summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog177
-rw-r--r--INSTALL18
-rw-r--r--README2
-rw-r--r--auth-options.c8
-rw-r--r--auth-pam.c22
-rw-r--r--auth-passwd.c1
-rw-r--r--auth-sia.c2
-rw-r--r--auth-sia.h1
-rw-r--r--auth.c5
-rw-r--r--auth.h4
-rw-r--r--bufaux.c4
-rw-r--r--bufaux.h4
-rw-r--r--buffer.c8
-rw-r--r--buffer.h5
-rw-r--r--buildpkg.sh.in8
-rw-r--r--canohost.c2
-rw-r--r--channels.c27
-rw-r--r--clientloop.c4
-rwxr-xr-xconfig.guess3
-rw-r--r--config.h.in7
-rwxr-xr-xconfigure241
-rw-r--r--configure.ac201
-rwxr-xr-xcontrib/aix/buildbff.sh4
-rw-r--r--contrib/caldera/openssh.spec14
-rw-r--r--contrib/cygwin/ssh-host-config16
-rw-r--r--contrib/redhat/openssh.spec2
-rw-r--r--contrib/suse/openssh.spec2
-rw-r--r--hostfile.c8
-rw-r--r--log.c1
-rw-r--r--misc.c8
-rw-r--r--monitor.c8
-rw-r--r--openbsd-compat/bsd-cygwin_util.c7
-rw-r--r--openbsd-compat/port-aix.c4
-rw-r--r--openbsd-compat/port-aix.h4
-rw-r--r--openbsd-compat/readpassphrase.c7
-rw-r--r--readconf.c10
-rw-r--r--regress/multiplex.sh6
-rw-r--r--regress/test-exec.sh2
-rw-r--r--scp.02
-rw-r--r--scp.c11
-rw-r--r--servconf.c4
-rw-r--r--session.c3
-rw-r--r--sftp-client.c6
-rw-r--r--sftp-server.02
-rw-r--r--sftp.02
-rw-r--r--sftp.c4
-rw-r--r--ssh-add.02
-rw-r--r--ssh-add.c6
-rw-r--r--ssh-agent.02
-rw-r--r--ssh-keygen.017
-rw-r--r--ssh-keygen.18
-rw-r--r--ssh-keygen.c6
-rw-r--r--ssh-keyscan.02
-rw-r--r--ssh-keysign.02
-rw-r--r--ssh-rand-helper.02
-rw-r--r--ssh.02
-rw-r--r--ssh.c12
-rw-r--r--ssh_config.043
-rw-r--r--ssh_config.546
-rw-r--r--sshconnect.c6
-rw-r--r--sshd.02
-rw-r--r--sshd.c2
-rw-r--r--sshd_config.04
-rw-r--r--sshd_config.54
-rw-r--r--version.h4
65 files changed, 722 insertions, 341 deletions
diff --git a/ChangeLog b/ChangeLog
index 046e32e8a..15ce35ce7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,178 @@
120050524
2 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
3 [contrib/suse/openssh.spec] Update spec file versions to 4.1p1
4 - (dtucker) [auth-pam.c] Since people don't seem to be getting the message
5 that USE_POSIX_THREADS is unsupported, not recommended and generally a bad
6 idea, it is now known as UNSUPPORTED_POSIX_THREADS_HACK. Attempting to use
7 USE_POSIX_THREADS will now generate an error so we don't silently change
8 behaviour. ok djm@
9 - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Ensure sufficient memory
10 allocation when retrieving core Windows environment. Add CYGWIN variable
11 to propagated variables. Patch from vinschen at redhat.com, ok djm@
12 - (djm) Release 4.1p1
13
1420050524
15 - (djm) [openbsd-compat/readpassphrase.c] bz #950: Retry tcsetattr to ensure
16 terminal modes are reset correctly. Fix from peak AT argo.troja.mff.cuni.cz;
17 "looks ok" dtucker@
18
1920050512
20 - (tim) [buildpkg.sh.in] missing ${PKG_INSTALL_ROOT} in init script
21 hard link section. Bug 1038.
22
2320050509
24 - (dtucker) [contrib/cygwin/ssh-host-config] Add a test and warning for a
25 user-mode mounts in Cygwin installation. Patch from vinschen at redhat.com.
26
2720050504
28 - (djm) [ssh.c] some systems return EADDRINUSE on a bind to an already-used
29 unix domain socket, so catch that too; from jakob@ ok dtucker@
30
3120050503
32 - (dtucker) [canohost.c] normalise socket addresses returned by
33 get_remote_hostname(). This means that IPv4 addresses in log messages
34 on IPv6 enabled machines will no longer be prefixed by "::ffff:" and
35 AllowUsers, DenyUsers, AllowGroups, DenyGroups will match IPv4-style
36 addresses only for 4-in-6 mapped connections, regardless of whether
37 or not the machine is IPv6 enabled. ok djm@
38
3920050425
40 - (dtucker) [regress/multiplex.sh] Use "kill -0 $pid" to check for the
41 existence of a process since it's more portable. Found by jbasney at
42 ncsa.uiuc.edu; ok tim@
43 - (dtucker) [regress/multiplex.sh] Remove cleanup call since test-exec.sh
44 will clean up anyway. From tim@
45 - (dtucker) [regress/multiplex.sh] Put control socket in /tmp so running
46 "make tests" works even if you're building on a filesystem that doesn't
47 support sockets. From deengert at anl.gov, ok djm@
48
4920050424
50 - (dtucker) [INSTALL configure.ac] Make zlib version check test for 1.1.4 or
51 1.2.1.2 or higher. With tim@, ok djm@
52
5320050423
54 - (tim) [config.guess] Add support for OpenServer 6.
55
5620050421
57 - (dtucker) [session.c] Bug #1024: Don't check pam_session_is_open if
58 UseLogin is set as PAM is not used to establish credentials in that
59 case. Found by Michael Selvesteen, ok djm@
60
6120050419
62 - (dtucker) [INSTALL] Reference README.privsep for the privilege separation
63 requirements. Pointed out by Bengt Svensson.
64 - (dtucker) [INSTALL] Put the s/key text and URL back together.
65 - (dtucker) [INSTALL] Fix s/key text too.
66
6720050411
68 - (tim) [configure.ac] UnixWare needs PASSWD_NEEDS_USERNAME
69
7020050405
71 - (dtucker) [configure.ac] Define HAVE_SO_PEERCRED if we have it. ok djm@
72 - (dtucker) [auth-sia.c] Constify sys_auth_passwd, fixes build error on
73 Tru64. Patch from cmadams at hiwaay.net.
74 - (dtucker) [auth-passwd.c auth-sia.h] Remove duplicate definitions of
75 sys_auth_passwd, pointed out by cmadams at hiwaay.net.
76
7720050403
78 - (djm) OpenBSD CVS Sync
79 - deraadt@cvs.openbsd.org 2005/03/31 18:39:21
80 [scp.c]
81 copy argv[] element instead of smashing the one that ps will see; ok otto
82 - djm@cvs.openbsd.org 2005/04/02 12:41:16
83 [scp.c]
84 since ssh has xstrdup, use it instead of strdup+test. unbreaks -Werror
85 build
86 - (dtucker) [monitor.c] Don't free buffers in audit functions, monitor_read
87 will free as needed. ok tim@ djm@
88
8920050331
90 - (dtucker) OpenBSD CVS Sync
91 - jmc@cvs.openbsd.org 2005/03/16 11:10:38
92 [ssh_config.5]
93 get the syntax right for {Local,Remote}Forward;
94 based on a diff from markus;
95 problem report from ponraj;
96 ok dtucker@ markus@ deraadt@
97 - markus@cvs.openbsd.org 2005/03/16 21:17:39
98 [version.h]
99 4.1
100 - jmc@cvs.openbsd.org 2005/03/18 17:05:00
101 [sshd_config.5]
102 typo;
103 - (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006: fix bug in
104 handling of password expiry messages returned by AIX's authentication
105 routines, originally reported by robvdwal at sara.nl.
106 - (dtucker) [ssh.c] Prevent null pointer deref in port forwarding debug
107 message on some platforms. Patch from pete at seebeyond.com via djm.
108 - (dtucker) [monitor.c] Remaining part of fix for bug #1006.
109
11020050329
111 - (dtucker) [contrib/aix/buildbff.sh] Bug #1005: Look up only the user we're
112 interested in which is much faster in large (eg LDAP or NIS) environments.
113 Patch from dleonard at vintela.com.
114
11520050321
116 - (dtucker) [configure.ac] Prevent configure --with-zlib from adding -Iyes
117 and -Lyes to CFLAGS and LIBS. Pointed out by peter at slagheap.net,
118 with & ok tim@
119 - (dtucker) [configure.ac] Make configure error out if the user specifies
120 --with-libedit but the required libs can't be found, rather than silently
121 ignoring and continuing. ok tim@
122 - (dtucker) [configure.ac openbsd-compat/port-aix.h] Prevent redefinitions
123 of setauthdb on AIX 5.3, reported by anders.liljegren at its.uu.se.
124
12520050317
126 - (tim) [configure.ac] Bug 998. Make path for --with-opensc optional.
127 Make --without-opensc work.
128 - (tim) [configure.ac] portability changes on test statements. Some shells
129 have problems with -a operator.
130 - (tim) [configure.ac] make some configure options a little more error proof.
131 - (tim) [configure.ac] remove trailing white space.
132
13320050314
134 - (dtucker) OpenBSD CVS Sync
135 - dtucker@cvs.openbsd.org 2005/03/10 10:15:02
136 [readconf.c]
137 Check listen addresses for null, prevents xfree from dying during
138 ClearAllForwardings (bz #996). From Craig Leres, ok markus@
139 - deraadt@cvs.openbsd.org 2005/03/10 22:01:05
140 [misc.c ssh-keygen.c servconf.c clientloop.c auth-options.c ssh-add.c
141 monitor.c sftp-client.c bufaux.h hostfile.c ssh.c sshconnect.c channels.c
142 readconf.c bufaux.c sftp.c]
143 spacing
144 - deraadt@cvs.openbsd.org 2005/03/10 22:40:38
145 [auth-options.c]
146 spacing
147 - markus@cvs.openbsd.org 2005/03/11 14:59:06
148 [ssh-keygen.c]
149 typo, missing \n; mpech
150 - jmc@cvs.openbsd.org 2005/03/12 11:55:03
151 [ssh_config.5]
152 escape `.' at eol to avoid double spacing issues;
153 - dtucker@cvs.openbsd.org 2005/03/14 10:09:03
154 [ssh-keygen.1]
155 Correct description of -H (bz #997); ok markus@, punctuation jmc@
156 - dtucker@cvs.openbsd.org 2005/03/14 11:44:42
157 [auth.c]
158 Populate host for log message for logins denied by AllowUsers and
159 DenyUsers (bz #999); ok markus@ (patch by tryponraj at gmail.com)
160 - markus@cvs.openbsd.org 2005/03/14 11:46:56
161 [buffer.c buffer.h channels.c]
162 limit input buffer size for channels; bugzilla #896; with and ok dtucker@
163 - (tim) [contrib/caldera/openssh.spec] links in rc?.d were getting trashed
164 with a rpm -F
165
16620050313
167 - (dtucker) [contrib/cygwin/ssh-host-config] Makes the query for the
168 localized name of the local administrators group more reliable. From
169 vinschen at redhat.com.
170
17120050312
172 - (dtucker) [regress/test-exec.sh] DEBUG can cause problems where debug
173 output ends up in the client's output, causing regress failures. Found
174 by Corinna Vinschen.
175
120050309 17620050309
2 - (dtucker) [regress/test-exec.sh] Set BIN_SH=xpg4 on OSF1/Digital Unix/Tru64 177 - (dtucker) [regress/test-exec.sh] Set BIN_SH=xpg4 on OSF1/Digital Unix/Tru64
3 so that regress tests behave. From Chris Adams. 178 so that regress tests behave. From Chris Adams.
@@ -2321,4 +2496,4 @@
2321 - (djm) Trim deprecated options from INSTALL. Mention UsePAM 2496 - (djm) Trim deprecated options from INSTALL. Mention UsePAM
2322 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu 2497 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
2323 2498
2324$Id: ChangeLog,v 1.3707.2.1 2005/03/09 04:52:09 djm Exp $ 2499$Id: ChangeLog,v 1.3758.2.2 2005/05/25 12:24:56 djm Exp $
diff --git a/INSTALL b/INSTALL
index 4fc3744f3..753d2d061 100644
--- a/INSTALL
+++ b/INSTALL
@@ -3,7 +3,7 @@
3 3
4You will need working installations of Zlib and OpenSSL. 4You will need working installations of Zlib and OpenSSL.
5 5
6Zlib 1.1.4 or greater: 6Zlib 1.1.4 or 1.2.1.2 or greater (ealier 1.2.x versions have problems):
7http://www.gzip.org/zlib/ 7http://www.gzip.org/zlib/
8 8
9OpenSSL 0.9.6 or greater: 9OpenSSL 0.9.6 or greater:
@@ -50,20 +50,20 @@ lacks /dev/random and don't want to use OpenSSH's internal entropy collection.
50http://www.lothar.com/tech/crypto/ 50http://www.lothar.com/tech/crypto/
51 51
52S/Key Libraries: 52S/Key Libraries:
53
54If you wish to use --with-skey then you will need the library below
55installed. No other S/Key library is currently known to be supported.
56
53http://www.sparc.spb.su/solaris/skey/ 57http://www.sparc.spb.su/solaris/skey/
54 58
55LibEdit: 59LibEdit:
56
57sftp now supports command-line editing via NetBSD's libedit. If your 60sftp now supports command-line editing via NetBSD's libedit. If your
58platform has it available natively you can use that, alternatively 61platform has it available natively you can use that, alternatively
59you might try these multi-platform ports: 62you might try these multi-platform ports:
63
60http://www.thrysoee.dk/editline/ 64http://www.thrysoee.dk/editline/
61http://sourceforge.net/projects/libedit/ 65http://sourceforge.net/projects/libedit/
62 66
63If you wish to use --with-skey then you will need the above library
64installed. No other current S/Key library is currently known to be
65supported.
66
672. Building / Installation 672. Building / Installation
68-------------------------- 68--------------------------
69 69
@@ -91,6 +91,10 @@ make install
91This will install the binaries in /opt/{bin,lib,sbin}, but will place the 91This will install the binaries in /opt/{bin,lib,sbin}, but will place the
92configuration files in /etc/ssh. 92configuration files in /etc/ssh.
93 93
94If you are using Privilege Separation (which is enabled by default)
95then you will also need to create the user, group and directory used by
96sshd for privilege separation. See README.privsep for details.
97
94If you are using PAM, you may need to manually install a PAM control 98If you are using PAM, you may need to manually install a PAM control
95file as "/etc/pam.d/sshd" (or wherever your system prefers to keep 99file as "/etc/pam.d/sshd" (or wherever your system prefers to keep
96them). Note that the service name used to start PAM is __progname, 100them). Note that the service name used to start PAM is __progname,
@@ -221,4 +225,4 @@ Please refer to the "reporting bugs" section of the webpage at
221http://www.openssh.com/ 225http://www.openssh.com/
222 226
223 227
224$Id: INSTALL,v 1.66 2005/01/18 01:05:18 dtucker Exp $ 228$Id: INSTALL,v 1.70 2005/04/24 07:52:23 dtucker Exp $
diff --git a/README b/README
index 0c5335ff5..93682c3cb 100644
--- a/README
+++ b/README
@@ -61,4 +61,4 @@ References -
61[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 61[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
62[7] http://www.openssh.com/faq.html 62[7] http://www.openssh.com/faq.html
63 63
64$Id: README,v 1.56.4.1 2005/03/09 03:12:09 djm Exp $ 64$Id: README,v 1.57 2005/03/09 03:32:28 dtucker Exp $
diff --git a/auth-options.c b/auth-options.c
index 04d12d66e..a85e40835 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -10,7 +10,7 @@
10 */ 10 */
11 11
12#include "includes.h" 12#include "includes.h"
13RCSID("$OpenBSD: auth-options.c,v 1.29 2005/03/01 10:09:52 djm Exp $"); 13RCSID("$OpenBSD: auth-options.c,v 1.31 2005/03/10 22:40:38 deraadt Exp $");
14 14
15#include "xmalloc.h" 15#include "xmalloc.h"
16#include "match.h" 16#include "match.h"
@@ -247,7 +247,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
247 host = hpdelim(&p); 247 host = hpdelim(&p);
248 if (host == NULL || strlen(host) >= NI_MAXHOST) { 248 if (host == NULL || strlen(host) >= NI_MAXHOST) {
249 debug("%.100s, line %lu: Bad permitopen " 249 debug("%.100s, line %lu: Bad permitopen "
250 "specification <%.100s>", file, linenum, 250 "specification <%.100s>", file, linenum,
251 patterns); 251 patterns);
252 auth_debug_add("%.100s, line %lu: " 252 auth_debug_add("%.100s, line %lu: "
253 "Bad permitopen specification", file, 253 "Bad permitopen specification", file,
@@ -255,8 +255,8 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
255 xfree(patterns); 255 xfree(patterns);
256 goto bad_option; 256 goto bad_option;
257 } 257 }
258 host = cleanhostname(host); 258 host = cleanhostname(host);
259 if (p == NULL || (port = a2port(p)) == 0) { 259 if (p == NULL || (port = a2port(p)) == 0) {
260 debug("%.100s, line %lu: Bad permitopen port " 260 debug("%.100s, line %lu: Bad permitopen port "
261 "<%.100s>", file, linenum, p ? p : ""); 261 "<%.100s>", file, linenum, p ? p : "");
262 auth_debug_add("%.100s, line %lu: " 262 auth_debug_add("%.100s, line %lu: "
diff --git a/auth-pam.c b/auth-pam.c
index 6ce8c429b..a8d372aac 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -47,7 +47,7 @@
47 47
48/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ 48/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
49#include "includes.h" 49#include "includes.h"
50RCSID("$Id: auth-pam.c,v 1.121 2005/01/20 02:29:51 dtucker Exp $"); 50RCSID("$Id: auth-pam.c,v 1.122 2005/05/25 06:18:10 dtucker Exp $");
51 51
52#ifdef USE_PAM 52#ifdef USE_PAM
53#if defined(HAVE_SECURITY_PAM_APPL_H) 53#if defined(HAVE_SECURITY_PAM_APPL_H)
@@ -76,7 +76,17 @@ extern Buffer loginmsg;
76extern int compat20; 76extern int compat20;
77extern u_int utmp_len; 77extern u_int utmp_len;
78 78
79/* so we don't silently change behaviour */
79#ifdef USE_POSIX_THREADS 80#ifdef USE_POSIX_THREADS
81# error "USE_POSIX_THREADS replaced by UNSUPPORTED_POSIX_THREADS_HACK"
82#endif
83
84/*
85 * Formerly known as USE_POSIX_THREADS, using this is completely unsupported
86 * and generally a bad idea. Use at own risk and do not expect support if
87 * this breaks.
88 */
89#ifdef UNSUPPORTED_POSIX_THREADS_HACK
80#include <pthread.h> 90#include <pthread.h>
81/* 91/*
82 * Avoid namespace clash when *not* using pthreads for systems *with* 92 * Avoid namespace clash when *not* using pthreads for systems *with*
@@ -98,7 +108,7 @@ struct pam_ctxt {
98static void sshpam_free_ctx(void *); 108static void sshpam_free_ctx(void *);
99static struct pam_ctxt *cleanup_ctxt; 109static struct pam_ctxt *cleanup_ctxt;
100 110
101#ifndef USE_POSIX_THREADS 111#ifndef UNSUPPORTED_POSIX_THREADS_HACK
102/* 112/*
103 * Simulate threads with processes. 113 * Simulate threads with processes.
