summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog864
-rw-r--r--Makefile.in4
-rw-r--r--README4
-rw-r--r--README.platform12
-rw-r--r--README.tun132
-rw-r--r--aclocal.m44
-rw-r--r--auth-krb5.c9
-rw-r--r--auth-options.c41
-rw-r--r--auth-options.h3
-rw-r--r--auth-pam.c16
-rw-r--r--auth2-gss.c7
-rw-r--r--auth2.c12
-rw-r--r--bufaux.c5
-rw-r--r--buildpkg.sh.in2
-rw-r--r--canohost.c41
-rw-r--r--channels.c168
-rw-r--r--channels.h20
-rw-r--r--cipher-aes.c12
-rw-r--r--cipher-ctr.c7
-rw-r--r--cipher.c4
-rw-r--r--clientloop.c30
-rw-r--r--config.h.in879
-rwxr-xr-xconfigure2638
-rw-r--r--configure.ac847
-rw-r--r--contrib/caldera/openssh.spec4
-rw-r--r--contrib/cygwin/ssh-host-config4
-rw-r--r--contrib/cygwin/ssh-user-config4
-rw-r--r--contrib/redhat/openssh.spec2
-rw-r--r--contrib/suse/openssh.spec244
-rw-r--r--contrib/suse/rc.sshd133
-rw-r--r--contrib/suse/sysconfig.ssh9
-rw-r--r--defines.h16
-rw-r--r--dns.c35
-rw-r--r--dns.h4
-rw-r--r--entropy.c38
-rw-r--r--entropy.h7
-rw-r--r--gss-genr.c7
-rw-r--r--gss-serv-krb5.c2
-rw-r--r--gss-serv.c27
-rw-r--r--hostfile.c6
-rw-r--r--includes.h5
-rw-r--r--kex.c36
-rw-r--r--kex.h22
-rw-r--r--kexdh.c10
-rw-r--r--kexdhc.c15
-rw-r--r--kexdhs.c17
-rw-r--r--kexgex.c16
-rw-r--r--kexgexc.c17
-rw-r--r--kexgexs.c20
-rw-r--r--loginrec.c6
-rw-r--r--misc.c173
-rw-r--r--misc.h23
-rw-r--r--monitor.c14
-rw-r--r--monitor_wrap.c1
-rw-r--r--openbsd-compat/Makefile.in6
-rw-r--r--openbsd-compat/base64.c9
-rw-r--r--openbsd-compat/basename.c39
-rw-r--r--openbsd-compat/bindresvport.c8
-rw-r--r--openbsd-compat/bsd-asprintf.c95
-rw-r--r--openbsd-compat/bsd-closefrom.c4
-rw-r--r--openbsd-compat/bsd-misc.c9
-rw-r--r--openbsd-compat/bsd-snprintf.c610
-rw-r--r--openbsd-compat/daemon.c9
-rw-r--r--openbsd-compat/dirname.c40
-rw-r--r--openbsd-compat/getcwd.c54
-rw-r--r--openbsd-compat/getgrouplist.c19
-rw-r--r--openbsd-compat/getopt.c4
-rw-r--r--openbsd-compat/getrrsetbyname.c114
-rw-r--r--openbsd-compat/glob.c122
-rw-r--r--openbsd-compat/glob.h8
-rw-r--r--openbsd-compat/inet_aton.c28
-rw-r--r--openbsd-compat/inet_ntoa.c14
-rw-r--r--openbsd-compat/inet_ntop.c30
-rw-r--r--openbsd-compat/mktemp.c19
-rw-r--r--openbsd-compat/openbsd-compat.h15
-rw-r--r--openbsd-compat/openssl-compat.h15
-rw-r--r--openbsd-compat/port-tun.c252
-rw-r--r--openbsd-compat/port-tun.h33
-rw-r--r--openbsd-compat/port-uw.c24
-rw-r--r--openbsd-compat/readpassphrase.c8
-rw-r--r--openbsd-compat/readpassphrase.h43
-rw-r--r--openbsd-compat/realpath.c5
-rw-r--r--openbsd-compat/rresvport.c16
-rw-r--r--openbsd-compat/setenv.c80
-rw-r--r--openbsd-compat/sigact.c8
-rw-r--r--openbsd-compat/sigact.h8
-rw-r--r--openbsd-compat/strlcat.c16
-rw-r--r--openbsd-compat/strlcpy.c16
-rw-r--r--openbsd-compat/strmode.c14
-rw-r--r--openbsd-compat/strsep.c14
-rw-r--r--openbsd-compat/strtoll.c9
-rw-r--r--openbsd-compat/strtonum.c4
-rw-r--r--openbsd-compat/strtoul.c22
-rw-r--r--openbsd-compat/sys-queue.h4
-rw-r--r--openbsd-compat/sys-tree.h4
-rw-r--r--openbsd-compat/vis.c62
-rw-r--r--openbsd-compat/vis.h15
-rwxr-xr-xopensshd.init.in2
-rw-r--r--packet.c4
-rw-r--r--progressmeter.c6
-rw-r--r--readconf.c74
-rw-r--r--readconf.h10
-rw-r--r--regress/README.regress6
-rw-r--r--regress/agent-getpeereid.sh4
-rw-r--r--regress/forwarding.sh33
-rw-r--r--regress/multiplex.sh2
-rw-r--r--regress/reconfigure.sh5
-rw-r--r--regress/scp-ssh-wrapper.sh11
-rw-r--r--regress/scp.sh36
-rw-r--r--regress/test-exec.sh7
-rw-r--r--regress/try-ciphers.sh5
-rw-r--r--regress/yes-head.sh2
-rw-r--r--scp.03
-rw-r--r--scp.13
-rw-r--r--scp.c152
-rw-r--r--servconf.c30
-rw-r--r--servconf.h5
-rw-r--r--serverloop.c88
-rw-r--r--session.c58
-rw-r--r--sftp-client.c9
-rw-r--r--sftp-common.h5
-rw-r--r--sftp-server.02
-rw-r--r--sftp-server.c12
-rw-r--r--sftp.07
-rw-r--r--sftp.15
-rw-r--r--sftp.c14
-rw-r--r--ssh-add.02
-rw-r--r--ssh-add.c8
-rw-r--r--ssh-agent.012
-rw-r--r--ssh-agent.18
-rw-r--r--ssh-agent.c7
-rw-r--r--ssh-keygen.013
-rw-r--r--ssh-keygen.19
-rw-r--r--ssh-keygen.c32
-rw-r--r--ssh-keyscan.08
-rw-r--r--ssh-keyscan.13
-rw-r--r--ssh-keyscan.c23
-rw-r--r--ssh-keysign.02
-rw-r--r--ssh-keysign.c9
-rw-r--r--ssh-rand-helper.02
-rw-r--r--ssh.0831
-rw-r--r--ssh.11185
-rw-r--r--ssh.c89
-rw-r--r--ssh_config5
-rw-r--r--ssh_config.0162
-rw-r--r--ssh_config.5153
-rw-r--r--sshconnect.c43
-rw-r--r--sshconnect.h4
-rw-r--r--sshconnect1.c8
-rw-r--r--sshconnect2.c4
-rw-r--r--sshd.0194
-rw-r--r--sshd.8255
-rw-r--r--sshd.c52
-rw-r--r--sshd_config3
-rw-r--r--sshd_config.018
-rw-r--r--sshd_config.520
-rw-r--r--version.h6
157 files changed, 8445 insertions, 3931 deletions
diff --git a/ChangeLog b/ChangeLog
index 9573f8672..c9b5018bd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,865 @@
120060211
2 - (dtucker) [README] Bump release notes URL.
3 - (djm) Release 4.3p2
4
520060208
6 - (tim) [session.c] Logout records were not updated on systems with
7 post auth privsep disabled due to bug 1086 changes. Analysis and patch
8 by vinschen at redhat.com. OK tim@, dtucker@.
9 - (dtucker) [configure.ac] Typo in Ultrix and NewsOS sections (NEED_SETPRGP
10 -> NEED_SETPGRP), reported by Berhard Simon. ok tim@
11
1220060206
13 - (tim) [configure.ac] Remove unnecessary tests for net/if.h and
14 netinet/in_systm.h. OK dtucker@.
15
1620060205
17 - (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test
18 for Solaris. OK dtucker@.
19 - (tim) [configure.ac] Bug #1149. Changes in QNX section only. Patch by
20 kraai at ftbfs.org.
21
2220060203
23 - (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first
24 AC_CHECK_HEADERS test. Without it, if AC_CHECK_HEADERS is first run
25 by a platform specific check, builtin standard includes tests will be
26 skipped on the other platforms.
27 Analysis and suggestion by vinschen at redhat.com, patch by dtucker@.
28 OK tim@, djm@.
29
3020060202
31 - (dtucker) [configure.ac] Bug #1148: Fix "crippled AES" test so that it
32 works with picky compilers. Patch from alex.kiernan at thus.net.
33
3420060201
35 - (djm) [regress/test-exec.sh] Try 'logname' as well as 'whoami' to
36 determine the user's login name - needed for regress tests on Solaris
37 10 and OpenSolaris
38 - (djm) OpenBSD CVS Sync
39 - jmc@cvs.openbsd.org 2006/02/01 09:06:50
40 [sshd.8]
41 - merge sections on protocols 1 and 2 into a single section
42 - remove configuration file section
43 ok markus
44 - jmc@cvs.openbsd.org 2006/02/01 09:11:41
45 [sshd.8]
46 small tweak;
47 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
48 [contrib/suse/openssh.spec] Update versions ahead of release
49 - markus@cvs.openbsd.org 2006/02/01 11:27:22
50 [version.h]
51 openssh 4.3
52 - (djm) Release OpenSSH 4.3p1
53
5420060131
55 - (djm) OpenBSD CVS Sync
56 - jmc@cvs.openbsd.org 2006/01/20 11:21:45
57 [ssh_config.5]
58 - word change, agreed w/ markus
59 - consistency fixes
60 - jmc@cvs.openbsd.org 2006/01/25 09:04:34
61 [sshd.8]
62 move the options description up the page, and a few additional tweaks
63 whilst in here;
64 ok markus
65 - jmc@cvs.openbsd.org 2006/01/25 09:07:22
66 [sshd.8]
67 move subsections to full sections;
68 - jmc@cvs.openbsd.org 2006/01/26 08:47:56
69 [ssh.1]
70 add a section on verifying host keys in dns;
71 written with a lot of help from jakob;
72 feedback dtucker/markus;
73 ok markus
74 - reyk@cvs.openbsd.org 2006/01/30 12:22:22
75 [channels.c]
76 mark channel as write failed or dead instead of read failed on error
77 of the channel output filter.
78 ok markus@
79 - jmc@cvs.openbsd.org 2006/01/30 13:37:49
80 [ssh.1]
81 remove an incorrect sentence;
82 reported by roumen petrov;
83 ok djm markus
84 - djm@cvs.openbsd.org 2006/01/31 10:19:02
85 [misc.c misc.h scp.c sftp.c]
86 fix local arbitrary command execution vulnerability on local/local and
87 remote/remote copies (CVE-2006-0225, bz #1094), patch by
88 t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
89 - djm@cvs.openbsd.org 2006/01/31 10:35:43
90 [scp.c]
91 "scp a b c" shouldn't clobber "c" when it is not a directory, report and
92 fix from biorn@; ok markus@
93 - (djm) Sync regress tests to OpenBSD:
94 - dtucker@cvs.openbsd.org 2005/03/10 10:20:39
95 [regress/forwarding.sh]
96 Regress test for ClearAllForwardings (bz #994); ok markus@
97 - dtucker@cvs.openbsd.org 2005/04/25 09:54:09
98 [regress/multiplex.sh]
99 Don't call cleanup in multiplex as test-exec will cleanup anyway
100 found by tim@, ok djm@
101 NB. ID sync only, we already had this
102 - djm@cvs.openbsd.org 2005/05/20 23:14:15
103 [regress/test-exec.sh]
104 force addressfamily=inet for tests, unbreaking dynamic-forward regress for
105 recently committed nc SOCKS5 changes
106 - djm@cvs.openbsd.org 2005/05/24 04:10:54
107 [regress/try-ciphers.sh]
108 oops, new arcfour modes here too
109 - markus@cvs.openbsd.org 2005/06/30 11:02:37
110 [regress/scp.sh]
111 allow SUDO=sudo; from Alexander Bluhm
112 - grunk@cvs.openbsd.org 2005/11/14 21:25:56
113 [regress/agent-getpeereid.sh]
114 all other scripts in this dir use $SUDO, not 'sudo', so pull this even
115 ok markus@
116 - dtucker@cvs.openbsd.org 2005/12/14 04:36:39
117 [regress/scp-ssh-wrapper.sh]
118 Fix assumption about how many args scp will pass; ok djm@
119 NB. ID sync only, we already had this
120 - djm@cvs.openbsd.org 2006/01/27 06:49:21
121 [scp.sh]
122 regress test for local to local scp copies; ok dtucker@
123 - djm@cvs.openbsd.org 2006/01/31 10:23:23
124 [scp.sh]
125 regression test for CVE-2006-0225 written by dtucker@
126 - djm@cvs.openbsd.org 2006/01/31 10:36:33
127 [scp.sh]
128 regress test for "scp a b c" where "c" is not a directory
129
13020060129
131 - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the
132 opensshd.init script interpretter if /sbin/sh does not exist. ok tim@
133
13420060120
135 - (dtucker) OpenBSD CVS Sync
136 - jmc@cvs.openbsd.org 2006/01/15 17:37:05
137 [ssh.1]
138 correction from deraadt
139 - jmc@cvs.openbsd.org 2006/01/18 10:53:29
140 [ssh.1]
141 add a section on ssh-based vpn, based on reyk's README.tun;
142 - dtucker@cvs.openbsd.org 2006/01/20 00:14:55
143 [scp.1 ssh.1 ssh_config.5 sftp.1]
144 Document RekeyLimit. Based on patch from jan.iven at cern.ch from mindrot
145 #1056 with feedback from jmc, djm and markus; ok jmc@ djm@
146
14720060114
148 - (djm) OpenBSD CVS Sync
149 - jmc@cvs.openbsd.org 2006/01/06 13:27:32
150 [ssh.1]
151 weed out some duplicate info in the known_hosts FILES entries;
152 ok djm
153 - jmc@cvs.openbsd.org 2006/01/06 13:29:10
154 [ssh.1]
155 final round of whacking FILES for duplicate info, and some consistency
156 fixes;
157 ok djm
158 - jmc@cvs.openbsd.org 2006/01/12 14:44:12
159 [ssh.1]
160 split sections on tcp and x11 forwarding into two sections.
161 add an example in the tcp section, based on sth i wrote for ssh faq;
162 help + ok: djm markus dtucker
163 - jmc@cvs.openbsd.org 2006/01/12 18:48:48
164 [ssh.1]
165 refer to `TCP' rather than `TCP/IP' in the context of connection
166 forwarding;
167 ok markus
168 - jmc@cvs.openbsd.org 2006/01/12 22:20:00
169 [sshd.8]
170 refer to TCP forwarding, rather than TCP/IP forwarding;
171 - jmc@cvs.openbsd.org 2006/01/12 22:26:02
172 [ssh_config.5]
173 refer to TCP forwarding, rather than TCP/IP forwarding;
174 - jmc@cvs.openbsd.org 2006/01/12 22:34:12
175 [ssh.1]
176 back out a sentence - AUTHENTICATION already documents this;
177
17820060109
179 - (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on
180 tcpip service so it's always started after IP is up. Patch from
181 vinschen at redhat.com.
182
18320060106
184 - (djm) OpenBSD CVS Sync
185 - jmc@cvs.openbsd.org 2006/01/03 16:31:10
186 [ssh.1]
187 move FILES to a -compact list, and make each files an item in that list.
188 this avoids nastly line wrap when we have long pathnames, and treats
189 each file as a separate item;
190 remove the .Pa too, since it is useless.
191 - jmc@cvs.openbsd.org 2006/01/03 16:35:30
192 [ssh.1]
193 use a larger width for the ENVIRONMENT list;
194 - jmc@cvs.openbsd.org 2006/01/03 16:52:36
195 [ssh.1]
196 put FILES in some sort of order: sort by pathname
197 - jmc@cvs.openbsd.org 2006/01/03 16:55:18
198 [ssh.1]
199 tweak the description of ~/.ssh/environment
200 - jmc@cvs.openbsd.org 2006/01/04 18:42:46
201 [ssh.1]
202 chop out some duplication in the .{r,s}hosts/{h,sh}osts.equiv FILES
203 entries;
204 ok markus
205 - jmc@cvs.openbsd.org 2006/01/04 18:45:01
206 [ssh.1]
207 remove .Xr's to rsh(1) and telnet(1): they are hardly needed;
208 - jmc@cvs.openbsd.org 2006/01/04 19:40:24
209 [ssh.1]
210 +.Xr ssh-keyscan 1 ,
211 - jmc@cvs.openbsd.org 2006/01/04 19:50:09
212 [ssh.1]
213 -.Xr gzip 1 ,
214 - djm@cvs.openbsd.org 2006/01/05 23:43:53
215 [misc.c]
216 check that stdio file descriptors are actually closed before clobbering
217 them in sanitise_stdfd(). problems occurred when a lower numbered fd was
218 closed, but higher ones weren't. spotted by, and patch tested by
219 Frédéric Olivié
220
22120060103
222 - (djm) [channels.c] clean up harmless merge error, from reyk@
223
22420060103
225 - (djm) OpenBSD CVS Sync
226 - jmc@cvs.openbsd.org 2006/01/02 17:09:49
227 [ssh_config.5 sshd_config.5]
228 some corrections from michael knudsen;
229
23020060102
231 - (djm) [README.tun] Add README.tun, missed during sync of tun(4) support
232 - (djm) OpenBSD CVS Sync
233 - jmc@cvs.openbsd.org 2005/12/31 10:46:17
234 [ssh.1]
235 merge the "LOGIN SESSION AND REMOTE EXECUTION" and "SERVER
236 AUTHENTICATION" sections into "AUTHENTICATION";
237 some rewording done to make the text read better, plus some
238 improvements from djm;
239 ok djm
240 - jmc@cvs.openbsd.org 2005/12/31 13:44:04
241 [ssh.1]
242 clean up ENVIRONMENT a little;
243 - jmc@cvs.openbsd.org 2005/12/31 13:45:19
244 [ssh.1]
245 .Nm does not require an argument;
246 - stevesk@cvs.openbsd.org 2006/01/01 08:59:27
247 [includes.h misc.c]
248 move <net/if.h>; ok djm@
249 - stevesk@cvs.openbsd.org 2006/01/01 10:08:48
250 [misc.c]
251 no trailing "\n" for debug()
252 - djm@cvs.openbsd.org 2006/01/02 01:20:31
253 [sftp-client.c sftp-common.h sftp-server.c]
254 use a common max. packet length, no binary change
255 - reyk@cvs.openbsd.org 2006/01/02 07:53:44
256 [misc.c]
257 clarify tun(4) opening - set the mode and bring the interface up. also
258 (re)sets the tun(4) layer 2 LINK0 flag for existing tunnel interfaces.
259 suggested and ok by djm@
260 - jmc@cvs.openbsd.org 2006/01/02 12:31:06
261 [ssh.1]
262 start to cut some duplicate info from FILES;
263 help/ok djm
264
26520060101
266 - (djm) [Makefile.in configure.ac includes.h misc.c]
267 [openbsd-compat/port-tun.c openbsd-compat/port-tun.h] Add support
268 for tunnel forwarding for FreeBSD and NetBSD. NetBSD's support is
269 limited to IPv4 tunnels only, and most versions don't support the
270 tap(4) device at all.
271 - (djm) [configure.ac] Fix linux/if_tun.h test
272 - (djm) [openbsd-compat/port-tun.c] Linux needs linux/if.h too
273
27420051229
275 - (djm) OpenBSD CVS Sync
276 - stevesk@cvs.openbsd.org 2005/12/28 22:46:06
277 [canohost.c channels.c clientloop.c]
278 use 'break-in' for consistency; ok deraadt@ ok and input jmc@
279 - reyk@cvs.openbsd.org 2005/12/30 15:56:37
280 [channels.c channels.h clientloop.c]
281 add channel output filter interface.
282 ok djm@, suggested by markus@
283 - jmc@cvs.openbsd.org 2005/12/30 16:59:00
284 [sftp.1]
285 do not suggest that interactive authentication will work
286 with the -b flag;
287 based on a diff from john l. scarfone;
288 ok djm
289 - stevesk@cvs.openbsd.org 2005/12/31 01:38:45
290 [ssh.1]
291 document -MM; ok djm@
292 - (djm) [openbsd-compat/port-tun.c openbsd-compat/port-tun.h configure.ac]
293 [serverloop.c ssh.c openbsd-compat/Makefile.in]
294 [openbsd-compat/openbsd-compat.h] Implement tun(4) forwarding
295 compatability support for Linux, diff from reyk@
296 - (djm) [configure.ac] Disable Linux tun(4) compat code if linux/tun.h does
297 not exist
298 - (djm) [configure.ac] oops, make that linux/if_tun.h
299
30020051229
301 - (tim) [buildpkg.sh.in] grep for $SSHDUID instead of $SSHDGID on /etc/passwd
302
30320051224
304 - (djm) OpenBSD CVS Sync
305 - jmc@cvs.openbsd.org 2005/12/20 21:59:43
306 [ssh.1]
307 merge the sections on protocols 1 and 2 into one section on
308 authentication;
309 feedback djm dtucker
310 ok deraadt markus dtucker
311 - jmc@cvs.openbsd.org 2005/12/20 22:02:50
312 [ssh.1]
313 .Ss -> .Sh: subsections have not made this page more readable
314 - jmc@cvs.openbsd.org 2005/12/20 22:09:41
315 [ssh.1]
316 move info on ssh return values and config files up into the main
317 description;
318 - jmc@cvs.openbsd.org 2005/12/21 11:48:16
319 [ssh.1]
320 -L and -R descriptions are now above, not below, ~C description;
321 - jmc@cvs.openbsd.org 2005/12/21 11:57:25
322 [ssh.1]
323 options now described `above', rather than `later';
324 - jmc@cvs.openbsd.org 2005/12/21 12:53:31
325 [ssh.1]
326 -Y does X11 forwarding too;
327 ok markus
328 - stevesk@cvs.openbsd.org 2005/12/21 22:44:26
329 [sshd.8]
330 clarify precedence of -p, Port, ListenAddress; ok and help jmc@
331 - jmc@cvs.openbsd.org 2005/12/22 10:31:40
332 [ssh_config.5]
333 put the description of "UsePrivilegedPort" in the correct place;
334 - jmc@cvs.openbsd.org 2005/12/22 11:23:42
335 [ssh.1]
336 expand the description of -w somewhat;
337 help/ok reyk
338 - jmc@cvs.openbsd.org 2005/12/23 14:55:53
339 [ssh.1]
340 - sync the description of -e w/ synopsis
341 - simplify the description of -I
342 - note that -I is only available if support compiled in, and that it
343 isn't by default
344 feedback/ok djm@
345 - jmc@cvs.openbsd.org 2005/12/23 23:46:23
346 [ssh.1]
347 less mark up for -c;
348 - djm@cvs.openbsd.org 2005/12/24 02:27:41
349 [session.c sshd.c]
350 eliminate some code duplicated in privsep and non-privsep paths, and
351 explicitly clear SIGALRM handler; "groovy" deraadt@
352
35320051220
354 - (dtucker) OpenBSD CVS Sync
355 - reyk@cvs.openbsd.org 2005/12/13 15:03:02
356 [serverloop.c]
357 if forced_tun_device is not set, it is -1 and not SSH_TUNID_ANY
358 - jmc@cvs.openbsd.org 2005/12/16 18:07:08
359 [ssh.1]
360 move the option descriptions up the page: start of a restructure;
361 ok markus deraadt
362 - jmc@cvs.openbsd.org 2005/12/16 18:08:53
363 [ssh.1]
364 simplify a sentence;
365 - jmc@cvs.openbsd.org 2005/12/16 18:12:22
366 [ssh.1]
367 make the description of -c a little nicer;
368 - jmc@cvs.openbsd.org 2005/12/16 18:14:40
369 [ssh.1]
370 signpost the protocol sections;
371 - stevesk@cvs.openbsd.org 2005/12/17 21:13:05
372 [ssh_config.5 session.c]
373 spelling: fowarding, fowarded
374 - stevesk@cvs.openbsd.org 2005/12/17 21:36:42
375 [ssh_config.5]
376 spelling: intented -> intended
377 - dtucker@cvs.openbsd.org 2005/12/20 04:41:07
378 [ssh.c]
379 exit(255) on error to match description in ssh(1); bz #1137; ok deraadt@
380
38120051219
382 - (dtucker) [cipher-aes.c cipher-ctr.c cipher.c configure.ac
383 openbsd-compat/openssl-compat.h] Check for and work around broken AES
384 ciphers >128bit on (some) Solaris 10 systems. ok djm@
385
38620051217
387 - (dtucker) [defines.h] HP-UX system headers define "YES" and "NO" which
388 scp.c also uses, so undef them here.
389 - (dtucker) [configure.ac openbsd-compat/bsd-snprintf.c] Bug #1133: Our
390 snprintf replacement can have a conflicting declaration in HP-UX's system
391 headers (const vs. no const) so we now check for and work around it. Patch
392 from the dynamic duo of David Leonard and Ted Percival.
393
39420051214
395 - (dtucker) OpenBSD CVS Sync (regress/)
396 - dtucker@cvs.openbsd.org 2005/12/30 04:36:39
397 [regress/scp-ssh-wrapper.sh]
398 Fix assumption about how many args scp will pass; ok djm@
399
40020051213
401 - (djm) OpenBSD CVS Sync
402 - jmc@cvs.openbsd.org 2005/11/30 11:18:27
403 [ssh.1]
404 timezone -> time zone
405 - jmc@cvs.openbsd.org 2005/11/30 11:45:20
406 [ssh.1]
407 avoid ambiguities in describing TZ;
408 ok djm@
409 - reyk@cvs.openbsd.org 2005/12/06 22:38:28
410 [auth-options.c auth-options.h channels.c channels.h clientloop.c]
411 [misc.c misc.h readconf.c readconf.h scp.c servconf.c servconf.h]
412 [serverloop.c sftp.c ssh.1 ssh.c ssh_config ssh_config.5 sshconnect.c]
413 [sshconnect.h sshd.8 sshd_config sshd_config.5]
414 Add support for tun(4) forwarding over OpenSSH, based on an idea and
415 initial channel code bits by markus@. This is a simple and easy way to
416 use OpenSSH for ad hoc virtual private network connections, e.g.
417 administrative tunnels or secure wireless access. It's based on a new
418 ssh channel and works similar to the existing TCP forwarding support,
419 except that it depends on the tun(4) network interface on both ends of
420 the connection for layer 2 or layer 3 tunneling. This diff also adds
421 support for LocalCommand in the ssh(1) client.
422 ok djm@, markus@, jmc@ (manpages), tested and discussed with others
423 - djm@cvs.openbsd.org 2005/12/07 03:52:22
424 [clientloop.c]
425 reyk forgot to compile with -Werror (missing header)
426 - jmc@cvs.openbsd.org 2005/12/07 10:52:13
427 [ssh.1]
428 - avoid line split in SYNOPSIS
429 - add args to -w
430 - kill trailing whitespace
431 - jmc@cvs.openbsd.org 2005/12/08 14:59:44
432 [ssh.1 ssh_config.5]
433 make `!command' a little clearer;
434 ok reyk
435 - jmc@cvs.openbsd.org 2005/12/08 15:06:29
436 [ssh_config.5]
437 keep options in order;
438 - reyk@cvs.openbsd.org 2005/12/08 18:34:11
439 [auth-options.c includes.h misc.c misc.h readconf.c servconf.c]
440 [serverloop.c ssh.c ssh_config.5 sshd_config.5 configure.ac]
441 two changes to the new ssh tunnel support. this breaks compatibility
442 with the initial commit but is required for a portable approach.
443 - make the tunnel id u_int and platform friendly, use predefined types.
444 - support configuration of layer 2 (ethernet) or layer 3
445 (point-to-point, default) modes. configuration is done using the
446 Tunnel (yes|point-to-point|ethernet|no) option is ssh_config(5) and
447 restricted by the PermitTunnel (yes|point-to-point|ethernet|no) option
448 in sshd_config(5).
449 ok djm@, man page bits by jmc@
450 - jmc@cvs.openbsd.org 2005/12/08 21:37:50
451 [ssh_config.5]
452 new sentence, new line;
453 - markus@cvs.openbsd.org 2005/12/12 13:46:18
454 [channels.c channels.h session.c]
455 make sure protocol messages for internal channels are ignored.
456 allow adjust messages for non-open channels; with and ok djm@
457 - (djm) [misc.c] Disable tunnel code for non-OpenBSD (for now), enable
458 again by providing a sys_tun_open() function for your platform and
459 setting the CUSTOM_SYS_TUN_OPEN define. More work is required to match
460 OpenBSD's tunnel protocol, which prepends the address family to the
461 packet
462
46320051201
464 - (djm) [envpass.sh] Remove regress script that was accidentally committed
465 in top level directory and not noticed for over a year :)
466
46720051129
468 - (tim) [ssh-keygen.c] Move DSA length test after setting default when
469 bits == 0.
470 - (dtucker) OpenBSD CVS Sync
471 - dtucker@cvs.openbsd.org 2005/11/29 02:04:55
472 [ssh-keygen.c]
473 Populate default key sizes before checking them; from & ok tim@
474 - (tim) [configure.ac sshd.8] Enable locked account check (a "*LK*" string)
475 for UnixWare.
476
47720051128
478 - (dtucker) [regress/yes-head.sh] Work around breakage caused by some
479 versions of GNU head. Based on patch from zappaman at buraphalinux.org
480 - (dtucker) [includes.h] Bug #1122: __USE_GNU is a glibc internal macro, use
481 _GNU_SOURCE instead. Patch from t8m at centrum.cz.
482 - (dtucker) OpenBSD CVS Sync
483 - dtucker@cvs.openbsd.org 2005/11/28 05:16:53
484 [ssh-keygen.1 ssh-keygen.c]
485 Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2,
486 increase minumum RSA key size to 768 bits and update man page to reflect
487 these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com),
488 ok djm@, grudging ok deraadt@.
489 - dtucker@cvs.openbsd.org 2005/11/28 06:02:56
490 [ssh-agent.1]
491 Update agent socket path templates to reflect reality, correct xref for
492 time formats. bz#1121, patch from openssh at roumenpetrov.info, ok djm@
493
49420051126
495 - (dtucker) [configure.ac] Bug #1126: AIX 5.2 and 5.3 (and presumably newer,
496 when they're available) need the real UID set otherwise pam_chauthtok will
497 set ADMCHG after changing the password, forcing the user to change it
498 again immediately.
499
50020051125
501 - (dtucker) [configure.ac] Apply tim's fix for older systems where the
502 resolver state in resolv.h is "state" not "__res_state". With slight
503 modification by me to also work on old AIXes. ok djm@
504 - (dtucker) [progressmeter.c scp.c sftp-server.c] Use correct casts for
505 snprintf formats, fixes warnings on some 64 bit platforms. Patch from
506 shaw at vranix.com, ok djm@
507
50820051124
509 - (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bsd-asprintf.c
510 openbsd-compat/bsd-snprintf.c openbsd-compat/openbsd-compat.h] Add an
511 asprintf() implementation, after syncing our {v,}snprintf() implementation
512 with some extra fixes from Samba's version. With help and debugging from
513 dtucker and tim; ok dtucker@
514 - (dtucker) [configure.ac] Fix typos in comments and AC_SEARCH_LIB argument
515 order in Reliant Unix block. Patch from johane at lysator.liu.se.
516 - (dtucker) [regress/test-exec.sh] Use 1024 bit keys since we generate so
517 many and use them only once. Speeds up testing on older/slower hardware.
518
51920051122
520 - (dtucker) OpenBSD CVS Sync
521 - deraadt@cvs.openbsd.org 2005/11/12 18:37:59
522 [ssh-add.c]
523 space
524 - deraadt@cvs.openbsd.org 2005/11/12 18:38:15
525 [scp.c]
526 avoid close(-1), as in rcp; ok cloder
527 - millert@cvs.openbsd.org 2005/11/15 11:59:54
528 [includes.h]
529 Include sys/queue.h explicitly instead of assuming some other header
530 will pull it in. At the moment it gets pulled in by sys/select.h
531 (which ssh has no business including) via event.h. OK markus@
532 (ID sync only in -portable)
533 - dtucker@cvs.openbsd.org 2005/11/21 09:42:10
534 [auth-krb5.c]
535 Perform Kerberos calls even for invalid users to prevent leaking
536 information about account validity. bz #975, patch originally from
537 Senthil Kumar, sanity checked by Simon Wilkinson, tested by djm@, biorn@,
538 ok markus@
539 - dtucker@cvs.openbsd.org 2005/11/22 03:36:03
540 [hostfile.c]
541 Correct format/arguments to debug call; spotted by shaw at vranix.com
542 ok djm@
543 - (dtucker) [loginrec.c] Add casts to prevent compiler warnings, patch
544 from shaw at vranix.com.
545
54620051120
547 - (dtucker) [openbsd-compat/openssl-compat.h] Add comment explaining what
548 is going on.
549
55020051112
551 - (dtucker) [openbsd-compat/getrrsetbyname.c] Restore Portable-specific
552 ifdef lost during sync. Spotted by tim@.
553 - (dtucker) [openbsd-compat/{realpath.c,stroll.c,rresvport.c}] $OpenBSD tag.
554 - (dtucker) [configure.ac] Use "$AWK" instead of "awk" in gcc version test.
555 - (dtucker) [configure.ac] Remove duplicate utimes() check. ok djm@
556 - (dtucker) [regress/reconfigure.sh] Fix potential race in the reconfigure
557 test: if sshd takes too long to reconfigure the subsequent connection will
558 fail. Zap pidfile before HUPing sshd which will rewrite it when it's ready.
559
56020051110
561 - (dtucker) [openbsd-compat/setenv.c] Merge changes for __findenv from
562 OpenBSD getenv.c revs 1.4 - 1.8 (ANSIfication of arguments, removal of
563 "register").
564 - (dtucker) [openbsd-compat/setenv.c] Make __findenv static, remove
565 unnecessary prototype.
566 - (dtucker) [openbsd-compat/setenv.c] Sync changes from OpenBSD setenv.c
567 revs 1.7 - 1.9.
568 - (dtucker) [auth-krb5.c] Fix -Wsign-compare warning in non-Heimdal path.
569 Patch from djm@.
570 - (dtucker) [configure.ac] Disable pointer-sign warnings on gcc 4.0+
571 since they're not useful right now. Patch from djm@.
572 - (dtucker) [openbsd-compat/getgrouplist.c] Sync OpenBSD revs 1.10 - 1.2 (ANSI
573 prototypes, removal of "register").
574 - (dtucker) [openbsd-compat/strlcat.c] Sync OpenBSD revs 1.11 - 1.12 (removal
575 of "register").
576 - (dtucker) [openbsd-compat/{LOTS}] Move the "OPENBSD ORIGINAL" markers to
577 after the copyright notices. Having them at the top next to the CVSIDs
578 guarantees a conflict for each and every sync.
579 - (dtucker) [openbsd-compat/strlcpy.c] Update from OpenBSD 1.8 -> 1.10.
580 - (dtucker) [openbsd-compat/sigact.h] Add "OPENBSD ORIGINAL" marker.
581 - (dtucker) [openbsd-compat/strmode.c] Update from OpenBSD 1.5 -> 1.7.
582 Removal of rcsid, "whiteout" inode type.
583 - (dtucker) [openbsd-compat/basename.c] Update from OpenBSD 1.11 -> 1.14.
584 Removal of rcsid, will no longer strlcpy parts of the string.
585 - (dtucker) [openbsd-compat/strtoll.c] Update from OpenBSD 1.4 -> 1.5.
586 - (dtucker) [openbsd-compat/strtoul.c] Update from OpenBSD 1.5 -> 1.7.
587 - (dtucker) [openbsd-compat/readpassphrase.c] Update from OpenBSD 1.16 -> 1.18.
588 - (dtucker) [openbsd-compat/readpassphrase.h] Update from OpenBSD 1.3 -> 1.5.
589 - (dtucker) [openbsd-compat/glob.c] Update from OpenBSD 1.22 -> 1.25.
590 - (dtucker) [openbsd-compat/glob.h] Update from OpenBSD 1.8 -> 1.9.
591 - (dtucker) [openbsd-compat/getcwd.c] Update from OpenBSD 1.9 -> 1.14.
592 - (dtucker) [openbsd-compat/getcwd.c] Replace lstat with fstat to match up
593 with OpenBSD code since we don't support platforms without fstat any more.
594 - (dtucker) [openbsd-compat/inet_aton.c] Update from OpenBSD 1.7 -> 1.9.
595 - (dtucker) [openbsd-compat/inet_ntoa.c] Update from OpenBSD 1.4 -> 1.6.
596 - (dtucker) [openbsd-compat/inet_ntop.c] Update from OpenBSD 1.5 -> 1.7.
597 - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.5 -> 1.6.
598 - (dtucker) [openbsd-compat/strsep.c] Update from OpenBSD 1.5 -> 1.6.
599 - (dtucker) [openbsd-compat/daemon.c] Update from OpenBSD 1.10 -> 1.13.
600 - (dtucker) [openbsd-compat/mktemp.c] Update from OpenBSD 1.17 -> 1.19.
601 - (dtucker) [openbsd-compat/rresvport.c] Update from OpenBSD 1.6 -> 1.8.
602 - (dtucker) [openbsd-compat/bindresvport.c] Add "OPENBSD ORIGINAL" marker.
603 - (dtucker) [openbsd-compat/bindresvport.c] Update from OpenBSD 1.16 -> 1.17.
604 - (dtucker) [openbsd-compat/sigact.c] Update from OpenBSD 1.3 -> 1.4.
605 Id and copyright sync only, there were no substantial changes we need.
606 - (dtucker) [openbsd-compat/bsd-closefrom.c openbsd-compat/base64.c]
607 -Wsign-compare fixes from djm.
608 - (dtucker) [openbsd-compat/sigact.h] Update from OpenBSD 1.2 -> 1.3.
609 Id and copyright sync only, there were no substantial changes we need.
610 - (dtucker) [configure.ac] Try to get the gcc version number in a way that
611 doesn't change between versions, and use a safer default.
612
61320051105
614 - (djm) OpenBSD CVS Sync
615 - markus@cvs.openbsd.org 2005/10/07 11:13:57
616 [ssh-keygen.c]
617 change DSA default back to 1024, as it's defined for 1024 bits only
618 and this causes interop problems with other clients. moreover,
619 in order to improve the security of DSA you need to change more
620 components of DSA key generation (e.g. the internal SHA1 hash);
621 ok deraadt
622 - djm@cvs.openbsd.org 2005/10/10 10:23:08
623 [channels.c channels.h clientloop.c serverloop.c session.c]
624 fix regression I introduced in 4.2: X11 forwardings initiated after
625 a session has exited (e.g. "(sleep 5; xterm) &") would not start.
626 bz #1086 reported by t8m AT centrum.cz; ok markus@ dtucker@
627 - djm@cvs.openbsd.org 2005/10/11 23:37:37
628 [channels.c]
629 bz #1076 set SO_REUSEADDR on X11 forwarding listner sockets, preventing
630 bind() failure when a previous connection's listeners are in TIME_WAIT,
631 reported by plattner AT inf.ethz.ch; ok dtucker@
632 - stevesk@cvs.openbsd.org 2005/10/13 14:03:01
633 [auth2-gss.c gss-genr.c gss-serv.c]
634 remove unneeded #includes; ok markus@
635 - stevesk@cvs.openbsd.org 2005/10/13 14:20:37
636 [gss-serv.c]
637 spelling in comments
638 - stevesk@cvs.openbsd.org 2005/10/13 19:08:08
639 [gss-serv-krb5.c gss-serv.c]
640 unused declarations; ok deraadt@
641 (id sync only for gss-serv-krb5.c)
642 - stevesk@cvs.openbsd.org 2005/10/13 19:13:41
643 [dns.c]
644 unneeded #include, unused declaration, little knf; ok deraadt@
645 - stevesk@cvs.openbsd.org 2005/10/13 22:24:31
646 [auth2-gss.c gss-genr.c gss-serv.c monitor.c]
647 KNF; ok djm@
648 - stevesk@cvs.openbsd.org 2005/10/14 02:17:59
649 [ssh-keygen.c ssh.c sshconnect2.c]
650 no trailing "\n" for log functions; ok djm@
651 - stevesk@cvs.openbsd.org 2005/10/14 02:29:37
652 [channels.c clientloop.c]
653 free()->xfree(); ok djm@
654 - stevesk@cvs.openbsd.org 2005/10/15 15:28:12
655 [sshconnect.c]
656 make external definition static; ok deraadt@
657 - stevesk@cvs.openbsd.org 2005/10/17 13:45:05
658 [dns.c]
659 fix memory leaks from 2 sources:
660 1) key_fingerprint_raw()
661 2) malloc in dns_read_rdata()
662 ok jakob@
663 - stevesk@cvs.openbsd.org 2005/10/17 14:01:28
664 [dns.c]
665 remove #ifdef LWRES; ok jakob@
666 - stevesk@cvs.openbsd.org 2005/10/17 14:13:35
667 [dns.c dns.h]
668 more cleanups; ok jakob@
669 - djm@cvs.openbsd.org 2005/10/30 01:23:19
670 [ssh_config.5]
671 mention control socket fallback behaviour, reported by
672 tryponraj AT gmail.com
673 - djm@cvs.openbsd.org 2005/10/30 04:01:03
674 [ssh-keyscan.c]
675 make ssh-keygen discard junk from server before SSH- ident, spotted by
676 dave AT cirt.net; ok dtucker@
677 - djm@cvs.openbsd.org 2005/10/30 04:03:24
678 [ssh.c]
679 fix misleading debug message; ok dtucker@
680 - dtucker@cvs.openbsd.org 2005/10/30 08:29:29
681 [canohost.c sshd.c]
682 Check for connections with IP options earlier and drop silently. ok djm@
683 - jmc@cvs.openbsd.org 2005/10/30 08:43:47
684 [ssh_config.5]
685 remove trailing whitespace;
686 - djm@cvs.openbsd.org 2005/10/30 08:52:18
687 [clientloop.c packet.c serverloop.c session.c ssh-agent.c ssh-keygen.c]
688 [ssh.c sshconnect.c sshconnect1.c sshd.c]
689 no need to escape single quotes in comments, no binary change
690 - dtucker@cvs.openbsd.org 2005/10/31 06:15:04
691 [sftp.c]
692 Fix sorting with "ls -1" command. From Robert Tsai, "looks right" deraadt@
693 - djm@cvs.openbsd.org 2005/10/31 11:12:49
694 [ssh-keygen.1 ssh-keygen.c]
695 generate a protocol 2 RSA key by default
696 - djm@cvs.openbsd.org 2005/10/31 11:48:29
697 [serverloop.c]
698 make sure we clean up wtmp, etc. file when we receive a SIGTERM,
699 SIGINT or SIGQUIT when running without privilege separation (the
700 normal privsep case is already OK). Patch mainly by dtucker@ and
701 senthilkumar_sen AT hotpop.com; ok dtucker@
702 - jmc@cvs.openbsd.org 2005/10/31 19:55:25
703 [ssh-keygen.1]
704 grammar;
705 - dtucker@cvs.openbsd.org 2005/11/03 13:38:29
706 [canohost.c]
707 Cache reverse lookups with and without DNS separately; ok markus@
708 - djm@cvs.openbsd.org 2005/11/04 05:15:59
709 [kex.c kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c]
710 remove hardcoded hash lengths in key exchange code, allowing
711 implementation of KEX methods with different hashes (e.g. SHA-256);
712 ok markus@ dtucker@ stevesk@
713 - djm@cvs.openbsd.org 2005/11/05 05:01:15
714 [bufaux.c]
715 Fix leaks in error paths, bz #1109 and #1110 reported by kremenek AT
716 cs.stanford.edu; ok dtucker@
717 - (dtucker) [README.platform] Add PAM section.
718 - (djm) [openbsd-compat/getrrsetbyname.c] Sync to latest OpenBSD version,
719 resolving memory leak bz#1111 reported by kremenek AT cs.stanford.edu;
720 ok dtucker@
721
72220051102
723 - (dtucker) [openbsd-compat/bsd-misc.c] Bug #1108: fix broken strdup().
724 Reported by olavi at ipunplugged.com and antoine.brodin at laposte.net
725 via FreeBSD.
726
72720051030
728 - (djm) [contrib/suse/openssh.spec contrib/suse/rc.
729 sshd contrib/suse/sysconfig.ssh] Bug #1106: Updated SuSE spec and init
730 files from imorgan AT nas.nasa.gov
731 - (dtucker) [session.c] Bug #1045do not check /etc/nologin when PAM is
732 enabled, instead allow PAM to handle it. Note that on platforms using PAM,
733 the pam_nologin module should be added to sshd's session stack in order to
734 maintain exising behaviour. Based on patch and discussion from t8m at
735 centrum.cz, ok djm@
736
73720051025
738 - (dtucker) [configure.ac] Relocate LLONG_MAX calculation to after the
739 sizeof(long long) checks, to make fixing bug #1104 easier (no changes
740 yet).
741 - (dtucker) [configure.ac] Bug #1104: Tru64's printf family doesn't
742 understand "%lld", even though the compiler has "long long", so handle
743 it as a special case. Patch tested by mcaskill.scott at epa.gov.
744 - (dtucker) [contrib/cygwin/ssh-user-config] Remove duplicate yes/no
745 prompt. Patch from vinschen at redhat.com.
746
74720051017
748 - (dtucker) [configure.ac] Bug #1097: Fix configure for cross-compiling.
749 /etc/default/login report and testing from aabaker at iee.org, corrections
750 from tim@.
751
75220051009
753 - (dtucker) [configure.ac defines.h openbsd-compat/vis.{c,h}] Sync current
754 versions from OpenBSD. ok djm@
755
75620051008
757 - (dtucker) [configure.ac] Bug #1098: define $MAIL for HP-UX; report from
758 brian.smith at agilent com.
759 - (djm) [configure.ac] missing 'test' call for -with-Werror test
760
76120051005
762 - (dtucker) [configure.ac sshd.8] Enable locked account check (a prepended
763 "*LOCKED*" string) for FreeBSD. Patch jeremie at le-hen.org and
764 senthilkumar_sen at hotpop.com.
765
76620051003
767 - (dtucker) OpenBSD CVS Sync
768 - markus@cvs.openbsd.org 2005/09/07 08:53:53
769 [channels.c]
770 enforce chanid != NULL; ok djm
771 - markus@cvs.openbsd.org 2005/09/09 19:18:05
772 [clientloop.c]
773 typo; from mark at mcs.vuw.ac.nz, bug #1082
774 - djm@cvs.openbsd.org 2005/09/13 23:40:07
775 [sshd.c ssh.c misc.h sftp.c ssh-keygen.c ssh-keysign.c sftp-server.c
776 scp.c misc.c ssh-keyscan.c ssh-add.c ssh-agent.c]
777 ensure that stdio fds are attached; ok deraadt@
778 - djm@cvs.openbsd.org 2005/09/19 11:37:34
779 [ssh_config.5 ssh.1]
780 mention ability to specify bind_address for DynamicForward and -D options;
781 bz#1077 spotted by Haruyama Seigo
782 - djm@cvs.openbsd.org 2005/09/19 11:47:09
783 [sshd.c]
784 stop connection abort on rekey with delayed compression enabled when
785 post-auth privsep is disabled (e.g. when root is logged in); ok dtucker@
786 - djm@cvs.openbsd.org 2005/09/19 11:48:10
787 [gss-serv.c]
788 typo
789 - jmc@cvs.openbsd.org 2005/09/19 15:38:27
790 [ssh.1]
791 some more .Bk/.Ek to avoid ugly line split;
792 - jmc@cvs.openbsd.org 2005/09/19 15:42:44
793 [ssh.c]
794 update -D usage here too;
795 - djm@cvs.openbsd.org 2005/09/19 23:31:31
796 [ssh.1]
797 spelling nit from stevesk@
798 - djm@cvs.openbsd.org 2005/09/21 23:36:54
799 [sshd_config.5]
800 aquire -> acquire, from stevesk@
801 - djm@cvs.openbsd.org 2005/09/21 23:37:11
802 [sshd.c]
803 change label at markus@'s request
804 - jaredy@cvs.openbsd.org 2005/09/30 20:34:26
805 [ssh-keyscan.1]
806 deploy .An -nosplit; ok jmc
807 - dtucker@cvs.openbsd.org 2005/10/03 07:44:42
808 [canohost.c]
809 Relocate check_ip_options call to prevent logging of garbage for
810 connections with IP options set. bz#1092 from David Leonard,
811 "looks good" deraadt@
812 - (dtucker) [regress/README.regress] Bug #989: Document limitation that scp
813 is required in the system path for the multiplex test to work.
814
81520050930
816 - (dtucker) [openbsd-compat/openbsd-compat.h] Bug #1096: Add prototype
817 for strtoll. Patch from o.flebbe at science-computing.de.
818 - (dtucker) [monitor.c] Bug #1087: Send loginmsg to preauth privsep
819 child during PAM account check without clearing it. This restores the
820 post-login warnings such as LDAP password expiry. Patch from Tomas Mraz
821 with help from several others.
822
82320050929
824 - (dtucker) [monitor_wrap.c] Remove duplicate definition of loginmsg
825 introduced during sync.
826
82720050928
828 - (dtucker) [entropy.c] Use u_char for receiving RNG seed for consistency.
829 - (dtucker) [auth-pam.c] Bug #1028: send final non-query messages from
830 PAM via keyboard-interactive. Patch tested by the folks at Vintela.
831
83220050927
833 - (dtucker) [entropy.c] Remove unnecessary tests for getuid and geteuid
834 calls, since they can't possibly fail. ok djm@
835 - (dtucker) [entropy.c entropy.h sshd.c] Pass RNG seed to the reexec'ed
836 process when sshd relies on ssh-random-helper. Should result in faster
837 logins on systems without a real random device or prngd. ok djm@
838
83920050924
840 - (dtucker) [auth2.c] Move start_pam() calls out of if-else block to remove
841 duplicate call. ok djm@
842
84320050922
844 - (dtucker) [configure.ac] Use -R linker flag for libedit too; patch from
845 skeleten at shillest.net.
846 - (dtucker) [configure.ac] Fix help for --with-opensc; patch from skeleten at
847 shillest.net.
848
84920050919
850 - (tim) [aclocal.m4 configure.ac] Delete acconfig.h and add templates to
851 AC_DEFINE and AC_DEFINE_UNQUOTED to quiet autoconf 2.59 warning messages.
852 ok dtucker@
853
85420050912
855 - (tim) [configure.ac] Bug 1078. Fix --without-kerberos5. Reported by
856 Mike Frysinger.
857
85820050908
859 - (tim) [defines.h openbsd-compat/port-uw.c] Add long password support to
860 OpenServer 6 and add osr5bigcrypt support so when someone migrates
861 passwords between UnixWare and OpenServer they will still work. OK dtucker@
862
120050901 86320050901
2 - (djm) Update RPM spec file versions 864 - (djm) Update RPM spec file versions
3 865
@@ -2989,4 +3851,4 @@
2989 - (djm) Trim deprecated options from INSTALL. Mention UsePAM 3851 - (djm) Trim deprecated options from INSTALL. Mention UsePAM
2990 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu 3852 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
2991 3853
2992$Id: ChangeLog,v 1.3887 2005/09/01 09:10:48 djm Exp $ 3854$Id: ChangeLog,v 1.4117.2.10 2006/02/11 00:00:44 djm Exp $
diff --git a/Makefile.in b/Makefile.in
index fcbc522f2..af881c521 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,4 +1,4 @@
1# $Id: Makefile.in,v 1.273 2005/05/29 07:22:29 dtucker Exp $ 1# $Id: Makefile.in,v 1.274 2006/01/01 08:47:05 djm Exp $
2 2
3# uncomment if you run a non bourne compatable shell. Ie. csh 3# uncomment if you run a non bourne compatable shell. Ie. csh
4#SHELL = @SH@ 4#SHELL = @SH@
@@ -139,7 +139,7 @@ sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
139 $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBS) 139 $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBS)
140 140
141scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o 141scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
142 $(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 142 $(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
143 143
144ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o 144ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o
145 $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 145 $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
diff --git a/README b/README
index 51f0ca4fb..c8c413195 100644
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
1See http://www.openssh.com/txt/release-4.2 for the release notes. 1See http://www.openssh.com/txt/release-4.3p2 for the release notes.
2 2
3- A Japanese translation of this document and of the OpenSSH FAQ is 3- A Japanese translation of this document and of the OpenSSH FAQ is
4- available at http://www.unixuser.org/~haruyama/security/openssh/index.html 4- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
@@ -62,4 +62,4 @@ References -
62[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 62[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
63[7] http://www.openssh.com/faq.html 63[7] http://www.openssh.com/faq.html
64 64
65$Id: README,v 1.60 2005/08/31 14:05:57 dtucker Exp $ 65$Id: README,v 1.61.2.1 2006/02/10 23:43:34 dtucker Exp $
diff --git a/README.platform b/README.platform
index af551de48..4c18a3278 100644
--- a/README.platform
+++ b/README.platform
@@ -45,4 +45,14 @@ number is already in use on your system, you may change it at build time
45by configure'ing --with-cflags=-DAUE_openssh=32801 then rebuilding. 45by configure'ing --with-cflags=-DAUE_openssh=32801 then rebuilding.
46 46
47 47
48$Id: README.platform,v 1.5 2005/02/20 10:01:49 dtucker Exp $ 48Platforms using PAM
49-------------------
50As of OpenSSH 4.3p1, sshd will no longer check /etc/nologin itself when
51PAM is enabled. To maintain existing behaviour, pam_nologin should be
52added to sshd's session stack which will prevent users from starting shell
53sessions. Alternatively, pam_nologin can be added to either the auth or
54account stacks which will prevent authentication entirely, but will still
55return the output from pam_nologin to the client.
56
57
58$Id: README.platform,v 1.6 2005/11/05 05:28:35 dtucker Exp $
diff --git a/README.tun b/README.tun
new file mode 100644
index 000000000..d814f396d
--- /dev/null
+++ b/README.tun
@@ -0,0 +1,132 @@
1How to use OpenSSH-based virtual private networks
2-------------------------------------------------
3
4OpenSSH contains support for VPN tunneling using the tun(4) network
5tunnel pseudo-device which is available on most platforms, either for
6layer 2 or 3 traffic.
7
8The following brief instructions on how to use this feature use
9a network configuration specific to the OpenBSD operating system.
10
11(1) Server: Enable support for SSH tunneling
12
13To enable the ssh server to accept tunnel requests from the client, you
14have to add the following option to the ssh server configuration file
15(/etc/ssh/sshd_config):
16
17 PermitTunnel yes
18
19Restart the server or send the hangup signal (SIGHUP) to let the server
20reread it's configuration.
21
22(2) Server: Restrict client access and assign the tunnel
23
24The OpenSSH server simply uses the file /root/.ssh/authorized_keys to
25restrict the client to connect to a specified tunnel and to
26automatically start the related interface configuration command. These
27settings are optional but recommended:
28
29 tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... reyk@openbsd.org
30
31(3) Client: Configure the local network tunnel interface
32
33Use the hostname.if(5) interface-specific configuration file to set up
34the network tunnel configuration with OpenBSD. For example, use the
35following configuration in /etc/hostname.tun0 to set up the layer 3
36tunnel on the client:
37
38 inet 192.168.5.1 255.255.255.252 192.168.5.2
39
40OpenBSD also supports layer 2 tunneling over the tun device by adding
41the link0 flag:
42
43 inet 192.168.1.78 255.255.255.0 192.168.1.255 link0
44
45Layer 2 tunnels can be used in combination with an Ethernet bridge(4)
46interface, like the following example for /etc/bridgename.bridge0:
47
48 add tun0
49 add sis0
50 up
51
52(4) Client: Configure the OpenSSH client
53
54To establish tunnel forwarding for connections to a specified
55remote host by default, use the following ssh client configuration for
56the privileged user (in /root/.ssh/config):
57
58 Host sshgateway
59 Tunnel yes
60 TunnelDevice 0:any
61 PermitLocalCommand yes
62 LocalCommand sh /etc/netstart tun0
63
64A more complicated configuration is possible to establish a tunnel to
65a remote host which is not directly accessible by the client.
66The following example describes a client configuration to connect to
67the remote host over two ssh hops in between. It uses the OpenSSH
68ProxyCommand in combination with the nc(1) program to forward the final
69ssh tunnel destination over multiple ssh sessions.
70
71 Host access.somewhere.net
72 User puffy
73 Host dmzgw
74 User puffy
75 ProxyCommand ssh access.somewhere.net nc dmzgw 22
76 Host sshgateway
77 Tunnel Ethernet
78 TunnelDevice 0:any
79 PermitLocalCommand yes
80 LocalCommand sh /etc/netstart tun0
81 ProxyCommand ssh dmzgw nc sshgateway 22
82
83The following network plan illustrates the previous configuration in
84combination with layer 2 tunneling and Ethernet bridging.
85
86+--------+ ( ) +----------------------+
87| Client |------( Internet )-----| access.somewhere.net |
88+--------+ ( ) +----------------------+
89 : 192.168.1.78 |
90 :............................. +-------+
91 Forwarded ssh connection : | dmzgw |
92 Layer 2 tunnel : +-------+
93 : |
94 : |
95 : +------------+
96 :......| sshgateway |
97 | +------------+
98--- real connection Bridge -> | +----------+
99... "virtual connection" [ X ]--------| somehost |
100[X] switch +----------+
101 192.168.1.25
102
103(5) Client: Connect to the server and establish the tunnel
104
105Finally connect to the OpenSSH server to establish the tunnel by using
106the following command:
107
108 ssh sshgateway
109
110It is also possible to tell the client to fork into the background after
111the connection has been successfully established:
112
113 ssh -f sshgateway true
114
115Without the ssh configuration done in step (4), it is also possible
116to use the following command lines:
117
118 ssh -fw 0:1 sshgateway true
119 ifconfig tun0 192.168.5.1 192.168.5.2 netmask 255.255.255.252
120
121Using OpenSSH tunnel forwarding is a simple way to establish secure
122and ad hoc virtual private networks. Possible fields of application
123could be wireless networks or administrative VPN tunnels.
124
125Nevertheless, ssh tunneling requires some packet header overhead and
126runs on top of TCP. It is still suggested to use the IP Security
127Protocol (IPSec) for robust and permanent VPN connections and to
128interconnect corporate networks.
129
130 Reyk Floeter
131
132$OpenBSD: README.tun,v 1.3 2005/12/08 18:34:10 reyk Exp $
diff --git a/aclocal.m4 b/aclocal.m4
index 2705a9b23..b68a47080 100644
--- a/aclocal.m4
+++ b/aclocal.m4
@@ -1,4 +1,4 @@
1dnl $Id: aclocal.m4,v 1.5 2001/10/22 00:53:59 tim Exp $ 1dnl $Id: aclocal.m4,v 1.6 2005/09/19 16:33:39 tim Exp $
2dnl 2dnl
3dnl OpenSSH-specific autoconf macros 3dnl OpenSSH-specific autoconf macros
4dnl 4dnl
@@ -26,7 +26,7 @@ AC_DEFUN(OSSH_CHECK_HEADER_FOR_FIELD, [
26 if test -n "`echo $ossh_varname`"; then 26 if test -n "`echo $ossh_varname`"; then
27 AC_MSG_RESULT($ossh_result) 27 AC_MSG_RESULT($ossh_result)
28 if test "x$ossh_result" = "xyes"; then 28 if test "x$ossh_result" = "xyes"; then
29 AC_DEFINE($3) 29 AC_DEFINE($3, 1, [Define if you have $1 in $2])
30 fi 30 fi
31 else 31 else
32 AC_MSG_RESULT(no) 32 AC_MSG_RESULT(no)
diff --git a/auth-krb5.c b/auth-krb5.c
index c7367b49a..64d613543 100644
--- a/auth-krb5.c
+++ b/auth-krb5.c
@@ -28,7 +28,7 @@
28 */ 28 */
29 29
30#include "includes.h" 30#include "includes.h"
31RCSID("$OpenBSD: auth-krb5.c,v 1.15 2003/11/21 11:57:02 djm Exp $"); 31RCSID("$OpenBSD: auth-krb5.c,v 1.16 2005/11/21 09:42:10 dtucker Exp $");
32 32
33#include "ssh.h" 33#include "ssh.h"
34#include "ssh1.h" 34#include "ssh1.h"
@@ -69,9 +69,6 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
69 krb5_ccache ccache = NULL; 69 krb5_ccache ccache = NULL;
70 int len; 70 int len;
71 71
72 if (!authctxt->valid)
73 return (0);
74
75 temporarily_use_uid(authctxt->pw); 72 temporarily_use_uid(authctxt->pw);
76 73
77 problem = krb5_init(authctxt); 74 problem = krb5_init(authctxt);
@@ -188,7 +185,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
188 else 185 else
189 return (0); 186 return (0);
190 } 187 }
191 return (1); 188 return (authctxt->valid ? 1 : 0);
192} 189}
193 190
194void 191void
@@ -218,7 +215,7 @@ ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
218 215
219 ret = snprintf(ccname, sizeof(ccname), 216 ret = snprintf(ccname, sizeof(ccname),
220 "FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid()); 217 "FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid());
221 if (ret == -1 || ret >= sizeof(ccname)) 218 if (ret < 0 || (size_t)ret >= sizeof(ccname))
222 return ENOMEM; 219 return ENOMEM;
223 220
224 old_umask = umask(0177); 221 old_umask = umask(0177);
diff --git a/auth-options.c b/auth-options.c
index a85e40835..ad97e6129 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -10,7 +10,7 @@
10 */ 10 */
11 11
12#include "includes.h" 12#include "includes.h"
13RCSID("$OpenBSD: auth-options.c,v 1.31 2005/03/10 22:40:38 deraadt Exp $"); 13RCSID("$OpenBSD: auth-options.c,v 1.33 2005/12/08 18:34:11 reyk Exp $");
14 14
15#include "xmalloc.h" 15#include "xmalloc.h"
16#include "match.h" 16#include "match.h"
@@ -35,6 +35,9 @@ char *forced_command = NULL;
35/* "environment=" options. */ 35/* "environment=" options. */
36struct envstring *custom_environment = NULL; 36struct envstring *custom_environment = NULL;
37 37
38/* "tunnel=" option. */
39int forced_tun_device = -1;
40
38extern ServerOptions options; 41extern ServerOptions options;
39 42
40void 43void
@@ -54,6 +57,7 @@ auth_clear_options(void)
54 xfree(forced_command); 57 xfree(forced_command);
55 forced_command = NULL; 58 forced_command = NULL;
56 } 59 }
60 forced_tun_device = -1;
57 channel_clear_permitted_opens(); 61 channel_clear_permitted_opens();
58 auth_debug_reset(); 62 auth_debug_reset();
59} 63}
@@ -269,6 +273,41 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
269 xfree(patterns); 273 xfree(patterns);
270 goto next_option; 274 goto next_option;
271 } 275 }
276 cp = "tunnel=\"";
277 if (strncasecmp(opts, cp, strlen(cp)) == 0) {
278 char *tun = NULL;
279 opts += strlen(cp);
280 tun = xmalloc(strlen(opts) + 1);
281 i = 0;
282 while (*opts) {
283 if (*opts == '"')
284 break;
285 tun[i++] = *opts++;
286 }
287 if (!*opts) {
288 debug("%.100s, line %lu: missing end quote",
289 file, linenum);
290 auth_debug_add("%.100s, line %lu: missing end quote",
291 file, linenum);
292 xfree(tun);
293 forced_tun_device = -1;
294 goto bad_option;
295 }
296 tun[i] = 0;
297 forced_tun_device = a2tun(tun, NULL);
298 xfree(tun);
299 if (forced_tun_device == SSH_TUNID_ERR) {
300 debug("%.100s, line %lu: invalid tun device",
301 file, linenum);
302 auth_debug_add("%.100s, line %lu: invalid tun device",
303 file, linenum);
304 forced_tun_device = -1;
305 goto bad_option;
306 }
307 auth_debug_add("Forced tun device: %d", forced_tun_device);
308 opts++;
309 goto next_option;
310 }
272next_option: 311next_option:
273 /* 312 /*
274 * Skip the comma, and move to the next option 313 * Skip the comma, and move to the next option
diff --git a/auth-options.h b/auth-options.h
index 15fb21255..3cd02a71f 100644
--- a/auth-options.h
+++ b/auth-options.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth-options.h,v 1.12 2002/07/21 18:34:43 stevesk Exp $ */ 1/* $OpenBSD: auth-options.h,v 1.13 2005/12/06 22:38:27 reyk Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -28,6 +28,7 @@ extern int no_x11_forwarding_flag;
28extern int no_pty_flag; 28extern int no_pty_flag;
29extern char *forced_command; 29extern char *forced_command;
30extern struct envstring *custom_environment; 30extern struct envstring *custom_environment;
31extern int forced_tun_device;
31 32
32int auth_parse_options(struct passwd *, char *, char *, u_long); 33int auth_parse_options(struct passwd *, char *, char *, u_long);
33void auth_clear_options(void); 34void auth_clear_options(void);
diff --git a/auth-pam.c b/auth-pam.c
index 0446cd559..fb9ae954a 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -47,7 +47,7 @@
47 47
48/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ 48/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
49#include "includes.h" 49#include "includes.h"
50RCSID("$Id: auth-pam.c,v 1.126 2005/07/17 07:18:50 djm Exp $"); 50RCSID("$Id: auth-pam.c,v 1.128 2006/01/29 05:46:13 dtucker Exp $");
51 51
52#ifdef USE_PAM 52#ifdef USE_PAM
53#if defined(HAVE_SECURITY_PAM_APPL_H) 53#if defined(HAVE_SECURITY_PAM_APPL_H)
@@ -716,8 +716,18 @@ sshpam_query(void *ctx, char **name, char **info,
716 plen++; 716 plen++;
717 xfree(msg); 717 xfree(msg);
718 break; 718 break;
719 case PAM_SUCCESS:
720 case PAM_AUTH_ERR: 719 case PAM_AUTH_ERR:
720 debug3("PAM: PAM_AUTH_ERR");
721 if (**prompts != NULL && strlen(**prompts) != 0) {
722 *info = **prompts;
723 **prompts = NULL;
724 *num = 0;
725 **echo_on = 0;
726 ctxt->pam_done = -1;
727 return 0;
728 }
729 /* FALLTHROUGH */
730 case PAM_SUCCESS:
721 if (**prompts != NULL) { 731 if (**prompts != NULL) {
722 /* drain any accumulated messages */ 732 /* drain any accumulated messages */
723 debug("PAM: %s", **prompts); 733 debug("PAM: %s", **prompts);
@@ -763,7 +773,7 @@ sshpam_respond(void *ctx, u_int num, char **resp)
763 Buffer buffer; 773 Buffer buffer;
764 struct pam_ctxt *ctxt = ctx; 774 struct pam_ctxt *ctxt = ctx;
765 775
766 debug2("PAM: %s entering, %d responses", __func__, num); 776 debug2("PAM: %s entering, %u responses", __func__, num);
767 switch (ctxt->pam_done) { 777 switch (ctxt->pam_done) {
768 case 1: 778 case 1:
769 sshpam_authenticated = 1; 779 sshpam_authenticated = 1;
diff --git a/auth2-gss.c b/auth2-gss.c
index 4d468a0e8..95844a05e 100644
--- a/auth2-gss.c
+++ b/auth2-gss.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-gss.c,v 1.10 2005/07/17 07:17:54 djm Exp $ */ 1/* $OpenBSD: auth2-gss.c,v 1.12 2005/10/13 22:24:31 stevesk Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. 4 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -34,7 +34,6 @@
34#include "log.h" 34#include "log.h"
35#include "dispatch.h" 35#include "dispatch.h"
36#include "servconf.h" 36#include "servconf.h"
37#include "compat.h"
38#include "packet.h" 37#include "packet.h"
39#include "monitor_wrap.h" 38#include "monitor_wrap.h"
40 39
@@ -49,7 +48,7 @@ static void input_gssapi_errtok(int, u_int32_t, void *);
49 48
50/* 49/*
51 * We only support those mechanisms that we know about (ie ones that we know 50 * We only support those mechanisms that we know about (ie ones that we know
52 * how to check local user kuserok and the like 51 * how to check local user kuserok and the like)
53 */ 52 */
54static int 53static int
55userauth_gssapi(Authctxt *authctxt) 54userauth_gssapi(Authctxt *authctxt)
@@ -105,7 +104,7 @@ userauth_gssapi(Authctxt *authctxt)
105 return (0); 104 return (0);
106 } 105 }
107 106
108 authctxt->methoddata=(void *)ctxt; 107 authctxt->methoddata = (void *)ctxt;
109 108
110 packet_start(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE); 109 packet_start(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE);
111 110
diff --git a/auth2.c b/auth2.c
index 613b0e2bc..d255242ed 100644
--- a/auth2.c
+++ b/auth2.c
@@ -156,21 +156,17 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
156 if (authctxt->pw && strcmp(service, "ssh-connection")==0) { 156 if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
157 authctxt->valid = 1; 157 authctxt->valid = 1;
158 debug2("input_userauth_request: setting up authctxt for %s", user); 158 debug2("input_userauth_request: setting up authctxt for %s", user);
159#ifdef USE_PAM
160 if (options.use_pam)
161 PRIVSEP(start_pam(authctxt));
162#endif
163 } else { 159 } else {
164 logit("input_userauth_request: invalid user %s", user); 160 logit("input_userauth_request: invalid user %s", user);
165 authctxt->pw = fakepw(); 161 authctxt->pw = fakepw();
166#ifdef USE_PAM
167 if (options.use_pam)
168 PRIVSEP(start_pam(authctxt));
169#endif
170#ifdef SSH_AUDIT_EVENTS 162#ifdef SSH_AUDIT_EVENTS
171 PRIVSEP(audit_event(SSH_INVALID_USER)); 163 PRIVSEP(audit_event(SSH_INVALID_USER));
172#endif 164#endif
173 } 165 }
166#ifdef USE_PAM
167 if (options.use_pam)
168 PRIVSEP(start_pam(authctxt));
169#endif
174 setproctitle("%s%s", authctxt->valid ? user : "unknown", 170 setproctitle("%s%s", authctxt->valid ? user : "unknown",
175 use_privsep ? " [net]" : ""); 171 use_privsep ? " [net]" : "");
176 authctxt->service = xstrdup(service); 172 authctxt->service = xstrdup(service);
diff --git a/bufaux.c b/bufaux.c
index 8d096a056..106a3a0c7 100644
--- a/bufaux.c
+++ b/bufaux.c
@@ -37,7 +37,7 @@
37 */ 37 */
38 38
39#include "includes.h" 39#include "includes.h"
40RCSID("$OpenBSD: bufaux.c,v 1.36 2005/06/17 02:44:32 djm Exp $"); 40RCSID("$OpenBSD: bufaux.c,v 1.37 2005/11/05 05:01:15 djm Exp $");
41 41
42#include <openssl/bn.h> 42#include <openssl/bn.h>
43#include "bufaux.h" 43#include "bufaux.h"
@@ -63,6 +63,7 @@ buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value)
63 if (oi != bin_size) { 63 if (oi != bin_size) {
64 error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d", 64 error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d",
65 oi, bin_size); 65 oi, bin_size);
66 xfree(buf);
66 return (-1); 67 return (-1);
67 } 68 }
68 69
@@ -187,10 +188,12 @@ buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value)
187 188
188 if (len > 0 && (bin[0] & 0x80)) { 189 if (len > 0 && (bin[0] & 0x80)) {
189 error("buffer_get_bignum2_ret: negative numbers not supported"); 190 error("buffer_get_bignum2_ret: negative numbers not supported");
191 xfree(bin);
190 return (-1); 192 return (-1);
191 } 193 }
192 if (len > 8 * 1024) { 194 if (len > 8 * 1024) {
193 error("buffer_get_bignum2_ret: cannot handle BN of size %d", len); 195 error("buffer_get_bignum2_ret: cannot handle BN of size %d", len);
196 xfree(bin);
194 return (-1); 197 return (-1);
195 } 198 }
196 BN_bin2bn(bin, len, value); 199 BN_bin2bn(bin, len, value);
diff --git a/buildpkg.sh.in b/buildpkg.sh.in
index f90ae6e81..cb9eb3048 100644
--- a/buildpkg.sh.in
+++ b/buildpkg.sh.in
@@ -353,7 +353,7 @@ else
353 # Create user if required 353 # Create user if required
354 [ "\$DO_PASSWD" = yes ] && { 354 [ "\$DO_PASSWD" = yes ] && {
355 # Use uid of 67 if possible 355 # Use uid of 67 if possible
356 if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null 356 if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDUID'\$' >/dev/null
357 then 357 then
358 : 358 :
359 else 359 else
diff --git a/canohost.c b/canohost.c
index c27086bfd..6ca60e6b4 100644
--- a/canohost.c
+++ b/canohost.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: canohost.c,v 1.44 2005/06/17 02:44:32 djm Exp $"); 15RCSID("$OpenBSD: canohost.c,v 1.48 2005/12/28 22:46:06 stevesk Exp $");
16 16
17#include "packet.h" 17#include "packet.h"
18#include "xmalloc.h" 18#include "xmalloc.h"
@@ -43,9 +43,6 @@ get_remote_hostname(int sock, int use_dns)
43 cleanup_exit(255); 43 cleanup_exit(255);
44 } 44 }
45 45
46 if (from.ss_family == AF_INET)
47 check_ip_options(sock, ntop);
48
49 ipv64_normalise_mapped(&from, &fromlen); 46 ipv64_normalise_mapped(&from, &fromlen);
50 47
51 if (from.ss_family == AF_INET6) 48 if (from.ss_family == AF_INET6)
@@ -55,6 +52,9 @@ get_remote_hostname(int sock, int use_dns)
55 NULL, 0, NI_NUMERICHOST) != 0) 52 NULL, 0, NI_NUMERICHOST) != 0)
56 fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed"); 53 fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed");
57 54
55 if (from.ss_family == AF_INET)
56 check_ip_options(sock, ntop);
57
58 if (!use_dns) 58 if (!use_dns)
59 return xstrdup(ntop); 59 return xstrdup(ntop);
60 60
@@ -102,7 +102,7 @@ get_remote_hostname(int sock, int use_dns)
102 hints.ai_socktype = SOCK_STREAM; 102 hints.ai_socktype = SOCK_STREAM;
103 if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { 103 if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
104 logit("reverse mapping checking getaddrinfo for %.700s " 104 logit("reverse mapping checking getaddrinfo for %.700s "
105 "failed - POSSIBLE BREAKIN ATTEMPT!", name); 105 "failed - POSSIBLE BREAK-IN ATTEMPT!", name);
106 return xstrdup(ntop); 106 return xstrdup(ntop);
107 } 107 }
108 /* Look for the address from the list of addresses. */ 108 /* Look for the address from the list of addresses. */
@@ -117,7 +117,7 @@ get_remote_hostname(int sock, int use_dns)
117 if (!ai) { 117 if (!ai) {
118 /* Address not found for the host name. */ 118 /* Address not found for the host name. */
119 logit("Address %.100s maps to %.600s, but this does not " 119 logit("Address %.100s maps to %.600s, but this does not "
120 "map back to the address - POSSIBLE BREAKIN ATTEMPT!", 120 "map back to the address - POSSIBLE BREAK-IN ATTEMPT!",
121 ntop, name); 121 ntop, name);
122 return xstrdup(ntop); 122 return xstrdup(ntop);
123 } 123 }
@@ -158,9 +158,7 @@ check_ip_options(int sock, char *ipaddr)
158 for (i = 0; i < option_size; i++) 158 for (i = 0; i < option_size; i++)
159 snprintf(text + i*3, sizeof(text) - i*3, 159 snprintf(text + i*3, sizeof(text) - i*3,
160 " %2.2x", options[i]); 160 " %2.2x", options[i]);
161 logit("Connection from %.100s with IP options:%.800s", 161 fatal("Connection from %.100s with IP options:%.800s",
162 ipaddr, text);
163 packet_disconnect("Connection from %.100s with IP options:%.800s",
164 ipaddr, text); 162 ipaddr, text);
165 } 163 }
166#endif /* IP_OPTIONS */ 164#endif /* IP_OPTIONS */
@@ -200,26 +198,27 @@ ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len)
200const char * 198const char *
201get_canonical_hostname(int use_dns) 199get_canonical_hostname(int use_dns)
202{ 200{
201 char *host;
203 static char *canonical_host_name = NULL; 202 static char *canonical_host_name = NULL;
204 static int use_dns_done = 0; 203 static char *remote_ip = NULL;
205 204
206 /* Check if we have previously retrieved name with same option. */ 205 /* Check if we have previously retrieved name with same option. */
207 if (canonical_host_name != NULL) { 206 if (use_dns && canonical_host_name != NULL)
208 if (use_dns_done != use_dns) 207 return canonical_host_name;
209 xfree(canonical_host_name); 208 if (!use_dns && remote_ip != NULL)
210 else 209 return remote_ip;
211 return canonical_host_name;
212 }
213 210
214 /* Get the real hostname if socket; otherwise return UNKNOWN. */ 211 /* Get the real hostname if socket; otherwise return UNKNOWN. */
215 if (packet_connection_is_on_socket()) 212 if (packet_connection_is_on_socket())
216 canonical_host_name = get_remote_hostname( 213 host = get_remote_hostname(packet_get_connection_in(), use_dns);
217 packet_get_connection_in(), use_dns);
218 else 214 else
219 canonical_host_name = xstrdup("UNKNOWN"); 215 host = "UNKNOWN";
220 216
221 use_dns_done = use_dns; 217 if (use_dns)
222 return canonical_host_name; 218 canonical_host_name = host;
219 else
220 remote_ip = host;
221 return host;
223} 222}
224 223
225/* 224/*
diff --git a/channels.c b/channels.c
index 8c7b2b369..1252f3446 100644
--- a/channels.c
+++ b/channels.c
@@ -39,7 +39,7 @@
39 */ 39 */
40 40
41#include "includes.h" 41#include "includes.h"
42RCSID("$OpenBSD: channels.c,v 1.223 2005/07/17 07:17:54 djm Exp $"); 42RCSID("$OpenBSD: channels.c,v 1.232 2006/01/30 12:22:22 reyk Exp $");
43 43
44#include "ssh.h" 44#include "ssh.h"
45#include "ssh1.h" 45#include "ssh1.h"
@@ -58,8 +58,6 @@ RCSID("$OpenBSD: channels.c,v 1.223 2005/07/17 07:17:54 djm Exp $");
58 58
59/* -- channel core */ 59/* -- channel core */
60 60
61#define CHAN_RBUF 16*1024
62
63/* 61/*
64 * Pointer to an array containing all allocated channels. The array is 62 * Pointer to an array containing all allocated channels. The array is
65 * dynamically extended as needed. 63 * dynamically extended as needed.
@@ -142,23 +140,51 @@ static void port_open_helper(Channel *c, char *rtype);
142/* -- channel core */ 140/* -- channel core */
143 141
144Channel * 142Channel *
145channel_lookup(int id) 143channel_by_id(int id)
146{ 144{
147 Channel *c; 145 Channel *c;
148 146
149 if (id < 0 || (u_int)id >= channels_alloc) { 147 if (id < 0 || (u_int)id >= channels_alloc) {
150 logit("channel_lookup: %d: bad id", id); 148 logit("channel_by_id: %d: bad id", id);
151 return NULL; 149 return NULL;
152 } 150 }
153 c = channels[id]; 151 c = channels[id];
154 if (c == NULL) { 152 if (c == NULL) {
155 logit("channel_lookup: %d: bad id: channel free", id); 153 logit("channel_by_id: %d: bad id: channel free", id);
156 return NULL; 154 return NULL;
157 } 155 }
158 return c; 156 return c;
159} 157}
160 158
161/* 159/*
160 * Returns the channel if it is allowed to receive protocol messages.
161 * Private channels, like listening sockets, may not receive messages.
162 */
163Channel *
164channel_lookup(int id)
165{
166 Channel *c;
167
168 if ((c = channel_by_id(id)) == NULL)
169 return (NULL);
170
171 switch(c->type) {
172 case SSH_CHANNEL_X11_OPEN:
173 case SSH_CHANNEL_LARVAL:
174 case SSH_CHANNEL_CONNECTING:
175 case SSH_CHANNEL_DYNAMIC:
176 case SSH_CHANNEL_OPENING:
177 case SSH_CHANNEL_OPEN:
178 case SSH_CHANNEL_INPUT_DRAINING:
179 case SSH_CHANNEL_OUTPUT_DRAINING:
180 return (c);
181 break;
182 }
183 logit("Non-public channel %d, type %d.", id, c->type);
184 return (NULL);
185}
186
187/*
162 * Register filedescriptors for a channel, used when allocating a channel or 188 * Register filedescriptors for a channel, used when allocating a channel or
163 * when the channel consumer/producer is ready, e.g. shell exec'd 189 * when the channel consumer/producer is ready, e.g. shell exec'd
164 */ 190 */
@@ -269,9 +295,11 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
269 c->force_drain = 0; 295 c->force_drain = 0;
270 c->single_connection = 0; 296 c->single_connection = 0;
271 c->detach_user = NULL; 297 c->detach_user = NULL;
298 c->detach_close = 0;
272 c->confirm = NULL; 299 c->confirm = NULL;
273 c->confirm_ctx = NULL; 300 c->confirm_ctx = NULL;
274 c->input_filter = NULL; 301 c->input_filter = NULL;
302 c->output_filter = NULL;
275 debug("channel %d: new [%s]", found, remote_name); 303 debug("channel %d: new [%s]", found, remote_name);
276 return c; 304 return c;
277} 305}
@@ -628,29 +656,32 @@ channel_register_confirm(int id, channel_callback_fn *fn, void *ctx)
628 c->confirm_ctx = ctx; 656 c->confirm_ctx = ctx;
629} 657}
630void 658void
631channel_register_cleanup(int id, channel_callback_fn *fn) 659channel_register_cleanup(int id, channel_callback_fn *fn, int do_close)
632{ 660{
633 Channel *c = channel_lookup(id); 661 Channel *c = channel_by_id(id);
634 662
635 if (c == NULL) { 663 if (c == NULL) {
636 logit("channel_register_cleanup: %d: bad id", id); 664 logit("channel_register_cleanup: %d: bad id", id);
637 return; 665 return;
638 } 666 }
639 c->detach_user = fn; 667 c->detach_user = fn;
668 c->detach_close = do_close;
640} 669}
641void 670void
642channel_cancel_cleanup(int id) 671channel_cancel_cleanup(int id)
643{ 672{
644 Channel *c = channel_lookup(id); 673 Channel *c = channel_by_id(id);
645 674
646 if (c == NULL) { 675 if (c == NULL) {
647 logit("channel_cancel_cleanup: %d: bad id", id); 676 logit("channel_cancel_cleanup: %d: bad id", id);
648 return; 677 return;
649 } 678 }
650 c->detach_user = NULL; 679 c->detach_user = NULL;
680 c->detach_close = 0;
651} 681}
652void 682void
653channel_register_filter(int id, channel_filter_fn *fn) 683channel_register_filter(int id, channel_infilter_fn *ifn,
684 channel_outfilter_fn *ofn)
654{ 685{
655 Channel *c = channel_lookup(id); 686 Channel *c = channel_lookup(id);
656 687
@@ -658,7 +689,8 @@ channel_register_filter(int id, channel_filter_fn *fn)
658 logit("channel_register_filter: %d: bad id", id); 689 logit("channel_register_filter: %d: bad id", id);
659 return; 690 return;
660 } 691 }
661 c->input_filter = fn; 692 c->input_filter = ifn;
693 c->output_filter = ofn;
662} 694}
663 695
664void 696void
@@ -1227,6 +1259,19 @@ port_open_helper(Channel *c, char *rtype)
1227 xfree(remote_ipaddr); 1259 xfree(remote_ipaddr);
1228} 1260}
1229 1261
1262static void
1263channel_set_reuseaddr(int fd)
1264{
1265 int on = 1;
1266
1267 /*
1268 * Set socket options.
1269 * Allow local port reuse in TIME_WAIT.
1270 */
1271 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1)
1272 error("setsockopt SO_REUSEADDR fd %d: %s", fd, strerror(errno));
1273}
1274
1230/* 1275/*
1231 * This socket is listening for connections to a forwarded TCP/IP port. 1276 * This socket is listening for connections to a forwarded TCP/IP port.
1232 */ 1277 */
@@ -1398,6 +1443,8 @@ channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset)
1398 debug2("channel %d: filter stops", c->self); 1443 debug2("channel %d: filter stops", c->self);
1399 chan_read_failed(c); 1444 chan_read_failed(c);
1400 } 1445 }
1446 } else if (c->datagram) {
1447 buffer_put_string(&c->input, buf, len);
1401 } else { 1448 } else {
1402 buffer_append(&c->input, buf, len); 1449 buffer_append(&c->input, buf, len);
1403 } 1450 }
@@ -1408,7 +1455,7 @@ static int
1408channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset) 1455channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
1409{ 1456{
1410 struct termios tio; 1457 struct termios tio;
1411 u_char *data; 1458 u_char *data = NULL, *buf;
1412 u_int dlen; 1459 u_int dlen;
1413 int len; 1460 int len;
1414 1461
@@ -1416,14 +1463,45 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
1416 if (c->wfd != -1 && 1463 if (c->wfd != -1 &&
1417 FD_ISSET(c->wfd, writeset) && 1464 FD_ISSET(c->wfd, writeset) &&
1418 buffer_len(&c->output) > 0) { 1465 buffer_len(&c->output) > 0) {
1419 data = buffer_ptr(&c->output); 1466 if (c->output_filter != NULL) {
1420 dlen = buffer_len(&c->output); 1467 if ((buf = c->output_filter(c, &data, &dlen)) == NULL) {
1468 debug2("channel %d: filter stops", c->self);
1469 if (c->type != SSH_CHANNEL_OPEN)
1470 chan_mark_dead(c);
1471 else
1472 chan_write_failed(c);
1473 return -1;
1474 }
1475 } else if (c->datagram) {
1476 buf = data = buffer_get_string(&c->output, &dlen);
1477 } else {
1478 buf = data = buffer_ptr(&c->output);
1479 dlen = buffer_len(&c->output);
1480 }
1481
1482 if (c->datagram) {
1483 /* ignore truncated writes, datagrams might get lost */
1484 c->local_consumed += dlen + 4;
1485 len = write(c->wfd, buf, dlen);
1486 xfree(data);
1487 if (len < 0 && (errno == EINTR || errno == EAGAIN))
1488 return 1;
1489 if (len <= 0) {
1490 if (c->type != SSH_CHANNEL_OPEN)
1491 chan_mark_dead(c);
1492 else
1493 chan_write_failed(c);
1494 return -1;
1495 }
1496 return 1;
1497 }
1421#ifdef _AIX 1498#ifdef _AIX
1422 /* XXX: Later AIX versions can't push as much data to tty */ 1499 /* XXX: Later AIX versions can't push as much data to tty */
1423 if (compat20 && c->wfd_isatty) 1500 if (compat20 && c->wfd_isatty)
1424 dlen = MIN(dlen, 8*1024); 1501 dlen = MIN(dlen, 8*1024);
1425#endif 1502#endif
1426 len = write(c->wfd, data, dlen); 1503
1504 len = write(c->wfd, buf, dlen);
1427 if (len < 0 && (errno == EINTR || errno == EAGAIN)) 1505 if (len < 0 && (errno == EINTR || errno == EAGAIN))
1428 return 1; 1506 return 1;
1429 if (len <= 0) { 1507 if (len <= 0) {
@@ -1440,14 +1518,14 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
1440 } 1518 }
1441 return -1; 1519 return -1;
1442 } 1520 }
1443 if (compat20 && c->isatty && dlen >= 1 && data[0] != '\r') { 1521 if (compat20 && c->isatty && dlen >= 1 && buf[0] != '\r') {
1444 if (tcgetattr(c->wfd, &tio) == 0 && 1522 if (tcgetattr(c->wfd, &tio) == 0 &&
1445 !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) { 1523 !(tio.c_lflag & ECHO) && (tio.c_lflag & ICANON)) {
1446 /* 1524 /*
1447 * Simulate echo to reduce the impact of 1525 * Simulate echo to reduce the impact of
1448 * traffic analysis. We need to match the 1526 * traffic analysis. We need to match the
1449 * size of a SSH2_MSG_CHANNEL_DATA message 1527 * size of a SSH2_MSG_CHANNEL_DATA message
1450 * (4 byte channel id + data) 1528 * (4 byte channel id + buf)
1451 */ 1529 */
1452 packet_send_ignore(4 + len); 1530 packet_send_ignore(4 + len);
1453 packet_send(); 1531 packet_send();
@@ -1666,7 +1744,7 @@ channel_garbage_collect(Channel *c)
1666 if (c == NULL) 1744 if (c == NULL)
1667 return; 1745 return;
1668 if (c->detach_user != NULL) { 1746 if (c->detach_user != NULL) {
1669 if (!chan_is_dead(c, 0)) 1747 if (!chan_is_dead(c, c->detach_close))
1670 return; 1748 return;
1671 debug2("channel %d: gc: notify user", c->self); 1749 debug2("channel %d: gc: notify user", c->self);
1672 c->detach_user(c->self, NULL); 1750 c->detach_user(c->self, NULL);
@@ -1776,6 +1854,22 @@ channel_output_poll(void)
1776 if ((c->istate == CHAN_INPUT_OPEN || 1854 if ((c->istate == CHAN_INPUT_OPEN ||
1777 c->istate == CHAN_INPUT_WAIT_DRAIN) && 1855 c->istate == CHAN_INPUT_WAIT_DRAIN) &&
1778 (len = buffer_len(&c->input)) > 0) { 1856 (len = buffer_len(&c->input)) > 0) {
1857 if (c->datagram) {
1858 if (len > 0) {
1859 u_char *data;
1860 u_int dlen;
1861
1862 data = buffer_get_string(&c->input,
1863 &dlen);
1864 packet_start(SSH2_MSG_CHANNEL_DATA);
1865 packet_put_int(c->remote_id);
1866 packet_put_string(data, dlen);
1867 packet_send();
1868 c->remote_window -= dlen + 4;
1869 xfree(data);
1870 }
1871 continue;
1872 }
1779 /* 1873 /*
1780 * Send some data for the other side over the secure 1874 * Send some data for the other side over the secure
1781 * connection. 1875 * connection.
@@ -1898,7 +1992,10 @@ channel_input_data(int type, u_int32_t seq, void *ctxt)
1898 c->local_window -= data_len; 1992 c->local_window -= data_len;
1899 } 1993 }
1900 packet_check_eom(); 1994 packet_check_eom();
1901 buffer_append(&c->output, data, data_len); 1995 if (c->datagram)
1996 buffer_put_string(&c->output, data, data_len);
1997 else
1998 buffer_append(&c->output, data, data_len);
1902 xfree(data); 1999 xfree(data);
1903} 2000}
1904 2001
@@ -2129,9 +2226,8 @@ channel_input_window_adjust(int type, u_int32_t seq, void *ctxt)
2129 id = packet_get_int(); 2226 id = packet_get_int();
2130 c = channel_lookup(id); 2227 c = channel_lookup(id);
2131 2228
2132 if (c == NULL || c->type != SSH_CHANNEL_OPEN) { 2229 if (c == NULL) {
2133 logit("Received window adjust for " 2230 logit("Received window adjust for non-open channel %d.", id);
2134 "non-open channel %d.", id);
2135 return; 2231 return;
2136 } 2232 }
2137 adjust = packet_get_int(); 2233 adjust = packet_get_int();
@@ -2188,7 +2284,7 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por
2188 const char *host_to_connect, u_short port_to_connect, int gateway_ports) 2284 const char *host_to_connect, u_short port_to_connect, int gateway_ports)
2189{ 2285{
2190 Channel *c; 2286 Channel *c;
2191 int sock, r, success = 0, on = 1, wildcard = 0, is_client; 2287 int sock, r, success = 0, wildcard = 0, is_client;
2192 struct addrinfo hints, *ai, *aitop; 2288 struct addrinfo hints, *ai, *aitop;
2193 const char *host, *addr; 2289 const char *host, *addr;
2194 char ntop[NI_MAXHOST], strport[NI_MAXSERV]; 2290 char ntop[NI_MAXHOST], strport[NI_MAXSERV];
@@ -2275,13 +2371,8 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por
2275 verbose("socket: %.100s", strerror(errno)); 2371 verbose("socket: %.100s", strerror(errno));
2276 continue; 2372 continue;
2277 } 2373 }
2278 /* 2374
2279 * Set socket options. 2375 channel_set_reuseaddr(sock);
2280 * Allow local port reuse in TIME_WAIT.
2281 */
2282 if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on,
2283 sizeof(on)) == -1)
2284 error("setsockopt SO_REUSEADDR: %s", strerror(errno));
2285 2376
2286 debug("Local forwarding listening on %s port %s.", ntop, strport); 2377 debug("Local forwarding listening on %s port %s.", ntop, strport);
2287 2378
@@ -2453,7 +2544,7 @@ channel_request_rforward_cancel(const char *host, u_short port)
2453 2544
2454 permitted_opens[i].listen_port = 0; 2545 permitted_opens[i].listen_port = 0;
2455 permitted_opens[i].port_to_connect = 0; 2546 permitted_opens[i].port_to_connect = 0;
2456 free(permitted_opens[i].host_to_connect); 2547 xfree(permitted_opens[i].host_to_connect);
2457 permitted_opens[i].host_to_connect = NULL; 2548 permitted_opens[i].host_to_connect = NULL;
2458} 2549}
2459 2550
@@ -2668,6 +2759,9 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
2668 char strport[NI_MAXSERV]; 2759 char strport[NI_MAXSERV];
2669 int gaierr, n, num_socks = 0, socks[NUM_SOCKS]; 2760 int gaierr, n, num_socks = 0, socks[NUM_SOCKS];
2670 2761
2762 if (chanids == NULL)
2763 return -1;
2764
2671 for (display_number = x11_display_offset; 2765 for (display_number = x11_display_offset;
2672 display_number < MAX_DISPLAYS; 2766 display_number < MAX_DISPLAYS;
2673 display_number++) { 2767 display_number++) {
@@ -2704,6 +2798,7 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
2704 error("setsockopt IPV6_V6ONLY: %.100s", strerror(errno)); 2798 error("setsockopt IPV6_V6ONLY: %.100s", strerror(errno));
2705 } 2799 }
2706#endif 2800#endif
2801 channel_set_reuseaddr(sock);
2707 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { 2802 if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
2708 debug2("bind port %d: %.100s", port, strerror(errno)); 2803 debug2("bind port %d: %.100s", port, strerror(errno));
2709 close(sock); 2804 close(sock);
@@ -2749,8 +2844,7 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
2749 } 2844 }
2750 2845
2751 /* Allocate a channel for each socket. */ 2846 /* Allocate a channel for each socket. */
2752 if (chanids != NULL) 2847 *chanids = xmalloc(sizeof(**chanids) * (num_socks + 1));
2753 *chanids = xmalloc(sizeof(**chanids) * (num_socks + 1));
2754 for (n = 0; n < num_socks; n++) { 2848 for (n = 0; n < num_socks; n++) {
2755 sock = socks[n]; 2849 sock = socks[n];
2756 nc = channel_new("x11 listener", 2850 nc = channel_new("x11 listener",
@@ -2758,11 +2852,9 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
2758 CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 2852 CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
2759 0, "X11 inet listener", 1); 2853 0, "X11 inet listener", 1);
2760 nc->single_connection = single_connection; 2854 nc->single_connection = single_connection;
2761 if (*chanids != NULL) 2855 (*chanids)[n] = nc->self;
2762 (*chanids)[n] = nc->self;
2763 } 2856 }
2764 if (*chanids != NULL) 2857 (*chanids)[n] = -1;
2765 (*chanids)[n] = -1;
2766 2858
2767 /* Return the display number for the DISPLAY environment variable. */ 2859 /* Return the display number for the DISPLAY environment variable. */
2768 *display_numberp = display_number; 2860 *display_numberp = display_number;
@@ -2948,7 +3040,7 @@ deny_input_open(int type, u_int32_t seq, void *ctxt)
2948 error("deny_input_open: type %d", type); 3040 error("deny_input_open: type %d", type);
2949 break; 3041 break;
2950 } 3042 }
2951 error("Warning: this is probably a break in attempt by a malicious server."); 3043 error("Warning: this is probably a break-in attempt by a malicious server.");
2952 packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); 3044 packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
2953 packet_put_int(rchan); 3045 packet_put_int(rchan);
2954 packet_send(); 3046 packet_send();
diff --git a/channels.h b/channels.h
index 1cb2c3a34..a97dd9007 100644
--- a/channels.h
+++ b/channels.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: channels.h,v 1.79 2005/07/17 06:49:04 djm Exp $ */ 1/* $OpenBSD: channels.h,v 1.83 2005/12/30 15:56:37 reyk Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -63,7 +63,8 @@ struct Channel;
63typedef struct Channel Channel; 63typedef struct Channel Channel;
64 64
65typedef void channel_callback_fn(int, void *); 65typedef void channel_callback_fn(int, void *);
66typedef int channel_filter_fn(struct Channel *, char *, int); 66typedef int channel_infilter_fn(struct Channel *, char *, int);
67typedef u_char *channel_outfilter_fn(struct Channel *, u_char **, u_int *);
67 68
68struct Channel { 69struct Channel {
69 int type; /* channel type/state */ 70 int type; /* channel type/state */
@@ -106,11 +107,15 @@ struct Channel {
106 107
107 /* callback */ 108 /* callback */
108 channel_callback_fn *confirm; 109 channel_callback_fn *confirm;
109 channel_callback_fn *detach_user;
110 void *confirm_ctx; 110 void *confirm_ctx;
111 channel_callback_fn *detach_user;
112 int detach_close;
111 113
112 /* filter */ 114 /* filter */
113 channel_filter_fn *input_filter; 115 channel_infilter_fn *input_filter;
116 channel_outfilter_fn *output_filter;
117
118 int datagram; /* keep boundaries */
114}; 119};
115 120
116#define CHAN_EXTENDED_IGNORE 0 121#define CHAN_EXTENDED_IGNORE 0
@@ -142,6 +147,8 @@ struct Channel {
142#define CHAN_EOF_SENT 0x04 147#define CHAN_EOF_SENT 0x04
143#define CHAN_EOF_RCVD 0x08 148#define CHAN_EOF_RCVD 0x08
144 149
150#define CHAN_RBUF 16*1024
151
145/* check whether 'efd' is still in use */ 152/* check whether 'efd' is still in use */
146#define CHANNEL_EFD_INPUT_ACTIVE(c) \ 153#define CHANNEL_EFD_INPUT_ACTIVE(c) \
147 (compat20 && c->extended_usage == CHAN_EXTENDED_READ && \ 154 (compat20 && c->extended_usage == CHAN_EXTENDED_READ && \
@@ -154,6 +161,7 @@ struct Channel {
154 161
155/* channel management */ 162/* channel management */
156 163
164Channel *channel_by_id(int);
157Channel *channel_lookup(int); 165Channel *channel_lookup(int);
158Channel *channel_new(char *, int, int, int, int, u_int, u_int, int, char *, int); 166Channel *channel_new(char *, int, int, int, int, u_int, u_int, int, char *, int);
159void channel_set_fds(int, int, int, int, int, int, u_int); 167void channel_set_fds(int, int, int, int, int, int, u_int);
@@ -163,9 +171,9 @@ void channel_stop_listening(void);
163 171
164void channel_send_open(int); 172void channel_send_open(int);
165void channel_request_start(int, char *, int); 173void channel_request_start(int, char *, int);
166void channel_register_cleanup(int, channel_callback_fn *); 174void channel_register_cleanup(int, channel_callback_fn *, int);
167void channel_register_confirm(int, channel_callback_fn *, void *); 175void channel_register_confirm(int, channel_callback_fn *, void *);
168void channel_register_filter(int, channel_filter_fn *); 176void channel_register_filter(int, channel_infilter_fn *, channel_outfilter_fn *);
169void channel_cancel_cleanup(int); 177void channel_cancel_cleanup(int);
170int channel_close_fd(int *); 178int channel_close_fd(int *);
171void channel_send_window_changes(void); 179void channel_send_window_changes(void);
diff --git a/cipher-aes.c b/cipher-aes.c
index 22d500d42..228ddb104 100644
--- a/cipher-aes.c
+++ b/cipher-aes.c
@@ -23,7 +23,11 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26#if OPENSSL_VERSION_NUMBER < 0x00907000L 26
27/* compatibility with old or broken OpenSSL versions */
28#include "openbsd-compat/openssl-compat.h"
29
30#ifdef USE_BUILTIN_RIJNDAEL
27RCSID("$OpenBSD: cipher-aes.c,v 1.2 2003/11/26 21:44:29 djm Exp $"); 31RCSID("$OpenBSD: cipher-aes.c,v 1.2 2003/11/26 21:44:29 djm Exp $");
28 32
29#include <openssl/evp.h> 33#include <openssl/evp.h>
@@ -31,10 +35,6 @@ RCSID("$OpenBSD: cipher-aes.c,v 1.2 2003/11/26 21:44:29 djm Exp $");
31#include "xmalloc.h" 35#include "xmalloc.h"
32#include "log.h" 36#include "log.h"
33 37
34#if OPENSSL_VERSION_NUMBER < 0x00906000L
35#define SSH_OLD_EVP
36#endif
37
38#define RIJNDAEL_BLOCKSIZE 16 38#define RIJNDAEL_BLOCKSIZE 16
39struct ssh_rijndael_ctx 39struct ssh_rijndael_ctx
40{ 40{
@@ -157,4 +157,4 @@ evp_rijndael(void)
157#endif 157#endif
158 return (&rijndal_cbc); 158 return (&rijndal_cbc);
159} 159}
160#endif /* OPENSSL_VERSION_NUMBER */ 160#endif /* USE_BUILTIN_RIJNDAEL */
diff --git a/cipher-ctr.c b/cipher-ctr.c
index 856177349..8a98f3c42 100644
--- a/cipher-ctr.c
+++ b/cipher-ctr.c
@@ -21,11 +21,10 @@ RCSID("$OpenBSD: cipher-ctr.c,v 1.6 2005/07/17 07:17:55 djm Exp $");
21#include "log.h" 21#include "log.h"
22#include "xmalloc.h" 22#include "xmalloc.h"
23 23
24#if OPENSSL_VERSION_NUMBER < 0x00906000L 24/* compatibility with old or broken OpenSSL versions */
25#define SSH_OLD_EVP 25#include "openbsd-compat/openssl-compat.h"
26#endif
27 26
28#if OPENSSL_VERSION_NUMBER < 0x00907000L 27#ifdef USE_BUILTIN_RIJNDAEL
29#include "rijndael.h" 28#include "rijndael.h"
30#define AES_KEY rijndael_ctx 29#define AES_KEY rijndael_ctx
31#define AES_BLOCK_SIZE 16 30#define AES_BLOCK_SIZE 16
diff --git a/cipher.c b/cipher.c
index 0dddf270a..1434d5524 100644
--- a/cipher.c
+++ b/cipher.c
@@ -334,7 +334,7 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
334 if ((u_int)evplen != len) 334 if ((u_int)evplen != len)
335 fatal("%s: wrong iv length %d != %d", __func__, 335 fatal("%s: wrong iv length %d != %d", __func__,
336 evplen, len); 336 evplen, len);
337#if OPENSSL_VERSION_NUMBER < 0x00907000L 337#ifdef USE_BUILTIN_RIJNDAEL
338 if (c->evptype == evp_rijndael) 338 if (c->evptype == evp_rijndael)
339 ssh_rijndael_iv(&cc->evp, 0, iv, len); 339 ssh_rijndael_iv(&cc->evp, 0, iv, len);
340 else 340 else
@@ -365,7 +365,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv)
365 evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); 365 evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
366 if (evplen == 0) 366 if (evplen == 0)
367 return; 367 return;
368#if OPENSSL_VERSION_NUMBER < 0x00907000L 368#ifdef USE_BUILTIN_RIJNDAEL
369 if (c->evptype == evp_rijndael) 369 if (c->evptype == evp_rijndael)
370 ssh_rijndael_iv(&cc->evp, 1, iv, evplen); 370 ssh_rijndael_iv(&cc->evp, 1, iv, evplen);
371 else 371 else
diff --git a/clientloop.c b/clientloop.c
index 47f3c7ecd..b76f7cfe0 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -59,7 +59,7 @@
59 */ 59 */
60 60
61#include "includes.h" 61#include "includes.h"
62RCSID("$OpenBSD: clientloop.c,v 1.141 2005/07/16 01:35:24 djm Exp $"); 62RCSID("$OpenBSD: clientloop.c,v 1.149 2005/12/30 15:56:37 reyk Exp $");
63 63
64#include "ssh.h" 64#include "ssh.h"
65#include "ssh1.h" 65#include "ssh1.h"
@@ -77,6 +77,7 @@ RCSID("$OpenBSD: clientloop.c,v 1.141 2005/07/16 01:35:24 djm Exp $");
77#include "log.h" 77#include "log.h"
78#include "readconf.h" 78#include "readconf.h"
79#include "clientloop.h" 79#include "clientloop.h"
80#include "sshconnect.h"
80#include "authfd.h" 81#include "authfd.h"
81#include "atomicio.h" 82#include "atomicio.h"
82#include "sshpty.h" 83#include "sshpty.h"
@@ -113,7 +114,7 @@ extern char *host;
113static volatile sig_atomic_t received_window_change_signal = 0; 114static volatile sig_atomic_t received_window_change_signal = 0;
114static volatile sig_atomic_t received_signal = 0; 115static volatile sig_atomic_t received_signal = 0;
115 116
116/* Flag indicating whether the user\'s terminal is in non-blocking mode. */ 117/* Flag indicating whether the user's terminal is in non-blocking mode. */
117static int in_non_blocking_mode = 0; 118static int in_non_blocking_mode = 0;
118 119
119/* Common data for the client loop code. */ 120/* Common data for the client loop code. */
@@ -266,7 +267,7 @@ client_x11_get_proto(const char *display, const char *xauth_path,
266 } 267 }
267 } 268 }
268 snprintf(cmd, sizeof(cmd), 269 snprintf(cmd, sizeof(cmd),
269 "%s %s%s list %s . 2>" _PATH_DEVNULL, 270 "%s %s%s list %s 2>" _PATH_DEVNULL,
270 xauth_path, 271 xauth_path,
271 generated ? "-f " : "" , 272 generated ? "-f " : "" ,
272 generated ? xauthfile : "", 273 generated ? xauthfile : "",
@@ -914,6 +915,15 @@ process_cmdline(void)
914 logit(" -Lport:host:hostport Request local forward"); 915 logit(" -Lport:host:hostport Request local forward");
915 logit(" -Rport:host:hostport Request remote forward"); 916 logit(" -Rport:host:hostport Request remote forward");
916 logit(" -KRhostport Cancel remote forward"); 917 logit(" -KRhostport Cancel remote forward");
918 if (!options.permit_local_command)
919 goto out;
920 logit(" !args Execute local command");
921 goto out;
922 }
923
924 if (*s == '!' && options.permit_local_command) {
925 s++;
926 ssh_local_cmd(s);
917 goto out; 927 goto out;
918 } 928 }
919 929
@@ -1376,10 +1386,10 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
1376 session_ident = ssh2_chan_id; 1386 session_ident = ssh2_chan_id;
1377 if (escape_char != SSH_ESCAPECHAR_NONE) 1387 if (escape_char != SSH_ESCAPECHAR_NONE)
1378 channel_register_filter(session_ident, 1388 channel_register_filter(session_ident,
1379 simple_escape_filter); 1389 simple_escape_filter, NULL);
1380 if (session_ident != -1) 1390 if (session_ident != -1)
1381 channel_register_cleanup(session_ident, 1391 channel_register_cleanup(session_ident,
1382 client_channel_closed); 1392 client_channel_closed, 0);
1383 } else { 1393 } else {
1384 /* Check if we should immediately send eof on stdin. */ 1394 /* Check if we should immediately send eof on stdin. */
1385 client_check_initial_eof_on_stdin(); 1395 client_check_initial_eof_on_stdin();
@@ -1678,7 +1688,7 @@ client_request_x11(const char *request_type, int rchan)
1678 1688
1679 if (!options.forward_x11) { 1689 if (!options.forward_x11) {
1680 error("Warning: ssh server tried X11 forwarding."); 1690 error("Warning: ssh server tried X11 forwarding.");
1681 error("Warning: this is probably a break in attempt by a malicious server."); 1691 error("Warning: this is probably a break-in attempt by a malicious server.");
1682 return NULL; 1692 return NULL;
1683 } 1693 }
1684 originator = packet_get_string(NULL); 1694 originator = packet_get_string(NULL);
@@ -1711,7 +1721,7 @@ client_request_agent(const char *request_type, int rchan)
1711 1721
1712 if (!options.forward_agent) { 1722 if (!options.forward_agent) {
1713 error("Warning: ssh server tried agent forwarding."); 1723 error("Warning: ssh server tried agent forwarding.");
1714 error("Warning: this is probably a break in attempt by a malicious server."); 1724 error("Warning: this is probably a break-in attempt by a malicious server.");
1715 return NULL; 1725 return NULL;
1716 } 1726 }
1717 sock = ssh_get_authentication_socket(); 1727 sock = ssh_get_authentication_socket();
@@ -1880,7 +1890,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem,
1880 /* Split */ 1890 /* Split */
1881 name = xstrdup(env[i]); 1891 name = xstrdup(env[i]);
1882 if ((val = strchr(name, '=')) == NULL) { 1892 if ((val = strchr(name, '=')) == NULL) {
1883 free(name); 1893 xfree(name);
1884 continue; 1894 continue;
1885 } 1895 }
1886 *val++ = '\0'; 1896 *val++ = '\0';
@@ -1894,7 +1904,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem,
1894 } 1904 }
1895 if (!matched) { 1905 if (!matched) {
1896 debug3("Ignored env %s", name); 1906 debug3("Ignored env %s", name);
1897 free(name); 1907 xfree(name);
1898 continue; 1908 continue;
1899 } 1909 }
1900 1910
@@ -1903,7 +1913,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem,
1903 packet_put_cstring(name); 1913 packet_put_cstring(name);
1904 packet_put_cstring(val); 1914 packet_put_cstring(val);
1905 packet_send(); 1915 packet_send();
1906 free(name); 1916 xfree(name);
1907 } 1917 }
1908 } 1918 }
1909 1919
diff --git a/config.h.in b/config.h.in
index 1b964ee0f..4dd4f0878 100644
--- a/config.h.in
+++ b/config.h.in
@@ -1,191 +1,87 @@
1/* config.h.in. Generated from configure.ac by autoheader. */ 1/* config.h.in. Generated from configure.ac by autoheader. */
2/* $Id: acconfig.h,v 1.183 2005/07/07 10:33:36 dtucker Exp $ */
3
4/*
5 * Copyright (c) 1999-2003 Damien Miller. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28#ifndef _CONFIG_H
29#define _CONFIG_H
30
31/* Generated automatically from acconfig.h by autoheader. */
32/* Please make your changes there */
33 2
3/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address
4 */
5#undef AIX_GETNAMEINFO_HACK
34 6
35/* Define if your platform breaks doing a seteuid before a setuid */ 7/* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) */
36#undef SETEUID_BREAKS_SETUID 8#undef AIX_LOGINFAILED_4ARG
37
38/* Define if your setreuid() is broken */
39#undef BROKEN_SETREUID
40
41/* Define if your setregid() is broken */
42#undef BROKEN_SETREGID
43
44/* Define if your setresuid() is broken */
45#undef BROKEN_SETRESUID
46
47/* Define if your setresgid() is broken */
48#undef BROKEN_SETRESGID
49
50/* Define to a Set Process Title type if your system is */
51/* supported by bsd-setproctitle.c */
52#undef SPT_TYPE
53#undef SPT_PADCHAR
54
55/* SCO workaround */
56#undef BROKEN_SYS_TERMIO_H
57
58/* Define if you have SecureWare-based protected password database */
59#undef HAVE_SECUREWARE
60
61/* If your header files don't define LOGIN_PROGRAM, then use this (detected) */
62/* from environment and PATH */
63#undef LOGIN_PROGRAM_FALLBACK
64
65/* Full path of your "passwd" program */
66#undef _PATH_PASSWD_PROG
67
68/* Define if your password has a pw_class field */
69#undef HAVE_PW_CLASS_IN_PASSWD
70 9
71/* Define if your password has a pw_expire field */ 10/* Define if your resolver libs need this for getrrsetbyname */
72#undef HAVE_PW_EXPIRE_IN_PASSWD 11#undef BIND_8_COMPAT
73 12
74/* Define if your password has a pw_change field */ 13/* Define if cmsg_type is not passed correctly */
75#undef HAVE_PW_CHANGE_IN_PASSWD 14#undef BROKEN_CMSG_TYPE
76 15
77/* Define if your system uses access rights style file descriptor passing */ 16/* getaddrinfo is broken (if present) */
78#undef HAVE_ACCRIGHTS_IN_MSGHDR 17#undef BROKEN_GETADDRINFO
79 18
80/* Define if your system uses ancillary data style file descriptor passing */ 19/* getgroups(0,NULL) will return -1 */
81#undef HAVE_CONTROL_IN_MSGHDR 20#undef BROKEN_GETGROUPS
82 21
83/* Define if you system's inet_ntoa is busted (e.g. Irix gcc issue) */ 22/* Define if you system's inet_ntoa is busted (e.g. Irix gcc issue) */
84#undef BROKEN_INET_NTOA 23#undef BROKEN_INET_NTOA
85 24
86/* Define if your system defines sys_errlist[] */ 25/* ia_uinfo routines not supported by OS yet */
87#undef HAVE_SYS_ERRLIST 26#undef BROKEN_LIBIAF
88
89/* Define if your system defines sys_nerr */
90#undef HAVE_SYS_NERR
91
92/* Define if your system choked on IP TOS setting */
93#undef IP_TOS_IS_BROKEN
94
95/* Define if you have the getuserattr function. */
96#undef HAVE_GETUSERATTR
97
98/* Define if you have the basename function. */
99#undef HAVE_BASENAME
100
101/* Work around problematic Linux PAM modules handling of PAM_TTY */
102#undef PAM_TTY_KLUDGE
103
104/* Define if pam_chauthtok wants real uid set to the unpriv'ed user */
105#undef SSHPAM_CHAUTHTOK_NEEDS_RUID
106
107/* Use PIPES instead of a socketpair() */
108#undef USE_PIPES
109 27
110/* Define if your snprintf is busted */ 28/* Ultrix mmap can't map files */
111#undef BROKEN_SNPRINTF 29#undef BROKEN_MMAP
112 30
113/* Define if you are on Cygwin */ 31/* Define if your struct dirent expects you to allocate extra space for d_name
114#undef HAVE_CYGWIN 32 */
33#undef BROKEN_ONE_BYTE_DIRENT_D_NAME
115 34
116/* Define if you have a broken realpath. */ 35/* Define if you have a broken realpath. */
117#undef BROKEN_REALPATH 36#undef BROKEN_REALPATH
118 37
119/* Define if you are on NeXT */ 38/* Needed for NeXT */
120#undef HAVE_NEXT 39#undef BROKEN_SAVED_UIDS
121
122/* Define if you want to enable PAM support */
123#undef USE_PAM
124
125/* Define if you want to enable AIX4's authenticate function */
126#undef WITH_AIXAUTHENTICATE
127 40
128/* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) */ 41/* Define if your setregid() is broken */
129#undef AIX_LOGINFAILED_4ARG 42#undef BROKEN_SETREGID
130 43
131/* Define if your skeychallenge() function takes 4 arguments (eg NetBSD) */ 44/* Define if your setresgid() is broken */
132#undef SKEYCHALLENGE_4ARG 45#undef BROKEN_SETRESGID
133 46
134/* Define if you have/want arrays (cluster-wide session managment, not C arrays) */ 47/* Define if your setresuid() is broken */
135#undef WITH_IRIX_ARRAY 48#undef BROKEN_SETRESUID
136 49
137/* Define if you want IRIX project management */ 50/* Define if your setreuid() is broken */
138#undef WITH_IRIX_PROJECT 51#undef BROKEN_SETREUID
139 52
140/* Define if you want IRIX audit trails */ 53/* LynxOS has broken setvbuf() implementation */
141#undef WITH_IRIX_AUDIT 54#undef BROKEN_SETVBUF
142 55
143/* Define if you want IRIX kernel jobs */ 56/* Define if your snprintf is busted */
144#undef WITH_IRIX_JOBS 57#undef BROKEN_SNPRINTF
145 58
146/* Location of PRNGD/EGD random number socket */ 59/* updwtmpx is broken (if present) */
147#undef PRNGD_SOCKET 60#undef BROKEN_UPDWTMPX
148 61
149/* Port number of PRNGD/EGD random number socket */ 62/* Define if you have BSD auth support */
150#undef PRNGD_PORT 63#undef BSD_AUTH
151 64
152/* Builtin PRNG command timeout */ 65/* Define if you want to specify the path to your lastlog file */
153#undef ENTROPY_TIMEOUT_MSEC 66#undef CONF_LASTLOG_FILE
154 67
155/* non-privileged user for privilege separation */ 68/* Define if you want to specify the path to your utmpx file */
156#undef SSH_PRIVSEP_USER 69#undef CONF_UTMPX_FILE
157 70
158/* Define if you want to install preformatted manpages.*/ 71/* Define if you want to specify the path to your utmp file */
159#undef MANTYPE 72#undef CONF_UTMP_FILE
160 73
161/* Define if your ssl headers are included with #include <openssl/header.h> */ 74/* Define if you want to specify the path to your wtmpx file */
162#undef HAVE_OPENSSL 75#undef CONF_WTMPX_FILE
163 76
164/* Define if you are linking against RSAref. Used only to print the right 77/* Define if you want to specify the path to your wtmp file */
165 * message at run-time. */ 78#undef CONF_WTMP_FILE
166#undef RSAREF
167 79
168/* struct timeval */ 80/* Define if your platform needs to skip post auth file descriptor passing */
169#undef HAVE_STRUCT_TIMEVAL 81#undef DISABLE_FD_PASSING
170 82
171/* struct utmp and struct utmpx fields */ 83/* Define if you don't want to use lastlog */
172#undef HAVE_HOST_IN_UTMP 84#undef DISABLE_LASTLOG
173#undef HAVE_HOST_IN_UTMPX
174#undef HAVE_ADDR_IN_UTMP
175#undef HAVE_ADDR_IN_UTMPX
176#undef HAVE_ADDR_V6_IN_UTMP
177#undef HAVE_ADDR_V6_IN_UTMPX
178#undef HAVE_SYSLEN_IN_UTMPX
179#undef HAVE_PID_IN_UTMP
180#undef HAVE_TYPE_IN_UTMP
181#undef HAVE_TYPE_IN_UTMPX
182#undef HAVE_TV_IN_UTMP
183#undef HAVE_TV_IN_UTMPX
184#undef HAVE_ID_IN_UTMP
185#undef HAVE_ID_IN_UTMPX
186#undef HAVE_EXIT_IN_UTMP
187#undef HAVE_TIME_IN_UTMP
188#undef HAVE_TIME_IN_UTMPX
189 85
190/* Define if you don't want to use your system's login() call */ 86/* Define if you don't want to use your system's login() call */
191#undef DISABLE_LOGIN 87#undef DISABLE_LOGIN
@@ -196,11 +92,8 @@
196/* Define if you don't want to use pututxline() etc. to write [uw]tmpx */ 92/* Define if you don't want to use pututxline() etc. to write [uw]tmpx */
197#undef DISABLE_PUTUTXLINE 93#undef DISABLE_PUTUTXLINE
198 94
199/* Define if you don't want to use lastlog */ 95/* Define if you want to disable shadow passwords */
200#undef DISABLE_LASTLOG 96#undef DISABLE_SHADOW
201
202/* Define if you don't want to use lastlog in session.c */
203#undef NO_SSH_LASTLOG
204 97
205/* Define if you don't want to use utmp */ 98/* Define if you don't want to use utmp */
206#undef DISABLE_UTMP 99#undef DISABLE_UTMP
@@ -214,159 +107,17 @@
214/* Define if you don't want to use wtmpx */ 107/* Define if you don't want to use wtmpx */
215#undef DISABLE_WTMPX 108#undef DISABLE_WTMPX
216 109
217/* Some systems need a utmpx entry for /bin/login to work */
218#undef LOGIN_NEEDS_UTMPX
219
220/* Some versions of /bin/login need the TERM supplied on the commandline */
221#undef LOGIN_NEEDS_TERM
222
223/* Define if your login program cannot handle end of options ("--") */
224#undef LOGIN_NO_ENDOPT
225
226/* Define if you want to specify the path to your lastlog file */
227#undef CONF_LASTLOG_FILE
228
229/* Define if you want to specify the path to your utmp file */
230#undef CONF_UTMP_FILE
231
232/* Define if you want to specify the path to your wtmp file */
233#undef CONF_WTMP_FILE
234
235/* Define if you want to specify the path to your utmpx file */
236#undef CONF_UTMPX_FILE
237
238/* Define if you want to specify the path to your wtmpx file */
239#undef CONF_WTMPX_FILE
240
241/* Define if you want external askpass support */
242#undef USE_EXTERNAL_ASKPASS
243
244/* Define if libc defines __progname */
245#undef HAVE___PROGNAME
246
247/* Define if compiler implements __FUNCTION__ */
248#undef HAVE___FUNCTION__
249
250/* Define if compiler implements __func__ */
251#undef HAVE___func__
252
253/* Define this is you want GSSAPI support in the version 2 protocol */
254#undef GSSAPI
255
256/* Define if you want Kerberos 5 support */
257#undef KRB5
258
259/* Define this if you are using the Heimdal version of Kerberos V5 */
260#undef HEIMDAL
261
262/* Define this if you want to use libkafs' AFS support */
263#undef USE_AFS
264
265/* Define if you want S/Key support */
266#undef SKEY
267
268/* Define if you want TCP Wrappers support */
269#undef LIBWRAP
270
271/* Define if your libraries define login() */
272#undef HAVE_LOGIN
273
274/* Define if your libraries define daemon() */
275#undef HAVE_DAEMON
276
277/* Define if your libraries define getpagesize() */
278#undef HAVE_GETPAGESIZE
279
280/* Define if xauth is found in your path */
281#undef XAUTH_PATH
282
283/* Define if you want to allow MD5 passwords */
284#undef HAVE_MD5_PASSWORDS
285
286/* Define if you want to disable shadow passwords */
287#undef DISABLE_SHADOW
288
289/* Define if you want to use shadow password expire field */
290#undef HAS_SHADOW_EXPIRE
291
292/* Define if you have Digital Unix Security Integration Architecture */
293#undef HAVE_OSF_SIA
294
295/* Define if you have getpwanam(3) [SunOS 4.x] */
296#undef HAVE_GETPWANAM
297
298/* Define if you have an old version of PAM which takes only one argument */
299/* to pam_strerror */
300#undef HAVE_OLD_PAM
301
302/* Define if you are using Solaris-derived PAM which passes pam_messages */
303/* to the conversation function with an extra level of indirection */
304#undef PAM_SUN_CODEBASE
305
306/* Set this to your mail directory if you don't have maillock.h */
307#undef MAIL_DIRECTORY
308
309/* Data types */
310#undef HAVE_U_INT
311#undef HAVE_INTXX_T
312#undef HAVE_U_INTXX_T
313#undef HAVE_UINTXX_T
314#undef HAVE_INT64_T
315#undef HAVE_U_INT64_T
316#undef HAVE_U_CHAR
317#undef HAVE_SIZE_T
318#undef HAVE_SSIZE_T
319#undef HAVE_CLOCK_T
320#undef HAVE_MODE_T
321#undef HAVE_PID_T
322#undef HAVE_SA_FAMILY_T
323#undef HAVE_STRUCT_SOCKADDR_STORAGE
324#undef HAVE_STRUCT_ADDRINFO
325#undef HAVE_STRUCT_IN6_ADDR
326#undef HAVE_STRUCT_SOCKADDR_IN6
327
328/* Fields in struct sockaddr_storage */
329#undef HAVE_SS_FAMILY_IN_SS
330#undef HAVE___SS_FAMILY_IN_SS
331
332/* Define if you have /dev/ptmx */
333#undef HAVE_DEV_PTMX
334
335/* Define if you have /dev/ptc */
336#undef HAVE_DEV_PTS_AND_PTC
337
338/* Define if you need to use IP address instead of hostname in $DISPLAY */
339#undef IPADDR_IN_DISPLAY
340
341/* Specify default $PATH */
342#undef USER_PATH
343
344/* Specify location of ssh.pid */
345#undef _PATH_SSH_PIDDIR
346
347/* getaddrinfo is broken (if present) */
348#undef BROKEN_GETADDRINFO
349
350/* updwtmpx is broken (if present) */
351#undef BROKEN_UPDWTMPX
352
353/* Workaround more Linux IPv6 quirks */ 110/* Workaround more Linux IPv6 quirks */
354#undef DONT_TRY_OTHER_AF 111#undef DONT_TRY_OTHER_AF
355 112
356/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */ 113/* Builtin PRNG command timeout */
357#undef IPV4_IN_IPV6 114#undef ENTROPY_TIMEOUT_MSEC
358
359/* Define if you have BSD auth support */
360#undef BSD_AUTH
361
362/* Define if X11 doesn't support AF_UNIX sockets on that system */
363#undef NO_X11_UNIX_SOCKETS
364 115
365/* Define if the concept of ports only accessible to superusers isn't known */ 116/* Define to 1 if the `getpgrp' function requires zero arguments. */
366#undef NO_IPPORT_RESERVED_CONCEPT 117#undef GETPGRP_VOID
367 118
368/* Needed for SCO and NeXT */ 119/* Conflicting defs for getspnam */
369#undef BROKEN_SAVED_UIDS 120#undef GETSPNAM_CONFLICTING_DEFS
370 121
371/* Define if your system glob() function has the GLOB_ALTDIRFUNC extension */ 122/* Define if your system glob() function has the GLOB_ALTDIRFUNC extension */
372#undef GLOB_HAS_ALTDIRFUNC 123#undef GLOB_HAS_ALTDIRFUNC
@@ -374,109 +125,36 @@
374/* Define if your system glob() function has gl_matchc options in glob_t */ 125/* Define if your system glob() function has gl_matchc options in glob_t */
375#undef GLOB_HAS_GL_MATCHC 126#undef GLOB_HAS_GL_MATCHC
376 127
377/* Define in your struct dirent expects you to allocate extra space for d_name */ 128/* Define this if you want GSSAPI support in the version 2 protocol */
378#undef BROKEN_ONE_BYTE_DIRENT_D_NAME 129#undef GSSAPI
379
380/* Define if your system has /etc/default/login */
381#undef HAVE_ETC_DEFAULT_LOGIN
382
383/* Define if your getopt(3) defines and uses optreset */
384#undef HAVE_GETOPT_OPTRESET
385
386/* Define on *nto-qnx systems */
387#undef MISSING_NFDBITS
388
389/* Define on *nto-qnx systems */
390#undef MISSING_HOWMANY
391
392/* Define on *nto-qnx systems */
393#undef MISSING_FD_MASK
394
395/* Define if you want smartcard support */
396#undef SMARTCARD
397
398/* Define if you want smartcard support using sectok */
399#undef USE_SECTOK
400
401/* Define if you want smartcard support using OpenSC */
402#undef USE_OPENSC
403
404/* Define if you want to use OpenSSL's internally seeded PRNG only */
405#undef OPENSSL_PRNG_ONLY
406
407/* Define if you shouldn't strip 'tty' from your ttyname in [uw]tmp */
408#undef WITH_ABBREV_NO_TTY
409
410/* Define if you want a different $PATH for the superuser */
411#undef SUPERUSER_PATH
412
413/* Path that unprivileged child will chroot() to in privep mode */
414#undef PRIVSEP_PATH
415
416/* Define if your platform needs to skip post auth file descriptor passing */
417#undef DISABLE_FD_PASSING
418
419/* Silly mkstemp() */
420#undef HAVE_STRICT_MKSTEMP
421
422/* Some systems put this outside of libc */
423#undef HAVE_NANOSLEEP
424
425/* Define if sshd somehow reacquires a controlling TTY after setsid() */
426#undef SSHD_ACQUIRES_CTTY
427
428/* Define if cmsg_type is not passed correctly */
429#undef BROKEN_CMSG_TYPE
430
431/*
432 * Define to whatever link() returns for "not supported" if it doesn't
433 * return EOPNOTSUPP.
