | 24 | Type: boolean |
@@ -84,13 +30,63 @@ Description: Do you want to continue (and risk killing active ssh sessions) ? | |||
84 | . | 30 | . |
85 | You can fix this by adding "--pidfile /var/run/sshd.pid" to the | 31 | You can fix this by adding "--pidfile /var/run/sshd.pid" to the |
86 | start-stop-daemon line in the stop section of the file. | 32 | start-stop-daemon line in the stop section of the file. |
87 | Description-es: ¿Desea continuar, aún a riesgo de matar todas las sesiones ssh? | 33 | Description-es: ¿Desea continuar, aún a riesgo de matar las sesiones ssh activas? |
88 | La versión de /etc/init.d/ssh que tiene instalada, es muy probable que | 34 | La versión de /etc/init.d/ssh que tiene instalada es muy probable que |
89 | mate el demonio ssh. Si está actualizando mediante una sesión ssh, puede | 35 | mate el demonio ssh. Si está actualizando a través de una sesión ssh, |
90 | no ser muy buena idea. | 36 | puede que no sea muy buena idea. |
91 | . | 37 | . |
92 | Puede arreglarlo añadiendo "--pidfile /var/run/sshd.pid" a la línea | 38 | Puede arreglarlo añadiendo "--pidfile /var/run/sshd.pid" a la línea |
93 | 'start-stop-daemon' en la sección 'stop' del fichero. | 39 | 'start-stop-daemon', en la sección 'stop' del fichero. |
40 | |||
41 | Template: ssh/SUID_client | ||
42 | Type: boolean | ||
43 | Default: true | ||
44 | Description: Do you want /usr/lib/ssh-keysign to be installed SUID root? | ||
45 | You have the option of installing the ssh-keysign helper with the SUID bit | ||
46 | set. | ||
47 | . | ||
48 | If you make ssh-keysign SUID, you will be able to use SSH's Protocol 2 | ||
49 | host-based authentication. | ||
50 | . | ||
51 | If in doubt, I suggest you install it with SUID. If it causes problems | ||
52 | you can change your mind later by running: dpkg-reconfigure ssh | ||
53 | Description-es: ¿Quiere instalar /usr/lib/ssh-keysign SUID root? | ||
54 | Puede instalar ssh-keysign con el bit SUID (se ejecutará con privilegios | ||
55 | de root). | ||
56 | . | ||
57 | Si hace ssh-keysign SUID, podrá usar la autentificiación basada en | ||
58 | servidor de la versión 2 del protocolo SSH. | ||
59 | . | ||
60 | Si duda, se recomienda que lo instale SUID. Si surgen problemas puede | ||
61 | cambiar de opinión posteriormente ejecutando «dpkg-reconfigure ssh». | ||
62 | |||
63 | Template: ssh/encrypted_host_key_but_no_keygen | ||
64 | Type: note | ||
65 | Description: Warning: you must create a new host key | ||
66 | There is an old /etc/ssh/ssh_host_key, which is IDEA encrypted. OpenSSH | ||
67 | can not handle this host key file, and I can't find the ssh-keygen utility | ||
68 | from the old (non-free) SSH installation. | ||
69 | . | ||
70 | You will need to generate a new host key. | ||
71 | Description-es: Aviso: debe crear una nueva clave para su servidor | ||
72 | Su sistema tiene un /etc/ssh/ssh_host_key antiguo, que usa cifrado IDEA. | ||
73 | OpenSSH no puede manejar este fichero de claves y tampoco se encuentra la | ||
74 | utilidad ssh-keygen incluida en el paquete ssh no libre. | ||
75 | . | ||
76 | Necesitará generar una nueva clave para su servidor. | ||
77 | |||
78 | Template: ssh/insecure_telnetd | ||
79 | Type: note | ||
80 | Description: Warning: telnetd is installed --- probably not a good idea | ||
81 | I'd advise you to either remove the telnetd package (if you don't actually | ||
82 | need to offer telnet access) or install telnetd-ssl so that there is at | ||
83 | least some chance that telnet sessions will not be sending unencrypted | ||
84 | login/password and session information over the network. | ||
85 | Description-es: Aviso: tiene telnetd instalado | ||
86 | Es muy aconsejable que borre el paquete telnetd si no necesita realmente | ||
87 | ofrecer acceso mediante telnet o instalar telnetd-ssl para que las | ||
88 | contraseñas, nombres de usuario y demás información de las sesiones telnet | ||
89 | no viajen sin cifrar por la red. | ||
94 | 90 | ||
95 | Template: ssh/forward_warning | 91 | Template: ssh/forward_warning |
96 | Type: note | 92 | Type: note |
@@ -104,104 +100,167 @@ Description: NOTE: Forwarding of X11 and Authorization disabled by default. | |||
104 | More details can be found in /usr/share/doc/ssh/README.Debian | 100 | More details can be found in /usr/share/doc/ssh/README.Debian |
105 | Description-es: NOTA: Reenvío de X11 y Autorización desactivadas por defecto. | 101 | Description-es: NOTA: Reenvío de X11 y Autorización desactivadas por defecto. |
106 | Por razones de seguridad, la versión de ssh de Debian tiene por defecto | 102 | Por razones de seguridad, la versión de ssh de Debian tiene por defecto |
107 | ForwardX11 y ForwardAgent puestas a ``off''. | 103 | ForwardX11 y ForwardAgent desactivadas. |
108 | . | 104 | . |
109 | Puede activar estas opciones para los servidores en los que confíe, en | 105 | Puede activar estas opciones para los servidores en los que confíe, en los |
110 | los ficheros de configuración o con la opción -X en línea de comandos. | 106 | ficheros de configuración o con la opción -X en línea de comandos. |
111 | . | 107 | . |
112 | Puede encontrar más detalles en /usr/share/doc/ssh/README.Debian. | 108 | Puede encontrar más detalles en /usr/share/doc/ssh/README.Debian. |
113 | 109 | ||
110 | Template: ssh/privsep_tell | ||
111 | Type: note | ||
112 | Description: Privilege separation | ||
113 | This version of OpenSSH contains the new privilege separation option. This | ||
114 | significantly reduces the quantity of code that runs as root, and | ||
115 | therefore reduces the impact of security holes in sshd. | ||
116 | . | ||
117 | Unfortunately, privilege separation interacts badly with PAM. Any PAM | ||
118 | session modules that need to run as root (pam_mkhomedir, for example) will | ||
119 | fail, and PAM keyboard-interactive authentication won't work. | ||
120 | . | ||
121 | Privilege separation is turned on by default, so if you decide you want it | ||
122 | turned off, you need to add "UsePrivilegeSeparation no" to | ||
123 | /etc/ssh/sshd_config. | ||
124 | . | ||
125 | NB! If you are running a 2.0 series Linux kernel, then privilege | ||
126 | separation will not work at all, and your sshd will fail to start unless | ||
127 | you explicitly turn privilege separation off. | ||
128 | Description-es: Separación de privilegios | ||
129 | Esta versión de OpenSSH incluye una nueva opción de separación de | ||
130 | privilegios que reduce significativamente la cantidad de código que se | ||
131 | ejecuta como root, por lo que reduce el impacto de posibles agujeros de | ||
132 | seguridad en sshd. | ||
133 | . | ||
134 | Desafortunadamente, la separación de privilegios no interactúa | ||
135 | correctamente con PAM. Cualquier módulo PAM que necesite ejecutarse como | ||
136 | root (como, por ejemplo, pam_mkhomedir) y la autentificación interactiva | ||
137 | PAM con teclado no funcionarán. | ||
138 | . | ||
139 | La separación de privilegios está activa por defecto, por lo que si decide | ||
140 | desactivarla, tiene que añadir "UsePrivilegeSeparation no" al fichero | ||
141 | /etc/ssh/sshd_config. | ||
142 | . | ||
143 | Nota: Si utiliza un núcleo Linux de la serie 2.0, la separación de | ||
144 | privilegios fallará estrepitosamente y sshd no funcionará a no ser que la | ||
145 | desactive. | ||
146 | |||
147 | Template: ssh/ssh2_keys_merged | ||
148 | Type: note | ||
149 | Description: ssh2 keys merged in configuration files | ||
150 | As of version 3 OpenSSH no longer uses separate files for ssh1 and ssh2 | ||
151 | keys. This means the authorized_keys2 and known_hosts2 files are no longer | ||
152 | needed. They will still be read in order to maintain backwards | ||
153 | compatibility | ||
154 | Description-es: Las claves ssh2 ya se incluyen en los ficheros de configuración | ||
155 | A partir de la versión 3, OpenSSH ya no utiliza ficheros diferentes para | ||
156 | las claves ssh1 y ssh2. Esto quiere decir que ya no son necesarios los | ||
157 | ficheros authorized_keys2 y known_hosts2, aunque aún se seguirán leyendo | ||
158 | para mantener compatibilidad hacia atrás. | ||
159 | |||
160 | Template: ssh/protocol2_only | ||
161 | Type: boolean | ||
162 | Default: true | ||
163 | Description: Allow SSH protocol 2 only | ||
164 | This version of OpenSSH supports version 2 of the ssh protocol, which is | ||
165 | much more secure. Disabling ssh 1 is encouraged, however this will slow | ||
166 | things down on low end machines and might prevent older clients from | ||
167 | connecting (the ssh client shipped with "potato" is affected). | ||
168 | . | ||
169 | Also please note that keys used for protocol 1 are different so you will | ||
170 | not be able to use them if you only allow protocol 2 connections. | ||
171 | . | ||
172 | If you later change your mind about this setting, README.Debian has | ||
173 | instructions on what to do to your sshd_config file. | ||
174 | Description-es: Permitir sólo la versión 2 del protocolo SSH | ||
175 | Esta versión de OpenSSH soporta la versión 2 del protocolo ssh, que es | ||
176 | mucho más segura que la anterior. Se recomienda desactivar la versión 1, | ||
177 | aunque funcionará más lento en máquinas modestas y puede impedir que se | ||
178 | conecten clientes antiguos, como, por ejemplo, el incluido en "potato". | ||
179 | . | ||
180 | También tenga en cuenta que las claves utilizadas para el protocolo 1 son | ||
181 | diferentes, por lo que no podrá usarlas si únicamente permite conexiones | ||
182 | mediante la versión 2 del protocolo. | ||
183 | . | ||
184 | Si más tarde cambia de opinión, el fichero README.Debian contiene | ||
185 | instrucciones sobre cómo modificar en el fichero sshd_config. | ||
186 | |||
114 | Template: ssh/insecure_rshd | 187 | Template: ssh/insecure_rshd |
115 | Type: note | 188 | Type: note |
116 | Description: Warning: rsh-server is installed --- probably not a good idea | 189 | Description: Warning: rsh-server is installed --- probably not a good idea |
117 | having rsh-server installed undermines the security that you were probably | 190 | having rsh-server installed undermines the security that you were probably |
118 | wanting to obtain by installing ssh. I'd advise you to remove that | 191 | wanting to obtain by installing ssh. I'd advise you to remove that |
119 | package. | 192 | package. |
120 | Description-es: Aviso: tiene rsh-server instalado (no es una buena idea) | 193 | Description-es: Aviso: tiene rsh-server instalado |
121 | Tener rsh-server instalado representa un menoscabo de la seguridad que | 194 | Tener rsh-server instalado representa un menoscabo de la seguridad que |
122 | probablemente desea obtener instalando ssh. Le aconsejaría borrar ese | 195 | probablemente desea obtener instalando ssh. Es muy aconsejable que borre |
123 | paquete. | 196 | ese paquete. |
124 | 197 | ||
125 | Template: ssh/insecure_telnetd | 198 | Template: ssh/privsep_ask |
126 | Type: note | ||
127 | Description: Warning: telnetd is installed --- probably not a good idea | ||
128 | I'd advise you to either remove the telnetd package (if you don't actually | ||
129 | need to offer telnet access) or install telnetd-ssl so that there is at | ||
130 | least some chance that telnet sessions will not be sending unencrypted | ||
131 | login/password and session information over the network. | ||
132 | Description-es: Aviso: tiene telnetd instalado (no es una buena idea) | ||
133 | Le aconsejaría borrar el paquete telnetd si no necesita realmente | ||
134 | ofrecer acceso mediante telnet o instalar telnetd-ssl para que las | ||
135 | contraseñas, login y demás información de las sesiones telnet no viajen | ||
136 | sin cifrar por la red. | ||
137 | |||
138 | Template: ssh/encrypted_host_key_but_no_keygen | ||
139 | Type: note | ||
140 | Description: Warning: you must create a new host key | ||
141 | There is an old /etc/ssh/ssh_host_key, which is IDEA encrypted. OpenSSH | ||
142 | can not handle this host key file, and I can't find the ssh-keygen utility | ||
143 | from the old (non-free) SSH installation. | ||
144 | . | ||
145 | You will need to generate a new host key. | ||
146 | Description-es: Aviso: debe crear una nueva clave para su servidor | ||
147 | Su sistema tiene un /etc/ssh/ssh_host_key antiguo, que usa cifrado IDEA. | ||
148 | OpenSSH no puede manejar este fichero de claves y tampoco se encuentra la | ||
149 | utilidad ssh-keygen incluida en el paquete ssh no libre. | ||
150 | . | ||
151 | Necesitará generar una nueva clave para su servidor. | ||
152 | |||
153 | Template: ssh/SUID_client | ||
154 | Type: boolean | 199 | Type: boolean |
155 | Default: true | 200 | Default: true |
156 | Description: Do you want /usr/bin/ssh to be installed SUID root? | 201 | Description: Enable Privilege separation |
157 | You have the option of installing the ssh client with the SUID bit set. | 202 | This version of OpenSSH contains the new privilege separation option. This |
203 | significantly reduces the quantity of code that runs as root, and | ||
204 | therefore reduces the impact of security holes in sshd. | ||
158 | . | 205 | . |
159 | If you make ssh SUID, you will be able to use Rhosts/RhostsRSA | 206 | Unfortunately, privilege separation interacts badly with PAM. Any PAM |
160 | authentication, but will not be able to use socks via the LD_PRELOAD | 207 | session modules that need to run as root (pam_mkhomedir, for example) will |
161 | trick. This is the traditional approach. | 208 | fail, and PAM keyboard-interactive authentication won't work. |
162 | . | 209 | . |
163 | If you do not make ssh SUID, you will be able to use socks, but | 210 | Since you've opted to have me generate an sshd_config file for you, you |
164 | Rhosts/RhostsRSA authentication will stop working, which may stop you | 211 | can choose whether or not to have Privilege Separation turned on or not. |
165 | logging in to remote systems. It will also mean that the source port will | 212 | Unless you are running 2.0 (in which case you *must* say no here or your |
166 | be above 1024, which may confound firewall rules you've set up. | 213 | sshd won't start at all) or know you need to use PAM features that won't |
214 | work with this option, you should say yes here. | ||
215 | Description-es: Activar separación de privilegios | ||
216 | Esta versión de OpenSSH incluye una nueva opción de separación de | ||
217 | privilegios que reduce significativamente la cantidad de código que se | ||
218 | ejecuta como root, por lo que reduce el impacto de posibles agujeros de | ||
219 | seguridad en sshd. | ||
167 | . | 220 | . |
168 | If in doubt, I suggest you install it with SUID. If it causes problems | 221 | Desafortunadamente, la separación de privilegios no interactúa |
169 | you can change your mind later by running: dpkg-reconfigure ssh | 222 | correctamente con PAM. Cualquier módulo PAM que necesite ejecutarse como |
170 | Description-es: ¿Desea hacer que /usr/bin/ssh se ejecute con permisos de root? | 223 | root (como, por ejemplo, pam_mkhomedir) y la autentificación PAM mediante |
171 | Tiene la posibilidad de instalar el cliente ssh setuid root. | 224 | teclado no funcionarán. |
172 | . | 225 | . |
173 | Instalarlo setuid root le permitirá usar la autentificación | 226 | Puesto que ha elegido crear automáticamente el fichero sshd_config, puede |
174 | Rhosts/RhostsRSA, pero no podrá usar socks mediante el truco de | 227 | decidir ahora si quiere activar la opción de separación de privilegios. A |
175 | LD_PRELOAD. Tradicionalmente, este ha sido el enfoque más habitual. | 228 | menos que utilice la versión 2.0 (en cuyo caso debe responer no aquí o |
176 | . | 229 | sshd no arrancará) o sepa que necesita usar ciertas características de PAM |
177 | Si no hace ssh setuid, podrá usar socks pero la autentificación | 230 | que funcionan con esta opción, debería responder sí a esta pregunta. |
178 | Rhosts/RhostsRSA dejará de funcionar, lo cual le puede impedir el acceso | ||
179 | a sistemas remotos. También significará que el puerto de origen se | ||
180 | encontrará por encima del 1024, lo cual puede confundir a las reglas del | ||
181 | cortafuegos que haya configurado. | ||
182 | . | ||
183 | Si tiene dudas, le sugiero que lo instale sin setuid. Si esto le causa | ||
184 | algún problema puede cambiar posteriormente la configuración ejecutando: | ||
185 | dpkg-reconfigure ssh | ||
186 | 231 | ||
187 | Template: ssh/run_sshd | 232 | Template: ssh/new_config |
188 | Type: boolean | 233 | Type: boolean |
189 | Default: true | 234 | Default: true |
190 | Description: Do you want to run the sshd server ? | 235 | Description: Generate new configuration file |
191 | This package contains both the ssh client, and the sshd server. | 236 | This version of OpenSSH has a considerably changed configuration file from |
237 | the version shipped in Debian 'Potato', which you appear to be upgrading | ||
238 | from. I can now generate you a new configuration file | ||
239 | (/etc/ssh/sshd.config), which will work with the new server version, but | ||
240 | will not contain any customisations you made with the old version. | ||
192 | . | 241 | . |
193 | Normally the sshd Secure Shell Server will be run to allow remote logins | 242 | Please note that this new configuration file will set the value of |
194 | via ssh. | 243 | 'PermitRootLogin' to yes (meaning that anyone knowing the root password |
244 | can ssh directly in as root). It is the opinion of the maintainer that | ||
245 | this is the correct default (see README.Debian for more details), but you | ||
246 | can always edit sshd_config and set it to no if you wish. | ||
195 | . | 247 | . |
196 | If you are only interested in using the ssh client for outbound | 248 | It is strongly recommended that you let me generate a new configuration |
197 | connections on this machine, and don't want to log into it at all using | 249 | file for you. |
198 | ssh, then you can disable sshd here. | 250 | Description-es: Generar un nuevo fichero de configuración |
199 | Description-es: ¿Quiere ejecutar el servidor sshd? | 251 | Esta versión de OpenSSH tiene un fichero de configuración |
200 | Este paquete contiene el cliente ssh y el servidor sshd. | 252 | considerablemente diferente del incluido en Debian Potato, que es la |
253 | versión desde la que parece estar actualizando. Puede crear | ||
254 | automáticamente un nuevo fichero de configuración (/etc/ssh/sshd_config), | ||
255 | que funcionará con la nueva versión del servidor, pero no incuirá las | ||
256 | modificaciones que hiciera en la versión antigua. | ||
201 | . | 257 | . |
202 | Generalmente, el servidor de ssh se ejecuta para permitir el acceso | 258 | Además, recuerde que este nuevo fichero de configuración dirá sí en la |
203 | mediante ssh. | 259 | opción 'PermitRootLogin', por lo que cualquiera que conozca la contraseña |
260 | de root podrá entrar mediante ssh directamente como root. En opinión del | ||
261 | mantenedor ésta es la opción predeterminada más adecuada (puede leer | ||
262 | README.Debian si quiere conocer más detalles), pero siempre puede editar | ||
263 | sshd_config y poner no si lo desea. | ||
204 | . | 264 | . |
205 | Si sólo está interesado en usar el cliente ssh en conexiones salientes de | 265 | Es muy recomendable que permita que se genere un nuevo fichero de |
206 | esta máquina, y no quiere acceder a ella mediante ssh, entonces puede | 266 | configuración ahora. |
207 | desactivar sshd. | ||
diff --git a/debian/templates.fr b/debian/templates.fr index f23a83ae1..5eee0f92a 100644 --- a/debian/templates.fr +++ b/debian/templates.fr | |||
@@ -12,30 +12,29 @@ Description: Privilege separation | |||
12 | . | 12 | . |
13 | Privilege separation is turned on by default, so if you decide you | 13 | Privilege separation is turned on by default, so if you decide you |
14 | want it turned off, you need to add "UsePrivilegeSeparation no" to | 14 | want it turned off, you need to add "UsePrivilegeSeparation no" to |
15 | /etc/ssh/sshd_config | 15 | /etc/ssh/sshd_config. |
16 | . | 16 | . |
17 | NB! If you are running a 2.0 series Linux kernel, then privilege | 17 | NB! If you are running a 2.0 series Linux kernel, then privilege |
18 | separation will not work at all, and your sshd will fail to start | 18 | separation will not work at all, and your sshd will fail to start |
19 | unless you explicity turn privilege separation off. | 19 | unless you explicitly turn privilege separation off. |
20 | Description-fr: La séparation des privilèges | 20 | Description-fr: Séparation des privilèges |
21 | Cette version d'OpenSSH est livrée avec la nouvelle option de | 21 | Cette version d'OpenSSH est livrée avec la nouvelle option de |
22 | séparation des privilèges. Celà réduit de manière signifiante la | 22 | séparation des privilèges. Cela réduit de manière significative la |
23 | quantité de code s'exéctutant en tant que root, et donc réduit | 23 | quantité de code s'exécutant en tant que super-utilisateur, et donc |
24 | l'impact des trous de sécurité dans sshd. | 24 | réduit l'impact des trous de sécurité dans sshd. |
25 | . | 25 | . |
26 | Malheureusement, la séparation des privilèges intéragit mal avec PAM. | 26 | Malheureusement, la séparation des privilèges interagit mal avec PAM. |
27 | Tous les modules de session PAM ayant besoin d'être exécuté en tant que | 27 | Tous les modules de session PAM qui doivent être exécutés en tant |
28 | root (pam_mkhomedir, par exemple) ne s'exécutera pas, et | 28 | que super-utilisateur (pam_mkhomedir, par exemple) ne s'exécuteront |
29 | l'authentification intéractive au clavier ne fonctionnera pas. | 29 | pas, et l'authentification interactive au clavier ne fonctionnera pas. |
30 | . | 30 | . |
31 | La séparation des privilèges est activée par défaut, donc si vous | 31 | La séparation des privilèges est activée par défaut ; si vous |
32 | souhaitez la désactiver, vous devez ajouter «UsePrivilegeSeparation no» | 32 | souhaitez la désactiver, vous devez ajouter « UsePrivilegeSeparation |
33 | dans /etc/ssh/sshd_config | 33 | no » dans /etc/ssh/sshd_config. |
34 | . | 34 | . |
35 | NB! Si vous avez un noyau Linux de la série des 2.0, alors la | 35 | NB ! Si vous avez un noyau Linux de la série des 2.0, la séparation |
36 | séparation des privilèges ne fonctionnera pas, et votre démon sshd ne | 36 | des privilèges ne fonctionne pas, et votre démon sshd ne se lancera |
37 | se lancera pas jusqu'à ce que vous désactiviez explicitement la | 37 | que si vous avez explicitement désactivé la séparation des privilèges. |
38 | séparation des privilèges. | ||
39 | 38 | ||
40 | Template: ssh/privsep_ask | 39 | Template: ssh/privsep_ask |
41 | Type: boolean | 40 | Type: boolean |
@@ -55,23 +54,24 @@ Description: Enable Privilege separation | |||
55 | or not. Unless you are running 2.0 (in which case you *must* say no | 54 | or not. Unless you are running 2.0 (in which case you *must* say no |
56 | here or your sshd won't start at all) or know you need to use PAM | 55 | here or your sshd won't start at all) or know you need to use PAM |
57 | features that won't work with this option, you should say yes here. | 56 | features that won't work with this option, you should say yes here. |
58 | Description-fr: Activation de la séparation des privilèges | 57 | Description-fr: Activer la séparation des privilèges |
59 | Cette version d'OpenSSH est livrée avec la nouvelle option de | 58 | Cette version d'OpenSSH est livrée avec la nouvelle option de |
60 | séparation des privilèges. Celà réduit de manière signifiante la | 59 | séparation des privilèges. Cela réduit de manière significative la |
61 | quantité de code s'exéctutant en tant que root, et donc réduit | 60 | quantité de code s'exécutant en tant que super-utilisateur, et donc |
62 | l'impact des trous de sécurité dans sshd. | 61 | réduit l'impact des trous de sécurité dans sshd. |
63 | . | 62 | . |
64 | Malheureusement, la séparation des privilèges intéragit mal avec PAM. | 63 | Malheureusement, la séparation des privilèges interagit mal avec PAM. |
65 | Tous les modules de session PAM ayant besoin d'être exécuté en tant que | 64 | Tous les modules de session PAM qui doivent être exécutés en tant |
66 | root (pam_mkhomedir, par exemple) ne s'exécutera pas, et | 65 | que super-utilisateur (pam_mkhomedir, par exemple) ne s'exécuteront |
67 | l'authentification intéractive au clavier ne fonctionnera pas. | 66 | pas, et l'authentification interactive au clavier ne fonctionnera pas. |
68 | . | 67 | . |
69 | Comme vous souhaitez que je génère le fichier de configuration à votre | 68 | Comme vous souhaitez que je génère le fichier de configuration |
70 | place, vous pouvez choisir d'activer ou non l'option de séparation des | 69 | sshd_config à votre place, vous pouvez choisir d'activer ou non |
71 | privilèges. Si vous utilisez un noyau 2.0 (dans ce cas vous *devez* | 70 | l'option de séparation des privilèges. Si vous utilisez un noyau 2.0 |
72 | répondre non ici ou bien sshd ne se lancera pas) ou bien si vous avez | 71 | (dans ce cas vous *devez* désactiver cette option ou alors sshd ne se |
73 | besoin de fonctionnalités PAM, cela ne fonctionnera pas avec cette | 72 | lancera pas) ou bien si vous avez besoin de fonctionnalités PAM, cela |
74 | option d'activée, dans le cas contraire vous pouvez dire oui. | 73 | ne fonctionnera pas si cette option est activée, dans le cas contraire |
74 | vous devriez l'activer. | ||
75 | 75 | ||
76 | Template: ssh/new_config | 76 | Template: ssh/new_config |
77 | Type: boolean | 77 | Type: boolean |
@@ -90,26 +90,26 @@ Description: Generate new configuration file | |||
90 | edit sshd_config and set it to no if you wish. | 90 | edit sshd_config and set it to no if you wish. |
91 | . | 91 | . |
92 | It is strongly recommended that you let me generate a new configuration file | 92 | It is strongly recommended that you let me generate a new configuration file |
93 | for you | 93 | for you. |
94 | Description-fr: Génération du fichier de configuration | 94 | Description-fr: Créer un nouveau fichier de configuration |
95 | Cette version d'OpenSSH possède un fichier de configuration | 95 | Cette version d'OpenSSH utilise un fichier de configuration qui a |
96 | considérablement différent de celui fournit avec la Debian 'Potato', | 96 | énormément changé depuis la version contenue dans la distribution |
97 | qui apparement est la version à partir de laquelle vous effectuez la | 97 | Debian « Potato », depuis laquelle vous semblez faire une mise à jour. |
98 | mise à jour. Je peux générer pour vous un nouveau fichier de | 98 | Je peux générer maintenant pour vous un nouveau fichier de |
99 | configuration (/etc/ssh/sshd_config), lequel fonctionnera avec la | 99 | configuration (/etc/ssh/sshd.config) qui marchera avec la nouvelle |
100 | nouvelle version du serveur, mais ne contiendra aucuns des paramétrages | 100 | version du serveur, mais ne contiendra aucun des réglages que vous avez |
101 | personnels que vous avaient déjà fait. | 101 | faits sur l'ancienne version. |
102 | . | 102 | . |
103 | Notez que le nouveau fichier de configuration mettre l'option | 103 | Veuillez noter que ce nouveau fichier de configuration positionnera la |
104 | 'PermitRootLogin' à yes (signifiant que toute personne connaissant le | 104 | valeur de « PermitRootLogin » à « yes » (ce qui signifie que quiconque |
105 | mot de passe root pourra directement se connecter en tant que root). | 105 | connaissant le mot de passe du super-utilisateur peut se connecter |
106 | C'est ce que considère comme option par défaut le mainteneur (voir le | 106 | en tant que tel sur la machine). Le responsable du paquet |
107 | fichier README.Debian pour plus de détails), mais vous pouvez toujours | 107 | pense que c'est là un comportement par défaut normal (lisez |
108 | éditer le fichier sshd_config et mettre la valeur à no si vous le | 108 | README.Debian pour plus d'informations), mais vous pouvez toujours |
109 | souhaitez. | 109 | éditer le fichier sshd_config et changer cela. |
110 | . | 110 | . |
111 | Il est fortement conseillé de me laisser générer le nouveau fichier de | 111 | Il est fortement recommandé que vous me laissiez générer le nouveau |
112 | configuration à votre place. | 112 | fichier de configuration. |
113 | 113 | ||
114 | Template: ssh/protocol2_only | 114 | Template: ssh/protocol2_only |
115 | Type: boolean | 115 | Type: boolean |
@@ -126,20 +126,19 @@ Description: Allow SSH protocol 2 only | |||
126 | If you later change your mind about this setting, README.Debian has | 126 | If you later change your mind about this setting, README.Debian has |
127 | instructions on what to do to your sshd_config file. | 127 | instructions on what to do to your sshd_config file. |
128 | Description-fr: Permettre seulement la version 2 du protocole SSH | 128 | Description-fr: Permettre seulement la version 2 du protocole SSH |
129 | Cette version d'OpenSSH supporte la version 2 du protocole ssh, lequel | 129 | Cette version d'OpenSSH connaît la version 2 du protocole ssh, qui est |
130 | étant beaucoup plus sécurisé. Désactiver ssh 1 est conseillé, sinon | 130 | bien plus sûre. Désactiver ssh 1 est une bonne chose, cependant cela |
131 | cela risque de ralentir les transactions et les machines et cela peut | 131 | peut ralentir les machines peu puissantes et pourrait empêcher ceux qui |
132 | prévenir de la connexion d'anciens client (le client ssh fournit dans | 132 | utilisent des vieilles versions de la partie cliente de se connecter |
133 | la «potato» est affecté). | 133 | (le client ssh de la distribution Debian « Potato » en fait partie). |
134 | . | 134 | . |
135 | De plus, les clés utilisés par la version 1 du protocol sont | 135 | De plus, les clés utilisées par la version 1 du protocole sont |
136 | différentes et vous ne serez donc plus capable de les utiliser si vous | 136 | différentes et vous ne pourrez pas les utiliser si vous |
137 | n'autoriser seulement que les connexions utilisant la version 2 du | 137 | n'autorisez que les connexions utilisant la version 2 du protocole. |
138 | protocole. | 138 | . |
139 | . | 139 | Si vous changez d'avis ultérieurement et décidez de modifier ce |
140 | Si vous changez d'avis ultérieurement par rapport à ce point de | 140 | réglage, les instructions fournies dans le fichier README.Debian vous |
141 | configuration, les instructions sur ce que vous devez modifier dans le | 141 | indiquent comment modifier le fichier sshd_config. |
142 | fichier sshd_config sont fournies dans le README.Debian. | ||
143 | 142 | ||
144 | Template: ssh/ssh2_keys_merged | 143 | Template: ssh/ssh2_keys_merged |
145 | Type: note | 144 | Type: note |
@@ -148,11 +147,11 @@ Description: ssh2 keys merged in configuration files | |||
148 | ssh2 keys. This means the authorized_keys2 and known_hosts2 files | 147 | ssh2 keys. This means the authorized_keys2 and known_hosts2 files |
149 | are no longer needed. They will still be read in order to maintain | 148 | are no longer needed. They will still be read in order to maintain |
150 | backwards compatibility | 149 | backwards compatibility |
151 | Description-fr: Agrégation des clés ssh2 dans le fichier de configuration | 150 | Description-fr: Clés pour ssh2 fusionnées dans les fichiers de configuration |
152 | Étant donné que la version 3 d'OpenSSH n'utilise plus de fichiers | 151 | OpenSSH, depuis sa version 3, n'utilise plus de fichiers distincts pour |
153 | séparé pour les clés ssh1 et ssh2. Cela signifie que les fichier | 152 | les clés ssh1 et ssh2. Cela signifie que les fichiers authorized_keys2 |
154 | authorized_key2 et known_hosts2 ne sont plus nécessaires. Ils sont | 153 | et known_hosts2 ne sont plus utiles. Ils seront néanmoins lus afin de |
155 | quand même lus afin de concerver une compatibilité ascendante. | 154 | préserver la compatibilité descendante. |
156 | 155 | ||
157 | Template: ssh/use_old_init_script | 156 | Template: ssh/use_old_init_script |
158 | Type: boolean | 157 | Type: boolean |
@@ -164,13 +163,14 @@ Description: Do you want to continue (and risk killing active ssh sessions) ? | |||
164 | . | 163 | . |
165 | You can fix this by adding "--pidfile /var/run/sshd.pid" to the | 164 | You can fix this by adding "--pidfile /var/run/sshd.pid" to the |
166 | start-stop-daemon line in the stop section of the file. | 165 | start-stop-daemon line in the stop section of the file. |
167 | Description-fr: Voulez vous continuer (et risquer de rompre les sessions ssh actives) ? | 166 | Description-fr: Voulez-vous continuer (et risquer de rompre les sessions ssh actives) ? |
168 | Il est probable que la version de /etc/init.d/ssh installée en ce moment | 167 | Il est probable que la version de /etc/init.d/ssh installée en ce moment |
169 | tue toutes les instances de sshd lancées en ce moment. Si vous faite une | 168 | tue toutes les instances de sshd en cours. En cas de mise à jour par ssh, |
170 | mise à jour via ssh, ca serait une Mauvaise Chose(tm). | 169 | ça serait une mauvaise idée. |
171 | . | 170 | . |
172 | Vous pouvez corriger /etc/init.d/ssh en ajoutant '--pidfile /var/run/sshd.pid' | 171 | Vous pouvez corriger cela en ajoutant dans /etc/init.d/ssh « --pidfile |
173 | a la ligne 'start-stop-daemon' dans la section 'stop' du fichier. | 172 | /var/run/sshd.pid » à la ligne « start-stop-daemon » dans la section |
173 | « stop » du fichier. | ||
174 | 174 | ||
175 | Template: ssh/forward_warning | 175 | Template: ssh/forward_warning |
176 | Type: note | 176 | Type: note |
@@ -182,11 +182,11 @@ Description: NOTE: Forwarding of X11 and Authorization disabled by default. | |||
182 | in one of the configuration files, or with the -X command line option. | 182 | in one of the configuration files, or with the -X command line option. |
183 | . | 183 | . |
184 | More details can be found in /usr/share/doc/ssh/README.Debian | 184 | More details can be found in /usr/share/doc/ssh/README.Debian |
185 | Description-fr: NOTE: Suivi de session X11 et d'agent d'autorisation désactivés par défaut. | 185 | Description-fr: NOTE : suivi de session X11 et d'agent d'autorisation désactivés par défaut. |
186 | Pour des raisons de sécurité, la version Debian de ssh positionne les | 186 | Pour des raisons de sécurité, la version Debian de ssh positionne les |
187 | options ForwardX11 et ForwardAgent a ``Off'' par défaut. | 187 | options ForwardX11 et ForwardAgent à « Off » par défaut. |
188 | . | 188 | . |
189 | Vous pouvez activer ces options pour les serveurs en lesquels vous avez | 189 | Vous pouvez activer ces options pour les serveurs en qui vous avez |
190 | confiance, soit dans un des fichiers de configuration, soit avec l'option | 190 | confiance, soit dans un des fichiers de configuration, soit avec l'option |
191 | -X de la ligne de commande. | 191 | -X de la ligne de commande. |
192 | . | 192 | . |
@@ -197,10 +197,10 @@ Type: note | |||
197 | Description: Warning: rsh-server is installed --- probably not a good idea | 197 | Description: Warning: rsh-server is installed --- probably not a good idea |
198 | having rsh-server installed undermines the security that you were probably | 198 | having rsh-server installed undermines the security that you were probably |
199 | wanting to obtain by installing ssh. I'd advise you to remove that package. | 199 | wanting to obtain by installing ssh. I'd advise you to remove that package. |
200 | Description-fr: Attention: le paquet rsh-server est installé --- ce n'est probablement pas une bonne idée | 200 | Description-fr: Attention : rsh-server est installé -- ce n'est probablement pas une bonne idée |
201 | Avoir un serveur rsh installé affaibli la sécurité que vous vouliez | 201 | Avoir un serveur rsh installé affaiblit la sécurité que vous vouliez |
202 | probablement obtenir en installant ssh. Je vous conseillerais de | 202 | probablement obtenir en installant ssh. Je vous conseille de |
203 | déinstaller ce paquet. | 203 | supprimer ce paquet. |
204 | 204 | ||
205 | Template: ssh/insecure_telnetd | 205 | Template: ssh/insecure_telnetd |
206 | Type: note | 206 | Type: note |
@@ -209,12 +209,12 @@ Description: Warning: telnetd is installed --- probably not a good idea | |||
209 | need to offer telnet access) or install telnetd-ssl so that there is at | 209 | need to offer telnet access) or install telnetd-ssl so that there is at |
210 | least some chance that telnet sessions will not be sending unencrypted | 210 | least some chance that telnet sessions will not be sending unencrypted |
211 | login/password and session information over the network. | 211 | login/password and session information over the network. |
212 | Description-fr: Attention: le paquet telnetd est installé --- ce n'est probablement pas une bonne idée | 212 | Description-fr: Attention : telnetd est installé -- ce n'est probablement pas une bonne idée |
213 | Je vous conseillerais de, soit enlever le paquet telnetd (si ce service | 213 | Je vous conseille soit d'enlever le paquet telnetd (si ce service |
214 | n'est pas nécessaire), soit de le remplacer par le paquet telnetd-ssl | 214 | n'est pas nécessaire), soit de le remplacer par le paquet telnetd-ssl pour |
215 | pour qu'il y ait au moins une chance que les sessions telnet soient | 215 | qu'il y ait au moins une chance que les sessions telnet soient chiffrées |
216 | encryptées et que les mot de passes et logins ne passent pas en clair sur | 216 | et que les mots de passe et noms d'utilisateurs ne passent pas en clair |
217 | le réseau. | 217 | sur le réseau. |
218 | 218 | ||
219 | Template: ssh/encrypted_host_key_but_no_keygen | 219 | Template: ssh/encrypted_host_key_but_no_keygen |
220 | Type: note | 220 | Type: note |
@@ -224,10 +224,12 @@ Description: Warning: you must create a new host key | |||
224 | ssh-keygen utility from the old (non-free) SSH installation. | 224 | ssh-keygen utility from the old (non-free) SSH installation. |
225 | . | 225 | . |
226 | You will need to generate a new host key. | 226 | You will need to generate a new host key. |
227 | Description-fr: Attention: vous devez créer une nouvelle clé d'hôte | 227 | Description-fr: Attention : vous devez créer une nouvelle clé d'hôte |
228 | Il existe un vieux /etc/ssh/ssh_host_key qui est encrypté avec IDEA. | 228 | Il existe un vieux /etc/ssh/ssh_host_key qui est chiffré avec IDEA. |
229 | OpenSSH ne peut utiliser ce fichier de clé, et je ne peux trouver | 229 | OpenSSH ne peut utiliser ce fichier de clé, et je ne peux trouver |
230 | l'utilitaire ssh-keygen de l'installation précédente (non libre) de SSH. | 230 | l'utilitaire ssh-keygen de l'installation précédente (non libre) de SSH. |
231 | . | ||
232 | Vous aurez besoin de générer une nouvelle clé d'hôte. | ||
231 | 233 | ||
232 | Template: ssh/SUID_client | 234 | Template: ssh/SUID_client |
233 | Type: boolean | 235 | Type: boolean |
@@ -241,16 +243,17 @@ Description: Do you want /usr/lib/ssh-keysign to be installed SUID root? | |||
241 | . | 243 | . |
242 | If in doubt, I suggest you install it with SUID. If it causes | 244 | If in doubt, I suggest you install it with SUID. If it causes |
243 | problems you can change your mind later by running: dpkg-reconfigure ssh | 245 | problems you can change your mind later by running: dpkg-reconfigure ssh |
244 | Description-fr: Souhaitez-vous que /usr/lib/ssh-keysign soit installé avec le bit SETUID root d'activé ? | 246 | Description-fr: Voulez-vous que /usr/lib/ssh-keysign soit installé avec le bit SETUID activé ? |
245 | Vous avez la possibilité d'installer ssh-keysign avec le bit SETIUD | 247 | Vous avez la possibilité d'installer ssh-keysign avec le bit SETUID |
246 | d'activé. | 248 | activé. |
247 | . | 249 | . |
248 | Si vous mettez sshèkeysign avec le bit SETUID, vous permettrez | 250 | Si vous mettez ssh-keysign avec le bit SETUID, vous permettrez |
249 | l'authentification basé sur les hôtes de la version 2 du protocole ssh. | 251 | l'authentification basée sur les hôtes, disponible dans la version 2 du |
252 | protocole SSH. | ||
250 | . | 253 | . |
251 | Dans le doute, je vous suggère de l'installer avec le bit SETUID | 254 | Dans le doute, je vous suggère de l'installer avec le bit SETUID |
252 | d'activé. Si cela vous cause des problèmes vous pourrez revenir sur | 255 | activé. Si cela vous cause des problèmes, vous pourrez revenir sur |
253 | votre désicion: dpkg-reconfigure ssh | 256 | votre décision avec « dpkg-reconfigure ssh ». |
254 | 257 | ||
255 | Template: ssh/run_sshd | 258 | Template: ssh/run_sshd |
256 | Type: boolean | 259 | Type: boolean |
@@ -264,13 +267,12 @@ Description: Do you want to run the sshd server ? | |||
264 | If you are only interested in using the ssh client for outbound | 267 | If you are only interested in using the ssh client for outbound |
265 | connections on this machine, and don't want to log into it at all | 268 | connections on this machine, and don't want to log into it at all |
266 | using ssh, then you can disable sshd here. | 269 | using ssh, then you can disable sshd here. |
267 | Description-fr: Voulez vous utiliser le serveur sshd ? | 270 | Description-fr: Voulez-vous utiliser le serveur sshd ? |
268 | Ce paquet contient a la fois le client ssh et le serveur sshd. | 271 | Ce paquet contient à la fois le client ssh et le serveur sshd. |
269 | . | 272 | . |
270 | Normalement le serveur sshd sera lancé pour permettre les logins distants | 273 | Normalement le serveur sshd est lancé pour permettre les connexions |
271 | via ssh. | 274 | distantes via ssh. |
272 | . | 275 | . |
273 | Si vous désirez seulement utiliser le client ssh pour vous connecter a | 276 | Si vous désirez seulement utiliser le client ssh pour des connexions vers |
274 | distance sur d'autres machines a partir de celle-ci, et que vous ne | 277 | l'extérieur, ou si vous ne voulez pas vous connecter sur cette machine |
275 | voulez pas vous logguer sur cette machine a distance via ssh, alors vous | 278 | via ssh, vous pouvez désactiver sshd maintenant. |
276 | pouvez désactiver sshd maintenant. | ||
diff --git a/debian/templates.pl b/debian/templates.pl new file mode 100644 index 000000000..d4b8fda6d --- /dev/null +++ b/debian/templates.pl | |||
@@ -0,0 +1,264 @@ | |||
1 | Template: ssh/privsep_tell | ||
2 | Type: note | ||
3 | Description: Privilege separation | ||
4 | This version of OpenSSH contains the new privilege separation | ||
5 | option. This significantly reduces the quantity of code that runs as | ||
6 | root, and therefore reduces the impact of security holes in sshd. | ||
7 | . | ||
8 | Unfortunately, privilege separation interacts badly with PAM. Any | ||
9 | PAM session modules that need to run as root (pam_mkhomedir, for | ||
10 | example) will fail, and PAM keyboard-interactive authentication | ||
11 | won't work. | ||
12 | . | ||
13 | Privilege separation is turned on by default, so if you decide you | ||
14 | want it turned off, you need to add "UsePrivilegeSeparation no" to | ||
15 | /etc/ssh/sshd_config. | ||
16 | . | ||
17 | NB! If you are running a 2.0 series Linux kernel, then privilege | ||
18 | separation will not work at all, and your sshd will fail to start | ||
19 | unless you explicitly turn privilege separation off. | ||
20 | Description-pl: Separacja uprawnieñ | ||
21 | Ta wersja OpenSSH zawiera now± opcjê separacji uprawnieñ. Znacz±co | ||
22 | zmniejsza ona ilo¶æ kodu, który jest uruchamiany jako root i co | ||
23 | za tym idzie redukuje efekty luk bezpieczeñstwa w sshd. | ||
24 | . | ||
25 | Niestety separacja uprawnieñ ¼le reaguje z PAMem. Jakikolwiek modu³ | ||
26 | sesji PAM, który musi byæ uruchamiany jako root (pam_mkhomedir, na | ||
27 | przyk³ad) zawiedzie. Nie bêdzie dzia³aæ równie¿ interaktywna | ||
28 | autentykacja z klawiatury (keyboard-interactive authentication). | ||
29 | . | ||
30 | Separacja uprawnieñ jest domy¶lnie w³±czona, wiêc je¶li zdecydujesz | ||
31 | siê j± wy³±czyæ, musisz dodaæ "UsePrivilegeSeparation no" do pliku | ||
32 | /etc/ssh/sshd_config. | ||
33 | . | ||
34 | UWAGA! Je¿eli u¿ywasz j±dra Linux'a z serii 2.0, to separacja uprawnieñ | ||
35 | w ogóle nie bêdzie dzia³aæ i sshd nie wystartuje dopóki w³asnorêcznie | ||
36 | nie wy³±czysz separacji uprawnieñ w /etc/ssh/sshd_config. | ||
37 | |||
38 | Template: ssh/privsep_ask | ||
39 | Type: boolean | ||
40 | Default: true | ||
41 | Description: Enable Privilege separation | ||
42 | This version of OpenSSH contains the new privilege separation | ||
43 | option. This significantly reduces the quantity of code that runs as | ||
44 | root, and therefore reduces the impact of security holes in sshd. | ||
45 | . | ||
46 | Unfortunately, privilege separation interacts badly with PAM. Any | ||
47 | PAM session modules that need to run as root (pam_mkhomedir, for | ||
48 | example) will fail, and PAM keyboard-interactive authentication | ||
49 | won't work. | ||
50 | . | ||
51 | Since you've opted to have me generate an sshd_config file for you, | ||
52 | you can choose whether or not to have Privilege Separation turned on | ||
53 | or not. Unless you are running 2.0 (in which case you *must* say no | ||
54 | here or your sshd won't start at all) or know you need to use PAM | ||
55 | features that won't work with this option, you should say yes here. | ||
56 | Description-pl: W³±czenie separacji uprawnieñ | ||
57 | Ta wersja OpenSSH zawiera now± opcjê separacji uprawnieñ. Znacz±co | ||
58 | zmniejsza ona ilo¶æ kodu, który jest uruchamiany jako root i co | ||
59 | za tym idzie redukuje efekty luk bezpieczeñstwa w sshd. | ||
60 | . | ||
61 | Niestety separacja uprawnieñ ¼le reaguje z PAMem. Jakikolwiek modu³ | ||
62 | sesji PAM, który musi byæ uruchamiany jako root (pam_mkhomedir, na | ||
63 | przyk³ad) zawiedzie. Nie bêdzie dzia³aæ równie¿ interaktywna | ||
64 | autentykacja z klawiatury (keyboard-interactive authentication). | ||
65 | . | ||
66 | Zdecydowa³e¶ siê na to abym wygenerowa³ dla ciebie plik sshd_config, | ||
67 | i mo¿esz wybraæ czy chcesz w³±czyæ Separacjê Uprawnieñ, czy te¿ nie. | ||
68 | Je¶li nie u¿ywasz j±dra z serii 2.0 (w którym to przypadku *musisz* | ||
69 | odpowiedzieæ tutaj 'nie' albo sshd w ogóle nie ruszy) i je¶li nie | ||
70 | musisz korzystaæ z mo¿liwo¶ci PAMa, które nie bêd± dzia³a³y z t± opcj±, | ||
71 | powiniene¶ odpowiedzieæ tutaj 'tak'. | ||
72 | |||
73 | Template: ssh/new_config | ||
74 | Type: boolean | ||
75 | Default: true | ||
76 | Description: Generate new configuration file | ||
77 | This version of OpenSSH has a considerably changed configuration file from | ||
78 | the version shipped in Debian 'Potato', which you appear to be upgrading from. | ||
79 | I can now generate you a new configuration file (/etc/ssh/sshd.config), which | ||
80 | will work with the new server version, but will not contain any customisations | ||
81 | you made with the old version. | ||
82 | . | ||
83 | Please note that this new configuration file will set the value of | ||
84 | 'PermitRootLogin' to yes (meaning that anyone knowing the root password can | ||
85 | ssh directly in as root). It is the opinion of the maintainer that this is | ||
86 | the correct default (see README.Debian for more details), but you can always | ||
87 | edit sshd_config and set it to no if you wish. | ||
88 | . | ||
89 | It is strongly recommended that you let me generate a new configuration file | ||
90 | for you. | ||
91 | Description-pl: Wygeneruj nowy plik konfiguracyjny | ||
92 | W tej wersji OpenSSH zmieni³ siê plik konfiguracyjny w stosunku do wersji | ||
93 | dostarczanej z Debianem 'Potato', któr± zdajesz siê aktualizowaæ. Mogê teraz | ||
94 | wygenerowaæ nowy plik konfiguracyjny (/etc/ssh/sshd.config), który bêdzie | ||
95 | dzia³a³ z now± wersj± serwera, ale nie bêdzie zawiera³ ¿adnych dokonanych | ||
96 | przez ciebie w starej wersji zmian. | ||
97 | . | ||
98 | Zauwa¿ proszê, ¿e nowy plik konfiguracyjny bêdzie ustawia³ warto¶æ opcji | ||
99 | 'PermitRootLogin' na 'tak' (co oznacza, ¿e ka¿dy kto zna has³o root'a mo¿e | ||
100 | zdalnie zalogowaæ siê przez ssh jako root). W opinii opiekuna pakietu to | ||
101 | jest poprawna warto¶æ domy¶lna (szczegó³y w README.Debian), ale mo¿esz sobie | ||
102 | wyedytowaæ sshd_config i ustawiæ tê opcjê na 'nie' je¶li siê z t± opini± nie | ||
103 | zgadzasz. | ||
104 | . | ||
105 | Jest bardzo wskazane aby¶ pozwoli³ mi wygenerowaæ nowy plik konfiguracyjny. | ||
106 | |||
107 | Template: ssh/protocol2_only | ||
108 | Type: boolean | ||
109 | Default: true | ||
110 | Description: Allow SSH protocol 2 only | ||
111 | This version of OpenSSH supports version 2 of the ssh protocol, which | ||
112 | is much more secure. Disabling ssh 1 is encouraged, however this | ||
113 | will slow things down on low end machines and might prevent older | ||
114 | clients from connecting (the ssh client shipped with "potato" is affected). | ||
115 | . | ||
116 | Also please note that keys used for protocol 1 are different so you will | ||
117 | not be able to use them if you only allow protocol 2 connections. | ||
118 | . | ||
119 | If you later change your mind about this setting, README.Debian has | ||
120 | instructions on what to do to your sshd_config file. | ||
121 | Description-pl: Zezwalaj wy³±cznie na wersjê 2 protoko³u SSH | ||
122 | Ta wersja OpenSSH wspiera drug± wersjê protoko³u ssh, która jest znacznie | ||
123 | bardziej bezpieczna. Wy³±czenie ssh 1 jest zalecane, choæ spowalnia to | ||
124 | dzia³anie na starych maszynach i mo¿e uniemo¿liwiæ po³±czenie starszym | ||
125 | wersjom klientów (dotyczy to np. klienta ssh do³±czanego do "potato"). | ||
126 | . | ||
127 | Ponadto, zauwa¿ proszê, ¿e klucze u¿ywane przez protokó³ 1 s± inne, wiêc | ||
128 | nie bêdziesz móg³ ich u¿ywaæ je¶li zezwolisz na korzystanie wy³±cznie z | ||
129 | wersji 2 protoko³u. | ||
130 | . | ||
131 | Je¶li pó¼niej zmienisz zdanie co do tego ustawienia, to instrukcje co | ||
132 | zmieniæ w sshd_config znajduj± siê w README.Debian. | ||
133 | |||