104 */ 114 */
@@ -255,7 +265,7 @@ import_environments(Buffer *b)
255 265
256 debug3("PAM: %s entering", __func__); 266 debug3("PAM: %s entering", __func__);
257 267
258#ifndef USE_POSIX_THREADS 268#ifndef UNSUPPORTED_POSIX_THREADS_HACK
259 /* Import variables set by do_pam_account */ 269 /* Import variables set by do_pam_account */
260 sshpam_account_status = buffer_get_int(b); 270 sshpam_account_status = buffer_get_int(b);
261 sshpam_password_change_required(buffer_get_int(b)); 271 sshpam_password_change_required(buffer_get_int(b));
@@ -384,7 +394,7 @@ sshpam_thread(void *ctxtp)
384 struct pam_conv sshpam_conv; 394 struct pam_conv sshpam_conv;
385 int flags = (options.permit_empty_passwd == 0 ? 395 int flags = (options.permit_empty_passwd == 0 ?
386 PAM_DISALLOW_NULL_AUTHTOK : 0); 396 PAM_DISALLOW_NULL_AUTHTOK : 0);
387#ifndef USE_POSIX_THREADS 397#ifndef UNSUPPORTED_POSIX_THREADS_HACK
388 extern char **environ; 398 extern char **environ;
389 char **env_from_pam; 399 char **env_from_pam;
390 u_int i; 400 u_int i;
@@ -428,7 +438,7 @@ sshpam_thread(void *ctxtp)
428 438
429 buffer_put_cstring(&buffer, "OK"); 439 buffer_put_cstring(&buffer, "OK");
430 440
431#ifndef USE_POSIX_THREADS 441#ifndef UNSUPPORTED_POSIX_THREADS_HACK
432 /* Export variables set by do_pam_account */ 442 /* Export variables set by do_pam_account */
433 buffer_put_int(&buffer, sshpam_account_status); 443 buffer_put_int(&buffer, sshpam_account_status);
434 buffer_put_int(&buffer, sshpam_authctxt->force_pwchange); 444 buffer_put_int(&buffer, sshpam_authctxt->force_pwchange);
@@ -447,7 +457,7 @@ sshpam_thread(void *ctxtp)
447 buffer_put_int(&buffer, i); 457 buffer_put_int(&buffer, i);
448 for(i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++) 458 for(i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++)
449 buffer_put_cstring(&buffer, env_from_pam[i]); 459 buffer_put_cstring(&buffer, env_from_pam[i]);
450#endif /* USE_POSIX_THREADS */ 460#endif /* UNSUPPORTED_POSIX_THREADS_HACK */
451 461
452 /* XXX - can't do much about an error here */ 462 /* XXX - can't do much about an error here */
453 ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer); 463 ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer);
diff --git a/auth-passwd.c b/auth-passwd.c
index 27ece3f72..654e0b821 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -47,7 +47,6 @@ RCSID("$OpenBSD: auth-passwd.c,v 1.33 2005/01/24 11:47:13 dtucker Exp $");
47 47
48extern Buffer loginmsg; 48extern Buffer loginmsg;
49extern ServerOptions options; 49extern ServerOptions options;
50int sys_auth_passwd(Authctxt *, const char *);
51 50
52#ifdef HAVE_LOGIN_CAP 51#ifdef HAVE_LOGIN_CAP
53extern login_cap_t *lc; 52extern login_cap_t *lc;
diff --git a/auth-sia.c b/auth-sia.c
index 63f55d07f..af7182b48 100644
--- a/auth-sia.c
+++ b/auth-sia.c
@@ -47,7 +47,7 @@ extern int saved_argc;
47extern char **saved_argv; 47extern char **saved_argv;
48 48
49int 49int
50sys_auth_passwd(Authctxt *authctxt, char *pass) 50sys_auth_passwd(Authctxt *authctxt, const char *pass)
51{ 51{
52 int ret; 52 int ret;
53 SIAENTITY *ent = NULL; 53 SIAENTITY *ent = NULL;
diff --git a/auth-sia.h b/auth-sia.h
index ca55e913e..27cbb93f1 100644
--- a/auth-sia.h
+++ b/auth-sia.h
@@ -26,7 +26,6 @@
26 26
27#ifdef HAVE_OSF_SIA 27#ifdef HAVE_OSF_SIA
28 28
29int sys_auth_passwd(Authctxt *, char *);
30void session_setup_sia(struct passwd *, char *); 29void session_setup_sia(struct passwd *, char *);
31 30
32#endif /* HAVE_OSF_SIA */ 31#endif /* HAVE_OSF_SIA */
diff --git a/auth.c b/auth.c
index 256807683..46b013137 100644
--- a/auth.c
+++ b/auth.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth.c,v 1.57 2005/01/22 08:17:59 dtucker Exp $"); 26RCSID("$OpenBSD: auth.c,v 1.58 2005/03/14 11:44:42 dtucker Exp $");
27 27
28#ifdef HAVE_LOGIN_H 28#ifdef HAVE_LOGIN_H
29#include <login.h> 29#include <login.h>
@@ -145,7 +145,8 @@ allowed_user(struct passwd * pw)
145 return 0; 145 return 0;
146 } 146 }
147 147
148 if (options.num_deny_users > 0 || options.num_allow_users > 0) { 148 if (options.num_deny_users > 0 || options.num_allow_users > 0 ||
149 options.num_deny_groups > 0 || options.num_allow_groups > 0) {
149 hostname = get_canonical_hostname(options.use_dns); 150 hostname = get_canonical_hostname(options.use_dns);
150 ipaddr = get_remote_ipaddr(); 151 ipaddr = get_remote_ipaddr();
151 } 152 }
diff --git a/auth.h b/auth.h
index 8d1f93403..471404e4e 100644
--- a/auth.h
+++ b/auth.h
@@ -30,6 +30,7 @@
30 30
31#include "key.h" 31#include "key.h"
32#include "hostfile.h" 32#include "hostfile.h"
33#include "buffer.h"
33#include <openssl/rsa.h> 34#include <openssl/rsa.h>
34 35
35#ifdef HAVE_LOGIN_CAP 36#ifdef HAVE_LOGIN_CAP
@@ -68,6 +69,7 @@ struct Authctxt {
68 char *krb5_ticket_file; 69 char *krb5_ticket_file;
69 char *krb5_ccname; 70 char *krb5_ccname;
70#endif 71#endif
72 Buffer *loginmsg;
71 void *methoddata; 73 void *methoddata;
72}; 74};
73/* 75/*
@@ -185,6 +187,8 @@ void auth_debug_reset(void);
185 187
186struct passwd *fakepw(void); 188struct passwd *fakepw(void);
187 189
190int sys_auth_passwd(Authctxt *, const char *);
191
188#define AUTH_FAIL_MSG "Too many authentication failures for %.100s" 192#define AUTH_FAIL_MSG "Too many authentication failures for %.100s"
189 193
190#define SKEY_PROMPT "\nS/Key Password: " 194#define SKEY_PROMPT "\nS/Key Password: "
diff --git a/bufaux.c b/bufaux.c
index 4ea6af1b6..5dbf2b770 100644
--- a/bufaux.c
+++ b/bufaux.c
@@ -37,7 +37,7 @@
37 */ 37 */
38 38
39#include "includes.h" 39#include "includes.h"
40RCSID("$OpenBSD: bufaux.c,v 1.34 2004/12/06 16:00:43 markus Exp $"); 40RCSID("$OpenBSD: bufaux.c,v 1.35 2005/03/10 22:01:05 deraadt Exp $");
41 41
42#include <openssl/bn.h> 42#include <openssl/bn.h>
43#include "bufaux.h" 43#include "bufaux.h"
@@ -179,7 +179,7 @@ buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value)
179{ 179{
180 u_int len; 180 u_int len;
181 u_char *bin; 181 u_char *bin;
182 182
183 if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) { 183 if ((bin = buffer_get_string_ret(buffer, &len)) == NULL) {
184 error("buffer_get_bignum2_ret: invalid bignum"); 184 error("buffer_get_bignum2_ret: invalid bignum");
185 return (-1); 185 return (-1);
diff --git a/bufaux.h b/bufaux.h
index e30911ddc..f5efaed3e 100644
--- a/bufaux.h
+++ b/bufaux.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: bufaux.h,v 1.20 2004/10/29 23:56:17 djm Exp $ */ 1/* $OpenBSD: bufaux.h,v 1.21 2005/03/10 22:01:05 deraadt Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -40,7 +40,7 @@ void buffer_put_string(Buffer *, const void *, u_int);
40void buffer_put_cstring(Buffer *, const char *); 40void buffer_put_cstring(Buffer *, const char *);
41 41
42#define buffer_skip_string(b) \ 42#define buffer_skip_string(b) \
43 do { u_int l = buffer_get_int(b); buffer_consume(b, l); } while(0) 43 do { u_int l = buffer_get_int(b); buffer_consume(b, l); } while (0)
44 44
45int buffer_put_bignum_ret(Buffer *, const BIGNUM *); 45int buffer_put_bignum_ret(Buffer *, const BIGNUM *);
46int buffer_get_bignum_ret(Buffer *, BIGNUM *); 46int buffer_get_bignum_ret(Buffer *, BIGNUM *);
diff --git a/buffer.c b/buffer.c
index 1a25004ba..487e08105 100644
--- a/buffer.c
+++ b/buffer.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: buffer.c,v 1.22 2004/10/29 23:56:17 djm Exp $"); 15RCSID("$OpenBSD: buffer.c,v 1.23 2005/03/14 11:46:56 markus Exp $");
16 16
17#include "xmalloc.h" 17#include "xmalloc.h"
18#include "buffer.h" 18#include "buffer.h"
@@ -78,7 +78,7 @@ buffer_append_space(Buffer *buffer, u_int len)
78 u_int newlen; 78 u_int newlen;
79 void *p; 79 void *p;
80 80
81 if (len > 0x100000) 81 if (len > BUFFER_MAX_CHUNK)
82 fatal("buffer_append_space: len %u not supported", len); 82 fatal("buffer_append_space: len %u not supported", len);
83 83
84 /* If the buffer is empty, start using it from the beginning. */ 84 /* If the buffer is empty, start using it from the beginning. */
@@ -97,7 +97,7 @@ restart:
97 * If the buffer is quite empty, but all data is at the end, move the 97 * If the buffer is quite empty, but all data is at the end, move the
98 * data to the beginning and retry. 98 * data to the beginning and retry.
99 */ 99 */
100 if (buffer->offset > buffer->alloc / 2) { 100 if (buffer->offset > MIN(buffer->alloc, BUFFER_MAX_CHUNK)) {
101 memmove(buffer->buf, buffer->buf + buffer->offset, 101 memmove(buffer->buf, buffer->buf + buffer->offset,
102 buffer->end - buffer->offset); 102 buffer->end - buffer->offset);
103 buffer->end -= buffer->offset; 103 buffer->end -= buffer->offset;
@@ -107,7 +107,7 @@ restart:
107 /* Increase the size of the buffer and retry. */ 107 /* Increase the size of the buffer and retry. */
108 108
109 newlen = buffer->alloc + len + 32768; 109 newlen = buffer->alloc + len + 32768;
110 if (newlen > 0xa00000) 110 if (newlen > BUFFER_MAX_LEN)
111 fatal("buffer_append_space: alloc %u not supported", 111 fatal("buffer_append_space: alloc %u not supported",
112 newlen); 112 newlen);
113 buffer->buf = xrealloc(buffer->buf, newlen); 113 buffer->buf = xrealloc(buffer->buf, newlen);
diff --git a/buffer.h b/buffer.h
index 9c09d4f43..2b20eed52 100644
--- a/buffer.h
+++ b/buffer.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: buffer.h,v 1.12 2004/10/29 23:56:17 djm Exp $ */ 1/* $OpenBSD: buffer.h,v 1.13 2005/03/14 11:46:56 markus Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -23,6 +23,9 @@ typedef struct {
23 u_int end; /* Offset of last byte containing data. */ 23 u_int end; /* Offset of last byte containing data. */
24} Buffer; 24} Buffer;
25 25
26#define BUFFER_MAX_CHUNK 0x100000
27#define BUFFER_MAX_LEN 0xa00000
28
26void buffer_init(Buffer *); 29void buffer_init(Buffer *);
27void buffer_clear(Buffer *); 30void buffer_clear(Buffer *);
28void buffer_free(Buffer *); 31void buffer_free(Buffer *);
diff --git a/buildpkg.sh.in b/buildpkg.sh.in
index f243e90bf..f90ae6e81 100644
--- a/buildpkg.sh.in
+++ b/buildpkg.sh.in
@@ -282,11 +282,11 @@ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SY
282 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s 282 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
283else 283else
284 [ "$RCS_D" = yes ] && \ 284 [ "$RCS_D" = yes ] && \
285installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l 285installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
286 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l 286 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
287 [ "$RC1_D" = no ] || \ 287 [ "$RC1_D" = no ] || \
288 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l 288 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
289 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l 289 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
290fi 290fi
291 291
292# If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh) 292# If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh)
diff --git a/canohost.c b/canohost.c
index 1c22d4770..94d666432 100644
--- a/canohost.c
+++ b/canohost.c
@@ -251,6 +251,8 @@ get_socket_address(int sock, int remote, int flags)
251 if (addr.ss_family == AF_INET6) 251 if (addr.ss_family == AF_INET6)
252 addrlen = sizeof(struct sockaddr_in6); 252 addrlen = sizeof(struct sockaddr_in6);
253 253
254 ipv64_normalise_mapped(&addr, &addrlen);
255
254 /* Get the address in ascii. */ 256 /* Get the address in ascii. */
255 if ((r = getnameinfo((struct sockaddr *)&addr, addrlen, ntop, 257 if ((r = getnameinfo((struct sockaddr *)&addr, addrlen, ntop,
256 sizeof(ntop), NULL, 0, flags)) != 0) { 258 sizeof(ntop), NULL, 0, flags)) != 0) {
diff --git a/channels.c b/channels.c
index 1be213bce..3f6db60c6 100644
--- a/channels.c
+++ b/channels.c
@@ -39,7 +39,7 @@
39 */ 39 */
40 40
41#include "includes.h" 41#include "includes.h"
42RCSID("$OpenBSD: channels.c,v 1.212 2005/03/01 10:09:52 djm Exp $"); 42RCSID("$OpenBSD: channels.c,v 1.214 2005/03/14 11:46:56 markus Exp $");
43 43
44#include "ssh.h" 44#include "ssh.h"
45#include "ssh1.h" 45#include "ssh1.h"
@@ -58,6 +58,8 @@ RCSID("$OpenBSD: channels.c,v 1.212 2005/03/01 10:09:52 djm Exp $");
58 58
59/* -- channel core */ 59/* -- channel core */
60 60
61#define CHAN_RBUF 16*1024
62
61/* 63/*
62 * Pointer to an array containing all allocated channels. The array is 64 * Pointer to an array containing all allocated channels. The array is
63 * dynamically extended as needed. 65 * dynamically extended as needed.
@@ -712,6 +714,9 @@ channel_pre_open(Channel *c, fd_set * readset, fd_set * writeset)
712{ 714{
713 u_int limit = compat20 ? c->remote_window : packet_get_maxsize(); 715 u_int limit = compat20 ? c->remote_window : packet_get_maxsize();
714 716
717 /* check buffer limits */
718 limit = MIN(limit, (BUFFER_MAX_LEN - BUFFER_MAX_CHUNK - CHAN_RBUF));
719
715 if (c->istate == CHAN_INPUT_OPEN && 720 if (c->istate == CHAN_INPUT_OPEN &&
716 limit > 0 && 721 limit > 0 &&
717 buffer_len(&c->input) < limit) 722 buffer_len(&c->input) < limit)
@@ -1018,7 +1023,7 @@ channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset)
1018 debug2("channel %d: only socks5 connect supported", c->self); 1023 debug2("channel %d: only socks5 connect supported", c->self);
1019 return -1; 1024 return -1;
1020 } 1025 }
1021 switch(s5_req.atyp){ 1026 switch (s5_req.atyp){
1022 case SSH_SOCKS5_IPV4: 1027 case SSH_SOCKS5_IPV4:
1023 addrlen = 4; 1028 addrlen = 4;
1024 af = AF_INET; 1029 af = AF_INET;
@@ -1360,7 +1365,7 @@ channel_post_connecting(Channel *c, fd_set * readset, fd_set * writeset)
1360static int 1365static int
1361channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset) 1366channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset)
1362{ 1367{
1363 char buf[16*1024]; 1368 char buf[CHAN_RBUF];
1364 int len; 1369 int len;
1365 1370
1366 if (c->rfd != -1 && 1371 if (c->rfd != -1 &&
@@ -1454,7 +1459,7 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset)
1454static int 1459static int
1455channel_handle_efd(Channel *c, fd_set * readset, fd_set * writeset) 1460channel_handle_efd(Channel *c, fd_set * readset, fd_set * writeset)
1456{ 1461{
1457 char buf[16*1024]; 1462 char buf[CHAN_RBUF];
1458 int len; 1463 int len;
1459 1464
1460/** XXX handle drain efd, too */ 1465/** XXX handle drain efd, too */
@@ -2199,11 +2204,11 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por
2199 2204
2200 /* 2205 /*
2201 * Determine whether or not a port forward listens to loopback, 2206 * Determine whether or not a port forward listens to loopback,
2202 * specified address or wildcard. On the client, a specified bind 2207 * specified address or wildcard. On the client, a specified bind
2203 * address will always override gateway_ports. On the server, a 2208 * address will always override gateway_ports. On the server, a
2204 * gateway_ports of 1 (``yes'') will override the client's 2209 * gateway_ports of 1 (``yes'') will override the client's
2205 * specification and force a wildcard bind, whereas a value of 2 2210 * specification and force a wildcard bind, whereas a value of 2
2206 * (``clientspecified'') will bind to whatever address the client 2211 * (``clientspecified'') will bind to whatever address the client
2207 * asked for. 2212 * asked for.