434 */
435#undef LINK_OPNOTSUPP_ERRNO
436
437/* Strings used in /etc/passwd to denote locked account */
438#undef LOCKED_PASSWD_STRING
439#undef LOCKED_PASSWD_PREFIX
440#undef LOCKED_PASSWD_SUBSTR
441
442/* Define if getrrsetbyname() exists */
443#undef HAVE_GETRRSETBYNAME
444
445/* Define if HEADER.ad exists in arpa/nameser.h */
446#undef HAVE_HEADER_AD
447
448/* Define if your resolver libs need this for getrrsetbyname */
449#undef BIND_8_COMPAT
450
451/* Define if you have /proc/$pid/fd */
452#undef HAVE_PROC_PID
453
454
455/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address
456 */
457#undef AIX_GETNAMEINFO_HACK
458 130
459/* getgroups(0,NULL) will return -1 */ 131/* Define if you want to use shadow password expire field */
460#undef BROKEN_GETGROUPS 132#undef HAS_SHADOW_EXPIRE
461 133
462/* ia_uinfo routines not supported by OS yet */ 134/* Define if your system uses access rights style file descriptor passing */
463#undef BROKEN_LIBIAF 135#undef HAVE_ACCRIGHTS_IN_MSGHDR
464 136
465/* Ultrix mmap can't map files */ 137/* Define if you have ut_addr in utmp.h */
466#undef BROKEN_MMAP 138#undef HAVE_ADDR_IN_UTMP
467 139
468/* LynxOS has broken setvbuf() implementation */ 140/* Define if you have ut_addr in utmpx.h */
469#undef BROKEN_SETVBUF 141#undef HAVE_ADDR_IN_UTMPX
470 142
471/* Define to 1 if the `getpgrp' function requires zero arguments. */ 143/* Define if you have ut_addr_v6 in utmp.h */
472#undef GETPGRP_VOID 144#undef HAVE_ADDR_V6_IN_UTMP
473 145
474/* Conflicting defs for getspnam */ 146/* Define if you have ut_addr_v6 in utmpx.h */
475#undef GETSPNAM_CONFLICTING_DEFS 147#undef HAVE_ADDR_V6_IN_UTMPX
476 148
477/* Define to 1 if you have the `arc4random' function. */ 149/* Define to 1 if you have the `arc4random' function. */
478#undef HAVE_ARC4RANDOM 150#undef HAVE_ARC4RANDOM
479 151
152/* Define to 1 if you have the `asprintf' function. */
153#undef HAVE_ASPRINTF
154
155/* OpenBSD's gcc has bounded */
156#undef HAVE_ATTRIBUTE__BOUNDED__
157
480/* OpenBSD's gcc has sentinel */ 158/* OpenBSD's gcc has sentinel */
481#undef HAVE_ATTRIBUTE__SENTINEL__ 159#undef HAVE_ATTRIBUTE__SENTINEL__
482 160
@@ -486,6 +164,9 @@
486/* Define to 1 if you have the `b64_pton' function. */ 164/* Define to 1 if you have the `b64_pton' function. */
487#undef HAVE_B64_PTON 165#undef HAVE_B64_PTON
488 166
167/* Define if you have the basename function. */
168#undef HAVE_BASENAME
169
489/* Define to 1 if you have the `bcopy' function. */ 170/* Define to 1 if you have the `bcopy' function. */
490#undef HAVE_BCOPY 171#undef HAVE_BCOPY
491 172
@@ -501,15 +182,27 @@
501/* Define to 1 if you have the `clock' function. */ 182/* Define to 1 if you have the `clock' function. */
502#undef HAVE_CLOCK 183#undef HAVE_CLOCK
503 184
185/* define if you have clock_t data type */
186#undef HAVE_CLOCK_T
187
504/* Define to 1 if you have the `closefrom' function. */ 188/* Define to 1 if you have the `closefrom' function. */
505#undef HAVE_CLOSEFROM 189#undef HAVE_CLOSEFROM
506 190
507/* Define if gai_strerror() returns const char * */ 191/* Define if gai_strerror() returns const char * */
508#undef HAVE_CONST_GAI_STRERROR_PROTO 192#undef HAVE_CONST_GAI_STRERROR_PROTO
509 193
194/* Define if your system uses ancillary data style file descriptor passing */
195#undef HAVE_CONTROL_IN_MSGHDR
196
510/* Define to 1 if you have the <crypt.h> header file. */ 197/* Define to 1 if you have the <crypt.h> header file. */
511#undef HAVE_CRYPT_H 198#undef HAVE_CRYPT_H
512 199
200/* Define if you are on Cygwin */
201#undef HAVE_CYGWIN
202
203/* Define if your libraries define daemon() */
204#undef HAVE_DAEMON
205
513/* Define to 1 if you have the declaration of `authenticate', and to 0 if you 206/* Define to 1 if you have the declaration of `authenticate', and to 0 if you
514 don't. */ 207 don't. */
515#undef HAVE_DECL_AUTHENTICATE 208#undef HAVE_DECL_AUTHENTICATE
@@ -546,6 +239,12 @@
546 don't. */ 239 don't. */
547#undef HAVE_DECL__GETSHORT 240#undef HAVE_DECL__GETSHORT
548 241
242/* Define if you have /dev/ptmx */
243#undef HAVE_DEV_PTMX
244
245/* Define if you have /dev/ptc */
246#undef HAVE_DEV_PTS_AND_PTC
247
549/* Define to 1 if you have the <dirent.h> header file. */ 248/* Define to 1 if you have the <dirent.h> header file. */
550#undef HAVE_DIRENT_H 249#undef HAVE_DIRENT_H
551 250
@@ -564,6 +263,12 @@
564/* Define to 1 if you have the `endutxent' function. */ 263/* Define to 1 if you have the `endutxent' function. */
565#undef HAVE_ENDUTXENT 264#undef HAVE_ENDUTXENT
566 265
266/* Define if your system has /etc/default/login */
267#undef HAVE_ETC_DEFAULT_LOGIN
268
269/* Define if you have ut_exit in utmp.h */
270#undef HAVE_EXIT_IN_UTMP
271
567/* Define to 1 if you have the `fchmod' function. */ 272/* Define to 1 if you have the `fchmod' function. */
568#undef HAVE_FCHMOD 273#undef HAVE_FCHMOD
569 274
@@ -612,6 +317,12 @@
612/* Define to 1 if you have the <getopt.h> header file. */ 317/* Define to 1 if you have the <getopt.h> header file. */
613#undef HAVE_GETOPT_H 318#undef HAVE_GETOPT_H
614 319
320/* Define if your getopt(3) defines and uses optreset */
321#undef HAVE_GETOPT_OPTRESET
322
323/* Define if your libraries define getpagesize() */
324#undef HAVE_GETPAGESIZE
325
615/* Define to 1 if you have the `getpeereid' function. */ 326/* Define to 1 if you have the `getpeereid' function. */
616#undef HAVE_GETPEEREID 327#undef HAVE_GETPEEREID
617 328
@@ -621,6 +332,9 @@
621/* Define to 1 if you have the `getrlimit' function. */ 332/* Define to 1 if you have the `getrlimit' function. */
622#undef HAVE_GETRLIMIT 333#undef HAVE_GETRLIMIT
623 334
335/* Define if getrrsetbyname() exists */
336#undef HAVE_GETRRSETBYNAME
337
624/* Define to 1 if you have the `getrusage' function. */ 338/* Define to 1 if you have the `getrusage' function. */
625#undef HAVE_GETRUSAGE 339#undef HAVE_GETRUSAGE
626 340
@@ -672,12 +386,27 @@
672/* Define to 1 if you have the <gssapi_krb5.h> header file. */ 386/* Define to 1 if you have the <gssapi_krb5.h> header file. */
673#undef HAVE_GSSAPI_KRB5_H 387#undef HAVE_GSSAPI_KRB5_H
674 388
389/* Define if HEADER.ad exists in arpa/nameser.h */
390#undef HAVE_HEADER_AD
391
392/* Define if you have ut_host in utmp.h */
393#undef HAVE_HOST_IN_UTMP
394
395/* Define if you have ut_host in utmpx.h */
396#undef HAVE_HOST_IN_UTMPX
397
675/* Define to 1 if you have the <iaf.h> header file. */ 398/* Define to 1 if you have the <iaf.h> header file. */
676#undef HAVE_IAF_H 399#undef HAVE_IAF_H
677 400
678/* Define to 1 if you have the <ia.h> header file. */ 401/* Define to 1 if you have the <ia.h> header file. */
679#undef HAVE_IA_H 402#undef HAVE_IA_H
680 403
404/* Define if you have ut_id in utmp.h */
405#undef HAVE_ID_IN_UTMP
406
407/* Define if you have ut_id in utmpx.h */
408#undef HAVE_ID_IN_UTMPX
409
681/* Define to 1 if you have the `inet_aton' function. */ 410/* Define to 1 if you have the `inet_aton' function. */
682#undef HAVE_INET_ATON 411#undef HAVE_INET_ATON
683 412
@@ -690,9 +419,15 @@
690/* Define to 1 if you have the `innetgr' function. */ 419/* Define to 1 if you have the `innetgr' function. */
691#undef HAVE_INNETGR 420#undef HAVE_INNETGR
692 421
422/* define if you have int64_t data type */
423#undef HAVE_INT64_T
424
693/* Define to 1 if you have the <inttypes.h> header file. */ 425/* Define to 1 if you have the <inttypes.h> header file. */
694#undef HAVE_INTTYPES_H 426#undef HAVE_INTTYPES_H
695 427
428/* define if you have intxx_t data type */
429#undef HAVE_INTXX_T
430
696/* Define to 1 if the system has the type `in_addr_t'. */ 431/* Define to 1 if the system has the type `in_addr_t'. */
697#undef HAVE_IN_ADDR_T 432#undef HAVE_IN_ADDR_T
698 433
@@ -738,6 +473,12 @@
738/* Define to 1 if you have the <limits.h> header file. */ 473/* Define to 1 if you have the <limits.h> header file. */
739#undef HAVE_LIMITS_H 474#undef HAVE_LIMITS_H
740 475
476/* Define to 1 if you have the <linux/if_tun.h> header file. */
477#undef HAVE_LINUX_IF_TUN_H
478
479/* Define if your libraries define login() */
480#undef HAVE_LOGIN
481
741/* Define to 1 if you have the <login_cap.h> header file. */ 482/* Define to 1 if you have the <login_cap.h> header file. */
742#undef HAVE_LOGIN_CAP_H 483#undef HAVE_LOGIN_CAP_H
743 484
@@ -753,12 +494,21 @@
753/* Define to 1 if you have the `logwtmp' function. */ 494/* Define to 1 if you have the `logwtmp' function. */
754#undef HAVE_LOGWTMP 495#undef HAVE_LOGWTMP
755 496
497/* Define to 1 if the system has the type `long double'. */
498#undef HAVE_LONG_DOUBLE
499
500/* Define to 1 if the system has the type `long long'. */
501#undef HAVE_LONG_LONG
502
756/* Define to 1 if you have the <maillock.h> header file. */ 503/* Define to 1 if you have the <maillock.h> header file. */
757#undef HAVE_MAILLOCK_H 504#undef HAVE_MAILLOCK_H
758 505
759/* Define to 1 if you have the `md5_crypt' function. */ 506/* Define to 1 if you have the `md5_crypt' function. */
760#undef HAVE_MD5_CRYPT 507#undef HAVE_MD5_CRYPT
761 508
509/* Define if you want to allow MD5 passwords */
510#undef HAVE_MD5_PASSWORDS
511
762/* Define to 1 if you have the `memmove' function. */ 512/* Define to 1 if you have the `memmove' function. */
763#undef HAVE_MEMMOVE 513#undef HAVE_MEMMOVE
764 514
@@ -771,6 +521,12 @@
771/* Define to 1 if you have the `mmap' function. */ 521/* Define to 1 if you have the `mmap' function. */
772#undef HAVE_MMAP 522#undef HAVE_MMAP
773 523
524/* define if you have mode_t data type */
525#undef HAVE_MODE_T
526
527/* Some systems put nanosleep outside of libc */
528#undef HAVE_NANOSLEEP
529
774/* Define to 1 if you have the <ndir.h> header file. */ 530/* Define to 1 if you have the <ndir.h> header file. */
775#undef HAVE_NDIR_H 531#undef HAVE_NDIR_H
776 532
@@ -780,8 +536,8 @@
780/* Define to 1 if you have the <netgroup.h> header file. */ 536/* Define to 1 if you have the <netgroup.h> header file. */
781#undef HAVE_NETGROUP_H 537#undef HAVE_NETGROUP_H
782 538
783/* Define to 1 if you have the <netinet/in_systm.h> header file. */ 539/* Define if you are on NeXT */
784#undef HAVE_NETINET_IN_SYSTM_H 540#undef HAVE_NEXT
785 541
786/* Define to 1 if you have the `ngetaddrinfo' function. */ 542/* Define to 1 if you have the `ngetaddrinfo' function. */
787#undef HAVE_NGETADDRINFO 543#undef HAVE_NGETADDRINFO
@@ -792,12 +548,22 @@
792/* Define to 1 if you have the `ogetaddrinfo' function. */ 548/* Define to 1 if you have the `ogetaddrinfo' function. */
793#undef HAVE_OGETADDRINFO 549#undef HAVE_OGETADDRINFO
794 550
551/* Define if you have an old version of PAM which takes only one argument to
552 pam_strerror */
553#undef HAVE_OLD_PAM
554
795/* Define to 1 if you have the `openlog_r' function. */ 555/* Define to 1 if you have the `openlog_r' function. */
796#undef HAVE_OPENLOG_R 556#undef HAVE_OPENLOG_R
797 557
798/* Define to 1 if you have the `openpty' function. */ 558/* Define to 1 if you have the `openpty' function. */
799#undef HAVE_OPENPTY 559#undef HAVE_OPENPTY
800 560
561/* Define if your ssl headers are included with #include <openssl/header.h> */
562#undef HAVE_OPENSSL
563
564/* Define if you have Digital Unix Security Integration Architecture */
565#undef HAVE_OSF_SIA
566
801/* Define to 1 if you have the `pam_getenvlist' function. */ 567/* Define to 1 if you have the `pam_getenvlist' function. */
802#undef HAVE_PAM_GETENVLIST 568#undef HAVE_PAM_GETENVLIST
803 569
@@ -810,9 +576,18 @@
810/* Define to 1 if you have the <paths.h> header file. */ 576/* Define to 1 if you have the <paths.h> header file. */
811#undef HAVE_PATHS_H 577#undef HAVE_PATHS_H
812 578
579/* Define if you have ut_pid in utmp.h */
580#undef HAVE_PID_IN_UTMP
581
582/* define if you have pid_t data type */
583#undef HAVE_PID_T
584
813/* Define to 1 if you have the `prctl' function. */ 585/* Define to 1 if you have the `prctl' function. */
814#undef HAVE_PRCTL 586#undef HAVE_PRCTL
815 587
588/* Define if you have /proc/$pid/fd */
589#undef HAVE_PROC_PID
590
816/* Define to 1 if you have the `pstat' function. */ 591/* Define to 1 if you have the `pstat' function. */
817#undef HAVE_PSTAT 592#undef HAVE_PSTAT
818 593
@@ -825,6 +600,15 @@
825/* Define to 1 if you have the `pututxline' function. */ 600/* Define to 1 if you have the `pututxline' function. */
826#undef HAVE_PUTUTXLINE 601#undef HAVE_PUTUTXLINE
827 602
603/* Define if your password has a pw_change field */
604#undef HAVE_PW_CHANGE_IN_PASSWD
605
606/* Define if your password has a pw_class field */
607#undef HAVE_PW_CLASS_IN_PASSWD
608
609/* Define if your password has a pw_expire field */
610#undef HAVE_PW_EXPIRE_IN_PASSWD
611
828/* Define to 1 if you have the `readpassphrase' function. */ 612/* Define to 1 if you have the `readpassphrase' function. */
829#undef HAVE_READPASSPHRASE 613#undef HAVE_READPASSPHRASE
830 614
@@ -843,9 +627,15 @@
843/* Define to 1 if you have the `rresvport_af' function. */ 627/* Define to 1 if you have the `rresvport_af' function. */
844#undef HAVE_RRESVPORT_AF 628#undef HAVE_RRESVPORT_AF
845 629
630/* define if you have sa_family_t data type */
631#undef HAVE_SA_FAMILY_T
632
846/* Define to 1 if you have the <sectok.h> header file. */ 633/* Define to 1 if you have the <sectok.h> header file. */
847#undef HAVE_SECTOK_H 634#undef HAVE_SECTOK_H
848 635
636/* Define if you have SecureWare-based protected password database */
637#undef HAVE_SECUREWARE
638
849/* Define to 1 if you have the <security/pam_appl.h> header file. */ 639/* Define to 1 if you have the <security/pam_appl.h> header file. */
850#undef HAVE_SECURITY_PAM_APPL_H 640#undef HAVE_SECURITY_PAM_APPL_H
851 641
@@ -921,6 +711,9 @@
921/* Define to 1 if the system has the type `sig_atomic_t'. */ 711/* Define to 1 if the system has the type `sig_atomic_t'. */
922#undef HAVE_SIG_ATOMIC_T 712#undef HAVE_SIG_ATOMIC_T
923 713
714/* define if you have size_t data type */
715#undef HAVE_SIZE_T
716
924/* Define to 1 if you have the `snprintf' function. */ 717/* Define to 1 if you have the `snprintf' function. */
925#undef HAVE_SNPRINTF 718#undef HAVE_SNPRINTF
926 719
@@ -930,6 +723,12 @@
930/* Have PEERCRED socket option */ 723/* Have PEERCRED socket option */
931#undef HAVE_SO_PEERCRED 724#undef HAVE_SO_PEERCRED
932 725
726/* define if you have ssize_t data type */
727#undef HAVE_SSIZE_T
728
729/* Fields in struct sockaddr_storage */
730#undef HAVE_SS_FAMILY_IN_SS
731
933/* Define to 1 if you have the <stddef.h> header file. */ 732/* Define to 1 if you have the <stddef.h> header file. */
934#undef HAVE_STDDEF_H 733#undef HAVE_STDDEF_H
935 734
@@ -948,6 +747,9 @@
948/* Define to 1 if you have the `strftime' function. */ 747/* Define to 1 if you have the `strftime' function. */
949#undef HAVE_STRFTIME 748#undef HAVE_STRFTIME
950 749
750/* Silly mkstemp() */
751#undef HAVE_STRICT_MKSTEMP
752
951/* Define to 1 if you have the <strings.h> header file. */ 753/* Define to 1 if you have the <strings.h> header file. */
952#undef HAVE_STRINGS_H 754#undef HAVE_STRINGS_H
953 755
@@ -978,15 +780,33 @@
978/* Define to 1 if you have the `strtoul' function. */ 780/* Define to 1 if you have the `strtoul' function. */
979#undef HAVE_STRTOUL 781#undef HAVE_STRTOUL
980 782
783/* define if you have struct addrinfo data type */
784#undef HAVE_STRUCT_ADDRINFO
785
786/* define if you have struct in6_addr data type */
787#undef HAVE_STRUCT_IN6_ADDR
788
789/* define if you have struct sockaddr_in6 data type */
790#undef HAVE_STRUCT_SOCKADDR_IN6
791
792/* define if you have struct sockaddr_storage data type */
793#undef HAVE_STRUCT_SOCKADDR_STORAGE
794
981/* Define to 1 if `st_blksize' is member of `struct stat'. */ 795/* Define to 1 if `st_blksize' is member of `struct stat'. */
982#undef HAVE_STRUCT_STAT_ST_BLKSIZE 796#undef HAVE_STRUCT_STAT_ST_BLKSIZE
983 797
984/* Define to 1 if the system has the type `struct timespec'. */ 798/* Define to 1 if the system has the type `struct timespec'. */
985#undef HAVE_STRUCT_TIMESPEC 799#undef HAVE_STRUCT_TIMESPEC
986 800
801/* define if you have struct timeval */
802#undef HAVE_STRUCT_TIMEVAL
803
987/* Define to 1 if you have the `sysconf' function. */ 804/* Define to 1 if you have the `sysconf' function. */
988#undef HAVE_SYSCONF 805#undef HAVE_SYSCONF
989 806
807/* Define if you have syslen in utmpx.h */
808#undef HAVE_SYSLEN_IN_UTMPX
809
990/* Define to 1 if you have the <sys/audit.h> header file. */ 810/* Define to 1 if you have the <sys/audit.h> header file. */
991#undef HAVE_SYS_AUDIT_H 811#undef HAVE_SYS_AUDIT_H
992 812
@@ -1002,12 +822,18 @@
1002/* Define to 1 if you have the <sys/dir.h> header file. */ 822/* Define to 1 if you have the <sys/dir.h> header file. */
1003#undef HAVE_SYS_DIR_H 823#undef HAVE_SYS_DIR_H
1004 824
825/* Define if your system defines sys_errlist[] */
826#undef HAVE_SYS_ERRLIST
827
1005/* Define to 1 if you have the <sys/mman.h> header file. */ 828/* Define to 1 if you have the <sys/mman.h> header file. */
1006#undef HAVE_SYS_MMAN_H 829#undef HAVE_SYS_MMAN_H
1007 830
1008/* Define to 1 if you have the <sys/ndir.h> header file. */ 831/* Define to 1 if you have the <sys/ndir.h> header file. */
1009#undef HAVE_SYS_NDIR_H 832#undef HAVE_SYS_NDIR_H
1010 833
834/* Define if your system defines sys_nerr */
835#undef HAVE_SYS_NERR
836
1011/* Define to 1 if you have the <sys/prctl.h> header file. */ 837/* Define to 1 if you have the <sys/prctl.h> header file. */
1012#undef HAVE_SYS_PRCTL_H 838#undef HAVE_SYS_PRCTL_H
1013 839
@@ -1062,6 +888,12 @@
1062/* Define to 1 if you have the <time.h> header file. */ 888/* Define to 1 if you have the <time.h> header file. */
1063#undef HAVE_TIME_H 889#undef HAVE_TIME_H
1064 890
891/* Define if you have ut_time in utmp.h */
892#undef HAVE_TIME_IN_UTMP
893
894/* Define if you have ut_time in utmpx.h */
895#undef HAVE_TIME_IN_UTMPX
896
1065/* Define to 1 if you have the <tmpdir.h> header file. */ 897/* Define to 1 if you have the <tmpdir.h> header file. */
1066#undef HAVE_TMPDIR_H 898#undef HAVE_TMPDIR_H
1067 899
@@ -1071,12 +903,30 @@
1071/* Define to 1 if you have the <ttyent.h> header file. */ 903/* Define to 1 if you have the <ttyent.h> header file. */
1072#undef HAVE_TTYENT_H 904#undef HAVE_TTYENT_H
1073 905
906/* Define if you have ut_tv in utmp.h */
907#undef HAVE_TV_IN_UTMP
908
909/* Define if you have ut_tv in utmpx.h */
910#undef HAVE_TV_IN_UTMPX
911
912/* Define if you have ut_type in utmp.h */
913#undef HAVE_TYPE_IN_UTMP
914
915/* Define if you have ut_type in utmpx.h */
916#undef HAVE_TYPE_IN_UTMPX
917
918/* define if you have uintxx_t data type */
919#undef HAVE_UINTXX_T
920
1074/* Define to 1 if you have the <unistd.h> header file. */ 921/* Define to 1 if you have the <unistd.h> header file. */
1075#undef HAVE_UNISTD_H 922#undef HAVE_UNISTD_H
1076 923
1077/* Define to 1 if you have the `unsetenv' function. */ 924/* Define to 1 if you have the `unsetenv' function. */
1078#undef HAVE_UNSETENV 925#undef HAVE_UNSETENV
1079 926
927/* Define to 1 if the system has the type `unsigned long long'. */
928#undef HAVE_UNSIGNED_LONG_LONG
929
1080/* Define to 1 if you have the `updwtmp' function. */ 930/* Define to 1 if you have the `updwtmp' function. */
1081#undef HAVE_UPDWTMP 931#undef HAVE_UPDWTMP
1082 932
@@ -1107,6 +957,24 @@
1107/* Define to 1 if you have the <utmp.h> header file. */ 957/* Define to 1 if you have the <utmp.h> header file. */
1108#undef HAVE_UTMP_H 958#undef HAVE_UTMP_H
1109 959
960/* define if you have u_char data type */
961#undef HAVE_U_CHAR
962
963/* define if you have u_int data type */
964#undef HAVE_U_INT
965
966/* define if you have u_int64_t data type */
967#undef HAVE_U_INT64_T
968
969/* define if you have u_intxx_t data type */
970#undef HAVE_U_INTXX_T
971
972/* Define to 1 if you have the `vasprintf' function. */
973#undef HAVE_VASPRINTF
974
975/* Define if va_copy exists */
976#undef HAVE_VA_COPY
977
1110/* Define to 1 if you have the `vhangup' function. */ 978/* Define to 1 if you have the `vhangup' function. */
1111#undef HAVE_VHANGUP 979#undef HAVE_VHANGUP
1112 980
@@ -1134,14 +1002,100 @@
1134/* Define to 1 if you have the `__b64_pton' function. */ 1002/* Define to 1 if you have the `__b64_pton' function. */
1135#undef HAVE___B64_PTON 1003#undef HAVE___B64_PTON
1136 1004
1005/* Define if compiler implements __FUNCTION__ */
1006#undef HAVE___FUNCTION__
1007
1008/* Define if libc defines __progname */
1009#undef HAVE___PROGNAME
1010
1011/* Fields in struct sockaddr_storage */
1012#undef HAVE___SS_FAMILY_IN_SS
1013
1014/* Define if __va_copy exists */
1015#undef HAVE___VA_COPY
1016
1017/* Define if compiler implements __func__ */
1018#undef HAVE___func__
1019
1020/* Define this if you are using the Heimdal version of Kerberos V5 */
1021#undef HEIMDAL
1022
1023/* Define if you need to use IP address instead of hostname in $DISPLAY */
1024#undef IPADDR_IN_DISPLAY
1025
1026/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */
1027#undef IPV4_IN_IPV6
1028
1029/* Define if your system choked on IP TOS setting */
1030#undef IP_TOS_IS_BROKEN
1031
1032/* Define if you want Kerberos 5 support */
1033#undef KRB5
1034
1035/* Define if you want TCP Wrappers support */
1036#undef LIBWRAP
1037
1038/* Define to whatever link() returns for "not supported" if it doesn't return
1039 EOPNOTSUPP. */
1040#undef LINK_OPNOTSUPP_ERRNO
1041
1137/* max value of long long calculated by configure */ 1042/* max value of long long calculated by configure */
1138#undef LLONG_MAX 1043#undef LLONG_MAX
1139 1044
1140/* min value of long long calculated by configure */ 1045/* min value of long long calculated by configure */
1141#undef LLONG_MIN 1046#undef LLONG_MIN
1142 1047
1048/* Account locked with pw(1) */
1049#undef LOCKED_PASSWD_PREFIX
1050
1051/* String used in /etc/passwd to denote locked account */
1052#undef LOCKED_PASSWD_STRING
1053
1054/* String used in /etc/passwd to denote locked account */
1055#undef LOCKED_PASSWD_SUBSTR
1056
1057/* Some versions of /bin/login need the TERM supplied on the commandline */
1058#undef LOGIN_NEEDS_TERM
1059
1060/* Some systems need a utmpx entry for /bin/login to work */
1061#undef LOGIN_NEEDS_UTMPX
1062
1063/* Define if your login program cannot handle end of options ("--") */
1064#undef LOGIN_NO_ENDOPT
1065
1066/* If your header files don't define LOGIN_PROGRAM, then use this (detected)
1067 from environment and PATH */
1068#undef LOGIN_PROGRAM_FALLBACK
1069
1070/* Set this to your mail directory if you don't have maillock.h */
1071#undef MAIL_DIRECTORY
1072
1073/* Define on *nto-qnx systems */
1074#undef MISSING_FD_MASK
1075
1076/* Define on *nto-qnx systems */
1077#undef MISSING_HOWMANY
1078
1079/* Define on *nto-qnx systems */
1080#undef MISSING_NFDBITS
1081
1143/* Need setpgrp to acquire controlling tty */ 1082/* Need setpgrp to acquire controlling tty */
1144#undef NEED_SETPRGP 1083#undef NEED_SETPGRP
1084
1085/* Define if the concept of ports only accessible to superusers isn't known */
1086#undef NO_IPPORT_RESERVED_CONCEPT
1087
1088/* Define if you don't want to use lastlog in session.c */
1089#undef NO_SSH_LASTLOG
1090
1091/* Define if X11 doesn't support AF_UNIX sockets on that system */
1092#undef NO_X11_UNIX_SOCKETS
1093
1094/* libcrypto is missing AES 192 and 256 bit functions */
1095#undef OPENSSL_LOBOTOMISED_AES
1096
1097/* Define if you want OpenSSL's internally seeded PRNG only */
1098#undef OPENSSL_PRNG_ONLY
1145 1099
1146/* Define to the address where bug reports for this package should be sent. */ 1100/* Define to the address where bug reports for this package should be sent. */
1147#undef PACKAGE_BUGREPORT 1101#undef PACKAGE_BUGREPORT
@@ -1158,9 +1112,25 @@
1158/* Define to the version of this package. */ 1112/* Define to the version of this package. */
1159#undef PACKAGE_VERSION 1113#undef PACKAGE_VERSION
1160 1114
1115/* Define if you are using Solaris-derived PAM which passes pam_messages to
1116 the conversation function with an extra level of indirection */
1117#undef PAM_SUN_CODEBASE
1118
1119/* Work around problematic Linux PAM modules handling of PAM_TTY */
1120#undef PAM_TTY_KLUDGE
1121
1161/* must supply username to passwd */ 1122/* must supply username to passwd */
1162#undef PASSWD_NEEDS_USERNAME 1123#undef PASSWD_NEEDS_USERNAME
1163 1124
1125/* Port number of PRNGD/EGD random number socket */
1126#undef PRNGD_PORT
1127
1128/* Location of PRNGD/EGD random number socket */
1129#undef PRNGD_SOCKET
1130
1131/* Define if your platform breaks doing a seteuid before a setuid */
1132#undef SETEUID_BREAKS_SETUID
1133
1164/* The size of a `char', as computed by sizeof. */ 1134/* The size of a `char', as computed by sizeof. */
1165#undef SIZEOF_CHAR 1135#undef SIZEOF_CHAR
1166 1136
@@ -1176,15 +1146,67 @@
1176/* The size of a `short int', as computed by sizeof. */ 1146/* The size of a `short int', as computed by sizeof. */
1177#undef SIZEOF_SHORT_INT 1147#undef SIZEOF_SHORT_INT
1178 1148
1149/* Define if you want S/Key support */
1150#undef SKEY
1151
1152/* Define if your skeychallenge() function takes 4 arguments (NetBSD) */
1153#undef SKEYCHALLENGE_4ARG
1154
1155/* Define if you want smartcard support */
1156#undef SMARTCARD
1157
1158/* Define as const if snprintf() can declare const char *fmt */
1159#undef SNPRINTF_CONST
1160
1161/* Define to a Set Process Title type if your system is supported by
1162 bsd-setproctitle.c */
1163#undef SPT_TYPE
1164
1165/* Define if sshd somehow reacquires a controlling TTY after setsid() */
1166#undef SSHD_ACQUIRES_CTTY
1167
1168/* Define if pam_chauthtok wants real uid set to the unpriv'ed user */
1169#undef SSHPAM_CHAUTHTOK_NEEDS_RUID
1170
1179/* Use audit debugging module */ 1171/* Use audit debugging module */
1180#undef SSH_AUDIT_EVENTS 1172#undef SSH_AUDIT_EVENTS
1181 1173
1174/* non-privileged user for privilege separation */
1175#undef SSH_PRIVSEP_USER
1176
1177/* Use tunnel device compatibility to OpenBSD */
1178#undef SSH_TUN_COMPAT_AF
1179
1180/* Open tunnel devices the FreeBSD way */
1181#undef SSH_TUN_FREEBSD
1182
1183/* Open tunnel devices the Linux tun/tap way */
1184#undef SSH_TUN_LINUX
1185
1186/* No layer 2 tunnel support */
1187#undef SSH_TUN_NO_L2
1188
1189/* Open tunnel devices the OpenBSD way */
1190#undef SSH_TUN_OPENBSD
1191
1192/* Prepend the address family to IP tunnel traffic */
1193#undef SSH_TUN_PREPEND_AF
1194
1182/* Define to 1 if you have the ANSI C header files. */ 1195/* Define to 1 if you have the ANSI C header files. */
1183#undef STDC_HEADERS 1196#undef STDC_HEADERS
1184 1197
1198/* Define if you want a different $PATH for the superuser */
1199#undef SUPERUSER_PATH
1200
1185/* Support passwords > 8 chars */ 1201/* Support passwords > 8 chars */
1186#undef UNIXWARE_LONG_PASSWORDS 1202#undef UNIXWARE_LONG_PASSWORDS
1187 1203
1204/* Specify default $PATH */
1205#undef USER_PATH
1206
1207/* Define this if you want to use libkafs' AFS support */
1208#undef USE_AFS
1209
1188/* Use BSM audit module */ 1210/* Use BSM audit module */
1189#undef USE_BSM_AUDIT 1211#undef USE_BSM_AUDIT
1190 1212
@@ -1194,10 +1216,44 @@
1194/* Use libedit for sftp */ 1216/* Use libedit for sftp */
1195#undef USE_LIBEDIT 1217#undef USE_LIBEDIT
1196 1218
1219/* Define if you want smartcard support using OpenSC */
1220#undef USE_OPENSC
1221
1222/* Define if you want to enable PAM support */
1223#undef USE_PAM
1224
1225/* Use PIPES instead of a socketpair() */
1226#undef USE_PIPES
1227
1228/* Define if you want smartcard support using sectok */
1229#undef USE_SECTOK
1230
1231/* Define if you shouldn't strip 'tty' from your ttyname in [uw]tmp */
1232#undef WITH_ABBREV_NO_TTY
1233
1234/* Define if you want to enable AIX4's authenticate function */
1235#undef WITH_AIXAUTHENTICATE
1236
1237/* Define if you have/want arrays (cluster-wide session managment, not C
1238 arrays) */
1239#undef WITH_IRIX_ARRAY
1240
1241/* Define if you want IRIX audit trails */
1242#undef WITH_IRIX_AUDIT
1243
1244/* Define if you want IRIX kernel jobs */
1245#undef WITH_IRIX_JOBS
1246
1247/* Define if you want IRIX project management */
1248#undef WITH_IRIX_PROJECT
1249
1197/* Define to 1 if your processor stores words with the most significant byte 1250/* Define to 1 if your processor stores words with the most significant byte
1198 first (like Motorola and SPARC, unlike Intel and VAX). */ 1251 first (like Motorola and SPARC, unlike Intel and VAX). */
1199#undef WORDS_BIGENDIAN 1252#undef WORDS_BIGENDIAN
1200 1253
1254/* Define if xauth is found in your path */
1255#undef XAUTH_PATH
1256
1201/* Number of bits in a file offset, on hosts where this is settable. */ 1257/* Number of bits in a file offset, on hosts where this is settable. */
1202#undef _FILE_OFFSET_BITS 1258#undef _FILE_OFFSET_BITS
1203 1259
@@ -1207,6 +1263,15 @@
1207/* log for bad login attempts */ 1263/* log for bad login attempts */
1208#undef _PATH_BTMP 1264#undef _PATH_BTMP
1209 1265
1266/* Full path of your "passwd" program */
1267#undef _PATH_PASSWD_PROG
1268
1269/* Specify location of ssh.pid */
1270#undef _PATH_SSH_PIDDIR
1271
1272/* Define if we don't have struct __res_state in resolv.h */
1273#undef __res_state
1274
1210/* Define to `__inline__' or `__inline' if that's what the C compiler 1275/* Define to `__inline__' or `__inline' if that's what the C compiler
1211 calls it, or to nothing if 'inline' is not supported under any name. */ 1276 calls it, or to nothing if 'inline' is not supported under any name. */
1212#ifndef __cplusplus 1277#ifndef __cplusplus
@@ -1215,7 +1280,3 @@
1215 1280
1216/* type to use in place of socklen_t if not defined */ 1281/* type to use in place of socklen_t if not defined */
1217#undef socklen_t 1282#undef socklen_t
1218
1219/* ******************* Shouldn't need to edit below this line ************** */
1220
1221#endif /* _CONFIG_H */
diff --git a/configure b/configure
index 362218407..5a5e162bd 100755
--- a/configure
+++ b/configure
@@ -1,4 +1,5 @@
1#! /bin/sh 1#! /bin/sh
2# From configure.ac Revision: 1.322.2.6 .
2# Guess values for system-dependent variables and create Makefiles. 3# Guess values for system-dependent variables and create Makefiles.
3# Generated by GNU Autoconf 2.59 for OpenSSH Portable. 4# Generated by GNU Autoconf 2.59 for OpenSSH Portable.
4# 5#
@@ -311,7 +312,7 @@ ac_includes_default="\
311# include <unistd.h> 312# include <unistd.h>
312#endif" 313#endif"
313 314
314ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT build build_cpu build_vendor build_os host host_cpu host_vendor host_os AWK CPP RANLIB ac_ct_RANLIB INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA AR CAT KILL PERL SED ENT TEST_MINUS_S_SH SH TEST_SHELL PATH_GROUPADD_PROG PATH_USERADD_PROG MAKE_PACKAGE_SUPPORTED LOGIN_PROGRAM_FALLBACK PATH_PASSWD_PROG LD EGREP LIBWRAP LIBEDIT LIBPAM INSTALL_SSH_RAND_HELPER SSH_PRIVSEP_USER PROG_LS PROG_NETSTAT PROG_ARP PROG_IFCONFIG PROG_JSTAT PROG_PS PROG_SAR PROG_W PROG_WHO PROG_LAST PROG_LASTLOG PROG_DF PROG_VMSTAT PROG_UPTIME PROG_IPCS PROG_TAIL INSTALL_SSH_PRNG_CMDS OPENSC_CONFIG PRIVSEP_PATH xauth_path STRIP_OPT XAUTH_PATH NROFF MANTYPE mansubdir user_path piddir LIBOBJS LTLIBOBJS' 315ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT build build_cpu build_vendor build_os host host_cpu host_vendor host_os AWK CPP RANLIB ac_ct_RANLIB INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA EGREP AR CAT KILL PERL SED ENT TEST_MINUS_S_SH SH TEST_SHELL PATH_GROUPADD_PROG PATH_USERADD_PROG MAKE_PACKAGE_SUPPORTED STARTUP_SCRIPT_SHELL LOGIN_PROGRAM_FALLBACK PATH_PASSWD_PROG LD LIBWRAP LIBEDIT LIBPAM INSTALL_SSH_RAND_HELPER SSH_PRIVSEP_USER PROG_LS PROG_NETSTAT PROG_ARP PROG_IFCONFIG PROG_JSTAT PROG_PS PROG_SAR PROG_W PROG_WHO PROG_LAST PROG_LASTLOG PROG_DF PROG_VMSTAT PROG_UPTIME PROG_IPCS PROG_TAIL INSTALL_SSH_PRNG_CMDS OPENSC_CONFIG PRIVSEP_PATH xauth_path STRIP_OPT XAUTH_PATH NROFF MANTYPE mansubdir user_path piddir LIBOBJS LTLIBOBJS'
315ac_subst_files='' 316ac_subst_files=''
316 317
317# Initialize some variables set by options. 318# Initialize some variables set by options.
@@ -884,7 +885,7 @@ Optional Packages:
884 --with-entropy-timeout Specify entropy gathering command timeout (msec) 885 --with-entropy-timeout Specify entropy gathering command timeout (msec)
885 --with-privsep-user=user Specify non-privileged user for privilege separation 886 --with-privsep-user=user Specify non-privileged user for privilege separation
886 --with-sectok Enable smartcard support using libsectok 887 --with-sectok Enable smartcard support using libsectok
887--with-opensc[=PFX] Enable smartcard support using OpenSC (optionally in PATH) 888 --with-opensc[=PFX] Enable smartcard support using OpenSC (optionally in PATH)
888 --with-kerberos5=PATH Enable Kerberos 5 support 889 --with-kerberos5=PATH Enable Kerberos 5 support
889 --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty) 890 --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)
890 --with-xauth=PATH Specify path to xauth program 891 --with-xauth=PATH Specify path to xauth program
@@ -1359,6 +1360,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
1359 1360
1360 1361
1361 1362
1363
1362 ac_config_headers="$ac_config_headers config.h" 1364 ac_config_headers="$ac_config_headers config.h"
1363 1365
1364ac_ext=c 1366ac_ext=c
@@ -3036,6 +3038,21 @@ test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
3036 3038
3037test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' 3039test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
3038 3040
3041echo "$as_me:$LINENO: checking for egrep" >&5
3042echo $ECHO_N "checking for egrep... $ECHO_C" >&6
3043if test "${ac_cv_prog_egrep+set}" = set; then
3044 echo $ECHO_N "(cached) $ECHO_C" >&6
3045else
3046 if echo a | (grep -E '(a|b)') >/dev/null 2>&1
3047 then ac_cv_prog_egrep='grep -E'
3048 else ac_cv_prog_egrep='egrep'
3049 fi
3050fi
3051echo "$as_me:$LINENO: result: $ac_cv_prog_egrep" >&5
3052echo "${ECHO_T}$ac_cv_prog_egrep" >&6
3053 EGREP=$ac_cv_prog_egrep
3054
3055
3039# Extract the first word of "ar", so it can be a program name with args. 3056# Extract the first word of "ar", so it can be a program name with args.
3040set dummy ar; ac_word=$2 3057set dummy ar; ac_word=$2
3041echo "$as_me:$LINENO: checking for $ac_word" >&5 3058echo "$as_me:$LINENO: checking for $ac_word" >&5
@@ -3552,6 +3569,13 @@ else
3552echo "${ECHO_T}no" >&6 3569echo "${ECHO_T}no" >&6
3553fi 3570fi
3554 3571
3572if test -x /sbin/sh; then
3573 STARTUP_SCRIPT_SHELL=/sbin/sh
3574
3575else
3576 STARTUP_SCRIPT_SHELL=/bin/sh
3577
3578fi
3555 3579
3556# System features 3580# System features
3557# Check whether --enable-largefile or --disable-largefile was given. 3581# Check whether --enable-largefile or --disable-largefile was given.
@@ -3927,7 +3951,8 @@ fi
3927 3951
3928# Use LOGIN_PROGRAM from environment if possible 3952# Use LOGIN_PROGRAM from environment if possible
3929if test ! -z "$LOGIN_PROGRAM" ; then 3953if test ! -z "$LOGIN_PROGRAM" ; then
3930 cat >>confdefs.h <<_ACEOF 3954
3955cat >>confdefs.h <<_ACEOF
3931#define LOGIN_PROGRAM_FALLBACK "$LOGIN_PROGRAM" 3956#define LOGIN_PROGRAM_FALLBACK "$LOGIN_PROGRAM"
3932_ACEOF 3957_ACEOF
3933 3958
@@ -4020,7 +4045,8 @@ echo "${ECHO_T}no" >&6
4020fi 4045fi
4021 4046
4022if test ! -z "$PATH_PASSWD_PROG" ; then 4047if test ! -z "$PATH_PASSWD_PROG" ; then
4023 cat >>confdefs.h <<_ACEOF 4048
4049cat >>confdefs.h <<_ACEOF
4024#define _PATH_PASSWD_PROG "$PATH_PASSWD_PROG" 4050#define _PATH_PASSWD_PROG "$PATH_PASSWD_PROG"
4025_ACEOF 4051_ACEOF
4026 4052
@@ -4167,12 +4193,14 @@ fi
4167 4193
4168if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 4194if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
4169 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized" 4195 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
4170 GCC_VER=`$CC --version` 4196 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
4171 case $GCC_VER in 4197 case $GCC_VER in
4172 1.*) ;; 4198 1.*) ;;
4173 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;; 4199 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
4174 2.*) ;; 4200 2.*) ;;
4175 *) CFLAGS="$CFLAGS -Wsign-compare" ;; 4201 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
4202 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
4203 *) ;;
4176 esac 4204 esac
4177 4205
4178 if test -z "$have_llong_max"; then 4206 if test -z "$have_llong_max"; then
@@ -4247,110 +4275,6 @@ fi
4247 fi 4275 fi
4248fi 4276fi
4249 4277
4250if test -z "$have_llong_max"; then
4251 echo "$as_me:$LINENO: checking for max value of long long" >&5
4252echo $ECHO_N "checking for max value of long long... $ECHO_C" >&6
4253 if test "$cross_compiling" = yes; then
4254
4255 { echo "$as_me:$LINENO: WARNING: cross compiling: not checking" >&5
4256echo "$as_me: WARNING: cross compiling: not checking" >&2;}
4257
4258
4259else
4260 cat >conftest.$ac_ext <<_ACEOF
4261/* confdefs.h. */
4262_ACEOF
4263cat confdefs.h >>conftest.$ac_ext
4264cat >>conftest.$ac_ext <<_ACEOF
4265/* end confdefs.h. */
4266
4267#include <stdio.h>
4268/* Why is this so damn hard? */
4269#ifdef __GNUC__
4270# undef __GNUC__
4271#endif
4272#define __USE_ISOC99
4273#include <limits.h>
4274#define DATA "conftest.llminmax"
4275int main(void) {
4276 FILE *f;
4277 long long i, llmin, llmax = 0;
4278
4279 if((f = fopen(DATA,"w")) == NULL)
4280 exit(1);
4281
4282#if defined(LLONG_MIN) && defined(LLONG_MAX)
4283 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
4284 llmin = LLONG_MIN;
4285 llmax = LLONG_MAX;
4286#else
4287 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
4288 /* This will work on one's complement and two's complement */
4289 for (i = 1; i > llmax; i <<= 1, i++)
4290 llmax = i;
4291 llmin = llmax + 1LL; /* wrap */
4292#endif
4293
4294 /* Sanity check */
4295 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
4296 || llmax - 1 > llmax) {
4297 fprintf(f, "unknown unknown\n");
4298 exit(2);
4299 }
4300
4301 if (fprintf(f ,"%lld %lld", llmin, llmax) < 0)
4302 exit(3);
4303
4304 exit(0);
4305}
4306
4307_ACEOF
4308rm -f conftest$ac_exeext
4309if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
4310 (eval $ac_link) 2>&5
4311 ac_status=$?
4312 echo "$as_me:$LINENO: \$? = $ac_status" >&5
4313 (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
4314 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
4315 (eval $ac_try) 2>&5
4316 ac_status=$?
4317 echo "$as_me:$LINENO: \$? = $ac_status" >&5
4318 (exit $ac_status); }; }; then
4319
4320 llong_min=`$AWK '{print $1}' conftest.llminmax`
4321 llong_max=`$AWK '{print $2}' conftest.llminmax`
4322 echo "$as_me:$LINENO: result: $llong_max" >&5
4323echo "${ECHO_T}$llong_max" >&6
4324
4325cat >>confdefs.h <<_ACEOF
4326#define LLONG_MAX ${llong_max}LL
4327_ACEOF
4328
4329 echo "$as_me:$LINENO: checking for min value of long long" >&5
4330echo $ECHO_N "checking for min value of long long... $ECHO_C" >&6
4331 echo "$as_me:$LINENO: result: $llong_min" >&5
4332echo "${ECHO_T}$llong_min" >&6
4333
4334cat >>confdefs.h <<_ACEOF
4335#define LLONG_MIN ${llong_min}LL
4336_ACEOF
4337
4338
4339else
4340 echo "$as_me: program exited with status $ac_status" >&5
4341echo "$as_me: failed program was:" >&5
4342sed 's/^/| /' conftest.$ac_ext >&5
4343
4344( exit $ac_status )
4345
4346 echo "$as_me:$LINENO: result: not found" >&5
4347echo "${ECHO_T}not found" >&6
4348
4349fi
4350rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
4351fi
4352fi
4353
4354 4278
4355# Check whether --with-rpath or --without-rpath was given. 4279# Check whether --with-rpath or --without-rpath was given.
4356if test "${with_rpath+set}" = set; then 4280if test "${with_rpath+set}" = set; then
@@ -4527,7 +4451,8 @@ fi
4527echo "$as_me:$LINENO: result: $ac_cv_func_authenticate" >&5 4451echo "$as_me:$LINENO: result: $ac_cv_func_authenticate" >&5
4528echo "${ECHO_T}$ac_cv_func_authenticate" >&6 4452echo "${ECHO_T}$ac_cv_func_authenticate" >&6
4529if test $ac_cv_func_authenticate = yes; then 4453if test $ac_cv_func_authenticate = yes; then
4530 cat >>confdefs.h <<\_ACEOF 4454
4455cat >>confdefs.h <<\_ACEOF
4531#define WITH_AIXAUTHENTICATE 1 4456#define WITH_AIXAUTHENTICATE 1
4532_ACEOF 4457_ACEOF
4533 4458
@@ -5070,7 +4995,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
5070 (exit $ac_status); }; }; then 4995 (exit $ac_status); }; }; then
5071 echo "$as_me:$LINENO: result: yes" >&5 4996 echo "$as_me:$LINENO: result: yes" >&5
5072echo "${ECHO_T}yes" >&6 4997echo "${ECHO_T}yes" >&6
5073 cat >>confdefs.h <<\_ACEOF 4998
4999cat >>confdefs.h <<\_ACEOF
5074#define AIX_LOGINFAILED_4ARG 1 5000#define AIX_LOGINFAILED_4ARG 1
5075_ACEOF 5001_ACEOF
5076 5002
@@ -5195,63 +5121,82 @@ fi
5195done 5121done
5196 5122
5197 check_for_aix_broken_getaddrinfo=1 5123 check_for_aix_broken_getaddrinfo=1
5198 cat >>confdefs.h <<\_ACEOF 5124
5125cat >>confdefs.h <<\_ACEOF
5199#define BROKEN_REALPATH 1 5126#define BROKEN_REALPATH 1
5200_ACEOF 5127_ACEOF
5201 5128
5202 cat >>confdefs.h <<\_ACEOF 5129
5130cat >>confdefs.h <<\_ACEOF
5203#define SETEUID_BREAKS_SETUID 1 5131#define SETEUID_BREAKS_SETUID 1
5204_ACEOF 5132_ACEOF
5205 5133
5206 cat >>confdefs.h <<\_ACEOF 5134
5135cat >>confdefs.h <<\_ACEOF
5207#define BROKEN_SETREUID 1 5136#define BROKEN_SETREUID 1
5208_ACEOF 5137_ACEOF
5209 5138
5210 cat >>confdefs.h <<\_ACEOF 5139
5140cat >>confdefs.h <<\_ACEOF
5211#define BROKEN_SETREGID 1 5141#define BROKEN_SETREGID 1
5212_ACEOF 5142_ACEOF
5213 5143
5214 cat >>confdefs.h <<\_ACEOF 5144
5145cat >>confdefs.h <<\_ACEOF
5215#define DISABLE_LASTLOG 1 5146#define DISABLE_LASTLOG 1
5216_ACEOF 5147_ACEOF
5217 5148
5218 cat >>confdefs.h <<\_ACEOF 5149
5150cat >>confdefs.h <<\_ACEOF
5219#define LOGIN_NEEDS_UTMPX 1 5151#define LOGIN_NEEDS_UTMPX 1
5220_ACEOF 5152_ACEOF
5221 5153
5222 cat >>confdefs.h <<\_ACEOF 5154
5155cat >>confdefs.h <<\_ACEOF
5223#define SPT_TYPE SPT_REUSEARGV 5156#define SPT_TYPE SPT_REUSEARGV
5224_ACEOF 5157_ACEOF
5225 5158
5159
5160cat >>confdefs.h <<\_ACEOF
5161#define SSHPAM_CHAUTHTOK_NEEDS_RUID 1
5162_ACEOF
5163
5226 ;; 5164 ;;
5227*-*-cygwin*) 5165*-*-cygwin*)
5228 check_for_libcrypt_later=1 5166 check_for_libcrypt_later=1
5229 LIBS="$LIBS /usr/lib/textmode.o" 5167 LIBS="$LIBS /usr/lib/textmode.o"
5230 cat >>confdefs.h <<\_ACEOF 5168
5169cat >>confdefs.h <<\_ACEOF
5231#define HAVE_CYGWIN 1 5170#define HAVE_CYGWIN 1
5232_ACEOF 5171_ACEOF
5233 5172
5234 cat >>confdefs.h <<\_ACEOF 5173
5174cat >>confdefs.h <<\_ACEOF
5235#define USE_PIPES 1 5175#define USE_PIPES 1
5236_ACEOF 5176_ACEOF
5237 5177
5238 cat >>confdefs.h <<\_ACEOF 5178
5179cat >>confdefs.h <<\_ACEOF
5239#define DISABLE_SHADOW 1 5180#define DISABLE_SHADOW 1
5240_ACEOF 5181_ACEOF
5241 5182
5242 cat >>confdefs.h <<\_ACEOF 5183
5184cat >>confdefs.h <<\_ACEOF
5243#define IP_TOS_IS_BROKEN 1 5185#define IP_TOS_IS_BROKEN 1
5244_ACEOF 5186_ACEOF
5245 5187
5246 cat >>confdefs.h <<\_ACEOF 5188
5189cat >>confdefs.h <<\_ACEOF
5247#define NO_X11_UNIX_SOCKETS 1 5190#define NO_X11_UNIX_SOCKETS 1
5248_ACEOF 5191_ACEOF
5249 5192
5250 cat >>confdefs.h <<\_ACEOF 5193
5194cat >>confdefs.h <<\_ACEOF
5251#define NO_IPPORT_RESERVED_CONCEPT 1 5195#define NO_IPPORT_RESERVED_CONCEPT 1
5252_ACEOF 5196_ACEOF
5253 5197
5254 cat >>confdefs.h <<\_ACEOF 5198
5199cat >>confdefs.h <<\_ACEOF
5255#define DISABLE_FD_PASSING 1 5200#define DISABLE_FD_PASSING 1
5256_ACEOF 5201_ACEOF
5257 5202
@@ -5315,7 +5260,8 @@ sed 's/^/| /' conftest.$ac_ext >&5
5315( exit $ac_status ) 5260( exit $ac_status )
5316echo "$as_me:$LINENO: result: buggy" >&5 5261echo "$as_me:$LINENO: result: buggy" >&5
5317echo "${ECHO_T}buggy" >&6 5262echo "${ECHO_T}buggy" >&6
5318 cat >>confdefs.h <<\_ACEOF 5263
5264cat >>confdefs.h <<\_ACEOF
5319#define BROKEN_GETADDRINFO 1 5265#define BROKEN_GETADDRINFO 1
5320_ACEOF 5266_ACEOF
5321 5267
@@ -5334,7 +5280,8 @@ _ACEOF
5334#define BROKEN_SETREGID 1 5280#define BROKEN_SETREGID 1
5335_ACEOF 5281_ACEOF
5336 5282
5337 cat >>confdefs.h <<_ACEOF 5283
5284cat >>confdefs.h <<_ACEOF
5338#define BIND_8_COMPAT 1 5285#define BIND_8_COMPAT 1
5339_ACEOF 5286_ACEOF
5340 5287
@@ -5347,7 +5294,8 @@ _ACEOF
5347#define USE_PIPES 1 5294#define USE_PIPES 1
5348_ACEOF 5295_ACEOF
5349 5296
5350 cat >>confdefs.h <<\_ACEOF 5297
5298cat >>confdefs.h <<\_ACEOF
5351#define LOGIN_NO_ENDOPT 1 5299#define LOGIN_NO_ENDOPT 1
5352_ACEOF 5300_ACEOF
5353 5301
@@ -5355,7 +5303,8 @@ _ACEOF
5355#define LOGIN_NEEDS_UTMPX 1 5303#define LOGIN_NEEDS_UTMPX 1
5356_ACEOF 5304_ACEOF
5357 5305
5358 cat >>confdefs.h <<\_ACEOF 5306
5307cat >>confdefs.h <<\_ACEOF
5359#define LOCKED_PASSWD_STRING "*" 5308#define LOCKED_PASSWD_STRING "*"
5360_ACEOF 5309_ACEOF
5361 5310
@@ -5363,6 +5312,7 @@ _ACEOF
5363#define SPT_TYPE SPT_PSTAT 5312#define SPT_TYPE SPT_PSTAT
5364_ACEOF 5313_ACEOF
5365 5314
5315 MAIL="/var/mail/username"
5366 LIBS="$LIBS -lsec" 5316 LIBS="$LIBS -lsec"
5367 5317
5368echo "$as_me:$LINENO: checking for t_error in -lxnet" >&5 5318echo "$as_me:$LINENO: checking for t_error in -lxnet" >&5
@@ -5451,11 +5401,13 @@ fi
5451 fi 5401 fi
5452 ;; 5402 ;;
5453 *-*-hpux11*) 5403 *-*-hpux11*)
5454 cat >>confdefs.h <<\_ACEOF 5404
5405cat >>confdefs.h <<\_ACEOF
5455#define PAM_SUN_CODEBASE 1 5406#define PAM_SUN_CODEBASE 1
5456_ACEOF 5407_ACEOF
5457 5408
5458 cat >>confdefs.h <<\_ACEOF 5409
5410cat >>confdefs.h <<\_ACEOF
5459#define DISABLE_UTMP 1 5411#define DISABLE_UTMP 1
5460_ACEOF 5412_ACEOF
5461 5413
@@ -5472,7 +5424,8 @@ _ACEOF
5472 # lastly, we define options specific to minor releases 5424 # lastly, we define options specific to minor releases
5473 case "$host" in 5425 case "$host" in
5474 *-*-hpux10.26) 5426 *-*-hpux10.26)
5475 cat >>confdefs.h <<\_ACEOF 5427
5428cat >>confdefs.h <<\_ACEOF
5476#define HAVE_SECUREWARE 1 5429#define HAVE_SECUREWARE 1
5477_ACEOF 5430_ACEOF
5478 5431
@@ -5483,7 +5436,8 @@ _ACEOF
5483 ;; 5436 ;;
5484*-*-irix5*) 5437*-*-irix5*)
5485 PATH="$PATH:/usr/etc" 5438 PATH="$PATH:/usr/etc"
5486 cat >>confdefs.h <<\_ACEOF 5439
5440cat >>confdefs.h <<\_ACEOF
5487#define BROKEN_INET_NTOA 1 5441#define BROKEN_INET_NTOA 1
5488_ACEOF 5442_ACEOF
5489 5443
@@ -5499,7 +5453,8 @@ _ACEOF
5499#define BROKEN_SETREGID 1 5453#define BROKEN_SETREGID 1
5500_ACEOF 5454_ACEOF
5501 5455
5502 cat >>confdefs.h <<\_ACEOF 5456
5457cat >>confdefs.h <<\_ACEOF
5503#define WITH_ABBREV_NO_TTY 1 5458#define WITH_ABBREV_NO_TTY 1
5504_ACEOF 5459_ACEOF
5505 5460
@@ -5510,15 +5465,18 @@ _ACEOF
5510 ;; 5465 ;;
5511*-*-irix6*) 5466*-*-irix6*)
5512 PATH="$PATH:/usr/etc" 5467 PATH="$PATH:/usr/etc"
5513 cat >>confdefs.h <<\_ACEOF 5468
5469cat >>confdefs.h <<\_ACEOF
5514#define WITH_IRIX_ARRAY 1 5470#define WITH_IRIX_ARRAY 1
5515_ACEOF 5471_ACEOF
5516 5472
5517 cat >>confdefs.h <<\_ACEOF 5473
5474cat >>confdefs.h <<\_ACEOF
5518#define WITH_IRIX_PROJECT 1 5475#define WITH_IRIX_PROJECT 1
5519_ACEOF 5476_ACEOF
5520 5477
5521 cat >>confdefs.h <<\_ACEOF 5478
5479cat >>confdefs.h <<\_ACEOF
5522#define WITH_IRIX_AUDIT 1 5480#define WITH_IRIX_AUDIT 1
5523_ACEOF 5481_ACEOF
5524 5482
@@ -5613,7 +5571,8 @@ fi
5613echo "$as_me:$LINENO: result: $ac_cv_func_jlimit_startjob" >&5 5571echo "$as_me:$LINENO: result: $ac_cv_func_jlimit_startjob" >&5
5614echo "${ECHO_T}$ac_cv_func_jlimit_startjob" >&6 5572echo "${ECHO_T}$ac_cv_func_jlimit_startjob" >&6
5615if test $ac_cv_func_jlimit_startjob = yes; then 5573if test $ac_cv_func_jlimit_startjob = yes; then
5616 cat >>confdefs.h <<\_ACEOF 5574
5575cat >>confdefs.h <<\_ACEOF
5617#define WITH_IRIX_JOBS 1 5576#define WITH_IRIX_JOBS 1
5618_ACEOF 5577_ACEOF
5619 5578
@@ -5635,7 +5594,8 @@ _ACEOF
5635#define BROKEN_SETREGID 1 5594#define BROKEN_SETREGID 1
5636_ACEOF 5595_ACEOF
5637 5596
5638 cat >>confdefs.h <<\_ACEOF 5597
5598cat >>confdefs.h <<\_ACEOF
5639#define BROKEN_UPDWTMPX 1 5599#define BROKEN_UPDWTMPX 1
5640_ACEOF 5600_ACEOF
5641 5601
@@ -5652,15 +5612,18 @@ _ACEOF
5652 no_dev_ptmx=1 5612 no_dev_ptmx=1
5653 check_for_libcrypt_later=1 5613 check_for_libcrypt_later=1
5654 check_for_openpty_ctty_bug=1 5614 check_for_openpty_ctty_bug=1
5655 cat >>confdefs.h <<\_ACEOF 5615
5616cat >>confdefs.h <<\_ACEOF
5656#define DONT_TRY_OTHER_AF 1 5617#define DONT_TRY_OTHER_AF 1
5657_ACEOF 5618_ACEOF
5658 5619
5659 cat >>confdefs.h <<\_ACEOF 5620
5621cat >>confdefs.h <<\_ACEOF
5660#define PAM_TTY_KLUDGE 1 5622#define PAM_TTY_KLUDGE 1
5661_ACEOF 5623_ACEOF
5662 5624
5663 cat >>confdefs.h <<\_ACEOF 5625
5626cat >>confdefs.h <<\_ACEOF
5664#define LOCKED_PASSWD_PREFIX "!" 5627#define LOCKED_PASSWD_PREFIX "!"
5665_ACEOF 5628_ACEOF
5666 5629
@@ -5668,7 +5631,8 @@ _ACEOF
5668#define SPT_TYPE SPT_REUSEARGV 5631#define SPT_TYPE SPT_REUSEARGV
5669_ACEOF 5632_ACEOF
5670 5633
5671 cat >>confdefs.h <<\_ACEOF 5634
5635cat >>confdefs.h <<\_ACEOF
5672#define LINK_OPNOTSUPP_ERRNO EPERM 5636#define LINK_OPNOTSUPP_ERRNO EPERM
5673_ACEOF 5637_ACEOF
5674 5638
@@ -5677,25 +5641,432 @@ cat >>confdefs.h <<\_ACEOF
5677#define _PATH_BTMP "/var/log/btmp" 5641#define _PATH_BTMP "/var/log/btmp"
5678_ACEOF 5642_ACEOF
5679 5643
5680 5644 cat >>confdefs.h <<\_ACEOF
5681cat >>confdefs.h <<\_ACEOF
5682#define USE_BTMP 1 5645#define USE_BTMP 1
5683_ACEOF 5646_ACEOF
5684 5647
5685 inet6_default_4in6=yes 5648 inet6_default_4in6=yes
5686 case `uname -r` in 5649 case `uname -r` in
5687 1.*|2.0.*) 5650 1.*|2.0.*)
5688 cat >>confdefs.h <<\_ACEOF 5651
5652cat >>confdefs.h <<\_ACEOF
5689#define BROKEN_CMSG_TYPE 1 5653#define BROKEN_CMSG_TYPE 1
5690_ACEOF 5654_ACEOF
5691 5655
5692 ;; 5656 ;;
5693 esac 5657 esac
5658 # tun(4) forwarding compat code
5659
5660echo "$as_me:$LINENO: checking for ANSI C header files" >&5
5661echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6
5662if test "${ac_cv_header_stdc+set}" = set; then
5663 echo $ECHO_N "(cached) $ECHO_C" >&6
5664else
5665 cat >conftest.$ac_ext <<_ACEOF
5666/* confdefs.h. */
5667_ACEOF
5668cat confdefs.h >>conftest.$ac_ext
5669cat >>conftest.$ac_ext <<_ACEOF
5670/* end confdefs.h. */
5671#include <stdlib.h>
5672#include <stdarg.h>
5673#include <string.h>
5674#include <float.h>
5675
5676int
5677main ()
5678{
5679
5680 ;
5681 return 0;
5682}
5683_ACEOF
5684rm -f conftest.$ac_objext
5685if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
5686 (eval $ac_compile) 2>conftest.er1
5687 ac_status=$?
5688 grep -v '^ *+' conftest.er1 >conftest.err
5689 rm -f conftest.er1
5690 cat conftest.err >&5
5691 echo "$as_me:$LINENO: \$? = $ac_status" >&5
5692 (exit $ac_status); } &&
5693 { ac_try='test -z "$ac_c_werror_flag"
5694 || test ! -s conftest.err'
5695 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
5696 (eval $ac_try) 2>&5
5697 ac_status=$?
5698 echo "$as_me:$LINENO: \$? = $ac_status" >&5
5699 (exit $ac_status); }; } &&
5700 { ac_try='test -s conftest.$ac_objext'
5701 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
5702 (eval $ac_try) 2>&5
5703 ac_status=$?
5704 echo "$as_me:$LINENO: \$? = $ac_status" >&5
5705 (exit $ac_status); }; }; then
5706 ac_cv_header_stdc=yes
5707else
5708 echo "$as_me: failed program was:" >&5
5709sed 's/^/| /' conftest.$ac_ext >&5
5710
5711ac_cv_header_stdc=no
5712fi
5713rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
5714
5715if test $ac_cv_header_stdc = yes; then
5716 # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
5717 cat >conftest.$ac_ext <<_ACEOF
5718/* confdefs.h. */
5719_ACEOF
5720cat confdefs.h >>conftest.$ac_ext
5721cat >>conftest.$ac_ext <<_ACEOF
5722/* end confdefs.h. */
5723#include <string.h>
5724
5725_ACEOF
5726if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
5727 $EGREP "memchr" >/dev/null 2>&1; then
5728 :
5729else
5730 ac_cv_header_stdc=no
5731fi
5732rm -f conftest*
5733
5734fi
5735
5736if test $ac_cv_header_stdc = yes; then
5737 # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
5738 cat >conftest.$ac_ext <<_ACEOF
5739/* confdefs.h. */
5740_ACEOF
5741cat confdefs.h >>conftest.$ac_ext
5742cat >>conftest.$ac_ext <<_ACEOF
5743/* end confdefs.h. */
5744#include <stdlib.h>
5745
5746_ACEOF
5747if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
5748 $EGREP "free" >/dev/null 2>&1; then
5749 :
5750else
5751 ac_cv_header_stdc=no
5752fi
5753rm -f conftest*
5754
5755fi
5756
5757if test $ac_cv_header_stdc = yes; then
5758 # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
5759 if test "$cross_compiling" = yes; then
5760 :
5761else
5762 cat >conftest.$ac_ext <<_ACEOF
5763/* confdefs.h. */
5764_ACEOF
5765cat confdefs.h >>conftest.$ac_ext
5766cat >>conftest.$ac_ext <<_ACEOF
5767/* end confdefs.h. */
5768#include <ctype.h>
5769#if ((' ' & 0x0FF) == 0x020)
5770# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
5771# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
5772#else
5773# define ISLOWER(c) \
5774 (('a' <= (c) && (c) <= 'i') \
5775 || ('j' <= (c) && (c) <= 'r') \
5776 || ('s' <= (c) && (c) <= 'z'))
5777# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
5778#endif
5779
5780#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
5781int
5782main ()
5783{
5784 int i;
5785 for (i = 0; i < 256; i++)
5786 if (XOR (islower (i), ISLOWER (i))
5787 || toupper (i) != TOUPPER (i))
5788 exit(2);
5789 exit (0);
5790}
5791_ACEOF
5792rm -f conftest$ac_exeext
5793if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
5794 (eval $ac_link) 2>&5
5795 ac_status=$?
5796 echo "$as_me:$LINENO: \$? = $ac_status" >&5
5797 (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
5798 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
5799 (eval $ac_try) 2>&5
5800 ac_status=$?
5801 echo "$as_me:$LINENO: \$? = $ac_status" >&5
5802 (exit $ac_status); }; }; then
5803 :
5804else
5805 echo "$as_me: program exited with status $ac_status" >&5
5806echo "$as_me: failed program was:" >&5
5807sed 's/^/| /' conftest.$ac_ext >&5
5808
5809( exit $ac_status )
5810ac_cv_header_stdc=no
5811fi
5812rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
5813fi
5814fi
5815fi
5816echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5
5817echo "${ECHO_T}$ac_cv_header_stdc" >&6
5818if test $ac_cv_header_stdc = yes; then
5819
5820cat >>confdefs.h <<\_ACEOF
5821#define STDC_HEADERS 1
5822_ACEOF
5823
5824fi
5825
5826# On IRIX 5.3, sys/types and inttypes.h are conflicting.
5827
5828
5829
5830
5831
5832
5833
5834
5835
5836for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
5837 inttypes.h stdint.h unistd.h
5838do
5839as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
5840echo "$as_me:$LINENO: checking for $ac_header" >&5
5841echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
5842if eval "test \"\${$as_ac_Header+set}\" = set"; then
5843 echo $ECHO_N "(cached) $ECHO_C" >&6
5844else
5845 cat >conftest.$ac_ext <<_ACEOF
5846/* confdefs.h. */
5847_ACEOF
5848cat confdefs.h >>conftest.$ac_ext
5849cat >>conftest.$ac_ext <<_ACEOF
5850/* end confdefs.h. */
5851$ac_includes_default
5852
5853#include <$ac_header>
5854_ACEOF
5855rm -f conftest.$ac_objext
5856if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
5857 (eval $ac_compile) 2>conftest.er1
5858 ac_status=$?
5859 grep -v '^ *+' conftest.er1 >conftest.err
5860 rm -f conftest.er1
5861 cat conftest.err >&5
5862 echo "$as_me:$LINENO: \$? = $ac_status" >&5
5863 (exit $ac_status); } &&
5864 { ac_try='test -z "$ac_c_werror_flag"
5865 || test ! -s conftest.err'
5866 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
5867 (eval $ac_try) 2>&5
5868 ac_status=$?
5869 echo "$as_me:$LINENO: \$? = $ac_status" >&5
5870 (exit $ac_status); }; } &&
5871 { ac_try='test -s conftest.$ac_objext'
5872 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
5873 (eval $ac_try) 2>&5
5874 ac_status=$?
5875 echo "$as_me:$LINENO: \$? = $ac_status" >&5
5876 (exit $ac_status); }; }; then
5877 eval "$as_ac_Header=yes"
5878else
5879 echo "$as_me: failed program was:" >&5
5880sed 's/^/| /' conftest.$ac_ext >&5
5881
5882eval "$as_ac_Header=no"
5883fi
5884rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
5885fi
5886echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
5887echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
5888if test `eval echo '${'$as_ac_Header'}'` = yes; then
5889 cat >>confdefs.h <<_ACEOF
5890#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
5891_ACEOF
5892
5893fi
5894
5895done
5896
5897
5898
5899for ac_header in linux/if_tun.h
5900do
5901as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
5902if eval "test \"\${$as_ac_Header+set}\" = set"; then
5903 echo "$as_me:$LINENO: checking for $ac_header" >&5
5904echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
5905if eval "test \"\${$as_ac_Header+set}\" = set"; then
5906 echo $ECHO_N "(cached) $ECHO_C" >&6
5907fi
5908echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
5909echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
5910else
5911 # Is the header compilable?
5912echo "$as_me:$LINENO: checking $ac_header usability" >&5
5913echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
5914cat >conftest.$ac_ext <<_ACEOF
5915/* confdefs.h. */
5916_ACEOF
5917cat confdefs.h >>conftest.$ac_ext
5918cat >>conftest.$ac_ext <<_ACEOF
5919/* end confdefs.h. */
5920$ac_includes_default
5921#include <$ac_header>
5922_ACEOF
5923rm -f conftest.$ac_objext
5924if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
5925 (eval $ac_compile) 2>conftest.er1
5926 ac_status=$?
5927 grep -v '^ *+' conftest.er1 >conftest.err
5928 rm -f conftest.er1
5929 cat conftest.err >&5
5930 echo "$as_me:$LINENO: \$? = $ac_status" >&5
5931 (exit $ac_status); } &&
5932 { ac_try='test -z "$ac_c_werror_flag"
5933 || test ! -s conftest.err'
5934 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
5935 (eval $ac_try) 2>&5
5936 ac_status=$?
5937 echo "$as_me:$LINENO: \$? = $ac_status" >&5
5938 (exit $ac_status); }; } &&
5939 { ac_try='test -s conftest.$ac_objext'
5940 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
5941 (eval $ac_try) 2>&5
5942 ac_status=$?
5943 echo "$as_me:$LINENO: \$? = $ac_status" >&5
5944 (exit $ac_status); }; }; then
5945 ac_header_compiler=yes
5946else
5947 echo "$as_me: failed program was:" >&5
5948sed 's/^/| /' conftest.$ac_ext >&5
5949
5950ac_header_compiler=no
5951fi
5952rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
5953echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
5954echo "${ECHO_T}$ac_header_compiler" >&6
5955
5956# Is the header present?
5957echo "$as_me:$LINENO: checking $ac_header presence" >&5
5958echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
5959cat >conftest.$ac_ext <<_ACEOF
5960/* confdefs.h. */
5961_ACEOF
5962cat confdefs.h >>conftest.$ac_ext
5963cat >>conftest.$ac_ext <<_ACEOF
5964/* end confdefs.h. */
5965#include <$ac_header>
5966_ACEOF
5967if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
5968 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
5969 ac_status=$?
5970 grep -v '^ *+' conftest.er1 >conftest.err
5971 rm -f conftest.er1
5972 cat conftest.err >&5
5973 echo "$as_me:$LINENO: \$? = $ac_status" >&5
5974 (exit $ac_status); } >/dev/null; then
5975 if test -s conftest.err; then
5976 ac_cpp_err=$ac_c_preproc_warn_flag
5977 ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
5978 else
5979 ac_cpp_err=
5980 fi
5981else
5982 ac_cpp_err=yes
5983fi
5984if test -z "$ac_cpp_err"; then
5985 ac_header_preproc=yes
5986else
5987 echo "$as_me: failed program was:" >&5
5988sed 's/^/| /' conftest.$ac_ext >&5
5989
5990 ac_header_preproc=no
5991fi
5992rm -f conftest.err conftest.$ac_ext
5993echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
5994echo "${ECHO_T}$ac_header_preproc" >&6
5995
5996# So? What about this header?
5997case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
5998 yes:no: )
5999 { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
6000echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
6001 { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
6002echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
6003 ac_header_preproc=yes
6004 ;;
6005 no:yes:* )
6006 { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
6007echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
6008 { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
6009echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
6010 { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
6011echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
6012 { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
6013echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
6014 { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
6015echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
6016 { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
6017echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
6018 (
6019 cat <<\_ASBOX
6020## ------------------------------------------- ##
6021## Report this to openssh-unix-dev@mindrot.org ##
6022## ------------------------------------------- ##
6023_ASBOX
6024 ) |
6025 sed "s/^/$as_me: WARNING: /" >&2
6026 ;;
6027esac
6028echo "$as_me:$LINENO: checking for $ac_header" >&5
6029echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
6030if eval "test \"\${$as_ac_Header+set}\" = set"; then
6031 echo $ECHO_N "(cached) $ECHO_C" >&6
6032else
6033 eval "$as_ac_Header=\$ac_header_preproc"
6034fi
6035echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
6036echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
6037
6038fi
6039if test `eval echo '${'$as_ac_Header'}'` = yes; then
6040 cat >>confdefs.h <<_ACEOF
6041#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
6042_ACEOF
6043
6044fi
6045
6046done
6047
6048 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
6049
6050cat >>confdefs.h <<\_ACEOF
6051#define SSH_TUN_LINUX 1
6052_ACEOF
6053
6054
6055cat >>confdefs.h <<\_ACEOF
6056#define SSH_TUN_COMPAT_AF 1
6057_ACEOF
6058
6059
6060cat >>confdefs.h <<\_ACEOF
6061#define SSH_TUN_PREPEND_AF 1
6062_ACEOF
6063
6064 fi
5694 ;; 6065 ;;
5695mips-sony-bsd|mips-sony-newsos4) 6066mips-sony-bsd|mips-sony-newsos4)
5696 6067
5697cat >>confdefs.h <<\_ACEOF 6068cat >>confdefs.h <<\_ACEOF
5698#define NEED_SETPRGP 6069#define NEED_SETPGRP 1
5699_ACEOF 6070_ACEOF
5700 6071
5701 SONY=1 6072 SONY=1
@@ -5705,9 +6076,325 @@ _ACEOF
5705 if test "x$withval" != "xno" ; then 6076 if test "x$withval" != "xno" ; then
5706 need_dash_r=1 6077 need_dash_r=1
5707 fi 6078 fi
6079
6080cat >>confdefs.h <<\_ACEOF
6081#define SSH_TUN_FREEBSD 1
6082_ACEOF
6083
6084 if test "${ac_cv_header_net_if_tap_h+set}" = set; then
6085 echo "$as_me:$LINENO: checking for net/if_tap.h" >&5
6086echo $ECHO_N "checking for net/if_tap.h... $ECHO_C" >&6
6087if test "${ac_cv_header_net_if_tap_h+set}" = set; then
6088 echo $ECHO_N "(cached) $ECHO_C" >&6
6089fi
6090echo "$as_me:$LINENO: result: $ac_cv_header_net_if_tap_h" >&5
6091echo "${ECHO_T}$ac_cv_header_net_if_tap_h" >&6
6092else
6093 # Is the header compilable?
6094echo "$as_me:$LINENO: checking net/if_tap.h usability" >&5
6095echo $ECHO_N "checking net/if_tap.h usability... $ECHO_C" >&6
6096cat >conftest.$ac_ext <<_ACEOF
6097/* confdefs.h. */
6098_ACEOF
6099cat confdefs.h >>conftest.$ac_ext
6100cat >>conftest.$ac_ext <<_ACEOF
6101/* end confdefs.h. */
6102$ac_includes_default
6103#include <net/if_tap.h>
6104_ACEOF
6105rm -f conftest.$ac_objext
6106if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
6107 (eval $ac_compile) 2>conftest.er1
6108 ac_status=$?
6109 grep -v '^ *+' conftest.er1 >conftest.err
6110 rm -f conftest.er1
6111 cat conftest.err >&5
6112 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6113 (exit $ac_status); } &&
6114 { ac_try='test -z "$ac_c_werror_flag"
6115 || test ! -s conftest.err'
6116 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
6117 (eval $ac_try) 2>&5
6118 ac_status=$?
6119 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6120 (exit $ac_status); }; } &&
6121 { ac_try='test -s conftest.$ac_objext'
6122 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
6123 (eval $ac_try) 2>&5
6124 ac_status=$?
6125 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6126 (exit $ac_status); }; }; then
6127 ac_header_compiler=yes
6128else
6129 echo "$as_me: failed program was:" >&5
6130sed 's/^/| /' conftest.$ac_ext >&5
6131
6132ac_header_compiler=no
6133fi
6134rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
6135echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
6136echo "${ECHO_T}$ac_header_compiler" >&6
6137
6138# Is the header present?
6139echo "$as_me:$LINENO: checking net/if_tap.h presence" >&5
6140echo $ECHO_N "checking net/if_tap.h presence... $ECHO_C" >&6
6141cat >conftest.$ac_ext <<_ACEOF
6142/* confdefs.h. */
6143_ACEOF
6144cat confdefs.h >>conftest.$ac_ext
6145cat >>conftest.$ac_ext <<_ACEOF
6146/* end confdefs.h. */
6147#include <net/if_tap.h>
6148_ACEOF
6149if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
6150 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
6151 ac_status=$?
6152 grep -v '^ *+' conftest.er1 >conftest.err
6153 rm -f conftest.er1
6154 cat conftest.err >&5
6155 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6156 (exit $ac_status); } >/dev/null; then
6157 if test -s conftest.err; then
6158 ac_cpp_err=$ac_c_preproc_warn_flag
6159 ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
6160 else
6161 ac_cpp_err=
6162 fi
6163else
6164 ac_cpp_err=yes
6165fi
6166if test -z "$ac_cpp_err"; then
6167 ac_header_preproc=yes
6168else
6169 echo "$as_me: failed program was:" >&5
6170sed 's/^/| /' conftest.$ac_ext >&5
6171
6172 ac_header_preproc=no
6173fi
6174rm -f conftest.err conftest.$ac_ext
6175echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
6176echo "${ECHO_T}$ac_header_preproc" >&6
6177
6178# So? What about this header?
6179case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
6180 yes:no: )
6181 { echo "$as_me:$LINENO: WARNING: net/if_tap.h: accepted by the compiler, rejected by the preprocessor!" >&5
6182echo "$as_me: WARNING: net/if_tap.h: accepted by the compiler, rejected by the preprocessor!" >&2;}
6183 { echo "$as_me:$LINENO: WARNING: net/if_tap.h: proceeding with the compiler's result" >&5
6184echo "$as_me: WARNING: net/if_tap.h: proceeding with the compiler's result" >&2;}
6185 ac_header_preproc=yes
6186 ;;
6187 no:yes:* )
6188 { echo "$as_me:$LINENO: WARNING: net/if_tap.h: present but cannot be compiled" >&5
6189echo "$as_me: WARNING: net/if_tap.h: present but cannot be compiled" >&2;}
6190 { echo "$as_me:$LINENO: WARNING: net/if_tap.h: check for missing prerequisite headers?" >&5
6191echo "$as_me: WARNING: net/if_tap.h: check for missing prerequisite headers?" >&2;}
6192 { echo "$as_me:$LINENO: WARNING: net/if_tap.h: see the Autoconf documentation" >&5
6193echo "$as_me: WARNING: net/if_tap.h: see the Autoconf documentation" >&2;}
6194 { echo "$as_me:$LINENO: WARNING: net/if_tap.h: section \"Present But Cannot Be Compiled\"" >&5
6195echo "$as_me: WARNING: net/if_tap.h: section \"Present But Cannot Be Compiled\"" >&2;}
6196 { echo "$as_me:$LINENO: WARNING: net/if_tap.h: proceeding with the preprocessor's result" >&5
6197echo "$as_me: WARNING: net/if_tap.h: proceeding with the preprocessor's result" >&2;}
6198 { echo "$as_me:$LINENO: WARNING: net/if_tap.h: in the future, the compiler will take precedence" >&5
6199echo "$as_me: WARNING: net/if_tap.h: in the future, the compiler will take precedence" >&2;}
6200 (
6201 cat <<\_ASBOX
6202## ------------------------------------------- ##
6203## Report this to openssh-unix-dev@mindrot.org ##
6204## ------------------------------------------- ##
6205_ASBOX
6206 ) |
6207 sed "s/^/$as_me: WARNING: /" >&2
6208 ;;
6209esac
6210echo "$as_me:$LINENO: checking for net/if_tap.h" >&5
6211echo $ECHO_N "checking for net/if_tap.h... $ECHO_C" >&6
6212if test "${ac_cv_header_net_if_tap_h+set}" = set; then
6213 echo $ECHO_N "(cached) $ECHO_C" >&6
6214else
6215 ac_cv_header_net_if_tap_h=$ac_header_preproc
6216fi
6217echo "$as_me:$LINENO: result: $ac_cv_header_net_if_tap_h" >&5
6218echo "${ECHO_T}$ac_cv_header_net_if_tap_h" >&6
6219
6220fi
6221if test $ac_cv_header_net_if_tap_h = yes; then
6222 :
6223else
6224
6225cat >>confdefs.h <<\_ACEOF
6226#define SSH_TUN_NO_L2 1
6227_ACEOF
6228
6229fi
6230
6231
6232
6233cat >>confdefs.h <<\_ACEOF
6234#define SSH_TUN_PREPEND_AF 1
6235_ACEOF
6236
5708 ;; 6237 ;;
5709*-*-freebsd*) 6238*-*-freebsd*)
5710 check_for_libcrypt_later=1 6239 check_for_libcrypt_later=1
6240
6241cat >>confdefs.h <<\_ACEOF
6242#define LOCKED_PASSWD_PREFIX "*LOCKED*"
6243_ACEOF
6244
6245
6246cat >>confdefs.h <<\_ACEOF
6247#define SSH_TUN_FREEBSD 1
6248_ACEOF
6249
6250 if test "${ac_cv_header_net_if_tap_h+set}" = set; then
6251 echo "$as_me:$LINENO: checking for net/if_tap.h" >&5
6252echo $ECHO_N "checking for net/if_tap.h... $ECHO_C" >&6
6253if test "${ac_cv_header_net_if_tap_h+set}" = set; then
6254 echo $ECHO_N "(cached) $ECHO_C" >&6
6255fi
6256echo "$as_me:$LINENO: result: $ac_cv_header_net_if_tap_h" >&5
6257echo "${ECHO_T}$ac_cv_header_net_if_tap_h" >&6
6258else
6259 # Is the header compilable?
6260echo "$as_me:$LINENO: checking net/if_tap.h usability" >&5
6261echo $ECHO_N "checking net/if_tap.h usability... $ECHO_C" >&6
6262cat >conftest.$ac_ext <<_ACEOF
6263/* confdefs.h. */
6264_ACEOF
6265cat confdefs.h >>conftest.$ac_ext
6266cat >>conftest.$ac_ext <<_ACEOF
6267/* end confdefs.h. */
6268$ac_includes_default
6269#include <net/if_tap.h>
6270_ACEOF
6271rm -f conftest.$ac_objext
6272if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
6273 (eval $ac_compile) 2>conftest.er1
6274 ac_status=$?
6275 grep -v '^ *+' conftest.er1 >conftest.err
6276 rm -f conftest.er1
6277 cat conftest.err >&5
6278 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6279 (exit $ac_status); } &&
6280 { ac_try='test -z "$ac_c_werror_flag"
6281 || test ! -s conftest.err'
6282 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
6283 (eval $ac_try) 2>&5
6284 ac_status=$?
6285 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6286 (exit $ac_status); }; } &&
6287 { ac_try='test -s conftest.$ac_objext'
6288 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
6289 (eval $ac_try) 2>&5
6290 ac_status=$?
6291 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6292 (exit $ac_status); }; }; then
6293 ac_header_compiler=yes
6294else
6295 echo "$as_me: failed program was:" >&5
6296sed 's/^/| /' conftest.$ac_ext >&5
6297
6298ac_header_compiler=no
6299fi
6300rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
6301echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
6302echo "${ECHO_T}$ac_header_compiler" >&6
6303
6304# Is the header present?
6305echo "$as_me:$LINENO: checking net/if_tap.h presence" >&5
6306echo $ECHO_N "checking net/if_tap.h presence... $ECHO_C" >&6
6307cat >conftest.$ac_ext <<_ACEOF
6308/* confdefs.h. */
6309_ACEOF
6310cat confdefs.h >>conftest.$ac_ext
6311cat >>conftest.$ac_ext <<_ACEOF
6312/* end confdefs.h. */
6313#include <net/if_tap.h>
6314_ACEOF
6315if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
6316 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
6317 ac_status=$?
6318 grep -v '^ *+' conftest.er1 >conftest.err
6319 rm -f conftest.er1
6320 cat conftest.err >&5
6321 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6322 (exit $ac_status); } >/dev/null; then
6323 if test -s conftest.err; then
6324 ac_cpp_err=$ac_c_preproc_warn_flag
6325 ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
6326 else
6327 ac_cpp_err=
6328 fi
6329else
6330 ac_cpp_err=yes
6331fi
6332if test -z "$ac_cpp_err"; then
6333 ac_header_preproc=yes
6334else
6335 echo "$as_me: failed program was:" >&5
6336sed 's/^/| /' conftest.$ac_ext >&5
6337
6338 ac_header_preproc=no
6339fi
6340rm -f conftest.err conftest.$ac_ext
6341echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
6342echo "${ECHO_T}$ac_header_preproc" >&6
6343
6344# So? What about this header?
6345case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
6346 yes:no: )
6347 { echo "$as_me:$LINENO: WARNING: net/if_tap.h: accepted by the compiler, rejected by the preprocessor!" >&5
6348echo "$as_me: WARNING: net/if_tap.h: accepted by the compiler, rejected by the preprocessor!" >&2;}
6349 { echo "$as_me:$LINENO: WARNING: net/if_tap.h: proceeding with the compiler's result" >&5
6350echo "$as_me: WARNING: net/if_tap.h: proceeding with the compiler's result" >&2;}
6351 ac_header_preproc=yes
6352 ;;
6353 no:yes:* )
6354 { echo "$as_me:$LINENO: WARNING: net/if_tap.h: present but cannot be compiled" >&5
6355echo "$as_me: WARNING: net/if_tap.h: present but cannot be compiled" >&2;}
6356 { echo "$as_me:$LINENO: WARNING: net/if_tap.h: check for missing prerequisite headers?" >&5
6357echo "$as_me: WARNING: net/if_tap.h: check for missing prerequisite headers?" >&2;}
6358 { echo "$as_me:$LINENO: WARNING: net/if_tap.h: see the Autoconf documentation" >&5
6359echo "$as_me: WARNING: net/if_tap.h: see the Autoconf documentation" >&2;}
6360 { echo "$as_me:$LINENO: WARNING: net/if_tap.h: section \"Present But Cannot Be Compiled\"" >&5
6361echo "$as_me: WARNING: net/if_tap.h: section \"Present But Cannot Be Compiled\"" >&2;}
6362 { echo "$as_me:$LINENO: WARNING: net/if_tap.h: proceeding with the preprocessor's result" >&5
6363echo "$as_me: WARNING: net/if_tap.h: proceeding with the preprocessor's result" >&2;}
6364 { echo "$as_me:$LINENO: WARNING: net/if_tap.h: in the future, the compiler will take precedence" >&5
6365echo "$as_me: WARNING: net/if_tap.h: in the future, the compiler will take precedence" >&2;}
6366 (
6367 cat <<\_ASBOX
6368## ------------------------------------------- ##
6369## Report this to openssh-unix-dev@mindrot.org ##
6370## ------------------------------------------- ##
6371_ASBOX
6372 ) |
6373 sed "s/^/$as_me: WARNING: /" >&2
6374 ;;
6375esac
6376echo "$as_me:$LINENO: checking for net/if_tap.h" >&5
6377echo $ECHO_N "checking for net/if_tap.h... $ECHO_C" >&6
6378if test "${ac_cv_header_net_if_tap_h+set}" = set; then
6379 echo $ECHO_N "(cached) $ECHO_C" >&6
6380else
6381 ac_cv_header_net_if_tap_h=$ac_header_preproc
6382fi
6383echo "$as_me:$LINENO: result: $ac_cv_header_net_if_tap_h" >&5
6384echo "${ECHO_T}$ac_cv_header_net_if_tap_h" >&6
6385
6386fi
6387if test $ac_cv_header_net_if_tap_h = yes; then
6388 :
6389else
6390
6391cat >>confdefs.h <<\_ACEOF
6392#define SSH_TUN_NO_L2 1
6393_ACEOF
6394
6395fi
6396
6397
5711 ;; 6398 ;;
5712*-*-bsdi*) 6399*-*-bsdi*)
5713 cat >>confdefs.h <<\_ACEOF 6400 cat >>confdefs.h <<\_ACEOF
@@ -5728,7 +6415,8 @@ _ACEOF
5728 conf_utmp_location=/etc/utmp 6415 conf_utmp_location=/etc/utmp
5729 conf_wtmp_location=/usr/adm/wtmp 6416 conf_wtmp_location=/usr/adm/wtmp
5730 MAIL=/usr/spool/mail 6417 MAIL=/usr/spool/mail
5731 cat >>confdefs.h <<\_ACEOF 6418
6419cat >>confdefs.h <<\_ACEOF
5732#define HAVE_NEXT 1 6420#define HAVE_NEXT 1
5733_ACEOF 6421_ACEOF
5734 6422
@@ -5740,7 +6428,8 @@ _ACEOF
5740#define USE_PIPES 1 6428#define USE_PIPES 1
5741_ACEOF 6429_ACEOF
5742 6430
5743 cat >>confdefs.h <<\_ACEOF 6431
6432cat >>confdefs.h <<\_ACEOF
5744#define BROKEN_SAVED_UIDS 1 6433#define BROKEN_SAVED_UIDS 1
5745_ACEOF 6434_ACEOF
5746 6435
@@ -5751,6 +6440,16 @@ cat >>confdefs.h <<\_ACEOF
5751#define HAVE_ATTRIBUTE__SENTINEL__ 1 6440#define HAVE_ATTRIBUTE__SENTINEL__ 1
5752_ACEOF 6441_ACEOF
5753 6442
6443
6444cat >>confdefs.h <<\_ACEOF
6445#define HAVE_ATTRIBUTE__BOUNDED__ 1
6446_ACEOF
6447
6448
6449cat >>confdefs.h <<\_ACEOF
6450#define SSH_TUN_OPENBSD 1
6451_ACEOF
6452
5754 ;; 6453 ;;
5755*-*-solaris*) 6454*-*-solaris*)
5756 if test "x$withval" != "xno" ; then 6455 if test "x$withval" != "xno" ; then
@@ -5764,7 +6463,8 @@ _ACEOF
5764#define LOGIN_NEEDS_UTMPX 1 6463#define LOGIN_NEEDS_UTMPX 1
5765_ACEOF 6464_ACEOF
5766 6465
5767 cat >>confdefs.h <<\_ACEOF 6466
6467cat >>confdefs.h <<\_ACEOF
5768#define LOGIN_NEEDS_TERM 1 6468#define LOGIN_NEEDS_TERM 1
5769_ACEOF 6469_ACEOF
5770 6470
@@ -5772,7 +6472,8 @@ _ACEOF
5772#define PAM_TTY_KLUDGE 1 6472#define PAM_TTY_KLUDGE 1
5773_ACEOF 6473_ACEOF
5774 6474
5775 cat >>confdefs.h <<\_ACEOF 6475
6476cat >>confdefs.h <<\_ACEOF
5776#define SSHPAM_CHAUTHTOK_NEEDS_RUID 1 6477#define SSHPAM_CHAUTHTOK_NEEDS_RUID 1
5777_ACEOF 6478_ACEOF
5778 6479
@@ -5781,7 +6482,8 @@ _ACEOF
5781_ACEOF 6482_ACEOF
5782 6483
5783 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 6484 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
5784 cat >>confdefs.h <<\_ACEOF 6485
6486cat >>confdefs.h <<\_ACEOF
5785#define SSHD_ACQUIRES_CTTY 1 6487#define SSHD_ACQUIRES_CTTY 1
5786_ACEOF 6488_ACEOF
5787 6489
@@ -5798,7 +6500,8 @@ echo "${ECHO_T}yes" >&6
5798#define DISABLE_UTMP 1 6500#define DISABLE_UTMP 1
5799_ACEOF 6501_ACEOF
5800 6502
5801 cat >>confdefs.h <<\_ACEOF 6503
6504cat >>confdefs.h <<\_ACEOF
5802#define DISABLE_WTMP 1 6505#define DISABLE_WTMP 1
5803_ACEOF 6506_ACEOF
5804 6507
@@ -6022,14 +6725,14 @@ _ACEOF
6022 6725
6023fi 6726fi
6024 6727
6025 # -lresolv needs to be at then end of LIBS or DNS lookups break 6728 # -lresolv needs to be at the end of LIBS or DNS lookups break
6026 echo "$as_me:$LINENO: checking for resolv in -lres_query" >&5 6729 echo "$as_me:$LINENO: checking for res_query in -lresolv" >&5
6027echo $ECHO_N "checking for resolv in -lres_query... $ECHO_C" >&6 6730echo $ECHO_N "checking for res_query in -lresolv... $ECHO_C" >&6
6028if test "${ac_cv_lib_res_query_resolv+set}" = set; then 6731if test "${ac_cv_lib_resolv_res_query+set}" = set; then
6029 echo $ECHO_N "(cached) $ECHO_C" >&6 6732 echo $ECHO_N "(cached) $ECHO_C" >&6
6030else 6733else
6031 ac_check_lib_save_LIBS=$LIBS 6734 ac_check_lib_save_LIBS=$LIBS
6032LIBS="-lres_query $LIBS" 6735LIBS="-lresolv $LIBS"
6033cat >conftest.$ac_ext <<_ACEOF 6736cat >conftest.$ac_ext <<_ACEOF
6034/* confdefs.h. */ 6737/* confdefs.h. */
6035_ACEOF 6738_ACEOF
@@ -6043,11 +6746,11 @@ extern "C"
6043#endif 6746#endif
6044/* We use char because int might match the return type of a gcc2 6747/* We use char because int might match the return type of a gcc2
6045 builtin and then its argument prototype would still apply. */ 6748 builtin and then its argument prototype would still apply. */
6046char resolv (); 6749char res_query ();
6047int 6750int
6048main () 6751main ()
6049{ 6752{
6050resolv (); 6753res_query ();
6051 ; 6754 ;
6052 return 0; 6755 return 0;
6053} 6756}
@@ -6074,20 +6777,20 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
6074 ac_status=$? 6777 ac_status=$?
6075 echo "$as_me:$LINENO: \$? = $ac_status" >&5 6778 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6076 (exit $ac_status); }; }; then 6779 (exit $ac_status); }; }; then
6077 ac_cv_lib_res_query_resolv=yes 6780 ac_cv_lib_resolv_res_query=yes
6078else 6781else
6079 echo "$as_me: failed program was:" >&5 6782 echo "$as_me: failed program was:" >&5
6080sed 's/^/| /' conftest.$ac_ext >&5 6783sed 's/^/| /' conftest.$ac_ext >&5
6081 6784
6082ac_cv_lib_res_query_resolv=no 6785ac_cv_lib_resolv_res_query=no
6083fi 6786fi
6084rm -f conftest.err conftest.$ac_objext \ 6787rm -f conftest.err conftest.$ac_objext \
6085 conftest$ac_exeext conftest.$ac_ext 6788 conftest$ac_exeext conftest.$ac_ext
6086LIBS=$ac_check_lib_save_LIBS 6789LIBS=$ac_check_lib_save_LIBS
6087fi 6790fi
6088echo "$as_me:$LINENO: result: $ac_cv_lib_res_query_resolv" >&5 6791echo "$as_me:$LINENO: result: $ac_cv_lib_resolv_res_query" >&5
6089echo "${ECHO_T}$ac_cv_lib_res_query_resolv" >&6 6792echo "${ECHO_T}$ac_cv_lib_resolv_res_query" >&6
6090if test $ac_cv_lib_res_query_resolv = yes; then 6793if test $ac_cv_lib_resolv_res_query = yes; then
6091 LIBS="$LIBS -lresolv" 6794 LIBS="$LIBS -lresolv"
6092fi 6795fi
6093 6796
@@ -6123,6 +6826,7 @@ _ACEOF
6123 ;; 6826 ;;
6124# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 6827# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
6125*-*-sysv4.2*) 6828*-*-sysv4.2*)
6829 CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
6126 cat >>confdefs.h <<\_ACEOF 6830 cat >>confdefs.h <<\_ACEOF
6127#define USE_PIPES 1 6831#define USE_PIPES 1
6128_ACEOF 6832_ACEOF
@@ -6144,6 +6848,10 @@ cat >>confdefs.h <<\_ACEOF
6144#define PASSWD_NEEDS_USERNAME 1 6848#define PASSWD_NEEDS_USERNAME 1
6145_ACEOF 6849_ACEOF
6146 6850
6851 cat >>confdefs.h <<\_ACEOF
6852#define LOCKED_PASSWD_STRING "*LK*"
6853_ACEOF
6854
6147 ;; 6855 ;;
6148# UnixWare 7.x, OpenUNIX 8 6856# UnixWare 7.x, OpenUNIX 8
6149*-*-sysv5*) 6857*-*-sysv5*)
@@ -6169,8 +6877,7 @@ _ACEOF
6169#define BROKEN_SETREGID 1 6877#define BROKEN_SETREGID 1
6170_ACEOF 6878_ACEOF
6171 6879
6172 6880 cat >>confdefs.h <<\_ACEOF
6173cat >>confdefs.h <<\_ACEOF
6174#define PASSWD_NEEDS_USERNAME 1 6881#define PASSWD_NEEDS_USERNAME 1
6175_ACEOF 6882_ACEOF
6176 6883
@@ -6183,6 +6890,11 @@ cat >>confdefs.h <<\_ACEOF
6183_ACEOF 6890_ACEOF
6184 6891
6185 ;; 6892 ;;
6893 *) cat >>confdefs.h <<\_ACEOF
6894#define LOCKED_PASSWD_STRING "*LK*"
6895_ACEOF
6896
6897 ;;
6186 esac 6898 esac
6187 ;; 6899 ;;
6188*-*-sysv*) 6900*-*-sysv*)
@@ -6236,8 +6948,7 @@ _ACEOF
6236#define BROKEN_UPDWTMPX 1 6948#define BROKEN_UPDWTMPX 1
6237_ACEOF 6949_ACEOF
6238 6950
6239 6951 cat >>confdefs.h <<\_ACEOF
6240cat >>confdefs.h <<\_ACEOF
6241#define PASSWD_NEEDS_USERNAME 1 6952#define PASSWD_NEEDS_USERNAME 1
6242_ACEOF 6953_ACEOF
6243 6954
@@ -6348,7 +7059,8 @@ done
6348 TEST_SHELL=ksh 7059 TEST_SHELL=ksh
6349 ;; 7060 ;;
6350*-*-unicosmk*) 7061*-*-unicosmk*)
6351 cat >>confdefs.h <<\_ACEOF 7062
7063cat >>confdefs.h <<\_ACEOF
6352#define NO_SSH_LASTLOG 1 7064#define NO_SSH_LASTLOG 1
6353_ACEOF 7065_ACEOF
6354 7066
@@ -6454,11 +7166,13 @@ fi;
6454 if test -f /etc/sia/matrix.conf; then 7166 if test -f /etc/sia/matrix.conf; then
6455 echo "$as_me:$LINENO: result: yes" >&5 7167 echo "$as_me:$LINENO: result: yes" >&5
6456echo "${ECHO_T}yes" >&6 7168echo "${ECHO_T}yes" >&6
6457 cat >>confdefs.h <<\_ACEOF 7169
7170cat >>confdefs.h <<\_ACEOF
6458#define HAVE_OSF_SIA 1 7171#define HAVE_OSF_SIA 1
6459_ACEOF 7172_ACEOF
6460 7173
6461 cat >>confdefs.h <<\_ACEOF 7174
7175cat >>confdefs.h <<\_ACEOF
6462#define DISABLE_LOGIN 1 7176#define DISABLE_LOGIN 1
6463_ACEOF 7177_ACEOF
6464 7178
@@ -6470,7 +7184,8 @@ _ACEOF
6470 else 7184 else
6471 echo "$as_me:$LINENO: result: no" >&5 7185 echo "$as_me:$LINENO: result: no" >&5
6472echo "${ECHO_T}no" >&6 7186echo "${ECHO_T}no" >&6
6473 cat >>confdefs.h <<\_ACEOF 7187
7188cat >>confdefs.h <<\_ACEOF
6474#define LOCKED_PASSWD_SUBSTR "Nologin" 7189#define LOCKED_PASSWD_SUBSTR "Nologin"
6475_ACEOF 7190_ACEOF
6476 7191
@@ -6494,7 +7209,7 @@ _ACEOF
6494 7209
6495 ;; 7210 ;;
6496 7211
6497*-*-nto-qnx) 7212*-*-nto-qnx*)
6498 cat >>confdefs.h <<\_ACEOF 7213 cat >>confdefs.h <<\_ACEOF
6499#define USE_PIPES 1 7214#define USE_PIPES 1
6500_ACEOF 7215_ACEOF
@@ -6503,34 +7218,40 @@ _ACEOF
6503#define NO_X11_UNIX_SOCKETS 1 7218#define NO_X11_UNIX_SOCKETS 1
6504_ACEOF 7219_ACEOF
6505 7220
6506 cat >>confdefs.h <<\_ACEOF 7221
7222cat >>confdefs.h <<\_ACEOF
6507#define MISSING_NFDBITS 1 7223#define MISSING_NFDBITS 1
6508_ACEOF 7224_ACEOF
6509 7225
6510 cat >>confdefs.h <<\_ACEOF 7226
7227cat >>confdefs.h <<\_ACEOF
6511#define MISSING_HOWMANY 1 7228#define MISSING_HOWMANY 1
6512_ACEOF 7229_ACEOF
6513 7230
6514 cat >>confdefs.h <<\_ACEOF 7231
7232cat >>confdefs.h <<\_ACEOF
6515#define MISSING_FD_MASK 1 7233#define MISSING_FD_MASK 1
6516_ACEOF 7234_ACEOF
6517 7235
7236 cat >>confdefs.h <<\_ACEOF
7237#define DISABLE_LASTLOG 1
7238_ACEOF
7239
6518 ;; 7240 ;;
6519 7241
6520*-*-ultrix*) 7242*-*-ultrix*)
6521 7243
6522cat >>confdefs.h <<\_ACEOF 7244cat >>confdefs.h <<\_ACEOF
6523#define BROKEN_GETGROUPS 7245#define BROKEN_GETGROUPS 1
6524_ACEOF 7246_ACEOF
6525 7247
6526 7248
6527cat >>confdefs.h <<\_ACEOF 7249cat >>confdefs.h <<\_ACEOF
6528#define BROKEN_MMAP 7250#define BROKEN_MMAP 1
6529_ACEOF 7251_ACEOF
6530 7252
6531 7253 cat >>confdefs.h <<\_ACEOF
6532cat >>confdefs.h <<\_ACEOF 7254#define NEED_SETPGRP 1
6533#define NEED_SETPRGP
6534_ACEOF 7255_ACEOF
6535 7256
6536 7257
@@ -6542,7 +7263,7 @@ _ACEOF
6542 7263
6543*-*-lynxos) 7264*-*-lynxos)
6544 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 7265 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
6545 cat >>confdefs.h <<\_ACEOF 7266 cat >>confdefs.h <<\_ACEOF
6546#define MISSING_HOWMANY 1 7267#define MISSING_HOWMANY 1
6547_ACEOF 7268_ACEOF
6548 7269
@@ -6610,7 +7331,7 @@ if test "${with_Werror+set}" = set; then
6610 7331
6611 if test -n "$withval" && test "x$withval" != "xno"; then 7332 if test -n "$withval" && test "x$withval" != "xno"; then
6612 werror_flags="-Werror" 7333 werror_flags="-Werror"
6613 if "x${withval}" != "xyes"; then 7334 if test "x${withval}" != "xyes"; then
6614 werror_flags="$withval" 7335 werror_flags="$withval"
6615 fi 7336 fi
6616 fi 7337 fi
@@ -6667,262 +7388,6 @@ rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftes
6667fi 7388fi
6668 7389
6669 7390
6670echo "$as_me:$LINENO: checking for egrep" >&5
6671echo $ECHO_N "checking for egrep... $ECHO_C" >&6
6672if test "${ac_cv_prog_egrep+set}" = set; then
6673 echo $ECHO_N "(cached) $ECHO_C" >&6
6674else
6675 if echo a | (grep -E '(a|b)') >/dev/null 2>&1
6676 then ac_cv_prog_egrep='grep -E'
6677 else ac_cv_prog_egrep='egrep'
6678 fi
6679fi
6680echo "$as_me:$LINENO: result: $ac_cv_prog_egrep" >&5
6681echo "${ECHO_T}$ac_cv_prog_egrep" >&6
6682 EGREP=$ac_cv_prog_egrep
6683
6684
6685echo "$as_me:$LINENO: checking for ANSI C header files" >&5
6686echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6
6687if test "${ac_cv_header_stdc+set}" = set; then
6688 echo $ECHO_N "(cached) $ECHO_C" >&6
6689else
6690 cat >conftest.$ac_ext <<_ACEOF
6691/* confdefs.h. */
6692_ACEOF
6693cat confdefs.h >>conftest.$ac_ext
6694cat >>conftest.$ac_ext <<_ACEOF
6695/* end confdefs.h. */
6696#include <stdlib.h>
6697#include <stdarg.h>
6698#include <string.h>
6699#include <float.h>
6700
6701int
6702main ()
6703{
6704
6705 ;
6706 return 0;
6707}
6708_ACEOF
6709rm -f conftest.$ac_objext
6710if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
6711 (eval $ac_compile) 2>conftest.er1
6712 ac_status=$?
6713 grep -v '^ *+' conftest.er1 >conftest.err
6714 rm -f conftest.er1
6715 cat conftest.err >&5
6716 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6717 (exit $ac_status); } &&
6718 { ac_try='test -z "$ac_c_werror_flag"
6719 || test ! -s conftest.err'
6720 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
6721 (eval $ac_try) 2>&5
6722 ac_status=$?
6723 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6724 (exit $ac_status); }; } &&
6725 { ac_try='test -s conftest.$ac_objext'
6726 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
6727 (eval $ac_try) 2>&5
6728 ac_status=$?
6729 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6730 (exit $ac_status); }; }; then
6731 ac_cv_header_stdc=yes
6732else
6733 echo "$as_me: failed program was:" >&5
6734sed 's/^/| /' conftest.$ac_ext >&5
6735
6736ac_cv_header_stdc=no
6737fi
6738rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
6739
6740if test $ac_cv_header_stdc = yes; then
6741 # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
6742 cat >conftest.$ac_ext <<_ACEOF
6743/* confdefs.h. */
6744_ACEOF
6745cat confdefs.h >>conftest.$ac_ext
6746cat >>conftest.$ac_ext <<_ACEOF
6747/* end confdefs.h. */
6748#include <string.h>
6749
6750_ACEOF
6751if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
6752 $EGREP "memchr" >/dev/null 2>&1; then
6753 :
6754else
6755 ac_cv_header_stdc=no
6756fi
6757rm -f conftest*
6758
6759fi
6760
6761if test $ac_cv_header_stdc = yes; then
6762 # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
6763 cat >conftest.$ac_ext <<_ACEOF
6764/* confdefs.h. */
6765_ACEOF
6766cat confdefs.h >>conftest.$ac_ext
6767cat >>conftest.$ac_ext <<_ACEOF
6768/* end confdefs.h. */
6769#include <stdlib.h>
6770
6771_ACEOF
6772if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
6773 $EGREP "free" >/dev/null 2>&1; then
6774 :
6775else
6776 ac_cv_header_stdc=no
6777fi
6778rm -f conftest*
6779
6780fi
6781
6782if test $ac_cv_header_stdc = yes; then
6783 # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
6784 if test "$cross_compiling" = yes; then
6785 :
6786else
6787 cat >conftest.$ac_ext <<_ACEOF
6788/* confdefs.h. */
6789_ACEOF
6790cat confdefs.h >>conftest.$ac_ext
6791cat >>conftest.$ac_ext <<_ACEOF
6792/* end confdefs.h. */
6793#include <ctype.h>
6794#if ((' ' & 0x0FF) == 0x020)
6795# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
6796# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
6797#else
6798# define ISLOWER(c) \
6799 (('a' <= (c) && (c) <= 'i') \
6800 || ('j' <= (c) && (c) <= 'r') \
6801 || ('s' <= (c) && (c) <= 'z'))
6802# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
6803#endif
6804
6805#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
6806int
6807main ()
6808{
6809 int i;
6810 for (i = 0; i < 256; i++)
6811 if (XOR (islower (i), ISLOWER (i))
6812 || toupper (i) != TOUPPER (i))
6813 exit(2);
6814 exit (0);
6815}
6816_ACEOF
6817rm -f conftest$ac_exeext
6818if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
6819 (eval $ac_link) 2>&5
6820 ac_status=$?
6821 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6822 (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
6823 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
6824 (eval $ac_try) 2>&5
6825 ac_status=$?
6826 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6827 (exit $ac_status); }; }; then
6828 :
6829else
6830 echo "$as_me: program exited with status $ac_status" >&5
6831echo "$as_me: failed program was:" >&5
6832sed 's/^/| /' conftest.$ac_ext >&5
6833
6834( exit $ac_status )
6835ac_cv_header_stdc=no
6836fi
6837rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
6838fi
6839fi
6840fi
6841echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5
6842echo "${ECHO_T}$ac_cv_header_stdc" >&6
6843if test $ac_cv_header_stdc = yes; then
6844
6845cat >>confdefs.h <<\_ACEOF
6846#define STDC_HEADERS 1
6847_ACEOF
6848
6849fi
6850
6851# On IRIX 5.3, sys/types and inttypes.h are conflicting.
6852
6853
6854
6855
6856
6857
6858
6859
6860
6861for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
6862 inttypes.h stdint.h unistd.h
6863do
6864as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
6865echo "$as_me:$LINENO: checking for $ac_header" >&5
6866echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
6867if eval "test \"\${$as_ac_Header+set}\" = set"; then
6868 echo $ECHO_N "(cached) $ECHO_C" >&6
6869else
6870 cat >conftest.$ac_ext <<_ACEOF
6871/* confdefs.h. */
6872_ACEOF
6873cat confdefs.h >>conftest.$ac_ext
6874cat >>conftest.$ac_ext <<_ACEOF
6875/* end confdefs.h. */
6876$ac_includes_default
6877
6878#include <$ac_header>
6879_ACEOF
6880rm -f conftest.$ac_objext
6881if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
6882 (eval $ac_compile) 2>conftest.er1
6883 ac_status=$?
6884 grep -v '^ *+' conftest.er1 >conftest.err
6885 rm -f conftest.er1
6886 cat conftest.err >&5
6887 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6888 (exit $ac_status); } &&
6889 { ac_try='test -z "$ac_c_werror_flag"
6890 || test ! -s conftest.err'
6891 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
6892 (eval $ac_try) 2>&5
6893 ac_status=$?
6894 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6895 (exit $ac_status); }; } &&
6896 { ac_try='test -s conftest.$ac_objext'
6897 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
6898 (eval $ac_try) 2>&5
6899 ac_status=$?
6900 echo "$as_me:$LINENO: \$? = $ac_status" >&5
6901 (exit $ac_status); }; }; then
6902 eval "$as_ac_Header=yes"
6903else
6904 echo "$as_me: failed program was:" >&5
6905sed 's/^/| /' conftest.$ac_ext >&5
6906
6907eval "$as_ac_Header=no"
6908fi
6909rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
6910fi
6911echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
6912echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
6913if test `eval echo '${'$as_ac_Header'}'` = yes; then
6914 cat >>confdefs.h <<_ACEOF
6915#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
6916_ACEOF
6917
6918fi
6919
6920done
6921
6922
6923
6924
6925
6926 7391
6927 7392
6928 7393
@@ -6989,7 +7454,6 @@ for ac_header in \
6989 glob.h \ 7454 glob.h \
6990 ia.h \ 7455 ia.h \
6991 iaf.h \ 7456 iaf.h \
6992 lastlog.h \
6993 limits.h \ 7457 limits.h \
6994 login.h \ 7458 login.h \
6995 login_cap.h \ 7459 login_cap.h \
@@ -6997,7 +7461,6 @@ for ac_header in \
6997 ndir.h \ 7461 ndir.h \
6998 netdb.h \ 7462 netdb.h \
6999 netgroup.h \ 7463 netgroup.h \
7000 netinet/in_systm.h \
7001 pam/pam_appl.h \ 7464 pam/pam_appl.h \
7002 paths.h \ 7465 paths.h \
7003 pty.h \ 7466 pty.h \
@@ -7187,6 +7650,73 @@ fi
7187done 7650done
7188 7651
7189 7652
7653# lastlog.h requires sys/time.h to be included first on Solaris
7654
7655for ac_header in lastlog.h
7656do
7657as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
7658echo "$as_me:$LINENO: checking for $ac_header" >&5
7659echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
7660if eval "test \"\${$as_ac_Header+set}\" = set"; then
7661 echo $ECHO_N "(cached) $ECHO_C" >&6
7662else
7663 cat >conftest.$ac_ext <<_ACEOF
7664/* confdefs.h. */
7665_ACEOF
7666cat confdefs.h >>conftest.$ac_ext
7667cat >>conftest.$ac_ext <<_ACEOF
7668/* end confdefs.h. */
7669
7670#ifdef HAVE_SYS_TIME_H
7671# include <sys/time.h>
7672#endif
7673
7674
7675#include <$ac_header>
7676_ACEOF
7677rm -f conftest.$ac_objext
7678if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
7679 (eval $ac_compile) 2>conftest.er1
7680 ac_status=$?
7681 grep -v '^ *+' conftest.er1 >conftest.err
7682 rm -f conftest.er1
7683 cat conftest.err >&5
7684 echo "$as_me:$LINENO: \$? = $ac_status" >&5
7685 (exit $ac_status); } &&
7686 { ac_try='test -z "$ac_c_werror_flag"
7687 || test ! -s conftest.err'
7688 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
7689 (eval $ac_try) 2>&5
7690 ac_status=$?
7691 echo "$as_me:$LINENO: \$? = $ac_status" >&5
7692 (exit $ac_status); }; } &&
7693 { ac_try='test -s conftest.$ac_objext'
7694 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
7695 (eval $ac_try) 2>&5
7696 ac_status=$?
7697 echo "$as_me:$LINENO: \$? = $ac_status" >&5
7698 (exit $ac_status); }; }; then
7699 eval "$as_ac_Header=yes"
7700else
7701 echo "$as_me: failed program was:" >&5
7702sed 's/^/| /' conftest.$ac_ext >&5
7703
7704eval "$as_ac_Header=no"
7705fi
7706rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
7707fi
7708echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
7709echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
7710if test `eval echo '${'$as_ac_Header'}'` = yes; then
7711 cat >>confdefs.h <<_ACEOF
7712#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
7713_ACEOF
7714
7715fi
7716
7717done
7718
7719
7190# sys/ptms.h requires sys/stream.h to be included first on Solaris 7720# sys/ptms.h requires sys/stream.h to be included first on Solaris
7191 7721
7192for ac_header in sys/ptms.h 7722for ac_header in sys/ptms.h
@@ -7919,11 +8449,7 @@ else
7919 save_LIBS="$LIBS" 8449 save_LIBS="$LIBS"
7920 LIBS="$LIBS -lgen" 8450 LIBS="$LIBS -lgen"
7921 if test "$cross_compiling" = yes; then 8451 if test "$cross_compiling" = yes; then
7922 { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling 8452 ac_cv_have_broken_dirname="no"
7923See \`config.log' for more details." >&5
7924echo "$as_me: error: cannot run test program while cross compiling
7925See \`config.log' for more details." >&2;}
7926 { (exit 1); exit 1; }; }
7927else 8453else
7928 cat >conftest.$ac_ext <<_ACEOF 8454 cat >conftest.$ac_ext <<_ACEOF
7929/* confdefs.h. */ 8455/* confdefs.h. */
@@ -7967,7 +8493,6 @@ sed 's/^/| /' conftest.$ac_ext >&5
7967 8493
7968( exit $ac_status ) 8494( exit $ac_status )
7969 ac_cv_have_broken_dirname="yes" 8495 ac_cv_have_broken_dirname="yes"
7970
7971fi 8496fi
7972rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext 8497rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
7973fi 8498fi
@@ -8427,7 +8952,8 @@ echo "$as_me:$LINENO: result: $ac_cv_search_basename" >&5
8427echo "${ECHO_T}$ac_cv_search_basename" >&6 8952echo "${ECHO_T}$ac_cv_search_basename" >&6
8428if test "$ac_cv_search_basename" != no; then 8953if test "$ac_cv_search_basename" != no; then
8429 test "$ac_cv_search_basename" = "none required" || LIBS="$ac_cv_search_basename $LIBS" 8954 test "$ac_cv_search_basename" = "none required" || LIBS="$ac_cv_search_basename $LIBS"
8430 cat >>confdefs.h <<\_ACEOF 8955
8956cat >>confdefs.h <<\_ACEOF
8431#define HAVE_BASENAME 1 8957#define HAVE_BASENAME 1
8432_ACEOF 8958_ACEOF
8433 8959
@@ -9019,9 +9545,13 @@ fi
9019 9545
9020fi 9546fi
9021 9547
9022echo "$as_me:$LINENO: checking for utimes" >&5 9548
9023echo $ECHO_N "checking for utimes... $ECHO_C" >&6 9549for ac_func in utimes
9024if test "${ac_cv_func_utimes+set}" = set; then 9550do
9551as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
9552echo "$as_me:$LINENO: checking for $ac_func" >&5
9553echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
9554if eval "test \"\${$as_ac_var+set}\" = set"; then
9025 echo $ECHO_N "(cached) $ECHO_C" >&6 9555 echo $ECHO_N "(cached) $ECHO_C" >&6
9026else 9556else
9027 cat >conftest.$ac_ext <<_ACEOF 9557 cat >conftest.$ac_ext <<_ACEOF
@@ -9030,12 +9560,12 @@ _ACEOF
9030cat confdefs.h >>conftest.$ac_ext 9560cat confdefs.h >>conftest.$ac_ext
9031cat >>conftest.$ac_ext <<_ACEOF 9561cat >>conftest.$ac_ext <<_ACEOF
9032/* end confdefs.h. */ 9562/* end confdefs.h. */
9033/* Define utimes to an innocuous variant, in case <limits.h> declares utimes. 9563/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
9034 For example, HP-UX 11i <limits.h> declares gettimeofday. */ 9564 For example, HP-UX 11i <limits.h> declares gettimeofday. */
9035#define utimes innocuous_utimes 9565#define $ac_func innocuous_$ac_func
9036 9566
9037/* System header to define __stub macros and hopefully few prototypes, 9567/* System header to define __stub macros and hopefully few prototypes,
9038 which can conflict with char utimes (); below. 9568 which can conflict with char $ac_func (); below.