134 | Template: ssh/ssh2_keys_merged | ||
135 | Type: note | ||
136 | Description: ssh2 keys merged in configuration files | ||
137 | As of version 3 OpenSSH no longer uses separate files for ssh1 and | ||
138 | ssh2 keys. This means the authorized_keys2 and known_hosts2 files | ||
139 | are no longer needed. They will still be read in order to maintain | ||
140 | backwards compatibility | ||
141 | Description-pl: klucze ssh2 w³±czone do plików konfiguracyjnych | ||
142 | Pocz±wszy od wersji 3 OpenSSH nie u¿ywa ju¿ osobnych plików dla kluczy | ||
143 | ssh1 i ssh2. Oznacza to, ¿e pliki authorized_keys2 i known_hosts2 nie | ||
144 | s± ju¿ potrzebne. Bêd± one jednak odczytywane aby zachowaæ wsteczn± | ||
145 | kompatybilno¶æ. | ||
146 | |||
147 | Template: ssh/use_old_init_script | ||
148 | Type: boolean | ||
149 | Default: false | ||
150 | Description: Do you want to continue (and risk killing active ssh sessions) ? | ||
151 | The version of /etc/init.d/ssh that you have installed, is likely to kill | ||
152 | all running sshd instances. If you are doing this upgrade via an ssh | ||
153 | session, that would be a Bad Thing(tm). | ||
154 | . | ||
155 | You can fix this by adding "--pidfile /var/run/sshd.pid" to the | ||
156 | start-stop-daemon line in the stop section of the file. | ||
157 | Description-pl: Czy chcesz kontynuowaæ (i ryzykowaæ zabicie aktywnych sesji ssh) ? | ||
158 | Zainstalowana w³a¶nie wersja /etc/init.d/ssh mo¿e zabiæ wszystkie dzia³aj±ce | ||
159 | obecnie kopie sshd. Je¶li robisz ten upgrade via ssh, to by³aby Z³a Rzecz(tm). | ||
160 | . | ||
161 | Mo¿esz to naprawiæ dodaj±c "--pidfile /var/run/sshd.pid" do linijki | ||
162 | start-stop-daemon w sekcji stop tego pliku. | ||
163 | |||
164 | Template: ssh/forward_warning | ||
165 | Type: note | ||
166 | Description: NOTE: Forwarding of X11 and Authorization disabled by default. | ||
167 | For security reasons, the Debian version of ssh has ForwardX11 and | ||
168 | ForwardAgent set to ``off'' by default. | ||
169 | . | ||
170 | You can enable it for servers you trust, either | ||
171 | in one of the configuration files, or with the -X command line option. | ||
172 | . | ||
173 | More details can be found in /usr/share/doc/ssh/README.Debian | ||
174 | Description-pl: UWAGA: Przekazywanie (forwarding) X11 i Autoryzacji jest domy¶lnie wy³±czone. | ||
175 | Ze wzglêdów bezpieczeñstwa Debianowa wersja ssh ma ForwardX11 i ForwardAgent | ||
176 | ustawione domy¶lnie na 'off'. | ||
177 | . | ||
178 | Dla zaufanych serwerów mo¿esz w³±czyæ te opcje w pliku konfiguracyjnym lub | ||
179 | przy pomocy opcji -X z linii komend. | ||
180 | . | ||
181 | Wiêcej szczegó³ów znajdziesz w /usr/share/doc/ssh/README.Debian. | ||
182 | |||
183 | Template: ssh/insecure_rshd | ||
184 | Type: note | ||
185 | Description: Warning: rsh-server is installed --- probably not a good idea | ||
186 | having rsh-server installed undermines the security that you were probably | ||
187 | wanting to obtain by installing ssh. I'd advise you to remove that package. | ||
188 | Description-pl: Uwaga: serwer rsh jest zainstalowany --- prawdopodobnie nienajlepszy pomys³ | ||
189 | Posiadanie zainstalowanego serwera rsh podminowuje zabezpieczenia, które | ||
190 | prawdopodobnie starasz siê uzyskaæ instaluj±c ssh. Radzi³bym usun±æ ten | ||
191 | pakiet. | ||
192 | |||
193 | Template: ssh/insecure_telnetd | ||
194 | Type: note | ||
195 | Description: Warning: telnetd is installed --- probably not a good idea | ||
196 | I'd advise you to either remove the telnetd package (if you don't actually | ||
197 | need to offer telnet access) or install telnetd-ssl so that there is at | ||
198 | least some chance that telnet sessions will not be sending unencrypted | ||
199 | login/password and session information over the network. | ||
200 | Description-pl: Uwaga: telnetd jest zainstalowany --- prawdopodobnie nienajlepszy pomys³ | ||
201 | Radzi³bym albo usun±æ pakiet telnetd (je¶li nie potrzebujesz koniecznie | ||
202 | udostêpniaæ telnet'a) albo zainstalowaæ telnetd-ssl aby by³a choæ szansza, | ||
203 | ¿e sesje telnet nie bêd± przesy³aæ niezaszyfrowanego loginu/has³a oraz | ||
204 | danych sesji przez sieæ. | ||
205 | |||
206 | Template: ssh/encrypted_host_key_but_no_keygen | ||
207 | Type: note | ||
208 | Description: Warning: you must create a new host key | ||
209 | There is an old /etc/ssh/ssh_host_key, which is IDEA encrypted. | ||
210 | OpenSSH can not handle this host key file, and I can't find the | ||
211 | ssh-keygen utility from the old (non-free) SSH installation. | ||
212 | . | ||
213 | You will need to generate a new host key. | ||
214 | Description-pl: Uwaga: musisz utworzyæ nowy klucz hosta | ||
215 | Istnieje stary /etc/ssh/ssh_host_key, który jest zaszyfrowany przez | ||
216 | IDEA. OpenSSH nie umie korzystaæ z tak zaszyfrowanego klucza, a nie | ||
217 | mo¿e znale¼æ polecenia ssh-keygen ze starego SSH (non-free). | ||
218 | . | ||
219 | Bêdziesz musia³ wygenerowaæ nowy klucz hosta. | ||
220 | |||
221 | Template: ssh/SUID_client | ||
222 | Type: boolean | ||
223 | Default: true | ||
224 | Description: Do you want /usr/lib/ssh-keysign to be installed SUID root? | ||
225 | You have the option of installing the ssh-keysign helper with the SUID | ||
226 | bit set. | ||
227 | . | ||
228 | If you make ssh-keysign SUID, you will be able to use SSH's Protocol 2 | ||
229 | host-based authentication. | ||
230 | . | ||
231 | If in doubt, I suggest you install it with SUID. If it causes | ||
232 | problems you can change your mind later by running: dpkg-reconfigure ssh | ||
233 | Description-pl: Czy chcesz aby /usr/lib/ssh-keysign by³ zainstalowany jako SUID root? | ||
234 | Masz mo¿liwo¶æ zainstalowania pomocniczego programu ssh-keysign z w³±czonym | ||
235 | bitem SETUID. | ||
236 | . | ||
237 | Je¶li uczynisz ssh-keysign SUIDowym, bêdziesz móg³ u¿ywaæ opartej na hostach | ||
238 | autentykacji drugiej wersji protoko³u SSH. | ||
239 | . | ||
240 | Je¶li masz w±tpliwo¶ci, radzê zainstalowaæ go z SUIDem. Je¶li to sprawia | ||
241 | problemy, mo¿esz zmieniæ swoje zdanie uruchamiaj±c pó¼niej polecenie: | ||
242 | dpkg-reconfigure ssh | ||
243 | |||
244 | Template: ssh/run_sshd | ||
245 | Type: boolean | ||
246 | Default: true | ||
247 | Description: Do you want to run the sshd server ? | ||
248 | This package contains both the ssh client, and the sshd server. | ||
249 | . | ||
250 | Normally the sshd Secure Shell Server will be run to allow remote | ||
251 | logins via ssh. | ||
252 | . | ||
253 | If you are only interested in using the ssh client for outbound | ||
254 | connections on this machine, and don't want to log into it at all | ||
255 | using ssh, then you can disable sshd here. | ||
256 | Description-pl: Czy chcesz uruchamiaæ serwer sshd ? | ||
257 | Ten pakiet zawiera zarówno klienta ssh, jak i serwer sshd. | ||
258 | . | ||
259 | Normalnie serwer sshd (Secure Shell Server) bêdzie uruchomiony aby | ||
260 | umo¿liwiæ zdalny dostêp przez ssh. | ||
261 | . | ||
262 | Je¶li jeste¶ zainteresowny u¿ywaniem wy³±cznie klienta ssh dla po³±czeñ | ||
263 | wychodz±cych z tej maszyny, i nie chcesz siê na ni± logowaæ przy pomocy | ||
264 | ssh, to mo¿esz teraz wy³±czyæ serwer sshd. | ||
@@ -1,7 +1,7 @@ | |||
1 | #ifndef _DEFINES_H | 1 | #ifndef _DEFINES_H |
2 | #define _DEFINES_H | 2 | #define _DEFINES_H |
3 | 3 | ||
4 | /* $Id: defines.h,v 1.92 2002/06/24 16:26:49 stevesk Exp $ */ | 4 | /* $Id: defines.h,v 1.96 2002/09/26 00:38:48 tim Exp $ */ |
5 | 5 | ||
6 | 6 | ||
7 | /* Constants */ | 7 | /* Constants */ |
@@ -102,7 +102,7 @@ SCO Open Server 3 has INADDR_LOOPBACK defined in rpc/rpc.h but | |||
102 | including rpc/rpc.h breaks Solaris 6 | 102 | including rpc/rpc.h breaks Solaris 6 |
103 | */ | 103 | */ |
104 | #ifndef INADDR_LOOPBACK | 104 | #ifndef INADDR_LOOPBACK |
105 | #define INADDR_LOOPBACK ((ulong)0x7f000001) | 105 | #define INADDR_LOOPBACK ((u_long)0x7f000001) |
106 | #endif | 106 | #endif |
107 | 107 | ||
108 | /* Types */ | 108 | /* Types */ |
@@ -124,7 +124,7 @@ typedef char int8_t; | |||
124 | # if (SIZEOF_SHORT_INT == 2) | 124 | # if (SIZEOF_SHORT_INT == 2) |
125 | typedef short int int16_t; | 125 | typedef short int int16_t; |
126 | # else | 126 | # else |
127 | # ifdef _CRAY | 127 | # ifdef _UNICOS |
128 | # if (SIZEOF_SHORT_INT == 4) | 128 | # if (SIZEOF_SHORT_INT == 4) |
129 | typedef short int16_t; | 129 | typedef short int16_t; |
130 | # else | 130 | # else |
@@ -132,16 +132,16 @@ typedef long int16_t; | |||
132 | # endif | 132 | # endif |
133 | # else | 133 | # else |
134 | # error "16 bit int type not found." | 134 | # error "16 bit int type not found." |
135 | # endif /* _CRAY */ | 135 | # endif /* _UNICOS */ |
136 | # endif | 136 | # endif |
137 | # if (SIZEOF_INT == 4) | 137 | # if (SIZEOF_INT == 4) |
138 | typedef int int32_t; | 138 | typedef int int32_t; |
139 | # else | 139 | # else |
140 | # ifdef _CRAY | 140 | # ifdef _UNICOS |
141 | typedef long int32_t; | 141 | typedef long int32_t; |
142 | # else | 142 | # else |
143 | # error "32 bit int type not found." | 143 | # error "32 bit int type not found." |
144 | # endif /* _CRAY */ | 144 | # endif /* _UNICOS */ |
145 | # endif | 145 | # endif |
146 | #endif | 146 | #endif |
147 | 147 | ||
@@ -161,7 +161,7 @@ typedef unsigned char u_int8_t; | |||
161 | # if (SIZEOF_SHORT_INT == 2) | 161 | # if (SIZEOF_SHORT_INT == 2) |
162 | typedef unsigned short int u_int16_t; | 162 | typedef unsigned short int u_int16_t; |
163 | # else | 163 | # else |
164 | # ifdef _CRAY | 164 | # ifdef _UNICOS |
165 | # if (SIZEOF_SHORT_INT == 4) | 165 | # if (SIZEOF_SHORT_INT == 4) |
166 | typedef unsigned short u_int16_t; | 166 | typedef unsigned short u_int16_t; |
167 | # else | 167 | # else |
@@ -174,7 +174,7 @@ typedef unsigned long u_int16_t; | |||
174 | # if (SIZEOF_INT == 4) | 174 | # if (SIZEOF_INT == 4) |
175 | typedef unsigned int u_int32_t; | 175 | typedef unsigned int u_int32_t; |
176 | # else | 176 | # else |
177 | # ifdef _CRAY | 177 | # ifdef _UNICOS |
178 | typedef unsigned long u_int32_t; | 178 | typedef unsigned long u_int32_t; |
179 | # else | 179 | # else |
180 | # error "32 bit int type not found." | 180 | # error "32 bit int type not found." |
@@ -216,6 +216,10 @@ typedef unsigned char u_char; | |||
216 | # define HAVE_U_CHAR | 216 | # define HAVE_U_CHAR |
217 | #endif /* HAVE_U_CHAR */ | 217 | #endif /* HAVE_U_CHAR */ |
218 | 218 | ||
219 | #ifndef SIZE_T_MAX | ||
220 | #define SIZE_T_MAX ULONG_MAX | ||
221 | #endif /* SIZE_T_MAX */ | ||
222 | |||
219 | #ifndef HAVE_SIZE_T | 223 | #ifndef HAVE_SIZE_T |
220 | typedef unsigned int size_t; | 224 | typedef unsigned int size_t; |
221 | # define HAVE_SIZE_T | 225 | # define HAVE_SIZE_T |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: dh.c,v 1.21 2002/03/06 00:23:27 markus Exp $"); | 26 | RCSID("$OpenBSD: dh.c,v 1.22 2002/06/27 08:49:44 markus Exp $"); |
27 | 27 | ||
28 | #include "xmalloc.h" | 28 | #include "xmalloc.h" |
29 | 29 | ||
@@ -50,7 +50,7 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg) | |||
50 | /* Ignore leading whitespace */ | 50 | /* Ignore leading whitespace */ |
51 | if (*arg == '\0') | 51 | if (*arg == '\0') |
52 | arg = strdelim(&cp); | 52 | arg = strdelim(&cp); |
53 | if (!*arg || *arg == '#') | 53 | if (!arg || !*arg || *arg == '#') |
54 | return 0; | 54 | return 0; |
55 | 55 | ||
56 | /* time */ | 56 | /* time */ |
diff --git a/hostfile.c b/hostfile.c index cefff8d62..dcee03448 100644 --- a/hostfile.c +++ b/hostfile.c | |||
@@ -36,7 +36,7 @@ | |||
36 | */ | 36 | */ |
37 | 37 | ||
38 | #include "includes.h" | 38 | #include "includes.h" |
39 | RCSID("$OpenBSD: hostfile.c,v 1.29 2001/12/18 10:04:21 jakob Exp $"); | 39 | RCSID("$OpenBSD: hostfile.c,v 1.30 2002/07/24 16:11:18 markus Exp $"); |
40 | 40 | ||
41 | #include "packet.h" | 41 | #include "packet.h" |
42 | #include "match.h" | 42 | #include "match.h" |
@@ -91,11 +91,14 @@ hostfile_check_key(int bits, Key *key, const char *host, const char *filename, i | |||
91 | * in the list of our known hosts. Returns HOST_OK if the host is known and | 91 | * in the list of our known hosts. Returns HOST_OK if the host is known and |
92 | * has the specified key, HOST_NEW if the host is not known, and HOST_CHANGED | 92 | * has the specified key, HOST_NEW if the host is not known, and HOST_CHANGED |
93 | * if the host is known but used to have a different host key. | 93 | * if the host is known but used to have a different host key. |
94 | * | ||
95 | * If no 'key' has been specified and a key of type 'keytype' is known | ||
96 | * for the specified host, then HOST_FOUND is returned. | ||
94 | */ | 97 | */ |
95 | 98 | ||
96 | HostStatus | 99 | static HostStatus |
97 | check_host_in_hostfile(const char *filename, const char *host, Key *key, | 100 | check_host_in_hostfile_by_key_or_type(const char *filename, |
98 | Key *found, int *numret) | 101 | const char *host, Key *key, int keytype, Key *found, int *numret) |
99 | { | 102 | { |
100 | FILE *f; | 103 | FILE *f; |
101 | char line[8192]; | 104 | char line[8192]; |
@@ -105,8 +108,7 @@ check_host_in_hostfile(const char *filename, const char *host, Key *key, | |||
105 | HostStatus end_return; | 108 | HostStatus end_return; |
106 | 109 | ||
107 | debug3("check_host_in_hostfile: filename %s", filename); | 110 | debug3("check_host_in_hostfile: filename %s", filename); |
108 | if (key == NULL) | 111 | |
109 | fatal("no key to look up"); | ||
110 | /* Open the file containing the list of known hosts. */ | 112 | /* Open the file containing the list of known hosts. */ |
111 | f = fopen(filename, "r"); | 113 | f = fopen(filename, "r"); |
112 | if (!f) | 114 | if (!f) |
@@ -147,12 +149,20 @@ check_host_in_hostfile(const char *filename, const char *host, Key *key, | |||
147 | */ | 149 | */ |
148 | if (!hostfile_read_key(&cp, &kbits, found)) | 150 | if (!hostfile_read_key(&cp, &kbits, found)) |
149 | continue; | 151 | continue; |
150 | if (!hostfile_check_key(kbits, found, host, filename, linenum)) | ||
151 | continue; | ||
152 | 152 | ||
153 | if (numret != NULL) | 153 | if (numret != NULL) |
154 | *numret = linenum; | 154 | *numret = linenum; |
155 | 155 | ||
156 | if (key == NULL) { | ||
157 | /* we found a key of the requested type */ | ||
158 | if (found->type == keytype) | ||
159 | return HOST_FOUND; | ||
160 | continue; | ||
161 | } | ||
162 | |||
163 | if (!hostfile_check_key(kbits, found, host, filename, linenum)) | ||
164 | continue; | ||
165 | |||
156 | /* Check if the current key is the same as the given key. */ | 166 | /* Check if the current key is the same as the given key. */ |
157 | if (key_equal(key, found)) { | 167 | if (key_equal(key, found)) { |
158 | /* Ok, they match. */ | 168 | /* Ok, they match. */ |
@@ -177,6 +187,24 @@ check_host_in_hostfile(const char *filename, const char *host, Key *key, | |||
177 | return end_return; | 187 | return end_return; |
178 | } | 188 | } |
179 | 189 | ||
190 | HostStatus | ||
191 | check_host_in_hostfile(const char *filename, const char *host, Key *key, | ||
192 | Key *found, int *numret) | ||
193 | { | ||
194 | if (key == NULL) | ||
195 | fatal("no key to look up"); | ||
196 | return (check_host_in_hostfile_by_key_or_type(filename, host, key, 0, | ||
197 | found, numret)); | ||
198 | } | ||
199 | |||
200 | int | ||
201 | lookup_key_in_hostfile_by_type(const char *filename, const char *host, | ||
202 | int keytype, Key *found, int *numret) | ||
203 | { | ||
204 | return (check_host_in_hostfile_by_key_or_type(filename, host, NULL, | ||
205 | keytype, found, numret) == HOST_FOUND); | ||
206 | } | ||
207 | |||
180 | /* | 208 | /* |
181 | * Appends an entry to the host file. Returns false if the entry could not | 209 | * Appends an entry to the host file. Returns false if the entry could not |
182 | * be appended. | 210 | * be appended. |
diff --git a/hostfile.h b/hostfile.h index 0244fdb53..1df7a22f2 100644 --- a/hostfile.h +++ b/hostfile.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: hostfile.h,v 1.10 2001/12/18 10:04:21 jakob Exp $ */ | 1 | /* $OpenBSD: hostfile.h,v 1.12 2002/09/08 20:24:08 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -15,12 +15,14 @@ | |||
15 | #define HOSTFILE_H | 15 | #define HOSTFILE_H |
16 | 16 | ||
17 | typedef enum { | 17 | typedef enum { |
18 | HOST_OK, HOST_NEW, HOST_CHANGED | 18 | HOST_OK, HOST_NEW, HOST_CHANGED, HOST_FOUND |
19 | } HostStatus; | 19 | } HostStatus; |
20 | 20 | ||
21 | int hostfile_read_key(char **, u_int *, Key *); | 21 | int hostfile_read_key(char **, u_int *, Key *); |
22 | HostStatus | 22 | HostStatus |
23 | check_host_in_hostfile(const char *, const char *, Key *, Key *, int *); | 23 | check_host_in_hostfile(const char *, const char *, Key *, Key *, int *); |
24 | int add_host_to_hostfile(const char *, const char *, Key *); | 24 | int add_host_to_hostfile(const char *, const char *, Key *); |
25 | int | ||
26 | lookup_key_in_hostfile_by_type(const char *, const char *, int , Key *, int *); | ||
25 | 27 | ||
26 | #endif | 28 | #endif |
diff --git a/includes.h b/includes.h index e20d7a519..d7b875c52 100644 --- a/includes.h +++ b/includes.h | |||
@@ -115,6 +115,9 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } | |||
115 | #ifdef HAVE_SYS_UN_H | 115 | #ifdef HAVE_SYS_UN_H |
116 | # include <sys/un.h> /* For sockaddr_un */ | 116 | # include <sys/un.h> /* For sockaddr_un */ |
117 | #endif | 117 | #endif |
118 | #ifdef HAVE_STDINT_H | ||
119 | # include <stdint.h> | ||
120 | #endif | ||
118 | #ifdef HAVE_SYS_BITYPES_H | 121 | #ifdef HAVE_SYS_BITYPES_H |
119 | # include <sys/bitypes.h> /* For u_intXX_t */ | 122 | # include <sys/bitypes.h> /* For u_intXX_t */ |
120 | #endif | 123 | #endif |
@@ -146,6 +149,14 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } | |||
146 | # include <readpassphrase.h> | 149 | # include <readpassphrase.h> |
147 | #endif | 150 | #endif |
148 | 151 | ||
152 | #ifdef HAVE_IA_H | ||
153 | # include <ia.h> | ||
154 | #endif | ||
155 | |||
156 | #ifdef HAVE_TMPDIR_H | ||
157 | # include <tmpdir.h> | ||
158 | #endif | ||
159 | |||
149 | #include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER */ | 160 | #include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER */ |
150 | 161 | ||
151 | #include "defines.h" | 162 | #include "defines.h" |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.h,v 1.31 2002/05/16 22:02:50 markus Exp $ */ | 1 | /* $OpenBSD: kex.h,v 1.32 2002/09/09 14:54:14 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -96,7 +96,7 @@ struct Newkeys { | |||
96 | }; | 96 | }; |
97 | struct Kex { | 97 | struct Kex { |
98 | u_char *session_id; | 98 | u_char *session_id; |
99 | int session_id_len; | 99 | u_int session_id_len; |
100 | Newkeys *newkeys[MODE_MAX]; | 100 | Newkeys *newkeys[MODE_MAX]; |
101 | int we_need; | 101 | int we_need; |
102 | int server; | 102 | int server; |
@@ -32,7 +32,7 @@ | |||
32 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 32 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
33 | */ | 33 | */ |
34 | #include "includes.h" | 34 | #include "includes.h" |
35 | RCSID("$OpenBSD: key.c,v 1.45 2002/06/23 03:26:19 deraadt Exp $"); | 35 | RCSID("$OpenBSD: key.c,v 1.49 2002/09/09 14:54:14 markus Exp $"); |
36 | 36 | ||
37 | #include <openssl/evp.h> | 37 | #include <openssl/evp.h> |
38 | 38 | ||
@@ -171,7 +171,7 @@ key_equal(Key *a, Key *b) | |||
171 | return 0; | 171 | return 0; |
172 | } | 172 | } |
173 | 173 | ||
174 | static u_char* | 174 | static u_char * |
175 | key_fingerprint_raw(Key *k, enum fp_type dgst_type, u_int *dgst_raw_length) | 175 | key_fingerprint_raw(Key *k, enum fp_type dgst_type, u_int *dgst_raw_length) |
176 | { | 176 | { |
177 | const EVP_MD *md = NULL; | 177 | const EVP_MD *md = NULL; |
@@ -227,8 +227,8 @@ key_fingerprint_raw(Key *k, enum fp_type dgst_type, u_int *dgst_raw_length) | |||
227 | return retval; | 227 | return retval; |
228 | } | 228 | } |
229 | 229 | ||
230 | static char* | 230 | static char * |
231 | key_fingerprint_hex(u_char* dgst_raw, u_int dgst_raw_len) | 231 | key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len) |
232 | { | 232 | { |
233 | char *retval; | 233 | char *retval; |
234 | int i; | 234 | int i; |
@@ -244,8 +244,8 @@ key_fingerprint_hex(u_char* dgst_raw, u_int dgst_raw_len) | |||
244 | return retval; | 244 | return retval; |
245 | } | 245 | } |
246 | 246 | ||
247 | static char* | 247 | static char * |
248 | key_fingerprint_bubblebabble(u_char* dgst_raw, u_int dgst_raw_len) | 248 | key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len) |
249 | { | 249 | { |
250 | char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' }; | 250 | char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' }; |
251 | char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm', | 251 | char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm', |
@@ -291,7 +291,7 @@ key_fingerprint_bubblebabble(u_char* dgst_raw, u_int dgst_raw_len) | |||
291 | return retval; | 291 | return retval; |
292 | } | 292 | } |
293 | 293 | ||
294 | char* | 294 | char * |
295 | key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) | 295 | key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) |
296 | { | 296 | { |
297 | char *retval = NULL; | 297 | char *retval = NULL; |
@@ -494,7 +494,8 @@ key_write(Key *key, FILE *f) | |||
494 | { | 494 | { |
495 | int n, success = 0; | 495 | int n, success = 0; |
496 | u_int len, bits = 0; | 496 | u_int len, bits = 0; |
497 | u_char *blob, *uu; | 497 | u_char *blob; |
498 | char *uu; | ||
498 | 499 | ||
499 | if (key->type == KEY_RSA1 && key->rsa != NULL) { | 500 | if (key->type == KEY_RSA1 && key->rsa != NULL) { |
500 | /* size of modulus 'n' */ | 501 | /* size of modulus 'n' */ |
@@ -729,7 +730,6 @@ key_to_blob(Key *key, u_char **blobp, u_int *lenp) | |||
729 | { | 730 | { |
730 | Buffer b; | 731 | Buffer b; |
731 | int len; | 732 | int len; |
732 | u_char *buf; | ||
733 | 733 | ||
734 | if (key == NULL) { | 734 | if (key == NULL) { |
735 | error("key_to_blob: key == NULL"); | 735 | error("key_to_blob: key == NULL"); |
@@ -755,14 +755,14 @@ key_to_blob(Key *key, u_char **blobp, u_int *lenp) | |||
755 | return 0; | 755 | return 0; |
756 | } | 756 | } |
757 | len = buffer_len(&b); | 757 | len = buffer_len(&b); |
758 | buf = xmalloc(len); | ||
759 | memcpy(buf, buffer_ptr(&b), len); | ||
760 | memset(buffer_ptr(&b), 0, len); | ||
761 | buffer_free(&b); | ||
762 | if (lenp != NULL) | 758 | if (lenp != NULL) |
763 | *lenp = len; | 759 | *lenp = len; |
764 | if (blobp != NULL) | 760 | if (blobp != NULL) { |
765 | *blobp = buf; | 761 | *blobp = xmalloc(len); |
762 | memcpy(*blobp, buffer_ptr(&b), len); | ||
763 | } | ||
764 | memset(buffer_ptr(&b), 0, len); | ||
765 | buffer_free(&b); | ||
766 | return len; | 766 | return len; |
767 | } | 767 | } |
768 | 768 | ||
@@ -34,7 +34,7 @@ | |||
34 | */ | 34 | */ |
35 | 35 | ||
36 | #include "includes.h" | 36 | #include "includes.h" |
37 | RCSID("$OpenBSD: log.c,v 1.22 2002/02/22 12:20:34 markus Exp $"); | 37 | RCSID("$OpenBSD: log.c,v 1.24 2002/07/19 15:43:33 markus Exp $"); |
38 | 38 | ||
39 | #include "log.h" | 39 | #include "log.h" |
40 | #include "xmalloc.h" | 40 | #include "xmalloc.h" |
@@ -93,6 +93,7 @@ SyslogFacility | |||
93 | log_facility_number(char *name) | 93 | log_facility_number(char *name) |
94 | { | 94 | { |
95 | int i; | 95 | int i; |
96 | |||
96 | if (name != NULL) | 97 | if (name != NULL) |
97 | for (i = 0; log_facilities[i].name; i++) | 98 | for (i = 0; log_facilities[i].name; i++) |
98 | if (strcasecmp(log_facilities[i].name, name) == 0) | 99 | if (strcasecmp(log_facilities[i].name, name) == 0) |
@@ -104,6 +105,7 @@ LogLevel | |||
104 | log_level_number(char *name) | 105 | log_level_number(char *name) |
105 | { | 106 | { |
106 | int i; | 107 | int i; |
108 | |||
107 | if (name != NULL) | 109 | if (name != NULL) |
108 | for (i = 0; log_levels[i].name; i++) | 110 | for (i = 0; log_levels[i].name; i++) |
109 | if (strcasecmp(log_levels[i].name, name) == 0) | 111 | if (strcasecmp(log_levels[i].name, name) == 0) |
@@ -117,6 +119,7 @@ void | |||
117 | error(const char *fmt,...) | 119 | error(const char *fmt,...) |
118 | { | 120 | { |
119 | va_list args; | 121 | va_list args; |
122 | |||
120 | va_start(args, fmt); | 123 | va_start(args, fmt); |
121 | do_log(SYSLOG_LEVEL_ERROR, fmt, args); | 124 | do_log(SYSLOG_LEVEL_ERROR, fmt, args); |
122 | va_end(args); | 125 | va_end(args); |
@@ -128,6 +131,7 @@ void | |||
128 | log(const char *fmt,...) | 131 | log(const char *fmt,...) |
129 | { | 132 | { |
130 | va_list args; | 133 | va_list args; |
134 | |||
131 | va_start(args, fmt); | 135 | va_start(args, fmt); |
132 | do_log(SYSLOG_LEVEL_INFO, fmt, args); | 136 | do_log(SYSLOG_LEVEL_INFO, fmt, args); |
133 | va_end(args); | 137 | va_end(args); |
@@ -139,6 +143,7 @@ void | |||
139 | verbose(const char *fmt,...) | 143 | verbose(const char *fmt,...) |
140 | { | 144 | { |
141 | va_list args; | 145 | va_list args; |
146 | |||
142 | va_start(args, fmt); | 147 | va_start(args, fmt); |
143 | do_log(SYSLOG_LEVEL_VERBOSE, fmt, args); | 148 | do_log(SYSLOG_LEVEL_VERBOSE, fmt, args); |
144 | va_end(args); | 149 | va_end(args); |
@@ -150,6 +155,7 @@ void | |||
150 | debug(const char *fmt,...) | 155 | debug(const char *fmt,...) |
151 | { | 156 | { |
152 | va_list args; | 157 | va_list args; |
158 | |||
153 | va_start(args, fmt); | 159 | va_start(args, fmt); |
154 | do_log(SYSLOG_LEVEL_DEBUG1, fmt, args); | 160 | do_log(SYSLOG_LEVEL_DEBUG1, fmt, args); |
155 | va_end(args); | 161 | va_end(args); |
@@ -159,6 +165,7 @@ void | |||
159 | debug2(const char *fmt,...) | 165 | debug2(const char *fmt,...) |
160 | { | 166 | { |
161 | va_list args; | 167 | va_list args; |
168 | |||
162 | va_start(args, fmt); | 169 | va_start(args, fmt); |
163 | do_log(SYSLOG_LEVEL_DEBUG2, fmt, args); | 170 | do_log(SYSLOG_LEVEL_DEBUG2, fmt, args); |
164 | va_end(args); | 171 | va_end(args); |
@@ -168,6 +175,7 @@ void | |||
168 | debug3(const char *fmt,...) | 175 | debug3(const char *fmt,...) |
169 | { | 176 | { |
170 | va_list args; | 177 | va_list args; |
178 | |||
171 | va_start(args, fmt); | 179 | va_start(args, fmt); |
172 | do_log(SYSLOG_LEVEL_DEBUG3, fmt, args); | 180 | do_log(SYSLOG_LEVEL_DEBUG3, fmt, args); |
173 | va_end(args); | 181 | va_end(args); |
@@ -216,6 +224,18 @@ fatal_remove_cleanup(void (*proc) (void *context), void *context) | |||
216 | (u_long) proc, (u_long) context); | 224 | (u_long) proc, (u_long) context); |
217 | } | 225 | } |
218 | 226 | ||
227 | /* Remove all cleanups, to be called after fork() */ | ||
228 | void | ||
229 | fatal_remove_all_cleanups(void) | ||
230 | { | ||
231 | struct fatal_cleanup *cu, *next_cu; | ||
232 | |||
233 | for (cu = fatal_cleanups; cu; cu = next_cu) { | ||
234 | next_cu = cu->next; | ||
235 | xfree(cu); | ||
236 | } | ||
237 | } | ||
238 | |||
219 | /* Cleanup and exit */ | 239 | /* Cleanup and exit */ |
220 | void | 240 | void |
221 | fatal_cleanup(void) | 241 | fatal_cleanup(void) |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: log.h,v 1.7 2002/05/19 20:54:52 deraadt Exp $ */ | 1 | /* $OpenBSD: log.h,v 1.8 2002/07/19 15:43:33 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -65,6 +65,7 @@ void debug3(const char *, ...) __attribute__((format(printf, 1, 2))); | |||
65 | void fatal_cleanup(void); | 65 | void fatal_cleanup(void); |
66 | void fatal_add_cleanup(void (*) (void *), void *); | 66 | void fatal_add_cleanup(void (*) (void *), void *); |
67 | void fatal_remove_cleanup(void (*) (void *), void *); | 67 | void fatal_remove_cleanup(void (*) (void *), void *); |
68 | void fatal_remove_all_cleanups(void); | ||
68 | 69 | ||
69 | void do_log(LogLevel, const char *, va_list); | 70 | void do_log(LogLevel, const char *, va_list); |
70 | 71 | ||
diff --git a/loginrec.c b/loginrec.c index 609e84768..02c3106a3 100644 --- a/loginrec.c +++ b/loginrec.c | |||
@@ -163,7 +163,7 @@ | |||
163 | #include "log.h" | 163 | #include "log.h" |
164 | #include "atomicio.h" | 164 | #include "atomicio.h" |
165 | 165 | ||
166 | RCSID("$Id: loginrec.c,v 1.40 2002/04/23 13:09:19 djm Exp $"); | 166 | RCSID("$Id: loginrec.c,v 1.44 2002/09/26 00:38:49 tim Exp $"); |
167 | 167 | ||
168 | #ifdef HAVE_UTIL_H | 168 | #ifdef HAVE_UTIL_H |
169 | # include <util.h> | 169 | # include <util.h> |
@@ -622,13 +622,13 @@ construct_utmp(struct logininfo *li, | |||
622 | switch (li->type) { | 622 | switch (li->type) { |
623 | case LTYPE_LOGIN: | 623 | case LTYPE_LOGIN: |
624 | ut->ut_type = USER_PROCESS; | 624 | ut->ut_type = USER_PROCESS; |
625 | #ifdef _CRAY | 625 | #ifdef _UNICOS |
626 | cray_set_tmpdir(ut); | 626 | cray_set_tmpdir(ut); |
627 | #endif | 627 | #endif |
628 | break; | 628 | break; |
629 | case LTYPE_LOGOUT: | 629 | case LTYPE_LOGOUT: |
630 | ut->ut_type = DEAD_PROCESS; | 630 | ut->ut_type = DEAD_PROCESS; |
631 | #ifdef _CRAY | 631 | #ifdef _UNICOS |
632 | cray_retain_utmp(ut, li->pid); | 632 | cray_retain_utmp(ut, li->pid); |
633 | #endif | 633 | #endif |
634 | break; | 634 | break; |
@@ -1249,7 +1249,7 @@ wtmpx_get_entry(struct logininfo *li) | |||
1249 | } | 1249 | } |
1250 | if (fstat(fd, &st) != 0) { | 1250 | if (fstat(fd, &st) != 0) { |
1251 | log("wtmpx_get_entry: couldn't stat %s: %s", | 1251 | log("wtmpx_get_entry: couldn't stat %s: %s", |
1252 | WTMP_FILE, strerror(errno)); | 1252 | WTMPX_FILE, strerror(errno)); |
1253 | close(fd); | 1253 | close(fd); |
1254 | return 0; | 1254 | return 0; |
1255 | } | 1255 | } |
@@ -1271,6 +1271,7 @@ wtmpx_get_entry(struct logininfo *li) | |||
1271 | /* Logouts are recorded as a blank username on a particular line. | 1271 | /* Logouts are recorded as a blank username on a particular line. |
1272 | * So, we just need to find the username in struct utmpx */ | 1272 | * So, we just need to find the username in struct utmpx */ |
1273 | if ( wtmpx_islogin(li, &utx) ) { | 1273 | if ( wtmpx_islogin(li, &utx) ) { |
1274 | found = 1; | ||
1274 | # ifdef HAVE_TV_IN_UTMPX | 1275 | # ifdef HAVE_TV_IN_UTMPX |
1275 | li->tv_sec = utx.ut_tv.tv_sec; | 1276 | li->tv_sec = utx.ut_tv.tv_sec; |
1276 | # else | 1277 | # else |
@@ -25,7 +25,7 @@ | |||
25 | */ | 25 | */ |
26 | 26 | ||
27 | #include "includes.h" | 27 | #include "includes.h" |
28 | RCSID("$OpenBSD: monitor.c,v 1.18 2002/06/26 13:20:57 deraadt Exp $"); | 28 | RCSID("$OpenBSD: monitor.c,v 1.29 2002/09/26 11:38:43 markus Exp $"); |
29 | 29 | ||
30 | #include <openssl/dh.h> | 30 | #include <openssl/dh.h> |
31 | 31 | ||
@@ -120,6 +120,13 @@ int mm_answer_sessid(int, Buffer *); | |||
120 | int mm_answer_pam_start(int, Buffer *); | 120 | int mm_answer_pam_start(int, Buffer *); |
121 | #endif | 121 | #endif |
122 | 122 | ||
123 | #ifdef KRB4 | ||
124 | int mm_answer_krb4(int, Buffer *); | ||
125 | #endif | ||
126 | #ifdef KRB5 | ||
127 | int mm_answer_krb5(int, Buffer *); | ||
128 | #endif | ||
129 | |||
123 | static Authctxt *authctxt; | 130 | static Authctxt *authctxt; |
124 | static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ | 131 | static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ |
125 | 132 | ||
@@ -127,8 +134,8 @@ static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ | |||
127 | static u_char *key_blob = NULL; | 134 | static u_char *key_blob = NULL; |
128 | static u_int key_bloblen = 0; | 135 | static u_int key_bloblen = 0; |
129 | static int key_blobtype = MM_NOKEY; | 136 | static int key_blobtype = MM_NOKEY; |
130 | static u_char *hostbased_cuser = NULL; | 137 | static char *hostbased_cuser = NULL; |
131 | static u_char *hostbased_chost = NULL; | 138 | static char *hostbased_chost = NULL; |
132 | static char *auth_method = "unknown"; | 139 | static char *auth_method = "unknown"; |
133 | static int session_id2_len = 0; | 140 | static int session_id2_len = 0; |
134 | static u_char *session_id2 = NULL; | 141 | static u_char *session_id2 = NULL; |
@@ -199,6 +206,12 @@ struct mon_table mon_dispatch_proto15[] = { | |||
199 | #ifdef USE_PAM | 206 | #ifdef USE_PAM |
200 | {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, | 207 | {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, |
201 | #endif | 208 | #endif |
209 | #ifdef KRB4 | ||
210 | {MONITOR_REQ_KRB4, MON_ONCE|MON_AUTH, mm_answer_krb4}, | ||
211 | #endif | ||
212 | #ifdef KRB5 | ||
213 | {MONITOR_REQ_KRB5, MON_ONCE|MON_AUTH, mm_answer_krb5}, | ||
214 | #endif | ||
202 | {0, 0, NULL} | 215 | {0, 0, NULL} |
203 | }; | 216 | }; |
204 | 217 | ||
@@ -455,7 +468,7 @@ mm_answer_sign(int socket, Buffer *m) | |||
455 | p = buffer_get_string(m, &datlen); | 468 | p = buffer_get_string(m, &datlen); |
456 | 469 | ||
457 | if (datlen != 20) | 470 | if (datlen != 20) |
458 | fatal("%s: data length incorrect: %d", __func__, datlen); | 471 | fatal("%s: data length incorrect: %u", __func__, datlen); |
459 | 472 | ||
460 | /* save session id, it will be passed on the first call */ | 473 | /* save session id, it will be passed on the first call */ |
461 | if (session_id2_len == 0) { | 474 | if (session_id2_len == 0) { |
@@ -469,7 +482,7 @@ mm_answer_sign(int socket, Buffer *m) | |||
469 | if (key_sign(key, &signature, &siglen, p, datlen) < 0) | 482 | if (key_sign(key, &signature, &siglen, p, datlen) < 0) |
470 | fatal("%s: key_sign failed", __func__); | 483 | fatal("%s: key_sign failed", __func__); |
471 | 484 | ||
472 | debug3("%s: signature %p(%d)", __func__, signature, siglen); | 485 | debug3("%s: signature %p(%u)", __func__, signature, siglen); |
473 | 486 | ||
474 | buffer_clear(m); | 487 | buffer_clear(m); |
475 | buffer_put_string(m, signature, siglen); | 488 | buffer_put_string(m, signature, siglen); |
@@ -559,7 +572,7 @@ int mm_answer_auth2_read_banner(int socket, Buffer *m) | |||
559 | mm_request_send(socket, MONITOR_ANS_AUTH2_READ_BANNER, m); | 572 | mm_request_send(socket, MONITOR_ANS_AUTH2_READ_BANNER, m); |
560 | 573 | ||
561 | if (banner != NULL) | 574 | if (banner != NULL) |
562 | free(banner); | 575 | xfree(banner); |
563 | 576 | ||
564 | return (0); | 577 | return (0); |
565 | } | 578 | } |
@@ -587,7 +600,8 @@ mm_answer_authpassword(int socket, Buffer *m) | |||
587 | { | 600 | { |
588 | static int call_count; | 601 | static int call_count; |
589 | char *passwd; | 602 | char *passwd; |
590 | int authenticated, plen; | 603 | int authenticated; |
604 | u_int plen; | ||
591 | 605 | ||
592 | passwd = buffer_get_string(m, &plen); | 606 | passwd = buffer_get_string(m, &plen); |
593 | /* Only authenticate if the context is valid */ | 607 | /* Only authenticate if the context is valid */ |
@@ -750,7 +764,8 @@ int | |||
750 | mm_answer_keyallowed(int socket, Buffer *m) | 764 | mm_answer_keyallowed(int socket, Buffer *m) |
751 | { | 765 | { |
752 | Key *key; | 766 | Key *key; |
753 | u_char *cuser, *chost, *blob; | 767 | char *cuser, *chost; |
768 | u_char *blob; | ||
754 | u_int bloblen; | 769 | u_int bloblen; |
755 | enum mm_keytype type = 0; | 770 | enum mm_keytype type = 0; |
756 | int allowed = 0; | 771 | int allowed = 0; |
@@ -826,7 +841,7 @@ static int | |||
826 | monitor_valid_userblob(u_char *data, u_int datalen) | 841 | monitor_valid_userblob(u_char *data, u_int datalen) |
827 | { | 842 | { |
828 | Buffer b; | 843 | Buffer b; |
829 | u_char *p; | 844 | char *p; |
830 | u_int len; | 845 | u_int len; |
831 | int fail = 0; | 846 | int fail = 0; |
832 | 847 | ||
@@ -879,11 +894,11 @@ monitor_valid_userblob(u_char *data, u_int datalen) | |||
879 | } | 894 | } |
880 | 895 | ||
881 | static int | 896 | static int |
882 | monitor_valid_hostbasedblob(u_char *data, u_int datalen, u_char *cuser, | 897 | monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, |
883 | u_char *chost) | 898 | char *chost) |
884 | { | 899 | { |
885 | Buffer b; | 900 | Buffer b; |
886 | u_char *p; | 901 | char *p; |
887 | u_int len; | 902 | u_int len; |
888 | int fail = 0; | 903 | int fail = 0; |
889 | 904 | ||
@@ -1001,8 +1016,8 @@ mm_record_login(Session *s, struct passwd *pw) | |||
1001 | * the address be 0.0.0.0. | 1016 | * the address be 0.0.0.0. |
1002 | */ | 1017 | */ |
1003 | memset(&from, 0, sizeof(from)); | 1018 | memset(&from, 0, sizeof(from)); |
1019 | fromlen = sizeof(from); | ||
1004 | if (packet_connection_is_on_socket()) { | 1020 | if (packet_connection_is_on_socket()) { |
1005 | fromlen = sizeof(from); | ||
1006 | if (getpeername(packet_get_connection_in(), | 1021 | if (getpeername(packet_get_connection_in(), |
1007 | (struct sockaddr *) & from, &fromlen) < 0) { | 1022 | (struct sockaddr *) & from, &fromlen) < 0) { |
1008 | debug("getpeername: %.100s", strerror(errno)); | 1023 | debug("getpeername: %.100s", strerror(errno)); |
@@ -1012,7 +1027,7 @@ mm_record_login(Session *s, struct passwd *pw) | |||
1012 | /* Record that there was a login on that tty from the remote host. */ | 1027 | /* Record that there was a login on that tty from the remote host. */ |
1013 | record_login(s->pid, s->tty, pw->pw_name, pw->pw_uid, | 1028 | record_login(s->pid, s->tty, pw->pw_name, pw->pw_uid, |
1014 | get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping), | 1029 | get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping), |
1015 | (struct sockaddr *)&from); | 1030 | (struct sockaddr *)&from, fromlen); |
1016 | } | 1031 | } |
1017 | 1032 | ||
1018 | static void | 1033 | static void |
@@ -1276,6 +1291,89 @@ mm_answer_rsa_response(int socket, Buffer *m) | |||
1276 | return (success); | 1291 | return (success); |
1277 | } | 1292 | } |
1278 | 1293 | ||
1294 | #ifdef KRB4 | ||
1295 | int | ||
1296 | mm_answer_krb4(int socket, Buffer *m) | ||
1297 | { | ||
1298 | KTEXT_ST auth, reply; | ||
1299 | char *client, *p; | ||
1300 | int success; | ||
1301 | u_int alen; | ||
1302 | |||
1303 | reply.length = auth.length = 0; | ||
1304 | |||
1305 | p = buffer_get_string(m, &alen); | ||
1306 | if (alen >= MAX_KTXT_LEN) | ||
1307 | fatal("%s: auth too large", __func__); | ||
1308 | memcpy(auth.dat, p, alen); | ||
1309 | auth.length = alen; | ||
1310 | memset(p, 0, alen); | ||
1311 | xfree(p); | ||
1312 | |||
1313 | success = options.kerberos_authentication && | ||
1314 | authctxt->valid && | ||
1315 | auth_krb4(authctxt, &auth, &client, &reply); | ||
1316 | |||
1317 | memset(auth.dat, 0, alen); | ||
1318 | buffer_clear(m); | ||
1319 | buffer_put_int(m, success); | ||
1320 | |||
1321 | if (success) { | ||
1322 | buffer_put_cstring(m, client); | ||
1323 | buffer_put_string(m, reply.dat, reply.length); | ||
1324 | if (client) | ||
1325 | xfree(client); | ||
1326 | if (reply.length) | ||
1327 | memset(reply.dat, 0, reply.length); | ||
1328 | } | ||
1329 | |||
1330 | debug3("%s: sending result %d", __func__, success); | ||
1331 | mm_request_send(socket, MONITOR_ANS_KRB4, m); | ||
1332 | |||
1333 | auth_method = "kerberos"; | ||
1334 | |||
1335 | /* Causes monitor loop to terminate if authenticated */ | ||
1336 | return (success); | ||
1337 | } | ||
1338 | #endif | ||
1339 | |||
1340 | #ifdef KRB5 | ||
1341 | int | ||
1342 | mm_answer_krb5(int socket, Buffer *m) | ||
1343 | { | ||
1344 | krb5_data tkt, reply; | ||
1345 | char *client_user; | ||
1346 | u_int len; | ||
1347 | int success; | ||
1348 | |||
1349 | /* use temporary var to avoid size issues on 64bit arch */ | ||
1350 | tkt.data = buffer_get_string(m, &len); | ||
1351 | tkt.length = len; | ||
1352 | |||
1353 | success = options.kerberos_authentication && | ||
1354 | authctxt->valid && | ||
1355 | auth_krb5(authctxt, &tkt, &client_user, &reply); | ||
1356 | |||
1357 | if (tkt.length) | ||
1358 | xfree(tkt.data); | ||
1359 | |||
1360 | buffer_clear(m); | ||
1361 | buffer_put_int(m, success); | ||
1362 | |||
1363 | if (success) { | ||
1364 | buffer_put_cstring(m, client_user); | ||
1365 | buffer_put_string(m, reply.data, reply.length); | ||
1366 | if (client_user) | ||
1367 | xfree(client_user); | ||
1368 | if (reply.length) | ||
1369 | xfree(reply.data); | ||
1370 | } | ||
1371 | mm_request_send(socket, MONITOR_ANS_KRB5, m); | ||
1372 | |||
1373 | return success; | ||
1374 | } | ||
1375 | #endif | ||
1376 | |||
1279 | int | 1377 | int |
1280 | mm_answer_term(int socket, Buffer *req) | 1378 | mm_answer_term(int socket, Buffer *req) |
1281 | { | 1379 | { |
@@ -1453,10 +1551,10 @@ mm_get_keystate(struct monitor *pmonitor) | |||
1453 | void * | 1551 | void * |
1454 | mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) | 1552 | mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) |
1455 | { | 1553 | { |
1456 | int len = size * ncount; | 1554 | size_t len = size * ncount; |
1457 | void *address; | 1555 | void *address; |
1458 | 1556 | ||
1459 | if (len <= 0) | 1557 | if (len == 0 || ncount > SIZE_T_MAX / size) |
1460 | fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size); | 1558 | fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size); |
1461 | 1559 | ||
1462 | address = mm_malloc(mm, len); | 1560 | address = mm_malloc(mm, len); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor.h,v 1.6 2002/06/11 05:46:20 mpech Exp $ */ | 1 | /* $OpenBSD: monitor.h,v 1.8 2002/09/26 11:38:43 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 4 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
@@ -49,6 +49,8 @@ enum monitor_reqtype { | |||
49 | MONITOR_REQ_RSAKEYALLOWED, MONITOR_ANS_RSAKEYALLOWED, | 49 | MONITOR_REQ_RSAKEYALLOWED, MONITOR_ANS_RSAKEYALLOWED, |
50 | MONITOR_REQ_RSACHALLENGE, MONITOR_ANS_RSACHALLENGE, | 50 | MONITOR_REQ_RSACHALLENGE, MONITOR_ANS_RSACHALLENGE, |
51 | MONITOR_REQ_RSARESPONSE, MONITOR_ANS_RSARESPONSE, | 51 | MONITOR_REQ_RSARESPONSE, MONITOR_ANS_RSARESPONSE, |
52 | MONITOR_REQ_KRB4, MONITOR_ANS_KRB4, | ||
53 | MONITOR_REQ_KRB5, MONITOR_ANS_KRB5, | ||
52 | MONITOR_REQ_PAM_START, | 54 | MONITOR_REQ_PAM_START, |
53 | MONITOR_REQ_TERM | 55 | MONITOR_REQ_TERM |
54 | }; | 56 | }; |
diff --git a/monitor_fdpass.c b/monitor_fdpass.c index 0d7628fa2..641ce721e 100644 --- a/monitor_fdpass.c +++ b/monitor_fdpass.c | |||
@@ -24,7 +24,7 @@ | |||
24 | */ | 24 | */ |
25 | 25 | ||
26 | #include "includes.h" | 26 | #include "includes.h" |
27 | RCSID("$OpenBSD: monitor_fdpass.c,v 1.3 2002/06/04 23:05:49 markus Exp $"); | 27 | RCSID("$OpenBSD: monitor_fdpass.c,v 1.4 2002/06/26 14:50:04 deraadt Exp $"); |
28 | 28 | ||
29 | #include <sys/uio.h> | 29 | #include <sys/uio.h> |
30 | 30 | ||
@@ -38,7 +38,7 @@ mm_send_fd(int socket, int fd) | |||
38 | struct msghdr msg; | 38 | struct msghdr msg; |
39 | struct iovec vec; | 39 | struct iovec vec; |
40 | char ch = '\0'; | 40 | char ch = '\0'; |
41 | int n; | 41 | ssize_t n; |
42 | #ifndef HAVE_ACCRIGHTS_IN_MSGHDR | 42 | #ifndef HAVE_ACCRIGHTS_IN_MSGHDR |
43 | char tmp[CMSG_SPACE(sizeof(int))]; | 43 | char tmp[CMSG_SPACE(sizeof(int))]; |
44 | struct cmsghdr *cmsg; | 44 | struct cmsghdr *cmsg; |
@@ -67,8 +67,8 @@ mm_send_fd(int socket, int fd) | |||
67 | fatal("%s: sendmsg(%d): %s", __func__, fd, | 67 | fatal("%s: sendmsg(%d): %s", __func__, fd, |
68 | strerror(errno)); | 68 | strerror(errno)); |
69 | if (n != 1) | 69 | if (n != 1) |
70 | fatal("%s: sendmsg: expected sent 1 got %d", | 70 | fatal("%s: sendmsg: expected sent 1 got %ld", |
71 | __func__, n); | 71 | __func__, (long)n); |
72 | #else | 72 | #else |
73 | fatal("%s: UsePrivilegeSeparation=yes not supported", | 73 | fatal("%s: UsePrivilegeSeparation=yes not supported", |
74 | __func__); | 74 | __func__); |
@@ -81,8 +81,9 @@ mm_receive_fd(int socket) | |||
81 | #if defined(HAVE_RECVMSG) && (defined(HAVE_ACCRIGHTS_IN_MSGHDR) || defined(HAVE_CONTROL_IN_MSGHDR)) | 81 | #if defined(HAVE_RECVMSG) && (defined(HAVE_ACCRIGHTS_IN_MSGHDR) || defined(HAVE_CONTROL_IN_MSGHDR)) |
82 | struct msghdr msg; | 82 | struct msghdr msg; |
83 | struct iovec vec; | 83 | struct iovec vec; |
84 | ssize_t n; | ||
84 | char ch; | 85 | char ch; |
85 | int fd, n; | 86 | int fd; |
86 | #ifndef HAVE_ACCRIGHTS_IN_MSGHDR | 87 | #ifndef HAVE_ACCRIGHTS_IN_MSGHDR |
87 | char tmp[CMSG_SPACE(sizeof(int))]; | 88 | char tmp[CMSG_SPACE(sizeof(int))]; |
88 | struct cmsghdr *cmsg; | 89 | struct cmsghdr *cmsg; |
@@ -104,8 +105,8 @@ mm_receive_fd(int socket) | |||
104 | if ((n = recvmsg(socket, &msg, 0)) == -1) | 105 | if ((n = recvmsg(socket, &msg, 0)) == -1) |
105 | fatal("%s: recvmsg: %s", __func__, strerror(errno)); | 106 | fatal("%s: recvmsg: %s", __func__, strerror(errno)); |
106 | if (n != 1) | 107 | if (n != 1) |
107 | fatal("%s: recvmsg: expected received 1 got %d", | 108 | fatal("%s: recvmsg: expected received 1 got %ld", |
108 | __func__, n); | 109 | __func__, (long)n); |
109 | 110 | ||
110 | #ifdef HAVE_ACCRIGHTS_IN_MSGHDR | 111 | #ifdef HAVE_ACCRIGHTS_IN_MSGHDR |
111 | if (msg.msg_accrightslen != sizeof(fd)) | 112 | if (msg.msg_accrightslen != sizeof(fd)) |
diff --git a/monitor_mm.c b/monitor_mm.c index 55d1e8e52..b4a6e40c9 100644 --- a/monitor_mm.c +++ b/monitor_mm.c | |||
@@ -24,13 +24,13 @@ | |||
24 | */ | 24 | */ |
25 | 25 | ||
26 | #include "includes.h" | 26 | #include "includes.h" |
27 | RCSID("$OpenBSD: monitor_mm.c,v 1.6 2002/06/04 23:05:49 markus Exp $"); | 27 | RCSID("$OpenBSD: monitor_mm.c,v 1.8 2002/08/02 14:43:15 millert Exp $"); |
28 | 28 | ||
29 | #ifdef HAVE_SYS_MMAN_H | 29 | #ifdef HAVE_SYS_MMAN_H |
30 | #include <sys/mman.h> | 30 | #include <sys/mman.h> |
31 | #endif | 31 | #endif |
32 | #include <sys/shm.h> | ||
33 | 32 | ||
33 | #include "openbsd-compat/xmmap.h" | ||
34 | #include "ssh.h" | 34 | #include "ssh.h" |
35 | #include "xmalloc.h" | 35 | #include "xmalloc.h" |
36 | #include "log.h" | 36 | #include "log.h" |
@@ -39,7 +39,14 @@ RCSID("$OpenBSD: monitor_mm.c,v 1.6 2002/06/04 23:05:49 markus Exp $"); | |||
39 | static int | 39 | static int |
40 | mm_compare(struct mm_share *a, struct mm_share *b) | 40 | mm_compare(struct mm_share *a, struct mm_share *b) |
41 | { | 41 | { |
42 | return ((char *)a->address - (char *)b->address); | 42 | long diff = (char *)a->address - (char *)b->address; |
43 | |||
44 | if (diff == 0) | ||
45 | return (0); | ||
46 | else if (diff < 0) | ||
47 | return (-1); | ||
48 | else | ||
49 | return (1); | ||
43 | } | 50 | } |
44 | 51 | ||
45 | RB_GENERATE(mmtree, mm_share, next, mm_compare) | 52 | RB_GENERATE(mmtree, mm_share, next, mm_compare) |
@@ -85,48 +92,9 @@ mm_create(struct mm_master *mmalloc, size_t size) | |||
85 | */ | 92 | */ |
86 | mm->mmalloc = mmalloc; | 93 | mm->mmalloc = mmalloc; |
87 | 94 | ||
88 | #ifdef HAVE_MMAP_ANON_SHARED | 95 | address = xmmap(size); |
89 | mm->shm_not_mmap = 0; | ||
90 | |||
91 | address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, | ||
92 | -1, 0); | ||
93 | |||
94 | if (address == MAP_FAILED) { | ||
95 | int shmid; | ||
96 | |||
97 | shmid = shmget(IPC_PRIVATE, size, IPC_CREAT|S_IRUSR|S_IWUSR); | ||
98 | if (shmid != -1) { | ||
99 | address = shmat(shmid, NULL, 0); | ||
100 | shmctl(shmid, IPC_RMID, NULL); | ||
101 | if (address != MAP_FAILED) | ||
102 | mm->shm_not_mmap = 1; | ||
103 | } | ||
104 | } | ||
105 | |||
106 | if (address == MAP_FAILED) { | ||
107 | char tmpname[sizeof(MM_SWAP_TEMPLATE)] = MM_SWAP_TEMPLATE; | ||
108 | int tmpfd; | ||
109 | int save_errno; | ||
110 | |||
111 | tmpfd = mkstemp(tmpname); | ||
112 | if (tmpfd == -1) | ||
113 | fatal("mkstemp(\"%s\"): %s", | ||
114 | MM_SWAP_TEMPLATE, strerror(errno)); | ||
115 | unlink(tmpname); | ||
116 | ftruncate(tmpfd, size); | ||
117 | address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_SHARED, | ||
118 | tmpfd, 0); | ||
119 | save_errno = errno; | ||
120 | close(tmpfd); | ||
121 | errno = save_errno; | ||
122 | } | ||
123 | |||
124 | if (address == MAP_FAILED) | 96 | if (address == MAP_FAILED) |
125 | fatal("mmap(%lu): %s", (u_long)size, strerror(errno)); | 97 | fatal("mmap(%lu): %s", (u_long)size, strerror(errno)); |
126 | #else | ||
127 | fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported", | ||
128 | __func__); | ||
129 | #endif | ||
130 | 98 | ||
131 | mm->address = address; | 99 | mm->address = address; |
132 | mm->size = size; | 100 | mm->size = size; |
@@ -164,11 +132,7 @@ mm_destroy(struct mm_master *mm) | |||
164 | mm_freelist(mm->mmalloc, &mm->rb_free); | 132 | mm_freelist(mm->mmalloc, &mm->rb_free); |
165 | mm_freelist(mm->mmalloc, &mm->rb_allocated); | 133 | mm_freelist(mm->mmalloc, &mm->rb_allocated); |
166 | 134 | ||
167 | #ifdef HAVE_MMAP_ANON_SHARED | 135 | #ifdef HAVE_MMAP |
168 | if (mm->shm_not_mmap) { | ||
169 | if (shmdt(mm->address) == -1) | ||
170 | fatal("shmdt(%p): %s", mm->address, strerror(errno)); | ||
171 | } else | ||
172 | if (munmap(mm->address, mm->size) == -1) | 136 | if (munmap(mm->address, mm->size) == -1) |
173 | fatal("munmap(%p, %lu): %s", mm->address, (u_long)mm->size, | 137 | fatal("munmap(%p, %lu): %s", mm->address, (u_long)mm->size, |
174 | strerror(errno)); | 138 | strerror(errno)); |
@@ -203,8 +167,10 @@ mm_malloc(struct mm_master *mm, size_t size) | |||
203 | 167 | ||
204 | if (size == 0) | 168 | if (size == 0) |
205 | fatal("mm_malloc: try to allocate 0 space"); | 169 | fatal("mm_malloc: try to allocate 0 space"); |
170 | if (size > SIZE_T_MAX - MM_MINSIZE + 1) | ||
171 | fatal("mm_malloc: size too big"); | ||
206 | 172 | ||
207 | size = ((size + MM_MINSIZE - 1) / MM_MINSIZE) * MM_MINSIZE; | 173 | size = ((size + (MM_MINSIZE - 1)) / MM_MINSIZE) * MM_MINSIZE; |
208 | 174 | ||
209 | RB_FOREACH(mms, mmtree, &mm->rb_free) { | 175 | RB_FOREACH(mms, mmtree, &mm->rb_free) { |
210 | if (mms->size >= size) | 176 | if (mms->size >= size) |
diff --git a/monitor_mm.h b/monitor_mm.h index b0e6d5f22..a1323b9a8 100644 --- a/monitor_mm.h +++ b/monitor_mm.h | |||
@@ -27,7 +27,7 @@ | |||
27 | 27 | ||
28 | #ifndef _MM_H_ | 28 | #ifndef _MM_H_ |
29 | #define _MM_H_ | 29 | #define _MM_H_ |
30 | #include "openbsd-compat/tree.h" | 30 | #include "openbsd-compat/sys-tree.h" |
31 | 31 | ||
32 | struct mm_share { | 32 | struct mm_share { |
33 | RB_ENTRY(mm_share) next; | 33 | RB_ENTRY(mm_share) next; |
@@ -40,7 +40,6 @@ struct mm_master { | |||
40 | struct mmtree rb_allocated; | 40 | struct mmtree rb_allocated; |
41 | void *address; | 41 | void *address; |
42 | size_t size; | 42 | size_t size; |
43 | int shm_not_mmap; | ||
44 | 43 | ||
45 | struct mm_master *mmalloc; /* Used to completely share */ | 44 | struct mm_master *mmalloc; /* Used to completely share */ |
46 | 45 | ||