2208 * 2213 *
2209 * Special-case listen_addrs are: 2214 * Special-case listen_addrs are:
@@ -2317,7 +2322,7 @@ channel_cancel_rport_listener(const char *host, u_short port)
2317 u_int i; 2322 u_int i;
2318 int found = 0; 2323 int found = 0;
2319 2324
2320 for(i = 0; i < channels_alloc; i++) { 2325 for (i = 0; i < channels_alloc; i++) {
2321 Channel *c = channels[i]; 2326 Channel *c = channels[i];
2322 2327
2323 if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER && 2328 if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER &&
@@ -2629,7 +2634,7 @@ channel_send_window_changes(void)
2629 struct winsize ws; 2634 struct winsize ws;
2630 2635
2631 for (i = 0; i < channels_alloc; i++) { 2636 for (i = 0; i < channels_alloc; i++) {
2632 if (channels[i] == NULL || !channels[i]->client_tty || 2637 if (channels[i] == NULL || !channels[i]->client_tty ||
2633 channels[i]->type != SSH_CHANNEL_OPEN) 2638 channels[i]->type != SSH_CHANNEL_OPEN)
2634 continue; 2639 continue;
2635 if (ioctl(channels[i]->rfd, TIOCGWINSZ, &ws) < 0) 2640 if (ioctl(channels[i]->rfd, TIOCGWINSZ, &ws) < 0)
diff --git a/clientloop.c b/clientloop.c
index 1e250883f..1591215bd 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -59,7 +59,7 @@
59 */ 59 */
60 60
61#include "includes.h" 61#include "includes.h"
62RCSID("$OpenBSD: clientloop.c,v 1.135 2005/03/01 10:09:52 djm Exp $"); 62RCSID("$OpenBSD: clientloop.c,v 1.136 2005/03/10 22:01:05 deraadt Exp $");
63 63
64#include "ssh.h" 64#include "ssh.h"
65#include "ssh1.h" 65#include "ssh1.h"
@@ -627,7 +627,7 @@ client_process_control(fd_set * readset)
627 "to %s? ", host); 627 "to %s? ", host);
628 if (allowed) 628 if (allowed)
629 quit_pending = 1; 629 quit_pending = 1;
630 /* FALLTHROUGH */ 630 /* FALLTHROUGH */
631 case SSHMUX_COMMAND_ALIVE_CHECK: 631 case SSHMUX_COMMAND_ALIVE_CHECK:
632 /* Reply for SSHMUX_COMMAND_TERMINATE and ALIVE_CHECK */ 632 /* Reply for SSHMUX_COMMAND_TERMINATE and ALIVE_CHECK */
633 buffer_clear(&m); 633 buffer_clear(&m);
diff --git a/config.guess b/config.guess
index 500ee74b0..5adbef1f9 100755
--- a/config.guess
+++ b/config.guess
@@ -995,7 +995,8 @@ EOF
995 echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} 995 echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
996 fi 996 fi
997 exit 0 ;; 997 exit 0 ;;
998 i*86:*:5:[78]*) 998 i*86:*:5:[678]*)
999 # Unixware 7.x, OpenUNIX 8, & OpenServer 6
999 case `/bin/uname -X | grep "^Machine"` in 1000 case `/bin/uname -X | grep "^Machine"` in
1000 *486*) UNAME_MACHINE=i486 ;; 1001 *486*) UNAME_MACHINE=i486 ;;
1001 *Pentium) UNAME_MACHINE=i586 ;; 1002 *Pentium) UNAME_MACHINE=i586 ;;
diff --git a/config.h.in b/config.h.in
index 70f997323..400561d6a 100644
--- a/config.h.in
+++ b/config.h.in
@@ -525,6 +525,10 @@
525 don't. */ 525 don't. */
526#undef HAVE_DECL_PASSWDEXPIRED 526#undef HAVE_DECL_PASSWDEXPIRED
527 527
528/* Define to 1 if you have the declaration of `setauthdb', and to 0 if you
529 don't. */
530#undef HAVE_DECL_SETAUTHDB
531
528/* Define to 1 if you have the <dirent.h> header file. */ 532/* Define to 1 if you have the <dirent.h> header file. */
529#undef HAVE_DIRENT_H 533#undef HAVE_DIRENT_H
530 534
@@ -903,6 +907,9 @@
903/* Define to 1 if you have the `socketpair' function. */ 907/* Define to 1 if you have the `socketpair' function. */
904#undef HAVE_SOCKETPAIR 908#undef HAVE_SOCKETPAIR
905 909
910/* Have PEERCRED socket option */
911#undef HAVE_SO_PEERCRED
912
906/* Define to 1 if you have the <stddef.h> header file. */ 913/* Define to 1 if you have the <stddef.h> header file. */
907#undef HAVE_STDDEF_H 914#undef HAVE_STDDEF_H
908 915
diff --git a/configure b/configure
index 1bf7b0b0b..ef3609b70 100755
--- a/configure
+++ b/configure
@@ -881,7 +881,7 @@ Optional Packages:
881 --with-entropy-timeout Specify entropy gathering command timeout (msec) 881 --with-entropy-timeout Specify entropy gathering command timeout (msec)
882 --with-privsep-user=user Specify non-privileged user for privilege separation 882 --with-privsep-user=user Specify non-privileged user for privilege separation
883 --with-sectok Enable smartcard support using libsectok 883 --with-sectok Enable smartcard support using libsectok
884 --with-opensc=PFX Enable smartcard support using OpenSC 884--with-opensc[=PFX] Enable smartcard support using OpenSC (optionally in PATH)
885 --with-kerberos5=PATH Enable Kerberos 5 support 885 --with-kerberos5=PATH Enable Kerberos 5 support
886 --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty) 886 --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)
887 --with-xauth=PATH Specify path to xauth program 887 --with-xauth=PATH Specify path to xauth program
@@ -4643,6 +4643,77 @@ _ACEOF
4643 4643
4644 4644
4645fi 4645fi
4646echo "$as_me:$LINENO: checking whether setauthdb is declared" >&5
4647echo $ECHO_N "checking whether setauthdb is declared... $ECHO_C" >&6
4648if test "${ac_cv_have_decl_setauthdb+set}" = set; then
4649 echo $ECHO_N "(cached) $ECHO_C" >&6
4650else
4651 cat >conftest.$ac_ext <<_ACEOF
4652/* confdefs.h. */
4653_ACEOF
4654cat confdefs.h >>conftest.$ac_ext
4655cat >>conftest.$ac_ext <<_ACEOF
4656/* end confdefs.h. */
4657#include <usersec.h>
4658
4659int
4660main ()
4661{
4662#ifndef setauthdb
4663 char *p = (char *) setauthdb;
4664#endif
4665
4666 ;
4667 return 0;
4668}
4669_ACEOF
4670rm -f conftest.$ac_objext
4671if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
4672 (eval $ac_compile) 2>conftest.er1
4673 ac_status=$?
4674 grep -v '^ *+' conftest.er1 >conftest.err
4675 rm -f conftest.er1
4676 cat conftest.err >&5
4677 echo "$as_me:$LINENO: \$? = $ac_status" >&5
4678 (exit $ac_status); } &&
4679 { ac_try='test -z "$ac_c_werror_flag"
4680 || test ! -s conftest.err'
4681 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
4682 (eval $ac_try) 2>&5
4683 ac_status=$?
4684 echo "$as_me:$LINENO: \$? = $ac_status" >&5
4685 (exit $ac_status); }; } &&
4686 { ac_try='test -s conftest.$ac_objext'
4687 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
4688 (eval $ac_try) 2>&5
4689 ac_status=$?
4690 echo "$as_me:$LINENO: \$? = $ac_status" >&5
4691 (exit $ac_status); }; }; then
4692 ac_cv_have_decl_setauthdb=yes
4693else
4694 echo "$as_me: failed program was:" >&5
4695sed 's/^/| /' conftest.$ac_ext >&5
4696
4697ac_cv_have_decl_setauthdb=no
4698fi
4699rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
4700fi
4701echo "$as_me:$LINENO: result: $ac_cv_have_decl_setauthdb" >&5
4702echo "${ECHO_T}$ac_cv_have_decl_setauthdb" >&6
4703if test $ac_cv_have_decl_setauthdb = yes; then
4704
4705cat >>confdefs.h <<_ACEOF
4706#define HAVE_DECL_SETAUTHDB 1
4707_ACEOF
4708
4709
4710else
4711 cat >>confdefs.h <<_ACEOF
4712#define HAVE_DECL_SETAUTHDB 0
4713_ACEOF
4714
4715
4716fi
4646 4717
4647 4718
4648 echo "$as_me:$LINENO: checking whether loginfailed is declared" >&5 4719 echo "$as_me:$LINENO: checking whether loginfailed is declared" >&5
@@ -6004,6 +6075,11 @@ _ACEOF
6004#define BROKEN_SETREGID 1 6075#define BROKEN_SETREGID 1
6005_ACEOF 6076_ACEOF
6006 6077
6078
6079cat >>confdefs.h <<\_ACEOF
6080#define PASSWD_NEEDS_USERNAME 1
6081_ACEOF
6082
6007 ;; 6083 ;;
6008# UnixWare 7.x, OpenUNIX 8 6084# UnixWare 7.x, OpenUNIX 8
6009*-*-sysv5*) 6085*-*-sysv5*)
@@ -6023,6 +6099,11 @@ _ACEOF
6023#define BROKEN_SETREGID 1 6099#define BROKEN_SETREGID 1
6024_ACEOF 6100_ACEOF
6025 6101
6102
6103cat >>confdefs.h <<\_ACEOF
6104#define PASSWD_NEEDS_USERNAME 1
6105_ACEOF
6106
6026 ;; 6107 ;;
6027*-*-sysv*) 6108*-*-sysv*)
6028 ;; 6109 ;;
@@ -6363,7 +6444,8 @@ esac
6363if test "${with_cflags+set}" = set; then 6444if test "${with_cflags+set}" = set; then
6364 withval="$with_cflags" 6445 withval="$with_cflags"
6365 6446
6366 if test "x$withval" != "xno" ; then 6447 if test -n "$withval" && test "x$withval" != "xno" && \
6448 test "x${withval}" != "xyes"; then
6367 CFLAGS="$CFLAGS $withval" 6449 CFLAGS="$CFLAGS $withval"
6368 fi 6450 fi
6369 6451
@@ -6374,7 +6456,8 @@ fi;
6374if test "${with_cppflags+set}" = set; then 6456if test "${with_cppflags+set}" = set; then
6375 withval="$with_cppflags" 6457 withval="$with_cppflags"
6376 6458
6377 if test "x$withval" != "xno"; then 6459 if test -n "$withval" && test "x$withval" != "xno" && \
6460 test "x${withval}" != "xyes"; then
6378 CPPFLAGS="$CPPFLAGS $withval" 6461 CPPFLAGS="$CPPFLAGS $withval"
6379 fi 6462 fi
6380 6463
@@ -6385,7 +6468,8 @@ fi;
6385if test "${with_ldflags+set}" = set; then 6468if test "${with_ldflags+set}" = set; then
6386 withval="$with_ldflags" 6469 withval="$with_ldflags"
6387 6470
6388 if test "x$withval" != "xno" ; then 6471 if test -n "$withval" && test "x$withval" != "xno" && \
6472 test "x${withval}" != "xyes"; then
6389 LDFLAGS="$LDFLAGS $withval" 6473 LDFLAGS="$LDFLAGS $withval"
6390 fi 6474 fi
6391 6475
@@ -6396,7 +6480,8 @@ fi;
6396if test "${with_libs+set}" = set; then 6480if test "${with_libs+set}" = set; then
6397 withval="$with_libs" 6481 withval="$with_libs"
6398 6482
6399 if test "x$withval" != "xno" ; then 6483 if test -n "$withval" && test "x$withval" != "xno" && \
6484 test "x${withval}" != "xyes"; then
6400 LIBS="$LIBS $withval" 6485 LIBS="$LIBS $withval"
6401 fi 6486 fi
6402 6487
@@ -8171,12 +8256,11 @@ fi
8171# Check whether --with-zlib or --without-zlib was given. 8256# Check whether --with-zlib or --without-zlib was given.
8172if test "${with_zlib+set}" = set; then 8257if test "${with_zlib+set}" = set; then
8173 withval="$with_zlib" 8258 withval="$with_zlib"
8174 8259 if test "x$withval" = "xno" ; then
8175 if test "x$withval" = "xno" ; then 8260 { { echo "$as_me:$LINENO: error: *** zlib is required ***" >&5
8176 { { echo "$as_me:$LINENO: error: *** zlib is required ***" >&5
8177echo "$as_me: error: *** zlib is required ***" >&2;} 8261echo "$as_me: error: *** zlib is required ***" >&2;}
8178 { (exit 1); exit 1; }; } 8262 { (exit 1); exit 1; }; }
8179 fi 8263 elif test "x$withval" != "xyes"; then
8180 if test -d "$withval/lib"; then 8264 if test -d "$withval/lib"; then
8181 if test -n "${need_dash_r}"; then 8265 if test -n "${need_dash_r}"; then
8182 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 8266 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
@@ -8195,7 +8279,7 @@ echo "$as_me: error: *** zlib is required ***" >&2;}
8195 else 8279 else
8196 CPPFLAGS="-I${withval} ${CPPFLAGS}" 8280 CPPFLAGS="-I${withval} ${CPPFLAGS}"
8197 fi 8281 fi
8198 8282 fi
8199 8283
8200fi; 8284fi;
8201 8285
@@ -8506,8 +8590,8 @@ if test "${with_zlib_version_check+set}" = set; then
8506 8590
8507fi; 8591fi;
8508 8592
8509echo "$as_me:$LINENO: checking for zlib 1.1.4 or greater" >&5 8593echo "$as_me:$LINENO: checking for possibly buggy zlib" >&5
8510echo $ECHO_N "checking for zlib 1.1.4 or greater... $ECHO_C" >&6 8594echo $ECHO_N "checking for possibly buggy zlib... $ECHO_C" >&6
8511if test "$cross_compiling" = yes; then 8595if test "$cross_compiling" = yes; then
8512 { echo "$as_me:$LINENO: WARNING: cross compiling: not checking zlib version" >&5 8596 { echo "$as_me:$LINENO: WARNING: cross compiling: not checking zlib version" >&5
8513echo "$as_me: WARNING: cross compiling: not checking zlib version" >&2;} 8597echo "$as_me: WARNING: cross compiling: not checking zlib version" >&2;}
@@ -8520,15 +8604,25 @@ cat confdefs.h >>conftest.$ac_ext
8520cat >>conftest.$ac_ext <<_ACEOF 8604cat >>conftest.$ac_ext <<_ACEOF
8521/* end confdefs.h. */ 8605/* end confdefs.h. */
8522 8606
8607#include <stdio.h>
8523#include <zlib.h> 8608#include <zlib.h>
8524int main() 8609int main()
8525{ 8610{
8526 int a, b, c, v; 8611 int a=0, b=0, c=0, d=0, n, v;
8527 if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3) 8612 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
8613 if (n != 3 && n != 4)
8528 exit(1); 8614 exit(1);
8529 v = a*1000000 + b*1000 + c; 8615 v = a*1000000 + b*10000 + c*100 + d;
8530 if (v >= 1001004) 8616 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
8617
8618 /* 1.1.4 is OK */
8619 if (a == 1 && b == 1 && c >= 4)
8620 exit(0);
8621
8622 /* 1.2.1.2 and up are OK */
8623 if (v >= 1020102)
8531 exit(0); 8624 exit(0);
8625
8532 exit(2); 8626 exit(2);
8533} 8627}
8534 8628
@@ -8544,29 +8638,31 @@ if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
8544 ac_status=$? 8638 ac_status=$?
8545 echo "$as_me:$LINENO: \$? = $ac_status" >&5 8639 echo "$as_me:$LINENO: \$? = $ac_status" >&5
8546 (exit $ac_status); }; }; then 8640 (exit $ac_status); }; }; then
8547 echo "$as_me:$LINENO: result: yes" >&5 8641 echo "$as_me:$LINENO: result: no" >&5
8548echo "${ECHO_T}yes" >&6 8642echo "${ECHO_T}no" >&6
8549else 8643else
8550 echo "$as_me: program exited with status $ac_status" >&5 8644 echo "$as_me: program exited with status $ac_status" >&5
8551echo "$as_me: failed program was:" >&5 8645echo "$as_me: failed program was:" >&5
8552sed 's/^/| /' conftest.$ac_ext >&5 8646sed 's/^/| /' conftest.$ac_ext >&5
8553 8647
8554( exit $ac_status ) 8648( exit $ac_status )
8555 echo "$as_me:$LINENO: result: no" >&5 8649 echo "$as_me:$LINENO: result: yes" >&5
8556echo "${ECHO_T}no" >&6 8650echo "${ECHO_T}yes" >&6
8557 if test -z "$zlib_check_nonfatal" ; then 8651 if test -z "$zlib_check_nonfatal" ; then
8558 { { echo "$as_me:$LINENO: error: *** zlib too old - check config.log *** 8652 { { echo "$as_me:$LINENO: error: *** zlib too old - check config.log ***
8559Your reported zlib version has known security problems. It's possible your 8653Your reported zlib version has known security problems. It's possible your
8560vendor has fixed these problems without changing the version number. If you 8654vendor has fixed these problems without changing the version number. If you
8561are sure this is the case, you can disable the check by running 8655are sure this is the case, you can disable the check by running
8562\"./configure --without-zlib-version-check\". 8656\"./configure --without-zlib-version-check\".
8563If you are in doubt, upgrade zlib to version 1.1.4 or greater." >&5 8657If you are in doubt, upgrade zlib to version 1.2.1.2 or greater.
8658See http://www.gzip.org/zlib/ for details." >&5
8564echo "$as_me: error: *** zlib too old - check config.log *** 8659echo "$as_me: error: *** zlib too old - check config.log ***
8565Your reported zlib version has known security problems. It's possible your 8660Your reported zlib version has known security problems. It's possible your
8566vendor has fixed these problems without changing the version number. If you 8661vendor has fixed these problems without changing the version number. If you
8567are sure this is the case, you can disable the check by running 8662are sure this is the case, you can disable the check by running
8568\"./configure --without-zlib-version-check\". 8663\"./configure --without-zlib-version-check\".
8569If you are in doubt, upgrade zlib to version 1.1.4 or greater." >&2;} 8664If you are in doubt, upgrade zlib to version 1.2.1.2 or greater.
8665See http://www.gzip.org/zlib/ for details." >&2;}
8570 { (exit 1); exit 1; }; } 8666 { (exit 1); exit 1; }; }
8571 else 8667 else
8572 { echo "$as_me:$LINENO: WARNING: zlib version may have security problems" >&5 8668 { echo "$as_me:$LINENO: WARNING: zlib version may have security problems" >&5
@@ -9753,7 +9849,8 @@ if test "${with_tcp_wrappers+set}" = set; then
9753 saved_LIBS="$LIBS" 9849 saved_LIBS="$LIBS"
9754 saved_LDFLAGS="$LDFLAGS" 9850 saved_LDFLAGS="$LDFLAGS"
9755 saved_CPPFLAGS="$CPPFLAGS" 9851 saved_CPPFLAGS="$CPPFLAGS"
9756 if test -n "${withval}" -a "${withval}" != "yes"; then 9852 if test -n "${withval}" && \
9853 test "x${withval}" != "xyes"; then
9757 if test -d "${withval}/lib"; then 9854 if test -d "${withval}/lib"; then
9758 if test -n "${need_dash_r}"; then 9855 if test -n "${need_dash_r}"; then
9759 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 9856 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
@@ -9856,13 +9953,17 @@ LIBEDIT_MSG="no"
9856if test "${with_libedit+set}" = set; then 9953if test "${with_libedit+set}" = set; then
9857 withval="$with_libedit" 9954 withval="$with_libedit"
9858 if test "x$withval" != "xno" ; then 9955 if test "x$withval" != "xno" ; then
9956 if test "x$withval" != "xyes"; then
9957 CPPFLAGS="$CPPFLAGS -I$withval/include"
9958 LDFLAGS="$LDFLAGS -L$withval/lib"
9959 fi
9859 echo "$as_me:$LINENO: checking for el_init in -ledit" >&5 9960 echo "$as_me:$LINENO: checking for el_init in -ledit" >&5
9860echo $ECHO_N "checking for el_init in -ledit... $ECHO_C" >&6 9961echo $ECHO_N "checking for el_init in -ledit... $ECHO_C" >&6
9861if test "${ac_cv_lib_edit_el_init+set}" = set; then 9962if test "${ac_cv_lib_edit_el_init+set}" = set; then
9862 echo $ECHO_N "(cached) $ECHO_C" >&6 9963 echo $ECHO_N "(cached) $ECHO_C" >&6
9863else 9964else
9864 ac_check_lib_save_LIBS=$LIBS 9965 ac_check_lib_save_LIBS=$LIBS
9865LIBS="-ledit -lcurses 9966LIBS="-ledit -lcurses
9866 $LIBS" 9967 $LIBS"
9867cat >conftest.$ac_ext <<_ACEOF 9968cat >conftest.$ac_ext <<_ACEOF
9868/* confdefs.h. */ 9969/* confdefs.h. */
@@ -9931,6 +10032,10 @@ _ACEOF
9931 LIBEDIT_MSG="yes" 10032 LIBEDIT_MSG="yes"
9932 10033
9933 10034
10035else
10036 { { echo "$as_me:$LINENO: error: libedit not found" >&5
10037echo "$as_me: error: libedit not found" >&2;}
10038 { (exit 1); exit 1; }; }
9934fi 10039fi
9935 10040
9936 fi 10041 fi
@@ -12733,8 +12838,14 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
12733 ac_status=$? 12838 ac_status=$?