9039 Prefer <limits.h> to <assert.h> if __STDC__ is defined, since 9569 Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
9040 <limits.h> exists even on freestanding compilers. */ 9570 <limits.h> exists even on freestanding compilers. */
9041 9571
@@ -9045,7 +9575,7 @@ cat >>conftest.$ac_ext <<_ACEOF
9045# include <assert.h> 9575# include <assert.h>
9046#endif 9576#endif
9047 9577
9048#undef utimes 9578#undef $ac_func
9049 9579
9050/* Override any gcc2 internal prototype to avoid an error. */ 9580/* Override any gcc2 internal prototype to avoid an error. */
9051#ifdef __cplusplus 9581#ifdef __cplusplus
@@ -9054,14 +9584,14 @@ extern "C"
9054#endif 9584#endif
9055/* We use char because int might match the return type of a gcc2 9585/* We use char because int might match the return type of a gcc2
9056 builtin and then its argument prototype would still apply. */ 9586 builtin and then its argument prototype would still apply. */
9057char utimes (); 9587char $ac_func ();
9058/* The GNU C library defines this for functions which it implements 9588/* The GNU C library defines this for functions which it implements
9059 to always fail with ENOSYS. Some functions are actually named 9589 to always fail with ENOSYS. Some functions are actually named
9060 something starting with __ and the normal name is an alias. */ 9590 something starting with __ and the normal name is an alias. */
9061#if defined (__stub_utimes) || defined (__stub___utimes) 9591#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
9062choke me 9592choke me
9063#else 9593#else
9064char (*f) () = utimes; 9594char (*f) () = $ac_func;
9065#endif 9595#endif
9066#ifdef __cplusplus 9596#ifdef __cplusplus
9067} 9597}
@@ -9070,7 +9600,7 @@ char (*f) () = utimes;
9070int 9600int
9071main () 9601main ()
9072{ 9602{
9073return f != utimes; 9603return f != $ac_func;
9074 ; 9604 ;
9075 return 0; 9605 return 0;
9076} 9606}
@@ -9097,20 +9627,23 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
9097 ac_status=$? 9627 ac_status=$?
9098 echo "$as_me:$LINENO: \$? = $ac_status" >&5 9628 echo "$as_me:$LINENO: \$? = $ac_status" >&5
9099 (exit $ac_status); }; }; then 9629 (exit $ac_status); }; }; then
9100 ac_cv_func_utimes=yes 9630 eval "$as_ac_var=yes"
9101else 9631else
9102 echo "$as_me: failed program was:" >&5 9632 echo "$as_me: failed program was:" >&5
9103sed 's/^/| /' conftest.$ac_ext >&5 9633sed 's/^/| /' conftest.$ac_ext >&5
9104 9634
9105ac_cv_func_utimes=no 9635eval "$as_ac_var=no"
9106fi 9636fi
9107rm -f conftest.err conftest.$ac_objext \ 9637rm -f conftest.err conftest.$ac_objext \
9108 conftest$ac_exeext conftest.$ac_ext 9638 conftest$ac_exeext conftest.$ac_ext
9109fi 9639fi
9110echo "$as_me:$LINENO: result: $ac_cv_func_utimes" >&5 9640echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
9111echo "${ECHO_T}$ac_cv_func_utimes" >&6 9641echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
9112if test $ac_cv_func_utimes = yes; then 9642if test `eval echo '${'$as_ac_var'}'` = yes; then
9113 : 9643 cat >>confdefs.h <<_ACEOF
9644#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
9645_ACEOF
9646
9114else 9647else
9115 echo "$as_me:$LINENO: checking for utimes in -lc89" >&5 9648 echo "$as_me:$LINENO: checking for utimes in -lc89" >&5
9116echo $ECHO_N "checking for utimes in -lc89... $ECHO_C" >&6 9649echo $ECHO_N "checking for utimes in -lc89... $ECHO_C" >&6
@@ -9186,6 +9719,7 @@ fi
9186 9719
9187 9720
9188fi 9721fi
9722done
9189 9723
9190 9724
9191 9725
@@ -9461,7 +9995,8 @@ echo "$as_me:$LINENO: result: $ac_cv_search_login" >&5
9461echo "${ECHO_T}$ac_cv_search_login" >&6 9995echo "${ECHO_T}$ac_cv_search_login" >&6
9462if test "$ac_cv_search_login" != no; then 9996if test "$ac_cv_search_login" != no; then
9463 test "$ac_cv_search_login" = "none required" || LIBS="$ac_cv_search_login $LIBS" 9997 test "$ac_cv_search_login" = "none required" || LIBS="$ac_cv_search_login $LIBS"
9464 cat >>confdefs.h <<\_ACEOF 9998
9999cat >>confdefs.h <<\_ACEOF
9465#define HAVE_LOGIN 1 10000#define HAVE_LOGIN 1
9466_ACEOF 10001_ACEOF
9467 10002
@@ -9768,7 +10303,8 @@ _ACEOF
9768if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | 10303if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
9769 $EGREP "FOUNDIT" >/dev/null 2>&1; then 10304 $EGREP "FOUNDIT" >/dev/null 2>&1; then
9770 10305
9771 cat >>confdefs.h <<\_ACEOF 10306
10307cat >>confdefs.h <<\_ACEOF
9772#define GLOB_HAS_ALTDIRFUNC 1 10308#define GLOB_HAS_ALTDIRFUNC 1
9773_ACEOF 10309_ACEOF
9774 10310
@@ -9802,7 +10338,8 @@ _ACEOF
9802if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | 10338if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
9803 $EGREP "FOUNDIT" >/dev/null 2>&1; then 10339 $EGREP "FOUNDIT" >/dev/null 2>&1; then
9804 10340
9805 cat >>confdefs.h <<\_ACEOF 10341
10342cat >>confdefs.h <<\_ACEOF
9806#define GLOB_HAS_GL_MATCHC 1 10343#define GLOB_HAS_GL_MATCHC 1
9807_ACEOF 10344_ACEOF
9808 10345
@@ -9866,7 +10403,8 @@ sed 's/^/| /' conftest.$ac_ext >&5
9866 10403
9867 echo "$as_me:$LINENO: result: no" >&5 10404 echo "$as_me:$LINENO: result: no" >&5
9868echo "${ECHO_T}no" >&6 10405echo "${ECHO_T}no" >&6
9869 cat >>confdefs.h <<\_ACEOF 10406
10407cat >>confdefs.h <<\_ACEOF
9870#define BROKEN_ONE_BYTE_DIRENT_D_NAME 1 10408#define BROKEN_ONE_BYTE_DIRENT_D_NAME 1
9871_ACEOF 10409_ACEOF
9872 10410
@@ -9878,7 +10416,8 @@ fi
9878echo "$as_me:$LINENO: checking for /proc/pid/fd directory" >&5 10416echo "$as_me:$LINENO: checking for /proc/pid/fd directory" >&5
9879echo $ECHO_N "checking for /proc/pid/fd directory... $ECHO_C" >&6 10417echo $ECHO_N "checking for /proc/pid/fd directory... $ECHO_C" >&6
9880if test -d "/proc/$$/fd" ; then 10418if test -d "/proc/$$/fd" ; then
9881 cat >>confdefs.h <<\_ACEOF 10419
10420cat >>confdefs.h <<\_ACEOF
9882#define HAVE_PROC_PID 1 10421#define HAVE_PROC_PID 1
9883_ACEOF 10422_ACEOF
9884 10423
@@ -9903,7 +10442,8 @@ if test "${with_skey+set}" = set; then
9903 LDFLAGS="$LDFLAGS -L${withval}/lib" 10442 LDFLAGS="$LDFLAGS -L${withval}/lib"
9904 fi 10443 fi
9905 10444
9906 cat >>confdefs.h <<\_ACEOF 10445
10446cat >>confdefs.h <<\_ACEOF
9907#define SKEY 1 10447#define SKEY 1
9908_ACEOF 10448_ACEOF
9909 10449
@@ -9912,14 +10452,7 @@ _ACEOF
9912 10452
9913 echo "$as_me:$LINENO: checking for s/key support" >&5 10453 echo "$as_me:$LINENO: checking for s/key support" >&5
9914echo $ECHO_N "checking for s/key support... $ECHO_C" >&6 10454echo $ECHO_N "checking for s/key support... $ECHO_C" >&6
9915 if test "$cross_compiling" = yes; then 10455 cat >conftest.$ac_ext <<_ACEOF
9916 { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
9917See \`config.log' for more details." >&5
9918echo "$as_me: error: cannot run test program while cross compiling
9919See \`config.log' for more details." >&2;}
9920 { (exit 1); exit 1; }; }
9921else
9922 cat >conftest.$ac_ext <<_ACEOF
9923/* confdefs.h. */ 10456/* confdefs.h. */
9924_ACEOF 10457_ACEOF
9925cat confdefs.h >>conftest.$ac_ext 10458cat confdefs.h >>conftest.$ac_ext
@@ -9931,12 +10464,23 @@ cat >>conftest.$ac_ext <<_ACEOF
9931int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); } 10464int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
9932 10465
9933_ACEOF 10466_ACEOF
9934rm -f conftest$ac_exeext 10467rm -f conftest.$ac_objext conftest$ac_exeext
9935if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 10468if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
9936 (eval $ac_link) 2>&5 10469 (eval $ac_link) 2>conftest.er1
9937 ac_status=$? 10470 ac_status=$?
10471 grep -v '^ *+' conftest.er1 >conftest.err
10472 rm -f conftest.er1
10473 cat conftest.err >&5
9938 echo "$as_me:$LINENO: \$? = $ac_status" >&5 10474 echo "$as_me:$LINENO: \$? = $ac_status" >&5
9939 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' 10475 (exit $ac_status); } &&
10476 { ac_try='test -z "$ac_c_werror_flag"
10477 || test ! -s conftest.err'
10478 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
10479 (eval $ac_try) 2>&5
10480 ac_status=$?
10481 echo "$as_me:$LINENO: \$? = $ac_status" >&5
10482 (exit $ac_status); }; } &&
10483 { ac_try='test -s conftest$ac_exeext'
9940 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 10484 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
9941 (eval $ac_try) 2>&5 10485 (eval $ac_try) 2>&5
9942 ac_status=$? 10486 ac_status=$?
@@ -9945,11 +10489,9 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
9945 echo "$as_me:$LINENO: result: yes" >&5 10489 echo "$as_me:$LINENO: result: yes" >&5
9946echo "${ECHO_T}yes" >&6 10490echo "${ECHO_T}yes" >&6
9947else 10491else
9948 echo "$as_me: program exited with status $ac_status" >&5 10492 echo "$as_me: failed program was:" >&5
9949echo "$as_me: failed program was:" >&5
9950sed 's/^/| /' conftest.$ac_ext >&5 10493sed 's/^/| /' conftest.$ac_ext >&5
9951 10494
9952( exit $ac_status )
9953 10495
9954 echo "$as_me:$LINENO: result: no" >&5 10496 echo "$as_me:$LINENO: result: no" >&5
9955echo "${ECHO_T}no" >&6 10497echo "${ECHO_T}no" >&6
@@ -9958,8 +10500,8 @@ echo "$as_me: error: ** Incomplete or missing s/key libraries." >&2;}
9958 { (exit 1); exit 1; }; } 10500 { (exit 1); exit 1; }; }
9959 10501
9960fi 10502fi
9961rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext 10503rm -f conftest.err conftest.$ac_objext \
9962fi 10504 conftest$ac_exeext conftest.$ac_ext
9963 echo "$as_me:$LINENO: checking if skeychallenge takes 4 arguments" >&5 10505 echo "$as_me:$LINENO: checking if skeychallenge takes 4 arguments" >&5
9964echo $ECHO_N "checking if skeychallenge takes 4 arguments... $ECHO_C" >&6 10506echo $ECHO_N "checking if skeychallenge takes 4 arguments... $ECHO_C" >&6
9965 cat >conftest.$ac_ext <<_ACEOF 10507 cat >conftest.$ac_ext <<_ACEOF
@@ -10002,7 +10544,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
10002 (exit $ac_status); }; }; then 10544 (exit $ac_status); }; }; then
10003 echo "$as_me:$LINENO: result: yes" >&5 10545 echo "$as_me:$LINENO: result: yes" >&5
10004echo "${ECHO_T}yes" >&6 10546echo "${ECHO_T}yes" >&6
10005 cat >>confdefs.h <<\_ACEOF 10547
10548cat >>confdefs.h <<\_ACEOF
10006#define SKEYCHALLENGE_4ARG 1 10549#define SKEYCHALLENGE_4ARG 1
10007_ACEOF 10550_ACEOF
10008 10551
@@ -10102,7 +10645,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
10102 10645
10103 echo "$as_me:$LINENO: result: yes" >&5 10646 echo "$as_me:$LINENO: result: yes" >&5
10104echo "${ECHO_T}yes" >&6 10647echo "${ECHO_T}yes" >&6
10105 cat >>confdefs.h <<\_ACEOF 10648
10649cat >>confdefs.h <<\_ACEOF
10106#define LIBWRAP 1 10650#define LIBWRAP 1
10107_ACEOF 10651_ACEOF
10108 10652
@@ -10136,8 +10680,12 @@ if test "${with_libedit+set}" = set; then
10136 withval="$with_libedit" 10680 withval="$with_libedit"
10137 if test "x$withval" != "xno" ; then 10681 if test "x$withval" != "xno" ; then
10138 if test "x$withval" != "xyes"; then 10682 if test "x$withval" != "xyes"; then
10139 CPPFLAGS="$CPPFLAGS -I$withval/include" 10683 CPPFLAGS="$CPPFLAGS -I${withval}/include"
10140 LDFLAGS="$LDFLAGS -L$withval/lib" 10684 if test -n "${need_dash_r}"; then
10685 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
10686 else
10687 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
10688 fi
10141 fi 10689 fi
10142 echo "$as_me:$LINENO: checking for el_init in -ledit" >&5 10690 echo "$as_me:$LINENO: checking for el_init in -ledit" >&5
10143echo $ECHO_N "checking for el_init in -ledit... $ECHO_C" >&6 10691echo $ECHO_N "checking for el_init in -ledit... $ECHO_C" >&6
@@ -10207,7 +10755,7 @@ echo "${ECHO_T}$ac_cv_lib_edit_el_init" >&6
10207if test $ac_cv_lib_edit_el_init = yes; then 10755if test $ac_cv_lib_edit_el_init = yes; then
10208 10756
10209cat >>confdefs.h <<\_ACEOF 10757cat >>confdefs.h <<\_ACEOF
10210#define USE_LIBEDIT 10758#define USE_LIBEDIT 1
10211_ACEOF 10759_ACEOF
10212 10760
10213 LIBEDIT="-ledit -lcurses" 10761 LIBEDIT="-ledit -lcurses"
@@ -10734,7 +11282,7 @@ done
10734 11282
10735 11283
10736cat >>confdefs.h <<\_ACEOF 11284cat >>confdefs.h <<\_ACEOF
10737#define USE_BSM_AUDIT 11285#define USE_BSM_AUDIT 1
10738_ACEOF 11286_ACEOF
10739 11287
10740 ;; 11288 ;;
@@ -10744,7 +11292,7 @@ _ACEOF
10744echo "${ECHO_T}debug" >&6 11292echo "${ECHO_T}debug" >&6
10745 11293
10746cat >>confdefs.h <<\_ACEOF 11294cat >>confdefs.h <<\_ACEOF
10747#define SSH_AUDIT_EVENTS 11295#define SSH_AUDIT_EVENTS 1
10748_ACEOF 11296_ACEOF
10749 11297
10750 ;; 11298 ;;
@@ -10841,8 +11389,10 @@ fi;
10841 11389
10842 11390
10843 11391
11392
10844for ac_func in \ 11393for ac_func in \
10845 arc4random \ 11394 arc4random \
11395 asprintf \
10846 b64_ntop \ 11396 b64_ntop \
10847 __b64_ntop \ 11397 __b64_ntop \
10848 b64_pton \ 11398 b64_pton \
@@ -10918,7 +11468,7 @@ for ac_func in \
10918 truncate \ 11468 truncate \
10919 unsetenv \ 11469 unsetenv \
10920 updwtmpx \ 11470 updwtmpx \
10921 utimes \ 11471 vasprintf \
10922 vhangup \ 11472 vhangup \
10923 vsnprintf \ 11473 vsnprintf \
10924 waitpid \ 11474 waitpid \
@@ -11312,7 +11862,8 @@ echo "$as_me:$LINENO: result: $ac_cv_search_nanosleep" >&5
11312echo "${ECHO_T}$ac_cv_search_nanosleep" >&6 11862echo "${ECHO_T}$ac_cv_search_nanosleep" >&6
11313if test "$ac_cv_search_nanosleep" != no; then 11863if test "$ac_cv_search_nanosleep" != no; then
11314 test "$ac_cv_search_nanosleep" = "none required" || LIBS="$ac_cv_search_nanosleep $LIBS" 11864 test "$ac_cv_search_nanosleep" = "none required" || LIBS="$ac_cv_search_nanosleep $LIBS"
11315 cat >>confdefs.h <<\_ACEOF 11865
11866cat >>confdefs.h <<\_ACEOF
11316#define HAVE_NANOSLEEP 1 11867#define HAVE_NANOSLEEP 1
11317_ACEOF 11868_ACEOF
11318 11869
@@ -12027,6 +12578,7 @@ echo "$as_me: failed program was:" >&5
12027sed 's/^/| /' conftest.$ac_ext >&5 12578sed 's/^/| /' conftest.$ac_ext >&5
12028 12579
12029( exit $ac_status ) 12580( exit $ac_status )
12581
12030cat >>confdefs.h <<\_ACEOF 12582cat >>confdefs.h <<\_ACEOF
12031#define BROKEN_SETRESUID 1 12583#define BROKEN_SETRESUID 1
12032_ACEOF 12584_ACEOF
@@ -12178,6 +12730,7 @@ echo "$as_me: failed program was:" >&5
12178sed 's/^/| /' conftest.$ac_ext >&5 12730sed 's/^/| /' conftest.$ac_ext >&5
12179 12731
12180( exit $ac_status ) 12732( exit $ac_status )
12733
12181cat >>confdefs.h <<\_ACEOF 12734cat >>confdefs.h <<\_ACEOF
12182#define BROKEN_SETRESGID 1 12735#define BROKEN_SETRESGID 1
12183_ACEOF 12736_ACEOF
@@ -12805,7 +13358,8 @@ fi
12805echo "$as_me:$LINENO: result: $ac_cv_func_daemon" >&5 13358echo "$as_me:$LINENO: result: $ac_cv_func_daemon" >&5
12806echo "${ECHO_T}$ac_cv_func_daemon" >&6 13359echo "${ECHO_T}$ac_cv_func_daemon" >&6
12807if test $ac_cv_func_daemon = yes; then 13360if test $ac_cv_func_daemon = yes; then
12808 cat >>confdefs.h <<\_ACEOF 13361
13362cat >>confdefs.h <<\_ACEOF
12809#define HAVE_DAEMON 1 13363#define HAVE_DAEMON 1
12810_ACEOF 13364_ACEOF
12811 13365
@@ -12976,7 +13530,8 @@ fi
12976echo "$as_me:$LINENO: result: $ac_cv_func_getpagesize" >&5 13530echo "$as_me:$LINENO: result: $ac_cv_func_getpagesize" >&5
12977echo "${ECHO_T}$ac_cv_func_getpagesize" >&6 13531echo "${ECHO_T}$ac_cv_func_getpagesize" >&6
12978if test $ac_cv_func_getpagesize = yes; then 13532if test $ac_cv_func_getpagesize = yes; then
12979 cat >>confdefs.h <<\_ACEOF 13533
13534cat >>confdefs.h <<\_ACEOF
12980#define HAVE_GETPAGESIZE 1 13535#define HAVE_GETPAGESIZE 1
12981_ACEOF 13536_ACEOF
12982 13537
@@ -13098,7 +13653,8 @@ sed 's/^/| /' conftest.$ac_ext >&5
13098 13653
13099 echo "$as_me:$LINENO: result: no" >&5 13654 echo "$as_me:$LINENO: result: no" >&5
13100echo "${ECHO_T}no" >&6 13655echo "${ECHO_T}no" >&6
13101 cat >>confdefs.h <<\_ACEOF 13656
13657cat >>confdefs.h <<\_ACEOF
13102#define BROKEN_SNPRINTF 1 13658#define BROKEN_SNPRINTF 1
13103_ACEOF 13659_ACEOF
13104 13660
@@ -13110,6 +13666,134 @@ rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftes
13110fi 13666fi
13111fi 13667fi
13112 13668
13669# If we don't have a working asprintf, then we strongly depend on vsnprintf
13670# returning the right thing on overflow: the number of characters it tried to
13671# create (as per SUSv3)
13672if test "x$ac_cv_func_asprintf" != "xyes" && \
13673 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
13674 echo "$as_me:$LINENO: checking whether vsnprintf returns correct values on overflow" >&5
13675echo $ECHO_N "checking whether vsnprintf returns correct values on overflow... $ECHO_C" >&6
13676 if test "$cross_compiling" = yes; then
13677 { echo "$as_me:$LINENO: WARNING: cross compiling: Assuming working vsnprintf()" >&5
13678echo "$as_me: WARNING: cross compiling: Assuming working vsnprintf()" >&2;}
13679
13680else
13681 cat >conftest.$ac_ext <<_ACEOF
13682/* confdefs.h. */
13683_ACEOF
13684cat confdefs.h >>conftest.$ac_ext
13685cat >>conftest.$ac_ext <<_ACEOF
13686/* end confdefs.h. */
13687
13688#include <sys/types.h>
13689#include <stdio.h>
13690#include <stdarg.h>
13691
13692int x_snprintf(char *str,size_t count,const char *fmt,...)
13693{
13694 size_t ret; va_list ap;
13695 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
13696 return ret;
13697}
13698int main(void)
13699{
13700 char x[1];
13701 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
13702}
13703_ACEOF
13704rm -f conftest$ac_exeext
13705if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
13706 (eval $ac_link) 2>&5
13707 ac_status=$?
13708 echo "$as_me:$LINENO: \$? = $ac_status" >&5
13709 (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
13710 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
13711 (eval $ac_try) 2>&5
13712 ac_status=$?
13713 echo "$as_me:$LINENO: \$? = $ac_status" >&5
13714 (exit $ac_status); }; }; then
13715 echo "$as_me:$LINENO: result: yes" >&5
13716echo "${ECHO_T}yes" >&6
13717else
13718 echo "$as_me: program exited with status $ac_status" >&5
13719echo "$as_me: failed program was:" >&5
13720sed 's/^/| /' conftest.$ac_ext >&5
13721
13722( exit $ac_status )
13723
13724 echo "$as_me:$LINENO: result: no" >&5
13725echo "${ECHO_T}no" >&6
13726
13727cat >>confdefs.h <<\_ACEOF
13728#define BROKEN_SNPRINTF 1
13729_ACEOF
13730
13731 { echo "$as_me:$LINENO: WARNING: ****** Your vsnprintf() function is broken, complain to your vendor" >&5
13732echo "$as_me: WARNING: ****** Your vsnprintf() function is broken, complain to your vendor" >&2;}
13733
13734fi
13735rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
13736fi
13737fi
13738
13739# On systems where [v]snprintf is broken, but is declared in stdio,
13740# check that the fmt argument is const char * or just char *.
13741# This is only useful for when BROKEN_SNPRINTF
13742echo "$as_me:$LINENO: checking whether snprintf can declare const char *fmt" >&5
13743echo $ECHO_N "checking whether snprintf can declare const char *fmt... $ECHO_C" >&6
13744cat >conftest.$ac_ext <<_ACEOF
13745/* confdefs.h. */
13746_ACEOF
13747cat confdefs.h >>conftest.$ac_ext
13748cat >>conftest.$ac_ext <<_ACEOF
13749/* end confdefs.h. */
13750#include <stdio.h>
13751 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
13752 int main(void) { snprintf(0, 0, 0); }
13753
13754_ACEOF
13755rm -f conftest.$ac_objext
13756if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
13757 (eval $ac_compile) 2>conftest.er1
13758 ac_status=$?
13759 grep -v '^ *+' conftest.er1 >conftest.err
13760 rm -f conftest.er1
13761 cat conftest.err >&5
13762 echo "$as_me:$LINENO: \$? = $ac_status" >&5
13763 (exit $ac_status); } &&
13764 { ac_try='test -z "$ac_c_werror_flag"
13765 || test ! -s conftest.err'
13766 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
13767 (eval $ac_try) 2>&5
13768 ac_status=$?
13769 echo "$as_me:$LINENO: \$? = $ac_status" >&5
13770 (exit $ac_status); }; } &&
13771 { ac_try='test -s conftest.$ac_objext'
13772 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
13773 (eval $ac_try) 2>&5
13774 ac_status=$?
13775 echo "$as_me:$LINENO: \$? = $ac_status" >&5
13776 (exit $ac_status); }; }; then
13777 echo "$as_me:$LINENO: result: yes" >&5
13778echo "${ECHO_T}yes" >&6
13779
13780cat >>confdefs.h <<\_ACEOF
13781#define SNPRINTF_CONST const
13782_ACEOF
13783
13784else
13785 echo "$as_me: failed program was:" >&5
13786sed 's/^/| /' conftest.$ac_ext >&5
13787
13788echo "$as_me:$LINENO: result: no" >&5
13789echo "${ECHO_T}no" >&6
13790 cat >>confdefs.h <<\_ACEOF
13791#define SNPRINTF_CONST /* not const */
13792_ACEOF
13793
13794fi
13795rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
13796
13113# Check for missing getpeereid (or equiv) support 13797# Check for missing getpeereid (or equiv) support
13114NO_PEERCHECK="" 13798NO_PEERCHECK=""
13115if test "x$ac_cv_func_getpeereid" != "xyes" ; then 13799if test "x$ac_cv_func_getpeereid" != "xyes" ; then
@@ -13157,7 +13841,7 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
13157echo "${ECHO_T}yes" >&6 13841echo "${ECHO_T}yes" >&6
13158 13842
13159cat >>confdefs.h <<\_ACEOF 13843cat >>confdefs.h <<\_ACEOF
13160#define HAVE_SO_PEERCRED 13844#define HAVE_SO_PEERCRED 1
13161_ACEOF 13845_ACEOF
13162 13846
13163 13847
@@ -13226,7 +13910,8 @@ sed 's/^/| /' conftest.$ac_ext >&5
13226 13910
13227 echo "$as_me:$LINENO: result: yes" >&5 13911 echo "$as_me:$LINENO: result: yes" >&5
13228echo "${ECHO_T}yes" >&6 13912echo "${ECHO_T}yes" >&6
13229 cat >>confdefs.h <<\_ACEOF 13913
13914cat >>confdefs.h <<\_ACEOF
13230#define HAVE_STRICT_MKSTEMP 1 13915#define HAVE_STRICT_MKSTEMP 1
13231_ACEOF 13916_ACEOF
13232 13917
@@ -13240,11 +13925,11 @@ if test ! -z "$check_for_openpty_ctty_bug"; then
13240 echo "$as_me:$LINENO: checking if openpty correctly handles controlling tty" >&5 13925 echo "$as_me:$LINENO: checking if openpty correctly handles controlling tty" >&5
13241echo $ECHO_N "checking if openpty correctly handles controlling tty... $ECHO_C" >&6 13926echo $ECHO_N "checking if openpty correctly handles controlling tty... $ECHO_C" >&6
13242 if test "$cross_compiling" = yes; then 13927 if test "$cross_compiling" = yes; then
13243 { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling 13928
13244See \`config.log' for more details." >&5 13929 echo "$as_me:$LINENO: result: cross-compiling" >&5
13245echo "$as_me: error: cannot run test program while cross compiling 13930echo "${ECHO_T}cross-compiling" >&6
13246See \`config.log' for more details." >&2;} 13931
13247 { (exit 1); exit 1; }; } 13932
13248else 13933else
13249 cat >conftest.$ac_ext <<_ACEOF 13934 cat >conftest.$ac_ext <<_ACEOF
13250/* confdefs.h. */ 13935/* confdefs.h. */
@@ -13315,7 +14000,6 @@ echo "${ECHO_T}no" >&6
13315_ACEOF 14000_ACEOF
13316 14001
13317 14002
13318
13319fi 14003fi
13320rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext 14004rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
13321fi 14005fi
@@ -13326,11 +14010,11 @@ if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
13326 echo "$as_me:$LINENO: checking if getaddrinfo seems to work" >&5 14010 echo "$as_me:$LINENO: checking if getaddrinfo seems to work" >&5
13327echo $ECHO_N "checking if getaddrinfo seems to work... $ECHO_C" >&6 14011echo $ECHO_N "checking if getaddrinfo seems to work... $ECHO_C" >&6
13328 if test "$cross_compiling" = yes; then 14012 if test "$cross_compiling" = yes; then
13329 { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling 14013
13330See \`config.log' for more details." >&5 14014 echo "$as_me:$LINENO: result: cross-compiling" >&5
13331echo "$as_me: error: cannot run test program while cross compiling 14015echo "${ECHO_T}cross-compiling" >&6
13332See \`config.log' for more details." >&2;} 14016
13333 { (exit 1); exit 1; }; } 14017
13334else 14018else
13335 cat >conftest.$ac_ext <<_ACEOF 14019 cat >conftest.$ac_ext <<_ACEOF
13336/* confdefs.h. */ 14020/* confdefs.h. */
@@ -13423,7 +14107,6 @@ echo "${ECHO_T}no" >&6
13423_ACEOF 14107_ACEOF
13424 14108
13425 14109
13426
13427fi 14110fi
13428rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext 14111rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
13429fi 14112fi
@@ -13434,11 +14117,10 @@ if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
13434 echo "$as_me:$LINENO: checking if getaddrinfo seems to work" >&5 14117 echo "$as_me:$LINENO: checking if getaddrinfo seems to work" >&5
13435echo $ECHO_N "checking if getaddrinfo seems to work... $ECHO_C" >&6 14118echo $ECHO_N "checking if getaddrinfo seems to work... $ECHO_C" >&6
13436 if test "$cross_compiling" = yes; then 14119 if test "$cross_compiling" = yes; then
13437 { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling 14120 echo "$as_me:$LINENO: result: cross-compiling" >&5
13438See \`config.log' for more details." >&5 14121echo "${ECHO_T}cross-compiling" >&6
13439echo "$as_me: error: cannot run test program while cross compiling 14122
13440See \`config.log' for more details." >&2;} 14123 ]
13441 { (exit 1); exit 1; }; }
13442else 14124else
13443 cat >conftest.$ac_ext <<_ACEOF 14125 cat >conftest.$ac_ext <<_ACEOF
13444/* confdefs.h. */ 14126/* confdefs.h. */
@@ -13506,7 +14188,7 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
13506echo "${ECHO_T}yes" >&6 14188echo "${ECHO_T}yes" >&6
13507 14189
13508cat >>confdefs.h <<\_ACEOF 14190cat >>confdefs.h <<\_ACEOF
13509#define AIX_GETNAMEINFO_HACK 14191#define AIX_GETNAMEINFO_HACK 1
13510_ACEOF 14192_ACEOF
13511 14193
13512 14194
@@ -13524,7 +14206,6 @@ echo "${ECHO_T}no" >&6
13524_ACEOF 14206_ACEOF
13525 14207
13526 14208
13527
13528fi 14209fi
13529rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext 14210rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
13530fi 14211fi
@@ -14021,7 +14702,8 @@ done
14021 14702
14022 PAM_MSG="yes" 14703 PAM_MSG="yes"
14023 14704
14024 cat >>confdefs.h <<\_ACEOF 14705
14706cat >>confdefs.h <<\_ACEOF
14025#define USE_PAM 1 14707#define USE_PAM 1
14026_ACEOF 14708_ACEOF
14027 14709
@@ -14092,7 +14774,8 @@ else
14092sed 's/^/| /' conftest.$ac_ext >&5 14774sed 's/^/| /' conftest.$ac_ext >&5
14093 14775
14094 14776
14095 cat >>confdefs.h <<\_ACEOF 14777
14778cat >>confdefs.h <<\_ACEOF
14096#define HAVE_OLD_PAM 1 14779#define HAVE_OLD_PAM 1
14097_ACEOF 14780_ACEOF
14098 14781
@@ -14185,7 +14868,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
14185 ac_status=$? 14868 ac_status=$?
14186 echo "$as_me:$LINENO: \$? = $ac_status" >&5 14869 echo "$as_me:$LINENO: \$? = $ac_status" >&5
14187 (exit $ac_status); }; }; then 14870 (exit $ac_status); }; }; then
14188 cat >>confdefs.h <<\_ACEOF 14871
14872cat >>confdefs.h <<\_ACEOF
14189#define HAVE_OPENSSL 1 14873#define HAVE_OPENSSL 1
14190_ACEOF 14874_ACEOF
14191 14875
@@ -14464,6 +15148,64 @@ fi
14464rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext 15148rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
14465fi 15149fi
14466 15150
15151# Check for OpenSSL without EVP_aes_{192,256}_cbc
15152echo "$as_me:$LINENO: checking whether OpenSSL has crippled AES support" >&5
15153echo $ECHO_N "checking whether OpenSSL has crippled AES support... $ECHO_C" >&6
15154cat >conftest.$ac_ext <<_ACEOF
15155/* confdefs.h. */
15156_ACEOF
15157cat confdefs.h >>conftest.$ac_ext
15158cat >>conftest.$ac_ext <<_ACEOF
15159/* end confdefs.h. */
15160
15161#include <string.h>
15162#include <openssl/evp.h>
15163int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
15164
15165_ACEOF
15166rm -f conftest.$ac_objext
15167if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
15168 (eval $ac_compile) 2>conftest.er1
15169 ac_status=$?
15170 grep -v '^ *+' conftest.er1 >conftest.err
15171 rm -f conftest.er1
15172 cat conftest.err >&5
15173 echo "$as_me:$LINENO: \$? = $ac_status" >&5
15174 (exit $ac_status); } &&
15175 { ac_try='test -z "$ac_c_werror_flag"
15176 || test ! -s conftest.err'
15177 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
15178 (eval $ac_try) 2>&5
15179 ac_status=$?
15180 echo "$as_me:$LINENO: \$? = $ac_status" >&5
15181 (exit $ac_status); }; } &&
15182 { ac_try='test -s conftest.$ac_objext'
15183 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
15184 (eval $ac_try) 2>&5
15185 ac_status=$?
15186 echo "$as_me:$LINENO: \$? = $ac_status" >&5
15187 (exit $ac_status); }; }; then
15188
15189 echo "$as_me:$LINENO: result: no" >&5
15190echo "${ECHO_T}no" >&6
15191
15192else
15193 echo "$as_me: failed program was:" >&5
15194sed 's/^/| /' conftest.$ac_ext >&5
15195
15196
15197 echo "$as_me:$LINENO: result: yes" >&5
15198echo "${ECHO_T}yes" >&6
15199
15200cat >>confdefs.h <<\_ACEOF
15201#define OPENSSL_LOBOTOMISED_AES 1
15202_ACEOF
15203
15204
15205
15206fi
15207rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
15208
14467# Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 15209# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
14468# because the system crypt() is more featureful. 15210# because the system crypt() is more featureful.
14469if test "x$check_for_libcrypt_before" = "x1"; then 15211if test "x$check_for_libcrypt_before" = "x1"; then
@@ -14776,7 +15518,8 @@ fi;
14776# Which randomness source do we use? 15518# Which randomness source do we use?
14777if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then 15519if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
14778 # OpenSSL only 15520 # OpenSSL only
14779 cat >>confdefs.h <<\_ACEOF 15521
15522cat >>confdefs.h <<\_ACEOF
14780#define OPENSSL_PRNG_ONLY 1 15523#define OPENSSL_PRNG_ONLY 1
14781_ACEOF 15524_ACEOF
14782 15525
@@ -14811,7 +15554,8 @@ echo "$as_me: error: You must specify a numeric port number for --with-prngd-por
14811 esac 15554 esac
14812 if test ! -z "$withval" ; then 15555 if test ! -z "$withval" ; then
14813 PRNGD_PORT="$withval" 15556 PRNGD_PORT="$withval"
14814 cat >>confdefs.h <<_ACEOF 15557
15558cat >>confdefs.h <<_ACEOF
14815#define PRNGD_PORT $PRNGD_PORT 15559#define PRNGD_PORT $PRNGD_PORT
14816_ACEOF 15560_ACEOF
14817 15561
@@ -14853,7 +15597,8 @@ echo "$as_me: error: You may not specify both a PRNGD/EGD port and socket" >&2;}
14853echo "$as_me: WARNING: Entropy socket is not readable" >&2;} 15597echo "$as_me: WARNING: Entropy socket is not readable" >&2;}
14854 fi 15598 fi
14855 PRNGD_SOCKET="$withval" 15599 PRNGD_SOCKET="$withval"
14856 cat >>confdefs.h <<_ACEOF 15600
15601cat >>confdefs.h <<_ACEOF
14857#define PRNGD_SOCKET "$PRNGD_SOCKET" 15602#define PRNGD_SOCKET "$PRNGD_SOCKET"
14858_ACEOF 15603_ACEOF
14859 15604
@@ -14902,6 +15647,7 @@ if test "${with_entropy_timeout+set}" = set; then
14902 15647
14903 15648
14904fi; 15649fi;
15650
14905cat >>confdefs.h <<_ACEOF 15651cat >>confdefs.h <<_ACEOF
14906#define ENTROPY_TIMEOUT_MSEC $entropy_timeout 15652#define ENTROPY_TIMEOUT_MSEC $entropy_timeout
14907_ACEOF 15653_ACEOF
@@ -14920,6 +15666,7 @@ if test "${with_privsep_user+set}" = set; then
14920 15666
14921 15667
14922fi; 15668fi;
15669
14923cat >>confdefs.h <<_ACEOF 15670cat >>confdefs.h <<_ACEOF
14924#define SSH_PRIVSEP_USER "$SSH_PRIVSEP_USER" 15671#define SSH_PRIVSEP_USER "$SSH_PRIVSEP_USER"
14925_ACEOF 15672_ACEOF
@@ -15685,7 +16432,202 @@ if test ! -z "$SONY" ; then
15685 LIBS="$LIBS -liberty"; 16432 LIBS="$LIBS -liberty";
15686fi 16433fi
15687 16434
15688# Checks for data types 16435# Check for long long datatypes
16436echo "$as_me:$LINENO: checking for long long" >&5
16437echo $ECHO_N "checking for long long... $ECHO_C" >&6
16438if test "${ac_cv_type_long_long+set}" = set; then
16439 echo $ECHO_N "(cached) $ECHO_C" >&6
16440else
16441 cat >conftest.$ac_ext <<_ACEOF
16442/* confdefs.h. */
16443_ACEOF
16444cat confdefs.h >>conftest.$ac_ext
16445cat >>conftest.$ac_ext <<_ACEOF
16446/* end confdefs.h. */
16447$ac_includes_default
16448int
16449main ()
16450{
16451if ((long long *) 0)
16452 return 0;
16453if (sizeof (long long))
16454 return 0;
16455 ;
16456 return 0;
16457}
16458_ACEOF
16459rm -f conftest.$ac_objext
16460if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
16461 (eval $ac_compile) 2>conftest.er1
16462 ac_status=$?
16463 grep -v '^ *+' conftest.er1 >conftest.err
16464 rm -f conftest.er1
16465 cat conftest.err >&5
16466 echo "$as_me:$LINENO: \$? = $ac_status" >&5
16467 (exit $ac_status); } &&
16468 { ac_try='test -z "$ac_c_werror_flag"
16469 || test ! -s conftest.err'
16470 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
16471 (eval $ac_try) 2>&5
16472 ac_status=$?
16473 echo "$as_me:$LINENO: \$? = $ac_status" >&5
16474 (exit $ac_status); }; } &&
16475 { ac_try='test -s conftest.$ac_objext'
16476 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
16477 (eval $ac_try) 2>&5
16478 ac_status=$?
16479 echo "$as_me:$LINENO: \$? = $ac_status" >&5
16480 (exit $ac_status); }; }; then
16481 ac_cv_type_long_long=yes
16482else
16483 echo "$as_me: failed program was:" >&5
16484sed 's/^/| /' conftest.$ac_ext >&5
16485
16486ac_cv_type_long_long=no
16487fi
16488rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
16489fi
16490echo "$as_me:$LINENO: result: $ac_cv_type_long_long" >&5
16491echo "${ECHO_T}$ac_cv_type_long_long" >&6
16492if test $ac_cv_type_long_long = yes; then
16493
16494cat >>confdefs.h <<_ACEOF
16495#define HAVE_LONG_LONG 1
16496_ACEOF
16497
16498
16499fi
16500echo "$as_me:$LINENO: checking for unsigned long long" >&5
16501echo $ECHO_N "checking for unsigned long long... $ECHO_C" >&6
16502if test "${ac_cv_type_unsigned_long_long+set}" = set; then
16503 echo $ECHO_N "(cached) $ECHO_C" >&6
16504else
16505 cat >conftest.$ac_ext <<_ACEOF
16506/* confdefs.h. */
16507_ACEOF
16508cat confdefs.h >>conftest.$ac_ext
16509cat >>conftest.$ac_ext <<_ACEOF
16510/* end confdefs.h. */
16511$ac_includes_default
16512int
16513main ()
16514{
16515if ((unsigned long long *) 0)
16516 return 0;
16517if (sizeof (unsigned long long))
16518 return 0;
16519 ;
16520 return 0;
16521}
16522_ACEOF
16523rm -f conftest.$ac_objext
16524if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
16525 (eval $ac_compile) 2>conftest.er1
16526 ac_status=$?
16527 grep -v '^ *+' conftest.er1 >conftest.err
16528 rm -f conftest.er1
16529 cat conftest.err >&5
16530 echo "$as_me:$LINENO: \$? = $ac_status" >&5
16531 (exit $ac_status); } &&
16532 { ac_try='test -z "$ac_c_werror_flag"
16533 || test ! -s conftest.err'
16534 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
16535 (eval $ac_try) 2>&5
16536 ac_status=$?
16537 echo "$as_me:$LINENO: \$? = $ac_status" >&5
16538 (exit $ac_status); }; } &&
16539 { ac_try='test -s conftest.$ac_objext'
16540 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
16541 (eval $ac_try) 2>&5
16542 ac_status=$?
16543 echo "$as_me:$LINENO: \$? = $ac_status" >&5
16544 (exit $ac_status); }; }; then
16545 ac_cv_type_unsigned_long_long=yes
16546else
16547 echo "$as_me: failed program was:" >&5
16548sed 's/^/| /' conftest.$ac_ext >&5
16549
16550ac_cv_type_unsigned_long_long=no
16551fi
16552rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
16553fi
16554echo "$as_me:$LINENO: result: $ac_cv_type_unsigned_long_long" >&5
16555echo "${ECHO_T}$ac_cv_type_unsigned_long_long" >&6
16556if test $ac_cv_type_unsigned_long_long = yes; then
16557
16558cat >>confdefs.h <<_ACEOF
16559#define HAVE_UNSIGNED_LONG_LONG 1
16560_ACEOF
16561
16562
16563fi
16564echo "$as_me:$LINENO: checking for long double" >&5
16565echo $ECHO_N "checking for long double... $ECHO_C" >&6
16566if test "${ac_cv_type_long_double+set}" = set; then
16567 echo $ECHO_N "(cached) $ECHO_C" >&6
16568else
16569 cat >conftest.$ac_ext <<_ACEOF
16570/* confdefs.h. */
16571_ACEOF
16572cat confdefs.h >>conftest.$ac_ext
16573cat >>conftest.$ac_ext <<_ACEOF
16574/* end confdefs.h. */
16575$ac_includes_default
16576int
16577main ()
16578{
16579if ((long double *) 0)
16580 return 0;
16581if (sizeof (long double))
16582 return 0;
16583 ;
16584 return 0;
16585}
16586_ACEOF
16587rm -f conftest.$ac_objext
16588if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
16589 (eval $ac_compile) 2>conftest.er1
16590 ac_status=$?
16591 grep -v '^ *+' conftest.er1 >conftest.err
16592 rm -f conftest.er1
16593 cat conftest.err >&5
16594 echo "$as_me:$LINENO: \$? = $ac_status" >&5
16595 (exit $ac_status); } &&
16596 { ac_try='test -z "$ac_c_werror_flag"
16597 || test ! -s conftest.err'
16598 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
16599 (eval $ac_try) 2>&5
16600 ac_status=$?
16601 echo "$as_me:$LINENO: \$? = $ac_status" >&5
16602 (exit $ac_status); }; } &&
16603 { ac_try='test -s conftest.$ac_objext'
16604 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
16605 (eval $ac_try) 2>&5
16606 ac_status=$?
16607 echo "$as_me:$LINENO: \$? = $ac_status" >&5
16608 (exit $ac_status); }; }; then
16609 ac_cv_type_long_double=yes
16610else
16611 echo "$as_me: failed program was:" >&5
16612sed 's/^/| /' conftest.$ac_ext >&5
16613
16614ac_cv_type_long_double=no
16615fi
16616rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
16617fi
16618echo "$as_me:$LINENO: result: $ac_cv_type_long_double" >&5
16619echo "${ECHO_T}$ac_cv_type_long_double" >&6
16620if test $ac_cv_type_long_double = yes; then
16621
16622cat >>confdefs.h <<_ACEOF
16623#define HAVE_LONG_DOUBLE 1
16624_ACEOF
16625
16626
16627fi
16628
16629
16630# Check datatype sizes
15689echo "$as_me:$LINENO: checking for char" >&5 16631echo "$as_me:$LINENO: checking for char" >&5
15690echo $ECHO_N "checking for char... $ECHO_C" >&6 16632echo $ECHO_N "checking for char... $ECHO_C" >&6
15691if test "${ac_cv_type_char+set}" = set; then 16633if test "${ac_cv_type_char+set}" = set; then
@@ -17762,6 +18704,124 @@ if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
17762 ac_cv_sizeof_long_long_int=0 18704 ac_cv_sizeof_long_long_int=0
17763fi 18705fi
17764 18706
18707# compute LLONG_MIN and LLONG_MAX if we don't know them.
18708if test -z "$have_llong_max"; then
18709 echo "$as_me:$LINENO: checking for max value of long long" >&5
18710echo $ECHO_N "checking for max value of long long... $ECHO_C" >&6
18711 if test "$cross_compiling" = yes; then
18712
18713 { echo "$as_me:$LINENO: WARNING: cross compiling: not checking" >&5
18714echo "$as_me: WARNING: cross compiling: not checking" >&2;}
18715
18716
18717else
18718 cat >conftest.$ac_ext <<_ACEOF
18719/* confdefs.h. */
18720_ACEOF
18721cat confdefs.h >>conftest.$ac_ext
18722cat >>conftest.$ac_ext <<_ACEOF
18723/* end confdefs.h. */
18724
18725#include <stdio.h>
18726/* Why is this so damn hard? */
18727#ifdef __GNUC__
18728# undef __GNUC__
18729#endif
18730#define __USE_ISOC99
18731#include <limits.h>
18732#define DATA "conftest.llminmax"
18733int main(void) {
18734 FILE *f;
18735 long long i, llmin, llmax = 0;
18736
18737 if((f = fopen(DATA,"w")) == NULL)
18738 exit(1);
18739
18740#if defined(LLONG_MIN) && defined(LLONG_MAX)
18741 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
18742 llmin = LLONG_MIN;
18743 llmax = LLONG_MAX;
18744#else
18745 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
18746 /* This will work on one's complement and two's complement */
18747 for (i = 1; i > llmax; i <<= 1, i++)
18748 llmax = i;
18749 llmin = llmax + 1LL; /* wrap */
18750#endif
18751
18752 /* Sanity check */
18753 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
18754 || llmax - 1 > llmax) {
18755 fprintf(f, "unknown unknown\n");
18756 exit(2);
18757 }
18758
18759 if (fprintf(f ,"%lld %lld", llmin, llmax) < 0)
18760 exit(3);
18761
18762 exit(0);
18763}
18764
18765_ACEOF
18766rm -f conftest$ac_exeext
18767if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
18768 (eval $ac_link) 2>&5
18769 ac_status=$?
18770 echo "$as_me:$LINENO: \$? = $ac_status" >&5
18771 (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
18772 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
18773 (eval $ac_try) 2>&5
18774 ac_status=$?
18775 echo "$as_me:$LINENO: \$? = $ac_status" >&5
18776 (exit $ac_status); }; }; then
18777
18778 llong_min=`$AWK '{print $1}' conftest.llminmax`
18779 llong_max=`$AWK '{print $2}' conftest.llminmax`
18780
18781 # snprintf on some Tru64s doesn't understand "%lld"
18782 case "$host" in
18783 alpha-dec-osf*)
18784 if test "x$ac_cv_sizeof_long_long_int" = "x8" &&
18785 test "x$llong_max" = "xld"; then
18786 llong_min="-9223372036854775808"
18787 llong_max="9223372036854775807"
18788 fi
18789 ;;
18790 esac
18791
18792 echo "$as_me:$LINENO: result: $llong_max" >&5
18793echo "${ECHO_T}$llong_max" >&6
18794
18795cat >>confdefs.h <<_ACEOF
18796#define LLONG_MAX ${llong_max}LL
18797_ACEOF
18798
18799 echo "$as_me:$LINENO: checking for min value of long long" >&5
18800echo $ECHO_N "checking for min value of long long... $ECHO_C" >&6
18801 echo "$as_me:$LINENO: result: $llong_min" >&5
18802echo "${ECHO_T}$llong_min" >&6
18803
18804cat >>confdefs.h <<_ACEOF
18805#define LLONG_MIN ${llong_min}LL
18806_ACEOF
18807
18808
18809else
18810 echo "$as_me: program exited with status $ac_status" >&5
18811echo "$as_me: failed program was:" >&5
18812sed 's/^/| /' conftest.$ac_ext >&5
18813
18814( exit $ac_status )
18815
18816 echo "$as_me:$LINENO: result: not found" >&5
18817echo "${ECHO_T}not found" >&6
18818
18819fi
18820rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
18821fi
18822fi
18823
18824
17765# More checks for data types 18825# More checks for data types
17766echo "$as_me:$LINENO: checking for u_int type" >&5 18826echo "$as_me:$LINENO: checking for u_int type" >&5
17767echo $ECHO_N "checking for u_int type... $ECHO_C" >&6 18827echo $ECHO_N "checking for u_int type... $ECHO_C" >&6
@@ -17820,7 +18880,8 @@ fi
17820echo "$as_me:$LINENO: result: $ac_cv_have_u_int" >&5 18880echo "$as_me:$LINENO: result: $ac_cv_have_u_int" >&5
17821echo "${ECHO_T}$ac_cv_have_u_int" >&6 18881echo "${ECHO_T}$ac_cv_have_u_int" >&6
17822if test "x$ac_cv_have_u_int" = "xyes" ; then 18882if test "x$ac_cv_have_u_int" = "xyes" ; then
17823 cat >>confdefs.h <<\_ACEOF 18883
18884cat >>confdefs.h <<\_ACEOF
17824#define HAVE_U_INT 1 18885#define HAVE_U_INT 1
17825_ACEOF 18886_ACEOF
17826 18887
@@ -17884,7 +18945,8 @@ fi
17884echo "$as_me:$LINENO: result: $ac_cv_have_intxx_t" >&5 18945echo "$as_me:$LINENO: result: $ac_cv_have_intxx_t" >&5
17885echo "${ECHO_T}$ac_cv_have_intxx_t" >&6 18946echo "${ECHO_T}$ac_cv_have_intxx_t" >&6
17886if test "x$ac_cv_have_intxx_t" = "xyes" ; then 18947if test "x$ac_cv_have_intxx_t" = "xyes" ; then
17887 cat >>confdefs.h <<\_ACEOF 18948
18949cat >>confdefs.h <<\_ACEOF
17888#define HAVE_INTXX_T 1 18950#define HAVE_INTXX_T 1
17889_ACEOF 18951_ACEOF
17890 18952
@@ -18018,7 +19080,8 @@ fi
18018echo "$as_me:$LINENO: result: $ac_cv_have_int64_t" >&5 19080echo "$as_me:$LINENO: result: $ac_cv_have_int64_t" >&5
18019echo "${ECHO_T}$ac_cv_have_int64_t" >&6 19081echo "${ECHO_T}$ac_cv_have_int64_t" >&6
18020if test "x$ac_cv_have_int64_t" = "xyes" ; then 19082if test "x$ac_cv_have_int64_t" = "xyes" ; then
18021 cat >>confdefs.h <<\_ACEOF 19083
19084cat >>confdefs.h <<\_ACEOF
18022#define HAVE_INT64_T 1 19085#define HAVE_INT64_T 1
18023_ACEOF 19086_ACEOF
18024 19087
@@ -18081,7 +19144,8 @@ fi
18081echo "$as_me:$LINENO: result: $ac_cv_have_u_intxx_t" >&5 19144echo "$as_me:$LINENO: result: $ac_cv_have_u_intxx_t" >&5
18082echo "${ECHO_T}$ac_cv_have_u_intxx_t" >&6 19145echo "${ECHO_T}$ac_cv_have_u_intxx_t" >&6
18083if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 19146if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
18084 cat >>confdefs.h <<\_ACEOF 19147
19148cat >>confdefs.h <<\_ACEOF
18085#define HAVE_U_INTXX_T 1 19149#define HAVE_U_INTXX_T 1
18086_ACEOF 19150_ACEOF
18087 19151
@@ -18204,7 +19268,8 @@ fi
18204echo "$as_me:$LINENO: result: $ac_cv_have_u_int64_t" >&5 19268echo "$as_me:$LINENO: result: $ac_cv_have_u_int64_t" >&5
18205echo "${ECHO_T}$ac_cv_have_u_int64_t" >&6 19269echo "${ECHO_T}$ac_cv_have_u_int64_t" >&6
18206if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 19270if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
18207 cat >>confdefs.h <<\_ACEOF 19271
19272cat >>confdefs.h <<\_ACEOF
18208#define HAVE_U_INT64_T 1 19273#define HAVE_U_INT64_T 1
18209_ACEOF 19274_ACEOF
18210 19275
@@ -18330,7 +19395,8 @@ fi
18330echo "$as_me:$LINENO: result: $ac_cv_have_uintxx_t" >&5 19395echo "$as_me:$LINENO: result: $ac_cv_have_uintxx_t" >&5
18331echo "${ECHO_T}$ac_cv_have_uintxx_t" >&6 19396echo "${ECHO_T}$ac_cv_have_uintxx_t" >&6
18332 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 19397 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
18333 cat >>confdefs.h <<\_ACEOF 19398
19399cat >>confdefs.h <<\_ACEOF
18334#define HAVE_UINTXX_T 1 19400#define HAVE_UINTXX_T 1
18335_ACEOF 19401_ACEOF
18336 19402
@@ -18527,7 +19593,8 @@ fi
18527echo "$as_me:$LINENO: result: $ac_cv_have_u_char" >&5 19593echo "$as_me:$LINENO: result: $ac_cv_have_u_char" >&5
18528echo "${ECHO_T}$ac_cv_have_u_char" >&6 19594echo "${ECHO_T}$ac_cv_have_u_char" >&6
18529if test "x$ac_cv_have_u_char" = "xyes" ; then 19595if test "x$ac_cv_have_u_char" = "xyes" ; then
18530 cat >>confdefs.h <<\_ACEOF 19596
19597cat >>confdefs.h <<\_ACEOF
18531#define HAVE_U_CHAR 1 19598#define HAVE_U_CHAR 1
18532_ACEOF 19599_ACEOF
18533 19600
@@ -18878,7 +19945,8 @@ fi
18878echo "$as_me:$LINENO: result: $ac_cv_have_size_t" >&5 19945echo "$as_me:$LINENO: result: $ac_cv_have_size_t" >&5
18879echo "${ECHO_T}$ac_cv_have_size_t" >&6 19946echo "${ECHO_T}$ac_cv_have_size_t" >&6
18880if test "x$ac_cv_have_size_t" = "xyes" ; then 19947if test "x$ac_cv_have_size_t" = "xyes" ; then
18881 cat >>confdefs.h <<\_ACEOF 19948
19949cat >>confdefs.h <<\_ACEOF
18882#define HAVE_SIZE_T 1 19950#define HAVE_SIZE_T 1
18883_ACEOF 19951_ACEOF
18884 19952
@@ -18943,7 +20011,8 @@ fi
18943echo "$as_me:$LINENO: result: $ac_cv_have_ssize_t" >&5 20011echo "$as_me:$LINENO: result: $ac_cv_have_ssize_t" >&5
18944echo "${ECHO_T}$ac_cv_have_ssize_t" >&6 20012echo "${ECHO_T}$ac_cv_have_ssize_t" >&6
18945if test "x$ac_cv_have_ssize_t" = "xyes" ; then 20013if test "x$ac_cv_have_ssize_t" = "xyes" ; then
18946 cat >>confdefs.h <<\_ACEOF 20014
20015cat >>confdefs.h <<\_ACEOF
18947#define HAVE_SSIZE_T 1 20016#define HAVE_SSIZE_T 1
18948_ACEOF 20017_ACEOF
18949 20018
@@ -19008,7 +20077,8 @@ fi
19008echo "$as_me:$LINENO: result: $ac_cv_have_clock_t" >&5 20077echo "$as_me:$LINENO: result: $ac_cv_have_clock_t" >&5
19009echo "${ECHO_T}$ac_cv_have_clock_t" >&6 20078echo "${ECHO_T}$ac_cv_have_clock_t" >&6
19010if test "x$ac_cv_have_clock_t" = "xyes" ; then 20079if test "x$ac_cv_have_clock_t" = "xyes" ; then
19011 cat >>confdefs.h <<\_ACEOF 20080
20081cat >>confdefs.h <<\_ACEOF
19012#define HAVE_CLOCK_T 1 20082#define HAVE_CLOCK_T 1
19013_ACEOF 20083_ACEOF
19014 20084
@@ -19123,7 +20193,8 @@ fi
19123echo "$as_me:$LINENO: result: $ac_cv_have_sa_family_t" >&5 20193echo "$as_me:$LINENO: result: $ac_cv_have_sa_family_t" >&5
19124echo "${ECHO_T}$ac_cv_have_sa_family_t" >&6 20194echo "${ECHO_T}$ac_cv_have_sa_family_t" >&6
19125if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 20195if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
19126 cat >>confdefs.h <<\_ACEOF 20196
20197cat >>confdefs.h <<\_ACEOF
19127#define HAVE_SA_FAMILY_T 1 20198#define HAVE_SA_FAMILY_T 1
19128_ACEOF 20199_ACEOF
19129 20200
@@ -19188,7 +20259,8 @@ fi
19188echo "$as_me:$LINENO: result: $ac_cv_have_pid_t" >&5 20259echo "$as_me:$LINENO: result: $ac_cv_have_pid_t" >&5
19189echo "${ECHO_T}$ac_cv_have_pid_t" >&6 20260echo "${ECHO_T}$ac_cv_have_pid_t" >&6
19190if test "x$ac_cv_have_pid_t" = "xyes" ; then 20261if test "x$ac_cv_have_pid_t" = "xyes" ; then
19191 cat >>confdefs.h <<\_ACEOF 20262
20263cat >>confdefs.h <<\_ACEOF
19192#define HAVE_PID_T 1 20264#define HAVE_PID_T 1
19193_ACEOF 20265_ACEOF
19194 20266
@@ -19253,7 +20325,8 @@ fi
19253echo "$as_me:$LINENO: result: $ac_cv_have_mode_t" >&5 20325echo "$as_me:$LINENO: result: $ac_cv_have_mode_t" >&5
19254echo "${ECHO_T}$ac_cv_have_mode_t" >&6 20326echo "${ECHO_T}$ac_cv_have_mode_t" >&6
19255if test "x$ac_cv_have_mode_t" = "xyes" ; then 20327if test "x$ac_cv_have_mode_t" = "xyes" ; then
19256 cat >>confdefs.h <<\_ACEOF 20328
20329cat >>confdefs.h <<\_ACEOF
19257#define HAVE_MODE_T 1 20330#define HAVE_MODE_T 1
19258_ACEOF 20331_ACEOF
19259 20332
@@ -19320,7 +20393,8 @@ fi
19320echo "$as_me:$LINENO: result: $ac_cv_have_struct_sockaddr_storage" >&5 20393echo "$as_me:$LINENO: result: $ac_cv_have_struct_sockaddr_storage" >&5
19321echo "${ECHO_T}$ac_cv_have_struct_sockaddr_storage" >&6 20394echo "${ECHO_T}$ac_cv_have_struct_sockaddr_storage" >&6
19322if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 20395if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
19323 cat >>confdefs.h <<\_ACEOF 20396
20397cat >>confdefs.h <<\_ACEOF
19324#define HAVE_STRUCT_SOCKADDR_STORAGE 1 20398#define HAVE_STRUCT_SOCKADDR_STORAGE 1
19325_ACEOF 20399_ACEOF
19326 20400
@@ -19386,7 +20460,8 @@ fi
19386echo "$as_me:$LINENO: result: $ac_cv_have_struct_sockaddr_in6" >&5 20460echo "$as_me:$LINENO: result: $ac_cv_have_struct_sockaddr_in6" >&5
19387echo "${ECHO_T}$ac_cv_have_struct_sockaddr_in6" >&6 20461echo "${ECHO_T}$ac_cv_have_struct_sockaddr_in6" >&6
19388if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 20462if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
19389 cat >>confdefs.h <<\_ACEOF 20463
20464cat >>confdefs.h <<\_ACEOF
19390#define HAVE_STRUCT_SOCKADDR_IN6 1 20465#define HAVE_STRUCT_SOCKADDR_IN6 1
19391_ACEOF 20466_ACEOF
19392 20467
@@ -19452,7 +20527,8 @@ fi
19452echo "$as_me:$LINENO: result: $ac_cv_have_struct_in6_addr" >&5 20527echo "$as_me:$LINENO: result: $ac_cv_have_struct_in6_addr" >&5
19453echo "${ECHO_T}$ac_cv_have_struct_in6_addr" >&6 20528echo "${ECHO_T}$ac_cv_have_struct_in6_addr" >&6
19454if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 20529if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
19455 cat >>confdefs.h <<\_ACEOF 20530
20531cat >>confdefs.h <<\_ACEOF
19456#define HAVE_STRUCT_IN6_ADDR 1 20532#define HAVE_STRUCT_IN6_ADDR 1
19457_ACEOF 20533_ACEOF
19458 20534
@@ -19519,7 +20595,8 @@ fi
19519echo "$as_me:$LINENO: result: $ac_cv_have_struct_addrinfo" >&5 20595echo "$as_me:$LINENO: result: $ac_cv_have_struct_addrinfo" >&5
19520echo "${ECHO_T}$ac_cv_have_struct_addrinfo" >&6 20596echo "${ECHO_T}$ac_cv_have_struct_addrinfo" >&6
19521if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 20597if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
19522 cat >>confdefs.h <<\_ACEOF 20598
20599cat >>confdefs.h <<\_ACEOF
19523#define HAVE_STRUCT_ADDRINFO 1 20600#define HAVE_STRUCT_ADDRINFO 1
19524_ACEOF 20601_ACEOF
19525 20602
@@ -19582,7 +20659,8 @@ fi
19582echo "$as_me:$LINENO: result: $ac_cv_have_struct_timeval" >&5 20659echo "$as_me:$LINENO: result: $ac_cv_have_struct_timeval" >&5
19583echo "${ECHO_T}$ac_cv_have_struct_timeval" >&6 20660echo "${ECHO_T}$ac_cv_have_struct_timeval" >&6
19584if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 20661if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
19585 cat >>confdefs.h <<\_ACEOF 20662
20663cat >>confdefs.h <<\_ACEOF
19586#define HAVE_STRUCT_TIMEVAL 1 20664#define HAVE_STRUCT_TIMEVAL 1
19587_ACEOF 20665_ACEOF
19588 20666
@@ -19761,7 +20839,8 @@ fi
19761 echo "$as_me:$LINENO: result: $ossh_result" >&5 20839 echo "$as_me:$LINENO: result: $ossh_result" >&5
19762echo "${ECHO_T}$ossh_result" >&6 20840echo "${ECHO_T}$ossh_result" >&6
19763 if test "x$ossh_result" = "xyes"; then 20841 if test "x$ossh_result" = "xyes"; then
19764 cat >>confdefs.h <<\_ACEOF 20842
20843cat >>confdefs.h <<\_ACEOF
19765#define HAVE_HOST_IN_UTMP 1 20844#define HAVE_HOST_IN_UTMP 1
19766_ACEOF 20845_ACEOF
19767 20846
@@ -19805,7 +20884,8 @@ fi
19805 echo "$as_me:$LINENO: result: $ossh_result" >&5 20884 echo "$as_me:$LINENO: result: $ossh_result" >&5
19806echo "${ECHO_T}$ossh_result" >&6 20885echo "${ECHO_T}$ossh_result" >&6
19807 if test "x$ossh_result" = "xyes"; then 20886 if test "x$ossh_result" = "xyes"; then
19808 cat >>confdefs.h <<\_ACEOF 20887
20888cat >>confdefs.h <<\_ACEOF
19809#define HAVE_HOST_IN_UTMPX 1 20889#define HAVE_HOST_IN_UTMPX 1
19810_ACEOF 20890_ACEOF
19811 20891
@@ -19849,7 +20929,8 @@ fi
19849 echo "$as_me:$LINENO: result: $ossh_result" >&5 20929 echo "$as_me:$LINENO: result: $ossh_result" >&5
19850echo "${ECHO_T}$ossh_result" >&6 20930echo "${ECHO_T}$ossh_result" >&6
19851 if test "x$ossh_result" = "xyes"; then 20931 if test "x$ossh_result" = "xyes"; then
19852 cat >>confdefs.h <<\_ACEOF 20932
20933cat >>confdefs.h <<\_ACEOF
19853#define HAVE_SYSLEN_IN_UTMPX 1 20934#define HAVE_SYSLEN_IN_UTMPX 1
19854_ACEOF 20935_ACEOF
19855 20936
@@ -19893,7 +20974,8 @@ fi
19893 echo "$as_me:$LINENO: result: $ossh_result" >&5 20974 echo "$as_me:$LINENO: result: $ossh_result" >&5
19894echo "${ECHO_T}$ossh_result" >&6 20975echo "${ECHO_T}$ossh_result" >&6
19895 if test "x$ossh_result" = "xyes"; then 20976 if test "x$ossh_result" = "xyes"; then
19896 cat >>confdefs.h <<\_ACEOF 20977
20978cat >>confdefs.h <<\_ACEOF
19897#define HAVE_PID_IN_UTMP 1 20979#define HAVE_PID_IN_UTMP 1
19898_ACEOF 20980_ACEOF
19899 20981
@@ -19937,7 +21019,8 @@ fi
19937 echo "$as_me:$LINENO: result: $ossh_result" >&5 21019 echo "$as_me:$LINENO: result: $ossh_result" >&5
19938echo "${ECHO_T}$ossh_result" >&6 21020echo "${ECHO_T}$ossh_result" >&6
19939 if test "x$ossh_result" = "xyes"; then 21021 if test "x$ossh_result" = "xyes"; then
19940 cat >>confdefs.h <<\_ACEOF 21022
21023cat >>confdefs.h <<\_ACEOF
19941#define HAVE_TYPE_IN_UTMP 1 21024#define HAVE_TYPE_IN_UTMP 1
19942_ACEOF 21025_ACEOF
19943 21026
@@ -19981,7 +21064,8 @@ fi
19981 echo "$as_me:$LINENO: result: $ossh_result" >&5 21064 echo "$as_me:$LINENO: result: $ossh_result" >&5
19982echo "${ECHO_T}$ossh_result" >&6 21065echo "${ECHO_T}$ossh_result" >&6
19983 if test "x$ossh_result" = "xyes"; then 21066 if test "x$ossh_result" = "xyes"; then
19984 cat >>confdefs.h <<\_ACEOF 21067
21068cat >>confdefs.h <<\_ACEOF
19985#define HAVE_TYPE_IN_UTMPX 1 21069#define HAVE_TYPE_IN_UTMPX 1
19986_ACEOF 21070_ACEOF
19987 21071
@@ -20025,7 +21109,8 @@ fi
20025 echo "$as_me:$LINENO: result: $ossh_result" >&5 21109 echo "$as_me:$LINENO: result: $ossh_result" >&5
20026echo "${ECHO_T}$ossh_result" >&6 21110echo "${ECHO_T}$ossh_result" >&6
20027 if test "x$ossh_result" = "xyes"; then 21111 if test "x$ossh_result" = "xyes"; then
20028 cat >>confdefs.h <<\_ACEOF 21112
21113cat >>confdefs.h <<\_ACEOF
20029#define HAVE_TV_IN_UTMP 1 21114#define HAVE_TV_IN_UTMP 1
20030_ACEOF 21115_ACEOF
20031 21116
@@ -20069,7 +21154,8 @@ fi
20069 echo "$as_me:$LINENO: result: $ossh_result" >&5 21154 echo "$as_me:$LINENO: result: $ossh_result" >&5
20070echo "${ECHO_T}$ossh_result" >&6 21155echo "${ECHO_T}$ossh_result" >&6
20071 if test "x$ossh_result" = "xyes"; then 21156 if test "x$ossh_result" = "xyes"; then
20072 cat >>confdefs.h <<\_ACEOF 21157
21158cat >>confdefs.h <<\_ACEOF
20073#define HAVE_ID_IN_UTMP 1 21159#define HAVE_ID_IN_UTMP 1
20074_ACEOF 21160_ACEOF
20075 21161
@@ -20113,7 +21199,8 @@ fi
20113 echo "$as_me:$LINENO: result: $ossh_result" >&5 21199 echo "$as_me:$LINENO: result: $ossh_result" >&5
20114echo "${ECHO_T}$ossh_result" >&6 21200echo "${ECHO_T}$ossh_result" >&6
20115 if test "x$ossh_result" = "xyes"; then 21201 if test "x$ossh_result" = "xyes"; then
20116 cat >>confdefs.h <<\_ACEOF 21202
21203cat >>confdefs.h <<\_ACEOF
20117#define HAVE_ID_IN_UTMPX 1 21204#define HAVE_ID_IN_UTMPX 1
20118_ACEOF 21205_ACEOF
20119 21206
@@ -20157,7 +21244,8 @@ fi
20157 echo "$as_me:$LINENO: result: $ossh_result" >&5 21244 echo "$as_me:$LINENO: result: $ossh_result" >&5
20158echo "${ECHO_T}$ossh_result" >&6 21245echo "${ECHO_T}$ossh_result" >&6
20159 if test "x$ossh_result" = "xyes"; then 21246 if test "x$ossh_result" = "xyes"; then
20160 cat >>confdefs.h <<\_ACEOF 21247
21248cat >>confdefs.h <<\_ACEOF
20161#define HAVE_ADDR_IN_UTMP 1 21249#define HAVE_ADDR_IN_UTMP 1
20162_ACEOF 21250_ACEOF
20163 21251
@@ -20201,7 +21289,8 @@ fi
20201 echo "$as_me:$LINENO: result: $ossh_result" >&5 21289 echo "$as_me:$LINENO: result: $ossh_result" >&5
20202echo "${ECHO_T}$ossh_result" >&6 21290echo "${ECHO_T}$ossh_result" >&6
20203 if test "x$ossh_result" = "xyes"; then 21291 if test "x$ossh_result" = "xyes"; then
20204 cat >>confdefs.h <<\_ACEOF 21292
21293cat >>confdefs.h <<\_ACEOF
20205#define HAVE_ADDR_IN_UTMPX 1 21294#define HAVE_ADDR_IN_UTMPX 1
20206_ACEOF 21295_ACEOF
20207 21296
@@ -20245,7 +21334,8 @@ fi
20245 echo "$as_me:$LINENO: result: $ossh_result" >&5 21334 echo "$as_me:$LINENO: result: $ossh_result" >&5
20246echo "${ECHO_T}$ossh_result" >&6 21335echo "${ECHO_T}$ossh_result" >&6
20247 if test "x$ossh_result" = "xyes"; then 21336 if test "x$ossh_result" = "xyes"; then
20248 cat >>confdefs.h <<\_ACEOF 21337
21338cat >>confdefs.h <<\_ACEOF
20249#define HAVE_ADDR_V6_IN_UTMP 1 21339#define HAVE_ADDR_V6_IN_UTMP 1
20250_ACEOF 21340_ACEOF
20251 21341
@@ -20289,7 +21379,8 @@ fi
20289 echo "$as_me:$LINENO: result: $ossh_result" >&5 21379 echo "$as_me:$LINENO: result: $ossh_result" >&5
20290echo "${ECHO_T}$ossh_result" >&6 21380echo "${ECHO_T}$ossh_result" >&6
20291 if test "x$ossh_result" = "xyes"; then 21381 if test "x$ossh_result" = "xyes"; then
20292 cat >>confdefs.h <<\_ACEOF 21382
21383cat >>confdefs.h <<\_ACEOF
20293#define HAVE_ADDR_V6_IN_UTMPX 1 21384#define HAVE_ADDR_V6_IN_UTMPX 1
20294_ACEOF 21385_ACEOF
20295 21386
@@ -20333,7 +21424,8 @@ fi
20333 echo "$as_me:$LINENO: result: $ossh_result" >&5 21424 echo "$as_me:$LINENO: result: $ossh_result" >&5
20334echo "${ECHO_T}$ossh_result" >&6 21425echo "${ECHO_T}$ossh_result" >&6
20335 if test "x$ossh_result" = "xyes"; then 21426 if test "x$ossh_result" = "xyes"; then
20336 cat >>confdefs.h <<\_ACEOF 21427
21428cat >>confdefs.h <<\_ACEOF
20337#define HAVE_EXIT_IN_UTMP 1 21429#define HAVE_EXIT_IN_UTMP 1
20338_ACEOF 21430_ACEOF
20339 21431
@@ -20377,7 +21469,8 @@ fi
20377 echo "$as_me:$LINENO: result: $ossh_result" >&5 21469 echo "$as_me:$LINENO: result: $ossh_result" >&5
20378echo "${ECHO_T}$ossh_result" >&6 21470echo "${ECHO_T}$ossh_result" >&6
20379 if test "x$ossh_result" = "xyes"; then 21471 if test "x$ossh_result" = "xyes"; then
20380 cat >>confdefs.h <<\_ACEOF 21472
21473cat >>confdefs.h <<\_ACEOF
20381#define HAVE_TIME_IN_UTMP 1 21474#define HAVE_TIME_IN_UTMP 1
20382_ACEOF 21475_ACEOF
20383 21476
@@ -20421,7 +21514,8 @@ fi
20421 echo "$as_me:$LINENO: result: $ossh_result" >&5 21514 echo "$as_me:$LINENO: result: $ossh_result" >&5
20422echo "${ECHO_T}$ossh_result" >&6 21515echo "${ECHO_T}$ossh_result" >&6
20423 if test "x$ossh_result" = "xyes"; then 21516 if test "x$ossh_result" = "xyes"; then
20424 cat >>confdefs.h <<\_ACEOF 21517
21518cat >>confdefs.h <<\_ACEOF
20425#define HAVE_TIME_IN_UTMPX 1 21519#define HAVE_TIME_IN_UTMPX 1
20426_ACEOF 21520_ACEOF
20427 21521
@@ -20465,7 +21559,8 @@ fi
20465 echo "$as_me:$LINENO: result: $ossh_result" >&5 21559 echo "$as_me:$LINENO: result: $ossh_result" >&5
20466echo "${ECHO_T}$ossh_result" >&6 21560echo "${ECHO_T}$ossh_result" >&6
20467 if test "x$ossh_result" = "xyes"; then 21561 if test "x$ossh_result" = "xyes"; then
20468 cat >>confdefs.h <<\_ACEOF 21562
21563cat >>confdefs.h <<\_ACEOF
20469#define HAVE_TV_IN_UTMPX 1 21564#define HAVE_TV_IN_UTMPX 1
20470_ACEOF 21565_ACEOF
20471 21566
@@ -20586,6 +21681,135 @@ _ACEOF
20586 21681
20587fi 21682fi
20588 21683
21684echo "$as_me:$LINENO: checking for struct __res_state.retrans" >&5
21685echo $ECHO_N "checking for struct __res_state.retrans... $ECHO_C" >&6
21686if test "${ac_cv_member_struct___res_state_retrans+set}" = set; then
21687 echo $ECHO_N "(cached) $ECHO_C" >&6
21688else
21689 cat >conftest.$ac_ext <<_ACEOF
21690/* confdefs.h. */
21691_ACEOF
21692cat confdefs.h >>conftest.$ac_ext
21693cat >>conftest.$ac_ext <<_ACEOF
21694/* end confdefs.h. */
21695
21696#include <stdio.h>
21697#if HAVE_SYS_TYPES_H
21698# include <sys/types.h>
21699#endif
21700#include <netinet/in.h>
21701#include <arpa/nameser.h>
21702#include <resolv.h>
21703
21704
21705int
21706main ()
21707{
21708static struct __res_state ac_aggr;
21709if (ac_aggr.retrans)
21710return 0;
21711 ;
21712 return 0;
21713}
21714_ACEOF
21715rm -f conftest.$ac_objext
21716if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
21717 (eval $ac_compile) 2>conftest.er1
21718 ac_status=$?
21719 grep -v '^ *+' conftest.er1 >conftest.err
21720 rm -f conftest.er1
21721 cat conftest.err >&5
21722 echo "$as_me:$LINENO: \$? = $ac_status" >&5
21723 (exit $ac_status); } &&
21724 { ac_try='test -z "$ac_c_werror_flag"
21725 || test ! -s conftest.err'
21726 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
21727 (eval $ac_try) 2>&5
21728 ac_status=$?
21729 echo "$as_me:$LINENO: \$? = $ac_status" >&5
21730 (exit $ac_status); }; } &&
21731 { ac_try='test -s conftest.$ac_objext'
21732 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
21733 (eval $ac_try) 2>&5
21734 ac_status=$?
21735 echo "$as_me:$LINENO: \$? = $ac_status" >&5
21736 (exit $ac_status); }; }; then
21737 ac_cv_member_struct___res_state_retrans=yes
21738else
21739 echo "$as_me: failed program was:" >&5
21740sed 's/^/| /' conftest.$ac_ext >&5
21741
21742cat >conftest.$ac_ext <<_ACEOF
21743/* confdefs.h. */
21744_ACEOF
21745cat confdefs.h >>conftest.$ac_ext
21746cat >>conftest.$ac_ext <<_ACEOF
21747/* end confdefs.h. */
21748
21749#include <stdio.h>
21750#if HAVE_SYS_TYPES_H
21751# include <sys/types.h>
21752#endif
21753#include <netinet/in.h>
21754#include <arpa/nameser.h>
21755#include <resolv.h>
21756
21757
21758int
21759main ()
21760{
21761static struct __res_state ac_aggr;
21762if (sizeof ac_aggr.retrans)
21763return 0;
21764 ;
21765 return 0;
21766}
21767_ACEOF
21768rm -f conftest.$ac_objext
21769if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
21770 (eval $ac_compile) 2>conftest.er1
21771 ac_status=$?
21772 grep -v '^ *+' conftest.er1 >conftest.err
21773 rm -f conftest.er1
21774 cat conftest.err >&5
21775 echo "$as_me:$LINENO: \$? = $ac_status" >&5
21776 (exit $ac_status); } &&
21777 { ac_try='test -z "$ac_c_werror_flag"
21778 || test ! -s conftest.err'
21779 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
21780 (eval $ac_try) 2>&5
21781 ac_status=$?
21782 echo "$as_me:$LINENO: \$? = $ac_status" >&5
21783 (exit $ac_status); }; } &&
21784 { ac_try='test -s conftest.$ac_objext'
21785 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
21786 (eval $ac_try) 2>&5
21787 ac_status=$?
21788 echo "$as_me:$LINENO: \$? = $ac_status" >&5
21789 (exit $ac_status); }; }; then
21790 ac_cv_member_struct___res_state_retrans=yes
21791else
21792 echo "$as_me: failed program was:" >&5
21793sed 's/^/| /' conftest.$ac_ext >&5
21794
21795ac_cv_member_struct___res_state_retrans=no
21796fi
21797rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
21798fi
21799rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
21800fi
21801echo "$as_me:$LINENO: result: $ac_cv_member_struct___res_state_retrans" >&5
21802echo "${ECHO_T}$ac_cv_member_struct___res_state_retrans" >&6
21803if test $ac_cv_member_struct___res_state_retrans = yes; then
21804 :
21805else
21806
21807cat >>confdefs.h <<\_ACEOF
21808#define __res_state state
21809_ACEOF
21810
21811fi
21812
20589 21813
20590echo "$as_me:$LINENO: checking for ss_family field in struct sockaddr_storage" >&5 21814echo "$as_me:$LINENO: checking for ss_family field in struct sockaddr_storage" >&5
20591echo $ECHO_N "checking for ss_family field in struct sockaddr_storage... $ECHO_C" >&6 21815echo $ECHO_N "checking for ss_family field in struct sockaddr_storage... $ECHO_C" >&6
@@ -20646,7 +21870,8 @@ fi
20646echo "$as_me:$LINENO: result: $ac_cv_have_ss_family_in_struct_ss" >&5 21870echo "$as_me:$LINENO: result: $ac_cv_have_ss_family_in_struct_ss" >&5
20647echo "${ECHO_T}$ac_cv_have_ss_family_in_struct_ss" >&6 21871echo "${ECHO_T}$ac_cv_have_ss_family_in_struct_ss" >&6
20648if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 21872if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
20649 cat >>confdefs.h <<\_ACEOF 21873
21874cat >>confdefs.h <<\_ACEOF
20650#define HAVE_SS_FAMILY_IN_SS 1 21875#define HAVE_SS_FAMILY_IN_SS 1
20651_ACEOF 21876_ACEOF
20652 21877
@@ -20712,7 +21937,8 @@ fi
20712echo "$as_me:$LINENO: result: $ac_cv_have___ss_family_in_struct_ss" >&5 21937echo "$as_me:$LINENO: result: $ac_cv_have___ss_family_in_struct_ss" >&5
20713echo "${ECHO_T}$ac_cv_have___ss_family_in_struct_ss" >&6 21938echo "${ECHO_T}$ac_cv_have___ss_family_in_struct_ss" >&6
20714if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 21939if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
20715 cat >>confdefs.h <<\_ACEOF 21940
21941cat >>confdefs.h <<\_ACEOF
20716#define HAVE___SS_FAMILY_IN_SS 1 21942#define HAVE___SS_FAMILY_IN_SS 1
20717_ACEOF 21943_ACEOF
20718 21944
@@ -20777,7 +22003,8 @@ fi
20777echo "$as_me:$LINENO: result: $ac_cv_have_pw_class_in_struct_passwd" >&5 22003echo "$as_me:$LINENO: result: $ac_cv_have_pw_class_in_struct_passwd" >&5
20778echo "${ECHO_T}$ac_cv_have_pw_class_in_struct_passwd" >&6 22004echo "${ECHO_T}$ac_cv_have_pw_class_in_struct_passwd" >&6
20779if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then 22005if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
20780 cat >>confdefs.h <<\_ACEOF 22006
22007cat >>confdefs.h <<\_ACEOF
20781#define HAVE_PW_CLASS_IN_PASSWD 1 22008#define HAVE_PW_CLASS_IN_PASSWD 1
20782_ACEOF 22009_ACEOF
20783 22010
@@ -20842,7 +22069,8 @@ fi
20842echo "$as_me:$LINENO: result: $ac_cv_have_pw_expire_in_struct_passwd" >&5 22069echo "$as_me:$LINENO: result: $ac_cv_have_pw_expire_in_struct_passwd" >&5
20843echo "${ECHO_T}$ac_cv_have_pw_expire_in_struct_passwd" >&6 22070echo "${ECHO_T}$ac_cv_have_pw_expire_in_struct_passwd" >&6
20844if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then 22071if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
20845 cat >>confdefs.h <<\_ACEOF 22072
22073cat >>confdefs.h <<\_ACEOF
20846#define HAVE_PW_EXPIRE_IN_PASSWD 1 22074#define HAVE_PW_EXPIRE_IN_PASSWD 1
20847_ACEOF 22075_ACEOF
20848 22076
@@ -20907,7 +22135,8 @@ fi
20907echo "$as_me:$LINENO: result: $ac_cv_have_pw_change_in_struct_passwd" >&5 22135echo "$as_me:$LINENO: result: $ac_cv_have_pw_change_in_struct_passwd" >&5
20908echo "${ECHO_T}$ac_cv_have_pw_change_in_struct_passwd" >&6 22136echo "${ECHO_T}$ac_cv_have_pw_change_in_struct_passwd" >&6
20909if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then 22137if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
20910 cat >>confdefs.h <<\_ACEOF 22138
22139cat >>confdefs.h <<\_ACEOF
20911#define HAVE_PW_CHANGE_IN_PASSWD 1 22140#define HAVE_PW_CHANGE_IN_PASSWD 1
20912_ACEOF 22141_ACEOF
20913 22142
@@ -20971,7 +22200,8 @@ fi
20971echo "$as_me:$LINENO: result: $ac_cv_have_accrights_in_msghdr" >&5 22200echo "$as_me:$LINENO: result: $ac_cv_have_accrights_in_msghdr" >&5
20972echo "${ECHO_T}$ac_cv_have_accrights_in_msghdr" >&6 22201echo "${ECHO_T}$ac_cv_have_accrights_in_msghdr" >&6
20973if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 22202if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
20974 cat >>confdefs.h <<\_ACEOF 22203
22204cat >>confdefs.h <<\_ACEOF
20975#define HAVE_ACCRIGHTS_IN_MSGHDR 1 22205#define HAVE_ACCRIGHTS_IN_MSGHDR 1
20976_ACEOF 22206_ACEOF
20977 22207
@@ -21035,7 +22265,8 @@ fi
21035echo "$as_me:$LINENO: result: $ac_cv_have_control_in_msghdr" >&5 22265echo "$as_me:$LINENO: result: $ac_cv_have_control_in_msghdr" >&5
21036echo "${ECHO_T}$ac_cv_have_control_in_msghdr" >&6 22266echo "${ECHO_T}$ac_cv_have_control_in_msghdr" >&6
21037if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 22267if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
21038 cat >>confdefs.h <<\_ACEOF 22268
22269cat >>confdefs.h <<\_ACEOF
21039#define HAVE_CONTROL_IN_MSGHDR 1 22270#define HAVE_CONTROL_IN_MSGHDR 1
21040_ACEOF 22271_ACEOF
21041 22272
@@ -21099,7 +22330,8 @@ fi
21099echo "$as_me:$LINENO: result: $ac_cv_libc_defines___progname" >&5 22330echo "$as_me:$LINENO: result: $ac_cv_libc_defines___progname" >&5
21100echo "${ECHO_T}$ac_cv_libc_defines___progname" >&6 22331echo "${ECHO_T}$ac_cv_libc_defines___progname" >&6
21101if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 22332if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
21102 cat >>confdefs.h <<\_ACEOF 22333
22334cat >>confdefs.h <<\_ACEOF
21103#define HAVE___PROGNAME 1 22335#define HAVE___PROGNAME 1
21104_ACEOF 22336_ACEOF
21105 22337
@@ -21165,7 +22397,8 @@ fi
21165echo "$as_me:$LINENO: result: $ac_cv_cc_implements___FUNCTION__" >&5 22397echo "$as_me:$LINENO: result: $ac_cv_cc_implements___FUNCTION__" >&5
21166echo "${ECHO_T}$ac_cv_cc_implements___FUNCTION__" >&6 22398echo "${ECHO_T}$ac_cv_cc_implements___FUNCTION__" >&6
21167if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 22399if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
21168 cat >>confdefs.h <<\_ACEOF 22400
22401cat >>confdefs.h <<\_ACEOF
21169#define HAVE___FUNCTION__ 1 22402#define HAVE___FUNCTION__ 1
21170_ACEOF 22403_ACEOF
21171 22404
@@ -21231,12 +22464,145 @@ fi
21231echo "$as_me:$LINENO: result: $ac_cv_cc_implements___func__" >&5 22464echo "$as_me:$LINENO: result: $ac_cv_cc_implements___func__" >&5
21232echo "${ECHO_T}$ac_cv_cc_implements___func__" >&6 22465echo "${ECHO_T}$ac_cv_cc_implements___func__" >&6
21233if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 22466if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
21234 cat >>confdefs.h <<\_ACEOF 22467
22468cat >>confdefs.h <<\_ACEOF
21235#define HAVE___func__ 1 22469#define HAVE___func__ 1
21236_ACEOF 22470_ACEOF
21237 22471
21238fi 22472fi
21239 22473
22474echo "$as_me:$LINENO: checking whether va_copy exists" >&5
22475echo $ECHO_N "checking whether va_copy exists... $ECHO_C" >&6
22476if test "${ac_cv_have_va_copy+set}" = set; then
22477 echo $ECHO_N "(cached) $ECHO_C" >&6
22478else
22479
22480 cat >conftest.$ac_ext <<_ACEOF
22481/* confdefs.h. */
22482_ACEOF
22483cat confdefs.h >>conftest.$ac_ext
22484cat >>conftest.$ac_ext <<_ACEOF
22485/* end confdefs.h. */
22486#include <stdarg.h>
22487 va_list x,y;
22488int
22489main ()
22490{
22491va_copy(x,y);
22492 ;
22493 return 0;
22494}
22495_ACEOF
22496rm -f conftest.$ac_objext conftest$ac_exeext
22497if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
22498 (eval $ac_link) 2>conftest.er1
22499 ac_status=$?
22500 grep -v '^ *+' conftest.er1 >conftest.err
22501 rm -f conftest.er1
22502 cat conftest.err >&5
22503 echo "$as_me:$LINENO: \$? = $ac_status" >&5
22504 (exit $ac_status); } &&
22505 { ac_try='test -z "$ac_c_werror_flag"
22506 || test ! -s conftest.err'
22507 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
22508 (eval $ac_try) 2>&5
22509 ac_status=$?
22510 echo "$as_me:$LINENO: \$? = $ac_status" >&5
22511 (exit $ac_status); }; } &&
22512 { ac_try='test -s conftest$ac_exeext'
22513 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
22514 (eval $ac_try) 2>&5
22515 ac_status=$?
22516 echo "$as_me:$LINENO: \$? = $ac_status" >&5
22517 (exit $ac_status); }; }; then
22518 ac_cv_have_va_copy="yes"
22519else
22520 echo "$as_me: failed program was:" >&5
22521sed 's/^/| /' conftest.$ac_ext >&5
22522
22523 ac_cv_have_va_copy="no"
22524
22525fi
22526rm -f conftest.err conftest.$ac_objext \
22527 conftest$ac_exeext conftest.$ac_ext
22528
22529fi
22530echo "$as_me:$LINENO: result: $ac_cv_have_va_copy" >&5
22531echo "${ECHO_T}$ac_cv_have_va_copy" >&6
22532if test "x$ac_cv_have_va_copy" = "xyes" ; then
22533
22534cat >>confdefs.h <<\_ACEOF
22535#define HAVE_VA_COPY 1
22536_ACEOF
22537
22538fi
22539
22540echo "$as_me:$LINENO: checking whether __va_copy exists" >&5
22541echo $ECHO_N "checking whether __va_copy exists... $ECHO_C" >&6
22542if test "${ac_cv_have___va_copy+set}" = set; then
22543 echo $ECHO_N "(cached) $ECHO_C" >&6
22544else
22545
22546 cat >conftest.$ac_ext <<_ACEOF
22547/* confdefs.h. */
22548_ACEOF
22549cat confdefs.h >>conftest.$ac_ext
22550cat >>conftest.$ac_ext <<_ACEOF
22551/* end confdefs.h. */
22552#include <stdarg.h>
22553 va_list x,y;
22554int
22555main ()
22556{
22557__va_copy(x,y);
22558 ;
22559 return 0;
22560}
22561_ACEOF
22562rm -f conftest.$ac_objext conftest$ac_exeext
22563if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
22564 (eval $ac_link) 2>conftest.er1
22565 ac_status=$?
22566 grep -v '^ *+' conftest.er1 >conftest.err
22567 rm -f conftest.er1
22568 cat conftest.err >&5
22569 echo "$as_me:$LINENO: \$? = $ac_status" >&5
22570 (exit $ac_status); } &&
22571 { ac_try='test -z "$ac_c_werror_flag"
22572 || test ! -s conftest.err'
22573 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
22574 (eval $ac_try) 2>&5
22575 ac_status=$?
22576 echo "$as_me:$LINENO: \$? = $ac_status" >&5
22577 (exit $ac_status); }; } &&
22578 { ac_try='test -s conftest$ac_exeext'
22579 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
22580 (eval $ac_try) 2>&5
22581 ac_status=$?
22582 echo "$as_me:$LINENO: \$? = $ac_status" >&5
22583 (exit $ac_status); }; }; then
22584 ac_cv_have___va_copy="yes"
22585else
22586 echo "$as_me: failed program was:" >&5
22587sed 's/^/| /' conftest.$ac_ext >&5
22588
22589 ac_cv_have___va_copy="no"
22590
22591fi
22592rm -f conftest.err conftest.$ac_objext \
22593 conftest$ac_exeext conftest.$ac_ext
22594
22595fi
22596echo "$as_me:$LINENO: result: $ac_cv_have___va_copy" >&5
22597echo "${ECHO_T}$ac_cv_have___va_copy" >&6
22598if test "x$ac_cv_have___va_copy" = "xyes" ; then
22599
22600cat >>confdefs.h <<\_ACEOF
22601#define HAVE___VA_COPY 1
22602_ACEOF
22603
22604fi
22605
21240echo "$as_me:$LINENO: checking whether getopt has optreset support" >&5 22606echo "$as_me:$LINENO: checking whether getopt has optreset support" >&5
21241echo $ECHO_N "checking whether getopt has optreset support... $ECHO_C" >&6 22607echo $ECHO_N "checking whether getopt has optreset support... $ECHO_C" >&6
21242if test "${ac_cv_have_getopt_optreset+set}" = set; then 22608if test "${ac_cv_have_getopt_optreset+set}" = set; then
@@ -21297,7 +22663,8 @@ fi
21297echo "$as_me:$LINENO: result: $ac_cv_have_getopt_optreset" >&5 22663echo "$as_me:$LINENO: result: $ac_cv_have_getopt_optreset" >&5
21298echo "${ECHO_T}$ac_cv_have_getopt_optreset" >&6 22664echo "${ECHO_T}$ac_cv_have_getopt_optreset" >&6
21299if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 22665if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
21300 cat >>confdefs.h <<\_ACEOF 22666
22667cat >>confdefs.h <<\_ACEOF
21301#define HAVE_GETOPT_OPTRESET 1 22668#define HAVE_GETOPT_OPTRESET 1
21302_ACEOF 22669_ACEOF
21303 22670
@@ -21361,7 +22728,8 @@ fi
21361echo "$as_me:$LINENO: result: $ac_cv_libc_defines_sys_errlist" >&5 22728echo "$as_me:$LINENO: result: $ac_cv_libc_defines_sys_errlist" >&5
21362echo "${ECHO_T}$ac_cv_libc_defines_sys_errlist" >&6 22729echo "${ECHO_T}$ac_cv_libc_defines_sys_errlist" >&6
21363if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 22730if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
21364 cat >>confdefs.h <<\_ACEOF 22731
22732cat >>confdefs.h <<\_ACEOF
21365#define HAVE_SYS_ERRLIST 1 22733#define HAVE_SYS_ERRLIST 1
21366_ACEOF 22734_ACEOF
21367 22735
@@ -21426,7 +22794,8 @@ fi
21426echo "$as_me:$LINENO: result: $ac_cv_libc_defines_sys_nerr" >&5 22794echo "$as_me:$LINENO: result: $ac_cv_libc_defines_sys_nerr" >&5
21427echo "${ECHO_T}$ac_cv_libc_defines_sys_nerr" >&6 22795echo "${ECHO_T}$ac_cv_libc_defines_sys_nerr" >&6
21428if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 22796if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
21429 cat >>confdefs.h <<\_ACEOF 22797
22798cat >>confdefs.h <<\_ACEOF
21430#define HAVE_SYS_NERR 1 22799#define HAVE_SYS_NERR 1
21431_ACEOF 22800_ACEOF
21432 22801
@@ -21684,11 +23053,13 @@ fi
21684echo "$as_me: error: Can't find libsectok" >&2;} 23053echo "$as_me: error: Can't find libsectok" >&2;}
21685 { (exit 1); exit 1; }; } 23054 { (exit 1); exit 1; }; }
21686 fi 23055 fi
21687 cat >>confdefs.h <<\_ACEOF 23056
23057cat >>confdefs.h <<\_ACEOF
21688#define SMARTCARD 1 23058#define SMARTCARD 1
21689_ACEOF 23059_ACEOF
21690 23060
21691 cat >>confdefs.h <<\_ACEOF 23061
23062cat >>confdefs.h <<\_ACEOF
21692#define USE_SECTOK 1 23063#define USE_SECTOK 1
21693_ACEOF 23064_ACEOF
21694 23065
@@ -21759,7 +23130,8 @@ fi
21759#define SMARTCARD 1 23130#define SMARTCARD 1
21760_ACEOF 23131_ACEOF
21761 23132
21762 cat >>confdefs.h <<\_ACEOF 23133
23134cat >>confdefs.h <<\_ACEOF
21763#define USE_OPENSC 1 23135#define USE_OPENSC 1
21764_ACEOF 23136_ACEOF
21765 23137
@@ -21894,7 +23266,8 @@ echo "$as_me:$LINENO: result: $ac_cv_search_getrrsetbyname" >&5
21894echo "${ECHO_T}$ac_cv_search_getrrsetbyname" >&6 23266echo "${ECHO_T}$ac_cv_search_getrrsetbyname" >&6
21895if test "$ac_cv_search_getrrsetbyname" != no; then 23267if test "$ac_cv_search_getrrsetbyname" != no; then
21896 test "$ac_cv_search_getrrsetbyname" = "none required" || LIBS="$ac_cv_search_getrrsetbyname $LIBS" 23268 test "$ac_cv_search_getrrsetbyname" = "none required" || LIBS="$ac_cv_search_getrrsetbyname $LIBS"
21897 cat >>confdefs.h <<\_ACEOF 23269
23270cat >>confdefs.h <<\_ACEOF
21898#define HAVE_GETRRSETBYNAME 1 23271#define HAVE_GETRRSETBYNAME 1
21899_ACEOF 23272_ACEOF
21900 23273
@@ -22613,7 +23986,8 @@ fi
22613echo "$as_me:$LINENO: result: $ac_cv_member_HEADER_ad" >&5 23986echo "$as_me:$LINENO: result: $ac_cv_member_HEADER_ad" >&5
22614echo "${ECHO_T}$ac_cv_member_HEADER_ad" >&6 23987echo "${ECHO_T}$ac_cv_member_HEADER_ad" >&6
22615if test $ac_cv_member_HEADER_ad = yes; then 23988if test $ac_cv_member_HEADER_ad = yes; then
22616 cat >>confdefs.h <<\_ACEOF 23989
23990cat >>confdefs.h <<\_ACEOF
22617#define HAVE_HEADER_AD 1 23991#define HAVE_HEADER_AD 1
22618_ACEOF 23992_ACEOF
22619 23993
@@ -22636,7 +24010,8 @@ if test "${with_kerberos5+set}" = set; then
22636 KRB5ROOT=${withval} 24010 KRB5ROOT=${withval}
22637 fi 24011 fi
22638 24012
22639 cat >>confdefs.h <<\_ACEOF 24013
24014cat >>confdefs.h <<\_ACEOF
22640#define KRB5 1 24015#define KRB5 1
22641_ACEOF 24016_ACEOF
22642 24017
@@ -22654,7 +24029,8 @@ echo $ECHO_N "checking for gssapi support... $ECHO_C" >&6
22654 if $KRB5CONF | grep gssapi >/dev/null ; then 24029 if $KRB5CONF | grep gssapi >/dev/null ; then
22655 echo "$as_me:$LINENO: result: yes" >&5 24030 echo "$as_me:$LINENO: result: yes" >&5
22656echo "${ECHO_T}yes" >&6 24031echo "${ECHO_T}yes" >&6
22657 cat >>confdefs.h <<\_ACEOF 24032
24033cat >>confdefs.h <<\_ACEOF
22658#define GSSAPI 1 24034#define GSSAPI 1
22659_ACEOF 24035_ACEOF
22660 24036
@@ -22708,7 +24084,8 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
22708 (exit $ac_status); }; }; then 24084 (exit $ac_status); }; }; then
22709 echo "$as_me:$LINENO: result: yes" >&5 24085 echo "$as_me:$LINENO: result: yes" >&5
22710echo "${ECHO_T}yes" >&6 24086echo "${ECHO_T}yes" >&6
22711 cat >>confdefs.h <<\_ACEOF 24087
24088cat >>confdefs.h <<\_ACEOF
22712#define HEIMDAL 1 24089#define HEIMDAL 1
22713_ACEOF 24090_ACEOF
22714 24091
@@ -23586,7 +24963,6 @@ fi
23586 if test ! -z "$blibpath" ; then 24963 if test ! -z "$blibpath" ; then
23587 blibpath="$blibpath:${KRB5ROOT}/lib" 24964 blibpath="$blibpath:${KRB5ROOT}/lib"
23588 fi 24965 fi
23589 fi
23590 24966
23591 24967
23592 24968
@@ -24042,8 +25418,8 @@ fi
24042done 25418done
24043 25419
24044 25420
24045 LIBS="$LIBS $K5LIBS" 25421 LIBS="$LIBS $K5LIBS"
24046 echo "$as_me:$LINENO: checking for library containing k_hasafs" >&5 25422 echo "$as_me:$LINENO: checking for library containing k_hasafs" >&5
24047echo $ECHO_N "checking for library containing k_hasafs... $ECHO_C" >&6 25423echo $ECHO_N "checking for library containing k_hasafs... $ECHO_C" >&6
24048if test "${ac_cv_search_k_hasafs+set}" = set; then 25424if test "${ac_cv_search_k_hasafs+set}" = set; then
24049 echo $ECHO_N "(cached) $ECHO_C" >&6 25425 echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -24166,12 +25542,14 @@ echo "$as_me:$LINENO: result: $ac_cv_search_k_hasafs" >&5
24166echo "${ECHO_T}$ac_cv_search_k_hasafs" >&6 25542echo "${ECHO_T}$ac_cv_search_k_hasafs" >&6
24167if test "$ac_cv_search_k_hasafs" != no; then 25543if test "$ac_cv_search_k_hasafs" != no; then
24168 test "$ac_cv_search_k_hasafs" = "none required" || LIBS="$ac_cv_search_k_hasafs $LIBS" 25544 test "$ac_cv_search_k_hasafs" = "none required" || LIBS="$ac_cv_search_k_hasafs $LIBS"
24169 cat >>confdefs.h <<\_ACEOF 25545
25546cat >>confdefs.h <<\_ACEOF
24170#define USE_AFS 1 25547#define USE_AFS 1
24171_ACEOF 25548_ACEOF
24172 25549
24173fi 25550fi
24174 25551
25552 fi
24175 25553
24176 25554
24177fi; 25555fi;
@@ -24273,7 +25651,8 @@ if test -z "$xauth_path" ; then
24273 XAUTH_PATH="undefined" 25651 XAUTH_PATH="undefined"
24274 25652
24275else 25653else
24276 cat >>confdefs.h <<_ACEOF 25654
25655cat >>confdefs.h <<_ACEOF
24277#define XAUTH_PATH "$xauth_path" 25656#define XAUTH_PATH "$xauth_path"
24278_ACEOF 25657_ACEOF
24279 25658
@@ -24284,7 +25663,8 @@ fi
24284# Check for mail directory (last resort if we cannot get it from headers) 25663# Check for mail directory (last resort if we cannot get it from headers)
24285if test ! -z "$MAIL" ; then 25664if test ! -z "$MAIL" ; then
24286 maildir=`dirname $MAIL` 25665 maildir=`dirname $MAIL`
24287 cat >>confdefs.h <<_ACEOF 25666
25667cat >>confdefs.h <<_ACEOF
24288#define MAIL_DIRECTORY "$maildir" 25668#define MAIL_DIRECTORY "$maildir"
24289_ACEOF 25669_ACEOF
24290 25670
@@ -24316,7 +25696,8 @@ echo "$as_me:$LINENO: result: $ac_cv_file___dev_ptmx_" >&5
24316echo "${ECHO_T}$ac_cv_file___dev_ptmx_" >&6 25696echo "${ECHO_T}$ac_cv_file___dev_ptmx_" >&6
24317if test $ac_cv_file___dev_ptmx_ = yes; then 25697if test $ac_cv_file___dev_ptmx_ = yes; then
24318 25698
24319 cat >>confdefs.h <<_ACEOF 25699
25700cat >>confdefs.h <<_ACEOF
24320#define HAVE_DEV_PTMX 1 25701#define HAVE_DEV_PTMX 1
24321_ACEOF 25702_ACEOF
24322 25703
@@ -24348,7 +25729,8 @@ echo "$as_me:$LINENO: result: $ac_cv_file___dev_ptc_" >&5
24348echo "${ECHO_T}$ac_cv_file___dev_ptc_" >&6 25729echo "${ECHO_T}$ac_cv_file___dev_ptc_" >&6
24349if test $ac_cv_file___dev_ptc_ = yes; then 25730if test $ac_cv_file___dev_ptc_ = yes; then
24350 25731
24351 cat >>confdefs.h <<_ACEOF 25732
25733cat >>confdefs.h <<_ACEOF
24352#define HAVE_DEV_PTS_AND_PTC 1 25734#define HAVE_DEV_PTS_AND_PTC 1
24353_ACEOF 25735_ACEOF
24354 25736
@@ -24452,7 +25834,8 @@ if test "${with_md5_passwords+set}" = set; then
24452 withval="$with_md5_passwords" 25834 withval="$with_md5_passwords"
24453 25835
24454 if test "x$withval" != "xno" ; then 25836 if test "x$withval" != "xno" ; then
24455 cat >>confdefs.h <<\_ACEOF 25837
25838cat >>confdefs.h <<\_ACEOF
24456#define HAVE_MD5_PASSWORDS 1 25839#define HAVE_MD5_PASSWORDS 1
24457_ACEOF 25840_ACEOF
24458 25841
@@ -24536,7 +25919,8 @@ rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
24536 if test "x$sp_expire_available" = "xyes" ; then 25919 if test "x$sp_expire_available" = "xyes" ; then
24537 echo "$as_me:$LINENO: result: yes" >&5 25920 echo "$as_me:$LINENO: result: yes" >&5
24538echo "${ECHO_T}yes" >&6 25921echo "${ECHO_T}yes" >&6
24539 cat >>confdefs.h <<\_ACEOF 25922
25923cat >>confdefs.h <<\_ACEOF
24540#define HAS_SHADOW_EXPIRE 1 25924#define HAS_SHADOW_EXPIRE 1
24541_ACEOF 25925_ACEOF
24542 25926
@@ -24549,7 +25933,8 @@ fi
24549# Use ip address instead of hostname in $DISPLAY 25933# Use ip address instead of hostname in $DISPLAY
24550if test ! -z "$IPADDR_IN_DISPLAY" ; then 25934if test ! -z "$IPADDR_IN_DISPLAY" ; then
24551 DISPLAY_HACK_MSG="yes" 25935 DISPLAY_HACK_MSG="yes"
24552 cat >>confdefs.h <<\_ACEOF 25936
25937cat >>confdefs.h <<\_ACEOF
24553#define IPADDR_IN_DISPLAY 1 25938#define IPADDR_IN_DISPLAY 1
24554_ACEOF 25939_ACEOF
24555 25940
@@ -24584,7 +25969,14 @@ echo "$as_me: /etc/default/login handling disabled" >&6;}
24584 etc_default_login=yes 25969 etc_default_login=yes
24585 fi 25970 fi
24586else 25971else
24587 etc_default_login=yes 25972 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
25973 then
25974 { echo "$as_me:$LINENO: WARNING: cross compiling: not checking /etc/default/login" >&5
25975echo "$as_me: WARNING: cross compiling: not checking /etc/default/login" >&2;}
25976 etc_default_login=no
25977 else
25978 etc_default_login=yes
25979 fi
24588 25980
24589fi; 25981fi;
24590 25982
@@ -24610,12 +26002,9 @@ if test $ac_cv_file___etc_default_login_ = yes; then
24610 external_path_file=/etc/default/login 26002 external_path_file=/etc/default/login
24611fi 26003fi
24612 26004
24613 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 26005 if test "x$external_path_file" = "x/etc/default/login"; then
24614 then 26006
24615 { echo "$as_me:$LINENO: WARNING: cross compiling: Disabling /etc/default/login test" >&5 26007cat >>confdefs.h <<\_ACEOF
24616echo "$as_me: WARNING: cross compiling: Disabling /etc/default/login test" >&2;}
24617 elif test "x$external_path_file" = "x/etc/default/login"; then
24618 cat >>confdefs.h <<\_ACEOF
24619#define HAVE_ETC_DEFAULT_LOGIN 1 26008#define HAVE_ETC_DEFAULT_LOGIN 1
24620_ACEOF 26009_ACEOF
24621 26010
@@ -24754,7 +26143,8 @@ echo "${ECHO_T}Adding $t_bindir to USER_PATH so scp will work" >&6
24754 26143
24755fi; 26144fi;
24756if test "x$external_path_file" != "x/etc/login.conf" ; then 26145if test "x$external_path_file" != "x/etc/login.conf" ; then
24757 cat >>confdefs.h <<_ACEOF 26146
26147cat >>confdefs.h <<_ACEOF
24758#define USER_PATH "$user_path" 26148#define USER_PATH "$user_path"
24759_ACEOF 26149_ACEOF
24760 26150
@@ -24769,7 +26159,8 @@ if test "${with_superuser_path+set}" = set; then
24769 26159
24770 if test -n "$withval" && test "x$withval" != "xno" && \ 26160 if test -n "$withval" && test "x$withval" != "xno" && \
24771 test "x${withval}" != "xyes"; then 26161 test "x${withval}" != "xyes"; then
24772 cat >>confdefs.h <<_ACEOF 26162
26163cat >>confdefs.h <<_ACEOF
24773#define SUPERUSER_PATH "$withval" 26164#define SUPERUSER_PATH "$withval"
24774_ACEOF 26165_ACEOF
24775 26166
@@ -24791,7 +26182,8 @@ if test "${with_4in6+set}" = set; then
24791 if test "x$withval" != "xno" ; then 26182 if test "x$withval" != "xno" ; then
24792 echo "$as_me:$LINENO: result: yes" >&5 26183 echo "$as_me:$LINENO: result: yes" >&5
24793echo "${ECHO_T}yes" >&6 26184echo "${ECHO_T}yes" >&6
24794 cat >>confdefs.h <<\_ACEOF 26185
26186cat >>confdefs.h <<\_ACEOF
24795#define IPV4_IN_IPV6 1 26187#define IPV4_IN_IPV6 1
24796_ACEOF 26188_ACEOF
24797 26189
@@ -24827,7 +26219,8 @@ if test "${with_bsd_auth+set}" = set; then
24827 withval="$with_bsd_auth" 26219 withval="$with_bsd_auth"
24828 26220
24829 if test "x$withval" != "xno" ; then 26221 if test "x$withval" != "xno" ; then
24830 cat >>confdefs.h <<\_ACEOF 26222
26223cat >>confdefs.h <<\_ACEOF
24831#define BSD_AUTH 1 26224#define BSD_AUTH 1
24832_ACEOF 26225_ACEOF
24833 26226
@@ -24864,6 +26257,7 @@ echo "$as_me: WARNING: ** no $piddir directory on this system **" >&2;}
24864 26257
24865fi; 26258fi;
24866 26259
26260
24867cat >>confdefs.h <<_ACEOF 26261cat >>confdefs.h <<_ACEOF
24868#define _PATH_SSH_PIDDIR "$piddir" 26262#define _PATH_SSH_PIDDIR "$piddir"
24869_ACEOF 26263_ACEOF
@@ -24901,7 +26295,8 @@ if test "${enable_utmpx+set}" = set; then
24901 enableval="$enable_utmpx" 26295 enableval="$enable_utmpx"
24902 26296
24903 if test "x$enableval" = "xno" ; then 26297 if test "x$enableval" = "xno" ; then
24904 cat >>confdefs.h <<\_ACEOF 26298
26299cat >>confdefs.h <<\_ACEOF
24905#define DISABLE_UTMPX 1 26300#define DISABLE_UTMPX 1
24906_ACEOF 26301_ACEOF
24907 26302
@@ -24927,7 +26322,8 @@ if test "${enable_wtmpx+set}" = set; then
24927 enableval="$enable_wtmpx" 26322 enableval="$enable_wtmpx"
24928 26323
24929 if test "x$enableval" = "xno" ; then 26324 if test "x$enableval" = "xno" ; then
24930 cat >>confdefs.h <<\_ACEOF 26325
26326cat >>confdefs.h <<\_ACEOF
24931#define DISABLE_WTMPX 1 26327#define DISABLE_WTMPX 1
24932_ACEOF 26328_ACEOF
24933 26329
@@ -24953,7 +26349,8 @@ if test "${enable_pututline+set}" = set; then
24953 enableval="$enable_pututline" 26349 enableval="$enable_pututline"
24954 26350
24955 if test "x$enableval" = "xno" ; then 26351 if test "x$enableval" = "xno" ; then
24956 cat >>confdefs.h <<\_ACEOF 26352
26353cat >>confdefs.h <<\_ACEOF
24957#define DISABLE_PUTUTLINE 1 26354#define DISABLE_PUTUTLINE 1
24958_ACEOF 26355_ACEOF
24959 26356
@@ -24966,7 +26363,8 @@ if test "${enable_pututxline+set}" = set; then
24966 enableval="$enable_pututxline" 26363 enableval="$enable_pututxline"
24967 26364
24968 if test "x$enableval" = "xno" ; then 26365 if test "x$enableval" = "xno" ; then
24969 cat >>confdefs.h <<\_ACEOF 26366
26367cat >>confdefs.h <<\_ACEOF
24970#define DISABLE_PUTUTXLINE 1 26368#define DISABLE_PUTUTXLINE 1
24971_ACEOF 26369_ACEOF
24972 26370
@@ -25133,7 +26531,8 @@ echo "$as_me: WARNING: ** Cannot find lastlog **" >&2;}
25133fi 26531fi
25134 26532
25135if test -n "$conf_lastlog_location"; then 26533if test -n "$conf_lastlog_location"; then
25136 cat >>confdefs.h <<_ACEOF 26534
26535cat >>confdefs.h <<_ACEOF
25137#define CONF_LASTLOG_FILE "$conf_lastlog_location" 26536#define CONF_LASTLOG_FILE "$conf_lastlog_location"
25138_ACEOF 26537_ACEOF
25139 26538
@@ -25212,7 +26611,8 @@ _ACEOF
25212 fi 26611 fi
25213fi 26612fi
25214if test -n "$conf_utmp_location"; then 26613if test -n "$conf_utmp_location"; then
25215 cat >>confdefs.h <<_ACEOF 26614
26615cat >>confdefs.h <<_ACEOF
25216#define CONF_UTMP_FILE "$conf_utmp_location" 26616#define CONF_UTMP_FILE "$conf_utmp_location"
25217_ACEOF 26617_ACEOF
25218 26618
@@ -25291,7 +26691,8 @@ _ACEOF
25291 fi 26691 fi
25292fi 26692fi
25293if test -n "$conf_wtmp_location"; then 26693if test -n "$conf_wtmp_location"; then
25294 cat >>confdefs.h <<_ACEOF 26694
26695cat >>confdefs.h <<_ACEOF
25295#define CONF_WTMP_FILE "$conf_wtmp_location" 26696#define CONF_WTMP_FILE "$conf_wtmp_location"
25296_ACEOF 26697_ACEOF
25297 26698
@@ -25366,7 +26767,8 @@ _ACEOF
25366 26767
25367 fi 26768 fi
25368else 26769else
25369 cat >>confdefs.h <<_ACEOF 26770
26771cat >>confdefs.h <<_ACEOF
25370#define CONF_UTMPX_FILE "$conf_utmpx_location" 26772#define CONF_UTMPX_FILE "$conf_utmpx_location"
25371_ACEOF 26773_ACEOF
25372 26774
@@ -25440,7 +26842,8 @@ _ACEOF
25440 26842
25441 fi 26843 fi
25442else 26844else
25443 cat >>confdefs.h <<_ACEOF 26845
26846cat >>confdefs.h <<_ACEOF
25444#define CONF_WTMPX_FILE "$conf_wtmpx_location" 26847#define CONF_WTMPX_FILE "$conf_wtmpx_location"
25445_ACEOF 26848_ACEOF
25446 26849
@@ -26104,6 +27507,7 @@ s,@ac_ct_RANLIB@,$ac_ct_RANLIB,;t t
26104s,@INSTALL_PROGRAM@,$INSTALL_PROGRAM,;t t 27507s,@INSTALL_PROGRAM@,$INSTALL_PROGRAM,;t t
26105s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t 27508s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t
26106s,@INSTALL_DATA@,$INSTALL_DATA,;t t 27509s,@INSTALL_DATA@,$INSTALL_DATA,;t t
27510s,@EGREP@,$EGREP,;t t
26107s,@AR@,$AR,;t t 27511s,@AR@,$AR,;t t
26108s,@CAT@,$CAT,;t t 27512s,@CAT@,$CAT,;t t
26109s,@KILL@,$KILL,;t t 27513s,@KILL@,$KILL,;t t
@@ -26116,10 +27520,10 @@ s,@TEST_SHELL@,$TEST_SHELL,;t t
26116s,@PATH_GROUPADD_PROG@,$PATH_GROUPADD_PROG,;t t 27520s,@PATH_GROUPADD_PROG@,$PATH_GROUPADD_PROG,;t t
26117s,@PATH_USERADD_PROG@,$PATH_USERADD_PROG,;t t 27521s,@PATH_USERADD_PROG@,$PATH_USERADD_PROG,;t t
26118s,@MAKE_PACKAGE_SUPPORTED@,$MAKE_PACKAGE_SUPPORTED,;t t 27522s,@MAKE_PACKAGE_SUPPORTED@,$MAKE_PACKAGE_SUPPORTED,;t t
27523s,@STARTUP_SCRIPT_SHELL@,$STARTUP_SCRIPT_SHELL,;t t
26119s,@LOGIN_PROGRAM_FALLBACK@,$LOGIN_PROGRAM_FALLBACK,;t t 27524s,@LOGIN_PROGRAM_FALLBACK@,$LOGIN_PROGRAM_FALLBACK,;t t
26120s,@PATH_PASSWD_PROG@,$PATH_PASSWD_PROG,;t t 27525s,@PATH_PASSWD_PROG@,$PATH_PASSWD_PROG,;t t
26121s,@LD@,$LD,;t t 27526s,@LD@,$LD,;t t
26122s,@EGREP@,$EGREP,;t t
26123s,@LIBWRAP@,$LIBWRAP,;t t 27527s,@LIBWRAP@,$LIBWRAP,;t t
26124s,@LIBEDIT@,$LIBEDIT,;t t 27528s,@LIBEDIT@,$LIBEDIT,;t t
26125s,@LIBPAM@,$LIBPAM,;t t 27529s,@LIBPAM@,$LIBPAM,;t t
diff --git a/configure.ac b/configure.ac
index 1e4df2e33..ff1972ed6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
1# $Id: configure.ac,v 1.292 2005/08/31 16:59:49 tim Exp $ 1# $Id: configure.ac,v 1.322.2.6 2006/02/08 11:11:06 dtucker Exp $
2# 2#
3# Copyright (c) 1999-2004 Damien Miller 3# Copyright (c) 1999-2004 Damien Miller
4# 4#
@@ -15,6 +15,7 @@
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 16
17AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) 17AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18AC_REVISION($Revision: 1.322.2.6 $)
18AC_CONFIG_SRCDIR([ssh.c]) 19AC_CONFIG_SRCDIR([ssh.c])
19 20
20AC_CONFIG_HEADER(config.h) 21AC_CONFIG_HEADER(config.h)
@@ -27,6 +28,7 @@ AC_PROG_AWK
27AC_PROG_CPP 28AC_PROG_CPP
28AC_PROG_RANLIB 29AC_PROG_RANLIB
29AC_PROG_INSTALL 30AC_PROG_INSTALL
31AC_PROG_EGREP
30AC_PATH_PROG(AR, ar) 32AC_PATH_PROG(AR, ar)
31AC_PATH_PROG(CAT, cat) 33AC_PATH_PROG(CAT, cat)
32AC_PATH_PROG(KILL, kill) 34AC_PATH_PROG(KILL, kill)
@@ -47,6 +49,11 @@ AC_PATH_PROG(PATH_GROUPADD_PROG, groupadd, groupadd,
47AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd, 49AC_PATH_PROG(PATH_USERADD_PROG, useradd, useradd,
48 [/usr/sbin${PATH_SEPARATOR}/etc]) 50 [/usr/sbin${PATH_SEPARATOR}/etc])
49AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no) 51AC_CHECK_PROG(MAKE_PACKAGE_SUPPORTED, pkgmk, yes, no)
52if test -x /sbin/sh; then
53 AC_SUBST(STARTUP_SCRIPT_SHELL,/sbin/sh)
54else
55 AC_SUBST(STARTUP_SCRIPT_SHELL,/bin/sh)
56fi
50 57
51# System features 58# System features
52AC_SYS_LARGEFILE 59AC_SYS_LARGEFILE
@@ -57,7 +64,9 @@ fi
57 64
58# Use LOGIN_PROGRAM from environment if possible 65# Use LOGIN_PROGRAM from environment if possible
59if test ! -z "$LOGIN_PROGRAM" ; then 66if test ! -z "$LOGIN_PROGRAM" ; then
60 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM") 67 AC_DEFINE_UNQUOTED(LOGIN_PROGRAM_FALLBACK, "$LOGIN_PROGRAM",
68 [If your header files don't define LOGIN_PROGRAM,
69 then use this (detected) from environment and PATH])
61else 70else
62 # Search for login 71 # Search for login
63 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login) 72 AC_PATH_PROG(LOGIN_PROGRAM_FALLBACK, login)
@@ -68,7 +77,8 @@ fi
68 77
69AC_PATH_PROG(PATH_PASSWD_PROG, passwd) 78AC_PATH_PROG(PATH_PASSWD_PROG, passwd)
70if test ! -z "$PATH_PASSWD_PROG" ; then 79if test ! -z "$PATH_PASSWD_PROG" ; then
71 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG") 80 AC_DEFINE_UNQUOTED(_PATH_PASSWD_PROG, "$PATH_PASSWD_PROG",
81 [Full path of your "passwd" program])
72fi 82fi
73 83
74if test -z "$LD" ; then 84if test -z "$LD" ; then
@@ -82,12 +92,14 @@ AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
82 92
83if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 93if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
84 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized" 94 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
85 GCC_VER=`$CC --version` 95 GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
86 case $GCC_VER in 96 case $GCC_VER in
87 1.*) ;; 97 1.*) ;;
88 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;; 98 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
89 2.*) ;; 99 2.*) ;;
90 *) CFLAGS="$CFLAGS -Wsign-compare" ;; 100 3.*) CFLAGS="$CFLAGS -Wsign-compare" ;;
101 4.*) CFLAGS="$CFLAGS -Wsign-compare -Wno-pointer-sign" ;;
102 *) ;;
91 esac 103 esac
92 104
93 if test -z "$have_llong_max"; then 105 if test -z "$have_llong_max"; then
@@ -103,70 +115,6 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
103 fi 115 fi
104fi 116fi
105 117
106if test -z "$have_llong_max"; then
107 AC_MSG_CHECKING([for max value of long long])
108 AC_RUN_IFELSE(
109 [AC_LANG_SOURCE([[
110#include <stdio.h>
111/* Why is this so damn hard? */
112#ifdef __GNUC__
113# undef __GNUC__
114#endif
115#define __USE_ISOC99
116#include <limits.h>
117#define DATA "conftest.llminmax"
118int main(void) {
119 FILE *f;
120 long long i, llmin, llmax = 0;
121
122 if((f = fopen(DATA,"w")) == NULL)
123 exit(1);
124
125#if defined(LLONG_MIN) && defined(LLONG_MAX)
126 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
127 llmin = LLONG_MIN;
128 llmax = LLONG_MAX;
129#else
130 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
131 /* This will work on one's complement and two's complement */
132 for (i = 1; i > llmax; i <<= 1, i++)
133 llmax = i;
134 llmin = llmax + 1LL; /* wrap */
135#endif
136
137 /* Sanity check */
138 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
139 || llmax - 1 > llmax) {
140 fprintf(f, "unknown unknown\n");
141 exit(2);
142 }
143
144 if (fprintf(f ,"%lld %lld", llmin, llmax) < 0)
145 exit(3);
146
147 exit(0);
148}
149 ]])],
150 [
151 llong_min=`$AWK '{print $1}' conftest.llminmax`
152 llong_max=`$AWK '{print $2}' conftest.llminmax`
153 AC_MSG_RESULT($llong_max)
154 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
155 [max value of long long calculated by configure])
156 AC_MSG_CHECKING([for min value of long long])
157 AC_MSG_RESULT($llong_min)
158 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
159 [min value of long long calculated by configure])
160 ],
161 [
162 AC_MSG_RESULT(not found)
163 ],
164 [
165 AC_MSG_WARN([cross compiling: not checking])
166 ]
167 )
168fi
169
170AC_ARG_WITH(rpath, 118AC_ARG_WITH(rpath,
171 [ --without-rpath Disable auto-added -R linker paths], 119 [ --without-rpath Disable auto-added -R linker paths],
172 [ 120 [
@@ -201,7 +149,8 @@ case "$host" in
201 fi 149 fi
202 LDFLAGS="$saved_LDFLAGS" 150 LDFLAGS="$saved_LDFLAGS"
203 dnl Check for authenticate. Might be in libs.a on older AIXes 151 dnl Check for authenticate. Might be in libs.a on older AIXes
204 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)], 152 AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE, 1,
153 [Define if you want to enable AIX4's authenticate function])],
205 [AC_CHECK_LIB(s,authenticate, 154 [AC_CHECK_LIB(s,authenticate,
206 [ AC_DEFINE(WITH_AIXAUTHENTICATE) 155 [ AC_DEFINE(WITH_AIXAUTHENTICATE)
207 LIBS="$LIBS -ls" 156 LIBS="$LIBS -ls"
@@ -217,7 +166,9 @@ case "$host" in
217 [#include <usersec.h>], 166 [#include <usersec.h>],
218 [(void)loginfailed("user","host","tty",0);], 167 [(void)loginfailed("user","host","tty",0);],
219 [AC_MSG_RESULT(yes) 168 [AC_MSG_RESULT(yes)
220 AC_DEFINE(AIX_LOGINFAILED_4ARG)], 169 AC_DEFINE(AIX_LOGINFAILED_4ARG, 1,
170 [Define if your AIX loginfailed() function
171 takes 4 arguments (AIX >= 5.2)])],
221 [AC_MSG_RESULT(no)] 172 [AC_MSG_RESULT(no)]
222 )], 173 )],
223 [], 174 [],
@@ -225,25 +176,38 @@ case "$host" in
225 ) 176 )
226 AC_CHECK_FUNCS(setauthdb) 177 AC_CHECK_FUNCS(setauthdb)
227 check_for_aix_broken_getaddrinfo=1 178 check_for_aix_broken_getaddrinfo=1
228 AC_DEFINE(BROKEN_REALPATH) 179 AC_DEFINE(BROKEN_REALPATH, 1, [Define if you have a broken realpath.])
229 AC_DEFINE(SETEUID_BREAKS_SETUID) 180 AC_DEFINE(SETEUID_BREAKS_SETUID, 1,
230 AC_DEFINE(BROKEN_SETREUID) 181 [Define if your platform breaks doing a seteuid before a setuid])
231 AC_DEFINE(BROKEN_SETREGID) 182 AC_DEFINE(BROKEN_SETREUID, 1, [Define if your setreuid() is broken])
183 AC_DEFINE(BROKEN_SETREGID, 1, [Define if your setregid() is broken])
232 dnl AIX handles lastlog as part of its login message 184 dnl AIX handles lastlog as part of its login message
233 AC_DEFINE(DISABLE_LASTLOG) 185 AC_DEFINE(DISABLE_LASTLOG, 1, [Define if you don't want to use lastlog])
234 AC_DEFINE(LOGIN_NEEDS_UTMPX) 186 AC_DEFINE(LOGIN_NEEDS_UTMPX, 1,
235 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV) 187 [Some systems need a utmpx entry for /bin/login to work])
188 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV,
189 [Define to a Set Process Title type if your system is
190 supported by bsd-setproctitle.c])
191 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
192 [AIX 5.2 and 5.3 (and presumably newer) require this])
236 ;; 193 ;;
237*-*-cygwin*) 194*-*-cygwin*)
238 check_for_libcrypt_later=1 195 check_for_libcrypt_later=1
239 LIBS="$LIBS /usr/lib/textmode.o" 196 LIBS="$LIBS /usr/lib/textmode.o"
240 AC_DEFINE(HAVE_CYGWIN) 197 AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
241 AC_DEFINE(USE_PIPES) 198 AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
242 AC_DEFINE(DISABLE_SHADOW) 199 AC_DEFINE(DISABLE_SHADOW, 1,
243 AC_DEFINE(IP_TOS_IS_BROKEN) 200 [Define if you want to disable shadow passwords])
244 AC_DEFINE(NO_X11_UNIX_SOCKETS) 201 AC_DEFINE(IP_TOS_IS_BROKEN, 1,
245 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT) 202 [Define if your system choked on IP TOS setting])
246 AC_DEFINE(DISABLE_FD_PASSING) 203 AC_DEFINE(NO_X11_UNIX_SOCKETS, 1,
204 [Define if X11 doesn't support AF_UNIX sockets on that system])
205 AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1,
206 [Define if the concept of ports only accessible to
207 superusers isn't known])
208 AC_DEFINE(DISABLE_FD_PASSING, 1,
209 [Define if your platform needs to skip post auth
210 file descriptor passing])
247 ;; 211 ;;
248*-*-dgux*) 212*-*-dgux*)
249 AC_DEFINE(IP_TOS_IS_BROKEN) 213 AC_DEFINE(IP_TOS_IS_BROKEN)
@@ -260,22 +224,26 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
260 exit(1); 224 exit(1);
261}], [AC_MSG_RESULT(working)], 225}], [AC_MSG_RESULT(working)],
262 [AC_MSG_RESULT(buggy) 226 [AC_MSG_RESULT(buggy)
263 AC_DEFINE(BROKEN_GETADDRINFO)], 227 AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
264 [AC_MSG_RESULT(assume it is working)]) 228 [AC_MSG_RESULT(assume it is working)])
265 AC_DEFINE(SETEUID_BREAKS_SETUID) 229 AC_DEFINE(SETEUID_BREAKS_SETUID)
266 AC_DEFINE(BROKEN_SETREUID) 230 AC_DEFINE(BROKEN_SETREUID)
267 AC_DEFINE(BROKEN_SETREGID) 231 AC_DEFINE(BROKEN_SETREGID)
268 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1) 232 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1,
233 [Define if your resolver libs need this for getrrsetbyname])
269 ;; 234 ;;
270*-*-hpux*) 235*-*-hpux*)
271 # first we define all of the options common to all HP-UX releases 236 # first we define all of the options common to all HP-UX releases
272 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 237 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
273 IPADDR_IN_DISPLAY=yes 238 IPADDR_IN_DISPLAY=yes
274 AC_DEFINE(USE_PIPES) 239 AC_DEFINE(USE_PIPES)
275 AC_DEFINE(LOGIN_NO_ENDOPT) 240 AC_DEFINE(LOGIN_NO_ENDOPT, 1,
241 [Define if your login program cannot handle end of options ("--")])
276 AC_DEFINE(LOGIN_NEEDS_UTMPX) 242 AC_DEFINE(LOGIN_NEEDS_UTMPX)
277 AC_DEFINE(LOCKED_PASSWD_STRING, "*") 243 AC_DEFINE(LOCKED_PASSWD_STRING, "*",
244 [String used in /etc/passwd to denote locked account])
278 AC_DEFINE(SPT_TYPE,SPT_PSTAT) 245 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
246 MAIL="/var/mail/username"
279 LIBS="$LIBS -lsec" 247 LIBS="$LIBS -lsec"
280 AC_CHECK_LIB(xnet, t_error, , 248 AC_CHECK_LIB(xnet, t_error, ,
281 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) 249 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
@@ -288,8 +256,12 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
288 fi 256 fi
289 ;; 257 ;;
290 *-*-hpux11*) 258 *-*-hpux11*)
291 AC_DEFINE(PAM_SUN_CODEBASE) 259 AC_DEFINE(PAM_SUN_CODEBASE, 1,
292 AC_DEFINE(DISABLE_UTMP) 260 [Define if you are using Solaris-derived PAM which
261 passes pam_messages to the conversation function
262 with an extra level of indirection])
263 AC_DEFINE(DISABLE_UTMP, 1,
264 [Define if you don't want to use utmp])
293 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins]) 265 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
294 check_for_hpux_broken_getaddrinfo=1 266 check_for_hpux_broken_getaddrinfo=1
295 check_for_conflicting_getspnam=1 267 check_for_conflicting_getspnam=1
@@ -299,7 +271,9 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
299 # lastly, we define options specific to minor releases 271 # lastly, we define options specific to minor releases
300 case "$host" in 272 case "$host" in
301 *-*-hpux10.26) 273 *-*-hpux10.26)
302 AC_DEFINE(HAVE_SECUREWARE) 274 AC_DEFINE(HAVE_SECUREWARE, 1,
275 [Define if you have SecureWare-based
276 protected password database])
303 disable_ptmx_check=yes 277 disable_ptmx_check=yes
304 LIBS="$LIBS -lsecpw" 278 LIBS="$LIBS -lsecpw"
305 ;; 279 ;;
@@ -307,24 +281,33 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
307 ;; 281 ;;
308*-*-irix5*) 282*-*-irix5*)
309 PATH="$PATH:/usr/etc" 283 PATH="$PATH:/usr/etc"
310 AC_DEFINE(BROKEN_INET_NTOA) 284 AC_DEFINE(BROKEN_INET_NTOA, 1,
285 [Define if you system's inet_ntoa is busted
286 (e.g. Irix gcc issue)])
311 AC_DEFINE(SETEUID_BREAKS_SETUID) 287 AC_DEFINE(SETEUID_BREAKS_SETUID)
312 AC_DEFINE(BROKEN_SETREUID) 288 AC_DEFINE(BROKEN_SETREUID)
313 AC_DEFINE(BROKEN_SETREGID) 289 AC_DEFINE(BROKEN_SETREGID)
314 AC_DEFINE(WITH_ABBREV_NO_TTY) 290 AC_DEFINE(WITH_ABBREV_NO_TTY, 1,
291 [Define if you shouldn't strip 'tty' from your
292 ttyname in [uw]tmp])
315 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") 293 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
316 ;; 294 ;;
317*-*-irix6*) 295*-*-irix6*)
318 PATH="$PATH:/usr/etc" 296 PATH="$PATH:/usr/etc"
319 AC_DEFINE(WITH_IRIX_ARRAY) 297 AC_DEFINE(WITH_IRIX_ARRAY, 1,
320 AC_DEFINE(WITH_IRIX_PROJECT) 298 [Define if you have/want arrays
321 AC_DEFINE(WITH_IRIX_AUDIT) 299 (cluster-wide session managment, not C arrays)])
322 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS)]) 300 AC_DEFINE(WITH_IRIX_PROJECT, 1,
301 [Define if you want IRIX project management])
302 AC_DEFINE(WITH_IRIX_AUDIT, 1,
303 [Define if you want IRIX audit trails])
304 AC_CHECK_FUNC(jlimit_startjob, [AC_DEFINE(WITH_IRIX_JOBS, 1,
305 [Define if you want IRIX kernel jobs])])
323 AC_DEFINE(BROKEN_INET_NTOA) 306 AC_DEFINE(BROKEN_INET_NTOA)
324 AC_DEFINE(SETEUID_BREAKS_SETUID) 307 AC_DEFINE(SETEUID_BREAKS_SETUID)
325 AC_DEFINE(BROKEN_SETREUID) 308 AC_DEFINE(BROKEN_SETREUID)
326 AC_DEFINE(BROKEN_SETREGID) 309 AC_DEFINE(BROKEN_SETREGID)
327 AC_DEFINE(BROKEN_UPDWTMPX) 310 AC_DEFINE(BROKEN_UPDWTMPX, 1, [updwtmpx is broken (if present)])
328 AC_DEFINE(WITH_ABBREV_NO_TTY) 311 AC_DEFINE(WITH_ABBREV_NO_TTY)
329 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") 312 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
330 ;; 313 ;;
@@ -332,22 +315,37 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
332 no_dev_ptmx=1 315 no_dev_ptmx=1
333 check_for_libcrypt_later=1 316 check_for_libcrypt_later=1
334 check_for_openpty_ctty_bug=1 317 check_for_openpty_ctty_bug=1
335 AC_DEFINE(DONT_TRY_OTHER_AF) 318 AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
336 AC_DEFINE(PAM_TTY_KLUDGE) 319 AC_DEFINE(PAM_TTY_KLUDGE, 1,
337 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!") 320 [Work around problematic Linux PAM modules handling of PAM_TTY])
321 AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
322 [String used in /etc/passwd to denote locked account])
338 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV) 323 AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
339 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM) 324 AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM,
325 [Define to whatever link() returns for "not supported"
326 if it doesn't return EOPNOTSUPP.])