@@ -54,8 +53,6 @@ RB_PROTOTYPE(mmtree, mm_share, next, mm_compare) | |||
54 | 53 | ||
55 | #define MM_ADDRESS_END(x) (void *)((u_char *)(x)->address + (x)->size) | 54 | #define MM_ADDRESS_END(x) (void *)((u_char *)(x)->address + (x)->size) |
56 | 55 | ||
57 | #define MM_SWAP_TEMPLATE "/var/run/sshd.mm.XXXXXXXX" | ||
58 | |||
59 | struct mm_master *mm_create(struct mm_master *, size_t); | 56 | struct mm_master *mm_create(struct mm_master *, size_t); |
60 | void mm_destroy(struct mm_master *); | 57 | void mm_destroy(struct mm_master *); |
61 | 58 | ||
diff --git a/monitor_wrap.c b/monitor_wrap.c index f7e332d8e..4c53bfd13 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c | |||
@@ -25,7 +25,7 @@ | |||
25 | */ | 25 | */ |
26 | 26 | ||
27 | #include "includes.h" | 27 | #include "includes.h" |
28 | RCSID("$OpenBSD: monitor_wrap.c,v 1.11 2002/06/19 18:01:00 markus Exp $"); | 28 | RCSID("$OpenBSD: monitor_wrap.c,v 1.19 2002/09/26 11:38:43 markus Exp $"); |
29 | 29 | ||
30 | #include <openssl/bn.h> | 30 | #include <openssl/bn.h> |
31 | #include <openssl/dh.h> | 31 | #include <openssl/dh.h> |
@@ -62,8 +62,8 @@ extern Buffer input, output; | |||
62 | void | 62 | void |
63 | mm_request_send(int socket, enum monitor_reqtype type, Buffer *m) | 63 | mm_request_send(int socket, enum monitor_reqtype type, Buffer *m) |
64 | { | 64 | { |
65 | u_char buf[5]; | ||
66 | u_int mlen = buffer_len(m); | 65 | u_int mlen = buffer_len(m); |
66 | u_char buf[5]; | ||
67 | 67 | ||
68 | debug3("%s entering: type %d", __func__, type); | 68 | debug3("%s entering: type %d", __func__, type); |
69 | 69 | ||
@@ -79,8 +79,8 @@ void | |||
79 | mm_request_receive(int socket, Buffer *m) | 79 | mm_request_receive(int socket, Buffer *m) |
80 | { | 80 | { |
81 | u_char buf[4]; | 81 | u_char buf[4]; |
82 | ssize_t res; | ||
83 | u_int msg_len; | 82 | u_int msg_len; |
83 | ssize_t res; | ||
84 | 84 | ||
85 | debug3("%s entering", __func__); | 85 | debug3("%s entering", __func__); |
86 | 86 | ||
@@ -207,7 +207,7 @@ mm_getpwnamallow(const char *login) | |||
207 | return (pw); | 207 | return (pw); |
208 | } | 208 | } |
209 | 209 | ||
210 | char* mm_auth2_read_banner(void) | 210 | char *mm_auth2_read_banner(void) |
211 | { | 211 | { |
212 | Buffer m; | 212 | Buffer m; |
213 | char *banner; | 213 | char *banner; |
@@ -411,7 +411,7 @@ mm_newkeys_from_blob(u_char *blob, int blen) | |||
411 | enc->key = buffer_get_string(&b, &enc->key_len); | 411 | enc->key = buffer_get_string(&b, &enc->key_len); |
412 | enc->iv = buffer_get_string(&b, &len); | 412 | enc->iv = buffer_get_string(&b, &len); |
413 | if (len != enc->block_size) | 413 | if (len != enc->block_size) |
414 | fatal("%s: bad ivlen: expected %d != %d", __func__, | 414 | fatal("%s: bad ivlen: expected %u != %u", __func__, |
415 | enc->block_size, len); | 415 | enc->block_size, len); |
416 | 416 | ||
417 | if (enc->name == NULL || cipher_by_name(enc->name) != enc->cipher) | 417 | if (enc->name == NULL || cipher_by_name(enc->name) != enc->cipher) |
@@ -425,7 +425,7 @@ mm_newkeys_from_blob(u_char *blob, int blen) | |||
425 | mac->enabled = buffer_get_int(&b); | 425 | mac->enabled = buffer_get_int(&b); |
426 | mac->key = buffer_get_string(&b, &len); | 426 | mac->key = buffer_get_string(&b, &len); |
427 | if (len > mac->key_len) | 427 | if (len > mac->key_len) |
428 | fatal("%s: bad mac key length: %d > %d", __func__, len, | 428 | fatal("%s: bad mac key length: %u > %d", __func__, len, |
429 | mac->key_len); | 429 | mac->key_len); |
430 | mac->key_len = len; | 430 | mac->key_len = len; |
431 | 431 | ||
@@ -436,7 +436,7 @@ mm_newkeys_from_blob(u_char *blob, int blen) | |||
436 | 436 | ||
437 | len = buffer_len(&b); | 437 | len = buffer_len(&b); |
438 | if (len != 0) | 438 | if (len != 0) |
439 | error("newkeys_from_blob: remaining bytes in blob %d", len); | 439 | error("newkeys_from_blob: remaining bytes in blob %u", len); |
440 | buffer_free(&b); | 440 | buffer_free(&b); |
441 | return (newkey); | 441 | return (newkey); |
442 | } | 442 | } |
@@ -446,7 +446,6 @@ mm_newkeys_to_blob(int mode, u_char **blobp, u_int *lenp) | |||
446 | { | 446 | { |
447 | Buffer b; | 447 | Buffer b; |
448 | int len; | 448 | int len; |
449 | u_char *buf; | ||
450 | Enc *enc; | 449 | Enc *enc; |
451 | Mac *mac; | 450 | Mac *mac; |
452 | Comp *comp; | 451 | Comp *comp; |
@@ -484,14 +483,14 @@ mm_newkeys_to_blob(int mode, u_char **blobp, u_int *lenp) | |||
484 | buffer_put_cstring(&b, comp->name); | 483 | buffer_put_cstring(&b, comp->name); |
485 | 484 | ||
486 | len = buffer_len(&b); | 485 | len = buffer_len(&b); |
487 | buf = xmalloc(len); | ||
488 | memcpy(buf, buffer_ptr(&b), len); | ||
489 | memset(buffer_ptr(&b), 0, len); | ||
490 | buffer_free(&b); | ||
491 | if (lenp != NULL) | 486 | if (lenp != NULL) |
492 | *lenp = len; | 487 | *lenp = len; |
493 | if (blobp != NULL) | 488 | if (blobp != NULL) { |
494 | *blobp = buf; | 489 | *blobp = xmalloc(len); |
490 | memcpy(*blobp, buffer_ptr(&b), len); | ||
491 | } | ||
492 | memset(buffer_ptr(&b), 0, len); | ||
493 | buffer_free(&b); | ||
495 | return len; | 494 | return len; |
496 | } | 495 | } |
497 | 496 | ||
@@ -600,7 +599,7 @@ int | |||
600 | mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) | 599 | mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) |
601 | { | 600 | { |
602 | Buffer m; | 601 | Buffer m; |
603 | u_char *p; | 602 | char *p; |
604 | int success = 0; | 603 | int success = 0; |
605 | 604 | ||
606 | buffer_init(&m); | 605 | buffer_init(&m); |
@@ -705,7 +704,7 @@ mm_chall_setup(char **name, char **infotxt, u_int *numprompts, | |||
705 | *name = xstrdup(""); | 704 | *name = xstrdup(""); |
706 | *infotxt = xstrdup(""); | 705 | *infotxt = xstrdup(""); |
707 | *numprompts = 1; | 706 | *numprompts = 1; |
708 | *prompts = xmalloc(*numprompts * sizeof(char*)); | 707 | *prompts = xmalloc(*numprompts * sizeof(char *)); |
709 | *echo_on = xmalloc(*numprompts * sizeof(u_int)); | 708 | *echo_on = xmalloc(*numprompts * sizeof(u_int)); |
710 | (*echo_on)[0] = 0; | 709 | (*echo_on)[0] = 0; |
711 | } | 710 | } |
@@ -937,3 +936,74 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16]) | |||
937 | 936 | ||
938 | return (success); | 937 | return (success); |
939 | } | 938 | } |
939 | |||
940 | #ifdef KRB4 | ||
941 | int | ||
942 | mm_auth_krb4(Authctxt *authctxt, void *_auth, char **client, void *_reply) | ||
943 | { | ||
944 | KTEXT auth, reply; | ||
945 | Buffer m; | ||
946 | u_int rlen; | ||
947 | int success = 0; | ||
948 | char *p; | ||
949 | |||
950 | debug3("%s entering", __func__); | ||
951 | auth = _auth; | ||
952 | reply = _reply; | ||
953 | |||
954 | buffer_init(&m); | ||
955 | buffer_put_string(&m, auth->dat, auth->length); | ||
956 | |||
957 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB4, &m); | ||
958 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB4, &m); | ||
959 | |||
960 | success = buffer_get_int(&m); | ||
961 | if (success) { | ||
962 | *client = buffer_get_string(&m, NULL); | ||
963 | p = buffer_get_string(&m, &rlen); | ||
964 | if (rlen >= MAX_KTXT_LEN) | ||
965 | fatal("%s: reply from monitor too large", __func__); | ||
966 | reply->length = rlen; | ||
967 | memcpy(reply->dat, p, rlen); | ||
968 | memset(p, 0, rlen); | ||
969 | xfree(p); | ||
970 | } | ||
971 | buffer_free(&m); | ||
972 | return (success); | ||
973 | } | ||
974 | #endif | ||
975 | |||
976 | #ifdef KRB5 | ||
977 | int | ||
978 | mm_auth_krb5(void *ctx, void *argp, char **userp, void *resp) | ||
979 | { | ||
980 | krb5_data *tkt, *reply; | ||
981 | Buffer m; | ||
982 | int success; | ||
983 | |||
984 | debug3("%s entering", __func__); | ||
985 | tkt = (krb5_data *) argp; | ||
986 | reply = (krb5_data *) resp; | ||
987 | |||
988 | buffer_init(&m); | ||
989 | buffer_put_string(&m, tkt->data, tkt->length); | ||
990 | |||
991 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KRB5, &m); | ||
992 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_KRB5, &m); | ||
993 | |||
994 | success = buffer_get_int(&m); | ||
995 | if (success) { | ||
996 | u_int len; | ||
997 | |||
998 | *userp = buffer_get_string(&m, NULL); | ||
999 | reply->data = buffer_get_string(&m, &len); | ||
1000 | reply->length = len; | ||
1001 | } else { | ||
1002 | memset(reply, 0, sizeof(*reply)); | ||
1003 | *userp = NULL; | ||
1004 | } | ||
1005 | |||
1006 | buffer_free(&m); | ||
1007 | return (success); | ||
1008 | } | ||
1009 | #endif | ||
diff --git a/monitor_wrap.h b/monitor_wrap.h index ce721247b..d960a3d0b 100644 --- a/monitor_wrap.h +++ b/monitor_wrap.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor_wrap.h,v 1.5 2002/05/12 23:53:45 djm Exp $ */ | 1 | /* $OpenBSD: monitor_wrap.h,v 1.8 2002/09/26 11:38:43 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 4 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
@@ -44,7 +44,7 @@ DH *mm_choose_dh(int, int, int); | |||
44 | int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int); | 44 | int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int); |
45 | void mm_inform_authserv(char *, char *); | 45 | void mm_inform_authserv(char *, char *); |
46 | struct passwd *mm_getpwnamallow(const char *); | 46 | struct passwd *mm_getpwnamallow(const char *); |
47 | char* mm_auth2_read_banner(void); | 47 | char *mm_auth2_read_banner(void); |
48 | int mm_auth_password(struct Authctxt *, char *); | 48 | int mm_auth_password(struct Authctxt *, char *); |
49 | int mm_key_allowed(enum mm_keytype, char *, char *, Key *); | 49 | int mm_key_allowed(enum mm_keytype, char *, char *, Key *); |
50 | int mm_user_key_allowed(struct passwd *, Key *); | 50 | int mm_user_key_allowed(struct passwd *, Key *); |
@@ -83,6 +83,16 @@ int mm_bsdauth_respond(void *, u_int, char **); | |||
83 | int mm_skey_query(void *, char **, char **, u_int *, char ***, u_int **); | 83 | int mm_skey_query(void *, char **, char **, u_int *, char ***, u_int **); |
84 | int mm_skey_respond(void *, u_int, char **); | 84 | int mm_skey_respond(void *, u_int, char **); |
85 | 85 | ||
86 | /* auth_krb */ | ||
87 | #ifdef KRB4 | ||
88 | int mm_auth_krb4(struct Authctxt *, void *, char **, void *); | ||
89 | #endif | ||
90 | #ifdef KRB5 | ||
91 | /* auth and reply are really krb5_data objects, but we don't want to | ||
92 | * include all of the krb5 headers here */ | ||
93 | int mm_auth_krb5(void *authctxt, void *auth, char **client, void *reply); | ||
94 | #endif | ||
95 | |||
86 | /* zlib allocation hooks */ | 96 | /* zlib allocation hooks */ |
87 | 97 | ||
88 | void *mm_zalloc(struct mm_master *, u_int, u_int); | 98 | void *mm_zalloc(struct mm_master *, u_int, u_int); |
@@ -22,7 +22,7 @@ | |||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
23 | */ | 23 | */ |
24 | #include "includes.h" | 24 | #include "includes.h" |
25 | RCSID("$OpenBSD: msg.c,v 1.3 2002/06/24 15:49:22 itojun Exp $"); | 25 | RCSID("$OpenBSD: msg.c,v 1.4 2002/07/01 16:15:25 deraadt Exp $"); |
26 | 26 | ||
27 | #include "buffer.h" | 27 | #include "buffer.h" |
28 | #include "getput.h" | 28 | #include "getput.h" |
@@ -31,43 +31,43 @@ RCSID("$OpenBSD: msg.c,v 1.3 2002/06/24 15:49:22 itojun Exp $"); | |||
31 | #include "msg.h" | 31 | #include "msg.h" |
32 | 32 | ||
33 | void | 33 | void |
34 | msg_send(int fd, u_char type, Buffer *m) | 34 | ssh_msg_send(int fd, u_char type, Buffer *m) |
35 | { | 35 | { |
36 | u_char buf[5]; | 36 | u_char buf[5]; |
37 | u_int mlen = buffer_len(m); | 37 | u_int mlen = buffer_len(m); |
38 | 38 | ||
39 | debug3("msg_send: type %u", (unsigned int)type & 0xff); | 39 | debug3("ssh_msg_send: type %u", (unsigned int)type & 0xff); |
40 | 40 | ||
41 | PUT_32BIT(buf, mlen + 1); | 41 | PUT_32BIT(buf, mlen + 1); |
42 | buf[4] = type; /* 1st byte of payload is mesg-type */ | 42 | buf[4] = type; /* 1st byte of payload is mesg-type */ |
43 | if (atomicio(write, fd, buf, sizeof(buf)) != sizeof(buf)) | 43 | if (atomicio(write, fd, buf, sizeof(buf)) != sizeof(buf)) |
44 | fatal("msg_send: write"); | 44 | fatal("ssh_msg_send: write"); |
45 | if (atomicio(write, fd, buffer_ptr(m), mlen) != mlen) | 45 | if (atomicio(write, fd, buffer_ptr(m), mlen) != mlen) |
46 | fatal("msg_send: write"); | 46 | fatal("ssh_msg_send: write"); |
47 | } | 47 | } |
48 | 48 | ||
49 | int | 49 | int |
50 | msg_recv(int fd, Buffer *m) | 50 | ssh_msg_recv(int fd, Buffer *m) |
51 | { | 51 | { |
52 | u_char buf[4]; | 52 | u_char buf[4]; |
53 | ssize_t res; | 53 | ssize_t res; |
54 | u_int msg_len; | 54 | u_int msg_len; |
55 | 55 | ||
56 | debug3("msg_recv entering"); | 56 | debug3("ssh_msg_recv entering"); |
57 | 57 | ||
58 | res = atomicio(read, fd, buf, sizeof(buf)); | 58 | res = atomicio(read, fd, buf, sizeof(buf)); |
59 | if (res != sizeof(buf)) { | 59 | if (res != sizeof(buf)) { |
60 | if (res == 0) | 60 | if (res == 0) |
61 | return -1; | 61 | return -1; |
62 | fatal("msg_recv: read: header %ld", (long)res); | 62 | fatal("ssh_msg_recv: read: header %ld", (long)res); |
63 | } | 63 | } |
64 | msg_len = GET_32BIT(buf); | 64 | msg_len = GET_32BIT(buf); |
65 | if (msg_len > 256 * 1024) | 65 | if (msg_len > 256 * 1024) |
66 | fatal("msg_recv: read: bad msg_len %d", msg_len); | 66 | fatal("ssh_msg_recv: read: bad msg_len %u", msg_len); |
67 | buffer_clear(m); | 67 | buffer_clear(m); |
68 | buffer_append_space(m, msg_len); | 68 | buffer_append_space(m, msg_len); |
69 | res = atomicio(read, fd, buffer_ptr(m), msg_len); | 69 | res = atomicio(read, fd, buffer_ptr(m), msg_len); |
70 | if (res != msg_len) | 70 | if (res != msg_len) |
71 | fatal("msg_recv: read: %ld != msg_len", (long)res); | 71 | fatal("ssh_msg_recv: read: %ld != msg_len", (long)res); |
72 | return 0; | 72 | return 0; |
73 | } | 73 | } |
@@ -25,7 +25,7 @@ | |||
25 | #ifndef SSH_MSG_H | 25 | #ifndef SSH_MSG_H |
26 | #define SSH_MSG_H | 26 | #define SSH_MSG_H |
27 | 27 | ||
28 | void msg_send(int, u_char, Buffer *); | 28 | void ssh_msg_send(int, u_char, Buffer *); |
29 | int msg_recv(int, Buffer *); | 29 | int ssh_msg_recv(int, Buffer *); |
30 | 30 | ||
31 | #endif | 31 | #endif |
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 3e09cfefe..5229e7e20 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: Makefile.in,v 1.21 2002/02/19 20:27:57 mouring Exp $ | 1 | # $Id: Makefile.in,v 1.23 2002/09/12 00:33:02 djm Exp $ |
2 | 2 | ||
3 | sysconfdir=@sysconfdir@ | 3 | sysconfdir=@sysconfdir@ |
4 | piddir=@piddir@ | 4 | piddir=@piddir@ |
@@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@ | |||
18 | 18 | ||
19 | OPENBSD=base64.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o | 19 | OPENBSD=base64.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o |
20 | 20 | ||
21 | COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-misc.o bsd-nextstep.o bsd-snprintf.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o | 21 | COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-snprintf.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o xmmap.o |
22 | 22 | ||
23 | PORTS=port-irix.o port-aix.o | 23 | PORTS=port-irix.o port-aix.o |
24 | 24 | ||
diff --git a/openbsd-compat/base64.c b/openbsd-compat/base64.c index d12b993b7..005170b80 100644 --- a/openbsd-compat/base64.c +++ b/openbsd-compat/base64.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: base64.c,v 1.3 1997/11/08 20:46:55 deraadt Exp $ */ | 1 | /* $OpenBSD: base64.c,v 1.4 2002/01/02 23:00:10 deraadt Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 1996 by Internet Software Consortium. | 4 | * Copyright (c) 1996 by Internet Software Consortium. |
@@ -42,7 +42,7 @@ | |||
42 | * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. | 42 | * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. |
43 | */ | 43 | */ |
44 | 44 | ||
45 | #include "config.h" | 45 | #include "includes.h" |
46 | 46 | ||
47 | #if !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP) | 47 | #if !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP) |
48 | 48 | ||
@@ -60,6 +60,7 @@ | |||
60 | 60 | ||
61 | #include "base64.h" | 61 | #include "base64.h" |
62 | 62 | ||
63 | /* XXX abort illegal in library */ | ||
63 | #define Assert(Cond) if (!(Cond)) abort() | 64 | #define Assert(Cond) if (!(Cond)) abort() |
64 | 65 | ||
65 | static const char Base64[] = | 66 | static const char Base64[] = |
diff --git a/openbsd-compat/bindresvport.c b/openbsd-compat/bindresvport.c index 332bcb016..620f980ed 100644 --- a/openbsd-compat/bindresvport.c +++ b/openbsd-compat/bindresvport.c | |||
@@ -29,7 +29,7 @@ | |||
29 | * Mountain View, California 94043 | 29 | * Mountain View, California 94043 |
30 | */ | 30 | */ |
31 | 31 | ||
32 | #include "config.h" | 32 | #include "includes.h" |
33 | 33 | ||
34 | #ifndef HAVE_BINDRESVPORT_SA | 34 | #ifndef HAVE_BINDRESVPORT_SA |
35 | 35 | ||
diff --git a/openbsd-compat/bsd-cray.c b/openbsd-compat/bsd-cray.c index 9bab75b41..edb3112b3 100644 --- a/openbsd-compat/bsd-cray.c +++ b/openbsd-compat/bsd-cray.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * $Id: bsd-cray.c,v 1.6 2002/05/15 16:39:51 mouring Exp $ | 2 | * $Id: bsd-cray.c,v 1.8 2002/09/26 00:38:51 tim Exp $ |
3 | * | 3 | * |
4 | * bsd-cray.c | 4 | * bsd-cray.c |
5 | * | 5 | * |
@@ -34,8 +34,8 @@ | |||
34 | * on UNICOS systems. | 34 | * on UNICOS systems. |
35 | * | 35 | * |
36 | */ | 36 | */ |
37 | #ifdef _UNICOS | ||
37 | 38 | ||
38 | #ifdef _CRAY | ||
39 | #include <udb.h> | 39 | #include <udb.h> |
40 | #include <tmpdir.h> | 40 | #include <tmpdir.h> |
41 | #include <unistd.h> | 41 | #include <unistd.h> |
@@ -45,19 +45,33 @@ | |||
45 | #include <signal.h> | 45 | #include <signal.h> |
46 | #include <sys/priv.h> | 46 | #include <sys/priv.h> |
47 | #include <sys/secparm.h> | 47 | #include <sys/secparm.h> |
48 | #include <sys/tfm.h> | ||
48 | #include <sys/usrv.h> | 49 | #include <sys/usrv.h> |
49 | #include <sys/sysv.h> | 50 | #include <sys/sysv.h> |
50 | #include <sys/sectab.h> | 51 | #include <sys/sectab.h> |
52 | #include <sys/secstat.h> | ||
51 | #include <sys/stat.h> | 53 | #include <sys/stat.h> |
54 | #include <sys/session.h> | ||
52 | #include <stdlib.h> | 55 | #include <stdlib.h> |
53 | #include <pwd.h> | 56 | #include <pwd.h> |
54 | #include <fcntl.h> | 57 | #include <fcntl.h> |
55 | #include <errno.h> | 58 | #include <errno.h> |
56 | 59 | #include <ia.h> | |
60 | #include <urm.h> | ||
61 | #include "ssh.h" | ||
62 | #include "log.h" | ||
63 | #include "servconf.h" | ||
57 | #include "bsd-cray.h" | 64 | #include "bsd-cray.h" |
58 | 65 | ||
66 | #define MAXACID 80 | ||
67 | |||
68 | extern ServerOptions options; | ||
69 | |||
59 | char cray_tmpdir[TPATHSIZ+1]; /* job TMPDIR path */ | 70 | char cray_tmpdir[TPATHSIZ+1]; /* job TMPDIR path */ |
60 | 71 | ||
72 | struct sysv sysv; /* system security structure */ | ||
73 | struct usrv usrv; /* user security structure */ | ||
74 | |||
61 | /* | 75 | /* |
62 | * Functions. | 76 | * Functions. |
63 | */ | 77 | */ |
@@ -65,68 +79,538 @@ void cray_retain_utmp(struct utmp *, int); | |||
65 | void cray_delete_tmpdir(char *, int, uid_t); | 79 | void cray_delete_tmpdir(char *, int, uid_t); |
66 | void cray_init_job(struct passwd *); | 80 | void cray_init_job(struct passwd *); |
67 | void cray_set_tmpdir(struct utmp *); | 81 | void cray_set_tmpdir(struct utmp *); |
82 | void cray_login_failure(char *, int); | ||
83 | int cray_setup(uid_t, char *, const char *); | ||
84 | int cray_access_denied(char *); | ||
85 | |||
86 | void | ||
87 | cray_login_failure(char *username, int errcode) | ||
88 | { | ||
89 | struct udb *ueptr; /* UDB pointer for username */ | ||
90 | ia_failure_t fsent; /* ia_failure structure */ | ||
91 | ia_failure_ret_t fret; /* ia_failure return stuff */ | ||
92 | struct jtab jtab; /* job table structure */ | ||
93 | int jid = 0; /* job id */ | ||
94 | |||
95 | if ((jid = getjtab(&jtab)) < 0) { | ||
96 | debug("cray_login_failure(): getjtab error"); | ||
97 | } | ||
98 | getsysudb(); | ||
99 | if ((ueptr = getudbnam(username)) == UDB_NULL) { | ||
100 | debug("cray_login_failure(): getudbname() returned NULL"); | ||
101 | } | ||
102 | endudb(); | ||
103 | fsent.revision = 0; | ||
104 | fsent.uname = username; | ||
105 | fsent.host = (char *)get_canonical_hostname(options.verify_reverse_mapping); | ||
106 | fsent.ttyn = "sshd"; | ||
107 | fsent.caller = IA_SSHD; | ||
108 | fsent.flags = IA_INTERACTIVE; | ||
109 | fsent.ueptr = ueptr; | ||
110 | fsent.jid = jid; | ||
111 | fsent.errcode = errcode; | ||
112 | fsent.pwdp = NULL; | ||
113 | fsent.exitcode = 0; /* dont exit in ia_failure() */ | ||
114 | |||
115 | fret.revision = 0; | ||
116 | fret.normal = 0; | ||
68 | 117 | ||
118 | /* | ||
119 | * Call ia_failure because of an login failure. | ||
120 | */ | ||
121 | ia_failure(&fsent,&fret); | ||
122 | } | ||
69 | 123 | ||
70 | /* | 124 | /* |
71 | * Orignal written by: | 125 | * Cray access denied |
72 | * Wayne Schroeder | 126 | */ |
73 | * San Diego Supercomputer Center | 127 | int |
74 | * schroeder@sdsc.edu | 128 | cray_access_denied(char *username) |
75 | */ | ||
76 | void | ||
77 | cray_setup(uid_t uid, char *username) | ||
78 | { | 129 | { |
79 | struct udb *p; | 130 | struct udb *ueptr; /* UDB pointer for username */ |
131 | int errcode; /* IA errorcode */ | ||
132 | |||
133 | errcode = 0; | ||
134 | getsysudb(); | ||
135 | if ((ueptr = getudbnam(username)) == UDB_NULL) { | ||
136 | debug("cray_login_failure(): getudbname() returned NULL"); | ||
137 | } | ||
138 | endudb(); | ||
139 | if (ueptr && ueptr->ue_disabled) | ||
140 | errcode = IA_DISABLED; | ||
141 | if (errcode) | ||
142 | cray_login_failure(username, errcode); | ||
143 | return (errcode); | ||
144 | } | ||
145 | |||
146 | int | ||
147 | cray_setup (uid_t uid, char *username, const char *command) | ||
148 | { | ||
149 | extern struct udb *getudb(); | ||
80 | extern char *setlimits(); | 150 | extern char *setlimits(); |
81 | int i, j; | ||
82 | int accts[MAXVIDS]; | ||
83 | int naccts; | ||
84 | int err; | ||
85 | char *sr; | ||
86 | int pid; | ||
87 | struct jtab jbuf; | ||
88 | int jid; | ||
89 | 151 | ||
90 | if ((jid = getjtab(&jbuf)) < 0) | 152 | int err; /* error return */ |
91 | fatal("getjtab: no jid"); | 153 | time_t system_time; /* current system clock */ |
92 | 154 | time_t expiration_time; /* password expiration time */ | |
93 | err = setudb(); /* open and rewind the Cray User DataBase */ | 155 | int maxattempts; /* maximum no. of failed login attempts */ |
94 | if (err != 0) | 156 | int SecureSys; /* unicos security flag */ |
95 | fatal("UDB open failure"); | 157 | int minslevel = 0; /* system minimum security level */ |
96 | naccts = 0; | 158 | int i, j; |
97 | p = getudbnam(username); | 159 | int valid_acct = -1; /* flag for reading valid acct */ |
98 | if (p == NULL) | 160 | char acct_name[MAXACID] = { "" }; /* used to read acct name */ |
99 | fatal("No UDB entry for %.100s", username); | 161 | struct jtab jtab; /* Job table struct */ |
100 | if (uid != p->ue_uid) | 162 | struct udb ue; /* udb entry for logging-in user */ |
101 | fatal("UDB entry %.100s uid(%d) does not match uid %d", | 163 | struct udb *up; /* pointer to UDB entry */ |
102 | username, (int) p->ue_uid, (int) uid); | 164 | struct secstat secinfo; /* file security attributes */ |
103 | for (j = 0; p->ue_acids[j] != -1 && j < MAXVIDS; j++) { | 165 | struct servprov init_info; /* used for sesscntl() call */ |
104 | accts[naccts] = p->ue_acids[j]; | 166 | int jid; /* job ID */ |
105 | naccts++; | 167 | int pid; /* process ID */ |
168 | char *sr; /* status return from setlimits() */ | ||
169 | char *ttyn = NULL; /* ttyname or command name*/ | ||
170 | char hostname[MAXHOSTNAMELEN]; | ||
171 | passwd_t pwdacm, | ||
172 | pwddialup, | ||
173 | pwdudb, | ||
174 | pwdwal, | ||
175 | pwddce; /* passwd stuff for ia_user */ | ||
176 | ia_user_ret_t uret; /* stuff returned from ia_user */ | ||
177 | ia_user_t usent; /* ia_user main structure */ | ||
178 | int ia_rcode; /* ia_user return code */ | ||
179 | ia_failure_t fsent; /* ia_failure structure */ | ||
180 | ia_failure_ret_t fret; /* ia_failure return stuff */ | ||
181 | ia_success_t ssent; /* ia_success structure */ | ||
182 | ia_success_ret_t sret; /* ia_success return stuff */ | ||
183 | int ia_mlsrcode; /* ia_mlsuser return code */ | ||
184 | int secstatrc; /* [f]secstat return code */ | ||
185 | |||
186 | if (SecureSys = (int)sysconf(_SC_CRAY_SECURE_SYS)) { | ||
187 | getsysv(&sysv, sizeof(struct sysv)); | ||
188 | minslevel = sysv.sy_minlvl; | ||
189 | if (getusrv(&usrv) < 0) { | ||
190 | debug("getusrv() failed, errno = %d",errno); | ||
191 | exit(1); | ||
192 | } | ||
106 | } | 193 | } |
107 | endudb(); /* close the udb */ | 194 | hostname[0] = '\0'; |
108 | 195 | strncpy(hostname, | |
109 | if (naccts != 0) { | 196 | (char *)get_canonical_hostname(options.verify_reverse_mapping), |
110 | /* Perhaps someday we'll prompt users who have multiple accounts | 197 | MAXHOSTNAMELEN); |
111 | to let them pick one (like CRI's login does), but for now just set | 198 | /* |
112 | the account to the first entry. */ | 199 | * Fetch user's UDB entry. |
113 | if (acctid(0, accts[0]) < 0) | 200 | */ |
114 | fatal("System call acctid failed, accts[0]=%d", accts[0]); | 201 | getsysudb(); |
202 | if ((up = getudbnam(username)) == UDB_NULL) { | ||
203 | debug("cannot fetch user's UDB entry"); | ||
204 | exit(1); | ||
205 | } | ||
206 | |||
207 | /* | ||
208 | * Prevent any possible fudging so perform a data | ||
209 | * safety check and compare the supplied uid against | ||
210 | * the udb's uid. | ||
211 | */ | ||
212 | if (up->ue_uid != uid) { | ||
213 | debug("IA uid missmatch"); | ||
214 | exit(1); | ||
215 | } | ||
216 | endudb(); | ||
217 | |||
218 | if ((jid = getjtab (&jtab)) < 0) { | ||
219 | debug("getjtab"); | ||
220 | return -1; | ||
221 | } | ||
222 | pid = getpid(); | ||
223 | ttyn = ttyname(0); | ||
224 | if (SecureSys) { | ||
225 | if (ttyn) { | ||
226 | secstatrc = secstat(ttyn, &secinfo); | ||
227 | } else { | ||
228 | secstatrc = fsecstat(1, &secinfo); | ||
229 | } | ||
230 | if (secstatrc == 0) { | ||
231 | debug("[f]secstat() successful"); | ||
232 | } else { | ||
233 | debug("[f]secstat() error, rc = %d", secstatrc); | ||
234 | exit(1); | ||
235 | } | ||
236 | } | ||
237 | if ((ttyn == NULL) && ((char *)command != NULL)) | ||
238 | ttyn = (char *)command; | ||
239 | /* | ||
240 | * Initialize all structures to call ia_user | ||
241 | */ | ||
242 | usent.revision = 0; | ||
243 | usent.uname = username; | ||
244 | usent.host = hostname; | ||
245 | usent.ttyn = ttyn; | ||
246 | usent.caller = IA_SSHD; | ||
247 | usent.pswdlist = &pwdacm; | ||
248 | usent.ueptr = &ue; | ||
249 | usent.flags = IA_INTERACTIVE | IA_FFLAG; | ||
250 | pwdacm.atype = IA_SECURID; | ||
251 | pwdacm.pwdp = NULL; | ||
252 | pwdacm.next = &pwdudb; | ||
253 | |||
254 | pwdudb.atype = IA_UDB; | ||
255 | pwdudb.pwdp = NULL; | ||
256 | pwdudb.next = &pwddce; | ||
257 | |||
258 | pwddce.atype = IA_DCE; | ||
259 | pwddce.pwdp = NULL; | ||
260 | pwddce.next = &pwddialup; | ||
261 | |||
262 | pwddialup.atype = IA_DIALUP; | ||
263 | pwddialup.pwdp = NULL; | ||
264 | /* pwddialup.next = &pwdwal; */ | ||
265 | pwddialup.next = NULL; | ||
266 | |||
267 | pwdwal.atype = IA_WAL; | ||
268 | pwdwal.pwdp = NULL; | ||
269 | pwdwal.next = NULL; | ||
270 | |||
271 | uret.revision = 0; | ||
272 | uret.pswd = NULL; | ||
273 | uret.normal = 0; | ||
274 | |||
275 | ia_rcode = ia_user(&usent, &uret); | ||
276 | |||
277 | switch (ia_rcode) { | ||
278 | /* | ||
279 | * These are acceptable return codes from ia_user() | ||
280 | */ | ||
281 | case IA_UDBWEEK: /* Password Expires in 1 week */ | ||
282 | expiration_time = ue.ue_pwage.time + ue.ue_pwage.maxage; | ||
283 | printf ("WARNING - your current password will expire %s\n", | ||
284 | ctime((const time_t *)&expiration_time)); | ||
285 | break; | ||
286 | case IA_UDBEXPIRED: | ||
287 | if (ttyname(0) != NULL) { | ||
288 | /* Force a password change */ | ||
289 | printf("Your password has expired; Choose a new one.\n"); | ||
290 | execl("/bin/passwd", "passwd", username, 0); | ||
291 | exit(9); | ||
292 | } | ||
293 | |||
294 | break; | ||
295 | case IA_NORMAL: /* Normal Return Code */ | ||
296 | break; | ||
297 | case IA_BACKDOOR: | ||
298 | strcpy(ue.ue_name, "root"); | ||
299 | strcpy(ue.ue_passwd, ""); | ||
300 | strcpy(ue.ue_dir, "/"); | ||
301 | strcpy(ue.ue_shell, "/bin/sh"); | ||
302 | strcpy(ue.ue_age, ""); | ||
303 | strcpy(ue.ue_comment, ""); | ||
304 | strcpy(ue.ue_loghost, ""); | ||
305 | strcpy(ue.ue_logline, ""); | ||
306 | ue.ue_uid=-1; | ||
307 | ue.ue_nice[UDBRC_INTER]=0; | ||
308 | for (i=0;i<MAXVIDS;i++) | ||
309 | ue.ue_gids[i]=0; | ||
310 | ue.ue_logfails=0; | ||
311 | ue.ue_minlvl=minslevel; | ||
312 | ue.ue_maxlvl=minslevel; | ||
313 | ue.ue_deflvl=minslevel; | ||
314 | ue.ue_defcomps=0; | ||
315 | ue.ue_comparts=0; | ||
316 | ue.ue_permits=0; | ||
317 | ue.ue_trap=0; | ||
318 | ue.ue_disabled=0; | ||
319 | ue.ue_logtime=0; | ||
320 | break; | ||
321 | case IA_CONSOLE: /* Superuser not from Console */ | ||
322 | case IA_TRUSTED: /* Trusted user */ | ||
323 | if (options.permit_root_login > PERMIT_NO) | ||
324 | break; /* Accept root login */ | ||
325 | default: | ||
326 | /* | ||
327 | * These are failed return codes from ia_user() | ||
328 | */ | ||
329 | switch (ia_rcode) | ||
330 | { | ||
331 | case IA_BADAUTH: | ||
332 | printf ("Bad authorization, access denied.\n"); | ||
333 | break; | ||
334 | case IA_DIALUPERR: | ||
335 | break; | ||
336 | case IA_DISABLED: | ||
337 | printf ("Your login has been disabled. Contact the system "); | ||
338 | printf ("administrator for assistance.\n"); | ||
339 | break; | ||
340 | case IA_GETSYSV: | ||
341 | printf ("getsysv() failed - errno = %d\n", errno); | ||
342 | break; | ||
343 | case IA_LOCALHOST: | ||
344 | break; | ||
345 | case IA_MAXLOGS: | ||
346 | printf ("Maximum number of failed login attempts exceeded.\n"); | ||
347 | printf ("Access denied.\n"); | ||
348 | break; | ||
349 | case IA_NOPASS: | ||
350 | break; | ||
351 | case IA_PUBLIC: | ||
352 | break; | ||
353 | case IA_SECURIDERR: | ||
354 | break; | ||
355 | case IA_CONSOLE: | ||
356 | break; | ||
357 | case IA_TRUSTED: | ||
358 | break; | ||
359 | case IA_UDBERR: | ||
360 | break; | ||
361 | case IA_UDBPWDNULL: | ||
362 | /* | ||
363 | * NULL password not allowed on MLS systems | ||
364 | */ | ||
365 | if (SecureSys) { | ||
366 | printf("NULL Password not allowed on MLS systems.\n"); | ||
367 | } | ||
368 | break; | ||
369 | case IA_UNKNOWN: | ||
370 | break; | ||
371 | case IA_UNKNOWNYP: | ||
372 | break; | ||
373 | case IA_WALERR: | ||
374 | break; | ||
375 | default: | ||
376 | /* nothing special */ | ||
377 | ; | ||
378 | } /* 2. switch (ia_rcode) */ | ||
379 | /* | ||
380 | * Authentication failed. | ||
381 | */ | ||
382 | printf("sshd: Login incorrect, (0%o)\n", | ||
383 | ia_rcode-IA_ERRORCODE); | ||
384 | |||
385 | /* | ||
386 | * Initialize structure for ia_failure | ||
387 | * which will exit. | ||
388 | */ | ||
389 | fsent.revision = 0; | ||
390 | fsent.uname = username; | ||
391 | fsent.host = hostname; | ||
392 | fsent.ttyn = ttyn; | ||
393 | fsent.caller = IA_SSHD; | ||
394 | fsent.flags = IA_INTERACTIVE; | ||
395 | fsent.ueptr = &ue; | ||
396 | fsent.jid = jid; | ||
397 | fsent.errcode = ia_rcode; | ||
398 | fsent.pwdp = uret.pswd; | ||
399 | fsent.exitcode = 1; | ||
400 | |||
401 | fret.revision = 0; | ||
402 | fret.normal = 0; | ||
403 | |||
404 | /* | ||
405 | * Call ia_failure because of an IA failure. | ||
406 | * There is no return because ia_failure exits. | ||
407 | */ | ||
408 | |||
409 | ia_failure(&fsent,&fret); | ||
410 | |||
411 | exit(1); | ||
412 | } /* 1. switch (ia_rcode) */ | ||
413 | ia_mlsrcode = IA_NORMAL; | ||
414 | if (SecureSys) { | ||
415 | debug("calling ia_mlsuser()"); | ||
416 | ia_mlsrcode = ia_mlsuser (&ue, &secinfo, &usrv, NULL, 0); | ||
417 | } | ||
418 | if (ia_mlsrcode != IA_NORMAL) { | ||
419 | printf("sshd: Login incorrect, (0%o)\n", | ||
420 | ia_mlsrcode-IA_ERRORCODE); | ||
421 | /* | ||
422 | * Initialize structure for ia_failure | ||
423 | * which will exit. | ||
424 | */ | ||
425 | fsent.revision = 0; | ||
426 | fsent.uname = username; | ||
427 | fsent.host = hostname; | ||
428 | fsent.ttyn = ttyn; | ||
429 | fsent.caller = IA_SSHD; | ||
430 | fsent.flags = IA_INTERACTIVE; | ||
431 | fsent.ueptr = &ue; | ||
432 | fsent.jid = jid; | ||
433 | fsent.errcode = ia_mlsrcode; | ||
434 | fsent.pwdp = uret.pswd; | ||
435 | fsent.exitcode = 1; | ||
436 | fret.revision = 0; | ||
437 | fret.normal = 0; | ||
438 | |||
439 | /* | ||
440 | * Call ia_failure because of an IA failure. | ||
441 | * There is no return because ia_failure exits. | ||
442 | */ | ||
443 | ia_failure(&fsent,&fret); | ||
444 | exit(1); | ||
115 | } | 445 | } |
116 | 446 | ||
117 | /* Now set limits, including CPU time for the (interactive) job and process, | 447 | /* Provide login status information */ |
118 | and set up permissions (for chown etc), etc. This is via an internal CRI | 448 | if (options.print_lastlog && ue.ue_logtime != 0) { |
119 | routine, setlimits, used by CRI's login. */ | 449 | printf("Last successful login was : %.*s ", |
450 | 19, (char *)ctime(&ue.ue_logtime)); | ||
451 | |||
452 | if (*ue.ue_loghost != '\0') | ||
453 | printf("from %.*s\n", sizeof(ue.ue_loghost), ue.ue_loghost); | ||
454 | |||
455 | else printf("on %.*s\n", sizeof(ue.ue_logline), ue.ue_logline); | ||
456 | |||
457 | if ( SecureSys && (ue.ue_logfails != 0)) | ||
458 | printf(" followed by %d failed attempts\n", ue.ue_logfails); | ||
459 | } | ||
460 | |||
461 | |||
462 | /* | ||
463 | * Call ia_success to process successful I/A. | ||
464 | */ | ||
465 | ssent.revision = 0; | ||
466 | ssent.uname = username; | ||
467 | ssent.host = hostname; | ||
468 | ssent.ttyn = ttyn; | ||
469 | ssent.caller = IA_SSHD; | ||
470 | ssent.flags = IA_INTERACTIVE; | ||
471 | ssent.ueptr = &ue; | ||
472 | ssent.jid = jid; | ||
473 | ssent.errcode = ia_rcode; | ||
474 | ssent.us = NULL; | ||
475 | ssent.time = 1; /* Set ue_logtime */ | ||
476 | |||
477 | sret.revision = 0; | ||
478 | sret.normal = 0; | ||
479 | |||
480 | ia_success(&ssent,&sret); | ||
481 | |||
482 | /* | ||
483 | * Query for account, iff > 1 valid acid & askacid permbit | ||
484 | */ | ||
485 | if (((ue.ue_permbits & PERMBITS_ACCTID) || | ||
486 | (ue.ue_acids[0] >= 0) && (ue.ue_acids[1] >= 0)) && | ||
487 | ue.ue_permbits & PERMBITS_ASKACID) { | ||
488 | if (ttyname(0) != NULL) { | ||
489 | debug("cray_setup: ttyname true case, %.100s", ttyname); | ||
490 | while (valid_acct == -1) { | ||
491 | printf("Account (? for available accounts)" | ||
492 | " [%s]: ", acid2nam(ue.ue_acids[0])); | ||
493 | gets(acct_name); | ||
494 | switch (acct_name[0]) { | ||
495 | case EOF: | ||
496 | exit(0); | ||
497 | break; | ||
498 | case '\0': | ||
499 | valid_acct = ue.ue_acids[0]; | ||
500 | strcpy(acct_name, acid2nam(valid_acct)); | ||
501 | break; | ||
502 | case '?': | ||
503 | /* Print the list 3 wide */ | ||
504 | for (i = 0, j = 0; i < MAXVIDS; i++) { | ||
505 | if (ue.ue_acids[i] == -1) { | ||
506 | printf("\n"); | ||
507 | break; | ||
508 | } | ||
509 | if (++j == 4) { | ||
510 | j = 1; | ||
511 | printf("\n"); | ||
512 | } | ||
513 | printf(" %s", | ||
514 | acid2nam(ue.ue_acids[i])); | ||
515 | } | ||
516 | if (ue.ue_permbits & PERMBITS_ACCTID) | ||
517 | printf("\"acctid\" permbit also allows" | ||
518 | " you to select any valid " | ||
519 | "account name.\n"); | ||
520 | printf("\n"); | ||
521 | break; | ||
522 | default: | ||
523 | if ((valid_acct = nam2acid(acct_name)) == -1) printf("Account id not found for" | ||
524 | " account name \"%s\"\n\n", | ||
525 | acct_name); | ||
526 | break; | ||
527 | } | ||
528 | /* | ||
529 | * If an account was given, search the user's | ||
530 | * acids array to verify they can use this account. | ||
531 | */ | ||
532 | if ((valid_acct != -1) && | ||
533 | !(ue.ue_permbits & PERMBITS_ACCTID)) { | ||
534 | for (i = 0; i < MAXVIDS; i++) { | ||
535 | if (ue.ue_acids[i] == -1) | ||
536 | break; | ||
537 | if (valid_acct == ue.ue_acids[i]) | ||
538 | break; | ||
539 | } | ||
540 | if (i == MAXVIDS || | ||
541 | ue.ue_acids[i] == -1) { | ||
542 | fprintf(stderr, "Cannot set" | ||
543 | " account name to " | ||
544 | "\"%s\", permission " | ||
545 | "denied\n\n", acct_name); | ||
546 | valid_acct = -1; | ||
547 | } | ||
548 | } | ||
549 | } | ||
550 | } else { | ||
551 | /* | ||
552 | * The client isn't connected to a terminal and can't | ||
553 | * respond to an acid prompt. Use default acid. | ||
554 | */ | ||
555 | debug("cray_setup: ttyname false case, %.100s", ttyname); | ||
556 | valid_acct = ue.ue_acids[0]; | ||
557 | } | ||
558 | } else { | ||
559 | /* | ||
560 | * The user doesn't have the askacid permbit set or | ||
561 | * only has one valid account to use. | ||
562 | */ | ||
563 | valid_acct = ue.ue_acids[0]; | ||
564 | } | ||
565 | if (acctid(0, valid_acct) < 0) { | ||
566 | printf ("Bad account id: %d\n", valid_acct); | ||
567 | exit(1); | ||
568 | } | ||
569 | |||
570 | /* set up shares and quotas */ | ||
571 | /* Now set shares, quotas, limits, including CPU time for the (interactive) | ||
572 | * job and process, and set up permissions (for chown etc), etc. | ||
573 | */ | ||
574 | if (setshares(ue.ue_uid, valid_acct, printf, 0, 0)) { | ||
575 | printf("Unable to give %d shares to <%s>(%d/%d)\n", ue.ue_shares, ue.ue_name, ue.ue_uid, valid_acct); | ||
576 | exit(1); | ||
577 | } | ||
120 | 578 | ||
121 | pid = getpid(); | ||
122 | sr = setlimits(username, C_PROC, pid, UDBRC_INTER); | 579 | sr = setlimits(username, C_PROC, pid, UDBRC_INTER); |
123 | if (sr != NULL) | 580 | if (sr != NULL) { |
124 | fatal("%.200s", sr); | 581 | debug("%.200s", sr); |
125 | 582 | exit(1); | |
583 | } | ||
126 | sr = setlimits(username, C_JOB, jid, UDBRC_INTER); | 584 | sr = setlimits(username, C_JOB, jid, UDBRC_INTER); |
127 | if (sr != NULL) | 585 | if (sr != NULL) { |
128 | fatal("%.200s", sr); | 586 | debug("%.200s", sr); |
587 | exit(1); | ||
588 | } | ||
589 | /* | ||
590 | * Place the service provider information into | ||
591 | * the session table (Unicos) or job table (Unicos/mk). | ||
592 | * There exist double defines for the job/session table in | ||
593 | * unicos/mk (jtab.h) so no need for a compile time switch. | ||
594 | */ | ||
595 | bzero((char *)&init_info, sizeof(struct servprov)); | ||
596 | init_info.s_sessinit.si_id = URM_SPT_LOGIN; | ||
597 | init_info.s_sessinit.si_pid = getpid(); | ||
598 | init_info.s_sessinit.si_sid = jid; | ||
599 | init_info.s_routing.seqno = 0; | ||
600 | init_info.s_routing.iadrs = 0; | ||
601 | sesscntl(0, S_SETSERVPO, (int)&init_info); | ||
129 | 602 | ||
603 | /* | ||
604 | * Set user and controlling tty security attributes. | ||
605 | */ | ||
606 | if (SecureSys) { | ||
607 | if (setusrv(&usrv) == -1) { | ||
608 | debug("setusrv() failed, errno = %d",errno); | ||
609 | exit(1); | ||
610 | } | ||
611 | } | ||
612 | |||
613 | return(0); | ||
130 | } | 614 | } |
131 | 615 | ||
132 | /* | 616 | /* |
@@ -143,7 +627,6 @@ drop_cray_privs() | |||
143 | int result; | 627 | int result; |
144 | extern int priv_set_proc(); | 628 | extern int priv_set_proc(); |
145 | extern priv_proc_t* priv_init_proc(); | 629 | extern priv_proc_t* priv_init_proc(); |
146 | struct usrv usrv; | ||
147 | 630 | ||
148 | /* | 631 | /* |
149 | * If ether of theses two flags are not set | 632 | * If ether of theses two flags are not set |
@@ -154,9 +637,23 @@ drop_cray_privs() | |||
154 | if (!sysconf(_SC_CRAY_POSIX_PRIV)) | 637 | if (!sysconf(_SC_CRAY_POSIX_PRIV)) |
155 | fatal("Not POSIX_PRIV."); | 638 | fatal("Not POSIX_PRIV."); |
156 | 639 | ||
157 | debug("Dropping privileges."); | 640 | debug("Setting MLS labels.");; |
641 | |||
642 | if (sysconf(_SC_CRAY_SECURE_MAC)) { | ||
643 | usrv.sv_minlvl = SYSLOW; | ||
644 | usrv.sv_actlvl = SYSHIGH; | ||
645 | usrv.sv_maxlvl = SYSHIGH; | ||
646 | } else { | ||
647 | usrv.sv_minlvl = sysv.sy_minlvl; | ||
648 | usrv.sv_actlvl = sysv.sy_minlvl; | ||
649 | usrv.sv_maxlvl = sysv.sy_maxlvl; | ||
650 | } | ||
651 | usrv.sv_actcmp = 0; | ||
652 | usrv.sv_valcmp = sysv.sy_valcmp; | ||
653 | |||
654 | usrv.sv_intcat = TFM_SYSTEM; | ||
655 | usrv.sv_valcat |= (TFM_SYSTEM | TFM_SYSFILE); | ||
158 | 656 | ||
159 | memset(&usrv, 0, sizeof(usrv)); | ||
160 | if (setusrv(&usrv) < 0) | 657 | if (setusrv(&usrv) < 0) |
161 | fatal("%s(%d): setusrv(): %s", __FILE__, __LINE__, | 658 | fatal("%s(%d): setusrv(): %s", __FILE__, __LINE__, |
162 | strerror(errno)); | 659 | strerror(errno)); |
@@ -189,7 +686,6 @@ cray_retain_utmp(struct utmp *ut, int pid) | |||
189 | while (read(fd, (char *)&utmp, sizeof(utmp)) == sizeof(utmp)) { | 686 | while (read(fd, (char *)&utmp, sizeof(utmp)) == sizeof(utmp)) { |
190 | if (pid == utmp.ut_pid) { | 687 | if (pid == utmp.ut_pid) { |
191 | ut->ut_jid = utmp.ut_jid; | 688 | ut->ut_jid = utmp.ut_jid; |
192 | /* XXX: MIN_SIZEOF here? can this go in loginrec? */ | ||
193 | strncpy(ut->ut_tpath, utmp.ut_tpath, sizeof(utmp.ut_tpath)); | 689 | strncpy(ut->ut_tpath, utmp.ut_tpath, sizeof(utmp.ut_tpath)); |
194 | strncpy(ut->ut_host, utmp.ut_host, sizeof(utmp.ut_host)); | 690 | strncpy(ut->ut_host, utmp.ut_host, sizeof(utmp.ut_host)); |
195 | strncpy(ut->ut_name, utmp.ut_name, sizeof(utmp.ut_name)); | 691 | strncpy(ut->ut_name, utmp.ut_name, sizeof(utmp.ut_name)); |
@@ -198,7 +694,8 @@ cray_retain_utmp(struct utmp *ut, int pid) | |||
198 | } | 694 | } |
199 | close(fd); | 695 | close(fd); |
200 | } | 696 | } |
201 | /* XXX: error message? */ | 697 | else |
698 | fatal("Unable to open utmp file"); | ||
202 | } | 699 | } |
203 | 700 | ||
204 | /* | 701 | /* |
@@ -245,7 +742,7 @@ cray_job_termination_handler(int sig) | |||
245 | char *login = NULL; | 742 | char *login = NULL; |
246 | struct jtab jtab; | 743 | struct jtab jtab; |
247 | 744 | ||
248 | debug("Received SIG JOB."); | 745 | debug("received signal %d",sig); |
249 | 746 | ||
250 | if ((jid = waitjob(&jtab)) == -1 || | 747 | if ((jid = waitjob(&jtab)) == -1 || |
251 | (login = uid2nam(jtab.j_uid)) == NULL) | 748 | (login = uid2nam(jtab.j_uid)) == NULL) |
diff --git a/openbsd-compat/bsd-cray.h b/openbsd-compat/bsd-cray.h index 9067a389a..8868b4364 100644 --- a/openbsd-compat/bsd-cray.h +++ b/openbsd-compat/bsd-cray.h | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * $Id: bsd-cray.h,v 1.3 2002/05/15 16:39:52 mouring Exp $ | 2 | * $Id: bsd-cray.h,v 1.5 2002/09/26 00:38:51 tim Exp $ |
3 | * | 3 | * |
4 | * bsd-cray.h | 4 | * bsd-cray.h |
5 | * | 5 | * |
@@ -37,11 +37,18 @@ | |||
37 | #ifndef _BSD_CRAY_H | 37 | #ifndef _BSD_CRAY_H |
38 | #define _BSD_CRAY_H | 38 | #define _BSD_CRAY_H |
39 | 39 | ||
40 | #ifdef _CRAY | 40 | #ifdef _UNICOS |
41 | void cray_init_job(struct passwd *); /* init cray job */ | 41 | void cray_init_job(struct passwd *); /* init cray job */ |
42 | void cray_job_termination_handler(int); /* process end of job signal */ | 42 | void cray_job_termination_handler(int); /* process end of job signal */ |
43 | void cray_setup(uid_t, char *); /* set cray limits */ | 43 | void cray_login_failure(char *username, int errcode); |
44 | int cray_access_denied(char *username); | ||
44 | extern char cray_tmpdir[]; /* cray tmpdir */ | 45 | extern char cray_tmpdir[]; /* cray tmpdir */ |
46 | #ifndef IA_SSHD | ||
47 | #define IA_SSHD IA_LOGIN | ||
48 | #endif | ||
49 | #ifndef MAXHOSTNAMELEN | ||
50 | #define MAXHOSTNAMELEN 64 | ||
51 | #endif | ||
45 | #endif | 52 | #endif |
46 | 53 | ||
47 | #endif /* _BSD_CRAY_H */ | 54 | #endif /* _BSD_CRAY_H */ |
diff --git a/openbsd-compat/bsd-getpeereid.c b/openbsd-compat/bsd-getpeereid.c new file mode 100644 index 000000000..c7876823d --- /dev/null +++ b/openbsd-compat/bsd-getpeereid.c | |||
@@ -0,0 +1,56 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2002 Damien Miller. All rights reserved. | ||
3 | * | ||
4 | * Redistribution and use in source and binary forms, with or without | ||
5 | * modification, are permitted provided that the following conditions | ||
6 | * are met: | ||
7 | * 1. Redistributions of source code must retain the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer. | ||
9 | * 2. Redistributions in binary form must reproduce the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer in the | ||
11 | * documentation and/or other materials provided with the distribution. | ||
12 | * | ||
13 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
14 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
15 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
16 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
17 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
18 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
19 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
20 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
23 | */ | ||
24 | |||
25 | #include "includes.h" | ||
26 | |||
27 | RCSID("$Id: bsd-getpeereid.c,v 1.1 2002/09/12 00:33:02 djm Exp $"); | ||
28 | |||
29 | #if !defined(HAVE_GETPEEREID) | ||
30 | |||
31 | #if defined(SO_PEERCRED) | ||
32 | int | ||
33 | getpeereid(int s, uid_t *euid, gid_t *gid) | ||
34 | { | ||
35 | struct ucred cred; | ||
36 | size_t len = sizeof(cred); | ||
37 | |||
38 | if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, &cred, &len) < 0) | ||
39 | return (-1); | ||
40 | *euid = cred.uid; | ||
41 | *gid = cred.gid; | ||
42 | |||
43 | return (0); | ||
44 | } | ||
45 | #else | ||
46 | int | ||
47 | getpeereid(int s, uid_t *euid, gid_t *gid) | ||
48 | { | ||
49 | *euid = geteuid(); | ||
50 | *gid = getgid(); | ||
51 | |||
52 | return (0); | ||
53 | } | ||
54 | #endif /* defined(SO_PEERCRED) */ | ||
55 | |||
56 | #endif /* !defined(HAVE_GETPEEREID) */ | ||
diff --git a/openbsd-compat/bsd-getpeereid.h b/openbsd-compat/bsd-getpeereid.h new file mode 100644 index 000000000..2e9f077f9 --- /dev/null +++ b/openbsd-compat/bsd-getpeereid.h | |||
@@ -0,0 +1,14 @@ | |||
1 | /* $Id: bsd-getpeereid.h,v 1.1 2002/09/12 00:33:02 djm Exp $ */ | ||
2 | |||
3 | #ifndef _BSD_GETPEEREID_H | ||
4 | #define _BSD_GETPEEREID_H | ||
5 | |||
6 | #include "config.h" | ||
7 | |||
8 | #include <sys/types.h> /* For uid_t, gid_t */ | ||
9 | |||
10 | #ifndef HAVE_GETPEEREID | ||
11 | int getpeereid(int , uid_t *, gid_t *); | ||
12 | #endif /* HAVE_GETPEEREID */ | ||
13 | |||
14 | #endif /* _BSD_GETPEEREID_H */ | ||
diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index fa48afea9..1c1e43a52 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c | |||
@@ -24,7 +24,7 @@ | |||
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | 26 | ||
27 | RCSID("$Id: bsd-misc.c,v 1.8 2002/06/13 21:34:58 mouring Exp $"); | 27 | RCSID("$Id: bsd-misc.c,v 1.10 2002/07/08 21:09:41 mouring Exp $"); |
28 | 28 | ||
29 | char *get_progname(char *argv0) | 29 | char *get_progname(char *argv0) |
30 | { | 30 | { |
@@ -93,8 +93,8 @@ int utimes(char *filename, struct timeval *tvp) | |||
93 | { | 93 | { |
94 | struct utimbuf ub; | 94 | struct utimbuf ub; |
95 | 95 | ||
96 | ub.actime = tvp->tv_sec; | 96 | ub.actime = tvp[0].tv_sec; |
97 | ub.modtime = tvp->tv_usec; | 97 | ub.modtime = tvp[1].tv_sec; |
98 | 98 | ||
99 | return(utime(filename, &ub)); | 99 | return(utime(filename, &ub)); |
100 | } | 100 | } |
diff --git a/openbsd-compat/dirname.c b/openbsd-compat/dirname.c index 391b2dd81..35c7d8ec7 100644 --- a/openbsd-compat/dirname.c +++ b/openbsd-compat/dirname.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: dirname.c,v 1.6 2001/06/28 04:27:19 pjanzen Exp $ */ | 1 | /* $OpenBSD: dirname.c,v 1.7 2002/05/24 21:22:37 deraadt Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com> | 4 | * Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com> |
@@ -31,7 +31,7 @@ | |||
31 | #ifndef HAVE_DIRNAME | 31 | #ifndef HAVE_DIRNAME |
32 | 32 | ||
33 | #if defined(LIBC_SCCS) && !defined(lint) | 33 | #if defined(LIBC_SCCS) && !defined(lint) |
34 | static char rcsid[] = "$OpenBSD: dirname.c,v 1.6 2001/06/28 04:27:19 pjanzen Exp $"; | 34 | static char rcsid[] = "$OpenBSD: dirname.c,v 1.7 2002/05/24 21:22:37 deraadt Exp $"; |
35 | #endif /* LIBC_SCCS and not lint */ | 35 | #endif /* LIBC_SCCS and not lint */ |
36 | 36 | ||
37 | #include <errno.h> | 37 | #include <errno.h> |
@@ -47,7 +47,7 @@ dirname(path) | |||
47 | 47 | ||
48 | /* Empty or NULL string gets treated as "." */ | 48 | /* Empty or NULL string gets treated as "." */ |
49 | if (path == NULL || *path == '\0') { | 49 | if (path == NULL || *path == '\0') { |
50 | (void)strcpy(bname, "."); | 50 | (void)strlcpy(bname, ".", sizeof bname); |
51 | return(bname); | 51 | return(bname); |
52 | } | 52 | } |
53 | 53 | ||
@@ -62,7 +62,7 @@ dirname(path) | |||
62 | 62 | ||
63 | /* Either the dir is "/" or there are no slashes */ | 63 | /* Either the dir is "/" or there are no slashes */ |
64 | if (endp == path) { | 64 | if (endp == path) { |
65 | (void)strcpy(bname, *endp == '/' ? "/" : "."); | 65 | (void)strlcpy(bname, *endp == '/' ? "/" : ".", sizeof bname); |
66 | return(bname); | 66 | return(bname); |
67 | } else { | 67 | } else { |
68 | do { | 68 | do { |
diff --git a/openbsd-compat/getcwd.c b/openbsd-compat/getcwd.c index de3baccbb..6fd8543a5 100644 --- a/openbsd-compat/getcwd.c +++ b/openbsd-compat/getcwd.c | |||
@@ -24,7 +24,7 @@ | |||
24 | * SUCH DAMAGE. | 24 | * SUCH DAMAGE. |
25 | */ | 25 | */ |
26 | 26 | ||
27 | #include "config.h" | 27 | #include "includes.h" |
28 | 28 | ||
29 | #if !defined(HAVE_GETCWD) | 29 | #if !defined(HAVE_GETCWD) |
30 | 30 | ||
diff --git a/openbsd-compat/getopt.c b/openbsd-compat/getopt.c index f4fbc9bac..4a5cfe5f0 100644 --- a/openbsd-compat/getopt.c +++ b/openbsd-compat/getopt.c | |||
@@ -31,7 +31,7 @@ | |||
31 | * SUCH DAMAGE. | 31 | * SUCH DAMAGE. |
32 | */ | 32 | */ |
33 | 33 | ||
34 | #include "config.h" | 34 | #include "includes.h" |
35 | #if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET) | 35 | #if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET) |
36 | 36 | ||
37 | #if defined(LIBC_SCCS) && !defined(lint) | 37 | #if defined(LIBC_SCCS) && !defined(lint) |
diff --git a/openbsd-compat/glob.c b/openbsd-compat/glob.c index 365d4334f..e928a2272 100644 --- a/openbsd-compat/glob.c +++ b/openbsd-compat/glob.c | |||