12734 echo "$as_me:$LINENO: \$? = $ac_status" >&5 12839 echo "$as_me:$LINENO: \$? = $ac_status" >&5
12735 (exit $ac_status); }; }; then 12840 (exit $ac_status); }; }; then
12736 echo "$as_me:$LINENO: result: yes" >&5 12841 echo "$as_me:$LINENO: result: yes" >&5
12737echo "${ECHO_T}yes" >&6 12842echo "${ECHO_T}yes" >&6
12843
12844cat >>confdefs.h <<\_ACEOF
12845#define HAVE_SO_PEERCRED
12846_ACEOF
12847
12848
12738else 12849else
12739 echo "$as_me: failed program was:" >&5 12850 echo "$as_me: failed program was:" >&5
12740sed 's/^/| /' conftest.$ac_ext >&5 12851sed 's/^/| /' conftest.$ac_ext >&5
@@ -12895,7 +13006,8 @@ rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftes
12895fi 13006fi
12896fi 13007fi
12897 13008
12898if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 13009if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
13010 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
12899 echo "$as_me:$LINENO: checking if getaddrinfo seems to work" >&5 13011 echo "$as_me:$LINENO: checking if getaddrinfo seems to work" >&5
12900echo $ECHO_N "checking if getaddrinfo seems to work... $ECHO_C" >&6 13012echo $ECHO_N "checking if getaddrinfo seems to work... $ECHO_C" >&6
12901 if test "$cross_compiling" = yes; then 13013 if test "$cross_compiling" = yes; then
@@ -13002,7 +13114,8 @@ rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftes
13002fi 13114fi
13003fi 13115fi
13004 13116
13005if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_aix_broken_getaddrinfo" = "x1"; then 13117if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
13118 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
13006 echo "$as_me:$LINENO: checking if getaddrinfo seems to work" >&5 13119 echo "$as_me:$LINENO: checking if getaddrinfo seems to work" >&5
13007echo $ECHO_N "checking if getaddrinfo seems to work... $ECHO_C" >&6 13120echo $ECHO_N "checking if getaddrinfo seems to work... $ECHO_C" >&6
13008 if test "$cross_compiling" = yes; then 13121 if test "$cross_compiling" = yes; then
@@ -14272,7 +14385,7 @@ echo "$as_me: WARNING: *** Forcing use of OpenSSL's non-self-seeding PRNG" >&2;}
14272fi; 14385fi;
14273 14386
14274# Which randomness source do we use? 14387# Which randomness source do we use?
14275if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then 14388if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
14276 # OpenSSL only 14389 # OpenSSL only
14277 cat >>confdefs.h <<\_ACEOF 14390 cat >>confdefs.h <<\_ACEOF
14278#define OPENSSL_PRNG_ONLY 1 14391#define OPENSSL_PRNG_ONLY 1
@@ -14393,7 +14506,8 @@ entropy_timeout=200
14393if test "${with_entropy_timeout+set}" = set; then 14506if test "${with_entropy_timeout+set}" = set; then
14394 withval="$with_entropy_timeout" 14507 withval="$with_entropy_timeout"
14395 14508
14396 if test "x$withval" != "xno" ; then 14509 if test -n "$withval" && test "x$withval" != "xno" && \
14510 test "x${withval}" != "xyes"; then
14397 entropy_timeout=$withval 14511 entropy_timeout=$withval
14398 fi 14512 fi
14399 14513
@@ -14410,7 +14524,8 @@ SSH_PRIVSEP_USER=sshd
14410if test "${with_privsep_user+set}" = set; then 14524if test "${with_privsep_user+set}" = set; then
14411 withval="$with_privsep_user" 14525 withval="$with_privsep_user"
14412 14526
14413 if test -n "$withval"; then 14527 if test -n "$withval" && test "x$withval" != "xno" && \
14528 test "x${withval}" != "xyes"; then
14414 SSH_PRIVSEP_USER=$withval 14529 SSH_PRIVSEP_USER=$withval
14415 fi 14530 fi
14416 14531
@@ -19152,9 +19267,9 @@ fi
19152 19267
19153 19268
19154# We need int64_t or else certian parts of the compile will fail. 19269# We need int64_t or else certian parts of the compile will fail.
19155if test "x$ac_cv_have_int64_t" = "xno" -a \ 19270if test "x$ac_cv_have_int64_t" = "xno" && \
19156 "x$ac_cv_sizeof_long_int" != "x8" -a \ 19271 test "x$ac_cv_sizeof_long_int" != "x8" && \
19157 "x$ac_cv_sizeof_long_long_int" = "x0" ; then 19272 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
19158 echo "OpenSSH requires int64_t support. Contact your vendor or install" 19273 echo "OpenSSH requires int64_t support. Contact your vendor or install"
19159 echo "an alternative compiler (I.E., GCC) before continuing." 19274 echo "an alternative compiler (I.E., GCC) before continuing."
19160 echo "" 19275 echo ""
@@ -21195,17 +21310,17 @@ _ACEOF
21195fi; 21310fi;
21196 21311
21197# Check whether user wants OpenSC support 21312# Check whether user wants OpenSC support
21313OPENSC_CONFIG="no"
21198 21314
21199# Check whether --with-opensc or --without-opensc was given. 21315# Check whether --with-opensc or --without-opensc was given.
21200if test "${with_opensc+set}" = set; then 21316if test "${with_opensc+set}" = set; then
21201 withval="$with_opensc" 21317 withval="$with_opensc"
21202 opensc_config_prefix="$withval" 21318
21203else 21319 if test "x$withval" != "xno" ; then
21204 opensc_config_prefix="" 21320 if test "x$withval" != "xyes" ; then
21205fi; 21321 OPENSC_CONFIG=$withval/bin/opensc-config
21206if test x$opensc_config_prefix != x ; then 21322 else
21207 OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config 21323 # Extract the first word of "opensc-config", so it can be a program name with args.
21208 # Extract the first word of "opensc-config", so it can be a program name with args.
21209set dummy opensc-config; ac_word=$2 21324set dummy opensc-config; ac_word=$2
21210echo "$as_me:$LINENO: checking for $ac_word" >&5 21325echo "$as_me:$LINENO: checking for $ac_word" >&5
21211echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 21326echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
@@ -21245,22 +21360,26 @@ else
21245echo "${ECHO_T}no" >&6 21360echo "${ECHO_T}no" >&6
21246fi 21361fi
21247 21362
21248 if test "$OPENSC_CONFIG" != "no"; then 21363 fi
21249 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags` 21364 if test "$OPENSC_CONFIG" != "no"; then
21250 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs` 21365 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
21251 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS" 21366 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
21252 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS" 21367 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
21253 cat >>confdefs.h <<\_ACEOF 21368 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
21369 cat >>confdefs.h <<\_ACEOF
21254#define SMARTCARD 1 21370#define SMARTCARD 1
21255_ACEOF 21371_ACEOF
21256 21372
21257 cat >>confdefs.h <<\_ACEOF 21373 cat >>confdefs.h <<\_ACEOF
21258#define USE_OPENSC 1 21374#define USE_OPENSC 1
21259_ACEOF 21375_ACEOF
21260 21376
21261 SCARD_MSG="yes, using OpenSC" 21377 SCARD_MSG="yes, using OpenSC"
21262 fi 21378 fi
21263fi 21379 fi
21380
21381
21382fi;
21264 21383
21265# Check libraries needed by DNS fingerprint support 21384# Check libraries needed by DNS fingerprint support
21266echo "$as_me:$LINENO: checking for library containing getrrsetbyname" >&5 21385echo "$as_me:$LINENO: checking for library containing getrrsetbyname" >&5
@@ -23659,7 +23778,8 @@ PRIVSEP_PATH=/var/empty
23659if test "${with_privsep_path+set}" = set; then 23778if test "${with_privsep_path+set}" = set; then
23660 withval="$with_privsep_path" 23779 withval="$with_privsep_path"
23661 23780
23662 if test "x$withval" != "$no" ; then 23781 if test -n "$withval" && test "x$withval" != "xno" && \
23782 test "x${withval}" != "xyes"; then
23663 PRIVSEP_PATH=$withval 23783 PRIVSEP_PATH=$withval
23664 fi 23784 fi
23665 23785
@@ -23672,7 +23792,8 @@ fi;
23672if test "${with_xauth+set}" = set; then 23792if test "${with_xauth+set}" = set; then
23673 withval="$with_xauth" 23793 withval="$with_xauth"
23674 23794
23675 if test "x$withval" != "xno" ; then 23795 if test -n "$withval" && test "x$withval" != "xno" && \
23796 test "x${withval}" != "xyes"; then
23676 xauth_path=$withval 23797 xauth_path=$withval
23677 fi 23798 fi
23678 23799
@@ -24095,8 +24216,8 @@ _ACEOF
24095 fi 24216 fi
24096fi 24217fi
24097 24218
24098if test $ac_cv_func_login_getcapbool = "yes" -a \ 24219if test $ac_cv_func_login_getcapbool = "yes" && \
24099 $ac_cv_header_login_cap_h = "yes" ; then 24220 test $ac_cv_header_login_cap_h = "yes" ; then
24100 external_path_file=/etc/login.conf 24221 external_path_file=/etc/login.conf
24101fi 24222fi
24102 24223
@@ -24240,7 +24361,8 @@ fi
24240if test "${with_superuser_path+set}" = set; then 24361if test "${with_superuser_path+set}" = set; then
24241 withval="$with_superuser_path" 24362 withval="$with_superuser_path"
24242 24363
24243 if test "x$withval" != "xno" ; then 24364 if test -n "$withval" && test "x$withval" != "xno" && \
24365 test "x${withval}" != "xyes"; then
24244 cat >>confdefs.h <<_ACEOF 24366 cat >>confdefs.h <<_ACEOF
24245#define SUPERUSER_PATH "$withval" 24367#define SUPERUSER_PATH "$withval"
24246_ACEOF 24368_ACEOF
@@ -24324,7 +24446,8 @@ fi
24324if test "${with_pid_dir+set}" = set; then 24446if test "${with_pid_dir+set}" = set; then
24325 withval="$with_pid_dir" 24447 withval="$with_pid_dir"
24326 24448
24327 if test "x$withval" != "xno" ; then 24449 if test -n "$withval" && test "x$withval" != "xno" && \
24450 test "x${withval}" != "xyes"; then
24328 piddir=$withval 24451 piddir=$withval
24329 if test ! -d $piddir ; then 24452 if test ! -d $piddir ; then
24330 { echo "$as_me:$LINENO: WARNING: ** no $piddir directory on this system **" >&5 24453 { echo "$as_me:$LINENO: WARNING: ** no $piddir directory on this system **" >&5
@@ -24455,7 +24578,7 @@ if test "${with_lastlog+set}" = set; then
24455#define DISABLE_LASTLOG 1 24578#define DISABLE_LASTLOG 1
24456_ACEOF 24579_ACEOF
24457 24580
24458 else 24581 elif test -n "$withval" && test "x${withval}" != "xyes"; then
24459 conf_lastlog_location=$withval 24582 conf_lastlog_location=$withval
24460 fi 24583 fi
24461 24584
@@ -25290,9 +25413,9 @@ exec 6>&1
25290exec 5>>config.log 25413exec 5>>config.log
25291{ 25414{
25292 echo 25415 echo
25293 sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<BOXI_EOF 25416 sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
25294## Running $as_me. ## 25417## Running $as_me. ##
25295BOXI_EOF 25418_ASBOX
25296} >&5 25419} >&5
25297cat >&5 <<_CSEOF 25420cat >&5 <<_CSEOF
25298 25421
diff --git a/configure.ac b/configure.ac
index e48028b7b..20c8f1587 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
1# $Id: configure.ac,v 1.250 2005/03/07 09:21:37 tim Exp $ 1# $Id: configure.ac,v 1.260 2005/04/24 07:52:23 dtucker Exp $
2# 2#
3# Copyright (c) 1999-2004 Damien Miller 3# Copyright (c) 1999-2004 Damien Miller
4# 4#
@@ -75,7 +75,7 @@ if test -z "$LD" ; then
75 LD=$CC 75 LD=$CC
76fi 76fi
77AC_SUBST(LD) 77AC_SUBST(LD)
78 78
79AC_C_INLINE 79AC_C_INLINE
80if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 80if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
81 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized" 81 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized"
@@ -84,7 +84,7 @@ fi
84AC_ARG_WITH(rpath, 84AC_ARG_WITH(rpath,
85 [ --without-rpath Disable auto-added -R linker paths], 85 [ --without-rpath Disable auto-added -R linker paths],
86 [ 86 [
87 if test "x$withval" = "xno" ; then 87 if test "x$withval" = "xno" ; then
88 need_dash_r="" 88 need_dash_r=""
89 fi 89 fi
90 if test "x$withval" = "xyes" ; then 90 if test "x$withval" = "xyes" ; then
@@ -123,7 +123,7 @@ case "$host" in
123 ]) 123 ])
124 dnl Check for various auth function declarations in headers. 124 dnl Check for various auth function declarations in headers.
125 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, 125 AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess,
126 passwdexpired], , , [#include <usersec.h>]) 126 passwdexpired, setauthdb], , , [#include <usersec.h>])
127 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) 127 dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2)
128 AC_CHECK_DECLS(loginfailed, 128 AC_CHECK_DECLS(loginfailed,
129 [AC_MSG_CHECKING(if loginfailed takes 4 arguments) 129 [AC_MSG_CHECKING(if loginfailed takes 4 arguments)
@@ -274,7 +274,7 @@ mips-sony-bsd|mips-sony-newsos4)
274 ;; 274 ;;
275*-*-netbsd*) 275*-*-netbsd*)
276 check_for_libcrypt_before=1 276 check_for_libcrypt_before=1
277 if test "x$withval" != "xno" ; then 277 if test "x$withval" != "xno" ; then
278 need_dash_r=1 278 need_dash_r=1
279 fi 279 fi
280 ;; 280 ;;
@@ -297,7 +297,7 @@ mips-sony-bsd|mips-sony-newsos4)
297 AC_DEFINE(BROKEN_SAVED_UIDS) 297 AC_DEFINE(BROKEN_SAVED_UIDS)
298 ;; 298 ;;
299*-*-solaris*) 299*-*-solaris*)
300 if test "x$withval" != "xno" ; then 300 if test "x$withval" != "xno" ; then
301 need_dash_r=1 301 need_dash_r=1
302 fi 302 fi
303 AC_DEFINE(PAM_SUN_CODEBASE) 303 AC_DEFINE(PAM_SUN_CODEBASE)
@@ -361,6 +361,7 @@ mips-sony-bsd|mips-sony-newsos4)
361 AC_DEFINE(SETEUID_BREAKS_SETUID) 361 AC_DEFINE(SETEUID_BREAKS_SETUID)
362 AC_DEFINE(BROKEN_SETREUID) 362 AC_DEFINE(BROKEN_SETREUID)
363 AC_DEFINE(BROKEN_SETREGID) 363 AC_DEFINE(BROKEN_SETREGID)
364 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
364 ;; 365 ;;
365# UnixWare 7.x, OpenUNIX 8 366# UnixWare 7.x, OpenUNIX 8
366*-*-sysv5*) 367*-*-sysv5*)
@@ -368,6 +369,7 @@ mips-sony-bsd|mips-sony-newsos4)
368 AC_DEFINE(SETEUID_BREAKS_SETUID) 369 AC_DEFINE(SETEUID_BREAKS_SETUID)
369 AC_DEFINE(BROKEN_SETREUID) 370 AC_DEFINE(BROKEN_SETREUID)
370 AC_DEFINE(BROKEN_SETREGID) 371 AC_DEFINE(BROKEN_SETREGID)
372 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
371 ;; 373 ;;
372*-*-sysv*) 374*-*-sysv*)
373 ;; 375 ;;
@@ -472,15 +474,17 @@ esac
472AC_ARG_WITH(cflags, 474AC_ARG_WITH(cflags,
473 [ --with-cflags Specify additional flags to pass to compiler], 475 [ --with-cflags Specify additional flags to pass to compiler],
474 [ 476 [
475 if test "x$withval" != "xno" ; then 477 if test -n "$withval" && test "x$withval" != "xno" && \
478 test "x${withval}" != "xyes"; then
476 CFLAGS="$CFLAGS $withval" 479 CFLAGS="$CFLAGS $withval"
477 fi 480 fi
478 ] 481 ]
479) 482)
480AC_ARG_WITH(cppflags, 483AC_ARG_WITH(cppflags,
481 [ --with-cppflags Specify additional flags to pass to preprocessor] , 484 [ --with-cppflags Specify additional flags to pass to preprocessor] ,
482 [ 485 [
483 if test "x$withval" != "xno"; then 486 if test -n "$withval" && test "x$withval" != "xno" && \
487 test "x${withval}" != "xyes"; then
484 CPPFLAGS="$CPPFLAGS $withval" 488 CPPFLAGS="$CPPFLAGS $withval"
485 fi 489 fi
486 ] 490 ]
@@ -488,18 +492,20 @@ AC_ARG_WITH(cppflags,
488AC_ARG_WITH(ldflags, 492AC_ARG_WITH(ldflags,
489 [ --with-ldflags Specify additional flags to pass to linker], 493 [ --with-ldflags Specify additional flags to pass to linker],
490 [ 494 [
491 if test "x$withval" != "xno" ; then 495 if test -n "$withval" && test "x$withval" != "xno" && \
496 test "x${withval}" != "xyes"; then
492 LDFLAGS="$LDFLAGS $withval" 497 LDFLAGS="$LDFLAGS $withval"
493 fi 498 fi
494 ] 499 ]
495) 500)
496AC_ARG_WITH(libs, 501AC_ARG_WITH(libs,
497 [ --with-libs Specify additional libraries to link with], 502 [ --with-libs Specify additional libraries to link with],
498 [ 503 [
499 if test "x$withval" != "xno" ; then 504 if test -n "$withval" && test "x$withval" != "xno" && \
505 test "x${withval}" != "xyes"; then
500 LIBS="$LIBS $withval" 506 LIBS="$LIBS $withval"
501 fi 507 fi
502 ] 508 ]
503) 509)
504 510
505AC_MSG_CHECKING(compiler and flags for sanity) 511AC_MSG_CHECKING(compiler and flags for sanity)
@@ -583,10 +589,9 @@ AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
583dnl zlib is required 589dnl zlib is required
584AC_ARG_WITH(zlib, 590AC_ARG_WITH(zlib,
585 [ --with-zlib=PATH Use zlib in PATH], 591 [ --with-zlib=PATH Use zlib in PATH],
586 [ 592 [ if test "x$withval" = "xno" ; then
587 if test "x$withval" = "xno" ; then 593 AC_MSG_ERROR([*** zlib is required ***])
588 AC_MSG_ERROR([*** zlib is required ***]) 594 elif test "x$withval" != "xyes"; then
589 fi
590 if test -d "$withval/lib"; then 595 if test -d "$withval/lib"; then
591 if test -n "${need_dash_r}"; then 596 if test -n "${need_dash_r}"; then
592 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 597 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
@@ -605,7 +610,7 @@ AC_ARG_WITH(zlib,
605 else 610 else
606 CPPFLAGS="-I${withval} ${CPPFLAGS}" 611 CPPFLAGS="-I${withval} ${CPPFLAGS}"
607 fi 612 fi
608 ] 613 fi ]
609) 614)
610 615
611AC_CHECK_LIB(z, deflate, , 616AC_CHECK_LIB(z, deflate, ,
@@ -638,29 +643,40 @@ AC_ARG_WITH(zlib-version-check,
638 ] 643 ]
639) 644)
640 645
641AC_MSG_CHECKING(for zlib 1.1.4 or greater) 646AC_MSG_CHECKING(for possibly buggy zlib)
642AC_RUN_IFELSE([AC_LANG_SOURCE([[ 647AC_RUN_IFELSE([AC_LANG_SOURCE([[
648#include <stdio.h>
643#include <zlib.h> 649#include <zlib.h>
644int main() 650int main()
645{ 651{
646 int a, b, c, v; 652 int a=0, b=0, c=0, d=0, n, v;
647 if (sscanf(ZLIB_VERSION, "%d.%d.%d", &a, &b, &c) != 3) 653 n = sscanf(ZLIB_VERSION, "%d.%d.%d.%d", &a, &b, &c, &d);
654 if (n != 3 && n != 4)
648 exit(1); 655 exit(1);
649 v = a*1000000 + b*1000 + c; 656 v = a*1000000 + b*10000 + c*100 + d;
650 if (v >= 1001004) 657 fprintf(stderr, "found zlib version %s (%d)\n", ZLIB_VERSION, v);
658
659 /* 1.1.4 is OK */
660 if (a == 1 && b == 1 && c >= 4)
651 exit(0); 661 exit(0);
662
663 /* 1.2.1.2 and up are OK */
664 if (v >= 1020102)
665 exit(0);
666
652 exit(2); 667 exit(2);
653} 668}
654 ]])], 669 ]])],
655 AC_MSG_RESULT(yes), 670 AC_MSG_RESULT(no),
656 [ AC_MSG_RESULT(no) 671 [ AC_MSG_RESULT(yes)
657 if test -z "$zlib_check_nonfatal" ; then 672 if test -z "$zlib_check_nonfatal" ; then
658 AC_MSG_ERROR([*** zlib too old - check config.log *** 673 AC_MSG_ERROR([*** zlib too old - check config.log ***
659Your reported zlib version has known security problems. It's possible your 674Your reported zlib version has known security problems. It's possible your
660vendor has fixed these problems without changing the version number. If you 675vendor has fixed these problems without changing the version number. If you
661are sure this is the case, you can disable the check by running 676are sure this is the case, you can disable the check by running
662"./configure --without-zlib-version-check". 677"./configure --without-zlib-version-check".