340 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts]) 327 AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts])
341 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins]) 328 AC_DEFINE(USE_BTMP)
342 inet6_default_4in6=yes 329 inet6_default_4in6=yes
343 case `uname -r` in 330 case `uname -r` in
344 1.*|2.0.*) 331 1.*|2.0.*)
345 AC_DEFINE(BROKEN_CMSG_TYPE) 332 AC_DEFINE(BROKEN_CMSG_TYPE, 1,
333 [Define if cmsg_type is not passed correctly])
346 ;; 334 ;;
347 esac 335 esac
336 # tun(4) forwarding compat code
337 AC_CHECK_HEADERS(linux/if_tun.h)
338 if test "x$ac_cv_header_linux_if_tun_h" = "xyes" ; then
339 AC_DEFINE(SSH_TUN_LINUX, 1,
340 [Open tunnel devices the Linux tun/tap way])
341 AC_DEFINE(SSH_TUN_COMPAT_AF, 1,
342 [Use tunnel device compatibility to OpenBSD])
343 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
344 [Prepend the address family to IP tunnel traffic])
345 fi
348 ;; 346 ;;
349mips-sony-bsd|mips-sony-newsos4) 347mips-sony-bsd|mips-sony-newsos4)
350 AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty]) 348 AC_DEFINE(NEED_SETPGRP, 1, [Need setpgrp to acquire controlling tty])
351 SONY=1 349 SONY=1
352 ;; 350 ;;
353*-*-netbsd*) 351*-*-netbsd*)
@@ -355,9 +353,18 @@ mips-sony-bsd|mips-sony-newsos4)
355 if test "x$withval" != "xno" ; then 353 if test "x$withval" != "xno" ; then
356 need_dash_r=1 354 need_dash_r=1
357 fi 355 fi
356 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
357 AC_CHECK_HEADER([net/if_tap.h], ,
358 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
359 AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
360 [Prepend the address family to IP tunnel traffic])
358 ;; 361 ;;
359*-*-freebsd*) 362*-*-freebsd*)
360 check_for_libcrypt_later=1 363 check_for_libcrypt_later=1
364 AC_DEFINE(LOCKED_PASSWD_PREFIX, "*LOCKED*", [Account locked with pw(1)])
365 AC_DEFINE(SSH_TUN_FREEBSD, 1, [Open tunnel devices the FreeBSD way])
366 AC_CHECK_HEADER([net/if_tap.h], ,
367 AC_DEFINE(SSH_TUN_NO_L2, 1, [No layer 2 tunnel support]))
361 ;; 368 ;;
362*-*-bsdi*) 369*-*-bsdi*)
363 AC_DEFINE(SETEUID_BREAKS_SETUID) 370 AC_DEFINE(SETEUID_BREAKS_SETUID)
@@ -369,13 +376,15 @@ mips-sony-bsd|mips-sony-newsos4)
369 conf_utmp_location=/etc/utmp 376 conf_utmp_location=/etc/utmp
370 conf_wtmp_location=/usr/adm/wtmp 377 conf_wtmp_location=/usr/adm/wtmp
371 MAIL=/usr/spool/mail 378 MAIL=/usr/spool/mail
372 AC_DEFINE(HAVE_NEXT) 379 AC_DEFINE(HAVE_NEXT, 1, [Define if you are on NeXT])
373 AC_DEFINE(BROKEN_REALPATH) 380 AC_DEFINE(BROKEN_REALPATH)
374 AC_DEFINE(USE_PIPES) 381 AC_DEFINE(USE_PIPES)
375 AC_DEFINE(BROKEN_SAVED_UIDS) 382 AC_DEFINE(BROKEN_SAVED_UIDS, 1, [Needed for NeXT])
376 ;; 383 ;;
377*-*-openbsd*) 384*-*-openbsd*)
378 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel]) 385 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
386 AC_DEFINE(HAVE_ATTRIBUTE__BOUNDED__, 1, [OpenBSD's gcc has bounded])
387 AC_DEFINE(SSH_TUN_OPENBSD, 1, [Open tunnel devices the OpenBSD way])
379 ;; 388 ;;
380*-*-solaris*) 389*-*-solaris*)
381 if test "x$withval" != "xno" ; then 390 if test "x$withval" != "xno" ; then
@@ -383,12 +392,18 @@ mips-sony-bsd|mips-sony-newsos4)
383 fi 392 fi
384 AC_DEFINE(PAM_SUN_CODEBASE) 393 AC_DEFINE(PAM_SUN_CODEBASE)
385 AC_DEFINE(LOGIN_NEEDS_UTMPX) 394 AC_DEFINE(LOGIN_NEEDS_UTMPX)
386 AC_DEFINE(LOGIN_NEEDS_TERM) 395 AC_DEFINE(LOGIN_NEEDS_TERM, 1,
396 [Some versions of /bin/login need the TERM supplied
397 on the commandline])
387 AC_DEFINE(PAM_TTY_KLUDGE) 398 AC_DEFINE(PAM_TTY_KLUDGE)
388 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID) 399 AC_DEFINE(SSHPAM_CHAUTHTOK_NEEDS_RUID, 1,
400 [Define if pam_chauthtok wants real uid set
401 to the unpriv'ed user])
389 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") 402 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
390 # Pushing STREAMS modules will cause sshd to acquire a controlling tty. 403 # Pushing STREAMS modules will cause sshd to acquire a controlling tty.
391 AC_DEFINE(SSHD_ACQUIRES_CTTY) 404 AC_DEFINE(SSHD_ACQUIRES_CTTY, 1,
405 [Define if sshd somehow reacquires a controlling TTY
406 after setsid()])
392 external_path_file=/etc/default/login 407 external_path_file=/etc/default/login
393 # hardwire lastlog location (can't detect it on some versions) 408 # hardwire lastlog location (can't detect it on some versions)
394 conf_lastlog_location="/var/adm/lastlog" 409 conf_lastlog_location="/var/adm/lastlog"
@@ -397,7 +412,8 @@ mips-sony-bsd|mips-sony-newsos4)
397 if test "$sol2ver" -ge 8; then 412 if test "$sol2ver" -ge 8; then
398 AC_MSG_RESULT(yes) 413 AC_MSG_RESULT(yes)
399 AC_DEFINE(DISABLE_UTMP) 414 AC_DEFINE(DISABLE_UTMP)
400 AC_DEFINE(DISABLE_WTMP) 415 AC_DEFINE(DISABLE_WTMP, 1,
416 [Define if you don't want to use wtmp])
401 else 417 else
402 AC_MSG_RESULT(no) 418 AC_MSG_RESULT(no)
403 fi 419 fi
@@ -422,8 +438,8 @@ mips-sony-bsd|mips-sony-newsos4)
422*-sni-sysv*) 438*-sni-sysv*)
423 # /usr/ucblib MUST NOT be searched on ReliantUNIX 439 # /usr/ucblib MUST NOT be searched on ReliantUNIX
424 AC_CHECK_LIB(dl, dlsym, ,) 440 AC_CHECK_LIB(dl, dlsym, ,)
425 # -lresolv needs to be at then end of LIBS or DNS lookups break 441 # -lresolv needs to be at the end of LIBS or DNS lookups break
426 AC_CHECK_LIB(res_query, resolv, [ LIBS="$LIBS -lresolv" ]) 442 AC_CHECK_LIB(resolv, res_query, [ LIBS="$LIBS -lresolv" ])
427 IPADDR_IN_DISPLAY=yes 443 IPADDR_IN_DISPLAY=yes
428 AC_DEFINE(USE_PIPES) 444 AC_DEFINE(USE_PIPES)
429 AC_DEFINE(IP_TOS_IS_BROKEN) 445 AC_DEFINE(IP_TOS_IS_BROKEN)
@@ -438,11 +454,13 @@ mips-sony-bsd|mips-sony-newsos4)
438 ;; 454 ;;
439# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. 455# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel.
440*-*-sysv4.2*) 456*-*-sysv4.2*)
457 CFLAGS="$CFLAGS -Dva_list=_VA_LIST"
441 AC_DEFINE(USE_PIPES) 458 AC_DEFINE(USE_PIPES)
442 AC_DEFINE(SETEUID_BREAKS_SETUID) 459 AC_DEFINE(SETEUID_BREAKS_SETUID)
443 AC_DEFINE(BROKEN_SETREUID) 460 AC_DEFINE(BROKEN_SETREUID)
444 AC_DEFINE(BROKEN_SETREGID) 461 AC_DEFINE(BROKEN_SETREGID)
445 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd]) 462 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
463 AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
446 ;; 464 ;;
447# UnixWare 7.x, OpenUNIX 8 465# UnixWare 7.x, OpenUNIX 8
448*-*-sysv5*) 466*-*-sysv5*)
@@ -452,11 +470,14 @@ mips-sony-bsd|mips-sony-newsos4)
452 AC_DEFINE(SETEUID_BREAKS_SETUID) 470 AC_DEFINE(SETEUID_BREAKS_SETUID)
453 AC_DEFINE(BROKEN_SETREUID) 471 AC_DEFINE(BROKEN_SETREUID)
454 AC_DEFINE(BROKEN_SETREGID) 472 AC_DEFINE(BROKEN_SETREGID)
455 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd]) 473 AC_DEFINE(PASSWD_NEEDS_USERNAME)
456 case "$host" in 474 case "$host" in
457 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x 475 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
458 TEST_SHELL=/u95/bin/sh 476 TEST_SHELL=/u95/bin/sh
459 AC_DEFINE(BROKEN_LIBIAF, 1, [ia_uinfo routines not supported by OS yet]) 477 AC_DEFINE(BROKEN_LIBIAF, 1,
478 [ia_uinfo routines not supported by OS yet])
479 ;;
480 *) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*")
460 ;; 481 ;;
461 esac 482 esac
462 ;; 483 ;;
@@ -482,13 +503,14 @@ mips-sony-bsd|mips-sony-newsos4)
482 AC_DEFINE(BROKEN_SETREGID) 503 AC_DEFINE(BROKEN_SETREGID)
483 AC_DEFINE(WITH_ABBREV_NO_TTY) 504 AC_DEFINE(WITH_ABBREV_NO_TTY)
484 AC_DEFINE(BROKEN_UPDWTMPX) 505 AC_DEFINE(BROKEN_UPDWTMPX)
485 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd]) 506 AC_DEFINE(PASSWD_NEEDS_USERNAME)
486 AC_CHECK_FUNCS(getluid setluid) 507 AC_CHECK_FUNCS(getluid setluid)
487 MANTYPE=man 508 MANTYPE=man
488 TEST_SHELL=ksh 509 TEST_SHELL=ksh
489 ;; 510 ;;
490*-*-unicosmk*) 511*-*-unicosmk*)
491 AC_DEFINE(NO_SSH_LASTLOG) 512 AC_DEFINE(NO_SSH_LASTLOG, 1,
513 [Define if you don't want to use lastlog in session.c])
492 AC_DEFINE(SETEUID_BREAKS_SETUID) 514 AC_DEFINE(SETEUID_BREAKS_SETUID)
493 AC_DEFINE(BROKEN_SETREUID) 515 AC_DEFINE(BROKEN_SETREUID)
494 AC_DEFINE(BROKEN_SETREGID) 516 AC_DEFINE(BROKEN_SETREGID)
@@ -535,13 +557,18 @@ mips-sony-bsd|mips-sony-newsos4)
535 if test -z "$no_osfsia" ; then 557 if test -z "$no_osfsia" ; then
536 if test -f /etc/sia/matrix.conf; then 558 if test -f /etc/sia/matrix.conf; then
537 AC_MSG_RESULT(yes) 559 AC_MSG_RESULT(yes)
538 AC_DEFINE(HAVE_OSF_SIA) 560 AC_DEFINE(HAVE_OSF_SIA, 1,
539 AC_DEFINE(DISABLE_LOGIN) 561 [Define if you have Digital Unix Security
562 Integration Architecture])
563 AC_DEFINE(DISABLE_LOGIN, 1,
564 [Define if you don't want to use your
565 system's login() call])
540 AC_DEFINE(DISABLE_FD_PASSING) 566 AC_DEFINE(DISABLE_FD_PASSING)
541 LIBS="$LIBS -lsecurity -ldb -lm -laud" 567 LIBS="$LIBS -lsecurity -ldb -lm -laud"
542 else 568 else
543 AC_MSG_RESULT(no) 569 AC_MSG_RESULT(no)
544 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin") 570 AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin",
571 [String used in /etc/passwd to denote locked account])
545 fi 572 fi
546 fi 573 fi
547 AC_DEFINE(BROKEN_GETADDRINFO) 574 AC_DEFINE(BROKEN_GETADDRINFO)
@@ -550,24 +577,25 @@ mips-sony-bsd|mips-sony-newsos4)
550 AC_DEFINE(BROKEN_SETREGID) 577 AC_DEFINE(BROKEN_SETREGID)
551 ;; 578 ;;
552 579
553*-*-nto-qnx) 580*-*-nto-qnx*)
554 AC_DEFINE(USE_PIPES) 581 AC_DEFINE(USE_PIPES)
555 AC_DEFINE(NO_X11_UNIX_SOCKETS) 582 AC_DEFINE(NO_X11_UNIX_SOCKETS)
556 AC_DEFINE(MISSING_NFDBITS) 583 AC_DEFINE(MISSING_NFDBITS, 1, [Define on *nto-qnx systems])
557 AC_DEFINE(MISSING_HOWMANY) 584 AC_DEFINE(MISSING_HOWMANY, 1, [Define on *nto-qnx systems])
558 AC_DEFINE(MISSING_FD_MASK) 585 AC_DEFINE(MISSING_FD_MASK, 1, [Define on *nto-qnx systems])
586 AC_DEFINE(DISABLE_LASTLOG)
559 ;; 587 ;;
560 588
561*-*-ultrix*) 589*-*-ultrix*)
562 AC_DEFINE(BROKEN_GETGROUPS, [], [getgroups(0,NULL) will return -1]) 590 AC_DEFINE(BROKEN_GETGROUPS, 1, [getgroups(0,NULL) will return -1])
563 AC_DEFINE(BROKEN_MMAP, [], [Ultrix mmap can't map files]) 591 AC_DEFINE(BROKEN_MMAP, 1, [Ultrix mmap can't map files])
564 AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty]) 592 AC_DEFINE(NEED_SETPGRP)
565 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix]) 593 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
566 ;; 594 ;;
567 595
568*-*-lynxos) 596*-*-lynxos)
569 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" 597 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
570 AC_DEFINE(MISSING_HOWMANY) 598 AC_DEFINE(MISSING_HOWMANY)
571 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation]) 599 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
572 ;; 600 ;;
573esac 601esac
@@ -614,7 +642,7 @@ AC_ARG_WITH(Werror,
614 [ 642 [
615 if test -n "$withval" && test "x$withval" != "xno"; then 643 if test -n "$withval" && test "x$withval" != "xno"; then
616 werror_flags="-Werror" 644 werror_flags="-Werror"
617 if "x${withval}" != "xyes"; then 645 if test "x${withval}" != "xyes"; then
618 werror_flags="$withval" 646 werror_flags="$withval"
619 fi 647 fi
620 fi 648 fi
@@ -647,7 +675,6 @@ AC_CHECK_HEADERS( \
647 glob.h \ 675 glob.h \
648 ia.h \ 676 ia.h \
649 iaf.h \ 677 iaf.h \
650 lastlog.h \
651 limits.h \ 678 limits.h \
652 login.h \ 679 login.h \
653 login_cap.h \ 680 login_cap.h \
@@ -655,7 +682,6 @@ AC_CHECK_HEADERS( \
655 ndir.h \ 682 ndir.h \
656 netdb.h \ 683 netdb.h \
657 netgroup.h \ 684 netgroup.h \
658 netinet/in_systm.h \
659 pam/pam_appl.h \ 685 pam/pam_appl.h \
660 paths.h \ 686 paths.h \
661 pty.h \ 687 pty.h \
@@ -697,6 +723,13 @@ AC_CHECK_HEADERS( \
697 vis.h \ 723 vis.h \
698) 724)
699 725
726# lastlog.h requires sys/time.h to be included first on Solaris
727AC_CHECK_HEADERS(lastlog.h, [], [], [
728#ifdef HAVE_SYS_TIME_H
729# include <sys/time.h>
730#endif
731])
732
700# sys/ptms.h requires sys/stream.h to be included first on Solaris 733# sys/ptms.h requires sys/stream.h to be included first on Solaris
701AC_CHECK_HEADERS(sys/ptms.h, [], [], [ 734AC_CHECK_HEADERS(sys/ptms.h, [], [], [
702#ifdef HAVE_SYS_STREAM_H 735#ifdef HAVE_SYS_STREAM_H
@@ -715,8 +748,8 @@ AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
715 ac_cv_have_broken_dirname, [ 748 ac_cv_have_broken_dirname, [
716 save_LIBS="$LIBS" 749 save_LIBS="$LIBS"
717 LIBS="$LIBS -lgen" 750 LIBS="$LIBS -lgen"
718 AC_TRY_RUN( 751 AC_RUN_IFELSE(
719 [ 752 [AC_LANG_SOURCE([[
720#include <libgen.h> 753#include <libgen.h>
721#include <string.h> 754#include <string.h>
722 755
@@ -731,9 +764,10 @@ int main(int argc, char **argv) {
731 exit(0); 764 exit(0);
732 } 765 }
733} 766}
734 ], 767 ]])],
768 [ ac_cv_have_broken_dirname="no" ],
769 [ ac_cv_have_broken_dirname="yes" ],
735 [ ac_cv_have_broken_dirname="no" ], 770 [ ac_cv_have_broken_dirname="no" ],
736 [ ac_cv_have_broken_dirname="yes" ]
737 ) 771 )
738 LIBS="$save_LIBS" 772 LIBS="$save_LIBS"
739 ]) 773 ])
@@ -747,7 +781,8 @@ int main(int argc, char **argv) {
747 781
748AC_CHECK_FUNC(getspnam, , 782AC_CHECK_FUNC(getspnam, ,
749 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen")) 783 AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
750AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME)) 784AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME, 1,
785 [Define if you have the basename function.]))
751 786
752dnl zlib is required 787dnl zlib is required
753AC_ARG_WITH(zlib, 788AC_ARG_WITH(zlib,
@@ -851,14 +886,15 @@ dnl UnixWare 2.x
851AC_CHECK_FUNC(strcasecmp, 886AC_CHECK_FUNC(strcasecmp,
852 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ] 887 [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ]
853) 888)
854AC_CHECK_FUNC(utimes, 889AC_CHECK_FUNCS(utimes,
855 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES) 890 [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES)
856 LIBS="$LIBS -lc89"]) ] 891 LIBS="$LIBS -lc89"]) ]
857) 892)
858 893
859dnl Checks for libutil functions 894dnl Checks for libutil functions
860AC_CHECK_HEADERS(libutil.h) 895AC_CHECK_HEADERS(libutil.h)
861AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)]) 896AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN, 1,
897 [Define if your libraries define login()])])
862AC_CHECK_FUNCS(logout updwtmp logwtmp) 898AC_CHECK_FUNCS(logout updwtmp logwtmp)
863 899
864AC_FUNC_STRFTIME 900AC_FUNC_STRFTIME
@@ -873,7 +909,9 @@ AC_EGREP_CPP(FOUNDIT,
873 #endif 909 #endif
874 ], 910 ],
875 [ 911 [
876 AC_DEFINE(GLOB_HAS_ALTDIRFUNC) 912 AC_DEFINE(GLOB_HAS_ALTDIRFUNC, 1,
913 [Define if your system glob() function has
914 the GLOB_ALTDIRFUNC extension])
877 AC_MSG_RESULT(yes) 915 AC_MSG_RESULT(yes)
878 ], 916 ],
879 [ 917 [
@@ -889,7 +927,9 @@ AC_EGREP_CPP(FOUNDIT,
889 int main(void){glob_t g; g.gl_matchc = 1;} 927 int main(void){glob_t g; g.gl_matchc = 1;}
890 ], 928 ],
891 [ 929 [
892 AC_DEFINE(GLOB_HAS_GL_MATCHC) 930 AC_DEFINE(GLOB_HAS_GL_MATCHC, 1,
931 [Define if your system glob() function has
932 gl_matchc options in glob_t])
893 AC_MSG_RESULT(yes) 933 AC_MSG_RESULT(yes)
894 ], 934 ],
895 [ 935 [
@@ -907,7 +947,9 @@ int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
907 [AC_MSG_RESULT(yes)], 947 [AC_MSG_RESULT(yes)],
908 [ 948 [
909 AC_MSG_RESULT(no) 949 AC_MSG_RESULT(no)
910 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME) 950 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1,
951 [Define if your struct dirent expects you to
952 allocate extra space for d_name])
911 ], 953 ],
912 [ 954 [
913 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 955 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
@@ -917,7 +959,7 @@ int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
917 959
918AC_MSG_CHECKING([for /proc/pid/fd directory]) 960AC_MSG_CHECKING([for /proc/pid/fd directory])
919if test -d "/proc/$$/fd" ; then 961if test -d "/proc/$$/fd" ; then
920 AC_DEFINE(HAVE_PROC_PID) 962 AC_DEFINE(HAVE_PROC_PID, 1, [Define if you have /proc/$pid/fd])
921 AC_MSG_RESULT(yes) 963 AC_MSG_RESULT(yes)
922else 964else
923 AC_MSG_RESULT(no) 965 AC_MSG_RESULT(no)
@@ -935,17 +977,17 @@ AC_ARG_WITH(skey,
935 LDFLAGS="$LDFLAGS -L${withval}/lib" 977 LDFLAGS="$LDFLAGS -L${withval}/lib"
936 fi 978 fi
937 979
938 AC_DEFINE(SKEY) 980 AC_DEFINE(SKEY, 1, [Define if you want S/Key support])
939 LIBS="-lskey $LIBS" 981 LIBS="-lskey $LIBS"
940 SKEY_MSG="yes" 982 SKEY_MSG="yes"
941 983
942 AC_MSG_CHECKING([for s/key support]) 984 AC_MSG_CHECKING([for s/key support])
943 AC_TRY_RUN( 985 AC_LINK_IFELSE(
944 [ 986 [AC_LANG_SOURCE([[
945#include <stdio.h> 987#include <stdio.h>
946#include <skey.h> 988#include <skey.h>
947int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); } 989int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
948 ], 990 ]])],
949 [AC_MSG_RESULT(yes)], 991 [AC_MSG_RESULT(yes)],
950 [ 992 [
951 AC_MSG_RESULT(no) 993 AC_MSG_RESULT(no)
@@ -957,7 +999,9 @@ int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); }
957 #include <skey.h>], 999 #include <skey.h>],
958 [(void)skeychallenge(NULL,"name","",0);], 1000 [(void)skeychallenge(NULL,"name","",0);],
959 [AC_MSG_RESULT(yes) 1001 [AC_MSG_RESULT(yes)
960 AC_DEFINE(SKEYCHALLENGE_4ARG)], 1002 AC_DEFINE(SKEYCHALLENGE_4ARG, 1,
1003 [Define if your skeychallenge()
1004 function takes 4 arguments (NetBSD)])],
961 [AC_MSG_RESULT(no)] 1005 [AC_MSG_RESULT(no)]
962 ) 1006 )
963 fi 1007 fi
@@ -1008,7 +1052,9 @@ AC_ARG_WITH(tcp-wrappers,
1008 [hosts_access(0);], 1052 [hosts_access(0);],
1009 [ 1053 [
1010 AC_MSG_RESULT(yes) 1054 AC_MSG_RESULT(yes)
1011 AC_DEFINE(LIBWRAP) 1055 AC_DEFINE(LIBWRAP, 1,
1056 [Define if you want
1057 TCP Wrappers support])
1012 AC_SUBST(LIBWRAP) 1058 AC_SUBST(LIBWRAP)
1013 TCPW_MSG="yes" 1059 TCPW_MSG="yes"
1014 ], 1060 ],
@@ -1027,11 +1073,15 @@ AC_ARG_WITH(libedit,
1027 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 1073 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
1028 [ if test "x$withval" != "xno" ; then 1074 [ if test "x$withval" != "xno" ; then
1029 if test "x$withval" != "xyes"; then 1075 if test "x$withval" != "xyes"; then
1030 CPPFLAGS="$CPPFLAGS -I$withval/include" 1076 CPPFLAGS="$CPPFLAGS -I${withval}/include"
1031 LDFLAGS="$LDFLAGS -L$withval/lib" 1077 if test -n "${need_dash_r}"; then
1078 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
1079 else
1080 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
1081 fi
1032 fi 1082 fi
1033 AC_CHECK_LIB(edit, el_init, 1083 AC_CHECK_LIB(edit, el_init,
1034 [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp]) 1084 [ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
1035 LIBEDIT="-ledit -lcurses" 1085 LIBEDIT="-ledit -lcurses"
1036 LIBEDIT_MSG="yes" 1086 LIBEDIT_MSG="yes"
1037 AC_SUBST(LIBEDIT) 1087 AC_SUBST(LIBEDIT)
@@ -1075,12 +1125,12 @@ AC_ARG_WITH(audit,
1075 [AC_MSG_ERROR(BSM enabled and required function not found)]) 1125 [AC_MSG_ERROR(BSM enabled and required function not found)])
1076 # These are optional 1126 # These are optional
1077 AC_CHECK_FUNCS(getaudit_addr) 1127 AC_CHECK_FUNCS(getaudit_addr)
1078 AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module]) 1128 AC_DEFINE(USE_BSM_AUDIT, 1, [Use BSM audit module])
1079 ;; 1129 ;;
1080 debug) 1130 debug)
1081 AUDIT_MODULE=debug 1131 AUDIT_MODULE=debug
1082 AC_MSG_RESULT(debug) 1132 AC_MSG_RESULT(debug)
1083 AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module) 1133 AC_DEFINE(SSH_AUDIT_EVENTS, 1, Use audit debugging module)
1084 ;; 1134 ;;
1085 no) 1135 no)
1086 AC_MSG_RESULT(no) 1136 AC_MSG_RESULT(no)
@@ -1094,6 +1144,7 @@ AC_ARG_WITH(audit,
1094dnl Checks for library functions. Please keep in alphabetical order 1144dnl Checks for library functions. Please keep in alphabetical order
1095AC_CHECK_FUNCS( \ 1145AC_CHECK_FUNCS( \
1096 arc4random \ 1146 arc4random \
1147 asprintf \
1097 b64_ntop \ 1148 b64_ntop \
1098 __b64_ntop \ 1149 __b64_ntop \
1099 b64_pton \ 1150 b64_pton \
@@ -1169,7 +1220,7 @@ AC_CHECK_FUNCS( \
1169 truncate \ 1220 truncate \
1170 unsetenv \ 1221 unsetenv \
1171 updwtmpx \ 1222 updwtmpx \
1172 utimes \ 1223 vasprintf \
1173 vhangup \ 1224 vhangup \
1174 vsnprintf \ 1225 vsnprintf \
1175 waitpid \ 1226 waitpid \
@@ -1190,7 +1241,8 @@ str = gai_strerror(0);],[
1190 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1, 1241 AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
1191 [Define if gai_strerror() returns const char *])])]) 1242 [Define if gai_strerror() returns const char *])])])
1192 1243
1193AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP)) 1244AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP, 1,
1245 [Some systems put nanosleep outside of libc]))
1194 1246
1195dnl Make sure prototypes are defined for these before using them. 1247dnl Make sure prototypes are defined for these before using them.
1196AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)]) 1248AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
@@ -1222,7 +1274,8 @@ AC_CHECK_FUNCS(setresuid, [
1222int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);} 1274int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1223 ]])], 1275 ]])],
1224 [AC_MSG_RESULT(yes)], 1276 [AC_MSG_RESULT(yes)],
1225 [AC_DEFINE(BROKEN_SETRESUID) 1277 [AC_DEFINE(BROKEN_SETRESUID, 1,
1278 [Define if your setresuid() is broken])
1226 AC_MSG_RESULT(not implemented)], 1279 AC_MSG_RESULT(not implemented)],
1227 [AC_MSG_WARN([cross compiling: not checking setresuid])] 1280 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1228 ) 1281 )
@@ -1238,7 +1291,8 @@ AC_CHECK_FUNCS(setresgid, [
1238int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);} 1291int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);}
1239 ]])], 1292 ]])],
1240 [AC_MSG_RESULT(yes)], 1293 [AC_MSG_RESULT(yes)],
1241 [AC_DEFINE(BROKEN_SETRESGID) 1294 [AC_DEFINE(BROKEN_SETRESGID, 1,
1295 [Define if your setresgid() is broken])
1242 AC_MSG_RESULT(not implemented)], 1296 AC_MSG_RESULT(not implemented)],
1243 [AC_MSG_WARN([cross compiling: not checking setresuid])] 1297 [AC_MSG_WARN([cross compiling: not checking setresuid])]
1244 ) 1298 )
@@ -1254,13 +1308,16 @@ AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
1254AC_CHECK_FUNCS(setutxent utmpxname) 1308AC_CHECK_FUNCS(setutxent utmpxname)
1255 1309
1256AC_CHECK_FUNC(daemon, 1310AC_CHECK_FUNC(daemon,
1257 [AC_DEFINE(HAVE_DAEMON)], 1311 [AC_DEFINE(HAVE_DAEMON, 1, [Define if your libraries define daemon()])],
1258 [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])] 1312 [AC_CHECK_LIB(bsd, daemon,
1313 [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
1259) 1314)
1260 1315
1261AC_CHECK_FUNC(getpagesize, 1316AC_CHECK_FUNC(getpagesize,
1262 [AC_DEFINE(HAVE_GETPAGESIZE)], 1317 [AC_DEFINE(HAVE_GETPAGESIZE, 1,
1263 [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])] 1318 [Define if your libraries define getpagesize()])],
1319 [AC_CHECK_LIB(ucb, getpagesize,
1320 [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
1264) 1321)
1265 1322
1266# Check for broken snprintf 1323# Check for broken snprintf
@@ -1274,13 +1331,62 @@ int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
1274 [AC_MSG_RESULT(yes)], 1331 [AC_MSG_RESULT(yes)],
1275 [ 1332 [
1276 AC_MSG_RESULT(no) 1333 AC_MSG_RESULT(no)
1277 AC_DEFINE(BROKEN_SNPRINTF) 1334 AC_DEFINE(BROKEN_SNPRINTF, 1,
1335 [Define if your snprintf is busted])
1278 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) 1336 AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor])
1279 ], 1337 ],
1280 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] 1338 [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ]
1281 ) 1339 )
1282fi 1340fi
1283 1341
1342# If we don't have a working asprintf, then we strongly depend on vsnprintf
1343# returning the right thing on overflow: the number of characters it tried to
1344# create (as per SUSv3)
1345if test "x$ac_cv_func_asprintf" != "xyes" && \
1346 test "x$ac_cv_func_vsnprintf" = "xyes" ; then
1347 AC_MSG_CHECKING([whether vsnprintf returns correct values on overflow])
1348 AC_RUN_IFELSE(
1349 [AC_LANG_SOURCE([[
1350#include <sys/types.h>
1351#include <stdio.h>
1352#include <stdarg.h>
1353
1354int x_snprintf(char *str,size_t count,const char *fmt,...)
1355{
1356 size_t ret; va_list ap;
1357 va_start(ap, fmt); ret = vsnprintf(str, count, fmt, ap); va_end(ap);
1358 return ret;
1359}
1360int main(void)
1361{
1362 char x[1];
1363 exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1);
1364} ]])],
1365 [AC_MSG_RESULT(yes)],
1366 [
1367 AC_MSG_RESULT(no)
1368 AC_DEFINE(BROKEN_SNPRINTF, 1,
1369 [Define if your snprintf is busted])
1370 AC_MSG_WARN([****** Your vsnprintf() function is broken, complain to your vendor])
1371 ],
1372 [ AC_MSG_WARN([cross compiling: Assuming working vsnprintf()]) ]
1373 )
1374fi
1375
1376# On systems where [v]snprintf is broken, but is declared in stdio,
1377# check that the fmt argument is const char * or just char *.
1378# This is only useful for when BROKEN_SNPRINTF
1379AC_MSG_CHECKING([whether snprintf can declare const char *fmt])
1380AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#include <stdio.h>
1381 int snprintf(char *a, size_t b, const char *c, ...) { return 0; }
1382 int main(void) { snprintf(0, 0, 0); }
1383 ]])],
1384 [AC_MSG_RESULT(yes)
1385 AC_DEFINE(SNPRINTF_CONST, [const],
1386 [Define as const if snprintf() can declare const char *fmt])],
1387 [AC_MSG_RESULT(no)
1388 AC_DEFINE(SNPRINTF_CONST, [/* not const */])])
1389
1284# Check for missing getpeereid (or equiv) support 1390# Check for missing getpeereid (or equiv) support
1285NO_PEERCHECK="" 1391NO_PEERCHECK=""
1286if test "x$ac_cv_func_getpeereid" != "xyes" ; then 1392if test "x$ac_cv_func_getpeereid" != "xyes" ; then
@@ -1290,7 +1396,7 @@ if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1290 #include <sys/socket.h>], 1396 #include <sys/socket.h>],
1291 [int i = SO_PEERCRED;], 1397 [int i = SO_PEERCRED;],
1292 [ AC_MSG_RESULT(yes) 1398 [ AC_MSG_RESULT(yes)
1293 AC_DEFINE(HAVE_SO_PEERCRED, [], [Have PEERCRED socket option]) 1399 AC_DEFINE(HAVE_SO_PEERCRED, 1, [Have PEERCRED socket option])
1294 ], 1400 ],
1295 [AC_MSG_RESULT(no) 1401 [AC_MSG_RESULT(no)
1296 NO_PEERCHECK=1] 1402 NO_PEERCHECK=1]
@@ -1300,21 +1406,21 @@ fi
1300dnl see whether mkstemp() requires XXXXXX 1406dnl see whether mkstemp() requires XXXXXX
1301if test "x$ac_cv_func_mkdtemp" = "xyes" ; then 1407if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
1302AC_MSG_CHECKING([for (overly) strict mkstemp]) 1408AC_MSG_CHECKING([for (overly) strict mkstemp])
1303AC_TRY_RUN( 1409AC_RUN_IFELSE(
1304 [ 1410 [AC_LANG_SOURCE([[
1305#include <stdlib.h> 1411#include <stdlib.h>
1306main() { char template[]="conftest.mkstemp-test"; 1412main() { char template[]="conftest.mkstemp-test";
1307if (mkstemp(template) == -1) 1413if (mkstemp(template) == -1)
1308 exit(1); 1414 exit(1);
1309unlink(template); exit(0); 1415unlink(template); exit(0);
1310} 1416}
1311 ], 1417 ]])],
1312 [ 1418 [
1313 AC_MSG_RESULT(no) 1419 AC_MSG_RESULT(no)
1314 ], 1420 ],
1315 [ 1421 [
1316 AC_MSG_RESULT(yes) 1422 AC_MSG_RESULT(yes)
1317 AC_DEFINE(HAVE_STRICT_MKSTEMP) 1423 AC_DEFINE(HAVE_STRICT_MKSTEMP, 1, [Silly mkstemp()])
1318 ], 1424 ],
1319 [ 1425 [
1320 AC_MSG_RESULT(yes) 1426 AC_MSG_RESULT(yes)
@@ -1326,8 +1432,8 @@ fi
1326dnl make sure that openpty does not reacquire controlling terminal 1432dnl make sure that openpty does not reacquire controlling terminal
1327if test ! -z "$check_for_openpty_ctty_bug"; then 1433if test ! -z "$check_for_openpty_ctty_bug"; then
1328 AC_MSG_CHECKING(if openpty correctly handles controlling tty) 1434 AC_MSG_CHECKING(if openpty correctly handles controlling tty)
1329 AC_TRY_RUN( 1435 AC_RUN_IFELSE(
1330 [ 1436 [AC_LANG_SOURCE([[
1331#include <stdio.h> 1437#include <stdio.h>
1332#include <sys/fcntl.h> 1438#include <sys/fcntl.h>
1333#include <sys/types.h> 1439#include <sys/types.h>
@@ -1359,13 +1465,16 @@ main()
1359 exit(0); /* Did not acquire ctty: OK */ 1465 exit(0); /* Did not acquire ctty: OK */
1360 } 1466 }
1361} 1467}
1362 ], 1468 ]])],
1363 [ 1469 [
1364 AC_MSG_RESULT(yes) 1470 AC_MSG_RESULT(yes)
1365 ], 1471 ],
1366 [ 1472 [
1367 AC_MSG_RESULT(no) 1473 AC_MSG_RESULT(no)
1368 AC_DEFINE(SSHD_ACQUIRES_CTTY) 1474 AC_DEFINE(SSHD_ACQUIRES_CTTY)
1475 ],
1476 [
1477 AC_MSG_RESULT(cross-compiling, assuming yes)
1369 ] 1478 ]
1370 ) 1479 )
1371fi 1480fi
@@ -1373,8 +1482,8 @@ fi
1373if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 1482if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1374 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 1483 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1375 AC_MSG_CHECKING(if getaddrinfo seems to work) 1484 AC_MSG_CHECKING(if getaddrinfo seems to work)
1376 AC_TRY_RUN( 1485 AC_RUN_IFELSE(
1377 [ 1486 [AC_LANG_SOURCE([[
1378#include <stdio.h> 1487#include <stdio.h>
1379#include <sys/socket.h> 1488#include <sys/socket.h>
1380#include <netdb.h> 1489#include <netdb.h>
@@ -1428,13 +1537,16 @@ main(void)
1428 } 1537 }
1429 exit(0); 1538 exit(0);
1430} 1539}
1431 ], 1540 ]])],
1432 [ 1541 [
1433 AC_MSG_RESULT(yes) 1542 AC_MSG_RESULT(yes)
1434 ], 1543 ],
1435 [ 1544 [
1436 AC_MSG_RESULT(no) 1545 AC_MSG_RESULT(no)
1437 AC_DEFINE(BROKEN_GETADDRINFO) 1546 AC_DEFINE(BROKEN_GETADDRINFO)
1547 ],
1548 [
1549 AC_MSG_RESULT(cross-compiling, assuming yes)
1438 ] 1550 ]
1439 ) 1551 )
1440fi 1552fi
@@ -1442,8 +1554,8 @@ fi
1442if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ 1554if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1443 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then 1555 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1444 AC_MSG_CHECKING(if getaddrinfo seems to work) 1556 AC_MSG_CHECKING(if getaddrinfo seems to work)
1445 AC_TRY_RUN( 1557 AC_RUN_IFELSE(
1446 [ 1558 [AC_LANG_SOURCE([[
1447#include <stdio.h> 1559#include <stdio.h>
1448#include <sys/socket.h> 1560#include <sys/socket.h>
1449#include <netdb.h> 1561#include <netdb.h>
@@ -1485,15 +1597,18 @@ main(void)
1485 } 1597 }
1486 exit(0); 1598 exit(0);
1487} 1599}
1488 ], 1600 ]])],
1489 [ 1601 [
1490 AC_MSG_RESULT(yes) 1602 AC_MSG_RESULT(yes)
1491 AC_DEFINE(AIX_GETNAMEINFO_HACK, [], 1603 AC_DEFINE(AIX_GETNAMEINFO_HACK, 1,
1492[Define if you have a getaddrinfo that fails for the all-zeros IPv6 address]) 1604 [Define if you have a getaddrinfo that fails
1605 for the all-zeros IPv6 address])
1493 ], 1606 ],
1494 [ 1607 [
1495 AC_MSG_RESULT(no) 1608 AC_MSG_RESULT(no)
1496 AC_DEFINE(BROKEN_GETADDRINFO) 1609 AC_DEFINE(BROKEN_GETADDRINFO)
1610 ],
1611 AC_MSG_RESULT(cross-compiling, assuming no)
1497 ] 1612 ]
1498 ) 1613 )
1499fi 1614fi
@@ -1536,7 +1651,8 @@ AC_ARG_WITH(pam,
1536 1651
1537 PAM_MSG="yes" 1652 PAM_MSG="yes"
1538 1653
1539 AC_DEFINE(USE_PAM) 1654 AC_DEFINE(USE_PAM, 1,
1655 [Define if you want to enable PAM support])
1540 if test $ac_cv_lib_dl_dlopen = yes; then 1656 if test $ac_cv_lib_dl_dlopen = yes; then
1541 LIBPAM="-lpam -ldl" 1657 LIBPAM="-lpam -ldl"
1542 else 1658 else
@@ -1563,7 +1679,9 @@ if test "x$PAM_MSG" = "xyes" ; then
1563 [(void)pam_strerror((pam_handle_t *)NULL, -1);], 1679 [(void)pam_strerror((pam_handle_t *)NULL, -1);],
1564 [AC_MSG_RESULT(no)], 1680 [AC_MSG_RESULT(no)],
1565 [ 1681 [
1566 AC_DEFINE(HAVE_OLD_PAM) 1682 AC_DEFINE(HAVE_OLD_PAM, 1,
1683 [Define if you have an old version of PAM
1684 which takes only one argument to pam_strerror])
1567 AC_MSG_RESULT(yes) 1685 AC_MSG_RESULT(yes)
1568 PAM_MSG="yes (old library)" 1686 PAM_MSG="yes (old library)"
1569 ] 1687 ]
@@ -1603,7 +1721,9 @@ AC_ARG_WITH(ssl-dir,
1603 ] 1721 ]
1604) 1722)
1605LIBS="-lcrypto $LIBS" 1723LIBS="-lcrypto $LIBS"
1606AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL), 1724AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1,
1725 [Define if your ssl headers are included
1726 with #include <openssl/header.h>]),
1607 [ 1727 [
1608 dnl Check default openssl install dir 1728 dnl Check default openssl install dir
1609 if test -n "${need_dash_r}"; then 1729 if test -n "${need_dash_r}"; then
@@ -1713,6 +1833,24 @@ Also see contrib/findssl.sh for help identifying header/library mismatches.])
1713 ] 1833 ]
1714) 1834)
1715 1835
1836# Check for OpenSSL without EVP_aes_{192,256}_cbc
1837AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
1838AC_COMPILE_IFELSE(
1839 [AC_LANG_SOURCE([[
1840#include <string.h>
1841#include <openssl/evp.h>
1842int main(void) { exit(EVP_aes_192_cbc() == NULL || EVP_aes_256_cbc() == NULL);}
1843 ]])],
1844 [
1845 AC_MSG_RESULT(no)
1846 ],
1847 [
1848 AC_MSG_RESULT(yes)
1849 AC_DEFINE(OPENSSL_LOBOTOMISED_AES, 1,
1850 [libcrypto is missing AES 192 and 256 bit functions])
1851 ]
1852)
1853
1716# Some systems want crypt() from libcrypt, *not* the version in OpenSSL, 1854# Some systems want crypt() from libcrypt, *not* the version in OpenSSL,
1717# because the system crypt() is more featureful. 1855# because the system crypt() is more featureful.
1718if test "x$check_for_libcrypt_before" = "x1"; then 1856if test "x$check_for_libcrypt_before" = "x1"; then
@@ -1777,7 +1915,8 @@ AC_ARG_WITH(rand-helper,
1777# Which randomness source do we use? 1915# Which randomness source do we use?
1778if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then 1916if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1779 # OpenSSL only 1917 # OpenSSL only
1780 AC_DEFINE(OPENSSL_PRNG_ONLY) 1918 AC_DEFINE(OPENSSL_PRNG_ONLY, 1,
1919 [Define if you want OpenSSL's internally seeded PRNG only])
1781 RAND_MSG="OpenSSL internal ONLY" 1920 RAND_MSG="OpenSSL internal ONLY"
1782 INSTALL_SSH_RAND_HELPER="" 1921 INSTALL_SSH_RAND_HELPER=""
1783elif test ! -z "$USE_RAND_HELPER" ; then 1922elif test ! -z "$USE_RAND_HELPER" ; then
@@ -1805,7 +1944,8 @@ AC_ARG_WITH(prngd-port,
1805 esac 1944 esac
1806 if test ! -z "$withval" ; then 1945 if test ! -z "$withval" ; then
1807 PRNGD_PORT="$withval" 1946 PRNGD_PORT="$withval"
1808 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT) 1947 AC_DEFINE_UNQUOTED(PRNGD_PORT, $PRNGD_PORT,
1948 [Port number of PRNGD/EGD random number socket])
1809 fi 1949 fi
1810 ] 1950 ]
1811) 1951)
@@ -1836,7 +1976,8 @@ AC_ARG_WITH(prngd-socket,
1836 AC_MSG_WARN(Entropy socket is not readable) 1976 AC_MSG_WARN(Entropy socket is not readable)
1837 fi 1977 fi
1838 PRNGD_SOCKET="$withval" 1978 PRNGD_SOCKET="$withval"
1839 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET") 1979 AC_DEFINE_UNQUOTED(PRNGD_SOCKET, "$PRNGD_SOCKET",
1980 [Location of PRNGD/EGD random number socket])
1840 fi 1981 fi
1841 ], 1982 ],
1842 [ 1983 [
@@ -1871,7 +2012,8 @@ AC_ARG_WITH(entropy-timeout,
1871 fi 2012 fi
1872 ] 2013 ]
1873) 2014)
1874AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout) 2015AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout,
2016 [Builtin PRNG command timeout])
1875 2017
1876SSH_PRIVSEP_USER=sshd 2018SSH_PRIVSEP_USER=sshd
1877AC_ARG_WITH(privsep-user, 2019AC_ARG_WITH(privsep-user,
@@ -1883,7 +2025,8 @@ AC_ARG_WITH(privsep-user,
1883 fi 2025 fi
1884 ] 2026 ]
1885) 2027)
1886AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER") 2028AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER",
2029 [non-privileged user for privilege separation])
1887AC_SUBST(SSH_PRIVSEP_USER) 2030AC_SUBST(SSH_PRIVSEP_USER)
1888 2031
1889# We do this little dance with the search path to insure 2032# We do this little dance with the search path to insure
@@ -1941,7 +2084,10 @@ if test ! -z "$SONY" ; then
1941 LIBS="$LIBS -liberty"; 2084 LIBS="$LIBS -liberty";
1942fi 2085fi
1943 2086
1944# Checks for data types 2087# Check for long long datatypes
2088AC_CHECK_TYPES([long long, unsigned long long, long double])
2089
2090# Check datatype sizes
1945AC_CHECK_SIZEOF(char, 1) 2091AC_CHECK_SIZEOF(char, 1)
1946AC_CHECK_SIZEOF(short int, 2) 2092AC_CHECK_SIZEOF(short int, 2)
1947AC_CHECK_SIZEOF(int, 4) 2093AC_CHECK_SIZEOF(int, 4)
@@ -1953,6 +2099,84 @@ if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
1953 ac_cv_sizeof_long_long_int=0 2099 ac_cv_sizeof_long_long_int=0
1954fi 2100fi
1955 2101
2102# compute LLONG_MIN and LLONG_MAX if we don't know them.
2103if test -z "$have_llong_max"; then
2104 AC_MSG_CHECKING([for max value of long long])
2105 AC_RUN_IFELSE(
2106 [AC_LANG_SOURCE([[
2107#include <stdio.h>
2108/* Why is this so damn hard? */
2109#ifdef __GNUC__
2110# undef __GNUC__
2111#endif
2112#define __USE_ISOC99
2113#include <limits.h>
2114#define DATA "conftest.llminmax"
2115int main(void) {
2116 FILE *f;
2117 long long i, llmin, llmax = 0;
2118
2119 if((f = fopen(DATA,"w")) == NULL)
2120 exit(1);
2121
2122#if defined(LLONG_MIN) && defined(LLONG_MAX)
2123 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
2124 llmin = LLONG_MIN;
2125 llmax = LLONG_MAX;
2126#else
2127 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
2128 /* This will work on one's complement and two's complement */
2129 for (i = 1; i > llmax; i <<= 1, i++)
2130 llmax = i;
2131 llmin = llmax + 1LL; /* wrap */
2132#endif
2133
2134 /* Sanity check */
2135 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
2136 || llmax - 1 > llmax) {
2137 fprintf(f, "unknown unknown\n");
2138 exit(2);
2139 }
2140
2141 if (fprintf(f ,"%lld %lld", llmin, llmax) < 0)
2142 exit(3);
2143
2144 exit(0);
2145}
2146 ]])],
2147 [
2148 llong_min=`$AWK '{print $1}' conftest.llminmax`
2149 llong_max=`$AWK '{print $2}' conftest.llminmax`
2150
2151 # snprintf on some Tru64s doesn't understand "%lld"
2152 case "$host" in
2153 alpha-dec-osf*)
2154 if test "x$ac_cv_sizeof_long_long_int" = "x8" &&
2155 test "x$llong_max" = "xld"; then
2156 llong_min="-9223372036854775808"
2157 llong_max="9223372036854775807"
2158 fi
2159 ;;
2160 esac
2161
2162 AC_MSG_RESULT($llong_max)
2163 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
2164 [max value of long long calculated by configure])
2165 AC_MSG_CHECKING([for min value of long long])
2166 AC_MSG_RESULT($llong_min)
2167 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
2168 [min value of long long calculated by configure])
2169 ],
2170 [
2171 AC_MSG_RESULT(not found)
2172 ],
2173 [
2174 AC_MSG_WARN([cross compiling: not checking])
2175 ]
2176 )
2177fi
2178
2179
1956# More checks for data types 2180# More checks for data types
1957AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ 2181AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1958 AC_TRY_COMPILE( 2182 AC_TRY_COMPILE(
@@ -1963,7 +2187,7 @@ AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [
1963 ) 2187 )
1964]) 2188])
1965if test "x$ac_cv_have_u_int" = "xyes" ; then 2189if test "x$ac_cv_have_u_int" = "xyes" ; then
1966 AC_DEFINE(HAVE_U_INT) 2190 AC_DEFINE(HAVE_U_INT, 1, [define if you have u_int data type])
1967 have_u_int=1 2191 have_u_int=1
1968fi 2192fi
1969 2193
@@ -1976,7 +2200,7 @@ AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [
1976 ) 2200 )
1977]) 2201])
1978if test "x$ac_cv_have_intxx_t" = "xyes" ; then 2202if test "x$ac_cv_have_intxx_t" = "xyes" ; then
1979 AC_DEFINE(HAVE_INTXX_T) 2203 AC_DEFINE(HAVE_INTXX_T, 1, [define if you have intxx_t data type])
1980 have_intxx_t=1 2204 have_intxx_t=1
1981fi 2205fi
1982 2206
@@ -2013,7 +2237,7 @@ AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [
2013 ) 2237 )
2014]) 2238])
2015if test "x$ac_cv_have_int64_t" = "xyes" ; then 2239if test "x$ac_cv_have_int64_t" = "xyes" ; then
2016 AC_DEFINE(HAVE_INT64_T) 2240 AC_DEFINE(HAVE_INT64_T, 1, [define if you have int64_t data type])
2017fi 2241fi
2018 2242
2019AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ 2243AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
@@ -2025,7 +2249,7 @@ AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [
2025 ) 2249 )
2026]) 2250])
2027if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then 2251if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then
2028 AC_DEFINE(HAVE_U_INTXX_T) 2252 AC_DEFINE(HAVE_U_INTXX_T, 1, [define if you have u_intxx_t data type])
2029 have_u_intxx_t=1 2253 have_u_intxx_t=1
2030fi 2254fi
2031 2255
@@ -2051,7 +2275,7 @@ AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [
2051 ) 2275 )
2052]) 2276])
2053if test "x$ac_cv_have_u_int64_t" = "xyes" ; then 2277if test "x$ac_cv_have_u_int64_t" = "xyes" ; then
2054 AC_DEFINE(HAVE_U_INT64_T) 2278 AC_DEFINE(HAVE_U_INT64_T, 1, [define if you have u_int64_t data type])
2055 have_u_int64_t=1 2279 have_u_int64_t=1
2056fi 2280fi
2057 2281
@@ -2080,7 +2304,8 @@ if test -z "$have_u_intxx_t" ; then
2080 ) 2304 )
2081 ]) 2305 ])
2082 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then 2306 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then
2083 AC_DEFINE(HAVE_UINTXX_T) 2307 AC_DEFINE(HAVE_UINTXX_T, 1,
2308 [define if you have uintxx_t data type])
2084 fi 2309 fi
2085fi 2310fi
2086 2311
@@ -2131,7 +2356,7 @@ AC_CACHE_CHECK([for u_char], ac_cv_have_u_char, [
2131 ) 2356 )
2132]) 2357])
2133if test "x$ac_cv_have_u_char" = "xyes" ; then 2358if test "x$ac_cv_have_u_char" = "xyes" ; then
2134 AC_DEFINE(HAVE_U_CHAR) 2359 AC_DEFINE(HAVE_U_CHAR, 1, [define if you have u_char data type])
2135fi 2360fi
2136 2361
2137TYPE_SOCKLEN_T 2362TYPE_SOCKLEN_T
@@ -2153,7 +2378,7 @@ AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [
2153 ) 2378 )
2154]) 2379])
2155if test "x$ac_cv_have_size_t" = "xyes" ; then 2380if test "x$ac_cv_have_size_t" = "xyes" ; then
2156 AC_DEFINE(HAVE_SIZE_T) 2381 AC_DEFINE(HAVE_SIZE_T, 1, [define if you have size_t data type])
2157fi 2382fi
2158 2383
2159AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [ 2384AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
@@ -2167,7 +2392,7 @@ AC_CACHE_CHECK([for ssize_t], ac_cv_have_ssize_t, [
2167 ) 2392 )
2168]) 2393])
2169if test "x$ac_cv_have_ssize_t" = "xyes" ; then 2394if test "x$ac_cv_have_ssize_t" = "xyes" ; then
2170 AC_DEFINE(HAVE_SSIZE_T) 2395 AC_DEFINE(HAVE_SSIZE_T, 1, [define if you have ssize_t data type])
2171fi 2396fi
2172 2397
2173AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [ 2398AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
@@ -2181,7 +2406,7 @@ AC_CACHE_CHECK([for clock_t], ac_cv_have_clock_t, [
2181 ) 2406 )
2182]) 2407])
2183if test "x$ac_cv_have_clock_t" = "xyes" ; then 2408if test "x$ac_cv_have_clock_t" = "xyes" ; then
2184 AC_DEFINE(HAVE_CLOCK_T) 2409 AC_DEFINE(HAVE_CLOCK_T, 1, [define if you have clock_t data type])
2185fi 2410fi
2186 2411
2187AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [ 2412AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
@@ -2206,7 +2431,8 @@ AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
2206 ) 2431 )
2207]) 2432])
2208if test "x$ac_cv_have_sa_family_t" = "xyes" ; then 2433if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
2209 AC_DEFINE(HAVE_SA_FAMILY_T) 2434 AC_DEFINE(HAVE_SA_FAMILY_T, 1,
2435 [define if you have sa_family_t data type])
2210fi 2436fi
2211 2437
2212AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [ 2438AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
@@ -2220,7 +2446,7 @@ AC_CACHE_CHECK([for pid_t], ac_cv_have_pid_t, [
2220 ) 2446 )
2221]) 2447])
2222if test "x$ac_cv_have_pid_t" = "xyes" ; then 2448if test "x$ac_cv_have_pid_t" = "xyes" ; then
2223 AC_DEFINE(HAVE_PID_T) 2449 AC_DEFINE(HAVE_PID_T, 1, [define if you have pid_t data type])
2224fi 2450fi
2225 2451
2226AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [ 2452AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
@@ -2234,7 +2460,7 @@ AC_CACHE_CHECK([for mode_t], ac_cv_have_mode_t, [
2234 ) 2460 )
2235]) 2461])
2236if test "x$ac_cv_have_mode_t" = "xyes" ; then 2462if test "x$ac_cv_have_mode_t" = "xyes" ; then
2237 AC_DEFINE(HAVE_MODE_T) 2463 AC_DEFINE(HAVE_MODE_T, 1, [define if you have mode_t data type])
2238fi 2464fi
2239 2465
2240 2466
@@ -2250,7 +2476,8 @@ AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage
2250 ) 2476 )
2251]) 2477])
2252if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then 2478if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
2253 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE) 2479 AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
2480 [define if you have struct sockaddr_storage data type])
2254fi 2481fi
2255 2482
2256AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ 2483AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
@@ -2265,7 +2492,8 @@ AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
2265 ) 2492 )
2266]) 2493])
2267if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then 2494if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
2268 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6) 2495 AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6, 1,
2496 [define if you have struct sockaddr_in6 data type])
2269fi 2497fi
2270 2498
2271AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ 2499AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
@@ -2280,7 +2508,8 @@ AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
2280 ) 2508 )
2281]) 2509])
2282if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then 2510if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
2283 AC_DEFINE(HAVE_STRUCT_IN6_ADDR) 2511 AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1,
2512 [define if you have struct in6_addr data type])
2284fi 2513fi
2285 2514
2286AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ 2515AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
@@ -2296,7 +2525,8 @@ AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
2296 ) 2525 )
2297]) 2526])
2298if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then 2527if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
2299 AC_DEFINE(HAVE_STRUCT_ADDRINFO) 2528 AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1,
2529 [define if you have struct addrinfo data type])
2300fi 2530fi
2301 2531
2302AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ 2532AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
@@ -2308,7 +2538,7 @@ AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
2308 ) 2538 )
2309]) 2539])
2310if test "x$ac_cv_have_struct_timeval" = "xyes" ; then 2540if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
2311 AC_DEFINE(HAVE_STRUCT_TIMEVAL) 2541 AC_DEFINE(HAVE_STRUCT_TIMEVAL, 1, [define if you have struct timeval])
2312 have_struct_timeval=1 2542 have_struct_timeval=1
2313fi 2543fi
2314 2544
@@ -2373,6 +2603,17 @@ OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
2373OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX) 2603OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
2374 2604
2375AC_CHECK_MEMBERS([struct stat.st_blksize]) 2605AC_CHECK_MEMBERS([struct stat.st_blksize])
2606AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE(__res_state, state,
2607 [Define if we don't have struct __res_state in resolv.h])],
2608[
2609#include <stdio.h>
2610#if HAVE_SYS_TYPES_H
2611# include <sys/types.h>
2612#endif
2613#include <netinet/in.h>
2614#include <arpa/nameser.h>
2615#include <resolv.h>
2616])
2376 2617
2377AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], 2618AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2378 ac_cv_have_ss_family_in_struct_ss, [ 2619 ac_cv_have_ss_family_in_struct_ss, [
@@ -2387,7 +2628,7 @@ AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
2387 ) 2628 )
2388]) 2629])
2389if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then 2630if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
2390 AC_DEFINE(HAVE_SS_FAMILY_IN_SS) 2631 AC_DEFINE(HAVE_SS_FAMILY_IN_SS, 1, [Fields in struct sockaddr_storage])
2391fi 2632fi
2392 2633
2393AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], 2634AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
@@ -2403,7 +2644,8 @@ AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
2403 ) 2644 )
2404]) 2645])
2405if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then 2646if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then
2406 AC_DEFINE(HAVE___SS_FAMILY_IN_SS) 2647 AC_DEFINE(HAVE___SS_FAMILY_IN_SS, 1,
2648 [Fields in struct sockaddr_storage])
2407fi 2649fi
2408 2650
2409AC_CACHE_CHECK([for pw_class field in struct passwd], 2651AC_CACHE_CHECK([for pw_class field in struct passwd],
@@ -2418,7 +2660,8 @@ AC_CACHE_CHECK([for pw_class field in struct passwd],
2418 ) 2660 )
2419]) 2661])
2420if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then 2662if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then
2421 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD) 2663 AC_DEFINE(HAVE_PW_CLASS_IN_PASSWD, 1,
2664 [Define if your password has a pw_class field])
2422fi 2665fi
2423 2666
2424AC_CACHE_CHECK([for pw_expire field in struct passwd], 2667AC_CACHE_CHECK([for pw_expire field in struct passwd],
@@ -2433,7 +2676,8 @@ AC_CACHE_CHECK([for pw_expire field in struct passwd],
2433 ) 2676 )
2434]) 2677])
2435if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then 2678if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then
2436 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD) 2679 AC_DEFINE(HAVE_PW_EXPIRE_IN_PASSWD, 1,
2680 [Define if your password has a pw_expire field])
2437fi 2681fi
2438 2682
2439AC_CACHE_CHECK([for pw_change field in struct passwd], 2683AC_CACHE_CHECK([for pw_change field in struct passwd],
@@ -2448,7 +2692,8 @@ AC_CACHE_CHECK([for pw_change field in struct passwd],
2448 ) 2692 )
2449]) 2693])
2450if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then 2694if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then
2451 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD) 2695 AC_DEFINE(HAVE_PW_CHANGE_IN_PASSWD, 1,
2696 [Define if your password has a pw_change field])
2452fi 2697fi
2453 2698
2454dnl make sure we're using the real structure members and not defines 2699dnl make sure we're using the real structure members and not defines
@@ -2474,7 +2719,9 @@ exit(0);
2474 ) 2719 )
2475]) 2720])
2476if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then 2721if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then
2477 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR) 2722 AC_DEFINE(HAVE_ACCRIGHTS_IN_MSGHDR, 1,
2723 [Define if your system uses access rights style
2724 file descriptor passing])
2478fi 2725fi
2479 2726
2480AC_CACHE_CHECK([for msg_control field in struct msghdr], 2727AC_CACHE_CHECK([for msg_control field in struct msghdr],
@@ -2499,7 +2746,9 @@ exit(0);
2499 ) 2746 )
2500]) 2747])
2501if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then 2748if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then
2502 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR) 2749 AC_DEFINE(HAVE_CONTROL_IN_MSGHDR, 1,
2750 [Define if your system uses ancillary data style
2751 file descriptor passing])
2503fi 2752fi
2504 2753
2505AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ 2754AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
@@ -2510,7 +2759,7 @@ AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
2510 ) 2759 )
2511]) 2760])
2512if test "x$ac_cv_libc_defines___progname" = "xyes" ; then 2761if test "x$ac_cv_libc_defines___progname" = "xyes" ; then
2513 AC_DEFINE(HAVE___PROGNAME) 2762 AC_DEFINE(HAVE___PROGNAME, 1, [Define if libc defines __progname])
2514fi 2763fi
2515 2764
2516AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ 2765AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [
@@ -2523,7 +2772,8 @@ AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNC
2523 ) 2772 )
2524]) 2773])
2525if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then 2774if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then
2526 AC_DEFINE(HAVE___FUNCTION__) 2775 AC_DEFINE(HAVE___FUNCTION__, 1,
2776 [Define if compiler implements __FUNCTION__])
2527fi 2777fi
2528 2778
2529AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ 2779AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [
@@ -2536,7 +2786,33 @@ AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__,
2536 ) 2786 )
2537]) 2787])
2538if test "x$ac_cv_cc_implements___func__" = "xyes" ; then 2788if test "x$ac_cv_cc_implements___func__" = "xyes" ; then
2539 AC_DEFINE(HAVE___func__) 2789 AC_DEFINE(HAVE___func__, 1, [Define if compiler implements __func__])
2790fi
2791
2792AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
2793 AC_TRY_LINK(
2794 [#include <stdarg.h>
2795 va_list x,y;],
2796 [va_copy(x,y);],
2797 [ ac_cv_have_va_copy="yes" ],
2798 [ ac_cv_have_va_copy="no" ]
2799 )
2800])
2801if test "x$ac_cv_have_va_copy" = "xyes" ; then
2802 AC_DEFINE(HAVE_VA_COPY, 1, [Define if va_copy exists])
2803fi
2804
2805AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
2806 AC_TRY_LINK(
2807 [#include <stdarg.h>
2808 va_list x,y;],
2809 [__va_copy(x,y);],
2810 [ ac_cv_have___va_copy="yes" ],
2811 [ ac_cv_have___va_copy="no" ]
2812 )
2813])
2814if test "x$ac_cv_have___va_copy" = "xyes" ; then
2815 AC_DEFINE(HAVE___VA_COPY, 1, [Define if __va_copy exists])
2540fi 2816fi
2541 2817
2542AC_CACHE_CHECK([whether getopt has optreset support], 2818AC_CACHE_CHECK([whether getopt has optreset support],
@@ -2551,7 +2827,8 @@ AC_CACHE_CHECK([whether getopt has optreset support],
2551 ) 2827 )
2552]) 2828])
2553if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then 2829if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then
2554 AC_DEFINE(HAVE_GETOPT_OPTRESET) 2830 AC_DEFINE(HAVE_GETOPT_OPTRESET, 1,
2831 [Define if your getopt(3) defines and uses optreset])
2555fi 2832fi
2556 2833
2557AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ 2834AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
@@ -2562,7 +2839,8 @@ AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
2562 ) 2839 )
2563]) 2840])
2564if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then 2841if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then
2565 AC_DEFINE(HAVE_SYS_ERRLIST) 2842 AC_DEFINE(HAVE_SYS_ERRLIST, 1,
2843 [Define if your system defines sys_errlist[]])
2566fi 2844fi
2567 2845
2568 2846
@@ -2574,7 +2852,7 @@ AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
2574 ) 2852 )
2575]) 2853])
2576if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then 2854if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then
2577 AC_DEFINE(HAVE_SYS_NERR) 2855 AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr])
2578fi 2856fi
2579 2857
2580SCARD_MSG="no" 2858SCARD_MSG="no"
@@ -2601,8 +2879,11 @@ AC_ARG_WITH(sectok,
2601 if test "$ac_cv_lib_sectok_sectok_open" != yes; then 2879 if test "$ac_cv_lib_sectok_sectok_open" != yes; then
2602 AC_MSG_ERROR(Can't find libsectok) 2880 AC_MSG_ERROR(Can't find libsectok)
2603 fi 2881 fi
2604 AC_DEFINE(SMARTCARD) 2882 AC_DEFINE(SMARTCARD, 1,
2605 AC_DEFINE(USE_SECTOK) 2883 [Define if you want smartcard support])
2884 AC_DEFINE(USE_SECTOK, 1,
2885 [Define if you want smartcard support
2886 using sectok])
2606 SCARD_MSG="yes, using sectok" 2887 SCARD_MSG="yes, using sectok"
2607 fi 2888 fi
2608 ] 2889 ]
@@ -2611,7 +2892,7 @@ AC_ARG_WITH(sectok,
2611# Check whether user wants OpenSC support 2892# Check whether user wants OpenSC support
2612OPENSC_CONFIG="no" 2893OPENSC_CONFIG="no"
2613AC_ARG_WITH(opensc, 2894AC_ARG_WITH(opensc,
2614 [--with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)], 2895 [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2615 [ 2896 [
2616 if test "x$withval" != "xno" ; then 2897 if test "x$withval" != "xno" ; then
2617 if test "x$withval" != "xyes" ; then 2898 if test "x$withval" != "xyes" ; then
@@ -2625,7 +2906,9 @@ AC_ARG_WITH(opensc,
2625 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS" 2906 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2626 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS" 2907 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2627 AC_DEFINE(SMARTCARD) 2908 AC_DEFINE(SMARTCARD)
2628 AC_DEFINE(USE_OPENSC) 2909 AC_DEFINE(USE_OPENSC, 1,
2910 [Define if you want smartcard support
2911 using OpenSC])
2629 SCARD_MSG="yes, using OpenSC" 2912 SCARD_MSG="yes, using OpenSC"
2630 fi 2913 fi
2631 fi 2914 fi
@@ -2634,7 +2917,8 @@ AC_ARG_WITH(opensc,
2634 2917
2635# Check libraries needed by DNS fingerprint support 2918# Check libraries needed by DNS fingerprint support
2636AC_SEARCH_LIBS(getrrsetbyname, resolv, 2919AC_SEARCH_LIBS(getrrsetbyname, resolv,
2637 [AC_DEFINE(HAVE_GETRRSETBYNAME)], 2920 [AC_DEFINE(HAVE_GETRRSETBYNAME, 1,
2921 [Define if getrrsetbyname() exists])],
2638 [ 2922 [
2639 # Needed by our getrrsetbyname() 2923 # Needed by our getrrsetbyname()
2640 AC_SEARCH_LIBS(res_query, resolv) 2924 AC_SEARCH_LIBS(res_query, resolv)
@@ -2663,7 +2947,8 @@ int main()
2663 [#include <sys/types.h> 2947 [#include <sys/types.h>
2664 #include <arpa/nameser.h>]) 2948 #include <arpa/nameser.h>])
2665 AC_CHECK_MEMBER(HEADER.ad, 2949 AC_CHECK_MEMBER(HEADER.ad,
2666 [AC_DEFINE(HAVE_HEADER_AD)],, 2950 [AC_DEFINE(HAVE_HEADER_AD, 1,
2951 [Define if HEADER.ad exists in arpa/nameser.h])],,
2667 [#include <arpa/nameser.h>]) 2952 [#include <arpa/nameser.h>])
2668 ]) 2953 ])
2669 2954
@@ -2678,7 +2963,7 @@ AC_ARG_WITH(kerberos5,
2678 KRB5ROOT=${withval} 2963 KRB5ROOT=${withval}
2679 fi 2964 fi
2680 2965
2681 AC_DEFINE(KRB5) 2966 AC_DEFINE(KRB5, 1, [Define if you want Kerberos 5 support])
2682 KRB5_MSG="yes" 2967 KRB5_MSG="yes"
2683 2968
2684 AC_MSG_CHECKING(for krb5-config) 2969 AC_MSG_CHECKING(for krb5-config)
@@ -2689,7 +2974,9 @@ AC_ARG_WITH(kerberos5,
2689 AC_MSG_CHECKING(for gssapi support) 2974 AC_MSG_CHECKING(for gssapi support)
2690 if $KRB5CONF | grep gssapi >/dev/null ; then 2975 if $KRB5CONF | grep gssapi >/dev/null ; then
2691 AC_MSG_RESULT(yes) 2976 AC_MSG_RESULT(yes)
2692 AC_DEFINE(GSSAPI) 2977 AC_DEFINE(GSSAPI, 1,
2978 [Define this if you want GSSAPI
2979 support in the version 2 protocol])
2693 k5confopts=gssapi 2980 k5confopts=gssapi
2694 else 2981 else
2695 AC_MSG_RESULT(no) 2982 AC_MSG_RESULT(no)
@@ -2702,7 +2989,9 @@ AC_ARG_WITH(kerberos5,
2702 AC_TRY_COMPILE([ #include <krb5.h> ], 2989 AC_TRY_COMPILE([ #include <krb5.h> ],
2703 [ char *tmp = heimdal_version; ], 2990 [ char *tmp = heimdal_version; ],
2704 [ AC_MSG_RESULT(yes) 2991 [ AC_MSG_RESULT(yes)
2705 AC_DEFINE(HEIMDAL) ], 2992 AC_DEFINE(HEIMDAL, 1,
2993 [Define this if you are using the
2994 Heimdal version of Kerberos V5]) ],
2706 AC_MSG_RESULT(no) 2995 AC_MSG_RESULT(no)
2707 ) 2996 )
2708 else 2997 else
@@ -2757,14 +3046,15 @@ AC_ARG_WITH(kerberos5,
2757 if test ! -z "$blibpath" ; then 3046 if test ! -z "$blibpath" ; then
2758 blibpath="$blibpath:${KRB5ROOT}/lib" 3047 blibpath="$blibpath:${KRB5ROOT}/lib"
2759 fi 3048 fi
2760 fi
2761 3049
2762 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h) 3050 AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h)
2763 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h) 3051 AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h)
2764 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h) 3052 AC_CHECK_HEADERS(gssapi_generic.h gssapi/gssapi_generic.h)
2765 3053
2766 LIBS="$LIBS $K5LIBS" 3054 LIBS="$LIBS $K5LIBS"
2767 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS)) 3055 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS, 1,
3056 [Define this if you want to use libkafs' AFS support]))
3057 fi
2768 ] 3058 ]
2769) 3059)
2770 3060
@@ -2818,7 +3108,8 @@ if test -z "$xauth_path" ; then
2818 XAUTH_PATH="undefined" 3108 XAUTH_PATH="undefined"
2819 AC_SUBST(XAUTH_PATH) 3109 AC_SUBST(XAUTH_PATH)
2820else 3110else
2821 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path") 3111 AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path",
3112 [Define if xauth is found in your path])
2822 XAUTH_PATH=$xauth_path 3113 XAUTH_PATH=$xauth_path
2823 AC_SUBST(XAUTH_PATH) 3114 AC_SUBST(XAUTH_PATH)
2824fi 3115fi
@@ -2826,7 +3117,8 @@ fi
2826# Check for mail directory (last resort if we cannot get it from headers) 3117# Check for mail directory (last resort if we cannot get it from headers)
2827if test ! -z "$MAIL" ; then 3118if test ! -z "$MAIL" ; then
2828 maildir=`dirname $MAIL` 3119 maildir=`dirname $MAIL`
2829 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir") 3120 AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir",
3121 [Set this to your mail directory if you don't have maillock.h])
2830fi 3122fi
2831 3123
2832if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then 3124if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then
@@ -2837,7 +3129,8 @@ if test -z "$no_dev_ptmx" ; then
2837 if test "x$disable_ptmx_check" != "xyes" ; then 3129 if test "x$disable_ptmx_check" != "xyes" ; then
2838 AC_CHECK_FILE("/dev/ptmx", 3130 AC_CHECK_FILE("/dev/ptmx",
2839 [ 3131 [
2840 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX) 3132 AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX, 1,
3133 [Define if you have /dev/ptmx])
2841 have_dev_ptmx=1 3134 have_dev_ptmx=1
2842 ] 3135 ]
2843 ) 3136 )
@@ -2847,7 +3140,8 @@ fi
2847if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then 3140if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then
2848 AC_CHECK_FILE("/dev/ptc", 3141 AC_CHECK_FILE("/dev/ptc",
2849 [ 3142 [
2850 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC) 3143 AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC, 1,
3144 [Define if you have /dev/ptc])
2851 have_dev_ptc=1 3145 have_dev_ptc=1
2852 ] 3146 ]
2853 ) 3147 )
@@ -2894,7 +3188,8 @@ AC_ARG_WITH(md5-passwords,
2894 [ --with-md5-passwords Enable use of MD5 passwords], 3188 [ --with-md5-passwords Enable use of MD5 passwords],
2895 [ 3189 [
2896 if test "x$withval" != "xno" ; then 3190 if test "x$withval" != "xno" ; then
2897 AC_DEFINE(HAVE_MD5_PASSWORDS) 3191 AC_DEFINE(HAVE_MD5_PASSWORDS, 1,
3192 [Define if you want to allow MD5 passwords])
2898 MD5_MSG="yes" 3193 MD5_MSG="yes"
2899 fi 3194 fi
2900 ] 3195 ]
@@ -2924,7 +3219,8 @@ if test -z "$disable_shadow" ; then
2924 3219
2925 if test "x$sp_expire_available" = "xyes" ; then 3220 if test "x$sp_expire_available" = "xyes" ; then
2926 AC_MSG_RESULT(yes) 3221 AC_MSG_RESULT(yes)
2927 AC_DEFINE(HAS_SHADOW_EXPIRE) 3222 AC_DEFINE(HAS_SHADOW_EXPIRE, 1,
3223 [Define if you want to use shadow password expire field])
2928 else 3224 else
2929 AC_MSG_RESULT(no) 3225 AC_MSG_RESULT(no)
2930 fi 3226 fi
@@ -2933,7 +3229,9 @@ fi
2933# Use ip address instead of hostname in $DISPLAY 3229# Use ip address instead of hostname in $DISPLAY
2934if test ! -z "$IPADDR_IN_DISPLAY" ; then 3230if test ! -z "$IPADDR_IN_DISPLAY" ; then
2935 DISPLAY_HACK_MSG="yes" 3231 DISPLAY_HACK_MSG="yes"
2936 AC_DEFINE(IPADDR_IN_DISPLAY) 3232 AC_DEFINE(IPADDR_IN_DISPLAY, 1,
3233 [Define if you need to use IP address
3234 instead of hostname in $DISPLAY])
2937else 3235else
2938 DISPLAY_HACK_MSG="no" 3236 DISPLAY_HACK_MSG="no"
2939 AC_ARG_WITH(ipaddr-display, 3237 AC_ARG_WITH(ipaddr-display,
@@ -2956,17 +3254,21 @@ AC_ARG_ENABLE(etc-default-login,
2956 else 3254 else
2957 etc_default_login=yes 3255 etc_default_login=yes
2958 fi ], 3256 fi ],
2959 [ etc_default_login=yes ] 3257 [ if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes";
3258 then
3259 AC_MSG_WARN([cross compiling: not checking /etc/default/login])
3260 etc_default_login=no
3261 else
3262 etc_default_login=yes
3263 fi ]
2960) 3264)
2961 3265
2962if test "x$etc_default_login" != "xno"; then 3266if test "x$etc_default_login" != "xno"; then
2963 AC_CHECK_FILE("/etc/default/login", 3267 AC_CHECK_FILE("/etc/default/login",
2964 [ external_path_file=/etc/default/login ]) 3268 [ external_path_file=/etc/default/login ])
2965 if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; 3269 if test "x$external_path_file" = "x/etc/default/login"; then
2966 then 3270 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN, 1,
2967 AC_MSG_WARN([cross compiling: Disabling /etc/default/login test]) 3271 [Define if your system has /etc/default/login])
2968 elif test "x$external_path_file" = "x/etc/default/login"; then
2969 AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN)
2970 fi 3272 fi
2971fi 3273fi
2972 3274
@@ -3003,8 +3305,8 @@ $external_path_file .])
3003If PATH is defined in $external_path_file, ensure the path to scp is included, 3305If PATH is defined in $external_path_file, ensure the path to scp is included,
3004otherwise scp will not work.]) 3306otherwise scp will not work.])
3005 fi 3307 fi
3006 AC_TRY_RUN( 3308 AC_RUN_IFELSE(
3007 [ 3309 [AC_LANG_SOURCE([[
3008/* find out what STDPATH is */ 3310/* find out what STDPATH is */
3009#include <stdio.h> 3311#include <stdio.h>
3010#ifdef HAVE_PATHS_H 3312#ifdef HAVE_PATHS_H
@@ -3036,7 +3338,8 @@ main()
3036 3338
3037 exit(0); 3339 exit(0);
3038} 3340}
3039 ], [ user_path=`cat conftest.stdpath` ], 3341 ]])],
3342 [ user_path=`cat conftest.stdpath` ],
3040 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ], 3343 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ],
3041 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ] 3344 [ user_path="/usr/bin:/bin:/usr/sbin:/sbin" ]
3042 ) 3345 )
@@ -3059,7 +3362,7 @@ main()
3059 fi ] 3362 fi ]
3060) 3363)
3061if test "x$external_path_file" != "x/etc/login.conf" ; then 3364if test "x$external_path_file" != "x/etc/login.conf" ; then
3062 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path") 3365 AC_DEFINE_UNQUOTED(USER_PATH, "$user_path", [Specify default $PATH])
3063 AC_SUBST(user_path) 3366 AC_SUBST(user_path)
3064fi 3367fi
3065 3368
@@ -3069,7 +3372,9 @@ AC_ARG_WITH(superuser-path,
3069 [ 3372 [
3070 if test -n "$withval" && test "x$withval" != "xno" && \ 3373 if test -n "$withval" && test "x$withval" != "xno" && \
3071 test "x${withval}" != "xyes"; then 3374 test "x${withval}" != "xyes"; then
3072 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval") 3375 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval",
3376 [Define if you want a different $PATH
3377 for the superuser])
3073 superuser_path=$withval 3378 superuser_path=$withval
3074 fi 3379 fi
3075 ] 3380 ]
@@ -3083,7 +3388,9 @@ AC_ARG_WITH(4in6,
3083 [ 3388 [
3084 if test "x$withval" != "xno" ; then 3389 if test "x$withval" != "xno" ; then
3085 AC_MSG_RESULT(yes) 3390 AC_MSG_RESULT(yes)
3086 AC_DEFINE(IPV4_IN_IPV6) 3391 AC_DEFINE(IPV4_IN_IPV6, 1,
3392 [Detect IPv4 in IPv6 mapped addresses
3393 and treat as IPv4])
3087 IPV4_IN6_HACK_MSG="yes" 3394 IPV4_IN6_HACK_MSG="yes"
3088 else 3395 else
3089 AC_MSG_RESULT(no) 3396 AC_MSG_RESULT(no)
@@ -3105,7 +3412,8 @@ AC_ARG_WITH(bsd-auth,
3105 [ --with-bsd-auth Enable BSD auth support], 3412 [ --with-bsd-auth Enable BSD auth support],
3106 [ 3413 [
3107 if test "x$withval" != "xno" ; then 3414 if test "x$withval" != "xno" ; then
3108 AC_DEFINE(BSD_AUTH) 3415 AC_DEFINE(BSD_AUTH, 1,
3416 [Define if you have BSD auth support])
3109 BSD_AUTH_MSG=yes 3417 BSD_AUTH_MSG=yes
3110 fi 3418 fi
3111 ] 3419 ]
@@ -3134,7 +3442,7 @@ AC_ARG_WITH(pid-dir,
3134 ] 3442 ]
3135) 3443)
3136 3444
3137AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir") 3445AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir", [Specify location of ssh.pid])
3138AC_SUBST(piddir) 3446AC_SUBST(piddir)
3139 3447
3140dnl allow user to disable some login recording features 3448dnl allow user to disable some login recording features
@@ -3158,7 +3466,8 @@ AC_ARG_ENABLE(utmpx,
3158 [ --disable-utmpx disable use of utmpx even if detected [no]], 3466 [ --disable-utmpx disable use of utmpx even if detected [no]],
3159 [ 3467 [
3160 if test "x$enableval" = "xno" ; then 3468 if test "x$enableval" = "xno" ; then
3161 AC_DEFINE(DISABLE_UTMPX) 3469 AC_DEFINE(DISABLE_UTMPX, 1,
3470 [Define if you don't want to use utmpx])
3162 fi 3471 fi
3163 ] 3472 ]
3164) 3473)
@@ -3174,7 +3483,8 @@ AC_ARG_ENABLE(wtmpx,
3174 [ --disable-wtmpx disable use of wtmpx even if detected [no]], 3483 [ --disable-wtmpx disable use of wtmpx even if detected [no]],
3175 [ 3484 [
3176 if test "x$enableval" = "xno" ; then 3485 if test "x$enableval" = "xno" ; then
3177 AC_DEFINE(DISABLE_WTMPX) 3486 AC_DEFINE(DISABLE_WTMPX, 1,
3487 [Define if you don't want to use wtmpx])
3178 fi 3488 fi
3179 ] 3489 ]
3180) 3490)
@@ -3190,7 +3500,9 @@ AC_ARG_ENABLE(pututline,
3190 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], 3500 [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]],
3191 [ 3501 [
3192 if test "x$enableval" = "xno" ; then 3502 if test "x$enableval" = "xno" ; then
3193 AC_DEFINE(DISABLE_PUTUTLINE) 3503 AC_DEFINE(DISABLE_PUTUTLINE, 1,
3504 [Define if you don't want to use pututline()
3505 etc. to write [uw]tmp])
3194 fi 3506 fi
3195 ] 3507 ]
3196) 3508)
@@ -3198,7 +3510,9 @@ AC_ARG_ENABLE(pututxline,
3198 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]], 3510 [ --disable-pututxline disable use of pututxline() etc. ([uw]tmpx) [no]],
3199 [ 3511 [
3200 if test "x$enableval" = "xno" ; then 3512 if test "x$enableval" = "xno" ; then
3201 AC_DEFINE(DISABLE_PUTUTXLINE) 3513 AC_DEFINE(DISABLE_PUTUTXLINE, 1,
3514 [Define if you don't want to use pututxline()
3515 etc. to write [uw]tmpx])
3202 fi 3516 fi
3203 ] 3517 ]
3204) 3518)
@@ -3273,7 +3587,8 @@ if test -z "$conf_lastlog_location"; then
3273fi 3587fi
3274 3588
3275if test -n "$conf_lastlog_location"; then 3589if test -n "$conf_lastlog_location"; then
3276 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location") 3590 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location",
3591 [Define if you want to specify the path to your lastlog file])
3277fi 3592fi
3278 3593
3279dnl utmp detection 3594dnl utmp detection
@@ -3303,7 +3618,8 @@ if test -z "$conf_utmp_location"; then
3303 fi 3618 fi
3304fi 3619fi
3305if test -n "$conf_utmp_location"; then 3620if test -n "$conf_utmp_location"; then
3306 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location") 3621 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location",
3622 [Define if you want to specify the path to your utmp file])
3307fi 3623fi
3308 3624
3309dnl wtmp detection 3625dnl wtmp detection
@@ -3333,7 +3649,8 @@ if test -z "$conf_wtmp_location"; then
3333 fi 3649 fi
3334fi 3650fi
3335if test -n "$conf_wtmp_location"; then 3651if test -n "$conf_wtmp_location"; then
3336 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location") 3652 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location",
3653 [Define if you want to specify the path to your wtmp file])
3337fi 3654fi
3338 3655
3339 3656
@@ -3361,7 +3678,8 @@ if test -z "$conf_utmpx_location"; then
3361 AC_DEFINE(DISABLE_UTMPX) 3678 AC_DEFINE(DISABLE_UTMPX)
3362 fi 3679 fi
3363else 3680else
3364 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location") 3681 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
3682 [Define if you want to specify the path to your utmpx file])
3365fi 3683fi
3366 3684
3367dnl wtmpx detection 3685dnl wtmpx detection
@@ -3386,7 +3704,8 @@ if test -z "$conf_wtmpx_location"; then
3386 AC_DEFINE(DISABLE_WTMPX) 3704 AC_DEFINE(DISABLE_WTMPX)
3387 fi 3705 fi
3388else 3706else
3389 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location") 3707 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location",
3708 [Define if you want to specify the path to your wtmpx file])
3390fi 3709fi
3391 3710
3392 3711
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec
index bfde0fefc..09c08f194 100644
--- a/contrib/caldera/openssh.spec
+++ b/contrib/caldera/openssh.spec
@@ -17,7 +17,7 @@
17#old cvs stuff. please update before use. may be deprecated. 17#old cvs stuff. please update before use. may be deprecated.
18%define use_stable 1 18%define use_stable 1
19%if %{use_stable} 19%if %{use_stable}
20 %define version 4.2p1 20 %define version 4.3p2
21 %define cvs %{nil} 21 %define cvs %{nil}
22 %define release 1 22 %define release 1
23%else 23%else
@@ -357,4 +357,4 @@ fi
357* Mon Jan 01 1998 ... 357* Mon Jan 01 1998 ...
358Template Version: 1.31 358Template Version: 1.31
359 359
360$Id: openssh.spec,v 1.55 2005/09/01 09:10:49 djm Exp $ 360$Id: openssh.spec,v 1.56.2.1 2006/02/11 00:00:45 djm Exp $
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config
index fbfb5c195..0540890e6 100644
--- a/contrib/cygwin/ssh-host-config
+++ b/contrib/cygwin/ssh-host-config
@@ -551,14 +551,14 @@ then
551 [ -z "${_cygwin}" ] && _cygwin="ntsec" 551 [ -z "${_cygwin}" ] && _cygwin="ntsec"
552 if [ $_nt2003 -gt 0 -a "${sshd_server_in_sam}" = "yes" ] 552 if [ $_nt2003 -gt 0 -a "${sshd_server_in_sam}" = "yes" ]
553 then 553 then
554 if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -u sshd_server -w "${_password}" -e "CYGWIN=${_cygwin}" 554 if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -u sshd_server -w "${_password}" -e "CYGWIN=${_cygwin}" -y tcpip
555 then 555 then
556 echo 556 echo
557 echo "The service has been installed under sshd_server account." 557 echo "The service has been installed under sshd_server account."
558 echo "To start the service, call \`net start sshd' or \`cygrunsrv -S sshd'." 558 echo "To start the service, call \`net start sshd' or \`cygrunsrv -S sshd'."
559 fi 559 fi
560 else 560 else
561 if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}" 561 if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}" -y tcpip
562 then 562 then
563 echo 563 echo
564 echo "The service has been installed under LocalSystem account." 564 echo "The service has been installed under LocalSystem account."
diff --git a/contrib/cygwin/ssh-user-config b/contrib/cygwin/ssh-user-config
index fe07ce360..9482efe9e 100644
--- a/contrib/cygwin/ssh-user-config
+++ b/contrib/cygwin/ssh-user-config
@@ -198,7 +198,7 @@ fi
198 198
199if [ ! -f "${pwdhome}/.ssh/id_rsa" ] 199if [ ! -f "${pwdhome}/.ssh/id_rsa" ]
200then 200then
201 if request "Shall I create an SSH2 RSA identity file for you? (yes/no) " 201 if request "Shall I create an SSH2 RSA identity file for you?"
202 then 202 then
203 echo "Generating ${pwdhome}/.ssh/id_rsa" 203 echo "Generating ${pwdhome}/.ssh/id_rsa"
204 if [ "${with_passphrase}" = "yes" ] 204 if [ "${with_passphrase}" = "yes" ]
@@ -217,7 +217,7 @@ fi
217 217
218if [ ! -f "${pwdhome}/.ssh/id_dsa" ] 218if [ ! -f "${pwdhome}/.ssh/id_dsa" ]
219then 219then
220 if request "Shall I create an SSH2 DSA identity file for you? (yes/no) " 220 if request "Shall I create an SSH2 DSA identity file for you?"
221 then 221 then
222 echo "Generating ${pwdhome}/.ssh/id_dsa" 222 echo "Generating ${pwdhome}/.ssh/id_dsa"
223 if [ "${with_passphrase}" = "yes" ] 223 if [ "${with_passphrase}" = "yes" ]
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index 049b07fe4..cbdf7bbc7 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
1%define ver 4.2p1 1%define ver 4.3p2
2%define rel 1 2%define rel 1
3 3
4# OpenSSH privilege separation requires a user & group ID 4# OpenSSH privilege separation requires a user & group ID
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index 6ad862fad..b49e78c65 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -1,14 +1,29 @@
1Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation 1# Default values for additional components
2Name: openssh 2%define build_x11_askpass 1
3Version: 4.2p1 3
4URL: http://www.openssh.com/ 4# Define the UID/GID to use for privilege separation
5Release: 1 5%define sshd_gid 65
6Source0: openssh-%{version}.tar.gz 6%define sshd_uid 71
7Copyright: BSD 7
8Group: Applications/Internet 8# The version of x11-ssh-askpass to use
9BuildRoot: /tmp/openssh-%{version}-buildroot 9%define xversion 1.2.4.1
10PreReq: openssl 10
11Obsoletes: ssh 11# Allow the ability to override defaults with -D skip_xxx=1
12%{?skip_x11_askpass:%define build_x11_askpass 0}
13
14Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
15Name: openssh
16Version: 4.3p2
17URL: http://www.openssh.com/
18Release: 1
19Source0: openssh-%{version}.tar.gz
20Source1: x11-ssh-askpass-%{xversion}.tar.gz
21License: BSD
22Group: Productivity/Networking/SSH
23BuildRoot: %{_tmppath}/openssh-%{version}-buildroot
24PreReq: openssl
25Obsoletes: ssh
26Provides: ssh
12# 27#
13# (Build[ing] Prereq[uisites] only work for RPM 2.95 and newer.) 28# (Build[ing] Prereq[uisites] only work for RPM 2.95 and newer.)
14# building prerequisites -- stuff for 29# building prerequisites -- stuff for
@@ -16,14 +31,25 @@ Obsoletes: ssh
16# TCP Wrappers (nkitb), 31# TCP Wrappers (nkitb),
17# and Gnome (glibdev, gtkdev, and gnlibsd) 32# and Gnome (glibdev, gtkdev, and gnlibsd)
18# 33#
19BuildPrereq: openssl 34BuildPrereq: openssl
20BuildPrereq: nkitb 35BuildPrereq: nkitb
21BuildPrereq: glibdev 36#BuildPrereq: glibdev
22BuildPrereq: gtkdev 37#BuildPrereq: gtkdev
23BuildPrereq: gnlibsd 38#BuildPrereq: gnlibsd
39
40%package askpass
41Summary: A passphrase dialog for OpenSSH and the X window System.
42Group: Productivity/Networking/SSH
43Requires: openssh = %{version}
44Obsoletes: ssh-extras
45Provides: openssh:${_libdir}/ssh/ssh-askpass
46
47%if %{build_x11_askpass}
48BuildPrereq: XFree86-devel
49%endif
24 50
25%description 51%description
26Ssh (Secure Shell) a program for logging into a remote machine and for 52Ssh (Secure Shell) is a program for logging into a remote machine and for
27executing commands in a remote machine. It is intended to replace 53executing commands in a remote machine. It is intended to replace
28rlogin and rsh, and provide secure encrypted communications between 54rlogin and rsh, and provide secure encrypted communications between
29two untrusted hosts over an insecure network. X11 connections and 55two untrusted hosts over an insecure network. X11 connections and
@@ -34,10 +60,26 @@ up to date in terms of security and features, as well as removing all
34patented algorithms to seperate libraries (OpenSSL). 60patented algorithms to seperate libraries (OpenSSL).
35 61
36This package includes all files necessary for both the OpenSSH 62This package includes all files necessary for both the OpenSSH
37client and server. Additionally, this package contains the GNOME 63client and server.
38passphrase dialog. 64
65%description askpass
66Ssh (Secure Shell) is a program for logging into a remote machine and for
67executing commands in a remote machine. It is intended to replace
68rlogin and rsh, and provide secure encrypted communications between
69two untrusted hosts over an insecure network. X11 connections and
70arbitrary TCP/IP ports can also be forwarded over the secure channel.
71
72OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
73up to date in terms of security and features, as well as removing all
74patented algorithms to seperate libraries (OpenSSL).
75
76This package contains an X Window System passphrase dialog for OpenSSH.
39 77
40%changelog 78%changelog
79* Wed Oct 26 2005 Iain Morgan <imorgan@nas.nasa.gov>
80- Removed accidental inclusion of --without-zlib-version-check
81* Tue Oct 25 2005 Iain Morgan <imorgan@nas.nasa.gov>
82- Overhaul to deal with newer versions of SuSE and OpenSSH
41* Mon Jun 12 2000 Damien Miller <djm@mindrot.org> 83* Mon Jun 12 2000 Damien Miller <djm@mindrot.org>
42- Glob manpages to catch compressed files 84- Glob manpages to catch compressed files
43* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au> 85* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au>
@@ -84,116 +126,124 @@ passphrase dialog.
84 126
85%prep 127%prep
86 128
129%if %{build_x11_askpass}
130%setup -q -a 1
131%else
87%setup -q 132%setup -q
133%endif
88 134
89%build 135%build
90CFLAGS="$RPM_OPT_FLAGS" \ 136CFLAGS="$RPM_OPT_FLAGS" \
91./configure --prefix=/usr \ 137%configure --prefix=/usr \
92 --sysconfdir=/etc/ssh \ 138 --sysconfdir=%{_sysconfdir}/ssh \
93 --datadir=/usr/share/openssh \ 139 --mandir=%{_mandir} \
140 --with-privsep-path=/var/lib/empty \
94 --with-pam \ 141 --with-pam \
95 --with-gnome-askpass \
96 --with-tcp-wrappers \ 142 --with-tcp-wrappers \
97 --with-ipv4-default \ 143 --libexecdir=%{_libdir}/ssh
98 --libexecdir=/usr/lib/ssh
99make 144make
100 145
101cd contrib 146%if %{build_x11_askpass}
102gcc -O -g `gnome-config --cflags gnome gnomeui` \ 147cd x11-ssh-askpass-%{xversion}
103 gnome-ssh-askpass.c -o gnome-ssh-askpass \ 148%configure --mandir=/usr/X11R6/man \
104 `gnome-config --libs gnome gnomeui` 149 --libexecdir=%{_libdir}/ssh
150xmkmf -a
151make
105cd .. 152cd ..
153%endif
106 154
107%install 155%install
108rm -rf $RPM_BUILD_ROOT 156rm -rf $RPM_BUILD_ROOT
109make install DESTDIR=$RPM_BUILD_ROOT/ 157make install DESTDIR=$RPM_BUILD_ROOT/
110install -d $RPM_BUILD_ROOT/etc/ssh/
111install -d $RPM_BUILD_ROOT/etc/pam.d/ 158install -d $RPM_BUILD_ROOT/etc/pam.d/
112install -d $RPM_BUILD_ROOT/sbin/init.d/ 159install -d $RPM_BUILD_ROOT/etc/init.d/
113install -d $RPM_BUILD_ROOT/var/adm/fillup-templates 160install -d $RPM_BUILD_ROOT/var/adm/fillup-templates
114install -d $RPM_BUILD_ROOT/usr/lib/ssh
115install -m644 contrib/sshd.pam.generic $RPM_BUILD_ROOT/etc/pam.d/sshd 161install -m644 contrib/sshd.pam.generic $RPM_BUILD_ROOT/etc/pam.d/sshd
116install -m744 contrib/suse/rc.sshd $RPM_BUILD_ROOT/sbin/init.d/sshd 162install -m744 contrib/suse/rc.sshd $RPM_BUILD_ROOT/etc/init.d/sshd
117ln -s ../../sbin/init.d/sshd $RPM_BUILD_ROOT/usr/sbin/rcsshd 163install -m744 contrib/suse/sysconfig.ssh \
118install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT/usr/lib/ssh/gnome-ssh-askpass
119ln -s gnome-ssh-askpass $RPM_BUILD_ROOT/usr/lib/ssh/ssh-askpass
120install -m744 contrib/suse/rc.config.sshd \
121 $RPM_BUILD_ROOT/var/adm/fillup-templates 164 $RPM_BUILD_ROOT/var/adm/fillup-templates
122 165
166%if %{build_x11_askpass}
167cd x11-ssh-askpass-%{xversion}
168make install install.man BINDIR=%{_libdir}/ssh DESTDIR=$RPM_BUILD_ROOT/
169rm -f $RPM_BUILD_ROOT/usr/share/Ssh.bin
170%endif
171
123%clean 172%clean
124rm -rf $RPM_BUILD_ROOT 173rm -rf $RPM_BUILD_ROOT
125 174
175%pre
176/usr/sbin/groupadd -g %{sshd_gid} -o -r sshd 2> /dev/null || :
177/usr/sbin/useradd -r -o -g sshd -u %{sshd_uid} -s /bin/false -c "SSH Privilege Separation User" -d /var/lib/sshd sshd 2> /dev/null || :
178
126%post 179%post
127if [ "$1" = 1 ]; then
128 echo "Creating SSH stop/start scripts in the rc directories..."
129 ln -s ../sshd /sbin/init.d/rc2.d/K20sshd
130 ln -s ../sshd /sbin/init.d/rc2.d/S20sshd
131 ln -s ../sshd /sbin/init.d/rc3.d/K20sshd
132 ln -s ../sshd /sbin/init.d/rc3.d/S20sshd
133fi
134echo "Updating /etc/rc.config..."
135if [ -x /bin/fillup ] ; then
136 /bin/fillup -q -d = etc/rc.config var/adm/fillup-templates/rc.config.sshd
137else
138 echo "ERROR: fillup not found. This should NOT happen in SuSE Linux."
139 echo "Update /etc/rc.config by hand from the following template file:"
140 echo " /var/adm/fillup-templates/rc.config.sshd"
141fi
142if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then 180if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
143 echo "Generating SSH host key..." 181 echo "Generating SSH RSA host key..."
144 /usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N '' >&2 182 /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
145fi 183fi
146if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then 184if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
147 echo "Generating SSH DSA host key..." 185 echo "Generating SSH DSA host key..."
148 /usr/bin/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N '' >&2 186 /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
149fi
150if test -r /var/run/sshd.pid
151then
152 echo "Restarting the running SSH daemon..."
153 /usr/sbin/rcsshd restart >&2
154fi 187fi
188%{fillup_and_insserv -n -s -y ssh sshd START_SSHD}
189%run_permissions
190
191%verifyscript
192%verify_permissions -e /etc/ssh/sshd_config -e /etc/ssh/ssh_config -e /usr/bin/ssh
155 193
156%preun 194%preun
157if [ "$1" = 0 ] 195%stop_on_removal sshd
158then 196
159 echo "Stopping the SSH daemon..." 197%postun
160 /usr/sbin/rcsshd stop >&2 198%restart_on_update sshd
161 echo "Removing SSH stop/start scripts from the rc directories..." 199%{insserv_cleanup}
162 rm /sbin/init.d/rc2.d/K20sshd
163 rm /sbin/init.d/rc2.d/S20sshd
164 rm /sbin/init.d/rc3.d/K20sshd
165 rm /sbin/init.d/rc3.d/S20sshd
166fi
167 200
168%files 201%files
169%defattr(-,root,root) 202%defattr(-,root,root)
170%doc ChangeLog OVERVIEW README* 203%doc ChangeLog OVERVIEW README*
171%doc RFC.nroff TODO CREDITS LICENCE 204%doc RFC.nroff TODO CREDITS LICENCE
172%attr(0755,root,root) %dir /etc/ssh 205%attr(0755,root,root) %dir %{_sysconfdir}/ssh
173%attr(0644,root,root) %config /etc/ssh/ssh_config 206%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
174%attr(0600,root,root) %config /etc/ssh/sshd_config 207%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
175%attr(0600,root,root) %config /etc/ssh/moduli 208%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
176%attr(0644,root,root) %config /etc/pam.d/sshd 209%attr(0644,root,root) %config(noreplace) /etc/pam.d/sshd
177%attr(0755,root,root) %config /sbin/init.d/sshd 210%attr(0755,root,root) %config /etc/init.d/sshd
178%attr(0755,root,root) /usr/bin/ssh-keygen 211%attr(0755,root,root) %{_bindir}/ssh-keygen
179%attr(0755,root,root) /usr/bin/scp 212%attr(0755,root,root) %{_bindir}/scp
180%attr(4755,root,root) /usr/bin/ssh 213%attr(0755,root,root) %{_bindir}/ssh
181%attr(-,root,root) /usr/bin/slogin 214%attr(-,root,root) %{_bindir}/slogin
182%attr(0755,root,root) /usr/bin/ssh-agent 215%attr(0755,root,root) %{_bindir}/ssh-agent
183%attr(0755,root,root) /usr/bin/ssh-add 216%attr(0755,root,root) %{_bindir}/ssh-add
184%attr(0755,root,root) /usr/bin/ssh-keyscan 217%attr(0755,root,root) %{_bindir}/ssh-keyscan
185%attr(0755,root,root) /usr/bin/sftp 218%attr(0755,root,root) %{_bindir}/sftp
186%attr(0755,root,root) /usr/sbin/sshd 219%attr(0755,root,root) %{_sbindir}/sshd
187%attr(-,root,root) /usr/sbin/rcsshd 220%attr(0755,root,root) %dir %{_libdir}/ssh
188%attr(0755,root,root) %dir /usr/lib/ssh 221%attr(0755,root,root) %{_libdir}/ssh/sftp-server
189%attr(0755,root,root) /usr/lib/ssh/ssh-askpass 222%attr(4711,root,root) %{_libdir}/ssh/ssh-keysign
190%attr(0755,root,root) /usr/lib/ssh/gnome-ssh-askpass 223%attr(0644,root,root) %doc %{_mandir}/man1/scp.1*
191%attr(0644,root,root) %doc /usr/man/man1/scp.1* 224%attr(0644,root,root) %doc %{_mandir}/man1/sftp.1*
192%attr(0644,root,root) %doc /usr/man/man1/ssh.1* 225%attr(-,root,root) %doc %{_mandir}/man1/slogin.1*
193%attr(-,root,root) %doc /usr/man/man1/slogin.1* 226%attr(0644,root,root) %doc %{_mandir}/man1/ssh.1*
194%attr(0644,root,root) %doc /usr/man/man1/ssh-agent.1* 227%attr(0644,root,root) %doc %{_mandir}/man1/ssh-add.1*
195%attr(0644,root,root) %doc /usr/man/man1/ssh-add.1* 228%attr(0644,root,root) %doc %{_mandir}/man1/ssh-agent.1*
196%attr(0644,root,root) %doc /usr/man/man1/ssh-keygen.1* 229%attr(0644,root,root) %doc %{_mandir}/man1/ssh-keygen.1*
197%attr(0644,root,root) %doc /usr/man/man8/sshd.8* 230%attr(0644,root,root) %doc %{_mandir}/man1/ssh-keyscan.1*
198%attr(0644,root,root) /var/adm/fillup-templates/rc.config.sshd 231%attr(0644,root,root) %doc %{_mandir}/man5/ssh_config.5*
232%attr(0644,root,root) %doc %{_mandir}/man5/sshd_config.5*
233%attr(0644,root,root) %doc %{_mandir}/man8/sftp-server.8*
234%attr(0644,root,root) %doc %{_mandir}/man8/ssh-keysign.8*
235%attr(0644,root,root) %doc %{_mandir}/man8/sshd.8*
236%attr(0644,root,root) /var/adm/fillup-templates/sysconfig.ssh
199 237
238%if %{build_x11_askpass}
239%files askpass
240%defattr(-,root,root)
241%doc x11-ssh-askpass-%{xversion}/README
242%doc x11-ssh-askpass-%{xversion}/ChangeLog
243%doc x11-ssh-askpass-%{xversion}/SshAskpass*.ad
244%attr(0755,root,root) %{_libdir}/ssh/ssh-askpass
245%attr(0755,root,root) %{_libdir}/ssh/x11-ssh-askpass
246%attr(0644,root,root) %doc /usr/X11R6/man/man1/ssh-askpass.1x*
247%attr(0644,root,root) %doc /usr/X11R6/man/man1/x11-ssh-askpass.1x*
248%attr(0644,root,root) %config /usr/X11R6/lib/X11/app-defaults/SshAskpass
249%endif
diff --git a/contrib/suse/rc.sshd b/contrib/suse/rc.sshd
index f7d431ebb..573960bfa 100644
--- a/contrib/suse/rc.sshd
+++ b/contrib/suse/rc.sshd
@@ -1,80 +1,133 @@
1#! /bin/sh 1#! /bin/sh
2# Copyright (c) 1995-1998 SuSE GmbH Nuernberg, Germany. 2# Copyright (c) 1995-2000 SuSE GmbH Nuernberg, Germany.
3# 3#
4# Author: Chris Saia <csaia@wtower.com> 4# Author: Jiri Smid <feedback@suse.de>
5# 5#
6# /sbin/init.d/sshd 6# /etc/init.d/sshd
7# 7#
8# and symbolic its link 8# and symbolic its link
9# 9#
10# /sbin/rcsshd 10# /usr/sbin/rcsshd
11# 11#
12### BEGIN INIT INFO
13# Provides: sshd
14# Required-Start: $network $remote_fs
15# Required-Stop: $network $remote_fs
16# Default-Start: 3 5
17# Default-Stop: 0 1 2 6
18# Description: Start the sshd daemon
19### END INIT INFO
12 20
13. /etc/rc.config 21SSHD_BIN=/usr/sbin/sshd
22test -x $SSHD_BIN || exit 5
14 23
15# Determine the base and follow a runlevel link name. 24SSHD_SYSCONFIG=/etc/sysconfig/ssh
16base=${0##*/} 25test -r $SSHD_SYSCONFIG || exit 6
17link=${base#*[SK][0-9][0-9]} 26. $SSHD_SYSCONFIG
18 27
19# Force execution if not called by a runlevel directory. 28SSHD_PIDFILE=/var/run/sshd.init.pid
20test $link = $base && START_SSHD=yes 29
21test "$START_SSHD" = yes || exit 0 30. /etc/rc.status
31
32# Shell functions sourced from /etc/rc.status:
33# rc_check check and set local and overall rc status
34# rc_status check and set local and overall rc status
35# rc_status -v ditto but be verbose in local rc status
36# rc_status -v -r ditto and clear the local rc status
37# rc_failed set local and overall rc status to failed
38# rc_reset clear local rc status (overall remains)
39# rc_exit exit appropriate to overall rc status
40
41# First reset status of this service
42rc_reset
22 43
23# The echo return value for success (defined in /etc/rc.config).
24return=$rc_done
25case "$1" in 44case "$1" in
26 start) 45 start)
27 echo -n "Starting service sshd" 46 if ! test -f /etc/ssh/ssh_host_key ; then
47 echo Generating /etc/ssh/ssh_host_key.
48 ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N ''
49 fi
50 if ! test -f /etc/ssh/ssh_host_dsa_key ; then
51 echo Generating /etc/ssh/ssh_host_dsa_key.
52
53 ssh-keygen -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N ''
54 fi
55 if ! test -f /etc/ssh/ssh_host_rsa_key ; then
56 echo Generating /etc/ssh/ssh_host_rsa_key.
57
58 ssh-keygen -t rsa -b 1024 -f /etc/ssh/ssh_host_rsa_key -N ''
59 fi
60 echo -n "Starting SSH daemon"
28 ## Start daemon with startproc(8). If this fails 61 ## Start daemon with startproc(8). If this fails
29 ## the echo return value is set appropriate. 62 ## the echo return value is set appropriate.
30 63
31 startproc /usr/sbin/sshd || return=$rc_failed 64 startproc -f -p $SSHD_PIDFILE /usr/sbin/sshd $SSHD_OPTS -o "PidFile=$SSHD_PIDFILE"
32 65
33 echo -e "$return" 66 # Remember status and be verbose
67 rc_status -v
34 ;; 68 ;;
35 stop) 69 stop)
36 echo -n "Stopping service sshd" 70 echo -n "Shutting down SSH daemon"
37 ## Stop daemon with killproc(8) and if this fails 71 ## Stop daemon with killproc(8) and if this fails
38 ## set echo the echo return value. 72 ## set echo the echo return value.
39 73
40 killproc -TERM /usr/sbin/sshd || return=$rc_failed 74 killproc -p $SSHD_PIDFILE -TERM /usr/sbin/sshd
41 75
42 echo -e "$return" 76 # Remember status and be verbose
77 rc_status -v
43 ;; 78 ;;
79 try-restart)
80 ## Stop the service and if this succeeds (i.e. the
81 ## service was running before), start it again.
82 $0 status >/dev/null && $0 restart
83
84 # Remember status and be quiet
85 rc_status
86 ;;
44 restart) 87 restart)
45 ## If first returns OK call the second, if first or 88 ## Stop the service and regardless of whether it was
46 ## second command fails, set echo return value. 89 ## running or not, start it again.
47 $0 stop && $0 start || return=$rc_failed 90 $0 stop
48 ;; 91 $0 start
49 reload)
50 ## Choose ONE of the following two cases:
51 92
52 ## First possibility: A few services accepts a signal 93 # Remember status and be quiet
53 ## to reread the (changed) configuration. 94 rc_status
95 ;;
96 force-reload|reload)
97 ## Signal the daemon to reload its config. Most daemons
98 ## do this on signal 1 (SIGHUP).
54 99
55 echo -n "Reload service sshd" 100 echo -n "Reload service sshd"
56 killproc -HUP /usr/sbin/sshd || return=$rc_failed 101
57 echo -e "$return" 102 killproc -p $SSHD_PIDFILE -HUP /usr/sbin/sshd
58 ;; 103
104 rc_status -v
105
106 ;;
59 status) 107 status)
60 echo -n "Checking for service sshd" 108 echo -n "Checking for service sshd "
61 ## Check status with checkproc(8), if process is running 109 ## Check status with checkproc(8), if process is running
62 ## checkproc will return with exit status 0. 110 ## checkproc will return with exit status 0.
63 111
64 checkproc /usr/sbin/sshd && echo OK || echo No process 112 # Status has a slightly different for the status command:
113 # 0 - service running
114 # 1 - service dead, but /var/run/ pid file exists
115 # 2 - service dead, but /var/lock/ lock file exists
116 # 3 - service not running
117
118 checkproc -p $SSHD_PIDFILE /usr/sbin/sshd
119
120 rc_status -v
65 ;; 121 ;;
66 probe) 122 probe)
67 ## Optional: Probe for the necessity of a reload, 123 ## Optional: Probe for the necessity of a reload,
68 ## give out the argument which is required for a reload. 124 ## give out the argument which is required for a reload.
69 125
70 test /etc/ssh/sshd_config -nt /var/run/sshd.pid && echo reload 126 test /etc/ssh/sshd_config -nt $SSHD_PIDFILE && echo reload
71 ;; 127 ;;
72 *) 128 *)
73 echo "Usage: $0 {start|stop|status|restart|reload[|probe]}" 129 echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
74 exit 1 130 exit 1
75 ;; 131 ;;
76esac 132esac
77 133rc_exit
78# Inform the caller not only verbosely and set an exit status.