@@ -56,7 +56,7 @@ get_arg_max(void) | |||
56 | #if 0 | 56 | #if 0 |
57 | static char sccsid[] = "@(#)glob.c 8.3 (Berkeley) 10/13/93"; | 57 | static char sccsid[] = "@(#)glob.c 8.3 (Berkeley) 10/13/93"; |
58 | #else | 58 | #else |
59 | static char rcsid[] = "$OpenBSD: glob.c,v 1.16 2001/04/05 18:36:12 deraadt Exp $"; | 59 | static char rcsid[] = "$OpenBSD: glob.c,v 1.20 2002/06/14 21:34:58 todd Exp $"; |
60 | #endif | 60 | #endif |
61 | #endif /* LIBC_SCCS and not lint */ | 61 | #endif /* LIBC_SCCS and not lint */ |
62 | 62 | ||
@@ -97,6 +97,7 @@ static char rcsid[] = "$OpenBSD: glob.c,v 1.16 2001/04/05 18:36:12 deraadt Exp $ | |||
97 | #define RBRACKET ']' | 97 | #define RBRACKET ']' |
98 | #define SEP '/' | 98 | #define SEP '/' |
99 | #define STAR '*' | 99 | #define STAR '*' |
100 | #undef TILDE /* Some platforms may already define it */ | ||
100 | #define TILDE '~' | 101 | #define TILDE '~' |
101 | #define UNDERSCORE '_' | 102 | #define UNDERSCORE '_' |
102 | #define LBRACE '{' | 103 | #define LBRACE '{' |
@@ -136,32 +137,32 @@ typedef char Char; | |||
136 | #define ismeta(c) (((c)&M_QUOTE) != 0) | 137 | #define ismeta(c) (((c)&M_QUOTE) != 0) |
137 | 138 | ||
138 | 139 | ||
139 | static int compare __P((const void *, const void *)); | 140 | static int compare(const void *, const void *); |
140 | static int g_Ctoc __P((const Char *, char *, u_int)); | 141 | static int g_Ctoc(const Char *, char *, u_int); |
141 | static int g_lstat __P((Char *, struct stat *, glob_t *)); | 142 | static int g_lstat(Char *, struct stat *, glob_t *); |
142 | static DIR *g_opendir __P((Char *, glob_t *)); | 143 | static DIR *g_opendir(Char *, glob_t *); |
143 | static Char *g_strchr __P((Char *, int)); | 144 | static Char *g_strchr(Char *, int); |
144 | static int g_stat __P((Char *, struct stat *, glob_t *)); | 145 | static int g_stat(Char *, struct stat *, glob_t *); |
145 | static int glob0 __P((const Char *, glob_t *)); | 146 | static int glob0(const Char *, glob_t *); |
146 | static int glob1 __P((Char *, Char *, glob_t *, size_t *)); | 147 | static int glob1(Char *, Char *, glob_t *, size_t *); |
147 | static int glob2 __P((Char *, Char *, Char *, Char *, Char *, Char *, | 148 | static int glob2(Char *, Char *, Char *, Char *, Char *, Char *, |
148 | glob_t *, size_t *)); | 149 | glob_t *, size_t *); |
149 | static int glob3 __P((Char *, Char *, Char *, Char *, Char *, Char *, | 150 | static int glob3(Char *, Char *, Char *, Char *, Char *, Char *, |
150 | Char *, Char *, glob_t *, size_t *)); | 151 | Char *, Char *, glob_t *, size_t *); |
151 | static int globextend __P((const Char *, glob_t *, size_t *)); | 152 | static int globextend(const Char *, glob_t *, size_t *); |
152 | static const Char * | 153 | static const Char * |
153 | globtilde __P((const Char *, Char *, size_t, glob_t *)); | 154 | globtilde(const Char *, Char *, size_t, glob_t *); |
154 | static int globexp1 __P((const Char *, glob_t *)); | 155 | static int globexp1(const Char *, glob_t *); |
155 | static int globexp2 __P((const Char *, const Char *, glob_t *, int *)); | 156 | static int globexp2(const Char *, const Char *, glob_t *, int *); |
156 | static int match __P((Char *, Char *, Char *)); | 157 | static int match(Char *, Char *, Char *); |
157 | #ifdef DEBUG | 158 | #ifdef DEBUG |
158 | static void qprintf __P((const char *, Char *)); | 159 | static void qprintf(const char *, Char *); |
159 | #endif | 160 | #endif |
160 | 161 | ||
161 | int | 162 | int |
162 | glob(pattern, flags, errfunc, pglob) | 163 | glob(pattern, flags, errfunc, pglob) |
163 | const char *pattern; | 164 | const char *pattern; |
164 | int flags, (*errfunc) __P((const char *, int)); | 165 | int flags, (*errfunc)(const char *, int); |
165 | glob_t *pglob; | 166 | glob_t *pglob; |
166 | { | 167 | { |
167 | const u_char *patnext; | 168 | const u_char *patnext; |
@@ -676,7 +677,7 @@ glob3(pathbuf, pathbuf_last, pathend, pathend_last, pattern, pattern_last, | |||
676 | 677 | ||
677 | 678 | ||
678 | /* | 679 | /* |
679 | * Extend the gl_pathv member of a glob_t structure to accomodate a new item, | 680 | * Extend the gl_pathv member of a glob_t structure to accommodate a new item, |
680 | * add the new item, and update gl_pathc. | 681 | * add the new item, and update gl_pathc. |
681 | * | 682 | * |
682 | * This assumes the BSD realloc, which only copies the block when its size | 683 | * This assumes the BSD realloc, which only copies the block when its size |
@@ -821,7 +822,7 @@ g_opendir(str, pglob) | |||
821 | char buf[MAXPATHLEN]; | 822 | char buf[MAXPATHLEN]; |
822 | 823 | ||
823 | if (!*str) | 824 | if (!*str) |
824 | strcpy(buf, "."); | 825 | strlcpy(buf, ".", sizeof buf); |
825 | else { | 826 | else { |
826 | if (g_Ctoc(str, buf, sizeof(buf))) | 827 | if (g_Ctoc(str, buf, sizeof(buf))) |
827 | return(NULL); | 828 | return(NULL); |
diff --git a/openbsd-compat/glob.h b/openbsd-compat/glob.h index b4c8f7aaa..6421f7049 100644 --- a/openbsd-compat/glob.h +++ b/openbsd-compat/glob.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: glob.h,v 1.5 2001/03/18 17:18:58 deraadt Exp $ */ | 1 | /* $OpenBSD: glob.h,v 1.7 2002/02/17 19:42:21 millert Exp $ */ |
2 | /* $NetBSD: glob.h,v 1.5 1994/10/26 00:55:56 cgd Exp $ */ | 2 | /* $NetBSD: glob.h,v 1.5 1994/10/26 00:55:56 cgd Exp $ */ |
3 | 3 | ||
4 | /* | 4 | /* |
@@ -53,18 +53,18 @@ typedef struct { | |||
53 | int gl_flags; /* Copy of flags parameter to glob. */ | 53 | int gl_flags; /* Copy of flags parameter to glob. */ |
54 | char **gl_pathv; /* List of paths matching pattern. */ | 54 | char **gl_pathv; /* List of paths matching pattern. */ |
55 | /* Copy of errfunc parameter to glob. */ | 55 | /* Copy of errfunc parameter to glob. */ |
56 | int (*gl_errfunc) __P((const char *, int)); | 56 | int (*gl_errfunc)(const char *, int); |
57 | 57 | ||
58 | /* | 58 | /* |
59 | * Alternate filesystem access methods for glob; replacement | 59 | * Alternate filesystem access methods for glob; replacement |
60 | * versions of closedir(3), readdir(3), opendir(3), stat(2) | 60 | * versions of closedir(3), readdir(3), opendir(3), stat(2) |
61 | * and lstat(2). | 61 | * and lstat(2). |
62 | */ | 62 | */ |
63 | void (*gl_closedir) __P((void *)); | 63 | void (*gl_closedir)(void *); |
64 | struct dirent *(*gl_readdir) __P((void *)); | 64 | struct dirent *(*gl_readdir)(void *); |
65 | void *(*gl_opendir) __P((const char *)); | 65 | void *(*gl_opendir)(const char *); |
66 | int (*gl_lstat) __P((const char *, struct stat *)); | 66 | int (*gl_lstat)(const char *, struct stat *); |
67 | int (*gl_stat) __P((const char *, struct stat *)); | 67 | int (*gl_stat)(const char *, struct stat *); |
68 | } glob_t; | 68 | } glob_t; |
69 | 69 | ||
70 | /* Flags */ | 70 | /* Flags */ |
@@ -91,8 +91,8 @@ typedef struct { | |||
91 | #define GLOB_NOSYS (-4) /* Function not supported. */ | 91 | #define GLOB_NOSYS (-4) /* Function not supported. */ |
92 | #define GLOB_ABEND GLOB_ABORTED | 92 | #define GLOB_ABEND GLOB_ABORTED |
93 | 93 | ||
94 | int glob __P((const char *, int, int (*)(const char *, int), glob_t *)); | 94 | int glob(const char *, int, int (*)(const char *, int), glob_t *); |
95 | void globfree __P((glob_t *)); | 95 | void globfree(glob_t *); |
96 | 96 | ||
97 | #endif /* !_GLOB_H_ */ | 97 | #endif /* !_GLOB_H_ */ |
98 | 98 | ||
diff --git a/openbsd-compat/inet_ntoa.c b/openbsd-compat/inet_ntoa.c index 8a8b3c846..ac5f56708 100644 --- a/openbsd-compat/inet_ntoa.c +++ b/openbsd-compat/inet_ntoa.c | |||
@@ -31,12 +31,12 @@ | |||
31 | * SUCH DAMAGE. | 31 | * SUCH DAMAGE. |
32 | */ | 32 | */ |
33 | 33 | ||
34 | #include "config.h" | 34 | #include "includes.h" |
35 | 35 | ||
36 | #if defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA) | 36 | #if defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA) |
37 | 37 | ||
38 | #if defined(LIBC_SCCS) && !defined(lint) | 38 | #if defined(LIBC_SCCS) && !defined(lint) |
39 | static char rcsid[] = "$OpenBSD: inet_ntoa.c,v 1.2 1996/08/19 08:29:16 tholo Exp $"; | 39 | static char rcsid[] = "$OpenBSD: inet_ntoa.c,v 1.3 2002/06/27 10:14:01 itojun Exp $"; |
40 | #endif /* LIBC_SCCS and not lint */ | 40 | #endif /* LIBC_SCCS and not lint */ |
41 | 41 | ||
42 | /* | 42 | /* |
@@ -57,7 +57,7 @@ char *inet_ntoa(struct in_addr in) | |||
57 | p = (char *)∈ | 57 | p = (char *)∈ |
58 | #define UC(b) (((int)b)&0xff) | 58 | #define UC(b) (((int)b)&0xff) |
59 | (void)snprintf(b, sizeof(b), | 59 | (void)snprintf(b, sizeof(b), |
60 | "%d.%d.%d.%d", UC(p[0]), UC(p[1]), UC(p[2]), UC(p[3])); | 60 | "%u.%u.%u.%u", UC(p[0]), UC(p[1]), UC(p[2]), UC(p[3])); |
61 | return (b); | 61 | return (b); |
62 | } | 62 | } |
63 | 63 | ||
diff --git a/openbsd-compat/inet_ntop.c b/openbsd-compat/inet_ntop.c index 2b8d31f8d..3bea519af 100644 --- a/openbsd-compat/inet_ntop.c +++ b/openbsd-compat/inet_ntop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: inet_ntop.c,v 1.1 1997/03/13 19:07:32 downsj Exp $ */ | 1 | /* $OpenBSD: inet_ntop.c,v 1.5 2002/08/23 16:27:31 itojun Exp $ */ |
2 | 2 | ||
3 | /* Copyright (c) 1996 by Internet Software Consortium. | 3 | /* Copyright (c) 1996 by Internet Software Consortium. |
4 | * | 4 | * |
@@ -16,7 +16,7 @@ | |||
16 | * SOFTWARE. | 16 | * SOFTWARE. |
17 | */ | 17 | */ |
18 | 18 | ||
19 | #include "config.h" | 19 | #include "includes.h" |
20 | 20 | ||
21 | #ifndef HAVE_INET_NTOP | 21 | #ifndef HAVE_INET_NTOP |
22 | 22 | ||
@@ -24,7 +24,7 @@ | |||
24 | #if 0 | 24 | #if 0 |
25 | static char rcsid[] = "$From: inet_ntop.c,v 8.7 1996/08/05 08:41:18 vixie Exp $"; | 25 | static char rcsid[] = "$From: inet_ntop.c,v 8.7 1996/08/05 08:41:18 vixie Exp $"; |
26 | #else | 26 | #else |
27 | static char rcsid[] = "$OpenBSD: inet_ntop.c,v 1.1 1997/03/13 19:07:32 downsj Exp $"; | 27 | static char rcsid[] = "$OpenBSD: inet_ntop.c,v 1.5 2002/08/23 16:27:31 itojun Exp $"; |
28 | #endif | 28 | #endif |
29 | #endif /* LIBC_SCCS and not lint */ | 29 | #endif /* LIBC_SCCS and not lint */ |
30 | 30 | ||
@@ -54,8 +54,8 @@ static char rcsid[] = "$OpenBSD: inet_ntop.c,v 1.1 1997/03/13 19:07:32 downsj Ex | |||
54 | * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX. | 54 | * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX. |
55 | */ | 55 | */ |
56 | 56 | ||
57 | static const char *inet_ntop4 __P((const u_char *src, char *dst, size_t size)); | 57 | static const char *inet_ntop4(const u_char *src, char *dst, size_t size); |
58 | static const char *inet_ntop6 __P((const u_char *src, char *dst, size_t size)); | 58 | static const char *inet_ntop6(const u_char *src, char *dst, size_t size); |
59 | 59 | ||
60 | /* char * | 60 | /* char * |
61 | * inet_ntop(af, src, dst, size) | 61 | * inet_ntop(af, src, dst, size) |
@@ -103,13 +103,14 @@ inet_ntop4(src, dst, size) | |||
103 | { | 103 | { |
104 | static const char fmt[] = "%u.%u.%u.%u"; | 104 | static const char fmt[] = "%u.%u.%u.%u"; |
105 | char tmp[sizeof "255.255.255.255"]; | 105 | char tmp[sizeof "255.255.255.255"]; |
106 | int l; | ||
106 | 107 | ||
107 | if (snprintf(tmp, sizeof(tmp), fmt, src[0], src[1], src[2], | 108 | l = snprintf(tmp, size, fmt, src[0], src[1], src[2], src[3]); |
108 | src[3]) > size) { | 109 | if (l <= 0 || l >= size) { |
109 | errno = ENOSPC; | 110 | errno = ENOSPC; |
110 | return (NULL); | 111 | return (NULL); |
111 | } | 112 | } |
112 | strcpy(dst, tmp); | 113 | strlcpy(dst, tmp, size); |
113 | return (dst); | 114 | return (dst); |
114 | } | 115 | } |
115 | 116 | ||
@@ -132,10 +133,12 @@ inet_ntop6(src, dst, size) | |||
132 | * Keep this in mind if you think this function should have been coded | 133 | * Keep this in mind if you think this function should have been coded |
133 | * to use pointer overlays. All the world's not a VAX. | 134 | * to use pointer overlays. All the world's not a VAX. |
134 | */ | 135 | */ |
135 | char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"], *tp; | 136 | char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"]; |
137 | char *tp, *ep; | ||
136 | struct { int base, len; } best, cur; | 138 | struct { int base, len; } best, cur; |
137 | u_int words[IN6ADDRSZ / INT16SZ]; | 139 | u_int words[IN6ADDRSZ / INT16SZ]; |
138 | int i; | 140 | int i; |
141 | int advance; | ||
139 | 142 | ||
140 | /* | 143 | /* |
141 | * Preprocess: | 144 | * Preprocess: |
@@ -172,31 +175,45 @@ inet_ntop6(src, dst, size) | |||
172 | * Format the result. | 175 | * Format the result. |
173 | */ | 176 | */ |
174 | tp = tmp; | 177 | tp = tmp; |
175 | for (i = 0; i < (IN6ADDRSZ / INT16SZ); i++) { | 178 | ep = tmp + sizeof(tmp); |
179 | for (i = 0; i < (IN6ADDRSZ / INT16SZ) && tp < ep; i++) { | ||
176 | /* Are we inside the best run of 0x00's? */ | 180 | /* Are we inside the best run of 0x00's? */ |
177 | if (best.base != -1 && i >= best.base && | 181 | if (best.base != -1 && i >= best.base && |
178 | i < (best.base + best.len)) { | 182 | i < (best.base + best.len)) { |
179 | if (i == best.base) | 183 | if (i == best.base) { |
184 | if (tp + 1 >= ep) | ||
185 | return (NULL); | ||
180 | *tp++ = ':'; | 186 | *tp++ = ':'; |
187 | } | ||
181 | continue; | 188 | continue; |
182 | } | 189 | } |
183 | /* Are we following an initial run of 0x00s or any real hex? */ | 190 | /* Are we following an initial run of 0x00s or any real hex? */ |
184 | if (i != 0) | 191 | if (i != 0) { |
192 | if (tp + 1 >= ep) | ||
193 | return (NULL); | ||
185 | *tp++ = ':'; | 194 | *tp++ = ':'; |
195 | } | ||
186 | /* Is this address an encapsulated IPv4? */ | 196 | /* Is this address an encapsulated IPv4? */ |
187 | if (i == 6 && best.base == 0 && | 197 | if (i == 6 && best.base == 0 && |
188 | (best.len == 6 || (best.len == 5 && words[5] == 0xffff))) { | 198 | (best.len == 6 || (best.len == 5 && words[5] == 0xffff))) { |
189 | if (!inet_ntop4(src+12, tp, sizeof tmp - (tp - tmp))) | 199 | if (!inet_ntop4(src+12, tp, (size_t)(ep - tp))) |
190 | return (NULL); | 200 | return (NULL); |
191 | tp += strlen(tp); | 201 | tp += strlen(tp); |
192 | break; | 202 | break; |
193 | } | 203 | } |
194 | snprintf(tp, sizeof(tmp - (tp - tmp)), "%x", words[i]); | 204 | advance = snprintf(tp, ep - tp, "%x", words[i]); |
195 | tp += strlen(tp); | 205 | if (advance <= 0 || advance >= ep - tp) |
206 | return (NULL); | ||
207 | tp += advance; | ||
196 | } | 208 | } |
197 | /* Was it a trailing run of 0x00's? */ | 209 | /* Was it a trailing run of 0x00's? */ |
198 | if (best.base != -1 && (best.base + best.len) == (IN6ADDRSZ / INT16SZ)) | 210 | if (best.base != -1 && (best.base + best.len) == (IN6ADDRSZ / INT16SZ)) { |
211 | if (tp + 1 >= ep) | ||
212 | return (NULL); | ||
199 | *tp++ = ':'; | 213 | *tp++ = ':'; |
214 | } | ||
215 | if (tp + 1 >= ep) | ||
216 | return (NULL); | ||
200 | *tp++ = '\0'; | 217 | *tp++ = '\0'; |
201 | 218 | ||
202 | /* | 219 | /* |
@@ -206,7 +223,7 @@ inet_ntop6(src, dst, size) | |||
206 | errno = ENOSPC; | 223 | errno = ENOSPC; |
207 | return (NULL); | 224 | return (NULL); |
208 | } | 225 | } |
209 | strcpy(dst, tmp); | 226 | strlcpy(dst, tmp, size); |
210 | return (dst); | 227 | return (dst); |
211 | } | 228 | } |
212 | 229 | ||
diff --git a/openbsd-compat/mktemp.c b/openbsd-compat/mktemp.c index d69dc5c24..d256ee448 100644 --- a/openbsd-compat/mktemp.c +++ b/openbsd-compat/mktemp.c | |||
@@ -39,7 +39,7 @@ | |||
39 | #ifndef HAVE_MKDTEMP | 39 | #ifndef HAVE_MKDTEMP |
40 | 40 | ||
41 | #if defined(LIBC_SCCS) && !defined(lint) | 41 | #if defined(LIBC_SCCS) && !defined(lint) |
42 | static char rcsid[] = "$OpenBSD: mktemp.c,v 1.14 2002/01/02 20:18:32 deraadt Exp $"; | 42 | static char rcsid[] = "$OpenBSD: mktemp.c,v 1.16 2002/05/27 18:20:45 millert Exp $"; |
43 | #endif /* LIBC_SCCS and not lint */ | 43 | #endif /* LIBC_SCCS and not lint */ |
44 | 44 | ||
45 | #ifdef HAVE_CYGWIN | 45 | #ifdef HAVE_CYGWIN |
@@ -102,11 +102,11 @@ _gettemp(path, doopen, domkdir, slen) | |||
102 | return (0); | 102 | return (0); |
103 | } | 103 | } |
104 | pid = getpid(); | 104 | pid = getpid(); |
105 | while (*trv == 'X' && pid != 0) { | 105 | while (trv >= path && *trv == 'X' && pid != 0) { |
106 | *trv-- = (pid % 10) + '0'; | 106 | *trv-- = (pid % 10) + '0'; |
107 | pid /= 10; | 107 | pid /= 10; |
108 | } | 108 | } |
109 | while (*trv == 'X') { | 109 | while (trv >= path && *trv == 'X') { |
110 | char c; | 110 | char c; |
111 | 111 | ||
112 | pid = (arc4random() & 0xffff) % (26+26); | 112 | pid = (arc4random() & 0xffff) % (26+26); |
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 11918443d..ae18afd34 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: openbsd-compat.h,v 1.16 2002/02/19 20:27:57 mouring Exp $ */ | 1 | /* $Id: openbsd-compat.h,v 1.17 2002/09/12 00:33:02 djm Exp $ */ |
2 | 2 | ||
3 | #ifndef _OPENBSD_H | 3 | #ifndef _OPENBSD_H |
4 | #define _OPENBSD_H | 4 | #define _OPENBSD_H |
@@ -29,6 +29,7 @@ | |||
29 | 29 | ||
30 | /* Home grown routines */ | 30 | /* Home grown routines */ |
31 | #include "bsd-arc4random.h" | 31 | #include "bsd-arc4random.h" |
32 | #include "bsd-getpeereid.h" | ||
32 | #include "bsd-misc.h" | 33 | #include "bsd-misc.h" |
33 | #include "bsd-snprintf.h" | 34 | #include "bsd-snprintf.h" |
34 | #include "bsd-waitpid.h" | 35 | #include "bsd-waitpid.h" |
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index ca0a88e69..4c96a3171 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c | |||
@@ -1,3 +1,28 @@ | |||
1 | /* | ||
2 | * | ||
3 | * Copyright (c) 2001 Gert Doering. All rights reserved. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions | ||
7 | * are met: | ||
8 | * 1. Redistributions of source code must retain the above copyright | ||
9 | * notice, this list of conditions and the following disclaimer. | ||
10 | * 2. Redistributions in binary form must reproduce the above copyright | ||
11 | * notice, this list of conditions and the following disclaimer in the | ||
12 | * documentation and/or other materials provided with the distribution. | ||
13 | * | ||
14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
24 | * | ||
25 | */ | ||
1 | #include "includes.h" | 26 | #include "includes.h" |
2 | 27 | ||
3 | #ifdef _AIX | 28 | #ifdef _AIX |
@@ -6,21 +31,21 @@ | |||
6 | #include <../xmalloc.h> | 31 | #include <../xmalloc.h> |
7 | 32 | ||
8 | /* | 33 | /* |
9 | * AIX has a "usrinfo" area where logname and | 34 | * AIX has a "usrinfo" area where logname and other stuff is stored - |
10 | * other stuff is stored - a few applications | 35 | * a few applications actually use this and die if it's not set |
11 | * actually use this and die if it's not set | 36 | * |
37 | * NOTE: TTY= should be set, but since no one uses it and it's hard to | ||
38 | * acquire due to privsep code. We will just drop support. | ||
12 | */ | 39 | */ |
13 | void | 40 | void |
14 | aix_usrinfo(struct passwd *pw, char *tty, int ttyfd) | 41 | aix_usrinfo(struct passwd *pw) |
15 | { | 42 | { |
16 | u_int i; | 43 | u_int i; |
17 | char *cp=NULL; | 44 | char *cp; |
18 | 45 | ||
19 | if (ttyfd == -1) | 46 | cp = xmalloc(16 + 2 * strlen(pw->pw_name)); |
20 | tty[0] = '\0'; | 47 | i = sprintf(cp, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, 0, |
21 | cp = xmalloc(22 + strlen(tty) + 2 * strlen(pw->pw_name)); | 48 | pw->pw_name, 0); |
22 | i = sprintf(cp, "LOGNAME=%s%cNAME=%s%cTTY=%s%c%c", pw->pw_name, 0, | ||
23 | pw->pw_name, 0, tty, 0, 0); | ||
24 | if (usrinfo(SETUINFO, cp, i) == -1) | 49 | if (usrinfo(SETUINFO, cp, i) == -1) |
25 | fatal("Couldn't set usrinfo: %s", strerror(errno)); | 50 | fatal("Couldn't set usrinfo: %s", strerror(errno)); |
26 | debug3("AIX/UsrInfo: set len %d", i); | 51 | debug3("AIX/UsrInfo: set len %d", i); |
diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index e4d14f4ae..79570a206 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h | |||
@@ -1,5 +1,29 @@ | |||
1 | #ifdef _AIX | 1 | /* |
2 | 2 | * | |
3 | void aix_usrinfo(struct passwd *pw, char *tty, int ttyfd); | 3 | * Copyright (c) 2001 Gert Doering. All rights reserved. |
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions | ||
7 | * are met: | ||
8 | * 1. Redistributions of source code must retain the above copyright | ||
9 | * notice, this list of conditions and the following disclaimer. | ||
10 | * 2. Redistributions in binary form must reproduce the above copyright | ||
11 | * notice, this list of conditions and the following disclaimer in the | ||
12 | * documentation and/or other materials provided with the distribution. | ||
13 | * | ||
14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
24 | * | ||
25 | */ | ||
4 | 26 | ||
27 | #ifdef _AIX | ||
28 | void aix_usrinfo(struct passwd *pw); | ||
5 | #endif /* _AIX */ | 29 | #endif /* _AIX */ |
diff --git a/openbsd-compat/readpassphrase.c b/openbsd-compat/readpassphrase.c index 8c2f5f841..4e549b62b 100644 --- a/openbsd-compat/readpassphrase.c +++ b/openbsd-compat/readpassphrase.c | |||
@@ -1,7 +1,7 @@ | |||
1 | /* $OpenBSD: readpassphrase.c,v 1.12 2001/12/15 05:41:00 millert Exp $ */ | 1 | /* $OpenBSD: readpassphrase.c,v 1.14 2002/06/28 01:43:58 millert Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Todd C. Miller <Todd.Miller@courtesan.com> | 4 | * Copyright (c) 2000-2002 Todd C. Miller <Todd.Miller@courtesan.com> |
5 | * All rights reserved. | 5 | * All rights reserved. |
6 | * | 6 | * |
7 | * Redistribution and use in source and binary forms, with or without | 7 | * Redistribution and use in source and binary forms, with or without |
@@ -28,7 +28,7 @@ | |||
28 | */ | 28 | */ |
29 | 29 | ||
30 | #if defined(LIBC_SCCS) && !defined(lint) | 30 | #if defined(LIBC_SCCS) && !defined(lint) |
31 | static const char rcsid[] = "$OpenBSD: readpassphrase.c,v 1.12 2001/12/15 05:41:00 millert Exp $"; | 31 | static const char rcsid[] = "$OpenBSD: readpassphrase.c,v 1.14 2002/06/28 01:43:58 millert Exp $"; |
32 | #endif /* LIBC_SCCS and not lint */ | 32 | #endif /* LIBC_SCCS and not lint */ |
33 | 33 | ||
34 | #include "includes.h" | 34 | #include "includes.h" |
@@ -60,8 +60,8 @@ readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags) | |||
60 | int input, output, save_errno; | 60 | int input, output, save_errno; |
61 | char ch, *p, *end; | 61 | char ch, *p, *end; |
62 | struct termios term, oterm; | 62 | struct termios term, oterm; |
63 | struct sigaction sa, saveint, savehup, savequit, saveterm; | 63 | struct sigaction sa, savealrm, saveint, savehup, savequit, saveterm; |
64 | struct sigaction savetstp, savettin, savettou; | 64 | struct sigaction savetstp, savettin, savettou, savepipe; |
65 | 65 | ||
66 | /* I suppose we could alloc on demand in this case (XXX). */ | 66 | /* I suppose we could alloc on demand in this case (XXX). */ |
67 | if (bufsiz == 0) { | 67 | if (bufsiz == 0) { |
@@ -70,11 +70,13 @@ readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags) | |||
70 | } | 70 | } |
71 | 71 | ||
72 | restart: | 72 | restart: |
73 | signo = 0; | ||
73 | /* | 74 | /* |
74 | * Read and write to /dev/tty if available. If not, read from | 75 | * Read and write to /dev/tty if available. If not, read from |
75 | * stdin and write to stderr unless a tty is required. | 76 | * stdin and write to stderr unless a tty is required. |
76 | */ | 77 | */ |
77 | if ((input = output = open(_PATH_TTY, O_RDWR)) == -1) { | 78 | if ((flags & RPP_STDIN) || |
79 | (input = output = open(_PATH_TTY, O_RDWR)) == -1) { | ||
78 | if (flags & RPP_REQUIRE_TTY) { | 80 | if (flags & RPP_REQUIRE_TTY) { |
79 | errno = ENOTTY; | 81 | errno = ENOTTY; |
80 | return(NULL); | 82 | return(NULL); |
@@ -86,13 +88,15 @@ restart: | |||
86 | /* | 88 | /* |
87 | * Catch signals that would otherwise cause the user to end | 89 | * Catch signals that would otherwise cause the user to end |
88 | * up with echo turned off in the shell. Don't worry about | 90 | * up with echo turned off in the shell. Don't worry about |
89 | * things like SIGALRM and SIGPIPE for now. | 91 | * things like SIGXCPU and SIGVTALRM for now. |
90 | */ | 92 | */ |
91 | sigemptyset(&sa.sa_mask); | 93 | sigemptyset(&sa.sa_mask); |
92 | sa.sa_flags = 0; /* don't restart system calls */ | 94 | sa.sa_flags = 0; /* don't restart system calls */ |
93 | sa.sa_handler = handler; | 95 | sa.sa_handler = handler; |
94 | (void)sigaction(SIGINT, &sa, &saveint); | 96 | (void)sigaction(SIGALRM, &sa, &savealrm); |
95 | (void)sigaction(SIGHUP, &sa, &savehup); | 97 | (void)sigaction(SIGHUP, &sa, &savehup); |
98 | (void)sigaction(SIGINT, &sa, &saveint); | ||
99 | (void)sigaction(SIGPIPE, &sa, &savepipe); | ||
96 | (void)sigaction(SIGQUIT, &sa, &savequit); | 100 | (void)sigaction(SIGQUIT, &sa, &savequit); |
97 | (void)sigaction(SIGTERM, &sa, &saveterm); | 101 | (void)sigaction(SIGTERM, &sa, &saveterm); |
98 | (void)sigaction(SIGTSTP, &sa, &savetstp); | 102 | (void)sigaction(SIGTSTP, &sa, &savetstp); |
@@ -100,7 +104,7 @@ restart: | |||
100 | (void)sigaction(SIGTTOU, &sa, &savettou); | 104 | (void)sigaction(SIGTTOU, &sa, &savettou); |
101 | 105 | ||
102 | /* Turn off echo if possible. */ | 106 | /* Turn off echo if possible. */ |
103 | if (tcgetattr(input, &oterm) == 0) { | 107 | if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) { |
104 | memcpy(&term, &oterm, sizeof(term)); | 108 | memcpy(&term, &oterm, sizeof(term)); |
105 | if (!(flags & RPP_ECHO_ON)) | 109 | if (!(flags & RPP_ECHO_ON)) |
106 | term.c_lflag &= ~(ECHO | ECHONL); | 110 | term.c_lflag &= ~(ECHO | ECHONL); |
@@ -111,10 +115,13 @@ restart: | |||
111 | (void)tcsetattr(input, _T_FLUSH, &term); | 115 | (void)tcsetattr(input, _T_FLUSH, &term); |
112 | } else { | 116 | } else { |
113 | memset(&term, 0, sizeof(term)); | 117 | memset(&term, 0, sizeof(term)); |
118 | term.c_lflag |= ECHO; | ||
114 | memset(&oterm, 0, sizeof(oterm)); | 119 | memset(&oterm, 0, sizeof(oterm)); |
120 | oterm.c_lflag |= ECHO; | ||
115 | } | 121 | } |
116 | 122 | ||
117 | (void)write(output, prompt, strlen(prompt)); | 123 | if (!(flags & RPP_STDIN)) |
124 | (void)write(output, prompt, strlen(prompt)); | ||
118 | end = buf + bufsiz - 1; | 125 | end = buf + bufsiz - 1; |
119 | for (p = buf; (nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r';) { | 126 | for (p = buf; (nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r';) { |
120 | if (p < end) { | 127 | if (p < end) { |
@@ -137,13 +144,14 @@ restart: | |||
137 | /* Restore old terminal settings and signals. */ | 144 | /* Restore old terminal settings and signals. */ |
138 | if (memcmp(&term, &oterm, sizeof(term)) != 0) | 145 | if (memcmp(&term, &oterm, sizeof(term)) != 0) |
139 | (void)tcsetattr(input, _T_FLUSH, &oterm); | 146 | (void)tcsetattr(input, _T_FLUSH, &oterm); |
140 | (void)sigaction(SIGINT, &saveint, NULL); | 147 | (void)sigaction(SIGALRM, &savealrm, NULL); |
141 | (void)sigaction(SIGHUP, &savehup, NULL); | 148 | (void)sigaction(SIGHUP, &savehup, NULL); |
149 | (void)sigaction(SIGINT, &saveint, NULL); | ||
142 | (void)sigaction(SIGQUIT, &savequit, NULL); | 150 | (void)sigaction(SIGQUIT, &savequit, NULL); |
151 | (void)sigaction(SIGPIPE, &savepipe, NULL); | ||
143 | (void)sigaction(SIGTERM, &saveterm, NULL); | 152 | (void)sigaction(SIGTERM, &saveterm, NULL); |
144 | (void)sigaction(SIGTSTP, &savetstp, NULL); | 153 | (void)sigaction(SIGTSTP, &savetstp, NULL); |
145 | (void)sigaction(SIGTTIN, &savettin, NULL); | 154 | (void)sigaction(SIGTTIN, &savettin, NULL); |
146 | (void)sigaction(SIGTTOU, &savettou, NULL); | ||
147 | if (input != STDIN_FILENO) | 155 | if (input != STDIN_FILENO) |
148 | (void)close(input); | 156 | (void)close(input); |
149 | 157 | ||
@@ -152,12 +160,11 @@ restart: | |||
152 | * now that we have restored the signal handlers. | 160 | * now that we have restored the signal handlers. |
153 | */ | 161 | */ |
154 | if (signo) { | 162 | if (signo) { |
155 | kill(getpid(), signo); | 163 | kill(getpid(), signo); |
156 | switch (signo) { | 164 | switch (signo) { |
157 | case SIGTSTP: | 165 | case SIGTSTP: |
158 | case SIGTTIN: | 166 | case SIGTTIN: |
159 | case SIGTTOU: | 167 | case SIGTTOU: |
160 | signo = 0; | ||
161 | goto restart; | 168 | goto restart; |
162 | } | 169 | } |
163 | } | 170 | } |
diff --git a/openbsd-compat/readpassphrase.h b/openbsd-compat/readpassphrase.h index 9077b6e08..92908a489 100644 --- a/openbsd-compat/readpassphrase.h +++ b/openbsd-compat/readpassphrase.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readpassphrase.h,v 1.1 2000/11/21 00:48:38 millert Exp $ */ | 1 | /* $OpenBSD: readpassphrase.h,v 1.3 2002/06/28 12:32:22 millert Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Todd C. Miller <Todd.Miller@courtesan.com> | 4 | * Copyright (c) 2000 Todd C. Miller <Todd.Miller@courtesan.com> |
@@ -40,8 +40,9 @@ | |||
40 | #define RPP_FORCELOWER 0x04 /* Force input to lower case. */ | 40 | #define RPP_FORCELOWER 0x04 /* Force input to lower case. */ |
41 | #define RPP_FORCEUPPER 0x08 /* Force input to upper case. */ | 41 | #define RPP_FORCEUPPER 0x08 /* Force input to upper case. */ |
42 | #define RPP_SEVENBIT 0x10 /* Strip the high bit from input. */ | 42 | #define RPP_SEVENBIT 0x10 /* Strip the high bit from input. */ |
43 | #define RPP_STDIN 0x20 /* Read from stdin, not /dev/tty */ | ||
43 | 44 | ||
44 | char *readpassphrase(const char *, char *, size_t, int); | 45 | char * readpassphrase(const char *, char *, size_t, int); |
45 | 46 | ||
46 | #endif /* HAVE_READPASSPHRASE */ | 47 | #endif /* HAVE_READPASSPHRASE */ |
47 | 48 | ||
diff --git a/openbsd-compat/realpath.c b/openbsd-compat/realpath.c index b4a05db95..b9035ca22 100644 --- a/openbsd-compat/realpath.c +++ b/openbsd-compat/realpath.c | |||
@@ -32,7 +32,7 @@ | |||
32 | #if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) | 32 | #if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) |
33 | 33 | ||
34 | #if defined(LIBC_SCCS) && !defined(lint) | 34 | #if defined(LIBC_SCCS) && !defined(lint) |
35 | static char *rcsid = "$OpenBSD: realpath.c,v 1.6 2002/01/12 16:24:35 millert Exp $"; | 35 | static char *rcsid = "$OpenBSD: realpath.c,v 1.7 2002/05/24 21:22:37 deraadt Exp $"; |
36 | #endif /* LIBC_SCCS and not lint */ | 36 | #endif /* LIBC_SCCS and not lint */ |
37 | 37 | ||
38 | #include <sys/param.h> | 38 | #include <sys/param.h> |
@@ -69,7 +69,7 @@ realpath(const char *path, char *resolved) | |||
69 | /* Save the starting point. */ | 69 | /* Save the starting point. */ |
70 | getcwd(start,MAXPATHLEN); | 70 | getcwd(start,MAXPATHLEN); |
71 | if ((fd = open(".", O_RDONLY)) < 0) { | 71 | if ((fd = open(".", O_RDONLY)) < 0) { |
72 | (void)strcpy(resolved, "."); | 72 | (void)strlcpy(resolved, ".", MAXPATHLEN); |
73 | return (NULL); | 73 | return (NULL); |
74 | } | 74 | } |
75 | close(fd); | 75 | close(fd); |
@@ -129,7 +129,7 @@ loop: | |||
129 | * Save the last component name and get the full pathname of | 129 | * Save the last component name and get the full pathname of |
130 | * the current directory. | 130 | * the current directory. |
131 | */ | 131 | */ |
132 | (void)strcpy(wbuf, p); | 132 | (void)strlcpy(wbuf, p, sizeof wbuf); |
133 | if (getcwd(resolved, MAXPATHLEN) == 0) | 133 | if (getcwd(resolved, MAXPATHLEN) == 0) |
134 | goto err1; | 134 | goto err1; |
135 | 135 | ||
diff --git a/openbsd-compat/rresvport.c b/openbsd-compat/rresvport.c index 44eac2036..9f058961d 100644 --- a/openbsd-compat/rresvport.c +++ b/openbsd-compat/rresvport.c | |||
@@ -33,7 +33,7 @@ | |||
33 | * SUCH DAMAGE. | 33 | * SUCH DAMAGE. |
34 | */ | 34 | */ |
35 | 35 | ||
36 | #include "config.h" | 36 | #include "includes.h" |
37 | 37 | ||
38 | #ifndef HAVE_RRESVPORT_AF | 38 | #ifndef HAVE_RRESVPORT_AF |
39 | 39 | ||
diff --git a/openbsd-compat/setenv.c b/openbsd-compat/setenv.c index 6c2d5cd31..1dff15c73 100644 --- a/openbsd-compat/setenv.c +++ b/openbsd-compat/setenv.c | |||
@@ -31,7 +31,7 @@ | |||
31 | * SUCH DAMAGE. | 31 | * SUCH DAMAGE. |
32 | */ | 32 | */ |
33 | 33 | ||
34 | #include "config.h" | 34 | #include "includes.h" |
35 | #ifndef HAVE_SETENV | 35 | #ifndef HAVE_SETENV |
36 | 36 | ||
37 | #if defined(LIBC_SCCS) && !defined(lint) | 37 | #if defined(LIBC_SCCS) && !defined(lint) |
diff --git a/openbsd-compat/sigact.c b/openbsd-compat/sigact.c index 806eb02b6..35fbab0eb 100644 --- a/openbsd-compat/sigact.c +++ b/openbsd-compat/sigact.c | |||
@@ -33,7 +33,7 @@ | |||
33 | * and: Eric S. Raymond <esr@snark.thyrsus.com> * | 33 | * and: Eric S. Raymond <esr@snark.thyrsus.com> * |
34 | ****************************************************************************/ | 34 | ****************************************************************************/ |
35 | 35 | ||
36 | #include "config.h" | 36 | #include "includes.h" |
37 | #include <signal.h> | 37 | #include <signal.h> |
38 | #include "sigact.h" | 38 | #include "sigact.h" |
39 | 39 | ||
diff --git a/openbsd-compat/strlcat.c b/openbsd-compat/strlcat.c index 6ff65c19b..3a9b5d1a7 100644 --- a/openbsd-compat/strlcat.c +++ b/openbsd-compat/strlcat.c | |||
@@ -27,7 +27,7 @@ | |||
27 | * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 27 | * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
28 | */ | 28 | */ |
29 | 29 | ||
30 | #include "config.h" | 30 | #include "includes.h" |
31 | #ifndef HAVE_STRLCAT | 31 | #ifndef HAVE_STRLCAT |
32 | 32 | ||
33 | #if defined(LIBC_SCCS) && !defined(lint) | 33 | #if defined(LIBC_SCCS) && !defined(lint) |
diff --git a/openbsd-compat/strlcpy.c b/openbsd-compat/strlcpy.c index b5e5a552e..2f87eca44 100644 --- a/openbsd-compat/strlcpy.c +++ b/openbsd-compat/strlcpy.c | |||
@@ -27,7 +27,7 @@ | |||
27 | * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 27 | * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
28 | */ | 28 | */ |
29 | 29 | ||
30 | #include "config.h" | 30 | #include "includes.h" |
31 | #ifndef HAVE_STRLCPY | 31 | #ifndef HAVE_STRLCPY |
32 | 32 | ||
33 | #if defined(LIBC_SCCS) && !defined(lint) | 33 | #if defined(LIBC_SCCS) && !defined(lint) |
diff --git a/openbsd-compat/strsep.c b/openbsd-compat/strsep.c index c03649cff..d0afc44ae 100644 --- a/openbsd-compat/strsep.c +++ b/openbsd-compat/strsep.c | |||
@@ -33,7 +33,7 @@ | |||
33 | * SUCH DAMAGE. | 33 | * SUCH DAMAGE. |
34 | */ | 34 | */ |
35 | 35 | ||
36 | #include "config.h" | 36 | #include "includes.h" |
37 | 37 | ||
38 | #if !defined(HAVE_STRSEP) | 38 | #if !defined(HAVE_STRSEP) |
39 | 39 | ||
diff --git a/openbsd-compat/fake-queue.h b/openbsd-compat/sys-queue.h index 176fe3174..176fe3174 100644 --- a/openbsd-compat/fake-queue.h +++ b/openbsd-compat/sys-queue.h | |||
diff --git a/openbsd-compat/tree.h b/openbsd-compat/sys-tree.h index 30b4a8561..0a58710c9 100644 --- a/openbsd-compat/tree.h +++ b/openbsd-compat/sys-tree.h | |||
@@ -1,3 +1,4 @@ | |||
1 | /* $OpenBSD: tree.h,v 1.6 2002/06/11 22:09:52 provos Exp $ */ | ||
1 | /* | 2 | /* |
2 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
3 | * All rights reserved. | 4 | * All rights reserved. |
@@ -113,8 +114,47 @@ struct { \ | |||
113 | #define SPLAY_PROTOTYPE(name, type, field, cmp) \ | 114 | #define SPLAY_PROTOTYPE(name, type, field, cmp) \ |
114 | void name##_SPLAY(struct name *, struct type *); \ | 115 | void name##_SPLAY(struct name *, struct type *); \ |
115 | void name##_SPLAY_MINMAX(struct name *, int); \ | 116 | void name##_SPLAY_MINMAX(struct name *, int); \ |
117 | struct type *name##_SPLAY_INSERT(struct name *, struct type *); \ | ||
118 | struct type *name##_SPLAY_REMOVE(struct name *, struct type *); \ | ||
116 | \ | 119 | \ |
117 | static __inline void \ | 120 | /* Finds the node with the same key as elm */ \ |
121 | static __inline struct type * \ | ||
122 | name##_SPLAY_FIND(struct name *head, struct type *elm) \ | ||
123 | { \ | ||
124 | if (SPLAY_EMPTY(head)) \ | ||
125 | return(NULL); \ | ||
126 | name##_SPLAY(head, elm); \ | ||
127 | if ((cmp)(elm, (head)->sph_root) == 0) \ | ||
128 | return (head->sph_root); \ | ||
129 | return (NULL); \ | ||
130 | } \ | ||
131 | \ | ||
132 | static __inline struct type * \ | ||
133 | name##_SPLAY_NEXT(struct name *head, struct type *elm) \ | ||
134 | { \ | ||
135 | name##_SPLAY(head, elm); \ | ||
136 | if (SPLAY_RIGHT(elm, field) != NULL) { \ | ||
137 | elm = SPLAY_RIGHT(elm, field); \ | ||
138 | while (SPLAY_LEFT(elm, field) != NULL) { \ | ||
139 | elm = SPLAY_LEFT(elm, field); \ | ||
140 | } \ | ||
141 | } else \ | ||
142 | elm = NULL; \ | ||
143 | return (elm); \ | ||
144 | } \ | ||
145 | \ | ||
146 | static __inline struct type * \ | ||
147 | name##_SPLAY_MIN_MAX(struct name *head, int val) \ | ||
148 | { \ | ||
149 | name##_SPLAY_MINMAX(head, val); \ | ||
150 | return (SPLAY_ROOT(head)); \ | ||
151 | } | ||
152 | |||
153 | /* Main splay operation. | ||
154 | * Moves node close to the key of elm to top | ||
155 | */ | ||
156 | #define SPLAY_GENERATE(name, type, field, cmp) \ | ||
157 | struct type * \ | ||
118 | name##_SPLAY_INSERT(struct name *head, struct type *elm) \ | 158 | name##_SPLAY_INSERT(struct name *head, struct type *elm) \ |
119 | { \ | 159 | { \ |
120 | if (SPLAY_EMPTY(head)) { \ | 160 | if (SPLAY_EMPTY(head)) { \ |
@@ -132,17 +172,18 @@ name##_SPLAY_INSERT(struct name *head, struct type *elm) \ | |||
132 | SPLAY_LEFT(elm, field) = (head)->sph_root; \ | 172 | SPLAY_LEFT(elm, field) = (head)->sph_root; \ |
133 | SPLAY_RIGHT((head)->sph_root, field) = NULL; \ | 173 | SPLAY_RIGHT((head)->sph_root, field) = NULL; \ |
134 | } else \ | 174 | } else \ |
135 | return; \ | 175 | return ((head)->sph_root); \ |
136 | } \ | 176 | } \ |
137 | (head)->sph_root = (elm); \ | 177 | (head)->sph_root = (elm); \ |
178 | return (NULL); \ | ||
138 | } \ | 179 | } \ |
139 | \ | 180 | \ |
140 | static __inline void \ | 181 | struct type * \ |
141 | name##_SPLAY_REMOVE(struct name *head, struct type *elm) \ | 182 | name##_SPLAY_REMOVE(struct name *head, struct type *elm) \ |
142 | { \ | 183 | { \ |
143 | struct type *__tmp; \ | 184 | struct type *__tmp; \ |
144 | if (SPLAY_EMPTY(head)) \ | 185 | if (SPLAY_EMPTY(head)) \ |
145 | return; \ | 186 | return (NULL); \ |
146 | name##_SPLAY(head, elm); \ | 187 | name##_SPLAY(head, elm); \ |
147 | if ((cmp)(elm, (head)->sph_root) == 0) { \ | 188 | if ((cmp)(elm, (head)->sph_root) == 0) { \ |
148 | if (SPLAY_LEFT((head)->sph_root, field) == NULL) { \ | 189 | if (SPLAY_LEFT((head)->sph_root, field) == NULL) { \ |
@@ -153,47 +194,13 @@ name##_SPLAY_REMOVE(struct name *head, struct type *elm) \ | |||
153 | name##_SPLAY(head, elm); \ | 194 | name##_SPLAY(head, elm); \ |
154 | SPLAY_RIGHT((head)->sph_root, field) = __tmp; \ | 195 | SPLAY_RIGHT((head)->sph_root, field) = __tmp; \ |
155 | } \ | 196 | } \ |
197 | return (elm); \ | ||
156 | } \ | 198 | } \ |
157 | } \ | ||
158 | \ | ||
159 | /* Finds the node with the same key as elm */ \ | ||
160 | static __inline struct type * \ | ||
161 | name##_SPLAY_FIND(struct name *head, struct type *elm) \ | ||
162 | { \ | ||
163 | if (SPLAY_EMPTY(head)) \ | ||
164 | return(NULL); \ | ||
165 | name##_SPLAY(head, elm); \ | ||
166 | if ((cmp)(elm, (head)->sph_root) == 0) \ | ||
167 | return (head->sph_root); \ | ||
168 | return (NULL); \ | 199 | return (NULL); \ |
169 | } \ | 200 | } \ |
170 | \ | 201 | \ |
171 | static __inline struct type * \ | 202 | void \ |
172 | name##_SPLAY_NEXT(struct name *head, struct type *elm) \ | 203 | name##_SPLAY(struct name *head, struct type *elm) \ |
173 | { \ | ||
174 | name##_SPLAY(head, elm); \ | ||
175 | if (SPLAY_RIGHT(elm, field) != NULL) { \ | ||
176 | elm = SPLAY_RIGHT(elm, field); \ | ||
177 | while (SPLAY_LEFT(elm, field) != NULL) { \ | ||
178 | elm = SPLAY_LEFT(elm, field); \ | ||
179 | } \ | ||
180 | } else \ | ||
181 | elm = NULL; \ | ||
182 | return (elm); \ | ||
183 | } \ | ||
184 | \ | ||
185 | static __inline struct type * \ | ||
186 | name##_SPLAY_MIN_MAX(struct name *head, int val) \ | ||
187 | { \ | ||
188 | name##_SPLAY_MINMAX(head, val); \ | ||
189 | return (SPLAY_ROOT(head)); \ | ||
190 | } | ||
191 | |||
192 | /* Main splay operation. | ||
193 | * Moves node close to the key of elm to top | ||
194 | */ | ||
195 | #define SPLAY_GENERATE(name, type, field, cmp) \ | ||
196 | void name##_SPLAY(struct name *head, struct type *elm) \ | ||
197 | { \ | 204 | { \ |
198 | struct type __node, *__left, *__right, *__tmp; \ | 205 | struct type __node, *__left, *__right, *__tmp; \ |
199 | int __comp; \ | 206 | int __comp; \ |
@@ -367,7 +374,7 @@ struct { \ | |||
367 | #define RB_PROTOTYPE(name, type, field, cmp) \ | 374 | #define RB_PROTOTYPE(name, type, field, cmp) \ |
368 | void name##_RB_INSERT_COLOR(struct name *, struct type *); \ | 375 | void name##_RB_INSERT_COLOR(struct name *, struct type *); \ |
369 | void name##_RB_REMOVE_COLOR(struct name *, struct type *, struct type *);\ | 376 | void name##_RB_REMOVE_COLOR(struct name *, struct type *, struct type *);\ |
370 | void name##_RB_REMOVE(struct name *, struct type *); \ | 377 | struct type *name##_RB_REMOVE(struct name *, struct type *); \ |
371 | struct type *name##_RB_INSERT(struct name *, struct type *); \ | 378 | struct type *name##_RB_INSERT(struct name *, struct type *); \ |
372 | struct type *name##_RB_FIND(struct name *, struct type *); \ | 379 | struct type *name##_RB_FIND(struct name *, struct type *); \ |
373 | struct type *name##_RB_NEXT(struct name *, struct type *); \ | 380 | struct type *name##_RB_NEXT(struct name *, struct type *); \ |
@@ -498,17 +505,17 @@ name##_RB_REMOVE_COLOR(struct name *head, struct type *parent, struct type *elm) | |||
498 | RB_COLOR(elm, field) = RB_BLACK; \ | 505 | RB_COLOR(elm, field) = RB_BLACK; \ |
499 | } \ | 506 | } \ |
500 | \ | 507 | \ |
501 | void \ | 508 | struct type * \ |
502 | name##_RB_REMOVE(struct name *head, struct type *elm) \ | 509 | name##_RB_REMOVE(struct name *head, struct type *elm) \ |
503 | { \ | 510 | { \ |
504 | struct type *child, *parent; \ | 511 | struct type *child, *parent, *old = elm; \ |
505 | int color; \ | 512 | int color; \ |
506 | if (RB_LEFT(elm, field) == NULL) \ | 513 | if (RB_LEFT(elm, field) == NULL) \ |
507 | child = RB_RIGHT(elm, field); \ | 514 | child = RB_RIGHT(elm, field); \ |
508 | else if (RB_RIGHT(elm, field) == NULL) \ | 515 | else if (RB_RIGHT(elm, field) == NULL) \ |
509 | child = RB_LEFT(elm, field); \ | 516 | child = RB_LEFT(elm, field); \ |
510 | else { \ | 517 | else { \ |
511 | struct type *old = elm, *left; \ | 518 | struct type *left; \ |
512 | elm = RB_RIGHT(elm, field); \ | 519 | elm = RB_RIGHT(elm, field); \ |
513 | while ((left = RB_LEFT(elm, field))) \ | 520 | while ((left = RB_LEFT(elm, field))) \ |
514 | elm = left; \ | 521 | elm = left; \ |
@@ -562,6 +569,7 @@ name##_RB_REMOVE(struct name *head, struct type *elm) \ | |||
562 | color: \ | 569 | color: \ |
563 | if (color == RB_BLACK) \ | 570 | if (color == RB_BLACK) \ |
564 | name##_RB_REMOVE_COLOR(head, parent, child); \ | 571 | name##_RB_REMOVE_COLOR(head, parent, child); \ |
572 | return (old); \ | ||
565 | } \ | 573 | } \ |
566 | \ | 574 | \ |
567 | /* Inserts a node into the RB tree */ \ | 575 | /* Inserts a node into the RB tree */ \ |
diff --git a/openbsd-compat/xmmap.c b/openbsd-compat/xmmap.c new file mode 100644 index 000000000..8f1d2022c --- /dev/null +++ b/openbsd-compat/xmmap.c | |||
@@ -0,0 +1,67 @@ | |||
1 | /* | ||
2 | * Redistribution and use in source and binary forms, with or without | ||
3 | * modification, are permitted provided that the following conditions | ||
4 | * are met: | ||
5 | * 1. Redistributions of source code must retain the above copyright | ||
6 | * notice, this list of conditions and the following disclaimer. | ||
7 | * 2. Redistributions in binary form must reproduce the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer in the | ||
9 | * documentation and/or other materials provided with the distribution. | ||
10 | * | ||
11 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
12 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
13 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
14 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
15 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
16 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
17 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
18 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
19 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
20 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
21 | */ | ||
22 | |||
23 | #include "includes.h" | ||
24 | |||
25 | #ifdef HAVE_SYS_MMAN_H | ||
26 | #include <sys/mman.h> | ||
27 | #endif | ||
28 | |||
29 | #include "log.h" | ||
30 | |||
31 | void *xmmap(size_t size) | ||
32 | { | ||
33 | void *address; | ||
34 | |||
35 | #ifdef HAVE_MMAP | ||
36 | # ifdef MAP_ANON | ||
37 | address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, | ||
38 | -1, 0); | ||
39 | # else | ||
40 | address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_SHARED, | ||
41 | open("/dev/zero", O_RDWR), 0); | ||
42 | # endif | ||
43 | |||
44 | #define MM_SWAP_TEMPLATE "/var/run/sshd.mm.XXXXXXXX" | ||
45 | if (address == MAP_FAILED) { | ||
46 | char tmpname[sizeof(MM_SWAP_TEMPLATE)] = MM_SWAP_TEMPLATE; | ||
47 | int tmpfd; | ||
48 | |||
49 | tmpfd = mkstemp(tmpname); | ||
50 | if (tmpfd == -1) | ||
51 | fatal("mkstemp(\"%s\"): %s", | ||
52 | MM_SWAP_TEMPLATE, strerror(errno)); | ||
53 | unlink(tmpname); | ||
54 | ftruncate(tmpfd, size); | ||
55 | address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_SHARED, | ||
56 | tmpfd, 0); | ||
57 | close(tmpfd); | ||
58 | } | ||
59 | |||
60 | return (address); | ||
61 | #else | ||
62 | fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported", | ||
63 | __func__); | ||
64 | #endif /* HAVE_MMAP */ | ||
65 | |||
66 | } | ||
67 | |||
diff --git a/openbsd-compat/xmmap.h b/openbsd-compat/xmmap.h new file mode 100644 index 000000000..c0fa04aca --- /dev/null +++ b/openbsd-compat/xmmap.h | |||
@@ -0,0 +1,23 @@ | |||
1 | /* | ||
2 | * Redistribution and use in source and binary forms, with or without | ||
3 | * modification, are permitted provided that the following conditions | ||
4 | * are met: | ||
5 | * 1. Redistributions of source code must retain the above copyright | ||
6 | * notice, this list of conditions and the following disclaimer. | ||
7 | * 2. Redistributions in binary form must reproduce the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer in the | ||
9 | * documentation and/or other materials provided with the distribution. | ||
10 | * | ||
11 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
12 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
13 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
14 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
15 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
16 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
17 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
18 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
19 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
20 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
21 | */ | ||
22 | |||
23 | void *xmmap(size_t size); | ||
@@ -37,7 +37,7 @@ | |||
37 | */ | 37 | */ |
38 | 38 | ||
39 | #include "includes.h" | 39 | #include "includes.h" |
40 | RCSID("$OpenBSD: packet.c,v 1.96 2002/06/23 21:10:02 deraadt Exp $"); | 40 | RCSID("$OpenBSD: packet.c,v 1.97 2002/07/04 08:12:15 deraadt Exp $"); |
41 | 41 | ||
42 | #include "xmalloc.h" | 42 | #include "xmalloc.h" |
43 | #include "buffer.h" | 43 | #include "buffer.h" |
@@ -136,6 +136,7 @@ void | |||
136 | packet_set_connection(int fd_in, int fd_out, int new_setup_timeout) | 136 | packet_set_connection(int fd_in, int fd_out, int new_setup_timeout) |
137 | { | 137 | { |
138 | Cipher *none = cipher_by_name("none"); | 138 | Cipher *none = cipher_by_name("none"); |
139 | |||
139 | if (none == NULL) | 140 | if (none == NULL) |
140 | fatal("packet_set_connection: cannot load cipher 'none'"); | 141 | fatal("packet_set_connection: cannot load cipher 'none'"); |
141 | connection_in = fd_in; | 142 | connection_in = fd_in; |
@@ -405,6 +406,7 @@ packet_set_encryption_key(const u_char *key, u_int keylen, | |||
405 | int number) | 406 | int number) |
406 | { | 407 | { |
407 | Cipher *cipher = cipher_by_number(number); | 408 | Cipher *cipher = cipher_by_number(number); |
409 | |||
408 | if (cipher == NULL) | 410 | if (cipher == NULL) |
409 | fatal("packet_set_encryption_key: unknown cipher number %d", number); | 411 | fatal("packet_set_encryption_key: unknown cipher number %d", number); |
410 | if (keylen < 20) | 412 | if (keylen < 20) |
@@ -446,6 +448,7 @@ void | |||
446 | packet_put_char(int value) | 448 | packet_put_char(int value) |
447 | { | 449 | { |
448 | char ch = value; | 450 | char ch = value; |
451 | |||
449 | buffer_append(&outgoing_packet, &ch, 1); | 452 | buffer_append(&outgoing_packet, &ch, 1); |
450 | } | 453 | } |
451 | void | 454 | void |
@@ -1008,7 +1011,8 @@ packet_read_poll2(u_int32_t *seqnr_p) | |||
1008 | buffer_clear(&incoming_packet); | 1011 | buffer_clear(&incoming_packet); |
1009 | buffer_append(&incoming_packet, buffer_ptr(&compression_buffer), | 1012 | buffer_append(&incoming_packet, buffer_ptr(&compression_buffer), |
1010 | buffer_len(&compression_buffer)); | 1013 | buffer_len(&compression_buffer)); |
1011 | DBG(debug("input: len after de-compress %d", buffer_len(&incoming_packet))); | 1014 | DBG(debug("input: len after de-compress %d", |
1015 | buffer_len(&incoming_packet))); | ||
1012 | } | 1016 | } |
1013 | /* | 1017 | /* |
1014 | * get packet type, implies consume. | 1018 | * get packet type, implies consume. |
@@ -1116,6 +1120,7 @@ u_int | |||
1116 | packet_get_char(void) | 1120 | packet_get_char(void) |
1117 | { | 1121 | { |
1118 | char ch; | 1122 | char ch; |
1123 | |||
1119 | buffer_get(&incoming_packet, &ch, 1); | 1124 | buffer_get(&incoming_packet, &ch, 1); |
1120 | return (u_char) ch; | 1125 | return (u_char) ch; |
1121 | } | 1126 | } |
@@ -1149,6 +1154,7 @@ void * | |||
1149 | packet_get_raw(int *length_ptr) | 1154 | packet_get_raw(int *length_ptr) |
1150 | { | 1155 | { |
1151 | int bytes = buffer_len(&incoming_packet); | 1156 | int bytes = buffer_len(&incoming_packet); |
1157 | |||
1152 | if (length_ptr != NULL) | 1158 | if (length_ptr != NULL) |
1153 | *length_ptr = bytes; | 1159 | *length_ptr = bytes; |
1154 | return buffer_ptr(&incoming_packet); | 1160 | return buffer_ptr(&incoming_packet); |