663If you are in doubt, upgrade zlib to version 1.1.4 or greater.]) 678If you are in doubt, upgrade zlib to version 1.2.1.2 or greater.
679See http://www.gzip.org/zlib/ for details.])
664 else 680 else
665 AC_MSG_WARN([zlib version may have security problems]) 681 AC_MSG_WARN([zlib version may have security problems])
666 fi 682 fi
@@ -730,7 +746,7 @@ int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));}
730 AC_MSG_RESULT(no) 746 AC_MSG_RESULT(no)
731 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME) 747 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
732 ], 748 ],
733 [ 749 [
734 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) 750 AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME])
735 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME) 751 AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME)
736 ] 752 ]
@@ -759,7 +775,7 @@ AC_ARG_WITH(skey,
759 AC_DEFINE(SKEY) 775 AC_DEFINE(SKEY)
760 LIBS="-lskey $LIBS" 776 LIBS="-lskey $LIBS"
761 SKEY_MSG="yes" 777 SKEY_MSG="yes"
762 778
763 AC_MSG_CHECKING([for s/key support]) 779 AC_MSG_CHECKING([for s/key support])
764 AC_TRY_RUN( 780 AC_TRY_RUN(
765 [ 781 [
@@ -794,7 +810,8 @@ AC_ARG_WITH(tcp-wrappers,
794 saved_LIBS="$LIBS" 810 saved_LIBS="$LIBS"
795 saved_LDFLAGS="$LDFLAGS" 811 saved_LDFLAGS="$LDFLAGS"
796 saved_CPPFLAGS="$CPPFLAGS" 812 saved_CPPFLAGS="$CPPFLAGS"
797 if test -n "${withval}" -a "${withval}" != "yes"; then 813 if test -n "${withval}" && \
814 test "x${withval}" != "xyes"; then
798 if test -d "${withval}/lib"; then 815 if test -d "${withval}/lib"; then
799 if test -n "${need_dash_r}"; then 816 if test -n "${need_dash_r}"; then
800 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" 817 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
@@ -846,13 +863,18 @@ LIBEDIT_MSG="no"
846AC_ARG_WITH(libedit, 863AC_ARG_WITH(libedit,
847 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 864 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
848 [ if test "x$withval" != "xno" ; then 865 [ if test "x$withval" != "xno" ; then
866 if test "x$withval" != "xyes"; then
867 CPPFLAGS="$CPPFLAGS -I$withval/include"
868 LDFLAGS="$LDFLAGS -L$withval/lib"
869 fi
849 AC_CHECK_LIB(edit, el_init, 870 AC_CHECK_LIB(edit, el_init,
850 [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp]) 871 [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp])
851 LIBEDIT="-ledit -lcurses" 872 LIBEDIT="-ledit -lcurses"
852 LIBEDIT_MSG="yes" 873 LIBEDIT_MSG="yes"
853 AC_SUBST(LIBEDIT) 874 AC_SUBST(LIBEDIT)
854 ], 875 ],
855 [], [-lcurses] 876 [ AC_MSG_ERROR(libedit not found) ],
877 [ -lcurses ]
856 ) 878 )
857 fi ] 879 fi ]
858) 880)
@@ -1011,7 +1033,9 @@ if test "x$ac_cv_func_getpeereid" != "xyes" ; then
1011 [#include <sys/types.h> 1033 [#include <sys/types.h>
1012 #include <sys/socket.h>], 1034 #include <sys/socket.h>],
1013 [int i = SO_PEERCRED;], 1035 [int i = SO_PEERCRED;],
1014 [AC_MSG_RESULT(yes)], 1036 [ AC_MSG_RESULT(yes)
1037 AC_DEFINE(HAVE_SO_PEERCRED, [], [Have PEERCRED socket option])
1038 ],
1015 [AC_MSG_RESULT(no) 1039 [AC_MSG_RESULT(no)
1016 NO_PEERCHECK=1] 1040 NO_PEERCHECK=1]
1017 ) 1041 )
@@ -1090,7 +1114,8 @@ main()
1090 ) 1114 )
1091fi 1115fi
1092 1116
1093if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_hpux_broken_getaddrinfo" = "x1"; then 1117if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1118 test "x$check_for_hpux_broken_getaddrinfo" = "x1"; then
1094 AC_MSG_CHECKING(if getaddrinfo seems to work) 1119 AC_MSG_CHECKING(if getaddrinfo seems to work)
1095 AC_TRY_RUN( 1120 AC_TRY_RUN(
1096 [ 1121 [
@@ -1158,7 +1183,8 @@ main(void)
1158 ) 1183 )
1159fi 1184fi
1160 1185
1161if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_aix_broken_getaddrinfo" = "x1"; then 1186if test "x$ac_cv_func_getaddrinfo" = "xyes" && \
1187 test "x$check_for_aix_broken_getaddrinfo" = "x1"; then
1162 AC_MSG_CHECKING(if getaddrinfo seems to work) 1188 AC_MSG_CHECKING(if getaddrinfo seems to work)
1163 AC_TRY_RUN( 1189 AC_TRY_RUN(
1164 [ 1190 [
@@ -1467,7 +1493,7 @@ int main(void) { exit(RAND_status() == 1 ? 0 : 1); }
1467 [ 1493 [
1468 AC_MSG_WARN([cross compiling: assuming yes]) 1494 AC_MSG_WARN([cross compiling: assuming yes])
1469 # This is safe, since all recent OpenSSL versions will 1495 # This is safe, since all recent OpenSSL versions will
1470 # complain at runtime if not seeded correctly. 1496 # complain at runtime if not seeded correctly.
1471 OPENSSL_SEEDS_ITSELF=yes 1497 OPENSSL_SEEDS_ITSELF=yes
1472 ] 1498 ]
1473) 1499)
@@ -1489,10 +1515,10 @@ AC_ARG_WITH(rand-helper,
1489 USE_RAND_HELPER=yes 1515 USE_RAND_HELPER=yes
1490 fi 1516 fi
1491 ], 1517 ],
1492) 1518)
1493 1519
1494# Which randomness source do we use? 1520# Which randomness source do we use?
1495if test ! -z "$OPENSSL_SEEDS_ITSELF" -a -z "$USE_RAND_HELPER" ; then 1521if test ! -z "$OPENSSL_SEEDS_ITSELF" && test -z "$USE_RAND_HELPER" ; then
1496 # OpenSSL only 1522 # OpenSSL only
1497 AC_DEFINE(OPENSSL_PRNG_ONLY) 1523 AC_DEFINE(OPENSSL_PRNG_ONLY)
1498 RAND_MSG="OpenSSL internal ONLY" 1524 RAND_MSG="OpenSSL internal ONLY"
@@ -1582,10 +1608,11 @@ entropy_timeout=200
1582AC_ARG_WITH(entropy-timeout, 1608AC_ARG_WITH(entropy-timeout,
1583 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)], 1609 [ --with-entropy-timeout Specify entropy gathering command timeout (msec)],
1584 [ 1610 [
1585 if test "x$withval" != "xno" ; then 1611 if test -n "$withval" && test "x$withval" != "xno" && \
1612 test "x${withval}" != "xyes"; then
1586 entropy_timeout=$withval 1613 entropy_timeout=$withval
1587 fi 1614 fi
1588 ] 1615 ]
1589) 1616)
1590AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout) 1617AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
1591 1618
@@ -1593,10 +1620,11 @@ SSH_PRIVSEP_USER=sshd
1593AC_ARG_WITH(privsep-user, 1620AC_ARG_WITH(privsep-user,
1594 [ --with-privsep-user=user Specify non-privileged user for privilege separation], 1621 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
1595 [ 1622 [
1596 if test -n "$withval"; then 1623 if test -n "$withval" && test "x$withval" != "xno" && \
1624 test "x${withval}" != "xyes"; then
1597 SSH_PRIVSEP_USER=$withval 1625 SSH_PRIVSEP_USER=$withval
1598 fi 1626 fi
1599 ] 1627 ]
1600) 1628)
1601AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER") 1629AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
1602AC_SUBST(SSH_PRIVSEP_USER) 1630AC_SUBST(SSH_PRIVSEP_USER)
@@ -2030,9 +2058,9 @@ fi
2030AC_CHECK_TYPES(struct timespec) 2058AC_CHECK_TYPES(struct timespec)
2031 2059
2032# We need int64_t or else certian parts of the compile will fail. 2060# We need int64_t or else certian parts of the compile will fail.
2033if test "x$ac_cv_have_int64_t" = "xno" -a \ 2061if test "x$ac_cv_have_int64_t" = "xno" && \
2034 "x$ac_cv_sizeof_long_int" != "x8" -a \ 2062 test "x$ac_cv_sizeof_long_int" != "x8" && \
2035 "x$ac_cv_sizeof_long_long_int" = "x0" ; then 2063 test "x$ac_cv_sizeof_long_long_int" = "x0" ; then
2036 echo "OpenSSH requires int64_t support. Contact your vendor or install" 2064 echo "OpenSSH requires int64_t support. Contact your vendor or install"
2037 echo "an alternative compiler (I.E., GCC) before continuing." 2065 echo "an alternative compiler (I.E., GCC) before continuing."
2038 echo "" 2066 echo ""
@@ -2324,23 +2352,28 @@ AC_ARG_WITH(sectok,
2324) 2352)
2325 2353
2326# Check whether user wants OpenSC support 2354# Check whether user wants OpenSC support
2355OPENSC_CONFIG="no"
2327AC_ARG_WITH(opensc, 2356AC_ARG_WITH(opensc,
2328 AC_HELP_STRING([--with-opensc=PFX], 2357 [--with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)],
2329 [Enable smartcard support using OpenSC]), 2358 [
2330 opensc_config_prefix="$withval", opensc_config_prefix="") 2359 if test "x$withval" != "xno" ; then
2331if test x$opensc_config_prefix != x ; then 2360 if test "x$withval" != "xyes" ; then
2332 OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config 2361 OPENSC_CONFIG=$withval/bin/opensc-config
2333 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no) 2362 else
2334 if test "$OPENSC_CONFIG" != "no"; then 2363 AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no)
2335 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags` 2364 fi
2336 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs` 2365 if test "$OPENSC_CONFIG" != "no"; then
2337 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS" 2366 LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags`
2338 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS" 2367 LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs`
2339 AC_DEFINE(SMARTCARD) 2368 CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS"
2340 AC_DEFINE(USE_OPENSC) 2369 LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS"
2341 SCARD_MSG="yes, using OpenSC" 2370 AC_DEFINE(SMARTCARD)
2342 fi 2371 AC_DEFINE(USE_OPENSC)
2343fi 2372 SCARD_MSG="yes, using OpenSC"
2373 fi
2374 fi
2375 ]
2376)
2344 2377
2345# Check libraries needed by DNS fingerprint support 2378# Check libraries needed by DNS fingerprint support
2346AC_SEARCH_LIBS(getrrsetbyname, resolv, 2379AC_SEARCH_LIBS(getrrsetbyname, resolv,
@@ -2423,7 +2456,7 @@ AC_ARG_WITH(kerberos5,
2423 AC_DEFINE(HEIMDAL) 2456 AC_DEFINE(HEIMDAL)
2424 K5LIBS="-lkrb5 -ldes" 2457 K5LIBS="-lkrb5 -ldes"
2425 K5LIBS="$K5LIBS -lcom_err -lasn1" 2458 K5LIBS="$K5LIBS -lcom_err -lasn1"
2426 AC_CHECK_LIB(roken, net_write, 2459 AC_CHECK_LIB(roken, net_write,
2427 [K5LIBS="$K5LIBS -lroken"]) 2460 [K5LIBS="$K5LIBS -lroken"])
2428 ], 2461 ],
2429 [ AC_MSG_RESULT(no) 2462 [ AC_MSG_RESULT(no)
@@ -2442,7 +2475,7 @@ AC_ARG_WITH(kerberos5,
2442 $K5LIBS) 2475 $K5LIBS)
2443 ], 2476 ],
2444 $K5LIBS) 2477 $K5LIBS)
2445 2478
2446 AC_CHECK_HEADER(gssapi.h, , 2479 AC_CHECK_HEADER(gssapi.h, ,
2447 [ unset ac_cv_header_gssapi_h 2480 [ unset ac_cv_header_gssapi_h
2448 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" 2481 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
@@ -2482,7 +2515,8 @@ PRIVSEP_PATH=/var/empty
2482AC_ARG_WITH(privsep-path, 2515AC_ARG_WITH(privsep-path,
2483 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)], 2516 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
2484 [ 2517 [
2485 if test "x$withval" != "$no" ; then 2518 if test -n "$withval" && test "x$withval" != "xno" && \
2519 test "x${withval}" != "xyes"; then
2486 PRIVSEP_PATH=$withval 2520 PRIVSEP_PATH=$withval
2487 fi 2521 fi
2488 ] 2522 ]
@@ -2492,7 +2526,8 @@ AC_SUBST(PRIVSEP_PATH)
2492AC_ARG_WITH(xauth, 2526AC_ARG_WITH(xauth,
2493 [ --with-xauth=PATH Specify path to xauth program ], 2527 [ --with-xauth=PATH Specify path to xauth program ],
2494 [ 2528 [
2495 if test "x$withval" != "xno" ; then 2529 if test -n "$withval" && test "x$withval" != "xno" && \
2530 test "x${withval}" != "xyes"; then
2496 xauth_path=$withval 2531 xauth_path=$withval
2497 fi 2532 fi
2498 ], 2533 ],
@@ -2610,7 +2645,7 @@ AC_ARG_WITH(md5-passwords,
2610AC_ARG_WITH(shadow, 2645AC_ARG_WITH(shadow,
2611 [ --without-shadow Disable shadow password support], 2646 [ --without-shadow Disable shadow password support],
2612 [ 2647 [
2613 if test "x$withval" = "xno" ; then 2648 if test "x$withval" = "xno" ; then
2614 AC_DEFINE(DISABLE_SHADOW) 2649 AC_DEFINE(DISABLE_SHADOW)
2615 disable_shadow=yes 2650 disable_shadow=yes
2616 fi 2651 fi
@@ -2645,7 +2680,7 @@ else
2645 AC_ARG_WITH(ipaddr-display, 2680 AC_ARG_WITH(ipaddr-display,
2646 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY], 2681 [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY],
2647 [ 2682 [
2648 if test "x$withval" != "xno" ; then 2683 if test "x$withval" != "xno" ; then
2649 AC_DEFINE(IPADDR_IN_DISPLAY) 2684 AC_DEFINE(IPADDR_IN_DISPLAY)
2650 DISPLAY_HACK_MSG="yes" 2685 DISPLAY_HACK_MSG="yes"
2651 fi 2686 fi
@@ -2677,8 +2712,8 @@ if test "x$etc_default_login" != "xno"; then
2677fi 2712fi
2678 2713
2679dnl BSD systems use /etc/login.conf so --with-default-path= has no effect 2714dnl BSD systems use /etc/login.conf so --with-default-path= has no effect
2680if test $ac_cv_func_login_getcapbool = "yes" -a \ 2715if test $ac_cv_func_login_getcapbool = "yes" && \
2681 $ac_cv_header_login_cap_h = "yes" ; then 2716 test $ac_cv_header_login_cap_h = "yes" ; then
2682 external_path_file=/etc/login.conf 2717 external_path_file=/etc/login.conf
2683fi 2718fi
2684 2719
@@ -2691,7 +2726,7 @@ AC_ARG_WITH(default-path,
2691 AC_MSG_WARN([ 2726 AC_MSG_WARN([
2692--with-default-path=PATH has no effect on this system. 2727--with-default-path=PATH has no effect on this system.
2693Edit /etc/login.conf instead.]) 2728Edit /etc/login.conf instead.])