79test "$return" = "$rc_done" || exit 1
80exit 0
diff --git a/contrib/suse/sysconfig.ssh b/contrib/suse/sysconfig.ssh
new file mode 100644
index 000000000..c6a37e5cb
--- /dev/null
+++ b/contrib/suse/sysconfig.ssh
@@ -0,0 +1,9 @@
1## Path: Network/Remote access/SSH
2## Description: SSH server settings
3## Type: string
4## Default: ""
5## ServiceRestart: sshd
6#
7# Options for sshd
8#
9SSHD_OPTS=""
diff --git a/defines.h b/defines.h
index 408b988b5..f25934176 100644
--- a/defines.h
+++ b/defines.h
@@ -25,7 +25,7 @@
25#ifndef _DEFINES_H 25#ifndef _DEFINES_H
26#define _DEFINES_H 26#define _DEFINES_H
27 27
28/* $Id: defines.h,v 1.127 2005/08/31 16:59:49 tim Exp $ */ 28/* $Id: defines.h,v 1.130 2005/12/17 11:04:09 dtucker Exp $ */
29 29
30 30
31/* Constants */ 31/* Constants */
@@ -450,6 +450,10 @@ struct winsize {
450# define __sentinel__ 450# define __sentinel__
451#endif 451#endif
452 452
453#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__bounded__)
454# define __bounded__(x, y, z)
455#endif
456
453/* *-*-nto-qnx doesn't define this macro in the system headers */ 457/* *-*-nto-qnx doesn't define this macro in the system headers */
454#ifdef MISSING_HOWMANY 458#ifdef MISSING_HOWMANY
455# define howmany(x,y) (((x)+((y)-1))/(y)) 459# define howmany(x,y) (((x)+((y)-1))/(y))
@@ -688,7 +692,7 @@ struct winsize {
688# define CUSTOM_SYS_AUTH_PASSWD 1 692# define CUSTOM_SYS_AUTH_PASSWD 1
689#endif 693#endif
690 694
691#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF) 695#ifdef HAVE_LIBIAF
692# define CUSTOM_SYS_AUTH_PASSWD 1 696# define CUSTOM_SYS_AUTH_PASSWD 1
693#endif 697#endif
694 698
@@ -711,4 +715,12 @@ struct winsize {
711# undef HAVE_MMAP 715# undef HAVE_MMAP
712#endif 716#endif
713 717
718/* some system headers on HP-UX define YES/NO */
719#ifdef YES
720# undef YES
721#endif
722#ifdef NO
723# undef NO
724#endif
725
714#endif /* _DEFINES_H */ 726#endif /* _DEFINES_H */
diff --git a/dns.c b/dns.c
index 4487c1aba..a71dd9bff 100644
--- a/dns.c
+++ b/dns.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $ */ 1/* $OpenBSD: dns.c,v 1.16 2005/10/17 14:13:35 stevesk Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2003 Wesley Griffin. All rights reserved. 4 * Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -25,27 +25,16 @@
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */ 26 */
27 27
28
29#include "includes.h" 28#include "includes.h"
29RCSID("$OpenBSD: dns.c,v 1.16 2005/10/17 14:13:35 stevesk Exp $");
30 30
31#include <openssl/bn.h>
32#ifdef LWRES
33#include <lwres/netdb.h>
34#include <dns/result.h>
35#else /* LWRES */
36#include <netdb.h> 31#include <netdb.h>
37#endif /* LWRES */
38 32
39#include "xmalloc.h" 33#include "xmalloc.h"
40#include "key.h" 34#include "key.h"
41#include "dns.h" 35#include "dns.h"
42#include "log.h" 36#include "log.h"
43#include "uuencode.h"
44
45extern char *__progname;
46RCSID("$OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $");
47 37
48#ifndef LWRES
49static const char *errset_text[] = { 38static const char *errset_text[] = {
50 "success", /* 0 ERRSET_SUCCESS */ 39 "success", /* 0 ERRSET_SUCCESS */
51 "out of memory", /* 1 ERRSET_NOMEMORY */ 40 "out of memory", /* 1 ERRSET_NOMEMORY */
@@ -75,8 +64,6 @@ dns_result_totext(unsigned int res)
75 return "unknown error"; 64 return "unknown error";
76 } 65 }
77} 66}
78#endif /* LWRES */
79
80 67
81/* 68/*
82 * Read SSHFP parameters from key buffer. 69 * Read SSHFP parameters from key buffer.
@@ -95,12 +82,14 @@ dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type,
95 *algorithm = SSHFP_KEY_DSA; 82 *algorithm = SSHFP_KEY_DSA;
96 break; 83 break;
97 default: 84 default:
98 *algorithm = SSHFP_KEY_RESERVED; 85 *algorithm = SSHFP_KEY_RESERVED; /* 0 */
99 } 86 }
100 87
101 if (*algorithm) { 88 if (*algorithm) {
102 *digest_type = SSHFP_HASH_SHA1; 89 *digest_type = SSHFP_HASH_SHA1;
103 *digest = key_fingerprint_raw(key, SSH_FP_SHA1, digest_len); 90 *digest = key_fingerprint_raw(key, SSH_FP_SHA1, digest_len);
91 if (*digest == NULL)
92 fatal("dns_read_key: null from key_fingerprint_raw()");
104 success = 1; 93 success = 1;
105 } else { 94 } else {
106 *digest_type = SSHFP_HASH_RESERVED; 95 *digest_type = SSHFP_HASH_RESERVED;
@@ -133,7 +122,7 @@ dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type,
133 *digest = (u_char *) xmalloc(*digest_len); 122 *digest = (u_char *) xmalloc(*digest_len);
134 memcpy(*digest, rdata + 2, *digest_len); 123 memcpy(*digest, rdata + 2, *digest_len);
135 } else { 124 } else {
136 *digest = NULL; 125 *digest = xstrdup("");
137 } 126 }
138 127
139 success = 1; 128 success = 1;
@@ -187,7 +176,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
187 176
188 *flags = 0; 177 *flags = 0;
189 178
190 debug3("verify_hostkey_dns"); 179 debug3("verify_host_key_dns");
191 if (hostkey == NULL) 180 if (hostkey == NULL)
192 fatal("No key to look up!"); 181 fatal("No key to look up!");
193 182
@@ -223,7 +212,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
223 if (fingerprints->rri_nrdatas) 212 if (fingerprints->rri_nrdatas)
224 *flags |= DNS_VERIFY_FOUND; 213 *flags |= DNS_VERIFY_FOUND;
225 214
226 for (counter = 0 ; counter < fingerprints->rri_nrdatas ; counter++) { 215 for (counter = 0; counter < fingerprints->rri_nrdatas; counter++) {
227 /* 216 /*
228 * Extract the key from the answer. Ignore any badly 217 * Extract the key from the answer. Ignore any badly
229 * formatted fingerprints. 218 * formatted fingerprints.
@@ -247,8 +236,10 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
247 *flags |= DNS_VERIFY_MATCH; 236 *flags |= DNS_VERIFY_MATCH;
248 } 237 }
249 } 238 }
239 xfree(dnskey_digest);
250 } 240 }
251 241
242 xfree(hostkey_digest); /* from key_fingerprint_raw() */
252 freerrset(fingerprints); 243 freerrset(fingerprints);
253 244
254 if (*flags & DNS_VERIFY_FOUND) 245 if (*flags & DNS_VERIFY_FOUND)
@@ -262,7 +253,6 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
262 return 0; 253 return 0;
263} 254}
264 255
265
266/* 256/*
267 * Export the fingerprint of a key as a DNS resource record 257 * Export the fingerprint of a key as a DNS resource record
268 */ 258 */
@@ -278,7 +268,7 @@ export_dns_rr(const char *hostname, const Key *key, FILE *f, int generic)
278 int success = 0; 268 int success = 0;
279 269
280 if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type, 270 if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type,
281 &rdata_digest, &rdata_digest_len, key)) { 271 &rdata_digest, &rdata_digest_len, key)) {
282 272
283 if (generic) 273 if (generic)
284 fprintf(f, "%s IN TYPE%d \\# %d %02x %02x ", hostname, 274 fprintf(f, "%s IN TYPE%d \\# %d %02x %02x ", hostname,
@@ -291,9 +281,10 @@ export_dns_rr(const char *hostname, const Key *key, FILE *f, int generic)
291 for (i = 0; i < rdata_digest_len; i++) 281 for (i = 0; i < rdata_digest_len; i++)
292 fprintf(f, "%02x", rdata_digest[i]); 282 fprintf(f, "%02x", rdata_digest[i]);
293 fprintf(f, "\n"); 283 fprintf(f, "\n");
284 xfree(rdata_digest); /* from key_fingerprint_raw() */
294 success = 1; 285 success = 1;
295 } else { 286 } else {
296 error("dns_export_rr: unsupported algorithm"); 287 error("export_dns_rr: unsupported algorithm");
297 } 288 }
298 289
299 return success; 290 return success;
diff --git a/dns.h b/dns.h
index c5da22ef6..0aa1c28f2 100644
--- a/dns.h
+++ b/dns.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: dns.h,v 1.5 2003/11/12 16:39:58 jakob Exp $ */ 1/* $OpenBSD: dns.h,v 1.6 2005/10/17 14:13:35 stevesk Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2003 Wesley Griffin. All rights reserved. 4 * Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -25,7 +25,6 @@
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */ 26 */
27 27
28
29#include "includes.h" 28#include "includes.h"
30 29
31#ifndef DNS_H 30#ifndef DNS_H
@@ -49,7 +48,6 @@ enum sshfp_hashes {
49#define DNS_VERIFY_MATCH 0x00000002 48#define DNS_VERIFY_MATCH 0x00000002
50#define DNS_VERIFY_SECURE 0x00000004 49#define DNS_VERIFY_SECURE 0x00000004
51 50
52
53int verify_host_key_dns(const char *, struct sockaddr *, const Key *, int *); 51int verify_host_key_dns(const char *, struct sockaddr *, const Key *, int *);
54int export_dns_rr(const char *, const Key *, FILE *, int); 52int export_dns_rr(const char *, const Key *, FILE *, int);
55 53
diff --git a/entropy.c b/entropy.c
index 410bbb927..e5b45b0b6 100644
--- a/entropy.c
+++ b/entropy.c
@@ -26,6 +26,7 @@
26 26
27#include <openssl/rand.h> 27#include <openssl/rand.h>
28#include <openssl/crypto.h> 28#include <openssl/crypto.h>
29#include <openssl/err.h>
29 30
30#include "ssh.h" 31#include "ssh.h"
31#include "misc.h" 32#include "misc.h"
@@ -33,6 +34,8 @@
33#include "atomicio.h" 34#include "atomicio.h"
34#include "pathnames.h" 35#include "pathnames.h"
35#include "log.h" 36#include "log.h"
37#include "buffer.h"
38#include "bufaux.h"
36 39
37/* 40/*
38 * Portable OpenSSH PRNG seeding: 41 * Portable OpenSSH PRNG seeding:
@@ -45,7 +48,7 @@
45 * XXX: we should tell the child how many bytes we need. 48 * XXX: we should tell the child how many bytes we need.
46 */ 49 */
47 50
48RCSID("$Id: entropy.c,v 1.49 2005/07/17 07:26:44 djm Exp $"); 51RCSID("$Id: entropy.c,v 1.52 2005/09/27 22:26:30 dtucker Exp $");
49 52
50#ifndef OPENSSL_PRNG_ONLY 53#ifndef OPENSSL_PRNG_ONLY
51#define RANDOM_SEED_SIZE 48 54#define RANDOM_SEED_SIZE 48
@@ -145,10 +148,35 @@ init_rng(void)
145 "have %lx", OPENSSL_VERSION_NUMBER, SSLeay()); 148 "have %lx", OPENSSL_VERSION_NUMBER, SSLeay());
146 149
147#ifndef OPENSSL_PRNG_ONLY 150#ifndef OPENSSL_PRNG_ONLY
148 if ((original_uid = getuid()) == -1) 151 original_uid = getuid();
149 fatal("getuid: %s", strerror(errno)); 152 original_euid = geteuid();
150 if ((original_euid = geteuid()) == -1)
151 fatal("geteuid: %s", strerror(errno));
152#endif 153#endif
153} 154}
154 155
156#ifndef OPENSSL_PRNG_ONLY
157void
158rexec_send_rng_seed(Buffer *m)
159{
160 u_char buf[RANDOM_SEED_SIZE];
161
162 if (RAND_bytes(buf, sizeof(buf)) <= 0) {
163 error("Couldn't obtain random bytes (error %ld)",
164 ERR_get_error());
165 buffer_put_string(m, "", 0);
166 } else
167 buffer_put_string(m, buf, sizeof(buf));
168}
169
170void
171rexec_recv_rng_seed(Buffer *m)
172{
173 u_char *buf;
174 u_int len;
175
176 buf = buffer_get_string_ret(m, &len);
177 if (buf != NULL) {
178 debug3("rexec_recv_rng_seed: seeding rng with %u bytes", len);
179 RAND_add(buf, len, len);
180 }
181}
182#endif
diff --git a/entropy.h b/entropy.h
index 5f63c1f1f..ec1ebcc57 100644
--- a/entropy.h
+++ b/entropy.h
@@ -22,12 +22,17 @@
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */ 23 */
24 24
25/* $Id: entropy.h,v 1.4 2001/02/09 01:55:36 djm Exp $ */ 25/* $Id: entropy.h,v 1.5 2005/09/27 12:46:32 dtucker Exp $ */
26 26
27#ifndef _RANDOMS_H 27#ifndef _RANDOMS_H
28#define _RANDOMS_H 28#define _RANDOMS_H
29 29
30#include "buffer.h"
31
30void seed_rng(void); 32void seed_rng(void);
31void init_rng(void); 33void init_rng(void);
32 34
35void rexec_send_rng_seed(Buffer *);
36void rexec_recv_rng_seed(Buffer *);
37
33#endif /* _RANDOMS_H */ 38#endif /* _RANDOMS_H */
diff --git a/gss-genr.c b/gss-genr.c
index 9bc31aa2a..c2b4f2dd8 100644
--- a/gss-genr.c
+++ b/gss-genr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: gss-genr.c,v 1.4 2005/07/17 07:17:55 djm Exp $ */ 1/* $OpenBSD: gss-genr.c,v 1.6 2005/10/13 22:24:31 stevesk Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. 4 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -30,9 +30,7 @@
30 30
31#include "xmalloc.h" 31#include "xmalloc.h"
32#include "bufaux.h" 32#include "bufaux.h"
33#include "compat.h"
34#include "log.h" 33#include "log.h"
35#include "monitor_wrap.h"
36#include "ssh2.h" 34#include "ssh2.h"
37 35
38#include "ssh-gss.h" 36#include "ssh-gss.h"
@@ -270,7 +268,8 @@ ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service,
270} 268}
271 269
272OM_uint32 270OM_uint32
273ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) { 271ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid)
272{
274 if (*ctx) 273 if (*ctx)
275 ssh_gssapi_delete_ctx(ctx); 274 ssh_gssapi_delete_ctx(ctx);
276 ssh_gssapi_build_ctx(ctx); 275 ssh_gssapi_build_ctx(ctx);
diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
index 4f02621dd..5c5837ffb 100644
--- a/gss-serv-krb5.c
+++ b/gss-serv-krb5.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: gss-serv-krb5.c,v 1.3 2004/07/21 10:36:23 djm Exp $ */ 1/* $OpenBSD: gss-serv-krb5.c,v 1.4 2005/10/13 19:08:08 stevesk Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. 4 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
diff --git a/gss-serv.c b/gss-serv.c
index 117130459..26eec25bd 100644
--- a/gss-serv.c
+++ b/gss-serv.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: gss-serv.c,v 1.8 2005/08/30 22:08:05 djm Exp $ */ 1/* $OpenBSD: gss-serv.c,v 1.13 2005/10/13 22:24:31 stevesk Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. 4 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -29,20 +29,16 @@
29#ifdef GSSAPI 29#ifdef GSSAPI
30 30
31#include "bufaux.h" 31#include "bufaux.h"
32#include "compat.h"
33#include "auth.h" 32#include "auth.h"
34#include "log.h" 33#include "log.h"
35#include "channels.h" 34#include "channels.h"
36#include "session.h" 35#include "session.h"
37#include "servconf.h" 36#include "servconf.h"
38#include "monitor_wrap.h"
39#include "xmalloc.h" 37#include "xmalloc.h"
40#include "getput.h" 38#include "getput.h"
41 39
42#include "ssh-gss.h" 40#include "ssh-gss.h"
43 41
44extern ServerOptions options;
45
46static ssh_gssapi_client gssapi_client = 42static ssh_gssapi_client gssapi_client =
47 { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, 43 { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
48 GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}}; 44 GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}};
@@ -61,7 +57,7 @@ ssh_gssapi_mech* supported_mechs[]= {
61 &gssapi_null_mech, 57 &gssapi_null_mech,
62}; 58};
63 59
64/* Unpriviledged */ 60/* Unprivileged */
65void 61void
66ssh_gssapi_supported_oids(gss_OID_set *oidset) 62ssh_gssapi_supported_oids(gss_OID_set *oidset)
67{ 63{
@@ -90,7 +86,7 @@ ssh_gssapi_supported_oids(gss_OID_set *oidset)
90 * oid 86 * oid
91 * credentials (from ssh_gssapi_acquire_cred) 87 * credentials (from ssh_gssapi_acquire_cred)
92 */ 88 */
93/* Priviledged */ 89/* Privileged */
94OM_uint32 90OM_uint32
95ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok, 91ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok,
96 gss_buffer_desc *send_tok, OM_uint32 *flags) 92 gss_buffer_desc *send_tok, OM_uint32 *flags)
@@ -138,14 +134,14 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
138 OM_uint32 offset; 134 OM_uint32 offset;
139 OM_uint32 oidl; 135 OM_uint32 oidl;
140 136
141 tok=ename->value; 137 tok = ename->value;
142 138
143 /* 139 /*
144 * Check that ename is long enough for all of the fixed length 140 * Check that ename is long enough for all of the fixed length
145 * header, and that the initial ID bytes are correct 141 * header, and that the initial ID bytes are correct
146 */ 142 */
147 143
148 if (ename->length<6 || memcmp(tok,"\x04\x01", 2)!=0) 144 if (ename->length < 6 || memcmp(tok, "\x04\x01", 2) != 0)
149 return GSS_S_FAILURE; 145 return GSS_S_FAILURE;
150 146
151 /* 147 /*
@@ -164,7 +160,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
164 */ 160 */
165 if (tok[4] != 0x06 || tok[5] != oidl || 161 if (tok[4] != 0x06 || tok[5] != oidl ||
166 ename->length < oidl+6 || 162 ename->length < oidl+6 ||
167 !ssh_gssapi_check_oid(ctx,tok+6,oidl)) 163 !ssh_gssapi_check_oid(ctx, tok+6, oidl))
168 return GSS_S_FAILURE; 164 return GSS_S_FAILURE;
169 165
170 offset = oidl+6; 166 offset = oidl+6;
@@ -179,7 +175,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
179 return GSS_S_FAILURE; 175 return GSS_S_FAILURE;
180 176
181 name->value = xmalloc(name->length+1); 177 name->value = xmalloc(name->length+1);
182 memcpy(name->value,tok+offset,name->length); 178 memcpy(name->value, tok+offset,name->length);
183 ((char *)name->value)[name->length] = 0; 179 ((char *)name->value)[name->length] = 0;
184 180
185 return GSS_S_COMPLETE; 181 return GSS_S_COMPLETE;
@@ -188,7 +184,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
188/* Extract the client details from a given context. This can only reliably 184/* Extract the client details from a given context. This can only reliably
189 * be called once for a context */ 185 * be called once for a context */
190 186
191/* Priviledged (called from accept_secure_ctx) */ 187/* Privileged (called from accept_secure_ctx) */
192OM_uint32 188OM_uint32
193ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) 189ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client)
194{ 190{
@@ -263,15 +259,14 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep)
263 259
264 if (gssapi_client.store.envvar != NULL && 260 if (gssapi_client.store.envvar != NULL &&
265 gssapi_client.store.envval != NULL) { 261 gssapi_client.store.envval != NULL) {
266
267 debug("Setting %s to %s", gssapi_client.store.envvar, 262 debug("Setting %s to %s", gssapi_client.store.envvar,
268 gssapi_client.store.envval); 263 gssapi_client.store.envval);
269 child_set_env(envp, envsizep, gssapi_client.store.envvar, 264 child_set_env(envp, envsizep, gssapi_client.store.envvar,
270 gssapi_client.store.envval); 265 gssapi_client.store.envval);
271 } 266 }
272} 267}
273 268
274/* Priviledged */ 269/* Privileged */
275int 270int
276ssh_gssapi_userok(char *user) 271ssh_gssapi_userok(char *user)
277{ 272{
@@ -298,7 +293,7 @@ ssh_gssapi_userok(char *user)
298 return (0); 293 return (0);
299} 294}
300 295
301/* Priviledged */ 296/* Privileged */
302OM_uint32 297OM_uint32
303ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) 298ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
304{ 299{
diff --git a/hostfile.c b/hostfile.c
index 63550a29d..3ed646247 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -36,7 +36,7 @@
36 */ 36 */
37 37
38#include "includes.h" 38#include "includes.h"
39RCSID("$OpenBSD: hostfile.c,v 1.35 2005/07/27 10:39:03 dtucker Exp $"); 39RCSID("$OpenBSD: hostfile.c,v 1.36 2005/11/22 03:36:03 dtucker Exp $");
40 40
41#include <resolv.h> 41#include <resolv.h>
42#include <openssl/hmac.h> 42#include <openssl/hmac.h>
@@ -88,8 +88,8 @@ extract_salt(const char *s, u_int l, char *salt, size_t salt_len)
88 return (-1); 88 return (-1);
89 } 89 }
90 if (ret != SHA_DIGEST_LENGTH) { 90 if (ret != SHA_DIGEST_LENGTH) {
91 debug2("extract_salt: expected salt len %u, got %u", 91 debug2("extract_salt: expected salt len %d, got %d",
92 salt_len, ret); 92 SHA_DIGEST_LENGTH, ret);
93 return (-1); 93 return (-1);
94 } 94 }
95 95
diff --git a/includes.h b/includes.h
index fa65aa38d..520817400 100644
--- a/includes.h
+++ b/includes.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: includes.h,v 1.19 2005/05/19 02:42:26 djm Exp $ */ 1/* $OpenBSD: includes.h,v 1.22 2006/01/01 08:59:27 stevesk Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -21,6 +21,8 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg }
21 21
22#include "config.h" 22#include "config.h"
23 23
24#define _GNU_SOURCE /* activate extra prototypes for glibc */
25
24#include <stdarg.h> 26#include <stdarg.h>
25#include <stdio.h> 27#include <stdio.h>
26#include <ctype.h> 28#include <ctype.h>
@@ -67,7 +69,6 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg }
67#ifdef HAVE_NEXT 69#ifdef HAVE_NEXT
68# include <libc.h> 70# include <libc.h>
69#endif 71#endif
70#define __USE_GNU /* before unistd.h, activate extra prototypes for glibc */
71#include <unistd.h> /* For STDIN_FILENO, etc */ 72#include <unistd.h> /* For STDIN_FILENO, etc */
72#include <termios.h> /* Struct winsize */ 73#include <termios.h> /* Struct winsize */
73 74
diff --git a/kex.c b/kex.c
index 5dce335fe..cd71be9ca 100644
--- a/kex.c
+++ b/kex.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: kex.c,v 1.64 2005/07/25 11:59:39 markus Exp $"); 26RCSID("$OpenBSD: kex.c,v 1.65 2005/11/04 05:15:59 djm Exp $");
27 27
28#include <openssl/crypto.h> 28#include <openssl/crypto.h>
29 29
@@ -294,13 +294,17 @@ choose_kex(Kex *k, char *client, char *server)
294 fatal("no kex alg"); 294 fatal("no kex alg");
295 if (strcmp(k->name, KEX_DH1) == 0) { 295 if (strcmp(k->name, KEX_DH1) == 0) {
296 k->kex_type = KEX_DH_GRP1_SHA1; 296 k->kex_type = KEX_DH_GRP1_SHA1;
297 k->evp_md = EVP_sha1();
297 } else if (strcmp(k->name, KEX_DH14) == 0) { 298 } else if (strcmp(k->name, KEX_DH14) == 0) {
298 k->kex_type = KEX_DH_GRP14_SHA1; 299 k->kex_type = KEX_DH_GRP14_SHA1;
299 } else if (strcmp(k->name, KEX_DHGEX) == 0) { 300 k->evp_md = EVP_sha1();
301 } else if (strcmp(k->name, KEX_DHGEX_SHA1) == 0) {
300 k->kex_type = KEX_DH_GEX_SHA1; 302 k->kex_type = KEX_DH_GEX_SHA1;
303 k->evp_md = EVP_sha1();
301 } else 304 } else
302 fatal("bad kex alg %s", k->name); 305 fatal("bad kex alg %s", k->name);
303} 306}
307
304static void 308static void
305choose_hostkeyalg(Kex *k, char *client, char *server) 309choose_hostkeyalg(Kex *k, char *client, char *server)
306{ 310{
@@ -404,28 +408,28 @@ kex_choose_conf(Kex *kex)
404} 408}
405 409
406static u_char * 410static u_char *
407derive_key(Kex *kex, int id, u_int need, u_char *hash, BIGNUM *shared_secret) 411derive_key(Kex *kex, int id, u_int need, u_char *hash, u_int hashlen,
412 BIGNUM *shared_secret)
408{ 413{
409 Buffer b; 414 Buffer b;
410 const EVP_MD *evp_md = EVP_sha1();
411 EVP_MD_CTX md; 415 EVP_MD_CTX md;
412 char c = id; 416 char c = id;
413 u_int have; 417 u_int have;
414 int mdsz = EVP_MD_size(evp_md); 418 int mdsz;
415 u_char *digest; 419 u_char *digest;
416 420
417 if (mdsz < 0) 421 if ((mdsz = EVP_MD_size(kex->evp_md)) <= 0)
418 fatal("derive_key: mdsz < 0"); 422 fatal("bad kex md size %d", mdsz);
419 digest = xmalloc(roundup(need, mdsz)); 423 digest = xmalloc(roundup(need, mdsz));
420 424
421 buffer_init(&b); 425 buffer_init(&b);
422 buffer_put_bignum2(&b, shared_secret); 426 buffer_put_bignum2(&b, shared_secret);
423 427
424 /* K1 = HASH(K || H || "A" || session_id) */ 428 /* K1 = HASH(K || H || "A" || session_id) */
425 EVP_DigestInit(&md, evp_md); 429 EVP_DigestInit(&md, kex->evp_md);
426 if (!(datafellows & SSH_BUG_DERIVEKEY)) 430 if (!(datafellows & SSH_BUG_DERIVEKEY))
427 EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); 431 EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
428 EVP_DigestUpdate(&md, hash, mdsz); 432 EVP_DigestUpdate(&md, hash, hashlen);
429 EVP_DigestUpdate(&md, &c, 1); 433 EVP_DigestUpdate(&md, &c, 1);
430 EVP_DigestUpdate(&md, kex->session_id, kex->session_id_len); 434 EVP_DigestUpdate(&md, kex->session_id, kex->session_id_len);
431 EVP_DigestFinal(&md, digest, NULL); 435 EVP_DigestFinal(&md, digest, NULL);
@@ -436,10 +440,10 @@ derive_key(Kex *kex, int id, u_int need, u_char *hash, BIGNUM *shared_secret)
436 * Key = K1 || K2 || ... || Kn 440 * Key = K1 || K2 || ... || Kn
437 */ 441 */
438 for (have = mdsz; need > have; have += mdsz) { 442 for (have = mdsz; need > have; have += mdsz) {
439 EVP_DigestInit(&md, evp_md); 443 EVP_DigestInit(&md, kex->evp_md);
440 if (!(datafellows & SSH_BUG_DERIVEKEY)) 444 if (!(datafellows & SSH_BUG_DERIVEKEY))
441 EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); 445 EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
442 EVP_DigestUpdate(&md, hash, mdsz); 446 EVP_DigestUpdate(&md, hash, hashlen);
443 EVP_DigestUpdate(&md, digest, have); 447 EVP_DigestUpdate(&md, digest, have);
444 EVP_DigestFinal(&md, digest + have, NULL); 448 EVP_DigestFinal(&md, digest + have, NULL);
445 } 449 }
@@ -455,13 +459,15 @@ Newkeys *current_keys[MODE_MAX];
455 459
456#define NKEYS 6 460#define NKEYS 6
457void 461void
458kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret) 462kex_derive_keys(Kex *kex, u_char *hash, u_int hashlen, BIGNUM *shared_secret)
459{ 463{
460 u_char *keys[NKEYS]; 464 u_char *keys[NKEYS];
461 u_int i, mode, ctos; 465 u_int i, mode, ctos;
462 466
463 for (i = 0; i < NKEYS; i++) 467 for (i = 0; i < NKEYS; i++) {
464 keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret); 468 keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, hashlen,
469 shared_secret);
470 }
465 471
466 debug2("kex_derive_keys"); 472 debug2("kex_derive_keys");
467 for (mode = 0; mode < MODE_MAX; mode++) { 473 for (mode = 0; mode < MODE_MAX; mode++) {
diff --git a/kex.h b/kex.h
index 3024a2717..bbd931e04 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.h,v 1.37 2005/07/25 11:59:39 markus Exp $ */ 1/* $OpenBSD: kex.h,v 1.38 2005/11/04 05:15:59 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -31,9 +31,9 @@
31#include "cipher.h" 31#include "cipher.h"
32#include "key.h" 32#include "key.h"
33 33
34#define KEX_DH1 "diffie-hellman-group1-sha1" 34#define KEX_DH1 "diffie-hellman-group1-sha1"
35#define KEX_DH14 "diffie-hellman-group14-sha1" 35#define KEX_DH14 "diffie-hellman-group14-sha1"
36#define KEX_DHGEX "diffie-hellman-group-exchange-sha1" 36#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1"
37 37
38#define COMP_NONE 0 38#define COMP_NONE 0
39#define COMP_ZLIB 1 39#define COMP_ZLIB 1
@@ -114,6 +114,7 @@ struct Kex {
114 Buffer peer; 114 Buffer peer;
115 int done; 115 int done;
116 int flags; 116 int flags;
117 const EVP_MD *evp_md;
117 char *client_version_string; 118 char *client_version_string;
118 char *server_version_string; 119 char *server_version_string;
119 int (*verify_host_key)(Key *); 120 int (*verify_host_key)(Key *);
@@ -127,7 +128,7 @@ void kex_finish(Kex *);
127 128
128void kex_send_kexinit(Kex *); 129void kex_send_kexinit(Kex *);
129void kex_input_kexinit(int, u_int32_t, void *); 130void kex_input_kexinit(int, u_int32_t, void *);
130void kex_derive_keys(Kex *, u_char *, BIGNUM *); 131void kex_derive_keys(Kex *, u_char *, u_int, BIGNUM *);
131 132
132Newkeys *kex_get_newkeys(int); 133Newkeys *kex_get_newkeys(int);
133 134
@@ -136,12 +137,13 @@ void kexdh_server(Kex *);
136void kexgex_client(Kex *); 137void kexgex_client(Kex *);
137void kexgex_server(Kex *); 138void kexgex_server(Kex *);
138 139
139u_char * 140void
140kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int, 141kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
141 BIGNUM *, BIGNUM *, BIGNUM *); 142 BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
142u_char * 143void
143kexgex_hash(char *, char *, char *, int, char *, int, u_char *, int, 144kexgex_hash(const EVP_MD *, char *, char *, char *, int, char *,
144 int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *); 145 int, u_char *, int, int, int, int, BIGNUM *, BIGNUM *, BIGNUM *,
146 BIGNUM *, BIGNUM *, u_char **, u_int *);
145 147
146void 148void
147derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]); 149derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]);
diff --git a/kexdh.c b/kexdh.c
index 4bbb7d1db..f79d8781d 100644
--- a/kexdh.c
+++ b/kexdh.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: kexdh.c,v 1.19 2003/02/16 17:09:57 markus Exp $"); 26RCSID("$OpenBSD: kexdh.c,v 1.20 2005/11/04 05:15:59 djm Exp $");
27 27
28#include <openssl/evp.h> 28#include <openssl/evp.h>
29 29
@@ -32,7 +32,7 @@ RCSID("$OpenBSD: kexdh.c,v 1.19 2003/02/16 17:09:57 markus Exp $");
32#include "ssh2.h" 32#include "ssh2.h"
33#include "kex.h" 33#include "kex.h"
34 34
35u_char * 35void
36kex_dh_hash( 36kex_dh_hash(
37 char *client_version_string, 37 char *client_version_string,
38 char *server_version_string, 38 char *server_version_string,
@@ -41,7 +41,8 @@ kex_dh_hash(
41 u_char *serverhostkeyblob, int sbloblen, 41 u_char *serverhostkeyblob, int sbloblen,
42 BIGNUM *client_dh_pub, 42 BIGNUM *client_dh_pub,
43 BIGNUM *server_dh_pub, 43 BIGNUM *server_dh_pub,
44 BIGNUM *shared_secret) 44 BIGNUM *shared_secret,
45 u_char **hash, u_int *hashlen)
45{ 46{
46 Buffer b; 47 Buffer b;
47 static u_char digest[EVP_MAX_MD_SIZE]; 48 static u_char digest[EVP_MAX_MD_SIZE];
@@ -77,5 +78,6 @@ kex_dh_hash(
77#ifdef DEBUG_KEX 78#ifdef DEBUG_KEX
78 dump_digest("hash", digest, EVP_MD_size(evp_md)); 79 dump_digest("hash", digest, EVP_MD_size(evp_md));
79#endif 80#endif
80 return digest; 81 *hash = digest;
82 *hashlen = EVP_MD_size(evp_md);
81} 83}
diff --git a/kexdhc.c b/kexdhc.c
index f48bd4678..d8a2fa3b7 100644
--- a/kexdhc.c
+++ b/kexdhc.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: kexdhc.c,v 1.2 2004/06/13 12:53:24 djm Exp $"); 26RCSID("$OpenBSD: kexdhc.c,v 1.3 2005/11/04 05:15:59 djm Exp $");
27 27
28#include "xmalloc.h" 28#include "xmalloc.h"
29#include "key.h" 29#include "key.h"
@@ -41,7 +41,7 @@ kexdh_client(Kex *kex)
41 Key *server_host_key; 41 Key *server_host_key;
42 u_char *server_host_key_blob = NULL, *signature = NULL; 42 u_char *server_host_key_blob = NULL, *signature = NULL;
43 u_char *kbuf, *hash; 43 u_char *kbuf, *hash;
44 u_int klen, kout, slen, sbloblen; 44 u_int klen, kout, slen, sbloblen, hashlen;
45 45
46 /* generate and send 'e', client DH public key */ 46 /* generate and send 'e', client DH public key */
47 switch (kex->kex_type) { 47 switch (kex->kex_type) {
@@ -114,7 +114,7 @@ kexdh_client(Kex *kex)
114 xfree(kbuf); 114 xfree(kbuf);
115 115
116 /* calc and verify H */ 116 /* calc and verify H */
117 hash = kex_dh_hash( 117 kex_dh_hash(
118 kex->client_version_string, 118 kex->client_version_string,
119 kex->server_version_string, 119 kex->server_version_string,
120 buffer_ptr(&kex->my), buffer_len(&kex->my), 120 buffer_ptr(&kex->my), buffer_len(&kex->my),
@@ -122,25 +122,26 @@ kexdh_client(Kex *kex)
122 server_host_key_blob, sbloblen, 122 server_host_key_blob, sbloblen,
123 dh->pub_key, 123 dh->pub_key,
124 dh_server_pub, 124 dh_server_pub,
125 shared_secret 125 shared_secret,
126 &hash, &hashlen
126 ); 127 );
127 xfree(server_host_key_blob); 128 xfree(server_host_key_blob);
128 BN_clear_free(dh_server_pub); 129 BN_clear_free(dh_server_pub);
129 DH_free(dh); 130 DH_free(dh);
130 131
131 if (key_verify(server_host_key, signature, slen, hash, 20) != 1) 132 if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
132 fatal("key_verify failed for server_host_key"); 133 fatal("key_verify failed for server_host_key");
133 key_free(server_host_key); 134 key_free(server_host_key);
134 xfree(signature); 135 xfree(signature);
135 136
136 /* save session id */ 137 /* save session id */
137 if (kex->session_id == NULL) { 138 if (kex->session_id == NULL) {
138 kex->session_id_len = 20; 139 kex->session_id_len = hashlen;
139 kex->session_id = xmalloc(kex->session_id_len); 140 kex->session_id = xmalloc(kex->session_id_len);
140 memcpy(kex->session_id, hash, kex->session_id_len); 141 memcpy(kex->session_id, hash, kex->session_id_len);
141 } 142 }
142 143
143 kex_derive_keys(kex, hash, shared_secret); 144 kex_derive_keys(kex, hash, hashlen, shared_secret);
144 BN_clear_free(shared_secret); 145 BN_clear_free(shared_secret);
145 kex_finish(kex); 146 kex_finish(kex);
146} 147}
diff --git a/kexdhs.c b/kexdhs.c
index 225e65592..26c8cdfd6 100644
--- a/kexdhs.c
+++ b/kexdhs.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: kexdhs.c,v 1.2 2004/06/13 12:53:24 djm Exp $"); 26RCSID("$OpenBSD: kexdhs.c,v 1.3 2005/11/04 05:15:59 djm Exp $");
27 27
28#include "xmalloc.h" 28#include "xmalloc.h"
29#include "key.h" 29#include "key.h"
@@ -41,7 +41,7 @@ kexdh_server(Kex *kex)
41 DH *dh; 41 DH *dh;
42 Key *server_host_key; 42 Key *server_host_key;
43 u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; 43 u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
44 u_int sbloblen, klen, kout; 44 u_int sbloblen, klen, kout, hashlen;
45 u_int slen; 45 u_int slen;
46 46
47 /* generate server DH public key */ 47 /* generate server DH public key */
@@ -103,7 +103,7 @@ kexdh_server(Kex *kex)
103 key_to_blob(server_host_key, &server_host_key_blob, &sbloblen); 103 key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);
104 104
105 /* calc H */ 105 /* calc H */
106 hash = kex_dh_hash( 106 kex_dh_hash(
107 kex->client_version_string, 107 kex->client_version_string,
108 kex->server_version_string, 108 kex->server_version_string,
109 buffer_ptr(&kex->peer), buffer_len(&kex->peer), 109 buffer_ptr(&kex->peer), buffer_len(&kex->peer),
@@ -111,21 +111,20 @@ kexdh_server(Kex *kex)
111 server_host_key_blob, sbloblen, 111 server_host_key_blob, sbloblen,
112 dh_client_pub, 112 dh_client_pub,
113 dh->pub_key, 113 dh->pub_key,
114 shared_secret 114 shared_secret,
115 &hash, &hashlen
115 ); 116 );
116 BN_clear_free(dh_client_pub); 117 BN_clear_free(dh_client_pub);
117 118
118 /* save session id := H */ 119 /* save session id := H */
119 /* XXX hashlen depends on KEX */
120 if (kex->session_id == NULL) { 120 if (kex->session_id == NULL) {
121 kex->session_id_len = 20; 121 kex->session_id_len = hashlen;
122 kex->session_id = xmalloc(kex->session_id_len); 122 kex->session_id = xmalloc(kex->session_id_len);
123 memcpy(kex->session_id, hash, kex->session_id_len); 123 memcpy(kex->session_id, hash, kex->session_id_len);
124 } 124 }
125 125
126 /* sign H */ 126 /* sign H */
127 /* XXX hashlen depends on KEX */ 127 PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, hashlen));
128 PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20));
129 128
130 /* destroy_sensitive_data(); */ 129 /* destroy_sensitive_data(); */
131 130
@@ -141,7 +140,7 @@ kexdh_server(Kex *kex)
141 /* have keys, free DH */ 140 /* have keys, free DH */
142 DH_free(dh); 141 DH_free(dh);
143 142
144 kex_derive_keys(kex, hash, shared_secret); 143 kex_derive_keys(kex, hash, hashlen, shared_secret);
145 BN_clear_free(shared_secret); 144 BN_clear_free(shared_secret);
146 kex_finish(kex); 145 kex_finish(kex);
147} 146}
diff --git a/kexgex.c b/kexgex.c
index b0c39c8cb..705484a47 100644
--- a/kexgex.c
+++ b/kexgex.c
@@ -24,7 +24,7 @@
24 */ 24 */
25 25
26#include "includes.h" 26#include "includes.h"
27RCSID("$OpenBSD: kexgex.c,v 1.23 2003/02/16 17:09:57 markus Exp $"); 27RCSID("$OpenBSD: kexgex.c,v 1.24 2005/11/04 05:15:59 djm Exp $");
28 28
29#include <openssl/evp.h> 29#include <openssl/evp.h>
30 30
@@ -33,8 +33,9 @@ RCSID("$OpenBSD: kexgex.c,v 1.23 2003/02/16 17:09:57 markus Exp $");
33#include "kex.h" 33#include "kex.h"
34#include "ssh2.h" 34#include "ssh2.h"
35 35
36u_char * 36void
37kexgex_hash( 37kexgex_hash(
38 const EVP_MD *evp_md,
38 char *client_version_string, 39 char *client_version_string,
39 char *server_version_string, 40 char *server_version_string,
40 char *ckexinit, int ckexinitlen, 41 char *ckexinit, int ckexinitlen,
@@ -43,11 +44,11 @@ kexgex_hash(
43 int min, int wantbits, int max, BIGNUM *prime, BIGNUM *gen, 44 int min, int wantbits, int max, BIGNUM *prime, BIGNUM *gen,
44 BIGNUM *client_dh_pub, 45 BIGNUM *client_dh_pub,
45 BIGNUM *server_dh_pub, 46 BIGNUM *server_dh_pub,
46 BIGNUM *shared_secret) 47 BIGNUM *shared_secret,
48 u_char **hash, u_int *hashlen)
47{ 49{
48 Buffer b; 50 Buffer b;
49 static u_char digest[EVP_MAX_MD_SIZE]; 51 static u_char digest[EVP_MAX_MD_SIZE];
50 const EVP_MD *evp_md = EVP_sha1();
51 EVP_MD_CTX md; 52 EVP_MD_CTX md;
52 53
53 buffer_init(&b); 54 buffer_init(&b);
@@ -79,14 +80,15 @@ kexgex_hash(
79#ifdef DEBUG_KEXDH 80#ifdef DEBUG_KEXDH
80 buffer_dump(&b); 81 buffer_dump(&b);
81#endif 82#endif
83
82 EVP_DigestInit(&md, evp_md); 84 EVP_DigestInit(&md, evp_md);
83 EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); 85 EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
84 EVP_DigestFinal(&md, digest, NULL); 86 EVP_DigestFinal(&md, digest, NULL);
85 87
86 buffer_free(&b); 88 buffer_free(&b);
87 89 *hash = digest;
90 *hashlen = EVP_MD_size(evp_md);
88#ifdef DEBUG_KEXDH 91#ifdef DEBUG_KEXDH
89 dump_digest("hash", digest, EVP_MD_size(evp_md)); 92 dump_digest("hash", digest, *hashlen);
90#endif 93#endif
91 return digest;
92} 94}
diff --git a/kexgexc.c b/kexgexc.c
index 0193183b9..a6ff8757d 100644
--- a/kexgexc.c
+++ b/kexgexc.c
@@ -24,7 +24,7 @@
24 */ 24 */
25 25
26#include "includes.h" 26#include "includes.h"
27RCSID("$OpenBSD: kexgexc.c,v 1.2 2003/12/08 11:00:47 markus Exp $"); 27RCSID("$OpenBSD: kexgexc.c,v 1.3 2005/11/04 05:15:59 djm Exp $");
28 28
29#include "xmalloc.h" 29#include "xmalloc.h"
30#include "key.h" 30#include "key.h"
@@ -42,7 +42,7 @@ kexgex_client(Kex *kex)
42 BIGNUM *p = NULL, *g = NULL; 42 BIGNUM *p = NULL, *g = NULL;
43 Key *server_host_key; 43 Key *server_host_key;
44 u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; 44 u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
45 u_int klen, kout, slen, sbloblen; 45 u_int klen, kout, slen, sbloblen, hashlen;
46 int min, max, nbits; 46 int min, max, nbits;
47 DH *dh; 47 DH *dh;
48 48
@@ -155,7 +155,8 @@ kexgex_client(Kex *kex)
155 min = max = -1; 155 min = max = -1;
156 156
157 /* calc and verify H */ 157 /* calc and verify H */
158 hash = kexgex_hash( 158 kexgex_hash(
159 kex->evp_md,
159 kex->client_version_string, 160 kex->client_version_string,
160 kex->server_version_string, 161 kex->server_version_string,
161 buffer_ptr(&kex->my), buffer_len(&kex->my), 162 buffer_ptr(&kex->my), buffer_len(&kex->my),
@@ -165,25 +166,27 @@ kexgex_client(Kex *kex)
165 dh->p, dh->g, 166 dh->p, dh->g,
166 dh->pub_key, 167 dh->pub_key,
167 dh_server_pub, 168 dh_server_pub,
168 shared_secret 169 shared_secret,
170 &hash, &hashlen
169 ); 171 );
172
170 /* have keys, free DH */ 173 /* have keys, free DH */
171 DH_free(dh); 174 DH_free(dh);
172 xfree(server_host_key_blob); 175 xfree(server_host_key_blob);
173 BN_clear_free(dh_server_pub); 176 BN_clear_free(dh_server_pub);
174 177
175 if (key_verify(server_host_key, signature, slen, hash, 20) != 1) 178 if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
176 fatal("key_verify failed for server_host_key"); 179 fatal("key_verify failed for server_host_key");
177 key_free(server_host_key); 180 key_free(server_host_key);
178 xfree(signature); 181 xfree(signature);
179 182
180 /* save session id */ 183 /* save session id */
181 if (kex->session_id == NULL) { 184 if (kex->session_id == NULL) {
182 kex->session_id_len = 20; 185 kex->session_id_len = hashlen;
183 kex->session_id = xmalloc(kex->session_id_len); 186 kex->session_id = xmalloc(kex->session_id_len);
184 memcpy(kex->session_id, hash, kex->session_id_len); 187 memcpy(kex->session_id, hash, kex->session_id_len);
185 } 188 }
186 kex_derive_keys(kex, hash, shared_secret); 189 kex_derive_keys(kex, hash, hashlen, shared_secret);
187 BN_clear_free(shared_secret); 190 BN_clear_free(shared_secret);
188 191
189 kex_finish(kex); 192 kex_finish(kex);
diff --git a/kexgexs.c b/kexgexs.c
index baebfcfb0..c48b27af9 100644
--- a/kexgexs.c
+++ b/kexgexs.c
@@ -24,7 +24,7 @@
24 */ 24 */
25 25
26#include "includes.h" 26#include "includes.h"
27RCSID("$OpenBSD: kexgexs.c,v 1.1 2003/02/16 17:09:57 markus Exp $"); 27RCSID("$OpenBSD: kexgexs.c,v 1.2 2005/11/04 05:15:59 djm Exp $");
28 28
29#include "xmalloc.h" 29#include "xmalloc.h"
30#include "key.h" 30#include "key.h"
@@ -43,7 +43,7 @@ kexgex_server(Kex *kex)
43 Key *server_host_key; 43 Key *server_host_key;
44 DH *dh; 44 DH *dh;
45 u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL; 45 u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
46 u_int sbloblen, klen, kout, slen; 46 u_int sbloblen, klen, kout, slen, hashlen;
47 int min = -1, max = -1, nbits = -1, type; 47 int min = -1, max = -1, nbits = -1, type;
48 48
49 if (kex->load_host_key == NULL) 49 if (kex->load_host_key == NULL)
@@ -137,8 +137,9 @@ kexgex_server(Kex *kex)
137 if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) 137 if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD)
138 min = max = -1; 138 min = max = -1;
139 139
140 /* calc H */ /* XXX depends on 'kex' */ 140 /* calc H */
141 hash = kexgex_hash( 141 kexgex_hash(
142 kex->evp_md,
142 kex->client_version_string, 143 kex->client_version_string,
143 kex->server_version_string, 144 kex->server_version_string,
144 buffer_ptr(&kex->peer), buffer_len(&kex->peer), 145 buffer_ptr(&kex->peer), buffer_len(&kex->peer),
@@ -148,21 +149,20 @@ kexgex_server(Kex *kex)
148 dh->p, dh->g, 149 dh->p, dh->g,
149 dh_client_pub, 150 dh_client_pub,
150 dh->pub_key, 151 dh->pub_key,
151 shared_secret 152 shared_secret,
153 &hash, &hashlen
152 ); 154 );
153 BN_clear_free(dh_client_pub); 155 BN_clear_free(dh_client_pub);
154 156
155 /* save session id := H */ 157 /* save session id := H */
156 /* XXX hashlen depends on KEX */
157 if (kex->session_id == NULL) { 158 if (kex->session_id == NULL) {
158 kex->session_id_len = 20; 159 kex->session_id_len = hashlen;
159 kex->session_id = xmalloc(kex->session_id_len); 160 kex->session_id = xmalloc(kex->session_id_len);
160 memcpy(kex->session_id, hash, kex->session_id_len); 161 memcpy(kex->session_id, hash, kex->session_id_len);
161 } 162 }
162 163
163 /* sign H */ 164 /* sign H */
164 /* XXX hashlen depends on KEX */ 165 PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, hashlen));
165 PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20));
166 166
167 /* destroy_sensitive_data(); */ 167 /* destroy_sensitive_data(); */
168 168
@@ -179,7 +179,7 @@ kexgex_server(Kex *kex)
179 /* have keys, free DH */ 179 /* have keys, free DH */
180 DH_free(dh); 180 DH_free(dh);
181 181
182 kex_derive_keys(kex, hash, shared_secret); 182 kex_derive_keys(kex, hash, hashlen, shared_secret);
183 BN_clear_free(shared_secret); 183 BN_clear_free(shared_secret);
184 184
185 kex_finish(kex); 185 kex_finish(kex);
diff --git a/loginrec.c b/loginrec.c
index c3783c991..d096346ec 100644
--- a/loginrec.c
+++ b/loginrec.c
@@ -165,7 +165,7 @@
165# include <libutil.h> 165# include <libutil.h>
166#endif 166#endif
167 167
168RCSID("$Id: loginrec.c,v 1.70 2005/07/17 07:26:44 djm Exp $"); 168RCSID("$Id: loginrec.c,v 1.71 2005/11/22 08:55:13 dtucker Exp $");
169 169
170/** 170/**
171 ** prototypes for helper functions in this file 171 ** prototypes for helper functions in this file
@@ -1589,7 +1589,7 @@ lastlog_get_entry(struct logininfo *li)
1589 return (0); 1589 return (0);
1590 default: 1590 default:
1591 error("%s: Error reading from %s: Expecting %d, got %d", 1591 error("%s: Error reading from %s: Expecting %d, got %d",
1592 __func__, LASTLOG_FILE, sizeof(last), ret); 1592 __func__, LASTLOG_FILE, (int)sizeof(last), ret);
1593 return (0); 1593 return (0);
1594 } 1594 }
1595 1595
@@ -1613,7 +1613,7 @@ record_failed_login(const char *username, const char *hostname,
1613 int fd; 1613 int fd;
1614 struct utmp ut; 1614 struct utmp ut;
1615 struct sockaddr_storage from; 1615 struct sockaddr_storage from;
1616 size_t fromlen = sizeof(from); 1616 socklen_t fromlen = sizeof(from);
1617 struct sockaddr_in *a4; 1617 struct sockaddr_in *a4;
1618 struct sockaddr_in6 *a6; 1618 struct sockaddr_in6 *a6;
1619 time_t t; 1619 time_t t;
diff --git a/misc.c b/misc.c
index 2dd8ae6e3..29e928886 100644
--- a/misc.c
+++ b/misc.c
@@ -24,7 +24,11 @@
24 */ 24 */
25 25
26#include "includes.h" 26#include "includes.h"
27RCSID("$OpenBSD: misc.c,v 1.34 2005/07/08 09:26:18 dtucker Exp $"); 27RCSID("$OpenBSD: misc.c,v 1.42 2006/01/31 10:19:02 djm Exp $");
28
29#ifdef SSH_TUN_OPENBSD
30#include <net/if.h>
31#endif
28 32
29#include "misc.h" 33#include "misc.h"
30#include "log.h" 34#include "log.h"
@@ -194,6 +198,37 @@ a2port(const char *s)
194 return port; 198 return port;
195} 199}
196 200
201int
202a2tun(const char *s, int *remote)
203{
204 const char *errstr = NULL;
205 char *sp, *ep;
206 int tun;
207
208 if (remote != NULL) {
209 *remote = SSH_TUNID_ANY;
210 sp = xstrdup(s);
211 if ((ep = strchr(sp, ':')) == NULL) {
212 xfree(sp);
213 return (a2tun(s, NULL));
214 }
215 ep[0] = '\0'; ep++;
216 *remote = a2tun(ep, NULL);
217 tun = a2tun(sp, NULL);
218 xfree(sp);
219 return (*remote == SSH_TUNID_ERR ? *remote : tun);
220 }
221
222 if (strcasecmp(s, "any") == 0)
223 return (SSH_TUNID_ANY);
224
225 tun = strtonum(s, 0, SSH_TUNID_MAX, &errstr);
226 if (errstr != NULL)
227 return (SSH_TUNID_ERR);
228
229 return (tun);
230}
231
197#define SECONDS 1 232#define SECONDS 1
198#define MINUTES (SECONDS * 60) 233#define MINUTES (SECONDS * 60)
199#define HOURS (MINUTES * 60) 234#define HOURS (MINUTES * 60)
@@ -356,12 +391,15 @@ void
356addargs(arglist *args, char *fmt, ...) 391addargs(arglist *args, char *fmt, ...)
357{ 392{
358 va_list ap; 393 va_list ap;
359 char buf[1024]; 394 char *cp;
360 u_int nalloc; 395 u_int nalloc;
396 int r;
361 397
362 va_start(ap, fmt); 398 va_start(ap, fmt);
363 vsnprintf(buf, sizeof(buf), fmt, ap); 399 r = vasprintf(&cp, fmt, ap);
364 va_end(ap); 400 va_end(ap);
401 if (r == -1)
402 fatal("addargs: argument too long");
365 403
366 nalloc = args->nalloc; 404 nalloc = args->nalloc;
367 if (args->list == NULL) { 405 if (args->list == NULL) {
@@ -372,10 +410,44 @@ addargs(arglist *args, char *fmt, ...)
372 410
373 args->list = xrealloc(args->list, nalloc * sizeof(char *)); 411 args->list = xrealloc(args->list, nalloc * sizeof(char *));
374 args->nalloc = nalloc; 412 args->nalloc = nalloc;
375 args->list[args->num++] = xstrdup(buf); 413 args->list[args->num++] = cp;
376 args->list[args->num] = NULL; 414 args->list[args->num] = NULL;
377} 415}
378 416
417void
418replacearg(arglist *args, u_int which, char *fmt, ...)
419{
420 va_list ap;
421 char *cp;
422 int r;
423
424 va_start(ap, fmt);
425 r = vasprintf(&cp, fmt, ap);
426 va_end(ap);
427 if (r == -1)
428 fatal("replacearg: argument too long");
429
430 if (which >= args->num)
431 fatal("replacearg: tried to replace invalid arg %d >= %d",
432 which, args->num);
433 xfree(args->list[which]);
434 args->list[which] = cp;
435}
436
437void
438freeargs(arglist *args)
439{
440 u_int i;
441
442 if (args->list != NULL) {
443 for (i = 0; i < args->num; i++)
444 xfree(args->list[i]);
445 xfree(args->list);
446 args->nalloc = args->num = 0;
447 args->list = NULL;
448 }
449}
450
379/* 451/*
380 * Expands tildes in the file name. Returns data allocated by xmalloc. 452 * Expands tildes in the file name. Returns data allocated by xmalloc.
381 * Warning: this calls getpw*. 453 * Warning: this calls getpw*.
@@ -507,6 +579,99 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
507 return -1; 579 return -1;
508} 580}
509 581
582int
583tun_open(int tun, int mode)
584{
585#if defined(CUSTOM_SYS_TUN_OPEN)
586 return (sys_tun_open(tun, mode));
587#elif defined(SSH_TUN_OPENBSD)
588 struct ifreq ifr;
589 char name[100];
590 int fd = -1, sock;
591
592 /* Open the tunnel device */
593 if (tun <= SSH_TUNID_MAX) {
594 snprintf(name, sizeof(name), "/dev/tun%d", tun);
595 fd = open(name, O_RDWR);
596 } else if (tun == SSH_TUNID_ANY) {
597 for (tun = 100; tun >= 0; tun--) {
598 snprintf(name, sizeof(name), "/dev/tun%d", tun);
599 if ((fd = open(name, O_RDWR)) >= 0)
600 break;
601 }
602 } else {
603 debug("%s: invalid tunnel %u", __func__, tun);
604 return (-1);
605 }
606
607 if (fd < 0) {
608 debug("%s: %s open failed: %s", __func__, name, strerror(errno));
609 return (-1);
610 }
611
612 debug("%s: %s mode %d fd %d", __func__, name, mode, fd);
613
614 /* Set the tunnel device operation mode */
615 snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "tun%d", tun);
616 if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
617 goto failed;
618
619 if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1)
620 goto failed;
621
622 /* Set interface mode */
623 ifr.ifr_flags &= ~IFF_UP;
624 if (mode == SSH_TUNMODE_ETHERNET)
625 ifr.ifr_flags |= IFF_LINK0;
626 else
627 ifr.ifr_flags &= ~IFF_LINK0;
628 if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1)
629 goto failed;
630
631 /* Bring interface up */
632 ifr.ifr_flags |= IFF_UP;
633 if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1)
634 goto failed;
635
636 close(sock);
637 return (fd);
638
639 failed:
640 if (fd >= 0)
641 close(fd);
642 if (sock >= 0)
643 close(sock);
644 debug("%s: failed to set %s mode %d: %s", __func__, name,
645 mode, strerror(errno));
646 return (-1);
647#else
648 error("Tunnel interfaces are not supported on this platform");
649 return (-1);
650#endif
651}
652
653void
654sanitise_stdfd(void)
655{
656 int nullfd, dupfd;
657
658 if ((nullfd = dupfd = open(_PATH_DEVNULL, O_RDWR)) == -1) {
659 fprintf(stderr, "Couldn't open /dev/null: %s", strerror(errno));
660 exit(1);
661 }
662 while (++dupfd <= 2) {
663 /* Only clobber closed fds */
664 if (fcntl(dupfd, F_GETFL, 0) >= 0)
665 continue;
666 if (dup2(nullfd, dupfd) == -1) {
667 fprintf(stderr, "dup2: %s", strerror(errno));
668 exit(1);
669 }
670 }
671 if (nullfd > 2)
672 close(nullfd);
673}
674
510char * 675char *
511tohex(const u_char *d, u_int l) 676tohex(const u_char *d, u_int l)
512{ 677{
diff --git a/misc.h b/misc.h
index 2d630feb5..0a1a09a68 100644
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: misc.h,v 1.25 2005/07/14 04:00:43 dtucker Exp $ */ 1/* $OpenBSD: misc.h,v 1.29 2006/01/31 10:19:02 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -20,6 +20,7 @@ int set_nonblock(int);
20int unset_nonblock(int); 20int unset_nonblock(int);
21void set_nodelay(int); 21void set_nodelay(int);
22int a2port(const char *); 22int a2port(const char *);
23int a2tun(const char *, int *);
23char *hpdelim(char **); 24char *hpdelim(char **);
24char *cleanhostname(char *); 25char *cleanhostname(char *);
25char *colon(char *); 26char *colon(char *);
@@ -27,6 +28,7 @@ long convtime(const char *);
27char *tilde_expand_filename(const char *, uid_t); 28char *tilde_expand_filename(const char *, uid_t);
28char *percent_expand(const char *, ...) __attribute__((__sentinel__)); 29char *percent_expand(const char *, ...) __attribute__((__sentinel__));
29char *tohex(const u_char *, u_int); 30char *tohex(const u_char *, u_int);
31void sanitise_stdfd(void);
30 32
31struct passwd *pwcopy(struct passwd *); 33struct passwd *pwcopy(struct passwd *);
32 34
@@ -36,7 +38,11 @@ struct arglist {
36 u_int num; 38 u_int num;
37 u_int nalloc; 39 u_int nalloc;
38}; 40};
39void addargs(arglist *, char *, ...) __attribute__((format(printf, 2, 3))); 41void addargs(arglist *, char *, ...)
42 __attribute__((format(printf, 2, 3)));
43void replacearg(arglist *, u_int, char *, ...)
44 __attribute__((format(printf, 3, 4)));
45void freeargs(arglist *);
40 46
41/* readpass.c */ 47/* readpass.c */
42 48
@@ -48,3 +54,16 @@ void addargs(arglist *, char *, ...) __attribute__((format(printf, 2, 3)));
48char *read_passphrase(const char *, int); 54char *read_passphrase(const char *, int);
49int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); 55int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
50int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); 56int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *);
57
58int tun_open(int, int);
59
60/* Common definitions for ssh tunnel device forwarding */
61#define SSH_TUNMODE_NO 0x00
62#define SSH_TUNMODE_POINTOPOINT 0x01
63#define SSH_TUNMODE_ETHERNET 0x02
64#define SSH_TUNMODE_DEFAULT SSH_TUNMODE_POINTOPOINT
65#define SSH_TUNMODE_YES (SSH_TUNMODE_POINTOPOINT|SSH_TUNMODE_ETHERNET)
66
67#define SSH_TUNID_ANY 0x7fffffff
68#define SSH_TUNID_ERR (SSH_TUNID_ANY - 1)
69#define SSH_TUNID_MAX (SSH_TUNID_ANY - 2)
diff --git a/monitor.c b/monitor.c
index ef613cd3c..e6f648b0b 100644
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
25 */ 25 */
26 26
27#include "includes.h" 27#include "includes.h"
28RCSID("$OpenBSD: monitor.c,v 1.63 2005/03/10 22:01:05 deraadt Exp $"); 28RCSID("$OpenBSD: monitor.c,v 1.64 2005/10/13 22:24:31 stevesk Exp $");
29 29
30#include <openssl/dh.h> 30#include <openssl/dh.h>
31 31
@@ -834,9 +834,7 @@ mm_answer_pam_account(int sock, Buffer *m)
834 ret = do_pam_account(); 834 ret = do_pam_account();
835 835
836 buffer_put_int(m, ret); 836 buffer_put_int(m, ret);
837 buffer_append(&loginmsg, "\0", 1); 837 buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg));
838 buffer_put_cstring(m, buffer_ptr(&loginmsg));
839 buffer_clear(&loginmsg);
840 838
841 mm_request_send(sock, MONITOR_ANS_PAM_ACCOUNT, m); 839 mm_request_send(sock, MONITOR_ANS_PAM_ACCOUNT, m);
842 840
@@ -1831,7 +1829,7 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m)
1831 buffer_clear(m); 1829 buffer_clear(m);
1832 buffer_put_int(m, major); 1830 buffer_put_int(m, major);
1833 1831
1834 mm_request_send(sock,MONITOR_ANS_GSSSETUP, m); 1832 mm_request_send(sock, MONITOR_ANS_GSSSETUP, m);
1835 1833
1836 /* Now we have a context, enable the step */ 1834 /* Now we have a context, enable the step */
1837 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 1); 1835 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 1);
@@ -1844,7 +1842,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
1844{ 1842{
1845 gss_buffer_desc in; 1843 gss_buffer_desc in;
1846 gss_buffer_desc out = GSS_C_EMPTY_BUFFER; 1844 gss_buffer_desc out = GSS_C_EMPTY_BUFFER;
1847 OM_uint32 major,minor; 1845 OM_uint32 major, minor;
1848 OM_uint32 flags = 0; /* GSI needs this */ 1846 OM_uint32 flags = 0; /* GSI needs this */
1849 u_int len; 1847 u_int len;
1850 1848
@@ -1861,7 +1859,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
1861 1859
1862 gss_release_buffer(&minor, &out); 1860 gss_release_buffer(&minor, &out);
1863 1861
1864 if (major==GSS_S_COMPLETE) { 1862 if (major == GSS_S_COMPLETE) {
1865 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); 1863 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
1866 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); 1864 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
1867 monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); 1865 monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
@@ -1910,7 +1908,7 @@ mm_answer_gss_userok(int sock, Buffer *m)
1910 debug3("%s: sending result %d", __func__, authenticated); 1908 debug3("%s: sending result %d", __func__, authenticated);
1911 mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m); 1909 mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m);
1912 1910
1913 auth_method="gssapi-with-mic"; 1911 auth_method = "gssapi-with-mic";
1914 1912
1915 /* Monitor loop will terminate if authenticated */ 1913 /* Monitor loop will terminate if authenticated */
1916 return (authenticated); 1914 return (authenticated);
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 1489e7f08..3b50753de 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -72,7 +72,6 @@ extern struct monitor *pmonitor;
72extern Buffer input, output; 72extern Buffer input, output;
73extern Buffer loginmsg; 73extern Buffer loginmsg;
74extern ServerOptions options; 74extern ServerOptions options;
75extern Buffer loginmsg;
76 75
77int 76int
78mm_is_monitor(void) 77mm_is_monitor(void)
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
index 6f5ee2845..3a8703bc1 100644
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@@ -1,4 +1,4 @@
1# $Id: Makefile.in,v 1.35 2005/08/26 20:15:20 tim Exp $ 1# $Id: Makefile.in,v 1.37 2005/12/31 05:33:37 djm Exp $
2 2
3sysconfdir=@sysconfdir@ 3sysconfdir=@sysconfdir@
4piddir=@piddir@ 4piddir=@piddir@
@@ -18,9 +18,9 @@ LDFLAGS=-L. @LDFLAGS@
18 18
19OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o 19OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o
20 20
21COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o 21COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
22 22
23PORTS=port-irix.o port-aix.o port-uw.o 23PORTS=port-irix.o port-aix.o port-uw.o port-tun.o
24 24
25.c.o: 25.c.o:
26 $(CC) $(CFLAGS) $(CPPFLAGS) -c $< 26 $(CC) $(CFLAGS) $(CPPFLAGS) -c $<
diff --git a/openbsd-compat/base64.c b/openbsd-compat/base64.c
index dcaa03e5d..9a60f583b 100644
--- a/openbsd-compat/base64.c
+++ b/openbsd-compat/base64.c
@@ -1,5 +1,3 @@
1/* OPENBSD ORIGINAL: lib/libc/net/base64.c */
2
3/* $OpenBSD: base64.c,v 1.4 2002/01/02 23:00:10 deraadt Exp $ */ 1/* $OpenBSD: base64.c,v 1.4 2002/01/02 23:00:10 deraadt Exp $ */
4 2
5/* 3/*
@@ -44,6 +42,8 @@
44 * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. 42 * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
45 */ 43 */
46 44
45/* OPENBSD ORIGINAL: lib/libc/net/base64.c */
46
47#include "includes.h" 47#include "includes.h"
48 48
49#if (!defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP)) || (!defined(HAVE_B64_PTON) && !defined(HAVE___B64_PTON)) 49#if (!defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP)) || (!defined(HAVE_B64_PTON) && !defined(HAVE___B64_PTON))
@@ -139,7 +139,7 @@ b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize)
139 size_t datalength = 0; 139 size_t datalength = 0;
140 u_char input[3]; 140 u_char input[3];
141 u_char output[4]; 141 u_char output[4];
142 int i; 142 u_int i;
143 143
144 while (2 < srclength) { 144 while (2 < srclength) {
145 input[0] = *src++; 145 input[0] = *src++;
@@ -206,7 +206,8 @@ b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize)
206int 206int
207b64_pton(char const *src, u_char *target, size_t targsize) 207b64_pton(char const *src, u_char *target, size_t targsize)
208{ 208{
209 int tarindex, state, ch; 209 u_int tarindex, state;
210 int ch;
210 char *pos; 211 char *pos;
211 212
212 state = 0; 213 state = 0;
diff --git a/openbsd-compat/basename.c b/openbsd-compat/basename.c
index 552dc1e1c..ad040e139 100644
--- a/openbsd-compat/basename.c
+++ b/openbsd-compat/basename.c
@@ -1,9 +1,7 @@
1/* OPENBSD ORIGINAL: lib/libc/gen/basename.c */ 1/* $OpenBSD: basename.c,v 1.14 2005/08/08 08:05:33 espie Exp $ */
2
3/* $OpenBSD: basename.c,v 1.11 2003/06/17 21:56:23 millert Exp $ */
4 2
5/* 3/*
6 * Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com> 4 * Copyright (c) 1997, 2004 Todd C. Miller <Todd.Miller@courtesan.com>
7 * 5 *
8 * Permission to use, copy, modify, and distribute this software for any 6 * Permission to use, copy, modify, and distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above 7 * purpose with or without fee is hereby granted, provided that the above
@@ -18,34 +16,35 @@
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 */ 17 */
20 18
19/* OPENBSD ORIGINAL: lib/libc/gen/basename.c */
20
21#include "includes.h" 21#include "includes.h"
22#ifndef HAVE_BASENAME 22#ifndef HAVE_BASENAME
23 23
24#ifndef lint
25static char rcsid[] = "$OpenBSD: basename.c,v 1.11 2003/06/17 21:56:23 millert Exp $";
26#endif /* not lint */
27
28char * 24char *
29basename(const char *path) 25basename(const char *path)
30{ 26{
31 static char bname[MAXPATHLEN]; 27 static char bname[MAXPATHLEN];
32 register const char *endp, *startp; 28 size_t len;
29 const char *endp, *startp;
33 30
34 /* Empty or NULL string gets treated as "." */ 31 /* Empty or NULL string gets treated as "." */
35 if (path == NULL || *path == '\0') { 32 if (path == NULL || *path == '\0') {
36 (void)strlcpy(bname, ".", sizeof bname); 33 bname[0] = '.';
37 return(bname); 34 bname[1] = '\0';
35 return (bname);
38 } 36 }
39 37
40 /* Strip trailing slashes */ 38 /* Strip any trailing slashes */
41 endp = path + strlen(path) - 1; 39 endp = path + strlen(path) - 1;
42 while (endp > path && *endp == '/') 40 while (endp > path && *endp == '/')
43 endp--; 41 endp--;
44 42
45 /* All slashes become "/" */ 43 /* All slashes becomes "/" */
46 if (endp == path && *endp == '/') { 44 if (endp == path && *endp == '/') {
47 (void)strlcpy(bname, "/", sizeof bname); 45 bname[0] = '/';
48 return(bname); 46 bname[1] = '\0';
47 return (bname);
49 } 48 }
50 49
51 /* Find the start of the base */ 50 /* Find the start of the base */
@@ -53,12 +52,14 @@ basename(const char *path)
53 while (startp > path && *(startp - 1) != '/') 52 while (startp > path && *(startp - 1) != '/')
54 startp--; 53 startp--;
55 54
56 if (endp - startp + 2 > sizeof(bname)) { 55 len = endp - startp + 1;
56 if (len >= sizeof(bname)) {
57 errno = ENAMETOOLONG; 57 errno = ENAMETOOLONG;
58 return(NULL); 58 return (NULL);
59 } 59 }
60 strlcpy(bname, startp, endp - startp + 2); 60 memcpy(bname, startp, len);
61 return(bname); 61 bname[len] = '\0';
62 return (bname);
62} 63}
63 64
64#endif /* !defined(HAVE_BASENAME) */ 65#endif /* !defined(HAVE_BASENAME) */
diff --git a/openbsd-compat/bindresvport.c b/openbsd-compat/bindresvport.c
index 8a273f9b5..7f48fd03a 100644
--- a/openbsd-compat/bindresvport.c
+++ b/openbsd-compat/bindresvport.c
@@ -1,6 +1,6 @@
1/* This file has be substantially modified from the original OpenBSD source */ 1/* This file has be substantially modified from the original OpenBSD source */
2 2
3/* $OpenBSD: bindresvport.c,v 1.15 2003/05/20 22:42:35 deraadt Exp $ */ 3/* $OpenBSD: bindresvport.c,v 1.16 2005/04/01 07:44:03 otto Exp $ */
4 4
5/* 5/*
6 * Copyright 1996, Jason Downs. All rights reserved. 6 * Copyright 1996, Jason Downs. All rights reserved.
@@ -28,6 +28,8 @@
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */ 29 */
30 30
31/* OPENBSD ORIGINAL: lib/libc/rpc/bindresvport.c */
32
31#include "includes.h" 33#include "includes.h"
32 34
33#ifndef HAVE_BINDRESVPORT_SA 35#ifndef HAVE_BINDRESVPORT_SA
@@ -42,9 +44,7 @@
42 * Bind a socket to a privileged IP port 44 * Bind a socket to a privileged IP port
43 */ 45 */
44int 46int
45bindresvport_sa(sd, sa) 47bindresvport_sa(int sd, struct sockaddr *sa)
46 int sd;
47 struct sockaddr *sa;
48{ 48{
49 int error, af; 49 int error, af;
50 struct sockaddr_storage myaddr; 50 struct sockaddr_storage myaddr;
diff --git a/openbsd-compat/bsd-asprintf.c b/openbsd-compat/bsd-asprintf.c
new file mode 100644
index 000000000..5ca01f80f
--- /dev/null
+++ b/openbsd-compat/bsd-asprintf.c
@@ -0,0 +1,95 @@
1/*
2 * Copyright (c) 2004 Darren Tucker.
3 *
4 * Based originally on asprintf.c from OpenBSD:
5 * Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 */
19
20#include "includes.h"
21
22#ifndef HAVE_VASPRINTF
23
24#ifndef VA_COPY
25# ifdef HAVE_VA_COPY
26# define VA_COPY(dest, src) va_copy(dest, src)
27# else
28# ifdef HAVE___VA_COPY
29# define VA_COPY(dest, src) __va_copy(dest, src)
30# else
31# define VA_COPY(dest, src) (dest) = (src)
32# endif
33# endif
34#endif
35
36#define INIT_SZ 128
37
38int vasprintf(char **str, const char *fmt, va_list ap)
39{
40 int ret = -1;
41 va_list ap2;
42 char *string, *newstr;
43 size_t len;
44
45 VA_COPY(ap2, ap);
46 if ((string = malloc(INIT_SZ)) == NULL)
47 goto fail;
48
49 ret = vsnprintf(string, INIT_SZ, fmt, ap2);
50 if (ret >= 0 && ret < INIT_SZ) { /* succeeded with initial alloc */
51 *str = string;
52 } else if (ret == INT_MAX) { /* shouldn't happen */
53 goto fail;
54 } else { /* bigger than initial, realloc allowing for nul */
55 len = (size_t)ret + 1;
56 if ((newstr = realloc(string, len)) == NULL) {
57 free(string);
58 goto fail;
59 } else {
60 va_end(ap2);
61 VA_COPY(ap2, ap);
62 ret = vsnprintf(newstr, len, fmt, ap2);
63 if (ret >= 0 && (size_t)ret < len) {
64 *str = newstr;
65 } else { /* failed with realloc'ed string, give up */
66 free(newstr);
67 goto fail;
68 }
69 }
70 }
71 va_end(ap2);
72 return (ret);
73
74fail:
75 *str = NULL;
76 errno = ENOMEM;
77 va_end(ap2);
78 return (-1);
79}
80#endif
81
82#ifndef HAVE_ASPRINTF
83int asprintf(char **str, const char *fmt, ...)
84{
85 va_list ap;
86 int ret;
87
88 *str = NULL;
89 va_start(ap, fmt);
90 ret = vasprintf(str, fmt, ap);
91 va_end(ap);
92
93 return ret;
94}
95#endif
diff --git a/openbsd-compat/bsd-closefrom.c b/openbsd-compat/bsd-closefrom.c
index 61a9fa391..5b7b94ae4 100644
--- a/openbsd-compat/bsd-closefrom.c
+++ b/openbsd-compat/bsd-closefrom.c
@@ -46,7 +46,7 @@
46# define OPEN_MAX 256 46# define OPEN_MAX 256
47#endif 47#endif
48 48
49RCSID("$Id: bsd-closefrom.c,v 1.1 2004/08/15 08:41:00 djm Exp $"); 49RCSID("$Id: bsd-closefrom.c,v 1.2 2005/11/10 08:29:13 dtucker Exp $");
50 50
51#ifndef lint 51#ifndef lint
52static const char sudorcsid[] = "$Sudo: closefrom.c,v 1.6 2004/06/01 20:51:56 millert Exp $"; 52static const char sudorcsid[] = "$Sudo: closefrom.c,v 1.6 2004/06/01 20:51:56 millert Exp $";
@@ -67,7 +67,7 @@ closefrom(int lowfd)
67 67
68 /* Check for a /proc/$$/fd directory. */ 68 /* Check for a /proc/$$/fd directory. */
69 len = snprintf(fdpath, sizeof(fdpath), "/proc/%ld/fd", (long)getpid()); 69 len = snprintf(fdpath, sizeof(fdpath), "/proc/%ld/fd", (long)getpid());
70 if (len != -1 && len <= sizeof(fdpath) && (dirp = opendir(fdpath))) { 70 if (len >= 0 && (u_int)len <= sizeof(fdpath) && (dirp = opendir(fdpath))) {
71 while ((dent = readdir(dirp)) != NULL) { 71 while ((dent = readdir(dirp)) != NULL) {
72 fd = strtol(dent->d_name, &endp, 10); 72 fd = strtol(dent->d_name, &endp, 10);
73 if (dent->d_name != endp && *endp == '\0' && 73 if (dent->d_name != endp && *endp == '\0' &&
diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c
index 6ba9bd986..d32b054d7 100644
--- a/openbsd-compat/bsd-misc.c
+++ b/openbsd-compat/bsd-misc.c
@@ -18,7 +18,7 @@
18#include "includes.h" 18#include "includes.h"
19#include "xmalloc.h" 19#include "xmalloc.h"
20 20
21RCSID("$Id: bsd-misc.c,v 1.27 2005/05/27 11:13:41 dtucker Exp $"); 21RCSID("$Id: bsd-misc.c,v 1.28 2005/11/01 22:07:31 dtucker Exp $");
22 22
23#ifndef HAVE___PROGNAME 23#ifndef HAVE___PROGNAME
24char *__progname; 24char *__progname;
@@ -223,10 +223,7 @@ strdup(const char *str)
223 len = strlen(str) + 1; 223 len = strlen(str) + 1;
224 cp = malloc(len); 224 cp = malloc(len);
225 if (cp != NULL) 225 if (cp != NULL)
226 if (strlcpy(cp, str, len) != len) { 226 return(memcpy(cp, str, len));
227 free(cp); 227 return NULL;
228 return NULL;
229 }
230 return cp;
231} 228}
232#endif 229#endif
diff --git a/openbsd-compat/bsd-snprintf.c b/openbsd-compat/bsd-snprintf.c
index b5a7ef7a0..e4ba154fd 100644
--- a/openbsd-compat/bsd-snprintf.c
+++ b/openbsd-compat/bsd-snprintf.c
@@ -45,45 +45,82 @@
45 * missing. Some systems only have snprintf() but not vsnprintf(), so 45 * missing. Some systems only have snprintf() but not vsnprintf(), so
46 * the code is now broken down under HAVE_SNPRINTF and HAVE_VSNPRINTF. 46 * the code is now broken down under HAVE_SNPRINTF and HAVE_VSNPRINTF.
47 * 47 *
48 * Ben Lindstrom <mouring@eviladmin.org> 09/27/00 for OpenSSH 48 * Andrew Tridgell (tridge@samba.org) Oct 1998
49 * Welcome to the world of %lld and %qd support. With other 49 * fixed handling of %.0f
50 * long long support. This is needed for sftp-server to work 50 * added test for HAVE_LONG_DOUBLE
51 * right.
52 * 51 *
53 * Ben Lindstrom <mouring@eviladmin.org> 02/12/01 for OpenSSH 52 * tridge@samba.org, idra@samba.org, April 2001
54 * Removed all hint of VARARGS stuff and banished it to the void, 53 * got rid of fcvt code (twas buggy and made testing harder)
55 * and did a bit of KNF style work to make things a bit more 54 * added C99 semantics
56 * acceptable. Consider stealing from mutt or enlightenment. 55 *
56 * date: 2002/12/19 19:56:31; author: herb; state: Exp; lines: +2 -0
57 * actually print args for %g and %e
58 *
59 * date: 2002/06/03 13:37:52; author: jmcd; state: Exp; lines: +8 -0
60 * Since includes.h isn't included here, VA_COPY has to be defined here. I don't
61 * see any include file that is guaranteed to be here, so I'm defining it
62 * locally. Fixes AIX and Solaris builds.
63 *
64 * date: 2002/06/03 03:07:24; author: tridge; state: Exp; lines: +5 -13
65 * put the ifdef for HAVE_VA_COPY in one place rather than in lots of
66 * functions
67 *
68 * date: 2002/05/17 14:51:22; author: jmcd; state: Exp; lines: +21 -4
69 * Fix usage of va_list passed as an arg. Use __va_copy before using it
70 * when it exists.
71 *
72 * date: 2002/04/16 22:38:04; author: idra; state: Exp; lines: +20 -14
73 * Fix incorrect zpadlen handling in fmtfp.
74 * Thanks to Ollie Oldham <ollie.oldham@metro-optix.com> for spotting it.
75 * few mods to make it easier to compile the tests.
76 * addedd the "Ollie" test to the floating point ones.
77 *
78 * Martin Pool (mbp@samba.org) April 2003
79 * Remove NO_CONFIG_H so that the test case can be built within a source
80 * tree with less trouble.
81 * Remove unnecessary SAFE_FREE() definition.
82 *
83 * Martin Pool (mbp@samba.org) May 2003
84 * Put in a prototype for dummy_snprintf() to quiet compiler warnings.
85 *
86 * Move #endif to make sure VA_COPY, LDOUBLE, etc are defined even
87 * if the C library has some snprintf functions already.
57 **************************************************************/ 88 **************************************************************/
58 89
59#include "includes.h" 90#include "includes.h"
60 91
61RCSID("$Id: bsd-snprintf.c,v 1.9 2004/09/23 11:35:09 dtucker Exp $"); 92RCSID("$Id: bsd-snprintf.c,v 1.11 2005/12/17 11:32:04 dtucker Exp $");
62 93
63#if defined(BROKEN_SNPRINTF) /* For those with broken snprintf() */ 94#if defined(BROKEN_SNPRINTF) /* For those with broken snprintf() */
64# undef HAVE_SNPRINTF 95# undef HAVE_SNPRINTF
65# undef HAVE_VSNPRINTF 96# undef HAVE_VSNPRINTF
66#endif 97#endif
67 98
68#if !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF) 99#ifndef VA_COPY
69 100# ifdef HAVE_VA_COPY
70static void 101# define VA_COPY(dest, src) va_copy(dest, src)
71dopr(char *buffer, size_t maxlen, const char *format, va_list args); 102# else
72 103# ifdef HAVE___VA_COPY
73static void 104# define VA_COPY(dest, src) __va_copy(dest, src)
74fmtstr(char *buffer, size_t *currlen, size_t maxlen, char *value, int flags, 105# else
75 int min, int max); 106# define VA_COPY(dest, src) (dest) = (src)
107# endif
108# endif
109#endif
76 110
77static void 111#if !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF)
78fmtint(char *buffer, size_t *currlen, size_t maxlen, long value, int base,
79 int min, int max, int flags);
80 112
81static void 113#ifdef HAVE_LONG_DOUBLE
82fmtfp(char *buffer, size_t *currlen, size_t maxlen, long double fvalue, 114# define LDOUBLE long double
83 int min, int max, int flags); 115#else
116# define LDOUBLE double
117#endif
84 118
85static void 119#ifdef HAVE_LONG_LONG
86dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c); 120# define LLONG long long
121#else
122# define LLONG long
123#endif
87 124
88/* 125/*
89 * dopr(): poor man's version of doprintf 126 * dopr(): poor man's version of doprintf
@@ -109,28 +146,49 @@ dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c);
109#define DP_F_UNSIGNED (1 << 6) 146#define DP_F_UNSIGNED (1 << 6)
110 147
111/* Conversion Flags */ 148/* Conversion Flags */
112#define DP_C_SHORT 1 149#define DP_C_SHORT 1
113#define DP_C_LONG 2 150#define DP_C_LONG 2
114#define DP_C_LDOUBLE 3 151#define DP_C_LDOUBLE 3
115#define DP_C_LONG_LONG 4 152#define DP_C_LLONG 4
116 153
117#define char_to_int(p) (p - '0') 154#define char_to_int(p) ((p)- '0')
118#define abs_val(p) (p < 0 ? -p : p) 155#ifndef MAX
119 156# define MAX(p,q) (((p) >= (q)) ? (p) : (q))
157#endif
120 158
121static void 159static size_t dopr(char *buffer, size_t maxlen, const char *format,
122dopr(char *buffer, size_t maxlen, const char *format, va_list args) 160 va_list args_in);
161static void fmtstr(char *buffer, size_t *currlen, size_t maxlen,
162 char *value, int flags, int min, int max);
163static void fmtint(char *buffer, size_t *currlen, size_t maxlen,
164 long value, int base, int min, int max, int flags);
165static void fmtfp(char *buffer, size_t *currlen, size_t maxlen,
166 LDOUBLE fvalue, int min, int max, int flags);
167static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c);
168
169static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args_in)
123{ 170{
124 char *strvalue, ch; 171 char ch;
125 long value; 172 LLONG value;
126 long double fvalue; 173 LDOUBLE fvalue;
127 int min = 0, max = -1, state = DP_S_DEFAULT, flags = 0, cflags = 0; 174 char *strvalue;
128 size_t currlen = 0; 175 int min;
129 176 int max;
177 int state;
178 int flags;
179 int cflags;
180 size_t currlen;
181 va_list args;
182
183 VA_COPY(args, args_in);
184
185 state = DP_S_DEFAULT;
186 currlen = flags = cflags = min = 0;
187 max = -1;
130 ch = *format++; 188 ch = *format++;
131 189
132 while (state != DP_S_DONE) { 190 while (state != DP_S_DONE) {
133 if ((ch == '\0') || (currlen >= maxlen)) 191 if (ch == '\0')
134 state = DP_S_DONE; 192 state = DP_S_DONE;
135 193
136 switch(state) { 194 switch(state) {
@@ -138,7 +196,7 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args)
138 if (ch == '%') 196 if (ch == '%')
139 state = DP_S_FLAGS; 197 state = DP_S_FLAGS;
140 else 198 else
141 dopr_outch(buffer, &currlen, maxlen, ch); 199 dopr_outch (buffer, &currlen, maxlen, ch);
142 ch = *format++; 200 ch = *format++;
143 break; 201 break;
144 case DP_S_FLAGS: 202 case DP_S_FLAGS:
@@ -170,34 +228,37 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args)
170 break; 228 break;
171 case DP_S_MIN: 229 case DP_S_MIN:
172 if (isdigit((unsigned char)ch)) { 230 if (isdigit((unsigned char)ch)) {
173 min = 10 * min + char_to_int (ch); 231 min = 10*min + char_to_int (ch);
174 ch = *format++; 232 ch = *format++;
175 } else if (ch == '*') { 233 } else if (ch == '*') {
176 min = va_arg (args, int); 234 min = va_arg (args, int);
177 ch = *format++; 235 ch = *format++;
178 state = DP_S_DOT; 236 state = DP_S_DOT;
179 } else 237 } else {
180 state = DP_S_DOT; 238 state = DP_S_DOT;
239 }
181 break; 240 break;
182 case DP_S_DOT: 241 case DP_S_DOT:
183 if (ch == '.') { 242 if (ch == '.') {
184 state = DP_S_MAX; 243 state = DP_S_MAX;
185 ch = *format++; 244 ch = *format++;
186 } else 245 } else {
187 state = DP_S_MOD; 246 state = DP_S_MOD;
247 }
188 break; 248 break;
189 case DP_S_MAX: 249 case DP_S_MAX:
190 if (isdigit((unsigned char)ch)) { 250 if (isdigit((unsigned char)ch)) {
191 if (max < 0) 251 if (max < 0)
192 max = 0; 252 max = 0;
193 max = 10 * max + char_to_int(ch); 253 max = 10*max + char_to_int (ch);
194 ch = *format++; 254 ch = *format++;
195 } else if (ch == '*') { 255 } else if (ch == '*') {
196 max = va_arg (args, int); 256 max = va_arg (args, int);
197 ch = *format++; 257 ch = *format++;
198 state = DP_S_MOD; 258 state = DP_S_MOD;
199 } else 259 } else {
200 state = DP_S_MOD; 260 state = DP_S_MOD;
261 }
201 break; 262 break;
202 case DP_S_MOD: 263 case DP_S_MOD:
203 switch (ch) { 264 switch (ch) {
@@ -208,15 +269,11 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args)
208 case 'l': 269 case 'l':
209 cflags = DP_C_LONG; 270 cflags = DP_C_LONG;
210 ch = *format++; 271 ch = *format++;
211 if (ch == 'l') { 272 if (ch == 'l') { /* It's a long long */
212 cflags = DP_C_LONG_LONG; 273 cflags = DP_C_LLONG;
213 ch = *format++; 274 ch = *format++;
214 } 275 }
215 break; 276 break;
216 case 'q':
217 cflags = DP_C_LONG_LONG;
218 ch = *format++;
219 break;
220 case 'L': 277 case 'L':
221 cflags = DP_C_LDOUBLE; 278 cflags = DP_C_LDOUBLE;
222 ch = *format++; 279 ch = *format++;
@@ -231,37 +288,37 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args)
231 case 'd': 288 case 'd':
232 case 'i': 289 case 'i':
233 if (cflags == DP_C_SHORT) 290 if (cflags == DP_C_SHORT)
234 value = va_arg(args, int); 291 value = va_arg (args, int);
235 else if (cflags == DP_C_LONG) 292 else if (cflags == DP_C_LONG)
236 value = va_arg(args, long int); 293 value = va_arg (args, long int);
237 else if (cflags == DP_C_LONG_LONG) 294 else if (cflags == DP_C_LLONG)
238 value = va_arg (args, long long); 295 value = va_arg (args, LLONG);
239 else 296 else
240 value = va_arg (args, int); 297 value = va_arg (args, int);
241 fmtint(buffer, &currlen, maxlen, value, 10, min, max, flags); 298 fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags);
242 break; 299 break;
243 case 'o': 300 case 'o':
244 flags |= DP_F_UNSIGNED; 301 flags |= DP_F_UNSIGNED;
245 if (cflags == DP_C_SHORT) 302 if (cflags == DP_C_SHORT)
246 value = va_arg(args, unsigned int); 303 value = va_arg (args, unsigned int);
247 else if (cflags == DP_C_LONG) 304 else if (cflags == DP_C_LONG)
248 value = va_arg(args, unsigned long int); 305 value = (long)va_arg (args, unsigned long int);
249 else if (cflags == DP_C_LONG_LONG) 306 else if (cflags == DP_C_LLONG)
250 value = va_arg(args, unsigned long long); 307 value = (long)va_arg (args, unsigned LLONG);
251 else 308 else
252 value = va_arg(args, unsigned int); 309 value = (long)va_arg (args, unsigned int);
253 fmtint(buffer, &currlen, maxlen, value, 8, min, max, flags); 310 fmtint (buffer, &currlen, maxlen, value, 8, min, max, flags);
254 break; 311 break;
255 case 'u': 312 case 'u':
256 flags |= DP_F_UNSIGNED; 313 flags |= DP_F_UNSIGNED;
257 if (cflags == DP_C_SHORT) 314 if (cflags == DP_C_SHORT)
258 value = va_arg(args, unsigned int); 315 value = va_arg (args, unsigned int);
259 else if (cflags == DP_C_LONG) 316 else if (cflags == DP_C_LONG)
260 value = va_arg(args, unsigned long int); 317 value = (long)va_arg (args, unsigned long int);
261 else if (cflags == DP_C_LONG_LONG) 318 else if (cflags == DP_C_LLONG)
262 value = va_arg(args, unsigned long long); 319 value = (LLONG)va_arg (args, unsigned LLONG);
263 else 320 else
264 value = va_arg(args, unsigned int); 321 value = (long)va_arg (args, unsigned int);
265 fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags); 322 fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags);
266 break; 323 break;
267 case 'X': 324 case 'X':
@@ -269,79 +326,86 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args)
269 case 'x': 326 case 'x':
270 flags |= DP_F_UNSIGNED; 327 flags |= DP_F_UNSIGNED;
271 if (cflags == DP_C_SHORT) 328 if (cflags == DP_C_SHORT)
272 value = va_arg(args, unsigned int); 329 value = va_arg (args, unsigned int);
273 else if (cflags == DP_C_LONG) 330 else if (cflags == DP_C_LONG)
274 value = va_arg(args, unsigned long int); 331 value = (long)va_arg (args, unsigned long int);
275 else if (cflags == DP_C_LONG_LONG) 332 else if (cflags == DP_C_LLONG)
276 value = va_arg(args, unsigned long long); 333 value = (LLONG)va_arg (args, unsigned LLONG);
277 else 334 else
278 value = va_arg(args, unsigned int); 335 value = (long)va_arg (args, unsigned int);
279 fmtint(buffer, &currlen, maxlen, value, 16, min, max, flags); 336 fmtint (buffer, &currlen, maxlen, value, 16, min, max, flags);
280 break; 337 break;
281 case 'f': 338 case 'f':
282 if (cflags == DP_C_LDOUBLE) 339 if (cflags == DP_C_LDOUBLE)
283 fvalue = va_arg(args, long double); 340 fvalue = va_arg (args, LDOUBLE);
284 else 341 else
285 fvalue = va_arg(args, double); 342 fvalue = va_arg (args, double);
286 /* um, floating point? */ 343 /* um, floating point? */
287 fmtfp(buffer, &currlen, maxlen, fvalue, min, max, flags); 344 fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags);
288 break; 345 break;
289 case 'E': 346 case 'E':
290 flags |= DP_F_UP; 347 flags |= DP_F_UP;
291 case 'e': 348 case 'e':
292 if (cflags == DP_C_LDOUBLE) 349 if (cflags == DP_C_LDOUBLE)
293 fvalue = va_arg(args, long double); 350 fvalue = va_arg (args, LDOUBLE);
294 else 351 else
295 fvalue = va_arg(args, double); 352 fvalue = va_arg (args, double);
353 fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags);
296 break; 354 break;
297 case 'G': 355 case 'G':
298 flags |= DP_F_UP; 356 flags |= DP_F_UP;
299 case 'g': 357 case 'g':
300 if (cflags == DP_C_LDOUBLE) 358 if (cflags == DP_C_LDOUBLE)
301 fvalue = va_arg(args, long double); 359 fvalue = va_arg (args, LDOUBLE);
302 else 360 else
303 fvalue = va_arg(args, double); 361 fvalue = va_arg (args, double);
362 fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags);
304 break; 363 break;
305 case 'c': 364 case 'c':
306 dopr_outch(buffer, &currlen, maxlen, va_arg(args, int)); 365 dopr_outch (buffer, &currlen, maxlen, va_arg (args, int));
307 break; 366 break;
308 case 's': 367 case 's':
309 strvalue = va_arg(args, char *); 368 strvalue = va_arg (args, char *);
310 if (max < 0) 369 if (!strvalue) strvalue = "(NULL)";
311 max = maxlen; /* ie, no max */ 370 if (max == -1) {
312 fmtstr(buffer, &currlen, maxlen, strvalue, flags, min, max); 371 max = strlen(strvalue);
372 }
373 if (min > 0 && max >= 0 && min > max) max = min;
374 fmtstr (buffer, &currlen, maxlen, strvalue, flags, min, max);
313 break; 375 break;
314 case 'p': 376 case 'p':
315 strvalue = va_arg(args, void *); 377 strvalue = va_arg (args, void *);
316 fmtint(buffer, &currlen, maxlen, (long) strvalue, 16, min, max, flags); 378 fmtint (buffer, &currlen, maxlen, (long) strvalue, 16, min, max, flags);
317 break; 379 break;
318 case 'n': 380 case 'n':
319 if (cflags == DP_C_SHORT) { 381 if (cflags == DP_C_SHORT) {
320 short int *num; 382 short int *num;
321 num = va_arg(args, short int *); 383 num = va_arg (args, short int *);
322 *num = currlen; 384 *num = currlen;
323 } else if (cflags == DP_C_LONG) { 385 } else if (cflags == DP_C_LONG) {
324 long int *num; 386 long int *num;
325 num = va_arg(args, long int *); 387 num = va_arg (args, long int *);
326 *num = currlen; 388 *num = (long int)currlen;
327 } else if (cflags == DP_C_LONG_LONG) { 389 } else if (cflags == DP_C_LLONG) {
328 long long *num; 390 LLONG *num;
329 num = va_arg(args, long long *); 391 num = va_arg (args, LLONG *);
330 *num = currlen; 392 *num = (LLONG)currlen;
331 } else { 393 } else {
332 int *num; 394 int *num;
333 num = va_arg(args, int *); 395 num = va_arg (args, int *);
334 *num = currlen; 396 *num = currlen;
335 } 397 }
336 break; 398 break;
337 case '%': 399 case '%':
338 dopr_outch(buffer, &currlen, maxlen, ch); 400 dopr_outch (buffer, &currlen, maxlen, ch);
339 break; 401 break;
340 case 'w': /* not supported yet, treat as next char */ 402 case 'w':
403 /* not supported yet, treat as next char */
341 ch = *format++; 404 ch = *format++;
342 break; 405 break;
343 default: /* Unknown, skip */ 406 default:
344 break; 407 /* Unknown, skip */
408 break;
345 } 409 }
346 ch = *format++; 410 ch = *format++;
347 state = DP_S_DEFAULT; 411 state = DP_S_DEFAULT;
@@ -350,24 +414,33 @@ dopr(char *buffer, size_t maxlen, const char *format, va_list args)
350 break; 414 break;
351 case DP_S_DONE: 415 case DP_S_DONE:
352 break; 416 break;
353 default: /* hmm? */ 417 default:
418 /* hmm? */
354 break; /* some picky compilers need this */ 419 break; /* some picky compilers need this */
355 } 420 }
356 } 421 }
357 if (currlen < maxlen - 1) 422 if (maxlen != 0) {
358 buffer[currlen] = '\0'; 423 if (currlen < maxlen - 1)
359 else 424 buffer[currlen] = '\0';
360 buffer[maxlen - 1] = '\0'; 425 else if (maxlen > 0)
426 buffer[maxlen - 1] = '\0';
427 }
428
429 return currlen;
361} 430}
362 431
363static void 432static void fmtstr(char *buffer, size_t *currlen, size_t maxlen,
364fmtstr(char *buffer, size_t *currlen, size_t maxlen, 433 char *value, int flags, int min, int max)
365 char *value, int flags, int min, int max)
366{ 434{
367 int cnt = 0, padlen, strln; /* amount to pad */ 435 int padlen, strln; /* amount to pad */
368 436 int cnt = 0;
369 if (value == 0) 437
438#ifdef DEBUG_SNPRINTF
439 printf("fmtstr min=%d max=%d s=[%s]\n", min, max, value);
440#endif
441 if (value == 0) {
370 value = "<NULL>"; 442 value = "<NULL>";
443 }
371 444
372 for (strln = 0; strln < max && value[strln]; ++strln); /* strlen */ 445 for (strln = 0; strln < max && value[strln]; ++strln); /* strlen */
373 padlen = min - strln; 446 padlen = min - strln;
@@ -375,18 +448,18 @@ fmtstr(char *buffer, size_t *currlen, size_t maxlen,
375 padlen = 0; 448 padlen = 0;
376 if (flags & DP_F_MINUS) 449 if (flags & DP_F_MINUS)
377 padlen = -padlen; /* Left Justify */ 450 padlen = -padlen; /* Left Justify */
378 451
379 while ((padlen > 0) && (cnt < max)) { 452 while ((padlen > 0) && (cnt < max)) {
380 dopr_outch(buffer, currlen, maxlen, ' '); 453 dopr_outch (buffer, currlen, maxlen, ' ');
381 --padlen; 454 --padlen;
382 ++cnt; 455 ++cnt;
383 } 456 }
384 while (*value && (cnt < max)) { 457 while (*value && (cnt < max)) {
385 dopr_outch(buffer, currlen, maxlen, *value++); 458 dopr_outch (buffer, currlen, maxlen, *value++);
386 ++cnt; 459 ++cnt;
387 } 460 }
388 while ((padlen < 0) && (cnt < max)) { 461 while ((padlen < 0) && (cnt < max)) {
389 dopr_outch(buffer, currlen, maxlen, ' '); 462 dopr_outch (buffer, currlen, maxlen, ' ');
390 ++padlen; 463 ++padlen;
391 ++cnt; 464 ++cnt;
392 } 465 }
@@ -394,49 +467,49 @@ fmtstr(char *buffer, size_t *currlen, size_t maxlen,
394 467
395/* Have to handle DP_F_NUM (ie 0x and 0 alternates) */ 468/* Have to handle DP_F_NUM (ie 0x and 0 alternates) */
396 469
397static void 470static void fmtint(char *buffer, size_t *currlen, size_t maxlen,
398fmtint(char *buffer, size_t *currlen, size_t maxlen, 471 long value, int base, int min, int max, int flags)
399 long value, int base, int min, int max, int flags)
400{ 472{
473 int signvalue = 0;
401 unsigned long uvalue; 474 unsigned long uvalue;
402 char convert[20]; 475 char convert[20];
403 int signvalue = 0, place = 0, caps = 0; 476 int place = 0;
404 int spadlen = 0; /* amount to space pad */ 477 int spadlen = 0; /* amount to space pad */
405 int zpadlen = 0; /* amount to zero pad */ 478 int zpadlen = 0; /* amount to zero pad */
406 479 int caps = 0;
480
407 if (max < 0) 481 if (max < 0)
408 max = 0; 482 max = 0;
409 483
410 uvalue = value; 484 uvalue = value;
411 485
412 if (!(flags & DP_F_UNSIGNED)) { 486 if(!(flags & DP_F_UNSIGNED)) {
413 if (value < 0) { 487 if( value < 0 ) {
414 signvalue = '-'; 488 signvalue = '-';
415 uvalue = -value; 489 uvalue = -value;
416 } else if (flags & DP_F_PLUS) /* Do a sign (+/i) */ 490 } else {
417 signvalue = '+'; 491 if (flags & DP_F_PLUS) /* Do a sign (+/i) */
418 else if (flags & DP_F_SPACE) 492 signvalue = '+';
419 signvalue = ' '; 493 else if (flags & DP_F_SPACE)
494 signvalue = ' ';
495 }
420 } 496 }
421 497
422 if (flags & DP_F_UP) 498 if (flags & DP_F_UP) caps = 1; /* Should characters be upper case? */
423 caps = 1; /* Should characters be upper case? */ 499
424 do { 500 do {
425 convert[place++] = 501 convert[place++] =
426 (caps ? "0123456789ABCDEF" : "0123456789abcdef") 502 (caps? "0123456789ABCDEF":"0123456789abcdef")
427 [uvalue % (unsigned)base]; 503 [uvalue % (unsigned)base ];
428 uvalue = (uvalue / (unsigned)base ); 504 uvalue = (uvalue / (unsigned)base );
429 } while (uvalue && (place < 20)); 505 } while(uvalue && (place < 20));
430 if (place == 20) 506 if (place == 20) place--;
431 place--;
432 convert[place] = 0; 507 convert[place] = 0;
433 508
434 zpadlen = max - place; 509 zpadlen = max - place;
435 spadlen = min - MAX (max, place) - (signvalue ? 1 : 0); 510 spadlen = min - MAX (max, place) - (signvalue ? 1 : 0);
436 if (zpadlen < 0) 511 if (zpadlen < 0) zpadlen = 0;
437 zpadlen = 0; 512 if (spadlen < 0) spadlen = 0;
438 if (spadlen < 0)
439 spadlen = 0;
440 if (flags & DP_F_ZERO) { 513 if (flags & DP_F_ZERO) {
441 zpadlen = MAX(zpadlen, spadlen); 514 zpadlen = MAX(zpadlen, spadlen);
442 spadlen = 0; 515 spadlen = 0;
@@ -444,27 +517,32 @@ fmtint(char *buffer, size_t *currlen, size_t maxlen,
444 if (flags & DP_F_MINUS) 517 if (flags & DP_F_MINUS)
445 spadlen = -spadlen; /* Left Justifty */ 518 spadlen = -spadlen; /* Left Justifty */
446 519
520#ifdef DEBUG_SNPRINTF
521 printf("zpad: %d, spad: %d, min: %d, max: %d, place: %d\n",
522 zpadlen, spadlen, min, max, place);
523#endif
524
447 /* Spaces */ 525 /* Spaces */
448 while (spadlen > 0) { 526 while (spadlen > 0) {
449 dopr_outch(buffer, currlen, maxlen, ' '); 527 dopr_outch (buffer, currlen, maxlen, ' ');
450 --spadlen; 528 --spadlen;
451 } 529 }
452 530
453 /* Sign */ 531 /* Sign */
454 if (signvalue) 532 if (signvalue)
455 dopr_outch(buffer, currlen, maxlen, signvalue); 533 dopr_outch (buffer, currlen, maxlen, signvalue);
456 534
457 /* Zeros */ 535 /* Zeros */
458 if (zpadlen > 0) { 536 if (zpadlen > 0) {
459 while (zpadlen > 0) { 537 while (zpadlen > 0) {
460 dopr_outch(buffer, currlen, maxlen, '0'); 538 dopr_outch (buffer, currlen, maxlen, '0');
461 --zpadlen; 539 --zpadlen;
462 } 540 }
463 } 541 }
464 542
465 /* Digits */ 543 /* Digits */
466 while (place > 0) 544 while (place > 0)
467 dopr_outch(buffer, currlen, maxlen, convert[--place]); 545 dopr_outch (buffer, currlen, maxlen, convert[--place]);
468 546
469 /* Left Justified spaces */ 547 /* Left Justified spaces */
470 while (spadlen < 0) { 548 while (spadlen < 0) {
@@ -473,11 +551,20 @@ fmtint(char *buffer, size_t *currlen, size_t maxlen,
473 } 551 }
474} 552}
475 553
476static long double 554static LDOUBLE abs_val(LDOUBLE value)
477pow10(int exp)
478{ 555{
479 long double result = 1; 556 LDOUBLE result = value;
557
558 if (value < 0)
559 result = -value;
560
561 return result;
562}
480 563
564static LDOUBLE POW10(int exp)
565{
566 LDOUBLE result = 1;
567
481 while (exp) { 568 while (exp) {
482 result *= 10; 569 result *= 10;
483 exp--; 570 exp--;
@@ -486,28 +573,69 @@ pow10(int exp)
486 return result; 573 return result;
487} 574}
488 575
489static long 576static LLONG ROUND(LDOUBLE value)
490round(long double value)
491{ 577{
492 long intpart = value; 578 LLONG intpart;
493
494 value -= intpart;
495 if (value >= 0.5)
496 intpart++;
497 579
580 intpart = (LLONG)value;
581 value = value - intpart;
582 if (value >= 0.5) intpart++;
583
498 return intpart; 584 return intpart;
499} 585}
500 586
501static void 587/* a replacement for modf that doesn't need the math library. Should
502fmtfp(char *buffer, size_t *currlen, size_t maxlen, long double fvalue, 588 be portable, but slow */
503 int min, int max, int flags) 589static double my_modf(double x0, double *iptr)
504{ 590{
505 char iconvert[20], fconvert[20]; 591 int i;
506 int signvalue = 0, iplace = 0, fplace = 0; 592 long l;
593 double x = x0;
594 double f = 1.0;
595
596 for (i=0;i<100;i++) {
597 l = (long)x;
598 if (l <= (x+1) && l >= (x-1)) break;
599 x *= 0.1;
600 f *= 10.0;
601 }
602
603 if (i == 100) {
604 /* yikes! the number is beyond what we can handle. What do we do? */
605 (*iptr) = 0;
606 return 0;
607 }
608
609 if (i != 0) {
610 double i2;
611 double ret;
612
613 ret = my_modf(x0-l*f, &i2);
614 (*iptr) = l*f + i2;
615 return ret;
616 }
617
618 (*iptr) = l;
619 return x - (*iptr);
620}
621
622
623static void fmtfp (char *buffer, size_t *currlen, size_t maxlen,
624 LDOUBLE fvalue, int min, int max, int flags)
625{
626 int signvalue = 0;
627 double ufvalue;
628 char iconvert[311];
629 char fconvert[311];
630 int iplace = 0;
631 int fplace = 0;
507 int padlen = 0; /* amount to pad */ 632 int padlen = 0; /* amount to pad */
508 int zpadlen = 0, caps = 0; 633 int zpadlen = 0;
509 long intpart, fracpart; 634 int caps = 0;
510 long double ufvalue; 635 int idx;
636 double intpart;
637 double fracpart;
638 double temp;
511 639
512 /* 640 /*
513 * AIX manpage says the default is 0, but Solaris says the default 641 * AIX manpage says the default is 0, but Solaris says the default
@@ -516,137 +644,159 @@ fmtfp(char *buffer, size_t *currlen, size_t maxlen, long double fvalue,
516 if (max < 0) 644 if (max < 0)
517 max = 6; 645 max = 6;
518 646
519 ufvalue = abs_val(fvalue); 647 ufvalue = abs_val (fvalue);
520 648
521 if (fvalue < 0) 649 if (fvalue < 0) {
522 signvalue = '-'; 650 signvalue = '-';
523 else if (flags & DP_F_PLUS) /* Do a sign (+/i) */ 651 } else {
524 signvalue = '+'; 652 if (flags & DP_F_PLUS) { /* Do a sign (+/i) */
525 else if (flags & DP_F_SPACE) 653 signvalue = '+';
526 signvalue = ' '; 654 } else {
655 if (flags & DP_F_SPACE)
656 signvalue = ' ';
657 }
658 }
527 659
528 intpart = ufvalue; 660#if 0
661 if (flags & DP_F_UP) caps = 1; /* Should characters be upper case? */
662#endif
663
664#if 0
665 if (max == 0) ufvalue += 0.5; /* if max = 0 we must round */
666#endif
529 667
530 /* 668 /*
531 * Sorry, we only support 9 digits past the decimal because of our 669 * Sorry, we only support 16 digits past the decimal because of our
532 * conversion method 670 * conversion method
533 */ 671 */
534 if (max > 9) 672 if (max > 16)
535 max = 9; 673 max = 16;
536 674
537 /* We "cheat" by converting the fractional part to integer by 675 /* We "cheat" by converting the fractional part to integer by
538 * multiplying by a factor of 10 676 * multiplying by a factor of 10
539 */ 677 */
540 fracpart = round((pow10 (max)) * (ufvalue - intpart));
541 678
542 if (fracpart >= pow10 (max)) { 679 temp = ufvalue;
680 my_modf(temp, &intpart);
681
682 fracpart = ROUND((POW10(max)) * (ufvalue - intpart));
683
684 if (fracpart >= POW10(max)) {
543 intpart++; 685 intpart++;
544 fracpart -= pow10 (max); 686 fracpart -= POW10(max);
545 } 687 }
546 688
547 /* Convert integer part */ 689 /* Convert integer part */
548 do { 690 do {
691 temp = intpart*0.1;
692 my_modf(temp, &intpart);
693 idx = (int) ((temp -intpart +0.05)* 10.0);
694 /* idx = (int) (((double)(temp*0.1) -intpart +0.05) *10.0); */
695 /* printf ("%llf, %f, %x\n", temp, intpart, idx); */
549 iconvert[iplace++] = 696 iconvert[iplace++] =
550 (caps ? "0123456789ABCDEF" : "0123456789abcdef") 697 (caps? "0123456789ABCDEF":"0123456789abcdef")[idx];
551 [intpart % 10]; 698 } while (intpart && (iplace < 311));
552 intpart = (intpart / 10); 699 if (iplace == 311) iplace--;
553 } while(intpart && (iplace < 20));
554 if (iplace == 20)
555 iplace--;
556 iconvert[iplace] = 0; 700 iconvert[iplace] = 0;
557 701
558 /* Convert fractional part */ 702 /* Convert fractional part */
559 do { 703 if (fracpart)
560 fconvert[fplace++] = 704 {
561 (caps ? "0123456789ABCDEF" : "0123456789abcdef") 705 do {
562 [fracpart % 10]; 706 temp = fracpart*0.1;
563 fracpart = (fracpart / 10); 707 my_modf(temp, &fracpart);
564 } while(fracpart && (fplace < 20)); 708 idx = (int) ((temp -fracpart +0.05)* 10.0);
565 if (fplace == 20) 709 /* idx = (int) ((((temp/10) -fracpart) +0.05) *10); */
566 fplace--; 710 /* printf ("%lf, %lf, %ld\n", temp, fracpart, idx ); */
711 fconvert[fplace++] =
712 (caps? "0123456789ABCDEF":"0123456789abcdef")[idx];
713 } while(fracpart && (fplace < 311));
714 if (fplace == 311) fplace--;
715 }
567 fconvert[fplace] = 0; 716 fconvert[fplace] = 0;
568 717
569 /* -1 for decimal point, another -1 if we are printing a sign */ 718 /* -1 for decimal point, another -1 if we are printing a sign */
570 padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0); 719 padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0);
571 zpadlen = max - fplace; 720 zpadlen = max - fplace;
572 if (zpadlen < 0) 721 if (zpadlen < 0) zpadlen = 0;
573 zpadlen = 0;
574 if (padlen < 0) 722 if (padlen < 0)
575 padlen = 0; 723 padlen = 0;
576 if (flags & DP_F_MINUS) 724 if (flags & DP_F_MINUS)
577 padlen = -padlen; /* Left Justifty */ 725 padlen = -padlen; /* Left Justifty */
578 726
579 if ((flags & DP_F_ZERO) && (padlen > 0)) { 727 if ((flags & DP_F_ZERO) && (padlen > 0)) {
580 if (signvalue) { 728 if (signvalue) {
581 dopr_outch(buffer, currlen, maxlen, signvalue); 729 dopr_outch (buffer, currlen, maxlen, signvalue);
582 --padlen; 730 --padlen;
583 signvalue = 0; 731 signvalue = 0;
584 } 732 }
585 while (padlen > 0) { 733 while (padlen > 0) {
586 dopr_outch(buffer, currlen, maxlen, '0'); 734 dopr_outch (buffer, currlen, maxlen, '0');
587 --padlen; 735 --padlen;
588 } 736 }
589 } 737 }
590 while (padlen > 0) { 738 while (padlen > 0) {
591 dopr_outch(buffer, currlen, maxlen, ' '); 739 dopr_outch (buffer, currlen, maxlen, ' ');
592 --padlen; 740 --padlen;
593 } 741 }
594 if (signvalue) 742 if (signvalue)
595 dopr_outch(buffer, currlen, maxlen, signvalue); 743 dopr_outch (buffer, currlen, maxlen, signvalue);
596 744
597 while (iplace > 0) 745 while (iplace > 0)
598 dopr_outch(buffer, currlen, maxlen, iconvert[--iplace]); 746 dopr_outch (buffer, currlen, maxlen, iconvert[--iplace]);
747
748#ifdef DEBUG_SNPRINTF
749 printf("fmtfp: fplace=%d zpadlen=%d\n", fplace, zpadlen);
750#endif
599 751
600 /* 752 /*
601 * Decimal point. This should probably use locale to find the 753 * Decimal point. This should probably use locale to find the correct
602 * correct char to print out. 754 * char to print out.
603 */ 755 */
604 dopr_outch(buffer, currlen, maxlen, '.'); 756 if (max > 0) {
605 757 dopr_outch (buffer, currlen, maxlen, '.');
606 while (fplace > 0) 758
607 dopr_outch(buffer, currlen, maxlen, fconvert[--fplace]); 759 while (zpadlen > 0) {
760 dopr_outch (buffer, currlen, maxlen, '0');
761 --zpadlen;
762 }
608 763
609 while (zpadlen > 0) { 764 while (fplace > 0)
610 dopr_outch(buffer, currlen, maxlen, '0'); 765 dopr_outch (buffer, currlen, maxlen, fconvert[--fplace]);
611 --zpadlen;
612 } 766 }
613 767
614 while (padlen < 0) { 768 while (padlen < 0) {
615 dopr_outch(buffer, currlen, maxlen, ' '); 769 dopr_outch (buffer, currlen, maxlen, ' ');
616 ++padlen; 770 ++padlen;
617 } 771 }
618} 772}
619 773
620static void 774static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c)
621dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c)
622{ 775{
623 if (*currlen < maxlen) 776 if (*currlen < maxlen) {
624 buffer[(*currlen)++] = c; 777 buffer[(*currlen)] = c;
778 }
779 (*currlen)++;
625} 780}
626#endif /* !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF) */ 781#endif /* !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF) */
627 782
628#ifndef HAVE_VSNPRINTF 783#if !defined(HAVE_VSNPRINTF)
629int 784int vsnprintf (char *str, size_t count, const char *fmt, va_list args)
630vsnprintf(char *str, size_t count, const char *fmt, va_list args)
631{ 785{
632 str[0] = 0; 786 return dopr(str, count, fmt, args);
633 dopr(str, count, fmt, args);
634
635 return(strlen(str));
636} 787}
637#endif /* !HAVE_VSNPRINTF */ 788#endif
638 789
639#ifndef HAVE_SNPRINTF 790#if !defined(HAVE_SNPRINTF)
640int 791int snprintf(char *str, size_t count, SNPRINTF_CONST char *fmt, ...)
641snprintf(char *str,size_t count,const char *fmt,...)
642{ 792{
793 size_t ret;
643 va_list ap; 794 va_list ap;
644 795
645 va_start(ap, fmt); 796 va_start(ap, fmt);
646 (void) vsnprintf(str, count, fmt, ap); 797 ret = vsnprintf(str, count, fmt, ap);
647 va_end(ap); 798 va_end(ap);
648 799 return ret;
649 return(strlen(str));
650} 800}
801#endif
651 802
652#endif /* !HAVE_SNPRINTF */
diff --git a/openbsd-compat/daemon.c b/openbsd-compat/daemon.c
index c0be5fff9..f8a0680bf 100644
--- a/openbsd-compat/daemon.c
+++ b/openbsd-compat/daemon.c
@@ -1,5 +1,4 @@
1/* OPENBSD ORIGINAL: lib/libc/gen/daemon.c */ 1/* $OpenBSD: daemon.c,v 1.6 2005/08/08 08:05:33 espie Exp $ */
2
3/*- 2/*-
4 * Copyright (c) 1990, 1993 3 * Copyright (c) 1990, 1993
5 * The Regents of the University of California. All rights reserved. 4 * The Regents of the University of California. All rights reserved.
@@ -29,14 +28,12 @@
29 * SUCH DAMAGE. 28 * SUCH DAMAGE.
30 */ 29 */
31 30
31/* OPENBSD ORIGINAL: lib/libc/gen/daemon.c */
32
32#include "includes.h" 33#include "includes.h"
33 34
34#ifndef HAVE_DAEMON 35#ifndef HAVE_DAEMON
35 36
36#if defined(LIBC_SCCS) && !defined(lint)
37static char rcsid[] = "$OpenBSD: daemon.c,v 1.5 2003/07/15 17:32:41 deraadt Exp $";
38#endif /* LIBC_SCCS and not lint */
39
40int 37int
41daemon(int nochdir, int noclose) 38daemon(int nochdir, int noclose)
42{ 39{
diff --git a/openbsd-compat/dirname.c b/openbsd-compat/dirname.c
index 25ab34dd6..30fcb4968 100644
--- a/openbsd-compat/dirname.c
+++ b/openbsd-compat/dirname.c
@@ -1,9 +1,7 @@
1/* OPENBSD ORIGINAL: lib/libc/gen/dirname.c */ 1/* $OpenBSD: dirname.c,v 1.13 2005/08/08 08:05:33 espie Exp $ */
2
3/* $OpenBSD: dirname.c,v 1.10 2003/06/17 21:56:23 millert Exp $ */
4 2
5/* 3/*
6 * Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com> 4 * Copyright (c) 1997, 2004 Todd C. Miller <Todd.Miller@courtesan.com>
7 * 5 *
8 * Permission to use, copy, modify, and distribute this software for any 6 * Permission to use, copy, modify, and distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above 7 * purpose with or without fee is hereby granted, provided that the above
@@ -18,13 +16,11 @@
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 */ 17 */
20 18
19/* OPENBSD ORIGINAL: lib/libc/gen/dirname.c */
20
21#include "includes.h" 21#include "includes.h"
22#ifndef HAVE_DIRNAME 22#ifndef HAVE_DIRNAME
23 23
24#ifndef lint
25static char rcsid[] = "$OpenBSD: dirname.c,v 1.10 2003/06/17 21:56:23 millert Exp $";
26#endif /* not lint */
27
28#include <errno.h> 24#include <errno.h>
29#include <string.h> 25#include <string.h>
30#include <sys/param.h> 26#include <sys/param.h>
@@ -32,16 +28,18 @@ static char rcsid[] = "$OpenBSD: dirname.c,v 1.10 2003/06/17 21:56:23 millert Ex
32char * 28char *
33dirname(const char *path) 29dirname(const char *path)
34{ 30{
35 static char bname[MAXPATHLEN]; 31 static char dname[MAXPATHLEN];
36 register const char *endp; 32 size_t len;
33 const char *endp;
37 34
38 /* Empty or NULL string gets treated as "." */ 35 /* Empty or NULL string gets treated as "." */
39 if (path == NULL || *path == '\0') { 36 if (path == NULL || *path == '\0') {
40 (void)strlcpy(bname, ".", sizeof bname); 37 dname[0] = '.';
41 return(bname); 38 dname[1] = '\0';
39 return (dname);
42 } 40 }
43 41
44 /* Strip trailing slashes */ 42 /* Strip any trailing slashes */
45 endp = path + strlen(path) - 1; 43 endp = path + strlen(path) - 1;
46 while (endp > path && *endp == '/') 44 while (endp > path && *endp == '/')
47 endp--; 45 endp--;
@@ -52,19 +50,23 @@ dirname(const char *path)
52 50
53 /* Either the dir is "/" or there are no slashes */ 51 /* Either the dir is "/" or there are no slashes */
54 if (endp == path) { 52 if (endp == path) {
55 (void)strlcpy(bname, *endp == '/' ? "/" : ".", sizeof bname); 53 dname[0] = *endp == '/' ? '/' : '.';
56 return(bname); 54 dname[1] = '\0';
55 return (dname);
57 } else { 56 } else {
57 /* Move forward past the separating slashes */
58 do { 58 do {
59 endp--; 59 endp--;
60 } while (endp > path && *endp == '/'); 60 } while (endp > path && *endp == '/');
61 } 61 }
62 62
63 if (endp - path + 2 > sizeof(bname)) { 63 len = endp - path + 1;
64 if (len >= sizeof(dname)) {
64 errno = ENAMETOOLONG; 65 errno = ENAMETOOLONG;
65 return(NULL); 66 return (NULL);
66 } 67 }
67 strlcpy(bname, path, endp - path + 2); 68 memcpy(dname, path, len);
68 return(bname); 69 dname[len] = '\0';
70 return (dname);
69} 71}
70#endif 72#endif
diff --git a/openbsd-compat/getcwd.c b/openbsd-compat/getcwd.c
index 19be59172..711cb9cd5 100644
--- a/openbsd-compat/getcwd.c
+++ b/openbsd-compat/getcwd.c
@@ -1,5 +1,4 @@
1/* OPENBSD ORIGINAL: lib/libc/gen/getcwd.c */ 1/* $OpenBSD: getcwd.c,v 1.14 2005/08/08 08:05:34 espie Exp $ */
2
3/* 2/*
4 * Copyright (c) 1989, 1991, 1993 3 * Copyright (c) 1989, 1991, 1993
5 * The Regents of the University of California. All rights reserved. 4 * The Regents of the University of California. All rights reserved.
@@ -29,14 +28,12 @@
29 * SUCH DAMAGE. 28 * SUCH DAMAGE.
30 */ 29 */
31 30
31/* OPENBSD ORIGINAL: lib/libc/gen/getcwd.c */
32
32#include "includes.h" 33#include "includes.h"
33 34
34#if !defined(HAVE_GETCWD) 35#if !defined(HAVE_GETCWD)
35 36
36#if defined(LIBC_SCCS) && !defined(lint)
37static char rcsid[] = "$OpenBSD: getcwd.c,v 1.9 2003/06/11 21:03:10 deraadt Exp $";
38#endif /* LIBC_SCCS and not lint */
39
40#include <sys/param.h> 37#include <sys/param.h>
41#include <sys/stat.h> 38#include <sys/stat.h>
42#include <errno.h> 39#include <errno.h>
@@ -54,12 +51,12 @@ static char rcsid[] = "$OpenBSD: getcwd.c,v 1.9 2003/06/11 21:03:10 deraadt Exp
54char * 51char *
55getcwd(char *pt, size_t size) 52getcwd(char *pt, size_t size)
56{ 53{
57 register struct dirent *dp; 54 struct dirent *dp;
58 register DIR *dir = NULL; 55 DIR *dir = NULL;
59 register dev_t dev; 56 dev_t dev;
60 register ino_t ino; 57 ino_t ino;
61 register int first; 58 int first;
62 register char *bpt, *bup; 59 char *bpt, *bup;
63 struct stat s; 60 struct stat s;
64 dev_t root_dev; 61 dev_t root_dev;
65 ino_t root_ino; 62 ino_t root_ino;
@@ -80,7 +77,7 @@ getcwd(char *pt, size_t size)
80 } 77 }
81 ept = pt + size; 78 ept = pt + size;
82 } else { 79 } else {
83 if ((pt = malloc(ptsize = 1024 - 4)) == NULL) 80 if ((pt = malloc(ptsize = MAXPATHLEN)) == NULL)
84 return (NULL); 81 return (NULL);
85 ept = pt + ptsize; 82 ept = pt + ptsize;
86 } 83 }
@@ -88,13 +85,13 @@ getcwd(char *pt, size_t size)
88 *bpt = '\0'; 85 *bpt = '\0';
89 86
90 /* 87 /*
91 * Allocate bytes (1024 - malloc space) for the string of "../"'s. 88 * Allocate bytes for the string of "../"'s.
92 * Should always be enough (it's 340 levels). If it's not, allocate 89 * Should always be enough (it's 340 levels). If it's not, allocate
93 * as necessary. Special * case the first stat, it's ".", not "..". 90 * as necessary. Special * case the first stat, it's ".", not "..".