@@ -1221,6 +1227,7 @@ packet_disconnect(const char *fmt,...) | |||
1221 | char buf[1024]; | 1227 | char buf[1024]; |
1222 | va_list args; | 1228 | va_list args; |
1223 | static int disconnecting = 0; | 1229 | static int disconnecting = 0; |
1230 | |||
1224 | if (disconnecting) /* Guard against recursive invocations. */ | 1231 | if (disconnecting) /* Guard against recursive invocations. */ |
1225 | fatal("packet_disconnect called recursively."); | 1232 | fatal("packet_disconnect called recursively."); |
1226 | disconnecting = 1; | 1233 | disconnecting = 1; |
@@ -1263,6 +1270,7 @@ void | |||
1263 | packet_write_poll(void) | 1270 | packet_write_poll(void) |
1264 | { | 1271 | { |
1265 | int len = buffer_len(&output); | 1272 | int len = buffer_len(&output); |
1273 | |||
1266 | if (len > 0) { | 1274 | if (len > 0) { |
1267 | len = write(connection_out, buffer_ptr(&output), len); | 1275 | len = write(connection_out, buffer_ptr(&output), len); |
1268 | if (len <= 0) { | 1276 | if (len <= 0) { |
@@ -1382,6 +1390,7 @@ int | |||
1382 | packet_set_maxsize(int s) | 1390 | packet_set_maxsize(int s) |
1383 | { | 1391 | { |
1384 | static int called = 0; | 1392 | static int called = 0; |
1393 | |||
1385 | if (called) { | 1394 | if (called) { |
1386 | log("packet_set_maxsize: called twice: old %d new %d", | 1395 | log("packet_set_maxsize: called twice: old %d new %d", |
1387 | max_packet_size, s); | 1396 | max_packet_size, s); |
@@ -26,7 +26,7 @@ | |||
26 | #include "includes.h" | 26 | #include "includes.h" |
27 | #include "uuencode.h" | 27 | #include "uuencode.h" |
28 | 28 | ||
29 | RCSID("$OpenBSD: radix.c,v 1.21 2002/06/19 00:27:55 deraadt Exp $"); | 29 | RCSID("$OpenBSD: radix.c,v 1.22 2002/09/09 14:54:15 markus Exp $"); |
30 | 30 | ||
31 | #ifdef AFS | 31 | #ifdef AFS |
32 | #include <krb.h> | 32 | #include <krb.h> |
@@ -93,9 +93,10 @@ int | |||
93 | radix_to_creds(const char *buf, CREDENTIALS *creds) | 93 | radix_to_creds(const char *buf, CREDENTIALS *creds) |
94 | { | 94 | { |
95 | Buffer b; | 95 | Buffer b; |
96 | char c, version, *space, *p; | 96 | u_char *space; |
97 | u_int endTime; | 97 | char c, version, *p; |
98 | int len, blen, ret; | 98 | u_int endTime, len; |
99 | int blen, ret; | ||
99 | 100 | ||
100 | ret = 0; | 101 | ret = 0; |
101 | blen = strlen(buf); | 102 | blen = strlen(buf); |
diff --git a/readconf.c b/readconf.c index 399855bd4..097d4082d 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -204,7 +204,7 @@ add_local_forward(Options *options, u_short port, const char *host, | |||
204 | u_short host_port) | 204 | u_short host_port) |
205 | { | 205 | { |
206 | Forward *fwd; | 206 | Forward *fwd; |
207 | #ifndef HAVE_CYGWIN | 207 | #ifndef NO_IPPORT_RESERVED_CONCEPT |
208 | extern uid_t original_real_uid; | 208 | extern uid_t original_real_uid; |
209 | if (port < IPPORT_RESERVED && original_real_uid != 0) | 209 | if (port < IPPORT_RESERVED && original_real_uid != 0) |
210 | fatal("Privileged ports can only be forwarded by root."); | 210 | fatal("Privileged ports can only be forwarded by root."); |
diff --git a/rijndael.c b/rijndael.c index 448048ea6..6965ca3b0 100644 --- a/rijndael.c +++ b/rijndael.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: rijndael.c,v 1.13 2001/12/19 07:18:56 deraadt Exp $ */ | 1 | /* $OpenBSD: rijndael.c,v 1.14 2002/07/10 17:53:54 deraadt Exp $ */ |
2 | 2 | ||
3 | /** | 3 | /** |
4 | * rijndael-alg-fst.c | 4 | * rijndael-alg-fst.c |
@@ -1226,7 +1226,7 @@ rijndael_set_key(rijndael_ctx *ctx, u_char *key, int bits, int encrypt) | |||
1226 | memset(ctx->dk, 0, sizeof(ctx->dk)); | 1226 | memset(ctx->dk, 0, sizeof(ctx->dk)); |
1227 | } else { | 1227 | } else { |
1228 | ctx->decrypt = 1; | 1228 | ctx->decrypt = 1; |
1229 | memcpy(ctx->dk, ctx->ek, sizeof(ctx->ek)); | 1229 | memcpy(ctx->dk, ctx->ek, sizeof(ctx->dk)); |
1230 | rijndaelKeySetupDec(ctx->dk, key, bits, ctx->Nr); | 1230 | rijndaelKeySetupDec(ctx->dk, key, bits, ctx->Nr); |
1231 | } | 1231 | } |
1232 | } | 1232 | } |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: scard.h,v 1.10 2002/03/25 17:34:27 markus Exp $ */ | 1 | /* $OpenBSD: scard.h,v 1.11 2002/06/30 21:59:45 deraadt Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
@@ -33,8 +33,8 @@ | |||
33 | #define SCARD_ERROR_NOCARD -2 | 33 | #define SCARD_ERROR_NOCARD -2 |
34 | #define SCARD_ERROR_APPLET -3 | 34 | #define SCARD_ERROR_APPLET -3 |
35 | 35 | ||
36 | Key **sc_get_keys(const char*, const char*); | 36 | Key **sc_get_keys(const char *, const char *); |
37 | void sc_close(void); | 37 | void sc_close(void); |
38 | int sc_put_key(Key *, const char*); | 38 | int sc_put_key(Key *, const char *); |
39 | 39 | ||
40 | #endif | 40 | #endif |
diff --git a/servconf.c b/servconf.c index f311ae48d..e3939df40 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: servconf.c,v 1.112 2002/06/23 09:46:51 deraadt Exp $"); | 13 | RCSID("$OpenBSD: servconf.c,v 1.115 2002/09/04 18:52:42 stevesk Exp $"); |
14 | 14 | ||
15 | #if defined(KRB4) | 15 | #if defined(KRB4) |
16 | #include <krb.h> | 16 | #include <krb.h> |
@@ -101,6 +101,7 @@ initialize_server_options(ServerOptions *options) | |||
101 | options->kbd_interactive_authentication = -1; | 101 | options->kbd_interactive_authentication = -1; |
102 | options->challenge_response_authentication = -1; | 102 | options->challenge_response_authentication = -1; |
103 | options->permit_empty_passwd = -1; | 103 | options->permit_empty_passwd = -1; |
104 | options->permit_user_env = -1; | ||
104 | options->use_login = -1; | 105 | options->use_login = -1; |
105 | options->compression = -1; | 106 | options->compression = -1; |
106 | options->allow_tcp_forwarding = -1; | 107 | options->allow_tcp_forwarding = -1; |
@@ -158,7 +159,7 @@ fill_default_server_options(ServerOptions *options) | |||
158 | if (options->server_key_bits == -1) | 159 | if (options->server_key_bits == -1) |
159 | options->server_key_bits = 768; | 160 | options->server_key_bits = 768; |
160 | if (options->login_grace_time == -1) | 161 | if (options->login_grace_time == -1) |
161 | options->login_grace_time = 600; | 162 | options->login_grace_time = 120; |
162 | if (options->key_regeneration_time == -1) | 163 | if (options->key_regeneration_time == -1) |
163 | options->key_regeneration_time = 3600; | 164 | options->key_regeneration_time = 3600; |
164 | if (options->permit_root_login == PERMIT_NOT_SET) | 165 | if (options->permit_root_login == PERMIT_NOT_SET) |
@@ -223,6 +224,8 @@ fill_default_server_options(ServerOptions *options) | |||
223 | options->challenge_response_authentication = 1; | 224 | options->challenge_response_authentication = 1; |
224 | if (options->permit_empty_passwd == -1) | 225 | if (options->permit_empty_passwd == -1) |
225 | options->permit_empty_passwd = 0; | 226 | options->permit_empty_passwd = 0; |
227 | if (options->permit_user_env == -1) | ||
228 | options->permit_user_env = 0; | ||
226 | if (options->use_login == -1) | 229 | if (options->use_login == -1) |
227 | options->use_login = 0; | 230 | options->use_login = 0; |
228 | if (options->compression == -1) | 231 | if (options->compression == -1) |
@@ -257,7 +260,7 @@ fill_default_server_options(ServerOptions *options) | |||
257 | if (use_privsep == -1) | 260 | if (use_privsep == -1) |
258 | use_privsep = 1; | 261 | use_privsep = 1; |
259 | 262 | ||
260 | #if !defined(HAVE_MMAP_ANON_SHARED) | 263 | #ifndef HAVE_MMAP |
261 | if (use_privsep && options->compression == 1) { | 264 | if (use_privsep && options->compression == 1) { |
262 | error("This platform does not support both privilege " | 265 | error("This platform does not support both privilege " |
263 | "separation and compression"); | 266 | "separation and compression"); |
@@ -291,7 +294,7 @@ typedef enum { | |||
291 | sPrintMotd, sPrintLastLog, sIgnoreRhosts, | 294 | sPrintMotd, sPrintLastLog, sIgnoreRhosts, |
292 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, | 295 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, |
293 | sStrictModes, sEmptyPasswd, sKeepAlives, | 296 | sStrictModes, sEmptyPasswd, sKeepAlives, |
294 | sUseLogin, sAllowTcpForwarding, sCompression, | 297 | sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, |
295 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, | 298 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
296 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, | 299 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
297 | sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, | 300 | sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, |
@@ -354,6 +357,7 @@ static struct { | |||
354 | { "xauthlocation", sXAuthLocation }, | 357 | { "xauthlocation", sXAuthLocation }, |
355 | { "strictmodes", sStrictModes }, | 358 | { "strictmodes", sStrictModes }, |
356 | { "permitemptypasswords", sEmptyPasswd }, | 359 | { "permitemptypasswords", sEmptyPasswd }, |
360 | { "permituserenvironment", sPermitUserEnvironment }, | ||
357 | { "uselogin", sUseLogin }, | 361 | { "uselogin", sUseLogin }, |
358 | { "compression", sCompression }, | 362 | { "compression", sCompression }, |
359 | { "keepalive", sKeepAlives }, | 363 | { "keepalive", sKeepAlives }, |
@@ -713,6 +717,10 @@ parse_flag: | |||
713 | intptr = &options->permit_empty_passwd; | 717 | intptr = &options->permit_empty_passwd; |
714 | goto parse_flag; | 718 | goto parse_flag; |
715 | 719 | ||
720 | case sPermitUserEnvironment: | ||
721 | intptr = &options->permit_user_env; | ||
722 | goto parse_flag; | ||
723 | |||
716 | case sUseLogin: | 724 | case sUseLogin: |
717 | intptr = &options->use_login; | 725 | intptr = &options->use_login; |
718 | goto parse_flag; | 726 | goto parse_flag; |
diff --git a/servconf.h b/servconf.h index c94f541d0..024987dd6 100644 --- a/servconf.h +++ b/servconf.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: servconf.h,v 1.58 2002/06/20 23:05:55 markus Exp $ */ | 1 | /* $OpenBSD: servconf.h,v 1.59 2002/07/30 17:03:55 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -97,6 +97,7 @@ typedef struct { | |||
97 | int challenge_response_authentication; | 97 | int challenge_response_authentication; |
98 | int permit_empty_passwd; /* If false, do not permit empty | 98 | int permit_empty_passwd; /* If false, do not permit empty |
99 | * passwords. */ | 99 | * passwords. */ |
100 | int permit_user_env; /* If true, read ~/.ssh/environment */ | ||
100 | int use_login; /* If true, login(1) is used */ | 101 | int use_login; /* If true, login(1) is used */ |
101 | int compression; /* If true, compression is allowed */ | 102 | int compression; /* If true, compression is allowed */ |
102 | int allow_tcp_forwarding; | 103 | int allow_tcp_forwarding; |
diff --git a/serverloop.c b/serverloop.c index d327ff702..e66d529e9 100644 --- a/serverloop.c +++ b/serverloop.c | |||
@@ -35,13 +35,14 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: serverloop.c,v 1.103 2002/06/24 14:33:27 markus Exp $"); | 38 | RCSID("$OpenBSD: serverloop.c,v 1.104 2002/09/19 16:03:15 stevesk Exp $"); |
39 | 39 | ||
40 | #include "xmalloc.h" | 40 | #include "xmalloc.h" |
41 | #include "packet.h" | 41 | #include "packet.h" |
42 | #include "buffer.h" | 42 | #include "buffer.h" |
43 | #include "log.h" | 43 | #include "log.h" |
44 | #include "servconf.h" | 44 | #include "servconf.h" |
45 | #include "canohost.h" | ||
45 | #include "sshpty.h" | 46 | #include "sshpty.h" |
46 | #include "channels.h" | 47 | #include "channels.h" |
47 | #include "compat.h" | 48 | #include "compat.h" |
@@ -143,7 +144,9 @@ sigchld_handler(int sig) | |||
143 | int save_errno = errno; | 144 | int save_errno = errno; |
144 | debug("Received SIGCHLD."); | 145 | debug("Received SIGCHLD."); |
145 | child_terminated = 1; | 146 | child_terminated = 1; |
147 | #ifndef _UNICOS | ||
146 | mysignal(SIGCHLD, sigchld_handler); | 148 | mysignal(SIGCHLD, sigchld_handler); |
149 | #endif | ||
147 | notify_parent(); | 150 | notify_parent(); |
148 | errno = save_errno; | 151 | errno = save_errno; |
149 | } | 152 | } |
@@ -347,14 +350,17 @@ process_input(fd_set * readset) | |||
347 | if (FD_ISSET(connection_in, readset)) { | 350 | if (FD_ISSET(connection_in, readset)) { |
348 | len = read(connection_in, buf, sizeof(buf)); | 351 | len = read(connection_in, buf, sizeof(buf)); |
349 | if (len == 0) { | 352 | if (len == 0) { |
350 | verbose("Connection closed by remote host."); | 353 | verbose("Connection closed by %.100s", |
354 | get_remote_ipaddr()); | ||
351 | connection_closed = 1; | 355 | connection_closed = 1; |
352 | if (compat20) | 356 | if (compat20) |
353 | return; | 357 | return; |
354 | fatal_cleanup(); | 358 | fatal_cleanup(); |
355 | } else if (len < 0) { | 359 | } else if (len < 0) { |
356 | if (errno != EINTR && errno != EAGAIN) { | 360 | if (errno != EINTR && errno != EAGAIN) { |
357 | verbose("Read error from remote host: %.100s", strerror(errno)); | 361 | verbose("Read error from remote host " |
362 | "%.100s: %.100s", | ||
363 | get_remote_ipaddr(), strerror(errno)); | ||
358 | fatal_cleanup(); | 364 | fatal_cleanup(); |
359 | } | 365 | } |
360 | } else { | 366 | } else { |
@@ -972,8 +978,11 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) | |||
972 | 978 | ||
973 | /* check permissions */ | 979 | /* check permissions */ |
974 | if (!options.allow_tcp_forwarding || | 980 | if (!options.allow_tcp_forwarding || |
975 | no_port_forwarding_flag || | 981 | no_port_forwarding_flag |
976 | (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)) { | 982 | #ifndef NO_IPPORT_RESERVED_CONCEPT |
983 | || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0) | ||
984 | #endif | ||
985 | ) { | ||
977 | success = 0; | 986 | success = 0; |
978 | packet_send_debug("Server has disabled port forwarding."); | 987 | packet_send_debug("Server has disabled port forwarding."); |
979 | } else { | 988 | } else { |
@@ -33,7 +33,7 @@ | |||
33 | */ | 33 | */ |
34 | 34 | ||
35 | #include "includes.h" | 35 | #include "includes.h" |
36 | RCSID("$OpenBSD: session.c,v 1.142 2002/06/26 13:49:26 deraadt Exp $"); | 36 | RCSID("$OpenBSD: session.c,v 1.150 2002/09/16 19:55:33 stevesk Exp $"); |
37 | 37 | ||
38 | #include "ssh.h" | 38 | #include "ssh.h" |
39 | #include "ssh1.h" | 39 | #include "ssh1.h" |
@@ -210,13 +210,6 @@ do_authenticated(Authctxt *authctxt) | |||
210 | close(startup_pipe); | 210 | close(startup_pipe); |
211 | startup_pipe = -1; | 211 | startup_pipe = -1; |
212 | } | 212 | } |
213 | #ifdef WITH_AIXAUTHENTICATE | ||
214 | /* We don't have a pty yet, so just label the line as "ssh" */ | ||
215 | if (loginsuccess(authctxt->user, | ||
216 | get_canonical_hostname(options.verify_reverse_mapping), | ||
217 | "ssh", &aixloginmsg) < 0) | ||
218 | aixloginmsg = NULL; | ||
219 | #endif /* WITH_AIXAUTHENTICATE */ | ||
220 | 213 | ||
221 | /* setup the channel layer */ | 214 | /* setup the channel layer */ |
222 | if (!no_port_forwarding_flag && options.allow_tcp_forwarding) | 215 | if (!no_port_forwarding_flag && options.allow_tcp_forwarding) |
@@ -470,6 +463,8 @@ do_exec_no_pty(Session *s, const char *command) | |||
470 | 463 | ||
471 | /* Fork the child. */ | 464 | /* Fork the child. */ |
472 | if ((pid = fork()) == 0) { | 465 | if ((pid = fork()) == 0) { |
466 | fatal_remove_all_cleanups(); | ||
467 | |||
473 | /* Child. Reinitialize the log since the pid has changed. */ | 468 | /* Child. Reinitialize the log since the pid has changed. */ |
474 | log_init(__progname, options.log_level, options.log_facility, log_stderr); | 469 | log_init(__progname, options.log_level, options.log_facility, log_stderr); |
475 | 470 | ||
@@ -517,10 +512,17 @@ do_exec_no_pty(Session *s, const char *command) | |||
517 | perror("dup2 stderr"); | 512 | perror("dup2 stderr"); |
518 | #endif /* USE_PIPES */ | 513 | #endif /* USE_PIPES */ |
519 | 514 | ||
515 | #ifdef _UNICOS | ||
516 | cray_init_job(s->pw); /* set up cray jid and tmpdir */ | ||
517 | #endif | ||
518 | |||
520 | /* Do processing for the child (exec command etc). */ | 519 | /* Do processing for the child (exec command etc). */ |
521 | do_child(s, command); | 520 | do_child(s, command); |
522 | /* NOTREACHED */ | 521 | /* NOTREACHED */ |
523 | } | 522 | } |
523 | #ifdef _UNICOS | ||
524 | signal(WJSIGNAL, cray_job_termination_handler); | ||
525 | #endif /* _UNICOS */ | ||
524 | #ifdef HAVE_CYGWIN | 526 | #ifdef HAVE_CYGWIN |
525 | if (is_winnt) | 527 | if (is_winnt) |
526 | cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); | 528 | cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); |
@@ -585,6 +587,7 @@ do_exec_pty(Session *s, const char *command) | |||
585 | 587 | ||
586 | /* Fork the child. */ | 588 | /* Fork the child. */ |
587 | if ((pid = fork()) == 0) { | 589 | if ((pid = fork()) == 0) { |
590 | fatal_remove_all_cleanups(); | ||
588 | 591 | ||
589 | /* Child. Reinitialize the log because the pid has changed. */ | 592 | /* Child. Reinitialize the log because the pid has changed. */ |
590 | log_init(__progname, options.log_level, options.log_facility, log_stderr); | 593 | log_init(__progname, options.log_level, options.log_facility, log_stderr); |
@@ -607,8 +610,12 @@ do_exec_pty(Session *s, const char *command) | |||
607 | 610 | ||
608 | /* record login, etc. similar to login(1) */ | 611 | /* record login, etc. similar to login(1) */ |
609 | #ifndef HAVE_OSF_SIA | 612 | #ifndef HAVE_OSF_SIA |
610 | if (!(options.use_login && command == NULL)) | 613 | if (!(options.use_login && command == NULL)) { |
614 | #ifdef _UNICOS | ||
615 | cray_init_job(s->pw); /* set up cray jid and tmpdir */ | ||
616 | #endif /* _UNICOS */ | ||
611 | do_login(s, command); | 617 | do_login(s, command); |
618 | } | ||
612 | # ifdef LOGIN_NEEDS_UTMPX | 619 | # ifdef LOGIN_NEEDS_UTMPX |
613 | else | 620 | else |
614 | do_pre_login(s); | 621 | do_pre_login(s); |
@@ -619,6 +626,9 @@ do_exec_pty(Session *s, const char *command) | |||
619 | do_child(s, command); | 626 | do_child(s, command); |
620 | /* NOTREACHED */ | 627 | /* NOTREACHED */ |
621 | } | 628 | } |
629 | #ifdef _UNICOS | ||
630 | signal(WJSIGNAL, cray_job_termination_handler); | ||
631 | #endif /* _UNICOS */ | ||
622 | #ifdef HAVE_CYGWIN | 632 | #ifdef HAVE_CYGWIN |
623 | if (is_winnt) | 633 | if (is_winnt) |
624 | cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); | 634 | cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); |
@@ -668,8 +678,8 @@ do_pre_login(Session *s) | |||
668 | * the address be 0.0.0.0. | 678 | * the address be 0.0.0.0. |
669 | */ | 679 | */ |
670 | memset(&from, 0, sizeof(from)); | 680 | memset(&from, 0, sizeof(from)); |
681 | fromlen = sizeof(from); | ||
671 | if (packet_connection_is_on_socket()) { | 682 | if (packet_connection_is_on_socket()) { |
672 | fromlen = sizeof(from); | ||
673 | if (getpeername(packet_get_connection_in(), | 683 | if (getpeername(packet_get_connection_in(), |
674 | (struct sockaddr *) & from, &fromlen) < 0) { | 684 | (struct sockaddr *) & from, &fromlen) < 0) { |
675 | debug("getpeername: %.100s", strerror(errno)); | 685 | debug("getpeername: %.100s", strerror(errno)); |
@@ -734,7 +744,7 @@ do_login(Session *s, const char *command) | |||
734 | record_login(pid, s->tty, pw->pw_name, pw->pw_uid, | 744 | record_login(pid, s->tty, pw->pw_name, pw->pw_uid, |
735 | get_remote_name_or_ip(utmp_len, | 745 | get_remote_name_or_ip(utmp_len, |
736 | options.verify_reverse_mapping), | 746 | options.verify_reverse_mapping), |
737 | (struct sockaddr *)&from); | 747 | (struct sockaddr *)&from, fromlen); |
738 | 748 | ||
739 | #ifdef USE_PAM | 749 | #ifdef USE_PAM |
740 | /* | 750 | /* |
@@ -759,6 +769,7 @@ do_login(Session *s, const char *command) | |||
759 | printf("%s\n", aixloginmsg); | 769 | printf("%s\n", aixloginmsg); |
760 | #endif /* WITH_AIXAUTHENTICATE */ | 770 | #endif /* WITH_AIXAUTHENTICATE */ |
761 | 771 | ||
772 | #ifndef NO_SSH_LASTLOG | ||
762 | if (options.print_lastlog && s->last_login_time != 0) { | 773 | if (options.print_lastlog && s->last_login_time != 0) { |
763 | time_string = ctime(&s->last_login_time); | 774 | time_string = ctime(&s->last_login_time); |
764 | if (strchr(time_string, '\n')) | 775 | if (strchr(time_string, '\n')) |
@@ -769,6 +780,7 @@ do_login(Session *s, const char *command) | |||
769 | printf("Last login: %s from %s\r\n", time_string, | 780 | printf("Last login: %s from %s\r\n", time_string, |
770 | s->hostname); | 781 | s->hostname); |
771 | } | 782 | } |
783 | #endif /* NO_SSH_LASTLOG */ | ||
772 | 784 | ||
773 | do_motd(); | 785 | do_motd(); |
774 | } | 786 | } |
@@ -959,8 +971,10 @@ do_setup_env(Session *s, const char *shell) | |||
959 | child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); | 971 | child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); |
960 | child_set_env(&env, &envsize, "HOME", pw->pw_dir); | 972 | child_set_env(&env, &envsize, "HOME", pw->pw_dir); |
961 | #ifdef HAVE_LOGIN_CAP | 973 | #ifdef HAVE_LOGIN_CAP |
962 | (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH); | 974 | if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0) |
963 | child_set_env(&env, &envsize, "PATH", getenv("PATH")); | 975 | child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); |
976 | else | ||
977 | child_set_env(&env, &envsize, "PATH", getenv("PATH")); | ||
964 | #else /* HAVE_LOGIN_CAP */ | 978 | #else /* HAVE_LOGIN_CAP */ |
965 | # ifndef HAVE_CYGWIN | 979 | # ifndef HAVE_CYGWIN |
966 | /* | 980 | /* |
@@ -992,13 +1006,13 @@ do_setup_env(Session *s, const char *shell) | |||
992 | if (!options.use_login) { | 1006 | if (!options.use_login) { |
993 | while (custom_environment) { | 1007 | while (custom_environment) { |
994 | struct envstring *ce = custom_environment; | 1008 | struct envstring *ce = custom_environment; |
995 | char *s = ce->s; | 1009 | char *str = ce->s; |
996 | 1010 | ||
997 | for (i = 0; s[i] != '=' && s[i]; i++) | 1011 | for (i = 0; str[i] != '=' && str[i]; i++) |
998 | ; | 1012 | ; |
999 | if (s[i] == '=') { | 1013 | if (str[i] == '=') { |
1000 | s[i] = 0; | 1014 | str[i] = 0; |
1001 | child_set_env(&env, &envsize, s, s + i + 1); | 1015 | child_set_env(&env, &envsize, str, str + i + 1); |
1002 | } | 1016 | } |
1003 | custom_environment = ce->next; | 1017 | custom_environment = ce->next; |
1004 | xfree(ce->s); | 1018 | xfree(ce->s); |
@@ -1006,10 +1020,16 @@ do_setup_env(Session *s, const char *shell) | |||
1006 | } | 1020 | } |
1007 | } | 1021 | } |
1008 | 1022 | ||
1023 | /* SSH_CLIENT deprecated */ | ||
1009 | snprintf(buf, sizeof buf, "%.50s %d %d", | 1024 | snprintf(buf, sizeof buf, "%.50s %d %d", |
1010 | get_remote_ipaddr(), get_remote_port(), get_local_port()); | 1025 | get_remote_ipaddr(), get_remote_port(), get_local_port()); |
1011 | child_set_env(&env, &envsize, "SSH_CLIENT", buf); | 1026 | child_set_env(&env, &envsize, "SSH_CLIENT", buf); |
1012 | 1027 | ||
1028 | snprintf(buf, sizeof buf, "%.50s %d %.50s %d", | ||
1029 | get_remote_ipaddr(), get_remote_port(), | ||
1030 | get_local_ipaddr(packet_get_connection_in()), get_local_port()); | ||
1031 | child_set_env(&env, &envsize, "SSH_CONNECTION", buf); | ||
1032 | |||
1013 | if (s->ttyfd != -1) | 1033 | if (s->ttyfd != -1) |
1014 | child_set_env(&env, &envsize, "SSH_TTY", s->tty); | 1034 | child_set_env(&env, &envsize, "SSH_TTY", s->tty); |
1015 | if (s->term) | 1035 | if (s->term) |
@@ -1020,6 +1040,11 @@ do_setup_env(Session *s, const char *shell) | |||
1020 | child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", | 1040 | child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", |
1021 | original_command); | 1041 | original_command); |
1022 | 1042 | ||
1043 | #ifdef _UNICOS | ||
1044 | if (cray_tmpdir[0] != '\0') | ||
1045 | child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir); | ||
1046 | #endif /* _UNICOS */ | ||
1047 | |||
1023 | #ifdef _AIX | 1048 | #ifdef _AIX |
1024 | { | 1049 | { |
1025 | char *cp; | 1050 | char *cp; |
@@ -1042,8 +1067,17 @@ do_setup_env(Session *s, const char *shell) | |||
1042 | s->authctxt->krb5_ticket_file); | 1067 | s->authctxt->krb5_ticket_file); |
1043 | #endif | 1068 | #endif |
1044 | #ifdef USE_PAM | 1069 | #ifdef USE_PAM |
1045 | /* Pull in any environment variables that may have been set by PAM. */ | 1070 | /* |
1046 | copy_environment(fetch_pam_environment(), &env, &envsize); | 1071 | * Pull in any environment variables that may have |
1072 | * been set by PAM. | ||
1073 | */ | ||
1074 | { | ||
1075 | char **p; | ||
1076 | |||
1077 | p = fetch_pam_environment(); | ||
1078 | copy_environment(p, &env, &envsize); | ||
1079 | free_pam_environment(p); | ||
1080 | } | ||
1047 | #endif /* USE_PAM */ | 1081 | #endif /* USE_PAM */ |
1048 | 1082 | ||
1049 | if (auth_sock_name != NULL) | 1083 | if (auth_sock_name != NULL) |
@@ -1051,9 +1085,9 @@ do_setup_env(Session *s, const char *shell) | |||
1051 | auth_sock_name); | 1085 | auth_sock_name); |
1052 | 1086 | ||
1053 | /* read $HOME/.ssh/environment. */ | 1087 | /* read $HOME/.ssh/environment. */ |
1054 | if (!options.use_login) { | 1088 | if (options.permit_user_env && !options.use_login) { |
1055 | snprintf(buf, sizeof buf, "%.200s/.ssh/environment", | 1089 | snprintf(buf, sizeof buf, "%.200s/.ssh/environment", |
1056 | pw->pw_dir); | 1090 | strcmp(pw->pw_dir, "/") ? pw->pw_dir : ""); |
1057 | read_environment_file(&env, &envsize, buf); | 1091 | read_environment_file(&env, &envsize, buf); |
1058 | } | 1092 | } |
1059 | if (debug_flag) { | 1093 | if (debug_flag) { |
@@ -1148,6 +1182,8 @@ do_nologin(struct passwd *pw) | |||
1148 | #endif | 1182 | #endif |
1149 | if (f) { | 1183 | if (f) { |
1150 | /* /etc/nologin exists. Print its contents and exit. */ | 1184 | /* /etc/nologin exists. Print its contents and exit. */ |
1185 | log("User %.100s not allowed because %s exists", | ||
1186 | pw->pw_name, _PATH_NOLOGIN); | ||
1151 | while (fgets(buf, sizeof(buf), f)) | 1187 | while (fgets(buf, sizeof(buf), f)) |
1152 | fputs(buf, stderr); | 1188 | fputs(buf, stderr); |
1153 | fclose(f); | 1189 | fclose(f); |
@@ -1159,8 +1195,6 @@ do_nologin(struct passwd *pw) | |||
1159 | void | 1195 | void |
1160 | do_setusercontext(struct passwd *pw) | 1196 | do_setusercontext(struct passwd *pw) |
1161 | { | 1197 | { |
1162 | char tty='\0'; | ||
1163 | |||
1164 | #ifdef HAVE_CYGWIN | 1198 | #ifdef HAVE_CYGWIN |
1165 | if (is_winnt) { | 1199 | if (is_winnt) { |
1166 | #else /* HAVE_CYGWIN */ | 1200 | #else /* HAVE_CYGWIN */ |
@@ -1170,9 +1204,9 @@ do_setusercontext(struct passwd *pw) | |||
1170 | setpcred(pw->pw_name); | 1204 | setpcred(pw->pw_name); |
1171 | #endif /* HAVE_SETPCRED */ | 1205 | #endif /* HAVE_SETPCRED */ |
1172 | #ifdef HAVE_LOGIN_CAP | 1206 | #ifdef HAVE_LOGIN_CAP |
1173 | #ifdef __bsdi__ | 1207 | # ifdef __bsdi__ |
1174 | setpgid(0, 0); | 1208 | setpgid(0, 0); |
1175 | #endif | 1209 | # endif |
1176 | if (setusercontext(lc, pw, pw->pw_uid, | 1210 | if (setusercontext(lc, pw, pw->pw_uid, |
1177 | (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) { | 1211 | (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) { |
1178 | perror("unable to set user context"); | 1212 | perror("unable to set user context"); |
@@ -1209,8 +1243,7 @@ do_setusercontext(struct passwd *pw) | |||
1209 | irix_setusercontext(pw); | 1243 | irix_setusercontext(pw); |
1210 | # endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */ | 1244 | # endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */ |
1211 | # ifdef _AIX | 1245 | # ifdef _AIX |
1212 | /* XXX: Disable tty setting. Enabled if required later */ | 1246 | aix_usrinfo(pw); |
1213 | aix_usrinfo(pw, &tty, -1); | ||
1214 | # endif /* _AIX */ | 1247 | # endif /* _AIX */ |
1215 | /* Permanently switch to the desired uid. */ | 1248 | /* Permanently switch to the desired uid. */ |
1216 | permanently_set_uid(pw); | 1249 | permanently_set_uid(pw); |
@@ -1263,6 +1296,10 @@ do_child(Session *s, const char *command) | |||
1263 | if (options.use_login && command != NULL) | 1296 | if (options.use_login && command != NULL) |
1264 | options.use_login = 0; | 1297 | options.use_login = 0; |
1265 | 1298 | ||
1299 | #ifdef _UNICOS | ||
1300 | cray_setup(pw->pw_uid, pw->pw_name, command); | ||
1301 | #endif /* _UNICOS */ | ||
1302 | |||
1266 | /* | 1303 | /* |
1267 | * Login(1) does this as well, and it needs uid 0 for the "-h" | 1304 | * Login(1) does this as well, and it needs uid 0 for the "-h" |
1268 | * switch, so we let login(1) to this for us. | 1305 | * switch, so we let login(1) to this for us. |
@@ -1798,6 +1835,27 @@ session_pty_cleanup(void *session) | |||
1798 | PRIVSEP(session_pty_cleanup2(session)); | 1835 | PRIVSEP(session_pty_cleanup2(session)); |
1799 | } | 1836 | } |
1800 | 1837 | ||
1838 | static char * | ||
1839 | sig2name(int sig) | ||
1840 | { | ||
1841 | #define SSH_SIG(x) if (sig == SIG ## x) return #x | ||
1842 | SSH_SIG(ABRT); | ||
1843 | SSH_SIG(ALRM); | ||
1844 | SSH_SIG(FPE); | ||
1845 | SSH_SIG(HUP); | ||
1846 | SSH_SIG(ILL); | ||
1847 | SSH_SIG(INT); | ||
1848 | SSH_SIG(KILL); | ||
1849 | SSH_SIG(PIPE); | ||
1850 | SSH_SIG(QUIT); | ||
1851 | SSH_SIG(SEGV); | ||
1852 | SSH_SIG(TERM); | ||
1853 | SSH_SIG(USR1); | ||
1854 | SSH_SIG(USR2); | ||
1855 | #undef SSH_SIG | ||
1856 | return "SIG@openssh.com"; | ||
1857 | } | ||
1858 | |||
1801 | static void | 1859 | static void |
1802 | session_exit_message(Session *s, int status) | 1860 | session_exit_message(Session *s, int status) |
1803 | { | 1861 | { |
@@ -1815,7 +1873,7 @@ session_exit_message(Session *s, int status) | |||
1815 | packet_send(); | 1873 | packet_send(); |
1816 | } else if (WIFSIGNALED(status)) { | 1874 | } else if (WIFSIGNALED(status)) { |
1817 | channel_request_start(s->chanid, "exit-signal", 0); | 1875 | channel_request_start(s->chanid, "exit-signal", 0); |
1818 | packet_put_int(WTERMSIG(status)); | 1876 | packet_put_cstring(sig2name(WTERMSIG(status))); |
1819 | #ifdef WCOREDUMP | 1877 | #ifdef WCOREDUMP |
1820 | packet_put_char(WCOREDUMP(status)); | 1878 | packet_put_char(WCOREDUMP(status)); |
1821 | #else /* WCOREDUMP */ | 1879 | #else /* WCOREDUMP */ |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: session.h,v 1.18 2002/06/23 21:06:41 deraadt Exp $ */ | 1 | /* $OpenBSD: session.h,v 1.19 2002/06/30 21:59:45 deraadt Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -57,7 +57,7 @@ struct Session { | |||
57 | 57 | ||
58 | void do_authenticated(Authctxt *); | 58 | void do_authenticated(Authctxt *); |
59 | 59 | ||
60 | int session_open(Authctxt*, int); | 60 | int session_open(Authctxt *, int); |
61 | int session_input_channel_req(Channel *, const char *); | 61 | int session_input_channel_req(Channel *, const char *); |
62 | void session_close_by_pid(pid_t, int); | 62 | void session_close_by_pid(pid_t, int); |
63 | void session_close_by_channel(int, void *); | 63 | void session_close_by_channel(int, void *); |
diff --git a/sftp-client.c b/sftp-client.c index 10b7992d0..f6a73f379 100644 --- a/sftp-client.c +++ b/sftp-client.c | |||
@@ -28,9 +28,9 @@ | |||
28 | /* XXX: copy between two remote sites */ | 28 | /* XXX: copy between two remote sites */ |
29 | 29 | ||
30 | #include "includes.h" | 30 | #include "includes.h" |
31 | RCSID("$OpenBSD: sftp-client.c,v 1.33 2002/06/23 09:30:14 deraadt Exp $"); | 31 | RCSID("$OpenBSD: sftp-client.c,v 1.35 2002/09/11 22:41:49 djm Exp $"); |
32 | 32 | ||
33 | #include "openbsd-compat/fake-queue.h" | 33 | #include "openbsd-compat/sys-queue.h" |
34 | 34 | ||
35 | #include "buffer.h" | 35 | #include "buffer.h" |
36 | #include "bufaux.h" | 36 | #include "bufaux.h" |
@@ -415,12 +415,6 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, | |||
415 | } | 415 | } |
416 | 416 | ||
417 | int | 417 | int |
418 | do_ls(struct sftp_conn *conn, char *path) | ||
419 | { | ||
420 | return(do_lsreaddir(conn, path, 1, NULL)); | ||
421 | } | ||
422 | |||
423 | int | ||
424 | do_readdir(struct sftp_conn *conn, char *path, SFTP_DIRENT ***dir) | 418 | do_readdir(struct sftp_conn *conn, char *path, SFTP_DIRENT ***dir) |
425 | { | 419 | { |
426 | return(do_lsreaddir(conn, path, 0, dir)); | 420 | return(do_lsreaddir(conn, path, 0, dir)); |
@@ -1095,7 +1089,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, | |||
1095 | debug3("In write loop, ack for %u %u bytes at %llu", | 1089 | debug3("In write loop, ack for %u %u bytes at %llu", |
1096 | ack->id, ack->len, (unsigned long long)ack->offset); | 1090 | ack->id, ack->len, (unsigned long long)ack->offset); |
1097 | ++ackid; | 1091 | ++ackid; |
1098 | free(ack); | 1092 | xfree(ack); |
1099 | } | 1093 | } |
1100 | offset += len; | 1094 | offset += len; |
1101 | } | 1095 | } |
diff --git a/sftp-client.h b/sftp-client.h index b06171168..98e08ffa7 100644 --- a/sftp-client.h +++ b/sftp-client.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp-client.h,v 1.10 2002/06/23 09:30:14 deraadt Exp $ */ | 1 | /* $OpenBSD: sftp-client.h,v 1.11 2002/09/11 22:41:50 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001,2002 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2001,2002 Damien Miller. All rights reserved. |
@@ -48,9 +48,6 @@ u_int sftp_proto_version(struct sftp_conn *); | |||
48 | /* Close file referred to by 'handle' */ | 48 | /* Close file referred to by 'handle' */ |
49 | int do_close(struct sftp_conn *, char *, u_int); | 49 | int do_close(struct sftp_conn *, char *, u_int); |
50 | 50 | ||
51 | /* List contents of directory 'path' to stdout */ | ||
52 | int do_ls(struct sftp_conn *, char *); | ||
53 | |||
54 | /* Read contents of 'path' to NULL-terminated array 'dir' */ | 51 | /* Read contents of 'path' to NULL-terminated array 'dir' */ |
55 | int do_readdir(struct sftp_conn *, char *, SFTP_DIRENT ***); | 52 | int do_readdir(struct sftp_conn *, char *, SFTP_DIRENT ***); |
56 | 53 | ||
diff --git a/sftp-common.c b/sftp-common.c index 6bed0ab8a..082345486 100644 --- a/sftp-common.c +++ b/sftp-common.c | |||
@@ -24,7 +24,7 @@ | |||
24 | */ | 24 | */ |
25 | 25 | ||
26 | #include "includes.h" | 26 | #include "includes.h" |
27 | RCSID("$OpenBSD: sftp-common.c,v 1.6 2002/06/23 09:30:14 deraadt Exp $"); | 27 | RCSID("$OpenBSD: sftp-common.c,v 1.7 2002/09/11 22:41:50 djm Exp $"); |
28 | 28 | ||
29 | #include "buffer.h" | 29 | #include "buffer.h" |
30 | #include "bufaux.h" | 30 | #include "bufaux.h" |
@@ -65,6 +65,26 @@ stat_to_attrib(struct stat *st, Attrib *a) | |||
65 | a->mtime = st->st_mtime; | 65 | a->mtime = st->st_mtime; |
66 | } | 66 | } |
67 | 67 | ||
68 | /* Convert from filexfer attribs to struct stat */ | ||
69 | void | ||
70 | attrib_to_stat(Attrib *a, struct stat *st) | ||
71 | { | ||
72 | memset(st, 0, sizeof(*st)); | ||
73 | |||
74 | if (a->flags & SSH2_FILEXFER_ATTR_SIZE) | ||
75 | st->st_size = a->size; | ||
76 | if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) { | ||
77 | st->st_uid = a->uid; | ||
78 | st->st_gid = a->gid; | ||
79 | } | ||
80 | if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) | ||
81 | st->st_mode = a->perm; | ||
82 | if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) { | ||
83 | st->st_atime = a->atime; | ||
84 | st->st_mtime = a->mtime; | ||
85 | } | ||
86 | } | ||
87 | |||
68 | /* Decode attributes in buffer */ | 88 | /* Decode attributes in buffer */ |
69 | Attrib * | 89 | Attrib * |
70 | decode_attrib(Buffer *b) | 90 | decode_attrib(Buffer *b) |
@@ -149,3 +169,45 @@ fx2txt(int status) | |||
149 | } | 169 | } |
150 | /* NOTREACHED */ | 170 | /* NOTREACHED */ |
151 | } | 171 | } |
172 | |||
173 | /* | ||
174 | * drwxr-xr-x 5 markus markus 1024 Jan 13 18:39 .ssh | ||
175 | */ | ||
176 | char * | ||
177 | ls_file(char *name, struct stat *st, int remote) | ||
178 | { | ||
179 | int ulen, glen, sz = 0; | ||
180 | struct passwd *pw; | ||
181 | struct group *gr; | ||
182 | struct tm *ltime = localtime(&st->st_mtime); | ||
183 | char *user, *group; | ||
184 | char buf[1024], mode[11+1], tbuf[12+1], ubuf[11+1], gbuf[11+1]; | ||
185 | |||
186 | strmode(st->st_mode, mode); | ||
187 | if (!remote && (pw = getpwuid(st->st_uid)) != NULL) { | ||
188 | user = pw->pw_name; | ||
189 | } else { | ||
190 | snprintf(ubuf, sizeof ubuf, "%u", (u_int)st->st_uid); | ||
191 | user = ubuf; | ||
192 | } | ||
193 | if (!remote && (gr = getgrgid(st->st_gid)) != NULL) { | ||
194 | group = gr->gr_name; | ||
195 | } else { | ||
196 | snprintf(gbuf, sizeof gbuf, "%u", (u_int)st->st_gid); | ||
197 | group = gbuf; | ||
198 | } | ||
199 | if (ltime != NULL) { | ||
200 | if (time(NULL) - st->st_mtime < (365*24*60*60)/2) | ||
201 | sz = strftime(tbuf, sizeof tbuf, "%b %e %H:%M", ltime); | ||
202 | else | ||
203 | sz = strftime(tbuf, sizeof tbuf, "%b %e %Y", ltime); | ||
204 | } | ||
205 | if (sz == 0) | ||
206 | tbuf[0] = '\0'; | ||
207 | ulen = MAX(strlen(user), 8); | ||
208 | glen = MAX(strlen(group), 8); | ||
209 | snprintf(buf, sizeof buf, "%s %3d %-*s %-*s %8llu %s %s", mode, | ||
210 | st->st_nlink, ulen, user, glen, group, | ||
211 | (u_int64_t)st->st_size, tbuf, name); | ||
212 | return xstrdup(buf); | ||
213 | } | ||
diff --git a/sftp-common.h b/sftp-common.h index 4c126bf10..201611cc4 100644 --- a/sftp-common.h +++ b/sftp-common.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp-common.h,v 1.3 2001/06/26 17:27:24 markus Exp $ */ | 1 | /* $OpenBSD: sftp-common.h,v 1.4 2002/09/11 22:41:50 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
@@ -40,7 +40,9 @@ struct Attrib { | |||
40 | 40 | ||
41 | void attrib_clear(Attrib *); | 41 | void attrib_clear(Attrib *); |
42 | void stat_to_attrib(struct stat *, Attrib *); | 42 | void stat_to_attrib(struct stat *, Attrib *); |
43 | void attrib_to_stat(Attrib *, struct stat *); | ||
43 | Attrib *decode_attrib(Buffer *); | 44 | Attrib *decode_attrib(Buffer *); |
44 | void encode_attrib(Buffer *, Attrib *); | 45 | void encode_attrib(Buffer *, Attrib *); |
46 | char *ls_file(char *, struct stat *, int); | ||
45 | 47 | ||
46 | const char *fx2txt(int); | 48 | const char *fx2txt(int); |
diff --git a/sftp-glob.c b/sftp-glob.c index 1234074c4..ee122a2cd 100644 --- a/sftp-glob.c +++ b/sftp-glob.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: sftp-glob.c,v 1.10 2002/02/13 00:59:23 djm Exp $"); | 26 | RCSID("$OpenBSD: sftp-glob.c,v 1.13 2002/09/11 22:41:50 djm Exp $"); |
27 | 27 | ||
28 | #include "buffer.h" | 28 | #include "buffer.h" |
29 | #include "bufaux.h" | 29 | #include "bufaux.h" |
@@ -51,12 +51,14 @@ fudge_opendir(const char *path) | |||
51 | 51 | ||
52 | r = xmalloc(sizeof(*r)); | 52 | r = xmalloc(sizeof(*r)); |
53 | 53 | ||
54 | if (do_readdir(cur.conn, (char*)path, &r->dir)) | 54 | if (do_readdir(cur.conn, (char *)path, &r->dir)) { |
55 | xfree(r); | ||
55 | return(NULL); | 56 | return(NULL); |
57 | } | ||
56 | 58 | ||
57 | r->offset = 0; | 59 | r->offset = 0; |
58 | 60 | ||
59 | return((void*)r); | 61 | return((void *)r); |
60 | } | 62 | } |
61 | 63 | ||
62 | static struct dirent * | 64 | static struct dirent * |
@@ -105,31 +107,12 @@ fudge_closedir(struct SFTP_OPENDIR *od) | |||
105 | xfree(od); | 107 | xfree(od); |
106 | } | 108 | } |
107 | 109 | ||
108 | static void | ||
109 | attrib_to_stat(Attrib *a, struct stat *st) | ||
110 | { | ||
111 | memset(st, 0, sizeof(*st)); | ||
112 | |||
113 | if (a->flags & SSH2_FILEXFER_ATTR_SIZE) | ||
114 | st->st_size = a->size; | ||
115 | if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) { | ||
116 | st->st_uid = a->uid; | ||
117 | st->st_gid = a->gid; | ||
118 | } | ||
119 | if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) | ||
120 | st->st_mode = a->perm; | ||
121 | if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) { | ||
122 | st->st_atime = a->atime; | ||
123 | st->st_mtime = a->mtime; | ||
124 | } | ||
125 | } | ||
126 | |||
127 | static int | 110 | static int |
128 | fudge_lstat(const char *path, struct stat *st) | 111 | fudge_lstat(const char *path, struct stat *st) |
129 | { | 112 | { |
130 | Attrib *a; | 113 | Attrib *a; |
131 | 114 | ||
132 | if (!(a = do_lstat(cur.conn, (char*)path, 0))) | 115 | if (!(a = do_lstat(cur.conn, (char *)path, 0))) |
133 | return(-1); | 116 | return(-1); |
134 | 117 | ||
135 | attrib_to_stat(a, st); | 118 | attrib_to_stat(a, st); |
@@ -142,7 +125,7 @@ fudge_stat(const char *path, struct stat *st) | |||
142 | { | 125 | { |
143 | Attrib *a; | 126 | Attrib *a; |
144 | 127 | ||
145 | if (!(a = do_stat(cur.conn, (char*)path, 0))) | 128 | if (!(a = do_stat(cur.conn, (char *)path, 0))) |
146 | return(-1); | 129 | return(-1); |
147 | 130 | ||
148 | attrib_to_stat(a, st); | 131 | attrib_to_stat(a, st); |
diff --git a/sftp-glob.h b/sftp-glob.h index 9c754912c..f879e8719 100644 --- a/sftp-glob.h +++ b/sftp-glob.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp-glob.h,v 1.7 2002/03/19 10:49:35 markus Exp $ */ | 1 | /* $OpenBSD: sftp-glob.h,v 1.8 2002/09/11 22:41:50 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001,2002 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2001,2002 Damien Miller. All rights reserved. |
@@ -31,8 +31,7 @@ | |||
31 | 31 | ||
32 | #include "sftp-client.h" | 32 | #include "sftp-client.h" |
33 | 33 | ||
34 | int | 34 | int remote_glob(struct sftp_conn *, const char *, int, |
35 | remote_glob(struct sftp_conn *, const char *, int, | ||
36 | int (*)(const char *, int), glob_t *); | 35 | int (*)(const char *, int), glob_t *); |
37 | 36 | ||
38 | #endif | 37 | #endif |
diff --git a/sftp-int.c b/sftp-int.c index b13e5da5d..6a2012910 100644 --- a/sftp-int.c +++ b/sftp-int.c | |||
@@ -22,11 +22,10 @@ | |||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
23 | */ | 23 | */ |
24 | 24 | ||
25 | /* XXX: globbed ls */ | ||
26 | /* XXX: recursive operations */ | 25 | /* XXX: recursive operations */ |
27 | 26 | ||
28 | #include "includes.h" | 27 | #include "includes.h" |
29 | RCSID("$OpenBSD: sftp-int.c,v 1.47 2002/06/23 09:30:14 deraadt Exp $"); | 28 | RCSID("$OpenBSD: sftp-int.c,v 1.49 2002/09/12 00:13:06 djm Exp $"); |
30 | 29 | ||
31 | #include "buffer.h" | 30 | #include "buffer.h" |
32 | #include "xmalloc.h" | 31 | #include "xmalloc.h" |
@@ -201,6 +200,25 @@ local_do_ls(const char *args) | |||
201 | } | 200 | } |
202 | } | 201 | } |
203 | 202 | ||
203 | /* Strip one path (usually the pwd) from the start of another */ | ||
204 | static char * | ||
205 | path_strip(char *path, char *strip) | ||
206 | { | ||
207 | size_t len; | ||
208 | |||
209 | if (strip == NULL) | ||
210 | return (xstrdup(path)); | ||
211 | |||
212 | len = strlen(strip); | ||
213 | if (strip != NULL && strncmp(path, strip, len) == 0) { | ||
214 | if (strip[len - 1] != '/' && path[len] == '/') | ||
215 | len++; | ||
216 | return (xstrdup(path + len)); | ||
217 | } | ||
218 | |||
219 | return (xstrdup(path)); | ||
220 | } | ||
221 | |||
204 | static char * | 222 | static char * |
205 | path_append(char *p1, char *p2) | 223 | path_append(char *p1, char *p2) |
206 | { | 224 | { |
@@ -209,7 +227,7 @@ path_append(char *p1, char *p2) | |||
209 | 227 | ||
210 | ret = xmalloc(len); | 228 | ret = xmalloc(len); |
211 | strlcpy(ret, p1, len); | 229 | strlcpy(ret, p1, len); |
212 | if (strcmp(p1, "/") != 0) | 230 | if (p1[strlen(p1) - 1] != '/') |
213 | strlcat(ret, "/", len); | 231 | strlcat(ret, "/", len); |
214 | strlcat(ret, p2, len); | 232 | strlcat(ret, p2, len); |
215 | 233 | ||
@@ -274,6 +292,29 @@ parse_getput_flags(const char **cpp, int *pflag) | |||
274 | } | 292 | } |
275 | 293 | ||
276 | static int | 294 | static int |
295 | parse_ls_flags(const char **cpp, int *lflag) | ||
296 | { | ||
297 | const char *cp = *cpp; | ||
298 | |||
299 | /* Check for flags */ | ||
300 | if (cp++[0] == '-') { | ||
301 | for(; strchr(WHITESPACE, *cp) == NULL; cp++) { | ||
302 | switch (*cp) { | ||
303 | case 'l': | ||
304 | *lflag = 1; | ||
305 | break; | ||
306 | default: | ||
307 | error("Invalid flag -%c", *cp); | ||
308 | return(-1); | ||
309 | } | ||
310 | } | ||
311 | *cpp = cp + strspn(cp, WHITESPACE); | ||
312 | } | ||
313 | |||
314 | return(0); | ||
315 | } | ||
316 | |||
317 | static int | ||
277 | get_pathname(const char **cpp, char **path) | 318 | get_pathname(const char **cpp, char **path) |
278 | { | 319 | { |
279 | const char *cp = *cpp, *end; | 320 | const char *cp = *cpp, *end; |
@@ -504,8 +545,129 @@ out: | |||
504 | } | 545 | } |
505 | 546 | ||
506 | static int | 547 | static int |
507 | parse_args(const char **cpp, int *pflag, unsigned long *n_arg, | 548 | sdirent_comp(const void *aa, const void *bb) |
508 | char **path1, char **path2) | 549 | { |
550 | SFTP_DIRENT *a = *(SFTP_DIRENT **)aa; | ||
551 | SFTP_DIRENT *b = *(SFTP_DIRENT **)bb; | ||
552 | |||
553 | return (strcmp(a->filename, b->filename)); | ||
554 | } | ||
555 | |||
556 | /* sftp ls.1 replacement for directories */ | ||
557 | static int | ||
558 | do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) | ||
559 | { | ||
560 | int n; | ||
561 | SFTP_DIRENT **d; | ||
562 | |||
563 | if ((n = do_readdir(conn, path, &d)) != 0) | ||
564 | return (n); | ||
565 | |||
566 | /* Count entries for sort */ | ||
567 | for (n = 0; d[n] != NULL; n++) | ||
568 | ; | ||
569 | |||
570 | qsort(d, n, sizeof(*d), sdirent_comp); | ||
571 | |||
572 | for (n = 0; d[n] != NULL; n++) { | ||
573 | char *tmp, *fname; | ||
574 | |||
575 | tmp = path_append(path, d[n]->filename); | ||
576 | fname = path_strip(tmp, strip_path); | ||
577 | xfree(tmp); | ||
578 | |||
579 | if (lflag) { | ||
580 | char *lname; | ||
581 | struct stat sb; | ||
582 | |||
583 | memset(&sb, 0, sizeof(sb)); | ||
584 | attrib_to_stat(&d[n]->a, &sb); | ||
585 | lname = ls_file(fname, &sb, 1); | ||
586 | printf("%s\n", lname); | ||
587 | xfree(lname); | ||
588 | } else { | ||
589 | /* XXX - multicolumn display would be nice here */ | ||
590 | printf("%s\n", fname); | ||
591 | } | ||
592 | |||
593 | xfree(fname); | ||
594 | } | ||
595 | |||
596 | free_sftp_dirents(d); | ||
597 | return (0); | ||
598 | } | ||
599 | |||
600 | /* sftp ls.1 replacement which handles path globs */ | ||
601 | static int | ||
602 | do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, | ||
603 | int lflag) | ||
604 | { | ||
605 | glob_t g; | ||
606 | int i; | ||
607 | Attrib *a; | ||
608 | struct stat sb; | ||
609 | |||
610 | memset(&g, 0, sizeof(g)); | ||
611 | |||
612 | if (remote_glob(conn, path, GLOB_MARK|GLOB_NOCHECK|GLOB_BRACE, | ||
613 | NULL, &g)) { | ||
614 | error("Can't ls: \"%s\" not found", path); | ||
615 | return (-1); | ||
616 | } | ||
617 | |||
618 | /* | ||
619 | * If the glob returns a single match, which is the same as the | ||
620 | * input glob, and it is a directory, then just list its contents | ||
621 | */ | ||
622 | if (g.gl_pathc == 1 && | ||
623 | strncmp(path, g.gl_pathv[0], strlen(g.gl_pathv[0]) - 1) == 0) { | ||
624 | if ((a = do_lstat(conn, path, 1)) == NULL) { | ||
625 | globfree(&g); | ||
626 | return (-1); | ||
627 | } | ||
628 | if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) && | ||
629 | S_ISDIR(a->perm)) { | ||
630 | globfree(&g); | ||
631 | return (do_ls_dir(conn, path, strip_path, lflag)); | ||
632 | } | ||
633 | } | ||
634 | |||
635 | for (i = 0; g.gl_pathv[i]; i++) { | ||
636 | char *fname, *lname; | ||
637 | |||
638 | fname = path_strip(g.gl_pathv[i], strip_path); | ||
639 | |||
640 | if (lflag) { | ||
641 | /* | ||
642 | * XXX: this is slow - 1 roundtrip per path | ||
643 | * A solution to this is to fork glob() and | ||
644 | * build a sftp specific version which keeps the | ||
645 | * attribs (which currently get thrown away) | ||
646 | * that the server returns as well as the filenames. | ||
647 | */ | ||
648 | memset(&sb, 0, sizeof(sb)); | ||
649 | a = do_lstat(conn, g.gl_pathv[i], 1); | ||
650 | if (a != NULL) | ||
651 | attrib_to_stat(a, &sb); | ||
652 | lname = ls_file(fname, &sb, 1); | ||
653 | printf("%s\n", lname); | ||
654 | xfree(lname); | ||
655 | } else { | ||
656 | /* XXX - multicolumn display would be nice here */ | ||
657 | printf("%s\n", fname); | ||
658 | } | ||
659 | xfree(fname); | ||
660 | } | ||
661 | |||
662 | if (g.gl_pathc) | ||
663 | globfree(&g); | ||
664 | |||
665 | return (0); | ||
666 | } | ||
667 | |||
668 | static int | ||
669 | parse_args(const char **cpp, int *pflag, int *lflag, | ||
670 | unsigned long *n_arg, char **path1, char **path2) | ||
509 | { | 671 | { |
510 | const char *cmd, *cp = *cpp; | 672 | const char *cmd, *cp = *cpp; |
511 | char *cp2; | 673 | char *cp2; |
@@ -545,7 +707,7 @@ parse_args(const char **cpp, int *pflag, unsigned long *n_arg, | |||
545 | } | 707 | } |
546 | 708 | ||
547 | /* Get arguments and parse flags */ | 709 | /* Get arguments and parse flags */ |
548 | *pflag = *n_arg = 0; | 710 | *lflag = *pflag = *n_arg = 0; |
549 | *path1 = *path2 = NULL; | 711 | *path1 = *path2 = NULL; |
550 | switch (cmdnum) { | 712 | switch (cmdnum) { |
551 | case I_GET: | 713 | case I_GET: |
@@ -592,6 +754,8 @@ parse_args(const char **cpp, int *pflag, unsigned long *n_arg, | |||
592 | } | 754 | } |
593 | break; | 755 | break; |
594 | case I_LS: | 756 | case I_LS: |
757 | if (parse_ls_flags(&cp, lflag)) | ||
758 | return(-1); | ||
595 | /* Path is optional */ | 759 | /* Path is optional */ |
596 | if (get_pathname(&cp, path1)) | 760 | if (get_pathname(&cp, path1)) |
597 | return(-1); | 761 | return(-1); |
@@ -652,7 +816,7 @@ static int | |||
652 | parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd) | 816 | parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd) |
653 | { | 817 | { |
654 | char *path1, *path2, *tmp; | 818 | char *path1, *path2, *tmp; |
655 | int pflag, cmdnum, i; | 819 | int pflag, lflag, cmdnum, i; |
656 | unsigned long n_arg; | 820 | unsigned long n_arg; |
657 | Attrib a, *aa; | 821 | Attrib a, *aa; |
658 | char path_buf[MAXPATHLEN]; | 822 | char path_buf[MAXPATHLEN]; |
@@ -660,7 +824,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd) | |||
660 | glob_t g; | 824 | glob_t g; |
661 | 825 | ||
662 | path1 = path2 = NULL; | 826 | path1 = path2 = NULL; |
663 | cmdnum = parse_args(&cmd, &pflag, &n_arg, &path1, &path2); | 827 | cmdnum = parse_args(&cmd, &pflag, &lflag, &n_arg, |
828 | &path1, &path2); | ||
664 | 829 | ||
665 | memset(&g, 0, sizeof(g)); | 830 | memset(&g, 0, sizeof(g)); |
666 | 831 | ||
@@ -732,22 +897,18 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd) | |||
732 | break; | 897 | break; |
733 | case I_LS: | 898 | case I_LS: |