2694 elif test "x$withval" != "xno" ; then 2729 elif test "x$withval" != "xno" ; then
2695 if test ! -z "$external_path_file" ; then 2730 if test ! -z "$external_path_file" ; then
2696 AC_MSG_WARN([ 2731 AC_MSG_WARN([
2697--with-default-path=PATH will only be used if PATH is not defined in 2732--with-default-path=PATH will only be used if PATH is not defined in
@@ -2732,11 +2767,11 @@ main()
2732{ 2767{
2733 FILE *fd; 2768 FILE *fd;
2734 int rc; 2769 int rc;
2735 2770
2736 fd = fopen(DATA,"w"); 2771 fd = fopen(DATA,"w");
2737 if(fd == NULL) 2772 if(fd == NULL)
2738 exit(1); 2773 exit(1);
2739 2774
2740 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0) 2775 if ((rc = fprintf(fd,"%s", _PATH_STDPATH)) < 0)
2741 exit(1); 2776 exit(1);
2742 2777
@@ -2773,7 +2808,8 @@ fi
2773AC_ARG_WITH(superuser-path, 2808AC_ARG_WITH(superuser-path,
2774 [ --with-superuser-path= Specify different path for super-user], 2809 [ --with-superuser-path= Specify different path for super-user],
2775 [ 2810 [
2776 if test "x$withval" != "xno" ; then 2811 if test -n "$withval" && test "x$withval" != "xno" && \
2812 test "x${withval}" != "xyes"; then
2777 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval") 2813 AC_DEFINE_UNQUOTED(SUPERUSER_PATH, "$withval")
2778 superuser_path=$withval 2814 superuser_path=$withval
2779 fi 2815 fi
@@ -2809,7 +2845,7 @@ BSD_AUTH_MSG=no
2809AC_ARG_WITH(bsd-auth, 2845AC_ARG_WITH(bsd-auth,
2810 [ --with-bsd-auth Enable BSD auth support], 2846 [ --with-bsd-auth Enable BSD auth support],
2811 [ 2847 [
2812 if test "x$withval" != "xno" ; then 2848 if test "x$withval" != "xno" ; then
2813 AC_DEFINE(BSD_AUTH) 2849 AC_DEFINE(BSD_AUTH)
2814 BSD_AUTH_MSG=yes 2850 BSD_AUTH_MSG=yes
2815 fi 2851 fi
@@ -2819,7 +2855,7 @@ AC_ARG_WITH(bsd-auth,
2819# Where to place sshd.pid 2855# Where to place sshd.pid
2820piddir=/var/run 2856piddir=/var/run
2821# make sure the directory exists 2857# make sure the directory exists
2822if test ! -d $piddir ; then 2858if test ! -d $piddir ; then
2823 piddir=`eval echo ${sysconfdir}` 2859 piddir=`eval echo ${sysconfdir}`
2824 case $piddir in 2860 case $piddir in
2825 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; 2861 NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
@@ -2829,9 +2865,10 @@ fi
2829AC_ARG_WITH(pid-dir, 2865AC_ARG_WITH(pid-dir,
2830 [ --with-pid-dir=PATH Specify location of ssh.pid file], 2866 [ --with-pid-dir=PATH Specify location of ssh.pid file],
2831 [ 2867 [
2832 if test "x$withval" != "xno" ; then 2868 if test -n "$withval" && test "x$withval" != "xno" && \
2869 test "x${withval}" != "xyes"; then
2833 piddir=$withval 2870 piddir=$withval
2834 if test ! -d $piddir ; then 2871 if test ! -d $piddir ; then
2835 AC_MSG_WARN([** no $piddir directory on this system **]) 2872 AC_MSG_WARN([** no $piddir directory on this system **])
2836 fi 2873 fi
2837 fi 2874 fi
@@ -2909,9 +2946,9 @@ AC_ARG_ENABLE(pututxline,
2909AC_ARG_WITH(lastlog, 2946AC_ARG_WITH(lastlog,
2910 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]], 2947 [ --with-lastlog=FILE|DIR specify lastlog location [common locations]],
2911 [ 2948 [
2912 if test "x$withval" = "xno" ; then 2949 if test "x$withval" = "xno" ; then
2913 AC_DEFINE(DISABLE_LASTLOG) 2950 AC_DEFINE(DISABLE_LASTLOG)
2914 else 2951 elif test -n "$withval" && test "x${withval}" != "xyes"; then
2915 conf_lastlog_location=$withval 2952 conf_lastlog_location=$withval
2916 fi 2953 fi
2917 ] 2954 ]
@@ -2978,7 +3015,7 @@ fi
2978 3015
2979if test -n "$conf_lastlog_location"; then 3016if test -n "$conf_lastlog_location"; then
2980 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location") 3017 AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location")
2981fi 3018fi
2982 3019
2983dnl utmp detection 3020dnl utmp detection
2984AC_MSG_CHECKING([if your system defines UTMP_FILE]) 3021AC_MSG_CHECKING([if your system defines UTMP_FILE])
@@ -3008,7 +3045,7 @@ if test -z "$conf_utmp_location"; then
3008fi 3045fi
3009if test -n "$conf_utmp_location"; then 3046if test -n "$conf_utmp_location"; then
3010 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location") 3047 AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location")
3011fi 3048fi
3012 3049
3013dnl wtmp detection 3050dnl wtmp detection
3014AC_MSG_CHECKING([if your system defines WTMP_FILE]) 3051AC_MSG_CHECKING([if your system defines WTMP_FILE])
@@ -3038,7 +3075,7 @@ if test -z "$conf_wtmp_location"; then
3038fi 3075fi
3039if test -n "$conf_wtmp_location"; then 3076if test -n "$conf_wtmp_location"; then
3040 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location") 3077 AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location")
3041fi 3078fi
3042 3079
3043 3080
3044dnl utmpx detection - I don't know any system so perverse as to require 3081dnl utmpx detection - I don't know any system so perverse as to require
@@ -3066,7 +3103,7 @@ if test -z "$conf_utmpx_location"; then
3066 fi 3103 fi
3067else 3104else
3068 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location") 3105 AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location")
3069fi 3106fi
3070 3107
3071dnl wtmpx detection 3108dnl wtmpx detection
3072AC_MSG_CHECKING([if your system defines WTMPX_FILE]) 3109AC_MSG_CHECKING([if your system defines WTMPX_FILE])
@@ -3091,7 +3128,7 @@ if test -z "$conf_wtmpx_location"; then
3091 fi 3128 fi
3092else 3129else
3093 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location") 3130 AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location")
3094fi 3131fi
3095 3132
3096 3133
3097if test ! -z "$blibpath" ; then 3134if test ! -z "$blibpath" ; then
diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh
index 4a5c32b0e..09b9c118c 100755
--- a/contrib/aix/buildbff.sh
+++ b/contrib/aix/buildbff.sh
@@ -1,7 +1,7 @@
1#!/bin/sh 1#!/bin/sh
2# 2#
3# buildbff.sh: Create AIX SMIT-installable OpenSSH packages 3# buildbff.sh: Create AIX SMIT-installable OpenSSH packages
4# $Id: buildbff.sh,v 1.7 2003/11/21 12:48:56 djm Exp $ 4# $Id: buildbff.sh,v 1.8 2005/03/29 13:24:12 dtucker Exp $
5# 5#
6# Author: Darren Tucker (dtucker at zip dot com dot au) 6# Author: Darren Tucker (dtucker at zip dot com dot au)
7# This file is placed in the public domain and comes with absolutely 7# This file is placed in the public domain and comes with absolutely
@@ -219,7 +219,7 @@ else
219 fi 219 fi
220 220
221 # Create user if required 221 # Create user if required
222 if lsuser ALL | cut -f1 -d: | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null 222 if lsuser "$SSH_PRIVSEP_USER" >/dev/null
223 then 223 then
224 echo "PrivSep user $SSH_PRIVSEP_USER already exists." 224 echo "PrivSep user $SSH_PRIVSEP_USER already exists."
225 else 225 else
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec
index 67d8e6ff4..355663ed4 100644
--- a/contrib/caldera/openssh.spec
+++ b/contrib/caldera/openssh.spec
@@ -17,12 +17,12 @@
17#old cvs stuff. please update before use. may be deprecated. 17#old cvs stuff. please update before use. may be deprecated.
18%define use_stable 1 18%define use_stable 1
19%if %{use_stable} 19%if %{use_stable}
20 %define version 4.0p1 20 %define version 4.1p1
21 %define cvs %{nil} 21 %define cvs %{nil}
22 %define release 1 22 %define release 1
23%else 23%else
24 %define version 3.9p1 24 %define version 4.1p1
25 %define cvs cvs20011009 25 %define cvs cvs20050315
26 %define release 0r1 26 %define release 0r1
27%endif 27%endif
28%define xsa x11-ssh-askpass 28%define xsa x11-ssh-askpass
@@ -297,12 +297,7 @@ fi
297 297
298%PreUn server 298%PreUn server
299[ "$1" = 0 ] || exit 0 299[ "$1" = 0 ] || exit 0
300
301! %{SVIdir}/sshd status || %{SVIdir}/sshd stop 300! %{SVIdir}/sshd status || %{SVIdir}/sshd stop
302: # to protect the rpm database
303
304
305%PostUn server
306if [ -x %{LSBinit}-remove ]; then 301if [ -x %{LSBinit}-remove ]; then
307 %{LSBinit}-remove sshd 302 %{LSBinit}-remove sshd
308else 303else
@@ -310,7 +305,6 @@ else
310fi 305fi
311: # to protect the rpm database 306: # to protect the rpm database
312 307
313
314%Files 308%Files
315%defattr(-,root,root) 309%defattr(-,root,root)
316%dir %{_sysconfdir} 310%dir %{_sysconfdir}
@@ -363,4 +357,4 @@ fi
363* Mon Jan 01 1998 ... 357* Mon Jan 01 1998 ...
364Template Version: 1.31 358Template Version: 1.31
365 359
366$Id: openssh.spec,v 1.52 2005/03/09 00:02:42 djm Exp $ 360$Id: openssh.spec,v 1.54 2005/05/25 04:43:48 djm Exp $
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config
index c7164f610..fbfb5c195 100644
--- a/contrib/cygwin/ssh-host-config
+++ b/contrib/cygwin/ssh-host-config
@@ -449,12 +449,10 @@ then
449 echo "Should this script create a new local account 'sshd_server' which has" 449 echo "Should this script create a new local account 'sshd_server' which has"
450 if request "the required privileges?" 450 if request "the required privileges?"
451 then 451 then
452 _admingroup=`awk -F: '{if ( $1 != "root" && $2 == "S-1-5-32-544" ) print $1;}' ${SYSCONFDIR}/group` 452 _admingroup=`mkgroup -l | awk -F: '{if ( $2 == "S-1-5-32-544" ) print $1;}' `
453 if [ -z "${_admingroup}" ] 453 if [ -z "${_admingroup}" ]
454 then 454 then
455 echo "There's no group with SID S-1-5-32-544 (Local administrators group) in" 455 echo "mkgroup -l produces no group with SID S-1-5-32-544 (Local administrators group)."
456 echo "your ${SYSCONFDIR}/group file. Please regenerate this entry using 'mkgroup -l'"
457 echo "and restart this script."
458 exit 1 456 exit 1
459 fi 457 fi
460 dos_var_empty=`cygpath -w ${LOCALSTATEDIR}/empty` 458 dos_var_empty=`cygpath -w ${LOCALSTATEDIR}/empty`
@@ -585,6 +583,16 @@ then
585 chown "${_user}".544 ${LOCALSTATEDIR}/log/sshd.log 583 chown "${_user}".544 ${LOCALSTATEDIR}/log/sshd.log
586 fi 584 fi
587 fi 585 fi
586 if ! ( mount | egrep -q 'on /(|usr/(bin|lib)) type system' )
587 then
588 echo
589 echo "Warning: It appears that you have user mode mounts (\"Just me\""
590 echo "chosen during install.) Any daemons installed as services will"
591 echo "fail to function unless system mounts are used. To change this,"
592 echo "re-run setup.exe and choose \"All users\"."
593 echo
594 echo "For more information, see http://cygwin.com/faq/faq0.html#TOC33"
595 fi
588 fi 596 fi
589fi 597fi
590 598
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index 8fbc4c02a..430c4d323 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
1%define ver 4.0p1 1%define ver 4.1p1
2%define rel 1 2%define rel 1
3 3
4# OpenSSH privilege separation requires a user & group ID 4# OpenSSH privilege separation requires a user & group ID
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index 449613db6..a574d3f2f 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -1,6 +1,6 @@
1Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation 1Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
2Name: openssh 2Name: openssh
3Version: 4.0p1 3Version: 4.1p1
4URL: http://www.openssh.com/ 4URL: http://www.openssh.com/
5Release: 1 5Release: 1
6Source0: openssh-%{version}.tar.gz 6Source0: openssh-%{version}.tar.gz
diff --git a/hostfile.c b/hostfile.c
index 2e1c8bcd0..bf2a31c9b 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -36,7 +36,7 @@
36 */ 36 */
37 37
38#include "includes.h" 38#include "includes.h"
39RCSID("$OpenBSD: hostfile.c,v 1.33 2005/03/01 10:40:26 djm Exp $"); 39RCSID("$OpenBSD: hostfile.c,v 1.34 2005/03/10 22:01:05 deraadt Exp $");
40 40
41#include <resolv.h> 41#include <resolv.h>
42#include <openssl/hmac.h> 42#include <openssl/hmac.h>
@@ -92,7 +92,7 @@ extract_salt(const char *s, u_int l, char *salt, size_t salt_len)
92 salt_len, ret); 92 salt_len, ret);
93 return (-1); 93 return (-1);
94 } 94 }
95 95
96 return (0); 96 return (0);
97} 97}
98 98
@@ -123,7 +123,7 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len)
123 HMAC_Final(&mac_ctx, result, NULL); 123 HMAC_Final(&mac_ctx, result, NULL);
124 HMAC_cleanup(&mac_ctx); 124 HMAC_cleanup(&mac_ctx);
125 125
126 if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 || 126 if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 ||
127 __b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1) 127 __b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1)
128 fatal("host_hash: __b64_ntop failed"); 128 fatal("host_hash: __b64_ntop failed");
129 129
@@ -310,7 +310,7 @@ lookup_key_in_hostfile_by_type(const char *filename, const char *host,
310 */ 310 */
311 311
312int 312int
313add_host_to_hostfile(const char *filename, const char *host, const Key *key, 313add_host_to_hostfile(const char *filename, const char *host, const Key *key,
314 int store_hash) 314 int store_hash)
315{ 315{
316 FILE *f; 316 FILE *f;
diff --git a/log.c b/log.c
index e55a54f16..96ab24b04 100644
--- a/log.c
+++ b/log.c
@@ -196,6 +196,7 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr)
196#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) 196#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT)
197 struct syslog_data sdata = SYSLOG_DATA_INIT; 197 struct syslog_data sdata = SYSLOG_DATA_INIT;
198#endif 198#endif
199
199 argv0 = av0; 200 argv0 = av0;
200 201
201 switch (level) { 202 switch (level) {
diff --git a/misc.c b/misc.c
index 2e366f81b..7adbcea1c 100644
--- a/misc.c
+++ b/misc.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: misc.c,v 1.28 2005/03/01 10:09:52 djm Exp $"); 26RCSID("$OpenBSD: misc.c,v 1.29 2005/03/10 22:01:05 deraadt Exp $");
27 27
28#include "misc.h" 28#include "misc.h"
29#include "log.h" 29#include "log.h"
@@ -303,13 +303,13 @@ hpdelim(char **cp)
303 case '\0': 303 case '\0':
304 *cp = NULL; /* no more fields*/ 304 *cp = NULL; /* no more fields*/
305 break; 305 break;
306 306
307 case ':': 307 case ':':
308 case '/': 308 case '/':
309 *s = '\0'; /* terminate */ 309 *s = '\0'; /* terminate */
310 *cp = s + 1; 310 *cp = s + 1;
311 break; 311 break;
312 312
313 default: 313 default:
314 return NULL; 314 return NULL;
315 } 315 }
@@ -391,7 +391,7 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
391 debug("%s: %s line %lu exceeds size limit", __func__, 391 debug("%s: %s line %lu exceeds size limit", __func__,
392 filename, *lineno); 392 filename, *lineno);
393 /* discard remainder of line */ 393 /* discard remainder of line */
394 while(fgetc(f) != '\n' && !feof(f)) 394 while (fgetc(f) != '\n' && !feof(f))
395 ; /* nothing */ 395 ; /* nothing */
396 } 396 }
397 } 397 }
diff --git a/monitor.c b/monitor.c
index 301e150b3..9dca9c803 100644
--- a/monitor.c
+++ b/monitor.c
@@ -25,7 +25,7 @@
25 */ 25 */
26 26
27#include "includes.h" 27#include "includes.h"
28RCSID("$OpenBSD: monitor.c,v 1.62 2005/01/30 11:18:08 dtucker Exp $"); 28RCSID("$OpenBSD: monitor.c,v 1.63 2005/03/10 22:01:05 deraadt Exp $");
29 29
30#include <openssl/dh.h> 30#include <openssl/dh.h>
31 31
@@ -310,6 +310,8 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
310 authctxt = _authctxt; 310 authctxt = _authctxt;
311 memset(authctxt, 0, sizeof(*authctxt)); 311 memset(authctxt, 0, sizeof(*authctxt));
312 312
313 authctxt->loginmsg = &loginmsg;
314
313 if (compat20) { 315 if (compat20) {
314 mon_dispatch = mon_dispatch_proto20; 316 mon_dispatch = mon_dispatch_proto20;
315 317
@@ -976,7 +978,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
976 debug3("%s: key_from_blob: %p", __func__, key); 978 debug3("%s: key_from_blob: %p", __func__, key);
977 979
978 if (key != NULL && authctxt->valid) { 980 if (key != NULL && authctxt->valid) {
979 switch(type) { 981 switch (type) {
980 case MM_USERKEY: 982 case MM_USERKEY:
981 allowed = options.pubkey_authentication && 983 allowed = options.pubkey_authentication &&
982 user_key_allowed(authctxt->pw, key); 984 user_key_allowed(authctxt->pw, key);
@@ -1523,7 +1525,6 @@ mm_answer_audit_event(int socket, Buffer *m)
1523 debug3("%s entering", __func__); 1525 debug3("%s entering", __func__);
1524 1526
1525 event = buffer_get_int(m); 1527 event = buffer_get_int(m);
1526 buffer_free(m);
1527 switch(event) { 1528 switch(event) {
1528 case SSH_AUTH_FAIL_PUBKEY: 1529 case SSH_AUTH_FAIL_PUBKEY:
1529 case SSH_AUTH_FAIL_HOSTBASED: 1530 case SSH_AUTH_FAIL_HOSTBASED:
@@ -1552,7 +1553,6 @@ mm_answer_audit_command(int socket, Buffer *m)
1552 /* sanity check command, if so how? */ 1553 /* sanity check command, if so how? */
1553 audit_run_command(cmd); 1554 audit_run_command(cmd);
1554 xfree(cmd); 1555 xfree(cmd);
1555 buffer_free(m);
1556 return (0); 1556 return (0);
1557} 1557}
1558#endif /* SSH_AUDIT_EVENTS */ 1558#endif /* SSH_AUDIT_EVENTS */
diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c
index f53abb6e2..ff394ec17 100644
--- a/openbsd-compat/bsd-cygwin_util.c
+++ b/openbsd-compat/bsd-cygwin_util.c
@@ -29,7 +29,7 @@
29 29
30#include "includes.h" 30#include "includes.h"
31 31
32RCSID("$Id: bsd-cygwin_util.c,v 1.13 2004/08/30 10:42:08 dtucker Exp $"); 32RCSID("$Id: bsd-cygwin_util.c,v 1.13.4.1 2005/05/25 09:42:40 dtucker Exp $");
33 33
34#ifdef HAVE_CYGWIN 34#ifdef HAVE_CYGWIN
35 35
@@ -247,6 +247,7 @@ static struct wenv {
247 { NL("COMMONPROGRAMFILES=") }, 247 { NL("COMMONPROGRAMFILES=") },
248 { NL("COMPUTERNAME=") }, 248 { NL("COMPUTERNAME=") },
249 { NL("COMSPEC=") }, 249 { NL("COMSPEC=") },
250 { NL("CYGWIN=") },
250 { NL("NUMBER_OF_PROCESSORS=") }, 251 { NL("NUMBER_OF_PROCESSORS=") },
251 { NL("OS=") }, 252 { NL("OS=") },
252 { NL("PATH=") }, 253 { NL("PATH=") },
@@ -260,7 +261,7 @@ static struct wenv {
260 { NL("SYSTEMROOT=") }, 261 { NL("SYSTEMROOT=") },
261 { NL("TMP=") }, 262 { NL("TMP=") },
262 { NL("TEMP=") }, 263 { NL("TEMP=") },
263 { NL("WINDIR=") }, 264 { NL("WINDIR=") }
264}; 265};
265 266
266char ** 267char **
@@ -269,7 +270,7 @@ fetch_windows_environment(void)
269 char **e, **p; 270 char **e, **p;
270 int i, idx = 0; 271 int i, idx = 0;
271 272
272 p = xmalloc(WENV_SIZ * sizeof(char *)); 273 p = xmalloc((WENV_SIZ + 1) * sizeof(char *));
273 for (e = environ; *e != NULL; ++e) { 274 for (e = environ; *e != NULL; ++e) {
274 for (i = 0; i < WENV_SIZ; ++i) { 275 for (i = 0; i < WENV_SIZ; ++i) {
275 if (!strncmp(*e, wenv_arr[i].name, wenv_arr[i].namelen)) 276 if (!strncmp(*e, wenv_arr[i].name, wenv_arr[i].namelen))
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c
index fa6a4ff7b..cf5d4b9a3 100644
--- a/openbsd-compat/port-aix.c
+++ b/openbsd-compat/port-aix.c
@@ -151,7 +151,7 @@ aix_valid_authentications(const char *user)
151 * returns 0. 151 * returns 0.