94 */ 91 */
95 if ((up = malloc(upsize = 1024 - 4)) == NULL) 92 if ((up = malloc(upsize = MAXPATHLEN)) == NULL)
96 goto err; 93 goto err;
97 eup = up + MAXPATHLEN; 94 eup = up + upsize;
98 bup = up; 95 bup = up;
99 up[0] = '.'; 96 up[0] = '.';
100 up[1] = '\0'; 97 up[1] = '\0';
@@ -139,18 +136,16 @@ getcwd(char *pt, size_t size)
139 136
140 if ((nup = realloc(up, upsize *= 2)) == NULL) 137 if ((nup = realloc(up, upsize *= 2)) == NULL)
141 goto err; 138 goto err;
139 bup = nup + (bup - up);
142 up = nup; 140 up = nup;
143 bup = up;
144 eup = up + upsize; 141 eup = up + upsize;
145 } 142 }
146 *bup++ = '.'; 143 *bup++ = '.';
147 *bup++ = '.'; 144 *bup++ = '.';
148 *bup = '\0'; 145 *bup = '\0';
149 146
150 /* Open and stat parent directory. 147 /* Open and stat parent directory. */
151 * RACE?? - replaced fstat(dirfd(dir), &s) w/ lstat(up,&s) 148 if (!(dir = opendir(up)) || fstat(dirfd(dir), &s))
152 */
153 if (!(dir = opendir(up)) || lstat(up,&s))
154 goto err; 149 goto err;
155 150
156 /* Add trailing slash for next directory. */ 151 /* Add trailing slash for next directory. */
@@ -175,7 +170,7 @@ getcwd(char *pt, size_t size)
175 goto notfound; 170 goto notfound;
176 if (ISDOT(dp)) 171 if (ISDOT(dp))
177 continue; 172 continue;
178 memmove(bup, dp->d_name, dp->d_namlen + 1); 173 memcpy(bup, dp->d_name, dp->d_namlen + 1);
179 174
180 /* Save the first error for later. */ 175 /* Save the first error for later. */
181 if (lstat(up, &s)) { 176 if (lstat(up, &s)) {
@@ -193,19 +188,18 @@ getcwd(char *pt, size_t size)
193 * leading slash. 188 * leading slash.
194 */ 189 */
195 if (bpt - pt < dp->d_namlen + (first ? 1 : 2)) { 190 if (bpt - pt < dp->d_namlen + (first ? 1 : 2)) {
196 size_t len, off; 191 size_t len;
197 char *npt; 192 char *npt;
198 193
199 if (!ptsize) { 194 if (!ptsize) {
200 errno = ERANGE; 195 errno = ERANGE;
201 goto err; 196 goto err;
202 } 197 }
203 off = bpt - pt;
204 len = ept - bpt; 198 len = ept - bpt;
205 if ((npt = realloc(pt, ptsize *= 2)) == NULL) 199 if ((npt = realloc(pt, ptsize *= 2)) == NULL)
206 goto err; 200 goto err;
201 bpt = npt + (bpt - pt);
207 pt = npt; 202 pt = npt;
208 bpt = pt + off;
209 ept = pt + ptsize; 203 ept = pt + ptsize;
210 memmove(ept - len, bpt, len); 204 memmove(ept - len, bpt, len);
211 bpt = ept - len; 205 bpt = ept - len;
@@ -213,7 +207,7 @@ getcwd(char *pt, size_t size)
213 if (!first) 207 if (!first)
214 *--bpt = '/'; 208 *--bpt = '/';
215 bpt -= dp->d_namlen; 209 bpt -= dp->d_namlen;
216 memmove(bpt, dp->d_name, dp->d_namlen); 210 memcpy(bpt, dp->d_name, dp->d_namlen);
217 (void)closedir(dir); 211 (void)closedir(dir);
218 212
219 /* Truncate any file name. */ 213 /* Truncate any file name. */
@@ -230,12 +224,16 @@ notfound:
230 errno = save_errno ? save_errno : ENOENT; 224 errno = save_errno ? save_errno : ENOENT;
231 /* FALLTHROUGH */ 225 /* FALLTHROUGH */
232err: 226err:
227 save_errno = errno;
228
233 if (ptsize) 229 if (ptsize)
234 free(pt); 230 free(pt);
235 if (up) 231 free(up);
236 free(up);
237 if (dir) 232 if (dir)
238 (void)closedir(dir); 233 (void)closedir(dir);
234
235 errno = save_errno;
236
239 return (NULL); 237 return (NULL);
240} 238}
241 239
diff --git a/openbsd-compat/getgrouplist.c b/openbsd-compat/getgrouplist.c
index 59c164f44..a57d7d388 100644
--- a/openbsd-compat/getgrouplist.c
+++ b/openbsd-compat/getgrouplist.c
@@ -1,5 +1,4 @@
1/* OPENBSD ORIGINAL: lib/libc/gen/getgrouplist.c */ 1/* $OpenBSD: getgrouplist.c,v 1.12 2005/08/08 08:05:34 espie Exp $ */
2
3/* 2/*
4 * Copyright (c) 1991, 1993 3 * Copyright (c) 1991, 1993
5 * The Regents of the University of California. All rights reserved. 4 * The Regents of the University of California. All rights reserved.
@@ -29,14 +28,12 @@
29 * SUCH DAMAGE. 28 * SUCH DAMAGE.
30 */ 29 */
31 30
31/* OPENBSD ORIGINAL: lib/libc/gen/getgrouplist.c */
32
32#include "includes.h" 33#include "includes.h"
33 34
34#ifndef HAVE_GETGROUPLIST 35#ifndef HAVE_GETGROUPLIST
35 36
36#if defined(LIBC_SCCS) && !defined(lint)
37static char rcsid[] = "$OpenBSD: getgrouplist.c,v 1.9 2003/06/25 21:16:47 deraadt Exp $";
38#endif /* LIBC_SCCS and not lint */
39
40/* 37/*
41 * get credential 38 * get credential
42 */ 39 */
@@ -46,14 +43,10 @@ static char rcsid[] = "$OpenBSD: getgrouplist.c,v 1.9 2003/06/25 21:16:47 deraad
46#include <grp.h> 43#include <grp.h>
47 44
48int 45int
49getgrouplist(uname, agroup, groups, grpcnt) 46getgrouplist(const char *uname, gid_t agroup, gid_t *groups, int *grpcnt)
50 const char *uname;
51 gid_t agroup;
52 register gid_t *groups;
53 int *grpcnt;
54{ 47{
55 register struct group *grp; 48 struct group *grp;
56 register int i, ngroups; 49 int i, ngroups;
57 int ret, maxgroups; 50 int ret, maxgroups;
58 int bail; 51 int bail;
59 52
diff --git a/openbsd-compat/getopt.c b/openbsd-compat/getopt.c
index f5ee6778d..5450e43d9 100644
--- a/openbsd-compat/getopt.c
+++ b/openbsd-compat/getopt.c
@@ -1,5 +1,3 @@
1/* OPENBSD ORIGINAL: lib/libc/stdlib/getopt.c */
2
3/* 1/*
4 * Copyright (c) 1987, 1993, 1994 2 * Copyright (c) 1987, 1993, 1994
5 * The Regents of the University of California. All rights reserved. 3 * The Regents of the University of California. All rights reserved.
@@ -29,6 +27,8 @@
29 * SUCH DAMAGE. 27 * SUCH DAMAGE.
30 */ 28 */
31 29
30/* OPENBSD ORIGINAL: lib/libc/stdlib/getopt.c */
31
32#include "includes.h" 32#include "includes.h"
33#if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET) 33#if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET)
34 34
diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c
index 2016ffe31..bea6aea3b 100644
--- a/openbsd-compat/getrrsetbyname.c
+++ b/openbsd-compat/getrrsetbyname.c
@@ -1,6 +1,4 @@
1/* OPENBSD ORIGINAL: lib/libc/net/getrrsetbyname.c */ 1/* $OpenBSD: getrrsetbyname.c,v 1.10 2005/03/30 02:58:28 tedu Exp $ */
2
3/* $OpenBSD: getrrsetbyname.c,v 1.7 2003/03/07 07:34:14 itojun Exp $ */
4 2
5/* 3/*
6 * Copyright (c) 2001 Jakob Schlyter. All rights reserved. 4 * Copyright (c) 2001 Jakob Schlyter. All rights reserved.
@@ -45,54 +43,26 @@
45 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 43 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
46 */ 44 */
47 45
46/* OPENBSD ORIGINAL: lib/libc/net/getrrsetbyname.c */
47
48#include "includes.h" 48#include "includes.h"
49 49
50#ifndef HAVE_GETRRSETBYNAME 50#ifndef HAVE_GETRRSETBYNAME
51 51
52#include "getrrsetbyname.h" 52#include "getrrsetbyname.h"
53 53
54#define ANSWER_BUFFER_SIZE 1024*64
55
56#if defined(HAVE_DECL_H_ERRNO) && !HAVE_DECL_H_ERRNO 54#if defined(HAVE_DECL_H_ERRNO) && !HAVE_DECL_H_ERRNO
57extern int h_errno; 55extern int h_errno;
58#endif 56#endif
59 57
60struct dns_query { 58/* We don't need multithread support here */
61 char *name; 59#ifdef _THREAD_PRIVATE
62 u_int16_t type; 60# undef _THREAD_PRIVATE
63 u_int16_t class; 61#endif
64 struct dns_query *next; 62#define _THREAD_PRIVATE(a,b,c) (c)
65}; 63struct __res_state _res;
66
67struct dns_rr {
68 char *name;
69 u_int16_t type;
70 u_int16_t class;
71 u_int16_t ttl;
72 u_int16_t size;
73 void *rdata;
74 struct dns_rr *next;
75};
76
77struct dns_response {
78 HEADER header;
79 struct dns_query *query;
80 struct dns_rr *answer;
81 struct dns_rr *authority;
82 struct dns_rr *additional;
83};
84
85static struct dns_response *parse_dns_response(const u_char *, int);
86static struct dns_query *parse_dns_qsection(const u_char *, int,
87 const u_char **, int);
88static struct dns_rr *parse_dns_rrsection(const u_char *, int, const u_char **,
89 int);
90
91static void free_dns_query(struct dns_query *);
92static void free_dns_rr(struct dns_rr *);
93static void free_dns_response(struct dns_response *);
94 64
95static int count_dns_rr(struct dns_rr *, u_int16_t, u_int16_t); 65/* Necessary functions and macros */
96 66
97/* 67/*
98 * Inline versions of get/put short/long. Pointer is advanced. 68 * Inline versions of get/put short/long. Pointer is advanced.
@@ -162,14 +132,56 @@ _getlong(msgp)
162u_int32_t _getlong(register const u_char *); 132u_int32_t _getlong(register const u_char *);
163#endif 133#endif
164 134
135/* ************** */
136
137#define ANSWER_BUFFER_SIZE 1024*64
138
139struct dns_query {
140 char *name;
141 u_int16_t type;
142 u_int16_t class;
143 struct dns_query *next;
144};
145
146struct dns_rr {
147 char *name;
148 u_int16_t type;
149 u_int16_t class;
150 u_int16_t ttl;
151 u_int16_t size;
152 void *rdata;
153 struct dns_rr *next;
154};
155
156struct dns_response {
157 HEADER header;
158 struct dns_query *query;
159 struct dns_rr *answer;
160 struct dns_rr *authority;
161 struct dns_rr *additional;
162};
163
164static struct dns_response *parse_dns_response(const u_char *, int);
165static struct dns_query *parse_dns_qsection(const u_char *, int,
166 const u_char **, int);
167static struct dns_rr *parse_dns_rrsection(const u_char *, int, const u_char **,
168 int);
169
170static void free_dns_query(struct dns_query *);
171static void free_dns_rr(struct dns_rr *);
172static void free_dns_response(struct dns_response *);
173
174static int count_dns_rr(struct dns_rr *, u_int16_t, u_int16_t);
175
165int 176int
166getrrsetbyname(const char *hostname, unsigned int rdclass, 177getrrsetbyname(const char *hostname, unsigned int rdclass,
167 unsigned int rdtype, unsigned int flags, 178 unsigned int rdtype, unsigned int flags,
168 struct rrsetinfo **res) 179 struct rrsetinfo **res)
169{ 180{
181 struct __res_state *_resp = _THREAD_PRIVATE(_res, _res, &_res);
170 int result; 182 int result;
171 struct rrsetinfo *rrset = NULL; 183 struct rrsetinfo *rrset = NULL;
172 struct dns_response *response; 184 struct dns_response *response = NULL;
173 struct dns_rr *rr; 185 struct dns_rr *rr;
174 struct rdatainfo *rdata; 186 struct rdatainfo *rdata;
175 int length; 187 int length;
@@ -195,19 +207,19 @@ getrrsetbyname(const char *hostname, unsigned int rdclass,
195 } 207 }
196 208
197 /* initialize resolver */ 209 /* initialize resolver */
198 if ((_res.options & RES_INIT) == 0 && res_init() == -1) { 210 if ((_resp->options & RES_INIT) == 0 && res_init() == -1) {
199 result = ERRSET_FAIL; 211 result = ERRSET_FAIL;
200 goto fail; 212 goto fail;
201 } 213 }
202 214
203#ifdef DEBUG 215#ifdef DEBUG
204 _res.options |= RES_DEBUG; 216 _resp->options |= RES_DEBUG;
205#endif /* DEBUG */ 217#endif /* DEBUG */
206 218
207#ifdef RES_USE_DNSSEC 219#ifdef RES_USE_DNSSEC
208 /* turn on DNSSEC if EDNS0 is configured */ 220 /* turn on DNSSEC if EDNS0 is configured */
209 if (_res.options & RES_USE_EDNS0) 221 if (_resp->options & RES_USE_EDNS0)
210 _res.options |= RES_USE_DNSSEC; 222 _resp->options |= RES_USE_DNSSEC;
211#endif /* RES_USE_DNSEC */ 223#endif /* RES_USE_DNSEC */
212 224
213 /* make query */ 225 /* make query */
@@ -257,13 +269,11 @@ getrrsetbyname(const char *hostname, unsigned int rdclass,
257#endif 269#endif
258 270
259 /* copy name from answer section */ 271 /* copy name from answer section */
260 length = strlen(response->answer->name); 272 rrset->rri_name = strdup(response->answer->name);
261 rrset->rri_name = malloc(length + 1);
262 if (rrset->rri_name == NULL) { 273 if (rrset->rri_name == NULL) {
263 result = ERRSET_NOMEMORY; 274 result = ERRSET_NOMEMORY;
264 goto fail; 275 goto fail;
265 } 276 }
266 strlcpy(rrset->rri_name, response->answer->name, length + 1);
267 277
268 /* count answers */ 278 /* count answers */
269 rrset->rri_nrdatas = count_dns_rr(response->answer, rrset->rri_rdclass, 279 rrset->rri_nrdatas = count_dns_rr(response->answer, rrset->rri_rdclass,
@@ -281,7 +291,7 @@ getrrsetbyname(const char *hostname, unsigned int rdclass,
281 291
282 /* allocate memory for signatures */ 292 /* allocate memory for signatures */
283 rrset->rri_sigs = calloc(rrset->rri_nsigs, sizeof(struct rdatainfo)); 293 rrset->rri_sigs = calloc(rrset->rri_nsigs, sizeof(struct rdatainfo));
284 if (rrset->rri_nsigs > 0 && rrset->rri_sigs == NULL) { 294 if (rrset->rri_sigs == NULL) {
285 result = ERRSET_NOMEMORY; 295 result = ERRSET_NOMEMORY;
286 goto fail; 296 goto fail;
287 } 297 }
@@ -311,6 +321,7 @@ getrrsetbyname(const char *hostname, unsigned int rdclass,
311 memcpy(rdata->rdi_data, rr->rdata, rr->size); 321 memcpy(rdata->rdi_data, rr->rdata, rr->size);
312 } 322 }
313 } 323 }
324 free_dns_response(response);
314 325
315 *res = rrset; 326 *res = rrset;
316 return (ERRSET_SUCCESS); 327 return (ERRSET_SUCCESS);
@@ -318,6 +329,8 @@ getrrsetbyname(const char *hostname, unsigned int rdclass,
318fail: 329fail:
319 if (rrset != NULL) 330 if (rrset != NULL)
320 freerrset(rrset); 331 freerrset(rrset);
332 if (response != NULL)
333 free_dns_response(response);
321 return (result); 334 return (result);
322} 335}
323 336
@@ -467,7 +480,8 @@ parse_dns_qsection(const u_char *answer, int size, const u_char **cp, int count)
467} 480}
468 481
469static struct dns_rr * 482static struct dns_rr *
470parse_dns_rrsection(const u_char *answer, int size, const u_char **cp, int count) 483parse_dns_rrsection(const u_char *answer, int size, const u_char **cp,
484 int count)
471{ 485{
472 struct dns_rr *head, *curr, *prev; 486 struct dns_rr *head, *curr, *prev;
473 int i, length; 487 int i, length;
diff --git a/openbsd-compat/glob.c b/openbsd-compat/glob.c
index 7fafc8c40..f6a04ea3f 100644
--- a/openbsd-compat/glob.c
+++ b/openbsd-compat/glob.c
@@ -1,5 +1,4 @@
1/* OPENBSD ORIGINAL: lib/libc/gen/glob.c */ 1/* $OpenBSD: glob.c,v 1.25 2005/08/08 08:05:34 espie Exp $ */
2
3/* 2/*
4 * Copyright (c) 1989, 1993 3 * Copyright (c) 1989, 1993
5 * The Regents of the University of California. All rights reserved. 4 * The Regents of the University of California. All rights reserved.
@@ -32,6 +31,8 @@
32 * SUCH DAMAGE. 31 * SUCH DAMAGE.
33 */ 32 */
34 33
34/* OPENBSD ORIGINAL: lib/libc/gen/glob.c */
35
35#include "includes.h" 36#include "includes.h"
36#include <ctype.h> 37#include <ctype.h>
37 38
@@ -50,14 +51,6 @@ get_arg_max(void)
50#if !defined(HAVE_GLOB) || !defined(GLOB_HAS_ALTDIRFUNC) || \ 51#if !defined(HAVE_GLOB) || !defined(GLOB_HAS_ALTDIRFUNC) || \
51 !defined(GLOB_HAS_GL_MATCHC) 52 !defined(GLOB_HAS_GL_MATCHC)
52 53
53#if defined(LIBC_SCCS) && !defined(lint)
54#if 0
55static char sccsid[] = "@(#)glob.c 8.3 (Berkeley) 10/13/93";
56#else
57static char rcsid[] = "$OpenBSD: glob.c,v 1.22 2003/06/25 21:16:47 deraadt Exp $";
58#endif
59#endif /* LIBC_SCCS and not lint */
60
61/* 54/*
62 * glob(3) -- a superset of the one defined in POSIX 1003.2. 55 * glob(3) -- a superset of the one defined in POSIX 1003.2.
63 * 56 *
@@ -158,10 +151,8 @@ static void qprintf(const char *, Char *);
158#endif 151#endif
159 152
160int 153int
161glob(pattern, flags, errfunc, pglob) 154glob(const char *pattern, int flags, int (*errfunc)(const char *, int),
162 const char *pattern; 155 glob_t *pglob)
163 int flags, (*errfunc)(const char *, int);
164 glob_t *pglob;
165{ 156{
166 const u_char *patnext; 157 const u_char *patnext;
167 int c; 158 int c;
@@ -209,9 +200,7 @@ glob(pattern, flags, errfunc, pglob)
209 * characters 200 * characters
210 */ 201 */
211static int 202static int
212globexp1(pattern, pglob) 203globexp1(const Char *pattern, glob_t *pglob)
213 const Char *pattern;
214 glob_t *pglob;
215{ 204{
216 const Char* ptr = pattern; 205 const Char* ptr = pattern;
217 int rv; 206 int rv;
@@ -234,10 +223,7 @@ globexp1(pattern, pglob)
234 * If it fails then it tries to glob the rest of the pattern and returns. 223 * If it fails then it tries to glob the rest of the pattern and returns.
235 */ 224 */
236static int 225static int
237globexp2(ptr, pattern, pglob, rv) 226globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, int *rv)
238 const Char *ptr, *pattern;
239 glob_t *pglob;
240 int *rv;
241{ 227{
242 int i; 228 int i;
243 Char *lm, *ls; 229 Char *lm, *ls;
@@ -342,11 +328,7 @@ globexp2(ptr, pattern, pglob, rv)
342 * expand tilde from the passwd file. 328 * expand tilde from the passwd file.
343 */ 329 */
344static const Char * 330static const Char *
345globtilde(pattern, patbuf, patbuf_len, pglob) 331globtilde(const Char *pattern, Char *patbuf, size_t patbuf_len, glob_t *pglob)
346 const Char *pattern;
347 Char *patbuf;
348 size_t patbuf_len;
349 glob_t *pglob;
350{ 332{
351 struct passwd *pwd; 333 struct passwd *pwd;
352 char *h; 334 char *h;
@@ -414,9 +396,7 @@ globtilde(pattern, patbuf, patbuf_len, pglob)
414 * to find no matches. 396 * to find no matches.
415 */ 397 */
416static int 398static int
417glob0(pattern, pglob) 399glob0(const Char *pattern, glob_t *pglob)
418 const Char *pattern;
419 glob_t *pglob;
420{ 400{
421 const Char *qpatnext; 401 const Char *qpatnext;
422 int c, err, oldpathc; 402 int c, err, oldpathc;
@@ -503,17 +483,13 @@ glob0(pattern, pglob)
503} 483}
504 484
505static int 485static int
506compare(p, q) 486compare(const void *p, const void *q)
507 const void *p, *q;
508{ 487{
509 return(strcmp(*(char **)p, *(char **)q)); 488 return(strcmp(*(char **)p, *(char **)q));
510} 489}
511 490
512static int 491static int
513glob1(pattern, pattern_last, pglob, limitp) 492glob1(Char *pattern, Char *pattern_last, glob_t *pglob, size_t *limitp)
514 Char *pattern, *pattern_last;
515 glob_t *pglob;
516 size_t *limitp;
517{ 493{
518 Char pathbuf[MAXPATHLEN]; 494 Char pathbuf[MAXPATHLEN];
519 495
@@ -531,12 +507,8 @@ glob1(pattern, pattern_last, pglob, limitp)
531 * meta characters. 507 * meta characters.
532 */ 508 */
533static int 509static int
534glob2(pathbuf, pathbuf_last, pathend, pathend_last, pattern, 510glob2(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last,
535 pattern_last, pglob, limitp) 511 Char *pattern, Char *pattern_last, glob_t *pglob, size_t *limitp)
536 Char *pathbuf, *pathbuf_last, *pathend, *pathend_last;
537 Char *pattern, *pattern_last;
538 glob_t *pglob;
539 size_t *limitp;
540{ 512{
541 struct stat sb; 513 struct stat sb;
542 Char *p, *q; 514 Char *p, *q;
@@ -595,14 +567,11 @@ glob2(pathbuf, pathbuf_last, pathend, pathend_last, pattern,
595} 567}
596 568
597static int 569static int
598glob3(pathbuf, pathbuf_last, pathend, pathend_last, pattern, pattern_last, 570glob3(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last,
599 restpattern, restpattern_last, pglob, limitp) 571 Char *pattern, Char *pattern_last, Char *restpattern,
600 Char *pathbuf, *pathbuf_last, *pathend, *pathend_last; 572 Char *restpattern_last, glob_t *pglob, size_t *limitp)
601 Char *pattern, *pattern_last, *restpattern, *restpattern_last;
602 glob_t *pglob;
603 size_t *limitp;
604{ 573{
605 register struct dirent *dp; 574 struct dirent *dp;
606 DIR *dirp; 575 DIR *dirp;
607 int err; 576 int err;
608 char buf[MAXPATHLEN]; 577 char buf[MAXPATHLEN];
@@ -640,8 +609,8 @@ glob3(pathbuf, pathbuf_last, pathend, pathend_last, pattern, pattern_last,
640 else 609 else
641 readdirfunc = (struct dirent *(*)(void *))readdir; 610 readdirfunc = (struct dirent *(*)(void *))readdir;
642 while ((dp = (*readdirfunc)(dirp))) { 611 while ((dp = (*readdirfunc)(dirp))) {
643 register u_char *sc; 612 u_char *sc;
644 register Char *dc; 613 Char *dc;
645 614
646 /* Initial DOT must be matched literally. */ 615 /* Initial DOT must be matched literally. */
647 if (dp->d_name[0] == DOT && *pattern != DOT) 616 if (dp->d_name[0] == DOT && *pattern != DOT)
@@ -689,13 +658,10 @@ glob3(pathbuf, pathbuf_last, pathend, pathend_last, pattern, pattern_last,
689 * gl_pathv points to (gl_offs + gl_pathc + 1) items. 658 * gl_pathv points to (gl_offs + gl_pathc + 1) items.
690 */ 659 */
691static int 660static int
692globextend(path, pglob, limitp) 661globextend(const Char *path, glob_t *pglob, size_t *limitp)
693 const Char *path;
694 glob_t *pglob;
695 size_t *limitp;
696{ 662{
697 register char **pathv; 663 char **pathv;
698 register int i; 664 int i;
699 u_int newsize, len; 665 u_int newsize, len;
700 char *copy; 666 char *copy;
701 const Char *p; 667 const Char *p;
@@ -747,8 +713,7 @@ globextend(path, pglob, limitp)
747 * pattern causes a recursion level. 713 * pattern causes a recursion level.
748 */ 714 */
749static int 715static int
750match(name, pat, patend) 716match(Char *name, Char *pat, Char *patend)
751 register Char *name, *pat, *patend;
752{ 717{
753 int ok, negate_range; 718 int ok, negate_range;
754 Char c, k; 719 Char c, k;
@@ -759,11 +724,10 @@ match(name, pat, patend)
759 case M_ALL: 724 case M_ALL:
760 if (pat == patend) 725 if (pat == patend)
761 return(1); 726 return(1);
762 do 727 do {
763 if (match(name, pat, patend)) 728 if (match(name, pat, patend))
764 return(1); 729 return(1);
765 while (*name++ != EOS) 730 } while (*name++ != EOS);
766 ;
767 return(0); 731 return(0);
768 case M_ONE: 732 case M_ONE:
769 if (*name++ == EOS) 733 if (*name++ == EOS)
@@ -796,11 +760,10 @@ match(name, pat, patend)
796 760
797/* Free allocated data belonging to a glob_t structure. */ 761/* Free allocated data belonging to a glob_t structure. */
798void 762void
799globfree(pglob) 763globfree(glob_t *pglob)
800 glob_t *pglob;
801{ 764{
802 register int i; 765 int i;
803 register char **pp; 766 char **pp;
804 767
805 if (pglob->gl_pathv != NULL) { 768 if (pglob->gl_pathv != NULL) {
806 pp = pglob->gl_pathv + pglob->gl_offs; 769 pp = pglob->gl_pathv + pglob->gl_offs;
@@ -813,9 +776,7 @@ globfree(pglob)
813} 776}
814 777
815static DIR * 778static DIR *
816g_opendir(str, pglob) 779g_opendir(Char *str, glob_t *pglob)
817 register Char *str;
818 glob_t *pglob;
819{ 780{
820 char buf[MAXPATHLEN]; 781 char buf[MAXPATHLEN];
821 782
@@ -833,10 +794,7 @@ g_opendir(str, pglob)
833} 794}
834 795
835static int 796static int
836g_lstat(fn, sb, pglob) 797g_lstat(Char *fn, struct stat *sb, glob_t *pglob)
837 register Char *fn;
838 struct stat *sb;
839 glob_t *pglob;
840{ 798{
841 char buf[MAXPATHLEN]; 799 char buf[MAXPATHLEN];
842 800
@@ -848,10 +806,7 @@ g_lstat(fn, sb, pglob)
848} 806}
849 807
850static int 808static int
851g_stat(fn, sb, pglob) 809g_stat(Char *fn, struct stat *sb, glob_t *pglob)
852 register Char *fn;
853 struct stat *sb;
854 glob_t *pglob;
855{ 810{
856 char buf[MAXPATHLEN]; 811 char buf[MAXPATHLEN];
857 812
@@ -863,9 +818,7 @@ g_stat(fn, sb, pglob)
863} 818}
864 819
865static Char * 820static Char *
866g_strchr(str, ch) 821g_strchr(Char *str, int ch)
867 Char *str;
868 int ch;
869{ 822{
870 do { 823 do {
871 if (*str == ch) 824 if (*str == ch)
@@ -875,10 +828,7 @@ g_strchr(str, ch)
875} 828}
876 829
877static int 830static int
878g_Ctoc(str, buf, len) 831g_Ctoc(const Char *str, char *buf, u_int len)
879 register const Char *str;
880 char *buf;
881 u_int len;
882{ 832{
883 833
884 while (len--) { 834 while (len--) {
@@ -890,11 +840,9 @@ g_Ctoc(str, buf, len)
890 840
891#ifdef DEBUG 841#ifdef DEBUG
892static void 842static void
893qprintf(str, s) 843qprintf(const char *str, Char *s)
894 const char *str;
895 register Char *s;
896{ 844{
897 register Char *p; 845 Char *p;
898 846
899 (void)printf("%s:\n", str); 847 (void)printf("%s:\n", str);
900 for (p = s; *p; p++) 848 for (p = s; *p; p++)
diff --git a/openbsd-compat/glob.h b/openbsd-compat/glob.h
index 3428b2013..4fdbfc1ea 100644
--- a/openbsd-compat/glob.h
+++ b/openbsd-compat/glob.h
@@ -1,6 +1,4 @@
1/* OPENBSD ORIGINAL: include/glob.h */ 1/* $OpenBSD: glob.h,v 1.9 2004/10/07 16:56:11 millert Exp $ */
2
3/* $OpenBSD: glob.h,v 1.8 2003/06/02 19:34:12 millert Exp $ */
4/* $NetBSD: glob.h,v 1.5 1994/10/26 00:55:56 cgd Exp $ */ 2/* $NetBSD: glob.h,v 1.5 1994/10/26 00:55:56 cgd Exp $ */
5 3
6/* 4/*
@@ -37,6 +35,8 @@
37 * @(#)glob.h 8.1 (Berkeley) 6/2/93 35 * @(#)glob.h 8.1 (Berkeley) 6/2/93
38 */ 36 */
39 37
38/* OPENBSD ORIGINAL: include/glob.h */
39
40#if !defined(HAVE_GLOB_H) || !defined(GLOB_HAS_ALTDIRFUNC) || \ 40#if !defined(HAVE_GLOB_H) || !defined(GLOB_HAS_ALTDIRFUNC) || \
41 !defined(GLOB_HAS_GL_MATCHC) 41 !defined(GLOB_HAS_GL_MATCHC)
42 42
@@ -72,6 +72,7 @@ typedef struct {
72#define GLOB_MARK 0x0008 /* Append / to matching directories. */ 72#define GLOB_MARK 0x0008 /* Append / to matching directories. */
73#define GLOB_NOCHECK 0x0010 /* Return pattern itself if nothing matches. */ 73#define GLOB_NOCHECK 0x0010 /* Return pattern itself if nothing matches. */
74#define GLOB_NOSORT 0x0020 /* Don't sort. */ 74#define GLOB_NOSORT 0x0020 /* Don't sort. */
75#define GLOB_NOESCAPE 0x1000 /* Disable backslash escaping. */
75 76
76#define GLOB_ALTDIRFUNC 0x0040 /* Use alternately specified directory funcs. */ 77#define GLOB_ALTDIRFUNC 0x0040 /* Use alternately specified directory funcs. */
77#define GLOB_BRACE 0x0080 /* Expand braces ala csh. */ 78#define GLOB_BRACE 0x0080 /* Expand braces ala csh. */
@@ -79,7 +80,6 @@ typedef struct {
79#define GLOB_NOMAGIC 0x0200 /* GLOB_NOCHECK without magic chars (csh). */ 80#define GLOB_NOMAGIC 0x0200 /* GLOB_NOCHECK without magic chars (csh). */
80#define GLOB_QUOTE 0x0400 /* Quote special chars with \. */ 81#define GLOB_QUOTE 0x0400 /* Quote special chars with \. */
81#define GLOB_TILDE 0x0800 /* Expand tilde names from the passwd file. */ 82#define GLOB_TILDE 0x0800 /* Expand tilde names from the passwd file. */
82#define GLOB_NOESCAPE 0x1000 /* Disable backslash escaping. */
83#define GLOB_LIMIT 0x2000 /* Limit pattern match output to ARG_MAX */ 83#define GLOB_LIMIT 0x2000 /* Limit pattern match output to ARG_MAX */
84 84
85/* Error values returned by glob(3) */ 85/* Error values returned by glob(3) */
diff --git a/openbsd-compat/inet_aton.c b/openbsd-compat/inet_aton.c
index c141bcc68..130597e14 100644
--- a/openbsd-compat/inet_aton.c
+++ b/openbsd-compat/inet_aton.c
@@ -1,6 +1,4 @@
1/* OPENBSD ORIGINAL: lib/libc/net/inet_addr.c */ 1/* $OpenBSD: inet_addr.c,v 1.9 2005/08/06 20:30:03 espie Exp $ */
2
3/* $OpenBSD: inet_addr.c,v 1.7 2003/06/02 20:18:35 millert Exp $ */
4 2
5/* 3/*
6 * Copyright (c) 1983, 1990, 1993 4 * Copyright (c) 1983, 1990, 1993
@@ -51,19 +49,12 @@
51 * --Copyright-- 49 * --Copyright--
52 */ 50 */
53 51
52/* OPENBSD ORIGINAL: lib/libc/net/inet_addr.c */
53
54#include "includes.h" 54#include "includes.h"
55 55
56#if !defined(HAVE_INET_ATON) 56#if !defined(HAVE_INET_ATON)
57 57
58#if defined(LIBC_SCCS) && !defined(lint)
59#if 0
60static char sccsid[] = "@(#)inet_addr.c 8.1 (Berkeley) 6/17/93";
61static char rcsid[] = "$From: inet_addr.c,v 8.5 1996/08/05 08:31:35 vixie Exp $";
62#else
63static char rcsid[] = "$OpenBSD: inet_addr.c,v 1.7 2003/06/02 20:18:35 millert Exp $";
64#endif
65#endif /* LIBC_SCCS and not lint */
66
67#include <sys/types.h> 58#include <sys/types.h>
68#include <sys/param.h> 59#include <sys/param.h>
69#include <netinet/in.h> 60#include <netinet/in.h>
@@ -76,8 +67,7 @@ static char rcsid[] = "$OpenBSD: inet_addr.c,v 1.7 2003/06/02 20:18:35 millert E
76 * The value returned is in network order. 67 * The value returned is in network order.
77 */ 68 */
78in_addr_t 69in_addr_t
79inet_addr(cp) 70inet_addr(const char *cp)
80 register const char *cp;
81{ 71{
82 struct in_addr val; 72 struct in_addr val;
83 73
@@ -97,11 +87,11 @@ inet_addr(cp)
97int 87int
98inet_aton(const char *cp, struct in_addr *addr) 88inet_aton(const char *cp, struct in_addr *addr)
99{ 89{
100 register u_int32_t val; 90 u_int32_t val;
101 register int base, n; 91 int base, n;
102 register char c; 92 char c;
103 unsigned int parts[4]; 93 u_int parts[4];
104 register unsigned int *pp = parts; 94 u_int *pp = parts;
105 95
106 c = *cp; 96 c = *cp;
107 for (;;) { 97 for (;;) {
diff --git a/openbsd-compat/inet_ntoa.c b/openbsd-compat/inet_ntoa.c
index dc010dc53..0eb7b3bd7 100644
--- a/openbsd-compat/inet_ntoa.c
+++ b/openbsd-compat/inet_ntoa.c
@@ -1,5 +1,4 @@
1/* OPENBSD ORIGINAL: lib/libc/net/inet_ntoa.c */ 1/* $OpenBSD: inet_ntoa.c,v 1.6 2005/08/06 20:30:03 espie Exp $ */
2
3/* 2/*
4 * Copyright (c) 1983, 1993 3 * Copyright (c) 1983, 1993
5 * The Regents of the University of California. All rights reserved. 4 * The Regents of the University of California. All rights reserved.
@@ -29,14 +28,12 @@
29 * SUCH DAMAGE. 28 * SUCH DAMAGE.
30 */ 29 */
31 30
31/* OPENBSD ORIGINAL: lib/libc/net/inet_ntoa.c */
32
32#include "includes.h" 33#include "includes.h"
33 34
34#if defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA) 35#if defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA)
35 36
36#if defined(LIBC_SCCS) && !defined(lint)
37static char rcsid[] = "$OpenBSD: inet_ntoa.c,v 1.4 2003/06/02 20:18:35 millert Exp $";
38#endif /* LIBC_SCCS and not lint */
39
40/* 37/*
41 * Convert network-format internet address 38 * Convert network-format internet address
42 * to base 256 d.d.d.d representation. 39 * to base 256 d.d.d.d representation.
@@ -46,10 +43,11 @@ static char rcsid[] = "$OpenBSD: inet_ntoa.c,v 1.4 2003/06/02 20:18:35 millert E
46#include <arpa/inet.h> 43#include <arpa/inet.h>
47#include <stdio.h> 44#include <stdio.h>
48 45
49char *inet_ntoa(struct in_addr in) 46char *
47inet_ntoa(struct in_addr in)
50{ 48{
51 static char b[18]; 49 static char b[18];
52 register char *p; 50 char *p;
53 51
54 p = (char *)&in; 52 p = (char *)&in;
55#define UC(b) (((int)b)&0xff) 53#define UC(b) (((int)b)&0xff)
diff --git a/openbsd-compat/inet_ntop.c b/openbsd-compat/inet_ntop.c
index 47796c370..e7ca4b7f8 100644
--- a/openbsd-compat/inet_ntop.c
+++ b/openbsd-compat/inet_ntop.c
@@ -1,6 +1,4 @@
1/* OPENBSD ORIGINAL: lib/libc/net/inet_ntop.c */ 1/* $OpenBSD: inet_ntop.c,v 1.7 2005/08/06 20:30:03 espie Exp $ */
2
3/* $OpenBSD: inet_ntop.c,v 1.5 2002/08/23 16:27:31 itojun Exp $ */
4 2
5/* Copyright (c) 1996 by Internet Software Consortium. 3/* Copyright (c) 1996 by Internet Software Consortium.
6 * 4 *
@@ -18,18 +16,12 @@
18 * SOFTWARE. 16 * SOFTWARE.
19 */ 17 */
20 18
19/* OPENBSD ORIGINAL: lib/libc/net/inet_ntop.c */
20
21#include "includes.h" 21#include "includes.h"
22 22
23#ifndef HAVE_INET_NTOP 23#ifndef HAVE_INET_NTOP
24 24
25#if defined(LIBC_SCCS) && !defined(lint)
26#if 0
27static char rcsid[] = "$From: inet_ntop.c,v 8.7 1996/08/05 08:41:18 vixie Exp $";
28#else
29static char rcsid[] = "$OpenBSD: inet_ntop.c,v 1.5 2002/08/23 16:27:31 itojun Exp $";
30#endif
31#endif /* LIBC_SCCS and not lint */
32
33#include <sys/param.h> 25#include <sys/param.h>
34#include <sys/types.h> 26#include <sys/types.h>
35#include <sys/socket.h> 27#include <sys/socket.h>
@@ -65,11 +57,7 @@ static const char *inet_ntop6(const u_char *src, char *dst, size_t size);
65 * Paul Vixie, 1996. 57 * Paul Vixie, 1996.
66 */ 58 */
67const char * 59const char *
68inet_ntop(af, src, dst, size) 60inet_ntop(int af, const void *src, char *dst, size_t size)
69 int af;
70 const void *src;
71 char *dst;
72 size_t size;
73{ 61{
74 switch (af) { 62 switch (af) {
75 case AF_INET: 63 case AF_INET:
@@ -95,10 +83,7 @@ inet_ntop(af, src, dst, size)
95 * Paul Vixie, 1996. 83 * Paul Vixie, 1996.
96 */ 84 */
97static const char * 85static const char *
98inet_ntop4(src, dst, size) 86inet_ntop4(const u_char *src, char *dst, size_t size)
99 const u_char *src;
100 char *dst;
101 size_t size;
102{ 87{
103 static const char fmt[] = "%u.%u.%u.%u"; 88 static const char fmt[] = "%u.%u.%u.%u";
104 char tmp[sizeof "255.255.255.255"]; 89 char tmp[sizeof "255.255.255.255"];
@@ -120,10 +105,7 @@ inet_ntop4(src, dst, size)
120 * Paul Vixie, 1996. 105 * Paul Vixie, 1996.
121 */ 106 */
122static const char * 107static const char *
123inet_ntop6(src, dst, size) 108inet_ntop6(const u_char *src, char *dst, size_t size)
124 const u_char *src;
125 char *dst;
126 size_t size;
127{ 109{
128 /* 110 /*
129 * Note that int32_t and int16_t need only be "at least" large enough 111 * Note that int32_t and int16_t need only be "at least" large enough
diff --git a/openbsd-compat/mktemp.c b/openbsd-compat/mktemp.c
index 969f69580..88e04c520 100644
--- a/openbsd-compat/mktemp.c
+++ b/openbsd-compat/mktemp.c
@@ -1,8 +1,7 @@
1/* OPENBSD ORIGINAL: lib/libc/stdio/mktemp.c */
2
3/* THIS FILE HAS BEEN MODIFIED FROM THE ORIGINAL OPENBSD SOURCE */ 1/* THIS FILE HAS BEEN MODIFIED FROM THE ORIGINAL OPENBSD SOURCE */
4/* Changes: Removed mktemp */ 2/* Changes: Removed mktemp */
5 3
4/* $OpenBSD: mktemp.c,v 1.19 2005/08/08 08:05:36 espie Exp $ */
6/* 5/*
7 * Copyright (c) 1987, 1993 6 * Copyright (c) 1987, 1993
8 * The Regents of the University of California. All rights reserved. 7 * The Regents of the University of California. All rights reserved.
@@ -32,20 +31,16 @@
32 * SUCH DAMAGE. 31 * SUCH DAMAGE.
33 */ 32 */
34 33
34/* OPENBSD ORIGINAL: lib/libc/stdio/mktemp.c */
35
35#include "includes.h" 36#include "includes.h"
36 37
37#if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) 38#if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP)
38 39
39#if defined(LIBC_SCCS) && !defined(lint)
40static char rcsid[] = "$OpenBSD: mktemp.c,v 1.17 2003/06/02 20:18:37 millert Exp $";
41#endif /* LIBC_SCCS and not lint */
42
43static int _gettemp(char *, int *, int, int); 40static int _gettemp(char *, int *, int, int);
44 41
45int 42int
46mkstemps(path, slen) 43mkstemps(char *path, int slen)
47 char *path;
48 int slen;
49{ 44{
50 int fd; 45 int fd;
51 46
@@ -53,8 +48,7 @@ mkstemps(path, slen)
53} 48}
54 49
55int 50int
56mkstemp(path) 51mkstemp(char *path)
57 char *path;
58{ 52{
59 int fd; 53 int fd;
60 54
@@ -62,8 +56,7 @@ mkstemp(path)
62} 56}
63 57
64char * 58char *
65mkdtemp(path) 59mkdtemp(char *path)
66 char *path;
67{ 60{
68 return(_gettemp(path, (int *)NULL, 1, 0) ? path : (char *)NULL); 61 return(_gettemp(path, (int *)NULL, 1, 0) ? path : (char *)NULL);
69} 62}
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h
index ba68bc27e..1a3027353 100644
--- a/openbsd-compat/openbsd-compat.h
+++ b/openbsd-compat/openbsd-compat.h
@@ -1,4 +1,4 @@
1/* $Id: openbsd-compat.h,v 1.30 2005/08/26 20:15:20 tim Exp $ */ 1/* $Id: openbsd-compat.h,v 1.33 2005/12/31 05:33:37 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 1999-2003 Damien Miller. All rights reserved. 4 * Copyright (c) 1999-2003 Damien Miller. All rights reserved.
@@ -142,6 +142,10 @@ unsigned int arc4random(void);
142void arc4random_stir(void); 142void arc4random_stir(void);
143#endif /* !HAVE_ARC4RANDOM */ 143#endif /* !HAVE_ARC4RANDOM */
144 144
145#ifndef HAVE_ASPRINTF
146int asprintf(char **, const char *, ...);
147#endif
148
145#ifndef HAVE_OPENPTY 149#ifndef HAVE_OPENPTY
146int openpty(int *, int *, char *, struct termios *, struct winsize *); 150int openpty(int *, int *, char *, struct termios *, struct winsize *);
147#endif /* HAVE_OPENPTY */ 151#endif /* HAVE_OPENPTY */
@@ -152,10 +156,18 @@ int openpty(int *, int *, char *, struct termios *, struct winsize *);
152int snprintf(char *, size_t, const char *, ...); 156int snprintf(char *, size_t, const char *, ...);
153#endif 157#endif
154 158
159#ifndef HAVE_STRTOLL
160long long strtoll(const char *, char **, int);
161#endif
162
155#ifndef HAVE_STRTONUM 163#ifndef HAVE_STRTONUM
156long long strtonum(const char *, long long, long long, const char **); 164long long strtonum(const char *, long long, long long, const char **);
157#endif 165#endif
158 166
167#ifndef HAVE_VASPRINTF
168int vasprintf(char **, const char *, va_list);
169#endif
170
159#ifndef HAVE_VSNPRINTF 171#ifndef HAVE_VSNPRINTF
160int vsnprintf(char *, size_t, const char *, va_list); 172int vsnprintf(char *, size_t, const char *, va_list);
161#endif 173#endif
@@ -174,5 +186,6 @@ char *shadow_pw(struct passwd *pw);
174#include "port-irix.h" 186#include "port-irix.h"
175#include "port-aix.h" 187#include "port-aix.h"
176#include "port-uw.h" 188#include "port-uw.h"
189#include "port-tun.h"
177 190
178#endif /* _OPENBSD_COMPAT_H */ 191#endif /* _OPENBSD_COMPAT_H */
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
index d9b2fa55f..8a015ec43 100644
--- a/openbsd-compat/openssl-compat.h
+++ b/openbsd-compat/openssl-compat.h
@@ -1,4 +1,4 @@
1/* $Id: openssl-compat.h,v 1.1 2005/06/09 11:45:11 dtucker Exp $ */ 1/* $Id: openssl-compat.h,v 1.3 2005/12/19 06:40:40 dtucker Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> 4 * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -24,7 +24,11 @@
24# define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) 24# define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data)
25#endif 25#endif
26 26
27#if OPENSSL_VERSION_NUMBER < 0x00907000L 27#if (OPENSSL_VERSION_NUMBER < 0x00907000L) || defined(OPENSSL_LOBOTOMISED_AES)
28# define USE_BUILTIN_RIJNDAEL
29#endif
30
31#ifdef USE_BUILTIN_RIJNDAEL
28# define EVP_aes_128_cbc evp_rijndael 32# define EVP_aes_128_cbc evp_rijndael
29# define EVP_aes_192_cbc evp_rijndael 33# define EVP_aes_192_cbc evp_rijndael
30# define EVP_aes_256_cbc evp_rijndael 34# define EVP_aes_256_cbc evp_rijndael
@@ -43,7 +47,12 @@ extern const EVP_CIPHER *evp_acss(void);
43#endif 47#endif
44 48
45/* 49/*
46 * insert comment here 50 * We overload some of the OpenSSL crypto functions with ssh_* equivalents
51 * which cater for older and/or less featureful OpenSSL version.
52 *
53 * In order for the compat library to call the real functions, it must
54 * define SSH_DONT_OVERLOAD_OPENSSL_FUNCS before including this file and
55 * implement the ssh_* equivalents.
47 */ 56 */
48#ifdef SSH_OLD_EVP 57#ifdef SSH_OLD_EVP
49 58
diff --git a/openbsd-compat/port-tun.c b/openbsd-compat/port-tun.c
new file mode 100644
index 000000000..31921615f
--- /dev/null
+++ b/openbsd-compat/port-tun.c
@@ -0,0 +1,252 @@
1/*
2 * Copyright (c) 2005 Reyk Floeter <reyk@openbsd.org>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17#include "includes.h"
18
19#include "log.h"
20#include "misc.h"
21#include "bufaux.h"
22
23/*
24 * This is the portable version of the SSH tunnel forwarding, it
25 * uses some preprocessor definitions for various platform-specific
26 * settings.
27 *
28 * SSH_TUN_LINUX Use the (newer) Linux tun/tap device
29 * SSH_TUN_COMPAT_AF Translate the OpenBSD address family
30 * SSH_TUN_PREPEND_AF Prepend/remove the address family
31 */
32
33/*
34 * System-specific tunnel open function
35 */
36
37#if defined(SSH_TUN_LINUX)
38#include <linux/if.h>
39#include <linux/if_tun.h>
40
41int
42sys_tun_open(int tun, int mode)
43{
44 struct ifreq ifr;
45 int fd = -1;
46 const char *name = NULL;
47
48 if ((fd = open("/dev/net/tun", O_RDWR)) == -1) {
49 debug("%s: failed to open tunnel control interface: %s",
50 __func__, strerror(errno));
51 return (-1);
52 }
53
54 bzero(&ifr, sizeof(ifr));
55
56 if (mode == SSH_TUNMODE_ETHERNET) {
57 ifr.ifr_flags = IFF_TAP;
58 name = "tap%d";
59 } else {
60 ifr.ifr_flags = IFF_TUN;
61 name = "tun%d";
62 }
63 ifr.ifr_flags |= IFF_NO_PI;
64
65 if (tun != SSH_TUNID_ANY) {
66 if (tun > SSH_TUNID_MAX) {
67 debug("%s: invalid tunnel id %x: %s", __func__,
68 tun, strerror(errno));
69 goto failed;
70 }
71 snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), name, tun);
72 }
73
74 if (ioctl(fd, TUNSETIFF, &ifr) == -1) {
75 debug("%s: failed to configure tunnel (mode %d): %s", __func__,
76 mode, strerror(errno));
77 goto failed;
78 }
79
80 if (tun == SSH_TUNID_ANY)
81 debug("%s: tunnel mode %d fd %d", __func__, mode, fd);
82 else
83 debug("%s: %s mode %d fd %d", __func__, ifr.ifr_name, mode, fd);
84
85 return (fd);
86
87 failed:
88 close(fd);
89 return (-1);
90}
91#endif /* SSH_TUN_LINUX */
92
93#ifdef SSH_TUN_FREEBSD
94#include <sys/socket.h>
95#include <net/if.h>
96#include <net/if_tun.h>
97
98int
99sys_tun_open(int tun, int mode)
100{
101 struct ifreq ifr;
102 char name[100];
103 int fd = -1, sock, flag;
104 const char *tunbase = "tun";
105
106 if (mode == SSH_TUNMODE_ETHERNET) {
107#ifdef SSH_TUN_NO_L2
108 debug("%s: no layer 2 tunnelling support", __func__);
109 return (-1);
110#else
111 tunbase = "tap";
112#endif
113 }
114
115 /* Open the tunnel device */
116 if (tun <= SSH_TUNID_MAX) {
117 snprintf(name, sizeof(name), "/dev/%s%d", tunbase, tun);
118 fd = open(name, O_RDWR);
119 } else if (tun == SSH_TUNID_ANY) {
120 for (tun = 100; tun >= 0; tun--) {
121 snprintf(name, sizeof(name), "/dev/%s%d",
122 tunbase, tun);
123 if ((fd = open(name, O_RDWR)) >= 0)
124 break;
125 }
126 } else {
127 debug("%s: invalid tunnel %u\n", __func__, tun);
128 return (-1);
129 }
130
131 if (fd < 0) {
132 debug("%s: %s open failed: %s", __func__, name,
133 strerror(errno));
134 return (-1);
135 }
136
137 /* Turn on tunnel headers */
138 flag = 1;
139#if defined(TUNSIFHEAD) && !defined(SSH_TUN_PREPEND_AF)
140 if (mode != SSH_TUNMODE_ETHERNET &&
141 ioctl(fd, TUNSIFHEAD, &flag) == -1) {
142 debug("%s: ioctl(%d, TUNSIFHEAD, 1): %s", __func__, fd,
143 strerror(errno));
144 close(fd);
145 }
146#endif
147
148 debug("%s: %s mode %d fd %d", __func__, name, mode, fd);
149
150 /* Set the tunnel device operation mode */
151 snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d", tunbase, tun);
152 if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
153 goto failed;
154
155 if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1)
156 goto failed;
157 ifr.ifr_flags |= IFF_UP;
158 if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1)
159 goto failed;
160
161 close(sock);
162 return (fd);
163
164 failed:
165 if (fd >= 0)
166 close(fd);
167 if (sock >= 0)
168 close(sock);
169 debug("%s: failed to set %s mode %d: %s", __func__, name,
170 mode, strerror(errno));
171 return (-1);
172}
173#endif /* SSH_TUN_FREEBSD */
174
175/*
176 * System-specific channel filters
177 */
178
179#if defined(SSH_TUN_FILTER)
180#define OPENBSD_AF_INET 2
181#define OPENBSD_AF_INET6 24
182
183int
184sys_tun_infilter(struct Channel *c, char *buf, int len)
185{
186#if defined(SSH_TUN_PREPEND_AF)
187 char rbuf[CHAN_RBUF];
188 struct ip *iph;
189#endif
190 u_int32_t *af;
191 char *ptr = buf;
192
193#if defined(SSH_TUN_PREPEND_AF)
194 if (len <= 0 || len > (int)(sizeof(rbuf) - sizeof(*af)))
195 return (-1);
196 ptr = (char *)&rbuf[0];
197 bcopy(buf, ptr + sizeof(u_int32_t), len);
198 len += sizeof(u_int32_t);
199 af = (u_int32_t *)ptr;
200
201 iph = (struct ip *)(ptr + sizeof(u_int32_t));
202 switch (iph->ip_v) {
203 case 6:
204 *af = AF_INET6;
205 break;
206 case 4:
207 default:
208 *af = AF_INET;
209 break;
210 }
211#endif
212
213#if defined(SSH_TUN_COMPAT_AF)
214 if (len < (int)sizeof(u_int32_t))
215 return (-1);
216
217 af = (u_int32_t *)ptr;
218 if (*af == htonl(AF_INET6))
219 *af = htonl(OPENBSD_AF_INET6);
220 else
221 *af = htonl(OPENBSD_AF_INET);
222#endif
223
224 buffer_put_string(&c->input, ptr, len);
225 return (0);
226}
227
228u_char *
229sys_tun_outfilter(struct Channel *c, u_char **data, u_int *dlen)
230{
231 u_char *buf;
232 u_int32_t *af;
233
234 *data = buffer_get_string(&c->output, dlen);
235 if (*dlen < sizeof(*af))
236 return (NULL);
237 buf = *data;
238
239#if defined(SSH_TUN_PREPEND_AF)
240 *dlen -= sizeof(u_int32_t);
241 buf = *data + sizeof(u_int32_t);
242#elif defined(SSH_TUN_COMPAT_AF)
243 af = ntohl(*(u_int32_t *)buf);
244 if (*af == OPENBSD_AF_INET6)
245 *af = htonl(AF_INET6);
246 else
247 *af = htonl(AF_INET);
248#endif
249
250 return (buf);
251}
252#endif /* SSH_TUN_FILTER */
diff --git a/openbsd-compat/port-tun.h b/openbsd-compat/port-tun.h
new file mode 100644
index 000000000..86d9272b4
--- /dev/null
+++ b/openbsd-compat/port-tun.h
@@ -0,0 +1,33 @@
1/*
2 * Copyright (c) 2005 Reyk Floeter <reyk@openbsd.org>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17#ifndef _PORT_TUN_H
18#define _PORT_TUN_H
19
20#include "channels.h"
21
22#if defined(SSH_TUN_LINUX) || defined(SSH_TUN_FREEBSD)
23# define CUSTOM_SYS_TUN_OPEN
24int sys_tun_open(int, int);
25#endif
26
27#if defined(SSH_TUN_COMPAT_AF) || defined(SSH_TUN_PREPEND_AF)
28# define SSH_TUN_FILTER
29int sys_tun_infilter(struct Channel *, char *, int);
30u_char *sys_tun_outfilter(struct Channel *, u_char **, u_int *);
31#endif
32
33#endif
diff --git a/openbsd-compat/port-uw.c b/openbsd-compat/port-uw.c
index d881ff028..c64427121 100644
--- a/openbsd-compat/port-uw.c
+++ b/openbsd-compat/port-uw.c
@@ -25,7 +25,7 @@
25 25
26#include "includes.h" 26#include "includes.h"
27 27
28#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF) 28#ifdef HAVE_LIBIAF
29#ifdef HAVE_CRYPT_H 29#ifdef HAVE_CRYPT_H
30#include <crypt.h> 30#include <crypt.h>
31#endif 31#endif
@@ -42,7 +42,6 @@ int
42sys_auth_passwd(Authctxt *authctxt, const char *password) 42sys_auth_passwd(Authctxt *authctxt, const char *password)
43{ 43{
44 struct passwd *pw = authctxt->pw; 44 struct passwd *pw = authctxt->pw;
45 char *encrypted_password;
46 char *salt; 45 char *salt;
47 int result; 46 int result;
48 47
@@ -55,21 +54,24 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
55 54
56 /* Encrypt the candidate password using the proper salt. */ 55 /* Encrypt the candidate password using the proper salt. */
57 salt = (pw_password[0] && pw_password[1]) ? pw_password : "xx"; 56 salt = (pw_password[0] && pw_password[1]) ? pw_password : "xx";
58#ifdef UNIXWARE_LONG_PASSWORDS
59 if (!nischeck(pw->pw_name))
60 encrypted_password = bigcrypt(password, salt);
61 else
62#endif /* UNIXWARE_LONG_PASSWORDS */
63 encrypted_password = xcrypt(password, salt);
64 57
65 /* 58 /*
66 * Authentication is accepted if the encrypted passwords 59 * Authentication is accepted if the encrypted passwords
67 * are identical. 60 * are identical.
68 */ 61 */
69 result = (strcmp(encrypted_password, pw_password) == 0); 62#ifdef UNIXWARE_LONG_PASSWORDS
63 if (!nischeck(pw->pw_name)) {
64 result = ((strcmp(bigcrypt(password, salt), pw_password) == 0)
65 || (strcmp(osr5bigcrypt(password, salt), pw_password) == 0));
66 }
67 else
68#endif /* UNIXWARE_LONG_PASSWORDS */
69 result = (strcmp(xcrypt(password, salt), pw_password) == 0);
70 70
71#if !defined(BROKEN_LIBIAF)
71 if (authctxt->valid) 72 if (authctxt->valid)
72 free(pw_password); 73 free(pw_password);
74#endif
73 return(result); 75 return(result);
74} 76}
75 77
@@ -114,6 +116,7 @@ nischeck(char *namep)
114 functions that call shadow_pw() will need to free 116 functions that call shadow_pw() will need to free
115 */ 117 */
116 118
119#if !defined(BROKEN_LIBIAF)
117char * 120char *
118get_iaf_password(struct passwd *pw) 121get_iaf_password(struct passwd *pw)
119{ 122{
@@ -130,5 +133,6 @@ get_iaf_password(struct passwd *pw)
130 else 133 else
131 fatal("ia_openinfo: Unable to open the shadow passwd file"); 134 fatal("ia_openinfo: Unable to open the shadow passwd file");
132} 135}
133#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */ 136#endif /* !BROKEN_LIBIAF */
137#endif /* HAVE_LIBIAF */
134 138
diff --git a/openbsd-compat/readpassphrase.c b/openbsd-compat/readpassphrase.c
index eb060bdbf..919c0174a 100644
--- a/openbsd-compat/readpassphrase.c
+++ b/openbsd-compat/readpassphrase.c
@@ -1,6 +1,4 @@
1/* OPENBSD ORIGINAL: lib/libc/gen/readpassphrase.c */ 1/* $OpenBSD: readpassphrase.c,v 1.18 2005/08/08 08:05:34 espie Exp $ */
2
3/* $OpenBSD: readpassphrase.c,v 1.16 2003/06/17 21:56:23 millert Exp $ */
4 2
5/* 3/*
6 * Copyright (c) 2000-2002 Todd C. Miller <Todd.Miller@courtesan.com> 4 * Copyright (c) 2000-2002 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -22,9 +20,7 @@
22 * Materiel Command, USAF, under agreement number F39502-99-1-0512. 20 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
23 */ 21 */
24 22
25#if defined(LIBC_SCCS) && !defined(lint) 23/* OPENBSD ORIGINAL: lib/libc/gen/readpassphrase.c */
26static const char rcsid[] = "$OpenBSD: readpassphrase.c,v 1.16 2003/06/17 21:56:23 millert Exp $";
27#endif /* LIBC_SCCS and not lint */
28 24
29#include "includes.h" 25#include "includes.h"
30 26
diff --git a/openbsd-compat/readpassphrase.h b/openbsd-compat/readpassphrase.h
index 178edf346..5fd7c5d77 100644
--- a/openbsd-compat/readpassphrase.h
+++ b/openbsd-compat/readpassphrase.h
@@ -1,34 +1,27 @@
1/* OPENBSD ORIGINAL: include/readpassphrase.h */ 1/* $OpenBSD: readpassphrase.h,v 1.5 2003/06/17 21:56:23 millert Exp $ */
2
3/* $OpenBSD: readpassphrase.h,v 1.3 2002/06/28 12:32:22 millert Exp $ */
4 2
5/* 3/*
6 * Copyright (c) 2000 Todd C. Miller <Todd.Miller@courtesan.com> 4 * Copyright (c) 2000, 2002 Todd C. Miller <Todd.Miller@courtesan.com>
7 * All rights reserved. 5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
8 * 9 *
9 * Redistribution and use in source and binary forms, with or without 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * modification, are permitted provided that the following conditions 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * are met: 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * 1. Redistributions of source code must retain the above copyright 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * notice, this list of conditions and the following disclaimer. 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * 2. Redistributions in binary form must reproduce the above copyright 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * notice, this list of conditions and the following disclaimer in the 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 * documentation and/or other materials provided with the distribution.
17 * 3. The name of the author may not be used to endorse or promote products
18 * derived from this software without specific prior written permission.
19 * 17 *
20 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, 18 * Sponsored in part by the Defense Advanced Research Projects
21 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY 19 * Agency (DARPA) and Air Force Research Laboratory, Air Force
22 * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 20 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
23 * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
26 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
27 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
28 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
29 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */ 21 */
31 22
23/* OPENBSD ORIGINAL: include/readpassphrase.h */
24
32#ifndef _READPASSPHRASE_H_ 25#ifndef _READPASSPHRASE_H_
33#define _READPASSPHRASE_H_ 26#define _READPASSPHRASE_H_
34 27
diff --git a/openbsd-compat/realpath.c b/openbsd-compat/realpath.c
index 8430bec24..b6120d034 100644
--- a/openbsd-compat/realpath.c
+++ b/openbsd-compat/realpath.c
@@ -1,5 +1,4 @@
1/* OPENBSD ORIGINAL: lib/libc/stdlib/realpath.c */ 1/* $OpenBSD: realpath.c,v 1.13 2005/08/08 08:05:37 espie Exp $ */
2
3/* 2/*
4 * Copyright (c) 2003 Constantin S. Svintsoff <kostik@iclub.nsu.ru> 3 * Copyright (c) 2003 Constantin S. Svintsoff <kostik@iclub.nsu.ru>
5 * 4 *
@@ -28,6 +27,8 @@
28 * SUCH DAMAGE. 27 * SUCH DAMAGE.
29 */ 28 */
30 29
30/* OPENBSD ORIGINAL: lib/libc/stdlib/realpath.c */
31
31#include "includes.h" 32#include "includes.h"
32 33
33#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) 34#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH)
diff --git a/openbsd-compat/rresvport.c b/openbsd-compat/rresvport.c
index 75167065c..71cf6e6eb 100644
--- a/openbsd-compat/rresvport.c
+++ b/openbsd-compat/rresvport.c
@@ -1,5 +1,4 @@
1/* OPENBSD ORIGINAL: lib/libc/net/rresvport.c */ 1/* $OpenBSD: rresvport.c,v 1.9 2005/11/10 10:00:17 espie Exp $ */
2
3/* 2/*
4 * Copyright (c) 1995, 1996, 1998 Theo de Raadt. All rights reserved. 3 * Copyright (c) 1995, 1996, 1998 Theo de Raadt. All rights reserved.
5 * Copyright (c) 1983, 1993, 1994 4 * Copyright (c) 1983, 1993, 1994
@@ -30,26 +29,21 @@
30 * SUCH DAMAGE. 29 * SUCH DAMAGE.
31 */ 30 */
32 31
32/* OPENBSD ORIGINAL: lib/libc/net/rresvport.c */
33
33#include "includes.h" 34#include "includes.h"
34 35
35#ifndef HAVE_RRESVPORT_AF 36#ifndef HAVE_RRESVPORT_AF
36 37
37#if defined(LIBC_SCCS) && !defined(lint)
38static char *rcsid = "$OpenBSD: rresvport.c,v 1.6 2003/06/03 02:11:35 deraadt Exp $";
39#endif /* LIBC_SCCS and not lint */
40
41#include "includes.h"
42
43#if 0 38#if 0
44int 39int
45rresvport(alport) 40rresvport(int *alport)
46 int *alport;
47{ 41{
48 return rresvport_af(alport, AF_INET); 42 return rresvport_af(alport, AF_INET);
49} 43}
50#endif 44#endif
51 45
52int 46int
53rresvport_af(int *alport, sa_family_t af) 47rresvport_af(int *alport, sa_family_t af)
54{ 48{
55 struct sockaddr_storage ss; 49 struct sockaddr_storage ss;
diff --git a/openbsd-compat/setenv.c b/openbsd-compat/setenv.c
index c3a86c651..b52a99c2c 100644
--- a/openbsd-compat/setenv.c
+++ b/openbsd-compat/setenv.c
@@ -1,5 +1,4 @@
1/* OPENBSD ORIGINAL: lib/libc/stdlib/setenv.c */ 1/* $OpenBSD: setenv.c,v 1.9 2005/08/08 08:05:37 espie Exp $ */
2
3/* 2/*
4 * Copyright (c) 1987 Regents of the University of California. 3 * Copyright (c) 1987 Regents of the University of California.
5 * All rights reserved. 4 * All rights reserved.
@@ -29,36 +28,31 @@
29 * SUCH DAMAGE. 28 * SUCH DAMAGE.
30 */ 29 */
31 30
31/* OPENBSD ORIGINAL: lib/libc/stdlib/setenv.c */
32
32#include "includes.h" 33#include "includes.h"
33#if !defined(HAVE_SETENV) || !defined(HAVE_UNSETENV) 34#if !defined(HAVE_SETENV) || !defined(HAVE_UNSETENV)
34 35
35#if defined(LIBC_SCCS) && !defined(lint)
36static char *rcsid = "$OpenBSD: setenv.c,v 1.6 2003/06/02 20:18:38 millert Exp $";
37#endif /* LIBC_SCCS and not lint */
38
39#include <stdlib.h> 36#include <stdlib.h>
40#include <string.h> 37#include <string.h>
41 38
42char *__findenv(const char *name, int *offset); 39extern char **environ;
43 40
41/* OpenSSH Portable: __findenv is from getenv.c rev 1.8, made static */
44/* 42/*
45 * __findenv -- 43 * __findenv --
46 * Returns pointer to value associated with name, if any, else NULL. 44 * Returns pointer to value associated with name, if any, else NULL.
47 * Sets offset to be the offset of the name/value combination in the 45 * Sets offset to be the offset of the name/value combination in the
48 * environmental array, for use by setenv(3) and unsetenv(3). 46 * environmental array, for use by setenv(3) and unsetenv(3).
49 * Explicitly removes '=' in argument name. 47 * Explicitly removes '=' in argument name.
50 *
51 * This routine *should* be a static; don't use it.
52 */ 48 */
53char * 49static char *
54__findenv(name, offset) 50__findenv(const char *name, int *offset)
55 register const char *name;
56 int *offset;
57{ 51{
58 extern char **environ; 52 extern char **environ;
59 register int len, i; 53 int len, i;
60 register const char *np; 54 const char *np;
61 register char **p, *cp; 55 char **p, *cp;
62 56
63 if (name == NULL || environ == NULL) 57 if (name == NULL || environ == NULL)
64 return (NULL); 58 return (NULL);
@@ -84,14 +78,10 @@ __findenv(name, offset)
84 * "value". If rewrite is set, replace any current value. 78 * "value". If rewrite is set, replace any current value.
85 */ 79 */
86int 80int
87setenv(name, value, rewrite) 81setenv(const char *name, const char *value, int rewrite)
88 register const char *name;
89 register const char *value;
90 int rewrite;
91{ 82{
92 extern char **environ; 83 static char **lastenv; /* last value of environ */
93 static int alloced; /* if allocated space before */ 84 char *C;
94 register char *C;
95 int l_value, offset; 85 int l_value, offset;
96 86
97 if (*value == '=') /* no `=' in value */ 87 if (*value == '=') /* no `=' in value */
@@ -106,30 +96,23 @@ setenv(name, value, rewrite)
106 return (0); 96 return (0);
107 } 97 }
108 } else { /* create new slot */ 98 } else { /* create new slot */
109 register int cnt; 99 size_t cnt;
110 register char **P; 100 char **P;
111 101
112 for (P = environ, cnt = 0; *P; ++P, ++cnt); 102 for (P = environ; *P != NULL; P++)
113 if (alloced) { /* just increase size */ 103 ;
114 P = (char **)realloc((void *)environ, 104 cnt = P - environ;
115 (size_t)(sizeof(char *) * (cnt + 2))); 105 P = (char **)realloc(lastenv, sizeof(char *) * (cnt + 2));
116 if (!P) 106 if (!P)
117 return (-1); 107 return (-1);
118 environ = P; 108 if (lastenv != environ)
119 } 109 memcpy(P, environ, cnt * sizeof(char *));
120 else { /* get new space */ 110 lastenv = environ = P;
121 alloced = 1; /* copy old entries into it */
122 P = (char **)malloc((size_t)(sizeof(char *) *
123 (cnt + 2)));
124 if (!P)
125 return (-1);
126 memmove(P, environ, cnt * sizeof(char *));
127 environ = P;
128 }
129 environ[cnt + 1] = NULL;
130 offset = cnt; 111 offset = cnt;
112 environ[cnt + 1] = NULL;
131 } 113 }
132 for (C = (char *)name; *C && *C != '='; ++C); /* no `=' in name */ 114 for (C = (char *)name; *C && *C != '='; ++C)
115 ; /* no `=' in name */
133 if (!(environ[offset] = /* name + `=' + value */ 116 if (!(environ[offset] = /* name + `=' + value */
134 malloc((size_t)((int)(C - name) + l_value + 2)))) 117 malloc((size_t)((int)(C - name) + l_value + 2))))
135 return (-1); 118 return (-1);
@@ -147,15 +130,12 @@ setenv(name, value, rewrite)
147 * Delete environmental variable "name". 130 * Delete environmental variable "name".
148 */ 131 */
149void 132void
150unsetenv(name) 133unsetenv(const char *name)
151 const char *name;
152{ 134{
153 extern char **environ; 135 char **P;
154 register char **P;
155 int offset; 136 int offset;
156 char *__findenv();
157 137
158 while (__findenv(name, &offset)) /* if set multiple times */ 138 while (__findenv(name, &offset)) /* if set multiple times */
159 for (P = &environ[offset];; ++P) 139 for (P = &environ[offset];; ++P)
160 if (!(*P = *(P + 1))) 140 if (!(*P = *(P + 1)))
161 break; 141 break;
diff --git a/openbsd-compat/sigact.c b/openbsd-compat/sigact.c
index 2772ac574..8b8e4dd2c 100644
--- a/openbsd-compat/sigact.c
+++ b/openbsd-compat/sigact.c
@@ -1,9 +1,7 @@
1/* OPENBSD ORIGINAL: lib/libcurses/base/sigaction.c */ 1/* $OpenBSD: sigaction.c,v 1.4 2001/01/22 18:01:48 millert Exp $ */
2
3/* $OpenBSD: sigaction.c,v 1.3 1999/06/27 08:14:21 millert Exp $ */
4 2
5/**************************************************************************** 3/****************************************************************************
6 * Copyright (c) 1998 Free Software Foundation, Inc. * 4 * Copyright (c) 1998,2000 Free Software Foundation, Inc. *
7 * * 5 * *
8 * Permission is hereby granted, free of charge, to any person obtaining a * 6 * Permission is hereby granted, free of charge, to any person obtaining a *
9 * copy of this software and associated documentation files (the * 7 * copy of this software and associated documentation files (the *
@@ -35,6 +33,8 @@
35 * and: Eric S. Raymond <esr@snark.thyrsus.com> * 33 * and: Eric S. Raymond <esr@snark.thyrsus.com> *
36 ****************************************************************************/ 34 ****************************************************************************/
37 35
36/* OPENBSD ORIGINAL: lib/libcurses/base/sigaction.c */
37
38#include "includes.h" 38#include "includes.h"
39#include <signal.h> 39#include <signal.h>
40#include "sigact.h" 40#include "sigact.h"
diff --git a/openbsd-compat/sigact.h b/openbsd-compat/sigact.h
index b37c1f84a..db96d0a5c 100644
--- a/openbsd-compat/sigact.h
+++ b/openbsd-compat/sigact.h
@@ -1,7 +1,7 @@
1/* $OpenBSD: SigAction.h,v 1.2 1999/06/27 08:15:19 millert Exp $ */ 1/* $OpenBSD: SigAction.h,v 1.3 2001/01/22 18:01:32 millert Exp $ */
2 2
3/**************************************************************************** 3/****************************************************************************
4 * Copyright (c) 1998 Free Software Foundation, Inc. * 4 * Copyright (c) 1998,2000 Free Software Foundation, Inc. *
5 * * 5 * *
6 * Permission is hereby granted, free of charge, to any person obtaining a * 6 * Permission is hereby granted, free of charge, to any person obtaining a *
7 * copy of this software and associated documentation files (the * 7 * copy of this software and associated documentation files (the *
@@ -34,12 +34,14 @@
34 ****************************************************************************/ 34 ****************************************************************************/
35 35
36/* 36/*
37 * $From: SigAction.h,v 1.5 1999/06/19 23:00:54 tom Exp $ 37 * $From: SigAction.h,v 1.6 2000/12/10 02:36:10 tom Exp $
38 * 38 *
39 * This file exists to handle non-POSIX systems which don't have <unistd.h>, 39 * This file exists to handle non-POSIX systems which don't have <unistd.h>,
40 * and usually no sigaction() nor <termios.h> 40 * and usually no sigaction() nor <termios.h>
41 */ 41 */
42 42
43/* OPENBSD ORIGINAL: lib/libcurses/SigAction.h */
44
43#ifndef _SIGACTION_H 45#ifndef _SIGACTION_H
44#define _SIGACTION_H 46#define _SIGACTION_H
45 47
diff --git a/openbsd-compat/strlcat.c b/openbsd-compat/strlcat.c
index 70f01cb2a..bcc1b61ad 100644
--- a/openbsd-compat/strlcat.c
+++ b/openbsd-compat/strlcat.c
@@ -1,6 +1,4 @@
1/* OPENBSD ORIGINAL: lib/libc/string/strlcat.c */ 1/* $OpenBSD: strlcat.c,v 1.13 2005/08/08 08:05:37 espie Exp $ */
2
3/* $OpenBSD: strlcat.c,v 1.11 2003/06/17 21:56:24 millert Exp $ */
4 2
5/* 3/*
6 * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com> 4 * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -18,13 +16,11 @@
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 */ 17 */
20 18
19/* OPENBSD ORIGINAL: lib/libc/string/strlcat.c */
20
21#include "includes.h" 21#include "includes.h"
22#ifndef HAVE_STRLCAT 22#ifndef HAVE_STRLCAT
23 23
24#if defined(LIBC_SCCS) && !defined(lint)
25static char *rcsid = "$OpenBSD: strlcat.c,v 1.11 2003/06/17 21:56:24 millert Exp $";
26#endif /* LIBC_SCCS and not lint */
27
28#include <sys/types.h> 24#include <sys/types.h>
29#include <string.h> 25#include <string.h>
30 26
@@ -38,9 +34,9 @@ static char *rcsid = "$OpenBSD: strlcat.c,v 1.11 2003/06/17 21:56:24 millert Exp
38size_t 34size_t
39strlcat(char *dst, const char *src, size_t siz) 35strlcat(char *dst, const char *src, size_t siz)
40{ 36{
41 register char *d = dst; 37 char *d = dst;
42 register const char *s = src; 38 const char *s = src;
43 register size_t n = siz; 39 size_t n = siz;
44 size_t dlen; 40 size_t dlen;
45 41
46 /* Find the end of dst and adjust bytes left but don't go past end */ 42 /* Find the end of dst and adjust bytes left but don't go past end */
diff --git a/openbsd-compat/strlcpy.c b/openbsd-compat/strlcpy.c
index ccfa12a0a..679a5b291 100644
--- a/openbsd-compat/strlcpy.c
+++ b/openbsd-compat/strlcpy.c
@@ -1,6 +1,4 @@
1/* OPENBSD ORIGINAL: lib/libc/string/strlcpy.c */ 1/* $OpenBSD: strlcpy.c,v 1.10 2005/08/08 08:05:37 espie Exp $ */
2
3/* $OpenBSD: strlcpy.c,v 1.8 2003/06/17 21:56:24 millert Exp $ */
4 2
5/* 3/*
6 * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com> 4 * Copyright (c) 1998 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -18,13 +16,11 @@
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 */ 17 */
20 18
19/* OPENBSD ORIGINAL: lib/libc/string/strlcpy.c */
20
21#include "includes.h" 21#include "includes.h"
22#ifndef HAVE_STRLCPY 22#ifndef HAVE_STRLCPY
23 23
24#if defined(LIBC_SCCS) && !defined(lint)
25static char *rcsid = "$OpenBSD: strlcpy.c,v 1.8 2003/06/17 21:56:24 millert Exp $";
26#endif /* LIBC_SCCS and not lint */
27
28#include <sys/types.h> 24#include <sys/types.h>
29#include <string.h> 25#include <string.h>
30 26
@@ -36,9 +32,9 @@ static char *rcsid = "$OpenBSD: strlcpy.c,v 1.8 2003/06/17 21:56:24 millert Exp
36size_t 32size_t
37strlcpy(char *dst, const char *src, size_t siz) 33strlcpy(char *dst, const char *src, size_t siz)
38{ 34{
39 register char *d = dst; 35 char *d = dst;
40 register const char *s = src; 36 const char *s = src;
41 register size_t n = siz; 37 size_t n = siz;
42 38
43 /* Copy as many bytes as will fit */ 39 /* Copy as many bytes as will fit */
44 if (n != 0 && --n != 0) { 40 if (n != 0 && --n != 0) {
diff --git a/openbsd-compat/strmode.c b/openbsd-compat/strmode.c
index ea8d515e3..4a8161422 100644
--- a/openbsd-compat/strmode.c
+++ b/openbsd-compat/strmode.c
@@ -1,5 +1,4 @@
1/* OPENBSD ORIGINAL: lib/libc/string/strmode.c */ 1/* $OpenBSD: strmode.c,v 1.7 2005/08/08 08:05:37 espie Exp $ */
2
3/*- 2/*-
4 * Copyright (c) 1990 The Regents of the University of California. 3 * Copyright (c) 1990 The Regents of the University of California.
5 * All rights reserved. 4 * All rights reserved.
@@ -29,13 +28,11 @@
29 * SUCH DAMAGE. 28 * SUCH DAMAGE.
30 */ 29 */
31 30
31/* OPENBSD ORIGINAL: lib/libc/string/strmode.c */
32
32#include "includes.h" 33#include "includes.h"
33#ifndef HAVE_STRMODE 34#ifndef HAVE_STRMODE
34 35
35#if defined(LIBC_SCCS) && !defined(lint)
36static char *rcsid = "$OpenBSD: strmode.c,v 1.5 2003/06/11 21:08:16 deraadt Exp $";
37#endif /* LIBC_SCCS and not lint */
38
39#include <sys/types.h> 36#include <sys/types.h>
40#include <sys/stat.h> 37#include <sys/stat.h>
41#include <string.h> 38#include <string.h>
@@ -72,11 +69,6 @@ strmode(int mode, char *p)
72 *p++ = 'p'; 69 *p++ = 'p';
73 break; 70 break;
74#endif 71#endif
75#ifdef S_IFWHT
76 case S_IFWHT: /* whiteout */
77 *p++ = 'w';
78 break;
79#endif
80 default: /* unknown */ 72 default: /* unknown */
81 *p++ = '?'; 73 *p++ = '?';
82 break; 74 break;
diff --git a/openbsd-compat/strsep.c b/openbsd-compat/strsep.c
index 330d84ce1..b36eb8fda 100644
--- a/openbsd-compat/strsep.c
+++ b/openbsd-compat/strsep.c
@@ -1,6 +1,4 @@
1/* OPENBSD ORIGINAL: lib/libc/string/strsep.c */ 1/* $OpenBSD: strsep.c,v 1.6 2005/08/08 08:05:37 espie Exp $ */
2
3/* $OpenBSD: strsep.c,v 1.5 2003/06/11 21:08:16 deraadt Exp $ */
4 2
5/*- 3/*-
6 * Copyright (c) 1990, 1993 4 * Copyright (c) 1990, 1993
@@ -31,6 +29,8 @@
31 * SUCH DAMAGE. 29 * SUCH DAMAGE.
32 */ 30 */
33 31
32/* OPENBSD ORIGINAL: lib/libc/string/strsep.c */
33
34#include "includes.h" 34#include "includes.h"
35 35
36#if !defined(HAVE_STRSEP) 36#if !defined(HAVE_STRSEP)
@@ -38,14 +38,6 @@
38#include <string.h> 38#include <string.h>
39#include <stdio.h> 39#include <stdio.h>
40 40
41#if defined(LIBC_SCCS) && !defined(lint)
42#if 0
43static char sccsid[] = "@(#)strsep.c 8.1 (Berkeley) 6/4/93";
44#else
45static char *rcsid = "$OpenBSD: strsep.c,v 1.5 2003/06/11 21:08:16 deraadt Exp $";
46#endif
47#endif /* LIBC_SCCS and not lint */
48
49/* 41/*
50 * Get next token from string *stringp, where tokens are possibly-empty 42 * Get next token from string *stringp, where tokens are possibly-empty
51 * strings separated by characters from delim. 43 * strings separated by characters from delim.
diff --git a/openbsd-compat/strtoll.c b/openbsd-compat/strtoll.c
index 60c276f8a..f62930388 100644
--- a/openbsd-compat/strtoll.c
+++ b/openbsd-compat/strtoll.c
@@ -1,5 +1,4 @@
1/* OPENBSD ORIGINAL: lib/libc/stdlib/strtoll.c */ 1/* $OpenBSD: strtoll.c,v 1.6 2005/11/10 10:00:17 espie Exp $ */
2
3/*- 2/*-
4 * Copyright (c) 1992 The Regents of the University of California. 3 * Copyright (c) 1992 The Regents of the University of California.
5 * All rights reserved. 4 * All rights reserved.
@@ -29,13 +28,11 @@
29 * SUCH DAMAGE. 28 * SUCH DAMAGE.
30 */ 29 */
31 30
31/* OPENBSD ORIGINAL: lib/libc/stdlib/strtoll.c */
32
32#include "includes.h" 33#include "includes.h"
33#ifndef HAVE_STRTOLL 34#ifndef HAVE_STRTOLL
34 35
35#if defined(LIBC_SCCS) && !defined(lint)
36static const char rcsid[] = "$OpenBSD: strtoll.c,v 1.4 2005/03/30 18:51:49 pat Exp $";
37#endif /* LIBC_SCCS and not lint */
38
39#include <sys/types.h> 36#include <sys/types.h>
40 37
41#include <ctype.h> 38#include <ctype.h>
diff --git a/openbsd-compat/strtonum.c b/openbsd-compat/strtonum.c
index b681ed83b..8ad0d0058 100644
--- a/openbsd-compat/strtonum.c
+++ b/openbsd-compat/strtonum.c
@@ -1,5 +1,3 @@
1/* OPENBSD ORIGINAL: lib/libc/stdlib/strtonum.c */
2
3/* $OpenBSD: strtonum.c,v 1.6 2004/08/03 19:38:01 millert Exp $ */ 1/* $OpenBSD: strtonum.c,v 1.6 2004/08/03 19:38:01 millert Exp $ */
4 2
5/* 3/*
@@ -19,6 +17,8 @@
19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 */ 18 */
21 19
20/* OPENBSD ORIGINAL: lib/libc/stdlib/strtonum.c */
21
22#include "includes.h" 22#include "includes.h"
23#ifndef HAVE_STRTONUM 23#ifndef HAVE_STRTONUM
24#include <limits.h> 24#include <limits.h>
diff --git a/openbsd-compat/strtoul.c b/openbsd-compat/strtoul.c
index 24d0e253d..8219c8391 100644
--- a/openbsd-compat/strtoul.c
+++ b/openbsd-compat/strtoul.c
@@ -1,5 +1,4 @@
1/* OPENBSD ORIGINAL: lib/libc/stdlib/strtoul.c */ 1/* $OpenBSD: strtoul.c,v 1.7 2005/08/08 08:05:37 espie Exp $ */
2
3/* 2/*
4 * Copyright (c) 1990 Regents of the University of California. 3 * Copyright (c) 1990 Regents of the University of California.
5 * All rights reserved. 4 * All rights reserved.
@@ -29,13 +28,11 @@
29 * SUCH DAMAGE. 28 * SUCH DAMAGE.
30 */ 29 */
31 30
31/* OPENBSD ORIGINAL: lib/libc/stdlib/strtoul.c */
32
32#include "includes.h" 33#include "includes.h"
33#ifndef HAVE_STRTOUL 34#ifndef HAVE_STRTOUL
34 35
35#if defined(LIBC_SCCS) && !defined(lint)
36static char *rcsid = "$OpenBSD: strtoul.c,v 1.5 2003/06/02 20:18:38 millert Exp $";
37#endif /* LIBC_SCCS and not lint */
38
39#include <ctype.h> 36#include <ctype.h>
40#include <errno.h> 37#include <errno.h>
41#include <limits.h> 38#include <limits.h>
@@ -48,15 +45,12 @@ static char *rcsid = "$OpenBSD: strtoul.c,v 1.5 2003/06/02 20:18:38 millert Exp
48 * alphabets and digits are each contiguous. 45 * alphabets and digits are each contiguous.
49 */ 46 */
50unsigned long 47unsigned long
51strtoul(nptr, endptr, base) 48strtoul(const char *nptr, char **endptr, int base)
52 const char *nptr;
53 char **endptr;
54 register int base;
55{ 49{
56 register const char *s; 50 const char *s;
57 register unsigned long acc, cutoff; 51 unsigned long acc, cutoff;
58 register int c; 52 int c;
59 register int neg, any, cutlim; 53 int neg, any, cutlim;
60 54
61 /* 55 /*
62 * See strtol for comments as to the logic used. 56 * See strtol for comments as to the logic used.
diff --git a/openbsd-compat/sys-queue.h b/openbsd-compat/sys-queue.h
index c49a94650..402343324 100644
--- a/openbsd-compat/sys-queue.h
+++ b/openbsd-compat/sys-queue.h
@@ -1,5 +1,3 @@
1/* OPENBSD ORIGINAL: sys/sys/queue.h */
2
3/* $OpenBSD: queue.h,v 1.25 2004/04/08 16:08:21 henning Exp $ */ 1/* $OpenBSD: queue.h,v 1.25 2004/04/08 16:08:21 henning Exp $ */
4/* $NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $ */ 2/* $NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $ */
5 3
@@ -34,6 +32,8 @@
34 * @(#)queue.h 8.5 (Berkeley) 8/20/94 32 * @(#)queue.h 8.5 (Berkeley) 8/20/94
35 */ 33 */
36 34
35/* OPENBSD ORIGINAL: sys/sys/queue.h */
36
37#ifndef _FAKE_QUEUE_H_ 37#ifndef _FAKE_QUEUE_H_
38#define _FAKE_QUEUE_H_ 38#define _FAKE_QUEUE_H_
39 39
diff --git a/openbsd-compat/sys-tree.h b/openbsd-compat/sys-tree.h
index 73cfbe72a..c80b90b21 100644
--- a/openbsd-compat/sys-tree.h
+++ b/openbsd-compat/sys-tree.h
@@ -1,5 +1,3 @@
1/* OPENBSD ORIGINAL: sys/sys/tree.h */
2
3/* $OpenBSD: tree.h,v 1.7 2002/10/17 21:51:54 art Exp $ */ 1/* $OpenBSD: tree.h,v 1.7 2002/10/17 21:51:54 art Exp $ */
4/* 2/*
5 * Copyright 2002 Niels Provos <provos@citi.umich.edu> 3 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
@@ -26,6 +24,8 @@
26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */ 25 */
28 26
27/* OPENBSD ORIGINAL: sys/sys/tree.h */
28
29#ifndef _SYS_TREE_H_ 29#ifndef _SYS_TREE_H_
30#define _SYS_TREE_H_ 30#define _SYS_TREE_H_
31 31
diff --git a/openbsd-compat/vis.c b/openbsd-compat/vis.c
index 1fb7a01e3..3a087b341 100644
--- a/openbsd-compat/vis.c
+++ b/openbsd-compat/vis.c
@@ -1,5 +1,4 @@
1/* OPENBSD ORIGINAL: lib/libc/gen/vis.c */ 1/* $OpenBSD: vis.c,v 1.19 2005/09/01 17:15:49 millert Exp $ */
2
3/*- 2/*-
4 * Copyright (c) 1989, 1993 3 * Copyright (c) 1989, 1993
5 * The Regents of the University of California. All rights reserved. 4 * The Regents of the University of California. All rights reserved.
@@ -28,36 +27,34 @@
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE. 28 * SUCH DAMAGE.
30 */ 29 */
30
31/* OPENBSD ORIGINAL: lib/libc/gen/vis.c */
32
31#include "includes.h" 33#include "includes.h"
32#if !defined(HAVE_STRNVIS) 34#if !defined(HAVE_STRNVIS)
33 35
34#if defined(LIBC_SCCS) && !defined(lint)
35static char rcsid[] = "$OpenBSD: vis.c,v 1.12 2003/06/02 20:18:35 millert Exp $";
36#endif /* LIBC_SCCS and not lint */
37
38#include <ctype.h> 36#include <ctype.h>
39#include <string.h> 37#include <string.h>
40 38
41#include "vis.h" 39#include "vis.h"
42 40
43#define isoctal(c) (((u_char)(c)) >= '0' && ((u_char)(c)) <= '7') 41#define isoctal(c) (((u_char)(c)) >= '0' && ((u_char)(c)) <= '7')
44#define isvisible(c) (((u_int)(c) <= UCHAR_MAX && isascii((u_char)(c)) && \ 42#define isvisible(c) \
45 isgraph((u_char)(c))) || \ 43 (((u_int)(c) <= UCHAR_MAX && isascii((u_char)(c)) && \
46 ((flag & VIS_SP) == 0 && (c) == ' ') || \ 44 (((c) != '*' && (c) != '?' && (c) != '[' && (c) != '#') || \
47 ((flag & VIS_TAB) == 0 && (c) == '\t') || \ 45 (flag & VIS_GLOB) == 0) && isgraph((u_char)(c))) || \
48 ((flag & VIS_NL) == 0 && (c) == '\n') || \ 46 ((flag & VIS_SP) == 0 && (c) == ' ') || \
49 ((flag & VIS_SAFE) && ((c) == '\b' || \ 47 ((flag & VIS_TAB) == 0 && (c) == '\t') || \
50 (c) == '\007' || (c) == '\r' || \ 48 ((flag & VIS_NL) == 0 && (c) == '\n') || \
51 isgraph((u_char)(c))))) 49 ((flag & VIS_SAFE) && ((c) == '\b' || \
50 (c) == '\007' || (c) == '\r' || \
51 isgraph((u_char)(c)))))
52 52
53/* 53/*
54 * vis - visually encode characters 54 * vis - visually encode characters
55 */ 55 */
56char * 56char *
57vis(dst, c, flag, nextc) 57vis(char *dst, int c, int flag, int nextc)
58 register char *dst;
59 int c, nextc;
60 register int flag;
61{ 58{
62 if (isvisible(c)) { 59 if (isvisible(c)) {
63 *dst++ = c; 60 *dst++ = c;
@@ -111,7 +108,8 @@ vis(dst, c, flag, nextc)
111 goto done; 108 goto done;
112 } 109 }
113 } 110 }
114 if (((c & 0177) == ' ') || (flag & VIS_OCTAL)) { 111 if (((c & 0177) == ' ') || (flag & VIS_OCTAL) ||
112 ((flag & VIS_GLOB) && (c == '*' || c == '?' || c == '[' || c == '#'))) {
115 *dst++ = '\\'; 113 *dst++ = '\\';
116 *dst++ = ((u_char)c >> 6 & 07) + '0'; 114 *dst++ = ((u_char)c >> 6 & 07) + '0';
117 *dst++ = ((u_char)c >> 3 & 07) + '0'; 115 *dst++ = ((u_char)c >> 3 & 07) + '0';
@@ -124,7 +122,7 @@ vis(dst, c, flag, nextc)
124 c &= 0177; 122 c &= 0177;
125 *dst++ = 'M'; 123 *dst++ = 'M';
126 } 124 }
127 if (iscntrl(c)) { 125 if (iscntrl((u_char)c)) {
128 *dst++ = '^'; 126 *dst++ = '^';
129 if (c == 0177) 127 if (c == 0177)
130 *dst++ = '?'; 128 *dst++ = '?';
@@ -153,12 +151,9 @@ done:
153 * This is useful for encoding a block of data. 151 * This is useful for encoding a block of data.
154 */ 152 */
155int 153int
156strvis(dst, src, flag) 154strvis(char *dst, const char *src, int flag)
157 register char *dst;
158 register const char *src;
159 int flag;
160{ 155{
161 register char c; 156 char c;
162 char *start; 157 char *start;
163 158
164 for (start = dst; (c = *src);) 159 for (start = dst; (c = *src);)
@@ -168,16 +163,11 @@ strvis(dst, src, flag)
168} 163}
169 164
170int 165int
171strnvis(dst, src, siz, flag) 166strnvis(char *dst, const char *src, size_t siz, int flag)
172 char *dst;
173 const char *src;
174 size_t siz;
175 int flag;
176{ 167{
177 char c;
178 char *start, *end; 168 char *start, *end;
179 char tbuf[5]; 169 char tbuf[5];
180 int i; 170 int c, i;
181 171
182 i = 0; 172 i = 0;
183 for (start = dst, end = start + siz - 1; (c = *src) && dst < end; ) { 173 for (start = dst, end = start + siz - 1; (c = *src) && dst < end; ) {
@@ -217,13 +207,9 @@ strnvis(dst, src, siz, flag)
217} 207}
218 208
219int 209int
220strvisx(dst, src, len, flag) 210strvisx(char *dst, const char *src, size_t len, int flag)
221 register char *dst;
222 register const char *src;
223 register size_t len;
224 int flag;
225{ 211{
226 register char c; 212 char c;
227 char *start; 213 char *start;
228 214
229 for (start = dst; len > 1; len--) { 215 for (start = dst; len > 1; len--) {
diff --git a/openbsd-compat/vis.h b/openbsd-compat/vis.h
index 663355a24..3898a9e70 100644
--- a/openbsd-compat/vis.h
+++ b/openbsd-compat/vis.h
@@ -1,6 +1,4 @@
1/* OPENBSD ORIGINAL: include/vis.h */ 1/* $OpenBSD: vis.h,v 1.11 2005/08/09 19:38:31 millert Exp $ */
2
3/* $OpenBSD: vis.h,v 1.6 2003/06/02 19:34:12 millert Exp $ */
4/* $NetBSD: vis.h,v 1.4 1994/10/26 00:56:41 cgd Exp $ */ 2/* $NetBSD: vis.h,v 1.4 1994/10/26 00:56:41 cgd Exp $ */
5 3
6/*- 4/*-
@@ -34,6 +32,8 @@
34 * @(#)vis.h 5.9 (Berkeley) 4/3/91 32 * @(#)vis.h 5.9 (Berkeley) 4/3/91
35 */ 33 */
36 34
35/* OPENBSD ORIGINAL: include/vis.h */
36
37#include "includes.h" 37#include "includes.h"
38#if !defined(HAVE_STRNVIS) 38#if !defined(HAVE_STRNVIS)
39 39
@@ -63,6 +63,7 @@
63 * other 63 * other
64 */ 64 */
65#define VIS_NOSLASH 0x40 /* inhibit printing '\' */ 65#define VIS_NOSLASH 0x40 /* inhibit printing '\' */
66#define VIS_GLOB 0x100 /* encode glob(3) magics and '#' */
66 67
67/* 68/*
68 * unvis return codes 69 * unvis return codes
@@ -80,10 +81,14 @@
80 81
81char *vis(char *, int, int, int); 82char *vis(char *, int, int, int);
82int strvis(char *, const char *, int); 83int strvis(char *, const char *, int);
83int strnvis(char *, const char *, size_t, int); 84int strnvis(char *, const char *, size_t, int)
84int strvisx(char *, const char *, size_t, int); 85 __attribute__ ((__bounded__(__string__,1,3)));
86int strvisx(char *, const char *, size_t, int)
87 __attribute__ ((__bounded__(__string__,1,3)));
85int strunvis(char *, const char *); 88int strunvis(char *, const char *);
86int unvis(char *, char, int *, int); 89int unvis(char *, char, int *, int);
90ssize_t strnunvis(char *, const char *, size_t)
91 __attribute__ ((__bounded__(__string__,1,3)));
87 92
88#endif /* !_VIS_H_ */ 93#endif /* !_VIS_H_ */
89 94
diff --git a/opensshd.init.in b/opensshd.init.in
index ffa7cdac2..c36c5c88a 100755
--- a/opensshd.init.in
+++ b/opensshd.init.in
@@ -1,4 +1,4 @@
1#!/sbin/sh 1#!@STARTUP_SCRIPT_SHELL@
2# Donated code that was put under PD license. 2# Donated code that was put under PD license.
3# 3#
4# Stripped PRNGd out of it for the time being. 4# Stripped PRNGd out of it for the time being.
diff --git a/packet.c b/packet.c
index 70e0110cb..db2aa2411 100644
--- a/packet.c
+++ b/packet.c
@@ -37,7 +37,7 @@
37 */ 37 */
38 38
39#include "includes.h" 39#include "includes.h"
40RCSID("$OpenBSD: packet.c,v 1.119 2005/07/28 17:36:22 markus Exp $"); 40RCSID("$OpenBSD: packet.c,v 1.120 2005/10/30 08:52:17 djm Exp $");
41 41
42#include "openbsd-compat/sys-queue.h" 42#include "openbsd-compat/sys-queue.h"
43 43
@@ -572,7 +572,7 @@ packet_send1(void)
572 buffer_clear(&outgoing_packet); 572 buffer_clear(&outgoing_packet);
573 573
574 /* 574 /*
575 * Note that the packet is now only buffered in output. It won\'t be 575 * Note that the packet is now only buffered in output. It won't be
576 * actually sent until packet_write_wait or packet_write_poll is 576 * actually sent until packet_write_wait or packet_write_poll is
577 * called. 577 * called.
578 */ 578 */
diff --git a/progressmeter.c b/progressmeter.c
index 3cda09061..13c51d87e 100644
--- a/progressmeter.c
+++ b/progressmeter.c
@@ -85,8 +85,8 @@ format_rate(char *buf, int size, off_t bytes)
85 bytes = (bytes + 512) / 1024; 85 bytes = (bytes + 512) / 1024;
86 } 86 }
87 snprintf(buf, size, "%3lld.%1lld%c%s", 87 snprintf(buf, size, "%3lld.%1lld%c%s",
88 (int64_t) (bytes + 5) / 100, 88 (long long) (bytes + 5) / 100,
89 (int64_t) (bytes + 5) / 10 % 10, 89 (long long) (bytes + 5) / 10 % 10,
90 unit[i], 90 unit[i],
91 i ? "B" : " "); 91 i ? "B" : " ");
92} 92}
@@ -99,7 +99,7 @@ format_size(char *buf, int size, off_t bytes)
99 for (i = 0; bytes >= 10000 && unit[i] != 'T'; i++) 99 for (i = 0; bytes >= 10000 && unit[i] != 'T'; i++)
100 bytes = (bytes + 512) / 1024; 100 bytes = (bytes + 512) / 1024;
101 snprintf(buf, size, "%4lld%c%s", 101 snprintf(buf, size, "%4lld%c%s",
102 (int64_t) bytes, 102 (long long) bytes,
103 unit[i], 103 unit[i],
104 i ? "B" : " "); 104 i ? "B" : " ");
105} 105}
diff --git a/readconf.c b/readconf.c
index cf27a9f41..1fbf59793 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: readconf.c,v 1.143 2005/07/30 02:03:47 djm Exp $"); 15RCSID("$OpenBSD: readconf.c,v 1.145 2005/12/08 18:34:11 reyk Exp $");
16 16
17#include "ssh.h" 17#include "ssh.h"
18#include "xmalloc.h" 18#include "xmalloc.h"
@@ -70,6 +70,10 @@ RCSID("$OpenBSD: readconf.c,v 1.143 2005/07/30 02:03:47 djm Exp $");
70 Cipher none 70 Cipher none
71 PasswordAuthentication no 71 PasswordAuthentication no
72 72
73 Host vpn.fake.com
74 Tunnel yes
75 TunnelDevice 3
76
73 # Defaults for various options 77 # Defaults for various options
74 Host * 78 Host *
75 ForwardAgent no 79 ForwardAgent no
@@ -107,6 +111,7 @@ typedef enum {
107 oAddressFamily, oGssAuthentication, oGssDelegateCreds, 111 oAddressFamily, oGssAuthentication, oGssDelegateCreds,
108 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, 112 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
109 oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, 113 oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
114 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
110 oDeprecated, oUnsupported 115 oDeprecated, oUnsupported
111} OpCodes; 116} OpCodes;
112 117
@@ -198,6 +203,10 @@ static struct {
198 { "controlpath", oControlPath }, 203 { "controlpath", oControlPath },
199 { "controlmaster", oControlMaster }, 204 { "controlmaster", oControlMaster },
200 { "hashknownhosts", oHashKnownHosts }, 205 { "hashknownhosts", oHashKnownHosts },
206 { "tunnel", oTunnel },
207 { "tunneldevice", oTunnelDevice },
208 { "localcommand", oLocalCommand },
209 { "permitlocalcommand", oPermitLocalCommand },
201 { NULL, oBadOption } 210 { NULL, oBadOption }
202}; 211};
203 212
@@ -264,6 +273,7 @@ clear_forwardings(Options *options)
264 xfree(options->remote_forwards[i].connect_host); 273 xfree(options->remote_forwards[i].connect_host);
265 } 274 }
266 options->num_remote_forwards = 0; 275 options->num_remote_forwards = 0;
276 options->tun_open = SSH_TUNMODE_NO;
267} 277}
268 278
269/* 279/*
@@ -296,7 +306,7 @@ process_config_line(Options *options, const char *host,
296 int *activep) 306 int *activep)
297{ 307{
298 char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256]; 308 char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256];
299 int opcode, *intptr, value; 309 int opcode, *intptr, value, value2;
300 size_t len; 310 size_t len;
301 Forward fwd; 311 Forward fwd;
302 312
@@ -553,9 +563,10 @@ parse_string:
553 goto parse_string; 563 goto parse_string;
554 564
555 case oProxyCommand: 565 case oProxyCommand:
566 charptr = &options->proxy_command;
567parse_command:
556 if (s == NULL) 568 if (s == NULL)
557 fatal("%.200s line %d: Missing argument.", filename, linenum); 569 fatal("%.200s line %d: Missing argument.", filename, linenum);
558 charptr = &options->proxy_command;
559 len = strspn(s, WHITESPACE "="); 570 len = strspn(s, WHITESPACE "=");
560 if (*activep && *charptr == NULL) 571 if (*activep && *charptr == NULL)
561 *charptr = xstrdup(s + len); 572 *charptr = xstrdup(s + len);
@@ -822,6 +833,49 @@ parse_int:
822 intptr = &options->hash_known_hosts; 833 intptr = &options->hash_known_hosts;
823 goto parse_flag; 834 goto parse_flag;
824 835
836 case oTunnel:
837 intptr = &options->tun_open;
838 arg = strdelim(&s);
839 if (!arg || *arg == '\0')
840 fatal("%s line %d: Missing yes/point-to-point/"
841 "ethernet/no argument.", filename, linenum);
842 value = 0; /* silence compiler */
843 if (strcasecmp(arg, "ethernet") == 0)
844 value = SSH_TUNMODE_ETHERNET;
845 else if (strcasecmp(arg, "point-to-point") == 0)
846 value = SSH_TUNMODE_POINTOPOINT;
847 else if (strcasecmp(arg, "yes") == 0)
848 value = SSH_TUNMODE_DEFAULT;
849 else if (strcasecmp(arg, "no") == 0)
850 value = SSH_TUNMODE_NO;
851 else
852 fatal("%s line %d: Bad yes/point-to-point/ethernet/"
853 "no argument: %s", filename, linenum, arg);
854 if (*activep)
855 *intptr = value;
856 break;
857
858 case oTunnelDevice:
859 arg = strdelim(&s);
860 if (!arg || *arg == '\0')
861 fatal("%.200s line %d: Missing argument.", filename, linenum);
862 value = a2tun(arg, &value2);
863 if (value == SSH_TUNID_ERR)
864 fatal("%.200s line %d: Bad tun device.", filename, linenum);
865 if (*activep) {
866 options->tun_local = value;
867 options->tun_remote = value2;
868 }
869 break;
870
871 case oLocalCommand:
872 charptr = &options->local_command;
873 goto parse_command;
874
875 case oPermitLocalCommand:
876 intptr = &options->permit_local_command;
877 goto parse_flag;
878
825 case oDeprecated: 879 case oDeprecated:
826 debug("%s line %d: Deprecated option \"%s\"", 880 debug("%s line %d: Deprecated option \"%s\"",
827 filename, linenum, keyword); 881 filename, linenum, keyword);
@@ -966,6 +1020,11 @@ initialize_options(Options * options)
966 options->control_path = NULL; 1020 options->control_path = NULL;
967 options->control_master = -1; 1021 options->control_master = -1;
968 options->hash_known_hosts = -1; 1022 options->hash_known_hosts = -1;
1023 options->tun_open = -1;
1024 options->tun_local = -1;
1025 options->tun_remote = -1;
1026 options->local_command = NULL;
1027 options->permit_local_command = -1;
969} 1028}
970 1029
971/* 1030/*
@@ -1090,6 +1149,15 @@ fill_default_options(Options * options)
1090 options->control_master = 0; 1149 options->control_master = 0;
1091 if (options->hash_known_hosts == -1) 1150 if (options->hash_known_hosts == -1)
1092 options->hash_known_hosts = 0; 1151 options->hash_known_hosts = 0;
1152 if (options->tun_open == -1)
1153 options->tun_open = SSH_TUNMODE_NO;
1154 if (options->tun_local == -1)
1155 options->tun_local = SSH_TUNID_ANY;
1156 if (options->tun_remote == -1)
1157 options->tun_remote = SSH_TUNID_ANY;
1158 if (options->permit_local_command == -1)
1159 options->permit_local_command = 0;
1160 /* options->local_command should not be set by default */
1093 /* options->proxy_command should not be set by default */ 1161 /* options->proxy_command should not be set by default */
1094 /* options->user will be set in the main program if appropriate */ 1162 /* options->user will be set in the main program if appropriate */
1095 /* options->hostname will be set in the main program if appropriate */ 1163 /* options->hostname will be set in the main program if appropriate */
diff --git a/readconf.h b/readconf.h
index 2b9deb9db..4565b2c2c 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.h,v 1.67 2005/06/08 11:25:09 djm Exp $ */ 1/* $OpenBSD: readconf.h,v 1.68 2005/12/06 22:38:27 reyk Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -114,6 +114,14 @@ typedef struct {
114 int control_master; 114 int control_master;
115 115
116 int hash_known_hosts; 116 int hash_known_hosts;
117
118 int tun_open; /* tun(4) */
119 int tun_local; /* force tun device (optional) */
120 int tun_remote; /* force tun device (optional) */
121
122 char *local_command;
123 int permit_local_command;
124
117} Options; 125} Options;
118 126
119#define SSHCTL_MASTER_NO 0 127#define SSHCTL_MASTER_NO 0
diff --git a/regress/README.regress b/regress/README.regress
index 0c07c9cf1..5aaf734bd 100644
--- a/regress/README.regress
+++ b/regress/README.regress
@@ -97,8 +97,12 @@ Known Issues.
97 unless ssh-rand-helper is in pre-installed (the path to 97 unless ssh-rand-helper is in pre-installed (the path to
98 ssh-rand-helper is hard coded). 98 ssh-rand-helper is hard coded).
99 99
100- Similarly, if you do not have "scp" in your system's $PATH then the
101 multiplex scp tests will fail (since the system's shell startup scripts
102 will determine where the shell started by sshd will look for scp).
103
100- Recent GNU coreutils deprecate "head -[n]": this will cause the yes-head 104- Recent GNU coreutils deprecate "head -[n]": this will cause the yes-head
101 test to fail. The old behaviour can be restored by setting (and 105 test to fail. The old behaviour can be restored by setting (and
102 exporting) _POSIX2_VERSION=199209 before running the tests. 106 exporting) _POSIX2_VERSION=199209 before running the tests.
103 107
104$Id: README.regress,v 1.9 2004/08/17 12:31:33 dtucker Exp $ 108$Id: README.regress,v 1.10 2005/10/03 10:14:18 dtucker Exp $
diff --git a/regress/agent-getpeereid.sh b/regress/agent-getpeereid.sh
index 46d20dc2b..6186a8d48 100644
--- a/regress/agent-getpeereid.sh
+++ b/regress/agent-getpeereid.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: agent-getpeereid.sh,v 1.1 2002/12/09 16:05:02 markus Exp $ 1# $OpenBSD: agent-getpeereid.sh,v 1.2 2005/11/14 21:25:56 grunk Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="disallow agent attach from other uid" 4tid="disallow agent attach from other uid"
@@ -27,7 +27,7 @@ else
27 fail "ssh-add failed with $r != 1" 27 fail "ssh-add failed with $r != 1"
28 fi 28 fi
29 29
30 < /dev/null sudo -S -u ${UNPRIV} ssh-add -l > /dev/null 2>&1 30 < /dev/null ${SUDO} -S -u ${UNPRIV} ssh-add -l > /dev/null 2>&1
31 r=$? 31 r=$?
32 if [ $r -lt 2 ]; then 32 if [ $r -lt 2 ]; then
33 fail "ssh-add did not fail for ${UNPRIV}: $r < 2" 33 fail "ssh-add did not fail for ${UNPRIV}: $r < 2"
diff --git a/regress/forwarding.sh b/regress/forwarding.sh
index dfe065dd6..3b171144f 100644
--- a/regress/forwarding.sh
+++ b/regress/forwarding.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: forwarding.sh,v 1.4 2002/03/15 13:08:56 markus Exp $ 1# $OpenBSD: forwarding.sh,v 1.5 2005/03/10 10:20:39 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="local and remote forwarding" 4tid="local and remote forwarding"
@@ -32,3 +32,34 @@ for p in 1 2; do
32 32
33 sleep 10 33 sleep 10
34done 34done
35
36for p in 1 2; do
37 trace "simple clear forwarding proto $p"
38 ${SSH} -$p -F $OBJ/ssh_config -oClearAllForwardings=yes somehost true
39
40 trace "clear local forward proto $p"
41 ${SSH} -$p -f -F $OBJ/ssh_config -L ${base}01:127.0.0.1:$PORT \
42 -oClearAllForwardings=yes somehost sleep 10
43 if [ $? != 0 ]; then
44 fail "connection failed with cleared local forwarding"
45 else
46 # this one should fail
47 ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \
48 2>${TEST_SSH_LOGFILE} && \
49 fail "local forwarding not cleared"
50 fi
51 sleep 10
52
53 trace "clear remote forward proto $p"
54 ${SSH} -$p -f -F $OBJ/ssh_config -R ${base}01:127.0.0.1:$PORT \
55 -oClearAllForwardings=yes somehost sleep 10
56 if [ $? != 0 ]; then
57 fail "connection failed with cleared remote forwarding"
58 else
59 # this one should fail
60 ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \
61 2>${TEST_SSH_LOGFILE} && \
62 fail "remote forwarding not cleared"
63 fi
64 sleep 10
65done
diff --git a/regress/multiplex.sh b/regress/multiplex.sh
index a172e5790..4fba7b5ac 100644
--- a/regress/multiplex.sh
+++ b/regress/multiplex.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: multiplex.sh,v 1.10 2005/02/27 11:33:30 dtucker Exp $ 1# $OpenBSD: multiplex.sh,v 1.11 2005/04/25 09:54:09 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4CTL=/tmp/openssh.regress.ctl-sock.$$ 4CTL=/tmp/openssh.regress.ctl-sock.$$
diff --git a/regress/reconfigure.sh b/regress/reconfigure.sh
index ba6dbc6f5..1daf29f9a 100644
--- a/regress/reconfigure.sh
+++ b/regress/reconfigure.sh
@@ -15,8 +15,9 @@ esac
15 15
16start_sshd 16start_sshd
17 17
18$SUDO kill -HUP `cat $PIDFILE` 18PID=`cat $PIDFILE`
19sleep 1 19rm -f $PIDFILE
20$SUDO kill -HUP $PID
20 21
21trace "wait for sshd to restart" 22trace "wait for sshd to restart"
22i=0; 23i=0;
diff --git a/regress/scp-ssh-wrapper.sh b/regress/scp-ssh-wrapper.sh
index 8e4314773..d1005a995 100644
--- a/regress/scp-ssh-wrapper.sh
+++ b/regress/scp-ssh-wrapper.sh
@@ -1,5 +1,5 @@
1#!/bin/sh 1#!/bin/sh
2# $OpenBSD: scp-ssh-wrapper.sh,v 1.1 2004/06/13 13:51:02 dtucker Exp $ 2# $OpenBSD: scp-ssh-wrapper.sh,v 1.2 2005/12/14 04:36:39 dtucker Exp $
3# Placed in the Public Domain. 3# Placed in the Public Domain.
4 4
5printname () { 5printname () {
@@ -16,8 +16,11 @@ printname () {
16 done 16 done
17} 17}
18 18
19# discard first 5 args 19# Discard all but last argument. We use arg later.