734 | if (!path1) { | 899 | if (!path1) { |
735 | do_ls(conn, *pwd); | 900 | do_globbed_ls(conn, *pwd, *pwd, lflag); |
736 | break; | 901 | break; |
737 | } | 902 | } |
903 | |||
904 | /* Strip pwd off beginning of non-absolute paths */ | ||
905 | tmp = NULL; | ||
906 | if (*path1 != '/') | ||
907 | tmp = *pwd; | ||
908 | |||
738 | path1 = make_absolute(path1, *pwd); | 909 | path1 = make_absolute(path1, *pwd); |
739 | if ((tmp = do_realpath(conn, path1)) == NULL) | 910 | |
740 | break; | 911 | do_globbed_ls(conn, path1, tmp, lflag); |
741 | xfree(path1); | ||
742 | path1 = tmp; | ||
743 | if ((aa = do_stat(conn, path1, 0)) == NULL) | ||
744 | break; | ||
745 | if ((aa->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) && | ||
746 | !S_ISDIR(aa->perm)) { | ||
747 | error("Can't ls: \"%s\" is not a directory", path1); | ||
748 | break; | ||
749 | } | ||
750 | do_ls(conn, path1); | ||
751 | break; | 912 | break; |
752 | case I_LCHDIR: | 913 | case I_LCHDIR: |
753 | if (chdir(path1) == -1) { | 914 | if (chdir(path1) == -1) { |
diff --git a/sftp-server.c b/sftp-server.c index a5c325561..84264693d 100644 --- a/sftp-server.c +++ b/sftp-server.c | |||
@@ -22,7 +22,7 @@ | |||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
23 | */ | 23 | */ |
24 | #include "includes.h" | 24 | #include "includes.h" |
25 | RCSID("$OpenBSD: sftp-server.c,v 1.37 2002/06/24 17:57:20 deraadt Exp $"); | 25 | RCSID("$OpenBSD: sftp-server.c,v 1.38 2002/09/11 22:41:50 djm Exp $"); |
26 | 26 | ||
27 | #include "buffer.h" | 27 | #include "buffer.h" |
28 | #include "bufaux.h" | 28 | #include "bufaux.h" |
@@ -695,48 +695,6 @@ process_opendir(void) | |||
695 | xfree(path); | 695 | xfree(path); |
696 | } | 696 | } |
697 | 697 | ||
698 | /* | ||
699 | * drwxr-xr-x 5 markus markus 1024 Jan 13 18:39 .ssh | ||
700 | */ | ||
701 | static char * | ||
702 | ls_file(char *name, struct stat *st) | ||
703 | { | ||
704 | int ulen, glen, sz = 0; | ||
705 | struct passwd *pw; | ||
706 | struct group *gr; | ||
707 | struct tm *ltime = localtime(&st->st_mtime); | ||
708 | char *user, *group; | ||
709 | char buf[1024], mode[11+1], tbuf[12+1], ubuf[11+1], gbuf[11+1]; | ||
710 | |||
711 | strmode(st->st_mode, mode); | ||
712 | if ((pw = getpwuid(st->st_uid)) != NULL) { | ||
713 | user = pw->pw_name; | ||
714 | } else { | ||
715 | snprintf(ubuf, sizeof ubuf, "%u", (u_int)st->st_uid); | ||
716 | user = ubuf; | ||
717 | } | ||
718 | if ((gr = getgrgid(st->st_gid)) != NULL) { | ||
719 | group = gr->gr_name; | ||
720 | } else { | ||
721 | snprintf(gbuf, sizeof gbuf, "%u", (u_int)st->st_gid); | ||
722 | group = gbuf; | ||
723 | } | ||
724 | if (ltime != NULL) { | ||
725 | if (time(NULL) - st->st_mtime < (365*24*60*60)/2) | ||
726 | sz = strftime(tbuf, sizeof tbuf, "%b %e %H:%M", ltime); | ||
727 | else | ||
728 | sz = strftime(tbuf, sizeof tbuf, "%b %e %Y", ltime); | ||
729 | } | ||
730 | if (sz == 0) | ||
731 | tbuf[0] = '\0'; | ||
732 | ulen = MAX(strlen(user), 8); | ||
733 | glen = MAX(strlen(group), 8); | ||
734 | snprintf(buf, sizeof buf, "%s %3d %-*s %-*s %8llu %s %s", mode, | ||
735 | st->st_nlink, ulen, user, glen, group, | ||
736 | (u_int64_t)st->st_size, tbuf, name); | ||
737 | return xstrdup(buf); | ||
738 | } | ||
739 | |||
740 | static void | 698 | static void |
741 | process_readdir(void) | 699 | process_readdir(void) |
742 | { | 700 | { |
@@ -772,7 +730,7 @@ process_readdir(void) | |||
772 | continue; | 730 | continue; |
773 | stat_to_attrib(&st, &(stats[count].attrib)); | 731 | stat_to_attrib(&st, &(stats[count].attrib)); |
774 | stats[count].name = xstrdup(dp->d_name); | 732 | stats[count].name = xstrdup(dp->d_name); |
775 | stats[count].long_name = ls_file(dp->d_name, &st); | 733 | stats[count].long_name = ls_file(dp->d_name, &st, 0); |
776 | count++; | 734 | count++; |
777 | /* send up to 100 entries in one message */ | 735 | /* send up to 100 entries in one message */ |
778 | /* XXX check packet size instead */ | 736 | /* XXX check packet size instead */ |
@@ -117,9 +117,11 @@ INTERACTIVE COMMANDS | |||
117 | 117 | ||
118 | lpwd Print local working directory. | 118 | lpwd Print local working directory. |
119 | 119 | ||
120 | ls [path] | 120 | ls [flags] [path] |
121 | Display remote directory listing of either path or current direcM-- | 121 | Display remote directory listing of either path or current direcM-- |
122 | tory if path is not specified. | 122 | tory if path is not specified. If the -l flag is specified, then |
123 | display additional details including permissions and ownership | ||
124 | information. | ||
123 | 125 | ||
124 | lumask umask | 126 | lumask umask |
125 | Set local umask to umask. | 127 | Set local umask to umask. |
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: sftp.1,v 1.35 2002/06/20 20:00:05 stevesk Exp $ | 1 | .\" $OpenBSD: sftp.1,v 1.36 2002/09/11 22:41:50 djm Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright (c) 2001 Damien Miller. All rights reserved. | 3 | .\" Copyright (c) 2001 Damien Miller. All rights reserved. |
4 | .\" | 4 | .\" |
@@ -203,12 +203,18 @@ to | |||
203 | .Ar newpath . | 203 | .Ar newpath . |
204 | .It Ic lpwd | 204 | .It Ic lpwd |
205 | Print local working directory. | 205 | Print local working directory. |
206 | .It Ic ls Op Ar path | 206 | .It Xo Ic ls |
207 | .Op Ar flags | ||
208 | .Op Ar path | ||
209 | .Xc | ||
207 | Display remote directory listing of either | 210 | Display remote directory listing of either |
208 | .Ar path | 211 | .Ar path |
209 | or current directory if | 212 | or current directory if |
210 | .Ar path | 213 | .Ar path |
211 | is not specified. | 214 | is not specified. If the |
215 | .Fl l | ||
216 | flag is specified, then display additional details including permissions | ||
217 | and ownership information. | ||
212 | .It Ic lumask Ar umask | 218 | .It Ic lumask Ar umask |
213 | Set local umask to | 219 | Set local umask to |
214 | .Ar umask . | 220 | .Ar umask . |
@@ -24,7 +24,7 @@ | |||
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | 26 | ||
27 | RCSID("$OpenBSD: sftp.c,v 1.30 2002/06/23 09:30:14 deraadt Exp $"); | 27 | RCSID("$OpenBSD: sftp.c,v 1.31 2002/07/25 01:16:59 mouring Exp $"); |
28 | 28 | ||
29 | /* XXX: short-form remote directory listings (like 'ls -C') */ | 29 | /* XXX: short-form remote directory listings (like 'ls -C') */ |
30 | 30 | ||
@@ -122,7 +122,6 @@ main(int argc, char **argv) | |||
122 | __progname = get_progname(argv[0]); | 122 | __progname = get_progname(argv[0]); |
123 | args.list = NULL; | 123 | args.list = NULL; |
124 | addargs(&args, "ssh"); /* overwritten with ssh_program */ | 124 | addargs(&args, "ssh"); /* overwritten with ssh_program */ |
125 | addargs(&args, "-oFallBackToRsh no"); | ||
126 | addargs(&args, "-oForwardX11 no"); | 125 | addargs(&args, "-oForwardX11 no"); |
127 | addargs(&args, "-oForwardAgent no"); | 126 | addargs(&args, "-oForwardAgent no"); |
128 | addargs(&args, "-oClearAllForwardings yes"); | 127 | addargs(&args, "-oClearAllForwardings yes"); |
@@ -35,7 +35,7 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: ssh-add.c,v 1.61 2002/06/19 00:27:55 deraadt Exp $"); | 38 | RCSID("$OpenBSD: ssh-add.c,v 1.63 2002/09/19 15:51:23 markus Exp $"); |
39 | 39 | ||
40 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
41 | 41 | ||
@@ -264,7 +264,7 @@ lock_agent(AuthenticationConnection *ac, int lock) | |||
264 | fprintf(stderr, "Failed to %slock agent.\n", lock ? "" : "un"); | 264 | fprintf(stderr, "Failed to %slock agent.\n", lock ? "" : "un"); |
265 | memset(p1, 0, strlen(p1)); | 265 | memset(p1, 0, strlen(p1)); |
266 | xfree(p1); | 266 | xfree(p1); |
267 | return -1; | 267 | return (ret); |
268 | } | 268 | } |
269 | 269 | ||
270 | static int | 270 | static int |
@@ -290,7 +290,7 @@ usage(void) | |||
290 | fprintf(stderr, " -d Delete identity.\n"); | 290 | fprintf(stderr, " -d Delete identity.\n"); |
291 | fprintf(stderr, " -D Delete all identities.\n"); | 291 | fprintf(stderr, " -D Delete all identities.\n"); |
292 | fprintf(stderr, " -x Lock agent.\n"); | 292 | fprintf(stderr, " -x Lock agent.\n"); |
293 | fprintf(stderr, " -x Unlock agent.\n"); | 293 | fprintf(stderr, " -X Unlock agent.\n"); |
294 | fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); | 294 | fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); |
295 | #ifdef SMARTCARD | 295 | #ifdef SMARTCARD |
296 | fprintf(stderr, " -s reader Add key in smartcard reader.\n"); | 296 | fprintf(stderr, " -s reader Add key in smartcard reader.\n"); |
diff --git a/ssh-agent.c b/ssh-agent.c index ac16bae40..cca720ee2 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -34,8 +34,8 @@ | |||
34 | */ | 34 | */ |
35 | 35 | ||
36 | #include "includes.h" | 36 | #include "includes.h" |
37 | #include "openbsd-compat/fake-queue.h" | 37 | #include "openbsd-compat/sys-queue.h" |
38 | RCSID("$OpenBSD: ssh-agent.c,v 1.97 2002/06/24 14:55:38 markus Exp $"); | 38 | RCSID("$OpenBSD: ssh-agent.c,v 1.105 2002/10/01 20:34:12 markus Exp $"); |
39 | 39 | ||
40 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
41 | #include <openssl/md5.h> | 41 | #include <openssl/md5.h> |
@@ -107,6 +107,17 @@ char *__progname; | |||
107 | #endif | 107 | #endif |
108 | 108 | ||
109 | static void | 109 | static void |
110 | close_socket(SocketEntry *e) | ||
111 | { | ||
112 | close(e->fd); | ||
113 | e->fd = -1; | ||
114 | e->type = AUTH_UNUSED; | ||
115 | buffer_free(&e->input); | ||
116 | buffer_free(&e->output); | ||
117 | buffer_free(&e->request); | ||
118 | } | ||
119 | |||
120 | static void | ||
110 | idtab_init(void) | 121 | idtab_init(void) |
111 | { | 122 | { |
112 | int i; | 123 | int i; |
@@ -617,13 +628,7 @@ process_message(SocketEntry *e) | |||
617 | cp = buffer_ptr(&e->input); | 628 | cp = buffer_ptr(&e->input); |
618 | msg_len = GET_32BIT(cp); | 629 | msg_len = GET_32BIT(cp); |
619 | if (msg_len > 256 * 1024) { | 630 | if (msg_len > 256 * 1024) { |
620 | shutdown(e->fd, SHUT_RDWR); | 631 | close_socket(e); |
621 | close(e->fd); | ||
622 | e->fd = -1; | ||
623 | e->type = AUTH_UNUSED; | ||
624 | buffer_free(&e->input); | ||
625 | buffer_free(&e->output); | ||
626 | buffer_free(&e->request); | ||
627 | return; | 632 | return; |
628 | } | 633 | } |
629 | if (buffer_len(&e->input) < msg_len + 4) | 634 | if (buffer_len(&e->input) < msg_len + 4) |
@@ -805,6 +810,8 @@ after_select(fd_set *readset, fd_set *writeset) | |||
805 | char buf[1024]; | 810 | char buf[1024]; |
806 | int len, sock; | 811 | int len, sock; |
807 | u_int i; | 812 | u_int i; |
813 | uid_t euid; | ||
814 | gid_t egid; | ||
808 | 815 | ||
809 | for (i = 0; i < sockets_alloc; i++) | 816 | for (i = 0; i < sockets_alloc; i++) |
810 | switch (sockets[i].type) { | 817 | switch (sockets[i].type) { |
@@ -820,6 +827,19 @@ after_select(fd_set *readset, fd_set *writeset) | |||
820 | strerror(errno)); | 827 | strerror(errno)); |
821 | break; | 828 | break; |
822 | } | 829 | } |
830 | if (getpeereid(sock, &euid, &egid) < 0) { | ||
831 | error("getpeereid %d failed: %s", | ||
832 | sock, strerror(errno)); | ||
833 | close(sock); | ||
834 | break; | ||
835 | } | ||
836 | if ((euid != 0) && (getuid() != euid)) { | ||
837 | error("uid mismatch: " | ||
838 | "peer euid %u != uid %u", | ||
839 | (u_int) euid, (u_int) getuid()); | ||
840 | close(sock); | ||
841 | break; | ||
842 | } | ||
823 | new_socket(AUTH_CONNECTION, sock); | 843 | new_socket(AUTH_CONNECTION, sock); |
824 | } | 844 | } |
825 | break; | 845 | break; |
@@ -836,13 +856,7 @@ after_select(fd_set *readset, fd_set *writeset) | |||
836 | break; | 856 | break; |
837 | } while (1); | 857 | } while (1); |
838 | if (len <= 0) { | 858 | if (len <= 0) { |
839 | shutdown(sockets[i].fd, SHUT_RDWR); | 859 | close_socket(&sockets[i]); |
840 | close(sockets[i].fd); | ||
841 | sockets[i].fd = -1; | ||
842 | sockets[i].type = AUTH_UNUSED; | ||
843 | buffer_free(&sockets[i].input); | ||
844 | buffer_free(&sockets[i].output); | ||
845 | buffer_free(&sockets[i].request); | ||
846 | break; | 860 | break; |
847 | } | 861 | } |
848 | buffer_consume(&sockets[i].output, len); | 862 | buffer_consume(&sockets[i].output, len); |
@@ -856,13 +870,7 @@ after_select(fd_set *readset, fd_set *writeset) | |||
856 | break; | 870 | break; |
857 | } while (1); | 871 | } while (1); |
858 | if (len <= 0) { | 872 | if (len <= 0) { |
859 | shutdown(sockets[i].fd, SHUT_RDWR); | 873 | close_socket(&sockets[i]); |
860 | close(sockets[i].fd); | ||
861 | sockets[i].fd = -1; | ||
862 | sockets[i].type = AUTH_UNUSED; | ||
863 | buffer_free(&sockets[i].input); | ||
864 | buffer_free(&sockets[i].output); | ||
865 | buffer_free(&sockets[i].request); | ||
866 | break; | 874 | break; |
867 | } | 875 | } |
868 | buffer_append(&sockets[i].input, buf, len); | 876 | buffer_append(&sockets[i].input, buf, len); |
@@ -943,6 +951,10 @@ main(int ac, char **av) | |||
943 | pid_t pid; | 951 | pid_t pid; |
944 | char pidstrbuf[1 + 3 * sizeof pid]; | 952 | char pidstrbuf[1 + 3 * sizeof pid]; |
945 | 953 | ||
954 | /* drop */ | ||
955 | setegid(getgid()); | ||
956 | setgid(getgid()); | ||
957 | |||
946 | SSLeay_add_all_algorithms(); | 958 | SSLeay_add_all_algorithms(); |
947 | 959 | ||
948 | __progname = get_progname(av[0]); | 960 | __progname = get_progname(av[0]); |
@@ -1052,7 +1064,7 @@ main(int ac, char **av) | |||
1052 | #ifdef HAVE_CYGWIN | 1064 | #ifdef HAVE_CYGWIN |
1053 | umask(prev_mask); | 1065 | umask(prev_mask); |
1054 | #endif | 1066 | #endif |
1055 | if (listen(sock, 5) < 0) { | 1067 | if (listen(sock, 128) < 0) { |
1056 | perror("listen"); | 1068 | perror("listen"); |
1057 | cleanup_exit(1); | 1069 | cleanup_exit(1); |
1058 | } | 1070 | } |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: ssh-dss.c,v 1.15 2002/06/23 03:30:17 deraadt Exp $"); | 26 | RCSID("$OpenBSD: ssh-dss.c,v 1.17 2002/07/04 10:41:47 markus Exp $"); |
27 | 27 | ||
28 | #include <openssl/bn.h> | 28 | #include <openssl/bn.h> |
29 | #include <openssl/evp.h> | 29 | #include <openssl/evp.h> |
@@ -46,7 +46,7 @@ ssh_dss_sign(Key *key, u_char **sigp, u_int *lenp, | |||
46 | DSA_SIG *sig; | 46 | DSA_SIG *sig; |
47 | const EVP_MD *evp_md = EVP_sha1(); | 47 | const EVP_MD *evp_md = EVP_sha1(); |
48 | EVP_MD_CTX md; | 48 | EVP_MD_CTX md; |
49 | u_char *ret, digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN]; | 49 | u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN]; |
50 | u_int rlen, slen, len, dlen; | 50 | u_int rlen, slen, len, dlen; |
51 | Buffer b; | 51 | Buffer b; |
52 | 52 | ||
@@ -79,25 +79,25 @@ ssh_dss_sign(Key *key, u_char **sigp, u_int *lenp, | |||
79 | DSA_SIG_free(sig); | 79 | DSA_SIG_free(sig); |
80 | 80 | ||
81 | if (datafellows & SSH_BUG_SIGBLOB) { | 81 | if (datafellows & SSH_BUG_SIGBLOB) { |
82 | ret = xmalloc(SIGBLOB_LEN); | ||
83 | memcpy(ret, sigblob, SIGBLOB_LEN); | ||
84 | if (lenp != NULL) | 82 | if (lenp != NULL) |
85 | *lenp = SIGBLOB_LEN; | 83 | *lenp = SIGBLOB_LEN; |
86 | if (sigp != NULL) | 84 | if (sigp != NULL) { |
87 | *sigp = ret; | 85 | *sigp = xmalloc(SIGBLOB_LEN); |
86 | memcpy(*sigp, sigblob, SIGBLOB_LEN); | ||
87 | } | ||
88 | } else { | 88 | } else { |
89 | /* ietf-drafts */ | 89 | /* ietf-drafts */ |
90 | buffer_init(&b); | 90 | buffer_init(&b); |
91 | buffer_put_cstring(&b, "ssh-dss"); | 91 | buffer_put_cstring(&b, "ssh-dss"); |
92 | buffer_put_string(&b, sigblob, SIGBLOB_LEN); | 92 | buffer_put_string(&b, sigblob, SIGBLOB_LEN); |
93 | len = buffer_len(&b); | 93 | len = buffer_len(&b); |
94 | ret = xmalloc(len); | ||
95 | memcpy(ret, buffer_ptr(&b), len); | ||
96 | buffer_free(&b); | ||
97 | if (lenp != NULL) | 94 | if (lenp != NULL) |
98 | *lenp = len; | 95 | *lenp = len; |
99 | if (sigp != NULL) | 96 | if (sigp != NULL) { |
100 | *sigp = ret; | 97 | *sigp = xmalloc(len); |
98 | memcpy(*sigp, buffer_ptr(&b), len); | ||
99 | } | ||
100 | buffer_free(&b); | ||
101 | } | 101 | } |
102 | return 0; | 102 | return 0; |
103 | } | 103 | } |
diff --git a/ssh-keygen.c b/ssh-keygen.c index 4273c1132..3478e3723 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -761,6 +761,8 @@ main(int ac, char **av) | |||
761 | __progname = get_progname(av[0]); | 761 | __progname = get_progname(av[0]); |
762 | 762 | ||
763 | SSLeay_add_all_algorithms(); | 763 | SSLeay_add_all_algorithms(); |
764 | init_rng(); | ||
765 | seed_rng(); | ||
764 | 766 | ||
765 | /* we need this for the home * directory. */ | 767 | /* we need this for the home * directory. */ |
766 | pw = getpwuid(getuid()); | 768 | pw = getpwuid(getuid()); |
@@ -855,10 +857,12 @@ main(int ac, char **av) | |||
855 | do_fingerprint(pw); | 857 | do_fingerprint(pw); |
856 | if (change_passphrase) | 858 | if (change_passphrase) |
857 | do_change_passphrase(pw); | 859 | do_change_passphrase(pw); |
858 | if (convert_to_ssh2) | ||
859 | do_convert_to_ssh2(pw); | ||
860 | if (change_comment) | 860 | if (change_comment) |
861 | do_change_comment(pw); | 861 | do_change_comment(pw); |
862 | if (convert_to_ssh2) | ||
863 | do_convert_to_ssh2(pw); | ||
864 | if (convert_from_ssh2) | ||
865 | do_convert_from_ssh2(pw); | ||
862 | if (print_public) | 866 | if (print_public) |
863 | do_print_public(pw); | 867 | do_print_public(pw); |
864 | if (reader_id != NULL) { | 868 | if (reader_id != NULL) { |
@@ -872,13 +876,8 @@ main(int ac, char **av) | |||
872 | #endif /* SMARTCARD */ | 876 | #endif /* SMARTCARD */ |
873 | } | 877 | } |
874 | 878 | ||
875 | init_rng(); | ||
876 | seed_rng(); | ||
877 | arc4random_stir(); | 879 | arc4random_stir(); |
878 | 880 | ||
879 | if (convert_from_ssh2) | ||
880 | do_convert_from_ssh2(pw); | ||
881 | |||
882 | if (key_type_name == NULL) { | 881 | if (key_type_name == NULL) { |
883 | printf("You must specify a key type (-t).\n"); | 882 | printf("You must specify a key type (-t).\n"); |
884 | usage(); | 883 | usage(); |
diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 1fd011282..788953705 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c | |||
@@ -7,9 +7,9 @@ | |||
7 | */ | 7 | */ |
8 | 8 | ||
9 | #include "includes.h" | 9 | #include "includes.h" |
10 | RCSID("$OpenBSD: ssh-keyscan.c,v 1.36 2002/06/16 21:30:58 itojun Exp $"); | 10 | RCSID("$OpenBSD: ssh-keyscan.c,v 1.40 2002/07/06 17:47:58 stevesk Exp $"); |
11 | 11 | ||
12 | #include "openbsd-compat/fake-queue.h" | 12 | #include "openbsd-compat/sys-queue.h" |
13 | 13 | ||
14 | #include <openssl/bn.h> | 14 | #include <openssl/bn.h> |
15 | 15 | ||
@@ -116,7 +116,8 @@ Linebuf_alloc(const char *filename, void (*errfun) (const char *,...)) | |||
116 | 116 | ||
117 | if (!(lb = malloc(sizeof(*lb)))) { | 117 | if (!(lb = malloc(sizeof(*lb)))) { |
118 | if (errfun) | 118 | if (errfun) |
119 | (*errfun) ("linebuf (%s): malloc failed\n", lb->filename); | 119 | (*errfun) ("linebuf (%s): malloc failed\n", |
120 | filename ? filename : "(stdin)"); | ||
120 | return (NULL); | 121 | return (NULL); |
121 | } | 122 | } |
122 | if (filename) { | 123 | if (filename) { |
@@ -171,13 +172,14 @@ static char * | |||
171 | Linebuf_getline(Linebuf * lb) | 172 | Linebuf_getline(Linebuf * lb) |
172 | { | 173 | { |
173 | int n = 0; | 174 | int n = 0; |
175 | void *p; | ||
174 | 176 | ||
175 | lb->lineno++; | 177 | lb->lineno++; |
176 | for (;;) { | 178 | for (;;) { |
177 | /* Read a line */ | 179 | /* Read a line */ |
178 | if (!fgets(&lb->buf[n], lb->size - n, lb->stream)) { | 180 | if (!fgets(&lb->buf[n], lb->size - n, lb->stream)) { |
179 | if (ferror(lb->stream) && lb->errfun) | 181 | if (ferror(lb->stream) && lb->errfun) |
180 | (*lb->errfun) ("%s: %s\n", lb->filename, | 182 | (*lb->errfun)("%s: %s\n", lb->filename, |
181 | strerror(errno)); | 183 | strerror(errno)); |
182 | return (NULL); | 184 | return (NULL); |
183 | } | 185 | } |
@@ -190,17 +192,20 @@ Linebuf_getline(Linebuf * lb) | |||
190 | } | 192 | } |
191 | if (n != lb->size - 1) { | 193 | if (n != lb->size - 1) { |
192 | if (lb->errfun) | 194 | if (lb->errfun) |
193 | (*lb->errfun) ("%s: skipping incomplete last line\n", | 195 | (*lb->errfun)("%s: skipping incomplete last line\n", |
194 | lb->filename); | 196 | lb->filename); |
195 | return (NULL); | 197 | return (NULL); |
196 | } | 198 | } |
197 | /* Double the buffer if we need more space */ | 199 | /* Double the buffer if we need more space */ |
198 | if (!(lb->buf = realloc(lb->buf, (lb->size *= 2)))) { | 200 | lb->size *= 2; |
201 | if ((p = realloc(lb->buf, lb->size)) == NULL) { | ||
202 | lb->size /= 2; | ||
199 | if (lb->errfun) | 203 | if (lb->errfun) |
200 | (*lb->errfun) ("linebuf (%s): realloc failed\n", | 204 | (*lb->errfun)("linebuf (%s): realloc failed\n", |
201 | lb->filename); | 205 | lb->filename); |
202 | return (NULL); | 206 | return (NULL); |
203 | } | 207 | } |
208 | lb->buf = p; | ||
204 | } | 209 | } |
205 | } | 210 | } |
206 | 211 | ||
@@ -229,6 +234,7 @@ fdlim_set(int lim) | |||
229 | #if defined(HAVE_SETRLIMIT) && defined(RLIMIT_NOFILE) | 234 | #if defined(HAVE_SETRLIMIT) && defined(RLIMIT_NOFILE) |
230 | struct rlimit rlfd; | 235 | struct rlimit rlfd; |
231 | #endif | 236 | #endif |
237 | |||
232 | if (lim <= 0) | 238 | if (lim <= 0) |
233 | return (-1); | 239 | return (-1); |
234 | #if defined(HAVE_SETRLIMIT) && defined(RLIMIT_NOFILE) | 240 | #if defined(HAVE_SETRLIMIT) && defined(RLIMIT_NOFILE) |
@@ -411,8 +417,8 @@ tcpconnect(char *host) | |||
411 | static int | 417 | static int |
412 | conalloc(char *iname, char *oname, int keytype) | 418 | conalloc(char *iname, char *oname, int keytype) |
413 | { | 419 | { |
414 | int s; | ||
415 | char *namebase, *name, *namelist; | 420 | char *namebase, *name, *namelist; |
421 | int s; | ||
416 | 422 | ||
417 | namebase = namelist = xstrdup(iname); | 423 | namebase = namelist = xstrdup(iname); |
418 | 424 | ||
@@ -476,8 +482,8 @@ contouch(int s) | |||
476 | static int | 482 | static int |
477 | conrecycle(int s) | 483 | conrecycle(int s) |
478 | { | 484 | { |
479 | int ret; | ||
480 | con *c = &fdcon[s]; | 485 | con *c = &fdcon[s]; |
486 | int ret; | ||
481 | 487 | ||
482 | ret = conalloc(c->c_namelist, c->c_output_name, c->c_keytype); | 488 | ret = conalloc(c->c_namelist, c->c_output_name, c->c_keytype); |
483 | confree(s); | 489 | confree(s); |
@@ -487,10 +493,10 @@ conrecycle(int s) | |||
487 | static void | 493 | static void |
488 | congreet(int s) | 494 | congreet(int s) |
489 | { | 495 | { |
496 | int remote_major, remote_minor, n = 0; | ||
490 | char buf[256], *cp; | 497 | char buf[256], *cp; |
491 | char remote_version[sizeof buf]; | 498 | char remote_version[sizeof buf]; |
492 | size_t bufsiz; | 499 | size_t bufsiz; |
493 | int remote_major, remote_minor, n = 0; | ||
494 | con *c = &fdcon[s]; | 500 | con *c = &fdcon[s]; |
495 | 501 | ||
496 | bufsiz = sizeof(buf); | 502 | bufsiz = sizeof(buf); |
@@ -554,8 +560,8 @@ congreet(int s) | |||
554 | static void | 560 | static void |
555 | conread(int s) | 561 | conread(int s) |
556 | { | 562 | { |
557 | int n; | ||
558 | con *c = &fdcon[s]; | 563 | con *c = &fdcon[s]; |
564 | int n; | ||
559 | 565 | ||
560 | if (c->c_status == CS_CON) { | 566 | if (c->c_status == CS_CON) { |
561 | congreet(s); | 567 | congreet(s); |
@@ -594,10 +600,10 @@ conread(int s) | |||
594 | static void | 600 | static void |
595 | conloop(void) | 601 | conloop(void) |
596 | { | 602 | { |
597 | fd_set *r, *e; | ||
598 | struct timeval seltime, now; | 603 | struct timeval seltime, now; |
599 | int i; | 604 | fd_set *r, *e; |
600 | con *c; | 605 | con *c; |
606 | int i; | ||
601 | 607 | ||
602 | gettimeofday(&now, NULL); | 608 | gettimeofday(&now, NULL); |
603 | c = TAILQ_FIRST(&tq); | 609 | c = TAILQ_FIRST(&tq); |
@@ -664,6 +670,7 @@ void | |||
664 | fatal(const char *fmt,...) | 670 | fatal(const char *fmt,...) |
665 | { | 671 | { |
666 | va_list args; | 672 | va_list args; |
673 | |||
667 | va_start(args, fmt); | 674 | va_start(args, fmt); |
668 | do_log(SYSLOG_LEVEL_FATAL, fmt, args); | 675 | do_log(SYSLOG_LEVEL_FATAL, fmt, args); |
669 | va_end(args); | 676 | va_end(args); |
@@ -676,16 +683,9 @@ fatal(const char *fmt,...) | |||
676 | static void | 683 | static void |
677 | usage(void) | 684 | usage(void) |
678 | { | 685 | { |
679 | fprintf(stderr, "Usage: %s [options] host ...\n", | 686 | fprintf(stderr, "usage: %s [-v46] [-p port] [-T timeout] [-f file]\n" |
687 | "\t\t [host | addrlist namelist] [...]\n", | ||
680 | __progname); | 688 | __progname); |
681 | fprintf(stderr, "Options:\n"); | ||
682 | fprintf(stderr, " -f file Read hosts or addresses from file.\n"); | ||
683 | fprintf(stderr, " -p port Connect to the specified port.\n"); | ||
684 | fprintf(stderr, " -t keytype Specify the host key type.\n"); | ||
685 | fprintf(stderr, " -T timeout Set connection timeout.\n"); | ||
686 | fprintf(stderr, " -v Verbose; display verbose debugging messages.\n"); | ||
687 | fprintf(stderr, " -4 Use IPv4 only.\n"); | ||
688 | fprintf(stderr, " -6 Use IPv6 only.\n"); | ||
689 | exit(1); | 689 | exit(1); |
690 | } | 690 | } |
691 | 691 | ||
@@ -717,9 +717,11 @@ main(int argc, char **argv) | |||
717 | } | 717 | } |
718 | break; | 718 | break; |
719 | case 'T': | 719 | case 'T': |
720 | timeout = atoi(optarg); | 720 | timeout = convtime(optarg); |
721 | if (timeout <= 0) | 721 | if (timeout == -1 || timeout == 0) { |
722 | fprintf(stderr, "Bad timeout '%s'\n", optarg); | ||
722 | usage(); | 723 | usage(); |
724 | } | ||
723 | break; | 725 | break; |
724 | case 'v': | 726 | case 'v': |
725 | if (!debug_flag) { | 727 | if (!debug_flag) { |
diff --git a/ssh-keysign.0 b/ssh-keysign.0 index d6a59c068..b5ad6627a 100644 --- a/ssh-keysign.0 +++ b/ssh-keysign.0 | |||
@@ -9,11 +9,20 @@ SYNOPSIS | |||
9 | DESCRIPTION | 9 | DESCRIPTION |
10 | ssh-keysign is used by ssh(1) to access the local host keys and generate | 10 | ssh-keysign is used by ssh(1) to access the local host keys and generate |
11 | the digital signature required during hostbased authentication with SSH | 11 | the digital signature required during hostbased authentication with SSH |
12 | protocol version 2. ssh-keysign is not intended to be invoked by the | 12 | protocol version 2. |
13 | user, but from ssh(1). See ssh(1) and sshd(8) for more information about | 13 | |
14 | hostbased authentication. | 14 | ssh-keysign is disabled by default and can only be enabled in the the |
15 | global client configuration file /etc/ssh/ssh_config by setting | ||
16 | HostbasedAuthentication to ``yes''. | ||
17 | |||
18 | ssh-keysign is not intended to be invoked by the user, but from ssh(1). | ||
19 | See ssh(1) and sshd(8) for more information about hostbased authenticaM-- | ||
20 | tion. | ||
15 | 21 | ||
16 | FILES | 22 | FILES |
23 | /etc/ssh/ssh_config | ||
24 | Controls whether ssh-keysign is enabled. | ||
25 | |||
17 | /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key | 26 | /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key |
18 | These files contain the private parts of the host keys used to | 27 | These files contain the private parts of the host keys used to |
19 | generate the digital signature. They should be owned by root, | 28 | generate the digital signature. They should be owned by root, |
@@ -22,7 +31,7 @@ FILES | |||
22 | hostbased authentication is used. | 31 | hostbased authentication is used. |
23 | 32 | ||
24 | SEE ALSO | 33 | SEE ALSO |
25 | ssh(1), ssh-keygen(1), sshd(8) | 34 | ssh(1), ssh-keygen(1), ssh_config(5), sshd(8) |
26 | 35 | ||
27 | AUTHORS | 36 | AUTHORS |
28 | Markus Friedl <markus@openbsd.org> | 37 | Markus Friedl <markus@openbsd.org> |
diff --git a/ssh-keysign.8 b/ssh-keysign.8 index ab2cf21ba..cea4a8244 100644 --- a/ssh-keysign.8 +++ b/ssh-keysign.8 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keysign.8,v 1.2 2002/06/10 16:56:30 stevesk Exp $ | 1 | .\" $OpenBSD: ssh-keysign.8,v 1.3 2002/07/03 14:21:05 markus Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright (c) 2002 Markus Friedl. All rights reserved. | 3 | .\" Copyright (c) 2002 Markus Friedl. All rights reserved. |
4 | .\" | 4 | .\" |
@@ -36,6 +36,16 @@ is used by | |||
36 | .Xr ssh 1 | 36 | .Xr ssh 1 |
37 | to access the local host keys and generate the digital signature | 37 | to access the local host keys and generate the digital signature |
38 | required during hostbased authentication with SSH protocol version 2. | 38 | required during hostbased authentication with SSH protocol version 2. |
39 | .Pp | ||
40 | .Nm | ||
41 | is disabled by default and can only be enabled in the | ||
42 | the global client configuration file | ||
43 | .Pa /etc/ssh/ssh_config | ||
44 | by setting | ||
45 | .Cm HostbasedAuthentication | ||
46 | to | ||
47 | .Dq yes . | ||
48 | .Pp | ||
39 | .Nm | 49 | .Nm |
40 | is not intended to be invoked by the user, but from | 50 | is not intended to be invoked by the user, but from |
41 | .Xr ssh 1 . | 51 | .Xr ssh 1 . |
@@ -46,6 +56,10 @@ and | |||
46 | for more information about hostbased authentication. | 56 | for more information about hostbased authentication. |
47 | .Sh FILES | 57 | .Sh FILES |
48 | .Bl -tag -width Ds | 58 | .Bl -tag -width Ds |
59 | .It Pa /etc/ssh/ssh_config | ||
60 | Controls whether | ||
61 | .Nm | ||
62 | is enabled. | ||
49 | .It Pa /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key | 63 | .It Pa /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key |
50 | These files contain the private parts of the host keys used to | 64 | These files contain the private parts of the host keys used to |
51 | generate the digital signature. They | 65 | generate the digital signature. They |
@@ -58,6 +72,7 @@ must be set-uid root if hostbased authentication is used. | |||
58 | .Sh SEE ALSO | 72 | .Sh SEE ALSO |
59 | .Xr ssh 1 , | 73 | .Xr ssh 1 , |
60 | .Xr ssh-keygen 1 , | 74 | .Xr ssh-keygen 1 , |
75 | .Xr ssh_config 5 , | ||
61 | .Xr sshd 8 | 76 | .Xr sshd 8 |
62 | .Sh AUTHORS | 77 | .Sh AUTHORS |
63 | Markus Friedl <markus@openbsd.org> | 78 | Markus Friedl <markus@openbsd.org> |
diff --git a/ssh-keysign.c b/ssh-keysign.c index fffa7bbdc..79aee17c0 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c | |||
@@ -22,12 +22,15 @@ | |||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
23 | */ | 23 | */ |
24 | #include "includes.h" | 24 | #include "includes.h" |
25 | RCSID("$OpenBSD: ssh-keysign.c,v 1.4 2002/06/19 00:27:55 deraadt Exp $"); | 25 | RCSID("$OpenBSD: ssh-keysign.c,v 1.7 2002/07/03 14:21:05 markus Exp $"); |
26 | 26 | ||
27 | #include <openssl/evp.h> | 27 | #include <openssl/evp.h> |
28 | #include <openssl/rand.h> | ||
29 | #include <openssl/rsa.h> | ||
28 | 30 | ||
29 | #include "log.h" | 31 | #include "log.h" |
30 | #include "key.h" | 32 | #include "key.h" |
33 | #include "ssh.h" | ||
31 | #include "ssh2.h" | 34 | #include "ssh2.h" |
32 | #include "misc.h" | 35 | #include "misc.h" |
33 | #include "xmalloc.h" | 36 | #include "xmalloc.h" |
@@ -37,6 +40,9 @@ RCSID("$OpenBSD: ssh-keysign.c,v 1.4 2002/06/19 00:27:55 deraadt Exp $"); | |||
37 | #include "msg.h" | 40 | #include "msg.h" |
38 | #include "canohost.h" | 41 | #include "canohost.h" |
39 | #include "pathnames.h" | 42 | #include "pathnames.h" |
43 | #include "readconf.h" | ||
44 | |||
45 | uid_t original_real_uid; /* XXX readconf.c needs this */ | ||
40 | 46 | ||
41 | #ifdef HAVE___PROGNAME | 47 | #ifdef HAVE___PROGNAME |
42 | extern char *__progname; | 48 | extern char *__progname; |
@@ -134,12 +140,14 @@ int | |||
134 | main(int argc, char **argv) | 140 | main(int argc, char **argv) |
135 | { | 141 | { |
136 | Buffer b; | 142 | Buffer b; |
143 | Options options; | ||
137 | Key *keys[2], *key; | 144 | Key *keys[2], *key; |
138 | struct passwd *pw; | 145 | struct passwd *pw; |
139 | int key_fd[2], i, found, version = 2, fd; | 146 | int key_fd[2], i, found, version = 2, fd; |
140 | u_char *signature, *data; | 147 | u_char *signature, *data; |
141 | char *host; | 148 | char *host; |
142 | u_int slen, dlen; | 149 | u_int slen, dlen; |
150 | u_int32_t rnd[256]; | ||
143 | 151 | ||
144 | key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); | 152 | key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); |
145 | key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); | 153 | key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); |
@@ -155,6 +163,15 @@ main(int argc, char **argv) | |||
155 | log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0); | 163 | log_init("ssh-keysign", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 0); |
156 | #endif | 164 | #endif |
157 | 165 | ||
166 | /* verify that ssh-keysign is enabled by the admin */ | ||
167 | original_real_uid = getuid(); /* XXX readconf.c needs this */ | ||
168 | initialize_options(&options); | ||
169 | (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options); | ||
170 | fill_default_options(&options); | ||
171 | if (options.hostbased_authentication != 1) | ||
172 | fatal("Hostbased authentication not enabled in %s", | ||
173 | _PATH_HOST_CONFIG_FILE); | ||
174 | |||
158 | if (key_fd[0] == -1 && key_fd[1] == -1) | 175 | if (key_fd[0] == -1 && key_fd[1] == -1) |
159 | fatal("could not open any host key"); | 176 | fatal("could not open any host key"); |
160 | 177 | ||
@@ -163,6 +180,9 @@ main(int argc, char **argv) | |||
163 | pw = pwcopy(pw); | 180 | pw = pwcopy(pw); |
164 | 181 | ||
165 | SSLeay_add_all_algorithms(); | 182 | SSLeay_add_all_algorithms(); |
183 | for (i = 0; i < 256; i++) | ||
184 | rnd[i] = arc4random(); | ||
185 | RAND_seed(rnd, sizeof(rnd)); | ||
166 | 186 | ||
167 | found = 0; | 187 | found = 0; |
168 | for (i = 0; i < 2; i++) { | 188 | for (i = 0; i < 2; i++) { |
@@ -172,6 +192,13 @@ main(int argc, char **argv) | |||
172 | keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC, | 192 | keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC, |
173 | NULL, NULL); | 193 | NULL, NULL); |
174 | close(key_fd[i]); | 194 | close(key_fd[i]); |
195 | if (keys[i] != NULL && keys[i]->type == KEY_RSA) { | ||
196 | if (RSA_blinding_on(keys[i]->rsa, NULL) != 1) { | ||
197 | error("RSA_blinding_on failed"); | ||
198 | key_free(keys[i]); | ||
199 | keys[i] = NULL; | ||
200 | } | ||
201 | } | ||
175 | if (keys[i] != NULL) | 202 | if (keys[i] != NULL) |
176 | found = 1; | 203 | found = 1; |
177 | } | 204 | } |
@@ -179,8 +206,8 @@ main(int argc, char **argv) | |||
179 | fatal("no hostkey found"); | 206 | fatal("no hostkey found"); |
180 | 207 | ||
181 | buffer_init(&b); | 208 | buffer_init(&b); |
182 | if (msg_recv(STDIN_FILENO, &b) < 0) | 209 | if (ssh_msg_recv(STDIN_FILENO, &b) < 0) |
183 | fatal("msg_recv failed"); | 210 | fatal("ssh_msg_recv failed"); |
184 | if (buffer_get_char(&b) != version) | 211 | if (buffer_get_char(&b) != version) |
185 | fatal("bad version"); | 212 | fatal("bad version"); |
186 | fd = buffer_get_int(&b); | 213 | fd = buffer_get_int(&b); |
@@ -212,7 +239,7 @@ main(int argc, char **argv) | |||
212 | /* send reply */ | 239 | /* send reply */ |
213 | buffer_clear(&b); | 240 | buffer_clear(&b); |
214 | buffer_put_string(&b, signature, slen); | 241 | buffer_put_string(&b, signature, slen); |
215 | msg_send(STDOUT_FILENO, version, &b); | 242 | ssh_msg_send(STDOUT_FILENO, version, &b); |
216 | 243 | ||
217 | return (0); | 244 | return (0); |
218 | } | 245 | } |
diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index 364d5d270..e6c52b546 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c | |||
@@ -39,7 +39,7 @@ | |||
39 | #include "pathnames.h" | 39 | #include "pathnames.h" |
40 | #include "log.h" | 40 | #include "log.h" |
41 | 41 | ||
42 | RCSID("$Id: ssh-rand-helper.c,v 1.7 2002/06/09 19:41:49 mouring Exp $"); | 42 | RCSID("$Id: ssh-rand-helper.c,v 1.8 2002/07/28 20:42:24 stevesk Exp $"); |
43 | 43 | ||
44 | /* Number of bytes we write out */ | 44 | /* Number of bytes we write out */ |
45 | #define OUTPUT_SEED_SIZE 48 | 45 | #define OUTPUT_SEED_SIZE 48 |
@@ -63,7 +63,6 @@ RCSID("$Id: ssh-rand-helper.c,v 1.7 2002/06/09 19:41:49 mouring Exp $"); | |||
63 | # define SSH_PRNG_COMMAND_FILE SSHDIR "/ssh_prng_cmds" | 63 | # define SSH_PRNG_COMMAND_FILE SSHDIR "/ssh_prng_cmds" |
64 | #endif | 64 | #endif |
65 | 65 | ||
66 | |||
67 | #ifdef HAVE___PROGNAME | 66 | #ifdef HAVE___PROGNAME |
68 | extern char *__progname; | 67 | extern char *__progname; |
69 | #else | 68 | #else |
@@ -115,7 +114,7 @@ double stir_from_programs(void); | |||
115 | double stir_gettimeofday(double entropy_estimate); | 114 | double stir_gettimeofday(double entropy_estimate); |
116 | double stir_clock(double entropy_estimate); | 115 | double stir_clock(double entropy_estimate); |
117 | double stir_rusage(int who, double entropy_estimate); | 116 | double stir_rusage(int who, double entropy_estimate); |
118 | double hash_command_output(entropy_cmd_t *src, char *hash); | 117 | double hash_command_output(entropy_cmd_t *src, unsigned char *hash); |
119 | int get_random_bytes_prngd(unsigned char *buf, int len, | 118 | int get_random_bytes_prngd(unsigned char *buf, int len, |
120 | unsigned short tcp_port, char *socket_path); | 119 | unsigned short tcp_port, char *socket_path); |
121 | 120 | ||
@@ -274,7 +273,7 @@ timeval_diff(struct timeval *t1, struct timeval *t2) | |||
274 | } | 273 | } |
275 | 274 | ||
276 | double | 275 | double |
277 | hash_command_output(entropy_cmd_t *src, char *hash) | 276 | hash_command_output(entropy_cmd_t *src, unsigned char *hash) |
278 | { | 277 | { |
279 | char buf[8192]; | 278 | char buf[8192]; |
280 | fd_set rdset; | 279 | fd_set rdset; |
@@ -460,7 +459,7 @@ stir_from_programs(void) | |||
460 | { | 459 | { |
461 | int c; | 460 | int c; |
462 | double entropy, total_entropy; | 461 | double entropy, total_entropy; |
463 | char hash[SHA_DIGEST_LENGTH]; | 462 | unsigned char hash[SHA_DIGEST_LENGTH]; |
464 | 463 | ||
465 | total_entropy = 0; | 464 | total_entropy = 0; |
466 | for(c = 0; entropy_cmds[c].path != NULL; c++) { | 465 | for(c = 0; entropy_cmds[c].path != NULL; c++) { |
@@ -543,7 +542,8 @@ void | |||
543 | prng_write_seedfile(void) | 542 | prng_write_seedfile(void) |
544 | { | 543 | { |
545 | int fd; | 544 | int fd; |
546 | char seed[SEED_FILE_SIZE], filename[MAXPATHLEN]; | 545 | unsigned char seed[SEED_FILE_SIZE]; |
546 | char filename[MAXPATHLEN]; | ||
547 | struct passwd *pw; | 547 | struct passwd *pw; |
548 | 548 | ||
549 | pw = getpwuid(getuid()); | 549 | pw = getpwuid(getuid()); |
@@ -862,4 +862,3 @@ main(int argc, char **argv) | |||
862 | 862 | ||
863 | return ret == bytes ? 0 : 1; | 863 | return ret == bytes ? 0 : 1; |
864 | } | 864 | } |
865 | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: ssh-rsa.c,v 1.21 2002/06/23 03:30:17 deraadt Exp $"); | 26 | RCSID("$OpenBSD: ssh-rsa.c,v 1.26 2002/08/27 17:13:56 stevesk Exp $"); |
27 | 27 | ||
28 | #include <openssl/evp.h> | 28 | #include <openssl/evp.h> |
29 | #include <openssl/err.h> | 29 | #include <openssl/err.h> |
@@ -37,6 +37,8 @@ RCSID("$OpenBSD: ssh-rsa.c,v 1.21 2002/06/23 03:30:17 deraadt Exp $"); | |||
37 | #include "compat.h" | 37 | #include "compat.h" |
38 | #include "ssh.h" | 38 | #include "ssh.h" |
39 | 39 | ||
40 | static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int , RSA *); | ||
41 | |||
40 | /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ | 42 | /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ |
41 | int | 43 | int |
42 | ssh_rsa_sign(Key *key, u_char **sigp, u_int *lenp, | 44 | ssh_rsa_sign(Key *key, u_char **sigp, u_int *lenp, |
@@ -44,7 +46,7 @@ ssh_rsa_sign(Key *key, u_char **sigp, u_int *lenp, | |||
44 | { | 46 | { |
45 | const EVP_MD *evp_md; | 47 | const EVP_MD *evp_md; |
46 | EVP_MD_CTX md; | 48 | EVP_MD_CTX md; |
47 | u_char digest[EVP_MAX_MD_SIZE], *sig, *ret; | 49 | u_char digest[EVP_MAX_MD_SIZE], *sig; |
48 | u_int slen, dlen, len; | 50 | u_int slen, dlen, len; |
49 | int ok, nid; | 51 | int ok, nid; |
50 | Buffer b; | 52 | Buffer b; |
@@ -76,7 +78,7 @@ ssh_rsa_sign(Key *key, u_char **sigp, u_int *lenp, | |||
76 | return -1; | 78 | return -1; |
77 | } | 79 | } |
78 | if (len < slen) { | 80 | if (len < slen) { |
79 | int diff = slen - len; | 81 | u_int diff = slen - len; |
80 | debug("slen %u > len %u", slen, len); | 82 | debug("slen %u > len %u", slen, len); |
81 | memmove(sig + diff, sig, len); | 83 | memmove(sig + diff, sig, len); |
82 | memset(sig, 0, diff); | 84 | memset(sig, 0, diff); |
@@ -90,16 +92,16 @@ ssh_rsa_sign(Key *key, u_char **sigp, u_int *lenp, | |||
90 | buffer_put_cstring(&b, "ssh-rsa"); | 92 | buffer_put_cstring(&b, "ssh-rsa"); |
91 | buffer_put_string(&b, sig, slen); | 93 | buffer_put_string(&b, sig, slen); |
92 | len = buffer_len(&b); | 94 | len = buffer_len(&b); |
93 | ret = xmalloc(len); | 95 | if (lenp != NULL) |
94 | memcpy(ret, buffer_ptr(&b), len); | 96 | *lenp = len; |
97 | if (sigp != NULL) { | ||
98 | *sigp = xmalloc(len); | ||
99 | memcpy(*sigp, buffer_ptr(&b), len); | ||
100 | } | ||
95 | buffer_free(&b); | 101 | buffer_free(&b); |
96 | memset(sig, 's', slen); | 102 | memset(sig, 's', slen); |
97 | xfree(sig); | 103 | xfree(sig); |
98 | 104 | ||
99 | if (lenp != NULL) | ||
100 | *lenp = len; | ||
101 | if (sigp != NULL) | ||
102 | *sigp = ret; | ||
103 | return 0; | 105 | return 0; |
104 | } | 106 | } |
105 | 107 | ||
@@ -149,7 +151,7 @@ ssh_rsa_verify(Key *key, u_char *signature, u_int signaturelen, | |||
149 | xfree(sigblob); | 151 | xfree(sigblob); |
150 | return -1; | 152 | return -1; |
151 | } else if (len < modlen) { | 153 | } else if (len < modlen) { |
152 | int diff = modlen - len; | 154 | u_int diff = modlen - len; |
153 | debug("ssh_rsa_verify: add padding: modlen %u > len %u", | 155 | debug("ssh_rsa_verify: add padding: modlen %u > len %u", |
154 | modlen, len); | 156 | modlen, len); |
155 | sigblob = xrealloc(sigblob, modlen); | 157 | sigblob = xrealloc(sigblob, modlen); |
@@ -167,15 +169,100 @@ ssh_rsa_verify(Key *key, u_char *signature, u_int signaturelen, | |||
167 | EVP_DigestUpdate(&md, data, datalen); | 169 | EVP_DigestUpdate(&md, data, datalen); |
168 | EVP_DigestFinal(&md, digest, &dlen); | 170 | EVP_DigestFinal(&md, digest, &dlen); |
169 | 171 | ||
170 | ret = RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); | 172 | ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); |
171 | memset(digest, 'd', sizeof(digest)); | 173 | memset(digest, 'd', sizeof(digest)); |
172 | memset(sigblob, 's', len); | 174 | memset(sigblob, 's', len); |
173 | xfree(sigblob); | 175 | xfree(sigblob); |
174 | if (ret == 0) { | ||
175 | int ecode = ERR_get_error(); | ||
176 | error("ssh_rsa_verify: RSA_verify failed: %s", | ||
177 | ERR_error_string(ecode, NULL)); | ||
178 | } | ||
179 | debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : ""); | 176 | debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : ""); |
180 | return ret; | 177 | return ret; |
181 | } | 178 | } |
179 | |||
180 | /* | ||
181 | * See: | ||
182 | * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/ | ||
183 | * ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.asn | ||
184 | */ | ||
185 | /* | ||
186 | * id-sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) | ||
187 | * oiw(14) secsig(3) algorithms(2) 26 } | ||
188 | */ | ||
189 | static const u_char id_sha1[] = { | ||
190 | 0x30, 0x21, /* type Sequence, length 0x21 (33) */ | ||
191 | 0x30, 0x09, /* type Sequence, length 0x09 */ | ||
192 | 0x06, 0x05, /* type OID, length 0x05 */ | ||
193 | 0x2b, 0x0e, 0x03, 0x02, 0x1a, /* id-sha1 OID */ | ||
194 | 0x05, 0x00, /* NULL */ | ||
195 | 0x04, 0x14 /* Octet string, length 0x14 (20), followed by sha1 hash */ | ||
196 | }; | ||
197 | /* | ||
198 | * id-md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) | ||
199 | * rsadsi(113549) digestAlgorithm(2) 5 } | ||
200 | */ | ||
201 | static const u_char id_md5[] = { | ||
202 | 0x30, 0x20, /* type Sequence, length 0x20 (32) */ | ||
203 | 0x30, 0x0c, /* type Sequence, length 0x09 */ | ||
204 | 0x06, 0x08, /* type OID, length 0x05 */ | ||
205 | 0x2a, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, /* id-md5 */ | ||
206 | 0x05, 0x00, /* NULL */ | ||
207 | 0x04, 0x10 /* Octet string, length 0x10 (16), followed by md5 hash */ | ||
208 | }; | ||
209 | |||
210 | static int | ||
211 | openssh_RSA_verify(int type, u_char *hash, u_int hashlen, | ||
212 | u_char *sigbuf, u_int siglen, RSA *rsa) | ||
213 | { | ||
214 | u_int ret, rsasize, oidlen = 0, hlen = 0; | ||
215 | int len; | ||
216 | const u_char *oid = NULL; | ||
217 | u_char *decrypted = NULL; | ||
218 | |||
219 | ret = 0; | ||
220 | switch (type) { | ||
221 | case NID_sha1: | ||
222 | oid = id_sha1; | ||
223 | oidlen = sizeof(id_sha1); | ||
224 | hlen = 20; | ||
225 | break; | ||
226 | case NID_md5: | ||
227 | oid = id_md5; | ||
228 | oidlen = sizeof(id_md5); | ||
229 | hlen = 16; | ||
230 | break; | ||
231 | default: | ||
232 | goto done; | ||
233 | break; | ||
234 | } | ||
235 | if (hashlen != hlen) { | ||
236 | error("bad hashlen"); | ||
237 | goto done; | ||
238 | } | ||
239 | rsasize = RSA_size(rsa); | ||
240 | if (siglen == 0 || siglen > rsasize) { | ||
241 | error("bad siglen"); | ||
242 | goto done; | ||
243 | } | ||
244 | decrypted = xmalloc(rsasize); | ||
245 | if ((len = RSA_public_decrypt(siglen, sigbuf, decrypted, rsa, | ||
246 | RSA_PKCS1_PADDING)) < 0) { | ||
247 | error("RSA_public_decrypt failed: %s", | ||
248 | ERR_error_string(ERR_get_error(), NULL)); | ||
249 | goto done; | ||
250 | } | ||
251 | if (len != hlen + oidlen) { | ||
252 | error("bad decrypted len: %d != %d + %d", len, hlen, oidlen); | ||
253 | goto done; | ||
254 | } | ||
255 | if (memcmp(decrypted, oid, oidlen) != 0) { | ||
256 | error("oid mismatch"); | ||
257 | goto done; | ||
258 | } | ||
259 | if (memcmp(decrypted + oidlen, hash, hlen) != 0) { | ||
260 | error("hash mismatch"); | ||
261 | goto done; | ||
262 | } | ||
263 | ret = 1; | ||
264 | done: | ||
265 | if (decrypted) | ||
266 | xfree(decrypted); | ||
267 | return ret; | ||
268 | } | ||
@@ -6,7 +6,7 @@ NAME | |||
6 | SYNOPSIS | 6 | SYNOPSIS |
7 | ssh [-l login_name] hostname | user@hostname [command] | 7 | ssh [-l login_name] hostname | user@hostname [command] |
8 | 8 | ||
9 | ssh [-afgknqstvxACNPTX1246] [-b bind_address] [-c cipher_spec] | 9 | ssh [-afgknqstvxACNTX1246] [-b bind_address] [-c cipher_spec] |
10 | [-e escape_char] [-i identity_file] [-l login_name] [-m mac_spec] | 10 | [-e escape_char] [-i identity_file] [-l login_name] [-m mac_spec] |
11 | [-o option] [-p port] [-F configfile] [-L port:host:hostport] [-R | 11 | [-o option] [-p port] [-F configfile] [-L port:host:hostport] [-R |
12 | port:host:hostport] [-D port] hostname | user@hostname [command] | 12 | port:host:hostport] [-D port] hostname | user@hostname [command] |
@@ -183,9 +183,10 @@ DESCRIPTION | |||
183 | is opened. The real authentication cookie is never sent to the server | 183 | is opened. The real authentication cookie is never sent to the server |
184 | machine (and no cookies are sent in the plain). | 184 | machine (and no cookies are sent in the plain). |
185 | 185 | ||
186 | If the user is using an authentication agent, the connection to the agent | 186 | If the ForwardAgent variable is set to ``yes'' (or, see the description |
187 | is automatically forwarded to the remote side unless disabled on the comM-- | 187 | of the -A and -a options described later) and the user is using an |
188 | mand line or in a configuration file. | 188 | authentication agent, the connection to the agent is automatically forM-- |
189 | warded to the remote side. | ||
189 | 190 | ||
190 | Forwarding of arbitrary TCP/IP connections over the secure channel can be | 191 | Forwarding of arbitrary TCP/IP connections over the secure channel can be |
191 | specified either on the command line or in a configuration file. One | 192 | specified either on the command line or in a configuration file. One |
@@ -214,6 +215,14 @@ DESCRIPTION | |||
214 | can also be specified on a per-host basis in a configuration | 215 | can also be specified on a per-host basis in a configuration |
215 | file. | 216 | file. |
216 | 217 | ||
218 | Agent forwarding should be enabled with caution. Users with the | ||
219 | ability to bypass file permissions on the remote host (for the | ||
220 | agent's Unix-domain socket) can access the local agent through | ||
221 | the forwarded connection. An attacker cannot obtain key material | ||
222 | from the agent, however they can perform operations on the keys | ||
223 | that enable them to authenticate using the identities loaded into | ||
224 | the agent. | ||
225 | |||
217 | -b bind_address | 226 | -b bind_address |
218 | Specify the interface to transmit from on machines with multiple | 227 | Specify the interface to transmit from on machines with multiple |
219 | interfaces or aliased addresses. | 228 | interfaces or aliased addresses. |
@@ -298,11 +307,6 @@ DESCRIPTION | |||
298 | Port to connect to on the remote host. This can be specified on | 307 | Port to connect to on the remote host. This can be specified on |
299 | a per-host basis in the configuration file. | 308 | a per-host basis in the configuration file. |
300 | 309 | ||
301 | -P Use a non-privileged port for outgoing connections. This can be | ||
302 | used if a firewall does not permit connections from privileged | ||
303 | ports. Note that this option turns off RhostsAuthentication and | ||
304 | RhostsRSAAuthentication for older servers. | ||
305 | |||
306 | -q Quiet mode. Causes all warning and diagnostic messages to be | 310 | -q Quiet mode. Causes all warning and diagnostic messages to be |
307 | suppressed. | 311 | suppressed. |
308 | 312 | ||
@@ -329,14 +333,20 @@ DESCRIPTION | |||
329 | -X Enables X11 forwarding. This can also be specified on a per-host | 333 | -X Enables X11 forwarding. This can also be specified on a per-host |
330 | basis in a configuration file. | 334 | basis in a configuration file. |
331 | 335 | ||
336 | X11 forwarding should be enabled with caution. Users with the | ||
337 | ability to bypass file permissions on the remote host (for the | ||
338 | user's X authorization database) can access the local X11 display | ||
339 | through the forwarded connection. An attacker may then be able | ||
340 | to perform activities such as keystroke monitoring. | ||
341 | |||
332 | -C Requests compression of all data (including stdin, stdout, | 342 | -C Requests compression of all data (including stdin, stdout, |