152 */ 152 */
153int 153int
154sys_auth_passwd(Authctxt *ctxt, const char *password, Buffer *loginmsg) 154sys_auth_passwd(Authctxt *ctxt, const char *password)
155{ 155{
156 char *authmsg = NULL, *msg, *name = ctxt->pw->pw_name; 156 char *authmsg = NULL, *msg, *name = ctxt->pw->pw_name;
157 int authsuccess = 0, expired, reenter, result; 157 int authsuccess = 0, expired, reenter, result;
@@ -181,7 +181,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password, Buffer *loginmsg)
181 */ 181 */
182 expired = passwdexpired(name, &msg); 182 expired = passwdexpired(name, &msg);
183 if (msg && *msg) { 183 if (msg && *msg) {
184 buffer_append(loginmsg, msg, strlen(msg)); 184 buffer_append(ctxt->loginmsg, msg, strlen(msg));
185 aix_remove_embedded_newlines(msg); 185 aix_remove_embedded_newlines(msg);
186 } 186 }
187 debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg); 187 debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg);
diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h
index a05ce9703..9e3dce4dd 100644
--- a/openbsd-compat/port-aix.h
+++ b/openbsd-compat/port-aix.h
@@ -1,4 +1,4 @@
1/* $Id: port-aix.h,v 1.24 2005/02/16 11:49:31 dtucker Exp $ */ 1/* $Id: port-aix.h,v 1.25 2005/03/21 11:46:34 dtucker Exp $ */
2 2
3/* 3/*
4 * 4 *
@@ -47,7 +47,9 @@
47 47
48/* These should be in the system headers but are not. */ 48/* These should be in the system headers but are not. */
49int usrinfo(int, char *, int); 49int usrinfo(int, char *, int);
50#if (HAVE_DECL_SETAUTHDB == 0)
50int setauthdb(const char *, char *); 51int setauthdb(const char *, char *);
52#endif
51/* these may or may not be in the headers depending on the version */ 53/* these may or may not be in the headers depending on the version */
52#if (HAVE_DECL_AUTHENTICATE == 0) 54#if (HAVE_DECL_AUTHENTICATE == 0)
53int authenticate(char *, char *, int *, char **); 55int authenticate(char *, char *, int *, char **);
diff --git a/openbsd-compat/readpassphrase.c b/openbsd-compat/readpassphrase.c
index 4ee1be5de..eb060bdbf 100644
--- a/openbsd-compat/readpassphrase.c
+++ b/openbsd-compat/readpassphrase.c
@@ -137,8 +137,11 @@ restart:
137 (void)write(output, "\n", 1); 137 (void)write(output, "\n", 1);
138 138
139 /* Restore old terminal settings and signals. */ 139 /* Restore old terminal settings and signals. */
140 if (memcmp(&term, &oterm, sizeof(term)) != 0) 140 if (memcmp(&term, &oterm, sizeof(term)) != 0) {
141 (void)tcsetattr(input, _T_FLUSH, &oterm); 141 while (tcsetattr(input, _T_FLUSH, &oterm) == -1 &&
142 errno == EINTR)
143 continue;
144 }
142 (void)sigaction(SIGALRM, &savealrm, NULL); 145 (void)sigaction(SIGALRM, &savealrm, NULL);
143 (void)sigaction(SIGHUP, &savehup, NULL); 146 (void)sigaction(SIGHUP, &savehup, NULL);
144 (void)sigaction(SIGINT, &saveint, NULL); 147 (void)sigaction(SIGINT, &saveint, NULL);
diff --git a/readconf.c b/readconf.c
index 7173a8c23..8ace1bbd4 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: readconf.c,v 1.137 2005/03/04 08:48:06 djm Exp $"); 15RCSID("$OpenBSD: readconf.c,v 1.139 2005/03/10 22:01:05 deraadt Exp $");
16 16
17#include "ssh.h" 17#include "ssh.h"
18#include "xmalloc.h" 18#include "xmalloc.h"
@@ -253,12 +253,14 @@ clear_forwardings(Options *options)
253 int i; 253 int i;
254 254
255 for (i = 0; i < options->num_local_forwards; i++) { 255 for (i = 0; i < options->num_local_forwards; i++) {
256 xfree(options->local_forwards[i].listen_host); 256 if (options->local_forwards[i].listen_host != NULL)
257 xfree(options->local_forwards[i].listen_host);
257 xfree(options->local_forwards[i].connect_host); 258 xfree(options->local_forwards[i].connect_host);
258 } 259 }
259 options->num_local_forwards = 0; 260 options->num_local_forwards = 0;
260 for (i = 0; i < options->num_remote_forwards; i++) { 261 for (i = 0; i < options->num_remote_forwards; i++) {
261 xfree(options->remote_forwards[i].listen_host); 262 if (options->remote_forwards[i].listen_host != NULL)
263 xfree(options->remote_forwards[i].listen_host);
262 xfree(options->remote_forwards[i].connect_host); 264 xfree(options->remote_forwards[i].connect_host);
263 } 265 }
264 options->num_remote_forwards = 0; 266 options->num_remote_forwards = 0;
@@ -299,7 +301,7 @@ process_config_line(Options *options, const char *host,
299 Forward fwd; 301 Forward fwd;
300 302
301 /* Strip trailing whitespace */ 303 /* Strip trailing whitespace */
302 for(len = strlen(line) - 1; len > 0; len--) { 304 for (len = strlen(line) - 1; len > 0; len--) {
303 if (strchr(WHITESPACE, line[len]) == NULL) 305 if (strchr(WHITESPACE, line[len]) == NULL)
304 break; 306 break;
305 line[len] = '\0'; 307 line[len] = '\0';
diff --git a/regress/multiplex.sh b/regress/multiplex.sh
index e8cc1ac53..a172e5790 100644
--- a/regress/multiplex.sh
+++ b/regress/multiplex.sh
@@ -1,7 +1,7 @@
1# $OpenBSD: multiplex.sh,v 1.10 2005/02/27 11:33:30 dtucker Exp $ 1# $OpenBSD: multiplex.sh,v 1.10 2005/02/27 11:33:30 dtucker Exp $
2# Placed in the Public Domain. 2# Placed in the Public Domain.
3 3
4CTL=$OBJ/ctl-sock 4CTL=/tmp/openssh.regress.ctl-sock.$$
5 5
6tid="connection multiplexing" 6tid="connection multiplexing"
7 7
@@ -89,6 +89,4 @@ ${SSH} -S $CTL -Oexit otherhost || fail "send exit command failed"
89# Wait for master to exit 89# Wait for master to exit
90sleep 2 90sleep 2
91 91
92ps -p $MASTER_PID >/dev/null && fail "exit command failed" 92kill -0 $MASTER_PID >/dev/null 2>&1 && fail "exit command failed"
93
94cleanup
diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index 4e53449be..bd0c025ba 100644
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -197,7 +197,7 @@ cat << EOF > $OBJ/sshd_config
197 #ListenAddress ::1 197 #ListenAddress ::1
198 PidFile $PIDFILE 198 PidFile $PIDFILE
199 AuthorizedKeysFile $OBJ/authorized_keys_%u 199 AuthorizedKeysFile $OBJ/authorized_keys_%u
200 LogLevel DEBUG 200 LogLevel VERBOSE
201 AcceptEnv _XXX_TEST_* 201 AcceptEnv _XXX_TEST_*
202 AcceptEnv _XXX_TEST 202 AcceptEnv _XXX_TEST
203 Subsystem sftp $SFTPSERVER 203 Subsystem sftp $SFTPSERVER
diff --git a/scp.0 b/scp.0
index f9368e71b..24b9fb096 100644
--- a/scp.0
+++ b/scp.0
@@ -141,4 +141,4 @@ AUTHORS
141 Timo Rinne <tri@iki.fi> 141 Timo Rinne <tri@iki.fi>
142 Tatu Ylonen <ylo@cs.hut.fi> 142 Tatu Ylonen <ylo@cs.hut.fi>
143 143
144OpenBSD 3.6 September 25, 1999 3 144OpenBSD 3.7 September 25, 1999 3
diff --git a/scp.c b/scp.c
index f69fd05fc..1d34cc639 100644
--- a/scp.c
+++ b/scp.c
@@ -71,7 +71,7 @@
71 */ 71 */
72 72
73#include "includes.h" 73#include "includes.h"
74RCSID("$OpenBSD: scp.c,v 1.119 2005/01/24 10:22:06 dtucker Exp $"); 74RCSID("$OpenBSD: scp.c,v 1.121 2005/04/02 12:41:16 djm Exp $");
75 75
76#include "xmalloc.h" 76#include "xmalloc.h"
77#include "atomicio.h" 77#include "atomicio.h"
@@ -361,20 +361,21 @@ void
361toremote(char *targ, int argc, char **argv) 361toremote(char *targ, int argc, char **argv)
362{ 362{
363 int i, len; 363 int i, len;
364 char *bp, *host, *src, *suser, *thost, *tuser; 364 char *bp, *host, *src, *suser, *thost, *tuser, *arg;
365 365
366 *targ++ = 0; 366 *targ++ = 0;
367 if (*targ == 0) 367 if (*targ == 0)
368 targ = "."; 368 targ = ".";
369 369
370 if ((thost = strrchr(argv[argc - 1], '@'))) { 370 arg = xstrdup(argv[argc - 1]);
371 if ((thost = strrchr(arg, '@'))) {
371 /* user@host */ 372 /* user@host */
372 *thost++ = 0; 373 *thost++ = 0;
373 tuser = argv[argc - 1]; 374 tuser = arg;
374 if (*tuser == '\0') 375 if (*tuser == '\0')
375 tuser = NULL; 376 tuser = NULL;
376 } else { 377 } else {
377 thost = argv[argc - 1]; 378 thost = arg;
378 tuser = NULL; 379 tuser = NULL;
379 } 380 }
380 381
diff --git a/servconf.c b/servconf.c
index 2d1a0c362..96ad18084 100644
--- a/servconf.c
+++ b/servconf.c
@@ -10,7 +10,7 @@
10 */ 10 */
11 11
12#include "includes.h" 12#include "includes.h"
13RCSID("$OpenBSD: servconf.c,v 1.139 2005/03/01 10:09:52 djm Exp $"); 13RCSID("$OpenBSD: servconf.c,v 1.140 2005/03/10 22:01:05 deraadt Exp $");
14 14
15#include "ssh.h" 15#include "ssh.h"
16#include "log.h" 16#include "log.h"
@@ -1001,7 +1001,7 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf)
1001 1001
1002 obuf = cbuf = xstrdup(buffer_ptr(conf)); 1002 obuf = cbuf = xstrdup(buffer_ptr(conf));
1003 linenum = 1; 1003 linenum = 1;
1004 while((cp = strsep(&cbuf, "\n")) != NULL) { 1004 while ((cp = strsep(&cbuf, "\n")) != NULL) {
1005 if (process_server_config_line(options, cp, filename, 1005 if (process_server_config_line(options, cp, filename,
1006 linenum++) != 0) 1006 linenum++) != 0)
1007 bad_options++; 1007 bad_options++;
diff --git a/session.c b/session.c
index b32c9e2ca..8ac476c69 100644
--- a/session.c
+++ b/session.c
@@ -1477,7 +1477,8 @@ do_child(Session *s, const char *command)
1477 } 1477 }
1478 1478
1479#ifdef USE_PAM 1479#ifdef USE_PAM
1480 if (options.use_pam && !is_pam_session_open()) { 1480 if (options.use_pam && !options.use_login && !is_pam_session_open()) {
1481 debug3("PAM session not opened, exiting");
1481 display_loginmsg(); 1482 display_loginmsg();
1482 exit(254); 1483 exit(254);
1483 } 1484 }
diff --git a/sftp-client.c b/sftp-client.c
index d894a11f2..92df42751 100644
--- a/sftp-client.c
+++ b/sftp-client.c
@@ -20,7 +20,7 @@
20/* XXX: copy between two remote sites */ 20/* XXX: copy between two remote sites */
21 21
22#include "includes.h" 22#include "includes.h"
23RCSID("$OpenBSD: sftp-client.c,v 1.52 2004/11/25 22:22:14 markus Exp $"); 23RCSID("$OpenBSD: sftp-client.c,v 1.53 2005/03/10 22:01:05 deraadt Exp $");
24 24
25#include "openbsd-compat/sys-queue.h" 25#include "openbsd-compat/sys-queue.h"
26 26
@@ -856,7 +856,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
856 debug3("Received reply T:%u I:%u R:%d", type, id, max_req); 856 debug3("Received reply T:%u I:%u R:%d", type, id, max_req);
857 857
858 /* Find the request in our queue */ 858 /* Find the request in our queue */
859 for(req = TAILQ_FIRST(&requests); 859 for (req = TAILQ_FIRST(&requests);
860 req != NULL && req->id != id; 860 req != NULL && req->id != id;
861 req = TAILQ_NEXT(req, tq)) 861 req = TAILQ_NEXT(req, tq))
862 ; 862 ;
@@ -1109,7 +1109,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
1109 debug3("SSH2_FXP_STATUS %d", status); 1109 debug3("SSH2_FXP_STATUS %d", status);
1110 1110
1111 /* Find the request in our queue */ 1111 /* Find the request in our queue */
1112 for(ack = TAILQ_FIRST(&acks); 1112 for (ack = TAILQ_FIRST(&acks);
1113 ack != NULL && ack->id != r_id; 1113 ack != NULL && ack->id != r_id;
1114 ack = TAILQ_NEXT(ack, tq)) 1114 ack = TAILQ_NEXT(ack, tq))
1115 ; 1115 ;
diff --git a/sftp-server.0 b/sftp-server.0
index 995e48ecd..b1c89c702 100644
--- a/sftp-server.0
+++ b/sftp-server.0
@@ -24,4 +24,4 @@ AUTHORS
24HISTORY 24HISTORY
25 sftp-server first appeared in OpenBSD 2.8 . 25 sftp-server first appeared in OpenBSD 2.8 .
26 26
27OpenBSD 3.6 August 30, 2000 1 27OpenBSD 3.7 August 30, 2000 1
diff --git a/sftp.0 b/sftp.0
index 5b1a2fc69..604b62d5a 100644
--- a/sftp.0
+++ b/sftp.0
@@ -262,4 +262,4 @@ SEE ALSO
262 T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- 262 T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
263 filexfer-00.txt, January 2001, work in progress material. 263 filexfer-00.txt, January 2001, work in progress material.
264 264
265OpenBSD 3.6 February 4, 2001 4 265OpenBSD 3.7 February 4, 2001 4
diff --git a/sftp.c b/sftp.c
index f8553ed82..16a6cf0c6 100644
--- a/sftp.c
+++ b/sftp.c
@@ -16,7 +16,7 @@
16 16
17#include "includes.h" 17#include "includes.h"
18 18
19RCSID("$OpenBSD: sftp.c,v 1.62 2005/02/20 22:59:06 djm Exp $"); 19RCSID("$OpenBSD: sftp.c,v 1.63 2005/03/10 22:01:05 deraadt Exp $");
20 20
21#ifdef USE_LIBEDIT 21#ifdef USE_LIBEDIT
22#include <histedit.h> 22#include <histedit.h>
@@ -357,7 +357,7 @@ parse_ls_flags(const char **cpp, int *lflag)
357 357
358 /* Check for flags */ 358 /* Check for flags */
359 if (cp++[0] == '-') { 359 if (cp++[0] == '-') {
360 for(; strchr(WHITESPACE, *cp) == NULL; cp++) { 360 for (; strchr(WHITESPACE, *cp) == NULL; cp++) {
361 switch (*cp) { 361 switch (*cp) {
362 case 'l': 362 case 'l':
363 *lflag &= ~VIEW_FLAGS; 363 *lflag &= ~VIEW_FLAGS;
diff --git a/ssh-add.0 b/ssh-add.0
index 28a2ad222..fba38887c 100644
--- a/ssh-add.0
+++ b/ssh-add.0
@@ -99,4 +99,4 @@ AUTHORS
99 ated OpenSSH. Markus Friedl contributed the support for SSH protocol 99 ated OpenSSH. Markus Friedl contributed the support for SSH protocol
100 versions 1.5 and 2.0. 100 versions 1.5 and 2.0.
101 101
102OpenBSD 3.6 September 25, 1999 2 102OpenBSD 3.7 September 25, 1999 2
diff --git a/ssh-add.c b/ssh-add.c
index 06a52464e..a796647a7 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -35,7 +35,7 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: ssh-add.c,v 1.70 2004/05/08 00:21:31 djm Exp $"); 38RCSID("$OpenBSD: ssh-add.c,v 1.71 2005/03/10 22:01:06 deraadt Exp $");
39 39
40#include <openssl/evp.h> 40#include <openssl/evp.h>
41 41
@@ -389,7 +389,7 @@ main(int argc, char **argv)
389 goto done; 389 goto done;
390 } 390 }
391 391
392 for(i = 0; default_files[i]; i++) { 392 for (i = 0; default_files[i]; i++) {
393 snprintf(buf, sizeof(buf), "%s/%s", pw->pw_dir, 393 snprintf(buf, sizeof(buf), "%s/%s", pw->pw_dir,
394 default_files[i]); 394 default_files[i]);
395 if (stat(buf, &st) < 0) 395 if (stat(buf, &st) < 0)
@@ -402,7 +402,7 @@ main(int argc, char **argv)
402 if (count == 0) 402 if (count == 0)
403 ret = 1; 403 ret = 1;
404 } else { 404 } else {
405 for(i = 0; i < argc; i++) { 405 for (i = 0; i < argc; i++) {
406 if (do_file(ac, deleting, argv[i]) == -1) 406 if (do_file(ac, deleting, argv[i]) == -1)
407 ret = 1; 407 ret = 1;
408 } 408 }
diff --git a/ssh-agent.0 b/ssh-agent.0
index c2d7efa57..34da0a941 100644
--- a/ssh-agent.0
+++ b/ssh-agent.0
@@ -115,4 +115,4 @@ AUTHORS
115 ated OpenSSH. Markus Friedl contributed the support for SSH protocol 115 ated OpenSSH. Markus Friedl contributed the support for SSH protocol
116 versions 1.5 and 2.0. 116 versions 1.5 and 2.0.
117 117
118OpenBSD 3.6 September 25, 1999 2 118OpenBSD 3.7 September 25, 1999 2
diff --git a/ssh-keygen.0 b/ssh-keygen.0
index 998b6f1e0..dd251e4bc 100644
--- a/ssh-keygen.0
+++ b/ssh-keygen.0
@@ -110,13 +110,14 @@ DESCRIPTION
110 -g Use generic DNS format when printing fingerprint resource records 110 -g Use generic DNS format when printing fingerprint resource records
111 using the -r command. 111 using the -r command.
112 112
113 -H Hash a known_hosts file, printing the result to standard output. 113 -H Hash a known_hosts file. This replaces all hostnames and ad-
114 This replaces all hostnames and addresses with hashed representa- 114 dresses with hashed representations within the specified file;
115 tions. These hashes may be used normally by ssh and sshd, but 115 the original content is moved to a file with a .old suffix.
116 they do not reveal identifying information should the file's con- 116 These hashes may be used normally by ssh and sshd, but they do
117 tents be disclosed. This option will not modify existing hashed 117 not reveal identifying information should the file's contents be
118 hostnames and is therefore safe to use on files that mix hashed 118 disclosed. This option will not modify existing hashed hostnames
119 and non-hashed names. 119 and is therefore safe to use on files that mix hashed and non-
120 hashed names.
120 121
121 -i This option will read an unencrypted private (or public) key file 122 -i This option will read an unencrypted private (or public) key file
122 in SSH2-compatible format and print an OpenSSH compatible private 123 in SSH2-compatible format and print an OpenSSH compatible private
@@ -281,4 +282,4 @@ AUTHORS
281 created OpenSSH. Markus Friedl contributed the support for SSH protocol 282 created OpenSSH. Markus Friedl contributed the support for SSH protocol
282 versions 1.5 and 2.0. 283 versions 1.5 and 2.0.
283 284
284OpenBSD 3.6 September 25, 1999 5 285OpenBSD 3.7 September 25, 1999 5
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 3987b1e66..c14eed14e 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keygen.1,v 1.66 2005/03/01 18:15:56 jmc Exp $ 1.\" $OpenBSD: ssh-keygen.1,v 1.67 2005/03/14 10:09:03 dtucker Exp $
2.\" 2.\"
3.\" -*- nroff -*- 3.\" -*- nroff -*-
4.\" 4.\"
@@ -232,8 +232,10 @@ command.
232.It Fl H 232.It Fl H
233Hash a 233Hash a
234.Pa known_hosts 234.Pa known_hosts
235file, printing the result to standard output. 235file.
236This replaces all hostnames and addresses with hashed representations. 236This replaces all hostnames and addresses with hashed representations
237within the specified file; the original content is moved to a file with
238a .old suffix.