20shift; shift; shift; shift; shift 20while test "$1" != ""; do
21 arg="$1"
22 shift
23done
21 24
22BAD="../../../../../../../../../../../../../${DIR}/dotpathdir" 25BAD="../../../../../../../../../../../../../${DIR}/dotpathdir"
23 26
@@ -49,6 +52,6 @@ badserver_4)
49 echo "X" 52 echo "X"
50 ;; 53 ;;
51*) 54*)
52 exec $1 55 exec $arg
53 ;; 56 ;;
54esac 57esac
diff --git a/regress/scp.sh b/regress/scp.sh
index c3034b6e7..c5d412dd9 100644
--- a/regress/scp.sh
+++ b/regress/scp.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: scp.sh,v 1.3 2004/07/08 12:59:35 dtucker Exp $ 1# $OpenBSD: scp.sh,v 1.7 2006/01/31 10:36:33 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="scp" 4tid="scp"
@@ -28,6 +28,11 @@ scpclean() {
28 mkdir ${DIR} ${DIR2} 28 mkdir ${DIR} ${DIR2}
29} 29}
30 30
31verbose "$tid: simple copy local file to local file"
32scpclean
33$SCP $scpopts ${DATA} ${COPY} || fail "copy failed"
34cmp ${DATA} ${COPY} || fail "corrupted copy"
35
31verbose "$tid: simple copy local file to remote file" 36verbose "$tid: simple copy local file to remote file"
32scpclean 37scpclean
33$SCP $scpopts ${DATA} somehost:${COPY} || fail "copy failed" 38$SCP $scpopts ${DATA} somehost:${COPY} || fail "copy failed"
@@ -44,6 +49,12 @@ cp ${DATA} ${COPY}
44$SCP $scpopts ${COPY} somehost:${DIR} || fail "copy failed" 49$SCP $scpopts ${COPY} somehost:${DIR} || fail "copy failed"
45cmp ${COPY} ${DIR}/copy || fail "corrupted copy" 50cmp ${COPY} ${DIR}/copy || fail "corrupted copy"
46 51
52verbose "$tid: simple copy local file to local dir"
53scpclean
54cp ${DATA} ${COPY}
55$SCP $scpopts ${COPY} ${DIR} || fail "copy failed"
56cmp ${COPY} ${DIR}/copy || fail "corrupted copy"
57
47verbose "$tid: simple copy remote file to local dir" 58verbose "$tid: simple copy remote file to local dir"
48scpclean 59scpclean
49cp ${DATA} ${COPY} 60cp ${DATA} ${COPY}
@@ -57,6 +68,13 @@ cp ${DATA} ${DIR}/copy
57$SCP $scpopts -r ${DIR} somehost:${DIR2} || fail "copy failed" 68$SCP $scpopts -r ${DIR} somehost:${DIR2} || fail "copy failed"
58diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" 69diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
59 70
71verbose "$tid: recursive local dir to local dir"
72scpclean
73rm -rf ${DIR2}
74cp ${DATA} ${DIR}/copy
75$SCP $scpopts -r ${DIR} ${DIR2} || fail "copy failed"
76diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
77
60verbose "$tid: recursive remote dir to local dir" 78verbose "$tid: recursive remote dir to local dir"
61scpclean 79scpclean
62rm -rf ${DIR2} 80rm -rf ${DIR2}
@@ -64,6 +82,13 @@ cp ${DATA} ${DIR}/copy
64$SCP $scpopts -r somehost:${DIR} ${DIR2} || fail "copy failed" 82$SCP $scpopts -r somehost:${DIR} ${DIR2} || fail "copy failed"
65diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" 83diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
66 84
85verbose "$tid: shell metacharacters"
86scpclean
87(cd ${DIR} && \
88touch '`touch metachartest`' && \
89$SCP $scpopts *metachar* ${DIR2} 2>/dev/null; \
90[ ! -f metachartest ] ) || fail "shell metacharacters"
91
67if [ ! -z "$SUDO" ]; then 92if [ ! -z "$SUDO" ]; then
68 verbose "$tid: skipped file after scp -p with failed chown+utimes" 93 verbose "$tid: skipped file after scp -p with failed chown+utimes"
69 scpclean 94 scpclean
@@ -73,7 +98,7 @@ if [ ! -z "$SUDO" ]; then
73 chmod 660 ${DIR2}/copy 98 chmod 660 ${DIR2}/copy
74 $SUDO chown root ${DIR2}/copy 99 $SUDO chown root ${DIR2}/copy
75 $SCP -p $scpopts somehost:${DIR}/\* ${DIR2} >/dev/null 2>&1 100 $SCP -p $scpopts somehost:${DIR}/\* ${DIR2} >/dev/null 2>&1
76 diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" 101 $SUDO diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
77 $SUDO rm ${DIR2}/copy 102 $SUDO rm ${DIR2}/copy
78fi 103fi
79 104
@@ -91,5 +116,12 @@ for i in 0 1 2 3 4; do
91 [ -d ${DIR}/dotpathdir ] && fail "allows dir creation outside of subdir" 116 [ -d ${DIR}/dotpathdir ] && fail "allows dir creation outside of subdir"
92done 117done
93 118
119verbose "$tid: detect non-directory target"
120scpclean
121echo a > ${COPY}
122echo b > ${COPY2}
123$SCP $scpopts ${DATA} ${COPY} ${COPY2}
124cmp ${COPY} ${COPY2} >/dev/null && fail "corrupt target"
125
94scpclean 126scpclean
95rm -f ${OBJ}/scp-ssh-wrapper.scp 127rm -f ${OBJ}/scp-ssh-wrapper.scp
diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index 4b3a70eb3..59ae33c08 100644
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -1,4 +1,4 @@
1# $OpenBSD: test-exec.sh,v 1.27 2005/02/27 11:33:30 dtucker Exp $ 1# $OpenBSD: test-exec.sh,v 1.28 2005/05/20 23:14:15 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4#SUDO=sudo 4#SUDO=sudo
@@ -24,6 +24,8 @@ if [ -x /usr/ucb/whoami ]; then
24 USER=`/usr/ucb/whoami` 24 USER=`/usr/ucb/whoami`
25elif whoami >/dev/null 2>&1; then 25elif whoami >/dev/null 2>&1; then
26 USER=`whoami` 26 USER=`whoami`
27elif logname >/dev/null 2>&1; then
28 USER=`logname`
27else 29else
28 USER=`id -un` 30 USER=`id -un`
29fi 31fi
@@ -194,6 +196,7 @@ trap fatal 3 2
194cat << EOF > $OBJ/sshd_config 196cat << EOF > $OBJ/sshd_config
195 StrictModes no 197 StrictModes no
196 Port $PORT 198 Port $PORT
199 AddressFamily inet
197 ListenAddress 127.0.0.1 200 ListenAddress 127.0.0.1
198 #ListenAddress ::1 201 #ListenAddress ::1
199 PidFile $PIDFILE 202 PidFile $PIDFILE
@@ -244,7 +247,7 @@ trace "generate keys"
244for t in rsa rsa1; do 247for t in rsa rsa1; do
245 # generate user key 248 # generate user key
246 rm -f $OBJ/$t 249 rm -f $OBJ/$t
247 ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t ||\ 250 ${SSHKEYGEN} -b 1024 -q -N '' -t $t -f $OBJ/$t ||\
248 fail "ssh-keygen for $t failed" 251 fail "ssh-keygen for $t failed"
249 252
250 # known hosts file for client 253 # known hosts file for client
diff --git a/regress/try-ciphers.sh b/regress/try-ciphers.sh
index c6e1b9152..379fe353a 100644
--- a/regress/try-ciphers.sh
+++ b/regress/try-ciphers.sh
@@ -1,9 +1,10 @@
1# $OpenBSD: try-ciphers.sh,v 1.9 2004/02/28 13:44:45 dtucker Exp $ 1# $OpenBSD: try-ciphers.sh,v 1.10 2005/05/24 04:10:54 djm Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4tid="try ciphers" 4tid="try ciphers"
5 5
6ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc arcfour 6ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc
7 arcfour128 arcfour256 arcfour
7 aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se 8 aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se
8 aes128-ctr aes192-ctr aes256-ctr" 9 aes128-ctr aes192-ctr aes256-ctr"
9macs="hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96" 10macs="hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96"
diff --git a/regress/yes-head.sh b/regress/yes-head.sh
index 17a4d0dd4..a8e6bc800 100644
--- a/regress/yes-head.sh
+++ b/regress/yes-head.sh
@@ -4,7 +4,7 @@
4tid="yes pipe head" 4tid="yes pipe head"
5 5
6for p in 1 2; do 6for p in 1 2; do
7 lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | head -2000"' | (sleep 3 ; wc -l)` 7 lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -2000"' | (sleep 3 ; wc -l)`
8 if [ $? -ne 0 ]; then 8 if [ $? -ne 0 ]; then
9 fail "yes|head test failed" 9 fail "yes|head test failed"
10 lines = 0; 10 lines = 0;
diff --git a/scp.0 b/scp.0
index aa54dda3f..2c7f15567 100644
--- a/scp.0
+++ b/scp.0
@@ -92,6 +92,7 @@ DESCRIPTION
92 Protocol 92 Protocol
93 ProxyCommand 93 ProxyCommand
94 PubkeyAuthentication 94 PubkeyAuthentication
95 RekeyLimit
95 RhostsRSAAuthentication 96 RhostsRSAAuthentication
96 RSAAuthentication 97 RSAAuthentication
97 SendEnv 98 SendEnv
@@ -141,4 +142,4 @@ AUTHORS
141 Timo Rinne <tri@iki.fi> 142 Timo Rinne <tri@iki.fi>
142 Tatu Ylonen <ylo@cs.hut.fi> 143 Tatu Ylonen <ylo@cs.hut.fi>
143 144
144OpenBSD 3.8 September 25, 1999 3 145OpenBSD 3.9 September 25, 1999 3
diff --git a/scp.1 b/scp.1
index b5191e318..d9b1f8e8f 100644
--- a/scp.1
+++ b/scp.1
@@ -9,7 +9,7 @@
9.\" 9.\"
10.\" Created: Sun May 7 00:14:37 1995 ylo 10.\" Created: Sun May 7 00:14:37 1995 ylo
11.\" 11.\"
12.\" $OpenBSD: scp.1,v 1.38 2005/03/01 17:19:35 jmc Exp $ 12.\" $OpenBSD: scp.1,v 1.39 2006/01/20 00:14:55 dtucker Exp $
13.\" 13.\"
14.Dd September 25, 1999 14.Dd September 25, 1999
15.Dt SCP 1 15.Dt SCP 1
@@ -152,6 +152,7 @@ For full details of the options listed below, and their possible values, see
152.It Protocol 152.It Protocol
153.It ProxyCommand 153.It ProxyCommand
154.It PubkeyAuthentication 154.It PubkeyAuthentication
155.It RekeyLimit
155.It RhostsRSAAuthentication 156.It RhostsRSAAuthentication
156.It RSAAuthentication 157.It RSAAuthentication
157.It SendEnv 158.It SendEnv
diff --git a/scp.c b/scp.c
index 1407aa71d..620024ea7 100644
--- a/scp.c
+++ b/scp.c
@@ -71,7 +71,7 @@
71 */ 71 */
72 72
73#include "includes.h" 73#include "includes.h"
74RCSID("$OpenBSD: scp.c,v 1.125 2005/07/27 10:39:03 dtucker Exp $"); 74RCSID("$OpenBSD: scp.c,v 1.130 2006/01/31 10:35:43 djm Exp $");
75 75
76#include "xmalloc.h" 76#include "xmalloc.h"
77#include "atomicio.h" 77#include "atomicio.h"
@@ -118,6 +118,48 @@ killchild(int signo)
118 exit(1); 118 exit(1);
119} 119}
120 120
121static int
122do_local_cmd(arglist *a)
123{
124 u_int i;
125 int status;
126 pid_t pid;
127
128 if (a->num == 0)
129 fatal("do_local_cmd: no arguments");
130
131 if (verbose_mode) {
132 fprintf(stderr, "Executing:");
133 for (i = 0; i < a->num; i++)
134 fprintf(stderr, " %s", a->list[i]);
135 fprintf(stderr, "\n");
136 }
137 if ((pid = fork()) == -1)
138 fatal("do_local_cmd: fork: %s", strerror(errno));
139
140 if (pid == 0) {
141 execvp(a->list[0], a->list);
142 perror(a->list[0]);
143 exit(1);
144 }
145
146 do_cmd_pid = pid;
147 signal(SIGTERM, killchild);
148 signal(SIGINT, killchild);
149 signal(SIGHUP, killchild);
150
151 while (waitpid(pid, &status, 0) == -1)
152 if (errno != EINTR)
153 fatal("do_local_cmd: waitpid: %s", strerror(errno));
154
155 do_cmd_pid = -1;
156
157 if (!WIFEXITED(status) || WEXITSTATUS(status) != 0)
158 return (-1);
159
160 return (0);
161}
162
121/* 163/*
122 * This function executes the given command as the specified user on the 164 * This function executes the given command as the specified user on the
123 * given host. This returns < 0 if execution fails, and >= 0 otherwise. This 165 * given host. This returns < 0 if execution fails, and >= 0 otherwise. This
@@ -162,7 +204,7 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc)
162 close(pin[0]); 204 close(pin[0]);
163 close(pout[1]); 205 close(pout[1]);
164 206
165 args.list[0] = ssh_program; 207 replacearg(&args, 0, "%s", ssh_program);
166 if (remuser != NULL) 208 if (remuser != NULL)
167 addargs(&args, "-l%s", remuser); 209 addargs(&args, "-l%s", remuser);
168 addargs(&args, "%s", host); 210 addargs(&args, "%s", host);
@@ -222,12 +264,17 @@ main(int argc, char **argv)
222 extern char *optarg; 264 extern char *optarg;
223 extern int optind; 265 extern int optind;
224 266
267 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
268 sanitise_stdfd();
269
225 __progname = ssh_get_progname(argv[0]); 270 __progname = ssh_get_progname(argv[0]);
226 271
272 memset(&args, '\0', sizeof(args));
227 args.list = NULL; 273 args.list = NULL;
228 addargs(&args, "ssh"); /* overwritten with ssh_program */ 274 addargs(&args, "%s", ssh_program);
229 addargs(&args, "-x"); 275 addargs(&args, "-x");
230 addargs(&args, "-oForwardAgent no"); 276 addargs(&args, "-oForwardAgent no");
277 addargs(&args, "-oPermitLocalCommand no");
231 addargs(&args, "-oClearAllForwardings yes"); 278 addargs(&args, "-oClearAllForwardings yes");
232 279
233 fflag = tflag = 0; 280 fflag = tflag = 0;
@@ -336,9 +383,9 @@ main(int argc, char **argv)
336 if ((targ = colon(argv[argc - 1]))) /* Dest is remote host. */ 383 if ((targ = colon(argv[argc - 1]))) /* Dest is remote host. */
337 toremote(targ, argc, argv); 384 toremote(targ, argc, argv);
338 else { 385 else {
339 tolocal(argc, argv); /* Dest is local host. */
340 if (targetshouldbedirectory) 386 if (targetshouldbedirectory)
341 verifydir(argv[argc - 1]); 387 verifydir(argv[argc - 1]);
388 tolocal(argc, argv); /* Dest is local host. */
342 } 389 }
343 /* 390 /*
344 * Finally check the exit status of the ssh process, if one was forked 391 * Finally check the exit status of the ssh process, if one was forked
@@ -364,6 +411,10 @@ toremote(char *targ, int argc, char **argv)
364{ 411{
365 int i, len; 412 int i, len;
366 char *bp, *host, *src, *suser, *thost, *tuser, *arg; 413 char *bp, *host, *src, *suser, *thost, *tuser, *arg;
414 arglist alist;
415
416 memset(&alist, '\0', sizeof(alist));
417 alist.list = NULL;
367 418
368 *targ++ = 0; 419 *targ++ = 0;
369 if (*targ == 0) 420 if (*targ == 0)
@@ -381,56 +432,48 @@ toremote(char *targ, int argc, char **argv)
381 tuser = NULL; 432 tuser = NULL;
382 } 433 }
383 434
435 if (tuser != NULL && !okname(tuser)) {
436 xfree(arg);
437 return;
438 }
439
384 for (i = 0; i < argc - 1; i++) { 440 for (i = 0; i < argc - 1; i++) {
385 src = colon(argv[i]); 441 src = colon(argv[i]);
386 if (src) { /* remote to remote */ 442 if (src) { /* remote to remote */
387 static char *ssh_options = 443 freeargs(&alist);
388 "-x -o'ClearAllForwardings yes'"; 444 addargs(&alist, "%s", ssh_program);
445 if (verbose_mode)
446 addargs(&alist, "-v");
447 addargs(&alist, "-x");
448 addargs(&alist, "-oClearAllForwardings yes");
449 addargs(&alist, "-n");
450
389 *src++ = 0; 451 *src++ = 0;
390 if (*src == 0) 452 if (*src == 0)
391 src = "."; 453 src = ".";
392 host = strrchr(argv[i], '@'); 454 host = strrchr(argv[i], '@');
393 len = strlen(ssh_program) + strlen(argv[i]) + 455
394 strlen(src) + (tuser ? strlen(tuser) : 0) +
395 strlen(thost) + strlen(targ) +
396 strlen(ssh_options) + CMDNEEDS + 20;
397 bp = xmalloc(len);
398 if (host) { 456 if (host) {
399 *host++ = 0; 457 *host++ = 0;
400 host = cleanhostname(host); 458 host = cleanhostname(host);
401 suser = argv[i]; 459 suser = argv[i];
402 if (*suser == '\0') 460 if (*suser == '\0')
403 suser = pwd->pw_name; 461 suser = pwd->pw_name;
404 else if (!okname(suser)) { 462 else if (!okname(suser))
405 xfree(bp);
406 continue; 463 continue;
407 } 464 addargs(&alist, "-l");
408 if (tuser && !okname(tuser)) { 465 addargs(&alist, "%s", suser);
409 xfree(bp);
410 continue;
411 }
412 snprintf(bp, len,
413 "%s%s %s -n "
414 "-l %s %s %s %s '%s%s%s:%s'",
415 ssh_program, verbose_mode ? " -v" : "",
416 ssh_options, suser, host, cmd, src,
417 tuser ? tuser : "", tuser ? "@" : "",
418 thost, targ);
419 } else { 466 } else {
420 host = cleanhostname(argv[i]); 467 host = cleanhostname(argv[i]);
421 snprintf(bp, len,
422 "exec %s%s %s -n %s "
423 "%s %s '%s%s%s:%s'",
424 ssh_program, verbose_mode ? " -v" : "",
425 ssh_options, host, cmd, src,
426 tuser ? tuser : "", tuser ? "@" : "",
427 thost, targ);
428 } 468 }
429 if (verbose_mode) 469 addargs(&alist, "%s", host);
430 fprintf(stderr, "Executing: %s\n", bp); 470 addargs(&alist, "%s", cmd);
431 if (system(bp) != 0) 471 addargs(&alist, "%s", src);
472 addargs(&alist, "%s%s%s:%s",
473 tuser ? tuser : "", tuser ? "@" : "",
474 thost, targ);
475 if (do_local_cmd(&alist) != 0)
432 errs = 1; 476 errs = 1;
433 (void) xfree(bp);
434 } else { /* local to remote */ 477 } else { /* local to remote */
435 if (remin == -1) { 478 if (remin == -1) {
436 len = strlen(targ) + CMDNEEDS + 20; 479 len = strlen(targ) + CMDNEEDS + 20;
@@ -454,20 +497,23 @@ tolocal(int argc, char **argv)
454{ 497{
455 int i, len; 498 int i, len;
456 char *bp, *host, *src, *suser; 499 char *bp, *host, *src, *suser;
500 arglist alist;
501
502 memset(&alist, '\0', sizeof(alist));
503 alist.list = NULL;
457 504
458 for (i = 0; i < argc - 1; i++) { 505 for (i = 0; i < argc - 1; i++) {
459 if (!(src = colon(argv[i]))) { /* Local to local. */ 506 if (!(src = colon(argv[i]))) { /* Local to local. */
460 len = strlen(_PATH_CP) + strlen(argv[i]) + 507 freeargs(&alist);
461 strlen(argv[argc - 1]) + 20; 508 addargs(&alist, "%s", _PATH_CP);
462 bp = xmalloc(len); 509 if (iamrecursive)
463 (void) snprintf(bp, len, "exec %s%s%s %s %s", _PATH_CP, 510 addargs(&alist, "-r");
464 iamrecursive ? " -r" : "", pflag ? " -p" : "", 511 if (pflag)
465 argv[i], argv[argc - 1]); 512 addargs(&alist, "-p");
466 if (verbose_mode) 513 addargs(&alist, "%s", argv[i]);
467 fprintf(stderr, "Executing: %s\n", bp); 514 addargs(&alist, "%s", argv[argc-1]);
468 if (system(bp)) 515 if (do_local_cmd(&alist))
469 ++errs; 516 ++errs;
470 (void) xfree(bp);
471 continue; 517 continue;
472 } 518 }
473 *src++ = 0; 519 *src++ = 0;
@@ -560,7 +606,7 @@ syserr: run_err("%s: %s", name, strerror(errno));
560#define FILEMODEMASK (S_ISUID|S_ISGID|S_IRWXU|S_IRWXG|S_IRWXO) 606#define FILEMODEMASK (S_ISUID|S_ISGID|S_IRWXU|S_IRWXG|S_IRWXO)
561 snprintf(buf, sizeof buf, "C%04o %lld %s\n", 607 snprintf(buf, sizeof buf, "C%04o %lld %s\n",
562 (u_int) (stb.st_mode & FILEMODEMASK), 608 (u_int) (stb.st_mode & FILEMODEMASK),
563 (int64_t)stb.st_size, last); 609 (long long)stb.st_size, last);
564 if (verbose_mode) { 610 if (verbose_mode) {
565 fprintf(stderr, "Sending file modes: %s", buf); 611 fprintf(stderr, "Sending file modes: %s", buf);
566 } 612 }
@@ -568,7 +614,10 @@ syserr: run_err("%s: %s", name, strerror(errno));
568 if (response() < 0) 614 if (response() < 0)
569 goto next; 615 goto next;
570 if ((bp = allocbuf(&buffer, fd, 2048)) == NULL) { 616 if ((bp = allocbuf(&buffer, fd, 2048)) == NULL) {
571next: (void) close(fd); 617next: if (fd != -1) {
618 (void) close(fd);
619 fd = -1;
620 }
572 continue; 621 continue;
573 } 622 }
574 if (showprogress) 623 if (showprogress)
@@ -597,8 +646,11 @@ next: (void) close(fd);
597 if (showprogress) 646 if (showprogress)
598 stop_progress_meter(); 647 stop_progress_meter();
599 648
600 if (close(fd) < 0 && !haderr) 649 if (fd != -1) {
601 haderr = errno; 650 if (close(fd) < 0 && !haderr)
651 haderr = errno;
652 fd = -1;
653 }
602 if (!haderr) 654 if (!haderr)
603 (void) atomicio(vwrite, remout, "", 1); 655 (void) atomicio(vwrite, remout, "", 1);
604 else 656 else
diff --git a/servconf.c b/servconf.c
index 9e420a527..81953bb80 100644
--- a/servconf.c
+++ b/servconf.c
@@ -10,7 +10,7 @@
10 */ 10 */
11 11
12#include "includes.h" 12#include "includes.h"
13RCSID("$OpenBSD: servconf.c,v 1.144 2005/08/06 10:03:12 dtucker Exp $"); 13RCSID("$OpenBSD: servconf.c,v 1.146 2005/12/08 18:34:11 reyk Exp $");
14 14
15#include "ssh.h" 15#include "ssh.h"
16#include "log.h" 16#include "log.h"
@@ -101,6 +101,7 @@ initialize_server_options(ServerOptions *options)
101 options->authorized_keys_file = NULL; 101 options->authorized_keys_file = NULL;
102 options->authorized_keys_file2 = NULL; 102 options->authorized_keys_file2 = NULL;
103 options->num_accept_env = 0; 103 options->num_accept_env = 0;
104 options->permit_tun = -1;
104 105
105 /* Needs to be accessable in many places */ 106 /* Needs to be accessable in many places */
106 use_privsep = -1; 107 use_privsep = -1;
@@ -229,6 +230,8 @@ fill_default_server_options(ServerOptions *options)
229 } 230 }
230 if (options->authorized_keys_file == NULL) 231 if (options->authorized_keys_file == NULL)
231 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; 232 options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
233 if (options->permit_tun == -1)
234 options->permit_tun = SSH_TUNMODE_NO;
232 235
233 /* Turn privilege separation on by default */ 236 /* Turn privilege separation on by default */
234 if (use_privsep == -1) 237 if (use_privsep == -1)
@@ -270,7 +273,7 @@ typedef enum {
270 sBanner, sUseDNS, sHostbasedAuthentication, 273 sBanner, sUseDNS, sHostbasedAuthentication,
271 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, 274 sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
272 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, 275 sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
273 sGssAuthentication, sGssCleanupCreds, sAcceptEnv, 276 sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
274 sUsePrivilegeSeparation, 277 sUsePrivilegeSeparation,
275 sDeprecated, sUnsupported 278 sDeprecated, sUnsupported
276} ServerOpCodes; 279} ServerOpCodes;
@@ -373,6 +376,7 @@ static struct {
373 { "authorizedkeysfile2", sAuthorizedKeysFile2 }, 376 { "authorizedkeysfile2", sAuthorizedKeysFile2 },
374 { "useprivilegeseparation", sUsePrivilegeSeparation}, 377 { "useprivilegeseparation", sUsePrivilegeSeparation},
375 { "acceptenv", sAcceptEnv }, 378 { "acceptenv", sAcceptEnv },
379 { "permittunnel", sPermitTunnel },
376 { NULL, sBadOption } 380 { NULL, sBadOption }
377}; 381};
378 382
@@ -962,6 +966,28 @@ parse_flag:
962 } 966 }
963 break; 967 break;
964 968
969 case sPermitTunnel:
970 intptr = &options->permit_tun;
971 arg = strdelim(&cp);
972 if (!arg || *arg == '\0')
973 fatal("%s line %d: Missing yes/point-to-point/"
974 "ethernet/no argument.", filename, linenum);
975 value = 0; /* silence compiler */
976 if (strcasecmp(arg, "ethernet") == 0)
977 value = SSH_TUNMODE_ETHERNET;
978 else if (strcasecmp(arg, "point-to-point") == 0)
979 value = SSH_TUNMODE_POINTOPOINT;
980 else if (strcasecmp(arg, "yes") == 0)
981 value = SSH_TUNMODE_YES;
982 else if (strcasecmp(arg, "no") == 0)
983 value = SSH_TUNMODE_NO;
984 else
985 fatal("%s line %d: Bad yes/point-to-point/ethernet/"
986 "no argument: %s", filename, linenum, arg);
987 if (*intptr == -1)
988 *intptr = value;
989 break;
990
965 case sDeprecated: 991 case sDeprecated:
966 logit("%s line %d: Deprecated option %s", 992 logit("%s line %d: Deprecated option %s",
967 filename, linenum, arg); 993 filename, linenum, arg);
diff --git a/servconf.h b/servconf.h
index f7e56d521..ab82c8f57 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: servconf.h,v 1.71 2004/12/23 23:11:00 djm Exp $ */ 1/* $OpenBSD: servconf.h,v 1.72 2005/12/06 22:38:27 reyk Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -133,7 +133,10 @@ typedef struct {
133 133
134 char *authorized_keys_file; /* File containing public keys */ 134 char *authorized_keys_file; /* File containing public keys */
135 char *authorized_keys_file2; 135 char *authorized_keys_file2;
136
136 int use_pam; /* Enable auth via PAM */ 137 int use_pam; /* Enable auth via PAM */
138
139 int permit_tun;
137} ServerOptions; 140} ServerOptions;
138 141
139void initialize_server_options(ServerOptions *); 142void initialize_server_options(ServerOptions *);
diff --git a/serverloop.c b/serverloop.c
index d2eff170a..3d8e7cfb5 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -35,7 +35,7 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: serverloop.c,v 1.118 2005/07/17 07:17:55 djm Exp $"); 38RCSID("$OpenBSD: serverloop.c,v 1.124 2005/12/13 15:03:02 reyk Exp $");
39 39
40#include "xmalloc.h" 40#include "xmalloc.h"
41#include "packet.h" 41#include "packet.h"
@@ -61,6 +61,7 @@ extern ServerOptions options;
61/* XXX */ 61/* XXX */
62extern Kex *xxx_kex; 62extern Kex *xxx_kex;
63extern Authctxt *the_authctxt; 63extern Authctxt *the_authctxt;
64extern int use_privsep;
64 65
65static Buffer stdin_buffer; /* Buffer for stdin data. */ 66static Buffer stdin_buffer; /* Buffer for stdin data. */
66static Buffer stdout_buffer; /* Buffer for stdout data. */ 67static Buffer stdout_buffer; /* Buffer for stdout data. */
@@ -90,6 +91,9 @@ static int client_alive_timeouts = 0;
90 91
91static volatile sig_atomic_t child_terminated = 0; /* The child has terminated. */ 92static volatile sig_atomic_t child_terminated = 0; /* The child has terminated. */
92 93
94/* Cleanup on signals (!use_privsep case only) */
95static volatile sig_atomic_t received_sigterm = 0;
96
93/* prototypes */ 97/* prototypes */
94static void server_init_dispatch(void); 98static void server_init_dispatch(void);
95 99
@@ -151,6 +155,12 @@ sigchld_handler(int sig)
151 errno = save_errno; 155 errno = save_errno;
152} 156}
153 157
158static void
159sigterm_handler(int sig)
160{
161 received_sigterm = sig;
162}
163
154/* 164/*
155 * Make packets from buffered stderr data, and buffer it for sending 165 * Make packets from buffered stderr data, and buffer it for sending
156 * to the client. 166 * to the client.
@@ -502,6 +512,12 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
502 child_terminated = 0; 512 child_terminated = 0;
503 mysignal(SIGCHLD, sigchld_handler); 513 mysignal(SIGCHLD, sigchld_handler);
504 514
515 if (!use_privsep) {
516 signal(SIGTERM, sigterm_handler);
517 signal(SIGINT, sigterm_handler);
518 signal(SIGQUIT, sigterm_handler);
519 }
520
505 /* Initialize our global variables. */ 521 /* Initialize our global variables. */
506 fdin = fdin_arg; 522 fdin = fdin_arg;
507 fdout = fdout_arg; 523 fdout = fdout_arg;
@@ -548,7 +564,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
548 * If we have no separate fderr (which is the case when we have a pty 564 * If we have no separate fderr (which is the case when we have a pty
549 * - there we cannot make difference between data sent to stdout and 565 * - there we cannot make difference between data sent to stdout and
550 * stderr), indicate that we have seen an EOF from stderr. This way 566 * stderr), indicate that we have seen an EOF from stderr. This way
551 * we don\'t need to check the descriptor everywhere. 567 * we don't need to check the descriptor everywhere.
552 */ 568 */
553 if (fderr == -1) 569 if (fderr == -1)
554 fderr_eof = 1; 570 fderr_eof = 1;
@@ -629,6 +645,12 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
629 wait_until_can_do_something(&readset, &writeset, &max_fd, 645 wait_until_can_do_something(&readset, &writeset, &max_fd,
630 &nalloc, max_time_milliseconds); 646 &nalloc, max_time_milliseconds);
631 647
648 if (received_sigterm) {
649 logit("Exiting on signal %d", received_sigterm);
650 /* Clean up sessions, utmp, etc. */
651 cleanup_exit(255);
652 }
653
632 /* Process any channel events. */ 654 /* Process any channel events. */
633 channel_after_select(readset, writeset); 655 channel_after_select(readset, writeset);
634 656
@@ -749,6 +771,12 @@ server_loop2(Authctxt *authctxt)
749 connection_in = packet_get_connection_in(); 771 connection_in = packet_get_connection_in();
750 connection_out = packet_get_connection_out(); 772 connection_out = packet_get_connection_out();
751 773
774 if (!use_privsep) {
775 signal(SIGTERM, sigterm_handler);
776 signal(SIGINT, sigterm_handler);
777 signal(SIGQUIT, sigterm_handler);
778 }
779
752 notify_setup(); 780 notify_setup();
753 781
754 max_fd = MAX(connection_in, connection_out); 782 max_fd = MAX(connection_in, connection_out);
@@ -766,6 +794,12 @@ server_loop2(Authctxt *authctxt)
766 wait_until_can_do_something(&readset, &writeset, &max_fd, 794 wait_until_can_do_something(&readset, &writeset, &max_fd,
767 &nalloc, 0); 795 &nalloc, 0);
768 796
797 if (received_sigterm) {
798 logit("Exiting on signal %d", received_sigterm);
799 /* Clean up sessions, utmp, etc. */
800 cleanup_exit(255);
801 }
802
769 collect_children(); 803 collect_children();
770 if (!rekeying) { 804 if (!rekeying) {
771 channel_after_select(readset, writeset); 805 channel_after_select(readset, writeset);
@@ -880,6 +914,52 @@ server_request_direct_tcpip(void)
880} 914}
881 915
882static Channel * 916static Channel *
917server_request_tun(void)
918{
919 Channel *c = NULL;
920 int mode, tun;
921 int sock;
922
923 mode = packet_get_int();
924 switch (mode) {
925 case SSH_TUNMODE_POINTOPOINT:
926 case SSH_TUNMODE_ETHERNET:
927 break;
928 default:
929 packet_send_debug("Unsupported tunnel device mode.");
930 return NULL;
931 }
932 if ((options.permit_tun & mode) == 0) {
933 packet_send_debug("Server has rejected tunnel device "
934 "forwarding");
935 return NULL;
936 }
937
938 tun = packet_get_int();
939 if (forced_tun_device != -1) {
940 if (tun != SSH_TUNID_ANY && forced_tun_device != tun)
941 goto done;
942 tun = forced_tun_device;
943 }
944 sock = tun_open(tun, mode);
945 if (sock < 0)
946 goto done;
947 c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
948 CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
949 c->datagram = 1;
950#if defined(SSH_TUN_FILTER)
951 if (mode == SSH_TUNMODE_POINTOPOINT)
952 channel_register_filter(c->self, sys_tun_infilter,
953 sys_tun_outfilter);
954#endif
955
956 done:
957 if (c == NULL)
958 packet_send_debug("Failed to open the tunnel device.");
959 return c;
960}
961
962static Channel *
883server_request_session(void) 963server_request_session(void)
884{ 964{
885 Channel *c; 965 Channel *c;
@@ -900,7 +980,7 @@ server_request_session(void)
900 channel_free(c); 980 channel_free(c);
901 return NULL; 981 return NULL;
902 } 982 }
903 channel_register_cleanup(c->self, session_close_by_channel); 983 channel_register_cleanup(c->self, session_close_by_channel, 0);
904 return c; 984 return c;
905} 985}
906 986
@@ -924,6 +1004,8 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt)
924 c = server_request_session(); 1004 c = server_request_session();
925 } else if (strcmp(ctype, "direct-tcpip") == 0) { 1005 } else if (strcmp(ctype, "direct-tcpip") == 0) {
926 c = server_request_direct_tcpip(); 1006 c = server_request_direct_tcpip();
1007 } else if (strcmp(ctype, "tun@openssh.com") == 0) {
1008 c = server_request_tun();
927 } 1009 }
928 if (c != NULL) { 1010 if (c != NULL) {
929 debug("server_input_channel_open: confirm %s", ctype); 1011 debug("server_input_channel_open: confirm %s", ctype);
diff --git a/session.c b/session.c
index db8722f47..0cbd5fbb2 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
33 */ 33 */
34 34
35#include "includes.h" 35#include "includes.h"
36RCSID("$OpenBSD: session.c,v 1.186 2005/07/25 11:59:40 markus Exp $"); 36RCSID("$OpenBSD: session.c,v 1.191 2005/12/24 02:27:41 djm Exp $");
37 37
38#include "ssh.h" 38#include "ssh.h"
39#include "ssh1.h" 39#include "ssh1.h"
@@ -209,15 +209,6 @@ do_authenticated(Authctxt *authctxt)
209{ 209{
210 setproctitle("%s", authctxt->pw->pw_name); 210 setproctitle("%s", authctxt->pw->pw_name);
211 211
212 /*
213 * Cancel the alarm we set to limit the time taken for
214 * authentication.
215 */
216 alarm(0);
217 if (startup_pipe != -1) {
218 close(startup_pipe);
219 startup_pipe = -1;
220 }
221 /* setup the channel layer */ 212 /* setup the channel layer */
222 if (!no_port_forwarding_flag && options.allow_tcp_forwarding) 213 if (!no_port_forwarding_flag && options.allow_tcp_forwarding)
223 channel_permit_all_opens(); 214 channel_permit_all_opens();
@@ -1419,7 +1410,7 @@ child_close_fds(void)
1419 endpwent(); 1410 endpwent();
1420 1411
1421 /* 1412 /*
1422 * Close any extra open file descriptors so that we don\'t have them 1413 * Close any extra open file descriptors so that we don't have them
1423 * hanging around in clients. Note that we want to do this after 1414 * hanging around in clients. Note that we want to do this after
1424 * initgroups, because at least on Solaris 2.3 it leaves file 1415 * initgroups, because at least on Solaris 2.3 it leaves file
1425 * descriptors open. 1416 * descriptors open.
@@ -1471,7 +1462,9 @@ do_child(Session *s, const char *command)
1471 if (!check_quietlogin(s, command)) 1462 if (!check_quietlogin(s, command))
1472 do_motd(); 1463 do_motd();
1473#else /* HAVE_OSF_SIA */ 1464#else /* HAVE_OSF_SIA */
1474 do_nologin(pw); 1465 /* When PAM is enabled we rely on it to do the nologin check */
1466 if (!options.use_pam)
1467 do_nologin(pw);
1475 do_setusercontext(pw); 1468 do_setusercontext(pw);
1476 /* 1469 /*
1477 * PAM session modules in do_setusercontext may have 1470 * PAM session modules in do_setusercontext may have
@@ -1552,7 +1545,7 @@ do_child(Session *s, const char *command)
1552 } 1545 }
1553#endif 1546#endif
1554 1547
1555 /* Change current directory to the user\'s home directory. */ 1548 /* Change current directory to the user's home directory. */
1556 if (chdir(pw->pw_dir) < 0) { 1549 if (chdir(pw->pw_dir) < 0) {
1557 fprintf(stderr, "Could not chdir to home directory %s: %s\n", 1550 fprintf(stderr, "Could not chdir to home directory %s: %s\n",
1558 pw->pw_dir, strerror(errno)); 1551 pw->pw_dir, strerror(errno));
@@ -1867,7 +1860,7 @@ session_x11_req(Session *s)
1867 1860
1868 if (s->auth_proto != NULL || s->auth_data != NULL) { 1861 if (s->auth_proto != NULL || s->auth_data != NULL) {
1869 error("session_x11_req: session %d: " 1862 error("session_x11_req: session %d: "
1870 "x11 fowarding already active", s->self); 1863 "x11 forwarding already active", s->self);
1871 return 0; 1864 return 0;
1872 } 1865 }
1873 s->single_connection = packet_get_char(); 1866 s->single_connection = packet_get_char();
@@ -2099,7 +2092,7 @@ session_close_x11(int id)
2099{ 2092{
2100 Channel *c; 2093 Channel *c;
2101 2094
2102 if ((c = channel_lookup(id)) == NULL) { 2095 if ((c = channel_by_id(id)) == NULL) {
2103 debug("session_close_x11: x11 channel %d missing", id); 2096 debug("session_close_x11: x11 channel %d missing", id);
2104 } else { 2097 } else {
2105 /* Detach X11 listener */ 2098 /* Detach X11 listener */
@@ -2154,7 +2147,6 @@ static void
2154session_exit_message(Session *s, int status) 2147session_exit_message(Session *s, int status)
2155{ 2148{
2156 Channel *c; 2149 Channel *c;
2157 u_int i;
2158 2150
2159 if ((c = channel_lookup(s->chanid)) == NULL) 2151 if ((c = channel_lookup(s->chanid)) == NULL)
2160 fatal("session_exit_message: session %d: no channel %d", 2152 fatal("session_exit_message: session %d: no channel %d",
@@ -2184,7 +2176,14 @@ session_exit_message(Session *s, int status)
2184 2176
2185 /* disconnect channel */ 2177 /* disconnect channel */
2186 debug("session_exit_message: release channel %d", s->chanid); 2178 debug("session_exit_message: release channel %d", s->chanid);
2187 channel_cancel_cleanup(s->chanid); 2179
2180 /*
2181 * Adjust cleanup callback attachment to send close messages when
2182 * the channel gets EOF. The session will be then be closed
2183 * by session_close_by_channel when the childs close their fds.
2184 */
2185 channel_register_cleanup(c->self, session_close_by_channel, 1);
2186
2188 /* 2187 /*
2189 * emulate a write failure with 'chan_write_failed', nobody will be 2188 * emulate a write failure with 'chan_write_failed', nobody will be
2190 * interested in data we write. 2189 * interested in data we write.
@@ -2193,15 +2192,6 @@ session_exit_message(Session *s, int status)
2193 */ 2192 */
2194 if (c->ostate != CHAN_OUTPUT_CLOSED) 2193 if (c->ostate != CHAN_OUTPUT_CLOSED)
2195 chan_write_failed(c); 2194 chan_write_failed(c);
2196 s->chanid = -1;
2197
2198 /* Close any X11 listeners associated with this session */
2199 if (s->x11_chanids != NULL) {
2200 for (i = 0; s->x11_chanids[i] != -1; i++) {
2201 session_close_x11(s->x11_chanids[i]);
2202 s->x11_chanids[i] = -1;
2203 }
2204 }
2205} 2195}
2206 2196
2207void 2197void
@@ -2245,7 +2235,9 @@ session_close_by_pid(pid_t pid, int status)
2245 } 2235 }
2246 if (s->chanid != -1) 2236 if (s->chanid != -1)
2247 session_exit_message(s, status); 2237 session_exit_message(s, status);
2248 session_close(s); 2238 if (s->ttyfd != -1)
2239 session_pty_cleanup(s);
2240 s->pid = 0;
2249} 2241}
2250 2242
2251/* 2243/*
@@ -2256,6 +2248,7 @@ void
2256session_close_by_channel(int id, void *arg) 2248session_close_by_channel(int id, void *arg)
2257{ 2249{
2258 Session *s = session_by_channel(id); 2250 Session *s = session_by_channel(id);
2251 u_int i;
2259 2252
2260 if (s == NULL) { 2253 if (s == NULL) {
2261 debug("session_close_by_channel: no session for id %d", id); 2254 debug("session_close_by_channel: no session for id %d", id);
@@ -2275,6 +2268,15 @@ session_close_by_channel(int id, void *arg)
2275 } 2268 }
2276 /* detach by removing callback */ 2269 /* detach by removing callback */
2277 channel_cancel_cleanup(s->chanid); 2270 channel_cancel_cleanup(s->chanid);
2271
2272 /* Close any X11 listeners associated with this session */
2273 if (s->x11_chanids != NULL) {
2274 for (i = 0; s->x11_chanids[i] != -1; i++) {
2275 session_close_x11(s->x11_chanids[i]);
2276 s->x11_chanids[i] = -1;
2277 }
2278 }
2279
2278 s->chanid = -1; 2280 s->chanid = -1;
2279 session_close(s); 2281 session_close(s);
2280} 2282}
@@ -2369,7 +2371,7 @@ session_setup_x11fwd(Session *s)
2369 } 2371 }
2370 for (i = 0; s->x11_chanids[i] != -1; i++) { 2372 for (i = 0; s->x11_chanids[i] != -1; i++) {
2371 channel_register_cleanup(s->x11_chanids[i], 2373 channel_register_cleanup(s->x11_chanids[i],
2372 session_close_single_x11); 2374 session_close_single_x11, 0);
2373 } 2375 }
2374 2376
2375 /* Set up a suitable value for the DISPLAY variable. */ 2377 /* Set up a suitable value for the DISPLAY variable. */
diff --git a/sftp-client.c b/sftp-client.c
index afbd1e6f3..05bce3368 100644
--- a/sftp-client.c
+++ b/sftp-client.c
@@ -20,7 +20,7 @@
20/* XXX: copy between two remote sites */ 20/* XXX: copy between two remote sites */
21 21
22#include "includes.h" 22#include "includes.h"
23RCSID("$OpenBSD: sftp-client.c,v 1.57 2005/07/27 10:39:03 dtucker Exp $"); 23RCSID("$OpenBSD: sftp-client.c,v 1.58 2006/01/02 01:20:31 djm Exp $");
24 24
25#include "openbsd-compat/sys-queue.h" 25#include "openbsd-compat/sys-queue.h"
26 26
@@ -42,9 +42,6 @@ extern int showprogress;
42/* Minimum amount of data to read at at time */ 42/* Minimum amount of data to read at at time */
43#define MIN_READ_SIZE 512 43#define MIN_READ_SIZE 512
44 44
45/* Maximum packet size */
46#define MAX_MSG_LENGTH (256 * 1024)
47
48struct sftp_conn { 45struct sftp_conn {
49 int fd_in; 46 int fd_in;
50 int fd_out; 47 int fd_out;
@@ -59,7 +56,7 @@ send_msg(int fd, Buffer *m)
59{ 56{
60 u_char mlen[4]; 57 u_char mlen[4];
61 58
62 if (buffer_len(m) > MAX_MSG_LENGTH) 59 if (buffer_len(m) > SFTP_MAX_MSG_LENGTH)
63 fatal("Outbound message too long %u", buffer_len(m)); 60 fatal("Outbound message too long %u", buffer_len(m));
64 61
65 /* Send length first */ 62 /* Send length first */
@@ -87,7 +84,7 @@ get_msg(int fd, Buffer *m)
87 } 84 }
88 85
89 msg_len = buffer_get_int(m); 86 msg_len = buffer_get_int(m);
90 if (msg_len > MAX_MSG_LENGTH) 87 if (msg_len > SFTP_MAX_MSG_LENGTH)
91 fatal("Received message too long %u", msg_len); 88 fatal("Received message too long %u", msg_len);
92 89
93 buffer_append_space(m, msg_len); 90 buffer_append_space(m, msg_len);
diff --git a/sftp-common.h b/sftp-common.h
index b42ba9140..2b1995a2d 100644
--- a/sftp-common.h
+++ b/sftp-common.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: sftp-common.h,v 1.5 2003/11/10 16:23:41 jakob Exp $ */ 1/* $OpenBSD: sftp-common.h,v 1.6 2006/01/02 01:20:31 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -25,6 +25,9 @@
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */ 26 */
27 27
28/* Maximum packet that we are willing to send/accept */
29#define SFTP_MAX_MSG_LENGTH (256 * 1024)
30
28typedef struct Attrib Attrib; 31typedef struct Attrib Attrib;
29 32
30/* File attributes */ 33/* File attributes */
diff --git a/sftp-server.0 b/sftp-server.0
index 285ff706e..5367b5fdb 100644
--- a/sftp-server.0
+++ b/sftp-server.0
@@ -24,4 +24,4 @@ AUTHORS
24HISTORY 24HISTORY
25 sftp-server first appeared in OpenBSD 2.8 . 25 sftp-server first appeared in OpenBSD 2.8 .
26 26
27OpenBSD 3.8 August 30, 2000 1 27OpenBSD 3.9 August 30, 2000 1
diff --git a/sftp-server.c b/sftp-server.c
index 6870e7732..7060c44ad 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -14,13 +14,14 @@
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */ 15 */
16#include "includes.h" 16#include "includes.h"
17RCSID("$OpenBSD: sftp-server.c,v 1.48 2005/06/17 02:44:33 djm Exp $"); 17RCSID("$OpenBSD: sftp-server.c,v 1.50 2006/01/02 01:20:31 djm Exp $");
18 18
19#include "buffer.h" 19#include "buffer.h"
20#include "bufaux.h" 20#include "bufaux.h"
21#include "getput.h" 21#include "getput.h"
22#include "log.h" 22#include "log.h"
23#include "xmalloc.h" 23#include "xmalloc.h"
24#include "misc.h"
24 25
25#include "sftp.h" 26#include "sftp.h"
26#include "sftp-common.h" 27#include "sftp-common.h"
@@ -427,7 +428,7 @@ process_read(void)
427 len = get_int(); 428 len = get_int();
428 429
429 TRACE("read id %u handle %d off %llu len %d", id, handle, 430 TRACE("read id %u handle %d off %llu len %d", id, handle,
430 (u_int64_t)off, len); 431 (unsigned long long)off, len);
431 if (len > sizeof buf) { 432 if (len > sizeof buf) {
432 len = sizeof buf; 433 len = sizeof buf;
433 logit("read change len %d", len); 434 logit("read change len %d", len);
@@ -468,7 +469,7 @@ process_write(void)
468 data = get_string(&len); 469 data = get_string(&len);
469 470
470 TRACE("write id %u handle %d off %llu len %d", id, handle, 471 TRACE("write id %u handle %d off %llu len %d", id, handle,
471 (u_int64_t)off, len); 472 (unsigned long long)off, len);
472 fd = handle_to_fd(handle); 473 fd = handle_to_fd(handle);
473 if (fd >= 0) { 474 if (fd >= 0) {
474 if (lseek(fd, off, SEEK_SET) < 0) { 475 if (lseek(fd, off, SEEK_SET) < 0) {
@@ -945,7 +946,7 @@ process(void)
945 return; /* Incomplete message. */ 946 return; /* Incomplete message. */
946 cp = buffer_ptr(&iqueue); 947 cp = buffer_ptr(&iqueue);
947 msg_len = GET_32BIT(cp); 948 msg_len = GET_32BIT(cp);
948 if (msg_len > 256 * 1024) { 949 if (msg_len > SFTP_MAX_MSG_LENGTH) {
949 error("bad message "); 950 error("bad message ");
950 exit(11); 951 exit(11);
951 } 952 }
@@ -1036,6 +1037,9 @@ main(int ac, char **av)
1036 int in, out, max; 1037 int in, out, max;
1037 ssize_t len, olen, set_size; 1038 ssize_t len, olen, set_size;
1038 1039
1040 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
1041 sanitise_stdfd();
1042
1039 /* XXX should use getopt */ 1043 /* XXX should use getopt */
1040 1044
1041 __progname = ssh_get_progname(av[0]); 1045 __progname = ssh_get_progname(av[0]);
diff --git a/sftp.0 b/sftp.0
index 1205c437b..77ab78d96 100644
--- a/sftp.0
+++ b/sftp.0
@@ -25,8 +25,8 @@ DESCRIPTION
25 The third usage format allows sftp to start in a remote directory. 25 The third usage format allows sftp to start in a remote directory.
26 26
27 The final usage format allows for automated sessions using the -b option. 27 The final usage format allows for automated sessions using the -b option.
28 In such cases, it is usually necessary to configure public key authenti- 28 In such cases, it is necessary to configure non-interactive authentica-
29 cation to obviate the need to enter a password at connection time (see 29 tion to obviate the need to enter a password at connection time (see
30 sshd(8) and ssh-keygen(1) for details). The options are as follows: 30 sshd(8) and ssh-keygen(1) for details). The options are as follows:
31 31
32 -1 Specify the use of protocol version 1. 32 -1 Specify the use of protocol version 1.
@@ -96,6 +96,7 @@ DESCRIPTION
96 Protocol 96 Protocol
97 ProxyCommand 97 ProxyCommand
98 PubkeyAuthentication 98 PubkeyAuthentication
99 RekeyLimit
99 RhostsRSAAuthentication 100 RhostsRSAAuthentication
100 RSAAuthentication 101 RSAAuthentication
101 SendEnv 102 SendEnv
@@ -262,4 +263,4 @@ SEE ALSO
262 T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- 263 T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
263 filexfer-00.txt, January 2001, work in progress material. 264 filexfer-00.txt, January 2001, work in progress material.
264 265
265OpenBSD 3.8 February 4, 2001 4 266OpenBSD 3.9 February 4, 2001 4
diff --git a/sftp.1 b/sftp.1
index c89ffc30f..47aafa89e 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: sftp.1,v 1.61 2005/03/01 17:19:35 jmc Exp $ 1.\" $OpenBSD: sftp.1,v 1.63 2006/01/20 00:14:55 dtucker Exp $
2.\" 2.\"
3.\" Copyright (c) 2001 Damien Miller. All rights reserved. 3.\" Copyright (c) 2001 Damien Miller. All rights reserved.
4.\" 4.\"
@@ -78,7 +78,7 @@ to start in a remote directory.
78The final usage format allows for automated sessions using the 78The final usage format allows for automated sessions using the
79.Fl b 79.Fl b
80option. 80option.
81In such cases, it is usually necessary to configure public key authentication 81In such cases, it is necessary to configure non-interactive authentication
82to obviate the need to enter a password at connection time (see 82to obviate the need to enter a password at connection time (see
83.Xr sshd 8 83.Xr sshd 8
84and 84and
@@ -180,6 +180,7 @@ For full details of the options listed below, and their possible values, see
180.It Protocol 180.It Protocol
181.It ProxyCommand 181.It ProxyCommand
182.It PubkeyAuthentication 182.It PubkeyAuthentication
183.It RekeyLimit
183.It RhostsRSAAuthentication 184.It RhostsRSAAuthentication
184.It RSAAuthentication 185.It RSAAuthentication
185.It SendEnv 186.It SendEnv
diff --git a/sftp.c b/sftp.c
index f98ed7d27..a2e3f6aad 100644
--- a/sftp.c
+++ b/sftp.c
@@ -16,7 +16,7 @@
16 16
17#include "includes.h" 17#include "includes.h"
18 18
19RCSID("$OpenBSD: sftp.c,v 1.66 2005/08/08 13:22:48 jaredy Exp $"); 19RCSID("$OpenBSD: sftp.c,v 1.70 2006/01/31 10:19:02 djm Exp $");
20 20
21#ifdef USE_LIBEDIT 21#ifdef USE_LIBEDIT
22#include <histedit.h> 22#include <histedit.h>
@@ -697,6 +697,8 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
697 } 697 }
698 698
699 if (lflag & SORT_FLAGS) { 699 if (lflag & SORT_FLAGS) {
700 for (n = 0; d[n] != NULL; n++)
701 ; /* count entries */
700 sort_flag = lflag & (SORT_FLAGS|LS_REVERSE_SORT); 702 sort_flag = lflag & (SORT_FLAGS|LS_REVERSE_SORT);
701 qsort(d, n, sizeof(*d), sdirent_comp); 703 qsort(d, n, sizeof(*d), sdirent_comp);
702 } 704 }
@@ -1447,11 +1449,16 @@ main(int argc, char **argv)
1447 extern int optind; 1449 extern int optind;
1448 extern char *optarg; 1450 extern char *optarg;
1449 1451
1452 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
1453 sanitise_stdfd();
1454
1450 __progname = ssh_get_progname(argv[0]); 1455 __progname = ssh_get_progname(argv[0]);
1456 memset(&args, '\0', sizeof(args));
1451 args.list = NULL; 1457 args.list = NULL;
1452 addargs(&args, "ssh"); /* overwritten with ssh_program */ 1458 addargs(&args, ssh_program);
1453 addargs(&args, "-oForwardX11 no"); 1459 addargs(&args, "-oForwardX11 no");
1454 addargs(&args, "-oForwardAgent no"); 1460 addargs(&args, "-oForwardAgent no");
1461 addargs(&args, "-oPermitLocalCommand no");
1455 addargs(&args, "-oClearAllForwardings yes"); 1462 addargs(&args, "-oClearAllForwardings yes");
1456 1463
1457 ll = SYSLOG_LEVEL_INFO; 1464 ll = SYSLOG_LEVEL_INFO;
@@ -1483,6 +1490,7 @@ main(int argc, char **argv)
1483 break; 1490 break;
1484 case 'S': 1491 case 'S':
1485 ssh_program = optarg; 1492 ssh_program = optarg;
1493 replacearg(&args, 0, "%s", ssh_program);
1486 break; 1494 break;
1487 case 'b': 1495 case 'b':
1488 if (batchmode) 1496 if (batchmode)
@@ -1559,7 +1567,6 @@ main(int argc, char **argv)
1559 addargs(&args, "%s", host); 1567 addargs(&args, "%s", host);
1560 addargs(&args, "%s", (sftp_server != NULL ? 1568 addargs(&args, "%s", (sftp_server != NULL ?
1561 sftp_server : "sftp")); 1569 sftp_server : "sftp"));
1562 args.list[0] = ssh_program;
1563 1570
1564 if (!batchmode) 1571 if (!batchmode)
1565 fprintf(stderr, "Connecting to %s...\n", host); 1572 fprintf(stderr, "Connecting to %s...\n", host);
@@ -1572,6 +1579,7 @@ main(int argc, char **argv)
1572 fprintf(stderr, "Attaching to %s...\n", sftp_direct); 1579 fprintf(stderr, "Attaching to %s...\n", sftp_direct);
1573 connect_to_server(sftp_direct, args.list, &in, &out); 1580 connect_to_server(sftp_direct, args.list, &in, &out);
1574 } 1581 }
1582 freeargs(&args);
1575 1583
1576 err = interactive_loop(in, out, file1, file2); 1584 err = interactive_loop(in, out, file1, file2);
1577 1585
diff --git a/ssh-add.0 b/ssh-add.0
index 1c2455f9b..ee05d09d6 100644
--- a/ssh-add.0
+++ b/ssh-add.0
@@ -99,4 +99,4 @@ AUTHORS
99 ated OpenSSH. Markus Friedl contributed the support for SSH protocol 99 ated OpenSSH. Markus Friedl contributed the support for SSH protocol
100 versions 1.5 and 2.0. 100 versions 1.5 and 2.0.
101 101
102OpenBSD 3.8 September 25, 1999 2 102OpenBSD 3.9 September 25, 1999 2
diff --git a/ssh-add.c b/ssh-add.c
index a3428769c..2b01e6f13 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -35,7 +35,7 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: ssh-add.c,v 1.72 2005/07/17 07:17:55 djm Exp $"); 38RCSID("$OpenBSD: ssh-add.c,v 1.74 2005/11/12 18:37:59 deraadt Exp $");
39 39
40#include <openssl/evp.h> 40#include <openssl/evp.h>
41 41
@@ -312,6 +312,9 @@ main(int argc, char **argv)
312 char *sc_reader_id = NULL; 312 char *sc_reader_id = NULL;
313 int i, ch, deleting = 0, ret = 0; 313 int i, ch, deleting = 0, ret = 0;
314 314
315 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
316 sanitise_stdfd();
317
315 __progname = ssh_get_progname(argv[0]); 318 __progname = ssh_get_progname(argv[0]);
316 init_rng(); 319 init_rng();
317 seed_rng(); 320 seed_rng();
@@ -321,7 +324,8 @@ main(int argc, char **argv)
321 /* At first, get a connection to the authentication agent. */ 324 /* At first, get a connection to the authentication agent. */
322 ac = ssh_get_authentication_connection(); 325 ac = ssh_get_authentication_connection();
323 if (ac == NULL) { 326 if (ac == NULL) {
324 fprintf(stderr, "Could not open a connection to your authentication agent.\n"); 327 fprintf(stderr,
328 "Could not open a connection to your authentication agent.\n");
325 exit(2); 329 exit(2);
326 } 330 }
327 while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) { 331 while ((ch = getopt(argc, argv, "lLcdDxXe:s:t:")) != -1) {
diff --git a/ssh-agent.0 b/ssh-agent.0
index 8490a9da8..7d64d550f 100644
--- a/ssh-agent.0
+++ b/ssh-agent.0
@@ -19,7 +19,7 @@ DESCRIPTION
19 19
20 -a bind_address 20 -a bind_address
21 Bind the agent to the unix-domain socket bind_address. The de- 21 Bind the agent to the unix-domain socket bind_address. The de-
22 fault is /tmp/ssh-XXXXXXXX/agent.<ppid>. 22 fault is /tmp/ssh-XXXXXXXXXX/agent.<ppid>.
23 23
24 -c Generate C-shell commands on stdout. This is the default if 24 -c Generate C-shell commands on stdout. This is the default if
25 SHELL looks like it's a csh style of shell. 25 SHELL looks like it's a csh style of shell.
@@ -33,9 +33,9 @@ DESCRIPTION
33 -t life 33 -t life
34 Set a default value for the maximum lifetime of identities added 34 Set a default value for the maximum lifetime of identities added
35 to the agent. The lifetime may be specified in seconds or in a 35 to the agent. The lifetime may be specified in seconds or in a
36 time format specified in sshd(8). A lifetime specified for an 36 time format specified in sshd_config(5). A lifetime specified
37 identity with ssh-add(1) overrides this value. Without this op- 37 for an identity with ssh-add(1) overrides this value. Without
38 tion the default maximum lifetime is forever. 38 this option the default maximum lifetime is forever.
39 39
40 -d Debug mode. When this option is specified ssh-agent will not 40 -d Debug mode. When this option is specified ssh-agent will not
41 fork. 41 fork.
@@ -98,7 +98,7 @@ FILES
98 Contains the protocol version 2 RSA authentication identity of 98 Contains the protocol version 2 RSA authentication identity of
99 the user. 99 the user.
100 100
101 /tmp/ssh-XXXXXXXX/agent.<ppid> 101 /tmp/ssh-XXXXXXXXXX/agent.<ppid>
102 Unix-domain sockets used to contain the connection to the authen- 102 Unix-domain sockets used to contain the connection to the authen-
103 tication agent. These sockets should only be readable by the 103 tication agent. These sockets should only be readable by the
104 owner. The sockets should get automatically removed when the 104 owner. The sockets should get automatically removed when the
@@ -114,4 +114,4 @@ AUTHORS
114 ated OpenSSH. Markus Friedl contributed the support for SSH protocol 114 ated OpenSSH. Markus Friedl contributed the support for SSH protocol
115 versions 1.5 and 2.0. 115 versions 1.5 and 2.0.
116 116
117OpenBSD 3.8 September 25, 1999 2 117OpenBSD 3.9 September 25, 1999 2
diff --git a/ssh-agent.1 b/ssh-agent.1
index 741cf4bd1..fd6bd3f6c 100644
--- a/ssh-agent.1
+++ b/ssh-agent.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-agent.1,v 1.42 2005/04/21 06:17:50 djm Exp $ 1.\" $OpenBSD: ssh-agent.1,v 1.43 2005/11/28 06:02:56 dtucker Exp $
2.\" 2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -70,7 +70,7 @@ The options are as follows:
70Bind the agent to the unix-domain socket 70Bind the agent to the unix-domain socket
71.Ar bind_address . 71.Ar bind_address .
72The default is 72The default is
73.Pa /tmp/ssh-XXXXXXXX/agent.<ppid> . 73.Pa /tmp/ssh-XXXXXXXXXX/agent.<ppid> .
74.It Fl c 74.It Fl c
75Generate C-shell commands on 75Generate C-shell commands on
76.Dv stdout . 76.Dv stdout .
@@ -90,7 +90,7 @@ environment variable).
90.It Fl t Ar life 90.It Fl t Ar life
91Set a default value for the maximum lifetime of identities added to the agent. 91Set a default value for the maximum lifetime of identities added to the agent.
92The lifetime may be specified in seconds or in a time format specified in 92The lifetime may be specified in seconds or in a time format specified in
93.Xr sshd 8 . 93.Xr sshd_config 5 .
94A lifetime specified for an identity with 94A lifetime specified for an identity with
95.Xr ssh-add 1 95.Xr ssh-add 1
96overrides this value. 96overrides this value.
@@ -185,7 +185,7 @@ Contains the protocol version 1 RSA authentication identity of the user.
185Contains the protocol version 2 DSA authentication identity of the user. 185Contains the protocol version 2 DSA authentication identity of the user.
186.It Pa ~/.ssh/id_rsa 186.It Pa ~/.ssh/id_rsa
187Contains the protocol version 2 RSA authentication identity of the user. 187Contains the protocol version 2 RSA authentication identity of the user.
188.It Pa /tmp/ssh-XXXXXXXX/agent.<ppid> 188.It Pa /tmp/ssh-XXXXXXXXXX/agent.<ppid>
189Unix-domain sockets used to contain the connection to the 189Unix-domain sockets used to contain the connection to the
190authentication agent. 190authentication agent.
191These sockets should only be readable by the owner. 191These sockets should only be readable by the owner.
diff --git a/ssh-agent.c b/ssh-agent.c
index dd7e22ad5..a69c25eec 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -35,7 +35,7 @@
35 35
36#include "includes.h" 36#include "includes.h"
37#include "openbsd-compat/sys-queue.h" 37#include "openbsd-compat/sys-queue.h"
38RCSID("$OpenBSD: ssh-agent.c,v 1.122 2004/10/29 22:53:56 djm Exp $"); 38RCSID("$OpenBSD: ssh-agent.c,v 1.124 2005/10/30 08:52:18 djm Exp $");
39 39
40#include <openssl/evp.h> 40#include <openssl/evp.h>
41#include <openssl/md5.h> 41#include <openssl/md5.h>
@@ -355,7 +355,7 @@ process_remove_identity(SocketEntry *e, int version)
355 if (id != NULL) { 355 if (id != NULL) {
356 /* 356 /*
357 * We have this key. Free the old key. Since we 357 * We have this key. Free the old key. Since we
358 * don\'t want to leave empty slots in the middle of 358 * don't want to leave empty slots in the middle of
359 * the array, we actually free the key there and move 359 * the array, we actually free the key there and move
360 * all the entries between the empty slot and the end 360 * all the entries between the empty slot and the end
361 * of the array. 361 * of the array.
@@ -1008,6 +1008,9 @@ main(int ac, char **av)
1008 pid_t pid; 1008 pid_t pid;
1009 char pidstrbuf[1 + 3 * sizeof pid]; 1009 char pidstrbuf[1 + 3 * sizeof pid];
1010 1010
1011 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
1012 sanitise_stdfd();
1013
1011 /* drop */ 1014 /* drop */
1012 setegid(getgid()); 1015 setegid(getgid());
1013 setgid(getgid()); 1016 setgid(getgid());
diff --git a/ssh-keygen.0 b/ssh-keygen.0
index de651e9c4..a972607b2 100644
--- a/ssh-keygen.0
+++ b/ssh-keygen.0
@@ -27,7 +27,9 @@ DESCRIPTION
27 ssh-keygen generates, manages and converts authentication keys for 27 ssh-keygen generates, manages and converts authentication keys for
28 ssh(1). ssh-keygen can create RSA keys for use by SSH protocol version 1 28 ssh(1). ssh-keygen can create RSA keys for use by SSH protocol version 1
29 and RSA or DSA keys for use by SSH protocol version 2. The type of key 29 and RSA or DSA keys for use by SSH protocol version 2. The type of key
30 to be generated is specified with the -t option. 30 to be generated is specified with the -t option. If invoked without any
31 arguments, ssh-keygen will generate an RSA key for use in SSH protocol 2
32 connections.
31 33
32 ssh-keygen is also used to generate groups for use in Diffie-Hellman 34 ssh-keygen is also used to generate groups for use in Diffie-Hellman
33 group exchange (DH-GEX). See the MODULI GENERATION section for details. 35 group exchange (DH-GEX). See the MODULI GENERATION section for details.
@@ -74,9 +76,10 @@ DESCRIPTION
74 file. 76 file.
75 77
76 -b bits 78 -b bits
77 Specifies the number of bits in the key to create. Minimum is 79 Specifies the number of bits in the key to create. For RSA keys,
78 512 bits. Generally, 2048 bits is considered sufficient. The 80 the minimum size is 768 bits and the default is 2048 bits. Gen-
79 default is 2048 bits. 81 erally, 2048 bits is considered sufficient. DSA keys must be ex-
82 actly 1024 bits as specified by FIPS 186-2.
80 83
81 -C comment 84 -C comment
82 Provides a new comment. 85 Provides a new comment.
@@ -282,4 +285,4 @@ AUTHORS
282 created OpenSSH. Markus Friedl contributed the support for SSH protocol 285 created OpenSSH. Markus Friedl contributed the support for SSH protocol
283 versions 1.5 and 2.0. 286 versions 1.5 and 2.0.
284 287
285OpenBSD 3.8 September 25, 1999 5 288OpenBSD 3.9 September 25, 1999 5
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 5454d00ce..ab16bcd77 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keygen.1,v 1.69 2005/06/08 03:50:00 djm Exp $ 1.\" $OpenBSD: ssh-keygen.1,v 1.72 2005/11/28 05:16:53 dtucker Exp $
2.\" 2.\"
3.\" -*- nroff -*- 3.\" -*- nroff -*-
4.\" 4.\"
@@ -118,6 +118,9 @@ keys for use by SSH protocol version 2.
118The type of key to be generated is specified with the 118The type of key to be generated is specified with the
119.Fl t 119.Fl t
120option. 120option.
121If invoked without any arguments,
122.Nm
123will generate an RSA key for use in SSH protocol 2 connections.
121.Pp 124.Pp
122.Nm 125.Nm
123is also used to generate groups for use in Diffie-Hellman group 126is also used to generate groups for use in Diffie-Hellman group
@@ -187,9 +190,9 @@ command.
187Show the bubblebabble digest of specified private or public key file. 190Show the bubblebabble digest of specified private or public key file.
188.It Fl b Ar bits 191.It Fl b Ar bits
189Specifies the number of bits in the key to create. 192Specifies the number of bits in the key to create.
190Minimum is 512 bits. 193For RSA keys, the minimum size is 768 bits and the default is 2048 bits.
191Generally, 2048 bits is considered sufficient. 194Generally, 2048 bits is considered sufficient.
192The default is 2048 bits. 195DSA keys must be exactly 1024 bits as specified by FIPS 186-2.
193.It Fl C Ar comment 196.It Fl C Ar comment
194Provides a new comment. 197Provides a new comment.
195.It Fl c 198.It Fl c
diff --git a/ssh-keygen.c b/ssh-keygen.c
index b17851946..64fadc7a1 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: ssh-keygen.c,v 1.128 2005/07/17 07:17:55 djm Exp $"); 15RCSID("$OpenBSD: ssh-keygen.c,v 1.135 2005/11/29 02:04:55 dtucker Exp $");
16 16
17#include <openssl/evp.h> 17#include <openssl/evp.h>
18#include <openssl/pem.h> 18#include <openssl/pem.h>
@@ -35,8 +35,10 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.128 2005/07/17 07:17:55 djm Exp $");
35#endif 35#endif
36#include "dns.h" 36#include "dns.h"
37 37
38/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ 38/* Number of bits in the RSA/DSA key. This value can be set on the command line. */
39u_int32_t bits = 2048; 39#define DEFAULT_BITS 2048
40#define DEFAULT_BITS_DSA 1024
41u_int32_t bits = 0;
40 42
41/* 43/*
42 * Flag indicating that we just want to change the passphrase. This can be 44 * Flag indicating that we just want to change the passphrase. This can be
@@ -1018,6 +1020,9 @@ main(int ac, char **av)
1018 extern int optind; 1020 extern int optind;
1019 extern char *optarg; 1021 extern char *optarg;
1020 1022
1023 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
1024 sanitise_stdfd();
1025
1021 __progname = ssh_get_progname(av[0]); 1026 __progname = ssh_get_progname(av[0]);
1022 1027
1023 SSLeay_add_all_algorithms(); 1028 SSLeay_add_all_algorithms();
@@ -1041,7 +1046,7 @@ main(int ac, char **av)
1041 "degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) { 1046 "degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) {
1042 switch (opt) { 1047 switch (opt) {
1043 case 'b': 1048 case 'b':
1044 bits = strtonum(optarg, 512, 32768, &errstr); 1049 bits = strtonum(optarg, 768, 32768, &errstr);
1045 if (errstr) 1050 if (errstr)
1046 fatal("Bits has bad value %s (%s)", 1051 fatal("Bits has bad value %s (%s)",
1047 optarg, errstr); 1052 optarg, errstr);
@@ -1214,8 +1219,10 @@ main(int ac, char **av)
1214 out_file, strerror(errno)); 1219 out_file, strerror(errno));
1215 return (1); 1220 return (1);
1216 } 1221 }
1222 if (bits == 0)
1223 bits = DEFAULT_BITS;
1217 if (gen_candidates(out, memory, bits, start) != 0) 1224 if (gen_candidates(out, memory, bits, start) != 0)
1218 fatal("modulus candidate generation failed\n"); 1225 fatal("modulus candidate generation failed");
1219 1226
1220 return (0); 1227 return (0);
1221 } 1228 }
@@ -1238,21 +1245,24 @@ main(int ac, char **av)
1238 out_file, strerror(errno)); 1245 out_file, strerror(errno));
1239 } 1246 }
1240 if (prime_test(in, out, trials, generator_wanted) != 0) 1247 if (prime_test(in, out, trials, generator_wanted) != 0)
1241 fatal("modulus screening failed\n"); 1248 fatal("modulus screening failed");
1242 return (0); 1249 return (0);
1243 } 1250 }
1244 1251
1245 arc4random_stir(); 1252 arc4random_stir();
1246 1253
1247 if (key_type_name == NULL) { 1254 if (key_type_name == NULL)
1248 printf("You must specify a key type (-t).\n"); 1255 key_type_name = "rsa";
1249 usage(); 1256
1250 }
1251 type = key_type_from_name(key_type_name); 1257 type = key_type_from_name(key_type_name);
1252 if (type == KEY_UNSPEC) { 1258 if (type == KEY_UNSPEC) {
1253 fprintf(stderr, "unknown key type %s\n", key_type_name); 1259 fprintf(stderr, "unknown key type %s\n", key_type_name);
1254 exit(1); 1260 exit(1);
1255 } 1261 }
1262 if (bits == 0)
1263 bits = (type == KEY_DSA) ? DEFAULT_BITS_DSA : DEFAULT_BITS;
1264 if (type == KEY_DSA && bits != 1024)
1265 fatal("DSA keys must be 1024 bits");
1256 if (!quiet) 1266 if (!quiet)
1257 printf("Generating public/private %s key pair.\n", key_type_name); 1267 printf("Generating public/private %s key pair.\n", key_type_name);
1258 private = key_generate(type, bits); 1268 private = key_generate(type, bits);
@@ -1265,7 +1275,7 @@ main(int ac, char **av)
1265 if (!have_identity) 1275 if (!have_identity)
1266 ask_filename(pw, "Enter file in which to save the key"); 1276 ask_filename(pw, "Enter file in which to save the key");
1267 1277
1268 /* Create ~/.ssh directory if it doesn\'t already exist. */ 1278 /* Create ~/.ssh directory if it doesn't already exist. */
1269 snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR); 1279 snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR);
1270 if (strstr(identity_file, dotsshdir) != NULL && 1280 if (strstr(identity_file, dotsshdir) != NULL &&
1271 stat(dotsshdir, &st) < 0) { 1281 stat(dotsshdir, &st) < 0) {
diff --git a/ssh-keyscan.0 b/ssh-keyscan.0
index b365148e4..0206c04fb 100644
--- a/ssh-keyscan.0
+++ b/ssh-keyscan.0
@@ -94,9 +94,9 @@ SEE ALSO
94 ssh(1), sshd(8) 94 ssh(1), sshd(8)
95 95
96AUTHORS 96AUTHORS
97 David Mazieres <dm@lcs.mit.edu> wrote the initial version, and 97 David Mazieres <dm@lcs.mit.edu> wrote the initial version, and Wayne
98 Wayne Davison <wayned@users.sourceforge.net> added support for protocol 98 Davison <wayned@users.sourceforge.net> added support for protocol version
99 version 2. 99 2.
100 100
101BUGS 101BUGS
102 It generates "Connection closed by remote host" messages on the consoles 102 It generates "Connection closed by remote host" messages on the consoles
@@ -104,4 +104,4 @@ BUGS
104 This is because it opens a connection to the ssh port, reads the public 104 This is because it opens a connection to the ssh port, reads the public
105 key, and drops the connection as soon as it gets the key. 105 key, and drops the connection as soon as it gets the key.
106 106
107OpenBSD 3.8 January 1, 1996 2 107OpenBSD 3.9 January 1, 1996 2
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1
index 7e846f77c..80fc8cd96 100644
--- a/ssh-keyscan.1
+++ b/ssh-keyscan.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keyscan.1,v 1.20 2005/03/01 15:47:14 jmc Exp $ 1.\" $OpenBSD: ssh-keyscan.1,v 1.21 2005/09/30 20:34:26 jaredy Exp $
2.\" 2.\"
3.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. 3.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
4.\" 4.\"
@@ -156,6 +156,7 @@ $ ssh-keyscan -t rsa,dsa -f ssh_hosts | \e
156.Xr ssh 1 , 156.Xr ssh 1 ,
157.Xr sshd 8 157.Xr sshd 8
158.Sh AUTHORS 158.Sh AUTHORS
159.An -nosplit
159.An David Mazieres Aq dm@lcs.mit.edu 160.An David Mazieres Aq dm@lcs.mit.edu
160wrote the initial version, and 161wrote the initial version, and
161.An Wayne Davison Aq wayned@users.sourceforge.net 162.An Wayne Davison Aq wayned@users.sourceforge.net
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 46f063687..6915102dd 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -7,7 +7,7 @@
7 */ 7 */
8 8
9#include "includes.h" 9#include "includes.h"
10RCSID("$OpenBSD: ssh-keyscan.c,v 1.55 2005/06/17 02:44:33 djm Exp $"); 10RCSID("$OpenBSD: ssh-keyscan.c,v 1.57 2005/10/30 04:01:03 djm Exp $");
11 11
12#include "openbsd-compat/sys-queue.h" 12#include "openbsd-compat/sys-queue.h"
13 13
@@ -499,12 +499,18 @@ congreet(int s)
499 size_t bufsiz; 499 size_t bufsiz;
500 con *c = &fdcon[s]; 500 con *c = &fdcon[s];
501 501
502 bufsiz = sizeof(buf); 502 for (;;) {
503 cp = buf; 503 memset(buf, '\0', sizeof(buf));
504 while (bufsiz-- && (n = atomicio(read, s, cp, 1)) == 1 && *cp != '\n') { 504 bufsiz = sizeof(buf);
505 if (*cp == '\r') 505 cp = buf;
506 *cp = '\n'; 506 while (bufsiz-- &&
507 cp++; 507 (n = atomicio(read, s, cp, 1)) == 1 && *cp != '\n') {
508 if (*cp == '\r')
509 *cp = '\n';
510 cp++;
511 }
512 if (n != 1 || strncmp(buf, "SSH-", 4) == 0)
513 break;
508 } 514 }
509 if (n == 0) { 515 if (n == 0) {
510 switch (errno) { 516 switch (errno) {
@@ -712,6 +718,9 @@ main(int argc, char **argv)
712 seed_rng(); 718 seed_rng();
713 TAILQ_INIT(&tq); 719 TAILQ_INIT(&tq);
714 720
721 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
722 sanitise_stdfd();
723
715 if (argc <= 1) 724 if (argc <= 1)
716 usage(); 725 usage();
717 726
diff --git a/ssh-keysign.0 b/ssh-keysign.0
index ea944a6fe..c32c42fb2 100644
--- a/ssh-keysign.0
+++ b/ssh-keysign.0
@@ -39,4 +39,4 @@ HISTORY
39AUTHORS 39AUTHORS
40 Markus Friedl <markus@openbsd.org> 40 Markus Friedl <markus@openbsd.org>
41 41
42OpenBSD 3.8 May 24, 2002 1 42OpenBSD 3.9 May 24, 2002 1
diff --git a/ssh-keysign.c b/ssh-keysign.c
index 04597a91d..dae3a2e8c 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -22,7 +22,7 @@
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */ 23 */
24#include "includes.h" 24#include "includes.h"
25RCSID("$OpenBSD: ssh-keysign.c,v 1.18 2004/08/23 14:29:23 dtucker Exp $"); 25RCSID("$OpenBSD: ssh-keysign.c,v 1.19 2005/09/13 23:40:07 djm Exp $");
26 26
27#include <openssl/evp.h> 27#include <openssl/evp.h>
28#include <openssl/rand.h> 28#include <openssl/rand.h>
@@ -148,6 +148,13 @@ main(int argc, char **argv)
148 u_int slen, dlen; 148 u_int slen, dlen;
149 u_int32_t rnd[256]; 149 u_int32_t rnd[256];
150 150
151 /* Ensure that stdin and stdout are connected */
152 if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2)
153 exit(1);
154 /* Leave /dev/null fd iff it is attached to stderr */
155 if (fd > 2)
156 close(fd);
157
151 key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); 158 key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
152 key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); 159 key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
153 160
diff --git a/ssh-rand-helper.0 b/ssh-rand-helper.0
index 35a7a7ce5..75ad52fa4 100644
--- a/ssh-rand-helper.0
+++ b/ssh-rand-helper.0
@@ -46,4 +46,4 @@ AUTHORS
46SEE ALSO 46SEE ALSO
47 ssh(1), ssh-add(1), ssh-keygen(1), sshd(8) 47 ssh(1), ssh-add(1), ssh-keygen(1), sshd(8)
48 48
49OpenBSD 3.8 April 14, 2002 1 49OpenBSD 3.9 April 14, 2002 1
diff --git a/ssh.0 b/ssh.0
index 274fab8b5..83c4b94eb 100644
--- a/ssh.0
+++ b/ssh.0
@@ -5,208 +5,26 @@ NAME
5 5
6SYNOPSIS 6SYNOPSIS
7 ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec] 7 ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]
8 [-D port] [-e escape_char] [-F configfile] [-i identity_file] 8 [-D [bind_address:]port] [-e escape_char] [-F configfile]
9 [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] 9 [-i identity_file] [-L [bind_address:]port:host:hostport]
10 [-O ctl_cmd] [-o option] [-p port] 10 [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
11 [-R [bind_address:]port:host:hostport] [-S ctl_path] [user@]hostname 11 [-R [bind_address:]port:host:hostport] [-S ctl_path]
12 [command] 12 [-w tunnel:tunnel] [user@]hostname [command]
13 13
14DESCRIPTION 14DESCRIPTION
15 ssh (SSH client) is a program for logging into a remote machine and for 15 ssh (SSH client) is a program for logging into a remote machine and for
16 executing commands on a remote machine. It is intended to replace rlogin 16 executing commands on a remote machine. It is intended to replace rlogin
17 and rsh, and provide secure encrypted communications between two untrust- 17 and rsh, and provide secure encrypted communications between two untrust-
18 ed hosts over an insecure network. X11 connections and arbitrary TCP/IP 18 ed hosts over an insecure network. X11 connections and arbitrary TCP
19 ports can also be forwarded over the secure channel. 19 ports can also be forwarded over the secure channel.
20 20
21 ssh connects and logs into the specified hostname (with optional user 21 ssh connects and logs into the specified hostname (with optional user
22 name). The user must prove his/her identity to the remote machine using 22 name). The user must prove his/her identity to the remote machine using
23 one of several methods depending on the protocol version used. 23 one of several methods depending on the protocol version used (see be-
24 low).
24 25
25 If command is specified, command is executed on the remote host instead 26 If command is specified, it is executed on the remote host instead of a
26 of a login shell. 27 login shell.
27
28 SSH protocol version 1
29 The first authentication method is the rhosts or hosts.equiv method com-
30 bined with RSA-based host authentication. If the machine the user logs
31 in from is listed in /etc/hosts.equiv or /etc/shosts.equiv on the remote
32 machine, and the user names are the same on both sides, or if the files
33 ~/.rhosts or ~/.shosts exist in the user's home directory on the remote
34 machine and contain a line containing the name of the client machine and
35 the name of the user on that machine, the user is considered for log in.
36 Additionally, if the server can verify the client's host key (see
37 /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts in the FILES section),
38 only then is login permitted. This authentication method closes security
39 holes due to IP spoofing, DNS spoofing and routing spoofing. [Note to
40 the administrator: /etc/hosts.equiv, ~/.rhosts, and the rlogin/rsh proto-
41 col in general, are inherently insecure and should be disabled if securi-
42 ty is desired.]
43
44 As a second authentication method, ssh supports RSA based authentication.
45 The scheme is based on public-key cryptography: there are cryptosystems
46 where encryption and decryption are done using separate keys, and it is
47 not possible to derive the decryption key from the encryption key. RSA
48 is one such system. The idea is that each user creates a public/private
49 key pair for authentication purposes. The server knows the public key,
50 and only the user knows the private key.
51
52 The file ~/.ssh/authorized_keys lists the public keys that are permitted
53 for logging in. When the user logs in, the ssh program tells the server
54 which key pair it would like to use for authentication. The server
55 checks if this key is permitted, and if so, sends the user (actually the
56 ssh program running on behalf of the user) a challenge, a random number,
57 encrypted by the user's public key. The challenge can only be decrypted
58 using the proper private key. The user's client then decrypts the chal-
59 lenge using the private key, proving that he/she knows the private key
60 but without disclosing it to the server.
61
62 ssh implements the RSA authentication protocol automatically. The user
63 creates his/her RSA key pair by running ssh-keygen(1). This stores the
64 private key in ~/.ssh/identity and stores the public key in
65 ~/.ssh/identity.pub in the user's home directory. The user should then
66 copy the identity.pub to ~/.ssh/authorized_keys in his/her home directory
67 on the remote machine (the authorized_keys file corresponds to the con-
68 ventional ~/.rhosts file, and has one key per line, though the lines can
69 be very long). After this, the user can log in without giving the pass-
70 word.
71
72 The most convenient way to use RSA authentication may be with an authen-
73 tication agent. See ssh-agent(1) for more information.
74
75 If other authentication methods fail, ssh prompts the user for a pass-
76 word. The password is sent to the remote host for checking; however,
77 since all communications are encrypted, the password cannot be seen by
78 someone listening on the network.
79
80 SSH protocol version 2
81 When a user connects using protocol version 2, similar authentication
82 methods are available. Using the default values for
83 PreferredAuthentications, the client will try to authenticate first using
84 the hostbased method; if this method fails, public key authentication is
85 attempted, and finally if this method fails, keyboard-interactive and
86 password authentication are tried.
87
88 The public key method is similar to RSA authentication described in the
89 previous section and allows the RSA or DSA algorithm to be used: The
90 client uses his private key, ~/.ssh/id_dsa or ~/.ssh/id_rsa, to sign the
91 session identifier and sends the result to the server. The server checks
92 whether the matching public key is listed in ~/.ssh/authorized_keys and
93 grants access if both the key is found and the signature is correct. The
94 session identifier is derived from a shared Diffie-Hellman value and is
95 only known to the client and the server.
96
97 If public key authentication fails or is not available, a password can be
98 sent encrypted to the remote host to prove the user's identity.
99
100 Additionally, ssh supports hostbased or challenge response authentica-
101 tion.
102
103 Protocol 2 provides additional mechanisms for confidentiality (the traf-
104 fic is encrypted using AES, 3DES, Blowfish, CAST128 or Arcfour) and in-
105 tegrity (hmac-md5, hmac-sha1, hmac-ripemd160). Note that protocol 1
106 lacks a strong mechanism for ensuring the integrity of the connection.
107
108 Login session and remote execution
109 When the user's identity has been accepted by the server, the server ei-
110 ther executes the given command, or logs into the machine and gives the
111 user a normal shell on the remote machine. All communication with the
112 remote command or shell will be automatically encrypted.
113
114 If a pseudo-terminal has been allocated (normal login session), the user
115 may use the escape characters noted below.
116
117 If no pseudo-tty has been allocated, the session is transparent and can
118 be used to reliably transfer binary data. On most systems, setting the
119 escape character to ``none'' will also make the session transparent even
120 if a tty is used.
121
122 The session terminates when the command or shell on the remote machine
123 exits and all X11 and TCP/IP connections have been closed. The exit sta-
124 tus of the remote program is returned as the exit status of ssh.
125
126 Escape Characters
127 When a pseudo-terminal has been requested, ssh supports a number of func-
128 tions through the use of an escape character.
129
130 A single tilde character can be sent as ~~ or by following the tilde by a
131 character other than those described below. The escape character must
132 always follow a newline to be interpreted as special. The escape charac-
133 ter can be changed in configuration files using the EscapeChar configura-
134 tion directive or on the command line by the -e option.
135
136 The supported escapes (assuming the default `~') are:
137
138 ~. Disconnect.
139
140 ~^Z Background ssh.
141
142 ~# List forwarded connections.
143
144 ~& Background ssh at logout when waiting for forwarded connection /
145 X11 sessions to terminate.
146
147 ~? Display a list of escape characters.
148
149 ~B Send a BREAK to the remote system (only useful for SSH protocol
150 version 2 and if the peer supports it).
151
152 ~C Open command line. Currently this allows the addition of port
153 forwardings using the -L and -R options (see below). It also al-
154 lows the cancellation of existing remote port-forwardings using
155 -KR hostport. Basic help is available, using the -h option.
156
157 ~R Request rekeying of the connection (only useful for SSH protocol
158 version 2 and if the peer supports it).
159
160 X11 and TCP forwarding
161 If the ForwardX11 variable is set to ``yes'' (or see the description of
162 the -X and -x options described later) and the user is using X11 (the
163 DISPLAY environment variable is set), the connection to the X11 display
164 is automatically forwarded to the remote side in such a way that any X11
165 programs started from the shell (or command) will go through the encrypt-
166 ed channel, and the connection to the real X server will be made from the
167 local machine. The user should not manually set DISPLAY. Forwarding of
168 X11 connections can be configured on the command line or in configuration
169 files.
170
171 The DISPLAY value set by ssh will point to the server machine, but with a
172 display number greater than zero. This is normal, and happens because
173 ssh creates a ``proxy'' X server on the server machine for forwarding the
174 connections over the encrypted channel.
175
176 ssh will also automatically set up Xauthority data on the server machine.
177 For this purpose, it will generate a random authorization cookie, store
178 it in Xauthority on the server, and verify that any forwarded connections
179 carry this cookie and replace it by the real cookie when the connection
180 is opened. The real authentication cookie is never sent to the server
181 machine (and no cookies are sent in the plain).
182
183 If the ForwardAgent variable is set to ``yes'' (or see the description of
184 the -A and -a options described later) and the user is using an authenti-
185 cation agent, the connection to the agent is automatically forwarded to
186 the remote side.
187
188 Forwarding of arbitrary TCP/IP connections over the secure channel can be
189 specified either on the command line or in a configuration file. One
190 possible application of TCP/IP forwarding is a secure connection to an
191 electronic purse; another is going through firewalls.
192
193 Server authentication
194 ssh automatically maintains and checks a database containing identifica-
195 tions for all hosts it has ever been used with. Host keys are stored in
196 ~/.ssh/known_hosts in the user's home directory. Additionally, the file
197 /etc/ssh/ssh_known_hosts is automatically checked for known hosts. Any
198 new hosts are automatically added to the user's file. If a host's iden-
199 tification ever changes, ssh warns about this and disables password au-
200 thentication to prevent a trojan horse from getting the user's password.
201 Another purpose of this mechanism is to prevent man-in-the-middle attacks
202 which could otherwise be used to circumvent the encryption. The
203 StrictHostKeyChecking option can be used to prevent logins to machines
204 whose host key is not known or has changed.
205
206 ssh can be configured to verify host identification using fingerprint re-
207 source records (SSHFP) published in DNS. The VerifyHostKeyDNS option can
208 be used to control how DNS lookups are performed. SSHFP resource records
209 can be generated using ssh-keygen(1).
210 28
211 The options are as follows: 29 The options are as follows:
212 30
@@ -238,7 +56,7 @@ DESCRIPTION
238 dress. 56 dress.
239 57
240 -C Requests compression of all data (including stdin, stdout, 58 -C Requests compression of all data (including stdin, stdout,
241 stderr, and data for forwarded X11 and TCP/IP connections). The 59 stderr, and data for forwarded X11 and TCP connections). The
242 compression algorithm is the same used by gzip(1), and the 60 compression algorithm is the same used by gzip(1), and the
243 ``level'' can be controlled by the CompressionLevel option for 61 ``level'' can be controlled by the CompressionLevel option for
244 protocol version 1. Compression is desirable on modem lines and 62 protocol version 1. Compression is desirable on modem lines and
@@ -250,7 +68,7 @@ DESCRIPTION
250 Selects the cipher specification for encrypting the session. 68 Selects the cipher specification for encrypting the session.
251 69
252 Protocol version 1 allows specification of a single cipher. The 70 Protocol version 1 allows specification of a single cipher. The
253 suported values are ``3des'', ``blowfish'' and ``des''. 3des 71 supported values are ``3des'', ``blowfish'', and ``des''. 3des
254 (triple-des) is an encrypt-decrypt-encrypt triple with three dif- 72 (triple-des) is an encrypt-decrypt-encrypt triple with three dif-
255 ferent keys. It is believed to be secure. blowfish is a fast 73 ferent keys. It is believed to be secure. blowfish is a fast
256 block cipher; it appears very secure and is much faster than 74 block cipher; it appears very secure and is much faster than
@@ -259,29 +77,39 @@ DESCRIPTION
259 the 3des cipher. Its use is strongly discouraged due to crypto- 77 the 3des cipher. Its use is strongly discouraged due to crypto-
260 graphic weaknesses. The default is ``3des''. 78 graphic weaknesses. The default is ``3des''.
261 79
262 For protocol version 2 cipher_spec is a comma-separated list of 80 For protocol version 2, cipher_spec is a comma-separated list of
263 ciphers listed in order of preference. The supported ciphers are 81 ciphers listed in order of preference. The supported ciphers
264 ``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', ``aes256-cbc'', 82 are: 3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr,
265 ``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'', ``arcfour128'', 83 aes192-ctr, aes256-ctr, arcfour128, arcfour256, arcfour, blow-
266 ``arcfour256'', ``arcfour'', ``blowfish-cbc'', and 84 fish-cbc, and cast128-cbc. The default is:
267 ``cast128-cbc''. The default is
268 85
269 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, 86 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
270 arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, 87 arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
271 aes192-ctr,aes256-ctr'' 88 aes192-ctr,aes256-ctr
272 89
273 -D port 90 -D [bind_address:]port
274 Specifies a local ``dynamic'' application-level port forwarding. 91 Specifies a local ``dynamic'' application-level port forwarding.
275 This works by allocating a socket to listen to port on the local 92 This works by allocating a socket to listen to port on the local
276 side, and whenever a connection is made to this port, the connec- 93 side, optionally bound to the specified bind_address. Whenever a
277 tion is forwarded over the secure channel, and the application 94 connection is made to this port, the connection is forwarded over
278 protocol is then used to determine where to connect to from the 95 the secure channel, and the application protocol is then used to
279 remote machine. Currently the SOCKS4 and SOCKS5 protocols are 96 determine where to connect to from the remote machine. Currently
280 supported, and ssh will act as a SOCKS server. Only root can 97 the SOCKS4 and SOCKS5 protocols are supported, and ssh will act
281 forward privileged ports. Dynamic port forwardings can also be 98 as a SOCKS server. Only root can forward privileged ports. Dy-
282 specified in the configuration file. 99 namic port forwardings can also be specified in the configuration
283 100 file.
284 -e ch | ^ch | none 101
102 IPv6 addresses can be specified with an alternative syntax:
103 [bind_address/]port or by enclosing the address in square brack-
104 ets. Only the superuser can forward privileged ports. By de-
105 fault, the local port is bound in accordance with the
106 GatewayPorts setting. However, an explicit bind_address may be
107 used to bind the connection to a specific address. The
108 bind_address of ``localhost'' indicates that the listening port
109 be bound for local use only, while an empty address or `*' indi-
110 cates that the port should be available from all interfaces.
111
112 -e escape_char
285 Sets the escape character for sessions with a pty (default: `~'). 113 Sets the escape character for sessions with a pty (default: `~').
286 The escape character is only recognized at the beginning of a 114 The escape character is only recognized at the beginning of a
287 line. The escape character followed by a dot (`.') closes the 115 line. The escape character followed by a dot (`.') closes the
@@ -305,9 +133,10 @@ DESCRIPTION
305 -g Allows remote hosts to connect to local forwarded ports. 133 -g Allows remote hosts to connect to local forwarded ports.
306 134
307 -I smartcard_device 135 -I smartcard_device
308 Specifies which smartcard device to use. The argument is the de- 136 Specify the device ssh should use to communicate with a smartcard
309 vice ssh should use to communicate with a smartcard used for 137 used for storing the user's private RSA key. This option is only
310 storing the user's private RSA key. 138 available if support for smartcard devices is compiled in (de-
139 fault is no support).
311 140
312 -i identity_file 141 -i identity_file
313 Selects a file from which the identity (private key) for RSA or 142 Selects a file from which the identity (private key) for RSA or
@@ -345,8 +174,10 @@ DESCRIPTION
345 may be specified on a per-host basis in the configuration file. 174 may be specified on a per-host basis in the configuration file.
346 175
347 -M Places the ssh client into ``master'' mode for connection shar- 176 -M Places the ssh client into ``master'' mode for connection shar-
348 ing. Refer to the description of ControlMaster in ssh_config(5) 177 ing. Multiple -M options places ssh into ``master'' mode with
349 for details. 178 confirmation required before slave connections are accepted. Re-
179 fer to the description of ControlMaster in ssh_config(5) for de-
180 tails.
350 181
351 -m mac_spec 182 -m mac_spec
352 Additionally, for protocol version 2 a comma-separated list of 183 Additionally, for protocol version 2 a comma-separated list of
@@ -410,17 +241,20 @@ DESCRIPTION
410 IdentityFile 241 IdentityFile
411 IdentitiesOnly 242 IdentitiesOnly
412 KbdInteractiveDevices 243 KbdInteractiveDevices
244 LocalCommand
413 LocalForward 245 LocalForward
414 LogLevel 246 LogLevel
415 MACs 247 MACs
416 NoHostAuthenticationForLocalhost 248 NoHostAuthenticationForLocalhost
417 NumberOfPasswordPrompts 249 NumberOfPasswordPrompts
418 PasswordAuthentication 250 PasswordAuthentication
251 PermitLocalCommand
419 Port 252 Port
420 PreferredAuthentications 253 PreferredAuthentications
421 Protocol 254 Protocol
422 ProxyCommand 255 ProxyCommand
423 PubkeyAuthentication 256 PubkeyAuthentication
257 RekeyLimit
424 RemoteForward 258 RemoteForward
425 RhostsRSAAuthentication 259 RhostsRSAAuthentication
426 RSAAuthentication 260 RSAAuthentication
@@ -430,6 +264,8 @@ DESCRIPTION
430 SmartcardDevice 264 SmartcardDevice
431 StrictHostKeyChecking 265 StrictHostKeyChecking
432 TCPKeepAlive 266 TCPKeepAlive
267 Tunnel
268 TunnelDevice
433 UsePrivilegedPort 269 UsePrivilegedPort
434 User 270 User
435 UserKnownHostsFile 271 UserKnownHostsFile
@@ -489,6 +325,12 @@ DESCRIPTION
489 tion, and configuration problems. Multiple -v options increase 325 tion, and configuration problems. Multiple -v options increase
490 the verbosity. The maximum is 3. 326 the verbosity. The maximum is 3.
491 327
328 -w tunnel:tunnel
329 Requests a tun(4) device on the client (first tunnel arg) and
330 server (second tunnel arg). The devices may be specified by nu-
331 merical ID or the keyword ``any'', which uses the next available
332 tunnel device. See also the Tunnel directive in ssh_config(5).
333
492 -X Enables X11 forwarding. This can also be specified on a per-host 334 -X Enables X11 forwarding. This can also be specified on a per-host
493 basis in a configuration file. 335 basis in a configuration file.
494 336
@@ -508,100 +350,358 @@ DESCRIPTION
508 -Y Enables trusted X11 forwarding. Trusted X11 forwardings are not 350 -Y Enables trusted X11 forwarding. Trusted X11 forwardings are not
509 subjected to the X11 SECURITY extension controls. 351 subjected to the X11 SECURITY extension controls.
510 352
511CONFIGURATION FILES
512 ssh may additionally obtain configuration data from a per-user configura- 353 ssh may additionally obtain configuration data from a per-user configura-
513 tion file and a system-wide configuration file. The file format and con- 354 tion file and a system-wide configuration file. The file format and con-
514 figuration options are described in ssh_config(5). 355 figuration options are described in ssh_config(5).
515 356
516ENVIRONMENT 357 ssh exits with the exit status of the remote command or with 255 if an
517 ssh will normally set the following environment variables: 358 error occurred.
359
360AUTHENTICATION
361 The OpenSSH SSH client supports SSH protocols 1 and 2. Protocol 2 is the
362 default, with ssh falling back to protocol 1 if it detects protocol 2 is
363 unsupported. These settings may be altered using the Protocol option in
364 ssh_config(5), or enforced using the -1 and -2 options (see above). Both
365 protocols support similar authentication methods, but protocol 2 is pre-
366 ferred since it provides additional mechanisms for confidentiality (the
367 traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour) and
368 integrity (hmac-md5, hmac-sha1, hmac-ripemd160). Protocol 1 lacks a
369 strong mechanism for ensuring the integrity of the connection.
370
371 The methods available for authentication are: host-based authentication,
372 public key authentication, challenge-response authentication, and pass-
373 word authentication. Authentication methods are tried in the order spec-
374 ified above, though protocol 2 has a configuration option to change the
375 default order: PreferredAuthentications.
376
377 Host-based authentication works as follows: If the machine the user logs
378 in from is listed in /etc/hosts.equiv or /etc/shosts.equiv on the remote
379 machine, and the user names are the same on both sides, or if the files
380 ~/.rhosts or ~/.shosts exist in the user's home directory on the remote
381 machine and contain a line containing the name of the client machine and
382 the name of the user on that machine, the user is considered for login.
383 Additionally, the server must be able to verify the client's host key
384 (see the description of /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts,
385 below) for login to be permitted. This authentication method closes se-
386 curity holes due to IP spoofing, DNS spoofing, and routing spoofing.
387 [Note to the administrator: /etc/hosts.equiv, ~/.rhosts, and the
388 rlogin/rsh protocol in general, are inherently insecure and should be
389 disabled if security is desired.]
390
391 Public key authentication works as follows: The scheme is based on pub-
392 lic-key cryptography, using cryptosystems where encryption and decryption
393 are done using separate keys, and it is unfeasible to derive the decryp-
394 tion key from the encryption key. The idea is that each user creates a
395 public/private key pair for authentication purposes. The server knows
396 the public key, and only the user knows the private key. ssh implements
397 public key authentication protocol automatically, using either the RSA or
398 DSA algorithms. Protocol 1 is restricted to using only RSA keys, but
399 protocol 2 may use either. The HISTORY section of ssl(8) contains a
400 brief discussion of the two algorithms.
401
402 The file ~/.ssh/authorized_keys lists the public keys that are permitted
403 for logging in. When the user logs in, the ssh program tells the server
404 which key pair it would like to use for authentication. The client
405 proves that it has access to the private key and the server checks that
406 the corresponding public key is authorized to accept the account.
407
408 The user creates his/her key pair by running ssh-keygen(1). This stores
409 the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (protocol
410 2 DSA), or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in
411 ~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA), or
412 ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user's home directory. The us-
413 er should then copy the public key to ~/.ssh/authorized_keys in his/her
414 home directory on the remote machine. The authorized_keys file corre-
415 sponds to the conventional ~/.rhosts file, and has one key per line,
416 though the lines can be very long. After this, the user can log in with-
417 out giving the password.
418
419 The most convenient way to use public key authentication may be with an
420 authentication agent. See ssh-agent(1) for more information.
421
422 Challenge-response authentication works as follows: The server sends an
423 arbitrary "challenge" text, and prompts for a response. Protocol 2 al-
424 lows multiple challenges and responses; protocol 1 is restricted to just
425 one challenge/response. Examples of challenge-response authentication
426 include BSD Authentication (see login.conf(5)) and PAM (some non-OpenBSD
427 systems).
428
429 Finally, if other authentication methods fail, ssh prompts the user for a
430 password. The password is sent to the remote host for checking; however,
431 since all communications are encrypted, the password cannot be seen by
432 someone listening on the network.
433
434 ssh automatically maintains and checks a database containing identifica-
435 tion for all hosts it has ever been used with. Host keys are stored in
436 ~/.ssh/known_hosts in the user's home directory. Additionally, the file
437 /etc/ssh/ssh_known_hosts is automatically checked for known hosts. Any
438 new hosts are automatically added to the user's file. If a host's iden-
439 tification ever changes, ssh warns about this and disables password au-
440 thentication to prevent server spoofing or man-in-the-middle attacks,
441 which could otherwise be used to circumvent the encryption. The
442 StrictHostKeyChecking option can be used to control logins to machines
443 whose host key is not known or has changed.
444
445 When the user's identity has been accepted by the server, the server ei-
446 ther executes the given command, or logs into the machine and gives the
447 user a normal shell on the remote machine. All communication with the
448 remote command or shell will be automatically encrypted.
449
450 If a pseudo-terminal has been allocated (normal login session), the user
451 may use the escape characters noted below.
452
453 If no pseudo-tty has been allocated, the session is transparent and can
454 be used to reliably transfer binary data. On most systems, setting the
455 escape character to ``none'' will also make the session transparent even
456 if a tty is used.
457
458 The session terminates when the command or shell on the remote machine
459 exits and all X11 and TCP connections have been closed.
460
461ESCAPE CHARACTERS
462 When a pseudo-terminal has been requested, ssh supports a number of func-
463 tions through the use of an escape character.
464
465 A single tilde character can be sent as ~~ or by following the tilde by a
466 character other than those described below. The escape character must
467 always follow a newline to be interpreted as special. The escape charac-
468 ter can be changed in configuration files using the EscapeChar configura-
469 tion directive or on the command line by the -e option.
470
471 The supported escapes (assuming the default `~') are:
472
473 ~. Disconnect.
474
475 ~^Z Background ssh.
476
477 ~# List forwarded connections.
478
479 ~& Background ssh at logout when waiting for forwarded connection /
480 X11 sessions to terminate.
481
482 ~? Display a list of escape characters.
483
484 ~B Send a BREAK to the remote system (only useful for SSH protocol
485 version 2 and if the peer supports it).
486
487 ~C Open command line. Currently this allows the addition of port
488 forwardings using the -L and -R options (see above). It also al-
489 lows the cancellation of existing remote port-forwardings using
490 -KR hostport. !command allows the user to execute a local com-
491 mand if the PermitLocalCommand option is enabled in
492 ssh_config(5). Basic help is available, using the -h option.
493
494 ~R Request rekeying of the connection (only useful for SSH protocol
495 version 2 and if the peer supports it).
496
497TCP FORWARDING
498 Forwarding of arbitrary TCP connections over the secure channel can be
499 specified either on the command line or in a configuration file. One
500 possible application of TCP forwarding is a secure connection to a mail
501 server; another is going through firewalls.
502
503 In the example below, we look at encrypting communication between an IRC
504 client and server, even though the IRC server does not directly support
505 encrypted communications. This works as follows: the user connects to
506 the remote host using ssh, specifying a port to be used to forward con-
507 nections to the remote server. After that it is possible to start the
508 service which is to be encrypted on the client machine, connecting to the
509 same local port, and ssh will encrypt and forward the connection.
510
511 The following example tunnels an IRC session from client machine
512 ``127.0.0.1'' (localhost) to remote server ``server.example.com'':
513
514 $ ssh -f -L 1234:localhost:6667 server.example.com sleep 10
515 $ irc -c '#users' -p 1234 pinky 127.0.0.1
516
517 This tunnels a connection to IRC server ``server.example.com'', joining
518 channel ``#users'', nickname ``pinky'', using port 1234. It doesn't mat-
519 ter which port is used, as long as it's greater than 1023 (remember, only
520 root can open sockets on privileged ports) and doesn't conflict with any
521 ports already in use. The connection is forwarded to port 6667 on the
522 remote server, since that's the standard port for IRC services.
523
524 The -f option backgrounds ssh and the remote command ``sleep 10'' is
525 specified to allow an amount of time (10 seconds, in the example) to
526 start the service which is to be tunnelled. If no connections are made
527 within the time specified, ssh will exit.
528
529X11 FORWARDING
530 If the ForwardX11 variable is set to ``yes'' (or see the description of
531 the -X, -x, and -Y options above) and the user is using X11 (the DISPLAY
532 environment variable is set), the connection to the X11 display is auto-
533 matically forwarded to the remote side in such a way that any X11 pro-
534 grams started from the shell (or command) will go through the encrypted
535 channel, and the connection to the real X server will be made from the
536 local machine. The user should not manually set DISPLAY. Forwarding of
537 X11 connections can be configured on the command line or in configuration
538 files.
539
540 The DISPLAY value set by ssh will point to the server machine, but with a
541 display number greater than zero. This is normal, and happens because
542 ssh creates a ``proxy'' X server on the server machine for forwarding the
543 connections over the encrypted channel.
544
545 ssh will also automatically set up Xauthority data on the server machine.
546 For this purpose, it will generate a random authorization cookie, store
547 it in Xauthority on the server, and verify that any forwarded connections
548 carry this cookie and replace it by the real cookie when the connection
549 is opened. The real authentication cookie is never sent to the server
550 machine (and no cookies are sent in the plain).
551
552 If the ForwardAgent variable is set to ``yes'' (or see the description of
553 the -A and -a options above) and the user is using an authentication
554 agent, the connection to the agent is automatically forwarded to the re-
555 mote side.
556
557VERIFYING HOST KEYS
558 When connecting to a server for the first time, a fingerprint of the
559 server's public key is presented to the user (unless the option
560 StrictHostKeyChecking has been disabled). Fingerprints can be determined
561 using ssh-keygen(1):
562
563 $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
564
565 If the fingerprint is already known, it can be matched and verified, and
566 the key can be accepted. If the fingerprint is unknown, an alternative
567 method of verification is available: SSH fingerprints verified by DNS.
568 An additional resource record (RR), SSHFP, is added to a zonefile and the
569 connecting client is able to match the fingerprint with that of the key
570 presented.
571
572 In this example, we are connecting a client to a server,
573 ``host.example.com''. The SSHFP resource records should first be added
574 to the zonefile for host.example.com:
518 575
519 DISPLAY The DISPLAY variable indicates the location of the X11 server. 576 $ ssh-keygen -f /etc/ssh/ssh_host_rsa_key.pub -r host.example.com.
520 It is automatically set by ssh to point to a value of the form 577 $ ssh-keygen -f /etc/ssh/ssh_host_dsa_key.pub -r host.example.com.
521 ``hostname:n'' where hostname indicates the host where the shell
522 runs, and n is an integer >= 1. ssh uses this special value to
523 forward X11 connections over the secure channel. The user
524 should normally not set DISPLAY explicitly, as that will render
525 the X11 connection insecure (and will require the user to manu-
526 ally copy any required authorization cookies).
527 578
528 HOME Set to the path of the user's home directory. 579 The output lines will have to be added to the zonefile. To check that
580 the zone is answering fingerprint queries:
529 581
530 LOGNAME Synonym for USER; set for compatibility with systems that use 582 $ dig -t SSHFP host.example.com
531 this variable.
532 583
533 MAIL Set to the path of the user's mailbox. 584 Finally the client connects:
534 585
535 PATH Set to the default PATH, as specified when compiling ssh. 586 $ ssh -o "VerifyHostKeyDNS ask" host.example.com
587 [...]
588 Matching host key fingerprint found in DNS.
589 Are you sure you want to continue connecting (yes/no)?
536 590
537 SSH_ASKPASS 591 See the VerifyHostKeyDNS option in ssh_config(5) for more information.
538 If ssh needs a passphrase, it will read the passphrase from the
539 current terminal if it was run from a terminal. If ssh does not
540 have a terminal associated with it but DISPLAY and SSH_ASKPASS
541 are set, it will execute the program specified by SSH_ASKPASS
542 and open an X11 window to read the passphrase. This is particu-
543 larly useful when calling ssh from a .xsession or related
544 script. (Note that on some machines it may be necessary to
545 redirect the input from /dev/null to make this work.)
546 592
547 SSH_AUTH_SOCK 593SSH-BASED VIRTUAL PRIVATE NETWORKS
548 Identifies the path of a unix-domain socket used to communicate 594 ssh contains support for Virtual Private Network (VPN) tunnelling using
549 with the agent. 595 the tun(4) network pseudo-device, allowing two networks to be joined se-
596 curely. The sshd_config(5) configuration option PermitTunnel controls
597 whether the server supports this, and at what level (layer 2 or 3 traf-
598 fic).
550 599
551 SSH_CONNECTION 600 The following example would connect client network 10.0.50.0/24 with re-
552 Identifies the client and server ends of the connection. The 601 mote network 10.0.99.0/24, provided that the SSH server running on the
553 variable contains four space-separated values: client ip-ad- 602 gateway to the remote network, at 192.168.1.15, allows it:
554 dress, client port number, server ip-address and server port
555 number.
556 603
557 SSH_ORIGINAL_COMMAND 604 # ssh -f -w 0:1 192.168.1.15 true
558 The variable contains the original command line if a forced com- 605 # ifconfig tun0 10.0.50.1 10.0.99.1 netmask 255.255.255.252
559 mand is executed. It can be used to extract the original argu-
560 ments.
561 606
562 SSH_TTY This is set to the name of the tty (path to the device) associ- 607 Client access may be more finely tuned via the /root/.ssh/authorized_keys
563 ated with the current shell or command. If the current session 608 file (see below) and the PermitRootLogin server option. The following
564 has no tty, this variable is not set. 609 entry would permit connections on the first tun(4) device from user
610 ``jane'' and on the second device from user ``john'', if PermitRootLogin
611 is set to ``forced-commands-only'':
565 612
566 TZ The timezone variable is set to indicate the present timezone if 613 tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane
567 it was set when the daemon was started (i.e., the daemon passes 614 tunnel="2",command="sh /etc/netstart tun1" ssh-rsa ... john
568 the value on to new connections).
569 615
570 USER Set to the name of the user logging in. 616 Since a SSH-based setup entails a fair amount of overhead, it may be more
617 suited to temporary setups, such as for wireless VPNs. More permanent
618 VPNs are better provided by tools such as ipsecctl(8) and isakmpd(8).
619
620ENVIRONMENT
621 ssh will normally set the following environment variables:
622
623 DISPLAY The DISPLAY variable indicates the location of the
624 X11 server. It is automatically set by ssh to
625 point to a value of the form ``hostname:n'', where
626 ``hostname'' indicates the host where the shell
627 runs, and `n' is an integer >= 1. ssh uses this
628 special value to forward X11 connections over the
629 secure channel. The user should normally not set
630 DISPLAY explicitly, as that will render the X11
631 connection insecure (and will require the user to
632 manually copy any required authorization cookies).
633
634 HOME Set to the path of the user's home directory.
635
636 LOGNAME Synonym for USER; set for compatibility with sys-
637 tems that use this variable.
638
639 MAIL Set to the path of the user's mailbox.
640
641 PATH Set to the default PATH, as specified when compil-
642 ing ssh.
643
644 SSH_ASKPASS If ssh needs a passphrase, it will read the
645 passphrase from the current terminal if it was run
646 from a terminal. If ssh does not have a terminal
647 associated with it but DISPLAY and SSH_ASKPASS are
648 set, it will execute the program specified by
649 SSH_ASKPASS and open an X11 window to read the
650 passphrase. This is particularly useful when call-
651 ing ssh from a .xsession or related script. (Note
652 that on some machines it may be necessary to redi-
653 rect the input from /dev/null to make this work.)
654
655 SSH_AUTH_SOCK Identifies the path of a UNIX-domain socket used to
656 communicate with the agent.
657
658 SSH_CONNECTION Identifies the client and server ends of the con-
659 nection. The variable contains four space-separat-
660 ed values: client IP address, client port number,
661 server IP address, and server port number.
662
663 SSH_ORIGINAL_COMMAND This variable contains the original command line if
664 a forced command is executed. It can be used to
665 extract the original arguments.
666
667 SSH_TTY This is set to the name of the tty (path to the de-
668 vice) associated with the current shell or command.
669 If the current session has no tty, this variable is
670 not set.
671
672 TZ This variable is set to indicate the present time
673 zone if it was set when the daemon was started
674 (i.e., the daemon passes the value on to new con-
675 nections).
676
677 USER Set to the name of the user logging in.
571 678
572 Additionally, ssh reads ~/.ssh/environment, and adds lines of the format 679 Additionally, ssh reads ~/.ssh/environment, and adds lines of the format
573 ``VARNAME=value'' to the environment if the file exists and if users are 680 ``VARNAME=value'' to the environment if the file exists and users are al-
574 allowed to change their environment. For more information, see the 681 lowed to change their environment. For more information, see the
575 PermitUserEnvironment option in sshd_config(5). 682 PermitUserEnvironment option in sshd_config(5).
576 683
577FILES 684FILES
578 ~/.ssh/known_hosts 685 ~/.rhosts
579 Records host keys for all hosts the user has logged into that are 686 This file is used for host-based authentication (see above). On
580 not in /etc/ssh/ssh_known_hosts. See sshd(8). 687 some machines this file may need to be world-readable if the us-
581 688 er's home directory is on an NFS partition, because sshd(8) reads
582 ~/.ssh/identity, ~/.ssh/id_dsa, ~/.ssh/id_rsa 689 it as root. Additionally, this file must be owned by the user,
583 Contains the authentication identity of the user. They are for 690 and must not have write permissions for anyone else. The recom-
584 protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively. 691 mended permission for most machines is read/write for the user,
585 These files contain sensitive data and should be readable by the 692 and not accessible by others.
586 user but not accessible by others (read/write/execute). Note 693
587 that ssh ignores a private key file if it is accessible by oth- 694 ~/.shosts
588 ers. It is possible to specify a passphrase when generating the 695 This file is used in exactly the same way as .rhosts, but allows
589 key; the passphrase will be used to encrypt the sensitive part of 696 host-based authentication without permitting login with
590 this file using 3DES. 697 rlogin/rsh.
591 698
592 ~/.ssh/identity.pub, ~/.ssh/id_dsa.pub, ~/.ssh/id_rsa.pub 699 ~/.ssh/authorized_keys
593 Contains the public key for authentication (public part of the 700 Lists the public keys (RSA/DSA) that can be used for logging in
594 identity file in human-readable form). The contents of the 701 as this user. The format of this file is described in the
595 ~/.ssh/identity.pub file should be added to the file 702 sshd(8) manual page. This file is not highly sensitive, but the
596 ~/.ssh/authorized_keys on all machines where the user wishes to 703 recommended permissions are read/write for the user, and not ac-
597 log in using protocol version 1 RSA authentication. The contents 704 cessible by others.
598 of the ~/.ssh/id_dsa.pub and ~/.ssh/id_rsa.pub file should be
599 added to ~/.ssh/authorized_keys on all machines where the user
600 wishes to log in using protocol version 2 DSA/RSA authentication.
601 These files are not sensitive and can (but need not) be readable
602 by anyone. These files are never used automatically and are not
603 necessary; they are only provided for the convenience of the us-
604 er.
605 705
606 ~/.ssh/config 706 ~/.ssh/config
607 This is the per-user configuration file. The file format and 707 This is the per-user configuration file. The file format and
@@ -609,112 +709,75 @@ FILES
609 the potential for abuse, this file must have strict permissions: 709 the potential for abuse, this file must have strict permissions:
610 read/write for the user, and not accessible by others. 710 read/write for the user, and not accessible by others.
611 711
612 ~/.ssh/authorized_keys 712 ~/.ssh/environment
613 Lists the public keys (RSA/DSA) that can be used for logging in 713 Contains additional definitions for environment variables; see
614 as this user. The format of this file is described in the 714 ENVIRONMENT, above.
615 sshd(8) manual page. In the simplest form the format is the same 715
616 as the .pub identity files. This file is not highly sensitive, 716 ~/.ssh/identity
617 but the recommended permissions are read/write for the user, and 717 ~/.ssh/id_dsa
618 not accessible by others. 718 ~/.ssh/id_rsa
719 Contains the private key for authentication. These files contain
720 sensitive data and should be readable by the user but not acces-
721 sible by others (read/write/execute). ssh will simply ignore a
722 private key file if it is accessible by others. It is possible
723 to specify a passphrase when generating the key which will be
724 used to encrypt the sensitive part of this file using 3DES.
725
726 ~/.ssh/identity.pub
727 ~/.ssh/id_dsa.pub
728 ~/.ssh/id_rsa.pub
729 Contains the public key for authentication. These files are not
730 sensitive and can (but need not) be readable by anyone.
619 731
620 /etc/ssh/ssh_known_hosts 732 ~/.ssh/known_hosts
621 Systemwide list of known host keys. This file should be prepared 733 Contains a list of host keys for all hosts the user has logged
622 by the system administrator to contain the public host keys of 734 into that are not already in the systemwide list of known host
623 all machines in the organization. This file should be world- 735 keys. See sshd(8) for further details of the format of this
624 readable. This file contains public keys, one per line, in the 736 file.
625 following format (fields separated by spaces): system name, pub- 737
626 lic key and optional comment field. When different names are 738 ~/.ssh/rc
627 used for the same machine, all such names should be listed, sepa- 739 Commands in this file are executed by ssh when the user logs in,
628 rated by commas. The format is described in the sshd(8) manual 740 just before the user's shell (or command) is started. See the
629 page. 741 sshd(8) manual page for more information.
630 742
631 The canonical system name (as returned by name servers) is used 743 /etc/hosts.equiv
632 by sshd(8) to verify the client host when logging in; other names 744 This file is for host-based authentication (see above). It
633 are needed because ssh does not convert the user-supplied name to 745 should only be writable by root.
634 a canonical name before checking the key, because someone with 746
635 access to the name servers would then be able to fool host au- 747 /etc/shosts.equiv
636 thentication. 748 This file is used in exactly the same way as hosts.equiv, but al-
749 lows host-based authentication without permitting login with
750 rlogin/rsh.
637 751
638 /etc/ssh/ssh_config 752 /etc/ssh/ssh_config
639 Systemwide configuration file. The file format and configuration 753 Systemwide configuration file. The file format and configuration
640 options are described in ssh_config(5). 754 options are described in ssh_config(5).
641 755
642 /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, 756 /etc/ssh/ssh_host_key
643 /etc/ssh/ssh_host_rsa_key 757 /etc/ssh/ssh_host_dsa_key
758 /etc/ssh/ssh_host_rsa_key
644 These three files contain the private parts of the host keys and 759 These three files contain the private parts of the host keys and
645 are used for RhostsRSAAuthentication and HostbasedAuthentication. 760 are used for host-based authentication. If protocol version 1 is
646 If the protocol version 1 RhostsRSAAuthentication method is used, 761 used, ssh must be setuid root, since the host key is readable on-
647 ssh must be setuid root, since the host key is readable only by 762 ly by root. For protocol version 2, ssh uses ssh-keysign(8) to
648 root. For protocol version 2, ssh uses ssh-keysign(8) to access 763 access the host keys, eliminating the requirement that ssh be se-
649 the host keys for HostbasedAuthentication. This eliminates the 764 tuid root when host-based authentication is used. By default ssh
650 requirement that ssh be setuid root when that authentication 765 is not setuid root.
651 method is used. By default ssh is not setuid root.
652 766
653 ~/.rhosts 767 /etc/ssh/ssh_known_hosts
654 This file is used in RhostsRSAAuthentication and 768 Systemwide list of known host keys. This file should be prepared
655 HostbasedAuthentication authentication to list the host/user 769 by the system administrator to contain the public host keys of
656 pairs that are permitted to log in. (Note that this file is also 770 all machines in the organization. It should be world-readable.
657 used by rlogin and rsh, which makes using this file insecure.) 771 See sshd(8) for further details of the format of this file.
658 Each line of the file contains a host name (in the canonical form
659 returned by name servers), and then a user name on that host,
660 separated by a space. On some machines this file may need to be
661 world-readable if the user's home directory is on a NFS parti-
662 tion, because sshd(8) reads it as root. Additionally, this file
663 must be owned by the user, and must not have write permissions
664 for anyone else. The recommended permission for most machines is
665 read/write for the user, and not accessible by others.
666
667 Note that sshd(8) allows authentication only in combination with
668 client host key authentication before permitting log in. If the
669 server machine does not have the client's host key in
670 /etc/ssh/ssh_known_hosts, it can be stored in ~/.ssh/known_hosts.
671 The easiest way to do this is to connect back to the client from
672 the server machine using ssh; this will automatically add the
673 host key to ~/.ssh/known_hosts.
674
675 ~/.shosts
676 This file is used exactly the same way as .rhosts. The purpose
677 for having this file is to be able to use RhostsRSAAuthentication
678 and HostbasedAuthentication authentication without permitting lo-
679 gin with rlogin or rsh(1).
680
681 /etc/hosts.equiv
682 This file is used during RhostsRSAAuthentication and
683 HostbasedAuthentication authentication. It contains canonical
684 hosts names, one per line (the full format is described in the
685 sshd(8) manual page). If the client host is found in this file,
686 login is automatically permitted provided client and server user
687 names are the same. Additionally, successful client host key au-
688 thentication is required. This file should only be writable by
689 root.
690
691 /etc/shosts.equiv
692 This file is processed exactly as /etc/hosts.equiv. This file
693 may be useful to permit logins using ssh but not using
694 rsh/rlogin.
695 772
696 /etc/ssh/sshrc 773 /etc/ssh/sshrc
697 Commands in this file are executed by ssh when the user logs in 774 Commands in this file are executed by ssh when the user logs in,
698 just before the user's shell (or command) is started. See the
699 sshd(8) manual page for more information.
700
701 ~/.ssh/rc
702 Commands in this file are executed by ssh when the user logs in
703 just before the user's shell (or command) is started. See the 775 just before the user's shell (or command) is started. See the
704 sshd(8) manual page for more information. 776 sshd(8) manual page for more information.
705 777
706 ~/.ssh/environment
707 Contains additional definitions for environment variables, see
708 section ENVIRONMENT above.
709
710DIAGNOSTICS
711 ssh exits with the exit status of the remote command or with 255 if an
712 error occurred.
713
714SEE ALSO 778SEE ALSO
715 gzip(1), rsh(1), scp(1), sftp(1), ssh-add(1), ssh-agent(1), 779 scp(1), sftp(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), ssh-keyscan(1),
716 ssh-keygen(1), telnet(1), hosts.equiv(5), ssh_config(5), ssh-keysign(8), 780 tun(4), hosts.equiv(5), ssh_config(5), ssh-keysign(8), sshd(8)
717 sshd(8)
718 781
719 T. Ylonen, T. Kivinen, M. Saarinen, T. Rinne, and S. Lehtinen, SSH 782 T. Ylonen, T. Kivinen, M. Saarinen, T. Rinne, and S. Lehtinen, SSH
720 Protocol Architecture, draft-ietf-secsh-architecture-12.txt, January 783 Protocol Architecture, draft-ietf-secsh-architecture-12.txt, January
@@ -727,4 +790,4 @@ AUTHORS
727 created OpenSSH. Markus Friedl contributed the support for SSH protocol 790 created OpenSSH. Markus Friedl contributed the support for SSH protocol
728 versions 1.5 and 2.0. 791 versions 1.5 and 2.0.
729 792
730OpenBSD 3.8 September 25, 1999 12 793OpenBSD 3.9 September 25, 1999 12
diff --git a/ssh.1 b/ssh.1
index b0749763b..f4c677628 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: ssh.1,v 1.209 2005/07/06 09:33:05 dtucker Exp $ 37.\" $OpenBSD: ssh.1,v 1.253 2006/01/30 13:37:49 jmc Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSH 1 39.Dt SSH 1
40.Os 40.Os
@@ -43,21 +43,29 @@
43.Nd OpenSSH SSH client (remote login program) 43.Nd OpenSSH SSH client (remote login program)
44.Sh SYNOPSIS 44.Sh SYNOPSIS
45.Nm ssh 45.Nm ssh
46.Bk -words
47.Op Fl 1246AaCfgkMNnqsTtVvXxY 46.Op Fl 1246AaCfgkMNnqsTtVvXxY
48.Op Fl b Ar bind_address 47.Op Fl b Ar bind_address
49.Op Fl c Ar cipher_spec 48.Op Fl c Ar cipher_spec
50.Op Fl D Ar port 49.Oo Fl D\ \&
50.Sm off
51.Oo Ar bind_address : Oc
52.Ar port
53.Sm on
54.Oc
51.Op Fl e Ar escape_char 55.Op Fl e Ar escape_char
52.Op Fl F Ar configfile 56.Op Fl F Ar configfile
57.Bk -words
53.Op Fl i Ar identity_file 58.Op Fl i Ar identity_file
59.Ek
54.Oo Fl L\ \& 60.Oo Fl L\ \&
55.Sm off 61.Sm off
56.Oo Ar bind_address : Oc 62.Oo Ar bind_address : Oc
57.Ar port : host : hostport 63.Ar port : host : hostport
58.Sm on 64.Sm on
59.Oc 65.Oc
66.Bk -words
60.Op Fl l Ar login_name 67.Op Fl l Ar login_name
68.Ek
61.Op Fl m Ar mac_spec 69.Op Fl m Ar mac_spec
62.Op Fl O Ar ctl_cmd 70.Op Fl O Ar ctl_cmd
63.Op Fl o Ar option 71.Op Fl o Ar option
@@ -69,6 +77,8 @@
69.Sm on 77.Sm on
70.Oc 78.Oc
71.Op Fl S Ar ctl_path 79.Op Fl S Ar ctl_path
80.Bk -words
81.Op Fl w Ar tunnel : Ns Ar tunnel
72.Oo Ar user Ns @ Oc Ns Ar hostname 82.Oo Ar user Ns @ Oc Ns Ar hostname
73.Op Ar command 83.Op Ar command
74.Ek 84.Ek
@@ -79,7 +89,7 @@ executing commands on a remote machine.
79It is intended to replace rlogin and rsh, 89It is intended to replace rlogin and rsh,
80and provide secure encrypted communications between 90and provide secure encrypted communications between
81two untrusted hosts over an insecure network. 91two untrusted hosts over an insecure network.
82X11 connections and arbitrary TCP/IP ports 92X11 connections and arbitrary TCP ports
83can also be forwarded over the secure channel. 93can also be forwarded over the secure channel.
84.Pp 94.Pp
85.Nm 95.Nm
@@ -90,306 +100,12 @@ connects and logs into the specified
90name). 100name).
91The user must prove 101The user must prove
92his/her identity to the remote machine using one of several methods 102his/her identity to the remote machine using one of several methods
93depending on the protocol version used. 103depending on the protocol version used (see below).
94.Pp 104.Pp
95If 105If
96.Ar command 106.Ar command
97is specified, 107is specified,
98.Ar command 108it is executed on the remote host instead of a login shell.
99is executed on the remote host instead of a login shell.
100.Ss SSH protocol version 1
101The first authentication method is the
102.Em rhosts
103or
104.Em hosts.equiv
105method combined with RSA-based host authentication.
106If the machine the user logs in from is listed in
107.Pa /etc/hosts.equiv
108or
109.Pa /etc/shosts.equiv
110on the remote machine, and the user names are
111the same on both sides, or if the files
112.Pa ~/.rhosts
113or
114.Pa ~/.shosts
115exist in the user's home directory on the
116remote machine and contain a line containing the name of the client
117machine and the name of the user on that machine, the user is
118considered for log in.
119Additionally, if the server can verify the client's
120host key (see
121.Pa /etc/ssh/ssh_known_hosts
122and
123.Pa ~/.ssh/known_hosts
124in the
125.Sx FILES
126section), only then is login permitted.
127This authentication method closes security holes due to IP
128spoofing, DNS spoofing and routing spoofing.
129[Note to the administrator:
130.Pa /etc/hosts.equiv ,
131.Pa ~/.rhosts ,
132and the rlogin/rsh protocol in general, are inherently insecure and should be
133disabled if security is desired.]
134.Pp
135As a second authentication method,
136.Nm
137supports RSA based authentication.
138The scheme is based on public-key cryptography: there are cryptosystems
139where encryption and decryption are done using separate keys, and it
140is not possible to derive the decryption key from the encryption key.
141RSA is one such system.
142The idea is that each user creates a public/private
143key pair for authentication purposes.
144The server knows the public key, and only the user knows the private key.
145.Pp
146The file
147.Pa ~/.ssh/authorized_keys
148lists the public keys that are permitted for logging in.
149When the user logs in, the
150.Nm
151program tells the server which key pair it would like to use for
152authentication.
153The server checks if this key is permitted, and if so,
154sends the user (actually the
155.Nm
156program running on behalf of the user) a challenge, a random number,
157encrypted by the user's public key.
158The challenge can only be decrypted using the proper private key.
159The user's client then decrypts the challenge using the private key,
160proving that he/she knows the private key
161but without disclosing it to the server.
162.Pp
163.Nm
164implements the RSA authentication protocol automatically.
165The user creates his/her RSA key pair by running
166.Xr ssh-keygen 1 .
167This stores the private key in
168.Pa ~/.ssh/identity
169and stores the public key in
170.Pa ~/.ssh/identity.pub
171in the user's home directory.
172The user should then copy the
173.Pa identity.pub
174to
175.Pa ~/.ssh/authorized_keys
176in his/her home directory on the remote machine (the
177.Pa authorized_keys
178file corresponds to the conventional
179.Pa ~/.rhosts
180file, and has one key
181per line, though the lines can be very long).
182After this, the user can log in without giving the password.
183.Pp
184The most convenient way to use RSA authentication may be with an
185authentication agent.
186See
187.Xr ssh-agent 1
188for more information.
189.Pp
190If other authentication methods fail,
191.Nm
192prompts the user for a password.
193The password is sent to the remote
194host for checking; however, since all communications are encrypted,
195the password cannot be seen by someone listening on the network.
196.Ss SSH protocol version 2
197When a user connects using protocol version 2,
198similar authentication methods are available.
199Using the default values for
200.Cm PreferredAuthentications ,
201the client will try to authenticate first using the hostbased method;
202if this method fails, public key authentication is attempted,
203and finally if this method fails, keyboard-interactive and
204password authentication are tried.
205.Pp
206The public key method is similar to RSA authentication described
207in the previous section and allows the RSA or DSA algorithm to be used:
208The client uses his private key,
209.Pa ~/.ssh/id_dsa
210or
211.Pa ~/.ssh/id_rsa ,
212to sign the session identifier and sends the result to the server.
213The server checks whether the matching public key is listed in
214.Pa ~/.ssh/authorized_keys
215and grants access if both the key is found and the signature is correct.
216The session identifier is derived from a shared Diffie-Hellman value
217and is only known to the client and the server.
218.Pp
219If public key authentication fails or is not available, a password
220can be sent encrypted to the remote host to prove the user's identity.
221.Pp
222Additionally,
223.Nm
224supports hostbased or challenge response authentication.
225.Pp
226Protocol 2 provides additional mechanisms for confidentiality
227(the traffic is encrypted using AES, 3DES, Blowfish, CAST128 or Arcfour)
228and integrity (hmac-md5, hmac-sha1, hmac-ripemd160).
229Note that protocol 1 lacks a strong mechanism for ensuring the
230integrity of the connection.
231.Ss Login session and remote execution
232When the user's identity has been accepted by the server, the server
233either executes the given command, or logs into the machine and gives
234the user a normal shell on the remote machine.
235All communication with
236the remote command or shell will be automatically encrypted.
237.Pp
238If a pseudo-terminal has been allocated (normal login session), the
239user may use the escape characters noted below.
240.Pp
241If no pseudo-tty has been allocated,
242the session is transparent and can be used to reliably transfer binary data.
243On most systems, setting the escape character to
244.Dq none
245will also make the session transparent even if a tty is used.
246.Pp
247The session terminates when the command or shell on the remote
248machine exits and all X11 and TCP/IP connections have been closed.
249The exit status of the remote program is returned as the exit status of
250.Nm ssh .
251.Ss Escape Characters
252When a pseudo-terminal has been requested,
253.Nm
254supports a number of functions through the use of an escape character.
255.Pp
256A single tilde character can be sent as
257.Ic ~~
258or by following the tilde by a character other than those described below.
259The escape character must always follow a newline to be interpreted as
260special.
261The escape character can be changed in configuration files using the
262.Cm EscapeChar
263configuration directive or on the command line by the
264.Fl e
265option.
266.Pp
267The supported escapes (assuming the default
268.Ql ~ )
269are:
270.Bl -tag -width Ds
271.It Cm ~.
272Disconnect.
273.It Cm ~^Z
274Background
275.Nm ssh .
276.It Cm ~#
277List forwarded connections.
278.It Cm ~&
279Background
280.Nm
281at logout when waiting for forwarded connection / X11 sessions to terminate.
282.It Cm ~?
283Display a list of escape characters.
284.It Cm ~B
285Send a BREAK to the remote system
286(only useful for SSH protocol version 2 and if the peer supports it).
287.It Cm ~C
288Open command line.