333 | stderr, and data for forwarded X11 and TCP/IP connections). The | 343 | stderr, and data for forwarded X11 and TCP/IP connections). The |
334 | compression algorithm is the same used by gzip(1), and the | 344 | compression algorithm is the same used by gzip(1), and the |
335 | ``level'' can be controlled by the CompressionLevel option. ComM-- | 345 | ``level'' can be controlled by the CompressionLevel option for |
336 | pression is desirable on modem lines and other slow connections, | 346 | protocol version 1. Compression is desirable on modem lines and |
337 | but will only slow down things on fast networks. The default | 347 | other slow connections, but will only slow down things on fast |
338 | value can be set on a host-by-host basis in the configuration | 348 | networks. The default value can be set on a host-by-host basis |
339 | files; see the Compression option. | 349 | in the configuration files; see the Compression option. |
340 | 350 | ||
341 | -F configfile | 351 | -F configfile |
342 | Specifies an alternative per-user configuration file. If a conM-- | 352 | Specifies an alternative per-user configuration file. If a conM-- |
@@ -428,10 +438,10 @@ ENVIRONMENT | |||
428 | Identifies the path of a unix-domain socket used to communicate | 438 | Identifies the path of a unix-domain socket used to communicate |
429 | with the agent. | 439 | with the agent. |
430 | 440 | ||
431 | SSH_CLIENT | 441 | SSH_CONNECTION |
432 | Identifies the client end of the connection. The variable conM-- | 442 | Identifies the client and server ends of the connection. The |
433 | tains three space-separated values: client ip-address, client | 443 | variable contains four space-separated values: client ip-address, |
434 | port number, and server port number. | 444 | client port number, server ip-address and server port number. |
435 | 445 | ||
436 | SSH_ORIGINAL_COMMAND | 446 | SSH_ORIGINAL_COMMAND |
437 | The variable contains the original command line if a forced comM-- | 447 | The variable contains the original command line if a forced comM-- |
@@ -450,7 +460,9 @@ ENVIRONMENT | |||
450 | USER Set to the name of the user logging in. | 460 | USER Set to the name of the user logging in. |
451 | 461 | ||
452 | Additionally, ssh reads $HOME/.ssh/environment, and adds lines of the | 462 | Additionally, ssh reads $HOME/.ssh/environment, and adds lines of the |
453 | format ``VARNAME=value'' to the environment. | 463 | format ``VARNAME=value'' to the environment if the file exists and if |
464 | users are allowed to change their environment. See the | ||
465 | PermitUserEnvironment option in sshd_config(5). | ||
454 | 466 | ||
455 | FILES | 467 | FILES |
456 | $HOME/.ssh/known_hosts | 468 | $HOME/.ssh/known_hosts |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.160 2002/06/22 11:51:39 naddy Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.167 2002/09/27 15:46:21 stevesk Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
@@ -48,7 +48,7 @@ | |||
48 | .Op Ar command | 48 | .Op Ar command |
49 | .Pp | 49 | .Pp |
50 | .Nm ssh | 50 | .Nm ssh |
51 | .Op Fl afgknqstvxACNPTX1246 | 51 | .Op Fl afgknqstvxACNTX1246 |
52 | .Op Fl b Ar bind_address | 52 | .Op Fl b Ar bind_address |
53 | .Op Fl c Ar cipher_spec | 53 | .Op Fl c Ar cipher_spec |
54 | .Op Fl e Ar escape_char | 54 | .Op Fl e Ar escape_char |
@@ -353,9 +353,17 @@ the connection is opened. | |||
353 | The real authentication cookie is never | 353 | The real authentication cookie is never |
354 | sent to the server machine (and no cookies are sent in the plain). | 354 | sent to the server machine (and no cookies are sent in the plain). |
355 | .Pp | 355 | .Pp |
356 | If the user is using an authentication agent, the connection to the agent | 356 | If the |
357 | is automatically forwarded to the remote side unless disabled on | 357 | .Cm ForwardAgent |
358 | the command line or in a configuration file. | 358 | variable is set to |
359 | .Dq yes | ||
360 | (or, see the description of the | ||
361 | .Fl A | ||
362 | and | ||
363 | .Fl a | ||
364 | options described later) and | ||
365 | the user is using an authentication agent, the connection to the agent | ||
366 | is automatically forwarded to the remote side. | ||
359 | .Pp | 367 | .Pp |
360 | Forwarding of arbitrary TCP/IP connections over the secure channel can | 368 | Forwarding of arbitrary TCP/IP connections over the secure channel can |
361 | be specified either on the command line or in a configuration file. | 369 | be specified either on the command line or in a configuration file. |
@@ -394,6 +402,13 @@ Disables forwarding of the authentication agent connection. | |||
394 | .It Fl A | 402 | .It Fl A |
395 | Enables forwarding of the authentication agent connection. | 403 | Enables forwarding of the authentication agent connection. |
396 | This can also be specified on a per-host basis in a configuration file. | 404 | This can also be specified on a per-host basis in a configuration file. |
405 | .Pp | ||
406 | Agent forwarding should be enabled with caution. Users with the | ||
407 | ability to bypass file permissions on the remote host (for the agent's | ||
408 | Unix-domain socket) can access the local agent through the forwarded | ||
409 | connection. An attacker cannot obtain key material from the agent, | ||
410 | however they can perform operations on the keys that enable them to | ||
411 | authenticate using the identities loaded into the agent. | ||
397 | .It Fl b Ar bind_address | 412 | .It Fl b Ar bind_address |
398 | Specify the interface to transmit from on machines with multiple | 413 | Specify the interface to transmit from on machines with multiple |
399 | interfaces or aliased addresses. | 414 | interfaces or aliased addresses. |
@@ -515,15 +530,6 @@ command-line flag. | |||
515 | Port to connect to on the remote host. | 530 | Port to connect to on the remote host. |
516 | This can be specified on a | 531 | This can be specified on a |
517 | per-host basis in the configuration file. | 532 | per-host basis in the configuration file. |
518 | .It Fl P | ||
519 | Use a non-privileged port for outgoing connections. | ||
520 | This can be used if a firewall does | ||
521 | not permit connections from privileged ports. | ||
522 | Note that this option turns off | ||
523 | .Cm RhostsAuthentication | ||
524 | and | ||
525 | .Cm RhostsRSAAuthentication | ||
526 | for older servers. | ||
527 | .It Fl q | 533 | .It Fl q |
528 | Quiet mode. | 534 | Quiet mode. |
529 | Causes all warning and diagnostic messages to be suppressed. | 535 | Causes all warning and diagnostic messages to be suppressed. |
@@ -563,6 +569,12 @@ Disables X11 forwarding. | |||
563 | .It Fl X | 569 | .It Fl X |
564 | Enables X11 forwarding. | 570 | Enables X11 forwarding. |
565 | This can also be specified on a per-host basis in a configuration file. | 571 | This can also be specified on a per-host basis in a configuration file. |
572 | .Pp | ||
573 | X11 forwarding should be enabled with caution. Users with the ability | ||
574 | to bypass file permissions on the remote host (for the user's X | ||
575 | authorization database) can access the local X11 display through the | ||
576 | forwarded connection. An attacker may then be able to perform | ||
577 | activities such as keystroke monitoring. | ||
566 | .It Fl C | 578 | .It Fl C |
567 | Requests compression of all data (including stdin, stdout, stderr, and | 579 | Requests compression of all data (including stdin, stdout, stderr, and |
568 | data for forwarded X11 and TCP/IP connections). | 580 | data for forwarded X11 and TCP/IP connections). |
@@ -572,7 +584,7 @@ and the | |||
572 | .Dq level | 584 | .Dq level |
573 | can be controlled by the | 585 | can be controlled by the |
574 | .Cm CompressionLevel | 586 | .Cm CompressionLevel |
575 | option. | 587 | option for protocol version 1. |
576 | Compression is desirable on modem lines and other | 588 | Compression is desirable on modem lines and other |
577 | slow connections, but will only slow down things on fast networks. | 589 | slow connections, but will only slow down things on fast networks. |
578 | The default value can be set on a host-by-host basis in the | 590 | The default value can be set on a host-by-host basis in the |
@@ -718,11 +730,11 @@ to make this work.) | |||
718 | .It Ev SSH_AUTH_SOCK | 730 | .It Ev SSH_AUTH_SOCK |
719 | Identifies the path of a unix-domain socket used to communicate with the | 731 | Identifies the path of a unix-domain socket used to communicate with the |
720 | agent. | 732 | agent. |
721 | .It Ev SSH_CLIENT | 733 | .It Ev SSH_CONNECTION |
722 | Identifies the client end of the connection. | 734 | Identifies the client and server ends of the connection. |
723 | The variable contains | 735 | The variable contains |
724 | three space-separated values: client ip-address, client port number, | 736 | four space-separated values: client ip-address, client port number, |
725 | and server port number. | 737 | server ip-address and server port number. |
726 | .It Ev SSH_ORIGINAL_COMMAND | 738 | .It Ev SSH_ORIGINAL_COMMAND |
727 | The variable contains the original command line if a forced command | 739 | The variable contains the original command line if a forced command |
728 | is executed. | 740 | is executed. |
@@ -746,7 +758,12 @@ reads | |||
746 | .Pa $HOME/.ssh/environment , | 758 | .Pa $HOME/.ssh/environment , |
747 | and adds lines of the format | 759 | and adds lines of the format |
748 | .Dq VARNAME=value | 760 | .Dq VARNAME=value |
749 | to the environment. | 761 | to the environment if the file exists and if users are allowed to |
762 | change their environment. | ||
763 | See the | ||
764 | .Cm PermitUserEnvironment | ||
765 | option in | ||
766 | .Xr sshd_config 5 . | ||
750 | .Sh FILES | 767 | .Sh FILES |
751 | .Bl -tag -width Ds | 768 | .Bl -tag -width Ds |
752 | .It Pa $HOME/.ssh/known_hosts | 769 | .It Pa $HOME/.ssh/known_hosts |
@@ -40,7 +40,7 @@ | |||
40 | */ | 40 | */ |
41 | 41 | ||
42 | #include "includes.h" | 42 | #include "includes.h" |
43 | RCSID("$OpenBSD: ssh.c,v 1.179 2002/06/12 01:09:52 markus Exp $"); | 43 | RCSID("$OpenBSD: ssh.c,v 1.186 2002/09/19 01:58:18 djm Exp $"); |
44 | 44 | ||
45 | #include <openssl/evp.h> | 45 | #include <openssl/evp.h> |
46 | #include <openssl/err.h> | 46 | #include <openssl/err.h> |
@@ -146,6 +146,9 @@ int subsystem_flag = 0; | |||
146 | /* # of replies received for global requests */ | 146 | /* # of replies received for global requests */ |
147 | static int client_global_request_id = 0; | 147 | static int client_global_request_id = 0; |
148 | 148 | ||
149 | /* pid of proxycommand child process */ | ||
150 | pid_t proxy_command_pid = 0; | ||
151 | |||
149 | /* Prints a help message to the user. This function never returns. */ | 152 | /* Prints a help message to the user. This function never returns. */ |
150 | 153 | ||
151 | static void | 154 | static void |
@@ -174,7 +177,6 @@ usage(void) | |||
174 | fprintf(stderr, " -v Verbose; display verbose debugging messages.\n"); | 177 | fprintf(stderr, " -v Verbose; display verbose debugging messages.\n"); |
175 | fprintf(stderr, " Multiple -v increases verbosity.\n"); | 178 | fprintf(stderr, " Multiple -v increases verbosity.\n"); |
176 | fprintf(stderr, " -V Display version number only.\n"); | 179 | fprintf(stderr, " -V Display version number only.\n"); |
177 | fprintf(stderr, " -P Don't allocate a privileged port.\n"); | ||
178 | fprintf(stderr, " -q Quiet; don't display any warning messages.\n"); | 180 | fprintf(stderr, " -q Quiet; don't display any warning messages.\n"); |
179 | fprintf(stderr, " -f Fork into background after authentication.\n"); | 181 | fprintf(stderr, " -f Fork into background after authentication.\n"); |
180 | fprintf(stderr, " -e char Set escape character; ``none'' = disable (default: ~).\n"); | 182 | fprintf(stderr, " -e char Set escape character; ``none'' = disable (default: ~).\n"); |
@@ -229,6 +231,15 @@ main(int ac, char **av) | |||
229 | */ | 231 | */ |
230 | original_real_uid = getuid(); | 232 | original_real_uid = getuid(); |
231 | original_effective_uid = geteuid(); | 233 | original_effective_uid = geteuid(); |
234 | |||
235 | /* | ||
236 | * Use uid-swapping to give up root privileges for the duration of | ||
237 | * option processing. We will re-instantiate the rights when we are | ||
238 | * ready to create the privileged port, and will permanently drop | ||
239 | * them when the port has been created (actually, when the connection | ||
240 | * has been made, as we may need to create the port several times). | ||
241 | */ | ||
242 | PRIV_END; | ||
232 | 243 | ||
233 | #ifdef HAVE_SETRLIMIT | 244 | #ifdef HAVE_SETRLIMIT |
234 | /* If we are installed setuid root be careful to not drop core. */ | 245 | /* If we are installed setuid root be careful to not drop core. */ |
@@ -249,15 +260,6 @@ main(int ac, char **av) | |||
249 | pw = pwcopy(pw); | 260 | pw = pwcopy(pw); |
250 | 261 | ||
251 | /* | 262 | /* |
252 | * Use uid-swapping to give up root privileges for the duration of | ||
253 | * option processing. We will re-instantiate the rights when we are | ||
254 | * ready to create the privileged port, and will permanently drop | ||
255 | * them when the port has been created (actually, when the connection | ||
256 | * has been made, as we may need to create the port several times). | ||
257 | */ | ||
258 | PRIV_END; | ||
259 | |||
260 | /* | ||
261 | * Set our umask to something reasonable, as some files are created | 263 | * Set our umask to something reasonable, as some files are created |
262 | * with the default umask. This will make them world-readable but | 264 | * with the default umask. This will make them world-readable but |
263 | * writable only by the owner, which is ok for all files for which we | 265 | * writable only by the owner, which is ok for all files for which we |
@@ -303,7 +305,7 @@ again: | |||
303 | case 'g': | 305 | case 'g': |
304 | options.gateway_ports = 1; | 306 | options.gateway_ports = 1; |
305 | break; | 307 | break; |
306 | case 'P': | 308 | case 'P': /* deprecated */ |
307 | options.use_privileged_port = 0; | 309 | options.use_privileged_port = 0; |
308 | break; | 310 | break; |
309 | case 'a': | 311 | case 'a': |
@@ -557,7 +559,7 @@ again: | |||
557 | if (buffer_len(&command) == 0) | 559 | if (buffer_len(&command) == 0) |
558 | tty_flag = 1; | 560 | tty_flag = 1; |
559 | 561 | ||
560 | /* Force no tty*/ | 562 | /* Force no tty */ |
561 | if (no_tty_flag) | 563 | if (no_tty_flag) |
562 | tty_flag = 0; | 564 | tty_flag = 0; |
563 | /* Do not allocate a tty if stdin is not a tty. */ | 565 | /* Do not allocate a tty if stdin is not a tty. */ |
@@ -642,7 +644,8 @@ again: | |||
642 | if (options.rhosts_rsa_authentication || | 644 | if (options.rhosts_rsa_authentication || |
643 | options.hostbased_authentication) { | 645 | options.hostbased_authentication) { |
644 | sensitive_data.nkeys = 3; | 646 | sensitive_data.nkeys = 3; |
645 | sensitive_data.keys = xmalloc(sensitive_data.nkeys*sizeof(Key)); | 647 | sensitive_data.keys = xmalloc(sensitive_data.nkeys * |
648 | sizeof(Key)); | ||
646 | 649 | ||
647 | PRIV_START; | 650 | PRIV_START; |
648 | sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, | 651 | sensitive_data.keys[0] = key_load_private_type(KEY_RSA1, |
@@ -653,7 +656,8 @@ again: | |||
653 | _PATH_HOST_RSA_KEY_FILE, "", NULL); | 656 | _PATH_HOST_RSA_KEY_FILE, "", NULL); |
654 | PRIV_END; | 657 | PRIV_END; |
655 | 658 | ||
656 | if (sensitive_data.keys[0] == NULL && | 659 | if (options.hostbased_authentication == 1 && |
660 | sensitive_data.keys[0] == NULL && | ||
657 | sensitive_data.keys[1] == NULL && | 661 | sensitive_data.keys[1] == NULL && |
658 | sensitive_data.keys[2] == NULL) { | 662 | sensitive_data.keys[2] == NULL) { |
659 | sensitive_data.keys[1] = key_load_public( | 663 | sensitive_data.keys[1] = key_load_public( |
@@ -726,6 +730,14 @@ again: | |||
726 | 730 | ||
727 | exit_status = compat20 ? ssh_session2() : ssh_session(); | 731 | exit_status = compat20 ? ssh_session2() : ssh_session(); |
728 | packet_close(); | 732 | packet_close(); |
733 | |||
734 | /* | ||
735 | * Send SIGHUP to proxy command if used. We don't wait() in | ||
736 | * case it hangs and instead rely on init to reap the child | ||
737 | */ | ||
738 | if (proxy_command_pid > 1) | ||
739 | kill(proxy_command_pid, SIGHUP); | ||
740 | |||
729 | return exit_status; | 741 | return exit_status; |
730 | } | 742 | } |
731 | 743 | ||
@@ -737,11 +749,19 @@ x11_get_proto(char **_proto, char **_data) | |||
737 | FILE *f; | 749 | FILE *f; |
738 | int got_data = 0, i; | 750 | int got_data = 0, i; |
739 | char *display; | 751 | char *display; |
752 | struct stat st; | ||
740 | 753 | ||
741 | *_proto = proto; | 754 | *_proto = proto; |
742 | *_data = data; | 755 | *_data = data; |
743 | proto[0] = data[0] = '\0'; | 756 | proto[0] = data[0] = '\0'; |
744 | if (options.xauth_location && (display = getenv("DISPLAY"))) { | 757 | if (!options.xauth_location || |
758 | (stat(options.xauth_location, &st) == -1)) { | ||
759 | debug("No xauth program."); | ||
760 | } else { | ||
761 | if ((display = getenv("DISPLAY")) == NULL) { | ||
762 | debug("x11_get_proto: DISPLAY not set"); | ||
763 | return; | ||
764 | } | ||
745 | /* Try to get Xauthority information for the display. */ | 765 | /* Try to get Xauthority information for the display. */ |
746 | if (strncmp(display, "localhost:", 10) == 0) | 766 | if (strncmp(display, "localhost:", 10) == 0) |
747 | /* | 767 | /* |
@@ -756,7 +776,7 @@ x11_get_proto(char **_proto, char **_data) | |||
756 | else | 776 | else |
757 | snprintf(line, sizeof line, "%s list %.200s 2>" | 777 | snprintf(line, sizeof line, "%s list %.200s 2>" |
758 | _PATH_DEVNULL, options.xauth_location, display); | 778 | _PATH_DEVNULL, options.xauth_location, display); |
759 | debug2("x11_get_proto %s", line); | 779 | debug2("x11_get_proto: %s", line); |
760 | f = popen(line, "r"); | 780 | f = popen(line, "r"); |
761 | if (f && fgets(line, sizeof(line), f) && | 781 | if (f && fgets(line, sizeof(line), f) && |
762 | sscanf(line, "%*s %511s %511s", proto, data) == 2) | 782 | sscanf(line, "%*s %511s %511s", proto, data) == 2) |
@@ -775,6 +795,7 @@ x11_get_proto(char **_proto, char **_data) | |||
775 | if (!got_data) { | 795 | if (!got_data) { |
776 | u_int32_t rand = 0; | 796 | u_int32_t rand = 0; |
777 | 797 | ||
798 | log("Warning: No xauth data; using fake authentication data for X11 forwarding."); | ||
778 | strlcpy(proto, "MIT-MAGIC-COOKIE-1", sizeof proto); | 799 | strlcpy(proto, "MIT-MAGIC-COOKIE-1", sizeof proto); |
779 | for (i = 0; i < 16; i++) { | 800 | for (i = 0; i < 16; i++) { |
780 | if (i % 4 == 0) | 801 | if (i % 4 == 0) |
@@ -824,11 +845,8 @@ check_agent_present(void) | |||
824 | { | 845 | { |
825 | if (options.forward_agent) { | 846 | if (options.forward_agent) { |
826 | /* Clear agent forwarding if we don\'t have an agent. */ | 847 | /* Clear agent forwarding if we don\'t have an agent. */ |
827 | int authfd = ssh_get_authentication_socket(); | 848 | if (!ssh_agent_present()) |
828 | if (authfd < 0) | ||
829 | options.forward_agent = 0; | 849 | options.forward_agent = 0; |
830 | else | ||
831 | ssh_close_authentication_socket(authfd); | ||
832 | } | 850 | } |
833 | } | 851 | } |
834 | 852 | ||
@@ -60,10 +60,6 @@ | |||
60 | */ | 60 | */ |
61 | #define SSH_SERVICE_NAME "ssh" | 61 | #define SSH_SERVICE_NAME "ssh" |
62 | 62 | ||
63 | #if defined(USE_PAM) && !defined(SSHD_PAM_SERVICE) | ||
64 | # define SSHD_PAM_SERVICE __progname | ||
65 | #endif | ||
66 | |||
67 | /* | 63 | /* |
68 | * Name of the environment variable containing the process ID of the | 64 | * Name of the environment variable containing the process ID of the |
69 | * authentication agent. | 65 | * authentication agent. |
diff --git a/ssh_config b/ssh_config index ef31d4336..94cffbf39 100644 --- a/ssh_config +++ b/ssh_config | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: ssh_config,v 1.15 2002/06/20 20:03:34 stevesk Exp $ | 1 | # $OpenBSD: ssh_config,v 1.16 2002/07/03 14:21:05 markus Exp $ |
2 | 2 | ||
3 | # This is the ssh client system-wide configuration file. See | 3 | # This is the ssh client system-wide configuration file. See |
4 | # ssh_config(5) for more information. This file provides defaults for | 4 | # ssh_config(5) for more information. This file provides defaults for |
@@ -22,6 +22,7 @@ | |||
22 | # RhostsRSAAuthentication no | 22 | # RhostsRSAAuthentication no |
23 | # RSAAuthentication yes | 23 | # RSAAuthentication yes |
24 | # PasswordAuthentication yes | 24 | # PasswordAuthentication yes |
25 | # HostbasedAuthentication no | ||
25 | # BatchMode no | 26 | # BatchMode no |
26 | # CheckHostIP yes | 27 | # CheckHostIP yes |
27 | # StrictHostKeyChecking ask | 28 | # StrictHostKeyChecking ask |
diff --git a/ssh_config.0 b/ssh_config.0 index 9822ce8d2..a5a44da14 100644 --- a/ssh_config.0 +++ b/ssh_config.0 | |||
@@ -9,9 +9,10 @@ SYNOPSIS | |||
9 | 9 | ||
10 | DESCRIPTION | 10 | DESCRIPTION |
11 | ssh obtains configuration data from the following sources in the followM-- | 11 | ssh obtains configuration data from the following sources in the followM-- |
12 | ing order: command line options, user's configuration file | 12 | ing order: |
13 | ($HOME/.ssh/config), and system-wide configuration file | 13 | 1. command-line options |
14 | (/etc/ssh/ssh_config). | 14 | 2. user's configuration file ($HOME/.ssh/config) |
15 | 3. system-wide configuration file (/etc/ssh/ssh_config) | ||
15 | 16 | ||
16 | For each parameter, the first obtained value will be used. The configuM-- | 17 | For each parameter, the first obtained value will be used. The configuM-- |
17 | ration files contain sections bracketed by ``Host'' specifications, and | 18 | ration files contain sections bracketed by ``Host'' specifications, and |
@@ -133,11 +134,25 @@ DESCRIPTION | |||
133 | any) will be forwarded to the remote machine. The argument must | 134 | any) will be forwarded to the remote machine. The argument must |
134 | be ``yes'' or ``no''. The default is ``no''. | 135 | be ``yes'' or ``no''. The default is ``no''. |
135 | 136 | ||
137 | Agent forwarding should be enabled with caution. Users with the | ||
138 | ability to bypass file permissions on the remote host (for the | ||
139 | agent's Unix-domain socket) can access the local agent through | ||
140 | the forwarded connection. An attacker cannot obtain key material | ||
141 | from the agent, however they can perform operations on the keys | ||
142 | that enable them to authenticate using the identities loaded into | ||
143 | the agent. | ||
144 | |||
136 | ForwardX11 | 145 | ForwardX11 |
137 | Specifies whether X11 connections will be automatically rediM-- | 146 | Specifies whether X11 connections will be automatically rediM-- |
138 | rected over the secure channel and DISPLAY set. The argument | 147 | rected over the secure channel and DISPLAY set. The argument |
139 | must be ``yes'' or ``no''. The default is ``no''. | 148 | must be ``yes'' or ``no''. The default is ``no''. |
140 | 149 | ||
150 | X11 forwarding should be enabled with caution. Users with the | ||
151 | ability to bypass file permissions on the remote host (for the | ||
152 | user's X authorization database) can access the local X11 display | ||
153 | through the forwarded connection. An attacker may then be able | ||
154 | to perform activities such as keystroke monitoring. | ||
155 | |||
141 | GatewayPorts | 156 | GatewayPorts |
142 | Specifies whether remote hosts are allowed to connect to local | 157 | Specifies whether remote hosts are allowed to connect to local |
143 | forwarded ports. By default, ssh binds local port forwardings to | 158 | forwarded ports. By default, ssh binds local port forwardings to |
@@ -301,7 +316,8 @@ DESCRIPTION | |||
301 | tication because it is not secure (see RhostsRSAAuthentication). | 316 | tication because it is not secure (see RhostsRSAAuthentication). |
302 | The argument to this keyword must be ``yes'' or ``no''. The | 317 | The argument to this keyword must be ``yes'' or ``no''. The |
303 | default is ``no''. This option applies to protocol version 1 | 318 | default is ``no''. This option applies to protocol version 1 |
304 | only. | 319 | only and requires ssh to be setuid root and UsePrivilegedPort to |
320 | be set to ``yes''. | ||
305 | 321 | ||
306 | RhostsRSAAuthentication | 322 | RhostsRSAAuthentication |
307 | Specifies whether to try rhosts based authentication with RSA | 323 | Specifies whether to try rhosts based authentication with RSA |
@@ -342,9 +358,10 @@ DESCRIPTION | |||
342 | UsePrivilegedPort | 358 | UsePrivilegedPort |
343 | Specifies whether to use a privileged port for outgoing connecM-- | 359 | Specifies whether to use a privileged port for outgoing connecM-- |
344 | tions. The argument must be ``yes'' or ``no''. The default is | 360 | tions. The argument must be ``yes'' or ``no''. The default is |
345 | ``no''. Note that this option must be set to ``yes'' if | 361 | ``no''. If set to ``yes'' ssh must be setuid root. Note that |
346 | RhostsAuthentication and RhostsRSAAuthentication authentications | 362 | this option must be set to ``yes'' if RhostsAuthentication and |
347 | are needed with older servers. | 363 | RhostsRSAAuthentication authentications are needed with older |
364 | servers. | ||
348 | 365 | ||
349 | User Specifies the user to log in as. This can be useful when a difM-- | 366 | User Specifies the user to log in as. This can be useful when a difM-- |
350 | ferent user name is used on different machines. This saves the | 367 | ferent user name is used on different machines. This saves the |
@@ -356,8 +373,8 @@ DESCRIPTION | |||
356 | $HOME/.ssh/known_hosts. | 373 | $HOME/.ssh/known_hosts. |
357 | 374 | ||
358 | XAuthLocation | 375 | XAuthLocation |
359 | Specifies the location of the xauth(1) program. The default is | 376 | Specifies the full pathname of the xauth(1) program. The default |
360 | /usr/X11R6/bin/xauth. | 377 | is /usr/X11R6/bin/xauth. |
361 | 378 | ||
362 | FILES | 379 | FILES |
363 | $HOME/.ssh/config | 380 | $HOME/.ssh/config |
diff --git a/ssh_config.5 b/ssh_config.5 index 6d94220b0..67fa0845c 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh_config.5,v 1.1 2002/06/20 19:56:07 stevesk Exp $ | 37 | .\" $OpenBSD: ssh_config.5,v 1.5 2002/08/29 22:54:10 stevesk Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH_CONFIG 5 | 39 | .Dt SSH_CONFIG 5 |
40 | .Os | 40 | .Os |
@@ -50,10 +50,16 @@ | |||
50 | .Nm ssh | 50 | .Nm ssh |
51 | obtains configuration data from the following sources in | 51 | obtains configuration data from the following sources in |
52 | the following order: | 52 | the following order: |
53 | command line options, user's configuration file | 53 | .Bl -enum -offset indent -compact |
54 | .Pq Pa $HOME/.ssh/config , | 54 | .It |
55 | and system-wide configuration file | 55 | command-line options |
56 | .Pq Pa /etc/ssh/ssh_config . | 56 | .It |
57 | user's configuration file | ||
58 | .Pq Pa $HOME/.ssh/config | ||
59 | .It | ||
60 | system-wide configuration file | ||
61 | .Pq Pa /etc/ssh/ssh_config | ||
62 | .El | ||
57 | .Pp | 63 | .Pp |
58 | For each parameter, the first obtained value | 64 | For each parameter, the first obtained value |
59 | will be used. | 65 | will be used. |
@@ -259,6 +265,13 @@ or | |||
259 | .Dq no . | 265 | .Dq no . |
260 | The default is | 266 | The default is |
261 | .Dq no . | 267 | .Dq no . |
268 | .Pp | ||
269 | Agent forwarding should be enabled with caution. Users with the | ||
270 | ability to bypass file permissions on the remote host (for the agent's | ||
271 | Unix-domain socket) can access the local agent through the forwarded | ||
272 | connection. An attacker cannot obtain key material from the agent, | ||
273 | however they can perform operations on the keys that enable them to | ||
274 | authenticate using the identities loaded into the agent. | ||
262 | .It Cm ForwardX11 | 275 | .It Cm ForwardX11 |
263 | Specifies whether X11 connections will be automatically redirected | 276 | Specifies whether X11 connections will be automatically redirected |
264 | over the secure channel and | 277 | over the secure channel and |
@@ -270,6 +283,12 @@ or | |||
270 | .Dq no . | 283 | .Dq no . |
271 | The default is | 284 | The default is |
272 | .Dq no . | 285 | .Dq no . |
286 | .Pp | ||
287 | X11 forwarding should be enabled with caution. Users with the ability | ||
288 | to bypass file permissions on the remote host (for the user's X | ||
289 | authorization database) can access the local X11 display through the | ||
290 | forwarded connection. An attacker may then be able to perform | ||
291 | activities such as keystroke monitoring. | ||
273 | .It Cm GatewayPorts | 292 | .It Cm GatewayPorts |
274 | Specifies whether remote hosts are allowed to connect to local | 293 | Specifies whether remote hosts are allowed to connect to local |
275 | forwarded ports. | 294 | forwarded ports. |
@@ -342,7 +361,6 @@ identities will be tried in sequence. | |||
342 | Specifies whether the system should send TCP keepalive messages to the | 361 | Specifies whether the system should send TCP keepalive messages to the |
343 | other side. | 362 | other side. |
344 | If they are sent, death of the connection or crash of one | 363 | If they are sent, death of the connection or crash of one |
345 | of the machines will be properly noticed. | ||
346 | of the machines will be properly noticed. This option only uses TCP | 364 | of the machines will be properly noticed. This option only uses TCP |
347 | keepalives (as opposed to using ssh level keepalives), so takes a long | 365 | keepalives (as opposed to using ssh level keepalives), so takes a long |
348 | time to notice when the connection dies. As such, you probably want | 366 | time to notice when the connection dies. As such, you probably want |
@@ -512,7 +530,12 @@ or | |||
512 | .Dq no . | 530 | .Dq no . |
513 | The default is | 531 | The default is |
514 | .Dq no . | 532 | .Dq no . |
515 | This option applies to protocol version 1 only. | 533 | This option applies to protocol version 1 only and requires |
534 | .Nm ssh | ||
535 | to be setuid root and | ||
536 | .Cm UsePrivilegedPort | ||
537 | to be set to | ||
538 | .Dq yes . | ||
516 | .It Cm RhostsRSAAuthentication | 539 | .It Cm RhostsRSAAuthentication |
517 | Specifies whether to try rhosts based authentication with RSA host | 540 | Specifies whether to try rhosts based authentication with RSA host |
518 | authentication. | 541 | authentication. |
@@ -600,6 +623,10 @@ or | |||
600 | .Dq no . | 623 | .Dq no . |
601 | The default is | 624 | The default is |
602 | .Dq no . | 625 | .Dq no . |
626 | If set to | ||
627 | .Dq yes | ||
628 | .Nm ssh | ||
629 | must be setuid root. | ||
603 | Note that this option must be set to | 630 | Note that this option must be set to |
604 | .Dq yes | 631 | .Dq yes |
605 | if | 632 | if |
@@ -617,7 +644,7 @@ Specifies a file to use for the user | |||
617 | host key database instead of | 644 | host key database instead of |
618 | .Pa $HOME/.ssh/known_hosts . | 645 | .Pa $HOME/.ssh/known_hosts . |
619 | .It Cm XAuthLocation | 646 | .It Cm XAuthLocation |
620 | Specifies the location of the | 647 | Specifies the full pathname of the |
621 | .Xr xauth 1 | 648 | .Xr xauth 1 |
622 | program. | 649 | program. |
623 | The default is | 650 | The default is |
diff --git a/ssh_prng_cmds.in b/ssh_prng_cmds.in index 03fa5408e..50e7771f9 100644 --- a/ssh_prng_cmds.in +++ b/ssh_prng_cmds.in | |||
@@ -5,7 +5,7 @@ | |||
5 | # The "rate" represents the number of bits of usuable entropy per | 5 | # The "rate" represents the number of bits of usuable entropy per |
6 | # byte of command output. Be conservative. | 6 | # byte of command output. Be conservative. |
7 | # | 7 | # |
8 | # $Id: ssh_prng_cmds.in,v 1.7 2001/07/22 19:32:01 mouring Exp $ | 8 | # $Id: ssh_prng_cmds.in,v 1.8 2002/07/14 21:43:58 tim Exp $ |
9 | 9 | ||
10 | "ls -alni /var/log" @PROG_LS@ 0.02 | 10 | "ls -alni /var/log" @PROG_LS@ 0.02 |
11 | "ls -alni /var/adm" @PROG_LS@ 0.02 | 11 | "ls -alni /var/adm" @PROG_LS@ 0.02 |
@@ -37,7 +37,7 @@ | |||
37 | "netstat -s" @PROG_NETSTAT@ 0.02 | 37 | "netstat -s" @PROG_NETSTAT@ 0.02 |
38 | "netstat -is" @PROG_NETSTAT@ 0.07 | 38 | "netstat -is" @PROG_NETSTAT@ 0.07 |
39 | 39 | ||
40 | "arp -a -n" @PROG_ARP@ 0.02 | 40 | "arp -n -a" @PROG_ARP@ 0.02 |
41 | 41 | ||
42 | "ifconfig -a" @PROG_IFCONFIG@ 0.02 | 42 | "ifconfig -a" @PROG_IFCONFIG@ 0.02 |
43 | 43 | ||
diff --git a/sshconnect.c b/sshconnect.c index 8eb5fda7d..95e0f6d77 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -13,7 +13,7 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: sshconnect.c,v 1.126 2002/06/23 03:30:17 deraadt Exp $"); | 16 | RCSID("$OpenBSD: sshconnect.c,v 1.135 2002/09/19 01:58:18 djm Exp $"); |
17 | 17 | ||
18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
19 | 19 | ||
@@ -41,6 +41,7 @@ extern Options options; | |||
41 | extern char *__progname; | 41 | extern char *__progname; |
42 | extern uid_t original_real_uid; | 42 | extern uid_t original_real_uid; |
43 | extern uid_t original_effective_uid; | 43 | extern uid_t original_effective_uid; |
44 | extern pid_t proxy_command_pid; | ||
44 | 45 | ||
45 | #ifndef INET6_ADDRSTRLEN /* for non IPv6 machines */ | 46 | #ifndef INET6_ADDRSTRLEN /* for non IPv6 machines */ |
46 | #define INET6_ADDRSTRLEN 46 | 47 | #define INET6_ADDRSTRLEN 46 |
@@ -48,22 +49,13 @@ extern uid_t original_effective_uid; | |||
48 | 49 | ||
49 | static sig_atomic_t banner_timedout; | 50 | static sig_atomic_t banner_timedout; |
50 | 51 | ||
51 | static const char * | ||
52 | sockaddr_ntop(struct sockaddr *sa, socklen_t salen) | ||
53 | { | ||
54 | static char addrbuf[NI_MAXHOST]; | ||
55 | |||
56 | if (getnameinfo(sa, salen, addrbuf, sizeof(addrbuf), NULL, 0, | ||
57 | NI_NUMERICHOST) != 0) | ||
58 | fatal("sockaddr_ntop: getnameinfo NI_NUMERICHOST failed"); | ||
59 | return addrbuf; | ||
60 | } | ||
61 | |||
62 | static void banner_alarm_catch (int signum) | 52 | static void banner_alarm_catch (int signum) |
63 | { | 53 | { |
64 | banner_timedout = 1; | 54 | banner_timedout = 1; |
65 | } | 55 | } |
66 | 56 | ||
57 | static int show_other_keys(const char *, Key *); | ||
58 | |||
67 | /* | 59 | /* |
68 | * Connect to the given ssh server using a proxy command. | 60 | * Connect to the given ssh server using a proxy command. |
69 | */ | 61 | */ |
@@ -80,9 +72,16 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) | |||
80 | /* Convert the port number into a string. */ | 72 | /* Convert the port number into a string. */ |
81 | snprintf(strport, sizeof strport, "%hu", port); | 73 | snprintf(strport, sizeof strport, "%hu", port); |
82 | 74 | ||
83 | /* Build the final command string in the buffer by making the | 75 | /* |
84 | appropriate substitutions to the given proxy command. */ | 76 | * Build the final command string in the buffer by making the |
77 | * appropriate substitutions to the given proxy command. | ||
78 | * | ||
79 | * Use "exec" to avoid "sh -c" processes on some platforms | ||
80 | * (e.g. Solaris) | ||
81 | */ | ||
85 | buffer_init(&command); | 82 | buffer_init(&command); |
83 | buffer_append(&command, "exec ", 5); | ||
84 | |||
86 | for (cp = proxy_command; *cp; cp++) { | 85 | for (cp = proxy_command; *cp; cp++) { |
87 | if (cp[0] == '%' && cp[1] == '%') { | 86 | if (cp[0] == '%' && cp[1] == '%') { |
88 | buffer_append(&command, "%", 1); | 87 | buffer_append(&command, "%", 1); |
@@ -150,6 +149,8 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) | |||
150 | /* Parent. */ | 149 | /* Parent. */ |
151 | if (pid < 0) | 150 | if (pid < 0) |
152 | fatal("fork failed: %.100s", strerror(errno)); | 151 | fatal("fork failed: %.100s", strerror(errno)); |
152 | else | ||
153 | proxy_command_pid = pid; /* save pid to clean up later */ | ||
153 | 154 | ||
154 | /* Close child side of the descriptors. */ | 155 | /* Close child side of the descriptors. */ |
155 | close(pin[0]); | 156 | close(pin[0]); |
@@ -245,7 +246,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, | |||
245 | int sock = -1, attempt; | 246 | int sock = -1, attempt; |
246 | char ntop[NI_MAXHOST], strport[NI_MAXSERV]; | 247 | char ntop[NI_MAXHOST], strport[NI_MAXSERV]; |
247 | struct addrinfo hints, *ai, *aitop; | 248 | struct addrinfo hints, *ai, *aitop; |
248 | struct linger linger; | ||
249 | struct servent *sp; | 249 | struct servent *sp; |
250 | /* | 250 | /* |
251 | * Did we get only other errors than "Connection refused" (which | 251 | * Did we get only other errors than "Connection refused" (which |
@@ -314,9 +314,8 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, | |||
314 | } else { | 314 | } else { |
315 | if (errno == ECONNREFUSED) | 315 | if (errno == ECONNREFUSED) |
316 | full_failure = 0; | 316 | full_failure = 0; |
317 | log("ssh: connect to address %s port %s: %s", | 317 | debug("connect to address %s port %s: %s", |
318 | sockaddr_ntop(ai->ai_addr, ai->ai_addrlen), | 318 | ntop, strport, strerror(errno)); |
319 | strport, strerror(errno)); | ||
320 | /* | 319 | /* |
321 | * Close the failed socket; there appear to | 320 | * Close the failed socket; there appear to |
322 | * be some problems when reusing a socket for | 321 | * be some problems when reusing a socket for |
@@ -339,20 +338,14 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, | |||
339 | freeaddrinfo(aitop); | 338 | freeaddrinfo(aitop); |
340 | 339 | ||
341 | /* Return failure if we didn't get a successful connection. */ | 340 | /* Return failure if we didn't get a successful connection. */ |
342 | if (attempt >= connection_attempts) | 341 | if (attempt >= connection_attempts) { |
342 | log("ssh: connect to host %s port %s: %s", | ||
343 | host, strport, strerror(errno)); | ||
343 | return full_failure ? ECONNABORTED : ECONNREFUSED; | 344 | return full_failure ? ECONNABORTED : ECONNREFUSED; |
345 | } | ||
344 | 346 | ||
345 | debug("Connection established."); | 347 | debug("Connection established."); |
346 | 348 | ||
347 | /* | ||
348 | * Set socket options. We would like the socket to disappear as soon | ||
349 | * as it has been closed for whatever reason. | ||
350 | */ | ||
351 | /* setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */ | ||
352 | linger.l_onoff = 1; | ||
353 | linger.l_linger = 5; | ||
354 | setsockopt(sock, SOL_SOCKET, SO_LINGER, (void *)&linger, sizeof(linger)); | ||
355 | |||
356 | /* Set keepalives if requested. */ | 349 | /* Set keepalives if requested. */ |
357 | if (options.keepalives && | 350 | if (options.keepalives && |
358 | setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, | 351 | setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, |
@@ -508,7 +501,7 @@ confirm(const char *prompt) | |||
508 | (p[0] == '\0') || (p[0] == '\n') || | 501 | (p[0] == '\0') || (p[0] == '\n') || |
509 | strncasecmp(p, "no", 2) == 0) | 502 | strncasecmp(p, "no", 2) == 0) |
510 | ret = 0; | 503 | ret = 0; |
511 | if (strncasecmp(p, "yes", 3) == 0) | 504 | if (p && strncasecmp(p, "yes", 3) == 0) |
512 | ret = 1; | 505 | ret = 1; |
513 | if (p) | 506 | if (p) |
514 | xfree(p); | 507 | xfree(p); |
@@ -535,7 +528,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
535 | int salen; | 528 | int salen; |
536 | char ntop[NI_MAXHOST]; | 529 | char ntop[NI_MAXHOST]; |
537 | char msg[1024]; | 530 | char msg[1024]; |
538 | int len, host_line, ip_line; | 531 | int len, host_line, ip_line, has_keys; |
539 | const char *host_file = NULL, *ip_file = NULL; | 532 | const char *host_file = NULL, *ip_file = NULL; |
540 | 533 | ||
541 | /* | 534 | /* |
@@ -679,14 +672,19 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
679 | "have requested strict checking.", type, host); | 672 | "have requested strict checking.", type, host); |
680 | goto fail; | 673 | goto fail; |
681 | } else if (options.strict_host_key_checking == 2) { | 674 | } else if (options.strict_host_key_checking == 2) { |
675 | has_keys = show_other_keys(host, host_key); | ||
682 | /* The default */ | 676 | /* The default */ |
683 | fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); | 677 | fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); |
684 | snprintf(msg, sizeof(msg), | 678 | snprintf(msg, sizeof(msg), |
685 | "The authenticity of host '%.200s (%s)' can't be " | 679 | "The authenticity of host '%.200s (%s)' can't be " |
686 | "established.\n" | 680 | "established%s\n" |
687 | "%s key fingerprint is %s.\n" | 681 | "%s key fingerprint is %s.\n" |
688 | "Are you sure you want to continue connecting " | 682 | "Are you sure you want to continue connecting " |
689 | "(yes/no)? ", host, ip, type, fp); | 683 | "(yes/no)? ", |
684 | host, ip, | ||
685 | has_keys ? ",\nbut keys of different type are already " | ||
686 | "known for this host." : ".", | ||
687 | type, fp); | ||
690 | xfree(fp); | 688 | xfree(fp); |
691 | if (!confirm(msg)) | 689 | if (!confirm(msg)) |
692 | goto fail; | 690 | goto fail; |
@@ -789,6 +787,9 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | |||
789 | * accept the authentication. | 787 | * accept the authentication. |
790 | */ | 788 | */ |
791 | break; | 789 | break; |
790 | case HOST_FOUND: | ||
791 | fatal("internal error"); | ||
792 | break; | ||
792 | } | 793 | } |
793 | 794 | ||
794 | if (options.check_host_ip && host_status != HOST_CHANGED && | 795 | if (options.check_host_ip && host_status != HOST_CHANGED && |
@@ -900,3 +901,58 @@ ssh_put_password(char *password) | |||
900 | memset(padded, 0, size); | 901 | memset(padded, 0, size); |
901 | xfree(padded); | 902 | xfree(padded); |
902 | } | 903 | } |
904 | |||
905 | static int | ||
906 | show_key_from_file(const char *file, const char *host, int keytype) | ||
907 | { | ||
908 | Key *found; | ||
909 | char *fp; | ||
910 | int line, ret; | ||
911 | |||
912 | found = key_new(keytype); | ||
913 | if ((ret = lookup_key_in_hostfile_by_type(file, host, | ||
914 | keytype, found, &line))) { | ||
915 | fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX); | ||
916 | log("WARNING: %s key found for host %s\n" | ||
917 | "in %s:%d\n" | ||
918 | "%s key fingerprint %s.", | ||
919 | key_type(found), host, file, line, | ||
920 | key_type(found), fp); | ||
921 | xfree(fp); | ||
922 | } | ||
923 | key_free(found); | ||
924 | return (ret); | ||
925 | } | ||
926 | |||
927 | /* print all known host keys for a given host, but skip keys of given type */ | ||
928 | static int | ||
929 | show_other_keys(const char *host, Key *key) | ||
930 | { | ||
931 | int type[] = { KEY_RSA1, KEY_RSA, KEY_DSA, -1}; | ||
932 | int i, found = 0; | ||
933 | |||
934 | for (i = 0; type[i] != -1; i++) { | ||
935 | if (type[i] == key->type) | ||
936 | continue; | ||
937 | if (type[i] != KEY_RSA1 && | ||
938 | show_key_from_file(options.user_hostfile2, host, type[i])) { | ||
939 | found = 1; | ||
940 | continue; | ||
941 | } | ||
942 | if (type[i] != KEY_RSA1 && | ||
943 | show_key_from_file(options.system_hostfile2, host, type[i])) { | ||
944 | found = 1; | ||
945 | continue; | ||
946 | } | ||
947 | if (show_key_from_file(options.user_hostfile, host, type[i])) { | ||
948 | found = 1; | ||
949 | continue; | ||
950 | } | ||
951 | if (show_key_from_file(options.system_hostfile, host, type[i])) { | ||
952 | found = 1; | ||
953 | continue; | ||
954 | } | ||
955 | debug2("no key of type %d for host %s", type[i], host); | ||
956 | } | ||
957 | return (found); | ||
958 | } | ||
diff --git a/sshconnect1.c b/sshconnect1.c index e28b7fc72..2fc9a981a 100644 --- a/sshconnect1.c +++ b/sshconnect1.c | |||
@@ -13,7 +13,7 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: sshconnect1.c,v 1.51 2002/05/23 19:24:30 markus Exp $"); | 16 | RCSID("$OpenBSD: sshconnect1.c,v 1.52 2002/08/08 13:50:23 aaron Exp $"); |
17 | 17 | ||
18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
19 | #include <openssl/md5.h> | 19 | #include <openssl/md5.h> |
@@ -254,7 +254,7 @@ try_rsa_authentication(int idx) | |||
254 | * load the private key. Try first with empty passphrase; if it | 254 | * load the private key. Try first with empty passphrase; if it |
255 | * fails, ask for a passphrase. | 255 | * fails, ask for a passphrase. |
256 | */ | 256 | */ |
257 | if (public->flags && KEY_FLAG_EXT) | 257 | if (public->flags & KEY_FLAG_EXT) |
258 | private = public; | 258 | private = public; |
259 | else | 259 | else |
260 | private = key_load_private_type(KEY_RSA1, authfile, "", NULL); | 260 | private = key_load_private_type(KEY_RSA1, authfile, "", NULL); |
diff --git a/sshconnect2.c b/sshconnect2.c index 215f76ca2..703d0721f 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: sshconnect2.c,v 1.105 2002/06/23 03:30:17 deraadt Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.107 2002/07/01 19:48:46 markus Exp $"); |
27 | 27 | ||
28 | #include "ssh.h" | 28 | #include "ssh.h" |
29 | #include "ssh2.h" | 29 | #include "ssh2.h" |
@@ -95,10 +95,10 @@ ssh_kex2(char *host, struct sockaddr *hostaddr) | |||
95 | compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]); | 95 | compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]); |
96 | if (options.compression) { | 96 | if (options.compression) { |
97 | myproposal[PROPOSAL_COMP_ALGS_CTOS] = | 97 | myproposal[PROPOSAL_COMP_ALGS_CTOS] = |
98 | myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib"; | 98 | myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib,none"; |
99 | } else { | 99 | } else { |
100 | myproposal[PROPOSAL_COMP_ALGS_CTOS] = | 100 | myproposal[PROPOSAL_COMP_ALGS_CTOS] = |
101 | myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; | 101 | myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib"; |
102 | } | 102 | } |
103 | if (options.macs != NULL) { | 103 | if (options.macs != NULL) { |
104 | myproposal[PROPOSAL_MAC_ALGS_CTOS] = | 104 | myproposal[PROPOSAL_MAC_ALGS_CTOS] = |
@@ -422,7 +422,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) | |||
422 | clear_auth_state(authctxt); | 422 | clear_auth_state(authctxt); |
423 | dispatch_set(SSH2_MSG_USERAUTH_PK_OK, NULL); | 423 | dispatch_set(SSH2_MSG_USERAUTH_PK_OK, NULL); |
424 | 424 | ||
425 | /* try another method if we did not send a packet*/ | 425 | /* try another method if we did not send a packet */ |
426 | if (sent == 0) | 426 | if (sent == 0) |
427 | userauth(authctxt, NULL); | 427 | userauth(authctxt, NULL); |
428 | 428 | ||
@@ -947,9 +947,9 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp, | |||
947 | buffer_init(&b); | 947 | buffer_init(&b); |
948 | buffer_put_int(&b, packet_get_connection_in()); /* send # of socket */ | 948 | buffer_put_int(&b, packet_get_connection_in()); /* send # of socket */ |
949 | buffer_put_string(&b, data, datalen); | 949 | buffer_put_string(&b, data, datalen); |
950 | msg_send(to[1], version, &b); | 950 | ssh_msg_send(to[1], version, &b); |
951 | 951 | ||
952 | if (msg_recv(from[0], &b) < 0) { | 952 | if (ssh_msg_recv(from[0], &b) < 0) { |
953 | error("ssh_keysign: no reply"); | 953 | error("ssh_keysign: no reply"); |
954 | buffer_clear(&b); | 954 | buffer_clear(&b); |
955 | return -1; | 955 | return -1; |
@@ -115,7 +115,7 @@ DESCRIPTION | |||
115 | 115 | ||
116 | -g login_grace_time | 116 | -g login_grace_time |
117 | Gives the grace time for clients to authenticate themselves | 117 | Gives the grace time for clients to authenticate themselves |
118 | (default 600 seconds). If the client fails to authenticate the | 118 | (default 120 seconds). If the client fails to authenticate the |
119 | user within this many seconds, the server disconnects and exits. | 119 | user within this many seconds, the server disconnects and exits. |
120 | A value of zero indicates no limit. | 120 | A value of zero indicates no limit. |
121 | 121 | ||
@@ -206,7 +206,9 @@ LOGIN PROCESS | |||
206 | 206 | ||
207 | 5. Sets up basic environment. | 207 | 5. Sets up basic environment. |
208 | 208 | ||
209 | 6. Reads $HOME/.ssh/environment if it exists. | 209 | 6. Reads $HOME/.ssh/environment if it exists and users are |
210 | allowed to change their environment. See the | ||
211 | PermitUserEnvironment option in sshd_config(5). | ||
210 | 212 | ||
211 | 7. Changes to user's home directory. | 213 | 7. Changes to user's home directory. |
212 | 214 | ||
@@ -227,16 +229,16 @@ AUTHORIZED_KEYS FILE FORMAT | |||
227 | with a `#' are ignored as comments). Each RSA public key consists of the | 229 | with a `#' are ignored as comments). Each RSA public key consists of the |
228 | following fields, separated by spaces: options, bits, exponent, modulus, | 230 | following fields, separated by spaces: options, bits, exponent, modulus, |
229 | comment. Each protocol version 2 public key consists of: options, keyM-- | 231 | comment. Each protocol version 2 public key consists of: options, keyM-- |
230 | type, base64 encoded key, comment. The options fields are optional; its | 232 | type, base64 encoded key, comment. The options field is optional; its |
231 | presence is determined by whether the line starts with a number or not | 233 | presence is determined by whether the line starts with a number or not |
232 | (the option field never starts with a number). The bits, exponent, moduM-- | 234 | (the options field never starts with a number). The bits, exponent, modM-- |
233 | lus and comment fields give the RSA key for protocol version 1; the comM-- | 235 | ulus and comment fields give the RSA key for protocol version 1; the comM-- |
234 | ment field is not used for anything (but may be convenient for the user | 236 | ment field is not used for anything (but may be convenient for the user |
235 | to identify the key). For protocol version 2 the keytype is ``ssh-dss'' | 237 | to identify the key). For protocol version 2 the keytype is ``ssh-dss'' |
236 | or ``ssh-rsa''. | 238 | or ``ssh-rsa''. |
237 | 239 | ||
238 | Note that lines in this file are usually several hundred bytes long | 240 | Note that lines in this file are usually several hundred bytes long |