237These hashes may be used normally by 239These hashes may be used normally by
238.Nm ssh 240.Nm ssh
239and 241and
diff --git a/ssh-keygen.c b/ssh-keygen.c
index a9931d4d8..92885506a 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: ssh-keygen.c,v 1.120 2005/03/02 01:27:41 djm Exp $"); 15RCSID("$OpenBSD: ssh-keygen.c,v 1.122 2005/03/11 14:59:06 markus Exp $");
16 16
17#include <openssl/evp.h> 17#include <openssl/evp.h>
18#include <openssl/pem.h> 18#include <openssl/pem.h>
@@ -684,7 +684,7 @@ do_known_hosts(struct passwd *pw, const char *name)
684 if (delete_host && !c) 684 if (delete_host && !c)
685 print_host(out, cp, public, 0); 685 print_host(out, cp, public, 0);
686 } else if (hash_hosts) { 686 } else if (hash_hosts) {
687 for(cp2 = strsep(&cp, ","); 687 for (cp2 = strsep(&cp, ",");
688 cp2 != NULL && *cp2 != '\0'; 688 cp2 != NULL && *cp2 != '\0';
689 cp2 = strsep(&cp, ",")) { 689 cp2 = strsep(&cp, ",")) {
690 if (strcspn(cp2, "*?!") != strlen(cp2)) 690 if (strcspn(cp2, "*?!") != strlen(cp2))
@@ -707,7 +707,7 @@ do_known_hosts(struct passwd *pw, const char *name)
707 identity_file); 707 identity_file);
708 if (inplace) { 708 if (inplace) {
709 fprintf(stderr, "Not replacing existing known_hosts " 709 fprintf(stderr, "Not replacing existing known_hosts "
710 "file beacuse of errors"); 710 "file because of errors\n");
711 fclose(out); 711 fclose(out);
712 unlink(tmp); 712 unlink(tmp);
713 } 713 }
diff --git a/ssh-keyscan.0 b/ssh-keyscan.0
index 4bbfd1483..eb55a017c 100644
--- a/ssh-keyscan.0
+++ b/ssh-keyscan.0
@@ -104,4 +104,4 @@ BUGS
104 This is because it opens a connection to the ssh port, reads the public 104 This is because it opens a connection to the ssh port, reads the public
105 key, and drops the connection as soon as it gets the key. 105 key, and drops the connection as soon as it gets the key.
106 106
107OpenBSD 3.6 January 1, 1996 2 107OpenBSD 3.7 January 1, 1996 2
diff --git a/ssh-keysign.0 b/ssh-keysign.0
index e10b8ac45..e35b1c7f7 100644
--- a/ssh-keysign.0
+++ b/ssh-keysign.0
@@ -39,4 +39,4 @@ HISTORY
39AUTHORS 39AUTHORS
40 Markus Friedl <markus@openbsd.org> 40 Markus Friedl <markus@openbsd.org>
41 41
42OpenBSD 3.6 May 24, 2002 1 42OpenBSD 3.7 May 24, 2002 1
diff --git a/ssh-rand-helper.0 b/ssh-rand-helper.0
index 9af5fdd8f..d33bbbd51 100644
--- a/ssh-rand-helper.0
+++ b/ssh-rand-helper.0
@@ -46,4 +46,4 @@ AUTHORS
46SEE ALSO 46SEE ALSO
47 ssh(1), ssh-add(1), ssh-keygen(1), sshd(8) 47 ssh(1), ssh-add(1), ssh-keygen(1), sshd(8)
48 48
49OpenBSD 3.6 April 14, 2002 1 49OpenBSD 3.7 April 14, 2002 1
diff --git a/ssh.0 b/ssh.0
index 7ef493013..2397456b2 100644
--- a/ssh.0
+++ b/ssh.0
@@ -725,4 +725,4 @@ AUTHORS
725 created OpenSSH. Markus Friedl contributed the support for SSH protocol 725 created OpenSSH. Markus Friedl contributed the support for SSH protocol
726 versions 1.5 and 2.0. 726 versions 1.5 and 2.0.
727 727
728OpenBSD 3.6 September 25, 1999 11 728OpenBSD 3.7 September 25, 1999 11
diff --git a/ssh.c b/ssh.c
index 9acec3082..1f19229b7 100644
--- a/ssh.c
+++ b/ssh.c
@@ -40,7 +40,7 @@
40 */ 40 */
41 41
42#include "includes.h" 42#include "includes.h"
43RCSID("$OpenBSD: ssh.c,v 1.233 2005/03/01 17:22:06 jmc Exp $"); 43RCSID("$OpenBSD: ssh.c,v 1.234 2005/03/10 22:01:06 deraadt Exp $");
44 44
45#include <openssl/evp.h> 45#include <openssl/evp.h>
46#include <openssl/err.h> 46#include <openssl/err.h>
@@ -856,8 +856,8 @@ ssh_init_forwarding(void)
856 for (i = 0; i < options.num_local_forwards; i++) { 856 for (i = 0; i < options.num_local_forwards; i++) {
857 debug("Local connections to %.200s:%d forwarded to remote " 857 debug("Local connections to %.200s:%d forwarded to remote "
858 "address %.200s:%d", 858 "address %.200s:%d",
859 (options.local_forwards[i].listen_host == NULL) ? 859 (options.local_forwards[i].listen_host == NULL) ?
860 (options.gateway_ports ? "*" : "LOCALHOST") : 860 (options.gateway_ports ? "*" : "LOCALHOST") :
861 options.local_forwards[i].listen_host, 861 options.local_forwards[i].listen_host,
862 options.local_forwards[i].listen_port, 862 options.local_forwards[i].listen_port,
863 options.local_forwards[i].connect_host, 863 options.local_forwards[i].connect_host,
@@ -876,6 +876,8 @@ ssh_init_forwarding(void)
876 for (i = 0; i < options.num_remote_forwards; i++) { 876 for (i = 0; i < options.num_remote_forwards; i++) {
877 debug("Remote connections from %.200s:%d forwarded to " 877 debug("Remote connections from %.200s:%d forwarded to "
878 "local address %.200s:%d", 878 "local address %.200s:%d",
879 (options.remote_forwards[i].listen_host == NULL) ?
880 (options.gateway_ports ? "*" : "LOCALHOST") :
879 options.remote_forwards[i].listen_host, 881 options.remote_forwards[i].listen_host,
880 options.remote_forwards[i].listen_port, 882 options.remote_forwards[i].listen_port,
881 options.remote_forwards[i].connect_host, 883 options.remote_forwards[i].connect_host,
@@ -1093,7 +1095,7 @@ ssh_control_listener(void)
1093 old_umask = umask(0177); 1095 old_umask = umask(0177);
1094 if (bind(control_fd, (struct sockaddr*)&addr, addr_len) == -1) { 1096 if (bind(control_fd, (struct sockaddr*)&addr, addr_len) == -1) {
1095 control_fd = -1; 1097 control_fd = -1;
1096 if (errno == EINVAL) 1098 if (errno == EINVAL || errno == EADDRINUSE)
1097 fatal("ControlSocket %s already exists", 1099 fatal("ControlSocket %s already exists",
1098 options.control_path); 1100 options.control_path);
1099 else 1101 else
@@ -1343,7 +1345,7 @@ control_client(const char *path)
1343 1345
1344 switch (mux_command) { 1346 switch (mux_command) {
1345 case SSHMUX_COMMAND_ALIVE_CHECK: 1347 case SSHMUX_COMMAND_ALIVE_CHECK:
1346 fprintf(stderr, "Master running (pid=%d)\r\n", 1348 fprintf(stderr, "Master running (pid=%d)\r\n",
1347 control_server_pid); 1349 control_server_pid);
1348 exit(0); 1350 exit(0);
1349 case SSHMUX_COMMAND_TERMINATE: 1351 case SSHMUX_COMMAND_TERMINATE:
diff --git a/ssh_config.0 b/ssh_config.0
index 9577abc48..92be76b6d 100644
--- a/ssh_config.0
+++ b/ssh_config.0
@@ -286,18 +286,19 @@ DESCRIPTION
286 LocalForward 286 LocalForward
287 Specifies that a TCP/IP port on the local machine be forwarded 287 Specifies that a TCP/IP port on the local machine be forwarded
288 over the secure channel to the specified host and port from the 288 over the secure channel to the specified host and port from the
289 remote machine. The first argument must be a port number, and 289 remote machine. The first argument must be [bind_address:]port
290 the second must be [bind_address:]host:port. IPv6 addresses can 290 and the second argument must be host:hostport. IPv6 addresses
291 be specified by enclosing addresses in square brackets or by us- 291 can be specified by enclosing addresses in square brackets or by
292 ing an alternative syntax: [bind_address/]host/port. Multiple 292 using an alternative syntax: [bind_address/]port and
293 forwardings may be specified, and additional forwardings can be 293 host/hostport. Multiple forwardings may be specified, and addi-
294 given on the command line. Only the superuser can forward privi- 294 tional forwardings can be given on the command line. Only the
295 leged ports. By default, the local port is bound in accordance 295 superuser can forward privileged ports. By default, the local
296 with the GatewayPorts setting. However, an explicit bind_address 296 port is bound in accordance with the GatewayPorts setting. How-
297 may be used to bind the connection to a specific address. The 297 ever, an explicit bind_address may be used to bind the connection
298 bind_address of ``localhost'' indicates that the listening port 298 to a specific address. The bind_address of ``localhost'' indi-
299 be bound for local use only, while an empty address or `*' indi- 299 cates that the listening port be bound for local use only, while
300 cates that the port should be available from all interfaces. 300 an empty address or `*' indicates that the port should be avail-
301 able from all interfaces.
301 302
302 LogLevel 303 LogLevel
303 Gives the verbosity level that is used when logging messages from 304 Gives the verbosity level that is used when logging messages from
@@ -336,7 +337,7 @@ DESCRIPTION
336 PreferredAuthentications 337 PreferredAuthentications
337 Specifies the order in which the client should try protocol 2 au- 338 Specifies the order in which the client should try protocol 2 au-
338 thentication methods. This allows a client to prefer one method 339 thentication methods. This allows a client to prefer one method
339 (e.g. keyboard-interactive) over another method (e.g. password) 340 (e.g. keyboard-interactive) over another method (e.g. password)
340 The default for this option is: ``hostbased,publickey,keyboard- 341 The default for this option is: ``hostbased,publickey,keyboard-
341 interactive,password''. 342 interactive,password''.
342 343
@@ -369,13 +370,13 @@ DESCRIPTION
369 RemoteForward 370 RemoteForward
370 Specifies that a TCP/IP port on the remote machine be forwarded 371 Specifies that a TCP/IP port on the remote machine be forwarded
371 over the secure channel to the specified host and port from the 372 over the secure channel to the specified host and port from the
372 local machine. The first argument must be a port number, and the 373 local machine. The first argument must be [bind_address:]port
373 second must be [bind_address:]host:port. IPv6 addresses can be 374 and the second argument must be host:hostport. IPv6 addresses
374 specified by enclosing any addresses in square brackets or by us- 375 can be specified by enclosing addresses in square brackets or by
375 ing the alternative syntax: [bind_address/]host/port. Multiple 376 using an alternative syntax: [bind_address/]port and
376 forwardings may be specified, and additional forwardings can be 377 host/hostport. Multiple forwardings may be specified, and addi-
377 given on the command line. Only the superuser can forward privi- 378 tional forwardings can be given on the command line. Only the
378 leged ports. 379 superuser can forward privileged ports.
379 380
380 If the bind_address is not specified, the default is to only bind 381 If the bind_address is not specified, the default is to only bind
381 to loopback addresses. If the bind_address is `*' or an empty 382 to loopback addresses. If the bind_address is `*' or an empty
@@ -524,4 +525,4 @@ AUTHORS
524 ated OpenSSH. Markus Friedl contributed the support for SSH protocol 525 ated OpenSSH. Markus Friedl contributed the support for SSH protocol
525 versions 1.5 and 2.0. 526 versions 1.5 and 2.0.
526 527
527OpenBSD 3.6 September 25, 1999 8 528OpenBSD 3.7 September 25, 1999 8
diff --git a/ssh_config.5 b/ssh_config.5
index 06db04c27..b35753307 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: ssh_config.5,v 1.47 2005/03/07 23:41:54 jmc Exp $ 37.\" $OpenBSD: ssh_config.5,v 1.49 2005/03/16 11:10:38 jmc Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSH_CONFIG 5 39.Dt SSH_CONFIG 5
40.Os 40.Os
@@ -495,21 +495,17 @@ The default is to use the server specified list.
495.It Cm LocalForward 495.It Cm LocalForward
496Specifies that a TCP/IP port on the local machine be forwarded over 496Specifies that a TCP/IP port on the local machine be forwarded over
497the secure channel to the specified host and port from the remote machine. 497the secure channel to the specified host and port from the remote machine.
498The first argument must be a port number, and the second must be 498The first argument must be
499.Xo
500.Sm off 499.Sm off
501.Oo Ar bind_address : Oc 500.Oo Ar bind_address : Oc Ar port
502.Ar host : port
503.Sm on 501.Sm on
504.Xc . 502and the second argument must be
503.Ar host : Ns Ar hostport .
505IPv6 addresses can be specified by enclosing addresses in square brackets or 504IPv6 addresses can be specified by enclosing addresses in square brackets or
506by using an alternative syntax: 505by using an alternative syntax:
507.Sm off 506.Oo Ar bind_address Ns / Oc Ns Ar port
508.Xo 507and
509.Op Ar bind_address No / 508.Ar host Ns / Ns Ar hostport .
510.Ar host No / Ar port
511.Xc .
512.Sm on
513Multiple forwardings may be specified, and additional forwardings can be 509Multiple forwardings may be specified, and additional forwardings can be
514given on the command line. 510given on the command line.
515Only the superuser can forward privileged ports. 511Only the superuser can forward privileged ports.
@@ -571,9 +567,9 @@ Default is 22.
571.It Cm PreferredAuthentications 567.It Cm PreferredAuthentications
572Specifies the order in which the client should try protocol 2 568Specifies the order in which the client should try protocol 2
573authentication methods. 569authentication methods.
574This allows a client to prefer one method (e.g. 570This allows a client to prefer one method (e.g.\&
575.Cm keyboard-interactive ) 571.Cm keyboard-interactive )
576over another method (e.g. 572over another method (e.g.\&
577.Cm password ) 573.Cm password )
578The default for this option is: 574The default for this option is:
579.Dq hostbased,publickey,keyboard-interactive,password . 575.Dq hostbased,publickey,keyboard-interactive,password .
@@ -632,21 +628,17 @@ This option applies to protocol version 2 only.
632.It Cm RemoteForward 628.It Cm RemoteForward
633Specifies that a TCP/IP port on the remote machine be forwarded over 629Specifies that a TCP/IP port on the remote machine be forwarded over
634the secure channel to the specified host and port from the local machine. 630the secure channel to the specified host and port from the local machine.
635The first argument must be a port number, and the second must be 631The first argument must be
636.Xo
637.Sm off 632.Sm off
638.Oo Ar bind_address : Oc 633.Oo Ar bind_address : Oc Ar port
639.Ar host : port
640.Sm on
641.Xc .
642IPv6 addresses can be specified by enclosing any addresses in square brackets
643or by using the alternative syntax:
644.Sm off
645.Xo
646.Op Ar bind_address No /
647.Ar host No / Ar port
648.Xc .
649.Sm on 634.Sm on
635and the second argument must be
636.Ar host : Ns Ar hostport .
637IPv6 addresses can be specified by enclosing addresses in square brackets
638or by using an alternative syntax:
639.Oo Ar bind_address Ns / Oc Ns Ar port
640and
641.Ar host Ns / Ns Ar hostport .
650Multiple forwardings may be specified, and additional 642Multiple forwardings may be specified, and additional
651forwardings can be given on the command line. 643forwardings can be given on the command line.
652Only the superuser can forward privileged ports. 644Only the superuser can forward privileged ports.
diff --git a/sshconnect.c b/sshconnect.c
index 49190560d..07703cf77 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
13 */ 13 */
14 14
15#include "includes.h" 15#include "includes.h"
16RCSID("$OpenBSD: sshconnect.c,v 1.161 2005/03/02 01:00:06 djm Exp $"); 16RCSID("$OpenBSD: sshconnect.c,v 1.162 2005/03/10 22:01:06 deraadt Exp $");
17 17
18#include <openssl/bn.h> 18#include <openssl/bn.h>
19 19
@@ -247,13 +247,13 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
247 tv.tv_sec = timeout; 247 tv.tv_sec = timeout;
248 tv.tv_usec = 0; 248 tv.tv_usec = 0;
249 249
250 for(;;) { 250 for (;;) {
251 rc = select(sockfd + 1, NULL, fdset, NULL, &tv); 251 rc = select(sockfd + 1, NULL, fdset, NULL, &tv);
252 if (rc != -1 || errno != EINTR) 252 if (rc != -1 || errno != EINTR)
253 break; 253 break;
254 } 254 }
255 255
256 switch(rc) { 256 switch (rc) {
257 case 0: 257 case 0:
258 /* Timed out */ 258 /* Timed out */
259 errno = ETIMEDOUT; 259 errno = ETIMEDOUT;
diff --git a/sshd.0 b/sshd.0
index fe4d29e54..e509a9dfa 100644
--- a/sshd.0
+++ b/sshd.0
@@ -573,4 +573,4 @@ AUTHORS
573 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 573 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
574 for privilege separation. 574 for privilege separation.
575 575
576OpenBSD 3.6 September 25, 1999 9 576OpenBSD 3.7 September 25, 1999 9
diff --git a/sshd.c b/sshd.c
index 11d618d11..b3fcc6964 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1673,6 +1673,8 @@ main(int ac, char **av)
1673 authctxt = xmalloc(sizeof(*authctxt)); 1673 authctxt = xmalloc(sizeof(*authctxt));
1674 memset(authctxt, 0, sizeof(*authctxt)); 1674 memset(authctxt, 0, sizeof(*authctxt));
1675 1675
1676 authctxt->loginmsg = &loginmsg;
1677
1676 /* XXX global for cleanup, access from other modules */ 1678 /* XXX global for cleanup, access from other modules */
1677 the_authctxt = authctxt; 1679 the_authctxt = authctxt;
1678 1680
diff --git a/sshd_config.0 b/sshd_config.0
index 1f8763faf..036c85946 100644
--- a/sshd_config.0
+++ b/sshd_config.0
@@ -383,7 +383,7 @@ DESCRIPTION
383 To disable TCP keepalive messages, the value should be set to 383 To disable TCP keepalive messages, the value should be set to
384 ``no''. 384 ``no''.
385 385
386 UseDNS Specifies whether sshd should lookup the remote host name and 386 UseDNS Specifies whether sshd should look up the remote host name and
387 check that the resolved host name for the remote IP address maps 387 check that the resolved host name for the remote IP address maps
388 back to the very same IP address. The default is ``yes''. 388 back to the very same IP address. The default is ``yes''.
389 389
@@ -498,4 +498,4 @@ AUTHORS
498 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 498 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
499 for privilege separation. 499 for privilege separation.
500 500
501OpenBSD 3.6 September 25, 1999 8 501OpenBSD 3.7 September 25, 1999 8
diff --git a/sshd_config.5 b/sshd_config.5
index 8d291e61d..ea79a54bf 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd_config.5,v 1.39 2005/03/01 10:09:52 djm Exp $ 37.\" $OpenBSD: sshd_config.5,v 1.40 2005/03/18 17:05:00 jmc Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSHD_CONFIG 5 39.Dt SSHD_CONFIG 5
40.Os 40.Os
@@ -630,7 +630,7 @@ To disable TCP keepalive messages, the value should be set to
630.It Cm UseDNS 630.It Cm UseDNS
631Specifies whether 631Specifies whether
632.Nm sshd 632.Nm sshd
633should lookup the remote host name and check that 633should look up the remote host name and check that
634the resolved host name for the remote IP address maps back to the 634the resolved host name for the remote IP address maps back to the
635very same IP address. 635very same IP address.
636The default is 636The default is
diff --git a/version.h b/version.h
index 1a7f23bba..f6625230e 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
1/* $OpenBSD: version.h,v 1.43 2005/03/08 23:49:48 djm Exp $ */ 1/* $OpenBSD: version.h,v 1.44 2005/03/16 21:17:39 markus Exp $ */
2 2
3#define SSH_VERSION "OpenSSH_4.0" 3#define SSH_VERSION "OpenSSH_4.1"
4 4
5#define SSH_PORTABLE "p1" 5#define SSH_PORTABLE "p1"
6#define SSH_RELEASE SSH_VERSION SSH_PORTABLE 6#define SSH_RELEASE SSH_VERSION SSH_PORTABLE