289Currently this allows the addition of port forwardings using the
290.Fl L
291and
292.Fl R
293options (see below).
294It also allows the cancellation of existing remote port-forwardings
295using
296.Fl KR Ar hostport .
297Basic help is available, using the
298.Fl h
299option.
300.It Cm ~R
301Request rekeying of the connection
302(only useful for SSH protocol version 2 and if the peer supports it).
303.El
304.Ss X11 and TCP forwarding
305If the
306.Cm ForwardX11
307variable is set to
308.Dq yes
309(or see the description of the
310.Fl X
311and
312.Fl x
313options described later)
314and the user is using X11 (the
315.Ev DISPLAY
316environment variable is set), the connection to the X11 display is
317automatically forwarded to the remote side in such a way that any X11
318programs started from the shell (or command) will go through the
319encrypted channel, and the connection to the real X server will be made
320from the local machine.
321The user should not manually set
322.Ev DISPLAY .
323Forwarding of X11 connections can be
324configured on the command line or in configuration files.
325.Pp
326The
327.Ev DISPLAY
328value set by
329.Nm
330will point to the server machine, but with a display number greater than zero.
331This is normal, and happens because
332.Nm
333creates a
334.Dq proxy
335X server on the server machine for forwarding the
336connections over the encrypted channel.
337.Pp
338.Nm
339will also automatically set up Xauthority data on the server machine.
340For this purpose, it will generate a random authorization cookie,
341store it in Xauthority on the server, and verify that any forwarded
342connections carry this cookie and replace it by the real cookie when
343the connection is opened.
344The real authentication cookie is never
345sent to the server machine (and no cookies are sent in the plain).
346.Pp
347If the
348.Cm ForwardAgent
349variable is set to
350.Dq yes
351(or see the description of the
352.Fl A
353and
354.Fl a
355options described later) and
356the user is using an authentication agent, the connection to the agent
357is automatically forwarded to the remote side.
358.Pp
359Forwarding of arbitrary TCP/IP connections over the secure channel can
360be specified either on the command line or in a configuration file.
361One possible application of TCP/IP forwarding is a secure connection to an
362electronic purse; another is going through firewalls.
363.Ss Server authentication
364.Nm
365automatically maintains and checks a database containing
366identifications for all hosts it has ever been used with.
367Host keys are stored in
368.Pa ~/.ssh/known_hosts
369in the user's home directory.
370Additionally, the file
371.Pa /etc/ssh/ssh_known_hosts
372is automatically checked for known hosts.
373Any new hosts are automatically added to the user's file.
374If a host's identification ever changes,
375.Nm
376warns about this and disables password authentication to prevent a
377trojan horse from getting the user's password.
378Another purpose of this mechanism is to prevent man-in-the-middle attacks
379which could otherwise be used to circumvent the encryption.
380The
381.Cm StrictHostKeyChecking
382option can be used to prevent logins to machines whose
383host key is not known or has changed.
384.Pp
385.Nm
386can be configured to verify host identification using fingerprint resource
387records (SSHFP) published in DNS.
388The
389.Cm VerifyHostKeyDNS
390option can be used to control how DNS lookups are performed.
391SSHFP resource records can be generated using
392.Xr ssh-keygen 1 .
393.Pp 109.Pp
394The options are as follows: 110The options are as follows:
395.Bl -tag -width Ds 111.Bl -tag -width Ds
@@ -430,7 +146,7 @@ of the connection.
430Only useful on systems with more than one address. 146Only useful on systems with more than one address.
431.It Fl C 147.It Fl C
432Requests compression of all data (including stdin, stdout, stderr, and 148Requests compression of all data (including stdin, stdout, stderr, and
433data for forwarded X11 and TCP/IP connections). 149data for forwarded X11 and TCP connections).
434The compression algorithm is the same used by 150The compression algorithm is the same used by
435.Xr gzip 1 , 151.Xr gzip 1 ,
436and the 152and the
@@ -448,9 +164,9 @@ option.
448Selects the cipher specification for encrypting the session. 164Selects the cipher specification for encrypting the session.
449.Pp 165.Pp
450Protocol version 1 allows specification of a single cipher. 166Protocol version 1 allows specification of a single cipher.
451The suported values are 167The supported values are
452.Dq 3des , 168.Dq 3des ,
453.Dq blowfish 169.Dq blowfish ,
454and 170and
455.Dq des . 171.Dq des .
456.Ar 3des 172.Ar 3des
@@ -470,37 +186,44 @@ Its use is strongly discouraged due to cryptographic weaknesses.
470The default is 186The default is
471.Dq 3des . 187.Dq 3des .
472.Pp 188.Pp
473For protocol version 2 189For protocol version 2,
474.Ar cipher_spec 190.Ar cipher_spec
475is a comma-separated list of ciphers 191is a comma-separated list of ciphers
476listed in order of preference. 192listed in order of preference.
477The supported ciphers are 193The supported ciphers are:
478.Dq 3des-cbc , 1943des-cbc,
479.Dq aes128-cbc , 195aes128-cbc,
480.Dq aes192-cbc , 196aes192-cbc,
481.Dq aes256-cbc , 197aes256-cbc,
482.Dq aes128-ctr , 198aes128-ctr,
483.Dq aes192-ctr , 199aes192-ctr,
484.Dq aes256-ctr , 200aes256-ctr,
485.Dq arcfour128 , 201arcfour128,
486.Dq arcfour256 , 202arcfour256,
487.Dq arcfour , 203arcfour,
488.Dq blowfish-cbc , 204blowfish-cbc,
489and 205and
490.Dq cast128-cbc . 206cast128-cbc.
491The default is 207The default is:
492.Bd -literal 208.Bd -literal -offset indent
493 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, 209aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
494 arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, 210arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
495 aes192-ctr,aes256-ctr'' 211aes192-ctr,aes256-ctr
496.Ed 212.Ed
497.It Fl D Ar port 213.It Fl D Xo
214.Sm off
215.Oo Ar bind_address : Oc
216.Ar port
217.Sm on
218.Xc
498Specifies a local 219Specifies a local
499.Dq dynamic 220.Dq dynamic
500application-level port forwarding. 221application-level port forwarding.
501This works by allocating a socket to listen to 222This works by allocating a socket to listen to
502.Ar port 223.Ar port
503on the local side, and whenever a connection is made to this port, the 224on the local side, optionally bound to the specified
225.Ar bind_address .
226Whenever a connection is made to this port, the
504connection is forwarded over the secure channel, and the application 227connection is forwarded over the secure channel, and the application
505protocol is then used to determine where to connect to from the 228protocol is then used to determine where to connect to from the
506remote machine. 229remote machine.
@@ -509,7 +232,31 @@ Currently the SOCKS4 and SOCKS5 protocols are supported, and
509will act as a SOCKS server. 232will act as a SOCKS server.
510Only root can forward privileged ports. 233Only root can forward privileged ports.
511Dynamic port forwardings can also be specified in the configuration file. 234Dynamic port forwardings can also be specified in the configuration file.
512.It Fl e Ar ch | ^ch | none 235.Pp
236IPv6 addresses can be specified with an alternative syntax:
237.Sm off
238.Xo
239.Op Ar bind_address No /
240.Ar port
241.Xc
242.Sm on
243or by enclosing the address in square brackets.
244Only the superuser can forward privileged ports.
245By default, the local port is bound in accordance with the
246.Cm GatewayPorts
247setting.
248However, an explicit
249.Ar bind_address
250may be used to bind the connection to a specific address.
251The
252.Ar bind_address
253of
254.Dq localhost
255indicates that the listening port be bound for local use only, while an
256empty address or
257.Sq *
258indicates that the port should be available from all interfaces.
259.It Fl e Ar escape_char
513Sets the escape character for sessions with a pty (default: 260Sets the escape character for sessions with a pty (default:
514.Ql ~ ) . 261.Ql ~ ) .
515The escape character is only recognized at the beginning of a line. 262The escape character is only recognized at the beginning of a line.
@@ -545,11 +292,12 @@ something like
545.It Fl g 292.It Fl g
546Allows remote hosts to connect to local forwarded ports. 293Allows remote hosts to connect to local forwarded ports.
547.It Fl I Ar smartcard_device 294.It Fl I Ar smartcard_device
548Specifies which smartcard device to use. 295Specify the device
549The argument is the device
550.Nm 296.Nm
551should use to communicate with a smartcard used for storing the user's 297should use to communicate with a smartcard used for storing the user's
552private RSA key. 298private RSA key.
299This option is only available if support for smartcard devices
300is compiled in (default is no support).
553.It Fl i Ar identity_file 301.It Fl i Ar identity_file
554Selects a file from which the identity (private key) for 302Selects a file from which the identity (private key) for
555RSA or DSA authentication is read. 303RSA or DSA authentication is read.
@@ -621,6 +369,13 @@ Places the
621client into 369client into
622.Dq master 370.Dq master
623mode for connection sharing. 371mode for connection sharing.
372Multiple
373.Fl M
374options places
375.Nm
376into
377.Dq master
378mode with confirmation required before slave connections are accepted.
624Refer to the description of 379Refer to the description of
625.Cm ControlMaster 380.Cm ControlMaster
626in 381in
@@ -709,17 +464,20 @@ For full details of the options listed below, and their possible values, see
709.It IdentityFile 464.It IdentityFile
710.It IdentitiesOnly 465.It IdentitiesOnly
711.It KbdInteractiveDevices 466.It KbdInteractiveDevices
467.It LocalCommand
712.It LocalForward 468.It LocalForward
713.It LogLevel 469.It LogLevel
714.It MACs 470.It MACs
715.It NoHostAuthenticationForLocalhost 471.It NoHostAuthenticationForLocalhost
716.It NumberOfPasswordPrompts 472.It NumberOfPasswordPrompts
717.It PasswordAuthentication 473.It PasswordAuthentication
474.It PermitLocalCommand
718.It Port 475.It Port
719.It PreferredAuthentications 476.It PreferredAuthentications
720.It Protocol 477.It Protocol
721.It ProxyCommand 478.It ProxyCommand
722.It PubkeyAuthentication 479.It PubkeyAuthentication
480.It RekeyLimit
723.It RemoteForward 481.It RemoteForward
724.It RhostsRSAAuthentication 482.It RhostsRSAAuthentication
725.It RSAAuthentication 483.It RSAAuthentication
@@ -729,6 +487,8 @@ For full details of the options listed below, and their possible values, see
729.It SmartcardDevice 487.It SmartcardDevice
730.It StrictHostKeyChecking 488.It StrictHostKeyChecking
731.It TCPKeepAlive 489.It TCPKeepAlive
490.It Tunnel
491.It TunnelDevice
732.It UsePrivilegedPort 492.It UsePrivilegedPort
733.It User 493.It User
734.It UserKnownHostsFile 494.It UserKnownHostsFile
@@ -828,6 +588,24 @@ Multiple
828.Fl v 588.Fl v
829options increase the verbosity. 589options increase the verbosity.
830The maximum is 3. 590The maximum is 3.
591.It Fl w Ar tunnel : Ns Ar tunnel
592Requests a
593.Xr tun 4
594device on the client
595(first
596.Ar tunnel
597arg)
598and server
599(second
600.Ar tunnel
601arg).
602The devices may be specified by numerical ID or the keyword
603.Dq any ,
604which uses the next available tunnel device.
605See also the
606.Cm Tunnel
607directive in
608.Xr ssh_config 5 .
831.It Fl X 609.It Fl X
832Enables X11 forwarding. 610Enables X11 forwarding.
833This can also be specified on a per-host basis in a configuration file. 611This can also be specified on a per-host basis in a configuration file.
@@ -855,16 +633,474 @@ Enables trusted X11 forwarding.
855Trusted X11 forwardings are not subjected to the X11 SECURITY extension 633Trusted X11 forwardings are not subjected to the X11 SECURITY extension
856controls. 634controls.
857.El 635.El
858.Sh CONFIGURATION FILES 636.Pp
859.Nm 637.Nm
860may additionally obtain configuration data from 638may additionally obtain configuration data from
861a per-user configuration file and a system-wide configuration file. 639a per-user configuration file and a system-wide configuration file.
862The file format and configuration options are described in 640The file format and configuration options are described in
863.Xr ssh_config 5 . 641.Xr ssh_config 5 .
642.Pp
643.Nm
644exits with the exit status of the remote command or with 255
645if an error occurred.
646.Sh AUTHENTICATION
647The OpenSSH SSH client supports SSH protocols 1 and 2.
648Protocol 2 is the default, with
649.Nm
650falling back to protocol 1 if it detects protocol 2 is unsupported.
651These settings may be altered using the
652.Cm Protocol
653option in
654.Xr ssh_config 5 ,
655or enforced using the
656.Fl 1
657and
658.Fl 2
659options (see above).
660Both protocols support similar authentication methods,
661but protocol 2 is preferred since
662it provides additional mechanisms for confidentiality
663(the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour)
664and integrity (hmac-md5, hmac-sha1, hmac-ripemd160).
665Protocol 1 lacks a strong mechanism for ensuring the
666integrity of the connection.
667.Pp
668The methods available for authentication are:
669host-based authentication,
670public key authentication,
671challenge-response authentication,
672and password authentication.
673Authentication methods are tried in the order specified above,
674though protocol 2 has a configuration option to change the default order:
675.Cm PreferredAuthentications .
676.Pp
677Host-based authentication works as follows:
678If the machine the user logs in from is listed in
679.Pa /etc/hosts.equiv
680or
681.Pa /etc/shosts.equiv
682on the remote machine, and the user names are
683the same on both sides, or if the files
684.Pa ~/.rhosts
685or
686.Pa ~/.shosts
687exist in the user's home directory on the
688remote machine and contain a line containing the name of the client
689machine and the name of the user on that machine, the user is
690considered for login.
691Additionally, the server
692.Em must
693be able to verify the client's
694host key (see the description of
695.Pa /etc/ssh/ssh_known_hosts
696and
697.Pa ~/.ssh/known_hosts ,
698below)
699for login to be permitted.
700This authentication method closes security holes due to IP
701spoofing, DNS spoofing, and routing spoofing.
702[Note to the administrator:
703.Pa /etc/hosts.equiv ,
704.Pa ~/.rhosts ,
705and the rlogin/rsh protocol in general, are inherently insecure and should be
706disabled if security is desired.]
707.Pp
708Public key authentication works as follows:
709The scheme is based on public-key cryptography,
710using cryptosystems
711where encryption and decryption are done using separate keys,
712and it is unfeasible to derive the decryption key from the encryption key.
713The idea is that each user creates a public/private
714key pair for authentication purposes.
715The server knows the public key, and only the user knows the private key.
716.Nm
717implements public key authentication protocol automatically,
718using either the RSA or DSA algorithms.
719Protocol 1 is restricted to using only RSA keys,
720but protocol 2 may use either.
721The
722.Sx HISTORY
723section of
724.Xr ssl 8
725contains a brief discussion of the two algorithms.
726.Pp
727The file
728.Pa ~/.ssh/authorized_keys
729lists the public keys that are permitted for logging in.
730When the user logs in, the
731.Nm
732program tells the server which key pair it would like to use for
733authentication.
734The client proves that it has access to the private key
735and the server checks that the corresponding public key
736is authorized to accept the account.
737.Pp
738The user creates his/her key pair by running
739.Xr ssh-keygen 1 .
740This stores the private key in
741.Pa ~/.ssh/identity
742(protocol 1),
743.Pa ~/.ssh/id_dsa
744(protocol 2 DSA),
745or
746.Pa ~/.ssh/id_rsa
747(protocol 2 RSA)
748and stores the public key in
749.Pa ~/.ssh/identity.pub
750(protocol 1),
751.Pa ~/.ssh/id_dsa.pub
752(protocol 2 DSA),
753or
754.Pa ~/.ssh/id_rsa.pub
755(protocol 2 RSA)
756in the user's home directory.
757The user should then copy the public key
758to
759.Pa ~/.ssh/authorized_keys
760in his/her home directory on the remote machine.
761The
762.Pa authorized_keys
763file corresponds to the conventional
764.Pa ~/.rhosts
765file, and has one key
766per line, though the lines can be very long.
767After this, the user can log in without giving the password.
768.Pp
769The most convenient way to use public key authentication may be with an
770authentication agent.
771See
772.Xr ssh-agent 1
773for more information.
774.Pp
775Challenge-response authentication works as follows:
776The server sends an arbitrary
777.Qq challenge
778text, and prompts for a response.
779Protocol 2 allows multiple challenges and responses;
780protocol 1 is restricted to just one challenge/response.
781Examples of challenge-response authentication include
782BSD Authentication (see
783.Xr login.conf 5 )
784and PAM (some non-OpenBSD systems).
785.Pp
786Finally, if other authentication methods fail,
787.Nm
788prompts the user for a password.
789The password is sent to the remote
790host for checking; however, since all communications are encrypted,
791the password cannot be seen by someone listening on the network.
792.Pp
793.Nm
794automatically maintains and checks a database containing
795identification for all hosts it has ever been used with.
796Host keys are stored in
797.Pa ~/.ssh/known_hosts
798in the user's home directory.
799Additionally, the file
800.Pa /etc/ssh/ssh_known_hosts
801is automatically checked for known hosts.
802Any new hosts are automatically added to the user's file.
803If a host's identification ever changes,
804.Nm
805warns about this and disables password authentication to prevent
806server spoofing or man-in-the-middle attacks,
807which could otherwise be used to circumvent the encryption.
808The
809.Cm StrictHostKeyChecking
810option can be used to control logins to machines whose
811host key is not known or has changed.
812.Pp
813When the user's identity has been accepted by the server, the server
814either executes the given command, or logs into the machine and gives
815the user a normal shell on the remote machine.
816All communication with
817the remote command or shell will be automatically encrypted.
818.Pp
819If a pseudo-terminal has been allocated (normal login session), the
820user may use the escape characters noted below.
821.Pp
822If no pseudo-tty has been allocated,
823the session is transparent and can be used to reliably transfer binary data.
824On most systems, setting the escape character to
825.Dq none
826will also make the session transparent even if a tty is used.
827.Pp
828The session terminates when the command or shell on the remote
829machine exits and all X11 and TCP connections have been closed.
830.Sh ESCAPE CHARACTERS
831When a pseudo-terminal has been requested,
832.Nm
833supports a number of functions through the use of an escape character.
834.Pp
835A single tilde character can be sent as
836.Ic ~~
837or by following the tilde by a character other than those described below.
838The escape character must always follow a newline to be interpreted as
839special.
840The escape character can be changed in configuration files using the
841.Cm EscapeChar
842configuration directive or on the command line by the
843.Fl e
844option.
845.Pp
846The supported escapes (assuming the default
847.Ql ~ )
848are:
849.Bl -tag -width Ds
850.It Cm ~.
851Disconnect.
852.It Cm ~^Z
853Background
854.Nm .
855.It Cm ~#
856List forwarded connections.
857.It Cm ~&
858Background
859.Nm
860at logout when waiting for forwarded connection / X11 sessions to terminate.
861.It Cm ~?
862Display a list of escape characters.
863.It Cm ~B
864Send a BREAK to the remote system
865(only useful for SSH protocol version 2 and if the peer supports it).
866.It Cm ~C
867Open command line.
868Currently this allows the addition of port forwardings using the
869.Fl L
870and
871.Fl R
872options (see above).
873It also allows the cancellation of existing remote port-forwardings
874using
875.Fl KR Ar hostport .
876.Ic !\& Ns Ar command
877allows the user to execute a local command if the
878.Ic PermitLocalCommand
879option is enabled in
880.Xr ssh_config 5 .
881Basic help is available, using the
882.Fl h
883option.
884.It Cm ~R
885Request rekeying of the connection
886(only useful for SSH protocol version 2 and if the peer supports it).
887.El
888.Sh TCP FORWARDING
889Forwarding of arbitrary TCP connections over the secure channel can
890be specified either on the command line or in a configuration file.
891One possible application of TCP forwarding is a secure connection to a
892mail server; another is going through firewalls.
893.Pp
894In the example below, we look at encrypting communication between
895an IRC client and server, even though the IRC server does not directly
896support encrypted communications.
897This works as follows:
898the user connects to the remote host using
899.Nm ,
900specifying a port to be used to forward connections
901to the remote server.
902After that it is possible to start the service which is to be encrypted
903on the client machine,
904connecting to the same local port,
905and
906.Nm
907will encrypt and forward the connection.
908.Pp
909The following example tunnels an IRC session from client machine
910.Dq 127.0.0.1
911(localhost)
912to remote server
913.Dq server.example.com :
914.Bd -literal -offset 4n
915$ ssh -f -L 1234:localhost:6667 server.example.com sleep 10
916$ irc -c '#users' -p 1234 pinky 127.0.0.1
917.Ed
918.Pp
919This tunnels a connection to IRC server
920.Dq server.example.com ,
921joining channel
922.Dq #users ,
923nickname
924.Dq pinky ,
925using port 1234.
926It doesn't matter which port is used,
927as long as it's greater than 1023
928(remember, only root can open sockets on privileged ports)
929and doesn't conflict with any ports already in use.
930The connection is forwarded to port 6667 on the remote server,
931since that's the standard port for IRC services.
932.Pp
933The
934.Fl f
935option backgrounds
936.Nm
937and the remote command
938.Dq sleep 10
939is specified to allow an amount of time
940(10 seconds, in the example)
941to start the service which is to be tunnelled.
942If no connections are made within the time specified,
943.Nm
944will exit.
945.Sh X11 FORWARDING
946If the
947.Cm ForwardX11
948variable is set to
949.Dq yes
950(or see the description of the
951.Fl X ,
952.Fl x ,
953and
954.Fl Y
955options above)
956and the user is using X11 (the
957.Ev DISPLAY
958environment variable is set), the connection to the X11 display is
959automatically forwarded to the remote side in such a way that any X11
960programs started from the shell (or command) will go through the
961encrypted channel, and the connection to the real X server will be made
962from the local machine.
963The user should not manually set
964.Ev DISPLAY .
965Forwarding of X11 connections can be
966configured on the command line or in configuration files.
967.Pp
968The
969.Ev DISPLAY
970value set by
971.Nm
972will point to the server machine, but with a display number greater than zero.
973This is normal, and happens because
974.Nm
975creates a
976.Dq proxy
977X server on the server machine for forwarding the
978connections over the encrypted channel.
979.Pp
980.Nm
981will also automatically set up Xauthority data on the server machine.
982For this purpose, it will generate a random authorization cookie,
983store it in Xauthority on the server, and verify that any forwarded
984connections carry this cookie and replace it by the real cookie when
985the connection is opened.
986The real authentication cookie is never
987sent to the server machine (and no cookies are sent in the plain).
988.Pp
989If the
990.Cm ForwardAgent
991variable is set to
992.Dq yes
993(or see the description of the
994.Fl A
995and
996.Fl a
997options above) and
998the user is using an authentication agent, the connection to the agent
999is automatically forwarded to the remote side.
1000.Sh VERIFYING HOST KEYS
1001When connecting to a server for the first time,
1002a fingerprint of the server's public key is presented to the user
1003(unless the option
1004.Cm StrictHostKeyChecking
1005has been disabled).
1006Fingerprints can be determined using
1007.Xr ssh-keygen 1 :
1008.Pp
1009.Dl $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
1010.Pp
1011If the fingerprint is already known,
1012it can be matched and verified,
1013and the key can be accepted.
1014If the fingerprint is unknown,
1015an alternative method of verification is available:
1016SSH fingerprints verified by DNS.
1017An additional resource record (RR),
1018SSHFP,
1019is added to a zonefile
1020and the connecting client is able to match the fingerprint
1021with that of the key presented.
1022.Pp
1023In this example, we are connecting a client to a server,
1024.Dq host.example.com .
1025The SSHFP resource records should first be added to the zonefile for
1026host.example.com:
1027.Bd -literal -offset indent
1028$ ssh-keygen -f /etc/ssh/ssh_host_rsa_key.pub -r host.example.com.
1029$ ssh-keygen -f /etc/ssh/ssh_host_dsa_key.pub -r host.example.com.
1030.Ed
1031.Pp
1032The output lines will have to be added to the zonefile.
1033To check that the zone is answering fingerprint queries:
1034.Pp
1035.Dl $ dig -t SSHFP host.example.com
1036.Pp
1037Finally the client connects:
1038.Bd -literal -offset indent
1039$ ssh -o "VerifyHostKeyDNS ask" host.example.com
1040[...]
1041Matching host key fingerprint found in DNS.
1042Are you sure you want to continue connecting (yes/no)?
1043.Ed
1044.Pp
1045See the
1046.Cm VerifyHostKeyDNS
1047option in
1048.Xr ssh_config 5
1049for more information.
1050.Sh SSH-BASED VIRTUAL PRIVATE NETWORKS
1051.Nm
1052contains support for Virtual Private Network (VPN) tunnelling
1053using the
1054.Xr tun 4
1055network pseudo-device,
1056allowing two networks to be joined securely.
1057The
1058.Xr sshd_config 5
1059configuration option
1060.Cm PermitTunnel
1061controls whether the server supports this,
1062and at what level (layer 2 or 3 traffic).
1063.Pp
1064The following example would connect client network 10.0.50.0/24
1065with remote network 10.0.99.0/24, provided that the SSH server
1066running on the gateway to the remote network,
1067at 192.168.1.15, allows it:
1068.Bd -literal -offset indent
1069# ssh -f -w 0:1 192.168.1.15 true
1070# ifconfig tun0 10.0.50.1 10.0.99.1 netmask 255.255.255.252
1071.Ed
1072.Pp
1073Client access may be more finely tuned via the
1074.Pa /root/.ssh/authorized_keys
1075file (see below) and the
1076.Cm PermitRootLogin
1077server option.
1078The following entry would permit connections on the first
1079.Xr tun 4
1080device from user
1081.Dq jane
1082and on the second device from user
1083.Dq john ,
1084if
1085.Cm PermitRootLogin
1086is set to
1087.Dq forced-commands-only :
1088.Bd -literal -offset 2n
1089tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane
1090tunnel="2",command="sh /etc/netstart tun1" ssh-rsa ... john
1091.Ed
1092.Pp
1093Since a SSH-based setup entails a fair amount of overhead,
1094it may be more suited to temporary setups,
1095such as for wireless VPNs.
1096More permanent VPNs are better provided by tools such as
1097.Xr ipsecctl 8
1098and
1099.Xr isakmpd 8 .
864.Sh ENVIRONMENT 1100.Sh ENVIRONMENT
865.Nm 1101.Nm
866will normally set the following environment variables: 1102will normally set the following environment variables:
867.Bl -tag -width LOGNAME 1103.Bl -tag -width "SSH_ORIGINAL_COMMAND"
868.It Ev DISPLAY 1104.It Ev DISPLAY
869The 1105The
870.Ev DISPLAY 1106.Ev DISPLAY
@@ -872,9 +1108,12 @@ variable indicates the location of the X11 server.
872It is automatically set by 1108It is automatically set by
873.Nm 1109.Nm
874to point to a value of the form 1110to point to a value of the form
875.Dq hostname:n 1111.Dq hostname:n ,
876where hostname indicates 1112where
877the host where the shell runs, and n is an integer \*(Ge 1. 1113.Dq hostname
1114indicates the host where the shell runs, and
1115.Sq n
1116is an integer \*(Ge 1.
878.Nm 1117.Nm
879uses this special value to forward X11 connections over the secure 1118uses this special value to forward X11 connections over the secure
880channel. 1119channel.
@@ -895,7 +1134,7 @@ Set to the path of the user's mailbox.
895Set to the default 1134Set to the default
896.Ev PATH , 1135.Ev PATH ,
897as specified when compiling 1136as specified when compiling
898.Nm ssh . 1137.Nm .
899.It Ev SSH_ASKPASS 1138.It Ev SSH_ASKPASS
900If 1139If
901.Nm 1140.Nm
@@ -920,15 +1159,16 @@ may be necessary to redirect the input from
920.Pa /dev/null 1159.Pa /dev/null
921to make this work.) 1160to make this work.)
922.It Ev SSH_AUTH_SOCK 1161.It Ev SSH_AUTH_SOCK
923Identifies the path of a unix-domain socket used to communicate with the 1162Identifies the path of a
924agent. 1163.Ux Ns -domain
1164socket used to communicate with the agent.
925.It Ev SSH_CONNECTION 1165.It Ev SSH_CONNECTION
926Identifies the client and server ends of the connection. 1166Identifies the client and server ends of the connection.
927The variable contains 1167The variable contains
928four space-separated values: client ip-address, client port number, 1168four space-separated values: client IP address, client port number,
929server ip-address and server port number. 1169server IP address, and server port number.
930.It Ev SSH_ORIGINAL_COMMAND 1170.It Ev SSH_ORIGINAL_COMMAND
931The variable contains the original command line if a forced command 1171This variable contains the original command line if a forced command
932is executed. 1172is executed.
933It can be used to extract the original arguments. 1173It can be used to extract the original arguments.
934.It Ev SSH_TTY 1174.It Ev SSH_TTY
@@ -937,7 +1177,7 @@ with the current shell or command.
937If the current session has no tty, 1177If the current session has no tty,
938this variable is not set. 1178this variable is not set.
939.It Ev TZ 1179.It Ev TZ
940The timezone variable is set to indicate the present timezone if it 1180This variable is set to indicate the present time zone if it
941was set when the daemon was started (i.e., the daemon passes the value 1181was set when the daemon was started (i.e., the daemon passes the value
942on to new connections). 1182on to new connections).
943.It Ev USER 1183.It Ev USER
@@ -950,221 +1190,150 @@ reads
950.Pa ~/.ssh/environment , 1190.Pa ~/.ssh/environment ,
951and adds lines of the format 1191and adds lines of the format
952.Dq VARNAME=value 1192.Dq VARNAME=value
953to the environment if the file exists and if users are allowed to 1193to the environment if the file exists and users are allowed to
954change their environment. 1194change their environment.
955For more information, see the 1195For more information, see the
956.Cm PermitUserEnvironment 1196.Cm PermitUserEnvironment
957option in 1197option in
958.Xr sshd_config 5 . 1198.Xr sshd_config 5 .
959.Sh FILES 1199.Sh FILES
960.Bl -tag -width Ds 1200.Bl -tag -width Ds -compact
961.It Pa ~/.ssh/known_hosts 1201.It ~/.rhosts
962Records host keys for all hosts the user has logged into that are not 1202This file is used for host-based authentication (see above).
963in 1203On some machines this file may need to be
964.Pa /etc/ssh/ssh_known_hosts . 1204world-readable if the user's home directory is on an NFS partition,
965See 1205because
966.Xr sshd 8 . 1206.Xr sshd 8
967.It Pa ~/.ssh/identity, ~/.ssh/id_dsa, ~/.ssh/id_rsa 1207reads it as root.
968Contains the authentication identity of the user. 1208Additionally, this file must be owned by the user,
969They are for protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively. 1209and must not have write permissions for anyone else.
1210The recommended
1211permission for most machines is read/write for the user, and not
1212accessible by others.
1213.Pp
1214.It ~/.shosts
1215This file is used in exactly the same way as
1216.Pa .rhosts ,
1217but allows host-based authentication without permitting login with
1218rlogin/rsh.
1219.Pp
1220.It ~/.ssh/authorized_keys
1221Lists the public keys (RSA/DSA) that can be used for logging in as this user.
1222The format of this file is described in the
1223.Xr sshd 8
1224manual page.
1225This file is not highly sensitive, but the recommended
1226permissions are read/write for the user, and not accessible by others.
1227.Pp
1228.It ~/.ssh/config
1229This is the per-user configuration file.
1230The file format and configuration options are described in
1231.Xr ssh_config 5 .
1232Because of the potential for abuse, this file must have strict permissions:
1233read/write for the user, and not accessible by others.
1234.Pp
1235.It ~/.ssh/environment
1236Contains additional definitions for environment variables; see
1237.Sx ENVIRONMENT ,
1238above.
1239.Pp
1240.It ~/.ssh/identity
1241.It ~/.ssh/id_dsa
1242.It ~/.ssh/id_rsa
1243Contains the private key for authentication.
970These files 1244These files
971contain sensitive data and should be readable by the user but not 1245contain sensitive data and should be readable by the user but not
972accessible by others (read/write/execute). 1246accessible by others (read/write/execute).
973Note that
974.Nm 1247.Nm
975ignores a private key file if it is accessible by others. 1248will simply ignore a private key file if it is accessible by others.
976It is possible to specify a passphrase when 1249It is possible to specify a passphrase when
977generating the key; the passphrase will be used to encrypt the 1250generating the key which will be used to encrypt the
978sensitive part of this file using 3DES. 1251sensitive part of this file using 3DES.
979.It Pa ~/.ssh/identity.pub, ~/.ssh/id_dsa.pub, ~/.ssh/id_rsa.pub 1252.Pp
980Contains the public key for authentication (public part of the 1253.It ~/.ssh/identity.pub
981identity file in human-readable form). 1254.It ~/.ssh/id_dsa.pub
982The contents of the 1255.It ~/.ssh/id_rsa.pub
983.Pa ~/.ssh/identity.pub 1256Contains the public key for authentication.
984file should be added to the file
985.Pa ~/.ssh/authorized_keys
986on all machines
987where the user wishes to log in using protocol version 1 RSA authentication.
988The contents of the
989.Pa ~/.ssh/id_dsa.pub
990and
991.Pa ~/.ssh/id_rsa.pub
992file should be added to
993.Pa ~/.ssh/authorized_keys
994on all machines
995where the user wishes to log in using protocol version 2 DSA/RSA authentication.
996These files are not 1257These files are not
997sensitive and can (but need not) be readable by anyone. 1258sensitive and can (but need not) be readable by anyone.
998These files are
999never used automatically and are not necessary; they are only provided for
1000the convenience of the user.
1001.It Pa ~/.ssh/config
1002This is the per-user configuration file.
1003The file format and configuration options are described in
1004.Xr ssh_config 5 .
1005Because of the potential for abuse, this file must have strict permissions:
1006read/write for the user, and not accessible by others.
1007.It Pa ~/.ssh/authorized_keys
1008Lists the public keys (RSA/DSA) that can be used for logging in as this user.
1009The format of this file is described in the
1010.Xr sshd 8
1011manual page.
1012In the simplest form the format is the same as the
1013.Pa .pub
1014identity files.
1015This file is not highly sensitive, but the recommended
1016permissions are read/write for the user, and not accessible by others.
1017.It Pa /etc/ssh/ssh_known_hosts
1018Systemwide list of known host keys.
1019This file should be prepared by the
1020system administrator to contain the public host keys of all machines in the
1021organization.
1022This file should be world-readable.
1023This file contains
1024public keys, one per line, in the following format (fields separated
1025by spaces): system name, public key and optional comment field.
1026When different names are used
1027for the same machine, all such names should be listed, separated by
1028commas.
1029The format is described in the
1030.Xr sshd 8
1031manual page.
1032.Pp 1259.Pp
1033The canonical system name (as returned by name servers) is used by 1260.It ~/.ssh/known_hosts
1261Contains a list of host keys for all hosts the user has logged into
1262that are not already in the systemwide list of known host keys.
1263See
1034.Xr sshd 8 1264.Xr sshd 8
1035to verify the client host when logging in; other names are needed because 1265for further details of the format of this file.
1266.Pp
1267.It ~/.ssh/rc
1268Commands in this file are executed by
1036.Nm 1269.Nm
1037does not convert the user-supplied name to a canonical name before 1270when the user logs in, just before the user's shell (or command) is
1038checking the key, because someone with access to the name servers 1271started.
1039would then be able to fool host authentication. 1272See the
1273.Xr sshd 8
1274manual page for more information.
1275.Pp
1276.It /etc/hosts.equiv
1277This file is for host-based authentication (see above).
1278It should only be writable by root.
1279.Pp
1280.It /etc/shosts.equiv
1281This file is used in exactly the same way as
1282.Pa hosts.equiv ,
1283but allows host-based authentication without permitting login with
1284rlogin/rsh.
1285.Pp
1040.It Pa /etc/ssh/ssh_config 1286.It Pa /etc/ssh/ssh_config
1041Systemwide configuration file. 1287Systemwide configuration file.
1042The file format and configuration options are described in 1288The file format and configuration options are described in
1043.Xr ssh_config 5 . 1289.Xr ssh_config 5 .
1044.It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key 1290.Pp
1291.It /etc/ssh/ssh_host_key
1292.It /etc/ssh/ssh_host_dsa_key
1293.It /etc/ssh/ssh_host_rsa_key
1045These three files contain the private parts of the host keys 1294These three files contain the private parts of the host keys
1046and are used for 1295and are used for host-based authentication.
1047.Cm RhostsRSAAuthentication 1296If protocol version 1 is used,
1048and
1049.Cm HostbasedAuthentication .
1050If the protocol version 1
1051.Cm RhostsRSAAuthentication
1052method is used,
1053.Nm 1297.Nm
1054must be setuid root, since the host key is readable only by root. 1298must be setuid root, since the host key is readable only by root.
1055For protocol version 2, 1299For protocol version 2,
1056.Nm 1300.Nm
1057uses 1301uses
1058.Xr ssh-keysign 8 1302.Xr ssh-keysign 8
1059to access the host keys for 1303to access the host keys,
1060.Cm HostbasedAuthentication . 1304eliminating the requirement that
1061This eliminates the requirement that
1062.Nm 1305.Nm
1063be setuid root when that authentication method is used. 1306be setuid root when host-based authentication is used.
1064By default 1307By default
1065.Nm 1308.Nm
1066is not setuid root. 1309is not setuid root.
1067.It Pa ~/.rhosts
1068This file is used in
1069.Cm RhostsRSAAuthentication
1070and
1071.Cm HostbasedAuthentication
1072authentication to list the
1073host/user pairs that are permitted to log in.
1074(Note that this file is
1075also used by rlogin and rsh, which makes using this file insecure.)
1076Each line of the file contains a host name (in the canonical form
1077returned by name servers), and then a user name on that host,
1078separated by a space.
1079On some machines this file may need to be
1080world-readable if the user's home directory is on a NFS partition,
1081because
1082.Xr sshd 8
1083reads it as root.
1084Additionally, this file must be owned by the user,
1085and must not have write permissions for anyone else.
1086The recommended
1087permission for most machines is read/write for the user, and not
1088accessible by others.
1089.Pp 1310.Pp
1090Note that 1311.It /etc/ssh/ssh_known_hosts
1091.Xr sshd 8 1312Systemwide list of known host keys.
1092allows authentication only in combination with client host key 1313This file should be prepared by the
1093authentication before permitting log in. 1314system administrator to contain the public host keys of all machines in the
1094If the server machine does not have the client's host key in 1315organization.
1095.Pa /etc/ssh/ssh_known_hosts , 1316It should be world-readable.
1096it can be stored in 1317See
1097.Pa ~/.ssh/known_hosts .
1098The easiest way to do this is to
1099connect back to the client from the server machine using ssh; this
1100will automatically add the host key to
1101.Pa ~/.ssh/known_hosts .
1102.It Pa ~/.shosts
1103This file is used exactly the same way as
1104.Pa .rhosts .
1105The purpose for
1106having this file is to be able to use
1107.Cm RhostsRSAAuthentication
1108and
1109.Cm HostbasedAuthentication
1110authentication without permitting login with
1111.Xr rlogin
1112or
1113.Xr rsh 1 .
1114.It Pa /etc/hosts.equiv
1115This file is used during
1116.Cm RhostsRSAAuthentication
1117and
1118.Cm HostbasedAuthentication
1119authentication.
1120It contains
1121canonical hosts names, one per line (the full format is described in the
1122.Xr sshd 8
1123manual page).
1124If the client host is found in this file, login is
1125automatically permitted provided client and server user names are the
1126same.
1127Additionally, successful client host key authentication is required.
1128This file should only be writable by root.
1129.It Pa /etc/shosts.equiv
1130This file is processed exactly as
1131.Pa /etc/hosts.equiv .
1132This file may be useful to permit logins using
1133.Nm
1134but not using rsh/rlogin.
1135.It Pa /etc/ssh/sshrc
1136Commands in this file are executed by
1137.Nm
1138when the user logs in just before the user's shell (or command) is started.
1139See the
1140.Xr sshd 8 1318.Xr sshd 8
1141manual page for more information. 1319for further details of the format of this file.
1142.It Pa ~/.ssh/rc 1320.Pp
1321.It /etc/ssh/sshrc
1143Commands in this file are executed by 1322Commands in this file are executed by
1144.Nm 1323.Nm
1145when the user logs in just before the user's shell (or command) is 1324when the user logs in, just before the user's shell (or command) is started.
1146started.
1147See the 1325See the
1148.Xr sshd 8 1326.Xr sshd 8
1149manual page for more information. 1327manual page for more information.
1150.It Pa ~/.ssh/environment
1151Contains additional definitions for environment variables, see section
1152.Sx ENVIRONMENT
1153above.
1154.El 1328.El
1155.Sh DIAGNOSTICS
1156.Nm
1157exits with the exit status of the remote command or with 255
1158if an error occurred.
1159.Sh SEE ALSO 1329.Sh SEE ALSO
1160.Xr gzip 1 ,
1161.Xr rsh 1 ,
1162.Xr scp 1 , 1330.Xr scp 1 ,
1163.Xr sftp 1 , 1331.Xr sftp 1 ,
1164.Xr ssh-add 1 , 1332.Xr ssh-add 1 ,
1165.Xr ssh-agent 1 , 1333.Xr ssh-agent 1 ,
1166.Xr ssh-keygen 1 , 1334.Xr ssh-keygen 1 ,
1167.Xr telnet 1 , 1335.Xr ssh-keyscan 1 ,
1336.Xr tun 4 ,
1168.Xr hosts.equiv 5 , 1337.Xr hosts.equiv 5 ,
1169.Xr ssh_config 5 , 1338.Xr ssh_config 5 ,
1170.Xr ssh-keysign 8 , 1339.Xr ssh-keysign 8 ,
diff --git a/ssh.c b/ssh.c
index c9e5aac7a..3940dabfd 100644
--- a/ssh.c
+++ b/ssh.c
@@ -40,7 +40,7 @@
40 */ 40 */
41 41
42#include "includes.h" 42#include "includes.h"
43RCSID("$OpenBSD: ssh.c,v 1.249 2005/07/30 01:26:16 djm Exp $"); 43RCSID("$OpenBSD: ssh.c,v 1.257 2005/12/20 04:41:07 dtucker Exp $");
44 44
45#include <openssl/evp.h> 45#include <openssl/evp.h>
46#include <openssl/err.h> 46#include <openssl/err.h>
@@ -158,13 +158,13 @@ usage(void)
158{ 158{
159 fprintf(stderr, 159 fprintf(stderr,
160"usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n" 160"usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n"
161" [-D port] [-e escape_char] [-F configfile]\n" 161" [-D [bind_address:]port] [-e escape_char] [-F configfile]\n"
162" [-i identity_file] [-L [bind_address:]port:host:hostport]\n" 162" [-i identity_file] [-L [bind_address:]port:host:hostport]\n"
163" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" 163" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
164" [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" 164" [-R [bind_address:]port:host:hostport] [-S ctl_path]\n"
165" [user@]hostname [command]\n" 165" [-w tunnel:tunnel] [user@]hostname [command]\n"
166 ); 166 );
167 exit(1); 167 exit(255);
168} 168}
169 169
170static int ssh_session(void); 170static int ssh_session(void);
@@ -188,6 +188,9 @@ main(int ac, char **av)
188 struct servent *sp; 188 struct servent *sp;
189 Forward fwd; 189 Forward fwd;
190 190
191 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
192 sanitise_stdfd();
193
191 __progname = ssh_get_progname(av[0]); 194 __progname = ssh_get_progname(av[0]);
192 init_rng(); 195 init_rng();
193 196
@@ -220,7 +223,7 @@ main(int ac, char **av)
220 pw = getpwuid(original_real_uid); 223 pw = getpwuid(original_real_uid);
221 if (!pw) { 224 if (!pw) {
222 logit("You don't exist, go away!"); 225 logit("You don't exist, go away!");
223 exit(1); 226 exit(255);
224 } 227 }
225 /* Take a copy of the returned structure. */ 228 /* Take a copy of the returned structure. */
226 pw = pwcopy(pw); 229 pw = pwcopy(pw);
@@ -241,7 +244,7 @@ main(int ac, char **av)
241 244
242again: 245again:
243 while ((opt = getopt(ac, av, 246 while ((opt = getopt(ac, av,
244 "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVXY")) != -1) { 247 "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S:TVw:XY")) != -1) {
245 switch (opt) { 248 switch (opt) {
246 case '1': 249 case '1':
247 options.protocol = SSH_PROTO_1; 250 options.protocol = SSH_PROTO_1;
@@ -337,6 +340,15 @@ again:
337 if (opt == 'V') 340 if (opt == 'V')
338 exit(0); 341 exit(0);
339 break; 342 break;
343 case 'w':
344 if (options.tun_open == -1)
345 options.tun_open = SSH_TUNMODE_DEFAULT;
346 options.tun_local = a2tun(optarg, &options.tun_remote);
347 if (options.tun_local == SSH_TUNID_ERR) {
348 fprintf(stderr, "Bad tun device '%s'\n", optarg);
349 exit(255);
350 }
351 break;
340 case 'q': 352 case 'q':
341 options.log_level = SYSLOG_LEVEL_QUIET; 353 options.log_level = SYSLOG_LEVEL_QUIET;
342 break; 354 break;
@@ -352,7 +364,7 @@ again:
352 else { 364 else {
353 fprintf(stderr, "Bad escape character '%s'.\n", 365 fprintf(stderr, "Bad escape character '%s'.\n",
354 optarg); 366 optarg);
355 exit(1); 367 exit(255);
356 } 368 }
357 break; 369 break;
358 case 'c': 370 case 'c':
@@ -367,7 +379,7 @@ again:
367 fprintf(stderr, 379 fprintf(stderr,
368 "Unknown cipher type '%s'\n", 380 "Unknown cipher type '%s'\n",
369 optarg); 381 optarg);
370 exit(1); 382 exit(255);
371 } 383 }
372 if (options.cipher == SSH_CIPHER_3DES) 384 if (options.cipher == SSH_CIPHER_3DES)
373 options.ciphers = "3des-cbc"; 385 options.ciphers = "3des-cbc";
@@ -383,7 +395,7 @@ again:
383 else { 395 else {
384 fprintf(stderr, "Unknown mac type '%s'\n", 396 fprintf(stderr, "Unknown mac type '%s'\n",
385 optarg); 397 optarg);
386 exit(1); 398 exit(255);
387 } 399 }
388 break; 400 break;
389 case 'M': 401 case 'M':
@@ -396,7 +408,7 @@ again:
396 options.port = a2port(optarg); 408 options.port = a2port(optarg);
397 if (options.port == 0) { 409 if (options.port == 0) {
398 fprintf(stderr, "Bad port '%s'\n", optarg); 410 fprintf(stderr, "Bad port '%s'\n", optarg);
399 exit(1); 411 exit(255);
400 } 412 }
401 break; 413 break;
402 case 'l': 414 case 'l':
@@ -410,7 +422,7 @@ again:
410 fprintf(stderr, 422 fprintf(stderr,
411 "Bad local forwarding specification '%s'\n", 423 "Bad local forwarding specification '%s'\n",
412 optarg); 424 optarg);
413 exit(1); 425 exit(255);
414 } 426 }
415 break; 427 break;
416 428
@@ -421,7 +433,7 @@ again:
421 fprintf(stderr, 433 fprintf(stderr,
422 "Bad remote forwarding specification " 434 "Bad remote forwarding specification "
423 "'%s'\n", optarg); 435 "'%s'\n", optarg);
424 exit(1); 436 exit(255);
425 } 437 }
426 break; 438 break;
427 439
@@ -432,7 +444,7 @@ again:
432 if ((fwd.listen_host = hpdelim(&cp)) == NULL) { 444 if ((fwd.listen_host = hpdelim(&cp)) == NULL) {
433 fprintf(stderr, "Bad dynamic forwarding " 445 fprintf(stderr, "Bad dynamic forwarding "
434 "specification '%.100s'\n", optarg); 446 "specification '%.100s'\n", optarg);
435 exit(1); 447 exit(255);
436 } 448 }
437 if (cp != NULL) { 449 if (cp != NULL) {
438 fwd.listen_port = a2port(cp); 450 fwd.listen_port = a2port(cp);
@@ -445,7 +457,7 @@ again:
445 if (fwd.listen_port == 0) { 457 if (fwd.listen_port == 0) {
446 fprintf(stderr, "Bad dynamic port '%s'\n", 458 fprintf(stderr, "Bad dynamic port '%s'\n",
447 optarg); 459 optarg);
448 exit(1); 460 exit(255);
449 } 461 }
450 add_local_forward(&options, &fwd); 462 add_local_forward(&options, &fwd);
451 xfree(p); 463 xfree(p);
@@ -466,7 +478,7 @@ again:
466 line = xstrdup(optarg); 478 line = xstrdup(optarg);
467 if (process_config_line(&options, host ? host : "", 479 if (process_config_line(&options, host ? host : "",
468 line, "command-line", 0, &dummy) != 0) 480 line, "command-line", 0, &dummy) != 0)
469 exit(1); 481 exit(255);
470 xfree(line); 482 xfree(line);
471 break; 483 break;
472 case 's': 484 case 's':
@@ -642,7 +654,7 @@ again:
642 original_effective_uid == 0 && options.use_privileged_port, 654 original_effective_uid == 0 && options.use_privileged_port,
643#endif 655#endif
644 options.proxy_command) != 0) 656 options.proxy_command) != 0)
645 exit(1); 657 exit(255);
646 658
647 /* 659 /*
648 * If we successfully made the connection, load the host private key 660 * If we successfully made the connection, load the host private key
@@ -695,7 +707,7 @@ again:
695 707
696 /* 708 /*
697 * Now that we are back to our own permissions, create ~/.ssh 709 * Now that we are back to our own permissions, create ~/.ssh
698 * directory if it doesn\'t already exist. 710 * directory if it doesn't already exist.
699 */ 711 */
700 snprintf(buf, sizeof buf, "%.100s%s%.100s", pw->pw_dir, strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); 712 snprintf(buf, sizeof buf, "%.100s%s%.100s", pw->pw_dir, strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
701 if (stat(buf, &st) < 0) 713 if (stat(buf, &st) < 0)
@@ -791,8 +803,7 @@ ssh_init_forwarding(void)
791 debug("Remote connections from %.200s:%d forwarded to " 803 debug("Remote connections from %.200s:%d forwarded to "
792 "local address %.200s:%d", 804 "local address %.200s:%d",
793 (options.remote_forwards[i].listen_host == NULL) ? 805 (options.remote_forwards[i].listen_host == NULL) ?
794 (options.gateway_ports ? "*" : "LOCALHOST") : 806 "LOCALHOST" : options.remote_forwards[i].listen_host,
795 options.remote_forwards[i].listen_host,
796 options.remote_forwards[i].listen_port, 807 options.remote_forwards[i].listen_port,
797 options.remote_forwards[i].connect_host, 808 options.remote_forwards[i].connect_host,
798 options.remote_forwards[i].connect_port); 809 options.remote_forwards[i].connect_port);
@@ -808,7 +819,7 @@ static void
808check_agent_present(void) 819check_agent_present(void)
809{ 820{
810 if (options.forward_agent) { 821 if (options.forward_agent) {
811 /* Clear agent forwarding if we don\'t have an agent. */ 822 /* Clear agent forwarding if we don't have an agent. */
812 if (!ssh_agent_present()) 823 if (!ssh_agent_present())
813 options.forward_agent = 0; 824 options.forward_agent = 0;
814 } 825 }
@@ -1010,7 +1021,7 @@ ssh_control_listener(void)
1010 fatal("ControlPath too long"); 1021 fatal("ControlPath too long");
1011 1022
1012 if ((control_fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) 1023 if ((control_fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
1013 fatal("%s socket(): %s\n", __func__, strerror(errno)); 1024 fatal("%s socket(): %s", __func__, strerror(errno));
1014 1025
1015 old_umask = umask(0177); 1026 old_umask = umask(0177);
1016 if (bind(control_fd, (struct sockaddr*)&addr, addr_len) == -1) { 1027 if (bind(control_fd, (struct sockaddr*)&addr, addr_len) == -1) {
@@ -1019,12 +1030,12 @@ ssh_control_listener(void)
1019 fatal("ControlSocket %s already exists", 1030 fatal("ControlSocket %s already exists",
1020 options.control_path); 1031 options.control_path);
1021 else 1032 else
1022 fatal("%s bind(): %s\n", __func__, strerror(errno)); 1033 fatal("%s bind(): %s", __func__, strerror(errno));
1023 } 1034 }
1024 umask(old_umask); 1035 umask(old_umask);
1025 1036
1026 if (listen(control_fd, 64) == -1) 1037 if (listen(control_fd, 64) == -1)
1027 fatal("%s listen(): %s\n", __func__, strerror(errno)); 1038 fatal("%s listen(): %s", __func__, strerror(errno));
1028 1039
1029 set_nonblock(control_fd); 1040 set_nonblock(control_fd);
1030} 1041}
@@ -1057,6 +1068,33 @@ ssh_session2_setup(int id, void *arg)
1057 packet_send(); 1068 packet_send();
1058 } 1069 }
1059 1070
1071 if (options.tun_open != SSH_TUNMODE_NO) {
1072 Channel *c;
1073 int fd;
1074
1075 debug("Requesting tun.");
1076 if ((fd = tun_open(options.tun_local,
1077 options.tun_open)) >= 0) {
1078 c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
1079 CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
1080 0, "tun", 1);
1081 c->datagram = 1;
1082#if defined(SSH_TUN_FILTER)
1083 if (options.tun_open == SSH_TUNMODE_POINTOPOINT)
1084 channel_register_filter(c->self, sys_tun_infilter,
1085 sys_tun_outfilter);
1086#endif
1087 packet_start(SSH2_MSG_CHANNEL_OPEN);
1088 packet_put_cstring("tun@openssh.com");
1089 packet_put_int(c->self);
1090 packet_put_int(c->local_window_max);
1091 packet_put_int(c->local_maxpacket);
1092 packet_put_int(options.tun_open);
1093 packet_put_int(options.tun_remote);
1094 packet_send();
1095 }
1096 }
1097
1060 client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"), 1098 client_session2_setup(id, tty_flag, subsystem_flag, getenv("TERM"),
1061 NULL, fileno(stdin), &command, environ, &ssh_subsystem_reply); 1099 NULL, fileno(stdin), &command, environ, &ssh_subsystem_reply);
1062 1100
@@ -1121,6 +1159,11 @@ ssh_session2(void)
1121 if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN)) 1159 if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN))
1122 id = ssh_session2_open(); 1160 id = ssh_session2_open();
1123 1161
1162 /* Execute a local command */
1163 if (options.local_command != NULL &&
1164 options.permit_local_command)
1165 ssh_local_cmd(options.local_command);
1166
1124 /* If requested, let ssh continue in the background. */ 1167 /* If requested, let ssh continue in the background. */
1125 if (fork_after_authentication_flag) 1168 if (fork_after_authentication_flag)
1126 if (daemon(1, 1) < 0) 1169 if (daemon(1, 1) < 0)
diff --git a/ssh_config b/ssh_config
index f41bee0a2..7bc8762d6 100644
--- a/ssh_config
+++ b/ssh_config
@@ -1,4 +1,4 @@
1# $OpenBSD: ssh_config,v 1.20 2005/01/28 09:45:53 dtucker Exp $ 1# $OpenBSD: ssh_config,v 1.21 2005/12/06 22:38:27 reyk Exp $
2 2
3# This is the ssh client system-wide configuration file. See 3# This is the ssh client system-wide configuration file. See
4# ssh_config(5) for more information. This file provides defaults for 4# ssh_config(5) for more information. This file provides defaults for
@@ -37,3 +37,6 @@
37# Cipher 3des 37# Cipher 3des
38# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc 38# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
39# EscapeChar ~ 39# EscapeChar ~
40# Tunnel no
41# TunnelDevice any:any
42# PermitLocalCommand no
diff --git a/ssh_config.0 b/ssh_config.0
index a2706b69c..46a0543c3 100644
--- a/ssh_config.0
+++ b/ssh_config.0
@@ -129,16 +129,19 @@ DESCRIPTION
129 on a control socket specified using the ControlPath argument. 129 on a control socket specified using the ControlPath argument.
130 Additional sessions can connect to this socket using the same 130 Additional sessions can connect to this socket using the same
131 ControlPath with ControlMaster set to ``no'' (the default). 131 ControlPath with ControlMaster set to ``no'' (the default).
132 These sessions will reuse the master instance's network connec- 132 These sessions will try to reuse the master instance's network
133 tion rather than initiating new ones. Setting this to ``ask'' 133 connection rather than initiating new ones, but will fall back to
134 will cause ssh to listen for control connections, but require 134 connecting normally if the control socket does not exist, or is
135 confirmation using the SSH_ASKPASS program before they are ac- 135 not listening.
136 cepted (see ssh-add(1) for details). If the ControlPath can not 136
137 be opened, ssh will continue without connecting to a master in- 137 Setting this to ``ask'' will cause ssh to listen for control con-
138 stance. 138 nections, but require confirmation using the SSH_ASKPASS program
139 before they are accepted (see ssh-add(1) for details). If the
140 ControlPath can not be opened, ssh will continue without connect-
141 ing to a master instance.
139 142
140 X11 and ssh-agent(1) forwarding is supported over these multi- 143 X11 and ssh-agent(1) forwarding is supported over these multi-
141 plexed connections, however the display and agent fowarded will 144 plexed connections, however the display and agent forwarded will
142 be the one belonging to the master connection i.e. it is not pos- 145 be the one belonging to the master connection i.e. it is not pos-
143 sible to forward multiple displays or agents. 146 sible to forward multiple displays or agents.
144 147
@@ -159,14 +162,24 @@ DESCRIPTION
159 nections are uniquely identified. 162 nections are uniquely identified.
160 163
161 DynamicForward 164 DynamicForward
162 Specifies that a TCP/IP port on the local machine be forwarded 165 Specifies that a TCP port on the local machine be forwarded over
163 over the secure channel, and the application protocol is then 166 the secure channel, and the application protocol is then used to
164 used to determine where to connect to from the remote machine. 167 determine where to connect to from the remote machine.
165 The argument must be a port number. Currently the SOCKS4 and 168
166 SOCKS5 protocols are supported, and ssh will act as a SOCKS serv- 169 The argument must be [bind_address:]port. IPv6 addresses can be
167 er. Multiple forwardings may be specified, and additional for- 170 specified by enclosing addresses in square brackets or by using
168 wardings can be given on the command line. Only the superuser 171 an alternative syntax: [bind_address/]port. By default, the lo-
169 can forward privileged ports. 172 cal port is bound in accordance with the GatewayPorts setting.
173 However, an explicit bind_address may be used to bind the connec-
174 tion to a specific address. The bind_address of ``localhost''
175 indicates that the listening port be bound for local use only,
176 while an empty address or `*' indicates that the port should be
177 available from all interfaces.
178
179 Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh
180 will act as a SOCKS server. Multiple forwardings may be speci-
181 fied, and additional forwardings can be given on the command
182 line. Only the superuser can forward privileged ports.
170 183
171 EnableSSHKeysign 184 EnableSSHKeysign
172 Setting this option to ``yes'' in the global client configuration 185 Setting this option to ``yes'' in the global client configuration
@@ -280,6 +293,14 @@ DESCRIPTION
280 permitted (both on the command line and in HostName specifica- 293 permitted (both on the command line and in HostName specifica-
281 tions). 294 tions).
282 295
296 IdentitiesOnly
297 Specifies that ssh should only use the authentication identity
298 files configured in the ssh_config files, even if the ssh-agent
299 offers more identities. The argument to this keyword must be
300 ``yes'' or ``no''. This option is intended for situations where
301 ssh-agent offers many different identities. The default is
302 ``no''.
303
283 IdentityFile 304 IdentityFile
284 Specifies a file from which the user's RSA or DSA authentication 305 Specifies a file from which the user's RSA or DSA authentication
285 identity is read. The default is ~/.ssh/identity for protocol 306 identity is read. The default is ~/.ssh/identity for protocol
@@ -290,35 +311,33 @@ DESCRIPTION
290 is possible to have multiple identity files specified in configu- 311 is possible to have multiple identity files specified in configu-
291 ration files; all these identities will be tried in sequence. 312 ration files; all these identities will be tried in sequence.
292 313
293 IdentitiesOnly
294 Specifies that ssh should only use the authentication identity
295 files configured in the ssh_config files, even if the ssh-agent
296 offers more identities. The argument to this keyword must be
297 ``yes'' or ``no''. This option is intented for situations where
298 ssh-agent offers many different identities. The default is
299 ``no''.
300
301 KbdInteractiveDevices 314 KbdInteractiveDevices
302 Specifies the list of methods to use in keyboard-interactive au- 315 Specifies the list of methods to use in keyboard-interactive au-
303 thentication. Multiple method names must be comma-separated. 316 thentication. Multiple method names must be comma-separated.
304 The default is to use the server specified list. 317 The default is to use the server specified list.
305 318
319 LocalCommand
320 Specifies a command to execute on the local machine after suc-
321 cessfully connecting to the server. The command string extends
322 to the end of the line, and is executed with /bin/sh. This di-
323 rective is ignored unless PermitLocalCommand has been enabled.
324
306 LocalForward 325 LocalForward
307 Specifies that a TCP/IP port on the local machine be forwarded 326 Specifies that a TCP port on the local machine be forwarded over
308 over the secure channel to the specified host and port from the 327 the secure channel to the specified host and port from the remote
309 remote machine. The first argument must be [bind_address:]port 328 machine. The first argument must be [bind_address:]port and the
310 and the second argument must be host:hostport. IPv6 addresses 329 second argument must be host:hostport. IPv6 addresses can be
311 can be specified by enclosing addresses in square brackets or by 330 specified by enclosing addresses in square brackets or by using
312 using an alternative syntax: [bind_address/]port and 331 an alternative syntax: [bind_address/]port and host/hostport.
313 host/hostport. Multiple forwardings may be specified, and addi- 332 Multiple forwardings may be specified, and additional forwardings
314 tional forwardings can be given on the command line. Only the 333 can be given on the command line. Only the superuser can forward
315 superuser can forward privileged ports. By default, the local 334 privileged ports. By default, the local port is bound in accor-
316 port is bound in accordance with the GatewayPorts setting. How- 335 dance with the GatewayPorts setting. However, an explicit
317 ever, an explicit bind_address may be used to bind the connection 336 bind_address may be used to bind the connection to a specific ad-
318 to a specific address. The bind_address of ``localhost'' indi- 337 dress. The bind_address of ``localhost'' indicates that the lis-
319 cates that the listening port be bound for local use only, while 338 tening port be bound for local use only, while an empty address
320 an empty address or `*' indicates that the port should be avail- 339 or `*' indicates that the port should be available from all in-
321 able from all interfaces. 340 terfaces.
322 341
323 LogLevel 342 LogLevel
324 Gives the verbosity level that is used when logging messages from 343 Gives the verbosity level that is used when logging messages from
@@ -351,6 +370,11 @@ DESCRIPTION
351 to this keyword must be ``yes'' or ``no''. The default is 370 to this keyword must be ``yes'' or ``no''. The default is
352 ``yes''. 371 ``yes''.
353 372
373 PermitLocalCommand
374 Allow local command execution via the LocalCommand option or us-
375 ing the !command escape sequence in ssh(1). The argument must be
376 ``yes'' or ``no''. The default is ``no''.
377
354 Port Specifies the port number to connect on the remote host. Default 378 Port Specifies the port number to connect on the remote host. Default
355 is 22. 379 is 22.
356 380
@@ -393,16 +417,24 @@ DESCRIPTION
393 to this keyword must be ``yes'' or ``no''. The default is 417 to this keyword must be ``yes'' or ``no''. The default is
394 ``yes''. This option applies to protocol version 2 only. 418 ``yes''. This option applies to protocol version 2 only.
395 419
420 RekeyLimit
421 Specifies the maximum amount of data that may be transmitted be-
422 fore the session key is renegotiated. The argument is the number
423 of bytes, with an optional suffix of `K', `M', or `G' to indicate
424 Kilobytes, Megabytes, or Gigabytes, respectively. The default is
425 between ``1G'' and ``4G'', depending on the cipher. This option
426 applies to protocol version 2 only.
427
396 RemoteForward 428 RemoteForward
397 Specifies that a TCP/IP port on the remote machine be forwarded 429 Specifies that a TCP port on the remote machine be forwarded over
398 over the secure channel to the specified host and port from the 430 the secure channel to the specified host and port from the local
399 local machine. The first argument must be [bind_address:]port 431 machine. The first argument must be [bind_address:]port and the
400 and the second argument must be host:hostport. IPv6 addresses 432 second argument must be host:hostport. IPv6 addresses can be
401 can be specified by enclosing addresses in square brackets or by 433 specified by enclosing addresses in square brackets or by using
402 using an alternative syntax: [bind_address/]port and 434 an alternative syntax: [bind_address/]port and host/hostport.
403 host/hostport. Multiple forwardings may be specified, and addi- 435 Multiple forwardings may be specified, and additional forwardings
404 tional forwardings can be given on the command line. Only the 436 can be given on the command line. Only the superuser can forward
405 superuser can forward privileged ports. 437 privileged ports.
406 438
407 If the bind_address is not specified, the default is to only bind 439 If the bind_address is not specified, the default is to only bind
408 to loopback addresses. If the bind_address is `*' or an empty 440 to loopback addresses. If the bind_address is `*' or an empty
@@ -434,15 +466,8 @@ DESCRIPTION
434 separated by whitespace or spread across multiple SendEnv direc- 466 separated by whitespace or spread across multiple SendEnv direc-
435 tives. The default is not to send any environment variables. 467 tives. The default is not to send any environment variables.
436 468
437 ServerAliveInterval
438 Sets a timeout interval in seconds after which if no data has
439 been received from the server, ssh will send a message through
440 the encrypted channel to request a response from the server. The
441 default is 0, indicating that these messages will not be sent to
442 the server. This option applies to protocol version 2 only.
443
444 ServerAliveCountMax 469 ServerAliveCountMax
445 Sets the number of server alive messages (see above) which may be 470 Sets the number of server alive messages (see below) which may be
446 sent without ssh receiving any messages back from the server. If 471 sent without ssh receiving any messages back from the server. If
447 this threshold is reached while server alive messages are being 472 this threshold is reached while server alive messages are being
448 sent, ssh will disconnect from the server, terminating the ses- 473 sent, ssh will disconnect from the server, terminating the ses-
@@ -455,9 +480,16 @@ DESCRIPTION
455 tion has become inactive. 480 tion has become inactive.
456 481
457 The default value is 3. If, for example, ServerAliveInterval 482 The default value is 3. If, for example, ServerAliveInterval
458 (above) is set to 15, and ServerAliveCountMax is left at the de- 483 (see below) is set to 15, and ServerAliveCountMax is left at the
459 fault, if the server becomes unresponsive ssh will disconnect af- 484 default, if the server becomes unresponsive ssh will disconnect
460 ter approximately 45 seconds. 485 after approximately 45 seconds.
486
487 ServerAliveInterval
488 Sets a timeout interval in seconds after which if no data has
489 been received from the server, ssh will send a message through
490 the encrypted channel to request a response from the server. The
491 default is 0, indicating that these messages will not be sent to
492 the server. This option applies to protocol version 2 only.
461 493
462 SmartcardDevice 494 SmartcardDevice
463 Specifies which smartcard device to use. The argument to this 495 Specifies which smartcard device to use. The argument to this
@@ -496,6 +528,16 @@ DESCRIPTION
496 To disable TCP keepalive messages, the value should be set to 528 To disable TCP keepalive messages, the value should be set to
497 ``no''. 529 ``no''.
498 530
531 Tunnel Request starting tun(4) device forwarding between the client and
532 the server. This option also allows requesting layer 2 (ether-
533 net) instead of layer 3 (point-to-point) tunneling from the serv-
534 er. The argument must be ``yes'', ``point-to-point'',
535 ``ethernet'' or ``no''. The default is ``no''.
536
537 TunnelDevice
538 Force a specified tun(4) device on the client. Without this op-
539 tion, the next available device will be used.
540
499 UsePrivilegedPort 541 UsePrivilegedPort
500 Specifies whether to use a privileged port for outgoing connec- 542 Specifies whether to use a privileged port for outgoing connec-
501 tions. The argument must be ``yes'' or ``no''. The default is 543 tions. The argument must be ``yes'' or ``no''. The default is
@@ -551,4 +593,4 @@ AUTHORS
551 ated OpenSSH. Markus Friedl contributed the support for SSH protocol 593 ated OpenSSH. Markus Friedl contributed the support for SSH protocol
552 versions 1.5 and 2.0. 594 versions 1.5 and 2.0.
553 595
554OpenBSD 3.8 September 25, 1999 9 596OpenBSD 3.9 September 25, 1999 9
diff --git a/ssh_config.5 b/ssh_config.5
index 9ddb09480..5c94ffc9c 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: ssh_config.5,v 1.61 2005/07/08 12:53:10 jmc Exp $ 37.\" $OpenBSD: ssh_config.5,v 1.76 2006/01/20 11:21:45 jmc Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSH_CONFIG 5 39.Dt SSH_CONFIG 5
40.Os 40.Os
@@ -263,8 +263,10 @@ with
263set to 263set to
264.Dq no 264.Dq no
265(the default). 265(the default).
266These sessions will reuse the master instance's network connection rather 266These sessions will try to reuse the master instance's network connection
267than initiating new ones. 267rather than initiating new ones, but will fall back to connecting normally
268if the control socket does not exist, or is not listening.
269.Pp
268Setting this to 270Setting this to
269.Dq ask 271.Dq ask
270will cause 272will cause
@@ -283,7 +285,7 @@ will continue without connecting to a master instance.
283X11 and 285X11 and
284.Xr ssh-agent 1 286.Xr ssh-agent 1
285forwarding is supported over these multiplexed connections, however the 287forwarding is supported over these multiplexed connections, however the
286display and agent fowarded will be the one belonging to the master 288display and agent forwarded will be the one belonging to the master
287connection i.e. it is not possible to forward multiple displays or agents. 289connection i.e. it is not possible to forward multiple displays or agents.
288.Pp 290.Pp
289Two additional options allow for opportunistic multiplexing: try to use a 291Two additional options allow for opportunistic multiplexing: try to use a
@@ -316,11 +318,33 @@ used for opportunistic connection sharing include
316all three of these escape sequences. 318all three of these escape sequences.
317This ensures that shared connections are uniquely identified. 319This ensures that shared connections are uniquely identified.
318.It Cm DynamicForward 320.It Cm DynamicForward
319Specifies that a TCP/IP port on the local machine be forwarded 321Specifies that a TCP port on the local machine be forwarded
320over the secure channel, and the application 322over the secure channel, and the application
321protocol is then used to determine where to connect to from the 323protocol is then used to determine where to connect to from the
322remote machine. 324remote machine.
323The argument must be a port number. 325.Pp
326The argument must be
327.Sm off
328.Oo Ar bind_address : Oc Ar port .
329.Sm on
330IPv6 addresses can be specified by enclosing addresses in square brackets or
331by using an alternative syntax:
332.Oo Ar bind_address Ns / Oc Ns Ar port .
333By default, the local port is bound in accordance with the
334.Cm GatewayPorts
335setting.
336However, an explicit
337.Ar bind_address
338may be used to bind the connection to a specific address.
339The
340.Ar bind_address
341of
342.Dq localhost
343indicates that the listening port be bound for local use only, while an
344empty address or
345.Sq *
346indicates that the port should be available from all interfaces.
347.Pp
324Currently the SOCKS4 and SOCKS5 protocols are supported, and 348Currently the SOCKS4 and SOCKS5 protocols are supported, and
325.Nm ssh 349.Nm ssh
326will act as a SOCKS server. 350will act as a SOCKS server.
@@ -493,23 +517,6 @@ Default is the name given on the command line.
493Numeric IP addresses are also permitted (both on the command line and in 517Numeric IP addresses are also permitted (both on the command line and in
494.Cm HostName 518.Cm HostName
495specifications). 519specifications).
496.It Cm IdentityFile
497Specifies a file from which the user's RSA or DSA authentication identity
498is read.
499The default is
500.Pa ~/.ssh/identity
501for protocol version 1, and
502.Pa ~/.ssh/id_rsa
503and
504.Pa ~/.ssh/id_dsa
505for protocol version 2.
506Additionally, any identities represented by the authentication agent
507will be used for authentication.
508The file name may use the tilde
509syntax to refer to a user's home directory.
510It is possible to have
511multiple identity files specified in configuration files; all these
512identities will be tried in sequence.
513.It Cm IdentitiesOnly 520.It Cm IdentitiesOnly
514Specifies that 521Specifies that
515.Nm ssh 522.Nm ssh
@@ -523,17 +530,42 @@ The argument to this keyword must be
523.Dq yes 530.Dq yes
524or 531or
525.Dq no . 532.Dq no .
526This option is intented for situations where 533This option is intended for situations where
527.Nm ssh-agent 534.Nm ssh-agent
528offers many different identities. 535offers many different identities.
529The default is 536The default is
530.Dq no . 537.Dq no .
538.It Cm IdentityFile
539Specifies a file from which the user's RSA or DSA authentication identity
540is read.
541The default is
542.Pa ~/.ssh/identity
543for protocol version 1, and
544.Pa ~/.ssh/id_rsa
545and
546.Pa ~/.ssh/id_dsa
547for protocol version 2.
548Additionally, any identities represented by the authentication agent
549will be used for authentication.
550The file name may use the tilde
551syntax to refer to a user's home directory.
552It is possible to have
553multiple identity files specified in configuration files; all these
554identities will be tried in sequence.
531.It Cm KbdInteractiveDevices 555.It Cm KbdInteractiveDevices
532Specifies the list of methods to use in keyboard-interactive authentication. 556Specifies the list of methods to use in keyboard-interactive authentication.
533Multiple method names must be comma-separated. 557Multiple method names must be comma-separated.
534The default is to use the server specified list. 558The default is to use the server specified list.
559.It Cm LocalCommand
560Specifies a command to execute on the local machine after successfully
561connecting to the server.
562The command string extends to the end of the line, and is executed with
563.Pa /bin/sh .
564This directive is ignored unless
565.Cm PermitLocalCommand
566has been enabled.
535.It Cm LocalForward 567.It Cm LocalForward
536Specifies that a TCP/IP port on the local machine be forwarded over 568Specifies that a TCP port on the local machine be forwarded over
537the secure channel to the specified host and port from the remote machine. 569the secure channel to the specified host and port from the remote machine.
538The first argument must be 570The first argument must be
539.Sm off 571.Sm off
@@ -601,6 +633,19 @@ or
601.Dq no . 633.Dq no .
602The default is 634The default is
603.Dq yes . 635.Dq yes .
636.It Cm PermitLocalCommand
637Allow local command execution via the
638.Ic LocalCommand
639option or using the
640.Ic !\& Ns Ar command
641escape sequence in
642.Xr ssh 1 .
643The argument must be
644.Dq yes
645or
646.Dq no .
647The default is
648.Dq no .
604.It Cm Port 649.It Cm Port
605Specifies the port number to connect on the remote host. 650Specifies the port number to connect on the remote host.
606Default is 22. 651Default is 22.
@@ -673,8 +718,23 @@ or
673The default is 718The default is
674.Dq yes . 719.Dq yes .
675This option applies to protocol version 2 only. 720This option applies to protocol version 2 only.
721.It Cm RekeyLimit
722Specifies the maximum amount of data that may be transmitted before the
723session key is renegotiated.
724The argument is the number of bytes, with an optional suffix of
725.Sq K ,
726.Sq M ,
727or
728.Sq G
729to indicate Kilobytes, Megabytes, or Gigabytes, respectively.
730The default is between
731.Dq 1G
732and
733.Dq 4G ,
734depending on the cipher.
735This option applies to protocol version 2 only.
676.It Cm RemoteForward 736.It Cm RemoteForward
677Specifies that a TCP/IP port on the remote machine be forwarded over 737Specifies that a TCP port on the remote machine be forwarded over
678the secure channel to the specified host and port from the local machine. 738the secure channel to the specified host and port from the local machine.
679The first argument must be 739The first argument must be
680.Sm off 740.Sm off
@@ -751,17 +811,8 @@ across multiple
751.Cm SendEnv 811.Cm SendEnv
752directives. 812directives.
753The default is not to send any environment variables. 813The default is not to send any environment variables.
754.It Cm ServerAliveInterval
755Sets a timeout interval in seconds after which if no data has been received
756from the server,
757.Nm ssh
758will send a message through the encrypted
759channel to request a response from the server.
760The default
761is 0, indicating that these messages will not be sent to the server.
762This option applies to protocol version 2 only.
763.It Cm ServerAliveCountMax 814.It Cm ServerAliveCountMax
764Sets the number of server alive messages (see above) which may be 815Sets the number of server alive messages (see below) which may be
765sent without 816sent without
766.Nm ssh 817.Nm ssh
767receiving any messages back from the server. 818receiving any messages back from the server.
@@ -783,10 +834,19 @@ server depend on knowing when a connection has become inactive.
783The default value is 3. 834The default value is 3.
784If, for example, 835If, for example,
785.Cm ServerAliveInterval 836.Cm ServerAliveInterval
786(above) is set to 15, and 837(see below) is set to 15, and
787.Cm ServerAliveCountMax 838.Cm ServerAliveCountMax
788is left at the default, if the server becomes unresponsive ssh 839is left at the default, if the server becomes unresponsive ssh
789will disconnect after approximately 45 seconds. 840will disconnect after approximately 45 seconds.
841.It Cm ServerAliveInterval
842Sets a timeout interval in seconds after which if no data has been received
843from the server,
844.Nm ssh
845will send a message through the encrypted
846channel to request a response from the server.
847The default
848is 0, indicating that these messages will not be sent to the server.
849This option applies to protocol version 2 only.
790.It Cm SmartcardDevice 850.It Cm SmartcardDevice
791Specifies which smartcard device to use. 851Specifies which smartcard device to use.
792The argument to this keyword is the device 852The argument to this keyword is the device
@@ -846,6 +906,25 @@ This is important in scripts, and many users want it too.
846.Pp 906.Pp
847To disable TCP keepalive messages, the value should be set to 907To disable TCP keepalive messages, the value should be set to
848.Dq no . 908.Dq no .
909.It Cm Tunnel
910Request starting
911.Xr tun 4
912device forwarding between the client and the server.
913This option also allows requesting layer 2 (ethernet)
914instead of layer 3 (point-to-point) tunneling from the server.
915The argument must be
916.Dq yes ,
917.Dq point-to-point ,
918.Dq ethernet
919or
920.Dq no .
921The default is
922.Dq no .
923.It Cm TunnelDevice
924Force a specified
925.Xr tun 4
926device on the client.
927Without this option, the next available device will be used.
849.It Cm UsePrivilegedPort 928.It Cm UsePrivilegedPort
850Specifies whether to use a privileged port for outgoing connections. 929Specifies whether to use a privileged port for outgoing connections.
851The argument must be 930The argument must be
diff --git a/sshconnect.c b/sshconnect.c
index ba7b9b71e..64ffec240 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
13 */ 13 */
14 14
15#include "includes.h" 15#include "includes.h"
16RCSID("$OpenBSD: sshconnect.c,v 1.168 2005/07/17 07:17:55 djm Exp $"); 16RCSID("$OpenBSD: sshconnect.c,v 1.171 2005/12/06 22:38:27 reyk Exp $");
17 17
18#include <openssl/bn.h> 18#include <openssl/bn.h>
19 19
@@ -31,13 +31,12 @@ RCSID("$OpenBSD: sshconnect.c,v 1.168 2005/07/17 07:17:55 djm Exp $");
31#include "readconf.h" 31#include "readconf.h"
32#include "atomicio.h" 32#include "atomicio.h"
33#include "misc.h" 33#include "misc.h"
34
35#include "dns.h" 34#include "dns.h"
36 35
37char *client_version_string = NULL; 36char *client_version_string = NULL;
38char *server_version_string = NULL; 37char *server_version_string = NULL;
39 38
40int matching_host_key_dns = 0; 39static int matching_host_key_dns = 0;
41 40
42/* import */ 41/* import */
43extern Options options; 42extern Options options;
@@ -604,7 +603,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
604 file_key = key_new(host_key->type); 603 file_key = key_new(host_key->type);
605 604
606 /* 605 /*
607 * Check if the host key is present in the user\'s list of known 606 * Check if the host key is present in the user's list of known
608 * hosts or in the systemwide list. 607 * hosts or in the systemwide list.
609 */ 608 */
610 host_file = user_hostfile; 609 host_file = user_hostfile;
@@ -1035,3 +1034,39 @@ warn_changed_key(Key *host_key)
1035 1034
1036 xfree(fp); 1035 xfree(fp);
1037} 1036}
1037
1038/*
1039 * Execute a local command
1040 */
1041int
1042ssh_local_cmd(const char *args)
1043{
1044 char *shell;
1045 pid_t pid;
1046 int status;
1047
1048 if (!options.permit_local_command ||
1049 args == NULL || !*args)
1050 return (1);
1051
1052 if ((shell = getenv("SHELL")) == NULL)
1053 shell = _PATH_BSHELL;
1054
1055 pid = fork();
1056 if (pid == 0) {
1057 debug3("Executing %s -c \"%s\"", shell, args);
1058 execl(shell, shell, "-c", args, (char *)NULL);
1059 error("Couldn't execute %s -c \"%s\": %s",
1060 shell, args, strerror(errno));
1061 _exit(1);
1062 } else if (pid == -1)
1063 fatal("fork failed: %.100s", strerror(errno));
1064 while (waitpid(pid, &status, 0) == -1)
1065 if (errno != EINTR)
1066 fatal("Couldn't wait for child: %s", strerror(errno));
1067
1068 if (!WIFEXITED(status))
1069 return (1);
1070
1071 return (WEXITSTATUS(status));
1072}
diff --git a/sshconnect.h b/sshconnect.h
index 0be30fe69..e7c7a2b34 100644
--- a/sshconnect.h
+++ b/sshconnect.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect.h,v 1.17 2002/06/19 00:27:55 deraadt Exp $ */ 1/* $OpenBSD: sshconnect.h,v 1.18 2005/12/06 22:38:28 reyk Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -49,7 +49,7 @@ void ssh_userauth1(const char *, const char *, char *, Sensitive *);
49void ssh_userauth2(const char *, const char *, char *, Sensitive *); 49void ssh_userauth2(const char *, const char *, char *, Sensitive *);
50 50
51void ssh_put_password(char *); 51void ssh_put_password(char *);
52 52int ssh_local_cmd(const char *);
53 53
54/* 54/*
55 * Macros to raise/lower permissions. 55 * Macros to raise/lower permissions.
diff --git a/sshconnect1.c b/sshconnect1.c
index bd05723c7..440d7c5bd 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -13,7 +13,7 @@
13 */ 13 */
14 14
15#include "includes.h" 15#include "includes.h"
16RCSID("$OpenBSD: sshconnect1.c,v 1.61 2005/06/17 02:44:33 djm Exp $"); 16RCSID("$OpenBSD: sshconnect1.c,v 1.62 2005/10/30 08:52:18 djm Exp $");
17 17
18#include <openssl/bn.h> 18#include <openssl/bn.h>
19#include <openssl/md5.h> 19#include <openssl/md5.h>
@@ -84,7 +84,7 @@ try_agent_authentication(void)
84 /* Wait for server's response. */ 84 /* Wait for server's response. */
85 type = packet_read(); 85 type = packet_read();
86 86
87 /* The server sends failure if it doesn\'t like our key or 87 /* The server sends failure if it doesn't like our key or
88 does not support RSA authentication. */ 88 does not support RSA authentication. */
89 if (type == SSH_SMSG_FAILURE) { 89 if (type == SSH_SMSG_FAILURE) {
90 debug("Server refused our key."); 90 debug("Server refused our key.");
@@ -215,8 +215,8 @@ try_rsa_authentication(int idx)
215 type = packet_read(); 215 type = packet_read();
216 216
217 /* 217 /*
218 * The server responds with failure if it doesn\'t like our key or 218 * The server responds with failure if it doesn't like our key or
219 * doesn\'t support RSA authentication. 219 * doesn't support RSA authentication.
220 */ 220 */
221 if (type == SSH_SMSG_FAILURE) { 221 if (type == SSH_SMSG_FAILURE) {
222 debug("Server refused our key."); 222 debug("Server refused our key.");
diff --git a/sshconnect2.c b/sshconnect2.c
index ee7932d68..adf967281 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: sshconnect2.c,v 1.142 2005/08/30 22:08:05 djm Exp $"); 26RCSID("$OpenBSD: sshconnect2.c,v 1.143 2005/10/14 02:17:59 stevesk Exp $");
27 27
28#include "openbsd-compat/sys-queue.h" 28#include "openbsd-compat/sys-queue.h"
29 29
@@ -702,7 +702,7 @@ input_gssapi_error(int type, u_int32_t plen, void *ctxt)
702 702
703 packet_check_eom(); 703 packet_check_eom();
704 704
705 debug("Server GSSAPI Error:\n%s\n", msg); 705 debug("Server GSSAPI Error:\n%s", msg);
706 xfree(msg); 706 xfree(msg);
707 xfree(lang); 707 xfree(lang);
708} 708}
diff --git a/sshd.0 b/sshd.0
index 9a9613b54..040be6cad 100644
--- a/sshd.0
+++ b/sshd.0
@@ -8,95 +8,20 @@ SYNOPSIS
8 [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len] 8 [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len]
9 9
10DESCRIPTION 10DESCRIPTION
11 sshd (SSH Daemon) is the daemon program for ssh(1). Together these pro- 11 sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these
12 grams replace rlogin and rsh, and provide secure encrypted communications 12 programs replace rlogin and rsh, and provide secure encrypted communica-
13 between two untrusted hosts over an insecure network. The programs are 13 tions between two untrusted hosts over an insecure network.
14 intended to be as easy to install and use as possible.
15
16 sshd is the daemon that listens for connections from clients. It is nor-
17 mally started at boot from /etc/rc. It forks a new daemon for each in-
18 coming connection. The forked daemons handle key exchange, encryption,
19 authentication, command execution, and data exchange. This implementa-
20 tion of sshd supports both SSH protocol version 1 and 2 simultaneously.
21 sshd works as follows:
22
23 SSH protocol version 1
24 Each host has a host-specific RSA key (normally 2048 bits) used to iden-
25 tify the host. Additionally, when the daemon starts, it generates a
26 server RSA key (normally 768 bits). This key is normally regenerated ev-
27 ery hour if it has been used, and is never stored on disk.
28
29 Whenever a client connects, the daemon responds with its public host and
30 server keys. The client compares the RSA host key against its own
31 database to verify that it has not changed. The client then generates a
32 256-bit random number. It encrypts this random number using both the
33 host key and the server key, and sends the encrypted number to the serv-
34 er. Both sides then use this random number as a session key which is
35 used to encrypt all further communications in the session. The rest of
36 the session is encrypted using a conventional cipher, currently Blowfish
37 or 3DES, with 3DES being used by default. The client selects the encryp-
38 tion algorithm to use from those offered by the server.
39 14
40 Next, the server and the client enter an authentication dialog. The 15 sshd listens for connections from clients. It is normally started at
41 client tries to authenticate itself using .rhosts authentication combined 16 boot from /etc/rc. It forks a new daemon for each incoming connection.
42 with RSA host authentication, RSA challenge-response authentication, or 17 The forked daemons handle key exchange, encryption, authentication, com-
43 password based authentication. 18 mand execution, and data exchange.
44
45 Regardless of the authentication type, the account is checked to ensure
46 that it is accessible. An account is not accessible if it is locked,
47 listed in DenyUsers or its group is listed in DenyGroups . The defini-
48 tion of a locked account is system dependant. Some platforms have their
49 own account database (eg AIX) and some modify the passwd field ( `*LK*'
50 on Solaris, `*' on HP-UX, containing `Nologin' on Tru64 and a leading
51 `!!' on Linux). If there is a requirement to disable password authenti-
52 cation for the account while allowing still public-key, then the passwd
53 field should be set to something other than these values (eg `NP' or
54 `*NP*' ).
55
56 rshd, rlogind, and rexecd are disabled (thus completely disabling rlogin
57 and rsh into the machine).
58
59 SSH protocol version 2
60 Version 2 works similarly: Each host has a host-specific key (RSA or DSA)
61 used to identify the host. However, when the daemon starts, it does not
62 generate a server key. Forward security is provided through a Diffie-
63 Hellman key agreement. This key agreement results in a shared session
64 key.
65
66 The rest of the session is encrypted using a symmetric cipher, currently
67 128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit
68 AES. The client selects the encryption algorithm to use from those of-
69 fered by the server. Additionally, session integrity is provided through
70 a cryptographic message authentication code (hmac-sha1 or hmac-md5).
71
72 Protocol version 2 provides a public key based user (PubkeyAuthentica-
73 tion) or client host (HostbasedAuthentication) authentication method,
74 conventional password authentication and challenge response based meth-
75 ods.
76
77 Command execution and data forwarding
78 If the client successfully authenticates itself, a dialog for preparing
79 the session is entered. At this time the client may request things like
80 allocating a pseudo-tty, forwarding X11 connections, forwarding TCP/IP
81 connections, or forwarding the authentication agent connection over the
82 secure channel.
83
84 Finally, the client either requests a shell or execution of a command.
85 The sides then enter session mode. In this mode, either side may send
86 data at any time, and such data is forwarded to/from the shell or command
87 on the server side, and the user terminal in the client side.
88
89 When the user program terminates and all forwarded X11 and other connec-
90 tions have been closed, the server sends command exit status to the
91 client, and both sides exit.
92 19
93 sshd can be configured using command-line options or a configuration file 20 sshd can be configured using command-line options or a configuration file
94 (by default sshd_config(5)). Command-line options override values speci- 21 (by default sshd_config(5)); command-line options override values speci-
95 fied in the configuration file. 22 fied in the configuration file. sshd rereads its configuration file when
96 23 it receives a hangup signal, SIGHUP, by executing itself with the name
97 sshd rereads its configuration file when it receives a hangup signal, 24 and options it was started with, e.g., /usr/sbin/sshd.
98 SIGHUP, by executing itself with the name and options it was started
99 with, e.g., /usr/sbin/sshd.
100 25
101 The options are as follows: 26 The options are as follows:
102 27
@@ -165,8 +90,9 @@ DESCRIPTION
165 -p port 90 -p port
166 Specifies the port on which the server listens for connections 91 Specifies the port on which the server listens for connections
167 (default 22). Multiple port options are permitted. Ports speci- 92 (default 22). Multiple port options are permitted. Ports speci-
168 fied in the configuration file are ignored when a command-line 93 fied in the configuration file with the Port option are ignored
169 port is specified. 94 when a command-line port is specified. Ports specified using the
95 ListenAddress option override command-line ports.
170 96
171 -q Quiet mode. Nothing is sent to the system log. Normally the be- 97 -q Quiet mode. Nothing is sent to the system log. Normally the be-
172 ginning, authentication, and termination of each connection is 98 ginning, authentication, and termination of each connection is
@@ -185,15 +111,74 @@ DESCRIPTION
185 the utmp file. -u0 may also be used to prevent sshd from making 111 the utmp file. -u0 may also be used to prevent sshd from making
186 DNS requests unless the authentication mechanism or configuration 112 DNS requests unless the authentication mechanism or configuration
187 requires it. Authentication mechanisms that may require DNS in- 113 requires it. Authentication mechanisms that may require DNS in-
188 clude RhostsRSAAuthentication, HostbasedAuthentication and using 114 clude RhostsRSAAuthentication, HostbasedAuthentication, and using
189 a from="pattern-list" option in a key file. Configuration op- 115 a from="pattern-list" option in a key file. Configuration op-
190 tions that require DNS include using a USER@HOST pattern in 116 tions that require DNS include using a USER@HOST pattern in
191 AllowUsers or DenyUsers. 117 AllowUsers or DenyUsers.
192 118
193CONFIGURATION FILE 119AUTHENTICATION
194 sshd reads configuration data from /etc/ssh/sshd_config (or the file 120 The OpenSSH SSH daemon supports SSH protocols 1 and 2. Both protocols
195 specified with -f on the command line). The file format and configura- 121 are supported by default, though this can be changed via the Protocol op-
196 tion options are described in sshd_config(5). 122 tion in sshd_config(5). Protocol 2 supports both RSA and DSA keys; pro-
123 tocol 1 only supports RSA keys. For both protocols, each host has a
124 host-specific key, normally 2048 bits, used to identify the host.
125
126 Forward security for protocol 1 is provided through an additional server
127 key, normally 768 bits, generated when the server starts. This key is
128 normally regenerated every hour if it has been used, and is never stored
129 on disk. Whenever a client connects, the daemon responds with its public
130 host and server keys. The client compares the RSA host key against its
131 own database to verify that it has not changed. The client then gener-
132 ates a 256-bit random number. It encrypts this random number using both
133 the host key and the server key, and sends the encrypted number to the
134 server. Both sides then use this random number as a session key which is
135 used to encrypt all further communications in the session. The rest of
136 the session is encrypted using a conventional cipher, currently Blowfish
137 or 3DES, with 3DES being used by default. The client selects the encryp-
138 tion algorithm to use from those offered by the server.
139
140 For protocol 2, forward security is provided through a Diffie-Hellman key
141 agreement. This key agreement results in a shared session key. The rest
142 of the session is encrypted using a symmetric cipher, currently 128-bit
143 AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The
144 client selects the encryption algorithm to use from those offered by the
145 server. Additionally, session integrity is provided through a crypto-
146 graphic message authentication code (hmac-sha1 or hmac-md5).
147
148 Finally, the server and the client enter an authentication dialog. The
149 client tries to authenticate itself using host-based authentication, pub-
150 lic key authentication, challenge-response authentication, or password
151 authentication.
152
153 Regardless of the authentication type, the account is checked to ensure
154 that it is accessible. An account is not accessible if it is locked,
155 listed in DenyUsers or its group is listed in DenyGroups . The defini-
156 tion of a locked account is system dependant. Some platforms have their
157 own account database (eg AIX) and some modify the passwd field ( `*LK*'
158 on Solaris and UnixWare, `*' on HP-UX, containing `Nologin' on Tru64, a
159 leading `*LOCKED*' on FreeBSD and a leading `!!' on Linux). If there is
160 a requirement to disable password authentication for the account while
161 allowing still public-key, then the passwd field should be set to some-
162 thing other than these values (eg `NP' or `*NP*' ).
163
164 System security is not improved unless rshd, rlogind, and rexecd are dis-
165 abled (thus completely disabling rlogin and rsh into the machine).
166
167COMMAND EXECUTION AND DATA FORWARDING
168 If the client successfully authenticates itself, a dialog for preparing
169 the session is entered. At this time the client may request things like
170 allocating a pseudo-tty, forwarding X11 connections, forwarding TCP con-
171 nections, or forwarding the authentication agent connection over the se-
172 cure channel.
173
174 Finally, the client either requests a shell or execution of a command.
175 The sides then enter session mode. In this mode, either side may send
176 data at any time, and such data is forwarded to/from the shell or command
177 on the server side, and the user terminal in the client side.
178
179 When the user program terminates and all forwarded X11 and other connec-
180 tions have been closed, the server sends command exit status to the
181 client, and both sides exit.
197 182
198LOGIN PROCESS 183LOGIN PROCESS
199 When a user successfully logs in, sshd does the following: 184 When a user successfully logs in, sshd does the following:
@@ -280,9 +265,9 @@ AUTHORIZED_KEYS FILE FORMAT
280 backslash. This option might be useful to restrict certain pub- 265 backslash. This option might be useful to restrict certain pub-
281 lic keys to perform just a specific operation. An example might 266 lic keys to perform just a specific operation. An example might
282 be a key that permits remote backups but nothing else. Note that 267 be a key that permits remote backups but nothing else. Note that
283 the client may specify TCP/IP and/or X11 forwarding unless they 268 the client may specify TCP and/or X11 forwarding unless they are
284 are explicitly prohibited. Note that this option applies to 269 explicitly prohibited. Note that this option applies to shell,
285 shell, command or subsystem execution. 270 command or subsystem execution.
286 271
287 environment="NAME=value" 272 environment="NAME=value"
288 Specifies that the string is to be added to the environment when 273 Specifies that the string is to be added to the environment when
@@ -293,10 +278,9 @@ AUTHORIZED_KEYS FILE FORMAT
293 This option is automatically disabled if UseLogin is enabled. 278 This option is automatically disabled if UseLogin is enabled.
294 279
295 no-port-forwarding 280 no-port-forwarding
296 Forbids TCP/IP forwarding when this key is used for authentica- 281 Forbids TCP forwarding when this key is used for authentication.
297 tion. Any port forward requests by the client will return an er- 282 Any port forward requests by the client will return an error.
298 ror. This might be used, e.g., in connection with the command 283 This might be used, e.g., in connection with the command option.
299 option.
300 284
301 no-X11-forwarding 285 no-X11-forwarding
302 Forbids X11 forwarding when this key is used for authentication. 286 Forbids X11 forwarding when this key is used for authentication.
@@ -316,6 +300,11 @@ AUTHORIZED_KEYS FILE FORMAT
316 is performed on the specified hostnames, they must be literal do- 300 is performed on the specified hostnames, they must be literal do-
317 mains or addresses. 301 mains or addresses.
318 302
303 tunnel="n"
304 Force a tun(4) device on the server. Without this option, the
305 next available device will be used if the client requests a tun-
306 nel.
307
319 Examples 308 Examples
320 1024 33 12121...312314325 ylo@foo.bar 309 1024 33 12121...312314325 ylo@foo.bar
321 310
@@ -326,6 +315,9 @@ AUTHORIZED_KEYS FILE FORMAT
326 315
327 permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323 316 permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323
328 317
318 tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== reyk@openb-
319 sd.org
320
329SSH_KNOWN_HOSTS FILE FORMAT 321SSH_KNOWN_HOSTS FILE FORMAT
330 The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host 322 The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host
331 public keys for all known hosts. The global file should be prepared by 323 public keys for all known hosts. The global file should be prepared by
@@ -571,4 +563,4 @@ AUTHORS
571 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 563 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
572 for privilege separation. 564 for privilege separation.
573 565
574OpenBSD 3.8 September 25, 1999 9 566OpenBSD 3.9 September 25, 1999 9
diff --git a/sshd.8 b/sshd.8
index fdff4ac91..51d339b65 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd.8,v 1.208 2005/06/08 03:50:00 djm Exp $ 37.\" $OpenBSD: sshd.8,v 1.215 2006/02/01 09:11:41 jmc Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSHD 8 39.Dt SSHD 8
40.Os 40.Os
@@ -56,16 +56,14 @@
56.Ek 56.Ek
57.Sh DESCRIPTION 57.Sh DESCRIPTION
58.Nm 58.Nm
59(SSH Daemon) is the daemon program for 59(OpenSSH Daemon) is the daemon program for
60.Xr ssh 1 . 60.Xr ssh 1 .
61Together these programs replace rlogin and rsh, and 61Together these programs replace rlogin and rsh, and
62provide secure encrypted communications between two untrusted hosts 62provide secure encrypted communications between two untrusted hosts
63over an insecure network. 63over an insecure network.
64The programs are intended to be as easy to
65install and use as possible.
66.Pp 64.Pp
67.Nm 65.Nm
68is the daemon that listens for connections from clients. 66listens for connections from clients.
69It is normally started at boot from 67It is normally started at boot from
70.Pa /etc/rc . 68.Pa /etc/rc .
71It forks a new 69It forks a new
@@ -73,119 +71,13 @@ daemon for each incoming connection.
73The forked daemons handle 71The forked daemons handle
74key exchange, encryption, authentication, command execution, 72key exchange, encryption, authentication, command execution,
75and data exchange. 73and data exchange.
76This implementation of
77.Nm
78supports both SSH protocol version 1 and 2 simultaneously.
79.Nm
80works as follows:
81.Ss SSH protocol version 1
82Each host has a host-specific RSA key
83(normally 2048 bits) used to identify the host.
84Additionally, when
85the daemon starts, it generates a server RSA key (normally 768 bits).
86This key is normally regenerated every hour if it has been used, and
87is never stored on disk.
88.Pp
89Whenever a client connects, the daemon responds with its public
90host and server keys.
91The client compares the
92RSA host key against its own database to verify that it has not changed.
93The client then generates a 256-bit random number.
94It encrypts this
95random number using both the host key and the server key, and sends
96the encrypted number to the server.
97Both sides then use this
98random number as a session key which is used to encrypt all further
99communications in the session.
100The rest of the session is encrypted
101using a conventional cipher, currently Blowfish or 3DES, with 3DES
102being used by default.
103The client selects the encryption algorithm
104to use from those offered by the server.
105.Pp
106Next, the server and the client enter an authentication dialog.
107The client tries to authenticate itself using
108.Em .rhosts
109authentication combined with RSA host
110authentication, RSA challenge-response authentication, or password
111based authentication.
112.Pp
113Regardless of the authentication type, the account is checked to
114ensure that it is accessible. An account is not accessible if it is
115locked, listed in
116.Cm DenyUsers
117or its group is listed in
118.Cm DenyGroups
119\&. The definition of a locked account is system dependant. Some platforms
120have their own account database (eg AIX) and some modify the passwd field (
121.Ql \&*LK\&*
122on Solaris,
123.Ql \&*
124on HP-UX, containing
125.Ql Nologin
126on Tru64 and a leading
127.Ql \&!!
128on Linux). If there is a requirement to disable password authentication
129for the account while allowing still public-key, then the passwd field
130should be set to something other than these values (eg
131.Ql NP
132or
133.Ql \&*NP\&*
134).
135.Pp
136.Nm rshd ,
137.Nm rlogind ,
138and
139.Nm rexecd
140are disabled (thus completely disabling
141.Xr rlogin
142and
143.Xr rsh
144into the machine).
145.Ss SSH protocol version 2
146Version 2 works similarly:
147Each host has a host-specific key (RSA or DSA) used to identify the host.
148However, when the daemon starts, it does not generate a server key.
149Forward security is provided through a Diffie-Hellman key agreement.
150This key agreement results in a shared session key.
151.Pp
152The rest of the session is encrypted using a symmetric cipher, currently
153128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES.
154The client selects the encryption algorithm
155to use from those offered by the server.
156Additionally, session integrity is provided
157through a cryptographic message authentication code
158(hmac-sha1 or hmac-md5).
159.Pp
160Protocol version 2 provides a public key based
161user (PubkeyAuthentication) or
162client host (HostbasedAuthentication) authentication method,
163conventional password authentication and challenge response based methods.
164.Ss Command execution and data forwarding
165If the client successfully authenticates itself, a dialog for
166preparing the session is entered.
167At this time the client may request
168things like allocating a pseudo-tty, forwarding X11 connections,
169forwarding TCP/IP connections, or forwarding the authentication agent
170connection over the secure channel.
171.Pp
172Finally, the client either requests a shell or execution of a command.
173The sides then enter session mode.
174In this mode, either side may send
175data at any time, and such data is forwarded to/from the shell or
176command on the server side, and the user terminal in the client side.
177.Pp
178When the user program terminates and all forwarded X11 and other
179connections have been closed, the server sends command exit status to
180the client, and both sides exit.
181.Pp 74.Pp
182.Nm 75.Nm
183can be configured using command-line options or a configuration file 76can be configured using command-line options or a configuration file
184(by default 77(by default
185.Xr sshd_config 5 ) . 78.Xr sshd_config 5 ) ;
186Command-line options override values specified in the 79command-line options override values specified in the
187configuration file. 80configuration file.
188.Pp
189.Nm 81.Nm
190rereads its configuration file when it receives a hangup signal, 82rereads its configuration file when it receives a hangup signal,
191.Dv SIGHUP , 83.Dv SIGHUP ,
@@ -285,8 +177,12 @@ For full details of the options, and their values, see
285Specifies the port on which the server listens for connections 177Specifies the port on which the server listens for connections
286(default 22). 178(default 22).
287Multiple port options are permitted. 179Multiple port options are permitted.
288Ports specified in the configuration file are ignored when a 180Ports specified in the configuration file with the
289command-line port is specified. 181.Cm Port
182option are ignored when a command-line port is specified.
183Ports specified using the
184.Cm ListenAddress
185option override command-line ports.
290.It Fl q 186.It Fl q
291Quiet mode. 187Quiet mode.
292Nothing is sent to the system log. 188Nothing is sent to the system log.
@@ -321,7 +217,7 @@ from making DNS requests unless the authentication
321mechanism or configuration requires it. 217mechanism or configuration requires it.
322Authentication mechanisms that may require DNS include 218Authentication mechanisms that may require DNS include
323.Cm RhostsRSAAuthentication , 219.Cm RhostsRSAAuthentication ,
324.Cm HostbasedAuthentication 220.Cm HostbasedAuthentication ,
325and using a 221and using a
326.Cm from="pattern-list" 222.Cm from="pattern-list"
327option in a key file. 223option in a key file.
@@ -331,15 +227,114 @@ USER@HOST pattern in
331or 227or
332.Cm DenyUsers . 228.Cm DenyUsers .
333.El 229.El
334.Sh CONFIGURATION FILE 230.Sh AUTHENTICATION
335.Nm 231The OpenSSH SSH daemon supports SSH protocols 1 and 2.
336reads configuration data from 232Both protocols are supported by default,
337.Pa /etc/ssh/sshd_config 233though this can be changed via the
338(or the file specified with 234.Cm Protocol
339.Fl f 235option in
340on the command line).
341The file format and configuration options are described in
342.Xr sshd_config 5 . 236.Xr sshd_config 5 .
237Protocol 2 supports both RSA and DSA keys;
238protocol 1 only supports RSA keys.
239For both protocols,
240each host has a host-specific key,
241normally 2048 bits,
242used to identify the host.
243.Pp
244Forward security for protocol 1 is provided through
245an additional server key,
246normally 768 bits,
247generated when the server starts.
248This key is normally regenerated every hour if it has been used, and
249is never stored on disk.
250Whenever a client connects, the daemon responds with its public
251host and server keys.
252The client compares the
253RSA host key against its own database to verify that it has not changed.
254The client then generates a 256-bit random number.
255It encrypts this
256random number using both the host key and the server key, and sends
257the encrypted number to the server.
258Both sides then use this
259random number as a session key which is used to encrypt all further
260communications in the session.
261The rest of the session is encrypted
262using a conventional cipher, currently Blowfish or 3DES, with 3DES
263being used by default.
264The client selects the encryption algorithm
265to use from those offered by the server.
266.Pp
267For protocol 2,
268forward security is provided through a Diffie-Hellman key agreement.
269This key agreement results in a shared session key.
270The rest of the session is encrypted using a symmetric cipher, currently
271128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES.
272The client selects the encryption algorithm
273to use from those offered by the server.
274Additionally, session integrity is provided
275through a cryptographic message authentication code
276(hmac-sha1 or hmac-md5).
277.Pp
278Finally, the server and the client enter an authentication dialog.
279The client tries to authenticate itself using
280host-based authentication,
281public key authentication,
282challenge-response authentication,
283or password authentication.
284.Pp
285Regardless of the authentication type, the account is checked to
286ensure that it is accessible. An account is not accessible if it is
287locked, listed in
288.Cm DenyUsers
289or its group is listed in
290.Cm DenyGroups
291\&. The definition of a locked account is system dependant. Some platforms
292have their own account database (eg AIX) and some modify the passwd field (
293.Ql \&*LK\&*
294on Solaris and UnixWare,
295.Ql \&*
296on HP-UX, containing
297.Ql Nologin
298on Tru64,
299a leading
300.Ql \&*LOCKED\&*
301on FreeBSD and a leading
302.Ql \&!!
303on Linux). If there is a requirement to disable password authentication
304for the account while allowing still public-key, then the passwd field
305should be set to something other than these values (eg
306.Ql NP
307or
308.Ql \&*NP\&*
309).
310.Pp
311System security is not improved unless
312.Nm rshd ,
313.Nm rlogind ,
314and
315.Nm rexecd
316are disabled (thus completely disabling
317.Xr rlogin
318and
319.Xr rsh
320into the machine).
321.Sh COMMAND EXECUTION AND DATA FORWARDING
322If the client successfully authenticates itself, a dialog for
323preparing the session is entered.
324At this time the client may request
325things like allocating a pseudo-tty, forwarding X11 connections,
326forwarding TCP connections, or forwarding the authentication agent
327connection over the secure channel.
328.Pp
329Finally, the client either requests a shell or execution of a command.
330The sides then enter session mode.
331In this mode, either side may send
332data at any time, and such data is forwarded to/from the shell or
333command on the server side, and the user terminal in the client side.
334.Pp
335When the user program terminates and all forwarded X11 and other
336connections have been closed, the server sends command exit status to
337the client, and both sides exit.
343.Sh LOGIN PROCESS 338.Sh LOGIN PROCESS
344When a user successfully logs in, 339When a user successfully logs in,
345.Nm 340.Nm
@@ -473,7 +468,7 @@ A quote may be included in the command by quoting it with a backslash.
473This option might be useful 468This option might be useful
474to restrict certain public keys to perform just a specific operation. 469to restrict certain public keys to perform just a specific operation.
475An example might be a key that permits remote backups but nothing else. 470An example might be a key that permits remote backups but nothing else.
476Note that the client may specify TCP/IP and/or X11 471Note that the client may specify TCP and/or X11
477forwarding unless they are explicitly prohibited. 472forwarding unless they are explicitly prohibited.
478Note that this option applies to shell, command or subsystem execution. 473Note that this option applies to shell, command or subsystem execution.
479.It Cm environment="NAME=value" 474.It Cm environment="NAME=value"
@@ -490,7 +485,7 @@ This option is automatically disabled if
490.Cm UseLogin 485.Cm UseLogin
491is enabled. 486is enabled.
492.It Cm no-port-forwarding 487.It Cm no-port-forwarding
493Forbids TCP/IP forwarding when this key is used for authentication. 488Forbids TCP forwarding when this key is used for authentication.
494Any port forward requests by the client will return an error. 489Any port forward requests by the client will return an error.
495This might be used, e.g., in connection with the 490This might be used, e.g., in connection with the
496.Cm command 491.Cm command
@@ -515,6 +510,12 @@ Multiple
515options may be applied separated by commas. 510options may be applied separated by commas.
516No pattern matching is performed on the specified hostnames, 511No pattern matching is performed on the specified hostnames,
517they must be literal domains or addresses. 512they must be literal domains or addresses.
513.It Cm tunnel="n"
514Force a
515.Xr tun 4
516device on the server.
517Without this option, the next available device will be used if
518the client requests a tunnel.
518.El 519.El
519.Ss Examples 520.Ss Examples
5201024 33 12121...312314325 ylo@foo.bar 5211024 33 12121...312314325 ylo@foo.bar
@@ -524,6 +525,8 @@ from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23...2334 ylo@niksula
524command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323 backup.hut.fi 525command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323 backup.hut.fi
525.Pp 526.Pp
526permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323 527permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323
528.Pp
529tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== reyk@openbsd.org
527.Sh SSH_KNOWN_HOSTS FILE FORMAT 530.Sh SSH_KNOWN_HOSTS FILE FORMAT
528The 531The
529.Pa /etc/ssh/ssh_known_hosts 532.Pa /etc/ssh/ssh_known_hosts
diff --git a/sshd.c b/sshd.c
index 92aa9bbd2..def90d827 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
42 */ 42 */
43 43
44#include "includes.h" 44#include "includes.h"
45RCSID("$OpenBSD: sshd.c,v 1.312 2005/07/25 11:59:40 markus Exp $"); 45RCSID("$OpenBSD: sshd.c,v 1.318 2005/12/24 02:27:41 djm Exp $");
46 46
47#include <openssl/dh.h> 47#include <openssl/dh.h>
48#include <openssl/bn.h> 48#include <openssl/bn.h>
@@ -633,16 +633,8 @@ privsep_postauth(Authctxt *authctxt)
633 if (authctxt->pw->pw_uid == 0 || options.use_login) { 633 if (authctxt->pw->pw_uid == 0 || options.use_login) {
634#endif 634#endif
635 /* File descriptor passing is broken or root login */ 635 /* File descriptor passing is broken or root login */
636 monitor_apply_keystate(pmonitor);
637 use_privsep = 0; 636 use_privsep = 0;
638 return; 637 goto skip;
639 }
640
641 /* Authentication complete */
642 alarm(0);
643 if (startup_pipe != -1) {
644 close(startup_pipe);
645 startup_pipe = -1;
646 } 638 }
647 639
648 /* New socket pair */ 640 /* New socket pair */
@@ -669,6 +661,7 @@ privsep_postauth(Authctxt *authctxt)
669 /* Drop privileges */ 661 /* Drop privileges */
670 do_setusercontext(authctxt->pw); 662 do_setusercontext(authctxt->pw);
671 663
664 skip:
672 /* It is safe now to apply the key state */ 665 /* It is safe now to apply the key state */
673 monitor_apply_keystate(pmonitor); 666 monitor_apply_keystate(pmonitor);
674 667
@@ -800,6 +793,7 @@ send_rexec_state(int fd, Buffer *conf)
800 * bignum iqmp " 793 * bignum iqmp "
801 * bignum p " 794 * bignum p "
802 * bignum q " 795 * bignum q "
796 * string rngseed (only if OpenSSL is not self-seeded)
803 */ 797 */
804 buffer_init(&m); 798 buffer_init(&m);
805 buffer_put_cstring(&m, buffer_ptr(conf)); 799 buffer_put_cstring(&m, buffer_ptr(conf));
@@ -816,6 +810,10 @@ send_rexec_state(int fd, Buffer *conf)
816 } else 810 } else
817 buffer_put_int(&m, 0); 811 buffer_put_int(&m, 0);
818 812
813#ifndef OPENSSL_PRNG_ONLY
814 rexec_send_rng_seed(&m);
815#endif
816
819 if (ssh_msg_send(fd, 0, &m) == -1) 817 if (ssh_msg_send(fd, 0, &m) == -1)
820 fatal("%s: ssh_msg_send failed", __func__); 818 fatal("%s: ssh_msg_send failed", __func__);
821 819
@@ -858,6 +856,11 @@ recv_rexec_state(int fd, Buffer *conf)
858 rsa_generate_additional_parameters( 856 rsa_generate_additional_parameters(
859 sensitive_data.server_key->rsa); 857 sensitive_data.server_key->rsa);
860 } 858 }
859
860#ifndef OPENSSL_PRNG_ONLY
861 rexec_recv_rng_seed(&m);
862#endif
863
861 buffer_free(&m); 864 buffer_free(&m);
862 865
863 debug3("%s: done", __func__); 866 debug3("%s: done", __func__);
@@ -914,6 +917,9 @@ main(int ac, char **av)
914 if (geteuid() == 0 && setgroups(0, NULL) == -1) 917 if (geteuid() == 0 && setgroups(0, NULL) == -1)
915 debug("setgroups(): %.200s", strerror(errno)); 918 debug("setgroups(): %.200s", strerror(errno));
916 919
920 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
921 sanitise_stdfd();
922
917 /* Initialize configuration options to their default values. */ 923 /* Initialize configuration options to their default values. */
918 initialize_server_options(&options); 924 initialize_server_options(&options);
919 925
@@ -1051,8 +1057,6 @@ main(int ac, char **av)
1051 drop_cray_privs(); 1057 drop_cray_privs();
1052#endif 1058#endif
1053 1059
1054 seed_rng();
1055
1056 sensitive_data.server_key = NULL; 1060 sensitive_data.server_key = NULL;
1057 sensitive_data.ssh1_host_key = NULL; 1061 sensitive_data.ssh1_host_key = NULL;
1058 sensitive_data.have_ssh1_key = 0; 1062 sensitive_data.have_ssh1_key = 0;
@@ -1071,6 +1075,8 @@ main(int ac, char **av)
1071 if (!rexec_flag) 1075 if (!rexec_flag)
1072 buffer_free(&cfg); 1076 buffer_free(&cfg);
1073 1077
1078 seed_rng();
1079
1074 /* Fill in default values for those options not explicitly set. */ 1080 /* Fill in default values for those options not explicitly set. */
1075 fill_default_server_options(&options); 1081 fill_default_server_options(&options);
1076 1082
@@ -1638,7 +1644,12 @@ main(int ac, char **av)
1638 debug("get_remote_port failed"); 1644 debug("get_remote_port failed");
1639 cleanup_exit(255); 1645 cleanup_exit(255);
1640 } 1646 }
1641 remote_ip = get_remote_ipaddr(); 1647
1648 /*
1649 * We use get_canonical_hostname with usedns = 0 instead of
1650 * get_remote_ipaddr here so IP options will be checked.
1651 */
1652 remote_ip = get_canonical_hostname(0);
1642 1653
1643#ifdef SSH_AUDIT_EVENTS 1654#ifdef SSH_AUDIT_EVENTS
1644 audit_connection_from(remote_ip, remote_port); 1655 audit_connection_from(remote_ip, remote_port);
@@ -1664,10 +1675,10 @@ main(int ac, char **av)
1664 verbose("Connection from %.500s port %d", remote_ip, remote_port); 1675 verbose("Connection from %.500s port %d", remote_ip, remote_port);
1665 1676
1666 /* 1677 /*
1667 * We don\'t want to listen forever unless the other side 1678 * We don't want to listen forever unless the other side
1668 * successfully authenticates itself. So we set up an alarm which is 1679 * successfully authenticates itself. So we set up an alarm which is
1669 * cleared after successful authentication. A limit of zero 1680 * cleared after successful authentication. A limit of zero
1670 * indicates no limit. Note that we don\'t set the alarm in debugging 1681 * indicates no limit. Note that we don't set the alarm in debugging
1671 * mode; it is just annoying to have the server exit just when you 1682 * mode; it is just annoying to have the server exit just when you
1672 * are about to discover the bug. 1683 * are about to discover the bug.
1673 */ 1684 */
@@ -1714,6 +1725,17 @@ main(int ac, char **av)
1714 } 1725 }
1715 1726
1716 authenticated: 1727 authenticated:
1728 /*
1729 * Cancel the alarm we set to limit the time taken for
1730 * authentication.
1731 */
1732 alarm(0);
1733 signal(SIGALRM, SIG_DFL);
1734 if (startup_pipe != -1) {
1735 close(startup_pipe);
1736 startup_pipe = -1;
1737 }
1738
1717#ifdef SSH_AUDIT_EVENTS 1739#ifdef SSH_AUDIT_EVENTS
1718 audit_event(SSH_AUTH_SUCCESS); 1740 audit_event(SSH_AUTH_SUCCESS);
1719#endif 1741#endif
diff --git a/sshd_config b/sshd_config
index 1440c05ff..4957dd1a6 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
1# $OpenBSD: sshd_config,v 1.72 2005/07/25 11:59:40 markus Exp $ 1# $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
2 2
3# This is the sshd server system-wide configuration file. See 3# This is the sshd server system-wide configuration file. See
4# sshd_config(5) for more information. 4# sshd_config(5) for more information.
@@ -96,6 +96,7 @@
96#UseDNS yes 96#UseDNS yes
97#PidFile /var/run/sshd.pid 97#PidFile /var/run/sshd.pid
98#MaxStartups 10 98#MaxStartups 10
99#PermitTunnel no
99 100
100# no default banner path 101# no default banner path
101#Banner /some/path 102#Banner /some/path
diff --git a/sshd_config.0 b/sshd_config.0
index d821a84b6..d2c5454e1 100644
--- a/sshd_config.0
+++ b/sshd_config.0
@@ -92,7 +92,7 @@ DESCRIPTION
92 aes192-ctr,aes256-ctr'' 92 aes192-ctr,aes256-ctr''
93 93
94 ClientAliveCountMax 94 ClientAliveCountMax
95 Sets the number of client alive messages (see above) which may be 95 Sets the number of client alive messages (see below) which may be
96 sent without sshd receiving any messages back from the client. 96 sent without sshd receiving any messages back from the client.
97 If this threshold is reached while client alive messages are be- 97 If this threshold is reached while client alive messages are be-
98 ing sent, sshd will disconnect the client, terminating the ses- 98 ing sent, sshd will disconnect the client, terminating the ses-
@@ -104,9 +104,10 @@ DESCRIPTION
104 able when the client or server depend on knowing when a connec- 104 able when the client or server depend on knowing when a connec-
105 tion has become inactive. 105 tion has become inactive.
106 106
107 The default value is 3. If ClientAliveInterval (above) is set to 107 The default value is 3. If ClientAliveInterval (see below) is
108 15, and ClientAliveCountMax is left at the default, unresponsive 108 set to 15, and ClientAliveCountMax is left at the default, unre-
109 ssh clients will be disconnected after approximately 45 seconds. 109 sponsive ssh clients will be disconnected after approximately 45
110 seconds.
110 111
111 ClientAliveInterval 112 ClientAliveInterval
112 Sets a timeout interval in seconds after which if no data has 113 Sets a timeout interval in seconds after which if no data has
@@ -198,7 +199,7 @@ DESCRIPTION
198 199
199 KerberosGetAFSToken 200 KerberosGetAFSToken
200 If AFS is active and the user has a Kerberos 5 TGT, attempt to 201 If AFS is active and the user has a Kerberos 5 TGT, attempt to
201 aquire an AFS token before accessing the user's home directory. 202 acquire an AFS token before accessing the user's home directory.
202 Default is ``no''. 203 Default is ``no''.
203 204
204 KerberosOrLocalPasswd 205 KerberosOrLocalPasswd
@@ -295,6 +296,11 @@ DESCRIPTION
295 296
296 If this option is set to ``no'' root is not allowed to log in. 297 If this option is set to ``no'' root is not allowed to log in.
297 298
299 PermitTunnel
300 Specifies whether tun(4) device forwarding is allowed. The argu-
301 ment must be ``yes'', ``point-to-point'', ``ethernet'' or ``no''.
302 The default is ``no''.
303
298 PermitUserEnvironment 304 PermitUserEnvironment
299 Specifies whether ~/.ssh/environment and environment= options in 305 Specifies whether ~/.ssh/environment and environment= options in
300 ~/.ssh/authorized_keys are processed by sshd. The default is 306 ~/.ssh/authorized_keys are processed by sshd. The default is
@@ -501,4 +507,4 @@ AUTHORS
501 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 507 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
502 for privilege separation. 508 for privilege separation.
503 509
504OpenBSD 3.8 September 25, 1999 8 510OpenBSD 3.9 September 25, 1999 8
diff --git a/sshd_config.5 b/sshd_config.5
index 048e8924e..71a293ffb 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd_config.5,v 1.44 2005/07/25 11:59:40 markus Exp $ 37.\" $OpenBSD: sshd_config.5,v 1.48 2006/01/02 17:09:49 jmc Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSHD_CONFIG 5 39.Dt SSHD_CONFIG 5
40.Os 40.Os
@@ -181,7 +181,7 @@ The default is
181 aes192-ctr,aes256-ctr'' 181 aes192-ctr,aes256-ctr''
182.Ed 182.Ed
183.It Cm ClientAliveCountMax 183.It Cm ClientAliveCountMax
184Sets the number of client alive messages (see above) which may be 184Sets the number of client alive messages (see below) which may be
185sent without 185sent without
186.Nm sshd 186.Nm sshd
187receiving any messages back from the client. 187receiving any messages back from the client.
@@ -203,7 +203,7 @@ server depend on knowing when a connection has become inactive.
203The default value is 3. 203The default value is 3.
204If 204If
205.Cm ClientAliveInterval 205.Cm ClientAliveInterval
206(above) is set to 15, and 206(see below) is set to 15, and
207.Cm ClientAliveCountMax 207.Cm ClientAliveCountMax
208is left at the default, unresponsive ssh clients 208is left at the default, unresponsive ssh clients
209will be disconnected after approximately 45 seconds. 209will be disconnected after approximately 45 seconds.
@@ -348,7 +348,7 @@ Kerberos servtab which allows the verification of the KDC's identity.
348Default is 348Default is
349.Dq no . 349.Dq no .
350.It Cm KerberosGetAFSToken 350.It Cm KerberosGetAFSToken
351If AFS is active and the user has a Kerberos 5 TGT, attempt to aquire 351If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire
352an AFS token before accessing the user's home directory. 352an AFS token before accessing the user's home directory.
353Default is 353Default is
354.Dq no . 354.Dq no .
@@ -502,6 +502,18 @@ All other authentication methods are disabled for root.
502If this option is set to 502If this option is set to
503.Dq no 503.Dq no
504root is not allowed to log in. 504root is not allowed to log in.
505.It Cm PermitTunnel
506Specifies whether
507.Xr tun 4
508device forwarding is allowed.
509The argument must be
510.Dq yes ,
511.Dq point-to-point ,
512.Dq ethernet
513or
514.Dq no .
515The default is
516.Dq no .
505.It Cm PermitUserEnvironment 517.It Cm PermitUserEnvironment
506Specifies whether 518Specifies whether
507.Pa ~/.ssh/environment 519.Pa ~/.ssh/environment
diff --git a/version.h b/version.h
index b9c87e2fb..d5fd0c6ce 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
1/* $OpenBSD: version.h,v 1.45 2005/08/31 09:28:42 markus Exp $ */ 1/* $OpenBSD: version.h,v 1.46 2006/02/01 11:27:22 markus Exp $ */
2 2
3#define SSH_VERSION "OpenSSH_4.2" 3#define SSH_VERSION "OpenSSH_4.3"
4 4
5#define SSH_PORTABLE "p1" 5#define SSH_PORTABLE "p2"
6#define SSH_RELEASE SSH_VERSION SSH_PORTABLE 6#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-11 02:31:48 +0000