239 | (because of the size of the RSA key modulus). You don't want to type | 241 | (because of the size of the public key encoding). You don't want to type |
240 | them in; instead, copy the identity.pub, id_dsa.pub or the id_rsa.pub | 242 | them in; instead, copy the identity.pub, id_dsa.pub or the id_rsa.pub |
241 | file and edit it. | 243 | file and edit it. |
242 | 244 | ||
@@ -249,18 +251,19 @@ AUTHORIZED_KEYS FILE FORMAT | |||
249 | case-insensitive): | 251 | case-insensitive): |
250 | 252 | ||
251 | from="pattern-list" | 253 | from="pattern-list" |
252 | Specifies that in addition to RSA authentication, the canonical | 254 | Specifies that in addition to public key authentication, the |
253 | name of the remote host must be present in the comma-separated | 255 | canonical name of the remote host must be present in the comma- |
254 | list of patterns (`*' and `'? serve as wildcards). The list may | 256 | separated list of patterns (`*' and `'? serve as wildcards). |
255 | also contain patterns negated by prefixing them with `'!; if the | 257 | The list may also contain patterns negated by prefixing them with |
256 | canonical host name matches a negated pattern, the key is not | 258 | `'!; if the canonical host name matches a negated pattern, the |
257 | accepted. The purpose of this option is to optionally increase | 259 | key is not accepted. The purpose of this option is to optionally |
258 | security: RSA authentication by itself does not trust the network | 260 | increase security: public key authentication by itself does not |
259 | or name servers or anything (but the key); however, if somebody | 261 | trust the network or name servers or anything (but the key); howM-- |
260 | somehow steals the key, the key permits an intruder to log in | 262 | ever, if somebody somehow steals the key, the key permits an |
261 | from anywhere in the world. This additional option makes using a | 263 | intruder to log in from anywhere in the world. This additional |
262 | stolen key more difficult (name servers and/or routers would have | 264 | option makes using a stolen key more difficult (name servers |
263 | to be compromised in addition to just the key). | 265 | and/or routers would have to be compromised in addition to just |
266 | the key). | ||
264 | 267 | ||
265 | command="command" | 268 | command="command" |
266 | Specifies that the command is executed whenever this key is used | 269 | Specifies that the command is executed whenever this key is used |
@@ -269,9 +272,9 @@ AUTHORIZED_KEYS FILE FORMAT | |||
269 | pty; otherwise it is run without a tty. If a 8-bit clean channel | 272 | pty; otherwise it is run without a tty. If a 8-bit clean channel |
270 | is required, one must not request a pty or should specify no-pty. | 273 | is required, one must not request a pty or should specify no-pty. |
271 | A quote may be included in the command by quoting it with a backM-- | 274 | A quote may be included in the command by quoting it with a backM-- |
272 | slash. This option might be useful to restrict certain RSA keys | 275 | slash. This option might be useful to restrict certain public |
273 | to perform just a specific operation. An example might be a key | 276 | keys to perform just a specific operation. An example might be a |
274 | that permits remote backups but nothing else. Note that the | 277 | key that permits remote backups but nothing else. Note that the |
275 | client may specify TCP/IP and/or X11 forwarding unless they are | 278 | client may specify TCP/IP and/or X11 forwarding unless they are |
276 | explicitly prohibited. Note that this option applies to shell, | 279 | explicitly prohibited. Note that this option applies to shell, |
277 | command or subsystem execution. | 280 | command or subsystem execution. |
@@ -280,8 +283,9 @@ AUTHORIZED_KEYS FILE FORMAT | |||
280 | Specifies that the string is to be added to the environment when | 283 | Specifies that the string is to be added to the environment when |
281 | logging in using this key. Environment variables set this way | 284 | logging in using this key. Environment variables set this way |
282 | override other default environment values. Multiple options of | 285 | override other default environment values. Multiple options of |
283 | this type are permitted. This option is automatically disabled | 286 | this type are permitted. Environment processing is disabled by |
284 | if UseLogin is enabled. | 287 | default and is controlled via the PermitUserEnvironment option. |
288 | This option is automatically disabled if UseLogin is enabled. | ||
285 | 289 | ||
286 | no-port-forwarding | 290 | no-port-forwarding |
287 | Forbids TCP/IP forwarding when this key is used for authenticaM-- | 291 | Forbids TCP/IP forwarding when this key is used for authenticaM-- |
@@ -381,7 +385,7 @@ FILES | |||
381 | 385 | ||
382 | /etc/moduli | 386 | /etc/moduli |
383 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group | 387 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group |
384 | Exchange". | 388 | Exchange". The file format is described in moduli(5). |
385 | 389 | ||
386 | /var/empty | 390 | /var/empty |
387 | chroot(2) directory used by sshd during privilege separation in | 391 | chroot(2) directory used by sshd during privilege separation in |
@@ -478,7 +482,8 @@ FILES | |||
478 | It can only contain empty lines, comment lines (that start with | 482 | It can only contain empty lines, comment lines (that start with |
479 | `#'), and assignment lines of the form name=value. The file | 483 | `#'), and assignment lines of the form name=value. The file |
480 | should be writable only by the user; it need not be readable by | 484 | should be writable only by the user; it need not be readable by |
481 | anyone else. | 485 | anyone else. Environment processing is disabled by default and |
486 | is controlled via the PermitUserEnvironment option. | ||
482 | 487 | ||
483 | $HOME/.ssh/rc | 488 | $HOME/.ssh/rc |
484 | If this file exists, it is run with /bin/sh after reading the | 489 | If this file exists, it is run with /bin/sh after reading the |
@@ -500,12 +505,12 @@ FILES | |||
500 | if read proto cookie && [ -n "$DISPLAY" ]; then | 505 | if read proto cookie && [ -n "$DISPLAY" ]; then |
501 | if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then | 506 | if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then |
502 | # X11UseLocalhost=yes | 507 | # X11UseLocalhost=yes |
503 | xauth add unix:`echo $DISPLAY | | 508 | echo add unix:`echo $DISPLAY | |
504 | cut -c11-` $proto $cookie | 509 | cut -c11-` $proto $cookie |
505 | else | 510 | else |
506 | # X11UseLocalhost=no | 511 | # X11UseLocalhost=no |
507 | xauth add $DISPLAY $proto $cookie | 512 | echo add $DISPLAY $proto $cookie |
508 | fi | 513 | fi | xauth -q - |
509 | fi | 514 | fi |
510 | 515 | ||
511 | If this file does not exist, /etc/ssh/sshrc is run, and if that | 516 | If this file does not exist, /etc/ssh/sshrc is run, and if that |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.186 2002/06/22 16:45:29 stevesk Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.193 2002/09/24 20:59:44 todd Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
@@ -203,7 +203,7 @@ The default is | |||
203 | refuses to start if there is no configuration file. | 203 | refuses to start if there is no configuration file. |
204 | .It Fl g Ar login_grace_time | 204 | .It Fl g Ar login_grace_time |
205 | Gives the grace time for clients to authenticate themselves (default | 205 | Gives the grace time for clients to authenticate themselves (default |
206 | 600 seconds). | 206 | 120 seconds). |
207 | If the client fails to authenticate the user within | 207 | If the client fails to authenticate the user within |
208 | this many seconds, the server disconnects and exits. | 208 | this many seconds, the server disconnects and exits. |
209 | A value of zero indicates no limit. | 209 | A value of zero indicates no limit. |
@@ -353,7 +353,11 @@ Sets up basic environment. | |||
353 | .It | 353 | .It |
354 | Reads | 354 | Reads |
355 | .Pa $HOME/.ssh/environment | 355 | .Pa $HOME/.ssh/environment |
356 | if it exists. | 356 | if it exists and users are allowed to change their environment. |
357 | See the | ||
358 | .Cm PermitUserEnvironment | ||
359 | option in | ||
360 | .Xr sshd_config 5 . | ||
357 | .It | 361 | .It |
358 | Changes to user's home directory. | 362 | Changes to user's home directory. |
359 | .It | 363 | .It |
@@ -388,9 +392,9 @@ Each RSA public key consists of the following fields, separated by | |||
388 | spaces: options, bits, exponent, modulus, comment. | 392 | spaces: options, bits, exponent, modulus, comment. |
389 | Each protocol version 2 public key consists of: | 393 | Each protocol version 2 public key consists of: |
390 | options, keytype, base64 encoded key, comment. | 394 | options, keytype, base64 encoded key, comment. |
391 | The options fields | 395 | The options field |
392 | are optional; its presence is determined by whether the line starts | 396 | is optional; its presence is determined by whether the line starts |
393 | with a number or not (the option field never starts with a number). | 397 | with a number or not (the options field never starts with a number). |
394 | The bits, exponent, modulus and comment fields give the RSA key for | 398 | The bits, exponent, modulus and comment fields give the RSA key for |
395 | protocol version 1; the | 399 | protocol version 1; the |
396 | comment field is not used for anything (but may be convenient for the | 400 | comment field is not used for anything (but may be convenient for the |
@@ -401,7 +405,7 @@ or | |||
401 | .Dq ssh-rsa . | 405 | .Dq ssh-rsa . |
402 | .Pp | 406 | .Pp |
403 | Note that lines in this file are usually several hundred bytes long | 407 | Note that lines in this file are usually several hundred bytes long |
404 | (because of the size of the RSA key modulus). | 408 | (because of the size of the public key encoding). |
405 | You don't want to type them in; instead, copy the | 409 | You don't want to type them in; instead, copy the |
406 | .Pa identity.pub , | 410 | .Pa identity.pub , |
407 | .Pa id_dsa.pub | 411 | .Pa id_dsa.pub |
@@ -420,7 +424,7 @@ The following option specifications are supported (note | |||
420 | that option keywords are case-insensitive): | 424 | that option keywords are case-insensitive): |
421 | .Bl -tag -width Ds | 425 | .Bl -tag -width Ds |
422 | .It Cm from="pattern-list" | 426 | .It Cm from="pattern-list" |
423 | Specifies that in addition to RSA authentication, the canonical name | 427 | Specifies that in addition to public key authentication, the canonical name |
424 | of the remote host must be present in the comma-separated list of | 428 | of the remote host must be present in the comma-separated list of |
425 | patterns | 429 | patterns |
426 | .Pf ( Ql * | 430 | .Pf ( Ql * |
@@ -432,7 +436,7 @@ patterns negated by prefixing them with | |||
432 | .Ql ! ; | 436 | .Ql ! ; |
433 | if the canonical host name matches a negated pattern, the key is not accepted. | 437 | if the canonical host name matches a negated pattern, the key is not accepted. |
434 | The purpose | 438 | The purpose |
435 | of this option is to optionally increase security: RSA authentication | 439 | of this option is to optionally increase security: public key authentication |
436 | by itself does not trust the network or name servers or anything (but | 440 | by itself does not trust the network or name servers or anything (but |
437 | the key); however, if somebody somehow steals the key, the key | 441 | the key); however, if somebody somehow steals the key, the key |
438 | permits an intruder to log in from anywhere in the world. | 442 | permits an intruder to log in from anywhere in the world. |
@@ -450,7 +454,7 @@ one must not request a pty or should specify | |||
450 | .Cm no-pty . | 454 | .Cm no-pty . |
451 | A quote may be included in the command by quoting it with a backslash. | 455 | A quote may be included in the command by quoting it with a backslash. |
452 | This option might be useful | 456 | This option might be useful |
453 | to restrict certain RSA keys to perform just a specific operation. | 457 | to restrict certain public keys to perform just a specific operation. |
454 | An example might be a key that permits remote backups but nothing else. | 458 | An example might be a key that permits remote backups but nothing else. |
455 | Note that the client may specify TCP/IP and/or X11 | 459 | Note that the client may specify TCP/IP and/or X11 |
456 | forwarding unless they are explicitly prohibited. | 460 | forwarding unless they are explicitly prohibited. |
@@ -461,6 +465,10 @@ logging in using this key. | |||
461 | Environment variables set this way | 465 | Environment variables set this way |
462 | override other default environment values. | 466 | override other default environment values. |
463 | Multiple options of this type are permitted. | 467 | Multiple options of this type are permitted. |
468 | Environment processing is disabled by default and is | ||
469 | controlled via the | ||
470 | .Cm PermitUserEnvironment | ||
471 | option. | ||
464 | This option is automatically disabled if | 472 | This option is automatically disabled if |
465 | .Cm UseLogin | 473 | .Cm UseLogin |
466 | is enabled. | 474 | is enabled. |
@@ -581,6 +589,8 @@ These files are created using | |||
581 | .Xr ssh-keygen 1 . | 589 | .Xr ssh-keygen 1 . |
582 | .It Pa /etc/moduli | 590 | .It Pa /etc/moduli |
583 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". | 591 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". |
592 | The file format is described in | ||
593 | .Xr moduli 5 . | ||
584 | .It Pa /var/empty | 594 | .It Pa /var/empty |
585 | .Xr chroot 2 | 595 | .Xr chroot 2 |
586 | directory used by | 596 | directory used by |
@@ -701,6 +711,10 @@ It can only contain empty lines, comment lines (that start with | |||
701 | and assignment lines of the form name=value. | 711 | and assignment lines of the form name=value. |
702 | The file should be writable | 712 | The file should be writable |
703 | only by the user; it need not be readable by anyone else. | 713 | only by the user; it need not be readable by anyone else. |
714 | Environment processing is disabled by default and is | ||
715 | controlled via the | ||
716 | .Cm PermitUserEnvironment | ||
717 | option. | ||
704 | .It Pa $HOME/.ssh/rc | 718 | .It Pa $HOME/.ssh/rc |
705 | If this file exists, it is run with /bin/sh after reading the | 719 | If this file exists, it is run with /bin/sh after reading the |
706 | environment files but before starting the user's shell or command. | 720 | environment files but before starting the user's shell or command. |
@@ -726,12 +740,12 @@ something similar to: | |||
726 | if read proto cookie && [ -n "$DISPLAY" ]; then | 740 | if read proto cookie && [ -n "$DISPLAY" ]; then |
727 | if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then | 741 | if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then |
728 | # X11UseLocalhost=yes | 742 | # X11UseLocalhost=yes |
729 | xauth add unix:`echo $DISPLAY | | 743 | echo add unix:`echo $DISPLAY | |
730 | cut -c11-` $proto $cookie | 744 | cut -c11-` $proto $cookie |
731 | else | 745 | else |
732 | # X11UseLocalhost=no | 746 | # X11UseLocalhost=no |
733 | xauth add $DISPLAY $proto $cookie | 747 | echo add $DISPLAY $proto $cookie |
734 | fi | 748 | fi | xauth -q - |
735 | fi | 749 | fi |
736 | .Ed | 750 | .Ed |
737 | .Pp | 751 | .Pp |
@@ -42,7 +42,7 @@ | |||
42 | */ | 42 | */ |
43 | 43 | ||
44 | #include "includes.h" | 44 | #include "includes.h" |
45 | RCSID("$OpenBSD: sshd.c,v 1.251 2002/06/25 18:51:04 markus Exp $"); | 45 | RCSID("$OpenBSD: sshd.c,v 1.260 2002/09/27 10:42:09 mickey Exp $"); |
46 | 46 | ||
47 | #include <openssl/dh.h> | 47 | #include <openssl/dh.h> |
48 | #include <openssl/bn.h> | 48 | #include <openssl/bn.h> |
@@ -303,11 +303,8 @@ grace_alarm_handler(int sig) | |||
303 | { | 303 | { |
304 | /* XXX no idea how fix this signal handler */ | 304 | /* XXX no idea how fix this signal handler */ |
305 | 305 | ||
306 | /* Close the connection. */ | ||
307 | packet_close(); | ||
308 | |||
309 | /* Log error and exit. */ | 306 | /* Log error and exit. */ |
310 | fatal("Timeout before authentication for %s.", get_remote_ipaddr()); | 307 | fatal("Timeout before authentication for %s", get_remote_ipaddr()); |
311 | } | 308 | } |
312 | 309 | ||
313 | /* | 310 | /* |
@@ -320,7 +317,7 @@ grace_alarm_handler(int sig) | |||
320 | static void | 317 | static void |
321 | generate_ephemeral_server_key(void) | 318 | generate_ephemeral_server_key(void) |
322 | { | 319 | { |
323 | u_int32_t rand = 0; | 320 | u_int32_t rnd = 0; |
324 | int i; | 321 | int i; |
325 | 322 | ||
326 | verbose("Generating %s%d bit RSA key.", | 323 | verbose("Generating %s%d bit RSA key.", |
@@ -333,9 +330,9 @@ generate_ephemeral_server_key(void) | |||
333 | 330 | ||
334 | for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { | 331 | for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) { |
335 | if (i % 4 == 0) | 332 | if (i % 4 == 0) |
336 | rand = arc4random(); | 333 | rnd = arc4random(); |
337 | sensitive_data.ssh1_cookie[i] = rand & 0xff; | 334 | sensitive_data.ssh1_cookie[i] = rnd & 0xff; |
338 | rand >>= 8; | 335 | rnd >>= 8; |
339 | } | 336 | } |
340 | arc4random_stir(); | 337 | arc4random_stir(); |
341 | } | 338 | } |
@@ -427,6 +424,12 @@ sshd_exchange_identification(int sock_in, int sock_out) | |||
427 | 424 | ||
428 | compat_datafellows(remote_version); | 425 | compat_datafellows(remote_version); |
429 | 426 | ||
427 | if (datafellows & SSH_BUG_PROBE) { | ||
428 | log("probed from %s with %s. Don't panic.", | ||
429 | get_remote_ipaddr(), client_version_string); | ||
430 | fatal_cleanup(); | ||
431 | } | ||
432 | |||
430 | if (datafellows & SSH_BUG_SCANNER) { | 433 | if (datafellows & SSH_BUG_SCANNER) { |
431 | log("scanned from %s with %s. Don't panic.", | 434 | log("scanned from %s with %s. Don't panic.", |
432 | get_remote_ipaddr(), client_version_string); | 435 | get_remote_ipaddr(), client_version_string); |
@@ -529,8 +532,8 @@ demote_sensitive_data(void) | |||
529 | static void | 532 | static void |
530 | privsep_preauth_child(void) | 533 | privsep_preauth_child(void) |
531 | { | 534 | { |
532 | u_int32_t rand[256]; | 535 | u_int32_t rnd[256]; |
533 | gid_t gidset[2]; | 536 | gid_t gidset[1]; |
534 | struct passwd *pw; | 537 | struct passwd *pw; |
535 | int i; | 538 | int i; |
536 | 539 | ||
@@ -538,8 +541,8 @@ privsep_preauth_child(void) | |||
538 | privsep_challenge_enable(); | 541 | privsep_challenge_enable(); |
539 | 542 | ||
540 | for (i = 0; i < 256; i++) | 543 | for (i = 0; i < 256; i++) |
541 | rand[i] = arc4random(); | 544 | rnd[i] = arc4random(); |
542 | RAND_seed(rand, sizeof(rand)); | 545 | RAND_seed(rnd, sizeof(rnd)); |
543 | 546 | ||
544 | /* Demote the private keys to public keys. */ | 547 | /* Demote the private keys to public keys. */ |
545 | demote_sensitive_data(); | 548 | demote_sensitive_data(); |
@@ -550,7 +553,7 @@ privsep_preauth_child(void) | |||
550 | memset(pw->pw_passwd, 0, strlen(pw->pw_passwd)); | 553 | memset(pw->pw_passwd, 0, strlen(pw->pw_passwd)); |
551 | endpwent(); | 554 | endpwent(); |
552 | 555 | ||
553 | /* Change our root directory*/ | 556 | /* Change our root directory */ |
554 | if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) | 557 | if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) |
555 | fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, | 558 | fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, |
556 | strerror(errno)); | 559 | strerror(errno)); |
@@ -573,7 +576,7 @@ privsep_preauth_child(void) | |||
573 | #endif | 576 | #endif |
574 | } | 577 | } |
575 | 578 | ||
576 | static Authctxt* | 579 | static Authctxt * |
577 | privsep_preauth(void) | 580 | privsep_preauth(void) |
578 | { | 581 | { |
579 | Authctxt *authctxt = NULL; | 582 | Authctxt *authctxt = NULL; |
@@ -589,6 +592,8 @@ privsep_preauth(void) | |||
589 | if (pid == -1) { | 592 | if (pid == -1) { |
590 | fatal("fork of unprivileged child failed"); | 593 | fatal("fork of unprivileged child failed"); |
591 | } else if (pid != 0) { | 594 | } else if (pid != 0) { |
595 | fatal_remove_cleanup((void (*) (void *)) packet_close, NULL); | ||
596 | |||
592 | debug2("Network child is on pid %ld", (long)pid); | 597 | debug2("Network child is on pid %ld", (long)pid); |
593 | 598 | ||
594 | close(pmonitor->m_recvfd); | 599 | close(pmonitor->m_recvfd); |
@@ -602,6 +607,10 @@ privsep_preauth(void) | |||
602 | while (waitpid(pid, &status, 0) < 0) | 607 | while (waitpid(pid, &status, 0) < 0) |
603 | if (errno != EINTR) | 608 | if (errno != EINTR) |
604 | break; | 609 | break; |
610 | |||
611 | /* Reinstall, since the child has finished */ | ||
612 | fatal_add_cleanup((void (*) (void *)) packet_close, NULL); | ||
613 | |||
605 | return (authctxt); | 614 | return (authctxt); |
606 | } else { | 615 | } else { |
607 | /* child */ | 616 | /* child */ |
@@ -624,7 +633,7 @@ privsep_postauth(Authctxt *authctxt) | |||
624 | /* XXX - Remote port forwarding */ | 633 | /* XXX - Remote port forwarding */ |
625 | x_authctxt = authctxt; | 634 | x_authctxt = authctxt; |
626 | 635 | ||
627 | #ifdef BROKEN_FD_PASSING | 636 | #ifdef DISABLE_FD_PASSING |
628 | if (1) { | 637 | if (1) { |
629 | #else | 638 | #else |
630 | if (authctxt->pw->pw_uid == 0 || options.use_login) { | 639 | if (authctxt->pw->pw_uid == 0 || options.use_login) { |
@@ -649,6 +658,8 @@ privsep_postauth(Authctxt *authctxt) | |||
649 | if (pmonitor->m_pid == -1) | 658 | if (pmonitor->m_pid == -1) |
650 | fatal("fork of unprivileged child failed"); | 659 | fatal("fork of unprivileged child failed"); |
651 | else if (pmonitor->m_pid != 0) { | 660 | else if (pmonitor->m_pid != 0) { |
661 | fatal_remove_cleanup((void (*) (void *)) packet_close, NULL); | ||
662 | |||
652 | debug2("User child is on pid %ld", (long)pmonitor->m_pid); | 663 | debug2("User child is on pid %ld", (long)pmonitor->m_pid); |
653 | close(pmonitor->m_recvfd); | 664 | close(pmonitor->m_recvfd); |
654 | monitor_child_postauth(pmonitor); | 665 | monitor_child_postauth(pmonitor); |
@@ -801,7 +812,6 @@ main(int ac, char **av) | |||
801 | const char *remote_ip; | 812 | const char *remote_ip; |
802 | int remote_port; | 813 | int remote_port; |
803 | FILE *f; | 814 | FILE *f; |
804 | struct linger linger; | ||
805 | struct addrinfo *ai; | 815 | struct addrinfo *ai; |
806 | char ntop[NI_MAXHOST], strport[NI_MAXSERV]; | 816 | char ntop[NI_MAXHOST], strport[NI_MAXSERV]; |
807 | int listen_sock, maxfd; | 817 | int listen_sock, maxfd; |
@@ -911,6 +921,10 @@ main(int ac, char **av) | |||
911 | break; | 921 | break; |
912 | case 'u': | 922 | case 'u': |
913 | utmp_len = atoi(optarg); | 923 | utmp_len = atoi(optarg); |
924 | if (utmp_len > MAXHOSTNAMELEN) { | ||
925 | fprintf(stderr, "Invalid utmp length.\n"); | ||
926 | exit(1); | ||
927 | } | ||
914 | break; | 928 | break; |
915 | case 'o': | 929 | case 'o': |
916 | if (process_server_config_line(&options, optarg, | 930 | if (process_server_config_line(&options, optarg, |
@@ -937,7 +951,7 @@ main(int ac, char **av) | |||
937 | SYSLOG_FACILITY_AUTH : options.log_facility, | 951 | SYSLOG_FACILITY_AUTH : options.log_facility, |
938 | !inetd_flag); | 952 | !inetd_flag); |
939 | 953 | ||
940 | #ifdef _CRAY | 954 | #ifdef _UNICOS |
941 | /* Cray can define user privs drop all prives now! | 955 | /* Cray can define user privs drop all prives now! |
942 | * Not needed on PRIV_SU systems! | 956 | * Not needed on PRIV_SU systems! |
943 | */ | 957 | */ |
@@ -961,7 +975,8 @@ main(int ac, char **av) | |||
961 | debug("sshd version %.100s", SSH_VERSION); | 975 | debug("sshd version %.100s", SSH_VERSION); |
962 | 976 | ||
963 | /* load private host keys */ | 977 | /* load private host keys */ |
964 | sensitive_data.host_keys = xmalloc(options.num_host_key_files*sizeof(Key*)); | 978 | sensitive_data.host_keys = xmalloc(options.num_host_key_files * |
979 | sizeof(Key *)); | ||
965 | for (i = 0; i < options.num_host_key_files; i++) | 980 | for (i = 0; i < options.num_host_key_files; i++) |
966 | sensitive_data.host_keys[i] = NULL; | 981 | sensitive_data.host_keys[i] = NULL; |
967 | sensitive_data.server_key = NULL; | 982 | sensitive_data.server_key = NULL; |
@@ -1040,7 +1055,14 @@ main(int ac, char **av) | |||
1040 | (S_ISDIR(st.st_mode) == 0)) | 1055 | (S_ISDIR(st.st_mode) == 0)) |
1041 | fatal("Missing privilege separation directory: %s", | 1056 | fatal("Missing privilege separation directory: %s", |
1042 | _PATH_PRIVSEP_CHROOT_DIR); | 1057 | _PATH_PRIVSEP_CHROOT_DIR); |
1058 | |||
1059 | #ifdef HAVE_CYGWIN | ||
1060 | if (check_ntsec(_PATH_PRIVSEP_CHROOT_DIR) && | ||
1061 | (st.st_uid != getuid () || | ||
1062 | (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)) | ||
1063 | #else | ||
1043 | if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) | 1064 | if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) |
1065 | #endif | ||
1044 | fatal("Bad owner or mode for %s", | 1066 | fatal("Bad owner or mode for %s", |
1045 | _PATH_PRIVSEP_CHROOT_DIR); | 1067 | _PATH_PRIVSEP_CHROOT_DIR); |
1046 | } | 1068 | } |
@@ -1140,17 +1162,12 @@ main(int ac, char **av) | |||
1140 | continue; | 1162 | continue; |
1141 | } | 1163 | } |
1142 | /* | 1164 | /* |
1143 | * Set socket options. We try to make the port | 1165 | * Set socket options. |
1144 | * reusable and have it close as fast as possible | 1166 | * Allow local port reuse in TIME_WAIT. |
1145 | * without waiting in unnecessary wait states on | ||
1146 | * close. | ||
1147 | */ | 1167 | */ |
1148 | setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, | 1168 | if (setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, |
1149 | &on, sizeof(on)); | 1169 | &on, sizeof(on)) == -1) |
1150 | linger.l_onoff = 1; | 1170 | error("setsockopt SO_REUSEADDR: %s", strerror(errno)); |
1151 | linger.l_linger = 5; | ||
1152 | setsockopt(listen_sock, SOL_SOCKET, SO_LINGER, | ||
1153 | &linger, sizeof(linger)); | ||
1154 | 1171 | ||
1155 | debug("Bind to port %s on %s.", strport, ntop); | 1172 | debug("Bind to port %s on %s.", strport, ntop); |
1156 | 1173 | ||
@@ -1399,16 +1416,6 @@ main(int ac, char **av) | |||
1399 | signal(SIGCHLD, SIG_DFL); | 1416 | signal(SIGCHLD, SIG_DFL); |
1400 | signal(SIGINT, SIG_DFL); | 1417 | signal(SIGINT, SIG_DFL); |
1401 | 1418 | ||
1402 | /* | ||
1403 | * Set socket options for the connection. We want the socket to | ||
1404 | * close as fast as possible without waiting for anything. If the | ||
1405 | * connection is not a socket, these will do nothing. | ||
1406 | */ | ||
1407 | /* setsockopt(sock_in, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */ | ||
1408 | linger.l_onoff = 1; | ||
1409 | linger.l_linger = 5; | ||
1410 | setsockopt(sock_in, SOL_SOCKET, SO_LINGER, &linger, sizeof(linger)); | ||
1411 | |||
1412 | /* Set keepalives if requested. */ | 1419 | /* Set keepalives if requested. */ |
1413 | if (options.keepalives && | 1420 | if (options.keepalives && |
1414 | setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, | 1421 | setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, |
@@ -1596,7 +1603,7 @@ do_ssh1_kex(void) | |||
1596 | u_char session_key[SSH_SESSION_KEY_LENGTH]; | 1603 | u_char session_key[SSH_SESSION_KEY_LENGTH]; |
1597 | u_char cookie[8]; | 1604 | u_char cookie[8]; |
1598 | u_int cipher_type, auth_mask, protocol_flags; | 1605 | u_int cipher_type, auth_mask, protocol_flags; |
1599 | u_int32_t rand = 0; | 1606 | u_int32_t rnd = 0; |
1600 | 1607 | ||
1601 | /* | 1608 | /* |
1602 | * Generate check bytes that the client must send back in the user | 1609 | * Generate check bytes that the client must send back in the user |
@@ -1609,9 +1616,9 @@ do_ssh1_kex(void) | |||
1609 | */ | 1616 | */ |
1610 | for (i = 0; i < 8; i++) { | 1617 | for (i = 0; i < 8; i++) { |
1611 | if (i % 4 == 0) | 1618 | if (i % 4 == 0) |
1612 | rand = arc4random(); | 1619 | rnd = arc4random(); |
1613 | cookie[i] = rand & 0xff; | 1620 | cookie[i] = rnd & 0xff; |
1614 | rand >>= 8; | 1621 | rnd >>= 8; |
1615 | } | 1622 | } |
1616 | 1623 | ||
1617 | /* | 1624 | /* |
diff --git a/sshd_config b/sshd_config index d57346bef..36429c9d0 100644 --- a/sshd_config +++ b/sshd_config | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $ | 1 | # $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $ |
2 | 2 | ||
3 | # This is the sshd server system-wide configuration file. See | 3 | # This is the sshd server system-wide configuration file. See |
4 | # sshd_config(5) for more information. | 4 | # sshd_config(5) for more information. |
@@ -32,7 +32,7 @@ | |||
32 | 32 | ||
33 | # Authentication: | 33 | # Authentication: |
34 | 34 | ||
35 | #LoginGraceTime 600 | 35 | #LoginGraceTime 120 |
36 | #PermitRootLogin yes | 36 | #PermitRootLogin yes |
37 | #StrictModes yes | 37 | #StrictModes yes |
38 | 38 | ||
@@ -71,7 +71,7 @@ | |||
71 | 71 | ||
72 | # Set this to 'yes' to enable PAM keyboard-interactive authentication | 72 | # Set this to 'yes' to enable PAM keyboard-interactive authentication |
73 | # Warning: enabling this may bypass the setting of 'PasswordAuthentication' | 73 | # Warning: enabling this may bypass the setting of 'PasswordAuthentication' |
74 | #PAMAuthenticationViaKbdInt yes | 74 | #PAMAuthenticationViaKbdInt no |
75 | 75 | ||
76 | #X11Forwarding no | 76 | #X11Forwarding no |
77 | #X11DisplayOffset 10 | 77 | #X11DisplayOffset 10 |
@@ -81,6 +81,7 @@ | |||
81 | #KeepAlive yes | 81 | #KeepAlive yes |
82 | #UseLogin no | 82 | #UseLogin no |
83 | #UsePrivilegeSeparation yes | 83 | #UsePrivilegeSeparation yes |
84 | #PermitUserEnvironment no | ||
84 | #Compression yes | 85 | #Compression yes |
85 | 86 | ||
86 | #MaxStartups 10 | 87 | #MaxStartups 10 |
diff --git a/sshd_config.0 b/sshd_config.0 index 720cc3f80..a4e31be0f 100644 --- a/sshd_config.0 +++ b/sshd_config.0 | |||
@@ -219,7 +219,7 @@ DESCRIPTION | |||
219 | LoginGraceTime | 219 | LoginGraceTime |
220 | The server disconnects after this time if the user has not sucM-- | 220 | The server disconnects after this time if the user has not sucM-- |
221 | cessfully logged in. If the value is 0, there is no time limit. | 221 | cessfully logged in. If the value is 0, there is no time limit. |
222 | The default is 600 (seconds). | 222 | The default is 120 seconds. |
223 | 223 | ||
224 | LogLevel | 224 | LogLevel |
225 | Gives the verbosity level that is used when logging messages from | 225 | Gives the verbosity level that is used when logging messages from |
@@ -280,6 +280,13 @@ DESCRIPTION | |||
280 | 280 | ||
281 | If this option is set to ``no'' root is not allowed to login. | 281 | If this option is set to ``no'' root is not allowed to login. |
282 | 282 | ||
283 | PermitUserEnvironment | ||
284 | Specifies whether ~/.ssh/environment and environment= options in | ||
285 | ~/.ssh/authorized_keys are processed by sshd. The default is | ||
286 | ``no''. Enabling environment processing may enable users to | ||
287 | bypass access restrictions in some configurations using mechaM-- | ||
288 | nisms such as LD_PRELOAD. | ||
289 | |||
283 | PidFile | 290 | PidFile |
284 | Specifies the file that contains the process ID of the sshd daeM-- | 291 | Specifies the file that contains the process ID of the sshd daeM-- |
285 | mon. The default is /var/run/sshd.pid. | 292 | mon. The default is /var/run/sshd.pid. |
@@ -298,9 +305,12 @@ DESCRIPTION | |||
298 | /etc/profile, or equivalent.) The default is ``yes''. | 305 | /etc/profile, or equivalent.) The default is ``yes''. |
299 | 306 | ||
300 | Protocol | 307 | Protocol |
301 | Specifies the protocol versions sshd should support. The possiM-- | 308 | Specifies the protocol versions sshd supports. The possible valM-- |
302 | ble values are ``1'' and ``2''. Multiple versions must be comma- | 309 | ues are ``1'' and ``2''. Multiple versions must be comma-sepaM-- |
303 | separated. The default is ``2,1''. | 310 | rated. The default is ``2,1''. Note that the order of the proM-- |
311 | tocol list does not indicate preference, because the client | ||
312 | selects among multiple protocol versions offered by the server. | ||
313 | Specifying ``2,1'' is identical to ``1,2''. | ||
304 | 314 | ||
305 | PubkeyAuthentication | 315 | PubkeyAuthentication |
306 | Specifies whether public key authentication is allowed. The | 316 | Specifies whether public key authentication is allowed. The |
@@ -380,11 +390,26 @@ DESCRIPTION | |||
380 | servers. The default is 10. | 390 | servers. The default is 10. |
381 | 391 | ||
382 | X11Forwarding | 392 | X11Forwarding |
383 | Specifies whether X11 forwarding is permitted. The default is | 393 | Specifies whether X11 forwarding is permitted. The argument must |
384 | ``no''. Note that disabling X11 forwarding does not improve | 394 | be ``yes'' or ``no''. The default is ``no''. |
385 | security in any way, as users can always install their own forM-- | 395 | |
386 | warders. X11 forwarding is automatically disabled if UseLogin is | 396 | When X11 forwarding is enabled, there may be additional exposure |
387 | enabled. | 397 | to the server and to client displays if the sshd proxy display is |
398 | configured to listen on the wildcard address (see X11UseLocalhost | ||
399 | below), however this is not the default. Additionally, the | ||
400 | authentication spoofing and authentication data verification and | ||
401 | substitution occur on the client side. The security risk of | ||
402 | using X11 forwarding is that the client's X11 display server may | ||
403 | be exposed to attack when the ssh client requests forwarding (see | ||
404 | the warnings for ForwardX11 in ssh_config(5) ). A system adminisM-- | ||
405 | trator may have a stance in which they want to protect clients | ||
406 | that may expose themselves to attack by unwittingly requesting | ||
407 | X11 forwarding, which can warrant a ``no'' setting. | ||
408 | |||
409 | Note that disabling X11 forwarding does not prevent users from | ||
410 | forwarding X11 traffic, as users can always install their own | ||
411 | forwarders. X11 forwarding is automatically disabled if UseLogin | ||
412 | is enabled. | ||
388 | 413 | ||
389 | X11UseLocalhost | 414 | X11UseLocalhost |
390 | Specifies whether sshd should bind the X11 forwarding server to | 415 | Specifies whether sshd should bind the X11 forwarding server to |
@@ -392,15 +417,15 @@ DESCRIPTION | |||
392 | sshd binds the forwarding server to the loopback address and sets | 417 | sshd binds the forwarding server to the loopback address and sets |
393 | the hostname part of the DISPLAY environment variable to | 418 | the hostname part of the DISPLAY environment variable to |
394 | ``localhost''. This prevents remote hosts from connecting to the | 419 | ``localhost''. This prevents remote hosts from connecting to the |
395 | fake display. However, some older X11 clients may not function | 420 | proxy display. However, some older X11 clients may not function |
396 | with this configuration. X11UseLocalhost may be set to ``no'' to | 421 | with this configuration. X11UseLocalhost may be set to ``no'' to |
397 | specify that the forwarding server should be bound to the wildM-- | 422 | specify that the forwarding server should be bound to the wildM-- |
398 | card address. The argument must be ``yes'' or ``no''. The | 423 | card address. The argument must be ``yes'' or ``no''. The |
399 | default is ``yes''. | 424 | default is ``yes''. |
400 | 425 | ||
401 | XAuthLocation | 426 | XAuthLocation |
402 | Specifies the location of the xauth(1) program. The default is | 427 | Specifies the full pathname of the xauth(1) program. The default |
403 | /usr/X11R6/bin/xauth. | 428 | is /usr/X11R6/bin/xauth. |
404 | 429 | ||
405 | Time Formats | 430 | Time Formats |
406 | 431 | ||
diff --git a/sshd_config.5 b/sshd_config.5 index aa7b7c7d4..0944ba076 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd_config.5,v 1.4 2002/06/22 16:45:29 stevesk Exp $ | 37 | .\" $OpenBSD: sshd_config.5,v 1.13 2002/09/16 20:12:11 stevesk Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD_CONFIG 5 | 39 | .Dt SSHD_CONFIG 5 |
40 | .Os | 40 | .Os |
@@ -379,7 +379,7 @@ options must precede this option for non port qualified addresses. | |||
379 | The server disconnects after this time if the user has not | 379 | The server disconnects after this time if the user has not |
380 | successfully logged in. | 380 | successfully logged in. |
381 | If the value is 0, there is no time limit. | 381 | If the value is 0, there is no time limit. |
382 | The default is 600 (seconds). | 382 | The default is 120 seconds. |
383 | .It Cm LogLevel | 383 | .It Cm LogLevel |
384 | Gives the verbosity level that is used when logging messages from | 384 | Gives the verbosity level that is used when logging messages from |
385 | .Nm sshd . | 385 | .Nm sshd . |
@@ -465,6 +465,20 @@ for root. | |||
465 | If this option is set to | 465 | If this option is set to |
466 | .Dq no | 466 | .Dq no |
467 | root is not allowed to login. | 467 | root is not allowed to login. |
468 | .It Cm PermitUserEnvironment | ||
469 | Specifies whether | ||
470 | .Pa ~/.ssh/environment | ||
471 | and | ||
472 | .Cm environment= | ||
473 | options in | ||
474 | .Pa ~/.ssh/authorized_keys | ||
475 | are processed by | ||
476 | .Nm sshd . | ||
477 | The default is | ||
478 | .Dq no . | ||
479 | Enabling environment processing may enable users to bypass access | ||
480 | restrictions in some configurations using mechanisms such as | ||
481 | .Ev LD_PRELOAD . | ||
468 | .It Cm PidFile | 482 | .It Cm PidFile |
469 | Specifies the file that contains the process ID of the | 483 | Specifies the file that contains the process ID of the |
470 | .Nm sshd | 484 | .Nm sshd |
@@ -499,7 +513,7 @@ The default is | |||
499 | .It Cm Protocol | 513 | .It Cm Protocol |
500 | Specifies the protocol versions | 514 | Specifies the protocol versions |
501 | .Nm sshd | 515 | .Nm sshd |
502 | should support. | 516 | supports. |
503 | The possible values are | 517 | The possible values are |
504 | .Dq 1 | 518 | .Dq 1 |
505 | and | 519 | and |
@@ -507,6 +521,13 @@ and | |||
507 | Multiple versions must be comma-separated. | 521 | Multiple versions must be comma-separated. |
508 | The default is | 522 | The default is |
509 | .Dq 2,1 . | 523 | .Dq 2,1 . |
524 | Note that the order of the protocol list does not indicate preference, | ||
525 | because the client selects among multiple protocol versions offered | ||
526 | by the server. | ||
527 | Specifying | ||
528 | .Dq 2,1 | ||
529 | is identical to | ||
530 | .Dq 1,2 . | ||
510 | .It Cm PubkeyAuthentication | 531 | .It Cm PubkeyAuthentication |
511 | Specifies whether public key authentication is allowed. | 532 | Specifies whether public key authentication is allowed. |
512 | The default is | 533 | The default is |
@@ -609,10 +630,35 @@ from interfering with real X11 servers. | |||
609 | The default is 10. | 630 | The default is 10. |
610 | .It Cm X11Forwarding | 631 | .It Cm X11Forwarding |
611 | Specifies whether X11 forwarding is permitted. | 632 | Specifies whether X11 forwarding is permitted. |
633 | The argument must be | ||
634 | .Dq yes | ||
635 | or | ||
636 | .Dq no . | ||
612 | The default is | 637 | The default is |
613 | .Dq no . | 638 | .Dq no . |
614 | Note that disabling X11 forwarding does not improve security in any | 639 | .Pp |
615 | way, as users can always install their own forwarders. | 640 | When X11 forwarding is enabled, there may be additional exposure to |
641 | the server and to client displays if the | ||
642 | .Nm sshd | ||
643 | proxy display is configured to listen on the wildcard address (see | ||
644 | .Cm X11UseLocalhost | ||
645 | below), however this is not the default. | ||
646 | Additionally, the authentication spoofing and authentication data | ||
647 | verification and substitution occur on the client side. | ||
648 | The security risk of using X11 forwarding is that the client's X11 | ||
649 | display server may be exposed to attack when the ssh client requests | ||
650 | forwarding (see the warnings for | ||
651 | .Cm ForwardX11 | ||
652 | in | ||
653 | .Xr ssh_config 5 ). | ||
654 | A system administrator may have a stance in which they want to | ||
655 | protect clients that may expose themselves to attack by unwittingly | ||
656 | requesting X11 forwarding, which can warrant a | ||
657 | .Dq no | ||
658 | setting. | ||
659 | .Pp | ||
660 | Note that disabling X11 forwarding does not prevent users from | ||
661 | forwarding X11 traffic, as users can always install their own forwarders. | ||
616 | X11 forwarding is automatically disabled if | 662 | X11 forwarding is automatically disabled if |
617 | .Cm UseLogin | 663 | .Cm UseLogin |
618 | is enabled. | 664 | is enabled. |
@@ -627,7 +673,7 @@ hostname part of the | |||
627 | .Ev DISPLAY | 673 | .Ev DISPLAY |
628 | environment variable to | 674 | environment variable to |
629 | .Dq localhost . | 675 | .Dq localhost . |
630 | This prevents remote hosts from connecting to the fake display. | 676 | This prevents remote hosts from connecting to the proxy display. |
631 | However, some older X11 clients may not function with this | 677 | However, some older X11 clients may not function with this |
632 | configuration. | 678 | configuration. |
633 | .Cm X11UseLocalhost | 679 | .Cm X11UseLocalhost |
@@ -642,7 +688,7 @@ or | |||
642 | The default is | 688 | The default is |
643 | .Dq yes . | 689 | .Dq yes . |
644 | .It Cm XAuthLocation | 690 | .It Cm XAuthLocation |
645 | Specifies the location of the | 691 | Specifies the full pathname of the |
646 | .Xr xauth 1 | 692 | .Xr xauth 1 |
647 | program. | 693 | program. |
648 | The default is | 694 | The default is |
@@ -654,7 +700,7 @@ The default is | |||
654 | command-line arguments and configuration file options that specify time | 700 | command-line arguments and configuration file options that specify time |
655 | may be expressed using a sequence of the form: | 701 | may be expressed using a sequence of the form: |
656 | .Sm off | 702 | .Sm off |
657 | .Ar time Oo Ar qualifier Oc , | 703 | .Ar time Op Ar qualifier , |
658 | .Sm on | 704 | .Sm on |
659 | where | 705 | where |
660 | .Ar time | 706 | .Ar time |
diff --git a/sshlogin.c b/sshlogin.c index e76f94534..4cd1c0059 100644 --- a/sshlogin.c +++ b/sshlogin.c | |||
@@ -39,7 +39,7 @@ | |||
39 | */ | 39 | */ |
40 | 40 | ||
41 | #include "includes.h" | 41 | #include "includes.h" |
42 | RCSID("$OpenBSD: sshlogin.c,v 1.4 2002/06/23 03:30:17 deraadt Exp $"); | 42 | RCSID("$OpenBSD: sshlogin.c,v 1.5 2002/08/29 15:57:25 stevesk Exp $"); |
43 | 43 | ||
44 | #include "loginrec.h" | 44 | #include "loginrec.h" |
45 | 45 | ||
@@ -65,7 +65,7 @@ get_last_login_time(uid_t uid, const char *logname, | |||
65 | */ | 65 | */ |
66 | void | 66 | void |
67 | record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid, | 67 | record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid, |
68 | const char *host, struct sockaddr * addr) | 68 | const char *host, struct sockaddr * addr, socklen_t addrlen) |
69 | { | 69 | { |
70 | struct logininfo *li; | 70 | struct logininfo *li; |
71 | 71 | ||
diff --git a/sshlogin.h b/sshlogin.h index bd30278e0..287c0d9f6 100644 --- a/sshlogin.h +++ b/sshlogin.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshlogin.h,v 1.3 2001/06/26 17:27:25 markus Exp $ */ | 1 | /* $OpenBSD: sshlogin.h,v 1.4 2002/08/29 15:57:25 stevesk Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -16,7 +16,7 @@ | |||
16 | 16 | ||
17 | void | 17 | void |
18 | record_login(pid_t, const char *, const char *, uid_t, | 18 | record_login(pid_t, const char *, const char *, uid_t, |
19 | const char *, struct sockaddr *); | 19 | const char *, struct sockaddr *, socklen_t); |
20 | void record_logout(pid_t, const char *, const char *); | 20 | void record_logout(pid_t, const char *, const char *); |
21 | u_long get_last_login_time(uid_t, const char *, char *, u_int); | 21 | u_long get_last_login_time(uid_t, const char *, char *, u_int); |
22 | 22 | ||
@@ -162,7 +162,7 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) | |||
162 | } | 162 | } |
163 | return 1; | 163 | return 1; |
164 | #else /* HAVE_DEV_PTS_AND_PTC */ | 164 | #else /* HAVE_DEV_PTS_AND_PTC */ |
165 | #ifdef _CRAY | 165 | #ifdef _UNICOS |
166 | char buf[64]; | 166 | char buf[64]; |
167 | int i; | 167 | int i; |
168 | int highpty; | 168 | int highpty; |
@@ -268,7 +268,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname) | |||
268 | void *old; | 268 | void *old; |
269 | #endif /* USE_VHANGUP */ | 269 | #endif /* USE_VHANGUP */ |
270 | 270 | ||
271 | #ifdef _CRAY | 271 | #ifdef _UNICOS |
272 | if (setsid() < 0) | 272 | if (setsid() < 0) |
273 | error("setsid: %.100s", strerror(errno)); | 273 | error("setsid: %.100s", strerror(errno)); |
274 | 274 | ||
@@ -290,7 +290,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname) | |||
290 | error("%.100s: %.100s", ttyname, strerror(errno)); | 290 | error("%.100s: %.100s", ttyname, strerror(errno)); |
291 | close(*ttyfd); | 291 | close(*ttyfd); |
292 | *ttyfd = fd; | 292 | *ttyfd = fd; |
293 | #else /* _CRAY */ | 293 | #else /* _UNICOS */ |
294 | 294 | ||
295 | /* First disconnect from the old controlling tty. */ | 295 | /* First disconnect from the old controlling tty. */ |
296 | #ifdef TIOCNOTTY | 296 | #ifdef TIOCNOTTY |
@@ -345,7 +345,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname) | |||
345 | strerror(errno)); | 345 | strerror(errno)); |
346 | else | 346 | else |
347 | close(fd); | 347 | close(fd); |
348 | #endif /* _CRAY */ | 348 | #endif /* _UNICOS */ |
349 | } | 349 | } |
350 | 350 | ||
351 | /* Changes the window size associated with the pty. */ | 351 | /* Changes the window size associated with the pty. */ |
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: uidswap.c,v 1.22 2002/05/28 21:24:00 stevesk Exp $"); | 15 | RCSID("$OpenBSD: uidswap.c,v 1.23 2002/07/15 17:15:31 stevesk Exp $"); |
16 | 16 | ||
17 | #include "log.h" | 17 | #include "log.h" |
18 | #include "uidswap.h" | 18 | #include "uidswap.h" |
@@ -52,8 +52,9 @@ temporarily_use_uid(struct passwd *pw) | |||
52 | #ifdef SAVED_IDS_WORK_WITH_SETEUID | 52 | #ifdef SAVED_IDS_WORK_WITH_SETEUID |
53 | saved_euid = geteuid(); | 53 | saved_euid = geteuid(); |
54 | saved_egid = getegid(); | 54 | saved_egid = getegid(); |
55 | debug("temporarily_use_uid: %u/%u (e=%u)", | 55 | debug("temporarily_use_uid: %u/%u (e=%u/%u)", |
56 | (u_int)pw->pw_uid, (u_int)pw->pw_gid, (u_int)saved_euid); | 56 | (u_int)pw->pw_uid, (u_int)pw->pw_gid, |
57 | (u_int)saved_euid, (u_int)saved_egid); | ||
57 | if (saved_euid != 0) { | 58 | if (saved_euid != 0) { |
58 | privileged = 0; | 59 | privileged = 0; |
59 | return; | 60 | return; |
@@ -105,14 +106,16 @@ temporarily_use_uid(struct passwd *pw) | |||
105 | void | 106 | void |
106 | restore_uid(void) | 107 | restore_uid(void) |
107 | { | 108 | { |
108 | debug("restore_uid"); | ||
109 | /* it's a no-op unless privileged */ | 109 | /* it's a no-op unless privileged */ |
110 | if (!privileged) | 110 | if (!privileged) { |
111 | debug("restore_uid: (unprivileged)"); | ||
111 | return; | 112 | return; |
113 | } | ||
112 | if (!temporarily_use_uid_effective) | 114 | if (!temporarily_use_uid_effective) |
113 | fatal("restore_uid: temporarily_use_uid not effective"); | 115 | fatal("restore_uid: temporarily_use_uid not effective"); |
114 | 116 | ||
115 | #ifdef SAVED_IDS_WORK_WITH_SETEUID | 117 | #ifdef SAVED_IDS_WORK_WITH_SETEUID |
118 | debug("restore_uid: %u/%u", (u_int)saved_euid, (u_int)saved_egid); | ||
116 | /* Set the effective uid back to the saved privileged uid. */ | 119 | /* Set the effective uid back to the saved privileged uid. */ |
117 | if (seteuid(saved_euid) < 0) | 120 | if (seteuid(saved_euid) < 0) |
118 | fatal("seteuid %u: %.100s", (u_int)saved_euid, strerror(errno)); | 121 | fatal("seteuid %u: %.100s", (u_int)saved_euid, strerror(errno)); |
@@ -142,6 +145,8 @@ permanently_set_uid(struct passwd *pw) | |||
142 | { | 145 | { |
143 | if (temporarily_use_uid_effective) | 146 | if (temporarily_use_uid_effective) |
144 | fatal("permanently_set_uid: temporarily_use_uid effective"); | 147 | fatal("permanently_set_uid: temporarily_use_uid effective"); |
148 | debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid, | ||
149 | (u_int)pw->pw_gid); | ||
145 | if (setgid(pw->pw_gid) < 0) | 150 | if (setgid(pw->pw_gid) < 0) |
146 | fatal("setgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); | 151 | fatal("setgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); |
147 | if (setuid(pw->pw_uid) < 0) | 152 | if (setuid(pw->pw_uid) < 0) |
diff --git a/uuencode.c b/uuencode.c index 89fcb0815..21eaf4d3f 100644 --- a/uuencode.c +++ b/uuencode.c | |||
@@ -23,9 +23,10 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: uuencode.c,v 1.16 2002/09/09 14:54:15 markus Exp $"); | ||
27 | |||
26 | #include "xmalloc.h" | 28 | #include "xmalloc.h" |
27 | #include "uuencode.h" | 29 | #include "uuencode.h" |
28 | RCSID("$OpenBSD: uuencode.c,v 1.15 2002/03/04 17:27:39 stevesk Exp $"); | ||
29 | 30 | ||
30 | int | 31 | int |
31 | uuencode(u_char *src, u_int srclength, | 32 | uuencode(u_char *src, u_int srclength, |
@@ -57,7 +58,7 @@ uudecode(const char *src, u_char *target, size_t targsize) | |||
57 | void | 58 | void |
58 | dump_base64(FILE *fp, u_char *data, u_int len) | 59 | dump_base64(FILE *fp, u_char *data, u_int len) |
59 | { | 60 | { |
60 | u_char *buf = xmalloc(2*len); | 61 | char *buf = xmalloc(2*len); |
61 | int i, n; | 62 | int i, n; |
62 | 63 | ||
63 | n = uuencode(data, len, buf, 2*len); | 64 | n = uuencode(data, len, buf, 2*len); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: version.h,v 1.34 2002/06/26 13:56:27 markus Exp $ */ | 1 | /* $OpenBSD: version.h,v 1.35 2002/10/01 13:24:50 markus Exp $ */ |
2 | 2 | ||
3 | #define SSH_VERSION "OpenSSH_3.4p1" | 3 | #define SSH_VERSION "OpenSSH_3.5p1" |
4 | 4 | ||